WebKit should prevent push/replace state with username in URL.
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-15  Brady Eidson  <beidson@apple.com>
2
3         WebKit should prevent push/replace state with username in URL.
4         <rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818
5
6         Reviewed by Brent Fulgham.
7
8         Test: http/tests/security/history-username-password.html
9
10         * page/History.cpp:
11         (WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.
12
13 2016-07-15  Ryan Haddad  <ryanhaddad@apple.com>
14
15         Unreviewed, rolling out r203266.
16
17         This change caused editing/deleting/delete-emoji.html to time
18         out on El Capitan, crash under GuardMalloc
19
20         Reverted changeset:
21
22         "Support new emoji group candidates"
23         https://bugs.webkit.org/show_bug.cgi?id=159755
24         http://trac.webkit.org/changeset/203266
25
26 2016-07-15  Frederic Wang  <fwang@igalia.com>
27
28         Move parsing of mfrac attributes into a MathMLFractionElement class
29         https://bugs.webkit.org/show_bug.cgi?id=159624
30
31         Reviewed by Brent Fulgham.
32
33         We move the parsing of mfrac attributes to a MathMLFractionElement class. This allows to
34         minimize the updates in RenderMathMLFraction and to remove the alignment members. Many of
35         the members in updateLayoutParameters are actually only used in layoutBlock and could be
36         removed in a follow-up patch. We also improve the resolution of negative line thickness value
37         since the MathML recommendation says it should be rounded up to the nearest valid
38         value (which is zero) instead of ignoring the attribute and using the line thickness.
39
40         No new tests, already covered by existing tests.
41
42         * CMakeLists.txt: Add MathMLFractionElement.
43         * WebCore.xcodeproj/project.pbxproj: Ditto.
44         * mathml/MathMLAllInOne.cpp: Ditto.
45         * mathml/MathMLFractionElement.cpp: Added.
46         (WebCore::MathMLFractionElement::MathMLFractionElement):
47         (WebCore::MathMLFractionElement::create):
48         (WebCore::MathMLFractionElement::lineThickness): Return the cached linethickness length,
49         parsing it again if it is dirty. This handles the special values "thin", "medium" and "thick"
50         or fallback to the general parseMathMLLength for MathML lengths.
51         (WebCore::MathMLFractionElement::cachedFractionAlignment): Return the cached alignment value,
52         parsing it again if it is dirty.
53         (WebCore::MathMLFractionElement::numeratorAlignment): Return the cached alignment.
54         (WebCore::MathMLFractionElement::denominatorAlignment): Ditto.
55         (WebCore::MathMLFractionElement::parseAttribute): Make attributes dirty.
56         (WebCore::MathMLFractionElement::createElementRenderer): Create a RenderMathMLFraction.
57         * mathml/MathMLFractionElement.h: Added.
58         * mathml/MathMLInlineContainerElement.cpp: We no longer need to handle fraction here.
59         (WebCore::MathMLInlineContainerElement::createElementRenderer):
60         * mathml/mathtags.in: Use MathMLFractionElement for mfrac.
61         * rendering/mathml/RenderMathMLFraction.cpp:
62         (WebCore::RenderMathMLFraction::updateLayoutParameters): New helper function to set the
63         layout parameters, replacing updateFromElement. We no longer parse and store the alignment
64         values here. We also change the resolution of negative values.
65         (WebCore::RenderMathMLFraction::horizontalOffset): Use the enum from MathMLFractionElement.
66         (WebCore::RenderMathMLFraction::layoutBlock): We call updateLayoutParameters instead of
67         updateFromElement. The numerator and denominator alignments are resolved here.
68         (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Deleted. Parsing of alignment
69         attribute is now handled in MathMLFractionElement.
70         (WebCore::RenderMathMLFraction::updateFromElement): Deleted. Attribute changes are now
71         handled in MathMLFractionElement.
72         (WebCore::RenderMathMLFraction::styleDidChange): Deleted. Font changes are properly handled.
73         * rendering/mathml/RenderMathMLFraction.h: Update declarations.
74
75 2016-07-15  Frederic Wang  <fwang@igalia.com>
76
77         Check whether font is nonnull for GlyphData instead of calling GlyphData::isValid()
78         https://bugs.webkit.org/show_bug.cgi?id=159783
79
80         Reviewed by Brent Fulgham.
81
82         GlyphData::isValid() returns true for GlyphData with null 'font' pointer when the 'glyph'
83         index is nonzero. This behavior is not expected by the MathML code and we have had crashes
84         in our test suite in the past on Windows (e.g. bug 140653). We thus replace the call to
85         GlyphData::isValid() with a stronger verification: Whether the 'font' pointer is nonzero.
86
87         No new tests, this only makes null pointer checks stronger.
88
89         * rendering/mathml/MathOperator.cpp:
90         (WebCore::boundsForGlyph):
91         (WebCore::advanceWidthForGlyph):
92         (WebCore::MathOperator::getBaseGlyph):
93         (WebCore::MathOperator::setSizeVariant):
94         (WebCore::MathOperator::fillWithVerticalExtensionGlyph):
95         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph):
96         (WebCore::MathOperator::paintVerticalGlyphAssembly):
97         (WebCore::MathOperator::paintHorizontalGlyphAssembly):
98         (WebCore::MathOperator::paint):
99         * rendering/mathml/RenderMathMLOperator.cpp:
100         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
101         * rendering/mathml/RenderMathMLToken.cpp:
102         (WebCore::RenderMathMLToken::computePreferredLogicalWidths):
103         (WebCore::RenderMathMLToken::firstLineBaseline):
104         (WebCore::RenderMathMLToken::layoutBlock):
105         (WebCore::RenderMathMLToken::paint):
106         (WebCore::RenderMathMLToken::paintChildren):
107
108 2016-07-15  Frederic Wang  <fwang@igalia.com>
109
110         Add DejaVu Math TeX Gyre to the list of math fonts.
111         https://bugs.webkit.org/show_bug.cgi?id=159805
112
113         Reviewed by Brent Fulgham.
114
115         DejaVu 2.36 has a new math font that can be used for MathML rendering. Because this font is
116         likely to be installed on many systems (Linux, LibreOffice, etc) we include it in the default
117         list of font-families in mathml.css in order to increase the chance to find a math font.
118
119         No new tests, it only affects rendering when DejaVu Math TeX Gyre is installed on the system.
120
121         * css/mathml.css:
122         (math):
123
124 2016-07-15  Eric Carlson  <eric.carlson@apple.com>
125
126         [MSE] Increase the SourceBuffer "fudge factor"
127         https://bugs.webkit.org/show_bug.cgi?id=159813
128         <rdar://problem/27372033>
129
130         Reviewed by Jon Lee.
131         
132         Some media encoding/conversion pipelines are sloppy when doing sample time/timescale
133         math, and the error accumulation results in small gaps in the media timeline. r202641
134         increased the maximum allowable gap from 0.01 second to one 24fps frame, but it turns
135         out that at least one large provider has a significant amount of content encoded with
136         up to two 24fps frames.
137
138         No new tests, updated media/media-source/media-source-small-gap.html.
139
140         * Modules/mediasource/SourceBuffer.cpp:
141         (WebCore::currentTimeFudgeFactor): Increase maximum gap to 2002 / 24000 frames.
142
143 2016-07-15  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
144
145         Add final keyword to WebCore/svg classes
146         https://bugs.webkit.org/show_bug.cgi?id=159802
147
148         Reviewed by Youenn Fablet.
149
150         Updated classes in the WebCore/svg directory to be marked as final where appropriate.
151
152         * svg/SVGException.h:
153         * svg/SVGLengthList.h:
154         * svg/SVGMatrix.h:
155         * svg/SVGNumberList.h:
156         * svg/SVGPaint.h:
157         * svg/SVGPathBuilder.h:
158         * svg/SVGPathByteStreamBuilder.h:
159         * svg/SVGPathByteStreamSource.h:
160         * svg/SVGPathSegArcAbs.h:
161         * svg/SVGPathSegArcRel.h:
162         * svg/SVGPathSegClosePath.h:
163         * svg/SVGPathSegCurvetoCubicAbs.h:
164         * svg/SVGPathSegCurvetoCubicRel.h:
165         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
166         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
167         * svg/SVGPathSegCurvetoQuadraticAbs.h:
168         * svg/SVGPathSegCurvetoQuadraticRel.h:
169         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
170         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
171         * svg/SVGPathSegLinetoAbs.h:
172         * svg/SVGPathSegLinetoHorizontalAbs.h:
173         * svg/SVGPathSegLinetoHorizontalRel.h:
174         * svg/SVGPathSegLinetoRel.h:
175         * svg/SVGPathSegLinetoVerticalAbs.h:
176         * svg/SVGPathSegLinetoVerticalRel.h:
177         * svg/SVGPathSegListBuilder.h:
178         * svg/SVGPathSegListSource.h:
179         * svg/SVGPathSegMovetoAbs.h:
180         * svg/SVGPathSegMovetoRel.h:
181         * svg/SVGPathStringSource.h:
182         * svg/SVGPathTraversalStateBuilder.h:
183         * svg/SVGPointList.h:
184         * svg/SVGRenderingIntent.h:
185         * svg/SVGStringList.h:
186         * svg/SVGTRefElement.cpp:
187         * svg/SVGToOTFFontConversion.cpp:
188         * svg/SVGTransformList.h:
189         * svg/SVGUnitTypes.h:
190         * svg/SVGViewSpec.h:
191         * svg/SVGZoomEvent.h:
192         * svg/animation/SMILTimeContainer.h:
193         * svg/animation/SVGSMILElement.cpp:
194         * svg/graphics/filters/SVGFEImage.h:
195         * svg/graphics/filters/SVGFilter.h:
196         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
197         * svg/properties/SVGAnimatedPropertyTearOff.h:
198         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
199         * svg/properties/SVGMatrixTearOff.h:
200         * svg/properties/SVGPathSegListPropertyTearOff.h:
201         * svg/properties/SVGStaticListPropertyTearOff.h:
202         * svg/properties/SVGStaticPropertyTearOff.h:
203         * svg/properties/SVGTransformListPropertyTearOff.h:
204
205 2016-07-15  Per Arne Vollan  <pvollan@apple.com>
206
207         Uninitialized variable in DIBPixelData can cause a dangerous memory write
208         https://bugs.webkit.org/show_bug.cgi?id=159414
209
210         Reviewed by Brent Fulgham.
211
212         Initialize local BITMAP variable, in case the ::GetObject function that should initialize it
213         fails to do so, because the bitmap handle is invalid.
214
215         Tests: Tools/TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp
216
217         * platform/graphics/win/DIBPixelData.cpp:
218         (WebCore::DIBPixelData::initialize): Initialize local variable.
219         (WebCore::DIBPixelData::setRGBABitmapAlpha): Return early if we have no bitmap.
220         * platform/graphics/win/DIBPixelData.h: Link fix.
221
222 2016-07-14  Yoav Weiss  <yoav@yoav.ws>
223
224         Change CSSParser::sourceSize returning Optional<CSSParser::SourceSize>
225         https://bugs.webkit.org/show_bug.cgi?id=159666
226
227         Reviewed by Michael Catanzaro.
228
229         Tests:
230             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
231
232         * css/CSSGrammar.y.in: Avoid adding SourceSize to source_size_list when the value is a Nullopt.
233         * css/CSSParser.cpp:
234         (WebCore::CSSParser::sourceSize): Return a Nullopt when an invalid value is encountered.
235         * css/CSSParser.h:
236
237 2016-07-14  Antonio Gomes  <tonikitoo@igalia.com>
238
239         [RTL Scrollbars] Frame scrollbars don't move to the right when text direction changes to RTL
240         https://bugs.webkit.org/show_bug.cgi?id=158252
241
242         Reviewed by Myles C. Maxfield.
243
244         When the 'dir' attribute changes either on body or on the document
245         element level, the associated FrameView does not trigger an update on
246         the frame level vertical scrollbar.
247
248         Patch adds a 'hook' so that RenderBox::styleDidChange can call in
249         order to get the document level scrollbar placed properly in the next
250         layout.
251
252         Test: fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement.html
253               fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2.html
254               fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement.html
255
256         * page/FrameView.cpp:
257         (WebCore::FrameView::topContentDirectionDidChange):
258         * page/FrameView.h:
259         * rendering/RenderBox.cpp:
260         (WebCore::RenderBox::styleDidChange):
261
262 2016-07-14  Myles C. Maxfield  <mmaxfield@apple.com>
263
264         Support new emoji group candidates
265         https://bugs.webkit.org/show_bug.cgi?id=159755
266         <rdar://problem/27325521>
267
268         Reviewed by Dean Jackson.
269
270         There are a few code points which should be able to be joined (with ZWJ) to
271         either U+2640 or U+2642 to change the gender of the emoji. These patterns
272         should also work with an additional 0xFE0F variation selector. This patch
273         adds these new patterns to our existing emoji group candidate infrastructure.
274
275         Tests: fast/text/emoji-gender-2-3.html
276                fast/text/emoji-gender-2-4.html
277                fast/text/emoji-gender-2-5.html
278                fast/text/emoji-gender-2-6.html
279                fast/text/emoji-gender-2-7.html
280                fast/text/emoji-gender-2-8.html
281                fast/text/emoji-gender-2-9.html
282                fast/text/emoji-gender-2.html
283                fast/text/emoji-gender-3.html
284                fast/text/emoji-gender-4.html
285                fast/text/emoji-gender-5.html
286                fast/text/emoji-gender-6.html
287                fast/text/emoji-gender-7.html
288                fast/text/emoji-gender-8.html
289                fast/text/emoji-gender-9.html
290                fast/text/emoji-gender-fe0f-3.html
291                fast/text/emoji-gender-fe0f-4.html
292                fast/text/emoji-gender-fe0f-5.html
293                fast/text/emoji-gender-fe0f-6.html
294                fast/text/emoji-gender-fe0f-7.html
295                fast/text/emoji-gender-fe0f-8.html
296                fast/text/emoji-gender-fe0f-9.html
297                fast/text/emoji-gender.html
298                fast/text/emoji-num-glyphs.html
299                fast/text/emoji-single-parent-family-2.html
300                fast/text/emoji-single-parent-family.html
301
302         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
303         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
304         * platform/graphics/FontCascade.cpp:
305         (WebCore::FontCascade::characterRangeCodePath):
306         * platform/text/CharacterProperties.h:
307         (WebCore::isEmojiGroupCandidate):
308
309 2016-07-14  Dean Jackson  <dino@apple.com>
310
311         CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::MediaQueryEvaluator::evaluate const
312         https://bugs.webkit.org/show_bug.cgi?id=159799
313         <rdar://problem/27346959>
314
315         Reviewed by Myles Maxfield.
316
317         Speculative fix for this crash, which seems to happen when asking for the Node's
318         renderer(). From the incoming crash logs, it is triggered by mutations on
319         a <picture> or <img> element, which would require choosing a new source,
320         and causing some media queries to evaluate.
321
322         The only place in MediaQueryEvaluator that has anything to do with
323         renderers is when gathering up some style information to pass to the
324         actual evaluation function. I put a guard against a missing documentElement
325         in there.
326
327         * css/MediaQueryEvaluator.cpp:
328         (WebCore::MediaQueryEvaluator::evaluate): Make sure documentElement is not
329         null.
330
331 2016-07-14  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
332
333         Update HTML*Element class override methods in final classes
334         https://bugs.webkit.org/show_bug.cgi?id=159456
335
336         Reviewed by Youenn Fablet.
337
338         Update HTML*Element classes so that overriden methods in final classes are marked final.
339         Also marked HTMLDivElement overriden methods as final since they are not overridden by derived classes.
340
341         * html/HTMLAppletElement.h:
342         * html/HTMLAreaElement.h:
343         * html/HTMLAttachmentElement.h:
344         * html/HTMLAudioElement.h:
345         * html/HTMLBRElement.h:
346         * html/HTMLBaseElement.h:
347         * html/HTMLBodyElement.h:
348         * html/HTMLButtonElement.h:
349         * html/HTMLCanvasElement.h:
350         * html/HTMLDataElement.h:
351         * html/HTMLDetailsElement.h:
352         * html/HTMLDivElement.h:
353         * html/HTMLEmbedElement.h:
354         * html/HTMLFieldSetElement.h:
355         * html/HTMLFontElement.h:
356         * html/HTMLFormElement.h:
357         * html/HTMLFrameSetElement.h:
358         * html/HTMLHRElement.h:
359         * html/HTMLHtmlElement.h:
360         * html/HTMLKeygenElement.h:
361         * html/HTMLLIElement.h:
362         * html/HTMLLabelElement.h:
363         * html/HTMLLegendElement.h:
364         * html/HTMLLinkElement.h:
365         * html/HTMLMapElement.h:
366         * html/HTMLMarqueeElement.h:
367         * html/HTMLMetaElement.h:
368         * html/HTMLMeterElement.h:
369         * html/HTMLModElement.h:
370         * html/HTMLOListElement.h:
371         * html/HTMLObjectElement.h:
372         * html/HTMLOptGroupElement.h:
373         * html/HTMLOptionElement.h:
374         * html/HTMLOutputElement.h:
375         * html/HTMLParagraphElement.h:
376         * html/HTMLParamElement.h:
377         * html/HTMLPreElement.h:
378         * html/HTMLProgressElement.h:
379         * html/HTMLQuoteElement.h:
380         * html/HTMLScriptElement.h:
381         * html/HTMLSourceElement.h:
382         * html/HTMLStyleElement.h:
383         * html/HTMLSummaryElement.h:
384         * html/HTMLTableCaptionElement.h:
385         * html/HTMLTableColElement.h:
386         * html/HTMLTableElement.h:
387         * html/HTMLTableSectionElement.h:
388         * html/HTMLTemplateElement.h:
389         * html/HTMLTextAreaElement.h:
390         * html/HTMLTitleElement.h:
391         * html/HTMLUListElement.h:
392         * html/HTMLUnknownElement.h:
393         * html/HTMLVideoElement.h:
394         * html/HTMLWBRElement.h:
395
396 2016-07-14  Chris Dumez  <cdumez@apple.com>
397
398         Modernize GlyphMetricsMap
399         https://bugs.webkit.org/show_bug.cgi?id=159788
400
401         Reviewed by Darin Adler.
402
403         Modernize GlyphMetricsMap a bit.
404
405         * platform/graphics/GlyphMetricsMap.h:
406         - Drop WTF_MAKE_NONCOPYABLE as the class is already non-copyable due to having
407           to having a std::unique_ptr data member.
408         - Drop GlyphMetricsMap default constructor and let the compiler generate it
409           instead. This required using inline initialization for m_filledPrimaryPage.
410
411         (WebCore::GlyphMetricsMap::GlyphMetricsPage::GlyphMetricsPage):
412         - Make m_metrics data member private as it does not need to be public.
413         - Make setMetricsForIndex(unsigned index, const T& metrics) setter private
414           as it does not need to be public.
415         - Make GlyphMetricsPage(const T& initialValue) constructor explicit as it
416           takes only 1 parameter.
417
418         (WebCore::GlyphMetricsMap<T>::locatePageSlowCase):
419         - Use HashMap::ensure() to make the code a bit nicer.
420
421 2016-07-14  Simon Fraser  <simon.fraser@apple.com>
422
423         [iOS WK2] When scrolling apple.com/music on iPad Pro in landscape, left-hand tiles appear first
424         https://bugs.webkit.org/show_bug.cgi?id=159798
425         rdar://problem/27362717
426
427         Reviewed by Tim Horton.
428
429         In out-of-visible tiled layers, we always allocated the top-left tile, wasting
430         memory and causing ugliness when scrolling that layer into view. This happened
431         because getTileIndexRangeForRect() had no way to express the fact that no tiles
432         should be created.
433
434         Fix getTileIndexRangeForRect() to return a bool, and fix callers to respect the
435         return value.
436
437         Test: compositing/tiling/offscreen-tiled-layer.html
438
439         * platform/graphics/ca/GraphicsLayerCA.cpp:
440         (WebCore::GraphicsLayerCA::dumpAdditionalProperties):
441         * platform/graphics/ca/TileGrid.cpp:
442         (WebCore::TileGrid::setNeedsDisplayInRect):
443         (WebCore::TileGrid::tilesWouldChangeForCoverageRect):
444         (WebCore::TileGrid::getTileIndexRangeForRect):
445         (WebCore::TileGrid::revalidateTiles):
446         (WebCore::TileGrid::ensureTilesForRect):
447         (WebCore::TileGrid::extent):
448         * platform/graphics/ca/TileGrid.h:
449
450 2016-07-14  John Wilander  <wilander@apple.com>
451
452         Remove credentials in URL when accessed through location.href
453         https://bugs.webkit.org/show_bug.cgi?id=139562
454         <rdar://problem/27331164>
455
456         Reviewed by Brent Fulgham.
457
458         Test: http/tests/security/location-href-clears-username-password.html
459
460         The reason for this change is to not allow scripts on the page to
461         exfiltrate username and password from the URL.
462
463         * page/Location.cpp:
464         (WebCore::Location::href):
465             Now checks if there is a username or password in the URL. If so,
466             it copies the URL and removes the username and password.
467
468 2016-07-14  Javier Fernandez  <jfernandez@igalia.com>
469
470         [css-grid] Handle min-content/max-content with orthogonal flows
471         https://bugs.webkit.org/show_bug.cgi?id=159294
472
473         Reviewed by Darin Adler.
474
475         Currently there is no support for orthogonal flows in many aspects of the
476         Grid Layout logic.
477
478         The Grid sizing algorithm should be adapted to this scenario, hence this
479         patch focus on the min-content and max-content functions, used to resolve
480         content based track sizes.
481
482         There are still issues related to alignment and sizes using percentages,
483         but they will be addressed in different patches.
