[WebKit-https.git] / Source / WebCore / ChangeLog

2017-10-16  Chris Dumez  <cdumez@apple.com>

        ServiceWorkerRegistration should subclass RefCounted<>
        https://bugs.webkit.org/show_bug.cgi?id=178374

        Reviewed by Ryosuke Niwa.

        ServiceWorkerRegistration should subclass RefCounted<> or we end up with an infinite recursion
        when constructing such object. This is because ServiceWorkerRegistration subclasses
        EventTargetWithInlineData which implements ref() / deref() by calling refEventTarget() /
        derefEventTarget(). refEventTarget() / derefEventTarget() are implemented in
        ServiceWorkerRegistration so that they call ref() / deref() (which ends up being EventTarget's
        methods).

        * workers/service/ServiceWorkerRegistration.h:

2017-10-16  Jer Noble  <jer.noble@apple.com>

        ImageDecoderAVFObjC fails to create more CMSampleBuffers after creating about 32MB worth.
        https://bugs.webkit.org/show_bug.cgi?id=178360

        Reviewed by Eric Carlson.

        AVSampleBufferGenerator has a constrained memory pool of about 32MB in size. Once
        CMSampleBuffers representing about 32MB of memory are allocated, no more can be created
        until previously created ones are released. So rather than (only) creating the sample
        buffers up front in readSampleMetadata(), also create them dynamically, if missing, in
        createFrameImageAtIndex(...) and release them in storeSampleBuffer(...) after they have been
        decoded.

        Drive-by fix: the expected content length was never actually set by the owner of ImageDecoderAVFObjC.
        Now that the expected content length is available, we don't have to wait until the data is complete
        to respond to requests.

        * platform/graphics/ImageSource.cpp:
        (WebCore::ImageSource::ensureDecoderAvailable):
        * platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.h:
        * platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.mm:
        (SOFT_LINK_POINTER_OPTIONAL):
        (-[WebCoreSharedBufferResourceLoaderDelegate canFulfillRequest:]):
        (-[WebCoreSharedBufferResourceLoaderDelegate fulfillRequest:]):
        (-[WebCoreSharedBufferResourceLoaderDelegate resourceLoader:shouldWaitForLoadingOfRequestedResource:]):
        (WebCore::imageDecoderAssetOptions):
        (WebCore::ImageDecoderAVFObjC::firstEnabledTrack):
        (WebCore::ImageDecoderAVFObjC::storeSampleBuffer):
        (WebCore::ImageDecoderAVFObjC::createFrameImageAtIndex):
        (WebCore::ImageDecoderAVFObjC::setExpectedContentSize):

2017-10-12  Matt Rajca  <mrajca@apple.com>

        Add API support for quirk that lets an arbitrary click allow auto-play.
        https://bugs.webkit.org/show_bug.cgi?id=178227

        Reviewed by Alex Christensen.

        Added API test.
        
        Instead of hardcoding sites in WebCore, let API clients control which websites opt into the quirk that lets
        an arbitrary click allow auto-play via website policies.

        * html/MediaElementSession.cpp:
        (WebCore::needsArbitraryUserGestureAutoplayQuirk):
        * loader/DocumentLoader.h:

2017-10-16  Chris Dumez  <cdumez@apple.com>

        DOMQuad.p1 / p2 / p3 / p4 should behave as [SameObject]
        https://bugs.webkit.org/show_bug.cgi?id=178366

        Reviewed by Youenn Fablet.

        DOMQuad.p1 / p2 / p3 / p4 should behave as [SameObject]. We attempted to do so using JSDOMQuad::visitAdditionalChildren()
        but the code did not work because we failed to generate a "isReachableFromOpaqueRoots()" function for JSDOMPoint.

        Test: fast/css/DOMQuad-points-SameObject.html

        * dom/DOMPoint.idl:

2017-10-16  Andy Estes  <aestes@apple.com>

        [Apple Pay] Add subLocality and subAdministrativeArea to ApplePayPaymentContact and ApplePayError
        https://bugs.webkit.org/show_bug.cgi?id=178191
        <rdar://problem/34906367>

        Reviewed by Tim Horton.

        Added test cases to http/tests/ssl/applepay/ApplePaySession.html.

        * Modules/applepay/ApplePayError.idl:
        * Modules/applepay/ApplePayPaymentContact.h:
        * Modules/applepay/ApplePayPaymentContact.idl:
        * Modules/applepay/ApplePaySessionPaymentRequest.h:
        * Modules/applepay/cocoa/PaymentContactCocoa.mm:
        (WebCore::subLocality):
        (WebCore::setSubLocality):
        (WebCore::subAdministrativeArea):
        (WebCore::setSubAdministrativeArea):
        (WebCore::convert):

2017-10-16  Alex Christensen  <achristensen@webkit.org>

        Allow modern decoding of URLs
        https://bugs.webkit.org/show_bug.cgi?id=178265

        Reviewed by Chris Dumez.

        * platform/URL.h:
        (WebCore::URL::decode):

2017-10-16  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r223425.

        This change broke internal builds.

        Reverted changeset:

        "Remove unnecessary include from Document.h"
        https://bugs.webkit.org/show_bug.cgi?id=178247
        https://trac.webkit.org/changeset/223425

2017-10-16  Maureen Daum  <mdaum@apple.com>

        If an origin doesn't have databases in the Databases table we should still remove its information from disk in DatabaseTracker::deleteOrigin()
        https://bugs.webkit.org/show_bug.cgi?id=178281
        <rdar://problem/34576132>

        Reviewed by Brent Fulgham.

        New test:
        DatabaseTracker.DeleteOriginWithMissingEntryInDatabasesTable

        * Modules/webdatabase/DatabaseTracker.cpp:
        (WebCore::DatabaseTracker::deleteOrigin):
        If databaseNames is empty, don't bail early. Instead, delete everything in the directory
        containing the databases for this origin. This condition indicates that we previously
        tried to remove the origin but didn't get all of the way through the deletion process.
        Because we have lost track of the databases for this origin, we can assume that no
        other process is accessing them. This means it should be safe to delete them outright.

2017-10-16  Youenn Fablet  <youenn@apple.com>

        [FETCH] Remove Request.type getter
        https://bugs.webkit.org/show_bug.cgi?id=177798

        Reviewed by Chris Dumez.

        Tests: imported/w3c/web-platform-tests/fetch/api/request/request-type-attribute-historical.html
               imported/w3c/web-platform-tests/fetch/api/request/url-encoding.html

        Removing FetchRequest type getter.
        Merging Type and Destination as per https://fetch.spec.whatwg.org/#concept-request-destination.
        Setting destination of request within CachedResourceLoader as this will be useful to Service Workers.

        * Modules/fetch/FetchRequest.h:
        * Modules/fetch/FetchRequest.idl:
        * loader/FetchOptions.h:
        (WebCore::FetchOptions::isolatedCopy const):
        (WebCore::FetchOptions::FetchOptions):
        (WebCore::FetchOptions::encode const):
        (WebCore::FetchOptions::decode):
        * loader/ThreadableLoader.cpp:
        (WebCore::ThreadableLoaderOptions::isolatedCopy const):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::requestImage):
        (WebCore::CachedResourceLoader::requestFont):
        (WebCore::CachedResourceLoader::requestTextTrack):
        (WebCore::CachedResourceLoader::requestCSSStyleSheet):
        (WebCore::CachedResourceLoader::requestUserCSSStyleSheet):
        (WebCore::CachedResourceLoader::requestScript):
        (WebCore::CachedResourceLoader::requestXSLStyleSheet):
        (WebCore::CachedResourceLoader::requestMedia):
        (WebCore::CachedResourceLoader::requestIcon):
        (WebCore::CachedResourceLoader::requestRawResource):
        (WebCore::CachedResourceLoader::requestBeaconResource):
        (WebCore::CachedResourceLoader::requestMainResource):
        * loader/cache/CachedResourceRequest.cpp:
        (WebCore::CachedResourceRequest::setDestinationIfNotSet):
        * loader/cache/CachedResourceRequest.h:

2017-10-15  Ryosuke Niwa  <rniwa@webkit.org>

        Cannot access images included in the content pasted from Microsoft Word
        https://bugs.webkit.org/show_bug.cgi?id=124391
        <rdar://problem/26862741>

        Reviewed by Antti Koivisto.

        The bug is caused by the fact Microsoft Word generates HTML content which references an image using file URL.
        Because the websites don't have access to arbtirary file URLs, this prevents editors such as TinyMCE to save
        those images.

        This patch fixes the problem by converting file URLs for images and all other subresources in the web archive
        generated by Microsoft Word by blob URLs like r222839 for RTF/RTFD and r222119 for images.

        To avoid revealing privacy sensitive information such as the absolute local file path to the user's home directory
        Microsoft Word and other applications in the system includes in the web archive placed in the system pasteboard,
        this patch also introduces the mechanism to sanitize when the HTML content is read by DataTransfer's getData.

        This patch also introduces the sanitization for when writing HTML into the pasteboard since other applications
        in the syste which is capable to processing web archives are not necessarily equipped to pretect itself and the
        rest of the system from potentially dangerous JavaScript included in the web archive placed in the system pasteboard.

        Finally, this patch expands the list of clipboard types that are exposed as "text/html" to the Web platform by
        adding the capability to convert RTF, RTFD, and web archive into HTML markup by introducing WebContentMarkupReader,
        a new subclass of PasteboardWebContentReader which creates a HTML markup instead of a document fragment. Most of
        the sanitization process happens in this new class, and will be expanded to WebContentReader to make pasting safer.

        Tests: editing/pasteboard/data-transfer-get-data-on-pasting-html-uses-blob-url.html
               editing/pasteboard/data-transfer-set-data-sanitizes-html-when-copying-in-null-origin.html
               editing/pasteboard/data-transfer-set-data-sanitizes-html-when-copying.html
               editing/pasteboard/data-transfer-set-data-sanitlize-html-when-dragging-in-null-origin.html
               http/tests/security/clipboard/copy-paste-html-across-origin-sanitizes-html.html
               CopyHTML.Sanitizes
               DataInteractionTests.DataTransferSanitizeHTML
               PasteRTF.ExposesHTMLTypeInDataTransfer
               PasteRTFD.ExposesHTMLTypeInDataTransfer
               PasteRTFD.ImageElementUsesBlobURLInHTML
               PasteWebArchive.ExposesHTMLTypeInDataTransfer

        * dom/DataTransfer.cpp:
        (WebCore::originIdentifierForDocument): Moved to Document::originIdentifierForPasteboard.
        (WebCore::DataTransfer::createForCopyAndPaste):
        (WebCore::DataTransfer::getDataForItem const): Use WebContentMarkupReader read HTMl content so that we can read
        web arhive, RTF, and RTFD as text/html.
        (WebCore::DataTransfer::getData const):
        (WebCore::DataTransfer::setData):
        (WebCore::DataTransfer::setDataFromItemList): Sanitize the HTML before placing into the system pasteboard.
        (WebCore::DataTransfer::createForDragStartEvent):
        (WebCore::DataTransfer::createForDrop):
        (WebCore::DataTransfer::createForUpdatingDropTarget):
        * dom/DataTransfer.h:
        * dom/DataTransfer.idl:
        * dom/DataTransferItem.cpp:
        (WebCore::DataTransferItem::getAsString const):
        * dom/Document.cpp:
        (WebCore::Document::originIdentifierForPasteboard): Renamed from uniqueIdentifier. Moved the code to use the origin
        string and then falling back to the UUID here from originIdentifierForDocument in DataTransfer.cpp.
        * dom/Document.h:
        * editing/WebContentReader.cpp:
        (WebCore::WebContentMarkupReader::shouldSanitize const): Added.
        * editing/WebContentReader.h:
        (WebCore::WebContentMarkupReader): Added.
        (WebCore::WebContentMarkupReader::WebContentMarkupReader):
        * editing/cocoa/WebContentReaderCocoa.mm:
        (WebCore::createFragmentFromWebArchive): Extracted out of WebContentReader::readWebArchive to share code.
        (WebCore::WebContentReader::readWebArchive):
        (WebCore::WebContentMarkupReader::readWebArchive): Added. Reads the web archive, replace all subresource URLs by
        blob URLs, and re-generate the markup using our copy & paste code. The last step is requied to strip away any privacy
        sensitive information as well as potentially dangerous JavaScript code.
        (WebCore::stripMicrosoftPrefix): Extracted out of WebContentReader::readHTML to share code.
        (WebCore::WebContentReader::readHTML):
        (WebCore::WebContentMarkupReader::readHTML): Added. Only sanitize the markup when it comes from a different origin.
        (WebCore::WebContentReader::readRTFD): Added a nullity check for frame.document().
        (WebCore::WebContentMarkupReader::readRTFD): Added.
        (WebCore::WebContentMarkupReader::readRTF): Added.
        * editing/markup.h:
        * editing/markup.cpp:
        (WebCore::createPageForSanitizingWebContent): Added.
        (WebCore::sanitizeMarkup): Added. This function "pastes" the markup into a new isolated document then reserializes
        using our serialization code for copy. It strips away all invisible information such as comments, and strips away
        event handlers and script elements to remove potentially dangerous scripts.
        * platform/Pasteboard.h:
        * platform/ios/PasteboardIOS.mm:
        (WebCore::Pasteboard::readPasteboardWebContentDataForType): Now that this code can be called by DataTransfer, added
        the checks for the change count to make sure we stop letting web content read if the pasteboard had been changed by
        some other applications. To do this, turned this function into a member of Pasteboard. Also changed the return type
        to an enum with tri-state to exist the loop early in the call sites.
        (WebCore::Pasteboard::read):
        (WebCore::Pasteboard::readRespectingUTIFidelities):
        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::safeTypeForDOMToReadAndWriteForPlatformType): Treat RTF, RTFD, and web archive as HTML.
        * platform/mac/PasteboardMac.mm:
        (WebCore::Pasteboard::read): Add the change count checks now that this code can be called by DataTransfer.
        * platform/mac/PlatformPasteboardMac.mm:
        (WebCore::safeTypeForDOMToReadAndWriteForPlatformType): Treat RTF, RTFD, and web archive as HTML.

2017-10-16  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed attempt to fix the Windows debug build.

        * Modules/webdatabase/DatabaseTracker.cpp:
        (WebCore::DatabaseTracker::deleteOrigin):

2017-10-16  Chris Dumez  <cdumez@apple.com>

        Log using differential privacy domains where the WebContent process crashes
        https://bugs.webkit.org/show_bug.cgi?id=178346
        <rdar://problem/33293830>

        Reviewed by Alex Christensen.

        Add new diagnostic logging key for domain causing crashes.

        * page/DiagnosticLoggingKeys.cpp:
        (WebCore::DiagnosticLoggingKeys::domainCausingCrashKey):
        * page/DiagnosticLoggingKeys.h:

2017-10-16  Sam Weinig  <sam@webkit.org>

        [Settings] Remove all custom code from Settings.h/cpp
        https://bugs.webkit.org/show_bug.cgi?id=178330

        Reviewed by Simon Fraser.

        Removes the two remaining functions out of Settings paving the way
        for the file to be generated.
        
        - pageDestroyed was moved down into SettingsBase.
        - effectiveFrameFlattening was moved to FrameView (to reduce the need
          for additional includes, the FrameFlattening enum was converted to
          an enum class to allow it to be forward declared).
          
        Also moves default values into SettingsDefaultValues.h

        * WebCore.xcodeproj/project.pbxproj:
        
            Add new files.
        
        * page/FrameView.cpp:
        * page/FrameView.h:

            Move effectiveFrameFlattening function here from Settings.

        * page/Settings.cpp:
        * page/Settings.h:

            Move effectiveFrameFlattening, pageDestroyed and default values out.

        * page/Settings.in:
        
            Update for turning FrameFlattening into an enum class.
        
        * page/SettingsBase.h:

            Turn FrameFlattening into an enum class and move pageDestroyed here.

        * page/SettingsDefaultValues.h: Added.

            Move all the default values from Settings here.

        * rendering/RenderFrameSet.cpp:
        * rendering/RenderIFrame.cpp:
        * rendering/RenderView.cpp:

            Get effectiveFrameFlattening from the FrameView.

        * testing/InternalSettings.cpp:
        * testing/InternalSettings.h:
        
            Update now that FrameFlattening is an enum class.

2017-10-16  Maureen Daum  <mdaum@apple.com>

        If we fail to delete any database file, don't remove its information from the tracker database
        <rdar://problem/34576132> and https://bugs.webkit.org/show_bug.cgi?id=178251

        Reviewed by Brady Eidson.

