RenderBlockRareData::m_enclosingFragmentedFlow should be WeakPtr
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2018-01-24  Antti Koivisto  <antti@apple.com>
2
3         RenderBlockRareData::m_enclosingFragmentedFlow should be WeakPtr
4         https://bugs.webkit.org/show_bug.cgi?id=182045
5         <rdar://problem/36334787>
6
7         Reviewed by Zalan Bujtas.
8
9         For safety.
10
11         * rendering/RenderBlock.cpp:
12         (WebCore::RenderBlock::cachedEnclosingFragmentedFlow const):
13         (WebCore::RenderBlock::updateCachedEnclosingFragmentedFlow const):
14         (WebCore::RenderBlock::locateEnclosingFragmentedFlow const):
15
16 2018-01-23  Dean Jackson  <dino@apple.com>
17
18         REGRESSION (r222961?): sRGB images shown in WebGL are over-saturated on a wide gamut monitor
19         https://bugs.webkit.org/show_bug.cgi?id=182033
20         <rdar://problem/36377780>
21
22         Reviewed by Antoine Quint.
23
24         My fix for YouTube360 changed the way we composite WebGL on macOS. Unfortunately it dropped
25         a flag telling the compositor the colorspace of the content should be sRGB. Reinstate this
26         by explicitly setting the colorspace on the IOSurface we use for WebGL back buffers.
27
28         This *should* be covered by the test in:
29         fast/canvas/webgl/match-page-color-space.html
30         ... however, it shows a problem with our testing infrastructure. As long as it is not
31         testing on a Wide Gamut display, and explicitly setting the color profile, an automated
32         test won't pick up this regression. I could add an Internals helper to query the colorspace
33         of the WebGL content, but that doesn't actually verify the composited result, which is
34         all that matters.
35
36         * platform/graphics/cocoa/WebGLLayer.mm:
37         (-[WebGLLayer allocateIOSurfaceBackingStoreWithSize:usingAlpha:]):
38
39 2018-01-24  Ms2ger  <Ms2ger@igalia.com>
40
41         [GTK] Fix some test failures in ATK selection handling.
42         https://bugs.webkit.org/show_bug.cgi?id=168369
43         <rdar://problem/30534881>
44
45         Reviewed by Joanmarie Diggs.
46
47         In r208479, selectionBelongsToObject was changed to return false if the
48         intersectsNode call returns an exception.
49
50         In particular, this caused accessibility/gtk/text-at-offset-textarea.html
51         to fail. In this test, the selection is situated in the shadow DOM of the
52         textarea, while the node that is checked for intersection is the textarea
53         itself. In line with the standard, intersectsNode returns an exception in
54         this case.
55
56         This caused webkitAccessibleText{Word, Line, Sentence}ForBoundary to stop
57         returning the expected text in the tested case. Removing this check fixes
58         the test, along with some others.
59
60         Tests: accessibility/gtk/text-at-offset-textarea.html
61                accessibility/gtk/text-at-offset-textinput.html
62                accessibility/selected-text-range-aria-elements.html
63                accessibility/textarea-selected-text-range.html
64
65         * accessibility/atk/WebKitAccessibleInterfaceText.cpp:
66         (getSelectionOffsetsForObject): Remove the selectionBelongsToObject() call.
67
68 2018-01-18  Sergio Villar Senin  <svillar@igalia.com>
69
70         [WebVR] Add OpenVR to the tree and to the build
71         https://bugs.webkit.org/show_bug.cgi?id=177298
72
73         Reviewed by Žan Doberšek.
74
75         Added build dependencies with the OpenVR library.
76
77         * CMakeLists.txt:
78
79 2018-01-23  Wenson Hsieh  <wenson_hsieh@apple.com>
80
81         Harden against layout passes triggered when iterating through HTMLFormElement::associatedElements
82         https://bugs.webkit.org/show_bug.cgi?id=182037
83         <rdar://problem/36747812>
84
85         Reviewed by Ryosuke Niwa.
86
87         Observe that HTMLFormElement::associatedElements returns a const reference to a Vector of raw
88         FormAssociatedElement pointers. In various call sites that iterate through these associated elements using this
89         function, some require synchronous layout updates per iteration, which can lead to a bad time when combined with
90         the first observation.
91
92         To address this, we introduce HTMLFormElement::copyAssociatedElementsVector. This returns a new vector
93         containing strong Refs to each associated element. From each call site that may trigger synchronous layout and
94         execute arbitrary script while iterating over associated form elements, we instead use iterate over protected
95         FormAssociatedElements.
96
97         From each call site that currently doesn't (and shouldn't) require a layout update, we use the old version that
98         returns a list of raw FormAssociatedElement pointers, but add ScriptDisallowedScopes to ensure that we never
99         execute script there in the future.
100
101         Test: fast/forms/form-data-associated-element-iteration.html
102
103         * html/DOMFormData.cpp:
104         (WebCore::DOMFormData::DOMFormData):
105
106         Change to use copyAssociatedElementsVector().
107
108         * html/FormController.cpp:
109         (WebCore::recordFormStructure):
110         (WebCore::FormController::restoreControlStateIn):
111
112         Change to use copyAssociatedElementsVector().
113
114         * html/HTMLFieldSetElement.cpp:
115         (WebCore::HTMLFieldSetElement::copyAssociatedElementsVector const):
116         (WebCore:: const):
117         (WebCore::HTMLFieldSetElement::length const):
118
119         Refactor to use unsafeAssociatedElements().
120
121         * html/HTMLFieldSetElement.h:
122         * html/HTMLFormControlsCollection.cpp:
123         (WebCore:: const):
124         (WebCore::HTMLFormControlsCollection::copyFormControlElementsVector const):
125         (WebCore::HTMLFormControlsCollection::customElementAfter const):
126         (WebCore::HTMLFormControlsCollection::updateNamedElementCache const):
127
128         Refactor these to use unsafeAssociatedElements().
129
130         * html/HTMLFormControlsCollection.h:
131         * html/HTMLFormElement.cpp:
132         (WebCore::HTMLFormElement::unsafeAssociatedElements const):
133         (WebCore::HTMLFormElement::copyAssociatedElementsVector const):
134         * html/HTMLFormElement.h:
135         * loader/FormSubmission.cpp:
136         (WebCore::FormSubmission::create):
137
138         Refactor to use copyAssociatedElementsVector().
139
140 2018-01-23  Basuke Suzuki  <Basuke.Suzuki@sony.com>
141
142         [Curl] Fix wrong redirection with relative url when it happens from
143         different host than original host.
144         https://bugs.webkit.org/show_bug.cgi?id=181873
145
146         Reviewed by Alex Christensen.
147
148         * platform/network/curl/CurlDownload.cpp:
149         (WebCore::CurlDownload::willSendRequest):
150         * platform/network/curl/ResourceHandleCurlDelegate.cpp:
151         (WebCore::ResourceHandleCurlDelegate::willSendRequest):
152
153 2018-01-23  Eric Carlson  <eric.carlson@apple.com>
154
155         Resign NowPlaying status when no media element is eligible
156         https://bugs.webkit.org/show_bug.cgi?id=181914
157         <rdar://problem/35294116>
158
159         Reviewed by Jer Noble.
160
161         Updated API test.
162
163         * html/HTMLMediaElement.cpp:
164         (WebCore::HTMLMediaElement::removedFromAncestor): Call mediaSession->clientCharacteristicsChanged
165         so NowPlaying status will be updated.
166
167         * html/MediaElementSession.cpp:
168         (WebCore::MediaElementSession::playbackPermitted const): Return early when the media 
169         element has been suspended.
170         (WebCore::MediaElementSession::canShowControlsManager const): Return false when being queried
171         for NowPlaying status in an inactive document or when element has been suspended.
172         (WebCore::isMainContentForPurposesOfAutoplay): Return early if it isn't safe to update
173         style because HitTest can force a layout.
174         (WebCore::MediaElementSession::updateIsMainContent const): Ditto.
175
176         * platform/audio/PlatformMediaSessionManager.cpp:
177         (WebCore::PlatformMediaSessionManager::updateNowPlayingInfoIfNecessary): Implement in for all
178         ports.
179         * platform/audio/PlatformMediaSessionManager.h:
180         (WebCore::PlatformMediaSessionManager::registeredAsNowPlayingApplication const):
181         * platform/audio/ios/MediaSessionManagerIOS.h:
182         * platform/audio/mac/MediaSessionManagerMac.h:
183         * platform/audio/mac/MediaSessionManagerMac.mm:
184         (WebCore::MediaSessionManagerMac::updateNowPlayingInfo): Call MRMediaRemoteSetCanBeNowPlayingApplication
185         whenever status changes.
186         (WebCore::PlatformMediaSessionManager::updateNowPlayingInfoIfNecessary): Deleted, implemented
187         in the base class.
188
189 2018-01-23  Alex Christensen  <achristensen@webkit.org>
190
191         Use CompletionHandlers for ResourceHandleClient::didReceiveResponseAsync
192         https://bugs.webkit.org/show_bug.cgi?id=181961
193
194         Reviewed by Michael Catanzaro.
195
196         No change in behavior.
197
198         * loader/ResourceLoader.cpp:
199         (WebCore::ResourceLoader::didReceiveResponseAsync):
200         * loader/ResourceLoader.h:
201         * loader/appcache/ApplicationCacheGroup.cpp:
202         (WebCore::ApplicationCacheGroup::didReceiveResponseAsync):
203         * loader/appcache/ApplicationCacheGroup.h:
204         * platform/network/BlobResourceHandle.cpp:
205         (WebCore::BlobResourceHandle::notifyResponseOnSuccess):
206         (WebCore::BlobResourceHandle::notifyResponseOnError):
207         (WebCore::BlobResourceHandle::continueDidReceiveResponse): Deleted.
208         * platform/network/BlobResourceHandle.h:
209         * platform/network/PingHandle.h:
210         * platform/network/ResourceHandle.cpp:
211         (WebCore::ResourceHandle::didReceiveResponse):
212         * platform/network/ResourceHandle.h:
213         * platform/network/ResourceHandleClient.h:
214         * platform/network/SynchronousLoaderClient.cpp:
215         (WebCore::SynchronousLoaderClient::didReceiveResponseAsync):
216         * platform/network/SynchronousLoaderClient.h:
217         * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
218         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
219         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::continueDidReceiveResponse): Deleted.
220         * platform/network/curl/ResourceHandleCurlDelegate.cpp:
221         (WebCore::ResourceHandleCurlDelegate::curlDidReceiveResponse):
222         (WebCore::ResourceHandleCurlDelegate::handleDataURL):
223         (WebCore::ResourceHandleCurlDelegate::continueDidReceiveResponse): Deleted.
224         * platform/network/mac/ResourceHandleMac.mm:
225         (WebCore::ResourceHandle::continueDidReceiveResponse): Deleted.
226         * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.h:
227         * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
228         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
229         (-[WebCoreResourceHandleAsOperationQueueDelegate continueDidReceiveResponse]): Deleted.
230         * platform/network/soup/ResourceHandleSoup.cpp:
231         (WebCore::nextMultipartResponsePartCallback):
232         (WebCore::sendRequestCallback):
233         (WebCore::ResourceHandle::continueDidReceiveResponse): Deleted.
234
235 2018-01-23  Chris Dumez  <cdumez@apple.com>
236
237         Unreviewed, rollout r227216 as it seems to be causing deadlocks
238         https://bugs.webkit.org/show_bug.cgi?id=182013
239
240         * page/ChromeClient.h:
241         * testing/Internals.cpp:
242         (WebCore::Internals::testIncomingSyncIPCMessageWhileWaitingForSyncReply): Deleted.
243         * testing/Internals.h:
244         * testing/Internals.idl:
245
246 2018-01-23  Ali Juma  <ajuma@chromium.org>
247
248         REGRESSION (r226622): ASSERTION FAILED: !m_frame in WebCore::DOMWindowProperty::willDestroyGlobalObjectInCachedFrame()
249         https://bugs.webkit.org/show_bug.cgi?id=181756
250
251         Reviewed by Simon Fraser.
252
253         Don't create a VisualViewport for a suspended DOMWindow. When a DOMWindow is suspended
254         for document suspension, all DOMWindowProperties are disconnected from their frame.
255         Creating a new VisualViewport while in this state means unexpectedly having a DOMWindowProperty
256         that's connected to a frame, and this leads to an assertion failure.
257
258         Test: http/tests/navigation/https-in-page-cache.html
259
260         * page/DOMWindow.cpp:
261         (WebCore::DOMWindow::visualViewport const):
262         Don't create a VisualViewport while suspended.
263         * page/FrameView.cpp:
264         (WebCore::FrameView::updateLayoutViewport):
265         Handle null DOMWindow::visualViewport.
266
267 2018-01-23  Basuke Suzuki  <Basuke.Suzuki@sony.com>
268
269         [Curl] CurlRequest must protect its client from disposal while it's on duty.
270         https://bugs.webkit.org/show_bug.cgi?id=181875
271
272         Reviewed by Alex Christensen.
273
274         No new tests. It's covered by existing tests.
275
276         * platform/network/curl/CurlDownload.h:
277         * platform/network/curl/CurlRequest.cpp:
278         (WebCore::CurlRequest::callClient):
279         (WebCore::CurlRequest::didReceiveData):
280         (WebCore::CurlRequest::didReceiveDataFromMultipart):
281         (WebCore::CurlRequest::didCompleteTransfer):
282         (WebCore::CurlRequest::invokeDidReceiveResponse):
283         * platform/network/curl/CurlRequest.h:
284         * platform/network/curl/CurlRequestClient.h:
285         * platform/network/curl/ResourceHandleCurlDelegate.h:
286
287 2018-01-23  Commit Queue  <commit-queue@webkit.org>
288
289         Unreviewed, rolling out r227437.
290         https://bugs.webkit.org/show_bug.cgi?id=182011
291
292         broke build (Requested by alexchristensen on #webkit).
293
294         Reverted changeset:
295
296         "Remove unused QTKit preference"
297         https://bugs.webkit.org/show_bug.cgi?id=181968
298         https://trac.webkit.org/changeset/227437
299
300 2018-01-23  Antoine Quint  <graouts@apple.com>
301
302         [Web Animations] Expose getKeyframes() and parsing of remaining keyframe properties
303         https://bugs.webkit.org/show_bug.cgi?id=181978
304
305         Not reviewed.
306
307         Fix failures for http/wpt/web-animations/interfaces/AnimationEffectTiming/easing.html introduced in the previous patch.
308         Those keyword values are not expected.
309
310         * platform/animation/TimingFunction.cpp:
311         (WebCore::TimingFunction::cssText const):
312
313 2018-01-23  Simon Fraser  <simon.fraser@apple.com>
314
315         feMorphology stops applying if either x or y radius is 0 but should not.
316         https://bugs.webkit.org/show_bug.cgi?id=181903
317
318         Reviewed by Dean Jackson.
319         
320         feMorphology should allow the radius on one axis to be zero but still apply the effect
321         (it's akin to a blur on just one axis). Also, any negative radius, or zero on both axes
322         should act like a pass-through, rather than outputting transparent blank (this is a spec
323         change from SVG 1.1 to SVG 2).
324
325         Tests: svg/filters/feMorphology-zero-radius-one-axis-expected.svg
326                svg/filters/feMorphology-zero-radius-one-axis.svg
327
328         * platform/graphics/filters/FEMorphology.cpp:
329         (WebCore::FEMorphology::platformApplyDegenerate):
330         * platform/graphics/filters/FilterEffect.cpp:
331         (WebCore::FilterEffect::createImageBufferResult):
332
333 2018-01-23  Alex Christensen  <achristensen@webkit.org>
334
335         Remove unused MediaPlayerSupportsTypeClient
336         https://bugs.webkit.org/show_bug.cgi?id=182003
337
338         Reviewed by Sam Weinig.
339
340         This was used for a QTKit-specific hack I removed in r227372.
341
342         * Modules/encryptedmedia/CDM.cpp:
343         (WebCore::CDM::getSupportedCapabilitiesForAudioVideoType):
344         * Modules/mediasource/MediaSource.cpp:
345         (WebCore::MediaSource::isTypeSupported):
346         * dom/DOMImplementation.cpp:
347         (WebCore::DOMImplementation::createDocument):
348         (WebCore::DOMImplementationSupportsTypeClient::DOMImplementationSupportsTypeClient): Deleted.
349         (): Deleted.
350         * html/HTMLMediaElement.cpp:
351         (WebCore::HTMLMediaElement::canPlayType const):
352         (WebCore::HTMLMediaElement::selectNextSourceChild):
353         (WebCore::HTMLMediaElement::mediaPlayerNeedsSiteSpecificHacks const): Deleted.
354         (WebCore::HTMLMediaElement::mediaPlayerDocumentHost const): Deleted.
355         * html/HTMLMediaElement.h:
356         * platform/graphics/MediaPlayer.cpp:
357         (WebCore::MediaPlayer::supportsType):
358         * platform/graphics/MediaPlayer.h:
359         (WebCore::MediaPlayerSupportsTypeClient::mediaPlayerNeedsSiteSpecificHacks const): Deleted.
360         (WebCore::MediaPlayerSupportsTypeClient::mediaPlayerDocumentHost const): Deleted.
361
362 2018-01-23  Alex Christensen  <achristensen@webkit.org>
363
364         Remove unused QTKit preference
365         https://bugs.webkit.org/show_bug.cgi?id=181968
366
367         Reviewed by Alexey Proskuryakov.
368
369         They weren't used and didn't do anything.
370
371         * page/DeprecatedGlobalSettings.cpp:
372         (WebCore::DeprecatedGlobalSettings::setQTKitEnabled): Deleted.
373         * page/DeprecatedGlobalSettings.h:
374         (WebCore::DeprecatedGlobalSettings::isQTKitEnabled): Deleted.
375
376 2018-01-23  Javier Fernandez  <jfernandez@igalia.com>
377
378         [css-align] 'left' and 'right' should parse as invalid in block/cross-axis alignment
379         https://bugs.webkit.org/show_bug.cgi?id=181792
380
381         Reviewed by Antti Koivisto.
382
383         The CSS WG resolved to remove the 'left' and 'right' values from the
384         block/cross axis alignment properties.
385
386         https://github.com/w3c/csswg-drafts/issues/1403
387
388         This patch changes the CSS parsing logic of all the CSS Box Alignment
389         properties, both block-axis (align-{self, items, content} and
390         inline-axis (justify-{self, items, content}).
391
392         Additionally, the alignment shorthands (place-{self, items, content})
393         have been also changed to respect the new syntax.
