[LFC] Implement height computation for non-replaced inflow elements.
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2018-05-10  Zalan Bujtas  <zalan@apple.com>
2
3         [LFC] Implement height computation for non-replaced inflow elements.
4         https://bugs.webkit.org/show_bug.cgi?id=185474
5
6         Reviewed by Antti Koivisto.
7
8         Initial implementation. Does not cover all the cases.
9
10         * layout/FormattingContext.cpp:
11         (WebCore::Layout::FormattingContext::computeHeight const):
12         * layout/FormattingContext.h:
13         * layout/blockformatting/BlockFormattingContext.cpp:
14         (WebCore::Layout::BlockFormattingContext::layout const):
15         (WebCore::Layout::BlockFormattingContext::computeInFlowHeight const):
16         (WebCore::Layout::BlockFormattingContext::computeInFlowNonReplacedHeight const):
17         * layout/blockformatting/BlockFormattingContext.h:
18         * layout/blockformatting/BlockMarginCollapse.cpp:
19         (WebCore::Layout::collapsedMarginBottomFromLastChild):
20         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithParent):
21         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithParentMarginBottom):
22         (WebCore::Layout::isMarginBottomCollapsedWithParent): Deleted.
23         * layout/blockformatting/BlockMarginCollapse.h:
24         * layout/inlineformatting/InlineFormattingContext.cpp:
25         (WebCore::Layout::InlineFormattingContext::computeInFlowHeight const):
26         * layout/inlineformatting/InlineFormattingContext.h:
27         * layout/layouttree/LayoutBox.cpp:
28         (WebCore::Layout::Box::isReplaced const):
29         * layout/layouttree/LayoutBox.h:
30
31 2018-05-10  Thibault Saunier  <tsaunier@igalia.com>
32
33         [GTK] Implement ImageBuffer::toBGRAData
34         https://bugs.webkit.org/show_bug.cgi?id=185511
35
36         Reviewed by Michael Catanzaro.
37
38         This was never implemented but will be required for the MediaStream API
39         tests.
40
41         * platform/graphics/ImageBuffer.cpp:
42         (WebCore::ImageBuffer::toBGRAData const):
43         * platform/graphics/cg/ImageBufferCG.cpp:
44         (WebCore::ImageBuffer::toBGRAData const):
45         * platform/graphics/gtk/ImageBufferGtk.cpp:
46         (WebCore::ImageBuffer::toBGRAData const):
47
48 2018-05-10  Yacine Bandou  <yacine.bandou_ext@softathome.com>
49
50         [EME][GStreamer] Add a handler for GStreamer protection event
51         https://bugs.webkit.org/show_bug.cgi?id=185245
52
53         Reviewed by Xabier Rodriguez-Calvar.
54
55         Qtdemux sends the protection event when encountered a new PSSH box (encrypted content).
56
57         The Decryptor is moved from AppendPipeline to PlaybackPipeline (see https://bugs.webkit.org/show_bug.cgi?id=181855),
58         thus the protection event is no longer handled because the Decryptor is not in the same pipeline as qtdemux.
59
60         AppendPipeline: httpsrc-->qtdemux-->appsink
61         PlaybackPipeline: appsrc-->parser--> decryptor-->decoder-->sink
62
63         This patch attaches a probe to the sink pad of the appsink in the appendPipeline in order to
64         catch and manage the protection event.
65
66         * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
67         (WebCore::AppendPipeline::AppendPipeline):
68         (WebCore::AppendPipeline::~AppendPipeline):
69         (WebCore::appendPipelineAppsinkPadEventProbe):
70         * platform/graphics/gstreamer/mse/AppendPipeline.h:
71         (WebCore::AppendPipeline::playerPrivate):
72
73 2018-05-10  Yacine Bandou  <yacine.bandou_ext@softathome.com>
74
75         [EME][GStreamer] Move the decryptor from AppendPipeline to PlaybackPipeline.
76         https://bugs.webkit.org/show_bug.cgi?id=181855
77
78         Reviewed by Xabier Rodriguez-Calvar.
79
80         The goal of this move is to handle the limitation of SVP (Secure Video Path) memory size.
81
82         When the decryptor is in the AppendPipeline and we use SVP, we buffer in MediaSource queue
83         the decrypted GstBuffers that are in SVP memory.
84         This behavior cause an out-of-memory error, because we are limited in SVP memory size.
85
86         By moving the decryptor in PlaybackPipeline, we avoid to buffer the decrypted GstBuffers
87         which use the SVP memory and we buffer the encrypted GstBuffers that are in system memory.
88
89         This new architecture also allows to start the buffering before obtaining the DRM license
90         and it makes easier to manage dynamic change of the license or Key.
91
92         The decryptor is auto plugged by GStreamer playbin in PlaybackPipeline.
93
94         SVP: Secure Video Path also named trusted or protected video path, it is a memory which is
95         protected by a hardware access control engine, it is not accessible to other unauthorised
96         software or hardware components.
97
98         Tests:
99             media/encrypted-media/clearKey/clearKey-cenc-audio-playback-mse.html
100             media/encrypted-media/clearKey/clearKey-cenc-video-playback-mse.html
101
102         * platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:
103         (webkitMediaCommonEncryptionDecryptSinkEventHandler):
104         * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
105         (WebCore::dumpAppendState):
106         (WebCore::AppendPipeline::AppendPipeline):
107         (WebCore::AppendPipeline::handleNeedContextSyncMessage):
108         (WebCore::AppendPipeline::handleAppsrcNeedDataReceived):
109         (WebCore::AppendPipeline::setAppendState):
110         (WebCore::AppendPipeline::parseDemuxerSrcPadCaps):
111         (WebCore::AppendPipeline::appsinkNewSample):
112         (WebCore::AppendPipeline::connectDemuxerSrcPadToAppsinkFromAnyThread):
113         (WebCore::AppendPipeline::disconnectDemuxerSrcPadFromAppsinkFromAnyThread):
114         (WebCore::appendPipelineElementMessageCallback): Deleted.
115         (WebCore::AppendPipeline::handleElementMessage): Deleted.
116         (WebCore::AppendPipeline::dispatchPendingDecryptionStructure): Deleted.
117         (WebCore::AppendPipeline::dispatchDecryptionStructure): Deleted.
118         * platform/graphics/gstreamer/mse/AppendPipeline.h:
119         * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
120         (WebCore::MediaPlayerPrivateGStreamerMSE::attemptToDecryptWithInstance):
121         * platform/graphics/gstreamer/mse/PlaybackPipeline.cpp:
122
123 2018-05-09  Nan Wang  <n_wang@apple.com>
124
125         AX: VoiceOver iframe scrolling focus jumping bug
126         https://bugs.webkit.org/show_bug.cgi?id=176615
127         <rdar://problem/34333067>
128
129         Reviewed by Chris Fleizach.
130
131         Scrolling to make elements visible is not working correctly for elements inside an
132         offscreen iframe. Fixed it by using RenderLayer::scrollRectToVisible() to handle
133         scrolling more properly.
134
135         Test: accessibility/scroll-to-make-visible-iframe-offscreen.html
136
137         * accessibility/AccessibilityObject.cpp:
138         (WebCore::AccessibilityObject::scrollToMakeVisible const):
139
140 2018-05-09  Joanmarie Diggs  <jdiggs@igalia.com>
141
142         AX: accessibleNameForNode should simplify whitespace when using innerText
143         https://bugs.webkit.org/show_bug.cgi?id=185498
144
145         Reviewed by Chris Fleizach.
146
147         Test: accessibility/text-alternative-calculation-from-unrendered-table.html
148
149         Call simplifyWhiteSpace() before returning the innerText value.
150
151         * accessibility/AccessibilityNodeObject.cpp:
152         (WebCore::accessibleNameForNode):
153
154 2018-05-09  Chris Dumez  <cdumez@apple.com>
155
156         Add initial support for 'Cross-Origin-Options' HTTP response header
157         https://bugs.webkit.org/show_bug.cgi?id=184996
158         <rdar://problem/39664620>
159
160         Reviewed by Geoff Garen.
161
162         Add initial support for 'Cross-Origin-Options' HTTP response header behind an experimental
163         feature flag, on by default. When the HTTP server services this HTTP response header for a
164         main resource, we'll set these options on the corresponding Document. This will impact the
165         behavior of the Document's associated Window API when cross-origin.
166
167         The HTTP header has 3 possible values:
168         - allow: This is the default. Regular cross-origin Window API is available.
169         - allow-postmessage: Only postMessage() is available on a cross-origin window, trying to
170           access anything else will throw a SecurityError.
171         - deny: Trying to do anything with a cross-origin window will throw a SecurityError.
172
173         The header has no effect when accessing same origin windows.
174
175         Note that on cross-origin access from Window A to Window B, we check the cross-origin
176         options for both Window A and Window B and use the lowest common denominator as effective
177         cross-origin options for the access. So if Window A has 'Cross-Origin-Options: deny' and
178         tries to call postMessage() on Window B which has 'Cross-Origin-Options: allow-postmessage',
179         we will throw a SecurityError. This is because Window A's more restrictive options (deny)
180         apply.
181
182         Tests: http/wpt/cross-origin-options/allow-postmessage-from-deny.html
183                http/wpt/cross-origin-options/allow-postmessage.html
184                http/wpt/cross-origin-options/cross-origin-options-header.html
185
186         * bindings/js/JSDOMBindingSecurity.cpp:
187         (WebCore::BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginOptions):
188         * bindings/js/JSDOMBindingSecurity.h:
189         * bindings/js/JSDOMWindowCustom.cpp:
190         (WebCore::effectiveCrossOriginOptionsForAccess):
191         (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
192         (WebCore::JSDOMWindow::getOwnPropertySlot):
193         (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
194         (WebCore::addCrossOriginWindowPropertyNames):
195         (WebCore::addScopedChildrenIndexes):
196         (WebCore::addCrossOriginWindowOwnPropertyNames):
197         (WebCore::JSDOMWindow::getOwnPropertyNames):
198         * bindings/js/JSDOMWindowCustom.h:
199         * bindings/js/JSRemoteDOMWindowCustom.cpp:
200         (WebCore::JSRemoteDOMWindow::getOwnPropertySlot):
201         (WebCore::JSRemoteDOMWindow::getOwnPropertySlotByIndex):
202         (WebCore::JSRemoteDOMWindow::getOwnPropertyNames):
203         * bindings/scripts/CodeGeneratorJS.pm:
204         (GenerateAttributeGetterBodyDefinition):
205         (GetCrossOriginsOptionsFromExtendedAttributeValue):
206         (GenerateAttributeSetterBodyDefinition):
207         (GenerateOperationBodyDefinition):
208         * bindings/scripts/IDLAttributes.json:
209         * dom/Document.cpp:
210         (WebCore::Document::setCrossOriginOptions):
211         * dom/Document.h:
212         (WebCore::Document::crossOriginOptions const):
213         * loader/FrameLoader.cpp:
214         (WebCore::FrameLoader::didBeginDocument):
215         * page/AbstractDOMWindow.cpp:
216         (WebCore::AbstractDOMWindow::AbstractDOMWindow):
217         * page/AbstractDOMWindow.h:
218         (WebCore::AbstractDOMWindow::crossOriginOptions):
219         (WebCore::AbstractDOMWindow::setCrossOriginOptions):
220         * page/DOMWindow.cpp:
221         (WebCore::DOMWindow::DOMWindow):
222         (WebCore::DOMWindow::didSecureTransitionTo):
223         * page/DOMWindow.idl:
224         * page/Frame.h:
225         * page/RemoteDOMWindow.cpp:
226         (WebCore::RemoteDOMWindow::RemoteDOMWindow):
227         * page/RemoteDOMWindow.h:
228         * page/Settings.yaml:
229         * platform/network/HTTPHeaderNames.in:
230         * platform/network/HTTPParsers.cpp:
231         (WebCore::parseCrossOriginOptionsHeader):
232         * platform/network/HTTPParsers.h:
233
234 2018-05-09  Ryosuke Niwa  <rniwa@webkit.org>
235
236         Release assert in TreeScopeOrderedMap::remove via HTMLImageElement::removedFromAncestor
237         https://bugs.webkit.org/show_bug.cgi?id=185493
238
239         Reviewed by Brent Fulgham.
240
241         Fixed the bug that HTMLImageElement::removedFromAncestor and HTMLMapElement::removedFromAncestor
242         were calling removeImageElementByUsemap on the document instead of the shadow tree from which it was removed.
243
244         Test: fast/images/imagemap-in-shadow-tree-removed.html
245
246         * html/HTMLImageElement.cpp:
247         (WebCore::HTMLImageElement::removedFromAncestor):
248         * html/HTMLMapElement.cpp:
249         (WebCore::HTMLMapElement::removedFromAncestor):
250
251 2018-05-09  Joanmarie Diggs  <jdiggs@igalia.com>
252
253         AX: Hidden nodes which are not directly referenced should not participate name/description from content
254         https://bugs.webkit.org/show_bug.cgi?id=185478
255
256         Reviewed by Chris Fleizach.
257
258         Add a check to AccessibilityNodeObject::textUnderElement() and return early
259         if the node is hidden, not referenced by aria-labelledby or aria-describedby,
260         not an HTMLLabelElement, and not fallback content for an HTMLCanvasElement.
261
262         Test: accessibility/text-alternative-calculation-hidden-nodes.html
263
264         * accessibility/AccessibilityNodeObject.cpp:
265         (WebCore::AccessibilityNodeObject::textUnderElement const):
266
267 2018-05-09  Eric Carlson  <eric.carlson@apple.com>
268
269         Update MediaSession to use release logging
270         https://bugs.webkit.org/show_bug.cgi?id=185376
271         <rdar://problem/40022203>
272
273         Reviewed by Youenn Fablet.
274
275         No new tests, tested manually.
276
277         * Modules/mediastream/MediaStream.h: hostingDocument() doesn't need to return a const Document.
278         * Modules/webaudio/AudioContext.cpp:
279         (WebCore::AudioContext::hostingDocument const): Ditto.
280         * Modules/webaudio/AudioContext.h:
281
282         * html/HTMLMediaElement.h: Ditto.
283
284         * html/MediaElementSession.cpp:
285         (WebCore::MediaElementSession::MediaElementSession):
286         (WebCore::MediaElementSession::addBehaviorRestriction):
287         (WebCore::MediaElementSession::removeBehaviorRestriction):
288         (WebCore::MediaElementSession::dataLoadingPermitted const):
289         (WebCore::MediaElementSession::fullscreenPermitted const):
290         (WebCore::MediaElementSession::pageAllowsDataLoading const):
291         (WebCore::MediaElementSession::pageAllowsPlaybackAfterResuming const):
292         (WebCore::MediaElementSession::canShowControlsManager const):
293         (WebCore::MediaElementSession::showPlaybackTargetPicker):
294         (WebCore::MediaElementSession::hasWirelessPlaybackTargets const):
295         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled const):
296         (WebCore::MediaElementSession::setWirelessVideoPlaybackDisabled):
297         (WebCore::MediaElementSession::setHasPlaybackTargetAvailabilityListeners):
298         (WebCore::MediaElementSession::externalOutputDeviceAvailableDidChange):
299         (WebCore::MediaElementSession::setShouldPlayToPlaybackTarget):
300         (WebCore::MediaElementSession::mediaEngineUpdated):
301         (WebCore::MediaElementSession::willLog const): Deleted.
302         (WebCore::MediaElementSession::logger const): Deleted.
303         (WebCore::MediaElementSession::logIdentifier const): Deleted.
304         (WebCore::MediaElementSession::logChannel const): Deleted.
305         * html/MediaElementSession.h:
306
307         * platform/audio/PlatformMediaSession.cpp:
308         (WebCore::nextLogIdentifier):
309         (WebCore::convertEnumerationToString):
310         (WebCore::PlatformMediaSession::PlatformMediaSession):
311         (WebCore::PlatformMediaSession::setState):
312         (WebCore::PlatformMediaSession::beginInterruption):
313         (WebCore::PlatformMediaSession::endInterruption):
314         (WebCore::PlatformMediaSession::clientWillBeginAutoplaying):
315         (WebCore::PlatformMediaSession::clientWillPausePlayback):
316         (WebCore::PlatformMediaSession::pauseSession):
317         (WebCore::PlatformMediaSession::stopSession):
318         (WebCore::PlatformMediaSession::clientDataBufferingTimerFired):
319         (WebCore::PlatformMediaSession::logChannel const):
320         (WebCore::stateName): Deleted.
321         (WebCore::interruptionName): Deleted.
322         * platform/audio/PlatformMediaSession.h:
323         (WTF::LogArgument<WebCore::PlatformMediaSession::State>::toString):
324         (WTF::LogArgument<WebCore::PlatformMediaSession::InterruptionType>::toString):
325
326 2018-05-09  Thibault Saunier  <tsaunier@igalia.com>
327
328         [GStreamer] Never call updateTracks if running on legacy pipeline
329         https://bugs.webkit.org/show_bug.cgi?id=184581
330
331         This makes sure failling code path is never reached in the conditions where it should not have been reached.
332
333         Reviewed by Philippe Normand.
334
335         Re enables all tests that were disabled after fixing.
336
337         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
338         (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
339
340 2018-05-09  Daniel Bates  <dabates@apple.com>
341
342         REGRESSION (r231479): http/tests/appcache/x-frame-options-prevents-framing.php is timing out
343         https://bugs.webkit.org/show_bug.cgi?id=185443
344         <rdar://problem/40100660>
345
346         Reviewed by Andy Estes.
347
348         Following r231479 when using WebKit2 and Restricted HTTP Response Access is enabled (enabled in
349         WebKitTestRunner) we only check the CSP frame-ancestors directive and X-Frame-Options in
350         NetworkProcess. We need to check these security requirements in WebContent process whenever
351         we are performing a substitute data load, such as for app cache, as these loads do not go
352         through NetworkProcess.
353
354         * loader/DocumentLoader.cpp:
355         (WebCore::DocumentLoader::responseReceived):
356
357 2018-05-09  Justin Fan  <justin_fan@apple.com>
358
359         Hooked up ASTC support in WebGL; requires OpenGL ES 3 context to work. 
360         https://bugs.webkit.org/show_bug.cgi?id=185272
361         <rdar://problem/15745737>
362
363         Reviewed by Dean Jackson.
364
365         Also added in Khronos' ASTC test from version 1.0.4 beta of their conformance test suite,
366         although again, this requires OpenGL ES 3 context for WebKit to detect proper support.
367
368         Test: fast/canvas/webgl/webgl-compressed-texture-astc.html
369
370         * DerivedSources.make:
371         * Sources.txt:
372         * WebCore.xcodeproj/project.pbxproj:
373         * bindings/js/JSDOMConvertWebGL.cpp:
374         (WebCore::convertToJSValue):
375         * html/canvas/WebGL2RenderingContext.cpp:
376         (WebCore::WebGL2RenderingContext::getExtension):
377         (WebCore::WebGL2RenderingContext::getSupportedExtensions):
378         * html/canvas/WebGLCompressedTextureASTC.cpp: Added.
379         (WebCore::WebGLCompressedTextureASTC::WebGLCompressedTextureASTC):
380         (WebCore::WebGLCompressedTextureASTC::getName const):
381         (WebCore::WebGLCompressedTextureASTC::supported):
382         (WebCore::WebGLCompressedTextureASTC::getSupportedProfiles):
383         * html/canvas/WebGLCompressedTextureASTC.h: Added.
384         * html/canvas/WebGLCompressedTextureASTC.idl: Added.
385         * html/canvas/WebGLExtension.h:
386         * html/canvas/WebGLRenderingContext.cpp:
387         (WebCore::WebGLRenderingContext::getExtension):
388         (WebCore::WebGLRenderingContext::getSupportedExtensions):
389         * html/canvas/WebGLRenderingContextBase.cpp:
390         (WebCore::WebGLRenderingContextBase::validateCompressedTexFuncData):
391         (WebCore::WebGLRenderingContextBase::validateCompressedTexDimensions):
392         * html/canvas/WebGLRenderingContextBase.h:
393         * platform/graphics/Extensions3D.h:
394
395 2018-05-09  Youenn Fablet  <youenn@apple.com>
396
397         Allow WebResourceLoader to cancel a load served from a service worker
398         https://bugs.webkit.org/show_bug.cgi?id=185274
399
400         Reviewed by Chris Dumez.
401
402         Add support for cancelling a fetch from WebProcess to service worker process.
403         Use FetchIdentifier instead of uint64_t.
404
405         * Modules/fetch/FetchIdentifier.h: Added.