        New tests:
        DatabaseTracker.DeleteDatabase
        DatabaseTracker.DeleteDatabaseWhenDatabaseDoesNotExist
        DatabaseTracker.DeleteOrigin
        DatabaseTracker.DeleteOriginWhenDeletingADatabaseFails
        DatabaseTracker.DeleteOriginWhenDatabaseDoesNotExist

        * Modules/webdatabase/DatabaseTracker.cpp:
        (WebCore::DatabaseTracker::deleteDatabasesModifiedSince):
        If the database doesn't exist, we previously deleted it but failed to remove the
        information from the tracker database. We still want to delete all of the information
        associated with this database from the tracker database, so add it to databaseNamesToDelete.
        (WebCore::DatabaseTracker::deleteOrigin):
        If a database doesn't exist, don't try to delete it. We don't need to, but more
        importantly, deleteDatabaseFile() will fail if the database doesn't exist, which
        will cause us to incorrectly think we failed to remove database information from disk.
        If we actually fail to delete any database file, return before we remove the origin
        information from the tracker database so we don't lose track of the database.
        (WebCore::DatabaseTracker::deleteDatabase):
        If a database doesn't exist, don't try to delete it. We don't need to, but also it
        will cause us to incorrectly think that we were unable to delete a database, so we
        would bail before we remove the database information from the tracker database. We
        want to remove the database information from the tracker database because the database
        doesn't exist.
        * Modules/webdatabase/DatabaseTracker.h:
        Expose fullPathForDatabase() for use by tests.
        * platform/Logging.h:
        Add a logging channel.

2017-10-16  Alex Christensen  <achristensen@webkit.org>

        Remove unnecessary include from Document.h
        https://bugs.webkit.org/show_bug.cgi?id=178247

        Reviewed by Darin Adler.

        * dom/Document.cpp:
        (WebCore::Document::hasTouchEventHandlers const):
        (WebCore::Document::touchEventTargetsContain const):
        * dom/Document.h:
        (WebCore::Document::hasTouchEventHandlers const): Deleted.
        (WebCore::Document::touchEventTargetsContain const): Deleted.

2017-10-16  Alex Christensen  <achristensen@webkit.org>

        Fix iOS build after r223422
        https://bugs.webkit.org/show_bug.cgi?id=178251

        * Modules/webdatabase/DatabaseManager.h:

2017-10-16  Maureen Daum  <mdaum@apple.com>

        We should wrap the removal of information from the tracker database in a transaction in DatabaseTracker::deleteOrigin()
        https://bugs.webkit.org/show_bug.cgi?id=178274
        <rdar://problem/34576132>

        Reviewed by Tim Horton.

        * Modules/webdatabase/DatabaseTracker.cpp:
        (WebCore::DatabaseTracker::deleteOrigin):
        Wrap the removal of information from the tracker database in a transaction so that
        we don't end up in a case where only one of the tables contains information about
        an origin.
        If anything goes wrong when we're modifying the tracker database, rollback the transaction
        before bailing.

2017-10-16  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r223419.

        This change broke the Windows build.

        Reverted changeset:

        "If we fail to delete any database file, don't remove its
        information from the tracker database"
        https://bugs.webkit.org/show_bug.cgi?id=178251
        https://trac.webkit.org/changeset/223419

2017-10-16  Maureen Daum  <mdaum@apple.com>

        If we fail to delete any database file, don't remove its information from the tracker database
        <rdar://problem/34576132> and https://bugs.webkit.org/show_bug.cgi?id=178251

        Reviewed by Brady Eidson.

        New tests:
        DatabaseTracker.DeleteDatabase
        DatabaseTracker.DeleteDatabaseWhenDatabaseDoesNotExist
        DatabaseTracker.DeleteOrigin
        DatabaseTracker.DeleteOriginWhenDeletingADatabaseFails
        DatabaseTracker.DeleteOriginWhenDatabaseDoesNotExist

        * Modules/webdatabase/DatabaseTracker.cpp:
        (WebCore::DatabaseTracker::deleteDatabasesModifiedSince):
        If the database doesn't exist, we previously deleted it but failed to remove the
        information from the tracker database. We still want to delete all of the information
        associated with this database from the tracker database, so add it to databaseNamesToDelete.
        (WebCore::DatabaseTracker::deleteOrigin):
        If a database doesn't exist, don't try to delete it. We don't need to, but more
        importantly, deleteDatabaseFile() will fail if the database doesn't exist, which
        will cause us to incorrectly think we failed to remove database information from disk.
        If we actually fail to delete any database file, return before we remove the origin
        information from the tracker database so we don't lose track of the database.
        (WebCore::DatabaseTracker::deleteDatabase):
        If a database doesn't exist, don't try to delete it. We don't need to, but also it
        will cause us to incorrectly think that we were unable to delete a database, so we
        would bail before we remove the database information from the tracker database. We
        want to remove the database information from the tracker database because the database
        doesn't exist.
        * Modules/webdatabase/DatabaseTracker.h:
        Expose fullPathForDatabase() for use by tests.
        * platform/Logging.h:
        Add a logging channel.

2017-10-16  Brent Fulgham  <bfulgham@apple.com>

        REGRESSION(223307): ASSERTION in WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution
        https://bugs.webkit.org/show_bug.cgi?id=178342
        <rdar://problem/35008505>

        Reviewed by Chris Dumez.

        In r223307 I mistakenly used 'topDocument->topDocument()' because of a copy/paste error. I should have just used
        'topDocument'.

        Tests: CommandBackForwardTestWKWebView in TestWebKitAPI.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution): We might enter this routine at a time
        where there is no page. If so, we should return early and not log credit.
        * page/EventHandler.cpp:
        (WebCore::EventHandler::keyEvent): Correct the argument passed to the log function.

2017-10-15  Filip Pizlo  <fpizlo@apple.com>

        Make some asserts into release asserts
        https://bugs.webkit.org/show_bug.cgi?id=178324

        Reviewed by Saam Barati.

        No new tests because no change in behavior.
        
        This introduces some release asserts. Perf testing shows that it's neutral. So, we get some extra
        safety without losing any perf.

        * dom/ContainerNodeAlgorithms.cpp:
        (WebCore::notifyChildNodeInserted):
        * dom/Document.cpp:
        (WebCore::Document::adoptNode):
        (WebCore::Document::frameDestroyed):
        (WebCore::Document::attachToCachedFrame):
        (WebCore::Document::detachFromCachedFrame):
        (WebCore::Document::prepareForDestruction):
        (WebCore::Document::dispatchWindowEvent):
        (WebCore::Document::dispatchWindowLoadEvent):
        (WebCore::Document::applyQuickLookSandbox):
        * dom/DocumentOrderedMap.cpp:
        (WebCore::DocumentOrderedMap::add):
        (WebCore::DocumentOrderedMap::remove):
        (WebCore::DocumentOrderedMap::get const):
        (WebCore:: const):
        * dom/Node.cpp:
        (WebCore::Node::~Node):
        (WebCore::DidMoveToNewDocumentAssertionScope::~DidMoveToNewDocumentAssertionScope):
        (WebCore::DidMoveToNewDocumentAssertionScope::didRecieveCall):
        (WebCore::moveNodeToNewDocument):
        (WebCore::moveShadowTreeToNewDocument):
        (WebCore::Node::moveTreeToNewScope):
        (WebCore::Node::didMoveToNewDocument):
        (WebCore::Node::dispatchSubtreeModifiedEvent):
        (WebCore::Node::dispatchDOMActivateEvent):

2017-10-16  Alejandro G. Castro  <alex@igalia.com>

        Make RealtimeIncomingAudioSources and RealtimeOutgoingAudioSources port agnostic
        https://bugs.webkit.org/show_bug.cgi?id=177928

        Reviewed by Youenn Fablet.

        Refactor the RealtimeIncomingAudioSource and RealtimeOutgoingAudioSource classes,
        move the mac specific code to a different class. This way we can use them from
        other ports.

        No new tests, we are not adding new functionality just refactoring.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/mediastream/RealtimeIncomingAudioSource.cpp: Copied from Source/WebCore/platform/mediastream/mac/RealtimeIncomingAudioSource.h. Just the port agnostic parts.
        * platform/mediastream/RealtimeIncomingAudioSource.h: Copied from Source/WebCore/platform/mediastream/mac/RealtimeIncomingAudioSource.h. Ditto.
        * platform/mediastream/RealtimeOutgoingAudioSource.cpp: Copied from Source/WebCore/platform/mediastream/mac/RealtimeOutgoingAudioSource.cpp. Ditto.
        * platform/mediastream/RealtimeOutgoingAudioSource.h: Copied from Source/WebCore/platform/mediastream/mac/RealtimeOutgoingAudioSource.h. Ditto.
        * platform/mediastream/mac/RealtimeIncomingAudioSourceCocoa.cpp: Added, it adds Cocoa code parts from original Source/WebCore/platform/mediastream/mac/RealtimeIncomingAudioSource.cpp.
        (WebCore::RealtimeIncomingAudioSource::create): Moved this function from the RealtimeOutgoingAudioSource.cpp file to avoid including the Cocoa file there.
        * platform/mediastream/mac/RealtimeIncomingAudioSourceCocoa.h: Added Cocoa code from original Source/WebCore/platform/mediastream/mac/RealtimeIncomingAudioSource.h.
        * platform/mediastream/mac/RealtimeOutgoingAudioSourceCocoa.cpp: Added Cocoa code from original Source/WebCore/platform/mediastream/mac/RealtimeOutgoingAudioSource.cpp.
        (WebCore::RealtimeOutgoingAudioSource::create): Moved this function from the RealtimeOutgoingAudioSource.cpp file to avoid including the Cocoa file there.
        * platform/mediastream/mac/RealtimeOutgoingAudioSourceCocoa.h: Added Cocoa code from the original Source/WebCore/platform/mediastream/mac/RealtimeOutgoingAudioSource.h.

2017-10-16  Wenson Hsieh  <wenson_hsieh@apple.com>

        Unreviewed, fix the tvOS build after r223340.

        Add a new #define in PlatformPasteboardIOS.mm for item provider support, and guard usages of
        WebItemProviderPasteboard using it.

        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::pasteboardMayContainFilePaths):
        (WebCore::PlatformPasteboard::readURL):

2017-10-16  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r223271.

        This change introduced LayoutTest failures on WK1.

        Reverted changeset:

        "Use asynchronous ResourceHandleClient calls for WebKit1"
        https://bugs.webkit.org/show_bug.cgi?id=160677
        https://trac.webkit.org/changeset/223271

2017-10-16  Alejandro G. Castro  <alex@igalia.com>

        Make RealtimeIncomingVideoSources and RealtimeOutgoingVideoSources port agnostic
        https://bugs.webkit.org/show_bug.cgi?id=177869

        Reviewed by Youenn Fablet.

        Refactor the RealtimeIncomingVideoSource and RealtimeOutgoingVideoSource classes,
        move the cocoa specific code to a different class. This way we can use them from
        other ports.

        No new functionality, just a refactor.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/mediastream/RealtimeIncomingVideoSource.cpp: Moved from Source/WebCore/platform/mediastream/mac/RealtimeIncomingVideoSource.h. Just the port agnostic parts.
        * platform/mediastream/RealtimeIncomingVideoSource.h: Moved from Source/WebCore/platform/mediastream/mac/RealtimeIncomingVideoSource.h. DItto
        * platform/mediastream/RealtimeOutgoingVideoSource.cpp: Moved from Source/WebCore/platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp. Ditto
        * platform/mediastream/RealtimeOutgoingVideoSource.h: Moved from Source/WebCore/platform/mediastream/mac/RealtimeOutgoingVideoSource.h. Ditto
        * platform/mediastream/mac/RealtimeIncomingVideoSourceMac.cpp: Added, it adds the Cocoa specific parts from Source/WebCore/platform/mediastream/mac/RealtimeIncomingVideoSource.cpp.
        (WebCore::RealtimeIncomingVideoSource::create): Moved this function from the base class, it allows avoiding the include.
        * platform/mediastream/mac/RealtimeIncomingVideoSourceCocoa.h: Added, cocoa dependent code from Source/WebCore/platform/mediastream/mac/RealtimeIncomingVideoSource.h.
        (WebCore::RealtimeOutgoingVideoSource::create): Moved this funtion from the base class, now we can use the Cocoa create without including it in the base class.
        * platform/mediastream/mac/RealtimeOutgoingVideoSourceCocoa.cpp: Added, cocoa dependent code.
        * platform/mediastream/mac/RealtimeOutgoingVideoSourceCocoa.h: Added, cocoa dependent code.

2017-10-16  Manuel Rego Casasnovas  <rego@igalia.com>

        Don't use intrinsic width if our container's width is zero
        https://bugs.webkit.org/show_bug.cgi?id=178073

        Reviewed by Sergio Villar Senin.

        Based on Blink r173212 by <robhogan@gmail.com>.
        https://chromium.googlesource.com/chromium/src/+/1592e8a1e8e56dfa6e5d709c50b129ae659c2fad

        Since at least r798 we use a replaced element's intrinsic width
        if its containing block has a width of zero. As a result our rendering
        of width100percent-image.html has disagreed with all other browsers
        and we display replaced elements when they should be invisible.

        Test: fast/replaced/container-width-zero.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeReplacedLogicalWidthUsing const):
        If our container has zero width then let our width be zero too.

2017-10-16  Wenson Hsieh  <wenson_hsieh@apple.com>

        On ToT, event.dataTransfer.getData("text/uri-list") returns an empty string when dragging an image
        https://bugs.webkit.org/show_bug.cgi?id=178301
        <rdar://problem/34990050>

        Reviewed by Darin Adler.

        After r222656, we consider images on the pasteboard to be files. This causes DataTransfer.getData to return the
        empty string for all types, which brings back https://bugs.webkit.org/show_bug.cgi?id=170637. To allow pages to
        access the URL part of a dragged image, we exempt "text/uri-list" from our heurstics to hide pasteboard data
        which may contain files, and return the URL as long as its protocol is either HTTP or HTTPS.

        Tweaked an existing layout test to cover this scenario, as well as the scenario in which the dragged image links
        to a file URL (in which case we should avoid exposing the data).

        Test: editing/pasteboard/drag-drop-href-as-url.html
              DataInteractionTests.DataTransferGetDataWhenDroppingImageWithHTTPURL

        * dom/DataTransfer.cpp:
        (WebCore::DataTransfer::getDataForItem const):

        When the pasteboard contains files, allow data for "text/uri-list" to be returned, as long as the URL string has
        a white-listed protocol (currently, this is just http and https).

        (WebCore::DataTransfer::shouldSuppressGetAndSetDataToAvoidExposingFilePaths const):
        (WebCore::DataTransfer::setData):
        (WebCore::DataTransfer::types const):

        When the pasteboard contains files, allow "text/uri-list" to be added, alongside the "Files" type, if it would
        have been exposed in the list of safe DOM types.

        * dom/DataTransfer.h:
        * platform/Pasteboard.cpp:
        (WebCore::Pasteboard::canExposeURLToDOMWhenPasteboardContainsFiles):

        Add a new helper method to determine whether it is safe to expose an URL string as "text/uri-list" to bindings,
        if the pasteboard contains files. While this currently checks whether or not the URL is in the HTTP family, we
        may want to consider tweaking this to blacklist the "file" protocol instead, and allow all other valid URLs by
        default.

        * platform/Pasteboard.h:
        * platform/PlatformPasteboard.h:
        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::pasteboardMayContainFilePaths):
        (WebCore::PlatformPasteboard::stringForType const):

        Mark stringForType as const, and also teach stringForType to return the null string for the platform URL type if
        the pasteboard might contain file paths.

        (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const):

        Before coercing a platform type to "text/uri-list" when building the list of DOM-safe types, check that the
        stringForType is not the empty string, in which case we don't expose the type to the DOM at all. This ensures
        that in cases where the URL might reveal a file path, we don't advertise "text/uri-list" as a type. We adopt a
        similar strategy on iOS.

        (WebCore::PlatformPasteboard::stringForType): Deleted.
        * platform/mac/PlatformPasteboardMac.mm:
        (WebCore::pasteboardMayContainFilePaths):
        (WebCore::PlatformPasteboard::stringForType const):
        (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const):
        (WebCore::PlatformPasteboard::stringForType): Deleted.

