dc208ea53ac31f1f3adc7e4ab8b7ef63c8c979e7
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-04-13  Antonio Gomes  <tonikitoo@webkit.org>
2
3         Non-resizable text field looks resizable
4         https://bugs.webkit.org/show_bug.cgi?id=152271
5
6         Reviewed by Darin Adler.
7
8         The 'resizability' of an HTML element is controlled by its 'resize' CSS property value.
9         By default it is 'none', but certain HTML elements, including <textarea>, have it
10         set to 'both' by default (defined in html.css). These values mean no resize at all, and
11         resizable in both vertical and horizontal axis, respectively.
12         Additionally, 'vertical' and 'horizontal' values are also valid.
13
14         Problem here is that the way WebKit handles the 'resize' property on single line
15         input elements (e.g. <input>) is different than other engines (read Gecko, Blink and Presto):
16
17         - Match: WebKit, Firefox, Presto and Blink all force single line input elements to be non-resizable,
18         regardless of either the 'resize' properly is set or not.
19
20         - Mismatch: WebKit is the only engine that actually paints the resize control on single line
21         input elements, even it having no effect.
22
23         On WebKit, this happens because the 'resize' property is wrongly implemented as 'inheritable',
24         differently from other engines. In the way WebKit contructs its RenderTree, 'resize' property
25         ends up spilling out of <input> and entering its shadow representation, carrying the 'resize'
26         property on.
27
28         Patch fixes this by making the 'resize' properly be non-inherited, matching other vendors
29         and the spec [1].
30
31         [1] https://drafts.csswg.org/css-ui/#resize
32
33         Tests: fast/css/resize-not-inherited.html
34                fast/css/resize-single-line-input-no-paint.html
35
36         * rendering/style/RenderStyle.h:
37         * rendering/style/StyleRareInheritedData.cpp:
38         (WebCore::StyleRareInheritedData::StyleRareInheritedData):
39         (WebCore::StyleRareInheritedData::operator==):
40         * rendering/style/StyleRareInheritedData.h:
41         * rendering/style/StyleRareNonInheritedData.cpp:
42         (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
43         (WebCore::StyleRareNonInheritedData::operator==):
44         * rendering/style/StyleRareNonInheritedData.h:
45
46 2016-04-13  Darin Adler  <darin@apple.com>
47
48         Remove UsePointersEvenForNonNullableObjectArguments from DataTransfer
49         https://bugs.webkit.org/show_bug.cgi?id=156495
50
51         Reviewed by Chris Dumez.
52
53         * dom/DataTransfer.idl: Removed UsePointersEvenForNonNullableObjectArguments
54         and marked the element argument to setDragImage as nullable.
55
56 2016-04-13  Brady Eidson  <beidson@apple.com>
57
58         Modern IDB (Blob support): Support deleting stored blob files.
59         https://bugs.webkit.org/show_bug.cgi?id=156523
60
61         Reviewed by Alex Christensen.
62
63         No new tests (No testable change in behavior yet, current tests pass).
64
65         There's 3 points in time when we need to delete blob files (and records of them):
66         1 - When deleting a specific object store record.
67         2 - When deleting an entire object store.
68         3 - When deleting a whole database.
69         
70         This patch does those three things.
71
72         * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
73         (WebCore::IDBServer::SQLiteIDBBackingStore::deleteObjectStore):
74         (WebCore::IDBServer::SQLiteIDBBackingStore::deleteUnusedBlobFileRecords):
75         (WebCore::IDBServer::SQLiteIDBBackingStore::deleteRecord):
76         (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
77         (WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):
78         (WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore):
79         * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
80
81         * Modules/indexeddb/server/SQLiteIDBTransaction.cpp:
82         (WebCore::IDBServer::SQLiteIDBTransaction::commit):
83         (WebCore::IDBServer::SQLiteIDBTransaction::deleteBlobFilesIfNecessary):
84         (WebCore::IDBServer::SQLiteIDBTransaction::addRemovedBlobFile):
85         * Modules/indexeddb/server/SQLiteIDBTransaction.h:
86
87 2016-04-13  Frederic Wang  <fwang@igalia.com>
88
89         Fix two coding mistakes in MathMLInlineContainerElement::childrenChanged
90         https://bugs.webkit.org/show_bug.cgi?id=156538
91
92         Reviewed by Darin Adler.
93
94         We fix the call to updateOperatorProperties inside MathMLInlineContainerElement::childrenChanged
95         for the <math> and <msqrt> tags.
96
97         The <math> tag is already a RenderMathMLRow so the hasTagName(mathTag)
98         conditional is never executed. The tag does not create any anonymous
99         wrapper so we do not need a special case for it anyway.
100
101         The <msqrt> tag is not a RenderMathMLRow (yet). However, the anonymous
102         wrapper behaving as a RenderMathMLRow is actually the last child, not
103         the first one.
104
105         No new tests, this is already covered by mathml/presentation/mo-form-dynamic.html
106         Note that for some reason the coding error for <msqrt> only shows up
107         after the refactoring of bug 152244.
108
109         * mathml/MathMLInlineContainerElement.cpp:
110         (WebCore::MathMLInlineContainerElement::childrenChanged): Fix the two mistakes and add some FIXME comments.
111
112 2016-04-12  Chris Dumez  <cdumez@apple.com>
113
114         Attr.value should not be nullable
115         https://bugs.webkit.org/show_bug.cgi?id=156515
116
117         Reviewed by Benjamin Poulain.
118
119         Update Attr.value so that it is no longer nullable, as per:
120         https://dom.spec.whatwg.org/#interface-attr
121
122         This aligns our behavior with Firefox and Chrome as well.
123
124         Test: fast/dom/Attr/value-not-nullable.html
125
126         * dom/Attr.cpp:
127         (WebCore::Attr::setValueForBindings):
128         (WebCore::Attr::setNodeValue):
129         (WebCore::Attr::setValue):
130         * dom/Attr.h:
131         * dom/Attr.idl:
132
133 2016-04-12  Konstantin Tokarev  <annulen@yandex.ru>
134
135         Fixed uninitialization of Node::DataUnion with GCC 4.8.
136         https://bugs.webkit.org/show_bug.cgi?id=156507
137
138         Reviewed by Michael Catanzaro.
139
140         This change fixes run time crashes caused by access to uninitialized
141         memory in Node::renderer().
142
143         No new tests needed.
144
145         * dom/Node.h:
146
147 2016-04-12  Eric Carlson  <eric.carlson@apple.com>
148
149         [iOS] do not exit AirPlay when the screen locks
150         https://bugs.webkit.org/show_bug.cgi?id=156502
151         <rdar://problem/24616592>
152
153         Reviewed by Jer Noble.
154
155         * html/HTMLMediaElement.cpp:
156         (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction): Add logging.
157         (WebCore::HTMLMediaElement::purgeBufferedDataIfPossible): Don't tell the media engine to purge 
158           data if it is playing to a wireless target because that will drop the connection.
159
160         * html/MediaElementSession.cpp:
161         (WebCore::MediaElementSession::playbackPermitted): Add logging.
162         (WebCore::MediaElementSession::canPlayToWirelessPlaybackTarget): Drive by fix: iOS doesn't 
163           have an explicit playbackTarget, don't test for it.
164         (WebCore::MediaElementSession::isPlayingToWirelessPlaybackTarget): Ditto.
165
166 2016-04-12  Gavin Barraclough  <barraclough@apple.com>
167
168         WebKit should adopt journal_mode=wal for all SQLite databases.
169         https://bugs.webkit.org/show_bug.cgi?id=133496
170
171         Rubber stamped by Chris Dumez.
172
173         Temporarily disable on iOS - this broke a test.
174         (storage/websql/alter-to-info-table.html)
175
176         * platform/sql/SQLiteDatabase.cpp:
177         (WebCore::SQLiteDatabase::open):
178
179 2016-04-12  Joseph Pecoraro  <pecoraro@apple.com>
180
181         Web Inspector: Keyboard shortcut for "Inspect Element" only works when Web Inspector is open.
182         https://bugs.webkit.org/show_bug.cgi?id=111193
183         <rdar://problem/13325889>
184
185         Reviewed by Timothy Hatcher.
186
187         * inspector/InspectorClient.h:
188         (WebCore::InspectorClient::elementSelectionChanged):
189         * inspector/InspectorDOMAgent.cpp:
190         (WebCore::InspectorDOMAgent::setSearchingForNode):
191         Inform the client when element selection changes.
192
193 2016-04-12  Chris Dumez  <cdumez@apple.com>
194
195         Regression(r199360): assertion hit in Element::fastGetAttribute()
196         https://bugs.webkit.org/show_bug.cgi?id=156509
197
198         Reviewed by Ryosuke Niwa.
199
200         Stop using fastGetAttribute() / setAttributeWithoutSynchronization()
201         given that DOMTokenList is used for the class attribute and we need
202         to synchronize in this case.
203
204         No new tests, already covered by existing tests.
205
206         * html/DOMTokenList.cpp:
207         (WebCore::DOMTokenList::updateAssociatedAttributeFromTokens):
208         (WebCore::DOMTokenList::tokens):
209
210 2016-04-12  Myles C. Maxfield  <mmaxfield@apple.com>
211
212         [RTL Scrollbars] Overlay scrollbars push contents inwards
213         https://bugs.webkit.org/show_bug.cgi?id=156225
214         <rdar://problem/25137040>
215
216         Reviewed by Darin Adler.
217
218         The contents should be pushed in by the occupied width of the
219         scrollbar, which is 0 for overlay scrollbars.
220
221         Test: fast/scrolling/rtl-scrollbars-overlay-no-push-contents.html
222
223         * rendering/RenderLayer.cpp:
224         (WebCore::RenderLayer::computeScrollDimensions):
225
226 2016-04-12  Myles C. Maxfield  <mmaxfield@apple.com>
227
228         [OS X] Flakey crash after ScrollAnimatorMac destruction
229         https://bugs.webkit.org/show_bug.cgi?id=156372
230
231         Reviewed by Darin Adler.
232
233         Previously, we were disabling the mock scrollbars using JavaScript after
234         the WebView was created. However, enabling these mock scrollbars can be
235         triggered with a bit of state inside the WebPreferences object, which
236         means WebKit clients can change it at any point. DumpRenderTree is doing
237         this during the document's lifetime.
238
239         This means that the creation of the Scrollbar objects saw a non-mock
240         ScrollbarTheme, but the destruction of the Scrollbar objects saw a mock
241         ScrollbarTheme. Therefore, the non-mock ScrollbarTheme doesn't get
242         cleaned up correctly (ScrollAnimatorMac::willRemoveVerticalScrollbar()
243         returns early because it sees that there is nothing to deregister
244         due to the ScrollbarTheme being mocked).
245
246         This cleanup is necessary because it sets the NSScrollerImp's delegate
247         to nil before the NSScrollerImpDelegate gets destroyed. Because the
248         cleanup wasn't happening, the delegate pointer wasn't getting set to
249         nil, so the pointer was dangling, and AppKit was following it and
250         crashing.
251
252         Because the clients of this bit of state can change it at any time,
253         it is incorrect to change it in JavaScript. Instead, the client must
254         manage this bit of state (so the client and the web process are always
255         in sync). Therefore, the correct way to set this bit of state must be
256         done in the test runner rather than Javascript internals. The mechanism
257         we have to do that is the <!-- webkit-test-runner --> comment at the
258         beginning of the test. This patch migrates to this mechanism and removes
259         the old internals method.
260
261         Test: fast/scrolling/rtl-scrollbars-animation-property.html
262
263         * page/Settings.cpp:
264         * testing/Internals.cpp:
265         (WebCore::Internals::setMockScrollbarsEnabled): Deleted.
266         * testing/Internals.h:
267         * testing/Internals.idl:
268
269 2016-04-12  Darin Adler  <darin@apple.com>
270
271         Remove UsePointersEvenForNonNullableObjectArguments from SVG lists
272         https://bugs.webkit.org/show_bug.cgi?id=156494
273
274         Reviewed by Chris Dumez.
275
276         * bindings/scripts/CodeGenerator.pm:
277         (ShouldPassWrapperByReference): For now, don't do this for any tear-off classes.
278         This includes the items stored in most SVG list classes.
279
280         * svg/SVGLengthList.idl: Removed UsePointersEvenForNonNullableObjectArguments.
281         * svg/SVGNumberList.idl: Ditto.
282         * svg/SVGPointList.idl: Ditto.
283         * svg/SVGTransformList.idl: Ditto.
284
285         * svg/SVGPathSegList.idl: Removed UsePointersEvenForNonNullableObjectArguments.
286         Marked the arguments nullable, and added FIXMEs about returning later since they
287         don't really need to be nullable. But fixing this requires some reworking of the
288         SVG list template and it's not urgent at this time. Preserves behavior where we
289         get an exception when passing null, it's just an SVG exception instead of TypeError.
290
291 2016-04-12  Chris Dumez  <cdumez@apple.com>
292
293         Lazily update tokens in DOMTokenList when the associated attribute value changes
294         https://bugs.webkit.org/show_bug.cgi?id=156474
295
296         Reviewed by Ryosuke Niwa.
297
298         Lazily update tokens in DOMTokenList when the associated attribute value
299         changes for performance. Constructing the sanitized vector of tokens
300         every time the associated Element attribute changes is too expensive.
301         Instead, we mark the vector as dirty whenever the attribute changes, and
302         we only construct the sanitized vector when it is actually required.
303
304         Also do some renaming for clarity.
305
306         There is no web-exposed behavior change.
307
308         * dom/Element.cpp:
309         (WebCore::Element::classAttributeChanged):
310         * html/DOMTokenList.cpp:
311         (WebCore::DOMTokenList::contains):
312         (WebCore::DOMTokenList::addInternal):
313         (WebCore::DOMTokenList::removeInternal):
314         (WebCore::DOMTokenList::toggle):
315         (WebCore::DOMTokenList::value):
316         (WebCore::DOMTokenList::setValue):
317         (WebCore::DOMTokenList::updateTokensFromAttributeValue):
318         (WebCore::DOMTokenList::associatedAttributeValueChanged):
319         (WebCore::DOMTokenList::updateAssociatedAttributeFromTokens):
320         (WebCore::DOMTokenList::tokens):
321         (WebCore::DOMTokenList::DOMTokenList): Deleted.
322         * html/DOMTokenList.h:
323         (WebCore::DOMTokenList::tokens):
324         (WebCore::DOMTokenList::length):
325         (WebCore::DOMTokenList::item):
326         * html/HTMLAnchorElement.cpp:
327         (WebCore::HTMLAnchorElement::parseAttribute):
328         * html/HTMLIFrameElement.cpp:
329         (WebCore::HTMLIFrameElement::parseAttribute):
330         * html/HTMLLinkElement.cpp:
331         (WebCore::HTMLLinkElement::parseAttribute):
332         * html/HTMLOutputElement.cpp:
333         (WebCore::HTMLOutputElement::parseAttribute):
334
335 2016-04-12  Darin Adler  <darin@apple.com>
336
337         Remove UsePointersEvenForNonNullableObjectArguments from HTMLMediaElement
338         https://bugs.webkit.org/show_bug.cgi?id=156492
339
340         Reviewed by Chris Dumez.
341
342         * html/HTMLMediaElement.idl: Removed UsePointersEvenForNonNullableObjectArguments,
343         sorted remaining class attributes, simplified #if around canPlayType a bit,
344         removed comment that is not all that useful, made the argument to
345         webkitSetMediaKeys nullable since the implementation supports that.
346
347 2016-04-12  Eric Carlson  <eric.carlson@apple.com>
348
349         [iOS] media title sometimes remain in Control Center after tab is closed
350         https://bugs.webkit.org/show_bug.cgi?id=156243
351         <rdar://problem/20167445>
352
353         Reviewed by Darin Adler.
354
355         * Modules/webaudio/AudioContext.h: Implement characteristics.
356
357         * html/HTMLMediaElement.cpp:
358         (WebCore::HTMLMediaElement::mediaLoadingFailed): Call mediaSession->clientCharacteristicsChanged.
359         (WebCore::HTMLMediaElement::setReadyState): Ditto.
360         (WebCore::HTMLMediaElement::clearMediaPlayer): Ditto.
361         (WebCore::HTMLMediaElement::stop): Call mediaSession->stopSession.
362         (WebCore::HTMLMediaElement::characteristics): New, return current characteristics.
363         * html/HTMLMediaElement.h:
364
365         * platform/audio/PlatformMediaSession.cpp:
366         (WebCore::PlatformMediaSession::stopSession): Suspend playback, and remove the session 
367           from the manager, it will never play again.
368         (WebCore::PlatformMediaSession::characteristics): Return client characteristics.
369         (WebCore::PlatformMediaSession::clientCharacteristicsChanged):
370         * platform/audio/PlatformMediaSession.h:
371
372         * platform/audio/PlatformMediaSessionManager.cpp:
373         (WebCore::PlatformMediaSessionManager::stopAllMediaPlaybackForProcess): Call stopSession 
374           instead of pauseSession to signal that playback will never start again.
375         * platform/audio/PlatformMediaSessionManager.h:
376
377         * platform/audio/ios/MediaSessionManagerIOS.h:
378         * platform/audio/ios/MediaSessionManagerIOS.mm:
379         (WebCore::MediaSessionManageriOS::sessionWillBeginPlayback): Add logging.
380         (WebCore::MediaSessionManageriOS::removeSession): Update NowPlaying.
381         (WebCore::MediaSessionManageriOS::sessionWillEndPlayback): Add logging.
382         (WebCore::MediaSessionManageriOS::clientCharacteristicsChanged): Update NowPlaying.
383         (WebCore::MediaSessionManageriOS::nowPlayingEligibleSession): New, return the first session
384           that is an audio or video element with playable audio. WebAudio is not currently controllable
385           so it isn't appropriate to show it in the NowPlaying info center.
386         (WebCore::MediaSessionManageriOS::updateNowPlayingInfo): Remember the last state passed to
387           NowPlaying so we can call it only when something has changed.
388
389 2016-04-12  Carlos Garcia Campos  <cgarcia@igalia.com>
390
391         [GTK] Rework scrollbars theming code for GTK+ 3.20
392         https://bugs.webkit.org/show_bug.cgi?id=156462
393
394         Reviewed by Michael Catanzaro.
395
396         In r199292, we reworked the theming code to ensure it works with the new GTK+ CSS theming system. The same is
397         needed for scrollbars, this patch uses the RenderThemeGadget classes introduced in r199292 to render the native
398         scrollbars. The code is now split in 3 parts: stub methods for GTK+2 (since this file is compiled for
399         WebCoreGTK, but not used), the implementation for GTK+ < 3.20 and the implementation for GTK+ >= 3.20. This
400         reduces the amount of ifdefed code, and ensures that changes in new code don't break the rendering with older
401         versions of GTK+. I noticed that we were overriding both, the specific paint methods to render scrollbars
402         parts and the global paint method that renders all the scrollbar parts. We don't really need the specific paint
403         methods, so I've removed the implemention leaving only the paint method. This also allows us to get rid of the
404         GtkStyleContext cache.
405
406         * platform/gtk/RenderThemeGadget.cpp:
407         (WebCore::RenderThemeGadget::create): Handle scrollbars gadgets.
408         (WebCore::appendElementToPath): In case of scrollbar gadget, use the scrollbar GType when creating the path to
409         be able to get non-CSS style properties.
410         (WebCore::RenderThemeGadget::opacity): Add method to get the opacity CSS style property.
411         (WebCore::RenderThemeScrollbarGadget::RenderThemeScrollbarGadget): Initialize m_steppers option set with the
412         steppers used by the theme.
413         * platform/gtk/RenderThemeGadget.h:
414         * platform/gtk/ScrollbarThemeGtk.cpp:
415         (WebCore::themeChangedCallback):
416         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
417         (WebCore::createStyleContext):
418         (WebCore::createChildStyleContext):
419         (WebCore::ScrollbarThemeGtk::themeChanged):
420         (WebCore::ScrollbarThemeGtk::updateThemeProperties):
421         (WebCore::scrollbarPartStateFlags):
422         (WebCore::scrollbarGadgetForLayout):
423         (WebCore::contentsGadgetForLayout):
424         (WebCore::ScrollbarThemeGtk::trackRect):
425         (WebCore::ScrollbarThemeGtk::hasThumb):
426         (WebCore::ScrollbarThemeGtk::backButtonRect):
427         (WebCore::ScrollbarThemeGtk::forwardButtonRect):
428         (WebCore::ScrollbarThemeGtk::paint):
429         (WebCore::paintStepper):
430         (WebCore::adjustRectAccordingToMargin):
431         (WebCore::ScrollbarThemeGtk::scrollbarThickness):
432         (WebCore::ScrollbarThemeGtk::minimumThumbLength):
433         * platform/gtk/ScrollbarThemeGtk.h:
434
435 2016-03-17  Sergio Villar Senin  <svillar@igalia.com>
436
437         [css-grid] Add parsing support for <auto-repeat> syntax
438         https://bugs.webkit.org/show_bug.cgi?id=155583
439
440         Reviewed by Antti Koivisto.
441
442         The repeat() notation allows now to specify auto-fill or auto-fit instead of
443         a fixed number of repetitions meaning that it will be automatically computed
444         depending on the available space.
445
446         This patch just adds the parsing support, the expansion of the repeat notation
447         will be implemented in a follow up patch because it cannot be done at
448         parsing level (since it requires knowledge about the available space).
449
450         Test: fast/css-grid-layout/grid-element-auto-repeat-get-set.html
451
452         * CMakeLists.txt:
453         * css/CSSGridAutoRepeatValue.cpp: Added.
454         (WebCore::CSSGridAutoRepeatValue::customCSSText):
455         * css/CSSGridAutoRepeatValue.h: Added.
456         (WebCore::CSSGridAutoRepeatValue::create):
457         (WebCore::CSSGridAutoRepeatValue::autoRepeatID):
458         (WebCore::CSSGridAutoRepeatValue::CSSGridAutoRepeatValue):
459         * css/CSSParser.cpp:
460         (WebCore::allTracksAreFixedSized):
461         (WebCore::CSSParser::parseGridTrackList):
462         (WebCore::CSSParser::parseGridTrackRepeatFunction):
463         (WebCore::CSSParser::parseGridTrackSize):
464         (WebCore::CSSParser::parseGridBreadth):
465         * css/CSSParser.h:
466         * css/CSSValue.cpp:
467         (WebCore::CSSValue::equals):
468         (WebCore::CSSValue::cssText):
469         (WebCore::CSSValue::destroy):
470         * css/CSSValue.h:
471         (WebCore::CSSValue::isGridAutoRepeatValue):
472         * css/CSSValueKeywords.in:
473
474 2016-04-12  Yusuke Suzuki  <utatane.tea@gmail.com>
475
476         [JSC] addStaticGlobals should emit SymbolTableEntry watchpoints to encourage constant folding in DFG
477         https://bugs.webkit.org/show_bug.cgi?id=155110
478
479         Reviewed by Saam Barati.
480
481         * bindings/js/JSDOMWindowBase.cpp:
482         (WebCore::JSDOMWindowBase::updateDocument):
483
484 2016-04-12  Sergio Villar Senin  <svillar@igalia.com>
485
486         [css-grid] Pass GridSizingData instead of columnTracks to track sizing methods
487         https://bugs.webkit.org/show_bug.cgi?id=156466
488
489         Reviewed by Darin Adler.
490
491         Several methods used to compute the items' size contribution to the tracks they span in, get
492         as an argument a vector with the sizes of the column tracks.
493
494         In order to support grids with orthogonal flows (among other things) it's much better to
495         pass the GridSizingData struct and let those methods decide whether to use the columns or
496         the rows.
497
498         No new tests as this is just a minor refactoring with no change in behavior.
499
500         * rendering/RenderGrid.cpp:
501         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
502         (WebCore::RenderGrid::logicalContentHeightForChild):
503         (WebCore::RenderGrid::minSizeForChild):
504         (WebCore::RenderGrid::minContentForChild):
505         (WebCore::RenderGrid::maxContentForChild):
506         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
507         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
508         (WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase):
509         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
510         * rendering/RenderGrid.h:
511
512 2016-04-11  Darin Adler  <darin@apple.com>
513
514         Remove UsePointersEvenForNonNullableObjectArguments from HTMLOptionsCollection
515         https://bugs.webkit.org/show_bug.cgi?id=156491
516
517         Reviewed by Chris Dumez.
518
519         * html/HTMLOptionsCollection.cpp:
520         (WebCore::HTMLOptionsCollection::add): Take a reference instead of a pointer.
521         * html/HTMLOptionsCollection.h: Removed unneeded forward declaration. Changed
522         add to take a reference instead of a pointer for the element to add. Used
523         final instead of override on virtual functions.
524         * html/HTMLOptionsCollection.idl: Removed now-unneeded attribute
525         UsePointersEvenForNonNullableObjectArguments; the only function affected was
526         add, and the overloading code was already checking for null.
527
528 2016-04-11  Darin Adler  <darin@apple.com>
529
530         Remove UsePointersEvenForNonNullableObjectArguments from HTMLSelectElement
531         https://bugs.webkit.org/show_bug.cgi?id=156458
532
533         Reviewed by Chris Dumez.
534
535         * bindings/js/JSHTMLOptionsCollectionCustom.cpp:
536         (WebCore::JSHTMLOptionsCollection::remove): Updated to call remove with a reference
537         rather than a pointer.
