d80b7eb162691fc6b5fae4407ec23a06d2e5c205
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2012-05-10  Hajime Morrita  <morrita@google.com>
2
3         WebKit should support tab-size.
4         https://bugs.webkit.org/show_bug.cgi?id=52994
5
6         - Added boilerplate for "tab-size" CSS property.
7         - Added RenderStye::tabSize() as a RareInheritedData.
8         - Replaced TextRun::m_allowTabs into TextRun::m_tabSize.
9
10         Reviewed by Simon Fraser.
11
12         Tests: fast/css/tab-size-expected.html
13                fast/css/tab-size.html
14
15         * css/CSSComputedStyleDeclaration.cpp:
16         (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
17         * css/CSSParser.cpp:
18         (WebCore::CSSParser::parseValue):
19         * css/CSSProperty.cpp:
20         (WebCore::CSSProperty::isInheritedProperty):
21         * css/CSSPropertyNames.in:
22         * css/CSSStyleSelector.cpp:
23         (WebCore::CSSStyleSelector::applyProperty):
24         * html/canvas/CanvasRenderingContext2D.cpp:
25         (WebCore::CanvasRenderingContext2D::drawTextInternal):
26         * platform/chromium/PopupListBox.cpp:
27         (WebCore::PopupListBox::paintRow):
28         * platform/graphics/Font.h:
29         (WebCore::Font::tabWidth):
30         * platform/graphics/TextRun.h:
31         (WebCore::TextRun::TextRun):
32         (WebCore::TextRun::allowTabs):
33         (WebCore::TextRun::tabSize):
34         (WebCore::TextRun::setTabSize):
35         * platform/graphics/WidthIterator.cpp:
36         (WebCore::WidthIterator::advance):
37         * platform/graphics/mac/ComplexTextController.cpp:
38         (WebCore::ComplexTextController::adjustGlyphsAndAdvances):
39         * platform/win/PopupMenuWin.cpp:
40         (WebCore::PopupMenuWin::paint):
41         * rendering/InlineTextBox.cpp:
42         (WebCore::InlineTextBox::constructTextRun):
43         * rendering/RenderBlock.cpp:
44         (WebCore::RenderBlock::constructTextRun):
45         * rendering/RenderBlockLineLayout.cpp:
46         (WebCore::textWidth):
47         (WebCore::tryHyphenating):
48         * rendering/RenderText.cpp:
49         (WebCore::RenderText::widthFromCache):
50         (WebCore::RenderText::computePreferredLogicalWidths):
51         (WebCore::RenderText::width):
52         * rendering/RenderText.h:
53         * rendering/style/RenderStyle.cpp:
54         (WebCore::RenderStyle::diff):
55         * rendering/style/RenderStyle.h:
56         (WebCore::RenderStyleBitfields::tabSize):
57         (WebCore::RenderStyleBitfields::collapsedTabSize):
58         (WebCore::RenderStyleBitfields::setTabSize):
59         (WebCore::RenderStyleBitfields::initialTabSize):
60         * rendering/style/StyleRareInheritedData.cpp:
61         (WebCore::StyleRareInheritedData::StyleRareInheritedData):
62         (WebCore::StyleRareInheritedData::operator==):
63         * rendering/style/StyleRareInheritedData.h:
64         * rendering/svg/SVGInlineTextBox.cpp:
65         (WebCore::SVGInlineTextBox::constructTextRun):
66         * rendering/svg/SVGTextMetrics.cpp:
67         (WebCore::constructTextRun):
68
69 2012-05-10  Antoine Labour  <piman@chromium.org>
70
71         Sync with impl thread when removing references to external textures
72         https://bugs.webkit.org/show_bug.cgi?id=86054
73
74         We want to ensure the client side is safe to release textures, so we
75         sync with the impl thread when:
76         - we change the texture (and we had one)
77         - the layer is removed from the tree (and we had a texture)
78         - the layer is destroyed (and we had a texture)
79
80         Reviewed by James Robinson.
81
82         Test: TextureLayerChromiumTest.
83
84         * platform/graphics/chromium/TextureLayerChromium.cpp:
85         (WebCore::TextureLayerChromium::~TextureLayerChromium):
86         (WebCore::TextureLayerChromium::setTextureId):
87         (WebCore::TextureLayerChromium::setLayerTreeHost):
88         (WebCore):
89         * platform/graphics/chromium/TextureLayerChromium.h:
90         (TextureLayerChromium):
91
92 2012-05-10  Kent Tamura  <tkent@chromium.org>
93
94         [Chromium] attempt to build fix for Chromium-mac.
95         r116697 introduced an override of a system function. It's intentional
96         and WebCoreTextFieldCell should be in the whitelist.
97
98         * WebCore.gyp/WebCore.gyp:
99
100 2012-05-10  Anders Carlsson  <andersca@apple.com>
101
102         PDF files won't scroll in Safari when using Adobe plug-in
103         https://bugs.webkit.org/show_bug.cgi?id=86167
104         <rdar://problem/11389719>
105
106         Reviewed by Sam Weinig.
107
108         * page/scrolling/ScrollingCoordinator.cpp:
109         (WebCore::computeNonFastScrollableRegion):
110         Loop over the frame view children looking for plug-in views that want wheel events
111         and add them to the non-fast scrollable region. Ideally, the plug-ins should be added
112         to the set of scrollable areas, but PluginView in WebKit2 is not a ScrollableArea yet.
113
114         * plugins/PluginViewBase.h:
115         (PluginViewBase):
116         (WebCore::PluginViewBase::wantsWheelEvents):
117
118 2012-05-10  Alexey Proskuryakov  <ap@apple.com>
119
120         Crash in 3rd party WebKit apps that disable cache at a wrong time
121         https://bugs.webkit.org/show_bug.cgi?id=86027
122         <rdar://problem/10615880>
123
124         Reviewed by Antti Koivisto.
125
126         Added an API test.
127
128         The fix is to use CachedResourceHandle throughout MemoryCache, which will certainly
129         keep the resource alive. Also removed earlier fixes.
130
131         * css/CSSImageSetValue.cpp: (WebCore::CSSImageSetValue::cachedImageSet):
132         * css/CSSImageValue.cpp: (WebCore::CSSImageValue::cachedImage):
133         * css/WebKitCSSShaderValue.cpp: (WebCore::WebKitCSSShaderValue::cachedShader):
134         * history/PageCache.cpp: (WebCore::PageCache::releaseAutoreleasedPagesNow):
135         * loader/ImageLoader.cpp: (WebCore::ImageLoader::updateFromElement):
136         * loader/TextTrackLoader.cpp: (WebCore::TextTrackLoader::load):
137         * loader/cache/CachedResourceLoader.cpp:
138         (WebCore::CachedResourceLoader::requestImage):
139         (WebCore::CachedResourceLoader::requestFont):
140         (WebCore::CachedResourceLoader::requestTextTrack):
141         (WebCore::CachedResourceLoader::requestShader):
142         (WebCore::CachedResourceLoader::requestCSSStyleSheet):
143         (WebCore::CachedResourceLoader::requestUserCSSStyleSheet):
144         (WebCore::CachedResourceLoader::requestScript):
145         (WebCore::CachedResourceLoader::requestXSLStyleSheet):
146         (WebCore::CachedResourceLoader::requestSVGDocument):
147         (WebCore::CachedResourceLoader::requestLinkResource):
148         (WebCore::CachedResourceLoader::requestRawResource):
149         (WebCore::CachedResourceLoader::requestResource):
150         (WebCore::CachedResourceLoader::revalidateResource):
151         (WebCore::CachedResourceLoader::loadResource):
152         (WebCore::CachedResourceLoader::requestPreload):
153         * loader/cache/CachedResourceLoader.h: (CachedResourceLoader):
154         * loader/cache/MemoryCache.h: (WebCore::MemoryCache::setPruneEnabled):
155
156         * loader/cache/CachedResourceHandle.h:
157         (WebCore::CachedResourceHandle::CachedResourceHandle):
158         (WebCore::CachedResourceHandle::operator=):
159         Teach CachedResourceHandle how to make CachedResourceHandle<CachedResource> from
160         a handle to subclass.
161
162 2012-05-10  Tien-Ren Chen  <trchen@chromium.org>
163
164         Eliminate duplicated code for culled line box in RenderInline
165         https://bugs.webkit.org/show_bug.cgi?id=85725
166
167         This patch extracts the common part of culledInlineBoundingBox() /
168         culledInlineAbsoluteRects() / culledInlineAbsoluteQuads() to become a
169         template function generateCulledLineBoxRects(). The template function
170         accepts a new parameter, GeneratorContext functor, which will be
171         invoked everytime a new line box rect has been generated. The generated
172         rect will be in local coordinate. The functor will be responsible for
173         appropriate transformation, then appending to vector or union with
174         existing bounding box.
175
176         Reviewed by Eric Seidel.
177
178         No new tests. No change in behavior.
179
180         * rendering/RenderInline.cpp:
181         (WebCore):
182         (WebCore::RenderInline::generateLineBoxRects):
183         (WebCore::RenderInline::generateCulledLineBoxRects):
184         (WebCore::RenderInline::absoluteRects):
185         (WebCore::RenderInline::absoluteQuads):
186         (WebCore::RenderInline::linesBoundingBox):
187         (WebCore::RenderInline::culledInlineVisualOverflowBoundingBox):
188         (WebCore::RenderInline::addFocusRingRects):
189         * rendering/RenderInline.h:
190         (RenderInline):
191
192 2012-05-10  Abhishek Arya  <inferno@chromium.org>
193
194         Crash in swapInNodePreservingAttributesAndChildren.
195         https://bugs.webkit.org/show_bug.cgi?id=85197
196  
197         Reviewed by Ryosuke Niwa.
198  
199         Keep the children in a ref vector before adding them to newNode.
200         They can get destroyed due to mutation events.
201
202         No new tests because we don't have a reduction.
203
204         * editing/ReplaceNodeWithSpanCommand.cpp:
205         (WebCore::swapInNodePreservingAttributesAndChildren):
206
207 2012-05-10  Shinya Kawanaka  <shinyak@chromium.org>
208
209         [Refactoring] Move Selection from DOMWindow to TreeScope.
210         https://bugs.webkit.org/show_bug.cgi?id=82699
211
212         Reviewed by Ryosuke Niwa.
213
214         Since ShadowRoot will also manage its own version of DOMSelection, we would like to
215         share the code among Document and DOMSelection. This patch moves DOMSelection from DOMWindow to TreeScope
216         so that ShadowRoot can also use it.
217
218         No new tests, should covered by existing tests.
219
220         * dom/Document.cpp:
221         (WebCore::Document::updateFocusAppearanceTimerFired):
222         * dom/Document.h:
223         (Document):
224         * dom/ShadowRoot.cpp:
225         (WebCore::ShadowRoot::selection):
226         * do/mTreeScope.cpp:
227         (WebCore::TreeScope::~TreeScope):
228         (WebCore::TreeScope::getSelection):
229         (WebCore):
230         * dom/TreeScope.h:
231         (WebCore):
232         (TreeScope):
233         * page/DOMSelection.cpp:
234         (WebCore::DOMSelection::DOMSelection):
235         (WebCore::DOMSelection::clearTreeScope):
236         (WebCore):
237         * page/DOMSelection.h:
238         (WebCore):
239         (WebCore::DOMSelection::create):
240         (DOMSelection):
241         (WebCore::DOMSelection::frame):
242         * page/DOMWindow.cpp:
243         (WebCore::DOMWindow::~DOMWindow):
244         (WebCore::DOMWindow::clearDOMWindowProperties):
245         (WebCore::DOMWindow::getSelection):
246         * page/DOMWindow.h:
247         (DOMWindow):
248
249 2012-05-10  Kent Tamura  <tkent@chromium.org>
250
251         Unreviewed, rolling out r116594.
252         http://trac.webkit.org/changeset/116594
253         https://bugs.webkit.org/show_bug.cgi?id=86013
254
255         r116594 might have made some composition tests flaky.
256
257         * platform/graphics/chromium/LayerChromium.cpp:
258         (WebCore::LayerChromium::addAnimation):
259         * platform/graphics/chromium/cc/CCLayerAnimationController.cpp:
260         (WebCore::CCLayerAnimationController::pushNewAnimationsToImplThread):
261         * platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
262         (WebCore::CCLayerTreeHost::finishCommitOnImplThread):
263         (WebCore::CCLayerTreeHost::didBecomeInvisibleOnImplThread):
264         * platform/graphics/chromium/cc/CCLayerTreeHost.h:
265         (CCLayerTreeHost):
266         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
267         (WebCore::CCLayerTreeHostImpl::CCLayerTreeHostImpl):
268         * platform/graphics/chromium/cc/CCProxy.h:
269         (CCProxy):
270         * platform/graphics/chromium/cc/CCSingleThreadProxy.cpp:
271         (WebCore::CCSingleThreadProxy::CCSingleThreadProxy):
272         (WebCore::CCSingleThreadProxy::doComposite):
273         * platform/graphics/chromium/cc/CCSingleThreadProxy.h:
274         (WebCore):
275         * platform/graphics/chromium/cc/CCThreadProxy.h:
276         (CCThreadProxy):
277
278 2012-05-10  Michael Nordman  <michaeln@google.com>
279
280         [chromium] DomStorage events handling needs TLC (2)
281         https://bugs.webkit.org/show_bug.cgi?id=85221
282         Alter the StorageArea virtual interface such that the mutators no longer
283         return old values. This is to allow implementations of the interface to operate
284         more asynchronously.
285
286         Reviewed by Adam Barth.
287
288         No new tests. Existing tests cover this.
289
290         * storage/StorageArea.h: Alter the interface so the mutators no longer return previous values
291         * storage/StorageAreaImpl.cpp:
292         (WebCore::StorageAreaImpl::disabledByPrivateBrowsingInFrame):  removed an unneeded PLATFORM(CHROMIUM) guard
293         (WebCore::StorageAreaImpl::setItem): no longer return the old value
294         (WebCore::StorageAreaImpl::removeItem): no longer return the old value
295         (WebCore::StorageAreaImpl::clear): no longer return whether something was cleared
296         * storage/StorageAreaImpl.h: match StorageArea's virtual interface
297
298 2012-05-10  Beth Dakin  <bdakin@apple.com>
299
300         https://bugs.webkit.org/show_bug.cgi?id=86158
301         Overlay scrollbars without layers never paint in overflow regions in 
302         tiled drawing mode
303         -and corresponding-
304         <rdar://problem/11289546>
305
306         Reviewed by Darin Adler.
307
308         RenderLayers paint scrollbars that do not have their own layers by 
309         running a second pass through the layer tree after the layer tree has 
310         painted. This ensures that the scrollbars always paint on top of 
311         content. However, this mechanism was relying on 
312         FrameView::paintContents() as a choke-point for all painting to 
313         trigger the second painting pass. That is not a reasonable choke-point 
314         in tiled drawing, so this patch adds similar code to 
315         RenderLayerBacking.
316
317         Only opt into the second painting pass for scrollbars that do not have 
318         their own layers.
319         * rendering/RenderLayer.cpp:
320         (WebCore::RenderLayer::paintOverflowControls):
321         
322         A layer that paints into its backing cannot return early here if it 
323         has overlay scrollbars to paint.
324         (WebCore::RenderLayer::paintLayer):
325         
326         This replicates code in FrameView::paintContents(). After painting the 
327         owning layer, do a second pass if there are overlay scrollbars to 
328         paint.
329         * rendering/RenderLayerBacking.cpp:
330         (WebCore::RenderLayerBacking::paintIntoLayer):
331
332 2012-05-10  Anders Carlsson  <andersca@apple.com>
333
334         Well, at least fixing the GTK+ build is something!
335
336         * platform/gtk/LocalizedStringsGtk.cpp:
337         (WebCore::insecurePluginVersionText):
338         (WebCore):
339
340 2012-05-10  Anders Carlsson  <andersca@apple.com>
341
342         Add insecurePluginVersionText stubs.
343
344         * platform/blackberry/LocalizedStringsBlackBerry.cpp:
345         (WebCore::insecurePluginVersionText):
346         (WebCore):
347         * platform/efl/LocalizedStringsEfl.cpp:
348         (WebCore::insecurePluginVersionText):
349         (WebCore):
350         * platform/qt/LocalizedStringsQt.cpp:
351         (WebCore::insecurePluginVersionText):
352         (WebCore):
353
354 2012-05-10  Sheriff Bot  <webkit.review.bot@gmail.com>
355
356         Unreviewed, rolling out r116677.
357         http://trac.webkit.org/changeset/116677
358         https://bugs.webkit.org/show_bug.cgi?id=86159
359
360         This patch causes linker error to some mac bots (Requested by
361         jianli_ on #webkit).
362
363         * WebCore.exp.in:
364         * dom/ContainerNode.h:
365         * dom/Node.cpp:
366         (WebCore::Node::traverseNextNode):
367         (WebCore::Node::traverseNextSibling):
368         * dom/Node.h:
369         (Node):
370
371 2012-05-10  Abhishek Arya  <inferno@chromium.org>
372
373         Crash in FontCache::releaseFontData due to infinite float size.
374         https://bugs.webkit.org/show_bug.cgi?id=86110
375
376         Reviewed by Andreas Kling.
377
378         New callers always forget to clamp the font size, which overflows
379         to infinity on multiplication. It is best to clamp it at the end
380         to avoid getting greater than std::numeric_limits<float>::max().
381
382         Test: fast/css/large-font-size-crash.html
383
384         * platform/graphics/FontDescription.h:
385         (WebCore::FontDescription::setComputedSize):
386         (WebCore::FontDescription::setSpecifiedSize):
387
388 2012-05-10  Beth Dakin  <bdakin@apple.com>
389
390         https://bugs.webkit.org/show_bug.cgi?id=82131
391         [Mac] REGRESSION (r110480): Text field that specifies background-color 
392         (or is auto-filled) gets un-themed border
393         -and corresponding-
394         <rdar://problem/11115221>
395
396         Reviewed by Maciej Stachowiak.
397
398         This change rolls out r110480 which is what caused styled text fields 
399         to get the un-themed border, and it does a bunch of work to make sure 
400         we get the pretty, new version of the NSTextField art whenever 
401         possible. We do this differently for post-Lion OS's since there is now 
402         a way to opt into it all the time. Lion and SnowLeopard can only use 
403         the new art in HiDPI mode when the background color of the text field 
404         is just white.
405
406         RenderThemeMac::textField() takes a boolean paramter used to determine 
407         if the new gradient will be used.
408         * rendering/RenderThemeMac.h:
409         (RenderThemeMac):
410         
411         This is the post-Lion workaround. This code has no effect on Lion and 
412         SnowLeopard. This allows up to opt into a version of [NSTextField drawWithFrame:] that will only draw the frame of the text field; without this, it will draw the frame and the background, which creates a number of problems with styled text fields and text fields in HiDPI. There is a less comprehesive workaround for Lion and SnowLeopard in place in RenderThemeMac::textField().
413         * rendering/RenderThemeMac.mm:
414         (-[WebCoreTextFieldCell _coreUIDrawOptionsWithFrame:inView:includeFocus:]):
415         
416         This is the roll-out of r110480.
417         (WebCore::RenderThemeMac::isControlStyled):
418         
419         See the comments for a full explanation, but this is mostly code for 
420         Lion and SnowLeopard to determine if we can opt into the new artwork.
421         (WebCore::RenderThemeMac::paintTextField):
422         (WebCore::RenderThemeMac::textField):
423
424 2012-05-10  Anders Carlsson  <andersca@apple.com>
425
426         WebKit1: Add a way to blacklist specific plug-ins/plug-in versions
427         https://bugs.webkit.org/show_bug.cgi?id=86150
428         <rdar://problem/9551196>
429
430         Reviewed by Sam Weinig.
431
432         * English.lproj/Localizable.strings:
433         Update.
434
435         * loader/SubframeLoader.cpp:
436         (WebCore::SubframeLoader::loadPlugin):
437         It is possible that the client has already set the unavailability reason so don't try to set it twice.
438
439         * platform/LocalizedStrings.cpp:
440         (WebCore::insecurePluginVersionText):
441         * platform/LocalizedStrings.h:
442         Add insecure plug-in version text.
443
444         * rendering/RenderEmbeddedObject.cpp:
445         (WebCore::RenderEmbeddedObject::unavailablePluginReplacementText):
446         * rendering/RenderEmbeddedObject.h:
447         Add InsecurePluginVersion unavailability reason.
448
449 2012-05-10  Eric Seidel  <eric@webkit.org>
450
451         Make IFRAME_SEAMLESS child documents inherit styles from their parent iframe element
452         https://bugs.webkit.org/show_bug.cgi?id=85940
453
454         Reviewed by Ojan Vafai.
455
456         The HTML5 <iframe seamless> spec says:
457         In a CSS-supporting user agent: the user agent must, for the purpose of CSS property
458         inheritance only, treat the root element of the active document of the iframe
459         element's nested browsing context as being a child of the iframe element.
460         (Thus inherited properties on the root element of the document in the
461         iframe will inherit the computed values of those properties on the iframe
462         element instead of taking their initial values.)
463
464         Initially I implemented this support to the letter of the spec. However, doing so I learned
465         that WebKit has a RenderStyle for the Document Node, not just the root element of the document.
466         In this RenderStyle on the Document, we add a bunch of per-document styles from settings
467         including designMode.
468
469         This change makes StyleResolver::styleForDocument inherit style from the parent iframe's
470         style, before applying any of these per-document styles.  This may or may not be correct
471         depending on what behavior we want for rtl-ordering, page-zoom, locale, design mode, etc.
472         For now, we continue to treat the iframe's document as independent in these regards, and
473         the settings on that document override those inherited from the iframe.
474
475         Also, intially when making this work, I added redirects in recalcStyle and scheduleStyleRecalc
476         from the child document to the parent document in the case of seamless (since the parent
477         document effectively manages the style resolve and layout of the child in seamless mode).
478         However, I was not able to find a test which depended on this code change, so in this final patch
479         I have removed both of these modifications and replaced them with FIXMEs.  Based on discussions
480         with Ojan and James Robinson, I believe both of those changes may eventually be wanted.
481
482         This change basically does 3 things:
483         1.  Makes StyleResolver::styleForDocument inherit from the parent iframe.
484         2.  Makes any recalcStyle calls on the iframe propogate down into the child document (HTMLIFrameElement::didRecalcStyle).
485         3.  Makes Document::recalcStyle aware of the fact that the Document's style *can* change
486             for reasons other than recalcStyle(Force).
487
488         I'm open to more testing suggestions, if reviewers have settings on the Document's style
489         that you want to make sure we inherit from the parent iframe, or don't inherit, etc.
490         I view this as a complete solution to this aspect of the current <iframe seamless> spec,
491         but likely not the last code we will write for this aspect of the seamless feature. :)
492
493         Tested by fast/frames/seamlesss/seamless-css-cascade.html and seamless-designMode.html
494
495         * css/StyleResolver.cpp:
496         (WebCore::StyleResolver::collectMatchingRulesForList):
497         * dom/Document.cpp:
498         (WebCore::Document::scheduleStyleRecalc):
499         (WebCore::Document::recalcStyle):
500         * html/HTMLIFrameElement.cpp:
501         (WebCore::HTMLIFrameElement::HTMLIFrameElement):
502         (WebCore::HTMLIFrameElement::didRecalcStyle):
503         (WebCore):
504         * html/HTMLIFrameElement.h:
505         (HTMLIFrameElement):
506
507 2012-05-10  Julien Chaffraix  <jchaffraix@webkit.org>
508
509         Crash in computedCSSPadding* functions due to RenderImage::imageDimensionsChanged called during attachment
510         https://bugs.webkit.org/show_bug.cgi?id=85912
511
512         Reviewed by Eric Seidel.
513
514         Tests: fast/images/link-body-content-imageDimensionChanged-crash.html
515                fast/images/script-counter-imageDimensionChanged-crash.html
516
517         The bug comes from CSS generated images that could end up calling imageDimensionsChanged during attachment. As the
518         rest of the code (e.g. computedCSSPadding*) would assumes that we are already inserted in the tree, we would crash.
519
520         The solution is to bail out in this case as newly inserted RenderObject will trigger layout later on and properly
521         handle what we would be doing as part of imageDimensionChanged (the only exception being updating our intrinsic
522         size which should be done as part of imageDimensionsChanged).
