[GTK][EFL] ImageBufferCairo should accept resolution factor
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-06-24  Yusuke Suzuki  <utatane.tea@gmail.com>
2
3         [GTK][EFL] ImageBufferCairo should accept resolution factor
4         https://bugs.webkit.org/show_bug.cgi?id=157848
5
6         Reviewed by Martin Robinson.
7
8         ImageBufferCairo ignored the resolution factor passed in its constructor.
9         This resolution factor is originally introduced for HiDPI Canvas,
10         and since HiDPI canvas is not enabled in the ports using Cairo,
11         the lack of this implementation does not cause any problems.
12         And now, HiDPI Canvas is removed from the tree.
13
14         However, WebKit CSS filter uses this path.
15         The missing implementation is required under the HiDPI environment.
16
17         Since Cairo surface can have the device scale factor transparently,
18         the operations onto the surface is correctly done in the logical coordinate system.
19         So all we need to handle carefully is the direct surface modification done
20         in filter effects.
21
22         In this patch, we extend the image buffer size according to the resolution factor,
23         as the same to the CoreGraphics' implementation (ImageBufferCG). And by setting the
24         device scale factor of the surface correctly, we ensure that the rest of the Cairo
25         painting stack works with the existing logical coordinate system. And in ImageBufferCairo,
26         we carefully handle the logical and backing store coordinate system.
27
28         The attached test applies the CSS filter onto the svg image. And we resize the image size,
29         and perform scrolling. It incurs the paint, and filter effect recalcuation.
30         In that path, the filter effect side assumes that the image buffer size is scaled with the
31         resolution factor. So without this patch, it incurs buffer overflow and leads WebProcess crash.
32
33         * platform/graphics/IntPoint.h:
34         (WebCore::IntPoint::scale):
35         * platform/graphics/cairo/ImageBufferCairo.cpp:
36         (WebCore::ImageBufferData::createCompositorBuffer):
37         (WebCore::ImageBuffer::ImageBuffer):
38         (WebCore::ImageBuffer::copyImage):
39         (WebCore::ImageBuffer::platformTransformColorSpace):
40         (WebCore::getImageData):
41         (WebCore::logicalUnit):
42         (WebCore::backingStoreUnit):
43         (WebCore::ImageBuffer::getUnmultipliedImageData):
44         (WebCore::ImageBuffer::getPremultipliedImageData):
45         (WebCore::ImageBuffer::putByteArray):
46         (WebCore::ImageBuffer::copyToPlatformTexture):
47
48 2016-06-24  Frederic Wang  <fwang@igalia.com>
49
50         Refactor RenderMathMLOperator and RenderMathMLToken to avoid using anonymous renderers.
51         https://bugs.webkit.org/show_bug.cgi?id=155018
52
53         Reviewed by Martin Robinson.
54
55         No new tests, already covered by existing tests.
56
57         We use MathOperator for RenderMathMLOperator to avoid creating anonymous text nodes again
58         and again. We reimplement implicit mathvariant="italic" on single-char mi in a way that does
59         not rely on creating anonymous text nodes. Finally, we improve the determination/update of
60         when mathvariant is italic to avoid breaking foreign-mi-dynamic test.
61         The change in the render tree structure breaks mfenced accessibility support but that will
62         be fixed in follow-up patches. The simplifications made here will also allow to simplify the
63         accessibility code.
64
65         * css/mathml.css:
66         (mo): Deleted. This flexbox rule is no longer needed.
67         * rendering/mathml/RenderMathMLBlock.cpp:
68         (WebCore::RenderMathMLBlock::createAnonymousMathMLBlock): Deleted. We no longer need to
69         create anonymous renderer with this function.
70         * rendering/mathml/RenderMathMLBlock.h: Delete createAnonymousMathMLBlock.
71         * rendering/mathml/RenderMathMLOperator.cpp: Implement layout functions without relying on
72         flexbox or anonymous.
73         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Handle the case of !useMathOperator()
74         for which we need to add extra operator spacing after the RenderMathMLToken layout.
75         (WebCore::RenderMathMLOperator::layoutBlock): Ditto.
76         (WebCore::RenderMathMLOperator::isChildAllowed): Deleted. We allow the non-anonymous text.
77         (WebCore::RenderMathMLOperator::rebuildTokenContent): No longer destroy and rebuild
78         anonymous wrapper. Remove updateStyle call.
79         (WebCore::RenderMathMLOperator::updateStyle): Deleted. We no longer need anonymous style for the spacing.
80         * rendering/mathml/RenderMathMLOperator.h: Remove updateStyle() and isChildAllowed().
81         Make textContent() public so that it can be accessed from the accessibility code.
82         * rendering/mathml/RenderMathMLToken.cpp: Reimplement implicit mathvariant="italic" by
83         painting MATHEMATICAL ITALIC characters instead of styling an anonymous wrapper.
84         (WebCore::RenderMathMLToken::RenderMathMLToken): Init m_mathVariantGlyph and m_mathVariantGlyphDirty
85         (WebCore::RenderMathMLToken::updateTokenContent): Set mathvariant glyph dirty when the content changes.
86         (WebCore::transformToItalic): Helper function to map latin and greek alphabets to their
87         MATHEMATICAL ITALIC counterpart.
88         (WebCore::RenderMathMLToken::computePreferredLogicalWidths): Implement this function to
89         handle the case where the mathvariant glyph is used.
90         (WebCore::RenderMathMLToken::updateMathVariantGlyph): Helper function to update the mathvariant glyph.
91         For now, we try and keep with the old (and limited) implementation: a mathvariant glyph may
92         only used for single-char <mi> without mathvariant attribute attached to it.
93         (WebCore::RenderMathMLToken::styleDidChange): Set the mathvariant glyph dirty when the style
94         changes.
95         (WebCore::RenderMathMLToken::updateFromElement): Remove updateStyle call and set mathvariant
96         glyph dirty.
97         (WebCore::RenderMathMLToken::firstLineBaseline): Implement this function to handle the case
98          where the mathvariant glyph is used.
99         (WebCore::RenderMathMLToken::layoutBlock): Ditto.
100         (WebCore::RenderMathMLToken::paint): Ditto.
101         (WebCore::RenderMathMLToken::paintChildren): Ditto.
102         (WebCore::RenderMathMLToken::addChild): Deleted. No need to bother with anonymous renderer
103         or style.
104         (WebCore::RenderMathMLToken::createWrapperIfNeeded): Deleted. Ditto.
105         (WebCore::RenderMathMLToken::updateStyle): Deleted. Ditto.
106         * rendering/mathml/RenderMathMLToken.h: Update declarations of functions.
107         (WebCore::RenderMathMLToken::setMathVariantGlyphDirty): Helper function to indicate that the
108         mathvariant glyph will need to be updated.
109
110 2016-06-24  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
111
112         Unreviewed EFL build fix.
113
114         There is forward declaration build error on EFL port.
115
116         * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp: Include DOMWindow.h and Document.h.
117
118 2016-06-23  Brady Eidson  <beidson@apple.com>
119
120         Retrieving Blobs from IndexedDB using cursors fails in WK2 (Sandboxing)
121         https://bugs.webkit.org/show_bug.cgi?id=158991
122
123         Reviewed by Alex Christensen.
124
125         Test: storage/indexeddb/modern/blob-cursor.html
126
127         * platform/network/BlobDataFileReference.cpp:
128         (WebCore::BlobDataFileReference::startTrackingModifications): Deleted.
129
130 2016-06-23  Alex Christensen  <achristensen@webkit.org>
131
132         Remove unused didCancelAuthenticationChallenge
133         https://bugs.webkit.org/show_bug.cgi?id=158819
134
135         Reviewed by David Kilzer.
136
137         No change in behavior.  This callback was deprecated in Yosemite.  It is never called.
138
139         * loader/EmptyClients.h:
140         * loader/FrameLoaderClient.h:
141         * loader/ResourceLoadNotifier.cpp:
142         (WebCore::ResourceLoadNotifier::didCancelAuthenticationChallenge): Deleted.
143         * loader/ResourceLoadNotifier.h:
144         * loader/ResourceLoader.cpp:
145         (WebCore::ResourceLoader::didCancelAuthenticationChallenge): Deleted.
146         * loader/ResourceLoader.h:
147         * platform/network/ResourceHandle.h:
148         * platform/network/ResourceHandleClient.h:
149         (WebCore::ResourceHandleClient::didCancelAuthenticationChallenge): Deleted.
150         * platform/network/mac/ResourceHandleMac.mm:
151         (WebCore::ResourceHandle::didCancelAuthenticationChallenge): Deleted.
152         * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
153         (-[WebCoreResourceHandleAsDelegate connection:didCancelAuthenticationChallenge:]): Deleted.
154         * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
155         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didCancelAuthenticationChallenge:]): Deleted.
156         * platform/spi/cocoa/NSURLDownloadSPI.h:
157
158 2016-06-23  Anders Carlsson  <andersca@apple.com>
159
160         Add "shippingType" to the list of valid payment request properties
161         https://bugs.webkit.org/show_bug.cgi?id=159079
162         <rdar://problem/26988429>
163
164         Reviewed by Dean Jackson.
165
166         * Modules/applepay/ApplePaySession.cpp:
167         (WebCore::isValidPaymentRequestPropertyName):
168
169 2016-06-23  Benjamin Poulain  <benjamin@webkit.org>
170
171         Specialize synchronous event tracking per event type
172         https://bugs.webkit.org/show_bug.cgi?id=158826
173
174         Reviewed by Simon Fraser.
175
176         First, kudos to Rick Byers for all his helps on passive event dispatch.
177         The specs are pretty damn good and his help reviewing patches is very useful.
178
179         This patch change synchronous event dispatch to happen per event
180         instead of per sequence touchstart->touchend.
181
182         The big advantage of this is we can dispatch more events asynchronously.
183         For example, to handle a tap programmatically, you can limit the active listener
184         to the touchend event. The touchstart and touchmove are now dispatched asynchronously.
185
186         The implementation is a simple extension to EventTrackingRegions.
187         Instead of a single synchronous region, we have one region per event type.
188         When processing the events, we only need to send the events synchronously
189         if that particular event type has a synchronous region.
190
191         Note that EventDispatcher's touch event support already supports
192         mixing synchronous and asynchronous events. The events are always processed
193         in order even if asynchronous events are pending when a synchronous dispatch
194         happens.
195
196         Tests: fast/events/touch/ios/tap-with-active-listener-inside-document-with-passive-listener.html
197                fast/events/touch/ios/tap-with-active-listener-inside-window-with-passive-listener.html
198                fast/events/touch/ios/tap-with-active-touch-end-listener.html
199                fast/events/touch/ios/tap-with-passive-listener-inside-active-listener.html
200                fast/events/touch/ios/tap-with-passive-touch-end-listener.html
201                fast/events/touch/ios/tap-with-passive-touch-start-active-touch-end-listeners-on-elements.html
202                fast/events/touch/ios/tap-with-passive-touch-start-active-touch-move-listeners-on-elements.html
203
204         * CMakeLists.txt:
205         * WebCore.xcodeproj/project.pbxproj:
206         * dom/EventTarget.cpp:
207         (WebCore::EventTarget::hasActiveTouchEventListeners): Deleted.
208         * dom/EventTarget.h:
209         * page/DebugPageOverlays.cpp:
210         (WebCore::NonFastScrollableRegionOverlay::updateRegion):
211         * page/Page.cpp:
212         (WebCore::Page::nonFastScrollableRects):
213         * page/scrolling/ScrollingCoordinator.cpp:
214         (WebCore::ScrollingCoordinator::absoluteEventTrackingRegionsForFrame):
215         * page/scrolling/ScrollingStateFrameScrollingNode.cpp:
216         (WebCore::ScrollingStateFrameScrollingNode::dumpProperties):
217         * page/scrolling/ScrollingTree.cpp:
218         (WebCore::ScrollingTree::shouldHandleWheelEventSynchronously):
219         (WebCore::ScrollingTree::eventTrackingTypeForPoint):
220         * page/scrolling/ScrollingTree.h:
221         * platform/EventTrackingRegions.cpp: Added.
222         (WebCore::EventTrackingRegions::trackingTypeForPoint):
223         (WebCore::EventTrackingRegions::isEmpty):
224         (WebCore::EventTrackingRegions::translate):
225         (WebCore::EventTrackingRegions::uniteSynchronousRegion):
226         (WebCore::EventTrackingRegions::unite):
227         (WebCore::operator==):
228         * platform/EventTrackingRegions.h:
229         (WebCore::EventTrackingRegions::isEmpty): Deleted.
230         (WebCore::EventTrackingRegions::trackingTypeForPoint): Deleted.
231         (WebCore::operator==): Deleted.
232
233 2016-06-23  Simon Fraser  <simon.fraser@apple.com>
234
235         More attempting to fix external iOS builds.
236
237         * platform/spi/cocoa/QuartzCoreSPI.h:
238
239 2016-06-23  Simon Fraser  <simon.fraser@apple.com>
240
241         Try to fix the non-internal builds by defining CARenderServerBufferRef.
242
243         * platform/spi/cocoa/QuartzCoreSPI.h:
244
245 2016-06-23  Simon Fraser  <simon.fraser@apple.com>
246
247         [iOS] Make DumpRenderTree and WebKitTestRunner in the simulator use render server snapshotting
248         https://bugs.webkit.org/show_bug.cgi?id=159077
249
250         Reviewed by Tim Horton.
251
252         Add CARenderServer SPIs.
253
254         Test: fast/harness/snapshot-captures-compositing.html
255
256         * platform/spi/cocoa/QuartzCoreSPI.h:
257
258 2016-06-23  Brian Burg  <bburg@apple.com>
259
260         Web Inspector: add assertions to catch dangling frontends that persist between tests
261         https://bugs.webkit.org/show_bug.cgi?id=159073
262
263         Reviewed by Joseph Pecoraro.
264
265         Based on the analysis in https://webkit.org/b/159070, we suspect that some test
266         flakiness might be caused by dangling frontends from previous test cases. Add an
267         assertion that should catch any frontends that are attached to the inspected page's
268         backend. There should never be any frontends connected when a test first starts.
269
270         * inspector/InspectorController.cpp:
271         (WebCore::InspectorController::setIsUnderTest):
272         * inspector/InspectorController.h:
273
274 2016-06-23  Said Abou-Hallawa  <sabouhallawa@apple.com>
275
276         requestFrameAnimation() callback timestamp should be very close to Performance.now() 
277         https://bugs.webkit.org/show_bug.cgi?id=159038
278
279         Reviewed by Simon Fraser.
280
281         Pass the Performance.now() to requestFrameAnimation() callback. Do not add
282         the timeUntilOutput which is the difference between outputTime and now since
283         this addition makes us report a timestamp ahead in the future by almost 33ms.
284
285         A new function named "nowTimestamp()" is added to the DOMWindow class. It
286         calls Performance.now() if WEB_TIMING is enabled, otherwise it calls
287         monotonicallyIncreasingTime(). The returned timestamp is seconds and it is
288         relative to the document loading time.
289
290         The timestamp passing will be removed all the down till the callers of
291         ScriptedAnimationController::serviceScriptedAnimations(). The callers will
292         getting the now timestamp by calling DOMWindow::nowTimestamp().
293
294         Tests: animations/animation-callback-timestamp.html
295                animations/animation-multiple-callbacks-timestamp.html
296
297         * dom/Document.cpp:
298         (WebCore::Document::monotonicTimestamp):
299         (WebCore::Document::serviceScriptedAnimations):
300         * dom/Document.h:
301         * dom/ScriptedAnimationController.cpp:
302         (WebCore::ScriptedAnimationController::serviceScriptedAnimations):
303         (WebCore::ScriptedAnimationController::animationTimerFired):
304         (WebCore::ScriptedAnimationController::displayRefreshFired):
305         * dom/ScriptedAnimationController.h:
306         * html/HTMLMediaElement.cpp:
307         (WebCore::HTMLMediaElement::getVideoPlaybackQuality):
308         * loader/DocumentLoadTiming.h:
309         (WebCore::DocumentLoadTiming::referenceWallTime):
310         * page/DOMWindow.cpp:
311         (WebCore::DOMWindow::nowTimestamp):
312         * page/DOMWindow.h:
313         * page/FrameView.cpp:
314         (WebCore::FrameView::serviceScriptedAnimations):
315         * page/FrameView.h:
316         * platform/graphics/DisplayRefreshMonitor.cpp:
317         (WebCore::DisplayRefreshMonitor::DisplayRefreshMonitor):
318         (WebCore::DisplayRefreshMonitor::displayDidRefresh):
319         * platform/graphics/DisplayRefreshMonitor.h:
320         (WebCore::DisplayRefreshMonitor::setMonotonicAnimationStartTime): Deleted.
321         * platform/graphics/DisplayRefreshMonitorClient.cpp:
322         (WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded):
323         * platform/graphics/DisplayRefreshMonitorClient.h:
324         * platform/graphics/GraphicsLayerUpdater.cpp:
325         (WebCore::GraphicsLayerUpdater::displayRefreshFired):
326         * platform/graphics/GraphicsLayerUpdater.h:
327         * platform/graphics/ios/DisplayRefreshMonitorIOS.h:
328         * platform/graphics/ios/DisplayRefreshMonitorIOS.mm:
329         (-[WebDisplayLinkHandler handleDisplayLink:]):
330         (WebCore::DisplayRefreshMonitorIOS::displayLinkFired):
331         (WebCore::mediaTimeToCurrentTime): Deleted.
332         * platform/graphics/mac/DisplayRefreshMonitorMac.cpp:
333         (WebCore::displayLinkCallback):
334         (WebCore::DisplayRefreshMonitorMac::displayLinkFired):
335         * platform/graphics/mac/DisplayRefreshMonitorMac.h:
336         * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
337         (WebCore::CompositingCoordinator::syncDisplayState):
338         (WebCore::CompositingCoordinator::nextAnimationServiceTime):
339
340 2016-06-23  David Kilzer  <ddkilzer@apple.com>
341
342         Remove unused HarfBuzzFaceCoreText.cpp
343         <https://webkit.org/b/159065>
344
345         Reviewed by Myles C. Maxfield.
346
347         * platform/graphics/harfbuzz/HarfBuzzFaceCoreText.cpp: Removed.
348
349 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
350
351         Web Inspector: Memory Timeline sometimes shows impossible value for bmalloc size (underflowed)
352         https://bugs.webkit.org/show_bug.cgi?id=158110
353         <rdar://problem/26498584>
354
355         Reviewed by Andreas Kling.
356
357         IOSurface memory backing Canvas element buffers should be classified as "GC Owned",
358         but should not be considered a part of bmalloc. In fact, the actual memory cost is
359         external to the Web Content Process. The majority of extra memory reporters tend
360         to report extra memory that is also allocated in bmalloc. However, some report
361         non-bmalloc memory, such as the IOSurfaces here.
362         
363         Continue to report the memory cost without changes to inform the Heap for garbage
364         collection. However, also keep better accounting of GCOwned memory that is external
365         to the process for better accounting for the Resource Usage overlay and Web Inspector
366         Memory timeline.
367         
368         This is a bit of a game where we want to display the best possible number for
369         "GCOwned memory" in the tools, but some of that memory shows up in the other
370         regions (bmalloc, system malloc, etc). Already many sizes are estimates
371         (ReportExtraMemory, reportExtraMemory ignores small allocations), so we just focus
372         on getting the largest sources of allocations, such as Canvas IOSurfaces here,
373         into the right bucket. ResourceUsageThreadCocoa continues to subtract the "extra"
374         memory from bmalloc. So, we should address other large sources of "extra memory"
375         not in bmalloc. A likely candidate is HTMLMediaElement which uses the deprecated
376         reporting right now.
377
378         * bindings/scripts/CodeGeneratorJS.pm:
379         (GenerateImplementation):
380         * bindings/scripts/IDLAttributes.txt:
381         Add a way to report External memory, dependent on reporting Extra memory.
382
383         * html/HTMLCanvasElement.cpp:
384         (WebCore::HTMLCanvasElement::externalMemoryCost):
385         * html/HTMLCanvasElement.h:
386         * html/HTMLCanvasElement.idl:
387         Report external memory cost just like extra memory.
388
389         * page/ResourceUsageData.cpp:
390         (WebCore::ResourceUsageData::ResourceUsageData):
391         * page/ResourceUsageData.h:
392         (WebCore::MemoryCategoryInfo::totalSize):
393         * page/cocoa/ResourceUsageOverlayCocoa.mm:
394         (WebCore::RingBuffer::at):
395         (WebCore::appendDataToHistory):
396         (WebCore::ResourceUsageOverlay::platformDraw):
397         * page/cocoa/ResourceUsageThreadCocoa.mm:
398         (WebCore::categoryForVMTag):
399         (WebCore::ResourceUsageThread::platformThreadBody):
400         Do not count the GCOwned External memory as dirty memory.
401         Include External memory output in the overlay.
402
403         * inspector/InspectorMemoryAgent.cpp:
404         (WebCore::InspectorMemoryAgent::collectSample):
405         When sizing the JavaScript portion, include both the GC Owned
406         category's dirty and external memory. Ultimately we will
407         want this everywhere in case things change.
408
409         * platform/graphics/ImageBuffer.cpp:
410         (WebCore::memoryCost):
411         (WebCore::externalMemoryCost):
412         * platform/graphics/ImageBuffer.h:
413         * platform/graphics/cg/ImageBufferCG.cpp:
414         (WebCore::ImageBuffer::memoryCost):
415         (WebCore::ImageBuffer::externalMemoryCost):
416         Report IOSurface total bytes as extra memory and external memory
417         so that it can be tracked as GC Owned memory that is separate from
418         regular (bmalloc/other) in process memory.