538
539         * bindings/js/JSHTMLSelectElementCustom.cpp:
540         (WebCore::JSHTMLSelectElement::remove): Updated to call remove with a reference
541         rather than a pointer.
542         (WebCore::selectIndexSetter): Updated to call setOption with a reference rather
543         than a pointer.
544
545         * bindings/scripts/CodeGeneratorGObject.pm:
546         (GenerateFunction): Added basic support for passing wrappers by reference.
547         GObject bindings already check arguments for null, so didn't add any new checks.
548
549         * bindings/scripts/test/GObject/WebKitDOMTestActiveDOMObject.cpp:
550         * bindings/scripts/test/GObject/WebKitDOMTestCallback.cpp:
551         * bindings/scripts/test/GObject/WebKitDOMTestCallbackFunction.cpp:
552         * bindings/scripts/test/GObject/WebKitDOMTestInterface.cpp:
553         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
554         Updated.
555
556         * editing/FrameSelection.cpp: Updated includes.
557
558         * html/HTMLOptionElement.cpp:
559         (WebCore::HTMLOptionElement::setSelected): Pass reference when calling
560         HTMLSelectElement::optionSelectionStateChanged.
561         (WebCore::HTMLOptionElement::insertedInto): Ditto.
562
563         * html/HTMLOptionsCollection.cpp:
564         (WebCore::HTMLOptionsCollection::add): Moved null checking behavior here.
565         Preserves existing "silently do nothing if null".
566         (WebCore::HTMLOptionsCollection::remove): Changed function to take a reference
567         instead of a pointer.
568
569         * html/HTMLOptionsCollection.h: Updated include. Changed remove to take a
570         reference instead of a pointer.
571
572         * html/HTMLSelectElement.cpp:
573         (WebCore::HTMLSelectElement::add): Changed to take a reference instead of
574         a pointer. Also removed unneeded protect code, since insertBefore already
575         protects itself, and unneeded call to updateValidity, since the
576         HTMLSelectElement::childrenChanged function already calls updateValidity.
577         (WebCore::HTMLSelectElement::remove): Changed to take a reference instead
578         of a pointer.
579         (WebCore::HTMLSelectElement::setOption): Changed to take a reference
580         instead of a pointer.
581         (WebCore::HTMLSelectElement::setLength): Renamed "newLen" to "newLength".
582         Use Ref instead of RefPtr for result of createElement, which makes the
583         argument passed to add be a reference rather than a pointer.
584         (WebCore::HTMLSelectElement::willRespondToMouseClickEvents): Put the #if
585         for this here instead of in the header.
586         (WebCore::HTMLSelectElement::optionSelectionStateChanged): Changed to take
587         a reference instead of a pointer for the option element.
588
589         * html/HTMLSelectElement.h: Removed unneeded includes. Derive privately
590         from TypeAheadDataSource instead of publicly. Make all overrides final
591         except for the one that is actually overridden by a derived class.
592         Changed the arguments of the add, remove, setOption, and
593         optionSelectionStateChanged functions to be references instead of pointers.
594         Tweaked formatting a bit and used nullptr instead of 0. Override
595         willRespondToMouseClickEvents on all platforms, not just iOS.
596
597         * html/HTMLSelectElement.idl: Removed UsePointersEvenForNonNullableObjectArguments.
598         Removed a comment that is no longer needed. Made some types nullable to match
599         the specification, in places that currently have no effect on code generation.
600         Added a FIXME comment about the argument to setCustomValidity incorrectly being
601         marked as nullable.
602
603 2016-04-11  Brent Fulgham  <bfulgham@apple.com>
604
605         Use WeakPtrs to avoid using deallocated Widgets and ScrollableAreas
606         https://bugs.webkit.org/show_bug.cgi?id=156420
607         <rdar://problem/25637378>
608
609         Reviewed by Darin Adler.
610
611         Avoid the risk of using deallocated Widgets and ScrollableAreas by using WeakPtrs instead of
612         bare pointers. This allows us to remove some explicit calls to get ScrollableArea and Widget
613         members in the event handling logic. Instead, null checks are sufficient to ensure we never
614         accidentally dereference a deleted element.
615
616         1. Modify the ScrollableArea class to support vending WeakPtrs.
617         2. Modify the Event Handling code to use WeakPtrs to hold ScrollableArea and RenderWidget
618            objects, and to null-check these elements after event handling dispatching is finished
619            to handle cases where these objects are destroyed.
620
621         Test: fast/events/wheel-event-destroys-frame.html
622               fast/events/wheel-event-destroys-overflow.html
623
624         * page/EventHandler.cpp:
625         (WebCore::EventHandler::platformPrepareForWheelEvents): Change signature for WeakPtr.
626         (WebCore::EventHandler::platformCompleteWheelEvent): Ditto.
627         (WebCore::EventHandler::platformNotifyIfEndGesture): Ditto.
628         (WebCore::widgetForElement): Change to return a WeakPtr.
629         (WebCore::EventHandler::handleWheelEvent): Use WeakPtrs to hold elements that might be destroyed
630         during event handling.
631         * page/EventHandler.h:
632         * page/mac/EventHandlerEfl.cpp: Rename passWheelEventToWidget to widgetDidHandleWheelEvent.
633         * page/mac/EventHandlerGtk.cpp: Ditto.
634         * page/mac/EventHandlerIOS.mm: Ditto.
635         * page/mac/EventHandlerMac.mm:
636         (WebCore::scrollableAreaForEventTarget): Renamed from scrollViewForEventTarget. Return
637         a WeakPtr rather than a bare pointer.
638         (WebCore::scrollableAreaForContainerNode): Return WeakPtr rather than bare pointer.
639         (WebCore::EventHandler::completeWidgetWheelEvent): Added.
640         (WebCore::EventHandler::passWheelEventToWidget): Deleted.
641         (WebCore::EventHandler::platformPrepareForWheelEvents): Convert to WeakPtrs.
642         (WebCore::EventHandler::platformCompleteWheelEvent): Ditto.
643         (WebCore::EventHandler::platformCompletePlatformWidgetWheelEvent): Ditto.
644         (WebCore::EventHandler::platformNotifyIfEndGesture): Ditto.
645         (WebCore::EventHandler::widgetDidHandleWheelEvent): Renamed from passWheelEventToWidget.
646         (WebCore::EventHandler::widgetForEventTarget): Converted from static function to static
647         method so it can be shared with EventHandlerMac.
648         (WebCore::scrollViewForEventTarget): Deleted.
649         * page/mac/EventHandlerWin.cpp: Rename passWheelEventToWidget to widgetDidHandleWheelEvent.
650         * platform/ScrollableArea.cpp:
651         * platform/ScrollableArea.h:
652         (WebCore::ScrollableArea::createWeakPtr): Added.
653         * platform/Widget.h:
654         (WebCore::ScrollableArea::createWeakPtr): Added.
655
656 2016-04-11  Dean Jackson  <dino@apple.com>
657
658         putImageData needs to premultiply input
659         https://bugs.webkit.org/show_bug.cgi?id=156488
660         <rdar://problem/25672675>
661
662         Reviewed by Zalan Bujtas.
663
664         I made a mistake in r187534 as I was converting get and putImageData
665         to use Accelerate. The incoming data is unmultiplied, and should
666         be premultiplied before copying into the backing store. I was
667         accidentally unmultiplying unmultiplied data, which caused
668         some pretty psychedelic results.
669
670         Test: fast/canvas/putImageData-unmultiplied.html
671
672         * platform/graphics/cg/ImageBufferDataCG.cpp:
673         (WebCore::ImageBufferData::putData): Call premultiply, not unpremultiply.
674
675 2016-04-11  Jeremy Jones  <jeremyj@apple.com>
676
677         When clearing cache, also clear AVFoundation cache.
678         https://bugs.webkit.org/show_bug.cgi?id=155783
679         rdar://problem/25252541
680
681         Reviewed by Darin Adler.
682
683         Use AVAssetCache at a specified location on disk for all AVURLAssets. This AVAssetCache
684         can then be used to manage the cache storage used by AVFoundation. It is used to query the
685         contents of the cache in originsInMediaCache() and to clear the cache completely or partially in
686         clearMediaCache() and clearMediaCacheForOrigins().
687
688         Use SecurityOrigin instead of the less formal site String to represent origins in the cache.
689
690         * html/HTMLMediaElement.cpp:
691         (WebCore::sharedMediaCacheDirectory): Added.
692         (WebCore::HTMLMediaElement::setMediaCacheDirectory): Added.
693         (WebCore::HTMLMediaElement::mediaCacheDirectory): Added.
694         (WebCore::HTMLMediaElement::originsInMediaCache): Added.
695         (WebCore::HTMLMediaElement::clearMediaCache): Added parameter.
696         (WebCore::HTMLMediaElement::clearMediaCacheForOrigins): Added.
697         (WebCore::HTMLMediaElement::mediaPlayerMediaCacheDirectory): Added.
698         (WebCore::HTMLMediaElement::getSitesInMediaCache): Deleted.
699         (WebCore::HTMLMediaElement::clearMediaCacheForSite): Deleted.
700         * html/HTMLMediaElement.h:
701         (WebCore::HTMLMediaElement::clearMediaCache): Added parameter.
702         * platform/graphics/MediaPlayer.cpp:
703         (WebCore::addMediaEngine): Add new cache methods.
704         (WebCore::addToHash): Added.
705         (WebCore::MediaPlayer::originsInMediaCache): Added.
706         (WebCore::MediaPlayer::clearMediaCache): Added parameter.
707         (WebCore::MediaPlayer::clearMediaCacheForOrigins): Added.
708         (WebCore::MediaPlayer::getSitesInMediaCache): Deleted.
709         (WebCore::MediaPlayer::clearMediaCacheForSite): Deleted.
710         * platform/graphics/MediaPlayer.h:
711         (WebCore::MediaPlayerClient::mediaPlayerMediaCacheDirectory): Added.
712         * platform/graphics/MediaPlayerPrivate.h:
713         (WebCore::MediaPlayerPrivateInterface::originsInMediaCache): Added.
714         (WebCore::MediaPlayerPrivateInterface::clearMediaCache): Added parameter.
715         (WebCore::MediaPlayerPrivateInterface::clearMediaCacheForOrigins): Added.
716         (WebCore::MediaPlayerPrivateInterface::getSitesInMediaCache): Deleted.
717         (WebCore::MediaPlayerPrivateInterface::clearMediaCacheForSite): Deleted.
718         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
719         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
720         (WebCore::MediaPlayerPrivateAVFoundationObjC::registerMediaEngine): Added cache methods.
721         (WebCore::assetCacheForPath): Added.
722         (WebCore::MediaPlayerPrivateAVFoundationObjC::originsInMediaCache): Added.
723         (WebCore::toSystemClockTime): Added.
724         (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCache): Added parameter.
725         (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCacheForOrigins): Added.
726         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Added.
727         * platform/graphics/mac/MediaPlayerPrivateQTKit.h:
728         * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
729         (WebCore::MediaPlayerPrivateQTKit::registerMediaEngine): Added cache methods.
730         (WebCore::MediaPlayerPrivateQTKit::originsInMediaCache): Added.
731         (WebCore::MediaPlayerPrivateQTKit::clearMediaCache): Added parameter.
732         (WebCore::MediaPlayerPrivateQTKit::clearMediaCacheForOrigins): Added.
733         (WebCore::MediaPlayerPrivateQTKit::getSitesInMediaCache): Deleted.
734         (WebCore::MediaPlayerPrivateQTKit::clearMediaCacheForSite): Deleted.
735         * platform/spi/mac/AVFoundationSPI.h:
736
737 2016-04-11  Commit Queue  <commit-queue@webkit.org>
738
739         Unreviewed, rolling out r199310.
740         https://bugs.webkit.org/show_bug.cgi?id=156483
741
742         This change turns many indexeddb tests into crashes (Requested
743         by jwtan on #webkit).
744
745         Reverted changeset:
746
747         "Clean up IDBBindingUtilities."
748         https://bugs.webkit.org/show_bug.cgi?id=156472
749         http://trac.webkit.org/changeset/199310
750
751 2016-04-11  Commit Queue  <commit-queue@webkit.org>
752
753         Unreviewed, rolling out r199315.
754         https://bugs.webkit.org/show_bug.cgi?id=156482
755
756         This change broke the OS X Yosemite build. (Requested by jwtan
757         on #webkit).
758
759         Reverted changeset:
760
761         "When clearing cache, also clear AVFoundation cache."
762         https://bugs.webkit.org/show_bug.cgi?id=155783
763         http://trac.webkit.org/changeset/199315
764
765 2016-04-11  Brian Burg  <bburg@apple.com>
766
767         Web Inspector: get rid of InspectorBasicValue and InspectorString subclasses
768         https://bugs.webkit.org/show_bug.cgi?id=156407
769         <rdar://problem/25627659>
770
771         Reviewed by Joseph Pecoraro.
772
773         * inspector/InspectorDatabaseAgent.cpp: Don't use deleted subclasses.
774
775 2016-04-11  Commit Queue  <commit-queue@webkit.org>
776
777         Unreviewed, rolling out r198909.
778         https://bugs.webkit.org/show_bug.cgi?id=156479
779
780         made double-click-and-drag on text drag instead of
781         highlighting (Requested by alexchristensen_ on #webkit).
782
783         Reverted changeset:
784
785         "eventMayStartDrag() does not check for shiftKey or
786         isOverLink"
787         https://bugs.webkit.org/show_bug.cgi?id=155746
788         http://trac.webkit.org/changeset/198909
789
790 2016-04-11  Chris Dumez  <cdumez@apple.com>
791
792         [WebIDL] Add support for [ImplementedAs] for EventHandler attributes
793         https://bugs.webkit.org/show_bug.cgi?id=156421
794
795         Reviewed by Darin Adler.
796
797         Add support for [ImplementedAs] for EventHandler attributes so we can
798         get rid of some ugly name hard-coding in the bindings generator.
799
800         * Modules/notifications/Notification.idl:
801         * bindings/scripts/CodeGeneratorJS.pm:
802         (EventHandlerAttributeEventName):
803         * bindings/scripts/test/JS/JSTestObj.cpp:
804         (WebCore::jsTestObjOnwebkitfoo):
805         (WebCore::setJSTestObjOnwebkitfoo):
806         * bindings/scripts/test/TestObj.idl:
807         * dom/Element.idl:
808         * page/DOMWindow.idl:
809
810 2016-04-11  Jeremy Jones  <jeremyj@apple.com>
811
812         When clearing cache, also clear AVFoundation cache.
813         https://bugs.webkit.org/show_bug.cgi?id=155783
814         rdar://problem/25252541
815
816         Reviewed by Darin Adler.
817
818         Use AVAssetCache at a specified location on disk for all AVURLAssets. This AVAssetCache
819         can then be used to manage the cache storage used by AVFoundation. It is used to query the
820         contents of the cache in originsInMediaCache() and to clear the cache completely or partially in
821         clearMediaCache() and clearMediaCacheForOrigins().
822
823         Use SecurityOrigin instead of the less formal site String to represent origins in the cache.
824
825         * html/HTMLMediaElement.cpp:
826         (WebCore::sharedMediaCacheDirectory): Added.
827         (WebCore::HTMLMediaElement::setMediaCacheDirectory): Added.
828         (WebCore::HTMLMediaElement::mediaCacheDirectory): Added.
829         (WebCore::HTMLMediaElement::originsInMediaCache): Added.
830         (WebCore::HTMLMediaElement::clearMediaCache): Added parameter.
831         (WebCore::HTMLMediaElement::clearMediaCacheForOrigins): Added.
832         (WebCore::HTMLMediaElement::mediaPlayerMediaCacheDirectory): Added.
833         (WebCore::HTMLMediaElement::getSitesInMediaCache): Deleted.
834         (WebCore::HTMLMediaElement::clearMediaCacheForSite): Deleted.
835         * html/HTMLMediaElement.h:
836         (WebCore::HTMLMediaElement::clearMediaCache): Added parameter.
837         * platform/graphics/MediaPlayer.cpp:
838         (WebCore::addMediaEngine): Add new cache methods.
839         (WebCore::addToHash): Added.
840         (WebCore::MediaPlayer::originsInMediaCache): Added.
841         (WebCore::MediaPlayer::clearMediaCache): Added parameter.
842         (WebCore::MediaPlayer::clearMediaCacheForOrigins): Added.
843         (WebCore::MediaPlayer::getSitesInMediaCache): Deleted.
844         (WebCore::MediaPlayer::clearMediaCacheForSite): Deleted.
845         * platform/graphics/MediaPlayer.h:
846         (WebCore::MediaPlayerClient::mediaPlayerMediaCacheDirectory): Added.
847         * platform/graphics/MediaPlayerPrivate.h:
848         (WebCore::MediaPlayerPrivateInterface::originsInMediaCache): Added.
849         (WebCore::MediaPlayerPrivateInterface::clearMediaCache): Added parameter.
850         (WebCore::MediaPlayerPrivateInterface::clearMediaCacheForOrigins): Added.
851         (WebCore::MediaPlayerPrivateInterface::getSitesInMediaCache): Deleted.
852         (WebCore::MediaPlayerPrivateInterface::clearMediaCacheForSite): Deleted.
853         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
854         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
855         (WebCore::MediaPlayerPrivateAVFoundationObjC::registerMediaEngine): Added cache methods.
856         (WebCore::assetCacheForPath): Added.
857         (WebCore::MediaPlayerPrivateAVFoundationObjC::originsInMediaCache): Added.
858         (WebCore::toSystemClockTime): Added.
859         (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCache): Added parameter.
860         (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCacheForOrigins): Added.
861         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Added.
862         * platform/graphics/mac/MediaPlayerPrivateQTKit.h:
863         * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
864         (WebCore::MediaPlayerPrivateQTKit::registerMediaEngine): Added cache methods.
865         (WebCore::MediaPlayerPrivateQTKit::originsInMediaCache): Added.
866         (WebCore::MediaPlayerPrivateQTKit::clearMediaCache): Added parameter.
867         (WebCore::MediaPlayerPrivateQTKit::clearMediaCacheForOrigins): Added.
868         (WebCore::MediaPlayerPrivateQTKit::getSitesInMediaCache): Deleted.
869         (WebCore::MediaPlayerPrivateQTKit::clearMediaCacheForSite): Deleted.
870         * platform/spi/mac/AVFoundationSPI.h:
871
872 2016-04-11  Antoine Quint  <graouts@apple.com>
873
874         [WebGL2] Use Open GL ES 3.0 to back WebGL2 contexts
875         https://bugs.webkit.org/show_bug.cgi?id=141178
876
877         Reviewed by Dean Jackson.
878
879         We add a new `useGLES3` attribute when creating a GraphicsContext3D in the event that the
880         context type is "webgl2". This attribute is then read by the GraphicsContext3D constructor
881         to request an Open GL ES 3.0 backend when creating the EAGLContext on iOS.
882
883         * html/canvas/WebGLRenderingContextBase.cpp:
884         (WebCore::WebGLRenderingContextBase::create):
885         * platform/graphics/GraphicsContext3D.h:
886         (WebCore::GraphicsContext3D::Attributes::Attributes):
887         * platform/graphics/mac/GraphicsContext3DMac.mm:
888         (WebCore::GraphicsContext3D::GraphicsContext3D):
889
890 2016-04-11  Jiewen Tan  <jiewen_tan@apple.com>
891
892         fast/loader/opaque-base-url.html crashing during mac and ios debug tests
893         https://bugs.webkit.org/show_bug.cgi?id=156179
894         <rdar://problem/25507719>
895
896         Reviewed by Ryosuke Niwa.
897
898         Navigate to about:blank if the provided src of an iframe/frame cannot be
899         resolved to a valid URL.
900
901         Test: fast/loader/iframe-src-invalid-url.html
902
903         * loader/SubframeLoader.cpp:
904         (WebCore::SubframeLoader::requestFrame):
905
906 2016-04-11  Said Abou-Hallawa  <sabouhallawa@apple,com>
907
908         Merge CG ImageSource and non CG ImageSource implementation in one file
909         https://bugs.webkit.org/show_bug.cgi?id=155456
910
911         Reviewed by Darin Adler.
912
913         ImageSource for CG and CG code paths look very similar. All the platform
914         specific code can be moved to ImageDecoder classes for CG and non CG. And
915         we can have the ImageSource be platform independent and we get rid of
916         ImageSourceCG.cpp.
917
918         Test: fast/images/image-subsampling.html
919
920         * CMakeLists.txt:
921         * PlatformAppleWin.cmake:
922         * PlatformMac.cmake:
923         * WebCore.xcodeproj/project.pbxproj:
924         Delete ImageSourceCG.cpp form all make files and add ImageSource.cpp to
925         CMakeLists.txt.
926         
927         * platform/Cursor.cpp:
928         (WebCore::determineHotSpot):
929         * platform/graphics/BitmapImage.cpp:
930         (WebCore::BitmapImage::hotSpot):
931         (WebCore::BitmapImage::getHotSpot): Deleted.
932         * platform/graphics/BitmapImage.h:
933         * platform/graphics/Image.h:
934         (WebCore::Image::hotSpot):
935         (WebCore::Image::getHotSpot): Deleted.
936         Rename getHotSpot() to hotSpot() and change it to return Optional<IntPoint>.
937         
938         * platform/graphics/ImageSource.cpp:
939         (WebCore::ImageSource::~ImageSource): Remove clear(true) call. It does nothing.
940         (WebCore::ImageSource::clearFrameBufferCache): A wrapper which calls ImageDecoder::clearFrameBufferCache().
941         (WebCore::ImageSource::clear): Calls clearFrameBufferCache() which will do nothing for CG.
942         
943         (WebCore::ImageSource::ensureDecoderIsCreated): Change SharedBuffer* to
944         const SharedBuffer& and remove the call to ImageDecoder::setMaxNumPixels().
945         The value of const static int CG ImageDecoder::m_maxNumPixels will be set
946         based on IMAGE_DECODER_DOWN_SAMPLING.
947         
948         (WebCore::ImageSource::setData): Pass SharedBuffer& to the underlying functions.
949         
950         (WebCore::ImageSource::calculateMaximumSubsamplingLevel): Returns the maximum
951         subsampling level allowed for an image.
952         
953         (WebCore::ImageSource::subsamplingLevelForScale): Converts from a scale to
954         SubsamplingLevel taking into consideration the maximumSubsamplingLevel for
955         a particular image.
956         
957         (WebCore::ImageSource::bytesDecodedToDetermineProperties): Returns the number
958         of encoded bytes which can determine the image properties. For non CG it's
959         zero. For CG it is a maximum value which can be corrected later.
960         
961         (WebCore::ImageSource::isSizeAvailable):
962         (WebCore::ImageSource::sizeRespectingOrientation):
963         (WebCore::ImageSource::frameCount):
964         (WebCore::ImageSource::repetitionCount):
965         (WebCore::ImageSource::filenameExtension):
966         (WebCore::ImageSource::getHotSpot):
967         (WebCore::ImageSource::frameIsCompleteAtIndex):
968         (WebCore::ImageSource::frameHasAlphaAtIndex):
969         (WebCore::ImageSource::allowSubsamplingOfFrameAtIndex):
970         (WebCore::ImageSource::frameSizeAtIndex):
971         (WebCore::ImageSource::frameBytesAtIndex):
972         (WebCore::ImageSource::frameDurationAtIndex):
973         (WebCore::ImageSource::orientationAtIndex):
974         (WebCore::ImageSource::createFrameImageAtIndex):
975         These are wrappers for the ImageDecoder APIs. The purpose of these functions
976         is to ensure the ImageDecoder is created.
977         
978         (WebCore::ImageSource::dump): Called from BitmapImage::dump().
979         
980         (WebCore::ImageSource::getHotSpot): Deleted.
981         
982         * platform/graphics/ImageSource.h:
983         (WebCore::ImageSource::setAllowSubsampling): Called from BitmapImage::setAllowSubsampling().
984         
985         (WebCore::ImageSource::maxPixelsPerDecodedImage): Deleted.
986         (WebCore::ImageSource::setMaxPixelsPerDecodedImage): Deleted.
987         Setting maxPixelsPerDecodedImage was moved to the non CG ImageDecoder.
988         
989         * platform/graphics/cg/ImageDecoderCG.cpp:
990         (WebCore::ImageDecoder::setData): Change SharedBuffer* to SharedBuffer&.
991
992         (WebCore::ImageDecoder::subsamplingLevelForScale): Deleted.
993         The code was moved to ImageSource::subsamplingLevelForScale().
994         
995         * platform/graphics/cg/ImageDecoderCG.h:
996         (WebCore::ImageDecoder::create): Make the prototype of this function
997         suitable for CG and non CG cases.
998         (WebCore::ImageDecoder::clearFrameBufferCache): Empty functions for CG.
999         
1000         * platform/graphics/cg/ImageSourceCG.cpp: Removed.
1001         
1002         * platform/image-decoders/ImageDecoder.cpp:
1003         (WebCore::ImageDecoder::frameIsCompleteAtIndex): A mew function to return
1004         whether the frame decoding is complete or not.
1005         
1006         (WebCore::ImageDecoder::frameHasAlphaAtIndex): Simplify the logic.