394
395         Despite the number of layout tests changed, I don't think this
396         change will break any content in current sites. The CSS values
397         'left' and 'right' were introduced by the new CSS Box Alignment
398         spec and only implemented by the CSS Grid Layout feature, shipped
399         last year. Additionally, the removed values have no effect on the
400         layout result when they are applied to the block/cross-axis CSS
401         Alignment properties.
402
403         Tests: imported/w3c/web-platform-tests/css/css-align/content-distribution/parse-align-content-001.html
404                imported/w3c/web-platform-tests/css/css-align/content-distribution/parse-align-content-002.html
405                imported/w3c/web-platform-tests/css/css-align/content-distribution/parse-align-content-003.html
406                imported/w3c/web-platform-tests/css/css-align/content-distribution/parse-align-content-004.html
407                imported/w3c/web-platform-tests/css/css-align/content-distribution/parse-align-content-005.html
408                imported/w3c/web-platform-tests/css/css-align/content-distribution/parse-justify-content-001.html
409                imported/w3c/web-platform-tests/css/css-align/content-distribution/parse-justify-content-002.html
410                imported/w3c/web-platform-tests/css/css-align/content-distribution/parse-justify-content-003.html
411                imported/w3c/web-platform-tests/css/css-align/content-distribution/parse-justify-content-004.html
412                imported/w3c/web-platform-tests/css/css-align/content-distribution/parse-justify-content-005.html
413                imported/w3c/web-platform-tests/css/css-align/content-distribution/place-content-shorthand-001.html
414                imported/w3c/web-platform-tests/css/css-align/content-distribution/place-content-shorthand-002.html
415                imported/w3c/web-platform-tests/css/css-align/content-distribution/place-content-shorthand-003.html
416                imported/w3c/web-platform-tests/css/css-align/content-distribution/place-content-shorthand-004.html
417                imported/w3c/web-platform-tests/css/css-align/content-distribution/place-content-shorthand-005.html
418                imported/w3c/web-platform-tests/css/css-align/content-distribution/place-content-shorthand-006.html
419                imported/w3c/web-platform-tests/css/css-align/default-alignment/justify-items-legacy-001.html
420                imported/w3c/web-platform-tests/css/css-align/default-alignment/parse-align-items-001.html
421                imported/w3c/web-platform-tests/css/css-align/default-alignment/parse-align-items-002.html
422                imported/w3c/web-platform-tests/css/css-align/default-alignment/parse-align-items-003.html
423                imported/w3c/web-platform-tests/css/css-align/default-alignment/parse-align-items-004.html
424                imported/w3c/web-platform-tests/css/css-align/default-alignment/parse-align-items-005.html
425                imported/w3c/web-platform-tests/css/css-align/default-alignment/parse-justify-items-001.html
426                imported/w3c/web-platform-tests/css/css-align/default-alignment/parse-justify-items-002.html
427                imported/w3c/web-platform-tests/css/css-align/default-alignment/parse-justify-items-003.html
428                imported/w3c/web-platform-tests/css/css-align/default-alignment/parse-justify-items-004.html
429                imported/w3c/web-platform-tests/css/css-align/default-alignment/parse-justify-items-005.html
430                imported/w3c/web-platform-tests/css/css-align/default-alignment/parse-justify-items-006.html
431                imported/w3c/web-platform-tests/css/css-align/default-alignment/place-items-shorthand-001.html
432                imported/w3c/web-platform-tests/css/css-align/default-alignment/place-items-shorthand-002.html
433                imported/w3c/web-platform-tests/css/css-align/default-alignment/place-items-shorthand-003.html
434                imported/w3c/web-platform-tests/css/css-align/default-alignment/place-items-shorthand-004.html
435                imported/w3c/web-platform-tests/css/css-align/default-alignment/place-items-shorthand-005.html
436                imported/w3c/web-platform-tests/css/css-align/default-alignment/place-items-shorthand-006.html
437                imported/w3c/web-platform-tests/css/css-align/distribution-values/space-evenly-001.html
438                imported/w3c/web-platform-tests/css/css-align/self-alignment/parse-align-self-001.html
439                imported/w3c/web-platform-tests/css/css-align/self-alignment/parse-align-self-002.html
440                imported/w3c/web-platform-tests/css/css-align/self-alignment/parse-align-self-003.html
441                imported/w3c/web-platform-tests/css/css-align/self-alignment/parse-align-self-004.html
442                imported/w3c/web-platform-tests/css/css-align/self-alignment/parse-align-self-005.html
443                imported/w3c/web-platform-tests/css/css-align/self-alignment/parse-justify-self-001.html
444                imported/w3c/web-platform-tests/css/css-align/self-alignment/parse-justify-self-002.html
445                imported/w3c/web-platform-tests/css/css-align/self-alignment/parse-justify-self-003.html
446                imported/w3c/web-platform-tests/css/css-align/self-alignment/parse-justify-self-004.html
447                imported/w3c/web-platform-tests/css/css-align/self-alignment/parse-justify-self-005.html
448                imported/w3c/web-platform-tests/css/css-align/self-alignment/place-self-shorthand-001.html
449                imported/w3c/web-platform-tests/css/css-align/self-alignment/place-self-shorthand-002.html
450                imported/w3c/web-platform-tests/css/css-align/self-alignment/place-self-shorthand-003.html
451                imported/w3c/web-platform-tests/css/css-align/self-alignment/place-self-shorthand-004.html
452                imported/w3c/web-platform-tests/css/css-align/self-alignment/place-self-shorthand-005.html
453                imported/w3c/web-platform-tests/css/css-align/self-alignment/place-self-shorthand-006.html
454
455         * css/parser/CSSPropertyParser.cpp:
456         (WebCore::isLeftOrRightKeyword):
457         (WebCore::isContentPositionKeyword):
458         (WebCore::isContentPositionOrLeftOrRightKeyword):
459         (WebCore::consumeContentDistributionOverflowPosition):
460         (WebCore::isSelfPositionKeyword):
461         (WebCore::isSelfPositionOrLeftOrRightKeyword):
462         (WebCore::consumeSelfPositionOverflowPosition):
463         (WebCore::consumeAlignItems):
464         (WebCore::consumeJustifyItems):
465         (WebCore::CSSPropertyParser::parseSingleValue):
466         (WebCore::consumeSimplifiedContentPosition):
467         (WebCore::CSSPropertyParser::consumePlaceContentShorthand):
468         (WebCore::consumeSimplifiedItemPosition):
469         (WebCore::CSSPropertyParser::consumePlaceItemsShorthand):
470         (WebCore::CSSPropertyParser::consumePlaceSelfShorthand):
471
472 2018-01-23  Simon Fraser  <simon.fraser@apple.com>
473
474         Element with position:fixed stops scrolling at the bottom of the page, but is painted in the right place on Chacos.com.
475         https://bugs.webkit.org/show_bug.cgi?id=181741
476         rdar://problem/36593581
477
478         Reviewed by Tim Horton.
479
480         The #ifdef for iOS was wrong; on iOS, visibleSize() is in content coordinates and matches
481         unscaledDocumentRect, so there's no need to scale it. Doing so computed the wrong unscaledMaximumScrollPosition
482         which broke hit-testing when the document minimum scale was > 1.
483
484         Test: fast/visual-viewport/ios/min-scale-greater-than-one.html
485
486         * page/FrameView.cpp:
487         (WebCore::FrameView::unscaledMaximumScrollPosition const):
488
489 2018-01-23  Antoine Quint  <graouts@apple.com>
490
491         [Web Animations] Expose getKeyframes() and parsing of remaining keyframe properties
492         https://bugs.webkit.org/show_bug.cgi?id=181978
493         <rdar://problem/36772586>
494
495         Reviewed by Dean Jackson.
496
497         We finish our implementation of multiple keyframes by exposing the getKeyframes() method on KeyframeEffect and
498         parsing the remaining properties that can be exposed on keyframes: "easing" and "composite". And since we parse
499         those properties on keyframes, we also parse "easing" on AnimationEffectTiming and "composite" and "iterationComposite"
500         on KeyframeEffect. 
501
502         To support this, we implement a new TimingFunction::createFromCSSText() method which takes in a string that is
503         a value provided directly via the JS API. As its converse, we expose a TimingFunction::cssText() method which
504         provides a string that can be sent back to JS to represent a timing function, using keywords when the timing
505         function matches one and ommitting default values.
506
507         We now also keep track of the original "offset" value provided through the JS API since that value is required
508         when calling getKeyframes() and distinct from the "computedOffset". These original offsets, composite operations
509         and timing functions are kept as separate Vectors from the KeyframeList since this type does not support exposing
510         those. We may consider improving that in a future patch.
511
512         Finally, we make some adjustments in the keyframe parsing to comply with the specification and correctly parse
513         all provided timing functions, regardless of the number of keyframes and timing functions provided.
514
515         Note that this patch is only about parsing, storing and returning provided easing and composite operations but
516         that such values will only be used for the resolution of animation effects in future patches.
517
518         * animation/AnimationEffect.cpp:
519         (WebCore::AnimationEffect::getComputedTiming): Set the "easing" property on the getComputedTiming() return value
520         now that we expose "easing" on AnimationEffectTiming.
521         * animation/AnimationEffectTiming.cpp:
522         (WebCore::AnimationEffectTiming::AnimationEffectTiming): Create a linear TimingFunction by default.
523         (WebCore::AnimationEffectTiming::setEasing): Parse the "easing" value and propagate an exception for invalid values.
524         * animation/AnimationEffectTiming.h: Expose the new "easing" property and backing TimingFunction.
525         * animation/AnimationEffectTiming.idl: Expose the new "easing" property.
526         * animation/KeyframeEffect.cpp:
527         (WebCore::CSSPropertyIDToIDLAttributeName): Provide a way to convert the name of a CSS property to a string that can
528         be used to generate a JS property name for use by getKeyframes().
529         (WebCore::computeMissingKeyframeOffsets): Implement the full steps of the spec.
530         (WebCore::processIterableKeyframes): Fix a problematic declaration for the easing variable.
531         (WebCore::processPropertyIndexedKeyframes): Now that ProcessedKeyframe has both an offset and a computedOffset, use
532         computed offsets. We also fix a couple of loops to fix compliance issues revealed by WPT tests.
533         (WebCore::KeyframeEffect::create): Parse the provided "easing" property on the KeyframeEffectOptions object.
534         (WebCore::KeyframeEffect::getKeyframes): Implement the getKeyframes() method as mandated by the spec.
535         (WebCore::KeyframeEffect::processKeyframes): Keep a list of unused easings so these might be parsed as well, and
536         potentially throw exceptions, as mandated by the spec. For valid easings, store their matching TimingFunction in
537         m_timingFunctions, original offset values in m_offsets and CompositeOperation values in m_compositeOperations.
538         * animation/KeyframeEffect.h: Switch the order in which we specify some of the Variant types so that default values
539         are correctly used.
540         * animation/KeyframeEffect.idl: Switch the order in which we specify some of the Variant types so that default values
541         are correctly used.
542         * platform/animation/TimingFunction.cpp:
543         (WebCore::TimingFunction::createFromCSSText):
544         (WebCore::TimingFunction::cssText const):
545         * platform/animation/TimingFunction.h:
546
547 2018-01-23  Brady Eidson  <beidson@apple.com>
548
549         Allow passing MessagePorts across processes (e.g. ServiceWorkers).
550         https://bugs.webkit.org/show_bug.cgi?id=181178
551
552         Reviewed by Andy Estes.
553
554         Test: http/tests/workers/service/basic-messageport.html
555
556         * dom/MessagePort.cpp:
557         (WebCore::MessagePort::MessagePort):
558         (WebCore::MessagePort::~MessagePort):
559
560         * dom/messageports/MessagePortChannel.cpp:
561         (WebCore::MessagePortChannel::entanglePortWithProcess):
562         * dom/messageports/MessagePortChannel.h:
563
564         * workers/service/SWClientConnection.cpp:
565         (WebCore::SWClientConnection::postMessageToServiceWorkerClient):
566         * workers/service/SWClientConnection.h:
567
568         * workers/service/ServiceWorker.cpp:
569         (WebCore::ServiceWorker::postMessage):
570
571         * workers/service/ServiceWorkerClient.cpp:
572         (WebCore::ServiceWorkerClient::postMessage):
573
574         * workers/service/context/SWContextManager.cpp:
575         (WebCore::SWContextManager::postMessageToServiceWorker):
576         * workers/service/context/SWContextManager.h:
577
578 2018-01-23  Commit Queue  <commit-queue@webkit.org>
579
580         Unreviewed, rolling out r227279 and r227373.
581         https://bugs.webkit.org/show_bug.cgi?id=181988
582
583         The LayoutTest crash fix introduced an API test failure.
584         (Requested by ryanhaddad on #webkit).
585
586         Reverted changesets:
587
588         "Resign NowPlaying status when no media element is eligible"
589         https://bugs.webkit.org/show_bug.cgi?id=181914
590         https://trac.webkit.org/changeset/227279
591
592         "Resign NowPlaying status when no media element is eligible"
593         https://bugs.webkit.org/show_bug.cgi?id=181914
594         https://trac.webkit.org/changeset/227373
595
596 2018-01-23  Michael Catanzaro  <mcatanzaro@igalia.com>
597
598         Unreviewed, fix some format specifiers added in r227190
599         https://bugs.webkit.org/show_bug.cgi?id=181454
600
601         * dom/messageports/MessagePortChannel.cpp:
602         (WebCore::MessagePortChannel::takeAllMessagesForPort):
603
604 2018-01-23  Ting-Wei Lan  <lantw44@gmail.com>
605
606         [GTK] Add user agent quirk for Microsoft Outlook Web App
607         https://bugs.webkit.org/show_bug.cgi?id=181982
608
609         Reviewed by Michael Catanzaro.
610
611         Microsoft Outlook Web App forces users to switch to the lite version on
612         the login page with our standard user agent on all non-macOS systems.
613         Since it is an application that can be installed by different companies,
614         schools and organizations, it is not possible to fix the issue unless
615         we keep a big list of host names that are known to run it. We check the
616         host name instead of the base domain name here because it is not
617         expected to run all sites under a base domain on this webmail and
618         calendar application.
619
620         https://mail.ntu.edu.tw is a site that is known to run Microsoft Outlook
621         Web App for several years, and it is not likely to change. When there
622         are other sites found to run it and having the same user agent problem,
623         we can expand the list to include them.
624
625         * platform/UserAgentQuirks.cpp:
626         (WebCore::urlRequiresMacintoshPlatform):
627
628 2018-01-23  Yacine Bandou  <yacine.bandou_ext@softathome.com>
629
630         [EME] Add support of multi keys from different sessions in CDMinstanceClearKey
631         https://bugs.webkit.org/show_bug.cgi?id=180083
632
633         Reviewed by Xabier Rodriguez-Calvar.
634
635         Add support of multi keys from different MediaKeySession in CDMInstanceClearKey.
636
637         Currently the CDMInstanceClearKey manages two "m_keys", one is a WTF::Vector
638         where it stores the list of last added keys, an other which is defined in the
639         ClearKeyState::singleton it is a WTF::HashMap, in this last one, it stores the
640         keys lists of each created session.
641
642         The method "keys()" of CDMInstanceClearKey returns the first "m_keys" which
643         contains just the list of last keys.
644
645         The goal of this commit is to return all keys lists of all sessions, thus
646         we remove the "m_keys" which is WTF::Vector and we modify the method
647         "keys()" to return all keys lists, which is stored in "m_keys" WTF::HashMap,
648         in one Vector instead of return just the list of last keys.
649
650         * platform/encryptedmedia/clearkey/CDMClearKey.cpp:
651         (WebCore::CDMInstanceClearKey::keys const):
652         (WebCore::CDMInstanceClearKey::updateLicense):
653         * platform/encryptedmedia/clearkey/CDMClearKey.h:
654
655 2018-01-22  Simon Fraser  <simon.fraser@apple.com>
656
657         Optimize building the non-fast scrollable region with multiple iframes
658         https://bugs.webkit.org/show_bug.cgi?id=181971
659
660         Reviewed by Zalan Bujtas.
661
662         AsyncScrollingCoordinator::frameViewLayoutUpdated() is called every time a subframe lays out.
663         We don't need to eagerly update the non-fast scrollable region at this time; we can just mark
664         it dirty, and rely on the existing scrolling tree commit code to recompute it.
665
666         On my machine this makes fast/frames/lots-of-objects.html no longer a timeout.
667
668         * page/scrolling/AsyncScrollingCoordinator.cpp:
669         (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated):
670
671 2018-01-22  Jiewen Tan  <jiewen_tan@apple.com>
672
673         [WebAuthN] Implement PublicKeyCredential's [[Create]] with a dummy authenticator
674         https://bugs.webkit.org/show_bug.cgi?id=181928
675         <rdar://problem/36459893>
676
677         Reviewed by Brent Fulgham.
678
679         This patch implements PublicKeyCredential's [[Create]] from https://www.w3.org/TR/webauthn/#createCredential
680         as of 5 December 2017. In order to do testing, a dummy authenticator is implemented to exercise a failure
681         and a pass path. A number of dependencies need to be resolved later in order to comply with the spec.
682         Also, the current architecture of handling async WebAuthN operations including dispatching, timeout, and aborting
683         might need a redesign once the underlying authenticator is clear. Since this is our first attempt to implement
684         a prototype, all those limitations, in my opinion, can be marked as non-blocking to accelerate the whole
685         process. Those limitations will then be addressed once the first prototype is finshed.
686
687         Tests: http/tests/webauthn/public-key-credential-create-with-invalid-parameters.https.html
688                http/tests/webauthn/public-key-credential-same-origin-with-ancestors-2.https.html
689                http/tests/webauthn/public-key-credential-same-origin-with-ancestors.https.html
690                http/wpt/webauthn/idl.https.html
691                http/wpt/webauthn/public-key-credential-create-failure.https.html
692                http/wpt/webauthn/public-key-credential-create-success.https.html
693
694         * Modules/credentialmanagement/BasicCredential.h:
695         * Modules/credentialmanagement/BasicCredential.idl:
696         * Modules/credentialmanagement/CredentialsContainer.cpp:
697         (WebCore::CredentialsContainer::PendingPromise::PendingPromise):
698         (WebCore::CredentialsContainer::dispatchTask):
699         (WebCore::CredentialsContainer::get):
700         (WebCore::CredentialsContainer::isCreate):
701         (WebCore::CredentialsContainer::preventSilentAccess const):
702         (WebCore::CredentialsContainer::preventSilentAccess): Deleted.
703         * Modules/credentialmanagement/CredentialsContainer.h:
704         (WebCore::CredentialsContainer::PendingPromise::create):
705         * Modules/webauthn/Authenticator.cpp: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.cpp.
706         (WebCore::Authenticator::singleton):
707         (WebCore::Authenticator::makeCredential const):
708         * Modules/webauthn/Authenticator.h: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredentialCreationOptions.h.
709         * Modules/webauthn/AuthenticatorAssertionResponse.cpp:
710         (WebCore::AuthenticatorAssertionResponse::authenticatorData const):
711         (WebCore::AuthenticatorAssertionResponse::signature const):
712         (WebCore::AuthenticatorAssertionResponse::userHandle const):
713         (WebCore::AuthenticatorAssertionResponse::~AuthenticatorAssertionResponse): Deleted.
714         (WebCore::AuthenticatorAssertionResponse::authenticatorData): Deleted.
715         (WebCore::AuthenticatorAssertionResponse::signature): Deleted.
716         (WebCore::AuthenticatorAssertionResponse::userHandle): Deleted.
717         * Modules/webauthn/AuthenticatorAssertionResponse.h:
718         (WebCore::AuthenticatorAssertionResponse::create):
719         * Modules/webauthn/AuthenticatorAttestationResponse.cpp:
720         (WebCore::AuthenticatorAttestationResponse::attestationObject const):
721         (WebCore::AuthenticatorAttestationResponse::~AuthenticatorAttestationResponse): Deleted.
722         (WebCore::AuthenticatorAttestationResponse::attestationObject): Deleted.
723         * Modules/webauthn/AuthenticatorAttestationResponse.h:
724         (WebCore::AuthenticatorAttestationResponse::create):
725         * Modules/webauthn/AuthenticatorResponse.cpp:
726         (WebCore::AuthenticatorResponse::clientDataJSON const):
727         (WebCore::AuthenticatorResponse::~AuthenticatorResponse): Deleted.
728         (WebCore::AuthenticatorResponse::clientDataJSON): Deleted.
729         * Modules/webauthn/AuthenticatorResponse.h:
730         * Modules/webauthn/AuthenticatorResponse.idl:
731         * Modules/webauthn/PublicKeyCredential.cpp:
732         (WebCore::PublicKeyCredentialInternal::produceClientDataJson):
733         (WebCore::PublicKeyCredentialInternal::produceClientDataJsonHash):
734         (WebCore::PublicKeyCredentialInternal::getIdFromAttestationObject):
735         (WebCore::PublicKeyCredential::PublicKeyCredential):
736         (WebCore::PublicKeyCredential::discoverFromExternalSource):
737         (WebCore::PublicKeyCredential::create):
738         (WebCore::PublicKeyCredential::rawId const):
739         (WebCore::PublicKeyCredential::response const):
740         (WebCore::PublicKeyCredential::getClientExtensionResults const):
741         (WebCore::PublicKeyCredential::rawId): Deleted.
742         (WebCore::PublicKeyCredential::response): Deleted.
743         (WebCore::PublicKeyCredential::getClientExtensionResults): Deleted.
744         * Modules/webauthn/PublicKeyCredential.h:
745         * Modules/webauthn/PublicKeyCredential.idl:
746         * Modules/webauthn/PublicKeyCredentialCreationOptions.h:
747         (): Deleted.
748         * Modules/webauthn/PublicKeyCredentialDescriptor.h:
749         * Modules/webauthn/PublicKeyCredentialDescriptor.idl:
750         * Sources.txt:
751         * WebCore.xcodeproj/project.pbxproj:
752         * bindings/js/JSAuthenticatorResponseCustom.cpp: Copied from Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp.
753         (WebCore::toJSNewlyCreated):
754         (WebCore::toJS):
755         * bindings/js/JSBasicCredentialCustom.cpp: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.cpp.
756         (WebCore::toJSNewlyCreated):
757         (WebCore::toJS):
758         * bindings/js/JSBindingsAllInOne.cpp:
759
760 2018-01-22  Myles C. Maxfield  <mmaxfield@apple.com>
761
762         [Cocoa] Support font collections
763         https://bugs.webkit.org/show_bug.cgi?id=181826
764         <rdar://problem/36455137>
765
766         Reviewed by Dean Jackson.
767
768         Use the CoreText call CTFontManagerCreateFontDescriptorsFromData() to get all the descriptors inside
769         the collection file. We select which one by using the fragment identifier at the end of the url linking
770         to the remote font. For example, to select the 4th font inside a TTC file, the @font-face block would
771         look like:
772
773         @font-face {
774             font-family: "MyFont";
775             src: url("path/to/font.ttc#4");
776         }
777
778         Note that these numbers are 1-indexed.
779
780         The CSS Fonts spec states:
781         > Fragment identifiers are used to indicate which font to load. If a container format lacks a defined
782         > fragment identifier scheme, implementations should use a simple 1-based indexing scheme (e.g.
783         > "font-collection#1" for the first font, "font-collection#2" for the second font).
784
785         Not only are TTC font collections supported, but WOFF2 font collections are also supported, which is
786         increasingly important web standard.
787
788         No new tests because I don't have a font collection file with the appropriate license for the
789         WebKit repository. I tested manually.
790
791         * css/CSSFontFaceSource.cpp:
792         (WebCore::CSSFontFaceSource::load):
793         * loader/cache/CachedFont.cpp:
794         (WebCore::CachedFont::calculateIndex const):
795         (WebCore::CachedFont::ensureCustomFontData):
796         (WebCore::CachedFont::createCustomFontData):
797         * loader/cache/CachedFont.h:
798         * platform/graphics/cairo/FontCustomPlatformData.h:
799         * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:
800         (WebCore::createFontCustomPlatformData):
801         * platform/graphics/mac/FontCustomPlatformData.cpp:
802         (WebCore::createFontCustomPlatformData):
803         * platform/graphics/mac/FontCustomPlatformData.h:
804         * platform/graphics/win/FontCustomPlatformData.cpp:
805         (WebCore::createFontCustomPlatformData):
806         * platform/graphics/win/FontCustomPlatformData.h:
807         * platform/graphics/win/FontCustomPlatformDataCairo.cpp:
808         (WebCore::createFontCustomPlatformData):
809
810 2018-01-22  Simon Fraser  <simon.fraser@apple.com>
811
812         REGRESSION (r227011): fast/frames/hidpi-position-iframe-on-device-pixel.html times out
813         https://bugs.webkit.org/show_bug.cgi?id=181959
814
815         Reviewed by Zalan Bujtas.
816
817         This test creates 300 iframes, which became slow after r227011 because they all became part
818         of the non-fast scrollable region, slowing down ScrollingCoordinator::absoluteEventTrackingRegionsForFrame().