406         * WebCore.xcodeproj/project.pbxproj:
407         * workers/service/context/ServiceWorkerFetch.h:
408         * workers/service/context/ServiceWorkerThreadProxy.cpp:
409         (WebCore::ServiceWorkerThreadProxy::startFetch):
410         (WebCore::ServiceWorkerThreadProxy::cancelFetch):
411         * workers/service/context/ServiceWorkerThreadProxy.h:
412
413 2018-05-09  Thibault Saunier  <tsaunier@igalia.com>
414
415         [GStreamer] Fix style issue in MediaPlayerPrivateGStreamer
416         https://bugs.webkit.org/show_bug.cgi?id=185479
417
418         Reviewed by Philippe Normand.
419
420         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:114:  Multi line control clauses should use braces.  [whitespace/braces] [4]
421         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:194:  Multi line control clauses should use braces.  [whitespace/braces] [4]
422         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:398:  One line control clauses should not use braces.  [whitespace/braces] [4]
423         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:440:  One line control clauses should not use braces.  [whitespace/braces] [4]
424         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:806:  More than one command on the same line  [whitespace/newline] [4]
425         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:869:  More than one command on the same line  [whitespace/newline] [4]
426         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:880:  More than one command on the same line  [whitespace/newline] [4]
427         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:940:  More than one command on the same line  [whitespace/newline] [4]
428         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:1102:  Multi line control clauses should use braces.  [whitespace/braces] [4]
429         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:1109:  Multi line control clauses should use braces.  [whitespace/braces] [4]
430
431         Indentation and style issue fixed only.
432
433         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
434         (WebCore::MediaPlayerPrivateGStreamer::registerMediaEngine):
435         (WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer):
436         (WebCore::MediaPlayerPrivateGStreamer::changePipelineState):
437         (WebCore::MediaPlayerPrivateGStreamer::play):
438         (WebCore::MediaPlayerPrivateGStreamer::videoChangedCallback):
439         (WebCore::MediaPlayerPrivateGStreamer::videoSinkCapsChangedCallback):
440         (WebCore::MediaPlayerPrivateGStreamer::audioChangedCallback):
441         (WebCore::MediaPlayerPrivateGStreamer::textChangedCallback):
442         (WebCore::MediaPlayerPrivateGStreamer::buffered const):
443         (WebCore::MediaPlayerPrivateGStreamer::loadNextLocation):
444
445 2018-05-09  Daniel Bates  <dabates@apple.com>
446
447         REGRESSION (r231479): com.apple.WebCore crash in WebCore::DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied()
448         https://bugs.webkit.org/show_bug.cgi?id=185475
449         <rdar://problem/40093853>
450
451         Reviewed by Andy Estes.
452
453         DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() must extends its lifetime
454         until completion as dispatching a DOM load event at the associated frame can cause JavaScript execution
455         that can do anything, including destroying the loader that dispatched the event.
456
457         Following r231479 DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() is now
458         invoked by both DocumentLoader::responseReceived() and WebResourceLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied().
459         The latter only can happen when using WebKit2 and the experimental feature Restricted HTTP Response Access
460         is enabled (RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()). Unlike DocumentLoader::responseReceived()
461         WebResourceLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() does not take out a ref
462         on the DocumentLoader before invoking DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied().
463         Therefore, DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() can cause its
464         own destruction as a result of dispatching a DOM load event at the frame. We should take out a ref on
465         the DocumentLoader when executing DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied().
466
467         * loader/DocumentLoader.cpp:
468         (WebCore::DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied):
469
470 2018-05-09  Tim Horton  <timothy_horton@apple.com>
471
472         Fix the build by ignoring some deprecation warnings
473
474         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
475         (WebCore::MediaPlayerPrivateAVFoundationObjC::setShouldDisableSleep):
476
477 2018-05-09  Michael Catanzaro  <mcatanzaro@igalia.com>
478
479         [WPE] Build cleanly with GCC 8 and ICU 60
480         https://bugs.webkit.org/show_bug.cgi?id=185462
481
482         Reviewed by Carlos Alberto Lopez Perez.
483
484         * PlatformGTK.cmake: Include directories are in the wrong place.
485         * accessibility/AXObjectCache.cpp: Silence -Wclass-memaccess problems and leave warnings.
486         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
487         (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
488         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
489         (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl):
490         * css/CSSFontFace.cpp: Silence -Wfallthrough
491         (WebCore::CSSFontFace::fontLoadTiming const):
492         * css/CSSSelectorList.cpp: Silence -Wclass-memaccess, this one is intentional.
493         (WebCore::CSSSelectorList::adoptSelectorVector):
494         * editing/TextIterator.cpp: Silence ICU deprecation warnings.
495         * platform/Length.h:
496         (WebCore::Length::operator=): More -Wclass-memaccess, looks benign.
497         * platform/graphics/Gradient.cpp:
498         (WebCore::Gradient::hash const): -Wclass-memaccess again. Leave a warning.
499         * platform/graphics/SurrogatePairAwareTextIterator.cpp: Silence ICU deprecation warnings.
500         * platform/graphics/cairo/FontCairoHarfbuzzNG.cpp:
501         (WebCore::FontCascade::fontForCombiningCharacterSequence const): Silence ICU deprecation.
502         * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:
503         (WebCore::FontCustomPlatformData::FontCustomPlatformData): Silence -Wcast-function-type.
504         * platform/graphics/freetype/SimpleFontDataFreeType.cpp:
505         (WebCore::Font::canRenderCombiningCharacterSequence const): Silence ICU deprecation.
506         * platform/graphics/gstreamer/GstAllocatorFastMalloc.cpp:
507         (gstAllocatorFastMallocMemUnmap): Fix -Wcast-function-type.
508         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
509         (WebCore::MediaPlayerPrivateGStreamer::updateTracks): Fix bad printf.
510         (WebCore::MediaPlayerPrivateGStreamer::enableTrack): Another bad printf.
511         (WebCore::findHLSQueue): Fix -Wcast-function-type.
512         * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
513         (webKitMediaClearKeyDecryptorDecrypt): Fix another bad printf.
514         * platform/network/soup/SocketStreamHandleImplSoup.cpp: Silence -Wcast-function-type.
515         (WebCore::SocketStreamHandleImpl::beginWaitingForSocketWritability):
516         * platform/text/TextEncoding.cpp: Silence ICU deprecration.
517
518 2018-05-08  Simon Fraser  <simon.fraser@apple.com>
519
520         SVG lighting colors need to be converted into linearSRGB
521         https://bugs.webkit.org/show_bug.cgi?id=181196
522
523         Reviewed by Darin Adler.
524
525         Address post-commit comments. Don't make a Color that contains linearRGB components,
526         but use FloatComponents instead. Since these FloatComponents are in the 0-1 range,
527         FELighting::setPixelInternal() needs to multiply by 255 since the output pixels are
528         8-bit 0-255.
529         
530         Change linearToSRGBColorComponent() and sRGBToLinearColorComponent() to do math in
531         floats without promoting to doubles.
532
533         * platform/graphics/ColorUtilities.cpp:
534         (WebCore::FloatComponents::FloatComponents):
535         (WebCore::linearToSRGBColorComponent):
536         (WebCore::sRGBToLinearColorComponent):
537         (WebCore::sRGBColorToLinearComponents):
538         (WebCore::linearToSRGBColor): Deleted.
539         (WebCore::sRGBToLinearColor): Deleted.
540         * platform/graphics/ColorUtilities.h:
541         * platform/graphics/filters/FELighting.cpp:
542         (WebCore::FELighting::setPixelInternal):
543         (WebCore::FELighting::drawLighting):
544
545 2018-05-09  Timothy Hatcher  <timothy@apple.com>
546
547         Use StyleColor::Options in more places.
548
549         https://bugs.webkit.org/show_bug.cgi?id=185458
550         rdar://problem/39853798
551
552         Add UseDefaultAppearance to StyleColor::Options, to avoid passing yet another
553         boolean on some of these functions.
554
555         Reviewed by Tim Horton.
556
557         * css/MediaQueryEvaluator.cpp:
558         * css/StyleColor.h:
559         * dom/Document.cpp:
560         (WebCore::Document::useDefaultAppearance const):
561         (WebCore::Document::styleColorOptions const):
562         * dom/Document.h:
563         * platform/Theme.cpp:
564         (WebCore::Theme::paint):
565         * platform/Theme.h:
566         * platform/mac/LocalDefaultSystemAppearance.h:
567         * platform/mac/LocalDefaultSystemAppearance.mm:
568         (WebCore::LocalDefaultSystemAppearance::LocalDefaultSystemAppearance):
569         (WebCore::LocalDefaultSystemAppearance::~LocalDefaultSystemAppearance):
570         * platform/mac/ThemeMac.h:
571         * platform/mac/ThemeMac.mm:
572         (WebCore::paintToggleButton):
573         (WebCore::paintButton):
574         (WebCore::ThemeMac::ensuredView):
575         (WebCore::ThemeMac::drawCellOrFocusRingWithViewIntoContext):
576         (WebCore::ThemeMac::paint):
577         (-[WebCoreThemeView initWithUseSystemAppearance:]): Deleted.
578         * platform/wpe/ThemeWPE.cpp:
579         (WebCore::ThemeWPE::paint):
580         * platform/wpe/ThemeWPE.h:
581         * rendering/RenderListBox.cpp:
582         (WebCore::RenderListBox::paintItemBackground):
583         * rendering/RenderTheme.cpp:
584         (WebCore::RenderTheme::paint):
585         (WebCore::RenderTheme::inactiveListBoxSelectionBackgroundColor const):
586         (WebCore::RenderTheme::platformInactiveListBoxSelectionBackgroundColor const):
587         * rendering/RenderTheme.h:
588         * rendering/RenderThemeGtk.cpp:
589         (WebCore::RenderThemeGtk::platformInactiveListBoxSelectionBackgroundColor const):
590         * rendering/RenderThemeGtk.h:
591         * rendering/RenderThemeMac.h:
592         * rendering/RenderThemeMac.mm:
593         (WebCore::RenderThemeMac::documentViewFor const):
594         (WebCore::RenderThemeMac::platformInactiveListBoxSelectionBackgroundColor const):
595         (WebCore::RenderThemeMac::systemColor const):
596         (WebCore::RenderThemeMac::paintCellAndSetFocusedElementNeedsRepaintIfNecessary):
597         (WebCore::RenderThemeMac::paintSliderThumb):
598
599 2018-05-09  Yacine Bandou  <yacine.bandou_ext@softathome.com>
600
601         [EME][GStreamer] Crash when the mediaKeys are created before loading the media in debug conf
602         https://bugs.webkit.org/show_bug.cgi?id=185244
603
604         Reviewed by Xabier Rodriguez-Calvar.
605
606         The function "MediaPlayerPrivateGStreamerBase::cdmInstanceAttached" is expected to be called once,
607         so there is an ASSERT(!m_cdmInstance).
608         But when the MediaKeys are created before loading the media, the cdminstance is created and attached
609         to the MediaPlayerPrivate via "MediaPlayerPrivateGStreamerBase::cdmInstanceAttached" before loading
610         the media, then when the media is loading, the function "MediaPlayerPrivateGStreamerBase::cdmInstanceAttached"
611         will be called several times via the function "mediaEngineWasUpdated" wich is called for each change
612         in the MediaElement state, thus the WebProcess crashes in the ASSERT(!m_cdmInstance).
613
614         This commit avoid the crash by replacing the assert with a simple check.
615
616         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
617         (WebCore::MediaPlayerPrivateGStreamerBase::cdmInstanceAttached):
618         (WebCore::MediaPlayerPrivateGStreamerBase::cdmInstanceDetached):
619
620 2018-05-09  Antti Koivisto  <antti@apple.com>
621
622         Add OptionSet::operator& and operator bool
623         https://bugs.webkit.org/show_bug.cgi?id=185306
624
625         Reviewed by Anders Carlsson.
626
627         Use it in a few places.
628
629         * loader/FrameLoader.cpp:
630         (WebCore::FrameLoader::reload):
631         * rendering/RenderLayerCompositor.cpp:
632         (WebCore::RenderLayerCompositor::logReasonsForCompositing):
633         (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):
634
635 2018-05-08  Dean Jackson  <dino@apple.com>
636
637         Disable system preview link fetching
638         https://bugs.webkit.org/show_bug.cgi?id=185463
639
640         Reviewed by Jon Lee.
641
642         Temporarily disable system preview detection when a link
643         is clicked.
644
645         * html/HTMLAnchorElement.cpp:
646         (WebCore::HTMLAnchorElement::handleClick):
647
648 2018-05-08  Wenson Hsieh  <wenson_hsieh@apple.com>
649
650         Unreviewed, fix the internal iOS build
651
652         Add a missing import statement in an implementation file.
653
654         * editing/cocoa/WebContentReaderCocoa.mm:
655
656 2018-05-08  Ryan Haddad  <ryanhaddad@apple.com>
657
658         Unreviewed, rolling out r231486.
659
660         Caused service worker LayoutTest failures on macOS Debug WK2.
661
662         Reverted changeset:
663
664         "Allow WebResourceLoader to cancel a load served from a
665         service worker"
666         https://bugs.webkit.org/show_bug.cgi?id=185274
667         https://trac.webkit.org/changeset/231486
668
669 2018-05-08  Wenson Hsieh  <wenson_hsieh@apple.com>
670
671         Consolidate WebContentReaderIOS and WebContentReaderMac into WebContentReaderCocoa
672         https://bugs.webkit.org/show_bug.cgi?id=185340
673
674         Reviewed by Tim Horton.
675
676         WebContentReader::readURL is currently the only method implemented separately in iOS and macOS platform
677         WebContentReader files. The implementation across macOS and iOS is nearly identical (with some exceptions with
678         the way iOS handles file URLs and plain text editing), so we can merge these into a single method
679         WebContentReaderCocoa and delete WebContentReaderIOS and WebContentReaderMac.
680
681         This also has the added bonus of fixing a latent bug in WebContentReaderMac, wherein URLs written to the
682         pasteboard using -[NSPasteboard writeObjects:] are currently pasted as empty anchor elements. In this case, the
683         link title isn't made explicit, so the `title` passed in to WebContentReader::readURL is empty. On iOS, we have
684         code to fall back to pasting the absolute string of the URL if the title is empty, but on macOS, we'll just use
685         this empty string as the title of the anchor.
686
687         Test: PasteMixedContent.PasteURLWrittenToPasteboardUsingWriteObjects
688
689         * SourcesCocoa.txt:
690         * WebCore.xcodeproj/project.pbxproj:
691         * editing/cocoa/WebContentReaderCocoa.mm:
692         (WebCore::WebContentReader::readURL):
693         * editing/ios/WebContentReaderIOS.mm: Removed.
694         * editing/mac/WebContentReaderMac.mm: Removed.
695
696 2018-05-08  Zalan Bujtas  <zalan@apple.com>
697
698         [Simple line layout] Cache run resolver.
699         https://bugs.webkit.org/show_bug.cgi?id=185411
700
701         Reviewed by Antti Koivisto.
702
703         This patch caches the run resolver on the [SimpleLine]Layout object. 
704         In certain cases, when the block container has thousands of elements (foobar1<br>foobar2<br>.....foobar9999<br>),
705         constructing the resolver (and its dependencies) in a repeating fashion could hang the WebProcess.
706
707         Covered by existing tests.
708
709         * rendering/SimpleLineLayout.cpp:
710         (WebCore::SimpleLineLayout::create):
711         (WebCore::SimpleLineLayout::Layout::create):
712         (WebCore::SimpleLineLayout::Layout::Layout):
713         * rendering/SimpleLineLayout.h:
714         (WebCore::SimpleLineLayout::Layout::runResolver const):
715         * rendering/SimpleLineLayoutFunctions.cpp:
716         (WebCore::SimpleLineLayout::paintFlow):
717         (WebCore::SimpleLineLayout::hitTestFlow):
718         (WebCore::SimpleLineLayout::collectFlowOverflow):
719         (WebCore::SimpleLineLayout::computeBoundingBox):
720         (WebCore::SimpleLineLayout::computeFirstRunLocation):
721         (WebCore::SimpleLineLayout::collectAbsoluteRects):
722         (WebCore::SimpleLineLayout::collectAbsoluteQuads):
723         (WebCore::SimpleLineLayout::textOffsetForPoint):
724         (WebCore::SimpleLineLayout::collectAbsoluteQuadsForRange):
725         (WebCore::SimpleLineLayout::generateLineBoxTree):
726         * rendering/SimpleLineLayoutResolver.cpp:
727         (WebCore::SimpleLineLayout::LineResolver::LineResolver):
728         * rendering/SimpleLineLayoutResolver.h:
729         (WebCore::SimpleLineLayout::lineResolver):
730
731 2018-05-08  Brent Fulgham  <bfulgham@apple.com>
732
733         Switch some RELEASE_ASSERTS to plain debug ASSERTS in PlatformScreenMac.mm
734         https://bugs.webkit.org/show_bug.cgi?id=185451
735         <rdar://problem/39620348>
736
737         Reviewed by Zalan Bujtas.
738
739         Change a set of RELEASE_ASSERTS used to prevent accessing NSScreen related functions in the
740         PlatformScreenMac implementation to less expensive Debug ASSERTS.
741
742         No change in behavior.
743
744         * platform/mac/PlatformScreenMac.mm:
745         (WebCore::screenHasInvertedColors):
746         (WebCore::screenDepth):
747         (WebCore::screenDepthPerComponent):
748         (WebCore::screenRectForDisplay):
749         (WebCore::screenRect):
750         (WebCore::screenAvailableRect):
751         (WebCore::screenColorSpace):
752         (WebCore::screenSupportsExtendedColor):
753
754 2018-05-08  Daniel Bates  <dabates@apple.com>
755
756         Resign Strong Password appearance when text field value changes
757         https://bugs.webkit.org/show_bug.cgi?id=185433
758         <rdar://problem/39958508>
759
760         Reviewed by Ryosuke Niwa.
761
762         Remove the Strong Password decoration when the text field's value changes to avoid interfering
763         with web sites that allow a person to clear the password field.
764
765         Tests: fast/forms/auto-fill-button/auto-fill-strong-password-button-when-maxlength-changes.html
766                fast/forms/auto-fill-button/auto-fill-strong-password-button-when-minlength-changes.html
767                fast/forms/auto-fill-button/hide-auto-fill-strong-password-button-when-value-changes.html
768
769         * html/HTMLInputElement.cpp:
770         (WebCore::HTMLInputElement::resignStrongPasswordAppearance): Extracted from HTMLInputElement::updateType().
771         (WebCore::HTMLInputElement::updateType): Extract out logic to resign the Strong Password appearance
772         into a function that can be shared by this function and HTMLInputElement::setValue().
773         (WebCore::HTMLInputElement::setValue): Resign the Strong Password appearance if this field was
774         changed programmatically (i.e. no DOM change event was dispatched).
775         * html/HTMLInputElement.h:
776
777 2018-05-08  Jer Noble  <jer.noble@apple.com>
778
779         Unreviewed build fix; add missing function definition.
780
781         * html/HTMLMediaElement.h:
782         (WebCore::HTMLMediaElement::didPassCORSAccessCheck const):
783
784 2018-05-08  Jer Noble  <jer.noble@apple.com>
785
786         Mute MediaElementSourceNode when tainted.
787         https://bugs.webkit.org/show_bug.cgi?id=184866
788
789         Reviewed by Eric Carlson.
790
791         Test: http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin.html
792
793         * Modules/webaudio/AudioContext.cpp:
794         (WebCore::AudioContext::wouldTaintOrigin const):
795         * Modules/webaudio/AudioContext.h:
796         * Modules/webaudio/MediaElementAudioSourceNode.cpp:
797         (WebCore::MediaElementAudioSourceNode::setFormat):
798         (WebCore::MediaElementAudioSourceNode::wouldTaintOrigin):
799         (WebCore::MediaElementAudioSourceNode::process):
800         * Modules/webaudio/MediaElementAudioSourceNode.h:
801
802 2018-05-08  Eric Carlson  <eric.carlson@apple.com>
803
804         Log rtcstats as JSON
805         https://bugs.webkit.org/show_bug.cgi?id=185437
806         <rdar://problem/40065332>
807
808         Reviewed by Youenn Fablet.
809
810         * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
811         (WebCore::RTCStatsLogger::RTCStatsLogger): Create a wrapper class so we don't have to add a
812         toJSONString method to libwebrtc.
813         (WebCore::RTCStatsLogger::toJSONString const): Log stats as JSON.
814         (WebCore::LibWebRTCMediaEndpoint::OnStatsDelivered): Don't use the LOGIDENTIFIER macro because
815         it doesn't work well inside of a lambda.
816         (WTF::LogArgument<WebCore::RTCStatsLogger>::toString): Move into .cpp file because it is only
817         used here.
818         * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.h:
819         (WTF::LogArgument<webrtc::RTCStats>::toString): Deleted. Move to .cpp file.
820
821 2018-05-08  Dean Jackson  <dino@apple.com>
822
823         System Preview links should trigger a download
824         https://bugs.webkit.org/show_bug.cgi?id=185439
825         <rdar://problem/40065545>
826
827         Reviewed by Jon Lee.
828
829         Add a new field to FrameLoadRequest, which then is copied
830         into ResourceRequest, identifying if the link clicked
831         is a system preview.
832
833         * html/HTMLAnchorElement.cpp:
834         (WebCore::HTMLAnchorElement::handleClick): Look for isSystemPreviewLink().
835         * loader/FrameLoadRequest.cpp:
836         (WebCore::FrameLoadRequest::FrameLoadRequest):
837         * loader/FrameLoadRequest.h: New property.