484
485         Tests: fast/css-grid-layout/grid-item-positioning-with-orthogonal-flows.html
486                fast/css-grid-layout/grid-item-sizing-with-orthogonal-flows.html
487                fast/css-grid-layout/grid-item-spanning-and-orthogonal-flows.html
488                fast/css-grid-layout/grid-track-sizing-with-orthogonal-flows.html
489                fast/css-grid-layout/grid-track-sizing-with-percentages-and-orthogonal-flows.html
490
491         * rendering/RenderBox.cpp:
492         (WebCore::RenderBox::computeLogicalWidthInRegion):
493         * rendering/RenderGrid.cpp:
494         (WebCore::RenderGrid::GridSizingData::advanceNextState):
495         (WebCore::RenderGrid::GridSizingData::isValidTransitionForDirection):
496         (WebCore::RenderGrid::computeTrackSizesForDirection):
497         (WebCore::RenderGrid::repeatTracksSizingIfNeeded): Added.
498         (WebCore::RenderGrid::layoutBlock):
499         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
500         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
501         (WebCore::hasOverrideContainingBlockContentSizeForChild):
502         (WebCore::overrideContainingBlockContentSizeForChild):
503         (WebCore::setOverrideContainingBlockContentSizeForChild):
504         (WebCore::shouldClearOverrideContainingBlockContentSizeForChild):
505         (WebCore::RenderGrid::gridTrackSize):
506         (WebCore::RenderGrid::isOrthogonalChild): Added.
507         (WebCore::RenderGrid::logicalHeightForChild):
508         (WebCore::RenderGrid::flowAwareDirectionForChild): Added.
509         (WebCore::RenderGrid::minSizeForChild):
510         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
511         (WebCore::RenderGrid::minContentForChild):
512         (WebCore::RenderGrid::maxContentForChild):
513         (WebCore::RenderGrid::placeItemsOnGrid):
514         (WebCore::RenderGrid::layoutPositionedObject):
515         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
516         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild): Added.
517         (WebCore::RenderGrid::gridAreaBreadthForChild):
518         (WebCore::RenderGrid::columnAxisPositionForChild):
519         (WebCore::RenderGrid::rowAxisPositionForChild):
520         (WebCore::RenderGrid::findChildLogicalPosition):
521         * rendering/RenderGrid.h:
522         (WebCore::RenderGrid::SizingOperation): This enum has been moved to the header file.
523         (WebCore::RenderGrid::m_hasAnyOrthogonalChild): New class attribute to know if there are any orthogonal grid items.
524         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
525         (WebCore::RenderGrid::logicalHeightForChild):
526         (WebCore::RenderGrid::gridAreaBreadthForChild):
527         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):
528
529
530
531 2016-07-14  Chris Dumez  <cdumez@apple.com>
532
533         Use emptyString() instead of "" when possible
534         https://bugs.webkit.org/show_bug.cgi?id=159789
535
536         Reviewed by Alex Christensen.
537
538         Use emptyString() instead of "" when possible to reduce String allocations.
539
540         * Modules/webdatabase/Database.cpp:
541         (WebCore::Database::performOpenAndVerify):
542         * css/CSSSelector.h:
543         * css/StyleProperties.cpp:
544         (WebCore::MutableStyleProperties::removeProperty):
545         (WebCore::MutableStyleProperties::removeCustomProperty):
546         * editing/TextCheckingHelper.cpp:
547         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
548         (WebCore::TextCheckingHelper::findFirstBadGrammar):
549         * editing/TypingCommand.h:
550         (WebCore::TypingCommand::create):
551         * fileapi/FileReaderLoader.cpp:
552         (WebCore::FileReaderLoader::cleanup):
553         * inspector/InspectorStyleSheet.cpp:
554         (WebCore::fillMediaListChain):
555         * page/UserContentURLPattern.cpp:
556         (WebCore::UserContentURLPattern::parse):
557         * platform/graphics/MediaPlayer.cpp:
558         (WebCore::MediaPlayer::load):
559         * platform/gtk/DataObjectGtk.h:
560         (WebCore::DataObjectGtk::clearURIList):
561         * platform/network/curl/ResourceHandleCurl.cpp:
562         (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
563         * platform/network/curl/ResourceHandleManager.h:
564         * rendering/RenderLayerCompositor.cpp:
565         (WebCore::RenderLayerCompositor::layerTreeAsText):
566         * rendering/RenderListMarker.cpp:
567         (WebCore::RenderListMarker::updateContent):
568         * rendering/style/RenderStyle.cpp:
569         (WebCore::RenderStyle::noneDashboardRegions):
570         * rendering/svg/SVGTextMetrics.cpp:
571         (WebCore::SVGTextMetrics::SVGTextMetrics):
572         * xml/XPathParser.cpp:
573         (WebCore::XPath::Parser::lexString):
574
575 2016-07-14  Brent Fulgham  <bfulgham@apple.com>
576
577         editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc 
578         https://bugs.webkit.org/show_bug.cgi?id=142969
579         <rdar://problem/27331095>
580
581         Reviewed by Alex Christensen.
582
583         Fix based on a Blink change (patch by <rouslan@chromium.org>):
584         <https://chromium.googlesource.com/chromium/blink/+/c713736b122c2224804b2db72f1f711cb47ee260%5E%21/#F1>
585
586         Test: editing/spelling/copy-paste-crash.html
587               editing/spelling/spellcheck-async.html
588
589         * editing/SpellChecker.cpp:
590         (WebCore::SpellCheckRequest::didSucceed):
591         (WebCore::SpellCheckRequest::didCancel):
592
593 2016-07-14  Zalan Bujtas  <zalan@apple.com>
594
595         ImageBuffer's succes flag should be set to false at the very beginning of the c'tor.
596         https://bugs.webkit.org/show_bug.cgi?id=159784
597
598         Reviewed by Simon Fraser.
599
600         No change in functionality.
601
602         * platform/graphics/cg/ImageBufferCG.cpp:
603         (WebCore::ImageBuffer::ImageBuffer):
604
605 2016-07-14  Alex Christensen  <achristensen@webkit.org>
606
607         Use SocketProvider to create SocketStreamHandles
608         https://bugs.webkit.org/show_bug.cgi?id=159774
609
610         Reviewed by Brady Eidson.
611
612         No new tests.  No change in behaviour.
613         
614         In r202930 I introduced the SocketProvider, but I used it to make a WebSocketChannel
615         instead of a SocketStreamHandle, which is the class I want to make into an interface
616         and proxy the web traffic over to the NetworkProcess.
617
618         * CMakeLists.txt:
619         * Modules/websockets/ThreadableWebSocketChannel.cpp: Added.
620         (WebCore::ThreadableWebSocketChannel::create):
621         I removed this in 202930, so this is restoring it from that patch, hence the old copyright.
622         * Modules/websockets/ThreadableWebSocketChannel.h:
623         (WebCore::ThreadableWebSocketChannel::ThreadableWebSocketChannel):
624         * Modules/websockets/WebSocket.cpp:
625         (WebCore::WebSocket::connect):
626         * Modules/websockets/WebSocketChannel.cpp:
627         (WebCore::WebSocketChannel::WebSocketChannel):
628         (WebCore::WebSocketChannel::connect):
629         * Modules/websockets/WebSocketChannel.h:
630         (WebCore::WebSocketChannel::create):
631         * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
632         (WebCore::WorkerThreadableWebSocketChannel::WorkerThreadableWebSocketChannel):
633         (WebCore::WorkerThreadableWebSocketChannel::resume):
634         (WebCore::WorkerThreadableWebSocketChannel::Peer::Peer):
635         (WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveMessageError):
636         (WebCore::WorkerThreadableWebSocketChannel::Bridge::Bridge):
637         (WebCore::WorkerThreadableWebSocketChannel::Bridge::~Bridge):
638         (WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
639         (WebCore::WorkerThreadableWebSocketChannel::Bridge::initialize):
640         * Modules/websockets/WorkerThreadableWebSocketChannel.h:
641         (WebCore::WorkerThreadableWebSocketChannel::create):
642         (WebCore::WorkerThreadableWebSocketChannel::Bridge::create):
643         * WebCore.xcodeproj/project.pbxproj:
644         * inspector/InspectorOverlay.cpp:
645         (WebCore::InspectorOverlay::overlayPage):
646         * loader/EmptyClients.cpp:
647         (WebCore::EmptyEditorClient::registerRedoStep):
648         (WebCore::EmptySocketProvider::createWebSocketChannel): Deleted.
649         * loader/EmptyClients.h:
650         * page/SocketProvider.cpp: Added.
651         (WebCore::SocketProvider::createSocketStreamHandle):
652         * page/SocketProvider.h:
653         (WebCore::SocketProvider::~SocketProvider): Deleted.
654         * platform/network/cf/SocketStreamHandle.h:
655         * svg/graphics/SVGImage.cpp:
656         (WebCore::SVGImage::dataChanged):
657
658 2016-07-14  Brady Eidson  <beidson@apple.com>
659
660         "User delete" tests are flakey timeouts (and/or DatabaseProcess crashes).
661         https://bugs.webkit.org/show_bug.cgi?id=158741
662
663         Reviewed by Alex Christensen.
664
665         No new tests (Covered by existing tests in some configurations)
666
667         - Check if a database hard delete is complete in more places.
668         - Asynchronously clear out the hard close protector instead of synchronously.
669         
670         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
671         (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
672         (WebCore::IDBServer::UniqueIDBDatabase::didPerformUnconditionalDeleteBackingStore):
673         (WebCore::IDBServer::UniqueIDBDatabase::didFinishHandlingVersionChange):
674         (WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient):
675         (WebCore::IDBServer::UniqueIDBDatabase::transactionCompleted):
676         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
677         (WebCore::IDBServer::UniqueIDBDatabase::maybeFinishHardClose):
678         (WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):
679         (WebCore::IDBServer::UniqueIDBDatabase::doneWithHardClose): Deleted.
680
681         * Modules/indexeddb/server/UniqueIDBDatabase.h:
682         (WebCore::IDBServer::UniqueIDBDatabase::hardClosedForUserDelete):
683
684         * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
685         (WebCore::IDBServer::UniqueIDBDatabaseConnection::didAbortTransaction):
686
687 2016-07-13  Brent Fulgham  <bfulgham@apple.com>
688
689         CSSStyleSheet members should clear their owner node when destroyed
690         https://bugs.webkit.org/show_bug.cgi?id=117470
691
692         Reviewed by Chris Dumez.
693
694         Make sure that CSSStyleSheet members are detached from their owner node when
695         the owning object is destroyed.
696
697         I audited other CSSStyleSheet uses, and found one other place where the owner node was not
698         being cleared during destruction. The Inspector also uses CSSStyleSheet, but seems to
699         handle the node ownership properly.
700
701         Fix based on a Blink change (patch by <haraken@chromium.org>):
702         <https://chromium.googlesource.com/chromium/blink/+/c4949bfdeb2a613701afa1410bdae70531b8f6bf>
703
704         Also includes a follow-up fix (patch by <haraken@chromium.org>):
705         <https://chromium.googlesource.com/chromium/blink/+/9c3932dc80b33429db3a5873cb266b726c8a19bf>
706
707         No test case. Was found by the Chromium team through review of their crash traces under minor DOM GC.
708
709         * contentextensions/ContentExtensionStyleSheet.cpp:
710         (WebCore::ContentExtensions::ContentExtensionStyleSheet::~ContentExtensionStyleSheet):
711         * contentextensions/ContentExtensionStyleSheet.h:
712         * dom/InlineStyleSheetOwner.cpp:
713         (WebCore::InlineStyleSheetOwner::~InlineStyleSheetOwner):
714         (WebCore::authorStyleSheetsForElement):
715
716 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
717
718         Fix the !ENABLE(WEB_SOCKETS) build after r202930
719         https://bugs.webkit.org/show_bug.cgi?id=159768
720
721         Reviewed by Alex Christensen.
722
723         * loader/EmptyClients.cpp:
724         * loader/EmptyClients.h:
725         * page/SocketProvider.h:
726         * workers/WorkerGlobalScope.cpp:
727         (WebCore::WorkerGlobalScope::WorkerGlobalScope):
728         * workers/WorkerThread.cpp:
729         (WebCore::WorkerThread::WorkerThread):
730
731 2016-07-14  Youenn Fablet  <youenn@apple.com>
732
733         DOMIterators should be assigned a correct prototype
734         https://bugs.webkit.org/show_bug.cgi?id=159115
735
736         Reviewed by Chris Dumez.
737
738         Default iterator object internal prototype property is the Iterator prototype as defined in
739         http://heycam.github.io/webidl/#dfn-iterator-prototype-object.
740         Linking DOMIterator prototype to IteratorPrototype.
741         This allows adding @@iterator property to the result of entries, keys and values methods.
742         This in turns allow doing for-of loops on them.
743
744         Covered by updated test.
745
746         * ForwardingHeaders/runtime/IteratorPrototype.h: Added.
747         * bindings/js/JSDOMIterator.h: Setting correct prototype and marking next prototype property as enumerable.
748
749 2016-07-14  Youenn Fablet  <youenn@apple.com>
750
751         Remove support for value iterators from JSDOMIterator
752         https://bugs.webkit.org/show_bug.cgi?id=159293
753
754         Reviewed by Chris Dumez.
755
756         Value iterators are now handled without using DOMIterator.
757         Since FontFaceSet is using DOMIterator as an intermediate step towards supporting set-like,
758         entries and forEach implementation should be made compliant with set-like.
759         This means that item value should be passed instead of an index in entries iterator and forEach callback.
760
761         Covered by updated test.
762
763         * bindings/js/JSDOMIterator.h:
764         (WebCore::JSDOMIterator<JSWrapper>::asJS): Pass set item as entries value field.
765         (WebCore::appendForEachArguments): Pass set item as second parameter.
766         (WebCore::iteratorForEach): Remove index handling.
767
768 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
769
770         Fix the !ENABLE(MATHML) build after r201739
771         https://bugs.webkit.org/show_bug.cgi?id=159767
772
773         Reviewed by Alex Christensen.
774
775         * dom/Document.cpp:
776         (WebCore::Document::validateCustomElementName):
777
778 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
779
780         Fix the !ENABLE(CSS_IMAGE_SET) build
781         https://bugs.webkit.org/show_bug.cgi?id=159766
782
783         Reviewed by Alex Christensen.
784
785         * css/CSSParser.cpp:
786
787 2016-07-14  Frederic Wang  <fred.wang@free.fr>
788
789         Cleanup of MathML headers
790         https://bugs.webkit.org/show_bug.cgi?id=159336
791
792         Reviewed by Alex Christensen.
793
794         We do some cleanup in MathML headers:
795         - Use #pragma once
796         - Use final for class that are not extended.
797         - Use final instead of override for virtual members that are not overridden by derived classes.
798         - Try and reduce the visibility of function members to private or protected as appropriate.
799         - Remove useless #include
800         - Remove useless class or friendship declaration
801         - Remove unused functions
802
803         No new tests, behavior is unchanged.
804
805         * mathml/MathMLElement.h:
806         * mathml/MathMLInlineContainerElement.h:
807         * mathml/MathMLMathElement.h:
808         * mathml/MathMLMencloseElement.h:
809         * mathml/MathMLOperatorDictionary.h:
810         * mathml/MathMLPaddedElement.h:
811         * mathml/MathMLSelectElement.h:
812         * mathml/MathMLSpaceElement.h:
813         * mathml/MathMLTextElement.h:
814         * rendering/mathml/MathOperator.h:
815         * rendering/mathml/RenderMathMLBlock.h:
816         * rendering/mathml/RenderMathMLFenced.h:
817         * rendering/mathml/RenderMathMLFraction.h:
818         * rendering/mathml/RenderMathMLMath.h:
819         * rendering/mathml/RenderMathMLMenclose.h:
820         * rendering/mathml/RenderMathMLOperator.h:
821         * rendering/mathml/RenderMathMLRoot.h:
822         * rendering/mathml/RenderMathMLRow.cpp:
823         (WebCore::RenderMathMLRow::RenderMathMLRow): Deleted. We no longer create anonymous row.
824         * rendering/mathml/RenderMathMLRow.h:
825         * rendering/mathml/RenderMathMLScripts.h:
826         * rendering/mathml/RenderMathMLSpace.h:
827         * rendering/mathml/RenderMathMLToken.h:
828         * rendering/mathml/RenderMathMLUnderOver.h:
829
830 2016-07-14  Alex Christensen  <achristensen@webkit.org>
831
832         Pass SessionID to WebSocketHandle constructor
833         https://bugs.webkit.org/show_bug.cgi?id=159772
834
835         Reviewed by Brady Eidson.
836
837         No new tests.  No change in behavior.
838
839         * Modules/websockets/WebSocketChannel.cpp:
840         (WebCore::WebSocketChannel::connect):
841         * platform/network/cf/SocketStreamHandle.h:
842         (WebCore::SocketStreamHandle::create):
843         * platform/network/cf/SocketStreamHandleCFNet.cpp:
844         (WebCore::SocketStreamHandle::SocketStreamHandle):
845         * platform/network/curl/SocketStreamHandle.h:
846         (WebCore::SocketStreamHandle::create):
847         * platform/network/soup/SocketStreamHandle.h:
848
849 2016-07-14  Carlos Garcia Campos  <cgarcia@igalia.com>
850
851         [GLib] Use a GSource instead of a thread to poll memory pressure eventFD in linux implementation
852         https://bugs.webkit.org/show_bug.cgi?id=159346
853
854         Reviewed by Antonio Gomes.
855
856         This is a follow up of r203216 to fix wrong use of Optional values.
857
858         * platform/linux/MemoryPressureHandlerLinux.cpp:
859
860 2016-07-14  Youenn Fablet  <youenn@apple.com>
861
862         DOM value iterable interfaces should use Array prototype methods
863         https://bugs.webkit.org/show_bug.cgi?id=159296
864
865         Reviewed by Chris Dumez and Mark Lam.
866
867         Test: fast/dom/NodeList/nodelist-iterable.html
868         Also covered by updated layout test and binding tests.
869
870         For value iterators, copy the iterator methods from Array prototype: as per https://heycam.github.io/webidl/#es-iterable,
871         [re: entries] If the interface has a value iterator, then the Function object is the initial value of the "entries" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
872         [re: keys] If the interface has a value iterator, then the Function object is the initial value of the "keys" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
873         [re: forEach] If the interface defines an indexed property getter, then the Function object is the initial value of the "forEach" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
874         [re: Symbol.iterator] If the interface defines an indexed property getter, then the Function object is %ArrayProto_values% ([ECMA-262], section 6.1.7.4).
875         [re: values] If the interface has a value iterator, then the Function object is the value of the @@iterator property.
876
877         This change applies only to NodeList at the moment.
878         Copy of Array prototype iterator methods is disabled if the interface has no indexed getter.
879
880         * CMakeLists.txt:
881         * ForwardingHeaders/builtins/BuiltinNames.h: Added.
882         * ForwardingHeaders/builtins/JSCBuiltins.h: Added.
883         * ForwardingHeaders/runtime/CommonIdentifiers.h: Added.
884         * WebCore.xcodeproj/project.pbxproj:
885         * bindings/js/JSDOMIterator.cpp: Added.
886         (WebCore::addValueIterableMethods): Copy iterator methods from array prototype.
887         * bindings/js/JSDOMIterator.h:
888         * bindings/scripts/CodeGeneratorJS.pm:
889         (GeneratePropertiesHashTable):
890         (GenerateImplementation):
891         (IsValueIterableInterface): Introduced to only copy iterator methods if the interface has an indexed getter.
892         (IsKeyValueIterableInterface): Introduced to detect whether generating iterator methods.
893         (GenerateImplementationIterableFunctions):
894         * bindings/scripts/test/GObject/WebKitDOMTestIterable.cpp: Added.
895         * bindings/scripts/test/GObject/WebKitDOMTestIterable.h: Added.
896         * bindings/scripts/test/GObject/WebKitDOMTestIterablePrivate.h: Added.
897         * bindings/scripts/test/JS/JSTestIterable.cpp: Added.
898         * bindings/scripts/test/JS/JSTestIterable.h: Added.
899         * bindings/scripts/test/JS/JSTestObj.cpp: Updated as TestObj defines both iterable<> and indexed getter.
900         * bindings/scripts/test/ObjC/DOMTestIterable.h: Added.
901         * bindings/scripts/test/ObjC/DOMTestIterable.mm: Added.
902         * bindings/scripts/test/ObjC/DOMTestIterableInternal.h: Added.
903         * bindings/scripts/test/TestIterable.idl: Added to handle the case of value iterator without indexed getter defined.
904         Array prototype methods should not be copied.
905         * bindings/scripts/test/TestObj.idl: Changing to be a value iterator (with indexed getter already defined).
906         Array prototype methods should be copied.
907
908 2016-07-14  Youenn Fablet  <youenn@apple.com>
909
910         [Fetch API] Request and Response url getter should use URL serialization
911         https://bugs.webkit.org/show_bug.cgi?id=159705
912
913         Reviewed by Alex Christensen.
914
915         Tests: fetch/fetch-url-serialization.html
916                imported/w3c/web-platform-tests/fetch/api/basic/response-url-worker.html
917                imported/w3c/web-platform-tests/fetch/api/basic/response-url.html
918
919         Implementing https://url.spec.whatwg.org/#concept-url-serializer and applying it to Request and Response getter.
920         Adding a temporary routine to compute url cannot-be-a-base-url flag. The parsing routine should store that
921         information in the URL itself.
922
923         Added tests to cover serialization routine. Failing tests are mostly due to limitations of the URL parser.
924         Tests do not check for URLs with username and password as Request constructor throws with such URLs.
925
926         * Modules/fetch/FetchRequest.cpp:
927         (WebCore::FetchRequest::url): Adding request url serialization, fragment included.
928         * Modules/fetch/FetchRequest.h:
929         * Modules/fetch/FetchResponse.cpp:
930         (WebCore::FetchResponse::url): Adding response url serialization, fragment excluded.