419
420 2016-06-23  Alexey Proskuryakov  <ap@apple.com>
421
422         Handle (0, 0) ranges from Lookup
423         https://bugs.webkit.org/show_bug.cgi?id=159062
424         rdar://problem/26960385
425
426         Reviewed by Tim Horton.
427
428         * editing/mac/DictionaryLookup.mm: (WebCore::DictionaryLookup::rangeAtHitTestResult):
429         Paper over <https://bugs.webkit.org/show_bug.cgi?id=159063>, which seems too involved
430         to fix now.
431
432 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
433
434         Web Inspector: first heap snapshot taken when a page is reloaded happens before the reload navigation
435         https://bugs.webkit.org/show_bug.cgi?id=158995
436         <rdar://problem/26923778>
437
438         Reviewed by Brian Burg.
439
440         When the "Heap" instrument is included in the Timeline list
441         of instruments, defer starting it in an auto-capture scenario
442         until after the page does its first navigation.
443
444         AutoCapture on the backend happens when it is enabled at
445         the main resource starts loading. In that case it proceeds
446         through the following phases:
447
448             No Auto Capture:
449                 None
450
451             Auto Capture:
452                 BeforeLoad -> FirstNavigation -> AfterFirstNavigation
453
454         When toggling instruments for backend initiated capture
455         most instruments do not care and will just start/stop.
456
457         * inspector/InspectorInstrumentation.cpp:
458         (WebCore::InspectorInstrumentation::didCommitLoadImpl):
459         Inform the TimelineAgent that the main frame navigated.
460         Do this after informing the HeapAgent (so any potential
461         snapshot does not get cleared) and PageAgent (so the
462         frontend knows the page navigated before the agent starts).
463
464         * inspector/InspectorTimelineAgent.h:
465         * inspector/InspectorTimelineAgent.cpp:
466         (WebCore::InspectorTimelineAgent::internalStop):
467         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
468         (WebCore::InspectorTimelineAgent::mainFrameNavigated):
469         Update the auto capture phase transitions.
470
471         (WebCore::InspectorTimelineAgent::toggleHeapInstrument):
472         Only start the heap agent during the None phase (console.profile)
473         or with the first navigation (auto capture page navigation).
474
475 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
476
477         Web Inspector: Snapshots should be cleared at some point
478         https://bugs.webkit.org/show_bug.cgi?id=157907
479         <rdar://problem/26373610>
480
481         Reviewed by Timothy Hatcher.
482
483         * CMakeLists.txt:
484         * WebCore.xcodeproj/project.pbxproj:
485         * inspector/InspectorAllInOne.cpp:
486         New specialized agent.
487
488         * inspector/InspectorController.cpp:
489         (WebCore::InspectorController::InspectorController):
490         Construct a specialized HeapAgent.
491
492         * inspector/PageHeapAgent.h:
493         * inspector/PageHeapAgent.cpp:
494         (WebCore::PageHeapAgent::PageHeapAgent):
495         (WebCore::PageHeapAgent::enable):
496         (WebCore::PageHeapAgent::disable):
497         (WebCore::PageHeapAgent::mainFrameNavigated):
498         Clear backend snapshots on page navigations.
499         Set the PageHeapAgent instrumenting agent on enable/disable.
500
501         * inspector/InstrumentingAgents.cpp:
502         (WebCore::InstrumentingAgents::reset):
503         * inspector/InstrumentingAgents.h:
504         (WebCore::InstrumentingAgents::pageHeapAgent):
505         (WebCore::InstrumentingAgents::setPageHeapAgent):
506         Active PageHeapAgent.
507
508         * inspector/InspectorInstrumentation.cpp:
509         (WebCore::InspectorInstrumentation::didCommitLoadImpl):
510         Inform the PageHeapAgent when the mainframe navigates.
511
512 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
513
514         CSSComputedStyleDeclaration::length should recalculate styles if needed to provide the correct value
515         https://bugs.webkit.org/show_bug.cgi?id=159053
516         <rdar://problem/26638119>
517
518         Reviewed by Simon Fraser.
519
520         Test: fast/css/variables/custom-property-computed-style-length-update.html
521
522         * css/CSSComputedStyleDeclaration.cpp:
523         (WebCore::CSSComputedStyleDeclaration::length):
524
525 2016-06-23  John Wilander  <wilander@apple.com>
526
527         Enable window.open() for existing versions of Secret Society
528         https://bugs.webkit.org/show_bug.cgi?id=159049
529         <rdar://problem/26528349>
530
531         Reviewed by Andy Estes.
532
533         The Secret Society Hidden Mystery app has a broken version check treating iOS 10
534         as iOS 1 on iPads. Therefore it believes it can use window.open() in a tap
535         handler. We should allow the existing versions of the app to do this to not break
536         them.
537
538         No new tests. Tested manually in the app.
539
540         * page/DOMWindow.cpp:
541         (WebCore::DOMWindow::allowPopUp):
542             Now checks with Settings whether it should allow a popup even though it is
543             not processing a user gesture.
544         * page/Settings.in:
545             Added setting allowWindowOpenWithoutUserGesture.
546         * platform/RuntimeApplicationChecks.h:
547         * platform/RuntimeApplicationChecks.mm:
548         (WebCore::IOSApplication::isTheSecretSocietyHiddenMystery):
549             Added.
550
551 2016-06-23  Chris Dumez  <cdumez@apple.com>
552
553         Only call sqlite3_initialize() when a SQLite database is actually being opened
554         https://bugs.webkit.org/show_bug.cgi?id=159033
555
556         Reviewed by Brady Eidson.
557
558         Only call sqlite3_initialize() when a SQLite database is actually being opened
559         instead of doing it unconditionally. sqlite3_initialize() was previously called
560         in the SQLiteDatabase constructor which gets called on WebContent process
561         initialization because a DatabaseTracker is constructed on initialization and
562         DatabaseTracker has a SQLiteDatabase data member.
563
564         * platform/sql/SQLiteDatabase.cpp:
565         (WebCore::initializeSQLiteIfNecessary):
566         (WebCore::SQLiteDatabase::open):
567         (WebCore::SQLiteDatabase::SQLiteDatabase): Deleted.
568         * platform/sql/SQLiteDatabase.h:
569
570 2016-06-23  Adam Bergkvist  <adam.bergkvist@ericsson.com>
571
572         WebRTC: Align 'update ICE connection/gathering state' steps with the WebRTC 1.0 specification
573         https://bugs.webkit.org/show_bug.cgi?id=159054
574
575         Reviewed by Eric Carlson.
576
577         Add checks for same state and closed RTCPeerConnection in the 'update ICE connection state'
578         and 'update ICE gathering state' routines as described in [1].
579
580         [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#update-ice-gathering-state
581
582         No change in current behavior.
583
584         * Modules/mediastream/RTCPeerConnection.cpp:
585         (WebCore::RTCPeerConnection::updateIceGatheringState):
586         (WebCore::RTCPeerConnection::updateIceConnectionState):
587
588 2016-06-23  Adam Bergkvist  <adam.bergkvist@ericsson.com>
589
590         WebRTC: Add support for RTCPeerConnection legacy MediaStream-based API
591         https://bugs.webkit.org/show_bug.cgi?id=158940
592
593         Reviewed by Eric Carlson.
594
595         Implement the legacy MediaStream-based RTCPeerConnection API as JS built-ins. The
596         getRemoteStreams() function and the 'addstream' event are partly implemented with native
597         code.
598
599         Test: fast/mediastream/RTCPeerConnection-legacy-stream-based-api.html
600
601         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
602         (WebCore::MediaEndpointPeerConnection::setRemoteDescriptionTask):
603         (WebCore::MediaEndpointPeerConnection::getRemoteStreams):
604         The getRemoteStreams() function and the 'addstream' event is backed up by native code.
605         * Modules/mediastream/MediaEndpointPeerConnection.h:
606         * Modules/mediastream/MediaStream.idl:
607         * Modules/mediastream/PeerConnectionBackend.h:
608         * Modules/mediastream/RTCPeerConnection.h:
609         * Modules/mediastream/RTCPeerConnection.idl:
610         * Modules/mediastream/RTCPeerConnection.js:
611         (initializeRTCPeerConnection):
612         (getLocalStreams):
613         (getRemoteStreams):
614         (getStreamById):
615         (addStream):
616         (removeStream):
617         Legacy API implemented as JS built-ins.
618         * bindings/js/JSDOMGlobalObject.cpp:
619         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
620         * bindings/js/WebCoreBuiltinNames.h:
621
622 2016-06-23  Carlos Garcia Campos  <cgarcia@igalia.com>
623
624         Unreviewed. Fix the build with CSS Shapes disabled.
625
626         * css/StyleBuilderConverter.h:
627
628 2016-06-23  Carlos Garcia Campos  <cgarcia@igalia.com>
629
630         [Soup] Clean up SocketStreamHandle soup implementation
631         https://bugs.webkit.org/show_bug.cgi?id=159024
632
633         Reviewed by Žan Doberšek.
634
635         Stop using a global HashMap to "acivate"/"deactivate" handles, and just take a reference of the handle and
636         pass the ownership to the callbacks, using a GCancellable to cancel all async operations.
637
638         * platform/network/soup/SocketStreamHandle.h:
639         (WebCore::SocketStreamHandle::create):
640         (WebCore::SocketStreamHandle::id): Deleted.
641         * platform/network/soup/SocketStreamHandleSoup.cpp:
642         (WebCore::SocketStreamHandle::SocketStreamHandle):
643         (WebCore::SocketStreamHandle::connected):
644         (WebCore::SocketStreamHandle::connectedCallback):
645         (WebCore::SocketStreamHandle::readBytes):
646         (WebCore::SocketStreamHandle::readReadyCallback):
647         (WebCore::SocketStreamHandle::didFail):
648         (WebCore::SocketStreamHandle::platformSend):
649         (WebCore::SocketStreamHandle::platformClose):
650         (WebCore::SocketStreamHandle::beginWaitingForSocketWritability):
651         (WebCore::SocketStreamHandle::writeReadyCallback):
652         (WebCore::getHandleFromId): Deleted.
653         (WebCore::deactivateHandle): Deleted.
654         (WebCore::activateHandle): Deleted.
655         (WebCore::SocketStreamHandle::~SocketStreamHandle): Deleted.
656         (WebCore::connectedCallback): Deleted.
657         (WebCore::readReadyCallback): Deleted.
658         (WebCore::writeReadyCallback): Deleted.
659
660 2016-06-22  Brady Eidson  <beidson@apple.com>
661
662         DatabaseProcess doesn't handle WebProcesses going away uncleanly.
663         https://bugs.webkit.org/show_bug.cgi?id=158894
664
665         Reviewed by Alex Christensen.
666
667         No new tests (Covered by additions to existing API test).
668
669         * Modules/indexeddb/server/IDBConnectionToClient.cpp:
670         (WebCore::IDBServer::IDBConnectionToClient::registerDatabaseConnection):
671         (WebCore::IDBServer::IDBConnectionToClient::unregisterDatabaseConnection):
672         (WebCore::IDBServer::IDBConnectionToClient::connectionToClientClosed):
673         * Modules/indexeddb/server/IDBConnectionToClient.h:
674         
675         * Modules/indexeddb/server/IDBServer.cpp:
676         (WebCore::IDBServer::IDBServer::unregisterConnection): Call connectionToClientClosed() on
677           the connection, which cleans up after it in the server.
678         
679         * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
680         (WebCore::IDBServer::UniqueIDBDatabaseConnection::UniqueIDBDatabaseConnection):
681         (WebCore::IDBServer::UniqueIDBDatabaseConnection::~UniqueIDBDatabaseConnection):
682
683 2016-06-22  Benjamin Poulain  <bpoulain@apple.com>
684
685         AX: Add support for CSS4 :focus-within pseudo
686         https://bugs.webkit.org/show_bug.cgi?id=140144
687
688         Reviewed by Antti Koivisto.
689
690         Tests: fast/css/pseudo-focus-within-basics.html
691                fast/css/pseudo-focus-within-inside-shadow-dom.html
692                fast/css/pseudo-focus-within-style-sharing-1.html
693                fast/css/pseudo-focus-within-style-sharing-2.html
694                fast/selectors/focus-within-style-update.html
695
696         * css/CSSSelector.cpp:
697         (WebCore::CSSSelector::selectorText):
698         * css/CSSSelector.h:
699         * css/SelectorChecker.cpp:
700         (WebCore::SelectorChecker::checkOne):
701         * css/SelectorPseudoClassAndCompatibilityElementMap.in:
702         * cssjit/SelectorCompiler.cpp:
703         (WebCore::SelectorCompiler::addPseudoClassType):
704         (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
705         (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasFocusWithin):
706         * dom/ContainerNode.cpp:
707         (WebCore::destroyRenderTreeIfNeeded):
708         * dom/Element.cpp:
709         (WebCore::Element::~Element):
710         (WebCore::Element::setFocus):
711         (WebCore::Element::unregisterNamedFlowContentElement):
712         (WebCore::Element::setIsNamedFlowContentElement):
713         (WebCore::Element::clearIsNamedFlowContentElement):
714         (WebCore::Element::setStyleAffectedByFocusWithin):
715         (WebCore::Element::rareDataStyleAffectedByFocusWithin):
716         (WebCore::Element::rareDataIsNamedFlowContentElement):
717         * dom/Element.h:
718         (WebCore::Element::hasFocusWithin):
719         (WebCore::Element::styleAffectedByFocusWithin):
720         (WebCore::Element::isNamedFlowContentElement):
721         (WebCore::Element::setHasFocusWithin):
722         * dom/ElementRareData.h:
723         (WebCore::ElementRareData::styleAffectedByFocusWithin):
724         (WebCore::ElementRareData::setStyleAffectedByFocusWithin):
725         (WebCore::ElementRareData::isNamedFlowContentElement):
726         (WebCore::ElementRareData::setIsNamedFlowContentElement):
727         (WebCore::ElementRareData::ElementRareData):
728         (WebCore::ElementRareData::resetComputedStyle):
729         * dom/Node.h:
730         (WebCore::Node::flagHasFocusWithin):
731         (WebCore::Node::isNamedFlowContentNode): Deleted.
732         (WebCore::Node::setIsNamedFlowContentNode): Deleted.
733         (WebCore::Node::clearIsNamedFlowContentNode): Deleted.
734         * rendering/RenderNamedFlowThread.cpp:
735         (WebCore::RenderNamedFlowThread::clearContentElements):
736         (WebCore::RenderNamedFlowThread::registerNamedFlowContentElement):
737         (WebCore::RenderNamedFlowThread::unregisterNamedFlowContentElement):
738         (WebCore::nextNodeInsideContentElement):
739         * style/RenderTreeUpdater.cpp:
740         (WebCore::RenderTreeUpdater::updateElementRenderer):
741         * style/StyleRelations.cpp:
742         (WebCore::Style::commitRelationsToRenderStyle):
743         (WebCore::Style::commitRelations):
744         * style/StyleRelations.h:
745         * style/StyleSharingResolver.cpp:
746         (WebCore::Style::SharingResolver::canShareStyleWithElement):
747
748 2016-06-22  Oliver Hunt  <oliver@apple.com>
749
750         Integrate WebKit's CFURLConnection with App Transport Security
751         https://bugs.webkit.org/show_bug.cgi?id=159039
752         <rdar://problem/26953685>
753
754         Reviewed by Alex Christensen.
755
756         Pass additional options to NSURLConnect initialiser to identify that
757         this connection is for WebKit content loading.
758
759         * platform/network/mac/ResourceHandleMac.mm:
760         (WebCore::ResourceHandle::createNSURLConnection):
761
762 2016-06-20  Jeremy Jones  <jeremyj@apple.com>
763
764         Adopt commitPriority to get rid of the 2 AVPL solution for PiP
765         https://bugs.webkit.org/show_bug.cgi?id=158949
766         rdar://problem/26867866
767
768         Reviewed by Simon Fraser.
769
770         No new tests because there is no behavior change. This reverts changes from 
771         https://bugs.webkit.org/show_bug.cgi?id=158148 and instead uses -[CAContext commitPriority:]
772         to prevent flicker when moving a layer between contexts. 
773         commitPriority allows the layer to be added to the destination context before it is 
774         removed from the source context.
775
776         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: remove m_secondaryVideoLayer.
777         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: ditto
778         (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenGravity): ditto.
779         (WebCore::MediaPlayerPrivateAVFoundationObjC::syncTextTrackBounds): ditto.
780         (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer): ditto.
781         (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoLayerGravity): ditto.
782         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: ditto
783         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): ditto
784         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: ditto
785         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers):ditto
786         * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h: ditto
787         * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm: ditto
788         (WebCore::VideoFullscreenLayerManager::setVideoLayer): ditto
789         (WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer): ditto and adopt commitPriority.
790         (WebCore::VideoFullscreenLayerManager::setVideoFullscreenFrame): ditto
791         (WebCore::VideoFullscreenLayerManager::setVideoLayers): Deleted. 
792         (WebCore::VideoFullscreenLayerManager::didDestroyVideoLayer): remove m_secondaryVideoLayer.
793         * platform/spi/cocoa/QuartzCoreSPI.h: Add commitPriority.
794
795 2016-06-22  Simon Fraser  <simon.fraser@apple.com>
796
797         REGRESSION (r201629): Weird button glitching on github.com
798         https://bugs.webkit.org/show_bug.cgi?id=159031
799         rdar://problem/26880332
800
801         Reviewed by Tim Horton.
802
803         r201629 changed the logic slightly when creating an image buffer for a scaled context;
804         it set the buffer context's scale to the scale in the source context, but this failed
805         to take into account the rounding up of the buffer size, which the old code did.
806
807         Fix by reverting to the old behavior.
808
809         Since buffer sizes can only be integral, changed compatibleBufferSize() to return
810         an IntSize.
811
812         Test: fast/backgrounds/scaled-gradient-background.html
813
814         * platform/graphics/ImageBuffer.cpp:
815         (WebCore::ImageBuffer::createCompatibleBuffer):
816         (WebCore::ImageBuffer::compatibleBufferSize):
817         * platform/graphics/ImageBuffer.h:
818         * platform/graphics/IntRect.h:
819         (WebCore::IntRect::area):
820         * platform/graphics/IntSize.h:
821         (WebCore::IntSize::area): Make this return an unsigned.
822
823 2016-06-22  Anders Carlsson  <andersca@apple.com>
824
825         Inline the last of the Apple Pay WebCore code
826         https://bugs.webkit.org/show_bug.cgi?id=159032
827
828         Reviewed by Tim Horton.
829
830         * loader/EmptyClients.cpp:
831         (WebCore::fillWithEmptyClients):
832         * page/MainFrame.cpp:
833         (WebCore::MainFrame::MainFrame):
834         * page/MainFrame.h:
835         * page/PageConfiguration.h:
836         * platform/cocoa/ThemeCocoa.mm:
837         (WebCore::passKitBundle):
838         (WebCore::loadPassKitPDFPage):
839         (WebCore::applePayButtonLogoBlack):
840         (WebCore::applePayButtonLogoWhite):
841         (WebCore::drawApplePayButton):
842         (WebCore::ThemeCocoa::drawNamedImage):
843
844 2016-06-22  Anders Carlsson  <andersca@apple.com>
845
846         Exception is not thrown when shipping method is an invalid amount
847         https://bugs.webkit.org/show_bug.cgi?id=159030
848         rdar://problem/26700413
849
850         Reviewed by Tim Horton.
851
852         * Modules/applepay/ApplePaySession.cpp:
853         (WebCore::createShippingMethods):
854         Bail if createShippingMethod returns Nullopt.
855
856         (WebCore::createPaymentRequest):
857         Bail if createShippingMethods returns Nullopt.
858
859 2016-06-22  Anders Carlsson  <andersca@apple.com>
860
861         Exception is not thrown when shipping method is an invalid amount
862         https://bugs.webkit.org/show_bug.cgi?id=159029
863         rdar://problem/26700413
864
865         Reviewed by Tim Horton.
866
867         * Modules/applepay/PaymentRequest.h:
868         Change ShippingMethod::amount to be a signed 64-bit integer.
869
870         * Modules/applepay/PaymentRequestValidator.cpp:
871         (WebCore::PaymentRequestValidator::validate):
872         Call validateShippingMethods.
873
874         (WebCore::PaymentRequestValidator::validateShippingMethods):
875         Validate all the shipping methods.
876
877         (WebCore::PaymentRequestValidator::validateShippingMethod):
878         Check that the amount is >= 0.
879
880         * Modules/applepay/PaymentRequestValidator.h:
881         Add new members.
882
883 2016-06-22  Adam Bergkvist  <adam.bergkvist@ericsson.com>
884
885         WebRTC: Add support for the negotiationneeded event in MediaEndpointPeerConnection
886         https://bugs.webkit.org/show_bug.cgi?id=158985
887
888         Reviewed by Eric Carlson.
889
890         Implement MediaEndpointPeerConnection's isNegotiationNeeded, markAsNeedingNegotiation and
891         clearNegotiationNeededState functions. The calls to these functions are already up-to-date.
892
893         Test: fast/mediastream/RTCPeerConnection-more-media-to-negotiate.html
894
895         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
896         (WebCore::MediaEndpointPeerConnection::markAsNeedingNegotiation):
897         * Modules/mediastream/MediaEndpointPeerConnection.h:
898         * Modules/mediastream/RTCPeerConnection.cpp:
899         (WebCore::RTCPeerConnection::scheduleNegotiationNeededEvent):
900
901 2016-06-22  Adam Bergkvist  <adam.bergkvist@ericsson.com>
902
903         WebRTC: Replace RTCPeerConnection custom constructor with a JS built-in constructor
904         https://bugs.webkit.org/show_bug.cgi?id=158832
905
906         Reviewed by Eric Carlson and Youenn Fablet.
907
908         Use a JS built-in constructor instead of a custom constructor. This makes it easier to
909         initialize private fields for functions implemented as JS built-ins. The constructor
910         behavior is in need of updating, but that is left to a follow-up change [1].
