c63a950313431ef83d265b24ebf21a408ac295e8
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-02-14  Simon Fraser  <simon.fraser@apple.com>
2
3         [CSS Filters] When applying an SVG filter on a composited image using CSS the image is rendered without the filter
4         https://bugs.webkit.org/show_bug.cgi?id=154108
5
6         Reviewed by Sam Weinig.
7         
8         When checking whether we can directly composite an image, we need to check for software-rendered
9         filters.
10
11         Test: compositing/filters/simple-image-with-svg-filter.html
12
13         * rendering/RenderLayerBacking.cpp:
14         (WebCore::RenderLayerBacking::isDirectlyCompositedImage):
15
16 2016-02-14  Chris Dumez  <cdumez@apple.com>
17
18         Drop the [EventTarget] WebKit-specific IDL extended attribute
19         https://bugs.webkit.org/show_bug.cgi?id=154171
20
21         Reviewed by Sam Weinig.
22
23         Drop the [EventTarget] WebKit-specific IDL extended attribute now that
24         all interfaces inherit EventTarget when they should.
25
26         No new tests, no Web-Exposed behavior change.
27
28         * Modules/battery/BatteryManager.idl:
29         * Modules/encryptedmedia/MediaKeySession.idl:
30         * Modules/indexeddb/IDBDatabase.idl:
31         * Modules/indexeddb/IDBOpenDBRequest.idl:
32         * Modules/indexeddb/IDBRequest.idl:
33         * Modules/indexeddb/IDBTransaction.idl:
34         * Modules/mediasession/MediaRemoteControls.idl:
35         * Modules/mediasource/MediaSource.idl:
36         * Modules/mediasource/SourceBuffer.idl:
37         * Modules/mediasource/SourceBufferList.idl:
38         * Modules/mediastream/MediaStream.idl:
39         * Modules/mediastream/MediaStreamTrack.idl:
40         * Modules/mediastream/RTCDTMFSender.idl:
41         * Modules/mediastream/RTCDataChannel.idl:
42         * Modules/mediastream/RTCPeerConnection.idl:
43         * Modules/notifications/Notification.idl:
44         * Modules/speech/SpeechSynthesisUtterance.idl:
45         * Modules/webaudio/AudioContext.idl:
46         * Modules/webaudio/AudioNode.idl:
47         * Modules/webaudio/OfflineAudioContext.idl:
48         * Modules/websockets/WebSocket.idl:
49         * bindings/scripts/CodeGeneratorGObject.pm:
50         (ImplementsInterface):
51         (SkipFunction): Deleted.
52         (GenerateCFile): Deleted.
53         * bindings/scripts/CodeGeneratorJS.pm:
54         (InstanceNeedsVisitChildren):
55         (GenerateImplementation):
56         * bindings/scripts/IDLAttributes.txt:
57         * bindings/scripts/test/TestEventTarget.idl:
58         * bindings/scripts/test/TestNode.idl:
59         * css/FontLoader.idl:
60         * dom/EventTarget.idl:
61         * dom/MessagePort.idl:
62         * dom/Node.idl:
63         * dom/WebKitNamedFlow.idl:
64         * fileapi/FileReader.idl:
65         * html/MediaController.idl:
66         * html/track/AudioTrackList.idl:
67         * html/track/TextTrack.idl:
68         * html/track/TextTrackCue.idl:
69         * html/track/TextTrackList.idl:
70         * html/track/VideoTrackList.idl:
71         * loader/appcache/DOMApplicationCache.idl:
72         * page/DOMWindow.idl:
73         * page/EventSource.idl:
74         * page/Performance.idl:
75         * workers/WorkerGlobalScope.idl:
76         * xml/XMLHttpRequest.idl:
77         * xml/XMLHttpRequestUpload.idl:
78
79 2016-02-14  Chris Dumez  <cdumez@apple.com>
80
81         Unreviewed attempt to fix the Mac CMake build after r196136
82
83         * PlatformMac.cmake:
84
85 2016-02-14  Chris Dumez  <cdumez@apple.com>
86
87         Unreviewed attempt to fix the Windows build.
88
89         * Modules/webdatabase/Database.cpp:
90         * bridge/c/c_utility.cpp:
91         * platform/MemoryPressureHandler.cpp:
92
93 2016-02-14  Chris Dumez  <cdumez@apple.com>
94
95         Window and WorkerGlobalScope should inherit EventTarget
96         https://bugs.webkit.org/show_bug.cgi?id=154170
97         <rdar://problem/24642377>
98
99         Reviewed by Darin Adler.
100
101         Window and WorkerGlobalScope should inherit EventTarget instead of
102         duplicating the EventTarget API in their IDL. These were the last
103         interfaces that needed fixing. The next step will be to get rid
104         of the [EventTarget] IDL extended attribute and rely entirely
105         on the EventTarget inheritance.
106
107         Test:
108         - fast/frames/detached-frame-eventListener.html
109         - Covered by existing tests.
110
111         * WebCore.xcodeproj/project.pbxproj:
112         Add JSEventTargetCustom.h header to the project.
113
114         * bindings/js/JSDOMWindowCustom.cpp:
115         Drop custom bindings for Window's addEventListener() and
116         removeEventListener(). The only reason these needed custom
117         code was to add a check for frameless windows. The frameless
118         Window checks was moved to the respective methods in the
119         JSEventTarget generated bindings.
120
121         * bindings/js/JSDOMWindowShell.cpp:
122         (WebCore::JSDOMWindowShell::setWindow):
123         Set WindowPrototype's prototype to EventTarget's prototype.
124
125         * bindings/js/JSDOMWindowShell.h:
126         * bindings/js/JSDictionary.cpp:
127         Include "DOMWindow.h" to fix the build.
128
129         * bindings/js/JSEventTargetCustom.cpp:
130         (WebCore::JSEventTarget::toWrapped):
131         Handle DOMWindow and WorkerGlobalScope explicitely in toWrapped()
132         and get rid of the DOM_EVENT_TARGET_INTERFACES_FOR_EACH(TRY_TO_UNWRAP_WITH_INTERFACE)
133         now that all interfaces inherit EventTarget when they should.
134         The reason DOMWindow and WorkerGlobalScope still need special
135         handling is because their wrappers (JSDOMWindow /
136         JSWorkerGlobalScope) do not subclass JSEventTarget.
137
138         (WebCore::JSEventTargetOrGlobalScope::create):
139         * bindings/js/JSEventTargetCustom.h: Added.
140         (WebCore::JSEventTargetOrGlobalScope::wrapped):
141         (WebCore::JSEventTargetOrGlobalScope::operator JSC::JSObject&):
142         (WebCore::JSEventTargetOrGlobalScope::JSEventTargetOrGlobalScope):
143         Add a wrapper type for JSEventTarget / JSDOMWindow and
144         JSWorkerGlobalScope for use in the generated bindings. This is
145         needed because JSDOMWindow and JSWorkerGlobalScope do not
146         subclass JSEventTarget. Subclassing JSEventTarget would be
147         complicated for them because they already subclass
148         JSDOMWindowBase / JSWorkerGlobalScopeBase, which subclasses
149         JSDOMGlobalObject.
150
151         * bindings/js/WorkerScriptController.cpp:
152         (WebCore::WorkerScriptController::initScript):
153         Set WorkerGlobalScopePrototype's prototype to EventTarget's prototype.
154
155         * bindings/scripts/CodeGeneratorJS.pm:
156         (ShouldGenerateToJSDeclaration):
157         Do not generate to toJS() implementation for interfaces that use
158         the [CustomProxyToJSObject] IDL extended attribute, even if they
159         inherit EventTarget.
160
161         (GetCastingHelperForThisObject):
162         To initialize castedThis from thisValue JSValue, we now use the
163         JSEventTargetOrGlobalScope wrapper for the EventTarget
164         implementation. This is to work around the fact that JSDOMWindow
165         and JSWorkerGlobalScope do not subclass JSEventTarget.
166
167         (GenerateFunctionCastedThis):
168         - Drop code handling [WorkerGlobalScope] IDL extended attribute
169           as there is no such attribute.
170         - Use auto instead of auto* type for castedThis because
171           JSEventTargetOrGlobalScope::create() returns a unique_ptr.
172         - Do not check that castedThis inherits JSEventTarget in the
173           EventTarget bindings code as this no longer holds true.
174
175         (GenerateImplementation):
176         Generate frameless window() and security checks for EventTarget
177         methods when thisValue is a JSDOMWindow.
178
179         * dom/EventTarget.idl:
180         Add [JSCustomHeader] IDL Extended attribute as we need a header
181         to expose JSEventTargetOrGlobalScope class.
182
183         * page/DOMWindow.idl:
184         * workers/WorkerGlobalScope.idl:
185         Inherit EventTarget and stop duplicating the EventTarget API.
186         This matches the HTML specification.
187
188 2016-02-14  Darin Adler  <darin@apple.com>
189
190         Small tweaks to some SimpleLineLayout code
191         https://bugs.webkit.org/show_bug.cgi?id=154229
192
193         Reviewed by Zalan Bujtas.
194
195         * rendering/SimpleLineLayoutFunctions.cpp:
196         (WebCore::SimpleLineLayout::paintFlow): Use std::ceil instead of ceilf.
197         Use auto instead of const auto& for a for loop where the local object is
198         copied and not a reference.
199         (WebCore::SimpleLineLayout::hitTestFlow): Use modern for loop.
200         (WebCore::SimpleLineLayout::collectFlowOverflow): Use std::ceil instead of
201         ceilf. Use a modern for loop, and use slightly more descriptive local
202         variable names.
203         (WebCore::SimpleLineLayout::computeBoundingBox): Use auto instead of
204         const auto& as above.
205         (WebCore::SimpleLineLayout::computeFirstRunLocation): Use auto and use
206         the name "range" for the range rather than the name "it", since the range
207         is not an iterator.
208         (WebCore::SimpleLineLayout::collectAbsoluteRects): Use auto instead of
209         const auto& as above.
210         (WebCore::SimpleLineLayout::collectAbsoluteQuads): Ditto.
211         (WebCore::SimpleLineLayout::showLineLayoutForFlow): Use modern for loop.
212
213         * rendering/SimpleLineLayoutResolver.cpp:
214         (WebCore::SimpleLineLayout::RunResolver::Run::text): Convert from a String
215         to a StringView using the StringView constructor instead of writing out
216         explicit 8-bit and 16-bit cases.
217
218 2016-02-13  Antti Koivisto  <antti@apple.com>
219
220         Factor class change style invalidation code into a class
221         https://bugs.webkit.org/show_bug.cgi?id=154163
222
223         Reviewed by Andreas Kling.
224
225         Factor this piece of functionality out of Element and into ClassChangeInvalidation class.
226
227         * CMakeLists.txt:
228         * WebCore.vcxproj/WebCore.vcxproj:
229         * WebCore.xcodeproj/project.pbxproj:
230         * dom/Element.cpp:
231         (WebCore::classStringHasClassName):
232         (WebCore::Element::classAttributeChanged):
233         (WebCore::collectClasses): Deleted.
234         (WebCore::computeClassChange): Deleted.
235         (WebCore::invalidateStyleForClassChange): Deleted.
236         * style/ClassChangeInvalidation.cpp: Added.
237         (WebCore::Style::ClassChangeInvalidation::computeClassChange):
238         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
239         * style/ClassChangeInvalidation.h: Added.
240         (WebCore::Style::ClassChangeInvalidation::needsInvalidation):
241         (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
242         (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):
243
244 2016-02-13  Myles C. Maxfield  <mmaxfield@apple.com>
245
246         [Win] [SVG -> OTF Converter] SVG fonts drawn into ImageBuffers are invisible
247         https://bugs.webkit.org/show_bug.cgi?id=154222
248
249         Reviewed by Antti Koivisto.
250
251         Windows ImageBuffer code is sensitive to broken bounding box and
252         descent code.
253
254         Covered by existing tests.
255
256         * svg/SVGToOTFFontConversion.cpp:
257         (WebCore::SVGToOTFFontConverter::appendHHEATable):
258         (WebCore::SVGToOTFFontConverter::appendOS2Table):
259         (WebCore::SVGToOTFFontConverter::processGlyphElement):
260         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
261
262 2016-02-13  Antti Koivisto  <antti@apple.com>
263
264         Add version number for default stylesheet
265         https://bugs.webkit.org/show_bug.cgi?id=154220
266
267         Reviewed by Ryosuke Niwa.
268
269         We currently fail to update RuleFeatureSets for shadow trees when the default stylesheet grows
270         (for example when media controls stylesheet is initialized).
271
272         No test since this is not causing known bugs. It is blocking optimizations in shadow trees that
273         rely on rule features being up-to-date.
274
275         * css/CSSDefaultStyleSheets.cpp:
276         (WebCore::CSSDefaultStyleSheets::loadSimpleDefaultStyle):
277         (WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement):
278
279             Increment version number when the default stylesheet changes.
280
281         * css/CSSDefaultStyleSheets.h:
282         * css/DocumentRuleSets.cpp:
283         (WebCore::DocumentRuleSets::appendAuthorStyleSheets):
284         (WebCore::DocumentRuleSets::collectFeatures):
285
286             Store the current default stylesheet version number.
287
288         * css/DocumentRuleSets.h:
289         (WebCore::DocumentRuleSets::features):
290
291             Collect features again if the default stylesheet has changed.
292
293         * css/StyleResolver.cpp:
294         (WebCore::StyleResolver::styleForElement):
295
296 2016-02-13  Konstantin Tokarev  <annulen@yandex.ru>
297
298         [cmake] Consolidate building of GStreamer and OpenWebRTC code.
299         https://bugs.webkit.org/show_bug.cgi?id=154116
300
301         Reviewed by Michael Catanzaro.
302
303         No new tests needed.
304
305         * PlatformEfl.cmake: Migrated shared code to GStreamer.cmake.
306         * PlatformGTK.cmake: Ditto.
307         * platform/GStreamer.cmake: Added.
308
309 2016-02-13  Mark Lam  <mark.lam@apple.com>
310
311         Add thread violation checks to WebView public APIs.
312         https://bugs.webkit.org/show_bug.cgi?id=154183
313
314         Reviewed by Timothy Hatcher.
315
316         No new tests.  Just adding a new thread violation round.
317
318         * platform/ThreadCheck.h:
319         * platform/mac/ThreadCheck.mm:
320         - Adding WebCoreThreadViolationCheckRoundThree().
321
322 2016-02-12  Nan Wang  <n_wang@apple.com>
323
324         AX: Implement paragraph related text marker functions using TextIterator
325         https://bugs.webkit.org/show_bug.cgi?id=154098
326         <rdar://problem/24269675>
327
328         Reviewed by Chris Fleizach.
329
330         Using CharacterOffset to implement paragraph related text marker calls. Reused
331         logic from VisibleUnits class. And refactored textMarkerForCharacterOffset method
332         to get better performance. Also fixed an issue where we can't navigate through a text
333         node with line breaks in it using next/previousCharacterOffset call.
334
335         Test: accessibility/mac/text-marker-paragraph-nav.html
336
337         * accessibility/AXObjectCache.cpp:
338         (WebCore::AXObjectCache::traverseToOffsetInRange):
339         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
340         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
341         (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
342         (WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
343         (WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
344         (WebCore::AXObjectCache::nextNode):
345         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
346         (WebCore::AXObjectCache::nextCharacterOffset):
347         (WebCore::AXObjectCache::previousCharacterOffset):
348         (WebCore::startWordBoundary):
349         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
350         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
351         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
352         (WebCore::AXObjectCache::previousWordBoundary):
353         (WebCore::AXObjectCache::startCharacterOffsetOfParagraph):
354         (WebCore::AXObjectCache::endCharacterOffsetOfParagraph):
355         (WebCore::AXObjectCache::paragraphForCharacterOffset):
356         (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
357         (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
358         (WebCore::AXObjectCache::rootAXEditableElement):
359         * accessibility/AXObjectCache.h:
360         (WebCore::CharacterOffset::remaining):
361         (WebCore::CharacterOffset::isNull):
362         (WebCore::CharacterOffset::isEqual):
363         (WebCore::AXObjectCache::isNodeInUse):
364         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
365         (+[WebAccessibilityTextMarker textMarkerWithCharacterOffset:cache:]):
366         (-[WebAccessibilityObjectWrapper nextMarkerForCharacterOffset:]):
367         (-[WebAccessibilityObjectWrapper previousMarkerForCharacterOffset:]):
368         (-[WebAccessibilityObjectWrapper rangeForTextMarkers:]):
369         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
370         (startOrEndTextmarkerForRange):
371         (nextTextMarkerForCharacterOffset):
372         (previousTextMarkerForCharacterOffset):
373         (-[WebAccessibilityObjectWrapper nextTextMarkerForCharacterOffset:]):
374         (-[WebAccessibilityObjectWrapper previousTextMarkerForCharacterOffset:]):
375         (-[WebAccessibilityObjectWrapper textMarkerForCharacterOffset:]):
376         (textMarkerForCharacterOffset):
377         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
378         (-[WebAccessibilityObjectWrapper nextTextMarkerForNode:offset:]): Deleted.
379         (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]): Deleted.
380         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]): Deleted.
381         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]): Deleted.
382         * editing/VisibleUnits.cpp:
383         (WebCore::nextSentencePosition):
384         (WebCore::findStartOfParagraph):
385         (WebCore::findEndOfParagraph):
386         (WebCore::startOfParagraph):
387         (WebCore::endOfParagraph):
388         * editing/VisibleUnits.h:
389
390 2016-02-12  Ryan Haddad  <ryanhaddad@apple.com>
391
392         Reset results for bindings tests after r196520
393
394         Unreviewed test gardening.
395
396         No new tests needed.
397
398         * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.cpp:
399         (webkit_dom_test_event_target_dispatch_event):
400         * bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
401         (webkit_dom_test_node_dispatch_event):
402
403 2016-02-12  Saam barati  <sbarati@apple.com>
404
405         Attempting build fix from https://bugs.webkit.org/show_bug.cgi?id=154144.
406
407         * bindings/js/JSDOMGlobalObject.cpp:
408         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
409
410 2016-02-12  Daniel Bates  <dabates@apple.com>
411
412         CSP: 'blob:' URLs should not match 'self' in CSP source expression lists.
413         https://bugs.webkit.org/show_bug.cgi?id=153158
414         <rdar://problem/24383264>
415
416         Reviewed by Brent Fulgham.
417
418         A blob URL should not match source 'self' by section Security Considerations for GUID URL schemes
419         of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/CSP2/> (21 July 2015).
420
421         Tests: http/tests/security/contentSecurityPolicy/blob-url-does-not-match-source-self.html
422                http/tests/security/contentSecurityPolicy/blob-url-matches-source-blob.html
423
424         * page/csp/ContentSecurityPolicySourceList.cpp:
425         (WebCore::ContentSecurityPolicySourceList::matches): Do not make a distinction between URLs that
426         contain a nested URL (e.g. blob://http://www.example.com/...) and URLs that do not contain a nested
427         URL. The URL of the requested resource should be matched against the source list source expressions.
428
429 2016-02-12  Daniel Bates  <dabates@apple.com>
430
431         CSP: Implement child-src directive
432         https://bugs.webkit.org/show_bug.cgi?id=153562
433         <rdar://problem/24610087>
434
435         Reviewed by Brent Fulgham.
436
437         Add support for the child-src directive, <https://w3c.github.io/webappsec-csp/2/#child_src> (29 August 2015),
438         which formally replaces the deprecated frame-src directive as of the Content Security Policy 2.0 spec. The
439         child-src directive was first introduced in the Content Security Policy 1.1 spec, <https://www.w3.org/TR/2014/WD-CSP11-20140211/>.
440
441         As a side effect of this change, the script URL for a Web Worker is checked against the child-src directive
442         as opposed to the script-src directive. This is a backward incompatible change from the CSP 1.0 spec.
443
444         Tests: http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-blocked.html
445                http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-redirect-blocked.html
446                http/tests/security/contentSecurityPolicy/1.1/child-src/frame-src-takes-precedence-over-child-src.html
447                http/tests/security/contentSecurityPolicy/1.1/child-src/worker-redirect-blocked.html
448                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-redirect.html
449
450         * loader/DocumentThreadableLoader.cpp:
451         (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Check child-src directive (if applicable).
452         * loader/ThreadableLoader.h: Add enum value EnforceChildSrcDirective to enum class ContentSecurityPolicyEnforcement to
453         enforce the child-src directive on redirect.
454         * page/csp/ContentSecurityPolicy.cpp:
455         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Added.
456         * page/csp/ContentSecurityPolicy.h:
457         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
458         (WebCore::ContentSecurityPolicyDirectiveList::checkSourceAndReportViolation): Add message prefix for a child-src violation.
459         We use the same message prefix as used by Blink.
460         (WebCore::ContentSecurityPolicyDirectiveList::allowChildContextFromSource): Added.
461         (WebCore::ContentSecurityPolicyDirectiveList::allowChildFrameFromSource): Modified to check the frame-src
462         directive (if specified) before checking the child-src directive by <https://w3c.github.io/webappsec-csp/2/#directive-child-src-nested>.
463         (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Parse the child-src directive.
464         * page/csp/ContentSecurityPolicyDirectiveList.h:
465         * workers/AbstractWorker.cpp:
466         (WebCore::AbstractWorker::resolveURL): Check if the script URL for the worker is allowed by the child-src directive
467         as opposed to the script-src directive. This is a backwards incompatible change from the CSP 1.0 spec.
468         * workers/Worker.cpp:
469         (WebCore::Worker::create): Enforce the child-src directive on redirects (if applicable).
470
471 2016-02-12  Saam barati  <sbarati@apple.com>
472
473         The parser doesn't properly protect against global variable references in builtins
474         https://bugs.webkit.org/show_bug.cgi?id=154144
475
476         Reviewed by Geoffrey Garen.
477
478         Change JS builtins to no longer reference global variables.
479
480         No new tests because old tests cover the issues here.
481
482         * Modules/mediastream/NavigatorUserMedia.js:
483         (webkitGetUserMedia):
484         * Modules/mediastream/RTCPeerConnection.js:
485         (addIceCandidate):
486         (getStats):
487         * Modules/mediastream/RTCPeerConnectionInternals.js:
488         (setLocalOrRemoteDescription):
489         * Modules/plugins/QuickTimePluginReplacement.js:
490         (Replacement.prototype.handleEvent):
491         * Modules/streams/ByteLengthQueuingStrategy.js:
492         (initializeByteLengthQueuingStrategy):
493         * Modules/streams/CountQueuingStrategy.js:
494         (initializeCountQueuingStrategy):
495         * Modules/streams/ReadableStreamInternals.js:
496         (teeReadableStream):
497         * bindings/js/JSDOMGlobalObject.cpp:
498         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
499         * bindings/js/WebCoreBuiltinNames.h:
500
501 2016-02-12  Jiewen Tan  <jiewen_tan@apple.com>
502
503         WebKit should expose the DOM 4 Event.isTrusted property
504         https://bugs.webkit.org/show_bug.cgi?id=76121
505         <rdar://problem/22558494>
506
507         Reviewed by Darin Adler.
508
509         Implements Event.isTrusted. The implementation here is slitely different from and better than
510         the DOM specification. Here Event.isTrusted will be initialized differently depending on the
511         callers of the constructors/create methods. If the caller is from user agent, the isTrusted
512         will be true. Otherwise, it will be false. Since a user agent dispatched event can be catched
513         and re-initialized/redispatched by the bindings, the flag will be unset at *Event::init*Event
514         and EventTarget::dispatchEventForBindings. As currently there is no way to let user agent to
515         dispatch a bindings created event, therefore we ensure that the Event.isTrusted is set for
516         events dispatched by user agent, and unset for those by bindings.
517
518         EventTarget::dispatchEvent(Event*, ExceptionCode&) is renamed to EventTarget::dispatchEventForBindings
519         in this patch as well. So that, together with the improved design of the API, developers in
520         the future will be less likely using a wrong dispatchEvent method and setting Event.isTrusted
521         incorrectly comparing to the DOM design.
522
523         After this patch, all events that are created by user agent should be dispatched by
524         EventTarget::dispatchEvent, and those are created by bindings should be dispatched by
525         EventTarget::dispatchEventForBindings.
526
527         Some of the changes in this patch referred Blink r198996:
528         https://codereview.chromium.org/1241613004
529
530         Test: imported/blink/fast/events/event-trusted.html
531
532         * bindings/scripts/CodeGeneratorGObject.pm:
533         (GenerateEventTargetIface):
534         * dom/Event.cpp:
535         (WebCore::Event::Event):
536         (WebCore::Event::initEvent):
537         * dom/Event.h:
538         (WebCore::Event::isTrusted):
539         (WebCore::Event::setUntrusted):
540         * dom/Event.idl:
541         * dom/EventTarget.cpp:
542         (WebCore::EventTarget::dispatchEventForBindings):
543         (WebCore::EventTarget::dispatchEvent): Deleted.