931         * Modules/fetch/FetchResponse.h:
932         * platform/URL.cpp:
933         (WebCore::cannotBeABaseURL): Temporary helper function to have a coarse evaluation of url cannot-be-a-base-url flag.
934         (WebCore::URL::serialize): Implementation of https://url.spec.whatwg.org/#concept-url-serializer.
935         * platform/URL.h:
936         (WebCore::URL::hasUser): Helper getter.
937         (WebCore::URL::hasPassword): Ditto.
938         (WebCore::URL::hasQuery): Ditto.
939         (WebCore::URL::hasFragment): Ditto.
940
941 2016-07-14  Sergio Villar Senin  <svillar@igalia.com>
942
943         [css-grid] Const-ify track sizing algorithm
944         https://bugs.webkit.org/show_bug.cgi?id=159716
945
946         Reviewed by Carlos Garcia Campos.
947
948         All the methods used to run the track sizing algorithm should not
949         modify the state of LayoutGrid. We can safely const-ify all of them
950         and remove the ugly const_cast in computeIntrinsicLogicalWidths().
951
952         No new tests needed as there is no change in behavior.
953
954         * rendering/RenderGrid.cpp:
955         (WebCore::RenderGrid::logicalHeightForChild):
956         (WebCore::RenderGrid::minSizeForChild):
957         (WebCore::RenderGrid::updateOverrideContainingBlockContentLogicalWidthForChild):
958         (WebCore::RenderGrid::minContentForChild):
959         (WebCore::RenderGrid::maxContentForChild):
960         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
961         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
962         (WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase):
963         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
964         (WebCore::RenderGrid::distributeSpaceToTracks):
965         * rendering/RenderGrid.h:
966
967 2016-07-14  Jer Noble  <jer.noble@apple.com>
968
969         REGRESSION (r202918): LayoutTest media/video-main-content-allow-then-deny.html is flaky, failing almost every time on El Capitan
970         https://bugs.webkit.org/show_bug.cgi?id=159533
971
972         Reviewed by Eric Carlson.
973
974         Move the contents of mainContentCheckTimerFired() into updateIsMainContent() so that the
975         results of changing the m_isMainContent ivar are acted upon no matter why m_isMainContent
976         changes.
977
978         * html/MediaElementSession.cpp:
979         (WebCore::MediaElementSession::mainContentCheckTimerFired):
980         (WebCore::MediaElementSession::updateIsMainContent):
981
982 2016-07-13  Alex Christensen  <achristensen@webkit.org>
983
984         Modernize WebSocket handle
985         https://bugs.webkit.org/show_bug.cgi?id=159750
986
987         Reviewed by Brady Eidson.
988
989         No new tests.  No change in behavior.
990         This patch just removes ThreadableWebSocketChannel::InvalidMessage which is never used
991         and makes our use of SocketStreamHandleClient a reference instead of a pointer.
992
993         * Modules/websockets/ThreadableWebSocketChannel.h:
994         * Modules/websockets/WebSocket.cpp:
995         (WebCore::WebSocket::send):
996         * Modules/websockets/WebSocketChannel.cpp:
997         (WebCore::WebSocketChannel::connect):
998         * platform/network/SocketStreamHandleBase.cpp:
999         (WebCore::SocketStreamHandleBase::SocketStreamHandleBase):
1000         (WebCore::SocketStreamHandleBase::send):
1001         (WebCore::SocketStreamHandleBase::disconnect):
1002         (WebCore::SocketStreamHandleBase::sendPendingData):
1003         (WebCore::SocketStreamHandleBase::setClient): Deleted.
1004         * platform/network/SocketStreamHandleBase.h:
1005         (WebCore::SocketStreamHandleBase::~SocketStreamHandleBase):
1006         (WebCore::SocketStreamHandleBase::bufferedAmount):
1007         (WebCore::SocketStreamHandleBase::client):
1008         * platform/network/cf/SocketStreamHandle.h:
1009         (WebCore::SocketStreamHandle::create):
1010         * platform/network/cf/SocketStreamHandleCFNet.cpp:
1011         (WebCore::SocketStreamHandle::SocketStreamHandle):
1012         (WebCore::SocketStreamHandle::addCONNECTCredentials):
1013         (WebCore::SocketStreamHandle::copyCFStreamDescription):
1014         (WebCore::SocketStreamHandle::readStreamCallback):
1015         (WebCore::SocketStreamHandle::writeStreamCallback):
1016         (WebCore::SocketStreamHandle::reportErrorToClient):
1017         (WebCore::SocketStreamHandle::~SocketStreamHandle):
1018         (WebCore::SocketStreamHandle::platformClose):
1019         (WebCore::SocketStreamHandle::port):
1020         * platform/network/curl/SocketStreamHandle.h:
1021         (WebCore::SocketStreamHandle::create):
1022         * platform/network/curl/SocketStreamHandleCurl.cpp:
1023         (WebCore::SocketStreamHandle::SocketStreamHandle):
1024         (WebCore::SocketStreamHandle::platformClose):
1025         (WebCore::SocketStreamHandle::readData):
1026         (WebCore::SocketStreamHandle::didReceiveData):
1027         (WebCore::SocketStreamHandle::didOpenSocket):
1028         (WebCore::SocketStreamHandle::createCopy):
1029         * platform/network/soup/SocketStreamHandle.h:
1030         * platform/network/soup/SocketStreamHandleSoup.cpp:
1031         (WebCore::SocketStreamHandle::SocketStreamHandle):
1032         (WebCore::SocketStreamHandle::~SocketStreamHandle):
1033         (WebCore::SocketStreamHandle::connected):
1034         (WebCore::SocketStreamHandle::connectedCallback):
1035         (WebCore::SocketStreamHandle::readBytes):
1036         (WebCore::SocketStreamHandle::didFail):
1037         (WebCore::SocketStreamHandle::writeReady):
1038         (WebCore::SocketStreamHandle::platformClose):
1039         (WebCore::SocketStreamHandle::beginWaitingForSocketWritability):
1040
1041 2016-07-13  Carlos Garcia Campos  <cgarcia@igalia.com>
1042
1043         [GLib] Use a GSource instead of a thread to poll memory pressure eventFD in linux implementation
1044         https://bugs.webkit.org/show_bug.cgi?id=159346
1045
1046         Reviewed by Antonio Gomes.
1047
1048         The eventFD file descriptor is pollable, so it would be much better to use a poll instead of a blocking read in
1049         a secondary thread and then communicate back to the main thread. This is very easy to do with GSource in GLib,
1050         so we could use that when GLib is available and keep the current implementation as a fallback.
1051
1052         * platform/MemoryPressureHandler.cpp:
1053         (WebCore::m_holdOffTimer): Use a RunLoop timer.
1054         * platform/MemoryPressureHandler.h:
1055         * platform/linux/MemoryPressureHandlerLinux.cpp:
1056         (WebCore::MemoryPressureHandler::EventFDPoller::EventFDPoller): Helper class do the eventFD polling.
1057         (WebCore::MemoryPressureHandler::logErrorAndCloseFDs): Check if file descriptors are -1 not 0.
1058         (WebCore::MemoryPressureHandler::install): Return early also if the hold off timer is active. Use EventFDPoller
1059         to do the polling.
1060         (WebCore::MemoryPressureHandler::uninstall): Stop the hold off timer and clear the EventFDPoller.
1061
1062 2016-07-13  Benjamin Poulain  <benjamin@webkit.org>
1063
1064         [CSS][ARMv7] :nth-child() do not reserve enough registers if it is in backtracking chain
1065         https://bugs.webkit.org/show_bug.cgi?id=159746
1066         rdar://problem/26156169
1067
1068         Reviewed by Andreas Kling.
1069
1070         The generator generateElementIsNthChild() requires 6 registers in style resolution
1071         to mark previous siblings with generateAddStyleRelationIfResolvingStyle() in the loop.
1072
1073         We were only reserving 5, which is a problem is the sixth is taken by the backtracking
1074         register. x86_64 was already requiring 6 for unrelated reasons and ARM64 has so many registers
1075         that you cannot possibly run out of them in CSS JIT.
1076
1077         I generalized the x86_64 path to all architectures.
1078         I did not limit this case to style resolution because the extra register is irrelevant
1079         in most cases. The only difference is one extra push/pop on ARMv7 if you use querySelector
1080         with :nth-child in a backtracking chain.
1081
1082         This problem is covered by the existing test fast/selectors/nth-child-with-backtracking.html
1083
1084         * cssjit/SelectorCompiler.cpp:
1085         (WebCore::SelectorCompiler::minimumRegisterRequirements): Deleted.
1086
1087 2016-07-13  Chris Dumez  <cdumez@apple.com>
1088
1089         Drop unnecessary check from ContainerNode::removeChild()
1090         https://bugs.webkit.org/show_bug.cgi?id=159747
1091
1092         Reviewed by Andreas Kling.
1093
1094         Drop unnecessary check from ContainerNode::removeChild() to make sure that
1095         the parent of the node being removed is |this|. We already do this check
1096         a few lines above. The only thing that happens in between is the ref'ing
1097         of the node, which does not cause any JS execution.
1098
1099         This check was introduced in r55783 because there used to be a call to
1100         document()->removeFocusedNodeOfSubtree(child.get());
1101         between the two checks. However, this call has been removed since then
1102         and the extra parentNode() check was left in.
1103
1104         * dom/ContainerNode.cpp:
1105         (WebCore::ContainerNode::removeChild): Deleted.
1106
1107 2016-07-12  Ryosuke Niwa  <rniwa@webkit.org>
1108
1109         REGRESSION(r202953): Clicking on input[type=file] doesn't open a file picker
1110         https://bugs.webkit.org/show_bug.cgi?id=159686
1111
1112         Reviewed by Chris Dumez.
1113
1114         The bug was caused by DOMActivate event not propagating out of the user-agent shadow tree
1115         of a file input, and FileInputType not receiving the event to open the file picker.
1116
1117         Made DOMActivate "composed" event which cross shadow boundaries to fix the bug. The feedback
1118         was given back to W3C on https://github.com/w3c/webcomponents/issues/513#issuecomment-231851617
1119
1120         Test: fast/forms/file/open-file-panel.html
1121
1122         * dom/Event.cpp:
1123         (WebCore::Event::composed):
1124
1125 2016-07-13  Antti Koivisto  <antti@apple.com>
1126
1127         v2: WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()
1128         https://bugs.webkit.org/show_bug.cgi?id=159722
1129
1130         Reviewed by Andreas Kling.
1131
1132         We have crashes where a StyleResolver is deleted underneath pseudoStyleForElement (key parts of the stack):
1133
1134         0   WebCore::StyleResolver::~StyleResolver
1135         3   WebCore::AuthorStyleSheets::updateActiveStyleSheets
1136         4   WebCore::Document::styleResolverChanged
1137         5   WebKit::WebPage::viewportConfigurationChanged()
1138         6   WebKit::WebPage::mainFrameDidLayout()
1139         9   WebCore::FrameLoader::checkCompleted
1140         13  WebCore::ResourceLoader::cancel
1141         19  WebKit::WebLoaderStrategy::loadResource
1142         24  WebCore::Style::loadPendingImage
1143         27  WebCore::StyleResolver::pseudoStyleForElement
1144         29  WebCore::RenderTreeUpdater::updateBeforeOrAfterPseudoElement
1145         33  WebCore::Document::recalcStyle
1146
1147         This appears to be happening when a content blocker blocks a resource load for an image referenced from a stylesheet
1148         and triggers synchronous cancellation of the load. With engine in suitable state this can clear style resolver.
1149
1150         No test, don't know how to make one. This is very timing and engine state dependent.
1151
1152         * dom/AuthorStyleSheets.cpp:
1153         (WebCore::AuthorStyleSheets::updateActiveStyleSheets):
1154
1155         We have an existing check here that prevents destruction of the style resolver when we are in the middle of
1156         a style resolution. However the old inStyleRecalc() bit no longer covers the render tree update phase. Pseudo
1157         elements are resolved during render tree update.
1158
1159         Fix by adding a check for inRenderTreeUpdate() bit too.
1160
1161         This just fixes a regression. A proper fix would be to gather all resources during style resolution
1162         and trigger the loads afterwards.
1163
1164 2016-07-13  Frederic Wang  <fred.wang@free.fr>
1165
1166         Remove padding and margin around the <math> element
1167         https://bugs.webkit.org/show_bug.cgi?id=157989
1168
1169         Reviewed by Brent Fulgham.
1170
1171         No new tests, already covered by existing tests.
1172
1173         * css/mathml.css:
1174         (math): Remove padding.
1175         (math[display="block"]): Remove margin.
1176
1177 2016-07-13  Enrica Casucci  <enrica@apple.com>
1178
1179         Update supported platforms in xcconfig files to match the sdk names.
1180         https://bugs.webkit.org/show_bug.cgi?id=159728
1181
1182         Reviewed by Tim Horton.
1183
1184         * Configurations/Base.xcconfig:
1185
1186 2016-07-13  Anders Carlsson  <andersca@apple.com>
1187
1188         "requiredShippingAddressFields" has been deprecated error thrown when using "requiredBillingAddressFields"
1189         https://bugs.webkit.org/show_bug.cgi?id=159729
1190         rdar://problem/27314974
1191
1192         Reviewed by Tim Horton.
1193
1194         Fix a paste-o.
1195
1196         * Modules/applepay/ApplePaySession.cpp:
1197         (WebCore::createPaymentRequest):
1198
1199 2016-07-13  Brent Fulgham  <bfulgham@apple.com>
1200
1201         [WK1][iOS] Crash when WebSocket attempts to dispatch a mixed content blocker event
1202         https://bugs.webkit.org/show_bug.cgi?id=159680
1203         <rdar://problem/22102028>
1204
1205         Reviewed by Zalan Bujtas.
1206
1207         WK1 on iOS should not use RunLoop::main(). Instead, it should be dispatching events
1208         on the WebThread.
1209
1210         Test: http/tests/ssl/mixedContent/insecure-websocket.html
1211
1212         * Modules/websockets/WebSocket.cpp:
1213         (WebCore::WebSocket::connect): Do not use RunLoop::main() when we should be using
1214         the WebThread.
1215
1216 2016-07-13  Frederic Wang  <fwang@igalia.com>
1217
1218         The display property of many MathML elements can not be overriden by page authors
1219         https://bugs.webkit.org/show_bug.cgi?id=139403
1220
1221         The mathml.css user agent stylesheet currently forces most MathML elements to render with
1222         'display: block'. We remove the !important keyword so that users can override the display
1223         property, for example to hide elements with 'display: none'. This is consistent with the
1224         behavior for SVG or HTML elements.
1225
1226         Reviewed by Brent Fulgham.
1227
1228         Test: imported/mathml-in-html5/mathml/relations/css-styling/display-1.html
1229
1230         * css/mathml.css:
1231         (math):
1232         (math[display="block"]):
1233         (ms, mspace, mtext, mi, mn, mo, mrow, mfenced, mfrac, msub, msup, msubsup, mmultiscripts, mprescripts, none, munder, mover, munderover, msqrt, mroot, merror, mphantom, mstyle, menclose, semantics, mpadded, maction):
1234         (mtd > *):
1235
1236 2016-07-13  Youenn Fablet  <youenn@apple.com>
1237
1238         [Fetch API] Response should not become disturbed on the ReadableStream creation
1239         https://bugs.webkit.org/show_bug.cgi?id=159714
1240
1241         Reviewed by Alex Christensen.
1242
1243         Covered by rebased test and existing tests.
1244
1245         * Modules/fetch/FetchResponse.cpp:
1246         (WebCore::FetchResponse::stop): Making the response disturbed if cancelled.
1247         * Modules/fetch/FetchResponseSource.cpp:
1248         (WebCore::FetchResponseSource::firstReadCallback): Start enqueueing as soon as first read is made.
1249         (WebCore::FetchResponseSource::doStart): Keep the start promise unresolved so that pull is not called.
1250         FetchResponse is a push source.
1251         * Modules/fetch/FetchResponseSource.h:
1252         * Modules/streams/ReadableStreamInternals.js:
1253         (readFromReadableStreamReader): Calling @firstReadCallback.
1254         * Modules/streams/ReadableStreamSource.h:
1255         (WebCore::ReadableStreamSource::firstReadCallback): Default implementation (does nothing).
1256         * Modules/streams/ReadableStreamSource.idl: Adding firstReadCallback private method.
1257         * bindings/js/WebCoreBuiltinNames.h: Adding @firstReadCallback.
1258
1259 2016-07-13  Philippe Normand  <pnormand@igalia.com>
1260
1261         [GStreamer][GL] crash within triggerRepaint
1262         https://bugs.webkit.org/show_bug.cgi?id=159552
1263
1264         Reviewed by Xabier Rodriguez-Calvar.
1265
1266         Revert the un-needed changes introduced in r203056 and use the
1267         MainThreadNotifier without redundant checks.
1268
1269         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
1270         (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer):
1271         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
1272         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
1273         (WebCore::MediaPlayerPrivateGStreamer::createWeakPtr):
1274         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1275         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
1276         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
1277         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
1278         (WebCore::MediaPlayerPrivateGStreamerBase::createWeakPtr): Deleted.
1279
1280 2016-07-13  Carlos Garcia Campos  <cgarcia@igalia.com>
1281
1282         Unreviewed. Fix GObject DOM bindings API breaks after r203047-
1283
1284         webkit_dom_document_set_title() and webkit_dom_html_title_element_set_text() now can raise exceptions. 
1285
1286         * bindings/gobject/WebKitDOMDeprecated.cpp:
1287         (webkit_dom_document_set_title):
1288         (webkit_dom_html_title_element_set_text):
1289         * bindings/gobject/WebKitDOMDeprecated.h:
1290         * bindings/gobject/WebKitDOMDeprecated.symbols:
1291         * bindings/gobject/webkitdom.symbols:
1292         * bindings/scripts/CodeGeneratorGObject.pm:
1293         (GenerateProperty):
1294         (FunctionUsedToNotRaiseException):
1295
1296 2016-07-13  Carlos Garcia Campos  <cgarcia@igalia.com>
1297
1298         [Coordinated Graphics] Remove toCoordinatedGraphicsLayer and use downcast instead
1299         https://bugs.webkit.org/show_bug.cgi?id=159469
1300
1301         Reviewed by Michael Catanzaro.
1302
1303         * page/scrolling/coordinatedgraphics/ScrollingCoordinatorCoordinatedGraphics.cpp:
1304         (WebCore::ScrollingCoordinatorCoordinatedGraphics::detachFromStateTree):
1305         (WebCore::ScrollingCoordinatorCoordinatedGraphics::updateViewportConstrainedNode):
1306         (WebCore::ScrollingCoordinatorCoordinatedGraphics::scrollableAreaScrollLayerDidChange):
1307         (WebCore::ScrollingCoordinatorCoordinatedGraphics::willDestroyScrollableArea):
1308         * platform/graphics/GraphicsLayer.h:
1309         (WebCore::GraphicsLayer::isCoordinatedGraphicsLayer):
1310         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
1311         (WebCore::toCoordinatedLayerID):
1312         (WebCore::CoordinatedGraphicsLayer::setShouldUpdateVisibleRect):
1313         (WebCore::CoordinatedGraphicsLayer::removeFromParent):
1314         (WebCore::CoordinatedGraphicsLayer::setMaskLayer):
1315         (WebCore::CoordinatedGraphicsLayer::flushCompositingState):
1316         (WebCore::CoordinatedGraphicsLayer::syncPendingStateChangesIncludingSubLayers):
1317         (WebCore::CoordinatedGraphicsLayer::findFirstDescendantWithContentsRecursively):
1318         (WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers):
1319         (WebCore::CoordinatedGraphicsLayer::computeTransformedVisibleRect):
1320         (WebCore::CoordinatedGraphicsLayer::selfOrAncestorHasActiveTransformAnimation):
1321         (WebCore::CoordinatedGraphicsLayer::selfOrAncestorHaveNonAffineTransforms):
1322         (WebCore::toCoordinatedGraphicsLayer): Deleted.
1323         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
1324
1325 2016-07-12  Youenn Fablet  <youenn@apple.com>
1326
1327         [Fetch API] isRedirected should be conveyed in workers
1328         https://bugs.webkit.org/show_bug.cgi?id=159676
1329
1330         Reviewed by Alex Christensen.
1331
1332         Passing isRedirected value between threads.
1333         Rebasing corresponding worker test, even though it is currently skipped (due to crashing flakiness).
1334
1335         * platform/network/ResourceResponseBase.cpp:
1336         (WebCore::ResourceResponseBase::crossThreadData):
1337         (WebCore::ResourceResponseBase::fromCrossThreadData):
1338         * platform/network/ResourceResponseBase.h:
1339
1340 2016-07-12  Eric Carlson  <eric.carlson@apple.com>
1341
1342         REGRESSION (r202509): media controls controls enabled AirPlay placeholder is shown
1343         https://bugs.webkit.org/show_bug.cgi?id=159685
1344         <rdar://problem/27198899>
1345
1346         Reviewed by Dean Jackson.
1347
1348         Test: media/controls/airplay-controls.html
1349
1350         * Modules/mediacontrols/mediaControlsApple.js:
1351         (Controller.prototype.shouldShowControls): Split some of the logic out of shouldHaveControls.
1352         (Controller.prototype.shouldHaveControls): Having controls != showing controls.
1353         (Controller.prototype.updateControls): Call shouldShowControls, not shouldHaveControls.
1354         (Controller.prototype.updateWirelessPlaybackStatus): Add 'appletv' to the class when active.
1355
1356         * html/HTMLMediaElement.cpp:
1357         (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus): Call ensureMediaControlsShadowRoot
1358         in case the controls haven't been created yet.
1359
1360 2016-07-12  Frederic Wang  <fwang@igalia.com>
1361
1362         Move parsing of mpadded attributes to a MathMLPaddedElement class
1363         https://bugs.webkit.org/show_bug.cgi?id=159620
1364
1365         Reviewed by Brent Fulgham.
1366
1367         No new tests, behavior is unchanged.
1368
1369         * CMakeLists.txt: Add MathMLPaddedElement files.
