[WebKit-https.git] / Source / WebCore / ChangeLog

2016-04-13  Antonio Gomes  <tonikitoo@webkit.org>

        Non-resizable text field looks resizable
        https://bugs.webkit.org/show_bug.cgi?id=152271

        Reviewed by Darin Adler.

        The 'resizability' of an HTML element is controlled by its 'resize' CSS property value.
        By default it is 'none', but certain HTML elements, including <textarea>, have it
        set to 'both' by default (defined in html.css). These values mean no resize at all, and
        resizable in both vertical and horizontal axis, respectively.
        Additionally, 'vertical' and 'horizontal' values are also valid.

        Problem here is that the way WebKit handles the 'resize' property on single line
        input elements (e.g. <input>) is different than other engines (read Gecko, Blink and Presto):

        - Match: WebKit, Firefox, Presto and Blink all force single line input elements to be non-resizable,
        regardless of either the 'resize' properly is set or not.

        - Mismatch: WebKit is the only engine that actually paints the resize control on single line
        input elements, even it having no effect.

        On WebKit, this happens because the 'resize' property is wrongly implemented as 'inheritable',
        differently from other engines. In the way WebKit contructs its RenderTree, 'resize' property
        ends up spilling out of <input> and entering its shadow representation, carrying the 'resize'
        property on.

        Patch fixes this by making the 'resize' properly be non-inherited, matching other vendors
        and the spec [1].

        [1] https://drafts.csswg.org/css-ui/#resize

        Tests: fast/css/resize-not-inherited.html
               fast/css/resize-single-line-input-no-paint.html

        * rendering/style/RenderStyle.h:
        * rendering/style/StyleRareInheritedData.cpp:
        (WebCore::StyleRareInheritedData::StyleRareInheritedData):
        (WebCore::StyleRareInheritedData::operator==):
        * rendering/style/StyleRareInheritedData.h:
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        * rendering/style/StyleRareNonInheritedData.h:

2016-04-13  Darin Adler  <darin@apple.com>

        Remove UsePointersEvenForNonNullableObjectArguments from DataTransfer
        https://bugs.webkit.org/show_bug.cgi?id=156495

        Reviewed by Chris Dumez.

        * dom/DataTransfer.idl: Removed UsePointersEvenForNonNullableObjectArguments
        and marked the element argument to setDragImage as nullable.

2016-04-13  Brady Eidson  <beidson@apple.com>

        Modern IDB (Blob support): Support deleting stored blob files.
        https://bugs.webkit.org/show_bug.cgi?id=156523

        Reviewed by Alex Christensen.

        No new tests (No testable change in behavior yet, current tests pass).

        There's 3 points in time when we need to delete blob files (and records of them):
        1 - When deleting a specific object store record.
        2 - When deleting an entire object store.
        3 - When deleting a whole database.
        
        This patch does those three things.

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteUnusedBlobFileRecords):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:

        * Modules/indexeddb/server/SQLiteIDBTransaction.cpp:
        (WebCore::IDBServer::SQLiteIDBTransaction::commit):
        (WebCore::IDBServer::SQLiteIDBTransaction::deleteBlobFilesIfNecessary):
        (WebCore::IDBServer::SQLiteIDBTransaction::addRemovedBlobFile):
        * Modules/indexeddb/server/SQLiteIDBTransaction.h:

2016-04-13  Frederic Wang  <fwang@igalia.com>

        Fix two coding mistakes in MathMLInlineContainerElement::childrenChanged
        https://bugs.webkit.org/show_bug.cgi?id=156538

        Reviewed by Darin Adler.

        We fix the call to updateOperatorProperties inside MathMLInlineContainerElement::childrenChanged
        for the <math> and <msqrt> tags.

        The <math> tag is already a RenderMathMLRow so the hasTagName(mathTag)
        conditional is never executed. The tag does not create any anonymous
        wrapper so we do not need a special case for it anyway.

        The <msqrt> tag is not a RenderMathMLRow (yet). However, the anonymous
        wrapper behaving as a RenderMathMLRow is actually the last child, not
        the first one.

        No new tests, this is already covered by mathml/presentation/mo-form-dynamic.html
        Note that for some reason the coding error for <msqrt> only shows up
        after the refactoring of bug 152244.

        * mathml/MathMLInlineContainerElement.cpp:
        (WebCore::MathMLInlineContainerElement::childrenChanged): Fix the two mistakes and add some FIXME comments.

2016-04-12  Chris Dumez  <cdumez@apple.com>

        Attr.value should not be nullable
        https://bugs.webkit.org/show_bug.cgi?id=156515

        Reviewed by Benjamin Poulain.

        Update Attr.value so that it is no longer nullable, as per:
        https://dom.spec.whatwg.org/#interface-attr

        This aligns our behavior with Firefox and Chrome as well.

        Test: fast/dom/Attr/value-not-nullable.html

        * dom/Attr.cpp:
        (WebCore::Attr::setValueForBindings):
        (WebCore::Attr::setNodeValue):
        (WebCore::Attr::setValue):
        * dom/Attr.h:
        * dom/Attr.idl:

2016-04-12  Konstantin Tokarev  <annulen@yandex.ru>

        Fixed uninitialization of Node::DataUnion with GCC 4.8.
        https://bugs.webkit.org/show_bug.cgi?id=156507

        Reviewed by Michael Catanzaro.

        This change fixes run time crashes caused by access to uninitialized
        memory in Node::renderer().

        No new tests needed.

        * dom/Node.h:

2016-04-12  Eric Carlson  <eric.carlson@apple.com>

        [iOS] do not exit AirPlay when the screen locks
        https://bugs.webkit.org/show_bug.cgi?id=156502
        <rdar://problem/24616592>

        Reviewed by Jer Noble.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction): Add logging.
        (WebCore::HTMLMediaElement::purgeBufferedDataIfPossible): Don't tell the media engine to purge 
          data if it is playing to a wireless target because that will drop the connection.

        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::playbackPermitted): Add logging.
        (WebCore::MediaElementSession::canPlayToWirelessPlaybackTarget): Drive by fix: iOS doesn't 
          have an explicit playbackTarget, don't test for it.
        (WebCore::MediaElementSession::isPlayingToWirelessPlaybackTarget): Ditto.

2016-04-12  Gavin Barraclough  <barraclough@apple.com>

        WebKit should adopt journal_mode=wal for all SQLite databases.
        https://bugs.webkit.org/show_bug.cgi?id=133496

        Rubber stamped by Chris Dumez.

        Temporarily disable on iOS - this broke a test.
        (storage/websql/alter-to-info-table.html)

        * platform/sql/SQLiteDatabase.cpp:
        (WebCore::SQLiteDatabase::open):

2016-04-12  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Keyboard shortcut for "Inspect Element" only works when Web Inspector is open.
        https://bugs.webkit.org/show_bug.cgi?id=111193
        <rdar://problem/13325889>

        Reviewed by Timothy Hatcher.

        * inspector/InspectorClient.h:
        (WebCore::InspectorClient::elementSelectionChanged):
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::setSearchingForNode):
        Inform the client when element selection changes.

2016-04-12  Chris Dumez  <cdumez@apple.com>

        Regression(r199360): assertion hit in Element::fastGetAttribute()
        https://bugs.webkit.org/show_bug.cgi?id=156509

        Reviewed by Ryosuke Niwa.

        Stop using fastGetAttribute() / setAttributeWithoutSynchronization()
        given that DOMTokenList is used for the class attribute and we need
        to synchronize in this case.

        No new tests, already covered by existing tests.

        * html/DOMTokenList.cpp:
        (WebCore::DOMTokenList::updateAssociatedAttributeFromTokens):
        (WebCore::DOMTokenList::tokens):

2016-04-12  Myles C. Maxfield  <mmaxfield@apple.com>

        [RTL Scrollbars] Overlay scrollbars push contents inwards
        https://bugs.webkit.org/show_bug.cgi?id=156225
        <rdar://problem/25137040>

        Reviewed by Darin Adler.

        The contents should be pushed in by the occupied width of the
        scrollbar, which is 0 for overlay scrollbars.

        Test: fast/scrolling/rtl-scrollbars-overlay-no-push-contents.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::computeScrollDimensions):

2016-04-12  Myles C. Maxfield  <mmaxfield@apple.com>

        [OS X] Flakey crash after ScrollAnimatorMac destruction
        https://bugs.webkit.org/show_bug.cgi?id=156372

        Reviewed by Darin Adler.

        Previously, we were disabling the mock scrollbars using JavaScript after
        the WebView was created. However, enabling these mock scrollbars can be
        triggered with a bit of state inside the WebPreferences object, which
        means WebKit clients can change it at any point. DumpRenderTree is doing
        this during the document's lifetime.

        This means that the creation of the Scrollbar objects saw a non-mock
        ScrollbarTheme, but the destruction of the Scrollbar objects saw a mock
        ScrollbarTheme. Therefore, the non-mock ScrollbarTheme doesn't get
        cleaned up correctly (ScrollAnimatorMac::willRemoveVerticalScrollbar()
        returns early because it sees that there is nothing to deregister
        due to the ScrollbarTheme being mocked).

        This cleanup is necessary because it sets the NSScrollerImp's delegate
        to nil before the NSScrollerImpDelegate gets destroyed. Because the
        cleanup wasn't happening, the delegate pointer wasn't getting set to
        nil, so the pointer was dangling, and AppKit was following it and
        crashing.

        Because the clients of this bit of state can change it at any time,
        it is incorrect to change it in JavaScript. Instead, the client must
        manage this bit of state (so the client and the web process are always
        in sync). Therefore, the correct way to set this bit of state must be
        done in the test runner rather than Javascript internals. The mechanism
        we have to do that is the <!-- webkit-test-runner --> comment at the
        beginning of the test. This patch migrates to this mechanism and removes
        the old internals method.

        Test: fast/scrolling/rtl-scrollbars-animation-property.html

        * page/Settings.cpp:
        * testing/Internals.cpp:
        (WebCore::Internals::setMockScrollbarsEnabled): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:

2016-04-12  Darin Adler  <darin@apple.com>

        Remove UsePointersEvenForNonNullableObjectArguments from SVG lists
        https://bugs.webkit.org/show_bug.cgi?id=156494

        Reviewed by Chris Dumez.

        * bindings/scripts/CodeGenerator.pm:
        (ShouldPassWrapperByReference): For now, don't do this for any tear-off classes.
        This includes the items stored in most SVG list classes.

        * svg/SVGLengthList.idl: Removed UsePointersEvenForNonNullableObjectArguments.
        * svg/SVGNumberList.idl: Ditto.
        * svg/SVGPointList.idl: Ditto.
        * svg/SVGTransformList.idl: Ditto.

        * svg/SVGPathSegList.idl: Removed UsePointersEvenForNonNullableObjectArguments.
        Marked the arguments nullable, and added FIXMEs about returning later since they
        don't really need to be nullable. But fixing this requires some reworking of the
        SVG list template and it's not urgent at this time. Preserves behavior where we
        get an exception when passing null, it's just an SVG exception instead of TypeError.

2016-04-12  Chris Dumez  <cdumez@apple.com>

        Lazily update tokens in DOMTokenList when the associated attribute value changes
        https://bugs.webkit.org/show_bug.cgi?id=156474

        Reviewed by Ryosuke Niwa.

        Lazily update tokens in DOMTokenList when the associated attribute value
        changes for performance. Constructing the sanitized vector of tokens
        every time the associated Element attribute changes is too expensive.
        Instead, we mark the vector as dirty whenever the attribute changes, and
        we only construct the sanitized vector when it is actually required.

        Also do some renaming for clarity.

        There is no web-exposed behavior change.

        * dom/Element.cpp:
        (WebCore::Element::classAttributeChanged):
        * html/DOMTokenList.cpp:
        (WebCore::DOMTokenList::contains):
        (WebCore::DOMTokenList::addInternal):
        (WebCore::DOMTokenList::removeInternal):
        (WebCore::DOMTokenList::toggle):
        (WebCore::DOMTokenList::value):
        (WebCore::DOMTokenList::setValue):
        (WebCore::DOMTokenList::updateTokensFromAttributeValue):
        (WebCore::DOMTokenList::associatedAttributeValueChanged):
        (WebCore::DOMTokenList::updateAssociatedAttributeFromTokens):
        (WebCore::DOMTokenList::tokens):
        (WebCore::DOMTokenList::DOMTokenList): Deleted.
        * html/DOMTokenList.h:
        (WebCore::DOMTokenList::tokens):
        (WebCore::DOMTokenList::length):
        (WebCore::DOMTokenList::item):
        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::parseAttribute):
        * html/HTMLIFrameElement.cpp:
        (WebCore::HTMLIFrameElement::parseAttribute):
        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::parseAttribute):
        * html/HTMLOutputElement.cpp:
        (WebCore::HTMLOutputElement::parseAttribute):

2016-04-12  Darin Adler  <darin@apple.com>

        Remove UsePointersEvenForNonNullableObjectArguments from HTMLMediaElement
        https://bugs.webkit.org/show_bug.cgi?id=156492

        Reviewed by Chris Dumez.

        * html/HTMLMediaElement.idl: Removed UsePointersEvenForNonNullableObjectArguments,
        sorted remaining class attributes, simplified #if around canPlayType a bit,
        removed comment that is not all that useful, made the argument to
        webkitSetMediaKeys nullable since the implementation supports that.

2016-04-12  Eric Carlson  <eric.carlson@apple.com>

        [iOS] media title sometimes remain in Control Center after tab is closed
        https://bugs.webkit.org/show_bug.cgi?id=156243
        <rdar://problem/20167445>

        Reviewed by Darin Adler.

        * Modules/webaudio/AudioContext.h: Implement characteristics.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaLoadingFailed): Call mediaSession->clientCharacteristicsChanged.
        (WebCore::HTMLMediaElement::setReadyState): Ditto.
        (WebCore::HTMLMediaElement::clearMediaPlayer): Ditto.
        (WebCore::HTMLMediaElement::stop): Call mediaSession->stopSession.
        (WebCore::HTMLMediaElement::characteristics): New, return current characteristics.
        * html/HTMLMediaElement.h:

        * platform/audio/PlatformMediaSession.cpp:
        (WebCore::PlatformMediaSession::stopSession): Suspend playback, and remove the session 
          from the manager, it will never play again.
        (WebCore::PlatformMediaSession::characteristics): Return client characteristics.
        (WebCore::PlatformMediaSession::clientCharacteristicsChanged):
        * platform/audio/PlatformMediaSession.h:

        * platform/audio/PlatformMediaSessionManager.cpp:
        (WebCore::PlatformMediaSessionManager::stopAllMediaPlaybackForProcess): Call stopSession 
          instead of pauseSession to signal that playback will never start again.
        * platform/audio/PlatformMediaSessionManager.h:

        * platform/audio/ios/MediaSessionManagerIOS.h:
        * platform/audio/ios/MediaSessionManagerIOS.mm:
        (WebCore::MediaSessionManageriOS::sessionWillBeginPlayback): Add logging.
        (WebCore::MediaSessionManageriOS::removeSession): Update NowPlaying.
        (WebCore::MediaSessionManageriOS::sessionWillEndPlayback): Add logging.
        (WebCore::MediaSessionManageriOS::clientCharacteristicsChanged): Update NowPlaying.
        (WebCore::MediaSessionManageriOS::nowPlayingEligibleSession): New, return the first session
          that is an audio or video element with playable audio. WebAudio is not currently controllable
          so it isn't appropriate to show it in the NowPlaying info center.
        (WebCore::MediaSessionManageriOS::updateNowPlayingInfo): Remember the last state passed to
          NowPlaying so we can call it only when something has changed.

2016-04-12  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Rework scrollbars theming code for GTK+ 3.20
        https://bugs.webkit.org/show_bug.cgi?id=156462

        Reviewed by Michael Catanzaro.

        In r199292, we reworked the theming code to ensure it works with the new GTK+ CSS theming system. The same is
        needed for scrollbars, this patch uses the RenderThemeGadget classes introduced in r199292 to render the native
        scrollbars. The code is now split in 3 parts: stub methods for GTK+2 (since this file is compiled for
        WebCoreGTK, but not used), the implementation for GTK+ < 3.20 and the implementation for GTK+ >= 3.20. This
        reduces the amount of ifdefed code, and ensures that changes in new code don't break the rendering with older
        versions of GTK+. I noticed that we were overriding both, the specific paint methods to render scrollbars
        parts and the global paint method that renders all the scrollbar parts. We don't really need the specific paint
        methods, so I've removed the implemention leaving only the paint method. This also allows us to get rid of the
        GtkStyleContext cache.

        * platform/gtk/RenderThemeGadget.cpp:
        (WebCore::RenderThemeGadget::create): Handle scrollbars gadgets.
        (WebCore::appendElementToPath): In case of scrollbar gadget, use the scrollbar GType when creating the path to
        be able to get non-CSS style properties.
        (WebCore::RenderThemeGadget::opacity): Add method to get the opacity CSS style property.
        (WebCore::RenderThemeScrollbarGadget::RenderThemeScrollbarGadget): Initialize m_steppers option set with the
        steppers used by the theme.
        * platform/gtk/RenderThemeGadget.h:
        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::themeChangedCallback):
        (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
        (WebCore::createStyleContext):
        (WebCore::createChildStyleContext):
        (WebCore::ScrollbarThemeGtk::themeChanged):
        (WebCore::ScrollbarThemeGtk::updateThemeProperties):
        (WebCore::scrollbarPartStateFlags):
        (WebCore::scrollbarGadgetForLayout):
        (WebCore::contentsGadgetForLayout):
        (WebCore::ScrollbarThemeGtk::trackRect):
        (WebCore::ScrollbarThemeGtk::hasThumb):
        (WebCore::ScrollbarThemeGtk::backButtonRect):
        (WebCore::ScrollbarThemeGtk::forwardButtonRect):
        (WebCore::ScrollbarThemeGtk::paint):
        (WebCore::paintStepper):
        (WebCore::adjustRectAccordingToMargin):
        (WebCore::ScrollbarThemeGtk::scrollbarThickness):
        (WebCore::ScrollbarThemeGtk::minimumThumbLength):
        * platform/gtk/ScrollbarThemeGtk.h:

2016-03-17  Sergio Villar Senin  <svillar@igalia.com>

        [css-grid] Add parsing support for <auto-repeat> syntax
        https://bugs.webkit.org/show_bug.cgi?id=155583

        Reviewed by Antti Koivisto.

        The repeat() notation allows now to specify auto-fill or auto-fit instead of
        a fixed number of repetitions meaning that it will be automatically computed
        depending on the available space.

        This patch just adds the parsing support, the expansion of the repeat notation
        will be implemented in a follow up patch because it cannot be done at
        parsing level (since it requires knowledge about the available space).

        Test: fast/css-grid-layout/grid-element-auto-repeat-get-set.html

        * CMakeLists.txt:
        * css/CSSGridAutoRepeatValue.cpp: Added.
        (WebCore::CSSGridAutoRepeatValue::customCSSText):
        * css/CSSGridAutoRepeatValue.h: Added.
        (WebCore::CSSGridAutoRepeatValue::create):
        (WebCore::CSSGridAutoRepeatValue::autoRepeatID):
        (WebCore::CSSGridAutoRepeatValue::CSSGridAutoRepeatValue):
        * css/CSSParser.cpp:
        (WebCore::allTracksAreFixedSized):
        (WebCore::CSSParser::parseGridTrackList):
        (WebCore::CSSParser::parseGridTrackRepeatFunction):
        (WebCore::CSSParser::parseGridTrackSize):
        (WebCore::CSSParser::parseGridBreadth):
        * css/CSSParser.h:
        * css/CSSValue.cpp:
        (WebCore::CSSValue::equals):
        (WebCore::CSSValue::cssText):
        (WebCore::CSSValue::destroy):
        * css/CSSValue.h:
        (WebCore::CSSValue::isGridAutoRepeatValue):
        * css/CSSValueKeywords.in:

2016-04-12  Yusuke Suzuki  <utatane.tea@gmail.com>

        [JSC] addStaticGlobals should emit SymbolTableEntry watchpoints to encourage constant folding in DFG
        https://bugs.webkit.org/show_bug.cgi?id=155110

        Reviewed by Saam Barati.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::updateDocument):

2016-04-12  Sergio Villar Senin  <svillar@igalia.com>

        [css-grid] Pass GridSizingData instead of columnTracks to track sizing methods
        https://bugs.webkit.org/show_bug.cgi?id=156466

        Reviewed by Darin Adler.

        Several methods used to compute the items' size contribution to the tracks they span in, get
        as an argument a vector with the sizes of the column tracks.

        In order to support grids with orthogonal flows (among other things) it's much better to
        pass the GridSizingData struct and let those methods decide whether to use the columns or
        the rows.

        No new tests as this is just a minor refactoring with no change in behavior.

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
        (WebCore::RenderGrid::logicalContentHeightForChild):
        (WebCore::RenderGrid::minSizeForChild):
        (WebCore::RenderGrid::minContentForChild):
        (WebCore::RenderGrid::maxContentForChild):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
        (WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
        * rendering/RenderGrid.h:

2016-04-11  Darin Adler  <darin@apple.com>

        Remove UsePointersEvenForNonNullableObjectArguments from HTMLOptionsCollection
        https://bugs.webkit.org/show_bug.cgi?id=156491

        Reviewed by Chris Dumez.

        * html/HTMLOptionsCollection.cpp:
        (WebCore::HTMLOptionsCollection::add): Take a reference instead of a pointer.
        * html/HTMLOptionsCollection.h: Removed unneeded forward declaration. Changed
        add to take a reference instead of a pointer for the element to add. Used
        final instead of override on virtual functions.
        * html/HTMLOptionsCollection.idl: Removed now-unneeded attribute
        UsePointersEvenForNonNullableObjectArguments; the only function affected was
        add, and the overloading code was already checking for null.

