Rolling out the previous to land again with a test.

[WebKit-https.git] / Source / WebCore / ChangeLog

2017-09-18  Antti Koivisto  <antti@apple.com>

        Rolling out the previous to land again with a test.

        * dom/Document.cpp:
        (WebCore::Document::setFocusedElement):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::didBlur):

2017-09-18  Antti Koivisto  <antti@apple.com>

        Avoid style resolution when clearing focused element.
        https://bugs.webkit.org/show_bug.cgi?id=176224
        <rdar://problem/34206409>

        Reviewed by Zalan Bujtas.

        Test: fast/dom/focus-style-resolution.html

        * dom/Document.cpp:
        (WebCore::Document::setFocusedElement):

            Don't do synchronous style resolution with FocusRemovalEventsMode::DoNotDispatch.
            Style resolution may dispatch events.

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::didBlur):

            Move resolveStyleIfNeeded call to setFocusedElement. It is the only client for didBlur.

2017-09-18  Per Arne Vollan  <pvollan@apple.com>

        [WK1] Layout Test fast/events/beforeunload-dom-manipulation-crash.html is crashing.
        https://bugs.webkit.org/show_bug.cgi?id=177071

        Reviewed by Brent Fulgham.

        The Page pointer in the history controller's frame is null. Add a null pointer check before
        accessing the page. 

        No new tests, covered by exiting tests.

        * loader/HistoryController.cpp:
        (WebCore::HistoryController::updateForStandardLoad):
        (WebCore::HistoryController::updateForRedirectWithLockedBackForwardList):
        (WebCore::HistoryController::updateForClientRedirect):

2017-09-17  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r221974): [Harfbuzz] Test fast/text/international/hebrew-selection.html is failing since r221974
        https://bugs.webkit.org/show_bug.cgi?id=177036

        Reviewed by Michael Catanzaro.

        In r221974 I rewrote the characterIndexForXPosition implementation without taking into account that there can be
        multiple glyphs for the same character, so we can't simply do index++ and index-- to get the next and previous
        character index.

        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::HarfBuzzRun::characterIndexForXPosition): Always get the character index from
        m_glyphToCharacterIndexes array.

2017-09-18  Jer Noble  <jer.noble@apple.com>

        Virtualize ImageDecoder
        https://bugs.webkit.org/show_bug.cgi?id=176118

        Reviewed by Eric Carlson.

        Add an explicit, abstract base class ImageDecoder, and convert ImageDecoderCG to a true
        subclass. This will allow multiple ImageDecoder subclasses to exist simultaneously at
        runtime.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/ImageDecoders.cmake:
        * platform/graphics/ImageDecoder.cpp: Added.
        (WebCore::ImageDecoder::create):
        (WebCore::ImageDecoder::bytesDecodedToDetermineProperties):
        * platform/graphics/ImageDecoder.h: Added.
        (WebCore::ImageDecoder::isSizeAvailable):
        (WebCore::ImageDecoder::isAllDataReceived const):
        * platform/graphics/cg/ImageDecoderCG.cpp:
        (WebCore::ImageDecoderCG::ImageDecoderCG):
        (WebCore::ImageDecoderCG::bytesDecodedToDetermineProperties):
        (WebCore::ImageDecoderCG::uti const):
        (WebCore::ImageDecoderCG::filenameExtension const):
        (WebCore::ImageDecoderCG::encodedDataStatus const):
        (WebCore::ImageDecoderCG::frameCount const):
        (WebCore::ImageDecoderCG::repetitionCount const):
        (WebCore::ImageDecoderCG::hotSpot const):
        (WebCore::ImageDecoderCG::frameSizeAtIndex const):
        (WebCore::ImageDecoderCG::frameIsCompleteAtIndex const):
        (WebCore::ImageDecoderCG::frameOrientationAtIndex const):
        (WebCore::ImageDecoderCG::frameDurationAtIndex const):
        (WebCore::ImageDecoderCG::frameAllowSubsamplingAtIndex const):
        (WebCore::ImageDecoderCG::frameHasAlphaAtIndex const):
        (WebCore::ImageDecoderCG::frameBytesAtIndex const):
        (WebCore::ImageDecoderCG::createFrameImageAtIndex const):
        (WebCore::ImageDecoderCG::setData):
        (WebCore::ImageDecoder::ImageDecoder): Deleted.
        (WebCore::ImageDecoder::bytesDecodedToDetermineProperties): Deleted.
        (WebCore::ImageDecoder::uti const): Deleted.
        (WebCore::ImageDecoder::filenameExtension const): Deleted.
        (WebCore::ImageDecoder::encodedDataStatus const): Deleted.
        (WebCore::ImageDecoder::frameCount const): Deleted.
        (WebCore::ImageDecoder::repetitionCount const): Deleted.
        (WebCore::ImageDecoder::hotSpot const): Deleted.
        (WebCore::ImageDecoder::frameSizeAtIndex const): Deleted.
        (WebCore::ImageDecoder::frameIsCompleteAtIndex const): Deleted.
        (WebCore::ImageDecoder::frameOrientationAtIndex const): Deleted.
        (WebCore::ImageDecoder::frameDurationAtIndex const): Deleted.
        (WebCore::ImageDecoder::frameAllowSubsamplingAtIndex const): Deleted.
        (WebCore::ImageDecoder::frameHasAlphaAtIndex const): Deleted.
        (WebCore::ImageDecoder::frameBytesAtIndex const): Deleted.
        (WebCore::ImageDecoder::createFrameImageAtIndex const): Deleted.
        (WebCore::ImageDecoder::setData): Deleted.
        * platform/graphics/cg/ImageDecoderCG.h:
        (WebCore::ImageDecoderCG::create):
        (WebCore::ImageDecoder::create): Deleted.
        (WebCore::ImageDecoder::isSizeAvailable): Deleted.
        (WebCore::ImageDecoder::isAllDataReceived const): Deleted.
        (WebCore::ImageDecoder::clearFrameBufferCache): Deleted.
        * platform/graphics/win/ImageDecoderDirect2D.cpp:
        (WebCore::ImageDecoderDirect2D::ImageDecoderDirect2D):
        (WebCore::ImageDecoderDirect2D::systemImagingFactory):
        (WebCore::ImageDecoderDirect2D::bytesDecodedToDetermineProperties):
        (WebCore::ImageDecoderDirect2D::filenameExtension const):
        (WebCore::ImageDecoderDirect2D::isSizeAvailable const):
        (WebCore::ImageDecoderDirect2D::encodedDataStatus const):
        (WebCore::ImageDecoderDirect2D::size const):
        (WebCore::ImageDecoderDirect2D::frameCount const):
        (WebCore::ImageDecoderDirect2D::repetitionCount const):
        (WebCore::ImageDecoderDirect2D::hotSpot const):
        (WebCore::ImageDecoderDirect2D::frameSizeAtIndex const):
        (WebCore::ImageDecoderDirect2D::frameIsCompleteAtIndex const):
        (WebCore::ImageDecoderDirect2D::frameOrientationAtIndex const):
        (WebCore::ImageDecoderDirect2D::frameDurationAtIndex const):
        (WebCore::ImageDecoderDirect2D::frameAllowSubsamplingAtIndex const):
        (WebCore::ImageDecoderDirect2D::frameHasAlphaAtIndex const):
        (WebCore::ImageDecoderDirect2D::frameBytesAtIndex const):
        (WebCore::ImageDecoderDirect2D::setTargetContext):
        (WebCore::ImageDecoderDirect2D::createFrameImageAtIndex const):
        (WebCore::ImageDecoderDirect2D::setData):
        * platform/graphics/win/ImageDecoderDirect2D.h:
        (WebCore::ImageDecoderDirect2D::create):
        (WebCore::ImageDecoder::create): Deleted.
        (WebCore::ImageDecoder::isAllDataReceived const): Deleted.
        (WebCore::ImageDecoder::clearFrameBufferCache): Deleted.
        * platform/image-decoders/ScalableImageDecoder.cpp: Renamed from Source/WebCore/platform/image-decoders/ImageDecoder.cpp.
        (WebCore::ScalableImageDecoder::create):
        (WebCore::ScalableImageDecoder::frameIsCompleteAtIndex const):
        (WebCore::ScalableImageDecoder::frameHasAlphaAtIndex const):
        (WebCore::ScalableImageDecoder::frameBytesAtIndex const):
        (WebCore::ScalableImageDecoder::frameDurationAtIndex const):
        (WebCore::ScalableImageDecoder::createFrameImageAtIndex):
        (WebCore::ScalableImageDecoder::prepareScaleDataIfNecessary):
        (WebCore::ScalableImageDecoder::upperBoundScaledX):
        (WebCore::ScalableImageDecoder::lowerBoundScaledX):
        (WebCore::ScalableImageDecoder::upperBoundScaledY):
        (WebCore::ScalableImageDecoder::lowerBoundScaledY):
        (WebCore::ScalableImageDecoder::scaledY):
        * platform/image-decoders/ScalableImageDecoder.h: Renamed from Source/WebCore/platform/image-decoders/ImageDecoder.h.
        (WebCore::ScalableImageDecoder::ScalableImageDecoder):
        (WebCore::ScalableImageDecoder::~ScalableImageDecoder):
        (WebCore::ScalableImageDecoder::premultiplyAlpha const):
        (WebCore::ScalableImageDecoder::isAllDataReceived const):
        (WebCore::ScalableImageDecoder::size const):
        (WebCore::ScalableImageDecoder::scaledSize):
        (WebCore::ScalableImageDecoder::setSize):
        (WebCore::ScalableImageDecoder::setIgnoreGammaAndColorProfile):
        (WebCore::ScalableImageDecoder::ignoresGammaAndColorProfile const):
        (WebCore::ScalableImageDecoder::rgbColorProfile):
        (WebCore::ScalableImageDecoder::subsamplingLevelForScale):
        (WebCore::ScalableImageDecoder::inputDeviceColorProfile):
        (WebCore::ScalableImageDecoder::setFailed):
        (WebCore::ScalableImageDecoder::failed const):
        * platform/image-decoders/bmp/BMPImageDecoder.cpp:
        (WebCore::BMPImageDecoder::BMPImageDecoder):
        (WebCore::BMPImageDecoder::setData):
        (WebCore::BMPImageDecoder::setFailed):
        * platform/image-decoders/bmp/BMPImageDecoder.h:
        * platform/image-decoders/bmp/BMPImageReader.h:
        * platform/image-decoders/gif/GIFImageDecoder.cpp:
        (WebCore::GIFImageDecoder::GIFImageDecoder):
        (WebCore::GIFImageDecoder::setData):
        (WebCore::GIFImageDecoder::setSize):
        (WebCore::GIFImageDecoder::setFailed):
        * platform/image-decoders/gif/GIFImageDecoder.h:
        * platform/image-decoders/ico/ICOImageDecoder.cpp:
        (WebCore::ICOImageDecoder::ICOImageDecoder):
        (WebCore::ICOImageDecoder::setData):
        (WebCore::ICOImageDecoder::size):
        (WebCore::ICOImageDecoder::setSize):
        (WebCore::ICOImageDecoder::setFailed):
        * platform/image-decoders/ico/ICOImageDecoder.h:
        * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
        (WebCore::JPEGImageDecoder::JPEGImageDecoder):
        (WebCore::JPEGImageDecoder::setSize):
        (WebCore::JPEGImageDecoder::setFailed):
        * platform/image-decoders/jpeg/JPEGImageDecoder.h:
        * platform/image-decoders/png/PNGImageDecoder.cpp:
        (WebCore::PNGImageReader::decode):
        (WebCore::PNGImageDecoder::PNGImageDecoder):
        (WebCore::PNGImageDecoder::setSize):
        (WebCore::PNGImageDecoder::frameBufferAtIndex):
        (WebCore::PNGImageDecoder::setFailed):
        * platform/image-decoders/png/PNGImageDecoder.h:
        * platform/image-decoders/webp/WEBPImageDecoder.cpp:
        (WebCore::WEBPImageDecoder::WEBPImageDecoder):
        (WebCore::WEBPImageDecoder::decode):
        * platform/image-decoders/webp/WEBPImageDecoder.h:

2017-09-18  Andy Estes  <aestes@apple.com>

        [Mac] Upstream miscellaneous WebKitSystemInterface functions
        https://bugs.webkit.org/show_bug.cgi?id=177029

        Reviewed by Alex Christensen.

        * Configurations/WebCore.xcconfig: Used -force_load of libPAL instead of -ObjC. This forces
        the linker to load both Objective-C and C PAL symbols in WebCore. This change is needed for
        PAL::popUpMenu(), which is used by WebKit and WebKitLegacy but not WebCore.
        * platform/cocoa/LocalizedStringsCocoa.mm:
        (WebCore::contextMenuItemTagSearchWeb):
        * platform/cocoa/ScrollController.mm:
        (WebCore::elasticDeltaForTimeDelta):
        (WebCore::elasticDeltaForReboundDelta):
        (WebCore::reboundDeltaForElasticDelta):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::createTransformAnimationsFromKeyframes):
        * platform/mac/CursorMac.mm:
        (WebCore::WKCoreCursor_coreCursorType):
        (WebCore::createCoreCursorClass):
        (WebCore::coreCursorClass):
        (WebCore::cursor):
        (WebCore::Cursor::ensurePlatformCursor const):
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintTextArea):

2017-09-18  Yoshiaki Jitsukawa  <Yoshiaki.Jitsukawa@sony.com>

        [Win][PAL] Move WebCoreHeaderDetection.h to PAL
        https://bugs.webkit.org/show_bug.cgi?id=176990

        Reviewed by Alex Christensen.

        * PlatformWin.cmake:
        Stop generating WebCoreHeaderDetection.h in WebCore.

        * config.h:
        * platform/graphics/ca/win/PlatformCALayerWin.cpp:
        * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp:
        Include PALHeaderDetection.h instead of WebCoreHeaderDetection.h

2017-09-18  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Create classes dedicated to handle SSL related tasks
        and separate verifier and certificate management.
        https://bugs.webkit.org/show_bug.cgi?id=176910

        Reviewed by Alex Christensen.

        * platform/Curl.cmake:
        * platform/network/curl/CurlContext.cpp:
        (WebCore::CurlContext::CurlContext):
        (WebCore::CurlHandle::setCACertPath):
        (WebCore::certificatePath): Deleted.
        (WebCore::CurlHandle::enableCAInfoIfExists): Deleted.
        (WebCore::CurlHandle::setSslErrors): Deleted.
        (WebCore::CurlHandle::getSslErrors): Deleted.
        * platform/network/curl/CurlContext.h:
        (WebCore::CurlContext::sslHandle):
        (WebCore::CurlContext::getCertificatePath const): Deleted.
        (WebCore::CurlContext::shouldIgnoreSSLErrors const): Deleted.
        * platform/network/curl/CurlDownload.cpp:
        (WebCore::CurlDownload::setupRequest):
        * platform/network/curl/CurlSSLHandle.cpp: Added.
        (WebCore::CurlSSLHandle::CurlSSLHandle):
        (WebCore::CurlSSLHandle::getCACertPathEnv):
        (WebCore::CurlSSLHandle::setHostAllowsAnyHTTPSCertificate):
        (WebCore::CurlSSLHandle::isAllowedHTTPSCertificateHost):
        (WebCore::CurlSSLHandle::canIgnoredHTTPSCertificate):
        (WebCore::CurlSSLHandle::setClientCertificateInfo):
        (WebCore::CurlSSLHandle::getSSLClientCertificate):
        * platform/network/curl/CurlSSLHandle.h: Renamed from Source/WebCore/platform/network/curl/SSLHandle.h.
        (WebCore::CurlSSLHandle::shouldIgnoreSSLErrors const):
        (WebCore::CurlSSLHandle::getCACertPath const):
        * platform/network/curl/CurlSSLVerifier.cpp: Renamed from Source/WebCore/platform/network/curl/SSLHandle.cpp.
        (WebCore::CurlSSLVerifier::setSslCtx):
        (WebCore::CurlSSLVerifier::certVerifyCallback):
        (WebCore::CurlSSLVerifier::getPemDataFromCtx):
        (WebCore::CurlSSLVerifier::convertToSSLCertificateFlags):
        * platform/network/curl/CurlSSLVerifier.h: Added.
        (WebCore::CurlSSLVerifier::setCurlHandle):
        (WebCore::CurlSSLVerifier::setHostName):
        (WebCore::CurlSSLVerifier::sslErrors):
        * platform/network/curl/ResourceHandleCurl.cpp:
        (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate):
        (WebCore::ResourceHandle::setClientCertificateInfo):
        * platform/network/curl/ResourceHandleCurlDelegate.cpp:
        (WebCore::ResourceHandleCurlDelegate::ResourceHandleCurlDelegate):
        (WebCore::ResourceHandleCurlDelegate::setupRequest):
        (WebCore::ResourceHandleCurlDelegate::notifyFail):
        (WebCore::ResourceHandleCurlDelegate::willSetupSslCtx):
        (WebCore::ResourceHandleCurlDelegate::willSetupSslCtxCallback):
        * platform/network/curl/ResourceHandleCurlDelegate.h:

2017-09-17  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r221974): [Harfbuzz] Test fast/text/international/hebrew-selection.html is failing since r221974
        https://bugs.webkit.org/show_bug.cgi?id=177036

        Reviewed by Michael Catanzaro.

        In r221974 I rewrote the characterIndexForXPosition implementation without taking into account that there can be
        multiple glyphs for the same character, so we can't simply do index++ and index-- to get the next and previous
        character index.

        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::HarfBuzzRun::characterIndexForXPosition): Always get the character index from
        m_glyphToCharacterIndexes array.

2017-09-17  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Harfbuzz] Test fast/text/complex-text-selection.html is failing since r222090
        https://bugs.webkit.org/show_bug.cgi?id=177035

        Reviewed by Michael Catanzaro.

        The problem was not actually introduced in r222090, but revelaed by that change. The bug was added in r222086,
        when adding the support for shaping a range of characters. We are not correctly filtering the characters in case
        of rtl in some cases.

        Fixes: fast/text/complex-text-selection.html

        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::fillGlyphBufferFromHarfBuzzRun): When checking if the current character is inside
        the given range, continue or break the loop depending on whether text is rtl or not.

2017-09-16  Michael Catanzaro  <mcatanzaro@igalia.com>

        [GTK] Build failure with enchant-2.1.1
        https://bugs.webkit.org/show_bug.cgi?id=176877

        Unreviewed build fix for enchant 2.1.1.

        enchant_dict_free_suggestions() has been deprecated since at least 2005. Use its
        replacement, enchant_dict_free_string_list(), instead. That's also been around since at
        least 2005.

        * platform/text/enchant/TextCheckerEnchant.cpp:
        (WebCore::TextCheckerEnchant::getGuessesForWord):

2017-09-16  Antti Koivisto  <antti@apple.com>

        Computing animated style should not require renderers
        https://bugs.webkit.org/show_bug.cgi?id=171926
        <rdar://problem/34428035>

        Reviewed by Sam Weinig.