2017-10-16  Frederic Wang  <fwang@igalia.com>

        Use auto/nullptr in scrolling code
        https://bugs.webkit.org/show_bug.cgi?id=178306

        Reviewed by Carlos Garcia Campos.

        This patch modifies the scrolling code to use the auto keyword when
        possible. It also replaces '0' with 'nullptr' for the return value of
        ScrollingStateTree::stateNodeForID.

        No new tests, behavior unchanged.

        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated):
        (WebCore::AsyncScrollingCoordinator::frameViewRootLayerDidChange):
        (WebCore::AsyncScrollingCoordinator::requestScrollPositionUpdate):
        (WebCore::AsyncScrollingCoordinator::frameViewForScrollingNode const):
        (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):
        (WebCore::AsyncScrollingCoordinator::reconcileScrollingState):
        (WebCore::AsyncScrollingCoordinator::updateFrameScrollingNode):
        (WebCore::AsyncScrollingCoordinator::updateOverflowScrollingNode):
        (WebCore::AsyncScrollingCoordinator::updateNodeLayer):
        (WebCore::AsyncScrollingCoordinator::updateNodeViewportConstraints):
        (WebCore::AsyncScrollingCoordinator::setSynchronousScrollingReasons):
        (WebCore::AsyncScrollingCoordinator::updateScrollLayerPosition):
        (WebCore::AsyncScrollingCoordinator::setActiveScrollSnapIndices):
        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::coordinatesScrollingForFrameView const):
        (WebCore::ScrollingCoordinator::absoluteEventTrackingRegionsForFrame const):
        (WebCore::ScrollingCoordinator::scrollLayerForFrameView):
        (WebCore::ScrollingCoordinator::headerLayerForFrameView):
        (WebCore::ScrollingCoordinator::footerLayerForFrameView):
        (WebCore::ScrollingCoordinator::counterScrollingLayerForFrameView):
        (WebCore::ScrollingCoordinator::insetClipLayerForFrameView):
        (WebCore::ScrollingCoordinator::contentShadowLayerForFrameView):
        (WebCore::ScrollingCoordinator::rootContentLayerForFrameView):
        (WebCore::ScrollingCoordinator::handleWheelEventPhase):
        (WebCore::ScrollingCoordinator::hasVisibleSlowRepaintViewportConstrainedObjects const):
        (WebCore::ScrollingCoordinator::updateSynchronousScrollingReasonsForAllFrames):
        (WebCore::ScrollingCoordinator::synchronousScrollingReasonsAsText const):
        * page/scrolling/ScrollingStateFixedNode.cpp:
        (WebCore::ScrollingStateFixedNode::reconcileLayerPositionForViewportRect):
        * page/scrolling/ScrollingStateStickyNode.cpp:
        (WebCore::ScrollingStateStickyNode::reconcileLayerPositionForViewportRect):
        * page/scrolling/ScrollingStateTree.cpp:
        (WebCore::ScrollingStateTree::nodeTypeAndParentMatch const):
        (WebCore::ScrollingStateTree::attachNode):
        (WebCore::ScrollingStateTree::detachNode):
        (WebCore::ScrollingStateTree::removeNodeAndAllDescendants):
        (WebCore::ScrollingStateTree::stateNodeForID const):
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::shouldHandleWheelEventSynchronously):
        (WebCore::ScrollingTree::viewportChangedViaDelegatedScrolling):
        (WebCore::ScrollingTree::scrollPositionChangedViaDelegatedScrolling):
        (WebCore::ScrollingTree::commitTreeState):
        (WebCore::ScrollingTree::updateTreeFromStateNode):
        * page/scrolling/ScrollingTreeNode.cpp:
        (WebCore::ScrollingTreeNode::enclosingFrameNode const):
        * page/scrolling/coordinatedgraphics/ScrollingCoordinatorCoordinatedGraphics.cpp:
        (WebCore::ScrollingCoordinatorCoordinatedGraphics::detachFromStateTree):
        (WebCore::ScrollingCoordinatorCoordinatedGraphics::updateNodeLayer):
        (WebCore::ScrollingCoordinatorCoordinatedGraphics::updateNodeViewportConstraints):
        (WebCore::ScrollingCoordinatorCoordinatedGraphics::scrollableAreaScrollLayerDidChange):
        (WebCore::ScrollingCoordinatorCoordinatedGraphics::willDestroyScrollableArea):

2017-10-16  Fujii Hironori  <Hironori.Fujii@sony.com>

        A lot of "Can't stat WebCore/animation: No such file or directory" since r223328
        https://bugs.webkit.org/show_bug.cgi?id=178326

        Unreviewed build fix

        The directory WebCore/animation was removed in r223328.

        No new tests because there is no behavior change.

        * CMakeLists.txt: Removed animation from
        WebCore_INCLUDE_DIRECTORIES and WebCore_IDL_INCLUDES.
        * DerivedSources.make: Removed animation from VPATH and IDL_INCLUDES

2017-10-16  Frederic Wang  <fwang@igalia.com>

        Replace some ScrollingTreeNode::nodeType() calls with is*Node()
        https://bugs.webkit.org/show_bug.cgi?id=178259

        Reviewed by Darin Adler.

        No new tests, behavior unchanged.

        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewForScrollingNode const):
        * page/scrolling/ScrollingStateNode.h:
        (WebCore::ScrollingStateNode::isScrollingNode const):
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::updateTreeFromStateNode):
        * page/scrolling/ScrollingTreeNode.cpp:
        (WebCore::ScrollingTreeNode::enclosingFrameNode const):
        * page/scrolling/ScrollingTreeNode.h:
        (WebCore::ScrollingTreeNode::isScrollingNode const):

2017-10-16  Tomas Popela  <tpopela@redhat.com>

        DataTransfer.cpp triggers -Wunused-but-set-variable
        https://bugs.webkit.org/show_bug.cgi?id=178209

        Reviewed by Wenson Hsieh.

        Use the ASSERT_UNUSED to silence it.

        * dom/DataTransfer.cpp:
        (WebCore::DataTransfer::filesFromPasteboardAndItemList const):

2017-10-15  Sam Weinig  <sam@webkit.org>

        [Settings] Split non-macro generated parts of Settings into SettingsBase base class
        https://bugs.webkit.org/show_bug.cgi?id=178321

        Reviewed by Darin Adler.

        Working towards getting generated Settings working again, but in smaller patches, split
        non-generated part off into SettingsBase as a first step.
        
        One function, effectiveFrameFlattening(), needs to remain in Settings for now, as it directly
        references a macro generated function, frameFlattening().

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * page/Page.h:
        * page/Settings.cpp:
        * page/Settings.h:
        * page/SettingsBase.h: Copied from Source/WebCore/page/Settings.h.
        * page/cocoa/SettingsBaseCocoa.mm: Copied from Source/WebCore/page/cocoa/SettingsCocoa.mm.
        * page/cocoa/SettingsCocoa.mm: Removed.

2017-10-15  Yusuke Suzuki  <utatane.tea@gmail.com>

        [JSC] Perform module specifier validation at parsing time
        https://bugs.webkit.org/show_bug.cgi?id=178256

        Reviewed by Darin Adler.

        No behavior change in the current implementation.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::moduleLoaderResolve):
        * bindings/js/JSDOMWindowBase.h:
        * bindings/js/ScriptModuleLoader.cpp:
        (WebCore::ScriptModuleLoader::resolve):
        * bindings/js/ScriptModuleLoader.h:

2017-10-15  Chris Dumez  <cdumez@apple.com>

        DOMTokenList shouldn't add empty attributes
        https://bugs.webkit.org/show_bug.cgi?id=178280
        <rdar://problem/34987431>

        Reviewed by Ryosuke Niwa.

        Follow-up to r223306, reverse the check conditions to avoid attribute
        lookup when possible. Also use m_tokens instead of tokens() to avoid
        unnecessary branch.

        * html/DOMTokenList.cpp:
        (WebCore::DOMTokenList::updateAssociatedAttributeFromTokens):

2017-10-15  Darin Adler  <darin@apple.com>

        UTF-8 decoding produces one replacement character per byte; Encoding standard requires one replacement character per illegal sequence instead
        https://bugs.webkit.org/show_bug.cgi?id=178207

        Reviewed by Sam Weinig.

        * platform/text/TextCodecUTF8.cpp:
        (WebCore::TextCodecUTF8::create): Deleted. Use a lambda instead.
        (WebCore::TextCodecUTF8::registerCodecs): Use a lambda.
        (WebCore::nonASCIISequenceLength): Changed to return 0 instead of 2 for the range 80-C1 since
        none of those are valid sequence leading characters.
        (WebCore::decodeNonASCIISequence): Changed the length argument to be in/out so the caller
        knows how much of the sequence we decoded for failure cases. Simplified the length 2 section.
        (WebCore::TextCodecUTF8::handleError): Deleted.
        (WebCore::TextCodecUTF8::handlePartialSequence): Changed this into a pair of plain functions
        rather than two template function specializations since the two functions are rather different.
        For the one-byte version, got rid of the unused arguments. For the two-byte version, got rid
        of the ignored return value, stopped using the handleError function since each error case
        needs to be handled differently. In each error case consume the entire incorrect sequence
        instead of just one byte.
        (WebCore::TextCodecUTF8::decode): Updated for the above change, and changed the non-partial
        incorrect sequence to consume the entire incorrect sequence instead of just one byte. Also
        use WTF prefixes explicitly so we don't  have to do "using namespace".
        (WebCore::TextCodecUTF8::encode): Got rid of unneeded type punning, and added some inline
        capacity to save one memory allocation when encoding shorter strings.

        * platform/text/TextCodecUTF8.h: Use pragma once. Intialize m_partialSequenceSize where it
        is defined and let the compiler generate the constructor. Updated for the changes above.

        * platform/text/TextEncoding.h: Export a constructor now used by a unit test.
        * platform/text/TextEncodingRegistry.h: Export newTextCodec, now used by a unit test.

2017-10-14  Antoine Quint  <graouts@apple.com>

        Remove all Web Animations code
        https://bugs.webkit.org/show_bug.cgi?id=178273

        Reviewed by Sam Weinig.

        We remove all existing code related to Web Animations which does not include any functionality,
        only stubs. This leaves the build and runtime flags, we'll start a complete implementation from
        scratch.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * animation/Animatable.idl: Removed.
        * animation/AnimationEffect.cpp: Removed.
        * animation/AnimationEffect.h: Removed.
        * animation/AnimationEffect.idl: Removed.
        * animation/AnimationTimeline.cpp: Removed.
        * animation/AnimationTimeline.h: Removed.
        * animation/AnimationTimeline.idl: Removed.
        * animation/DocumentAnimation.cpp: Removed.
        * animation/DocumentAnimation.h: Removed.
        * animation/DocumentAnimation.idl: Removed.
        * animation/DocumentTimeline.cpp: Removed.
        * animation/DocumentTimeline.h: Removed.
        * animation/DocumentTimeline.idl: Removed.
        * animation/KeyframeEffect.cpp: Removed.
        * animation/KeyframeEffect.h: Removed.
        * animation/KeyframeEffect.idl: Removed.
        * animation/WebAnimation.cpp: Removed.
        * animation/WebAnimation.h: Removed.
        * animation/WebAnimation.idl: Removed.
        * bindings/js/JSAnimationTimelineCustom.cpp: Removed.
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/WebCoreBuiltinNames.h:
        * dom/Element.cpp:
        (WebCore::Element::getAnimations): Deleted.
        * dom/Element.h:
        * dom/Element.idl:

2017-10-14  Devin Rousso  <webkit@devinrousso.com>

        Web Inspector: provide a way to enable/disable event listeners
        https://bugs.webkit.org/show_bug.cgi?id=177451

        Reviewed by Joseph Pecoraro.

        Test: inspector/dom/setEventListenerDisabled.html

        * dom/EventTarget.cpp:
        (WebCore::EventTarget::fireEventListeners):
        Add InspectorInstrumentation call to isEventListenerDisabled. If true, the event listener's
        callback will not be called.

        * inspector/InspectorDOMAgent.h:
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::discardBindings):
        (WebCore::InspectorDOMAgent::getEventListenersForNode):
        (WebCore::InspectorDOMAgent::setEventListenerDisabled):
        (WebCore::InspectorDOMAgent::buildObjectForEventListener):
        (WebCore::InspectorDOMAgent::willRemoveEventListener):
        (WebCore::InspectorDOMAgent::isEventListenerDisabled):
        Introduce a mapping of `EventListener*` to `InspectorEventListener`, a struct for uniquely
        identifying event listeners so they can be referenced from the frontend. We only add items
        to this mapping when `getEventListenersForNode` is called, as that is when EventListener
        data is sent to the frontend. This allows us to defer creating an Inspector "mirror" object
        for each EventListener until it is needed. Items are removed whenever an event listener is
        removed or when the document changes.

        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::isEventListenerDisabled):
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::willRemoveEventListenerImpl):
        (WebCore::InspectorInstrumentation::isEventListenerDisabledImpl):
        Pass additional parameters to InspectorDOMAgent so it can determine if the event listener
        actually exists. If not, don't dispatch an event to the frontend as nothing will change.

2017-10-14  Sam Weinig  <sam@webkit.org>

        Remove HashCountedSet's copyToVector functions
        https://bugs.webkit.org/show_bug.cgi?id=178215

        Reviewed by Daniel Bates.

        * page/DeviceController.cpp:
        (WebCore::DeviceController::dispatchDeviceEvent):
        (WebCore::DeviceController::fireDeviceEvent):
        
            Replace use of HashCountedSet's copyToVector functions with copyToVector(hashCountedSet.values()).

2017-10-13  Jer Noble  <jer.noble@apple.com>

        Performance: Skip texture upload if source image and destination texture haven't changed
        https://bugs.webkit.org/show_bug.cgi?id=178254
        <rdar://problem/34968181>

        Reviewed by Dean Jackson.

        Update GraphicsContext3D to track which texture is bound to which texture unit, and also to
        track when those bound textures have their backing stores modified. This new "seed" value
        will be used to determine whether a given texture which has previously had image data
        uploaded to it needs to be re-updated.

        In VideoTextureCopierCV, track whether the texture's seed changed, whether the IOSurface is
        the same,  whether the IOSurface's seed has changed, and whether the "flipY" parameter
        changed since the last time the copier was asked to upload to the texture.

        * platform/graphics/GraphicsContext3D.h:
        (WebCore::GraphicsContext3D::textureSeed):
        (WebCore::GraphicsContext3D::GraphicsContext3DState::currentBoundTexture):
        (WebCore::GraphicsContext3D::GraphicsContext3DState::boundTexture):
        (WebCore::GraphicsContext3D::GraphicsContext3DState::setBoundTexture):
        * platform/graphics/cv/VideoTextureCopierCV.cpp:
        (WebCore::VideoTextureCopierCV::copyImageToPlatformTexture):
        * platform/graphics/cv/VideoTextureCopierCV.h:
        (WebCore::VideoTextureCopierCV::lastTextureSeed):
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::prepareTexture):
        (WebCore::GraphicsContext3D::bindTexture):
        (WebCore::GraphicsContext3D::texStorage2D):
        (WebCore::GraphicsContext3D::texStorage3D):
        (WebCore::GraphicsContext3D::framebufferTexture2D):
        (WebCore::GraphicsContext3D::texSubImage2D):
        (WebCore::GraphicsContext3D::compressedTexImage2D):
        (WebCore::GraphicsContext3D::compressedTexSubImage2D):
        (WebCore::GraphicsContext3D::createTexture):
        (WebCore::GraphicsContext3D::deleteTexture):
        (WebCore::GraphicsContext3D::texImage2DDirect):

2017-10-13  Per Arne Vollan  <pvollan@apple.com>

        [Win] When built with VS2017, MiniBrowser crashes on startup.
        https://bugs.webkit.org/show_bug.cgi?id=175209

        Reviewed by Daniel Bates.

        Generated StaticStringImpl objects are not initialized compile-time with VS2017.
        When compiling with VS2017, the global, static, StaticStringImpl objects needs to
        be defined with the constexpr specifier, in order for the objects to be initialized
        at compile time. Since the StaticStringImpl objects will be const then, we need to
        be able to create an AtomicString object from a const StaticStringImpl object. 
        This constructor has been added to the AtomicString class.

        No new tests, covered by existing tests. 