1370         * WebCore.xcodeproj/project.pbxproj: Ditto.
1371         * mathml/MathMLAllInOne.cpp: Ditto.
1372         * mathml/MathMLInlineContainerElement.cpp: Remove handling of mpadded.
1373         * mathml/MathMLPaddedElement.cpp: Added.
1374         (WebCore::MathMLPaddedElement::MathMLPaddedElement):
1375         (WebCore::MathMLPaddedElement::create):
1376         (WebCore::MathMLPaddedElement::width): Expose width attribute as a MathMLLength until mpadded
1377         pseudo-units are supported.
1378         (WebCore::MathMLPaddedElement::height): Ditto.
1379         (WebCore::MathMLPaddedElement::depth): Ditto
1380         (WebCore::MathMLPaddedElement::lspace): Ditto.
1381         (WebCore::MathMLPaddedElement::voffset): Ditto.
1382         (WebCore::MathMLPaddedElement::parseAttribute): Make length attribute dirty.
1383         (WebCore::MathMLPaddedElement::createElementRenderer): Moved code from MathMLInlineContainerElement.
1384         * mathml/MathMLPaddedElement.h: Added.
1385         * mathml/mathtags.in: Map mapdded to MathMLPaddedElement.
1386         * rendering/mathml/RenderMathMLPadded.cpp:
1387         (WebCore::RenderMathMLPadded::resolveWidth): Helper function to resolve width.
1388         (WebCore::RenderMathMLPadded::resolveAttributes): Helper function to resolve all attributes.
1389         (WebCore::RenderMathMLPadded::computePreferredLogicalWidths): Use resolveWidth.
1390         (WebCore::RenderMathMLPadded::layoutBlock): Use resolveAttributes.
1391         * rendering/mathml/RenderMathMLPadded.h: Add new helper functions to access attributes from
1392         the MathMLPaddedElement class.
1393
1394 2016-07-12  Andreas Kling  <akling@apple.com>
1395
1396         [Cocoa] Simulated memory warning doesn't trigger libcache purge.
1397         <https://webkit.org/b/159688>
1398
1399         Reviewed by Chris Dumez.
1400
1401         Since simulated memory warnings will have the "is under memory pressure" flag set,
1402         we were skipping the libcache purge call.
1403
1404         Add a separate flag that tracks whether we're under simulated pressure, and always
1405         prod libcache in that case.
1406
1407         * platform/MemoryPressureHandler.h:
1408         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1409         (WebCore::MemoryPressureHandler::platformReleaseMemory):
1410         (WebCore::MemoryPressureHandler::install):
1411
1412 2016-07-12  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1413
1414         Purge PassRefPtr in Modules/webdatabase
1415         https://bugs.webkit.org/show_bug.cgi?id=159255
1416
1417         Reviewed by Benjamin Poulain.
1418
1419         As a step to remove PassRefPtr use, this patch cleans it up in Modules/webdatabase.
1420
1421         Additionally unnecessary spaces and tabs are removed too.
1422
1423         * Modules/webdatabase/ChangeVersionWrapper.cpp:
1424         * Modules/webdatabase/DOMWindowWebDatabase.h:
1425         * Modules/webdatabase/Database.cpp:
1426         (WebCore::Database::Database):
1427         (WebCore::Database::~Database):
1428         (WebCore::Database::scheduleTransaction):
1429         (WebCore::Database::runTransaction):
1430         * Modules/webdatabase/Database.h:
1431         * Modules/webdatabase/DatabaseAuthorizer.cpp:
1432         (WebCore::DatabaseAuthorizer::allowRead):
1433         * Modules/webdatabase/DatabaseManager.cpp:
1434         (WebCore::DatabaseManager::openDatabase):
1435         (WebCore::DatabaseManager::fullPathForDatabase):
1436         (WebCore::DatabaseManager::detailsForNameAndOrigin):
1437         * Modules/webdatabase/DatabaseManager.h:
1438         * Modules/webdatabase/DatabaseTask.cpp:
1439         (WebCore::DatabaseTransactionTask::DatabaseTransactionTask):
1440         * Modules/webdatabase/DatabaseTask.h:
1441         * Modules/webdatabase/SQLCallbackWrapper.h:
1442         (WebCore::SQLCallbackWrapper::SQLCallbackWrapper):
1443         * Modules/webdatabase/SQLResultSetRowList.h:
1444         * Modules/webdatabase/SQLStatement.cpp:
1445         (WebCore::SQLStatement::SQLStatement):
1446         (WebCore::SQLStatement::sqlError):
1447         (WebCore::SQLStatement::sqlResultSet):
1448         * Modules/webdatabase/SQLStatement.h:
1449         * Modules/webdatabase/SQLTransaction.h:
1450         * Modules/webdatabase/SQLTransactionBackend.cpp:
1451         (WebCore::SQLTransactionBackend::create):
1452         (WebCore::SQLTransactionBackend::SQLTransactionBackend):
1453         (WebCore::SQLTransactionBackend::transactionError):
1454         * Modules/webdatabase/SQLTransactionBackend.h:
1455
1456 2016-07-11  Dean Jackson  <dino@apple.com>
1457
1458         REGRESSION (202694): Audio and Video playback controls: Cannot find a position slider to adjust playback position using VO.
1459         https://bugs.webkit.org/show_bug.cgi?id=159661
1460         <rdar://problem/27285135>
1461
1462         Reviewed by Eric Carlson.
1463
1464         The change in r202694 caused MediaDocuments to not always
1465         show their scrubber. The fix is to reduce the minimum amount
1466         of size needed to show the scrubber.
1467
1468         Test: media/controls/default-size-should-show-scrubber.html
1469
1470         * Modules/mediacontrols/mediaControlsApple.js: 80 pixels is enough
1471         to show the scrubber.
1472
1473 2016-07-12  Frederic Wang  <fwang@igalia.com>
1474
1475         Move MathMLOperatorDictionary from rendering to DOM
1476         https://bugs.webkit.org/show_bug.cgi?id=159619
1477
1478         Reviewed by Brent Fulgham.
1479
1480         No new tests, behavior is unchanged.
1481
1482         * CMakeLists.txt: Use the new location of MathMLOperatorDictionary files.
1483         * WebCore.xcodeproj/project.pbxproj: Ditto.
1484         * mathml/MathMLAllInOne.cpp: Add MathMLOperatorDictionary.cpp
1485         * mathml/MathMLOperatorDictionary.cpp: Renamed from Source/WebCore/rendering/mathml/MathMLOperatorDictionary.cpp.
1486         * mathml/MathMLOperatorDictionary.h: Renamed from Source/WebCore/rendering/mathml/MathMLOperatorDictionary.h.
1487
1488 2016-07-12  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1489
1490         Remove ENABLE_CSS3_TEXT_LINE_BREAK flag
1491         https://bugs.webkit.org/show_bug.cgi?id=159671
1492
1493         Reviewed by Csaba Osztrogonác.
1494
1495         ENABLE_CSS3_TEXT_LINE_BREAK feature was implemented without guards.
1496         https://bugs.webkit.org/show_bug.cgi?id=89235
1497
1498         So this guard can be removed in build scripts.
1499
1500         * Configurations/FeatureDefines.xcconfig:
1501
1502 2016-07-12  Commit Queue  <commit-queue@webkit.org>
1503
1504         Unreviewed, rolling out r203059.
1505         https://bugs.webkit.org/show_bug.cgi?id=159673
1506
1507         B and R channels now swapped on desktop GL builds (Requested
1508         by philn on #webkit).
1509
1510         Reverted changeset:
1511
1512         "Red and blue colors are swapped in video rendered through
1513         WebGL when GSTREAMER_GL is enabled"
1514         https://bugs.webkit.org/show_bug.cgi?id=159621
1515         http://trac.webkit.org/changeset/203059
1516
1517 2016-07-12  Yoav Weiss  <yoav@yoav.ws>
1518
1519         js/dom/global-constructors-attributes.html is flaky: ResourceTiming runtime feature leaks between tests
1520         https://bugs.webkit.org/show_bug.cgi?id=158902
1521
1522         Reviewed by Benjamin Poulain.
1523
1524         Adds a new reset() mechanism to RuntimeEnabledFeatures so that they could be brought back to the initial state.
1525         This reset() is then called from DumpRenderTree and WebKitTestRunner.
1526
1527         No new tests but hopefully current tests will be less flaky.
1528
1529         * bindings/generic/RuntimeEnabledFeatures.cpp:
1530         (WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures):
1531         (WebCore::RuntimeEnabledFeatures::reset):
1532         * bindings/generic/RuntimeEnabledFeatures.h:
1533         * testing/Internals.cpp:
1534         (WebCore::Internals::resetToConsistentState): reset RuntimeEnabledFeatures.
1535
1536 2016-07-11  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1537
1538         Purge PassRefPtr in platform/efl and platform/mac 
1539         https://bugs.webkit.org/show_bug.cgi?id=159548
1540
1541         Reviewed by Alex Christensen.
1542
1543         Remove all use of PassRefPtr and clean up unnecessary tabs and spaces.
1544         WebKit2 codes are also changed because of setBufferForType()'s modification.
1545
1546         No new tests, no behavior changes.
1547
1548         * platform/PasteboardStrategy.h:
1549         * platform/PlatformPasteboard.h:
1550         * platform/PlatformSpeechSynthesizer.h:
1551         * platform/SerializedPlatformRepresentation.h:
1552         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
1553         (WebCore::PlatformSpeechSynthesisProviderEfl::speak):
1554         * platform/efl/PlatformSpeechSynthesisProviderEfl.h:
1555         * platform/efl/PlatformSpeechSynthesizerEfl.cpp:
1556         (WebCore::PlatformSpeechSynthesizer::speak):
1557         * platform/ios/PlatformPasteboardIOS.mm:
1558         (WebCore::PlatformPasteboard::setBufferForType):
1559         * platform/ios/PlatformSpeechSynthesizerIOS.mm:
1560         (SOFT_LINK_CONSTANT):
1561         (-[WebSpeechSynthesisWrapper initWithSpeechSynthesizer:]):
1562         (-[WebSpeechSynthesisWrapper mapSpeechRateToPlatformRate:]):
1563         (-[WebSpeechSynthesisWrapper speakUtterance:]):
1564         (-[WebSpeechSynthesisWrapper pause]):
1565         (-[WebSpeechSynthesisWrapper resume]):
1566         (-[WebSpeechSynthesisWrapper cancel]):
1567         (-[WebSpeechSynthesisWrapper speechSynthesizer:didStartSpeechUtterance:]):
1568         (-[WebSpeechSynthesisWrapper speechSynthesizer:didFinishSpeechUtterance:]):
1569         (-[WebSpeechSynthesisWrapper speechSynthesizer:didPauseSpeechUtterance:]):
1570         (-[WebSpeechSynthesisWrapper speechSynthesizer:didContinueSpeechUtterance:]):
1571         (-[WebSpeechSynthesisWrapper speechSynthesizer:didCancelSpeechUtterance:]):
1572         (-[WebSpeechSynthesisWrapper speechSynthesizer:willSpeakRangeOfSpeechString:utterance:]):
1573         (WebCore::PlatformSpeechSynthesizer::speak):
1574         * platform/mac/PasteboardMac.mm:
1575         (WebCore::Pasteboard::write):
1576         * platform/mac/PlatformPasteboardMac.mm:
1577         (WebCore::PlatformPasteboard::getTypes):
1578         (WebCore::PlatformPasteboard::getPathnamesForType):
1579         (WebCore::PlatformPasteboard::color):
1580         (WebCore::PlatformPasteboard::copy):
1581         (WebCore::PlatformPasteboard::setBufferForType):
1582         (WebCore::PlatformPasteboard::setPathnamesForType):
1583         * platform/mac/PlatformSpeechSynthesizerMac.mm:
1584         (-[WebSpeechSynthesisWrapper initWithSpeechSynthesizer:]):
1585         (-[WebSpeechSynthesisWrapper speakUtterance:]):
1586         (-[WebSpeechSynthesisWrapper pause]):
1587         (-[WebSpeechSynthesisWrapper resume]):
1588         (-[WebSpeechSynthesisWrapper cancel]):
1589         (-[WebSpeechSynthesisWrapper speechSynthesizer:didFinishSpeaking:]):
1590         (WebCore::PlatformSpeechSynthesizer::initializeVoiceList):
1591         (WebCore::PlatformSpeechSynthesizer::speak):
1592         * platform/mac/SerializedPlatformRepresentationMac.h:
1593         * platform/mac/SerializedPlatformRepresentationMac.mm:
1594         (WebCore::SerializedPlatformRepresentationMac::data):
1595         (WebCore::jsValueWithValueInContext):
1596         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
1597         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
1598         (WebCore::PlatformSpeechSynthesizerMock::speak):
1599         (WebCore::PlatformSpeechSynthesizerMock::cancel):
1600         * platform/mock/PlatformSpeechSynthesizerMock.h:
1601
1602 2016-07-11  Frederic Wang  <fwang@igalia.org>
1603
1604         Move parsing of mspace attributes to a MathMLSpaceElement class
1605         https://bugs.webkit.org/show_bug.cgi?id=156795
1606
1607         Reviewed by Brent Fulgham.
1608
1609         No new tests, already covered by existing tests.
1610
1611         * CMakeLists.txt: Add MathMLSpaceElement to the build system.
1612         * WebCore.xcodeproj/project.pbxproj: Ditto.
1613         * mathml/MathMLElement.cpp:
1614         (WebCore::MathMLElement::cachedMathMLLength): Helper function to returned the cached parsed
1615         value of a MathML length and parsing the corresponding attribute value if the cache is dirty.
1616         * mathml/MathMLElement.h: Add a dirty boolean to MathML Length structure. Declare cachedMathMLLength.
1617         * mathml/MathMLSpaceElement.cpp: New class for the <mspace> element.
1618         (WebCore::MathMLSpaceElement::MathMLSpaceElement):
1619         (WebCore::MathMLSpaceElement::create):
1620         (WebCore::MathMLSpaceElement::parseAttribute): Make width, height, depth attributes dirty.
1621         (WebCore::MathMLSpaceElement::createElementRenderer):
1622         * mathml/MathMLSpaceElement.h: New class for the <mspace> element.
1623         We define MathML lengths for width, height and depth attributes are on the class and expose
1624         with the corresponding helper functions via memoization.
1625         * mathml/MathMLTextElement.cpp: Remove handling of mspace from this class.
1626         (WebCore::MathMLTextElement::createElementRenderer):
1627         * mathml/mathtags.in: Change the interface for mspace to use the new class.
1628         * rendering/mathml/RenderMathMLSpace.cpp: Do not store width/height/depth values on the
1629         renderer and instead just use the corresponding MathML lengths on the element class.
1630         (WebCore::RenderMathMLSpace::RenderMathMLSpace): Use MathMLSpaceElement and remove member
1631         initialization.
1632         (WebCore::RenderMathMLSpace::computePreferredLogicalWidths): Use spaceWidth().
1633         (WebCore::RenderMathMLSpace::spaceWidth): Helper function to resolve the width attribute value.
1634         (WebCore::RenderMathMLSpace::getSpaceHeightAndDepth): Ditto for height and depth.
1635         (WebCore::RenderMathMLSpace::layoutBlock): Use the helper functions to get the mspace metrics.
1636         (WebCore::RenderMathMLSpace::firstLineBaseline): Ditto.
1637         (WebCore::RenderMathMLSpace::updateFromElement): Deleted.
1638         (WebCore::RenderMathMLSpace::styleDidChange): Deleted.
1639         * rendering/mathml/RenderMathMLSpace.h: Use MathMLSpaceElement, replace members with helper
1640         functions and and make element() usable from a const instance.
1641
1642 2016-07-11  Frederic Wang  <fwang@igalia.org>
1643
1644         Create a MathMLLength struct to handle the parsing of MathML length.
1645         https://bugs.webkit.org/show_bug.cgi?id=156792
1646
1647         Reviewed by Brent Fulgham.
1648
1649         We introduce a structure for MathML lengths that will be used in the future to store the
1650         parsed values in the MathElement class. We also rewrite the parsing function for MathML
1651         lengths in order to improve efficiency and code reuse. This function is moved into the
1652         MathElement class and only the conversion to LayoutUnit remains in the renderer classes.
1653
1654         No new tests, already covered by existing tests.
1655
1656         * mathml/MathMLElement.cpp:
1657         (WebCore::parseNamedSpace): Helper function to parse a named space.
1658         (WebCore::MathMLElement::parseMathMLLength): Parsing function for MathML lengths.
1659         * mathml/MathMLElement.h: Declare new function and structure to handle MathML lengths.
1660         * rendering/mathml/RenderMathMLBlock.cpp:
1661         (WebCore::toUserUnits): Helper function to resolve a MathML length.
1662         (WebCore::parseMathMLLength): Remove the old parsing code and just use MathMLElement::parseMathMLLength and toUserUnits instead.
1663         (WebCore::parseMathMLNamedSpace): Deleted.
1664         * rendering/mathml/RenderMathMLBlock.h: Remove unused function.
1665
1666 2016-07-11  Frederic Wang  <fwang@igalia.com>
1667
1668         Add support for @href attribute in MathML
1669         https://bugs.webkit.org/show_bug.cgi?id=85733
1670
1671         Reviewed by Brent Fulgham.
1672
1673         We add support for the href attribute from MathML 3 but ignore the deprecated XLink version.
1674         We also use the code from HTMLAnchorElement SVGAElement to make MathMLElement with a href
1675         attribute behave as a link.
1676         Finally, we adjust mathml.css based on rules from the html and svg user agent stylesheets.
1677
1678         Tests: mathml/mathml-in-html5/href-click-1.html
1679                mathml/mathml-in-html5/href-click-2.html
1680                mathml/presentation/href-enter.html
1681                mathml/presentation/href-style.html
1682                mathml/presentation/maction-toggle-href.html
1683                mathml/presentation/semantics-href.html
1684
1685         * css/mathml.css:
1686         (:any-link): Set color and mouse cursor of links.
1687         (:any-link:active): Set color of active links.
1688         (:focus): Set outline of focused links.
1689         * mathml/MathMLElement.cpp:
1690         (WebCore::MathMLElement::parseAttribute): Parse the href attribute.
1691         (WebCore::MathMLElement::willRespondToMouseClickEvents): Based on HTMLAnchorElement/SVGAElement.
1692         (WebCore::MathMLElement::defaultEventHandler): Based on HTMLAnchorElement/SVGAElement.
1693         (WebCore::MathMLElement::canStartSelection): Based on HTMLAnchorElement/SVGAElement.
1694         (WebCore::MathMLElement::isFocusable): Based on HTMLAnchorElement/SVGAElement.
1695         (WebCore::MathMLElement::isKeyboardFocusable): Based on HTMLAnchorElement/SVGAElement.
1696         (WebCore::MathMLElement::isMouseFocusable): Based on HTMLAnchorElement/SVGAElement.
1697         (WebCore::MathMLElement::isURLAttribute): Based on HTMLAnchorElement/SVGAElement.
1698         (WebCore::MathMLElement::supportsFocus): Based on HTMLAnchorElement/SVGAElement.
1699         (WebCore::MathMLElement::tabIndex): Based on HTMLAnchorElement/SVGAElement.
1700         * mathml/MathMLElement.h: Define new members.
1701         * mathml/MathMLSelectElement.cpp:
1702         (WebCore::MathMLSelectElement::willRespondToMouseClickEvents): We also verify whether
1703         the parent class will respond.
1704         * mathml/mathattrs.in: Add href attribute.
1705
1706 2016-07-11  Sam Weinig  <sam@webkit.org>
1707
1708         Speech Synthesis: getting list of voices no longer works
1709         <rdar://problem/22954120>
1710         https://bugs.webkit.org/show_bug.cgi?id=159656
1711
1712         Reviewed by Tim Horton.
1713
1714         * platform/PlatformSpeechSynthesizer.h:
1715         * platform/mac/PlatformSpeechSynthesizerMac.mm:
1716         Default initialize m_voiceListIsInitialized to false so it is
1717         initialized on both Mac and iOS. Remove the explicit initialization
1718         from the Mac.
1719
1720 2016-07-11  Simon Fraser  <simon.fraser@apple.com>
1721
1722         <rdar://problem/27285599> REGRESSION: Assertion under CertificateInfo::trust() every time I focus a text field
1723
1724         Reviewed by Sam Weinig.
1725
1726         The assertion added to CertificateInfo::trust() in r203040 is wrong, and is triggered when
1727         focusing a form field via calls to -[WKWebProcessPlugInFrame _serverTrust], so remove it.
1728
1729         * platform/network/cf/CertificateInfo.h:
1730         (WebCore::CertificateInfo::trust):
1731
1732 2016-07-11  Simon Fraser  <simon.fraser@apple.com>
1733
1734         Deleting in a text input inside an iframe causes the page to scroll incorrectly
1735         https://bugs.webkit.org/show_bug.cgi?id=159654
1736         rdar://problem/26805722
1737
1738         Reviewed by Zalan Bujtas.
1739
1740         Editor::revealSelectionAfterEditingOperation() needs the same iOS-specific reveal
1741         behavior as was added for typing in r202295.
1742
1743         Test: fast/forms/ios/delete-in-input-in-iframe.html
1744
1745         * editing/Editor.cpp:
1746         (WebCore::Editor::revealSelectionAfterEditingOperation):
1747
1748 2016-07-11  Andy Estes  <aestes@apple.com>
1749
1750         Fix indentation in FrameLoaderTypes.h
1751         https://bugs.webkit.org/show_bug.cgi?id=159650
1752
1753         Reviewed by Brady Eidson.
1754
1755         * loader/FrameLoaderTypes.h:
1756
1757 2016-07-11  Myles C. Maxfield  <mmaxfield@apple.com>
1758
1759         Honor the second argument to FontFaceSet.load and FontFaceSet.check
1760         https://bugs.webkit.org/show_bug.cgi?id=159607
1761         <rdar://problem/27284902>
1762
1763         Reviewed by Zalan Bujtas.
1764
1765         This second argument is used in conjunction with the unicode-range CSS property, so that
1766         loading from a FontFaceSet only loads the fonts which actually match the characters given.