819
820         Fix by not adding non-scrollable iframes, and making FrameView::isScrollable() more efficient for frames
821         that have not done layout yet.
822
823         * page/FrameView.cpp:
824         (WebCore::FrameView::isScrollable):
825         (WebCore::FrameView::addChild):
826
827 2018-01-22  Dan Bernstein  <mitz@apple.com>
828
829         Fixed building for macOS 10.12 with the macOS 10.13 SDK after r227156.
830
831         * Configurations/WebCore.xcconfig:
832
833 2018-01-22  Simon Fraser  <simon.fraser@apple.com>
834
835         REGRESSION (r226981): ASSERTION FAILED: startY >= 0 && endY <= height && startY < endY in WebCore::FEMorphology::platformApplyGeneric
836         https://bugs.webkit.org/show_bug.cgi?id=181836
837
838         Reviewed by Tim Horton.
839         
840         All the filters that use ParallelJobs<> has the same type of bug where very wide but not tall
841         filter regions could result in computing an optimalThreadNumber that was greater than the
842         number of rows to process, which resulted in jobs with zero rows to process.
843
844         Since we split the work by rows, cap the maximum number of threads to height/8 so that each job
845         has at least 8 rows of pixels to process. Add some assertions to detect jobs with zero rows.
846
847         FEMorphology was also using implicit float -> int conversion to detect integer overflow of radius,
848         so change that to use explicit clamping.
849         
850         Tests: svg/filters/feLighting-parallel-jobs.svg
851                svg/filters/feTurbulence-parallel-jobs-wide.svg
852
853         * platform/graphics/filters/FELighting.cpp:
854         (WebCore::FELighting::platformApplyGenericPaint):
855         (WebCore::FELighting::platformApplyGeneric):
856         * platform/graphics/filters/FEMorphology.cpp:
857         (WebCore::FEMorphology::platformApplyGeneric):
858         (WebCore::FEMorphology::platformApply):
859         (WebCore::FEMorphology::platformApplyDegenerate):
860         (WebCore::FEMorphology::platformApplySoftware):
861         * platform/graphics/filters/FETurbulence.cpp:
862         (WebCore::FETurbulence::fillRegion const):
863         (WebCore::FETurbulence::platformApplySoftware):
864
865 2018-01-22  Eric Carlson  <eric.carlson@apple.com>
866
867         Resign NowPlaying status when no media element is eligible
868         https://bugs.webkit.org/show_bug.cgi?id=181914
869         <rdar://problem/35294116>
870
871         Reviewed by Jer Noble.
872
873         No new tests, these changes prevent existing tests from crashing.
874
875         * html/HTMLMediaElement.h:
876         * html/MediaElementSession.cpp:
877         (WebCore::MediaElementSession::playbackPermitted const): Return early when the media 
878         element has been suspended.
879         (WebCore::MediaElementSession::canShowControlsManager const): Return false when the
880         media element has been suspended.
881         (WebCore::isMainContentForPurposesOfAutoplay): Return early if it isn't safe to update
882         style because HitTest can force a layout.
883         (WebCore::MediaElementSession::updateIsMainContent const): Ditto.
884
885 2018-01-22  Alex Christensen  <achristensen@webkit.org>
886
887         Begin removing QTKit code
888         https://bugs.webkit.org/show_bug.cgi?id=181951
889
890         Reviewed by Jer Noble.
891
892         QTKit was being used on El Capitan and before.
893
894         * Configurations/WebCore.xcconfig:
895         * SourcesMac.txt:
896         * WebCore.xcodeproj/project.pbxproj:
897         * platform/graphics/MediaPlayer.cpp:
898         (WebCore::buildMediaEnginesVector):
899         (WebCore::MediaPlayer::supportsType):
900         * platform/graphics/mac/MediaPlayerPrivateQTKit.h: Removed.
901         * platform/graphics/mac/MediaPlayerPrivateQTKit.mm: Removed.
902         * platform/graphics/mac/MediaTimeQTKit.h: Removed.
903         * platform/graphics/mac/MediaTimeQTKit.mm: Removed.
904         * platform/mac/WebVideoFullscreenController.mm:
905         (-[WebVideoFullscreenController setVideoElement:]):
906         (-[WebVideoFullscreenController updatePowerAssertions]):
907
908 2018-01-22  Per Arne Vollan  <pvollan@apple.com>
909
910         [Win] Null pointer crash under WebCore::RenderStyle::colorIncludingFallback.
911         https://bugs.webkit.org/show_bug.cgi?id=181801
912         <rdar://problem/35614900>
913
914         Reviewed by Brent Fulgham.
915
916         Do not paint synchronously when popup items have been added or changed while the popup is visible.
917         If new popup items have been added after the popup was shown, a synchronous paint operation will
918         possibly access their style before it is ready, leading to a null pointer crash. The invalidated
919         area will be painted asynchronously.
920
921         No new tests. To reproduce this crash, it is necessary to open a popup with JavaScript, add new
922         popup items, and then end the test. Opening the popup can be done by sending a mousedown event
923         with the eventsender. However, on Windows the mousedown event is sent synchronously, and will
924         block as long as the popup is open and running the popup event loop. This means no JS can be
925         executed until the popup is closed, causing the test to always time out before new popup items
926         can be added. I have verified the fix with a manual test case.
927
928         * platform/win/PopupMenuWin.cpp:
929         (WebCore::PopupMenuWin::updateFromElement):
930
931 2018-01-22  Chris Dumez  <cdumez@apple.com>
932
933         RELEASE_ASSERT(registration) hit in SWServer::installContextData(const ServiceWorkerContextData&)
934         https://bugs.webkit.org/show_bug.cgi?id=181941
935         <rdar://problem/36744892>
936
937         Reviewed by Youenn Fablet.
938
939         Make sure we clear SWServer::m_pendingContextDatas & SWServer::m_pendingJobs as needed
940         when clearing Website data. Otherwise, we will hit assertion when those gets processed
941         after the connection to the SW process has been established (not to mentioned we failed
942         to clear some in-memory data even though the user asked us to).
943
944         * workers/service/server/SWServer.cpp:
945         (WebCore::SWServer::clearAll):
946         (WebCore::SWServer::clear):
947
948 2018-01-22  Ryosuke Niwa  <rniwa@webkit.org>
949
950         Blob conversion and sanitization doesn't work with Microsoft Word for Mac 2011
951         https://bugs.webkit.org/show_bug.cgi?id=181616
952         <rdar://problem/36484908>
953
954         Reviewed by Wenson Hsieh.
955
956         The bug was caused by WebContentReader::readHTML and WebContentMarkupReader::readHTML not sanitizing plain HTML string
957         as done for web archives even when custom pasteboard data is enabled. Fixed the bug by doing the sanitization.
958
959         Unfortunately, we can't make file URLs available in this case because WebContent process doesn't have sandbox extensions
960         to access local files referenced by the HTML source in the clipboard, and we can't make WebContent process request for
961         a sandbox extension¸on an arbitrary local file, as it would defeat the whole point of sandboxing.
962
963         Instead, we strip away all HTML attributes referencing a URL whose scheme is not HTTP, HTTPS, or data when sanitizing
964         text/html from the clipboard to avoid exposing local file paths, which can reveal privacy & security sensitive data
965         such as the user's full name, and the location of private containers of other applications in the system.
966
967         Tests: PasteHTML.DoesNotSanitizeHTMLWhenCustomPasteboardDataIsDisabled
968                PasteHTML.DoesNotStripFileURLsWhenCustomPasteboardDataIsDisabled
969                PasteHTML.ExposesHTMLTypeInDataTransfer
970                PasteHTML.KeepsHTTPURLs
971                PasteHTML.SanitizesHTML
972                PasteHTML.StripsFileURLs
973
974         * editing/cocoa/WebContentReaderCocoa.mm:
975         (WebCore::WebContentReader::readHTML): Fixed the bug by sanitizing the markup, and stripping away file URLs.
976         (WebCore::WebContentMarkupReader::readHTML): Ditto.
977         * editing/markup.cpp:
978         (WebCore::removeSubresourceURLAttributes): Added.
979         (WebCore::sanitizeMarkup): Added.
980         * editing/markup.h:
981
982 2018-01-22  Chris Dumez  <cdumez@apple.com>
983
984         Add release logging to help debug issues related to service workers
985         https://bugs.webkit.org/show_bug.cgi?id=181935
986         <rdar://problem/36735900>
987
988         Reviewed by Brady Eidson.
989
990         * workers/service/ServiceWorker.cpp:
991         (WebCore::ServiceWorker::ServiceWorker):
992         (WebCore::ServiceWorker::scheduleTaskToUpdateState):
993         (WebCore::ServiceWorker::postMessage):
994         (WebCore::ServiceWorker::isAlwaysOnLoggingAllowed const):
995         * workers/service/ServiceWorker.h:
996         * workers/service/ServiceWorkerContainer.cpp:
997         (WebCore::ServiceWorkerContainer::addRegistration):
998         (WebCore::ServiceWorkerContainer::removeRegistration):
999         (WebCore::ServiceWorkerContainer::updateRegistration):
1000         (WebCore::ServiceWorkerContainer::jobFailedWithException):
1001         (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
1002         (WebCore::ServiceWorkerContainer::jobResolvedWithUnregistrationResult):
1003         (WebCore::ServiceWorkerContainer::startScriptFetchForJob):
1004         (WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
1005         (WebCore::ServiceWorkerContainer::jobFailedLoadingScript):
1006         (WebCore::ServiceWorkerContainer::isAlwaysOnLoggingAllowed const):
1007         * workers/service/ServiceWorkerContainer.h:
1008         * workers/service/ServiceWorkerRegistration.cpp:
1009         (WebCore::ServiceWorkerRegistration::ServiceWorkerRegistration):
1010         (WebCore::ServiceWorkerRegistration::updateStateFromServer):
1011         (WebCore::ServiceWorkerRegistration::scheduleTaskToFireUpdateFoundEvent):
1012         * workers/service/server/SWServer.cpp:
1013         (WebCore::SWServer::scriptContextFailedToStart):
1014         (WebCore::SWServer::didFinishInstall):
1015         (WebCore::SWServer::didFinishActivation):
1016         (WebCore::SWServer::terminateWorkerInternal):
1017         * workers/service/server/SWServerJobQueue.cpp:
1018         (WebCore::SWServerJobQueue::didResolveRegistrationPromise):
1019         (WebCore::SWServerJobQueue::runRegisterJob):
1020
1021 2018-01-22  Youenn Fablet  <youenn@apple.com>
1022
1023         Safari Tech Preview can't use GitHub login at forums.swift.org
1024         https://bugs.webkit.org/show_bug.cgi?id=181908
1025         <rdar://problem/36715111>
1026
1027         Reviewed by Chris Dumez.
1028
1029         Test: http/wpt/service-workers/navigation-redirect.https.html
1030
1031         For subresource loads, redirections will not change who is in charge of continuing the load (service worker or network process).
1032         For navigation loads, we need to match the registration for every redirection since this is using the Manual redirect mode.
1033         This allows starting the load with a service worker and finishing the load with another service worker, which will become the controller.
1034
1035         Implement this by wrapping the registration matching of an URL within DocumentLoader::matchRegistration.
1036         Use that method in DocumentLoader::redirectReceived.
1037
1038         * loader/DocumentLoader.cpp:
1039         (WebCore::DocumentLoader::matchRegistration):
1040         (WebCore::doRegistrationsMatch):
1041         (WebCore::DocumentLoader::redirectReceived):
1042         (WebCore::DocumentLoader::startLoadingMainResource):
1043         * loader/DocumentLoader.h:
1044
1045 2018-01-22  Antti Koivisto  <antti@apple.com>
1046
1047         REGRESSION (Safari 11): Buttons inside a fieldset legend cannot be clicked on in Safari 11
1048         https://bugs.webkit.org/show_bug.cgi?id=179666
1049         <rdar://problem/35534292>
1050
1051         Reviewed by Zalan Bujtas.
1052
1053         The legend element of a fieldset is in the border area, outside the clip rect.
1054         With overflow:hidden mouse events won't reach it.
1055
1056         Test case by Dhaya Benmessaoud.
1057
1058         Test: fast/forms/legend-overflow-hidden-hit-test.html
1059
1060         * rendering/RenderBlock.cpp:
1061         (WebCore::RenderBlock::nodeAtPoint):
1062         (WebCore::RenderBlock::hitTestExcludedChildrenInBorder):
1063
1064         Add a special case to hit testing to handle legend, similarly to what is done for painting.
1065
1066         * rendering/RenderBlock.h:
1067
1068 2018-01-22  Joanmarie Diggs  <jdiggs@igalia.com>
1069
1070         AX: Implement support for Graphics ARIA roles
1071         https://bugs.webkit.org/show_bug.cgi?id=181796
1072
1073         Reviewed by Chris Fleizach.
1074
1075         Add mappings for the three new roles (graphics-document, graphics-object,
1076         and graphics-symbol) as per the Graphics Accessibility API Mappings spec.
1077
1078         No new tests; instead, new test cases added to roles-computedRoleString.html
1079         and roles-exposed.html.
1080
1081         * accessibility/AccessibilityObject.cpp:
1082         (WebCore::initializeRoleMap):
1083         (WebCore::AccessibilityObject::computedRoleString const):
1084         * accessibility/AccessibilityObject.h:
1085         * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
1086         (atkRole):
1087         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
1088         (-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):
1089         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
1090         (createAccessibilityRoleMap):
1091         (-[WebAccessibilityObjectWrapper subrole]):
1092         (-[WebAccessibilityObjectWrapper roleDescription]):
1093
1094 2018-01-22  Antti Koivisto  <antti@apple.com>
1095
1096         REGRESSION(r224535): Can't write reviews in the App Store
1097         https://bugs.webkit.org/show_bug.cgi?id=181936
1098         <rdar://problem/36670246>
1099
1100         Reviewed by Zalan Bujtas.
1101
1102         * page/LayoutContext.cpp:
1103         (WebCore::LayoutContext::updateStyleForLayout):
1104
1105         r224535 was about media queries but it also removed a seemingly spurious call to SyleScope::didChangeStyleSheetEnvironment
1106         from the path that does not involve media queries.
1107         Turns out UITextContentView somehow depended on it, so revert this specific change.
1108
1109 2018-01-22  Brady Eidson  <beidson@apple.com>
1110
1111         In WebKit2, make the MessagePortChannelRegistry live in the UI process.
1112         https://bugs.webkit.org/show_bug.cgi?id=181922
1113
1114         Reviewed by Andy Estes.
1115
1116         No new tests (Refactor, no behavior change)
1117
1118         Add encoder/decoders and EXPORT a whole bunch of stuff.
1119         
1120         * WebCore.xcodeproj/project.pbxproj:
1121
1122         * dom/MessagePort.h:
1123
1124         * dom/messageports/MessagePortChannel.cpp:
1125         (WebCore::MessagePortChannel::processForPort):
1126         * dom/messageports/MessagePortChannel.h:
1127
1128         * dom/messageports/MessagePortChannelProvider.h:
1129         * dom/messageports/MessagePortChannelRegistry.h:
1130
1131         * dom/messageports/MessageWithMessagePorts.h:
1132         (WebCore::MessageWithMessagePorts::encode const):
1133         (WebCore::MessageWithMessagePorts::decode):
1134
1135 2018-01-22  Youenn Fablet  <youenn@apple.com>
1136
1137         Fetch Headers from an Opaque response should be filtered out
1138         https://bugs.webkit.org/show_bug.cgi?id=181926
1139
1140         Reviewed by Chris Dumez.
1141
1142         Covered by updated test.
1143
1144         Refactor to use the same FetchResponse::create for Cache API and cloning.
1145         In this method, ensure that response and headers are filtered correctly according response tainting.
1146         Make also sure that synthetic responses do not get filtered (not needed since created by JavaScript).
1147
1148         Introduce helper routine to set the header map of a resource response.
1149         Use this routine when cloning a synthetic response as in that case, m_internalResponse has no header at all.
1150
1151         * Modules/cache/DOMCache.cpp:
1152         (WebCore::DOMCache::updateRecords):
1153         * Modules/fetch/FetchResponse.cpp:
1154         (WebCore::FetchResponse::create):
1155         (WebCore::FetchResponse::clone):
1156         * Modules/fetch/FetchResponse.h:
1157         * platform/network/ResourceResponseBase.cpp:
1158         (WebCore::ResourceResponseBase::setHTTPHeaderFields):
1159         * platform/network/ResourceResponseBase.h:
1160         * testing/ServiceWorkerInternals.cpp:
1161         (WebCore::ServiceWorkerInternals::createOpaqueWithBlobBodyResponse):
1162
1163 2018-01-22  Javier Fernandez  <jfernandez@igalia.com>
1164
1165         [css-align] 'overflow' keyword must precede the self-position and content-position value
1166         https://bugs.webkit.org/show_bug.cgi?id=181793
1167
1168         Reviewed by Antti Koivisto.
1169
1170         There were several discussions to avoid ambiguities with the complex
1171         values, specially when it comes to define the place-xxx shorthands.
1172
1173         One of the sources of problems is the 'overflow-position' keyword. The
1174         CSS WG has decided to change the syntax of all the CSS Box Alignment
1175         properties so that the 'overflow-position' keyword always precede the
1176         'self-position' or the 'content-position' keywords.
1177
1178         https://github.com/w3c/csswg-drafts/issues/1446#event-1125715434
1179
1180         In order to apply this change to the Content Distribution properties'
1181         (align-content and justify-content) syntax I had to completely
1182         re-implement their parsing function. Thanks to this I addressed also
1183         the issue with the content-distribution fallback, which cannot be
1184         specified explicitly now.
1185
1186         https://github.com/w3c/csswg-drafts/issues/1002#ref-commit-c38cac4
1187
1188         No new tests, just rebaselined the expected results of the test cases affected.
1189
1190         Despite the so many layout tests affected by this change, it's
1191         unlikely that it might break any content in current web
1192         sites. This patch changes the new CSS syntax, obviously backward
1193         compatible, defined by the new CSS Box Alignment. The
1194         'overflow-position' keyword is only used by the layout models
1195         implementing the new spec, so far only CSS Grid Layout.
1196         Considering that CSS Grid has been shipped last year, it's unlikely
1197         that many sites are using the new CSS values.
1198
1199         * css/CSSComputedStyleDeclaration.cpp:
1200         (WebCore::valueForItemPositionWithOverflowAlignment):
1201         (WebCore::valueForContentPositionAndDistributionWithOverflowAlignment):
1202         * css/CSSContentDistributionValue.cpp:
1203         (WebCore::CSSContentDistributionValue::customCSSText const):
1204         * css/StyleBuilderConverter.h:
1205         (WebCore::StyleBuilderConverter::convertSelfOrDefaultAlignmentData):
1206         * css/parser/CSSPropertyParser.cpp:
1207         (WebCore::consumeOverflowPositionKeyword):
1208         (WebCore::consumeContentPositionKeyword):
1209         (WebCore::consumeContentDistributionOverflowPosition):
1210         (WebCore::consumeSelfPositionOverflowPosition):
1211
1212 2018-01-22  Chris Nardi  <csnardi1@gmail.com>
1213
1214         Parse calc() in CSS media queries
1215         https://bugs.webkit.org/show_bug.cgi?id=181716
1216
1217         calc() was previously unsupported inside of media queries. This change
1218         adds in support for parsing calc inside of media queries.
1219
1220         Reviewed by Antti Koivisto.
1221
1222         Tests: Imported web-platform-tests/css/mediaqueries
1223
1224         * css/MediaQueryExpression.cpp:
1225         (WebCore::featureWithValidIdent): Updated function to take a CSSPrimitiveValue.
1226         (WebCore::featureWithValidDensity): Updated function to take a CSSPrimitiveValue instead of a CSSParserToken.
1227         (WebCore::featureWithValidPositiveLength): Ditto.
1228         (WebCore::featureExpectingPositiveInteger): Ditto.
1229         (WebCore::featureWithPositiveInteger): Ditto.
1230         (WebCore::featureWithPositiveNumber): Ditto.
1231         (WebCore::featureWithZeroOrOne): Ditto.
1232         (WebCore::MediaQueryExpression::MediaQueryExpression): Use CSSPropertyParserHelpers for consuming.
1233         * css/MediaQueryExpression.h:
1234         * css/parser/CSSPropertyParserHelpers.cpp:
1235         (WebCore::CSSPropertyParserHelpers::consumeResolution): Added function for use in media query expression parsing.
1236         * css/parser/CSSPropertyParserHelpers.h:
1237         * css/parser/MediaQueryParser.cpp:
1238         (WebCore::MediaQueryParser::readRestrictor): Updated functions to take a CSSParserTokenRange in order to use CSSPropertyParserHelpers.
1239         (WebCore::MediaQueryParser::readMediaNot): Ditto.
1240         (WebCore::MediaQueryParser::readMediaType): Ditto.
1241         (WebCore::MediaQueryParser::readAnd): Ditto.
1242         (WebCore::MediaQueryParser::readFeatureStart): Ditto.
1243         (WebCore::MediaQueryParser::readFeature): Ditto.
1244         (WebCore::MediaQueryParser::readFeatureColon): Ditto.
1245         (WebCore::MediaQueryParser::readFeatureValue): Ditto.
1246         (WebCore::MediaQueryParser::readFeatureEnd): Ditto.
1247         (WebCore::MediaQueryParser::skipUntilComma): Ditto.
1248         (WebCore::MediaQueryParser::skipUntilBlockEnd): Ditto.
1249         (WebCore::MediaQueryParser::processToken): Ditto.