2016-04-11  Darin Adler  <darin@apple.com>

        Remove UsePointersEvenForNonNullableObjectArguments from HTMLSelectElement
        https://bugs.webkit.org/show_bug.cgi?id=156458

        Reviewed by Chris Dumez.

        * bindings/js/JSHTMLOptionsCollectionCustom.cpp:
        (WebCore::JSHTMLOptionsCollection::remove): Updated to call remove with a reference
        rather than a pointer.

        * bindings/js/JSHTMLSelectElementCustom.cpp:
        (WebCore::JSHTMLSelectElement::remove): Updated to call remove with a reference
        rather than a pointer.
        (WebCore::selectIndexSetter): Updated to call setOption with a reference rather
        than a pointer.

        * bindings/scripts/CodeGeneratorGObject.pm:
        (GenerateFunction): Added basic support for passing wrappers by reference.
        GObject bindings already check arguments for null, so didn't add any new checks.

        * bindings/scripts/test/GObject/WebKitDOMTestActiveDOMObject.cpp:
        * bindings/scripts/test/GObject/WebKitDOMTestCallback.cpp:
        * bindings/scripts/test/GObject/WebKitDOMTestCallbackFunction.cpp:
        * bindings/scripts/test/GObject/WebKitDOMTestInterface.cpp:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        Updated.

        * editing/FrameSelection.cpp: Updated includes.

        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::setSelected): Pass reference when calling
        HTMLSelectElement::optionSelectionStateChanged.
        (WebCore::HTMLOptionElement::insertedInto): Ditto.

        * html/HTMLOptionsCollection.cpp:
        (WebCore::HTMLOptionsCollection::add): Moved null checking behavior here.
        Preserves existing "silently do nothing if null".
        (WebCore::HTMLOptionsCollection::remove): Changed function to take a reference
        instead of a pointer.

        * html/HTMLOptionsCollection.h: Updated include. Changed remove to take a
        reference instead of a pointer.

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::add): Changed to take a reference instead of
        a pointer. Also removed unneeded protect code, since insertBefore already
        protects itself, and unneeded call to updateValidity, since the
        HTMLSelectElement::childrenChanged function already calls updateValidity.
        (WebCore::HTMLSelectElement::remove): Changed to take a reference instead
        of a pointer.
        (WebCore::HTMLSelectElement::setOption): Changed to take a reference
        instead of a pointer.
        (WebCore::HTMLSelectElement::setLength): Renamed "newLen" to "newLength".
        Use Ref instead of RefPtr for result of createElement, which makes the
        argument passed to add be a reference rather than a pointer.
        (WebCore::HTMLSelectElement::willRespondToMouseClickEvents): Put the #if
        for this here instead of in the header.
        (WebCore::HTMLSelectElement::optionSelectionStateChanged): Changed to take
        a reference instead of a pointer for the option element.

        * html/HTMLSelectElement.h: Removed unneeded includes. Derive privately
        from TypeAheadDataSource instead of publicly. Make all overrides final
        except for the one that is actually overridden by a derived class.
        Changed the arguments of the add, remove, setOption, and
        optionSelectionStateChanged functions to be references instead of pointers.
        Tweaked formatting a bit and used nullptr instead of 0. Override
        willRespondToMouseClickEvents on all platforms, not just iOS.

        * html/HTMLSelectElement.idl: Removed UsePointersEvenForNonNullableObjectArguments.
        Removed a comment that is no longer needed. Made some types nullable to match
        the specification, in places that currently have no effect on code generation.
        Added a FIXME comment about the argument to setCustomValidity incorrectly being
        marked as nullable.

2016-04-11  Brent Fulgham  <bfulgham@apple.com>

        Use WeakPtrs to avoid using deallocated Widgets and ScrollableAreas
        https://bugs.webkit.org/show_bug.cgi?id=156420
        <rdar://problem/25637378>

        Reviewed by Darin Adler.

        Avoid the risk of using deallocated Widgets and ScrollableAreas by using WeakPtrs instead of
        bare pointers. This allows us to remove some explicit calls to get ScrollableArea and Widget
        members in the event handling logic. Instead, null checks are sufficient to ensure we never
        accidentally dereference a deleted element.

        1. Modify the ScrollableArea class to support vending WeakPtrs.
        2. Modify the Event Handling code to use WeakPtrs to hold ScrollableArea and RenderWidget
           objects, and to null-check these elements after event handling dispatching is finished
           to handle cases where these objects are destroyed.

        Test: fast/events/wheel-event-destroys-frame.html
              fast/events/wheel-event-destroys-overflow.html

        * page/EventHandler.cpp:
        (WebCore::EventHandler::platformPrepareForWheelEvents): Change signature for WeakPtr.
        (WebCore::EventHandler::platformCompleteWheelEvent): Ditto.
        (WebCore::EventHandler::platformNotifyIfEndGesture): Ditto.
        (WebCore::widgetForElement): Change to return a WeakPtr.
        (WebCore::EventHandler::handleWheelEvent): Use WeakPtrs to hold elements that might be destroyed
        during event handling.
        * page/EventHandler.h:
        * page/mac/EventHandlerEfl.cpp: Rename passWheelEventToWidget to widgetDidHandleWheelEvent.
        * page/mac/EventHandlerGtk.cpp: Ditto.
        * page/mac/EventHandlerIOS.mm: Ditto.
        * page/mac/EventHandlerMac.mm:
        (WebCore::scrollableAreaForEventTarget): Renamed from scrollViewForEventTarget. Return
        a WeakPtr rather than a bare pointer.
        (WebCore::scrollableAreaForContainerNode): Return WeakPtr rather than bare pointer.
        (WebCore::EventHandler::completeWidgetWheelEvent): Added.
        (WebCore::EventHandler::passWheelEventToWidget): Deleted.
        (WebCore::EventHandler::platformPrepareForWheelEvents): Convert to WeakPtrs.
        (WebCore::EventHandler::platformCompleteWheelEvent): Ditto.
        (WebCore::EventHandler::platformCompletePlatformWidgetWheelEvent): Ditto.
        (WebCore::EventHandler::platformNotifyIfEndGesture): Ditto.
        (WebCore::EventHandler::widgetDidHandleWheelEvent): Renamed from passWheelEventToWidget.
        (WebCore::EventHandler::widgetForEventTarget): Converted from static function to static
        method so it can be shared with EventHandlerMac.
        (WebCore::scrollViewForEventTarget): Deleted.
        * page/mac/EventHandlerWin.cpp: Rename passWheelEventToWidget to widgetDidHandleWheelEvent.
        * platform/ScrollableArea.cpp:
        * platform/ScrollableArea.h:
        (WebCore::ScrollableArea::createWeakPtr): Added.
        * platform/Widget.h:
        (WebCore::ScrollableArea::createWeakPtr): Added.

2016-04-11  Dean Jackson  <dino@apple.com>

        putImageData needs to premultiply input
        https://bugs.webkit.org/show_bug.cgi?id=156488
        <rdar://problem/25672675>

        Reviewed by Zalan Bujtas.

        I made a mistake in r187534 as I was converting get and putImageData
        to use Accelerate. The incoming data is unmultiplied, and should
        be premultiplied before copying into the backing store. I was
        accidentally unmultiplying unmultiplied data, which caused
        some pretty psychedelic results.

        Test: fast/canvas/putImageData-unmultiplied.html

        * platform/graphics/cg/ImageBufferDataCG.cpp:
        (WebCore::ImageBufferData::putData): Call premultiply, not unpremultiply.

2016-04-11  Jeremy Jones  <jeremyj@apple.com>

        When clearing cache, also clear AVFoundation cache.
        https://bugs.webkit.org/show_bug.cgi?id=155783
        rdar://problem/25252541

        Reviewed by Darin Adler.

        Use AVAssetCache at a specified location on disk for all AVURLAssets. This AVAssetCache
        can then be used to manage the cache storage used by AVFoundation. It is used to query the
        contents of the cache in originsInMediaCache() and to clear the cache completely or partially in
        clearMediaCache() and clearMediaCacheForOrigins().

        Use SecurityOrigin instead of the less formal site String to represent origins in the cache.

        * html/HTMLMediaElement.cpp:
        (WebCore::sharedMediaCacheDirectory): Added.
        (WebCore::HTMLMediaElement::setMediaCacheDirectory): Added.
        (WebCore::HTMLMediaElement::mediaCacheDirectory): Added.
        (WebCore::HTMLMediaElement::originsInMediaCache): Added.
        (WebCore::HTMLMediaElement::clearMediaCache): Added parameter.
        (WebCore::HTMLMediaElement::clearMediaCacheForOrigins): Added.
        (WebCore::HTMLMediaElement::mediaPlayerMediaCacheDirectory): Added.
        (WebCore::HTMLMediaElement::getSitesInMediaCache): Deleted.
        (WebCore::HTMLMediaElement::clearMediaCacheForSite): Deleted.
        * html/HTMLMediaElement.h:
        (WebCore::HTMLMediaElement::clearMediaCache): Added parameter.
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::addMediaEngine): Add new cache methods.
        (WebCore::addToHash): Added.
        (WebCore::MediaPlayer::originsInMediaCache): Added.
        (WebCore::MediaPlayer::clearMediaCache): Added parameter.
        (WebCore::MediaPlayer::clearMediaCacheForOrigins): Added.
        (WebCore::MediaPlayer::getSitesInMediaCache): Deleted.
        (WebCore::MediaPlayer::clearMediaCacheForSite): Deleted.
        * platform/graphics/MediaPlayer.h:
        (WebCore::MediaPlayerClient::mediaPlayerMediaCacheDirectory): Added.
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::originsInMediaCache): Added.
        (WebCore::MediaPlayerPrivateInterface::clearMediaCache): Added parameter.
        (WebCore::MediaPlayerPrivateInterface::clearMediaCacheForOrigins): Added.
        (WebCore::MediaPlayerPrivateInterface::getSitesInMediaCache): Deleted.
        (WebCore::MediaPlayerPrivateInterface::clearMediaCacheForSite): Deleted.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::registerMediaEngine): Added cache methods.
        (WebCore::assetCacheForPath): Added.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::originsInMediaCache): Added.
        (WebCore::toSystemClockTime): Added.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCache): Added parameter.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCacheForOrigins): Added.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Added.
        * platform/graphics/mac/MediaPlayerPrivateQTKit.h:
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        (WebCore::MediaPlayerPrivateQTKit::registerMediaEngine): Added cache methods.
        (WebCore::MediaPlayerPrivateQTKit::originsInMediaCache): Added.
        (WebCore::MediaPlayerPrivateQTKit::clearMediaCache): Added parameter.
        (WebCore::MediaPlayerPrivateQTKit::clearMediaCacheForOrigins): Added.
        (WebCore::MediaPlayerPrivateQTKit::getSitesInMediaCache): Deleted.
        (WebCore::MediaPlayerPrivateQTKit::clearMediaCacheForSite): Deleted.
        * platform/spi/mac/AVFoundationSPI.h:

2016-04-11  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r199310.
        https://bugs.webkit.org/show_bug.cgi?id=156483

        This change turns many indexeddb tests into crashes (Requested
        by jwtan on #webkit).

        Reverted changeset:

        "Clean up IDBBindingUtilities."
        https://bugs.webkit.org/show_bug.cgi?id=156472
        http://trac.webkit.org/changeset/199310

2016-04-11  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r199315.
        https://bugs.webkit.org/show_bug.cgi?id=156482

        This change broke the OS X Yosemite build. (Requested by jwtan
        on #webkit).

        Reverted changeset:

        "When clearing cache, also clear AVFoundation cache."
        https://bugs.webkit.org/show_bug.cgi?id=155783
        http://trac.webkit.org/changeset/199315

2016-04-11  Brian Burg  <bburg@apple.com>

        Web Inspector: get rid of InspectorBasicValue and InspectorString subclasses
        https://bugs.webkit.org/show_bug.cgi?id=156407
        <rdar://problem/25627659>

        Reviewed by Joseph Pecoraro.

        * inspector/InspectorDatabaseAgent.cpp: Don't use deleted subclasses.

2016-04-11  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r198909.
        https://bugs.webkit.org/show_bug.cgi?id=156479

        made double-click-and-drag on text drag instead of
        highlighting (Requested by alexchristensen_ on #webkit).

        Reverted changeset:

        "eventMayStartDrag() does not check for shiftKey or
        isOverLink"
        https://bugs.webkit.org/show_bug.cgi?id=155746
        http://trac.webkit.org/changeset/198909

2016-04-11  Chris Dumez  <cdumez@apple.com>

        [WebIDL] Add support for [ImplementedAs] for EventHandler attributes
        https://bugs.webkit.org/show_bug.cgi?id=156421

        Reviewed by Darin Adler.

        Add support for [ImplementedAs] for EventHandler attributes so we can
        get rid of some ugly name hard-coding in the bindings generator.

        * Modules/notifications/Notification.idl:
        * bindings/scripts/CodeGeneratorJS.pm:
        (EventHandlerAttributeEventName):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjOnwebkitfoo):
        (WebCore::setJSTestObjOnwebkitfoo):
        * bindings/scripts/test/TestObj.idl:
        * dom/Element.idl:
        * page/DOMWindow.idl:

2016-04-11  Jeremy Jones  <jeremyj@apple.com>

        When clearing cache, also clear AVFoundation cache.
        https://bugs.webkit.org/show_bug.cgi?id=155783
        rdar://problem/25252541

        Reviewed by Darin Adler.

        Use AVAssetCache at a specified location on disk for all AVURLAssets. This AVAssetCache
        can then be used to manage the cache storage used by AVFoundation. It is used to query the
        contents of the cache in originsInMediaCache() and to clear the cache completely or partially in
        clearMediaCache() and clearMediaCacheForOrigins().

        Use SecurityOrigin instead of the less formal site String to represent origins in the cache.

        * html/HTMLMediaElement.cpp:
        (WebCore::sharedMediaCacheDirectory): Added.
        (WebCore::HTMLMediaElement::setMediaCacheDirectory): Added.
        (WebCore::HTMLMediaElement::mediaCacheDirectory): Added.
        (WebCore::HTMLMediaElement::originsInMediaCache): Added.
        (WebCore::HTMLMediaElement::clearMediaCache): Added parameter.
        (WebCore::HTMLMediaElement::clearMediaCacheForOrigins): Added.
        (WebCore::HTMLMediaElement::mediaPlayerMediaCacheDirectory): Added.
        (WebCore::HTMLMediaElement::getSitesInMediaCache): Deleted.
        (WebCore::HTMLMediaElement::clearMediaCacheForSite): Deleted.
        * html/HTMLMediaElement.h:
        (WebCore::HTMLMediaElement::clearMediaCache): Added parameter.
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::addMediaEngine): Add new cache methods.
        (WebCore::addToHash): Added.
        (WebCore::MediaPlayer::originsInMediaCache): Added.
        (WebCore::MediaPlayer::clearMediaCache): Added parameter.
        (WebCore::MediaPlayer::clearMediaCacheForOrigins): Added.
        (WebCore::MediaPlayer::getSitesInMediaCache): Deleted.
        (WebCore::MediaPlayer::clearMediaCacheForSite): Deleted.
        * platform/graphics/MediaPlayer.h:
        (WebCore::MediaPlayerClient::mediaPlayerMediaCacheDirectory): Added.
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::originsInMediaCache): Added.
        (WebCore::MediaPlayerPrivateInterface::clearMediaCache): Added parameter.
        (WebCore::MediaPlayerPrivateInterface::clearMediaCacheForOrigins): Added.
        (WebCore::MediaPlayerPrivateInterface::getSitesInMediaCache): Deleted.
        (WebCore::MediaPlayerPrivateInterface::clearMediaCacheForSite): Deleted.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::registerMediaEngine): Added cache methods.
        (WebCore::assetCacheForPath): Added.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::originsInMediaCache): Added.
        (WebCore::toSystemClockTime): Added.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCache): Added parameter.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCacheForOrigins): Added.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Added.
        * platform/graphics/mac/MediaPlayerPrivateQTKit.h:
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        (WebCore::MediaPlayerPrivateQTKit::registerMediaEngine): Added cache methods.
        (WebCore::MediaPlayerPrivateQTKit::originsInMediaCache): Added.
        (WebCore::MediaPlayerPrivateQTKit::clearMediaCache): Added parameter.
        (WebCore::MediaPlayerPrivateQTKit::clearMediaCacheForOrigins): Added.
        (WebCore::MediaPlayerPrivateQTKit::getSitesInMediaCache): Deleted.
        (WebCore::MediaPlayerPrivateQTKit::clearMediaCacheForSite): Deleted.
        * platform/spi/mac/AVFoundationSPI.h:

2016-04-11  Antoine Quint  <graouts@apple.com>

        [WebGL2] Use Open GL ES 3.0 to back WebGL2 contexts
        https://bugs.webkit.org/show_bug.cgi?id=141178

        Reviewed by Dean Jackson.

        We add a new `useGLES3` attribute when creating a GraphicsContext3D in the event that the
        context type is "webgl2". This attribute is then read by the GraphicsContext3D constructor
        to request an Open GL ES 3.0 backend when creating the EAGLContext on iOS.

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::create):
        * platform/graphics/GraphicsContext3D.h:
        (WebCore::GraphicsContext3D::Attributes::Attributes):
        * platform/graphics/mac/GraphicsContext3DMac.mm:
        (WebCore::GraphicsContext3D::GraphicsContext3D):

2016-04-11  Jiewen Tan  <jiewen_tan@apple.com>

        fast/loader/opaque-base-url.html crashing during mac and ios debug tests
        https://bugs.webkit.org/show_bug.cgi?id=156179
        <rdar://problem/25507719>

        Reviewed by Ryosuke Niwa.

        Navigate to about:blank if the provided src of an iframe/frame cannot be
        resolved to a valid URL.

        Test: fast/loader/iframe-src-invalid-url.html

        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::requestFrame):

2016-04-11  Said Abou-Hallawa  <sabouhallawa@apple,com>

        Merge CG ImageSource and non CG ImageSource implementation in one file
        https://bugs.webkit.org/show_bug.cgi?id=155456

        Reviewed by Darin Adler.

        ImageSource for CG and CG code paths look very similar. All the platform
        specific code can be moved to ImageDecoder classes for CG and non CG. And
        we can have the ImageSource be platform independent and we get rid of
        ImageSourceCG.cpp.

        Test: fast/images/image-subsampling.html

        * CMakeLists.txt:
        * PlatformAppleWin.cmake:
        * PlatformMac.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        Delete ImageSourceCG.cpp form all make files and add ImageSource.cpp to
        CMakeLists.txt.
        
        * platform/Cursor.cpp:
        (WebCore::determineHotSpot):
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::hotSpot):
        (WebCore::BitmapImage::getHotSpot): Deleted.
        * platform/graphics/BitmapImage.h:
        * platform/graphics/Image.h:
        (WebCore::Image::hotSpot):
        (WebCore::Image::getHotSpot): Deleted.
        Rename getHotSpot() to hotSpot() and change it to return Optional<IntPoint>.
        
        * platform/graphics/ImageSource.cpp:
        (WebCore::ImageSource::~ImageSource): Remove clear(true) call. It does nothing.
        (WebCore::ImageSource::clearFrameBufferCache): A wrapper which calls ImageDecoder::clearFrameBufferCache().
        (WebCore::ImageSource::clear): Calls clearFrameBufferCache() which will do nothing for CG.
        
        (WebCore::ImageSource::ensureDecoderIsCreated): Change SharedBuffer* to
        const SharedBuffer& and remove the call to ImageDecoder::setMaxNumPixels().
        The value of const static int CG ImageDecoder::m_maxNumPixels will be set
        based on IMAGE_DECODER_DOWN_SAMPLING.
        
        (WebCore::ImageSource::setData): Pass SharedBuffer& to the underlying functions.
        
        (WebCore::ImageSource::calculateMaximumSubsamplingLevel): Returns the maximum
        subsampling level allowed for an image.
        
        (WebCore::ImageSource::subsamplingLevelForScale): Converts from a scale to
        SubsamplingLevel taking into consideration the maximumSubsamplingLevel for
        a particular image.
        
        (WebCore::ImageSource::bytesDecodedToDetermineProperties): Returns the number
        of encoded bytes which can determine the image properties. For non CG it's
        zero. For CG it is a maximum value which can be corrected later.
        
        (WebCore::ImageSource::isSizeAvailable):
        (WebCore::ImageSource::sizeRespectingOrientation):
        (WebCore::ImageSource::frameCount):
        (WebCore::ImageSource::repetitionCount):
        (WebCore::ImageSource::filenameExtension):
        (WebCore::ImageSource::getHotSpot):
        (WebCore::ImageSource::frameIsCompleteAtIndex):
        (WebCore::ImageSource::frameHasAlphaAtIndex):
        (WebCore::ImageSource::allowSubsamplingOfFrameAtIndex):
        (WebCore::ImageSource::frameSizeAtIndex):
        (WebCore::ImageSource::frameBytesAtIndex):
        (WebCore::ImageSource::frameDurationAtIndex):
        (WebCore::ImageSource::orientationAtIndex):
        (WebCore::ImageSource::createFrameImageAtIndex):
        These are wrappers for the ImageDecoder APIs. The purpose of these functions
        is to ensure the ImageDecoder is created.
        
        (WebCore::ImageSource::dump): Called from BitmapImage::dump().
        
        (WebCore::ImageSource::getHotSpot): Deleted.
        
        * platform/graphics/ImageSource.h:
        (WebCore::ImageSource::setAllowSubsampling): Called from BitmapImage::setAllowSubsampling().
        