        CSS animation system is now element rather than renderer based. This allows cleaning up
        style resolution and render tree update code.

        This also fixes bug animation doesn't run if display property is animated from one rendered type
        to another. Added a test case for this.

        Test: transitions/transition-display-property-2.html

        * page/animation/CSSAnimationController.cpp:
        (WebCore::CSSAnimationController::updateAnimations):

            Pass in the old style instead of getting it from the renderer.
            Factor to return the animated style as a return value.

        * page/animation/CSSAnimationController.h:
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::RenderElement):
        (WebCore::RenderElement::willBeDestroyed):

            Animation are now canceled by RenderTreeUpdater::tearDownRenderers.

        * rendering/RenderElement.h:
        (WebCore::RenderElement::hasInitialAnimatedStyle const): Deleted.
        (WebCore::RenderElement::setHasInitialAnimatedStyle): Deleted.

            We no longer need to this concept.

        * style/RenderTreeUpdater.cpp:
        (WebCore::RenderTreeUpdater::updateElementRenderer):
        (WebCore::RenderTreeUpdater::createRenderer):

            We now get correct animated style from style resolution in all cases so we don't need to compute
            it separately for new renderers.

        (WebCore::RenderTreeUpdater::tearDownRenderers):

            Cancel animations when render tree is fully torn down. Keep them when updating style.

        * style/RenderTreeUpdater.h:
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::TreeResolver::createAnimatedElementUpdate):

            We can now compute animated style without renderer. Special cases dealing with rendererless case
            can be removed.

2017-09-15  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Harbuzz] Test fast/text/international/harfbuzz-runs-with-no-glyph.html is crashing
        https://bugs.webkit.org/show_bug.cgi?id=177005

        Reviewed by Michael Catanzaro.

        Fixes: fast/text/international/harfbuzz-runs-with-no-glyph.html

        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::HarfBuzzRun::xPositionForOffset): Return early if there aren't glyphs.

2017-09-15  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Avoid calling String::format() in PlatformCAFilters::setFiltersOnLayer()
        https://bugs.webkit.org/show_bug.cgi?id=177028

        Reviewed by Tim Horton.

        String::format() is a bigger hammer for what we need to do in this function.

        * platform/graphics/ca/cocoa/PlatformCAFiltersCocoa.mm:

2017-09-15  Ryosuke Niwa  <rniwa@webkit.org>

        iOS: Use blob URL instead of a WebKit fake URL when pasting an image
        https://bugs.webkit.org/show_bug.cgi?id=176986
        <rdar://problem/34455052>

        Reviewed by Wenson Hsieh.

        Fixed the bug that pasting an image on iOS resulted in an img element with src attribute
        set to a WebKit fake URL so that the Web content could never save it.

        Like r208451 on Mac, use a Blob URL instead.

        This patch also removes createFragmentForImageResourceAndAddResource since it's no longer used.

        Tests: LayoutTests/editing/pasteboard/paste-image-as-blob-url.html

        * editing/cocoa/WebContentReaderCocoa.mm:
        (WebCore::WebContentReader::readImage): Moved the code here from WebContentReaderMac.mm.
        * editing/ios/WebContentReaderIOS.mm:
        (WebCore::WebContentReader::readImage): Deleted. This is the code 
        * editing/mac/WebContentReaderMac.mm:
        (WebCore::WebContentReader::readImage): Moved to WebContentReaderCocoa.mm. Note that
        typeAsFilenameWithExtension was dead code after r208451
        * editing/markup.cpp:
        (WebCore::createFragmentForImageResourceAndAddResource): Deleted.
        * editing/markup.h:

2017-09-15  Wenson Hsieh  <wenson_hsieh@apple.com>

        Avoid style recomputation when forwarding a focus event to an text field's input type
        https://bugs.webkit.org/show_bug.cgi?id=176160
        <rdar://problem/34184820>

        Reviewed by Ryosuke Niwa.

        Currently, TextFieldInputType::forwardEvent synchronously triggers style recomputation, for the purpose of
        scrolling to the origin upon handling a blur event, and also for updating caps lock state after a blur or focus.
        In synchronously triggering style recomputation, we may end up running arbitrary JavaScript, which may change
        the HTMLInputElement's type and cause the current TextFieldInputType to be destroyed.

        To mitigate this, we only update caps lock state when forwarding a focus or blur event to the InputType, and
        instead scroll blurred text fields to the origin later, in HTMLInputElement::didBlur (invoked from
        Document::setFocusedElement after blur and focusout events have fired). Instead of having the InputType update
        style, lift the call to Document::updateStyleIfNeeded up into HTMLInputElement so that we gracefully handle the
        case where the page destroys and sets a new InputType within the scope of this style update.

        Test: fast/forms/change-input-type-in-focus-handler.html

        * dom/Document.cpp:
        (WebCore::Document::setFocusedElement):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::didBlur):
        * html/HTMLInputElement.h:
        * html/InputType.h:
        (WebCore::InputType::elementDidBlur):
        * html/TextFieldInputType.cpp:
        (WebCore::TextFieldInputType::forwardEvent):
        (WebCore::TextFieldInputType::elementDidBlur):
        * html/TextFieldInputType.h:

2017-09-15  JF Bastien  <jfbastien@apple.com>

        WTF: use Forward.h when appropriate instead of Vector.h
        https://bugs.webkit.org/show_bug.cgi?id=176984

        Reviewed by Saam Barati.

        There's no need to include Vector.h when Forward.h will suffice. All we need is to move the template default parameters from Vector, and then the forward declaration can be used in so many new places: if a header only takes Vector by reference, rvalue reference, pointer, returns any of these, or has them as members then the header doesn't need to see the definition because the declaration will suffice.

        * Modules/entriesapi/FileSystemEntriesCallback.h:
        * Modules/indexeddb/IDBEventDispatcher.h:
        * Modules/indexeddb/IDBFactory.h:
        * Modules/indexeddb/client/IDBConnectionProxy.h:
        * Modules/indexeddb/server/IDBConnectionToClientDelegate.h:
        * Modules/webdatabase/DatabaseTask.h:
        * Modules/websockets/WebSocketChannelClient.h:
        * contentextensions/CombinedURLFilters.h:
        * crypto/SerializedCryptoKeyWrap.h:
        * css/InspectorCSSOMWrappers.h:
        * css/PageRuleCollector.h:
        * css/parser/CSSParserTokenRange.h:
        * dom/DocumentTouch.h:
        * dom/MutationCallback.h:
        * editing/EditingStyle.h:
        * editing/SpellChecker.h:
        * editing/markup.h:
        * fileapi/ThreadableBlobRegistry.h:
        * html/FileListCreator.h:
        * inspector/WebHeapAgent.h:
        * loader/ContentFilter.cpp:
        (WebCore::ContentFilter::ContentFilter):
        * loader/ContentFilter.h:
        * loader/CookieJar.h:
        * loader/FrameLoaderClient.h:
        * loader/LoaderStrategy.h:
        * loader/SubframeLoader.h:
        * page/ChromeClient.h:
        * page/FrameSnapshotting.h:
        * page/IntersectionObserverCallback.h:
        * page/PageSerializer.h:
        * page/UserContentURLPattern.h:
        * page/scrolling/AxisScrollSnapOffsets.h:
        * page/win/FrameWin.h:
        * platform/CookiesStrategy.h:
        * platform/KeyedCoding.h:
        * platform/PasteboardStrategy.h:
        * platform/SSLKeyGenerator.h:
        * platform/ScrollableArea.h:
        * platform/encryptedmedia/CDMFactory.h:
        * platform/gamepad/EmptyGamepadProvider.cpp:
        * platform/gamepad/GamepadProvider.h:
        * platform/gamepad/GamepadProviderClient.h:
        * platform/gamepad/PlatformGamepad.h:
        * platform/graphics/GeometryUtilities.cpp:
        * platform/graphics/GeometryUtilities.h:
        * platform/graphics/Icon.h:
        * platform/graphics/LayoutRect.h:
        * platform/graphics/Path.h:
        * platform/graphics/WOFFFileFormat.h:
        * platform/graphics/avfoundation/MediaSampleAVFObjC.h:
        * platform/graphics/avfoundation/objc/AVAssetTrackUtilities.h:
        * platform/graphics/ca/PlatformCAAnimation.h:
        * platform/graphics/ca/win/PlatformCALayerWinInternal.h:
        * platform/graphics/opentype/OpenTypeMathData.h:
        * platform/image-encoders/JPEGImageEncoder.h:
        * platform/image-encoders/PNGImageEncoder.h:
        * platform/network/BlobRegistry.h:
        * platform/network/HTTPParsers.h:
        * platform/network/PlatformCookieJar.h:
        * platform/network/cf/DownloadBundle.h:
        * platform/network/curl/CurlCacheEntry.h:
        * platform/network/curl/DownloadBundle.h:
        * platform/text/LineEnding.h:
        * platform/text/QuotedPrintable.cpp:
        * platform/text/QuotedPrintable.h:
        * rendering/FlexibleBoxAlgorithm.h:
        * rendering/style/QuotesData.h:
        * rendering/svg/SVGSubpathData.h:
        * storage/StorageEventDispatcher.h:
        * style/StyleInvalidator.h:
        * style/StyleRelations.h:
        * svg/SVGAltGlyphDefElement.h:
        * svg/SVGAltGlyphItemElement.h:

2017-09-15  Youenn Fablet  <youenn@apple.com>

        ASSERTION FAILED: writtenAudioDuration >= readAudioDuration in com.apple.WebCore:WebCore::RealtimeOutgoingAudioSource::isReachingBufferedAudioDataHighLimit() + 222
        https://bugs.webkit.org/show_bug.cgi?id=175164
        <rdar://problem/33712305>

        Reviewed by Eric Carlson.

        No observable change of behavior.

        * platform/mediastream/mac/RealtimeOutgoingAudioSource.cpp:
        (WebCore::RealtimeOutgoingAudioSource::hasBufferedEngouhData):
        (WebCore::RealtimeOutgoingAudioSource::audioSamplesAvailable): Calling pullData only if there is at least 0.01 seconds of available data.
        * platform/mediastream/mac/RealtimeOutgoingAudioSource.h:

2017-09-15  Youenn Fablet  <youenn@apple.com>

        Move code using Vector::map to WTF:map
        https://bugs.webkit.org/show_bug.cgi?id=176860

        Reviewed by Jer Noble.

        No change of behavior.

        * loader/FormSubmission.cpp:
        (WebCore::FormSubmission::create): Moving to WTF::map.
        * page/Settings.cpp:
        (WebCore::Settings::setMediaContentTypesRequiringHardwareSupport): Using iterator split to not create a temporary vector.
        * platform/ContentType.cpp:
        (WebCore::ContentType::ContentType):
        (WebCore::splitParameters):
        (WebCore::ContentType::codecs const): Ditto.
        (WebCore::ContentType::profiles const): Ditto.
        (WebCore::stripHTMLWhiteSpace): Deleted.
        * platform/ContentType.h:
        (WebCore::ContentType::create): Deleted.
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::load): Minor count churning change.

2017-09-15  Youenn Fablet  <youenn@apple.com>

        MediaPlayerPrivateMediaStreamAVFObjC::requestNotificationWhenReadyForVideoData should enqueue data if still useful
        https://bugs.webkit.org/show_bug.cgi?id=177016

        Reviewed by Jer Noble.

        No change of behavior.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::requestNotificationWhenReadyForVideoData): exciting early in block to prevent enqueueing.

2017-09-15  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r222040.

        The LayoutTest added with this change is a flaky image failure
        on mac-wk1 debug bots.

        Reverted changeset:

        "Computing animated style should not require renderers"
        https://bugs.webkit.org/show_bug.cgi?id=171926
        http://trac.webkit.org/changeset/222040

2017-09-15  Tim Horton  <timothy_horton@apple.com>

        Fix the macOS CMake build
        https://bugs.webkit.org/show_bug.cgi?id=177015

        Reviewed by Andy Estes.

        * CMakeLists.txt:
        Add Payment Request files.

        * PlatformMac.cmake:
        Add the CoreServices umbrella framework to the framework search path.
        Add service workers directories to the forwarding headers path.
        Add Modules/cache directory to the forwarding headers path.

        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::resolveLengthAttributeForSVG): Deleted unused function.

2017-09-15  John Wilander  <wilander@apple.com>

        Storage Access API: Deny access to nested iframes
        https://bugs.webkit.org/show_bug.cgi?id=176939
        <rdar://problem/34439609>

        Reviewed by Brent Fulgham.

        Test: http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe.html

        * dom/Document.cpp:
        (WebCore::Document::requestStorageAccess):

2017-09-15  Antti Koivisto  <antti@apple.com>

        AnimationBase should ref the element
        https://bugs.webkit.org/show_bug.cgi?id=176993

        Reviewed by Simon Fraser.

        We now longer have renderer pointer. Element can be reffed for safety.

        This doesn't create reference cycle as the element pointer is cleared when render tree is
        torn down. This happens at the latest when the element is removed from the tree.

        * page/animation/AnimationBase.cpp:
        (WebCore::AnimationBase::~AnimationBase):
        (WebCore::AnimationBase::clear):
        * page/animation/AnimationBase.h:
        (WebCore::AnimationBase::~AnimationBase): Deleted.
        (WebCore::AnimationBase::clear): Deleted.
        * page/animation/ImplicitAnimation.cpp:
        (WebCore::ImplicitAnimation::pauseAnimation):
        (WebCore::ImplicitAnimation::sendTransitionEvent):
        (WebCore::ImplicitAnimation::reset):
        * page/animation/KeyframeAnimation.cpp:
        (WebCore::KeyframeAnimation::pauseAnimation):
        (WebCore::KeyframeAnimation::endAnimation):
        (WebCore::KeyframeAnimation::sendAnimationEvent):
        (WebCore::KeyframeAnimation::resolveKeyframeStyles):

2017-09-15  Brent Fulgham  <bfulgham@apple.com>

        Make DocumentLoader a FrameDestructionObserver
        https://bugs.webkit.org/show_bug.cgi?id=176364
        <rdar://problem/34254780>

        Reviewed by Alex Christensen.

        The DocumentLoader needs to know when its Frame is destroyed so that it can
        perform properly cleanup.

        Test: fast/events/beforeunload-dom-manipulation-crash.html

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::DocumentLoader): Call FrameDestructionObserver constructor.
        (WebCore::DocumentLoader::responseReceived): Drive-by fix. Make sure the current
        object is valid during the callback.
        (WebCore::DocumentLoader::attachToFrame): Use FrameDestructionObserver::observerFrame rather
        than setting the m_frame variable directly.
        (WebCore::DocumentLoader::detachFromFrame): Ditto.
        * loader/DocumentLoader.h:
        (WebCore::DocumentLoader::frame const): Deleted, as this is provided by the FrameDestructionObserver.

2017-09-15  Ms2ger  <Ms2ger@igalia.com>

        Update some WebGL2 return types to match the specification.
        https://bugs.webkit.org/show_bug.cgi?id=176996

        Reviewed by Alex Christensen.

        This should not change the behavior in any way, but it makes it simpler
        to compare our IDL with the specification's.

        No new tests because there is no behavior change.

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::getUniformIndices):
        * html/canvas/WebGL2RenderingContext.h:
        * html/canvas/WebGL2RenderingContext.idl:

2017-09-15  Antti Koivisto  <antti@apple.com>

        Remove FilterOperation::blendingNeedsRendererSize()
        https://bugs.webkit.org/show_bug.cgi?id=176994

        Reviewed by Simon Fraser.

        It is not used.

        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::blendFunc):
        * platform/graphics/filters/FilterOperation.h:
        (WebCore::FilterOperation::blend):
        (WebCore::FilterOperation::shouldBeRestrictedBySecurityOrigin const):
        (WebCore::FilterOperation::blendingNeedsRendererSize const): Deleted.

2017-09-15  Youenn Fablet  <youenn@apple.com>

        Add an URL method to remove both query string and fragment identifier
        https://bugs.webkit.org/show_bug.cgi?id=176911

        Reviewed by Alex Christensen.

        Covered by existing tests and new API tests.

        * Modules/cache/DOMCache.cpp:
        (WebCore::DOMCache::retrieveRecords): Using new helper method.
        * platform/URL.cpp:
        (WebCore::URL::removeQueryAndFragmentIdentifier):
        * platform/URL.h:

2017-09-15  Andy Estes  <aestes@apple.com>

        [Cocoa] Upstream MediaRemote and VideoToolbox WebKitSystemInterface functions
        https://bugs.webkit.org/show_bug.cgi?id=176953

        Reviewed by Eric Carlson.

        * platform/cocoa/VideoToolboxSoftLink.cpp:
        * platform/cocoa/VideoToolboxSoftLink.h:
        * platform/graphics/avfoundation/CDMPrivateMediaSourceAVFObjC.mm:
        (WebCore::queryDecoderAvailability):
        (WebCore::CDMPrivateMediaSourceAVFObjC::supportsKeySystem):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::wirelessPlaybackTargetType const):
        (WebCore::exernalDeviceDisplayNameForPlayer):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::wirelessPlaybackTargetName const):
        * platform/ios/WebCoreSystemInterfaceIOS.mm:
        * platform/mac/MediaRemoteSoftLink.cpp:
        * platform/mac/MediaRemoteSoftLink.h:
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:

2017-09-15  Eric Carlson  <eric.carlson@apple.com>

        Switch text tracks to release logging
        https://bugs.webkit.org/show_bug.cgi?id=176809
        <rdar://problem/34397605>

        Reviewed by Jer Noble.

        Make all track objects use the same logger and log identifier as the media element they
        "belong" to. Convert all track logging from debug-only to release logging.