911
912         [1] http://webkit.org/b/158936
913         No change in behavior.
914
915         * CMakeLists.txt:
916         * Modules/mediastream/RTCPeerConnection.cpp:
917         (WebCore::RTCPeerConnection::create):
918         (WebCore::RTCPeerConnection::RTCPeerConnection):
919         (WebCore::RTCPeerConnection::~RTCPeerConnection):
920         (WebCore::RTCPeerConnection::initializeWith):
921         * Modules/mediastream/RTCPeerConnection.h:
922         * Modules/mediastream/RTCPeerConnection.idl:
923         * Modules/mediastream/RTCPeerConnection.js:
924         (initializeRTCPeerConnection):
925         Add JS built-in constructor function.
926         * WebCore.xcodeproj/project.pbxproj:
927         * bindings/js/JSRTCPeerConnectionCustom.cpp: Removed.
928         (WebCore::constructJSRTCPeerConnection): Deleted.
929
930 2016-06-22  Youenn Fablet  <youenn@apple.com>
931
932         CrossOriginPreflightChecker should call DocumentThreadableLoader preflightFailure instead of didFailLoading
933         https://bugs.webkit.org/show_bug.cgi?id=158984
934
935         Reviewed by Darin Adler.
936
937         No change of behavior.
938
939         Calling DocumentThreadableLoader preflightFailure instead of didFailLoading for any preflight error case.
940
941         * loader/CrossOriginPreflightChecker.cpp:
942         (WebCore::CrossOriginPreflightChecker::notifyFinished): Directly calling preflightFailure callback.
943         (WebCore::CrossOriginPreflightChecker::doPreflight): Ditto.
944         (WebCore::CrossOriginPreflightChecker::handleLoadingFailure): Deleted.
945         (WebCore::CrossOriginPreflightChecker::redirectReceived): Deleted (should have been removed as part of
946         https://bugs.webkit.org/show_bug.cgi?id=111008).
947         * loader/CrossOriginPreflightChecker.h:
948
949 2016-06-22  Youenn Fablet  <youennf@gmail.com>
950
951         JSDOMIterator forEach should support second optional parameter
952         https://bugs.webkit.org/show_bug.cgi?id=159020
953
954         Reviewed by Chris Dumez.
955
956         Covered by beefed up test.
957
958         * bindings/js/JSDOMIterator.h:
959         (WebCore::iteratorForEach): Setting callback thisValue to the second argument passed to forEach.
960
961 2016-06-22  Jer Noble  <jer.noble@apple.com>
962
963         Media controls stop working after exiting PiP
964         https://bugs.webkit.org/show_bug.cgi?id=159026
965         <rdar://problem/26753579>
966
967         Reviewed by Eric Carlson.
968
969         Do not slave setting WebVideoFullscreenModelVideoElement::setVideoElement() to
970         WebPlaybackSessionModelVideoElement::setMediaElement(). After all, someone else
971         (i.e., the media controls) may still be using it.
972
973         * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
974         (WebVideoFullscreenModelVideoElement::setVideoElement): Deleted.
975         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
976         (WebVideoFullscreenControllerContext::didCleanupFullscreen):
977         (WebVideoFullscreenControllerContext::setUpFullscreen):
978
979 2016-06-22  Jer Noble  <jer.noble@apple.com>
980
981         Update document's isPlayingMedia() state whenever media element's media state changes
982         https://bugs.webkit.org/show_bug.cgi?id=159018
983         <rdar://problem/26586630>
984
985         Reviewed by Beth Dakin.
986
987         The Document can end up with a stale m_mediaState if its own value isn't updated when
988         its constituent HTMLMediaElement's m_mediaStates change.
989
990         * html/HTMLMediaElement.cpp:
991         (WebCore::HTMLMediaElement::updateMediaState):
992
993 2016-06-22  Simon Fraser  <simon.fraser@apple.com>
994
995         Crash under GraphicsLayerCA::recursiveCommitChanges() with deep layer trees
996         https://bugs.webkit.org/show_bug.cgi?id=159023
997         rdar://problem/25377842
998
999         Reviewed by Tim Horton.
1000
1001         Having an on-stack DisplayList::Recorder increased the stack frame size significantly,
1002         causing stack exhaustion with deep layer trees, despite the existing depth check.
1003
1004         Make the Recorder heap-allocated to fix this.
1005
1006         Tested by LayoutTests/compositing//layer-creation/deep-tree.html.
1007
1008         * platform/graphics/ca/GraphicsLayerCA.cpp:
1009         (WebCore::GraphicsLayerCA::recursiveCommitChanges):
1010
1011 2016-06-22  Carlos Garcia Campos  <cgarcia@igalia.com>
1012
1013         [GTK] Add support for variadic parameters to GObject DOM bindings
1014         https://bugs.webkit.org/show_bug.cgi?id=158942
1015
1016         Reviewed by Michael Catanzaro.
1017
1018         Generate code for functions having variadic parameters.
1019
1020         * bindings/scripts/CodeGeneratorGObject.pm:
1021         (GenerateFunction):
1022         (SkipFunction):
1023         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
1024         (webkit_dom_test_obj_variadic_string_method):
1025         * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
1026
1027 2016-06-21  Benjamin Poulain  <bpoulain@apple.com>
1028
1029         :hover CSS pseudo-class sometimes keeps matching ever after mouse has left the element
1030         https://bugs.webkit.org/show_bug.cgi?id=158340
1031
1032         Reviewed by Simon Fraser.
1033
1034         When removing a hovered subtree from the document, we were getting
1035         into an inconsistent state where m_hoveredElement is in the detached
1036         subtree and we have no way of clearing the existing IsHovered flags.
1037
1038         What happens is:
1039         -The root "a" has an child "b" that is hovered.
1040         -"a" starts being removed from the tree, its renderer is destroyed.
1041         -RenderTreeUpdater::tearDownRenderers() pushes "a" on the teardownStack
1042          and calls hoveredElementDidDetach().
1043         -hoveredElementDidDetach() is called with "a". "a" is not the hovered
1044          element, the function does nothing.
1045         -RenderTreeUpdater::tearDownRenderers() pushes "b" on the teardownStack
1046          and calls hoveredElementDidDetach().
1047         -hoveredElementDidDetach() is called with "b". The next parent with a renderer
1048          is "a", m_hoveredElement is set to "a".
1049         -"a"'s parent is set to nullptr.
1050
1051         -> We have a m_hoveredElement on the root of a detached tree, making
1052            it impossible to clear the real dirty tree.
1053
1054         This patch changes the order in which we clear the flags.
1055         It is done in the order in which we clear the renderers to ensure
1056         the last element with a dead renderer is the last to update m_hoveredElement.
1057
1058         Tests: fast/css/ancestor-of-hovered-element-detached.html
1059                fast/css/ancestor-of-hovered-element-removed.html
1060
1061         * Source/WebCore/style/RenderTreeUpdater.cpp:
1062
1063 2016-06-21  Youenn Fablet  <youennf@gmail.com>
1064
1065         [Fetch API] Rename 'origin-only' referrer policy to 'origin'
1066         https://bugs.webkit.org/show_bug.cgi?id=158982
1067
1068         Reviewed by Alex Christensen.
1069
1070         Covered by updated tests.
1071
1072         * Modules/fetch/FetchRequest.cpp:
1073         (WebCore::setReferrerPolicy): Renaming origin-only to origin.
1074         * Modules/fetch/FetchRequest.idl: Ditto.
1075         * loader/FetchOptions.h: Ditto.
1076
1077 2016-06-21  Chris Dumez  <cdumez@apple.com>
1078
1079         Let the compiler generate the move constructor and assignment operator for ScriptExecutionContext::Task
1080         https://bugs.webkit.org/show_bug.cgi?id=159013
1081
1082         Reviewed by Brady Eidson.
1083
1084         Let the compiler generate the move constructor and assignment operator for
1085         ScriptExecutionContext::Task. We previously manually defined the move
1086         constructor but there is no need as it doesn't do anything special.
1087
1088         * dom/ScriptExecutionContext.h:
1089
1090 2016-06-21  Dean Jackson  <dino@apple.com>
1091
1092         DumpRenderTree crashed in com.apple.WebCore: WebCore::HTMLSelectElement::updateSelectedState
1093         https://bugs.webkit.org/show_bug.cgi?id=159009
1094         <rdar://problem/23454623>
1095
1096         Reviewed by Jon Lee.
1097
1098         It seems we can get bogus indices from UIKit's implementation
1099         of UIWebSelectMultiplePicker. Guard against this situation.
1100
1101         Covered by running the existing tests in WebKit1 with Guard Malloc,
1102         such as fast/spatial-navigation/snav-multiple-select-optgroup.html
1103
1104         * html/HTMLSelectElement.cpp:
1105         (WebCore::HTMLSelectElement::updateSelectedState): Early return
1106         if we get an index out of range.
1107
1108 2016-06-21  Chris Dumez  <cdumez@apple.com>
1109
1110         Pass ScriptExecutionContext::Task as rvalue reference
1111         https://bugs.webkit.org/show_bug.cgi?id=159007
1112
1113         Reviewed by Anders Carlsson.
1114
1115         Pass ScriptExecutionContext::Task as rvalue reference since its non-copyable
1116         and has to be moved in.
1117
1118         * workers/WorkerLoaderProxy.h:
1119         * workers/WorkerMessagingProxy.cpp:
1120         (WebCore::WorkerMessagingProxy::postTaskToLoader):
1121         (WebCore::WorkerMessagingProxy::postTaskForModeToWorkerGlobalScope):
1122         * workers/WorkerMessagingProxy.h:
1123         * workers/WorkerRunLoop.cpp:
1124         (WebCore::WorkerRunLoop::postTask):
1125         (WebCore::WorkerRunLoop::postTaskAndTerminate):
1126         (WebCore::WorkerRunLoop::postTaskForMode):
1127         (WebCore::WorkerRunLoop::Task::Task):
1128         * workers/WorkerRunLoop.h:
1129
1130 2016-06-21  Anders Carlsson  <andersca@apple.com>
1131
1132         Include IdentifierInlines.h.
1133
1134         * bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp:
1135
1136 2016-06-21  Anders Carlsson  <andersca@apple.com>
1137
1138         Add PaymentHeaders.h file.
1139
1140         * Modules/applepay/PaymentHeaders.h: Added.
1141         * WebCore.xcodeproj/project.pbxproj:
1142
1143 2016-06-21  Anders Carlsson  <andersca@apple.com>
1144
1145         Make a bunch of Apple Pay headers private instead of project.
1146
1147         * WebCore.xcodeproj/project.pbxproj:
1148
1149 2016-06-21  Anders Carlsson  <andersca@apple.com>
1150
1151         Move the last Apple Pay WebCore files to the open source repository
1152         https://bugs.webkit.org/show_bug.cgi?id=159005
1153
1154         Reviewed by Tim Horton.
1155
1156         * DerivedSources.make:
1157         * Modules/applepay/ApplePayPaymentAuthorizedEvent.cpp: Added.
1158         * Modules/applepay/ApplePayPaymentAuthorizedEvent.h: Added.
1159         * Modules/applepay/ApplePayPaymentAuthorizedEvent.idl: Added.
1160         * Modules/applepay/ApplePayPaymentMethodSelectedEvent.cpp: Added.
1161         * Modules/applepay/ApplePayPaymentMethodSelectedEvent.h: Added.
1162         * Modules/applepay/ApplePayPaymentMethodSelectedEvent.idl: Added.
1163         * Modules/applepay/ApplePaySession.cpp: Added.
1164         * Modules/applepay/ApplePaySession.h: Added.
1165         * Modules/applepay/ApplePaySession.idl: Added.
1166         * Modules/applepay/ApplePayShippingContactSelectedEvent.cpp: Added.
1167         * Modules/applepay/ApplePayShippingContactSelectedEvent.h: Added.
1168         * Modules/applepay/ApplePayShippingContactSelectedEvent.idl: Added.
1169         * Modules/applepay/ApplePayShippingMethodSelectedEvent.cpp: Added.
1170         * Modules/applepay/ApplePayShippingMethodSelectedEvent.h: Added.
1171         * Modules/applepay/ApplePayShippingMethodSelectedEvent.idl: Added.
1172         * Modules/applepay/ApplePayValidateMerchantEvent.cpp: Added.
1173         * Modules/applepay/ApplePayValidateMerchantEvent.h: Added.
1174         * Modules/applepay/ApplePayValidateMerchantEvent.idl: Added.
1175         * Modules/applepay/Payment.h: Added.
1176         * Modules/applepay/PaymentAuthorizationStatus.h: Added.
1177         * Modules/applepay/PaymentContact.h: Added.
1178         * Modules/applepay/PaymentMerchantSession.h: Added.
1179         * Modules/applepay/PaymentMethod.h: Added.
1180         * Modules/applepay/PaymentRequestValidator.cpp: Added.
1181         * Modules/applepay/PaymentRequestValidator.h: Added.
1182         * Modules/applepay/cocoa/PaymentContactCocoa.mm: Added.
1183         * Modules/applepay/cocoa/PaymentMethodCocoa.mm: Added.
1184         * WebCore.xcodeproj/project.pbxproj:
1185         * bindings/js/JSApplePayPaymentAuthorizedEventCustom.cpp: Added.
1186         * bindings/js/JSApplePayPaymentMethodSelectedEventCustom.cpp: Added.
1187         * bindings/js/JSApplePaySessionCustom.cpp: Added.
1188         * bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp: Added.
1189         * bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp: Added.
1190         * dom/EventNames.in:
1191         * dom/EventTargetFactory.in:
1192
1193 2016-06-21  Anders Carlsson  <andersca@apple.com>
1194
1195         Fix build.
1196
1197         * Configurations/FeatureDefines.xcconfig:
1198
1199 2016-06-21  Jiewen Tan  <jiewen_tan@apple.com>
1200
1201         Unreviewed, rolling out r202302, r202303, r202305, and
1202         r202306.
1203
1204         Roll out the rollouts because of breaking the build.
1205
1206         Reverted changesets:
1207
1208         "Unreviewed, rolling out r200678."
1209         https://bugs.webkit.org/show_bug.cgi?id=157453
1210         http://trac.webkit.org/changeset/202302
1211
1212         "Unreviewed, rolling out r200619."
1213         https://bugs.webkit.org/show_bug.cgi?id=131443
1214         http://trac.webkit.org/changeset/202303
1215
1216         "Unreviewed, attempt to fix the build after r202303."
1217         http://trac.webkit.org/changeset/202305
1218
1219         "Unreviewed, attempt to fix the build after r202303."
1220         http://trac.webkit.org/changeset/202306
1221
1222 2016-06-21  Chris Dumez  <cdumez@apple.com>
1223
1224         Unreviewed, attempt to fix the build after r202303.
1225
1226         * bindings/js/JSDOMIterator.h:
1227         (WebCore::IteratorInspector::decltype):
1228         (WebCore::IteratorInspector::test):
1229
1230 2016-06-21  Chris Dumez  <cdumez@apple.com>
1231
1232         Unreviewed, attempt to fix the build after r202303.
1233
1234         * bindings/js/JSDOMIterator.h:
1235         (WebCore::toJS):
1236
1237 2016-06-21  Jiewen Tan  <jiewen_tan@apple.com>
1238
1239         Unreviewed, rolling out r200619.
1240
1241         This incompleted feature broke http://m.yahoo.co.jp. Roll it
1242         out together with r200678.
1243
1244         Reverted changeset:
1245
1246         "NodeList should be iterable"
1247         https://bugs.webkit.org/show_bug.cgi?id=131443
1248         http://trac.webkit.org/changeset/200619
1249
1250 2016-06-21  Jiewen Tan  <jiewen_tan@apple.com>
1251
1252         Unreviewed, rolling out r200678.
1253
1254         This incompleted feature broke http://m.yahoo.co.jp. Roll it
1255         out together with r200619.
1256
1257         Reverted changeset:
1258
1259         "Ensure DOM iterators remain done"
1260         https://bugs.webkit.org/show_bug.cgi?id=157453
1261         http://trac.webkit.org/changeset/200678
1262
1263 2016-06-21  Anders Carlsson  <andersca@apple.com>
1264
1265         Begin moving the Apple Pay code to the open source repository
1266         https://bugs.webkit.org/show_bug.cgi?id=158998
1267
1268         Reviewed by Tim Horton.
1269
1270         * Configurations/FeatureDefines.xcconfig:
1271         Add ENABLE_APPLE_PAY.
1272
1273         * Modules/applepay/PaymentCoordinator.cpp: Added.
1274         * Modules/applepay/PaymentCoordinator.h: Added.
1275         * Modules/applepay/PaymentCoordinatorClient.h: Added.
1276         * Modules/applepay/PaymentRequest.cpp: Added.
1277         * Modules/applepay/PaymentRequest.h: Added.
1278         * Modules/applepay/cocoa/PaymentCocoa.mm: Added.
1279         * WebCore.xcodeproj/project.pbxproj:
1280         Add new files.
1281
1282         * dom/EventNames.h:
1283         Add new event names.
1284
1285         * page/MainFrame.h:
1286         Use a forward declaration.
1287
1288 2016-06-21  Said Abou-Hallawa  <sabouhallawa@apple,com>
1289
1290         Add system tracing points for requestAnimationFrame() workflow
1291         https://bugs.webkit.org/show_bug.cgi?id=158723
1292
1293         Reviewed by Simon Fraser.
1294
1295         Add trace points for requestAnimationFrame().
1296
1297         * dom/ScriptedAnimationController.cpp:
1298         (WebCore::ScriptedAnimationController::requestAnimationFrameEnabled):
1299         (WebCore::ScriptedAnimationController::serviceScriptedAnimations):
1300         (WebCore::ScriptedAnimationController::windowScreenDidChange):
1301         (WebCore::ScriptedAnimationController::scheduleAnimation):
1302         * dom/ScriptedAnimationController.h:
1303         * platform/graphics/ios/DisplayRefreshMonitorIOS.mm:
1304         (WebCore::DisplayRefreshMonitorIOS::requestRefreshCallback):
1305         (WebCore::DisplayRefreshMonitorIOS::displayLinkFired):
1306
1307 2016-06-20  Simon Fraser  <simon.fraser@apple.com>
1308
1309         [iOS] Typing text into a text field or text area causes screen to scroll down (hiding text entry)
1310         https://bugs.webkit.org/show_bug.cgi?id=158970
1311
1312         Reviewed by Ryosuke Niwa.
1313
1314         insertTextWithoutSendingTextEvent() should only reveal the selection up to the main frame on iOS,
1315         since the UI process can zoom and scroll the view to the text input.
1316
1317         Test: fast/forms/ios/typing-in-input-in-iframe.html
1318
1319         * editing/Editor.cpp:
1320         (WebCore::Editor::insertTextWithoutSendingTextEvent):
1321
1322 2016-06-21  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1323
1324         WebRTC: Remove unused MediaEndpointClient::gotRemoteSource function
1325         https://bugs.webkit.org/show_bug.cgi?id=158986
1326
1327         Reviewed by Eric Carlson.
1328
1329         Remote sources are explicitly created with MediaEndpoint::createMutedRemoteSource so the
1330         MediaEndpointClient::gotRemoteSource can be removed.
1331
1332         No change in behavior.
1333
1334         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
1335         (WebCore::MediaEndpointPeerConnection::gotRemoteSource): Deleted.
1336         * Modules/mediastream/MediaEndpointPeerConnection.h:
1337         * platform/mediastream/MediaEndpoint.h:
1338
1339 2016-06-20  Simon Fraser  <simon.fraser@apple.com>
1340
1341         Focus event dispatched in iframe causes parent document to scroll incorrectly
1342         https://bugs.webkit.org/show_bug.cgi?id=158629
1343         rdar://problem/26521616
1344
1345         Reviewed by Tim Horton.
1346
1347         When focussing elements in iframes, the page could scroll to an incorrect location.
1348         This happened because code in Element::focus() tried to disable scrolling on focus,
1349         but did so only for the current frame, so ancestor frames got programmatically scrolled.
1350         On iOS we handle the scrolling in the UI process, so never want the web process to
1351         do programmatic scrolling.
1352
1353         Fix by changing the focus and cache restore code to use SelectionRevealMode::DoNotReveal,
1354         rather than manually prohibiting frame scrolling. Pass SelectionRevealMode through various callers,
1355         and use RevealUpToMainFrame for iOS, allowing the UI process to do the zoomToRect: for the main frame.
1356
1357         Tests: fast/forms/ios/focus-input-in-iframe.html
1358                fast/forms/ios/programmatic-focus-input-in-iframe.html
1359
1360         * dom/Document.h:
1361         * dom/Element.cpp:
1362         (WebCore::Element::scrollIntoView):
1363         (WebCore::Element::scrollIntoViewIfNeeded):
1364         (WebCore::Element::scrollIntoViewIfNotVisible):
1365         (WebCore::Element::focus):
1366         (WebCore::Element::updateFocusAppearance):
1367         * dom/Element.h:
1368         * editing/Editor.cpp:
1369         (WebCore::Editor::insertTextWithoutSendingTextEvent):
1370         (WebCore::Editor::revealSelectionAfterEditingOperation):
1371         (WebCore::Editor::findStringAndScrollToVisible):
1372         * editing/FrameSelection.cpp:
1373         (WebCore::FrameSelection::updateAndRevealSelection):
1374         (WebCore::FrameSelection::revealSelection):
1375         (WebCore::FrameSelection::FrameSelection): Deleted.