1007         
1008         (WebCore::ImageDecoder::frameDurationAtIndex): The code was moved from
1009         ImageSource::frameDurationAtIndex() in ImageSource.cpp.
1010         
1011         (WebCore::ImageDecoder::createFrameImageAtIndex): The code was moved from
1012         ImageSource::createFrameImageAtIndex() in ImageSource.cpp.
1013         
1014         * platform/image-decoders/ImageDecoder.h:
1015         (WebCore::ImageDecoder::ImageDecoder): Initialize the members in class.
1016         (WebCore::ImageDecoder::~ImageDecoder): Fix the braces style.
1017         (WebCore::ImageDecoder::setData): Change the type of the argument from
1018         SharedBuffer* to SharedBuffer&.
1019         (WebCore::ImageDecoder::frameSizeAtIndex): Add the argument SubsamplingLevel
1020         so it can have the same prototype as CG.
1021         (WebCore::ImageDecoder::orientationAtIndex): Rename it to the same of CG.
1022         
1023         (WebCore::ImageDecoder::allowSubsamplingOfFrameAtIndex):
1024         (WebCore::ImageDecoder::bytesDecodedToDetermineProperties):
1025         (WebCore::ImageDecoder::subsamplingLevelForScale): Add these functions
1026         and return the default values so we do not have to add directive compiled
1027         non CG blocks in ImageSource.cpp.
1028
1029         (WebCore::ImageDecoder::hotSpot): Return Optional<IntPoint>.
1030         
1031         (WebCore::ImageDecoder::orientation): Deleted.
1032         (WebCore::ImageDecoder::setMaxNumPixels): Deleted.
1033         
1034         * platform/image-decoders/bmp/BMPImageDecoder.cpp:
1035         (WebCore::BMPImageDecoder::setData):
1036         * platform/image-decoders/bmp/BMPImageDecoder.h:
1037         * platform/image-decoders/gif/GIFImageDecoder.cpp:
1038         (WebCore::GIFImageDecoder::setData):
1039         (WebCore::GIFImageDecoder::decode):
1040         * platform/image-decoders/gif/GIFImageDecoder.h:
1041         * platform/image-decoders/gif/GIFImageReader.h:
1042         (GIFImageReader::setData):
1043         * platform/image-decoders/ico/ICOImageDecoder.cpp:
1044         (WebCore::ICOImageDecoder::setData):
1045         Use reference SharedBuffer instead of pointer SharedBuffer.
1046         
1047         (WebCore::ICOImageDecoder::hotSpot):
1048         (WebCore::ICOImageDecoder::hotSpotAtIndex):
1049         Change hotSpot() to return Optional<IntPoint>.
1050         * platform/image-decoders/ico/ICOImageDecoder.h:
1051                 
1052         (WebCore::ICOImageDecoder::setDataForPNGDecoderAtIndex):
1053         Pass reference SharedBuffer instead of pointer SharedBuffer.
1054
1055 2016-04-08  Said Abou-Hallawa  <sabouhallawa@apple,com>
1056
1057         Timing attack on SVG feComposite filter circumvents same-origin policy
1058         https://bugs.webkit.org/show_bug.cgi?id=154338
1059
1060         Reviewed by Oliver Hunt.
1061
1062         Ensure the FEComposite arithmetic filter is clamping the resulted color
1063         components in a constant time.
1064
1065         * platform/graphics/filters/FEComposite.cpp:
1066         (WebCore::clampByte):
1067         (WebCore::computeArithmeticPixels):
1068
1069 2016-04-11  Brady Eidson  <beidson@apple.com>
1070
1071         Clean up IDBBindingUtilities.
1072         https://bugs.webkit.org/show_bug.cgi?id=156472
1073
1074         Reviewed by Alex Christensen.
1075
1076         No new tests (No change in behavior).
1077
1078         - Get rid of a whole bunch of unused functions (since we got rid of Legacy IDB).
1079         - Make more functions deal in ExecState/ScriptExecutionContexts instead of DOMRequestState.
1080         - Make more functions deal in JSValue instead of Deprecated::ScriptValue.
1081
1082         * bindings/scripts/IDLAttributes.txt: Add a new attribute to signify that an implementation returns
1083           JSValues instead of Deprecated::ScriptState
1084         * bindings/scripts/CodeGeneratorJS.pm:
1085         (NativeToJSValue): Use that new attribute.
1086         
1087         * Modules/indexeddb/IDBAny.cpp:
1088         (WebCore::IDBAny::IDBAny):
1089         (WebCore::IDBAny::scriptValue):
1090         * Modules/indexeddb/IDBAny.h:
1091         (WebCore::IDBAny::create):
1092         * Modules/indexeddb/IDBCursor.cpp:
1093         (WebCore::IDBCursor::key):
1094         (WebCore::IDBCursor::primaryKey):
1095         (WebCore::IDBCursor::value):
1096         (WebCore::IDBCursor::update):
1097         (WebCore::IDBCursor::continueFunction):
1098         (WebCore::IDBCursor::deleteFunction):
1099         (WebCore::IDBCursor::setGetResult):
1100         * Modules/indexeddb/IDBCursor.h:
1101         * Modules/indexeddb/IDBCursor.idl:
1102         * Modules/indexeddb/IDBCursorWithValue.idl:
1103         * Modules/indexeddb/IDBFactory.cpp:
1104         (WebCore::IDBFactory::cmp):
1105         * Modules/indexeddb/IDBIndex.cpp:
1106         (WebCore::IDBIndex::count):
1107         (WebCore::IDBIndex::get):
1108         (WebCore::IDBIndex::getKey):
1109         * Modules/indexeddb/IDBKeyRange.cpp:
1110         (WebCore::IDBKeyRange::lowerValue):
1111         (WebCore::IDBKeyRange::upperValue):
1112         (WebCore::IDBKeyRange::only):
1113         (WebCore::IDBKeyRange::lowerBound):
1114         (WebCore::IDBKeyRange::upperBound):
1115         (WebCore::IDBKeyRange::bound):
1116         * Modules/indexeddb/IDBKeyRange.h:
1117         * Modules/indexeddb/IDBKeyRange.idl:
1118         * Modules/indexeddb/IDBObjectStore.cpp:
1119         (WebCore::IDBObjectStore::get):
1120         (WebCore::IDBObjectStore::modernDelete):
1121         (WebCore::IDBObjectStore::count):
1122         * Modules/indexeddb/IDBRequest.cpp:
1123         (WebCore::IDBRequest::setResult):
1124         (WebCore::IDBRequest::setResultToStructuredClone):
1125         * Modules/indexeddb/server/MemoryObjectStore.cpp:
1126         (WebCore::IDBServer::MemoryObjectStore::updateIndexesForPutRecord):
1127         (WebCore::IDBServer::MemoryObjectStore::populateIndexWithExistingRecords):
1128         * bindings/js/IDBBindingUtilities.cpp:
1129         (WebCore::idbKeyPathFromValue):
1130         (WebCore::deserializeIDBValueDataToJSValue):
1131         (WebCore::scriptValueToIDBKey):
1132         (WebCore::idbKeyDataToScriptValue):
1133         (WebCore::idbKeyDataToJSValue): Deleted.
1134         (WebCore::injectIDBKeyIntoScriptValue): Deleted.
1135         (WebCore::createIDBKeyFromScriptValueAndKeyPath): Deleted.
1136         (WebCore::maybeCreateIDBKeyFromScriptValueAndKeyPath): Deleted.
1137         (WebCore::canInjectIDBKeyIntoScriptValue): Deleted.
1138         (WebCore::deserializeIDBValue): Deleted.
1139         (WebCore::deserializeIDBValueData): Deleted.
1140         (WebCore::deserializeIDBValueBuffer): Deleted.
1141         (WebCore::idbValueDataToJSValue): Deleted.
1142         (WebCore::idbKeyToScriptValue): Deleted.
1143         * bindings/js/IDBBindingUtilities.h:
1144         * bindings/js/JSIDBAnyCustom.cpp:
1145         (WebCore::toJS):
1146         * bindings/js/JSIDBDatabaseCustom.cpp:
1147         (WebCore::JSIDBDatabase::createObjectStore):
1148         * bindings/js/JSIDBObjectStoreCustom.cpp:
1149         (WebCore::JSIDBObjectStore::createIndex):
1150         * dom/ScriptExecutionContext.cpp:
1151         (WebCore::ScriptExecutionContext::execState):
1152         * dom/ScriptExecutionContext.h:
1153         * inspector/InspectorIndexedDBAgent.cpp:
1154
1155 2016-04-09  Gavin Barraclough  <barraclough@apple.com>
1156
1157         WebKit should adopt journal_mode=wal for all SQLite databases.
1158         https://bugs.webkit.org/show_bug.cgi?id=133496
1159
1160         Reviewed by Darin Adler.
1161
1162         The statement intended to enable WAL mode is always failing because it is missing a
1163         prepare(). Fix this. We were also previously permitting SQLITE_OK results - this
1164         was in error (we were only getting these because stepping the unprepared statement
1165         returned SQLITE_OK). Also set the SQLITE_OPEN_AUTOPROXY flag when opening the
1166         database - this will improve perfomance when the database is accessed via an AFP
1167         mount.
1168
1169         This exposed a bug, that deleteAllDatabases does not actually delete the databases on
1170         iOS, for testing to reset back to a known state between tests it should be doing so.
1171
1172         * Modules/webdatabase/DatabaseTracker.cpp:
1173         (WebCore::DatabaseTracker::deleteAllDatabases):
1174             - force databases to actually be deleted on iOS.
1175               This method is only used from testing code (DumpRenderTree / WebKitTestRunner).
1176         (WebCore::DatabaseTracker::deleteOrigin):
1177             - added IOSDeletionMode.
1178         (WebCore::DatabaseTracker::deleteDatabaseFile):
1179             - added IOSDeletionMode, modified to actually delete if this is set.
1180         * Modules/webdatabase/DatabaseTracker.h:
1181             - added IOSDeletionMode.
1182         * platform/sql/SQLiteDatabase.cpp:
1183         (WebCore::SQLiteDatabase::open):
1184             - call prepareAndStep(), only check for SQLITE_ROW result.
1185         * platform/sql/SQLiteFileSystem.cpp:
1186         (WebCore::SQLiteFileSystem::openDatabase):
1187             - should set SQLITE_OPEN_AUTOPROXY flag when opening database.
1188
1189 2016-04-11  Zalan Bujtas  <zalan@apple.com>
1190
1191         Simplify InlineTextBox::selectionStartEnd()
1192         https://bugs.webkit.org/show_bug.cgi?id=156459
1193
1194         Reviewed by Darin Adler.
1195
1196         No change in functionality.
1197
1198         * rendering/InlineTextBox.cpp:
1199         (WebCore::InlineTextBox::selectionState):
1200         (WebCore::InlineTextBox::paint):
1201         (WebCore::InlineTextBox::selectionStartEnd):
1202         (WebCore::InlineTextBox::paintSelection):
1203         (WebCore::InlineTextBox::paintCompositionBackground):
1204         * rendering/InlineTextBox.h:
1205         * rendering/svg/SVGInlineTextBox.cpp:
1206         (WebCore::SVGInlineTextBox::paintSelectionBackground):
1207         (WebCore::SVGInlineTextBox::paintText):
1208
1209 2016-04-11  Zalan Bujtas  <zalan@apple.com>
1210
1211         REGRESSION (r193857): Text selection causes text to disappear.
1212         https://bugs.webkit.org/show_bug.cgi?id=156448
1213         rdar://problem/25578952
1214
1215         Reviewed by Simon Fraser.
1216
1217         Apparently when the end position of the selection range is smaller than the start position, we need
1218         to repaint the entire text as it indicates selection clearing.
1219
1220         Test: fast/text/text-disappear-on-deselect.html
1221
1222         * rendering/TextPainter.cpp:
1223         (WebCore::TextPainter::paintText):
1224
1225 2016-04-05  Oliver Hunt  <oliver@apple.com>
1226
1227         Remove compile time define for SEPARATED_HEAP
1228         https://bugs.webkit.org/show_bug.cgi?id=155508
1229
1230         Reviewed by Mark Lam.
1231
1232         * Configurations/FeatureDefines.xcconfig:
1233
1234 2016-04-11  Chris Dumez  <cdumez@apple.com>
1235
1236         Merge AttributedDOMTokenList into DOMTokenList
1237         https://bugs.webkit.org/show_bug.cgi?id=156468
1238
1239         Reviewed by Ryosuke Niwa.
1240
1241         Merge AttributedDOMTokenList into DOMTokenList to simplify the code.
1242         DOMTokenList is not constructible and AttributedDOMTokenList is its
1243         only constructible subclass after r196123.
1244
1245         * CMakeLists.txt:
1246         * WebCore.xcodeproj/project.pbxproj:
1247         * dom/Element.cpp:
1248         (WebCore::Element::classList):
1249         * dom/ElementRareData.h:
1250         (WebCore::ElementRareData::classList):
1251         (WebCore::ElementRareData::setClassList):
1252         * html/AttributeDOMTokenList.cpp: Removed.
1253         * html/AttributeDOMTokenList.h: Removed.
1254         * html/DOMTokenList.cpp:
1255         (WebCore::DOMTokenList::DOMTokenList):
1256         (WebCore::DOMTokenList::attributeValueChanged):
1257         (WebCore::DOMTokenList::updateAfterTokenChange):
1258         * html/DOMTokenList.h:
1259         (WebCore::DOMTokenList::ref):
1260         (WebCore::DOMTokenList::deref):
1261         (WebCore::DOMTokenList::element):
1262         (WebCore::DOMTokenList::~DOMTokenList): Deleted.
1263         (WebCore::DOMTokenList::updateAfterTokenChange): Deleted.
1264         * html/HTMLAnchorElement.cpp:
1265         (WebCore::HTMLAnchorElement::relList):
1266         * html/HTMLAnchorElement.h:
1267         * html/HTMLIFrameElement.cpp:
1268         (WebCore::HTMLIFrameElement::sandbox):
1269         * html/HTMLIFrameElement.h:
1270         * html/HTMLLinkElement.cpp:
1271         (WebCore::HTMLLinkElement::sizes):
1272         (WebCore::HTMLLinkElement::relList):
1273         * html/HTMLLinkElement.h:
1274         * html/HTMLOutputElement.cpp:
1275         (WebCore::HTMLOutputElement::htmlFor):
1276         * html/HTMLOutputElement.h:
1277
1278 2016-04-11  Chris Dumez  <cdumez@apple.com>
1279
1280         DOMTokenList.contains() should not throw
1281         https://bugs.webkit.org/show_bug.cgi?id=156453
1282
1283         Reviewed by Ryosuke Niwa.
1284
1285         DOMTokenList.contains() should not throw if the input token is invalid:
1286         https://github.com/whatwg/dom/commit/6d3076e3cbcba662489b272a718bc6b8c0082a74
1287
1288         We now return false in such cases, instead of throwing, which should be
1289         safe with regards to backward compatibility.
1290
1291         No new tests, already covered by existing tests.
1292
1293         * html/DOMTokenList.cpp:
1294         (WebCore::DOMTokenList::contains):
1295         * html/DOMTokenList.h:
1296         * html/DOMTokenList.idl:
1297
1298 2016-04-11  Frederic Wang  <fwang@igalia.com>
1299
1300         Refactor RenderMathMLFraction layout to avoid using flexbox
1301         https://bugs.webkit.org/show_bug.cgi?id=153917
1302
1303         Reviewed by Sergio Villar Senin.
1304
1305         Based on a patch by Alejandro G. Castro <alex@igalia.com>
1306
1307         Implement the layoutBlock method to handle the layout calculations
1308         directly in the class. This also fixes parsing of absolute values for
1309         linethickness attribute (e.g. 10px) and adds support for the AxisHeight
1310         and FractionRuleThickness MATH parameters.
1311
1312         Test: mathml/opentype/fraction-line.html
1313
1314         * accessibility/AccessibilityRenderObject.cpp:
1315         (WebCore::AccessibilityRenderObject::mathLineThickness): Use the thickness relative to the
1316         default line thickness since that's really what is expected by mathml-line-fraction.html
1317         * css/mathml.css: Remove flexbox properties for mfrac.
1318         (mfrac): Deleted.
1319         (mfrac > *): Deleted.
1320         (mfrac[numalign="left"] > :first-child): Deleted.
1321         (mfrac[numalign="right"] > :first-child): Deleted.
1322         (mfrac[denomalign="left"] > :last-child): Deleted.
1323         (mfrac[denomalign="right"] > :last-child): Deleted.
1324         (mfrac > :first-child): Deleted.
1325         (mfrac > :last-child): Deleted.
1326         (mfrac): Deleted.
1327         * rendering/mathml/RenderMathMLBlock.cpp: Introduce a helper function to retrieve the math
1328         axis height.
1329         (WebCore::RenderMathMLBlock::mathAxisHeight):
1330         * rendering/mathml/RenderMathMLBlock.h: Declare mathAxisHeight.
1331         * rendering/mathml/RenderMathMLFraction.cpp:
1332         (WebCore::RenderMathMLFraction::RenderMathMLFraction):
1333         (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Helper function to parse the align
1334         attribute.
1335         (WebCore::RenderMathMLFraction::isValid): Helper function to verify whether the child list
1336         is valid with respect to the MathML specificitation.
1337         (WebCore::RenderMathMLFraction::numerator): Helper function to retrieve the numerator.
1338         (WebCore::RenderMathMLFraction::denominator): Helper function to retrieve the denominator.
1339         (WebCore::RenderMathMLFraction::updateFromElement): Use the FractionRuleThickness parameter
1340         when avaiable to calculate the default linethickness.
1341         Fix computation of linethickness for absolute values (e.g. 10px), the default linethickness
1342         must not be involved for such values.
1343         We no longer need to manage style of anonymous wrappers.
1344         (WebCore::RenderMathMLFraction::unembellishedOperator): Use the helper function and we no
1345         longer care about anonymous wrappers.
1346         (WebCore::RenderMathMLFraction::computePreferredLogicalWidths): Implement this function
1347         without using flexbox.
1348         (WebCore::RenderMathMLFraction::horizontalOffset): Helper function to get the horizontal
1349         offsets of children depending of the alignment.
1350         (WebCore::RenderMathMLFraction::layoutBlock): Implement this function without using flexbox.
1351         (WebCore::RenderMathMLFraction::paint): Do not paint if the fraction is invalid. Use helper
1352         function. Use the width of the renderer (instead of the one of the denominator) as the
1353         length of the fraction bar.
1354         (WebCore::RenderMathMLFraction::firstLineBaseline): Use the helper functions to get children
1355         and axis height.
1356         (WebCore::RenderMathMLFraction::paintChildren): Temporary function to remove in a
1357         follow-up patch.
1358         (WebCore::RenderMathMLFraction::fixChildStyle): Deleted. We no longer need to manage style
1359         of anonymous wrappers.
1360         (WebCore::RenderMathMLFraction::addChild): Deleted. We no longer need to manage
1361         anonymous wrappers.
1362         (WebCore::RenderMathMLFraction::styleDidChange): We no longer need to manage style of
1363         anonymous wrappers.
1364         (WebCore::RenderMathMLFraction::layout): Deleted.
1365         * rendering/mathml/RenderMathMLFraction.h: Replace lineThickness with relativeLineThickness,
1366         as needed by the accessibility code. Update function and members declarations.
1367
1368 2016-04-11  Commit Queue  <commit-queue@webkit.org>
1369
1370         Unreviewed, rolling out r199290.
1371         https://bugs.webkit.org/show_bug.cgi?id=156465
1372
1373         broke 300 tests (Requested by mcatanzaro on #webkit).
1374
1375         Reverted changeset:
1376
1377         "Merge CG ImageSource and non CG ImageSource implementation in
1378         one file"
1379         https://bugs.webkit.org/show_bug.cgi?id=155456
1380         http://trac.webkit.org/changeset/199290
1381
1382 2016-04-11  Frederic Wang  <fwang@igalia.com>
1383
1384         Refactor RenderMathMLUnderOver layout functions to avoid using flexbox
1385         https://bugs.webkit.org/show_bug.cgi?id=153742
1386
1387         Reviewed by Sergio Villar Senin.
1388
1389         Based on a patch by Javier Fernandez <jfernandez@igalia.com>
1390
1391         Refactor the UnderOver renderer to use its own layoutBlock method that
1392         does all the layout calculations without considering the flexbox
1393         restrictions.
1394
1395         * css/mathml.css:
1396         (mo, mfrac, munder, mover, munderover): Delete the underover elements from the line defining
1397         the column direction.
1398         (munder, mover, munderover): Deleted. This flexbox property is no longer needed.
1399         (mover > :last-child, munderover > :last-child): Deleted. This flexbox property is no longer
1400         needed.
1401         * rendering/mathml/RenderMathMLUnderOver.cpp:
1402         (WebCore::RenderMathMLUnderOver::firstLineBaseline): Use ascentForChild.
1403         (WebCore::RenderMathMLUnderOver::computeOperatorsHorizontalStretch): Avoid stretching
1404         operators that are not stretchy.
1405         (WebCore::RenderMathMLUnderOver::isValid): Helper function to ensure that the child list is
1406         valid with respect to the MathML specification.
1407         (WebCore::RenderMathMLUnderOver::base): Added. Helper function.
1408         (WebCore::RenderMathMLUnderOver::under): Added. Helper function.
1409         (WebCore::RenderMathMLUnderOver::over): Added. Helper function.
1410         (WebCore::RenderMathMLUnderOver::computePreferredLogicalWidths): Added.
1411         The preferred width is the maximum preferred width of the base, under and over scripts.
1412         (WebCore::RenderMathMLUnderOver::horizontalOffset): Added, helper to calculate the
1413         horizontal position of children (horizontally centered).
1414         (WebCore::RenderMathMLUnderOver::layoutBlock): Added, it lays out the base, underscript and
1415         overscript. It calculates the exact logical width, which may differ from the preferred width when
1416         one child contains stretchy operators. It later sets the locations of children accordingly
1417         and sets the heigth of the render element.
1418         (WebCore::RenderMathMLUnderOver::paintChildren): Added, we have to use the usual traverse
1419         instead of the one that comes from the flexbox. This will be removed in a follow-up patch.
1420         (WebCore::RenderMathMLUnderOver::layout): Deleted.
1421         * rendering/mathml/RenderMathMLUnderOver.h: Added new functions definitions.
1422
1423 2016-04-07  Carlos Garcia Campos  <cgarcia@igalia.com>
1424
1425         [GTK] Rework the theming code for GTK+ 3.20
1426         https://bugs.webkit.org/show_bug.cgi?id=156333
1427
1428         Reviewed by Michael Catanzaro.
1429
1430         During the 3.19 GTK+ release cycle, the GTK+ css system was reworked, making themes and programs rendering
1431         themed widgets, incompatible with the new system. We were trying to fix our rendering every time GTK+ broke
1432         something, but we were just changing whatever it was needed to make our rendering look like current GTK+ with
1433         the default theme Adwaita. This means that our rendering will be broken for other themes or that changes in
1434         Adwaita can break our rendering. This solution was good enough to ensure WebKitGTK+ 2.12 looked good with GTK+
1435         3.20, but it doesn't work in the long term. We need to ensure that our theming code honors the new GTK+ CSS
1436         properties (max-width, min-width, margin, padding, border, ...) in all the cases, not only the cases where
1437         Adwaita uses them like we currently do.
1438         This patch splits all rendering methods to keep the current code for previous GTK+ versions and adds new code
1439         for GTK+ >= 3.20 using the new RenderThemeGadget classes. This makes the code easier to read, since there aren't
1440         ifdef blocks in the functions, and we ensure we don't break previous rendering.
1441
1442         * PlatformGTK.cmake: Add new files to compilation.
1443         * html/shadow/SpinButtonElement.cpp:
1444         (WebCore::SpinButtonElement::defaultEventHandler): Check the button layout used by the theme to decide the
1445         current buttons state.
1446         * platform/gtk/RenderThemeGadget.cpp: Added.
1447         (WebCore::RenderThemeGadget::create):
1448         (WebCore::createStyleContext):
1449         (WebCore::appendElementToPath):
1450         (WebCore::RenderThemeGadget::RenderThemeGadget):
1451         (WebCore::RenderThemeGadget::~RenderThemeGadget):
1452         (WebCore::RenderThemeGadget::marginBox):
1453         (WebCore::RenderThemeGadget::borderBox):
1454         (WebCore::RenderThemeGadget::paddingBox):
1455         (WebCore::RenderThemeGadget::contentsBox):
1456         (WebCore::RenderThemeGadget::color):
1457         (WebCore::RenderThemeGadget::backgroundColor):
1458         (WebCore::RenderThemeGadget::minimumSize):
1459         (WebCore::RenderThemeGadget::preferredSize):
1460         (WebCore::RenderThemeGadget::render):
1461         (WebCore::RenderThemeGadget::renderFocus):
1462         (WebCore::RenderThemeBoxGadget::RenderThemeBoxGadget):
1463         (WebCore::RenderThemeTextFieldGadget::RenderThemeTextFieldGadget):
1464         (WebCore::RenderThemeTextFieldGadget::minimumSize):
1465         (WebCore::RenderThemeToggleGadget::RenderThemeToggleGadget):
1466         (WebCore::RenderThemeToggleGadget::render):
1467         (WebCore::RenderThemeArrowGadget::RenderThemeArrowGadget):
1468         (WebCore::RenderThemeArrowGadget::render):
1469         (WebCore::RenderThemeIconGadget::RenderThemeIconGadget):
1470         (WebCore::RenderThemeIconGadget::gtkIconSizeForPixelSize):
1471         (WebCore::RenderThemeIconGadget::render):
1472         (WebCore::RenderThemeIconGadget::minimumSize):
1473         * platform/gtk/RenderThemeGadget.h: Added.