544         * dom/EventTarget.h:
545         * dom/EventTarget.idl:
546         * page/DOMWindow.idl:
547         * page/EventHandler.cpp:
548         (WebCore::EventHandler::dispatchDragEvent):
549         * workers/WorkerGlobalScope.idl:
550
551 2016-02-12  Brady Eidson  <beidson@apple.com>
552
553         Modern IDB: IDBObjectStore and IDBIndex need to be ActiveDOMObjects.
554         https://bugs.webkit.org/show_bug.cgi?id=154153
555
556         Reviewed by Alex Christensen.
557
558         No new tests (No testable change in behavior).
559
560         This is needed so that IDBObjectStore and IDBIndex JS wrappers are not garbage collected
561         while their IDBTransaction is still in progress.
562
563         * Modules/indexeddb/client/IDBIndexImpl.cpp:
564         (WebCore::IDBClient::IDBIndex::IDBIndex):
565         (WebCore::IDBClient::IDBIndex::activeDOMObjectName):
566         (WebCore::IDBClient::IDBIndex::canSuspendForDocumentSuspension):
567         (WebCore::IDBClient::IDBIndex::hasPendingActivity):
568         * Modules/indexeddb/client/IDBIndexImpl.h:
569         
570         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
571         (WebCore::IDBClient::IDBObjectStore::create):
572         (WebCore::IDBClient::IDBObjectStore::IDBObjectStore):
573         (WebCore::IDBClient::IDBObjectStore::activeDOMObjectName):
574         (WebCore::IDBClient::IDBObjectStore::canSuspendForDocumentSuspension):
575         (WebCore::IDBClient::IDBObjectStore::hasPendingActivity):
576         (WebCore::IDBClient::IDBObjectStore::index):
577         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
578         
579         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
580         (WebCore::IDBClient::IDBTransaction::objectStore):
581         (WebCore::IDBClient::IDBTransaction::createObjectStore):
582         (WebCore::IDBClient::IDBTransaction::createIndex):
583
584 2016-02-12  Brady Eidson  <beidson@apple.com>
585
586         Modern IDB: Simplify the relationship between IDBObjectStore and IDBIndex.
587         https://bugs.webkit.org/show_bug.cgi?id=154187
588
589         Reviewed by Alex Christensen.
590
591         Tests: storage/indexeddb/modern/deleteindex-3-private.html
592                storage/indexeddb/modern/deleteindex-3.html
593
594         Instead of allowing IDBIndex to have two different lifecycle modes, it is now always
595         owned by an IDBObjectStore.
596         
597         To support the case where an IDBIndex is deleted from its IDBObjectStore, the object
598         store simply hangs on to deleted indexes until it is destroyed itself.
599         
600         * Modules/indexeddb/client/IDBIndexImpl.cpp:
601         (WebCore::IDBClient::IDBIndex::markAsDeleted):
602         (WebCore::IDBClient::IDBIndex::ref):
603         (WebCore::IDBClient::IDBIndex::deref):
604         * Modules/indexeddb/client/IDBIndexImpl.h:
605         
606         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
607         (WebCore::IDBClient::IDBObjectStore::deleteIndex):
608         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
609
610 2016-02-12  Myles C. Maxfield  <mmaxfield@apple.com>
611
612         [CSS Font Loading] Implement CSSFontFace Boilerplate
613         https://bugs.webkit.org/show_bug.cgi?id=154145
614
615         Reviewed by Dean Jackson.
616
617         The CSS Font Loading spec[1] dictates that the FontFace object needs to have string
618         accessors and mutators for a bunch of properties. Our CSSFontFace object currently
619         contains this parsed information, but it isn't accessible via string-based methods.
620         This patch adds the necessary accessors and mutators, and migrates CSSFontSelector
621         to use these mutators where necessary.
622
623         There is more work to come on CSSFontFace; the next step is to create an .idl file
624         and hook it up to our CSSFontFace object. In this patch I have left some
625         unimplemented pieces (for example: where the spec dictates that some operation should
626         throw a JavaScript exception) which will be implemented in a follow-up patch. This
627         patch does not have any visible behavior change; I'm separating out the boilerplate
628         into this patch in order to ease reviewing burden.
629
630         This patch separates the externally-facing JavaScript API into a new class, FontFace.
631         This class owns a CSSFontFace, which provides the backing implementation. There will
632         be a system of shared ownership of these objects once FontFaceSet is implemented.
633
634         No new tests because there is no behavior change.
635
636         * CMakeLists.txt: Add new files to CMake builds.
637         * WebCore.vcxproj/WebCore.vcxproj: Ditto for Windows.
638         * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
639         * WebCore.xcodeproj/project.pbxproj: Ditto for Cocoa.
640         * css/CSSAllInOne.cpp: Ditto for All-In-One builds.
641         * css/CSSFontFace.cpp: Move shared code from CSSFontSelector into CSSFontFace.
642         (WebCore::CSSFontFace::CSSFontFace):
643         (WebCore::CSSFontFace::~CSSFontFace):
644         (WebCore::CSSFontFace::setFamilies):
645         (WebCore::CSSFontFace::setStyle):
646         (WebCore::CSSFontFace::setWeight):
647         (WebCore::CSSFontFace::setUnicodeRange):
648         (WebCore::CSSFontFace::setVariantLigatures):
649         (WebCore::CSSFontFace::setVariantPosition):
650         (WebCore::CSSFontFace::setVariantCaps):
651         (WebCore::CSSFontFace::setVariantNumeric):
652         (WebCore::CSSFontFace::setVariantAlternates):
653         (WebCore::CSSFontFace::setVariantEastAsian):
654         (WebCore::CSSFontFace::setFeatureSettings):
655         * css/CSSFontFace.h: Clean up.
656         (WebCore::CSSFontFace::create):
657         (WebCore::CSSFontFace::families):
658         (WebCore::CSSFontFace::traitsMask):
659         (WebCore::CSSFontFace::featureSettings):
660         (WebCore::CSSFontFace::variantSettings):
661         (WebCore::CSSFontFace::setVariantSettings):
662         (WebCore::CSSFontFace::setTraitsMask):
663         (WebCore::CSSFontFace::isLocalFallback):
664         (WebCore::CSSFontFace::addRange): Deleted.
665         (WebCore::CSSFontFace::insertFeature): Deleted.
666         (WebCore::CSSFontFace::setVariantCommonLigatures): Deleted.
667         (WebCore::CSSFontFace::setVariantDiscretionaryLigatures): Deleted.
668         (WebCore::CSSFontFace::setVariantHistoricalLigatures): Deleted.
669         (WebCore::CSSFontFace::setVariantContextualAlternates): Deleted.
670         (WebCore::CSSFontFace::setVariantPosition): Deleted.
671         (WebCore::CSSFontFace::setVariantCaps): Deleted.
672         (WebCore::CSSFontFace::setVariantNumericFigure): Deleted.
673         (WebCore::CSSFontFace::setVariantNumericSpacing): Deleted.
674         (WebCore::CSSFontFace::setVariantNumericFraction): Deleted.
675         (WebCore::CSSFontFace::setVariantNumericOrdinal): Deleted.
676         (WebCore::CSSFontFace::setVariantNumericSlashedZero): Deleted.
677         (WebCore::CSSFontFace::setVariantAlternates): Deleted.
678         (WebCore::CSSFontFace::setVariantEastAsianVariant): Deleted.
679         (WebCore::CSSFontFace::setVariantEastAsianWidth): Deleted.
680         (WebCore::CSSFontFace::setVariantEastAsianRuby): Deleted.
681         (WebCore::CSSFontFace::CSSFontFace): Deleted.
682         * css/CSSFontSelector.cpp: Migrate shared code into CSSFontFace, and udpate
683         to use the new API.
684         (WebCore::appendSources):
685         (WebCore::registerLocalFontFacesForFamily):
686         (WebCore::CSSFontSelector::addFontFaceRule):
687         (WebCore::computeTraitsMask): Deleted.
688         (WebCore::createFontFace): Deleted.
689         * css/FontFace.cpp: Added. External JavaScript API. Owns a CSSFontFace.
690         (WebCore::FontFace::FontFace):
691         (WebCore::FontFace::~FontFace):
692         (WebCore::parseString):
693         (WebCore::FontFace::setFamily):
694         (WebCore::FontFace::setStyle):
695         (WebCore::FontFace::setWeight):
696         (WebCore::FontFace::setStretch):
697         (WebCore::FontFace::setUnicodeRange):
698         (WebCore::FontFace::setVariant):
699         (WebCore::FontFace::setFeatureSettings):
700         (WebCore::FontFace::family):
701         (WebCore::FontFace::style):
702         (WebCore::FontFace::weight):
703         (WebCore::FontFace::stretch):
704         (WebCore::FontFace::unicodeRange):
705         (WebCore::FontFace::variant):
706         (WebCore::FontFace::featureSettings):
707         * css/FontFace.h: Added. Ditto.
708         (WebCore::FontFace::create):
709         * css/FontVariantBuilder.cpp: Added. Moved code here from FontVariantBuilder.h.
710         Refactored to support a new client (CSSFontFace).
711         (WebCore::extractFontVariantLigatures):
712         (WebCore::extractFontVariantNumeric):
713         (WebCore::extractFontVariantEastAsian):
714         (WebCore::computeFontVariant):
715         * css/FontVariantBuilder.h: Moved code from here into FontVariantBuilder.cpp.
716         (WebCore::applyValueFontVariantLigatures): Deleted.
717         (WebCore::applyValueFontVariantNumeric): Deleted.
718         (WebCore::applyValueFontVariantEastAsian): Deleted.
719         * css/StyleBuilderCustom.h: Update for new FontVariantBuilder API.
720         (WebCore::StyleBuilderCustom::applyValueFontVariantLigatures):
721         (WebCore::StyleBuilderCustom::applyValueFontVariantNumeric):
722         (WebCore::StyleBuilderCustom::applyValueFontVariantEastAsian):
723         * platform/text/TextFlags.h: Provide convenience classes.
724         (WebCore::FontVariantLigaturesValues::FontVariantLigaturesValues):
725         (WebCore::FontVariantNumericValues::FontVariantNumericValues):
726         (WebCore::FontVariantEastAsianValues::FontVariantEastAsianValues):
727
728 2016-02-12  Jer Noble  <jer.noble@apple.com>
729
730         Build fix after r196506; publish MediaResourceLoader.h as a private header so it can be used by
731         TestWebKitAPI.
732
733         * WebCore.xcodeproj/project.pbxproj:
734
735 2016-02-11  Jer Noble  <jer.noble@apple.com>
736
737         [Mac] Adopt MediaResourceLoader (instead of CachedResourceLoader) in WebCoreNSURLSession.
738         https://bugs.webkit.org/show_bug.cgi?id=154136
739
740         Reviewed by Alex Christensen.
741
742         MediaResourceLoader already supports using CORS attribute to verify CORS access requirements
743         when loading media resources, so use it, rather than CachedResourceLoader, as the backing for
744         WebCoreNSURLSession.
745
746         * platform/network/cocoa/WebCoreNSURLSession.h:
747         * platform/network/cocoa/WebCoreNSURLSession.mm:
748         (-[WebCoreNSURLSession delegateQueue]):
749         (-[WebCoreNSURLSession streamTaskWithNetService:]):
750         (-[WebCoreNSURLSession isKindOfClass:]):
751         (-[WebCoreNSURLSessionDataTask initWithSession:identifier:request:]):
752         (-[WebCoreNSURLSessionDataTask _restart]):
753         (-[WebCoreNSURLSessionDataTask _cancel]):
754         (-[WebCoreNSURLSessionDataTask resume]):
755         (-[WebCoreNSURLSessionDataTask _timingData]):
756         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
757         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
758         (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Deleted.
759         (-[WebCoreNSURLSession loader]): Deleted.
760         (WebCore::WebCoreNSURLSessionDataTaskClient::dataSent): Deleted.
761         (WebCore::WebCoreNSURLSessionDataTaskClient::responseReceived): Deleted.
762         (WebCore::WebCoreNSURLSessionDataTaskClient::dataReceived): Deleted.
763         (WebCore::WebCoreNSURLSessionDataTaskClient::redirectReceived): Deleted.
764         (WebCore::WebCoreNSURLSessionDataTaskClient::notifyFinished): Deleted.
765         (-[WebCoreNSURLSessionDataTask initWithSession:identifier:URL:]): Deleted.
766         (-[WebCoreNSURLSessionDataTask _finish]): Deleted.
767         (-[WebCoreNSURLSessionDataTask _setDefersLoading:]): Deleted.
768         (-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]): Deleted.
769         (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]): Deleted.
770         (-[WebCoreNSURLSessionDataTask resourceFinished:]): Deleted.
771         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
772         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
773
774 2016-02-12  Alex Christensen  <achristensen@webkit.org>
775
776         Fix non-internal builds when using NetworkSession
777         https://bugs.webkit.org/show_bug.cgi?id=152285
778
779         * platform/spi/cf/CFNetworkSPI.h:
780         Add SPI declaration used in r194156.
781
782 2016-02-12  Andreas Kling  <akling@apple.com>
783
784         Throw out all live resource decoded data on memory pressure / suspension.
785         <https://webkit.org/b/154176>
786
787         Reviewed by Antti Koivisto.
788
789         When pruning live resource decoded data from the memory cache,
790         we normally avoid pruning anything that's been painted in the last second.
791         This is an optimization to avoid getting into image decoding loops.
792
793         For memory pressure / process suspension scenarios this doesn't really
794         make sense though:
795
796             - In the pressure case, if we have to render again soon it'll likely
797               be a new GIF frame which we have to decode anyway.
798
799             - In the process suspension case, we might *never* render again,
800               so we should be good citizens and drop all the decoded data we can.
801
802         This patch makes us drop all the decoded data, recently painted or not.
803
804         * platform/MemoryPressureHandler.cpp:
805         (WebCore::MemoryPressureHandler::releaseCriticalMemory):
806
807 2016-02-12  Gavin Barraclough  <barraclough@apple.com>
808
809         Separate out !allowsAccess path in JSDOMWindowCustom getOwnPropertySlot
810         https://bugs.webkit.org/show_bug.cgi?id=154156
811
812         Reviewed by Chris Dumez.
813
814         JSDOMWindowCustom getOwnPropertySlot currently allows cross-origin access to all
815         static properties, relying on the property to perform the access check. This is
816         a little insecure, since it is error prone - someone could easily add a property
817         to the static table without realizing it would be automatcially exposed.
818
819         Instead, add a hard-coded filter to restrict access. As a future implementation
820         we might consider autogenerating this (the properties are already tagged in IDL,
821         we might be able to track this in a flag on the static table).
822
823         By separating out the handling of the same- and cross-origin access we can
824         simplify & make the policy being enforced much clearer.
825
826         * bindings/js/JSDOMBinding.cpp:
827         (WebCore::objectToStringFunctionGetter): Deleted.
828             - removed objectToStringFunctionGetter - this duplicated functionality of
829               nonCachingStaticFunctionGetter.
830         * bindings/js/JSDOMBinding.h:
831         (WebCore::objectToStringFunctionGetter): Deleted.
832             - removed objectToStringFunctionGetter - this duplicated functionality of
833               nonCachingStaticFunctionGetter.
834         * bindings/js/JSDOMWindowCustom.cpp:
835         (WebCore::jsDOMWindowGetOwnPropertySlotDisallowAccess):
836             - explicitly handle providing access to only the things we do want to allow cross-origin.
837         (WebCore::JSDOMWindow::getOwnPropertySlot):
838         (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
839             - push all !allowsAccess handling to jsDOMWindowGetOwnPropertySlotDisallowAccess
840         (WebCore::childFrameGetter): Deleted.
841             - this was just a deoptimiztion - moving access into a callback saved very
842               little & caused more work to be duplicated.
843
844 2016-02-12  Sukolsak Sakshuwong  <sukolsak@gmail.com>
845
846         Update ICU header files to version 52
847         https://bugs.webkit.org/show_bug.cgi?id=154160
848
849         Reviewed by Alex Christensen.
850
851         Update ICU header files to version 52 to allow the use of newer APIs.
852
853         No new tests because there is no behavior change.
854
855         * icu/unicode/bytestream.h:
856         * icu/unicode/chariter.h:
857         * icu/unicode/localpointer.h:
858         * icu/unicode/platform.h:
859         * icu/unicode/ptypes.h:
860         * icu/unicode/putil.h:
861         * icu/unicode/rep.h:
862         (Replaceable::Replaceable):
863         * icu/unicode/std_string.h:
864         * icu/unicode/strenum.h:
865         * icu/unicode/stringpiece.h:
866         * icu/unicode/ubrk.h:
867         * icu/unicode/uchar.h:
868         * icu/unicode/ucnv.h:
869         * icu/unicode/ucol.h:
870         * icu/unicode/ucoleitr.h:
871         * icu/unicode/uconfig.h:
872         * icu/unicode/ucsdet.h:
873         * icu/unicode/uenum.h:
874         * icu/unicode/uidna.h:
875         * icu/unicode/uiter.h:
876         * icu/unicode/uloc.h:
877         * icu/unicode/umachine.h:
878         * icu/unicode/unistr.h:
879         (UnicodeString::UnicodeString):
880         (UnicodeString::operator== ):
881         (UnicodeString::startsWith):
882         (UnicodeString::setTo):
883         (UnicodeString::remove):
884         (UnicodeString::replace): Deleted.
885         (UnicodeString::extract): Deleted.
886         (UnicodeString::char32At): Deleted.
887         (UnicodeString::getChar32Start): Deleted.
888         (UnicodeString::getChar32Limit): Deleted.
889         (UnicodeString::getTerminatedBuffer): Deleted.
890         (UnicodeString::append): Deleted.
891         (UnicodeString::truncate): Deleted.
892         * icu/unicode/unorm2.h:
893         * icu/unicode/uobject.h:
894         * icu/unicode/urename.h:
895         * icu/unicode/uscript.h:
896         * icu/unicode/usearch.h:
897         * icu/unicode/uset.h:
898         * icu/unicode/ushape.h:
899         * icu/unicode/ustring.h:
900         * icu/unicode/utext.h:
901         * icu/unicode/utf.h:
902         * icu/unicode/utf16.h:
903         * icu/unicode/utf8.h:
904         * icu/unicode/utf_old.h:
905         * icu/unicode/utypes.h:
906         * icu/unicode/uvernum.h:
907         * icu/unicode/uversion.h:
908
909 2016-02-12  Andreas Kling  <akling@apple.com>
910
911         [Mac] BitmapImage::decodedDataIsPurgeable() is telling lies and causing massive memory usage.
912         <https://webkit.org/b/154172>
913
914         Reviewed by Antti Koivisto.
915
916         The underlying mechanism in CoreAnimation that made this work is no longer in place.
917
918         Instead of keeping purgeable frames and juggling volatility bits, we were simply caching
919         every single frame of large GIF animations, sometimes leading to monstrous memory usage.
920
921         Remove the code from WebCore since it's not doing at all what it means to.
922
923         Now iOS and Mac will behave the same again, and frame caching decisions will be
924         made by WebKit, based on total pixel byte size.
925
926         * loader/cache/CachedImage.h:
927         * loader/cache/CachedResource.h:
928         (WebCore::CachedResource::decodedDataIsPurgeable): Deleted.
929         * loader/cache/MemoryCache.cpp:
930         (WebCore::MemoryCache::pruneLiveResourcesToSize): Deleted.
931         * platform/graphics/BitmapImage.cpp:
932         (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
933         (WebCore::BitmapImage::destroyDecodedDataIfNecessary): Deleted.
934         * platform/graphics/BitmapImage.h:
935         * platform/graphics/Image.h:
936         (WebCore::Image::decodedDataIsPurgeable): Deleted.
937         * platform/graphics/cg/BitmapImageCG.cpp:
938         (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
939         * platform/graphics/cg/ImageSourceCG.cpp:
940         (WebCore::ImageSource::createFrameAtIndex): Deleted.
941
942 2016-02-12  Brady Eidson  <beidson@apple.com>
943
944         Modern IDB: Ref cycle between IDBObjectStore and IDBIndex.
945         https://bugs.webkit.org/show_bug.cgi?id=154110
946
947         Reviewed by Darin Adler.
948
949         No new tests (Currently untestable).
950
951         The lifetime of IDBObjectStore and IDBIndex are closely intertwined, but we have to break the ref cycle.
952         
953         This patch does a few semi-gnarly things:
954         1 - Makes both IDBIndex and IDBObjectStore have a custom marking function so they can add each other as 
955             opaque roots.
956         2 - Adds a lock to protect IDBObjectStore's collection of referenced indexes to support #1, as GC marking
957             can happen on any thread.
958         3 - Makes IDBIndex not be traditionally RefCounted; Instead, IDBIndex::ref()/deref() simply ref()/deref()
959             the owning IDBObjectStore.
960         4 - ...Except when somebody deletes an IDBIndex from its IDBObjectStore. Once that happens, the object
961             store no longer has a reference back to the index, but the index still needs a reference back to the
962             object store. To support this, the IDBIndex becomes "traditionally RefCounted" while holding a ref to
963             its IDBObjectStore.
964
965         * CMakeLists.txt:
966         * WebCore.xcodeproj/project.pbxproj:
967
968         * Modules/indexeddb/IDBIndex.h:
969         (WebCore::IDBIndex::isModern):
970         * Modules/indexeddb/IDBIndex.idl:
971         
972         * Modules/indexeddb/IDBObjectStore.h:
973         (WebCore::IDBObjectStore::isModern):
974         * Modules/indexeddb/IDBObjectStore.idl:
975         
976         * Modules/indexeddb/client/IDBIndexImpl.cpp:
977         (WebCore::IDBClient::IDBIndex::objectStore):
978         (WebCore::IDBClient::IDBIndex::openCursor):
979         (WebCore::IDBClient::IDBIndex::doCount):
980         (WebCore::IDBClient::IDBIndex::openKeyCursor):
981         (WebCore::IDBClient::IDBIndex::doGet):
982         (WebCore::IDBClient::IDBIndex::doGetKey):
983         (WebCore::IDBClient::IDBIndex::markAsDeleted):
984         (WebCore::IDBClient::IDBIndex::ref):
985         (WebCore::IDBClient::IDBIndex::deref):
986         (WebCore::IDBClient::IDBIndex::create): Deleted.
987         * Modules/indexeddb/client/IDBIndexImpl.h:
988         (WebCore::IDBClient::IDBIndex::modernObjectStore):
989         
990         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
991         (WebCore::IDBClient::IDBObjectStore::createIndex):
992         (WebCore::IDBClient::IDBObjectStore::index):
993         (WebCore::IDBClient::IDBObjectStore::deleteIndex):
994         (WebCore::IDBClient::IDBObjectStore::visitReferencedIndexes):
995         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
996         
997         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
998         (WebCore::IDBClient::IDBTransaction::createIndex):
999         * Modules/indexeddb/client/IDBTransactionImpl.h:
1000         
1001         * Modules/indexeddb/legacy/LegacyIndex.cpp:
1002         (WebCore::LegacyIndex::ref):
1003         (WebCore::LegacyIndex::deref):
1004         * Modules/indexeddb/legacy/LegacyIndex.h:
1005         
1006         * bindings/js/JSIDBIndexCustom.cpp: Added.
1007         (WebCore::JSIDBIndex::visitAdditionalChildren):
1008         
1009         * bindings/js/JSIDBObjectStoreCustom.cpp:
1010         (WebCore::JSIDBObjectStore::visitAdditionalChildren):
1011
1012 2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>
1013
1014         [EFL][GTK] Fix ENABLE(SVG_OTF_CONVERTER) build
1015         https://bugs.webkit.org/show_bug.cgi?id=154165
1016
1017         Reviewed by Alex Christensen.
1018
1019         * CMakeLists.txt:
1020         * css/CSSFontFaceSource.cpp:
1021         (WebCore::CSSFontFaceSource::font):
1022         * svg/SVGToOTFFontConversion.cpp:
1023         * svg/SVGToOTFFontConversion.h:
1024
1025 2016-02-12  Chris Dumez  <cdumez@apple.com>
1026
1027         Unreviewed nit fixes after r196466.
1028
1029         * Modules/speech/SpeechSynthesisUtterance.idl: Fix curly bracket
1030           placement.
1031         * bindings/scripts/CodeGeneratorJS.pm:
1032         (GenerateHeader): Use wrappableObject instead of domObject.
1033         * bindings/scripts/test/*: Rebaseline.
1034         * dom/WebKitNamedFlow.idl: Drop unnecessary #if case.
1035
1036 2016-02-12  Carlos Garcia Campos  <cgarcia@igalia.com>
1037
1038         [GTK] Properly handle classes inheriting from EventTarget
1039         https://bugs.webkit.org/show_bug.cgi?id=154158
1040
1041         Reviewed by Michael Catanzaro.
1042
1043         Instead of removing its parent we now handle the case of classes
1044         having EventTarget as parent to make them implement the interface
1045         instead.
1046
1047         * bindings/scripts/CodeGeneratorGObject.pm:
1048         (ShouldBeExposedAsInterface): Whether the parent given class
1049         should be exposed as an interface instead of a parent class.