        * WebCore.xcodeproj/project.pbxproj:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::updateActiveTextTrackCues):
        * html/HTMLMediaElement.h:
        * html/track/AudioTrack.cpp:
        (WebCore::AudioTrack::AudioTrack):
        (WebCore::AudioTrack::setPrivate):
        (WebCore::AudioTrack::setMediaElement):
        * html/track/AudioTrack.h:
        * html/track/DataCue.cpp:
        (WebCore::DataCue::toString const):
        * html/track/DataCue.h:
        (PAL::LogArgument<WebCore::DataCue>::toString):
        * html/track/InbandDataTextTrack.cpp:
        (WebCore::InbandDataTextTrack::addDataCue):
        (WebCore::InbandDataTextTrack::updateDataCue):
        (WebCore::InbandDataTextTrack::removeDataCue):
        * html/track/InbandDataTextTrack.h:
        * html/track/InbandGenericTextTrack.cpp:
        (WebCore::InbandGenericTextTrack::addGenericCue):
        (WebCore::InbandGenericTextTrack::removeGenericCue):
        (WebCore::InbandGenericTextTrack::newCuesParsed):
        (WebCore::InbandGenericTextTrack::fileFailedToParse):
        * html/track/InbandGenericTextTrack.h:
        * html/track/InbandTextTrack.cpp:
        (WebCore::InbandTextTrack::InbandTextTrack):
        (WebCore::InbandTextTrack::setMediaElement):
        * html/track/InbandTextTrack.h:
        * html/track/InbandWebVTTTextTrack.cpp:
        (WebCore::InbandWebVTTTextTrack::newCuesParsed):
        (WebCore::InbandWebVTTTextTrack::fileFailedToParse):
        * html/track/InbandWebVTTTextTrack.h:
        * html/track/LoadableTextTrack.cpp:
        (WebCore::LoadableTextTrack::newCuesAvailable):
        (WebCore::LoadableTextTrack::cueLoadingCompleted):
        * html/track/LoadableTextTrack.h:
        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::addCue):
        (WebCore::TextTrack::removeCue):
        (WebCore::TextTrack::setLanguage):
        * html/track/TextTrack.h:
        * html/track/TextTrackCue.cpp:
        (WebCore::TextTrackCue::toString const):
        * html/track/TextTrackCue.h:
        (PAL::LogArgument<WebCore::TextTrackCue>::toString):
        * html/track/TextTrackCueGeneric.cpp:
        (WebCore::TextTrackCueGeneric::setFontSize):
        (WebCore::TextTrackCueGeneric::toString const):
        * html/track/TextTrackCueGeneric.h:
        (PAL::LogArgument<WebCore::TextTrackCueGeneric>::toString):
        * html/track/TrackBase.cpp:
        (WebCore::nextLogIdentifier):
        (WebCore::nullLogger):
        (WebCore::TrackBase::TrackBase):
        (WebCore::TrackBase::setMediaElement):
        (WebCore::TrackBase::logChannel const):
        (WebCore::TrackBase::~TrackBase): Deleted.
        * html/track/TrackBase.h:
        (WebCore::TrackBase::setMediaElement): Deleted.
        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::setFontSize):
        (WebCore::VTTCue::toString const):
        * html/track/VTTCue.h:
        (PAL::LogArgument<WebCore::VTTCue>::toString):
        * html/track/VideoTrack.cpp:
        (WebCore::VideoTrack::VideoTrack):
        (WebCore::VideoTrack::setPrivate):
        (WebCore::VideoTrack::setMediaElement):
        * html/track/VideoTrack.h:
        * platform/graphics/AudioTrackPrivate.h:
        * platform/graphics/InbandTextTrackPrivate.h:
        (WebCore::InbandTextTrackPrivate::setClient):
        * platform/graphics/InbandTextTrackPrivateClient.h:
        (WebCore::GenericCueData::toString const):
        (PAL::LogArgument<WebCore::GenericCueData>::toString):
        * platform/graphics/TrackPrivateBase.cpp: Added.
        (WebCore::TrackPrivateBase::setLogger):
        (WebCore::TrackPrivateBase::logChannel const):
        * platform/graphics/TrackPrivateBase.h:
        * platform/graphics/VideoTrackPrivate.h:
        * platform/graphics/avfoundation/AVTrackPrivateAVFObjCImpl.mm:
        * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.cpp:
        (WebCore::InbandMetadataTextTrackPrivateAVF::updatePendingCueEndTimes):
        (WebCore::InbandMetadataTextTrackPrivateAVF::flushPartialCues):
        * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.h:
        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
        (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings):
        (WebCore::InbandTextTrackPrivateAVF::removeCompletedCues):
        (WebCore::InbandTextTrackPrivateAVF::resetCueValues):
        (WebCore::InbandTextTrackPrivateAVF::processNativeSamples):
        (WebCore::InbandTextTrackPrivateAVF::readNativeSampleBuffer):
        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.h:
        * platform/graphics/avfoundation/objc/AudioTrackPrivateAVFObjC.mm:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]):
        * platform/mediastream/mac/AudioTrackPrivateMediaStreamCocoa.cpp:
        (WebCore::AudioTrackPrivateMediaStreamCocoa::createAudioUnit):
        * platform/mediastream/mac/AudioTrackPrivateMediaStreamCocoa.h:

2017-09-15  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Harfbuzz] Material icons not rendered correctly when using the web font
        https://bugs.webkit.org/show_bug.cgi?id=176995

        Reviewed by Michael Catanzaro.

        Only a few of them are correctly rendered and some others are wrong. We only render correctly the ones that
        don't have an underscore in their name (or that start with a number like 3d_rotation). In the cases where the
        name before the underscore is also an icon, we render that icon instead, that's why some of them are wrong. This
        is happening because the underscore is causing the HarfbuffShaper to split the text in 3 runs, one for the word
        before the underscore, another one for the underscore and another for the word after the underscore. So, we
        end up trying to shape the 3 runs independently and we fail when the icon doesn't exist, or when it exists but
        it's not the one we are looking for. The cause of this is that the underscore has a different script (Common)
        than the rest of characters (Latin) which is a condition in HarfbuffShaper to create a different run. The
        unicode spec says that characters with Common script should be handled differently, but we are just ignoring
        it. The spec proposes to use an heuristic based on simply inheriting the script of the previous character, which
        should work in most of the cases. We could take a more conservative approach and do that only if both characters
        are ASCII. We should also consider handling other cases mentioned by the spec like brackets and quotation marks,
        but that belongs to a different bug/commit.

        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::scriptsAreCompatibleForCharacters): Helper function to check if the current and previous scripts are
        compatible,
        (WebCore::HarfBuzzShaper::collectHarfBuzzRuns): Use scriptsAreCompatibleForCharacters() to decided whether to
        finish the current run or not. In case of Common script, inherit also the script from the previous character.

2017-09-15  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Harfbuzz] Fix incorrect font rendering when selecting texts in pages which specifies text-rendering: optimizeLegibility
        https://bugs.webkit.org/show_bug.cgi?id=148220

        Reviewed by Michael Catanzaro.

        Add support for shaping a range of characters and return the advance to the first glyph in the range.

        Covered by existing tests.

        * platform/graphics/cairo/FontCairoHarfbuzzNG.cpp:
        (WebCore::FontCascade::getGlyphsAndAdvancesForComplexText const): Pass "from" and "to" parameters to
        HarfBuzzShaper::shape and return the x position of the selection rect.
        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::shape): Forward "from" and "to" parameters to fillGlyphBuffer().
        (WebCore::HarfBuzzShaper::fillGlyphBufferFromHarfBuzzRun): Only add glyphs for the given character range.
        (WebCore::HarfBuzzShaper::fillGlyphBuffer): Only consider runs in the given character range.
        * platform/graphics/harfbuzz/HarfBuzzShaper.h:

2017-09-15  Zan Dobersek  <zdobersek@igalia.com>

        [EME] ClearKey: list 'persistent-license' sessions as supported
        https://bugs.webkit.org/show_bug.cgi?id=176985

        Reviewed by Xabier Rodriguez-Calvar.

        The ClearKey implementation should support the 'persistent-license'
        session type for testing purposes. Methods in the CDMPrivateClearKey
        class have been updated to handle that session type as supported:
        - supportsSessionTypeWithConfiguration() returns true for the
          'persistent-license' session type values,
        - supportsConfiguration() allows persistent state as required in
          case of the configured session type being 'persistent-license',
        - supportsConfigurationWithRestrictions() as well allows persistent
        state as required for 'persistent-license' session types.

        No new tests -- affected tests have their baselines updated.

        * platform/encryptedmedia/clearkey/CDMClearKey.cpp:
        (WebCore::CDMPrivateClearKey::supportsConfiguration const):
        (WebCore::CDMPrivateClearKey::supportsConfigurationWithRestrictions const):
        (WebCore::CDMPrivateClearKey::supportsSessionTypeWithConfiguration const):

2017-09-15  Ms2ger  <Ms2ger@igalia.com>

        Disallow passing a null program to getFragDataLocation.
        https://bugs.webkit.org/show_bug.cgi?id=176895

        Reviewed by Sam Weinig.

        This matches the specification as well as Gecko and Chromium.

        Test: fast/canvas/webgl/webgl2/bindings.html

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::getFragDataLocation):
        * html/canvas/WebGL2RenderingContext.h:
        * html/canvas/WebGL2RenderingContext.idl:

2017-09-14  Carlos Garcia Campos  <cgarcia@igalia.com>

        [FreeType] Complex text is enabled too often after r221909
        https://bugs.webkit.org/show_bug.cgi?id=176907

        Reviewed by Sergio Villar Senin.

        In r221909 we enabled complex text by default following the same cocoa ifdefs, but I forgot another ifdef in the
        cpp file.

        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::codePath const):

2017-09-14  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r221932 and r221933.
        https://bugs.webkit.org/show_bug.cgi?id=176969

        This change did not fix the webgl test flakiness. (Requested
        by ryanhaddad on #webkit).

        Reverted changesets:

        "[WebGL] accelerated texImage2D for video doesn't respect
        flipY"
        https://bugs.webkit.org/show_bug.cgi?id=176491
        http://trac.webkit.org/changeset/221932

        "[WebGL] VideoTextureCopierCV doesn't correctly restore vertex
        attribute state"
        https://bugs.webkit.org/show_bug.cgi?id=176771
        http://trac.webkit.org/changeset/221933

2017-09-14  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Replace the implementation with NetworkLoadMetrics
        https://bugs.webkit.org/show_bug.cgi?id=176906

        Reviewed by Alex Christensen.

        * platform/network/curl/CurlContext.cpp:
        (WebCore::CurlHandle::getEffectiveURL):
        (WebCore::CurlHandle::getPrimaryPort):
        (WebCore::CurlHandle::getResponseCode):
        (WebCore::CurlHandle::getContentLenghtDownload):
        (WebCore::CurlHandle::getHttpAuthAvail):
        (WebCore::CurlHandle::getTimes):
        (WebCore::CurlHandle::getEffectiveURL const): Deleted.
        * platform/network/curl/CurlContext.h:
        * platform/network/curl/CurlDownload.cpp:
        (WebCore::CurlDownload::didReceiveHeader):
        * platform/network/curl/ResourceHandleCurlDelegate.cpp:
        (WebCore::ResourceHandleCurlDelegate::dispatchSynchronousJob):
        (WebCore::ResourceHandleCurlDelegate::notifyFinish):
        (WebCore::ResourceHandleCurlDelegate::getProtectionSpace):
        (WebCore::ResourceHandleCurlDelegate::didReceiveAllHeaders):
        (WebCore::ResourceHandleCurlDelegate::handleLocalReceiveResponse):
        (WebCore::ResourceHandleCurlDelegate::didFinish):
        (WebCore::ResourceHandleCurlDelegate::getNetworkLoadMetrics):
        (WebCore::ResourceHandleCurlDelegate::didReceiveHeader):
        (WebCore::ResourceHandleCurlDelegate::didReceiveData):
        (WebCore::ResourceHandleCurlDelegate::setWebTimings): Deleted.
        * platform/network/curl/ResourceHandleCurlDelegate.h:
        * platform/network/curl/ResourceResponse.h:
        (WebCore::ResourceResponse::setDeprecatedNetworkLoadMetrics):

2017-09-14  Daniel Bates  <dabates@apple.com>

        [Mac] Spelling, grammar and correction dots are painted upside down
        https://bugs.webkit.org/show_bug.cgi?id=176949
        <rdar://problem/34441098>

        Reviewed by Simon Fraser.

        Painting occurs in a vertically flipped context. Vertically flip the context ("unflip" it)
        before painting the document markers on macOS so that they are painted right-side. This makes
        the appearance of spelling, grammar and correction dots in WebKit match the AppKit appearance
        of these dots.

        * platform/graphics/cocoa/GraphicsContextCocoa.mm:
        (WebCore::GraphicsContext::drawLineForDocumentMarker): Flip the context as described above.
        Also make use of RAII object CGContextStateSaver instead of manually saving and restoring
        the state of the context.

2017-09-14  Joseph Pecoraro  <pecoraro@apple.com>

        Unreviewed rollout r222036.
        
        The LayoutTests added with this change is flaky.

        Reverted changeset
        Web Inspector: Timeline should show when events preventDefault() was called on an event or not
        https://bugs.webkit.org/show_bug.cgi?id=176824
        http://trac.webkit.org/changeset/222036

2017-09-14  Ryosuke Niwa  <rniwa@webkit.org>

        WebContentReader::readWebArchive doesn't need to handle image MIME type
        https://bugs.webkit.org/show_bug.cgi?id=176884

        Reviewed by Sam Weinig.

        Remove the code to handle image MIME types in the web archive on macOS since we have a separate code path
        to handle images in the pasteboard directly. As far as I can tell, this code is never used in practice.

        This allows merging iOS and macOS code to read web archive from the pasteboard. Also merged member functions
        for handling RTFD and RTF in iOS and macOS in WebContentReaderCocoa.mm.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * editing/WebContentReader.cpp: Added.
        (WebCore::WebContentReader::addFragment): Moved from WebContentReaderIOS.mm and simplified since appendChild
        knows how to add a DocumentFragment.
        * editing/WebContentReader.h:
        * editing/cocoa/WebContentReaderCocoa.mm:
        (WebCore::createFragmentAndAddResources):
        (WebCore::WebContentReader::readWebArchive): Merged iOS / macOS code here.
        (WebCore::WebContentReader::readRTFD): Ditto.
        (WebCore::WebContentReader::readRTF): Ditto.
        (WebCore::WebContentReader::readPlainText): Ditto.
        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::pasteWithPasteboard):
        * editing/ios/WebContentReaderIOS.mm:
        (WebCore::WebContentReader::readImage):
        (WebCore::WebContentReader::readURL):
        (WebCore::WebContentReader::readWebArchive): Moved to WebContentReaderCocoa.mm.
        (WebCore::WebContentReader::readRTFD): Ditto.
        (WebCore::WebContentReader::readRTF): Ditto.
        (WebCore::WebContentReader::readPlainText): Ditto.
        * editing/mac/WebContentReaderMac.mm:
        (WebCore::WebContentReader::readWebArchive): Ditto.
        (WebCore::WebContentReader::readRTFD): Ditto.
        (WebCore::WebContentReader::readRTF): Ditto.

2017-09-14  Devin Rousso  <webkit@devinrousso.com>

        Web Inspector: make recording swizzle async
        https://bugs.webkit.org/show_bug.cgi?id=176936

        Reviewed by Joseph Pecoraro.

        * inspector/InspectorCanvas.cpp:
        (WebCore::InspectorCanvas::buildArrayForCanvasPattern):
        (WebCore::InspectorCanvas::buildAction):
        For objects that are not able to be stringified (e.g. elements), send a deduplicated string
        with the name of the object as a placeholder value (e.g. "Element").

2017-09-14  Andy Estes  <aestes@apple.com>

        [Mac] Upstream SpeechSynthesis-related WebKitSystemInterface functions
        https://bugs.webkit.org/show_bug.cgi?id=176931

        Reviewed by Joseph Pecoraro.

        * platform/mac/PlatformSpeechSynthesizerMac.mm:
        (WebCore::speechSynthesisGetVoiceIdentifiers):
        (WebCore::speechSynthesisGetDefaultVoiceIdentifierForLocale):
        (WebCore::PlatformSpeechSynthesizer::initializeVoiceList):
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:

2017-09-14  Youenn Fablet  <youenn@apple.com>

        RTCDataChannel connectivity issues in Safari 11
        https://bugs.webkit.org/show_bug.cgi?id=173052
        <rdar://problem/32712143>

        Reviewed by Alex Christensen.

        Covered by updated test.

        Before the patch, when sending an ArrayBufferView, RTCDataChannel was sending the whole ArrayBuffer backing the ArrayBufferView.
        With this patch, RTCDataChannel will now send only the bytes the ArrayBufferView is exposing.

        * Modules/mediastream/RTCDataChannel.cpp:
        (WebCore::RTCDataChannel::send): Correctly handling sending of ArrayBufferView.
        (WebCore::RTCDataChannel::sendRawData): Helper routine for raw data sending.
        * Modules/mediastream/RTCDataChannel.h:

2017-09-14  Antti Koivisto  <antti@apple.com>

        Computing animated style should not require renderers
        https://bugs.webkit.org/show_bug.cgi?id=171926
        <rdar://problem/34428035>

        Reviewed by Sam Weinig.

        CSS animation system is now element rather than renderer based. This allows cleaning up
        style resolution and render tree update code.

        This also fixes bug animation doesn't run if display property is animated from one rendered type
        to another. Added a test case for this.

        Test: transitions/transition-display-property-2.html

        * page/animation/CSSAnimationController.cpp:
        (WebCore::CSSAnimationController::updateAnimations):

            Pass in the old style instead of getting it from the renderer.
            Factor to return the animated style as a return value.

        * page/animation/CSSAnimationController.h:
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::RenderElement):
        (WebCore::RenderElement::willBeDestroyed):

            Animation are now canceled by RenderTreeUpdater::tearDownRenderers.

        * rendering/RenderElement.h:
        (WebCore::RenderElement::hasInitialAnimatedStyle const): Deleted.
        (WebCore::RenderElement::setHasInitialAnimatedStyle): Deleted.

            We no longer need to this concept.

        * style/RenderTreeUpdater.cpp:
        (WebCore::RenderTreeUpdater::updateElementRenderer):
        (WebCore::RenderTreeUpdater::createRenderer):

            We now get correct animated style from style resolution in all cases so we don't need to compute
            it separately for new renderers.

        (WebCore::RenderTreeUpdater::tearDownRenderers):

            Cancel animations when render tree is fully torn down. Keep them when updating style.

        * style/RenderTreeUpdater.h:
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::TreeResolver::createAnimatedElementUpdate):

            We can now compute animated style without renderer. Special cases dealing with rendererless case
            can be removed.

2017-09-14  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Timeline should show when events preventDefault() was called on an event or not
        https://bugs.webkit.org/show_bug.cgi?id=176824
        <rdar://problem/34290931>

        Reviewed by Devin Rousso.

        Test: inspector/timeline/timeline-event-EventDispatch.html

        * dom/EventTarget.cpp:
        (WebCore::EventTarget::fireEventListeners):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::dispatchEvent):
        Include defaultPrevented when notifying inspector.

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didDispatchEventImpl):
        (WebCore::InspectorInstrumentation::didDispatchEventOnWindowImpl):
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didDispatchEvent):
        (WebCore::InspectorInstrumentation::didDispatchEventOnWindow):
        Pass defaultPrevented on to agent.

        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::didDispatchEvent):
        (WebCore::InspectorTimelineAgent::didLayout):
        (WebCore::InspectorTimelineAgent::didPaint):
        * inspector/InspectorTimelineAgent.h:
        * inspector/TimelineRecordFactory.cpp:
        (WebCore::TimelineRecordFactory::appendLayoutRoot):
        (WebCore::TimelineRecordFactory::appendDidDispatchEventData):
        * inspector/TimelineRecordFactory.h:
        Append a boolean defaultPrevented property on the EventDispatch timeline record's data.