        * bindings/scripts/StaticString.pm:
        (GenerateStrings):
        (GenerateStringAsserts):
        * dom/QualifiedName.cpp:
        (WebCore::createQualifiedName):
        * dom/QualifiedName.h:
        * dom/make_names.pl:
        (printDefinitions):

2017-10-13  Brent Fulgham  <bfulgham@apple.com>

        Protect FrameView during style calculations
        https://bugs.webkit.org/show_bug.cgi?id=178300
        <rdar://problem/34869329>

        Reviewed by Ryosuke Niwa.

        Protect the FrameView during layout and style updates in case arbitrary script
        is run that might clear it.

        Test: fast/html/marquee-reparent-check.html

        * page/FrameView.cpp:
        (WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive):

2017-10-13  Per Arne Vollan  <pvollan@apple.com>

        Crash under ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData
        https://bugs.webkit.org/show_bug.cgi?id=178279

        Reviewed by Alex Christensen.

        Check if the connection is valid before calling ResourceHandleClient::didSendData.

        No new tests, covered by existing tests.

        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData):

2017-10-13  Brent Fulgham  <bfulgham@apple.com>

        CMD+R / CMD+Q keyboard shortcuts are treated as user interaction with page
        https://bugs.webkit.org/show_bug.cgi?id=178183
        <rdar://problem/33327730>

        Reviewed by Ryosuke Niwa.

        Key events are granted user interaction credit (in terms of updating the last time of user
        interaction), even if the key event was not handled. Instead, we should defer granting
        access until the key event has been handled.
        
        Add a new default constructor argument to UserGestureIndicator to be used when handling key
        events, so we can delay a decision about whether to grant ResourceLoadStatistics
        'hasHadUserInteraction' until we confirm that the event was handled by the page.

        This change does not affect other aspects of user interaction.

        Tests: fast/events
               http/tests/resourceLoadStatistics/prevalent-resource-handled-keydown.html
               http/tests/resourceLoadStatistics/prevalent-resource-unhandled-keydown.html

        * dom/UserGestureIndicator.cpp:
        (WebCore::UserGestureIndicator::UserGestureIndicator): Add check based on constructor argument.
        Also: Drive by fix to avoid calling 'currentToken' when not on the main thread.
        * dom/UserGestureIndicator.h:
        * page/EventHandler.cpp:
        (WebCore::EventHandler::keyEvent): If the key event was handled, grant user interaction credit
        for ResourceLoadStatistics processing.
        (WebCore::EventHandler::internalKeyEvent): Use the new UserGestureIndicator constructor argument.

2017-10-13  Chris Dumez  <cdumez@apple.com>

        DOMTokenList shouldn't add empty attributes
        https://bugs.webkit.org/show_bug.cgi?id=178280

        Reviewed by Ryosuke Niwa.

        DOMTokenList shouldn't add empty attributes after:
        - https://github.com/whatwg/dom/pull/488

        Firefox and Chrome follow the latest spec.

        No new tests, updating existing test.

        * html/DOMTokenList.cpp:
        (WebCore::DOMTokenList::updateAssociatedAttributeFromTokens):
        Implement the first step of https://dom.spec.whatwg.org/#concept-dtl-update

2017-10-13  Jer Noble  <jer.noble@apple.com>

        Unreviewed build fix; wrap more functions in USE(IOSURFACE) so that
        they do not generate "unused function" errors.

        * platform/graphics/cv/VideoTextureCopierCV.cpp:

2017-10-13  Jer Noble  <jer.noble@apple.com>

        One last unreviewed build fix; since the IOSurface APIs don't exist at
        all on the simulator, just wrap the entirety of the implementation of
        copyImageToPlatformTexture() in a #if USE(IOSURFACE) check.

        * platform/graphics/cv/VideoTextureCopierCV.cpp:
        (WebCore::VideoTextureCopierCV::copyImageToPlatformTexture):

2017-10-13  Jer Noble  <jer.noble@apple.com>

        Unreviewed build fix for the previous build fix; use the right PAL path for IOSurfaceSPI.h.

        * platform/graphics/cv/VideoTextureCopierCV.cpp:

2017-10-13  Jer Noble  <jer.noble@apple.com>

        Unreviewed build fix; add definitions for IOSurface methods missing on some platforms.

        * platform/graphics/cv/VideoTextureCopierCV.cpp:

2017-10-13  Alex Christensen  <achristensen@webkit.org>

        Remove Editor::simplifyMarkup
        https://bugs.webkit.org/show_bug.cgi?id=178271

        Reviewed by Wenson Hsieh.

        An API test became flaky, and it turns out this isn't used anywhere, so let's remove it!
        It was used in Mountain Lion, Mavericks, and Yosemite, but not since then.
        See <rdar://problem/10726177>

        * editing/Editor.cpp:
        (WebCore::Editor::simplifyMarkup): Deleted.
        * editing/Editor.h:

2017-10-13  Jer Noble  <jer.noble@apple.com>

        Unreviewed build fix; forward declare the type of IOSurfaceRef.

        * platform/cocoa/CoreVideoSoftLink.cpp:
        * platform/cocoa/CoreVideoSoftLink.h:

2017-10-13  Jer Noble  <jer.noble@apple.com>

        Unreviewed build fix; add soft link macros for newly called CoreVideo methods.

        * platform/cocoa/CoreVideoSoftLink.cpp:
        * platform/cocoa/CoreVideoSoftLink.h:

2017-10-13  Jer Noble  <jer.noble@apple.com>

        Unreviewed build fix; add UNUSED_PARAM macros.

        * platform/graphics/cocoa/GraphicsContext3DCocoa.mm:
        (WebCore::GraphicsContext3D::texImageIOSurface2D):

2017-10-13  Jer Noble  <jer.noble@apple.com>

        Performance: do pixel conformance and texturing in a single step.
        https://bugs.webkit.org/show_bug.cgi?id=178219
        <rdar://problem/34937237>

        Reviewed by Dean Jackson.

        No new tests; performance improvements should have no behavior change.

        Rather than asking the VTDecompressionSession to conform the output CVPixelBuffer into a
        pixel format compatible with OpenGL (& ES), don't constrain the output at all, and only do a
        conformance step if the output is not already compatible with OpenGL. This eliminates one
        copy (in hardware) operation.

        Move the TextureCacheCV object into VideoTextureCopierCV; it will be conditionally used to
        create the texture if the pixel buffer is compatible.

        Refactor copyVideoTextureToPlatformTexture(CVOpenGLTextureRef) in VideoTextureCopierCV. The
        new entry point, copyImageToPlatformTexture(), will attempt to use the texture cache first,
        and call a new common copyVideoTextureToPlatformTexture(Platform3DObject) with the result.

        The new copyImageToPlatformTexture() will pull planar YUV frames into two textures, and combine
        the two with a color transfer function when drawing to the output texture.

        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::copyVideoTextureToPlatformTexture):
        * platform/graphics/cocoa/GraphicsContext3DCocoa.mm:
        (WebCore::GraphicsContext3D::texImageIOSurface2D):
        * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
        (WebCore::WebCoreDecompressionSession::ensureDecompressionSessionForSample):
        * platform/graphics/cv/TextureCacheCV.h:
        * platform/graphics/cv/TextureCacheCV.mm:
        (WebCore::TextureCacheCV::textureFromImage):
        * platform/graphics/cv/VideoTextureCopierCV.cpp:
        (WebCore::pixelRangeFromPixelFormat):
        (WebCore::transferFunctionFromString):
        (WebCore::YCbCrToRGBMatrixForRangeAndTransferFunction):
        (WebCore::VideoTextureCopierCV::~VideoTextureCopierCV):
        (WebCore::VideoTextureCopierCV::initializeUVContextObjects):
        (WebCore::VideoTextureCopierCV::copyImageToPlatformTexture):
        (WebCore::VideoTextureCopierCV::copyVideoTextureToPlatformTexture):
        * platform/graphics/cv/VideoTextureCopierCV.h:

2017-10-13  Romain Bellessort  <romain.bellessort@crf.canon.fr>

        [Readable Streams API] Align queue with spec for ReadableStreamDefaultController
        https://bugs.webkit.org/show_bug.cgi?id=178082

        Reviewed by Xabier Rodriguez-Calvar.

        Implemented new queue behavior for dequeueValue (used by ReadableStreamDefaultController),
        which fixes rounding errors (as described in https://github.com/whatwg/streams/pull/661).
        Also aligned ReadableByteStreamController queue so that both queues are implemented in
        the same way.

        No new tests (covered by existing tests, especially WPT tests that now pass).

        * Modules/streams/ReadableByteStreamInternals.js:
        (privateInitializeReadableByteStreamController): Aligned queue with RSDC.
        (readableByteStreamControllerCancel): Aligned queue with RSDC.
        (readableByteStreamControllerError): Aligned queue with RSDC.
        (readableByteStreamControllerClose): Aligned queue with RSDC.
        (readableByteStreamControllerHandleQueueDrain): Aligned queue with RSDC.
        (readableByteStreamControllerPull): Aligned queue with RSDC.
        (readableByteStreamControllerEnqueue): Aligned queue with RSDC.
        (readableByteStreamControllerEnqueueChunk): Aligned queue with RSDC.
        (readableByteStreamControllerProcessPullDescriptors): Aligned queue with RSDC.
        (readableByteStreamControllerFillDescriptorFromQueue): Aligned queue with RSDC.
        (readableByteStreamControllerPullInto): Aligned queue with RSDC.
        * Modules/streams/StreamInternals.js:
        (dequeueValue): Updated to match spec.
        * bindings/js/WebCoreBuiltinNames.h: Removed now useless "totalQueuedBytes".

2017-10-13  Wenson Hsieh  <wenson_hsieh@apple.com>

        "text/html" data is not exposed when dragging and dropping across origins
        https://bugs.webkit.org/show_bug.cgi?id=178253
        <rdar://problem/34971203>

        Reviewed by Ryosuke Niwa.

        Minor tweak to DataTransfer::setDataFromItemList to allow "text/html" written from bindings to transfer across
        origins without requiring a sanitized representation. Currently, sanitizedData is null, which limits "text/html"
        to being treated as custom data, inaccessible across origins. We should instead treat markup supplied via
        bindings the same way as we do "text/plain" supplied via bindings.

        Modified Tests: editing/pasteboard/data-transfer-set-data-sanitize-url-when-copying-in-null-origin.html
                        editing/pasteboard/data-transfer-set-data-sanitize-url-when-dragging-in-null-origin.html

        * dom/DataTransfer.cpp:
        (WebCore::DataTransfer::setDataFromItemList):

2017-10-12  Brady Eidson  <beidson@apple.com>

        SW "Hello world".
        https://bugs.webkit.org/show_bug.cgi?id=178187

        Reviewed by Andy Estes.

        No new tests (Covered by changes to existing tests).

        With this patch, SW scripts are actually compiled and run inside a ServiceWorkerGlobalScope environment
        in the SW context process.

        * WebCore.xcodeproj/project.pbxproj:

        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::initScript):

        * dom/EventTargetFactory.in:

        * workers/WorkerGlobalScope.h:
        (WebCore::WorkerGlobalScope::isServiceWorkerGlobalScope const):

        * workers/service/ServiceWorkerContextData.cpp: Copied from Source/WebCore/workers/service/ServiceWorkerGlobalScope.cpp.
        (WebCore::ServiceWorkerContextData::isolatedCopy const):
        * workers/service/ServiceWorkerContextData.h:
        (WebCore::ServiceWorkerContextData::encode const):
        (WebCore::ServiceWorkerContextData::decode):

        * workers/service/ServiceWorkerGlobalScope.cpp:
        (WebCore::ServiceWorkerGlobalScope::ServiceWorkerGlobalScope):
        (WebCore::ServiceWorkerGlobalScope::~ServiceWorkerGlobalScope):
        (WebCore::ServiceWorkerGlobalScope::registration):
        (WebCore::ServiceWorkerGlobalScope::eventTargetInterface const):
        * workers/service/ServiceWorkerGlobalScope.h:
        (WebCore::ServiceWorkerGlobalScope::create):
        (WebCore::ServiceWorkerGlobalScope::serverConnectionIdentifier const):

        * workers/service/context/SWContextManager.cpp: Copied from Source/WebCore/workers/service/ServiceWorkerGlobalScope.cpp.
        (WebCore::SWContextManager::singleton):
        (WebCore::SWContextManager::SWContextManager):
        (WebCore::SWContextManager::startServiceWorkerContext):
        * workers/service/context/SWContextManager.h: Copied from Source/WebCore/workers/service/ServiceWorkerGlobalScope.h.

        * workers/service/context/ServiceWorkerThread.cpp: Added.
        (WebCore::ServiceWorkerThreadProxy::sharedDummyProxy):
        (WebCore::ServiceWorkerThread::ServiceWorkerThread):
        (WebCore::m_workerObjectProxy):
        (WebCore::ServiceWorkerThread::~ServiceWorkerThread):
        (WebCore::ServiceWorkerThread::createWorkerGlobalScope):
        (WebCore::ServiceWorkerThread::runEventLoop):
        * workers/service/context/ServiceWorkerThread.h: Copied from Source/WebCore/workers/service/ServiceWorkerGlobalScope.h.
        (WebCore::ServiceWorkerThread::create):
        (WebCore::ServiceWorkerThread::workerObjectProxy const):

        * workers/service/server/SWServer.cpp:
        (WebCore::SWServer::createWorker):

2017-10-12  Alex Christensen  <achristensen@webkit.org>

        Use asynchronous ResourceHandleClient calls for WebKit1
        https://bugs.webkit.org/show_bug.cgi?id=160677

        Reviewed by Brady Eidson.

        Covered by existing tests.

        * PlatformAppleWin.cmake:
        * PlatformMac.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::willSendRequestAsync):
        (WebCore::ResourceLoader::didReceiveResponseAsync):
        (WebCore::ResourceLoader::canAuthenticateAgainstProtectionSpaceAsync):
        * loader/ResourceLoader.h:
        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::didReceiveResponseAsync):
        (WebCore::ApplicationCacheGroup::willSendRequestAsync):
        (WebCore::ApplicationCacheGroup::canAuthenticateAgainstProtectionSpaceAsync):
        (WebCore::ApplicationCacheGroup::didReceiveResponse): Deleted.
        * loader/appcache/ApplicationCacheGroup.h:
        * platform/network/BlobResourceHandle.cpp:
        (WebCore::BlobResourceHandle::continueDidReceiveResponse):
        (WebCore::BlobResourceHandle::getSizeForNext):
        (WebCore::BlobResourceHandle::notifyResponseOnSuccess):
        (WebCore::BlobResourceHandle::notifyResponseOnError):
        * platform/network/PingHandle.h:
        * platform/network/ResourceHandle.cpp:
        (WebCore::ResourceHandle::didReceiveResponse):
        (WebCore::ResourceHandle::usesAsyncCallbacks): Deleted.
        * platform/network/ResourceHandle.h:
        * platform/network/ResourceHandleClient.cpp:
        (WebCore::ResourceHandleClient::~ResourceHandleClient):
        (WebCore::ResourceHandleClient::willSendRequest): Deleted.
        (WebCore::ResourceHandleClient::willSendRequestAsync): Deleted.
        (WebCore::ResourceHandleClient::didReceiveResponseAsync): Deleted.
        (WebCore::ResourceHandleClient::canAuthenticateAgainstProtectionSpaceAsync): Deleted.
        * platform/network/ResourceHandleClient.h:
        (WebCore::ResourceHandleClient::didReceiveAuthenticationChallenge):
        (WebCore::ResourceHandleClient::didReceiveResponse): Deleted.
        (WebCore::ResourceHandleClient::usesAsyncCallbacks): Deleted.
        (WebCore::ResourceHandleClient::canAuthenticateAgainstProtectionSpace): Deleted.
        * platform/network/ResourceHandleInternal.h:
        (WebCore::ResourceHandleInternal::ResourceHandleInternal):
        * platform/network/SynchronousLoaderClient.cpp:
        (WebCore::SynchronousLoaderClient::willSendRequestAsync):
        (WebCore::SynchronousLoaderClient::canAuthenticateAgainstProtectionSpaceAsync):
        (WebCore::SynchronousLoaderClient::didReceiveResponseAsync):
        (WebCore::SynchronousLoaderClient::didFinishLoading):
        (WebCore::SynchronousLoaderClient::didFail):
        (WebCore::SynchronousLoaderClient::willSendRequest): Deleted.
        (WebCore::SynchronousLoaderClient::canAuthenticateAgainstProtectionSpace): Deleted.
        (WebCore::SynchronousLoaderClient::didReceiveResponse): Deleted.
        * platform/network/SynchronousLoaderClient.h:
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::createCFURLConnection):
        (WebCore::ResourceHandle::start):
        (WebCore::ResourceHandle::willSendRequest):
        (WebCore::ResourceHandle::shouldUseCredentialStorage):
        (WebCore::ResourceHandle::canAuthenticateAgainstProtectionSpace):
        (WebCore::ResourceHandle::platformLoadResourceSynchronously):
        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::ResourceHandleCFURLConnectionDelegateWithOperationQueue):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::releaseHandle):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveData):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFinishLoading):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFail):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveChallenge):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::shouldUseCredentialStorage):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::canRespondToProtectionSpace):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::continueCanAuthenticateAgainstProtectionSpace):
        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.h:
        * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp: Removed.
        * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.h: Removed.
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::start):
        (WebCore::ResourceHandle::schedule):
        (WebCore::ResourceHandle::makeDelegate):
        (WebCore::ResourceHandle::delegate):
        (WebCore::ResourceHandle::platformLoadResourceSynchronously):
        (WebCore::ResourceHandle::willSendRequest):
        (WebCore::ResourceHandle::continueWillSendRequest):
        (WebCore::ResourceHandle::continueDidReceiveResponse):
        (WebCore::ResourceHandle::canAuthenticateAgainstProtectionSpace):
        (WebCore::ResourceHandle::continueCanAuthenticateAgainstProtectionSpace):
        (WebCore::ResourceHandle::continueWillCacheResponse):
        (WebCore::ResourceHandle::shouldUseCredentialStorage): Deleted.
        * platform/network/mac/WebCoreResourceHandleAsDelegate.h: Removed.
        * platform/network/mac/WebCoreResourceHandleAsDelegate.mm: Removed.
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.h:
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:]):
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveAuthenticationChallenge:]):
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:canAuthenticateAgainstProtectionSpace:]):
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveData:lengthReceived:]):
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didSendBodyData:totalBytesWritten:totalBytesExpectedToWrite:]):
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didFailWithError:]):
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willCacheResponse:]):

2017-10-12  Chris Dumez  <cdumez@apple.com>

        [Mac] Add support for MouseEvent.buttons
        https://bugs.webkit.org/show_bug.cgi?id=178214

        Reviewed by Ryosuke Niwa.