523
524         * rendering/RenderImage.cpp:
525         (WebCore::RenderImage::imageDimensionsChanged):
526
527 2012-05-10  Adam Barth  <abarth@webkit.org>
528
529         ASSERT in BidiResolver<Iterator, Run>::commitExplicitEmbedding makes running debug builds annoying
530         https://bugs.webkit.org/show_bug.cgi?id=86140
531
532         Reviewed by Eric Seidel.
533
534         The correct fix here is to resolve
535         https://bugs.webkit.org/show_bug.cgi?id=76574, but in the mean time,
536         this ASSERT is annoying.
537
538         * platform/text/BidiResolver.h:
539         (WebCore::::commitExplicitEmbedding):
540
541 2012-05-10  Mark Pilgrim  <pilgrim@chromium.org>
542
543         [Chromium] Call addTraceEvent and getTraceCategoryEnabledFlag directly
544         https://bugs.webkit.org/show_bug.cgi?id=85399
545
546         Reviewed by Adam Barth.
547
548         Part of a refactoring series. See tracking bug 82948.
549
550         * CMakeLists.txt:
551         * GNUmakefile.list.am:
552         * Target.pri:
553         * WebCore.gypi:
554         * WebCore.vcproj/WebCore.vcproj:
555         * WebCore.xcodeproj/project.pbxproj:
556         * platform/EventTracer.cpp: Added.
557         (WebCore):
558         (WebCore::EventTracer::getTraceCategoryEnabledFlag):
559         (WebCore::EventTracer::addTraceEvent):
560         * platform/EventTracer.h: Added.
561         (WebCore):
562         (EventTracer):
563         * platform/chromium/EventTracerChromium.cpp: Added.
564         (WebCore):
565         (WebCore::EventTracer::getTraceCategoryEnabledFlag):
566         (WebCore::EventTracer::addTraceEvent):
567         * platform/chromium/PlatformSupport.h:
568         * platform/chromium/TraceEvent.h:
569
570 2012-05-10  Adam Barth  <abarth@webkit.org>
571
572         ScrollView::fixedVisibleContentRect should be public
573         https://bugs.webkit.org/show_bug.cgi?id=86147
574
575         Reviewed by Eric Seidel.
576
577         Some code in the WebKit layer of OS(ANDROID) uses this function. That
578         could will be upstreamed in a later patch. For now, this patch just
579         makes this function public so that we remove the diff to this file.
580
581         * platform/ScrollView.h:
582         (WebCore::ScrollView::fixedVisibleContentRect):
583         (WebCore::ScrollView::delegatesScrollingDidChange):
584
585 2012-05-10  Anders Carlsson  <andersca@apple.com>
586
587         Rename the missing plug-in indicator to the unavailable plug-in indicator
588         https://bugs.webkit.org/show_bug.cgi?id=86136
589
590         Reviewed by Sam Weinig.
591
592         Since the indicator is shown for more than just missing plug-ins, generalize it and use a plug-in unavailability
593         reason enum to make it easier to extend. Also, pass the unavailability reason to the ChromeClient member functions.
594
595         * WebCore.exp.in:
596         * html/HTMLEmbedElement.cpp:
597         (WebCore::HTMLEmbedElement::updateWidget):
598         * html/HTMLObjectElement.cpp:
599         (WebCore::HTMLObjectElement::updateWidget):
600         * html/HTMLPlugInElement.cpp:
601         (WebCore::HTMLPlugInElement::defaultEventHandler):
602         * html/HTMLPlugInImageElement.cpp:
603         (WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary):
604         * loader/SubframeLoader.cpp:
605         (WebCore::SubframeLoader::loadPlugin):
606         * page/ChromeClient.h:
607         (WebCore::ChromeClient::shouldUnavailablePluginMessageBeButton):
608         (WebCore::ChromeClient::unavailablePluginButtonClicked):
609         * page/FrameView.cpp:
610         (WebCore::FrameView::updateWidget):
611         * rendering/RenderEmbeddedObject.cpp:
612         (WebCore::RenderEmbeddedObject::RenderEmbeddedObject):
613         (WebCore::RenderEmbeddedObject::setPluginUnavailabilityReason):
614         (WebCore::RenderEmbeddedObject::showsUnavailablePluginIndicator):
615         (WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsPressed):
616         (WebCore::RenderEmbeddedObject::paint):
617         (WebCore::RenderEmbeddedObject::paintReplaced):
618         (WebCore::RenderEmbeddedObject::getReplacementTextGeometry):
619         (WebCore::RenderEmbeddedObject::unavailablePluginReplacementText):
620         (WebCore):
621         (WebCore::RenderEmbeddedObject::isInUnavailablePluginIndicator):
622         (WebCore::shouldUnavailablePluginMessageBeButton):
623         (WebCore::RenderEmbeddedObject::handleUnavailablePluginIndicatorEvent):
624         (WebCore::RenderEmbeddedObject::getCursor):
625         * rendering/RenderEmbeddedObject.h:
626         (RenderEmbeddedObject):
627
628 2012-05-10  Brady Eidson  <beidson@apple.com>
629
630         <rdar://problem/10972577> and https://bugs.webkit.org/show_bug.cgi?id=80170
631         Contents of noscript elements turned into strings in WebArchives
632
633         Reviewed by Andy Estes.
634
635         There's a much deeper question about how innerHTML of <noscript> is expected to work in 
636         both a scripting and non-scripting environment that we should pursue separately.
637
638         But for webarchives, we can solve this by filtering out the <noscript> elements completely 
639         if scripting is enabled.
640
641         Test: webarchive/ignore-noscript-if-scripting-enabled.html
642
643         * WebCore.exp.in:
644
645         Add arguments to createMarkup and MarkupAccumulator methods to pass a Vector of QualifiedNames
646         that should be filtered from the resulting markup:
647         * editing/MarkupAccumulator.cpp:
648         (WebCore::MarkupAccumulator::serializeNodes):
649         (WebCore::MarkupAccumulator::serializeNodesWithNamespaces):
650         * editing/MarkupAccumulator.h:
651         * editing/markup.cpp:
652         (WebCore::createMarkup):
653         * editing/markup.h:
654
655         If scripting is enabled, add the noscriptTag to the tag names to filter:
656         * loader/archive/cf/LegacyWebArchive.cpp:
657         (WebCore::LegacyWebArchive::create):
658
659 2012-05-10  Abhishek Arya  <inferno@chromium.org>
660
661         Crash due to floats not removed from first-letter element.
662         https://bugs.webkit.org/show_bug.cgi?id=86019
663
664         Reviewed by Julien Chaffraix.
665
666         Move clearing logic of a floating/positioned object from removeChild
667         to removeChildNode. There are lot of places which use removeChildNode
668         directly and hence the object is not removed from the floating or
669         positioned objects list.
670
671         Test: fast/block/float/float-not-removed-from-first-letter.html
672
673         * rendering/RenderObject.cpp:
674         (WebCore::RenderObject::removeChild):
675         * rendering/RenderObjectChildList.cpp:
676         (WebCore::RenderObjectChildList::removeChildNode):
677
678 2012-05-10  Andreas Kling  <kling@webkit.org>
679
680         Remove empty ElementAttributeData destructor.
681         <http://webkit.org/b/86126>
682
683         Reviewed by Antti Koivisto.
684
685         * dom/ElementAttributeData.cpp:
686         * dom/ElementAttributeData.h:
687
688 2012-05-10  Yury Semikhatsky  <yurys@chromium.org>
689
690         Web Inspector: heap snapshot comparison view is broken
691         https://bugs.webkit.org/show_bug.cgi?id=86102
692
693         Reviewed by Pavel Feldman.
694
695         Pass HeapSnapshotProxy instead of undefined to the profile load callback. Added
696         compiler annotations to avoid such errors in the future.
697
698         * inspector/front-end/HeapSnapshotView.js:
699
700 2012-05-10  Zan Dobersek  <zandobersek@gmail.com>
701
702         [GTK] ENABLE_IFRAME_SEAMLESS support
703         https://bugs.webkit.org/show_bug.cgi?id=85843
704
705         Reviewed by Eric Seidel.
706
707         Export the ENABLE_IFRAME_SEAMLESS feature define when the feature is
708         enabled.
709
710         No new tests - all the related tests should now be passing.
711
712         * GNUmakefile.am:
713
714 2012-05-10  Antti Koivisto  <antti@apple.com>
715
716         Inline Node::traverseNextNode
717         https://bugs.webkit.org/show_bug.cgi?id=85844
718
719         Reviewed by Ryosuke Niwa.
720         
721         Inline traverseNextNode and traverseNextSibling to reduce entry/exit overhead and allow better code generation
722         for many hot loops.
723
724         In this version only the firstChild()/nextSibling() tests are inlined and the ancestor traversal is not.
725         
726         Performance bots will tell if this was worthwhile.
727
728         * dom/ContainerNode.h:
729         (WebCore::Node::traverseNextNode):
730         (WebCore):
731         (WebCore::Node::traverseNextSibling):
732         * dom/Node.cpp:
733         (WebCore::Node::traverseNextAncestorSibling):
734         * dom/Node.h:
735         (Node):
736
737 2012-05-10  Tommy Widenflycht  <tommyw@google.com>
738
739         MediaStream API: Fix MediaHints parsing
740         https://bugs.webkit.org/show_bug.cgi?id=86098
741
742         Reviewed by Adam Barth.
743
744         Not currently testable. Working on a series of patches that will fix that.
745
746         * Modules/mediastream/PeerConnection00.cpp:
747         (WebCore::PeerConnection00::createMediaHints):
748
749 2012-05-10  Tommy Widenflycht  <tommyw@google.com>
750
751         [chromium] MediaStream API: Fix the ExtraData functionality in WebMediaStreamDescriptor
752         https://bugs.webkit.org/show_bug.cgi?id=86087
753
754         Reviewed by Adam Barth.
755
756         Not easy to test but I have added code that excercises this to WebUserMediaClientMock (in DumpRenderTree).
757
758         * platform/chromium/support/WebMediaStreamDescriptor.cpp:
759         (WebKit::WebMediaStreamDescriptor::setExtraData):
760
761 2012-05-10  Pavel Feldman  <pfeldman@chromium.org>
762
763         Web Inspector: search title is shown beside the search field (not under) in the vertical mode.
764         https://bugs.webkit.org/show_bug.cgi?id=86120
765
766         Reviewed by Yury Semikhatsky.
767
768         This change makes search title render as placeholder at all times.
769         It also adjusts the size of the search field when navigation arrows appear.
770
771         * inspector/front-end/SearchController.js:
772         (WebInspector.SearchController):
773         (WebInspector.SearchController.prototype.updateSearchLabel):
774         (WebInspector.SearchController.prototype._updateSearchNavigationButtonState):
775         (WebInspector.SearchController.prototype._createSearchNavigationButton):
776         * inspector/front-end/inspector.css:
777         (#toolbar-search-item):
778         (.with-navigation-buttons #search):
779         (.toolbar-search-navigation-label):
780         (.with-navigation-buttons .toolbar-search-navigation-label):
781         * inspector/front-end/inspector.html:
782
783 2012-05-10  Varun Jain  <varunjain@google.com>
784
785         [chromium] Trigger context menu for long press gesture
786         https://bugs.webkit.org/show_bug.cgi?id=85919
787
788         Reviewed by Adam Barth.
789
790         Test: fast/events/touch/gesture/context-menu-on-long-press.html
791
792         * page/EventHandler.cpp:
793         (WebCore):
794         (WebCore::EventHandler::sendContextMenuEventForGesture):
795         * page/EventHandler.h:
796         (EventHandler):
797
798 2012-05-10  Abhishek Arya  <inferno@chromium.org>
799
800         Crash in ApplyStyleCommand::joinChildTextNodes.
801         https://bugs.webkit.org/show_bug.cgi?id=85939
802
803         Reviewed by Ryosuke Niwa.
804
805         Test: editing/style/apply-style-join-child-text-nodes-crash.html
806
807         * editing/ApplyStyleCommand.cpp:
808         (WebCore::ApplyStyleCommand::applyRelativeFontStyleChange): add conditions
809         to bail out if our start and end position nodes are removed due to 
810         mutation events in joinChildTextNodes.
811         (WebCore::ApplyStyleCommand::applyInlineStyle): this executes after
812         applyRelativeFontStyleChange in ApplyStyleCommand::doApply. So, need
813         to bail out if our start and end position nodes are removed due to
814         mutation events.
815         (WebCore::ApplyStyleCommand::joinChildTextNodes): hold all the children
816         in a ref vector to prevent them from getting destroyed due to mutation events.
817
818 2012-05-10  Erik Arvidsson  <arv@chromium.org>
819
820         Unreviewed, rebaselined run-bindings-tests results.
821
822         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
823         (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
824         (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
825         * bindings/scripts/test/JS/JSTestObj.cpp:
826         (WebCore::jsTestObjPrototypeFunctionAddEventListener):
827         (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
828         * bindings/scripts/test/V8/V8TestException.cpp:
829         (WebCore::V8TestException::wrapSlow):
830         * bindings/scripts/test/V8/V8TestException.h:
831         (WebCore::V8TestException::wrap):
832
833 2012-05-10  Abhishek Arya  <inferno@chromium.org>
834
835         Crash in InsertParagraphSeparatorCommand::doApply.
836         https://bugs.webkit.org/show_bug.cgi?id=84995
837
838         Reviewed by Ryosuke Niwa.
839
840         Test: editing/inserting/insert-paragraph-seperator-crash.html
841
842         * editing/DeleteSelectionCommand.cpp:
843         (WebCore::DeleteSelectionCommand::mergeParagraphs): no need of static cast, since
844         type of enclosingBlock returned is already Element*.
845         * editing/IndentOutdentCommand.cpp:
846         (WebCore::IndentOutdentCommand::tryIndentingAsListItem): no need of static cast, since
847         type of enclosingBlock returned is already Element*.
848         * editing/InsertParagraphSeparatorCommand.cpp:
849         (WebCore::InsertParagraphSeparatorCommand::doApply): RefPtr startBlock to guard against
850         mutation events.
851         * editing/htmlediting.cpp:
852         (WebCore::enclosingBlock): make sure type of enclosingNode is an element before doing
853         the static cast. This was already failing in a couple of layout tests. Also, isBlock
854         check already exists in the function call to enclosingNodeOfType, so don't need it
855         again on enclosingNode's renderer.
856         * editing/htmlediting.h: 
857         (WebCore):
858
859 2012-05-10  Allan Sandfeld Jensen  <allan.jensen@nokia.com>
860
861         TouchAdjustment doesn't correct for scroll-offsets.
862         https://bugs.webkit.org/show_bug.cgi?id=86083
863
864         Reviewed by Kenneth Rohde Christiansen.
865
866         Already tested by: touchadjustment/scroll-delegation
867
868         * page/EventHandler.cpp:
869         (WebCore::EventHandler::bestClickableNodeForTouchPoint):
870         (WebCore::EventHandler::bestZoomableAreaForTouchPoint):
871         * page/TouchAdjustment.cpp:
872         (WebCore::TouchAdjustment::findNodeWithLowestDistanceMetric):
873         * testing/Internals.cpp:
874         (WebCore::Internals::bestZoomableAreaForTouchPoint):
875
876 2012-05-10  Konrad Piascik  <kpiascik@rim.com>
877
878         Fix typo in filename
879         https://bugs.webkit.org/show_bug.cgi?id=86095
880
881         Reviewed by Andreas Kling.
882
883         * UseJSC.cmake:
884
885 2012-05-10  Stephen Chenney  <schenney@chromium.org>
886
887         SVG Filters allow invalid elements as children
888         https://bugs.webkit.org/show_bug.cgi?id=83979
889
890         Reviewed by Nikolas Zimmermann.
891
892         According to the SVG spec, there are numerous restrictions on the
893         content of nodes (that is, their children). Specific to this problem,
894         SVGFilter elements may only contain SVGFilterPrimitive elements, and
895         those may only contain animation related elements. This patch enforces
896         the restriction on filters in the render tree, thus preventing us from
897         having (for instance) content that is inside a filter yet filtered by
898         the filter.
899
900         Manual test: ManualTests/bugzilla-83979.svg
901
902         * svg/SVGFilterElement.cpp:
903         (WebCore::SVGFilterElement::childShouldCreateRenderer): Added to only allow renderers for fe* children
904         (WebCore):
905         * svg/SVGFilterElement.h:
906         (SVGFilterElement):
907         * svg/SVGFilterPrimitiveStandardAttributes.h: Do not allow any children at all for fe* elements.
908         (SVGFilterPrimitiveStandardAttributes):
909
910 2012-05-10  Joe Thomas  <joethomas@motorola.com>
911
912         [CSS3 Backgrounds and Borders] Add background-size to the background shorthand
913         https://bugs.webkit.org/show_bug.cgi?id=27577
914
915         Reviewed by Alexis Menard.
916
917         Added CSSPropertyBackgroundSize to the background shorthand propery. Added the logic for parsing background-size.
918         bakground-size appears after background-position followed by a '/'.
919         The specification related to this change is http://www.w3.org/TR/css3-background/#the-background
920
921         Tests: fast/backgrounds/background-shorthand-with-backgroundSize-style.html
922                fast/backgrounds/size/backgroundSize-in-background-shorthand.html
923
924         * css/CSSComputedStyleDeclaration.cpp:
925         (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
926         (WebCore::CSSComputedStyleDeclaration::getBackgroundShorthandValue):
927         (WebCore):
928         * css/CSSComputedStyleDeclaration.h:
929         (CSSComputedStyleDeclaration):
930         * css/CSSParser.cpp:
931         (WebCore::CSSParser::parseValue):
932         (WebCore::CSSParser::parseFillShorthand):
933         * css/StylePropertySet.cpp:
934         (WebCore::StylePropertySet::getLayeredShorthandValue):
935         * css/StylePropertyShorthand.cpp:
936         (WebCore):
937         (WebCore::backgroundShorthand):
938
939 2012-05-10  MORITA Hajime <morrita@google.com>
940
941         Node::InDetachFlag could be removed.
942         https://bugs.webkit.org/show_bug.cgi?id=85963
943
944         Reviewed by Antti Koivisto.
945
946         Removed Node::inDetach() since it can never true
947         on the only call site setFocusedNode().
948
949         No new test. Covered by existing tests.
950
951         * dom/Document.cpp:
952         (WebCore::Document::setFocusedNode):
953         * dom/Node.cpp:
954         (WebCore::Node::detach):
955         * dom/Node.h:
956         (WebCore):
957         (Node):
958
959 2012-05-10  Keishi Hattori  <keishi@webkit.org>
960
961         Crash in HTMLFormControlElement::m_fieldSetAncestor
962         https://bugs.webkit.org/show_bug.cgi?id=86070
963
964         Reviewed by Kent Tamura.
965
966         No new tests.
967
968         The previous patch r115990 didn't completely resolve the crash (Bug 85453)
969         We don't have a reproducible test case, so we are reverting to the old code for setting m_fieldSetAncestor.
970
971         * html/HTMLFormControlElement.cpp:
972         (WebCore::HTMLFormControlElement::HTMLFormControlElement):
973         (WebCore::HTMLFormControlElement::updateFieldSetAndLegendAncestor):
974         (WebCore::HTMLFormControlElement::insertedInto): Set m_dataListAncestorState to Unknown because ancestor has changed. Call setNeedsWillValidateCheck because style might need to be updated.
975         (WebCore::HTMLFormControlElement::removedFrom):
976         (WebCore::HTMLFormControlElement::disabled):
977         (WebCore::HTMLFormControlElement::recalcWillValidate):
978         (WebCore::HTMLFormControlElement::willValidate):
979         (WebCore::HTMLFormControlElement::setNeedsWillValidateCheck):
980         * html/HTMLFormControlElement.h:
981         (HTMLFormControlElement): Added m_dataListAncestorState.
982
983 2012-05-10  Sam D  <dsam2912@gmail.com>
984
985         Web Inspector: rename InspectorBackendStub.js to InspectorBackendCommands.js
986         https://bugs.webkit.org/show_bug.cgi?id=72306
987
988         Changed name for InspectorBackendStub.js to
989         InspectorBackendCommands.js
990
991         Reviewed by Yury Semikhatsky.
992
993         No new tests required. File name is changed.
994
995         * DerivedSources.pri:
996         * GNUmakefile.am:
997         * Target.pri:
998         * WebCore.gyp/WebCore.gyp:
999         * WebCore.gypi:
1000         * WebCore.vcproj/copyWebCoreResourceFiles.cmd:
1001         * WebCore.xcodeproj/project.pbxproj:
1002         * gyp/copy-inspector-resources.sh:
1003         * inspector/CodeGeneratorInspector.py:
1004         * inspector/front-end/InspectorBackendCommands.qrc: Added.
1005         * inspector/front-end/InspectorBackendStub.qrc: Removed.
1006         * inspector/front-end/inspector.html:
1007
1008 2012-05-10  Alexis Menard  <alexis.menard@openbossa.org>
1009
1010         [Qt] Avoid string conversions to construct a QUrl when using Qt5.
1011         https://bugs.webkit.org/show_bug.cgi?id=86006
1012
1013         Reviewed by Kenneth Rohde Christiansen.
1014
1015         In Qt5, the QUrl constructor can handle the string directly, even in UTF-16 because the
1016         constructor QUrl(QString) has been fixed. Unfortunately we still need to use the old
1017         code path when building with Qt4.
1018
1019         No new tests : it's a performance improvement which should be covered by tests.
1020
1021         * platform/qt/KURLQt.cpp:
1022         (WebCore::KURL::operator QUrl):
1023
1024 2012-05-10  Noel Gordon  <noel.gordon@gmail.com>
1025
1026         [chromium] REGRESSION(r107389) Visible line artifacts on some JPEG images
1027         https://bugs.webkit.org/show_bug.cgi?id=85772
1028
1029         Reviewed by Kent Tamura.
1030
1031         On some JPEG images, vertical and horizontal lines artifacts might appear in image
1032         regions with very high frequency color variation when using DCT_IFAST decodes. Use
1033         DCT_IFAST on small screen devices only (Chromium Android).
1034
1035         No new tests. Covered by existing tests.
1036
1037         * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
1038         (dctMethod): Permit DCT_IFAST decoding for Chromium Android only.
1039
1040 2012-05-10  Kenneth Rohde Christiansen  <kenneth@webkit.org>
1041
1042         [Qt] Implement fit-to-width behaviour
1043         https://bugs.webkit.org/show_bug.cgi?id=86085
1044
1045         Reviewed by Simon Hausmann.
1046
1047         Add a method to get the minimum scale factor that contains the content
1048         without showing any chrome background.
1049
1050         * dom/ViewportArguments.cpp:
1051         (WebCore::computeMinimumScaleFactorForContentContained):
1052         (WebCore):
1053         * dom/ViewportArguments.h:
1054         (WebCore):
1055
1056 2012-05-10  MORITA Hajime  <morrita@google.com>
1057
1058         Remove support for Node::willRemove()
1059         https://bugs.webkit.org/show_bug.cgi?id=55209
1060
1061         Reviewed by Ryosuke Niwa.
1062
1063         This change de-virtualizes Node::willRemove(), gains
1064         5% speedup on Dromaeo dom-modify.
1065
1066         Originally there were 5 willRemove() overrides:
1067         - Element
1068         - HTMLStyleElement
1069         - HTMLSourceElement
1070         - HTMLTrackElement
1071         - HTMLFrameOwnerElement
1072
1073         For first 4 items, this change moves their implementations to
1074         Node::removedFrom() overrides.
1075
1076         Then HTMLFrameOwnerElement is the only class which needs the
1077         notification.  Because it emits the "unload" event, it needs some
1078         notification _before_ its removal. To handle that, this change
1079         introduces ChildFrameDisconnector which collects
1080         corresponding decendant elements and disconnect their content frame.
1081
1082         Even though this approach doesn't kill pre-removal tree traversal
1083         completely, it's a bit more efficient due to the de-virtualization.
1084
1085         No new tests. Covered by existing test.
1086
1087         * dom/ContainerNode.cpp:
1088         (WebCore::willRemoveChild): Replaced willRemove() call with ChildFrameDisconnector.
1089         (WebCore::willRemoveChildren): Ditto.
1090         (WebCore::ContainerNode::disconnectDescendantFrames): Added. Used from FrameLoader to replace Document::willRemove() call.