838         (WebCore::FrameLoadRequest::FrameLoadRequest):
839         (WebCore::FrameLoadRequest::isSystemPreview const):
840         * loader/FrameLoader.cpp:
841         (WebCore::FrameLoader::urlSelected):
842         (WebCore::FrameLoader::loadURL):
843         * loader/FrameLoader.h:
844         * platform/network/ResourceRequestBase.cpp:
845         (WebCore::ResourceRequestBase::isSystemPreview const):
846         (WebCore::ResourceRequestBase::setSystemPreview):
847         * platform/network/ResourceRequestBase.h:
848
849 2018-05-08  Commit Queue  <commit-queue@webkit.org>
850
851         Unreviewed, rolling out r231491.
852         https://bugs.webkit.org/show_bug.cgi?id=185434
853
854         Setting the Created key on a cookie does not work yet, due a
855         bug in CFNetwork (Requested by ggaren on #webkit).
856
857         Reverted changeset:
858
859         "[WKHTTPCookieStore getAllCookies] returns inconsistent
860         creation time"
861         https://bugs.webkit.org/show_bug.cgi?id=185041
862         https://trac.webkit.org/changeset/231491
863
864 2018-05-08  Sihui Liu  <sihui_liu@apple.com>
865
866         [WKHTTPCookieStore getAllCookies] returns inconsistent creation time
867         https://bugs.webkit.org/show_bug.cgi?id=185041
868         <rdar://problem/34684214>
869
870         Reviewed by Geoffrey Garen.
871
872         Set creationtime property when creating Cookie object to keep consistency after conversion.
873
874         New API test: WebKit.WKHTTPCookieStoreCreationTime.
875
876         * platform/network/cocoa/CookieCocoa.mm:
877         (WebCore::Cookie::operator NSHTTPCookie * const):
878
879 2018-05-08  Eric Carlson  <eric.carlson@apple.com>
880
881         Text track cue logging should include cue text
882         https://bugs.webkit.org/show_bug.cgi?id=185353
883         <rdar://problem/40003565>
884
885         Reviewed by Brent Fulgham.
886
887         No new tests, tested manually.
888
889         * html/track/VTTCue.cpp:
890         (WebCore::VTTCue::toJSON const):
891         * platform/graphics/InbandTextTrackPrivateClient.h:
892         (WebCore::GenericCueData::toJSONString const):
893         * platform/graphics/iso/ISOVTTCue.cpp:
894         (WebCore::ISOWebVTTCue::toJSONString const):
895
896 2018-05-08  Sam Weinig  <sam@webkit.org>
897
898         More cleanup of XMLHttpRequestUpload
899         https://bugs.webkit.org/show_bug.cgi?id=185409
900
901         Reviewed by Alex Christensen.
902
903         - Remove unneeded #includes
904         - Rename m_xmlHttpRequest to m_request
905         - Make some overloaded some methods private, and mark them as final rather
906           than override.
907
908         * xml/XMLHttpRequestUpload.cpp:
909         (WebCore::XMLHttpRequestUpload::XMLHttpRequestUpload):
910         * xml/XMLHttpRequestUpload.h:
911
912 2018-05-08  Zalan Bujtas  <zalan@apple.com>
913
914         [LFC] Start using BlockMarginCollapse
915         https://bugs.webkit.org/show_bug.cgi?id=185424
916
917         Reviewed by Antti Koivisto.
918
919         BlockMarginCollapse could be all static.
920
921         * layout/blockformatting/BlockFormattingContext.cpp:
922         (WebCore::Layout::BlockFormattingContext::marginTop const):
923         (WebCore::Layout::BlockFormattingContext::marginBottom const):
924         * layout/blockformatting/BlockMarginCollapse.cpp:
925         (WebCore::Layout::isMarginTopCollapsedWithSibling):
926         (WebCore::Layout::isMarginBottomCollapsedWithSibling):
927         (WebCore::Layout::isMarginTopCollapsedWithParent):
928         (WebCore::Layout::isMarginBottomCollapsedWithParent):
929         (WebCore::Layout::collapsedMarginTopFromFirstChild):
930         (WebCore::Layout::collapsedMarginBottomFromLastChild):
931         (WebCore::Layout::nonCollapsedMarginTop):
932         (WebCore::Layout::nonCollapsedMarginBottom):
933         (WebCore::Layout::BlockMarginCollapse::marginTop):
934         (WebCore::Layout::BlockMarginCollapse::marginBottom):
935         (WebCore::Layout::BlockMarginCollapse::BlockMarginCollapse): Deleted.
936         (WebCore::Layout::BlockMarginCollapse::marginTop const): Deleted.
937         (WebCore::Layout::BlockMarginCollapse::marginBottom const): Deleted.
938         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithSibling const): Deleted.
939         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithSibling const): Deleted.
940         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithParent const): Deleted.
941         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithParent const): Deleted.
942         (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginTop const): Deleted.
943         (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginBottom const): Deleted.
944         (WebCore::Layout::BlockMarginCollapse::collapsedMarginTopFromFirstChild const): Deleted.
945         (WebCore::Layout::BlockMarginCollapse::collapsedMarginBottomFromLastChild const): Deleted.
946         (WebCore::Layout::BlockMarginCollapse::hasAdjoiningMarginTopAndBottom const): Deleted.
947         * layout/blockformatting/BlockMarginCollapse.h:
948
949 2018-05-08  Youenn Fablet  <youenn@apple.com>
950
951         Allow WebResourceLoader to cancel a load served from a service worker
952         https://bugs.webkit.org/show_bug.cgi?id=185274
953
954         Reviewed by Chris Dumez.
955
956         Add support for cancelling a fetch from WebProcess to service worker process.
957         Use FetchIdentifier instead of uint64_t.
958
959         * Modules/fetch/FetchIdentifier.h: Added.
960         * WebCore.xcodeproj/project.pbxproj:
961         * workers/service/context/ServiceWorkerFetch.h:
962         * workers/service/context/ServiceWorkerThreadProxy.cpp:
963         (WebCore::ServiceWorkerThreadProxy::startFetch):
964         (WebCore::ServiceWorkerThreadProxy::cancelFetch):
965         * workers/service/context/ServiceWorkerThreadProxy.h:
966
967 2018-05-08  Said Abou-Hallawa  <sabouhallawa@apple.com>
968
969         feTurbulence is not rendered correctly on Retina display
970         https://bugs.webkit.org/show_bug.cgi?id=183798
971
972         Reviewed by Simon Fraser.
973
974         On 2x display the feTurbulence filter creates a scaled ImageBuffer but
975         processes only the unscaled size. This is a remaining work of r168577 and
976         is very similar to what was done for the feMorphology filter in r188271.
977
978         Test: fast/hidpi/filters-turbulence.html
979
980         * platform/graphics/filters/FETurbulence.cpp:
981         (WebCore::FETurbulence::fillRegion const):
982         (WebCore::FETurbulence::platformApplySoftware):
983
984 2018-05-07  Zalan Bujtas  <zalan@apple.com>
985
986         [LFC] Add FormattingContext::layoutOutOfFlowDescendants implementation
987         https://bugs.webkit.org/show_bug.cgi?id=185377
988
989         Reviewed by Antti Koivisto.
990
991         Also, remove FormattingContext's m_layoutContext member and pass it in to ::layout() instead.
992         In theory LayoutContext is needed only during ::layout() call. 
993
994         * layout/FormattingContext.cpp:
995         (WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):
996         * layout/FormattingContext.h:
997         (WebCore::Layout::FormattingContext::layoutContext const):
998         * layout/LayoutContext.cpp:
999         (WebCore::Layout::LayoutContext::updateLayout):
1000         * layout/blockformatting/BlockFormattingContext.cpp:
1001         (WebCore::Layout::BlockFormattingContext::layout const):
1002         * layout/blockformatting/BlockFormattingContext.h:
1003         * layout/inlineformatting/InlineFormattingContext.cpp:
1004         (WebCore::Layout::InlineFormattingContext::layout const):
1005         * layout/inlineformatting/InlineFormattingContext.h:
1006
1007 2018-05-07  Daniel Bates  <dabates@apple.com>
1008
1009         Check X-Frame-Options and CSP frame-ancestors in network process
1010         https://bugs.webkit.org/show_bug.cgi?id=185410
1011         <rdar://problem/37733934>
1012
1013         Reviewed by Ryosuke Niwa.
1014
1015         * WebCore.xcodeproj/project.pbxproj: Make PingLoader.h a private header so that we can include it in WebKit.
1016         * loader/DocumentLoader.cpp:
1017         (WebCore::DocumentLoader::responseReceived): Only check CSP frame-ancestors and X-Frame-Options here if
1018         we are not checking them in the NetworkProcess and HTTP response access is restricted. I code is otherwise kept
1019         unchanged. There may be opportunities to clean this code up more and share more of it. We should look into this
1020         in subsequent bugs.
1021         * loader/DocumentLoader.h: Change visibility of stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() from
1022         private to public and export it so that we can call it from the WebKit.
1023         * loader/PingLoader.h:
1024         * page/Settings.yaml: Add a new setting called networkProcessCSPFrameAncestorsCheckingEnabled (defaults: false)
1025         and is hardcoded in WebPage.cpp to be enabled. This setting is used to determine if we will be using the NetworkProcess.
1026         Ideally we wouldn't have this setting and just key off RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess().
1027         However RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() is always enabled in WebKit Legacy
1028         at the time of writing (why?). And, strangely, RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()
1029         is conditionally enabled in WebKit. For now, we add a new setting, networkProcessCSPFrameAncestorsCheckingEnabled,
1030         to determine if CSP checking should be performed in NetworkProcess. For checking to actually happen in NetworkProcess
1031         and not in DocumentLoader::responseReceived() RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()
1032         will also need to be enabled.
1033         * page/csp/ContentSecurityPolicy.cpp:
1034         (WebCore::ContentSecurityPolicy::allowFrameAncestors const): Added a variant that takes a vector of ancestor origins.
1035         * page/csp/ContentSecurityPolicy.h:
1036         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
1037         (WebCore::checkFrameAncestors): Ditto.
1038         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForFrameAncestorOrigins const): Ditto.
1039         * page/csp/ContentSecurityPolicyDirectiveList.h: Export constructor so that we can invoke it from NetworkResourceLoader::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions().
1040         * page/csp/ContentSecurityPolicyResponseHeaders.h:
1041         * platform/network/HTTPParsers.h: Export XFrameOptionsDisposition() so that we can use in WebKit.
1042
1043 2018-05-07  Daniel Bates  <dabates@apple.com>
1044
1045         Abstract logic to log console messages and send CSP violation reports into a client
1046         https://bugs.webkit.org/show_bug.cgi?id=185393
1047         <rdar://problem/40036053>
1048
1049         Reviewed by Brent Fulgham.
1050
1051         First pass at adding infrastructure to supporting CSP reporting from NetworkProcess and workers.
1052         Replaces the existing ContentSecurityPolicy constructor that takes a Frame with one that
1053         takes a ContentSecurityPolicyClient to delegate to for logging and sending reports. We will look
1054         to remove ContentSecurityPolicy constructor that takes a ScriptExecutionContext in a follow up.
1055
1056         Standardize on instantiating a ContentSecurityPolicy with the full URL to resource that it protects
1057         instead of taking only the SecurityOrigin of this URL. By taking the full URL the ContentSecurityPolicy
1058         object is now capable of resolving a relative report URL without needing a Document/ScriptExecutionContext.
1059
1060         We are underutilizing the CSPInfo struct and ContentSecurityPolicyClient::willSendCSPViolationReport()
1061         delegate callback in this patch. We will make use of this functionality in a subsequent patch to
1062         support collecting script state (e.g. source line number) when reporting CSP violations in worker
1063         threads. We also no longer go through the unnecessary motions to try to collect script state for a
1064         frame-ancestors violation (since DocumentLoader extends ContentSecurityPolicyClient and does not
1065         implement ContentSecurityPolicyClient::willSendCSPViolationReport()). The frame-ancestors directive
1066         is checked before a document is parsed and executes script; => there will never be any script state
1067         to collect; => it is not necessary to try to collect it as we currently do.
1068
1069         * Sources.txt: Add file ContentSecurityPolicyClient.cpp. See the remarks for ContentSecurityPolicyClient.cpp
1070         below on why we have this file.
1071         * WebCore.xcodeproj/project.pbxproj: Add files ContentSecurityPolicyClient.{h, cpp}.
1072         * dom/Document.cpp:
1073         (WebCore::Document::initSecurityContext): Pass the URL of the protected document.
1074         * loader/DocumentLoader.cpp:
1075         (WebCore::DocumentLoader::responseReceived): Ditto.
1076         (WebCore::DocumentLoader::addConsoleMessage): Added.
1077         (WebCore::DocumentLoader::sendCSPViolationReport): Added.
1078         (WebCore::DocumentLoader::dispatchSecurityPolicyViolationEvent): Added.
1079         * loader/DocumentLoader.h:
1080         * loader/FrameLoaderClient.h: Fix typo in comment.
1081         * loader/WorkerThreadableLoader.cpp:
1082         (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass the URL of the worker script.
1083         * page/csp/ContentSecurityPolicy.cpp:
1084         (WebCore::ContentSecurityPolicy::ContentSecurityPolicy): Added overload that takes a URL&& and an optional
1085         ContentSecurityPolicyClient*.
1086         (WebCore::ContentSecurityPolicy::deprecatedURLForReporting const): Extracted and simplified stripURLForUseInReport()
1087         into this member function.
1088         (WebCore::ContentSecurityPolicy::reportViolation const): Modified to make use of the client, if we have
1089         one and removed code for handling a ContentSecurityPolicy that was instantiated with a Frame.
1090         (WebCore::ContentSecurityPolicy::logToConsole const): Ditto.
1091         (WebCore::stripURLForUseInReport): Deleted; incorporated into ContentSecurityPolicy::deprecatedURLForReporting().
1092         * page/csp/ContentSecurityPolicy.h:
1093         * page/csp/ContentSecurityPolicyClient.cpp: Added. This file exists so that we can define the virtual
1094         destructor out-of-line and export this abstract class so as to avoid the need for the vtable to be
1095         defined in the translation unit of each derived class.
1096         * page/csp/ContentSecurityPolicyClient.h: Added.
1097         * page/csp/ContentSecurityPolicySource.cpp:
1098         (WebCore::ContentSecurityPolicySource::operator SecurityOriginData const): Added.
1099         * page/csp/ContentSecurityPolicySource.h:
1100         * workers/WorkerGlobalScope.cpp:
1101         (WebCore::WorkerGlobalScope::WorkerGlobalScope): Instantiate the ContentSecurityPolicy object with the
1102         URL of the worker script.
1103
1104 2018-05-07  Simon Fraser  <simon.fraser@apple.com>
1105
1106         CSS filters which reference SVG filters fail to respect the "color-interpolation-filters" of the filter
1107         https://bugs.webkit.org/show_bug.cgi?id=185343
1108
1109         Reviewed by Dean Jackson.
1110
1111         Test: css3/filters/color-interpolation-filters.html
1112         
1113         When applying CSS reference filters, apply the value of "color-interpolation-filters" for the
1114         referenced filter effect element, just as we do for SVG filters.
1115
1116         * rendering/FilterEffectRenderer.cpp:
1117         (WebCore::FilterEffectRenderer::buildReferenceFilter):
1118
1119 2018-05-07  Daniel Bates  <dabates@apple.com>
1120
1121         CSP status-code incorrect for document blocked due to violation of its frame-ancestors directive
1122         https://bugs.webkit.org/show_bug.cgi?id=185366
1123         <rdar://problem/40035116>
1124
1125         Reviewed by Brent Fulgham.
1126
1127         Fixes an issue where the status-code in the sent CSP report for an HTTP document blocked because
1128         its frame-ancestors directive was violated would be the status code of the previously loaded
1129         document in the frame. If the previously loaded document was about:blank then this would be 0.
1130
1131         Currently whenever we send a CSP report we ask the document's loader (Document::loader()) for the
1132         HTTP status code for the last response. Document::loader() returns the loader for the last committed
1133         document its frame. For a frame-ancestors violation, a CSP report is sent before the document
1134         that had the frame-ancestors directive has been committed and after it has been associate with a frame.
1135         As a result we are in are in a transient transition state for the frame and hence the last response
1136         for new document's loader (Document::loader()) is actually the last response of the previously loaded
1137         document in the frame. Instead we need to take care to tell CSP about the HTTP status code for the
1138         response associated with the document the CSP came from.
1139
1140         * dom/Document.cpp:
1141         (WebCore::Document::processHttpEquiv):
1142         (WebCore::Document::initSecurityContext):
1143         Pass the HTTP status code to CSP.
1144
1145         * page/csp/ContentSecurityPolicy.cpp:
1146         (WebCore::ContentSecurityPolicy::copyStateFrom):
1147         (WebCore::ContentSecurityPolicy::responseHeaders const):
1148         (WebCore::ContentSecurityPolicy::didReceiveHeaders):
1149         (WebCore::ContentSecurityPolicy::didReceiveHeader):
1150         (WebCore::ContentSecurityPolicy::reportViolation const):
1151         * page/csp/ContentSecurityPolicy.h:
1152         Modify existing functions to take the HTTP status code, store it in a instance variable,
1153         and reference this variable when reporting a violation.
1154
1155         * page/csp/ContentSecurityPolicyResponseHeaders.cpp:
1156         (WebCore::ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders):
1157         (WebCore::ContentSecurityPolicyResponseHeaders::isolatedCopy const):
1158         * page/csp/ContentSecurityPolicyResponseHeaders.h:
1159         (WebCore::ContentSecurityPolicyResponseHeaders::encode const):
1160         (WebCore::ContentSecurityPolicyResponseHeaders::decode):
1161         Store the HTTP status code along with the response headers.
1162
1163 2018-05-07  Daniel Bates  <dabates@apple.com>
1164
1165         CSP referrer incorrect for document blocked due to violation of its frame-ancestors directive
1166         https://bugs.webkit.org/show_bug.cgi?id=185380
1167
1168         Reviewed by Brent Fulgham.
1169
1170         Similar to <https://bugs.webkit.org/show_bug.cgi?id=185366>, fixes an issue where the referrer
1171         in the sent CSP report for an HTTP document blocked because its frame-ancestors directive was
1172         violated would be the referrer of the previously loaded document in the frame.
1173
1174         Currently whenever we send a CSP report we ask the document's loader (Document::loader()) for
1175         the referrer for the last request. Document::loader() returns the loader for the last committed
1176         document in its frame. For a frame-ancestors violation, a CSP report is sent before the document
1177         that had the frame-ancestors directive has been committed and after it has been associate with a
1178         frame. As a result we are in a transient transition state for the frame and hence the last request
1179         for the new document's loader (Document::loader()) is actually the last request of the previously
1180         loaded document in the frame. Instead we need to take care to tell CSP about the referrer for the
1181         request associated with the document the CSP came from.
1182
1183         * loader/DocumentLoader.cpp:
1184         (WebCore::DocumentLoader::responseReceived):
1185
1186 2018-05-07  Brent Fulgham  <bfulgham@apple.com>
1187
1188         Add experimental feature to prompt for Storage Access API use
1189         https://bugs.webkit.org/show_bug.cgi?id=185335
1190         <rdar://problem/39994649>
1191
1192         Reviewed by Alex Christensen and Youenn Fablet.
1193
1194         Create a new experimental feature that gates the ability of WebKit clients to prompt the user when
1195         Storage Access API is invoked.
1196
1197         Currently this feature doesn't have any user-visible impact.
1198
1199         * page/RuntimeEnabledFeatures.h:
1200         (WebCore::RuntimeEnabledFeatures::setStorageAccessPromptsEnabled):
1201         (WebCore::RuntimeEnabledFeatures::storageAccessPromptsEnabled const):
1202         * testing/InternalSettings.cpp:
1203         (WebCore::InternalSettings::Backup::Backup):
1204         (WebCore::InternalSettings::Backup::restoreTo):
1205         (WebCore::InternalSettings::setStorageAccessPromptsEnabled):
1206         * testing/InternalSettings.h:
1207         * testing/InternalSettings.idl:
1208
1209 2018-05-07  Chris Dumez  <cdumez@apple.com>
1210
1211         Stop using an iframe's id as fallback if its name attribute is not set
1212         https://bugs.webkit.org/show_bug.cgi?id=11388
1213
1214         Reviewed by Geoff Garen.
1215
1216         WebKit had logic to use an iframe's id as fallback name when its name
1217         content attribute is not set. This behavior was not standard and did not
1218         match other browsers:
1219         - https://html.spec.whatwg.org/#attr-iframe-name
1220
1221         Gecko / Trident never behaved this way. Blink was aligned with us until
1222         they started to match the specification in:
1223         - https://bugs.chromium.org/p/chromium/issues/detail?id=347169
1224
1225         This WebKit quirk was causing some Web-compatibility issues because it
1226         would affect the behavior of Window's name property getter when trying
1227         to look up an iframe by id. Because of Window's named property getter
1228         behavior [1], we would return the frame's contentWindow instead of the
1229         iframe element itself.