        Add support for MouseEvent.buttons on Mac as per:
        - https://www.w3.org/TR/uievents/#ref-for-dom-mouseevent-buttons-1

        This is supported by Firefox and Chrome already.

        No new tests, rebaselined existing test.

        * dom/Element.cpp:
        (WebCore::Element::dispatchMouseEvent):
        * dom/MouseEvent.cpp:
        (WebCore::MouseEvent::create):
        (WebCore::MouseEvent::MouseEvent):
        * dom/MouseEvent.h:
        (WebCore::MouseEvent::buttons const):
        * dom/MouseEvent.idl:
        * dom/MouseEventInit.h:
        * dom/MouseEventInit.idl:
        * dom/SimulatedClick.cpp:
        * dom/WheelEvent.cpp:
        * page/EventHandler.cpp:
        (WebCore::EventHandler::dispatchDragEvent):
        * platform/PlatformMouseEvent.h:
        (WebCore::PlatformMouseEvent::buttons const):
        * platform/mac/PlatformEventFactoryMac.mm:
        (WebCore::currentlyPressedMouseButtons):
        (WebCore::PlatformMouseEventBuilder::PlatformMouseEventBuilder):

2017-10-12  David Kilzer  <ddkilzer@apple.com>

        [iOS] Fix -Wunused-lambda-capture warnings in WebCore/WebKit with new clang compiler
        <https://webkit.org/b/178226>

        Reviewed by Chris Fleizach.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper _accessibilityArticleAncestor]):
        - Remove unused lambda variable 'self'.

2017-10-12  Daniel Bates  <dabates@apple.com>

        Mark more InlineBox member functions as const
        https://bugs.webkit.org/show_bug.cgi?id=178217

        Reviewed by Andy Estes.

        * rendering/InlineBox.cpp:
        (WebCore::InlineBox::locationIncludingFlipping const): Mark as const. Also fix some style
        nits while I am here.
        (WebCore::InlineBox::flipForWritingMode const): Mark as const.
        (WebCore::InlineBox::locationIncludingFlipping): Deleted.
        (WebCore::InlineBox::flipForWritingMode): Deleted.
        * rendering/InlineBox.h:

2017-10-12  Daniel Bates  <dabates@apple.com>

        Teach InlineTextBox::clampOffset() about combined text and hyphenation
        https://bugs.webkit.org/show_bug.cgi?id=178032

        Reviewed by Zalan Bujtas.

        Treat combined text and the last character of a word halve plus hyphen as single units.

        With regards to combined text, ideally we would allow arbitrary selection inside combined
        text. Currently we do not support selection of combined text. To simplify the process of
        adding support for selecting combined text we treat combined text as a single unit. Once
        we are confident that we correctly implemented such support we can re-evaluate allowing
        arbitrary selection of combined text.

        With regards to treating the last character of a word halve plus hyphen as a single unit.
        This patch extends the targeted fix made for document markers in r223013 to all code that
        makes use of clamped offsets as a result the selection rect for inline boxes more accurately
        reflect the rectangle(s) that make up the painted selection. This is a step towards reconciling
        the difference between the computation of the rectangle that represents an arbitrary
        selection and the code that paints the active selection as part of <https://bugs.webkit.org/show_bug.cgi?id=138913>.

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::localSelectionRect const): Compute text run, including combined text
        or hyphens due to line wrapping now that specified start and end positions are clamped with
        respect to combined text and hyphens (computed earlier in this function). Only measure the
        text represented by the selection if the start position > 0 or the end position is not equal
        to the length of the run.
        (WebCore::InlineTextBox::paint): Remove unnecessary code to fix up the selection start and
        end positions based on the truncation offset as this is done by clampedOffset(), called by
        selectionStartEnd().
        (WebCore::InlineTextBox::clampedOffset const): Modified to adjust the clamped offset with
        respect to truncation as well as treat combined text or a trailing word halve plus hyphen
        as single units. Assert that we are not fully truncated because it does not make sense to
        be computing the clamped offset in such a situation since nothing should be painted.
        (WebCore::InlineTextBox::selectionStartEnd const): Modified to compute the end of an inside
        selection using clampedOffset() to account for truncation, combined text or a hyphen. We
        already are using clampedOffset() when computing the start and end position for all other
        selection states.
        (WebCore::InlineTextBox::paintSelection): Compute text run, including combined text
        or hyphens due to line wrapping now that specified start and end positions are clamped with
        respect to combined text and hyphens (computed earlier in this function). Remove unnecessary
        code to adjust selection end point with respect to truncation, combined text, or an added
        hyphen now that selectionStartEnd() takes care of this (via clampedOffset()).
        (WebCore::InlineTextBox::paintTextSubrangeBackground): Compute text run, including combined
        text or hyphens due to line wrapping now that specified start and end positions are clamped
        with respect to combined text and hyphens (computed earlier in this function).
        (WebCore::InlineTextBox::paintDocumentMarker): Compute text run, including combined text now
        that specified start and end positions are clamped with respect to combined text (computed earlier in this function).
        Also remove unnecessary code to adjust end offset of the marker with respect to truncation
        and length of the text run as clampedOffset() now does this for us.

2017-10-11  Simon Fraser  <simon.fraser@apple.com>

        Don't assert if mix-blend-mode is set to a non-separable blend mode on a composited layer
        https://bugs.webkit.org/show_bug.cgi?id=178196
        rdar://problem/34942337

        Reviewed by Dan Bates.

        Core Animation doesn't support non-separable blend modes (hue, saturation, color, luminosity)
        on layers, but don't assert if we try to use them.

        Test: compositing/filters/blend-mode-saturation.html

        * platform/graphics/ca/cocoa/PlatformCAFiltersCocoa.mm:
        (PlatformCAFilters::setBlendingFiltersOnLayer):

2017-10-12  John Wilander  <wilander@apple.com>

        ResourceLoadObserver::logFrameNavigation() should use redirectResponse.url()
        https://bugs.webkit.org/show_bug.cgi?id=175257
        <rdar://problem/33359866>

        Reviewed by Brent Fulgham.

        This patch was joint work between Michael Specter and John Wilander.

        Tests: http/tests/resourceLoadStatistics/non-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
               http/tests/resourceLoadStatistics/non-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
               http/tests/resourceLoadStatistics/non-sandboxed-nesting-iframe-with-non-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
               http/tests/resourceLoadStatistics/non-sandboxed-nesting-iframe-with-non-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
               http/tests/resourceLoadStatistics/non-sandboxed-nesting-iframe-with-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
               http/tests/resourceLoadStatistics/non-sandboxed-nesting-iframe-with-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
               http/tests/resourceLoadStatistics/sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
               http/tests/resourceLoadStatistics/sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
               http/tests/resourceLoadStatistics/sandboxed-nesting-iframe-with-non-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
               http/tests/resourceLoadStatistics/sandboxed-nesting-iframe-with-non-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
               http/tests/resourceLoadStatistics/sandboxed-nesting-iframe-with-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
               http/tests/resourceLoadStatistics/sandboxed-nesting-iframe-with-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::willSendRequest):
            Now sends redirectResponse.url() to WebCore::ResourceLoadObserver::logFrameNavigation().
        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::logFrameNavigation):
            Now receives the redirect response URL from WebCore::DocumentLoader().
        (WebCore::ResourceLoadObserver::nonNullOwnerURL const):
            New function to traverse the frame chain upward and find the first non-null URL.
        * loader/ResourceLoadObserver.h:

2017-10-12  Frederic Wang  <fwang@igalia.com>

        Use less specific cast in ScrollingTree::scrollPositionChangedViaDelegatedScrolling
        https://bugs.webkit.org/show_bug.cgi?id=178211

        Reviewed by Simon Fraser.

        No new tests, behavior is not changed.

        ScrollingTree::scrollPositionChangedViaDelegatedScrolling is a generic function that applies
        to scrolling nodes. Casting to more specific ScrollingTreeOverflowScrollingNodes is however
        not necessary to implement it. This patch moves to the least specific cast necessary so that
        this function will be usable for async scrolling of non-main frames in the future. Note that
        the function is currently only called from ScrollingTreeScrollingNodeDelegateIOS which in
        turn is only used by the ScrollingTreeScrollingOverflowNodeIOS class and so code behavior is
        not changed.

        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::scrollPositionChangedViaDelegatedScrolling): Only cast the node to
        ScrollingTreeScrollingNode.

2017-10-11  Sam Weinig  <sam@webkit.org>

        Remove out-parameter variants of copyToVector
        https://bugs.webkit.org/show_bug.cgi?id=178155

        Reviewed by Tim Horton.

        * Modules/geolocation/Geolocation.cpp:
        (WebCore::Geolocation::stopTimersForOneShots):
        (WebCore::Geolocation::cancelAllRequests):
        (WebCore::Geolocation::handleError):
        (WebCore::Geolocation::makeSuccessCallbacks):
        * Modules/indexeddb/IDBDatabase.cpp:
        (WebCore::IDBDatabase::transaction):
        * Modules/indexeddb/IDBGetAllResult.cpp:
        (WebCore::IDBGetAllResult::allBlobFilePaths const):
        * Modules/indexeddb/server/MemoryIndex.cpp:
        (WebCore::IDBServer::MemoryIndex::notifyCursorsOfValueChange):
        (WebCore::IDBServer::MemoryIndex::notifyCursorsOfAllRecordsChanged):
        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::dispatchInvalidationCallbacks):
        * dom/Document.cpp:
        (WebCore::Document::moveNodeIteratorsToNewDocument):
        (WebCore::Document::resume):
        (WebCore::Document::didAssociateFormControlsTimerFired):
        * dom/IdTargetObserverRegistry.cpp:
        (WebCore::IdTargetObserverRegistry::notifyObserversInternal):
        * dom/MutationObserver.cpp:
        (WebCore::MutationObserver::notifyMutationObservers):
        * dom/Node.cpp:
        (WebCore::Document::invalidateNodeListAndCollectionCaches):
        * dom/RadioButtonGroups.cpp:
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::dispatchMessagePortEvents):
        (WebCore::ScriptExecutionContext::stopActiveDOMObjects):
        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::checkIfLoadIsComplete):
        (WebCore::ApplicationCacheGroup::deliverDelayedMainResources):
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::forEachResource):
        (WebCore::MemoryCache::pruneDeadResourcesToSize):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::willDestroyCachedFrame):
        (WebCore::DOMWindow::willDestroyDocumentInFrame):
        (WebCore::DOMWindow::willDetachDocumentFromFrame):
        (WebCore::DOMWindow::disconnectDOMWindowProperties):
        (WebCore::DOMWindow::reconnectDOMWindowProperties):
        * page/FrameView.cpp:
        (WebCore::collectAndProtectWidgets):
        * page/MemoryRelease.cpp:
        (WebCore::releaseCriticalMemory):
        * page/Performance.cpp:
        (WebCore::Performance::queueEntry):
        * platform/cocoa/PasteboardCocoa.mm:
        (WebCore::Pasteboard::typesForLegacyUnsafeBindings):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontCache::systemFontFamilies):
        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const):
        * platform/ios/WebCoreMotionManager.mm:
        (-[WebCoreMotionManager sendAccelerometerData:]):
        (-[WebCoreMotionManager sendMotionData:withHeading:]):
        * platform/mac/PlatformPasteboardMac.mm:
        (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const):
        * platform/network/cocoa/WebCoreNSURLSession.mm:
        (-[WebCoreNSURLSession invalidateAndCancel]):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::endAndCommitUpdateScrollInfoAfterLayoutTransaction):
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::setLogicalWidthForTextRun):
        * rendering/RenderDeprecatedFlexibleBox.cpp:
        (WebCore::FlexBoxIterator::next):
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::paintObject):

            Replace out-parameter based copyToVector, with one that returns a Vector.

2017-10-12  Yusuke Suzuki  <utatane.tea@gmail.com>

        Support integrity="" on module scripts
        https://bugs.webkit.org/show_bug.cgi?id=177959

        Reviewed by Sam Weinig.

        This patch extends module hooks to accept fetching parameters.
        When starting fetching modules, WebCore creates ModuleFetchParameters.
        And this parameters is propagated to the fetch hook. Then, fetch
        hook can use this parameters to fetch modules.

        This parameters only contains `integrity` field. This "integrity" is
        used to perform subresource integrity check in module loader pipeline.
        And this error is just proparaged as errors in module pipeline, which
        is the same to the other types of errors in module pipeline.

        Test: http/tests/subresource-integrity/sri-module.html

        * ForwardingHeaders/runtime/JSScriptFetchParameters.h: Added.
        * ForwardingHeaders/runtime/ScriptFetchParameters.h: Added.
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/CachedModuleScriptLoader.cpp:
        (WebCore::CachedModuleScriptLoader::create):
        (WebCore::CachedModuleScriptLoader::CachedModuleScriptLoader):
        Take parameters, which includes "integrity".

        * bindings/js/CachedModuleScriptLoader.h:
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::moduleLoaderFetch):
        (WebCore::JSDOMWindowBase::moduleLoaderImportModule):
        import and fetch hooks take parameters.

        * bindings/js/JSDOMWindowBase.h:
        * bindings/js/JSMainThreadExecState.h:
        (WebCore::JSMainThreadExecState::loadModule):
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::loadModuleScriptInWorld):
        (WebCore::ScriptController::loadModuleScript):
        Pass parameters to the entry point of the module pipeline.

        * bindings/js/ScriptController.h:
        * bindings/js/ScriptModuleLoader.cpp:
        (WebCore::ScriptModuleLoader::fetch):
        If parameters are passed, we set them to CachedModuleScriptLoader.

        (WebCore::ScriptModuleLoader::importModule):
        Pass parameters to the entry point of dynamic import.

        (WebCore::ScriptModuleLoader::notifyFinished):
        If script loader has parameters, we perform subresource integrity check here.

        * bindings/js/ScriptModuleLoader.h:
        * dom/LoadableModuleScript.cpp:
        (WebCore::LoadableModuleScript::create):
        (WebCore::LoadableModuleScript::LoadableModuleScript):
        (WebCore::LoadableModuleScript::load):
        Create ModuleFetchParameters with "integrity" value.

