REGRESSION (r217078): window.ApplePaySession is undefined on macOS Sierra
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2017-05-19  Andy Estes  <aestes@apple.com>
2
3         REGRESSION (r217078): window.ApplePaySession is undefined on macOS Sierra
4         https://bugs.webkit.org/show_bug.cgi?id=172344
5
6         Reviewed by Tim Horton.
7
8         r213673 mistakenly changed the ApplePaySession interface from being conditional on
9         APPLE_PAY to being conditional on APPLE_PAY_DELEGATE, so when r217078 disabled
10         APPLE_PAY_DELEGATE on Sierra and earlier it disabled ApplePaySession.
11
12         Fix this by reverting ApplePaySession to being conditional on APPLE_PAY.
13
14         Fixes http/tests/ssl/applepay/ApplePaySession.html
15
16         * Modules/applepay/ApplePaySession.idl:
17
18 2017-05-19  Chris Dumez  <cdumez@apple.com>
19
20         CSSOM insertRule() index argument is optional with default 0
21         https://bugs.webkit.org/show_bug.cgi?id=172219
22
23         Reviewed by Sam Weinig.
24
25         Index parameter to CSSSupportsRule.insertRule() and CSSStyleSheet.insertRule() should
26         be optional with a default value of 0, as per the latest specification:
27         - https://github.com/w3c/csswg-drafts/commit/7949d41a2d86107f8ad4624c055b4b0c9c28ad0d
28         - https://www.w3.org/Bugs/Public/show_bug.cgi?id=27384
29
30         Tests: imported/w3c/web-platform-tests/cssom/insertRule-charset-no-index.html
31                imported/w3c/web-platform-tests/cssom/insertRule-import-no-index.html
32                imported/w3c/web-platform-tests/cssom/insertRule-namespace-no-index.html
33                imported/w3c/web-platform-tests/cssom/insertRule-no-index.html
34
35         * css/CSSStyleSheet.cpp:
36         * css/CSSStyleSheet.h:
37         * css/CSSStyleSheet.idl:
38         * css/CSSSupportsRule.idl:
39
40 2017-05-19  Carlos Garcia Campos  <cgarcia@igalia.com>
41
42         [Threaded Compositor] Remove platform ifdefs from threaded compositor implementation
43         https://bugs.webkit.org/show_bug.cgi?id=172265
44
45         Reviewed by Žan Doberšek.
46
47         Remove PlatformDisplayWPE::EGLTarget.
48
49         * platform/graphics/wpe/PlatformDisplayWPE.cpp:
50         * platform/graphics/wpe/PlatformDisplayWPE.h:
51
52 2017-05-19  Jer Noble  <jer.noble@apple.com>
53
54         Unreviewed build fix; add undefined functions and constants to the CoreMediaSoftLink.h, and use the
55         correct (and previously soft-linked) method in WebCoreDecompressionSession.
56
57         * platform/cf/CoreMediaSoftLink.cpp:
58         * platform/cf/CoreMediaSoftLink.h:
59         * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
60         (WebCore::WebCoreDecompressionSession::imageForTime):
61
62 2017-05-19  Yusuke Suzuki  <utatane.tea@gmail.com>
63
64         [JSC][DFG][DOMJIT] Extend CheckDOM to CheckSubClass
65         https://bugs.webkit.org/show_bug.cgi?id=172098
66
67         Reviewed by Saam Barati.
68
69         Add DOMJIT interface IDL attribute. Which allows us to define checkSubClassPatchpointFor${className}
70         function for that ClassInfo. And we move CheckSubClass patchpoint implementation to ClassInfo's member
71
72         * CMakeLists.txt:
73         * WebCore.xcodeproj/project.pbxproj:
74         * bindings/js/JSDOMGlobalObject.cpp:
75         * bindings/js/JSDOMWindowBase.cpp:
76         * bindings/js/JSDOMWindowProperties.cpp:
77         * bindings/js/JSDOMWindowShell.cpp:
78         * bindings/js/JSReadableStreamPrivateConstructors.cpp:
79         * bindings/js/JSWorkerGlobalScopeBase.cpp:
80         * bindings/scripts/CodeGeneratorJS.pm:
81         (GenerateHeader):
82         (GenerateImplementation):
83         (GenerateImplementationIterableFunctions):
84         (GenerateConstructorHelperMethods):
85         * bindings/scripts/IDLAttributes.json:
86         * bindings/scripts/test/JS/JSInterfaceName.cpp:
87         * bindings/scripts/test/JS/JSMapLike.cpp:
88         * bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
89         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
90         * bindings/scripts/test/JS/JSTestCEReactions.cpp:
91         * bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
92         * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
93         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
94         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
95         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
96         * bindings/scripts/test/JS/JSTestDOMJIT.cpp:
97         * bindings/scripts/test/JS/JSTestDOMJIT.h:
98         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
99         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
100         * bindings/scripts/test/JS/JSTestException.cpp:
101         * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
102         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
103         * bindings/scripts/test/JS/JSTestInterface.cpp:
104         * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
105         * bindings/scripts/test/JS/JSTestIterable.cpp:
106         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
107         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
108         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
109         * bindings/scripts/test/JS/JSTestNode.cpp:
110         * bindings/scripts/test/JS/JSTestObj.cpp:
111         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
112         * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
113         * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
114         * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
115         * bindings/scripts/test/JS/JSTestSerialization.cpp:
116         * bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
117         * bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
118         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
119         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
120         * bridge/c/CRuntimeObject.cpp:
121         * bridge/c/c_instance.cpp:
122         * bridge/objc/ObjCRuntimeObject.mm:
123         * bridge/objc/objc_instance.mm:
124         * bridge/objc/objc_runtime.mm:
125         * bridge/runtime_array.cpp:
126         * bridge/runtime_method.cpp:
127         * bridge/runtime_object.cpp:
128         * dom/Document.idl:
129         * dom/DocumentFragment.idl:
130         * dom/Element.idl:
131         * dom/Event.idl:
132         * dom/Node.idl:
133         * domjit/JSDocumentDOMJIT.cpp:
134         (WebCore::checkSubClassPatchpointForJSDocument):
135         (WebCore::DocumentDocumentElementDOMJIT::checkDOM): Deleted.
136         (WebCore::DocumentBodyDOMJIT::checkDOM): Deleted.
137         * domjit/JSDocumentFragmentDOMJIT.cpp: Copied from Source/JavaScriptCore/runtime/JSMap.cpp.
138         (WebCore::checkSubClassPatchpointForJSDocumentFragment):
139         * domjit/JSElementDOMJIT.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
140         (WebCore::checkSubClassPatchpointForJSElement):
141         * domjit/JSEventDOMJIT.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
142         (WebCore::checkSubClassPatchpointForJSEvent):
143         * domjit/JSNodeDOMJIT.cpp:
144         (WebCore::checkSubClassPatchpointForJSNode):
145         (WebCore::NodeFirstChildDOMJIT::checkDOM): Deleted.
146         (WebCore::NodeLastChildDOMJIT::checkDOM): Deleted.
147         (WebCore::NodeNextSiblingDOMJIT::checkDOM): Deleted.
148         (WebCore::NodePreviousSiblingDOMJIT::checkDOM): Deleted.
149         (WebCore::NodeParentNodeDOMJIT::checkDOM): Deleted.
150         (WebCore::NodeNodeTypeDOMJIT::checkDOM): Deleted.
151         (WebCore::NodeOwnerDocumentDOMJIT::checkDOM): Deleted.
152
153 2017-05-18  Jer Noble  <jer.noble@apple.com>
154
155         [MSE][Mac] Support painting MSE video-element to canvas
156         https://bugs.webkit.org/show_bug.cgi?id=125157
157         <rdar://problem/23062016>
158
159         Reviewed by Eric Carlson.
160
161         Test: media/media-source/media-source-paint-to-canvas.html
162
163         In order to have access to decoded video data for painting, decode the encoded samples manually
164         instead of adding them to the AVSampleBufferDisplayLayer. To facilitate doing so, add a new
165         utility class WebCoreDecompressionSession, which can decode samples and store them.
166
167         For the purposes of this patch, to avoid double-decoding of video data and to avoid severe complication
168         of our sample delivery pipeline, we will only support painting of decoded video samples when the video is
169         not displayed in the DOM.
170
171         * Modules/mediasource/MediaSource.cpp:
172         (WebCore::MediaSource::seekToTime): Always send waitForSeekCompleted() to give private a chance to delay seek completion.
173         * Modules/mediasource/SourceBuffer.cpp:
174         (WebCore::SourceBuffer::sourceBufferPrivateReenqueSamples): Added.
175         * Modules/mediasource/SourceBuffer.h:
176         * WebCore.xcodeproj/project.pbxproj:
177         * platform/cf/CoreMediaSoftLink.cpp: Added new soft link macros.
178         * platform/cf/CoreMediaSoftLink.h: Ditto.
179         * platform/cocoa/CoreVideoSoftLink.cpp: Ditto.
180         * platform/cocoa/CoreVideoSoftLink.h: Ditto.
181         * platform/graphics/SourceBufferPrivateClient.h:
182         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
183         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::sampleBufferDisplayLayer): Simple accessor.
184         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::decompressionSession): Ditto.
185         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
186         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::MediaPlayerPrivateMediaSourceAVFObjC):
187         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::load): Update whether we should be displaying in a layer or decompression session..
188         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVisible): Ditto.
189         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::waitForSeekCompleted): m_seeking is now an enum.
190         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seeking): Ditto.
191         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekCompleted): Ditto. If waiting for a video frame, delay completing seek.
192         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::nativeImageForCurrentTime): Call updateLastImage() and return result.
193         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::updateLastImage): Fetch the image for the current time.
194         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::paint): Pass to paintCurrentFrameInCanvas.
195         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::paintCurrentFrameInContext): Get a native image, and render it.
196         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::acceleratedRenderingStateChanged): Create or destroy a layer or decompression session as appropriate.
197         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureLayer): Creates a layer.
198         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::destroyLayer): Destroys a layer.
199         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureDecompressionSession): Creates a decompression session.
200         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::destroyDecompressionSession): Destroys a decompression session.
201         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setHasAvailableVideoFrame): If seek completion delayed, complete now. Ditto for ready state change.
202         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setReadyState): If waiting for a video frame, delay ready state change.
203         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): Deleted.
204         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::removeDisplayLayer): Deleted.
205         * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h:
206         * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
207         (WebCore::MediaSourcePrivateAVFObjC::hasVideo): Promote to a class function.
208         (WebCore::MediaSourcePrivateAVFObjC::hasSelectedVideo): Return whether any of the active source buffers have video and are selected.
209         (WebCore::MediaSourcePrivateAVFObjC::hasSelectedVideoChanged): Call setSourceBufferWithSelectedVideo().
210         (WebCore::MediaSourcePrivateAVFObjC::setVideoLayer): Set (or clear) the layer on the selected buffer.
211         (WebCore::MediaSourcePrivateAVFObjC::setDecompressionSession): Ditto for decompression session.
212         (WebCore::MediaSourcePrivateAVFObjC::setSourceBufferWithSelectedVideo): Remove the layer and decompression session from the unselected
213
214                 buffer and add the decompression session or layer to the newly selected buffer.
215         (WebCore::MediaSourcePrivateAVFObjCHasVideo): Deleted.
216         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
217         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
218         (WebCore::SourceBufferPrivateAVFObjC::destroyRenderers): Clear the videoLayer and decompressionSession.
219         (WebCore::SourceBufferPrivateAVFObjC::hasSelectedVideo): Return whether the buffer has a selected video track.
220         (WebCore::SourceBufferPrivateAVFObjC::trackDidChangeEnabled): The media player now manages the video layer and decompression session lifetimes.
221         (WebCore::SourceBufferPrivateAVFObjC::flush): Flush the decompression session, if it exists.
222         (WebCore::SourceBufferPrivateAVFObjC::enqueueSample): Enqueue to the decompression session, if it exists.
223         (WebCore::SourceBufferPrivateAVFObjC::isReadyForMoreSamples): As the decompression session, if it exists.
224         (WebCore::SourceBufferPrivateAVFObjC::didBecomeReadyForMoreSamples): Tell the decompression session to stop requesting data, if it exists.
225         (WebCore::SourceBufferPrivateAVFObjC::notifyClientWhenReadyForMoreSamples): Request media data from the decompression session, if it exists.
226         (WebCore::SourceBufferPrivateAVFObjC::setVideoLayer): Added.
227         (WebCore::SourceBufferPrivateAVFObjC::setDecompressionSession): Added.
228         * platform/graphics/cocoa/WebCoreDecompressionSession.h: Added.
229         (WebCore::WebCoreDecompressionSession::create):
230         (WebCore::WebCoreDecompressionSession::isInvalidated):
231         (WebCore::WebCoreDecompressionSession::createWeakPtr):
232         * platform/graphics/cocoa/WebCoreDecompressionSession.mm: Added.
233         (WebCore::WebCoreDecompressionSession::WebCoreDecompressionSession): Register for media data requests.
234         (WebCore::WebCoreDecompressionSession::invalidate):  Unregister for same.
235         (WebCore::WebCoreDecompressionSession::maybeBecomeReadyForMoreMediaDataCallback): Pass to maybeBecomeReadyForMoreMediaData.
236         (WebCore::WebCoreDecompressionSession::maybeBecomeReadyForMoreMediaData): Check in-flight decodes, and decoded frame counts.
237         (WebCore::WebCoreDecompressionSession::enqueueSample): Pass the sample to be decoded on a background queue.
238         (WebCore::WebCoreDecompressionSession::decodeSample): Decode the sample.
239         (WebCore::WebCoreDecompressionSession::decompressionOutputCallback): Call handleDecompressionOutput.
240         (WebCore::WebCoreDecompressionSession::handleDecompressionOutput): Pass decoded sample to be enqueued on the main thread.
241         (WebCore::WebCoreDecompressionSession::getFirstVideoFrame):
242         (WebCore::WebCoreDecompressionSession::enqueueDecodedSample): Enqueue the frame (if it's a displayed frame).
243         (WebCore::WebCoreDecompressionSession::isReadyForMoreMediaData): Return whether we've hit our high water sample count.
244         (WebCore::WebCoreDecompressionSession::requestMediaDataWhenReady):
245         (WebCore::WebCoreDecompressionSession::stopRequestingMediaData): Unset the same.
246         (WebCore::WebCoreDecompressionSession::notifyWhenHasAvailableVideoFrame): Set a callback to notify when a decoded frame has been enqueued.
247         (WebCore::WebCoreDecompressionSession::imageForTime): Successively dequeue images until reaching one at or beyond the requested time.
248         (WebCore::WebCoreDecompressionSession::flush): Synchronously empty the producer and consumer queues.
249         (WebCore::WebCoreDecompressionSession::getDecodeTime): Utility method.
250         (WebCore::WebCoreDecompressionSession::getPresentationTime): Ditto.
251         (WebCore::WebCoreDecompressionSession::getDuration): Ditto.
252         (WebCore::WebCoreDecompressionSession::compareBuffers): Ditto.
253         * platform/cocoa/VideoToolboxSoftLink.cpp: Added.
254         * platform/cocoa/VideoToolboxSoftLink.h: Added.
255
256 2017-05-18  Said Abou-Hallawa  <sabouhallawa@apple.com>
257
258         [REGRESSION](r216901): Delete ImageDecoder if BitmapImage::destroyDecodedData() was called to destroy all the decoded frames
259         https://bugs.webkit.org/show_bug.cgi?id=172325
260
261         Reviewed by Simon Fraser.
262
263         When calling BitmapImage::destroyDecodedData() with destroyAll = true, the
264         current ImageDecoder has to be deleted regardless the current frame needs
265         to be cached or not. This is true except when the image is animating.
266         Creating a new ImageDecoder for the animated image will lead to decoding
267         all the frames from frame-zero till the current frame.
268
269         Deleting the current ImageDecoder has the benefit of releasing its raster
270         data. We also must delete the current ImageDecoder when the CachedImage
271         switched its data SharedBuffer.
272
273         The fix is return the condition in BitmapImage::destroyDecodedData() to 
274         be as it was before r216901.
275
276         * platform/graphics/BitmapImage.cpp:
277         (WebCore::BitmapImage::destroyDecodedData):
278
279 2017-05-18  Ryan Haddad  <ryanhaddad@apple.com>
280
281         Unreviewed, rolling out r217079.
282
283         This change broke internal builds.
284
285         Reverted changeset:
286
287         "Redundant ellipsis box triggers
288         ASSERT_WITH_SECURITY_IMPLICATION in InlineBox::parent()."
289         https://bugs.webkit.org/show_bug.cgi?id=172309
290         http://trac.webkit.org/changeset/217079
291
292 2017-05-18  Joseph Pecoraro  <pecoraro@apple.com>
293
294         Web Inspector: Release InjectedScripts when frontends close
295         https://bugs.webkit.org/show_bug.cgi?id=172313
296
297         Reviewed by Andreas Kling.
298
299         * inspector/InspectorController.cpp:
300         (WebCore::InspectorController::disconnectFrontend):
301         Release inspector resources together, including discarding injected
302         scripts so that they may be collected.
303
304         (WebCore::InspectorController::inspectedPageDestroyed):
305         (WebCore::InspectorController::disconnectAllFrontends):
306         Move the disconnect call inside of disconnectAllFrontends to establish
307         a pattern of releasing web inspector resources together.
308
309 2017-05-18  Simon Fraser  <simon.fraser@apple.com>
310
311         Add a newline after the URL in showLayerTree output.
312
313         Reviewed by Zalan Bujtas.
314
315         * rendering/RenderLayer.cpp:
316         (WebCore::showLayerTree):
317
318 2017-05-18  Wenson Hsieh  <wenson_hsieh@apple.com>
319
320         Attachment drag preview should not have the attachment outline
321         https://bugs.webkit.org/show_bug.cgi?id=172327
322         <rdar://problem/32282831>
323
324         Reviewed by Tim Horton.
325
326         When creating a drag image for an attachment element, don't include borders around the attachment.
327
328         * page/DragController.cpp:
329         (WebCore::DragController::startDrag):
330         * rendering/RenderAttachment.h:
331         * rendering/RenderThemeIOS.mm:
332         (WebCore::RenderThemeIOS::paintAttachment):
333
334 2017-05-18  Youenn Fablet  <youenn@apple.com>
335
336         Make WebRTC logging happen in Release
337         https://bugs.webkit.org/show_bug.cgi?id=172307
338
339         Reviewed by Eric Carlson.
340
341         No change of behavior.
342         Move from LOG(WebRTC...) to RELEASE_LOG(WebRTC...).
343
344         * Modules/mediastream/PeerConnectionBackend.cpp:
345         (WebCore::PeerConnectionBackend::createOfferSucceeded):
346         (WebCore::PeerConnectionBackend::createOfferFailed):
347         (WebCore::PeerConnectionBackend::createAnswerSucceeded):
348         (WebCore::PeerConnectionBackend::createAnswerFailed):
349         (WebCore::PeerConnectionBackend::setLocalDescriptionSucceeded):
350         (WebCore::PeerConnectionBackend::setLocalDescriptionFailed):
351         (WebCore::PeerConnectionBackend::setRemoteDescriptionSucceeded):
352         (WebCore::PeerConnectionBackend::setRemoteDescriptionFailed):
353         (WebCore::PeerConnectionBackend::addIceCandidateSucceeded):
354         (WebCore::PeerConnectionBackend::addIceCandidateFailed):
355         (WebCore::PeerConnectionBackend::newICECandidate):
356         (WebCore::PeerConnectionBackend::doneGatheringCandidates):
357         * Modules/mediastream/RTCPeerConnection.cpp:
358         (WebCore::RTCPeerConnection::queuedCreateOffer):
359         (WebCore::RTCPeerConnection::queuedCreateAnswer):
360         (WebCore::RTCPeerConnection::queuedSetLocalDescription):
361         (WebCore::RTCPeerConnection::queuedSetRemoteDescription):
362         (WebCore::RTCPeerConnection::queuedAddIceCandidate):
363
364 2017-05-18  Eric Carlson  <eric.carlson@apple.com>
365
366         [MediaStream] do not cache gUM permissions
367         https://bugs.webkit.org/show_bug.cgi?id=172245
368
369         Reviewed by Youenn Fablet.
370
371         No new tests, updated fast/mediastream/MediaDevices-getUserMedia.html.
372
373         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
374         (WebCore::RealtimeMediaSourceCenter::validateRequestConstraints): Add salt parameter.
375         * platform/mediastream/RealtimeMediaSourceCenter.h:
376
377 2017-05-18  Zalan Bujtas  <zalan@apple.com>
378
379         Redundant ellipsis box triggers ASSERT_WITH_SECURITY_IMPLICATION in InlineBox::parent().
380         https://bugs.webkit.org/show_bug.cgi?id=172309
381         <rdar://problem/32262357>
382
383         Reviewed by Simon Fraser.
384
385         This patch stops the redundant ellipsis box trigger ASSERT_WITH_SECURITY_IMPLICATION.
386
387         In RootInlineBox::placeEllipsis we construct an ellipsis box and append it to a static HashMap which
388         keeps track of the ellipsis boxes on each line. However when the line already has an ellipsis, we
389         re-use the existing one and this newly constructed (but redundant) box gets destroyed as we return from this function.
390         In InlineBox's d'tor, we let the parent know that now it has a dangling child and we assert on it
391         later, while accessing the children list. However this redundant ellipsis box was never added to the line,
392         so the assertion hits incorrectly.