1050         (GetParentClassName): Return Object as parent for classes having
1051         a parent that should be exposed as an interface.
1052         (GetParentImplClassName): Ditto.
1053         (GetBaseClass): Ditto.
1054         (GetParentGObjType): Ditto.
1055         (SkipFunction): Add FIXME comment.
1056         (ImplementsInterface): Helper function to check if a class
1057         implements the given interface.
1058         (GenerateCFile): Check whether the class implements EventTarget to
1059         generate the interface implementation.
1060         (GenerateInterface): Do not remove the parent class when it's EventTarget.
1061
1062 2016-02-12  Commit Queue  <commit-queue@webkit.org>
1063
1064         Unreviewed, rolling out r196470.
1065         https://bugs.webkit.org/show_bug.cgi?id=154167
1066
1067         Broke some tests (Requested by anttik on #webkit).
1068
1069         Reverted changeset:
1070
1071         "Factor class change style invalidation code into a class"
1072         https://bugs.webkit.org/show_bug.cgi?id=154163
1073         http://trac.webkit.org/changeset/196470
1074
1075 2016-02-12  Antti Koivisto  <antti@apple.com>
1076
1077         Factor class change style invalidation code into a class
1078         https://bugs.webkit.org/show_bug.cgi?id=154163
1079
1080         Reviewed by Andreas Kling.
1081
1082         Factor this piece of functionality out of Element and into ClassChangeInvalidation class.
1083
1084         * CMakeLists.txt:
1085         * WebCore.vcxproj/WebCore.vcxproj:
1086         * WebCore.xcodeproj/project.pbxproj:
1087         * dom/Element.cpp:
1088         (WebCore::classStringHasClassName):
1089         (WebCore::Element::classAttributeChanged):
1090         (WebCore::collectClasses): Deleted.
1091         (WebCore::computeClassChange): Deleted.
1092         (WebCore::invalidateStyleForClassChange): Deleted.
1093         * style/ClassChangeInvalidation.cpp: Added.
1094         (WebCore::Style::ClassChangeInvalidation::computeClassChange):
1095         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
1096         * style/ClassChangeInvalidation.h: Added.
1097         (WebCore::Style::ClassChangeInvalidation::needsInvalidation):
1098         (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
1099         (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):
1100
1101 2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>
1102
1103         GCC buildfix in Source/WebCore/svg/SVGToOTFFontConversion.cpp
1104         https://bugs.webkit.org/show_bug.cgi?id=154162
1105
1106         Reviewed by Andreas Kling.
1107
1108         * svg/SVGToOTFFontConversion.cpp:
1109         (WebCore::SVGToOTFFontConverter::finishAppendingKERNSubtable):
1110
1111 2016-02-12  Andreas Kling  <akling@apple.com>
1112
1113         Don't invalidate the FontCache on memory pressure.
1114         <https://webkit.org/b/154161>
1115
1116         Reviewed by Antti Koivisto.
1117
1118         Invalidating the FontCache does more harm than good:
1119
1120             - Anything that's still in the cache at this point is also
1121               referenced outside the cache, thus will not actually get deleted.
1122
1123             - Future deduplication will fail, leading to more objects.
1124
1125             - The global FontCache generation gets bumped, causing future style
1126               recalcs to be less efficient and breaking style sharing.
1127
1128             - All FontSelector invalidation callbacks will fire, potentially
1129               causing forced full-document style recalcs.
1130
1131         In fact, the only win from invalidating the FontCache comes from some
1132         minor shrinkage in the containers that make up the cache itself.
1133
1134         * platform/MemoryPressureHandler.cpp:
1135         (WebCore::MemoryPressureHandler::releaseCriticalMemory): Deleted.
1136
1137 2016-02-11  Chris Dumez  <cdumez@apple.com>
1138
1139         [Web IDL] interfaces should inherit EventTarget instead of duplicating the EventTarget API
1140         https://bugs.webkit.org/show_bug.cgi?id=154121
1141         <rdar://problem/24613234>
1142
1143         Reviewed by Gavin Barraclough.
1144
1145         Interfaces should inherit EventTarget instead of duplicating the
1146         EventTarget API in their IDL. Not only the duplication is ugly and
1147         error-prone, but this also does not match the specifications and
1148         have subtle web-exposed differences.
1149
1150         This patch takes care of all interfaces except for DOMWindow and
1151         WorkerGlobalScope. Those will be updated in the follow-up patch
1152         as they will require a little bit more work and testing.
1153
1154         We should also be able to get rid of the [EventTarget] WebKit IDL
1155         attribute in a follow-up.
1156
1157         No new tests, already covered by existing tests.
1158
1159         * Modules/battery/BatteryManager.idl:
1160         * Modules/encryptedmedia/MediaKeySession.idl:
1161         * Modules/indexeddb/IDBDatabase.h:
1162         * Modules/indexeddb/IDBDatabase.idl:
1163         * Modules/indexeddb/IDBRequest.h:
1164         * Modules/indexeddb/IDBRequest.idl:
1165         * Modules/indexeddb/IDBTransaction.h:
1166         * Modules/indexeddb/IDBTransaction.idl:
1167         * Modules/mediasession/MediaRemoteControls.idl:
1168         * Modules/mediasource/MediaSource.h:
1169         * Modules/mediasource/MediaSource.idl:
1170         * Modules/mediasource/SourceBuffer.h:
1171         * Modules/mediasource/SourceBuffer.idl:
1172         * Modules/mediasource/SourceBufferList.h:
1173         * Modules/mediasource/SourceBufferList.idl:
1174         * Modules/mediastream/MediaStream.h:
1175         * Modules/mediastream/MediaStream.idl:
1176         * Modules/mediastream/MediaStreamTrack.h:
1177         * Modules/mediastream/MediaStreamTrack.idl:
1178         * Modules/mediastream/RTCDTMFSender.h:
1179         * Modules/mediastream/RTCDTMFSender.idl:
1180         * Modules/mediastream/RTCDataChannel.h:
1181         * Modules/mediastream/RTCDataChannel.idl:
1182         * Modules/mediastream/RTCPeerConnection.h:
1183         * Modules/mediastream/RTCPeerConnection.idl:
1184         * Modules/notifications/Notification.idl:
1185         * Modules/speech/SpeechSynthesisUtterance.idl:
1186         * Modules/webaudio/AudioContext.idl:
1187         * Modules/webaudio/AudioNode.idl:
1188         * Modules/websockets/WebSocket.idl:
1189         * css/FontLoader.idl:
1190         * dom/EventTarget.h:
1191         * dom/MessagePort.idl:
1192         * dom/Node.h:
1193         * dom/Node.idl:
1194         * dom/WebKitNamedFlow.idl:
1195         * fileapi/FileReader.idl:
1196         * html/MediaController.idl:
1197         * html/track/AudioTrackList.idl:
1198         * html/track/TextTrack.idl:
1199         * html/track/TextTrackCue.idl:
1200         * html/track/TextTrackList.idl:
1201         * html/track/VideoTrackList.idl:
1202         * loader/appcache/DOMApplicationCache.h:
1203         * loader/appcache/DOMApplicationCache.idl:
1204         * page/EventSource.idl:
1205         * page/Performance.h:
1206         * page/Performance.idl:
1207         * workers/Worker.idl:
1208         * xml/XMLHttpRequest.h:
1209         * xml/XMLHttpRequest.idl:
1210         * xml/XMLHttpRequestUpload.idl:
1211         - Drop hardcoded EventTarget operations and inherit EventTarget instead.
1212         - Drop JSGenerateToNativeObject / JSGenerateToJSObject IDL extended
1213           attributes for interfaces inheriting the EventTarget interface as
1214           the bindings generator now does this automatically for us.
1215         - On native side, have EventTarget subclass ScriptWrappable instead of
1216           each of its subclasses doing so. The issue was that
1217           EventTargetOwner::finalize() was calling uncacheWrapper() with an
1218           EventTarget*, which would not clear inlined cached wrapped (see
1219           clearInlineCachedWrapper()) because EventTarget did not subclass
1220           ScriptWrappable. However, cacheWrapper() is called is a specific
1221           subtype pointer (e.g. Node*) and we would decide to create an
1222           inline cached wrapper because Node subclassed ScriptWrappable
1223           (as well as EventTarget).
1224
1225         * WebCore.xcodeproj/project.pbxproj:
1226         Export JSEventTarget.h as private header to fix the build.
1227
1228         * bindings/js/JSDOMBinding.h:
1229         (WebCore::wrapperKey):
1230         (WebCore::getCachedWrapper):
1231         (WebCore::cacheWrapper):
1232         (WebCore::uncacheWrapper):
1233         Use new wrapperKey() function that is generated for each bindings
1234         class that also has wrapperOwner(). This is used instead of the
1235         C cast to void* in order to cast to the base wrapped type to fix
1236         issues with multiple inheritance. The issue was that cacheWrapper()
1237         was getting called with a DOM object subtype pointer (e.g.
1238         AudioContext*) but uncacheWrapper() was getting called with a base
1239         wrapped type pointer (e.g. EventTarget*). Most of our DOM classes
1240         use multiple inheritance and thus the pointer values (used as keys
1241         in the weak map) may differ.
1242
1243         * bindings/js/JSTrackCustom.cpp:
1244         (WebCore::toJS):
1245         Call CREATE_DOM_WRAPPER() with an actual wrapped type (e.g. AudioTrack)
1246         instead of TrackBase type. TrackBase does not have corresponding
1247         generated bindings and therefore does not have a wrapperKey()
1248         function.
1249
1250         * bindings/scripts/CodeGeneratorJS.pm:
1251         (ShouldGenerateToWrapped):
1252         (ShouldGenerateToJSDeclaration):
1253         (GenerateHeader):
1254         - Generate a wrapperKey() utility function along-side wrapperOwner()
1255           to help cast to the base wrapped type.
1256         - Generate toWrapped() / toJS() utility functions for interfaces
1257           that inherit EventTarget as those are required by our
1258           implementation and this avoids having to explicitly have them in
1259           the IDL.
1260
1261         * bindings/scripts/test/*:
1262         Rebaseline bindings tests.
1263
1264 2016-02-11  Brent Fulgham  <bfulgham@apple.com>
1265
1266         Optimize texture-complete checks
1267         https://bugs.webkit.org/show_bug.cgi?id=98308
1268
1269         Reviewed by Dean Jackson.
1270
1271         No new tests: No change in behavior.
1272
1273         * html/canvas/WebGLRenderingContextBase.cpp:
1274         (WebCore::WebGLRenderingContextBase::initializeNewContext): Initially consider all
1275         textures as suspect.
1276         (WebCore::WebGLRenderingContextBase::extensions): New helper function.
1277         (WebCore::WebGLRenderingContextBase::reshape): Mark textures as invalid when appropriate.
1278         (WebCore::WebGLRenderingContextBase::bindTexture): Identify invalid textures and mark
1279         them for later fix-up. Likewise, remove 'known good' textures from the fix-up pass.
1280         (WebCore::WebGLRenderingContextBase::deleteTexture): Remove instances of the deleted texture
1281         from our set of invalid textures.
1282         (WebCore::WebGLRenderingContextBase::checkTextureCompleteness): Only iterate through
1283         the 'bad' textures, rather than checking every single texture.
1284         * html/canvas/WebGLRenderingContextBase.h:
1285
1286 2016-02-11  Alex Christensen  <achristensen@webkit.org>
1287
1288         Assert that IDBTransaction::transitionedToFinishing transitions to finishing.
1289         https://bugs.webkit.org/show_bug.cgi?id=154061
1290
1291         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
1292         (WebCore::IDBClient::IDBTransaction::transitionedToFinishing):
1293         Added assertion that we are transitioning to a finished or finishing state, based on Darin's feedback.
1294
1295 2016-02-11  Enrica Casucci  <enrica@apple.com>
1296
1297         WebContent process crashes when performing data detection on content with existing data detector links.
1298         https://bugs.webkit.org/show_bug.cgi?id=154118
1299         rdar://problem/24511860
1300
1301         Reviewed by Tim Horton.
1302
1303         The DOM mutation caused by removing the existing links, can shift the range endpoints.
1304         We now save the range enpoints as positions so that we can recreate the ranges,
1305         if a DOM mutation occurred.
1306
1307         * editing/cocoa/DataDetection.mm:
1308         (WebCore::removeResultLinksFromAnchor):
1309         (WebCore::searchForLinkRemovingExistingDDLinks):
1310         (WebCore::DataDetection::detectContentInRange):
1311
1312 2016-02-11  Jer Noble  <jer.noble@apple.com>
1313
1314         Make MediaResourceLoader behave more like a CachedResourceLoader.
1315         https://bugs.webkit.org/show_bug.cgi?id=154117
1316
1317         Reviewed by Alex Christensen.
1318
1319         MediaResourceLoader currently can only handle a single request at a time. Split the class
1320         into two, MediaResourceLoader and MediaResource, effectively wrapping CachedResourceLoader
1321         and CachedRawResource respectively. With this devision, the same loader can be used to issue
1322         multiple simultaneous resource requests.
1323
1324         This necessecitates splitting PlatformMediaResource into two classes as well.  To simplify
1325         the HTMLMediaElement, MediaPlayer, and MediaPlayerClient APIs, do not require a client
1326         object when creating the loader; instead, the client is required to create the resource.
1327         This also matches the CachedRawResource API.
1328
1329         * html/HTMLMediaElement.cpp:
1330         (WebCore::HTMLMediaElement::mediaPlayerCreateResourceLoader): Remove the client parameter.
1331         * html/HTMLMediaElement.h:
1332         * loader/MediaResourceLoader.cpp:
1333         (WebCore::MediaResourceLoader::MediaResourceLoader):
1334         (WebCore::MediaResourceLoader::~MediaResourceLoader):
1335         (WebCore::MediaResourceLoader::requestResource): Renamed from start().
1336         (WebCore::MediaResourceLoader::removeResource): Remove resource from live resource list.
1337         (WebCore::MediaResource::create): Utility factory.
1338         (WebCore::MediaResource::MediaResource):
1339         (WebCore::MediaResource::~MediaResource):
1340         (WebCore::MediaResource::stop): Moved from MediaResourceLoader.
1341         (WebCore::MediaResource::setDefersLoading): Ditto.
1342         (WebCore::MediaResource::responseReceived): Ditto.
1343         (WebCore::MediaResource::redirectReceived): Ditto.
1344         (WebCore::MediaResource::dataSent): Ditto.
1345         (WebCore::MediaResource::dataReceived): Ditto.
1346         (WebCore::MediaResource::notifyFinished): Ditto.
1347         (WebCore::MediaResource::getOrCreateReadBuffer): Ditto.
1348         * loader/MediaResourceLoader.h:
1349         * platform/graphics/MediaPlayer.cpp:
1350         (WebCore::MediaPlayer::createResourceLoader):
1351         * platform/graphics/MediaPlayer.h:
1352         (WebCore::MediaPlayerClient::mediaPlayerCreateResourceLoader):
1353         * platform/graphics/PlatformMediaResourceLoader.h:
1354         (WebCore::PlatformMediaResourceClient::~PlatformMediaResourceClient): Renamed from PlatformMediaResourceLoaderClient.
1355         (WebCore::PlatformMediaResourceClient::responseReceived): Client methods now take a reference to the resource.
1356         (WebCore::PlatformMediaResourceClient::redirectReceived): Ditto.
1357         (WebCore::PlatformMediaResourceClient::dataSent): Ditto. 
1358         (WebCore::PlatformMediaResourceClient::dataReceived): Ditto.
1359         (WebCore::PlatformMediaResourceClient::accessControlCheckFailed): Ditto.
1360         (WebCore::PlatformMediaResourceClient::loadFailed): Ditto.
1361         (WebCore::PlatformMediaResourceClient::loadFinished): Ditto.
1362         (WebCore::PlatformMediaResourceClient::getOrCreateReadBuffer): Ditto.
1363         (WebCore::PlatformMediaResourceLoader::PlatformMediaResourceLoader): Ditto.
1364         (WebCore::PlatformMediaResource::PlatformMediaResource): 
1365         (WebCore::PlatformMediaResource::~PlatformMediaResource): 
1366         (WebCore::PlatformMediaResource::setClient):
1367         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
1368         (webKitWebSrcStart):
1369         (webKitWebSrcNeedData):
1370         (webKitWebSrcEnoughData):
1371         (CachedResourceStreamingClient::getOrCreateReadBuffer):
1372         (CachedResourceStreamingClient::responseReceived):
1373         (CachedResourceStreamingClient::dataReceived):
1374         (CachedResourceStreamingClient::accessControlCheckFailed):
1375         (CachedResourceStreamingClient::loadFailed):
1376         (CachedResourceStreamingClient::loadFinished):
1377
1378 2016-02-11  Zalan Bujtas  <zalan@apple.com>
1379
1380         Subpixel rendering: Make focusring painting subpixel aware.
1381         https://bugs.webkit.org/show_bug.cgi?id=154111
1382
1383         Reviewed by David Hyatt.
1384
1385         Do not integral snap focusring rects while collecting them (use device pixel snapping instead
1386         right before passing them to GraphicsContext::drawFocusRing).
1387
1388         Unable to test.
1389
1390         * platform/graphics/GraphicsContext.h:
1391         * platform/graphics/displaylists/DisplayListItems.h:
1392         (WebCore::DisplayList::DrawFocusRingRects::create):
1393         (WebCore::DisplayList::DrawFocusRingRects::rects):
1394         (WebCore::DisplayList::DrawFocusRingRects::DrawFocusRingRects):
1395         * platform/graphics/displaylists/DisplayListRecorder.cpp:
1396         (WebCore::DisplayList::Recorder::drawFocusRing):
1397         * platform/graphics/displaylists/DisplayListRecorder.h:
1398         * platform/graphics/mac/GraphicsContextMac.mm:
1399         (WebCore::GraphicsContext::drawFocusRing):
1400         * rendering/RenderBlock.cpp:
1401         (WebCore::RenderBlock::addFocusRingRectsForInlineChildren):
1402         (WebCore::RenderBlock::addFocusRingRects):
1403         * rendering/RenderBlock.h:
1404         * rendering/RenderBlockFlow.cpp:
1405         (WebCore::RenderBlockFlow::addFocusRingRectsForInlineChildren):
1406         * rendering/RenderBlockFlow.h:
1407         * rendering/RenderBox.cpp:
1408         (WebCore::RenderBox::addFocusRingRects):
1409         * rendering/RenderBox.h:
1410         * rendering/RenderElement.cpp:
1411         (WebCore::RenderElement::paintFocusRing):
1412         (WebCore::RenderElement::issueRepaintForOutlineAuto):
1413         * rendering/RenderInline.cpp:
1414         (WebCore::RenderInline::absoluteRects):
1415         (WebCore::RenderInline::addFocusRingRects):
1416         * rendering/RenderInline.h:
1417         * rendering/RenderListBox.cpp:
1418         (WebCore::RenderListBox::addFocusRingRects):
1419         * rendering/RenderListBox.h:
1420         * rendering/RenderObject.cpp:
1421         (WebCore::RenderObject::addPDFURLRect):
1422         (WebCore::RenderObject::absoluteFocusRingQuads):
1423         * rendering/RenderObject.h:
1424         (WebCore::RenderObject::addFocusRingRects):
1425         * rendering/RenderTextControl.cpp:
1426         (WebCore::RenderTextControl::addFocusRingRects):
1427         * rendering/RenderTextControl.h:
1428         * rendering/svg/RenderSVGContainer.cpp:
1429         (WebCore::RenderSVGContainer::addFocusRingRects):
1430         * rendering/svg/RenderSVGContainer.h:
1431         * rendering/svg/RenderSVGImage.cpp:
1432         (WebCore::RenderSVGImage::addFocusRingRects):
1433         * rendering/svg/RenderSVGImage.h:
1434         * rendering/svg/RenderSVGShape.cpp:
1435         (WebCore::RenderSVGShape::addFocusRingRects):
1436         * rendering/svg/RenderSVGShape.h:
1437
1438 2016-02-11  Myles C. Maxfield  <mmaxfield@apple.com>
1439
1440         Addressing post-review comments after r196393
1441
1442         Unreviewed.
1443
1444         * css/CSSFontSelector.cpp:
1445         (WebCore::CSSFontSelector::getFontFace):
1446         * css/CSSSegmentedFontFace.h:
1447
1448 2016-02-11  Antti Koivisto  <antti@apple.com>
1449
1450         Rename Element::style() to Element::cssomStyle()
1451         https://bugs.webkit.org/show_bug.cgi?id=154107
1452
1453         Reviewed by Alex Christensen.
1454
1455         It implements the IDL "style" attribute that returns a CSSOM object.
1456         Inside WebCore "style" generally refers to a RenderStyle.
1457
1458         * dom/Element.cpp:
1459         (WebCore::Element::hasAttributeNS):
1460         (WebCore::Element::cssomStyle):
1461         (WebCore::Element::focus):
1462         (WebCore::Element::style): Deleted.
1463         * dom/Element.h:
1464         (WebCore::Element::tagQName):
1465         * dom/Element.idl:
1466         * dom/StyledElement.cpp:
1467         (WebCore::StyledElement::~StyledElement):
1468         (WebCore::StyledElement::cssomStyle):
1469         (WebCore::StyledElement::style): Deleted.
1470         * dom/StyledElement.h:
1471         (WebCore::StyledElement::synchronizeStyleAttributeInternal):
1472         (WebCore::StyledElement::collectStyleForPresentationAttribute):
1473         * editing/Editor.cpp:
1474         (WebCore::Editor::applyEditingStyleToElement):
1475         * inspector/InspectorCSSAgent.cpp:
1476         (WebCore::InspectorCSSAgent::getMatchedStylesForNode):
1477         (WebCore::InspectorCSSAgent::getInlineStylesForNode):
1478         (WebCore::InspectorCSSAgent::asInspectorStyleSheet):
1479         * inspector/InspectorStyleSheet.cpp:
1480         (WebCore::InspectorStyleSheetForInlineStyle::didModifyElementAttribute):
1481         (WebCore::InspectorStyleSheetForInlineStyle::inlineStyle):
1482         (WebCore::InspectorStyleSheetForInlineStyle::elementStyleText):
1483         * svg/SVGElement.idl:
1484
1485 2016-02-11  Konstantin Tokarev  <annulen@yandex.ru>
1486
1487         [cmake] Consolidate TextureMapper file and include dir lists.
1488         https://bugs.webkit.org/show_bug.cgi?id=154106
1489
1490         Reviewed by Michael Catanzaro.
1491
1492         No new tests needed.
1493
1494         * CMakeLists.txt: Moved texmap include dir and source list to
1495         TextureMapper.cmake, removed non-existent include dir "filters/texmap".
1496         * PlatformEfl.cmake: Moved texmap and coordinatedgraphics include
1497         dirs and source list to TextureMapper.cmake.
1498         * PlatformGTK.cmake: Ditto, also removed non-existent include dir
1499         "texmap/threadedcompositor"
1500         * PlatformWinCairo.cmake: Moved texmap files to TextureMapper.cmake.
1501         * platform/TextureMapper.cmake: Added.
1502
1503 2016-02-11  Chris Dumez  <cdumez@apple.com>
1504
1505         Move 'length' property to the prototype
1506         https://bugs.webkit.org/show_bug.cgi?id=154051
1507         <rdar://problem/24577385>
1508
1509         Reviewed by Darin Adler.
1510
1511         Move 'length' property to the prototype, where it should be. We used to
1512         keep it on the instance because our implementation of
1513         getOwnPropertySlot() was wrong for interfaces with a named property
1514         getter. However, our implementation of getOwnPropertySlot() is now
1515         spec-compliant so this should be OK.
1516
1517         Moving 'length' to the prototype is also a little bit risky in terms of
1518         performance, especially for HTMLCollection / NodeList. However, I did
1519         not see an impact on realistic benchmarks like Speedometer and only saw
1520         a small impact (< 5%) on micro-benchmarks. I propose we make our behavior
1521         correct and monitor performance. If we see any benchmark we care about
1522         regress then we should try and optimize while keeping the attribute on
1523         the prototype.
1524
1525         No new tests, already covered by existing tests.
1526
1527         * bindings/js/JSDOMBinding.h:
1528         (WebCore::getStaticValueSlotEntryWithoutCaching):
1529         * bindings/js/JSHTMLDocumentCustom.cpp:
1530         (WebCore::JSHTMLDocument::getOwnPropertySlot):
1531         (WebCore::JSHTMLDocument::nameGetter): Deleted.
1532         * bindings/js/JSLocationCustom.cpp:
1533         (WebCore::JSLocation::putDelegate):
1534         * bindings/js/JSPluginElementFunctions.h:
1535         (WebCore::pluginElementCustomGetOwnPropertySlot):
1536         * bindings/js/JSStorageCustom.cpp:
1537         (WebCore::JSStorage::deleteProperty):
1538         (WebCore::JSStorage::deletePropertyByIndex):
1539         (WebCore::JSStorage::putDelegate):
1540         Leverage the new hasStaticPropertyTable static property in the
1541         generated bindings for performance.