1376         * editing/FrameSelection.h:
1377         * html/HTMLInputElement.cpp:
1378         (WebCore::HTMLInputElement::updateFocusAppearance):
1379         * html/HTMLTextAreaElement.cpp:
1380         (WebCore::HTMLTextAreaElement::updateFocusAppearance):
1381         * page/ContextMenuController.cpp:
1382         (WebCore::ContextMenuController::contextMenuItemSelected):
1383         * page/FrameView.cpp:
1384         (WebCore::FrameView::scrollToAnchor):
1385         * rendering/RenderLayer.cpp:
1386         (WebCore::RenderLayer::scrollRectToVisible):
1387         (WebCore::RenderLayer::autoscroll):
1388         * rendering/RenderLayer.h:
1389         * rendering/RenderObject.cpp:
1390         (WebCore::RenderObject::scrollRectToVisible):
1391         * rendering/RenderObject.h:
1392
1393 2016-06-21  Frederic Wang  <fwang@igalia.com>
1394
1395         Implement RenderMathMLOperator::layoutBlock
1396         https://bugs.webkit.org/show_bug.cgi?id=157521
1397
1398         Reviewed by Brent Fulgham.
1399
1400         No new tests, already covered by existing tests.
1401
1402         Add an initial implementation of RenderMathMLOperator::layoutBlock, which will perform
1403         special layout when the MathOperator is used. We also improved how the logical height is
1404         calculated and avoid updating the style when stretchTo is called.
1405
1406         * rendering/mathml/RenderMathMLOperator.cpp:
1407         (WebCore::RenderMathMLOperator::stretchTo):
1408         (WebCore::RenderMathMLOperator::layoutBlock):
1409         (WebCore::RenderMathMLOperator::computeLogicalHeight): Deleted.
1410         * rendering/mathml/RenderMathMLOperator.h:
1411
1412 2016-06-21  Chris Dumez  <cdumez@apple.com>
1413
1414         Unreviewed, roll out r202268 as it looks like it was a ~50% regression on Dromaeo DOM Core
1415
1416         * bindings/scripts/CodeGeneratorJS.pm:
1417         (GenerateImplementation):
1418         (GeneratePrototypeDeclaration):
1419         * bindings/scripts/test/JS/JSInterfaceName.cpp:
1420         (WebCore::JSInterfaceNamePrototype::finishCreation):
1421         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
1422         (WebCore::JSTestActiveDOMObjectPrototype::finishCreation):
1423         (WebCore::JSTestActiveDOMObject::createPrototype): Deleted.
1424         (WebCore::JSTestActiveDOMObject::prototype): Deleted.
1425         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
1426         (WebCore::JSTestClassWithJSBuiltinConstructorPrototype::finishCreation):
1427         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
1428         (WebCore::JSTestCustomConstructorWithNoInterfaceObjectPrototype::finishCreation):
1429         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
1430         (WebCore::JSTestCustomNamedGetterPrototype::finishCreation):
1431         (WebCore::JSTestCustomNamedGetter::JSTestCustomNamedGetter): Deleted.
1432         (WebCore::JSTestCustomNamedGetter::createPrototype): Deleted.
1433         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
1434         (WebCore::JSTestEventConstructorPrototype::finishCreation):
1435         (WebCore::JSTestEventConstructor::createPrototype): Deleted.
1436         (WebCore::JSTestEventConstructor::prototype): Deleted.
1437         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
1438         (WebCore::JSTestEventTargetPrototype::finishCreation):
1439         (WebCore::JSTestEventTarget::JSTestEventTarget): Deleted.
1440         (WebCore::JSTestEventTarget::createPrototype): Deleted.
1441         * bindings/scripts/test/JS/JSTestException.cpp:
1442         (WebCore::JSTestExceptionPrototype::finishCreation):
1443         * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
1444         (WebCore::JSTestGenerateIsReachablePrototype::finishCreation):
1445         * bindings/scripts/test/JS/JSTestInterface.cpp:
1446         (WebCore::JSTestInterfacePrototype::finishCreation):
1447         (WebCore::jsTestInterfaceImplementsStr2): Deleted.
1448         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
1449         (WebCore::JSTestJSBuiltinConstructorPrototype::finishCreation):
1450         (WebCore::JSTestJSBuiltinConstructor::JSTestJSBuiltinConstructor): Deleted.
1451         (WebCore::JSTestJSBuiltinConstructor::createPrototype): Deleted.
1452         (WebCore::JSTestJSBuiltinConstructor::destroy): Deleted.
1453         (WebCore::jsTestJSBuiltinConstructorTestAttributeCustom): Deleted.
1454         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
1455         (WebCore::JSTestMediaQueryListListenerPrototype::finishCreation):
1456         (WebCore::JSTestMediaQueryListListener::JSTestMediaQueryListListener): Deleted.
1457         (WebCore::JSTestMediaQueryListListener::createPrototype): Deleted.
1458         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
1459         (WebCore::JSTestNamedConstructorPrototype::finishCreation):
1460         * bindings/scripts/test/JS/JSTestNode.cpp:
1461         (WebCore::JSTestNodePrototype::finishCreation):
1462         (WebCore::JSTestNode::JSTestNode): Deleted.
1463         (WebCore::JSTestNode::prototype): Deleted.
1464         (WebCore::jsTestNodeName): Deleted.
1465         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
1466         (WebCore::JSTestNondeterministicPrototype::finishCreation):
1467         (WebCore::JSTestNondeterministic::JSTestNondeterministic): Deleted.
1468         (WebCore::JSTestNondeterministic::prototype): Deleted.
1469         (WebCore::JSTestNondeterministic::destroy): Deleted.
1470         * bindings/scripts/test/JS/JSTestObj.cpp:
1471         (WebCore::JSTestObjPrototype::finishCreation):
1472         (WebCore::JSTestObj::JSTestObj): Deleted.
1473         (WebCore::JSTestObj::createPrototype): Deleted.
1474         (WebCore::JSTestObj::prototype): Deleted.
1475         (WebCore::JSTestObj::destroy): Deleted.
1476         (WebCore::JSTestObj::getOwnPropertySlot): Deleted.
1477         (WebCore::JSTestObj::getOwnPropertySlotByIndex): Deleted.
1478         (WebCore::jsTestObjReadOnlyLongAttr): Deleted.
1479         (WebCore::jsTestObjReadOnlyStringAttr): Deleted.
1480         (WebCore::jsTestObjReadOnlyTestObjAttr): Deleted.
1481         (WebCore::jsTestObjConstructorStaticReadOnlyLongAttr): Deleted.
1482         (WebCore::jsTestObjConstructorStaticStringAttr): Deleted.
1483         (WebCore::jsTestObjConstructorTestSubObj): Deleted.
1484         (WebCore::jsTestObjTestSubObjEnabledBySettingConstructor): Deleted.
1485         (WebCore::jsTestObjEnumAttr): Deleted.
1486         (WebCore::jsTestObjByteAttr): Deleted.
1487         (WebCore::jsTestObjOctetAttr): Deleted.
1488         (WebCore::jsTestObjShortAttr): Deleted.
1489         (WebCore::jsTestObjClampedShortAttr): Deleted.
1490         (WebCore::jsTestObjEnforceRangeShortAttr): Deleted.
1491         (WebCore::jsTestObjUnsignedShortAttr): Deleted.
1492         (WebCore::jsTestObjLongAttr): Deleted.
1493         (WebCore::jsTestObjLongLongAttr): Deleted.
1494         (WebCore::jsTestObjReflectedCustomBooleanAttr): Deleted.
1495         (WebCore::jsTestObjReflectedCustomURLAttr): Deleted.
1496         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
1497         (WebCore::JSTestOverloadedConstructorsPrototype::finishCreation):
1498         * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
1499         (WebCore::JSTestOverrideBuiltinsPrototype::finishCreation):
1500         (WebCore::JSTestOverrideBuiltins::JSTestOverrideBuiltins): Deleted.
1501         (WebCore::JSTestOverrideBuiltins::createPrototype): Deleted.
1502         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
1503         (WebCore::JSTestSerializedScriptValueInterfacePrototype::finishCreation):
1504         (WebCore::JSTestSerializedScriptValueInterface::JSTestSerializedScriptValueInterface): Deleted.
1505         (WebCore::JSTestSerializedScriptValueInterface::prototype): Deleted.
1506         (WebCore::JSTestSerializedScriptValueInterface::destroy): Deleted.
1507         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
1508         (WebCore::JSTestTypedefsPrototype::finishCreation):
1509         (WebCore::JSTestTypedefs::JSTestTypedefs): Deleted.
1510         (WebCore::JSTestTypedefs::createPrototype): Deleted.
1511         (WebCore::JSTestTypedefs::prototype): Deleted.
1512         (WebCore::JSTestTypedefs::destroy): Deleted.
1513         (WebCore::jsTestTypedefsUnsignedLongLongAttr): Deleted.
1514         (WebCore::jsTestTypedefsImmutableSerializedScriptValue): Deleted.
1515         (WebCore::jsTestTypedefsAttrWithGetterException): Deleted.
1516         * bindings/scripts/test/JS/JSattribute.cpp:
1517         (WebCore::JSattributePrototype::finishCreation):
1518         * bindings/scripts/test/JS/JSreadonly.cpp:
1519         (WebCore::JSreadonlyPrototype::finishCreation):
1520
1521 2016-06-21  Keith Miller  <keith_miller@apple.com>
1522
1523         It should be easy to add a private global helper function for builtins
1524         https://bugs.webkit.org/show_bug.cgi?id=158893
1525
1526         Reviewed by Mark Lam.
1527
1528         Add JSCJSValueInlines.h to fix build issues.
1529
1530         * platform/mock/mediasource/MockBox.cpp:
1531
1532 2016-06-21  Amir Alavi  <aalavi@apple.com>
1533
1534         Upstream WKHTTPCookiesForURL from WebKitSystemInterface to OpenSource
1535         https://bugs.webkit.org/show_bug.cgi?id=158967
1536
1537         Reviewed by Brent Fulgham.
1538
1539         * platform/ios/WebCoreSystemInterfaceIOS.mm:
1540         * platform/mac/WebCoreSystemInterface.h:
1541         * platform/mac/WebCoreSystemInterface.mm:
1542         * platform/network/mac/CookieJarMac.mm:
1543         (WebCore::httpCookiesForURL): Upstreamed from WebKitSystemInterface.
1544         (WebCore::cookiesForURL): Changed to call httpCookiesForURL.
1545         (WebCore::deleteCookie): Ditto.
1546         * platform/spi/cf/CFNetworkSPI.h:
1547
1548 2016-06-21  Chris Dumez  <cdumez@apple.com>
1549
1550         Unreviewed, rolling out r202231.
1551
1552         Seems to have regressed PLT on both iOS and Mac (very obvious
1553         on iOS Warm PLT)
1554
1555         Reverted changeset:
1556
1557         "When navigating, discard decoded image data that is only live
1558         due to page cache."
1559         https://bugs.webkit.org/show_bug.cgi?id=158941
1560         http://trac.webkit.org/changeset/202231
1561
1562 2016-06-21  Youenn Fablet  <youennf@gmail.com>
1563
1564         Add bindings generator support to add a native JS function to both a 'name' and a private '@name' slot
1565         https://bugs.webkit.org/show_bug.cgi?id=158777
1566
1567         Reviewed by Eric Carlson.
1568
1569         Adding a new PublicIdentifier keyword to cover the case of the same function exposed publicly and privately.
1570         Renaming Private keyword to PrivateIdentifier.
1571         Functions exposed both publicly and privately should set both keywords.
1572         By default, functions are publically exposed.
1573
1574         Updated binding generator to generate public exposure except if PrivateIdentifer is set and PublicIdentifier is
1575         not set.
1576
1577         Keeping skipping of ObjC/GObject binding for PrivateIdentifier-only functions.
1578
1579         Covered by rebased binding tests.
1580
1581         * Modules/fetch/FetchHeaders.idl:
1582         * Modules/fetch/FetchResponse.idl:
1583         * Modules/mediastream/MediaDevices.idl:
1584         * Modules/mediastream/RTCPeerConnection.idl:
1585         * bindings/scripts/CodeGeneratorGObject.pm:
1586         (SkipFunction):
1587         * bindings/scripts/CodeGeneratorJS.pm:
1588         (GeneratePropertiesHashTable):
1589         (GenerateImplementation):
1590         * bindings/scripts/CodeGeneratorObjC.pm:
1591         (SkipFunction):
1592         * bindings/scripts/IDLAttributes.txt:
1593         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
1594         (webkit_dom_test_obj_private_also_method):
1595         * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
1596         * bindings/scripts/test/JS/JSTestObj.cpp:
1597         (WebCore::JSTestObjPrototype::finishCreation):
1598         (WebCore::jsTestObjPrototypeFunctionPrivateMethod):
1599         (WebCore::jsTestObjPrototypeFunctionPrivateAlsoMethod):
1600         * bindings/scripts/test/ObjC/DOMTestObj.h:
1601         * bindings/scripts/test/ObjC/DOMTestObj.mm:
1602         (-[DOMTestObj privateAlsoMethod:]):
1603         * bindings/scripts/test/TestObj.idl:
1604
1605 2016-06-21  Dan Bernstein  <mitz@apple.com>
1606
1607         Inlined some picture-in-picture code.
1608         https://bugs.webkit.org/show_bug.cgi?id=158977
1609
1610         Reviewed by Eric Carlsson.
1611
1612         This code was written primarily by Ada Chan, and originally reviewed by Alex Christensen,
1613         Anders Carlsson, Conrad Shultz, Dan Bernstein, Eric Carlson, Jer Noble, Jeremy Jones,
1614         Jon Lee, Remy Demarest, and Zach Li.
1615
1616         * English.lproj/Localizable.strings:
1617           Updated using update-webkit-localizable-strings.
1618
1619         * Modules/mediacontrols/mediaControlsApple.css:
1620         (video:-webkit-full-screen::-webkit-media-controls-panel .picture-in-picture-button):
1621
1622         * Modules/mediacontrols/mediaControlsApple.js:
1623         (Controller.prototype.configureFullScreenControls):
1624
1625         * WebCore.xcodeproj/project.pbxproj: Added PIPSPI.h.
1626
1627         * html/HTMLMediaElement.cpp: Inlined code from HTMLMediaElementAdditions.cpp.
1628
1629         * html/HTMLVideoElement.cpp: Inlined code from HTMLVideoElementSupportsFullscreenAdditions.cpp.
1630
1631         * platform/LocalizedStrings.cpp:
1632         (WebCore::contextMenuItemTagEnterVideoEnhancedFullscreen): Brought in from ContextMenuLocalizedStringsAdditions.cpp.
1633         (WebCore::contextMenuItemTagExitVideoEnhancedFullscreen): Ditto.
1634         (WebCore::AXARIAContentGroupText): Made updates that should have been part of r198543.
1635
1636         * platform/mac/WebVideoFullscreenInterfaceMac.h: Removed USE(APPLE_INTERNAL_SDK) guards.
1637         * platform/mac/WebVideoFullscreenInterfaceMac.mm: Inlined WebVideoFullscreenInterfaceMacAdditions.mm.
1638
1639         * platform/spi/mac/PIPSPI.h: Added.
1640
1641         * rendering/HitTestResult.cpp: Inlined HitTestResultAdditions.cpp.
1642
1643         * rendering/RenderThemeMac.mm:
1644         (WebCore::RenderThemeMac::mediaControlsStyleSheet): Removed include of
1645           RenderThemeMacMediaControlsStyleSheetAdditions.mm now that the content is in
1646           mediaControlsApple.css.
1647         (WebCore::RenderThemeMac::mediaControlsScript): Removed include of
1648           RenderThemeMacMediaControlsScriptAdditions.mm now that the content is in mediaControlsApple.js.
1649
1650 2016-06-21  Miguel Gomez  <magomez@igalia.com>
1651
1652         [GStreamer] video orientation support
1653         https://bugs.webkit.org/show_bug.cgi?id=148524
1654
1655         Reviewed by Philippe Normand.
1656
1657         Rotate video frames to follow the orientation metadata in the video file.
1658         When accelerated compositing is disabled, the rotation is performed by a videoflip element added
1659         to the playbin.
1660         When accelerated compositing is enabled, the rotation is peformed by the TextureMapper in response
1661         to a rotation flag set on the frame buffers.
1662
1663         Test: media/video-orientation.html
1664
1665         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
1666         (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
1667         Handle the GST_MESSAGE_TAG message from the bin.
1668         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
1669         Add the videflip element to the bin when accelerated compositing is disabled.
1670         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1671         (WebCore::GstVideoFrameHolder::GstVideoFrameHolder):
1672         Receive and use extra flags for the TextureMapper.
1673         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
1674         (WebCore::MediaPlayerPrivateGStreamerBase::naturalSize):
1675         When using accelerated compositing, transpose the video size if the rotation is 90 or 270 degrees.
1676         (WebCore::MediaPlayerPrivateGStreamerBase::pushTextureToCompositor):
1677         Add rotation flag to frame holder and layer buffer.
1678         (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
1679         Use rotation flag when requesting the TextureMapper to draw.
1680         (WebCore::MediaPlayerPrivateGStreamerBase::setVideoSourceRotation):
1681         Function to store the video rotation.
1682         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
1683         Add bits to store the video rotation.
1684         * platform/graphics/texmap/TextureMapperGL.cpp:
1685         (WebCore::TextureMapperGL::drawTexturedQuadWithProgram):
1686         Modify the patternTransform according to the rotation flag passed.
1687         * platform/graphics/texmap/TextureMapperGL.h:
1688         Add new flags to handle the video souce rotation.
1689         * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.cpp:
1690         (WebCore::TextureMapperPlatformLayerBuffer::paintToTextureMapper):
1691         Change the drawTexture method used so custom flags can be passed.
1692         * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h:
1693         (WebCore::TextureMapperPlatformLayerBuffer::setExtraFlags):
1694         New method to set TextureMapper flags.
1695
1696 2016-06-20  Frederic Wang  <fwang@igalia.com>
1697
1698         Use the MathOperator to handle some non-stretchy operators
1699         https://bugs.webkit.org/show_bug.cgi?id=157519
1700
1701         Reviewed by Brent Fulgham.
1702
1703         To prepare for the removal of anonymous text node from the render classes of token elements
1704         we use MathOperator to handle two cases where the actual text to display may not be
1705         available in the DOM: mfenced and minus operators. This change removes support for the
1706         case of mfenced operators with multiple characters since that it is not supported by
1707         MathOperator. It is a edge case that is not used in practice since fences and separators are
1708         only made of a single character. However, it would still be possible to duplicate some
1709         code/logic to add it back if that turns out to be necessary.
1710
1711         No new tests, already covered by existing tests.
1712
1713         * rendering/mathml/MathOperator.cpp:
1714         (WebCore::MathOperator::MathOperator): Rename UndefinedOperator.
1715         (WebCore::RenderMathMLOperator::firstLineBaseline): Improve rounding of ascent so that mfenced operators are correctly aligned.
1716         * rendering/mathml/MathOperator.h: Rename UndefinedOperator, since it can now be used to draw non-stretchy operators.
1717         (WebCore::MathOperator::isStretched): Deleted. This function is no longer used by RenderMathMLOperator.
1718         (WebCore::MathOperator::unstretch): Deleted. This function is no longer used by RenderMathMLOperator.
1719         * rendering/mathml/RenderMathMLOperator.cpp:
1720         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Use useMathOperator.
1721         (WebCore::RenderMathMLOperator::rebuildTokenContent): Set the MathOperator when useMathOperator() is true.
1722         When the operator is not likely to stretch we just leave its type as NormalOperator.
1723         (WebCore::RenderMathMLOperator::useMathOperator): Helper function to determine when MathOperator should be used.
1724         (WebCore::RenderMathMLOperator::firstLineBaseline): Use useMathOperator.
1725         (WebCore::RenderMathMLOperator::computeLogicalHeight): Ditto.
1726         (WebCore::RenderMathMLOperator::paint): Ditto.
1727         (WebCore::RenderMathMLOperator::paintChildren): Ditto.
1728         * rendering/mathml/RenderMathMLOperator.h: Declare useMathOperator.
1729
1730 2016-06-19  Gavin & Ellie Barraclough  <barraclough@apple.com>
1731
1732         Don't eagerly reify DOM Prototype properties
1733         https://bugs.webkit.org/show_bug.cgi?id=158557
1734
1735         Reviewed by Andreas Kling.
1736
1737         We were eagerly reifying these properties to avoid virtualizing getOwnPropertySlot,
1738         but since bug #158059 this does not require a method table call in any case.
1739         Eagerly reifying these values likely has some CPU and memory cost on page load.
1740
1741         * bindings/scripts/CodeGeneratorJS.pm:
1742         (GenerateImplementation):
1743             - should generate compressed index for hashtable,
1744               prototype object ClassInfo should contain static table,
1745               don't reifyStaticProperties for prototype objects.
1746         (GeneratePrototypeDeclaration):
1747             - Set HasStaticPropertyTable for DOM prototype objects.