1474         (WebCore::RenderThemeGadget::context):
1475         * rendering/RenderTheme.h:
1476         (WebCore::RenderTheme::innerSpinButtonLayout): Added this method to allow themes use a different layout for the
1477         buttons.
1478         * rendering/RenderThemeGtk.cpp:
1479         (WebCore::themeChangedCallback): Just moved this code to a common place.
1480         (WebCore::RenderThemeGtk::RenderThemeGtk): Initialize the theme monitor in the constructor.
1481         (WebCore::createStyleContext): Remove the render parts that are specific to GTK+ 3.20.
1482         (WebCore::RenderThemeGtk::adjustRepaintRect): Moved inside a GTK+ < 3.20 ifdef block.
1483         (WebCore::themePartStateFlags): Helper function to get the GtkStateFlags of a theme part for a given RenderObject.
1484         (WebCore::shrinkToMinimumSizeAndCenterRectangle): Move this common code to a helper function.
1485         (WebCore::setToggleSize):
1486         (WebCore::paintToggle):
1487         (WebCore::RenderThemeGtk::paintButton):
1488         (WebCore::RenderThemeGtk::popupInternalPaddingBox):
1489         (WebCore::RenderThemeGtk::paintMenuList):
1490         (WebCore::RenderThemeGtk::adjustTextFieldStyle): For GTK+ 3.20 we need to ensure a minimum size for spin buttons,
1491         so if the text field is for a spin button, we adjust the desired size here.
1492         (WebCore::RenderThemeGtk::paintTextField): In GTK+ 3.20 the CSS gadgets used to render spin buttons are
1493         different, so we check here if this is the entry of a spin button to use the right gadgets.
1494         (WebCore::adjustSearchFieldIconStyle):
1495         (WebCore::RenderThemeGtk::paintTextArea):
1496         (WebCore::RenderThemeGtk::adjustSearchFieldResultsButtonStyle):
1497         (WebCore::RenderThemeGtk::paintSearchFieldResultsButton):
1498         (WebCore::RenderThemeGtk::adjustSearchFieldResultsDecorationPartStyle):
1499         (WebCore::RenderThemeGtk::adjustSearchFieldCancelButtonStyle):
1500         (WebCore::paintSearchFieldIcon):
1501         (WebCore::RenderThemeGtk::paintSearchFieldResultsDecorationPart):
1502         (WebCore::RenderThemeGtk::paintSearchFieldCancelButton):
1503         (WebCore::centerRectVerticallyInParentInputElement): Moved inside a GTK+ < 3.20 ifdef block.
1504         (WebCore::RenderThemeGtk::paintSliderTrack):
1505         (WebCore::RenderThemeGtk::adjustSliderThumbSize):
1506         (WebCore::RenderThemeGtk::paintSliderThumb):
1507         (WebCore::RenderThemeGtk::progressBarRectForBounds): Ensure a minimum size of progress bars in GTK+ 3.20.
1508         (WebCore::RenderThemeGtk::paintProgressBar):
1509         (WebCore::RenderThemeGtk::innerSpinButtonLayout): Use an horizontal layout for spin buttons.
1510         (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):
1511         (WebCore::RenderThemeGtk::paintInnerSpinButton):
1512         (WebCore::styleColor):
1513         (WebCore::RenderThemeGtk::paintMediaButton):
1514         * rendering/RenderThemeGtk.h:
1515
1516 2016-04-11  Antti Koivisto  <antti@apple.com>
1517
1518         Implement functional :host() pseudo class
1519         https://bugs.webkit.org/show_bug.cgi?id=156397
1520         <rdar://problem/25621445>
1521
1522         Reviewed by Darin Adler.
1523
1524         We already support :host. Add functional syntax too.
1525
1526         * css/CSSGrammar.y.in:
1527
1528             Parse functional :host().
1529
1530         * css/CSSParser.cpp:
1531         (WebCore::CSSParser::detectFunctionTypeToken):
1532         * css/CSSParserValues.cpp:
1533         (WebCore::CSSParserSelector::parsePseudoClassHostFunctionSelector):
1534         * css/CSSParserValues.h:
1535         * css/ElementRuleCollector.cpp:
1536         (WebCore::ElementRuleCollector::matchedRuleList):
1537         (WebCore::ElementRuleCollector::addMatchedRule):
1538
1539             Factor some shared code here.
1540
1541         (WebCore::ElementRuleCollector::matchHostPseudoClassRules):
1542
1543             Instead of using the generic paths use a :host specific code path for matching.
1544             This makes it easier to avoid :host matching when it shouldn't.
1545
1546         (WebCore::ElementRuleCollector::collectMatchingRulesForList):
1547         * css/ElementRuleCollector.h:
1548         * css/RuleSet.cpp:
1549         (WebCore::computeMatchBasedOnRuleHash):
1550
1551             :host is always handled by the special matching path.
1552
1553         * css/SelectorChecker.cpp:
1554         (WebCore::SelectorChecker::match):
1555         (WebCore::SelectorChecker::matchHostPseudoClass):
1556
1557             Add a function specifically for checking :host. In always fails on the normal code paths.
1558             Check the argument selector if provided.
1559
1560         (WebCore::hasScrollbarPseudoElement):
1561         * css/SelectorChecker.h:
1562
1563 2016-04-11  Said Abou-Hallawa  <sabouhallawa@apple,com>
1564
1565         Merge CG ImageSource and non CG ImageSource implementation in one file
1566         https://bugs.webkit.org/show_bug.cgi?id=155456
1567
1568         Reviewed by Darin Adler.
1569
1570         ImageSource for CG and CG code paths look very similar. All the platform
1571         specific code can be moved to ImageDecoder classes for CG and non CG. And
1572         we can have the ImageSource be platform independent and we get rid of
1573         ImageSourceCG.cpp.
1574
1575         Test: fast/images/image-subsampling.html
1576
1577         * CMakeLists.txt:
1578         * PlatformAppleWin.cmake:
1579         * PlatformMac.cmake:
1580         * WebCore.xcodeproj/project.pbxproj:
1581         Delete ImageSourceCG.cpp form all make files and add ImageSource.cpp to
1582         CMakeLists.txt.
1583         
1584         * platform/Cursor.cpp:
1585         (WebCore::determineHotSpot):
1586         * platform/graphics/BitmapImage.cpp:
1587         (WebCore::BitmapImage::hotSpot):
1588         (WebCore::BitmapImage::getHotSpot): Deleted.
1589         * platform/graphics/BitmapImage.h:
1590         * platform/graphics/Image.h:
1591         (WebCore::Image::hotSpot):
1592         (WebCore::Image::getHotSpot): Deleted.
1593         Rename getHotSpot() to hotSpot() and change it to return Optional<IntPoint>.
1594         
1595         * platform/graphics/ImageSource.cpp:
1596         (WebCore::ImageSource::~ImageSource): Remove clear(true) call. It does nothing.
1597         (WebCore::ImageSource::clearFrameBufferCache): A wrapper which calls ImageDecoder::clearFrameBufferCache().
1598         (WebCore::ImageSource::clear): Calls clearFrameBufferCache() which will do nothing for CG.
1599         
1600         (WebCore::ImageSource::ensureDecoderIsCreated): Change SharedBuffer* to
1601         const SharedBuffer& and remove the call to ImageDecoder::setMaxNumPixels().
1602         The value of const static int CG ImageDecoder::m_maxNumPixels will be set
1603         based on IMAGE_DECODER_DOWN_SAMPLING.
1604         
1605         (WebCore::ImageSource::setData): Pass SharedBuffer& to the underlying functions.
1606         
1607         (WebCore::ImageSource::calculateMaximumSubsamplingLevel): Returns the maximum
1608         subsampling level allowed for an image.
1609         
1610         (WebCore::ImageSource::subsamplingLevelForScale): Converts from a scale to
1611         SubsamplingLevel taking into consideration the maximumSubsamplingLevel for
1612         a particular image.
1613         
1614         (WebCore::ImageSource::bytesDecodedToDetermineProperties): Returns the number
1615         of encoded bytes which can determine the image properties. For non CG it's
1616         zero. For CG it is a maximum value which can be corrected later.
1617         
1618         (WebCore::ImageSource::isSizeAvailable):
1619         (WebCore::ImageSource::sizeRespectingOrientation):
1620         (WebCore::ImageSource::frameCount):
1621         (WebCore::ImageSource::repetitionCount):
1622         (WebCore::ImageSource::filenameExtension):
1623         (WebCore::ImageSource::getHotSpot):
1624         (WebCore::ImageSource::frameIsCompleteAtIndex):
1625         (WebCore::ImageSource::frameHasAlphaAtIndex):
1626         (WebCore::ImageSource::allowSubsamplingOfFrameAtIndex):
1627         (WebCore::ImageSource::frameSizeAtIndex):
1628         (WebCore::ImageSource::frameBytesAtIndex):
1629         (WebCore::ImageSource::frameDurationAtIndex):
1630         (WebCore::ImageSource::orientationAtIndex):
1631         (WebCore::ImageSource::createFrameImageAtIndex):
1632         These are wrappers for the ImageDecoder APIs. The purpose of these functions
1633         is to ensure the ImageDecoder is created.
1634         
1635         (WebCore::ImageSource::dump): Called from BitmapImage::dump().
1636         
1637         (WebCore::ImageSource::getHotSpot): Deleted.
1638         
1639         * platform/graphics/ImageSource.h:
1640         (WebCore::ImageSource::setAllowSubsampling): Called from BitmapImage::setAllowSubsampling().
1641         
1642         (WebCore::ImageSource::maxPixelsPerDecodedImage): Deleted.
1643         (WebCore::ImageSource::setMaxPixelsPerDecodedImage): Deleted.
1644         Setting maxPixelsPerDecodedImage was moved to the non CG ImageDecoder.
1645         
1646         * platform/graphics/cg/ImageDecoderCG.cpp:
1647         (WebCore::ImageDecoder::setData): Change SharedBuffer* to SharedBuffer&.
1648
1649         (WebCore::ImageDecoder::subsamplingLevelForScale): Deleted.
1650         The code was moved to ImageSource::subsamplingLevelForScale().
1651         
1652         * platform/graphics/cg/ImageDecoderCG.h:
1653         (WebCore::ImageDecoder::create): Make the prototype of this function
1654         suitable for CG and non CG cases.
1655         (WebCore::ImageDecoder::clearFrameBufferCache): Empty functions for CG.
1656         
1657         * platform/graphics/cg/ImageSourceCG.cpp: Removed.
1658         
1659         * platform/image-decoders/ImageDecoder.cpp:
1660         (WebCore::ImageDecoder::frameIsCompleteAtIndex): A mew function to return
1661         whether the frame decoding is complete or not.
1662         
1663         (WebCore::ImageDecoder::frameHasAlphaAtIndex): Simplify the logic.
1664         
1665         (WebCore::ImageDecoder::frameDurationAtIndex): The code was moved from
1666         ImageSource::frameDurationAtIndex() in ImageSource.cpp.
1667         
1668         (WebCore::ImageDecoder::createFrameImageAtIndex): The code was moved from
1669         ImageSource::createFrameImageAtIndex() in ImageSource.cpp.
1670         
1671         * platform/image-decoders/ImageDecoder.h:
1672         (WebCore::ImageDecoder::ImageDecoder): Initialize the members in class.
1673         (WebCore::ImageDecoder::~ImageDecoder): Fix the braces style.
1674         (WebCore::ImageDecoder::setData): Change the type of the argument from
1675         SharedBuffer* to SharedBuffer&.
1676         (WebCore::ImageDecoder::frameSizeAtIndex): Add the argument SubsamplingLevel
1677         so it can have the same prototype as CG.
1678         (WebCore::ImageDecoder::orientationAtIndex): Rename it to the same of CG.
1679         
1680         (WebCore::ImageDecoder::allowSubsamplingOfFrameAtIndex):
1681         (WebCore::ImageDecoder::bytesDecodedToDetermineProperties):
1682         (WebCore::ImageDecoder::subsamplingLevelForScale): Add these functions
1683         and return the default values so we do not have to add directive compiled
1684         non CG blocks in ImageSource.cpp.
1685
1686         (WebCore::ImageDecoder::hotSpot): Return Optional<IntPoint>.
1687         
1688         (WebCore::ImageDecoder::orientation): Deleted.
1689         (WebCore::ImageDecoder::setMaxNumPixels): Deleted.
1690         
1691         * platform/image-decoders/bmp/BMPImageDecoder.cpp:
1692         (WebCore::BMPImageDecoder::setData):
1693         * platform/image-decoders/bmp/BMPImageDecoder.h:
1694         * platform/image-decoders/gif/GIFImageDecoder.cpp:
1695         (WebCore::GIFImageDecoder::setData):
1696         (WebCore::GIFImageDecoder::decode):
1697         * platform/image-decoders/gif/GIFImageDecoder.h:
1698         * platform/image-decoders/gif/GIFImageReader.h:
1699         (GIFImageReader::setData):
1700         * platform/image-decoders/ico/ICOImageDecoder.cpp:
1701         (WebCore::ICOImageDecoder::setData):
1702         Use reference SharedBuffer instead of pointer SharedBuffer.
1703         
1704         (WebCore::ICOImageDecoder::hotSpot):
1705         (WebCore::ICOImageDecoder::hotSpotAtIndex):
1706         Change hotSpot() to return Optional<IntPoint>.
1707         * platform/image-decoders/ico/ICOImageDecoder.h:
1708                 
1709         (WebCore::ICOImageDecoder::setDataForPNGDecoderAtIndex):
1710         Pass reference SharedBuffer instead of pointer SharedBuffer.
1711
1712 2016-04-11  Fujii Hironori  <Hironori.Fujii@jp.sony.com>
1713
1714         [CMake] Make FOLDER property INHERITED
1715         https://bugs.webkit.org/show_bug.cgi?id=156460
1716
1717         Reviewed by Brent Fulgham.
1718
1719         * CMakeLists.txt:
1720         Set FOLDER property as a directory property not a target property
1721
1722 2016-04-10  Sam Weinig  <sam@webkit.org>
1723
1724         Fix the build.
1725
1726         * platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:
1727         (WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker):
1728
1729 2016-04-08  Sam Weinig  <sam@webkit.org>
1730
1731         Remove support for custom target picker actions
1732         <rdar://problem/24987783>
1733         https://bugs.webkit.org/show_bug.cgi?id=156434
1734
1735         Reviewed by Eric Carlson.
1736
1737         This mostly entailed rolling out r197429 and r197569.
1738
1739         * Modules/mediasession/WebMediaSessionManager.cpp:
1740         (WebCore::WebMediaSessionManager::removeAllPlaybackTargetPickerClients):
1741         (WebCore::WebMediaSessionManager::showPlaybackTargetPicker):
1742         (WebCore::WebMediaSessionManager::clientStateDidChange):
1743         (WebCore::WebMediaSessionManager::externalOutputDeviceAvailableDidChange):
1744         (WebCore::WebMediaSessionManager::configureNewClients):
1745         (WebCore::WebMediaSessionManager::customPlaybackActionSelected): Deleted.
1746         * Modules/mediasession/WebMediaSessionManager.h:
1747         * Modules/mediasession/WebMediaSessionManagerClient.h:
1748         * dom/Document.cpp:
1749         (WebCore::Document::removePlaybackTargetPickerClient):
1750         (WebCore::Document::showPlaybackTargetPicker):
1751         (WebCore::Document::playbackTargetPickerClientStateDidChange):
1752         (WebCore::Document::setShouldPlayToPlaybackTarget):
1753         (WebCore::Document::customPlaybackActionSelected): Deleted.
1754         * dom/Document.h:
1755         * html/HTMLMediaElement.cpp:
1756         (WebCore::HTMLMediaElement::enqueuePlaybackTargetAvailabilityChangedEvent):
1757         (WebCore::HTMLMediaElement::setShouldPlayToPlaybackTarget):
1758         (WebCore::HTMLMediaElement::webkitCurrentPlaybackTargetIsWireless):
1759         (WebCore::HTMLMediaElement::customPlaybackActionSelected): Deleted.
1760         (WebCore::HTMLMediaElement::playbackTargetPickerCustomActionName): Deleted.
1761         * html/HTMLMediaElement.h:
1762         * html/MediaElementSession.cpp:
1763         (WebCore::MediaElementSession::showPlaybackTargetPicker):
1764         (WebCore::MediaElementSession::hasWirelessPlaybackTargets):
1765         (WebCore::MediaElementSession::setShouldPlayToPlaybackTarget):
1766         (WebCore::MediaElementSession::mediaStateDidChange):
1767         (WebCore::MediaElementSession::customPlaybackActionSelected): Deleted.
1768         * html/MediaElementSession.h:
1769         * page/ChromeClient.h:
1770         * page/Page.cpp:
1771         (WebCore::Page::removePlaybackTargetPickerClient):
1772         (WebCore::Page::showPlaybackTargetPicker):
1773         (WebCore::Page::setShouldPlayToPlaybackTarget):
1774         (WebCore::Page::ensureTestTrigger):
1775         (WebCore::Page::customPlaybackActionSelected): Deleted.
1776         * page/Page.h:
1777         (WebCore::Page::testTrigger):
1778         * platform/audio/PlatformMediaSession.h:
1779         (WebCore::PlatformMediaSessionClient::canPlayToWirelessPlaybackTarget):
1780         (WebCore::PlatformMediaSessionClient::isPlayingToWirelessPlaybackTarget):
1781         (WebCore::PlatformMediaSessionClient::setShouldPlayToPlaybackTarget):
1782         (WebCore::PlatformMediaSessionClient::customPlaybackActionSelected): Deleted.
1783         * platform/graphics/MediaPlaybackTargetClient.h:
1784         * platform/graphics/MediaPlaybackTargetPicker.cpp:
1785         (WebCore::MediaPlaybackTargetPicker::pendingActionTimerFired):
1786         (WebCore::MediaPlaybackTargetPicker::addPendingAction):
1787         (WebCore::MediaPlaybackTargetPicker::showPlaybackTargetPicker):
1788         * platform/graphics/MediaPlaybackTargetPicker.h:
1789         (WebCore::MediaPlaybackTargetPicker::availableDevicesDidChange):
1790         (WebCore::MediaPlaybackTargetPicker::currentDeviceDidChange):
1791         (WebCore::MediaPlaybackTargetPicker::Client::customPlaybackActionSelected): Deleted.
1792         (WebCore::MediaPlaybackTargetPicker::customPlaybackActionSelected): Deleted.
1793         * platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.h:
1794         * platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:
1795         (WebCore::MediaPlaybackTargetPickerMac::devicePicker):
1796         (WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker):
1797         * platform/mac/WebVideoFullscreenInterfaceMac.h:
1798         * platform/mac/WebVideoFullscreenInterfaceMac.mm:
1799         (WebCore::WebVideoFullscreenInterfaceMac::preparedToReturnToInline):
1800         (WebCore::WebVideoFullscreenInterfaceMac::setVideoDimensions):
1801         (WebCore::WebVideoFullscreenInterfaceMac::setExternalPlayback): Deleted.
1802         * platform/mock/MediaPlaybackTargetPickerMock.cpp:
1803         (WebCore::MediaPlaybackTargetPickerMock::timerFired):
1804         (WebCore::MediaPlaybackTargetPickerMock::showPlaybackTargetPicker):
1805         * platform/mock/MediaPlaybackTargetPickerMock.h:
1806         * platform/spi/cocoa/AVKitSPI.h:
1807
1808 2016-04-09  Konstantin Tokarev  <annulen@yandex.ru>
1809
1810         Fixed compilation of JPEGImageDecoder with libjpeg v9.
1811         https://bugs.webkit.org/show_bug.cgi?id=156445
1812
1813         Reviewed by Michael Catanzaro.
1814
1815         ICU defines TRUE and FALSE macros, breaking libjpeg v9 headers.
1816
1817         No new tests needed.
1818
1819         * platform/image-decoders/jpeg/JPEGImageDecoder.h:
1820
1821 2016-04-09  Commit Queue  <commit-queue@webkit.org>
1822
1823         Unreviewed, rolling out r199242.
1824         https://bugs.webkit.org/show_bug.cgi?id=156442
1825
1826         Caused many many leaks (Requested by ap on #webkit).
1827
1828         Reverted changeset:
1829
1830         "Web Inspector: get rid of InspectorBasicValue and
1831         InspectorString subclasses"
1832         https://bugs.webkit.org/show_bug.cgi?id=156407
1833         http://trac.webkit.org/changeset/199242
1834
1835 2016-04-09  Commit Queue  <commit-queue@webkit.org>
1836
1837         Unreviewed, rolling out r199268.
1838         https://bugs.webkit.org/show_bug.cgi?id=156440
1839
1840         Broke Windows build (Requested by ap on #webkit).
1841
1842         Reverted changeset:
1843
1844         "Implement functional :host() pseudo class"
1845         https://bugs.webkit.org/show_bug.cgi?id=156397
1846         http://trac.webkit.org/changeset/199268
1847
1848 2016-04-09  Antti Koivisto  <antti@apple.com>
1849
1850         Implement functional :host() pseudo class
1851         https://bugs.webkit.org/show_bug.cgi?id=156397
1852         <rdar://problem/25621445>
1853
1854         Reviewed by Darin Adler.
1855
1856         We already support :host. Add functional syntax too.
1857
1858         * css/CSSGrammar.y.in:
1859
1860             Parse functional :host().
1861
1862         * css/CSSParser.cpp:
1863         (WebCore::CSSParser::detectFunctionTypeToken):
1864         * css/CSSParserValues.cpp:
1865         (WebCore::CSSParserSelector::parsePseudoClassHostFunctionSelector):
1866         * css/CSSParserValues.h:
1867         * css/ElementRuleCollector.cpp:
1868         (WebCore::ElementRuleCollector::matchedRuleList):
1869         (WebCore::ElementRuleCollector::addMatchedRule):
1870
1871             Factor some shared code here.
1872
1873         (WebCore::ElementRuleCollector::matchHostPseudoClassRules):
1874
1875             Instead of using the generic paths use a :host specific code path for matching.
1876             This makes it easier to avoid :host matching when it shouldn't.
1877
1878         (WebCore::ElementRuleCollector::collectMatchingRulesForList):
1879         * css/ElementRuleCollector.h:
1880         * css/RuleSet.cpp:
1881         (WebCore::computeMatchBasedOnRuleHash):
1882
1883             :host is always handled by the special matching path.
1884
1885         * css/SelectorChecker.cpp:
1886         (WebCore::SelectorChecker::match):
1887         (WebCore::SelectorChecker::matchHostPseudoClass):
1888
1889             Add a function specifically for checking :host. In always fails on the normal code paths.
1890             Check the argument selector if provided.
1891
1892         (WebCore::hasScrollbarPseudoElement):
1893         * css/SelectorChecker.h:
1894
1895 2016-04-07  Darin Adler  <darin@apple.com>
1896
1897         Improve IDL support for object arguments that are neither optional nor nullable
1898         https://bugs.webkit.org/show_bug.cgi?id=156149
1899
1900         Reviewed by Chris Dumez.
1901
1902         After this patch, we are almost ready to change some more DOM functions to
1903         use references instead of pointers. Remaining blocking issue is lack of support
1904         for ShouldPassWrapperByReference in the gobject bindings.
1905
1906         * bindings/objc/ExceptionHandlers.h: Add NO_RETURN to raiseDOMException.
1907         Added a new raiseTypeErrorException. Re-indented header and removed unneeded
1908         include and forward declarations.
1909
1910         * bindings/objc/ExceptionHandlers.mm:
1911         (WebCore::raiseDOMException): Added RELEASE_ASSERT_NOT_REACHED so the compiler
1912         will understand this is NO_RETURN. Also updated FIXME comment.
1913         (WebCore::raiseTypeErrorException): Added.
1914
1915         * bindings/scripts/CodeGenerator.pm: Removed unneeded code that allows the type
1916         "AtomicString" in IDL files.
1917         (ShouldPassWrapperByReference): Added. Contains the logic from the function in
1918         the JavaScript code generator that was named IsPointerParameterPassedByReference,
1919         minus a couple checks that are unneeded. For use in other code generators so they
1920         are all consistent about how they call the DOM implementation.
1921
1922         * bindings/scripts/CodeGeneratorGObject.pm:
1923         (SkipFunction): Removed support for unused CustomBinding extended attribute.
1924
1925         * bindings/scripts/CodeGeneratorJS.pm:
1926         (GenerateHeader): Removed support for unused CustomBinding extended attribute.
1927         (GenerateImplementation): Ditto. Also changed type checking code to throw a
1928         type error in a more efficient way, using throwVMTypeError directly.