1542
1543         * bindings/scripts/CodeGeneratorJS.pm:
1544         (GenerateHeader):
1545         Generate a "hasStaticPropertyTable" static const boolean property
1546         for each bindings class so we can check at build time if
1547         ClassInfo::staticPropHashTable is null.
1548
1549         (AttributeShouldBeOnInstance):
1550         Move "length" to the prototype.
1551
1552         * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
1553         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
1554         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
1555         * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
1556         * bindings/scripts/test/JS/JSTestEventConstructor.h:
1557         * bindings/scripts/test/JS/JSTestEventTarget.h:
1558         * bindings/scripts/test/JS/JSTestException.h:
1559         * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
1560         * bindings/scripts/test/JS/JSTestInterface.h:
1561         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h:
1562         * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
1563         * bindings/scripts/test/JS/JSTestNamedConstructor.h:
1564         * bindings/scripts/test/JS/JSTestNode.h:
1565         * bindings/scripts/test/JS/JSTestNondeterministic.h:
1566         * bindings/scripts/test/JS/JSTestObj.h:
1567         * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
1568         * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
1569         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
1570         * bindings/scripts/test/JS/JSTestTypedefs.h:
1571         * bindings/scripts/test/JS/JSattribute.h:
1572         * bindings/scripts/test/JS/JSreadonly.h:
1573         Rebaseline bindings tests.
1574
1575
1576 2016-02-11  Csaba Osztrogonác  <ossy@webkit.org>
1577
1578         Fix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
1579         https://bugs.webkit.org/show_bug.cgi?id=154035
1580
1581         Reviewed by Antti Koivisto.
1582
1583         Follow-up fix after r196365. Removed guards around slotNodeIndex.
1584
1585         * dom/ComposedTreeIterator.h:
1586         (WebCore::ComposedTreeIterator::Context::Context):
1587
1588 2016-02-10  Ryan Haddad  <ryanhaddad@apple.com>
1589
1590         Updating bindings test reference file for JSTestEventConstructor.cpp after r196400
1591
1592         Unreviewed test gardening.
1593
1594         No new tests needed.
1595
1596         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
1597         (WebCore::JSTestEventConstructorConstructor::construct):
1598
1599 2016-02-10  Eric Carlson  <eric.carlson@apple.com>
1600
1601         Update "manual" caption track logic
1602         https://bugs.webkit.org/show_bug.cgi?id=154084
1603         <rdar://problem/24530516>
1604
1605         Reviewed by Dean Jackson.
1606
1607         No new tests, media/track/track-manual-mode.html was updated.
1608
1609         * English.lproj/Localizable.strings: Add new string.
1610
1611         * html/HTMLMediaElement.cpp:
1612         (WebCore::HTMLMediaElement::addTextTrack): track.setManualSelectionMode is no more.
1613         (WebCore::HTMLMediaElement::configureTextTrackGroup): Never enable a track automatically when
1614           in manual selection mode.
1615         (WebCore::HTMLMediaElement::captionPreferencesChanged):  track.setManualSelectionMode is no more.
1616
1617         * html/track/TextTrack.cpp:
1618         (WebCore::TextTrack::containsOnlyForcedSubtitles): Return true for forced tracks.
1619         (WebCore::TextTrack::kind): Deleted.
1620         * html/track/TextTrack.h:
1621
1622         * html/track/TrackBase.h:
1623         (WebCore::TrackBase::kind): De-virtualize, nobody overrides it.
1624
1625         * page/CaptionUserPreferencesMediaAF.cpp:
1626         (WebCore::trackDisplayName): Include "forced" in the name of forced tracks.
1627
1628         * platform/LocalizedStrings.cpp:
1629         (WebCore::forcedTrackMenuItemText): New.
1630         * platform/LocalizedStrings.h:
1631
1632 2016-02-10  Jiewen Tan  <jiewen_tan@apple.com>
1633
1634         Rename *Event::create* which creates events for bindings to *Event::createForBindings* and cleanup corresponding paths
1635         https://bugs.webkit.org/show_bug.cgi?id=153903
1636         <rdar://problem/24518146>
1637
1638         Reviewed by Darin Adler.
1639
1640         Rename Event::create(const AtomicString&, const EventInit&) to Event::createForBindings
1641         (const AtomicString&, const EventInit&) and for all the subclasses as well in order to
1642         support Event.isTrusted. Besides, some of the subclasses use the create method for bindings
1643         to create events not for bindings and vice versa. Therefore, this patch also cleanup
1644         corresponding paths to ensure no misuse of the create mehtod. The same for Event::create()
1645         as it is combined with Event::initEvent to create an event for bindings for legacy content.
1646
1647         After this patch, all call sites of *Event::create* are supposed to use *Event::create
1648         to create events for user agent and *Event::createForBindings for bindings.
1649
1650         No change in behavior.
1651
1652         * Modules/airplay/WebKitPlaybackTargetAvailabilityEvent.h:
1653         (WebCore::WebKitPlaybackTargetAvailabilityEvent::create):
1654         (WebCore::WebKitPlaybackTargetAvailabilityEvent::createForBindings):
1655         (WebCore::WebKitPlaybackTargetAvailabilityEventInit::WebKitPlaybackTargetAvailabilityEventInit): Deleted.
1656         * Modules/encryptedmedia/MediaKeyMessageEvent.cpp:
1657         (WebCore::MediaKeyMessageEvent::MediaKeyMessageEvent):
1658         (WebCore::MediaKeyMessageEventInit::MediaKeyMessageEventInit): Deleted.
1659         * Modules/encryptedmedia/MediaKeyMessageEvent.h:
1660         (WebCore::MediaKeyMessageEvent::create):
1661         (WebCore::MediaKeyMessageEvent::createForBindings):
1662         * Modules/encryptedmedia/MediaKeyNeededEvent.cpp:
1663         (WebCore::MediaKeyNeededEvent::MediaKeyNeededEvent):
1664         (WebCore::MediaKeyNeededEventInit::MediaKeyNeededEventInit): Deleted.
1665         * Modules/encryptedmedia/MediaKeyNeededEvent.h:
1666         (WebCore::MediaKeyNeededEvent::create):
1667         (WebCore::MediaKeyNeededEvent::createForBindings):
1668         * Modules/encryptedmedia/MediaKeySession.cpp:
1669         (WebCore::MediaKeySession::sendMessage):
1670         * Modules/gamepad/GamepadEvent.h:
1671         (WebCore::GamepadEvent::create):
1672         (WebCore::GamepadEvent::createForBindings):
1673         (WebCore::GamepadEventInit::GamepadEventInit): Deleted.
1674         * Modules/indieui/UIRequestEvent.cpp:
1675         (WebCore::UIRequestEvent::createForBindings):
1676         (WebCore::UIRequestEvent::UIRequestEvent):
1677         (WebCore::UIRequestEventInit::UIRequestEventInit): Deleted.
1678         (WebCore::UIRequestEvent::create): Deleted.
1679         * Modules/indieui/UIRequestEvent.h:
1680         * Modules/mediastream/MediaStreamEvent.cpp:
1681         (WebCore::MediaStreamEvent::createForBindings):
1682         (WebCore::MediaStreamEventInit::MediaStreamEventInit): Deleted.
1683         (WebCore::MediaStreamEvent::create): Deleted.
1684         * Modules/mediastream/MediaStreamEvent.h:
1685         * Modules/mediastream/MediaStreamTrackEvent.cpp:
1686         (WebCore::MediaStreamTrackEvent::createForBindings):
1687         (WebCore::MediaStreamTrackEventInit::MediaStreamTrackEventInit): Deleted.
1688         (WebCore::MediaStreamTrackEvent::create): Deleted.
1689         * Modules/mediastream/MediaStreamTrackEvent.h:
1690         * Modules/mediastream/RTCDTMFToneChangeEvent.cpp:
1691         (WebCore::RTCDTMFToneChangeEvent::createForBindings):
1692         (WebCore::RTCDTMFToneChangeEvent::create): Deleted.
1693         * Modules/mediastream/RTCDTMFToneChangeEvent.h:
1694         * Modules/mediastream/RTCDataChannelEvent.cpp:
1695         (WebCore::RTCDataChannelEvent::createForBindings):
1696         (WebCore::RTCDataChannelEvent::create): Deleted.
1697         * Modules/mediastream/RTCDataChannelEvent.h:
1698         * Modules/mediastream/RTCIceCandidateEvent.cpp:
1699         (WebCore::RTCIceCandidateEvent::createForBindings):
1700         (WebCore::RTCIceCandidateEvent::create): Deleted.
1701         * Modules/mediastream/RTCIceCandidateEvent.h:
1702         * Modules/mediastream/RTCTrackEvent.cpp:
1703         (WebCore::RTCTrackEvent::createForBindings):
1704         (WebCore::RTCTrackEventInit::RTCTrackEventInit): Deleted.
1705         (WebCore::RTCTrackEvent::create): Deleted.
1706         * Modules/mediastream/RTCTrackEvent.h:
1707         * Modules/speech/SpeechSynthesisEvent.cpp:
1708         (WebCore::SpeechSynthesisEvent::createForBindings):
1709         (WebCore::SpeechSynthesisEvent::create):
1710         (WebCore::SpeechSynthesisEvent::SpeechSynthesisEvent):
1711         * Modules/speech/SpeechSynthesisEvent.h:
1712         * Modules/webaudio/AudioProcessingEvent.cpp:
1713         (WebCore::AudioProcessingEvent::create): Deleted.
1714         * Modules/webaudio/AudioProcessingEvent.h:
1715         (WebCore::AudioProcessingEvent::create):
1716         (WebCore::AudioProcessingEvent::createForBindings):
1717         * Modules/webaudio/OfflineAudioCompletionEvent.cpp:
1718         (WebCore::OfflineAudioCompletionEvent::createForBindings):
1719         (WebCore::OfflineAudioCompletionEvent::create): Deleted.
1720         * Modules/webaudio/OfflineAudioCompletionEvent.h:
1721         * Modules/websockets/CloseEvent.h:
1722         (WebCore::CloseEvent::create):
1723         (WebCore::CloseEvent::createForBindings):
1724         (WebCore::CloseEvent::CloseEvent):
1725         (WebCore::CloseEventInit::CloseEventInit): Deleted.
1726         * bindings/objc/DOM.mm:
1727         (-[DOMNode nextFocusNode]):
1728         (-[DOMNode previousFocusNode]):
1729         * bindings/scripts/CodeGeneratorJS.pm:
1730         (GenerateConstructorDefinition):
1731         * dom/AnimationEvent.cpp:
1732         (WebCore::AnimationEventInit::AnimationEventInit): Deleted.
1733         * dom/AnimationEvent.h:
1734         * dom/BeforeLoadEvent.h:
1735         (WebCore::BeforeLoadEventInit::BeforeLoadEventInit): Deleted.
1736         * dom/ClipboardEvent.h:
1737         * dom/CompositionEvent.cpp:
1738         (WebCore::CompositionEventInit::CompositionEventInit): Deleted.
1739         * dom/CompositionEvent.h:
1740         * dom/CustomEvent.cpp:
1741         (WebCore::CustomEventInit::CustomEventInit): Deleted.
1742         * dom/CustomEvent.h:
1743         * dom/DeviceMotionEvent.h:
1744         * dom/DeviceOrientationEvent.h:
1745         * dom/Document.cpp:
1746         (WebCore::Document::createEvent):
1747         * dom/Element.cpp:
1748         (WebCore::Element::dispatchMouseEvent):
1749         * dom/ErrorEvent.cpp:
1750         (WebCore::ErrorEventInit::ErrorEventInit): Deleted.
1751         * dom/ErrorEvent.h:
1752         * dom/Event.cpp:
1753         (WebCore::EventInit::EventInit): Deleted.
1754         * dom/Event.h:
1755         (WebCore::Event::createForBindings):
1756         (WebCore::Event::create): Deleted.
1757         * dom/FocusEvent.cpp:
1758         (WebCore::FocusEventInit::FocusEventInit): Deleted.
1759         * dom/FocusEvent.h:
1760         * dom/HashChangeEvent.h:
1761         (WebCore::HashChangeEventInit::HashChangeEventInit): Deleted.
1762         * dom/KeyboardEvent.cpp:
1763         (WebCore::KeyboardEvent::KeyboardEvent):
1764         (WebCore::KeyboardEventInit::KeyboardEventInit): Deleted.
1765         * dom/KeyboardEvent.h:
1766         * dom/MessageEvent.cpp:
1767         (WebCore::MessageEvent::MessageEvent):
1768         (WebCore::MessageEventInit::MessageEventInit): Deleted.
1769         * dom/MessageEvent.h:
1770         * dom/MouseEvent.cpp:
1771         (WebCore::MouseEvent::createForBindings):
1772         (WebCore::MouseEvent::create):
1773         (WebCore::MouseEvent::MouseEvent):
1774         (WebCore::MouseEvent::cloneFor):
1775         (WebCore::MouseEventInit::MouseEventInit): Deleted.
1776         * dom/MouseEvent.h:
1777         (WebCore::MouseEvent::createForBindings):
1778         (WebCore::MouseEvent::create): Deleted.
1779         * dom/MouseRelatedEvent.cpp:
1780         (WebCore::MouseRelatedEvent::MouseRelatedEvent):
1781         (WebCore::MouseRelatedEvent::init):
1782         * dom/MouseRelatedEvent.h:
1783         (WebCore::MouseRelatedEvent::screenX):
1784         (WebCore::MouseRelatedEvent::screenY):
1785         (WebCore::MouseRelatedEvent::screenLocation):
1786         (WebCore::MouseRelatedEvent::clientX):
1787         (WebCore::MouseRelatedEvent::clientY):
1788         (WebCore::MouseRelatedEvent::movementX):
1789         (WebCore::MouseRelatedEvent::movementY):
1790         (WebCore::MouseRelatedEvent::clientLocation):
1791         (WebCore::MouseRelatedEvent::isSimulated):
1792         (WebCore::MouseRelatedEvent::absoluteLocation):
1793         (WebCore::MouseRelatedEvent::setAbsoluteLocation):
1794         * dom/MutationEvent.h:
1795         * dom/OverflowEvent.cpp:
1796         (WebCore::OverflowEvent::OverflowEvent):
1797         (WebCore::OverflowEvent::initOverflowEvent):
1798         (WebCore::OverflowEventInit::OverflowEventInit): Deleted.
1799         * dom/OverflowEvent.h:
1800         * dom/PageTransitionEvent.cpp:
1801         (WebCore::PageTransitionEventInit::PageTransitionEventInit): Deleted.
1802         * dom/PageTransitionEvent.h:
1803         * dom/PopStateEvent.cpp:
1804         (WebCore::PopStateEvent::createForBindings):
1805         (WebCore::PopStateEventInit::PopStateEventInit): Deleted.
1806         (WebCore::PopStateEvent::PopStateEvent): Deleted.
1807         (WebCore::PopStateEvent::create): Deleted.
1808         * dom/PopStateEvent.h:
1809         * dom/ProgressEvent.cpp:
1810         (WebCore::ProgressEventInit::ProgressEventInit): Deleted.
1811         * dom/ProgressEvent.h:
1812         (WebCore::ProgressEvent::createForBindings):
1813         (WebCore::ProgressEvent::create): Deleted.
1814         * dom/SecurityPolicyViolationEvent.h:
1815         (WebCore::SecurityPolicyViolationEventInit::SecurityPolicyViolationEventInit): Deleted.
1816         * dom/TextEvent.cpp:
1817         (WebCore::TextEvent::createForBindings):
1818         (WebCore::TextEvent::create): Deleted.
1819         * dom/TextEvent.h:
1820         * dom/TouchEvent.h:
1821         * dom/TransitionEvent.cpp:
1822         (WebCore::TransitionEventInit::TransitionEventInit): Deleted.
1823         * dom/TransitionEvent.h:
1824         * dom/UIEvent.cpp:
1825         (WebCore::UIEventInit::UIEventInit): Deleted.
1826         * dom/UIEvent.h:
1827         (WebCore::UIEvent::createForBindings):
1828         (WebCore::UIEvent::create): Deleted.
1829         * dom/UIEventWithKeyState.h:
1830         (WebCore::UIEventWithKeyState::ctrlKey):
1831         (WebCore::UIEventWithKeyState::shiftKey):
1832         (WebCore::UIEventWithKeyState::altKey):
1833         (WebCore::UIEventWithKeyState::metaKey):
1834         (WebCore::UIEventWithKeyState::UIEventWithKeyState):
1835         * dom/WebKitAnimationEvent.cpp:
1836         (WebCore::WebKitAnimationEventInit::WebKitAnimationEventInit): Deleted.
1837         * dom/WebKitAnimationEvent.h:
1838         * dom/WebKitTransitionEvent.cpp:
1839         (WebCore::WebKitTransitionEventInit::WebKitTransitionEventInit): Deleted.
1840         * dom/WebKitTransitionEvent.h:
1841         * dom/WheelEvent.h:
1842         * html/HTMLMediaElement.cpp:
1843         (WebCore::HTMLMediaElement::mediaPlayerKeyAdded):
1844         (WebCore::HTMLMediaElement::mediaPlayerKeyError):
1845         (WebCore::HTMLMediaElement::mediaPlayerKeyMessage):
1846         (WebCore::HTMLMediaElement::mediaPlayerKeyNeeded):
1847         * html/MediaKeyEvent.cpp:
1848         (WebCore::MediaKeyEvent::MediaKeyEvent):
1849         (WebCore::MediaKeyEventInit::MediaKeyEventInit): Deleted.
1850         * html/MediaKeyEvent.h:
1851         * html/canvas/WebGLContextEvent.cpp:
1852         (WebCore::WebGLContextEventInit::WebGLContextEventInit): Deleted.
1853         * html/canvas/WebGLContextEvent.h:
1854         * html/track/TrackEvent.cpp:
1855         (WebCore::TrackEvent::TrackEvent):
1856         (WebCore::TrackEventInit::TrackEventInit): Deleted.
1857         * html/track/TrackEvent.h:
1858         * html/track/TrackListBase.cpp:
1859         (TrackListBase::scheduleTrackEvent):
1860         (TrackListBase::scheduleChangeEvent):
1861         * page/EventSource.cpp:
1862         (WebCore::EventSource::createMessageEvent):
1863         * page/csp/ContentSecurityPolicy.cpp:
1864         (WebCore::ContentSecurityPolicy::reportViolation):
1865         (WebCore::gatherSecurityPolicyViolationEventData): Deleted.
1866         * storage/StorageEvent.cpp:
1867         (WebCore::StorageEvent::createForBindings):
1868         (WebCore::StorageEventInit::StorageEventInit): Deleted.
1869         (WebCore::StorageEvent::create): Deleted.
1870         * storage/StorageEvent.h:
1871         * svg/SVGZoomEvent.h:
1872         (WebCore::SVGZoomEvent::createForBindings):
1873         (WebCore::SVGZoomEvent::create): Deleted.
1874         * xml/XMLHttpRequestProgressEvent.h:
1875         (WebCore::XMLHttpRequestProgressEvent::createForBindings):
1876         (WebCore::XMLHttpRequestProgressEvent::create): Deleted.
1877
1878 2016-02-10  Ryan Haddad  <ryanhaddad@apple.com>
1879
1880         Rebaselining bindings tests
1881
1882         Unreviewed test gardening.
1883
1884         No new tests needed.
1885
1886         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
1887         * bindings/scripts/test/JS/JSTestCallback.cpp:
1888         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
1889         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
1890         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
1891         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
1892         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
1893         * bindings/scripts/test/JS/JSTestException.cpp:
1894         * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
1895         * bindings/scripts/test/JS/JSTestInterface.cpp:
1896         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
1897         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
1898         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
1899         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
1900         * bindings/scripts/test/JS/JSTestObj.cpp:
1901         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
1902         * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
1903         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
1904         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
1905         * bindings/scripts/test/JS/JSattribute.cpp:
1906         * bindings/scripts/test/JS/JSreadonly.cpp:
1907
1908 2016-02-10  Konstantin Tokarev  <annulen@yandex.ru>
1909
1910         [cmake] Consolidate CMake code related to image decoders.
1911         https://bugs.webkit.org/show_bug.cgi?id=154074
1912
1913         Reviewed by Alex Christensen.
1914
1915         Common image decoder sources, includes and libs are moved to
1916         platform/ImageDecoders.cmake.
1917
1918         Also, added include directories of libjpeg and libpng to
1919         WebCore_SYSTEM_INCLUDE_DIRECTORIES.
1920
1921         No new tests needed.
1922
1923         * CMakeLists.txt: Moved common include paths to ImageDecoders.cmake.
1924         * PlatformEfl.cmake: Moved common sources and libs to ImageDecoders.cmake.
1925         * PlatformGTK.cmake: Ditto.
1926         * PlatformWinCairo.cmake: Moved common sources to ImageDecoders.cmake.
1927         * platform/ImageDecoders.cmake: Added.
1928
1929 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
1930
1931         CSSSegmentedFontFace does not need to be reference counted
1932         https://bugs.webkit.org/show_bug.cgi?id=154083
1933
1934         Reviewed by Antti Koivisto.
1935
1936         ...There is only ever a single reference to one.
1937
1938         No new tests because there is no behavior change.
1939
1940         * css/CSSFontSelector.cpp:
1941         (WebCore::CSSFontSelector::getFontFace):
1942         * css/CSSFontSelector.h:
1943         * css/CSSSegmentedFontFace.h:
1944         (WebCore::CSSSegmentedFontFace::create): Deleted.
1945
1946 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
1947
1948         FontCache's clients should use references instead of pointers
1949         https://bugs.webkit.org/show_bug.cgi?id=154085
1950
1951         Reviewed by Antti Koivisto.
1952
1953         They are never null.
1954
1955         No new tests because there is no behavior change.
1956
1957         * css/CSSFontSelector.cpp:
1958         (WebCore::CSSFontSelector::CSSFontSelector):
1959         (WebCore::CSSFontSelector::~CSSFontSelector):
1960         * platform/graphics/FontCache.cpp:
1961         (WebCore::FontCache::addClient):
1962         (WebCore::FontCache::removeClient):
1963         * platform/graphics/FontCache.h:
1964
1965 2016-02-10  Chris Dumez  <cdumez@apple.com>
1966
1967         [Web IDL] interface objects should be Function objects
1968         https://bugs.webkit.org/show_bug.cgi?id=154038
1969         <rdar://problem/24569358>
1970
1971         Reviewed by Geoffrey Garen.
1972
1973         interface objects should be Function objects as per Web IDL:
1974         - http://heycam.github.io/webidl/#interface-object
1975         - http://heycam.github.io/webidl/#es-interfaces
1976
1977         So window.Event should be a Function object for e.g. but in WebKit it
1978         is a regular EventConstructor JSObject.
1979         Firefox and Chrome match the specification.
1980
1981         Test: js/interface-objects.html
1982
1983         * bindings/js/JSDOMBinding.cpp:
1984         (WebCore::callThrowTypeError):
1985         (WebCore::DOMConstructorObject::getCallData):
1986         When calling the interface object as a function, we throw a TypeError
1987         with a message asking to use the 'new' operator to match the behavior
1988         of Firefox and Chrome.
1989
1990         * bindings/js/JSDOMBinding.h:
1991         Add JSC::TypeOfShouldCallGetCallData structure flag and implement
1992         getCallData() so that typeof returns "function", as per the
1993         specification and the behavior of other browsers.
1994
1995         (WebCore::DOMConstructorObject::className):
1996         Implement className() and return "Function" to match the specification and
1997         other browsers. Otherwise, it would fall back to using ClassInfo::className
1998         which os the function name and interface name (e.g. "Event").
1999
2000         * bindings/js/JSDOMConstructor.h:
2001         (WebCore::JSDOMConstructorNotConstructable::callThrowTypeError):
2002         (WebCore::JSDOMConstructorNotConstructable::getCallData):
2003         As per the specification, interfaces that do not have a [Constructor]
2004         should throw a TypeError when called as a function. Use the "Illegal
2005         constructor" error message to match Firefox and Chrome.
2006
2007         * bindings/js/JSDOMGlobalObject.h:
2008         (WebCore::getDOMConstructor):
2009         Instead of using objectPrototype as prototype for all DOM constructors,
2010         we now call the prototypeForStructure() static function that is
2011         generated for each bindings class. As per the Web IDL specification,
2012         The [[Prototype]] internal property of an interface object for a
2013         non-callback interface is determined as follows:
2014         1. If the interface inherits from some other interface, the value of
2015            [[Prototype]] is the interface object for that other interface.
2016         2. If the interface doesn't inherit from any other interface, the value
2017            of [[Prototype]] is %FunctionPrototype% ([ECMA-262], section 6.1.7.4).
2018
2019         * bindings/js/JSImageConstructor.cpp:
2020         (WebCore::JSImageConstructor::prototypeForStructure):
2021         Have the Image's interface object use HTMLElement's interface object
2022         as prototype as HTMLImageElement inherits HTMLElement.