1250         (WebCore::MediaQueryParser::parseInternal): Ditto.
1251         (WebCore::MediaQueryData::clear): Removed reference to m_valueList
1252         (WebCore::MediaQueryData::addExpression): Use CSSParserTokenRange.
1253         (WebCore::MediaQueryData::lastExpressionValid): New helper function.
1254         (WebCore::MediaQueryData::removeLastExpression): New helper function.
1255         * css/parser/MediaQueryParser.h:
1256
1257 2018-01-22  Zan Dobersek  <zdobersek@igalia.com>
1258
1259         [Cairo] Refactor PlatformContextCairo::drawSurfaceToContext() into a Cairo operation
1260         https://bugs.webkit.org/show_bug.cgi?id=181930
1261
1262         Reviewed by Carlos Garcia Campos.
1263
1264         Move the PlatformContextCairo::drawSurfaceToContext() code into the
1265         Cairo namespace as an operation, renaming it to drawSurface(). Mirroring
1266         other operations, the PlatformContextCairo object is now passed through
1267         a reference as the first argument to the function, and cairo_t context
1268         object is retrieved from that.
1269
1270         Call sites of the PlatformContextCairo::drawSurfaceToContext() method
1271         are adjusted to now call Cairo::drawSurface() and properly pass the
1272         PlatformContextCairo object to the function.
1273
1274         No new tests -- no change in functionality.
1275
1276         * platform/graphics/cairo/CairoOperations.cpp:
1277         (WebCore::Cairo::prepareForStroking): Make this static.
1278         (WebCore::Cairo::drawPatternToCairoContext):
1279         (WebCore::Cairo::drawNativeImage):
1280         (WebCore::Cairo::drawSurface):
1281         * platform/graphics/cairo/CairoOperations.h:
1282         * platform/graphics/cairo/PlatformContextCairo.cpp:
1283         (WebCore::drawPatternToCairoContext): Deleted.
1284         (WebCore::PlatformContextCairo::drawSurfaceToContext): Deleted.
1285         * platform/graphics/cairo/PlatformContextCairo.h:
1286         * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
1287         (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::paintCurrentFrame):
1288
1289 2018-01-22  Manuel Rego Casasnovas  <rego@igalia.com>
1290
1291         [css-grid] Spanning Grid item has too much space at the bottom / is too high
1292         https://bugs.webkit.org/show_bug.cgi?id=181677
1293
1294         Reviewed by Javier Fernandez.
1295
1296         In IndefiniteSizeStrategy::findUsedFlexFraction() we were not
1297         subtracting the size of the gutters when we call findFrUnitSize().
1298         If an item spans several tracks, we cannot pass the maxContentForChild()
1299         directly, we need to subtract the gutters as they are treated
1300         as fixed size tracks in the algorithm.
1301
1302         The spec text is pretty clear regarding this
1303         (https://drafts.csswg.org/css-grid/#algo-find-fr-size):
1304         "Let leftover space be the space to fill minus the base sizes
1305          of the non-flexible grid tracks."
1306
1307         Gutters are treated as fixed-size tracks for the purpose
1308         of the track sizing algorithm, so we need to subtract them from the
1309         leftover space while finding the size of an "fr".
1310
1311         Tests: imported/w3c/web-platform-tests/css/css-grid/layout-algorithm/grid-find-fr-size-gutters-001.html
1312                imported/w3c/web-platform-tests/css/css-grid/layout-algorithm/grid-find-fr-size-gutters-002.html
1313
1314         * rendering/GridTrackSizingAlgorithm.cpp:
1315         (WebCore::GridTrackSizingAlgorithm::findFrUnitSize const):
1316         (WebCore::IndefiniteSizeStrategy::findUsedFlexFraction const):
1317
1318 2018-01-21  Ryosuke Niwa  <rniwa@webkit.org>
1319
1320         Turning off custom pasteboard data doesn't actually turn it off in WK2
1321         https://bugs.webkit.org/show_bug.cgi?id=181920
1322         <rdar://problem/36686429>
1323
1324         Reviewed by Wenson Hsieh.
1325
1326         Replaced the global settings for custom pasteboard data by regular runtime enabled flags.
1327
1328         * dom/DataTransfer.cpp:
1329         (WebCore::DataTransfer::getDataForItem const):
1330         (WebCore::DataTransfer::shouldSuppressGetAndSetDataToAvoidExposingFilePaths const):
1331         (WebCore::DataTransfer::setDataFromItemList):
1332         (WebCore::DataTransfer::types const):
1333         (WebCore::DataTransfer::commitToPasteboard):
1334         * dom/DataTransferItemList.cpp:
1335         (WebCore::shouldExposeTypeInItemList):
1336         * editing/Editor.cpp:
1337         (WebCore::createDataTransferForClipboardEvent):
1338         * editing/cocoa/WebContentReaderCocoa.mm:
1339         (WebCore::createFragmentAndAddResources):
1340         (WebCore::WebContentReader::readWebArchive):
1341         * page/DeprecatedGlobalSettings.cpp:
1342         (WebCore::DeprecatedGlobalSettings::defaultCustomPasteboardDataEnabled): Deleted.
1343         * page/DeprecatedGlobalSettings.h:
1344         (WebCore::DeprecatedGlobalSettings::setCustomPasteboardDataEnabled): Deleted.
1345         (WebCore::DeprecatedGlobalSettings::customPasteboardDataEnabled): Deleted.
1346         * page/RuntimeEnabledFeatures.h:
1347         (WebCore::RuntimeEnabledFeatures::setCustomPasteboardDataEnabled):
1348         (WebCore::RuntimeEnabledFeatures::customPasteboardDataEnabled const):
1349         * testing/InternalSettings.cpp:
1350         (WebCore::InternalSettings::Backup::Backup):
1351         (WebCore::InternalSettings::Backup::restoreTo):
1352         (WebCore::InternalSettings::setCustomPasteboardDataEnabled):
1353
1354 2018-01-21  Wenson Hsieh  <wenson_hsieh@apple.com>
1355
1356         Add a new feature flag for EXTRA_ZOOM_MODE and reintroduce AdditionalFeatureDefines.h
1357         https://bugs.webkit.org/show_bug.cgi?id=181918
1358
1359         Reviewed by Tim Horton.
1360
1361         Add EXTRA_ZOOM_MODE to FeatureDefines.xconfig (off by default). No change in behavior.
1362
1363         * Configurations/FeatureDefines.xcconfig:
1364
1365 2018-01-19  Ryosuke Niwa  <rniwa@webkit.org>
1366
1367         Release assertion in canExecuteScript when executing scripts during page cache restore
1368         https://bugs.webkit.org/show_bug.cgi?id=181902
1369
1370         Reviewed by Antti Koivisto.
1371
1372         The crash was caused by an erroneous instantiation of ScriptDisallowedScope::InMainThread in CachedPage::restore.
1373         It can execute arbitrary scripts since CachedFrame::open can update style, layout, and evaluate media queries.
1374
1375         This is fine because there is no way to put this page back into a page cache until the load is commited via
1376         FrameLoader::commitProvisionalLoad is invoked later which only happens after CachedPage::restore had exited.
1377
1378         Also added a release assert to make sure this condition holds.
1379
1380         Tests: fast/history/page-cache-execute-script-during-restore.html
1381                fast/history/page-cache-navigate-during-restore.html
1382
1383         * history/CachedPage.cpp:
1384         (WebCore::CachedPageRestorationScope::CachedPageRestorationScope): Added.
1385         (WebCore::CachedPageRestorationScope::~CachedPageRestorationScope): Added.
1386         (WebCore::CachedPage::restore): Don't instantiate ScriptDisallowedScope::InMainThread. Set isRestoringCachedPage
1387         on the cached pate to release-assert that there won't be any attempt to put this very page back into the cache.
1388         * history/PageCache.cpp:
1389         (WebCore::canCachePage): Added a release assert to make sure the page which is in the process of being restored
1390         from the page cache is not put into the page cache.
1391         * page/Page.h:
1392         (WebCore::Page::setIsRestoringCachedPage): Added.
1393         (WebCore::Page::isRestoringCachedPage const): Added.
1394
1395 2018-01-21  Eric Carlson  <eric.carlson@apple.com>
1396
1397         Resign NowPlaying status when no media element is eligible
1398         https://bugs.webkit.org/show_bug.cgi?id=181914
1399         <rdar://problem/35294116>
1400
1401         Reviewed by Jer Noble.
1402
1403         Updated API test.
1404
1405         * html/HTMLMediaElement.cpp:
1406         (WebCore::HTMLMediaElement::removedFromAncestor): Call mediaSession->clientCharacteristicsChanged
1407         so NowPlaying status will be updated.
1408
1409         * html/MediaElementSession.cpp:
1410         (WebCore::MediaElementSession::canShowControlsManager const): Return false when being queried
1411         for NowPlaying status in an inactive document.
1412
1413         * platform/audio/PlatformMediaSessionManager.cpp:
1414         (WebCore::PlatformMediaSessionManager::updateNowPlayingInfoIfNecessary): Implement in for all
1415         ports.
1416         * platform/audio/PlatformMediaSessionManager.h:
1417         (WebCore::PlatformMediaSessionManager::registeredAsNowPlayingApplication const):
1418         * platform/audio/ios/MediaSessionManagerIOS.h:
1419         * platform/audio/mac/MediaSessionManagerMac.h:
1420         * platform/audio/mac/MediaSessionManagerMac.mm:
1421         (WebCore::MediaSessionManagerMac::updateNowPlayingInfo): Call MRMediaRemoteSetCanBeNowPlayingApplication
1422         whenever status changes.
1423         (WebCore::PlatformMediaSessionManager::updateNowPlayingInfoIfNecessary): Deleted, implemented
1424         in the base class.
1425
1426 2018-01-21  Jer Noble  <jer.noble@apple.com>
1427
1428         REGRESSION (macOS 10.13.2): imported/w3c/web-platform-tests/media-source/mediasource-* LayoutTests failing
1429         https://bugs.webkit.org/show_bug.cgi?id=181891
1430
1431         Reviewed by Eric Carlson.
1432
1433         In macOS 10.13.2, CoreMedia changed the definition of CMSampleBufferGetDuration() to return
1434         the presentation duration rather than the decode duration. For media streams where those two
1435         durations are identical (or at least, closely similar), this isn't a problem. But the media
1436         file used in the WPT tests have an unusual frame cadence: decode durations go {3000, 1, 5999,
1437         1, 5999,...} and presentation durations go {3000, 2999, 3000, 2999}. This caused one check in
1438         the "Coded Frame Processing" algorithm to begin failing, where it checks that the delta
1439         between the last sample's decode time and the new decode time is no more than 2x as far as
1440         the last sample's duration. That's not a problem as long as the "duration" is the "decode
1441         duration" and the samples are all adjacent. Once the "duration" is "presentation duration",
1442         all the assumptions in the algorithm are invalidated. In the WPT test case, the delta between
1443         decode times is 5999, and 2 * the presentation duration is 5998, causing all samples up to
1444         the next sync sample to be dropped.
1445
1446         To work around this change in behavior, we'll adopt the same technique used by Mozilla's MSE
1447         implementation, which was done for similar reasons. Rather than track the "last frame duration",
1448         we'll record the "greatest frame duration", and use actual decode timestamps to derive this
1449         duration. The "greatest frame duration" field will be reset at the same times as "last frame
1450         duration", and will be used only in the part of the algorithm that checks for large decode
1451         timestamp gaps.
1452
1453         * Modules/mediasource/SourceBuffer.cpp:
1454         (WebCore::SourceBuffer::TrackBuffer::TrackBuffer):
1455         (WebCore::SourceBuffer::resetParserState):
1456         (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
1457
1458 2018-01-21  Andy Estes  <aestes@apple.com>
1459
1460         [ios] LayoutTest imported/w3c/web-platform-tests/payment-request/rejects_if_not_active.https.html is crashing in JSC::JSONParse
1461         https://bugs.webkit.org/show_bug.cgi?id=177832
1462         <rdar://problem/34805315>
1463
1464         Reviewed by Tim Horton.
1465
1466         Test: http/tests/paymentrequest/rejects_if_not_active.https.html
1467
1468         * Modules/paymentrequest/PaymentRequest.cpp:
1469         (WebCore::PaymentRequest::show): Rejected promise if the document is not active.
1470
1471 2018-01-20  Brady Eidson  <beidson@apple.com>
1472
1473         Make garbage collection of MessagePort objects be asynchronous.
1474         https://bugs.webkit.org/show_bug.cgi?id=181910
1475
1476         Reviewed by Andy Estes.
1477
1478         No new tests (Covered by existing tests, including GC-specific ones).
1479
1480         The basic premise here is as follows:
1481         - You can *always* GC a MessagePort that is closed
1482         - You can *always* GC a MessagePort that has no onmessage handler, as incoming messages cannot 
1483           possibly revive it.
1484         - You can GC a MessagePort, even if it has a message handler, as long as there are no messages 
1485           in flight between it and the remote port, and as long as the remote port is "maybe eligible for GC."
1486           
1487         A MessagePort is considered "maybe eligible for GC" once hasPendingActivity is asked once.
1488         
1489         A MessagePort loses "maybe eligible for GC" status once it is used for sending or receiving a message.
1490         
1491         The changes to MessagePort.cpp implement the above with a tiny little bool-driven state machine.
1492         * dom/MessagePort.cpp:
1493         (WebCore::MessagePort::postMessage):
1494         (WebCore::MessagePort::disentangle):
1495         (WebCore::MessagePort::registerLocalActivity):
1496         (WebCore::MessagePort::start):
1497         (WebCore::MessagePort::close):
1498         (WebCore::MessagePort::contextDestroyed):
1499         (WebCore::MessagePort::dispatchMessages):
1500         (WebCore::MessagePort::hasPendingActivity const):
1501         (WebCore::MessagePort::isLocallyReachable const):
1502         (WebCore::MessagePort::addEventListener):
1503         (WebCore::MessagePort::removeEventListener):
1504         * dom/MessagePort.h:
1505
1506         - Remove the lock and any background-thread code paths
1507         - Add ASSERT(isMainThread())s throughout
1508         * dom/messageports/MessagePortChannel.cpp:
1509         (WebCore::MessagePortChannel::MessagePortChannel):
1510         (WebCore::MessagePortChannel::includesPort):
1511         (WebCore::MessagePortChannel::entanglePortWithProcess):
1512         (WebCore::MessagePortChannel::disentanglePort):
1513         (WebCore::MessagePortChannel::closePort):
1514         (WebCore::MessagePortChannel::postMessageToRemote):
1515         (WebCore::MessagePortChannel::takeAllMessagesForPort):
1516         (WebCore::MessagePortChannel::checkRemotePortForActivity):
1517         (WebCore::MessagePortChannel::hasAnyMessagesPendingOrInFlight const):
1518         * dom/messageports/MessagePortChannel.h:
1519         
1520         Add a callback for a MessagePortChannel to go ask the remote MessagePort object about local activity:
1521         * dom/messageports/MessagePortChannelProvider.h:
1522         * dom/messageports/MessagePortChannelProviderImpl.cpp:
1523         (WebCore::MessagePortChannelProviderImpl::checkRemotePortForActivity):
1524         (WebCore::MessagePortChannelProviderImpl::checkProcessLocalPortForActivity):
1525         (WebCore::MessagePortChannelProviderImpl::hasMessagesForPorts_temporarySync): Deleted.
1526         * dom/messageports/MessagePortChannelProviderImpl.h:
1527         
1528         - Remove the lock and any background-thread code paths
1529         - Add ASSERT(isMainThread())s throughout
1530         * dom/messageports/MessagePortChannelRegistry.cpp:
1531         (WebCore::MessagePortChannelRegistry::messagePortChannelCreated):
1532         (WebCore::MessagePortChannelRegistry::messagePortChannelDestroyed):
1533         (WebCore::MessagePortChannelRegistry::didEntangleLocalToRemote):
1534         (WebCore::MessagePortChannelRegistry::didDisentangleMessagePort):
1535         (WebCore::MessagePortChannelRegistry::didCloseMessagePort):
1536         (WebCore::MessagePortChannelRegistry::didPostMessageToRemote):
1537         (WebCore::MessagePortChannelRegistry::takeAllMessagesForPort):
1538         (WebCore::MessagePortChannelRegistry::checkRemotePortForActivity):
1539         (WebCore::MessagePortChannelRegistry::existingChannelContainingPort):
1540         (WebCore::MessagePortChannelRegistry::hasMessagesForPorts_temporarySync): Deleted.
1541         * dom/messageports/MessagePortChannelRegistry.h:
1542
1543 2018-01-20  Andy Estes  <aestes@apple.com>
1544
1545         [Apple Pay] Stop eagerly loading PassKit.framework
1546         https://bugs.webkit.org/show_bug.cgi?id=181911
1547         <rdar://problem/36555369>
1548
1549         Reviewed by Tim Horton.
1550
1551         r226458 and r226123 added code that caused PassKit.framework to be eagerly loaded when
1552         initializing a WKWebView. This is costly and should only be done when Apple Pay is first used.
1553
1554         To avoid eagerly loading PassKit, this patch does two things:
1555
1556         1. Instead of sending the available payment networks as part of WebPageCreationParameters,
1557         PaymentCoordinator asks for them using a syncrhonous message the first time they are needed.
1558         2. Instead of setting the Apple Pay preference to false when PassKit can't be loaded,
1559         the following API entry points check for a missing PassKit and return false, or throw
1560         exceptions, or reject promises:
1561             - ApplePaySession.canMakePayments()
1562             - ApplePaySession.canMakePaymentsWithActiveCard()
1563             - ApplePaySession.openPaymentSetup()
1564             - ApplePaySession.begin()
1565
1566         No new tests for (1), which causes no change in behavior. (2) was manually verified by
1567         locally moving aside PassKit.framework, but that's not possible to do in an automated test.
1568
1569         * Modules/applepay/PaymentCoordinator.cpp:
1570         (WebCore::PaymentCoordinator::PaymentCoordinator):
1571         (WebCore::PaymentCoordinator::validatedPaymentNetwork const):
1572         (WebCore::toHashSet): Deleted.
1573         * Modules/applepay/PaymentCoordinator.h:
1574         * Modules/applepay/PaymentCoordinatorClient.h:
1575         * loader/EmptyClients.cpp:
1576         * page/MainFrame.cpp:
1577         (WebCore::MainFrame::MainFrame):
1578
1579         Removed PaymentCoordinator::m_availablePaymentNetworks and made
1580         PaymentCoordinator::validatedPaymentNetwork() call
1581         PaymentCoordinatorClient::validatedPaymentNetwork() instead.
1582
1583         * page/PageConfiguration.h:
1584
1585         Removed availablePaymentNetworks from PageConfiguration.
1586
1587         * testing/Internals.cpp:
1588         (WebCore::Internals::Internals):
1589         * testing/MockPaymentCoordinator.cpp:
1590         (WebCore::MockPaymentCoordinator::validatedPaymentNetwork):
1591         * testing/MockPaymentCoordinator.h:
1592
1593         Implemented PaymentCoordinatorClient::validatedPaymentNetwork().
1594
1595 2018-01-20  Jer Noble  <jer.noble@apple.com>
1596
1597         Release ASSERT when reloading Vimeo page @ WebCore: WebCore::Document::updateLayout
1598         https://bugs.webkit.org/show_bug.cgi?id=181840
1599         <rdar://problem/36186214>
1600
1601         Reviewed by Simon Fraser.
1602
1603         Test: media/video-fullscreen-reload-crash.html
1604
1605         Short circuit play() or pause() operations if the document is suspended or stopped.
1606
1607         * html/HTMLMediaElement.cpp:
1608         (WebCore::HTMLMediaElement::playInternal):
1609         (WebCore::HTMLMediaElement::pauseInternal):
1610
1611 2018-01-20  Youenn Fablet  <youenn@apple.com>
1612
1613         fetch redirect is incompatible with "no-cors" mode
1614         https://bugs.webkit.org/show_bug.cgi?id=181866
1615         <rdar://problem/35827140>
1616
1617         Reviewed by Chris Dumez.
1618
1619         Covered by updated tests.
1620
1621         Return a network error when no-cors mode and redirect mode is manual or error.
1622         Update preflight implementation to no longer use manual redirect mode to simulate https://fetch.spec.whatwg.org/#http-network-or-cache-fetch.
1623         Instead implement redirectReceived callback to treat any redirect response as the preflight response.
1624
1625         * loader/cache/CachedResourceLoader.cpp:
1626         (WebCore::CachedResourceLoader::canRequest):
1627         * loader/CrossOriginPreflightChecker.cpp:
1628         (WebCore::CrossOriginPreflightChecker::redirectReceived):
1629         (WebCore::CrossOriginPreflightChecker::startPreflight):
1630         * loader/CrossOriginPreflightChecker.h:
1631
1632 2018-01-19  Wenson Hsieh  <wenson_hsieh@apple.com>
1633
1634         [macOS] [WK2] Drag location is computed incorrectly when dragging content from subframes
1635         https://bugs.webkit.org/show_bug.cgi?id=181896
1636         <rdar://problem/35479043>
1637
1638         Reviewed by Tim Horton.
1639
1640         In r218837, I packaged most of the information needed to start a drag into DragItem, which is propagated to the client layer
1641         via the startDrag codepath. However, this introduced a bug in computing the event position and drag location in window
1642         coordinates. Consider the case where we're determining the drag image offset for a dragged element in a subframe:
1643
1644         Before the patch, the drag location (which starts out in the subframe's content coordinates) would be converted to root view
1645         coordinates, which would then be converted to mainframe content coordinates, which would then be converted to window coordinates
1646         using the mainframe's view. After the patch, we carry out the same math until the last step, where we erroneously use the
1647         _subframe's_ view to convert to window coordinates from content coordinates. This results in the position of the iframe relative
1648         to the mainframe being accounted for twice.