1929         (GenerateParametersCheck): Rearranged code a bit so that arguments that need to
1930         be passed in unusual ways are handled all in one place. Use WTFMove for newly
1931         created NodeFilter objects. Simplified the reference logic so it doesn't need
1932         to do an additional check to see if a type is a callback. Also changed type
1933         checking code to throw a type error in a more efficient way, using throwVMTypeError
1934         directly. Also corrected mistake where null checking code was throwing
1935         TYPE_MISMATCH_ERR instead of a type error.
1936         (GetNativeType): Coding style tweak.
1937         (ShouldPassWrapperByReference): Renamed from IsPointerParameterPassedByReference.
1938         Changed to call underlying ShouldPassWrapperByReference function in the language-
1939         independent code generator.
1940         (GenerateConstructorDefinition): Updated for name change.
1941
1942         * bindings/scripts/CodeGeneratorObjC.pm:
1943         (SkipFunction): Removed support for unused CustomBinding extended attribute.
1944         (GenerateImplementation): Added code to null check and pass a reference when
1945         ShouldPassWrapperByReference returns true.
1946
1947         * bindings/scripts/IDLAttributes.txt: Sorted in the AppleCopyright and
1948         UsePointersEvenForNonNullableObjectArguments arguments. Removed the unused
1949         CPPPureInterface and CustomBinding attributes.
1950
1951         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp: Regenerated test results.
1952         * bindings/scripts/test/JS/JSTestInterface.cpp: Ditto.
1953         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp: Ditto.
1954         * bindings/scripts/test/JS/JSTestObj.cpp: Ditto.
1955         * bindings/scripts/test/JS/JSTestObj.h: Ditto.
1956         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp: Ditto.
1957         * bindings/scripts/test/JS/JSTestTypedefs.cpp: Ditto.
1958         * bindings/scripts/test/ObjC/DOMTestActiveDOMObject.mm: Ditto.
1959         * bindings/scripts/test/ObjC/DOMTestCallback.mm: Ditto.
1960         * bindings/scripts/test/ObjC/DOMTestCallbackFunction.mm: Ditto.
1961         * bindings/scripts/test/ObjC/DOMTestInterface.mm: Ditto.
1962         * bindings/scripts/test/ObjC/DOMTestMediaQueryListListener.mm: Ditto.
1963         * bindings/scripts/test/ObjC/DOMTestObj.mm: Ditto.
1964
1965         * bindings/scripts/test/TestObj.idl: Removed test for CustomBinding.
1966
1967         * dom/DOMImplementation.idl: Fixed #if so that only the return type is different
1968         between JavaScript and the other bindings. Without this change, the different
1969         bindings got different results for ShouldPassWrapperByReference. Also formatted
1970         functions all on a single line.
1971
1972         * dom/EventListener.idl: Removed CPPPureInterface, since it had no effect.
1973         * dom/EventTarget.idl: Ditto.
1974
1975 2016-04-08  Chris Dumez  <cdumez@apple.com>
1976
1977         [WebIDL] Add support for [ExportMacro=XXX] IDL extended attribute
1978         https://bugs.webkit.org/show_bug.cgi?id=156428
1979
1980         Reviewed by Ryosuke Niwa.
1981
1982         Add support for [ExportMacro=XXX] IDL extended attribute (e.g. [ExportMacro=WEBCORE_EXPORT])
1983         so developers can indicate in the IDL which macro to use to export the generated JS bindings
1984         class.
1985
1986         We previously supported this by hard-coding JS class names in the bindings generator which
1987         was ugly.
1988
1989         * Modules/mediasession/MediaSession.idl:
1990         * Modules/mediasource/SourceBuffer.idl:
1991         * Modules/notifications/Notification.idl:
1992         * Modules/webaudio/AudioContext.idl:
1993         * bindings/scripts/CodeGeneratorJS.pm:
1994         (GetExportMacroForJSClass):
1995         (GenerateHeader):
1996         (AddIncludesForType): Deleted.
1997         (AddToImplIncludes): Deleted.
1998         * bindings/scripts/IDLAttributes.txt:
1999         * bindings/scripts/test/TestInterface.idl:
2000         * bindings/scripts/test/TestNode.idl:
2001         * css/CSSStyleDeclaration.idl:
2002         * dom/ClientRect.idl:
2003         * dom/ClientRectList.idl:
2004         * dom/Document.idl:
2005         * dom/Element.idl:
2006         * dom/Node.idl:
2007         * dom/Range.idl:
2008         * fileapi/File.idl:
2009         * html/DOMURL.idl:
2010         * html/HTMLElement.idl:
2011         * html/HTMLMediaElement.idl:
2012         * html/TimeRanges.idl:
2013         * html/canvas/DOMPath.idl:
2014         * inspector/ScriptProfile.idl:
2015         * inspector/ScriptProfileNode.idl:
2016         * page/DOMWindow.idl:
2017         * page/make_settings.pl:
2018         (generateInternalSettingsIdlFile):
2019         * testing/InternalSettings.idl:
2020         * testing/Internals.idl:
2021         * testing/MallocStatistics.idl:
2022         * testing/MemoryInfo.idl:
2023         * testing/TypeConversions.idl:
2024         * xml/XMLHttpRequest.idl:
2025
2026 2016-04-08  Joseph Pecoraro  <pecoraro@apple.com>
2027
2028         Web Inspector: XHRs and Web Worker scripts are not searchable
2029         https://bugs.webkit.org/show_bug.cgi?id=154214
2030         <rdar://problem/24643587>
2031
2032         Reviewed by Timothy Hatcher.
2033
2034         Test: inspector/page/searchInResources.html
2035
2036         * inspector/InspectorPageAgent.h:
2037         * inspector/InspectorPageAgent.cpp:
2038         (WebCore::InspectorPageAgent::searchInResource):
2039         (WebCore::InspectorPageAgent::searchInResources):
2040         Let the NetworkAgent handle individual search requests
2041         with a requestId. And provide global search results for
2042         "other" resources and will include requestId properties.
2043
2044         * inspector/InspectorNetworkAgent.h:
2045         * inspector/InspectorNetworkAgent.cpp:
2046         (WebCore::InspectorNetworkAgent::didFinishXHRLoading):
2047         (WebCore::buildObjectForSearchResult):
2048         (WebCore::InspectorNetworkAgent::searchOtherRequests):
2049         (WebCore::InspectorNetworkAgent::searchInRequest):
2050         Search saved "other" resource data content.
2051
2052         * inspector/NetworkResourcesData.h:
2053         * inspector/NetworkResourcesData.cpp:
2054         (WebCore::NetworkResourcesData::resources):
2055         Expose the resources for iteration by the NetworkAgent.
2056
2057 2016-04-08  Joanmarie Diggs  <jdiggs@igalia.com>
2058
2059         AX: "AXLandmarkApplication" is an inappropriate subrole for ARIA "application" since it's no longer a landmark
2060         https://bugs.webkit.org/show_bug.cgi?id=155403
2061
2062         Reviewed by Chris Fleizach.
2063
2064         The new subrole is AXWebApplication and the new role description is "web application".
2065         As part of the fix, the WebCore AccessibilityRole for ARIA's "application" role was
2066         renamed from LandmarkApplicationRole to WebApplicationRole.
2067
2068         The roles-exposed.html and aria-grouping-roles.html test expectations were also updated.
2069
2070         * English.lproj/Localizable.strings:
2071         * accessibility/AccessibilityObject.cpp:
2072         (WebCore::AccessibilityObject::accessibleNameDerivesFromContent):
2073         (WebCore::AccessibilityObject::isLandmark):
2074         (WebCore::initializeRoleMap):
2075         * accessibility/AccessibilityObject.h:
2076         * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
2077         (atkRole):
2078         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
2079         (-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):
2080         (-[WebAccessibilityObjectWrapper _accessibilityIsLandmarkRole:]):
2081         * accessibility/mac/WebAccessibilityObjectWrapperBase.mm:
2082         (-[WebAccessibilityObjectWrapperBase ariaLandmarkRoleDescription]):
2083         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
2084         (createAccessibilityRoleMap):
2085         (-[WebAccessibilityObjectWrapper subrole]):
2086         * platform/LocalizedStrings.cpp:
2087         (WebCore::AXARIAContentGroupText):
2088
2089 2016-04-08  Simon Fraser  <simon.fraser@apple.com>
2090
2091         [iOS WK2] WKWebViews should consult ancestor UIScrollViews to determine tiling area
2092         https://bugs.webkit.org/show_bug.cgi?id=156429
2093         rdar://problem/25455111
2094
2095         Reviewed by Tim Horton.
2096
2097         When a WKWebView is expanded to full size, then embedded in UIScrollView, it would
2098         create huge tiles that cover the entire view area (since it considered itself non-scrollable).
2099
2100         Fix to always use 512x512 tiles in this configuration, and to adjust the tile coverage
2101         for the area exposed through the enclosing UIScrollView.
2102
2103         * loader/HistoryController.cpp:
2104         (WebCore::HistoryController::saveScrollPositionAndViewStateToItem): setObscuredInset()
2105         moved from FrameView to Page.
2106         * page/FrameView.cpp:
2107         (WebCore::FrameView::adjustTiledBackingScrollability): If we're clipped by an ancestor scrollView,
2108         just assume we're scrollable on both axes.
2109         * page/Page.h:
2110         (WebCore::Page::obscuredInset):
2111         (WebCore::Page::setObscuredInset):
2112         (WebCore::Page::enclosedInScrollView):
2113         (WebCore::Page::setEnclosedInScrollView):
2114         * platform/ScrollView.h:
2115         (WebCore::ScrollView::platformObscuredInset): Deleted.
2116         (WebCore::ScrollView::platformSetObscuredInset): Deleted.
2117
2118 2016-04-08  Joseph Pecoraro  <pecoraro@apple.com>
2119
2120         [iOS Simulator] Build failure (property 'contentsFormat' not found on object of type 'LegacyTileLayer *')
2121         https://bugs.webkit.org/show_bug.cgi?id=156415
2122
2123         Reviewed by Simon Fraser.
2124
2125         * platform/spi/cocoa/QuartzCoreSPI.h:
2126         Provide SPI forward declaration of the CALayer contentsFormat property.
2127
2128 2016-04-08  Alex Christensen  <achristensen@webkit.org>
2129
2130         Progress towards running CMake WebKit2 on Mac
2131         https://bugs.webkit.org/show_bug.cgi?id=156426
2132
2133         Reviewed by Tim Horton.
2134
2135         * CMakeLists.txt:
2136         * PlatformGTK.cmake:
2137         * PlatformMac.cmake:
2138         * PlatformWin.cmake:
2139         On Mac, WTF is a static library that is linked only with JavaScriptCore.
2140
2141 2016-04-08  Jer Noble  <jer.noble@apple.com>
2142
2143         Unreviewed 32-bit build fix; make type of std::min<> explicit.
2144
2145         * platform/audio/ios/AudioDestinationIOS.cpp:
2146         (WebCore::AudioDestinationIOS::render):
2147
2148 2016-04-08  Jer Noble  <jer.noble@apple.com>
2149
2150         CRASH in AudioDestinationNode::render()
2151         https://bugs.webkit.org/show_bug.cgi?id=156308
2152
2153         Reviewed by Eric Carlson.
2154
2155         Yet another math error in AudioDestinationIOS::render(). It is possible for the difference between
2156         m_startSpareFrame and m_endSpareFrame to be greater than the numberOfFrames to be rendered. Protect
2157         against this case by taking the min() of those two values and only advancing m_startSpareFrame by
2158         that amount.  This guarantees that framesThisTime will never underflow, and that data will not be
2159         written past the end of the ioData parameter.
2160
2161         * platform/audio/ios/AudioDestinationIOS.cpp:
2162         (WebCore::AudioDestinationIOS::render):
2163
2164 2016-04-08  Brady Eidson  <beidson@apple.com>
2165
2166         Modern IDB: Use more IDBValue and IDBGetResult in IDBBackingStore.
2167         https://bugs.webkit.org/show_bug.cgi?id=156418
2168
2169         Reviewed by Alex Christensen.
2170
2171         No new tests (Refactor, no change in behavior).
2172
2173         * Modules/indexeddb/IDBValue.cpp:
2174         (WebCore::IDBValue::IDBValue):
2175         * Modules/indexeddb/IDBValue.h:
2176         
2177         * Modules/indexeddb/server/IDBBackingStore.h:
2178         
2179         * Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:
2180         (WebCore::IDBServer::MemoryBackingStoreTransaction::abort):
2181         
2182         * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
2183         (WebCore::IDBServer::MemoryIDBBackingStore::addRecord):
2184         (WebCore::IDBServer::MemoryIDBBackingStore::getRecord):
2185         * Modules/indexeddb/server/MemoryIDBBackingStore.h:
2186         
2187         * Modules/indexeddb/server/MemoryObjectStore.cpp:
2188         (WebCore::IDBServer::MemoryObjectStore::addRecord):
2189         * Modules/indexeddb/server/MemoryObjectStore.h:
2190         
2191         * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
2192         (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
2193         (WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):
2194         * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
2195         
2196         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
2197         (WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd):
2198         (WebCore::IDBServer::UniqueIDBDatabase::performGetRecord):
2199
2200 2016-04-08  Brady Eidson  <beidson@apple.com>
2201
2202         Modern IDB: Make IDBGetResult contain an IDBValue instead of a buffer, and remove unused methods.
2203         https://bugs.webkit.org/show_bug.cgi?id=156416
2204
2205         Reviewed by Alex Christensen.
2206
2207         No new tests (Refactor, no change in behavior).
2208
2209         * Modules/indexeddb/IDBCursor.cpp:
2210         (WebCore::IDBCursor::setGetResult):
2211         
2212         * Modules/indexeddb/IDBGetResult.cpp:
2213         (WebCore::IDBGetResult::dataFromBuffer):
2214         (WebCore::IDBGetResult::isolatedCopy):
2215         * Modules/indexeddb/IDBGetResult.h:
2216         (WebCore::IDBGetResult::IDBGetResult):
2217         (WebCore::IDBGetResult::value):
2218         (WebCore::IDBGetResult::encode):
2219         (WebCore::IDBGetResult::decode):
2220         (WebCore::IDBGetResult::valueBuffer): Deleted.
2221         (WebCore::IDBGetResult::setValueBuffer): Deleted.
2222         (WebCore::IDBGetResult::setKeyData): Deleted.
2223         (WebCore::IDBGetResult::setPrimaryKeyData): Deleted.
2224         (WebCore::IDBGetResult::setKeyPath): Deleted.
2225         
2226         * Modules/indexeddb/IDBTransaction.cpp:
2227         (WebCore::IDBTransaction::didGetRecordOnServer):
2228         
2229         * Modules/indexeddb/IDBValue.cpp:
2230         (WebCore::IDBValue::IDBValue):
2231         * Modules/indexeddb/IDBValue.h:
2232         
2233         * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
2234         (WebCore::IDBServer::SQLiteIDBBackingStore::getIndexRecord):
2235
2236 2016-04-08  Zalan Bujtas  <zalan@apple.com>
2237
2238         Focus ring drawn at incorrect location on image map with CSS transform.
2239         https://bugs.webkit.org/show_bug.cgi?id=143527
2240         <rdar://problem/21908735>
2241
2242         Reviewed by Simon Fraser.
2243
2244         Implement pathForFocusRing for HTMLAreaElement. It follows the logic of RenderObject::addFocusRingRects().
2245
2246         Tests: fast/images/image-map-outline-in-positioned-container.html
2247                fast/images/image-map-outline-with-paint-root-offset.html
2248                fast/images/image-map-outline-with-scale-transform.html
2249                fast/images/image-map-outline.html
2250
2251         * html/HTMLAreaElement.cpp:
2252         (WebCore::HTMLAreaElement::pathForFocusRing):
2253         * html/HTMLAreaElement.h:
2254         * rendering/RenderElement.cpp:
2255         (WebCore::RenderElement::paintFocusRing): Move addFocusRingRects() out of focus ring painting.
2256         (WebCore::RenderElement::paintOutline):
2257         * rendering/RenderElement.h:
2258         * rendering/RenderImage.cpp:
2259         (WebCore::RenderImage::paint):
2260         (WebCore::RenderImage::paintAreaElementFocusRing):
2261         * rendering/RenderImage.h:
2262         * rendering/RenderInline.cpp:
2263         (WebCore::RenderInline::paintOutline):
2264
2265 2016-04-08  Brent Fulgham  <bfulgham@apple.com>
2266
2267         [WK1] Wheel event callback removing the window causes crash in WebCore
2268         https://bugs.webkit.org/show_bug.cgi?id=156409
2269         <rdar://problem/25631267>
2270
2271         Reviewed by Simon Fraser.
2272
2273         Null check the Widget before using it, since the iframe may have been removed
2274         from its parent document inside the event handler.
2275
2276         This is the WK1 fix for https://bugs.webkit.org/show_bug.cgi?id=150871.
2277
2278         Tested by fast/events/wheel-event-destroys-frame.html
2279
2280         * page/EventHandler.cpp:
2281         (WebCore::widgetForElement): Added.
2282         (WebCore::EventHandler::handleWheelEvent): Use new helper function to
2283         clean up the code, and allow us to check that the Widget has not been
2284         destroyed during the event handler.
2285
2286 2016-04-08  Said Abou-Hallawa  <sabouhallawa@apple,com>
2287
2288         Timing attack on SVG feComposite filter circumvents same-origin policy
2289         https://bugs.webkit.org/show_bug.cgi?id=154338
2290
2291         Reviewed by Oliver Hunt.
2292
2293         Ensure the FEComposite arithmetic filter is clamping the resulted color
2294         components in a constant time.
2295
2296         * platform/graphics/filters/FEComposite.cpp:
2297         (WebCore::clampByte):
2298         (WebCore::computeArithmeticPixels):
2299
2300 2016-04-08  Brian Burg  <bburg@apple.com>
2301
2302         Web Inspector: get rid of InspectorBasicValue and InspectorString subclasses
2303         https://bugs.webkit.org/show_bug.cgi?id=156407
2304         <rdar://problem/25627659>
2305
2306         Reviewed by Timothy Hatcher.
2307
2308         * inspector/InspectorDatabaseAgent.cpp: Don't use deleted subclasses.
2309
2310 2016-04-08  Beth Dakin  <bdakin@apple.com>
2311
2312         Fix leaks in WebAVMediaSelectionOptionMac and WebPlaybackControlsManager
2313         https://bugs.webkit.org/show_bug.cgi?id=156379
2314
2315         Reviewed by Tim Horton.
2316
2317         These classes should use RetainPtrs.
2318         * platform/mac/WebVideoFullscreenInterfaceMac.mm:
2319         (-[WebAVMediaSelectionOptionMac localizedDisplayName]):
2320         (-[WebAVMediaSelectionOptionMac setLocalizedDisplayName:]):
2321         (-[WebPlaybackControlsManager timing]):
2322         (-[WebPlaybackControlsManager setTiming:]):
2323         (-[WebPlaybackControlsManager seekableTimeRanges]):
2324         (-[WebPlaybackControlsManager setSeekableTimeRanges:]):
2325         (-[WebPlaybackControlsManager audioMediaSelectionOptions]):
2326         (-[WebPlaybackControlsManager setAudioMediaSelectionOptions:]):
2327         (-[WebPlaybackControlsManager currentAudioMediaSelectionOption]):
2328         (-[WebPlaybackControlsManager setCurrentAudioMediaSelectionOption:]):
2329         (-[WebPlaybackControlsManager legibleMediaSelectionOptions]):
2330         (-[WebPlaybackControlsManager setLegibleMediaSelectionOptions:]):
2331         (-[WebPlaybackControlsManager currentLegibleMediaSelectionOption]):
2332         (-[WebPlaybackControlsManager setCurrentLegibleMediaSelectionOption:]):
2333
2334 2016-04-08  Fujii Hironori  <Hironori.Fujii@jp.sony.com>
2335
2336         Touching any IDL files rebuilds all bindings in CMake Ninja build
2337         https://bugs.webkit.org/show_bug.cgi?id=156400
2338
2339         Reviewed by Brent Fulgham.
2340
2341         * bindings/scripts/preprocess-idls.pl:
2342         (GenerateConstructorAttribute):
2343         WriteFileIfChanged does not work due to flaky results of 'keys'.
2344         Sort results of 'keys'.
2345
2346 2016-04-07  Simon Fraser  <simon.fraser@apple.com>
2347
2348         [iOS WK2] Stop using exposedContentRect for history scroll state restoration
2349         https://bugs.webkit.org/show_bug.cgi?id=156392
2350
2351         Reviewed by Tim Horton.
2352
2353         A future commit will alter the meaning of exposedContentRect on iOS to take into
2354         account clipped out parts of the WKWebView. To achieve this, wean history restoration
2355         off of using exposedContentRect for scroll state restoration. It did this to restore
2356         the page to the same position relative to the view's top-left (to avoid jiggles caused
2357         by changing obscured insets).
2358
2359         Do this by pushing the left/top obscured insets down with visible content rects updates,
2360         storing them on ScrollView, and adding them to HistoryItem. Those insets are then used
2361         for scroll state restoration in WKWebView.
2362
2363         * history/HistoryItem.cpp:
2364         (WebCore::HistoryItem::HistoryItem):
2365         * history/HistoryItem.h:
2366         (WebCore::HistoryItem::obscuredInset):
2367         (WebCore::HistoryItem::setObscuredInset):
2368         * loader/HistoryController.cpp:
2369         (WebCore::HistoryController::saveScrollPositionAndViewStateToItem):
2370         * platform/ScrollView.h:
2371         (WebCore::ScrollView::platformObscuredInset):
2372         (WebCore::ScrollView::platformSetObscuredInset):
2373
2374 2016-04-08  Brady Eidson  <beidson@apple.com>
2375
2376         Build fix followup to http://trac.webkit.org/changeset/199230
2377
2378         Unreviewed.
2379
2380         * platform/posix/FileSystemPOSIX.cpp:
2381         (WebCore::hardLinkOrCopyFile): Stricter POSIX systems require a umask for O_CREAT opens,
2382           so let's provide one.
2383
2384 2016-04-08  Darin Adler  <darin@apple.com>
2385
2386         Remove 14 more unnecessary uses of UsePointersEvenForNonNullableObjectArguments
2387         https://bugs.webkit.org/show_bug.cgi?id=156405
2388
2389         Reviewed by Chris Dumez.
2390
2391         * Modules/encryptedmedia/MediaKeySession.idl:
2392         * Modules/encryptedmedia/MediaKeys.idl:
2393         * dom/Element.idl:
2394         * dom/NamedNodeMap.idl:
2395         * html/HTMLElement.idl:
2396         * html/canvas/OESVertexArrayObject.idl:
2397         * html/canvas/WebGLRenderingContext.idl:
2398         * page/DOMSelection.idl:
2399         * storage/StorageEvent.idl:
2400         * svg/SVGSVGElement.idl:
2401         * xml/XMLSerializer.idl:
2402         * xml/XPathEvaluator.idl:
2403         * xml/XPathExpression.idl:
2404         * xml/XSLTProcessor.idl:
2405         Removed UsePointersEvenForNonNullableObjectArguments, which was having no effect
2406         in any of these classes. Also tweaked formatting of some of the IDL, merging things
2407         onto single lines, changing paragraphing and indenting a bit, and fixing some typos.
2408
2409 2016-04-08  Brady Eidson  <beidson@apple.com>
2410
2411         Modern IDB (Blob support): Write blobs to temporary files and move them to the correct location when storing them.
2412         https://bugs.webkit.org/show_bug.cgi?id=156321
2413
2414         Reviewed by Alex Christensen, Andy Estes, and Darin Adler.
2415
2416         No new tests (No testable change in behavior yet, current tests pass).
2417
2418         When asked to store a Blob (including Files) in IndexedDB, the Blob is written out to a temporary file.
2419         
2420         Then when the putOrAdd request is received by IDBServer it includes a list of blobURLs and their mappings
2421         to temporary files.
2422         
2423         Finally, as part of storing the Blob value in the database, those temporary files are moved in to place
2424         under the IndexedDB directory for storage and later retrieval.