2023
2024         * bindings/scripts/CodeGenerator.pm:
2025         (getInterfaceExtendedAttributesFromName):
2026         Add a utility function to cheaply retrieve an interface's IDL extended
2027         attributes without actually parsing the IDL. This is used to check if
2028         an interface's parent is marked as [NoInterfaceObject] currently.
2029
2030         * bindings/scripts/CodeGeneratorJS.pm:
2031         (GenerateHeader):
2032         (GenerateImplementation):
2033         (GenerateCallbackHeader):
2034         (GenerateCallbackImplementation):
2035         Mark JSGlobalObject* parameter as const as the implementation does not
2036         alter the globalObject.
2037
2038         (GenerateConstructorHelperMethods):
2039         - Generate prototypeForStructure() function for each bindings class that
2040           is not marked as [NoInterfaceObject] so getDOMConstructor() knows which
2041           prototype to use for the interface object / constructor when constructing
2042           it.
2043         - Use the interface name for the interface object, without the "Constructor"
2044           suffix, to match the behavior of Firefox and Chrome.
2045
2046         * bindings/scripts/test/*:
2047         Rebaseline bindings tests.
2048
2049 2016-02-10  Jer Noble  <jer.noble@apple.com>
2050
2051         [Mac] Graphical corruption in videos when enabling custom loading path
2052         https://bugs.webkit.org/show_bug.cgi?id=154044
2053
2054         Reviewed by Alex Christensen.
2055
2056         Revert the "Drive-by fix" in r196345 as it breaks the WebCoreNSURLSessionTests.BasicOperation API test.
2057
2058         * platform/network/cocoa/WebCoreNSURLSession.mm:
2059         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
2060
2061 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
2062
2063         CSSSegmentedFontFace does not need to be reference counted
2064         https://bugs.webkit.org/show_bug.cgi?id=154083
2065
2066         Reviewed by Antti Koivisto.
2067
2068         ...There is only ever a single reference to one.
2069
2070         No new tests because there is no behavior change.
2071
2072         * css/CSSFontSelector.cpp:
2073         (WebCore::CSSFontSelector::getFontFace):
2074         * css/CSSFontSelector.h:
2075         * css/CSSSegmentedFontFace.h:
2076         (WebCore::CSSSegmentedFontFace::create): Deleted.
2077
2078 2016-02-10  Antti Koivisto  <antti@apple.com>
2079
2080         Optimize style invalidation after class attribute change
2081         https://bugs.webkit.org/show_bug.cgi?id=154075
2082         rdar://problem/12526450
2083
2084         Reviewed by Andreas Kling.
2085
2086         Currently a class attribute change invalidates style for the entire element subtree for any class found in the
2087         active stylesheet set.
2088
2089         This patch optimizes class changes by building a new optimization structure called ancestorClassRules. It contains
2090         rules that have class selectors in the portion of the complex selector that matches ancestor elements. The sets
2091         of rules are hashes by the class name.
2092
2093         On class attribute change the existing StyleInvalidationAnalysis mechanism is used with ancestorClassRules to invalidate
2094         exactly those descendants that are affected by the addition or removal of the class name. This is fast because the CSS JIT
2095         makes selector matching cheap and the number of relevant rules is typically small.
2096
2097         This optimization is very effective on many dynamic pages. For example when focusing and unfocusing the web inspector it
2098         cuts down the number of resolved elements from ~1000 to ~50. Even in PLT it reduces the number of resolved elements by ~11%.
2099
2100         * css/DocumentRuleSets.cpp:
2101         (WebCore::DocumentRuleSets::collectFeatures):
2102         (WebCore::DocumentRuleSets::ancestorClassRules):
2103
2104             Create optimization RuleSets on-demand when there is an actual dynamic class change.
2105
2106         * css/DocumentRuleSets.h:
2107         (WebCore::DocumentRuleSets::features):
2108         (WebCore::DocumentRuleSets::sibling):
2109         (WebCore::DocumentRuleSets::uncommonAttribute):
2110         * css/ElementRuleCollector.cpp:
2111         (WebCore::ElementRuleCollector::ElementRuleCollector):
2112
2113             Add a new constructor that doesn't requires DocumentRuleSets. Only the user and author style is required.
2114
2115         (WebCore::ElementRuleCollector::matchAuthorRules):
2116         (WebCore::ElementRuleCollector::matchUserRules):
2117         * css/ElementRuleCollector.h:
2118         * css/RuleFeature.cpp:
2119         (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
2120
2121             Collect class names that show up in the ancestor portion of the selector.
2122             Make this a member.
2123
2124         (WebCore::RuleFeatureSet::collectFeatures):
2125
2126             Move this code from RuleData.
2127             Add the rule to ancestorClassRules if needed.
2128
2129         (WebCore::RuleFeatureSet::add):
2130         (WebCore::RuleFeatureSet::clear):
2131         (WebCore::RuleFeatureSet::shrinkToFit):
2132         (WebCore::recursivelyCollectFeaturesFromSelector): Deleted.
2133         (WebCore::RuleFeatureSet::collectFeaturesFromSelector): Deleted.
2134         * css/RuleFeature.h:
2135         (WebCore::RuleFeature::RuleFeature):
2136         (WebCore::RuleFeatureSet::RuleFeatureSet): Deleted.
2137         * css/RuleSet.cpp:
2138         (WebCore::RuleData::RuleData):
2139         (WebCore::RuleSet::RuleSet):
2140         (WebCore::RuleSet::~RuleSet):
2141         (WebCore::RuleSet::addToRuleSet):
2142         (WebCore::RuleSet::addRule):
2143         (WebCore::RuleSet::addRulesFromSheet):
2144         (WebCore::collectFeaturesFromRuleData): Deleted.
2145         * css/RuleSet.h:
2146         (WebCore::RuleSet::tagRules):
2147         (WebCore::RuleSet::RuleSet): Deleted.
2148         * css/StyleInvalidationAnalysis.cpp:
2149         (WebCore::shouldDirtyAllStyle):
2150         (WebCore::StyleInvalidationAnalysis::StyleInvalidationAnalysis):
2151
2152             Add a new constructor that takes a ready made RuleSet instead of a stylesheet.
2153
2154         (WebCore::StyleInvalidationAnalysis::invalidateIfNeeded):
2155         (WebCore::StyleInvalidationAnalysis::invalidateStyleForTree):
2156         (WebCore::StyleInvalidationAnalysis::invalidateStyle):
2157         (WebCore::StyleInvalidationAnalysis::invalidateStyle):
2158
2159             New function for invalidating a subtree instead of the whole document.
2160
2161         * css/StyleInvalidationAnalysis.h:
2162         (WebCore::StyleInvalidationAnalysis::dirtiesAllStyle):
2163         (WebCore::StyleInvalidationAnalysis::hasShadowPseudoElementRulesInAuthorSheet):
2164         * dom/Element.cpp:
2165         (WebCore::classStringHasClassName):
2166         (WebCore::collectClasses):
2167         (WebCore::computeClassChange):
2168
2169             Factor to return the changed classes.
2170
2171         (WebCore::invalidateStyleForClassChange):
2172
2173             First filter out classes that don't show up in stylesheets. If something remains invalidate the current
2174             element for inline style change (that is a style change that doesn't affect descendants).
2175
2176             Next check if there are any ancestorClassRules for the changed class. If so use the StyleInvalidationAnalysis
2177             to find any affected descendants and invalidate them with inline style change as well.
2178
2179         (WebCore::Element::classAttributeChanged):
2180
2181             Invalidate for removed classes before setting new attribute value, invalidate for added classes afterwards.
2182
2183         (WebCore::Element::absoluteLinkURL):
2184         (WebCore::checkSelectorForClassChange): Deleted.
2185         * dom/ElementData.h:
2186         (WebCore::ElementData::setClassNames):
2187         (WebCore::ElementData::classNames):
2188         (WebCore::ElementData::classNamesMemoryOffset):
2189         (WebCore::ElementData::clearClass): Deleted.
2190         (WebCore::ElementData::setClass): Deleted.
2191
2192 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
2193
2194         Addressing post-review comments after r196322
2195
2196         Unreviwed.
2197
2198         * css/CSSFontFaceSource.cpp:
2199         (WebCore::CSSFontFaceSource::font):
2200         * css/CSSFontFaceSource.h:
2201
2202 2016-02-10  Chris Dumez  <cdumez@apple.com>
2203
2204         Attributes on the Window instance should be configurable unless [Unforgeable]
2205         https://bugs.webkit.org/show_bug.cgi?id=153920
2206         <rdar://problem/24563211>
2207
2208         Reviewed by Darin Adler.
2209
2210         Attributes on the Window instance should be configurable unless [Unforgeable]:
2211         1. 'constructor' property:
2212            - http://www.w3.org/TR/WebIDL/#interface-prototype-object
2213         2. Constructor properties (e.g. window.Node):
2214            - http://www.w3.org/TR/WebIDL/#es-interfaces
2215         3. IDL attributes:
2216            - http://heycam.github.io/webidl/#es-attributes (configurable unless
2217              [Unforgeable], e.g. window.location)
2218
2219         Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.
2220
2221         Test: fast/dom/Window/window-properties-configurable.html
2222
2223         * bindings/js/JSDOMWindowCustom.cpp:
2224         (WebCore::JSDOMWindow::getOwnPropertySlot):
2225         For known Window properties (i.e. properties in the static property table),
2226         if we have reified and this is same-origin access, then call
2227         Base::getOwnPropertySlot() to get the property from the local property
2228         storage. If we have not reified yet, or this is cross-origin access, query
2229         the static property table. This is to match the behavior of Firefox and
2230         Chrome which seem to keep returning the original properties upon cross
2231         origin access, even if those were deleted or redefined.
2232
2233         (WebCore::JSDOMWindow::put):
2234         The previous code used to call the static property setter for properties in
2235         the static table. However, this does not do the right thing if properties
2236         were reified. For example, deleting window.name and then trying to set it
2237         again would not work. Therefore, update this code to only do this if the
2238         properties have not been reified, similarly to what is done in
2239         JSObject::putInlineSlow().
2240
2241         * bindings/scripts/CodeGeneratorJS.pm:
2242         (ConstructorShouldBeOnInstance):
2243         Add a FIXME comment indicating that window.constructor should be on
2244         the prototype as per the Web IDL specification.
2245
2246         (GenerateAttributesHashTable):
2247         - Mark 'constructor' property as configurable for Window, as per the
2248           specification and consistently with other 'constructor' properties:
2249           http://www.w3.org/TR/WebIDL/#interface-prototype-object
2250         - Mark properties as configurable even though they are on the instance.
2251           Window has its properties on the instance as per the specification:
2252           1. http://heycam.github.io/webidl/#es-attributes
2253           2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
2254           However, these properties should be configurable as long as they are
2255           not marked as [Unforgeable], as per 1.
2256
2257         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
2258         * bindings/scripts/test/JS/JSTestException.cpp:
2259         * bindings/scripts/test/JS/JSTestObj.cpp:
2260         Rebaseline bindings tests.
2261
2262 2016-02-10  Brady Eidson  <beidson@apple.com>
2263
2264         Modern IDB: Ref cycle between IDBObjectStore and IDBTransaction.
2265         https://bugs.webkit.org/show_bug.cgi?id=154061
2266
2267         Reviewed by Alex Christensen.
2268
2269         No new tests (Currently untestable).
2270
2271         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
2272         (WebCore::IDBClient::IDBTransaction::transitionedToFinishing): Make sure the new state makes sense,
2273           set the new state, and then clear the set of referenced object stores which is no longer needed.
2274         (WebCore::IDBClient::IDBTransaction::abort):
2275         (WebCore::IDBClient::IDBTransaction::commit):
2276         * Modules/indexeddb/client/IDBTransactionImpl.h:
2277
2278 2016-02-10  Jer Noble  <jer.noble@apple.com>
2279
2280         REGRESSION(r195770): Use-after-free in ResourceLoaderOptions::cachingPolicy
2281         https://bugs.webkit.org/show_bug.cgi?id=153727
2282         <rdar://problem/24429886>
2283
2284         Reviewed by Darin Adler.
2285
2286         Follow-up after r195965. Only protect those parts of CachedResource::removeClient() which
2287         affect the MemoryCache when allowsCaching() is false.
2288
2289         * loader/cache/CachedResource.cpp:
2290         (WebCore::CachedResource::removeClient):
2291
2292 2016-02-10  Csaba Osztrogonác  <ossy@webkit.org>
2293
2294         Fix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
2295         https://bugs.webkit.org/show_bug.cgi?id=154035
2296
2297         Reviewed by Antti Koivisto.
2298
2299         * dom/ComposedTreeIterator.h:
2300         (WebCore::ComposedTreeIterator::Context::Context):
2301
2302 2016-02-09  Carlos Garcia Campos  <cgarcia@igalia.com>
2303
2304         [GTK] Toggle buttons are blurry with GTK+ 3.19
2305         https://bugs.webkit.org/show_bug.cgi?id=154007
2306
2307         Reviewed by Michael Catanzaro.
2308
2309         Use min-width/min-height style properties when GTK+ >= 3.19.7 to
2310         get the size of toggle buttons.
2311
2312         * rendering/RenderThemeGtk.cpp:
2313         (WebCore::setToggleSize):
2314         (WebCore::paintToggle):
2315
2316 2016-02-09  Aakash Jain  <aakash_jain@apple.com>
2317
2318         Headers that use WEBCORE_EXPORT should include PlatformExportMacros.h
2319         https://bugs.webkit.org/show_bug.cgi?id=146984
2320
2321         Reviewed by Alexey Proskuryakov.
2322
2323         * Modules/speech/SpeechSynthesis.h:
2324         * contentextensions/ContentExtensionError.h:
2325         * dom/DeviceOrientationClient.h:
2326         * platform/graphics/Color.h:
2327         * platform/ios/wak/WebCoreThread.h:
2328         * platform/network/CacheValidation.h:
2329         * platform/network/cf/CertificateInfo.h:
2330
2331 2016-02-09  Nan Wang  <n_wang@apple.com>
2332
2333         AX: Implement word related text marker functions using TextIterator
2334         https://bugs.webkit.org/show_bug.cgi?id=153939
2335         <rdar://problem/24269605>
2336
2337         Reviewed by Chris Fleizach.
2338
2339         Using CharacterOffset to implement word related text marker calls. Reused
2340         logic from previousBoundary and nextBoundary in VisibleUnits class.
2341
2342         Test: accessibility/mac/text-marker-word-nav.html
2343
2344         * accessibility/AXObjectCache.cpp:
2345         (WebCore::AXObjectCache::traverseToOffsetInRange):
2346         (WebCore::AXObjectCache::rangeForNodeContents):
2347         (WebCore::isReplacedNodeOrBR):
2348         (WebCore::characterOffsetsInOrder):
2349         (WebCore::resetNodeAndOffsetForReplacedNode):
2350         (WebCore::setRangeStartOrEndWithCharacterOffset):
2351         (WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets):
2352         (WebCore::AXObjectCache::setTextMarkerDataWithCharacterOffset):
2353         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
2354         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
2355         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
2356         (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
2357         (WebCore::AXObjectCache::previousNode):
2358         (WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
2359         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
2360         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
2361         (WebCore::AXObjectCache::nextCharacterOffset):
2362         (WebCore::AXObjectCache::previousCharacterOffset):
2363         (WebCore::startWordBoundary):
2364         (WebCore::endWordBoundary):
2365         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
2366         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
2367         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
2368         (WebCore::AXObjectCache::nextWordEndCharacterOffset):
2369         (WebCore::AXObjectCache::leftWordRange):
2370         (WebCore::AXObjectCache::rightWordRange):
2371         (WebCore::characterForCharacterOffset):
2372         (WebCore::AXObjectCache::characterAfter):
2373         (WebCore::AXObjectCache::characterBefore):
2374         (WebCore::parentEditingBoundary):
2375         (WebCore::AXObjectCache::nextWordBoundary):
2376         (WebCore::AXObjectCache::previousWordBoundary):
2377         (WebCore::AXObjectCache::rootAXEditableElement):
2378         * accessibility/AXObjectCache.h:
2379         (WebCore::AXObjectCache::removeNodeForUse):
2380         (WebCore::AXObjectCache::isNodeInUse):
2381         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
2382         (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]):
2383         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]):
2384         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]):
2385         (textMarkerForCharacterOffset):
2386         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
2387         * editing/VisibleUnits.cpp:
2388         (WebCore::rightWordPosition):
2389         (WebCore::prepend):
2390         (WebCore::appendRepeatedCharacter):
2391         (WebCore::suffixLengthForRange):
2392         (WebCore::prefixLengthForRange):
2393         (WebCore::backwardSearchForBoundaryWithTextIterator):
2394         (WebCore::forwardSearchForBoundaryWithTextIterator):
2395         (WebCore::previousBoundary):
2396         (WebCore::nextBoundary):
2397         * editing/VisibleUnits.h:
2398
2399 2016-02-09  Daniel Bates  <dabates@apple.com>
2400
2401         CSP: Extract helper classes into their own files
2402         https://bugs.webkit.org/show_bug.cgi?id=154040
2403         <rdar://problem/24571189>
2404
2405         Reviewed by Brent Fulgham.
2406
2407         No functionality was changed. So, no new tests.
2408
2409         * CMakeLists.txt: Add files ContentSecurityPolicy{DirectiveList, MediaListDirective, Source, SourceList, SourceListDirective}.cpp.
2410         * WebCore.xcodeproj/project.pbxproj: Ditto.
2411         * page/csp/ContentSecurityPolicy.cpp: Clean up #includes. Include header ParsingUtilities.h so that we can remove our own
2412         variants of skip{Exactly, Until, While}(). Update code as necessary for class renames.
2413         (WebCore::skipExactly): Deleted; instead use the analogous function in ParsingUtilities.h.
2414         (WebCore::skipUntil): Deleted; instead use the analogous function in ParsingUtilities.h.
2415         (WebCore::skipWhile): Deleted; instead use the analogous function in ParsingUtilities.h.
2416         (WebCore::isSourceListNone): Moved to file ContentSecurityPolicySourceList.cpp.
2417         (WebCore::CSPSource): Deleted; moved implementation to files ContentSecurityPolicySource.{cpp, h}.
2418         (WebCore::CSPSourceList): Deleted; moved implementation to files ContentSecurityPolicySourceList.{cpp, h}.
2419         (WebCore::CSPDirective): Deleted; moved implementation to file ContentSecurityPolicyDirective.h.
2420         (WebCore::MediaListDirective): Deleted; moved implementation to files ContentSecurityPolicyMediaListDirective.{cpp, h}.
2421         (WebCore::SourceListDirective): Deleted; moved implementation to files ContentSecurityPolicySourceListDirective.{cpp, h}.
2422         (WebCore::CSPDirectiveList): Deleted; moved implementation to files ContentSecurityPolicyDirectiveList.{cpp, h}.
2423         * page/csp/ContentSecurityPolicy.h:
2424         * page/csp/ContentSecurityPolicyDirective.h: Added.
2425         * page/csp/ContentSecurityPolicyDirectiveList.cpp: Added; removed use of ternary operator where it made the code less readable.
2426         Updated code to make use of the functions defined in ParsingUtilities.h.
2427         (WebCore::isExperimentalDirectiveName): Moved from file ContentSecurityPolicy.cpp.
2428         (WebCore::isCSPDirectiveName): Ditto.
2429         (WebCore::isDirectiveNameCharacter): Ditto.
2430         (WebCore::isDirectiveValueCharacter): Ditto.
2431         (WebCore::isNotASCIISpace): Ditto.
2432         * page/csp/ContentSecurityPolicyDirectiveList.h: Added.
2433         * page/csp/ContentSecurityPolicyMediaListDirective.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.
2434         (WebCore::isMediaTypeCharacter): Moved from file ContentSecurityPolicy.cpp.
2435         (WebCore::isNotASCIISpace): Ditto.
2436         * page/csp/ContentSecurityPolicyMediaListDirective.h: Added.
2437         * page/csp/ContentSecurityPolicySource.cpp: Added.
2438         * page/csp/ContentSecurityPolicySource.h: Added.
2439         * page/csp/ContentSecurityPolicySourceList.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.
2440         (WebCore::isSourceCharacter): Moved from file ContentSecurityPolicy.cpp.
2441         (WebCore::isHostCharacter): Ditto.
2442         (WebCore::isPathComponentCharacter): Ditto.
2443         (WebCore::isSchemeContinuationCharacter): Ditto.
2444         (WebCore::isNotColonOrSlash): Ditto.
2445         (WebCore::isSourceListNone): Ditto.
2446         * page/csp/ContentSecurityPolicySourceList.h: Added.
2447         * page/csp/ContentSecurityPolicySourceListDirective.cpp: Added.
2448         * page/csp/ContentSecurityPolicySourceListDirective.h: Added.
2449
2450 2016-02-09  Brady Eidson  <beidson@apple.com>
2451
2452         Modern IDB: TransactionOperation objects leak.
2453         https://bugs.webkit.org/show_bug.cgi?id=154054
2454
2455         Reviewed by Alex Christensen.
2456
2457         No new tests (Currently untestable).
2458
2459         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
2460         (WebCore::IDBClient::IDBTransaction::abortOnServerAndCancelRequests): Remove the TransactionOperation from
2461           the map, as this operation doesn't complete "normally" like most others.
2462         (WebCore::IDBClient::IDBTransaction::commitOnServer): Ditto.
2463         
2464         * Modules/indexeddb/client/TransactionOperation.h:
2465         (WebCore::IDBClient::TransactionOperation::perform): Clear the m_performFunction after use,
2466           as it holds a lambda that holds a RefPtr to the IDBTransaction, as well as a self-ref.
2467         (WebCore::IDBClient::TransactionOperation::completed): Clear m_completeFunction for the same reasons.
2468
2469 2016-02-09  Jer Noble  <jer.noble@apple.com>
2470
2471         [Mac] Graphical corruption in videos when enabling custom loading path
2472         https://bugs.webkit.org/show_bug.cgi?id=154044
2473
2474         Reviewed by Alex Christensen.
2475
2476         The NSOperationQueue provided by AVFoundation from the AVAssetResourceLoader queue is not
2477         set to be a serial queue. So when adding dataReceived operations to that queue, there exists
2478         the possibility that some operations are handled before others, and the client will receieve
2479         data out of order.
2480
2481         A real NSURLSession object will only issue another operation when the first operation
2482         completes, so emulate this behavior in WebCoreNSURLSession by using a serial dispatch queue.
2483         The internal queue will enqueue an operation to the resource loader's queue, and block until
2484         that operation completes, thus ensuring ordering of the data (and other) operations.
2485
2486         * platform/network/cocoa/WebCoreNSURLSession.h:
2487         * platform/network/cocoa/WebCoreNSURLSession.mm:
2488         (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Initialize _internalQueue
2489         (-[WebCoreNSURLSession addDelegateOperation:]): Added utility method.
2490         (-[WebCoreNSURLSession taskCompleted:]): Call -addDelegateOperation:
2491         (-[WebCoreNSURLSession finishTasksAndInvalidate]): Ditto.
2492         (-[WebCoreNSURLSession resetWithCompletionHandler:]): Ditto.
2493         (-[WebCoreNSURLSession flushWithCompletionHandler:]): Ditto.
2494         (-[WebCoreNSURLSession getTasksWithCompletionHandler:]): Ditto.
2495         (-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]): Ditto.
2496         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Ditto.
2497         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Ditto.
2498         (-[WebCoreNSURLSessionDataTask resourceFinished:]): Ditto.
2499
2500         Drive-by fix:
2501         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Set countOfBytesReceived outside the operation,
2502             queue, matching NSURLSessionDataTask's behavior.
2503
2504 2016-02-09  Nan Wang  <n_wang@apple.com>
2505
2506         [iOS Simulator] accessibility/text-marker/text-marker-range-stale-node-crash.html crashing
2507         https://bugs.webkit.org/show_bug.cgi?id=154039
2508
2509         Reviewed by Chris Fleizach.
2510
2511         We are accessing the derefed node in the CharacterOffset object, we should create an empty
2512         CharacterOffset object if the node is not in use.
2513
2514         It's covered by the test accessibility/text-marker/text-marker-range-stale-node-crash.html.
2515
2516         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
2517         (-[WebAccessibilityTextMarker characterOffset]):
2518         (-[WebAccessibilityTextMarker isIgnored]):
2519
2520 2016-02-09  Myles C. Maxfield  <mmaxfield@apple.com>
2521
2522         Unreviewed build fix after r196322
2523
2524         Unreviewed.
2525
2526         * css/CSSFontFace.cpp:
2527         (WebCore::CSSFontFace::font):
2528
2529 2016-02-09  Zalan Bujtas  <zalan@apple.com>
2530
2531         Outline corners do not align properly for multiline inlines.
2532         https://bugs.webkit.org/show_bug.cgi?id=154025
2533
2534         Reviewed by David Hyatt.
2535
2536         Adjust border position when outline-offset > 0. This patch also
2537         removes integral pixelsnapping (drawLineForBoxSide takes care of
2538         device pixelsnapping). 