        (WebCore::ImageSource::maxPixelsPerDecodedImage): Deleted.
        (WebCore::ImageSource::setMaxPixelsPerDecodedImage): Deleted.
        Setting maxPixelsPerDecodedImage was moved to the non CG ImageDecoder.
        
        * platform/graphics/cg/ImageDecoderCG.cpp:
        (WebCore::ImageDecoder::setData): Change SharedBuffer* to SharedBuffer&.

        (WebCore::ImageDecoder::subsamplingLevelForScale): Deleted.
        The code was moved to ImageSource::subsamplingLevelForScale().
        
        * platform/graphics/cg/ImageDecoderCG.h:
        (WebCore::ImageDecoder::create): Make the prototype of this function
        suitable for CG and non CG cases.
        (WebCore::ImageDecoder::clearFrameBufferCache): Empty functions for CG.
        
        * platform/graphics/cg/ImageSourceCG.cpp: Removed.
        
        * platform/image-decoders/ImageDecoder.cpp:
        (WebCore::ImageDecoder::frameIsCompleteAtIndex): A mew function to return
        whether the frame decoding is complete or not.
        
        (WebCore::ImageDecoder::frameHasAlphaAtIndex): Simplify the logic.
        
        (WebCore::ImageDecoder::frameDurationAtIndex): The code was moved from
        ImageSource::frameDurationAtIndex() in ImageSource.cpp.
        
        (WebCore::ImageDecoder::createFrameImageAtIndex): The code was moved from
        ImageSource::createFrameImageAtIndex() in ImageSource.cpp.
        
        * platform/image-decoders/ImageDecoder.h:
        (WebCore::ImageDecoder::ImageDecoder): Initialize the members in class.
        (WebCore::ImageDecoder::~ImageDecoder): Fix the braces style.
        (WebCore::ImageDecoder::setData): Change the type of the argument from
        SharedBuffer* to SharedBuffer&.
        (WebCore::ImageDecoder::frameSizeAtIndex): Add the argument SubsamplingLevel
        so it can have the same prototype as CG.
        (WebCore::ImageDecoder::orientationAtIndex): Rename it to the same of CG.
        
        (WebCore::ImageDecoder::allowSubsamplingOfFrameAtIndex):
        (WebCore::ImageDecoder::bytesDecodedToDetermineProperties):
        (WebCore::ImageDecoder::subsamplingLevelForScale): Add these functions
        and return the default values so we do not have to add directive compiled
        non CG blocks in ImageSource.cpp.

        (WebCore::ImageDecoder::hotSpot): Return Optional<IntPoint>.
        
        (WebCore::ImageDecoder::orientation): Deleted.
        (WebCore::ImageDecoder::setMaxNumPixels): Deleted.
        
        * platform/image-decoders/bmp/BMPImageDecoder.cpp:
        (WebCore::BMPImageDecoder::setData):
        * platform/image-decoders/bmp/BMPImageDecoder.h:
        * platform/image-decoders/gif/GIFImageDecoder.cpp:
        (WebCore::GIFImageDecoder::setData):
        (WebCore::GIFImageDecoder::decode):
        * platform/image-decoders/gif/GIFImageDecoder.h:
        * platform/image-decoders/gif/GIFImageReader.h:
        (GIFImageReader::setData):
        * platform/image-decoders/ico/ICOImageDecoder.cpp:
        (WebCore::ICOImageDecoder::setData):
        Use reference SharedBuffer instead of pointer SharedBuffer.
        
        (WebCore::ICOImageDecoder::hotSpot):
        (WebCore::ICOImageDecoder::hotSpotAtIndex):
        Change hotSpot() to return Optional<IntPoint>.
        * platform/image-decoders/ico/ICOImageDecoder.h:
                
        (WebCore::ICOImageDecoder::setDataForPNGDecoderAtIndex):
        Pass reference SharedBuffer instead of pointer SharedBuffer.

2016-04-08  Said Abou-Hallawa  <sabouhallawa@apple,com>

        Timing attack on SVG feComposite filter circumvents same-origin policy
        https://bugs.webkit.org/show_bug.cgi?id=154338

        Reviewed by Oliver Hunt.

        Ensure the FEComposite arithmetic filter is clamping the resulted color
        components in a constant time.

        * platform/graphics/filters/FEComposite.cpp:
        (WebCore::clampByte):
        (WebCore::computeArithmeticPixels):

2016-04-11  Brady Eidson  <beidson@apple.com>

        Clean up IDBBindingUtilities.
        https://bugs.webkit.org/show_bug.cgi?id=156472

        Reviewed by Alex Christensen.

        No new tests (No change in behavior).

        - Get rid of a whole bunch of unused functions (since we got rid of Legacy IDB).
        - Make more functions deal in ExecState/ScriptExecutionContexts instead of DOMRequestState.
        - Make more functions deal in JSValue instead of Deprecated::ScriptValue.

        * bindings/scripts/IDLAttributes.txt: Add a new attribute to signify that an implementation returns
          JSValues instead of Deprecated::ScriptState
        * bindings/scripts/CodeGeneratorJS.pm:
        (NativeToJSValue): Use that new attribute.
        
        * Modules/indexeddb/IDBAny.cpp:
        (WebCore::IDBAny::IDBAny):
        (WebCore::IDBAny::scriptValue):
        * Modules/indexeddb/IDBAny.h:
        (WebCore::IDBAny::create):
        * Modules/indexeddb/IDBCursor.cpp:
        (WebCore::IDBCursor::key):
        (WebCore::IDBCursor::primaryKey):
        (WebCore::IDBCursor::value):
        (WebCore::IDBCursor::update):
        (WebCore::IDBCursor::continueFunction):
        (WebCore::IDBCursor::deleteFunction):
        (WebCore::IDBCursor::setGetResult):
        * Modules/indexeddb/IDBCursor.h:
        * Modules/indexeddb/IDBCursor.idl:
        * Modules/indexeddb/IDBCursorWithValue.idl:
        * Modules/indexeddb/IDBFactory.cpp:
        (WebCore::IDBFactory::cmp):
        * Modules/indexeddb/IDBIndex.cpp:
        (WebCore::IDBIndex::count):
        (WebCore::IDBIndex::get):
        (WebCore::IDBIndex::getKey):
        * Modules/indexeddb/IDBKeyRange.cpp:
        (WebCore::IDBKeyRange::lowerValue):
        (WebCore::IDBKeyRange::upperValue):
        (WebCore::IDBKeyRange::only):
        (WebCore::IDBKeyRange::lowerBound):
        (WebCore::IDBKeyRange::upperBound):
        (WebCore::IDBKeyRange::bound):
        * Modules/indexeddb/IDBKeyRange.h:
        * Modules/indexeddb/IDBKeyRange.idl:
        * Modules/indexeddb/IDBObjectStore.cpp:
        (WebCore::IDBObjectStore::get):
        (WebCore::IDBObjectStore::modernDelete):
        (WebCore::IDBObjectStore::count):
        * Modules/indexeddb/IDBRequest.cpp:
        (WebCore::IDBRequest::setResult):
        (WebCore::IDBRequest::setResultToStructuredClone):
        * Modules/indexeddb/server/MemoryObjectStore.cpp:
        (WebCore::IDBServer::MemoryObjectStore::updateIndexesForPutRecord):
        (WebCore::IDBServer::MemoryObjectStore::populateIndexWithExistingRecords):
        * bindings/js/IDBBindingUtilities.cpp:
        (WebCore::idbKeyPathFromValue):
        (WebCore::deserializeIDBValueDataToJSValue):
        (WebCore::scriptValueToIDBKey):
        (WebCore::idbKeyDataToScriptValue):
        (WebCore::idbKeyDataToJSValue): Deleted.
        (WebCore::injectIDBKeyIntoScriptValue): Deleted.
        (WebCore::createIDBKeyFromScriptValueAndKeyPath): Deleted.
        (WebCore::maybeCreateIDBKeyFromScriptValueAndKeyPath): Deleted.
        (WebCore::canInjectIDBKeyIntoScriptValue): Deleted.
        (WebCore::deserializeIDBValue): Deleted.
        (WebCore::deserializeIDBValueData): Deleted.
        (WebCore::deserializeIDBValueBuffer): Deleted.
        (WebCore::idbValueDataToJSValue): Deleted.
        (WebCore::idbKeyToScriptValue): Deleted.
        * bindings/js/IDBBindingUtilities.h:
        * bindings/js/JSIDBAnyCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSIDBDatabaseCustom.cpp:
        (WebCore::JSIDBDatabase::createObjectStore):
        * bindings/js/JSIDBObjectStoreCustom.cpp:
        (WebCore::JSIDBObjectStore::createIndex):
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::execState):
        * dom/ScriptExecutionContext.h:
        * inspector/InspectorIndexedDBAgent.cpp:

2016-04-09  Gavin Barraclough  <barraclough@apple.com>

        WebKit should adopt journal_mode=wal for all SQLite databases.
        https://bugs.webkit.org/show_bug.cgi?id=133496

        Reviewed by Darin Adler.

        The statement intended to enable WAL mode is always failing because it is missing a
        prepare(). Fix this. We were also previously permitting SQLITE_OK results - this
        was in error (we were only getting these because stepping the unprepared statement
        returned SQLITE_OK). Also set the SQLITE_OPEN_AUTOPROXY flag when opening the
        database - this will improve perfomance when the database is accessed via an AFP
        mount.

        This exposed a bug, that deleteAllDatabases does not actually delete the databases on
        iOS, for testing to reset back to a known state between tests it should be doing so.

        * Modules/webdatabase/DatabaseTracker.cpp:
        (WebCore::DatabaseTracker::deleteAllDatabases):
            - force databases to actually be deleted on iOS.
              This method is only used from testing code (DumpRenderTree / WebKitTestRunner).
        (WebCore::DatabaseTracker::deleteOrigin):
            - added IOSDeletionMode.
        (WebCore::DatabaseTracker::deleteDatabaseFile):
            - added IOSDeletionMode, modified to actually delete if this is set.
        * Modules/webdatabase/DatabaseTracker.h:
            - added IOSDeletionMode.
        * platform/sql/SQLiteDatabase.cpp:
        (WebCore::SQLiteDatabase::open):
            - call prepareAndStep(), only check for SQLITE_ROW result.
        * platform/sql/SQLiteFileSystem.cpp:
        (WebCore::SQLiteFileSystem::openDatabase):
            - should set SQLITE_OPEN_AUTOPROXY flag when opening database.

2016-04-11  Zalan Bujtas  <zalan@apple.com>

        Simplify InlineTextBox::selectionStartEnd()
        https://bugs.webkit.org/show_bug.cgi?id=156459

        Reviewed by Darin Adler.

        No change in functionality.

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::selectionState):
        (WebCore::InlineTextBox::paint):
        (WebCore::InlineTextBox::selectionStartEnd):
        (WebCore::InlineTextBox::paintSelection):
        (WebCore::InlineTextBox::paintCompositionBackground):
        * rendering/InlineTextBox.h:
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::paintSelectionBackground):
        (WebCore::SVGInlineTextBox::paintText):

2016-04-11  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r193857): Text selection causes text to disappear.
        https://bugs.webkit.org/show_bug.cgi?id=156448
        rdar://problem/25578952

        Reviewed by Simon Fraser.

        Apparently when the end position of the selection range is smaller than the start position, we need
        to repaint the entire text as it indicates selection clearing.

        Test: fast/text/text-disappear-on-deselect.html

        * rendering/TextPainter.cpp:
        (WebCore::TextPainter::paintText):

2016-04-05  Oliver Hunt  <oliver@apple.com>

        Remove compile time define for SEPARATED_HEAP
        https://bugs.webkit.org/show_bug.cgi?id=155508

        Reviewed by Mark Lam.

        * Configurations/FeatureDefines.xcconfig:

2016-04-11  Chris Dumez  <cdumez@apple.com>

        Merge AttributedDOMTokenList into DOMTokenList
        https://bugs.webkit.org/show_bug.cgi?id=156468

        Reviewed by Ryosuke Niwa.

        Merge AttributedDOMTokenList into DOMTokenList to simplify the code.
        DOMTokenList is not constructible and AttributedDOMTokenList is its
        only constructible subclass after r196123.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Element.cpp:
        (WebCore::Element::classList):
        * dom/ElementRareData.h:
        (WebCore::ElementRareData::classList):
        (WebCore::ElementRareData::setClassList):
        * html/AttributeDOMTokenList.cpp: Removed.
        * html/AttributeDOMTokenList.h: Removed.
        * html/DOMTokenList.cpp:
        (WebCore::DOMTokenList::DOMTokenList):
        (WebCore::DOMTokenList::attributeValueChanged):
        (WebCore::DOMTokenList::updateAfterTokenChange):
        * html/DOMTokenList.h:
        (WebCore::DOMTokenList::ref):
        (WebCore::DOMTokenList::deref):
        (WebCore::DOMTokenList::element):
        (WebCore::DOMTokenList::~DOMTokenList): Deleted.
        (WebCore::DOMTokenList::updateAfterTokenChange): Deleted.
        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::relList):
        * html/HTMLAnchorElement.h:
        * html/HTMLIFrameElement.cpp:
        (WebCore::HTMLIFrameElement::sandbox):
        * html/HTMLIFrameElement.h:
        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::sizes):
        (WebCore::HTMLLinkElement::relList):
        * html/HTMLLinkElement.h:
        * html/HTMLOutputElement.cpp:
        (WebCore::HTMLOutputElement::htmlFor):
        * html/HTMLOutputElement.h:

2016-04-11  Chris Dumez  <cdumez@apple.com>

        DOMTokenList.contains() should not throw
        https://bugs.webkit.org/show_bug.cgi?id=156453

        Reviewed by Ryosuke Niwa.

        DOMTokenList.contains() should not throw if the input token is invalid:
        https://github.com/whatwg/dom/commit/6d3076e3cbcba662489b272a718bc6b8c0082a74

        We now return false in such cases, instead of throwing, which should be
        safe with regards to backward compatibility.

        No new tests, already covered by existing tests.

        * html/DOMTokenList.cpp:
        (WebCore::DOMTokenList::contains):
        * html/DOMTokenList.h:
        * html/DOMTokenList.idl:

2016-04-11  Frederic Wang  <fwang@igalia.com>

        Refactor RenderMathMLFraction layout to avoid using flexbox
        https://bugs.webkit.org/show_bug.cgi?id=153917

        Reviewed by Sergio Villar Senin.

        Based on a patch by Alejandro G. Castro <alex@igalia.com>

        Implement the layoutBlock method to handle the layout calculations
        directly in the class. This also fixes parsing of absolute values for
        linethickness attribute (e.g. 10px) and adds support for the AxisHeight
        and FractionRuleThickness MATH parameters.

        Test: mathml/opentype/fraction-line.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::mathLineThickness): Use the thickness relative to the
        default line thickness since that's really what is expected by mathml-line-fraction.html
        * css/mathml.css: Remove flexbox properties for mfrac.
        (mfrac): Deleted.
        (mfrac > *): Deleted.
        (mfrac[numalign="left"] > :first-child): Deleted.
        (mfrac[numalign="right"] > :first-child): Deleted.
        (mfrac[denomalign="left"] > :last-child): Deleted.
        (mfrac[denomalign="right"] > :last-child): Deleted.
        (mfrac > :first-child): Deleted.
        (mfrac > :last-child): Deleted.
        (mfrac): Deleted.
        * rendering/mathml/RenderMathMLBlock.cpp: Introduce a helper function to retrieve the math
        axis height.
        (WebCore::RenderMathMLBlock::mathAxisHeight):
        * rendering/mathml/RenderMathMLBlock.h: Declare mathAxisHeight.
        * rendering/mathml/RenderMathMLFraction.cpp:
        (WebCore::RenderMathMLFraction::RenderMathMLFraction):
        (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Helper function to parse the align
        attribute.
        (WebCore::RenderMathMLFraction::isValid): Helper function to verify whether the child list
        is valid with respect to the MathML specificitation.
        (WebCore::RenderMathMLFraction::numerator): Helper function to retrieve the numerator.
        (WebCore::RenderMathMLFraction::denominator): Helper function to retrieve the denominator.
        (WebCore::RenderMathMLFraction::updateFromElement): Use the FractionRuleThickness parameter
        when avaiable to calculate the default linethickness.
        Fix computation of linethickness for absolute values (e.g. 10px), the default linethickness
        must not be involved for such values.
        We no longer need to manage style of anonymous wrappers.
        (WebCore::RenderMathMLFraction::unembellishedOperator): Use the helper function and we no
        longer care about anonymous wrappers.
        (WebCore::RenderMathMLFraction::computePreferredLogicalWidths): Implement this function
        without using flexbox.
        (WebCore::RenderMathMLFraction::horizontalOffset): Helper function to get the horizontal
        offsets of children depending of the alignment.
        (WebCore::RenderMathMLFraction::layoutBlock): Implement this function without using flexbox.
        (WebCore::RenderMathMLFraction::paint): Do not paint if the fraction is invalid. Use helper
        function. Use the width of the renderer (instead of the one of the denominator) as the
        length of the fraction bar.
        (WebCore::RenderMathMLFraction::firstLineBaseline): Use the helper functions to get children
        and axis height.
        (WebCore::RenderMathMLFraction::paintChildren): Temporary function to remove in a
        follow-up patch.
        (WebCore::RenderMathMLFraction::fixChildStyle): Deleted. We no longer need to manage style
        of anonymous wrappers.
        (WebCore::RenderMathMLFraction::addChild): Deleted. We no longer need to manage
        anonymous wrappers.
        (WebCore::RenderMathMLFraction::styleDidChange): We no longer need to manage style of
        anonymous wrappers.
        (WebCore::RenderMathMLFraction::layout): Deleted.
        * rendering/mathml/RenderMathMLFraction.h: Replace lineThickness with relativeLineThickness,
        as needed by the accessibility code. Update function and members declarations.

2016-04-11  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r199290.
        https://bugs.webkit.org/show_bug.cgi?id=156465

        broke 300 tests (Requested by mcatanzaro on #webkit).

        Reverted changeset:

        "Merge CG ImageSource and non CG ImageSource implementation in
        one file"
        https://bugs.webkit.org/show_bug.cgi?id=155456
        http://trac.webkit.org/changeset/199290

2016-04-11  Frederic Wang  <fwang@igalia.com>

        Refactor RenderMathMLUnderOver layout functions to avoid using flexbox
        https://bugs.webkit.org/show_bug.cgi?id=153742

        Reviewed by Sergio Villar Senin.

        Based on a patch by Javier Fernandez <jfernandez@igalia.com>

        Refactor the UnderOver renderer to use its own layoutBlock method that
        does all the layout calculations without considering the flexbox
        restrictions.

        * css/mathml.css:
        (mo, mfrac, munder, mover, munderover): Delete the underover elements from the line defining
        the column direction.
        (munder, mover, munderover): Deleted. This flexbox property is no longer needed.
        (mover > :last-child, munderover > :last-child): Deleted. This flexbox property is no longer
        needed.
        * rendering/mathml/RenderMathMLUnderOver.cpp:
        (WebCore::RenderMathMLUnderOver::firstLineBaseline): Use ascentForChild.
        (WebCore::RenderMathMLUnderOver::computeOperatorsHorizontalStretch): Avoid stretching
        operators that are not stretchy.
        (WebCore::RenderMathMLUnderOver::isValid): Helper function to ensure that the child list is
        valid with respect to the MathML specification.
        (WebCore::RenderMathMLUnderOver::base): Added. Helper function.
        (WebCore::RenderMathMLUnderOver::under): Added. Helper function.
        (WebCore::RenderMathMLUnderOver::over): Added. Helper function.
        (WebCore::RenderMathMLUnderOver::computePreferredLogicalWidths): Added.
        The preferred width is the maximum preferred width of the base, under and over scripts.
        (WebCore::RenderMathMLUnderOver::horizontalOffset): Added, helper to calculate the
        horizontal position of children (horizontally centered).
        (WebCore::RenderMathMLUnderOver::layoutBlock): Added, it lays out the base, underscript and
        overscript. It calculates the exact logical width, which may differ from the preferred width when
        one child contains stretchy operators. It later sets the locations of children accordingly
        and sets the heigth of the render element.
        (WebCore::RenderMathMLUnderOver::paintChildren): Added, we have to use the usual traverse
        instead of the one that comes from the flexbox. This will be removed in a follow-up patch.
        (WebCore::RenderMathMLUnderOver::layout): Deleted.
        * rendering/mathml/RenderMathMLUnderOver.h: Added new functions definitions.

2016-04-07  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Rework the theming code for GTK+ 3.20
        https://bugs.webkit.org/show_bug.cgi?id=156333

        Reviewed by Michael Catanzaro.

        During the 3.19 GTK+ release cycle, the GTK+ css system was reworked, making themes and programs rendering
        themed widgets, incompatible with the new system. We were trying to fix our rendering every time GTK+ broke
        something, but we were just changing whatever it was needed to make our rendering look like current GTK+ with
        the default theme Adwaita. This means that our rendering will be broken for other themes or that changes in
        Adwaita can break our rendering. This solution was good enough to ensure WebKitGTK+ 2.12 looked good with GTK+
        3.20, but it doesn't work in the long term. We need to ensure that our theming code honors the new GTK+ CSS
        properties (max-width, min-width, margin, padding, border, ...) in all the cases, not only the cases where
        Adwaita uses them like we currently do.
        This patch splits all rendering methods to keep the current code for previous GTK+ versions and adds new code
        for GTK+ >= 3.20 using the new RenderThemeGadget classes. This makes the code easier to read, since there aren't
        ifdef blocks in the functions, and we ensure we don't break previous rendering.