1230
1231         [1] https://html.spec.whatwg.org/multipage/window-object.html#named-access-on-the-window-object
1232
1233         Test: fast/dom/Window/named-getter-frame-id.html
1234
1235         * html/HTMLFrameElementBase.cpp:
1236         (WebCore::HTMLFrameElementBase::openURL):
1237         (WebCore::HTMLFrameElementBase::parseAttribute):
1238         (WebCore::HTMLFrameElementBase::didFinishInsertingNode):
1239         * html/HTMLFrameElementBase.h:
1240
1241 2018-05-07  Chris Dumez  <cdumez@apple.com>
1242
1243         ASSERT(!childItemWithTarget(child->target())) is hit in HistoryItem::addChildItem()
1244         https://bugs.webkit.org/show_bug.cgi?id=185322
1245
1246         Reviewed by Geoff Garen.
1247
1248         We generate unique names for Frame to be used in HistoryItem. Those names not only
1249         need to be unique, they also need to be repeatable to avoid layout tests flakiness
1250         and for things like restoring form state from a HistoryItem.
1251
1252         The previously generated frame names were relying on the Frame's index among a
1253         parent Frame's children. The issue was that we could end up with duplicate names
1254         because one could insert a Frame *before* an existing one. This is because the code
1255         would not take care of updating existing Frames' unique name on frame tree mutation.
1256
1257         Updating frame tree names on mutation would be inefficient and is also not necessary.
1258         The approach chosen in this patch is to stop using the Frame's index and instead rely
1259         on an increasing counter stored on the top-frame's FrameTree. To make the names
1260         repeatable, we reset the counter on page navigation.
1261
1262         * page/Frame.cpp:
1263         (WebCore::Frame::setDocument):
1264         * page/FrameTree.cpp:
1265         (WebCore::FrameTree::uniqueChildName const):
1266         (WebCore::FrameTree::generateUniqueName const):
1267         * page/FrameTree.h:
1268         (WebCore::FrameTree::resetFrameIdentifiers):
1269
1270 2018-05-07  Yacine Bandou  <yacine.bandou_ext@softathome.com>
1271
1272         [EME][GStreamer] Fix wrong subsample parsing on r227067
1273         https://bugs.webkit.org/show_bug.cgi?id=185382
1274
1275         Reviewed by Philippe Normand.
1276
1277         The initialization of sampleIndex should be moved outside of the loop.
1278         Without this patch we will have a bad log and the check of the subsample
1279         count will be useless.
1280
1281         * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
1282         (webKitMediaClearKeyDecryptorDecrypt):
1283
1284 2018-05-07  Daniel Bates  <dabates@apple.com>
1285
1286         CSP should be passed the referrer
1287         https://bugs.webkit.org/show_bug.cgi?id=185367
1288
1289         Reviewed by Per Arne Vollan.
1290
1291         As a step towards formalizing a CSP delegate object and removing the dependencies
1292         on ScriptExecutionContext and Frame, we should pass the document's referrer directly
1293         instead of indirectly obtaining it from the ScriptExecutionContext or Frame used
1294         to instantiate the ContentSecurityPolicy object.
1295
1296         * dom/Document.cpp:
1297         (WebCore::Document::processHttpEquiv): Pass the document's referrer.
1298         (WebCore::Document::initSecurityContext): Ditto.
1299         (WebCore::Document::applyQuickLookSandbox): Ditto.
1300         * loader/DocumentLoader.cpp:
1301         (WebCore::DocumentLoader::responseReceived): Ditto.
1302         * loader/FrameLoader.cpp:
1303         (WebCore::FrameLoader::didBeginDocument): Ditto.
1304         * page/csp/ContentSecurityPolicy.cpp:
1305         (WebCore::ContentSecurityPolicy::copyStateFrom): We pass a null string for the referrer
1306         to didReceiveHeader() as a placeholder since it requires the referrer be given to it. We
1307         fix up the referrer (m_referrer) after copying all the policy headers.
1308         (WebCore::ContentSecurityPolicy::didReceiveHeaders): Ditto.
1309         (WebCore::ContentSecurityPolicy::didReceiveHeader): Modified to take a referrer and WTFMove()s
1310         it into an instance variable (m_referrer).
1311         (WebCore::ContentSecurityPolicy::reportViolation const): Modified to use the stored referrer.
1312         * page/csp/ContentSecurityPolicy.h:
1313         * workers/WorkerGlobalScope.cpp:
1314         (WebCore::WorkerGlobalScope::applyContentSecurityPolicyResponseHeaders): Pass a null string
1315         for the referrer as a worker does not have a referrer.
1316
1317 2018-05-07  Daniel Bates  <dabates@apple.com>
1318
1319         CSP should only notify Inspector to pause the debugger on the first policy to violate a directive
1320         https://bugs.webkit.org/show_bug.cgi?id=185364
1321
1322         Reviewed by Brent Fulgham.
1323
1324         Notify Web Inspector that a script was blocked on the first enforced CSP policy that it
1325         violates.
1326
1327         A page can have more than one enforced Content Security Policy. Currently for inline
1328         scripts, inline event handlers, JavaScript URLs, and eval() that are blocked by CSP
1329         we notify Web Inspector that it was blocked for each CSP policy that blocked it. When
1330         Web Inspector is notified it pauses script execution. It does not seem very meaningful
1331         to pause script execution on the same script for each CSP policy that blocked it.
1332         Therefore, only tell Web Inspector that a script was blocked for the first enforced CSP
1333         policy that blocked it.
1334
1335         * page/csp/ContentSecurityPolicy.cpp:
1336         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs const):
1337         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers const):
1338         (WebCore::ContentSecurityPolicy::allowInlineScript const):
1339         (WebCore::ContentSecurityPolicy::allowEval const):
1340
1341 2018-05-07  Daniel Bates  <dabates@apple.com>
1342
1343         Substitute CrossOriginPreflightResultCache::clear() for CrossOriginPreflightResultCache::empty()
1344         https://bugs.webkit.org/show_bug.cgi?id=185170
1345
1346         Reviewed by Per Arne Vollan.
1347
1348         Rename CrossOriginPreflightResultCache::empty() to CrossOriginPreflightResultCache::clear() make
1349         it consistent with the terminology we use in WebKit to signify a function that clears a collection.
1350         A member function named "empty" is expected to return an instance of a class in its "empty state".
1351         For example, StringImpl::empty() returns a StringImpl instance that represents the empty string.
1352         However CrossOriginPreflightResultCache::empty() clears out the cache in-place. We should rename
1353         this function to better describe its purpose.
1354
1355         * loader/CrossOriginPreflightResultCache.cpp:
1356         (WebCore::CrossOriginPreflightResultCache::clear):
1357         (WebCore::CrossOriginPreflightResultCache::empty): Deleted.
1358         * loader/CrossOriginPreflightResultCache.h:
1359
1360 2018-05-06  Dean Jackson  <dino@apple.com>
1361
1362         WebGL: Reset simulated values after validation fails
1363         https://bugs.webkit.org/show_bug.cgi?id=185363
1364         <rdar://problem/39733417>
1365
1366         Reviewed by Anders Carlsson.
1367
1368         While fixing a previous bug, I forgot to reset some values
1369         when validation fails. This caused a bug where a subsequent
1370         invalid call might use those values and escape detection.
1371
1372         Test: fast/canvas/webgl/index-validation-with-subsequent-draws.html
1373
1374         * html/canvas/WebGLRenderingContextBase.cpp:
1375         (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): Reset the
1376         sizes when validation fails.
1377         * html/canvas/WebGLRenderingContextBase.h:
1378
1379 2018-05-07  Ms2ger  <Ms2ger@igalia.com>
1380
1381         Support negative sw/sh values in createImageBitmap().
1382         https://bugs.webkit.org/show_bug.cgi?id=184449
1383
1384         Reviewed by Dean Jackson.
1385
1386         Tests: LayoutTests/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage.html
1387                LayoutTests/http/wpt/2dcontext/imagebitmap/createImageBitmap.html
1388
1389         * html/ImageBitmap.cpp:
1390         (WebCore::ImageBitmap::createPromise): handle negative values per spec.
1391
1392 2018-05-07  Brian Burg  <bburg@apple.com>
1393
1394         Web Inspector: opt out of process swap on navigation if a Web Inspector frontend is connected
1395         https://bugs.webkit.org/show_bug.cgi?id=184861
1396         <rdar://problem/39153768>
1397
1398         Reviewed by Timothy Hatcher.
1399
1400         Notify the client of the current connection count whenever a frontend connects or disconnects.
1401
1402         Covered by new API test.
1403
1404         * inspector/InspectorClient.h:
1405         (WebCore::InspectorClient::frontendCountChanged):
1406         * inspector/InspectorController.cpp:
1407         (WebCore::InspectorController::connectFrontend):
1408         (WebCore::InspectorController::disconnectFrontend):
1409         (WebCore::InspectorController::disconnectAllFrontends):
1410         * inspector/InspectorController.h:
1411
1412 2018-05-07  Eric Carlson  <eric.carlson@apple.com>
1413
1414         Text track cue logging should include cue text
1415         https://bugs.webkit.org/show_bug.cgi?id=185353
1416         <rdar://problem/40003565>
1417
1418         Reviewed by Youenn Fablet.
1419
1420         No new tests, tested manually.
1421
1422         * html/track/VTTCue.cpp:
1423         (WebCore::VTTCue::toJSONString const): Use toJSON.
1424         (WebCore::VTTCue::toJSON const): New.
1425         * html/track/VTTCue.h:
1426
1427         * platform/graphics/InbandTextTrackPrivateClient.h:
1428         (WebCore::GenericCueData::toJSONString const): Log m_content.
1429
1430         * platform/graphics/iso/ISOVTTCue.cpp:
1431         (WebCore::ISOWebVTTCue::toJSONString const): Log m_cueText.
1432
1433 2018-05-06  Zalan Bujtas  <zalan@apple.com>
1434
1435         [LFC] Add assertions for stale Display::Box geometry
1436         https://bugs.webkit.org/show_bug.cgi?id=185357
1437
1438         Reviewed by Antti Koivisto.
1439
1440         Ensure that we don't access stale geometry of other boxes during layout.
1441         For example, in order to layout a block child we need the containing block's content box top/left and width (but not the height)
1442
1443         * layout/displaytree/DisplayBox.h:
1444         (WebCore::Display::Box::invalidateTop):
1445         (WebCore::Display::Box::invalidateLeft):
1446         (WebCore::Display::Box::invalidateWidth):
1447         (WebCore::Display::Box::invalidateHeight):
1448         (WebCore::Display::Box::hasValidPosition const):
1449         (WebCore::Display::Box::hasValidSize const):
1450         (WebCore::Display::Box::hasValidGeometry const):
1451         (WebCore::Display::Box::invalidatePosition):
1452         (WebCore::Display::Box::invalidateSize):
1453         (WebCore::Display::Box::setHasValidPosition):
1454         (WebCore::Display::Box::setHasValidSize):
1455         (WebCore::Display::Box::setHasValidGeometry):
1456         (WebCore::Display::Box::rect const):
1457         (WebCore::Display::Box::top const):
1458         (WebCore::Display::Box::left const):
1459         (WebCore::Display::Box::bottom const):
1460         (WebCore::Display::Box::right const):
1461         (WebCore::Display::Box::topLeft const):
1462         (WebCore::Display::Box::bottomRight const):
1463         (WebCore::Display::Box::size const):
1464         (WebCore::Display::Box::width const):
1465         (WebCore::Display::Box::height const):
1466         (WebCore::Display::Box::setRect):
1467         (WebCore::Display::Box::setTopLeft):
1468         (WebCore::Display::Box::setTop):
1469         (WebCore::Display::Box::setLeft):
1470         (WebCore::Display::Box::setSize):
1471         (WebCore::Display::Box::setWidth):
1472         (WebCore::Display::Box::setHeight):
1473
1474 2018-05-06  Zalan Bujtas  <zalan@apple.com>
1475
1476         [LFC] Add BlockFormattingContext::computeStaticPosition
1477         https://bugs.webkit.org/show_bug.cgi?id=185352
1478
1479         Reviewed by Antti Koivisto.
1480
1481         This is the core logic for positioning inflow boxes in a block formatting context (very naive though).
1482
1483         * layout/blockformatting/BlockFormattingContext.cpp:
1484         (WebCore::Layout::BlockFormattingContext::computeStaticPosition const):
1485         * layout/displaytree/DisplayBox.h:
1486
1487 2018-05-05  Sam Weinig  <sam@webkit.org>
1488
1489         Cleanup XMLHttpRequestUpload a little
1490         https://bugs.webkit.org/show_bug.cgi?id=185344
1491
1492         Reviewed by Yusuke Suzuki.
1493
1494         * bindings/js/JSXMLHttpRequestCustom.cpp:
1495         (WebCore::JSXMLHttpRequest::visitAdditionalChildren):
1496         Use auto to reduce redundancy.
1497
1498         * xml/XMLHttpRequest.cpp:
1499         (WebCore::XMLHttpRequest::upload):
1500         * xml/XMLHttpRequest.h:
1501         Switch upload() to return a reference.
1502         
1503         * xml/XMLHttpRequestUpload.cpp:
1504         (WebCore::XMLHttpRequestUpload::XMLHttpRequestUpload):
1505         (WebCore::XMLHttpRequestUpload::dispatchProgressEvent):
1506         * xml/XMLHttpRequestUpload.h:
1507         Cleanup formatting, modernize and switch XMLHttpRequest member from a pointer
1508         to a reference.
1509
1510 2018-05-05  Dean Jackson  <dino@apple.com>
1511
1512         Draw a drop-shadow behind the system preview badge
1513         https://bugs.webkit.org/show_bug.cgi?id=185356
1514         <rdar://problem/40004936>
1515
1516         Reviewed by Wenson Hsieh.
1517
1518         Draw a very subtle drop-shadow under the system
1519         preview badge so that it is more visible on a pure
1520         white background.
1521
1522         I also moved some code around to make it more clear
1523         and improved comments.
1524
1525         * rendering/RenderThemeIOS.mm:
1526         (WebCore::RenderThemeIOS::paintSystemPreviewBadge):
1527
1528 2018-05-04  Wenson Hsieh  <wenson_hsieh@apple.com>
1529
1530         [iOS] Multiple links in Mail are dropped in a single line, and are difficult to tell apart
1531         https://bugs.webkit.org/show_bug.cgi?id=185289
1532         <rdar://problem/35756912>
1533
1534         Reviewed by Tim Horton and Darin Adler.
1535
1536         When inserting multiple URLs as individual items in a single drop, we currently separate each item with a space
1537         (see r217284). However, it still seems difficult to tell dropped links apart. This patch makes some slight
1538         tweaks to WebContentReader::readURL so that it inserts line breaks before dropped URLs, if the dropped URL isn't
1539         the first item to be inserted in the resulting document fragment.
1540
1541         Augments existing API tests in DataInteractionTests.
1542
1543         * editing/ios/WebContentReaderIOS.mm:
1544
1545         Additionally remove some extraneous header imports from this implementation file.
1546
1547         (WebCore::WebContentReader::readURL):
1548
1549 2018-05-02  Dean Jackson  <dino@apple.com>
1550
1551         Use IOSurfaces for CoreImage operations where possible
1552         https://bugs.webkit.org/show_bug.cgi?id=185230
1553         <rdar://problem/39926929>
1554
1555         Reviewed by Jon Lee.
1556
1557         On iOS hardware, we can use IOSurfaces as a rendering destination
1558         for CoreImage, which means we're keeping data on the GPU
1559         for rendering.
1560
1561         As a drive-by fix, I used a convenience method for Gaussian blurs.
1562
1563         * rendering/RenderThemeIOS.mm:
1564         (WebCore::RenderThemeIOS::paintSystemPreviewBadge):
1565
1566 2018-05-04  Tim Horton  <timothy_horton@apple.com>
1567
1568         Shift to a lower-level framework for simplifying URLs
1569         https://bugs.webkit.org/show_bug.cgi?id=185334
1570
1571         Reviewed by Dan Bernstein.
1572
1573         * Configurations/WebCore.xcconfig:
1574         * platform/mac/DragImageMac.mm:
1575         (WebCore::LinkImageLayout::LinkImageLayout):
1576
1577 2018-05-03  Ryosuke Niwa  <rniwa@webkit.org>
1578
1579         Release assert in ScriptController::canExecuteScripts via HTMLMediaElement::~HTMLMediaElement()
1580         https://bugs.webkit.org/show_bug.cgi?id=185288
1581
1582         Reviewed by Jer Noble.
1583
1584         The crash is caused by HTMLMediaElement::~HTMLMediaElement canceling the resource load via CachedResource
1585         which ends up calling FrameLoader::checkCompleted() and fire load event on the document synchronously.
1586         Speculatively fix the crash by scheduling the check instead.
1587
1588         In long term, ResourceLoader::cancel should never fire load event synchronously: webkit.org/b/185284.
1589
1590         Unfortunately, no new tests since I can't get MediaResource to get destructed at the right time.
1591
1592         * html/HTMLMediaElement.cpp:
1593         (WebCore::HTMLMediaElement::isRunningDestructor): Added to detect this specific case.
1594         (WebCore::HTMLMediaElementDestructorScope): Added.
1595         (WebCore::HTMLMediaElementDestructorScope::HTMLMediaElementDestructorScope): Added.
1596         (WebCore::HTMLMediaElementDestructorScope::~HTMLMediaElementDestructorScope): Added.
1597         (WebCore::HTMLMediaElement::~HTMLMediaElement): Instantiate HTMLMediaElement.
1598         * html/HTMLMediaElement.h:
1599         * loader/FrameLoader.cpp:
1600         (WebCore::FrameLoader::checkCompleted): Call scheduleCheckCompleted instead of synchronously calling
1601         checkCompleted if we're in the middle of destructing a HTMLMediaElement.
1602
1603 2018-05-04  Ryosuke Niwa  <rniwa@webkit.org>
1604
1605         Rename DocumentOrderedMap to TreeScopeOrderedMap
1606         https://bugs.webkit.org/show_bug.cgi?id=185290
1607
1608         Reviewed by Zalan Bujtas.
1609
1610         Renamed the class since it's almost always a mistake to use this class as a member variable of Document.
1611
1612         * Sources.txt:
1613         * WebCore.xcodeproj/project.pbxproj:
1614         * dom/MouseRelatedEvent.cpp: Include the forgotten DOMWindow.h. Unified build files bit us here.
1615         * dom/TreeScope.cpp:
1616         (WebCore::TreeScope::addElementById):
1617         (WebCore::TreeScope::addElementByName):
1618         (WebCore::TreeScope::addImageMap):
1619         (WebCore::TreeScope::addImageElementByUsemap):
1620         (WebCore::TreeScope::labelElementForId):
1621         * dom/TreeScope.h:
1622         * dom/TreeScopeOrderedMap.cpp: Renamed from DocumentOrderedMap.cpp
1623         * dom/TreeScopeOrderedMap.h: Renamed from DocumentOrderedMap.h
1624         * html/HTMLDocument.h:
1625
1626 2018-05-04  Don Olmstead  <don.olmstead@sony.com>
1627
1628         [Win][WebKit] Fix forwarding headers for Windows build
1629         https://bugs.webkit.org/show_bug.cgi?id=184412
1630
1631         Reviewed by Alex Christensen.
1632
1633         No new tests. No change in behavior.
1634
1635         * PlatformWin.cmake:
1636
1637 2018-05-04  Zalan Bujtas  <zalan@apple.com>
1638
1639         [Simple line layout] Add support for line layout box generation with multiple text renderers.
1640         https://bugs.webkit.org/show_bug.cgi?id=185276
1641
1642         Reviewed by Antti Koivisto.
1643
1644         Covered by existing tests.
1645
1646         * rendering/SimpleLineLayoutFunctions.cpp:
1647         (WebCore::SimpleLineLayout::canUseForLineBoxTree):
1648         (WebCore::SimpleLineLayout::generateLineBoxTree):
1649         * rendering/SimpleLineLayoutResolver.cpp:
1650         (WebCore::SimpleLineLayout::RunResolver::Run::renderer const):
1651         (WebCore::SimpleLineLayout::RunResolver::Run::localStart const):
1652         (WebCore::SimpleLineLayout::RunResolver::Run::localEnd const):
1653         * rendering/SimpleLineLayoutResolver.h:
1654
1655 2018-05-04  Timothy Hatcher  <timothy@apple.com>
1656
1657         Deprecate legacy WebView and friends
1658         https://bugs.webkit.org/show_bug.cgi?id=185279
1659         rdar://problem/33268700
1660
1661         Reviewed by Tim Horton.
1662
1663         * Configurations/WebCore.xcconfig:
1664         Added BUILDING_WEBKIT define to disable the deprecation macros.
1665         * bridge/objc/WebScriptObject.h:
1666         Added deprecation macros to WebScriptObject and WebUndefined.
1667         * platform/cocoa/WebKitAvailability.h:
1668         Added more macros and a way to disable deprecation warnings for
1669         WebKit build and in clients like Safari.
1670
1671 2018-05-04  Eric Carlson  <eric.carlson@apple.com>
1672
1673         Log media time range as JSON
1674         https://bugs.webkit.org/show_bug.cgi?id=185321
1675         <rdar://problem/39986746>
1676
1677         Reviewed by Youenn Fablet.
1678
1679         No new tests, tested manually.
1680
1681         * html/HTMLMediaElement.cpp:
1682         (WebCore::HTMLMediaElement::addPlayedRange): Log as time range.