2539
2540         Test: fast/inline/outline-corners-with-offset.html
2541
2542         * rendering/RenderInline.cpp:
2543         (WebCore::RenderInline::paintOutlineForLine):
2544
2545 2016-02-09  Jer Noble  <jer.noble@apple.com>
2546
2547         [Mac] Adopt NSURLSession properties in AVAssetResourceLoader
2548
2549         Rubber-stamped by Eric Carlson;
2550
2551         Set the correct global variable from setAVFoundationNSURLSessionEnabled().
2552
2553         * page/Settings.cpp:
2554         (WebCore::Settings::setAVFoundationNSURLSessionEnabled):
2555
2556 2016-02-07  Gavin Barraclough  <barraclough@apple.com>
2557
2558         GetValueFunc/PutValueFunc should not take both slotBase and thisValue
2559         https://bugs.webkit.org/show_bug.cgi?id=154009
2560
2561         Reviewed by Geoff Garen.
2562
2563         In JavaScript there are two types of properties - regular value properties, and accessor properties.
2564         One difference between these is how they are reflected by getOwnPropertyDescriptor, and another is
2565         what object they operate on in the case of a prototype access. If you access a value property of a
2566         prototype object it return a value pertinent to the prototype, but in the case of a prototype object
2567         returning an accessor, then the accessor function is applied to the base object of the access.
2568
2569         JSC supports special 'custom' properties implemented as a c++ callback, and these custom properties
2570         can be used to implement either value- or accessor-like behavior. getOwnPropertyDescriptor behavior
2571         is selected via the CustomAccessor attribute. Value- or accessor-like object selection is current
2572         supported by passing both the slotBase and the thisValue to the callback,and hoping it uses the
2573         right one. This is probably inefficient, bug-prone, and leads to crazy like JSBoundSlotBaseFunction.
2574
2575         Instead, just pass one thisValue to the callback functions, consistent with CustomAccessor.
2576
2577         * bindings/js/JSDOMBinding.cpp:
2578         (WebCore::printErrorMessageForFrame):
2579         (WebCore::objectToStringFunctionGetter):
2580         * bindings/js/JSDOMBinding.h:
2581         (WebCore::propertyNameToString):
2582         (WebCore::getStaticValueSlotEntryWithoutCaching<JSDOMObject>):
2583         (WebCore::nonCachingStaticFunctionGetter):
2584         * bindings/js/JSDOMWindowCustom.cpp:
2585         (WebCore::JSDOMWindow::visitAdditionalChildren):
2586         (WebCore::childFrameGetter):
2587         (WebCore::namedItemGetter):
2588         (WebCore::jsDOMWindowWebKit):
2589         (WebCore::jsDOMWindowIndexedDB):
2590             - add missing null check, in case indexDB acessor is applied to non-window object.
2591         * bindings/js/JSPluginElementFunctions.cpp:
2592         (WebCore::pluginScriptObject):
2593         (WebCore::pluginElementPropertyGetter):
2594         * bindings/js/JSPluginElementFunctions.h:
2595         * bindings/scripts/CodeGeneratorJS.pm:
2596         (GenerateHeader):
2597         (GenerateImplementation):
2598         * bridge/runtime_array.cpp:
2599         (JSC::RuntimeArray::destroy):
2600         (JSC::RuntimeArray::lengthGetter):
2601         * bridge/runtime_array.h:
2602         * bridge/runtime_method.cpp:
2603         (JSC::RuntimeMethod::finishCreation):
2604         (JSC::RuntimeMethod::lengthGetter):
2605         * bridge/runtime_method.h:
2606         * bridge/runtime_object.cpp:
2607         (JSC::Bindings::RuntimeObject::invalidate):
2608         (JSC::Bindings::RuntimeObject::fallbackObjectGetter):
2609         (JSC::Bindings::RuntimeObject::fieldGetter):
2610         (JSC::Bindings::RuntimeObject::methodGetter):
2611         * bridge/runtime_object.h:
2612             - Merged slotBase & thisValue to custom property callbacks.
2613
2614 2016-02-09  Jer Noble  <jer.noble@apple.com>
2615
2616         Build-fix; add Nullibility macros around previously un-macro'd class definitions.
2617
2618         * platform/spi/mac/AVFoundationSPI.h:
2619
2620 2016-02-04  Jer Noble  <jer.noble@apple.com>
2621
2622         [Mac] Adopt NSURLSession properties in AVAssetResourceLoader
2623         https://bugs.webkit.org/show_bug.cgi?id=153873
2624
2625         Reviewed by Eric Carlson.
2626
2627         Adopt a new AVAssetResourceLoader API allowing clients to specify a NSURLSession object to
2628         use for media loading, and control the use of this property with a new Setting.
2629
2630         * page/Settings.cpp:
2631         (WebCore::Settings::setAVFoundationNSURLSessionEnabled):
2632         * page/Settings.h:
2633         (WebCore::Settings::isAVFoundationNSURLSessionEnabled):
2634         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
2635         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
2636         * platform/spi/mac/AVFoundationSPI.h:
2637
2638 2016-02-09  Myles C. Maxfield  <mmaxfield@apple.com>
2639
2640         Decouple font creation from font loading
2641         https://bugs.webkit.org/show_bug.cgi?id=153414
2642
2643         Reviewed by Darin Adler.
2644
2645         Previously, CSSFontFaceSource never triggered a font download until that font was actually used. This means
2646         that the function which triggers the download also has the goal of returning a font to use. However,
2647         the CSS Font Loading JavaScript API requires being able to trigger a font download without this extra font
2648         creation overhead.
2649
2650         In addition, this patch adds an explicit (and enforced) state transition diagram. The diagram looks like
2651         this:
2652                             => Success
2653                           //
2654         Pending => Loading
2655                           \\
2656                             => Failure
2657
2658         Therefore, the API for CSSFontFaceSource has changed to expose the concept of these new states. This means
2659         that its user (CSSSegmentedFontFaceSource) has been updated to handle each possible state that its constituent
2660         CSSFontFaceSources may be in.
2661
2662         No new tests because there is no behavior change.
2663
2664         * css/CSSFontFace.cpp:
2665         (WebCore::CSSFontFace::allSourcesFailed): Renamed to make the name clearer.
2666         (WebCore::CSSFontFace::addedToSegmentedFontFace): Use references instead of pointers.
2667         (WebCore::CSSFontFace::removedFromSegmentedFontFace): Ditto.
2668         (WebCore::CSSFontFace::adoptSource): Renamed to make the name clearer.
2669         (WebCore::CSSFontFace::fontLoaded): Use references instead of pointers. Also, remove old dead code.
2670         (WebCore::CSSFontFace::font): Adapt to the new API of CSSFontFaceSource.
2671         (WebCore::CSSFontFace::isValid): Deleted.
2672         (WebCore::CSSFontFace::addSource): Deleted.
2673         (WebCore::CSSFontFace::notifyFontLoader): Deleted. Old dead code.
2674         (WebCore::CSSFontFace::notifyLoadingDone): Deleted. Old dead code.
2675         * css/CSSFontFace.h:
2676         (WebCore::CSSFontFace::create): Remove old dead code.
2677         (WebCore::CSSFontFace::CSSFontFace): Use references instead of pointers.
2678         (WebCore::CSSFontFace::loadState): Deleted. Remove old dead code.
2679         * css/CSSFontFaceSource.cpp:
2680         (WebCore::CSSFontFaceSource::setStatus): Enforce state transitions.
2681         (WebCore::CSSFontFaceSource::CSSFontFaceSource): Explicitly handle new state transitions.
2682         (WebCore::CSSFontFaceSource::fontLoaded): Update for new states.
2683         (WebCore::CSSFontFaceSource::load): Pulled out code from font().
2684         (WebCore::CSSFontFaceSource::font): Moved code into load().
2685         (WebCore::CSSFontFaceSource::isValid): Deleted.
2686         (WebCore::CSSFontFaceSource::isDecodeError): Deleted.
2687         (WebCore::CSSFontFaceSource::ensureFontData): Deleted.
2688         * css/CSSFontFaceSource.h: Much cleaner API.
2689         * css/CSSFontSelector.cpp:
2690         (WebCore::createFontFace): Migrate to references instead of pointers. This requires a little
2691         reorganization.
2692         (WebCore::registerLocalFontFacesForFamily): Update to new CSSFontFaceSource API.
2693         (WebCore::CSSFontSelector::addFontFaceRule): Ditto.
2694         (WebCore::CSSFontSelector::getFontFace): Ditto.
2695         * css/CSSSegmentedFontFace.cpp:
2696         (WebCore::CSSSegmentedFontFace::CSSSegmentedFontFace): Migrate to references instead of pointers.
2697         (WebCore::CSSSegmentedFontFace::~CSSSegmentedFontFace): Ditto.
2698         (WebCore::CSSSegmentedFontFace::fontLoaded): Remove old dead code.
2699         (WebCore::CSSSegmentedFontFace::appendFontFace): Cleanup.
2700         (WebCore::CSSSegmentedFontFace::fontRanges): Adopt to new API.
2701         (WebCore::CSSSegmentedFontFace::pruneTable): Deleted.
2702         (WebCore::CSSSegmentedFontFace::isLoading): Deleted. Old dead code.
2703         (WebCore::CSSSegmentedFontFace::checkFont): Deleted. Ditto.
2704         (WebCore::CSSSegmentedFontFace::loadFont): Deleted. Ditto.
2705         * css/CSSSegmentedFontFace.h:
2706         (WebCore::CSSSegmentedFontFace::create): Migrate to references instead of pointers.
2707         (WebCore::CSSSegmentedFontFace::fontSelector): Ditto.
2708         (WebCore::CSSSegmentedFontFace::LoadFontCallback::~LoadFontCallback): Deleted.
2709         * loader/cache/CachedFont.cpp:
2710         (WebCore::CachedFont::didAddClient): Migrate to references instead of pointers.
2711         (WebCore::CachedFont::checkNotify): Ditto.
2712         * loader/cache/CachedFontClient.h:
2713         (WebCore::CachedFontClient::fontLoaded): Ditto.
2714
2715 2016-02-09  Brady Eidson  <beidson@apple.com>
2716
2717         Modern IDB: IDBOpenDBRequests leak.
2718         https://bugs.webkit.org/show_bug.cgi?id=154032
2719
2720         Reviewed by Alex Christensen.
2721
2722         No new tests (Currently untestable).
2723
2724         * CMakeLists.txt:
2725         * WebCore.xcodeproj/project.pbxproj:
2726
2727         Add a simple Event subclass that holds a ref to an IDBRequest, to make sure that we
2728         drop the last ref to the request after its last event fires or is otherwise destroyed:
2729         * Modules/indexeddb/IDBRequestCompletionEvent.cpp: Added.
2730         (WebCore::IDBRequestCompletionEvent::IDBRequestCompletionEvent):
2731         * Modules/indexeddb/IDBRequestCompletionEvent.h: Added.
2732         (WebCore::IDBRequestCompletionEvent::create):
2733
2734         * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
2735         (WebCore::IDBClient::IDBOpenDBRequest::onError): IDBRequestCompletionEvent instead of Event.
2736         (WebCore::IDBClient::IDBOpenDBRequest::fireSuccessAfterVersionChangeCommit): Ditto.
2737         (WebCore::IDBClient::IDBOpenDBRequest::fireErrorAfterVersionChangeCompletion): Ditto.
2738         (WebCore::IDBClient::IDBOpenDBRequest::onSuccess): Ditto.
2739
2740         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
2741         (WebCore::IDBClient::IDBTransaction::dispatchEvent): After setting up the request's 
2742           completion event to fire, clear the back-ref to the request.
2743
2744 2016-02-09  Commit Queue  <commit-queue@webkit.org>
2745
2746         Unreviewed, rolling out r196286.
2747         https://bugs.webkit.org/show_bug.cgi?id=154026
2748
2749         Looks like 5% iOS PLT regression (Requested by kling on
2750         #webkit).
2751
2752         Reverted changeset:
2753
2754         "[iOS] Throw away some unlinked code when navigating to a new
2755         page."
2756         https://bugs.webkit.org/show_bug.cgi?id=154014
2757         http://trac.webkit.org/changeset/196286
2758
2759 2016-02-08  Chris Dumez  <cdumez@apple.com>
2760
2761         Attribute getters should not require an explicit 'this' value for Window properties
2762         https://bugs.webkit.org/show_bug.cgi?id=153968
2763
2764         Reviewed by Darin Adler.
2765
2766         Attribute getters should not require an explicit 'this' value for
2767         Window properties. This is because the Window interface is marked
2768         as [ImplicitThis]:
2769         - http://heycam.github.io/webidl/#ImplicitThis
2770         - https://www.w3.org/Bugs/Public/show_bug.cgi?id=29421
2771
2772         This matches the behavior of Firefox and the expectations of the W3C
2773         web-platform-tests.
2774
2775         No new tests, already covered by existing tests.
2776
2777         * bindings/scripts/CodeGeneratorJS.pm:
2778         In attribute getters of an interface marked as [ImplicitThis],
2779         if 'thisValue' is undefined or null, fall back to using the
2780         global object as 'thisValue'.
2781
2782         * bindings/scripts/IDLAttributes.txt:
2783         Add support for [ImplicitThis]:
2784         http://heycam.github.io/webidl/#ImplicitThis
2785
2786         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
2787         * bindings/scripts/test/JS/JSTestException.cpp:
2788         * bindings/scripts/test/JS/JSTestInterface.cpp:
2789         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
2790         * bindings/scripts/test/JS/JSTestNode.cpp:
2791         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
2792         * bindings/scripts/test/JS/JSTestObj.cpp:
2793         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
2794         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
2795         * bindings/scripts/test/JS/JSattribute.cpp:
2796         Rebaseline bindings tests.
2797
2798         * page/DOMWindow.idl:
2799         Mark Window as [ImplicitThis]:
2800         http://heycam.github.io/webidl/#ImplicitThis
2801
2802 2016-02-08  Nan Wang  <n_wang@apple.com>
2803
2804         AX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&)
2805         https://bugs.webkit.org/show_bug.cgi?id=154018
2806
2807         Reviewed by Chris Fleizach.
2808
2809         Sometimes rangeForUnorderedCharacterOffsets call is accessing derefed node objects
2810         and leading to a crash. Fixed it by checking isNodeInUse before creating the CharacterOffset
2811         object.
2812
2813         Test: accessibility/text-marker/text-marker-range-stale-node-crash.html
2814
2815         * accessibility/AXObjectCache.cpp:
2816         (WebCore::AXObjectCache::visiblePositionForTextMarkerData):
2817         (WebCore::AXObjectCache::characterOffsetForTextMarkerData):
2818         (WebCore::AXObjectCache::traverseToOffsetInRange):
2819         * accessibility/AXObjectCache.h:
2820         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
2821         (-[WebAccessibilityObjectWrapper rangeForTextMarkerRange:]):
2822         (characterOffsetForTextMarker):
2823         (-[WebAccessibilityObjectWrapper characterOffsetForTextMarker:]):
2824         (textMarkerForVisiblePosition):
2825
2826 2016-02-08  Andreas Kling  <akling@apple.com>
2827
2828         [iOS] Throw away some unlinked code when navigating to a new page.
2829         <https://webkit.org/b/154014>
2830
2831         Reviewed by Gavin Barraclough.
2832
2833         Extended the mechanism introduced earlier to also throw away unlinked code
2834         that's only relevant to the page that we're navigating away from.
2835
2836         The new JSC::VM API is deleteAllCodeExceptCaches() and it does what it sounds
2837         like, deleting unlinked and linked code but leaving code caches alone.
2838
2839         This means that if the page we're navigating to wants to parse some of the
2840         same JS that the page we're leaving had on it, it might still be found in the
2841         JSC::CodeCache.
2842
2843         Doing a back navigation to a PageCache'd page may now incur some reparsing,
2844         just like leaving the app or tab would.
2845
2846         * bindings/js/GCController.cpp:
2847         (WebCore::GCController::deleteAllCodeExceptCaches):
2848         (WebCore::GCController::deleteAllLinkedCode): Deleted.
2849         * bindings/js/GCController.h:
2850         * loader/FrameLoader.cpp:
2851         (WebCore::FrameLoader::commitProvisionalLoad):
2852
2853 2016-02-08  Daniel Bates  <dabates@apple.com>
2854
2855         CSP connect-src directive should block redirects
2856         https://bugs.webkit.org/show_bug.cgi?id=69359
2857         <rdar://problem/24383025>
2858
2859         Reviewed by Brent Fulgham.
2860
2861         Inspired by Blink patch:
2862         <https://src.chromium.org/viewvc/blink?revision=150246&view=revision>
2863
2864         Apply the connect-src directive of the Content Security Policy for the document or worker to the redirect URL
2865         of an XMLHttpRequest and EventSource load so as to conform to section Paths and Redirects of the CSP 2.0 spec.,
2866         <https://w3c.github.io/webappsec-csp/2/#source-list-paths-and-redirects> (29 August 2015).
2867
2868         Additionally, check that each requested script URL passed to WorkerGlobalScope.importScripts() is allowed by
2869         the CSP of the worker before initiating a load for it. If some URL i is blocked by the CSP policy
2870         then we do not try to load URLs j >= i.
2871
2872         Tests: http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html
2873                http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html
2874                http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html
2875                http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html
2876                http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html
2877                http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html
2878                http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html
2879                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html
2880                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html
2881                http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html
2882                http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html
2883
2884         * fileapi/FileReaderLoader.cpp:
2885         (WebCore::FileReaderLoader::start): Do not enforce a CSP directive as CSP is not applicable to File API.
2886         * inspector/InspectorNetworkAgent.cpp:
2887         (WebCore::InspectorNetworkAgent::loadResource): Do not enforce a CSP directive as CSP should not interfere
2888         with the Web Inspector.
2889         * loader/DocumentThreadableLoader.cpp:
2890         (WebCore::DocumentThreadableLoader::loadResourceSynchronously): Modified to take an optional ContentSecurityPolicy
2891         and pass it through to DocumentThreadableLoader::create().
2892         (WebCore::DocumentThreadableLoader::create): Modified to take an optional ContentSecurityPolicy and pass it through
2893         to DocumentThreadableLoader::DocumentThreadableLoader().
2894         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Modified to take an optional ContentSecurityPolicy.
2895         Asserts that the CSP allows the load of the request URL so as to catch when a caller creates a loader for a request
2896         that is not allowed by the CSP. The caller should not create a loader for such a request.
2897         (WebCore::DocumentThreadableLoader::redirectReceived): Check if the CSP allows the redirect URL. If it does not
2898         then notify the client that the redirect check failed.
2899         (WebCore::DocumentThreadableLoader::loadRequest): Ditto.
2900         (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Checks that the specified URL is allowed
2901         by the enforced CSP directive.
2902         (WebCore::DocumentThreadableLoader::contentSecurityPolicy): Returns the ContentSecurityPolicy object passed to
2903         DocumentThreadableLoader on instantiation or the ContentSecurityPolicy object of the associated document.
2904         * loader/DocumentThreadableLoader.h: Add overloaded variants of DocumentThreadableLoader::{create, loadResourceSynchronously}()
2905         that take a std::unique_ptr<ContentSecurityPolicy>&&. Remove some unnecessary headers.
2906         * loader/ThreadableLoader.cpp:
2907         (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Take the CSP directive to enforce and store it.
2908         (WebCore::ThreadableLoaderOptions::isolatedCopy): Copy the CSP directive to enforce.
2909         * loader/ThreadableLoader.h: Added member field to store the CSP directive to enforce (defaults to enforce the
2910         directive connect-src - the most appropriate directive in most circumstances). As of the time of writing,
2911         only WorkerGlobalScope.importScripts() enforces a different directive: script-src.
2912         * loader/WorkerThreadableLoader.cpp:
2913         (WebCore::WorkerThreadableLoader::WorkerThreadableLoader): Pass the SecurityOrigin and ContentSecurityPolicy associated
2914         with the WorkerGlobalScope to WorkerThreadableLoader::MainThreadBridge::MainThreadBridge().
2915         (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass a copy of the worker's ContentSecurityPolicy
2916         to the DocumentThreadableLoader.
2917         * loader/WorkerThreadableLoader.h:
2918         * page/EventSource.cpp:
2919         (WebCore::EventSource::connect): Enforce the CSP directive connect-src on redirects unless we are running in an isolated world.
2920         * workers/AbstractWorker.cpp:
2921         (WebCore::AbstractWorker::resolveURL): Modified to take a boolean whether to bypass the main world Content Security Policy
2922         instead of querying for it directly.
2923         * workers/AbstractWorker.h:
2924         * workers/Worker.cpp:
2925         (WebCore::Worker::create): Added FIXME to enforce child-src directive of the document's CSP to the worker's script URL
2926         on redirect once we fix <https://bugs.webkit.org/show_bug.cgi?id=153562>. For now, do not enforce a CSP policy on redirect
2927         of the worker's script URL.
2928         * workers/WorkerGlobalScope.cpp:
2929         (WebCore::WorkerGlobalScope::importScripts): Check that the requested URL is allowed by the CSP of the worker (if applicable).
2930         Enforce the CSP directive script-src on redirects unless we are running in an isolated world.
2931         * workers/WorkerScriptLoader.cpp:
2932         (WebCore::WorkerScriptLoader::loadSynchronously): Pass SecurityOrigin and ContentSecurityPolicyEnforcement to WorkerThreadableLoader.
2933         (WebCore::WorkerScriptLoader::loadAsynchronously): Ditto.
2934         * workers/WorkerScriptLoader.h:
2935         * xml/XMLHttpRequest.cpp:
2936         (WebCore::XMLHttpRequest::createRequest): Enforce the CSP directive connect-src on redirects unless we are running in
2937         an isolated world.
2938
2939 2016-02-08  Antti Koivisto  <antti@apple.com>
2940
2941         Try to fix Yosemite build.
2942
2943         * dom/ComposedTreeIterator.h:
2944         (WebCore::ComposedTreeIterator::ComposedTreeIterator):
2945         (WebCore::ComposedTreeIterator::traverseNext):
2946
2947 2016-02-08  Antti Koivisto  <antti@apple.com>
2948
2949         Implement ComposedTreeIterator in terms of ElementAndTextDescendantIterator
2950         https://bugs.webkit.org/show_bug.cgi?id=154003
2951
2952         Reviewed by Darin Adler.
2953
2954         Currently ComposedTreeIterator implements tree traversal using NodeTraversal. This makes it overly complicated.
2955         It can also return nodes other than Element and Text which should not be part of the composed tree.
2956
2957         This patch adds a new iterator type, ElementAndTextDescendantIterator, similar to the existing ElementDescendantIterator.
2958         ComposedTreeIterator is then implemented using this new iterator.
2959
2960         When entering a shadow tree or a slot the local iterator is pushed along with the context stack and a new local
2961         iterator is initialized for the new context. When leaving a shadow tree the context stack is popped and the previous
2962         local iterator becomes active.
2963
2964         * WebCore.xcodeproj/project.pbxproj:
2965         * dom/ComposedTreeIterator.cpp:
2966         (WebCore::ComposedTreeIterator::ComposedTreeIterator):
2967         (WebCore::ComposedTreeIterator::initializeContextStack):
2968         (WebCore::ComposedTreeIterator::pushContext):
2969         (WebCore::ComposedTreeIterator::traverseNextInShadowTree):
2970         (WebCore::ComposedTreeIterator::traverseNextLeavingContext):
2971         (WebCore::ComposedTreeIterator::advanceInSlot):
2972         (WebCore::ComposedTreeIterator::traverseSiblingInSlot):
2973         (WebCore::ComposedTreeIterator::initializeShadowStack): Deleted.
2974         (WebCore::ComposedTreeIterator::traverseParentInShadowTree): Deleted.
2975         (WebCore::ComposedTreeIterator::traverseNextSiblingSlot): Deleted.
2976         (WebCore::ComposedTreeIterator::traversePreviousSiblingSlot): Deleted.
2977         * dom/ComposedTreeIterator.h:
2978         (WebCore::ComposedTreeIterator::operator*):
2979         (WebCore::ComposedTreeIterator::operator->):
2980         (WebCore::ComposedTreeIterator::operator==):
2981         (WebCore::ComposedTreeIterator::operator!=):
2982         (WebCore::ComposedTreeIterator::operator++):
2983         (WebCore::ComposedTreeIterator::Context::Context):
2984         (WebCore::ComposedTreeIterator::context):
2985         (WebCore::ComposedTreeIterator::current):
2986         (WebCore::ComposedTreeIterator::ComposedTreeIterator):
2987         (WebCore::ComposedTreeIterator::traverseNext):
2988         (WebCore::ComposedTreeIterator::traverseNextSkippingChildren):
2989         (WebCore::ComposedTreeIterator::traverseNextSibling):
2990         (WebCore::ComposedTreeIterator::traversePreviousSibling):
2991         (WebCore::ComposedTreeDescendantAdapter::ComposedTreeDescendantAdapter):
2992         (WebCore::ComposedTreeDescendantAdapter::begin):
2993         (WebCore::ComposedTreeDescendantAdapter::end):
2994         (WebCore::ComposedTreeDescendantAdapter::at):
2995         (WebCore::ComposedTreeChildAdapter::Iterator::Iterator):
2996         (WebCore::ComposedTreeChildAdapter::ComposedTreeChildAdapter):
2997         (WebCore::ComposedTreeChildAdapter::begin):
2998         (WebCore::ComposedTreeChildAdapter::end):
2999         (WebCore::ComposedTreeChildAdapter::at):
3000         (WebCore::ComposedTreeIterator::ShadowContext::ShadowContext): Deleted.