        * PlatformGTK.cmake: Add new files to compilation.
        * html/shadow/SpinButtonElement.cpp:
        (WebCore::SpinButtonElement::defaultEventHandler): Check the button layout used by the theme to decide the
        current buttons state.
        * platform/gtk/RenderThemeGadget.cpp: Added.
        (WebCore::RenderThemeGadget::create):
        (WebCore::createStyleContext):
        (WebCore::appendElementToPath):
        (WebCore::RenderThemeGadget::RenderThemeGadget):
        (WebCore::RenderThemeGadget::~RenderThemeGadget):
        (WebCore::RenderThemeGadget::marginBox):
        (WebCore::RenderThemeGadget::borderBox):
        (WebCore::RenderThemeGadget::paddingBox):
        (WebCore::RenderThemeGadget::contentsBox):
        (WebCore::RenderThemeGadget::color):
        (WebCore::RenderThemeGadget::backgroundColor):
        (WebCore::RenderThemeGadget::minimumSize):
        (WebCore::RenderThemeGadget::preferredSize):
        (WebCore::RenderThemeGadget::render):
        (WebCore::RenderThemeGadget::renderFocus):
        (WebCore::RenderThemeBoxGadget::RenderThemeBoxGadget):
        (WebCore::RenderThemeTextFieldGadget::RenderThemeTextFieldGadget):
        (WebCore::RenderThemeTextFieldGadget::minimumSize):
        (WebCore::RenderThemeToggleGadget::RenderThemeToggleGadget):
        (WebCore::RenderThemeToggleGadget::render):
        (WebCore::RenderThemeArrowGadget::RenderThemeArrowGadget):
        (WebCore::RenderThemeArrowGadget::render):
        (WebCore::RenderThemeIconGadget::RenderThemeIconGadget):
        (WebCore::RenderThemeIconGadget::gtkIconSizeForPixelSize):
        (WebCore::RenderThemeIconGadget::render):
        (WebCore::RenderThemeIconGadget::minimumSize):
        * platform/gtk/RenderThemeGadget.h: Added.
        (WebCore::RenderThemeGadget::context):
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::innerSpinButtonLayout): Added this method to allow themes use a different layout for the
        buttons.
        * rendering/RenderThemeGtk.cpp:
        (WebCore::themeChangedCallback): Just moved this code to a common place.
        (WebCore::RenderThemeGtk::RenderThemeGtk): Initialize the theme monitor in the constructor.
        (WebCore::createStyleContext): Remove the render parts that are specific to GTK+ 3.20.
        (WebCore::RenderThemeGtk::adjustRepaintRect): Moved inside a GTK+ < 3.20 ifdef block.
        (WebCore::themePartStateFlags): Helper function to get the GtkStateFlags of a theme part for a given RenderObject.
        (WebCore::shrinkToMinimumSizeAndCenterRectangle): Move this common code to a helper function.
        (WebCore::setToggleSize):
        (WebCore::paintToggle):
        (WebCore::RenderThemeGtk::paintButton):
        (WebCore::RenderThemeGtk::popupInternalPaddingBox):
        (WebCore::RenderThemeGtk::paintMenuList):
        (WebCore::RenderThemeGtk::adjustTextFieldStyle): For GTK+ 3.20 we need to ensure a minimum size for spin buttons,
        so if the text field is for a spin button, we adjust the desired size here.
        (WebCore::RenderThemeGtk::paintTextField): In GTK+ 3.20 the CSS gadgets used to render spin buttons are
        different, so we check here if this is the entry of a spin button to use the right gadgets.
        (WebCore::adjustSearchFieldIconStyle):
        (WebCore::RenderThemeGtk::paintTextArea):
        (WebCore::RenderThemeGtk::adjustSearchFieldResultsButtonStyle):
        (WebCore::RenderThemeGtk::paintSearchFieldResultsButton):
        (WebCore::RenderThemeGtk::adjustSearchFieldResultsDecorationPartStyle):
        (WebCore::RenderThemeGtk::adjustSearchFieldCancelButtonStyle):
        (WebCore::paintSearchFieldIcon):
        (WebCore::RenderThemeGtk::paintSearchFieldResultsDecorationPart):
        (WebCore::RenderThemeGtk::paintSearchFieldCancelButton):
        (WebCore::centerRectVerticallyInParentInputElement): Moved inside a GTK+ < 3.20 ifdef block.
        (WebCore::RenderThemeGtk::paintSliderTrack):
        (WebCore::RenderThemeGtk::adjustSliderThumbSize):
        (WebCore::RenderThemeGtk::paintSliderThumb):
        (WebCore::RenderThemeGtk::progressBarRectForBounds): Ensure a minimum size of progress bars in GTK+ 3.20.
        (WebCore::RenderThemeGtk::paintProgressBar):
        (WebCore::RenderThemeGtk::innerSpinButtonLayout): Use an horizontal layout for spin buttons.
        (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):
        (WebCore::RenderThemeGtk::paintInnerSpinButton):
        (WebCore::styleColor):
        (WebCore::RenderThemeGtk::paintMediaButton):
        * rendering/RenderThemeGtk.h:

2016-04-11  Antti Koivisto  <antti@apple.com>

        Implement functional :host() pseudo class
        https://bugs.webkit.org/show_bug.cgi?id=156397
        <rdar://problem/25621445>

        Reviewed by Darin Adler.

        We already support :host. Add functional syntax too.

        * css/CSSGrammar.y.in:

            Parse functional :host().

        * css/CSSParser.cpp:
        (WebCore::CSSParser::detectFunctionTypeToken):
        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::parsePseudoClassHostFunctionSelector):
        * css/CSSParserValues.h:
        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::matchedRuleList):
        (WebCore::ElementRuleCollector::addMatchedRule):

            Factor some shared code here.

        (WebCore::ElementRuleCollector::matchHostPseudoClassRules):

            Instead of using the generic paths use a :host specific code path for matching.
            This makes it easier to avoid :host matching when it shouldn't.

        (WebCore::ElementRuleCollector::collectMatchingRulesForList):
        * css/ElementRuleCollector.h:
        * css/RuleSet.cpp:
        (WebCore::computeMatchBasedOnRuleHash):

            :host is always handled by the special matching path.

        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::match):
        (WebCore::SelectorChecker::matchHostPseudoClass):

            Add a function specifically for checking :host. In always fails on the normal code paths.
            Check the argument selector if provided.

        (WebCore::hasScrollbarPseudoElement):
        * css/SelectorChecker.h:

2016-04-11  Said Abou-Hallawa  <sabouhallawa@apple,com>

        Merge CG ImageSource and non CG ImageSource implementation in one file
        https://bugs.webkit.org/show_bug.cgi?id=155456

        Reviewed by Darin Adler.

        ImageSource for CG and CG code paths look very similar. All the platform
        specific code can be moved to ImageDecoder classes for CG and non CG. And
        we can have the ImageSource be platform independent and we get rid of
        ImageSourceCG.cpp.

        Test: fast/images/image-subsampling.html

        * CMakeLists.txt:
        * PlatformAppleWin.cmake:
        * PlatformMac.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        Delete ImageSourceCG.cpp form all make files and add ImageSource.cpp to
        CMakeLists.txt.
        
        * platform/Cursor.cpp:
        (WebCore::determineHotSpot):
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::hotSpot):
        (WebCore::BitmapImage::getHotSpot): Deleted.
        * platform/graphics/BitmapImage.h:
        * platform/graphics/Image.h:
        (WebCore::Image::hotSpot):
        (WebCore::Image::getHotSpot): Deleted.
        Rename getHotSpot() to hotSpot() and change it to return Optional<IntPoint>.
        
        * platform/graphics/ImageSource.cpp:
        (WebCore::ImageSource::~ImageSource): Remove clear(true) call. It does nothing.
        (WebCore::ImageSource::clearFrameBufferCache): A wrapper which calls ImageDecoder::clearFrameBufferCache().
        (WebCore::ImageSource::clear): Calls clearFrameBufferCache() which will do nothing for CG.
        
        (WebCore::ImageSource::ensureDecoderIsCreated): Change SharedBuffer* to
        const SharedBuffer& and remove the call to ImageDecoder::setMaxNumPixels().
        The value of const static int CG ImageDecoder::m_maxNumPixels will be set
        based on IMAGE_DECODER_DOWN_SAMPLING.
        
        (WebCore::ImageSource::setData): Pass SharedBuffer& to the underlying functions.
        
        (WebCore::ImageSource::calculateMaximumSubsamplingLevel): Returns the maximum
        subsampling level allowed for an image.
        
        (WebCore::ImageSource::subsamplingLevelForScale): Converts from a scale to
        SubsamplingLevel taking into consideration the maximumSubsamplingLevel for
        a particular image.
        
        (WebCore::ImageSource::bytesDecodedToDetermineProperties): Returns the number
        of encoded bytes which can determine the image properties. For non CG it's
        zero. For CG it is a maximum value which can be corrected later.
        
        (WebCore::ImageSource::isSizeAvailable):
        (WebCore::ImageSource::sizeRespectingOrientation):
        (WebCore::ImageSource::frameCount):
        (WebCore::ImageSource::repetitionCount):
        (WebCore::ImageSource::filenameExtension):
        (WebCore::ImageSource::getHotSpot):
        (WebCore::ImageSource::frameIsCompleteAtIndex):
        (WebCore::ImageSource::frameHasAlphaAtIndex):
        (WebCore::ImageSource::allowSubsamplingOfFrameAtIndex):
        (WebCore::ImageSource::frameSizeAtIndex):
        (WebCore::ImageSource::frameBytesAtIndex):
        (WebCore::ImageSource::frameDurationAtIndex):
        (WebCore::ImageSource::orientationAtIndex):
        (WebCore::ImageSource::createFrameImageAtIndex):
        These are wrappers for the ImageDecoder APIs. The purpose of these functions
        is to ensure the ImageDecoder is created.
        
        (WebCore::ImageSource::dump): Called from BitmapImage::dump().
        
        (WebCore::ImageSource::getHotSpot): Deleted.
        
        * platform/graphics/ImageSource.h:
        (WebCore::ImageSource::setAllowSubsampling): Called from BitmapImage::setAllowSubsampling().
        
        (WebCore::ImageSource::maxPixelsPerDecodedImage): Deleted.
        (WebCore::ImageSource::setMaxPixelsPerDecodedImage): Deleted.
        Setting maxPixelsPerDecodedImage was moved to the non CG ImageDecoder.
        
        * platform/graphics/cg/ImageDecoderCG.cpp:
        (WebCore::ImageDecoder::setData): Change SharedBuffer* to SharedBuffer&.

        (WebCore::ImageDecoder::subsamplingLevelForScale): Deleted.
        The code was moved to ImageSource::subsamplingLevelForScale().
        
        * platform/graphics/cg/ImageDecoderCG.h:
        (WebCore::ImageDecoder::create): Make the prototype of this function
        suitable for CG and non CG cases.
        (WebCore::ImageDecoder::clearFrameBufferCache): Empty functions for CG.
        
        * platform/graphics/cg/ImageSourceCG.cpp: Removed.
        
        * platform/image-decoders/ImageDecoder.cpp:
        (WebCore::ImageDecoder::frameIsCompleteAtIndex): A mew function to return
        whether the frame decoding is complete or not.
        
        (WebCore::ImageDecoder::frameHasAlphaAtIndex): Simplify the logic.
        
        (WebCore::ImageDecoder::frameDurationAtIndex): The code was moved from
        ImageSource::frameDurationAtIndex() in ImageSource.cpp.
        
        (WebCore::ImageDecoder::createFrameImageAtIndex): The code was moved from
        ImageSource::createFrameImageAtIndex() in ImageSource.cpp.
        
        * platform/image-decoders/ImageDecoder.h:
        (WebCore::ImageDecoder::ImageDecoder): Initialize the members in class.
        (WebCore::ImageDecoder::~ImageDecoder): Fix the braces style.
        (WebCore::ImageDecoder::setData): Change the type of the argument from
        SharedBuffer* to SharedBuffer&.
        (WebCore::ImageDecoder::frameSizeAtIndex): Add the argument SubsamplingLevel
        so it can have the same prototype as CG.
        (WebCore::ImageDecoder::orientationAtIndex): Rename it to the same of CG.
        
        (WebCore::ImageDecoder::allowSubsamplingOfFrameAtIndex):
        (WebCore::ImageDecoder::bytesDecodedToDetermineProperties):
        (WebCore::ImageDecoder::subsamplingLevelForScale): Add these functions
        and return the default values so we do not have to add directive compiled
        non CG blocks in ImageSource.cpp.

        (WebCore::ImageDecoder::hotSpot): Return Optional<IntPoint>.
        
        (WebCore::ImageDecoder::orientation): Deleted.
        (WebCore::ImageDecoder::setMaxNumPixels): Deleted.
        
        * platform/image-decoders/bmp/BMPImageDecoder.cpp:
        (WebCore::BMPImageDecoder::setData):
        * platform/image-decoders/bmp/BMPImageDecoder.h:
        * platform/image-decoders/gif/GIFImageDecoder.cpp:
        (WebCore::GIFImageDecoder::setData):
        (WebCore::GIFImageDecoder::decode):
        * platform/image-decoders/gif/GIFImageDecoder.h:
        * platform/image-decoders/gif/GIFImageReader.h:
        (GIFImageReader::setData):
        * platform/image-decoders/ico/ICOImageDecoder.cpp:
        (WebCore::ICOImageDecoder::setData):
        Use reference SharedBuffer instead of pointer SharedBuffer.
        
        (WebCore::ICOImageDecoder::hotSpot):
        (WebCore::ICOImageDecoder::hotSpotAtIndex):
        Change hotSpot() to return Optional<IntPoint>.
        * platform/image-decoders/ico/ICOImageDecoder.h:
                
        (WebCore::ICOImageDecoder::setDataForPNGDecoderAtIndex):
        Pass reference SharedBuffer instead of pointer SharedBuffer.

2016-04-11  Fujii Hironori  <Hironori.Fujii@jp.sony.com>

        [CMake] Make FOLDER property INHERITED
        https://bugs.webkit.org/show_bug.cgi?id=156460

        Reviewed by Brent Fulgham.

        * CMakeLists.txt:
        Set FOLDER property as a directory property not a target property

2016-04-10  Sam Weinig  <sam@webkit.org>

        Fix the build.

        * platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:
        (WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker):

2016-04-08  Sam Weinig  <sam@webkit.org>

        Remove support for custom target picker actions
        <rdar://problem/24987783>
        https://bugs.webkit.org/show_bug.cgi?id=156434

        Reviewed by Eric Carlson.

        This mostly entailed rolling out r197429 and r197569.

        * Modules/mediasession/WebMediaSessionManager.cpp:
        (WebCore::WebMediaSessionManager::removeAllPlaybackTargetPickerClients):
        (WebCore::WebMediaSessionManager::showPlaybackTargetPicker):
        (WebCore::WebMediaSessionManager::clientStateDidChange):
        (WebCore::WebMediaSessionManager::externalOutputDeviceAvailableDidChange):
        (WebCore::WebMediaSessionManager::configureNewClients):
        (WebCore::WebMediaSessionManager::customPlaybackActionSelected): Deleted.
        * Modules/mediasession/WebMediaSessionManager.h:
        * Modules/mediasession/WebMediaSessionManagerClient.h:
        * dom/Document.cpp:
        (WebCore::Document::removePlaybackTargetPickerClient):
        (WebCore::Document::showPlaybackTargetPicker):
        (WebCore::Document::playbackTargetPickerClientStateDidChange):
        (WebCore::Document::setShouldPlayToPlaybackTarget):
        (WebCore::Document::customPlaybackActionSelected): Deleted.
        * dom/Document.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::enqueuePlaybackTargetAvailabilityChangedEvent):
        (WebCore::HTMLMediaElement::setShouldPlayToPlaybackTarget):
        (WebCore::HTMLMediaElement::webkitCurrentPlaybackTargetIsWireless):
        (WebCore::HTMLMediaElement::customPlaybackActionSelected): Deleted.
        (WebCore::HTMLMediaElement::playbackTargetPickerCustomActionName): Deleted.
        * html/HTMLMediaElement.h:
        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::showPlaybackTargetPicker):
        (WebCore::MediaElementSession::hasWirelessPlaybackTargets):
        (WebCore::MediaElementSession::setShouldPlayToPlaybackTarget):
        (WebCore::MediaElementSession::mediaStateDidChange):
        (WebCore::MediaElementSession::customPlaybackActionSelected): Deleted.
        * html/MediaElementSession.h:
        * page/ChromeClient.h:
        * page/Page.cpp:
        (WebCore::Page::removePlaybackTargetPickerClient):
        (WebCore::Page::showPlaybackTargetPicker):
        (WebCore::Page::setShouldPlayToPlaybackTarget):
        (WebCore::Page::ensureTestTrigger):
        (WebCore::Page::customPlaybackActionSelected): Deleted.
        * page/Page.h:
        (WebCore::Page::testTrigger):
        * platform/audio/PlatformMediaSession.h:
        (WebCore::PlatformMediaSessionClient::canPlayToWirelessPlaybackTarget):
        (WebCore::PlatformMediaSessionClient::isPlayingToWirelessPlaybackTarget):
        (WebCore::PlatformMediaSessionClient::setShouldPlayToPlaybackTarget):
        (WebCore::PlatformMediaSessionClient::customPlaybackActionSelected): Deleted.
        * platform/graphics/MediaPlaybackTargetClient.h:
        * platform/graphics/MediaPlaybackTargetPicker.cpp:
        (WebCore::MediaPlaybackTargetPicker::pendingActionTimerFired):
        (WebCore::MediaPlaybackTargetPicker::addPendingAction):
        (WebCore::MediaPlaybackTargetPicker::showPlaybackTargetPicker):
        * platform/graphics/MediaPlaybackTargetPicker.h:
        (WebCore::MediaPlaybackTargetPicker::availableDevicesDidChange):
        (WebCore::MediaPlaybackTargetPicker::currentDeviceDidChange):
        (WebCore::MediaPlaybackTargetPicker::Client::customPlaybackActionSelected): Deleted.
        (WebCore::MediaPlaybackTargetPicker::customPlaybackActionSelected): Deleted.
        * platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.h:
        * platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:
        (WebCore::MediaPlaybackTargetPickerMac::devicePicker):
        (WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker):
        * platform/mac/WebVideoFullscreenInterfaceMac.h:
        * platform/mac/WebVideoFullscreenInterfaceMac.mm:
        (WebCore::WebVideoFullscreenInterfaceMac::preparedToReturnToInline):
        (WebCore::WebVideoFullscreenInterfaceMac::setVideoDimensions):
        (WebCore::WebVideoFullscreenInterfaceMac::setExternalPlayback): Deleted.
        * platform/mock/MediaPlaybackTargetPickerMock.cpp:
        (WebCore::MediaPlaybackTargetPickerMock::timerFired):
        (WebCore::MediaPlaybackTargetPickerMock::showPlaybackTargetPicker):
        * platform/mock/MediaPlaybackTargetPickerMock.h:
        * platform/spi/cocoa/AVKitSPI.h:

2016-04-09  Konstantin Tokarev  <annulen@yandex.ru>

        Fixed compilation of JPEGImageDecoder with libjpeg v9.
        https://bugs.webkit.org/show_bug.cgi?id=156445

        Reviewed by Michael Catanzaro.

        ICU defines TRUE and FALSE macros, breaking libjpeg v9 headers.

        No new tests needed.

        * platform/image-decoders/jpeg/JPEGImageDecoder.h:

2016-04-09  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r199242.
        https://bugs.webkit.org/show_bug.cgi?id=156442

        Caused many many leaks (Requested by ap on #webkit).

        Reverted changeset:

        "Web Inspector: get rid of InspectorBasicValue and
        InspectorString subclasses"
        https://bugs.webkit.org/show_bug.cgi?id=156407
        http://trac.webkit.org/changeset/199242

2016-04-09  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r199268.
        https://bugs.webkit.org/show_bug.cgi?id=156440

        Broke Windows build (Requested by ap on #webkit).

        Reverted changeset:

        "Implement functional :host() pseudo class"
        https://bugs.webkit.org/show_bug.cgi?id=156397
        http://trac.webkit.org/changeset/199268

2016-04-09  Antti Koivisto  <antti@apple.com>

        Implement functional :host() pseudo class
        https://bugs.webkit.org/show_bug.cgi?id=156397
        <rdar://problem/25621445>

        Reviewed by Darin Adler.

        We already support :host. Add functional syntax too.

        * css/CSSGrammar.y.in:

            Parse functional :host().

        * css/CSSParser.cpp:
        (WebCore::CSSParser::detectFunctionTypeToken):
        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::parsePseudoClassHostFunctionSelector):
        * css/CSSParserValues.h:
        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::matchedRuleList):
        (WebCore::ElementRuleCollector::addMatchedRule):

            Factor some shared code here.

        (WebCore::ElementRuleCollector::matchHostPseudoClassRules):

            Instead of using the generic paths use a :host specific code path for matching.
            This makes it easier to avoid :host matching when it shouldn't.

        (WebCore::ElementRuleCollector::collectMatchingRulesForList):
        * css/ElementRuleCollector.h:
        * css/RuleSet.cpp:
        (WebCore::computeMatchBasedOnRuleHash):

            :host is always handled by the special matching path.

        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::match):
        (WebCore::SelectorChecker::matchHostPseudoClass):

            Add a function specifically for checking :host. In always fails on the normal code paths.
            Check the argument selector if provided.

        (WebCore::hasScrollbarPseudoElement):
        * css/SelectorChecker.h:

2016-04-07  Darin Adler  <darin@apple.com>

        Improve IDL support for object arguments that are neither optional nor nullable
        https://bugs.webkit.org/show_bug.cgi?id=156149

        Reviewed by Chris Dumez.