393
394         Test: fast/inline/redundant-ellipsis-triggers-assert-incorrectly.html
395
396         * rendering/EllipsisBox.cpp:
397         (WebCore::EllipsisBox::EllipsisBox):
398         * rendering/InlineBox.cpp:
399         (WebCore::InlineBox::invalidateParentChildList):
400         * rendering/InlineBox.h:
401         * rendering/RootInlineBox.cpp:
402         (WebCore::RootInlineBox::placeEllipsis): Use the newly created ellipsis box instead.
403
404 2017-05-18  Andy Estes  <aestes@apple.com>
405
406         ENABLE(APPLE_PAY_DELEGATE) should be NO on macOS Sierra and earlier
407         https://bugs.webkit.org/show_bug.cgi?id=172305
408
409         Reviewed by Anders Carlsson.
410
411         * Configurations/FeatureDefines.xcconfig:
412
413 2017-05-18  Dean Jackson  <dino@apple.com>
414
415         Transform misplaces element 50% of the time
416         https://bugs.webkit.org/show_bug.cgi?id=172300
417
418         Reviewed by Simon Fraser.
419
420         A hardware-accelerated animation of the transform property
421         requires layout to happen if it contains a translate operation
422         using percentages, otherwise it may create an incorrect
423         animation. The "50% of the time" comes in to play because
424         the layout timer may sometimes fire before the animation
425         timer. The test case contains a example that is much more
426         likely to fail without this fix.
427
428         Test: animations/needs-layout.html
429
430         * page/animation/CSSAnimationController.cpp:
431         (WebCore::CSSAnimationControllerPrivate::animationTimerFired): If
432         we've been told that we need a layout, and we have one pending, then
433         force it before doing the rest of the animation logic.
434         (WebCore::CSSAnimationController::updateAnimations): Check if the
435         CompositeAnimation depends on layout, and tell the private controller
436         that it should check for the necessity of a layout as the animation
437         timer fires.
438
439         * page/animation/CompositeAnimation.cpp:
440         (WebCore::CompositeAnimation::animate): Ask the keyframes if this
441         animation depends on layout.
442
443         * page/animation/CompositeAnimation.h:
444         (WebCore::CompositeAnimation::hasAnimationThatDependsOnLayout):
445         * page/animation/KeyframeAnimation.cpp:
446         (WebCore::KeyframeAnimation::KeyframeAnimation):
447         (WebCore::KeyframeAnimation::computeLayoutDependency): Look at all
448         the keyframe properties for something that is a translation using
449         percentages.
450
451         * page/animation/KeyframeAnimation.h:
452
453 2017-05-18  Wenson Hsieh  <wenson_hsieh@apple.com>
454
455         Selection around attachment elements should not persist when beginning a drag
456         https://bugs.webkit.org/show_bug.cgi?id=172319
457         <rdar://problem/32283008>
458
459         Reviewed by Tim Horton.
460
461         When beginning to drag an attachment element, save and restore the visible selection when calling out to the
462         injected bundle for additional data, and when creating the drag image.
463
464         Augmented an existing API test: DataInteractionTests.AttachmentElementItemProviders.
465
466         * page/DragController.cpp:
467         (WebCore::DragController::startDrag):
468
469 2017-05-18  Daniel Bates  <dabates@apple.com>
470
471         Cleanup: Remove unused functions from RuntimeEnabledFeatures
472         https://bugs.webkit.org/show_bug.cgi?id=172315
473
474         Reviewed by Jer Noble.
475
476         * page/RuntimeEnabledFeatures.cpp:
477         (WebCore::RuntimeEnabledFeatures::htmlMediaElementEnabled): Deleted.
478         (WebCore::RuntimeEnabledFeatures::htmlVideoElementEnabled): Deleted.
479         (WebCore::RuntimeEnabledFeatures::htmlSourceElementEnabled): Deleted.
480         (WebCore::RuntimeEnabledFeatures::mediaControllerEnabled): Deleted.
481         (WebCore::RuntimeEnabledFeatures::mediaErrorEnabled): Deleted.
482         (WebCore::RuntimeEnabledFeatures::timeRangesEnabled): Deleted.
483         * page/RuntimeEnabledFeatures.h:
484         (WebCore::RuntimeEnabledFeatures::setDOMIteratorEnabled): Deleted.
485         (WebCore::RuntimeEnabledFeatures::domIteratorEnabled): Deleted.
486         (WebCore::RuntimeEnabledFeatures::setGeolocationEnabled): Deleted.
487         (WebCore::RuntimeEnabledFeatures::geolocationEnabled): Deleted.
488
489 2017-05-18  Daniel Bates  <dabates@apple.com>
490
491         Improve error message for Access-Control-Allow-Origin violation due to misconfigured server
492         https://bugs.webkit.org/show_bug.cgi?id=162819
493         <rdar://problem/28575938>
494
495         Reviewed by Joseph Pecoraro.
496
497         Inspired by Blink change:
498         <https://src.chromium.org/viewvc/blink?view=revision&revision=163406>
499
500         At most one Access-Control-Allow-Origin header may be in an HTTP response. Improve the
501         error message emitted on a CORS failure when Access-Control-Allow-Origin contains more
502         than one origin, indicated by the presence of a ',', as a way to help web developers/server
503         administrators differentiate between a misconfigured Access-Control-Allow-Origin header
504         and a misconfigured server.
505
506         * loader/CrossOriginAccessControl.cpp:
507         (WebCore::passesAccessControlCheck): Defined a local variable to hold the value of securityOrigin.toString()
508         and referenced this variable throughout the code to avoid computing the stringified security
509         origin more than once. Switched to using makeString() to concatenate error message when the
510         origin of the page does not match the value of the Access-Control-Allow-Origin header.
511
512 2017-05-18  John Wilander  <wilander@apple.com>
513
514         Resource Load Statistics: Grandfather domains for existing data records
515         https://bugs.webkit.org/show_bug.cgi?id=172155
516         <rdar://problem/24913532>
517
518         Reviewed by Alex Christensen.
519
520         Test: http/tests/loading/resourceLoadStatistics/grandfathering.html
521
522         * loader/ResourceLoadObserver.cpp:
523         (WebCore::ResourceLoadObserver::setGrandfathered):
524         (WebCore::ResourceLoadObserver::isGrandfathered):
525         (WebCore::ResourceLoadObserver::setMinimumTimeBetweeenDataRecordsRemoval):
526         (WebCore::ResourceLoadObserver::setGrandfatheringTime):
527             Functions for testing and configuration.
528             ResourceLoadObserver::setMinimumTimeBetweeenDataRecordsRemoval() changed as a result of moving
529             WebKit::WebResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval() here.
530         * loader/ResourceLoadObserver.h:
531         * loader/ResourceLoadStatisticsStore.cpp:
532         (WebCore::ResourceLoadStatisticsStore::createEncoderFromData):
533         (WebCore::ResourceLoadStatisticsStore::readDataFromDecoder):
534             Now contains endOfGrandfatheringTimestamp.
535         (WebCore::ResourceLoadStatisticsStore::clearInMemoryAndPersistent):
536             Now makes a call to m_grandfatherExistingWebsiteDataHandler().
537         (WebCore::ResourceLoadStatisticsStore::setGrandfatherExistingWebsiteDataCallback):
538         (WebCore::ResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval):
539             Changed as a result of moving
540             WebKit::WebResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval() here.
541         (WebCore::ResourceLoadStatisticsStore::setGrandfatheringTime):
542         (WebCore::ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor):
543             Renamed since it now also takes grandfathering into account.
544         (WebCore::ResourceLoadStatisticsStore::updateStatisticsForRemovedDataRecords):
545             Fixed typo in local variable name.
546         (WebCore::ResourceLoadStatisticsStore::handleFreshStartWithEmptyOrNoStore):
547         (WebCore::ResourceLoadStatisticsStore::shouldRemoveDataRecords):
548             Convenience function added.
549         (WebCore::ResourceLoadStatisticsStore::dataRecordsBeingRemoved):
550             Convenience function added.
551         (WebCore::ResourceLoadStatisticsStore::dataRecordsWereRemoved):
552             Convenience function added.
553         (WebCore::ResourceLoadStatisticsStore::prevalentResourceDomainsWithoutUserInteraction): Deleted.
554             Replaced by ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor().
555         * loader/ResourceLoadStatisticsStore.h:
556
557 2017-05-18  Daniel Bates  <dabates@apple.com>
558
559         Bindings: Require value for extended attributes EnabledAtRuntime and EnabledForWorld
560         https://bugs.webkit.org/show_bug.cgi?id=172252
561
562         Reviewed by Sam Weinig.
563
564         According to Sam Weinig it is an anti-feature that EnabledAtRuntime can be specified
565         without a value. We should make it require a value for the name of the RuntimeEnabledFeatures
566         function to use in the generated code. For similar reasons we should also require
567         a value for the extended attribute EnabledForWorld.
568
569         * Modules/websockets/WebSocket.idl: Substitute EnabledAtRuntime=WebSocket for EnabledAtRuntime.
570         * bindings/scripts/CodeGeneratorJS.pm:
571         (GetRuntimeEnableFunctionName):
572         * html/HTMLAudioElement.idl: Substitute EnabledAtRuntime=Audio for EnabledAtRuntime.
573         * page/RuntimeEnabledFeatures.cpp:
574         (WebCore::RuntimeEnabledFeatures::audioEnabled):
575         (WebCore::RuntimeEnabledFeatures::htmlAudioElementEnabled): Deleted. This function duplicated
576         the functionality of RuntimeEnabledFeatures::audioEnabled(). Instead we explicitly
577         write EnabledAtRuntime=Audio in HTMLAudioElement.idl to use RuntimeEnabledFeatures::audioEnabled()
578         to determine whether to expose/conceal the HTMLAudioElement global constructor at runtime.
579         * page/RuntimeEnabledFeatures.h:
580
581 2017-05-18  Jer Noble  <jer.noble@apple.com>
582
583         Allow nested timers to propagate user gestures so long as the total nested interval is less than 1s.
584         https://bugs.webkit.org/show_bug.cgi?id=172173
585
586         Reviewed by Andy Estes.
587
588         Test: media/restricted-audio-playback-with-multiple-settimeouts.html
589
590         Store the current nested timer interval in DOMTimerFireState, and use that value to propagate the
591         nested interval through multiple invocations of setTimeout().
592
593         Drive-by fix: instead of manually resetting the nesting level in DOMTimer::fired(), add the
594         nesting level to the DOMTimerFireState, and reset the nesting level on the state's destruction.
595         This fixes one place in DOMTimer::fire() where an early return lead to the timer's nesting level
596         not being reset.
597
598         * page/DOMTimer.cpp:
599         (WebCore::DOMTimerFireState::DOMTimerFireState):
600         (WebCore::DOMTimerFireState::~DOMTimerFireState):
601         (WebCore::DOMTimerFireState::nestedTimerInterval):
602         (WebCore::shouldForwardUserGesture):
603         (WebCore::userGestureTokenToForward):
604         (WebCore::currentNestedTimerInterval):
605         (WebCore::DOMTimer::DOMTimer):
606         (WebCore::DOMTimer::fired):
607         * page/DOMTimer.h:
608
609 2017-05-18  Youenn Fablet  <youenn@apple.com>
610
611         RealtimeOutgoingAudioSource should use the source sample rate
612         https://bugs.webkit.org/show_bug.cgi?id=172297
613
614         Reviewed by Eric Carlson.
615
616         Covered by manual tests.
617
618         * platform/mediastream/mac/RealtimeOutgoingAudioSource.cpp:
619         (WebCore::RealtimeOutgoingAudioSource::audioSamplesAvailable): Using the audio source sample rate so that the converter does the right conversion.
620
621 2017-05-18  Andy Estes  <aestes@apple.com>
622
623         Add "countryCode" to ApplePayErrorContactField
624         https://bugs.webkit.org/show_bug.cgi?id=172264
625         <rdar://problem/32004909>
626
627         Reviewed by Anders Carlsson.
628
629         Added ApplePayError tests to http/tests/ssl/applepay/ApplePaySession.html
630
631         * Modules/applepay/ApplePayError.idl:
632         * Modules/applepay/PaymentRequest.h:
633
634 2017-05-18  Daniel Bates  <dabates@apple.com>
635
636         Cleanup: Remove unnecessary call to AddToImplIncludes("RuntimeEnabledFeatures.h") in GenerateImplementation()
637         https://bugs.webkit.org/show_bug.cgi?id=172236
638
639         Reviewed by Chris Dumez.
640
641         It is unnecessary for GenerateImplementation() to explicitly call AddToImplIncludes("RuntimeEnabledFeatures.h")
642         to add the header RuntimeEnabledFeatures.h to the list of headers in the generated implementation
643         as this header is added when GetRuntimeEnableFunctionName() is called. And GenerateImplementation()
644         calls GetRuntimeEnableFunctionName().
645
646         No functionality changed. So, no new tests.
647
648         * bindings/scripts/CodeGeneratorJS.pm:
649         (GenerateImplementation):
650
651 2017-05-18  Daniel Bates  <dabates@apple.com>
652
653         REGRESSION (r209608): Cross-origin plugin document opened in child window blocked by parent
654         window CSP when object-src 'none' is set
655         https://bugs.webkit.org/show_bug.cgi?id=172038
656         <rdar://problem/32258262>
657
658         Reviewed by Andy Estes.
659
660         Fixes an issue where a cross-origin plugin document opened in a child window would inherit
661         the Content Security Policy (CSP) of its opener. In particular, a cross-origin plugin
662         document opened in a child window would be blocked when the CSP of its opener disallows
663         plugins (e.g. object-source 'none').
664
665         Prior to r209608 a document opened in a child window never inherited the CSP from its opener
666         and a plugin document loaded in a subframe would unconditionally inherit the CSP from its
667         parent frame. So, a plugin document opened in a child window would be allowed to load
668         regardless of whether its opener had a CSP that prevented plugins. Following r209608 a
669         document opened in a child window would inherit its CSP from its opener if and only if it
670         would inherit the security origin from its opener (e.g. about:blank) or was a plugin
671         document. The latter condition makes plugin documents opened in a child window unconditionally
672         inherit the CSP from their opener and is the cause of this bug. It seems reasonable to exempt
673         cross-origin plugin documents opened in a child window from the CSP inheritance rule because
674         such documents cannot compromise the origin of their opener. Same-origin plugin documents
675         opened in a child window will continue to inherit the CSP from their opener because such
676         documents can compromise the origin of their opener.
677
678         Tests: http/tests/security/contentSecurityPolicy/cross-origin-plugin-document-allowed-in-child-window.html
679                http/tests/security/contentSecurityPolicy/plugin-blocked-in-about-blank-window.html
680                http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window.html
681
682         * dom/Document.cpp:
683         (WebCore::Document::shouldInheritContentSecurityPolicyFromOwner): Added.
684         (WebCore::Document::initContentSecurityPolicy):
685         * dom/Document.h:
686
687 2017-05-18  Keith Miller  <keith_miller@apple.com>
688
689         WebAssembly API: test with neutered inputs
690         https://bugs.webkit.org/show_bug.cgi?id=163899
691
692         Reviewed by JF Bastien.
693
694         Make it not possible to transfer an ArrayBuffer that is backed by a
695         wasm memory.
696
697         Test: workers/wasm-mem-post-message.html
698
699         * bindings/js/SerializedScriptValue.cpp:
700         (WebCore::SerializedScriptValue::create):
701
702 2017-05-18  Commit Queue  <commit-queue@webkit.org>
703
704         Unreviewed, rolling out r217031, r217032, and r217037.
705         https://bugs.webkit.org/show_bug.cgi?id=172293
706
707         cause linking errors in Windows (Requested by yusukesuzuki on
708         #webkit).
709
710         Reverted changesets:
711
712         "[JSC][DFG][DOMJIT] Extend CheckDOM to CheckSubClass"
713         https://bugs.webkit.org/show_bug.cgi?id=172098
714         http://trac.webkit.org/changeset/217031
715
716         "Unreviewed, rebaseline for newly added ClassInfo"
717         https://bugs.webkit.org/show_bug.cgi?id=172098
718         http://trac.webkit.org/changeset/217032
719
720         "Unreviewed, fix debug and non-JIT build"
721         https://bugs.webkit.org/show_bug.cgi?id=172098
722         http://trac.webkit.org/changeset/217037
723
724 2017-05-18  Per Arne Vollan  <pvollan@apple.com>
725
726         Protect MediaDeviceRequest instance during context destruction.
727         https://bugs.webkit.org/show_bug.cgi?id=172285
728         <rdar://problem/30369017>
729
730         Reviewed by Brent Fulgham.
731
732         In MediaDevicesRequest::contextDestroyed(), the call to m_enumerationRequest->cancel() might
733         end up deleting itself (MediaDevicesRequest). The std::function member m_completionHandler
734         in MediaDevicesEnumerationRequest contains a captured variable of type
735         RefPtr<MediaDevicesRequest>. When m_completionHandler is set to null in the cancel() method,
736         the MediaDevicesRequest object will be deleted if the m_completionHandler member is holding
737         the last reference.
738
739         No new tests, since I am unable to reproduce.
740
741         * Modules/mediastream/MediaDevicesRequest.cpp:
742         (WebCore::MediaDevicesRequest::contextDestroyed):
743
744 2017-05-18  Antti Koivisto  <antti@apple.com>
745
746         Design mode should not affect UA shadow trees
747         https://bugs.webkit.org/show_bug.cgi?id=171854
748         <rdar://problem/32071037>
749
750         Reviewed by Zalan Bujtas.
751
752         Test: editing/deleting/search-shadow-tree-delete.html
753
754         * html/HTMLElement.cpp:
755         (WebCore::HTMLElement::editabilityFromContentEditableAttr):
756
757             Ignore design mode for UA shadow trees.
758
759         * html/SearchInputType.cpp:
760         (WebCore::SearchInputType::~SearchInputType):
761         (WebCore::SearchInputType::createShadowSubtree):
762         (WebCore::SearchInputType::resultsButtonElement):
763         (WebCore::SearchInputType::cancelButtonElement):
764         * html/SearchInputType.h:
765
766             Use RefPtr.
767
768 2017-05-18  Vanessa Chipirrás Navalón  <vchipirras@igalia.com>
769
770         [GTK][GStreamer][MSE] Crash on youtube when MSE is enabled but gstreamer cant find the decoder element.
771         https://bugs.webkit.org/show_bug.cgi?id=167120
772
773         Reviewed by Žan Doberšek.
774
775         This is because supportCodecs() doesn't check in runtime which plugins the player has.
776         So, a static function which returns a map with the plugins has been created. That map is later
777         used in the supportsCodecs() method to check if the requested codec matches any of the map.
778
779         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
780         (WebCore::MediaPlayerPrivateGStreamerBase::initializeGStreamerAndRegisterWebKitElements):
781         The declaration is moved into this class.
782         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
783         (WebCore::MediaPlayerPrivateGStreamer::isAvailable): This function calls the implementation of
784         initializeGstreamerAndRegisterWebKitElements function.
785         (WebCore::MediaPlayerPrivateGStreamer::load): Ditto
786         (WebCore::mimeTypeSet): Ditto
787         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h: It is static type to expose
788         initializeGStreamerAndRegisterWebKitElements() function to be called from internal function
789         "which runs before MediaPlayerPrivateGStreamerBase initialization but needs to have GStreamer initialized".
790         * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
791         (WebCore::codecSet): It returns a map with the plugins has been created.
792         (WebCore::MediaPlayerPrivateGStreamerMSE::supportsCodecs): To check if the requested codec
793         matches any of the map from codecSet().
794
795 2017-05-18  Romain Bellessort  <romain.bellessort@crf.canon.fr>
796
797         [Readable Streams API] Align getDesiredSize with spec
798         https://bugs.webkit.org/show_bug.cgi?id=172220
799
800         Reviewed by Chris Dumez.
801
802         Aligned implementation of getDesiredSize operation for both controllers:
803         - https://streams.spec.whatwg.org/#readable-stream-default-controller-get-desired-size
804         - https://streams.spec.whatwg.org/#readable-byte-stream-controller-get-desired-size
805
806         Implementation slightly differs from spec as queueTotalSize refactoring is not
807         yet implemented, but behavior is now similar.
808
809         No new tests (already covered by WPT tests, corresponding expectations have been updated).
810
811         * Modules/streams/ReadableByteStreamInternals.js:
812         (readableByteStreamControllerGetDesiredSize): Updated.
813         * Modules/streams/ReadableStreamInternals.js:
814         (readableStreamDefaultControllerGetDesiredSize): Updated.
815
816 2017-05-18  Tim Horton  <timothy_horton@apple.com>
817
818         More WebKit2 header cleanup
819         https://bugs.webkit.org/show_bug.cgi?id=172214
820
821         Reviewed by Simon Fraser.
822
823         * Modules/mediastream/UserMediaController.cpp:
824         * Modules/mediastream/UserMediaController.h:
825
826 2017-05-16  Yusuke Suzuki  <utatane.tea@gmail.com>
827
828         [JSC][DFG][DOMJIT] Extend CheckDOM to CheckSubClass
829         https://bugs.webkit.org/show_bug.cgi?id=172098
830
831         Reviewed by Saam Barati.
832
833         Add DOMJIT interface IDL attribute. Which allows us to define checkSubClassPatchpoint function
834         for that ClassInfo. And we move CheckSubClass patchpoint implementation to ClassInfo's member.