2017-09-14  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r222015.

        The LayoutTests added with this change are flaky.

        Reverted changeset:

        "Web Inspector: Timeline should show when events
        preventDefault() was called on an event or not"
        https://bugs.webkit.org/show_bug.cgi?id=176824
        http://trac.webkit.org/changeset/222015

2017-09-14  Ms2ger  <Ms2ger@igalia.com>

        Allow passing sequences to various WebGL2 methods.
        https://bugs.webkit.org/show_bug.cgi?id=176892

        Reviewed by Sam Weinig.

        This matches the specification as well as Gecko and Chromium.

        Test: fast/canvas/webgl/webgl2/sequences.html

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::uniform1uiv):
        (WebCore::WebGL2RenderingContext::uniform2uiv):
        (WebCore::WebGL2RenderingContext::uniform3uiv):
        (WebCore::WebGL2RenderingContext::uniform4uiv):
        (WebCore::WebGL2RenderingContext::uniformMatrix2x3fv):
        (WebCore::WebGL2RenderingContext::uniformMatrix3x2fv):
        (WebCore::WebGL2RenderingContext::uniformMatrix2x4fv):
        (WebCore::WebGL2RenderingContext::uniformMatrix4x2fv):
        (WebCore::WebGL2RenderingContext::uniformMatrix3x4fv):
        (WebCore::WebGL2RenderingContext::uniformMatrix4x3fv):
        (WebCore::WebGL2RenderingContext::vertexAttribI4iv):
        (WebCore::WebGL2RenderingContext::vertexAttribI4uiv):
        (WebCore::WebGL2RenderingContext::clearBufferiv):
        (WebCore::WebGL2RenderingContext::clearBufferuiv):
        (WebCore::WebGL2RenderingContext::clearBufferfv):
        * html/canvas/WebGL2RenderingContext.h:
        * html/canvas/WebGL2RenderingContext.idl:

2017-09-14  Sam Weinig  <sam@webkit.org>

        [Cleanup] Cleanup uses of the FileList class
        https://bugs.webkit.org/show_bug.cgi?id=176800

        Reviewed by Alex Christensen.

        * fileapi/FileList.cpp:
        * fileapi/FileList.h:

            Store list of files as Refs, rather than RefPtrs.
            Add direct accessor to the underlying Vector for faster iteration.
            Add file(unsigned) function to allow direct indexing, rather than using
            the DOM exposed item function which always does a length check.

        * Modules/entriesapi/HTMLInputElementEntriesAPI.cpp:
        
            Remove unused RuntimeEnabledFeatures.h #include.
            Use modern for loop and the new direct file vector access. 
        
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::dumpIfTerminal):
        (WebCore::CloneSerializer::write):
        (WebCore::CloneDeserializer::readFile):
        (WebCore::CloneDeserializer::readTerminal):
        
            Remove unnecessary #includes, adopt auto, and use modern for-loop
            for FileList.
        
        * dom/DataTransfer.cpp:
        (WebCore::DataTransfer::files const):
        (WebCore::DataTransfer::hasFileOfType):
        
            Use auto.
        
        (WebCore::DataTransfer::createForInputEvent):
        
            Use initializer list for the typeToStringMap.
        
        * dom/DataTransferItemList.cpp:
        (WebCore::DataTransferItemList::ensureItems const):
        
            Use auto and modern for-loop for FileList.
        
        * html/FileInputType.cpp:
        (WebCore::FileInputType::filesFromFormControlState):
        (WebCore::FileInputType::saveFormControlState const):
        (WebCore::FileInputType::appendFormData const):
        (WebCore::FileInputType::handleDOMActivateEvent):
        (WebCore::FileInputType::getTypeSpecificValue):
        (WebCore::FileInputType::disabledAttributeChanged):
        (WebCore::FileInputType::multipleAttributeChanged):
        (WebCore::FileInputType::setFiles):
        (WebCore::FileInputType::receiveDroppedFiles):
        (WebCore::FileInputType::defaultToolTip const):

            Adopt auto, brace-initialization, and modern for-loops.

        * html/FileListCreator.cpp:
        (WebCore::appendDirectoryFiles):
        (WebCore::FileListCreator::createFileList):
        
            Update to work in terms of Vector<Ref<File>>.

        * html/FormController.h:
        (WebCore::FormControlState::FormControlState):
        
            Re-format existing constructors and add one that takes an r-value
            Vector<String> to allow construction from a pre-created list (used 
            in FileInputType::saveFormControlState)
        
        * platform/DragData.h:
        * platform/gtk/DragDataGtk.cpp:
        (WebCore::DragData::asFilenames const):
        * platform/mac/DragDataMac.mm:
        (WebCore::DragData::asFilenames const):
        * platform/win/DragDataWin.cpp:
        (WebCore::DragData::asFilenames const):
        
            Convert asFilenames to return, rather than take, a Vector<String>.

2017-09-14  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Harfbuzz] Wrong offset returned by HarfBuzzShaper::offsetForPosition() when target point is at the middle of a character
        https://bugs.webkit.org/show_bug.cgi?id=176897

        Reviewed by Michael Catanzaro.

        We should include the character when the point is greater than the center of the character.

        Fixes: fast/multicol/hit-test-end-of-column-with-line-height.html
               fast/multicol/newmulticol/compare-with-old-impl/hit-test-end-of-column-with-line-height.html

        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::HarfBuzzRun::characterIndexForXPosition):

2017-09-14  Yusuke Suzuki  <utatane.tea@gmail.com>

        [JSC] Add PrivateSymbolMode::{Include,Exclude} for PropertyNameArray
        https://bugs.webkit.org/show_bug.cgi?id=176867

        Reviewed by Sam Weinig.

        * bindings/js/JSDOMConvertRecord.h:
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::serialize):
        * bridge/NP_jsobject.cpp:
        (_NPN_Enumerate):

2017-09-14  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Timeline should show when events preventDefault() was called on an event or not
        https://bugs.webkit.org/show_bug.cgi?id=176824
        <rdar://problem/34290931>

        Reviewed by Devin Rousso.

        Tests: inspector/timeline/timeline-event-CancelAnimationFrame.html
               inspector/timeline/timeline-event-EventDispatch.html
               inspector/timeline/timeline-event-FireAnimationFrame.html
               inspector/timeline/timeline-event-RequestAnimationFrame.html
               inspector/timeline/timeline-event-TimerFire.html
               inspector/timeline/timeline-event-TimerInstall.html
               inspector/timeline/timeline-event-TimerRemove.html

        * dom/EventTarget.cpp:
        (WebCore::EventTarget::fireEventListeners):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::dispatchEvent):
        Include defaultPrevented when notifying inspector.

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didDispatchEventImpl):
        (WebCore::InspectorInstrumentation::didDispatchEventOnWindowImpl):
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didDispatchEvent):
        (WebCore::InspectorInstrumentation::didDispatchEventOnWindow):
        Pass defaultPrevented on to agent.

        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::didDispatchEvent):
        (WebCore::InspectorTimelineAgent::didLayout):
        (WebCore::InspectorTimelineAgent::didPaint):
        * inspector/InspectorTimelineAgent.h:
        * inspector/TimelineRecordFactory.cpp:
        (WebCore::TimelineRecordFactory::appendLayoutRoot):
        (WebCore::TimelineRecordFactory::appendDidDispatchEventData):
        * inspector/TimelineRecordFactory.h:
        Append a boolean defaultPrevented property on the EventDispatch timeline record's data.

2017-09-14  Maureen Daum  <mdaum@apple.com>

        Introduce the option to mark an HTML element as having AutoFill available.
        https://bugs.webkit.org/show_bug.cgi?id=176710

        Reviewed by Alex Christensen.

        Introduce the option to mark an HTML element as having AutoFill available. Accessibility
        can use this property when deciding whether to announce that the focused field offers
        AutoFill.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::isValueAutofillAvailable const):
        Check if the field is explicitly marked as having AutoFill available.
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::HTMLInputElement):
        * html/HTMLInputElement.h:
        (WebCore::HTMLInputElement::isAutoFillAvailable const):
        (WebCore::HTMLInputElement::setAutoFillAvailable):

2017-09-13  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Move response related features into ResourceResponse
        https://bugs.webkit.org/show_bug.cgi?id=174654

        Reviewed by Alex Christensen.

        * platform/Curl.cmake:
        * platform/network/curl/ResourceHandleCurlDelegate.cpp:
        (WebCore::ResourceHandleCurlDelegate::didReceiveAllHeaders):
        (WebCore::ResourceHandleCurlDelegate::didReceiveHeader):
        (WebCore::isHttpRedirect): Deleted.
        (WebCore::isHttpAuthentication): Deleted.
        (WebCore::isHttpNotModified): Deleted.
        (WebCore::isAppendableHeader): Deleted.
        (WebCore::ResourceHandleCurlDelegate::didReceiveHeaderLine): Deleted.
        * platform/network/curl/ResourceHandleCurlDelegate.h:
        * platform/network/curl/ResourceResponse.h:
        (WebCore::ResourceResponse::platformSuggestedFilename const): Deleted.
        * platform/network/curl/ResourceResponseCurl.cpp: Added.
        (WebCore::ResourceResponse::isAppendableHeader):
        (WebCore::ResourceResponse::appendHTTPHeaderField):
        (WebCore::ResourceResponse::setStatusLine):
        (WebCore::ResourceResponse::platformSuggestedFilename const):
        (WebCore::ResourceResponse::isRedirection const):
        (WebCore::ResourceResponse::isNotModified const):
        (WebCore::ResourceResponse::isUnauthorized const):

2017-09-13  Zalan Bujtas  <zalan@apple.com>

        Switch multicolumn's spanner map from raw over to weak pointers.
        https://bugs.webkit.org/show_bug.cgi?id=176367
        <rdar://problem/34254896>

        Reviewed by Antti Koivisto.

        Test: fast/multicol/spanner-crash-when-adding-summary.html

        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::evacuateAndDestroy):
        (WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted):
        (WebCore::RenderMultiColumnFlowThread::handleSpannerRemoval):
        * rendering/RenderMultiColumnFlowThread.h:
        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::firstRendererInFlowThread const):
        (WebCore::RenderMultiColumnSet::lastRendererInFlowThread const):
        * rendering/RenderMultiColumnSpannerPlaceholder.cpp:
        (WebCore::RenderMultiColumnSpannerPlaceholder::RenderMultiColumnSpannerPlaceholder):
        * rendering/RenderMultiColumnSpannerPlaceholder.h:

2017-09-13  John Wilander  <wilander@apple.com>

        Introduce Storage Access API (document parts) as an experimental feature
        https://bugs.webkit.org/show_bug.cgi?id=175759
        <rdar://problem/34414107>

        Reviewed by Alex Christensen.

        Storage Access API is an experimental feature which allows cross-origin,
        sandboxed iframes to request access to their first-party storage (as
        opposed to partitioned storage). This might be restricted to cookies or
        might cover all stateful mechanisms.

        It introduces the following three developer-facing things:
        - A new readonly attribute, document.hasStorageAccess.
        - A new function, document.requestStorageAccess().
        - A new iframe sandbox token, allow-storage-access-by-user-activation.

        Tests: http/tests/storageAccess/request-and-deny-storage-access-cross-origin-iframe.html
               http/tests/storageAccess/request-and-deny-storage-access-cross-origin-sandboxed-iframe.html
               http/tests/storageAccess/request-and-grant-storage-access-cross-origin-iframe.html
               http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe.html
               http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-with-unique-origin.html
               http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-allow-token.html
               http/tests/storageAccess/request-storage-access-same-origin-iframe.html
               http/tests/storageAccess/request-storage-access-same-origin-sandboxed-iframe-without-allow-token.html
               http/tests/storageAccess/request-storage-access-same-origin-sandboxed-iframe.html
               http/tests/storageAccess/request-storage-access-top-frame.html

        * dom/Document.cpp:
        (WebCore::Document::requestStorageAccess):
        * dom/Document.h:
        (WebCore::Document::hasStorageAccess const):
        (WebCore::Document::setUserGrantsStorageAccessOverride):
            See comments on WebCore::Internals below.
        * dom/Document.idl:
        * dom/SecurityContext.cpp:
        (WebCore::SecurityContext::isSupportedSandboxPolicy):
        (WebCore::SecurityContext::parseSandboxPolicy):
            Support for allow-storage-access-by-user-activation.
        * dom/SecurityContext.h:
        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::registerStorageAccess):
            Newly granted storage access is reported to 
            WebCore::ResourceLoadObserver.
        * loader/ResourceLoadObserver.h:
        * loader/ResourceLoadStatistics.cpp:
        (WebCore::encodeHashSet):
        (WebCore::ResourceLoadStatistics::encode const):
        (WebCore::decodeHashSet):
        (WebCore::ResourceLoadStatistics::decode):
        (WebCore::appendHashSet):
        (WebCore::ResourceLoadStatistics::toString const):
        (WebCore::mergeHashSet):
        (WebCore::ResourceLoadStatistics::merge):
            Storage of the new type of data.
        * loader/ResourceLoadStatistics.h:
        * page/Settings.in:
        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState):
        (WebCore::Internals::setUserGrantsStorageAccess):
        * testing/Internals.h:
        * testing/Internals.idl:
            Added setUserGrantsStorageAccess(). It is used to
            override the eventSender's keyboard input which
            always results in a cancel action on the confirm()
            dialog.

2017-09-13  Wenson Hsieh  <wenson_hsieh@apple.com>

        Submitting a form can cause HTMLFormElement's associated elements vector to be mutated during iteration
        https://bugs.webkit.org/show_bug.cgi?id=176368
        <rdar://problem/34254998>

        Reviewed by Ryosuke Niwa.

        In the process of iterating over form.associatedElements() during form submission in FormSubmission::create, the
        page may cause us to clobber the vector of FormAssociatedElements* we're currently iterating over by inserting
        new form controls beneath the form element we're in the process of submitting. This happens because
        FormSubmission::create calls HTMLTextAreaElement::appendFormData, which requires layout to be up to date, which
        in turn makes us updateLayout() and set focus, which fires a `change` event, upon which the page's JavaScript
        inserts additonal DOM nodes into the form, modifying the vector of associated elements.

        To mitigate this, instead of iterating over HTMLFormElement::associatedElements(), which returns a reference to
        the HTMLFormElement's actual m_associatedElements vector, we iterate over a new vector of
        Ref<FormAssociatedElement>s created from m_associatedElements.

        This patch also removes an event dispatch assertion added in r212026. This assertion was added to catch any
        other events dispatched in this scope, since dispatching events there would have had security implications, but
        after making iteration over associated elements robust, this NoEventDispatchAssertion is no longer useful.

        Test: fast/forms/append-children-during-form-submission.html

        * loader/FormSubmission.cpp:
        (WebCore::FormSubmission::create):

2017-09-13  Devin Rousso  <webkit@devinrousso.com>

        Web Inspector: Event Listeners section does not update when listeners are added/removed
        https://bugs.webkit.org/show_bug.cgi?id=170570
        <rdar://problem/31501645>

        Reviewed by Joseph Pecoraro.

        Test: inspector/dom/event-listener-add-remove.html

        * dom/EventTarget.cpp:
        (WebCore::EventTarget::setAttributeEventListener):
        Fire willRemoveEventListener/didAddEventListener events when an attribute event listener is
        replaced by another event listener.

        * inspector/InspectorDOMAgent.h:
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::didAddEventListener):
        (WebCore::InspectorDOMAgent::willRemoveEventListener):
        Dispatch an event to the inspector frontend whenever an event listener is added/removed.

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didAddEventListenerImpl):
        (WebCore::InspectorInstrumentation::willRemoveEventListenerImpl):
        Tie into existing instrumentation points for adding/removing event listeners.

2017-09-13  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Bug fix for synchronous transfer
        https://bugs.webkit.org/show_bug.cgi?id=176552

        Reviewed by Alex Christensen.

        ResourceHandleInternal::m_delegate is null when transfer is synchronous. It should be set ResourceHandleCurlDelegate.
        Also the callback functions called when transfer is completed is wrong.

        * platform/network/curl/ResourceHandleCurl.cpp:
        (WebCore::ResourceHandle::platformLoadResourceSynchronously):
        * platform/network/curl/ResourceHandleCurlDelegate.cpp:
        (WebCore::ResourceHandleCurlDelegate::dispatchSynchronousJob):
        (WebCore::ResourceHandleCurlDelegate::notifyFinish):
        (WebCore::ResourceHandleCurlDelegate::notifyFail):
        (WebCore::ResourceHandleCurlDelegate::didReceiveHeader):
        (WebCore::ResourceHandleCurlDelegate::didReceiveData):
        (WebCore::ResourceHandleCurlDelegate::willSendData):

2017-09-13  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r221976.

        The test introduced was flaky from point of addition.

        Reverted changeset:

        "Introduce Storage Access API (document parts) as an
        experimental feature"
        https://bugs.webkit.org/show_bug.cgi?id=175759
        http://trac.webkit.org/changeset/221976

2017-09-13  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Followup (r221805): Address comments and add more tests
        https://bugs.webkit.org/show_bug.cgi?id=176732

        Reviewed by Darin Adler.

        Test: http/tests/images/decode-slow-load-static-image.html

        Code clean up and adding a new test to ensure multiple decode() promises
        can be resolved or rejected simultaneously without any issues.

        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::decode):
        (WebCore::ImageLoader::decodeError):
        * loader/ImageLoader.h:
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::decode):
        (WebCore::BitmapImage::callDecodingCallbacks):
        * platform/graphics/BitmapImage.h:

2017-09-13  Youenn Fablet  <youenn@apple.com>

        Internals clearCacheStorageMemoryRepresentation should return a Promise
        https://bugs.webkit.org/show_bug.cgi?id=176818

        Reviewed by Alex Christensen.

        No observable change of behavior.

        * Modules/cache/DOMCacheEngine.h:
        * testing/Internals.cpp:
        (WebCore::Internals::clearCacheStorageMemoryRepresentation): Returning a promise when clearing is completed.
        * testing/Internals.h:
        * testing/Internals.idl:

2017-09-13  Nikita Vasilyev  <nvasilyev@apple.com>

        Web Inspector: Frontend should be made to expect and handle disabled properties
        https://bugs.webkit.org/show_bug.cgi?id=166787
        <rdar://problem/34379593>

        Reviewed by Joseph Pecoraro.

        Include disabled (commented out) CSS properties in the payload.

        Tests: inspector/css/css-property.html
               inspector/css/matched-style-properties.html

        * inspector/InspectorStyleSheet.cpp:
        (WebCore::InspectorStyle::populateAllProperties const):
        (WebCore::InspectorStyle::styleWithProperties const):

2017-09-13  Carlos Alberto Lopez Perez  <clopez@igalia.com>

        [GTK] Fails to build because 'Float32Array' has not been declared in AudioContext.h
        https://bugs.webkit.org/show_bug.cgi?id=176870

        Reviewed by Konstantin Tokarev.