1748         * bindings/scripts/test/JS/JSInterfaceName.cpp:
1749         (WebCore::JSInterfaceNamePrototype::JSInterfaceNamePrototype):
1750         (WebCore::JSInterfaceNamePrototype::finishCreation):
1751         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
1752         (WebCore::JSTestActiveDOMObjectPrototype::JSTestActiveDOMObjectPrototype):
1753         (WebCore::JSTestActiveDOMObjectPrototype::finishCreation):
1754         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
1755         (WebCore::JSTestClassWithJSBuiltinConstructorPrototype::JSTestClassWithJSBuiltinConstructorPrototype):
1756         (WebCore::JSTestClassWithJSBuiltinConstructorPrototype::finishCreation):
1757         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
1758         (WebCore::JSTestCustomConstructorWithNoInterfaceObjectPrototype::JSTestCustomConstructorWithNoInterfaceObjectPrototype):
1759         (WebCore::JSTestCustomConstructorWithNoInterfaceObjectPrototype::finishCreation):
1760         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
1761         (WebCore::JSTestCustomNamedGetterPrototype::JSTestCustomNamedGetterPrototype):
1762         (WebCore::JSTestCustomNamedGetterPrototype::finishCreation):
1763         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
1764         (WebCore::JSTestEventConstructorPrototype::JSTestEventConstructorPrototype):
1765         (WebCore::JSTestEventConstructorPrototype::finishCreation):
1766         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
1767         (WebCore::JSTestEventTargetPrototype::JSTestEventTargetPrototype):
1768         (WebCore::JSTestEventTargetPrototype::finishCreation):
1769         * bindings/scripts/test/JS/JSTestException.cpp:
1770         (WebCore::JSTestExceptionPrototype::JSTestExceptionPrototype):
1771         (WebCore::JSTestExceptionPrototype::finishCreation):
1772         * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
1773         (WebCore::JSTestGenerateIsReachablePrototype::JSTestGenerateIsReachablePrototype):
1774         (WebCore::JSTestGenerateIsReachablePrototype::finishCreation):
1775         * bindings/scripts/test/JS/JSTestInterface.cpp:
1776         (WebCore::JSTestInterfacePrototype::JSTestInterfacePrototype):
1777         (WebCore::JSTestInterfacePrototype::finishCreation):
1778         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
1779         (WebCore::JSTestJSBuiltinConstructorPrototype::JSTestJSBuiltinConstructorPrototype):
1780         (WebCore::JSTestJSBuiltinConstructorPrototype::finishCreation):
1781         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
1782         (WebCore::JSTestMediaQueryListListenerPrototype::JSTestMediaQueryListListenerPrototype):
1783         (WebCore::JSTestMediaQueryListListenerPrototype::finishCreation):
1784         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
1785         (WebCore::JSTestNamedConstructorPrototype::JSTestNamedConstructorPrototype):
1786         (WebCore::JSTestNamedConstructorPrototype::finishCreation):
1787         * bindings/scripts/test/JS/JSTestNode.cpp:
1788         (WebCore::JSTestNodePrototype::JSTestNodePrototype):
1789         (WebCore::JSTestNodePrototype::finishCreation):
1790         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
1791         (WebCore::JSTestNondeterministicPrototype::JSTestNondeterministicPrototype):
1792         (WebCore::JSTestNondeterministicPrototype::finishCreation):
1793         * bindings/scripts/test/JS/JSTestObj.cpp:
1794         (WebCore::JSTestObjPrototype::JSTestObjPrototype):
1795         (WebCore::JSTestObjPrototype::finishCreation):
1796         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
1797         (WebCore::JSTestOverloadedConstructorsPrototype::JSTestOverloadedConstructorsPrototype):
1798         (WebCore::JSTestOverloadedConstructorsPrototype::finishCreation):
1799         * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
1800         (WebCore::JSTestOverrideBuiltinsPrototype::JSTestOverrideBuiltinsPrototype):
1801         (WebCore::JSTestOverrideBuiltinsPrototype::finishCreation):
1802         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
1803         (WebCore::JSTestSerializedScriptValueInterfacePrototype::JSTestSerializedScriptValueInterfacePrototype):
1804         (WebCore::JSTestSerializedScriptValueInterfacePrototype::finishCreation):
1805         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
1806         (WebCore::JSTestTypedefsPrototype::JSTestTypedefsPrototype):
1807         (WebCore::JSTestTypedefsPrototype::finishCreation):
1808         * bindings/scripts/test/JS/JSattribute.cpp:
1809         (WebCore::JSattributePrototype::JSattributePrototype):
1810         (WebCore::JSattributePrototype::finishCreation):
1811         * bindings/scripts/test/JS/JSreadonly.cpp:
1812         (WebCore::JSreadonlyPrototype::JSreadonlyPrototype):
1813         (WebCore::JSreadonlyPrototype::finishCreation):
1814
1815 2016-06-20  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1816
1817         WebRTC: RTCIceCandidate init dictionary don't handle explicit null or undefined values correctly
1818         https://bugs.webkit.org/show_bug.cgi?id=158873
1819
1820         Reviewed by Alejandro G. Castro.
1821
1822         Prevent explicit null and undefined values from being converted to "null" and "undefined"
1823         strings.
1824
1825         Test: Extended fast/mediastream/RTCIceCandidate.html
1826
1827         * Modules/mediastream/RTCIceCandidate.cpp:
1828         (WebCore::RTCIceCandidate::create):
1829
1830 2016-06-20  Commit Queue  <commit-queue@webkit.org>
1831
1832         Unreviewed, rolling out r202252.
1833         https://bugs.webkit.org/show_bug.cgi?id=158974
1834
1835         See rdar://problem/26867866 for details (Requested by ap on
1836         #webkit).
1837
1838         Reverted changeset:
1839
1840         "Adopt commitPriority to get rid of the 2 AVPL solution for
1841         PiP"
1842         https://bugs.webkit.org/show_bug.cgi?id=158949
1843         http://trac.webkit.org/changeset/202252
1844
1845 2016-06-20  Commit Queue  <commit-queue@webkit.org>
1846
1847         Unreviewed, rolling out r202243.
1848         https://bugs.webkit.org/show_bug.cgi?id=158972
1849
1850         Broke Windows build and iOS tests (Requested by ap on
1851         #webkit).
1852
1853         Reverted changeset:
1854
1855         "Focus event dispatched in iframe causes parent document to
1856         scroll incorrectly"
1857         https://bugs.webkit.org/show_bug.cgi?id=158629
1858         http://trac.webkit.org/changeset/202243
1859
1860 2016-06-20  Chris Dumez  <cdumez@apple.com>
1861
1862         Simplify / Optimize DataDetector's searchForLinkRemovingExistingDDLinks()
1863         https://bugs.webkit.org/show_bug.cgi?id=158968
1864
1865         Reviewed by Ryosuke Niwa.
1866
1867         Simplify / Optimize DataDetector's searchForLinkRemovingExistingDDLinks():
1868         - Use modern ancestorsOfType<HTMLAnchorElement>() to traverse anchor ancestors
1869           instead of traversing by hand.
1870         - Use NodeTraversal::next() to traverse the tree until we find endNode and
1871           use a for loop instead of a while loop. Previously, the logic the determine
1872           the next node was at the end of the loop and was identical behavior-wise
1873           to NodeTraversal::next(). However, the previous code for a lot less efficient
1874           because it was calling Node::childNodes() to get a NodeList of the children,
1875           then calling length() on it to check if we had children and finally use
1876           the first item in the list as next node. This was very inefficient because
1877           NodeList::length() would need to traverse all children to figure out the
1878           length and would cache all the children in a Vector in CollectionIndexCache.
1879
1880         * dom/ElementAncestorIterator.h:
1881         (WebCore::ancestorsOfType):
1882         * dom/ElementIterator.h:
1883         (WebCore::findElementAncestorOfType):
1884         (WebCore::findElementAncestorOfType<Element>):
1885         Update ancestorsOfType() to take a Node instead of an Element. There are no
1886         performance benefits to taking an Element here and it is a valid use case to
1887         want an Element ancestor of a non-Element node.
1888
1889         * editing/cocoa/DataDetection.mm:
1890         (WebCore::searchForLinkRemovingExistingDDLinks):
1891         (WebCore::dataDetectorTypeForCategory): Deleted.
1892
1893 2016-06-20  Commit Queue  <commit-queue@webkit.org>
1894
1895         Unreviewed, rolling out r202248.
1896         https://bugs.webkit.org/show_bug.cgi?id=158960
1897
1898         breaks builds on the simulator (Requested by keith_mi_ on
1899         #webkit).
1900
1901         Reverted changeset:
1902
1903         "It should be easy to add a private global helper function for
1904         builtins"
1905         https://bugs.webkit.org/show_bug.cgi?id=158893
1906         http://trac.webkit.org/changeset/202248
1907
1908 2016-06-20  Jeremy Jones  <jeremyj@apple.com>
1909
1910         Adopt commitPriority to get rid of the 2 AVPL solution for PiP
1911         https://bugs.webkit.org/show_bug.cgi?id=158949
1912         rdar://problem/26867866
1913
1914         Reviewed by Simon Fraser.
1915
1916         No new tests because there is no behavior change. This reverts changes from 
1917         https://bugs.webkit.org/show_bug.cgi?id=158148 and instead uses -[CAContext commitPriority:]
1918         to prevent flicker when moving a layer between contexts. 
1919         commitPriority allows the layer to be added to the destination context before it is 
1920         removed from the source context.
1921
1922         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: remove m_secondaryVideoLayer.
1923         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: ditto
1924         (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenGravity): ditto.
1925         (WebCore::MediaPlayerPrivateAVFoundationObjC::syncTextTrackBounds): ditto.
1926         (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer): ditto.
1927         (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoLayerGravity): ditto.
1928         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: ditto
1929         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): ditto
1930         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: ditto
1931         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers):ditto
1932         * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h: ditto
1933         * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm: ditto
1934         (WebCore::VideoFullscreenLayerManager::setVideoLayer): ditto
1935         (WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer): ditto and adopt commitPriority.
1936         (WebCore::VideoFullscreenLayerManager::setVideoFullscreenFrame): ditto
1937         (WebCore::VideoFullscreenLayerManager::setVideoLayers): Deleted. 
1938         (WebCore::VideoFullscreenLayerManager::didDestroyVideoLayer): remove m_secondaryVideoLayer.
1939         * platform/spi/cocoa/QuartzCoreSPI.h: Add commitPriority.
1940
1941 2016-06-20  Zalan Bujtas  <zalan@apple.com>
1942
1943         Set the end position on the placeholder BidiRun properly.
1944         https://bugs.webkit.org/show_bug.cgi?id=158958
1945
1946         Reviewed by Myles C. Maxfield.
1947         rdar://problem/26609266
1948
1949         The second paramenter for BidiRun indicates the end position and not the length of the run.
1950         This was regressed at r102875 where only the start position was changed from 0 to pos.
1951
1952         Test: fast/text/international/bidi-style-in-isolate-crash.html
1953
1954         * rendering/InlineIterator.h:
1955         (WebCore::addPlaceholderRunForIsolatedInline):
1956
1957 2016-06-20  Fujii Hironori  <Hironori.Fujii@sony.com>
1958
1959         A composition underline is placed to wrong position in RTL
1960         https://bugs.webkit.org/show_bug.cgi?id=158602
1961
1962         Reviewed by Myles C. Maxfield.
1963
1964         InlineTextBox::paintCompositionUnderline does not take RTL into
1965         account.  The position of composition underline should be
1966         mirrored in RTL.
1967
1968         Test: editing/input/composition-underline-rtl.html
1969
1970         * rendering/InlineTextBox.cpp:
1971         (WebCore::mirrorRTLSegment): New helper function to convert RTL start position to LTR.
1972         (WebCore::InlineTextBox::paintDecoration): Use mirrorRTLSegment.
1973         (WebCore::InlineTextBox::paintCompositionUnderline): Ditto.
1974
1975 2016-06-20  Keith Miller  <keith_miller@apple.com>
1976
1977         It should be easy to add a private global helper function for builtins
1978         https://bugs.webkit.org/show_bug.cgi?id=158893
1979
1980         Reviewed by Mark Lam.
1981
1982         Add JSCJSValueInlines.h to fix build issues.
1983
1984         * platform/mock/mediasource/MockBox.cpp:
1985
1986 2016-06-20  Benjamin Poulain  <benjamin@webkit.org>
1987
1988         :default CSS pseudo-class should match checkboxes+radios with a `checked` attribute
1989         https://bugs.webkit.org/show_bug.cgi?id=156230
1990
1991         Reviewed by Alex Christensen.
1992
1993         This patch update the :default pseudo class matching to be closer to the spec:
1994         https://html.spec.whatwg.org/multipage/scripting.html#selector-default
1995
1996         The main remaining difference with the spec is the definition of "default button".
1997         This is an unrelated problem that should be addressed separately.
1998
1999         The implementation was missing support for:
2000         -input elements of type "checkbox" or "radio" with the "checked" attribute defined.
2001         -option elements with the "selected" attribute defined.
2002
2003         The existing support for default button was pretty bad, I fixed that too.
2004         The owner form now has a resetDefaultButton() API. When a Form Associated Element
2005         becomes a submit button or loses that property, the element calls its form
2006         to update the style as needed.
2007
2008         Whenever the submit button changes, 2 elements needs to have their style invalidated:
2009         -The former default button.
2010         -The new default button.
2011         To invalidate the former button, FormElement now caches the computed
2012         default button. When the default button changes, the cached value is invalidated
2013         in addition to the new value.
2014
2015         Computing the new default button takes linear time in the number of form associated element.
2016         To mitigate that, resetDefaultButton() is only called when changes are related
2017         to submit buttons. Since those changes are rare, I don't expect the invalidation
2018         to be a problem.
2019
2020         Tests: fast/css/pseudo-default-basics.html
2021                fast/selectors/default-style-update.html
2022
2023         * css/SelectorChecker.cpp:
2024         (WebCore::SelectorChecker::checkOne):
2025         * css/SelectorCheckerTestFunctions.h:
2026         (WebCore::matchesDefaultPseudoClass):
2027         (WebCore::isDefaultButtonForForm): Deleted.
2028         * cssjit/SelectorCompiler.cpp:
2029         (WebCore::SelectorCompiler::addPseudoClassType):
2030         * dom/Element.cpp:
2031         (WebCore::Element::matchesValidPseudoClass):
2032         (WebCore::Element::matchesInvalidPseudoClass):
2033         (WebCore::Element::matchesDefaultPseudoClass):
2034         * dom/Element.h:
2035         (WebCore::Element::matchesValidPseudoClass): Deleted.
2036         (WebCore::Element::matchesInvalidPseudoClass): Deleted.
2037         (WebCore::Element::isDefaultButtonForForm): Deleted.
2038         * html/HTMLButtonElement.cpp:
2039         (WebCore::HTMLButtonElement::parseAttribute):
2040         (WebCore::HTMLButtonElement::matchesDefaultPseudoClass):
2041         * html/HTMLButtonElement.h:
2042         * html/HTMLFormControlElement.cpp:
2043         (WebCore::HTMLFormControlElement::isDefaultButtonForForm): Deleted.
2044         * html/HTMLFormControlElement.h:
2045         * html/HTMLFormElement.cpp:
2046         (WebCore::HTMLFormElement::~HTMLFormElement):
2047         (WebCore::HTMLFormElement::registerFormElement):
2048         (WebCore::HTMLFormElement::removeFormElement):
2049         (WebCore::HTMLFormElement::defaultButton):
2050         (WebCore::HTMLFormElement::resetDefaultButton):
2051         * html/HTMLFormElement.h:
2052         * html/HTMLInputElement.cpp:
2053         (WebCore::HTMLInputElement::updateType):
2054         (WebCore::HTMLInputElement::parseAttribute):
2055         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
2056         * html/HTMLInputElement.h:
2057         * html/HTMLOptionElement.cpp:
2058         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
2059         (WebCore::HTMLOptionElement::parseAttribute):
2060         * html/HTMLOptionElement.h:
2061         * style/StyleSharingResolver.cpp:
2062         (WebCore::Style::SharingResolver::canShareStyleWithElement):
2063         (WebCore::Style::canShareStyleWithControl): Deleted.
2064
2065 2016-06-20  Simon Fraser  <simon.fraser@apple.com>
2066
2067         Focus event dispatched in iframe causes parent document to scroll incorrectly
2068         https://bugs.webkit.org/show_bug.cgi?id=158629
2069         rdar://problem/26521616
2070
2071         Reviewed by Tim Horton.
2072
2073         When focussing elements in iframes, the page could scroll to an incorrect location.
2074         This happened because code in Element::focus() tried to disable scrolling on focus,
2075         but did so only for the current frame, so ancestor frames got programmatically scrolled.
2076         On iOS we handle the scrolling in the UI process, so never want the web process to
2077         do programmatic scrolling.
2078
2079         Fix by changing the focus and cache restore code to use SelectionRevealMode::DoNotReveal,
2080         rather than manually prohibiting frame scrolling. Pass SelectionRevealMode through various callers,
2081         and use RevealUpToMainFrame for iOS, allowing the UI process to do the zoomToRect: for the main frame.
2082
2083         Tests: fast/forms/ios/focus-input-in-iframe.html
2084                fast/forms/ios/programmatic-focus-input-in-iframe.html
2085
2086         * dom/Document.h:
2087         * dom/Element.cpp:
2088         (WebCore::Element::scrollIntoView):
2089         (WebCore::Element::scrollIntoViewIfNeeded):
2090         (WebCore::Element::scrollIntoViewIfNotVisible):
2091         (WebCore::Element::focus):
2092         (WebCore::Element::updateFocusAppearance):
2093         * dom/Element.h:
2094         * editing/Editor.cpp:
2095         (WebCore::Editor::insertTextWithoutSendingTextEvent):
2096         (WebCore::Editor::revealSelectionAfterEditingOperation):
2097         (WebCore::Editor::findStringAndScrollToVisible):
2098         * editing/FrameSelection.cpp:
2099         (WebCore::FrameSelection::updateAndRevealSelection):
2100         (WebCore::FrameSelection::revealSelection):
2101         (WebCore::FrameSelection::FrameSelection): Deleted.
2102         * editing/FrameSelection.h:
2103         * html/HTMLInputElement.cpp:
2104         (WebCore::HTMLInputElement::updateFocusAppearance):
2105         * html/HTMLTextAreaElement.cpp:
2106         (WebCore::HTMLTextAreaElement::updateFocusAppearance):
2107         * page/ContextMenuController.cpp:
2108         (WebCore::ContextMenuController::contextMenuItemSelected):
2109         * page/FrameView.cpp:
2110         (WebCore::FrameView::scrollToAnchor):
2111         * rendering/RenderLayer.cpp:
2112         (WebCore::RenderLayer::scrollRectToVisible):
2113         (WebCore::RenderLayer::autoscroll):
2114         * rendering/RenderLayer.h:
2115         * rendering/RenderObject.cpp:
2116         (WebCore::RenderObject::scrollRectToVisible):
2117         * rendering/RenderObject.h:
2118
2119 2016-06-20  Keith Rollin  <krollin@apple.com>
2120
2121         Remove RefPtr::release() and change calls sites to use WTFMove()
2122         https://bugs.webkit.org/show_bug.cgi?id=158369
2123
2124         Reviewed by Chris Dumez.
2125
2126         RefPtr::release() releases its managed pointer awkwardly. It's more
2127         direct and clearer to use WTFMove to transfer ownership of the managed
2128         pointer.
2129
2130         As part of this cleanup, also change a lot of explicit data types to
2131         'auto'.
2132
2133         No new tests: there's no new functionality, just a refactoring of
2134         existing code.