1683         (WebCore::HTMLMediaElement::visibilityStateChanged): Cleanup.
1684
1685         * platform/graphics/MediaPlayer.h:
1686         (WTF::LogArgument<MediaTime>::toString):
1687         (WTF::LogArgument<MediaTimeRange>::toString):
1688
1689         * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
1690         (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings): Log error as time range.
1691
1692 2018-05-04  Zalan Bujtas  <zalan@apple.com>
1693
1694         Use the containing block to compute the pagination gap when the container is inline.
1695         https://bugs.webkit.org/show_bug.cgi?id=184724
1696         <rdar://problem/39521800>
1697
1698         Reviewed by Simon Fraser.
1699
1700         Test: fast/overflow/page-overflow-with-inline-body-crash.html
1701
1702         * page/FrameView.cpp:
1703         (WebCore::FrameView::applyPaginationToViewport):
1704
1705 2018-05-04  Tim Horton  <timothy_horton@apple.com>
1706
1707         Don't use GSFont* in minimal simulator mode
1708         https://bugs.webkit.org/show_bug.cgi?id=185320
1709         <rdar://problem/39734478>
1710
1711         Reviewed by Beth Dakin.
1712
1713         * page/cocoa/MemoryReleaseCocoa.mm:
1714         (WebCore::platformReleaseMemory):
1715
1716 2018-05-04  Chris Dumez  <cdumez@apple.com>
1717
1718         Unreviewed, rolling out r231331.
1719
1720         Caused a few tests to assert
1721
1722         Reverted changeset:
1723
1724         "Stop using an iframe's id as fallback if its name attribute
1725         is not set"
1726         https://bugs.webkit.org/show_bug.cgi?id=11388
1727         https://trac.webkit.org/changeset/231331
1728
1729 2018-05-04  Youenn Fablet  <youenn@apple.com>
1730
1731         Use more references in updateTracksOfType
1732         https://bugs.webkit.org/show_bug.cgi?id=185305
1733
1734         Reviewed by Eric Carlson.
1735
1736         No change of behavior.
1737
1738         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
1739         (WebCore::updateTracksOfType):
1740         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks):
1741
1742 2018-05-04  Myles C. Maxfield  <mmaxfield@apple.com>
1743
1744         Text shaping in the simple path is flipped in the y direction
1745         https://bugs.webkit.org/show_bug.cgi?id=185062
1746         <rdar://problem/39778678>
1747
1748         Reviewed by Simon Fraser.
1749
1750         Shaping in our simple codepath occurs in an "increasing-y-goes-up" coordinate system, but our painting
1751         code uses an "increasing-y-goes-down" coordinate system. We weren't fixing up the coordinate systems
1752         because we never noticed. This is because the simple codepath is only designed for kerning and ligatures,
1753         neither of which move glyphs vertically in the common case.
1754
1755         Test: fast/text/vertical-displacement-simple-codepath.html
1756
1757         * platform/graphics/Font.cpp:
1758         (WebCore::Font::applyTransforms const):
1759         * platform/graphics/WidthIterator.cpp:
1760         (WebCore::WidthIterator::applyFontTransforms):
1761
1762 2018-05-04  Chris Nardi  <cnardi@chromium.org>
1763
1764         Serialize all URLs with double-quotes per CSSOM spec
1765         https://bugs.webkit.org/show_bug.cgi?id=184935
1766
1767         Reviewed by Antti Koivisto.
1768
1769         According to https://drafts.csswg.org/cssom/#serialize-a-url, all URLs should be serialized as strings,
1770         which means they should have double quotes around the text of the URL. Update our implementation to match
1771         this (and Firefox/Chrome). Also remove isCSSTokenizerURL() as this method is no longer needed.
1772
1773         Tests: Many LayoutTests updated to use double quotes.
1774
1775         * css/CSSMarkup.cpp:
1776         (WebCore::serializeString): Remove FIXME as this was already fixed in a previous patch.
1777         (WebCore::serializeURL): Remove FIXME and update implementation.
1778
1779 2018-05-04  Youenn Fablet  <youenn@apple.com>
1780
1781         LayoutTests/fast/mediastream/change-tracks-media-stream-being-played.html is crashing after r231304
1782         https://bugs.webkit.org/show_bug.cgi?id=185303
1783
1784         Reviewed by Eric Carlson.
1785
1786         We need to stop observing the audio track like we do for video track once we are no longer interested in it.
1787         Covered by test no longer crashing.
1788
1789         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
1790         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks):
1791
1792 2018-05-04  Zalan Bujtas  <zalan@apple.com>
1793
1794         [LFC] Set the invalidation root as the result of style change.
1795         https://bugs.webkit.org/show_bug.cgi?id=185301
1796
1797         Reviewed by Antti Koivisto.
1798
1799         Compute/propagate the update type on the ancestor chain and return the invalidation root
1800         so that LayoutContext could use it as the entry point for the next layout frame.
1801
1802         * layout/LayoutContext.cpp:
1803         (WebCore::Layout::LayoutContext::updateLayout):
1804         (WebCore::Layout::LayoutContext::styleChanged):
1805         * layout/LayoutContext.h: order is not important.
1806         * layout/blockformatting/BlockInvalidation.cpp:
1807         (WebCore::Layout::invalidationStopsAtFormattingContextBoundary):
1808         (WebCore::Layout::computeUpdateType):
1809         (WebCore::Layout::computeUpdateTypeForAncestor):
1810         (WebCore::Layout::BlockInvalidation::invalidate):
1811         * layout/blockformatting/BlockInvalidation.h:
1812         * layout/inlineformatting/InlineInvalidation.cpp:
1813         (WebCore::Layout::InlineInvalidation::invalidate):
1814         * layout/inlineformatting/InlineInvalidation.h:
1815
1816 2018-05-04  Youenn Fablet  <youenn@apple.com>
1817
1818         PeerConnection should have its connectionState closed even if doing gathering
1819         https://bugs.webkit.org/show_bug.cgi?id=185267
1820
1821         Reviewed by Darin Adler.
1822
1823         Test: webrtc/addICECandidate-closed.html
1824
1825         In case m_iceConnectionState is closed, m_connectionState should also be set to closed
1826         and RTCPeerConnection should be closed so as to reject any other call.
1827
1828         * Modules/mediastream/RTCPeerConnection.cpp:
1829         (WebCore::RTCPeerConnection::close):
1830         (WebCore::RTCPeerConnection::updateConnectionState):
1831
1832 2018-05-04  Yacine Bandou  <yacine.bandou_ext@softathome.com>
1833
1834         [MSE][GStreamer] Delete properly the stream from the WebKitMediaSource
1835         https://bugs.webkit.org/show_bug.cgi?id=185242
1836
1837         Reviewed by Xabier Rodriguez-Calvar.
1838
1839         When the sourceBuffer is removed from mediasource, the appropriate stream is not
1840         properly deleted from WebKitMediaSource, because the appsrc and parser elements
1841         of the stream are not removed from the WebKitMediaSource bin.
1842
1843         This patch avoids the regression of r231089, see https://bugs.webkit.org/show_bug.cgi?id=185071
1844
1845         * platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp:
1846         (webKitMediaSrcFreeStream):
1847
1848 2018-05-04  Carlos Garcia Campos  <cgarcia@igalia.com>
1849
1850         [GTK] Epiphany (GNOME Web) says "Error downloading: Service Unavailable." when trying to download an image from discogs.com
1851         https://bugs.webkit.org/show_bug.cgi?id=174730
1852
1853         Reviewed by Michael Catanzaro.
1854
1855         Export ResourceRequestBase::hasHTTPHeaderField().
1856
1857         * platform/network/ResourceRequestBase.h:
1858
1859 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
1860
1861         Use subprocess.call instead of os.system to handle path with spaces
1862         https://bugs.webkit.org/show_bug.cgi?id=185291
1863
1864         Reviewed by Darin Adler.
1865
1866         If gperf path includes spaces, these python scripts fail to execute gperf.
1867         We use subprocess module instead of os.system to invoke gperf.
1868
1869         * css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
1870         * css/makeSelectorPseudoElementsMap.py:
1871         * platform/network/create-http-header-name-table:
1872
1873 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
1874
1875         Unreviewed, attempt to fix WinCairo build failure
1876         https://bugs.webkit.org/show_bug.cgi?id=185218
1877
1878         * platform/text/win/LocaleWin.cpp:
1879         (WebCore::LocaleWin::getLocaleInfoString):
1880
1881 2018-05-03  Filip Pizlo  <fpizlo@apple.com>
1882
1883         Strings should not be allocated in a gigacage
1884         https://bugs.webkit.org/show_bug.cgi?id=185218
1885
1886         Reviewed by Saam Barati.
1887
1888         No new tests because no new behavior.
1889
1890         * Modules/indexeddb/server/IDBSerialization.cpp:
1891         (WebCore::decodeKey):
1892         * bindings/js/SerializedScriptValue.cpp:
1893         (WebCore::CloneDeserializer::readString):
1894         * html/canvas/CanvasRenderingContext2D.cpp:
1895         (WebCore::normalizeSpaces):
1896         * html/parser/HTMLTreeBuilder.cpp:
1897         (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::takeRemainingWhitespace):
1898         * platform/URLParser.cpp:
1899         (WebCore::percentEncodeByte):
1900         (WebCore::serializeURLEncodedForm):
1901         (WebCore::URLParser::serialize):
1902         * platform/URLParser.h:
1903         * platform/graphics/FourCC.cpp:
1904         (WebCore::FourCC::toString const):
1905         * platform/graphics/ca/GraphicsLayerCA.cpp:
1906         (WebCore::GraphicsLayerCA::ReplicaState::cloneID const):
1907         * platform/text/LocaleICU.cpp:
1908         (WebCore::LocaleICU::decimalSymbol):
1909         (WebCore::LocaleICU::decimalTextAttribute):
1910         (WebCore::getDateFormatPattern):
1911         (WebCore::LocaleICU::createLabelVector):
1912         (WebCore::getFormatForSkeleton):
1913         * platform/win/FileSystemWin.cpp:
1914         (WebCore::FileSystem::getFinalPathName):
1915         (WebCore::FileSystem::pathByAppendingComponent):
1916         (WebCore::FileSystem::storageDirectory):
1917
1918 2018-05-02  Brent Fulgham  <bfulgham@apple.com>
1919
1920         Widgets should hold a WeakPtr to their parents
1921         https://bugs.webkit.org/show_bug.cgi?id=185239
1922         <rdar://problem/39741250>
1923
1924         Reviewed by Zalan Bujtas.
1925
1926         * platform/ScrollView.h:
1927         (WebCore::ScrollView::weakPtrFactory): Added.
1928         * platform/Widget.cpp:
1929         (WebCore::Widget::init): Don't perform an unnecessary assignment.
1930         (WebCore::Widget::setParent): Grab a WeakPtr to the parent ScrollView.
1931         * platform/Widget.h:
1932         (WebCore::Widget::parent const): Change type to a WeakPtr.
1933
1934 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
1935
1936         Use pointer instead of std::optional<T&>
1937         https://bugs.webkit.org/show_bug.cgi?id=185186
1938
1939         Reviewed by Alex Christensen.
1940
1941         std::optional<T&> is not accepted in C++17 spec.
1942         In this patch, we replace it with T*, which is well-aligned to
1943         WebKit's convention.
1944
1945         * Modules/mediastream/RTCPeerConnection.cpp:
1946         (WebCore::iceServersFromConfiguration):
1947         (WebCore::RTCPeerConnection::initializeConfiguration):
1948         (WebCore::RTCPeerConnection::setConfiguration):
1949         * css/parser/CSSParser.cpp:
1950         (WebCore::CSSParser::parseSystemColor):
1951         * css/parser/CSSParser.h:
1952         * dom/DatasetDOMStringMap.cpp:
1953         (WebCore::DatasetDOMStringMap::item const):
1954         (WebCore::DatasetDOMStringMap::namedItem const):
1955         (WebCore:: const): Deleted.
1956         * dom/DatasetDOMStringMap.h:
1957         * dom/Element.cpp:
1958         (WebCore::Element::insertAdjacentHTML):
1959         * dom/Element.h:
1960         * html/canvas/CanvasStyle.cpp:
1961         (WebCore::parseColor):
1962         * inspector/DOMEditor.cpp:
1963         * platform/network/curl/CurlFormDataStream.cpp:
1964         (WebCore::CurlFormDataStream::getPostData):
1965         (): Deleted.
1966         * platform/network/curl/CurlFormDataStream.h:
1967         * platform/network/curl/CurlRequest.cpp:
1968         (WebCore::CurlRequest::setupPOST):
1969         * testing/MockCDMFactory.cpp:
1970         (WebCore::MockCDMFactory::keysForSessionWithID const):
1971         (WebCore::MockCDMInstance::updateLicense):
1972         (WebCore:: const): Deleted.
1973         * testing/MockCDMFactory.h:
1974
1975 2018-05-03  Chris Dumez  <cdumez@apple.com>
1976
1977         Stop using an iframe's id as fallback if its name attribute is not set
1978         https://bugs.webkit.org/show_bug.cgi?id=11388
1979
1980         Reviewed by Geoff Garen.
1981
1982         WebKit had logic to use an iframe's id as fallback name when its name
1983         content attribute is not set. This behavior was not standard and did not
1984         match other browsers:
1985         - https://html.spec.whatwg.org/#attr-iframe-name
1986
1987         Gecko / Trident never behaved this way. Blink was aligned with us until
1988         they started to match the specification in:
1989         - https://bugs.chromium.org/p/chromium/issues/detail?id=347169
1990
1991         This WebKit quirk was causing some Web-compatibility issues because it
1992         would affect the behavior of Window's name property getter when trying
1993         to look up an iframe by id. Because of Window's named property getter
1994         behavior [1], we would return the frame's contentWindow instead of the
1995         iframe element itself.
1996
1997         [1] https://html.spec.whatwg.org/multipage/window-object.html#named-access-on-the-window-object
1998
1999         Test: fast/dom/Window/named-getter-frame-id.html
2000
2001         * html/HTMLFrameElementBase.cpp:
2002         (WebCore::HTMLFrameElementBase::openURL):
2003         (WebCore::HTMLFrameElementBase::parseAttribute):
2004         (WebCore::HTMLFrameElementBase::didFinishInsertingNode):
2005         * html/HTMLFrameElementBase.h:
2006
2007 2018-05-03  Eric Carlson  <eric.carlson@apple.com>
2008
2009         [iOS] Internal text and audio tracks not in fullscreen menu
2010         https://bugs.webkit.org/show_bug.cgi?id=185268
2011         <rdar://problem/38673440>
2012
2013         Reviewed by Jer Noble.
2014
2015         * platform/cocoa/PlaybackSessionModelMediaElement.mm:
2016         (WebCore::PlaybackSessionModelMediaElement::setMediaElement): 'addtrack' and 'removetrack'
2017         events are fired at the track lists, not the media element.
2018
2019 2018-05-03  Ryosuke Niwa  <rniwa@webkit.org>
2020
2021         Using image map inside a shadow tree results hits a release assert in DocumentOrderedMap::add
2022         https://bugs.webkit.org/show_bug.cgi?id=185238
2023
2024         Reviewed by Antti Koivisto.
2025
2026         The bug was caused by DocumentOrderedMap for the image elements with usemap being stored in Document
2027         even if those image elements were in a shadow tree. Fixed the bug by moving the map to TreeScope.
2028
2029         Test: fast/images/imagemap-in-nested-shadow-tree.html
2030               fast/images/imagemap-in-shadow-tree.html
2031
2032         * dom/Document.cpp:
2033         (WebCore::Document::addImageElementByUsemap): Moved to TreeScope.
2034         (WebCore::Document::removeImageElementByUsemap): Ditto.
2035         (WebCore::Document::imageElementByUsemap const): Ditto.
2036         * dom/Document.h:
2037         * dom/TreeScope.cpp:
2038         (WebCore::TreeScope::destroyTreeScopeData): Clear m_imagesByUsemap as well as m_elementsByName.
2039         (WebCore::TreeScope::getImageMap const): Removed the code to parse usemap. RenderImage::imageMap()
2040         which used to call this function with the raw value of the usemap content attribute now calls it
2041         via HTMLImageElement::associatedMapElement(), which uses the parsed usemap.
2042         (WebCore::TreeScope::addImageElementByUsemap): Moved from Document.
2043         (WebCore::TreeScope::removeImageElementByUsemap): Ditto.
2044         (WebCore::TreeScope::imageElementByUsemap const): Ditto.
2045         * dom/TreeScope.h:
2046         * html/HTMLImageElement.cpp:
2047         (WebCore::HTMLImageElement::parseAttribute):
2048         (WebCore::HTMLImageElement::insertedIntoAncestor): This image element can be associated with a map element
2049         if it's connected to a document.
2050         (WebCore::HTMLImageElement::removedFromAncestor):
2051         (WebCore::HTMLImageElement::associatedMapElement const):
2052         * html/HTMLImageElement.h:
2053         * html/HTMLMapElement.cpp:
2054         (WebCore::HTMLMapElement::imageElement):
2055         * rendering/RenderImage.cpp:
2056         (WebCore::RenderImage::imageMap const):
2057
2058 2018-05-03  Justin Fan  <justin_fan@apple.com>
2059
2060         [WebGL] Add runtime flag for enabling ASTC support in WebGL
2061         https://bugs.webkit.org/show_bug.cgi?id=184840
2062
2063         Reviewed by Myles C. Maxfield.
2064
2065         Added runtime flag for ASTC support in WebGL, to turn on/off when extension is implemented.
2066
2067         * page/RuntimeEnabledFeatures.h:
2068         (WebCore::RuntimeEnabledFeatures::setWebGLCompressedTextureASTCSupportEnabled):
2069         (WebCore::RuntimeEnabledFeatures::webGLCompressedTextureASTCSupportEnabled const):
2070
2071 2018-05-03  Chris Nardi  <cnardi@chromium.org>
2072
2073         Remove [NoInterfaceObject] from DOMRectList
2074         https://bugs.webkit.org/show_bug.cgi?id=185255
2075
2076         Reviewed by Chris Dumez.
2077
2078         In https://github.com/w3c/fxtf-drafts/issues/233, [NoInterfaceObject] was removed
2079         from DOMRectList. Remove it from our implementation to match the spec, as well as
2080         Chrome and Firefox.
2081
2082         Updated web platform tests IDL test for the Geometry spec.
2083
2084         * dom/DOMRectList.idl:
2085
2086 2018-05-03  Chris Dumez  <cdumez@apple.com>
2087
2088         REGRESSION(iOS 11.3): Crashes in TimerBase::~TimerBase() in Tencent x5gamehelper
2089         https://bugs.webkit.org/show_bug.cgi?id=185073
2090         <rdar://problem/39821223>
2091
2092         Reviewed by Alexey Proskuryakov.
2093
2094         The following changes were made:
2095         - Make sure SocketStream callbacks are always scheduled on the right runloop:
2096           WebThreadRunLoop() on WebKitLegacy iOS, loaderRunLoop() on Windows and
2097           main runloop otherwise.
2098         - When the SocketStream callbacks are called, unconditionally call callOnMainThreadAndWait()
2099           before calling methods on the SocketStream client. Previously, this code path
2100           was specific to Windows but there is no reason to have platform-specific code here.
2101           callOnMainThreadAndWait() calls the function right away if we're already on the main
2102           thread, which will be the case on other platform than Windows.
2103
2104         * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
2105         (WebCore::callbacksRunLoop):
2106         (WebCore::callbacksRunLoopMode):
2107         (WebCore::SocketStreamHandleImpl::scheduleStreams):
2108         (WebCore::SocketStreamHandleImpl::pacExecutionCallback):
2109         (WebCore::SocketStreamHandleImpl::executePACFileURL):
2110         (WebCore::SocketStreamHandleImpl::removePACRunLoopSource):
2111         (WebCore::SocketStreamHandleImpl::readStreamCallback):
2112         (WebCore::SocketStreamHandleImpl::writeStreamCallback):
2113         (WebCore::SocketStreamHandleImpl::platformClose):
2114
2115 2018-05-03  Zalan Bujtas  <zalan@apple.com>
2116
2117         [LFC] Enable multiple layout roots for incremental layout.
2118         https://bugs.webkit.org/show_bug.cgi?id=185185
2119
2120         Reviewed by Antti Koivisto.
2121
2122         With certain type of style changes, we can stop the box invalidation at the formatting context boundary.
2123         When multiple boxes need updating in different formatting contexts, instead of marking the parent containing block chain all
2124         the way up to a common ancestor, we could just work with a list of layout entry points per layout frame.
2125
2126         * layout/FormattingState.h:
2127         * layout/LayoutContext.cpp:
2128         (WebCore::Layout::LayoutContext::updateLayout):
2129         (WebCore::Layout::LayoutContext::addLayoutEntryPoint):
2130         * layout/LayoutContext.h:
2131
2132 2018-05-03  Zalan Bujtas  <zalan@apple.com>
2133
2134         [LFC] Box invalidation logic should go to dedicated classes.