        Add missing include of Float32Array.h

        No new tests, its a build fix.

        * Modules/webaudio/AudioContext.h:

2017-09-13  Andy Estes  <aestes@apple.com>

        [CF] Upstream CFNetwork-related WebKitSystemInterface functions
        https://bugs.webkit.org/show_bug.cgi?id=176729

        Reviewed by Alex Christensen.

        * platform/ios/WebCoreSystemInterfaceIOS.mm:
        * platform/mac/PublicSuffixMac.mm:
        (WebCore::isPublicSuffix):
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:
        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::ResourceRequest::doUpdatePlatformRequest):
        (WebCore::ResourceRequest::doUpdateResourceRequest):
        * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
        (WebCore::setCONNECTProxyForStream):
        (WebCore::SocketStreamHandleImpl::createStreams):
        (WebCore::setCONNECTProxyAuthorizationForStream):
        (WebCore::SocketStreamHandleImpl::addCONNECTCredentials):
        (WebCore::copyCONNECTProxyResponse):
        (WebCore::SocketStreamHandleImpl::readStreamCallback):
        (WebCore::SocketStreamHandleImpl::writeStreamCallback):
        * platform/network/cocoa/ResourceRequestCocoa.mm:
        (WebCore::ResourceRequest::doUpdateResourceRequest):
        (WebCore::ResourceRequest::doUpdatePlatformRequest):

2017-09-13  Antti Koivisto  <antti@apple.com>

        Make more of the CSS animation system internals element based
        https://bugs.webkit.org/show_bug.cgi?id=176832

        Reviewed by Zalan Bujtas.

        CSS animations animate element style. Continue moving away from renderers in the animation code.

        Also do some general modernization.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::computeRenderStyleForProperty):
        * page/animation/AnimationBase.cpp:
        (WebCore::AnimationBase::AnimationBase):
        * page/animation/AnimationBase.h:
        * page/animation/CSSAnimationController.cpp:
        (WebCore::CSSAnimationControllerPrivate::ensureCompositeAnimation):
        (WebCore::CSSAnimationControllerPrivate::clear):
        (WebCore::CSSAnimationControllerPrivate::updateAnimations):
        (WebCore::CSSAnimationControllerPrivate::updateAnimationTimerForElement):
        (WebCore::CSSAnimationControllerPrivate::isRunningAnimationOnRenderer const):
        (WebCore::CSSAnimationControllerPrivate::isRunningAcceleratedAnimationOnRenderer const):
        (WebCore::CSSAnimationControllerPrivate::pauseAnimationAtTime):
        (WebCore::CSSAnimationControllerPrivate::pauseTransitionAtTime):
        (WebCore::CSSAnimationControllerPrivate::animatedStyleForElement):
        (WebCore::CSSAnimationControllerPrivate::computeExtentOfAnimation const):
        (WebCore::CSSAnimationController::cancelAnimations):
        (WebCore::CSSAnimationController::updateAnimations):
        (WebCore::CSSAnimationController::animatedStyleForRenderer):
        (WebCore::CSSAnimationController::computeExtentOfAnimation const):
        (WebCore::CSSAnimationController::pauseAnimationAtTime):
        (WebCore::CSSAnimationController::pauseTransitionAtTime):
        (WebCore::CSSAnimationControllerPrivate::updateAnimationTimerForRenderer): Deleted.
        (WebCore::CSSAnimationControllerPrivate::getAnimatedStyleForRenderer): Deleted.
        (WebCore::CSSAnimationController::getAnimatedStyleForRenderer): Deleted.
        * page/animation/CSSAnimationController.h:
        * page/animation/CSSAnimationControllerPrivate.h:
        * page/animation/CompositeAnimation.cpp:
        (WebCore::CompositeAnimation::~CompositeAnimation):
        (WebCore::CompositeAnimation::clearElement):
        (WebCore::CompositeAnimation::updateTransitions):
        (WebCore::CompositeAnimation::updateKeyframeAnimations):
        (WebCore::CompositeAnimation::animate):
        (WebCore::CompositeAnimation::clearRenderer): Deleted.
        * page/animation/CompositeAnimation.h:
        * page/animation/ImplicitAnimation.cpp:
        (WebCore::ImplicitAnimation::ImplicitAnimation):
        (WebCore::ImplicitAnimation::animate):
        * page/animation/ImplicitAnimation.h:
        (WebCore::ImplicitAnimation::create):
        * page/animation/KeyframeAnimation.cpp:
        (WebCore::KeyframeAnimation::KeyframeAnimation):
        (WebCore::KeyframeAnimation::animate):
        * page/animation/KeyframeAnimation.h:
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::willBeDestroyed):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::currentTransform const):
        * style/RenderTreeUpdater.cpp:
        (WebCore::RenderTreeUpdater::createRenderer):
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::TreeResolver::createAnimatedElementUpdate):
        * testing/Internals.cpp:
        (WebCore::Internals::pauseAnimationAtTimeOnElement):
        (WebCore::Internals::pauseAnimationAtTimeOnPseudoElement):
        (WebCore::Internals::pauseTransitionAtTimeOnElement):
        (WebCore::Internals::pauseTransitionAtTimeOnPseudoElement):

2017-09-13  Daniel Bates  <dabates@apple.com>

        Make history.pushState()/replaceState() more closely aligned to the HTML standard
        https://bugs.webkit.org/show_bug.cgi?id=176730
        <rdar://problem/33839265>

        Reviewed by Alex Christensen.

        Update history.pushState()/replaceState() to more closely align with the algorithm
        specified in <https://html.spec.whatwg.org/multipage/history.html#dom-history-pushstate-2> (9 September 2017).

        Test: http/tests/security/history-pushState-replaceState-from-sandboxed-iframe.html

        * page/History.cpp:
        (WebCore::History::stateObjectAdded):
        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::extractInnerURL): Use URL constructor that takes a base URL as opposed
        to using the special ParsedURLString-variant because the latter can only be used to parse a string
        returned from URL::string(). And the extracted inner URL does not meet this criterion. Using the
        ParsedURLString-variant of the URL constructor with a string that is not the result of URL::string()
        will cause an assertion failure in a debug build.

2017-09-13  John Wilander  <wilander@apple.com>

        Introduce Storage Access API (document parts) as an experimental feature
        https://bugs.webkit.org/show_bug.cgi?id=175759
        <rdar://problem/33666847>

        Reviewed by Alex Christensen.

        Storage Access API is an experimental feature which allows cross-origin,
        sandboxed iframes to request access to their first-party storage (as
        opposed to partitioned storage). This might be restricted to cookies or
        might cover all stateful mechanisms.

        It introduces the following three developer-facing things:
        - A new readonly attribute, document.hasStorageAccess.
        - A new function, document.requestStorageAccess().
        - A new iframe sandbox token, allow-storage-access-by-user-activation.

        Tests: http/tests/loading/resourceLoadStatistics/request-and-deny-storage-access-cross-origin-iframe.html
               http/tests/loading/resourceLoadStatistics/request-and-deny-storage-access-cross-origin-sandboxed-iframe.html
               http/tests/loading/resourceLoadStatistics/request-and-grant-storage-access-cross-origin-iframe.html
               http/tests/loading/resourceLoadStatistics/request-and-grant-storage-access-cross-origin-sandboxed-iframe.html
               http/tests/loading/resourceLoadStatistics/request-storage-access-cross-origin-sandboxed-iframe-with-unique-origin.html
               http/tests/loading/resourceLoadStatistics/request-storage-access-cross-origin-sandboxed-iframe-without-allow-token.html
               http/tests/loading/resourceLoadStatistics/request-storage-access-same-origin-iframe.html
               http/tests/loading/resourceLoadStatistics/request-storage-access-same-origin-sandboxed-iframe-without-allow-token.html
               http/tests/loading/resourceLoadStatistics/request-storage-access-same-origin-sandboxed-iframe.html
               http/tests/loading/resourceLoadStatistics/request-storage-access-top-frame.html

        * dom/Document.cpp:
        (WebCore::Document::requestStorageAccess):
        * dom/Document.h:
        (WebCore::Document::hasStorageAccess const):
        (WebCore::Document::setUserGrantsStorageAccessOverride):
            See comments on WebCore::Internals below.
        * dom/Document.idl:
        * dom/SecurityContext.cpp:
        (WebCore::SecurityContext::isSupportedSandboxPolicy):
        (WebCore::SecurityContext::parseSandboxPolicy):
            Support for allow-storage-access-by-user-activation.
        * dom/SecurityContext.h:
        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::registerStorageAccess):
            Newly granted storage access is reported to 
            WebCore::ResourceLoadObserver.
        * loader/ResourceLoadObserver.h:
        * loader/ResourceLoadStatistics.cpp:
        (WebCore::encodeHashSet):
        (WebCore::ResourceLoadStatistics::encode const):
        (WebCore::decodeHashSet):
        (WebCore::ResourceLoadStatistics::decode):
        (WebCore::appendHashSet):
        (WebCore::ResourceLoadStatistics::toString const):
        (WebCore::mergeHashSet):
        (WebCore::ResourceLoadStatistics::merge):
            Storage of the new type of data.
        * loader/ResourceLoadStatistics.h:
        * page/Settings.in:
        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState):
        (WebCore::Internals::setUserGrantsStorageAccess):
        * testing/Internals.h:
        * testing/Internals.idl:
            Added setUserGrantsStorageAccess(). It is used to
            override the eventSender's keyboard input which
            always results in a cancel action on the confirm()
            dialog.

2017-09-13  Carlos Garcia Campos  <cgarcia@igalia.com>

        [HarfBuzz] Wrong offset returned by HarfBuzzShaper::offsetForPosition in some cases
        https://bugs.webkit.org/show_bug.cgi?id=176848

        Reviewed by Michael Catanzaro.

        This patch rewrites HarfBuzzShaper::HarfBuzzRun::characterIndexForXPosition() to make it simpler and ensure we
        return the right offset in all the cases, also honoring now the includePartialGlyphs parameter that we were
        ignoring in FontCascade::offsetForPositionForComplexText().

        Fixes several tests that started to fail after r221909.

        * platform/graphics/cairo/FontCairoHarfbuzzNG.cpp:
        (WebCore::FontCascade::offsetForPositionForComplexText const):
        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::HarfBuzzRun::characterIndexForXPosition):
        (WebCore::HarfBuzzShaper::offsetForPosition):
        * platform/graphics/harfbuzz/HarfBuzzShaper.h:

2017-09-13  Per Arne Vollan  <pvollan@apple.com>

        Initialize InternalSettings member variable.
        https://bugs.webkit.org/show_bug.cgi?id=176838

        Reviewed by Brent Fulgham.

        Initialize the m_webVREnabled member in the constructor.

        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::Backup::Backup):

2017-09-13  Ms2ger  <Ms2ger@igalia.com>

        Make WebGLRenderingContextBase::TypedList::data() const-correct.
        https://bugs.webkit.org/show_bug.cgi?id=176833

        Reviewed by Sam Weinig.

        No change of behavior.

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::validateUniformMatrixParameters):
        * html/canvas/WebGLRenderingContextBase.h:
        (WebCore::WebGLRenderingContextBase::TypedList::data const):
        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::uniform1fv):
        (WebCore::GraphicsContext3D::uniform2fv):
        (WebCore::GraphicsContext3D::uniform3fv):
        (WebCore::GraphicsContext3D::uniform4fv):
        (WebCore::GraphicsContext3D::uniform1iv):
        (WebCore::GraphicsContext3D::uniform2iv):
        (WebCore::GraphicsContext3D::uniform3iv):
        (WebCore::GraphicsContext3D::uniform4iv):
        (WebCore::GraphicsContext3D::uniformMatrix2fv):
        (WebCore::GraphicsContext3D::uniformMatrix3fv):
        (WebCore::GraphicsContext3D::uniformMatrix4fv):
        (WebCore::GraphicsContext3D::vertexAttrib1fv):
        (WebCore::GraphicsContext3D::vertexAttrib2fv):
        (WebCore::GraphicsContext3D::vertexAttrib3fv):
        (WebCore::GraphicsContext3D::vertexAttrib4fv):

2017-09-13  Sam Weinig  <sam@webkit.org>

        Remove CanvasRenderingContext2D.commit(), it is a no-op and not part the standard
        https://bugs.webkit.org/show_bug.cgi?id=176821

        Reviewed by Darin Adler.

        * html/canvas/CanvasRenderingContext2D.h:
        * html/canvas/CanvasRenderingContext2D.idl:
        
            Remove the commit operation. It is no longer part the standard (it was
            moved to OffscreenCanvasRenderingContext2D) and it was a no-op.

2017-09-12  Matt Rajca  <mrajca@apple.com>

        Ensure the user interacted with the page before setting m_userHasInteractedWithMediaElement
        https://bugs.webkit.org/show_bug.cgi?id=176816

        Reviewed by Eric Carlson.

        Currently, when the user presses a keyboard shortcut in the client to reload a page, that may
        get registered as a user gesture on the reloaded page. Before setting the
        m_userHasInteractedWithMediaElement flag, we should check if a user gesture was actually handled
        by checking the userDidInteractWithPage flag. In case of key events that aren't handled by the
        page, this will be set to false by EventHandler:

            // If the key event was not handled, do not treat it as user interaction with the page.
            if (topDocument && !wasHandled)
                topDocument->setUserDidInteractWithPage(savedUserDidInteractWithPage);

        We need to revisit this in the future in webkit.org/b/176817 and ensure user gesture tokens
        don't carry over across reloads of the page.

        Tests: I wasn't able to trigger the pathological scenario this aims to fix with a test that calls
        window.location.reload() from a synthetic keyDown event.

        * dom/Document.cpp:
        (WebCore::Document::noteUserInteractionWithMediaElement):

2017-09-13  Ms2ger  <Ms2ger@igalia.com>

        Disallow passing null values to various WebGL2 methods.
        https://bugs.webkit.org/show_bug.cgi?id=176829

        Reviewed by Yusuke Suzuki.

        This matches the specification as well as Gecko and Chromium.

        Test: fast/canvas/webgl/webgl2/bindings.html

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::beginQuery):
        (WebCore::WebGL2RenderingContext::getQueryParameter):
        (WebCore::WebGL2RenderingContext::samplerParameteri):
        (WebCore::WebGL2RenderingContext::samplerParameterf):
        (WebCore::WebGL2RenderingContext::getSamplerParameter):
        (WebCore::WebGL2RenderingContext::clientWaitSync):
        (WebCore::WebGL2RenderingContext::waitSync):
        (WebCore::WebGL2RenderingContext::getSyncParameter):
        (WebCore::WebGL2RenderingContext::transformFeedbackVaryings):
        (WebCore::WebGL2RenderingContext::getTransformFeedbackVarying):
        (WebCore::WebGL2RenderingContext::getUniformIndices):
        (WebCore::WebGL2RenderingContext::getUniformBlockIndex):
        (WebCore::WebGL2RenderingContext::getActiveUniformBlockParameter):
        (WebCore::WebGL2RenderingContext::getActiveUniformBlockName):
        (WebCore::WebGL2RenderingContext::uniformBlockBinding):
        * html/canvas/WebGL2RenderingContext.h:
        * html/canvas/WebGL2RenderingContext.idl:

2017-09-13  Sergio Villar Senin  <svillar@igalia.com>

        [WebVR] Add IDLs and stubs
        https://bugs.webkit.org/show_bug.cgi?id=174202

        Reviewed by Dean Jackson.

        Adding the complete set of IDLs for the WebVR 1.1 spec including the interface stubs which
        currently do nothing.