1767         Previously, we hadn't implemented proper support for this unicode-range property, but now
1768         that we have implemented it, we should honor this second argument.
1769
1770         Test: fast/text/unicode-range-javascript.html
1771
1772         * css/CSSFontFace.cpp:
1773         (WebCore::CSSFontFace::rangesMatchCodePoint):
1774         * css/CSSFontFace.h:
1775         * css/CSSFontFaceSet.cpp:
1776         (WebCore::codePointsFromString):
1777         (WebCore::CSSFontFaceSet::matchingFaces):
1778
1779 2016-07-11  Zalan Bujtas  <zalan@apple.com>
1780
1781         Unable to edit fields or drag to select text in Dashboard widgets.
1782         https://bugs.webkit.org/show_bug.cgi?id=159647
1783         <rdar://problem/26941698>
1784
1785         Reviewed by Brent Fulgham.
1786
1787         RenderObject::computeAbsoluteRepaintRect's first paramenter is no longer in/out. Use the return
1788         value to set the clip on the dashboard region.
1789
1790         Not testable.
1791
1792         * rendering/RenderInline.cpp:
1793         (WebCore::RenderInline::addAnnotatedRegions):
1794         * rendering/RenderObject.cpp:
1795         (WebCore::RenderObject::addAnnotatedRegions):
1796
1797 2016-07-11  Chris Dumez  <cdumez@apple.com>
1798
1799         Potential null dereference under DocumentLoader::mainReceivedError()
1800         https://bugs.webkit.org/show_bug.cgi?id=159640
1801         <rdar://problem/27283372>
1802
1803         Reviewed by Brady Eidson.
1804
1805         Move frameLoader() null check a bit earlier in DocumentLoader::mainReceivedError()
1806         as it was dereferenced before the check.
1807
1808         * loader/DocumentLoader.cpp:
1809         (WebCore::DocumentLoader::mainReceivedError):
1810
1811 2016-07-11  Enrica Casucci  <enrica@apple.com>
1812
1813         Add synthetic click origin to WKNavigationAction.
1814         https://bugs.webkit.org/show_bug.cgi?id=159584
1815         rdar://problem/25610422
1816
1817         Reviewed by Tim Horton.
1818
1819         Adding plumbing code to pass synthetic click type
1820         through WebCore.
1821
1822         * dom/Element.cpp:
1823         (WebCore::Element::dispatchMouseEvent):
1824         (WebCore::Element::dispatchMouseForceWillBegin):
1825         * dom/MouseEvent.cpp:
1826         (WebCore::MouseEvent::create):
1827         (WebCore::MouseEvent::MouseEvent):
1828         (WebCore::MouseEvent::initMouseEvent):
1829         (WebCore::MouseEvent::cloneFor):
1830         * dom/MouseEvent.h:
1831         (WebCore::MouseEvent::createForBindings):
1832         (WebCore::MouseEvent::button):
1833         (WebCore::MouseEvent::syntheticClickType):
1834         (WebCore::MouseEvent::buttonDown):
1835         (WebCore::MouseEvent::setRelatedTarget):
1836         * dom/SimulatedClick.cpp:
1837         * dom/WheelEvent.cpp:
1838         (WebCore::WheelEvent::WheelEvent):
1839         * page/ContextMenuController.cpp:
1840         (WebCore::ContextMenuController::showContextMenuAt):
1841         * page/DragController.cpp:
1842         (WebCore::createMouseEvent):
1843         (WebCore::DragController::DragController):
1844         * page/EventHandler.cpp:
1845         (WebCore::EventHandler::dispatchDragEvent):
1846         (WebCore::EventHandler::sendContextMenuEventForKey):
1847         (WebCore::EventHandler::fakeMouseMoveEventTimerFired):
1848         * platform/PlatformMouseEvent.h:
1849         (WebCore::PlatformMouseEvent::PlatformMouseEvent):
1850         (WebCore::PlatformMouseEvent::clickCount):
1851         (WebCore::PlatformMouseEvent::modifierFlags):
1852         (WebCore::PlatformMouseEvent::force):
1853         (WebCore::PlatformMouseEvent::syntheticClickType):
1854         * replay/SerializationMethods.cpp:
1855         (JSC::EncodingTraits<PlatformMouseEvent>::decodeValue):
1856
1857 2016-07-11  Anders Carlsson  <andersca@apple.com>
1858
1859         Able to open multiple payment sheets in Safari at the same time
1860         https://bugs.webkit.org/show_bug.cgi?id=159637
1861         rdar://problem/26411339
1862
1863         Reviewed by Beth Dakin.
1864
1865         Fold PaymentCoordinator::showPaymentUI into PaymentCoordinator::beginPaymentSession and
1866         change the return value of the latter member function to a bool to indicate whether the
1867         payment UI could be shown (or whether it's already showing).
1868
1869         * Modules/applepay/ApplePaySession.cpp:
1870         (WebCore::ApplePaySession::begin):
1871         Check the return value of beginPaymentSession.
1872
1873         * Modules/applepay/PaymentCoordinator.cpp:
1874         (WebCore::PaymentCoordinator::beginPaymentSession):
1875         This now takes a payment session and returns a boolean.
1876         (WebCore::PaymentCoordinator::showPaymentUI): Deleted.
1877
1878         * Modules/applepay/PaymentCoordinator.h:
1879         * Modules/applepay/PaymentCoordinatorClient.h:
1880         * loader/EmptyClients.cpp:
1881         The showPaymentUI client function now returns a bool.
1882
1883 2016-07-11  Nan Wang  <n_wang@apple.com>
1884
1885         AX: Crash when backspacing in number field with spin button
1886         https://bugs.webkit.org/show_bug.cgi?id=157830
1887
1888         Reviewed by Chris Fleizach.
1889
1890         It's possible to access spin button parts after they've been detached from their parent, which can lead to crashes.
1891         This adds in a number of redundant safeguards to prevent this and other cases in the future.
1892
1893         Test: accessibility/spinbutton-crash.html
1894
1895         * accessibility/AccessibilitySpinButton.cpp:
1896         (WebCore::AccessibilitySpinButton::incrementButton):
1897         (WebCore::AccessibilitySpinButton::decrementButton):
1898         (WebCore::AccessibilitySpinButton::addChildren):
1899
1900 2016-07-11  Chris Dumez  <cdumez@apple.com>
1901
1902         Possible null dereference under EventHandler::dispatchMouseEvent()
1903         https://bugs.webkit.org/show_bug.cgi?id=159632
1904         <rdar://problem/27247619>
1905
1906         Reviewed by Andreas Kling.
1907
1908         FrameSelection::toNormalizedRange() can return null even when FrameSelection::isRange()
1909         returns true so add a null check.
1910
1911         * page/EventHandler.cpp:
1912         (WebCore::EventHandler::dispatchMouseEvent):
1913
1914 2016-07-11  Commit Queue  <commit-queue@webkit.org>
1915
1916         Unreviewed, rolling out r203064.
1917         https://bugs.webkit.org/show_bug.cgi?id=159642
1918
1919         This change causes LayoutTest crashes on WK1 ASan (Requested
1920         by ryanhaddad on #webkit).
1921
1922         Reverted changeset:
1923
1924         "Use refs for ResourceLoaders"
1925         https://bugs.webkit.org/show_bug.cgi?id=159592
1926         http://trac.webkit.org/changeset/203064
1927
1928 2016-07-11  Brent Fulgham  <bfulgham@apple.com>
1929
1930         [WebGL] Check for existing buffer exists for enabled vertex array attributes before permitting glDrawArrays to execute
1931         https://bugs.webkit.org/show_bug.cgi?id=159590
1932         <rdar://problem/26865535>
1933
1934         Reviewed by Dean Jackson.
1935
1936         Test: fast/canvas/webgl/webgl-drawarrays-crash-2.html
1937
1938         * html/canvas/WebGLRenderingContextBase.cpp:
1939         (WebCore::WebGLRenderingContextBase::validateVertexAttributes): If enabled array buffer attributes exist,
1940         ensure that an array buffer has been bound.
1941
1942 2016-07-11  Nan Wang  <n_wang@apple.com>
1943
1944         AX: WKWebView should have API to prevent pinch-to-zoom always being allowed
1945         https://bugs.webkit.org/show_bug.cgi?id=158364
1946
1947         Reviewed by Anders Carlsson.
1948
1949         Removed the internals settings for viewport force always user scalable.
1950
1951         Changes are covered in modified tests.
1952
1953         * testing/Internals.cpp:
1954         (WebCore::Internals::resetToConsistentState):
1955         (WebCore::Internals::Internals):
1956         (WebCore::Internals::composedTreeAsText):
1957         (WebCore::Internals::setLinkPreloadSupport):
1958         (WebCore::Internals::setViewportForceAlwaysUserScalable): Deleted.
1959         * testing/Internals.h:
1960         * testing/Internals.idl:
1961
1962 2016-07-11  Frederic Wang  <fwang@igalia.com>
1963
1964         Use parameters from the OpenType MATH table for <munderover>
1965         https://bugs.webkit.org/show_bug.cgi?id=155756
1966
1967         Reviewed by Brent Fulgham.
1968
1969         We follow the description from the MathML in HTML5 implementation
1970         to improve the layout of <munderover> using some constants from the MATH table.
1971
1972         Tests: imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-1.html
1973                imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-2.html
1974                imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-3.html
1975                imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-4.html
1976                mathml/presentation/attributes-accent-accentunder-dynamic.html
1977
1978         * mathml/mathattrs.in: Add accentunder attribute.
1979         * rendering/mathml/MathMLOperatorDictionary.h: Remove FIXME comment.
1980         * rendering/mathml/RenderMathMLUnderOver.cpp:
1981         (WebCore::RenderMathMLUnderOver::hasAccent): Helper function to determine whether
1982         the over/under script should be treated as an accent.
1983         (WebCore::RenderMathMLUnderOver::getVerticalParameters): Helper function to read
1984         some vertical parameters from the MATH table.
1985         (WebCore::RenderMathMLUnderOver::layoutBlock): Take into account the new vertical
1986         parameters for the layout of <munderover>.
1987         * rendering/mathml/RenderMathMLUnderOver.h: Define new helper functions.
1988
1989 2016-07-11  Frederic Wang  <fwang@igalia.com>
1990
1991         Use Stack* parameters from the OpenType MATH table
1992         https://bugs.webkit.org/show_bug.cgi?id=155714
1993
1994         Reviewed by Brent Fulgham.
1995
1996         Test: mathml/mathml-in-html5/frac-parameters-2.html
1997
1998         * rendering/mathml/RenderMathMLFraction.cpp:
1999         (WebCore::RenderMathMLFraction::updateFromElement): Set the stack parameters when
2000         the line thickness is zero.
2001         (WebCore::RenderMathMLFraction::layoutBlock): Correctly set the <mfrac> ascent and
2002         the denominator vertical offset when the line thickness is zero.
2003         (WebCore::RenderMathMLFraction::paint): Early return when we actually do not need to
2004         paint any fraction bar.
2005         * rendering/mathml/RenderMathMLFraction.h: Define an isStack helper function and define
2006         members corresponding to stack parameters.
2007
2008 2016-07-11  Frederic Wang  <fwang@igalia.com>
2009
2010         Add support for mathvariants that cannot be emulated via CSS.
2011         https://bugs.webkit.org/show_bug.cgi?id=108778
2012
2013         Reviewed by Brent Fulgham.
2014
2015         Tests: mathml/mathml-in-html5/mathvariant-transforms-1.html
2016                mathml/mathml-in-html5/mathvariant-transforms-2.html
2017                mathml/presentation/mathvariant-inheritance.html
2018                mathml/presentation/mathvariant-tokens.html
2019
2020         We remove the old code to emulate partial mathvariant support via CSS and add support
2021         for all mathvariant values using the technique used for implicit italic on <mi> element.
2022         We also rely on the MathMLStyle class introduced earlier to support custome MathML style
2023         and manage inheritance of mathvariant values.
2024         The function that tries and converts one base character into a transformed mathvariant
2025         character is based on similar code from Gecko:
2026         http://hg.mozilla.org/mozilla-central/file/tip/layout/generic/MathMLTextRunFactory.cpp
2027         Note that we only support transform on token elements with a single character, which
2028         should cover the most important use cases.
2029
2030         * css/mathml.css: Remove the CSS rules to emulate some mathvariant values.
2031         (math[mathvariant="normal"], mstyle[mathvariant="normal"], mo[mathvariant="normal"], mn[mathvariant="normal"], mi[mathvariant="normal"], mtext[mathvariant="normal"], mspace[mathvariant="normal"], ms[mathvariant="normal"]): Deleted.
2032         (math[mathvariant="bold"], mstyle[mathvariant="bold"], mo[mathvariant="bold"], mn[mathvariant="bold"], mi[mathvariant="bold"], mtext[mathvariant="bold"], mspace[mathvariant="bold"], ms[mathvariant="bold"]): Deleted.
2033         (math[mathvariant="italic"], mstyle[mathvariant="italic"], mo[mathvariant="italic"], mn[mathvariant="italic"], mi[mathvariant="italic"], mtext[mathvariant="italic"], mspace[mathvariant="italic"], ms[mathvariant="italic"]): Deleted.
2034         (math[mathvariant="bold-italic"], mstyle[mathvariant="bold-italic"], mo[mathvariant="bold-italic"], mn[mathvariant="bold-italic"], mi[mathvariant="bold-italic"], mtext[mathvariant="bold-italic"], mspace[mathvariant="bold-italic"], ms[mathvariant="bold-italic"]): Deleted.
2035         * mathml/MathMLInlineContainerElement.cpp: We resolve mathml style when mathvariant changes.
2036         (WebCore::MathMLInlineContainerElement::parseAttribute):
2037         * mathml/MathMLMathElement.cpp: ditto.
2038         (WebCore::MathMLMathElement::parseAttribute):
2039         * mathml/MathMLTextElement.cpp: ditto.
2040         (WebCore::MathMLTextElement::parseAttribute):
2041         * rendering/mathml/MathMLStyle.cpp: Add mathvariant property to the MathML style.
2042         (WebCore::MathMLStyle::MathMLStyle): Init mathvariant to none.
2043         (WebCore::MathMLStyle::getMathMLStyle): Helper function to retrieve the MathML style on a renderer.
2044         (WebCore::MathMLStyle::updateStyleIfNeeded): Take into account change of mathvariant.
2045         (WebCore::MathMLStyle::parseMathVariant): Helper function to parse a mathvariant attribute.
2046         (WebCore::MathMLStyle::resolveMathMLStyle): Take into account mathvariant value: it is None
2047         by default, inherited and can be modified via an attribute on <math>, <mstyle> or token
2048         elements. We also refactor a bit to share logic between displaystyle and mathvariant.
2049         (WebCore::MathMLStyle::setDisplayStyle): Deleted.
2050         * rendering/mathml/MathMLStyle.h: Add mathvariant members and update declarations.
2051         * rendering/mathml/RenderMathMLOperator.cpp:
2052         (WebCore::RenderMathMLOperator::updateTokenContent): Call the function from the parent class
2053         to consider mathvariant on <mo>.
2054         * rendering/mathml/RenderMathMLToken.cpp:
2055         We implement a mathVariant function to transform a base character into its transformed mathvariant:
2056         - There are some regularity that allows to perform this via simple linear transforms.
2057         - However, there are also many exceptions and we rely on some sorted MathVariantMapping
2058         tables to handle these cases.
2059         (WebCore::ExtractKey): Helper function to perform binary searches on MathVariant tables.
2060         (WebCore::MathVariantMappingSearch): ditto.
2061         (WebCore::mathVariant): New function to perform mathvariant transforms.
2062         (WebCore::RenderMathMLToken::updateMathVariantGlyph): Use the mathVariant function to
2063         perform all transformations, not just the italic one.
2064         (WebCore::transformToItalic): Deleted. Replaced with the more general mathVariant function.
2065
2066 2016-07-11  Jeremy Jones  <jeremyj@apple.com>
2067
2068         Pause small video elements when returning to inline.
2069         https://bugs.webkit.org/show_bug.cgi?id=159535
2070
2071         Reviewed by Jer Noble.
2072
2073         Will add a test in a later commit.
2074
2075         When exiting fullscreen, don't allow playback to continue inline if video is too small.
2076
2077         * html/HTMLMediaElement.cpp:
2078         (WebCore::HTMLMediaElement::isVideoTooSmallForInlinePlayback): Added.
2079         (WebCore::HTMLMediaElement::exitFullscreen): Pause if video is too small.
2080         * html/HTMLMediaElement.h:
2081
2082 2016-07-11  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2083
2084         toNative functions in JSDOMBinding.h should take an ExecState reference instead of pointer
2085         https://bugs.webkit.org/show_bug.cgi?id=159298
2086
2087         Reviewed by Youenn Fablet.
2088
2089         Pass ExecState by reference instead of pointer.
2090
2091         * bindings/js/IDBBindingUtilities.cpp:
2092         (WebCore::idbKeyPathFromValue):
2093         * bindings/js/JSBlobCustom.cpp:
2094         (WebCore::constructJSBlob):
2095         * bindings/js/JSDOMBinding.h: Pass ExecState by reference instead of pointer.
2096         (WebCore::toJSSequence):
2097         (WebCore::NativeValueTraits<String>::nativeValue):
2098         (WebCore::NativeValueTraits<unsigned>::nativeValue):
2099         (WebCore::NativeValueTraits<float>::nativeValue):
2100         (WebCore::NativeValueTraits<double>::nativeValue):
2101         (WebCore::toNativeArray):
2102         (WebCore::toNativeArguments):
2103         * bindings/js/JSDOMConvert.h:
2104         (WebCore::Converter<Vector<T>>::convert):
2105         * bindings/js/JSDictionary.cpp:
2106         (WebCore::JSDictionary::convertValue):
2107         * bindings/js/JSFileCustom.cpp:
2108         (WebCore::constructJSFile):
2109         * bindings/js/JSMessagePortCustom.cpp:
2110         (WebCore::fillMessagePortArray):
2111         * bindings/scripts/CodeGeneratorJS.pm:
2112         (GenerateParametersCheck):
2113         (JSValueToNative):
2114         * bindings/scripts/test/JS/JSTestObj.cpp:
2115         (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalSequence):
2116         (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArray):
2117         (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArrayIsEmpty):
2118         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod7):
2119         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod9):
2120         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod10):
2121         (WebCore::jsTestObjPrototypeFunctionMethodWithUnsignedLongSequence):
2122         (WebCore::jsTestObjPrototypeFunctionStringArrayFunction):
2123         (WebCore::jsTestObjPrototypeFunctionMethodWithAndWithoutNullableSequence):
2124         (WebCore::jsTestObjPrototypeFunctionMethodWithAndWithoutNullableSequence2):
2125         (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithSequence):
2126         (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithArray):
2127         (WebCore::jsTestObjPrototypeFunctionVariadicStringMethod):
2128         (WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethod):
2129         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
2130         (WebCore::constructJSTestOverloadedConstructors5):
2131         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
2132         (WebCore::jsTestTypedefsPrototypeFunctionFunc):
2133         (WebCore::jsTestTypedefsPrototypeFunctionNullableArrayArg):
2134         (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction):
2135         (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction2):
2136
2137 2016-07-08  Alex Christensen  <achristensen@webkit.org>
2138
2139         Use refs for ResourceLoaders
2140         https://bugs.webkit.org/show_bug.cgi?id=159592
2141
2142         Reviewed by Chris Dumez.
2143
2144         No new tests.  No change in behavior except a fixed memory leak in WebKit1.
2145
2146         * loader/LoaderStrategy.h:
2147         * loader/ResourceLoader.cpp:
2148         (WebCore::ResourceLoader::finishNetworkLoad):
2149         (WebCore::ResourceLoader::setDefersLoading):
2150         (WebCore::ResourceLoader::frameLoader):
2151         (WebCore::ResourceLoader::willSwitchToSubstituteResource):
2152         (WebCore::ResourceLoader::willSendRequestInternal):
2153
2154 2016-07-11  Fujii Hironori  <Hironori.Fujii@sony.com>
2155
2156         Using dpi unit in sizes attribute raises SIGSEGV
2157         https://bugs.webkit.org/show_bug.cgi?id=159412
2158
2159         Reviewed by Darin Adler.
2160
2161         CSSParser::sourceSize returns a invalid CSSParser::SourceSize
2162         whose length is a null value for a dpi unit value.  Because
2163         CSSParserValue::createCSSValue returns null for a dpi value.
2164
2165         Tests:
2166             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
2167             imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html
2168
2169         * css/CSSParser.cpp:
2170         (WebCore::CSSParser::sourceSize): Create a CSSPrimitiveValue of
2171         CSS_UNKNOWN if CSSParserValue::createCSSValue returns null.
2172
2173 2016-07-11  Olivier Blin  <olivier.blin@softathome.com>
2174
2175         Red and blue colors are swapped in video rendered through WebGL when GSTREAMER_GL is enabled
2176         https://bugs.webkit.org/show_bug.cgi?id=159621
2177
2178         Reviewed by Philippe Normand.
2179
2180         When a video is rendered through WebGL, and GSTREAMER_GL is enabled, red and blue colors are swapped.
2181         This occurs for example with the following videos:
2182         http://www.scirra.com/labs/bugs/webglvideo/
2183         http://www.dailymotion.com/embed/video/x4jiicp?autoplay=1
2184
2185         This is because ImageGStreamerCairo expects video frames in either
2186         BGRA or ARGB, while when GSTREAMER_GL is enabled,
2187         createVideoSinkGL() forces a RGBA format.