1649
1650         To fix this, we simply use the main frame's view to convert from mainframe content coordinates to window coordinates while
1651         computing the drag location. As for the event position in window coordinates, this is currently unused by any codepath in WebKit,
1652         so we can just remove it altogether.
1653
1654         Since this bug only affects drag and drop in the macOS WebKit2 port, there's currently no way to test this. I'll be using
1655         <https://bugs.webkit.org/show_bug.cgi?id=181898> to track adding test support for drag and drop on macOS WebKit2. Manually tested
1656         dragging in both WebKit1 and WebKit2 on macOS. dragLocationInWindowCoordinates isn't used at all for iOS drag and drop.
1657
1658         * page/DragController.cpp:
1659         (WebCore::DragController::doSystemDrag):
1660         * platform/DragItem.h:
1661         (WebCore::DragItem::encode const):
1662         (WebCore::DragItem::decode):
1663
1664 2018-01-19  Ryan Haddad  <ryanhaddad@apple.com>
1665
1666         Unreviewed, rolling out r227235.
1667
1668         The test for this change consistently times out on High
1669         Sierra.
1670
1671         Reverted changeset:
1672
1673         "Support for preconnect Link headers"
1674         https://bugs.webkit.org/show_bug.cgi?id=181657
1675         https://trac.webkit.org/changeset/227235
1676
1677 2018-01-19  Youenn Fablet  <youenn@apple.com>
1678
1679         Cache storage errors like Quota should trigger console messages
1680         https://bugs.webkit.org/show_bug.cgi?id=181879
1681         <rdar://problem/36669048>
1682
1683         Reviewed by Chris Dumez.
1684
1685         Covered by rebased test.
1686
1687         * Modules/cache/DOMCache.cpp:
1688         (WebCore::DOMCache::retrieveRecords):
1689         (WebCore::DOMCache::batchDeleteOperation):
1690         (WebCore::DOMCache::batchPutOperation):
1691         * Modules/cache/DOMCacheEngine.cpp:
1692         (WebCore::DOMCacheEngine::errorToException):
1693         (WebCore::DOMCacheEngine::logErrorAndConvertToException):
1694         * Modules/cache/DOMCacheEngine.h:
1695         * Modules/cache/DOMCacheStorage.cpp:
1696         (WebCore::DOMCacheStorage::retrieveCaches):
1697         (WebCore::DOMCacheStorage::doOpen):
1698         (WebCore::DOMCacheStorage::doRemove):
1699
1700 2018-01-19  Youenn Fablet  <youenn@apple.com>
1701
1702         Do not go to the storage process when registering a service worker client if there is no service worker registered
1703         https://bugs.webkit.org/show_bug.cgi?id=181740
1704         <rdar://problem/36650400>
1705
1706         Reviewed by Chris Dumez.
1707
1708         Register a document as service worker client only if there is an existing service worker connection.
1709         This allows not creating any connection if no service worker is registered.
1710
1711         Add internals API to test whether a service worker connection was created or not.
1712         This is used by API tests that cover the changes.
1713
1714         * dom/Document.cpp:
1715         (WebCore::Document::privateBrowsingStateDidChange): No need to create a service worker connection if client is not registered yet.
1716         (WebCore::Document::setServiceWorkerConnection): No need to unregister/register if service worker connection is the same.
1717         Similarly, if Document is to be destroyed or suspended, we should not register it.
1718         * loader/DocumentLoader.cpp:
1719         (WebCore::DocumentLoader::commitData):
1720         * testing/Internals.cpp:
1721         (WebCore::Internals::hasServiceWorkerConnection):
1722         * testing/Internals.h:
1723         * testing/Internals.idl:
1724         * workers/service/ServiceWorkerProvider.cpp:
1725         (WebCore::ServiceWorkerProvider::registerServiceWorkerClients):
1726         * workers/service/ServiceWorkerProvider.h:
1727
1728 2018-01-19  Dean Jackson  <dino@apple.com>
1729
1730         REGRESSION (r221092): Swipe actions are hard to perform in FastMail app
1731         https://bugs.webkit.org/show_bug.cgi?id=181817
1732         <rdar://problem/35274055>
1733
1734         Add a setting for controlling whether touch listeners are passive
1735         by default on document/window/body.
1736
1737         Updated existing test.
1738
1739         * dom/EventTarget.cpp:
1740         (WebCore::EventTarget::addEventListener):
1741         * page/Settings.yaml:
1742
1743 2018-01-19  Daniel Bates  <dabates@apple.com>
1744
1745         Update frame-ancestor directive to match Content Security Policy Level 3
1746         https://bugs.webkit.org/show_bug.cgi?id=178891
1747         <rdar://problem/35209458>
1748
1749         Reviewed by Alex Christensen.
1750
1751         Derived from Blink e667cc2e501fabab3605b838e4ee0d642a9c4a59:
1752         <https://chromium.googlesource.com/chromium/src.git/+/e667cc2e501fabab3605b838e4ee0d642a9c4a59>
1753
1754         Update frame-ancestor directive to match against the origin of the ancestor document per the
1755         Content Security Policy Level 3 spec.: <https://w3c.github.io/webappsec-csp/> (15 January 2018).
1756         Specifically this change in behavior was made to CSP 3 in <https://github.com/w3c/webappsec/issues/311>.
1757         In earlier versions of the spec, the frame-ancestor directive matched against the URL of the
1758         ancestor document.
1759
1760         Disregarding allow-same-origin sandboxed iframes, a document with policy "frame-ancestor 'self'"
1761         will be blocked from loading in a sandboxed iframe as a result of this change.
1762
1763         Tests: http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-allow-same-origin-sandboxed-cross-url-allow.html
1764                http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html
1765
1766         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
1767         (WebCore::checkFrameAncestors):
1768
1769 2018-01-19  Basuke Suzuki  <Basuke.Suzuki@sony.com>
1770
1771         [Curl] Add timeout support to XMLHttpRequest
1772         https://bugs.webkit.org/show_bug.cgi?id=181876
1773
1774         Reviewed by Alex Christensen 
1775
1776         * platform/network/ResourceRequestBase.cpp:
1777         * platform/network/curl/CurlContext.cpp:
1778         (WebCore::CurlHandle::setTimeout):
1779         * platform/network/curl/CurlContext.h:
1780         * platform/network/curl/CurlRequest.cpp:
1781         (WebCore::CurlRequest::setupTransfer):
1782         (WebCore::CurlRequest::didCompleteTransfer):
1783         * platform/network/curl/ResourceError.h:
1784         * platform/network/curl/ResourceErrorCurl.cpp:
1785         (WebCore::ResourceError::httpError):
1786
1787 2018-01-19  Yoav Weiss  <yoav@yoav.ws>
1788
1789         Support for preconnect Link headers
1790         https://bugs.webkit.org/show_bug.cgi?id=181657
1791
1792         Reviewed by Darin Adler.
1793
1794         Move the preconnect functionality into its own function, and
1795         also call this function when Link headers are processed.
1796
1797         Test: http/tests/preconnect/link-header-rel-preconnect-http.php
1798
1799         * loader/LinkLoader.cpp:
1800         (WebCore::LinkLoader::loadLinksFromHeader): Call preconnectIfNeeded.
1801         (WebCore::LinkLoader::preconnectIfNeeded): Preconnect to a host functionality moved here.
1802         (WebCore::LinkLoader::loadLink): Call preconnectIfNeeded.
1803         * loader/LinkLoader.h:
1804
1805 2018-01-19  Joseph Pecoraro  <pecoraro@apple.com>
1806
1807         AppCache: Log a Deprecation warning to the Console when AppCache is used
1808         https://bugs.webkit.org/show_bug.cgi?id=181778
1809
1810         Reviewed by Alex Christensen.
1811
1812         * html/HTMLHtmlElement.cpp:
1813         (WebCore::HTMLHtmlElement::insertedByParser):
1814
1815 2018-01-19  Chris Dumez  <cdumez@apple.com>
1816
1817         ASSERT(registration || isTerminating()) hit in SWServerWorker::skipWaiting()
1818         https://bugs.webkit.org/show_bug.cgi?id=181761
1819         <rdar://problem/36594564>
1820
1821         Reviewed by Youenn Fablet.
1822
1823         There is a short period of time, early in the registration process where a
1824         SWServerWorker object exists for a registration but is not in the registration's
1825         installing/waiting/active slots yet. As a result, if a registration is cleared
1826         during this period (for e.g. due to the user clearing all website data), that
1827         SWServerWorker will not be terminated. We then hit assertion later on when this
1828         worker is trying to do things (like call skipWaiting).
1829
1830         To address the issue, we now keep a reference this SWServerWorker on the
1831         registration, via a new SWServerRegistration::m_preInstallationWorker data member.
1832         When the registration is cleared, we now take care of terminating this worker.
1833
1834         No new tests, covered by existing tests that crash flakily in debug builds.
1835
1836         * workers/WorkerThread.cpp:
1837         (WebCore::WorkerThread::stop):
1838         if the mutex is locked, then the worker thread is still starting. We spin the
1839         runloop and try to stop again later. This avoids the deadlock shown in
1840         Bug 181763 as the worker thread may need to interact with the main thread
1841         during startup.
1842
1843         * workers/service/server/SWServer.cpp:
1844         (WebCore::SWServer::installContextData):
1845         * workers/service/server/SWServerJobQueue.cpp:
1846         (WebCore::SWServerJobQueue::scriptContextFailedToStart):
1847         (WebCore::SWServerJobQueue::install):
1848         * workers/service/server/SWServerRegistration.cpp:
1849         (WebCore::SWServerRegistration::~SWServerRegistration):
1850         (WebCore::SWServerRegistration::setPreInstallationWorker):
1851         (WebCore::SWServerRegistration::clear):
1852         * workers/service/server/SWServerRegistration.h:
1853         (WebCore::SWServerRegistration::preInstallationWorker const):
1854
1855 2018-01-19  Chris Dumez  <cdumez@apple.com>
1856
1857         Service worker registrations restored from disk may not be reused when the JS calls register() again
1858         https://bugs.webkit.org/show_bug.cgi?id=181810
1859         <rdar://problem/36591711>
1860
1861         Reviewed by Youenn Fablet.
1862
1863         The issue was that when restoring a registration from disk, we would not set its active worker right
1864         away. We only set it later in installContextData(). installContextData() is only called after we’ve
1865         launched the service worker process and established a connection to it.
1866
1867         However, we would start processing jobs (such as registrations) before we’ve established the connection
1868         to the service worker process. SWServerJobQueue::runRegisterJob(), in order to reuse an existing
1869         registration checks the registration’s active worker has the right script URL. The issue was that when
1870         this code would execute, we may not have set the registration’s active service worker yet, in which case,
1871         we would update the existing registration instead of reusing it as-is.
1872
1873         To address the issue, we now delay the processing of jobs until the connection to the service worker
1874         process has been established and we've installed all pending contexts via installContextData().
1875
1876         Changed is covered by new API test.
1877
1878         * workers/service/server/SWServer.cpp:
1879         (WebCore::SWServer::Connection::scheduleJobInServer):
1880         (WebCore::SWServer::scheduleJob):
1881         (WebCore::SWServer::serverToContextConnectionCreated):
1882         * workers/service/server/SWServer.h:
1883
1884 2018-01-19  James Craig  <jcraig@apple.com>
1885
1886         AX: when invert colors is on, double-invert image and picture elements in UserAgentStyleSheet
1887         https://bugs.webkit.org/show_bug.cgi?id=181281
1888         <rdar://problem/36291776>
1889
1890         Reviewed by Simon Fraser.
1891
1892         Updated "Smart Invert" to include img and picture element inversion and tests.
1893
1894         Tests: accessibility/smart-invert-reference.html
1895                accessibility/smart-invert.html
1896
1897         * css/html.css:
1898         (@media (inverted-colors)):
1899         (img:not(picture>img), picture, video):
1900
1901 2018-01-19  Chris Dumez  <cdumez@apple.com>
1902
1903         The WebContent process should not process incoming IPC while waiting for a sync IPC reply
1904         https://bugs.webkit.org/show_bug.cgi?id=181560
1905
1906         Reviewed by Ryosuke Niwa.
1907
1908         Add internals API for testing purposes.
1909
1910         Test: fast/misc/testIncomingSyncIPCMessageWhileWaitingForSyncReply.html
1911
1912         * page/ChromeClient.h:
1913         * testing/Internals.cpp:
1914         (WebCore::Internals::testIncomingSyncIPCMessageWhileWaitingForSyncReply):
1915         * testing/Internals.h:
1916         * testing/Internals.idl:
1917
1918 2018-01-19  Keith Miller  <keith_miller@apple.com>
1919
1920         HaveInternalSDK includes should be "#include?"
1921         https://bugs.webkit.org/show_bug.cgi?id=179670
1922
1923         Reviewed by Dan Bernstein.
1924
1925         * Configurations/Base.xcconfig:
1926
1927 2018-01-19  Daniel Bates  <dabates@apple.com>
1928
1929         Fix misspelling; substitute willDetachRenderer for willDetatchRenderer.
1930
1931         * html/HTMLPlugInImageElement.cpp:
1932         (WebCore::HTMLPlugInImageElement::willDetachRenderers):
1933         * plugins/PluginViewBase.h:
1934         (WebCore::PluginViewBase::willDetachRenderer):
1935         (WebCore::PluginViewBase::willDetatchRenderer): Deleted.
1936
1937 2018-01-19  Jonathan Bedard  <jbedard@apple.com>
1938
1939         Unreviewed build fix, remove unused lambda captures.
1940
1941         * dom/messageports/MessagePortChannel.cpp:
1942         (WebCore::MessagePortChannel::takeAllMessagesForPort):
1943         * dom/messageports/MessagePortChannelRegistry.cpp:
1944         (WebCore::MessagePortChannelRegistry::messagePortChannelCreated):
1945
1946 2018-01-19  Antoine Quint  <graouts@apple.com>
1947
1948         [Web Animations] Expose timing properties (delay, endDelay, fill, iterationStart, iterations, direction) and getComputedTiming()
1949         https://bugs.webkit.org/show_bug.cgi?id=181857
1950         <rdar://problem/36660081>
1951
1952         Reviewed by Dean Jackson.
1953
1954         We start the work to implement the rest of the Web Animations timing and animation model by exposing more properties on
1955         AnimationEffectTiming to control delay (delay, endDelay), looping (iterationStart, iterations), fill and direction.
1956         Additionally, we expose the getComputedTiming() method on AnimationEffect, although it currently lacks some computed
1957         properties that will come in later patch as we implement various processes defined by the spec. We also update the
1958         existing duration() method on AnimationEffectTiming to be called iterationDuration() to match the terms used in the
1959         specification.
1960
1961         Finally, we make all new properties, and update existing ones, that expose a time value go through the new utility
1962         function secondsToWebAnimationsAPITime() to guarantee rounded values with microseconds precision, as advised by
1963         the Web Animations specification.
1964
1965         * CMakeLists.txt:
1966         * DerivedSources.make:
1967         * Sources.txt:
1968         * WebCore.xcodeproj/project.pbxproj:
1969         * animation/AnimationEffect.cpp:
1970         (WebCore::AnimationEffect::localTime const):
1971         (WebCore::AnimationEffect::getComputedTiming):
1972         * animation/AnimationEffect.h:
1973         * animation/AnimationEffect.idl:
1974         * animation/AnimationEffectTiming.cpp:
1975         (WebCore::AnimationEffectTiming::AnimationEffectTiming):
1976         (WebCore::AnimationEffectTiming::setIterationStart):
1977         (WebCore::AnimationEffectTiming::setIterations):
1978         (WebCore::AnimationEffectTiming::bindingsDuration const):
1979         (WebCore::AnimationEffectTiming::setBindingsDuration):
1980         (WebCore::AnimationEffectTiming::endTime const):
1981         (WebCore::AnimationEffectTiming::activeDuration const):
1982         * animation/AnimationEffectTiming.h:
1983         * animation/AnimationEffectTiming.idl:
1984         * animation/AnimationPlaybackEvent.cpp:
1985         (WebCore::AnimationPlaybackEvent::bindingsCurrentTime const):
1986         (WebCore::AnimationPlaybackEvent::bindingsTimelineTime const):
1987         * animation/AnimationTimeline.cpp:
1988         (WebCore::AnimationTimeline::bindingsCurrentTime):
1989         * animation/ComputedTimingProperties.h: Added.
1990         * animation/ComputedTimingProperties.idl: Added. We set nullable double values to a default value of "null" since
1991         otherwise setting those properties to a null value would not set the properties in the converted JS dictionary.
1992         * animation/KeyframeEffect.cpp:
1993         (WebCore::KeyframeEffect::create): Handle new timing properties passed in the KeyframeEffectOptions dictionary.
1994         (WebCore::KeyframeEffect::applyAtLocalTime):
1995         (WebCore::KeyframeEffect::getAnimatedStyle):
1996         (WebCore::KeyframeEffect::startOrStopAccelerated):
1997         * animation/WebAnimation.cpp:
1998         (WebCore::WebAnimation::bindingsStartTime const):
1999         (WebCore::WebAnimation::bindingsCurrentTime const):
2000         (WebCore::WebAnimation::effectEndTime const):
2001         (WebCore::WebAnimation::timeToNextRequiredTick const):
2002         * animation/WebAnimationUtilities.h: Added.
2003         (WebCore::secondsToWebAnimationsAPITime):
2004
2005 2018-01-19  Alex Christensen  <achristensen@webkit.org>
2006
2007         Remove dead networking code
2008         https://bugs.webkit.org/show_bug.cgi?id=181813
2009
2010         Reviewed by Tim Horton.
2011
2012         CFURLConnection is only used on Windows.
2013
2014         * platform/network/cf/ResourceError.h:
2015         * platform/network/cf/ResourceRequest.h:
2016         (WebCore::ResourceRequest::encodingRequiresPlatformData const):
2017         * platform/network/cf/ResourceRequestCFNet.cpp:
2018         (WebCore::findCFURLRequestCopyContentDispositionEncodingFallbackArrayFunction):
2019         (WebCore::ResourceRequest::doUpdatePlatformRequest):
2020         (WebCore::ResourceRequest::doUpdatePlatformHTTPBody):
2021         (WebCore::ResourceRequest::doUpdateResourceRequest):
2022         (WebCore::ResourceRequest::setStorageSession):
2023         * platform/network/cf/ResourceResponse.h:
2024         (WebCore::ResourceResponse::ResourceResponse):
2025
2026 2018-01-19  Alex Christensen  <achristensen@webkit.org>
2027
2028         Remove unused WebViewPrivate _allowCookies
2029         https://bugs.webkit.org/show_bug.cgi?id=181812
2030
2031         Reviewed by Tim Horton.
2032
2033         This SPI was in the original iOS upstreaming and has not been used in many years.
2034
2035         * platform/network/ResourceRequestBase.cpp:
2036         (WebCore::ResourceRequestBase::setDefaultAllowCookies): Deleted.
2037         (WebCore::ResourceRequestBase::defaultAllowCookies): Deleted.
2038         * platform/network/ResourceRequestBase.h:
2039         (WebCore::ResourceRequestBase::ResourceRequestBase):
2040
2041 2018-01-18  Brady Eidson  <beidson@apple.com>
2042
2043         Make in-process MessagePorts be (mostly) asynchronous
2044         https://bugs.webkit.org/show_bug.cgi?id=181454
2045
2046         Reviewed by Alex Christensen.
2047
2048         No new tests (Covered *brutally* by existing tests)
2049
2050         Part of making MessagePorts be a thing we can pass across processes is making them work async.
2051         
2052         The existing "MessagePortChannel" method of abstraction was not cut out for this.
2053         This patch gets rid of MessagePortChannel and adds a new MessagePortChannelProvider abstraction.
2054         It then gets the new machinery working in-process (with some pieces of out-of-process in place)
2055
2056         One synchronous behavior this patch maintains is the hasPendingActivity() check used to support GC.
2057         That will (creatively) be made async in the next followup.
2058         
2059         More generally from MessagePorts, this patch also adds a "MessageWithMessagePorts" object to be used
2060         with all forms of postMessage(). Much better.
2061         
2062         * CMakeLists.txt:
2063         * Sources.txt:
2064         * WebCore.xcodeproj/project.pbxproj:
2065
2066         * dom/InProcessMessagePortChannel.cpp: Removed.
2067         * dom/InProcessMessagePortChannel.h: Removed.
2068         * dom/MessagePortChannel.cpp: Removed.
2069         * dom/MessagePortChannel.h: Removed.
2070
2071         * dom/MessageChannel.cpp:
2072         (WebCore::MessageChannel::create):
2073         (WebCore::MessageChannel::MessageChannel):
2074         (WebCore::m_port2): Deleted.
2075         * dom/MessageChannel.h:
2076         (WebCore::MessageChannel::create): Deleted.
2077
2078         * dom/MessagePort.cpp:
2079         (WebCore::MessagePort::create):
2080         (WebCore::MessagePort::MessagePort):
2081         (WebCore::MessagePort::~MessagePort):
2082         (WebCore::MessagePort::entangle):
2083         (WebCore::MessagePort::postMessage):
2084         (WebCore::MessagePort::disentangle):
2085         (WebCore::MessagePort::messageAvailable):
2086         (WebCore::MessagePort::start):
2087         (WebCore::MessagePort::close):
2088         (WebCore::MessagePort::contextDestroyed):
2089         (WebCore::MessagePort::dispatchMessages):
2090         (WebCore::MessagePort::hasPendingActivity const):
2091         (WebCore::MessagePort::locallyEntangledPort const):
2092         (WebCore::MessagePort::disentanglePorts):
2093         (WebCore::MessagePort::entanglePorts):
2094         (WebCore::MessagePort::entangleWithRemote): Deleted.