        After this patch, we are almost ready to change some more DOM functions to
        use references instead of pointers. Remaining blocking issue is lack of support
        for ShouldPassWrapperByReference in the gobject bindings.

        * bindings/objc/ExceptionHandlers.h: Add NO_RETURN to raiseDOMException.
        Added a new raiseTypeErrorException. Re-indented header and removed unneeded
        include and forward declarations.

        * bindings/objc/ExceptionHandlers.mm:
        (WebCore::raiseDOMException): Added RELEASE_ASSERT_NOT_REACHED so the compiler
        will understand this is NO_RETURN. Also updated FIXME comment.
        (WebCore::raiseTypeErrorException): Added.

        * bindings/scripts/CodeGenerator.pm: Removed unneeded code that allows the type
        "AtomicString" in IDL files.
        (ShouldPassWrapperByReference): Added. Contains the logic from the function in
        the JavaScript code generator that was named IsPointerParameterPassedByReference,
        minus a couple checks that are unneeded. For use in other code generators so they
        are all consistent about how they call the DOM implementation.

        * bindings/scripts/CodeGeneratorGObject.pm:
        (SkipFunction): Removed support for unused CustomBinding extended attribute.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader): Removed support for unused CustomBinding extended attribute.
        (GenerateImplementation): Ditto. Also changed type checking code to throw a
        type error in a more efficient way, using throwVMTypeError directly.
        (GenerateParametersCheck): Rearranged code a bit so that arguments that need to
        be passed in unusual ways are handled all in one place. Use WTFMove for newly
        created NodeFilter objects. Simplified the reference logic so it doesn't need
        to do an additional check to see if a type is a callback. Also changed type
        checking code to throw a type error in a more efficient way, using throwVMTypeError
        directly. Also corrected mistake where null checking code was throwing
        TYPE_MISMATCH_ERR instead of a type error.
        (GetNativeType): Coding style tweak.
        (ShouldPassWrapperByReference): Renamed from IsPointerParameterPassedByReference.
        Changed to call underlying ShouldPassWrapperByReference function in the language-
        independent code generator.
        (GenerateConstructorDefinition): Updated for name change.

        * bindings/scripts/CodeGeneratorObjC.pm:
        (SkipFunction): Removed support for unused CustomBinding extended attribute.
        (GenerateImplementation): Added code to null check and pass a reference when
        ShouldPassWrapperByReference returns true.

        * bindings/scripts/IDLAttributes.txt: Sorted in the AppleCopyright and
        UsePointersEvenForNonNullableObjectArguments arguments. Removed the unused
        CPPPureInterface and CustomBinding attributes.

        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp: Regenerated test results.
        * bindings/scripts/test/JS/JSTestInterface.cpp: Ditto.
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp: Ditto.
        * bindings/scripts/test/JS/JSTestObj.cpp: Ditto.
        * bindings/scripts/test/JS/JSTestObj.h: Ditto.
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp: Ditto.
        * bindings/scripts/test/JS/JSTestTypedefs.cpp: Ditto.
        * bindings/scripts/test/ObjC/DOMTestActiveDOMObject.mm: Ditto.
        * bindings/scripts/test/ObjC/DOMTestCallback.mm: Ditto.
        * bindings/scripts/test/ObjC/DOMTestCallbackFunction.mm: Ditto.
        * bindings/scripts/test/ObjC/DOMTestInterface.mm: Ditto.
        * bindings/scripts/test/ObjC/DOMTestMediaQueryListListener.mm: Ditto.
        * bindings/scripts/test/ObjC/DOMTestObj.mm: Ditto.

        * bindings/scripts/test/TestObj.idl: Removed test for CustomBinding.

        * dom/DOMImplementation.idl: Fixed #if so that only the return type is different
        between JavaScript and the other bindings. Without this change, the different
        bindings got different results for ShouldPassWrapperByReference. Also formatted
        functions all on a single line.

        * dom/EventListener.idl: Removed CPPPureInterface, since it had no effect.
        * dom/EventTarget.idl: Ditto.

2016-04-08  Chris Dumez  <cdumez@apple.com>

        [WebIDL] Add support for [ExportMacro=XXX] IDL extended attribute
        https://bugs.webkit.org/show_bug.cgi?id=156428

        Reviewed by Ryosuke Niwa.

        Add support for [ExportMacro=XXX] IDL extended attribute (e.g. [ExportMacro=WEBCORE_EXPORT])
        so developers can indicate in the IDL which macro to use to export the generated JS bindings
        class.

        We previously supported this by hard-coding JS class names in the bindings generator which
        was ugly.

        * Modules/mediasession/MediaSession.idl:
        * Modules/mediasource/SourceBuffer.idl:
        * Modules/notifications/Notification.idl:
        * Modules/webaudio/AudioContext.idl:
        * bindings/scripts/CodeGeneratorJS.pm:
        (GetExportMacroForJSClass):
        (GenerateHeader):
        (AddIncludesForType): Deleted.
        (AddToImplIncludes): Deleted.
        * bindings/scripts/IDLAttributes.txt:
        * bindings/scripts/test/TestInterface.idl:
        * bindings/scripts/test/TestNode.idl:
        * css/CSSStyleDeclaration.idl:
        * dom/ClientRect.idl:
        * dom/ClientRectList.idl:
        * dom/Document.idl:
        * dom/Element.idl:
        * dom/Node.idl:
        * dom/Range.idl:
        * fileapi/File.idl:
        * html/DOMURL.idl:
        * html/HTMLElement.idl:
        * html/HTMLMediaElement.idl:
        * html/TimeRanges.idl:
        * html/canvas/DOMPath.idl:
        * inspector/ScriptProfile.idl:
        * inspector/ScriptProfileNode.idl:
        * page/DOMWindow.idl:
        * page/make_settings.pl:
        (generateInternalSettingsIdlFile):
        * testing/InternalSettings.idl:
        * testing/Internals.idl:
        * testing/MallocStatistics.idl:
        * testing/MemoryInfo.idl:
        * testing/TypeConversions.idl:
        * xml/XMLHttpRequest.idl:

2016-04-08  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: XHRs and Web Worker scripts are not searchable
        https://bugs.webkit.org/show_bug.cgi?id=154214
        <rdar://problem/24643587>

        Reviewed by Timothy Hatcher.

        Test: inspector/page/searchInResources.html

        * inspector/InspectorPageAgent.h:
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::searchInResource):
        (WebCore::InspectorPageAgent::searchInResources):
        Let the NetworkAgent handle individual search requests
        with a requestId. And provide global search results for
        "other" resources and will include requestId properties.

        * inspector/InspectorNetworkAgent.h:
        * inspector/InspectorNetworkAgent.cpp:
        (WebCore::InspectorNetworkAgent::didFinishXHRLoading):
        (WebCore::buildObjectForSearchResult):
        (WebCore::InspectorNetworkAgent::searchOtherRequests):
        (WebCore::InspectorNetworkAgent::searchInRequest):
        Search saved "other" resource data content.

        * inspector/NetworkResourcesData.h:
        * inspector/NetworkResourcesData.cpp:
        (WebCore::NetworkResourcesData::resources):
        Expose the resources for iteration by the NetworkAgent.

2016-04-08  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: "AXLandmarkApplication" is an inappropriate subrole for ARIA "application" since it's no longer a landmark
        https://bugs.webkit.org/show_bug.cgi?id=155403

        Reviewed by Chris Fleizach.

        The new subrole is AXWebApplication and the new role description is "web application".
        As part of the fix, the WebCore AccessibilityRole for ARIA's "application" role was
        renamed from LandmarkApplicationRole to WebApplicationRole.

        The roles-exposed.html and aria-grouping-roles.html test expectations were also updated.

        * English.lproj/Localizable.strings:
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::accessibleNameDerivesFromContent):
        (WebCore::AccessibilityObject::isLandmark):
        (WebCore::initializeRoleMap):
        * accessibility/AccessibilityObject.h:
        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (atkRole):
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):
        (-[WebAccessibilityObjectWrapper _accessibilityIsLandmarkRole:]):
        * accessibility/mac/WebAccessibilityObjectWrapperBase.mm:
        (-[WebAccessibilityObjectWrapperBase ariaLandmarkRoleDescription]):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (createAccessibilityRoleMap):
        (-[WebAccessibilityObjectWrapper subrole]):
        * platform/LocalizedStrings.cpp:
        (WebCore::AXARIAContentGroupText):

2016-04-08  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] WKWebViews should consult ancestor UIScrollViews to determine tiling area
        https://bugs.webkit.org/show_bug.cgi?id=156429
        rdar://problem/25455111

        Reviewed by Tim Horton.

        When a WKWebView is expanded to full size, then embedded in UIScrollView, it would
        create huge tiles that cover the entire view area (since it considered itself non-scrollable).

        Fix to always use 512x512 tiles in this configuration, and to adjust the tile coverage
        for the area exposed through the enclosing UIScrollView.

        * loader/HistoryController.cpp:
        (WebCore::HistoryController::saveScrollPositionAndViewStateToItem): setObscuredInset()
        moved from FrameView to Page.
        * page/FrameView.cpp:
        (WebCore::FrameView::adjustTiledBackingScrollability): If we're clipped by an ancestor scrollView,
        just assume we're scrollable on both axes.
        * page/Page.h:
        (WebCore::Page::obscuredInset):
        (WebCore::Page::setObscuredInset):
        (WebCore::Page::enclosedInScrollView):
        (WebCore::Page::setEnclosedInScrollView):
        * platform/ScrollView.h:
        (WebCore::ScrollView::platformObscuredInset): Deleted.
        (WebCore::ScrollView::platformSetObscuredInset): Deleted.

2016-04-08  Joseph Pecoraro  <pecoraro@apple.com>

        [iOS Simulator] Build failure (property 'contentsFormat' not found on object of type 'LegacyTileLayer *')
        https://bugs.webkit.org/show_bug.cgi?id=156415

        Reviewed by Simon Fraser.

        * platform/spi/cocoa/QuartzCoreSPI.h:
        Provide SPI forward declaration of the CALayer contentsFormat property.

2016-04-08  Alex Christensen  <achristensen@webkit.org>

        Progress towards running CMake WebKit2 on Mac
        https://bugs.webkit.org/show_bug.cgi?id=156426

        Reviewed by Tim Horton.

        * CMakeLists.txt:
        * PlatformGTK.cmake:
        * PlatformMac.cmake:
        * PlatformWin.cmake:
        On Mac, WTF is a static library that is linked only with JavaScriptCore.

2016-04-08  Jer Noble  <jer.noble@apple.com>

        Unreviewed 32-bit build fix; make type of std::min<> explicit.

        * platform/audio/ios/AudioDestinationIOS.cpp:
        (WebCore::AudioDestinationIOS::render):

2016-04-08  Jer Noble  <jer.noble@apple.com>

        CRASH in AudioDestinationNode::render()
        https://bugs.webkit.org/show_bug.cgi?id=156308

        Reviewed by Eric Carlson.

        Yet another math error in AudioDestinationIOS::render(). It is possible for the difference between
        m_startSpareFrame and m_endSpareFrame to be greater than the numberOfFrames to be rendered. Protect
        against this case by taking the min() of those two values and only advancing m_startSpareFrame by
        that amount.  This guarantees that framesThisTime will never underflow, and that data will not be
        written past the end of the ioData parameter.

        * platform/audio/ios/AudioDestinationIOS.cpp:
        (WebCore::AudioDestinationIOS::render):

2016-04-08  Brady Eidson  <beidson@apple.com>

        Modern IDB: Use more IDBValue and IDBGetResult in IDBBackingStore.
        https://bugs.webkit.org/show_bug.cgi?id=156418

        Reviewed by Alex Christensen.

        No new tests (Refactor, no change in behavior).

        * Modules/indexeddb/IDBValue.cpp:
        (WebCore::IDBValue::IDBValue):
        * Modules/indexeddb/IDBValue.h:
        
        * Modules/indexeddb/server/IDBBackingStore.h:
        
        * Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:
        (WebCore::IDBServer::MemoryBackingStoreTransaction::abort):
        
        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::addRecord):
        (WebCore::IDBServer::MemoryIDBBackingStore::getRecord):
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:
        
        * Modules/indexeddb/server/MemoryObjectStore.cpp:
        (WebCore::IDBServer::MemoryObjectStore::addRecord):
        * Modules/indexeddb/server/MemoryObjectStore.h:
        
        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd):
        (WebCore::IDBServer::UniqueIDBDatabase::performGetRecord):

2016-04-08  Brady Eidson  <beidson@apple.com>

        Modern IDB: Make IDBGetResult contain an IDBValue instead of a buffer, and remove unused methods.
        https://bugs.webkit.org/show_bug.cgi?id=156416

        Reviewed by Alex Christensen.

        No new tests (Refactor, no change in behavior).

        * Modules/indexeddb/IDBCursor.cpp:
        (WebCore::IDBCursor::setGetResult):
        
        * Modules/indexeddb/IDBGetResult.cpp:
        (WebCore::IDBGetResult::dataFromBuffer):
        (WebCore::IDBGetResult::isolatedCopy):
        * Modules/indexeddb/IDBGetResult.h:
        (WebCore::IDBGetResult::IDBGetResult):
        (WebCore::IDBGetResult::value):
        (WebCore::IDBGetResult::encode):
        (WebCore::IDBGetResult::decode):
        (WebCore::IDBGetResult::valueBuffer): Deleted.
        (WebCore::IDBGetResult::setValueBuffer): Deleted.
        (WebCore::IDBGetResult::setKeyData): Deleted.
        (WebCore::IDBGetResult::setPrimaryKeyData): Deleted.
        (WebCore::IDBGetResult::setKeyPath): Deleted.
        
        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::didGetRecordOnServer):
        
        * Modules/indexeddb/IDBValue.cpp:
        (WebCore::IDBValue::IDBValue):
        * Modules/indexeddb/IDBValue.h:
        
        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::getIndexRecord):

2016-04-08  Zalan Bujtas  <zalan@apple.com>

        Focus ring drawn at incorrect location on image map with CSS transform.
        https://bugs.webkit.org/show_bug.cgi?id=143527
        <rdar://problem/21908735>

        Reviewed by Simon Fraser.

        Implement pathForFocusRing for HTMLAreaElement. It follows the logic of RenderObject::addFocusRingRects().

        Tests: fast/images/image-map-outline-in-positioned-container.html
               fast/images/image-map-outline-with-paint-root-offset.html
               fast/images/image-map-outline-with-scale-transform.html
               fast/images/image-map-outline.html

        * html/HTMLAreaElement.cpp:
        (WebCore::HTMLAreaElement::pathForFocusRing):
        * html/HTMLAreaElement.h:
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::paintFocusRing): Move addFocusRingRects() out of focus ring painting.
        (WebCore::RenderElement::paintOutline):
        * rendering/RenderElement.h:
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paint):
        (WebCore::RenderImage::paintAreaElementFocusRing):
        * rendering/RenderImage.h:
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::paintOutline):

2016-04-08  Brent Fulgham  <bfulgham@apple.com>

        [WK1] Wheel event callback removing the window causes crash in WebCore
        https://bugs.webkit.org/show_bug.cgi?id=156409
        <rdar://problem/25631267>

        Reviewed by Simon Fraser.

        Null check the Widget before using it, since the iframe may have been removed
        from its parent document inside the event handler.

        This is the WK1 fix for https://bugs.webkit.org/show_bug.cgi?id=150871.

        Tested by fast/events/wheel-event-destroys-frame.html

        * page/EventHandler.cpp:
        (WebCore::widgetForElement): Added.
        (WebCore::EventHandler::handleWheelEvent): Use new helper function to
        clean up the code, and allow us to check that the Widget has not been
        destroyed during the event handler.

2016-04-08  Said Abou-Hallawa  <sabouhallawa@apple,com>

        Timing attack on SVG feComposite filter circumvents same-origin policy
        https://bugs.webkit.org/show_bug.cgi?id=154338

        Reviewed by Oliver Hunt.

        Ensure the FEComposite arithmetic filter is clamping the resulted color
        components in a constant time.

        * platform/graphics/filters/FEComposite.cpp:
        (WebCore::clampByte):
        (WebCore::computeArithmeticPixels):

2016-04-08  Brian Burg  <bburg@apple.com>

        Web Inspector: get rid of InspectorBasicValue and InspectorString subclasses
        https://bugs.webkit.org/show_bug.cgi?id=156407
        <rdar://problem/25627659>

        Reviewed by Timothy Hatcher.

        * inspector/InspectorDatabaseAgent.cpp: Don't use deleted subclasses.

2016-04-08  Beth Dakin  <bdakin@apple.com>

        Fix leaks in WebAVMediaSelectionOptionMac and WebPlaybackControlsManager
        https://bugs.webkit.org/show_bug.cgi?id=156379

        Reviewed by Tim Horton.

        These classes should use RetainPtrs.
        * platform/mac/WebVideoFullscreenInterfaceMac.mm:
        (-[WebAVMediaSelectionOptionMac localizedDisplayName]):
        (-[WebAVMediaSelectionOptionMac setLocalizedDisplayName:]):
        (-[WebPlaybackControlsManager timing]):
        (-[WebPlaybackControlsManager setTiming:]):
        (-[WebPlaybackControlsManager seekableTimeRanges]):
        (-[WebPlaybackControlsManager setSeekableTimeRanges:]):
        (-[WebPlaybackControlsManager audioMediaSelectionOptions]):
        (-[WebPlaybackControlsManager setAudioMediaSelectionOptions:]):
        (-[WebPlaybackControlsManager currentAudioMediaSelectionOption]):
        (-[WebPlaybackControlsManager setCurrentAudioMediaSelectionOption:]):
        (-[WebPlaybackControlsManager legibleMediaSelectionOptions]):
        (-[WebPlaybackControlsManager setLegibleMediaSelectionOptions:]):
        (-[WebPlaybackControlsManager currentLegibleMediaSelectionOption]):
        (-[WebPlaybackControlsManager setCurrentLegibleMediaSelectionOption:]):

2016-04-08  Fujii Hironori  <Hironori.Fujii@jp.sony.com>

        Touching any IDL files rebuilds all bindings in CMake Ninja build
        https://bugs.webkit.org/show_bug.cgi?id=156400

        Reviewed by Brent Fulgham.

        * bindings/scripts/preprocess-idls.pl:
        (GenerateConstructorAttribute):
        WriteFileIfChanged does not work due to flaky results of 'keys'.
        Sort results of 'keys'.

2016-04-07  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Stop using exposedContentRect for history scroll state restoration
        https://bugs.webkit.org/show_bug.cgi?id=156392

        Reviewed by Tim Horton.

        A future commit will alter the meaning of exposedContentRect on iOS to take into
        account clipped out parts of the WKWebView. To achieve this, wean history restoration
        off of using exposedContentRect for scroll state restoration. It did this to restore
        the page to the same position relative to the view's top-left (to avoid jiggles caused
        by changing obscured insets).

        Do this by pushing the left/top obscured insets down with visible content rects updates,
        storing them on ScrollView, and adding them to HistoryItem. Those insets are then used
        for scroll state restoration in WKWebView.

        * history/HistoryItem.cpp:
        (WebCore::HistoryItem::HistoryItem):
        * history/HistoryItem.h:
        (WebCore::HistoryItem::obscuredInset):
        (WebCore::HistoryItem::setObscuredInset):
        * loader/HistoryController.cpp:
        (WebCore::HistoryController::saveScrollPositionAndViewStateToItem):
        * platform/ScrollView.h:
        (WebCore::ScrollView::platformObscuredInset):
        (WebCore::ScrollView::platformSetObscuredInset):

2016-04-08  Brady Eidson  <beidson@apple.com>

        Build fix followup to http://trac.webkit.org/changeset/199230

        Unreviewed.

        * platform/posix/FileSystemPOSIX.cpp:
        (WebCore::hardLinkOrCopyFile): Stricter POSIX systems require a umask for O_CREAT opens,
          so let's provide one.

2016-04-08  Darin Adler  <darin@apple.com>

        Remove 14 more unnecessary uses of UsePointersEvenForNonNullableObjectArguments
        https://bugs.webkit.org/show_bug.cgi?id=156405

        Reviewed by Chris Dumez.

        * Modules/encryptedmedia/MediaKeySession.idl:
        * Modules/encryptedmedia/MediaKeys.idl:
        * dom/Element.idl:
        * dom/NamedNodeMap.idl:
        * html/HTMLElement.idl:
        * html/canvas/OESVertexArrayObject.idl:
        * html/canvas/WebGLRenderingContext.idl:
        * page/DOMSelection.idl:
        * storage/StorageEvent.idl:
        * svg/SVGSVGElement.idl:
        * xml/XMLSerializer.idl:
        * xml/XPathEvaluator.idl:
        * xml/XPathExpression.idl:
        * xml/XSLTProcessor.idl:
        Removed UsePointersEvenForNonNullableObjectArguments, which was having no effect
        in any of these classes. Also tweaked formatting of some of the IDL, merging things
        onto single lines, changing paragraphing and indenting a bit, and fixing some typos.

2016-04-08  Brady Eidson  <beidson@apple.com>

        Modern IDB (Blob support): Write blobs to temporary files and move them to the correct location when storing them.
        https://bugs.webkit.org/show_bug.cgi?id=156321

        Reviewed by Alex Christensen, Andy Estes, and Darin Adler.

        No new tests (No testable change in behavior yet, current tests pass).

        When asked to store a Blob (including Files) in IndexedDB, the Blob is written out to a temporary file.
        
        Then when the putOrAdd request is received by IDBServer it includes a list of blobURLs and their mappings
        to temporary files.
        