2188
2189         Without GSTREAMER_GL, the rendering is fine since
2190         VideoSinkGStreamer uses either BGRA or ARGB.
2191
2192         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2193         (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSinkGL):
2194
2195 2016-07-11  Philippe Normand  <pnormand@igalia.com>
2196
2197         [GStreamer] remove WEBKIT_DEBUG support
2198         https://bugs.webkit.org/show_bug.cgi?id=159553
2199
2200         Reviewed by Xabier Rodriguez-Calvar.
2201
2202         Remove the *_MEDIA_MESSAGE macros specific to the GStreamer
2203         platform code and replace them with standard GST_DEBUG macros. In
2204         Debug builds the WEBKIT_DEBUG=Media logs now only contain logs
2205         related with the cross-platform Media element code. If GStreamer
2206         logs are needed, the GST_DEBUG=webkit*:5 environment variable can
2207         be used.
2208
2209         * platform/graphics/gstreamer/GStreamerUtilities.h:
2210         * platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.cpp:
2211         (WebCore::InbandTextTrackPrivateGStreamer::notifyTrackOfSample):
2212         (WebCore::InbandTextTrackPrivateGStreamer::notifyTrackOfStreamChanged):
2213         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
2214         (WebCore::MediaPlayerPrivateGStreamer::setAudioStreamProperties):
2215         (WebCore::MediaPlayerPrivateGStreamer::load):
2216         (WebCore::MediaPlayerPrivateGStreamer::commitLoad):
2217         (WebCore::MediaPlayerPrivateGStreamer::playbackPosition):
2218         (WebCore::MediaPlayerPrivateGStreamer::changePipelineState):
2219         (WebCore::MediaPlayerPrivateGStreamer::play):
2220         (WebCore::MediaPlayerPrivateGStreamer::pause):
2221         (WebCore::MediaPlayerPrivateGStreamer::duration):
2222         (WebCore::MediaPlayerPrivateGStreamer::seek):
2223         (WebCore::MediaPlayerPrivateGStreamer::updatePlaybackRate):
2224         (WebCore::MediaPlayerPrivateGStreamer::paused):
2225         (WebCore::MediaPlayerPrivateGStreamer::newTextSample):
2226         (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
2227         (WebCore::MediaPlayerPrivateGStreamer::processBufferingStats):
2228         (WebCore::MediaPlayerPrivateGStreamer::fillTimerFired):
2229         (WebCore::MediaPlayerPrivateGStreamer::maxTimeSeekable):
2230         (WebCore::MediaPlayerPrivateGStreamer::maxTimeLoaded):
2231         (WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress):
2232         (WebCore::MediaPlayerPrivateGStreamer::totalBytes):
2233         (WebCore::MediaPlayerPrivateGStreamer::asyncStateChangeDone):
2234         (WebCore::MediaPlayerPrivateGStreamer::updateStates):
2235         (WebCore::MediaPlayerPrivateGStreamer::loadNextLocation):
2236         (WebCore::MediaPlayerPrivateGStreamer::setDownloadBuffering):
2237         (WebCore::MediaPlayerPrivateGStreamer::createAudioSink):
2238         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
2239         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2240         (WebCore::MediaPlayerPrivateGStreamerBase::naturalSize):
2241         (WebCore::MediaPlayerPrivateGStreamerBase::setVolume):
2242         (WebCore::MediaPlayerPrivateGStreamerBase::volumeChangedCallback):
2243         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
2244         (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSinkGL):
2245         (WebCore::MediaPlayerPrivateGStreamerBase::setStreamVolumeElement):
2246         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:
2247         (WebCore::MediaPlayerPrivateGStreamerOwr::~MediaPlayerPrivateGStreamerOwr):
2248         (WebCore::MediaPlayerPrivateGStreamerOwr::play):
2249         (WebCore::MediaPlayerPrivateGStreamerOwr::pause):
2250         (WebCore::MediaPlayerPrivateGStreamerOwr::currentTime):
2251         (WebCore::MediaPlayerPrivateGStreamerOwr::load):
2252         (WebCore::MediaPlayerPrivateGStreamerOwr::internalLoad):
2253         (WebCore::MediaPlayerPrivateGStreamerOwr::stop):
2254         (WebCore::MediaPlayerPrivateGStreamerOwr::createGSTAudioSinkBin):
2255         (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnded):
2256         (WebCore::MediaPlayerPrivateGStreamerOwr::trackMutedChanged):
2257         (WebCore::MediaPlayerPrivateGStreamerOwr::trackSettingsChanged):
2258         (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnabledChanged):
2259         * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
2260         (WebCore::TrackPrivateBaseGStreamer::getLanguageCode):
2261         (WebCore::TrackPrivateBaseGStreamer::getTag):
2262
2263 2016-07-11  Eric Carlson  <eric.carlson@apple.com>
2264
2265         Add a test for media control dropoff
2266         https://bugs.webkit.org/show_bug.cgi?id=151287
2267         <rdar://problem/23544666>
2268
2269         Reviewed by Antoine Quint.
2270
2271         Test: media/controls/inline-elements-dropoff-order.html
2272
2273         * Modules/mediacontrols/mediaControlsApple.js: Expose more state to testing.
2274         * testing/InternalSettings.cpp:
2275         (WebCore::InternalSettings::setAllowsAirPlayForMediaPlayback): Renamed from setWirelessPlaybackDisabled.
2276         (WebCore::InternalSettings::setWirelessPlaybackDisabled): Deleted.
2277         * testing/InternalSettings.h:
2278         * testing/InternalSettings.idl:
2279
2280
2281 2016-07-11  Philippe Normand  <pnormand@igalia.com>
2282
2283         [GStreamer][GL] crash within triggerRepaint
2284         https://bugs.webkit.org/show_bug.cgi?id=159552
2285
2286         Reviewed by Xabier Rodriguez-Calvar.
2287
2288         Ensure the sizeChanged notification is emitted from the main
2289         thread. When GStreamer-GL rendering is enabled the appsink draw
2290         callbacks are fired in a non-main thread.
2291
2292         The WeakPtr support was moved to the player base class so that it
2293         can be used there as well as in the MediaPlayerPrivateGStreamer
2294         sub-class.
2295
2296         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
2297         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
2298         (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer): Deleted.
2299         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
2300         (WebCore::MediaPlayerPrivateGStreamer::createWeakPtr): Deleted.
2301         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2302         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
2303         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
2304         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
2305         (WebCore::MediaPlayerPrivateGStreamerBase::createWeakPtr):
2306
2307 2016-07-10  Chris Dumez  <cdumez@apple.com>
2308
2309         Setting document.title reuses <title>'s textnode child
2310         https://bugs.webkit.org/show_bug.cgi?id=28864
2311         <rdar://problem/7186473>
2312
2313         Reviewed by Benjamin Poulain.
2314
2315         Setting document.title should be equivalent to setting the 'textContent'
2316         IDL attribute of the <title> element:
2317         - https://html.spec.whatwg.org/multipage/dom.html#document.title
2318
2319         In particular, this means we should always create a new Text node and
2320         replace all the <title>'s children with this new Node, as per:
2321         - https://dom.spec.whatwg.org/#dom-node-textcontent
2322
2323         Previously, WebKit would in some cases reuse the existing <title>'s
2324         Text node and merely update its data.
2325
2326         Firefox and Chrome behave as per the specification so this aligns our
2327         behavior with other major browsers as well.
2328
2329         Test: fast/dom/title-setter-new-text-node.html
2330
2331         * dom/Document.cpp:
2332         (WebCore::Document::setTitle):
2333         - Call Node::setTextContent() instead of HTMLTitleElement::setText(),
2334           as per the specification.
2335         - Take an ExceptionCode parameter and pass it to Node::setTextContent()
2336           as it may throw.
2337
2338         * dom/Document.h:
2339         * dom/Document.idl:
2340
2341         * html/HTMLTitleElement.cpp:
2342         (WebCore::HTMLTitleElement::setText):
2343         Update implementation of HTMLTitleElement::setText() to call
2344         setTextContent() as per the specification:
2345         - https://html.spec.whatwg.org/multipage/semantics.html#dom-title-text
2346
2347         * html/HTMLTitleElement.h:
2348         * html/HTMLTitleElement.idl:
2349
2350         * html/ImageDocument.cpp:
2351         (WebCore::ImageDocument::finishedParsing):
2352
2353         * svg/SVGTitleElement.cpp:
2354         * svg/SVGTitleElement.h:
2355         Drop setText() setter which was duplicated from HTMLTitleElement::setText()
2356         now that Document::setTitle() calls SVGTitleElement::setTextContent()
2357         instead.
2358
2359 2016-07-10  Zalan Bujtas  <zalan@apple.com>
2360
2361         Fix LogicalSelectionOffsetCaches to work with detached render tree.
2362         https://bugs.webkit.org/show_bug.cgi?id=159605
2363         <rdar://problem/27248845>
2364
2365         Reviewed by Brent Fulgham.
2366
2367         When the renderer that is being destroyed is on a selection boundary,
2368         we need to ensure that all its cached pointers across the selection code (e.g. SelectionSubtreeData)
2369         are getting reset. In order to do that, we call clearSelection() on the RenderView.
2370         One of the last steps of clearing selection is to collect the selection gaps. Selection gaps uses this
2371         LogicalSelectionOffsetCaches helper class to collect selection information across blocks.
2372         LogicalSelectionOffsetCaches normally operates on rooted renderers. However we need to ensure sure that
2373         it can also handle renderers that are no longer part of the render tree.
2374
2375         Test: fast/text/selection-on-a-detached-tree.html
2376
2377         * rendering/LogicalSelectionOffsetCaches.h:
2378         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::setBlock):
2379         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalLeftSelectionOffset):
2380         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalRightSelectionOffset):
2381         * rendering/RenderBlock.cpp:
2382         (WebCore::RenderBlock::logicalLeftSelectionOffset):
2383         (WebCore::RenderBlock::logicalRightSelectionOffset):
2384
2385 2016-07-10  Chris Dumez  <cdumez@apple.com>
2386
2387         adoptNode() changes css class to lowercase for document loaded with XHR responseType = "document"
2388         https://bugs.webkit.org/show_bug.cgi?id=159555
2389         <rdar://problem/27252541>
2390
2391         Reviewed by Benjamin Poulain.
2392
2393         Follow-up on r203018 which was incomplete. We need to update ElementData's
2394         m_classNames / m_idForStyleResolution when the source document is in strict
2395         mode and the destination document is in quirks mode as well.
2396
2397         Test: fast/dom/Document/adoptNode-quirks-mismatch2.html
2398
2399         * dom/Element.cpp:
2400         (WebCore::Element::didMoveToNewDocument):
2401
2402 2016-07-10  Sam Weinig  <sam@webkit.org>
2403
2404         Rename isEmojiModifier to isEmojiFitzpatrickModifier to better capture its function
2405         https://bugs.webkit.org/show_bug.cgi?id=159610
2406
2407         Reviewed by Dan Bernstein.
2408
2409         * platform/graphics/FontCascade.cpp:
2410         (WebCore::FontCascade::characterRangeCodePath):
2411         * platform/graphics/mac/ComplexTextController.cpp:
2412         (WebCore::advanceByCombiningCharacterSequence):
2413         Update for rename.
2414
2415         * platform/text/CharacterProperties.h:
2416         (WebCore::isEmojiGroupCandidate):
2417         (WebCore::isEmojiFitzpatrickModifier):
2418         (WebCore::isVariationSelector):
2419         Rename isEmojiModifier -> isEmojiFitzpatrickModifier. Also add some comments
2420         explaining what the characters these predicate act on to demystify them a bit.
2421
2422         * rendering/RenderText.cpp:
2423         (WebCore::RenderText::previousOffsetForBackwardDeletion):
2424         Update for rename and rename a related variable.
2425
2426 2016-07-10  Alex Christensen  <achristensen@webkit.org>
2427
2428         Fix client certificate authentication after r200463
2429         https://bugs.webkit.org/show_bug.cgi?id=159574
2430         <rdar://problem/26931006>
2431
2432         Reviewed by Sam Weinig.
2433
2434         No new tests.  We really need a test for this
2435
2436         * platform/network/cf/CertificateInfo.h:
2437         (WebCore::CertificateInfo::CertificateInfo):
2438         (WebCore::CertificateInfo::trust):
2439         Make sure we only get the trust for Trust type CertificateInfos.  
2440         If we mix up our types, we get unexpected nullptrs, which will cause authentication to fail.
2441
2442 2016-07-10  Myles C. Maxfield  <mmaxfield@apple.com>
2443
2444         Fix Windows build after r203038
2445
2446         Unreviewed.
2447
2448         * platform/text/TextAllInOne.cpp:
2449
2450 2016-07-10  Myles C. Maxfield  <mmaxfield@apple.com>
2451
2452         Move breaking iterator code to WTF
2453         https://bugs.webkit.org/show_bug.cgi?id=159594
2454
2455         Reviewed by Alex Christensen.
2456
2457         This is in preparation for giving StringView a GraphemeClusters iterator.
2458         Such an interator needs to be implemented on top of our breaking iterator
2459         code.
2460
2461         No new tests because there is no behavior change.
2462
2463         * CMakeLists.txt:
2464         * PlatformEfl.cmake:
2465         * PlatformGTK.cmake:
2466         * PlatformMac.cmake:
2467         * PlatformWin.cmake:
2468         * WebCore.xcodeproj/project.pbxproj:
2469         * dom/CharacterData.cpp:
2470         * editing/TextCheckingHelper.cpp:
2471         * editing/TextIterator.cpp:
2472         * editing/VisibleUnits.cpp:
2473         * html/HTMLInputElement.cpp:
2474         * html/HTMLTextAreaElement.cpp:
2475         * html/InputType.cpp:
2476         * html/TextFieldInputType.cpp:
2477         * html/TextInputType.cpp:
2478         * platform/LocalizedStrings.cpp:
2479         * platform/graphics/StringTruncator.cpp:
2480         * platform/graphics/cg/ColorCG.cpp:
2481         (WTF::RetainPtr<CGColorRef>>::createValueForKey):
2482         (WebCore::RetainPtr<CGColorRef>>::createValueForKey): Deleted.
2483         * platform/graphics/mac/ComplexTextController.cpp:
2484         * platform/text/LineBreakIteratorPoolICU.h:
2485         (WebCore::LineBreakIteratorPool::LineBreakIteratorPool): Deleted.
2486         (WebCore::LineBreakIteratorPool::sharedPool): Deleted.
2487         (WebCore::LineBreakIteratorPool::makeLocaleWithBreakKeyword): Deleted.
2488         (WebCore::LineBreakIteratorPool::take): Deleted.
2489         (WebCore::LineBreakIteratorPool::put): Deleted.
2490         * platform/text/TextBoundaries.cpp:
2491         * platform/text/TextBreakIterator.cpp:
2492         (WebCore::initializeIterator): Deleted.
2493         (WebCore::initializeIteratorWithRules): Deleted.
2494         (WebCore::setTextForIterator): Deleted.
2495         (WebCore::setContextAwareTextForIterator): Deleted.
2496         (WebCore::wordBreakIterator): Deleted.
2497         (WebCore::sentenceBreakIterator): Deleted.
2498         (WebCore::cursorMovementIterator): Deleted.
2499         (WebCore::acquireLineBreakIterator): Deleted.
2500         (WebCore::releaseLineBreakIterator): Deleted.
2501         (WebCore::mapLineIteratorModeToRules): Deleted.
2502         (WebCore::isCJKLocale): Deleted.
2503         (WebCore::openLineBreakIterator): Deleted.
2504         (WebCore::closeLineBreakIterator): Deleted.
2505         (WebCore::compareAndSwapNonSharedCharacterBreakIterator): Deleted.
2506         (WebCore::NonSharedCharacterBreakIterator::NonSharedCharacterBreakIterator): Deleted.
2507         (WebCore::NonSharedCharacterBreakIterator::~NonSharedCharacterBreakIterator): Deleted.
2508         (WebCore::textBreakFirst): Deleted.
2509         (WebCore::textBreakLast): Deleted.
2510         (WebCore::textBreakNext): Deleted.
2511         (WebCore::textBreakPrevious): Deleted.
2512         (WebCore::textBreakPreceding): Deleted.
2513         (WebCore::textBreakFollowing): Deleted.
2514         (WebCore::textBreakCurrent): Deleted.
2515         (WebCore::isTextBreak): Deleted.
2516         (WebCore::isWordTextBreak): Deleted.
2517         (WebCore::numGraphemeClusters): Deleted.
2518         (WebCore::numCharactersInGraphemeClusters): Deleted.
2519         * platform/text/TextBreakIterator.h:
2520         (WebCore::LazyLineBreakIterator::LazyLineBreakIterator): Deleted.
2521         (WebCore::LazyLineBreakIterator::~LazyLineBreakIterator): Deleted.
2522         (WebCore::LazyLineBreakIterator::string): Deleted.
2523         (WebCore::LazyLineBreakIterator::isLooseCJKMode): Deleted.
2524         (WebCore::LazyLineBreakIterator::lastCharacter): Deleted.
2525         (WebCore::LazyLineBreakIterator::secondToLastCharacter): Deleted.
2526         (WebCore::LazyLineBreakIterator::setPriorContext): Deleted.
2527         (WebCore::LazyLineBreakIterator::updatePriorContext): Deleted.
2528         (WebCore::LazyLineBreakIterator::resetPriorContext): Deleted.
2529         (WebCore::LazyLineBreakIterator::priorContextLength): Deleted.
2530         (WebCore::LazyLineBreakIterator::get): Deleted.
2531         (WebCore::LazyLineBreakIterator::resetStringAndReleaseIterator): Deleted.
2532         (WebCore::NonSharedCharacterBreakIterator::operator TextBreakIterator*): Deleted.
2533         * platform/text/cf/HyphenationCF.cpp:
2534         * platform/text/efl/TextBreakIteratorInternalICUEfl.cpp:
2535         (WebCore::currentSearchLocaleID): Deleted.
2536         (WebCore::currentTextBreakLocaleID): Deleted.
2537         * platform/text/enchant/TextCheckerEnchant.cpp:
2538         * platform/text/gtk/TextBreakIteratorInternalICUGtk.cpp:
2539         (WebCore::currentSearchLocaleID): Deleted.
2540         (WebCore::currentTextBreakLocaleID): Deleted.
2541         * platform/text/icu/UTextProvider.cpp:
2542         (WebCore::fixPointer): Deleted.
2543         (WebCore::uTextCloneImpl): Deleted.
2544         * platform/text/icu/UTextProvider.h:
2545         (WebCore::uTextProviderContext): Deleted.
2546         (WebCore::initializeContextAwareUTextProvider): Deleted.
2547         (WebCore::uTextAccessPinIndex): Deleted.
2548         (WebCore::uTextAccessInChunkOrOutOfRange): Deleted.
2549         * platform/text/icu/UTextProviderLatin1.cpp:
2550         (WebCore::uTextLatin1Clone): Deleted.
2551         (WebCore::uTextLatin1NativeLength): Deleted.
2552         (WebCore::uTextLatin1Access): Deleted.
2553         (WebCore::uTextLatin1Extract): Deleted.
2554         (WebCore::uTextLatin1MapOffsetToNative): Deleted.
2555         (WebCore::uTextLatin1MapNativeIndexToUTF16): Deleted.
2556         (WebCore::uTextLatin1Close): Deleted.
2557         (WebCore::openLatin1UTextProvider): Deleted.
2558         (WebCore::textLatin1ContextAwareGetCurrentContext): Deleted.
2559         (WebCore::textLatin1ContextAwareMoveInPrimaryContext): Deleted.
2560         (WebCore::textLatin1ContextAwareSwitchToPrimaryContext): Deleted.
2561         (WebCore::textLatin1ContextAwareMoveInPriorContext): Deleted.
2562         (WebCore::textLatin1ContextAwareSwitchToPriorContext): Deleted.
2563         (WebCore::uTextLatin1ContextAwareClone): Deleted.
2564         (WebCore::uTextLatin1ContextAwareNativeLength): Deleted.
2565         (WebCore::uTextLatin1ContextAwareAccess): Deleted.
2566         (WebCore::uTextLatin1ContextAwareExtract): Deleted.
2567         (WebCore::uTextLatin1ContextAwareClose): Deleted.
2568         (WebCore::openLatin1ContextAwareUTextProvider): Deleted.
2569         * platform/text/icu/UTextProviderUTF16.cpp:
2570         (WebCore::textUTF16ContextAwareGetCurrentContext): Deleted.
2571         (WebCore::textUTF16ContextAwareMoveInPrimaryContext): Deleted.
2572         (WebCore::textUTF16ContextAwareSwitchToPrimaryContext): Deleted.
2573         (WebCore::textUTF16ContextAwareMoveInPriorContext): Deleted.
2574         (WebCore::textUTF16ContextAwareSwitchToPriorContext): Deleted.
2575         (WebCore::uTextUTF16ContextAwareClone): Deleted.
2576         (WebCore::uTextUTF16ContextAwareNativeLength): Deleted.
2577         (WebCore::uTextUTF16ContextAwareAccess): Deleted.
2578         (WebCore::uTextUTF16ContextAwareExtract): Deleted.
2579         (WebCore::uTextUTF16ContextAwareClose): Deleted.
2580         (WebCore::openUTF16ContextAwareUTextProvider): Deleted.
2581         * platform/text/mac/TextBoundaries.mm:
2582         * platform/text/mac/TextBreakIteratorInternalICUMac.mm:
2583         (WebCore::textBreakLocalePreference): Deleted.
2584         (WebCore::topLanguagePreference): Deleted.
2585         (WebCore::getLocale): Deleted.
2586         (WebCore::getSearchLocale): Deleted.
2587         (WebCore::currentSearchLocaleID): Deleted.
2588         (WebCore::getTextBreakLocale): Deleted.
2589         (WebCore::currentTextBreakLocaleID): Deleted.