3001         (WebCore::ComposedTreeIterator::traverseParent): Deleted.
3002         * dom/ElementAndTextDescendantIterator.h: Added.
3003
3004             New iterator type that traverses Element and Text nodes (that is renderable nodes only).
3005             It also tracks depth for future use.
3006
3007 2016-02-08  Joseph Pecoraro  <pecoraro@apple.com>
3008
3009         Web Inspector: copy({x:1}) should copy "{x:1}", not "[object Object]"
3010         https://bugs.webkit.org/show_bug.cgi?id=148605
3011
3012         Reviewed by Brian Burg.
3013
3014         Test: inspector/console/command-line-api-copy.html
3015
3016         * inspector/CommandLineAPIModuleSource.js:
3017         (CommandLineAPIImpl.prototype.copy):
3018         Support copying different types. This is meant to be more
3019         convenient then just JSON.stringify, so it handles types
3020         like Node, Symbol, RegExp, and Function a bit better.
3021
3022 2016-02-08  Said Abou-Hallawa  <sabouhallawa@apple.com>
3023
3024         REGRESSION(r181345): SVG polyline and polygon leak page
3025         https://bugs.webkit.org/show_bug.cgi?id=152759
3026
3027         Reviewed by Darin Adler.
3028
3029         The leak happens because of cyclic reference between SVGListPropertyTearOff 
3030         and SVGAnimatedListPropertyTearOff which is derived from SVGAnimatedProperty.
3031         There is also cyclic reference between SVGAnimatedProperty and SVGElement
3032         and this causes the whole document to be leaked. So if the JS requests, for
3033         example, an instance of SVGPolylineElement.points, the whole document will be
3034         leaked.
3035
3036         The fix depends on having the cyclic reference as is since the owning and the
3037         owned classes have to live together if any of them is referenced. But the owning
3038         class caches a raw 'ref-counted' pointer of the owned class. If it is requested
3039         for an instance of the owned class it returned a RefPtr<> of it. Once the owned
3040         class is not used, it can delete itself. The only thing needed here is to notify
3041         the owner class of the deletion so it cleans its caches and be able to create a
3042         new pointer if it is requested for an instance of the owned class later.
3043
3044         Revert the change of r181345 in SVGAnimatedProperty::lookupOrCreateWrapper()
3045         to break the cyclic reference between SVGElement and SVGAnimatedProperty.
3046         
3047         Also apply the same approach in SVGAnimatedListPropertyTearOff::baseVal() and
3048         animVal() to break cyclic reference between SVGListPropertyTearOff and
3049         SVGAnimatedListPropertyTearOff.
3050
3051         Test: svg/animations/smil-leak-list-property-instances.svg
3052
3053         * bindings/scripts/CodeGeneratorJS.pm:
3054         (NativeToJSValue): The SVG non-string list tear-off properties became of
3055         type RefPtr<>. So we need to use get() with the casting expressions.
3056         
3057         * svg/SVGMarkerElement.cpp:
3058         (WebCore::SVGMarkerElement::orientType):
3059         Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().
3060
3061         * svg/SVGPathElement.cpp:
3062         (WebCore::SVGPathElement::pathByteStream):
3063         (WebCore::SVGPathElement::lookupOrCreateDWrapper):
3064         Since SVGAnimatedProperty::lookupWrappe() returns a RefPtr<> we need to 
3065         use get() for the casting expressions.
3066         
3067         (WebCore::SVGPathElement::pathSegList):
3068         (WebCore::SVGPathElement::normalizedPathSegList):
3069         (WebCore::SVGPathElement::animatedPathSegList):
3070         (WebCore::SVGPathElement::animatedNormalizedPathSegList):
3071         * svg/SVGPathElement.h:
3072         Change the return value from raw pointer to RefPtr<>.
3073
3074         * svg/SVGPathSegWithContext.h:
3075         (WebCore::SVGPathSegWithContext::animatedProperty):
3076         Change the return type to be RefPtr<> to preserve the value from being deleted.
3077         
3078         * svg/SVGPolyElement.cpp:
3079         (WebCore::SVGPolyElement::parseAttribute):
3080         Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to 
3081         use get() for the casting expressions.
3082         
3083         (WebCore::SVGPolyElement::points):
3084         (WebCore::SVGPolyElement::animatedPoints):
3085         * svg/SVGPolyElement.h:
3086         Change the return value from raw pointer to RefPtr<>.
3087         
3088         * svg/SVGViewSpec.cpp:
3089         (WebCore::SVGViewSpec::setTransformString):
3090         Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to 
3091         use get() for the casting expressions.
3092
3093         (WebCore::SVGViewSpec::transform):
3094         * svg/SVGViewSpec.h:
3095         Change the return value from raw pointer to RefPtr<>.
3096         
3097         * svg/properties/SVGAnimatedListPropertyTearOff.h:
3098         (WebCore::SVGAnimatedListPropertyTearOff::baseVal):
3099         (WebCore::SVGAnimatedListPropertyTearOff::animVal):
3100         Change the return value from raw pointer to RefPtr<> and change the cached
3101         value from RefPtr<> to raw pointer. If the property is null, it will be
3102         created, its raw pointer will be cached and the only ref-counted RefPtr<>
3103         will be returned. This will guarantee, the RefPtr<> will be deleted once
3104         it is not used anymore. 
3105         
3106         (WebCore::SVGAnimatedListPropertyTearOff::propertyWillBeDeleted):
3107         Clean the raw pointer caches m_baseVal and m_animVal upon deleting the
3108         actual pointer. This function will be called from the destructor of
3109         SVGListPropertyTearOff.
3110         
3111         (WebCore::SVGAnimatedListPropertyTearOff::findItem):
3112         (WebCore::SVGAnimatedListPropertyTearOff::removeItemFromList):
3113         We have to ensure the baseVal() is created before using it.
3114         
3115         (WebCore::SVGAnimatedListPropertyTearOff::detachListWrappers):
3116         (WebCore::SVGAnimatedListPropertyTearOff::currentAnimatedValue):
3117         (WebCore::SVGAnimatedListPropertyTearOff::animationStarted):
3118         (WebCore::SVGAnimatedListPropertyTearOff::animationEnded):
3119         (WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
3120         (WebCore::SVGAnimatedListPropertyTearOff::animValWillChange):
3121         (WebCore::SVGAnimatedListPropertyTearOff::animValDidChange):
3122         For animation, a separate RefPtr<> 'm_animatingAnimVal' will be assigned
3123         to the animVal(). This will prevent deleting m_animVal while animation.
3124         
3125         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
3126         (WebCore::SVGAnimatedPathSegListPropertyTearOff::baseVal):
3127         (WebCore::SVGAnimatedPathSegListPropertyTearOff::animVal):
3128         Same as what is done in SVGAnimatedListPropertyTearOff.
3129         
3130         (WebCore::SVGAnimatedPathSegListPropertyTearOff::findItem):
3131         (WebCore::SVGAnimatedPathSegListPropertyTearOff::removeItemFromList):
3132         Same as what is done in SVGAnimatedListPropertyTearOff.
3133         
3134         * svg/properties/SVGAnimatedProperty.h:
3135         (WebCore::SVGAnimatedProperty::lookupOrCreateWrapper):
3136         Change the return value from raw reference to Ref<> and change the
3137         cached value from Ref<> to raw pointer. This reverts the change of
3138         r181345 in this function.
3139         
3140         (WebCore::SVGAnimatedProperty::lookupWrapper):
3141         Change the return value from raw pointer to RefPtr<>.
3142         
3143         * svg/properties/SVGAnimatedPropertyMacros.h:
3144         Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().
3145         
3146         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
3147         (WebCore::SVGAnimatedTransformListPropertyTearOff::baseVal):
3148         (WebCore::SVGAnimatedTransformListPropertyTearOff::animVal):
3149         Same as what is done in SVGAnimatedListPropertyTearOff.
3150
3151         * svg/properties/SVGListPropertyTearOff.h:
3152         (WebCore::SVGListPropertyTearOff::~SVGListPropertyTearOff):
3153         Call the SVGAnimatedListPropertyTearOff::propertyWillBeDeleted() to clean
3154         its raw pointers when the RefPtr<> deletes itself.
3155
3156 2016-02-08  Carlos Garcia Campos  <cgarcia@igalia.com>
3157
3158         [GTK] WebKitWebView should send crossing events to the WebProcess
3159         https://bugs.webkit.org/show_bug.cgi?id=153740
3160
3161         Reviewed by Michael Catanzaro.
3162
3163         Update the target element under the mouse also when only updating
3164         scrollbars, so that if the mouse enters the page when the window
3165         is not active, the scroll animator is notified that the mouse
3166         entered the scrollable area.
3167
3168         * page/EventHandler.cpp:
3169         (WebCore::EventHandler::handleMouseMoveEvent): Call
3170         updateMouseEventTargetNode() before early returning in case of
3171         only updating scrollbars.
3172
3173 2016-02-08  Jeremy Jones  <jeremyj@apple.com>
3174
3175         PiP and external playback are mutually exclusive.
3176         https://bugs.webkit.org/show_bug.cgi?id=153988
3177         rdar://problem/24108661
3178
3179         Reviewed by Eric Carlson.
3180
3181         Adding isPlayingOnSecondScreen to isPlayingOnExternalScreen allows AVKit to disable PiP
3182         when appropriate. Testing video fullscreen mode in updateDisableExternalPlayback allows us to 
3183         turn-off external playback when entering picture-in-picture.
3184
3185         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
3186         (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenMode):
3187         (WebCore::MediaPlayerPrivateAVFoundationObjC::updateDisableExternalPlayback):
3188         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
3189         (-[WebAVPlayerController isPlayingOnExternalScreen]):
3190         (+[WebAVPlayerController keyPathsForValuesAffectingPlayingOnExternalScreen]):
3191
3192 2016-02-08  Commit Queue  <commit-queue@webkit.org>
3193
3194         Unreviewed, rolling out r196253.
3195         https://bugs.webkit.org/show_bug.cgi?id=153990
3196
3197         Caused several crashes in GTK+ bots (Requested by KaL on
3198         #webkit).
3199
3200         Reverted changeset:
3201
3202         "[GTK] WebKitWebView should send crossing events to the
3203         WebProcess"
3204         https://bugs.webkit.org/show_bug.cgi?id=153740
3205         http://trac.webkit.org/changeset/196253
3206
3207 2016-02-08  Jeremy Jones  <jeremyj@apple.com>
3208
3209         WebAVPlayerController should implement currentTimeWithinEndTimes.
3210         https://bugs.webkit.org/show_bug.cgi?id=153983
3211         rdar://problem/22864621
3212
3213         Reviewed by Eric Carlson.
3214
3215         Implement currentTimeWithinEndTimes in terms of seekToTime and AVTiming. This is a trivial
3216         implementation becuase AVPlayer start and end times aren't used.
3217
3218         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
3219         (-[WebAVPlayerController currentTimeWithinEndTimes]):
3220         (-[WebAVPlayerController setCurrentTimeWithinEndTimes:]):
3221         (+[WebAVPlayerController keyPathsForValuesAffectingCurrentTimeWithinEndTimes]):
3222
3223 2016-02-08  Carlos Garcia Campos  <cgarcia@igalia.com>
3224
3225         [GTK] WebKitWebView should send crossing events to the WebProcess
3226         https://bugs.webkit.org/show_bug.cgi?id=153740
3227
3228         Reviewed by Michael Catanzaro.
3229
3230         Update the target element under the mouse also when only updating
3231         scrollbars, so that if the mouse enters the page when the window
3232         is not active, the scroll animator is notified that the mouse
3233         entered the scrollable area.
3234
3235         * page/EventHandler.cpp:
3236         (WebCore::EventHandler::handleMouseMoveEvent): Call
3237         updateMouseEventTargetNode() before early returning in case of
3238         only updating scrollbars.
3239
3240 2016-02-08  Jeremy Jones  <jeremyj@apple.com>
3241
3242         WebVideoFullscreenInterface should handle video resizing.
3243         https://bugs.webkit.org/show_bug.cgi?id=153982
3244         rdar://problem/22031249
3245
3246         Reviewed by Eric Carlson.
3247
3248         Video fullscreen can be initiated before video dimension are available.
3249         Protect against an initial width or height of zero and observe resize events 
3250         to update once video dimensions become available or change.
3251
3252         * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
3253         (WebVideoFullscreenModelVideoElement::updateForEventName):
3254         (WebVideoFullscreenModelVideoElement::observedEventNames):
3255         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
3256         (-[WebAVPlayerLayer layoutSublayers]):
3257         (-[WebAVPlayerLayer videoRect]):
3258         (WebVideoFullscreenInterfaceAVKit::setVideoDimensions):
3259
3260 2016-02-08  Adrien Plazas  <aplazas@igalia.com>
3261
3262         Indent inline box test fails due to assertion in VisibleSelection::selectionFromContentsOfNode()
3263         https://bugs.webkit.org/show_bug.cgi?id=153824
3264
3265         Reviewed by Michael Catanzaro.
3266
3267         * editing/markup.cpp:
3268         (WebCore::highestAncestorToWrapMarkup):
3269
3270 2016-02-07  Sam Weinig  <sam@webkit.org>
3271
3272         Remove unused enum ScrollbarOverlayState.
3273
3274         Rubber-stamped by Dan Bernstein.
3275
3276         * platform/ScrollTypes.h:
3277
3278 2016-02-07  Sam Weinig  <sam@webkit.org>
3279
3280         Remove unnecessary respondsToSelector checks for methods that exist on all supported platforms
3281         https://bugs.webkit.org/show_bug.cgi?id=153970
3282
3283         Reviewed by Dan Bernstein.
3284
3285         -[NSScrollerImp mouseEnteredScroller], -[NSScrollerImp expansionTransitionProgress],
3286         -[NSScrollerImpPair contentAreaScrolledInDirection:], and -[NSScrollerImp setExpanded:]
3287         are now available on all supported OS's. No need to check for them.
3288
3289         * platform/mac/ScrollAnimatorMac.mm:
3290         (macScrollbarTheme):
3291         (-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):
3292         (-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
3293         (WebCore::ScrollAnimatorMac::mouseEnteredScrollbar):
3294         (WebCore::ScrollAnimatorMac::mouseExitedScrollbar):
3295         (WebCore::ScrollAnimatorMac::sendContentAreaScrolled):
3296         (WebCore::ScrollAnimatorMac::sendContentAreaScrolledTimerFired):
3297         (supportsUIStateTransitionProgress): Deleted.
3298         (supportsExpansionTransitionProgress): Deleted.
3299         (supportsContentAreaScrolledInDirection): Deleted.
3300         * platform/mac/ScrollbarThemeMac.mm:
3301         (+[WebScrollbarPrefsObserver appearancePrefsChanged:]):
3302         (+[WebScrollbarPrefsObserver behaviorPrefsChanged:]):
3303         (WebCore::ScrollbarThemeMac::scrollbarThickness):
3304
3305 2016-02-07  Sam Weinig  <sam@webkit.org>
3306
3307         Use modern SPI header idiom for NSScrollerImp and NSScrollerImpPair
3308         https://bugs.webkit.org/show_bug.cgi?id=153969
3309
3310         Reviewed by Dan Bernstein.
3311
3312         * WebCore.xcodeproj/project.pbxproj:
3313         Add new file NSScrollerImpSPI.h
3314
3315         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
3316         Use new include of NSScrollerImpSPI.h.
3317
3318         * platform/ScrollbarThemeComposite.h:
3319         Define ScrollbarPainter more precisely as NSScrollerImp * now that the type is available to us.
3320
3321         * platform/mac/NSScrollerImpDetails.h:
3322         Remove NSObject category based SPI usage with the modern one NSScrollerImpSPI.h
3323
3324         * platform/mac/NSScrollerImpDetails.mm:
3325         (WebCore::recommendedScrollerStyle):
3326         Simplify recommendedScrollerStyle() now that all OS's we ship on have +[NSScroller preferredScrollerStyle].
3327
3328         * platform/mac/ScrollAnimatorMac.mm:
3329         (supportsUIStateTransitionProgress):
3330         (supportsExpansionTransitionProgress):
3331         (supportsContentAreaScrolledInDirection):
3332         Stop using NSClassFromString now that we can reference the classes explicitly.
3333
3334         (-[WebScrollbarPainterControllerDelegate invalidate]):
3335         (-[WebScrollbarPainterControllerDelegate contentAreaRectForScrollerImpPair:]):
3336         (-[WebScrollbarPainterControllerDelegate inLiveResizeForScrollerImpPair:]):
3337         (-[WebScrollbarPainterControllerDelegate mouseLocationInContentAreaForScrollerImpPair:]):
3338         (-[WebScrollbarPainterControllerDelegate scrollerImpPair:convertContentPoint:toScrollerImp:]):
3339         (-[WebScrollbarPainterControllerDelegate scrollerImpPair:setContentAreaNeedsDisplayInRect:]):
3340         (-[WebScrollbarPainterControllerDelegate scrollerImpPair:updateScrollerStyleForNewRecommendedScrollerStyle:]):
3341         (-[WebScrollbarPainterDelegate layer]):
3342         (-[WebScrollbarPainterDelegate mouseLocationInScrollerForScrollerImp:]):
3343         (-[WebScrollbarPainterDelegate convertRectToLayer:]):
3344         (-[WebScrollbarPainterDelegate shouldUseLayerPerPartForScrollerImp:]):
3345         (-[WebScrollbarPainterDelegate setUpAlphaAnimation:scrollerPainter:part:animateAlphaTo:duration:]):
3346         (-[WebScrollbarPainterDelegate scrollerImp:animateKnobAlphaTo:duration:]):
3347         (-[WebScrollbarPainterDelegate scrollerImp:animateTrackAlphaTo:duration:]):
3348         (-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):
3349         (-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
3350         (-[WebScrollbarPainterDelegate scrollerImp:overlayScrollerStateChangedTo:]):
3351         (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
3352         (WebCore::ScrollAnimatorMac::lockOverlayScrollbarStateToHidden):
3353         (WebCore::ScrollAnimatorMac::didAddVerticalScrollbar):
3354         (WebCore::ScrollAnimatorMac::didAddHorizontalScrollbar):
3355         (WebCore::ScrollAnimatorMac::updateScrollerStyle):
3356         Add proper conforming to protocols and replace ids with proper types.
3357
3358         * platform/mac/ScrollbarThemeMac.mm:
3359         (WebCore::supportsExpandedScrollbars):
3360         (WebCore::ScrollbarThemeMac::registerScrollbar):
3361         (WebCore::ScrollbarThemeMac::scrollbarThickness):
3362         (WebCore::ScrollbarThemeMac::setUpContentShadowLayer):
3363         Stop using NSClassFromString now that we can reference the classes explicitly.
3364
3365         * platform/spi/mac/NSScrollerImpSPI.h: Added.
3366
3367 2016-02-07  Zalan Bujtas  <zalan@apple.com>
3368
3369         Outline does not clip when ancestor has overflow: hidden and requires layer.
3370         https://bugs.webkit.org/show_bug.cgi?id=153901
3371
3372         Now that outline is part of visual overflow, we no longer need the special outline cliprect.
3373         PaintPhaseChildOutlines drawing will switch to foreground cliprect. It ensures proper overflow clipping
3374         at parent level. PaintPhaseSelfOutline drawing will start using the visual overflow inflated background cliprect.
3375         With this change, outline will be using the same cliprects as the other visual overflow properties (box-shadow etc). 
3376
3377         Reviewed by David Hyatt.
3378
3379         Test: fast/repaint/outline-with-overflow-hidden-ancestor.html
3380
3381         * rendering/LayerFragment.h:
3382         (WebCore::LayerFragment::setRects):
3383         (WebCore::LayerFragment::moveBy): Deleted.
3384         (WebCore::LayerFragment::intersect): Deleted.
3385         * rendering/RenderLayer.cpp:
3386         (WebCore::RenderLayer::collectFragments):
3387         (WebCore::RenderLayer::paintOutlineForFragments):
3388         (WebCore::RenderLayer::calculateClipRects):
3389         (WebCore::RenderLayer::paintForegroundForFragments): Deleted.
3390         * rendering/RenderLayer.h:
3391         * rendering/RenderTreeAsText.cpp:
3392         (WebCore::write):
3393         (WebCore::writeLayers):
3394
3395 2016-02-07  Daniel Bates  <dabates@apple.com>
3396
3397         CSP: Allow Web Workers initiated from an isolated world to bypass the main world Content Security Policy
3398         https://bugs.webkit.org/show_bug.cgi?id=153622
3399         <rdar://problem/24400023>
3400
3401         Reviewed by Gavin Barraclough.
3402
3403         Fixes an issue where Web Workers initiated from an isolated world (say, a Safari Content Script Extension)
3404         would be subject to the Content Security Policy of the page.
3405
3406         Currently code in an isolated world that does not execute in a Web Worker is exempt from the CSP of
3407         the page. However, code that runs inside a Web Worker that was initiated from an isolated world is
3408         subject to the CSP of the page. Instead, such Web Worker code should also be exempt from the CSP of
3409         the page.
3410
3411         Tests: http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval.html
3412                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr.html
3413                http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html
3414
3415         * Modules/websockets/WebSocket.cpp:
3416         (WebCore::WebSocket::connect): Modified to ask the script execution context whether to bypass the
3417         main world Content Security Policy now that script execution context knows this information.
3418         * bindings/js/ScriptController.cpp:
3419         (WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy): Deleted; moved logic from here...
3420         * bindings/js/ScriptController.h:
3421         * dom/Document.cpp:
3422         (WebCore::Document::shouldBypassMainWorldContentSecurityPolicy): ...to here.
3423         * dom/Document.h:
3424         * dom/ScriptExecutionContext.h:
3425         (WebCore::ScriptExecutionContext::shouldBypassMainWorldContentSecurityPolicy): Added; defaults to false -
3426         do not bypass the main world Content Security Policy.
3427         * page/EventSource.cpp:
3428         (WebCore::EventSource::create): Modified to ask the script execution context whether to bypass the
3429         main world Content Security Policy now that script execution context knows this information.
3430         * page/csp/ContentSecurityPolicy.cpp:
3431         (WebCore::ContentSecurityPolicy::shouldBypassMainWorldContentSecurityPolicy): Deleted.
3432         * page/csp/ContentSecurityPolicy.h:
3433         * workers/AbstractWorker.cpp:
3434         (WebCore::AbstractWorker::resolveURL): Bypass the main world Content Security Policy if applicable.
3435         Added FIXME comment to enforce the child-src directive of the document's CSP (as opposed to the script-src
3436         directive) on the worker's script URL. Also, scriptExecutionContext()->contentSecurityPolicy() should
3437         always be non-null just as we expect scriptExecutionContext()->securityOrigin() to be non-null. Assert
3438         this invariant to catch cases where a ScriptExecutionContext is not properly initialized.
3439         * workers/DedicatedWorkerGlobalScope.cpp:
3440         (WebCore::DedicatedWorkerGlobalScope::create): Modified to take boolean argument shouldBypassMainWorldContentSecurityPolicy
3441         as to whether to bypass the main world Content Security Policy and only apply the Content Security
3442         Policy headers when shouldBypassMainWorldContentSecurityPolicy is false.
3443         (WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
3444         as to whether to bypass the main world Content Security Policy.
3445         * workers/DedicatedWorkerGlobalScope.h:
3446         * workers/DedicatedWorkerThread.cpp:
3447         (WebCore::DedicatedWorkerThread::DedicatedWorkerThread): Ditto.
3448         (WebCore::DedicatedWorkerThread::createWorkerGlobalScope): Ditto.
3449         * workers/DedicatedWorkerThread.h:
3450         * workers/Worker.cpp:
3451         (WebCore::Worker::create): Store whether we should bypass the main world Content Security Policy so
3452         that we can pass it to WorkerMessagingProxy::startWorkerGlobalScope() in Worker::notifyFinished().
3453         We need to store this decision here as opposed to determining it at any later time (say, in Worker::notifyFinished())
3454         because it is dependent on the current JavaScript program stack at the time this function is invoked.
3455         (WebCore::Worker::notifyFinished): Pass whether to bypass the main world Content Security Policy.