2135         https://bugs.webkit.org/show_bug.cgi?id=185249
2136
2137         Reviewed by Antti Koivisto.
2138
2139         Each formatting context can initiate a different type of invalidation when
2140         style attribute changes in a box.
2141
2142         * Sources.txt:
2143         * WebCore.xcodeproj/project.pbxproj:
2144         * layout/FormattingState.cpp:
2145         (WebCore::Layout::FormattingState::FormattingState):
2146         * layout/FormattingState.h:
2147         (WebCore::Layout::FormattingState::isBlockFormattingState const):
2148         (WebCore::Layout::FormattingState::isInlineFormattingState const):
2149         * layout/LayoutContext.cpp:
2150         (WebCore::Layout::LayoutContext::styleChanged):
2151         (WebCore::Layout::LayoutContext::markNeedsUpdate):
2152         * layout/LayoutContext.h:
2153         * layout/blockformatting/BlockFormattingState.cpp:
2154         (WebCore::Layout::BlockFormattingState::BlockFormattingState):
2155         * layout/blockformatting/BlockFormattingState.h:
2156         * layout/blockformatting/BlockInvalidation.cpp: Copied from Source/WebCore/layout/blockformatting/BlockFormattingState.cpp.
2157         (WebCore::Layout::BlockInvalidation::invalidate):
2158         * layout/blockformatting/BlockInvalidation.h: Copied from Source/WebCore/layout/inlineformatting/InlineFormattingState.h.
2159         * layout/inlineformatting/InlineFormattingState.cpp:
2160         (WebCore::Layout::InlineFormattingState::InlineFormattingState):
2161         * layout/inlineformatting/InlineFormattingState.h:
2162         * layout/inlineformatting/InlineInvalidation.cpp: Copied from Source/WebCore/layout/inlineformatting/InlineFormattingState.cpp.
2163         (WebCore::Layout::InlineInvalidation::invalidate):
2164         * layout/inlineformatting/InlineInvalidation.h: Copied from Source/WebCore/layout/blockformatting/BlockFormattingState.h.
2165
2166 2018-05-03  Michael Catanzaro  <mcatanzaro@igalia.com>
2167
2168         WebKit should send fake macOS user agent to docs.google.com
2169         https://bugs.webkit.org/show_bug.cgi?id=185165
2170
2171         Reviewed by Carlos Garcia Campos.
2172
2173         * platform/UserAgentQuirks.cpp:
2174         (WebCore::urlRequiresMacintoshPlatform):
2175         (WebCore::urlRequiresLinuxDesktopPlatform):
2176
2177 2018-05-03  Commit Queue  <commit-queue@webkit.org>
2178
2179         Unreviewed, rolling out r231223 and r231288.
2180         https://bugs.webkit.org/show_bug.cgi?id=185256
2181
2182         The change in r231223 breaks internal builds, and r231288 is a
2183         dependent change. (Requested by ryanhaddad on #webkit).
2184
2185         Reverted changesets:
2186
2187         "Use default std::optional if it is provided"
2188         https://bugs.webkit.org/show_bug.cgi?id=185159
2189         https://trac.webkit.org/changeset/231223
2190
2191         "Use pointer instead of
2192         std::optional<std::reference_wrapper<>>"
2193         https://bugs.webkit.org/show_bug.cgi?id=185186
2194         https://trac.webkit.org/changeset/231288
2195
2196 2018-05-03  Ryan Haddad  <ryanhaddad@apple.com>
2197
2198         Unreviewed, rolling out r231253.
2199
2200         The API test added with this change is crashing on the bots.
2201
2202         Reverted changeset:
2203
2204         "Web Inspector: opt out of process swap on navigation if a Web
2205         Inspector frontend is connected"
2206         https://bugs.webkit.org/show_bug.cgi?id=184861
2207         https://trac.webkit.org/changeset/231253
2208
2209 2018-05-03  Youenn Fablet  <youenn@apple.com>
2210
2211         A MediaStream being played should allow removing some of its tracks
2212         https://bugs.webkit.org/show_bug.cgi?id=185233
2213
2214         Reviewed by Eric Carlson.
2215
2216         Update the tracks out of the for loop.
2217         Test: fast/mediastream/change-tracks-media-stream-being-played.html
2218
2219         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
2220         (WebCore::updateTracksOfType):
2221
2222 2018-05-03  Miguel Gomez  <magomez@igalia.com>
2223
2224         WebCore::TextureMapperLayer object used after freed
2225         https://bugs.webkit.org/show_bug.cgi?id=184729
2226
2227         Reviewed by Michael Catanzaro.
2228
2229         Replace the raw pointers with WeakPtr for effectTarget, maskLayer and replicaLayer
2230         inside TextureMapperLayer.
2231
2232         * platform/graphics/texmap/TextureMapperLayer.cpp:
2233         (WebCore::TextureMapperLayer::~TextureMapperLayer):
2234         (WebCore::TextureMapperLayer::setMaskLayer):
2235         (WebCore::TextureMapperLayer::setReplicaLayer):
2236         * platform/graphics/texmap/TextureMapperLayer.h:
2237
2238 2018-05-03  Basuke Suzuki  <Basuke.Suzuki@sony.com>
2239
2240         [Curl] Add OpenSSL/LibreSSL multi-threading support
2241         https://bugs.webkit.org/show_bug.cgi?id=185138
2242
2243         The older OpenSSL manual says the locking_function and threadid_function should
2244         be set when use it in multi-threading environment. This applies to LibreSSL also.
2245         https://www.openssl.org/docs/man1.0.2/crypto/threads.html
2246
2247         For unix and other similar os, the default threadId_function implementation is
2248         good enough. We'll set custom callback only for Windows OS.
2249
2250         Note it's not required for OpenSSL 1.1.0 and after.
2251         https://www.openssl.org/blog/blog/2017/02/21/threads/
2252
2253         Reviewed by Per Arne Vollan.
2254
2255         * platform/network/curl/CurlSSLHandle.cpp:
2256         (WebCore::CurlSSLHandle::CurlSSLHandle):
2257         (WebCore::CurlSSLHandle::ThreadSupport::ThreadSupport):
2258         (WebCore::CurlSSLHandle::ThreadSupport::lockingCallback):
2259         (WebCore::CurlSSLHandle::ThreadSupport::threadIdCallback):
2260         * platform/network/curl/CurlSSLHandle.h:
2261         (WebCore::CurlSSLHandle::ThreadSupport::setup):
2262         (WebCore::CurlSSLHandle::ThreadSupport::singleton):
2263         (WebCore::CurlSSLHandle::ThreadSupport::lock):
2264         (WebCore::CurlSSLHandle::ThreadSupport::unlock):
2265
2266 2018-05-02  Ryosuke Niwa  <rniwa@webkit.org>
2267
2268         Remove superfluous check for a null attribute value check in Element::removeAttributeInternal
2269         https://bugs.webkit.org/show_bug.cgi?id=185227
2270
2271         Reviewed by Chris Dumez.
2272
2273         Removed the check. The attribute value string can never be null.
2274
2275         * dom/Element.cpp:
2276         (WebCore::Element::removeAttributeInternal):
2277
2278 2018-05-02  Zalan Bujtas  <zalan@apple.com>
2279
2280         [LFC] Implement LayoutContext::createDisplayBox
2281         https://bugs.webkit.org/show_bug.cgi?id=185158
2282
2283         Reviewed by Antti Koivisto.
2284
2285         Now compute*() functions take both the const layout and the corresponding non-const display boxes.
2286         Display boxes are owned by the LayoutContext and they don't form a tree structure (only implicitly through the layout tree).
2287         (This might need to change in the future if we decide to arrange them in some sort of painting order)
2288
2289         * layout/FloatingContext.cpp:
2290         (WebCore::Layout::FloatingContext::computePosition):
2291         * layout/FloatingContext.h:
2292         * layout/FormattingContext.cpp:
2293         (WebCore::Layout::FormattingContext::computeStaticPosition const):
2294         (WebCore::Layout::FormattingContext::computeInFlowPositionedPosition const):
2295         (WebCore::Layout::FormattingContext::computeOutOfFlowPosition const):
2296         (WebCore::Layout::FormattingContext::computeWidth const):
2297         (WebCore::Layout::FormattingContext::computeHeight const):
2298         (WebCore::Layout::FormattingContext::computeOutOfFlowWidth const):
2299         (WebCore::Layout::FormattingContext::computeFloatingWidth const):
2300         (WebCore::Layout::FormattingContext::computeOutOfFlowHeight const):
2301         (WebCore::Layout::FormattingContext::computeFloatingHeight const):
2302         * layout/FormattingContext.h:
2303         * layout/LayoutContext.cpp:
2304         (WebCore::Layout::LayoutContext::createDisplayBox):
2305         * layout/LayoutContext.h:
2306         (WebCore::Layout::LayoutContext::displayBoxForLayoutBox const):
2307         * layout/blockformatting/BlockFormattingContext.cpp:
2308         (WebCore::Layout::BlockFormattingContext::layout const):
2309         (WebCore::Layout::BlockFormattingContext::computeStaticPosition const):
2310         (WebCore::Layout::BlockFormattingContext::computeInFlowWidth const):
2311         (WebCore::Layout::BlockFormattingContext::computeInFlowHeight const):
2312         * layout/blockformatting/BlockFormattingContext.h:
2313         * layout/displaytree/DisplayBox.h:
2314         (WebCore::Display::Box::parent const): Deleted.
2315         (WebCore::Display::Box::nextSibling const): Deleted.
2316         (WebCore::Display::Box::previousSibling const): Deleted.
2317         (WebCore::Display::Box::firstChild const): Deleted.
2318         (WebCore::Display::Box::lastChild const): Deleted.
2319         (WebCore::Display::Box::setParent): Deleted.
2320         (WebCore::Display::Box::setNextSibling): Deleted.
2321         (WebCore::Display::Box::setPreviousSibling): Deleted.
2322         (WebCore::Display::Box::setFirstChild): Deleted.
2323         (WebCore::Display::Box::setLastChild): Deleted.
2324         (): Deleted.
2325         * layout/inlineformatting/InlineFormattingContext.cpp:
2326         (WebCore::Layout::InlineFormattingContext::computeInFlowWidth const):
2327         (WebCore::Layout::InlineFormattingContext::computeInFlowHeight const):
2328         * layout/inlineformatting/InlineFormattingContext.h:
2329
2330 2018-05-02  Said Abou-Hallawa  <sabouhallawa@apple.com>
2331
2332         Hiding then showing an <object> of type image makes the underlaying image disappear
2333         https://bugs.webkit.org/show_bug.cgi?id=185216
2334         <rdar://problem/39055630>
2335
2336         Reviewed by Youenn Fablet.
2337
2338         Ensure the HTMLPlugInImageElement updates the RenderImageResource of its
2339         RenderImage with the CachedImage of its ImageLoader when the RenderImage
2340         is recreated.
2341
2342         Test: fast/images/object-image-hide-show.html
2343
2344         * html/HTMLPlugInImageElement.cpp:
2345         (WebCore::HTMLPlugInImageElement::didAttachRenderers):
2346         This is very similar to what we do in HTMLImageElement::didAttachRenderers().
2347
2348
2349 2018-05-02  Brent Fulgham  <bfulgham@apple.com>
2350
2351         Use RetainPtr for form input type
2352         https://bugs.webkit.org/show_bug.cgi?id=185210
2353         <rdar://problem/39734040>
2354
2355         Reviewed by Ryosuke Niwa.
2356
2357         Refactor our HTMLInputElement class to store its InputType member as a RefPtr.
2358
2359         Test: fast/forms/access-key-mutation-2.html.
2360
2361         * html/HTMLInputElement.cpp:
2362         (WebCore::HTMLInputElement::HTMLInputElement):
2363         (WebCore::HTMLInputElement::didAddUserAgentShadowRoot):
2364         (WebCore::HTMLInputElement::accessKeyAction):
2365         (WebCore::HTMLInputElement::parseAttribute):
2366         (WebCore::HTMLInputElement::appendFormData):
2367         * html/HTMLInputElement.h:
2368         * html/InputType.cpp:
2369         (WebCore::createInputType):
2370         (WebCore::InputType::create):
2371         (WebCore::InputType::createText):
2372         * html/InputType.h:
2373
2374 2018-05-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2375
2376         Use pointer instead of std::optional<std::reference_wrapper<>>
2377         https://bugs.webkit.org/show_bug.cgi?id=185186
2378
2379         Reviewed by Alex Christensen.
2380
2381         std::optional<T&> is not accepted in C++17 spec. So we replaced it
2382         with std::optional<std::reference_wrapper<T>>.
2383
2384         In this patch, we replace it with T*, which is well-aligned to
2385         WebKit's convention.
2386
2387         * Modules/mediastream/RTCPeerConnection.cpp:
2388         (WebCore::iceServersFromConfiguration):
2389         (WebCore::RTCPeerConnection::initializeConfiguration):
2390         (WebCore::RTCPeerConnection::setConfiguration):
2391         * css/parser/CSSParser.cpp:
2392         (WebCore::CSSParser::parseSystemColor):
2393         * css/parser/CSSParser.h:
2394         * dom/DatasetDOMStringMap.cpp:
2395         (WebCore::DatasetDOMStringMap::item const):
2396         (WebCore::DatasetDOMStringMap::namedItem const):
2397         * dom/DatasetDOMStringMap.h:
2398         * dom/Element.cpp:
2399         (WebCore::Element::insertAdjacentHTML):
2400         * dom/Element.h:
2401         * html/canvas/CanvasStyle.cpp:
2402         (WebCore::parseColor):
2403         * inspector/DOMEditor.cpp:
2404         * platform/network/curl/CurlFormDataStream.cpp:
2405         (WebCore::CurlFormDataStream::getPostData):
2406         * platform/network/curl/CurlFormDataStream.h:
2407         * platform/network/curl/CurlRequest.cpp:
2408         (WebCore::CurlRequest::setupPOST):
2409         * testing/MockCDMFactory.cpp:
2410         (WebCore::MockCDMFactory::keysForSessionWithID const):
2411         (WebCore::MockCDMInstance::updateLicense):
2412         * testing/MockCDMFactory.h:
2413
2414 2018-05-02  Keith Rollin  <krollin@apple.com>
2415
2416         Add facility for tracking times and results of page and resource loading
2417         https://bugs.webkit.org/show_bug.cgi?id=184838
2418         <rdar://problem/36548974>
2419
2420         Reviewed by Brent Fulgham.
2421
2422         Update FrameProgressTracker to send the necessary page load start/stop
2423         signals so that we can track the entire page load at a network level.
2424         Add an empty override of the pure virtual
2425         LoaderStrategy::pageLoadCompleted method.
2426
2427         No new tests. There is no testable effect from these changes. On
2428         Cocoa, measurable changes take place in another (non-WebKit) process.
2429         On non-Cocoa systems, this facility is currently disabled.
2430
2431         * loader/FrameLoader.cpp:
2432         (WebCore::FrameLoader::FrameProgressTracker::progressCompleted):
2433         * loader/LoaderStrategy.h:
2434
2435 2018-05-02  Aditya Keerthi  <akeerthi@apple.com>
2436
2437         Can't copy and paste URLs that have no title into Mail (macOS)
2438         https://bugs.webkit.org/show_bug.cgi?id=185205
2439         <rdar://problem/36352406>
2440
2441         Reviewed by Tim Horton.
2442
2443         The pasteboardURL generated has an empty title for URLs without titles. Currently, the pasteboardURL.title is being saved to the pasteboard.
2444
2445         To fix the error, we check whether the title is empty and instead save the lastPathComponent to the pasteboard. This matches current behavior as the fallback title.
2446
2447         Augmented WebKitLegacy.ContextMenuCanCopyURL test
2448
2449         * platform/mac/PasteboardMac.mm:
2450         (WebCore::writeURLForTypes):
2451
2452 2018-05-01  Ryosuke Niwa  <rniwa@webkit.org>
2453
2454         REGRESSION(r225868): Release assert when removing an SVGUseElement from Document::m_svgUseElements
2455         https://bugs.webkit.org/show_bug.cgi?id=182188
2456         <rdar://problem/36689240>
2457
2458         Reviewed by Antti Koivisto.
2459
2460         Fixed the crash by removing up the release assert.
2461
2462         The crash is likely caused by re-entrancy to Document::resolveStyle during SVGUseElement::updateShadowTree.
2463         Because Document::resolveStyle invokes updateShadowTree on SVG use elements in Document::m_svgUseElements
2464         without clearing the map, the nested call to resolveStyle ends up calling updateShadowTree() for all elements
2465         in m_svgUseElements and removing them all from the map. When the stack frame eventually comes back to the outer
2466         invocation of Document::resolveStyle, updateShadowTree gets invoked for the second time on SVG use elements
2467         whose shadow tree had already been updated within the inner invocation to updateShadowTree, and release-asserts.
2468
2469         There is an alternative fix: avoid calling updateShadowTree on a svg element when shadowTreeNeedsUpdate returns
2470         true on the element in resolveStyle. However, removing the release assert is a sure way to fix the crash so
2471         this patch opts for that fix instead especially since we don't have any reproducible test case for this crash.
2472
2473         This release assertion was added in r225868 as a cautious measure to catch any use-after-frees of SVGUseElement's
2474         since m_svgUseElements stored raw pointes to SVG use elements but this crash is not an indicative of any UAF,
2475         and there is no evidence that r225868 has led to new UAFs even after five months.
2476
2477         No new tests. I couldn't find a way to trigger a nested style update inside SVGUseElement::updateShadowTree.
2478
2479         * dom/Document.cpp:
2480         (WebCore::Document::removeSVGUseElement):
2481
2482 2018-05-02  Dirk Schulze  <dschulze@chromium.org>
2483
2484         getCharNumAtPosition should take DOMPointInit as argument
2485         https://bugs.webkit.org/show_bug.cgi?id=184695
2486
2487         Reviewed by Antti Koivisto.
2488
2489         Extend existing tests for getCharNumAtPosition.
2490
2491         * svg/SVGTextContentElement.cpp:
2492         (WebCore::SVGTextContentElement::getCharNumAtPosition):
2493         * svg/SVGTextContentElement.h:
2494         * svg/SVGTextContentElement.idl: Use DOMPointInit argument.
2495
2496 2018-05-02  Youenn Fablet  <youenn@apple.com>
2497
2498         Use NetworkLoadChecker for navigation loads
2499         https://bugs.webkit.org/show_bug.cgi?id=184892
2500         <rdar://problem/39652686>
2501
2502         Reviewed by Chris Dumez.
2503
2504         Sanitize headers according response tainting.
2505         If tainting is basic, it means same origin load in which case we only filter Cookie related headers.
2506         If tainting is Opaque, we filter all uncommon headers.
2507         If tainting is CORS, we filter all uncommon headers except the one explicitely allowed by CORS headers.
2508         Covered by updated test.
2509
2510         * platform/network/ResourceResponseBase.cpp:
2511         (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting):
2512         (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFields):
2513         * platform/network/ResourceResponseBase.h:
2514
2515 2018-05-02  Myles C. Maxfield  <mmaxfield@apple.com>
2516
2517         Collection fragment identifiers don't use PostScript names
2518         https://bugs.webkit.org/show_bug.cgi?id=184624
2519         <rdar://problem/39432089>
2520
2521         Reviewed by Simon Fraser.
2522
2523         In a previous version of the CSS Fonts spec, there was text saying that items in font collections
2524         should be 1-indexed (so the first item would be MyFonts.ttc#1). However, this is unfortunate because
2525         inserting an item into the middle of a collection would throw off all content that uses the file.
2526         Instead, the spec has since changed to use PostScript names (so the content instead would say
2527         MyFonts.ttc#MyFont-Regular).
2528
2529         Test: fast/text/font-collection.html
2530
2531         * css/CSSFontFaceSource.cpp:
2532         (WebCore::CSSFontFaceSource::load):
2533         * loader/cache/CachedFont.cpp:
2534         (WebCore::CachedFont::calculateItemInCollection const):
2535         (WebCore::CachedFont::ensureCustomFontData):
2536         (WebCore::CachedFont::createCustomFontData):
2537         (WebCore::CachedFont::calculateIndex const): Deleted.
2538         * loader/cache/CachedFont.h:
2539         * platform/graphics/mac/FontCustomPlatformData.cpp:
2540         (WebCore::createFontCustomPlatformData):
2541         * platform/graphics/mac/FontCustomPlatformData.h:
2542
2543 2018-05-02  Brian Burg  <bburg@apple.com>
2544
2545         Web Inspector: opt out of process swap on navigation if a Web Inspector frontend is connected
2546         https://bugs.webkit.org/show_bug.cgi?id=184861
2547         <rdar://problem/39153768>
2548
2549         Reviewed by Ryosuke Niwa.
2550
2551         Notify the client of the current connection count whenever a frontend connects or disconnects.
2552
2553         Covered by new API test.
2554
2555         * inspector/InspectorClient.h:
2556         (WebCore::InspectorClient::frontendCountChanged):
2557         * inspector/InspectorController.cpp:
2558         (WebCore::InspectorController::connectFrontend):
2559         (WebCore::InspectorController::disconnectFrontend):
2560         (WebCore::InspectorController::disconnectAllFrontends):
2561         * inspector/InspectorController.h:
2562
2563 2018-05-02  Carlos Alberto Lopez Perez  <clopez@igalia.com>
2564
2565         [GStreamer] Remove unneeded include of gstgldisplay_wayland.h after r228866 and r229022
2566         https://bugs.webkit.org/show_bug.cgi?id=185207
2567
2568         Reviewed by Michael Catanzaro.
2569
2570         Remove unneeded include of gstgldisplay_wayland.h
2571
2572         No new tests, no change in behaviour.
2573
2574         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2575
2576 2018-05-02  Chris Dumez  <cdumez@apple.com>
2577
2578         document.open() event listener removal is not immediate
2579         https://bugs.webkit.org/show_bug.cgi?id=185191
2580
2581         Reviewed by Darin Adler.
2582
2583         We need to make sure we set the 'wasremoved' flag on RegisteredEventListeners
2584         whenever they get removed from the EventListenerMap. We were doing so correctly
2585         in EventListenerMap:remove() but not EventListenerMap::clear(). This patch
2586         updates clear() accordingly.