2590         * platform/text/win/TextBreakIteratorInternalICUWin.cpp:
2591         (WebCore::currentSearchLocaleID): Deleted.
2592         (WebCore::currentTextBreakLocaleID): Deleted.
2593         * rendering/RenderBlock.cpp:
2594         * rendering/RenderText.cpp:
2595         * rendering/RenderText.h:
2596         * rendering/SimpleLineLayoutTextFragmentIterator.h:
2597         * rendering/break_lines.cpp:
2598         * rendering/break_lines.h:
2599         * rendering/line/LineBreaker.h:
2600
2601 2016-07-10  Yusuke Suzuki  <utatane.tea@gmail.com>
2602
2603         [GTK] Crash on https://diafygi.github.io/webcrypto-examples with ENABLE_SUBTLE_CRYPTO
2604         https://bugs.webkit.org/show_bug.cgi?id=159189
2605
2606         Reviewed by Michael Catanzaro.
2607
2608         Currently, we explicitly release the pointers of std::unique_ptr<CryptoAlgorithm> and std::unique_ptr<CryptoAlgorithmParameters>,
2609         and delete them in the asynchronously called lambdas. In GnuTLS version, callback function is accidentally called twice,
2610         and it incurs the double free problem.
2611         In SubtleCrypto code, we have the rule that we must not call failureCallback when the error code is filled in synchronous execution.
2612         So we drop the failureCallback calling code in GnuTLS subtle crypto code.
2613
2614         But, rather than carefully handling un-smart-pointer-managed raw pointer's life time, we should use ref counted pointer for that.
2615         Using the raw delete is error-prone.
2616
2617         This patch also changes CryptoAlgorithm and CryptoAlgorithmParameters to RefCounted. And use Ref and RefPtr instead.
2618         The change eliminates the ad-hoc delete code. And now, the lambdas can be called multiple times since once the result of the promise
2619         is resolved or rejected, subsequent resolve / reject calls are ignored.
2620
2621         And this patch also fixes the incorrect call to the lambda that is already WTFMoved.
2622
2623         While we can see several `return WTFMove(...)`, they are necessary since it uses implicit type conversions, like,
2624         `Ref<A>` => `RefPtr<A>`, and `Ref<Derived>` => `Ref<Base>`.
2625
2626         * bindings/js/JSCryptoAlgorithmDictionary.cpp:
2627         (WebCore::createAesCbcParams):
2628         (WebCore::createAesKeyGenParams):
2629         (WebCore::createHmacParams):
2630         (WebCore::createHmacKeyParams):
2631         (WebCore::createRsaKeyGenParams):
2632         (WebCore::createRsaKeyParamsWithHash):
2633         (WebCore::createRsaOaepParams):
2634         (WebCore::createRsaSsaParams):
2635         (WebCore::JSCryptoAlgorithmDictionary::createParametersForEncrypt):
2636         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDecrypt):
2637         (WebCore::JSCryptoAlgorithmDictionary::createParametersForSign):
2638         (WebCore::JSCryptoAlgorithmDictionary::createParametersForVerify):
2639         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDigest):
2640         (WebCore::JSCryptoAlgorithmDictionary::createParametersForGenerateKey):
2641         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDeriveKey):
2642         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDeriveBits):
2643         (WebCore::JSCryptoAlgorithmDictionary::createParametersForImportKey):
2644         (WebCore::JSCryptoAlgorithmDictionary::createParametersForExportKey):
2645         * bindings/js/JSCryptoAlgorithmDictionary.h:
2646         * bindings/js/JSCryptoKeySerializationJWK.cpp:
2647         (WebCore::createHMACParameters):
2648         (WebCore::createRSAKeyParametersWithHash):
2649         (WebCore::JSCryptoKeySerializationJWK::reconcileAlgorithm):
2650         * bindings/js/JSCryptoKeySerializationJWK.h:
2651         * bindings/js/JSSubtleCryptoCustom.cpp:
2652         (WebCore::createAlgorithmFromJSValue):
2653         (WebCore::importKey):
2654         (WebCore::JSSubtleCrypto::importKey):
2655         (WebCore::JSSubtleCrypto::wrapKey):
2656         (WebCore::JSSubtleCrypto::unwrapKey):
2657         * crypto/CryptoAlgorithm.h:
2658         * crypto/CryptoAlgorithmParameters.h:
2659         * crypto/CryptoAlgorithmRegistry.cpp:
2660         (WebCore::CryptoAlgorithmRegistry::create):
2661         * crypto/CryptoAlgorithmRegistry.h:
2662         * crypto/CryptoKeySerialization.h:
2663         * crypto/algorithms/CryptoAlgorithmAES_CBC.cpp:
2664         (WebCore::CryptoAlgorithmAES_CBC::create):
2665         * crypto/algorithms/CryptoAlgorithmAES_CBC.h:
2666         * crypto/algorithms/CryptoAlgorithmAES_KW.cpp:
2667         (WebCore::CryptoAlgorithmAES_KW::create):
2668         * crypto/algorithms/CryptoAlgorithmAES_KW.h:
2669         * crypto/algorithms/CryptoAlgorithmHMAC.cpp:
2670         (WebCore::CryptoAlgorithmHMAC::create):
2671         * crypto/algorithms/CryptoAlgorithmHMAC.h:
2672         * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp:
2673         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::create):
2674         * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.h:
2675         * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
2676         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::create):
2677         * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h:
2678         * crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp:
2679         (WebCore::CryptoAlgorithmRSA_OAEP::create):
2680         * crypto/algorithms/CryptoAlgorithmRSA_OAEP.h:
2681         * crypto/algorithms/CryptoAlgorithmSHA1.cpp:
2682         (WebCore::CryptoAlgorithmSHA1::create):
2683         * crypto/algorithms/CryptoAlgorithmSHA1.h:
2684         * crypto/algorithms/CryptoAlgorithmSHA224.cpp:
2685         (WebCore::CryptoAlgorithmSHA224::create):
2686         * crypto/algorithms/CryptoAlgorithmSHA224.h:
2687         * crypto/algorithms/CryptoAlgorithmSHA256.cpp:
2688         (WebCore::CryptoAlgorithmSHA256::create):
2689         * crypto/algorithms/CryptoAlgorithmSHA256.h:
2690         * crypto/algorithms/CryptoAlgorithmSHA384.cpp:
2691         (WebCore::CryptoAlgorithmSHA384::create):
2692         * crypto/algorithms/CryptoAlgorithmSHA384.h:
2693         * crypto/algorithms/CryptoAlgorithmSHA512.cpp:
2694         (WebCore::CryptoAlgorithmSHA512::create):
2695         * crypto/algorithms/CryptoAlgorithmSHA512.h:
2696         * crypto/gnutls/CryptoAlgorithmAES_CBCGnuTLS.cpp:
2697         (WebCore::CryptoAlgorithmAES_CBC::platformEncrypt):
2698         (WebCore::CryptoAlgorithmAES_CBC::platformDecrypt):
2699         * crypto/gnutls/CryptoAlgorithmAES_KWGnuTLS.cpp:
2700         (WebCore::CryptoAlgorithmAES_KW::platformEncrypt):
2701         (WebCore::CryptoAlgorithmAES_KW::platformDecrypt):
2702         * crypto/gnutls/CryptoAlgorithmHMACGnuTLS.cpp:
2703         (WebCore::CryptoAlgorithmHMAC::platformSign):
2704         (WebCore::CryptoAlgorithmHMAC::platformVerify):
2705         * crypto/gnutls/CryptoAlgorithmRSAES_PKCS1_v1_5GnuTLS.cpp:
2706         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformEncrypt):
2707         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformDecrypt):
2708         * crypto/gnutls/CryptoAlgorithmRSASSA_PKCS1_v1_5GnuTLS.cpp:
2709         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign):
2710         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify):
2711         * crypto/gnutls/CryptoAlgorithmRSA_OAEPGnuTLS.cpp:
2712         (WebCore::CryptoAlgorithmRSA_OAEP::platformEncrypt):
2713         (WebCore::CryptoAlgorithmRSA_OAEP::platformDecrypt):
2714         * crypto/keys/CryptoKeySerializationRaw.cpp:
2715         (WebCore::CryptoKeySerializationRaw::reconcileAlgorithm):
2716         * crypto/keys/CryptoKeySerializationRaw.h:
2717
2718 2016-07-09  Antti Koivisto  <antti@apple.com>
2719
2720         REGRESSION (r202931): breaks release builds with ASSERT_WITH_SECURITY_IMPLICATION for fuzzing
2721         https://bugs.webkit.org/show_bug.cgi?id=159599
2722         rdar://problem/27248835
2723
2724         Reviewed by Chris Dumez.
2725
2726         Make RenderStyle::deletionHasBegun() available with ENABLE(SECURITY_ASSERTIONS)
2727
2728         * rendering/style/RenderStyle.cpp:
2729         (WebCore::RenderStyle::~RenderStyle):
2730         * rendering/style/RenderStyle.h:
2731         (WebCore::RenderStyle::deletionHasBegun):
2732
2733 2016-07-09  Youenn Fablet  <youenn@apple.com>
2734
2735         Make use of PrivateIdentifier to simplify Fetch Headers built-in checks
2736         https://bugs.webkit.org/show_bug.cgi?id=159554
2737
2738         Reviewed by Alex Christensen.
2739
2740         Test: fetch/header-constructor-overriden.html
2741         Patch does not change visible behavior.
2742
2743         * Modules/fetch/FetchHeaders.idl: Adding PrivateIdentifier to the Headers constructor.
2744         * Modules/fetch/FetchHeaders.js:
2745         (initializeFetchHeaders): Checking directly with @Headers for improved clarity.
2746         * Modules/fetch/FetchResponse.js: Using @Headers to check whether creating a Headers object or not before
2747         passsing it to C++ FetchResponse initialize method.
2748         (initializeFetchResponse):
2749         * bindings/js/WebCoreBuiltinNames.h: Adding Headers private name.
2750
2751 2016-07-08  Chris Dumez  <cdumez@apple.com>
2752
2753         adoptNode() changes css class to lowercase for document loaded with XHR responseType = "document"
2754         https://bugs.webkit.org/show_bug.cgi?id=159555
2755         <rdar://problem/27252541>
2756
2757         Reviewed by Ryosuke Niwa.
2758
2759         When adopting an Element from another document which has a different quirks mode,
2760         case-sensitivity for id and class attributes differs and we need to correctly
2761         update members such as ElementData::m_classNames or ElementData::m_idForStyleResolution.
2762
2763         To address the issue, have Element override didMoveToNewDocument() and call
2764         attributeChanged() for id and class attributes.
2765
2766         Test: fast/dom/Document/adoptNode-quirks-mismatch.html
2767
2768         * dom/Element.cpp:
2769         (WebCore::Element::didMoveToNewDocument):
2770         * dom/Element.h:
2771
2772 2016-07-08  Daniel Bates  <dabates@apple.com>
2773
2774         Cleanup: Remove use of PassRefPtr from class HTMLTableElement
2775         https://bugs.webkit.org/show_bug.cgi?id=159587
2776
2777         Reviewed by Chris Dumez.
2778
2779         * html/HTMLTableElement.cpp:
2780         (WebCore::HTMLTableElement::setCaption): Take a rvalue reference to a RefPtr instead of a PassRefPtr.
2781         (WebCore::HTMLTableElement::setTHead): Take a rvalue reference to a RefPtr instead of a PassRefPtr. Also
2782         fix a style nit; add curly braces around the for-loop body since its body is more than a single line.
2783         (WebCore::HTMLTableElement::createTHead): Use Ref::copyRef() instead of Ref::ptr() to pass the instantiated
2784         table section to better convey that we are passing a copy of the table section.
2785         (WebCore::HTMLTableElement::createCaption): Ditto.
2786         * html/HTMLTableElement.h:
2787
2788 2016-07-08  Daniel Bates  <dabates@apple.com>
2789
2790         Move shouldInheritSecurityOriginFromOwner() from URL to Document
2791         https://bugs.webkit.org/show_bug.cgi?id=158987
2792
2793         Reviewed by Alex Christensen.
2794
2795         The URL class should not have knowledge of the concept of an origin or the semantics of origin
2796         inheritance as these are higher level concepts. We should make URL::shouldInheritSecurityOriginFromOwner()
2797         a static non-member, non-friend function of Document because its implements the origin semantics
2798         for a Document object as described in section Origin of the HTML5 spec., <https://html.spec.whatwg.org/multipage/browsers.html#origin> (8 July 2016).
2799         These semantics only apply to Documents.
2800
2801         No functionality changed. So, no new tests.
2802
2803         * dom/Document.cpp:
2804         (WebCore::shouldInheritSecurityOriginFromOwner): Added.
2805         (WebCore::Document::initSecurityContext): Modified to call WebCore::shouldInheritSecurityOriginFromOwner().
2806         (WebCore::Document::initContentSecurityPolicy): Ditto.
2807         * platform/URL.cpp:
2808         (WebCore::URL::shouldInheritSecurityOriginFromOwner): Deleted.
2809         * platform/URL.h:
2810
2811 2016-07-08  Daniel Bates  <dabates@apple.com>
2812
2813         Setting table.tFoot or calling table.createTFoot() should append HTML tfont element to the end of the table
2814         https://bugs.webkit.org/show_bug.cgi?id=159583
2815         <rdar://problem/27255292>
2816
2817         In HTMLTableElement::createTFoot() I inadvertently made use of WTFMove() to move the instantiated
2818         HTMLTableSectionElement into the argument passed to setTFoot(). We should use Ref::copyRef() instead
2819         because we want this function to return the instantiated table section.
2820
2821         * html/HTMLTableElement.cpp:
2822         (WebCore::HTMLTableElement::createTFoot):
2823
2824 2016-07-08  Daniel Bates  <dabates@apple.com>
2825
2826         Setting table.tFoot or calling table.createTFoot() should append HTML tfont element to the end of the table
2827         https://bugs.webkit.org/show_bug.cgi?id=159583
2828         <rdar://problem/27255292>
2829
2830         Reviewed by Chris Dumez.
2831
2832         he HTML standard has long since been revised to describe that assignment to property table.tFoot
2833         or invoking table.createTFoot() will append the HTML tfoot element to the end of the table. This
2834         behavior is defined in <https://html.spec.whatwg.org/multipage/tables.html#dom-table-tfoot> (8 July 2016)
2835         and <https://html.spec.whatwg.org/multipage/tables.html#dom-table-createtfoot> for the property
2836         table.tFoot and table.createTFoot(), respectively. This change makes our behavior match the
2837         behavior in Mozilla Firefox, Microsoft Edge, Microsoft Internet Explorer 8 and later.
2838
2839         * html/HTMLTableElement.cpp:
2840         (WebCore::HTMLTableElement::setTFoot): Append <tfoot> to the end of the table. Use RefPtr<>&& instead of PassRefPtr.
2841         (WebCore::HTMLTableElement::createTFoot): Use RefPtr<>&& instead of PassRefPtr.
2842         * html/HTMLTableElement.h:
2843
2844 2016-07-08  Jer Noble  <jer.noble@apple.com>
2845
2846         Crash in layout test /media/video-buffered-range-contains-currentTime.html
2847         https://bugs.webkit.org/show_bug.cgi?id=159109
2848         <rdar://problem/26535750>
2849
2850         Reviewed by Alex Christensen.
2851
2852         Protect against _dataTasks being mutated and accessed on multiple simultaneous threads with a Lock.
2853
2854         * platform/network/cocoa/WebCoreNSURLSession.h:
2855         * platform/network/cocoa/WebCoreNSURLSession.mm:
2856         (-[WebCoreNSURLSession dealloc]):
2857         (-[WebCoreNSURLSession taskCompleted:]):
2858         (-[WebCoreNSURLSession finishTasksAndInvalidate]):
2859         (-[WebCoreNSURLSession invalidateAndCancel]):
2860         (-[WebCoreNSURLSession getTasksWithCompletionHandler:]):
2861         (-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]):
2862         (-[WebCoreNSURLSession dataTaskWithRequest:]):
2863         (-[WebCoreNSURLSession dataTaskWithURL:]):
2864
2865 2016-07-08  Jeremy Jones  <jeremyj@apple.com>
2866
2867         Prevent fullscreen video dimension state from being reset after configuring.
2868         https://bugs.webkit.org/show_bug.cgi?id=159578
2869
2870         Reviewed by Jer Noble.
2871
2872         This change moves setVideoElement() to after setMediaElement(), since setMediaElement() resets the
2873         mediaState, undoing the configuration done by setVideoElement().
2874
2875         This change is fragile, but minimal. The proper, more comprehinsive fix will come later from
2876         https://bugs.webkit.org/show_bug.cgi?id=159580.
2877
2878         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
2879         (WebVideoFullscreenControllerContext::setUpFullscreen):
2880
2881 2016-07-08  Andy Estes  <aestes@apple.com>
2882
2883         [Content Filtering] Load blocked pages more like other error pages are loaded
2884         https://bugs.webkit.org/show_bug.cgi?id=159485
2885         <rdar://problem/26014076>
2886
2887         Reviewed by Brady Eidson.
2888
2889         Content filter blocked pages were being loaded by cancelling the provisional load of the
2890         page that was blocked and then scheduling a navigation to the content filter error page.
2891         Some clients would not expect a new, Web process-initiated provisional navigation to start
2892         after a cancellation, though, and this would put them in a bad state.
2893         
2894         This patch changes blocked page loading to behave more like loading other error pages.
2895         Specifically:
2896         1. didFailProvisionalLoad is dispatched with a new, non-cancellation error code.
2897         2. The blocked page is loaded immediately after dispatching didFailProvisionalLoad, which
2898            prevents FrameLoader from creating a new back-forward list item for the substitute data load.
2899         3. A substitute data load initiated by the client for the blocked URL is ignored if
2900            ContentFilter will display its own error page.
2901         4. A file: URL is used instead of a custom scheme for the base URL of the blocked page,
2902            since some clients expect this.
2903
2904         Updated existing tests to capture frame load delegate callbacks and the back forward list.
2905         Added new API tests: ContentFiltering.LoadAlternate*.
2906
2907         * English.lproj/Localizable.strings: Added a WebKitErrorFrameLoadBlockedByContentFilter description.
2908         * Resources/ContentFilterBlockedPage.html: Added.
2909         * WebCore.xcodeproj/project.pbxproj: Added ContentFilterBlockedPage.html as a frameowrk resource.
2910         * loader/ContentFilter.cpp:
2911         (WebCore::ContentFilter::continueAfterWillSendRequest): Protected m_documentLoader,
2912         since it might otherwise be deallocated inside ContentFilter::didDecide() if the load is blocked.
2913         (WebCore::ContentFilter::stopFilteringMainResource): Only set m_state to Stopped if not
2914         already Blocked, so that we don't forget this ContentFilter was blocked when calling
2915         cancelMailResourceLoad() in didDecide().
2916         (WebCore::ContentFilter::continueAfterResponseReceived): Protected m_documentLoader,
2917         since it might otherwise be deallocated inside ContentFilter::didDecide() if the load is blocked.
2918         (WebCore::ContentFilter::continueAfterDataReceived): Ditto.
2919         (WebCore::ContentFilter::continueAfterNotifyFinished): Ditto.
2920         (WebCore::ContentFilter::didDecide): Moved code from DocumentLoader::contentFilterDidBlock() to here.
2921         Created a blockedByContentFilterError() and called cancelMainResourceLoad().
2922         (WebCore::blockedPageURL): Returned a file: URL to ContentFilterBlockedPage.html in WebCore.framework.
2923         (WebCore::ContentFilter::continueAfterSubstituteDataRequest): If the substitute data load
2924         is for the same failingURL as the currently-displayed blocked page, ignore it.
2925         (WebCore::ContentFilter::handleProvisionalLoadFailure): Load the blocked page if m_state is Blocked
2926         and the ResourceError matches the error we used when previously calling cancelMainResourceLoad().
2927         (WebCore::ContentFilter::unblockHandler): Deleted.
2928         (WebCore::ContentFilter::replacementData): Deleted.
2929         (WebCore::ContentFilter::unblockRequestDeniedScript): Deleted.
2930         * loader/ContentFilter.h:
2931         * loader/DocumentLoader.cpp:
2932         (WebCore::DocumentLoader::contentFilter): Returned m_contentFilter.
2933         (WebCore::DocumentLoader::installContentFilterUnblockHandler): Deleted.
2934         (WebCore::DocumentLoader::contentFilterDidBlock): Deleted.
2935         * loader/DocumentLoader.h:
2936         * loader/EmptyClients.h: Added a default implementation of blockedByContentFilterError().
2937         * loader/FrameLoader.cpp:
2938         (WebCore::FrameLoader::load): If m_loadType was already RedirectWithLockedBackForwardList
2939         and we are loading subsitute data for a failing URL, continue to use RedirectWithLockedBackForwardList.
2940         This prevents a new back-forward list item from being created when loading a blocked page in a subframe.
2941         (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
2942         Called ContentFilter::handleProvisionalLoadFailure() after dispatchDidFailProvisionalLoad().
2943         (WebCore::FrameLoader::blockedByContentFilterError): Called FrameLoaderClient::blockedByContentFilterError().
2944         * loader/FrameLoader.h:
2945         * loader/FrameLoaderClient.h:
2946         * loader/NavigationScheduler.cpp:
2947         (WebCore::ScheduledSubstituteDataLoad::ScheduledSubstituteDataLoad): Deleted.
2948         (WebCore::NavigationScheduler::scheduleSubstituteDataLoad): Deleted.
2949         * loader/NavigationScheduler.h:
2950         * loader/PolicyChecker.cpp:
2951         (WebCore::PolicyChecker::checkNavigationPolicy): Ignored a substitute data load for a
2952         failing URL if ContentFilter::continueAfterSubstituteDataRequest() returns false.