835
836         * CMakeLists.txt:
837         * WebCore.xcodeproj/project.pbxproj:
838         * bindings/js/JSDOMGlobalObject.cpp:
839         * bindings/js/JSDOMWindowBase.cpp:
840         * bindings/js/JSDOMWindowProperties.cpp:
841         * bindings/js/JSDOMWindowShell.cpp:
842         * bindings/js/JSReadableStreamPrivateConstructors.cpp:
843         * bindings/js/JSWorkerGlobalScopeBase.cpp:
844         * bindings/scripts/CodeGeneratorJS.pm:
845         (GenerateHeader):
846         (GenerateImplementation):
847         (GenerateImplementationIterableFunctions):
848         (GenerateConstructorHelperMethods):
849         * bindings/scripts/IDLAttributes.json:
850         * bindings/scripts/test/JS/JSInterfaceName.cpp:
851         * bindings/scripts/test/JS/JSMapLike.cpp:
852         * bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
853         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
854         * bindings/scripts/test/JS/JSTestCEReactions.cpp:
855         * bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
856         * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
857         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
858         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
859         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
860         * bindings/scripts/test/JS/JSTestDOMJIT.cpp:
861         * bindings/scripts/test/JS/JSTestDOMJIT.h:
862         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
863         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
864         * bindings/scripts/test/JS/JSTestException.cpp:
865         * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
866         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
867         * bindings/scripts/test/JS/JSTestInterface.cpp:
868         * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
869         * bindings/scripts/test/JS/JSTestIterable.cpp:
870         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
871         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
872         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
873         * bindings/scripts/test/JS/JSTestNode.cpp:
874         * bindings/scripts/test/JS/JSTestObj.cpp:
875         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
876         * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
877         * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
878         * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
879         * bindings/scripts/test/JS/JSTestSerialization.cpp:
880         * bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
881         * bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
882         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
883         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
884         * bridge/c/CRuntimeObject.cpp:
885         * bridge/c/c_instance.cpp:
886         * bridge/objc/ObjCRuntimeObject.mm:
887         * bridge/objc/objc_instance.mm:
888         * bridge/objc/objc_runtime.mm:
889         * bridge/runtime_array.cpp:
890         * bridge/runtime_method.cpp:
891         * bridge/runtime_object.cpp:
892         * dom/Document.idl:
893         * dom/DocumentFragment.idl:
894         * dom/Element.idl:
895         * dom/Event.idl:
896         * dom/Node.idl:
897         * domjit/JSDocumentDOMJIT.cpp:
898         (WebCore::JSDocument::checkSubClassPatchpoint):
899         (WebCore::DocumentDocumentElementDOMJIT::checkDOM): Deleted.
900         (WebCore::DocumentBodyDOMJIT::checkDOM): Deleted.
901         * domjit/JSDocumentFragmentDOMJIT.cpp: Copied from Source/JavaScriptCore/runtime/JSMap.cpp.
902         (WebCore::JSDocumentFragment::checkSubClassPatchpoint):
903         * domjit/JSElementDOMJIT.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
904         (WebCore::JSElement::checkSubClassPatchpoint):
905         * domjit/JSEventDOMJIT.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
906         (WebCore::JSEvent::checkSubClassPatchpoint):
907         * domjit/JSNodeDOMJIT.cpp:
908         (WebCore::JSNode::checkSubClassPatchpoint):
909         (WebCore::NodeFirstChildDOMJIT::checkDOM): Deleted.
910         (WebCore::NodeLastChildDOMJIT::checkDOM): Deleted.
911         (WebCore::NodeNextSiblingDOMJIT::checkDOM): Deleted.
912         (WebCore::NodePreviousSiblingDOMJIT::checkDOM): Deleted.
913         (WebCore::NodeParentNodeDOMJIT::checkDOM): Deleted.
914         (WebCore::NodeNodeTypeDOMJIT::checkDOM): Deleted.
915         (WebCore::NodeOwnerDocumentDOMJIT::checkDOM): Deleted.
916
917 2017-05-17  Youenn Fablet  <youenn@apple.com>
918
919         r216999 broke win build
920         https://bugs.webkit.org/show_bug.cgi?id=172257
921
922         Unreviewed.
923
924         * testing/Internals.cpp:
925         (WebCore::Internals::setPageVisibility): Moving setPageVisibility out of MEDIA_STREAM compilation flag.
926
927 2017-05-17  Andy Estes  <aestes@apple.com>
928
929         [Cocoa] errors are not propagated to PassKit when calling ApplePaySession.completePayment()
930         https://bugs.webkit.org/show_bug.cgi?id=172253
931         <rdar://problem/32258020>
932
933         Reviewed by Dan Bernstein.
934
935         In ApplePaySession::completePayment(), releaseReturnValue() was being called twice on the
936         same convertedResult. Since the first call moved the errors vector out of convertedResult,
937         the vector is empty in the second call. It's the second call that sends the result to the
938         UI process, so we end up with an empty arary when we call PassKit's delegate completion
939         handler.
940
941         * Modules/applepay/ApplePaySession.cpp:
942         (WebCore::ApplePaySession::completePayment):
943
944 2017-05-17  Ryan Haddad  <ryanhaddad@apple.com>
945
946         Unreviewed, rolling out r217014.
947
948         This change caused mac-wk2 LayoutTests to exit early due to
949         crashes.
950
951         Reverted changeset:
952
953         "Resource Load Statistics: Grandfather domains for existing
954         data records"
955         https://bugs.webkit.org/show_bug.cgi?id=172155
956         http://trac.webkit.org/changeset/217014
957
958 2017-05-17  Zalan Bujtas  <zalan@apple.com>
959
960         Tighten TextIterator::handleTextNode run-renderer mapping logic.
961         https://bugs.webkit.org/show_bug.cgi?id=172174
962
963         Reviewed by Antti Koivisto.
964
965         This patch ensure that when runs and renderers are getting out of sync
966         we don't run into problems like webkit.org/b/172113 (where we end up
967         using incorrect content start/end positions).
968
969         * editing/TextIterator.cpp:
970         (WebCore::TextIterator::handleTextNode):
971
972 2017-05-17  John Wilander  <wilander@apple.com>
973
974         Resource Load Statistics: Grandfather domains for existing data records
975         https://bugs.webkit.org/show_bug.cgi?id=172155
976         <rdar://problem/24913532>
977
978         Reviewed by Alex Christensen.
979
980         Test: http/tests/loading/resourceLoadStatistics/grandfathering.html
981
982         * loader/ResourceLoadObserver.cpp:
983         (WebCore::ResourceLoadObserver::setGrandfathered):
984         (WebCore::ResourceLoadObserver::isGrandfathered):
985         (WebCore::ResourceLoadObserver::setMinimumTimeBetweeenDataRecordsRemoval):
986         (WebCore::ResourceLoadObserver::setGrandfatheringTime):
987             Functions for testing and configuration.
988             ResourceLoadObserver::setMinimumTimeBetweeenDataRecordsRemoval() changed as a result of moving
989             WebKit::WebResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval() here.
990         * loader/ResourceLoadObserver.h:
991         * loader/ResourceLoadStatisticsStore.cpp:
992         (WebCore::ResourceLoadStatisticsStore::createEncoderFromData):
993         (WebCore::ResourceLoadStatisticsStore::readDataFromDecoder):
994             Now contains endOfGrandfatheringTimestamp.
995         (WebCore::ResourceLoadStatisticsStore::clearInMemoryAndPersistent):
996             Now makes a call to m_grandfatherExistingWebsiteDataHandler().
997         (WebCore::ResourceLoadStatisticsStore::setGrandfatherExistingWebsiteDataCallback):
998         (WebCore::ResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval):
999             Changed as a result of moving
1000             WebKit::WebResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval() here.
1001         (WebCore::ResourceLoadStatisticsStore::setGrandfatheringTime):
1002         (WebCore::ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor):
1003             Renamed since it now also takes grandfathering into account.
1004         (WebCore::ResourceLoadStatisticsStore::updateStatisticsForRemovedDataRecords):
1005             Fixed typo in local variable name.
1006         (WebCore::ResourceLoadStatisticsStore::handleFreshStartWithEmptyOrNoStore):
1007         (WebCore::ResourceLoadStatisticsStore::shouldRemoveDataRecords):
1008             Convenience function added.
1009         (WebCore::ResourceLoadStatisticsStore::dataRecordsBeingRemoved):
1010             Convenience function added.
1011         (WebCore::ResourceLoadStatisticsStore::dataRecordsWereRemoved):
1012             Convenience function added.
1013         (WebCore::ResourceLoadStatisticsStore::prevalentResourceDomainsWithoutUserInteraction): Deleted.
1014             Replaced by ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor().
1015         * loader/ResourceLoadStatisticsStore.h:
1016
1017 2017-05-17  Zalan Bujtas  <zalan@apple.com>
1018
1019         Debug ASSERT: WebCore::RenderImageResource::shutdown
1020         https://bugs.webkit.org/show_bug.cgi?id=172238
1021         <rdar://problem/30064601>
1022
1023         Reviewed by Simon Fraser.
1024
1025         While constructing new renderers, as part of the render tree update, we check if the insertion point is valid for them. 
1026         When this newly constructed child renderer can't be injected to a specific place, we destroy it right away.
1027         This assert was added with the assumption that the image resource object gets initialized
1028         (through RenderObject::initializeStyle) even when the renderer turns out to be invalid.
1029
1030         Test: fast/images/assert-when-insertion-point-is-incorrect.html
1031
1032         * rendering/RenderImageResource.cpp:
1033         (WebCore::RenderImageResource::RenderImageResource):
1034         (WebCore::RenderImageResource::shutdown):
1035         * rendering/RenderImageResource.h:
1036
1037 2017-05-17  Per Arne Vollan  <pvollan@apple.com>
1038
1039         Crash under WebCore::AudioSourceProviderAVFObjC::process().
1040         https://bugs.webkit.org/show_bug.cgi?id=172101
1041         rdar://problem/27446589
1042
1043         Reviewed by Jer Noble.
1044
1045         Calling the function MTAudioProcessingTapGetSourceAudio when the value of the
1046         MTAudioProcessingTapRef parameter is null, will lead to a null dereference.
1047         This can for example happen if MediaPlayerPrivateAVFoundationObjC::cancelLoad()
1048         is called on the main thread while MediaToolbox is calling the
1049         WebCore::AudioSourceProviderAVFObjC::processCallback function on a secondary
1050         thread. MediaPlayerPrivateAVFoundationObjC::cancelLoad() will then call
1051         AudioSourceProviderAVFObjC::setPlayerItem(nullptr), which will call
1052         AudioSourceProviderAVFObjC::destroyMix(), which will set m_tap to null. When
1053         AudioSourceProviderAVFObjC::process is called on the secondary thread, using
1054         the m_tap member in the call to MTAudioProcessingTapGetSourceAudio, the process
1055         will crash.
1056
1057         No new tests since I am not able to reproduce.
1058
1059         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
1060         (WebCore::AudioSourceProviderAVFObjC::initCallback):
1061         (WebCore::AudioSourceProviderAVFObjC::process):
1062
1063 2017-05-17  Chris Dumez  <cdumez@apple.com>
1064
1065         Setting URL.search to '' results in a stringified URL ending in '?'
1066         https://bugs.webkit.org/show_bug.cgi?id=162345
1067         <rdar://problem/31800441>
1068
1069         Reviewed by Alex Christensen.
1070
1071         As per the specification for the URL.search setter [1], if the given value is
1072         the empty string, then we should set the URL's query to null. We would
1073         previously set the URL's query to the empty string in this case. This aligns
1074         our behavior with Firefox and Chrome.
1075
1076         [1] https://url.spec.whatwg.org/#dom-url-search
1077
1078         No new tests, updated existing tests.
1079
1080         * html/URLUtils.h:
1081         (WebCore::URLUtils<T>::setSearch):
1082
1083 2017-05-17  Eric Carlson  <eric.carlson@apple.com>
1084
1085         [MediaStream] videoWidth and videoHeight should be set when 'loadedmetadata' event fires
1086         https://bugs.webkit.org/show_bug.cgi?id=172223
1087         <rdar://problem/31899755>
1088
1089         Reviewed by Jer Noble.
1090
1091         Test: fast/mediastream/get-user-media-on-loadedmetadata.html
1092
1093         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
1094         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentReadyState): If a stream has
1095         a video track, return HaveNothing until we have a sample.
1096        
1097         * platform/mediastream/RealtimeMediaSource.h:
1098         * platform/mock/MockRealtimeAudioSource.cpp:
1099         (WebCore::MockRealtimeAudioSource::tick): Optionally delay the next sample.
1100         (WebCore::MockRealtimeAudioSource::delaySamples):
1101         * platform/mock/MockRealtimeAudioSource.h:
1102
1103         * platform/mock/MockRealtimeVideoSource.cpp:
1104         (WebCore::MockRealtimeVideoSource::delaySamples):
1105         (WebCore::MockRealtimeVideoSource::generateFrame): Optionally delay the next sample.
1106         * platform/mock/MockRealtimeVideoSource.h:
1107
1108         * testing/Internals.cpp:
1109         (WebCore::Internals::delayMediaStreamTrackSamples):
1110         * testing/Internals.h:
1111         * testing/Internals.idl:
1112
1113 2017-05-17  Youenn Fablet  <youenn@apple.com>
1114
1115         iOS WebRTC Media Capture should not allow camera capture from background tab
1116         https://bugs.webkit.org/show_bug.cgi?id=172200
1117
1118         Reviewed by Eric Carlson.
1119
1120         Test: platform/ios/mediastream/getUserMedia-disabled-in-background-tabs.html and manual tests.
1121
1122         Making Video Capture Factory aware of Document visibility changes.
1123         On iOS, muting/unmuting the current video source according Document visibility.
1124         Not using Document visibility change observer as factories are platform and cannot implement
1125         the visibility observer interface without moving the visibility observer interface.
1126
1127         Introducing internals API to switch on/off the page visibility.
1128
1129         * dom/Document.cpp:
1130         (WebCore::Document::visibilityStateChanged):
1131         (WebCore::Document::notifyVisibilityChangedToMediaCapture):
1132         * dom/Document.h:
1133         * platform/mediastream/RealtimeMediaSource.h:
1134         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
1135         (WebCore::RealtimeMediaSourceCenter::setVisibility):
1136         * platform/mediastream/RealtimeMediaSourceCenter.h:
1137         * platform/mediastream/mac/AVVideoCaptureSource.mm:
1138         (WebCore::AVVideoCaptureSourceFactory::setVisibility):
1139         * testing/Internals.cpp:
1140         (WebCore::Internals::setPageVisibility):
1141         * testing/Internals.h:
1142         * testing/Internals.idl:
1143
1144 2017-05-17  Said Abou-Hallawa  <sabouhallawa@apple.com>
1145
1146         When the image decoding thread makes a callOnMainThread(), ensure all the objects it needs are protected
1147         https://bugs.webkit.org/show_bug.cgi?id=171614
1148
1149         Reviewed by David Kilzer.
1150
1151         The asynchronous image decoding was designed to not block the main thread if
1152         the image is deleted. To achieve that we allow decoding the current frame
1153         even if it is not going to be used after closing the decoding queue. We 
1154         protect all the objects which the decoding thread uses. But when a frame
1155         finishes decoding the native image frame is cached on the main thread. Not
1156         all of the objects are protected when the callOnMainThread() is dispatched.
1157         The ImageFrameCache and the ImageDecoder objects are not protected.
1158
1159         This might lead to two kinds of crashes:
1160         1. A segfault inside the ImageDecoder trying to access one of its member
1161         2. A segfault inside the ImageFrameCache trying to access one of its frames
1162
1163         The fix is to protect the ImageFrameCache and the ImageDecoder when the
1164         decoding thread makes a callOnMainThread(). Also switch all the pointers
1165         the decoding threads protect to be ThreadSafeRefCounted.
1166
1167         * platform/graphics/ImageFrameCache.cpp:
1168         (WebCore::ImageFrameCache::startAsyncDecodingQueue):
1169         * platform/graphics/ImageFrameCache.h:
1170         * platform/graphics/cg/ImageDecoderCG.h:
1171         * platform/graphics/win/ImageDecoderDirect2D.h:
1172         * platform/image-decoders/ImageDecoder.h:
1173
1174 2017-05-17  Wenson Hsieh  <wenson_hsieh@apple.com>
1175
1176         A URL type is vended for a non-URL plain text string when starting data interaction
1177         https://bugs.webkit.org/show_bug.cgi?id=172228
1178         <rdar://problem/32166729>
1179
1180         Reviewed by Andy Estes.
1181
1182         Previously, when writing a plain text string to WebItemProviderPasteboard, we would write an NSString directly
1183         to the item provider by using built-in functionality in NSString+UIItemProvider. However, this causes plain
1184         strings such as "apple" to be considered URLs, since -[NSURL URLWithString:] creates a non-null NSURL. To fix
1185         this, we instead write the string as UTF8 data, for the UTI kUTTypeUTF8PlainText, if the plain text is not a
1186         URL. If the plain text is clearly a URL (determined by constructing a new WebCore URL with no base URL and the
1187         plaintext string as the absolute URL) then we additionally write an NSURL to the pasteboard.
1188
1189         2 new API tests:
1190         DataInteractionTests.SinglePlainTextWordTypeIdentifiers
1191         DataInteractionTests.SinglePlainTextURLTypeIdentifiers
1192
1193         * platform/ios/PlatformPasteboardIOS.mm:
1194         (WebCore::addRepresentationsForPlainText):
1195         (WebCore::PlatformPasteboard::writeObjectRepresentations):
1196
1197 2017-05-15  Jiewen Tan  <jiewen_tan@apple.com>
1198
1199         Replace CryptoOperationData with BufferSource for WebKitSubtleCrypto
1200         https://bugs.webkit.org/show_bug.cgi?id=172146
1201         <rdar://problem/32122256>
1202
1203         Reviewed by Brent Fulgham.
1204
1205         In this patch, we replaces CryptoOperationData with BufferSource for WebKitSubtleCrypto in
1206         the custom binding codes.
1207
1208         Test: crypto/webkitSubtle/import-export-raw-key-leak.html
1209
1210         * bindings/js/JSWebKitSubtleCryptoCustom.cpp:
1211         (WebCore::JSWebKitSubtleCrypto::encrypt):
1212         (WebCore::JSWebKitSubtleCrypto::decrypt):
1213         (WebCore::JSWebKitSubtleCrypto::sign):
1214         (WebCore::JSWebKitSubtleCrypto::verify):
1215         (WebCore::JSWebKitSubtleCrypto::digest):
1216         (WebCore::JSWebKitSubtleCrypto::importKey):
1217         (WebCore::JSWebKitSubtleCrypto::unwrapKey):
1218         * crypto/WebKitSubtleCrypto.idl:
1219
1220 2017-05-17  Youenn Fablet  <youenn@apple.com>
1221
1222         Move-related refactoring on UserMediaPermissionRequestProxy
1223         https://bugs.webkit.org/show_bug.cgi?id=172195
1224
1225         Reviewed by Alex Christensen.
1226
1227         No behavioral change.
1228
1229         * platform/mediastream/RealtimeMediaSourceCenter.h: Cleaning the function definition.
1230
1231 2017-05-17  David Kilzer  <ddkilzer@apple.com>
1232
1233         BlobDataFileReference::generateReplacementFile() should use mkstemp()
1234         <https://webkit.org/b/172192>
1235
1236         Reviewed by Brent Fulgham.
1237
1238         * platform/network/mac/BlobDataFileReferenceMac.mm:
1239         (WebCore::BlobDataFileReference::generateReplacementFile): Use
1240         mkstemp().
1241
1242 2017-05-17  Matt Lewis  <jlewis3@apple.com>
1243
1244         Unreviewed, rolling out r216974.
1245
1246         Revision caused consistent timeouts on all platforms.
1247
1248         Reverted changeset:
1249
1250         "Add a RuntimeEnabledFeature for display: contents, defaulted
1251         to false."
1252         https://bugs.webkit.org/show_bug.cgi?id=171984
1253         http://trac.webkit.org/changeset/216974
1254
1255 2017-05-17  Nan Wang  <n_wang@apple.com>
1256
1257         ASSERTION FAILED in WebCore::AccessibilityNodeObject::insertChild()
1258         https://bugs.webkit.org/show_bug.cgi?id=171927
1259         <rdar://problem/32109781>
1260
1261         Reviewed by Chris Fleizach.
1262
1263         The nextSibling() logic might include the continuation sibling that's not
1264         the child of the current renderer. Make sure we only insert the valid child.
1265
1266         Test: accessibility/insert-children-assert.html
1267
1268         * accessibility/AccessibilityObject.cpp:
1269         (WebCore::AccessibilityObject::setIsIgnoredFromParentDataForChild):
1270         * accessibility/AccessibilityRenderObject.cpp:
1271         (WebCore::AccessibilityRenderObject::nextSibling):
1272
1273 2017-05-17  Ryosuke Niwa  <rniwa@webkit.org>
1274
1275         getElementById can return a wrong elemnt when a matching element is removed during beforeload event
1276         https://bugs.webkit.org/show_bug.cgi?id=171374
1277
1278         Reviewed by Brent Fulgham.
1279
1280         The bug was caused by HTMLLinkElement firing beforeload event inside insertedInto before the tree state is updated.
1281         Delay the event dispatch to the post insertion callback.
1282
1283         Test: fast/html/link-element-removal-during-beforeload.html
1284
1285         * html/HTMLLinkElement.cpp:
1286         (WebCore::HTMLLinkElement::insertedInto):
1287         (WebCore::HTMLLinkElement::finishedInsertingSubtree):
1288         * html/HTMLLinkElement.h:
1289
1290 2017-05-17  Alex Christensen  <achristensen@webkit.org>
1291
1292         Interacting with WKHTTPCookieStores before creating WKWebViews and WKProcessPools should affect cookies used
1293         https://bugs.webkit.org/show_bug.cgi?id=171987
1294
1295         Reviewed by Brady Eidson.
1296
1297         Covered by new API tests.
1298
1299         * CMakeLists.txt:
1300         * platform/Cookie.h:
1301         (WebCore::Cookie::Cookie):
1302         (WebCore::Cookie::isNull):
1303         (WebCore::CookieHash::hash):
1304         (WebCore::CookieHash::equal):
1305         (WTF::HashTraits<WebCore::Cookie>::emptyValue):
1306         (WTF::HashTraits<WebCore::Cookie>::constructDeletedValue):
1307         (WTF::HashTraits<WebCore::Cookie>::isDeletedValue):
1308         * platform/network/Cookie.cpp: Added.