        Tests: webvr/webvr-disabled.html
               webvr/webvr-enabled.html

        * CMakeLists.txt:
        * DerivedSources.make:
        * Modules/webvr/DOMWindowWebVR.idl: Added.
        * Modules/webvr/GamepadWebVR.cpp: Added.
        (WebCore::GamepadWebVR::GamepadWebVR):
        (WebCore::GamepadWebVR::~GamepadWebVR):
        (WebCore::GamepadWebVR::displayId):
        * Modules/webvr/GamepadWebVR.h: Added.
        * Modules/webvr/GamepadWebVR.idl: Added.
        * Modules/webvr/NavigatorWebVR.cpp: Added.
        (WebCore::NavigatorWebVR::getVRDisplays):
        (WebCore::NavigatorWebVR::activeVRDisplays):
        (WebCore::NavigatorWebVR::vrEnabled):
        * Modules/webvr/NavigatorWebVR.h: Added.
        * Modules/webvr/NavigatorWebVR.idl: Added.
        * Modules/webvr/VRDisplay.cpp: Added.
        (WebCore::VRDisplay::create):
        (WebCore::VRDisplay::VRDisplay):
        (WebCore::VRDisplay::isConnected const):
        (WebCore::VRDisplay::isPresenting const):
        (WebCore::VRDisplay::capabilities const):
        (WebCore::VRDisplay::stageParameters const):
        (WebCore::VRDisplay::getEyeParameters const):
        (WebCore::VRDisplay::displayId const):
        (WebCore::VRDisplay::displayName const):
        (WebCore::VRDisplay::getFrameData const):
        (WebCore::VRDisplay::getPose const):
        (WebCore::VRDisplay::resetPose):
        (WebCore::VRDisplay::depthNear const):
        (WebCore::VRDisplay::setDepthNear):
        (WebCore::VRDisplay::depthFar const):
        (WebCore::VRDisplay::setDepthFar):
        (WebCore::VRDisplay::requestAnimationFrame):
        (WebCore::VRDisplay::cancelAnimationFrame):
        (WebCore::VRDisplay::requestPresent):
        (WebCore::VRDisplay::exitPresent):
        (WebCore::VRDisplay::getLayers const):
        (WebCore::VRDisplay::submitFrame):
        (WebCore::VRDisplay::hasPendingActivity const):
        (WebCore::VRDisplay::activeDOMObjectName const):
        (WebCore::VRDisplay::canSuspendForDocumentSuspension const):
        (WebCore::VRDisplay::stop):
        * Modules/webvr/VRDisplay.h: Added.
        * Modules/webvr/VRDisplay.idl: Added.
        * Modules/webvr/VRDisplayCapabilities.cpp: Added.
        (WebCore::VRDisplayCapabilities::hasPosition const):
        (WebCore::VRDisplayCapabilities::hasOrientation const):
        (WebCore::VRDisplayCapabilities::hasExternalDisplay const):
        (WebCore::VRDisplayCapabilities::canPresent const):
        (WebCore::VRDisplayCapabilities::maxLayer const):
        * Modules/webvr/VRDisplayCapabilities.h: Added.
        (WebCore::VRDisplayCapabilities::create):
        * Modules/webvr/VRDisplayCapabilities.idl: Added.
        * Modules/webvr/VRDisplayEvent.cpp: Added.
        (WebCore::VRDisplayEvent::VRDisplayEvent):
        (WebCore::VRDisplayEvent::display const):
        (WebCore::VRDisplayEvent::reason const):
        (WebCore::VRDisplayEvent::eventInterface const):
        * Modules/webvr/VRDisplayEvent.h: Added.
        * Modules/webvr/VRDisplayEvent.idl: Added.
        * Modules/webvr/VRDisplayEventReason.h: Added.
        * Modules/webvr/VRDisplayEventReason.idl: Added.
        * Modules/webvr/VREye.h: Added.
        * Modules/webvr/VREye.idl: Added.
        * Modules/webvr/VREyeParameters.cpp: Added.
        (WebCore::VREyeParameters::VREyeParameters):
        (WebCore::VREyeParameters::offset const):
        (WebCore::VREyeParameters::fieldOfView const):
        (WebCore::VREyeParameters::renderWidth const):
        (WebCore::VREyeParameters::renderHeight const):
        * Modules/webvr/VREyeParameters.h: Added.
        (WebCore::VREyeParameters::create):
        * Modules/webvr/VREyeParameters.idl: Added.
        * Modules/webvr/VRFieldOfView.cpp: Added.
        (WebCore::VRFieldOfView::upDegrees const):
        (WebCore::VRFieldOfView::rightDegrees const):
        (WebCore::VRFieldOfView::downDegrees const):
        (WebCore::VRFieldOfView::leftDegrees const):
        * Modules/webvr/VRFieldOfView.h: Added.
        (WebCore::VRFieldOfView::create):
        * Modules/webvr/VRFieldOfView.idl: Added.
        * Modules/webvr/VRFrameData.cpp: Added.
        (WebCore::VRFrameData::VRFrameData):
        (WebCore::VRFrameData::timestamp const):
        (WebCore::VRFrameData::leftProjectionMatrix const):
        (WebCore::VRFrameData::leftViewMatrix const):
        (WebCore::VRFrameData::rightProjectionMatrix const):
        (WebCore::VRFrameData::rightViewMatrix const):
        (WebCore::VRFrameData::pose const):
        * Modules/webvr/VRFrameData.h: Added.
        (WebCore::VRFrameData::create):
        * Modules/webvr/VRFrameData.idl: Added.
        * Modules/webvr/VRLayerInit.h: Added.
        * Modules/webvr/VRLayerInit.idl: Added.
        * Modules/webvr/VRPose.cpp: Added.
        (WebCore::VRPose::position const):
        (WebCore::VRPose::linearVelocity const):
        (WebCore::VRPose::linearAcceleration const):
        (WebCore::VRPose::orientation const):
        (WebCore::VRPose::angularVelocity const):
        (WebCore::VRPose::angularAcceleration const):
        * Modules/webvr/VRPose.h: Added.
        (WebCore::VRPose::create):
        * Modules/webvr/VRPose.idl: Added.
        * Modules/webvr/VRStageParameters.cpp: Added.
        (WebCore::VRStageParameters::sittingToStandingTransform const):
        (WebCore::VRStageParameters::sizeX const):
        (WebCore::VRStageParameters::sizeZ const):
        * Modules/webvr/VRStageParameters.h: Added.
        (WebCore::VRStageParameters::create):
        * Modules/webvr/VRStageParameters.idl: Added.
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:
        * dom/EventNames.h:
        * dom/EventNames.in:
        * dom/EventTargetFactory.in:
        * features.json:
        * page/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setWebVREnabled):
        (WebCore::RuntimeEnabledFeatures::webVREnabled const):
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::Backup::restoreTo):
        (WebCore::InternalSettings::setWebVREnabled):
        * testing/InternalSettings.h:
        * testing/InternalSettings.idl:

2017-09-13  Ms2ger  <Ms2ger@igalia.com>

        Update the type of the texture argument to framebufferTextureLayer().
        https://bugs.webkit.org/show_bug.cgi?id=176785

        Reviewed by Yusuke Suzuki.

        This matches the specification as well as Gecko and Chromium.

        Also move getInternalformatParameter() to the position it has in the
        specification, for easier comparison.

        Test: fast/canvas/webgl/webgl2/bindings.html

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::framebufferTextureLayer):
        * html/canvas/WebGL2RenderingContext.h:
        * html/canvas/WebGL2RenderingContext.idl:

2017-09-13  Zan Dobersek  <zdobersek@igalia.com>

        [EME] Implement CDMInstanceClearKey::updateLicense()
        https://bugs.webkit.org/show_bug.cgi?id=176791

        Reviewed by Xabier Rodriguez-Calvar.

        Implement the updateLicense() method for CDMInstanceClearKey.
        The response data is parsed as JSON, matching that agains either
        'license' or 'license release acknowledgement' formats (depending
        on either 'keys' or 'kids' object keys being present). If any
        format is recognized, appropriate steps are taken.

        In case of the 'license' format, the passed-in keys are matched
        against existing ones. If some keys have changed or have been
        newly introduced, the key information is sorted by key ID size
        and data to enforce order. After that the KeyStatusVector object
        is constructed, containing key ID and status information for all
        the keys associated with this session. Finally callback is
        dispatched, signalling a successful operation and passing the
        KeyStatusVector, if any, back to the caller.

        In case of the 'license release acknowledgement' format, the
        session data for this session ID is removed from the ClearKey state
        singleton. The callback is dispatched signalling the session closure
        and successfull completion of the operation.

        Finally, if no format is deduced, the callback is again dispatched,
        but now signalling an operation failure.

        No new tests -- expectations for the relevant tests are updated
        to reflect the introduced changes.

        * platform/encryptedmedia/clearkey/CDMClearKey.cpp:
        (WebCore::ClearKeyState::keys):
        (WebCore::ClearKeyState::singleton):
        (WebCore::parseLicenseFormat):
        (WebCore::parseLicenseReleaseAcknowledgementFormat):
        (WebCore::CDMInstanceClearKey::updateLicense):

2017-09-13  Ryosuke Niwa  <rniwa@webkit.org>

        Refactor WebContentReader out of EditorMac and EditorIOS
        https://bugs.webkit.org/show_bug.cgi?id=176770

        Reviewed by Sam Weinig.

        Extracted WebContentReader.h, WebContentReaderMac.mm, and WebContentIOS.mm from Pasteboard.h,
        EditorMac.mm, and EditorIOS.mm respectively.

        Also moved createFragmentAndAddResources from EditorCocoa.mm to WebContentReaderCocoa.mm
        and createFragmentForImageAndURL and createFragmentForImageResourceAndAddResource to markup.cpp.

        * Configurations/WebCore.xcconfig:
        * PlatformMac.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * editing/Editor.cpp:
        (WebCore::Editor::createFragmentForImageAndURL): Deleted.
        * editing/Editor.h:
        * editing/WebContentReader.h: Added.
        * editing/cocoa/EditorCocoa.mm:
        (WebCore::Editor::replaceSelectionWithAttributedString):
        (WebCore::Editor::createFragment): Deleted.
        (WebCore::Editor::createFragmentForImageResourceAndAddResource): Deleted.
        (WebCore::Editor::createFragmentAndAddResources): Deleted.
        * editing/cocoa/WebContentReaderCocoa.mm: Added.
        (WebCore::createFragmentForImageResourceAndAddResource):
        (WebCore::createFragment):
        (WebCore::createFragmentAndAddResources):
        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::WebContentReader): Moved to WebContentReaderIOS.mm.
        * editing/ios/WebContentReaderIOS.mm: Added.
        (WebCore::WebContentReader::addFragment):
        (WebCore::WebContentReader::readWebArchive):
        (WebCore::WebContentReader::readFilenames):
        (WebCore::WebContentReader::readHTML):
        (WebCore::WebContentReader::readRTFD):
        (WebCore::WebContentReader::readRTF):
        (WebCore::WebContentReader::readImage):
        (WebCore::WebContentReader::readURL):
        (WebCore::WebContentReader::readPlainText):
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::WebContentReader): Moved to WebContentReaderMac.mm.
        * editing/mac/WebContentReaderMac.mm: Added.
        (WebCore::WebContentReader::readWebArchive):
        (WebCore::WebContentReader::readFilenames):
        (WebCore::WebContentReader::readHTML):
        (WebCore::WebContentReader::readRTFD):
        (WebCore::WebContentReader::readRTF):
        (WebCore::WebContentReader::readImage):
        (WebCore::WebContentReader::readURL):
        (WebCore::WebContentReader::readPlainText):
        * editing/markup.cpp:
        (WebCore::createFragmentForImageAndURL):
        (WebCore::createFragmentForImageResourceAndAddResource):
        * editing/markup.h:

2017-09-12  Yusuke Suzuki  <utatane.tea@gmail.com>

        [DFG] Optimize WeakMap::get by adding intrinsic and fixup
        https://bugs.webkit.org/show_bug.cgi?id=176010

        Reviewed by Filip Pizlo.

        * platform/network/curl/CurlJobManager.cpp:
        (WebCore::CurlJobList::finishJobs):

2017-09-12  Frederic Wang  <fwang@igalia.com>

        Rename isRootLayer to isRenderViewLayer
        https://bugs.webkit.org/show_bug.cgi?id=176684

        Reviewed by Darin Adler.

        This patch was generated with the help of do-webcore-rename with some coding style adjustment.

        No new tests, behavior unchanged.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        (WebCore::RenderLayer::enclosingTransformedAncestor const):
        (WebCore::RenderLayer::enclosingFilterRepaintLayer const):
        (WebCore::RenderLayer::setFilterBackendNeedsRepaintingInRect):
        (WebCore::RenderLayer::clippingRootForPainting const):
        (WebCore::RenderLayer::beginTransparencyLayers):
        (WebCore::shouldSuppressPaintingLayer):
        (WebCore::RenderLayer::paintFixedLayersInNamedFlows):
        (WebCore::RenderLayer::hitTest):
        (WebCore::RenderLayer::hitTestFixedLayersInNamedFlows):
        (WebCore::RenderLayer::calculateClipRects const):
        * rendering/RenderLayer.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::RenderLayerBacking):
        (WebCore::RenderLayerBacking::updateConfiguration):
        (WebCore::RenderLayerBacking::updateAfterDescendants):
        (WebCore::RenderLayerBacking::paintsIntoWindow const):
        (WebCore::RenderLayerBacking::paintIntoLayer):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::logLayerInfo):
        (WebCore::RenderLayerCompositor::needsCompositingUpdateForStyleChangeOnNonCompositedLayer const):
        (WebCore::RenderLayerCompositor::updateBacking):
        (WebCore::RenderLayerCompositor::repaintInCompositedAncestor):
        (WebCore::RenderLayerCompositor::addToOverlapMap):
        (WebCore::RenderLayerCompositor::computeCompositingRequirementsForNamedFlowFixed):
        (WebCore::RenderLayerCompositor::computeCompositingRequirements):
        (WebCore::RenderLayerCompositor::rebuildCompositingLayerTreeForNamedFlowFixed):
        (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
        (WebCore::RenderLayerCompositor::needsToBeComposited const):
        (WebCore::RenderLayerCompositor::requiresOwnBackingStore const): Also move the IOS condition
        up to avoid that check-webkit-style complains.
        (WebCore::RenderLayerCompositor::reasonsForCompositing const):
        (WebCore::RenderLayerCompositor::useCoordinatedScrollingForLayer const):
        (WebCore::RenderLayerCompositor::needsFixedRootBackgroundLayer const):
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):

2017-09-12  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Support DataTransfer.getData and DataTransfer.setData when dragging or dropping
        https://bugs.webkit.org/show_bug.cgi?id=176672
        <rdar://problem/34353723>

        Reviewed by Ryosuke Niwa.

        Makes several tweaks to support DataTransfer.getData and DataTransfer.setData when dragging and dropping on iOS.
        See per-method changes below for more details. This patch also renames some old variable and property names
        along the way, so they no longer reference "data interaction", and instead refer to the feature by its post-WWDC
        name.

        New test: DataInteractionTests.ExternalSourceInlineTextToFileInput
        Modified: DataInteractionTests.CanStartDragOnDivWithDraggableAttribute
                  DataInteractionTests.SinglePlainTextURLTypeIdentifiers
                  DataInteractionTests.SinglePlainTextWordTypeIdentifiers

        * platform/ios/AbstractPasteboard.h:
        * platform/ios/PasteboardIOS.mm:
        (WebCore::cocoaTypeFromHTMLClipboardType):

        In cocoaTypeFromHTMLClipboardType, map the "text/plain" MIME type to the "public.plain-text" UTI. Previously,
        this corresponded to "public.text", which is incorrect, since "public.text" also includes non-plain-text types
        such as "public.html", thereby confusing NSItemProviders. Importantly, this makes it so that plain text strings
        written via DataTransfer.setData() can actually be read back as a cocoa value, since "public.plain-text" is one
        of the UTIs in +[NSString readableTypeIdentifiersForItemProvider].

        (WebCore::Pasteboard::writeString):

        Instead of writing { type : data } to the pasteboard, write { cocoaType : data }. It appears that this was
        changed unintentionally in r156588 when upstreaming the iOS pasteboard implementation. This is made apparent by
        how Pasteboard::readString() requests the cocoa UTI from the platform pasteboard, but Pasteboard::writeString()
        sends the MIME type.

        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::PlatformPasteboard::filenamesForDataInteraction):
        (WebCore::PlatformPasteboard::write):

        When writing plain text or a URL, specify that the item wants inline style representation. This prevents odd and
        unexpected behaviors (for instance, being able to drag plain text into the Files app as a file), but it also
        makes getData() not bail and return the null string on drop, due to forFileDrag() being true in
        DataTransfer::getData().

        * platform/ios/WebItemProviderPasteboard.h:
        * platform/ios/WebItemProviderPasteboard.mm:
        (-[WebItemProviderRegistrationInfoList init]):
        (uiPreferredPresentationStyle):
        (-[WebItemProviderRegistrationInfoList itemProvider]):

        Set the preferred presentation style when generating an item provider from a registration list.

        (+[WebItemProviderLoadResult emptyLoadResult]):
        (+[WebItemProviderLoadResult loadResultWithFileURLMap:presentationStyle:]):
        (-[WebItemProviderLoadResult initWithFileURLMap:presentationStyle:]):
        (-[WebItemProviderLoadResult fileURLForType:]):
        (-[WebItemProviderLoadResult loadedFileURLs]):
        (-[WebItemProviderLoadResult loadedTypeIdentifiers]):

        Introduce WebItemProviderLoadResult, an object that encapsulates information needed to represent the contents of
        an NSItemProvider dropped in web content. Previously, WebItemProviderPasteboard maintained an array of
        dictionaries of UTI => file URL, where each dictionary represents where the dropped data for a given item
        provider lives. Now that we additionally need to remember (for each item provider) whether we should consider
        its data as a file upload, it's more helpful to have a separate object representing the "load results" of a
        dropped item provider.

        (-[WebItemProviderPasteboard init]):
        (-[WebItemProviderPasteboard pasteboardTypes]):
        (-[WebItemProviderPasteboard setItemProviders:]):
        (-[WebItemProviderPasteboard _preLoadedDataConformingToType:forItemProviderAtIndex:]):
        (-[WebItemProviderPasteboard droppedFileURLs]):

        Respect item provider load results that should not be exposed as a file to the page.

        (-[WebItemProviderPasteboard numberOfFiles]):

        Respect item providers with UIPreferredPresentationStyleInline by not counting them towards the number of files.

        (-[WebItemProviderPasteboard doAfterLoadingProvidedContentIntoFileURLs:synchronousTimeout:]):

        Adjust for the transition from an array of dictionaries representing loaded item providers to an array of
        WebItemProviderLoadResults.

        (-[WebItemProviderPasteboard fileURLsForDataInteraction]): Deleted.
        * platform/mac/DragDataMac.mm:
        (WebCore::DragData::containsFiles const):

        DragData::containsFiles previously only considered whether or not particular UTIs appear in the pasteboard. In
        the case of Mac, this is NSFilesPromisePboardType and NSFilenamesPboardType, but in the case of iOS, this is a
        much broader category (anything conforming to "public.content"), since files are not exposed explicitly as
        "promise" or "file" types in the list of registered UTIs. This caused us to always bail in
        DataTransfer.getData() on drop on iOS, since we will always believe there's a file on the pasteboard if there's
        anything conforming to "public.content" at all.

        To fix this and simplify the code at the same time, we simply replace the currently implementation of
        DragData::containsFiles to return true iff the number of files is nonzero. On Mac, DragData::numberOfFiles
        checks the same UTIs as DragData::containsFiles (NSFilesPromisePboardType and NSFilenamesPboardType), but
        additionally counts the number of file URLs corresponding to those UTIs.

        On iOS, the implementation of numberOfFiles is new to iOS 11, and relevant only in the drag and drop flow.
        Previously, we would consider an item provider to "contain" a file if it had a UTI conforming to one of the UTIs
        acceptable for drag and drop (at the time of writing, these are ["public.content", "public.zip",
        "public.folder"]). With this patch, anything conforming to these UTIs will continue to be represented as files,
        but importantly, if an item provider indicates that it should be represented inline (i.e. a plain text
        selection), then we don't consider that item provider as vending a file. This allows us to distinguish between
        cases where we are dragging a plain text selection over a file input, and when we are dragging a plain text file.
        In both cases, "public.plain-text" is offered as a registered UTI, but in the former, the item provider should
        indicate that inline presentation style is preferred. Refer to <rdar://problem/32202542> for more details.

2017-09-12  Joseph Pecoraro  <pecoraro@apple.com>

        QualifiedName::init should assume AtomicStrings::init was already called
        https://bugs.webkit.org/show_bug.cgi?id=176639

        Reviewed by Sam Weinig.

        * dom/QualifiedName.cpp:
        (WebCore::QualifiedName::init):
        All callers of QualifiedName::init precede it with their own call to
        AtomicString::init, so QualifiedName doesn't need to do it.

2017-09-12  Myles C. Maxfield  <mmaxfield@apple.com>

        Unskip fast/text/system-font-synthetic-italic.html
        https://bugs.webkit.org/show_bug.cgi?id=175944
        <rdar://problem/32864306>

        Reviewed by Jon Lee.

        Our buildbots now all have this symbol.

        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:
        (WebCore::FontFamilySpecificationCoreText::fontRanges const):

2017-09-12  Myles C. Maxfield  <mmaxfield@apple.com>

        ASSERTION FAILED: !m_valueOrException under FontFaceSet::completedLoading loading a Serious Eats page
        https://bugs.webkit.org/show_bug.cgi?id=175899

        Reviewed by Tim Horton.

        Slight style update to r221835. Also adds a test.