2425
2426         * Modules/indexeddb/IDBValue.cpp:
2427         (WebCore::IDBValue::IDBValue):
2428
2429         * Modules/indexeddb/server/IDBBackingStore.h:
2430         (WebCore::IDBServer::IDBBackingStoreTemporaryFileHandler::~IDBBackingStoreTemporaryFileHandler):
2431
2432         * Modules/indexeddb/server/IDBServer.cpp:
2433         (WebCore::IDBServer::IDBServer::create):
2434         (WebCore::IDBServer::IDBServer::IDBServer):
2435         (WebCore::IDBServer::IDBServer::createBackingStore):
2436         * Modules/indexeddb/server/IDBServer.h:
2437
2438         * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
2439         (WebCore::IDBServer::blobRecordsTableSchema):
2440         (WebCore::IDBServer::blobRecordsTableSchemaAlternate):
2441         (WebCore::IDBServer::blobFilesTableSchema):
2442         (WebCore::IDBServer::blobFilesTableSchemaAlternate):
2443         (WebCore::IDBServer::SQLiteIDBBackingStore::SQLiteIDBBackingStore):
2444         (WebCore::IDBServer::SQLiteIDBBackingStore::ensureValidBlobTables):
2445         (WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo):
2446         (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
2447         * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
2448         (WebCore::IDBServer::SQLiteIDBBackingStore::temporaryFileHandler):
2449
2450         * Modules/indexeddb/server/SQLiteIDBTransaction.cpp:
2451         (WebCore::IDBServer::SQLiteIDBTransaction::commit):
2452         (WebCore::IDBServer::SQLiteIDBTransaction::moveBlobFilesIfNecessary):
2453         (WebCore::IDBServer::SQLiteIDBTransaction::abort):
2454         (WebCore::IDBServer::SQLiteIDBTransaction::reset):
2455         (WebCore::IDBServer::SQLiteIDBTransaction::addBlobFile):
2456         * Modules/indexeddb/server/SQLiteIDBTransaction.h:
2457
2458         * Modules/indexeddb/shared/InProcessIDBServer.cpp:
2459         (WebCore::InProcessIDBServer::InProcessIDBServer):
2460         (WebCore::InProcessIDBServer::accessToTemporaryFileComplete):
2461         * Modules/indexeddb/shared/InProcessIDBServer.h:
2462
2463         * bindings/js/SerializedScriptValue.cpp:
2464         (WebCore::SerializedScriptValue::blobURLsIsolatedCopy):
2465         * bindings/js/SerializedScriptValue.h:
2466
2467         * platform/FileSystem.h:
2468         * platform/gtk/FileSystemGtk.cpp:
2469         (WebCore::hardLinkOrCopyFile):
2470         * platform/posix/FileSystemPOSIX.cpp:
2471         (WebCore::hardLinkOrCopyFile):
2472
2473 2016-04-08  Joanmarie Diggs  <jdiggs@igalia.com>
2474
2475         AX: [ATK] Crash getting text under element in CSS table
2476         https://bugs.webkit.org/show_bug.cgi?id=156328
2477
2478         Reviewed by Chris Fleizach.
2479
2480         AccessibilityRenderObject::textUnderElement() assumes (and asserts) that
2481         the first and last child of an anonymous block will each have nodes with
2482         which to define positions. This is not the case for CSS Tables and their
2483         anonymous descendants. AccessibilityNodeObject:textUnderElement() is our
2484         fallback for the instances where a text range cannot be created based on
2485         positions, so let it handle anonymous RenderTable parts.
2486
2487         Test: accessibility/generated-content-with-display-table-crash.html
2488
2489         * accessibility/AccessibilityRenderObject.cpp:
2490         (WebCore::AccessibilityRenderObject::textUnderElement):
2491         (WebCore::AccessibilityRenderObject::shouldGetTextFromNode):
2492         * accessibility/AccessibilityRenderObject.h:
2493
2494 2016-04-08  Darin Adler  <darin@apple.com>
2495
2496         Remove unneeded UsePointersEvenForNonNullableObjectArguments from event classes
2497         https://bugs.webkit.org/show_bug.cgi?id=156396
2498
2499         Reviewed by Youenn Fablet.
2500
2501         * dom/CompositionEvent.idl:
2502         * dom/KeyboardEvent.idl:
2503         * dom/MouseEvent.idl:
2504         * dom/MutationEvent.idl:
2505         * dom/TextEvent.idl:
2506         * dom/TouchEvent.idl:
2507         * dom/UIEvent.idl:
2508         * dom/WheelEvent.idl:
2509         Removed UsePointersEvenForNonNullableObjectArguments, which was having no effect.
2510
2511 2016-04-08  Manuel Rego Casasnovas  <rego@igalia.com>
2512
2513         [css-grid] Fix positioned items with grid gaps
2514         https://bugs.webkit.org/show_bug.cgi?id=156288
2515
2516         Reviewed by Darin Adler.
2517
2518         When we place a positioned items in a grid with gaps,
2519         we were not taking into accounts the gutter size.
2520         We've to use that size to properly place and size the item.
2521
2522         Tests: fast/css-grid-layout/grid-positioned-items-gaps-rtl.html
2523                fast/css-grid-layout/grid-positioned-items-gaps.html
2524
2525         * rendering/RenderGrid.cpp:
2526         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
2527
2528 2016-04-08  Javier Fernandez  <jfernandez@igalia.com>
2529
2530         [css-grid] Remove unnecessary iteration in populateGridPositions loop
2531         https://bugs.webkit.org/show_bug.cgi?id=156376
2532
2533         Reviewed by Darin Adler.
2534
2535         The populateGridPositions loop limit was set to 'lastLine'. However, the
2536         the position of last track's start line is updated after the loop, since
2537         it does not follow the same pattern; it does not have a content
2538         distribution offset.
2539
2540         So, since we are essentially overwriting the value stored in the last
2541         iteration, we can just lower the loop limit.
2542
2543         No new tests added, because there is no change in the functionality.
2544
2545         * rendering/RenderGrid.cpp:
2546         (WebCore::RenderGrid::populateGridPositions):
2547
2548 2016-04-08  John Wilander  <wilander@apple.com>
2549
2550         CSP: Block XHR when calling XMLHttpRequest.send() and throw network error.
2551         https://bugs.webkit.org/show_bug.cgi?id=153598
2552         <rdar://problem/24391483>
2553
2554         Reviewed by Darin Adler.
2555
2556         No new tests. Changes to existing tests are sufficient.
2557
2558         * xml/XMLHttpRequest.cpp:
2559         (WebCore::XMLHttpRequest::open):
2560         (WebCore::XMLHttpRequest::initSend):
2561             Moved the CSP check from XMLHttpRequest::open() to XMLHttpRequest::initSend().
2562             Changed the thrown error type from Security to Network for synchronous requests.
2563             Changed from throwing an error to firing an error event for asynchronous requests.
2564             These changes are in conformance with connect-src of Content Security Policy Level 2.
2565             https://www.w3.org/TR/CSP2/#directive-connect-src (W3C Candidate Recommendation, 21 July 2015)
2566
2567 2016-04-07  Darin Adler  <darin@apple.com>
2568
2569         FontFaceSet binding does not handle null correctly
2570         https://bugs.webkit.org/show_bug.cgi?id=156141
2571
2572         Reviewed by Youenn Fablet.
2573
2574         * css/FontFaceSet.cpp:
2575         (WebCore::FontFaceSet::FontFaceSet): Pass a reference to add rather than a pointer.
2576         (WebCore::FontFaceSet::has): Take a reference rather than a pointer.
2577         (WebCore::FontFaceSet::add): Ditto.
2578         (WebCore::FontFaceSet::remove): Ditto.
2579         (WebCore::FontFaceSet::load): Initialize ec since we check it. Caller is not required
2580         to do this, nor is the matchingFaces function. Rearranged function to avoid needless
2581         creation/destruction of PendingPromise for the immediate failure case. Removed some
2582         unneeded type casts and local variables.
2583         (WebCore::FontFaceSet::status): Use ASCIILiteral instead of ConstructFromLiteral.
2584         No reason to use the more aggressive optimization.
2585         (WebCore::FontFaceSet::faceFinished): Factored out a common hasReachedTerminalState
2586         check to streamline the logic a bit.
2587         (WebCore::FontFaceSet::load): Moved overload without a string in here; not critical
2588         to inline it.
2589         (WebCore::FontFaceSet::check): Ditto.
2590
2591         * css/FontFaceSet.h: Removed many unneeded includes and forward declarations.
2592         Changed functions to take FontFace& instead of RefPtr<FontFace>. Removed unneeded
2593         WebCore namespace prefixes. Use final instead of override for virtual functions.
2594
2595         * css/FontFaceSet.idl: Removed UsePointersEvenForNonNullableObjectArguments, which
2596         was preserving incorrect behavior for null as demonstrated by the test cases.
2597
2598 2016-04-07  Joseph Pecoraro  <pecoraro@apple.com>
2599
2600         Remove ENABLE(ENABLE_ES6_CLASS_SYNTAX) guards
2601         https://bugs.webkit.org/show_bug.cgi?id=156384
2602
2603         Reviewed by Ryosuke Niwa.
2604
2605         * Configurations/FeatureDefines.xcconfig:
2606
2607 2016-04-07  Dean Jackson  <dino@apple.com>
2608
2609         [iOS] Media playback button should use appearance
2610         https://bugs.webkit.org/show_bug.cgi?id=156388
2611         <rdar://problem/25618352>
2612
2613         Reviewed by Simon Fraser.
2614
2615         With the recent change in backdrop appearance, we can
2616         now use the system style directly for the play button.
2617
2618         While I was here I also updated the artwork to the
2619         latest style (slightly rounded corners on the triangle).
2620
2621         Covered by the test in ManualTests/ios/start-playback-button-appearance.html.
2622
2623         * Modules/mediacontrols/mediaControlsiOS.css: Move the clip onto the backdrop
2624         element. Use an appearance insted.
2625         * Modules/mediacontrols/mediaControlsiOS.js: Remove the tint element, and
2626         set the highlight on the glyph instead.
2627
2628 2016-04-07  Ada Chan  <adachan@apple.com>
2629
2630         Roll out the css change in mediaControlsApple.css that has been causing assertions in layout for multiple tests
2631         https://bugs.webkit.org/show_bug.cgi?id=156381
2632
2633         Rubber-stamped by Alexey Proskuryakov.
2634
2635         * Modules/mediacontrols/mediaControlsApple.css:
2636         (::-webkit-media-controls):
2637         Remove overflow: hidden.
2638
2639 2016-04-07  Jiewen Tan  <jiewen_tan@apple.com>
2640
2641         Unreviewed, rolling out r199199.
2642
2643         Revision breaks layout tests
2644
2645         Reverted changeset:
2646
2647         "fast/loader/opaque-base-url.html crashing during mac and ios
2648         debug tests"
2649         https://bugs.webkit.org/show_bug.cgi?id=156179
2650         http://trac.webkit.org/changeset/199199
2651
2652 2016-04-07  Simon Fraser  <simon.fraser@apple.com>
2653
2654         Make it possible to test effect of view exposed rect on tiled backing
2655         https://bugs.webkit.org/show_bug.cgi?id=156365
2656
2657         Reviewed by Tim Horton.
2658
2659         Implement Internals::setViewExposedRect().
2660
2661         When the viewExposedRect is non-null, assume that we're scrollable on both axes
2662         to avoid creation of huge tiles in this scenario.
2663
2664         We also need to call adjustTiledBackingScrollability() when setViewExposedRect()
2665         has been called.
2666
2667         Tests: tiled-drawing/tile-coverage-view-exposed-rect.html
2668                tiled-drawing/tile-size-view-exposed-rect.html
2669
2670         * page/FrameView.cpp:
2671         (WebCore::FrameView::adjustTiledBackingScrollability):
2672         (WebCore::FrameView::setViewExposedRect):
2673         * testing/Internals.cpp:
2674         (WebCore::Internals::setViewExposedRect):
2675         * testing/Internals.h:
2676         * testing/Internals.idl:
2677
2678 2016-04-07  Jiewen Tan  <jiewen_tan@apple.com>
2679
2680         fast/loader/opaque-base-url.html crashing during mac and ios debug tests
2681         https://bugs.webkit.org/show_bug.cgi?id=156179
2682         <rdar://problem/25507719>
2683
2684         Reviewed by Andy Estes.
2685
2686         A relative URL other than "#" with a non-hierarchical base is invalid, but prior to this
2687         change the URL's string would still contain the invalid relative URL. To avoid mistakes
2688         where we might later treat this URL string as a parsed URL string, set the string to
2689         "about:blank" instead.
2690
2691         Test: fast/url/data-uri-based-urls.html
2692
2693         * platform/URL.cpp:
2694         (WebCore::URL::init):
2695
2696 2016-04-07  Brian Burg  <bburg@apple.com>
2697
2698         Web Automation: implement Automation.addSingleCookie
2699         https://bugs.webkit.org/show_bug.cgi?id=156319
2700         <rdar://problem/25589605>
2701
2702         Reviewed by Timothy Hatcher.
2703
2704         * platform/Cookie.h: Document the units used by the 'expires' field.
2705
2706 2016-04-07  Jon Davis  <jond@apple.com>
2707
2708         Add ImageBitmap as under consideration on Feature Status page
2709         https://bugs.webkit.org/show_bug.cgi?id=156362
2710
2711         Reviewed by Timothy Hatcher.
2712
2713         * features.json:
2714
2715 2016-04-07  Jon Davis  <jond@apple.com>
2716
2717         Include Conical Gradients on the Feature Status page.
2718         https://bugs.webkit.org/show_bug.cgi?id=156363
2719
2720         Reviewed by Timothy Hatcher.
2721
2722         * features.json:
2723
2724 2016-04-07  Beth Dakin  <bdakin@apple.com>
2725
2726         Build fix.
2727
2728         * platform/mac/WebVideoFullscreenInterfaceMac.mm:
2729
2730 2016-04-07  Jeremy Jones  <jeremyj@apple.com>
2731
2732         In WK1 WebVideoFullscreen interface may be accessed from WK1 main thread instead of UI thread.
2733         https://bugs.webkit.org/show_bug.cgi?id=154252
2734         rdar://problem/22460539
2735
2736         Reviewed by Eric Carlson.
2737
2738         In WebKit1, Javascript can cause enter fullscreen to happen on the main thead, which is not
2739         necessarily the UI thread. This can cause autolayout errors. Move this code to the UI thread.
2740
2741         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
2742         (WebVideoFullscreenControllerContext::setUpFullscreen): Move setup to the UI thread.
2743         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
2744         (-[WebAVPlayerLayer layoutSublayers]): Move call to resolveBounds to the UI thread.
2745
2746 2016-04-07  Beth Dakin  <bdakin@apple.com>
2747
2748         Build fix.
2749
2750         * platform/mac/WebVideoFullscreenInterfaceMac.mm:
2751
2752 2016-04-07  Chris Dumez  <cdumez@apple.com>
2753
2754         [WebIDL] Add support for [EnabledAtRuntime] attributes on non-global objects
2755         https://bugs.webkit.org/show_bug.cgi?id=156346
2756
2757         Reviewed by Ryosuke Niwa.
2758
2759         Add support for [EnabledAtRuntime] attributes on non-global objects by
2760         using the same approach as for [EnabledAtRuntime] operations. This means
2761         we add these attributes to the static property table but they get removed
2762         at runtime in JS*Prototype::finishCreation(), if the feature is disabled,
2763         after the eager reification of the prototype.
2764
2765         * bindings/scripts/CodeGeneratorJS.pm:
2766         (GeneratePropertiesHashTable):
2767         (GenerateImplementation):
2768         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2769         (webkit_dom_test_obj_set_property):
2770         (webkit_dom_test_obj_get_property):
2771         (webkit_dom_test_obj_class_init):
2772         (webkit_dom_test_obj_enabled_at_runtime_operation):
2773         (webkit_dom_test_obj_get_enabled_at_runtime_attribute):
2774         (webkit_dom_test_obj_set_enabled_at_runtime_attribute):
2775         * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
2776         * bindings/scripts/test/JS/JSTestObj.cpp:
2777         (WebCore::JSTestObjPrototype::finishCreation):
2778         (WebCore::jsTestObjEnabledAtRuntimeAttribute):
2779         (WebCore::setJSTestObjEnabledAtRuntimeAttribute):
2780         (WebCore::jsTestObjPrototypeFunctionEnabledAtRuntimeOperation1):
2781         (WebCore::jsTestObjPrototypeFunctionEnabledAtRuntimeOperation2):
2782         (WebCore::jsTestObjPrototypeFunctionEnabledAtRuntimeOperation):
2783         * bindings/scripts/test/ObjC/DOMTestObj.h:
2784         * bindings/scripts/test/ObjC/DOMTestObj.mm:
2785         (-[DOMTestObj enabledAtRuntimeAttribute]):
2786         (-[DOMTestObj setEnabledAtRuntimeAttribute:]):
2787         (-[DOMTestObj enabledAtRuntimeOperation:]):
2788         * bindings/scripts/test/TestObj.idl:
2789
2790 2016-04-07  Beth Dakin  <bdakin@apple.com>
2791
2792         Attempted build fix.
2793
2794         * platform/mac/WebVideoFullscreenInterfaceMac.mm:
2795         (-[WebPlaybackControlsManager seekToTime:toleranceBefore:toleranceAfter:]):
2796         (-[WebPlaybackControlsManager setCurrentAudioMediaSelectionOption:]):
2797         (-[WebPlaybackControlsManager setCurrentLegibleMediaSelectionOption:]):
2798         (-[WebPlaybackControlsManager currentAudioMediaSelectionOption]): Deleted.
2799         (-[WebPlaybackControlsManager currentLegibleMediaSelectionOption]): Deleted.
2800
2801 2016-04-07  Ada Chan  <adachan@apple.com>
2802
2803         Add WebKitAdditions extension point in HTMLVideoElement::supportsFullscreen()
2804         https://bugs.webkit.org/show_bug.cgi?id=156366
2805
2806         Reviewed by Alex Christensen.
2807
2808         * html/HTMLVideoElement.cpp:
2809         (WebCore::HTMLVideoElement::supportsFullscreen):
2810
2811 2016-04-07  Jon Davis  <jond@apple.com>
2812
2813         Add WOFF2 to the Feature Status page
2814         https://bugs.webkit.org/show_bug.cgi?id=156361
2815
2816         Reviewed by Timothy Hatcher.
2817
2818         * features.json:
2819
2820 2016-04-07  Beth Dakin  <bdakin@apple.com>
2821
2822         WebPlaybackControlsManager should support mediaSelectionOptions
2823         https://bugs.webkit.org/show_bug.cgi?id=156358
2824         -and corresponding-
2825         rdar://problem/25048743
2826
2827         Reviewed by Jer Noble.
2828
2829         This patch just implements 
2830         WebVideoFullscreenInterfaceMac::setAudioMediaSelectionOptions and 
2831         WebVideoFullscreenInterfaceMac::setLegibleMediaSelectionOptions and passes that 
2832         information on to WebPlaybackControlsManager. If selection options are set via 
2833         the WebPlaybackControlsManager, then it gets the webVideoFullscreenModel() to 
2834         set the new value.
2835
2836         * platform/mac/WebVideoFullscreenInterfaceMac.h:
2837         * platform/mac/WebVideoFullscreenInterfaceMac.mm:
2838         (-[WebPlaybackControlsManager currentAudioMediaSelectionOption]):
2839         (-[WebPlaybackControlsManager setCurrentAudioMediaSelectionOption:]):
2840         (-[WebPlaybackControlsManager currentLegibleMediaSelectionOption]):
2841         (-[WebPlaybackControlsManager setCurrentLegibleMediaSelectionOption:]):
2842         (WebCore::mediaSelectionOptions):
2843         (WebCore::WebVideoFullscreenInterfaceMac::setAudioMediaSelectionOptions):
2844         (WebCore::WebVideoFullscreenInterfaceMac::setLegibleMediaSelectionOptions):
2845         (-[WebPlaybackControlsManager audioMediaSelectionOptions]): Deleted.
2846         (-[WebPlaybackControlsManager legibleMediaSelectionOptions]): Deleted.
2847
2848 2016-04-07  Brent Fulgham  <bfulgham@apple.com>
2849
2850         Wheel event callback removing the window causes crash in WebCore.
2851         https://bugs.webkit.org/show_bug.cgi?id=150871
2852         <rdar://problem/23418283>
2853
2854         Reviewed by Simon Fraser.
2855
2856         Null check the FrameView before using it, since the iframe may have been removed
2857         from its parent document inside the event handler.
2858         
2859         The new test triggered a cross-load side-effect, where wheel event filtering wasn't
2860         reset between page loads. Fix by calling clearLatchedState() in EventHandler::clear(),
2861         which resets the filtering.
2862
2863         Since the Frame destructor invokes EventHandler::clear, which invokes MainFrame methods,
2864         we run the risk of attempting to dereference destroyed MainFrame elements of the current
2865         Frame object. Instead, clear the EventHandler in the MainFrame destructor.
2866
2867         Finally, confirm that the mainFrame member is not being destroyed in the handful of
2868         places that might attempt to access the mainFrame during object destruction (essentially
2869         cleanup methods).
2870
2871         Test: fast/events/wheel-event-destroys-frame.html
2872
2873         * loader/FrameLoader.cpp:
2874         (WebCore::FrameLoader::clear): Protect against accessing mainFrame content during destruction.
2875         * page/EventHandler.cpp:
2876         (WebCore::EventHandler::clear): Call 'clearLatchedState' instead of endFilteringDeltas.
2877         (WebCore::EventHandler::clearLatchedState): Null-check the filter before calling it.
2878         * page/Frame.cpp:
2879         (WebCore::Frame::~Frame): Do not call 'setView' in the destructor for a MainFrame.
2880         (WebCore::Frame::setView): Check for a null event handler before invoking it.
2881         (WebCore::Frame::setMainFrameWasDestroyed): Added. Mark that the MainFrame
2882         member of the Frame is being destroyed (if the current Frame is a MainFrame) and clear
2883         the EventHandler member so that it doesn't attempt to access mainFrame content.
2884         (WebCore::Frame::mainFrame): When accessing the mainFrame member, assert that the
2885         mainFrame is not being destroyed.
2886         * page/MainFrame.cpp:
2887         (WebCore::MainFrame::~MainFrame): Set the m_recentWheelEventDeltaFilter to nullptr to
2888         prevent attempts to access it during object destruction. Call the new 'setMainFrameWasDestroyed'
2889         method to reset eventHandler and mark the MainFrame as being in the process of destruction.
2890         * page/WheelEventDeltaFilter.cpp:
2891         (WebCore::WheelEventDeltaFilter::filteredDelta): Add logging.
2892         * page/mac/EventHandlerMac.mm:
2893         (WebCore::EventHandler::platformCompleteWheelEvent): Add null check.
2894         * rendering/RenderLayer.cpp:
2895         (WebCore::RenderLayer::scrollTo): Add logging.
2896
2897 2016-04-05  Ada Chan  <adachan@apple.com>
2898
2899         Rename TextTrackRepresentationiOS to TextTrackRepresentationCocoa and enable on Mac
2900         https://bugs.webkit.org/show_bug.cgi?id=156245
2901
2902         Reviewed by Eric Carlson.
2903
2904         * Modules/mediacontrols/mediaControlsApple.css:
2905         (::-webkit-media-controls):
2906         Match iOS and specify overflow: hidden on the -webkit-media-controls container.
2907         (video::-webkit-media-text-track-container):
2908         Match iOS and specify z-index: 0 on the text track container.
2909
2910         * WebCore.xcodeproj/project.pbxproj:
2911         TextTrackRepresentationiOS.h/mm have been renamed to TextTrackRepresentationCocoa.h/mm.
2912
2913         * platform/graphics/TextTrackRepresentation.cpp:
2914         * platform/graphics/cocoa/TextTrackRepresentationCocoa.h: Renamed from Source/WebCore/platform/graphics/ios/TextTrackRepresentationIOS.h.
2915         * platform/graphics/cocoa/TextTrackRepresentationCocoa.mm: Renamed from Source/WebCore/platform/graphics/ios/TextTrackRepresentationIOS.mm.
2916         (-[WebCoreTextTrackRepresentationCocoaHelper initWithParent:]):
2917         (-[WebCoreTextTrackRepresentationCocoaHelper dealloc]):
2918         (-[WebCoreTextTrackRepresentationCocoaHelper setParent:]):
2919         (-[WebCoreTextTrackRepresentationCocoaHelper parent]):
2920         (-[WebCoreTextTrackRepresentationCocoaHelper observeValueForKeyPath:ofObject:change:context:]):
2921         (-[WebCoreTextTrackRepresentationCocoaHelper actionForLayer:forKey:]):
2922         (TextTrackRepresentation::create):
2923         (TextTrackRepresentationCocoa::TextTrackRepresentationCocoa):
2924         (TextTrackRepresentationCocoa::~TextTrackRepresentationCocoa):
2925         (TextTrackRepresentationCocoa::update):
2926         (TextTrackRepresentationCocoa::setContentScale):
2927         (TextTrackRepresentationCocoa::bounds):
2928
2929 2016-04-07  Brian Burg  <bburg@apple.com>
2930
2931         CookieJar should support adding synthetic cookies for developer tools
2932         https://bugs.webkit.org/show_bug.cgi?id=156091
2933         <rdar://problem/25581340>
2934
2935         Reviewed by Timothy Hatcher.
2936
2937         This patch adds an API that can set an arbitrary cookie in cookie storage
2938         in order to support developer tools and automated testing. It delegates storing
2939         the cookie to a platform implementation.
2940
2941         No new tests because the code isn't used by any clients yet.
2942
2943         * loader/CookieJar.cpp:
2944         (WebCore::addCookie): Added.
2945         * loader/CookieJar.h:
2946
2947         * platform/Cookie.h:
2948         Remove an outdated comment. This struct is used in many places.
2949
2950         * platform/CookiesStrategy.h: Add new method.
2951         * platform/network/PlatformCookieJar.h: Add new method.
2952         * platform/network/cf/CookieJarCFNet.cpp:
2953         (WebCore::addCookie): Add a stub.
2954         * platform/network/curl/CookieJarCurl.cpp:
2955         (WebCore::addCookie): Add a stub.
2956         * platform/network/mac/CookieJarMac.mm:
2957         (WebCore::addCookie): Add an implementation that turns the WebCore::Cookie into
2958         an NSHTTPCookie and converts it again to CFHTTPCookie if necessary.
2959
2960         * platform/network/soup/CookieJarSoup.cpp:
2961         (WebCore::addCookie): Add a stub.