1091         (WebCore):
1092         * dom/ContainerNode.h:
1093         (ContainerNode):
1094         * dom/ContainerNodeAlgorithms.cpp:
1095         (WebCore::ChildFrameDisconnector::collectDescendant):
1096         (WebCore):
1097         (WebCore::ChildFrameDisconnector::Target::disconnect):
1098         * dom/ContainerNodeAlgorithms.h:
1099         (ChildFrameDisconnector):
1100         (Target):
1101         (WebCore::ChildFrameDisconnector::Target::Target):
1102         (WebCore::ChildFrameDisconnector::Target::isValid):
1103         (WebCore):
1104         (WebCore::ChildFrameDisconnector::ChildFrameDisconnector):
1105         (WebCore::ChildFrameDisconnector::collectDescendant):
1106         (WebCore::ChildFrameDisconnector::disconnect):
1107         * dom/Element.cpp:
1108         (WebCore::Element::removedFrom):
1109         * dom/Element.h:
1110         * dom/ElementShadow.cpp:
1111         * dom/ElementShadow.h:
1112         (ElementShadow):
1113         * dom/Node.cpp:
1114         * dom/Node.h: Added IsFrameOwnerElement flag to de-virtualize IsFrameOwnerElement().
1115         (WebCore::Node::isFrameOwnerElement): De-virtualized.
1116         (Node):
1117         * html/HTMLElement.h:
1118         (HTMLElement):
1119         (WebCore::HTMLElement::HTMLElement):
1120         * html/HTMLFrameOwnerElement.cpp:
1121         (WebCore::HTMLFrameOwnerElement::HTMLFrameOwnerElement):
1122         (WebCore::HTMLFrameOwnerElement::disconnectContentFrame): Extracted from original willRemove().
1123         * html/HTMLFrameOwnerElement.h:
1124         (HTMLFrameOwnerElement):
1125         (WebCore::toFrameOwnerElement):
1126         (WebCore):
1127         * html/HTMLMediaElement.cpp:
1128         (WebCore::HTMLMediaElement::sourceWasRemoved): Renamed from sourceWillBeRemoved(), dealing with the timing change.
1129         * html/HTMLMediaElement.h:
1130         (HTMLMediaElement):
1131         (WebCore::isMediaElement):
1132         (WebCore):
1133         (WebCore::toMediaElement):
1134         * html/HTMLSourceElement.cpp:
1135         (WebCore::HTMLSourceElement::removedFrom): Moved some code from willRemove().
1136         * html/HTMLSourceElement.h:
1137         (HTMLSourceElement):
1138         * html/HTMLStyleElement.cpp:
1139         (WebCore::HTMLStyleElement::removedFrom):
1140         (WebCore):
1141         * html/HTMLStyleElement.h:
1142         (HTMLStyleElement):
1143         * html/HTMLTrackElement.cpp:
1144         (WebCore::HTMLTrackElement::removedFrom): Moved some code from willRemove().
1145         * html/HTMLTrackElement.h:
1146         (HTMLTrackElement):
1147         * loader/FrameLoader.cpp:
1148         (WebCore::FrameLoader::clear):
1149
1150 2012-05-10  Kinuko Yasuda  <kinuko@chromium.org>
1151
1152         Change the return type of Entry.toURL() back to String from KURL
1153         https://bugs.webkit.org/show_bug.cgi?id=85858
1154
1155         Reviewed by Ryosuke Niwa.
1156
1157         I once changed it from String to KURL in r116273 but it turned out that
1158         it involves implicit conversion and may incur extra overhead.
1159         This partly reverts r116273 while keeping some internal functions
1160         returning KURL as it's what we initially create as and is more
1161         convenient to operate on.
1162
1163         No new tests; no functional or visible changes.
1164
1165         * Modules/filesystem/EntryBase.cpp:
1166         (WebCore::EntryBase::toURL):
1167         * Modules/filesystem/EntryBase.h:
1168         (EntryBase):
1169
1170 2012-05-10  Alexander Pavlov  <apavlov@chromium.org>
1171
1172         Web Inspector: Autocomplete for CSS property values in the Styles pane behaving incorrectly
1173         https://bugs.webkit.org/show_bug.cgi?id=85784
1174
1175         Reviewed by Vsevolod Vlasov.
1176
1177         Before executing the number increment/decrement within CSS property value, the current word is checked
1178         for being a valid suggestion for the current property, and if it is, the numeric change is skipped
1179         in favor of the suggested property value switch by a suggest box.
1180
1181         * inspector/front-end/StylesSidebarPane.js:
1182
1183 2012-05-10  Abhishek Arya  <inferno@chromium.org>
1184
1185         Make DOMCharacterDataModified a scoped event (similar to r73690).
1186         https://bugs.webkit.org/show_bug.cgi?id=85920
1187
1188         Reviewed by Ryosuke Niwa.
1189
1190         DOMCharacterDataModified was missing in the list of already scoped
1191         DOM mutation events like DOMSubtreeModified, DOMNodeInserted, etc.
1192         It helps to delay event dispatches until the completion of each call
1193         of EditCommand::doApply. This has been useful in the past and helped to 
1194         prevent unexpected DOM tree mutations while the editing command is executing.
1195
1196         * dom/CharacterData.cpp:
1197         (WebCore::CharacterData::dispatchModifiedEvent):
1198
1199 2012-05-10  Alexandre Elias  <aelias@google.com>
1200
1201         Default to null value for HistoryItem::m_pageScaleFactor
1202         https://bugs.webkit.org/show_bug.cgi?id=84385
1203
1204         Reviewed by Adam Barth.
1205
1206         Previously, HistoryItem::m_pageScaleFactor defaulted to a value
1207         of 1, making it impossible to determine whether this value was never
1208         set, or intentionally set to 1.  This patch introduces a default value
1209         of 0 and makes restoreScrollPositionAndViewState not touch the page
1210         scale factor if this value is still present at time of reload.
1211
1212         This is a no-op change for common navigation scenarios.  The
1213         motivation for this change is the corner case of syncing history items
1214         from a desktop browser to a mobile device.  In that case, we need a
1215         way to specify that the history item does not contain a
1216         pageScaleFactor so that the mobile device does not display the page
1217         overly zoomed in.
1218
1219         No new tests.
1220
1221         * history/HistoryItem.cpp:
1222         (WebCore::HistoryItem::HistoryItem):
1223         * loader/HistoryController.cpp:
1224         (WebCore::HistoryController::restoreScrollPositionAndViewState):
1225
1226 2012-05-10  Csaba Osztrogon√°c  <ossy@webkit.org>
1227
1228         Use suitable viewport values when a Mobile DTD is used.
1229         https://bugs.webkit.org/show_bug.cgi?id=85425
1230
1231         Unreviewed debug buildfix after r116571.
1232
1233         * dom/Document.cpp:
1234         (WebCore::Document::setDocType):
1235
1236 2012-05-10  Yoshifumi Inoue  <yosin@chromium.org>
1237
1238         [Forms] Move step related methods to InputType class from HTMLInputElement class
1239         https://bugs.webkit.org/show_bug.cgi?id=85978
1240
1241         Reviewed by Kent Tamura.
1242
1243         This patch is part of re-factoring of HTMLInputElement.cpp for numeric input type.
1244         In this patch, we move implementation of getAllowedValueStep and stepUp/stepUpFromRenderer
1245         to InputType class because of these are for DateTime/Number/Range.
1246
1247         Following patches will change implementation of getAllowedValueStep to use StepRange and
1248         remove step related methods, defaultStep, stepScaleFactor, and so on.
1249
1250         No new tests. This patch should not change behavior.
1251
1252         * html/HTMLInputElement.cpp:
1253         (WebCore):
1254         (WebCore::HTMLInputElement::getAllowedValueStep):
1255         (WebCore::HTMLInputElement::stepUp):
1256         (WebCore::HTMLInputElement::stepDown):
1257         (WebCore::HTMLInputElement::stepUpFromRenderer):
1258         * html/HTMLInputElement.h:
1259         (HTMLInputElement):
1260         * html/InputType.cpp:
1261         (WebCore::InputType::applyStep):
1262         (WebCore):
1263         (WebCore::InputType::alignValueForStep):
1264         (WebCore::InputType::getAllowedValueStep):
1265         (WebCore::InputType::getAllowedValueStepWithDecimalPlaces):
1266         (WebCore::InputType::stepUp):
1267         (WebCore::InputType::stepUpFromRenderer):
1268         * html/InputType.h:
1269         (InputType):
1270
1271 2012-05-09  Kent Tamura  <tkent@chromium.org>
1272
1273         Calendar Picker: Fix a crash by changing input type.
1274         https://bugs.webkit.org/show_bug.cgi?id=86007
1275
1276         Reviewed by Hajime Morita.
1277
1278         Manual test: forms/calendar-picker-crash-by-type-change.html
1279
1280         * html/shadow/CalendarPickerElement.cpp:
1281         (WebCore::CalendarPickerElement::~CalendarPickerElement):
1282         Added. Make sure the popup is closed.
1283         * html/shadow/CalendarPickerElement.h:
1284         (CalendarPickerElement): Add declaration of the destructor.
1285
1286 2012-05-09  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
1287
1288         Move suspendAnimations to use Internals interface.
1289         https://bugs.webkit.org/show_bug.cgi?id=85986
1290
1291         Reviewed by Ryosuke Niwa.
1292
1293         Add suspendAnimations functions, because it is able to work in the
1294         cross-port way through the Internals interface.
1295
1296         No new tests, since we are improving here the infra-structure for testing
1297         a specific method.
1298
1299         * testing/Internals.cpp:
1300         (WebCore::Internals::suspendAnimations):
1301         (WebCore):
1302         * testing/Internals.h:
1303         (Internals):
1304         * testing/Internals.idl:
1305
1306 2012-05-09  Charlie Reis  <creis@chromium.org>
1307
1308         Add dispatchMessageEventWithOriginCheck to DOMWindow
1309         https://bugs.webkit.org/show_bug.cgi?id=85815
1310
1311         Reviewed by Adam Barth.
1312
1313         Useful for ports that support cross-process postMessage.
1314         No new tests, since covered by existing postMessage tests.
1315
1316         * page/DOMWindow.cpp:
1317         (WebCore::DOMWindow::postMessageTimerFired):
1318         (WebCore):
1319         (WebCore::DOMWindow::dispatchMessageEventWithOriginCheck):
1320         * page/DOMWindow.h:
1321         (WebCore):
1322         (DOMWindow):
1323
1324 2012-05-09  Jason Liu  <jason.liu@torchmobile.com.cn>
1325
1326         [BlackBerry] Cookie parsing issue. If the cookie value provided was (") then the browser creates a session cookie instead.
1327         https://bugs.webkit.org/show_bug.cgi?id=85775
1328
1329         Reviewed by Rob Buis.
1330
1331         Make CookieParser::parseOneCookie handle (cookiename="cookievalue;expires=xxxx) correctly.
1332         This cookie's value is "cookievalue not "cookievalue;expires=xxxx.
1333
1334         Test: http/tests/cookies/single-quoted-value.html
1335
1336         * platform/blackberry/CookieParser.cpp:
1337         (WebCore::CookieParser::parseOneCookie):
1338
1339 2012-05-09  Raymond Liu  <raymond.liu@intel.com>
1340
1341         Add multi-channels support for CopyWithGainFrom in AudioBus
1342         https://bugs.webkit.org/show_bug.cgi?id=80675
1343
1344         Reviewed by Chris Rogers.
1345
1346         * platform/audio/AudioBus.cpp:
1347         (WebCore):
1348         (WebCore::AudioBus::AudioBus):
1349         (WebCore::AudioBus::copyWithGainFrom):
1350         * platform/audio/AudioBus.h:
1351         (AudioBus):
1352
1353 2012-05-09  Jessie Berlin  <jberlin@apple.com>
1354
1355         Crash using the new WKBundleDOMWindowExtensions APIs.
1356         https://bugs.webkit.org/show_bug.cgi?id=85888
1357
1358         Reviewed by Brady Eidson.
1359
1360         WKBundlePageWillDestroyGlobalObjectForDOMWindowExtensionCallback was only being invoked when
1361         the WKPage was destroyed, and then only for the child frames. In addition, the
1362         DOMWindowExtension was holding onto a destroyed DOMWindow and attempting to unregister from
1363         when the WK2 wrapper object was attempting to destroy the DOMWindowExtension.
1364
1365         The underlying issue here was that the DOMWindowProperties were getting disconnectFrame
1366         and willDetachPage called on them at the wrong times.
1367
1368         Rename DOMWindowProperty::disconnectFrame and reconnectFrame to disconnectFrameForPageCache
1369         and reconnectFrameFromPageCache for clarity.
1370
1371         Only invoke DOMWindowProperty::disconnectFrameForPageCache when the frame is going into the
1372         page cache.
1373
1374         In the cases where the DOMWindow is getting destroyed, the frame is being destroyed, or the
1375         DOMWindow is getting cleared because the frame is being navigated, invoke
1376         DOMWindowProperty::willDestroyGlobalObjectInFrame instead of disconnectFrame.
1377
1378         Invoke DOMWindowProperty::willDetachGlobalObjectFromFrame when a document is being detached
1379         because the frame has been detached (e.g. fast/storage/storage-detached-iframe.html) and
1380         won't be immediately destroyed.
1381
1382         Invoke DOMWindowProperty::willDestroyGlobalObjectInCachedFrame when a cached frame is
1383         being destroyed.
1384
1385         New WK2 API Test: DOMWindowExtensionNoCache.
1386
1387         * Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
1388         (WebCore::DOMWindowIndexedDatabase::disconnectFrameForPageCache):
1389         Updated for disconnectFrame rename.
1390         (WebCore::DOMWindowIndexedDatabase::reconnectFrameFromPageCache):
1391         Updated for reconnectFrame rename.
1392         (WebCore::DOMWindowIndexedDatabase::willDestroyGlobalObjectInCachedFrame):
1393         Get rid of the suspended IDBFactory.
1394         (WebCore::DOMWindowIndexedDatabase::willDestroyGlobalObjectInFrame):
1395         Get rid of the IDBFactory.
1396         (WebCore::DOMWindowIndexedDatabase::willDetachGlobalObjectFromFrame):
1397         Ditto.
1398         * Modules/indexeddb/DOMWindowIndexedDatabase.h:
1399
1400         * dom/Document.cpp:
1401         (WebCore::Document::prepareForDestruction):
1402         Tell the DOMWindow before detaching the Document.
1403         * dom/Document.h:
1404
1405         * history/CachedFrame.cpp:
1406         (WebCore::CachedFrame::destroy):
1407         Tell the DOMWindow.
1408
1409         * loader/FrameLoader.cpp:
1410         (WebCore::FrameLoader::clear):
1411         Use Document::prepareForDestruction so that the DOMWindow is told about the main frame
1412         navigation before detaching the Document.
1413
1414         * loader/appcache/DOMApplicationCache.cpp:
1415         (WebCore::DOMApplicationCache::disconnectFrameForPageCache):
1416         Updated for the disconnectFrame rename.
1417         (WebCore::DOMApplicationCache::reconnectFrameFromPageCache):
1418         Updated for the reconnectFrame rename.
1419         (WebCore::DOMApplicationCache::willDestroyGlobalObjectInFrame):
1420         Cover the cases formerly covered by disconnectFrame (which was sometimes being called when
1421         called when the frame was destroyed).
1422         * loader/appcache/DOMApplicationCache.h:
1423
1424         * notifications/DOMWindowNotifications.cpp:
1425         (WebCore::DOMWindowNotifications::disconnectFrameForPageCache):
1426         Updated for the disconnectFrame rename.
1427         (WebCore::DOMWindowNotifications::reconnectFrameFromPageCache):
1428         Updated for the reconnectFrame rename.
1429         (WebCore::DOMWindowNotifications::willDestroyGlobalObjectInCachedFrame):
1430         Get rid of the suspended notification center.
1431         (WebCore::DOMWindowNotifications::willDestroyGlobalObjectInFrame):
1432         Get rid of the notification center.
1433         (WebCore::DOMWindowNotifications::willDetachGlobalObjectFromFrame):
1434         Do not allow use of the notification center by detached frames.
1435         * notifications/DOMWindowNotifications.h:
1436
1437         * page/DOMWindow.cpp:
1438         (WebCore::DOMWindow::clearDOMWindowProperties):
1439         Do not call disconnectDOMWindowProperties. It is now the responsibility of the callers to
1440         tell the DOMWindowProperties the correct cause of being cleared.
1441         (WebCore::DOMWindow::~DOMWindow):
1442         Make sure the DOMWindowProperties still know that the DOMWindow is going away.
1443         (WebCore::DOMWindow::frameDestroyed):
1444         Invoke willDestroyGlobalObjectInFrame on the DOMWindowProperties.
1445         (WebCore::DOMWindow::willDetachPage):
1446         It is no longer necessary to tell the DOMWindowProperties anything here.
1447         (WebCore::DOMWindow::willDestroyCachedFrame):
1448         Tell the DOMWindowProperties.
1449         (WebCore::DOMWindow::willDestroyDocumentInFrame):
1450         Ditto.
1451         (WebCore::DOMWindow::willDetachDocumentFromFrame):
1452         Ditto.
1453         (WebCore::DOMWindow::clear):
1454         Ditto.
1455         (WebCore::DOMWindow::disconnectDOMWindowProperties):
1456         Updated for the disconnectFrame rename.
1457         (WebCore::DOMWindow::reconnectDOMWindowProperties):
1458         Ditto.
1459         * page/DOMWindow.h:
1460
1461         * page/DOMWindowExtension.cpp:
1462         (WebCore::DOMWindowExtension::DOMWindowExtension):
1463         Move the responsibility for tracking the disconnected DOMWindow to DOMWindowProperty, since
1464         DOMWindowProperty will need it to unregister the property when a cached frame is destroyed.
1465         (WebCore::DOMWindowExtension::disconnectFrameForPageCache):
1466         Remove the code to check for disconnectFrame being called twice - it is now only called when
1467         a frame goes into the page cache.
1468         Let the DOMWindowProperty keep track of the disconnected DOMWindow.
1469         (WebCore::DOMWindowExtension::reconnectFrameFromPageCache):
1470         Let the DOMWindowProperty keep track of the disconnected DOMWindow.
1471         (WebCore::DOMWindowExtension::willDestroyGlobalObjectInCachedFrame):
1472         Dispatch the willDestroyGlobalObjectForDOMWindowExtension callback.
1473         (WebCore::DOMWindowExtension::willDestroyGlobalObjectInFrame):
1474         Ditto, but only if the callback hasn't already been sent because the frame has been detached.
1475         (WebCore::DOMWindowExtension::willDetachGlobalObjectFromFrame):
1476         Send the callback because nothing interesting can be done in the frame once it has been
1477         detached.
1478         * page/DOMWindowExtension.h:
1479
1480         * page/DOMWindowProperty.cpp:
1481         (WebCore::DOMWindowProperty::DOMWindowProperty):
1482         Keep track of the disconnected DOMWindow so it can be used to unregister the property when a
1483         cached frame is destroyed.
1484         (WebCore::DOMWindowProperty::~DOMWindowProperty):
1485         Also unregister the property when a DOMWindowProperty for a cached frame is destroyed.
1486         (WebCore::DOMWindowProperty::disconnectFrameForPageCache):
1487         Keep track of the disconnected DOMWindow.
1488         (WebCore::DOMWindowProperty::reconnectFrameFromPageCache):
1489         Ditto.
1490         (WebCore::DOMWindowProperty::willDestroyGlobalObjectInCachedFrame):
1491         Unregister the property from the disconnected DOMWindow.
1492         (WebCore::DOMWindowProperty::willDestroyGlobalObjectInFrame):
1493         Unregister the property from the DOMWindow and stop keeping track of the frame.
1494         (WebCore::DOMWindowProperty::willDetachGlobalObjectFromFrame):
1495         Do not set m_frame to 0 because detached frames still have access to the DOMWindow, even if
1496         they can't do anything meaningful with it.
1497         * page/DOMWindowProperty.h:
1498
1499         * page/Frame.cpp:
1500         (WebCore::Frame::setView):
1501         Tell the DOMWindow that the Document is being detached so it can tell the
1502         DOMWindowProperties.
1503
1504         * page/PointerLock.cpp:
1505         (WebCore::PointerLock::disconnectFrameForPageCache):
1506         Updated for disconnectFrame rename.
1507         (WebCore::PointerLock::willDestroyGlobalObjectInFrame):
1508         Cover the cases formerly covered by disconnectFrame (which was sometimes being called when
1509         called when the frame was destroyed).
1510         * page/PointerLock.h:
1511
1512 2012-05-09  Ian Vollick  <vollick@chromium.org>
1513
1514         [chromium] Ensure animations get ticked at least once when added.
1515         https://bugs.webkit.org/show_bug.cgi?id=86013
1516
1517         Reviewed by James Robinson.
1518
1519         Tested in
1520           CCLayerTreeHostTestTickAnimationWhileBackgrounded.runSingleThreaded
1521           CCLayerTreeHostTestAddAnimationWithTimingFunction.runSingleThreaded
1522           CCLayerTreeHostTestSynchronizeAnimationStartTimes.runSingleThreaded
1523           CCLayerTreeHostTestAnimationFinishedEvents.runSingleThreaded
1524
1525         * platform/graphics/chromium/LayerChromium.cpp:
1526         (WebCore::LayerChromium::addAnimation):
1527         * platform/graphics/chromium/cc/CCLayerAnimationController.cpp:
1528         (WebCore::CCLayerAnimationController::pushNewAnimationsToImplThread):
1529         * platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
1530         (WebCore::CCLayerTreeHost::finishCommitOnImplThread):
1531         (WebCore::CCLayerTreeHost::didAddAnimation):
1532         (WebCore):
1533         (WebCore::CCLayerTreeHost::didBecomeInvisibleOnImplThread):
1534         * platform/graphics/chromium/cc/CCLayerTreeHost.h:
1535         (CCLayerTreeHost):
1536         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
1537         (WebCore::CCLayerTreeHostImpl::CCLayerTreeHostImpl):
1538         * platform/graphics/chromium/cc/CCProxy.h:
1539         (CCProxy):
1540         * platform/graphics/chromium/cc/CCSingleThreadProxy.cpp:
1541         (CCSingleThreadProxyAnimationTimer):
1542         (WebCore::CCSingleThreadProxyAnimationTimer::create):
1543         (WebCore::CCSingleThreadProxyAnimationTimer::CCSingleThreadProxyAnimationTimer):
1544         (WebCore):
1545         (WebCore::CCSingleThreadProxy::CCSingleThreadProxy):
1546         (WebCore::CCSingleThreadProxy::didAddAnimation):
1547         (WebCore::CCSingleThreadProxy::doComposite):
1548         * platform/graphics/chromium/cc/CCSingleThreadProxy.h:
1549         (WebCore):
1550         * platform/graphics/chromium/cc/CCThreadProxy.h:
1551
1552 2012-05-09  Adam Barth  <abarth@webkit.org>
1553
1554         Implement HTML Media Capture
1555         https://bugs.webkit.org/show_bug.cgi?id=85958
1556
1557         Reviewed by Eric Seidel.
1558
1559         This patch begins the implementation of
1560         http://www.w3.org/TR/html-media-capture/ by adding the capture
1561         attribute to HTMLInputElement.
1562
1563         Test: fast/forms/file/file-input-capture.html
1564
1565         * html/FileInputType.cpp:
1566         (WebCore::FileInputType::handleDOMActivateEvent):
1567         * html/HTMLAttributeNames.in:
1568         * html/HTMLInputElement.cpp:
1569         (WebCore):
1570         (WebCore::HTMLInputElement::capture):
1571         (WebCore::HTMLInputElement::setCapture):
1572         * html/HTMLInputElement.h:
1573         (HTMLInputElement):
1574         * html/HTMLInputElement.idl:
1575         * platform/FileChooser.h:
1576         (FileChooserSettings):
1577
1578 2012-05-09  Charles Wei  <charles.wei@torchmobile.com.cn>
1579
1580         [BlackBerry]  Refactor data scheme support
1581         https://bugs.webkit.org/show_bug.cgi?id=85938
1582
1583         Reviewed by Rob Buis.
1584
1585         We will create a DataStream in our platform repository,
1586         so that can be wrapped up by NetworkJob for webkit rendering,
1587         and by DownloadStream for downloading.