2135
2136         * Modules/mediasource/SourceBuffer.cpp:
2137         (WebCore::removeSamplesFromTrackBuffer):
2138         (WebCore::SourceBuffer::provideMediaData):
2139         * Modules/mediastream/UserMediaRequest.cpp:
2140         (WebCore::UserMediaRequest::start):
2141         * Modules/webdatabase/SQLCallbackWrapper.h:
2142         (WebCore::SQLCallbackWrapper::clear):
2143         * bindings/js/JSDOMWindowCustom.cpp:
2144         (WebCore::handlePostMessage):
2145         * bindings/js/JSHistoryCustom.cpp:
2146         (WebCore::JSHistory::pushState):
2147         (WebCore::JSHistory::replaceState):
2148         * bindings/js/JSMessagePortCustom.h:
2149         (WebCore::handlePostMessage):
2150         * bindings/js/ScriptControllerMac.mm:
2151         (WebCore::ScriptController::createScriptInstanceForWidget):
2152         * bindings/js/SerializedScriptValue.cpp:
2153         (WebCore::CloneDeserializer::readTerminal):
2154         * css/CSSComputedStyleDeclaration.cpp:
2155         (WebCore::ComputedStyleExtractor::copyPropertiesInSet):
2156         * css/SVGCSSParser.cpp:
2157         (WebCore::CSSParser::parseSVGValue):
2158         * css/StyleBuilderConverter.h:
2159         (WebCore::StyleBuilderConverter::convertShapeValue):
2160         * css/StyleProperties.cpp:
2161         (WebCore::StyleProperties::copyPropertiesInSet):
2162         * css/StyleResolver.cpp:
2163         (WebCore::StyleResolver::loadPendingImages):
2164         * dom/InlineStyleSheetOwner.cpp:
2165         (WebCore::InlineStyleSheetOwner::clearSheet):
2166         * editing/ApplyStyleCommand.cpp:
2167         (WebCore::ApplyStyleCommand::applyInlineStyleToNodeRange):
2168         * editing/CompositeEditCommand.cpp:
2169         (WebCore::CompositeEditCommand::removeChildrenInRange):
2170         (WebCore::CompositeEditCommand::removeNodeAndPruneAncestors):
2171         (WebCore::CompositeEditCommand::prune):
2172         (WebCore::CompositeEditCommand::replaceSelectedTextInNode):
2173         (WebCore::CompositeEditCommand::rebalanceWhitespaceOnTextSubstring):
2174         * editing/CreateLinkCommand.cpp:
2175         (WebCore::CreateLinkCommand::doApply):
2176         * editing/EditingStyle.cpp:
2177         (WebCore::EditingStyle::mergeStyle):
2178         (WebCore::EditingStyle::mergeStyleFromRulesForSerialization):
2179         * editing/Editor.cpp:
2180         (WebCore::ClearTextCommand::CreateAndApply):
2181         (WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges):
2182         * editing/EditorCommand.cpp:
2183         (WebCore::executeInsertNode):
2184         * editing/InsertTextCommand.cpp:
2185         (WebCore::InsertTextCommand::performOverwrite):
2186         (WebCore::InsertTextCommand::insertTab):
2187         * editing/RemoveNodePreservingChildrenCommand.cpp:
2188         (WebCore::RemoveNodePreservingChildrenCommand::doApply):
2189         * editing/ReplaceSelectionCommand.cpp:
2190         (WebCore::ReplacementFragment::removeNodePreservingChildren):
2191         (WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor):
2192         * html/FTPDirectoryDocument.cpp:
2193         (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
2194         * html/HTMLFontElement.cpp:
2195         (WebCore::HTMLFontElement::collectStyleForPresentationAttribute):
2196         * html/HTMLFormElement.cpp:
2197         (WebCore::HTMLFormElement::prepareForSubmission):
2198         * html/HTMLTableElement.cpp:
2199         (WebCore::leakBorderStyle):
2200         (WebCore::leakGroupBorderStyle):
2201         * html/parser/HTMLDocumentParser.cpp:
2202         (WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder):
2203         * html/track/InbandDataTextTrack.cpp:
2204         (WebCore::InbandDataTextTrack::addDataCue):
2205         * html/track/InbandGenericTextTrack.cpp:
2206         (WebCore::InbandGenericTextTrack::newCuesParsed):
2207         * html/track/InbandWebVTTTextTrack.cpp:
2208         (WebCore::InbandWebVTTTextTrack::newCuesParsed):
2209         * html/track/TextTrackCueList.cpp:
2210         (WebCore::TextTrackCueList::add):
2211         * inspector/InspectorCSSAgent.cpp:
2212         (WebCore::InspectorCSSAgent::getInlineStylesForNode):
2213         * inspector/InspectorDOMAgent.cpp:
2214         (WebCore::InspectorDOMAgent::pushChildNodesToFrontend):
2215         * inspector/InspectorIndexedDBAgent.cpp:
2216         * inspector/InspectorNetworkAgent.cpp:
2217         (WebCore::InspectorNetworkAgent::loadResource):
2218         * inspector/InspectorStyleSheet.cpp:
2219         (WebCore::InspectorStyleSheet::buildObjectForSelectorList):
2220         * loader/FormSubmission.cpp:
2221         (WebCore::FormSubmission::create):
2222         * loader/FrameLoader.cpp:
2223         (WebCore::FrameLoader::loadURLIntoChildFrame):
2224         (WebCore::FrameLoader::loadURL):
2225         (WebCore::FrameLoader::loadPostRequest):
2226         * loader/ProgressTracker.cpp:
2227         (WebCore::ProgressTracker::finalProgressComplete):
2228         * loader/appcache/ApplicationCacheGroup.cpp:
2229         (WebCore::ApplicationCacheGroup::disassociateDocumentLoader):
2230         (WebCore::ApplicationCacheGroup::didFinishLoading):
2231         (WebCore::ApplicationCacheGroup::checkIfLoadIsComplete):
2232         * loader/appcache/ApplicationCacheStorage.cpp:
2233         (WebCore::ApplicationCacheStorage::loadCacheGroup):
2234         (WebCore::ApplicationCacheStorage::cacheGroupForURL):
2235         (WebCore::ApplicationCacheStorage::fallbackCacheGroupForURL):
2236         (WebCore::ApplicationCacheStorage::loadCache):
2237         * loader/archive/ArchiveResourceCollection.cpp:
2238         (WebCore::ArchiveResourceCollection::popSubframeArchive):
2239         * loader/archive/cf/LegacyWebArchive.cpp:
2240         (WebCore::LegacyWebArchive::extract):
2241         (WebCore::LegacyWebArchive::create):
2242         (WebCore::LegacyWebArchive::createFromSelection):
2243         * loader/cache/CachedImage.cpp:
2244         (WebCore::CachedImage::createImage):
2245         * loader/icon/IconDatabase.cpp:
2246         (WebCore::IconDatabase::setIconDataForIconURL):
2247         (WebCore::IconDatabase::getOrCreateIconRecord):
2248         (WebCore::IconDatabase::readFromDatabase):
2249         (WebCore::IconDatabase::getImageDataForIconURLFromSQLDatabase):
2250         * page/DOMWindow.cpp:
2251         (WebCore::DOMWindow::sessionStorage):
2252         (WebCore::DOMWindow::localStorage):
2253         * page/EventHandler.cpp:
2254         (WebCore::EventHandler::updateDragAndDrop):
2255         * page/animation/CompositeAnimation.cpp:
2256         (WebCore::CompositeAnimation::updateTransitions):
2257         * page/csp/ContentSecurityPolicy.cpp:
2258         (WebCore::ContentSecurityPolicy::reportViolation):
2259         * page/mac/ServicesOverlayController.mm:
2260         (WebCore::ServicesOverlayController::createOverlayIfNeeded):
2261         (WebCore::ServicesOverlayController::determineActiveHighlight):
2262         * page/scrolling/AsyncScrollingCoordinator.h:
2263         (WebCore::AsyncScrollingCoordinator::releaseScrollingTree):
2264         * page/scrolling/ScrollingStateNode.cpp:
2265         (WebCore::ScrollingStateNode::cloneAndReset):
2266         * page/scrolling/ScrollingStateTree.cpp:
2267         (WebCore::ScrollingStateTree::attachNode):
2268         * platform/audio/HRTFElevation.cpp:
2269         (WebCore::getConcatenatedImpulseResponsesForSubject):
2270         * platform/graphics/DisplayRefreshMonitorManager.cpp:
2271         (WebCore::DisplayRefreshMonitorManager::createMonitorForClient):
2272         * platform/graphics/FontCascadeFonts.cpp:
2273         (WebCore::FontCascadeFonts::glyphDataForSystemFallback):
2274         * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
2275         (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings):
2276         * platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm:
2277         (WebCore::MediaSelectionGroupAVFObjC::updateOptions):
2278         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
2279         (WebCore::SourceBufferPrivateAVFObjC::processCodedFrame):
2280         * platform/graphics/ca/GraphicsLayerCA.cpp:
2281         * platform/graphics/ca/PlatformCALayer.cpp:
2282         (WebCore::PlatformCALayer::createCompatibleLayerOrTakeFromPool):
2283         * platform/graphics/cg/ImageBufferDataCG.cpp:
2284         (WebCore::ImageBufferData::getData):
2285         * platform/graphics/filters/FilterEffect.cpp:
2286         (WebCore::FilterEffect::asUnmultipliedImage):
2287         (WebCore::FilterEffect::asPremultipliedImage):
2288         * platform/graphics/mac/ImageMac.mm:
2289         (WebCore::Image::loadPlatformResource):
2290         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
2291         (WebCore::GraphicsContext3D::createForCurrentGLContext):
2292         (WebCore::GraphicsContext3D::paintRenderingResultsToImageData):
2293         * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
2294         (WebCore::RealtimeMediaSourceCenterMac::createMediaStream):
2295         * platform/mock/MockRealtimeMediaSourceCenter.cpp:
2296         (WebCore::MockRealtimeMediaSourceCenter::validateRequestConstraints):
2297         (WebCore::MockRealtimeMediaSourceCenter::createMediaStream):
2298         * platform/network/BlobRegistryImpl.cpp:
2299         (WebCore::BlobRegistryImpl::registerBlobURL):
2300         (WebCore::BlobRegistryImpl::registerBlobURLForSlice):
2301         * platform/network/ResourceHandle.cpp:
2302         (WebCore::ResourceHandle::create):
2303         * platform/network/cf/FormDataStreamCFNet.cpp:
2304         (WebCore::formCreate):
2305         * platform/text/BidiContext.cpp:
2306         (WebCore::BidiContext::copyStackRemovingUnicodeEmbeddingContexts):
2307         * rendering/FilterEffectRenderer.cpp:
2308         (WebCore::FilterEffectRenderer::build):
2309         * rendering/RenderLayer.cpp:
2310         (WebCore::RenderLayer::createScrollbar):
2311         * rendering/RenderListBox.cpp:
2312         (WebCore::RenderListBox::createScrollbar):
2313         * rendering/RenderMenuList.cpp:
2314         (RenderMenuList::createScrollbar):
2315         * rendering/RenderSearchField.cpp:
2316         (WebCore::RenderSearchField::createScrollbar):
2317         * replay/ReplayController.cpp:
2318         (WebCore::ReplayController::unloadSegment):
2319         * svg/SVGFEDiffuseLightingElement.cpp:
2320         (WebCore::SVGFEDiffuseLightingElement::build):
2321         * svg/SVGFESpecularLightingElement.cpp:
2322         (WebCore::SVGFESpecularLightingElement::build):
2323         * svg/properties/SVGListProperty.h:
2324         (WebCore::SVGListProperty::getItemValuesAndWrappers):
2325         (WebCore::SVGListProperty::insertItemBeforeValuesAndWrappers):
2326         (WebCore::SVGListProperty::removeItemValuesAndWrappers):
2327         * workers/WorkerThread.cpp:
2328         (WebCore::WorkerThread::workerThread):
2329         * xml/XMLHttpRequest.cpp:
2330         (WebCore::XMLHttpRequest::internalAbort):
2331         * xml/XPathStep.cpp:
2332         (WebCore::XPath::Step::nodesInAxis):
2333
2334 2016-06-20  Eric Carlson  <eric.carlson@apple.com>
2335
2336         Crash in PlatformMediaSession::clientWillPausePlayback
2337         https://bugs.webkit.org/show_bug.cgi?id=158953
2338         <rdar://problem/26121125>
2339
2340         Reviewed by Jer Noble.
2341
2342         No new tests, I have not been able to reproduce this in a test.
2343
2344         * html/HTMLMediaElement.cpp:
2345         (WebCore::HTMLMediaElement::stop): Ref the element before calling stopWithoutDestroyingMediaPlayer
2346           because updatePlaybackControlsManager can release the last reference and cause the
2347           destructor to be called.
2348         (WebCore::HTMLMediaElement::suspend): Ditto.
2349
2350 2016-06-20  Alex Christensen  <achristensen@webkit.org>
2351
2352         Clean up ResourceResponseBase after r201943
2353         https://bugs.webkit.org/show_bug.cgi?id=158706
2354
2355         Reviewed by Michael Catanzaro.
2356
2357         * platform/network/ResourceResponseBase.cpp:
2358         (WebCore::ResourceResponseBase::ResourceResponseBase):
2359         (WebCore::ResourceResponseBase::asResourceResponse): Deleted.
2360         * platform/network/ResourceResponseBase.h:
2361         (WebCore::ResourceResponseBase::platformCompare):
2362
2363 2016-06-20  Joseph Pecoraro  <pecoraro@apple.com>
2364
2365         Web Inspector: console.profile should use the new Sampling Profiler
2366         https://bugs.webkit.org/show_bug.cgi?id=153499
2367         <rdar://problem/24352431>
2368
2369         Reviewed by Timothy Hatcher.
2370
2371         Test: inspector/timeline/setInstruments-programmatic-capture.html
2372
2373         * inspector/InspectorTimelineAgent.cpp:
2374         (WebCore::InspectorTimelineAgent::startFromConsole):
2375         (WebCore::InspectorTimelineAgent::stopFromConsole):
2376         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
2377         (WebCore::InspectorTimelineAgent::startProgrammaticCapture):
2378         (WebCore::InspectorTimelineAgent::stopProgrammaticCapture):
2379         (WebCore::InspectorTimelineAgent::toggleInstruments):
2380         (WebCore::InspectorTimelineAgent::toggleScriptProfilerInstrument):
2381         (WebCore::InspectorTimelineAgent::toggleHeapInstrument):
2382         (WebCore::InspectorTimelineAgent::toggleMemoryInstrument):
2383         (WebCore::InspectorTimelineAgent::toggleTimelineInstrument):
2384         * inspector/InspectorTimelineAgent.h:
2385         Web implementation of console.profile/profileEnd.
2386         Make helpers for startings / stopping instruments.
2387
2388 2016-06-20  Andreas Kling  <akling@apple.com>
2389
2390         When navigating, discard decoded image data that is only live due to page cache.
2391         <https://webkit.org/b/158941>
2392
2393         Reviewed by Antti Koivisto.
2394
2395         A resource is "live" if it's currently in use by a web page, and "dead" if it's
2396         only kept alive by the memory cache.
2397
2398         This patch adds a mechanism that looks at CachedImage resources to see if all the
2399         clients that make them appear "live" are actually pages in the page cache.
2400
2401         If so, we let the "jettison expensive objects on top-level navigation" mechanism
2402         discard the decoded data for such half-live images. This can reduce the peak
2403         memory usage during navigations quite a bit.
2404
2405         * loader/FrameLoader.cpp:
2406         (WebCore::FrameLoader::commitProvisionalLoad): Move the call to MemoryPressureHandler
2407         before we add the outgoing page to the page cache. This allows the jettisoning code
2408         to make decisions based on which pages were cached *before* the navigation.
2409
2410         * loader/cache/CachedImageClient.h:
2411         (WebCore::CachedImageClient::inPageCache):
2412         * loader/ImageLoader.h:
2413         * loader/ImageLoader.cpp:
2414         (WebCore::ImageLoader::inPageCache):
2415         * rendering/RenderObject.h:
2416         (WebCore::RenderObject::inPageCache): Added a CachedImageClient::inPageCache() virtual
2417         to determine which clients are currently in page cache (answered by their Document.)
2418
2419         * loader/cache/CachedImage.h:
2420         * loader/cache/CachedImage.cpp:
2421         (WebCore::CachedImage::areAllClientsInPageCache): Walks all CachedImageClient clients
2422         and returns true if all of them are inPageCache().
2423
2424         * platform/MemoryPressureHandler.cpp:
2425         (WebCore::MemoryPressureHandler::jettisonExpensiveObjectsOnTopLevelNavigation):
2426         Walk all the known CachedImages and nuke decoded data for those that have some but
2427         are only considered live due to clients in the page cache.
2428
2429 2016-06-20  Chris Dumez  <cdumez@apple.com>
2430
2431         Unreviewed, fix post-landing review comment from Darin on r202188.
2432
2433         * platform/network/CacheValidation.cpp:
2434         (WebCore::parseCacheHeader):
2435
2436 2016-06-19  Antti Koivisto  <antti@apple.com>
2437
2438         Updating class name of a shadow host does not update the style applied by :host()
2439         https://bugs.webkit.org/show_bug.cgi?id=158900
2440         <rdar://problem/26883707>
2441
2442         Reviewed by Simon Fraser.
2443
2444         Test: fast/shadow-dom/shadow-host-style-update.html
2445
2446         Teach style invalidation optimization code about :host.
2447
2448         * style/AttributeChangeInvalidation.cpp:
2449         (WebCore::Style::mayBeAffectedByHostStyle):
2450         (WebCore::Style::AttributeChangeInvalidation::invalidateStyle):
2451         * style/ClassChangeInvalidation.cpp:
2452         (WebCore::Style::computeClassChange):
2453         (WebCore::Style::mayBeAffectedByHostStyle):
2454         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
2455         * style/IdChangeInvalidation.cpp:
2456         (WebCore::Style::mayBeAffectedByHostStyle):
2457         (WebCore::Style::IdChangeInvalidation::invalidateStyle):
2458
2459 2016-06-19  Gavin & Ellie Barraclough  <barraclough@apple.com>
2460
2461         Remove hasStaticPropertyTable (part 5: done!)
2462         https://bugs.webkit.org/show_bug.cgi?id=158431
2463
2464         Reviewed by Chris Dumez.
2465
2466         * bindings/scripts/CodeGeneratorJS.pm:
2467         (GenerateHeader):
2468             - remove hasStaticPropertyTable.
2469         * bindings/scripts/test/JS/JSInterfaceName.h:
2470         (WebCore::JSInterfaceName::create):
2471         * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
2472         (WebCore::JSTestActiveDOMObject::create):
2473         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
2474         (WebCore::JSTestClassWithJSBuiltinConstructor::create):
2475         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
2476         (WebCore::JSTestCustomConstructorWithNoInterfaceObject::create):
2477         * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
2478         (WebCore::JSTestCustomNamedGetter::create):
2479         * bindings/scripts/test/JS/JSTestEventConstructor.h:
2480         (WebCore::JSTestEventConstructor::create):
2481         * bindings/scripts/test/JS/JSTestEventTarget.h:
2482         (WebCore::JSTestEventTarget::create):
2483         * bindings/scripts/test/JS/JSTestException.h:
2484         (WebCore::JSTestException::create):
2485         * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
2486         (WebCore::JSTestGenerateIsReachable::create):
2487         * bindings/scripts/test/JS/JSTestGlobalObject.h:
2488         * bindings/scripts/test/JS/JSTestInterface.h:
2489         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h:
2490         (WebCore::JSTestJSBuiltinConstructor::create):
2491         * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
2492         (WebCore::JSTestMediaQueryListListener::create):
2493         * bindings/scripts/test/JS/JSTestNamedConstructor.h:
2494         (WebCore::JSTestNamedConstructor::create):
2495         * bindings/scripts/test/JS/JSTestNode.h:
2496         * bindings/scripts/test/JS/JSTestNondeterministic.h:
2497         (WebCore::JSTestNondeterministic::create):
2498         * bindings/scripts/test/JS/JSTestObj.h:
2499         (WebCore::JSTestObj::create):
2500         * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
2501         (WebCore::JSTestOverloadedConstructors::create):
2502         * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
2503         (WebCore::JSTestOverrideBuiltins::create):
2504         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
2505         (WebCore::JSTestSerializedScriptValueInterface::create):
2506         * bindings/scripts/test/JS/JSTestTypedefs.h:
2507         (WebCore::JSTestTypedefs::create):
2508         * bindings/scripts/test/JS/JSattribute.h:
2509         (WebCore::JSattribute::create):
2510         * bindings/scripts/test/JS/JSreadonly.h:
2511         (WebCore::JSreadonly::create):
2512
2513 2016-06-19  Youenn Fablet  <youenn.fablet@crf.canon.fr>
2514
2515         The JSBuiltinConstructor feature can't handle a JS interface extending an other JS interface
2516         https://bugs.webkit.org/show_bug.cgi?id=158834
2517
2518         Reviewed by Eric Carlson.
2519
2520         No change of behavior.
2521
2522         * bindings/scripts/CodeGeneratorJS.pm:
2523         (GenerateHeader): Explicitly setting DOMWrapped type definition from
2524         JSXX class deriving from another JSYY class.
2525         * bindings/scripts/test/JS/JSTestEventTarget.h: Rebased.
2526         * bindings/scripts/test/JS/JSTestNode.h: Ditto.
2527
2528 2016-06-18  Antti Koivisto  <antti@apple.com>
2529
2530         Use time literals in WebCore
2531         https://bugs.webkit.org/show_bug.cgi?id=158905
2532
2533         Reviewed by Andreas Kling.
2534
2535         std::chrono::milliseconds(1) -> 1ms etc.
2536
2537         * dom/Document.cpp:
2538         (WebCore::Document::minimumLayoutDelay):
2539         (WebCore::Document::elapsedTime):
2540         * fileapi/FileReader.cpp:
2541         (WebCore::FileReader::create):
2542         * inspector/InspectorOverlay.cpp:
2543         (WebCore::InspectorOverlay::showPaintRect):
2544         * loader/CrossOriginPreflightResultCache.cpp:
2545         (WebCore::CrossOriginPreflightResultCache::CrossOriginPreflightResultCache):
2546         * loader/ProgressTracker.cpp:
2547         (WebCore::ProgressTracker::progressStarted):
2548         * loader/cache/CachedResource.cpp:
2549         (WebCore::CachedResource::freshnessLifetime):
2550         * page/ChromeClient.h:
2551         * page/DOMTimer.cpp:
2552         (WebCore::DOMTimer::intervalClampedToMinimum):
2553         (WebCore::DOMTimer::alignedFireTime):
2554         * page/DOMTimer.h:
2555         * page/FrameView.cpp:
2556         (WebCore::FrameView::scrollPositionChanged):
2557         * page/ResourceUsageThread.cpp:
2558         (WebCore::ResourceUsageThread::threadBody):
2559         * page/Settings.cpp:
2560         (WebCore::Settings::Settings):
2561         * page/mac/ServicesOverlayController.mm:
2562         (WebCore::ServicesOverlayController::remainingTimeUntilHighlightShouldBeShown):
2563         * platform/graphics/FontCache.cpp:
2564         (WebCore::FontCache::fontForFamily):
2565         * platform/network/CacheValidation.cpp:
2566         (WebCore::computeCurrentAge):
2567         (WebCore::computeFreshnessLifetimeForHTTPFamily):
2568
2569 2016-06-17  Benjamin Poulain  <benjamin@webkit.org>
2570
2571         :indeterminate pseudo-class should match radios whose group has no checked radio
2572         https://bugs.webkit.org/show_bug.cgi?id=156270
2573
2574         Reviewed by Simon Fraser.
2575
2576         The pseudo-class ":indeterminate" is supposed to match radio buttons
2577         for which the entire group has no checked button.
2578         Spec: https://html.spec.whatwg.org/#pseudo-classes:selector-indeterminate
2579
2580         The change is straightforward with one non-obvious choice:
2581         I added matchesIndeterminatePseudoClass() in addition to shouldAppearIndeterminate().
2582
2583         The reason is shouldAppearIndeterminate() is used for styling and AX of elements
2584         with an indeterminate states (check boxes and progress element). There is no such
2585         UI for radio boxes.
2586         I could have extended shouldAppearIndeterminate() to radio box
2587         then filter out this case in RenderTheme. The problem is doing that would also requires
2588         changes to the repaint logic to match :indeterminate. It seemed overkill to me to
2589         change repaint() for a case that is never used in practice.