2953
2954 2016-07-08  Myles C. Maxfield  <mmaxfield@apple.com>
2955
2956         [Font Loading] The callback passed to document.fonts.ready should always be called
2957         https://bugs.webkit.org/show_bug.cgi?id=158884
2958
2959         Reviewed by Dean Jackson.
2960
2961         The boolean was simply not being reset when loads start.
2962
2963         Test: fast/text/font-face-set-ready-fire.html
2964
2965         * css/FontFaceSet.cpp:
2966         (WebCore::FontFaceSet::startedLoading):
2967         * css/FontFaceSet.h:
2968
2969 2016-07-08  Commit Queue  <commit-queue@webkit.org>
2970
2971         Unreviewed, rolling out r202944.
2972         https://bugs.webkit.org/show_bug.cgi?id=159570
2973
2974         caused some tests to crash under GuardMalloc (Requested by
2975         estes on #webkit).
2976
2977         Reverted changeset:
2978
2979         "[Content Filtering] Load blocked pages more like other error
2980         pages are loaded"
2981         https://bugs.webkit.org/show_bug.cgi?id=159485
2982         http://trac.webkit.org/changeset/202944
2983
2984 2016-07-08  Antti Koivisto  <antti@apple.com>
2985
2986         Regression(r201805): Crash with <use> resource that has Vary header
2987         https://bugs.webkit.org/show_bug.cgi?id=159560
2988         <rdar://problem/27034208>
2989
2990         Reviewed by Chris Dumez.
2991
2992         In some situations (SVG <use> element for example) we may try to load resources from frameless documents.
2993         Such loads always fail. The new vary header verification code path tried to access the frame earlier without
2994         null check.
2995
2996         Test: http/tests/cache/vary-frameless-document.html
2997
2998         * loader/cache/CachedResource.cpp:
2999         (WebCore::CachedResource::failBeforeStarting):
3000         (WebCore::addAdditionalRequestHeadersToRequest):
3001
3002             Null check frame.
3003             Also move the resource type check here so all callers get the same behavior.
3004
3005         (WebCore::CachedResource::addAdditionalRequestHeaders):
3006         (WebCore::CachedResource::load):
3007         (WebCore::CachedResource::varyHeaderValuesMatch):
3008
3009 2016-07-08  Brady Eidson  <beidson@apple.com>
3010
3011         Clearing LocalStorage doesn't also delete -wal and -shm files.
3012         <rdar://problem/27206772> and https://bugs.webkit.org/show_bug.cgi?id=159566
3013
3014         Reviewed by Brent Fulgham.
3015         Also helpfully picked over by Andy "Never Forgets" Estes.
3016
3017         Covered by new API test.
3018
3019         * WebCore.xcodeproj/project.pbxproj:
3020
3021         * platform/sql/SQLiteFileSystem.h:
3022
3023 2016-07-08  Commit Queue  <commit-queue@webkit.org>
3024
3025         Unreviewed, rolling out r202945.
3026         https://bugs.webkit.org/show_bug.cgi?id=159565
3027
3028         The test for this change is failing on all platforms.
3029         (Requested by ryanhaddad on #webkit).
3030
3031         Reverted changeset:
3032
3033         "[Font Loading] The callback passed to document.fonts.ready
3034         should always be called"
3035         https://bugs.webkit.org/show_bug.cgi?id=158884
3036         http://trac.webkit.org/changeset/202945
3037
3038 2016-07-08  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
3039
3040         ExecState should be passed by reference in JS bindings generator for custom constructors
3041         https://bugs.webkit.org/show_bug.cgi?id=159357
3042
3043         Reviewed by Youenn Fablet.
3044
3045         Pass ExecState as a reference instead of pointer in JS bindings
3046         code for custom constructors.
3047
3048         * bindings/js/JSAudioContextCustom.cpp:
3049         (WebCore::constructJSAudioContext):
3050         * bindings/js/JSBlobCustom.cpp:
3051         (WebCore::constructJSBlob):
3052         * bindings/js/JSDOMFormDataCustom.cpp:
3053         (WebCore::constructJSDOMFormData):
3054         (WebCore::JSDOMFormData::append):
3055         * bindings/js/JSDataCueCustom.cpp:
3056         (WebCore::constructJSDataCue):
3057         * bindings/js/JSFileCustom.cpp:
3058         (WebCore::constructJSFile):
3059         * bindings/js/JSHTMLElementCustom.cpp:
3060         (WebCore::constructJSHTMLElement):
3061         * bindings/js/JSMediaSessionCustom.cpp:
3062         (WebCore::constructJSMediaSession):
3063         * bindings/js/JSMutationObserverCustom.cpp:
3064         (WebCore::constructJSMutationObserver):
3065         * bindings/js/JSReadableStreamPrivateConstructors.cpp:
3066         (WebCore::constructJSReadableStreamController):
3067         (WebCore::constructJSReadableStreamReader):
3068         * bindings/js/JSWebKitPointCustom.cpp:
3069         (WebCore::constructJSWebKitPoint):
3070         * bindings/js/JSWorkerCustom.cpp:
3071         (WebCore::constructJSWorker):
3072         * bindings/scripts/CodeGeneratorJS.pm:
3073         (GenerateHeader):
3074         (GenerateConstructorDefinition):
3075         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
3076         (WebCore::JSTestCustomConstructorWithNoInterfaceObjectConstructor::construct):
3077         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
3078
3079 2016-07-08  Olivier Blin  <olivier.blin@softathome.com>
3080
3081         Expose crossOrigin attribute as a static property in HTMLMediaElement
3082         https://bugs.webkit.org/show_bug.cgi?id=159459
3083
3084         Reviewed by Chris Dumez.
3085
3086         The crossOrigin attribute is already used for MediaResourceLoader
3087         (r119742 and r175050), but it was not exposed as a static property.
3088
3089         This fixes VR360 support in Dailymotion, since it uses the "in"
3090         operator to detect if crossOrigin is supported by the
3091         HTMLVideoElement, in order to enable VR360.
3092
3093         No new tests, rebaselined existing tests, 150 WPT tests are fixed.
3094
3095         * html/HTMLMediaElement.cpp:
3096         (WebCore::HTMLMediaElement::setCrossOrigin):
3097         (WebCore::HTMLMediaElement::crossOrigin):
3098         * html/HTMLMediaElement.h:
3099         * html/HTMLMediaElement.idl:
3100
3101 2016-03-20  Frederic Wang  <fwang@igalia.com>
3102
3103         Use Fraction* parameters from the OpenType MATH table
3104         https://bugs.webkit.org/show_bug.cgi?id=155639
3105
3106         Reviewed by Brent Fulgham.
3107
3108         We improve the RenderMathMLFraction so minimal vertical shifts and gaps
3109         from the MATH table (or arbitrary fallback) are used for fractions.
3110         We also change the interpretation of "thick" and "thin" linethickness values
3111         to match Gecko's behavior and the one suggested in the MathML in HTML5 implementation note.
3112
3113         Test: imported/mathml-in-html5/mathml/presentation-markup/fractions/frac-parameters-1.html
3114
3115         * rendering/mathml/MathMLStyle.cpp:
3116         (WebCore::MathMLStyle::updateStyleIfNeeded): set NeedsLayout after displaystyle change
3117         so that dynamic MathML tests still work.
3118         * rendering/mathml/RenderMathMLFraction.cpp:
3119         (WebCore::RenderMathMLFraction::RenderMathMLFraction): Init LayoutUnit members to zero.
3120         (WebCore::RenderMathMLFraction::updateFromElement):
3121         Set new members for fraction gaps and shifts using Fraction* constants or some fallback
3122         values. Change the interpretation of "thick" and "thin".
3123         (WebCore::RenderMathMLFraction::layoutBlock): Use new constants affecting vertical
3124         positions of numerator and denominator.
3125         (WebCore::RenderMathMLFraction::paint): Use m_ascent to set the vertical position
3126         of the fraction bar.
3127         (WebCore::RenderMathMLFraction::firstLineBaseline): We just return m_ascent.
3128         * rendering/mathml/RenderMathMLFraction.h: Make updateFromElement public so that
3129         it can be used in MathMLStyle. Add LayoutUnit members for the ascent of the fraction
3130         and for minimal shifts/gaps values.
3131
3132 2016-07-08  Frederic Wang  <fwang@igalia.com>
3133
3134         Use Radical* constants from the OpenType MATH table.
3135         https://bugs.webkit.org/show_bug.cgi?id=155638
3136
3137         Reviewed by Brent Fulgham.
3138
3139         Test: mathml/mathml-in-html5/root-parameters-1.html
3140
3141         We make the radical vertical gap depends on displaystyle.
3142         This is the only remaining step to use all the Radical* constants from the MATH table.
3143         We also introduce a ruleThicknessFallback function for future use.
3144
3145         * rendering/mathml/RenderMathMLBlock.h:
3146         (WebCore::RenderMathMLBlock::ruleThicknessFallback): Add this helper function since that
3147         calculation is used in several places.
3148         * rendering/mathml/RenderMathMLRoot.cpp:
3149         (WebCore::RenderMathMLRoot::updateStyle): Reorganize the way we set constant parameters,
3150         add more comments and take into account the displaystyle for the vertical gap.
3151
3152 2016-07-08  Commit Queue  <commit-queue@webkit.org>
3153
3154         Unreviewed, rolling out r202967.
3155         https://bugs.webkit.org/show_bug.cgi?id=159556
3156
3157         This patch caused crashes in https tests on Windows (Requested
3158         by perarne on #webkit).
3159
3160         Reverted changeset:
3161
3162         "[Win] The test http/tests/security/contentSecurityPolicy
3163         /upgrade-insecure-requests/basic-upgrade.https.html is
3164         failing."
3165         https://bugs.webkit.org/show_bug.cgi?id=159510
3166         http://trac.webkit.org/changeset/202967
3167
3168 2016-07-08  Youenn Fablet  <youenn@apple.com>
3169
3170         Generate WebCore builtin wrapper files
3171         https://bugs.webkit.org/show_bug.cgi?id=159461
3172
3173         Reviewed by Brian Burg.
3174
3175         No change of behavior.
3176
3177         Updating build system to handle new built-in generators without modifying WebCoreJSBuiltins* files.
3178         The generator is now passed all built-ins at once so that wrapper files can be generated.
3179         Removing WebCoreJSBuiltins* checked-in wrapper files.
3180
3181         * CMakeLists.txt:
3182         * DerivedSources.make:
3183         * WebCore.xcodeproj/project.pbxproj:
3184         * bindings/js/JSDOMGlobalObject.cpp:
3185         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
3186         * bindings/js/JSDOMGlobalObject.h:
3187         * bindings/js/WebCoreJSBuiltinInternals.cpp: Removed.
3188         * bindings/js/WebCoreJSBuiltinInternals.h: Removed.
3189         * bindings/js/WebCoreJSBuiltins.cpp: Removed.
3190         * bindings/js/WebCoreJSBuiltins.h: Removed.
3191
3192 2016-07-08  Manuel Rego Casasnovas  <rego@igalia.com>
3193
3194         [css-grid] Inline size is never indefinite during layout
3195         https://bugs.webkit.org/show_bug.cgi?id=159253
3196
3197         Reviewed by Sergio Villar Senin.
3198
3199         The issue is that the inline size of the grid container
3200         is only indefinite while we're computing the intrinsic sizes.
3201         During layout we should be able to resolve the percentage tracks
3202         against that size. This makes Grid Layout compatible with regular blocks
3203         regarding how inline percentages are resolved.
3204
3205         The patch passes the SizingOperation enum to RenderGrid::gridTrackSize().
3206         That way we can know if we're computing the intrinsic sizes or not.
3207
3208         Test: fast/css-grid-layout/grid-container-percentage-columns.html
3209
3210         * rendering/RenderGrid.cpp:
3211         (WebCore::RenderGrid::computeTrackSizesForDirection):
3212         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
3213         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
3214         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
3215         (WebCore::RenderGrid::gridTrackSize):
3216         (WebCore::RenderGrid::minSizeForChild):
3217         (WebCore::RenderGrid::spanningItemCrossesFlexibleSizedTracks):
3218         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
3219         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
3220         (WebCore::RenderGrid::tracksAreWiderThanMinTrackBreadth):
3221         (WebCore::RenderGrid::rawGridTrackSize): Deleted.
3222         * rendering/RenderGrid.h:
3223
3224 2016-07-08  Frederic Wang  <fwang@igalia.com>
3225
3226         Use OpenType MATH constant AxisHeight.
3227         https://bugs.webkit.org/show_bug.cgi?id=133567
3228
3229         Reviewed by Brent Fulgham.
3230
3231         We make RenderMathMLOperator and RenderMathMLTable use the OpenType MATH constant AxisHeight.
3232         These are the only remaining cases to handle since RenderMathMLFraction already uses that constant.
3233
3234         Tests: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
3235               imported/mathml-in-html5/mathml/presentation-markup/tables/table-axis-height.html
3236
3237         * rendering/mathml/RenderMathMLBlock.cpp: Make RenderMathMLTable use the math axis
3238         for its vertical alignment and update a bit the comments.
3239         (WebCore::axisHeight): Move the code in a static function that can be called by
3240         RenderMathMLBlock and RenderMathMLTable.
3241         (WebCore::RenderMathMLBlock::mathAxisHeight): Use axisHeight.
3242         (WebCore::RenderMathMLTable::firstLineBaseline): Ditto.
3243         * rendering/mathml/RenderMathMLOperator.cpp:
3244         (WebCore::RenderMathMLOperator::stretchTo):
3245
3246 2016-07-08  Manuel Rego Casasnovas  <rego@igalia.com>
3247
3248         [css-grid] Disallow repeat() in grid-template shorthand
3249         https://bugs.webkit.org/show_bug.cgi?id=159200
3250
3251         Reviewed by Sergio Villar Senin.
3252
3253         As discussed on www-style, "repeat()" notation shouldn't be allowed
3254         in the ASCII branch of the grid-template shorthand.
3255         https://lists.w3.org/Archives/Public/www-style/2016May/0193.html
3256
3257         The patch uses an enum to invalidate "repeat()" when parsing
3258         the grid-template shorthand.
3259
3260         Test: fast/css-grid-layout/grid-template-shorthand-get-set.html
3261
3262         * css/CSSParser.cpp:
3263         (WebCore::CSSParser::parseGridTemplateColumns): Add enum.
3264         (WebCore::CSSParser::parseGridTemplateRowsAndAreasAndColumns): Pass "DisallowRepeat"
3265         when calling parseGridTemplateColumns().
3266         (WebCore::CSSParser::parseGridTrackList): Use enum to allow/disallow repeat.
3267         * css/CSSParser.h: Define the new enum and modify method signatures to use it,
3268         setting it to "AllowRepeat" by default.
3269
3270 2016-07-08  Frederic Wang  <fwang@igalia.com>
3271
3272         Add support for movablelimits.
3273         https://bugs.webkit.org/show_bug.cgi?id=155542
3274
3275         Reviewed by Brent Fulgham.
3276
3277         Tests: mathml/presentation/displaystyle-1.html
3278                mathml/presentation/displaystyle-2.html
3279                mathml/presentation/displaystyle-3.html
3280                mathml/presentation/mo-movablelimits-default.html
3281                mathml/presentation/mo-movablelimits-dynamic.html
3282                mathml/presentation/mo-movablelimits.html
3283
3284         * mathml/MathMLTextElement.cpp:
3285         (WebCore::MathMLTextElement::parseAttribute): Take into account change of movablelimits.
3286         * rendering/mathml/MathMLOperatorDictionary.h: Remove FIXME comment.
3287         * rendering/mathml/MathMLStyle.cpp:
3288         (WebCore::MathMLStyle::updateStyleIfNeeded): Force relayout and width computation when a
3289         displaystyle value change.
3290         * rendering/mathml/RenderMathMLOperator.h:
3291         (WebCore::RenderMathMLOperator::shouldMoveLimits): Helper function to test if the operator
3292         should have his limits moved when used as a base of munder/mover/munderover.
3293         * rendering/mathml/RenderMathMLScripts.cpp: Allow munderover/munder/mover elements to use
3294         this class and take the same behavior as the corresponding msubsup/msub/sup except for
3295         the *scriptshift attributes.
3296         (WebCore::RenderMathMLScripts::RenderMathMLScripts):
3297         (WebCore::RenderMathMLScripts::getBaseAndScripts):
3298         (WebCore::RenderMathMLScripts::computePreferredLogicalWidths):
3299         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
3300         (WebCore::RenderMathMLScripts::layoutBlock):
3301         * rendering/mathml/RenderMathMLScripts.h: Allow some members to be accessible/overridden
3302         by RenderMathMLUnderOver and add munderover/munder/mover in the kind.
3303         * rendering/mathml/RenderMathMLUnderOver.cpp:
3304         (WebCore::RenderMathMLUnderOver::RenderMathMLUnderOver): We use the code from
3305         RenderMathMLScripts to initialize m_kind.
3306         (WebCore::RenderMathMLUnderOver::shouldMoveLimits): New function to determine if the base
3307         should move its limits.
3308         (WebCore::RenderMathMLUnderOver::computePreferredLogicalWidths): We use the code from
3309         RenderMathMLScripts when the base should move its limits.
3310         (WebCore::RenderMathMLUnderOver::layoutBlock): We use the code from RenderMathMLScripts when
3311         the base should move its limits. Also improve the early return for invalid markup.
3312         (WebCore::RenderMathMLUnderOver::unembellishedOperator): Deleted. We use the code from RenderMathMLScripts.
3313         (WebCore::RenderMathMLUnderOver::firstLineBaseline): Deleted. We use the code from RenderMathMLScripts.
3314         * rendering/mathml/RenderMathMLUnderOver.h: We now inherit from RenderMathMLScripts and can
3315         just remove members that exist in the parent. We define shouldMoveLimits() to determine
3316         when the layout should be done the same as RenderMathMLScripts. For now, we try and be
3317         safe with the rest of the code by continuing to claim that we are not a RenderMathMLScripts.
3318
3319 2016-07-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
3320
3321         Clean up PassRefPtr in Modules/webaudio
3322         https://bugs.webkit.org/show_bug.cgi?id=159540
3323
3324         Reviewed by Alex Christensen.
3325
3326         Purge PassRefPtr in webaudio directory.
3327
3328         No new tests, no behavior changes.
3329
3330         * Modules/webaudio/AsyncAudioDecoder.h:
3331         * Modules/webaudio/AudioBasicProcessorNode.h:
3332         * Modules/webaudio/AudioBuffer.h:
3333         * Modules/webaudio/AudioBufferSourceNode.h:
3334         * Modules/webaudio/AudioListener.h:
3335         * Modules/webaudio/AudioParam.h:
3336         * Modules/webaudio/AudioParamTimeline.h:
3337         (WebCore::AudioParamTimeline::ParamEvent::ParamEvent):
3338         * Modules/webaudio/AudioProcessingEvent.cpp:
3339         (WebCore::AudioProcessingEvent::AudioProcessingEvent):
3340         * Modules/webaudio/AudioProcessingEvent.h:
3341         (WebCore::AudioProcessingEvent::create):
3342         * Modules/webaudio/ChannelMergerNode.h:
3343         * Modules/webaudio/ChannelSplitterNode.h:
3344         * Modules/webaudio/GainNode.h:
3345         * Modules/webaudio/MediaElementAudioSourceNode.h:
3346         * Modules/webaudio/MediaStreamAudioDestinationNode.h:
3347         * Modules/webaudio/MediaStreamAudioSource.cpp:
3348         (WebCore::MediaStreamAudioSource::addAudioConsumer):
3349         * Modules/webaudio/MediaStreamAudioSource.h:
3350         * Modules/webaudio/OfflineAudioCompletionEvent.cpp:
3351         (WebCore::OfflineAudioCompletionEvent::create):
3352         (WebCore::OfflineAudioCompletionEvent::OfflineAudioCompletionEvent):
3353         * Modules/webaudio/OfflineAudioCompletionEvent.h:
3354         * Modules/webaudio/OfflineAudioDestinationNode.h:
3355         * Modules/webaudio/OscillatorNode.h:
3356         * Modules/webaudio/PeriodicWave.h:
3357         * Modules/webaudio/ScriptProcessorNode.h:
3358
3359 2016-07-07  Per Arne Vollan  <pvollan@apple.com>
3360
3361         [Win] The test http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade.https.html is failing.
3362         https://bugs.webkit.org/show_bug.cgi?id=159510
3363
3364         Reviewed by Brent Fulgham.
3365
3366         On Windows, validate certificate chain even when any https certificate is allowed.
3367
3368         * platform/network/cf/ResourceHandleCFNet.cpp:
3369         (WebCore::ResourceHandle::createCFURLConnection):
3370
3371 2016-07-07  Frederic Wang  <fwang@igalia.com>
3372
3373         Bug 155792 - Basic implementation of mpadded
3374         https://bugs.webkit.org/show_bug.cgi?id=155792
3375
3376         Reviewed by Brent Fulgham.
3377
3378         We implement a basic support for the mpadded element.
3379         We support most of the attribute values except pseudo-units or negative values.
3380
3381         Tests: mathml/presentation/mpadded-1-2.html
3382                mathml/presentation/mpadded-1.html
3383                mathml/presentation/mpadded-2.html
3384                mathml/presentation/mpadded-3.html
3385                mathml/presentation/mpadded-unsupported-values.html
3386                mathml/presentation/mpadded-dynamic.html
3387
3388         * CMakeLists.txt: Add RenderMathMLPadded to the build system.
3389         * WebCore.xcodeproj/project.pbxproj: Ditto.
3390         * mathml/MathMLInlineContainerElement.cpp:
3391         (WebCore::MathMLInlineContainerElement::createElementRenderer): Create the renderer
3392         for mpadded.
3393         * mathml/mathattrs.in: Add voffset attribute.
3394         * mathml/mathtags.in: Make mpadded use MathMLInlineContainerElement.
3395         * rendering/RenderObject.h:
3396         (WebCore::RenderObject::isRenderMathMLPadded): Define isRenderMathMLPadded.
3397         * rendering/m