        Finally, as part of storing the Blob value in the database, those temporary files are moved in to place
        under the IndexedDB directory for storage and later retrieval.

        * Modules/indexeddb/IDBValue.cpp:
        (WebCore::IDBValue::IDBValue):

        * Modules/indexeddb/server/IDBBackingStore.h:
        (WebCore::IDBServer::IDBBackingStoreTemporaryFileHandler::~IDBBackingStoreTemporaryFileHandler):

        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::create):
        (WebCore::IDBServer::IDBServer::IDBServer):
        (WebCore::IDBServer::IDBServer::createBackingStore):
        * Modules/indexeddb/server/IDBServer.h:

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::blobRecordsTableSchema):
        (WebCore::IDBServer::blobRecordsTableSchemaAlternate):
        (WebCore::IDBServer::blobFilesTableSchema):
        (WebCore::IDBServer::blobFilesTableSchemaAlternate):
        (WebCore::IDBServer::SQLiteIDBBackingStore::SQLiteIDBBackingStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::ensureValidBlobTables):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo):
        (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
        (WebCore::IDBServer::SQLiteIDBBackingStore::temporaryFileHandler):

        * Modules/indexeddb/server/SQLiteIDBTransaction.cpp:
        (WebCore::IDBServer::SQLiteIDBTransaction::commit):
        (WebCore::IDBServer::SQLiteIDBTransaction::moveBlobFilesIfNecessary):
        (WebCore::IDBServer::SQLiteIDBTransaction::abort):
        (WebCore::IDBServer::SQLiteIDBTransaction::reset):
        (WebCore::IDBServer::SQLiteIDBTransaction::addBlobFile):
        * Modules/indexeddb/server/SQLiteIDBTransaction.h:

        * Modules/indexeddb/shared/InProcessIDBServer.cpp:
        (WebCore::InProcessIDBServer::InProcessIDBServer):
        (WebCore::InProcessIDBServer::accessToTemporaryFileComplete):
        * Modules/indexeddb/shared/InProcessIDBServer.h:

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::SerializedScriptValue::blobURLsIsolatedCopy):
        * bindings/js/SerializedScriptValue.h:

        * platform/FileSystem.h:
        * platform/gtk/FileSystemGtk.cpp:
        (WebCore::hardLinkOrCopyFile):
        * platform/posix/FileSystemPOSIX.cpp:
        (WebCore::hardLinkOrCopyFile):

2016-04-08  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [ATK] Crash getting text under element in CSS table
        https://bugs.webkit.org/show_bug.cgi?id=156328

        Reviewed by Chris Fleizach.

        AccessibilityRenderObject::textUnderElement() assumes (and asserts) that
        the first and last child of an anonymous block will each have nodes with
        which to define positions. This is not the case for CSS Tables and their
        anonymous descendants. AccessibilityNodeObject:textUnderElement() is our
        fallback for the instances where a text range cannot be created based on
        positions, so let it handle anonymous RenderTable parts.

        Test: accessibility/generated-content-with-display-table-crash.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::textUnderElement):
        (WebCore::AccessibilityRenderObject::shouldGetTextFromNode):
        * accessibility/AccessibilityRenderObject.h:

2016-04-08  Darin Adler  <darin@apple.com>

        Remove unneeded UsePointersEvenForNonNullableObjectArguments from event classes
        https://bugs.webkit.org/show_bug.cgi?id=156396

        Reviewed by Youenn Fablet.

        * dom/CompositionEvent.idl:
        * dom/KeyboardEvent.idl:
        * dom/MouseEvent.idl:
        * dom/MutationEvent.idl:
        * dom/TextEvent.idl:
        * dom/TouchEvent.idl:
        * dom/UIEvent.idl:
        * dom/WheelEvent.idl:
        Removed UsePointersEvenForNonNullableObjectArguments, which was having no effect.

2016-04-08  Manuel Rego Casasnovas  <rego@igalia.com>

        [css-grid] Fix positioned items with grid gaps
        https://bugs.webkit.org/show_bug.cgi?id=156288

        Reviewed by Darin Adler.

        When we place a positioned items in a grid with gaps,
        we were not taking into accounts the gutter size.
        We've to use that size to properly place and size the item.

        Tests: fast/css-grid-layout/grid-positioned-items-gaps-rtl.html
               fast/css-grid-layout/grid-positioned-items-gaps.html

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):

2016-04-08  Javier Fernandez  <jfernandez@igalia.com>

        [css-grid] Remove unnecessary iteration in populateGridPositions loop
        https://bugs.webkit.org/show_bug.cgi?id=156376

        Reviewed by Darin Adler.

        The populateGridPositions loop limit was set to 'lastLine'. However, the
        the position of last track's start line is updated after the loop, since
        it does not follow the same pattern; it does not have a content
        distribution offset.

        So, since we are essentially overwriting the value stored in the last
        iteration, we can just lower the loop limit.

        No new tests added, because there is no change in the functionality.

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::populateGridPositions):

2016-04-08  John Wilander  <wilander@apple.com>

        CSP: Block XHR when calling XMLHttpRequest.send() and throw network error.
        https://bugs.webkit.org/show_bug.cgi?id=153598
        <rdar://problem/24391483>

        Reviewed by Darin Adler.

        No new tests. Changes to existing tests are sufficient.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::open):
        (WebCore::XMLHttpRequest::initSend):
            Moved the CSP check from XMLHttpRequest::open() to XMLHttpRequest::initSend().
            Changed the thrown error type from Security to Network for synchronous requests.
            Changed from throwing an error to firing an error event for asynchronous requests.
            These changes are in conformance with connect-src of Content Security Policy Level 2.
            https://www.w3.org/TR/CSP2/#directive-connect-src (W3C Candidate Recommendation, 21 July 2015)

2016-04-07  Darin Adler  <darin@apple.com>

        FontFaceSet binding does not handle null correctly
        https://bugs.webkit.org/show_bug.cgi?id=156141

        Reviewed by Youenn Fablet.

        * css/FontFaceSet.cpp:
        (WebCore::FontFaceSet::FontFaceSet): Pass a reference to add rather than a pointer.
        (WebCore::FontFaceSet::has): Take a reference rather than a pointer.
        (WebCore::FontFaceSet::add): Ditto.
        (WebCore::FontFaceSet::remove): Ditto.
        (WebCore::FontFaceSet::load): Initialize ec since we check it. Caller is not required
        to do this, nor is the matchingFaces function. Rearranged function to avoid needless
        creation/destruction of PendingPromise for the immediate failure case. Removed some
        unneeded type casts and local variables.
        (WebCore::FontFaceSet::status): Use ASCIILiteral instead of ConstructFromLiteral.
        No reason to use the more aggressive optimization.
        (WebCore::FontFaceSet::faceFinished): Factored out a common hasReachedTerminalState
        check to streamline the logic a bit.
        (WebCore::FontFaceSet::load): Moved overload without a string in here; not critical
        to inline it.
        (WebCore::FontFaceSet::check): Ditto.

        * css/FontFaceSet.h: Removed many unneeded includes and forward declarations.
        Changed functions to take FontFace& instead of RefPtr<FontFace>. Removed unneeded
        WebCore namespace prefixes. Use final instead of override for virtual functions.

        * css/FontFaceSet.idl: Removed UsePointersEvenForNonNullableObjectArguments, which
        was preserving incorrect behavior for null as demonstrated by the test cases.

2016-04-07  Joseph Pecoraro  <pecoraro@apple.com>

        Remove ENABLE(ENABLE_ES6_CLASS_SYNTAX) guards
        https://bugs.webkit.org/show_bug.cgi?id=156384

        Reviewed by Ryosuke Niwa.

        * Configurations/FeatureDefines.xcconfig:

2016-04-07  Dean Jackson  <dino@apple.com>

        [iOS] Media playback button should use appearance
        https://bugs.webkit.org/show_bug.cgi?id=156388
        <rdar://problem/25618352>

        Reviewed by Simon Fraser.

        With the recent change in backdrop appearance, we can
        now use the system style directly for the play button.

        While I was here I also updated the artwork to the
        latest style (slightly rounded corners on the triangle).

        Covered by the test in ManualTests/ios/start-playback-button-appearance.html.

        * Modules/mediacontrols/mediaControlsiOS.css: Move the clip onto the backdrop
        element. Use an appearance insted.
        * Modules/mediacontrols/mediaControlsiOS.js: Remove the tint element, and
        set the highlight on the glyph instead.

2016-04-07  Ada Chan  <adachan@apple.com>

        Roll out the css change in mediaControlsApple.css that has been causing assertions in layout for multiple tests
        https://bugs.webkit.org/show_bug.cgi?id=156381

        Rubber-stamped by Alexey Proskuryakov.

        * Modules/mediacontrols/mediaControlsApple.css:
        (::-webkit-media-controls):
        Remove overflow: hidden.

2016-04-07  Jiewen Tan  <jiewen_tan@apple.com>

        Unreviewed, rolling out r199199.

        Revision breaks layout tests

        Reverted changeset:

        "fast/loader/opaque-base-url.html crashing during mac and ios
        debug tests"
        https://bugs.webkit.org/show_bug.cgi?id=156179
        http://trac.webkit.org/changeset/199199

2016-04-07  Simon Fraser  <simon.fraser@apple.com>

        Make it possible to test effect of view exposed rect on tiled backing
        https://bugs.webkit.org/show_bug.cgi?id=156365

        Reviewed by Tim Horton.

        Implement Internals::setViewExposedRect().

        When the viewExposedRect is non-null, assume that we're scrollable on both axes
        to avoid creation of huge tiles in this scenario.

        We also need to call adjustTiledBackingScrollability() when setViewExposedRect()
        has been called.

        Tests: tiled-drawing/tile-coverage-view-exposed-rect.html
               tiled-drawing/tile-size-view-exposed-rect.html

        * page/FrameView.cpp:
        (WebCore::FrameView::adjustTiledBackingScrollability):
        (WebCore::FrameView::setViewExposedRect):
        * testing/Internals.cpp:
        (WebCore::Internals::setViewExposedRect):
        * testing/Internals.h:
        * testing/Internals.idl:

2016-04-07  Jiewen Tan  <jiewen_tan@apple.com>

        fast/loader/opaque-base-url.html crashing during mac and ios debug tests
        https://bugs.webkit.org/show_bug.cgi?id=156179
        <rdar://problem/25507719>

        Reviewed by Andy Estes.

        A relative URL other than "#" with a non-hierarchical base is invalid, but prior to this
        change the URL's string would still contain the invalid relative URL. To avoid mistakes
        where we might later treat this URL string as a parsed URL string, set the string to
        "about:blank" instead.

        Test: fast/url/data-uri-based-urls.html

        * platform/URL.cpp:
        (WebCore::URL::init):

2016-04-07  Brian Burg  <bburg@apple.com>

        Web Automation: implement Automation.addSingleCookie
        https://bugs.webkit.org/show_bug.cgi?id=156319
        <rdar://problem/25589605>

        Reviewed by Timothy Hatcher.

        * platform/Cookie.h: Document the units used by the 'expires' field.

2016-04-07  Jon Davis  <jond@apple.com>

        Add ImageBitmap as under consideration on Feature Status page
        https://bugs.webkit.org/show_bug.cgi?id=156362

        Reviewed by Timothy Hatcher.

        * features.json:

2016-04-07  Jon Davis  <jond@apple.com>

        Include Conical Gradients on the Feature Status page.
        https://bugs.webkit.org/show_bug.cgi?id=156363

        Reviewed by Timothy Hatcher.

        * features.json:

2016-04-07  Beth Dakin  <bdakin@apple.com>

        Build fix.

        * platform/mac/WebVideoFullscreenInterfaceMac.mm:

2016-04-07  Jeremy Jones  <jeremyj@apple.com>

        In WK1 WebVideoFullscreen interface may be accessed from WK1 main thread instead of UI thread.
        https://bugs.webkit.org/show_bug.cgi?id=154252
        rdar://problem/22460539

        Reviewed by Eric Carlson.

        In WebKit1, Javascript can cause enter fullscreen to happen on the main thead, which is not
        necessarily the UI thread. This can cause autolayout errors. Move this code to the UI thread.

        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (WebVideoFullscreenControllerContext::setUpFullscreen): Move setup to the UI thread.
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerLayer layoutSublayers]): Move call to resolveBounds to the UI thread.

2016-04-07  Beth Dakin  <bdakin@apple.com>

        Build fix.

        * platform/mac/WebVideoFullscreenInterfaceMac.mm:

2016-04-07  Chris Dumez  <cdumez@apple.com>

        [WebIDL] Add support for [EnabledAtRuntime] attributes on non-global objects
        https://bugs.webkit.org/show_bug.cgi?id=156346

        Reviewed by Ryosuke Niwa.

        Add support for [EnabledAtRuntime] attributes on non-global objects by
        using the same approach as for [EnabledAtRuntime] operations. This means
        we add these attributes to the static property table but they get removed
        at runtime in JS*Prototype::finishCreation(), if the feature is disabled,
        after the eager reification of the prototype.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GeneratePropertiesHashTable):
        (GenerateImplementation):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (webkit_dom_test_obj_set_property):
        (webkit_dom_test_obj_get_property):
        (webkit_dom_test_obj_class_init):
        (webkit_dom_test_obj_enabled_at_runtime_operation):
        (webkit_dom_test_obj_get_enabled_at_runtime_attribute):
        (webkit_dom_test_obj_set_enabled_at_runtime_attribute):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObjPrototype::finishCreation):
        (WebCore::jsTestObjEnabledAtRuntimeAttribute):
        (WebCore::setJSTestObjEnabledAtRuntimeAttribute):
        (WebCore::jsTestObjPrototypeFunctionEnabledAtRuntimeOperation1):
        (WebCore::jsTestObjPrototypeFunctionEnabledAtRuntimeOperation2):
        (WebCore::jsTestObjPrototypeFunctionEnabledAtRuntimeOperation):
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj enabledAtRuntimeAttribute]):
        (-[DOMTestObj setEnabledAtRuntimeAttribute:]):
        (-[DOMTestObj enabledAtRuntimeOperation:]):
        * bindings/scripts/test/TestObj.idl:

2016-04-07  Beth Dakin  <bdakin@apple.com>

        Attempted build fix.

        * platform/mac/WebVideoFullscreenInterfaceMac.mm:
        (-[WebPlaybackControlsManager seekToTime:toleranceBefore:toleranceAfter:]):
        (-[WebPlaybackControlsManager setCurrentAudioMediaSelectionOption:]):
        (-[WebPlaybackControlsManager setCurrentLegibleMediaSelectionOption:]):
        (-[WebPlaybackControlsManager currentAudioMediaSelectionOption]): Deleted.
        (-[WebPlaybackControlsManager currentLegibleMediaSelectionOption]): Deleted.

2016-04-07  Ada Chan  <adachan@apple.com>

        Add WebKitAdditions extension point in HTMLVideoElement::supportsFullscreen()
        https://bugs.webkit.org/show_bug.cgi?id=156366

        Reviewed by Alex Christensen.

        * html/HTMLVideoElement.cpp:
        (WebCore::HTMLVideoElement::supportsFullscreen):

2016-04-07  Jon Davis  <jond@apple.com>

        Add WOFF2 to the Feature Status page
        https://bugs.webkit.org/show_bug.cgi?id=156361

        Reviewed by Timothy Hatcher.

        * features.json:

2016-04-07  Beth Dakin  <bdakin@apple.com>

        WebPlaybackControlsManager should support mediaSelectionOptions
        https://bugs.webkit.org/show_bug.cgi?id=156358
        -and corresponding-
        rdar://problem/25048743

        Reviewed by Jer Noble.

        This patch just implements 
        WebVideoFullscreenInterfaceMac::setAudioMediaSelectionOptions and 
        WebVideoFullscreenInterfaceMac::setLegibleMediaSelectionOptions and passes that 
        information on to WebPlaybackControlsManager. If selection options are set via 
        the WebPlaybackControlsManager, then it gets the webVideoFullscreenModel() to 
        set the new value.

        * platform/mac/WebVideoFullscreenInterfaceMac.h:
        * platform/mac/WebVideoFullscreenInterfaceMac.mm:
        (-[WebPlaybackControlsManager currentAudioMediaSelectionOption]):
        (-[WebPlaybackControlsManager setCurrentAudioMediaSelectionOption:]):
        (-[WebPlaybackControlsManager currentLegibleMediaSelectionOption]):
        (-[WebPlaybackControlsManager setCurrentLegibleMediaSelectionOption:]):
        (WebCore::mediaSelectionOptions):
        (WebCore::WebVideoFullscreenInterfaceMac::setAudioMediaSelectionOptions):
        (WebCore::WebVideoFullscreenInterfaceMac::setLegibleMediaSelectionOptions):
        (-[WebPlaybackControlsManager audioMediaSelectionOptions]): Deleted.
        (-[WebPlaybackControlsManager legibleMediaSelectionOptions]): Deleted.

2016-04-07  Brent Fulgham  <bfulgham@apple.com>

        Wheel event callback removing the window causes crash in WebCore.
        https://bugs.webkit.org/show_bug.cgi?id=150871
        <rdar://problem/23418283>

        Reviewed by Simon Fraser.

        Null check the FrameView before using it, since the iframe may have been removed
        from its parent document inside the event handler.
        
        The new test triggered a cross-load side-effect, where wheel event filtering wasn't
        reset between page loads. Fix by calling clearLatchedState() in EventHandler::clear(),
        which resets the filtering.

        Since the Frame destructor invokes EventHandler::clear, which invokes MainFrame methods,
        we run the risk of attempting to dereference destroyed MainFrame elements of the current
        Frame object. Instead, clear the EventHandler in the MainFrame destructor.

        Finally, confirm that the mainFrame member is not being destroyed in the handful of
        places that might attempt to access the mainFrame during object destruction (essentially
        cleanup methods).

        Test: fast/events/wheel-event-destroys-frame.html

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::clear): Protect against accessing mainFrame content during destruction.
        * page/EventHandler.cpp:
        (WebCore::EventHandler::clear): Call 'clearLatchedState' instead of endFilteringDeltas.
        (WebCore::EventHandler::clearLatchedState): Null-check the filter before calling it.
        * page/Frame.cpp:
        (WebCore::Frame::~Frame): Do not call 'setView' in the destructor for a MainFrame.
        (WebCore::Frame::setView): Check for a null event handler before invoking it.
        (WebCore::Frame::setMainFrameWasDestroyed): Added. Mark that the MainFrame
        member of the Frame is being destroyed (if the current Frame is a MainFrame) and clear
        the EventHandler member so that it doesn't attempt to access mainFrame content.
        (WebCore::Frame::mainFrame): When accessing the mainFrame member, assert that the
        mainFrame is not being destroyed.
        * page/MainFrame.cpp:
        (WebCore::MainFrame::~MainFrame): Set the m_recentWheelEventDeltaFilter to nullptr to
        prevent attempts to access it during object destruction. Call the new 'setMainFrameWasDestroyed'
        method to reset eventHandler and mark the MainFrame as being in the process of destruction.
        * page/WheelEventDeltaFilter.cpp:
        (WebCore::WheelEventDeltaFilter::filteredDelta): Add logging.
        * page/mac/EventHandlerMac.mm:
        (WebCore::EventHandler::platformCompleteWheelEvent): Add null check.
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollTo): Add logging.

2016-04-05  Ada Chan  <adachan@apple.com>

        Rename TextTrackRepresentationiOS to TextTrackRepresentationCocoa and enable on Mac
        https://bugs.webkit.org/show_bug.cgi?id=156245

        Reviewed by Eric Carlson.

        * Modules/mediacontrols/mediaControlsApple.css:
        (::-webkit-media-controls):
        Match iOS and specify overflow: hidden on the -webkit-media-controls container.
        (video::-webkit-media-text-track-container):
        Match iOS and specify z-index: 0 on the text track container.

        * WebCore.xcodeproj/project.pbxproj:
        TextTrackRepresentationiOS.h/mm have been renamed to TextTrackRepresentationCocoa.h/mm.

        * platform/graphics/TextTrackRepresentation.cpp:
        * platform/graphics/cocoa/TextTrackRepresentationCocoa.h: Renamed from Source/WebCore/platform/graphics/ios/TextTrackRepresentationIOS.h.
        * platform/graphics/cocoa/TextTrackRepresentationCocoa.mm: Renamed from Source/WebCore/platform/graphics/ios/TextTrackRepresentationIOS.mm.
        (-[WebCoreTextTrackRepresentationCocoaHelper initWithParent:]):
        (-[WebCoreTextTrackRepresentationCocoaHelper dealloc]):
        (-[WebCoreTextTrackRepresentationCocoaHelper setParent:]):
        (-[WebCoreTextTrackRepresentationCocoaHelper parent]):
        (-[WebCoreTextTrackRepresentationCocoaHelper observeValueForKeyPath:ofObject:change:context:]):
        (-[WebCoreTextTrackRepresentationCocoaHelper actionForLayer:forKey:]):
        (TextTrackRepresentation::create):
        (TextTrackRepresentationCocoa::TextTrackRepresentationCocoa):
        (TextTrackRepresentationCocoa::~TextTrackRepresentationCocoa):
        (TextTrackRepresentationCocoa::update):
        (TextTrackRepresentationCocoa::setContentScale):
        (TextTrackRepresentationCocoa::bounds):

2016-04-07  Brian Burg  <bburg@apple.com>

        CookieJar should support adding synthetic cookies for developer tools
        https://bugs.webkit.org/show_bug.cgi?id=156091
        <rdar://problem/25581340>

        Reviewed by Timothy Hatcher.

        This patch adds an API that can set an arbitrary cookie in cookie storage
        in order to support developer tools and automated testing. It delegates storing
        the cookie to a platform implementation.