        Test: fast/text/document-fonts-while-loading-crash.html

        * css/CSSFontFaceSet.h:
        * css/FontFaceSet.cpp:
        (WebCore::FontFaceSet::FontFaceSet):

2017-09-12  Myles C. Maxfield  <mmaxfield@apple.com>

        Inline ParserUtilities.h
        https://bugs.webkit.org/show_bug.cgi?id=176572

        Reviewed by Darin Adler.

        Its contents are only ever used from SVG files which also include SVGParserUtilities.h.

        No new tests because there is no behavior change.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/text/ParserUtilities.h: Removed.
        * svg/SVGParserUtilities.h:
        (WebCore::skipString):

2017-09-12  Ryosuke Niwa  <rniwa@webkit.org>

        Dragging & dropping a file creates an attachment element even when it's disabled
        https://bugs.webkit.org/show_bug.cgi?id=176769

        Reviewed by Tim Horton.

        The bug that dropping a file always created an attachment element even when it's disabled by settings
        was caused by WebContentReader::readFilenames always creating an attachment element. Fixed this by
        checking the runtime flag. The fix is tested by drag-files-to-editable-element-as-URLs.html

        To fix the bug that HTMLAttachmentElement is always exposed on the global object even when it's disabled
        by settings, replaced the setting to enable attachment element by an equivalent runtime enabled flag,
        and hid both the interface as well as the element behind it. Fixed various bugs in our code generator
        to make this work.

        Tests: editing/pasteboard/drag-files-to-editable-element-as-URLs.html
               editing/pasteboard/drag-files-to-editable-element-as-attachment.html

        * bindings/js/WebCoreBuiltinNames.h: Added symbols used in the generated code.
        * dom/make_event_factory.pl:
        (defaultItemFactory): Replaced "runtimeConditonal" option by "runtimeEnabled".
        (generateImplementation):
        * dom/make_names.pl:
        (defaultTagPropertyHash):
        (printConstructorInterior): Return a HTMLUnknownElement if the element is disabled by a runtime flag.
        (printTypeHelpers): Make is<HTMLAttachmentElement>(~) returns false when the feature is disabled by
        checking whether the given element is an instance of HTMLUnknownElement.
        (printWrapperFunctions): Simplified this code by matching the code for settingsConditional.
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::WebContentReader::readFilenames): Fixed the bug that this code was always creating
        an attachment element even when the feature is disabled.
        * html/HTMLAttachmentElement.idl: Hide this behind a runtime flag.
        * html/HTMLTagNames.in: 
        * page/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setAttachmentElementEnabled): Added.
        (WebCore::RuntimeEnabledFeatures::attachmentElementEnabled const): Added.
        * page/Settings.in: Removed attachmentElementEnabled.

2017-09-12  Youenn Fablet  <youenn@apple.com>

        Introduce a RecordData for Cache to efficiently check whether it matches a corresponding request or not
        https://bugs.webkit.org/show_bug.cgi?id=176579

        Reviewed by Alex Christensen.

        No change of behavior.

        Introducing another version of queryCacheMatch used for the NetworkProcess implementation of the Cache.
        Exporting the copy of a response body to be used also there.

        * Modules/cache/DOMCacheEngine.cpp:
        (WebCore::DOMCacheEngine::matchURLs):
        (WebCore::DOMCacheEngine::queryCacheMatch):
        (WebCore::DOMCacheEngine::copyResponseBody):
        * Modules/cache/DOMCacheEngine.h:

2017-09-12  Antti Koivisto  <antti@apple.com>

        AnimationBase should point to Element instead of RenderElement
        https://bugs.webkit.org/show_bug.cgi?id=176807

        Reviewed by Andreas Kling.

        This is a step towards making animation system operate on elements and styles instead renderers.

        No functional changes.

        * page/animation/AnimationBase.cpp:
        (WebCore::AnimationBase::AnimationBase):
        (WebCore::AnimationBase::renderer const):
        (WebCore::AnimationBase::compositedRenderer const):
        (WebCore::AnimationBase::updateStateMachine):
        (WebCore::AnimationBase::fireAnimationEventsIfNeeded):
        (WebCore::AnimationBase::timeToNextService):
        (WebCore::AnimationBase::freezeAtTime):
        (WebCore::AnimationBase::getElapsedTime const):
        * page/animation/AnimationBase.h:
        (WebCore::AnimationBase::clear):
        (WebCore::AnimationBase::renderer const): Deleted.
        * page/animation/ImplicitAnimation.cpp:
        (WebCore::ImplicitAnimation::shouldSendEventForListener const):
        (WebCore::ImplicitAnimation::computeExtentOfTransformAnimation const):
        (WebCore::ImplicitAnimation::startAnimation):
        (WebCore::ImplicitAnimation::pauseAnimation):
        (WebCore::ImplicitAnimation::endAnimation):
        (WebCore::ImplicitAnimation::sendTransitionEvent):
        (WebCore::ImplicitAnimation::reset):
        * page/animation/KeyframeAnimation.cpp:
        (WebCore::KeyframeAnimation::getAnimatedStyle):
        (WebCore::KeyframeAnimation::computeExtentOfTransformAnimation const):
        (WebCore::KeyframeAnimation::startAnimation):
        (WebCore::KeyframeAnimation::pauseAnimation):
        (WebCore::KeyframeAnimation::endAnimation):
        (WebCore::KeyframeAnimation::shouldSendEventForListener const):
        (WebCore::KeyframeAnimation::sendAnimationEvent):
        (WebCore::KeyframeAnimation::resolveKeyframeStyles):

2017-09-12  Per Arne Vollan  <pvollan@apple.com>

        [Win] Add Modules/fetch to list of forwarding headers folders.
        https://bugs.webkit.org/show_bug.cgi?id=176747

        Reviewed by Brent Fulgham.

        * PlatformWin.cmake:

2017-09-12  Jer Noble  <jer.noble@apple.com>

        [MSE] Don't increase the reported totalFrameDelay for non-displayed frames (or frames coming in while paused).
        https://bugs.webkit.org/show_bug.cgi?id=175900

        Reviewed by Eric Carlson.

        When seeking to a specific time, the decompression session necessarily needs to be fed samples from before that
        time (i.e., all samples from the previous I-frame forward). These shouldn't contribute to the "total frame
        delay" metric. Neither should samples delivered when the video is paused (like, during seeking), as a frame can't
        be "late" if time is not moving forward.

        * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
        (WebCore::WebCoreDecompressionSession::handleDecompressionOutput):
        * platform/cf/CoreMediaSoftLink.cpp:
        * platform/cf/CoreMediaSoftLink.h:

2017-09-12  Sam Weinig  <sam@webkit.org>

        Gtk build fix for "Finish off the FormData implementation" - https://bugs.webkit.org/show_bug.cgi?id=176659

        * fileapi/Blob.cpp:
        (WebCore::Blob::Blob):
        * fileapi/Blob.h:
        * fileapi/File.cpp:
        (WebCore::File::File):
        
            Replace copy constructor with a tagged constructor.

2017-09-12  Dean Jackson  <dino@apple.com>

        [WebGL] VideoTextureCopierCV doesn't correctly restore vertex attribute state
        https://bugs.webkit.org/show_bug.cgi?id=176771
        <rdar://problem/34386621>

        Reviewed by Antoine Quint.

        The OpenGL context in VideoTextureCopierCV wasn't being restored to
        the state it had before rendering a video to a texture. Specifically
        the vertex attribute values were never recorded by the state saver.

        Update the existing test of VideoTextureCopierCV so that it is
        explicitly doing something different from the WebCore code, which
        means that state will have to be correctly restored for the test
        to pass.

        * platform/graphics/cv/VideoTextureCopierCV.cpp:
        (WebCore::VideoTextureCopierCV::copyVideoTextureToPlatformTexture): Make sure
        to record the vertex attribute state once we know the location of the position attribute.
        (WebCore::VideoTextureCopierCV::GC3DStateSaver::GC3DStateSaver):
        (WebCore::VideoTextureCopierCV::GC3DStateSaver::~GC3DStateSaver):
        (WebCore::VideoTextureCopierCV::GC3DStateSaver::saveVertexAttribState): Save all the
        applicable vertex attribute state information.
        * platform/graphics/cv/VideoTextureCopierCV.h: GC3DStateSaver can use a reference
        to the GC3D rather than a pointer.

2017-09-12  Dean Jackson  <dino@apple.com>

        [WebGL] accelerated texImage2D for video doesn't respect flipY
        https://bugs.webkit.org/show_bug.cgi?id=176491
        <rdar://problem/33833511>

        Reviewed by Jer Noble.

        (Take 2 - this was rolled out due to a test failure, but the following
        commit will fix that)

        Previously, if UNPACK_FLIP_Y_WEBGL was set to true, we'd either fall
        back to software or fail to upload texture data. Fix this by intercepting
        the texImage2D call, checking the orientation of the video, and running
        a small shader program to flip it if necessary.

        While there, implement UNPACK_PREMULTIPLY_ALPHA_WEBGL as well, although
        none of our media decoders support video with alpha, so unfortunately
        this will have no visible change.

        Tests: fast/canvas/webgl/texImage2D-video-flipY-false.html
               fast/canvas/webgl/texImage2D-video-flipY-true.html

        * platform/cocoa/CoreVideoSoftLink.cpp: Add link to CVOpenGL(ES)TextureGetCleanTexCoords,
        which is used to check the orientation of the source video.
        * platform/cocoa/CoreVideoSoftLink.h:

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::copyVideoTextureToPlatformTexture): We can
        now handle flipped or premultiplied requests.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::copyVideoTextureToPlatformTexture): Ditto.

        * platform/graphics/cv/VideoTextureCopierCV.cpp:
        (WebCore::VideoTextureCopierCV::VideoTextureCopierCV): Rename readFramebuffer to
        simply framebuffer.
        (WebCore::VideoTextureCopierCV::~VideoTextureCopierCV): Delete the program and buffer
        if they were created.
        (WebCore::VideoTextureCopierCV::initializeContextObjects): Sets up the shader program
        and the vertex buffer for drawing. Also records the location of the uniforms.
        (WebCore::VideoTextureCopierCV::copyVideoTextureToPlatformTexture): Create a new
        framebuffer object, and render the video texture into that framebuffer using a
        shader that can flip the coordinates.
        (WebCore::VideoTextureCopierCV::GC3DStateSaver::GC3DStateSaver): Helper to restore
        the state of the user's GraphicsContext3D while we're intercepting calls.
        (WebCore::VideoTextureCopierCV::GC3DStateSaver::~GC3DStateSaver):
        * platform/graphics/cv/VideoTextureCopierCV.h:

        * platform/graphics/GraphicsContext3D.h: Add two new entry points, for direct shader
        compilation and attribute access. This avoids going through ANGLE.
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::compileShader):
        (WebCore::GraphicsContext3D::compileShaderDirect):
        (WebCore::GraphicsContext3D::getAttribLocationDirect):

2017-09-12  Manuel Rego Casasnovas  <rego@igalia.com>

        [css-grid] Stretching auto tracks should be done as part of the track sizing algorithm
        https://bugs.webkit.org/show_bug.cgi?id=176783

        Reviewed by Sergio Villar Senin.

        CSS WG has agreed to modify the track sizing algorithm to include
        a new step: https://drafts.csswg.org/css-grid/#algo-stretch
        We used to do the stretch of the "auto" tracks at the end of
        the track sizing algorithm, however this change integrates it
        into the algorithm itself as the last step.
        See: https://github.com/w3c/csswg-drafts/issues/1150

        The patch moves the method
        RenderGrid::applyStretchAlignmentToTracksIfNeeded() to
        GridTrackSizingAlgorithm::stretchAutoTracks().
        And then modifies the grid track sizing algorithm to execute
        the new step.

        This patch uses the WPT test updated to check the new behavior.

        * rendering/GridTrackSizingAlgorithm.cpp:
        (WebCore::GridTrackSizingAlgorithm::initializeTrackSizes): Initialize
        the list of auto tracks.
        (WebCore::GridTrackSizingAlgorithm::stretchFlexibleTracks): Add
        early return if there are not flexible tracks.
        (WebCore::GridTrackSizingAlgorithm::stretchAutoTracks): Code moved from
        RenderGrid::applyStretchAlignmentToTracksIfNeeded().
        (WebCore::GridTrackSizingAlgorithm::setup): Reset list of auto tracks.
        (WebCore::GridTrackSizingAlgorithm::run): Add new step
        stretchAutoTracks().
        (WebCore::GridTrackSizingAlgorithm::reset): Reset auto tracks.
        * rendering/GridTrackSizingAlgorithm.h: Add m_autoSizedTracksIndex.
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::layoutBlock): Avoid applying stretch here.
        (WebCore::RenderGrid::contentAlignmentNormalBehaviorGrid): Make public.
        (WebCore::RenderGrid::applyStretchAlignmentToTracksIfNeeded): Moved to
        GridTrackSizingAlgorithm::stretchAutoTracks().
        * rendering/RenderGrid.h:

2017-09-12  Eric Carlson  <eric.carlson@apple.com>

        Switch MediaPlayerPrivateAVFoundation to release logging
        https://bugs.webkit.org/show_bug.cgi?id=176621
        <rdar://problem/34335311>

        Reviewed by Jer Noble.

        * html/HTMLMediaElement.h:
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::nullLogger):
        (WebCore::MediaPlayer::mediaPlayerLogger):
        * platform/graphics/MediaPlayer.h:
        (WebCore::MediaPlayerClient::mediaPlayerLogIdentifier):
        (WebCore::MediaPlayerClient::mediaPlayerLogger):
        (WebCore::MediaPlayer::mediaPlayerLogIdentifier):
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::MediaPlayerPrivateAVFoundation):
        (WebCore::MediaPlayerPrivateAVFoundation::~MediaPlayerPrivateAVFoundation):
        (WebCore::MediaPlayerPrivateAVFoundation::setUpVideoRendering):
        (WebCore::MediaPlayerPrivateAVFoundation::tearDownVideoRendering):
        (WebCore::MediaPlayerPrivateAVFoundation::load):
        (WebCore::MediaPlayerPrivateAVFoundation::playabilityKnown):
        (WebCore::MediaPlayerPrivateAVFoundation::prepareToPlay):
        (WebCore::MediaPlayerPrivateAVFoundation::play):
        (WebCore::MediaPlayerPrivateAVFoundation::pause):
        (WebCore::MediaPlayerPrivateAVFoundation::durationMediaTime const):
        (WebCore::MediaPlayerPrivateAVFoundation::seekWithTolerance):
        (WebCore::MediaPlayerPrivateAVFoundation::setNaturalSize):
        (WebCore::MediaPlayerPrivateAVFoundation::maxMediaTimeSeekable const):
        (WebCore::MediaPlayerPrivateAVFoundation::minMediaTimeSeekable const):
        (WebCore::MediaPlayerPrivateAVFoundation::updateStates):
        (WebCore::MediaPlayerPrivateAVFoundation::rateChanged):
        (WebCore::MediaPlayerPrivateAVFoundation::timeChanged):
        (WebCore::MediaPlayerPrivateAVFoundation::seekCompleted):
        (WebCore::MediaPlayerPrivateAVFoundation::invalidateCachedDuration):
        (WebCore::MediaPlayerPrivateAVFoundation::setPreload):
        (WebCore::MediaPlayerPrivateAVFoundation::mainThreadCallback):
        (WebCore::MediaPlayerPrivateAVFoundation::scheduleMainThreadNotification):
        (WebCore::MediaPlayerPrivateAVFoundation::dispatchNotification):
        (WebCore::MediaPlayerPrivateAVFoundation::processNewAndRemovedTextTracks):
        (WebCore::MediaPlayerPrivateAVFoundation::logChannel const):
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
        (WebCore::MediaPlayerPrivateAVFoundation::logClassName const):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCache):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCacheForOrigins):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::cancelLoad):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createImageGenerator):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyImageGenerator):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerItem):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::checkPlayability):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::beginLoadingMetadata):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::platformMedia const):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::platformPlay):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::platformPause):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::platformDuration const):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::seekToTime):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setMuted):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setClosedCaptionsVisible):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::assetStatus const):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::paintWithImageGenerator):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createImageForTimeInRect):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::getSupportedTypes):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::updateAudioTracks):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoTracks):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoOutput):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoOutput):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::updateLastImage):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::paintWithVideoOutput):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createOpenGLVideoOutput):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyOpenGLVideoOutput):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::waitForVideoOutputMediaDataWillChange):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::processMediaSelectionOptions):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::flushCues):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setCurrentTextTrack):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::languageOfPrimaryAudioTrack const):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::isCurrentPlaybackTargetWireless const):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::wirelessPlaybackTargetName const):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::wirelessVideoPlaybackDisabled const):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setWirelessVideoPlaybackDisabled):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setWirelessPlaybackTarget):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setShouldPlayToPlaybackTarget):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setShouldBufferData):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::metadataDidArrive):
        (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]):
        (WebCore::boolString): Deleted.

2017-09-12  Daniel Bates  <dabates@apple.com>

        REGRESSION (r215784): The title of right-to-left pages are empty
        https://bugs.webkit.org/show_bug.cgi?id=176746
        <rdar://problem/34211419>

        Reviewed by Brent Fulgham.

        Left truncate a long right-to-left title.

        Right-to-left text represents the visual ordering of text. Internally WebKit stores
        right-to-left text identically to left-to-right text in memory. So, we can use the
        same string operation to truncate right-to-left text as we do to truncate left-to-right
        text.

        * platform/text/StringWithDirection.h:
        (WebCore::truncateFromEnd):

2017-09-12  Chris Fleizach  <cfleizach@apple.com>

        AX: On generic container elements, WebKit should distinguish between tooltip (e.g. @title) and label (e.g. @aria-label) attributes
        https://bugs.webkit.org/show_bug.cgi?id=170475
        <rdar://problem/31439222>

        Reviewed by Joanmarie Diggs.

        Test: accessibility/title-tag-on-unimportant-elements-is-help-text.html

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::helpText):
        (WebCore::AccessibilityNodeObject::accessibilityDescription):
        (WebCore::AccessibilityNodeObject::roleIgnoresTitle):
        * accessibility/AccessibilityNodeObject.h:

2017-09-12  Brent Fulgham  <bfulgham@apple.com>

        Show punycode to user if a URL mixes Armenian Seh or Vo with other scripts
        https://bugs.webkit.org/show_bug.cgi?id=176578
        <rdar://problem/33906231>

        Reviewed by Alex Christensen.

        Revise our "lookalike character" logic to include the Armenian Vo and Seh
        characters, which can be mistaken for 'n' and 'v' when displayed in
        certain fonts.

        Tested by new API tests.

        * platform/mac/WebCoreNSURLExtras.mm:
        (WebCore::isArmenianLookalikeCharacter): Added utility function.
        (WebCore::isArmenianScriptCharacter): Ditto.
        (WebCore::isLookalikeCharacter): Handle Armenian-lookalike cases.