2095         * dom/MessagePort.h:
2096
2097         * dom/MessagePortIdentifier.h:
2098         (WebCore::MessagePortIdentifier::logString const):
2099
2100         * dom/ScriptExecutionContext.cpp:
2101         (WebCore::ScriptExecutionContext::processMessageWithMessagePortsSoon):
2102         (WebCore::ScriptExecutionContext::dispatchMessagePortEvents):
2103         (WebCore::ScriptExecutionContext::processMessagePortMessagesSoon): Deleted.
2104         * dom/ScriptExecutionContext.h:
2105
2106         Add a single object that represents two intertwined ports, tracks their pending
2107         messages, tracks which process they're in, etc etc:
2108         * dom/messageports/MessagePortChannel.cpp: Added.
2109         (WebCore::MessagePortChannel::create):
2110         (WebCore::MessagePortChannel::MessagePortChannel):
2111         (WebCore::MessagePortChannel::~MessagePortChannel):
2112         (WebCore::MessagePortChannel::includesPort):
2113         (WebCore::MessagePortChannel::entanglePortWithProcess):
2114         (WebCore::MessagePortChannel::disentanglePort):
2115         (WebCore::MessagePortChannel::closePort):
2116         (WebCore::MessagePortChannel::postMessageToRemote):
2117         (WebCore::MessagePortChannel::takeAllMessagesForPort):
2118         (WebCore::MessagePortChannel::hasAnyMessagesPendingOrInFlight const):
2119         * dom/messageports/MessagePortChannel.h: Added.
2120         (WebCore::MessagePortChannel::port1 const):
2121         (WebCore::MessagePortChannel::port2 const):
2122         (WebCore::MessagePortChannel::logString const):
2123
2124         Abstraction for creating and operating on MessagePorts in a potentially cross-process way:
2125         * dom/messageports/MessagePortChannelProvider.cpp: Added.
2126         (WebCore::MessagePortChannelProvider::singleton):
2127         (WebCore::MessagePortChannelProvider::setSharedProvider):
2128         * dom/messageports/MessagePortChannelProvider.h: Added.
2129         (WebCore::MessagePortChannelProvider::~MessagePortChannelProvider):
2130
2131         Adds a concrete implementation of that provider to be used in-process (e.g. WK1):
2132         * dom/messageports/MessagePortChannelProviderImpl.cpp: Added.
2133         (WebCore::MessagePortChannelProviderImpl::~MessagePortChannelProviderImpl):
2134         (WebCore::MessagePortChannelProviderImpl::performActionOnAppropriateThread):
2135         (WebCore::MessagePortChannelProviderImpl::createNewMessagePortChannel):
2136         (WebCore::MessagePortChannelProviderImpl::entangleLocalPortInThisProcessToRemote):
2137         (WebCore::MessagePortChannelProviderImpl::messagePortDisentangled):
2138         (WebCore::MessagePortChannelProviderImpl::messagePortClosed):
2139         (WebCore::MessagePortChannelProviderImpl::postMessageToRemote):
2140         (WebCore::MessagePortChannelProviderImpl::takeAllMessagesForPort):
2141         (WebCore::MessagePortChannelProviderImpl::hasMessagesForPorts_temporarySync):
2142         * dom/messageports/MessagePortChannelProviderImpl.h: Added.
2143
2144         Adds a main thread object to handle the set of all MessagePortChannels that are open.
2145         For now it lives in the WebProcess, but for out-of-process it will live in the UIProcess:
2146         * dom/messageports/MessagePortChannelRegistry.cpp: Added.
2147         (WebCore::MessagePortChannelRegistry::~MessagePortChannelRegistry):
2148         (WebCore::MessagePortChannelRegistry::didCreateMessagePortChannel):
2149         (WebCore::MessagePortChannelRegistry::messagePortChannelCreated):
2150         (WebCore::MessagePortChannelRegistry::messagePortChannelDestroyed):
2151         (WebCore::MessagePortChannelRegistry::didEntangleLocalToRemote):
2152         (WebCore::MessagePortChannelRegistry::didDisentangleMessagePort):
2153         (WebCore::MessagePortChannelRegistry::didCloseMessagePort):
2154         (WebCore::MessagePortChannelRegistry::didPostMessageToRemote):
2155         (WebCore::MessagePortChannelRegistry::takeAllMessagesForPort):
2156         (WebCore::MessagePortChannelRegistry::hasMessagesForPorts_temporarySync): This is named against style
2157           and weird on purpose - to call attention to how bad it is and how it's temporary.
2158         (WebCore::MessagePortChannelRegistry::existingChannelContainingPort):
2159         * dom/messageports/MessagePortChannelRegistry.h: Added.
2160
2161         Add an object that represents a "SerializedScriptValue for the message payload and the ports
2162         that are being transferred along with that payload". This is used in all forms of postMessage():
2163         * dom/messageports/MessageWithMessagePorts.cpp: Added.
2164         * dom/messageports/MessageWithMessagePorts.h: Added.
2165
2166         * page/DOMWindow.cpp:
2167         (WebCore::PostMessageTimer::PostMessageTimer):
2168         (WebCore::PostMessageTimer::event):
2169         (WebCore::DOMWindow::postMessage):
2170
2171         * platform/Logging.h:
2172
2173         * workers/DedicatedWorkerGlobalScope.cpp:
2174         (WebCore::DedicatedWorkerGlobalScope::postMessage):
2175
2176         * workers/Worker.cpp:
2177         (WebCore::Worker::postMessage):
2178
2179         * workers/WorkerGlobalScopeProxy.h:
2180
2181         * workers/WorkerMessagingProxy.cpp:
2182         (WebCore::WorkerMessagingProxy::postMessageToWorkerObject):
2183         (WebCore::WorkerMessagingProxy::postMessageToWorkerGlobalScope):
2184         * workers/WorkerMessagingProxy.h:
2185
2186         * workers/WorkerObjectProxy.h:
2187
2188         * workers/service/ServiceWorker.cpp:
2189         (WebCore::ServiceWorker::postMessage):
2190
2191         * workers/service/ServiceWorkerClient.cpp:
2192         (WebCore::ServiceWorkerClient::postMessage):
2193
2194         * workers/service/context/SWContextManager.cpp:
2195         (WebCore::SWContextManager::postMessageToServiceWorker):
2196
2197         * workers/service/context/ServiceWorkerThread.cpp:
2198         (WebCore::fireMessageEvent):
2199         (WebCore::ServiceWorkerThread::postMessageToServiceWorker):
2200         * workers/service/context/ServiceWorkerThread.h:
2201
2202 2018-01-18  Ryan Haddad  <ryanhaddad@apple.com>
2203
2204         Unreviewed build fix, removed unused lambda capture.
2205
2206         * workers/service/context/SWContextManager.cpp:
2207         (WebCore::SWContextManager::ServiceWorkerTerminationRequest::ServiceWorkerTerminationRequest):
2208
2209 2018-01-18  Chris Dumez  <cdumez@apple.com>
2210
2211         We should be able to terminate service workers that are unresponsive
2212         https://bugs.webkit.org/show_bug.cgi?id=181563
2213         <rdar://problem/35280031>
2214
2215         Reviewed by Alex Christensen.
2216
2217         Test: http/tests/workers/service/postmessage-after-terminating-hung-worker.html
2218
2219         * workers/service/context/SWContextManager.cpp:
2220         (WebCore::SWContextManager::terminateWorker):
2221         Before calling WorkerThread::stop(), set a timer with the given timeout parameter.
2222         If the worker thread has not stopped when the timer fires, forcefully exit the
2223         service worker process. The StorageProcess will take care of relaunching the
2224         service worker process if it exits abruptly.
2225
2226         (WebCore::SWContextManager::serviceWorkerFailedToTerminate):
2227         Log error message if we failed to terminate a service worker and call exit().
2228
2229         (WebCore::SWContextManager::ServiceWorkerTerminationRequest::ServiceWorkerTerminationRequest):
2230
2231         * workers/service/context/SWContextManager.h:
2232
2233 2018-01-18  Youenn Fablet  <youenn@apple.com>
2234
2235         Do not go to the storage process when loading a main resource if there is no service worker registered
2236         https://bugs.webkit.org/show_bug.cgi?id=181395
2237
2238         Reviewed by Chris Dumez.
2239
2240         No observable behavior change.
2241         Instead of creating a connection to know whether there is a potential service worker,
2242         Ask the service worker provider that will use the connection if needed.
2243         Otherwise, it will use a default value provided by the UIProcess.
2244
2245         Tested by cleaning all service workers and checking the computed value of the default value,
2246         then observing whether pages registering service workers work well.
2247
2248         * loader/DocumentLoader.cpp:
2249         (WebCore::DocumentLoader::startLoadingMainResource):
2250         * workers/service/ServiceWorkerProvider.cpp:
2251         (WebCore::ServiceWorkerProvider::mayHaveServiceWorkerRegisteredForOrigin):
2252         * workers/service/ServiceWorkerProvider.h:
2253
2254 2018-01-18  Dan Bernstein  <mitz@apple.com>
2255
2256         [Xcode] Streamline and future-proof target-macOS-version-dependent build setting definitions
2257         https://bugs.webkit.org/show_bug.cgi?id=181803
2258
2259         Reviewed by Tim Horton.
2260
2261         * Configurations/Base.xcconfig: Updated.
2262         * Configurations/DebugRelease.xcconfig: Ditto.
2263         * Configurations/FeatureDefines.xcconfig: Adopted macOSTargetConditionals helpers.
2264         * Configurations/Version.xcconfig: Updated.
2265         * Configurations/macOSTargetConditionals.xcconfig: Added. Defines helper build settings
2266           useful for defining settings that depend on the target macOS version.
2267
2268 2018-01-18  Chris Dumez  <cdumez@apple.com>
2269
2270         Service Workers restored from persistent storage have 'redundant' state
2271         https://bugs.webkit.org/show_bug.cgi?id=181749
2272         <rdar://problem/36556486>
2273
2274         Reviewed by Youenn Fablet.
2275
2276         Tested by new API test.
2277
2278         * workers/service/server/SWServer.cpp:
2279         (WebCore::SWServer::installContextData):
2280         Make sure the SWServerWorker's state is set to "activated" after it is assigned to
2281         the registrations' active slot. Otherwise, it stays in its default state (redundant).
2282
2283 2018-01-18  Antti Koivisto  <antti@apple.com>
2284
2285         REGRESSION(r225650): The scores of MotionMark tests Multiply and Leaves dropped by 8%
2286         https://bugs.webkit.org/show_bug.cgi?id=181460
2287         <rdar://problem/36379776>
2288
2289         Reviewed by Ryosuke Niwa.
2290
2291         * css/parser/CSSParser.cpp:
2292         (WebCore::CSSParserContext::CSSParserContext):
2293
2294         Don't do the expensive security origin test if the supplied sheet base URL is null. This
2295         is true for rules coming from the same document.
2296
2297 2018-01-18  Antti Koivisto  <antti@apple.com>
2298
2299         REGRESSION (r223604): Setting :before/after pseudo element on <noscript> asserts
2300         https://bugs.webkit.org/show_bug.cgi?id=181795
2301         <rdar://problem/36334524>
2302
2303         Reviewed by David Kilzer.
2304
2305         <noscript> disallows renderer generation outside CSS mechanisms, however we would still construct
2306         PseudoElements for them during style resolution. These were never removed properly because the
2307         pseudo element removal was tied to render tree teardown. Without proper removal the associated
2308         animations were also not canceled.
2309
2310         Test: fast/css-generated-content/noscript-pseudo-anim-crash.html
2311
2312         * dom/Element.cpp:
2313         (WebCore::Element::removedFromAncestor):
2314
2315         Take care to get rid of PseudoElements when the element is removed from the tree.
2316         This also cancels any associated animations.
2317
2318 2018-01-18  Chris Fleizach  <cfleizach@apple.com>
2319
2320         AX: Aria-activedescendant not supported
2321         https://bugs.webkit.org/show_bug.cgi?id=161734
2322         <rdar://problem/28202679>
2323
2324         Reviewed by Joanmarie Diggs.
2325
2326         When a combo-box owns/controls a list/listbox/grid/tree, the owned element needs to check the active-descendant of the combobox when
2327         checking if it has selected children. 
2328         The target of the selection change notification should also be the owned element in these cases.
2329
2330         Test: accessibility/aria-combobox-controlling-list.html
2331
2332         * accessibility/AccessibilityObject.cpp:
2333         (WebCore::AccessibilityObject::selectedListItem):
2334         * accessibility/AccessibilityObject.h:
2335         * accessibility/AccessibilityRenderObject.cpp:
2336         (WebCore::AccessibilityRenderObject::targetElementForActiveDescendant const):
2337         (WebCore::AccessibilityRenderObject::handleActiveDescendantChanged):
2338         (WebCore::AccessibilityRenderObject::canHaveSelectedChildren const):
2339         (WebCore::AccessibilityRenderObject::selectedChildren):
2340         * accessibility/AccessibilityRenderObject.h:
2341         * accessibility/mac/AXObjectCacheMac.mm:
2342         (WebCore::AXObjectCache::postPlatformNotification):
2343
2344 2018-01-17  Per Arne Vollan  <pvollan@apple.com>
2345
2346         REGRESSION (r224780): Text stroke not applied to video captions.
2347         https://bugs.webkit.org/show_bug.cgi?id=181743
2348         <rdar://problem/35874338>
2349
2350         Reviewed by Simon Fraser.
2351
2352         Tests: media/track/track-css-visible-stroke-expected.html
2353                media/track/track-css-visible-stroke.html
2354
2355         After r224780, it is no longer possible to mix text stroke styles with webkit
2356         legacy text stroke styles.
2357
2358         * css/StyleResolver.cpp:
2359         (WebCore::isValidCueStyleProperty):
2360         * page/CaptionUserPreferencesMediaAF.cpp:
2361         (WebCore::CaptionUserPreferencesMediaAF::captionsTextEdgeCSS const):
2362
2363 2018-01-18  Andy Estes  <aestes@apple.com>
2364
2365         [Payment Request] Support a default shipping address for Apple Pay
2366         https://bugs.webkit.org/show_bug.cgi?id=181754
2367         <rdar://problem/36009733>
2368
2369         Reviewed by Brady Eidson.
2370
2371         Move shippingContact from ApplePayPaymentRequest to ApplePayRequestBase. This allows
2372         merchants to specify a default shipping address when using Apple Pay with Payment Request.
2373
2374         This also fixes a bug found during testing where
2375         +[NSPersonNameComponentsFormatter localizedStringFromPersonNameComponents:style:options:]
2376         would throw an exception when passed a nil NSPersonNameComponents.
2377
2378         Test: http/tests/ssl/applepay/ApplePayRequestShippingContact.https.html
2379
2380         * Modules/applepay/ApplePayPaymentRequest.h:
2381         * Modules/applepay/ApplePayPaymentRequest.idl:
2382         * Modules/applepay/ApplePayRequestBase.cpp:
2383         (WebCore::convertAndValidate):
2384         * Modules/applepay/ApplePayRequestBase.h:
2385         * Modules/applepay/ApplePayRequestBase.idl:
2386         * Modules/applepay/ApplePaySession.cpp:
2387         (WebCore::convertAndValidate):
2388         * Modules/applepay/ApplePaySessionPaymentRequest.h:
2389         (WebCore::ApplePaySessionPaymentRequest::version const):
2390         (WebCore::ApplePaySessionPaymentRequest::setVersion):
2391         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
2392         (WebCore::convert):
2393         * Modules/applepay/paymentrequest/ApplePayRequest.idl:
2394         * testing/MockPaymentCoordinator.cpp:
2395         (WebCore::MockPaymentCoordinator::showPaymentUI):
2396         (WebCore::MockPaymentCoordinator::completeMerchantValidation):
2397         * testing/MockPaymentCoordinator.h:
2398
2399 2018-01-18  Wenson Hsieh  <wenson_hsieh@apple.com>
2400
2401         [iOS] Specify -[NSURL _title] for the associated URL when copying an image element
2402         https://bugs.webkit.org/show_bug.cgi?id=181783
2403         <rdar://problem/35785445>
2404
2405         Reviewed by Ryosuke Niwa.
2406
2407         Always specify the -[NSURL _title] to be either the title specified in a PasteboardImage's inner PasteboardURL,
2408         or if no title is specified, fall back to the user-visible URL string. This is because at least one internal
2409         client always tries to use the -_title property to determine the title of a pasted URL, or if none is specified,
2410         the -suggestedName. Since we need to set suggestedName to the preferred file name of the copied image and we
2411         don't want the suggested name to become the title of the link, we need to explicitly set the link title.
2412
2413         In doing so, this patch also fixes a bug wherein we forget to set the _title of the NSURL we're registering to
2414         an NSItemProvider.
2415
2416         Tests:  ActionSheetTests.CopyImageElementWithHREFAndTitle (new)
2417                 ActionSheetTests.CopyImageElementWithHREF (modified)
2418
2419         * platform/ios/PlatformPasteboardIOS.mm:
2420         (WebCore::PlatformPasteboard::write):
2421
2422 2018-01-17  Jer Noble  <jer.noble@apple.com>
2423
2424         WebVTT served via HLS never results in cues
2425         https://bugs.webkit.org/show_bug.cgi?id=181773
2426
2427         Reviewed by Eric Carlson.
2428
2429         Test: http/tests/media/hls/hls-webvtt-tracks.html
2430
2431         Three independant errors conspired to keep in-band WebVTT samples from parsing:
2432
2433         - The definition of ISOWebVTTCue::boxTypeName() was incorrect.
2434         - ISOWebVTTCue::parse() didn't call it's superclass's parse() method (leading to an incorrect size and offset).
2435         - Use String::fromUTF8() rather than String.adopt(StringVector&&).
2436
2437         * platform/graphics/iso/ISOVTTCue.cpp:
2438         (WebCore::ISOWebVTTCue::parse):
2439         * platform/graphics/iso/ISOVTTCue.h:
2440         (WebCore::ISOWebVTTCue::boxTypeName):
2441
2442 2018-01-17  John Wilander  <wilander@apple.com>
2443
2444         Resource Load Statistics: Block cookies for prevalent resources without user interaction
2445         https://bugs.webkit.org/show_bug.cgi?id=177394
2446         <rdar://problem/34613960>
2447
2448         Reviewed by Alex Christensen.
2449
2450         Tests: http/tests/resourceLoadStatistics/add-blocking-to-redirect.html
2451                http/tests/resourceLoadStatistics/non-prevalent-resources-can-access-cookies-in-a-third-party-context.html
2452                http/tests/resourceLoadStatistics/remove-blocking-in-redirect.html
2453                http/tests/resourceLoadStatistics/remove-partitioning-in-redirect.html
2454
2455         * platform/network/NetworkStorageSession.h:
2456             Now exports NetworkStorageSession::nsCookieStorage().
2457         * platform/network/cf/NetworkStorageSessionCFNet.cpp:
2458         (WebCore::NetworkStorageSession::setPrevalentDomainsToPartitionOrBlockCookies):
2459             Fixes the FIXME.
2460
2461 2018-01-17  Dean Jackson  <dino@apple.com>
2462
2463         Remove linked-on test for Snow Leopard
2464         https://bugs.webkit.org/show_bug.cgi?id=181770
2465
2466         Reviewed by Eric Carlson.
2467
2468         Remove a very old linked-on-or-after test.
2469
2470         * platform/graphics/ca/GraphicsLayerCA.cpp:
2471
2472 2018-01-17  Matt Lewis  <jlewis3@apple.com>
2473
2474         Unreviewed, rolling out r227098.
2475
2476         This broke the build.
2477
2478         Reverted changeset:
2479
2480         "Remove linked-on test for Snow Leopard"
2481         https://bugs.webkit.org/show_bug.cgi?id=181770
2482         https://trac.webkit.org/changeset/227098
2483
2484 2018-01-17  Dean Jackson  <dino@apple.com>
2485
2486         Remove linked-on test for Snow Leopard
2487         https://bugs.webkit.org/show_bug.cgi?id=181770
2488
2489         Reviewed by Eric Carlson.
2490
2491         Remove a very old linked-on-or-after test.
2492
2493         * platform/graphics/ca/GraphicsLayerCA.cpp:
2494
2495 2018-01-17  Stephan Szabo  <stephan.szabo@sony.com>
2496
2497         [Curl] Use ResourceRequest::encodeWithPlatformData()
2498         https://bugs.webkit.org/show_bug.cgi?id=181768
2499
2500         Reviewed by Alex Christensen.
2501
2502         No new tests, assertion hit in downstream port, should be covered by
2503         existing tests.
2504
2505         * platform/network/curl/ResourceRequest.h:
2506         (WebCore::ResourceRequest::encodeWithPlatformData const):
2507         (WebCore::ResourceRequest::decodeWithPlatformData):
2508
2509 2018-01-17  Eric Carlson  <eric.carlson@apple.com>
2510
2511         Use existing RGB colorspace instead of creating a new one
2512         https://bugs.webkit.org/show_bug.cgi?id=181765
2513         <rdar://problem/36595753>
2514
2515         Reviewed by Dean Jackson.
2516
2517         * platform/mediastream/mac/ScreenDisplayCaptureSourceMac.mm:
2518         (WebCore::ScreenDisplayCaptureSourceMac::createDisplayStream): Use sRGBColorSpaceRef instead
2519         of creating a new static colorspace.