        * dom/LoadableModuleScript.h:
        * dom/ModuleFetchParameters.h: Copied from Source/WebCore/bindings/js/CachedModuleScriptLoader.h.
        (WebCore::ModuleFetchParameters::create):
        (WebCore::ModuleFetchParameters::integrity const):
        (WebCore::ModuleFetchParameters::ModuleFetchParameters):
        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::requestModuleScript):
        Pass "integrity" value to the module script.

2017-10-12  Tomas Popela  <tpopela@redhat.com>

        Unreviewed, fix compilation warning

        warning: extra tokens at end of #endif directive [-Wendif-labels]

        * rendering/RenderMediaControls.h:

2017-10-11  Brent Fulgham  <bfulgham@apple.com>

        Correct nullptr deref in selection handling.
        https://bugs.webkit.org/show_bug.cgi?id=178189
        <rdar://problem/33833012>

        Reviewed by Ryosuke Niwa.

        The VisibleSelection::toNormalizedRange returns nullptr for certain conditions (e.g., 'isNone'
        and 'isOrphaned' cases). It's possible to crash the WebProcess by executing a code path with
        an orphaned selection range.

        The return value of 'toNormalizedRange' is checked for nullptr in many places, but not everywhere.
        This patch adds those missing nullptr checks.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper textMarkerRangeForSelection]):
        * editing/DeleteSelectionCommand.cpp:
        (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
        * editing/EditingStyle.cpp:
        (WebCore::EditingStyle::styleAtSelectionStart):
        * editing/Editor.cpp:
        (WebCore::Editor::misspelledWordAtCaretOrRange const):
        * page/DOMSelection.cpp:
        (WebCore::DOMSelection::containsNode const):
        * page/DragController.cpp:
        (WebCore::DragController::concludeEditDrag):

2017-10-11  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r223215.

        This change broke the Sierra build.

        Reverted changeset:

        "[Apple Pay] Add subLocality and subAdministrativeArea to
        ApplePayPaymentContact"
        https://bugs.webkit.org/show_bug.cgi?id=178191
        https://trac.webkit.org/changeset/223215

2017-10-11  Chris Dumez  <cdumez@apple.com>

        XMLHttpRequest: do not sniff text/html, and do not sniff XML when responseType is set to "text"
        https://bugs.webkit.org/show_bug.cgi?id=168724

        Reviewed by Ryosuke Niwa.

        WebKit enabled HTML / XML charset detection for HTML-ish / XML-ish
        responses even when response type is text, which does not match the
        specification.

        This patch is based on the following Blink patch by Yutaka Hirano <yhirano@chromium.org>:
        - https://chromium.googlesource.com/chromium/src.git/+/47e4fc53e6d68c0a788fcc26de598b9e3848033f

        Tests:
        imported/w3c/web-platform-tests/XMLHttpRequest/responsetext-decoding.htm
        imported/w3c/web-platform-tests/XMLHttpRequest/responsedocument-decoding.htm

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createDecoder const):
        (WebCore::XMLHttpRequest::didReceiveData):
        * xml/XMLHttpRequest.h:

2017-10-11  Andy Estes  <aestes@apple.com>

        [Apple Pay] Add subLocality and subAdministrativeArea to ApplePayPaymentContact
        https://bugs.webkit.org/show_bug.cgi?id=178191
        <rdar://problem/34906367>

        Reviewed by Tim Horton.

        Added test cases to http/tests/ssl/applepay/ApplePaySession.html.

        * Modules/applepay/ApplePayPaymentContact.h:
        * Modules/applepay/ApplePayPaymentContact.idl:
        * Modules/applepay/cocoa/PaymentContactCocoa.mm:
        (WebCore::convert):

2017-10-11  Youenn Fablet  <youenn@apple.com>

        Add API to clean CacheStorage data
        https://bugs.webkit.org/show_bug.cgi?id=178034

        Reviewed by Chris Dumez.

        Test: http/tests/cache-storage/cache-clearing.https.html

        * platform/FileSystem.h:

2017-10-11  David Kilzer  <ddkilzer@apple.com>

        Part 2: Fix -Wcast-qual and -Wunused-lambda-capture warnings in WebCore with new clang compiler
        <https://webkit.org/b/178036>
        <rdar://problem/33667497>

        Reviewed by Chris Dumez.

        * Modules/cache/WorkerCacheStorageConnection.cpp:
        (WebCore::WorkerCacheStorageConnection::doRemove):
        - Change ASSERT() to ASSERT_UNUSED() to suppress warnings about
          unused lambda capture for 'cacheIdentifier' in Release builds.
        * bridge/objc/objc_class.mm:
        (JSC::Bindings::ObjcClass::classForIsA): Change C-style cast
        into reinterpret_cast and const_cast to go from CFTypeRef to
        ObjcClass*.
        * crypto/mac/CryptoKeyRSAMac.cpp:
        (WebCore::castDataArgumentToCCRSACryptorCreateFromDataIfNeeded):
        Add.  Introduce method to add a required const_cast for older
        OSes since the signature of CCRSACryptorCreateFromData() changed
        in iOS 11 & High Sierra.
        (WebCore::CryptoKeyRSA::create): Use
        castDataArgumentToCCRSACryptorCreateFromDataIfNeeded().
        * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
        (WebCore::WebCoreDecompressionSession::handleDecompressionOutput):
        Remove unused lambda capture for 'status'.

2017-10-11  Chris Dumez  <cdumez@apple.com>

        [Geolocation] Expose Coordinates.floorLevel
        https://bugs.webkit.org/show_bug.cgi?id=178173
        <rdar://problem/34918936>

        Reviewed by Ryosuke Niwa.

        Expose Coordinates.floorLevel via the Geolocation API. This is currently
        a WebKit-specific extension and it is only populated on iOS / WKTR / DRT.
        It is null on other platforms.

        Test: fast/dom/Geolocation/floorLevel.html

        * Modules/geolocation/Coordinates.h:
        (WebCore::Coordinates::floorLevel const):
        * Modules/geolocation/Coordinates.idl:
        * Modules/geolocation/GeolocationPosition.h:
        (WebCore::GeolocationPosition::encode const):
        (WebCore::GeolocationPosition::decode):
        * Modules/geolocation/ios/GeolocationPositionIOS.mm:
        (WebCore::GeolocationPosition::GeolocationPosition):
        * page/Settings.in:

2017-10-11  Simon Fraser  <simon.fraser@apple.com>

        Avoid triggering layout from style change
        https://bugs.webkit.org/show_bug.cgi?id=178184
        rdar://problem/34699113

        Reviewed by Zalan Bujtas.

        It's bad for RenderBox::styleDidChange() to scroll RenderLayers, because that
        can trigger layout via FrameView::updateWidgetPositions() and ScrollingCoordinator::absoluteEventTrackingRegions().
        So postpone the scrolling until after layout.

        Test: fast/scrolling/adjust-scroll-offset-on-zoom.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::styleDidChange):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updateLayerPositions):
        (WebCore::RenderLayer::setPostLayoutScrollPosition):
        (WebCore::RenderLayer::applyPostLayoutScrollPositionIfNeeded):
        * rendering/RenderLayer.h:

2017-10-11  Youenn Fablet  <youenn@apple.com>

        Bump default cache storage quota to 20MB
        https://bugs.webkit.org/show_bug.cgi?id=178132

        Reviewed by Alex Christensen.

        Covered by http/wpt/cache-storage/cache-quota.any.html.

        * platform/network/NetworkStorageSession.h:
        (WebCore::NetworkStorageSession::cacheStoragePerOriginQuota const):
        (WebCore::NetworkStorageSession::setCacheStoragePerOriginQuota):

2017-10-11  Myles C. Maxfield  <mmaxfield@apple.com>

        Allow PAL to log messages
        https://bugs.webkit.org/show_bug.cgi?id=171523

        Reviewed by Alex Christensen.

        Make the model of WebCore/PAL match the model of WebKit/WebCore. This is because PAL will
        need to log things (because existing files in WebCore/platform need to log things).

        No new tests because there is no behavior change.

        * WebCore.xcodeproj/project.pbxproj:
        * page/mac/PageMac.mm:
        (WebCore::Page::platformInitialize):
        * platform/Logging.cpp:
        (WebCore::registerNotifyCallback): Deleted.
        * platform/Logging.h:
        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseForWithReason):

2017-10-11  Chris Dumez  <cdumez@apple.com>

        Unreviewed, fix build with some SDKs.

        Stop capturing |this| unnecessarily in lambda.

        * Modules/entriesapi/FileSystemDirectoryEntry.cpp:
        (WebCore::FileSystemDirectoryEntry::getEntry):

2017-10-11  Chris Dumez  <cdumez@apple.com>

        Unreviewed, fix build with some SDKs.

        Stop capturing |this| unnecessarily in lambda.

        * Modules/entriesapi/DOMFileSystem.cpp:
        (WebCore::DOMFileSystem::getFile):

2017-10-11  Daniel Bates  <dabates@apple.com>

        Extract logic to paint composition underlines to its own function
        https://bugs.webkit.org/show_bug.cgi?id=178038

        Reviewed by Zalan Bujtas.

        No functionality changed. So, no new tests.

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paint): Modified to call paintCompositionUnderlines().
        (WebCore::InlineTextBox::paintCompositionUnderlines const): Added; extract code
        from InlineTextBox::paint() and modernized it.
        (WebCore::InlineTextBox::paintCompositionUnderline const): Added.
        (WebCore::InlineTextBox::paintCompositionUnderline): Deleted; made const.
        * rendering/InlineTextBox.h:

2017-10-11  Daniel Bates  <dabates@apple.com>

        InlineTextBox::isSelected() should only return true for a non-empty selection
        and remove incorrect FIXME from InlineTextBox::localSelectionRect()
        https://bugs.webkit.org/show_bug.cgi?id=160786

        Reviewed by Zalan Bujtas.

        Partial revert of r204400 in InlineTextBox::{isSelected, localSelectionRect}().

        The function InlineTextBox::isSelected() should only return true for a non-empty selection.
        Also remove an incorrect FIXME added to InlineTextBox::localSelectionRect() that questioned
        whether it was correct for it to return an empty rectangle. It is correct for it to return
        such a rectangle because this function is used to implement Element.getClientRects(). And
        Element.getClientRects() can return a rectangle with zero width or zero height by step 3
        of algorithm getClientRects() of section Extensions to the Element interface of the
        CSSOM View Module spec., <https://drafts.csswg.org/cssom-view/> (Editor's Draft, 15 September 2017).

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::isSelected const): Only return true for a non-empty selection
        and remove unnecessary FIXME. Also rename variables to improve readability.
        (WebCore::InlineTextBox::localSelectionRect const): Remove inaccurate FIXME comment.
        * rendering/InlineTextBox.h:

2017-10-11  Ryosuke Niwa  <rniwa@webkit.org>

        Sanitize URL in pasteboard for other applications and cross origin content
        https://bugs.webkit.org/show_bug.cgi?id=178060
        <rdar://problem/34874518>

        Reviewed by Wenson Hsieh.

        This patch introduces the sanitization of URL when written from a web content to prevent web content from
        exploiting the URL parser of other applications in the system particularly of those that actively monitor
        system pasteboard (a.k.a. clipboard on non-Cocoa platforms) and decode or otherwise process URLs.

        Because the Web compatibility requires that DataTransfer exposes the original URL to any document in the
        same origin as the one which wrote the URL into the pasteboard, we store a string which uniquely identifies
        the origin of an originating document into our custom pasteboard data. Note that we expose any URL which
        didn't come from WebKit since we don't expect URLs to reveal privacy sensitive information. We use UUID for
        the origin identifier of a null origin document.

        An alternative approach is to store the pasteboard data from the same origin into the document and invalidate
        it when the system pasteboard changes. However, Pasteboard object cannot know about Document (as Pasteboard
        is a platform object and Document is a WebCore object), this turns out be quite tricky as there are multiple
        places where we create Pasteboard objects, and they all need to be aware of this special same origin
        Pasteboard object that hangs off of Document. Also, this approach would result in the same origin code paths
        to diverge between null origin and non-null origin documents.

        Tests: editing/pasteboard/data-transfer-get-data-on-copying-pasting-malformed-url-in-same-document.html
               editing/pasteboard/data-transfer-set-data-ignore-copied-walformed-url-in-null-origin.html
               editing/pasteboard/data-transfer-set-data-sanitlize-url-when-copying-in-null-origin.html
               editing/pasteboard/data-transfer-set-data-sanitlize-url-when-dragging-in-null-origin.html
               http/tests/security/clipboard/copy-paste-url-across-origin-sanitizes-url.html
               CopyURL.ValidURL
               CopyURL.UnescapedURL
               CopyURL.MalformedURL
               DataInteractionTests.DataTransferSetDataValidURL
               DataInteractionTests.DataTransferSetDataUnescapedURL
               DataInteractionTests.DataTransferSetDataInvalidURL

        * dom/DataTransfer.cpp:
        (WebCore::originForDocument): Extracted from createForCopyAndPaste.
        (WebCore::DataTransfer::createForCopyAndPaste):
        (WebCore::DataTransfer::getDataForItem const): Read the URL from the custom data when the originating content
        is of the same origin. When the originating content is cross origin, or there is no custom data (e.g. written
        by another native application; or sanitization didn't result in any difference), then callback to native value.
        (WebCore::DataTransfer::setDataFromItemList): Sanitize the URL before writing it to the native pasteboard.
        Store the original value if the sanitization resulted in any difference.
        (WebCore::DataTransfer::types const):
        (WebCore::DataTransfer::commitToPasteboard): Moved the code to write custom data to Pasteboard since we need
        to write the origin string with it.
        (WebCore::DataTransfer::createForDragStartEvent): Added Document as an argument to compute the origin string.
        (WebCore::DataTransfer::createForDrop): Ditto.
        (WebCore::DataTransfer::createForUpdatingDropTarget):
        (WebCore::DataTransfer::moveDragState):
        * dom/DataTransfer.h:
        * dom/Document.cpp:
        (WebCore::Document::uniqueIdentifier): Added. See above.
        * dom/Document.h:
        * editing/Editor.cpp:
        (WebCore::createDataTransferForClipboardEvent):
        (WebCore::dispatchClipboardEvent):
        * page/DragController.cpp:
        (WebCore::DragController::dispatchTextInputEventFor):
        * page/EventHandler.cpp:
        (WebCore::EventHandler::performDragAndDrop):
        (WebCore::EventHandler::handleDrag):
        * platform/Pasteboard.h:
        * platform/PasteboardStrategy.h:
        * platform/PlatformPasteboard.h:
        * platform/StaticPasteboard.cpp:
        (WebCore::StaticPasteboard::takeCustomData): Moved the logic to write to native pasteboard to DataTransfer.
        * platform/StaticPasteboard.h:
        * platform/cocoa/PasteboardCocoa.mm:
        (WebCore::Pasteboard::typesSafeForBindings):
        (WebCore::Pasteboard::readStringInCustomData): Rewritten using readCustomData. See below.
        (WebCore::Pasteboard::readOrigin): Added.
        (WebCore::Pasteboard::readCustomData): Added. Populates the cache. Because a single Pasteboard object is never
        allowed to read values once its content is updated by other applications, we can permanently cache the result.
        * platform/gtk/PasteboardGtk.cpp:
        (WebCore::Pasteboard::typesSafeForBindings): Now takes the unused origin string.
        (WebCore::Pasteboard::readOrigin): Added.
        * platform/gtk/PlatformPasteboardGtk.cpp:
        (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const): Now takes the unused origin string.
        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::originKeyKeyForTeamData): Added.
        (WebCore::customTypesKeyForTeamData): Added. Replaces the use of PasteboardCustomData::cocoaType() in the team
        data for clarity since the team data key isn't same as the pasteboard type. We don't have to worry about the
        backwards compatibility since drag & drop session doesn't persist across iOS upgrades, and there is no publicly
        released iOS with this team data support.
        (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const): Read the origin string and the custom data
        off the team data. Don't expose custom types that are written by cross origin documents.
        (WebCore::PlatformPasteboard::write): Add the orign string with custom pasteboard types in the team data.
        (WebCore::PlatformPasteboard::readURL): Fixed a bug that this function was not reading NSURL when UIPasteboard
        serializes NSURL as a plist. This code is exercised by CopyURL.ValidURL.
        * platform/mac/PlatformPasteboardMac.mm:
        (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const): Don't add custom pasteboard types that are
        added by cross origin documents.
        * platform/win/PasteboardWin.cpp:
        (WebCore::Pasteboard::typesSafeForBindings): Now takes the unused origin string.
        (WebCore::Pasteboard::readOrigin): Added.
        * platform/wpe/PasteboardWPE.cpp:
        (WebCore::Pasteboard::typesSafeForBindings): Now takes the unused origin string.
        (WebCore::Pasteboard::readOrigin): Added.
        * platform/wpe/PlatformPasteboardWPE.cpp:
        (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const): Now takes the unused origin string.