1588
1589         Refactor, no new tests.
1590
1591         * platform/network/blackberry/NetworkJob.cpp:
1592         (WebCore::NetworkJob::NetworkJob):
1593         (WebCore::NetworkJob::initialize):
1594         (WebCore::NetworkJob::cancelJob):
1595         (WebCore::NetworkJob::sendResponseIfNeeded):
1596         * platform/network/blackberry/NetworkJob.h:
1597         (NetworkJob):
1598         * platform/network/blackberry/NetworkManager.cpp:
1599         (WebCore::NetworkManager::startJob):
1600
1601 2012-05-09  Dana Jansens  <danakj@chromium.org>
1602
1603         [chromium] Don't draw when canDraw() is false
1604         https://bugs.webkit.org/show_bug.cgi?id=85829
1605
1606         Reviewed by Adrienne Walker.
1607
1608         This is based on the work of Daniel Sievers in bug
1609         https://bugs.webkit.org/show_bug.cgi?id=82680. When canDraw() is false,
1610         we should not call drawLayers() or prepareToDraw() in both Single- and
1611         Multi-Threaded mode.
1612
1613         drawLayers() is crashing in single threaded mode, and this attempts to
1614         prevent it from being called with invalid state. While making it behave
1615         properly in single-threaded mode, it seems appropriate to unrevert the
1616         parts of 82680 that made threaded mode behave similarly appropriately.
1617
1618         A single-threaded test is not included since LTHTests is unable to run
1619         in single-threaded mode at this time (pending work from Ian Vollick). So
1620         we test in threaded mode only with a note to include a single thread
1621         version.
1622
1623         Tests: CCLayerTreeHostTestCanDrawBlocksDrawing.runMultiThread
1624
1625         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
1626         (WebCore::CCLayerTreeHostImpl::prepareToDraw):
1627         (WebCore::CCLayerTreeHostImpl::drawLayers):
1628         * platform/graphics/chromium/cc/CCSingleThreadProxy.cpp:
1629         (WebCore::CCSingleThreadProxy::doComposite):
1630         * platform/graphics/chromium/cc/CCThreadProxy.cpp:
1631         (WebCore::CCThreadProxy::scheduledActionDrawAndSwapInternal):
1632
1633 2012-05-09  Martin Robinson  <mrobinson@igalia.com>
1634
1635         [Cairo] GLContextGLX releases the context with an uninitialized display
1636         https://bugs.webkit.org/show_bug.cgi?id=86039
1637
1638         Reviewed by Philippe Normand.
1639
1640         No new tests. This does not change behavior on most machines, but has
1641         the potential to prevent a pretty nasty crash on others.
1642
1643         Use the shared display to release GLX contexts instead of the uninitialized
1644         m_display member.
1645
1646         * platform/graphics/glx/GLContextGLX.cpp:
1647         (WebCore::GLContextGLX::~GLContextGLX): Release the display with the shared
1648         display.
1649         * platform/graphics/glx/GLContextGLX.h:
1650         (GLContextGLX): Remove the m_display member.
1651
1652 2012-05-09  Tony Gentilcore  <tonyg@chromium.org>
1653
1654         Subresources loaded after a reload completes shouldn't be revalidated.
1655         https://bugs.webkit.org/show_bug.cgi?id=84614
1656
1657         Based on patch by Darin Fisher.
1658
1659         Reviewed by Darin Fisher.
1660
1661         Tests: http/tests/cache/loaded-from-cache-after-reload-within-iframe.html
1662                http/tests/cache/loaded-from-cache-after-reload.html
1663
1664         * loader/FrameLoader.cpp:
1665         (WebCore::FrameLoader::checkLoadCompleteForThisFrame): Reset m_loadType after the load completes.
1666
1667 2012-05-09  Erik Arvidsson  <arv@chromium.org>
1668
1669         [V8] Fix issue where V8BindingPerContextData could keep the context object alive
1670         https://bugs.webkit.org/show_bug.cgi?id=86036
1671
1672         Reviewed by Kentaro Hara.
1673
1674         This is a partial revert of http://trac.webkit.org/changeset/114320/. This keeps
1675         the layout tests that were introduced since it turns out that
1676         http://trac.webkit.org/changeset/114989 fixes the tests too.
1677
1678         Covered by: http/tests/security/isolatedWorld/context-destroy.html
1679
1680         * bindings/v8/V8IsolatedContext.cpp:
1681         (WebCore::V8IsolatedContext::destroy):
1682
1683 2012-05-09  Anders Carlsson  <andersca@apple.com>
1684
1685         Speed up some parts of TileCache drawing
1686         https://bugs.webkit.org/show_bug.cgi?id=86033
1687         <rdar://problem/10919373>
1688
1689         Reviewed by Sam Weinig.
1690
1691         * platform/graphics/ca/mac/TileCache.mm:
1692         (WebCore::TileCache::tileCoverageRect):
1693         If we can't have scrollbars, there's not much need to extend the tile coverage rect outside of the visible rect, since it's
1694         unlikely that we'll do any form of scrolling here.
1695
1696         (WebCore::TileCache::revalidateTiles):
1697         Don't update the tile layer frame if it's big enough to contain the tile size. Also, if there are no new tiles created,
1698         don't call platformCALayerDidCreateTiles since that will trigger an extra layer flush.
1699
1700 2012-05-09  Alexandre Elias  <aelias@google.com>
1701
1702         setPageScaleFactor should setScrollPosition if scale is unchanged
1703         https://bugs.webkit.org/show_bug.cgi?id=84400
1704
1705         Reviewed by Adam Barth.
1706
1707         Previously, setPageScaleFactor forgot about its "origin" argument if
1708         the page scale factor is unchanged.  This has proven undesirable in
1709         practice because, for example, a single pinch gesture may zoom in and
1710         back out to the original page scale factor, but at a different scroll
1711         offset.
1712
1713         New test case added to scale-and-scroll-body-expected.txt
1714
1715         * page/Page.cpp:
1716         (WebCore::Page::setPageScaleFactor):
1717
1718 2012-05-09  Hugo Parente Lima  <hugo.lima@openbossa.org>
1719
1720         Use suitable viewport values on XHTML-MP pages.
1721         https://bugs.webkit.org/show_bug.cgi?id=85425
1722
1723         Reviewed by Kenneth Rohde Christiansen.
1724
1725         Tests: fast/viewport/viewport-legacy-xhtmlmp-misplaced-doctype.html
1726                fast/viewport/viewport-legacy-xhtmlmp-ordering.html
1727                fast/viewport/viewport-legacy-xhtmlmp.html
1728
1729         Use device-width and device-height as viewport size on
1730         XHTML-MP pages if the use feature LEGACY_VIEWPORT_ADAPTION
1731         is set according as the non normative section of
1732         http://www.w3.org/TR/css-device-adapt/
1733
1734         * dom/Document.cpp:
1735         (WebCore::Document::setDocType):
1736
1737 2012-05-09  Beth Dakin  <bdakin@apple.com>
1738
1739         https://bugs.webkit.org/show_bug.cgi?id=86025
1740         RTL and vertical text documents do no scroll properly with the new 
1741         tiled scrolling model
1742         -and corresponding-
1743         <rdar://problem/11077589>
1744
1745         Reviewed by Dan Bernstein.
1746         
1747         Most of the fix here is just to teach the scrolling tree about the 
1748         scroll origin.
1749         * page/scrolling/ScrollingCoordinator.cpp:
1750         (WebCore::ScrollingCoordinator::frameViewLayoutUpdated):
1751         (WebCore::ScrollingCoordinator::setScrollParameters):
1752         * page/scrolling/ScrollingCoordinator.h:
1753         (ScrollParameters):
1754         * page/scrolling/ScrollingTreeNode.cpp:
1755         (WebCore::ScrollingTreeNode::update):
1756         * page/scrolling/ScrollingTreeNode.h:
1757         (WebCore::ScrollingTreeNode::scrollOrigin):
1758         (ScrollingTreeNode):
1759         * page/scrolling/ScrollingTreeState.cpp:
1760         (WebCore::ScrollingTreeState::setScrollOrigin):
1761         (WebCore):
1762         * page/scrolling/ScrollingTreeState.h:
1763         (WebCore::ScrollingTreeState::scrollOrigin):
1764         (ScrollingTreeState):
1765         * page/scrolling/mac/ScrollingTreeNodeMac.mm:
1766         (WebCore::ScrollingTreeNodeMac::scrollPosition):
1767         (WebCore::ScrollingTreeNodeMac::setScrollLayerPosition):
1768         (WebCore::ScrollingTreeNodeMac::minimumScrollPosition):
1769         (WebCore::ScrollingTreeNodeMac::maximumScrollPosition):
1770         * rendering/RenderLayerCompositor.cpp:
1771         (WebCore::RenderLayerCompositor::frameViewDidScroll):
1772
1773         Teaching the scrolling tree about the scroll origin revealed this pre-
1774         existing bug. layoutOverflowRect() is not the right rect to use since 
1775         it is not writing-mode savvy. unscaledDocumentRect() is the right rect 
1776         for the view's bounds.
1777         * rendering/RenderLayerBacking.cpp:
1778         (WebCore::RenderLayerBacking::updateCompositedBounds):
1779
1780 2012-05-09  Rob Buis  <rwlbuis@webkit.org>
1781
1782         Cleanup SVGElement.cpp
1783         https://bugs.webkit.org/show_bug.cgi?id=86004
1784
1785         Reviewed by Eric Seidel.
1786
1787         Remove unneeded includes. We do not need to check attr in SVGElement::attributeChanged,
1788         lower layers assume it is non-null and we do not call attributeChanged in SVG.
1789
1790         * svg/SVGElement.cpp:
1791         (WebCore::SVGElement::attributeChanged):
1792         (WebCore::SVGElement::isAnimatableAttribute):
1793
1794 2012-05-09  Jochen Eisinger  <jochen@chromium.org>
1795
1796         When creating a new page during a navigation, prime the initial document with the correct referrer policy
1797         https://bugs.webkit.org/show_bug.cgi?id=86001
1798
1799         Reviewed by Adam Barth.
1800
1801         Test: http/tests/security/referrer-policy-redirect-link.html
1802
1803         * dom/Document.h:
1804         (WebCore::Document::setReferrerPolicy):
1805         * loader/FrameLoader.cpp:
1806         (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
1807
1808 2012-05-09  Alec Flett  <alecflett@chromium.org>
1809
1810         IndexedDB: call abort handler when there are problems committing
1811         https://bugs.webkit.org/show_bug.cgi?id=85841
1812
1813         Reviewed by Ojan Vafai.
1814
1815         No new tests. Every existing test that calls commit() is testing
1816         the success side of this, and this only throws when there are
1817         LevelDB errors, which is exactly what we're trying to diagnose
1818         with this patch.
1819
1820         * Modules/indexeddb/IDBBackingStore.h:
1821         (Transaction):
1822         * Modules/indexeddb/IDBLevelDBBackingStore.cpp:
1823         (WebCore::IDBLevelDBBackingStore::deleteDatabase):
1824         (WebCore::IDBLevelDBBackingStore::Transaction::commit):
1825         * Modules/indexeddb/IDBLevelDBBackingStore.h:
1826         (Transaction):
1827         * Modules/indexeddb/IDBTransactionBackendImpl.cpp:
1828         (WebCore::IDBTransactionBackendImpl::commit):
1829
1830 2012-05-09  Mark Pilgrim  <pilgrim@chromium.org>
1831
1832         [Chromium] Remove PlatformSupport::loadPlatformImageResource, call loadResource directly
1833         https://bugs.webkit.org/show_bug.cgi?id=84417
1834
1835         Reviewed by Adam Barth.
1836
1837         Part of a refactoring series. See tracking bug 82948.
1838
1839         * WebCore.gyp/WebCore.gyp:
1840         * WebCore.gypi:
1841         * platform/chromium/PlatformSupport.h:
1842         (PlatformSupport):
1843         * platform/graphics/chromium/ImageChromium.cpp:
1844         (WebCore::Image::loadPlatformResource):
1845         * platform/graphics/chromium/ImageChromiumMac.mm: Removed.
1846
1847 2012-05-09  Rob Buis  <rbuis@rim.com>
1848
1849         Remove some isSVGFoo methods
1850         https://bugs.webkit.org/show_bug.cgi?id=86009
1851
1852         Reviewed by Eric Seidel.
1853
1854         These are not used at the moment and were probably just copy and pasted from
1855         isSVGFoo methods in RenderObject.h.
1856
1857         * rendering/RenderObject.h:
1858         * rendering/svg/RenderSVGEllipse.h:
1859         (RenderSVGEllipse):
1860         * rendering/svg/RenderSVGRect.h:
1861         (RenderSVGRect):
1862         * rendering/svg/RenderSVGShape.h:
1863
1864 2012-05-09  Ian Vollick  <vollick@chromium.org>
1865
1866         [chromium] Add impl-thread support for fill-mode and direction css animation properties
1867         https://bugs.webkit.org/show_bug.cgi?id=77662
1868
1869         Reviewed by James Robinson.
1870
1871         Adds support for accelerating css animations with -webkit-animation-fill-mode,
1872         and -webkit-animation-direction properties.
1873
1874         Tested in:
1875           CCActiveAnimationTest.TrimTimeAlternating
1876           CCLayerAnimationControllerTest.createReversedAnimation
1877           CCLayerAnimationControllerTest.createAlternatingAnimation
1878           CCLayerAnimationControllerTest.createReversedAlternatingAnimation
1879
1880         * platform/graphics/chromium/cc/CCActiveAnimation.cpp:
1881         (WebCore::CCActiveAnimation::CCActiveAnimation):
1882         (WebCore::CCActiveAnimation::trimTimeToCurrentIteration):
1883         (WebCore::CCActiveAnimation::cloneForImplThread):
1884         * platform/graphics/chromium/cc/CCActiveAnimation.h:
1885         (CCActiveAnimation):
1886         (WebCore::CCActiveAnimation::alternatesDirection):
1887         (WebCore::CCActiveAnimation::setAlternatesDirection):
1888         * platform/graphics/chromium/cc/CCLayerAnimationController.cpp:
1889
1890 2012-05-09  Ken Buchanan  <kenrb@chromium.org>
1891
1892         Crash from removal of a line break object
1893         https://bugs.webkit.org/show_bug.cgi?id=85997
1894
1895         Reviewed by David Hyatt.
1896
1897         Regression from r115343. That replaced a call to setNeedsLayout()
1898         with a separate call that used a different bit during linebox
1899         invalidation after renderer child removal. There are special cases
1900         where layout isn't marked on parent nodes just from the removal, so
1901         line dirtying needs to explicitly mark ancestors for layout.
1902
1903         * rendering/RenderObject.h:
1904         (WebCore::RenderObject::setAncestorLineBoxDirty):
1905
1906 2012-05-09  Levi Weintraub  <leviw@chromium.org>
1907
1908         Fix performance regression for floats caused by LayoutUnit change
1909         https://bugs.webkit.org/show_bug.cgi?id=85834
1910
1911         Reviewed by Ojan Vafai.
1912
1913         Refactoring FractionalLayout types to alleviate performance issues. Explicitly
1914         inlining constructor and operator functions in FractionalLayoutUnit, as well as
1915         pixelSnappedIntSize and pixelSnappedIntRect (particularly hot code paths). Also
1916         further simplifying round and ceil functions when sub-pixel layout is not enabled.
1917
1918         pixelSnappedIntSize was the only function defined in FractionalLayoutSize.cpp,
1919         so it is removed.
1920
1921         No new tests. No change in functionality.
1922
1923         * CMakeLists.txt:
1924         * GNUmakefile.list.am:
1925         * Target.pri:
1926         * WebCore.gypi:
1927         * WebCore.vcproj/WebCore.vcproj:
1928         * WebCore.xcodeproj/project.pbxproj:
1929         * platform/FractionalLayoutUnit.h:
1930         (WebCore::FractionalLayoutUnit::FractionalLayoutUnit):
1931         (FractionalLayoutUnit):
1932         (WebCore::FractionalLayoutUnit::toInt):
1933         (WebCore::FractionalLayoutUnit::toFloat):
1934         (WebCore::FractionalLayoutUnit::toDouble):
1935         (WebCore::FractionalLayoutUnit::toUnsigned):
1936         (WebCore::FractionalLayoutUnit::operator int):
1937         (WebCore::FractionalLayoutUnit::operator unsigned):
1938         (WebCore::FractionalLayoutUnit::operator float):
1939         (WebCore::FractionalLayoutUnit::operator double):
1940         (WebCore::FractionalLayoutUnit::operator bool):
1941         (WebCore::FractionalLayoutUnit::ceil):
1942         (WebCore::FractionalLayoutUnit::round):
1943         * platform/graphics/FractionalLayoutRect.cpp:
1944         (WebCore):
1945         * platform/graphics/FractionalLayoutRect.h:
1946         (WebCore::FractionalLayoutRect::pixelSnappedSize):
1947         (WebCore::pixelSnappedIntRect):
1948         (WebCore):
1949         * platform/graphics/FractionalLayoutSize.cpp: Removed.
1950         * platform/graphics/FractionalLayoutSize.h:
1951         (WebCore):
1952         * rendering/LayoutTypes.h:
1953         (WebCore::pixelSnappedIntSize):
1954         (WebCore):
1955
1956 2012-05-09  Abhishek Arya  <inferno@chromium.org>
1957
1958         Crash in ReplaceSelectionCommand::performTrivialReplace
1959         https://bugs.webkit.org/show_bug.cgi?id=85943
1960
1961         Reviewed by Ryosuke Niwa.
1962
1963         RefPtr nodeAfterInsertionPos to guard against mutation events.
1964
1965         Test: editing/inserting/insert-html-crash.html
1966
1967         * editing/ReplaceSelectionCommand.cpp:
1968         (WebCore::ReplaceSelectionCommand::performTrivialReplace):
1969
1970 2012-05-03  Shawn Singh  <shawnsingh@chromium.org>
1971
1972         Hit testing is incorrect in some cases with perspective transforms
1973         https://bugs.webkit.org/show_bug.cgi?id=79136
1974
1975         Reviewed by Simon Fraser.
1976
1977         Tests: transforms/3d/hit-testing/coplanar-with-camera.html
1978                transforms/3d/hit-testing/perspective-clipped.html
1979
1980         * platform/graphics/transforms/TransformationMatrix.cpp:
1981         (WebCore::TransformationMatrix::projectPoint): Fix a
1982         divide-by-zero error so that values do not become Inf or Nan. Also
1983         fix an overflow error by using a large, but not-too-large constant
1984         to represent infinity.
1985
1986         (WebCore::TransformationMatrix::projectQuad): Fix an error where
1987         incorrect quads were being returned. Incorrect quads can occur
1988         when projectPoint clamped==true after returning.
1989
1990 2012-05-09  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
1991
1992         Simplify CSSParser::parseSimpleLengthValue()
1993         https://bugs.webkit.org/show_bug.cgi?id=85910
1994
1995         Reviewed by Alexis Menard.
1996
1997         Various small improvements to this function, mainly:
1998         - Move the check if the property ID accepts a simple length as early as possible;
1999         - Remove the check for the characters{8,16} pointers since they'll be valid (we ASSERT that);
2000         - Use a template to avoid duplicate code for 8 and 16 bit characters.
2001
2002         * css/CSSParser.cpp:
2003         (WebCore):
2004         (WebCore::parseSimpleLength):
2005         (WebCore::parseSimpleLengthValue):
2006
2007 2012-05-09  Ami Fischman  <fischman@chromium.org>
2008
2009         [chromium] Support multiple buffered time ranges
2010         https://bugs.webkit.org/show_bug.cgi?id=85926
2011
2012         Reviewed by Eric Carlson.
2013
2014         Preserve existing rendering of a single rect even in the presence of multiple buffered regions.
2015
2016         No new tests as this change has no functional effects.
2017
2018         * rendering/RenderMediaControlsChromium.cpp:
2019         (WebCore::paintMediaSlider):
2020
2021 2012-05-09  Dana Jansens  <danakj@chromium.org>
2022
2023         Early-out and avoid any copying when possible for Region operations
2024         https://bugs.webkit.org/show_bug.cgi?id=85260
2025
2026         Reviewed by Anders Carlsson.
2027
2028         For an empty region, any intersection or subtraction will not modify
2029         the region, so we can simply return instead of creating a new Shape
2030         and replacing the current empty Shape.
2031
2032         When a region is united with a region it contains, the orignal
2033         containing region is the result. So, if A.unite(B) and A.contains(B)
2034         then A does not need to change at all and we can return without making
2035         a copy of A's shape. When A is a rect, we can do this test even more
2036         simply.
2037
2038         We also remove redundant checks from trySimpleOperation() methods, where
2039         the test is already done in the Region calling site.
2040
2041         This change improves the performance of the Region overlap testing for
2042         composited layers, and allows us to avoid unnecessary copies of the
2043         Region during unite. With a layout test (attached to bug #81087), that
2044         creates a Region from the union of 225 composited layers, as well as
2045         600 overlapping layers above them, this change decreases the running
2046         time of the test by 3.2% by avoiding a copy of the entire Region for
2047         each insertion that does not change the resulting Region.
2048
2049         Unit tests: RegionTest.unite
2050
2051         * platform/graphics/Region.cpp:
2052         (WebCore::Region::Shape::UnionOperation::trySimpleOperation):
2053         (WebCore::Region::Shape::IntersectOperation::trySimpleOperation):
2054         (WebCore::Region::Shape::SubtractOperation::trySimpleOperation):
2055         (WebCore::Region::intersect):
2056         (WebCore::Region::unite):
2057         (WebCore::Region::subtract):
2058         * platform/graphics/Region.h:
2059         (WebCore::Region::isRect):
2060         (WebCore::Region::Shape::isRect):
2061
2062 2012-05-09  Tommy Widenflycht  <tommyw@google.com>
2063
2064         MediaStream API: SessionDescription::addCandidate should not crash for malformed input
2065         https://bugs.webkit.org/show_bug.cgi?id=85988
2066
2067         Reviewed by Adam Barth.
2068
2069         Sending null would crash the browser. Added safeguards in both the bindings and the native code.
2070
2071         Test: fast/mediastream/SessionDescription.html
2072
2073         * Modules/mediastream/SessionDescription.cpp:
2074         (WebCore::SessionDescription::addCandidate):
2075         * Modules/mediastream/SessionDescription.h:
2076         (SessionDescription):
2077         * Modules/mediastream/SessionDescription.idl:
2078
2079 2012-05-09  Tommy Widenflycht  <tommyw@google.com>
2080
2081         MediaStream API: Adding the possibility of port specific information in MediaStreamDescriptor
2082         https://bugs.webkit.org/show_bug.cgi?id=85794
2083
2084         Reviewed by Adam Barth.
2085
2086         To facilitate for ports I have added an ExtraData field that can be used for whatever purpose is needed.
2087
2088         No behavioral changes.
2089
2090         * platform/chromium/support/WebMediaStreamDescriptor.cpp:
2091         (ExtraDataContainer):
2092         (WebKit::ExtraDataContainer::ExtraDataContainer):
2093         (WebKit::ExtraDataContainer::extraData):
2094         (WebKit):
2095         (WebKit::WebMediaStreamDescriptor::extraData):
2096         (WebKit::WebMediaStreamDescriptor::setExtraData):
2097         * platform/mediastream/MediaStreamDescriptor.h:
2098         (ExtraData):
2099         (WebCore::MediaStreamDescriptor::ExtraData::~ExtraData):
2100         (MediaStreamDescriptor):
2101         (WebCore::MediaStreamDescriptor::extraData):
2102         (WebCore::MediaStreamDescriptor::setExtraData):
2103
2104 2012-05-09  Takashi Sakamoto  <tasak@google.com>
2105
2106         Crash in WebCore::RenderBoxModelObject::paddingLeft
2107         https://bugs.webkit.org/show_bug.cgi?id=83889
2108
2109         Reviewed by Abhishek Arya.
2110
2111         RenderScrollbar creates RenderScrollbarPart without any parent
2112         renderers. However, if the scrollbar has percent padding styles,
2113         non-null parent renderer is required. So after creating/destroying
2114         RenderScrollbarPart instances, set owningRenderer(creating)/0
2115         (destroying) as its parent renderer.