2587
2588         The reason we need to set this flag is that RegisteredEventListeners is RefCounted
2589         and EventTarget::fireEventListeners() may be currently running and calling
2590         each listener one by one, holding a reference to all listener of a given event.
2591
2592         Test: fast/dom/Document/document-open-removes-all-listeners.html
2593
2594         * dom/EventListenerMap.cpp:
2595         (WebCore::EventListenerMap::clear):
2596
2597 2018-05-02  Zalan Bujtas <zalan@apple.com>
2598
2599         Use WeakPtr in GridCell
2600         https://bugs.webkit.org/show_bug.cgi?id=185180
2601         <rdar://problem/39432165>
2602
2603         Reviewed by Antti Koivisto.
2604
2605         Since GridCell does not own the renderers, it should
2606         construct weak pointers.
2607
2608         Unable to create a reliably reproducible test case.
2609
2610         * rendering/Grid.cpp:
2611         (WebCore::Grid::insert):
2612         (WebCore::GridIterator::nextGridItem):
2613         * rendering/Grid.h:
2614         * rendering/RenderGrid.cpp:
2615         (WebCore::RenderGrid::firstLineBaseline const):
2616
2617 2018-05-02  Eric Carlson  <eric.carlson@apple.com>
2618
2619         [iOS] Provide audio route information when invoking AirPlay picker
2620         https://bugs.webkit.org/show_bug.cgi?id=185199
2621         <rdar://problem/39853103>
2622
2623         Reviewed by Jer Noble.
2624
2625         No new tests, this requires a specific hardware setup.
2626
2627         * dom/Document.cpp:
2628         (WebCore::Document::showPlaybackTargetPicker): Pass route sharing policy and routing context UID.
2629         * dom/Document.h:
2630
2631         * html/MediaElementSession.cpp:
2632         (WebCore::MediaElementSession::showPlaybackTargetPicker): Ditto.
2633
2634         * loader/EmptyClients.h:
2635         * page/ChromeClient.h:
2636
2637         * page/Page.cpp:
2638         (WebCore::Page::showPlaybackTargetPicker): Ditto.
2639         * page/Page.h:
2640
2641         * platform/audio/AudioSession.cpp:
2642         (WebCore::AudioSession::routeSharingPolicy const): Empty implementation for non-iOS ports.
2643         (WebCore::routingContextUID const): Ditto.
2644         * platform/audio/AudioSession.h:
2645
2646         * platform/audio/ios/AudioSessionIOS.mm:
2647         (WebCore::AudioSession::routeSharingPolicy const): Return the route sharing policy.
2648         (WebCore::AudioSession::routingContextUID const): Return the route context UID.
2649
2650 2018-05-02  Dean Jackson  <dino@apple.com>
2651
2652         Draw SystemPreview badge to specification on iOS
2653         https://bugs.webkit.org/show_bug.cgi?id=185203
2654         <rdar://problem/39908855>
2655
2656         Reviewed by Tim Horton.
2657
2658         Use CoreImage to render a badge with a blurred background,
2659         at particular sizes.
2660
2661         This will be tested internally while we're getting artwork
2662         from WebKitAdditions.
2663
2664         * Configurations/WebCore.xcconfig: Link against CoreImage.
2665         * rendering/RenderThemeIOS.h:
2666         * rendering/RenderThemeIOS.mm:
2667         (WebCore::RenderThemeIOS::paintSystemPreviewBadge): New function
2668         in the iOS platform RenderTheme that draws the system preview.
2669
2670 2018-05-01  Brent Fulgham  <bfulgham@apple.com>
2671
2672         Prevent Debug ASSERT when changing forms
2673         https://bugs.webkit.org/show_bug.cgi?id=185173
2674         <rdar://problem/39738669>
2675
2676         Reviewed by Ryosuke Niwa.
2677
2678         Form submission could trigger a debug assertion during validation when
2679         a form is changed during an input submission. Fix this by cleaning up
2680         the event handling logic and make it more consistent with modern WebKit
2681         coding style.
2682
2683         Test: fast/forms/form-submission-crash-3.html
2684
2685         * html/HTMLButtonElement.cpp:
2686         (WebCore::HTMLButtonElement::defaultEventHandler): Make sure layout runs before
2687         attempting to perform event handling.
2688         * html/HTMLFormElement.cpp:
2689         (WebCore::HTMLFormElement::reportValidity): Ditto.
2690         (WebCore::HTMLFormElement::validateInteractively): Remove call to perform layout here,
2691         since we expect this to happen earlier in the layout pass. Add an assertion that the
2692         tree is not dirty.
2693         * html/ImageInputType.cpp:
2694         (WebCore::ImageInputType::handleDOMActivateEvent): Make sure layout runs before
2695         attempting to perform event handling.
2696         * html/SubmitInputType.cpp:
2697         (WebCore::SubmitInputType::handleDOMActivateEvent): Ditto.
2698
2699 2018-05-02  Jer Noble  <jer.noble@apple.com>
2700
2701         Unreviewed; address review comments made before landing r231231.
2702
2703         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
2704         (VideoFullscreenControllerContext::volume const):
2705
2706 2018-05-02  Jer Noble  <jer.noble@apple.com>
2707
2708         Pipe volume through PlaybackSessionManager/Proxy.
2709         https://bugs.webkit.org/show_bug.cgi?id=185182
2710
2711         Reviewed by Eric Carlson.
2712
2713         Add support for the volume property to PlaybackSessionModel, and all its clients.
2714
2715         * platform/cocoa/PlaybackSessionModel.h:
2716         (WebCore::PlaybackSessionModelClient::volumeChanged):
2717         * platform/cocoa/PlaybackSessionModelMediaElement.h:
2718         * platform/cocoa/PlaybackSessionModelMediaElement.mm:
2719         (WebCore::PlaybackSessionModelMediaElement::updateForEventName):
2720         (WebCore::PlaybackSessionModelMediaElement::setVolume):
2721         (WebCore::PlaybackSessionModelMediaElement::volume const):
2722         * platform/ios/PlaybackSessionInterfaceAVKit.h:
2723         * platform/ios/PlaybackSessionInterfaceAVKit.mm:
2724         (WebCore::PlaybackSessionInterfaceAVKit::volumeChanged):
2725         * platform/ios/WebAVPlayerController.h:
2726         * platform/ios/WebAVPlayerController.mm:
2727         (-[WebAVPlayerController volume]):
2728         (-[WebAVPlayerController setVolume:]):
2729         (-[WebAVPlayerController volumeChanged:]):
2730         (-[WebAVPlayerController resetMediaState]):
2731         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
2732         (VideoFullscreenControllerContext::volumeChanged):
2733         (VideoFullscreenControllerContext::volume const):
2734         (VideoFullscreenControllerContext::setVolume):
2735
2736 2018-05-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2737
2738         Unreviewed, fix build in WinCairo
2739         https://bugs.webkit.org/show_bug.cgi?id=185169
2740
2741         * bindings/js/JSDOMWindowBase.cpp:
2742         (WebCore::JSDOMWindowBase::instantiateStreaming):
2743         * bindings/js/JSDOMWindowBase.h:
2744
2745 2018-05-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2746
2747         Use default std::optional if it is provided
2748         https://bugs.webkit.org/show_bug.cgi?id=185159
2749
2750         Reviewed by JF Bastien.
2751
2752         * Modules/mediastream/RTCPeerConnection.cpp:
2753         (WebCore::iceServersFromConfiguration):
2754         (WebCore::RTCPeerConnection::setConfiguration):
2755         * css/parser/CSSParser.cpp:
2756         (WebCore::CSSParser::parseSystemColor):
2757         * css/parser/CSSParser.h:
2758         * dom/DatasetDOMStringMap.cpp:
2759         (WebCore::DatasetDOMStringMap::item const):
2760         (WebCore::DatasetDOMStringMap::namedItem const):
2761         (WebCore:: const): Deleted.
2762         * dom/DatasetDOMStringMap.h:
2763         * dom/Element.cpp:
2764         (WebCore::Element::insertAdjacentHTML):
2765         * dom/Element.h:
2766         * inspector/DOMEditor.cpp:
2767         * platform/network/curl/CurlFormDataStream.cpp:
2768         (WebCore::CurlFormDataStream::getPostData):
2769         (): Deleted.
2770         * platform/network/curl/CurlFormDataStream.h:
2771         * testing/MockCDMFactory.cpp:
2772         (WebCore::MockCDMFactory::keysForSessionWithID const):
2773         (WebCore::MockCDMInstance::updateLicense):
2774         (WebCore:: const): Deleted.
2775         * testing/MockCDMFactory.h:
2776
2777 2018-05-01  Chris Dumez  <cdumez@apple.com>
2778
2779         Add release assertions in CFNetwork's SocketStreamHandleImpl to help debug a threading issue
2780         https://bugs.webkit.org/show_bug.cgi?id=185181
2781
2782         Reviewed by Geoffrey Garen.
2783
2784         Add release assertions in CFNetwork's SocketStreamHandleImpl to help debug a threading issue
2785         on iOS WebKitLegacy (Bug 185073). It appears readStreamCallback() can get called on the UIThread,
2786         which should not be possible if scheduleStreams() was called on the WebThread, as it is supposed
2787         to. The new release assertion in scheduleStreams() should tell us if somebody is calling it from
2788         the UIthread instead of the WebThread on iOS WebKitLegacy.
2789
2790         * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
2791         (WebCore::SocketStreamHandleImpl::scheduleStreams):
2792         (WebCore::SocketStreamHandleImpl::readStreamCallback):
2793
2794 2018-05-01  Wenson Hsieh  <wenson_hsieh@apple.com>
2795
2796         Unreviewed, remove an unused variable in RuntimeEnabledFeatures.h
2797
2798         * page/RuntimeEnabledFeatures.h:
2799
2800 2018-05-01  Oleksandr Skachkov  <gskachkov@gmail.com>
2801
2802         Fix build error after r231194
2803         https://bugs.webkit.org/show_bug.cgi?id=185169
2804
2805         Reviewed by JF Bastien.
2806
2807         Prevent compile error in iOS Simulator debug build
2808         by tagging function
2809
2810         * bindings/js/JSDOMWindowBase.cpp:
2811         (WebCore::JSDOMWindowBase::compileStreaming):
2812         (WebCore::JSDOMWindowBase::instantiateStreaming):
2813
2814 2018-05-01  Oleksandr Skachkov  <gskachkov@gmail.com>
2815
2816         WebAssembly: add support for stream APIs - JavaScript API
2817         https://bugs.webkit.org/show_bug.cgi?id=183442
2818
2819         Reviewed by Yusuke Suzuki and JF Bastien.
2820
2821         Add WebAssembly streaming API to WebCore.
2822
2823         * Configurations/FeatureDefines.xcconfig:
2824         * bindings/js/JSDOMWindowBase.cpp:
2825         (WebCore::tryAllocate):
2826         (WebCore::isResponseCorrect):
2827         (WebCore::handleResponseOnStreamingAction):
2828         (WebCore::JSDOMWindowBase::compileStreaming):
2829         (WebCore::JSDOMWindowBase::instantiateStreaming):
2830         * bindings/js/JSDOMWindowBase.h:
2831         * bindings/js/JSRemoteDOMWindowBase.cpp:
2832         * bindings/js/JSWorkerGlobalScopeBase.cpp:
2833
2834 2018-04-30  Myles C. Maxfield  <mmaxfield@apple.com>
2835
2836         Improve the performance of FontCascadeDescription's effectiveFamilies
2837         https://bugs.webkit.org/show_bug.cgi?id=184720
2838         <rdar://problem/38970927>
2839
2840         Reviewed by Simon Fraser.
2841
2842         The page that had the performance problem renders many different Chinese characters in system-ui
2843         with only a small number of individual fonts. It turns out we were calling into the system-ui
2844         machinery for each character in order to opportunistically start loading data URLs (see also:
2845         https://bugs.webkit.org/show_bug.cgi?id=175845). These data URLS will never represent the system
2846         font, so we don't need to invoke the system-ui machinery at all.
2847
2848         This patch makes a 92x performance improvement on the associated performance test. This test is
2849         designed to test Chinese text rendered with system-ui.
2850
2851         Performance test: Layout/system-ui.html
2852
2853         * platform/graphics/FontCascadeFonts.cpp:
2854         (WebCore::opportunisticallyStartFontDataURLLoading):
2855
2856 2018-04-30  Jer Noble  <jer.noble@apple.com>
2857
2858         <img src=mp4> does not display on ios despite Accept: video/* advertisement
2859         https://bugs.webkit.org/show_bug.cgi?id=185029
2860         <rdar://problem/39771989>
2861
2862         Reviewed by Eric Carlson.
2863
2864         Returning "NO" from resourceLoader:shouldWaitForLoadingOfResource: signals that the load failed,
2865         even if the resource request is successfully fulfilled prior to the return. Always return YES in
2866         the case that loading succeeded.
2867
2868         * platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.mm:
2869         (-[WebCoreSharedBufferResourceLoaderDelegate resourceLoader:shouldWaitForLoadingOfRequestedResource:]):
2870
2871 2018-04-30  Zalan Bujtas  <zalan@apple.com>
2872
2873         REGRESSION(r230914) Selecting text on this apple.com page makes it vanish
2874         https://bugs.webkit.org/show_bug.cgi?id=185142
2875         <rdar://problem/39821446>
2876
2877         Reviewed by Simon Fraser.
2878
2879         Set the overflow rect on the inline textbox when needed.
2880
2881         Test: fast/text/simple-line-layout-selection-with-overflow.html
2882
2883         * rendering/SimpleLineLayoutFunctions.cpp:
2884         (WebCore::SimpleLineLayout::initializeInlineTextBox):
2885         (WebCore::SimpleLineLayout::generateLineBoxTree):
2886         (WebCore::SimpleLineLayout::initializeInlineBox): Deleted.
2887
2888 2018-04-30  JF Bastien  <jfbastien@apple.com>
2889
2890         Use some C++17 features
2891         https://bugs.webkit.org/show_bug.cgi?id=185135
2892
2893         Reviewed by Alex Christensen.
2894
2895         As discussed here [0] let's move WebKit to a subset of C++17. We
2896         now require GCC 6 [1] which means that, according to [2] we can
2897         use the following C++17 language features (I removed some
2898         uninteresting ones):
2899
2900          - New auto rules for direct-list-initialization
2901          - static_assert with no message
2902          - typename in a template template parameter
2903          - Nested namespace definition
2904          - Attributes for namespaces and enumerators
2905          - u8 character literals
2906          - Allow constant evaluation for all non-type template arguments
2907          - Fold Expressions
2908          - Unary fold expressions and empty parameter packs
2909          - __has_include in preprocessor conditional
2910          - Differing begin and end types in range-based for
2911          - Improving std::pair and std::tuple
2912
2913         Consult the Tony Tables [3] to see before / after examples.
2914
2915         Of course we can use any library feature if we're willing to
2916         import them to WTF (and they don't require language support).
2917
2918
2919           [0]: https://lists.webkit.org/pipermail/webkit-dev/2018-March/029922.html
2920           [1]: https://trac.webkit.org/changeset/231152/webkit
2921           [2]: https://en.cppreference.com/w/cpp/compiler_support
2922           [3]: https://github.com/tvaneerd/cpp17_in_TTs/blob/master/ALL_IN_ONE.md
2923
2924         * DerivedSources.make:
2925         * platform/URLParser.cpp: work around an odd GCC 6 bug with class
2926           static value as a template parameter.
2927         (WebCore::URLParser::percentDecode):
2928         (WebCore::URLParser::domainToASCII):
2929         (WebCore::URLParser::hasForbiddenHostCodePoint):
2930         (WebCore::URLParser::parseHostAndPort):
2931         * platform/URLParser.h:
2932
2933 2018-04-30  Wenson Hsieh  <wenson_hsieh@apple.com>
2934
2935         [Extra zoom mode] Respect the existing shrink-to-fit attribute instead of using min-device-width
2936         https://bugs.webkit.org/show_bug.cgi?id=185132
2937         <rdar://problem/39834562>
2938
2939         Reviewed by Tim Horton.
2940
2941         Removes the `min-device-width` attribute added in r231095. Instead, we key this behavior off of the
2942         `shrink-to-fit` attribute introduced for multitasking on iPad, such that `shrink-to-fit=no` achieves the same
2943         behavior as `min-device-width=0` in extra zoom mode. See comments below for more detail.
2944
2945         Adjusted an existing layout test: fast/viewport/extrazoom/viewport-change-min-device-width.html.
2946
2947         * dom/ViewportArguments.cpp:
2948         (WebCore::setViewportFeature):
2949         (WebCore::operator<<):
2950         * dom/ViewportArguments.h:
2951
2952         Removes the `minDeviceWidth` viewport argument.
2953
2954         * page/RuntimeEnabledFeatures.h:
2955         (WebCore::RuntimeEnabledFeatures::setMinDeviceWidthEnabled): Deleted.
2956         (WebCore::RuntimeEnabledFeatures::minDeviceWidthEnabled const): Deleted.
2957
2958         Removes the runtime switch for `min-device-width`.
2959
2960         * page/ViewportConfiguration.cpp:
2961         (WebCore::platformDeviceWidthOverride):
2962
2963         Hard-code the override device width in extra zoom mode.
2964
2965         (WebCore::ViewportConfiguration::shouldOverrideDeviceWidthAndShrinkToFit const):
2966
2967         In extra zoom mode, override the device width only if shrink-to-fit has not been expliticly disabled, and the
2968         device width is less than the override device width.
2969
2970         (WebCore::ViewportConfiguration::shouldIgnoreHorizontalScalingConstraints const):
2971         (WebCore::ViewportConfiguration::shouldIgnoreScalingConstraintsRegardlessOfContentSize const):
2972         (WebCore::ViewportConfiguration::updateConfiguration):
2973         (WebCore::ViewportConfiguration::updateMinimumLayoutSize):
2974
2975         Do not override the minimum layout size if `shrink-to-fit` has been explicitly explicitly disabled, or if the
2976         device width is greater than the override device width.
2977
2978         (WebCore::computedMinDeviceWidth): Deleted.
2979         (WebCore::ViewportConfiguration::shouldOverrideDeviceWidthWithMinDeviceWidth const): Deleted.
2980         * page/ViewportConfiguration.h:
2981
2982 2018-04-30  Chris Nardi  <cnardi@chromium.org>
2983
2984         Serialize font-variation-settings with double-quotes per spec
2985         https://bugs.webkit.org/show_bug.cgi?id=182542
2986
2987         Reviewed by Myles C. Maxfield.
2988
2989         According to the CSSOM spec [1], all strings should be serialized with double-quotes.
2990         The axis name in font-variation-settings was previously serialized with single-quotes;
2991         change this to double-quotes to match the spec and non-WebKit browsers.
2992
2993         [1]: https://drafts.csswg.org/cssom/#common-serializing-idioms
2994
2995         Updated fast/text/variations/getComputedStyle.html to test the change.
2996
2997         * css/CSSFontVariationValue.cpp:
2998         (WebCore::CSSFontVariationValue::customCSSText const):
2999
3000 2018-04-30  Chris Dumez  <cdumez@apple.com>
3001
3002         Fix bad use of RunLoop::main().dispatch() in MessagePort::dispatchMessages()
3003         https://bugs.webkit.org/show_bug.cgi?id=185134
3004
3005         Reviewed by Geoffrey Garen.
3006
3007         Fix bad use of RunLoop::main().dispatch() in MessagePort::dispatchMessages(). This code runs on iOS WebKitLegacy
3008         and it is therefore unsafe to use RunLoop::main() here. We want to use callOnMainThread() instead to run code on
3009         the WebThread.
3010
3011         * dom/MessagePort.cpp:
3012         (WebCore::MessagePort::dispatchMessages):
3013
3014 2018-04-30  Simon Fraser  <simon.fraser@apple.com>
3015
3016         Make color-filter affect caret-color
3017         https://bugs.webkit.org/show_bug.cgi?id=185129
3018         rdar://problem/39829066
3019
3020         Reviewed by Tim Horton.
3021         
3022         Transform the colors used to compare the caret color with the background through
3023         color-filter (since we want contrasting colors after filters are applied), and
3024         transform caret-color itself.