        No new tests because the code isn't used by any clients yet.

        * loader/CookieJar.cpp:
        (WebCore::addCookie): Added.
        * loader/CookieJar.h:

        * platform/Cookie.h:
        Remove an outdated comment. This struct is used in many places.

        * platform/CookiesStrategy.h: Add new method.
        * platform/network/PlatformCookieJar.h: Add new method.
        * platform/network/cf/CookieJarCFNet.cpp:
        (WebCore::addCookie): Add a stub.
        * platform/network/curl/CookieJarCurl.cpp:
        (WebCore::addCookie): Add a stub.
        * platform/network/mac/CookieJarMac.mm:
        (WebCore::addCookie): Add an implementation that turns the WebCore::Cookie into
        an NSHTTPCookie and converts it again to CFHTTPCookie if necessary.

        * platform/network/soup/CookieJarSoup.cpp:
        (WebCore::addCookie): Add a stub.

        * platform/spi/cf/CFNetworkSPI.h:
        Add -[NSHTTPCookie _CFHTTPCookie] SPI.

2016-04-07  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r199128 and r199141.
        https://bugs.webkit.org/show_bug.cgi?id=156348

        Causes crashes on multiple webpages (Requested by keith_mi_ on
        #webkit).

        Reverted changesets:

        "[ES6] Add support for Symbol.isConcatSpreadable."
        https://bugs.webkit.org/show_bug.cgi?id=155351
        http://trac.webkit.org/changeset/199128

        "Unreviewed, uncomment accidentally commented line in test."
        http://trac.webkit.org/changeset/199141

2016-04-07  Daniel Bates  <dabates@apple.com>

        CSP: Should only honor CSP policy delivered in meta tag that is a descendent of <head>
        https://bugs.webkit.org/show_bug.cgi?id=59858
        <rdar://problem/25603538>

        Reviewed by Brent Fulgham.

        Ignore the Content Security Policy meta tag if it is not a descendent of <head> as per
        section HTML meta Element of the Content Security Policy Level 2 spec., <https://w3c.github.io/webappsec-csp/2/>
        (Editor's Draft, 29 August 2015).

        Tests: http/tests/security/contentSecurityPolicy/meta-tag-ignored-if-not-in-head.html
               http/tests/security/contentSecurityPolicy/meta-tag-ignored-if-not-in-head2.html
               http/tests/security/contentSecurityPolicy/report-only-meta-tag-ignored-if-not-in-head.html
               http/tests/security/contentSecurityPolicy/report-only-meta-tag-ignored-if-not-in-head2.html

        * dom/Document.cpp:
        (WebCore::Document::processHttpEquiv): Modified to take a boolean argument whether the http-equiv
        meta tag is a descendent of <head> and to parse the value of a Content Security Policy http-equiv
        only if the http-equiv meta tag is a descendent of <head>.
        * dom/Document.h: Add parameter isInDocument to processHttpEquiv(). Remove javadoc-style parameters
        from processHttpEquiv() comment as we do not document parameters for non-API functions using such style.
        Also write the comment for processHttpEquiv() using C++ style comments instead of a C-style comment.
        * html/HTMLMetaElement.cpp:
        (WebCore::HTMLMetaElement::process): Pass whether this element is a descendent of <head>. Additionally
        update stale comment and move it closer to the code it refers to.

2016-04-07  Brent Fulgham  <bfulgham@apple.com>

        [Win] Output WebCore.pdb to the same location as WebCore.lib
        https://bugs.webkit.org/show_bug.cgi?id=156256
        <rdar://problem/19416363>

        Reviewed by Alex Christensen.

        Add a rule to WebCore's CMake generator to tell Visual Studio to output
        the PDB file for the WebCore.lib in the same location as the resulting
        library, rather than in the build intermediary location).
        
        * CMakeLists.txt:

2016-04-06  Sam Weinig  <sam@webkit.org>

        window.Crypto is missing
        <rdar://problem/25584034>
        https://bugs.webkit.org/show_bug.cgi?id=156307

        Reviewed by Joseph Pecoraro.

        Expose the Crypto constructor on the window object.

        * page/Crypto.idl:

2016-04-07  Fujii Hironori  <Hironori.Fujii@jp.sony.com>

        [CMake][Win] WEBKIT_WRAP_SOURCELIST is not applied in WebCore project
        https://bugs.webkit.org/show_bug.cgi?id=156336

        Reviewed by Csaba Osztrogonác.

        * CMakeLists.txt: Do WEBKIT_WRAP_SOURCELIST for WebCore_SOURCES.

2016-04-07  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (197987): Ingredient lists on smittenkitchen.com are full justified instead of left justified.
        https://bugs.webkit.org/show_bug.cgi?id=156326
        <rdar://problem/25519393>

        Reviewed by Antti Koivisto.

        According to the spec (https://drafts.csswg.org/css-text-3/#text-align-property) 
        unless otherwise specified by text-align-last, the last line before
        a forced break or the end of the block is start-aligned.

        In this patch we check if a forced break is present and we apply text alignment accordingly.

        Test: fast/css3-text/css3-text-justify/text-justify-last-line-simple-line-layout.html

        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::LineState::lastFragment): Make it optional so that we don't just check against a default fragment.
        (WebCore::SimpleLineLayout::createLineRuns):
        (WebCore::SimpleLineLayout::justifyRuns): Do not compute first run index on the current line twice.
        (WebCore::SimpleLineLayout::textAlignForLine):
        (WebCore::SimpleLineLayout::closeLineEndingAndAdjustRuns):

2016-04-07  Antti Koivisto  <antti@apple.com>

        FrameView::qualifiesAsVisuallyNonEmpty() returns false when loading a Google search results page before search results are loaded, even though the header is visible
        https://bugs.webkit.org/show_bug.cgi?id=156339
        <rdar://problem/24491381>

        Reviewed by Andreas Kling.

        Patch by Jeff Miller.

        Jeff's testing indicates lowering the document height threshold improves things visually during page loading.

        * page/FrameView.cpp:
        (WebCore::FrameView::qualifiesAsVisuallyNonEmpty):

            Lower document height threshold to from 200 to 48 pixels.

2016-04-07  Antti Koivisto  <antti@apple.com>

        Shadow DOM: Implement display: contents for slots
        https://bugs.webkit.org/show_bug.cgi?id=149439
        <rdar://problem/22731922>

        Reviewed by Ryosuke Niwa.

        This patch adds support for value 'contents' of the 'display' property for <slot> elements only. The value is ignored
        for other elements for now. With this display value the element does not generate a box for itself but its descendants
        generate them normally.

        Slots already have implicit "display: contents". With this patch the value comes from the user agent stylesheet and can
        be overriden by the author.

        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        * css/CSSValueKeywords.in:

            Suport parsing display: contents.

        * css/StyleResolver.cpp:
        (WebCore::equivalentBlockDisplay):
        (WebCore::StyleResolver::adjustRenderStyle):

            Disallow for non-slots for now.

        * css/html.css:
        (slot):

            Add "slot { display: contents }" to the UA sheet.

        * dom/Element.cpp:
        (WebCore::Element::resolveStyle):
        (WebCore::Element::hasDisplayContents):
        (WebCore::Element::setHasDisplayContents):

            Add a rare data bit for elements with display:contents (as we don't save the RenderStyle for them).

        (WebCore::Element::rendererIsNeeded):

            Don't need renderer for display:contents.

        (WebCore::Element::createElementRenderer):
        * dom/Element.h:
        (WebCore::Element::isVisibleInViewportChanged):
        * dom/ElementAndTextDescendantIterator.h:
        (WebCore::ElementAndTextDescendantIterator::operator!):
        (WebCore::ElementAndTextDescendantIterator::operator bool):
        (WebCore::ElementAndTextDescendantIterator::ElementAndTextDescendantIterator):
        (WebCore::ElementAndTextDescendantIterator::operator==):
        (WebCore::ElementAndTextDescendantIterator::operator!=):

            Support initializing ElementAndTextDescendantIterator with root==current so that m_current is not nulled.
            This is needed for ComposedTreeIterator to be initialized correctly when root is a slot and the current node
            is a slotted node. The case happens in RenderTreePosition::previousSiblingRenderer when slot display is overriden
            to something else than 'contents'.

        * dom/ElementRareData.h:
        (WebCore::ElementRareData::hasDisplayContents):
        (WebCore::ElementRareData::setHasDisplayContents):
        (WebCore::ElementRareData::ElementRareData):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::createFor):
        * rendering/style/RenderStyleConstants.h:
        * style/RenderTreePosition.cpp:
        (WebCore::RenderTreePosition::nextSiblingRenderer):

            Test for dynamic display:contents.

        * style/RenderTreeUpdater.cpp:
        (WebCore::findRenderingRoot):
        (WebCore::RenderTreeUpdater::updateRenderTree):
        (WebCore::RenderTreeUpdater::updateElementRenderer):

            Test for dynamic display:contents.

        * style/StyleTreeResolver.cpp:
        (WebCore::Style::affectsRenderedSubtree):

            No need for special case.

        (WebCore::Style::TreeResolver::resolveComposedTree):

            Test for dynamic display:contents.

2016-04-07  Sergio Villar Senin  <svillar@igalia.com>

        [css-grid] Content box incorrectly used as non-auto min-height
        https://bugs.webkit.org/show_bug.cgi?id=155946

        Reviewed by Antti Koivisto.

        When computing the minimum height value of grid items with
        non-auto min-height we used to return the size of the content
        box meaning that borders and paddings were incorrectly
        ignored.

        Note that we're also ignoring margins, but as that is a
        problem also for widths it'll be fixed in a follow up patch.

        Test: fast/css-grid-layout/min-height-border-box.html

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::minSizeForChild):

2016-04-07  Antti Koivisto  <antti@apple.com>

        Reverting previous due to bad LayoutTest ChangeLog.

2016-04-06  Antti Koivisto  <antti@apple.com>

        Shadow DOM: Implement display: contents for slots
        https://bugs.webkit.org/show_bug.cgi?id=149439
        <rdar://problem/22731922>

        Reviewed by Ryosuke Niwa.

        This patch adds support for value 'contents' of the 'display' property for <slot> elements only. The value is ignored
        for other elements for now. With this display value the element does not generate a box for itself but its descendants
        generate them normally.

        Slots already have implicit "display: contents". With this patch the value comes from the user agent stylesheet and can
        be overriden by the author.

        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        * css/CSSValueKeywords.in:

            Suport parsing display: contents.

        * css/StyleResolver.cpp:
        (WebCore::equivalentBlockDisplay):
        (WebCore::StyleResolver::adjustRenderStyle):

            Disallow for non-slots for now.

        * css/html.css:
        (slot):

            Add "slot { display: contents }" to the UA sheet.

        * dom/Element.cpp:
        (WebCore::Element::resolveStyle):
        (WebCore::Element::hasDisplayContents):
        (WebCore::Element::setHasDisplayContents):

            Add a rare data bit for elements with display:contents (as we don't save the RenderStyle for them).

        (WebCore::Element::rendererIsNeeded):

            Don't need renderer for display:contents.

        (WebCore::Element::createElementRenderer):
        * dom/Element.h:
        (WebCore::Element::isVisibleInViewportChanged):
        * dom/ElementAndTextDescendantIterator.h:
        (WebCore::ElementAndTextDescendantIterator::operator!):
        (WebCore::ElementAndTextDescendantIterator::operator bool):
        (WebCore::ElementAndTextDescendantIterator::ElementAndTextDescendantIterator):
        (WebCore::ElementAndTextDescendantIterator::operator==):
        (WebCore::ElementAndTextDescendantIterator::operator!=):

            Support initializing ElementAndTextDescendantIterator with root==current so that m_current is not nulled.
            This is needed for ComposedTreeIterator to be initialized correctly when root is a slot and the current node
            is a slotted node. The case happens in RenderTreePosition::previousSiblingRenderer when slot display is overriden
            to something else than 'contents'.

        * dom/ElementRareData.h:
        (WebCore::ElementRareData::hasDisplayContents):
        (WebCore::ElementRareData::setHasDisplayContents):
        (WebCore::ElementRareData::ElementRareData):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::createFor):
        * rendering/style/RenderStyleConstants.h:
        * style/RenderTreePosition.cpp:
        (WebCore::RenderTreePosition::nextSiblingRenderer):

            Test for dynamic display:contents.

        * style/RenderTreeUpdater.cpp:
        (WebCore::findRenderingRoot):
        (WebCore::RenderTreeUpdater::updateRenderTree):
        (WebCore::RenderTreeUpdater::updateElementRenderer):

            Test for dynamic display:contents.

        * style/StyleTreeResolver.cpp:
        (WebCore::Style::affectsRenderedSubtree):

            No need for special case.

        (WebCore::Style::TreeResolver::resolveComposedTree):

            Test for dynamic display:contents.

2016-04-06  Myles C. Maxfield  <mmaxfield@apple.com>

        REGRESSION (r188591): thingiverse.com direct messaging UI is not rendered properly
        https://bugs.webkit.org/show_bug.cgi?id=156241
        <rdar://problem/25262213>

        Reviewed by Simon Fraser.

        When creating a CoreText font with a size of 0, the CoreText docs say that it will
        interpret this as a missing argument, and create a font of size 12 instead. However,
        this doesn't cause a problem (at least on this particular website) because we will
        use CGFontGetGlyphAdvancesForStyle(), which gets scaled by the supplied font 
        size (which is 0). However, if you turn on text-rendering: optimizeLegibility, we
        will use CTFontGetAdvancesForGlyphs() instead, which does not scale by the font size.
        The solution is to detect this case, and force the advance to 0.

        Test: fast/text/zero-sized-fonts.html

        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::Font::platformWidthForGlyph):

2016-04-06  Myles C. Maxfield  <mmaxfield@apple.com>

        Rename MidpointState to WhitespaceCollapsingState
        https://bugs.webkit.org/show_bug.cgi?id=156304

        Reviewed by David Hyatt.

        MidpointState has nothing to do with midpoints.

        An individual midpoint is now known as a "whitespace collapsing transition."

        No new tests because there is no behavior change.

        * platform/text/BidiResolver.h:
        (WebCore::WhitespaceCollapsingState::reset): (See addMidpoint() below.)
        Previously, we were using operator= to destroy old Iterators when their
        storage inside the Vector was reused. Now that we are elliminating
        m_numMidpoints, we can push destruction earlier to this reset() function.
        Because the same amount of destruction happens in both cases, this doesn't
        add additional work. (Vector can destroy its contents without shrinking
        its storage overcommitment.)
        (WebCore::WhitespaceCollapsingState::startIgnoringSpaces):
        (WebCore::WhitespaceCollapsingState::stopIgnoringSpaces):
        (WebCore::WhitespaceCollapsingState::ensureLineBoxInsideIgnoredSpaces):
        (WebCore::WhitespaceCollapsingState::decrementTransitionAt):
        (WebCore::WhitespaceCollapsingState::thresholds): Make the return value
        const. The only clients of this function which needed mutation were
        migrated to using decrementTransitionAt().
        (WebCore::WhitespaceCollapsingState::numTransitions):
        (WebCore::WhitespaceCollapsingState::currentTransition):
        (WebCore::WhitespaceCollapsingState::setCurrentTransition):
        (WebCore::WhitespaceCollapsingState::incrementCurrentTransition):
        (WebCore::WhitespaceCollapsingState::decrementNumTransitions):
        (WebCore::WhitespaceCollapsingState::betweenTransitions):
        (WebCore::BidiResolverBase::whitespaceCollapsingState):
        (WebCore::Subclass>::setWhitespaceCollapsingTransitionForIsolatedRun):
        (WebCore::Subclass>::whitespaceCollapsingTransitionForIsolatedRun):
        (WebCore::MidpointState::MidpointState): Deleted.
        (WebCore::MidpointState::reset): Deleted.
        (WebCore::MidpointState::startIgnoringSpaces): Deleted.
        (WebCore::MidpointState::stopIgnoringSpaces): Deleted.
        (WebCore::MidpointState::ensureLineBoxInsideIgnoredSpaces): Deleted.
        (WebCore::MidpointState::midpoints): Deleted.
        (WebCore::MidpointState::numMidpoints): Deleted.
        (WebCore::MidpointState::currentMidpoint): Deleted.
        (WebCore::MidpointState::setCurrentMidpoint): Deleted.
        (WebCore::MidpointState::incrementCurrentMidpoint): Deleted.
        (WebCore::MidpointState::decrementNumMidpoints): Deleted.
        (WebCore::MidpointState::betweenMidpoints): Deleted.
        (WebCore::MidpointState::addMidpoint): Deleted. This code has been around for 13
        years (since r3672) where it was using QMemArray. That class doesn't have an
        append() class, so it was implemented inside this function. Luckily, Vector
        already overcommits its allocation, so we can elliminate m_numMidpoints entirely.
        (WebCore::BidiResolverBase::midpointState): Deleted.
        (WebCore::Subclass>::setMidpointForIsolatedRun): Deleted.
        (WebCore::Subclass>::midpointForIsolatedRun): Deleted.
        * rendering/InlineIterator.h:
        (WebCore::addPlaceholderRunForIsolatedInline):
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::appendRunsForObject):
        (WebCore::setUpResolverToResumeInIsolate):
        (WebCore::constructBidiRunsForSegment):
        (WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
        * rendering/line/BreakingContext.h:
        (WebCore::BreakingContext::BreakingContext):
        (WebCore::BreakingContext::handleBR):
        (WebCore::BreakingContext::handleOutOfFlowPositioned):
        (WebCore::shouldSkipWhitespaceAfterStartObject):
        (WebCore::BreakingContext::handleEmptyInline):
        (WebCore::BreakingContext::handleReplaced):
        (WebCore::ensureCharacterGetsLineBox):
        (WebCore::BreakingContext::handleText):
        (WebCore::checkWhitespaceCollapsingTransitions):
        (WebCore::BreakingContext::handleEndOfLine):
        (WebCore::checkMidpoints): Deleted.
        * rendering/line/TrailingObjects.cpp:
        (WebCore::TrailingObjects::updateWhitespaceCollapsingTransitionsForTrailingBoxes):
        (WebCore::TrailingObjects::updateMidpointsForTrailingBoxes): Deleted.
        * rendering/line/TrailingObjects.h:
        (WebCore::TrailingObjects::appendBoxIfNeeded):

2016-04-06  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Remove duplicated parsePortFromStringPosition()
        https://bugs.webkit.org/show_bug.cgi?id=156289

        Reviewed by Simon Fraser.

        Same parsePortFromStringPosition() functions have been defined in both URLUtils.h and HTMLAnchorElement.cpp.
        Remove duplicated one in HTMLAnchorElement.cpp.

        No new tests, no behavior change.

        * html/HTMLAnchorElement.cpp:
        (WebCore::parsePortFromStringPosition): Deleted.

2016-04-06  Simon Fraser  <simon.fraser@apple.com>

        Page tiles are missing when graphics acceleration is unavailable
        https://bugs.webkit.org/show_bug.cgi?id=156325
        rdar://problem/25587476

        Reviewed by Tim Horton.

        When graphics acceleration is unavailable on Mac (e.g. in a VM or when running from
        the recovery partition), page contents were missing. This is because
        IOSurfaceGetPropertyMaximum(kIOSurfaceWidth) and IOSurfaceGetPropertyMaximum(kIOSurfaceHeight)
        returned INT_MAX, causing us to compute a tile size of 0x0.

        Fix by changing IOSurface::maximumSize() to report a value between 1K x 1K and 32K x 32K.

        Rename kGiantTileSize to better describe its purpose.

        Add correct clamping in IOSurface::maximumSize().

        * platform/graphics/ca/TileController.cpp:
        (WebCore::TileController::tileSize):
        * platform/graphics/ca/TileController.h:
        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::maximumSize):

2016-03-29  Keith Miller  <keith_miller@apple.com>

        [ES6] Add support for Symbol.isConcatSpreadable.
        https://bugs.webkit.org/show_bug.cgi?id=155351

        Reviewed by Saam Barati.

        Makes runtime arrays have the new ArrayType

        * bridge/runtime_array.h:
        (JSC::RuntimeArray::createStructure):

2016-04-06  Eric Carlson  <eric.carlson@apple.com>

        [iOS Simulator WK1] Crash in MediaPlayer::setPrivateBrowsingMode()
        https://bugs.webkit.org/show_bug.cgi?id=155721
        <rdar://problem/18590481>

        Speculative fix for a crash that appears to happen when the media engine is destroyed
        during a callback.

        Reviewed by Dean Jackson.

        No new tests, this prevents existing tests from crashing.

        * html/HTMLMediaElement.cpp:
        (WebCore::actionName): Log MediaEngineUpdated.
        (WebCore::HTMLMediaElement::scheduleDelayedAction): Support MediaEngineUpdated.
        (WebCore::HTMLMediaElement::pendingActionTimerFired): Ditto. Clear m_pendingActionFlags.
        (WebCore::HTMLMediaElement::mediaEngineWasUpdated): New.
        (WebCore::HTMLMediaElement::mediaPlayerEngineUpdated): Move guts to mediaEngineWasUpdated and
          call it on a timer so we can't change the media engine in the middle of a callback from
          MediaPlayer or the media engine.
        * html/HTMLMediaElement.h:
        * html/HTMLMediaElementEnums.h:

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::~MediaPlayer): Assert if new flag m_initializingMediaEngine is set to
          catch HTMLMediaElement destroying the media engine during a callback.
        (WebCore::MediaPlayer::loadWithNextMediaEngine): Set/clear m_initializingMediaEngine.
        * platform/graphics/MediaPlayer.h:

2016-04-06  Brady Eidson  <beidson@apple.com>

        Modern IDB: Make sure SQLite backing store records have a INTEGER PRIMARY KEY column.
        https://bugs.webkit.org/show_bug.cgi?id=156264

        Reviewed by Alex Christensen.