3456         * workers/Worker.h:
3457         * workers/WorkerGlobalScope.cpp:
3458         (WebCore::WorkerGlobalScope::WorkerGlobalScope): Modified to take a boolean as to whether to bypass the
3459         main world Content Security Policy and store it in a member field. Also, always instantiate a Content
3460         Security Policy object as our current code assumes that one is always created.
3461         * workers/WorkerGlobalScope.h:
3462         * workers/WorkerGlobalScopeProxy.h:
3463         * workers/WorkerMessagingProxy.cpp:
3464         (WebCore::WorkerMessagingProxy::startWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
3465         as to whether to bypass the main world Content Security Policy.
3466         * workers/WorkerMessagingProxy.h:
3467         * workers/WorkerThread.cpp:
3468         (WebCore::WorkerThreadStartupData::WorkerThreadStartupData): Modified to take a boolean argument as to
3469         whether to bypass the main world Content Security Policy and store it in a member field.
3470         (WebCore::WorkerThread::WorkerThread): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
3471         as to whether to bypass the main world Content Security Policy.
3472         (WebCore::WorkerThread::workerThread): Ditto.
3473         * workers/WorkerThread.h:
3474         * xml/XMLHttpRequest.cpp:
3475         (WebCore::XMLHttpRequest::open): Modified to ask the script execution context whether to bypass the
3476         main world Content Security Policy now that script execution context knows this information.
3477
3478 2016-02-07  Dan Bernstein  <mitz@apple.com>
3479
3480         [Cocoa] Replace __has_include guards around inclusion of Apple-internal-SDK headers with USE(APPLE_INTERNAL_SDK)
3481         https://bugs.webkit.org/show_bug.cgi?id=153963
3482
3483         Reviewed by Sam Weinig.
3484
3485         * accessibility/mac/AXObjectCacheMac.mm:
3486         * crypto/CommonCryptoUtilities.cpp:
3487         * crypto/CommonCryptoUtilities.h:
3488         * editing/mac/TextUndoInsertionMarkupMac.h:
3489         * editing/mac/TextUndoInsertionMarkupMac.mm:
3490         * platform/cocoa/TelephoneNumberDetectorCocoa.cpp:
3491         * platform/graphics/cg/ImageSourceCG.cpp:
3492         * platform/graphics/mac/PDFDocumentImageMac.mm:
3493         * platform/network/ios/NetworkStateNotifierIOS.mm:
3494         * platform/network/mac/BlobDataFileReferenceMac.mm:
3495         * platform/network/mac/ResourceHandleMac.mm:
3496         * rendering/RenderThemeMac.mm:
3497
3498 2016-02-07  Carlos Garcia Campos  <cgarcia@igalia.com>
3499
3500         REGRESSION(r195661): [GTK] Scrollbar tests crashing after overlay scrollbar groundwork
3501         https://bugs.webkit.org/show_bug.cgi?id=153695
3502
3503         Reviewed by Michael Catanzaro.
3504
3505         The problem is that ScrollAnimation objects are not destroyed by
3506         the ScrollAnimator destructor, because I forgot to add a virtual
3507         destructor for ScrollAnimation in r195661.
3508
3509         * platform/ScrollAnimation.h:
3510         (WebCore::ScrollAnimation::~ScrollAnimation):
3511
3512 2016-02-06  Chris Dumez  <cdumez@apple.com>
3513
3514         Prevent cross-origin access to window.history
3515         https://bugs.webkit.org/show_bug.cgi?id=153931
3516
3517         Reviewed by Darin Adler.
3518
3519         Prevent cross-origin access to window.history to match the specification [1]
3520         and the behavior of other browsers (tested Firefox and Chrome).
3521
3522         [1] https://html.spec.whatwg.org/multipage/browsers.html#security-window
3523
3524         No new tests, already covered by existing tests that
3525         were updated in this patch.
3526
3527         * bindings/js/JSHistoryCustom.cpp:
3528         (WebCore::JSHistory::pushState):
3529         (WebCore::JSHistory::replaceState):
3530         (WebCore::JSHistory::state): Deleted.
3531         * page/DOMWindow.idl:
3532         * page/History.idl:
3533
3534 2016-02-06  Beth Dakin  <bdakin@apple.com>
3535
3536         ScrollbarPainters needs to be deallocated on the main thread
3537         https://bugs.webkit.org/show_bug.cgi?id=153932
3538         -and corresponding-
3539         rdar://problem/24015483
3540
3541         Reviewed by Dan Bernstein.
3542
3543         Darin pointed out that this was still race-y. There was still a race 
3544         condition between the destruction of the two local variables and the
3545         destruction of the lambda on the main thread. This should fix that. 
3546         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
3547         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
3548         (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
3549         (WebCore::ScrollingTreeFrameScrollingNodeMac::releaseReferencesToScrollbarPaintersOnTheMainThread):
3550         (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):
3551
3552 2016-02-06  Darin Adler  <darin@apple.com>
3553
3554         Finish auditing call sites of upper() and lower(), eliminate many, and rename the functions
3555         https://bugs.webkit.org/show_bug.cgi?id=153905
3556
3557         Reviewed by Sam Weinig.
3558
3559         * Modules/mediasource/MediaSource.cpp:
3560         (WebCore::MediaSource::isTypeSupported): Use convertToASCIILowercase on MIME type.
3561
3562         * accessibility/AccessibilityObject.cpp:
3563         (WebCore::AccessibilityObject::selectText): Use new names for lower and upper. Also
3564         tweaked style a tiny bit and used u_toupper rather than converting an entire
3565         string to uppercase.
3566
3567         * dom/Document.cpp:
3568         (WebCore::Document::addImageElementByCaseFoldedUsemap): Renamed to reflect the use
3569         of case folding rather than lowercasing.
3570         (WebCore::Document::removeImageElementByCaseFoldedUsemap): Ditto.
3571         (WebCore::Document::imageElementByCaseFoldedUsemap): Ditto.
3572         * dom/Document.h: Ditto.
3573         * dom/DocumentOrderedMap.cpp:
3574         (WebCore::DocumentOrderedMap::getElementByCaseFoldedMapName): Ditto.
3575         (WebCore::DocumentOrderedMap::getElementByCaseFoldedUsemap): Ditto.
3576         * dom/DocumentOrderedMap.h: Ditto.
3577
3578         * dom/TreeScope.cpp:
3579         (WebCore::TreeScope::getImageMap): Removed unneeded special case for null string.
3580         Simplified logic for cases where the URL does not have a "#" character in it.
3581         Use case folding instead of lowercase.
3582
3583         * editing/cocoa/HTMLConverter.mm:
3584         (HTMLConverter::_processText): Removed unneded special case for the empty string.
3585         Use makCapitalized instead of Cocoa function for "capitalize". Use upper and lower
3586         functions by their new names.
3587
3588         * html/HTMLImageElement.cpp:
3589         (WebCore::HTMLImageElement::parseAttribute): Use case folding instead of
3590         lowerasing for the usemap attribute.
3591         (WebCore::HTMLImageElement::insertedInto): Ditto.
3592         (WebCore::HTMLImageElement::removedFrom): Ditto.
3593         (WebCore::HTMLImageElement::matchesCaseFoldedUsemap): Ditto.
3594         * html/HTMLImageElement.h: Rename since usemap is case folded now, not lowercased.
3595
3596         * html/HTMLMapElement.cpp:
3597         (WebCore::HTMLMapElement::imageElement): Use case folding instead of lowercasing
3598         for usemap.
3599         (WebCore::HTMLMapElement::parseAttribute): Ditto.
3600
3601         * platform/Language.cpp:
3602         (WebCore::canonicalLanguageIdentifier): Use convertToASCIILowercase for language code.
3603         (WebCore::indexOfBestMatchingLanguageInList): Ditto.
3604
3605         * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
3606         (WebCore::HarfBuzzShaper::shapeHarfBuzzRuns): Use new name for the upper function.
3607
3608         * platform/network/HTTPParsers.cpp:
3609         (WebCore::parseContentTypeOptionsHeader): Use equalLettersIgnoringASCIICase instead
3610         of lowercasing to check for a specific header value.
3611
3612         * platform/network/MIMEHeader.cpp:
3613         (WebCore::retrieveKeyValuePairs): Use convertToASCIILowercase for MIME header name.
3614         (WebCore::MIMEHeader::parseContentTransferEncoding): Use equalLettersIgnoringASCIICase
3615         instead of lowercasing.
3616
3617         * platform/network/cf/ResourceHandleCFNet.cpp:
3618         (WebCore::allowsAnyHTTPSCertificateHosts): Make this hash ASCII case-insensitive.
3619         (WebCore::clientCertificates): Ditto.
3620         (WebCore::ResourceHandle::createCFURLConnection): Remove call to lower since the
3621         set is now ASCII case-insensitive.
3622         (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Ditto.
3623         (WebCore::ResourceHandle::setClientCertificate): Ditto.
3624
3625         * platform/network/curl/CookieJarCurl.cpp:
3626         (WebCore::getNetscapeCookieFormat): Use equalLettersIgnoringASCIICase instead of
3627         lowercasing.
3628
3629         * platform/network/curl/MultipartHandle.cpp:
3630         (WebCore::MultipartHandle::didReceiveResponse): Use convertToASCIILowercase to
3631         make a MIME type lowercase.
3632
3633         * platform/network/curl/ResourceHandleCurl.cpp:
3634         (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Removed unneeded
3635         conversion to lowercase now that the set is ASCII case-insensitive.
3636         (WebCore::ResourceHandle::setClientCertificate): Removed code that populates a map
3637         that is then never used for anything.
3638
3639         * platform/network/curl/ResourceHandleManager.cpp:
3640         (WebCore::headerCallback): Use convertToASCIILowercase for MIME type.
3641
3642         * platform/network/curl/SSLHandle.cpp: Made hash maps keyed by host names
3643         ASCII case-insensitive.
3644         (WebCore::addAllowedClientCertificate): Removed lowercasing since the map itself
3645         is now ASCII case insensitve.
3646         (WebCore::setSSLClientCertificate): Ditto. Also use auto for iterator type so we
3647         don't have to write out the map type.
3648         (WebCore::sslIgnoreHTTPSCertificate): Ditto.
3649         (WebCore::certVerifyCallback): Ditto.
3650
3651         * platform/network/soup/ResourceHandleSoup.cpp: Made hash maps keyed by host names
3652         ASCII case-insensitive.
3653         (WebCore::allowsAnyHTTPSCertificateHosts): Ditto.
3654         (WebCore::handleUnignoredTLSErrors): Ditto.
3655         (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Ditto.
3656         (WebCore::ResourceHandle::setClientCertificate): Ditto.
3657
3658         * platform/text/LocaleToScriptMappingDefault.cpp: Made hash maps keyed by script
3659         names ASCII case-insensitive. USE WTF_ARRAY_LENGTH as appropriate.
3660         (WebCore::scriptNameToCode): Use modern style to initialize the map. Removed
3661         unnecessary lowercasing of the script name before looking at the map.
3662         (WebCore::localeToScriptCodeForFontSelection): Ditto.
3663
3664         * platform/text/win/LocaleWin.cpp:
3665         (WebCore::convertLocaleNameToLCID): Made map ASCII case-insensitive and removed
3666         unneeded lowercasing.
3667
3668         * platform/win/PasteboardWin.cpp:
3669         (WebCore::clipboardTypeFromMIMEType): Use equalLettersIgnoringASCIICase instead
3670         of lowercasing.
3671
3672         * rendering/RenderText.cpp:
3673         (WebCore::applyTextTransform): Use new names for the upper and lower functions.
3674
3675         * xml/XMLHttpRequest.cpp:
3676         (WebCore::XMLHttpRequest::responseIsXML): Remove unneeded lowercasing, since
3677         DOMImplementation now has ASCII case-insensitive handling of MIME types.
3678
3679 2016-02-06  Zalan Bujtas  <zalan@apple.com>
3680
3681         Outline should contribute to visual overflow.
3682         https://bugs.webkit.org/show_bug.cgi?id=153299
3683
3684         This patch eliminates the special outline handling (RenderView::setMaximalOutlineSize).
3685         Now that outline is part of visual overflow, we don't have to inflate the layers to accomodate
3686         outline borders.
3687         This patch fixes several focusring related repaint issues. However when both the outline: auto
3688         and the descendant renderer are composited, we still don't paint properly in certain cases. -not a regression.
3689         (Also when parent renderer has overflow: hidden repaint does not take outline into account. -regression.)
3690         It changes column behavior (see TestExpectations) since outline behaves now like any other visual overflow properties.
3691
3692         Reviewed by David Hyatt.
3693
3694         Test: fast/repaint/focus-ring-repaint.html
3695               fast/repaint/focus-ring-repaint-with-negative-offset.html
3696
3697         * css/html.css: resetting to old behavior.
3698         (:focus):
3699         (input:focus, textarea:focus, isindex:focus, keygen:focus, select:focus):
3700         * rendering/InlineFlowBox.cpp:
3701         (WebCore::InlineFlowBox::addToLine):
3702         (WebCore::InlineFlowBox::addOutlineVisualOverflow):
3703         (WebCore::InlineFlowBox::computeOverflow):
3704         (WebCore::InlineFlowBox::paint): Deleted.
3705         * rendering/InlineFlowBox.h:
3706         * rendering/RenderBlock.cpp:
3707         (WebCore::RenderBlock::computeOverflow):
3708         (WebCore::RenderBlock::outlineStyleForRepaint):
3709         (WebCore::RenderBlock::paint): Deleted.
3710         * rendering/RenderBlockFlow.cpp:
3711         (WebCore::RenderBlockFlow::layoutBlock): Deleted.
3712         (WebCore::RenderBlockFlow::addFocusRingRectsForInlineChildren): Deleted.
3713         * rendering/RenderBlockLineLayout.cpp:
3714         (WebCore::RenderBlockFlow::addOverflowFromInlineChildren):
3715         * rendering/RenderBox.cpp:
3716         (WebCore::RenderBox::addVisualEffectOverflow):
3717         (WebCore::RenderBox::applyVisualEffectOverflow):
3718         (WebCore::RenderBox::clippedOverflowRectForRepaint): Deleted.
3719         * rendering/RenderBoxModelObject.h:
3720         * rendering/RenderDetailsMarker.cpp:
3721         (WebCore::RenderDetailsMarker::paint): Deleted.
3722         * rendering/RenderElement.cpp:
3723         (WebCore::RenderElement::insertChildInternal):
3724         (WebCore::RenderElement::styleDidChange):
3725         (WebCore::RenderElement::repaintAfterLayoutIfNeeded):
3726         (WebCore::RenderElement::issueRepaintForOutlineAuto):
3727         (WebCore::RenderElement::updateOutlineAutoAncestor):
3728         (WebCore::RenderElement::computeMaxOutlineSize): Deleted.
3729         (WebCore::RenderElement::styleWillChange): Deleted.
3730         * rendering/RenderElement.h:
3731         (WebCore::RenderElement::hasContinuation):
3732         * rendering/RenderInline.cpp:
3733         (WebCore::RenderInline::paintOutlineForLine): Deleted.
3734         * rendering/RenderLayer.cpp:
3735         (WebCore::RenderLayer::calculateClipRects):
3736         * rendering/RenderLineBoxList.cpp:
3737         (WebCore::RenderLineBoxList::anyLineIntersectsRect):
3738         (WebCore::RenderLineBoxList::lineIntersectsDirtyRect):
3739         (WebCore::RenderLineBoxList::paint):
3740         (WebCore::isOutlinePhase): Deleted.
3741         * rendering/RenderLineBoxList.h:
3742         * rendering/RenderListBox.cpp:
3743         (WebCore::RenderListBox::computePreferredLogicalWidths):
3744         * rendering/RenderListMarker.cpp:
3745         (WebCore::RenderListMarker::paint): Deleted.
3746         * rendering/RenderObject.cpp:
3747         (WebCore::RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded): The renderer with outline: auto is responsible for
3748         painting focusring around the descendants. If we issued repaint only on the descendant when it changes,
3749         the focusring would not refresh properly. We have to find the ancestor with outline: auto, inflate the repaint rect and
3750         issue the repaint on the ancestor if we crossed repaint container.
3751  
3752         (WebCore::RenderObject::repaintUsingContainer):
3753         (WebCore::RenderObject::adjustRectForOutlineAndShadow):
3754         (WebCore::RenderObject::setHasOutlineAutoAncestor):
3755         (WebCore::RenderObject::adjustRectWithMaximumOutline): Deleted.
3756         
3757         * rendering/RenderObject.h: We mark the descendants of outline: auto so that
3758         when a child renderer changes we can propagate the repaint to the ancestor with outline.
3759
3760         (WebCore::RenderObject::hasOutlineAutoAncestor):
3761         (WebCore::RenderObject::RenderObjectRareData::RenderObjectRareData):
3762         * rendering/RenderRegion.cpp:
3763         (WebCore::RenderRegion::overflowRectForFlowThreadPortion):
3764         * rendering/RenderReplaced.cpp:
3765         (WebCore::RenderReplaced::shouldPaint): Deleted.
3766         (WebCore::RenderReplaced::clippedOverflowRectForRepaint): Deleted.
3767         * rendering/RenderTable.cpp:
3768         (WebCore::RenderTable::paint): Deleted.
3769         * rendering/RenderTableCell.cpp:
3770         (WebCore::RenderTableCell::clippedOverflowRectForRepaint): Deleted.
3771         (WebCore::RenderTableCell::paintCollapsedBorders): Deleted.
3772         * rendering/RenderTableRow.cpp:
3773         (WebCore::RenderTableRow::layout):
3774         (WebCore::RenderTableRow::clippedOverflowRectForRepaint): Deleted.
3775         * rendering/RenderTableSection.cpp:
3776         (WebCore::RenderTableSection::layoutRows):
3777         (WebCore::RenderTableSection::computeOverflowFromCells): Deleted.
3778         (WebCore::RenderTableSection::paintObject): Deleted.
3779         * rendering/RenderTheme.h:
3780         (WebCore::RenderTheme::platformFocusRingWidth):
3781         * rendering/RenderView.cpp:
3782         (WebCore::RenderView::setMaximalOutlineSize): Deleted.
3783         * rendering/RenderView.h:
3784         * rendering/style/RenderStyle.cpp:
3785         (WebCore::RenderStyle::changeAffectsVisualOverflow):
3786         (WebCore::RenderStyle::outlineWidth):
3787         * rendering/style/RenderStyle.h:
3788
3789 2016-02-06  Andreas Kling  <akling@apple.com>
3790
3791         [iOS] Throw away linked code when navigating to a new page.
3792         <https://webkit.org/b/153851>
3793
3794         Reviewed by Gavin Barraclough.
3795
3796         When navigating to a new page, tell JSC to throw out any linked code it has lying around.
3797         Linked code is tied to a specific global object, and as we're creating a new one for the
3798         new page, none of it is useful to us here.
3799
3800         In the event that the user navigates back, the cost of relinking some code will be far
3801         lower than the memory cost of keeping all of it around.
3802
3803         This landed previously but was rolled out due to a Speedometer regression. I've made one
3804         minor but important change here: only throw away code if we're navigating away from an
3805         existing history item. Or in other words, don't throw away code for "force peeks" or any
3806         other navigations that are not traditional top-level main frame navigations.
3807
3808         * bindings/js/GCController.cpp:
3809         (WebCore::GCController::deleteAllLinkedCode):
3810         * bindings/js/GCController.h:
3811         * loader/FrameLoader.cpp:
3812         (WebCore::FrameLoader::commitProvisionalLoad):
3813
3814 2016-02-06  Konstantin Tokarev  <annulen@yandex.ru>
3815
3816         Added implementations of AXObjectCache methods for !HAVE(ACCESSIBILITY).
3817         https://bugs.webkit.org/show_bug.cgi?id=153924
3818
3819         Reviewed by Andreas Kling.
3820
3821         No new tests needed.
3822
3823         * accessibility/AXObjectCache.h:
3824         (WebCore::AXObjectCache::ariaModalNode): Added stub implementation.
3825         (WebCore::AXObjectCache::postLiveRegionChangeNotification): Ditto.
3826         (WebCore::AXObjectCache::rangeForNodeContents): Ditto.
3827         (WebCore::AXObjectCache::setIsSynchronizingSelection): Ditto.
3828         (WebCore::AXObjectCache::setTextSelectionIntent): Ditto.
3829         (WebCore::AXAttributeCacheEnabler::AXAttributeCacheEnabler): Ditto.
3830         (WebCore::AXAttributeCacheEnabler::~AXAttributeCacheEnabler): Ditto.
3831
3832 2016-02-04  Antti Koivisto  <antti@apple.com>
3833
3834         Use scope stack instead of nested TreeResolvers for shadow trees
3835         https://bugs.webkit.org/show_bug.cgi?id=153893
3836
3837         Reviewed by Andreas Kling.
3838
3839         Make TreeResolver per-document. This is a step towards iterative style resolve.
3840
3841         This is done replacing use of nested TreeResolvers with a scope stack that maintains
3842         the style resolver and the selector filter for the current tree scope.
3843
3844         * style/StyleTreeResolver.cpp:
3845         (WebCore::Style::ensurePlaceholderStyle):
3846         (WebCore::Style::TreeResolver::Scope::Scope):
3847         (WebCore::Style::TreeResolver::TreeResolver):
3848         (WebCore::Style::shouldCreateRenderer):
3849         (WebCore::Style::TreeResolver::styleForElement):
3850         (WebCore::Style::TreeResolver::createRenderTreeForShadowRoot):
3851         (WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
3852         (WebCore::Style::TreeResolver::createRenderTreeRecursively):
3853         (WebCore::Style::TreeResolver::resolveLocally):
3854         (WebCore::Style::TreeResolver::resolveShadowTree):
3855         (WebCore::Style::TreeResolver::resolveBeforeOrAfterPseudoElement):
3856         (WebCore::Style::TreeResolver::resolveChildren):
3857         (WebCore::Style::TreeResolver::resolveSlotAssignees):
3858         (WebCore::Style::TreeResolver::resolveRecursively):
3859         (WebCore::Style::TreeResolver::resolve):
3860         (WebCore::Style::detachRenderTree):
3861         * style/StyleTreeResolver.h:
3862         (WebCore::Style::TreeResolver::scope):
3863         (WebCore::Style::TreeResolver::pushScope):
3864         (WebCore::Style::TreeResolver::pushEnclosingScope):
3865         (WebCore::Style::TreeResolver::popScope):
3866
3867 2016-02-06  Commit Queue  <commit-queue@webkit.org>
3868
3869         Unreviewed, rolling out r196104.
3870         https://bugs.webkit.org/show_bug.cgi?id=153940
3871
3872         Regressed Speedometer on iOS (Requested by kling on #webkit).
3873
3874         Reverted changeset:
3875
3876         "[iOS] Throw away linked code when navigating to a new page."
3877         https://bugs.webkit.org/show_bug.cgi?id=153851
3878         http://trac.webkit.org/changeset/196104
3879
3880 2016-02-05  Beth Dakin  <bdakin@apple.com>
3881
3882         ScrollbarPainters needs to be deallocated on the main thread
3883         https://bugs.webkit.org/show_bug.cgi?id=153932
3884         -and corresponding-
3885         rdar://problem/24015483
3886
3887         Reviewed by Geoff Garen.
3888
3889         Follow-up fix since the first one was still race-y.
3890         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
3891         (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
3892         (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):
3893
3894 2016-02-05  Beth Dakin  <bdakin@apple.com>
3895
3896         ScrollbarPainters needs to be deallocated on the main thread
3897         https://bugs.webkit.org/show_bug.cgi?id=153932
3898         -and corresponding-
3899         rdar://problem/24015483
3900
3901         Reviewed by Tim Horton.
3902
3903         Ensure the the destructor of ScrollingTreeFrameScrollingNodeMac and the 
3904         assignments done in this class are not responsible for deallocating the 
3905         ScrollbarPainter. 
3906         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
3907         (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
3908         (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):
3909
3910 2016-02-05  Chris Dumez  <cdumez@apple.com>
3911
3912         Instance property getters / setters cannot be called on another instance of the same type
3913         https://bugs.webkit.org/show_bug.cgi?id=153895
3914
3915         Reviewed by Gavin Barraclough.
3916
3917         It should be possible to call instance property getters / setters on
3918         other instances of the same type, as per the WEB IDL specification:
3919         - http://heycam.github.io/webidl/#dfn-attribute-getter
3920         - http://heycam.github.io/webidl/#dfn-attribute-setter
3921
3922         This matches the behavior of Firefox.
3923
3924         The issue without our bindings was that the getters / setters were
3925         using |slotBase| instead of |thisValue| and therefore ended up using
3926         the instance the getter was taken from instead of the actual target
3927         object.
3928
3929         Test:
3930         js/instance-property-getter-other-instance.html
3931         js/instance-property-setter-other-instance.html
3932
3933         * bindings/scripts/CodeGeneratorJS.pm:
3934         (GenerateImplementation):
3935         - Have instance getters / setters use thisValue instead of slotBase.
3936         - In the case of interfaces that have attributes on the instance for
3937           compatibility reasons, try the prototype object if |thisValue| does
3938           does have the right type, instead of using slotBase like previously.
3939           I believe this maintains the original compatibility intention while