2017-10-11  Antti Koivisto  <antti@apple.com>

        Remove some obsolete layout assertions
        https://bugs.webkit.org/show_bug.cgi?id=178170

        Reviewed by Zalan Bujtas.

        We have strong assertions against render tree mutation functions being called in layout. These are unnecessary.

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::moveChildTo):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::takeChildInternal):
        * rendering/RenderElement.h:
        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::layout):
        * rendering/RenderListItem.h:

2017-10-11  Andy Estes  <aestes@apple.com>

        [Payment Request] Implement Apple Pay merchant validation
        https://bugs.webkit.org/show_bug.cgi?id=178159

        Reviewed by Brady Eidson.

        When ApplePayPaymentHandler::validateMerchant() is called, dispatch the
        applepayvalidatemerchant event to the PaymentRequest object.

        The event object is an ApplePayMerchantValidationEvent, on which the client calls complete()
        with a merchant session.

        Test: http/tests/ssl/applepay/ApplePayMerchantValidationEvent.https.html

        * DerivedSources.make:
        * Modules/applepay/ApplePayValidateMerchantEvent.h:
        * Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.cpp: Added.
        (WebCore::ApplePayMerchantValidationEvent::create):
        (WebCore::ApplePayMerchantValidationEvent::ApplePayMerchantValidationEvent):
        (WebCore::ApplePayMerchantValidationEvent::complete):
        (WebCore::ApplePayMerchantValidationEvent::eventInterface const):
        * Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.h: Added.
        * Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.idl: Added.
        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
        (WebCore::ApplePayPaymentHandler::validateMerchant):
        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h:
        * Modules/paymentrequest/PaymentRequest.idl:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/EventNames.h:
        * dom/EventNames.in:
        * testing/Internals.cpp:
        (WebCore::Internals::Internals):
        * testing/MockPaymentCoordinator.cpp:
        (WebCore::MockPaymentCoordinator::MockPaymentCoordinator):
        (WebCore::MockPaymentCoordinator::showPaymentUI):
        * testing/MockPaymentCoordinator.h:

2017-10-11  Chris Dumez  <cdumez@apple.com>

        Modernize Geolocation code
        https://bugs.webkit.org/show_bug.cgi?id=178148

        Reviewed by Ryosuke Niwa.

        Modernize Geolocation code:
        - Use std::optional<> instead of separate boolean members
        - Make GeolocationPosition a simple struct that can be passed via IPC
        - Replace WebGeolocationPosition::Data with GeolocationPosition
        - Move logic to construct a GeolocationPosition from a CLLocation on iOS
          in one place to avoid code duplication.

        * Modules/geolocation/Coordinates.cpp:
        (WebCore::Coordinates::Coordinates):
        * Modules/geolocation/Coordinates.h:
        (WebCore::Coordinates::create):
        (WebCore::Coordinates::isolatedCopy const):
        (WebCore::Coordinates::latitude const):
        (WebCore::Coordinates::longitude const):
        (WebCore::Coordinates::altitude const):
        (WebCore::Coordinates::accuracy const):
        (WebCore::Coordinates::altitudeAccuracy const):
        (WebCore::Coordinates::heading const):
        (WebCore::Coordinates::speed const):
        * Modules/geolocation/Geolocation.cpp:
        (WebCore::createGeoposition):
        (WebCore::Geolocation::lastPosition):
        * Modules/geolocation/GeolocationClient.h:
        * Modules/geolocation/GeolocationController.cpp:
        (WebCore::GeolocationController::positionChanged):
        (WebCore::GeolocationController::lastPosition):
        * Modules/geolocation/GeolocationController.h:
        * Modules/geolocation/GeolocationPosition.h:
        (WebCore::GeolocationPosition::GeolocationPosition):
        The default constructor is only needed by our IPC decoding code.

        (WebCore::GeolocationPosition::encode const):
        (WebCore::GeolocationPosition::decode):
        * Modules/geolocation/ios/GeolocationPositionIOS.mm: Copied from Source/WebCore/Modules/geolocation/Coordinates.cpp.
        (WebCore::GeolocationPosition::GeolocationPosition):
        * WebCore.xcodeproj/project.pbxproj:
        * platform/mock/GeolocationClientMock.cpp:
        (WebCore::GeolocationClientMock::lastPosition):
        (WebCore::GeolocationClientMock::controllerTimerFired):
        * platform/mock/GeolocationClientMock.h:

2017-10-11  Brady Eidson  <beidson@apple.com>

        Add a SW context process (where SW scripts will actually execute).
        https://bugs.webkit.org/show_bug.cgi?id=178156
        
        Reviewed by Andy Estes.

        No new tests (Covered by changes to existing tests).

        This patch adds an auxiliary "ServiceWorker context" WebProcess to a WebProcessPool.

        This process is where ServiceWorker scripts will execute, separate from the client WebProcess
        hosting the page(s) they are serving.

        This patch also adds all of the plumbing to pass along a fetched service worker script to this
        context WebProcess, as well as message back failure to actually start the script so we can test.

        Touches lots of code sites but is basically just a lot of plumbing.

        * WebCore.xcodeproj/project.pbxproj:

        * workers/service/ServiceWorkerContextData.h: Copied from Source/WebCore/workers/service/server/SWServerWorker.h.
        (WebCore::ServiceWorkerContextData::encode const):
        (WebCore::ServiceWorkerContextData::decode):

        * workers/service/server/SWServer.cpp:
        (WebCore::SWServer::Connection::finishFetchingScriptInServer):
        (WebCore::SWServer::Connection::scriptContextFailedToStart):
        (WebCore::SWServer::scriptFetchFinished):
        (WebCore::SWServer::scriptContextFailedToStart):
        (WebCore::SWServer::createWorker):
        * workers/service/server/SWServer.h:

        * workers/service/server/SWServerRegistration.cpp:
        (WebCore::SWServerRegistration::scriptFetchFinished):
        (WebCore::SWServerRegistration::scriptContextFailedToStart):
        * workers/service/server/SWServerRegistration.h:

        * workers/service/server/SWServerWorker.cpp:
        (WebCore::SWServerWorker::SWServerWorker):
        (WebCore::SWServerWorker::~SWServerWorker):
        * workers/service/server/SWServerWorker.h:
        (WebCore::SWServerWorker::create):
        (WebCore::SWServerWorker::scriptURL const):
        (WebCore::SWServerWorker::script const):
        (WebCore::SWServerWorker::type const):
        (WebCore::SWServerWorker::workerID const):

2017-10-11  Joanmarie Diggs  <jdiggs@igalia.com>

        [ATK] Expose value of aria-keyshortcuts as object attribute
        https://bugs.webkit.org/show_bug.cgi?id=171175

        Reviewed by Chris Fleizach.

        Expose the author-provided string through the "keyshortcuts" object attribute.

        Test: accessibility/gtk/aria-keyshortcuts.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::ariaKeyShortcutsValue const):
        * accessibility/AccessibilityObject.h:
        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (webkitAccessibleGetAttributes):
        * html/HTMLAttributeNames.in:

2017-10-11  Yusuke Suzuki  <utatane.tea@gmail.com>

        [JSC] Drop Instantiate hook in ES6 module loader
        https://bugs.webkit.org/show_bug.cgi?id=178162

        Reviewed by Sam Weinig.

        Drop instantiate hooks.
        No behavior change.

        * bindings/js/JSDOMWindowBase.cpp:
        * bindings/js/JSWorkerGlobalScopeBase.cpp:

2017-10-11  Alicia Boya García  <aboya@igalia.com>

        [MSE][GStreamer] Add dump of append pipeline
        https://bugs.webkit.org/show_bug.cgi?id=178074

        Reviewed by Xabier Rodriguez-Calvar.

        Enable dump of AppendPipeline.

        * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
        (WebCore::appendPipelineStateChangeMessageCallback):
        (WebCore::AppendPipeline::AppendPipeline):
        (WebCore::AppendPipeline::handleStateChangeMessage):
        * platform/graphics/gstreamer/mse/AppendPipeline.h:

2017-09-27  Frederic Wang  <fwang@igalia.com>

        [iOS] Do not flatten frames when async frame scrolling is enabled
        https://bugs.webkit.org/show_bug.cgi?id=173704

        Reviewed by Simon Fraser.

        This patch disables frame flattening when async frame scrolling is enabled on iOS, as
        otherwise you can not scroll them. Once iframe scrolling is implemented in iOS (bug 149264),
        developers and beta testers will be able to check it by enabling "Async Frame Scrolling"
        in the "Experimental WebKit Features" menu of Safari iOS.

        Test: platform/ios/fast/frames/flattening/iframe-flattening-with-async-frame-scrolling.html

        * page/FrameView.cpp:
        (WebCore::FrameView::frameFlatteningEnabled): Use effectiveFrameFlattening()
        * page/Settings.cpp:
        (WebCore::Settings::effectiveFrameFlattening): New function to return frameFlattening() or do
        some exceptions on iOS.
        * page/Settings.h: Declare effectiveFrameFlattening.
        * rendering/RenderFrameSet.cpp:
        (WebCore::RenderFrameSet::flattenFrameSet): Use effectiveFrameFlattening()
        * rendering/RenderIFrame.cpp:
        (WebCore::RenderIFrame::flattenFrame): Ditto.
        * rendering/RenderView.cpp:
        (WebCore::FrameFlatteningLayoutDisallower::FrameFlatteningLayoutDisallower): Ditto.

2017-10-10  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GStreamer] Fix double seek requested by downloadbuffer GStreamer element in webkibwebsrc
        https://bugs.webkit.org/show_bug.cgi?id=178079

        Reviewed by Žan Doberšek.

        When the downloadbuffer GStreamer element requests two seeks too
        close to each other there's some rare race condition where our
        source answers that it is not seekable and ends up with
        downloadbuffer element to seek beyond the file size, which causes
        the server to issue a 416 HTTP error code eventually, causing our
        MediaPlayer to stop.

        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcStop): We only unset he seekable attribute if we are
        not seeking.

2017-10-10  Ryosuke Niwa  <rniwa@webkit.org>

        Enable custom pasteboard data in DumpRenderTree and WebKitTestRunner
        https://bugs.webkit.org/show_bug.cgi?id=178154

        Reviewed by Wenson Hsieh.

        Extracted the logic to compute the default enabled-ness of custom pasteboard data as
        Settings::defaultCustomPasteboardDataEnabled() to be called by WebKit1 and WebKit2 layers.

        * page/Settings.cpp:
        (WebCore::Settings::defaultCustomPasteboardDataEnabled): Extracted from customPasteboardDataEnabled.
        (WebCore::Settings::customPasteboardDataEnabled): Deleted. Now inlined in the header file.
        * page/Settings.h:
        (WebCore::Settings::customPasteboardDataEnabled):
        * platform/cocoa/PasteboardCocoa.mm:
        (WebCore::Pasteboard::read): Fixed a bug that we were adding MIME type to the map before checking that
        we could actually read the buffer. We shouldn't skip a type (NSTIFFPboardType and kUTTypeTIFF for now)
        if an equivalent type had failed to read.

2017-10-10  Andy Estes  <aestes@apple.com>

        [Payment Request] Validate that all PaymentCurrencyAmounts use the same currency code when using Apple Pay
        https://bugs.webkit.org/show_bug.cgi?id=178150

        Reviewed by Tim Horton.

        Apple Pay requires a single currency code, but the Payment Request API allows the client to
        specify a currency code for each PaymentCurrencyAmount.

        Instead of having a required currencyCode property on ApplePayRequest and ignoring the
        currency property on PaymentCurrencyAmount, validate that all PaymentCurrencyAmounts use the
        same currency code and use that as ApplePaySessionPaymentRequest's currencyCode.

        Added test cases to http/tests/ssl/applepay/PaymentRequest.https.html.

        * Modules/applepay/ApplePayPaymentRequest.h:
        * Modules/applepay/ApplePayPaymentRequest.idl:
        * Modules/applepay/ApplePayRequestBase.cpp:
        (WebCore::convertAndValidate):
        * Modules/applepay/ApplePayRequestBase.h:
        * Modules/applepay/ApplePayRequestBase.idl:
        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::convertAndValidate):
        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
        (WebCore::validate):
        (WebCore::convertAndValidate):
        (WebCore::ApplePayPaymentHandler::show):
        * Modules/applepay/paymentrequest/ApplePayRequest.idl:

2017-10-10  Andy Estes  <aestes@apple.com>

        [Payment Request] Implement PaymentRequest.canMakePayment()
        https://bugs.webkit.org/show_bug.cgi?id=178048

        Reviewed by Youenn Fablet.

        Test: http/tests/paymentrequest/payment-request-canmakepayment-method.https.html

        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
        (WebCore::ApplePayPaymentHandler::convertData): Moved
        ApplePayRequest-to-ApplePaySessionPaymentRequest conversion from here to show().
        (WebCore::ApplePayPaymentHandler::show): Returned an exception if
        ApplePaySessionPaymentRequest conversion fails.
        (WebCore::shouldDiscloseApplePayCapability): Checked if we are in an ephimeral session or if
        Settings::applePayCapabilityDisclosureAllowed() is false.
        (WebCore::ApplePayPaymentHandler::canMakePayment): Called
        PaymentCoordinator::canMakePayments() or PaymentCoordinator::canMakePaymentsWithActiveCard()
        depending on shouldDiscloseApplePayCapability().
        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h:
        * Modules/applepay/paymentrequest/ApplePayRequest.h:
        * Modules/applepay/paymentrequest/ApplePayRequest.idl: Defined merchantIdentifier.
        * Modules/paymentrequest/PaymentHandler.h:
        * Modules/paymentrequest/PaymentRequest.cpp:
        (WebCore::parse): Moved JSON-parsing to here from show().
        (WebCore::PaymentRequest::show): Returned the exception from PaymentHandler::show().
        (WebCore::PaymentRequest::canMakePayment): For each payment method, try to create a
        PaymentHandler.
        For the first valid PaymentHandler, call canMakePayment() and pass a lambda that resolves
        the promise.
        * Modules/paymentrequest/PaymentRequest.h:
        * Modules/paymentrequest/PaymentRequest.idl: Added CallWith=Document annotations to show()
        and canMakePayment().

2017-10-10  Chris Dumez  <cdumez@apple.com>

        Unreviewed, really fix the build with certain SDKs.

        Follow-up to r223154, which fixed the wrong lambda.

        * Modules/entriesapi/DOMFileSystem.cpp:
        (WebCore::DOMFileSystem::getEntry):
        (WebCore::DOMFileSystem::getFile):

2017-10-10  Chris Dumez  <cdumez@apple.com>

        Unreviewed, fix build with certain SDKs.

        Stop capturing |this| unnecessarily in lambda.

        * Modules/entriesapi/DOMFileSystem.cpp:
        (WebCore::DOMFileSystem::getEntry):

2017-10-10  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r223148.

        This caused build failures.

        Reverted changeset:

        "Fix MSVC build with ENCRYPTED_MEDIA enabled"
        https://bugs.webkit.org/show_bug.cgi?id=177803
        http://trac.webkit.org/changeset/223148

2017-10-10  Zalan Bujtas  <zalan@apple.com>

        AccessibilityRenderObject should not hold a raw pointer to RenderObject
        https://bugs.webkit.org/show_bug.cgi?id=178144
        <rdar://problem/34919287>

        Reviewed by Chris Fleizach.

        m_renderer's lifetime is not directly tied to the AX wrapper object's lifetime.

        Covered by existing tests.