1309         (WebCore::Cookie::operator==):
1310         (WebCore::Cookie::hash):
1311         * platform/network/cocoa/CookieCocoa.mm:
1312         (WebCore::Cookie::operator NSHTTPCookie *):
1313         (WebCore::Cookie::operator==):
1314         (WebCore::Cookie::hash):
1315         * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
1316         (WebCore::NetworkStorageSession::setCookies):
1317         Use NSHTTPCookie's hash and equality comparison to more closely match the NSHTTPCookie behavior.
1318
1319 2017-05-17  Emilio Cobos Álvarez  <ecobos@igalia.com>
1320
1321         Add a RuntimeEnabledFeature for display: contents, defaulted to false.
1322         https://bugs.webkit.org/show_bug.cgi?id=171984
1323
1324         Reviewed by Antti Koivisto.
1325
1326         The "defaulted to false" is not only because there are spec issues,
1327         but because I ran the WPT suite, and there was a fair amount of
1328         crashes and messed render trees.
1329
1330         * css/StyleResolver.cpp:
1331         (WebCore::StyleResolver::adjustRenderStyle):
1332         * page/RuntimeEnabledFeatures.h:
1333         (WebCore::RuntimeEnabledFeatures::setDisplayContentsEnabled):
1334         (WebCore::RuntimeEnabledFeatures::displayContentsEnabled):
1335
1336 2017-05-17  Antti Koivisto  <antti@apple.com>
1337
1338         Regression (198943): <marquee> shouldn't wrap text
1339         https://bugs.webkit.org/show_bug.cgi?id=172217
1340
1341         Reviewed by Andreas Kling.
1342
1343         RenderMarquee::updateMarqueeStyle mutated the style and then expected it to inherit to children.
1344         This doesn't work anymore because render tree construction is now separated from style resolution
1345         where inheritance happens.
1346
1347         Test: fast/html/marquee-child-wrap.html
1348
1349         * css/StyleResolver.cpp:
1350         (WebCore::StyleResolver::adjustRenderStyle):
1351
1352             Implement marquee hacks in adjustRenderStyle instead. This can't do the childrenInline check
1353             the previous code had but it wasn't working anyway (there are no children when updateMarqueeStyle
1354             gets called).
1355
1356         * rendering/RenderMarquee.cpp:
1357         (WebCore::RenderMarquee::updateMarqueeStyle):
1358
1359             This no longer needs mutable style.
1360
1361 2017-05-16  David Kilzer  <ddkilzer@apple.com>
1362
1363         Remove C-style casts by using xmlDocPtr instead of void*
1364         <https://webkit.org/b/172189>
1365
1366         Reviewed by Alex Christensen.
1367
1368         * dom/TransformSource.h: Fix whitespace indentation.
1369         (typedef PlatformTransformSource): Use xmlDocPtr not void*.
1370         * dom/TransformSourceLibxslt.cpp:
1371         (WebCore::TransformSource::~TransformSource): Remove cast.
1372         * xml/XSLStyleSheetLibxslt.cpp:
1373         (WebCore::XSLStyleSheet::document): Remove cast.
1374         * xml/XSLTProcessorLibxslt.cpp:
1375         (WebCore::xmlDocPtrFromNode): Remove casts.
1376         * xml/parser/XMLDocumentParser.h:
1377         (WebCore::xmlDocPtrForString): Update declaration to return
1378         xmlDocPtr not void*.
1379         * xml/parser/XMLDocumentParserLibxml2.cpp:
1380         (WebCore::XMLDocumentParser::doEnd): Change type of local
1381         variable from void* to xmlDocPtr.
1382         (WebCore::xmlDocPtrForString): Update to return xmlDocPtr
1383         not void*.
1384
1385 2017-05-16  Sam Weinig  <sam@webkit.org>
1386
1387         Bring Notification.idl up to spec
1388         https://bugs.webkit.org/show_bug.cgi?id=172156
1389
1390         Reviewed by Chris Dumez.
1391
1392         Test: http/tests/notifications/notification.html
1393
1394         * CMakeLists.txt:
1395         * DerivedSources.make:
1396         * WebCore.xcodeproj/project.pbxproj:
1397         Add new files.
1398
1399         * Modules/notifications/Notification.cpp:
1400         (WebCore::Notification::create):
1401         (WebCore::Notification::Notification):
1402         (WebCore::Notification::show):
1403         (WebCore::directionString): Deleted.
1404         (WebCore::Notification::permission): Deleted.
1405         (WebCore::Notification::permissionString): Deleted.
1406         * Modules/notifications/Notification.h:
1407         * Modules/notifications/Notification.idl:
1408         * Modules/notifications/NotificationClient.h:
1409         * Modules/notifications/NotificationDirection.h: Added.
1410         * Modules/notifications/NotificationPermission.h: Added.
1411         * Modules/notifications/NotificationPermission.idl: Added.
1412         * Modules/notifications/NotificationPermissionCallback.h:
1413         * Modules/notifications/NotificationPermissionCallback.idl:
1414         Bring up to spec, replacing DOMStrings with enums where appropriate and adding
1415         additional readonly properties to Notification to mirror options provided
1416         in construction.
1417
1418 2017-05-16  Zalan Bujtas  <zalan@apple.com>
1419
1420         Do not skip <slot> children when collecting content for innerText.
1421         https://bugs.webkit.org/show_bug.cgi?id=172113
1422         <rdar://problem/30362324>
1423
1424         Reviewed by Ryosuke Niwa and Brent Fulgham.
1425
1426         "display: contents" elements do not generate renderers but their children might.
1427         This patch ensure that we don't skip them while collecting text content.  
1428
1429         Test: fast/text/inner-text-should-include-slot-subtree.html
1430
1431         * editing/TextIterator.cpp:
1432         (WebCore::TextIterator::advance):
1433
1434 2017-05-16  Filip Pizlo  <fpizlo@apple.com>
1435
1436         GCController::garbageCollectNowIfNotDoneRecently should request Async Full GCs
1437         https://bugs.webkit.org/show_bug.cgi?id=172204
1438
1439         Reviewed by Saam Barati.
1440
1441         No new tests because existing tests will tell us if there is a problem.
1442         
1443         The goal of this change is to reduce the likelihood that we block for a GC. We want it to be
1444         benchmark-neutral.
1445         
1446         It's a 0.14% speed-up on JetStream with 24% probability.
1447         
1448         It's a 0.12% slow-down on PLT3 with 43% probability.
1449         
1450         So it's neutral on my machine.
1451
1452         * bindings/js/GCController.cpp:
1453         (WebCore::GCController::garbageCollectNowIfNotDoneRecently):
1454
1455 2017-05-16  Tim Horton  <timothy_horton@apple.com>
1456
1457         [macOS] REGRESSION: Drag images for links with right-to-left titles are incorrect (172006)
1458         https://bugs.webkit.org/show_bug.cgi?id=172006
1459         <rdar://problem/32165137>
1460
1461         Reviewed by Dean Jackson.
1462
1463         * platform/mac/DragImageMac.mm:
1464         (WebCore::LinkImageLayout::LinkImageLayout):
1465         (WebCore::createDragImageForLink):
1466         (WebCore::LinkImageLayout::addLine): Deleted.
1467         * platform/spi/cocoa/CoreTextSPI.h:
1468         Set and paint the entire frame as a single unit, making use of the
1469         CTFrameMaximumNumberOfLines attribute to limit the number of lines.
1470         This gives CoreText power over text alignment and makes RTL text lay
1471         out correctly.
1472
1473 2017-05-16  Chris Dumez  <cdumez@apple.com>
1474
1475         Implement DOMMatrix / DOMMatrixReadOnly
1476         https://bugs.webkit.org/show_bug.cgi?id=110001
1477
1478         Reviewed by Sam Weinig and Simon Fraser.
1479
1480         Implement DOMMatrix / DOMMatrixReadOnly as per:
1481         - https://drafts.fxtf.org/geometry/#DOMMatrix
1482
1483         For now, these new types co-exist with WebKitCSSMatrix / SVGMatrix. However, in the future,
1484         WebKitCSSMatrix / SVGMatrix are supposed to become aliases to DOMMatrix.
1485
1486         Most of it has been implemented. What remaining to be implemented is:
1487         - Make WebKitCSSMatrix / SVGMatrix aliases to DOMMatrix
1488         - DOMMatrix.fromFloat32Array() / fromFloat64Array()
1489         - DOMMatrixReadOnly.fromFloat32Array() / fromFloat64Array() / toFloat32Array() / toFloat64Array()
1490         - DOMMatrixReadOnly.transformPoint().
1491
1492         Tests: imported/w3c/web-platform-tests/css/geometry-1/*
1493
1494         * CMakeLists.txt:
1495         * DerivedSources.make:
1496         * WebCore.xcodeproj/project.pbxproj:
1497
1498         * bindings/scripts/CodeGeneratorJS.pm:
1499         * bindings/scripts/test/JS/JSTestObj.cpp:
1500         Fix a bug in the bindings generator causing the generator code for
1501         "Constructor(optional (DOMString or sequence<unrestricted double>) init)" to be wrong
1502         and not build.
1503
1504         * css/DOMMatrix.cpp: Added.
1505         (WebCore::DOMMatrix::DOMMatrix):
1506         (WebCore::DOMMatrix::fromMatrix):
1507         (WebCore::DOMMatrix::multiplySelf):
1508         (WebCore::DOMMatrix::preMultiplySelf):
1509         (WebCore::DOMMatrix::translateSelf):
1510         (WebCore::DOMMatrix::scaleSelf):
1511         (WebCore::DOMMatrix::scale3dSelf):
1512         (WebCore::DOMMatrix::rotateSelf):
1513         (WebCore::DOMMatrix::rotateFromVectorSelf):
1514         (WebCore::DOMMatrix::rotateAxisAngleSelf):
1515         (WebCore::DOMMatrix::skewXSelf):
1516         (WebCore::DOMMatrix::skewYSelf):
1517         (WebCore::DOMMatrix::invertSelf):
1518         (WebCore::DOMMatrix::setMatrixValueForBindings):
1519         * css/DOMMatrix.h: Added.
1520         (WebCore::DOMMatrix::create):
1521         (WebCore::DOMMatrix::setA):
1522         (WebCore::DOMMatrix::setB):
1523         (WebCore::DOMMatrix::setC):
1524         (WebCore::DOMMatrix::setD):
1525         (WebCore::DOMMatrix::setE):
1526         (WebCore::DOMMatrix::setF):
1527         (WebCore::DOMMatrix::setM11):
1528         (WebCore::DOMMatrix::setM12):
1529         (WebCore::DOMMatrix::setM13):
1530         (WebCore::DOMMatrix::setM14):
1531         (WebCore::DOMMatrix::setM21):
1532         (WebCore::DOMMatrix::setM22):
1533         (WebCore::DOMMatrix::setM23):
1534         (WebCore::DOMMatrix::setM24):
1535         (WebCore::DOMMatrix::setM31):
1536         (WebCore::DOMMatrix::setM32):
1537         (WebCore::DOMMatrix::setM33):
1538         (WebCore::DOMMatrix::setM34):
1539         (WebCore::DOMMatrix::setM41):
1540         (WebCore::DOMMatrix::setM42):
1541         (WebCore::DOMMatrix::setM43):
1542         (WebCore::DOMMatrix::setM44):
1543         * css/DOMMatrix.idl: Added.
1544         * css/DOMMatrixInit.h: Added.
1545         * css/DOMMatrixInit.idl: Added.
1546         * css/DOMMatrixReadOnly.cpp: Added.
1547         (WebCore::DOMMatrixReadOnly::DOMMatrixReadOnly):
1548         (WebCore::DOMMatrixReadOnly::validateAndFixup):
1549         (WebCore::DOMMatrixReadOnly::fromMatrix):
1550         (WebCore::DOMMatrixReadOnly::isIdentity):
1551         (WebCore::DOMMatrixReadOnly::setMatrixValue):
1552         (WebCore::DOMMatrixReadOnly::translate):
1553         (WebCore::DOMMatrixReadOnly::flipX):
1554         (WebCore::DOMMatrixReadOnly::flipY):
1555         (WebCore::DOMMatrixReadOnly::multiply):
1556         (WebCore::DOMMatrixReadOnly::scale):
1557         (WebCore::DOMMatrixReadOnly::scale3d):
1558         (WebCore::DOMMatrixReadOnly::rotate):
1559         (WebCore::DOMMatrixReadOnly::rotateFromVector):
1560         (WebCore::DOMMatrixReadOnly::rotateAxisAngle):
1561         (WebCore::DOMMatrixReadOnly::skewX):
1562         (WebCore::DOMMatrixReadOnly::skewY):
1563         (WebCore::DOMMatrixReadOnly::inverse):
1564         (WebCore::DOMMatrixReadOnly::toString):
1565         * css/DOMMatrixReadOnly.h: Added.
1566         (WebCore::DOMMatrixReadOnly::create):
1567         (WebCore::DOMMatrixReadOnly::a):
1568         (WebCore::DOMMatrixReadOnly::b):
1569         (WebCore::DOMMatrixReadOnly::c):
1570         (WebCore::DOMMatrixReadOnly::d):
1571         (WebCore::DOMMatrixReadOnly::e):
1572         (WebCore::DOMMatrixReadOnly::f):
1573         (WebCore::DOMMatrixReadOnly::m11):
1574         (WebCore::DOMMatrixReadOnly::m12):
1575         (WebCore::DOMMatrixReadOnly::m13):
1576         (WebCore::DOMMatrixReadOnly::m14):
1577         (WebCore::DOMMatrixReadOnly::m21):
1578         (WebCore::DOMMatrixReadOnly::m22):
1579         (WebCore::DOMMatrixReadOnly::m23):
1580         (WebCore::DOMMatrixReadOnly::m24):
1581         (WebCore::DOMMatrixReadOnly::m31):
1582         (WebCore::DOMMatrixReadOnly::m32):
1583         (WebCore::DOMMatrixReadOnly::m33):
1584         (WebCore::DOMMatrixReadOnly::m34):
1585         (WebCore::DOMMatrixReadOnly::m41):
1586         (WebCore::DOMMatrixReadOnly::m42):
1587         (WebCore::DOMMatrixReadOnly::m43):
1588         (WebCore::DOMMatrixReadOnly::m44):
1589         (WebCore::DOMMatrixReadOnly::is2D):
1590         (WebCore::DOMMatrixReadOnly::fromMatrixHelper):
1591         * css/DOMMatrixReadOnly.idl: Added.
1592         * css/WebKitCSSMatrix.h:
1593         * css/WebKitCSSMatrix.idl:
1594         * svg/SVGMatrix.h:
1595         * svg/SVGMatrix.idl:
1596
1597 2017-05-16  Eric Carlson  <eric.carlson@apple.com>
1598
1599         [MediaStream] AudioSampleBufferList::zeroABL takes byte count, not sample count
1600         https://bugs.webkit.org/show_bug.cgi?id=172194
1601         <rdar://problem/32233799>
1602
1603         Reviewed by Jer Noble.
1604
1605         * platform/mediastream/mac/AudioTrackPrivateMediaStreamCocoa.cpp:
1606         (WebCore::AudioTrackPrivateMediaStreamCocoa::render): Pass number of bytes to zero,
1607         not number of samples.
1608
1609 2017-05-16  Mark Lam  <mark.lam@apple.com>
1610
1611         WorkerRunLoop::Task::performTask() needs to null check context->script() before use.
1612         https://bugs.webkit.org/show_bug.cgi?id=172193
1613         <rdar://problem/32225346>
1614
1615         Reviewed by Filip Pizlo.
1616
1617         According to https://build-safari.apple.com/results/Trunk%20Fuji%20GuardMalloc%20Production%20WK2%20Tests/r216929_459760e0918316187c8e52c6585a3a9ba9181204%20(12066)/results.html,
1618         we see a crash with this crash trace:
1619
1620         Thread 13 Crashed:: WebCore: Worker
1621         0 com.apple.WebCore        0x00000001099607b2 WebCore::WorkerScriptController::isTerminatingExecution() const + 18
1622         1 com.apple.WebCore        0x000000010995ebbf WebCore::WorkerRunLoop::runCleanupTasks(WebCore::WorkerGlobalScope*) + 143
1623         2 com.apple.WebCore        0x000000010995e80f WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*) + 111
1624         3 com.apple.WebCore        0x00000001099621b6 WebCore::WorkerThread::workerThread() + 742
1625         4 com.apple.JavaScriptCore 0x000000010a964b92 WTF::threadEntryPoint(void*) + 178
1626         5 com.apple.JavaScriptCore 0x000000010a964a69 WTF::wtfThreadEntryPoint(void*) + 121
1627         6 libsystem_pthread.dylib  0x00007fffbdb5caab _pthread_body + 180
1628         7 libsystem_pthread.dylib  0x00007fffbdb5c9f7 _pthread_start + 286
1629         8 libsystem_pthread.dylib  0x00007fffbdb5c1fd thread_start + 13
1630
1631         ... and the crashing address is:
1632
1633         Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000022
1634
1635         0x0000000000000022 is the offset of m_scheduledTerminationMutex in the
1636         WorkerScriptController.  This means that WorkerScriptController::isTerminatingExecution()
1637         is passed a NULL this pointer.  This means that it's possible to have a race
1638         where a WorkerRunLoop::Task gets enqueued beyond the Cleanup task that deletes the
1639         context->script().  As a result, WorkerRunLoop::Task::performTask() (called by
1640         runCleanupTasks()) may see a null context->script().
1641
1642         Hence, WorkerRunLoop::Task::performTask() should null check context->script()
1643         before invoking the isTerminatingExecution() query on it.
1644
1645         No new tests because this is already covered by existing tests.
1646
1647         * workers/WorkerRunLoop.cpp:
1648         (WebCore::WorkerRunLoop::Task::performTask):
1649
1650 2017-05-16  Youenn Fablet  <youenn@apple.com>
1651
1652         Modernize WebKit2 getUserMedia passing of parameters
1653         https://bugs.webkit.org/show_bug.cgi?id=172161
1654
1655         Reviewed by Eric Carlson.
1656
1657         No change of behavior.
1658
1659         * platform/mediastream/RealtimeMediaSourceCenter.h: Using WTF::Function to enable capture Ref<>.
1660
1661 2017-05-16  Jeremy Jones  <jeremyj@apple.com>
1662
1663         Captions and subtitles not showing up in picture-in-picture for MSE content.
1664         https://bugs.webkit.org/show_bug.cgi?id=172145
1665
1666         Reviewed by Eric Carlson.
1667
1668         No new tests as this has no affect on the DOM.
1669
1670         Add TextTrackRepresentation code from MediaPlayerPrivateAVFoundationObj to MediaPlayerPrivateMediaSourceAVFObjc.
1671         This moves the TextTrackRepresentation platfrom layer into the fullscreen container layer when going into
1672         pip for fullscreen, allowing the captions to be visible.
1673
1674         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
1675         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
1676         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureLayer):
1677         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVideoFullscreenLayer):
1678         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVideoFullscreenFrame):
1679         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::requiresTextTrackRepresentation):
1680         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::syncTextTrackBounds):
1681         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setTextTrackRepresentation):
1682
1683 2017-05-16  David Kilzer  <ddkilzer@apple.com>
1684
1685         WebCore::leakCGColor() needs CF_RETURNS_RETAINED annotation
1686         <https://webkit.org/b/172190>
1687
1688         Reviewed by Simon Fraser.
1689
1690         * platform/graphics/cg/ColorCG.cpp:
1691         (WebCore::leakCGColor): Annotate with CF_RETURNS_RETAINED since
1692         it does not follow the CF naming convention, which means the
1693         expected behavior can't be inferred by the clang static
1694         analyzer.
1695
1696 2017-05-16  Youenn Fablet  <youenn@apple.com>
1697
1698         RealtimeOutgoingVideoSource should support sinkWants for rotation
1699         https://bugs.webkit.org/show_bug.cgi?id=172123
1700         <rdar://problem/32200017>
1701
1702         Reviewed by Eric Carlson.
1703
1704         Covered by manual testing.
1705
1706         * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
1707         (WebCore::RealtimeOutgoingVideoSource::AddOrUpdateSink): Triggering pixel rotation based on sink.
1708         (WebCore::RealtimeOutgoingVideoSource::sendFrame): Doing the rotation using libwebrtc API.
1709         * platform/mediastream/mac/RealtimeOutgoingVideoSource.h:
1710
1711 2017-05-16  Myles C. Maxfield  <mmaxfield@apple.com>
1712
1713         REGRESSION(r212513): LastResort is platform-dependent, so its semantics should not be required to perform font loading correctly.
1714         https://bugs.webkit.org/show_bug.cgi?id=168487
1715
1716         Reviewed by Antti Koivisto.
1717
1718         There are three ways a Web author can chain multiple font files together:
1719         1. Multiple entries in the "src" descriptor in an @font-face rule
1720         2. Multiple @font-face rules with the same "font-family" descriptor
1721         3. Multiple entries in the "font-family" property on an element
1722
1723         Before r212513, the code which iterated across #2 and #3 above could have
1724         triggered each item in the chain to download. r212513 tried to solve this
1725         by using LastResort as the interstitial font used during downloads, because
1726         LastResort supports every character and therefore solves #3 above. However,
1727         this change had a few problems:
1728
1729         1. Previously, our code would try to avoid using the interstitial font for
1730         layout or rendering whenever possible (because one of the chains above may
1731         have named a local font which would be better to use). In order to use the
1732         benefits of LastResort, I had to remove this avoidance logic and make
1733         WebKit try to use the interstitial font as often as possible. However, due
1734         to the large metrics of LastResort, this means that offsetWidth queries
1735         during font loading would be wildly inaccurate, causing Google Docs to break.