2116
2117         Test: scrollbars/scrollbar-percent-padding-crash.html
2118               scrollbars/scrollbar-percent-padding-crash-expected.txt
2119
2120         * rendering/RenderScrollbar.cpp:
2121         (WebCore::RenderScrollbar::updateScrollbarPart):
2122         Added setParent after creating/destroying RenderScrollbarPart.
2123         * rendering/RenderScrollbarPart.cpp:
2124         Made RenderScollbar friend, because setParent is protected and
2125         RenderScrollbar is not inherited from class RenderObject.
2126
2127 2012-05-09  Takashi Sakamoto  <tasak@google.com>
2128
2129         ShadowRoot needs applyAuthorStyles
2130         https://bugs.webkit.org/show_bug.cgi?id=78472
2131
2132         Reviewed by Hajime Morita.
2133
2134         Implemented applyAuthorStyles attribute defined in the following spec:
2135         http://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/shadow/index.html#shadow-root-attributes
2136         Since applyAuthorSheets attribute has been already implemented,
2137         renamed all applyAuthorSheets to applyAuthorStyles and
2138         added applyAuthorStyles to ShadowRoot.idl.
2139         Currently, changing dynamically applyAuthorStyles doesn't work. I will fix this isse in bugs:84215: https://bugs.webkit.org/show_bug.cgi?id=84251
2140
2141         Test: fast/dom/shadow/shadow-root-applyAuthorStyles.html
2142               fast/dom/shadow/shadow-root-applyAuthorStyles-expected.html
2143
2144         * css/StyleResolver.cpp:
2145         (WebCore::StyleResolver::collectMatchingRulesForList):
2146         * dom/ShadowRoot.cpp:
2147         (WebCore::ShadowRoot::ShadowRoot):
2148         (WebCore::ShadowRoot::applyAuthorStyles):
2149         (WebCore::ShadowRoot::setApplyAuthorStyles):
2150         * dom/ShadowRoot.h:
2151         * dom/TreeScope.cpp:
2152         (WebCore::TreeScope::applyAuthorStyles):
2153         * dom/TreeScope.h:
2154         (TreeScope):
2155         Changed all applyAuthorSheets to applyAuthorSytles.
2156         (ShadowRoot):
2157         * dom/ShadowRoot.idl:
2158         Added a new attribute, boolean applyAuthorStyles.
2159
2160 2012-05-09  Yoshifumi Inoue  <yosin@chromium.org>
2161
2162         [Chromium][Forms] HTMLOptionsCollection doesn't have indexed properties on property enumeration
2163         https://bugs.webkit.org/show_bug.cgi?id=85937
2164
2165         Reviewed by Kentaro Hara.
2166
2167         This patch adds numeric indices to properties in enumeration to HTMLOptionsCollection V8 binding
2168         to changes Objects.keys in ECMAScript5 and for-in statement behavior for compatibility with
2169         Firefox 12, IE9, Opera 11, and Safari 5.
2170
2171         Test: fast/forms/select/options-indexed-properties.html
2172
2173         * bindings/scripts/CodeGeneratorV8.pm:
2174         (GenerateImplementationIndexer): Set $hasEnumerator true for interface HTMLOptionsCollection
2175
2176 2012-05-09  Shinya Kawanaka  <shinyak@chromium.org>
2177
2178         Position should be able to have ShadowRoot as a container.
2179         https://bugs.webkit.org/show_bug.cgi?id=82021
2180
2181         Reviewed by Ryosuke Niwa.
2182
2183         Since Position could not take a shadow root as a container node, pointing the direct children
2184         of a shadow root was difficult.
2185
2186         This patch makes it enabled, and fixes a lot of crashes caused by that limitation.
2187         Also, we confirm that ShadowRoot is not exposed to JavaScript layer.
2188
2189         Currently this change is only enabled if shadow dom flag is enabled, since we cannot
2190         prove this change does not destroy the existing behavior. However, this change is really required
2191         to fix other editing bugs in Shadow DOM. A bunch of patches and tests will be added to
2192         fix other editing bugs and they will check this patch does not break editing.
2193         We will also add a fuzzer to check the stability of editing in Shadow DOM later, and it will
2194         also help to confirm the patch will not break the editing.
2195
2196         Tests: editing/shadow/doubleclick-on-meter-in-shadow-crash.html
2197                editing/shadow/rightclick-on-meter-in-shadow-crash.html
2198                editing/shadow/shadow-selection-not-exported.html
2199
2200         * dom/Position.cpp:
2201         (WebCore::Position::Position):
2202         (WebCore::Position::containerNode):
2203         (WebCore::Position::parentAnchoredEquivalent):
2204         (WebCore::Position::previous):
2205         (WebCore::Position::next):
2206         (WebCore::Position::atStartOfTree):
2207         (WebCore::Position::atEndOfTree):
2208         (WebCore::Position::findParent):
2209         * dom/Position.h:
2210         (WebCore):
2211         (WebCore::positionInParentBeforeNode):
2212         (WebCore::positionInParentAfterNode):
2213
2214 2012-05-09  Zoltan Horvath  <zoltan@webkit.org>
2215
2216         [Qt] Build fix when using libpng version != 1.2
2217         https://bugs.webkit.org/show_bug.cgi?id=85614
2218
2219         Reviewed by Eric Seidel.
2220
2221         Don't enforce the version of libpng when passing the option to the linker.
2222
2223         No new tests, no intended functionality change.
2224
2225         * WebCore.pri:
2226
2227 2012-05-09  Oli Lan  <olilan@chromium.org>
2228
2229         Add identifying methods for date/time input types.
2230
2231         This patch adds methods isDateField(), isDateTimeField(), isDateTimeLocalField(),
2232         isMonthField(), isTimeField() and isWeekField() to InputType and the appropriate
2233         HTMLInputElement classes, to allow date/time input types to be identified.
2234
2235         The new methods match the existing methods for types such as email, search and number.
2236
2237         https://bugs.webkit.org/show_bug.cgi?id=78746
2238
2239         Reviewed by Kent Tamura.
2240
2241         A new test WebViewTest.TextInputType has been added in WebKit/chromium/tests that calls
2242         through to these methods via WebViewImpl.textInputType().
2243
2244         * html/DateInputType.cpp:
2245         (WebCore::DateInputType::isDateField):
2246         (WebCore):
2247         * html/DateInputType.h:
2248         (DateInputType):
2249         * html/DateTimeInputType.cpp:
2250         (WebCore::DateTimeInputType::isDateTimeField):
2251         (WebCore):
2252         * html/DateTimeInputType.h:
2253         (DateTimeInputType):
2254         * html/DateTimeLocalInputType.cpp:
2255         (WebCore::DateTimeLocalInputType::isDateTimeLocalField):
2256         (WebCore):
2257         * html/DateTimeLocalInputType.h:
2258         (DateTimeLocalInputType):
2259         * html/HTMLInputElement.cpp:
2260         (WebCore::HTMLInputElement::isDateField):
2261         (WebCore):
2262         (WebCore::HTMLInputElement::isDateTimeField):
2263         (WebCore::HTMLInputElement::isDateTimeLocalField):
2264         (WebCore::HTMLInputElement::isMonthField):
2265         (WebCore::HTMLInputElement::isTimeField):
2266         (WebCore::HTMLInputElement::isWeekField):
2267         * html/HTMLInputElement.h:
2268         (HTMLInputElement):
2269         * html/InputType.cpp:
2270         (WebCore::InputType::isDateField):
2271         (WebCore):
2272         (WebCore::InputType::isDateTimeField):
2273         (WebCore::InputType::isDateTimeLocalField):
2274         (WebCore::InputType::isMonthField):
2275         (WebCore::InputType::isTimeField):
2276         (WebCore::InputType::isWeekField):
2277         * html/InputType.h:
2278         (InputType):
2279         * html/MonthInputType.cpp:
2280         (WebCore::MonthInputType::isMonthField):
2281         (WebCore):
2282         * html/MonthInputType.h:
2283         (MonthInputType):
2284         * html/TimeInputType.cpp:
2285         (WebCore::TimeInputType::isTimeField):
2286         (WebCore):
2287         * html/TimeInputType.h:
2288         (TimeInputType):
2289         * html/WeekInputType.cpp:
2290         (WebCore::WeekInputType::isWeekField):
2291         (WebCore):
2292         * html/WeekInputType.h:
2293         (WeekInputType):
2294
2295 2012-05-09  Nikolas Zimmermann  <nzimmermann@rim.com>
2296
2297         REGRESSION(r105057): Infinite loop inside SVGTextLayoutEngine::currentLogicalCharacterMetrics
2298         https://bugs.webkit.org/show_bug.cgi?id=83405
2299
2300         Reviewed by Darin Adler.
2301
2302         Dynamically adding tspans carrying position information in the x/y/dx/dy/rotate lists is broken.
2303         To avoid mistakes like this in future, simplify the calling code in RenderSVGInlineText and centralize
2304         the managment of all caches (text positioning element cache / metrics map / layout attributes) in
2305         RenderSVGText. This avoids the hack in SVGRootInlineBox::computePerCharacterLayoutInformation() which
2306         called textRoot->rebuildLayoutAttributes(), which was used to fix previous security issues with this code.
2307         Instead correctly handle destruction of RenderSVGInlineText in RenderSVGText, keeping the m_layoutAttributes
2308         synchronized with the current state of the render tree. Fixes highcharts problems.
2309
2310         Tests: svg/text/add-tspan-position-bug.html
2311                svg/text/modify-tspan-position-bug.html
2312
2313         * rendering/svg/RenderSVGInline.cpp:
2314         (WebCore::RenderSVGInline::addChild):
2315         * rendering/svg/RenderSVGInlineText.cpp:
2316         (WebCore::RenderSVGInlineText::willBeDestroyed):
2317         (WebCore::RenderSVGInlineText::setTextInternal):
2318         (WebCore::RenderSVGInlineText::styleDidChange):
2319         * rendering/svg/RenderSVGText.cpp:
2320         (WebCore::recursiveUpdateMetrics):
2321         (WebCore::RenderSVGText::subtreeChildAdded):
2322         (WebCore::RenderSVGText::subtreeChildWillBeDestroyed):
2323         (WebCore::recursiveCollectLayoutAttributes):
2324         (WebCore::checkLayoutAttributesConsistency):
2325         (WebCore::RenderSVGText::subtreeChildWasDestroyed):
2326         (WebCore::RenderSVGText::subtreeStyleChanged):
2327         (WebCore::RenderSVGText::subtreeTextChanged):
2328         (WebCore::RenderSVGText::layout):
2329         (WebCore::RenderSVGText::addChild):
2330         (WebCore::RenderSVGText::rebuildAllLayoutAttributes):
2331         (WebCore::RenderSVGText::rebuildLayoutAttributes):
2332         * rendering/svg/RenderSVGText.h:
2333         (WebCore::RenderSVGText::layoutAttributes):
2334         * rendering/svg/SVGRootInlineBox.cpp:
2335         (WebCore::SVGRootInlineBox::computePerCharacterLayoutInformation):
2336         * rendering/svg/SVGTextLayoutAttributesBuilder.cpp:
2337         (WebCore::SVGTextLayoutAttributesBuilder::buildLayoutAttributes):
2338
2339 2012-05-08  Dongwoo Im  <dw.im@samsung.com>
2340
2341         NavigatorRegisterProtocolHandler can call ChromeClient directly.
2342         https://bugs.webkit.org/show_bug.cgi?id=85944
2343
2344         Reviewed by Adam Barth.
2345
2346         Covered by fast/dom/register-protocol-handler.html
2347
2348         * page/Chrome.cpp: Remove registerProtocolHandler function.
2349         * page/Chrome.h: Remove registerProtocolHandler prototype.
2350         (Chrome):
2351         * page/NavigatorRegisterProtocolHandler.cpp: Call ChromeClient::registerProtocolHandler directly.
2352         (WebCore::NavigatorRegisterProtocolHandler::registerProtocolHandler):
2353
2354 2012-05-08  Mario Sanchez Prada  <msanchez@igalia.com>
2355
2356         Coding style issues present in RenderFrameSet.cpp
2357         https://bugs.webkit.org/show_bug.cgi?id=85955
2358
2359         Reviewed by Eric Seidel.
2360
2361         Just fixed those coding style issues.
2362
2363         * rendering/RenderFrameSet.cpp:
2364         (WebCore::RenderFrameSet::GridAxis::resize):
2365         (WebCore::RenderFrameSet::layOutAxis):
2366         (WebCore::RenderFrameSet::continueResizing):
2367
2368 2012-05-08  Jon Lee  <jonlee@apple.com>
2369
2370         Unreviewed build fix.
2371
2372         * platform/mac/WebCoreSystemInterface.h:
2373
2374 2012-05-08  Jason Liu  <jason.liu@torchmobile.com.cn>
2375
2376         [BlackBerry] Auth credentials set in private mode are reused in public mode.
2377         https://bugs.webkit.org/show_bug.cgi?id=84697
2378
2379         Reviewed by Rob Buis.
2380
2381         Add setPrivateMode function for CredentialStorage.
2382
2383         Now, we only save credentials in memory and CredentialBackingStore isn't enabled.
2384         When we set private mode from on to off, we clear all these temporary credentials.
2385
2386         We have to change Private Browsing to test, so have to write a manual test case.
2387         Test: ManualTests/blackberry/http-auth-private-mode-changed.html
2388
2389         * network/CredentialStorage.cpp:
2390         (WebCore::CredentialStorage::setPrivateMode):
2391         (WebCore):
2392         * platform/network/CredentialStorage.h:
2393         (CredentialStorage):
2394
2395 2012-05-08  Rakesh KN  <rakesh.kn@motorola.com>
2396
2397         RadioNodeList support in HTMLFormElement::elements
2398         https://bugs.webkit.org/show_bug.cgi?id=81854
2399
2400         Reviewed by Ryosuke Niwa.
2401
2402         Implement RadioNodeList support spec'ed at
2403         http://www.whatwg.org/specs/web-apps/current-work/multipage/common-dom-interfaces.html#radionodelist
2404
2405         Test: fast/forms/form-collection-radio-node-list.html
2406
2407         * CMakeLists.txt:
2408         Added entries for new files.
2409         * DerivedSources.cpp: Ditto.
2410         * DerivedSources.make: Ditto.
2411         * DerivedSources.pri: Ditto.
2412         * GNUmakefile.list.am: Ditto.
2413         * Target.pri: Ditto.
2414         * WebCore.gypi: Ditto.
2415         * WebCore.vcproj/WebCore.vcproj: Ditto.
2416         * WebCore.xcodeproj/project.pbxproj: Ditto.
2417         * bindings/js/JSHTMLCollectionCustom.cpp:
2418         (WebCore::getNamedItems):
2419         Modified to create RadioNodeList object when FormControlCollection has more than
2420         one element of same name/id.
2421         * bindings/scripts/CodeGeneratorJS.pm:
2422         (GenerateImplementation):
2423         Added code to include Node.h and JSNode.h in JSRadioNodeElement.cpp.
2424         * bindings/v8/custom/V8HTMLCollectionCustom.cpp:
2425         (WebCore::getNamedItems):
2426         Modified to create RadioNodeList object when FormControlCollection has more than
2427         one element of same name/id.
2428         * dom/Node.cpp:
2429         (WebCore::Node::invalidateNodeListsCacheAfterAttributeChanged):
2430         Invalidate lists even for change in id, type, checked attributes.
2431         (WebCore::NodeListsNodeData::invalidateCachesThatDependOnAttributes):
2432         Invalidate radioNodeList cache.
2433         (WebCore::NodeListsNodeData::isEmpty):
2434         Changes for radioNodeList.
2435         (WebCore::Node::radioNodeList):
2436         Creates if needed a RadioNodeList and adds it to the cache.
2437         (WebCore::Node::removeCachedRadioNodeList):
2438         Removes a cached radioNodeList.
2439         * dom/Node.h: Ditto
2440         * dom/NodeRareData.h:
2441         (WebCore):
2442         (NodeListsNodeData):
2443         Added radioNodeList list.
2444         * html/CollectionType.h:
2445         Added new FormControls type.
2446         * html/HTMLCollection.cpp:
2447         (WebCore::HTMLCollection::shouldIncludeChildren):
2448         (WebCore::HTMLCollection::isAcceptableElement):
2449         Handle FormControls collection type.
2450         * html/HTMLFormCollection.cpp:
2451         (WebCore::HTMLFormCollection::HTMLFormCollection):
2452         Contruct collection of FormControls type.
2453         * html/RadioNodeList.cpp: Added.
2454         (WebCore):
2455         (WebCore::RadioNodeList::RadioNodeList):
2456         (WebCore::RadioNodeList::~RadioNodeList):
2457         (WebCore::toRadioButtonInputElement):
2458         (WebCore::RadioNodeList::value):
2459         (WebCore::RadioNodeList::setValue):
2460         (WebCore::RadioNodeList::nodeMatches):
2461         * html/RadioNodeList.h: Added.
2462         (WebCore):
2463         (RadioNodeList):
2464         (WebCore::RadioNodeList::create):
2465         RadioNodeList implementation.
2466         * html/RadioNodeList.idl: Added.
2467         Idl for generating RadioNodeList JS/V8 bindings.
2468
2469 2012-05-08  Benjamin Poulain  <bpoulain@apple.com>
2470
2471         [JSC] Regression: addEventListener() and removeEventListener() raise an exception on missing args
2472         https://bugs.webkit.org/show_bug.cgi?id=85928
2473
2474         Reviewed by Geoffrey Garen.
2475
2476         The functions addEventListener() and removeEventListener() raise an exception if there are missin arguments.
2477         This behavior breaks existing content.
2478
2479         This patch change the code generator of JavaScript core to have an exception for addEventListener() and removeEventListener().
2480         For those function, we do not raise an exception on missin argument.
2481
2482         This patch does not modify the V8 code generator because such exceptions are already in place there.
2483
2484         Tests: fast/dom/Window/window-legacy-event-listener.html
2485                fast/dom/XMLHttpRequest-legacy-event-listener.html
2486                fast/dom/node-legacy-event-listener.html
2487
2488         * bindings/scripts/CodeGeneratorJS.pm:
2489         (GenerateImplementation):
2490
2491 2012-05-08  Chris Rogers  <crogers@google.com>
2492
2493         AudioParam should directly be given context in create() method
2494         https://bugs.webkit.org/show_bug.cgi?id=85905
2495
2496         Reviewed by James Robinson.
2497
2498         No new tests.  This is a low-level re-factoring and is covered by existing tests.
2499
2500         * Modules/webaudio/AudioBufferSourceNode.cpp:
2501         (WebCore::AudioBufferSourceNode::AudioBufferSourceNode):
2502         * Modules/webaudio/AudioGain.h:
2503         (WebCore::AudioGain::create):
2504         (WebCore::AudioGain::AudioGain):
2505         * Modules/webaudio/AudioGainNode.cpp:
2506         (WebCore::AudioGainNode::AudioGainNode):
2507         * Modules/webaudio/AudioPannerNode.cpp:
2508         (WebCore::AudioPannerNode::AudioPannerNode):
2509         * Modules/webaudio/AudioParam.h:
2510         (WebCore::AudioParam::create):
2511         (AudioParam):
2512         (WebCore::AudioParam::AudioParam):
2513         * Modules/webaudio/BiquadFilterNode.cpp:
2514         (WebCore::BiquadFilterNode::BiquadFilterNode):
2515         * Modules/webaudio/BiquadProcessor.cpp:
2516         (WebCore::BiquadProcessor::BiquadProcessor):
2517         * Modules/webaudio/BiquadProcessor.h:
2518         * Modules/webaudio/DelayNode.cpp:
2519         (WebCore::DelayNode::DelayNode):
2520         * Modules/webaudio/DelayProcessor.cpp:
2521         (WebCore::DelayProcessor::DelayProcessor):
2522         * Modules/webaudio/DelayProcessor.h:
2523         (DelayProcessor):
2524         * Modules/webaudio/DynamicsCompressorNode.cpp:
2525         (WebCore::DynamicsCompressorNode::DynamicsCompressorNode):
2526         * Modules/webaudio/Oscillator.cpp:
2527         (WebCore::Oscillator::Oscillator):
2528
2529 2012-05-08  Dana Jansens  <danakj@chromium.org>
2530
2531         [chromium] Show borders for partial-draw-culled quads to visualize culling behaviour
2532         https://bugs.webkit.org/show_bug.cgi?id=85414
2533
2534         Reviewed by Adrienne Walker.
2535
2536         The borders are brown, and are only shown when the quad's visible rect
2537         is non-empty and is different from the quad's original rect.
2538
2539         Adds a flag to CCQuadCuller constructor, to enable showing debug borders
2540         around what it leaves after culling (when it culls anything in a quad
2541         at all).
2542
2543         * platform/graphics/chromium/cc/CCDrawQuad.h:
2544         (WebCore::CCDrawQuad::isDebugQuad):
2545         (WebCore::CCDrawQuad::sharedQuadState):
2546         (CCDrawQuad):
2547         * platform/graphics/chromium/cc/CCQuadCuller.cpp:
2548         (WebCore):
2549         (WebCore::CCQuadCuller::CCQuadCuller):
2550         (WebCore::appendQuadInternal):
2551         (WebCore::CCQuadCuller::append):
2552         (WebCore::CCQuadCuller::appendSurface):
2553         (WebCore::CCQuadCuller::appendReplica):
2554         * platform/graphics/chromium/cc/CCQuadCuller.h:
2555         (CCQuadCuller):
2556         * platform/graphics/chromium/cc/CCRenderPass.cpp:
2557         (WebCore::CCRenderPass::appendQuadsForLayer):
2558         (WebCore::CCRenderPass::appendQuadsForRenderSurfaceLayer):
2559
2560 2012-05-08  Julien Chaffraix  <jchaffraix@webkit.org>
2561
2562         Move RenderLayers z-index lists dirtying to post style change
2563         https://bugs.webkit.org/show_bug.cgi?id=85437
2564
2565         Reviewed by Darin Adler.
2566
2567         No expected change in behavior.
2568
2569         This change moves the z-order lists to RenderLayer::styleChanged. As part of this
2570         change, also added proper handling of stacking context transition. This enabled
2571         us to tighten more of the dirtyZOrderLists / clearZOrderLists code.
2572
2573         * rendering/RenderBoxModelObject.cpp:
2574         (WebCore::RenderBoxModelObject::styleWillChange):
2575         Removed this code, moved to updateStackingContextsAfterStyleChange.
2576
2577         * rendering/RenderLayer.cpp:
2578         (WebCore::RenderLayer::RenderLayer):
2579         Only stacking contexts start with dirty z-order lists.
2580
2581         (WebCore::RenderLayer::dirtyZOrderLists):
2582         Added an ASSERT.
2583
2584         (WebCore::RenderLayer::updateStackingContextsAfterStyleChange):
2585         Refactored the code to handle the transition between stacking context status.
2586
2587         (WebCore::RenderLayer::styleChanged):
2588         Added a call to updateStackingContextsAfterStyleChange.
2589
2590         * rendering/RenderLayer.h:
2591         (WebCore::RenderLayer::isStackingContext):
2592         Added a call to the next function.
2593
2594         (WebCore::RenderLayer::layerWithStyleIsStackingContext):
2595         Factored the isStackingContext logic here so that we can reuse it inside
2596         updateStackingContextsAfterStyleChange.
2597
2598         (WebCore::RenderLayer::clearZOrderLists):
2599         Added an ASSERT.
2600
2601 2012-05-08  Abhishek Arya  <inferno@chromium.org>
2602
2603         Crash due to owning renderer not removed from custom scrollbar.
2604         https://bugs.webkit.org/show_bug.cgi?id=80610
2605
2606         Reviewed by Eric Seidel.
2607
2608         Test: scrollbars/scrollbar-owning-renderer-crash.html
2609
2610         Changed RenderScrollbar to keep pointer to owning node, instead of the
2611         renderer. Renderer can get destroyed without informing the scrollbar, causing
2612         crashes later. Remove code from r94107 since it is not needed anymore and saves
2613         times when RenderBox is getting destroyed.
2614
2615         * page/FrameView.cpp:
2616         (WebCore::FrameView::createScrollbar): pass renderer's node.
2617         * page/FrameView.h:
2618         * rendering/RenderBox.cpp:
2619         (WebCore::RenderBox::willBeDestroyed): no longer need this. came originally from r94107.
2620         * rendering/RenderLayer.cpp:
2621         (WebCore::RenderLayer::createScrollbar): pass renderer's node.
2622         (WebCore::RenderLayer::destroyScrollbar): no longer need to clear owning renderer.
2623         * rendering/RenderListBox.cpp:
2624         (WebCore::RenderListBox::createScrollbar): pass renderer's node.
2625         * rendering/RenderMenuList.cpp:
2626         (WebCore::RenderMenuList::createScrollbar): pass renderer's node.