2520
2521 2018-01-17  Matt Lewis  <jlewis3@apple.com>
2522
2523         Unreviewed, rolling out r227076.
2524
2525         This breaks internal builds
2526
2527         Reverted changeset:
2528
2529         "Resource Load Statistics: Block cookies for prevalent
2530         resources without user interaction"
2531         https://bugs.webkit.org/show_bug.cgi?id=177394
2532         https://trac.webkit.org/changeset/227076
2533
2534 2018-01-17  Ryosuke Niwa  <rniwa@webkit.org>
2535
2536         input and textarea elements should reveal selection in setSelection when focused
2537         https://bugs.webkit.org/show_bug.cgi?id=181715
2538         <rdar://problem/36570546>
2539
2540         Reviewed by Zalan Bujtas.
2541
2542         Made input and textarea elements reveal selection in FrameSelection::setSelection instead of by directly
2543         invoking FrameSelection::revealSelection in their respective updateFocusAppearance to unify code paths.
2544
2545         Also added options to reveal selection up to the main frame to SetSelectionOption to be used in iOS.
2546
2547         * editing/FrameSelection.cpp:
2548         (WebCore::FrameSelection::FrameSelection):
2549         (WebCore::FrameSelection::moveWithoutValidationTo): Takes SelectionRevealMode as an argument and converts
2550         sets appropriate selection options.
2551         (WebCore::FrameSelection::setSelection): Reconstruct SelectionRevealMode out of selection option sets.
2552         (WebCore::FrameSelection::updateAndRevealSelection):
2553         * editing/FrameSelection.h:
2554         (WebCore::FrameSelection): Added RevealSelectionUpToMainFrame as a SelectionRevealMode and replaced
2555         m_shouldRevealSelection by m_selectionRevealMode.
2556         * html/HTMLInputElement.cpp:
2557         (WebCore::HTMLInputElement::updateFocusAppearance): Pass SelectionRevealMode to HTMLTextFormControlElement's
2558         select and restoreCachedSelection instead of directly invoking FrameSelection::revealSelection.
2559         * html/HTMLTextAreaElement.cpp:
2560         (WebCore::HTMLTextAreaElement::updateFocusAppearance): Ditto.
2561         * html/HTMLTextFormControlElement.cpp:
2562         (WebCore::HTMLTextFormControlElement::select):
2563         (WebCore::HTMLTextFormControlElement::setSelectionRange):
2564         (WebCore::HTMLTextFormControlElement::restoreCachedSelection):
2565         * html/HTMLTextFormControlElement.h:
2566
2567 2018-01-17  Michael Catanzaro  <mcatanzaro@igalia.com>
2568
2569         WEBKIT_FRAMEWORK should not modify file-global include directories
2570         https://bugs.webkit.org/show_bug.cgi?id=181656
2571
2572         Reviewed by Konstantin Tokarev.
2573
2574         * CMakeLists.txt:
2575         * PlatformWPE.cmake:
2576
2577 2018-01-17  Michael Catanzaro  <mcatanzaro@igalia.com>
2578
2579         [GTK] Try even harder not to static link WTF into libwebkit2gtk
2580         https://bugs.webkit.org/show_bug.cgi?id=181751
2581
2582         Reviewed by Alex Christensen.
2583
2584         We don't want two copies of WTF. It should only be in libjavascriptcoregtk.
2585
2586         * PlatformGTK.cmake:
2587
2588 2018-01-17  Zalan Bujtas  <zalan@apple.com>
2589
2590         Multicol: RenderMultiColumnFlow should not inherit the flow state
2591         https://bugs.webkit.org/show_bug.cgi?id=181762
2592         <rdar://problem/35448565>
2593
2594         Reviewed by Simon Fraser.
2595
2596         Do not compute the inherited flow state flag for RenderMultiColumnFlow.
2597         It is (by definition) always inside a fragmented flow.
2598
2599         Test: fast/multicol/crash-when-out-of-flow-positioned-becomes-in-flow.html
2600
2601         * rendering/RenderObject.cpp:
2602         (WebCore::RenderObject::computedFragmentedFlowState):
2603
2604 2018-01-17  Alex Christensen  <achristensen@webkit.org>
2605
2606         Deprecate Application Cache
2607         https://bugs.webkit.org/show_bug.cgi?id=181764
2608
2609         Reviewed by Geoffrey Garen.
2610
2611         * features.json:
2612
2613 2018-01-17  Wenson Hsieh  <wenson_hsieh@apple.com>
2614
2615         [iOS simulator] API test WKAttachmentTests.InjectedBundleReplaceURLWhenPastingImage is failing
2616         https://bugs.webkit.org/show_bug.cgi?id=181758
2617
2618         Reviewed by Tim Horton.
2619
2620         This test is failing because Editor::clientReplacementURLForResource expects a MIME type, but on iOS, the type
2621         paramter passed into WebContentReader::readImage is a UTI; subsequently, the bundle editing delegate receives
2622         a MIME type that's actually a UTI, which is incorrect. To address this, ensure that a MIME type is passed to
2623         bundle SPI by converting the type in WebContentReader::readImage to a MIME type.
2624
2625         * editing/cocoa/WebContentReaderCocoa.mm:
2626         (WebCore::WebContentReader::readImage):
2627
2628 2018-01-17  Antti Koivisto  <antti@apple.com>
2629
2630         REGRESSION (r226385?): Crash in com.apple.WebCore: WebCore::MediaQueryEvaluator::evaluate const + 32
2631         https://bugs.webkit.org/show_bug.cgi?id=181742
2632         <rdar://problem/36334726>
2633
2634         Reviewed by David Kilzer.
2635
2636         Test: fast/media/mediaqueryevaluator-crash.html
2637
2638         * css/MediaQueryEvaluator.cpp:
2639         (WebCore::MediaQueryEvaluator::MediaQueryEvaluator):
2640
2641         Use WeakPtr<Document> instead of a plain Frame pointer.
2642
2643         (WebCore::MediaQueryEvaluator::evaluate const):
2644
2645         Get the frame via document.
2646
2647         * css/MediaQueryEvaluator.h:
2648         * dom/Document.cpp:
2649         (WebCore::Document::prepareForDestruction):
2650
2651         Take care to clear style resolver.
2652
2653 2018-01-17  Youenn Fablet  <youenn@apple.com>
2654
2655         Put fetch request keepAlive behind a runtime flag
2656         https://bugs.webkit.org/show_bug.cgi?id=181592
2657
2658         Reviewed by Chris Dumez.
2659
2660         No change of behavior.
2661
2662         * Modules/fetch/FetchRequest.idl:
2663         * page/RuntimeEnabledFeatures.h:
2664         (WebCore::RuntimeEnabledFeatures::fetchAPIKeepAliveEnabled const):
2665         (WebCore::RuntimeEnabledFeatures::setFetchAPIKeepAliveEnabled):
2666
2667 2018-01-17  Per Arne Vollan  <pvollan@apple.com>
2668
2669         [Win] Use switch when converting from ResourceRequestCachePolicy to platform cache policy.
2670         https://bugs.webkit.org/show_bug.cgi?id=181686
2671
2672         Reviewed by Alex Christensen.
2673
2674         No new tests, covered by existing tests.
2675
2676         A switch will make the function easier on the eyes. Also, use the function in places where the ResourceRequestCachePolicy
2677         is just casted to a platform cache policy.
2678
2679         * platform/network/cf/ResourceRequestCFNet.cpp:
2680         (WebCore::toPlatformRequestCachePolicy):
2681
2682 2018-01-17  John Wilander  <wilander@apple.com>
2683
2684         Resource Load Statistics: Block cookies for prevalent resources without user interaction
2685         https://bugs.webkit.org/show_bug.cgi?id=177394
2686         <rdar://problem/34613960>
2687
2688         Reviewed by Alex Christensen.
2689
2690         Tests: http/tests/resourceLoadStatistics/add-blocking-to-redirect.html
2691                http/tests/resourceLoadStatistics/non-prevalent-resources-can-access-cookies-in-a-third-party-context.html
2692                http/tests/resourceLoadStatistics/remove-blocking-in-redirect.html
2693                http/tests/resourceLoadStatistics/remove-partitioning-in-redirect.html
2694
2695         * platform/network/NetworkStorageSession.h:
2696             Now exports NetworkStorageSession::nsCookieStorage().
2697         * platform/network/cf/NetworkStorageSessionCFNet.cpp:
2698         (WebCore::NetworkStorageSession::setPrevalentDomainsToPartitionOrBlockCookies):
2699             Fixes the FIXME.
2700
2701 2018-01-17  Daniel Bates  <dabates@apple.com>
2702
2703         REGRESSION (r222795): Cardiogram never signs in
2704         https://bugs.webkit.org/show_bug.cgi?id=181693
2705         <rdar://problem/36286293>
2706
2707         Reviewed by Ryosuke Niwa.
2708
2709         Exempt Cardiogram from the XHR header restrictions in r222795.
2710
2711         Following r222795 only Dashboard widgets are allowed to set arbitrary XHR headers.
2712         However Cardiogram also depends on such functionality.
2713
2714         Test: fast/xmlhttprequest/set-dangerous-headers-from-file-when-setting-enabled.html
2715
2716         * page/Settings.yaml:
2717         * platform/RuntimeApplicationChecks.h:
2718         * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
2719         (WebCore::IOSApplication::isCardiogram):
2720         * xml/XMLHttpRequest.cpp:
2721         (WebCore::XMLHttpRequest::setRequestHeader):
2722
2723 2018-01-17  Daniel Bates  <dabates@apple.com>
2724
2725         ASSERTION FAILED: !m_completionHandler in PingHandle::~PingHandle()
2726         https://bugs.webkit.org/show_bug.cgi?id=181746
2727         <rdar://problem/36586248>
2728
2729         Reviewed by Chris Dumez.
2730
2731         Call PingHandle::pingLoadComplete() with an error when NSURLConnection queries
2732         whether the ping is able to respond to an authentication request. (Pings do not
2733         respond to authenticate requests.) It will call the completion handler, nullify
2734         the completion handler, and deallocate the PingHandle. Nullifying the completion
2735         handler is necessary to avoid the assertion failure in ~PingHandle().
2736
2737         Test: http/tests/misc/before-unload-load-image.html
2738
2739         * platform/network/PingHandle.h:
2740
2741 2018-01-17  Daniel Bates  <dabates@apple.com>
2742
2743         WebCoreResourceHandleAsOperationQueueDelegate/ResourceHandleCFURLConnectionDelegateWithOperationQueue may
2744         be deleted in main thread callback
2745         https://bugs.webkit.org/show_bug.cgi?id=181747
2746         <rdar://problem/36588120>
2747
2748         Reviewed by Alex Christensen.
2749
2750         Retain the delegate (e.g. WebCoreResourceHandleAsOperationQueueDelegate) before scheduling
2751         a main thread callback and blocking on a semaphore for its reply because the main thread
2752         callback can do anything, including deleting the delegate, before the non-main thread
2753         has a chance to execute. For instance, a PingHandle will delete itself (and hence delete
2754         its resource handle delegate) in most of the code paths invoked by the delegate.
2755
2756         * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
2757         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):
2758         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
2759         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse):
2760         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::canRespondToProtectionSpace):
2761         * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
2762         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:]):
2763         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:canAuthenticateAgainstProtectionSpace:]):
2764         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
2765         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willCacheResponse:]):
2766
2767 2018-01-17  Chris Dumez  <cdumez@apple.com>
2768
2769         'fetch' event may be sent to a service worker before its state is set to 'activated'
2770         https://bugs.webkit.org/show_bug.cgi?id=181698
2771         <rdar://problem/36554856>
2772
2773         Reviewed by Youenn Fablet.
2774
2775         'fetch' event may be sent to a service worker before its state is set to 'activated'.
2776         When the registration's active worker needs to intercept a load, and its state is 'activating',
2777         we queue the request to send the fetch event in SWServerWorker::m_whenActivatedHandlers.
2778         Once the SWServerWorker::setState() is called with 'activated' state, we then call the
2779         handlers in m_whenActivatedHandlers to make send the fetch event now that the worker is
2780         activated. The issue is that even though the worker is activated and its state was set to
2781         'activated' on Storage process side, we had not yet notified the ServiceWorker process
2782         of the service worker's new state yet.
2783
2784         To address the issue, we now make sure that SWServerWorker::m_whenActivatedHandlers are
2785         called *after* we've sent the IPC to the ServiceWorker process to update the worker's
2786         state to 'activated'. Also, we now call ServiceWorkerFetch::dispatchFetchEvent()
2787         asynchronously in a postTask() as the service worker's state is also updated asynchronously
2788         in a postTask. This is as per specification [1], which says to "queue a task" to fire
2789         the fetch event.
2790
2791         [1] https://w3c.github.io/ServiceWorker/#on-fetch-request-algorithm (step 18)
2792
2793         No new tests, covered by imported/w3c/web-platform-tests/service-workers/service-worker/fetch-waits-for-activate.https.html
2794         which hits the new assertion without the fix.
2795
2796         * workers/service/context/ServiceWorkerFetch.cpp:
2797         (WebCore::ServiceWorkerFetch::dispatchFetchEvent):
2798         Add assertions to make sure that we dispatch the fetch event on the right worker and
2799         that the worker is in 'activated' state.
2800
2801         * workers/service/context/ServiceWorkerThread.cpp:
2802         (WebCore::ServiceWorkerThread::postFetchTask):
2803         Queue a task to fire the fetch event as per:
2804         - https://w3c.github.io/ServiceWorker/#on-fetch-request-algorithm (step 18)
2805         We need to match the specification exactly here or things will happen in the wrong
2806         order. In particular, things like "update registration state" and "update worker state"
2807         might happen *after* firing the fetch event, even though the IPC for "update registration/worker
2808         state" was sent before the "fire fetch event" one, because the code for updating a registration/
2809         worker state already queues a task, as per the specification.
2810
2811         * workers/service/server/SWServerRegistration.cpp:
2812         (WebCore::SWServerRegistration::updateWorkerState):
2813         * workers/service/server/SWServerRegistration.h:
2814         * workers/service/server/SWServerWorker.cpp:
2815         (WebCore::SWServerWorker::setState):
2816         Move code to send the IPC to the Service Worker process whenever the service worker's state
2817         needs to be updated from SWServerRegistration::updateWorkerState() to SWServerWorker::setState().
2818         This way, we can make sure the IPC is sent *before* we call the m_whenActivatedHandlers handlers,
2819         as they may also send IPC to the Service Worker process, and we need to make sure this IPC happens
2820         after so that the service worker is in the right state.
2821
2822 2018-01-17  Stephan Szabo  <stephan.szabo@sony.com>
2823
2824         Page.cpp only sees forward declaration of ApplicationStateChangeListener when ENABLE(VIDEO) is off
2825         https://bugs.webkit.org/show_bug.cgi?id=181713
2826
2827         Reviewed by Darin Adler.
2828
2829         No new tests (build fix).
2830
2831         * page/Page.cpp: Add include for ApplicationStateChangeListener
2832
2833 2018-01-17  Wenson Hsieh  <wenson_hsieh@apple.com>
2834
2835         Add injected bundle SPI to replace subresource URLs when dropping or pasting rich content
2836         https://bugs.webkit.org/show_bug.cgi?id=181637
2837         <rdar://problem/36508471>
2838
2839         Reviewed by Tim Horton.
2840
2841         Before carrying out blob URL conversion for pasted or dropped rich content, let the editor client replace
2842         subresource URLs in WebKit2 by calling out to new injected bundle SPI. See comments below for more detail.
2843
2844         Tests:  WKAttachmentTests.InjectedBundleReplaceURLsWhenPastingAttributedString
2845                 WKAttachmentTests.InjectedBundleReplaceURLWhenPastingImage
2846
2847         * editing/Editor.cpp:
2848         (WebCore::Editor::clientReplacementURLForResource):
2849         * editing/Editor.h:
2850
2851         Add a new helper to call out to the editor client for a URL string to replace a given ArchiveResource. In
2852         WebKit2, this calls out to the injected bundle's new `replacementURLForResource` SPI hook.
2853
2854         * editing/cocoa/WebContentReaderCocoa.mm:
2855         (WebCore::shouldReplaceSubresourceURL):
2856         (WebCore::replaceRichContentWithAttachments):
2857         (WebCore::replaceSubresourceURLsWithURLsFromClient):
2858
2859         Add a new static helper to replace subresource URLs in the given DocumentFragment with URLs supplied by the
2860         editor client. Additionally builds a list of ArchiveResources that have not been replaced, for use at call sites
2861         so that we don't unnecessarily create more Blobs for ArchiveResources that have already been replaced.
2862
2863         (WebCore::createFragmentAndAddResources):
2864         (WebCore::sanitizeMarkupWithArchive):
2865
2866         Tweak web content reading codepaths to first replace subresource URLs with editor-client-supplied URLs.
2867
2868         (WebCore::WebContentReader::readImage):
2869         (WebCore::shouldConvertToBlob): Deleted.
2870
2871         Rename this helper to shouldReplaceSubresourceURL, blob URL replacement is no longer the only scenario in which
2872         we replace resource URLs, but in both cases, we still want to ignore `http:`-family and `data:` URLs.
2873
2874         * loader/EmptyClients.cpp:
2875         * page/EditorClient.h:
2876
2877 2018-01-17  Yacine Bandou  <yacine.bandou_ext@softathome.com>
2878         [EME][GStreamer] Add the full-sample encryption support in the GStreamer ClearKey decryptor
2879         https://bugs.webkit.org/show_bug.cgi?id=180080
2880
2881         Reviewed by Xabier Rodriguez-Calvar.
2882
2883         Currently the GStreamer clearKey decryptor doesn't support the full-sample encryption,
2884         where the buffer is entirely encrypted, it supports only the sub-sample encryption.
2885
2886         Test: media/encrypted-media/clearKey/clearKey-cenc-audio-playback-mse.html
2887
2888         * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
2889         (webKitMediaClearKeyDecryptorDecrypt):
2890
2891 2018-01-17  Zan Dobersek  <zdobersek@igalia.com>
2892
2893         Unreviewed follow-up to r227051.
2894
2895         * platform/graphics/cairo/CairoOperations.h: Fix declaration of the
2896         fillRoundedRect() function by removing the bool parameter that's not
2897         used at all in the definition. This went unspotted due to the unified
2898         source build including the implementation file before fillRoundedRect()
2899         usage in GrapihcsContextCairo.cpp, leaving the declaration undefined
2900         and instead using the definition directly.
2901
2902 2018-01-17  Zan Dobersek  <zdobersek@igalia.com>
2903
2904         [Cairo] Don't mirror global alpha and image interpolation quality state values in PlatformContextCairo
2905         https://bugs.webkit.org/show_bug.cgi?id=181725
2906
2907         Reviewed by Carlos Garcia Campos.
2908
2909         Don't duplicate global alpha and image interpolation quality state
2910         values on the PlatformContextCairo. Instead, retrieve them from
2911         the managing GraphicsContextState when necessary.
2912
2913         For Cairo operations, the FillSource and StrokeSource containers now
2914         store the global alpha value, using it during the operation executions.
2915         For drawNativeImage(), the global alpha and interpolation quality values
2916         are passed through arguments.
2917
2918         In PlatformContextCairo, the two values are no longer stored on the
2919         internally-managed stack, and the getter-setter pairs for the two values
2920         are removed. In drawSurfaceToContext(), the two values are now expected
2921         to be passed through the method arguments.
2922
2923         No new tests -- no change in behavior.
2924
2925         * platform/graphics/cairo/CairoOperations.cpp:
2926         (WebCore::Cairo::prepareForFilling):
2927         (WebCore::Cairo::prepareForStroking):
2928         (WebCore::Cairo::drawPathShadow):
2929         (WebCore::Cairo::fillCurrentCairoPath):
2930         (WebCore::Cairo::FillSource::FillSource):
2931         (WebCore::Cairo::StrokeSource::StrokeSource):
2932         (WebCore::Cairo::strokeRect):
2933         (WebCore::Cairo::strokePath):
2934         (WebCore::Cairo::drawGlyphs):
2935         (WebCore::Cairo::drawNativeImage):
2936         (WebCore::Cairo::State::setGlobalAlpha): Deleted.
2937         (WebCore::Cairo::State::setImageInterpolationQuality): Deleted.
2938         * platform/graphics/cairo/CairoOperations.h:
2939         * platform/graphics/cairo/GraphicsContextCairo.cpp:
2940         (WebCore::GraphicsContext::drawNativeImage):
2941         (WebCore::GraphicsContext::setPlatformAlpha):
2942         (WebCore::GraphicsContext::setPlatformImageInterpolationQuality):
2943         * platform/graphics/cairo/PlatformContextCairo.cpp:
2944         (WebCore::PlatformContextCairo::save):
2945         (WebCore::PlatformContextCairo::drawSurfaceToContext):
2946         (WebCore::PlatformContextCairo::State::State): Deleted.
2947         (WebCore::PlatformContextCairo::setImageInterpolationQuality): Deleted.
2948         (WebCore::PlatformContextCairo::imageInterpolationQuality const): Deleted.
2949         (WebCore::PlatformContextCairo::globalAlpha const): Deleted.
2950         (WebCore::PlatformContextCairo::setGlobalAlpha): Deleted.
2951         * platform/graphics/cairo/PlatformContextCairo.h:
2952         * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
2953         (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::paintCurrentFrame):
2954
2955 2018-01-17  Philippe Normand  <pnormand@igalia.com>
2956
2957         REGRESSION(r226973/r226974): Four multimedia tests failing
2958         https://bugs.webkit.org/show_bug.cgi?id=181696
2959
2960         Reviewed by Carlos Garcia Campos.
2961
2962         This patch reverts some of the changes of the above revisions so as to fix layout test failures.
2963
2964         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
2965         (WebCore::MediaPlayerPrivateGStreamer::handleMessage): Properly
2966         prepare stalled event when an error was detected.
2967         (WebCore::MediaPlayerPrivateGStreamer::processBufferingStats): Revert to previous version.