1736         2. It also means that canvas drawing during font loading would actually draw
1737         LastResort, causing Bing maps to break.
1738         3. LastResort is platform-specific, so only platforms which have it would
1739         actually be able to load fonts correctly.
1740
1741         Instead, we should keep the older logic about avoiding using the
1742         interstitial font so that loading has a better experience for the user.
1743         We solve the unnecessary download problem by giving our loading code a
1744         downloading policy enum, which has two values: allow downloads or forbid
1745         downloads. Whenever our loading code returns the interstitial font, we
1746         continue our search, but we change the policy to forbid downloads.
1747
1748         There is one piece of subtlety, though: It is more common for web authors
1749         to put good fallbacks in the "font-family" property than in the "src"
1750         descriptor inside @font-face. This means that we shouldn't exhaustively
1751         search through the @font-face src list first. Instead, we should look
1752         through the src list until we hit a non-local font, and then immediately
1753         start looking through the other other chains.
1754
1755         Tests: fast/text/font-download-font-face-src-list.html
1756                fast/text/font-download-font-family-property.html
1757                fast/text/font-download-remote-fallback-all.html
1758                fast/text/font-interstitial-invisible-width-while-loading.html
1759                fast/text/font-weight-download-3.html
1760                fast/text/web-font-load-fallback-during-loading-2.html
1761                fast/text/web-font-load-invisible-during-loading.html
1762
1763         * css/CSSFontFace.cpp:
1764         (WebCore::CSSFontFace::fontLoadEventOccurred): Implement support for
1765         the font download policy.
1766         (WebCore::CSSFontFace::setStatus): After 3 seconds of loading, we
1767         will start drawing the fallback font. However, for testing, we have an
1768         internal setting to make this switch happen immediately. This patch now
1769         requires that this internal switch happen synchronously.
1770         (WebCore::CSSFontFace::pump): Implement support for the font download
1771         policy.
1772         (WebCore::CSSFontFace::load): Ditto.
1773         (WebCore::CSSFontFace::font): Ditto.
1774         * css/CSSFontFace.h: Ditto.
1775         * css/CSSFontSelector.cpp:
1776         (WebCore::CSSFontSelector::beginLoadingFontSoon): Implement support for
1777         synchronous font download timeouts.
1778         * css/CSSSegmentedFontFace.cpp:
1779         (WebCore::CSSSegmentedFontFace::fontRanges): Implement support for the
1780         font download policy.
1781         * platform/graphics/Font.cpp: Add new flag which represents if the
1782         interstitial font was created after the 3 second timeout or before.
1783         Previously, we would distinguish between these two cases by knowing
1784         that one font was LastResort and the other font was a fallback. Now that
1785         we're using fallback fonts on both sides of the 3 second timeout, we
1786         now no longer know which one should be invisible. This new enum solves
1787         this problem.
1788         (WebCore::Font::Font):
1789         (WebCore::Font::verticalRightOrientationFont):
1790         (WebCore::Font::uprightOrientationFont):
1791         * platform/graphics/Font.h: Ditto.
1792         (WebCore::Font::create):
1793         (WebCore::Font::origin):
1794         (WebCore::Font::visibility):
1795         * platform/graphics/FontCache.h:
1796         * platform/graphics/FontCascade.cpp: We try to fall back to a local() font
1797         during downloads, but there might not be one that we can use. Therefore, we
1798         can't use the presence of the interstitial font to detect if we should paint
1799         invisibly. Instead, we can move this logic into the font-specific part of
1800         painting, and consult with the specific font to know if it was created from
1801         a timed-out @font-face rule or not.
1802         (WebCore::FontCascade::drawText):
1803         (WebCore::shouldDrawIfLoading):
1804         (WebCore::FontCascade::drawGlyphBuffer):
1805         (WebCore::FontCascade::drawEmphasisMarks):
1806         * platform/graphics/FontCascade.h:
1807         * platform/graphics/FontCascadeFonts.cpp:
1808         (WebCore::FontCascadeFonts::glyphDataForVariant): Implement the logic
1809         described above where we switch the policy if we encounter the intestitial
1810         font.
1811         (WebCore::FontCascadeFonts::glyphDataForNormalVariant): Ditto.
1812         (WebCore::glyphPageFromFontRanges): Ditto.
1813         * platform/graphics/FontRanges.cpp: Implement support for the font download
1814         policy.
1815         (WebCore::FontRanges::Range::font):
1816         (WebCore::FontRanges::glyphDataForCharacter):
1817         (WebCore::FontRanges::fontForCharacter):
1818         (WebCore::FontRanges::fontForFirstRange):
1819         * platform/graphics/FontRanges.h:
1820         * platform/graphics/FontSelector.h:
1821         * platform/graphics/freetype/FontCacheFreeType.cpp:
1822         (WebCore::FontCache::lastResortFallbackFontForEveryCharacter): Deleted.
1823         * platform/graphics/mac/FontCacheMac.mm:
1824         (WebCore::FontCache::lastResortFallbackFontForEveryCharacter): Deleted.
1825         * platform/graphics/win/FontCacheWin.cpp:
1826         (WebCore::FontCache::lastResortFallbackFontForEveryCharacter): Deleted.
1827
1828 2017-05-16  Zalan Bujtas  <zalan@apple.com>
1829
1830         Simple line layout: Move setCollapedWhitespaceWidth call to updateLineConstrains.
1831         https://bugs.webkit.org/show_bug.cgi?id=172178
1832
1833         Reviewed by Antti Koivisto.
1834
1835         No change in functionality.
1836
1837         * rendering/SimpleLineLayout.cpp:
1838         (WebCore::SimpleLineLayout::updateLineConstrains):
1839         (WebCore::SimpleLineLayout::createLineRuns):
1840
1841 2017-05-16  Eric Carlson  <eric.carlson@apple.com>
1842
1843         [MediaStream] Return default device list until user gives permission to capture
1844         https://bugs.webkit.org/show_bug.cgi?id=172168
1845         <rdar://problem/31816884>
1846
1847         Reviewed by Youenn Fablet.
1848
1849         Test: fast/mediastream/media-devices-enumerate-devices.html
1850
1851         * Modules/mediastream/MediaDevicesRequest.cpp:
1852         (WebCore::MediaDevicesRequest::filterDeviceList): Remove all but the "default" number of
1853         devices of each type.
1854         (WebCore::MediaDevicesRequest::start): Call filterDeviceList.
1855         * Modules/mediastream/MediaDevicesRequest.h:
1856
1857 2017-05-16  Claudio Saavedra  <csaavedra@igalia.com>
1858
1859         Silent a few warnings about unused parameters
1860         https://bugs.webkit.org/show_bug.cgi?id=172169
1861
1862         Reviewed by Sam Weinig.
1863
1864         * page/Page.cpp:
1865         (WebCore::Page::mainFrameLoadStarted):
1866         * platform/graphics/cairo/ImageBufferCairo.cpp:
1867         (WebCore::ImageBuffer::toData):
1868         * platform/network/ResourceRequestBase.cpp:
1869         (WebCore::ResourceRequestBase::partitionName):
1870
1871 2017-05-16  Wenson Hsieh  <wenson_hsieh@apple.com>
1872
1873         WebItemProviderPasteboard should be robust when temporary files are missing path extensions
1874         https://bugs.webkit.org/show_bug.cgi?id=172170
1875
1876         Reviewed by Tim Horton.
1877
1878         Makes a slight adjustment to the temporary file URLs are handled when using WebItemProviderPasteboard to load
1879         data off of item providers. Previously, we would bail early and not load any data if the temporary URL is
1880         missing an extension. Since the switch to NSItemProviders from UIItemProviders, some types of temporary files
1881         generated by item providers are missing extensions, so this extra check is meaningless.
1882
1883         Covered by existing data interaction unit tests.
1884
1885         * platform/ios/WebItemProviderPasteboard.mm:
1886         (temporaryFileURLForDataInteractionContent):
1887         (-[WebItemProviderPasteboard doAfterLoadingProvidedContentIntoFileURLs:synchronousTimeout:]):
1888
1889 2017-05-16  Zan Dobersek  <zdobersek@igalia.com>
1890
1891         [WPE] GLContextEGL::createWPEContext() should fall back to pbuffer-based contexts when offscreen target provides no native window
1892         https://bugs.webkit.org/show_bug.cgi?id=172162
1893
1894         Reviewed by Carlos Garcia Campos.
1895
1896         When creating an offscreen GLContext, the underlying implementation might
1897         provide a mock native window that's to be used as the window target upon
1898         which a window-based GLContext should be created. But we should also support
1899         falling back to pbuffer-based GLContexts when the underlying implementation
1900         can't provide such mock targets.
1901
1902         * platform/graphics/egl/GLContextEGLWPE.cpp:
1903         (WebCore::GLContextEGL::createWPEContext):
1904
1905 2017-05-16  Zan Dobersek  <zdobersek@igalia.com>
1906
1907         [GLib] Name more GSource-based RunLoop::Timers
1908         https://bugs.webkit.org/show_bug.cgi?id=172158
1909
1910         Reviewed by Carlos Garcia Campos.
1911
1912         * platform/glib/MainThreadSharedTimerGLib.cpp:
1913         (WebCore::MainThreadSharedTimer::MainThreadSharedTimer):
1914         Specify 'MainThreadSharedTimer' as the name of this GSource-based RunLoop::Timer.
1915
1916 2017-05-16  Romain Bellessort  <romain.bellessort@crf.canon.fr>
1917
1918         [Readable Streams API] Implement ReadableStreamBYOBReader releaseLock()
1919         https://bugs.webkit.org/show_bug.cgi?id=172111
1920
1921         Reviewed by Chris Dumez.
1922
1923         Implemented ReadableStreamBYOBReader releaseLock():
1924         - https://streams.spec.whatwg.org/#byob-reader-release-lock;
1925         - https://streams.spec.whatwg.org/#readable-stream-reader-generic-release.
1926
1927         Added tests to check releaseLock behavior.
1928
1929         * Modules/streams/ReadableStreamBYOBReader.js:
1930         (releaseLock): Implemented.
1931         * Modules/streams/ReadableStreamInternals.js:
1932         (readableStreamReaderGenericRelease): Aligned with spec.
1933
1934 2017-05-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1935
1936         Unreviewed. Try to fix GTK+ build with MEDIA_STREAM enabled after r216918.
1937
1938         * platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.cpp:
1939         (WebCore::RealtimeMediaSourceCenterOwr::validateRequestConstraints):
1940
1941 2017-05-16  Youenn Fablet  <youenn@apple.com>
1942
1943         Remove MediaConstraintsData and MediaConstraintsImpl
1944         https://bugs.webkit.org/show_bug.cgi?id=172132
1945
1946         Reviewed by Eric Carlson.
1947
1948         No observable change of behavior.
1949
1950         Removing MediaConstraintsData and MediaConstraintsImpl allows simplifying the code.
1951         Further simplified the code by making MediaConstraints no longer ref counted and now a struct.
1952         Simplified some RealtimeMediaSource subclasses by removing unused MediaConstraints class members.
1953
1954         * CMakeLists.txt: Removing MediaConstraintsImpl.cpp.
1955         * Modules/mediastream/MediaConstraintsImpl.cpp: Removed.
1956         * Modules/mediastream/MediaConstraintsImpl.h: Removed.
1957         * Modules/mediastream/MediaDevices.cpp:
1958         (WebCore::createMediaConstraints):
1959         (WebCore::MediaDevices::getUserMedia):
1960         (WebCore::createMediaConstraintsImpl): Deleted.
1961         * Modules/mediastream/MediaStreamTrack.cpp:
1962         (WebCore::createMediaConstraints):
1963         (WebCore::MediaStreamTrack::applyConstraints):
1964         (WebCore::createMediaConstraintsImpl): Deleted.
1965         * Modules/mediastream/MediaTrackConstraints.cpp:
1966         (WebCore::createMediaConstraints):
1967         (WebCore::createMediaConstraintsImpl): Deleted.
1968         * Modules/mediastream/MediaTrackConstraints.h:
1969         * Modules/mediastream/UserMediaRequest.cpp:
1970         (WebCore::UserMediaRequest::start):
1971         (WebCore::UserMediaRequest::UserMediaRequest):
1972         (WebCore::UserMediaRequest::allow):
1973         * Modules/mediastream/UserMediaRequest.h:
1974         (WebCore::UserMediaRequest::audioConstraints):
1975         (WebCore::UserMediaRequest::videoConstraints):
1976         * WebCore.xcodeproj/project.pbxproj:
1977         * platform/mediastream/MediaConstraints.cpp:
1978         (WebCore::addDefaultVideoConstraints):
1979         (WebCore::MediaConstraints::isConstraintSet):
1980         (WebCore::MediaConstraints::setDefaultVideoConstraints):
1981         * platform/mediastream/MediaConstraints.h:
1982         (WebCore::MediaConstraints::~MediaConstraints): Deleted.
1983         (WebCore::MediaConstraints::MediaConstraints): Deleted.
1984         * platform/mediastream/MediaStreamConstraintsValidationClient.h:
1985         * platform/mediastream/RealtimeMediaSource.cpp:
1986         (WebCore::RealtimeMediaSource::selectSettings):
1987         (WebCore::RealtimeMediaSource::supportsConstraints):
1988         (WebCore::RealtimeMediaSource::applyConstraints):
1989         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
1990         (WebCore::RealtimeMediaSourceCenter::validateRequestConstraints):
1991         * platform/mediastream/RealtimeMediaSourceCenter.h:
1992         * platform/mediastream/mac/RealtimeIncomingAudioSource.cpp:
1993         (WebCore::RealtimeIncomingAudioSource::supportedConstraints): Deleted.
1994         * platform/mediastream/mac/RealtimeIncomingAudioSource.h:
1995         * platform/mediastream/mac/RealtimeIncomingVideoSource.cpp:
1996         (WebCore::RealtimeIncomingVideoSource::supportedConstraints): Deleted.
1997         * platform/mediastream/mac/RealtimeIncomingVideoSource.h:
1998         * platform/mock/MockRealtimeMediaSource.h:
1999         (WebCore::MockRealtimeMediaSource::constraints): Deleted.
2000
2001 2017-05-16  Andy Estes  <aestes@apple.com>
2002
2003         [Cocoa] Tell NEFilterSource about the presenting app's PID
2004         https://bugs.webkit.org/show_bug.cgi?id=172152
2005         <rdar://problem/32197740>
2006
2007         Reviewed by Dan Bernstein.
2008
2009         * platform/cocoa/NetworkExtensionContentFilter.mm:
2010         (WebCore::NetworkExtensionContentFilter::initialize):
2011         * platform/spi/cocoa/NEFilterSourceSPI.h:
2012
2013 2017-05-16  Manuel Rego Casasnovas  <rego@igalia.com>
2014
2015         [css-grid] Fix static position of positioned grid items
2016         https://bugs.webkit.org/show_bug.cgi?id=172108
2017
2018         Reviewed by Sergio Villar Senin.
2019
2020         This patch makes us follow the text on the spec
2021         (https://drafts.csswg.org/css-grid/#static-position):
2022         "The static position of an absolutely-positioned child
2023          of a grid container is determined as if it were the sole grid item
2024          in a grid area whose edges coincide with the padding edges
2025          of the grid container."
2026
2027         Test: fast/css-grid-layout/absolute-positioning-grid-container-parent.html
2028
2029         * rendering/RenderGrid.cpp:
2030         (WebCore::RenderGrid::prepareChildForPositionedLayout): Modified to avoid
2031         including padding to match the spec behavior.
2032
2033 2017-05-16  Per Arne Vollan  <pvollan@apple.com>
2034
2035         Compile error, include file is not found.
2036         https://bugs.webkit.org/show_bug.cgi?id=172105
2037
2038         Reviewed by Brent Fulgham.
2039
2040         Use __has_include to detect if include file exists.
2041
2042         * platform/mediastream/libwebrtc/H264VideoToolBoxEncoder.mm:
2043
2044 2017-05-15  Andy Estes  <aestes@apple.com>
2045
2046         Make the application PID available to WebCore
2047         https://bugs.webkit.org/show_bug.cgi?id=172133
2048
2049         Reviewed by Andreas Kling.
2050
2051         * CMakeLists.txt:
2052         * PlatformMac.cmake:
2053         * WebCore.xcodeproj/project.pbxproj:
2054         * platform/RuntimeApplicationChecks.cpp: Added.
2055         (WebCore::presentingApplicationPIDOverride):
2056         (WebCore::presentingApplicationPID): Returns the override PID if set, or getCurrentProcessID()
2057         otherwise.
2058         (WebCore::setPresentingApplicationPID):
2059         * platform/RuntimeApplicationChecks.h:
2060         * platform/cocoa/RuntimeApplicationChecksCocoa.mm: Renamed from Source/WebCore/platform/RuntimeApplicationChecks.mm.
2061
2062 2017-05-15  Antti Koivisto  <antti@apple.com>
2063
2064         RenderTheme does not need to be per-page
2065         https://bugs.webkit.org/show_bug.cgi?id=172116
2066         <rdar://problem/30426457>
2067
2068         Reviewed by Zalan Bujtas.
2069
2070         There are no implementations of RenderTheme::themeForPage that actually care about the page.
2071         It can be replaced with a singleton, simplifying a bunch of code.
2072
2073         * Modules/mediacontrols/MediaControlsHost.cpp:
2074         (WebCore::MediaControlsHost::shadowRootCSSText):
2075         (WebCore::MediaControlsHost::base64StringForIconNameAndType):
2076         * css/CSSDefaultStyleSheets.cpp:
2077         (WebCore::CSSDefaultStyleSheets::loadFullDefaultStyle):
2078         (WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement):
2079
2080             Fix a potential crash if we get here when page is null (though it doesn't appear to repro on trunk).
2081
2082         * css/StyleColor.cpp:
2083         (WebCore::StyleColor::colorFromKeyword):
2084         * css/StyleResolver.cpp:
2085         (WebCore::StyleResolver::adjustRenderStyle):
2086         * css/parser/CSSParser.cpp:
2087         (WebCore::CSSParser::parseSystemColor):
2088         * css/parser/CSSParser.h:
2089         * css/parser/CSSPropertyParser.cpp:
2090         (WebCore::CSSPropertyParser::consumeSystemFont):
2091         * editing/FrameSelection.cpp:
2092         (WebCore::FrameSelection::updateAppearance):
2093         * html/HTMLMediaElement.cpp:
2094         (WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
2095         * html/HTMLMeterElement.cpp:
2096         (WebCore::HTMLMeterElement::createElementRenderer):
2097         * html/HTMLSelectElement.cpp:
2098         (WebCore::HTMLSelectElement::usesMenuList):
2099         (WebCore::HTMLSelectElement::platformHandleKeydownEvent):
2100         (WebCore::HTMLSelectElement::menuListDefaultEventHandler):
2101         * html/HTMLTextFormControlElement.cpp:
2102         (WebCore::HTMLTextFormControlElement::adjustInnerTextStyle):
2103         * html/InputType.cpp:
2104         (WebCore::InputType::themeSupportsDataListUI):
2105         * html/TextFieldInputType.cpp:
2106         (WebCore::TextFieldInputType::shouldHaveSpinButton):
2107         (WebCore::TextFieldInputType::shouldHaveCapsLockIndicator):
2108         * html/canvas/CanvasRenderingContext2D.cpp:
2109         (WebCore::CanvasRenderingContext2D::setStrokeColor):
2110         (WebCore::CanvasRenderingContext2D::setFillColor):
2111         * html/canvas/CanvasStyle.cpp:
2112         (WebCore::parseColor):
2113         (WebCore::parseColorOrCurrentColor):
2114         (WebCore::CanvasStyle::createFromString):
2115         * html/canvas/CanvasStyle.h:
2116         * html/shadow/MediaControlElements.cpp:
2117         (WebCore::MediaControlPanelElement::startTimer):
2118         (WebCore::MediaControlPanelElement::makeOpaque):
2119         (WebCore::MediaControlPanelElement::makeTransparent):
2120         * html/shadow/MediaControls.cpp:
2121         (WebCore::MediaControls::reset):
2122         (WebCore::MediaControls::reportedError):
2123         (WebCore::MediaControls::updateCurrentTimeDisplay):
2124         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
2125         (WebCore::ImageControlsButtonElementMac::tryCreate):
2126         * page/MemoryRelease.cpp:
2127         (WebCore::releaseNoncriticalMemory):
2128         * page/Page.cpp:
2129         (WebCore::Page::Page):
2130         * page/Page.h:
2131         (WebCore::Page::theme): Deleted.
2132         * platform/wpe/RenderThemeWPE.cpp:
2133         (WebCore::RenderTheme::singleton):
2134         (WebCore::RenderTheme::themeForPage): Deleted.
2135         * rendering/RenderEmbeddedObject.cpp:
2136         (WebCore::RenderEmbeddedObject::getReplacementTextGeometry):
2137         * rendering/RenderObject.cpp:
2138         (WebCore::RenderObject::theme):
2139         * rendering/RenderTheme.cpp:
2140         (WebCore::RenderTheme::focusRingColor):
2141         * rendering/RenderTheme.h:
2142         (WebCore::RenderTheme::defaultTheme): Deleted.
2143         * rendering/RenderThemeGtk.cpp:
2144         (WebCore::RenderTheme::singleton):
2145         (WebCore::RenderTheme::themeForPage): Deleted.