        No new tests (No testable change in behavior yet, current tests pass).

        * Modules/indexeddb/IDBKeyData.cpp:
        (WebCore::IDBKeyData::encode): Fix the key name for backwards compatibility.
        (WebCore::IDBKeyData::decode): Ditto.

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::v3RecordsTableSchema): Added v3 Records schema that includes a primary key column.
        (WebCore::IDBServer::v3RecordsTableSchemaAlternate):
        (WebCore::IDBServer::createOrMigrateRecordsTableIfNecessary): Upgrade to v3 instead of v2.
        (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):

2016-04-06  Simon Fraser  <simon.fraser@apple.com>

        Avoid using an unengaged Optional<FloatRect> when positioning the tiled scrolling indicator
        https://bugs.webkit.org/show_bug.cgi?id=156313

        Reviewed by Tim Horton.

        Fixes an assertion seen when running the WebKit2.AutoLayoutIntegration API test.

        * page/FrameView.cpp:
        (WebCore::FrameView::setViewExposedRect):

2016-04-06  Sam Weinig  <sam@webkit.org>

        Fix windows build.

        * DerivedSources.cpp:
        * css/CSSAllInOne.cpp:

2016-04-06  Jer Noble  <jer.noble@apple.com>

        CRASH in AudioDestinationNode::render()
        https://bugs.webkit.org/show_bug.cgi?id=156308
        <rdar://problem/25468815>

        Reviewed by Eric Carlson.

        
        AudioDestinationNode::render() will crash when passed in a zero-length frame count. Rather than get into
        this bad state, ASSERT() and bail out early in this case.

        Also, address the situation in AudioDestinationIOS::render which can cause this 0-frame count to occur.

        * Modules/webaudio/AudioDestinationNode.cpp:
        (WebCore::AudioDestinationNode::render):
        * platform/audio/ios/AudioDestinationIOS.cpp:
        (WebCore::AudioDestinationIOS::render):

2016-04-06  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo][MediaFoundation] Videos are always autoplaying.
        https://bugs.webkit.org/show_bug.cgi?id=156284

        Reviewed by Alex Christensen.

        Videos are autoplaying because the MediaFoundation implementation always starts playback
        after the load method has been called. When the load method has been called, we should
        only start buffering data, not automatically start the playback. This has been fixed by
        implementing the prepareToPlay method, and calling this instead of the play method.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::MediaPlayerPrivateMediaFoundation):
        (WebCore::MediaPlayerPrivateMediaFoundation::load):
        (WebCore::MediaPlayerPrivateMediaFoundation::prepareToPlay):
        (WebCore::MediaPlayerPrivateMediaFoundation::play):
        (WebCore::MediaPlayerPrivateMediaFoundation::networkState):
        (WebCore::MediaPlayerPrivateMediaFoundation::startSession):
        (WebCore::MediaPlayerPrivateMediaFoundation::endGetEvent):
        (WebCore::MediaPlayerPrivateMediaFoundation::updateReadyState):
        (WebCore::MediaPlayerPrivateMediaFoundation::onTopologySet):
        (WebCore::MediaPlayerPrivateMediaFoundation::onBufferingStarted):
        (WebCore::MediaPlayerPrivateMediaFoundation::onBufferingStopped):
        (WebCore::MediaPlayerPrivateMediaFoundation::onSessionEnded):
        (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::updateDestRect):
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:

2016-04-06  Zalan Bujtas  <zalan@apple.com>

        Add ASSERT_WITH_SECURITY_IMPLICATION when a float box is referenced by multiple RootInlineBoxes.
        https://bugs.webkit.org/show_bug.cgi?id=156297
        <rdar://problem/25580844>

        Reviewed by Brent Fulgham.

        See http://trac.webkit.org/changeset/199101

        No change in functionality.

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::appendFloatingObjectToLastLine):
        (WebCore::RenderBlockFlow::reattachCleanLineFloats):
        (WebCore::RenderBlockFlow::determineStartPosition):

2016-04-06  Sam Weinig  <sam@webkit.org>

        window.CSS should be a constructor with static functions
        <rdar://problem/25580516>
        https://bugs.webkit.org/show_bug.cgi?id=156294

        Reviewed by Chris Dumez.

        Rename DOMWindowCSS to DOMCSSNamespace to avoid name collisions, DOMWindow prefixed
        classes cause collisions in JSDOMWindow.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        Update for renames.

        * css/DOMCSSNamespace.cpp: Copied from Source/WebCore/css/DOMWindowCSS.cpp.
        (WebCore::valueWithoutImportant):
        (WebCore::DOMCSSNamespace::supports):
        (WebCore::DOMWindowCSS::create): Deleted.
        (WebCore::DOMWindowCSS::supports): Deleted.
        * css/DOMCSSNamespace.h: Copied from Source/WebCore/css/DOMWindowCSS.h.
        (WebCore::DOMWindowCSS::DOMWindowCSS): Deleted.
        Rename DOMWindowCSS to DOMCSSNamespace and turn functions into static functions.

        * css/DOMCSSNamespace.idl: Copied from Source/WebCore/css/DOMWindowCSS.idl.
        Remove NoInterfaceObject, to inject a constructor, and turn functions into
        static functions matching spec.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::css): Deleted.
        * page/DOMWindow.h:
        * page/DOMWindow.idl:
        Remove CSS property. Constructor will be implicitly added.

2016-04-05  Simon Fraser  <simon.fraser@apple.com>

        Rename exposedRect to viewExposedRect and propagate it as Optional<> through WK2
        https://bugs.webkit.org/show_bug.cgi?id=156274

        Reviewed by Tim Horton.

        DrawingArea and FrameView have an "exposedRect" property that is used by applications
        on Mac, like Mail, that embed web views inside scroll views. However, this name is very
        similar to the "exposedContentRect" that is used on iOS to denote the part of the view
        whose pixels are visible, including through blurring overlaid UI.
        
        To disambiguate these two, rename the Mac "exposedRect" to "viewExposedRect" to
        emphasize that it's a rect that takes into account clipping in the native view
        hierarchy.
        
        Also make this rect Optional<> through the DrawingArea, removing comparisons against
        FloatRect::infiniteRect().
        
        Do some other minor renaming in VisibleContentRectUpdateInfo.

        * page/FrameView.cpp:
        (WebCore::FrameView::setViewExposedRect): This now takes an Optional<> because WebViewImpl::updateViewExposedRect()
        can clear it.
        * page/FrameView.h:
        * page/PageOverlayController.cpp:
        (WebCore::PageOverlayController::didChangeViewExposedRect):
        (WebCore::PageOverlayController::didChangeExposedRect): Deleted.
        * page/PageOverlayController.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::computeTileCoverage):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::flushPendingLayerChanges):

2016-04-06  Joanmarie Diggs  <jdiggs@igalia.com>

        REGRESSION(r195463): [GTK] accessibility/roles-computedRoleString.html and accessibility/roles-exposed.html failing
        https://bugs.webkit.org/show_bug.cgi?id=153696

        Reviewed by Chris Fleizach.

        The failures were due to always mapping style format groups to GroupRole, even for
        RenderInline objects. The fix is to expose inline style format groups as InlineRole,
        add handling of GroupRole style groups to the ATK code, and InlineRole style groups
        to the Mac code.

        No new tests because we have sufficient coverage. Updated roles-computedRoleString.html
        to reflect new exposure.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (atkRole):
        * accessibility/mac/AccessibilityObjectMac.mm:
        (WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (createAccessibilityRoleMap):
        (-[WebAccessibilityObjectWrapper subrole]):

2016-04-06  Jer Noble  <jer.noble@apple.com>

        CRASH in -[WebCoreNSURLSession taskCompleted:]
        https://bugs.webkit.org/show_bug.cgi?id=156290

        Reviewed by Eric Carlson.

        Fixes currently flakily crashing http/tests/media tests.

        Protect against -taskCompleted: being called multiple times by only calling
        -taskCompleted: if the task's state is not yet NSURLSessionTaskStateCompleted.
        Additionally, make sure to clear the task's session pointer when removing it
        from _dataTasks, as this ensures a task that outlives its session does not
        keep a pointer to a dealloc'd object.

        * platform/network/cocoa/WebCoreNSURLSession.mm:
        (-[WebCoreNSURLSession taskCompleted:]):
        (-[WebCoreNSURLSessionDataTask _resource:loadFinishedWithError:]):

2016-04-06  Chris Dumez  <cdumez@apple.com>

        [IDL] Extend support for [EnabledAtRuntime] attributes / operations to all global objects, not just Window
        https://bugs.webkit.org/show_bug.cgi?id=156291

        Reviewed by Alex Christensen.

        Extend support for [EnabledAtRuntime] attributes / operations to all
        global objects, not just Window. This is needed by the Fetch API which
        is enabled at runtime and exposed on both Window and WorkerGlobalScope.

        * bindings/scripts/CodeGeneratorJS.pm:
        (IsDOMGlobalObject):
        (OperationShouldBeOnInstance):
        (GenerateHeader):
        (GeneratePropertiesHashTable):
        (GenerateImplementation):
        * bindings/scripts/test/GObject/WebKitDOMTestGlobalObject.cpp: Added.
        (WebKit::kit):
        (WebKit::core):
        (WebKit::wrapTestGlobalObject):
        (webkit_dom_test_global_object_finalize):
        (webkit_dom_test_global_object_set_property):
        (webkit_dom_test_global_object_get_property):
        (webkit_dom_test_global_object_constructor):
        (webkit_dom_test_global_object_class_init):
        (webkit_dom_test_global_object_init):
        (webkit_dom_test_global_object_regular_operation):
        (webkit_dom_test_global_object_enabled_at_runtime_operation):
        (webkit_dom_test_global_object_get_regular_attribute):
        (webkit_dom_test_global_object_set_regular_attribute):
        (webkit_dom_test_global_object_get_enabled_at_runtime_attribute):
        (webkit_dom_test_global_object_set_enabled_at_runtime_attribute):
        * bindings/scripts/test/GObject/WebKitDOMTestGlobalObject.h: Added.
        * bindings/scripts/test/GObject/WebKitDOMTestGlobalObjectPrivate.h: Added.
        * bindings/scripts/test/JS/JSTestGlobalObject.cpp: Added.
        (WebCore::JSTestGlobalObjectConstructor::prototypeForStructure):
        (WebCore::JSTestGlobalObjectConstructor::initializeProperties):
        (WebCore::JSTestGlobalObjectPrototype::getOwnPropertySlot):
        (WebCore::JSTestGlobalObject::JSTestGlobalObject):
        (WebCore::JSTestGlobalObject::finishCreation):
        (WebCore::JSTestGlobalObject::destroy):
        (WebCore::JSTestGlobalObject::getOwnPropertySlot):
        (WebCore::jsTestGlobalObjectRegularAttribute):
        (WebCore::jsTestGlobalObjectEnabledAtRuntimeAttribute):
        (WebCore::jsTestGlobalObjectConstructor):
        (WebCore::setJSTestGlobalObjectConstructor):
        (WebCore::setJSTestGlobalObjectRegularAttribute):
        (WebCore::setJSTestGlobalObjectEnabledAtRuntimeAttribute):
        (WebCore::JSTestGlobalObject::getConstructor):
        (WebCore::jsTestGlobalObjectInstanceFunctionRegularOperation):
        (WebCore::jsTestGlobalObjectInstanceFunctionEnabledAtRuntimeOperation1):
        (WebCore::jsTestGlobalObjectInstanceFunctionEnabledAtRuntimeOperation2):
        (WebCore::jsTestGlobalObjectInstanceFunctionEnabledAtRuntimeOperation):
        (WebCore::JSTestGlobalObjectOwner::isReachableFromOpaqueRoots):
        (WebCore::JSTestGlobalObjectOwner::finalize):
        (WebCore::toJSNewlyCreated):
        (WebCore::toJS):
        (WebCore::JSTestGlobalObject::toWrapped):
        * bindings/scripts/test/JS/JSTestGlobalObject.h: Added.
        (WebCore::JSTestGlobalObject::create):
        (WebCore::JSTestGlobalObject::createStructure):
        (WebCore::JSTestGlobalObject::finishCreation):
        (WebCore::wrapperOwner):
        (WebCore::wrapperKey):
        (WebCore::toJS):
        (WebCore::JSTestGlobalObjectPrototype::create):
        (WebCore::JSTestGlobalObjectPrototype::createStructure):
        (WebCore::JSTestGlobalObjectPrototype::JSTestGlobalObjectPrototype):
        * bindings/scripts/test/ObjC/DOMTestGlobalObject.h: Added.
        * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm: Added.
        (-[DOMTestGlobalObject dealloc]):
        (-[DOMTestGlobalObject regularAttribute]):
        (-[DOMTestGlobalObject setRegularAttribute:]):
        (-[DOMTestGlobalObject enabledAtRuntimeAttribute]):
        (-[DOMTestGlobalObject setEnabledAtRuntimeAttribute:]):
        (-[DOMTestGlobalObject regularOperation:]):
        (-[DOMTestGlobalObject enabledAtRuntimeOperation:]):
        (core):
        (kit):
        * bindings/scripts/test/ObjC/DOMTestGlobalObjectInternal.h: Added.
        * bindings/scripts/test/TestGlobalObject.idl: Added.

2016-04-06  Brady Eidson  <beidson@apple.com>

        Update IndexedDB feature status to the much more correct "In Development"

        Reviewed by Tim Hatcher.

        * features.json:

2016-04-06  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: !floatingObject->originatingLine() in WebCore::RenderBlockFlow::linkToEndLineIfNeeded
        https://bugs.webkit.org/show_bug.cgi?id=153001

        Reviewed by Dan Bernstein.

        1. Float boxes are always attached to the line where we see them first.
        2. Float box can only be attached to one line.
        3. RenderBlockFlow can perform partial layout on dirty lines only.

        In certain cases, the last dirty line can "pull up" float boxes from the first clean line.
        It simply means that due to some layout changes on previous lines now we see those floats on this last dirty line first.
        If after placing the float we still find it on the same position, the line below is still considered clean.
 
        Remove the float box from its original line if the line above already placed it.

        Test: fast/block/float/float-moves-between-lines.html

        * rendering/RenderBlockFlow.h:
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::reattachCleanLineFloats):
        (WebCore::RenderBlockFlow::linkToEndLineIfNeeded):
        (WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange): Deleted.

2016-04-06  Antti Koivisto  <antti@apple.com>

        REGRESSION(r196629): Messages text size only changes for sending text, conversation text size does not change
        https://bugs.webkit.org/show_bug.cgi?id=156287
        <rdar://problem/24264756>

        Reviewed by Andreas Kling.

        * css/RuleFeature.cpp:
        (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
        (WebCore::makeAttributeSelectorKey):

            Include attribute value to the key. Otherwise we may deduplicate selectors that are not indentical.

        (WebCore::RuleFeatureSet::collectFeatures):
        (WebCore::RuleFeatureSet::add):

            Use HashMap::ensure().

        * css/RuleFeature.h:

2016-04-06  Manuel Rego Casasnovas  <rego@igalia.com>

        [css-grid] Fix positioned children in RTL
        https://bugs.webkit.org/show_bug.cgi?id=156162

        Reviewed by Sergio Villar Senin.

        This patch fixes a problem affecting the items without
        a static inline position (i.e. "left" and/or "right" properties
        are not "auto"). In this particular case we need to compute
        the "offset" from the left, so we need a specific condition
        and computation.

        Let's use an example to understand what it's fixing:
        <div style="display: grid; grid-template-columns: 100px 50px; width: 300px;
                    position: relative; direction: rtl;">
            <div style="position: absolute; left: 0; grid-column: 1 / 2;">item</div>
        </div>

        In this case the item has to be placed in the first column
        (the one on the right as we're in RTL).
        For this we need to calculate the offset from the left, which is 200px:
        150px (alignment offset) + 50px (offset from line 3 to 2).

        Test: fast/css-grid-layout/grid-positioned-items-background-rtl.html

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):

2016-04-06  Antti Koivisto  <antti@apple.com>

        ComposedTreeIterator may crash when first child of shadow root is a comment node
        https://bugs.webkit.org/show_bug.cgi?id=156281

        Reviewed by Andreas Kling.

        It should not use plain firstChild() and assume it is Element or Text.

        * dom/ComposedTreeIterator.cpp:
        (WebCore::ComposedTreeIterator::Context::Context):

            Add FirstChildTag to various iterator constructors to make clear that they search for the first child.

        (WebCore::ComposedTreeIterator::ComposedTreeIterator):
        (WebCore::ComposedTreeIterator::traverseShadowRoot):

            Fix by using ElementAndTextDescendantIterator to find the first child.

        * dom/ComposedTreeIterator.h:
        (WebCore::ComposedTreeIterator::operator*):
        (WebCore::ComposedTreeDescendantAdapter::ComposedTreeDescendantAdapter):
        (WebCore::ComposedTreeDescendantAdapter::begin):
        (WebCore::ComposedTreeDescendantAdapter::end):
        (WebCore::ComposedTreeDescendantAdapter::at):
        (WebCore::ComposedTreeChildAdapter::Iterator::Iterator):
        * dom/ElementAndTextDescendantIterator.h:
        (WebCore::ElementAndTextDescendantIterator::operator++):
        (WebCore::ElementAndTextDescendantIterator::ElementAndTextDescendantIterator):
        (WebCore::ElementAndTextDescendantIteratorAdapter::begin):
        (WebCore::ElementAndTextDescendantIteratorAdapter::end):

2016-04-05  Chris Dumez  <cdumez@apple.com>

        Add support for [EnabledAtRuntime] operations on DOMWindow
        https://bugs.webkit.org/show_bug.cgi?id=156272

        Reviewed by Alex Christensen.

        Add support for [EnabledAtRuntime] operations on DOMWindow by omitting
        such operations from the static table and add them at run-time in
        JSDOMWindow::finishCreation() if the corresponding feature is enabled.

        This was needed for window.fetch() for which a hack was temporarily
        landed in r199081. This patch drops this hack now that the generated
        bindings do the right thing.

        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::scriptExecutionContext):
        Drop hack landed in r199081.
        
        * bindings/scripts/CodeGeneratorJS.pm:
        (OperationShouldBeOnInstance):
        (GeneratePropertiesHashTable):
        (GenerateImplementation):
        Add support for [EnabledAtRuntime] operations on DOMWindow.

2016-04-05  Alex Christensen  <achristensen@webkit.org>

        Make CMake-generated binaries on Mac able to run
        https://bugs.webkit.org/show_bug.cgi?id=156268

        Reviewed by Daniel Bates.

        * CMakeLists.txt:
        * PlatformMac.cmake:

2016-04-05  Jon Davis  <jond@ingenesis.net>

        Fixed CSS Shapes entry on the WebKit Feature Status page.
        https://bugs.webkit.org/show_bug.cgi?id=156262

        Reviewed by Timothy Hatcher.

        * features.json:

2016-04-05  Chris Dumez  <cdumez@apple.com>

        MessageEvent.source window is incorrect once window has been reified
        https://bugs.webkit.org/show_bug.cgi?id=156227
        <rdar://problem/25545831>

        Reviewed by Mark Lam.

        MessageEvent.source window was incorrect once window had been reified.

        If the Window had not been reified, we kept constructing new
        postMessage() functions when calling window.postMessage(). We used to
        pass activeDOMWindow(execState) as source Window to
        DOMWindow::postMessage(). activeDOMWindow() uses
        exec->lexicalGlobalObject() which did the right thing because we
        used to construct a new postMessage() function in the caller's context.

        However, after reification, due to the way JSDOMWindow::getOwnPropertySlot()
        was implemented, we would stop constructing new postMessage() functions
        when calling window.postMessage(). As a result, the source window would
        become incorrect because exec->lexicalGlobalObject() would return the
        target Window instead.

        In this patch, the following is done:
        1. Stop constructing a new function every time in the same origin case
           for postMessage, blur, focus and close. This was inefficient and lead
           to incorrect behavior:
           - The behavior would differ depending if the Window is reified or not
           - It would be impossible to delete those operations, which is
             incompatible with the specification and other browsers (tested
             Firefox and Chrome).
        2. Use callerDOMWindow(execState) instead of activeDOMWindow(execState)
           as source Window in JSDOMWindow::handlePostMessage(). callerDOMWindow()
           is a new utility function that returns the caller's Window object.

        Tests: fast/dom/Window/delete-operations.html
               fast/dom/Window/messageevent-source-postmessage-reified.html
               fast/dom/Window/messageevent-source-postmessage.html
               fast/dom/Window/messageevent-source-postmessage2.html
               fast/dom/Window/window-postmessage-clone-frames.html
               fast/dom/Window/post-message-crash2.html

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::GetCallerCodeBlockFunctor::operator()):
        (WebCore::GetCallerCodeBlockFunctor::codeBlock):
        (WebCore::callerDOMWindow):
        * bindings/js/JSDOMBinding.h:
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::handlePostMessage):

2016-04-05  Beth Dakin  <bdakin@apple.com>

        Make requestCandidatesForSelection available on any EditorClient
        https://bugs.webkit.org/show_bug.cgi?id=156253
        -and corresponding-
        rdar://problem/24661147

        Reviewed by Dean Jackson.

        * loader/EmptyClients.h:
        * page/EditorClient.h:
        (WebCore::EditorClient::requestCandidatesForSelection):

2016-04-05  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Fetch API] Add a runtime flag to fetch API and related constructs
        https://bugs.webkit.org/show_bug.cgi?id=156113
 
        Reviewed by Alex Christensen.

        Marking all Fetch interfaces EnabledAtRuntime=FetchAPI.