2627         * rendering/RenderScrollbar.cpp:
2628         (WebCore::RenderScrollbar::createCustomScrollbar): Store owner node instead of renderer.
2629         (WebCore::RenderScrollbar::RenderScrollbar): Store owner node instead of renderer.
2630         (WebCore::RenderScrollbar::owningRenderer): calculate owning renderer from owner node.
2631         * rendering/RenderScrollbar.h:
2632         (RenderScrollbar):
2633         * rendering/RenderTextControlSingleLine.cpp:
2634         (WebCore::RenderTextControlSingleLine::createScrollbar): pass renderer's node.
2635
2636 2012-05-08  Jon Lee  <jonlee@apple.com>
2637
2638         Safari warns that it needs to resend the form in an iFrame when going back
2639         https://bugs.webkit.org/show_bug.cgi?id=82658
2640         <rdar://problem/11292558>
2641
2642         Reviewed by Darin Adler.
2643
2644         Test: http/tests/loading/post-in-iframe-with-back-navigation.html
2645
2646         * WebCore.exp.in: Add _wkCFURLRequestAllowAllPostCaching.
2647         * platform/mac/WebCoreSystemInterface.h: Add wkCFURLRequestAllowAllPostCaching.
2648         * platform/mac/WebCoreSystemInterface.mm: Add wkCFURLRequestAllowAllPostCaching.
2649         * platform/network/cf/ResourceRequestCFNet.cpp:
2650         (WebCore::ResourceRequest::doUpdatePlatformRequest): Set the bit to cache all POST responses.
2651         * platform/network/mac/ResourceRequestMac.mm:
2652         (WebCore::ResourceRequest::doUpdatePlatformRequest): Set the bit to cache all POST responses.
2653
2654 2012-05-08  Dana Jansens  <danakj@chromium.org>
2655
2656         [chromium] Reflections with masks should not occlude
2657         https://bugs.webkit.org/show_bug.cgi?id=85927
2658
2659         Reviewed by James Robinson.
2660
2661         When a surface does not have a mask, we make both it and its reflection
2662         occlude the things below them. However, if the reflection has a mask
2663         applied to it, then we should not consider it as occluding.
2664
2665         Adds replicaHasMask() to the render surface classes so we can test if
2666         the mask is present.
2667
2668         Unit Tests: CCOcclusionTrackerTestReplicaWithMask
2669
2670         * platform/graphics/chromium/RenderSurfaceChromium.cpp:
2671         (WebCore::RenderSurfaceChromium::hasMask):
2672         This is unusued right now, but will allow us to remove a FIXME from
2673         CCOcclusionTracker::finishedTargetRenderSurface().
2674         (WebCore):
2675         (WebCore::RenderSurfaceChromium::replicaHasMask):
2676         * platform/graphics/chromium/RenderSurfaceChromium.h:
2677         (RenderSurfaceChromium):
2678         * platform/graphics/chromium/cc/CCOcclusionTracker.cpp:
2679         (WebCore::::leaveToTargetRenderSurface):
2680         * platform/graphics/chromium/cc/CCRenderSurface.cpp:
2681         (WebCore::CCRenderSurface::hasMask):
2682         This is unusued right now, but will allow us to remove a FIXME from
2683         CCOcclusionTracker::finishedTargetRenderSurface().
2684         (WebCore):
2685         (WebCore::CCRenderSurface::replicaHasMask):
2686         * platform/graphics/chromium/cc/CCRenderSurface.h:
2687         (CCRenderSurface):
2688
2689 2012-05-08  Eric Seidel  <eric@webkit.org>
2690
2691         Add stylesheet inheritance support to IFRAME_SEAMLESS
2692         https://bugs.webkit.org/show_bug.cgi?id=85914
2693
2694         Reviewed by Ojan Vafai.
2695
2696         This work is already guarded by IFRAME_SEAMLESS, as
2697         Document::shouldDisplaySeamlesslyWithParent always returns false
2698         when IFRAME_SEAMLESS is off.
2699
2700         This makes the child document use all author stylesheets from all parent documents,
2701         per the seamless spec:
2702         http://www.whatwg.org/specs/web-apps/current-work/#attr-iframe-seamless
2703
2704         This support is slightly inefficient as every time a sheet is added
2705         to a parent document, the child document must do a full style selector recalc.
2706         Normally author sheet additions have a fast-path which avoids the full selector recalc,
2707         but such is not possible in the seamless case as we're inserting the parents sheets
2708         earlier in the child's cascade (instead of just appending them to the end of the list).
2709
2710         The test covers both the static inheritance as well as addition of a stylesheet
2711         to the parent and testing that it caused a recalc of the child.
2712
2713         Covered by fast/frames/seamless/seamless-css-cascade.html
2714
2715         * css/StyleResolver.cpp:
2716         (WebCore::StyleResolver::StyleResolver):
2717         (WebCore::StyleResolver::addStylesheetsFromSeamlessParents):
2718         (WebCore):
2719         * css/StyleResolver.h:
2720         (StyleResolver):
2721         * dom/Document.cpp:
2722         (WebCore::Document::seamlessParentUpdatedStylesheets):
2723         (WebCore):
2724         (WebCore::Document::notifySeamlessChildDocumentsOfStylesheetUpdate):
2725         (WebCore::Document::updateActiveStylesheets):
2726         * dom/Document.h:
2727         (Document):
2728
2729 2012-05-08  Raphael Kubo da Costa  <rakuco@webkit.org>
2730
2731         [CMake] FindGStreamer: Fix the build with static WebCore.
2732         https://bugs.webkit.org/show_bug.cgi?id=85930
2733
2734         Reviewed by Daniel Bates.
2735
2736         No new tests, build fix.
2737
2738         Building WebCore statically was failing because files in
2739         WebCore/platform/gstreamer when ENABLE_VIDEO was set required
2740         gstreamer-base, which was not being linked to after r116453.
2741
2742         Fix that by looking for gstreamer-base, requiring and linking
2743         against it if GStreamer is used.
2744
2745         * PlatformEfl.cmake: Link to GSTREAMER_LIBRARIES and
2746         GSTREAMER_BASE_LIBRARIES, and include GSTREAMER_INCLUDE_DIRS and
2747         GSTREAMER_BASE_INCLUDE_DIRS.
2748
2749 2012-05-08  Raymond Toy  <rtoy@google.com>
2750
2751         JavaScriptAudioNode should not ASSERT if number of input channels is 0
2752         https://bugs.webkit.org/show_bug.cgi?id=85818
2753
2754         Reviewed by Eric Seidel.
2755
2756         Test: webaudio/javascriptaudionode-zero-input-channels.html
2757
2758         * Modules/webaudio/JavaScriptAudioNode.cpp:
2759         (WebCore::JavaScriptAudioNode::process): Update buffersAreGood.
2760         (WebCore::JavaScriptAudioNode::fireProcessEvent): Remove ASSERT.
2761
2762 2012-05-08  Dana Jansens  <danakj@chromium.org>
2763
2764         Region reads past end of spans
2765         https://bugs.webkit.org/show_bug.cgi?id=85909
2766
2767         Reviewed by Anders Carlsson.
2768
2769         Region currently checks aSpan == aSpanEnd as the indicator that
2770         we passed all the spans. When aSpan < aSpanEnd, it uses aSpan+1
2771         to find the height of the span.
2772
2773         If aSpan == aSpanEnd - 1, then aSpan+1 == aSpanEnd. This does not
2774         represent a valid span, since aSpanEnd is past the end of the
2775         array, not the last element in the array. The loop should terminate
2776         in this case.
2777
2778         Checking aSegment != aSegmentEnd is acceptable in the inner loop since
2779         it increments by two each time (segments come in pairs, while spans
2780         come in singles).
2781
2782         Test: RegionTest.ReadPastFullSpanVectorInIntersectsTest
2783
2784         * platform/graphics/Region.cpp:
2785         (WebCore::Region::Shape::compareShapes):
2786
2787 2012-05-08  Philip Rogers  <pdr@google.com>
2788
2789         Prevent crash in animated lists
2790         https://bugs.webkit.org/show_bug.cgi?id=85382
2791
2792         Reviewed by Nikolas Zimmermann.
2793
2794         Animated lists blindly assign the last list value to m_toAtEndOfDurationType
2795         in SVGAnimationElement::startedActiveInterval. If the last list value's length
2796         is larger or smaller than the animated "to" length, we crash.
2797
2798         This change prevents accessing values off the end of toAtEndOfDuration by adding
2799         a check for this case. It may seem inefficient to perform this check on every
2800         animation update but the "to" value can change (in cardinality) while animating.
2801
2802         I checked each of the other animation types (e.g., SVGAnimatedAngle,
2803         SVGAnimatedBoolean, etc.) and was only able to hit this style of crash
2804         in the three types modified in this change:
2805         SVGAnimatedLengthList, SVGAnimatedNumberList, and SVGAnimatedPointList.
2806
2807         Tests: svg/animations/animate-linear-discrete-additive-b-expected.svg
2808                svg/animations/animate-linear-discrete-additive-b.svg
2809                svg/animations/animate-linear-discrete-additive-c-expected.svg
2810                svg/animations/animate-linear-discrete-additive-c.svg
2811                svg/animations/animate-linear-discrete-additive-expected.svg
2812                svg/animations/animate-linear-discrete-additive.svg
2813                svg/animations/animate-list-crash.svg
2814
2815         * svg/SVGAnimatedLengthList.cpp:
2816         (WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue):
2817         * svg/SVGAnimatedNumberList.cpp:
2818         (WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue):
2819         * svg/SVGAnimatedPointList.cpp:
2820         (WebCore::SVGAnimatedPointListAnimator::calculateAnimatedValue):
2821
2822 2012-05-08  Rafael Weinstein  <rafaelw@chromium.org>
2823
2824         HTMLElementStack::hasOnlyHTMLElementsInScope is no longer called
2825         https://bugs.webkit.org/show_bug.cgi?id=85908
2826
2827         Reviewed by Eric Seidel.
2828
2829         This patch just removes the dead code.
2830
2831         No tests needed. Cleanup only.
2832
2833         * html/parser/HTMLElementStack.cpp:
2834         * html/parser/HTMLElementStack.h:
2835         (HTMLElementStack):
2836
2837 2012-05-08  W. James MacLean  <wjmaclean@chromium.org>
2838
2839         [chromium] Create LinkHighlightLayerChromium class to provide link-highlight preview animations for GraphicsLayerChromium.
2840         https://bugs.webkit.org/show_bug.cgi?id=85084
2841
2842         Reviewed by James Robinson.
2843
2844         Unit test provided.
2845
2846         Creates a layer delegate class to provide link highlight animations for link-preview feature.
2847         These are added to a GraphicsLayerChromium via provided methods. Moves dispensing of animation
2848         ids into a separate class.
2849
2850         * WebCore.gypi:
2851         * platform/graphics/chromium/AnimationIdVendor.cpp: Added.
2852         (WebCore):
2853         (WebCore::AnimationIdVendor::getNextAnimationId):
2854         (WebCore::AnimationIdVendor::getNextGroupId):
2855         * platform/graphics/chromium/AnimationIdVendor.h: Added.
2856         (WebCore):
2857         (AnimationIdVendor):
2858         * platform/graphics/chromium/GraphicsLayerChromium.cpp:
2859         (WebCore::GraphicsLayerChromium::willBeDestroyed):
2860         (WebCore::GraphicsLayerChromium::updateNames):
2861         (WebCore::GraphicsLayerChromium::addAnimation):
2862         (WebCore::GraphicsLayerChromium::addLinkHighlight):
2863         (WebCore):
2864         (WebCore::GraphicsLayerChromium::didFinishLinkHighlight):
2865         (WebCore::GraphicsLayerChromium::updateChildList):
2866         (WebCore::GraphicsLayerChromium::mapAnimationNameToId):
2867         * platform/graphics/chromium/GraphicsLayerChromium.h:
2868         (WebCore):
2869         (GraphicsLayerChromium):
2870         * platform/graphics/chromium/LinkHighlight.cpp: Added.
2871         (WebCore):
2872         (WebCore::LinkHighlight::create):
2873         (WebCore::LinkHighlight::LinkHighlight):
2874         (WebCore::LinkHighlight::~LinkHighlight):
2875         (WebCore::LinkHighlight::contentLayer):
2876         (WebCore::LinkHighlight::paintContents):
2877         (WebCore::LinkHighlight::notifyAnimationStarted):
2878         (WebCore::LinkHighlight::notifyAnimationFinished):
2879         * platform/graphics/chromium/LinkHighlight.h: Added.
2880         (WebCore):
2881         (LinkHighlight):
2882
2883 2012-05-08  Raphael Kubo da Costa  <rakuco@webkit.org>
2884
2885         [CMake] Rewrite FindGStreamer.cmake.
2886         https://bugs.webkit.org/show_bug.cgi?id=85857
2887
2888         Reviewed by Daniel Bates.
2889
2890         No new tests, build system change.
2891
2892         We are currently kind of duplicating the same
2893         FindGStreamer-Foo.cmake file whenever a new GStreamer plugin needs
2894         to be found. Besides this approach not scaling very well, it
2895         relies on pkg-config for version checking, uses the LibFindMacros
2896         package that we should deprecate and all the find files could be
2897         merged into one, with users using the COMPONENTS feature of the
2898         FIND_PACKAGE() call to find the desired plugins.
2899
2900         FindGStreamer.cmake has then been rewritten to take all that into
2901         account:
2902         - The LibFindMacros.cmake package is not used anymore.
2903         - Version check is performed in the CMake file itself by parsing
2904         the gstversion.h header.
2905         - All GStreamer plugins are searched and the COMPONENTS keyword
2906         used in the FIND_PACKAGE() call is used to check which plugins are
2907         required.
2908         - The plugins-base and base GStreamer plugins are not searched, as
2909         they were not used anywhere in the build system.
2910
2911         * PlatformEfl.cmake: Update GStreamer-related variable names.
2912
2913 2012-05-08  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>
2914
2915         [EFL] Handling of numeric-pad keys in EFL's PlatformKeyboardEvent
2916         https://bugs.webkit.org/show_bug.cgi?id=85479
2917
2918         Reviewed by Gustavo Noronha Silva.
2919
2920         EFL's PlatformKeyboardEvent::isKeypad() now returns meaningful value.
2921         Added numeric-pad keys to the Key Map and Windows Key Map.
2922
2923         No new tests.
2924
2925         * platform/efl/EflKeyboardUtilities.cpp:
2926         (WebCore::createKeyMap):
2927         (WebCore::createWindowsKeyMap):
2928         * platform/efl/PlatformKeyboardEventEfl.cpp:
2929         (WebCore::PlatformKeyboardEvent::PlatformKeyboardEvent):
2930
2931 2012-05-04  Nikolas Zimmermann  <nzimmermann@rim.com>
2932
2933         Tie lifetime of SVGAnimateElement::m_animatedType to the duration of the animation
2934         https://bugs.webkit.org/show_bug.cgi?id=85627
2935
2936         Reviewed by Antti Koivisto.
2937
2938         Example:
2939         <rect width="10" height="100">
2940             <animate attributeName="width" from="10" to="100" begin="2s" dur="4s" fill="remove"/>
2941         </rect>
2942
2943         At t=0s the <animate> element receives its first interval: begin=2s, end=6s.
2944         At this point we've created the 'OwnPtr<SVGAnimatedType> m_animatedType' in
2945         SVGAnimateElement, which holds the current animated value of the target type.
2946         In this example it contains a SVGLength with '10' as value at t=0s.
2947
2948         Calling "rect.width.animVal.value" will return the value currently contained in the
2949         m_animatedType from the SVGAnimateElement, even though the animation didn't begin
2950         yet. This is fine, as the animVal equals to the baseVal, as long as no animation is
2951         running.
2952
2953         At t=6s you'd expect that the whole 'animVal' object is destructed again, as it's no
2954         longer needed, as animVal will be equal to baseVal again, but the current code keeps
2955         the animVal alive, and just resets it to the baseVal. The animVals will be destructed
2956         once the animate element leaves the tree.
2957
2958         CSS animations suffer from the same problem, we never remove the animated SMIL properties
2959         but we only reset them to the base value. This makes integration with CSS Animations and
2960         CSS Transitions harder, so this needs to be changed.
2961
2962         This patch starts tracking the start/end of an animation chain properly, to destruct
2963         the animation effect for non-frozen animations at the end of their duration. This has to
2964         work properly together with seeking (SVGSVGElement.setCurrentTime), as our testing relies
2965         on the ability to drive the SMIL timeline from script.
2966
2967         Tests: svg/animations/list-wrapper-assertion-expected.svg
2968                svg/animations/list-wrapper-assertion.svg
2969
2970         * svg/SVGAnimateElement.cpp:
2971         (WebCore::SVGAnimateElement::resetAnimatedType):
2972         (WebCore::applyCSSPropertyToTarget):
2973         (WebCore::removeCSSPropertyFromTarget):
2974         (WebCore::applyCSSPropertyToTargetAndInstances):
2975         (WebCore::removeCSSPropertyFromTargetAndInstances):
2976         (WebCore::notifyTargetAboutAnimValChange):
2977         (WebCore::notifyTargetAndInstancesAboutAnimValChange):
2978         (WebCore::SVGAnimateElement::clearAnimatedType):
2979         (WebCore::SVGAnimateElement::applyResultsToTarget):
2980         (WebCore::SVGAnimateElement::targetElementWillChange):
2981         * svg/SVGAnimateElement.h:
2982         (SVGAnimateElement):
2983         * svg/SVGAnimateMotionElement.cpp:
2984         (WebCore::SVGAnimateMotionElement::resetAnimatedType):
2985         (WebCore::SVGAnimateMotionElement::clearAnimatedType):
2986         * svg/SVGAnimateMotionElement.h:
2987         (SVGAnimateMotionElement):
2988         * svg/SVGAnimationElement.cpp:
2989         * svg/SVGAnimationElement.h:
2990         * svg/animation/SMILTimeContainer.cpp:
2991         (WebCore::SMILTimeContainer::updateAnimations):
2992         * svg/animation/SVGSMILElement.cpp:
2993         (WebCore::SVGSMILElement::reset):
2994         (WebCore::SVGSMILElement::targetElementWillChange):
2995         (WebCore::SVGSMILElement::determineActiveState):
2996         (WebCore::SVGSMILElement::progress):
2997         * svg/animation/SVGSMILElement.h:
2998         (SVGSMILElement):
2999         * svg/properties/SVGAnimatedListPropertyTearOff.h:
3000             Remove svgAttributeChanged() calls from animationEnded/animValDidChange.
3001             Callers are now required to notify the target about changes. There are cases
3002             where we want to call animValDidChange without invoking svgAttributeChanged().
3003             That is supported now.
3004         (WebCore::SVGAnimatedListPropertyTearOff::animationEnded):
3005         (WebCore::SVGAnimatedListPropertyTearOff::animValDidChange):
3006         * svg/properties/SVGAnimatedProperty.h: Ditto.
3007         (WebCore::SVGAnimatedProperty::commitChange): Add safety guard.
3008         * svg/properties/SVGAnimatedPropertyTearOff.h: Ditto.
3009         (WebCore::SVGAnimatedPropertyTearOff::animationEnded):
3010         (WebCore::SVGAnimatedPropertyTearOff::animValDidChange):
3011         * svg/properties/SVGAnimatedStaticPropertyTearOff.h: Ditto.
3012         (WebCore::SVGAnimatedStaticPropertyTearOff::animationEnded):
3013         (WebCore::SVGAnimatedStaticPropertyTearOff::animValDidChange):
3014
3015 2012-05-08  Ryuan Choi  <ryuan.choi@samsung.com>
3016
3017         [EFL][DRT]Do not create ScrollbarEfl when mockScrollbar is enabled.
3018         https://bugs.webkit.org/show_bug.cgi?id=81315
3019
3020         Reviewed by Chang Shu.
3021
3022         ScrollbarEfl creates custom scrollbars as separated layer and they are
3023         not related to ScrollbarTheme.
3024         So, DRT/Efl creates custom scrollbars on webview which paints mockScrollbar.
3025
3026         This patch prevents creating custom scrollbars when mockScrollbar is enabled.
3027
3028         Because DRT/Efl only renders the webview now, expected results are same
3029         until Bug 79853 is landed.
3030
3031         * platform/efl/ScrollbarEfl.cpp:
3032         (Scrollbar::createNativeScrollbar):
3033
3034 2012-05-08  Timothy Hatcher  <timothy@apple.com>
3035
3036         Fix the SOFT_LINK_STAGED_FRAMEWORK_OPTIONAL macro so it passes the full path to dlopen.
3037
3038         dyld only considers libraries in the versioned framework path if their install name
3039         matches the library that it is attempting to load. The path we were passing to
3040         dlopen lacked the Versions/A component of the path so dyld did not recognize that
3041         we wanted it to use the staged version if it is newer.
3042
3043         <rdar://problem/11406517>
3044
3045         Reviewed by Mark Rowe.
3046
3047         * platform/mac/SoftLinking.h: Have SOFT_LINK_STAGED_FRAMEWORK_OPTIONAL take the
3048         framework version as an argument and use it when constructing the path to dlopen.
3049
3050 2012-05-08  Rafael Brandao  <rafael.lobo@openbossa.org>
3051
3052         Build fix for Qt Snowleopard Release
3053         https://bugs.webkit.org/show_bug.cgi?id=85895
3054
3055         Reviewed by Alexis Menard.
3056
3057         The enum value JSUint8ClampedArray conflicted with the JSUint8ClampedArray class.
3058         I've added the 'Type' suffix to the enum value to make their names different.
3059
3060         No new tests needed.
3061
3062         * bridge/qt/qt_runtime_qt4.cpp:
3063         (JSC::Bindings::valueRealType):
3064         (JSC::Bindings::convertValueToQVariant):
3065
3066 2012-05-08  Shezan Baig  <shezbaig.wk@gmail.com>
3067
3068         offsetLeft broken within CSS3 columns
3069         https://bugs.webkit.org/show_bug.cgi?id=34875
3070
3071         Reviewed by Julien Chaffraix.
3072
3073         Reimplement offsetLeft and offsetTop in terms of a new method called
3074         'offsetTopLeft'. The new method starts from a reference point (the
3075         top-left coordinate of a box or inline) and adjusts this reference
3076         point for columns as we traverse each parent. Note that the reference
3077         point needs to be adjusted in both dimensions, even though offsetLeft
3078         and offsetTop return only one of them.
3079
3080         A new method called 'offsetForColumns' was added to RenderObject. This
3081         method is similar to adjustForColumns, except that it returns the
3082         offset instead of modifying a reference. This method is necessary to
3083         simplify the implementation of offsetTopLeft.
3084
3085         Tests: fast/block/positioning/offsetLeft-offsetTop-multicolumn-expected.txt
3086                fast/block/positioning/offsetLeft-offsetTop-multicolumn.html
3087
3088         * rendering/RenderBox.h:
3089         (RenderBox):
3090         Override offsetLeft and offsetTop.
3091         * rendering/RenderBox.cpp:
3092         (WebCore::RenderBox::offsetLeft):
3093         Implemented in terms of RenderBoxModelObject::offsetTopLeft, using
3094         topLeftLocation as startPoint.
3095         (WebCore::RenderBox::offsetTop):
3096         Implemented in terms of RenderBoxModelObject::offsetTopLeft, using
3097         topLeftLocation as startPoint.
3098         * rendering/RenderBoxModelObject.cpp:
3099         (WebCore::RenderBoxModelObject::offsetTopLeft):
3100         New method to compute offsetLeft and offsetTop simultaneously, and
3101         adjusting for columns at each parent.
3102         (WebCore::RenderBoxModelObject::offsetLeft):
3103         Reimplemented in terms of offsetTopLeft.
3104         (WebCore::RenderBoxModelObject::offsetTop):
3105         Reimplemented in terms of offsetTopLeft.
3106         * rendering/RenderBoxModelObject.h:
3107         (RenderBoxModelObject):
3108         Declare new offsetTopLeft method.
3109         * rendering/RenderInline.cpp:
3110         (WebCore::RenderInline::offsetLeft):
3111         Reimplemented in terms of RenderBoxModelObject::offsetTopLeft.
3112         (WebCore::RenderInline::offsetTop):
3113         Reimplemented in terms of RenderBoxModelObject::offsetTopLeft.
3114         * rendering/RenderObject.h:
3115         (RenderObject):
3116         (WebCore::RenderObject::offsetForColumns):
3117         New helper method to simplify implementation of offsetTopLeft.
3118
3119 2012-03-31  Robert Hogan  <robert@webkit.org>
3120
3121         CSS 2.1 failure: first-letter-nested-004.htm fails
3122         https://bugs.webkit.org/show_bug.cgi?id=72987
3123
3124         Reviewed by Eric Seidel.
3125
3126         When styling first-letter check each sibling and drill into its inlines until we find either (i) a text node 
3127         that is not all whitespace, or (ii) a line break.