3025
3026         Test: css3/color-filters/color-filter-caret-color.html
3027
3028         * editing/FrameSelection.cpp:
3029         (WebCore::CaretBase::paintCaret const):
3030
3031 2018-04-30  Michael Catanzaro  <mcatanzaro@igalia.com>
3032
3033         [GTK] Webkit should spoof as Safari on a Mac when on Chase.com
3034         https://bugs.webkit.org/show_bug.cgi?id=185103
3035
3036         Reviewed by Carlos Garcia Campos.
3037
3038         Send a fake user agent to chase.com to make it work.
3039
3040         * platform/UserAgentQuirks.cpp:
3041         (WebCore::urlRequiresMacintoshPlatform):
3042         (WebCore::UserAgentQuirks::stringForQuirk): Also, remove this stale comment.
3043
3044 2018-04-29  Simon Fraser  <simon.fraser@apple.com>
3045
3046         Make color-filter affect <attachment>
3047         https://bugs.webkit.org/show_bug.cgi?id=185122
3048         rdar://problem/39818763
3049
3050         Reviewed by Tim Horton.
3051         
3052         Convert the colors used to render <attachment> through color-filter, except
3053         for those parts that render over the icon (like the progress bar).
3054
3055         Not easily testable.
3056
3057         * rendering/RenderThemeMac.mm:
3058         (WebCore::titleTextColorForAttachment):
3059         (WebCore::AttachmentLayout::layOutTitle):
3060         (WebCore::AttachmentLayout::layOutSubtitle):
3061         (WebCore::paintAttachmentIconBackground):
3062         (WebCore::paintAttachmentTitleBackground):
3063         (WebCore::paintAttachmentPlaceholderBorder):
3064
3065 2018-04-28  Simon Fraser  <simon.fraser@apple.com>
3066
3067         Fix color-filter to apply to SVG colors
3068         https://bugs.webkit.org/show_bug.cgi?id=185113
3069         rdar://problem/39665082
3070
3071         Reviewed by Dean Jackson.
3072         
3073         Convert SVG colors through color-filter operations for the places in SVG
3074         that use color, namely fill and stroke, gradients, lighting colors and
3075         drop-shadow.
3076
3077         Test: css3/color-filters/svg/color-filter-inline-svg.html
3078
3079         * rendering/svg/RenderSVGResourceGradient.cpp:
3080         (WebCore::RenderSVGResourceGradient::applyResource):
3081         * rendering/svg/RenderSVGResourceGradient.h:
3082         * rendering/svg/RenderSVGResourceLinearGradient.cpp:
3083         (WebCore::RenderSVGResourceLinearGradient::buildGradient const):
3084         * rendering/svg/RenderSVGResourceLinearGradient.h:
3085         * rendering/svg/RenderSVGResourceRadialGradient.cpp:
3086         (WebCore::RenderSVGResourceRadialGradient::buildGradient const):
3087         * rendering/svg/RenderSVGResourceRadialGradient.h:
3088         * rendering/svg/RenderSVGResourceSolidColor.cpp:
3089         (WebCore::RenderSVGResourceSolidColor::applyResource):
3090         * svg/SVGFEDiffuseLightingElement.cpp:
3091         (WebCore::SVGFEDiffuseLightingElement::setFilterEffectAttribute):
3092         (WebCore::SVGFEDiffuseLightingElement::build):
3093         * svg/SVGFEDropShadowElement.cpp:
3094         (WebCore::SVGFEDropShadowElement::build):
3095         * svg/SVGFEFloodElement.cpp:
3096         (WebCore::SVGFEFloodElement::build):
3097         * svg/SVGFESpecularLightingElement.cpp:
3098         (WebCore::SVGFESpecularLightingElement::setFilterEffectAttribute):
3099         (WebCore::SVGFESpecularLightingElement::build):
3100
3101 2018-04-29  Michael Catanzaro  <mcatanzaro@igalia.com>
3102
3103         [CMake] Require GCC 6
3104         https://bugs.webkit.org/show_bug.cgi?id=184985
3105
3106         Reviewed by Alex Christensen.
3107
3108         Remove a GCC 5 fallback path. This seems to be the only such fallback path in WebKit.
3109
3110         * platform/graphics/FourCC.h:
3111         (WebCore::FourCC::FourCC):
3112
3113 2018-04-29  Zalan Bujtas  <zalan@apple.com>
3114
3115         [LFC] Implement Display::Box functions
3116         https://bugs.webkit.org/show_bug.cgi?id=185116
3117
3118         Reviewed by Antti Koivisto.
3119
3120         * layout/displaytree/DisplayBox.cpp:
3121         (WebCore::Display::Box::Box):
3122         (WebCore::Display::Box::~Box):
3123         (WebCore::Display::Box::marginBox const):
3124         (WebCore::Display::Box::borderBox const):
3125         (WebCore::Display::Box::paddingBox const):
3126         (WebCore::Display::Box::contentBox const):
3127         * layout/displaytree/DisplayBox.h:
3128         (WebCore::Display::Box::rect const):
3129         (WebCore::Display::Box::top const):
3130         (WebCore::Display::Box::left const):
3131         (WebCore::Display::Box::bottom const):
3132         (WebCore::Display::Box::right const):
3133         (WebCore::Display::Box::topLeft const):
3134         (WebCore::Display::Box::bottomRight const):
3135         (WebCore::Display::Box::size const):
3136         (WebCore::Display::Box::width const):
3137         (WebCore::Display::Box::height const):
3138         (WebCore::Display::Box::marginTop const):
3139         (WebCore::Display::Box::marginLeft const):
3140         (WebCore::Display::Box::marginBottom const):
3141         (WebCore::Display::Box::marginRight const):
3142         (WebCore::Display::Box::parent const):
3143         (WebCore::Display::Box::nextSibling const):
3144         (WebCore::Display::Box::previousSibling const):
3145         (WebCore::Display::Box::firstChild const):
3146         (WebCore::Display::Box::lastChild const):
3147         (WebCore::Display::Box::setRect):
3148         (WebCore::Display::Box::setTopLeft):
3149         (WebCore::Display::Box::setTop):
3150         (WebCore::Display::Box::setLeft):
3151         (WebCore::Display::Box::setSize):
3152         (WebCore::Display::Box::setWidth):
3153         (WebCore::Display::Box::setHeight):
3154         (WebCore::Display::Box::setMarginTop):
3155         (WebCore::Display::Box::setMarginLeft):
3156         (WebCore::Display::Box::setMarginBottom):
3157         (WebCore::Display::Box::setMarginRight):
3158         (WebCore::Display::Box::setBorderTop):
3159         (WebCore::Display::Box::setBorderLeft):
3160         (WebCore::Display::Box::setBorderBottom):
3161         (WebCore::Display::Box::setBorderRight):
3162         (WebCore::Display::Box::setPaddingTop):
3163         (WebCore::Display::Box::setPaddingLeft):
3164         (WebCore::Display::Box::setPaddingBottom):
3165         (WebCore::Display::Box::setPaddingRight):
3166         (WebCore::Display::Box::setParent):
3167         (WebCore::Display::Box::setNextSibling):
3168         (WebCore::Display::Box::setPreviousSibling):
3169         (WebCore::Display::Box::setFirstChild):
3170         (WebCore::Display::Box::setLastChild):
3171
3172 2018-04-29  Youenn Fablet  <youenn@apple.com>
3173
3174         Make RestrictedHTTPResponseAccess flag true by default
3175         https://bugs.webkit.org/show_bug.cgi?id=185089
3176
3177         Reviewed by Geoffrey Garen.
3178
3179         * page/RuntimeEnabledFeatures.h:
3180
3181 2018-04-28  Sihui Liu  <sihui_liu@apple.com>
3182
3183         [Cocoa] Set HTTPOnly flag when converting Cookie to NSHTTPCookie
3184         https://bugs.webkit.org/show_bug.cgi?id=185052
3185
3186         Reviewed by Geoffrey Garen.
3187
3188         Set HTTPOnly for NSHTTPCookie when it's converted from Cookie, so the WebKit APIs could 
3189         create NSHTTPCookie with correct HTTPOnly flag. Also, reverted the change made to operator
3190         function because we want the Cookie class to act as a wrapper for NSHTTPCookie and leverage
3191         its equal function. 
3192
3193         Modified API test: WebKit.WKHTTPCookieStoreHttpOnly
3194
3195         * platform/network/cocoa/CookieCocoa.mm:
3196         (WebCore::Cookie::operator NSHTTPCookie * const):
3197         (WebCore::Cookie::operator== const):
3198         * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
3199         (WebCore::NetworkStorageSession::deleteCookie):
3200
3201 2018-04-28  Zalan Bujtas  <zalan@apple.com>
3202
3203         [LFC] Add LayoutTreeBuilder class to generate the layout tree
3204         https://bugs.webkit.org/show_bug.cgi?id=185108
3205
3206         Reviewed by Antti Koivisto.
3207
3208         This is for testing purposes.
3209
3210         * WebCore.xcodeproj/project.pbxproj:
3211         * layout/FormattingState.cpp:
3212         (WebCore::Layout::FormattingState::~FormattingState):
3213         * layout/FormattingState.h:
3214         * layout/LayoutContext.h:
3215         * layout/blockformatting/BlockFormattingState.cpp:
3216         (WebCore::Layout::BlockFormattingState::~BlockFormattingState):
3217         * layout/blockformatting/BlockFormattingState.h:
3218         * layout/inlineformatting/InlineFormattingState.cpp:
3219         (WebCore::Layout::InlineFormattingState::~InlineFormattingState):
3220         * layout/inlineformatting/InlineFormattingState.h:
3221         * layout/layouttree/LayoutBlockContainer.h:
3222         * layout/layouttree/LayoutBox.h:
3223         * layout/layouttree/LayoutContainer.h:
3224         * layout/layouttree/LayoutInlineContainer.h:
3225         * layout/layouttree/LayoutTreeBuilder.cpp: Added.
3226         (WebCore::Layout::TreeBuilder::createLayoutTree):
3227         (WebCore::Layout::TreeBuilder::createSubTree):
3228         (WebCore::Layout::outputLayoutBox):
3229         (WebCore::Layout::outputLayoutTree):
3230         (WebCore::Layout::TreeBuilder::showLayoutTree):
3231         (WebCore::Layout::printLayoutTreeForLiveDocuments):
3232         * layout/layouttree/LayoutTreeBuilder.h: Copied from Source/WebCore/layout/layouttree/LayoutBlockContainer.h.
3233         * page/mac/PageMac.mm:
3234         (WebCore::Page::platformInitialize):
3235
3236 2018-04-28  Zalan Bujtas  <zalan@apple.com>
3237
3238         [LFC] Implement BlockMarginCollapse functions.
3239         https://bugs.webkit.org/show_bug.cgi?id=185036
3240
3241         Reviewed by Antti Koivisto.
3242
3243         * layout/blockformatting/BlockMarginCollapse.cpp:
3244         (WebCore::Layout::marginValue):
3245         (WebCore::Layout::BlockMarginCollapse::BlockMarginCollapse):
3246         (WebCore::Layout::BlockMarginCollapse::marginTop const):
3247         (WebCore::Layout::BlockMarginCollapse::marginBottom const):
3248         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithSibling const):
3249         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithSibling const):
3250         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithParent const):
3251         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithParent const):
3252         (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginTop const):
3253         (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginBottom const):
3254         (WebCore::Layout::BlockMarginCollapse::collapsedMarginTopFromFirstChild const):
3255         (WebCore::Layout::BlockMarginCollapse::collapsedMarginBottomFromLastChild const):
3256         (WebCore::Layout::BlockMarginCollapse::hasAdjoiningMarginTopAndBottom const):
3257         * layout/blockformatting/BlockMarginCollapse.h:
3258         * layout/layouttree/LayoutBox.h:
3259         (WebCore::Layout::Box::style const):
3260
3261 2018-04-27  David Kilzer  <ddkilzer@apple.com>
3262
3263         Add logging when SpringBoard enables WebThread
3264         <https://webkit.org/b/185100>
3265         <rdar://problem/39746542>
3266
3267         Reviewed by Daniel Bates.
3268
3269         * platform/RuntimeApplicationChecks.h:
3270         (WebCore::IOSApplication::isSpringBoard): Add declaration.
3271         * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
3272         (WebCore::IOSApplication::isSpringBoard): Add implementation.
3273         * platform/ios/wak/WebCoreThread.mm:
3274         (WebThreadEnable): Call RELEASE_LOG_FAULT() if this is called by
3275         SpringBoard.
3276
3277 2018-04-27  Keith Rollin  <krollin@apple.com>
3278
3279         Fix crash in DocumentLoader::startLoadingMainResource
3280         https://bugs.webkit.org/show_bug.cgi?id=185088
3281         rdar://problem/39689263
3282
3283         Reviewed by Chris Dumez.
3284
3285         Add a "protectedThis" to address a case where a deleted "this" was
3286         accessed in a RELEASE_LOG statement.
3287
3288         No new tests -- covered by existing tests, which now pass.
3289
3290         * loader/DocumentLoader.cpp:
3291         (WebCore::DocumentLoader::startLoadingMainResource):
3292
3293 2018-04-27  Simon Fraser  <simon.fraser@apple.com>
3294
3295         Implement color-filter for text stroke
3296         https://bugs.webkit.org/show_bug.cgi?id=185098
3297
3298         Reviewed by Alan Bujtas.
3299         
3300         Transform the text stroke color through color-filter.
3301
3302         Test: css3/color-filters/color-filter-text-stroke.html
3303
3304         * rendering/TextPaintStyle.cpp:
3305         (WebCore::computeTextPaintStyle):
3306
3307 2018-04-27  Simon Fraser  <simon.fraser@apple.com>
3308
3309         Implement animation for color-filter
3310         https://bugs.webkit.org/show_bug.cgi?id=185092
3311         rdar://problem/39773810
3312
3313         Reviewed by Tim Horton.
3314         
3315         Implement animation of color-filter.
3316         
3317         This requires tracking whether the color-filter function lists match for both old and new
3318         animation code paths.
3319         
3320         The filter-related ProperyWappers in CSSPropertyAnimation are cleaned up to use a single wrapper,
3321         which has to pass the propertyID to the blend function so we know which "lists match" to check.
3322         This wrapper reports that its accelerated for filter and backdrop-filter, but not color-filter.
3323
3324         Test: css3/color-filters/color-filter-animation.html
3325
3326         * animation/CSSPropertyBlendingClient.h:
3327         * animation/KeyframeEffectReadOnly.cpp:
3328         (WebCore::KeyframeEffectReadOnly::setBlendingKeyframes):
3329         (WebCore::KeyframeEffectReadOnly::checkForMatchingColorFilterFunctionLists):
3330         * animation/KeyframeEffectReadOnly.h:
3331         * page/animation/AnimationBase.h:
3332         * page/animation/CSSPropertyAnimation.cpp:
3333         (WebCore::blendFunc):
3334         (WebCore::PropertyWrapperFilter::PropertyWrapperFilter):
3335         (WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):
3336         (WebCore::PropertyWrapperAcceleratedFilter::PropertyWrapperAcceleratedFilter): Deleted.
3337         (WebCore::PropertyWrapperAcceleratedBackdropFilter::PropertyWrapperAcceleratedBackdropFilter): Deleted.
3338         (WebCore::PropertyWrapperAcceleratedBackdropFilter::animationIsAccelerated const): Deleted.
3339         (WebCore::PropertyWrapperAcceleratedBackdropFilter::blend const): Deleted.
3340         * page/animation/ImplicitAnimation.cpp:
3341         (WebCore::ImplicitAnimation::reset):
3342         (WebCore::ImplicitAnimation::checkForMatchingColorFilterFunctionLists):
3343         * page/animation/ImplicitAnimation.h:
3344         * page/animation/KeyframeAnimation.cpp:
3345         (WebCore::KeyframeAnimation::KeyframeAnimation):
3346         (WebCore::KeyframeAnimation::checkForMatchingColorFilterFunctionLists):
3347         * page/animation/KeyframeAnimation.h:
3348
3349 2018-04-27  Zalan Bujtas  <zalan@apple.com>
3350
3351         [LFC] Add FormattingContext::computeWidth/computeHeight logic.
3352         https://bugs.webkit.org/show_bug.cgi?id=185091
3353
3354         Reviewed by Antti Koivisto.
3355
3356         Inflow width and height can't really be computed without knowing the exact context. 
3357
3358         * layout/FormattingContext.cpp:
3359         (WebCore::Layout::FormattingContext::computeWidth const):
3360         (WebCore::Layout::FormattingContext::computeHeight const):
3361         (WebCore::Layout::FormattingContext::computeOutOfFlowWidth const):
3362         (WebCore::Layout::FormattingContext::computeFloatingWidth const):
3363         (WebCore::Layout::FormattingContext::computeOutOfFlowHeight const):
3364         (WebCore::Layout::FormattingContext::computeFloatingHeight const):
3365         * layout/FormattingContext.h:
3366         * layout/blockformatting/BlockFormattingContext.cpp:
3367         (WebCore::Layout::BlockFormattingContext::computeInFlowWidth const):
3368         (WebCore::Layout::BlockFormattingContext::computeInFlowHeight const):
3369         (WebCore::Layout::BlockFormattingContext::computeWidth const): Deleted.
3370         (WebCore::Layout::BlockFormattingContext::computeHeight const): Deleted.
3371         * layout/blockformatting/BlockFormattingContext.h:
3372         * layout/inlineformatting/InlineFormattingContext.cpp:
3373         (WebCore::Layout::InlineFormattingContext::computeInFlowWidth const):
3374         (WebCore::Layout::InlineFormattingContext::computeInFlowHeight const):
3375         * layout/inlineformatting/InlineFormattingContext.h:
3376
3377 2018-04-27  Chris Dumez  <cdumez@apple.com>
3378
3379         Use WindowProxy instead of DOMWindow in our IDL
3380         https://bugs.webkit.org/show_bug.cgi?id=185022
3381
3382         Reviewed by Sam Weinig.
3383
3384         Stop using DOMWindow in all of our IDL files and use WindowProxy as
3385         per their respective specifications. As a result, the implementation
3386         as also updated to use WindowProxy type instead of DOMWindow.
3387
3388         * WebCore.xcodeproj/project.pbxproj:
3389         * bindings/js/JSDOMConvertWindowProxy.h: Removed.
3390         * bindings/js/JSWindowProxy.cpp:
3391         (WebCore::JSWindowProxy::windowProxy const):
3392         (WebCore::JSWindowProxy::toWrapped):
3393         * bindings/js/JSWindowProxy.h:
3394         (WebCore::window):
3395         Use static_cast<>() instead of jsCast<>() because jsCast<>()
3396         relies on classInfo() which is not allowed to be called during
3397         JS sweep due to an assertion inside classInfo(). The JSWindowProxy
3398         objects are held strongly by the WindowProxy so we know the JSWindowProxy
3399         object is not getting destroyed here.
3400
3401         (WebCore::toJS):
3402         * bindings/js/WindowProxy.cpp:
3403         (WebCore::WindowProxy::globalObject):
3404         * bindings/js/WindowProxy.h:
3405         (WebCore::WindowProxy::frame const):
3406         * bindings/scripts/CodeGenerator.pm:
3407         (IsBuiltinType):
3408         (ComputeIsCallbackInterface):
3409         (ComputeIsCallbackFunction):
3410         * bindings/scripts/CodeGeneratorJS.pm:
3411         (AddToIncludesForIDLType):
3412         (GetBaseIDLType):
3413         (NativeToJSValueDOMConvertNeedsState):
3414         * bindings/scripts/test/JS/JSTestObj.cpp:
3415         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod9Body):
3416         (WebCore::jsTestObjPrototypeFunctionOverloadedMethodOverloadDispatcher):
3417         * bindings/scripts/test/TestObj.idl:
3418         * dom/CompositionEvent.cpp:
3419         (WebCore::CompositionEvent::CompositionEvent):
3420         (WebCore::CompositionEvent::initCompositionEvent):
3421         * dom/CompositionEvent.h:
3422         * dom/CompositionEvent.idl:
3423         * dom/Document.cpp:
3424         (WebCore::Document::defaultView const):
3425         * dom/Document.h:
3426         * dom/Document.idl:
3427         * dom/DocumentTouch.cpp:
3428         (WebCore::DocumentTouch::createTouch):
3429         * dom/DocumentTouch.h:
3430         * dom/DocumentTouch.idl:
3431         * dom/FocusEvent.cpp:
3432         (WebCore::FocusEvent::FocusEvent):
3433         * dom/FocusEvent.h:
3434         * dom/InputEvent.cpp:
3435         (WebCore::InputEvent::create):
3436         (WebCore::InputEvent::InputEvent):
3437         * dom/InputEvent.h:
3438         * dom/KeyboardEvent.cpp:
3439         (WebCore::KeyboardEvent::KeyboardEvent):
3440         (WebCore::KeyboardEvent::create):
3441         (WebCore::KeyboardEvent::initKeyboardEvent):
3442         (WebCore::KeyboardEvent::charCode const):
3443         * dom/KeyboardEvent.h:
3444         * dom/KeyboardEvent.idl:
3445         * dom/MessageEvent.h:
3446         * dom/MessageEvent