2590
2591         Tests: fast/css/pseudo-indeterminate-radio-buttons-basics.html
2592                fast/css/pseudo-indeterminate-with-radio-buttons-style-invalidation.html
2593                fast/selectors/detached-radio-button-checked-and-indeterminate-states.html
2594                fast/selectors/pseudo-indeterminate-with-radio-buttons-style-update.html
2595
2596         * css/SelectorCheckerTestFunctions.h:
2597         (WebCore::shouldAppearIndeterminate):
2598         * dom/Element.cpp:
2599         (WebCore::Element::matchesIndeterminatePseudoClass):
2600         * dom/Element.h:
2601         * dom/RadioButtonGroups.cpp:
2602         (WebCore::RadioButtonGroup::setCheckedButton):
2603         (WebCore::RadioButtonGroup::updateCheckedState):
2604         (WebCore::RadioButtonGroup::remove):
2605         (WebCore::RadioButtonGroup::setNeedsStyleRecalcForAllButtons):
2606         (WebCore::RadioButtonGroups::hasCheckedButton):
2607         * dom/RadioButtonGroups.h:
2608         * html/CheckboxInputType.cpp:
2609         (WebCore::CheckboxInputType::matchesIndeterminatePseudoClass):
2610         (WebCore::CheckboxInputType::shouldAppearIndeterminate):
2611         (WebCore::CheckboxInputType::supportsIndeterminateAppearance): Deleted.
2612         * html/CheckboxInputType.h:
2613         * html/HTMLInputElement.cpp:
2614         (WebCore::HTMLInputElement::setChecked):
2615         (WebCore::HTMLInputElement::matchesIndeterminatePseudoClass):
2616         (WebCore::HTMLInputElement::shouldAppearIndeterminate):
2617         (WebCore::HTMLInputElement::radioButtonGroups):
2618         * html/HTMLInputElement.h:
2619         * html/InputType.cpp:
2620         (WebCore::InputType::matchesIndeterminatePseudoClass):
2621         (WebCore::InputType::shouldAppearIndeterminate):
2622         (WebCore::InputType::supportsIndeterminateAppearance): Deleted.
2623         * html/InputType.h:
2624         * html/RadioInputType.cpp:
2625         (WebCore::RadioInputType::matchesIndeterminatePseudoClass):
2626         (WebCore::RadioInputType::willDispatchClick): Deleted.
2627         (WebCore::RadioInputType::didDispatchClick): Deleted.
2628         (WebCore::RadioInputType::supportsIndeterminateAppearance): Deleted.
2629         The iOS specific code is just plain wrong.
2630         It was changing the indeterminate state of the input element.
2631         The spec clearly says that state is only used by checkbox:
2632         https://html.spec.whatwg.org/#dom-input-indeterminate
2633
2634         Moreover, the style update would not change the indeterminate state
2635         of other buttons in the Button Group, which is just bizarre.
2636         RenderThemeIOS does not make use of any of this with the current style.
2637
2638         * html/RadioInputType.h:
2639         * style/StyleSharingResolver.cpp:
2640         (WebCore::Style::SharingResolver::canShareStyleWithElement):
2641         (WebCore::Style::canShareStyleWithControl): Deleted.
2642         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes): Deleted.
2643         Style sharing is unified behind the selector matching which is neat.
2644
2645 2016-06-17  Commit Queue  <commit-queue@webkit.org>
2646
2647         Unreviewed, rolling out r202152.
2648         https://bugs.webkit.org/show_bug.cgi?id=158897
2649
2650         The new test is very unstable, timing out frequently
2651         (Requested by ap on #webkit).
2652
2653         Reverted changeset:
2654
2655         "Web Inspector: console.profile should use the new Sampling
2656         Profiler"
2657         https://bugs.webkit.org/show_bug.cgi?id=153499
2658         http://trac.webkit.org/changeset/202152
2659
2660 2016-06-17  Commit Queue  <commit-queue@webkit.org>
2661
2662         Unreviewed, rolling out r202068, r202115, and r202128.
2663         https://bugs.webkit.org/show_bug.cgi?id=158896
2664
2665         The new test is very unstable, timing out frequently
2666         (Requested by ap on #webkit).
2667
2668         Reverted changesets:
2669
2670         "decompose4 return value is unchecked, leading to potentially
2671         uninitialized data."
2672         https://bugs.webkit.org/show_bug.cgi?id=158761
2673         http://trac.webkit.org/changeset/202068
2674
2675         "[mac] LayoutTest transforms/undecomposable.html is a flaky
2676         timeout"
2677         https://bugs.webkit.org/show_bug.cgi?id=158816
2678         http://trac.webkit.org/changeset/202115
2679
2680         "[mac] LayoutTest transforms/undecomposable.html is a flaky
2681         timeout"
2682         https://bugs.webkit.org/show_bug.cgi?id=158816
2683         http://trac.webkit.org/changeset/202128
2684
2685 2016-06-17  Chris Fleizach  <cfleizach@apple.com>
2686
2687         AX: HTML indeterminate IDL attribute not mapped to checkbox value=2 for native checkboxes
2688         https://bugs.webkit.org/show_bug.cgi?id=158876
2689         <rdar://problem/26842619>
2690
2691         Reviewed by Joanmarie Diggs.
2692
2693         The indeterminate state was not being reported for native checkboxes. 
2694
2695         Also the isIndeterminate() method was relying on whether the appearance changed, which does not happen on Mac, so that
2696         was not being reported correctly. Changed that to check the actual attribute.
2697
2698         Test: accessibility/checkbox-mixed-value.html
2699
2700         * accessibility/AccessibilityNodeObject.cpp:
2701         (WebCore::AccessibilityNodeObject::isIndeterminate):
2702         (WebCore::AccessibilityNodeObject::isPressed):
2703         (WebCore::AccessibilityNodeObject::checkboxOrRadioValue):
2704         * accessibility/AccessibilityObject.cpp:
2705         (WebCore::AccessibilityObject::checkboxOrRadioValue):
2706
2707 2016-06-17  Dean Jackson  <dino@apple.com>
2708
2709         REGRESSION (r199819): CrashTracer: [GraphicsContext3D::getInternalFramebufferSize
2710         https://bugs.webkit.org/show_bug.cgi?id=158895
2711         <rdar://problem/26423617>
2712
2713         Reviewed by Zalan Bujtas.
2714
2715         In r199819 we started resetting contexts if the page had too
2716         many. Unfortunately there were entry points in the WebGL context
2717         that didn't check for the validity of the object before trying
2718         to access the lower level objects.
2719
2720         Test: webgl/many-contexts-access-after-loss.html
2721
2722         * html/canvas/WebGLRenderingContextBase.cpp:
2723         (WebCore::WebGLRenderingContextBase::drawingBufferWidth): Return 0 if we're lost.
2724         (WebCore::WebGLRenderingContextBase::drawingBufferHeight): Ditto.
2725
2726 2016-06-17  Daniel Bates  <dabates@apple.com>
2727
2728         Unreviewed, rolling out r202186.
2729
2730         Broke the Apple Windows, Apple Yosemite, GTK, and WinCairo
2731         builds.
2732
2733         Reverted changeset:
2734
2735         "File scheme should not allow access of a resource on a
2736         different volume."
2737         https://bugs.webkit.org/show_bug.cgi?id=158552
2738         http://trac.webkit.org/changeset/202186
2739
2740 2016-06-17  Daniel Bates  <dabates@apple.com>
2741
2742         Unreviewed, rolling out r202187.
2743
2744         202186
2745
2746         Reverted changeset:
2747
2748         "Unreviewed clean-up after r202186."
2749         http://trac.webkit.org/changeset/202187
2750
2751 2016-06-17  Chris Dumez  <cdumez@apple.com>
2752
2753         Optimize parseCacheHeader() by using StringView
2754         https://bugs.webkit.org/show_bug.cgi?id=158891
2755
2756         Reviewed by Darin Adler.
2757
2758         Optimize parseCacheHeader() and avoid some temporary String allocations
2759         by using StringView. We now strip the whitespaces in the input string
2760         at the beginning of the function, at the same as as we strip the
2761         control characters. We are then able to leverage StringView in the
2762         rest of the function to get substrings without the need for extra
2763         String allocations.
2764
2765         * platform/network/CacheValidation.cpp:
2766         (WebCore::isControlCharacterOrSpace):
2767         (WebCore::trimToNextSeparator):
2768         (WebCore::parseCacheHeader):
2769
2770 2016-06-17  Brent Fulgham  <bfulgham@apple.com>
2771
2772         Unreviewed clean-up after r202186.
2773
2774         * platform/FileSystem.cpp:
2775         (WebCore::filesHaveSameVolume): Don't use C-style formatting.
2776
2777 2016-06-17  Pranjal Jumde  <pjumde@apple.com>
2778
2779         File scheme should not allow access of a resource on a different volume.
2780         https://bugs.webkit.org/show_bug.cgi?id=158552
2781         <rdar://problem/15307582>
2782
2783         Reviewed by Brent Fulgham.
2784
2785         Tests: Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm
2786
2787         * page/SecurityOrigin.cpp:
2788         (WebCore::SecurityOrigin::canDisplay):
2789         * platform/FileSystem.cpp:
2790         (WebCore::platformFileStat):
2791         (WebCore::filesHaveSameVolume):
2792         Returns true if the files are on the same volume
2793         * platform/FileSystem.h:
2794
2795 2016-06-17  Antoine Quint  <graouts@apple.com>
2796
2797         Web video playback controls should have RTL volume slider
2798         https://bugs.webkit.org/show_bug.cgi?id=158856
2799         <rdar://problem/25971769>
2800
2801         Reviewed by Tim Horton.
2802
2803         We reproduce the system used to propagate the page scale factor from the WebPage to the media controls to
2804         propagate the user interface layout direction.
2805
2806         The Page exposes a new setUserInterfaceLayoutDirection() method which is set by the WebPage. The Page
2807         then notifies the Document of a change, which propagates down to registered media elements, and finally sets
2808         the usesLTRUserInterfaceLayoutDirection property on the media controller object in the injected JavaScript.
2809         Based on the value of that property we toggle a new .uses-ltr-user-interface-layout-direction CSS class on the
2810         .volume-box which applies a translate to the right and flips the volume controls on the x axis.
2811
2812         Since we're setting a new JS property from HTMLMediaController, we refactor much of the code out of the existing
2813         pageScaleFactorChanged() and setPageScaleFactorProperty() into the new setControllerJSProperty() method so that
2814         can easily set a named JS property with a given JSValue.
2815
2816         For testing purposes, we expose the WebCore::Page::setUserInterfaceLayoutDirection() method through Internals.
2817
2818         Test: fullscreen/video-controls-rtl.html
2819
2820         * Modules/mediacontrols/mediaControlsApple.css:
2821         (video:-webkit-full-screen::-webkit-media-controls-panel .volume-box:not(.uses-ltr-user-interface-layout-direction)):
2822         * Modules/mediacontrols/mediaControlsApple.js:
2823         (Controller.prototype.set usesLTRUserInterfaceLayoutDirection):
2824         * WebCore.xcodeproj/project.pbxproj:
2825         * dom/Document.cpp:
2826         (WebCore::Document::registerForUserInterfaceLayoutDirectionChangedCallbacks):
2827         (WebCore::Document::unregisterForUserInterfaceLayoutDirectionChangedCallbacks):
2828         (WebCore::Document::userInterfaceLayoutDirectionChanged):
2829         * dom/Document.h:
2830         * html/HTMLMediaElement.cpp:
2831         (WebCore::HTMLMediaElement::registerWithDocument):
2832         (WebCore::HTMLMediaElement::unregisterWithDocument):
2833         (WebCore::HTMLMediaElement::updatePageScaleFactorJSProperty):
2834         (WebCore::HTMLMediaElement::updateUsesLTRUserInterfaceLayoutDirectionJSProperty):
2835         (WebCore::HTMLMediaElement::setControllerJSProperty):
2836         (WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
2837         (WebCore::HTMLMediaElement::pageScaleFactorChanged):
2838         (WebCore::HTMLMediaElement::userInterfaceLayoutDirectionChanged):
2839         (WebCore::setPageScaleFactorProperty): Deleted.
2840         * html/HTMLMediaElement.h:
2841         * page/Page.cpp:
2842         (WebCore::Page::setUserInterfaceLayoutDirection):
2843         * page/Page.h:
2844         (WebCore::Page::userInterfaceLayoutDirection):
2845         * platform/UserInterfaceLayoutDirection.h: Renamed from Source/WebKit2/UIProcess/UserInterfaceLayoutDirection.h.
2846         * testing/Internals.cpp:
2847         (WebCore::Internals::setUserInterfaceLayoutDirection):
2848         * testing/Internals.h:
2849         * testing/Internals.idl:
2850
2851 2016-06-17  Chris Dumez  <cdumez@apple.com>
2852
2853         TouchEvent should have a constructor
2854         https://bugs.webkit.org/show_bug.cgi?id=158883
2855         <rdar://problem/26063585>
2856
2857         Reviewed by Benjamin Poulain.
2858
2859         TouchEvent should have a constructor:
2860         - https://w3c.github.io/touch-events/#touchevent-interface
2861
2862         Chrome already ships this:
2863         - https://bugs.chromium.org/p/chromium/issues/detail?id=508675
2864
2865         Test: fast/events/touch/touch-event-constructor.html
2866
2867         * bindings/js/JSDictionary.cpp:
2868         (WebCore::JSDictionary::convertValue):
2869         * bindings/js/JSDictionary.h:
2870         * dom/TouchEvent.cpp:
2871         (WebCore::TouchEvent::TouchEvent):
2872         * dom/TouchEvent.h:
2873         * dom/TouchEvent.idl:
2874
2875 2016-06-17  Zalan Bujtas  <zalan@apple.com>
2876
2877         Potential null dereferencing on a detached positioned renderer.
2878         https://bugs.webkit.org/show_bug.cgi?id=158879
2879
2880         Reviewed by Simon Fraser.
2881
2882         This patch fixes the case when the while loop to search for the absolute positioned ancestor
2883         returns null (it happens when positioned renderer has been detached from the render tree).
2884
2885         Speculative fix.
2886
2887         * rendering/RenderBlock.cpp:
2888         (WebCore::RenderBlock::markFixedPositionObjectForLayoutIfNeeded):
2889         * rendering/RenderBlock.h:
2890
2891 2016-06-17  Chris Dumez  <cdumez@apple.com>
2892
2893         URL hash setter does not remove fragment identifier if argument is an empty string
2894         https://bugs.webkit.org/show_bug.cgi?id=158869
2895         <rdar://problem/26863430>
2896
2897         Reviewed by Darin Adler.
2898
2899         URL hash setter and URLUtils hash setter should remove the fragment identifier
2900         if set to "#" or "":
2901         - https://url.spec.whatwg.org/#dom-url-hash
2902         - https://html.spec.whatwg.org/multipage/semantics.html#dom-hyperlink-hash
2903
2904         This patch aligns our behavior with the specification and with other browsers
2905         (tested Firefox and Chrome).
2906
2907         This patch also updates HTMLAnchorElement to inherit URLUtils to avoid code
2908         duplication. HTMLAnchorElement already implements URLUtils in the IDL, as per
2909         the specification:
2910         - https://html.spec.whatwg.org/multipage/semantics.html#htmlanchorelement
2911
2912         No new tests, rebaselined existing tests.
2913
2914         * html/HTMLAnchorElement.cpp:
2915         (WebCore::HTMLAnchorElement::origin): Deleted.
2916         (WebCore::HTMLAnchorElement::text): Deleted.
2917         (WebCore::HTMLAnchorElement::setText): Deleted.
2918         (WebCore::HTMLAnchorElement::toString): Deleted.
2919         (WebCore::HTMLAnchorElement::isLiveLink): Deleted.
2920         (WebCore::HTMLAnchorElement::sendPings): Deleted.
2921         (WebCore::HTMLAnchorElement::handleClick): Deleted.
2922         (WebCore::HTMLAnchorElement::eventType): Deleted.
2923         (WebCore::HTMLAnchorElement::treatLinkAsLiveForEventType): Deleted.
2924         (WebCore::isEnterKeyKeydownEvent): Deleted.
2925         (WebCore::shouldProhibitLinks): Deleted.
2926         (WebCore::HTMLAnchorElement::willRespondToMouseClickEvents): Deleted.
2927         (WebCore::rootEditableElementMap): Deleted.
2928         (WebCore::HTMLAnchorElement::rootEditableElementForSelectionOnMouseDown): Deleted.
2929         (WebCore::HTMLAnchorElement::clearRootEditableElementForSelectionOnMouseDown): Deleted.
2930         (WebCore::HTMLAnchorElement::setRootEditableElementForSelectionOnMouseDown): Deleted.
2931         * html/HTMLAnchorElement.h:
2932         (WebCore::HTMLAnchorElement::invalidateCachedVisitedLinkHash): Deleted.
2933         * html/URLUtils.h:
2934         (WebCore::URLUtils<T>::setHash):
2935
2936 2016-06-17  John Wilander  <wilander@apple.com>
2937
2938         Ignore case in the check for security origin inheritance
2939         https://bugs.webkit.org/show_bug.cgi?id=158878
2940
2941         Reviewed by Alex Christensen.
2942
2943         Darin Adler commented in https://bugs.webkit.org/show_bug.cgi?id=158855:
2944         "Are these comparisons intentionally case sensitive? Shouldn’t they ignore ASCII 
2945         case? We could use equalIgnoringASCIICase and equalLettersIgnoringASCIICase for 
2946         those two lines instead of using ==. URL::parse normalizes letters in the scheme 
2947         and host by using toASCIILower, but does not normalize letters elsewhere in the 
2948         URL, such as in the "blank" or "srcdoc" in the above URLs."
2949
2950         Test: http/tests/dom/window-open-about-uppercase-blank-and-access-document.html
2951
2952         * platform/URL.cpp:
2953         (WebCore::URL::shouldInheritSecurityOriginFromOwner):
2954
2955 2016-06-17  Hyungwook Lee  <hyungwook.lee@navercorp.com>
2956
2957         Fix compilation errors when we enable DUMP_NODE_STATISTICS in Node.h
2958         https://bugs.webkit.org/show_bug.cgi?id=158868
2959
2960         Reviewed by Alex Christensen.
2961
2962         Fix compilation errors in Node.cpp when we enable DUMP_NODE_STATISTICS
2963
2964         * dom/Node.cpp:
2965         (WebCore::Node::dumpStatistics):
2966
2967 2016-06-17  Per Arne Vollan  <pvollan@apple.com>
2968
2969         [Win] Scrolling in popup menu scrolls past last entry.
2970         https://bugs.webkit.org/show_bug.cgi?id=158870
2971
2972         Reviewed by Brent Fulgham.
2973
2974         When the popup has a scrollbar, the content size is not equal to the popup window size.
2975   
2976         * platform/win/PopupMenuWin.cpp:
2977         (WebCore::PopupMenuWin::contentsSize):
2978
2979 2016-06-17  Frederic Wang  <fwang@igalia.com>
2980
2981         Refactor RenderMathMLRoot layout function to avoid using flexbox
2982         https://bugs.webkit.org/show_bug.cgi?id=153987
2983
2984         Reviewed by Brent Fulgham.
2985
2986         No new tests, already covered by existing tests.
2987         A case for RTL root has been added to roots.xhtml.
2988
2989         We reimplement RenderMathMLRoot without any flexbox or anonymous.
2990         The anonymous RenderMathMLRadicalOperator used to draw the radical sign is replaced with
2991         the MathOperator class introduced in bug 152244.
2992         msqrt (row of children under a square root) is now implemented directly in RenderMathMLRoot,
2993         so RenderMathMLSquareRoot is removed and RenderMathMLRoot now inherits from RenderMathMLRow.
2994
2995         * CMakeLists.txt: Remove files for RenderMathMLRadicalOperator and RenderMathMLSquareRoot.
2996         * WebCore.xcodeproj/project.pbxproj: ditto.
2997         * accessibility/AccessibilityRenderObject.cpp: Update code now that we do not use any
2998         radical wrappers.
2999         (WebCore::AccessibilityRenderObject::isMathRow): Now that RenderMathMLRoot inherits from
3000         RenderMathMLRow, we must exclude MathRoot or otherwise some accessibility code may treat
3001         roots as rows.
3002         (WebCore::AccessibilityRenderObject::mathRadicandObject): Return the first child for
3003         Root/SquareRoot or nullptr.
3004         (WebCore::AccessibilityRenderObject::mathRootIndexObject): Return the second child for
3005         Root and nullptr for SquareRoot.
3006         * mathml/MathMLInlineContainerElement.cpp:
3007         (WebCore::MathMLInlineContainerElement::childrenChanged): We no longer need a special case
3008         for msqrt, it is treated as a normal RenderMathMLRow.
3009         (WebCore::MathMLInlineContainerElement::createElementRenderer): Make msqrt create a
3010         RenderMathMLRoot object.
3011         * rendering/RenderObject.h:
3012         (WebCore::RenderObject::isRenderMathMLRadicalOperator): Deleted.
3013         * rendering/mathml/RenderMathMLBlock.cpp:
3014         (WebCore::RenderMathMLBlock::mirrorIfNeeded): New function to mirror a child horizontal
3015         offset according to the parent width.
3016         (WebCore::RenderMathMLBlock::renderName):
3017         * rendering/mathml/RenderMathMLBlock.h:
3018         (WebCore::RenderMathMLBlock::mirrorIfNeeded): Moved from RenderMathMLScripts, just forward
3019         call to the other mirrorIfNeeded function.
3020         * rendering/mathml/RenderMathMLOperator.cpp: We no longer need this trailingSpaceError hack.
3021         (WebCore::RenderMathMLOperator::trailingSpaceError): Deleted.
3022         * rendering/mathml/RenderMathMLOperator.h: ditto.