3128
3129         This makes our rendering of the following tests compatible with FF and Opera. Our current behaviour is also conformant
3130         since the spec allows UAs to style just one element:
3131             css2.1/20110323/first-letter-quote-002.htm
3132             css2.1/20110323/first-letter-quote-003.htm
3133             css2.1/20110323/first-letter-quote-004.htm
3134             css2.1/20110323/first-letter-quote-005.htm
3135
3136         This fixes the following two tests. We now drill into the descendants of an element styled with :first-letter looking
3137         for text to style:
3138             css2.1/20110323/first-letter-nested-004.htm
3139             css2.1/20110323/first-letter-nested-006.htm
3140
3141         This patch changes our rendering of first-letter-dynamic-001.htm as we now render adjacent quotes in the second line as 
3142         green. This is consistent with the spec, which allows this behaviour but does not require it. It's the 'right' behaviour
3143         since it is consistent with the rendering of such quotes in a single element with :first-letter style.
3144
3145         * rendering/RenderBlock.cpp:
3146         (WebCore::RenderBlock::findLastObjectWithFirstLetterText): Iterate through the child's siblings looking for the last
3147           object to be styled :first-letter.
3148         (WebCore::RenderBlock::findLastObjectAfterFirstLetterPunctuation): Style any leading punctuation as first-letter, drill
3149           down into the child's descendants looking for text if necessary.
3150         (WebCore::RenderBlock::updateFirstLetter): Refactor to drill into sibling's children looking for inlines
3151          that should be styled as first-letter.
3152         (WebCore::RenderBlock::addFirstLetter): Split out from updateFirstLetter so that it can be used when a
3153          descendant node inside a sibling is found in findLastObjectWithFirstLetterText() needs to be styled as first-letter.
3154         * rendering/RenderBlock.h:
3155
3156 2012-05-08  Sheriff Bot  <webkit.review.bot@gmail.com>
3157
3158         Unreviewed, rolling out r116402.
3159         http://trac.webkit.org/changeset/116402
3160         https://bugs.webkit.org/show_bug.cgi?id=85898
3161
3162         Caused a 3% regression on Chromium's bloat-http test on Linux
3163         (Requested by ojan_gardening on #webkit).
3164
3165         * WebCore.exp.in:
3166         * bindings/v8/RetainedDOMInfo.cpp:
3167         * dom/ContainerNode.h:
3168         * dom/Node.cpp:
3169         (WebCore::Node::traverseNextNode):
3170         (WebCore):
3171         (WebCore::Node::traverseNextSibling):
3172         * dom/Node.h:
3173         (Node):
3174
3175 2012-05-08  Hironori Bono  <hbono@chromium.org>
3176
3177         [Chromium] Fix the position of an RTL resizer
3178         https://bugs.webkit.org/show_bug.cgi?id=80640
3179
3180         Reviewed by Tony Chang.
3181
3182         When rendering an RTL resizer, my r110073 renders it at the same position as the
3183         one used for rendering a LTR resizer. Unfortunately, this code renders the RTL
3184         resizer image at an incorrect position on Mac and Linux. This change uses the
3185         correct formula to calculate the position of an RTL resizer.
3186
3187         Test: platform/chromium/scrollbars/rtl-resizer-position.html
3188
3189         * rendering/RenderLayer.cpp:
3190         (WebCore::RenderLayer::drawPlatformResizerImage):
3191
3192 2012-05-08  Andreas Kling  <kling@webkit.org>
3193
3194         Element: isURLAttribute() should take a const Attribute&.
3195         <http://webkit.org/b/85890>
3196
3197         Reviewed by Anders Carlsson.
3198
3199         Change isURLAttribute(Attribute*) to isURLAttribute(const Attribute&) to enforce
3200         the fact that the Attribute can't be null, and shouldn't be mutated, at compile-time.
3201         Also sprinkle OVERRIDE while we're at it.
3202
3203         * dom/Element.cpp:
3204         (WebCore::Element::getURLAttribute):
3205         (WebCore::Element::getNonEmptyURLAttribute):
3206         * dom/Element.h:
3207         (WebCore::Element::isURLAttribute):
3208         * editing/MarkupAccumulator.cpp:
3209         (WebCore::MarkupAccumulator::appendQuotedURLAttributeValue):
3210         (WebCore::MarkupAccumulator::appendAttribute):
3211         * editing/markup.cpp:
3212         (WebCore::completeURLs):
3213         * html/HTMLAnchorElement.cpp:
3214         (WebCore::HTMLAnchorElement::isURLAttribute):
3215         * html/HTMLAnchorElement.h:
3216         * html/HTMLBaseElement.cpp:
3217         (WebCore::HTMLBaseElement::isURLAttribute):
3218         * html/HTMLBaseElement.h:
3219         * html/HTMLBodyElement.cpp:
3220         (WebCore::HTMLBodyElement::isURLAttribute):
3221         * html/HTMLBodyElement.h:
3222         * html/HTMLButtonElement.cpp:
3223         (WebCore::HTMLButtonElement::isURLAttribute):
3224         * html/HTMLButtonElement.h:
3225         * html/HTMLElement.cpp:
3226         (WebCore::HTMLElement::isURLAttribute):
3227         * html/HTMLElement.h:
3228         * html/HTMLEmbedElement.cpp:
3229         (WebCore::HTMLEmbedElement::isURLAttribute):
3230         * html/HTMLEmbedElement.h:
3231         * html/HTMLFormElement.cpp:
3232         (WebCore::HTMLFormElement::isURLAttribute):
3233         * html/HTMLFormElement.h:
3234         * html/HTMLFrameElementBase.cpp:
3235         (WebCore::HTMLFrameElementBase::isURLAttribute):
3236         * html/HTMLFrameElementBase.h:
3237         (HTMLFrameElementBase):
3238         * html/HTMLHtmlElement.cpp:
3239         (WebCore::HTMLHtmlElement::isURLAttribute):
3240         * html/HTMLHtmlElement.h:
3241         * html/HTMLImageElement.cpp:
3242         (WebCore::HTMLImageElement::isURLAttribute):
3243         * html/HTMLImageElement.h:
3244         * html/HTMLInputElement.cpp:
3245         (WebCore::HTMLInputElement::isURLAttribute):
3246         * html/HTMLInputElement.h:
3247         * html/HTMLLinkElement.cpp:
3248         (WebCore::HTMLLinkElement::isURLAttribute):
3249         * html/HTMLLinkElement.h:
3250         * html/HTMLMediaElement.cpp:
3251         (WebCore::HTMLMediaElement::isURLAttribute):
3252         * html/HTMLMediaElement.h:
3253         * html/HTMLModElement.cpp:
3254         (WebCore::HTMLModElement::isURLAttribute):
3255         * html/HTMLModElement.h:
3256         * html/HTMLObjectElement.cpp:
3257         (WebCore::HTMLObjectElement::isURLAttribute):
3258         * html/HTMLObjectElement.h:
3259         * html/HTMLParamElement.cpp:
3260         (WebCore::HTMLParamElement::isURLAttribute):
3261         * html/HTMLParamElement.h:
3262         * html/HTMLQuoteElement.cpp:
3263         (WebCore::HTMLQuoteElement::isURLAttribute):
3264         * html/HTMLQuoteElement.h:
3265         * html/HTMLScriptElement.cpp:
3266         (WebCore::HTMLScriptElement::isURLAttribute):
3267         * html/HTMLScriptElement.h:
3268         * html/HTMLSourceElement.cpp:
3269         (WebCore::HTMLSourceElement::isURLAttribute):
3270         * html/HTMLSourceElement.h:
3271         * html/HTMLTableCellElement.cpp:
3272         (WebCore::HTMLTableCellElement::isURLAttribute):
3273         * html/HTMLTableCellElement.h:
3274         * html/HTMLTableElement.cpp:
3275         (WebCore::HTMLTableElement::isURLAttribute):
3276         * html/HTMLTableElement.h:
3277         * html/HTMLTrackElement.cpp:
3278         (WebCore::HTMLTrackElement::isURLAttribute):
3279         * html/HTMLTrackElement.h:
3280         * html/HTMLVideoElement.cpp:
3281         (WebCore::HTMLVideoElement::isURLAttribute):
3282         * html/HTMLVideoElement.h:
3283         * svg/SVGScriptElement.cpp:
3284         (WebCore::SVGScriptElement::isURLAttribute):
3285         * svg/SVGScriptElement.h:
3286
3287 2012-05-08  Stephen Chenney  <schenney@chromium.org>
3288
3289         Shrink ElementAttributeData by factoring out Attr object count.
3290         https://bugs.webkit.org/show_bug.cgi?id=85825
3291
3292         Unreviewed build fix.
3293
3294         * dom/ElementAttributeData.cpp:
3295         (WebCore::attrListForElement): Was returning false instead of 0 for a pointer value. Now returns 0.
3296
3297 2012-05-08  Andreas Kling  <kling@webkit.org>
3298
3299         Element: Merge idAttributeChanged() into attributeChanged().
3300         <http://webkit.org/b/85885>
3301
3302         Reviewed by Antti Koivisto.
3303
3304         No new tests, code churn only.
3305
3306         * dom/Element.h:
3307         * dom/Element.cpp:
3308         (WebCore::Element::attributeChanged): There's no need for this to be a standalone function anymore.
3309
3310 2012-05-08  Andreas Kling  <kling@webkit.org>
3311
3312         Shrink ElementAttributeData by factoring out Attr object count.
3313         <http://webkit.org/b/85825>
3314
3315         Reviewed by Antti Koivisto.
3316
3317         Stop tracking the number of Attr objects that point to a given Element on the
3318         Element itself and manage this by having a global hashmap of Element => AttrList,
3319         where AttrList is a vector of (pointers to) the associated Attr objects.
3320
3321         This shrinks ElementAttributeData by one integer, effectively reducing memory
3322         consumption by ~530kB when viewing the full HTML5 spec at <http://whatwg.org/c>.
3323
3324         * dom/ElementAttributeData.h:
3325         (ElementAttributeData):
3326
3327             Remove m_attrCount...
3328
3329         * dom/Node.h:
3330         (WebCore::Node::hasAttrList):
3331         (WebCore::Node::setHasAttrList):
3332         (WebCore::Node::clearHasAttrList):
3333
3334             ...replacing it with a Node flag that tells us whether there's an Attr
3335             object map for this Node (only applies to Elements.)
3336
3337         * dom/ElementAttributeData.cpp:
3338         (WebCore::attrListMap):
3339         (WebCore::attrListForElement):
3340         (WebCore::ensureAttrListForElement):
3341         (WebCore::removeAttrListForElement):
3342         (WebCore::ElementAttributeData::attrIfExists):
3343         (WebCore::ElementAttributeData::ensureAttr):
3344         (WebCore::ElementAttributeData::setAttr):
3345         (WebCore::ElementAttributeData::removeAttr):
3346         (WebCore::ElementAttributeData::detachAttributesFromElement):
3347
3348             Map Element => per-Element AttrList in a global hash.
3349
3350 2012-05-08  Chris Guan  <chris.guan@torchmobile.com.cn>
3351
3352         [Blackberry] remove m_isRequestedByPlugin in ResourceRequest
3353         https://bugs.webkit.org/show_bug.cgi?id=84559
3354
3355         Reviewed by Antonio Gomes.
3356
3357         ResourceRequest is a network level abstraction, and it should
3358         not know anything about web concepts such as plug-ins, and Blackberry
3359         does not need m_isRequestedByPlugin any longer, So clean up all related
3360         code.
3361
3362         Tested on a website of http://edition.cnn.com, a new window should be
3363         opened only when user has a singe tap gesture on a plugin element.
3364
3365         * platform/network/blackberry/ResourceRequest.h:
3366         (WebCore::ResourceRequest::ResourceRequest):
3367         (ResourceRequest):
3368         (CrossThreadResourceRequestData):
3369         * platform/network/blackberry/ResourceRequestBlackBerry.cpp:
3370         (WebCore::ResourceRequest::doPlatformCopyData):
3371         (WebCore::ResourceRequest::doPlatformAdopt):
3372
3373 2012-05-03  Alexander Pavlov  <apavlov@chromium.org>
3374
3375         Extra line-breaks added when copying from source.
3376         https://bugs.webkit.org/show_bug.cgi?id=85282
3377
3378         Reviewed by Ryosuke Niwa.
3379
3380         The code used to replace any \n by \r\n, even the one that had a preceding \r, resulting in \r\r\n.
3381         This change introduces a check for the preceding \r when replacing \n's.
3382
3383         Test: platform/win/editing/pasteboard/pasting-crlf-isnt-translated-to-crcrlf-win.html
3384
3385         * platform/chromium/ClipboardUtilitiesChromium.cpp:
3386         (WebCore::replaceNewlinesWithWindowsStyleNewlines):
3387         * platform/win/ClipboardUtilitiesWin.cpp:
3388         (WebCore::replaceNewlinesWithWindowsStyleNewlines):
3389
3390 2012-05-08  Adam Barth  <abarth@webkit.org>
3391
3392         OS(ANDROID) JNI AttachCurrentThread take JNIEnv** as a parameter, not void**
3393         https://bugs.webkit.org/show_bug.cgi?id=85869
3394
3395         Reviewed by Eric Seidel.
3396
3397         According to
3398         http://docs.oracle.com/javase/1.5.0/docs/guide/jni/spec/invocation.html,
3399         AttachCurrentThread takes a JNIEnv** rather than a void**.  Apparently,
3400         most implementations actually take a void**.  The OS(ANDROID)
3401         implementation, however, actually takes an JNIEnv**.  This patch
3402         introduces a typedef to give each implementation what it desires.
3403
3404         * bridge/jni/JNIUtility.cpp:
3405         (JSC::Bindings::getJNIEnv):
3406
3407 2012-05-08  Balazs Kelemen  <kbalazs@webkit.org>
3408
3409         [Qt] X11 plugins need to be reworked for Qt5+WK1
3410         https://bugs.webkit.org/show_bug.cgi?id=80691
3411
3412         Reviewed by Simon Hausmann.
3413
3414         Implement basic windowless plugin support with Qt5.
3415         The solution is the same that has been chosen for
3416         WebKit2. We get the content drawed by the plugin
3417         from the X server as an image, create a QImage
3418         from it and paint it to the window surface with QPainter.
3419         Performance is sufficient for basic video playback.
3420
3421         No new tests, covered by existing plugin tests.
3422
3423         * Target.pri:
3424         * WebCore.pri:
3425         * platform/qt/QWebPageClient.h:
3426         (QWebPageClient):
3427         * plugins/PluginView.h:
3428         (PluginView):
3429         * plugins/qt/PluginPackageQt.cpp:
3430         (WebCore::PluginPackage::isPluginBlacklisted):
3431         Blacklist plugins that are incompatible with Qt5.
3432         The only one I know about currently is skypebuttons
3433         but the list can be extended in the future.
3434         (WebCore):
3435         (WebCore::PluginPackage::load):
3436         * plugins/qt/PluginViewQt.cpp:
3437         (X11Environment):
3438         (WebCore):
3439         (WebCore::x11Display):
3440         (WebCore::x11Screen):
3441         (WebCore::rootWindowID):
3442         (WebCore::displayDepth):
3443         (WebCore::syncX):
3444         (WebCore::PluginView::platformPageClient): Added a safe
3445         convenience getter for the QWebpageClient.
3446         (WebCore::PluginView::updatePluginWidget):
3447         (WebCore::PluginView::setFocus):
3448         (WebCore::setupGraphicsExposeEvent):
3449         (WebCore::PluginView::paintUsingXPixmap):
3450         (WebCore::setSharedXEventFields):
3451         (WebCore::PluginView::initXEvent):
3452         (WebCore::PluginView::setXKeyEventSpecificFields):
3453         (WebCore::setXButtonEventSpecificFields):
3454         (WebCore::setXMotionEventSpecificFields):
3455         (WebCore::setXCrossingEventSpecificFields):
3456         (WebCore::PluginView::setNPWindowIfNeeded):
3457         (WebCore::PluginView::setParentVisible):
3458         (WebCore::PluginView::platformGetValue):
3459         (WebCore::PluginView::invalidateRect):
3460         (WebCore::getVisualAndColormap):
3461         Refactored this function to make it more clear
3462         what does it actually do.
3463         (WebCore::PluginView::platformStart):
3464         (WebCore::PluginView::platformDestroy):
3465
3466 2012-05-07  Antti Koivisto  <antti@apple.com>
3467
3468         Inline Node::traverseNextNode
3469         https://bugs.webkit.org/show_bug.cgi?id=85844
3470
3471         Reviewed by Ryosuke Niwa.
3472
3473         Inline traverseNextNode and traverseNextSibling to reduce entry/exit overhead and allow better code generation
3474         for many hot loops. Also added separate versions of stayWithin and unscoped cases (the function is
3475         so simple that this seemed like the cleanest way to do it, the most reliable too) and used UNLIKELY for the 
3476         end-of-traversal conditions.
3477         
3478         The traversal function can show up to ~1% in normal page loading profiles.
3479         
3480         run-perf-tests seems to think this is a progression in some subtests though bots will tell for certain.
3481
3482         * WebCore.exp.in:
3483         * dom/ContainerNode.h:
3484         
3485             Following the existing pattern, function bodies go to ContainerNode.h so they can call parentNode().
3486             (which returns ContainerNode, not Node).
3487
3488         (WebCore::Node::traverseNextNode):
3489         (WebCore):
3490         (WebCore::Node::traverseNextSibling):
3491         * dom/Node.cpp:
3492         (WebCore):
3493         * dom/Node.h:
3494         (Node):
3495
3496 2012-05-05  Pavel Feldman  <pfeldman@chromium.org>
3497
3498         Web Inspector: make JavaScriptSourceFrame use breakpoint manager's breakpoints store.
3499         https://bugs.webkit.org/show_bug.cgi?id=85714
3500
3501         Reviewed by Yury Semikhatsky.
3502
3503         It is currently using its own copy of breakpoints which is not necessary.
3504
3505         * inspector/front-end/BreakpointManager.js:
3506         (WebInspector.BreakpointManager):
3507         (WebInspector.BreakpointManager.prototype.restoreBreakpoints):
3508         (WebInspector.BreakpointManager.prototype.setBreakpoint):
3509         (WebInspector.BreakpointManager.prototype._innerSetBreakpoint):
3510         (WebInspector.BreakpointManager.prototype.findBreakpoint):
3511         (WebInspector.BreakpointManager.prototype.reset):
3512         (WebInspector.BreakpointManager.prototype._debuggerReset):
3513         (WebInspector.BreakpointManager.prototype._breakpointResolved):
3514         (WebInspector.BreakpointManager.prototype._uiLocationAdded):
3515         (WebInspector.BreakpointManager.prototype._uiLocationRemoved):
3516         (WebInspector.BreakpointManager.Breakpoint.prototype._breakpointStorageId):
3517         (WebInspector.BreakpointManager.Storage.prototype._restoreBreakpoints):
3518         (set WebInspector.BreakpointManager.Storage.Item):
3519         * inspector/front-end/JavaScriptSource.js:
3520         (WebInspector.JavaScriptSource.prototype.consoleMessagesCleared):
3521         (WebInspector.JavaScriptSource.prototype.breakpointStorageId):
3522         * inspector/front-end/JavaScriptSourceFrame.js:
3523         (WebInspector.JavaScriptSourceFrame):
3524         (WebInspector.JavaScriptSourceFrame.prototype._onContentChanged):
3525         (WebInspector.JavaScriptSourceFrame.prototype.populateLineGutterContextMenu):
3526         (WebInspector.JavaScriptSourceFrame.prototype.beforeTextChanged):
3527         (WebInspector.JavaScriptSourceFrame.prototype._onMouseDown):
3528         (WebInspector.JavaScriptSourceFrame.prototype._breakpointAdded):
3529         (WebInspector.JavaScriptSourceFrame.prototype._breakpointRemoved):
3530         (WebInspector.JavaScriptSourceFrame.prototype.onTextViewerContentLoaded):
3531         (WebInspector.JavaScriptSourceFrame.prototype._continueToLine):
3532         (WebInspector.JavaScriptSourceFrame.prototype._updateBreakpointsAfterLiveEdit):
3533
3534 2012-05-07  Pavel Feldman  <pfeldman@chromium.org>
3535
3536         Web Inspector: do not create locations for resolved provisional breakpoints
3537         https://bugs.webkit.org/show_bug.cgi?id=85716
3538
3539         Reviewed by Yury Semikhatsky.
3540
3541         Marked provisional breakpoints as such.
3542
3543         * inspector/front-end/BreakpointManager.js:
3544         (WebInspector.BreakpointManager.prototype._debuggerReset):
3545         (WebInspector.BreakpointManager.prototype._breakpointResolved):
3546
3547 2012-05-07  Simon Fraser  <simon.fraser@apple.com>
3548
3549         Compositing layers with transformed children not large enough to show contents
3550         https://bugs.webkit.org/show_bug.cgi?id=85855
3551
3552         Reviewed by Dan Bernstein.
3553         
3554         r114518 added a code path to RenderLayer::calculateLayerBounds() which
3555         does an early return if the layer has clipping. However, this code
3556         path omitted to take local transforms into account.
3557         
3558         Fix is to handle transforms as we do in the non-clipped case.
3559
3560         Test: compositing/geometry/bounds-clipped-composited-child.html
3561
3562         * rendering/RenderLayer.cpp:
3563         (WebCore::RenderLayer::calculateLayerBounds):
3564
3565 2012-05-07  Scott Graham  <scottmg@chromium.org>
3566
3567         Fix signed/unsigned mismatch
3568         https://bugs.webkit.org/show_bug.cgi?id=85845
3569
3570         Make literal in assert be unsigned to match comparison on LHS. Avoids
3571         warning on Windows.
3572
3573         Reviewed by Eric Seidel.
3574
3575         No new tests. No intended functionality change.
3576
3577         * rendering/RenderTableSection.cpp:
3578         (WebCore::RenderTableSection::splitColumn):
3579
3580 2012-05-07  Emil A Eklund  <eae@chromium.org>
3581
3582         Fix performance regression for floats caused by LayoutUnit change
3583         https://bugs.webkit.org/show_bug.cgi?id=85834
3584
3585         Reviewed by Eric Seidel.
3586
3587         Fix performance regression caused by r116009 by disabling the use of
3588         64bit math in FractionalLayoutUnit, simplifying the pixelSnappedMaxX/Y
3589         math, inlining a couple of methods and replacing the literal 0 (zero)
3590         with ZERO_LAYOUT_UNIT.
3591
3592         No new tests, no change in functionality.
3593
3594         * platform/FractionalLayoutUnit.h:
3595         (WebCore::boundedMultiply):
3596         (WebCore::operator*):
3597         (WebCore::operator/):
3598         Disable the use of 64bit (long long) math in the case where the fraction
3599         is set to 1.