2962
2963         * platform/spi/cf/CFNetworkSPI.h:
2964         Add -[NSHTTPCookie _CFHTTPCookie] SPI.
2965
2966 2016-04-07  Commit Queue  <commit-queue@webkit.org>
2967
2968         Unreviewed, rolling out r199128 and r199141.
2969         https://bugs.webkit.org/show_bug.cgi?id=156348
2970
2971         Causes crashes on multiple webpages (Requested by keith_mi_ on
2972         #webkit).
2973
2974         Reverted changesets:
2975
2976         "[ES6] Add support for Symbol.isConcatSpreadable."
2977         https://bugs.webkit.org/show_bug.cgi?id=155351
2978         http://trac.webkit.org/changeset/199128
2979
2980         "Unreviewed, uncomment accidentally commented line in test."
2981         http://trac.webkit.org/changeset/199141
2982
2983 2016-04-07  Daniel Bates  <dabates@apple.com>
2984
2985         CSP: Should only honor CSP policy delivered in meta tag that is a descendent of <head>
2986         https://bugs.webkit.org/show_bug.cgi?id=59858
2987         <rdar://problem/25603538>
2988
2989         Reviewed by Brent Fulgham.
2990
2991         Ignore the Content Security Policy meta tag if it is not a descendent of <head> as per
2992         section HTML meta Element of the Content Security Policy Level 2 spec., <https://w3c.github.io/webappsec-csp/2/>
2993         (Editor's Draft, 29 August 2015).
2994
2995         Tests: http/tests/security/contentSecurityPolicy/meta-tag-ignored-if-not-in-head.html
2996                http/tests/security/contentSecurityPolicy/meta-tag-ignored-if-not-in-head2.html
2997                http/tests/security/contentSecurityPolicy/report-only-meta-tag-ignored-if-not-in-head.html
2998                http/tests/security/contentSecurityPolicy/report-only-meta-tag-ignored-if-not-in-head2.html
2999
3000         * dom/Document.cpp:
3001         (WebCore::Document::processHttpEquiv): Modified to take a boolean argument whether the http-equiv
3002         meta tag is a descendent of <head> and to parse the value of a Content Security Policy http-equiv
3003         only if the http-equiv meta tag is a descendent of <head>.
3004         * dom/Document.h: Add parameter isInDocument to processHttpEquiv(). Remove javadoc-style parameters
3005         from processHttpEquiv() comment as we do not document parameters for non-API functions using such style.
3006         Also write the comment for processHttpEquiv() using C++ style comments instead of a C-style comment.
3007         * html/HTMLMetaElement.cpp:
3008         (WebCore::HTMLMetaElement::process): Pass whether this element is a descendent of <head>. Additionally
3009         update stale comment and move it closer to the code it refers to.
3010
3011 2016-04-07  Brent Fulgham  <bfulgham@apple.com>
3012
3013         [Win] Output WebCore.pdb to the same location as WebCore.lib
3014         https://bugs.webkit.org/show_bug.cgi?id=156256
3015         <rdar://problem/19416363>
3016
3017         Reviewed by Alex Christensen.
3018
3019         Add a rule to WebCore's CMake generator to tell Visual Studio to output
3020         the PDB file for the WebCore.lib in the same location as the resulting
3021         library, rather than in the build intermediary location).
3022         
3023         * CMakeLists.txt:
3024
3025 2016-04-06  Sam Weinig  <sam@webkit.org>
3026
3027         window.Crypto is missing
3028         <rdar://problem/25584034>
3029         https://bugs.webkit.org/show_bug.cgi?id=156307
3030
3031         Reviewed by Joseph Pecoraro.
3032
3033         Expose the Crypto constructor on the window object.
3034
3035         * page/Crypto.idl:
3036
3037 2016-04-07  Fujii Hironori  <Hironori.Fujii@jp.sony.com>
3038
3039         [CMake][Win] WEBKIT_WRAP_SOURCELIST is not applied in WebCore project
3040         https://bugs.webkit.org/show_bug.cgi?id=156336
3041
3042         Reviewed by Csaba Osztrogon├íc.
3043
3044         * CMakeLists.txt: Do WEBKIT_WRAP_SOURCELIST for WebCore_SOURCES.
3045
3046 2016-04-07  Zalan Bujtas  <zalan@apple.com>
3047
3048         REGRESSION (197987): Ingredient lists on smittenkitchen.com are full justified instead of left justified.
3049         https://bugs.webkit.org/show_bug.cgi?id=156326
3050         <rdar://problem/25519393>
3051
3052         Reviewed by Antti Koivisto.
3053
3054         According to the spec (https://drafts.csswg.org/css-text-3/#text-align-property) 
3055         unless otherwise specified by text-align-last, the last line before
3056         a forced break or the end of the block is start-aligned.
3057
3058         In this patch we check if a forced break is present and we apply text alignment accordingly.
3059
3060         Test: fast/css3-text/css3-text-justify/text-justify-last-line-simple-line-layout.html
3061
3062         * rendering/SimpleLineLayout.cpp:
3063         (WebCore::SimpleLineLayout::LineState::lastFragment): Make it optional so that we don't just check against a default fragment.
3064         (WebCore::SimpleLineLayout::createLineRuns):
3065         (WebCore::SimpleLineLayout::justifyRuns): Do not compute first run index on the current line twice.
3066         (WebCore::SimpleLineLayout::textAlignForLine):
3067         (WebCore::SimpleLineLayout::closeLineEndingAndAdjustRuns):
3068
3069 2016-04-07  Antti Koivisto  <antti@apple.com>
3070
3071         FrameView::qualifiesAsVisuallyNonEmpty() returns false when loading a Google search results page before search results are loaded, even though the header is visible
3072         https://bugs.webkit.org/show_bug.cgi?id=156339
3073         <rdar://problem/24491381>
3074
3075         Reviewed by Andreas Kling.
3076
3077         Patch by Jeff Miller.
3078
3079         Jeff's testing indicates lowering the document height threshold improves things visually during page loading.
3080
3081         * page/FrameView.cpp:
3082         (WebCore::FrameView::qualifiesAsVisuallyNonEmpty):
3083
3084             Lower document height threshold to from 200 to 48 pixels.
3085
3086 2016-04-07  Antti Koivisto  <antti@apple.com>
3087
3088         Shadow DOM: Implement display: contents for slots
3089         https://bugs.webkit.org/show_bug.cgi?id=149439
3090         <rdar://problem/22731922>
3091
3092         Reviewed by Ryosuke Niwa.
3093
3094         This patch adds support for value 'contents' of the 'display' property for <slot> elements only. The value is ignored
3095         for other elements for now. With this display value the element does not generate a box for itself but its descendants
3096         generate them normally.
3097
3098         Slots already have implicit "display: contents". With this patch the value comes from the user agent stylesheet and can
3099         be overriden by the author.
3100
3101         * css/CSSParser.cpp:
3102         (WebCore::isValidKeywordPropertyAndValue):
3103         * css/CSSPrimitiveValueMappings.h:
3104         (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
3105         * css/CSSValueKeywords.in:
3106
3107             Suport parsing display: contents.
3108
3109         * css/StyleResolver.cpp:
3110         (WebCore::equivalentBlockDisplay):
3111         (WebCore::StyleResolver::adjustRenderStyle):
3112
3113             Disallow for non-slots for now.
3114
3115         * css/html.css:
3116         (slot):
3117
3118             Add "slot { display: contents }" to the UA sheet.
3119
3120         * dom/Element.cpp:
3121         (WebCore::Element::resolveStyle):
3122         (WebCore::Element::hasDisplayContents):
3123         (WebCore::Element::setHasDisplayContents):
3124
3125             Add a rare data bit for elements with display:contents (as we don't save the RenderStyle for them).
3126
3127         (WebCore::Element::rendererIsNeeded):
3128
3129             Don't need renderer for display:contents.
3130
3131         (WebCore::Element::createElementRenderer):
3132         * dom/Element.h:
3133         (WebCore::Element::isVisibleInViewportChanged):
3134         * dom/ElementAndTextDescendantIterator.h:
3135         (WebCore::ElementAndTextDescendantIterator::operator!):
3136         (WebCore::ElementAndTextDescendantIterator::operator bool):
3137         (WebCore::ElementAndTextDescendantIterator::ElementAndTextDescendantIterator):
3138         (WebCore::ElementAndTextDescendantIterator::operator==):
3139         (WebCore::ElementAndTextDescendantIterator::operator!=):
3140
3141             Support initializing ElementAndTextDescendantIterator with root==current so that m_current is not nulled.
3142             This is needed for ComposedTreeIterator to be initialized correctly when root is a slot and the current node
3143             is a slotted node. The case happens in RenderTreePosition::previousSiblingRenderer when slot display is overriden
3144             to something else than 'contents'.
3145
3146         * dom/ElementRareData.h:
3147         (WebCore::ElementRareData::hasDisplayContents):
3148         (WebCore::ElementRareData::setHasDisplayContents):
3149         (WebCore::ElementRareData::ElementRareData):
3150         * rendering/RenderElement.cpp:
3151         (WebCore::RenderElement::createFor):
3152         * rendering/style/RenderStyleConstants.h:
3153         * style/RenderTreePosition.cpp:
3154         (WebCore::RenderTreePosition::nextSiblingRenderer):
3155
3156             Test for dynamic display:contents.
3157
3158         * style/RenderTreeUpdater.cpp:
3159         (WebCore::findRenderingRoot):
3160         (WebCore::RenderTreeUpdater::updateRenderTree):
3161         (WebCore::RenderTreeUpdater::updateElementRenderer):
3162
3163             Test for dynamic display:contents.
3164
3165         * style/StyleTreeResolver.cpp:
3166         (WebCore::Style::affectsRenderedSubtree):
3167
3168             No need for special case.
3169
3170         (WebCore::Style::TreeResolver::resolveComposedTree):
3171
3172             Test for dynamic display:contents.
3173
3174 2016-04-07  Sergio Villar Senin  <svillar@igalia.com>
3175
3176         [css-grid] Content box incorrectly used as non-auto min-height
3177         https://bugs.webkit.org/show_bug.cgi?id=155946
3178
3179         Reviewed by Antti Koivisto.
3180
3181         When computing the minimum height value of grid items with
3182         non-auto min-height we used to return the size of the content
3183         box meaning that borders and paddings were incorrectly
3184         ignored.
3185
3186         Note that we're also ignoring margins, but as that is a
3187         problem also for widths it'll be fixed in a follow up patch.
3188
3189         Test: fast/css-grid-layout/min-height-border-box.html
3190
3191         * rendering/RenderGrid.cpp:
3192         (WebCore::RenderGrid::minSizeForChild):
3193
3194 2016-04-07  Antti Koivisto  <antti@apple.com>
3195
3196         Reverting previous due to bad LayoutTest ChangeLog.
3197
3198 2016-04-06  Antti Koivisto  <antti@apple.com>
3199
3200         Shadow DOM: Implement display: contents for slots
3201         https://bugs.webkit.org/show_bug.cgi?id=149439
3202         <rdar://problem/22731922>
3203
3204         Reviewed by Ryosuke Niwa.
3205
3206         This patch adds support for value 'contents' of the 'display' property for <slot> elements only. The value is ignored
3207         for other elements for now. With this display value the element does not generate a box for itself but its descendants
3208         generate them normally.
3209
3210         Slots already have implicit "display: contents". With this patch the value comes from the user agent stylesheet and can
3211         be overriden by the author.
3212
3213         * css/CSSParser.cpp:
3214         (WebCore::isValidKeywordPropertyAndValue):
3215         * css/CSSPrimitiveValueMappings.h:
3216         (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
3217         * css/CSSValueKeywords.in:
3218
3219             Suport parsing display: contents.
3220
3221         * css/StyleResolver.cpp:
3222         (WebCore::equivalentBlockDisplay):
3223         (WebCore::StyleResolver::adjustRenderStyle):
3224
3225             Disallow for non-slots for now.
3226
3227         * css/html.css:
3228         (slot):
3229
3230             Add "slot { display: contents }" to the UA sheet.
3231
3232         * dom/Element.cpp:
3233         (WebCore::Element::resolveStyle):
3234         (WebCore::Element::hasDisplayContents):
3235         (WebCore::Element::setHasDisplayContents):
3236
3237             Add a rare data bit for elements with display:contents (as we don't save the RenderStyle for them).
3238
3239         (WebCore::Element::rendererIsNeeded):
3240
3241             Don't need renderer for display:contents.
3242
3243         (WebCore::Element::createElementRenderer):
3244         * dom/Element.h:
3245         (WebCore::Element::isVisibleInViewportChanged):
3246         * dom/ElementAndTextDescendantIterator.h:
3247         (WebCore::ElementAndTextDescendantIterator::operator!):
3248         (WebCore::ElementAndTextDescendantIterator::operator bool):
3249         (WebCore::ElementAndTextDescendantIterator::ElementAndTextDescendantIterator):
3250         (WebCore::ElementAndTextDescendantIterator::operator==):
3251         (WebCore::ElementAndTextDescendantIterator::operator!=):
3252
3253             Support initializing ElementAndTextDescendantIterator with root==current so that m_current is not nulled.
3254             This is needed for ComposedTreeIterator to be initialized correctly when root is a slot and the current node
3255             is a slotted node. The case happens in RenderTreePosition::previousSiblingRenderer when slot display is overriden
3256             to something else than 'contents'.
3257
3258         * dom/ElementRareData.h:
3259         (WebCore::ElementRareData::hasDisplayContents):
3260         (WebCore::ElementRareData::setHasDisplayContents):
3261         (WebCore::ElementRareData::ElementRareData):
3262         * rendering/RenderElement.cpp:
3263         (WebCore::RenderElement::createFor):
3264         * rendering/style/RenderStyleConstants.h:
3265         * style/RenderTreePosition.cpp:
3266         (WebCore::RenderTreePosition::nextSiblingRenderer):
3267
3268             Test for dynamic display:contents.
3269
3270         * style/RenderTreeUpdater.cpp:
3271         (WebCore::findRenderingRoot):
3272         (WebCore::RenderTreeUpdater::updateRenderTree):
3273         (WebCore::RenderTreeUpdater::updateElementRenderer):
3274
3275             Test for dynamic display:contents.
3276
3277         * style/StyleTreeResolver.cpp:
3278         (WebCore::Style::affectsRenderedSubtree):
3279
3280             No need for special case.
3281
3282         (WebCore::Style::TreeResolver::resolveComposedTree):
3283
3284             Test for dynamic display:contents.
3285
3286 2016-04-06  Myles C. Maxfield  <mmaxfield@apple.com>
3287
3288         REGRESSION (r188591): thingiverse.com direct messaging UI is not rendered properly
3289         https://bugs.webkit.org/show_bug.cgi?id=156241
3290         <rdar://problem/25262213>
3291
3292         Reviewed by Simon Fraser.
3293
3294         When creating a CoreText font with a size of 0, the CoreText docs say that it will
3295         interpret this as a missing argument, and create a font of size 12 instead. However,
3296         this doesn't cause a problem (at least on this particular website) because we will
3297         use CGFontGetGlyphAdvancesForStyle(), which gets scaled by the supplied font 
3298         size (which is 0). However, if you turn on text-rendering: optimizeLegibility, we
3299         will use CTFontGetAdvancesForGlyphs() instead, which does not scale by the font size.
3300         The solution is to detect this case, and force the advance to 0.
3301
3302         Test: fast/text/zero-sized-fonts.html
3303
3304         * platform/graphics/cocoa/FontCocoa.mm:
3305         (WebCore::Font::platformWidthForGlyph):
3306
3307 2016-04-06  Myles C. Maxfield  <mmaxfield@apple.com>
3308
3309         Rename MidpointState to WhitespaceCollapsingState
3310         https://bugs.webkit.org/show_bug.cgi?id=156304
3311
3312         Reviewed by David Hyatt.
3313
3314         MidpointState has nothing to do with midpoints.
3315
3316         An individual midpoint is now known as a "whitespace collapsing transition."
3317
3318         No new tests because there is no behavior change.
3319
3320         * platform/text/BidiResolver.h:
3321         (WebCore::WhitespaceCollapsingState::reset): (See addMidpoint() below.)
3322         Previously, we were using operator= to destroy old Iterators when their
3323         storage inside the Vector was reused. Now that we are elliminating
3324         m_numMidpoints, we can push destruction earlier to this reset() function.
3325         Because the same amount of destruction happens in both cases, this doesn't
3326         add additional work. (Vector can destroy its contents without shrinking
3327         its storage overcommitment.)
3328         (WebCore::WhitespaceCollapsingState::startIgnoringSpaces):
3329         (WebCore::WhitespaceCollapsingState::stopIgnoringSpaces):
3330         (WebCore::WhitespaceCollapsingState::ensureLineBoxInsideIgnoredSpaces):
3331         (WebCore::WhitespaceCollapsingState::decrementTransitionAt):
3332         (WebCore::WhitespaceCollapsingState::thresholds): Make the return value
3333         const. The only clients of this function which needed mutation were
3334         migrated to using decrementTransitionAt().
3335         (WebCore::WhitespaceCollapsingState::numTransitions):
3336         (WebCore::WhitespaceCollapsingState::currentTransition):
3337         (WebCore::WhitespaceCollapsingState::setCurrentTransition):
3338         (WebCore::WhitespaceCollapsingState::incrementCurrentTransition):
3339         (WebCore::WhitespaceCollapsingState::decrementNumTransitions):
3340         (WebCore::WhitespaceCollapsingState::betweenTransitions):
3341         (WebCore::BidiResolverBase::whitespaceCollapsingState):
3342         (WebCore::Subclass>::setWhitespaceCollapsingTransitionForIsolatedRun):
3343         (WebCore::Subclass>::whitespaceCollapsingTransitionForIsolatedRun):
3344         (WebCore::MidpointState::MidpointState): Deleted.
3345         (WebCore::MidpointState::reset): Deleted.
3346         (WebCore::MidpointState::startIgnoringSpaces): Deleted.
3347         (WebCore::MidpointState::stopIgnoringSpaces): Deleted.
3348         (WebCore::MidpointState::ensureLineBoxInsideIgnoredSpaces): Deleted.
3349         (WebCore::MidpointState::midpoints): Deleted.
3350         (WebCore::MidpointState::numMidpoints): Deleted.
3351         (WebCore::MidpointState::currentMidpoint): Deleted.
3352         (WebCore::MidpointState::setCurrentMidpoint): Deleted.
3353         (WebCore::MidpointState::incrementCurrentMidpoint): Deleted.
3354         (WebCore::MidpointState::decrementNumMidpoints): Deleted.
3355         (WebCore::MidpointState::betweenMidpoints): Deleted.
3356         (WebCore::MidpointState::addMidpoint): Deleted. This code has been around for 13
3357         years (since r3672) where it was using QMemArray. That class doesn't have an
3358         append() class, so it was implemented inside this function. Luckily, Vector
3359         already overcommits its allocation, so we can elliminate m_numMidpoints entirely.
3360         (WebCore::BidiResolverBase::midpointState): Deleted.
3361         (WebCore::Subclass>::setMidpointForIsolatedRun): Deleted.
3362         (WebCore::Subclass>::midpointForIsolatedRun): Deleted.
3363         * rendering/InlineIterator.h:
3364         (WebCore::addPlaceholderRunForIsolatedInline):
3365         * rendering/RenderBlockLineLayout.cpp:
3366         (WebCore::RenderBlockFlow::appendRunsForObject):
3367         (WebCore::setUpResolverToResumeInIsolate):
3368         (WebCore::constructBidiRunsForSegment):
3369         (WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
3370         * rendering/line/BreakingContext.h:
3371         (WebCore::BreakingContext::BreakingContext):
3372         (WebCore::BreakingContext::handleBR):
3373         (WebCore::BreakingContext::handleOutOfFlowPositioned):
3374         (WebCore::shouldSkipWhitespaceAfterStartObject):
3375         (WebCore::BreakingContext::handleEmptyInline):
3376         (WebCore::BreakingContext::handleReplaced):
3377         (WebCore::ensureCharacterGetsLineBox):
3378         (WebCore::BreakingContext::handleText):
3379         (WebCore::checkWhitespaceCollapsingTransitions):
3380         (WebCore::BreakingContext::handleEndOfLine):
3381         (WebCore::checkMidpoints): Deleted.
3382         * rendering/line/TrailingObjects.cpp:
3383         (WebCore::TrailingObjects::updateWhitespaceCollapsingTransitionsForTrailingBoxes):
3384         (WebCore::TrailingObjects::updateMidpointsForTrailingBoxes): Deleted.
3385         * rendering/line/TrailingObjects.h:
3386         (WebCore::TrailingObjects::appendBoxIfNeeded):
3387
3388 2016-04-06  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
3389
3390         Remove duplicated parsePortFromStringPosition()
3391         https://bugs.webkit.org/show_bug.cgi?id=156289
3392
3393         Reviewed by Simon Fraser.
3394
3395         Same parsePortFromStringPosition() functions have been defined in both URLUtils.h and HTMLAnchorElement.cpp.
3396         Remove duplicated one in HTMLAnchorElement.cpp.
3397
3398         No new tests, no behavior change.
3399
3400         * html/HTMLAnchorElement.cpp:
3401         (WebCore::parsePortFromStringPosition): Deleted.
3402
3403 2016-04-06  Simon Fraser  <simon.fraser@apple.com>
3404
3405         Page tiles are missing when graphics acceleration is unavailable
3406         https://bugs.webkit.org/show_bug.cgi?id=156325
3407         rdar://problem/25587476
3408
3409         Reviewed by Tim Horton.
3410
3411         When graphics acceleration is unavailable on Mac (e.g. in a VM or when running from
3412         the recovery partition), page contents were missing. This is because
3413         IOSurfaceGetPropertyMaximum(kIOSurfaceWidth) and IOSurfaceGetPropertyMaximum(kIOSurfaceHeight)
3414         returned INT_MAX, causing us to compute a tile size of 0x0.
3415
3416         Fix by changing IOSurface::maximumSize() to report a value between 1K x 1K and 32K x 32K.
3417
3418         Rename kGiantTileSize to better describe its purpose.
3419
3420         Add correct clamping in IOSurface::maximumSize().
3421
3422         * platform/graphics/ca/TileController.cpp:
3423         (WebCore::TileController::tileSize):
3424         * platform/graphics/ca/TileController.h:
3425         * platform/graphics/cocoa/IOSurface.mm:
3426         (IOSurface::maximumSize):
3427
3428 2016-03-29  Keith Miller  <keith_miller@apple.com>
3429
3430         [ES6] Add support for Symbol.isConcatSpreadable.
3431         https://bugs.webkit.org/show_bug.cgi?id=155351
3432
3433         Reviewed by Saam Barati.
3434
3435         Makes runtime arrays have the new ArrayType
3436
3437         * bridge/runtime_array.h:
3438         (JSC::RuntimeArray::createStructure):
3439
3440 2016-04-06  Eric Carlson  <eric.carlson@apple.com>
3441
3442         [iOS Simulator WK1] Crash in MediaPlayer::setPrivateBrowsingMode()
3443         https://bugs.webkit.org/show_bug.cgi?id=155721
3444         <rdar://problem/18590481>
3445
3446         Speculative fix for a crash that appears to happen when the media engine is destroyed
3447         during a callback.
3448
3449         Reviewed by Dean Jackson.
3450
3451         No new tests, this prevents existing tests from crashing.
3452
3453         * html/HTMLMediaElement.cpp:
3454         (WebCore::actionName): Log MediaEngineUpdated.
3455         (WebCore::HTMLMediaElement::scheduleDelayedAction): Support MediaEngineUpdated.
3456         (WebCore::HTMLMediaElement::pendingActionTimerFired): Ditto. Clear m_pendingActionFlags.
3457         (WebCore::HTMLMediaElement::mediaEngineWasUpdated): New.
3458         (WebCore::HTMLMediaElement::mediaPlayerEngineUpdated): Move guts to mediaEngineWasUpdated and
3459           call it on a timer so we can't change the media engine in the middle of a callback from
3460           MediaPlayer or the media engine.
3461         * html/HTMLMediaElement.h:
3462         * html/HTMLMediaElementEnums.h:
3463
3464         * platform/graphics/MediaPlayer.cpp:
3465         (WebCore::MediaPlayer::~MediaPlayer): Assert if new flag m_initializingMediaEngine is set to
3466           catch HTMLMediaElement destroying the media engine during a callback.
3467         (WebCore::MediaPlayer::loadWithNextMediaEngine): Set/clear m_initializingMediaEngine.
3468         * platform/graphics/MediaPlayer.h:
3469
3470 2016-04-06  Brady Eidson  <beidson@apple.com>
3471
3472         Modern IDB: Make sure SQLite backing store records have a INTEGER PRIMARY KEY column.
3473         https://bugs.webkit.org/show_bug.cgi?id=156264
3474
3475         Reviewed by Alex Christensen.
3476
3477         No new tests (No testable change in behavior yet, current tests pass).
3478
3479         * Modules/indexeddb/IDBKeyData.cpp:
3480         (WebCore::IDBKeyData::encode): Fix the key name for backwards compatibility.
3481         (WebCore::IDBKeyData::decode): Ditto.
3482
3483         * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
3484         (WebCore::IDBServer::v3RecordsTableSchema): Added v3 Records schema that includes a primary key column.