3023         * rendering/mathml/RenderMathMLRadicalOperator.cpp: Removed. The radical sign is now drawn
3024         with a MathOperator.
3025         * rendering/mathml/RenderMathMLRadicalOperator.h: Removed.
3026         * rendering/mathml/RenderMathMLRoot.cpp: Complete refactoring to avoid using flexbox and
3027         anonymous wrappers.
3028         (WebCore::RenderMathMLRoot::RenderMathMLRoot): Set m_kind parameters to distinguish between
3029         square root and general root and set the MathOperator member to draw the radical sign.
3030         (WebCore::RenderMathMLRoot::isValid): Helper function to verify whether the child list is valid.
3031         (WebCore::RenderMathMLRoot::getBase): Get the base of an mroot.
3032         (WebCore::RenderMathMLRoot::getIndex): Get the index of an mroot.
3033         (WebCore::RenderMathMLRoot::styleDidChange): Be sure to keep the style of the
3034         MathOperator in sync with ours ; no need to skip empty roots.
3035         (WebCore::RenderMathMLRoot::updateFromElement): Call the function from the new parent class ;
3036         no need to skip empty roots.
3037         (WebCore::RenderMathMLRoot::updateStyle): Remove the isEmpty ASSERT as it is valid to have
3038         empty square root. Set the m_kernBeforeDegree, m_kernBeforeDegree members.
3039         No need to set style for anonymous.
3040         (WebCore::RenderMathMLRoot::computePreferredLogicalWidths): Implement this function.
3041         (WebCore::RenderMathMLRoot::layoutBlock): Implement this function.
3042         (WebCore::RenderMathMLRoot::paintChildren): Implement this function.
3043         (WebCore::RenderMathMLRoot::paint): Remove the trailingSpaceError hack ;
3044         paint the radical sign via MathOperator::paint
3045         (WebCore::RenderMathMLRoot::baseWrapper): Deleted.
3046         (WebCore::RenderMathMLRoot::radicalWrapper): Deleted.
3047         (WebCore::RenderMathMLRoot::indexWrapper): Deleted.
3048         (WebCore::RenderMathMLRoot::radicalOperator): Deleted.
3049         (WebCore::RenderMathMLRoot::restructureWrappers): Deleted.
3050         (WebCore::RenderMathMLRoot::addChild): Deleted.
3051         (WebCore::RenderMathMLRoot::firstLineBaseline): Deleted.
3052         (WebCore::RenderMathMLRoot::layout): Deleted.
3053         (WebCore::RenderMathMLRootWrapper::createAnonymousWrapper): Deleted.
3054         (WebCore::RenderMathMLRootWrapper::removeChildWithoutRestructuring): Deleted.
3055         (WebCore::RenderMathMLRootWrapper::removeChild): Deleted.
3056         * rendering/mathml/RenderMathMLRoot.h: Make RenderMathMLRoot inherit from RenderMathMLRow.
3057         Make RenderMathMLRoot support <msqrt>.
3058         Remove all the anonymous wrapper stuff and instead use a MathOperator for the radical symbol.
3059         Update function declaration to implement layout without flexbox and add some helper functions.
3060         * rendering/mathml/RenderMathMLRow.cpp: Allow to get the exact metrics of the chid row,
3061         for use in RenderMathMLRoot.
3062         (WebCore::RenderMathMLRow::computeLineVerticalStretch): rename parameters.
3063         (WebCore::RenderMathMLRow::layoutRowItems): Set parameters to the final ascent, descent and
3064         logical width of the chid row. Set the temporary logical width for RenderMathRoot before
3065         laying the children out.
3066         (WebCore::RenderMathMLRow::layoutBlock): Rename parameters ; add a dummy logicalWidth
3067         parameter.
3068         * rendering/mathml/RenderMathMLRow.h: Make some functions accessible or overridable by
3069         RenderMathMLRoot. Make layoutRowItems return the final ascent, descent and logical width
3070         after the chid row is laid out.
3071         * rendering/mathml/RenderMathMLScripts.cpp: Move mirrorIfNeeded to RenderMathMLBlock.
3072         (WebCore::RenderMathMLScripts::mirrorIfNeeded): Deleted.
3073         * rendering/mathml/RenderMathMLScripts.h: Move mirrorIfNeeded to RenderMathMLBlock.
3074         * rendering/mathml/RenderMathMLSquareRoot.cpp: Removed.
3075         * rendering/mathml/RenderMathMLSquareRoot.h: Removed.
3076         * rendering/mathml/MathOperator.cpp:
3077         (WebCore::MathOperator::paint): Apply a mirroring scale transform to radical symbol
3078         in RTL direction.
3079
3080 2016-06-17  Chris Dumez  <cdumez@apple.com>
3081
3082         Drop some unnecessary header includes
3083         https://bugs.webkit.org/show_bug.cgi?id=158864
3084
3085         Reviewed by Alexey Proskuryakov.
3086
3087         Drop some unnecessary header includes to try and reduce build times.
3088
3089         * WebCore.xcodeproj/project.pbxproj:
3090         * accessibility/AccessibilityList.cpp:
3091         * css/CSSComputedStyleDeclaration.cpp:
3092         * css/MediaQueryMatcher.cpp:
3093         * css/StyleMedia.cpp:
3094         * css/TransformFunctions.cpp:
3095         * dom/NodeRenderStyle.h:
3096         * dom/PseudoElement.h:
3097         (isType): Deleted.
3098         * html/HTMLTitleElement.cpp:
3099         * html/shadow/MediaControlElementTypes.h:
3100         * html/shadow/MediaControls.cpp:
3101         * inspector/InspectorDOMAgent.h:
3102         * inspector/InspectorLayerTreeAgent.h:
3103         * inspector/InspectorPageAgent.cpp:
3104         * page/scrolling/AsyncScrollingCoordinator.cpp:
3105         * page/scrolling/ScrollingCoordinator.h:
3106         * rendering/BidiRun.h:
3107         * rendering/BorderEdge.h:
3108         * rendering/RenderElement.h:
3109         * rendering/RenderObject.h:
3110         (WebCore::AnnotatedRegionValue::operator==): Deleted.
3111         (WebCore::AnnotatedRegionValue::operator!=): Deleted.
3112         * rendering/RenderObjectEnums.h: Added.
3113         * rendering/RenderTheme.h:
3114         * rendering/SimpleLineLayoutFlowContents.h:
3115         * rendering/SimpleLineLayoutTextFragmentIterator.h:
3116         * rendering/TextPainter.h:
3117         * rendering/style/RenderStyle.h:
3118         (WebCore::pseudoElementRendererIsNeeded):
3119         * rendering/style/ShapeValue.cpp:
3120         * rendering/style/ShapeValue.h:
3121         * style/ClassChangeInvalidation.cpp:
3122         * style/ClassChangeInvalidation.h:
3123         * style/InlineTextBoxStyle.h:
3124         * style/StyleUpdate.cpp:
3125
3126 2016-06-17  Andreas Kling  <akling@apple.com>
3127
3128         [iOS] Throw away linked code when navigating to a new page.
3129         <https://webkit.org/b/153851>
3130
3131         Reviewed by Antti Koivisto.
3132
3133         When navigating to a new page, tell JSC to throw out any linked code it has lying around.
3134         Linked code is tied to a specific global object, and as we're creating a new one for the
3135         new page, none of it is useful to us here.
3136
3137         In the event that the user navigates back, the cost of relinking some code will be far
3138         lower than the memory cost of keeping all of it around.
3139
3140         This was in-tree before but was rolled out due to regressing JSBench. It was a slowdown
3141         due to the benchmark harness using top-level navigations to drive the tests.
3142         This new version avoids that problem by only throwing out code if we haven't navigated
3143         in the last 2 seconds. This also prevents excessive work in response to redirects.
3144
3145         I've also moved this into MemoryPressureHandler so we don't make a mess in FrameLoader.
3146
3147         * loader/FrameLoader.cpp:
3148         (WebCore::FrameLoader::commitProvisionalLoad):
3149         * platform/MemoryPressureHandler.cpp:
3150         (WebCore::MemoryPressureHandler::jettisonExpensiveObjectsOnTopLevelNavigation):
3151         * platform/MemoryPressureHandler.h:
3152
3153 2016-06-17  Youenn Fablet  <youenn.fablet@crf.canon.fr>
3154
3155         CORS preflight with a non-200 response should be a preflight failure
3156         https://bugs.webkit.org/show_bug.cgi?id=111008
3157
3158         Reviewed by Darin Adler.
3159
3160         Covered by rebased tests.
3161
3162         * Modules/fetch/FetchResponse.h: Making use of ResourceResponse::isSuccessful.
3163         * loader/CrossOriginPreflightChecker.cpp:
3164         (WebCore::CrossOriginPreflightChecker::validatePreflightResponse): Checking that response status is code is
3165         successful. If not, calling preflight failure callback.
3166         (WebCore::CrossOriginPreflightChecker::startPreflight): Putting in manual redirection mode so that redirection
3167         responses are processed as other responses.
3168         * loader/ResourceLoaderOptions.h:
3169         (WebCore::ResourceLoaderOptions::fetchOptions): Adding a non-const getter and fixing const getter to return a
3170         const reference.
3171         (WebCore::ResourceLoaderOptions::setFetchOptions): Passing options by reference.
3172         * platform/network/ResourceResponseBase.cpp:
3173         (WebCore::ResourceResponseBase::isSuccessful): Utility function.
3174         * platform/network/ResourceResponseBase.h:
3175
3176 2016-06-17  Frederic Wang  <fwang@igalia.com>
3177
3178         MathOperator: Add fallback mechanisms for stretching and mirroring radical symbols
3179         https://bugs.webkit.org/show_bug.cgi?id=156836
3180
3181         Reviewed by Sergio Villar Senin.
3182
3183         Some platforms do not have OpenType MATH fonts pre-installed and thus can not draw stretchy
3184         operators using size variants or glyph assembly. This is especially problematic for the
3185         radical symbol which is used to write roots. Currently, we have some fallback code to draw
3186         that symbol using graphical primitives but it is a bit complex and makes the style of radical
3187         inconsistent with the font used. We solve these issues by just scaling the base glyph via a
3188         scale transform. Such scale transform is also used to mirror the radical symbol so that we
3189         have some support for right-to-left roots until we can do glyph-level mirroring
3190         via the OpenType rtlm feature.
3191
3192         Test: mathml/radical-fallback.html
3193
3194         * rendering/mathml/MathOperator.cpp: Add a constant for the code point U+221A of the radical.
3195         (WebCore::MathOperator::reset): In general, we don't need any vertical scaling for radical
3196         symbols so m_radicalVerticalScale is initialized to 1.
3197         (WebCore::MathOperator::calculateStretchyData): If we don't have a font with a MATH table and we
3198         try streching a radical, then we update the vertical metrics to match the target size and
3199         set m_radicalVerticalScale to the value necessary to make the base glyph scaled to that size.
3200         (WebCore::MathOperator::paint): For a radical operator, we may apply a scale transform of
3201         parameters (radicalHorizontalScale, m_radicalVerticalScale) in order to support RTL
3202         mirroring or vertical stretching.
3203         * rendering/mathml/MathOperator.h: We add a m_radicalVerticalScale member to indicate the
3204         scaling to apply to the base radical glyph when the stretchy fallback is necessary.
3205         (WebCore::MathOperator::isStretched): The operator is also considered stretched when the
3206         m_radicalVerticalScale is applied to the base size.
3207         * rendering/mathml/RenderMathMLRadicalOperator.cpp: Remove code specific to the old fallback mechanism.
3208         * rendering/mathml/RenderMathMLRadicalOperator.h: Ditto.
3209
3210 2016-06-16  Commit Queue  <commit-queue@webkit.org>
3211
3212         Unreviewed, rolling out r202147.
3213         https://bugs.webkit.org/show_bug.cgi?id=158867
3214
3215         Broke scrolling tests on iOS Simulator (Requested by ap on
3216         #webkit).
3217
3218         Reverted changeset:
3219
3220         "Focus event dispatched in iframe causes parent document to
3221         scroll incorrectly"
3222         https://bugs.webkit.org/show_bug.cgi?id=158629
3223         http://trac.webkit.org/changeset/202147
3224
3225 2016-06-16  Benjamin Poulain  <bpoulain@apple.com>
3226
3227         :in-range & :out-of-range CSS pseudo-classes shouldn't match disabled or readonly inputs
3228         https://bugs.webkit.org/show_bug.cgi?id=156530
3229
3230         Reviewed by Simon Fraser.
3231
3232         Elements should only match :in-range and :out-of-range
3233         when they are candidate for constraint validation.
3234
3235         Tests: fast/css/pseudo-in-range-on-disabled-input-basics.html
3236                fast/css/pseudo-in-range-on-readonly-input-basics.html
3237                fast/css/pseudo-in-range-out-of-range-on-disabled-input-trivial.html
3238                fast/css/pseudo-out-of-range-on-disabled-input-basics.html
3239                fast/css/pseudo-out-of-range-on-readonly-input-basics.html
3240                fast/selectors/in-range-out-of-range-style-update.html
3241
3242         * html/BaseDateAndTimeInputType.cpp:
3243         (WebCore::BaseDateAndTimeInputType::minOrMaxAttributeChanged):
3244         * html/NumberInputType.cpp:
3245         (WebCore::NumberInputType::minOrMaxAttributeChanged):
3246         I forgot to handle style update in r202143.
3247         This is covered by the new style invalidation test.
3248
3249         * html/BaseDateAndTimeInputType.h:
3250         * html/HTMLInputElement.cpp:
3251         (WebCore::HTMLInputElement::isInRange):
3252         (WebCore::HTMLInputElement::isOutOfRange):
3253
3254 2016-06-16  Frederic Wang  <fwang@igalia.com>
3255
3256         Add separate MathOperator for selection/measuring/drawing of stretchy operators
3257         https://bugs.webkit.org/show_bug.cgi?id=152244
3258
3259         Reviewed by Brent Fulgham.
3260
3261         We complete the class to select, measure and draw stretchy operators that is independent
3262         from RenderMathMLOperator. That way, we will be able use stretchy operator without having
3263         to introduce & manage anonymous RenderMathMLOperator's
3264         (e.g for <mroot>, <msqrt> and <mfenced>).
3265
3266         No new tests, already covered by existing tests.
3267
3268         * rendering/mathml/MathOperator.cpp:
3269         (WebCore::ascentForGlyph): Add this helper function to get glyph ascent.
3270         (WebCore::descentForGlyph): Add this helper function to get glyph descent.
3271         (WebCore::MathOperator::reset): Initialize all the data and calculate ascent/descent of the
3272         base glyph.
3273         (WebCore::MathOperator::setSizeVariant): Set the width/ascent/descent.
3274         (WebCore::MathOperator::setGlyphAssembly): Ditto.
3275         (WebCore::MathOperator::calculateDisplayStyleLargeOperator): Remove the STIX Word hack and
3276         change m_maxPreferredWidth to use the actual width instead.
3277         (WebCore::MathOperator::stretchTo): New functions to execute the actual operator streching.
3278         (WebCore::MathOperator::fillWithVerticalExtensionGlyph): Add a FIXME for bug 155434.
3279         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph): Align all the glyph baselines on
3280         the same axis, given by m_ascent.
3281         Add a FIXME for bug 155434.
3282         (WebCore::MathOperator::paintHorizontalGlyphAssembly): Ditto.
3283         (WebCore::MathOperator::paint): Public function to do the painting.
3284         (WebCore::MathOperator::paintVerticalGlyphAssembly): Deleted.
3285         * rendering/mathml/MathOperator.h: Update declarations and make most of the members private.
3286         (WebCore::MathOperator::ascent): Function to expose m_ascent.
3287         (WebCore::MathOperator::descent): Function to expose m_descent.
3288         * rendering/mathml/RenderMathMLOperator.cpp:
3289         (WebCore::RenderMathMLOperator::stretchTo): Forward the stretching call to MathOperator.
3290         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Unfold advanceForGlyph
3291         since we delete RenderMathMLOperator::advanceForGlyph. Just rely on
3292         MathOperator::maxPreferredWidth to determine the preferred width of stretchy operators.
3293         For horizontal operators, we just use the width of the base glyph.
3294         Finally, we remove the dirty flag on preferred logical width.
3295         (WebCore::RenderMathMLOperator::rebuildTokenContent): Reinit the MathOperator instance.
3296         (WebCore::RenderMathMLOperator::updateFromElement): Force more updates of
3297         RenderMathMLOperator to avoid test breakage.
3298         (WebCore::RenderMathMLOperator::styleDidChange): Call MathOperator::reset to take into
3299         account style change.
3300         (WebCore::RenderMathMLOperator::updateStyle): Remove unused code.
3301         (WebCore::RenderMathMLOperator::firstLineBaseline): Use MathOperator::ascent() function.
3302         (WebCore::RenderMathMLOperator::computeLogicalHeight): Use MathOperator::ascent() and
3303         MathOperator::descent() functions to calculate the height.
3304         (WebCore::RenderMathMLOperator::paint): Only stretched operators are treated specially.
3305         We center horizontal operator and forward the paint() call to MathOperator.
3306         (WebCore::RenderMathMLOperator::trailingSpaceError): The error is now just the difference
3307         between the values returned by MathOperator::maxPreferredWidth() and
3308         MathOperator::width().
3309         (WebCore::boundsForGlyph): Deleted.
3310         (WebCore::heightForGlyph): Deleted.
3311         (WebCore::advanceWidthForGlyph): Deleted.
3312         (WebCore::RenderMathMLOperator::updateStyle): Deleted.
3313
3314 2016-06-16  Jiewen Tan  <jiewen_tan@apple.com>
3315
3316         CSP: Content Security Policy should allow '*' to match the originating page's scheme
3317         https://bugs.webkit.org/show_bug.cgi?id=158811
3318         <rdar://problem/26819568>
3319
3320         Reviewed by Daniel Bates.
3321
3322         Tests: security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star.html
3323                security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star.html
3324                security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star.html
3325                security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star.html
3326
3327         * page/csp/ContentSecurityPolicySourceList.cpp:
3328         (WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):
3329
3330 2016-06-16  Chris Dumez  <cdumez@apple.com>
3331
3332         Add HTTPHeaderMap::set() overload taking a NSString*
3333         https://bugs.webkit.org/show_bug.cgi?id=158857
3334
3335         Reviewed by Darin Adler.
3336
3337         Add HTTPHeaderMap::set() overloading taking a NSString* in addition to
3338         the one taking a CFStringRef. It is useful for the Cocoa implementation
3339         of ResourceRequest::doUpdateResourceRequest().
3340
3341         * platform/network/HTTPHeaderMap.h:
3342         (WebCore::HTTPHeaderMap::set):
3343
3344 2016-06-16  Joseph Pecoraro  <pecoraro@apple.com>
3345
3346         Web Inspector: console.profile should use the new Sampling Profiler
3347         https://bugs.webkit.org/show_bug.cgi?id=153499
3348         <rdar://problem/24352431>
3349
3350         Reviewed by Timothy Hatcher.
3351
3352         Test: inspector/timeline/setInstruments-programmatic-capture.html
3353
3354         * inspector/InspectorTimelineAgent.cpp:
3355         (WebCore::InspectorTimelineAgent::startFromConsole):
3356         (WebCore::InspectorTimelineAgent::stopFromConsole):
3357         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
3358         (WebCore::InspectorTimelineAgent::startProgrammaticCapture):
3359         (WebCore::InspectorTimelineAgent::stopProgrammaticCapture):
3360         (WebCore::InspectorTimelineAgent::toggleInstruments):
3361         (WebCore::InspectorTimelineAgent::toggleScriptProfilerInstrument):
3362         (WebCore::InspectorTimelineAgent::toggleHeapInstrument):
3363         (WebCore::InspectorTimelineAgent::toggleMemoryInstrument):
3364         (WebCore::InspectorTimelineAgent::toggleTimelineInstrument):
3365         * inspector/InspectorTimelineAgent.h:
3366         Web implementation of console.profile/profileEnd.
3367         Make helpers for startings / stopping instruments.
3368
3369 2016-06-16  John Wilander  <wilander@apple.com>
3370
3371         Restrict security origin inheritance to empty, about:blank, and about:srcdoc URLs
3372         https://bugs.webkit.org/show_bug.cgi?id=158855
3373         <rdar://problem/26142632>
3374
3375         Reviewed by Alex Christensen.
3376
3377         Tests: http/tests/dom/window-open-about-blank-and-access-document.html
3378                http/tests/dom/window-open-about-webkit-org-and-access-document.html
3379
3380         Document.cpp previously checked whether a document should inherit its owner's 
3381         security origin by checking if the URL is either empty or blank. URL.cpp in 
3382         turn only checks if the protocol is "about:" in the isBlankURL() function. 
3383         Thus all about:* URLs inherited security origin. This patch restricts 
3384         security origin inheritance to empty, about:blank, and about:srcdoc URLs.
3385
3386         Quotes and links from the WHATWG spec regarding about:srcdoc:
3387
3388         7.1 Browsing contexts
3389         A browsing context can have a creator browsing context, the browsing context 
3390         that was responsible for its creation. If a browsing context has a parent 
3391         browsing context, then that is its creator browsing context. Otherwise, if the 
3392         browsing context has an opener browsing context, then that is its creator 
3393         browsing context. Otherwise, the browsing context has no creator browsing 
3394         context.
3395         https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc
3396
3397         7.1.1 Nested browsing contexts
3398         Certain elements (for example, iframe elements) can instantiate further 
3399         browsing contexts. These are called nested browsing contexts. If a browsing 
3400         context P has a Document D with an element E that nests another browsing 
3401         context C inside it, then C is said to be nested through D, and E is said to 
3402         be the browsing context container of C. If the browsing context container 
3403         element E is in