2146         * rendering/RenderThemeIOS.mm:
2147         (WebCore::RenderTheme::singleton):
2148         (WebCore::RenderTheme::themeForPage): Deleted.
2149         * rendering/RenderThemeMac.mm:
2150         (WebCore::RenderTheme::singleton):
2151         (WebCore::RenderTheme::themeForPage): Deleted.
2152         * rendering/RenderThemeWin.cpp:
2153         (WebCore::RenderTheme::singleton):
2154         (WebCore::RenderTheme::themeForPage): Deleted.
2155         * rendering/TextPaintStyle.cpp:
2156         (WebCore::computeTextPaintStyle):
2157
2158 2017-05-15  Said Abou-Hallawa  <sabouhallawa@apple.com>
2159
2160         Do not delete asynchronously decoded frames for large images if their clients are in the viewport
2161         https://bugs.webkit.org/show_bug.cgi?id=170640
2162
2163         Reviewed by Simon Fraser.
2164
2165         The image flickering problem happens when a large image is visible in the
2166         view port and for some reason, the decoded frame gets destroyed. When this
2167         image is repainted, BitmapImage::draw() does not find a valid decoded frame
2168         for that image. It then requests an async decoding for the image and just
2169         draws nothing in the image rectangle. Drawing no content between two drawing
2170         phases in which the image is drawn causes the unwanted flickering.
2171
2172         To fix this issue we need to protect the decoded frames of all the images
2173         in the view port from being destroyed. When BitmapImage::destroyDecodedData()
2174         is called, it is going to check, through the ImageObserver, whether any
2175         of its clients is visible. And if so, the current decoded frame won't be
2176         destroyed.
2177
2178         Tests: Modifying existing tests.
2179
2180         * loader/cache/CachedImage.cpp:
2181         (WebCore::CachedImage::CachedImageObserver::decodedSizeChanged):
2182         (WebCore::CachedImage::CachedImageObserver::didDraw):
2183         (WebCore::CachedImage::CachedImageObserver::canDestroyDecodedData):
2184         (WebCore::CachedImage::CachedImageObserver::imageFrameAvailable):
2185         (WebCore::CachedImage::CachedImageObserver::changedInRect):
2186         (WebCore::CachedImage::decodedSizeChanged):
2187         (WebCore::CachedImage::didDraw):
2188         (WebCore::CachedImage::canDestroyDecodedData): Finds out whether it's okay
2189         to discard the image decoded data or not.
2190         (WebCore::CachedImage::imageFrameAvailable):
2191         (WebCore::CachedImage::changedInRect):
2192         * loader/cache/CachedImage.h:
2193         * loader/cache/CachedImageClient.h:
2194         (WebCore::CachedImageClient::canDestroyDecodedData):
2195         * loader/cache/MemoryCache.cpp:
2196         (WebCore::MemoryCache::destroyDecodedDataForAllImages): This function is
2197         currently not used. Use in the internal destroyDecodedDataForAllImages()
2198         but unlike what CachedImage::destroyDecodedData() does, make it destroy
2199         the decoded frames without deleting the image itself.
2200         * loader/cache/MemoryCache.h:
2201         * platform/graphics/BitmapImage.cpp:
2202         (WebCore::BitmapImage::destroyDecodedData):
2203         (WebCore::BitmapImage::draw):
2204         (WebCore::BitmapImage::canDestroyCurrentFrameDecodedData): 
2205         (WebCore::BitmapImage::advanceAnimation):
2206         (WebCore::BitmapImage::internalAdvanceAnimation):
2207         (WebCore::BitmapImage::imageFrameAvailableAtIndex):
2208         * platform/graphics/BitmapImage.h:
2209         * platform/graphics/GraphicsContext3D.cpp:
2210         (WebCore::GraphicsContext3D::packImageData):
2211         * platform/graphics/ImageFrameCache.cpp:
2212         (WebCore::ImageFrameCache::decodedSizeChanged):
2213         (ImageFrameCache::cacheAsyncFrameNativeImageAtIndex): The assertion in this
2214         function is wrong. frameIsCompleteAtIndex() can be false when the an image
2215         decoding is requested but can be true when the decoding finishes.
2216         * platform/graphics/ImageObserver.h:
2217         * platform/graphics/cairo/ImageCairo.cpp:
2218         (WebCore::Image::drawPattern):
2219         * platform/graphics/cg/ImageCG.cpp:
2220         (WebCore::Image::drawPattern):
2221         * platform/graphics/cg/ImageDecoderCG.cpp:
2222         (WebCore::ImageDecoder::frameIsCompleteAtIndex):
2223         * platform/graphics/cg/PDFDocumentImage.cpp:
2224         (WebCore::PDFDocumentImage::decodedSizeChanged):
2225         (WebCore::PDFDocumentImage::draw):
2226         * platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:
2227         (WebCore::TextureMapperTiledBackingStore::updateContentsFromImageIfNeeded):
2228         * platform/graphics/win/ImageDirect2D.cpp:
2229         (WebCore::Image::drawPattern):
2230         * rendering/RenderElement.cpp:
2231         (WebCore::RenderElement::isVisibleInDocumentRect):
2232         (WebCore::RenderElement::isVisibleInViewport):
2233         (WebCore::RenderElement::imageFrameAvailable):
2234         (WebCore::RenderElement::repaintForPausedImageAnimationsIfNeeded):
2235         (WebCore::RenderElement::shouldRepaintInVisibleRect): Deleted. Function
2236         is renamed to isVisibleInViewport() for better readability.
2237         * rendering/RenderElement.h:
2238         * svg/graphics/SVGImage.cpp:
2239         (WebCore::SVGImage::draw):
2240         * svg/graphics/SVGImageClients.h:
2241         * testing/Internals.cpp:
2242         (WebCore::Internals::destroyDecodedDataForAllImages):
2243         * testing/Internals.h:
2244         * testing/Internals.idl:
2245
2246 2017-05-15  Youenn Fablet  <youenn@apple.com>
2247
2248         Simplify RealtimeMediaSource data production and state
2249         https://bugs.webkit.org/show_bug.cgi?id=171999
2250
2251         Reviewed by Eric Carlson.
2252
2253         RealtimeMediaSource takes 3 booleans:
2254         - m_isProducingData tells whether data is produced or not. In the case of capturing, it tells whether capture
2255           happens.
2256         - m_muted/m_enabled allows JS or WebKit level to start/stop the source.
2257
2258         Changed MediaStream capture state computation so that capture is reported as follows:
2259         - m_isProducing is true, capture is happenning and is active
2260         - m_muted is true, capture is happening but is inactive.
2261
2262         Except in the case of WebRTC incoming sources, for which sources may be created as muted as per the spec,
2263         all sources are unmuted, enabled and not producing data when created.
2264
2265         RealtimeMediaSource is now activable either by calling start/stop or by calling setMuted/setEnabled.
2266         This in turns will set the boolean values accordingly and will call the underlying
2267         startProducingData/stopProducingData methods doing the actual stuff.
2268
2269         Removing from all RealtimeMediaSource subclasses the handling of producing data.
2270         Making more methods non-virtual/member fields private to simplify the model.
2271
2272         * Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp:
2273         (WebCore::CanvasCaptureMediaStreamTrack::Source::create):
2274         (WebCore::CanvasCaptureMediaStreamTrack::Source::startProducingData):
2275         (WebCore::CanvasCaptureMediaStreamTrack::Source::stopProducingData):
2276         (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasDestroyed):
2277         (WebCore::CanvasCaptureMediaStreamTrack::Source::captureCanvas):
2278         * Modules/mediastream/CanvasCaptureMediaStreamTrack.h:
2279         * Modules/mediastream/MediaStream.cpp:
2280         (WebCore::MediaStream::mediaState):
2281         * platform/mediastream/MediaStreamTrackPrivate.h:
2282         (WebCore::MediaStreamTrackPrivate::startProducingData):
2283         (WebCore::MediaStreamTrackPrivate::stopProducingData):
2284         * platform/mediastream/RealtimeMediaSource.cpp:
2285         (WebCore::RealtimeMediaSource::setMuted):
2286         (WebCore::RealtimeMediaSource::notifyMutedChange):
2287         (WebCore::RealtimeMediaSource::setEnabled):
2288         (WebCore::RealtimeMediaSource::start):
2289         (WebCore::RealtimeMediaSource::stop):
2290         (WebCore::RealtimeMediaSource::requestStop):
2291         (WebCore::RealtimeMediaSource::reset): Deleted.
2292         * platform/mediastream/RealtimeMediaSource.h:
2293         * platform/mediastream/mac/AVMediaCaptureSource.h:
2294         * platform/mediastream/mac/AVMediaCaptureSource.mm:
2295         (WebCore::AVMediaCaptureSource::AVMediaCaptureSource):
2296         (WebCore::AVMediaCaptureSource::captureSessionIsRunningDidChange):
2297         (WebCore::AVMediaCaptureSource::reset): Deleted.
2298         (WebCore::AVMediaCaptureSource::isProducingData): Deleted.
2299         * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
2300         (WebCore::CoreAudioCaptureSource::CoreAudioCaptureSource):
2301         (WebCore::CoreAudioCaptureSource::startProducingData):
2302         (WebCore::CoreAudioCaptureSource::stopProducingData):
2303         (WebCore::CoreAudioCaptureSource::audioSourceProvider):
2304         * platform/mediastream/mac/CoreAudioCaptureSource.h:
2305         * platform/mediastream/mac/MockRealtimeAudioSourceMac.mm:
2306         (WebCore::MockRealtimeAudioSourceMac::render):
2307         (WebCore::MockRealtimeAudioSource::createMuted): Deleted.
2308         * platform/mediastream/mac/MockRealtimeVideoSourceMac.mm:
2309         (WebCore::MockRealtimeVideoSource::createMuted): Deleted.
2310         * platform/mediastream/mac/RealtimeIncomingAudioSource.cpp:
2311         (WebCore::RealtimeIncomingAudioSource::create):
2312         (WebCore::RealtimeIncomingAudioSource::RealtimeIncomingAudioSource):
2313         (WebCore::RealtimeIncomingAudioSource::~RealtimeIncomingAudioSource):
2314         (WebCore::RealtimeIncomingAudioSource::startProducingData):
2315         (WebCore::RealtimeIncomingAudioSource::stopProducingData):
2316         (WebCore::RealtimeIncomingAudioSource::setSourceTrack):
2317         * platform/mediastream/mac/RealtimeIncomingAudioSource.h:
2318         * platform/mediastream/mac/RealtimeIncomingVideoSource.cpp:
2319         (WebCore::RealtimeIncomingVideoSource::create):
2320         (WebCore::RealtimeIncomingVideoSource::RealtimeIncomingVideoSource):
2321         (WebCore::RealtimeIncomingVideoSource::startProducingData):
2322         (WebCore::RealtimeIncomingVideoSource::setSourceTrack):
2323         (WebCore::RealtimeIncomingVideoSource::stopProducingData):
2324         (WebCore::RealtimeIncomingVideoSource::OnFrame):
2325         * platform/mediastream/mac/RealtimeIncomingVideoSource.h:
2326         * platform/mediastream/mac/WebAudioSourceProviderAVFObjC.mm:
2327         (WebCore::WebAudioSourceProviderAVFObjC::setClient):
2328         * platform/mock/MockMediaEndpoint.cpp:
2329         (WebCore::MockMediaEndpoint::createMutedRemoteSource):
2330         (WebCore::MockMediaEndpoint::unmuteTimerFired):
2331         * platform/mock/MockRealtimeAudioSource.cpp:
2332         (WebCore::MockRealtimeAudioSource::createMuted):
2333         (WebCore::MockRealtimeAudioSource::startProducingData):
2334         (WebCore::MockRealtimeAudioSource::stopProducingData):
2335         * platform/mock/MockRealtimeAudioSource.h:
2336         * platform/mock/MockRealtimeMediaSource.cpp:
2337         (WebCore::MockRealtimeMediaSource::startProducingData): Deleted.
2338         (WebCore::MockRealtimeMediaSource::stopProducingData): Deleted.
2339         * platform/mock/MockRealtimeMediaSource.h:
2340         * platform/mock/MockRealtimeVideoSource.cpp:
2341         (WebCore::MockRealtimeVideoSource::createMuted):
2342         (WebCore::MockRealtimeVideoSource::startProducingData):
2343         (WebCore::MockRealtimeVideoSource::stopProducingData):
2344         (WebCore::MockRealtimeVideoSource::generateFrame):
2345         * platform/mock/MockRealtimeVideoSource.h:
2346
2347 2017-05-15  Myles C. Maxfield  <mmaxfield@apple.com>
2348
2349         Migrate Font constructor from bools to enums
2350         https://bugs.webkit.org/show_bug.cgi?id=172140
2351
2352         Reviewed by Tim Horton.
2353
2354         In https://bugs.webkit.org/show_bug.cgi?id=168487, I'm adding a new flag to Font. We can't
2355         keep having just a pile of bools in this class. Instead, we should be using enums.
2356
2357         No new tests because there is no behavior change.
2358
2359         * css/CSSFontFace.cpp:
2360         (WebCore::CSSFontFace::font):
2361         * css/CSSFontFaceSource.cpp:
2362         (WebCore::CSSFontFaceSource::font):
2363         * css/CSSSegmentedFontFace.cpp:
2364         * loader/cache/CachedFont.cpp:
2365         (WebCore::CachedFont::createFont):
2366         * platform/graphics/Font.cpp:
2367         (WebCore::Font::Font):
2368         (WebCore::Font::verticalRightOrientationFont):
2369         (WebCore::Font::uprightOrientationFont):
2370         (WebCore::Font::brokenIdeographFont):
2371         (WebCore::Font::description):
2372         (WebCore::Font::mathData):
2373         * platform/graphics/Font.h:
2374         (WebCore::Font::create):
2375         (WebCore::Font::origin):
2376         (WebCore::Font::isInterstitial):
2377         (WebCore::Font::widthForGlyph):
2378         (WebCore::Font::isCustomFont): Deleted.
2379         (WebCore::Font::isLoading): Deleted.
2380         * platform/graphics/FontRanges.cpp:
2381         * platform/graphics/cocoa/FontCocoa.mm:
2382         (WebCore::Font::platformInit):
2383         * platform/graphics/freetype/SimpleFontDataFreeType.cpp:
2384         (WebCore::Font::platformCreateScaledFont):
2385         * platform/graphics/win/SimpleFontDataCGWin.cpp:
2386         (WebCore::Font::platformInit):
2387         * platform/graphics/win/SimpleFontDataDirect2D.cpp:
2388         (WebCore::Font::platformInit):
2389         * platform/graphics/win/SimpleFontDataWin.cpp:
2390         (WebCore::Font::platformCreateScaledFont):
2391         (WebCore::Font::determinePitch):
2392         * rendering/SimpleLineLayout.cpp:
2393         (WebCore::SimpleLineLayout::canUseForFontAndText):
2394
2395 2017-05-15  Youenn Fablet  <youenn@apple.com>
2396
2397         WebRTC outgoing muted video sources should send black frames
2398         https://bugs.webkit.org/show_bug.cgi?id=170627
2399         <rdar://problem/31513869>
2400
2401         Reviewed by Eric Carlson.
2402
2403         Covered by updated test.
2404
2405         Instead of sending one black frame and then another one asynchronously,
2406         we use the timer to send a black frame every second when outgoing source is muted.
2407
2408         * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
2409         (WebCore::RealtimeOutgoingVideoSource::sourceMutedChanged):
2410         (WebCore::RealtimeOutgoingVideoSource::sourceEnabledChanged):
2411         (WebCore::RealtimeOutgoingVideoSource::sendBlackFrames):
2412         (WebCore::RealtimeOutgoingVideoSource::sendBlackFrame): Deleted.
2413         * platform/mediastream/mac/RealtimeOutgoingVideoSource.h:
2414         * testing/Internals.cpp:
2415         (WebCore::Internals::videoSampleAvailable):
2416
2417 2017-05-15  David Kilzer  <ddkilzer@apple.com>
2418
2419         Crash in libxml2.2.dylib: xmlDictReference
2420         <https://webkit.org/b/172086>
2421         <rdar://problem/23643436>
2422
2423         Reviewed by Daniel Bates.
2424
2425         Speculative fix and code clean-up based on source code
2426         inspection.  The fix for the crash is in two parts that change
2427         XSLStyleSheet::parseString():
2428         1. Always set m_stylesheetDoc to nullptr after freeing it via
2429            XSLStyleSheet::clearXSLStylesheetDocument().
2430         2. Add nullptr check before using m_stylesheetDoc from parent.
2431
2432         Broadly speaking, the changes are:
2433         - Extract code to reset m_stylesheetDoc into new private
2434           XSLStyleSheet::clearXSLStylesheetDocument() method.  There is
2435           a special contract between m_stylesheetDoc and
2436           m_stylesheetDocTaken that wasn't being followed every time.
2437           See comment in XSLStyleSheet::compileStyleSheet().
2438         - XSLStyleSheet::clearDocuments() now calls new
2439           clearXSLStylesheetDocument() method.  Previously, it was not
2440           checking or resetting m_stylesheetDocTaken, and it might have
2441           leaked an xmlDocPtr if m_stylesheetDoc was set and
2442           m_stylesheetDocTaken was false.
2443         - XSLStyleSheet::parseString() now calls new
2444           clearXSLStylesheetDocument() method.  Previously, it did not
2445           clear m_stylesheetDoc after freeing it, and it could return
2446           early due to a failure in xmlCreateMemoryParserCtxt().
2447         - In XSLStyleSheet::parseString() use checked arithmetic when
2448           calculating 'size' for xmlCreateMemoryParserCtxt() and
2449           xmlCtxtReadMemory().  This code used to do an implicit
2450           unsigned -> signed integer conversion that could overflow.
2451         - Always iterate m_children using an 'auto& import' variable.
2452
2453         * xml/XSLStyleSheet.h:
2454         (WebCore::XSLStyleSheet::clearXSLStylesheetDocument): Add declaration.
2455         (WebCore::XSLStyleSheet::m_disabled): Add default initializer.
2456         (WebCore::XSLStyleSheet::m_stylesheetDoc): Ditto.
2457         (WebCore::XSLStyleSheet::m_stylesheetDocTaken): Ditto.
2458         (WebCore::XSLStyleSheet::m_parentStyleSheet): Ditto.
2459
2460         * xml/XSLStyleSheetLibxslt.cpp:
2461         (WebCore::XSLStyleSheet::XSLStyleSheet): Get rid of redundant
2462         initializers.  Set m_parentStyleSheet if needed.
2463         (WebCore::XSLStyleSheet::~XSLStyleSheet): Call
2464         clearXSLStylesheetDocument() instead of custom code.  Switch
2465         m_children fast iteration to use 'auto& import' variable.
2466         (WebCore::XSLStyleSheet::isLoading): Switch m_children fast
2467         iteration to use 'auto& import' variable.
2468         (WebCore::XSLStyleSheet::clearDocuments): Call
2469         clearXSLStylesheetDocument() instead of setting m_stylesheetDoc
2470         to nullptr.  This might fix an occasional xmlDocPtr leak.
2471         (WebCore::XSLStyleSheet::clearXSLStylesheetDocument): Add.  This
2472         method always sets m_stylesheetDoc to nullptr (after freeing it
2473         if necessary) and sets m_stylesheetDocTaken to false.
2474         (WebCore::XSLStyleSheet::parseString): Call
2475         clearXSLStylesheetDocument().  Prior to this, m_stylesheetDoc
2476         might be left pointing to a freed value, and this method could
2477         return early if xmlCreateMemoryParserCtxt() failed.  Switch to
2478         using Checked<> to compute required buffer size to parse XSL
2479         stylesheet, and return early on overflow.  Clean up existing
2480         return statements to use boolean expressions.  Add nullptr check
2481         for m_parentStyleSheet->m_stylesheetDoc before using it.
2482         (WebCore::XSLStyleSheet::loadChildSheet): Get rid of local
2483         variable by calling loadSheet() from last array element.
2484         (WebCore::XSLStyleSheet::compileStyleSheet): Add debug assert
2485         that m_stylesheetDoc is not nullptr.
2486
2487 2017-05-15  Jer Noble  <jer.noble@apple.com>
2488
2489         Add experimental setting to allow document gesture interaction to fulfill media playback gesture requirement
2490         https://bugs.webkit.org/show_bug.cgi?id=172131
2491
2492         Reviewed by Eric Carlson.
2493
2494         Test: media/restricted-audio-playback-with-document-gesture.html
2495
2496         Move all calls to ScriptController::processingUserGestureForMedia() to the new Document equivalent. In Document,
2497         if the new setting is enabled, return true from processingUserGestureForMedia() if the top-level document has had
2498         a user gesture interaction.