3485         (WebCore::IDBServer::v3RecordsTableSchemaAlternate):
3486         (WebCore::IDBServer::createOrMigrateRecordsTableIfNecessary): Upgrade to v3 instead of v2.
3487         (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
3488
3489 2016-04-06  Simon Fraser  <simon.fraser@apple.com>
3490
3491         Avoid using an unengaged Optional<FloatRect> when positioning the tiled scrolling indicator
3492         https://bugs.webkit.org/show_bug.cgi?id=156313
3493
3494         Reviewed by Tim Horton.
3495
3496         Fixes an assertion seen when running the WebKit2.AutoLayoutIntegration API test.
3497
3498         * page/FrameView.cpp:
3499         (WebCore::FrameView::setViewExposedRect):
3500
3501 2016-04-06  Sam Weinig  <sam@webkit.org>
3502
3503         Fix windows build.
3504
3505         * DerivedSources.cpp:
3506         * css/CSSAllInOne.cpp:
3507
3508 2016-04-06  Jer Noble  <jer.noble@apple.com>
3509
3510         CRASH in AudioDestinationNode::render()
3511         https://bugs.webkit.org/show_bug.cgi?id=156308
3512         <rdar://problem/25468815>
3513
3514         Reviewed by Eric Carlson.
3515
3516         
3517         AudioDestinationNode::render() will crash when passed in a zero-length frame count. Rather than get into
3518         this bad state, ASSERT() and bail out early in this case.
3519
3520         Also, address the situation in AudioDestinationIOS::render which can cause this 0-frame count to occur.
3521
3522         * Modules/webaudio/AudioDestinationNode.cpp:
3523         (WebCore::AudioDestinationNode::render):
3524         * platform/audio/ios/AudioDestinationIOS.cpp:
3525         (WebCore::AudioDestinationIOS::render):
3526
3527 2016-04-06  Per Arne Vollan  <peavo@outlook.com>
3528
3529         [WinCairo][MediaFoundation] Videos are always autoplaying.
3530         https://bugs.webkit.org/show_bug.cgi?id=156284
3531
3532         Reviewed by Alex Christensen.
3533
3534         Videos are autoplaying because the MediaFoundation implementation always starts playback
3535         after the load method has been called. When the load method has been called, we should
3536         only start buffering data, not automatically start the playback. This has been fixed by
3537         implementing the prepareToPlay method, and calling this instead of the play method.
3538
3539         * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
3540         (WebCore::MediaPlayerPrivateMediaFoundation::MediaPlayerPrivateMediaFoundation):
3541         (WebCore::MediaPlayerPrivateMediaFoundation::load):
3542         (WebCore::MediaPlayerPrivateMediaFoundation::prepareToPlay):
3543         (WebCore::MediaPlayerPrivateMediaFoundation::play):
3544         (WebCore::MediaPlayerPrivateMediaFoundation::networkState):
3545         (WebCore::MediaPlayerPrivateMediaFoundation::startSession):
3546         (WebCore::MediaPlayerPrivateMediaFoundation::endGetEvent):
3547         (WebCore::MediaPlayerPrivateMediaFoundation::updateReadyState):
3548         (WebCore::MediaPlayerPrivateMediaFoundation::onTopologySet):
3549         (WebCore::MediaPlayerPrivateMediaFoundation::onBufferingStarted):
3550         (WebCore::MediaPlayerPrivateMediaFoundation::onBufferingStopped):
3551         (WebCore::MediaPlayerPrivateMediaFoundation::onSessionEnded):
3552         (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::updateDestRect):
3553         * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:
3554
3555 2016-04-06  Zalan Bujtas  <zalan@apple.com>
3556
3557         Add ASSERT_WITH_SECURITY_IMPLICATION when a float box is referenced by multiple RootInlineBoxes.
3558         https://bugs.webkit.org/show_bug.cgi?id=156297
3559         <rdar://problem/25580844>
3560
3561         Reviewed by Brent Fulgham.
3562
3563         See http://trac.webkit.org/changeset/199101
3564
3565         No change in functionality.
3566
3567         * rendering/RenderBlockLineLayout.cpp:
3568         (WebCore::RenderBlockFlow::appendFloatingObjectToLastLine):
3569         (WebCore::RenderBlockFlow::reattachCleanLineFloats):
3570         (WebCore::RenderBlockFlow::determineStartPosition):
3571
3572 2016-04-06  Sam Weinig  <sam@webkit.org>
3573
3574         window.CSS should be a constructor with static functions
3575         <rdar://problem/25580516>
3576         https://bugs.webkit.org/show_bug.cgi?id=156294
3577
3578         Reviewed by Chris Dumez.
3579
3580         Rename DOMWindowCSS to DOMCSSNamespace to avoid name collisions, DOMWindow prefixed
3581         classes cause collisions in JSDOMWindow.
3582
3583         * CMakeLists.txt:
3584         * DerivedSources.make:
3585         * WebCore.xcodeproj/project.pbxproj:
3586         Update for renames.
3587
3588         * css/DOMCSSNamespace.cpp: Copied from Source/WebCore/css/DOMWindowCSS.cpp.
3589         (WebCore::valueWithoutImportant):
3590         (WebCore::DOMCSSNamespace::supports):
3591         (WebCore::DOMWindowCSS::create): Deleted.
3592         (WebCore::DOMWindowCSS::supports): Deleted.
3593         * css/DOMCSSNamespace.h: Copied from Source/WebCore/css/DOMWindowCSS.h.
3594         (WebCore::DOMWindowCSS::DOMWindowCSS): Deleted.
3595         Rename DOMWindowCSS to DOMCSSNamespace and turn functions into static functions.
3596
3597         * css/DOMCSSNamespace.idl: Copied from Source/WebCore/css/DOMWindowCSS.idl.
3598         Remove NoInterfaceObject, to inject a constructor, and turn functions into
3599         static functions matching spec.
3600
3601         * page/DOMWindow.cpp:
3602         (WebCore::DOMWindow::css): Deleted.
3603         * page/DOMWindow.h:
3604         * page/DOMWindow.idl:
3605         Remove CSS property. Constructor will be implicitly added.
3606
3607 2016-04-05  Simon Fraser  <simon.fraser@apple.com>
3608
3609         Rename exposedRect to viewExposedRect and propagate it as Optional<> through WK2
3610         https://bugs.webkit.org/show_bug.cgi?id=156274
3611
3612         Reviewed by Tim Horton.
3613
3614         DrawingArea and FrameView have an "exposedRect" property that is used by applications
3615         on Mac, like Mail, that embed web views inside scroll views. However, this name is very
3616         similar to the "exposedContentRect" that is used on iOS to denote the part of the view
3617         whose pixels are visible, including through blurring overlaid UI.
3618         
3619         To disambiguate these two, rename the Mac "exposedRect" to "viewExposedRect" to
3620         emphasize that it's a rect that takes into account clipping in the native view
3621         hierarchy.
3622         
3623         Also make this rect Optional<> through the DrawingArea, removing comparisons against
3624         FloatRect::infiniteRect().
3625         
3626         Do some other minor renaming in VisibleContentRectUpdateInfo.
3627
3628         * page/FrameView.cpp:
3629         (WebCore::FrameView::setViewExposedRect): This now takes an Optional<> because WebViewImpl::updateViewExposedRect()
3630         can clear it.
3631         * page/FrameView.h:
3632         * page/PageOverlayController.cpp:
3633         (WebCore::PageOverlayController::didChangeViewExposedRect):
3634         (WebCore::PageOverlayController::didChangeExposedRect): Deleted.
3635         * page/PageOverlayController.h:
3636         * rendering/RenderLayerBacking.cpp:
3637         (WebCore::computeTileCoverage):
3638         * rendering/RenderLayerCompositor.cpp:
3639         (WebCore::RenderLayerCompositor::flushPendingLayerChanges):
3640
3641 2016-04-06  Joanmarie Diggs  <jdiggs@igalia.com>
3642
3643         REGRESSION(r195463): [GTK] accessibility/roles-computedRoleString.html and accessibility/roles-exposed.html failing
3644         https://bugs.webkit.org/show_bug.cgi?id=153696
3645
3646         Reviewed by Chris Fleizach.
3647
3648         The failures were due to always mapping style format groups to GroupRole, even for
3649         RenderInline objects. The fix is to expose inline style format groups as InlineRole,
3650         add handling of GroupRole style groups to the ATK code, and InlineRole style groups
3651         to the Mac code.
3652
3653         No new tests because we have sufficient coverage. Updated roles-computedRoleString.html
3654         to reflect new exposure.
3655
3656         * accessibility/AccessibilityRenderObject.cpp:
3657         (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
3658         * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
3659         (atkRole):
3660         * accessibility/mac/AccessibilityObjectMac.mm:
3661         (WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):
3662         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
3663         (createAccessibilityRoleMap):
3664         (-[WebAccessibilityObjectWrapper subrole]):
3665
3666 2016-04-06  Jer Noble  <jer.noble@apple.com>
3667
3668         CRASH in -[WebCoreNSURLSession taskCompleted:]
3669         https://bugs.webkit.org/show_bug.cgi?id=156290
3670
3671         Reviewed by Eric Carlson.
3672
3673         Fixes currently flakily crashing http/tests/media tests.
3674
3675         Protect against -taskCompleted: being called multiple times by only calling
3676         -taskCompleted: if the task's state is not yet NSURLSessionTaskStateCompleted.
3677         Additionally, make sure to clear the task's session pointer when removing it
3678         from _dataTasks, as this ensures a task that outlives its session does not
3679         keep a pointer to a dealloc'd object.
3680
3681         * platform/network/cocoa/WebCoreNSURLSession.mm:
3682         (-[WebCoreNSURLSession taskCompleted:]):
3683         (-[WebCoreNSURLSessionDataTask _resource:loadFinishedWithError:]):
3684
3685 2016-04-06  Chris Dumez  <cdumez@apple.com>
3686
3687         [IDL] Extend support for [EnabledAtRuntime] attributes / operations to all global objects, not just Window
3688         https://bugs.webkit.org/show_bug.cgi?id=156291
3689
3690         Reviewed by Alex Christensen.
3691
3692         Extend support for [EnabledAtRuntime] attributes / operations to all
3693         global objects, not just Window. This is needed by the Fetch API which
3694         is enabled at runtime and exposed on both Window and WorkerGlobalScope.
3695
3696         * bindings/scripts/CodeGeneratorJS.pm:
3697         (IsDOMGlobalObject):
3698         (OperationShouldBeOnInstance):
3699         (GenerateHeader):
3700         (GeneratePropertiesHashTable):
3701         (GenerateImplementation):
3702         * bindings/scripts/test/GObject/WebKitDOMTestGlobalObject.cpp: Added.
3703         (WebKit::kit):
3704         (WebKit::core):
3705         (WebKit::wrapTestGlobalObject):
3706         (webkit_dom_test_global_object_finalize):
3707         (webkit_dom_test_global_object_set_property):
3708         (webkit_dom_test_global_object_get_property):
3709         (webkit_dom_test_global_object_constructor):
3710         (webkit_dom_test_global_object_class_init):
3711         (webkit_dom_test_global_object_init):
3712         (webkit_dom_test_global_object_regular_operation):
3713         (webkit_dom_test_global_object_enabled_at_runtime_operation):
3714         (webkit_dom_test_global_object_get_regular_attribute):
3715         (webkit_dom_test_global_object_set_regular_attribute):
3716         (webkit_dom_test_global_object_get_enabled_at_runtime_attribute):
3717         (webkit_dom_test_global_object_set_enabled_at_runtime_attribute):
3718         * bindings/scripts/test/GObject/WebKitDOMTestGlobalObject.h: Added.
3719         * bindings/scripts/test/GObject/WebKitDOMTestGlobalObjectPrivate.h: Added.
3720         * bindings/scripts/test/JS/JSTestGlobalObject.cpp: Added.
3721         (WebCore::JSTestGlobalObjectConstructor::prototypeForStructure):
3722         (WebCore::JSTestGlobalObjectConstructor::initializeProperties):
3723         (WebCore::JSTestGlobalObjectPrototype::getOwnPropertySlot):
3724         (WebCore::JSTestGlobalObject::JSTestGlobalObject):
3725         (WebCore::JSTestGlobalObject::finishCreation):
3726         (WebCore::JSTestGlobalObject::destroy):
3727         (WebCore::JSTestGlobalObject::getOwnPropertySlot):
3728         (WebCore::jsTestGlobalObjectRegularAttribute):
3729         (WebCore::jsTestGlobalObjectEnabledAtRuntimeAttribute):
3730         (WebCore::jsTestGlobalObjectConstructor):
3731         (WebCore::setJSTestGlobalObjectConstructor):
3732         (WebCore::setJSTestGlobalObjectRegularAttribute):
3733         (WebCore::setJSTestGlobalObjectEnabledAtRuntimeAttribute):
3734         (WebCore::JSTestGlobalObject::getConstructor):
3735         (WebCore::jsTestGlobalObjectInstanceFunctionRegularOperation):
3736         (WebCore::jsTestGlobalObjectInstanceFunctionEnabledAtRuntimeOperation1):
3737         (WebCore::jsTestGlobalObjectInstanceFunctionEnabledAtRuntimeOperation2):
3738         (WebCore::jsTestGlobalObjectInstanceFunctionEnabledAtRuntimeOperation):
3739         (WebCore::JSTestGlobalObjectOwner::isReachableFromOpaqueRoots):
3740         (WebCore::JSTestGlobalObjectOwner::finalize):
3741         (WebCore::toJSNewlyCreated):
3742         (WebCore::toJS):
3743         (WebCore::JSTestGlobalObject::toWrapped):
3744         * bindings/scripts/test/JS/JSTestGlobalObject.h: Added.
3745         (WebCore::JSTestGlobalObject::create):
3746         (WebCore::JSTestGlobalObject::createStructure):
3747         (WebCore::JSTestGlobalObject::finishCreation):
3748         (WebCore::wrapperOwner):
3749         (WebCore::wrapperKey):
3750         (WebCore::toJS):
3751         (WebCore::JSTestGlobalObjectPrototype::create):
3752         (WebCore::JSTestGlobalObjectPrototype::createStructure):
3753         (WebCore::JSTestGlobalObjectPrototype::JSTestGlobalObjectPrototype):
3754         * bindings/scripts/test/ObjC/DOMTestGlobalObject.h: Added.
3755         * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm: Added.
3756         (-[DOMTestGlobalObject dealloc]):
3757         (-[DOMTestGlobalObject regularAttribute]):
3758         (-[DOMTestGlobalObject setRegularAttribute:]):
3759         (-[DOMTestGlobalObject enabledAtRuntimeAttribute]):
3760         (-[DOMTestGlobalObject setEnabledAtRuntimeAttribute:]):
3761         (-[DOMTestGlobalObject regularOperation:]):
3762         (-[DOMTestGlobalObject enabledAtRuntimeOperation:]):
3763         (core):
3764         (kit):
3765         * bindings/scripts/test/ObjC/DOMTestGlobalObjectInternal.h: Added.
3766         * bindings/scripts/test/TestGlobalObject.idl: Added.
3767
3768 2016-04-06  Brady Eidson  <beidson@apple.com>
3769
3770         Update IndexedDB feature status to the much more correct "In Development"
3771
3772         Reviewed by Tim Hatcher.
3773
3774         * features.json:
3775
3776 2016-04-06  Zalan Bujtas  <zalan@apple.com>
3777
3778         ASSERTION FAILED: !floatingObject->originatingLine() in WebCore::RenderBlockFlow::linkToEndLineIfNeeded
3779         https://bugs.webkit.org/show_bug.cgi?id=153001
3780
3781         Reviewed by Dan Bernstein.
3782
3783         1. Float boxes are always attached to the line where we see them first.
3784         2. Float box can only be attached to one line.
3785         3. RenderBlockFlow can perform partial layout on dirty lines only.
3786
3787         In certain cases, the last dirty line can "pull up" float boxes from the first clean line.
3788         It simply means that due to some layout changes on previous lines now we see those floats on this last dirty line first.
3789         If after placing the float we still find it on the same position, the line below is still considered clean.
3790  
3791         Remove the float box from its original line if the line above already placed it.
3792
3793         Test: fast/block/float/float-moves-between-lines.html
3794
3795         * rendering/RenderBlockFlow.h:
3796         * rendering/RenderBlockLineLayout.cpp:
3797         (WebCore::RenderBlockFlow::reattachCleanLineFloats):
3798         (WebCore::RenderBlockFlow::linkToEndLineIfNeeded):
3799         (WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange): Deleted.
3800
3801 2016-04-06  Antti Koivisto  <antti@apple.com>
3802
3803         REGRESSION(r196629): Messages text size only changes for sending text, conversation text size does not change
3804         https://bugs.webkit.org/show_bug.cgi?id=156287
3805         <rdar://problem/24264756>
3806
3807         Reviewed by Andreas Kling.
3808
3809         * css/RuleFeature.cpp:
3810         (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
3811         (WebCore::makeAttributeSelectorKey):
3812
3813             Include attribute value to the key. Otherwise we may deduplicate selectors that are not indentical.
3814
3815         (WebCore::RuleFeatureSet::collectFeatures):
3816         (WebCore::RuleFeatureSet::add):
3817
3818             Use HashMap::ensure().
3819
3820         * css/RuleFeature.h:
3821
3822 2016-04-06  Manuel Rego Casasnovas  <rego@igalia.com>
3823
3824         [css-grid] Fix positioned children in RTL
3825         https://bugs.webkit.org/show_bug.cgi?id=156162
3826
3827         Reviewed by Sergio Villar Senin.
3828
3829         This patch fixes a problem affecting the items without
3830         a static inline position (i.e. "left" and/or "right" properties
3831         are not "auto"). In this particular case we need to compute
3832         the "offset" from the left, so we need a specific condition
3833         and computation.
3834
3835         Let's use an example to understand what it's fixing:
3836         <div style="display: grid; grid-template-columns: 100px 50px; width: 300px;
3837                     position: relative; direction: rtl;">
3838             <div style="position: absolute; left: 0; grid-column: 1 / 2;">item</div>
3839         </div>
3840
3841         In this case the item has to be placed in the first column
3842         (the one on the right as we're in RTL).
3843         For this we need to calculate the offset from the left, which is 200px:
3844         150px (alignment offset) + 50px (offset from line 3 to 2).
3845
3846         Test: fast/css-grid-layout/grid-positioned-items-background-rtl.html
3847
3848         * rendering/RenderGrid.cpp:
3849         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
3850
3851 2016-04-06  Antti Koivisto  <antti@apple.com>
3852
3853         ComposedTreeIterator may crash when first child of shadow root is a comment node
3854         https://bugs.webkit.org/show_bug.cgi?id=156281
3855
3856         Reviewed by Andreas Kling.
3857
3858         It should not use plain firstChild() and assume it is Element or Text.
3859
3860         * dom/ComposedTreeIterator.cpp:
3861         (WebCore::ComposedTreeIterator::Context::Context):
3862
3863             Add FirstChildTag to various iterator constructors to make clear that they search for the first child.
3864
3865         (WebCore::ComposedTreeIterator::ComposedTreeIterator):
3866         (WebCore::ComposedTreeIterator::traverseShadowRoot):
3867
3868             Fix by using ElementAndTextDescendantIterator to find the first child.
3869
3870         * dom/ComposedTreeIterator.h:
3871         (WebCore::ComposedTreeIterator::operator*):
3872         (WebCore::ComposedTreeDescendantAdapter::ComposedTreeDescendantAdapter):
3873         (WebCore::ComposedTreeDescendantAdapter::begin):
3874         (WebCore::ComposedTreeDescendantAdapter::end):
3875         (WebCore::ComposedTreeDescendantAdapter::at):
3876         (WebCore::ComposedTreeChildAdapter::Iterator::Iterator):
3877         * dom/ElementAndTextDescendantIterator.h:
3878         (WebCore::ElementAndTextDescendantIterator::operator++):
3879         (WebCore::ElementAndTextDescendantIterator::ElementAndTextDescendantIterator):
3880         (WebCore::ElementAndTextDescendantIteratorAdapter::begin):
3881         (WebCore::ElementAndTextDescendantIteratorAdapter::end):
3882
3883 2016-04-05  Chris Dumez  <cdumez@apple.com>
3884
3885         Add support for [EnabledAtRuntime] operations on DOMWindow
3886         https://bugs.webkit.org/show_bug.cgi?id=156272
3887
3888         Reviewed by Alex Christensen.
3889
3890         Add support for [EnabledAtRuntime] operations on DOMWindow by omitting
3891         such operations from the static table and add them at run-time in
3892         JSDOMWindow::finishCreation() if the corresponding feature is enabled.
3893
3894         This was needed for window.fetch() for which a hack was temporarily
3895         landed in r199081. This patch drops this hack now that the generated
3896         bindings do the right thing.
3897
3898         * bindings/js/JSDOMGlobalObject.cpp:
3899         (WebCore::JSDOMGlobalObject::scriptExecutionContext):
3900         Drop hack landed in r199081.
3901         
3902         * bindings/scripts/CodeGeneratorJS.pm:
3903         (OperationShouldBeOnInstance):
3904         (GeneratePropertiesHashTable):
3905         (GenerateImplementation):
3906         Add support for [EnabledAtRuntime] operations on DOMWindow.
3907
3908 2016-04-05  Alex Christensen  <achristensen@webkit.org>
3909
3910         Make CMake-generated binaries on Mac able to run
3911         https://bugs.webkit.org/show_bug.cgi?id=156268
3912
3913         Reviewed by Daniel Bates.
3914
3915         * CMakeLists.txt:
3916         * PlatformMac.cmake:
3917
3918 2016-04-05  Jon Davis  <jond@ingenesis.net>
3919
3920         Fixed CSS Shapes entry on the WebKit Feature Status page.
3921         https://bugs.webkit.org/show_bug.cgi?id=156262
3922
3923         Reviewed by Timothy Hatcher.
3924
3925         * features.json:
3926
3927 2016-04-05  Chris Dumez  <cdumez@apple.com>
3928
3929         MessageEvent.source window is incorrect once window has been reified
3930         https://bugs.webkit.org/show_bug.cgi?id=156227
3931         <rdar://problem/25545831>
3932
3933         Reviewed by Mark Lam.
3934
3935         MessageEvent.source window was incorrect once window had been reified.
3936
3937         If the Window had not been reified, we kept constructing new
3938         postMessage() functions when calling window.postMessage(). We used to
3939         pass activeDOMWindow(execState) as source Window to
3940         DOMWindow::postMessage(). activeDOMWindow() uses
3941         exec->lexicalGlobalObject() which did the right thing because we
3942         used to construct a new postMessage() function in the caller's context.
3943
3944         However, after reification, due to the way JSDOMWindow::getOwnPropertySlot()
3945         was implemented, we would stop constructing new postMessage() functions
3946         when calling window.postMessage(). As a result, the source window would
3947         become incorrect because exec->lexicalGlobalObject() would return the
3948         target Window instead.
3949
3950         In this patch, the following is done:
3951         1. Stop constructing a new function every time in the same origin case
3952            for postMessage, blur, focus and close. This was inefficient and lead
3953            to incorrect behavior:
3954            - The behavior would differ depending if the Window is reified or not
3955            - It would be impossible to delete those operations, which is
3956              incompatible with the specification and other browsers (tested
3957              Firefox and Chrome).
3958         2. Use callerDOMWindow(execState) instead of activeDOMWindow(execState)
3959            as source Window in JSDOMWindow::handlePostMessage(). callerDOMWindow()
3960            is a new utility function that returns the caller's Window object.
3961
3962         Tests: fast/dom/Window/delete-operations.html
3963                fast/dom/Window/messageevent-source-postmessage-reified.html
3964                fast/dom/Window/messageevent-source-postmessage.html
3965                fast/dom/Window/messageevent-source-postmessage2.html
3966                fast/dom/Window/window-postmessage-clone-frames.html
3967                fast/dom/Window/post-message-crash2.html
3968
3969         * bindings/js/JSDOMBinding.cpp:
3970         (WebCore::GetCallerCodeBlockFunctor::operator()):
3971         (WebCore::GetCallerCodeBlockFunctor::codeBlock):
3972         (WebCore::callerDOMWindow):
3973         * bindings/js/JSDOMBinding.h:
3974         * bindings/js/JSDOMWindowCustom.cpp:
3975         (WebCore::handlePostMessage):
3976
3977 2016-04-05  Beth Dakin  <bdakin@apple.com>
3978
3979         Make requestCandidatesForSelection available on any EditorClient
3980         https://bugs.webkit.org/show_bug.cgi?id=156253
3981         -and corresponding-
3982         rdar://problem/24661147
3983
3984         Reviewed by Dean Jackson.
3985
3986         * loader/EmptyClients.h:
3987         * page/EditorClient.h:
3988         (WebCore::EditorClient::requestCandidatesForSelection):
3989
3990 2016-04-05  Youenn Fablet  <youenn.fablet@crf.canon.fr>
3991
3992         [Fetch API] Add a runtime flag to fetch API and related constructs
3993         https://bugs.webkit.org/show_bug.cgi?id=156113
3994  
3995         Reviewed by Alex Christensen.
3996
3997         Marking all Fetch interfaces EnabledAtRuntime=FetchAPI.