2017-09-12  Antti Koivisto  <antti@apple.com>

        Remove RenderElement::isCSSAnimating boolean
        https://bugs.webkit.org/show_bug.cgi?id=176779

        Reviewed by Andreas Kling.

        This optimization can be replaced with a simple style test that doesn't require keeping
        two sources of truth in sync.

        * page/animation/CSSAnimationController.cpp:
        (WebCore::CSSAnimationControllerPrivate::ensureCompositeAnimation):
        (WebCore::CSSAnimationControllerPrivate::clear):

            Can't test here as style might have become non-animating and we don't clear animation when that happens.
            This is only called on renderer destruction so it is not an important optimization.

        (WebCore::CSSAnimationControllerPrivate::isRunningAnimationOnRenderer const):
        (WebCore::CSSAnimationControllerPrivate::isRunningAcceleratedAnimationOnRenderer const):
        (WebCore::CSSAnimationControllerPrivate::getAnimatedStyleForRenderer):
        (WebCore::CSSAnimationControllerPrivate::computeExtentOfAnimation const):
        (WebCore::CSSAnimationController::cancelAnimations):
        (WebCore::CSSAnimationController::getAnimatedStyleForRenderer):
        (WebCore::CSSAnimationController::computeExtentOfAnimation const):
        (WebCore::CSSAnimationController::isRunningAnimationOnRenderer const):
        (WebCore::CSSAnimationController::isRunningAcceleratedAnimationOnRenderer const):

            Test if the style has any animations. This is roughly equivalent of the old test.
            (it is actually somewhat better as the boolean was never cleared on style changes)

        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::RenderElement):
        * rendering/RenderElement.h:
        (WebCore::RenderElement::isCSSAnimating const): Deleted.
        (WebCore::RenderElement::setIsCSSAnimating): Deleted.
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::hasAnimationsOrTransitions const):

2017-09-12  Ms2ger  <Ms2ger@igalia.com>

        Disallow passing null data to uniform1uiv() and friends.
        https://bugs.webkit.org/show_bug.cgi?id=176777

        Reviewed by Sam Weinig.

        This matches the specification as well as Gecko and Chromium.

        Test: fast/canvas/webgl/webgl2/bindings.html

        * html/canvas/WebGL2RenderingContext.idl:

2017-09-12  Sam Weinig  <sam@webkit.org>

        [Cleanup] Follow up cleanup for DOMFormData implementation
        https://bugs.webkit.org/show_bug.cgi?id=176740

        Reviewed by Alex Christensen.

        - Merges FormDataList into DOMFormData.
        - Streamline / refactor FormData creation from DOMFormData.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * html/FormDataList.cpp: Removed.
        * html/FormDataList.h: Removed.

            Remove FormDataList.

        * html/DOMFormData.cpp:
        (WebCore::DOMFormData::DOMFormData):
        (WebCore::DOMFormData::createFileEntry):
        (WebCore::DOMFormData::append):
        (WebCore::DOMFormData::set):
        (WebCore::DOMFormData::Iterator::next):
        * html/DOMFormData.h:
        (WebCore::DOMFormData::items const):
        (WebCore::DOMFormData::encoding const):

            Merge FormDataList into DOMFormData. FormDataList's additional
            appendData/appendBlob functions have been removed, and their
            functionality inlined into DOMFormData's append functions. 

            Adopted makeKeyValuePair in DOMFormData::Iterator::next().

        * platform/network/FormData.cpp:
        (WebCore::FormData::create):
        (WebCore::FormData::createMultiPart):
        (WebCore::normalizeStringData):
        (WebCore::FormData::appendMultiPartFileValue):
        (WebCore::FormData::appendMultiPartStringValue):
        (WebCore::FormData::appendMultiPartKeyValuePairItems):
        (WebCore::FormData::appendNonMultiPartKeyValuePairItems):
        (WebCore::FormData::appendKeyValuePairItems): Deleted.
        * platform/network/FormData.h:

            Split-up appendKeyValuePairItems into separate multipart and non-multipart
            functions, as the two edges of the branch didn't share much in common. Further
            split out multipart file and multipart string appending, since they too did not
            share that much in common and makes the code easier to follow. 

            String value normalization has been moved entirely here (previously it was a member 
            function of FormDataList) as FormData is the only user.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::send):
        * loader/FormSubmission.cpp:
        (WebCore::FormSubmission::create):
        * Modules/fetch/FetchBody.cpp:
        (WebCore::FetchBody::extract):
        
            Update for new FormData create functions which don't need the
            encoding passed explicitly, since it is part of the DOMFormData.
        
        * html/BaseButtonInputType.cpp:
        * html/BaseButtonInputType.h:
        * html/BaseCheckableInputType.cpp:
        * html/BaseCheckableInputType.h:
        * html/FileInputType.cpp:
        * html/FileInputType.h:
        * html/FormAssociatedElement.h:
        * html/HTMLButtonElement.cpp:
        * html/HTMLButtonElement.h:
        * html/HTMLFormControlElement.h:
        * html/HTMLInputElement.cpp:
        * html/HTMLInputElement.h:
        * html/HTMLKeygenElement.cpp:
        * html/HTMLKeygenElement.h:
        * html/HTMLMeterElement.cpp:
        * html/HTMLObjectElement.cpp:
        * html/HTMLObjectElement.h:
        * html/HTMLSelectElement.cpp:
        * html/HTMLSelectElement.h:
        * html/HTMLTextAreaElement.cpp:
        * html/HTMLTextAreaElement.h:
        * html/HiddenInputType.cpp:
        * html/HiddenInputType.h:
        * html/ImageInputType.cpp:
        * html/ImageInputType.h:
        * html/InputType.cpp:
        * html/InputType.h:
        * html/SubmitInputType.cpp:
        * html/SubmitInputType.h:
        * html/TextFieldInputType.cpp:
        * html/TextFieldInputType.h:

            Update to use DOMFormData directly, rather than the FormDataList, which 
            has been removed.

        * page/csp/ContentSecurityPolicy.cpp:

            Remove unnecessary #include of unused (and now removed) FormDataList.h

2017-09-12  Zan Dobersek  <zdobersek@igalia.com>

        [EME] Implement CDMInstanceClearKey::requestLicense()
        https://bugs.webkit.org/show_bug.cgi?id=176773

        Reviewed by Xabier Rodriguez-Calvar.

        Implement the requestLicense() method for CDMInstanceClearKey. Per
        the specification, the session ID must be a 32-bit numerical value.
        A session ID value counter is thus kept in a static uint32_ object
        and incremented upon each call of requestLicense(). Init data and
        the session ID value are then embedded in the asynchronous dispatch
        that invokes the callback. That invocation now also passes along the
        init data, the session ID in string format, and Succeeded to now
        indicate the operation was completed successfully.

        No new tests -- expectations for the relevant tests are updated
        to reflect the introduced changes.

        * platform/encryptedmedia/clearkey/CDMClearKey.cpp:
        (WebCore::CDMInstanceClearKey::requestLicense):

2017-09-12  Manuel Rego Casasnovas  <rego@igalia.com>

        [css-grid] Use transferred size over content size for automatic minimum size
        https://bugs.webkit.org/show_bug.cgi?id=176688

        Reviewed by Sergio Villar Senin.

        CSS WG has agreed to modify the spec so now the transferred size is used
        (if it exists) independently if it's bigger or smaller
        than the content size.
        See: https://github.com/w3c/csswg-drafts/issues/1149

        The spec text (https://drafts.csswg.org/css-grid/#min-size-auto):
          "The automatic minimum size for a grid item in a given dimension is
           its specified size if it exists, otherwise its transferred size
           if that exists, else its content size"

        This patch use the WPT tests updated to check the new behavior.

        * rendering/GridTrackSizingAlgorithm.cpp:
        (WebCore::GridTrackSizingAlgorithmStrategy::minSizeForChild const):
        Modified so it always returns the transferred size (if any).

2017-09-12  Fujii Hironori  <Hironori.Fujii@sony.com>

        [Freetype] Doesn't support coloured fonts
        https://bugs.webkit.org/show_bug.cgi?id=156579

        Reviewed by Michael Catanzaro.

        Covered by existing tests. This needs a large rebaseline that will be done in follow up commits.

        * platform/graphics/FontCascade.h: Enable advance text rendering mode by default.
        (WebCore::FontCascade::advancedTextRenderingMode const):
        (WebCore::FontCascade::computeRequiresShaping const):
        * platform/graphics/freetype/SimpleFontDataFreeType.cpp:
        (WebCore::Font::platformInit): Do not get metrics from OS/2 table for non-scalable fonts.
        * platform/graphics/harfbuzz/HarfBuzzFaceCairo.cpp:
        (WebCore::harfBuzzGetGlyph): Use U8_APPEND_UNSAFE() instead of converting to a String and then encoding it with
        UTF8Encoding().

2017-09-12  Frederic Wang  <fwang@igalia.com>

        Remove unnecessary virtual keyword from JS test files
        https://bugs.webkit.org/show_bug.cgi?id=176683

        Reviewed by Simon Fraser.

        JS bindings headers do not comply with the WebKit coding style since they use both the
        "virtual" and "override" keywords. This patch modifies the generator script to only use
        "override" and regenerates the bindings accordingly.

        No new tests, behavior unchanged.

        * bindings/scripts/CodeGeneratorJS.pm:
        * bindings/scripts/test/JS/JSTestCallbackFunction.h:
        * bindings/scripts/test/JS/JSTestCallbackFunctionRethrow.h:
        * bindings/scripts/test/JS/JSTestCallbackFunctionWithThisObject.h:
        * bindings/scripts/test/JS/JSTestCallbackFunctionWithTypedefs.h:
        * bindings/scripts/test/JS/JSTestCallbackInterface.h:
        * bindings/scripts/test/JS/JSTestVoidCallbackFunction.h:

2017-09-11  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Support DataTransfer.setDragImage when starting a drag on iOS
        https://bugs.webkit.org/show_bug.cgi?id=176721
        <rdar://problem/34373660>

        Reviewed by Tim Horton.

        Adds support for setting the drag lift preview frame in the case where DataTransfer.setDragImage is being used
        to override the default drag preview. Currently, the frame of the drag preview we supply in this case is the
        same as the bounds of the source element in root view coordinates, but this means that any custom drag image
        the page supplies will be stretched to fill the frame of the source element. Instead, when handling a DHTML drag,
        position the lift and cancel drag previews relative to the event location, respecting any drag offset specified
        in setDragImage. The size of this preview matches the size of the drag image source (since this is all in root
        view coordinates, this means the drag preview will also enlarge if the user pinches to zoom in). If a
        disconnected image source element was provided, then we just fall back to the image size.

        Additionally, renames DragItem's elementBounds to dragPreviewFrameInRootViewCoordinates to better reflect the
        purpose of this variable. This patch also introduces API test plumbing to grab targeted drag previews from the
        drag interaction delegate (i.e. WKContentView), and uses this in a new API test that checks the frame of the
        resulting UITargetedDragPreview after initiating a drag in various circumstances (see changes in Tools/ for more
        detail).

        Test: DataInteractionTests.DragLiftPreviewDataTransferSetDragImage

        * dom/DataTransfer.cpp:
        (WebCore::DataTransfer::dragImageElement const):
        * dom/DataTransfer.h:
        * page/DragController.cpp:
        (WebCore::dragLocForDHTMLDrag):

        The logic to flip the y offset when computing the drag location is only relevant on Mac, but currently, this is
        guarded by #if PLATFORM(COCOA), which causes the y offset to shift the drag image in the opposite direction on
        iOS. To fix this, simply change the platform define to Mac.

        (WebCore::DragController::doSystemDrag):
        * platform/DragItem.h:
        (WebCore::DragItem::encode const):
        (WebCore::DragItem::decode):

2017-09-11  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS WK2] Support tapping to add items to the current drag session in web content
        https://bugs.webkit.org/show_bug.cgi?id=176421
        <rdar://problem/31144674>

        Reviewed by Tim Horton.

        Refactors some drag initiation logic to handle starting a drag when data has already been written to the
        pasteboard (in the case of iOS, WebItemProviderPasteboard). See annotated comments below for more detail.

        Tests: DataInteractionTests.AdditionalLinkAndImageIntoContentEditable

        * page/DragActions.h:
        * page/DragController.cpp:
        (WebCore::DragController::startDrag):

        Add a HasNonDefaultPasteboardData argument here, and replace checks for !dataTransfer.pasteboard().hasData()
        with checks for whether the argument is HasNonDefaultPasteboardData::No. These checks for Pasteboard::hasData()
        currently prevent us from overwriting custom pasteboard data, in the case that the page has written pasteboard
        data using the event's DataTransfer. However, in the case of adding additional drag items to the session, we
        will already have pasteboard data, so these checks will prevent us from writing default data to the pasteboard.
        See EventHandler::handleDrag for more detail.

        * page/DragController.h:
        * page/DragState.h:

        Remove the draggedContentRange member from DragState. See below.

        * page/EventHandler.cpp:
        (WebCore::removeDraggedContentDocumentMarkersFromAllFramesInPage):

        Simplify the handling of dragged content range markers. Instead of storing the DOM Range being dragged and
        removing/repainting the range after dragging ends, just repaint the contentRenderer of the frame being dragged.
        When the dragging session has completely ended, remove all dragged content ranges from the page's mainframe and
        all of its subframes, and repaint everything.

        (WebCore::EventHandler::dragCancelled):
        (WebCore::EventHandler::didStartDrag):
        (WebCore::EventHandler::dragSourceEndedAt):

        Add a MayExtendDragSession argument, indicating whether or not the web process will attempt to continue the drag
        session, in which case EventHandler::dragSourceEndedAt should not remove any existing dragged content range
        document markers.

        (WebCore::EventHandler::dispatchDragStartEvent):

        Helper method to dispatch a `dragstart` event, return whether or not to proceed with the drag, and also compute
        (as an outparam) whether or not custom pasteboard data was written during the event.

        (WebCore::EventHandler::handleDrag):

        If custom data was written during `dragstart`, pass along HasNonDefaultPasteboardData::Yes when calling
        DragController::startDrag.

        (WebCore::repaintContentsOfRange): Deleted.
        * page/EventHandler.h:
        * page/ios/EventHandlerIOS.mm:
        (WebCore::EventHandler::tryToBeginDataInteractionAtPoint):
        * platform/Pasteboard.h:
        * platform/ios/PasteboardIOS.mm:
        (WebCore::Pasteboard::changeCount const):
        * platform/ios/WebItemProviderPasteboard.mm:
        (-[WebItemProviderPasteboard setItemProviders:]):

        Stop clearing out the staged item provider registration list when setting item providers. After refactoring in
        r221595, staged registration lists are now automatically cleared out when (1) the drag-and-drop interaction
        state is cleared out in the UI process, or (2) when the registration list is taken by WKContentView (see
        -takeRegistrationList) when generating an item provider.

        * platform/mac/PasteboardMac.mm:
        (WebCore::Pasteboard::changeCount const):

        Add a changeCount method to Pasteboard on Cocoa platforms (Mac, iOS) which support changeCount natively. In
        theory, there's no reason Windows, GTK and WPE ports can't also implement a similar mechanism in
        PlatformPasteboard, but this isn't needed for anything yet. Upon dragstart, it is safe to assume that the
        pasteboard has been cleared on these platforms, so checking for Pasteboard::hasData (as we do for all platforms
        currently) is sufficient.

2017-09-11  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r221762.

        This change caused flakiness in a webgl LayoutTest.

        Reverted changeset:

        "[WebGL] accelerated texImage2D for video doesn't respect
        flipY"
        https://bugs.webkit.org/show_bug.cgi?id=176491
        http://trac.webkit.org/changeset/221762

2017-09-11  Per Arne Vollan  <pvollan@apple.com>

        [Win] Add Modules/cache to list of forwarding headers folders.
        https://bugs.webkit.org/show_bug.cgi?id=176737

        Reviewed by Alex Christensen.

        * PlatformWin.cmake:

2017-09-11  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [ATK] aria-autocomplete not exposed on comboboxes
        https://bugs.webkit.org/show_bug.cgi?id=176724

        Reviewed by Chris Fleizach.

        Add a check to AccessibilityObject::supportsARIAAutoComplete() for
        combobox because isARIATextControl() returns false for that role.

        Add new combobox test cases to existing aria-autocomplete.html test.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::supportsARIAAutoComplete const):

2017-09-11  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r221854.

        The test added with this change fails on 32-bit JSC bots.

        Reverted changeset:

        "[DFG] Optimize WeakMap::get by adding intrinsic and fixup"
        https://bugs.webkit.org/show_bug.cgi?id=176010
        http://trac.webkit.org/changeset/221854

2017-09-11  Dean Jackson  <dino@apple.com>

        [WebGL macOS] No need to multisample when blitting into WebGLLayer
        https://bugs.webkit.org/show_bug.cgi?id=176666
        <rdar://problem/27774626>

        Reviewed by Sam Weinig.

        We were seeing performance profiles suggesting WebGL was
        doing 8x MSAA, even though we explicitly set it to only
        use 4 samples in the GLPixelFormatObj used to create
        the WebGL CGLContextObj. However, that same CGLPixelFormatObj
        was also used for the WebGLLayer's CGLContextObj, meaning the
        blit of the WebGL FBO into the WebGLLayer's backing store was
        multisampling as well -- so an extra 4 samples on top of the
        original 4, making it look like we were doing 8x.

        This was obviously unnecessary, since we already have the
        multisampled FBO and just want to copy it, as is, into the layer.

        Now, instead of copying the CGLPixelFormatObj, we create
        a new one and copy most of the attributes, leaving out
        the multisample flags (and the depth buffer, since we're
        only doing 2d blits).

        Covered by existing WebGL tests, since there should be no
        visible change.

        * platform/graphics/cocoa/WebGLLayer.mm:
        (-[WebGLLayer copyCGLPixelFormatForDisplayMask:]): Create a new
        CGLPixelFormatObj that copies most of the values from
        the corresponding object on the WebGL's backing CGLContextObj.

2017-09-11  Zan Dobersek  <zdobersek@igalia.com>

        [EME] ClearKey: implement CDMInstanceClearKey state modifiers, callback dispatches
        https://bugs.webkit.org/show_bug.cgi?id=176687

        Reviewed by Xabier Rodriguez-Calvar.

        Implement the state modification methods on the CDMInstanceClearKey class.
        Initialization method is a no-op, but returns Succeeded. Distinctive
        identifier and persistent state setters return Succeeded if the passed-in
        value is false. setServerCertificate() still returns Failed due to server
        certificates not being supported in this ClearKey implementation.

        The license and session operation methods are also implemented, but for
        now the implementations simply schedule a main thread dispatch that
        invokes the callback with failure-indicating values. This avoids various
        tests timing out, instead preferring that the tests for now fail with an
        exception (in most cases NotSupportedError).

        No new tests -- relevant tests have baselines updated.

&n