2499
2500         * Modules/mediastream/MediaStream.cpp:
2501         (WebCore::MediaStream::processingUserGestureForMedia):
2502         * Modules/mediastream/MediaStream.h:
2503         * Modules/webaudio/AudioContext.cpp:
2504         (WebCore::AudioContext::processingUserGestureForMedia):
2505         (WebCore::AudioContext::willBeginPlayback):
2506         (WebCore::AudioContext::willPausePlayback):
2507         * Modules/webaudio/AudioContext.h:
2508         * dom/Document.cpp:
2509         (WebCore::Document::processingUserGestureForMedia):
2510         * dom/Document.h:
2511         * html/HTMLMediaElement.cpp:
2512         (WebCore::HTMLMediaElement::load):
2513         (WebCore::HTMLMediaElement::audioTrackEnabledChanged):
2514         (WebCore::HTMLMediaElement::seekWithTolerance):
2515         (WebCore::HTMLMediaElement::play):
2516         (WebCore::HTMLMediaElement::playInternal):
2517         (WebCore::HTMLMediaElement::pause):
2518         (WebCore::HTMLMediaElement::pauseInternal):
2519         (WebCore::HTMLMediaElement::setMuted):
2520         (WebCore::HTMLMediaElement::webkitShowPlaybackTargetPicker):
2521         (WebCore::HTMLMediaElement::processingUserGestureForMedia):
2522         * html/HTMLMediaElement.h:
2523         * html/MediaElementSession.cpp:
2524         (WebCore::MediaElementSession::playbackPermitted):
2525         (WebCore::MediaElementSession::dataLoadingPermitted):
2526         (WebCore::MediaElementSession::fullscreenPermitted):
2527         (WebCore::MediaElementSession::canShowControlsManager):
2528         (WebCore::MediaElementSession::showPlaybackTargetPicker):
2529         * page/Settings.in:
2530         * platform/audio/PlatformMediaSession.h:
2531
2532 2017-05-15  Jer Noble  <jer.noble@apple.com>
2533
2534         Only ever initialize LibWebRTCProvider's staticFactoryAndThreads() factories once.
2535         https://bugs.webkit.org/show_bug.cgi?id=172047
2536
2537         Reviewed by Youenn Fablet.
2538
2539         Wrap the initilization of the factories contained in staticFactoryAndThreads() in a call_once to ensure
2540         new factories aren't created every time it's called.
2541
2542         * platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:
2543         (WebCore::staticFactoryAndThreads):
2544
2545 2017-05-15  Joseph Pecoraro  <pecoraro@apple.com>
2546
2547         Web Inspector: CRASH seen with DOM.setOuterHTML when there is no documentElement
2548         https://bugs.webkit.org/show_bug.cgi?id=172135
2549         <rdar://problem/32175860>
2550
2551         Reviewed by Brian Burg.
2552
2553         Test: inspector/dom/setOuterHTML-no-document-element.html
2554
2555         * inspector/DOMPatchSupport.cpp:
2556         (WebCore::DOMPatchSupport::patchDocument):
2557         Null check the document element which might not exist.
2558
2559 2017-05-15  Said Abou-Hallawa  <sabouhallawa@apple.com>
2560
2561         REGRESSION (216471): Infinite repaint-drawing loop when asynchronously decoding incomplete image frames
2562         https://bugs.webkit.org/show_bug.cgi?id=171900
2563
2564         Reviewed by Tim Horton.
2565
2566         -- Don't destroy incomplete decoded image frames for large images. This
2567         is to avoid flickering while decoding another image frame with the new
2568         data. The old incomplete image frame will be destroyed once the newer one
2569         finishes decoding.
2570
2571         -- Extend the enum ImageFrame::DecodingStatus by adding a new value called
2572         'Decoding'. This new value will never be cached in the ImageFrame::
2573         m_decodingStatus. Add a member m_currentFrameDecodingStatus to BitmapImage.
2574         The purpose of this member is to invalidate the current frame, without
2575         deleting it, when new encoded data is received.
2576
2577         -- Don't wait until the native image is decoded to cache the ImageFrame
2578         decodingStatus. There is a big chance that more data arrives between
2579         starting the decoding and finishing it such that the decoding changes
2580         from Partial to Complete. We need to prevent keeping incomplete ImageFrames
2581         cached because we mistakenly assume they are complete. To fix this issue
2582         we need to know the ImageFrame decodingStatus when the decoding is requested.
2583
2584         * platform/graphics/BitmapImage.cpp:
2585         (WebCore::BitmapImage::destroyDecodedData):
2586         (WebCore::BitmapImage::dataChanged):
2587         (WebCore::BitmapImage::draw):
2588         (WebCore::BitmapImage::internalStartAnimation): At the beginning of this 
2589         function we check whether the next frame is being decoded or not and we 
2590         return DecodingActive if it is. Let's handle the second check here also 
2591         before requesting the decoding of nextFrame. We need to check whether the
2592         nextFrame has a native image with decoded with the native size or not.
2593         (WebCore::BitmapImage::internalAdvanceAnimation):
2594         (WebCore::BitmapImage::imageFrameAvailableAtIndex):
2595         * platform/graphics/BitmapImage.h:
2596         * platform/graphics/ImageFrame.cpp:
2597         (WebCore::ImageFrame::operator=):
2598         (WebCore::ImageFrame::setDecodingStatus):
2599         (WebCore::ImageFrame::decodingStatus):
2600         * platform/graphics/ImageFrame.h:
2601         (WebCore::ImageFrame::isInvalid):
2602         (WebCore::ImageFrame::isPartial):
2603         (WebCore::ImageFrame::isComplete):
2604         (WebCore::ImageFrame::setDecoding): Deleted.
2605         (WebCore::ImageFrame::decoding): Deleted.
2606         (WebCore::ImageFrame::isEmpty): Deleted.
2607         * platform/graphics/ImageFrameCache.cpp:
2608         (WebCore::ImageFrameCache::setNativeImage):
2609         (WebCore::ImageFrameCache::cacheMetadataAtIndex):
2610         (WebCore::ImageFrameCache::cacheNativeImageAtIndex):
2611         (WebCore::ImageFrameCache::cacheNativeImageAtIndexAsync):
2612         (WebCore::ImageFrameCache::startAsyncDecodingQueue):
2613         (WebCore::ImageFrameCache::requestFrameAsyncDecodingAtIndex):
2614         (WebCore::ImageFrameCache::stopAsyncDecodingQueue):
2615         (WebCore::ImageFrameCache::frameAtIndexCacheIfNeeded):
2616         (WebCore::ImageFrameCache::frameDecodingStatusAtIndex):
2617         (WebCore::ImageFrameCache::cacheFrameMetadataAtIndex): Deleted.
2618         (WebCore::ImageFrameCache::cacheFrameNativeImageAtIndex): Deleted.
2619         (WebCore::ImageFrameCache::cacheAsyncFrameNativeImageAtIndex): Deleted.
2620         (WebCore::ImageFrameCache::frameIsCompleteAtIndex): Deleted.
2621         * platform/graphics/ImageFrameCache.h:
2622         (WebCore::ImageFrameCache::ImageFrameRequest::operator==):
2623         * platform/graphics/ImageSource.cpp:
2624         (WebCore::ImageSource::dataChanged):
2625         * platform/graphics/ImageSource.h:
2626         (WebCore::ImageSource::destroyIncompleteDecodedData):
2627         (WebCore::ImageSource::requestFrameAsyncDecodingAtIndex): Let the caller
2628         decide whether another request for the same image frame is allowed or not.
2629         (WebCore::ImageSource::frameDecodingStatusAtIndex):
2630         (WebCore::ImageSource::frameIsCompleteAtIndex): Deleted.
2631         * platform/image-decoders/ImageDecoder.cpp:
2632         (WebCore::ImageDecoder::frameDurationAtIndex):
2633         (WebCore::ImageDecoder::createFrameImageAtIndex):
2634         * platform/image-decoders/bmp/BMPImageReader.cpp:
2635         (WebCore::BMPImageReader::decodeBMP):
2636         * platform/image-decoders/gif/GIFImageDecoder.cpp:
2637         (WebCore::GIFImageDecoder::clearFrameBufferCache):
2638         (WebCore::GIFImageDecoder::haveDecodedRow):
2639         (WebCore::GIFImageDecoder::frameComplete):
2640         (WebCore::GIFImageDecoder::initFrameBuffer):
2641         * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
2642         (WebCore::JPEGImageDecoder::outputScanlines):
2643         (WebCore::JPEGImageDecoder::jpegComplete):
2644         * platform/image-decoders/png/PNGImageDecoder.cpp:
2645         (WebCore::PNGImageDecoder::rowAvailable):
2646         (WebCore::PNGImageDecoder::pngComplete):
2647         (WebCore::PNGImageDecoder::clearFrameBufferCache):
2648         (WebCore::PNGImageDecoder::frameComplete):
2649         * platform/image-decoders/webp/WEBPImageDecoder.cpp:
2650         (WebCore::WEBPImageDecoder::decode):
2651
2652 2017-05-15  Chris Dumez  <cdumez@apple.com>
2653
2654         Align WebKitCSSMatrix stringifier with spec for DOMMatrix
2655         https://bugs.webkit.org/show_bug.cgi?id=172114
2656
2657         Reviewed by Simon Fraser.
2658
2659         Align WebKitCSSMatrix stringifier with spec for DOMMatrix after:
2660         - https://github.com/w3c/fxtf-drafts/pull/148
2661
2662         The following changes were made:
2663         - Use EcmaScript's ToString() to convert floating point values to string
2664         - Throw an invalid state error if the matrix contains non-finite values
2665         - Made WebKitCSSMatrix.toString enumerable as per [1].
2666
2667         [1] https://heycam.github.io/webidl/#es-stringifier
2668
2669         Test: fast/css/matrix-stringifier.html
2670
2671         * css/WebKitCSSMatrix.cpp:
2672         (WebCore::WebKitCSSMatrix::toString):
2673         * css/WebKitCSSMatrix.h:
2674         * css/WebKitCSSMatrix.idl:
2675         * platform/graphics/transforms/TransformationMatrix.cpp:
2676         (WebCore::TransformationMatrix::containsOnlyFiniteValues):
2677         * platform/graphics/transforms/TransformationMatrix.h:
2678
2679 2017-05-15  Mark Lam  <mark.lam@apple.com>
2680
2681         WorkerRunLoop::Task::performTask() should check !scriptController->isTerminatingExecution().
2682         https://bugs.webkit.org/show_bug.cgi?id=171775
2683         <rdar://problem/30975761>
2684
2685         Reviewed by Filip Pizlo.
2686
2687         Currently, WorkerThread::stop() calls scheduleExecutionTermination() to terminate
2688         JS execution first, followed by posting a cleanup task to the worker, and lastly,
2689         it invokes terminate() on the WorkerRunLoop.
2690
2691         As a result, before the run loop is terminated, the worker thread may observe the
2692         TerminatedExecutionException in JS code, bail out, see another JS task to run,
2693         re-enters the VM to run said JS code, and fails with an assertion due to the
2694         TerminatedExecutionException still being pending on VM entry.
2695
2696         WorkerRunLoop::Task::performTask() already has a check to only allow a task to
2697         run if and only if !runLoop.terminated() and the task is not a clean up task.
2698         We'll fix the above race by changing WorkerRunLoop::Task::performTask() to check
2699         !context->script()->isTerminatingExecution() instead of !runLoop.terminated().
2700         Since WorkerThread::stop() always scheduleExecutionTermination() before it
2701         terminates the run loop, !context->script()->isTerminatingExecution() implies
2702         !runLoop.terminated().
2703
2704         The only time that runLoop is terminated without scheduleExecutionTermination()
2705         being called is when WorkerThread::stop() is called before the WorkerThread has
2706         finished creating its WorkerGlobalScope.  In this scenario, WorkerThread::stop()
2707         will still terminate the run loop.  Hence, after the WorkerGlobalScope is created
2708         (in WorkerThread::workerThread()), we will check if the run loop has been
2709         terminated (i.e. stop() was called).  If so, we'll scheduleExecutionTermination()
2710         there, and guarantee that if runloop.terminated() is true, then
2711         context->script()->isTerminatingExecution() is also true.
2712
2713         Solutions that were considered but did not work (recorded for future reference):
2714
2715         1. In WorkerThread::stop(), call scheduleExecutionTermination() only after it
2716            posts the cleanup task and terminate the run loop.
2717
2718            This did not work because this creates a race where the worker thread may run
2719            the cleanup task before WorkerThread::stop() finishes.  As a result, the
2720            scriptController may be deleted before we get to invoke scheduleExecutionTermination()
2721            on it, thereby resulting in a use after free.
2722
2723            To make this work, we would have to change the life cycle management strategy
2724            of the WorkerScriptController.  This is a more risky change that we would
2725            want to take on at this time, and may also not be worth the gain.
2726
2727         2. Break scheduleExecutionTermination() up into 2 parts i.e. WorkerThread::stop()
2728            will:
2729            1. set the scriptControllers m_isTerminatingExecution flag before
2730               posting the cleanup task and terminating the run loop, and
2731            2. invoke VM::notifyNeedsTermination() after posting the cleanup task and
2732               terminating the run loop.
2733
2734            This requires that we protect the liveness of the VM until we can invoke
2735            notifyNeedsTermination() on it.
2736
2737            This did not work because:
2738            1. We may end up destructing the VM in WorkerThread::stop() i.e. in the main
2739               web frame, but only the worker thread holds the JS lock for the VM.
2740
2741               We can make the WorkerThread::stop() acquire the JS lock just before it
2742               releases the protected VM's RefPtr, but that would mean the main thread
2743               may be stuck waiting a bit for the worker thread to release its JSLock.
2744               This is not desirable.
2745
2746            2. In practice, changing the liveness period of the Worker VM relative to its
2747               WorkerScriptController and WorkerGlobalScope also has unexpected
2748               ramifications.  We observed many worker tests failing with assertion
2749               failures and crashes due to this change.
2750
2751            Hence, this approach is also a more risky change than it appears on the
2752            surface, and is not worth exploring at this time.
2753
2754         In the end, changing WorkerRunLoop::Task::performTask() to check for
2755         !scriptController->isTerminatingExecution() is the most straight forward solution
2756         that is easy to prove correct.
2757
2758         Also fixed a race in WorkerThread::workerThread() where it can delete the
2759         WorkerGlobalScope while WorkerThread::stop() is in the midst of accessing it.
2760         We now guard the the nullifying of m_workerGlobalScope with the
2761         m_threadCreationAndWorkerGlobalScopeMutex as well.
2762
2763         UPDATE: the only new thing in this patch for re-landing (vs one previously landed)
2764         is that instead of nullifying m_workerGlobalScope directly (thereby deleting the
2765         WorkerGlobalScope context), we'll swap it out and delete it only after we've
2766         unlocked the m_threadCreationAndWorkerGlobalScopeMutex.  This is needed because
2767         the destruction of the WorkerGlobalScope will cause the main thread to race against
2768         the worker thread to delete the WorkerThread object, and the WorkerThread object
2769         owns the mutex that we need to unlock after nullifying the m_workerGlobalScope
2770         field.
2771
2772         This issue is covered by an existing test that I just unskipped in TestExpectations.
2773
2774         * bindings/js/JSDOMPromiseDeferred.cpp:
2775         (WebCore::DeferredPromise::callFunction):
2776
2777         * bindings/js/WorkerScriptController.cpp:
2778         (WebCore::WorkerScriptController::scheduleExecutionTermination):
2779         - Added a check to do nothing and return early if the scriptController is already
2780           terminating execution.
2781
2782         * workers/WorkerRunLoop.cpp:
2783         (WebCore::WorkerRunLoop::runInMode):
2784         (WebCore::WorkerRunLoop::runCleanupTasks):
2785         (WebCore::WorkerRunLoop::Task::performTask):
2786
2787         * workers/WorkerRunLoop.h:
2788         - Made Task::performTask() private and make Task befriend the WorkerRunLoop class.
2789           This ensures that only the WorkerRunLoop may call performTask().
2790           Note: this change only formalizes and hardens a relationship that was already
2791           in place before this.
2792
2793         * workers/WorkerThread.cpp:
2794         (WebCore::WorkerThread::start):
2795         (WebCore::WorkerThread::workerThread):
2796         (WebCore::WorkerThread::stop):
2797         * workers/WorkerThread.h:
2798         - Renamed m_threadCreationMutex to m_threadCreationAndWorkerGlobalScopeMutex so
2799           that it more accurately describes what it guards.
2800
2801 2017-05-15  Myles C. Maxfield  <mmaxfield@apple.com>
2802
2803         Unicode characters which can't be rendered in any font are invisible
2804         https://bugs.webkit.org/show_bug.cgi?id=171942
2805         <rdar://problem/32054234>
2806
2807         Reviewed by Tim Horton.
2808
2809         There are some Unicode characters which don't have any font on the system which can render them.
2810         These characters should be drawn as the .notdef "tofu." This is for security and usability, as
2811         well as what Firefox and Chrome do. However, we still shouldn't draw characters with the
2812         Default_Ignorable_Code_Point property, because this is what CoreText does.
2813
2814         This behavior is also what the Unicode spec recommends: In UTR #36 Unicode Security Considerations:
2815         http://www.unicode.org/reports/tr36/#Recommendations_General
2816         "If there is no available glyph for a character, never show a simple "?" or omit the character."
2817
2818         Also relevant is the Unicode Standard section 5.3 Unknown and MIssing Characters, starting at page
2819         marked 203 in the following: http://www.unicode.org/versions/Unicode9.0.0/ch05.pdf
2820
2821         Tests: fast/text/default-ignorable.html
2822                fast/text/unknown-char-notdef.html
2823
2824         * platform/graphics/WidthIterator.cpp:
2825         (WebCore::characterMustDrawSomething):
2826
2827 2017-05-15  Timothy Horton  <timothy_horton@apple.com>
2828
2829         Null deref under WebContentReader::readURL when interacting with a file URL
2830         https://bugs.webkit.org/show_bug.cgi?id=172045
2831         <rdar://problem/25880647>
2832
2833         Reviewed by Wenson Hsieh.
2834
2835         * editing/ios/EditorIOS.mm:
2836         (WebCore::Editor::WebContentReader::readURL):
2837         The AppSupport soft link was wrong, as there is no such framework in /System/Library/Frameworks.
2838         Thus, any time we hit this codepath, the soft linked function would be null, and calling it would crash.
2839         Instead of just fixing the soft link, remove the code, because it does not seem necessary to
2840         special-case fileURLs to images in the media directory.
2841
2842 2017-05-15  Eric Carlson  <eric.carlson@apple.com>
2843
2844         ASSERTION FAILED: wasRemoved in WebCore::RealtimeMediaSourceCenter::removeDevicesChangedObserver(DevicesChangedObserverToken)
2845         https://bugs.webkit.org/show_bug.cgi?id=171529
2846         <rdar://problem/31945791>
2847
2848         Reviewed by Jer Noble.
2849
2850         No new tests, fixes a crash in existing tests.
2851
2852         * Modules/mediastream/MediaDevices.cpp:
2853         (WebCore::MediaDevices::MediaDevices): Use a weak ptr.
2854
2855         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
2856         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
2857         (WebCore::observerMap):  Use a static hash map for observers because the
2858         source center can change at runtime.
2859         (WebCore::RealtimeMediaSourceCenter::addDevicesChangedObserver):
2860         (WebCore::RealtimeMediaSourceCenter::removeDevicesChangedObserver):
2861         (WebCore::RealtimeMediaSourceCenter::captureDevicesChanged):
2862
2863 2017-05-15  Brent Fulgham  <bfulgham@apple.com>
2864
2865         [iOS WK1] Do not try to dispatch messages to subframes if their documents have not been constructed yet.
2866         https://bugs.webkit.org/show_bug.cgi?id=172059
2867         <rdar://problem/31963192>
2868
2869         Reviewed by Zalan Bujtas.
2870
2871         On iOS WK1 we can end up in an inconsistent state, where
2872         1. The web thread is inside a newly-injected iframe's document's constructor and
2873         2. waiting on a delegate callback on the main thread
2874         while the main thread
2875         (a) Evaluates arbitrary JavaScript that modifies storage which
2876         (b) Triggers an event dispatch.
2877  
2878         * storage/StorageEventDispatcher.cpp:
2879         (WebCore::StorageEventDispatcher::dispatchSessionStorageEvents): If the sub-frame's document
2880         is in an inconsistent state, skip it.
2881         (WebCore::StorageEventDispatcher::dispatchLocalStorageEvents): Ditto.
2882         (WebCore::StorageEventDispatcher::dispatchSessionStorageEventsToFrames): Ditto.
2883         (WebCore::StorageEventDispatcher::dispatchLocalStorageEventsToFrames): Ditto.
2884
2885 2017-05-15  Zalan Bujtas  <zalan@apple.com>
2886
2887         Simple line layout: Leading whitespace followed by a <br> produces an extra linebreak.
2888         https://bugs.webkit.org/show_bug.cgi?id=172076
2889
2890         Reviewed by Antti Koivisto.
2891
2892         When the collapsed whitespace does not fit the line, we need to push it to the next line
2893         so that we can decide whether any soft/hard linebreak should be skipped (to avoid double line breaks) or not.
2894
2895         Test: fast/text/simple-line-layout-leading-whitespace-with-soft-hard-linebreak.html
2896
2897         * rendering/SimpleLineLayout.cpp:
2898         (WebCore::SimpleLineLayout::consumeLineBreakIfNeeded): special handling <br>
2899         (WebCore::SimpleLineLayout::firstFragment): Now we need to deal with leading collapsed whitespace.
2900         (WebCore::SimpleLineLayout::createLineRuns): We need to push even the collapsed whitespace to the next line.
2901
2902 2017-05-15  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2903
2904         Invalid MediaSource duration value should throw TyperError instead of InvalidStateError
2905         https://bugs.webkit.org/show_bug.cgi?id=171653
2906
2907         Reviewed by Chris Dumez.
2908
2909         Modify MediaSource::setDuration to throw a TypeError when duration value is invalid as per MSE specification
2910         (https://www.w3.org/TR/2016/REC-media-source-20161117/#dom-mediasource-duration).
2911
2912         Update expectations of corresponding WPT test.
2913
2914         * Modules/mediasource/MediaSource.cpp:
2915         (WebCore::MediaSource::setDuration):
2916         (WebCore::MediaSource::setDurationInternal):
2917
2918 2017-05-15  Gwang Yoon Hwang  <yoon@igalia.com>
2919
2920         [CAIRO] Painting an image mask with a matrix above Pixman's limit breaks internal states of Cairo
2921         https://bugs.webkit.org/show_bug.cgi?id=169094
2922
2923         Reviewed by Žan Doberšek.
2924
2925         It is the same problem which addressed in r212431.
2926         In HiDPI situation, it happens easily due to the size of coordinates.
2927         Also, if this bug happens, it will break the rendering continuously
2928         since we are reusing graphics contexts to render webpages in same
2929         webview.