2968         (WebCore::MediaPlayerPrivateGStreamer::fillTimerFired): Ditto.
2969         (WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress const):
2970         Emit progress event also when streaming but not when an error was
2971         detected.
2972         (WebCore::MediaPlayerPrivateGStreamer::totalBytes const): use isLiveStream like everywhere else.
2973         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
2974         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
2975         (webkit_web_src_init): Revert to keep-alive FALSE by default.
2976
2977 2018-01-17  Zan Dobersek  <zdobersek@igalia.com>
2978
2979         [Cairo] Move prepareForFilling(), prepareForStroking() code to CairoOperations
2980         https://bugs.webkit.org/show_bug.cgi?id=181721
2981
2982         Reviewed by Carlos Garcia Campos.
2983
2984         Move the prepareForFilling() and prepareForStroking() code off of the
2985         PlatformContextCairo class and into static functions inside the
2986         CairoOperations implementation files. The original methods weren't
2987         called from any place other than the Cairo operations, and they only
2988         operated with the cairo_t object that's stored in and retrievable from
2989         the PlatformContextCairo object.
2990
2991         No new tests -- no change in behavior.
2992
2993         * platform/graphics/cairo/CairoOperations.cpp:
2994         (WebCore::Cairo::reduceSourceByAlpha):
2995         (WebCore::Cairo::prepareCairoContextSource):
2996         (WebCore::Cairo::clipForPatternFilling):
2997         (WebCore::Cairo::prepareForFilling):
2998         (WebCore::Cairo::prepareForStroking):
2999         (WebCore::Cairo::drawPathShadow):
3000         (WebCore::Cairo::fillCurrentCairoPath):
3001         (WebCore::Cairo::strokeRect):
3002         (WebCore::Cairo::strokePath):
3003         (WebCore::Cairo::drawGlyphs):
3004         * platform/graphics/cairo/PlatformContextCairo.cpp:
3005         (WebCore::reduceSourceByAlpha): Deleted.
3006         (WebCore::prepareCairoContextSource): Deleted.
3007         (WebCore::PlatformContextCairo::prepareForFilling): Deleted.
3008         (WebCore::PlatformContextCairo::prepareForStroking): Deleted.
3009         (WebCore::PlatformContextCairo::clipForPatternFilling): Deleted.
3010         * platform/graphics/cairo/PlatformContextCairo.h:
3011
3012 2018-01-17  Zan Dobersek  <zdobersek@igalia.com>
3013
3014         [Cairo] Use one-time ShadowBlur objects when performing shadowing
3015         https://bugs.webkit.org/show_bug.cgi?id=181720
3016
3017         Reviewed by Carlos Garcia Campos.
3018
3019         Don't maintain a ShadowBlur object in the PlatformContextCairo class.
3020         Instead, use temporary ShadowBlur objects whenever shadowing is needed,
3021         providing all the shadow state information to it and drawing shadow into
3022         the given GraphicsContext object.
3023
3024         ShadowBlur constructors are cleaned up. The 'shadows ignored' argument
3025         can now also be provided to the variant that accepts explicit shadow
3026         attributes, but the argument is false by default.
3027
3028         In CairoOperations, the ShadowBlurUsage functionality is rolled into the
3029         new ShadowState class. ShadowState parameter is now used for operations
3030         that might need to perform shadow painting. Call sites are modified
3031         accordingly.
3032
3033         Cairo::State::setShadowValues() and Cairo::State::clearShadow() are
3034         removed, since the ShadowBlur object that was modified through those is
3035         being removed from the PlatformContextCairo class. We still have to flip
3036         the Y-axis of the shadow offset in GraphicsContext::setPlatformShadow()
3037         when shadows are ignoring transformations.
3038
3039         No new tests -- no change in behavior.
3040
3041         * platform/graphics/ShadowBlur.cpp:
3042         (WebCore::ShadowBlur::ShadowBlur):
3043         * platform/graphics/ShadowBlur.h:
3044         * platform/graphics/cairo/CairoOperations.cpp:
3045         (WebCore::Cairo::drawPathShadow):
3046         (WebCore::Cairo::drawGlyphsShadow):
3047         (WebCore::Cairo::ShadowState::ShadowState):
3048         (WebCore::Cairo::ShadowState::isVisible const):
3049         (WebCore::Cairo::ShadowState::isRequired const):
3050         (WebCore::Cairo::fillRect):
3051         (WebCore::Cairo::fillRoundedRect):
3052         (WebCore::Cairo::fillRectWithRoundedHole):
3053         (WebCore::Cairo::fillPath):
3054         (WebCore::Cairo::strokeRect):
3055         (WebCore::Cairo::strokePath):
3056         (WebCore::Cairo::drawGlyphs):
3057         (WebCore::Cairo::drawNativeImage):
3058         (WebCore::Cairo::State::setShadowValues): Deleted.
3059         (WebCore::Cairo::State::clearShadow): Deleted.
3060         (WebCore::Cairo::ShadowBlurUsage::ShadowBlurUsage): Deleted.
3061         (WebCore::Cairo::ShadowBlurUsage::required const): Deleted.
3062         * platform/graphics/cairo/CairoOperations.h:
3063         * platform/graphics/cairo/FontCairo.cpp:
3064         (WebCore::FontCascade::drawGlyphs):
3065         * platform/graphics/cairo/GraphicsContextCairo.cpp:
3066         (WebCore::GraphicsContext::restorePlatformState):
3067         (WebCore::GraphicsContext::drawNativeImage):
3068         (WebCore::GraphicsContext::fillPath):
3069         (WebCore::GraphicsContext::strokePath):
3070         (WebCore::GraphicsContext::fillRect):
3071         (WebCore::GraphicsContext::setPlatformShadow):
3072         (WebCore::GraphicsContext::clearPlatformShadow):
3073         (WebCore::GraphicsContext::strokeRect):
3074         (WebCore::GraphicsContext::platformFillRoundedRect):
3075         (WebCore::GraphicsContext::fillRectWithRoundedHole):
3076         * platform/graphics/cairo/PlatformContextCairo.cpp:
3077         (WebCore::PlatformContextCairo::drawSurfaceToContext):
3078         * platform/graphics/cairo/PlatformContextCairo.h:
3079         (WebCore::PlatformContextCairo::shadowBlur): Deleted.
3080         * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
3081         (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::paintCurrentFrame):
3082
3083 2018-01-17  Zan Dobersek  <zdobersek@igalia.com>
3084
3085         CanvasImageData: createImageData() parameter should not be nullable
3086         https://bugs.webkit.org/show_bug.cgi?id=181670
3087
3088         Reviewed by Sam Weinig.
3089
3090         createImageData() method on the CanvasImageData interface should not
3091         treat the ImageData parameter as nullable, but should instead reject any
3092         null values with a TypeError, as demanded by the specification.
3093
3094         No new tests -- current tests covering createImageData(null) are updated
3095         to properly cover new behavior of throwing a TypeError exception.
3096
3097         * html/canvas/CanvasImageData.idl:
3098         * html/canvas/CanvasRenderingContext2DBase.cpp:
3099         (WebCore::CanvasRenderingContext2DBase::createImageData const):
3100         * html/canvas/CanvasRenderingContext2DBase.h:
3101
3102 2018-01-16  Fujii Hironori  <Hironori.Fujii@sony.com>
3103
3104         [CMake] Remove WebCoreDerivedSources library target
3105         https://bugs.webkit.org/show_bug.cgi?id=181664
3106
3107         Reviewed by Carlos Garcia Campos.
3108
3109         After unified source build has been introduced, CMake Visual
3110         Studio build suffers complicated unnecessary recompilation issues
3111         because Visual Studio invokes scripts twice in both WebCore and
3112         WebCoreDerivedSources projects (Bug 181117).
3113
3114         WebCoreDerivedSources library has been introduced in r198766 to
3115         avoid command line length limit of CMake Ninja build on macOS.
3116         Fortunately, unified source build has reduced the number of source
3117         files to compile, WebCore doesn't need to be split anymore.
3118
3119         No new tests (No behavior change)
3120
3121         * CMakeLists.txt: Replaced WebCore_DERIVED_SOURCES with WebCore_SOURCES. Removed WebCoreDerivedSources library target.
3122         Do not compile each JavaScript Builtins.cpp files because the unified source WebCoreJSBuiltins.cpp is already included.
3123         * PlatformGTK.cmake: Replaced WebCore_DERIVED_SOURCES with WebCore_SOURCES.
3124         * PlatformWin.cmake: Ditto.
3125
3126 2018-01-16  Simon Fraser  <simon.fraser@apple.com>
3127
3128         Can't scroll iframe after toggling it to display:none and back
3129         https://bugs.webkit.org/show_bug.cgi?id=181708
3130         rdar://problem/13234778
3131
3132         Reviewed by Tim Horton.
3133
3134         Nothing updated the FrameView's set of scrollable areas when a subframe came back from display:none.
3135         Mirror the existing virtual removeChild() by making addChild() virtual, and using it to mark
3136         the FrameView's scrollable area set as dirty.
3137
3138         Test: tiled-drawing/scrolling/non-fast-region/non-fast-scrollable-region-hide-show-iframe.html
3139
3140         * page/FrameView.cpp:
3141         (WebCore::FrameView::addChild):
3142         * page/FrameView.h:
3143         * platform/ScrollView.h:
3144
3145 2018-01-16  Chris Dumez  <cdumez@apple.com>
3146
3147         SWServerWorker::m_contextConnectionIdentifier may get out of date
3148         https://bugs.webkit.org/show_bug.cgi?id=181687
3149         <rdar://problem/36548111>
3150
3151         Reviewed by Brady Eidson.
3152
3153         SWServerWorker::m_contextConnectionIdentifier may get out of date. This happens when the
3154         context process crashes and is relaunched.
3155
3156         No new tests, added assertion in terminateWorkerInternal() that hits without this fix.
3157
3158         * workers/service/server/SWServer.cpp:
3159         (WebCore::SWServer::runServiceWorker):
3160         (WebCore::SWServer::terminateWorkerInternal):
3161         (WebCore::SWServer::unregisterServiceWorkerClient):
3162         * workers/service/server/SWServerWorker.h:
3163         (WebCore::SWServerWorker::setContextConnectionIdentifier):
3164
3165 2018-01-16  Jer Noble  <jer.noble@apple.com>
3166
3167         Reset MediaSourcePrivateAVFObjC's m_sourceBufferWithSelectedVideo when the underlying SourceBufferPrivate is removed.
3168         https://bugs.webkit.org/show_bug.cgi?id=181707
3169         <rdar://problem/34809474>
3170
3171         Reviewed by Eric Carlson.
3172
3173         Test: media/media-source/media-source-remove-unload-crash.html
3174
3175         * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
3176         (WebCore::MediaSourcePrivateAVFObjC::removeSourceBuffer):
3177
3178 2018-01-12  Jiewen Tan  <jiewen_tan@apple.com>
3179
3180         [WebAuthN] Implement dummy WebAuthN IDLs
3181         https://bugs.webkit.org/show_bug.cgi?id=181627
3182         <rdar://problem/36459864>
3183
3184         Reviewed by Alex Christensen.
3185
3186         This patch implements dummy WebAuthN IDLs and connect them with Credential Management as well.
3187         All implementations in this patch are subject to change when real implementations land. The
3188         purpose here on the other hand is to have IDLs, bindings and implementations connected. This
3189         patch should handle all IDLs that we need.
3190
3191         No tests.
3192
3193         * CMakeLists.txt:
3194         * DerivedSources.make:
3195         * Modules/credentialmanagement/CredentialCreationOptions.h:
3196         * Modules/credentialmanagement/CredentialCreationOptions.idl:
3197         * Modules/credentialmanagement/CredentialRequestOptions.h:
3198         * Modules/credentialmanagement/CredentialRequestOptions.idl:
3199         * Modules/webauthn/AuthenticatorAssertionResponse.cpp: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.cpp.
3200         (WebCore::AuthenticatorAssertionResponse::AuthenticatorAssertionResponse):
3201         (WebCore::AuthenticatorAssertionResponse::~AuthenticatorAssertionResponse):
3202         (WebCore::AuthenticatorAssertionResponse::authenticatorData):
3203         (WebCore::AuthenticatorAssertionResponse::signature):
3204         (WebCore::AuthenticatorAssertionResponse::userHandle):
3205         * Modules/webauthn/AuthenticatorAssertionResponse.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
3206         * Modules/webauthn/AuthenticatorAssertionResponse.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
3207         * Modules/webauthn/AuthenticatorAttestationResponse.cpp: Copied from Source/WebCore/Modules/credentialmanagement/CredentialCreationOptions.h.
3208         (WebCore::AuthenticatorAttestationResponse::AuthenticatorAttestationResponse):
3209         (WebCore::AuthenticatorAttestationResponse::~AuthenticatorAttestationResponse):
3210         (WebCore::AuthenticatorAttestationResponse::attestationObject):
3211         * Modules/webauthn/AuthenticatorAttestationResponse.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
3212         * Modules/webauthn/AuthenticatorAttestationResponse.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
3213         * Modules/webauthn/AuthenticatorResponse.cpp: Copied from Source/WebCore/Modules/credentialmanagement/CredentialCreationOptions.h.
3214         (WebCore::AuthenticatorResponse::AuthenticatorResponse):
3215         (WebCore::AuthenticatorResponse::~AuthenticatorResponse):
3216         (WebCore::AuthenticatorResponse::clientDataJSON):
3217         * Modules/webauthn/AuthenticatorResponse.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
3218         * Modules/webauthn/AuthenticatorResponse.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
3219         * Modules/webauthn/PublicKeyCredential.cpp:
3220         (WebCore::PublicKeyCredential::rawId):
3221         (WebCore::PublicKeyCredential::response):
3222         (WebCore::PublicKeyCredential::getClientExtensionResults):
3223         (WebCore::PublicKeyCredential::isUserVerifyingPlatformAuthenticatorAvailable):
3224         * Modules/webauthn/PublicKeyCredential.h:
3225         * Modules/webauthn/PublicKeyCredential.idl:
3226         * Modules/webauthn/PublicKeyCredentialCreationOptions.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
3227         * Modules/webauthn/PublicKeyCredentialCreationOptions.idl: Added.
3228         * Modules/webauthn/PublicKeyCredentialDescriptor.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialCreationOptions.h.
3229         * Modules/webauthn/PublicKeyCredentialDescriptor.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
3230         * Modules/webauthn/PublicKeyCredentialRequestOptions.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialCreationOptions.h.
3231         * Modules/webauthn/PublicKeyCredentialRequestOptions.idl: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
3232         * Modules/webauthn/PublicKeyCredentialType.h: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
3233         * Modules/webauthn/PublicKeyCredentialType.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
3234         * Sources.txt:
3235         * WebCore.xcodeproj/project.pbxproj:
3236         * bindings/js/WebCoreBuiltinNames.h:
3237
3238 2018-01-16  Zalan Bujtas  <zalan@apple.com>
3239
3240         AX: Do not trigger layout in updateBackingStore() unless it is safe to do so
3241         https://bugs.webkit.org/show_bug.cgi?id=181703
3242         <rdar://problem/36365706>
3243
3244         Reviewed by Ryosuke Niwa.
3245
3246         Document::isSafeToUpdateStyleOrLayout() can tell whether it is safe to run layout.
3247
3248         Unable to create test with WebInspector involved. 
3249
3250         * accessibility/AccessibilityObject.cpp:
3251         (WebCore::AccessibilityObject::updateBackingStore):
3252         * dom/Document.cpp:
3253         (WebCore::Document::isSafeToUpdateStyleOrLayout const):
3254         (WebCore::Document::updateStyleIfNeeded):
3255         (WebCore::Document::updateLayout):
3256         (WebCore::isSafeToUpdateStyleOrLayout): Deleted.
3257         * dom/Document.h:
3258
3259 2018-01-16  Ryan Haddad  <ryanhaddad@apple.com>
3260
3261         Unreviewed, rolling out r226962.
3262
3263         The LayoutTest added with this change is a flaky timeout.
3264
3265         Reverted changeset:
3266
3267         "Support for preconnect Link headers"
3268         https://bugs.webkit.org/show_bug.cgi?id=181657
3269         https://trac.webkit.org/changeset/226962
3270
3271 2018-01-16  Simon Fraser  <simon.fraser@apple.com>
3272
3273         Text looks bad on some CSS spec pages
3274         https://bugs.webkit.org/show_bug.cgi?id=181700
3275         rdar://problem/36552107
3276
3277         Reviewed by Tim Horton.
3278
3279         When making new tiles in a TileController, we failed to set their "supports antialiased layer text"
3280         setting, so tile caches could end up with a mixture of layers that do and do not support
3281         antialiased layer text.
3282
3283         No tests because the tiled drawing tests don't dump out tiles inside of tile caches.
3284
3285         * platform/graphics/ca/TileController.cpp:
3286         (WebCore::TileController::createTileLayer):
3287
3288 2018-01-16  Said Abou-Hallawa  <sabouhallawa@apple.com>
3289
3290         REGRESSION(r221292): svg/animations/animateTransform-pattern-transform.html crashes with security assertion
3291         https://bugs.webkit.org/show_bug.cgi?id=179986
3292
3293         Reviewed by Simon Fraser.
3294
3295         This patch reverts all or parts of the following changes-sets
3296             <http://trac.webkit.org/changeset/221292>
3297             <http://trac.webkit.org/changeset/197967>
3298             <http://trac.webkit.org/changeset/196670>
3299
3300         A JS statement like this:
3301             var item = text.x.animVal.getItem(0);
3302
3303         Creates the following C++ objects:
3304             SVGAnimatedListPropertyTearOff<SVGLengthListValues> for 'text.x'
3305             SVGListPropertyTearOff<SVGLengthListValues> for 'text.x.animVal'
3306             SVGPropertyTearOff<SVGLengthValue> for 'text.x.animVal.getItem(0)'
3307
3308         If 'item' changes, the attribute 'x' of the element '<text>' will change
3309         as well. But this binding works only in one direction. If the attribute
3310         'x' of the element '<text>' changes, e.g.:
3311
3312             text.setAttribute('x', '10,20,30');
3313
3314         This will detach 'item' from the element <text> and any further changes 
3315         in 'item' won't affect the attribute 'x' of element <text>.
3316
3317         The one direction binding can only work if this chain of tear-off objects
3318         is kept connected. This is implemented by RefCounted back pointers from
3319         SVGPropertyTearOff and SVGListPropertyTearOff to SVGAnimatedListPropertyTearOff.
3320
3321         The security crashes and the memory leaks are happening because of the
3322         raw forward pointers:
3323             -- SVGAnimatedListPropertyTearOff maintains raw pointers of type
3324                SVGListPropertyTearOff for m_baseVal and m_animVal
3325             -- The m_wrappers and m_animatedWrappers of SVGAnimatedListPropertyTearOff
3326                are vectors of raw pointer Vector<SVGLength*>
3327
3328         To control the life cycle of the raw pointers, SVGListPropertyTearOff and
3329         SVGPropertyTearOff call SVGAnimatedListPropertyTearOff::propertyWillBeDeleted()
3330         to notify it they are going to be deleted. In propertyWillBeDeleted(), we
3331         clear the pointers so they are not used after being freed. This mechanism
3332         has been error-prone and we've never got it 100% right.
3333
3334         The solution we need to adopt with SVG tear-off objects is the following:
3335             -- All the forward pointers should be weak pointers.
3336             -- All the back pointers should be ref pointers.
3337
3338         This solution may not look intuitive but it solves the bugs and keeps the
3339         one direction binding. The forward weak pointers allows the tear-off
3340         objects to go aways if no reference from JS exists. The back ref pointers
3341         maintains the chain of objects and guarantees the correct binding.
3342
3343         * svg/SVGPathSegList.h:
3344         * svg/SVGTransformList.h:
3345         * svg/properties/SVGAnimatedListPropertyTearOff.h:
3346         (WebCore::SVGAnimatedListPropertyTearOff::baseVal):
3347         (WebCore::SVGAnimatedListPropertyTearOff::animVal):
3348         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
3349         * svg/properties/SVGAnimatedProperty.h:
3350         (WebCore::SVGAnimatedProperty::isAnimatedListTearOff const):
3351         (WebCore::SVGAnimatedProperty::propertyWillBeDeleted): Deleted.
3352         * svg/properties/SVGAnimatedPropertyTearOff.h:
3353         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
3354         * svg/properties/SVGListProperty.h:
3355         (WebCore::SVGListProperty::initializeValuesAndWrappers):
3356         (WebCore::SVGListProperty::getItemValuesAndWrappers):
3357         (WebCore::SVGListProperty::insertItemBeforeValuesAndWrappers):
3358         (WebCore::SVGListProperty::replaceItemValuesAndWrappers):
3359         (WebCore::SVGListProperty::removeItemValuesAndWrappers):
3360         (WebCore::SVGListProperty::appendItemValuesAndWrappers):
3361         (WebCore::SVGListProperty::createWeakPtr const):
3362         * svg/properties/SVGListPropertyTearOff.h:
3363         (WebCore::SVGListPropertyTearOff::removeItemFromList):
3364         (WebCore::SVGListPropertyTearOff::~SVGListPropertyTearOff): Deleted.
3365         * svg/properties/SVGPropertyTearOff.h:
3366         (WebCore::SVGPropertyTearOff::createWeakPtr const):
3367         (WebCore::SVGPropertyTearOff::~SVGPropertyTearOff):
3368
3369 2018-01-16  Eric Carlson  <eric.carlson@apple.com>
3370
3371         AVSampleBufferDisplayLayer should be flushed when application activates
3372         https://bugs.webkit.org/show_bug.cgi?id=181623
3373         <rdar://problem/36487738>
3374