3600         
3601         * platform/graphics/FractionalLayoutRect.h:
3602         (WebCore::FractionalLayoutRect::pixelSnappedMaxX):
3603         (WebCore::FractionalLayoutRect::pixelSnappedMaxY):
3604         Simplify the pixel snapping logic for maxX/maxY.
3605         
3606         * rendering/RenderBlock.cpp:
3607         (WebCore::RenderBlock::isSelfCollapsingBlock):
3608         (WebCore::RenderBlock::layoutBlock):
3609         (WebCore::RenderBlock::computeOverflow):
3610         (WebCore::RenderBlock::clearFloatsIfNeeded):
3611         (WebCore::RenderBlock::paintChildren):
3612         (WebCore::RenderBlock::blockSelectionGap):
3613         (WebCore::RenderBlock::logicalLeftSelectionGap):
3614         (WebCore::RenderBlock::logicalRightSelectionGap):
3615         (WebCore::RenderBlock::computeLogicalLocationForFloat):
3616         (WebCore::RenderBlock::lowestFloatLogicalBottom):
3617         (WebCore::RenderBlock::getClearDelta):
3618         (WebCore::RenderBlock::computeBlockPreferredLogicalWidths):
3619         (WebCore::RenderBlock::addFocusRingRects):
3620         (WebCore::RenderBlock::adjustLinePositionForPagination):
3621         * rendering/RenderBlock.h:
3622         (WebCore::RenderBlock::availableLogicalWidthForLine):
3623         (WebCore::RenderBlock::availableLogicalWidthForContent):
3624         (WebCore::RenderBlock::FloatingObject::x):
3625         (WebCore::RenderBlock::FloatingObject::maxX):
3626         (WebCore::RenderBlock::FloatingObject::y):
3627         (WebCore::RenderBlock::FloatingObject::maxY):
3628         (WebCore::RenderBlock::FloatingObject::width):
3629         (WebCore::RenderBlock::FloatingObject::height):
3630         (FloatingObject):
3631         (WebCore::RenderBlock::FloatingObject::pixelSnappedX):
3632         (WebCore::RenderBlock::FloatingObject::pixelSnappedMaxX):
3633         (WebCore::RenderBlock::FloatingObject::pixelSnappedY):
3634         (WebCore::RenderBlock::FloatingObject::pixelSnappedMaxY):
3635         (WebCore::RenderBlock::FloatingObject::pixelSnappedWidth):
3636         (WebCore::RenderBlock::FloatingObject::pixelSnappedHeight):
3637         (WebCore::RenderBlock::RenderBlockRareData::positiveMarginBeforeDefault):
3638         (WebCore::RenderBlock::RenderBlockRareData::negativeMarginBeforeDefault):
3639         (WebCore::RenderBlock::RenderBlockRareData::positiveMarginAfterDefault):
3640         (WebCore::RenderBlock::RenderBlockRareData::negativeMarginAfterDefault):
3641         * rendering/RenderBoxModelObject.cpp:
3642         (WebCore::accumulateRelativePositionOffsets):
3643         (WebCore::RenderBoxModelObject::offsetLeft):
3644         (WebCore::RenderBoxModelObject::offsetTop):
3645         (WebCore::RenderBoxModelObject::computedCSSPaddingTop):
3646         (WebCore::RenderBoxModelObject::computedCSSPaddingBottom):
3647         (WebCore::RenderBoxModelObject::computedCSSPaddingLeft):
3648         (WebCore::RenderBoxModelObject::computedCSSPaddingRight):
3649         (WebCore::RenderBoxModelObject::computedCSSPaddingBefore):
3650         (WebCore::RenderBoxModelObject::computedCSSPaddingAfter):
3651         (WebCore::RenderBoxModelObject::computedCSSPaddingStart):
3652         (WebCore::RenderBoxModelObject::computedCSSPaddingEnd):
3653
3654 2012-05-07  Dongwoo Im  <dw.im@samsung.com>
3655
3656         width/height attributes of input element cannot be accessed by JavaScript.
3657         https://bugs.webkit.org/show_bug.cgi?id=70304
3658
3659         Reviewed by Darin Adler.
3660
3661         If the type of input element is image button, width/height attributes should be supported.
3662         These attributes are defined in HTML5 spec.
3663         http://www.w3.org/TR/html5/the-map-element.html#attr-dim-width
3664
3665         Tests: fast/forms/input-width-height-attributes-without-renderer-loaded-image.html
3666                fast/forms/input-width-height-attributes-without-renderer-not-loaded-image.html
3667                fast/forms/input-width-height-attributes-without-renderer.html
3668                fast/forms/input-width-height-attributes.html
3669
3670         * html/HTMLInputElement.cpp: Add setter/getter functions to query/set width/height of input element.
3671         (WebCore):
3672         (WebCore::HTMLInputElement::height): Gets height of input element.
3673         (WebCore::HTMLInputElement::width): Gets width of input element.
3674         (WebCore::HTMLInputElement::setHeight): Sets height of input element.
3675         (WebCore::HTMLInputElement::setWidth): Sets width of input element.
3676         * html/HTMLInputElement.h: Add public prototype.
3677         (HTMLInputElement):
3678         * html/HTMLInputElement.idl: Add width/height attributes.
3679         * html/ImageInputType.cpp: Add getter functions if the element is an image button.
3680         (WebCore):
3681         (WebCore::ImageInputType::height): Gets height of input element.
3682         (WebCore::ImageInputType::width): Gets width of input element.
3683         * html/ImageInputType.h: Add prototype.
3684         (ImageInputType):
3685         * html/InputType.cpp: Add getter functions.
3686         (WebCore::InputType::height): Returns zero.
3687         (WebCore):
3688         (WebCore::InputType::width): Returns zero.
3689         * html/InputType.h: Add prototype.
3690         (InputType):
3691
3692 2012-05-07  Kinuko Yasuda  <kinuko@chromium.org>
3693
3694         Support cross-filesystem operations in FileSystem API
3695         https://bugs.webkit.org/show_bug.cgi?id=84135
3696
3697         Reviewed by David Levin.
3698
3699         Currently we pass Entry's fullPath to AsyncFileSystem layer where
3700         we convert the given path to filesystem URL which includes origin and
3701         filesystem type information, but in that way we cannot handle
3702         cross-filesystem operations (e.g. cross-filesystem copy and move)
3703         well since we end up with always attaching the source filesystem's
3704         origin and type information for argument paths.
3705
3706         This patch does:
3707         - change AsyncFileSystem's operation methods not to take entry paths
3708           but complete filesystem URLs.
3709         - move type and rootURL information from AsyncFileSystem instance into
3710           DOMFileSystemBase instance (platform layer to Modules/filesystem layer)
3711         - move filesystem-type related code in AsyncFileSystemChromium.cpp into
3712           DOMFileSystemChromium.cpp, which implements chromioum-specific
3713           DOMFileSystem code.
3714         - move platform/FileSystemType.h into Modules/filesystem/FileSystemType.h.
3715         - adding FileSystemType.h entry to build files (e.g. WebCore.gypi, WebCore.xcodeproj etc)
3716
3717         Test: fast/filesystem/cross-filesystem-op.html
3718
3719         * Modules/filesystem/DOMFileSystem.cpp:
3720         (WebCore::DOMFileSystem::create):
3721         (WebCore::DOMFileSystem::DOMFileSystem):
3722         (WebCore::DOMFileSystem::createWriter):
3723         (WebCore::DOMFileSystem::createFile):
3724         * Modules/filesystem/DOMFileSystem.h:
3725         * Modules/filesystem/DOMFileSystemBase.cpp:
3726         (WebCore::DOMFileSystemBase::DOMFileSystemBase):
3727         (WebCore::DOMFileSystemBase::createFileSystemURL): Added as an internal
3728         implementation of Entry.toURL().
3729         (WebCore::DOMFileSystemBase::getMetadata):
3730         (WebCore::verifyAndGetDestinationPathForCopyOrMove):
3731         (WebCore::DOMFileSystemBase::move):
3732         (WebCore::DOMFileSystemBase::copy):
3733         (WebCore::DOMFileSystemBase::remove):
3734         (WebCore::DOMFileSystemBase::removeRecursively):
3735         (WebCore::DOMFileSystemBase::getParent):
3736         (WebCore::DOMFileSystemBase::getFile):
3737         (WebCore::DOMFileSystemBase::getDirectory):
3738         (WebCore::DOMFileSystemBase::readDirectory):
3739         * Modules/filesystem/DOMFileSystemBase.h: Changed to make each
3740         DOMFileSystemBase instance have filesystem type and rootURL (they were
3741         held by AsyncFileSystem previously)
3742         (WebCore::DOMFileSystemBase::create): Changed to take additional parameters.
3743         (WebCore::DOMFileSystemBase::type): Added.(Moved from AsyncFileSystem::type)
3744         (WebCore::DOMFileSystemBase::rootURL): Added.(Moved from AsyncFileSystem::rootURL).
3745         * Modules/filesystem/DOMFileSystemSync.cpp:
3746         (WebCore::DOMFileSystemSync::create):
3747         (WebCore::DOMFileSystemSync::DOMFileSystemSync):
3748         (WebCore::DOMFileSystemSync::createFile):
3749         (WebCore::DOMFileSystemSync::createWriter):
3750         * Modules/filesystem/DOMFileSystemSync.h:
3751         (WebCore::DOMFileSystemSync::create):
3752         * Modules/filesystem/DOMWindowFileSystem.cpp:
3753         (WebCore::DOMWindowFileSystem::webkitRequestFileSystem):
3754         (WebCore::DOMWindowFileSystem::webkitResolveLocalFileSystemURL):
3755         * Modules/filesystem/EntryBase.cpp:
3756         (WebCore::EntryBase::toURL):
3757         * Modules/filesystem/FileSystemCallbacks.cpp:
3758         (WebCore::FileSystemCallbacks::create):
3759         (WebCore::FileSystemCallbacks::FileSystemCallbacks):
3760         (WebCore::FileSystemCallbacks::didOpenFileSystem):
3761         (WebCore::ResolveURICallbacks::create):
3762         (WebCore::ResolveURICallbacks::ResolveURICallbacks):
3763         (WebCore::ResolveURICallbacks::didOpenFileSystem):
3764         * Modules/filesystem/FileSystemCallbacks.h:
3765         (FileSystemCallbacks):
3766         (ResolveURICallbacks):
3767         * Modules/filesystem/FileSystemType.h: Renamed from Source/WebCore/platform/FileSystemType.h.
3768         * Modules/filesystem/LocalFileSystem.cpp:
3769         (WebCore::openFileSystem):
3770         (WebCore::LocalFileSystem::readFileSystem):
3771         (WebCore::LocalFileSystem::requestFileSystem):
3772         * Modules/filesystem/LocalFileSystem.h:
3773         * Modules/filesystem/WorkerContextFileSystem.cpp:
3774         (WebCore::WorkerContextFileSystem::webkitRequestFileSystem):
3775         (WebCore::WorkerContextFileSystem::webkitRequestFileSystemSync):
3776         (WebCore::WorkerContextFileSystem::webkitResolveLocalFileSystemURL):
3777         (WebCore::WorkerContextFileSystem::webkitResolveLocalFileSystemSyncURL):
3778         * Modules/filesystem/chromium/DOMFileSystemChromium.cpp: Added for chromium-specific
3779         implementation. Almost all of the code is moved from AsyncFileSystemChromium.
3780         (WebCore::DOMFileSystemBase::isValidType):
3781         (WebCore::DOMFileSystemBase::crackFileSystemURL):
3782         (WebCore::DOMFileSystemBase::supportsToURL):
3783         (WebCore::DOMFileSystemBase::createFileSystemURL):
3784         (WebCore::DOMFileSystemChromium::createIsolatedFileSystem):
3785         * Modules/filesystem/chromium/DOMFileSystemChromium.h: Added.
3786         * Modules/filesystem/chromium/DataTransferItemFileSystemChromium.cpp:
3787         (WebCore::DataTransferItemFileSystem::webkitGetAsEntry):
3788         * Modules/filesystem/chromium/DraggedIsolatedFileSystem.cpp:
3789         (WebCore::DraggedIsolatedFileSystem::getDOMFileSystem):
3790         * WebCore.gypi:
3791         * platform/AsyncFileSystem.cpp:
3792         (WebCore::AsyncFileSystem::openFileSystem):
3793         * platform/AsyncFileSystem.h:
3794         (AsyncFileSystem):
3795         (WebCore::AsyncFileSystem::AsyncFileSystem):
3796         * platform/AsyncFileSystemCallbacks.h:
3797         (WebCore::AsyncFileSystemCallbacks::didOpenFileSystem):
3798         * platform/blackberry/AsyncFileSystemBlackBerry.cpp:
3799         (WebCore::AsyncFileSystem::create):
3800         (WebCore::AsyncFileSystem::openFileSystem):
3801         (WebCore::AsyncFileSystemBlackBerry::AsyncFileSystemBlackBerry):
3802         (WebCore::AsyncFileSystemBlackBerry::move):
3803         (WebCore::AsyncFileSystemBlackBerry::copy):
3804         (WebCore::AsyncFileSystemBlackBerry::remove):
3805         (WebCore::AsyncFileSystemBlackBerry::removeRecursively):
3806         (WebCore::AsyncFileSystemBlackBerry::readMetadata):
3807         (WebCore::AsyncFileSystemBlackBerry::createFile):
3808         (WebCore::AsyncFileSystemBlackBerry::createDirectory):
3809         (WebCore::AsyncFileSystemBlackBerry::fileExists):
3810         (WebCore::AsyncFileSystemBlackBerry::directoryExists):
3811         (WebCore::AsyncFileSystemBlackBerry::readDirectory):
3812         (WebCore::AsyncFileSystemBlackBerry::createWriter):
3813         (WebCore::AsyncFileSystemBlackBerry::createSnapshotFileAndReadMetadata):
3814         * platform/blackberry/AsyncFileSystemBlackBerry.h:
3815         * platform/chromium/PlatformSupport.h:
3816         * platform/gtk/AsyncFileSystemGtk.cpp:
3817         (WebCore::AsyncFileSystem::create):
3818         (WebCore::AsyncFileSystem::openFileSystem):
3819         (WebCore::AsyncFileSystemGtk::AsyncFileSystemGtk):
3820         (WebCore::AsyncFileSystemGtk::move):
3821         (WebCore::AsyncFileSystemGtk::copy):
3822         (WebCore::AsyncFileSystemGtk::remove):
3823         (WebCore::AsyncFileSystemGtk::removeRecursively):
3824         (WebCore::AsyncFileSystemGtk::readMetadata):
3825         (WebCore::AsyncFileSystemGtk::createFile):
3826         (WebCore::AsyncFileSystemGtk::createDirectory):
3827         (WebCore::AsyncFileSystemGtk::fileExists):
3828         (WebCore::AsyncFileSystemGtk::directoryExists):
3829         (WebCore::AsyncFileSystemGtk::readDirectory):
3830         (WebCore::AsyncFileSystemGtk::createWriter):
3831         * platform/gtk/AsyncFileSystemGtk.h:
3832
3833         * GNUmakefile.list.am: Added FileSystemType.h.
3834         * WebCore.gypi: Added FileSystemType.h.
3835         * WebCore.vcproj/WebCore.vcproj: Added FileSystemType.h.
3836         * WebCore.xcodeproj/project.pbxproj: Added FileSystemType.h.
3837
3838 2012-05-07  Adam Barth  <abarth@webkit.org>
3839
3840         [Chromium] Android wishes to use an empty implementation if AXObjectCache
3841         https://bugs.webkit.org/show_bug.cgi?id=85842
3842
3843         Reviewed by Eric Seidel.
3844
3845         Add proper HAVE(ACCESSIBILITY) ifdefs so that Chromium builds without
3846         accessibility.
3847
3848         * accessibility/chromium/AXObjectCacheChromium.cpp:
3849         * accessibility/chromium/AccessibilityObjectChromium.cpp:
3850
3851 2012-05-07  Greg Billock  <gbillock@google.com>
3852
3853         [Web Intents] Flagged-off implementation of an intent tag for registration.
3854         https://bugs.webkit.org/show_bug.cgi?id=73039
3855
3856         Reviewed by Adam Barth.
3857
3858         The intent tag is a declarative way for pages to register that they
3859         accept delivery of web intent invocations of particular types. See the
3860         spec at http://dvcs.w3.org/hg/web-intents/raw-file/tip/spec/Overview.html
3861
3862         After discussion on the WhatWG list (see thread at
3863         http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2012-April/035301.html)
3864         the current plan is to combine declarative registration of Web
3865         Intents and protocol/content handlers with this tag. Alternatives
3866         considered were the meta and link tags.
3867
3868         * WebCore.gypi:
3869         * html/HTMLAttributeNames.in:
3870         * html/HTMLElementsAllInOne.cpp:
3871         * html/HTMLIntentElement.cpp: Added.
3872         (WebCore::HTMLIntentElement::HTMLIntentElement):
3873         (WebCore::HTMLIntentElement::create):
3874         (WebCore::HTMLIntentElement::insertedIntoDocument):
3875         * html/HTMLIntentElement.h: Added.
3876         * html/HTMLIntentElement.idl: Added.
3877         * html/HTMLTagNames.in:
3878         * loader/FrameLoaderClient.h:
3879         (WebCore::FrameLoaderClient::registerIntentService):
3880         * page/DOMWindow.idl:
3881
3882 2012-05-07  Dana Jansens  <danakj@chromium.org>
3883
3884         Region::intersects() and Region::contains() are slow due to copy overhead
3885         https://bugs.webkit.org/show_bug.cgi?id=81076
3886
3887         Reviewed by Anders Carlsson.
3888
3889         Testing contains() and intersects() requires a copy which ends up
3890         invoking a malloc on sufficiently complicated web pages, and slows down
3891         the test unnecessarily. These methods can be done by iterating over the
3892         Region::Shape values rather than making a copy of the entire region and
3893         manipulating it.
3894
3895         This uses Region::Shape::compareShapes() to walk the query regions and
3896         compute the result of the intersects or contains tests without making a
3897         copy.
3898
3899         This change improves the performance of the Region overlap testing for
3900         composited layers, and allows for testing contains() before unite() to
3901         avoid unnecessary copies of the Region when inserting into complex
3902         Regions. With a layout test that has 225 composited layers, and tests
3903         Region.intersects() for 1000 layers above them, this change decreases
3904         the running time of the test by 1.2% by avoiding a copy of the 225
3905         rects each time.
3906
3907         Unit test: RegionTest.intersectsRegion
3908                    RegionTest.containsRegion
3909
3910         * platform/graphics/Region.cpp:
3911         (WebCore::Region::contains):
3912         (WebCore::Region::intersects):
3913         (WebCore):
3914         (WebCore::Region::Shape::compareShapes):
3915         (Region::Shape::CompareContainsOperation):
3916         (WebCore::Region::Shape::CompareContainsOperation::aOutsideB):
3917         (WebCore::Region::Shape::CompareContainsOperation::bOutsideA):
3918         (WebCore::Region::Shape::CompareContainsOperation::aOverlapsB):
3919         (Region::Shape::CompareIntersectsOperation):
3920         (WebCore::Region::Shape::CompareIntersectsOperation::aOutsideB):
3921         (WebCore::Region::Shape::CompareIntersectsOperation::bOutsideA):
3922         (WebCore::Region::Shape::CompareIntersectsOperation::aOverlapsB):
3923         * platform/graphics/Region.h:
3924         (Shape):
3925
3926 2012-05-07  David Tseng  <dtseng@google.com>
3927
3928         Correct logical error in accessibilityIsIgnored.
3929         https://bugs.webkit.org/show_bug.cgi?id=85828
3930
3931         Reviewed by Chris Fleizach.
3932
3933         Covered by existing tests.
3934
3935         * accessibility/AccessibilityMenuListOption.cpp:
3936         (WebCore::AccessibilityMenuListOption::accessibilityIsIgnored):
3937         * accessibility/AccessibilityMenuListPopup.cpp:
3938         (WebCore::AccessibilityMenuListPopup::accessibilityIsIgnored):
3939
3940 2012-05-04  Zhenyao Mo  <zmo@google.com>
3941
3942         vertexAttribPointer needs to reject large negative offsets
3943         https://bugs.webkit.org/show_bug.cgi?id=85117
3944
3945         Reviewed by Kenneth Russell.
3946
3947         * html/canvas/WebGLRenderingContext.cpp: Use long long for GLsizeiptr and GLintptr
3948         (WebCore):
3949         (WebCore::WebGLRenderingContext::bufferData):
3950         (WebCore::WebGLRenderingContext::bufferSubData):
3951         (WebCore::WebGLRenderingContext::drawElements):
3952         (WebCore::WebGLRenderingContext::getVertexAttribOffset):
3953         (WebCore::WebGLRenderingContext::vertexAttribPointer):
3954         * html/canvas/WebGLRenderingContext.h: Ditto
3955         (WebGLRenderingContext):
3956         * html/canvas/WebGLRenderingContext.idl: Ditto
3957
3958 2012-05-07  Pravin D  <pravind.2k4@gmail.com>
3959
3960         :first-line text-decorations are not rendered
3961         https://bugs.webkit.org/show_bug.cgi?id=6047
3962
3963         Text-decorations are applied during paint phase. The style was not being properly selected in case of
3964         first line box. The patch fixes this. 
3965
3966         Reviewed by Eric Seidel.
3967
3968         Tests: fast/css/first-line-text-decoration-inherited-from-parent.html
3969                fast/css/first-line-text-decoration.html
3970
3971         * rendering/InlineTextBox.cpp:
3972         (WebCore::InlineTextBox::paintDecoration):
3973         Inform the decoration color retriever if this box is part of the first line box or not.
3974
3975         * rendering/RenderObject.cpp:
3976         (WebCore::decorationColor):
3977         Changed the argument from RenderObject* to RenderStyle*. As this function is just a helper to getTextDecorationColors
3978         as used RenderObject solely to retrieve the corresponding RenderStyle, which(RenderStyle*) was already available with the latter function. 
3979
3980         (WebCore::RenderObject::getTextDecorationColors):
3981         Take a new variable to check if first line style or the regular style has to be used.
3982         Sends RenderStyle* as an argument to decorationColor(). 
3983
3984         * rendering/RenderObject.h:
3985         (RenderObject):
3986
3987 2012-05-07  Julien Chaffraix  <jchaffraix@webkit.org>
3988
3989         Refactor windowClipRectForLayer to remove the explicit RenderLayer dependency
3990         https://bugs.webkit.org/show_bug.cgi?id=84090
3991
3992         Reviewed by David Hyatt.
3993
3994         No observable change in behavior.
3995
3996         The function name was ambiguous as it was not a general purpose function but was
3997         working directly on HTMLFrameOwnerElement. The rename makes this more obvious as
3998         well as removes the explicit dependency on RenderLayer.
3999
4000         One of the slight change of this refactoring is that we now always null-check the
4001         HTMLFrameOwnerElement's renderer as part windowClipRectForFrameOwner as I don't see
4002         any evidence for the other code paths not to hit that. Also we may recur more on our
4003         frame tree if we have no layer as we now call windowClipRect() in this case.
4004
4005         * page/FrameView.h:
4006         (FrameView):
4007         * plugins/PluginView.cpp:
4008         (WebCore::PluginView::windowClipRect):
4009         * WebCore.exp.in:
4010         * WebCore.order:
4011         * page/FrameView.cpp:
4012         (WebCore::FrameView::windowClipRect):
4013         Updated after windowClipRectForLayer name and signature change.
4014
4015         (WebCore::FrameView::windowClipRectForFrameOwner):
4016         This function now takes the HTMLFrameOwnerElement directly.
4017
4018         * plugins/PluginView.cpp:
4019         (WebCore::PluginView::PluginView):
4020         (WebCore::PluginView::create):
4021         * plugins/PluginView.h:
4022         (PluginView):
4023         Updated |m_element| to be an HTMLPlugInElement as this was what was
4024         passed by every caller. This makes the conversion to HTMLFrameOwnerElement
4025         possible.
4026
4027 2012-05-07  Enrica Casucci  <enrica@apple.com>
4028
4029         REGRESSION (r101575): Chinese input is broken when composing mail in iCloud using Safari.
4030         https://bugs.webkit.org/show_bug.cgi?id=85840
4031         <rdar://problem/11115520> 
4032         
4033         Reviewed by Alexey Proskuryakov.
4034
4035         The revision that broke this, introduced a way to sanitize the markup when deleting a range selection.
4036         iCloud listens for DOM modification events and clears the selection, altering the input method state.
4037         The fix consists in adding a paramenter to DeleteSelectionCommand to control when we sanitize the
4038         markup.
4039         
4040         * editing/CompositeEditCommand.cpp:
4041         (WebCore::CompositeEditCommand::deleteSelection):
4042         * editing/CompositeEditCommand.h:
4043         * editing/DeleteSelectionCommand.cpp:
4044         (WebCore::DeleteSelectionCommand::DeleteSelectionCommand):
4045         (WebCore::DeleteSelectionCommand::doApply):
4046         * editing/DeleteSelectionCommand.h:
4047         (WebCore::DeleteSelectionCommand::create):
4048         * editing/InsertTextCommand.cpp:
4049         (WebCore::InsertTextCommand::doApply):
4050
4051 2012-05-07  Andy Estes  <aestes@apple.com>
4052
4053         ENABLE_IFRAME_SEAMLESS should be part of FEATURE_DEFINES.
4054
4055         * Configurations/FeatureDefines.xcconfig:
4056