2930
2931         Test: fast/hidpi/hidpi-long-page-with-inset-element.html
2932
2933         * platform/graphics/cairo/PlatformContextCairo.cpp:
2934         (WebCore::PlatformContextCairo::pushImageMask):
2935         We can avoid the limit of the Pixman by reducing the source surface's
2936         size, and it will create a minimal pattern matrix.
2937
2938 2017-05-14  Zan Dobersek  <zdobersek@igalia.com>
2939
2940         Unreviewed build fix with newer Perl versions.
2941
2942         * bindings/scripts/CodeGeneratorJS.pm:
2943         (AddLegacyCallerOperationIfNeeded): Support for experimental push on scalar (and
2944         other auto-dereferencing) was removed in Perl 5.24. Instead, the LegacyCallers array
2945         has to be dereferenced when pushing new values to it.
2946
2947 2017-05-14  Sam Weinig  <sam@webkit.org>
2948
2949         [WebIDL/DOM] Remove need for custom bindings for HTMLAllCollection and bring up to spec
2950         https://bugs.webkit.org/show_bug.cgi?id=172095
2951
2952         Reviewed by Darin Adler.
2953
2954         - Adds support for the legacycaller WebIDL special annotation.
2955         - Updates implementation of HTMLAllCollection to match the current HTML spec.
2956
2957         Test: fast/dom/document-all.html
2958
2959         * CMakeLists.txt:
2960         * WebCore.xcodeproj/project.pbxproj:
2961         * bindings/js/JSBindingsAllInOne.cpp:
2962         * bindings/js/JSHTMLAllCollectionCustom.cpp: Removed.
2963         Removed JSHTMLAllCollectionCustom.cpp
2964
2965         * bindings/scripts/CodeGeneratorJS.pm:
2966         (GenerateInterface):
2967         (AddLegacyCallerOperationIfNeeded):
2968         Before code generation, clone all the legacycaller operations and put them
2969         in their own set, so they can form an overload set.
2970         
2971         (AddStringifierOperationIfNeeded):
2972         Use IDLParser::cloneType as the FIXME suggested.
2973
2974         (GenerateHeader):
2975         Group call related functionality together and use new IsCallable predicate.
2976
2977         (GenerateOverloadedFunctionOrConstructor):
2978         Generalize a little bit to allow the function being overloaded to be an overloaded legacycaller.
2979
2980         (GenerateImplementation):
2981         Add call to generate the legacycaller code.
2982
2983         (GenerateLegacyCallerDefinitions):
2984         (GenerateLegacyCallerDefinition):
2985         Generate the legacycaller definition, using GenerateArgumentsCountCheck, GenerateParametersCheck
2986         and GenerateImplementationFunctionCall to do all the heavy lifting.
2987
2988         (IsCallable):
2989         Add helper predicate for both custom calls and legacycaller.
2990
2991         * bindings/scripts/IDLParser.pm:
2992         (cloneType):.
2993         (cloneArgument):.
2994         (cloneOperation):
2995         Add cloning functions for IDLArgument and IDLOperation, and make IDLType's
2996         clone feasible for calling outside the package by removing the unneeded 
2997         self parameter.
2998
2999         * bindings/scripts/test/JS/JSTestObj.cpp
3000         * bindings/scripts/test/JS/JSTestObj.h
3001         * bindings/scripts/test/TestObj.idl:
3002         Add testing of legacycaller overloading.
3003
3004         * dom/Document.cpp:
3005         (WebCore::Document::allFilteredByName):
3006         * dom/Document.h:
3007         Add new collection access for the HTMLAllNamedSubCollection.
3008
3009         * html/CachedHTMLCollection.h:
3010         (WebCore::nameShouldBeVisibleInDocumentAll):
3011         Update list of tags to match the current spec.
3012
3013         * html/CollectionType.h:
3014         Add new type for HTMLAllNamedSubCollection.
3015
3016         * html/GenericCachedHTMLCollection.cpp:
3017         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
3018         Specify that DocumentAllNamedItems does not want
3019         the default elementMatches.
3020  
3021         * html/HTMLAllCollection.cpp:
3022         (WebCore::HTMLAllCollection::namedOrIndexedItemOrItems):
3023         (WebCore::HTMLAllCollection::namedItemOrItems):
3024         (WebCore::HTMLAllNamedSubCollection::~HTMLAllNamedSubCollection):
3025         (WebCore::HTMLAllNamedSubCollection::elementMatches):
3026         * html/HTMLAllCollection.h:
3027         Move implementations from the custom binding, and re-implement to
3028         match the spec. Alternate names to item/namedItem were needed to not
3029         shadow the existing ones in HTMLCollection. HTMLAllNamedSubCollection
3030         is a simple HTMLCollection that matches on a name, following the rules
3031         of document.all about which tags can have name attributes.
3032
3033         * html/HTMLAllCollection.idl:
3034         Remove custom annotations and add legacycaller which is now supported.
3035
3036         * html/HTMLCollection.cpp:
3037         (WebCore::invalidationTypeExcludingIdAndNameAttributes):
3038         (WebCore::HTMLCollection::~HTMLCollection):
3039         Add DocumentAllNamedItems.
3040
3041 2017-05-14  Zalan Bujtas  <zalan@apple.com>
3042
3043         Remove unused lambda in TextFragmentIterator::TextFragment::split() and cleanup dependencies.
3044         https://bugs.webkit.org/show_bug.cgi?id=172089
3045
3046         Reviewed by David Kilzer.
3047
3048         * rendering/SimpleLineLayout.cpp:
3049         (WebCore::SimpleLineLayout::splitFragmentToFitLine):
3050         * rendering/SimpleLineLayoutTextFragmentIterator.h:
3051         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::split):
3052         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::splitWithHyphen):
3053
3054 2017-05-13  David Kilzer  <ddkilzer@apple.com>
3055
3056         Unused lambda in JSWebKitSubtleCrypto::wrapKey()
3057         <https://webkit.org/b/172087>
3058
3059         Reviewed by Chris Dumez.
3060
3061         Fixes the following warning with newer clang:
3062
3063             Source/WebCore/bindings/js/JSWebKitSubtleCryptoCustom.cpp:594:35: error: lambda capture 'keyFormat' is not used [-Werror,-Wunused-lambda-capture]
3064                 auto exportSuccessCallback = [keyFormat, algorithm, parameters, wrappingKey, wrapper](const Vector<uint8_t>& exportedKeyData) mutable {
3065                                               ^
3066
3067         * bindings/js/JSWebKitSubtleCryptoCustom.cpp:
3068         (WebCore::JSWebKitSubtleCrypto::wrapKey): Remove unused lambda.
3069
3070 2017-05-13  Eric Carlson  <eric.carlson@apple.com>
3071
3072         [MediaStream] deviceId constraint doesn't work with getUserMedia
3073         https://bugs.webkit.org/show_bug.cgi?id=171877
3074         <rdar://problem/31899730>
3075
3076         Reviewed by Jer Noble.
3077
3078         Test: fast/mediastream/get-user-media-device-id.html
3079
3080         * Modules/mediastream/MediaConstraintsImpl.h:
3081         (WebCore::MediaConstraintsData::MediaConstraintsData): Add a constructor that 
3082         takes a const MediaConstraints&.
3083
3084         * Modules/mediastream/MediaDevices.cpp:
3085         (WebCore::MediaDevices::~MediaDevices): m_deviceChangedToken is a std::optional<>.
3086         * Modules/mediastream/MediaDevices.h:
3087
3088         * Modules/mediastream/MediaDevicesEnumerationRequest.cpp:
3089         (WebCore::MediaDevicesEnumerationRequest::topLevelDocumentOrigin): Don't return
3090         NULL for the main frame so the origin matches that returned for a UserMediaRequest.
3091
3092         * Modules/mediastream/UserMediaController.h:
3093         (WebCore::UserMediaController::setDeviceIDHashSalt): Deleted, not used.
3094         (WebCore::UserMediaController::deviceIDHashSalt): Deleted, not used.
3095
3096         * Modules/mediastream/UserMediaRequest.cpp:
3097         (WebCore::UserMediaRequest::allow): Add device ID hash salt parameter, set it on
3098         constraints.
3099         * Modules/mediastream/UserMediaRequest.h:
3100
3101         * platform/mediastream/MediaConstraints.h:
3102         * platform/mediastream/RealtimeMediaSource.cpp:
3103         (WebCore::RealtimeMediaSource::fitnessDistance): ASSERT if called for DeviceId.
3104         (WebCore::RealtimeMediaSource::selectSettings): Special case DeviceId because it
3105         we have to hash the device ID before comparing, and because the DeviceId can't be
3106         changed so it should never be added to the flattened constraints.
3107         (WebCore::RealtimeMediaSource::supportsConstraints):
3108         (WebCore::RealtimeMediaSource::applyConstraints):
3109         * platform/mediastream/RealtimeMediaSource.h:
3110
3111         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
3112         (WebCore::RealtimeMediaSourceCenter::validateRequestConstraints): Implement.
3113         * platform/mediastream/RealtimeMediaSourceCenter.h:
3114
3115         * platform/mediastream/RealtimeMediaSourceSupportedConstraints.cpp:
3116         (WebCore::RealtimeMediaSourceSupportedConstraints::nameForConstraint): Deleted, unused.
3117         (WebCore::RealtimeMediaSourceSupportedConstraints::constraintFromName): Deleted, unused.
3118         * platform/mediastream/RealtimeMediaSourceSupportedConstraints.h:
3119
3120         * platform/mediastream/mac/AVVideoCaptureSource.mm:
3121         * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
3122         (WebCore::RealtimeMediaSourceCenterMac::bestSourcesForTypeAndConstraints): Pass device
3123         id, not empty string.
3124         (WebCore::RealtimeMediaSourceCenterMac::validateRequestConstraints): Deleted.
3125         * platform/mediastream/mac/RealtimeMediaSourceCenterMac.h:
3126
3127         * platform/mock/MockRealtimeMediaSourceCenter.cpp:
3128         (WebCore::MockRealtimeMediaSourceCenter::validateRequestConstraints): Deleted.
3129         * platform/mock/MockRealtimeMediaSourceCenter.h:
3130
3131 2017-05-13  Chris Dumez  <cdumez@apple.com>
3132
3133         Stop using RefPtr::release()
3134         https://bugs.webkit.org/show_bug.cgi?id=172074
3135
3136         Reviewed by Geoffrey Garen.
3137
3138         * css/parser/CSSPropertyParser.cpp:
3139         (WebCore::FontVariantLigaturesParser::finalizeValue):
3140         (WebCore::FontVariantNumericParser::finalizeValue):
3141         * css/parser/CSSPropertyParserHelpers.cpp:
3142         (WebCore::CSSPropertyParserHelpers::CalcParser::consumeValue):
3143         * loader/SubresourceLoader.cpp:
3144         (WebCore::SubresourceLoader::create):
3145         * loader/archive/mhtml/MHTMLArchive.cpp:
3146         (WebCore::MHTMLArchive::generateMHTMLData):
3147         * loader/archive/mhtml/MHTMLArchive.h:
3148         * loader/archive/mhtml/MHTMLParser.cpp:
3149         (WebCore::MHTMLParser::parseArchiveWithHeader):
3150         * platform/audio/ios/AudioFileReaderIOS.cpp:
3151         (WebCore::AudioFileReader::createBus):
3152         * platform/glib/SharedBufferGlib.cpp:
3153         (WebCore::SharedBuffer::createFromReadingFile):
3154         * platform/graphics/ca/win/CACFLayerTreeHost.cpp:
3155         (WebCore::CACFLayerTreeHost::create):
3156         * platform/graphics/cairo/CairoUtilities.cpp:
3157         (WebCore::copyCairoImageSurface):
3158         * platform/graphics/cairo/ImageBufferCairo.cpp:
3159         (WebCore::getImageData):
3160         * platform/graphics/gtk/IconGtk.cpp:
3161         (WebCore::Icon::createIconForFiles):
3162         * platform/graphics/win/FontCacheWin.cpp:
3163         (WebCore::FontCache::systemFallbackForCharacters):
3164         * platform/win/SharedBufferWin.cpp:
3165         (WebCore::SharedBuffer::createFromReadingFile):
3166
3167 2017-05-13  Javier Fernandez  <jfernandez@igalia.com>
3168
3169         [css-align] Implement the place-self shorthand
3170         https://bugs.webkit.org/show_bug.cgi?id=168846
3171
3172         Reviewed by Zalan Bujtas.
3173
3174         The CSS Box Alignment specification defines a new shorthand to set the
3175         Content Alignment properties (align-self and justify-self) at the
3176         same time.
3177
3178         This patch provides the implementation of the CSS parsing logic and the
3179         required regression tests.
3180
3181         Test: css3/parse-place-self.html
3182
3183         * css/CSSComputedStyleDeclaration.cpp:
3184         (WebCore::ComputedStyleExtractor::propertyValue):
3185         * css/CSSProperties.json:
3186         * css/StyleProperties.cpp:
3187         (WebCore::StyleProperties::getPropertyValue):
3188         * css/parser/CSSPropertyParser.cpp:
3189         (WebCore::CSSPropertyParser::consumePlaceSelfShorthand):
3190         (WebCore::CSSPropertyParser::parseShorthand):
3191         * css/parser/CSSPropertyParser.h:
3192
3193 2017-05-13  Commit Queue  <commit-queue@webkit.org>
3194
3195         Unreviewed, rolling out r216801.
3196         https://bugs.webkit.org/show_bug.cgi?id=172072
3197
3198         Many memory corruption crashes on worker threads (Requested by
3199         ap on #webkit).
3200
3201         Reverted changeset:
3202
3203         "WorkerRunLoop::Task::performTask() should check
3204         !scriptController->isTerminatingExecution()."
3205         https://bugs.webkit.org/show_bug.cgi?id=171775
3206         http://trac.webkit.org/changeset/216801
3207
3208 2017-05-13  Zalan Bujtas  <zalan@apple.com>
3209
3210         AccessibilityRenderObject::textUnderElement needs to assert on unclean tree.
3211         https://bugs.webkit.org/show_bug.cgi?id=172065
3212
3213         Reviewed by Simon Fraser.
3214
3215         r192103 changed the assert logic incorrectly. If the tree is dirty, regardless of the renderer's type,
3216         TextIterator will end up forcing style update/layout on the render tree.
3217         The original assert would have hit with bug 171546 prior to r216726.
3218
3219         * accessibility/AccessibilityRenderObject.cpp:
3220         (WebCore::AccessibilityRenderObject::textUnderElement):
3221
3222 2017-05-12  Simon Fraser  <simon.fraser@apple.com>
3223
3224         event.clientX/clientY should be in layout viewport coordinates
3225         https://bugs.webkit.org/show_bug.cgi?id=172018
3226
3227         Reviewed by Zalan Bujtas.
3228
3229         Fix clientX and clientY on mouse events to be relative to the layout viewport, to match
3230         getBoundingClientRect(), getClientRects() and fixed-position objects.
3231
3232         Also minor cleanup of MouseRelatedEvent to use initializers.
3233
3234         Test: fast/visual-viewport/client-coordinates-relative-to-layout-viewport.html
3235
3236         * dom/MouseRelatedEvent.cpp:
3237         (WebCore::MouseRelatedEvent::MouseRelatedEvent):
3238         (WebCore::MouseRelatedEvent::init):
3239         (WebCore::MouseRelatedEvent::initCoordinates):
3240         (WebCore::contentsScrollOffset): Deleted.
3241         * dom/MouseRelatedEvent.h:
3242
3243 2017-05-12  Sam Weinig  <sam@webkit.org>
3244
3245         [WebIDL] Remove need for custom binding for Worker constructor
3246         https://bugs.webkit.org/show_bug.cgi?id=172050
3247
3248         Reviewed by Chris Dumez.
3249
3250         * CMakeLists.txt:
3251         * WebCore.xcodeproj/project.pbxproj:
3252         * bindings/js/JSWorkerCustom.cpp: Removed.
3253         Remove JSWorkerCustom.cpp
3254
3255         * bindings/scripts/CodeGeneratorJS.pm:
3256         (GenerateCallWith):
3257         * bindings/scripts/IDLAttributes.json:
3258         Add RuntimeFlags as a new option for the ConstructorCallWith extended attribute.
3259
3260         * workers/Worker.cpp:
3261         (WebCore::Worker::create):
3262         * workers/Worker.h:
3263         Update order of arguments to appease the generator.
3264
3265         * workers/Worker.idl:
3266         Add extended attributes for the constructor.
3267
3268 2017-05-12  Simon Fraser  <simon.fraser@apple.com>
3269
3270         The rects returned by Element/Range.getClientRects() should not be rounded
3271         https://bugs.webkit.org/show_bug.cgi?id=172057
3272
3273         Reviewed by Chris Dumez.
3274
3275         Fix createDOMRectVector() to not expand the rects to integer boundaries (which
3276         quad.enclosingBoundingBox() does), but to return rects with floating point
3277         values. This matches Chrome and Firefox, and matches getBoundingClientRect(),
3278         which does not integral snap.
3279
3280         * dom/DOMRect.cpp:
3281         (WebCore::createDOMRectVector):
3282
3283 2017-05-12  Jiewen Tan  <jiewen_tan@apple.com>
3284
3285         Elements should be inserted into a template element as its content's last child
3286         https://bugs.webkit.org/show_bug.cgi?id=171373
3287         <rdar://problem/31862949>
3288
3289         Reviewed by Ryosuke Niwa.
3290
3291         Before this change, our HTML parser obeys the following premises:
3292         1) A fostering child whose parent is a table should be inserted before its parent and under its grandparent.
3293         2) When inserting into a template element, an element should be inserted into its content.
3294
3295         Let's walk through the example:
3296         a) Before eventhandler takes place
3297         template
3298         table
3299             svg <- parser
3300         b) After eventhandler takes place
3301         template
3302             table
3303                 svg <- parser
3304         c) after parsing svg
3305         template
3306             content
3307                 svg
3308                 (table)
3309             table
3310
3311         Finally, in the example, the svg element will be inserted into the content of the template element while
3312         having its next sibling point to the table element. However, the table element is actually under the
3313         template element not its content.
3314
3315         This messy tree is constructed because the second premise is incompleted. It should be: When inserting into
3316         a template element, an element should be inserted into its content as its last child.
3317         Quoted from Step 3 of https://html.spec.whatwg.org/multipage/syntax.html#appropriate-place-for-inserting-a-node
3318         A correct tree will then looks like:
3319         template
3320             content
3321                 svg
3322             table
3323
3324         Tests: fast/dom/HTMLTemplateElement/insert-fostering-child-crash.html
3325                fast/dom/HTMLTemplateElement/insert-fostering-child.html
3326
3327         * html/parser/HTMLConstructionSite.cpp:
3328         (WebCore::insert):
3329         By nullifying task.nextChild, it will force the parser to append the element as task.parent's last child.
3330
3331 2017-05-12  Alex Christensen  <achristensen@webkit.org>
3332
3333         Rename WKContentExtension to WKContentRuleList
3334         https://bugs.webkit.org/show_bug.cgi?id=172053
3335         <rdar://problem/32141005>
3336
3337         Reviewed by Geoffrey Garen.
3338
3339         Covered by existing API tests.
3340
3341         * English.lproj/Localizable.strings:
3342
3343 2017-05-12  Timothy Horton  <timothy_horton@apple.com>
3344
3345         Don't use LinkPresentation URL shortening if it's not available
3346         https://bugs.webkit.org/show_bug.cgi?id=172064
3347         <rdar://problem/32169232>
3348
3349         Rubber-stamped by Wenson Hsieh.
3350
3351         * platform/mac/DragImageMac.mm:
3352         (WebCore::LinkImageLayout::LinkImageLayout):
3353         * platform/spi/cocoa/LinkPresentationSPI.h:
3354
3355 2017-05-11  Simon Fraser  <simon.fraser@apple.com>
3356
3357         Incorrect position when dragging jQuery Draggable elements with position fixed after pinch zoom
3358         https://bugs.webkit.org/show_bug.cgi?id=171113
3359         rdar://problem/31746516
3360
3361         Reviewed by Tim Horton.
3362
3363         Make getBoundingClientRect() and getClientRects() return rects which are relative to the layout
3364         viewport, rather than the visual viewport. This goes part of the way to fixing webkit.org/b/170981,
3365         which aims to make pinch-zoom invisible to web pages ("inert visual viewport"). It fixes issues on various
3366         sites like Facebook when zoomed.
3367
3368         Factor coordinate conversion code into functions on FrameView, which now documents
3369         the various coordinate systems in a big comment. Document::adjustFloatQuadsForScrollAndAbsoluteZoomAndFrameScale()
3370         and Document::adjustFloatRectForScrollAndAbsoluteZoomAndFrameScale() are renamed and factored
3371         to use these helpers.
3372
3373         There are two behavior changes here:
3374
3375         1. FrameView::documentToClientOffset() now uses the origin of the layout viewport in the "document to client"
3376            coordinate mapping.
3377            
3378         2. The two document functions would apply the scale and offset in the wrong order. We need
3379            to first undo the effects of CSS zoom, page zoom and page scale, and then map from document
3380            to client coordinates.
3381
3382         Tests: fast/visual-viewport/client-rects-relative-to-layout-viewport.html
3383                fast/zooming/client-rects-with-css-and-page-zoom.html
3384
3385         * dom/Document.cpp:
3386         (WebCore::Document::convertAbsoluteToClie