        * accessibility/AccessibilityListBox.cpp:
        (WebCore::AccessibilityListBox::elementAccessibilityHitTest const):
        * accessibility/AccessibilityMathMLElement.cpp:
        (WebCore::AccessibilityMathMLElement::isMathFenceOperator const):
        (WebCore::AccessibilityMathMLElement::isMathSeparatorOperator const):
        (WebCore::AccessibilityMathMLElement::mathLineThickness const):
        * accessibility/AccessibilityMenuList.cpp:
        (WebCore::AccessibilityMenuList::press):
        (WebCore::AccessibilityMenuList::isCollapsed const):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::AccessibilityRenderObject):
        (WebCore::AccessibilityRenderObject::renderBoxModelObject const):
        (WebCore::AccessibilityRenderObject::setRenderer):
        (WebCore::AccessibilityRenderObject::previousSibling const):
        (WebCore::AccessibilityRenderObject::anchorElement const):
        (WebCore::AccessibilityRenderObject::helpText const):
        (WebCore::AccessibilityRenderObject::boundingBoxRect const):
        (WebCore::AccessibilityRenderObject::supportsPath const):
        (WebCore::AccessibilityRenderObject::elementPath const):
        (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored const):
        (WebCore::AccessibilityRenderObject::index const):
        (WebCore::AccessibilityRenderObject::handleActiveDescendantChanged):
        (WebCore::AccessibilityRenderObject::observableObject const):
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
        (WebCore::AccessibilityRenderObject::textChanged):
        (WebCore::AccessibilityRenderObject::remoteSVGRootElement const):
        (WebCore::AccessibilityRenderObject::roleValueForMSAA const):
        (WebCore::AccessibilityRenderObject::getScrollableAreaIfScrollable const):
        (WebCore::AccessibilityRenderObject::scrollTo const):
        * accessibility/AccessibilityRenderObject.h:
        (WebCore::AccessibilityRenderObject::setRenderObject):
        * accessibility/AccessibilitySlider.cpp:
        (WebCore::AccessibilitySlider::elementAccessibilityHitTest const):
        * accessibility/AccessibilityTable.cpp:
        (WebCore::AccessibilityTable::addChildren):
        * accessibility/AccessibilityTableCell.cpp:
        (WebCore::AccessibilityTableCell::computeAccessibilityIsIgnored const):
        (WebCore::AccessibilityTableCell::parentTable const):
        (WebCore::AccessibilityTableCell::rowIndexRange const):
        (WebCore::AccessibilityTableCell::columnIndexRange const):
        (WebCore::AccessibilityTableCell::titleUIElement const):

2017-10-10  Sam Weinig  <sam@webkit.org>

        Replace copyKeysToVector/copyValuesToVector with copyToVector(map.keys())/copyToVector(map.values())
        https://bugs.webkit.org/show_bug.cgi?id=178102

        Reviewed by Tim Horton.

        * Modules/geolocation/Geolocation.cpp:
        (WebCore::Geolocation::Watchers::getNotifiersVector const):
        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::connectionClosedFromServer):
        * Modules/indexeddb/client/IDBConnectionProxy.cpp:
        (WebCore::IDBClient::IDBConnectionProxy::connectionToServerLost):
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::immediateCloseForUserDelete):
        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::getTracks const):
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::windowProxies):
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::CSSComputedStyleDeclaration::item const):
        * dom/Document.cpp:
        (WebCore::Document::prepareForDestruction):
        * dom/DocumentMarkerController.cpp:
        (WebCore::DocumentMarkerController::removeMarkers):
        * inspector/InspectorWorkerAgent.cpp:
        (WebCore::InspectorWorkerAgent::disconnectFromAllWorkerInspectorProxies):
        * inspector/NetworkResourcesData.cpp:
        * loader/DocumentLoader.cpp:
        (WebCore::cancelAll):
        (WebCore::setAllDefersLoading):
        (WebCore::areAllLoadersPageCacheAcceptable):
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::forEachSessionResource):
        * loader/mac/DocumentLoaderMac.cpp:
        (WebCore::scheduleAll):
        (WebCore::unscheduleAll):
        * page/ResourceUsageThread.cpp:
        (WebCore::ResourceUsageThread::notifyObservers):
        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::tracks const):

            Replace copyKeysToVector / copyValuesToVector with copyToVector(map.keys()) / copyToVector(map.values())

2017-10-10  Yoshiaki Jitsukawa  <Yoshiaki.Jitsukawa@sony.com>

        Fix MSVC build with ENCRYPTED_MEDIA enabled
        https://bugs.webkit.org/show_bug.cgi?id=177803

        Reviewed by Alex Christensen.

        As a workaround for MSVC, a weak pointer of "this" is captured
        at the outermost lambda expression.

        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::generateRequest):
        (WebCore::MediaKeySession::load):
        (WebCore::MediaKeySession::update):
        (WebCore::MediaKeySession::close):
        (WebCore::MediaKeySession::remove):
        * platform/encryptedmedia/clearkey/CDMClearKey.cpp:
        (WebCore::CDMInstanceClearKey::updateLicense):
        (WebCore::CDMInstanceClearKey::loadSession):
        (WebCore::CDMInstanceClearKey::removeSessionData):

2017-10-10  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [ATK] ARIA form role should be mapped to ATK_ROLE_LANDMARK; not ATK_ROLE_FORM
        https://bugs.webkit.org/show_bug.cgi?id=178137

        Reviewed by Chris Fleizach.

        Expose the ARIA form role as ATK_ROLE_LANDMARK; continue to expose the HTML form
        element as ATK_ROLE_FORM.

        No new tests needed due to existing coverage. Update expectations for roles-exposed.html.

        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (atkRole):

2017-10-10  Matt Rajca  <mrajca@apple.com>

        Respect audio rate change restrictions in HTMLMediaElement::setVolume.
        https://bugs.webkit.org/show_bug.cgi?id=178140

        Reviewed by Eric Carlson.

        Tests: media/audio-playback-volume-changes-with-restrictions-and-user-gestures.html
               media/audio-playback-volume-changes-with-restrictions.html

        It's currently possible for a website to start auto-playing media with a zero volume and then
        programmatically set the volume to a non-zero value without a user gesture. This code path didn't
        have to be considered previously because volume changes are not supported on iOS.

        We currently pause media when an audio track comes in after an element has already started playing silently
        in mediaPlayerDidAddAudioTrack. This patch does the same when a non-zero volume is set after a media
        element already began playing silently and there is an audio rate change restriction.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::setVolume):

2017-10-10  Ryosuke Niwa  <rniwa@webkit.org>

        Loading should be disabled while constructing the fragment in WebContentReader::readWebArchive
        https://bugs.webkit.org/show_bug.cgi?id=178118

        Reviewed by Antti Koivisto.

        Disable image loading while constructing the document fragment in WebContentReader::readWebArchive
        as we do in createFragmentAndAddResources for RTF/RTFD. This refactoring is needed to start using
        blob URL in the pasted document fragment for webkit.org/b/124391.

        Also modified WebContentReader::readWebArchive to take a reference to SharedBuffer instead of a pointer.

        No new tests since existing tests have been updated to cover this behavior change.

        * editing/WebContentReader.h:
        * editing/cocoa/WebContentReaderCocoa.mm:
        (WebCore::WebContentReader::readWebArchive): Use DeferredLoadingScope to disable the loader and images
        while constructing the document fragment.
        * platform/Pasteboard.h:
        * platform/ios/PasteboardIOS.mm:
        (WebCore::readPasteboardWebContentDataForType):
        * platform/mac/PasteboardMac.mm:
        (WebCore::Pasteboard::read):

2017-10-10  Antti Koivisto  <antti@apple.com>

        Layers should be destroyed by RenderLayerModelObject
        https://bugs.webkit.org/show_bug.cgi?id=178139

        Reviewed by Simon Fraser.

        Clean up some FIXMEs.

        * rendering/RenderLayerModelObject.cpp:
        (WebCore::RenderLayerModelObject::willBeDestroyed):
        (WebCore::RenderLayerModelObject::destroyLayer):
        * rendering/RenderLayerModelObject.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::willBeDestroyed):

2017-10-10  Chris Dumez  <cdumez@apple.com>

        Entries API should recognize path starting with 2 slashes as valid absolute path
        https://bugs.webkit.org/show_bug.cgi?id=178135

        Reviewed by Ryosuke Niwa.

        Entries API should recognize paths starting with 2 slashes as valid absolute paths to match Chrome's behavior.
        See https://github.com/WICG/entries-api/commit/990454758005a6039655835503d551015e346d9d

        This was causing us to fail some manual web-platform-tests.

        No new tests, updated existing tests.

        * Modules/entriesapi/DOMFileSystem.cpp:
        (WebCore::isValidPathSegment):
        (WebCore::isZeroOrMorePathSegmentsSeparatedBySlashes):
        (WebCore::isValidRelativeVirtualPath):
        (WebCore::isValidVirtualPath):

2017-10-10  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r223110.

        This caused consistent failures and timeouts on multiple
        platforms.

        Reverted changeset:

        "Delete button doesn't fully delete certain emoji"
        https://bugs.webkit.org/show_bug.cgi?id=178096
        http://trac.webkit.org/changeset/223110

2017-10-10  Antti Koivisto  <antti@apple.com>

        RenderObject::destroy() should only be invoked after renderer has been removed from the tree
        https://bugs.webkit.org/show_bug.cgi?id=178075

        Reviewed by Zalan Bujtas.

        This patch fixes the remaining cases where the renderer is still in the tree while destroy()
        is called and adds the assert.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::removeLeftoverAnonymousBlock):
        (WebCore::RenderBlock::takeChild):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::willBeDestroyed):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::~RenderLayer):

            Null the parent pointers for m_scrollCorner/m_resizer.

        (WebCore::RenderLayer::calculateClipRects const):
        * rendering/RenderLayer.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::willBeDestroyed):
        (WebCore::RenderObject::removeFromParentAndDestroyCleaningUpAnonymousWrappers):
        (WebCore::RenderObject::destroy):

            Use RELEASE_ASSERT as these are cheap and important checks.
            Also turn isBeingDestroyed test into RELEASE_ASSERT.
            Remove AX call that no longer does anything.

        (WebCore::RenderObject::destroyAndCleanupAnonymousWrappers): Deleted.
        * rendering/RenderObject.h:
        * rendering/RenderRubyBase.cpp:
        (WebCore::RenderRubyBase::moveBlockChildren):
        * rendering/RenderTableRow.cpp:
        (WebCore::RenderTableRow::collapseAndDestroyAnonymousSiblingRows):
        (WebCore::RenderTableRow::destroyAndCollapseAnonymousSiblingRows): Deleted.

            Renamed and made this no longer destroy itself. The caller now takes care of that.
            Removed an unnecessary lambda.

        * rendering/RenderTableRow.h:
        * style/RenderTreeUpdater.cpp:
        (WebCore::RenderTreeUpdater::tearDownRenderers):
        (WebCore::RenderTreeUpdater::tearDownRenderer):
        * style/RenderTreeUpdaterListItem.cpp:
        (WebCore::RenderTreeUpdater::ListItem::updateMarker):

2017-10-09  Antti Koivisto  <antti@apple.com>

        Add isContinuation bit
        https://bugs.webkit.org/show_bug.cgi?id=178084

        Reviewed by Zalan Bujtas.

        Currently continuations are identified indirectly by comparing renderer pointer with the element renderer pointer.
        This is bug prone and fails to cover anonymous continuations.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::firstChildConsideringContinuation):
        (WebCore::startOfContinuations):
        (WebCore::firstChildIsInlineContinuation):
        (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored const):

            Ignore first-letter fragment. This worked before because first-letter renderers
            were mistakenly considered inline element continuations (see below).

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::setContinuation):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::RenderElement):
        * rendering/RenderElement.h:
        (WebCore::RenderElement::hasContinuation const):
        (WebCore::RenderElement::isContinuation const):
        (WebCore::RenderElement::setIsContinuation):

            The new bit.

        (WebCore::RenderElement::isElementContinuation const):
        (WebCore::RenderElement::isInlineElementContinuation const):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::addChildIgnoringContinuation):
        (WebCore::RenderInline::cloneAsContinuation const):
        (WebCore::RenderInline::splitInlines):
        (WebCore::RenderInline::childBecameNonInline):
        (WebCore::RenderInline::clone const): Deleted.
        * rendering/RenderInline.h:
        * rendering/RenderObject.h:
        (WebCore::RenderObject::isAnonymousBlock const):
        (WebCore::RenderObject::isElementContinuation const): Deleted.

            The old continuation test was 'node() && node()->renderer() != this'
            This was fragile as nulling the renderer will make it fail.
            It was also wrong for first-letter renderers (isElementContinuation was true for them).

        (WebCore::RenderObject::isInlineElementContinuation const): Deleted.

            Move to RenderElement.

        (WebCore::RenderObject::isBlockElementContinuation const): Deleted.

2017-10-10  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [ATK] STATE_CHECKABLE should be removed from radio buttons in radiogroups with aria-readonly="true"
        https://bugs.webkit.org/show_bug.cgi?id=177931

        Reviewed by Chris Fleizach.

        Add a check in canSetValueAttribute() for readonly radiogroup ancestors of
        radio buttons.

        Test: accessibility/gtk/aria-readonly-radiogroup.html

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::canSetValueAttribute const):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::radioGroupAncestor const):
        * accessibility/AccessibilityObject.h:

2017-10-09  Chris Dumez  <cdumez@apple.com>

        Calling fileSystemDirectoryEntry.getDirectory() with empty path should not fail
        https://bugs.webkit.org/show_bug.cgi?id=178114

        Reviewed by Ryosuke Niwa.

        Calling fileSystemDirectoryEntry.getDirectory() with empty/null/undefined path should not fail as per:
        - https://wicg.github.io/entries-api/#dom-filesystemdirectoryentry-getdirectory

        The empty string is a valid path as per:
        - https://wicg.github.io/entries-api/#valid-path

        This aligns out behavior with Chrome.

        No new tests, updated existing test.

        * Modules/entriesapi/DOMFileSystem.cpp:
        (WebCore::isValidVirtualPath):
        (WebCore::resolveRelativeVirtualPath):

2017-10-09  Chris Dumez  <cdumez@apple.com>

        It should not be possible to submit a form that is disconnected
        https://bugs.webkit.org/show_bug.cgi?id=178099

        Reviewed by Sam Weinig.

        It should not be possible to submit a form that is disconnected. Both Firefox and Chrome agree with the specification.

        This is as per:
        https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#form-submission-algorithm (step 1)
        which refers to:
        https://html.spec.whatwg.org/multipage/links.html#cannot-navigate

        Form cannot navigate when it is disconnected.

        No new tests, rebaselined existing tests.

        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::prepareForSubmission):

2017-10-09  Myles C. Maxfield  <mmaxfield@apple.com>

        Delete button doesn't fully delete certain emoji
        https://bugs.webkit.org/show_bug.cgi?id=178096
        <rdar://problem/34785106>

        Reviewed by Simon Fraser.

        System infrastructure for handling emoji changes every year. Instead of having
        custom code to specifically walk over codepoints, we should delegate to the
        system handling.

        Test: editing/deleting/delete-emoji.html

        * rendering/RenderText.cpp:
        (WebCore::RenderText::previousOffset const):
        (WebCore::RenderText::previousOffsetForBackwardDeletion const):
        (WebCore::RenderText::nextOffset const):
        (WebCore::isHangulLVT): Deleted.
        (WebCore::isMark): Deleted.
        (WebCore::isRegionalIndicator): Deleted.
        (WebCore::isInArmenianToLimbuRange): Deleted.

2017-10-09  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Image data should be coalesced if it comes in small chunks before updating the ImageSource
        https://bugs.webkit.org/show_bug.cgi?id=175890

        Reviewed by Simon Fraser.

        Coalesce the updates, which an Image makes when receiving encoded data in
        small chunks, for all platforms. Ensure the clients of the CachedImage
        won't be notified unless an update in the ImageSource happens.

        I need to change some functions' names to better implement this patch. 
        The names of these functions have been confusing:
            CachedImage::addData(SharedBuffer&)
            CachedImage::addDataBuffer(const char* data, unsigned)
            CachedImage::addIncrementalDataBuffer(SharedBuffer&)

        The image data is not buffered incrementally into the CachedImage. When
        new data is received, SubresourceLoader calls CachedImage to "update" its
        m_data with either a SharedBuffer or a data pointer. In either case the
        SharedBuffer or the pointer contains all the loaded data. SubresourceLoader
        calls CachedImage to update its m_data, to ensure its m_image is created 
        and to notify its clients with the new data.

        The verb "add" in the functions' name is misleading. I am suggesting the
        following names instead:
            CachedImage::updateBuffer(SharedBuffer&)
            CachedImage::updateData(const char*, unsigned)
            CachedImage::doUpdateBuffer(SharedBuffer&)

        The first two are the virtual ones. They are called form SubresourceLoader.
        The third one is the internal implementation to update the m_data member.
        The same names will be used in the following classes:
            CachedResource which is the base class of CachedImage
            CachedRawResource which is derived from CachedResource
            CachedTextTrack which is derived from CachedResource

        * html/ImageDocument.cpp:
        (WebCore::ImageDocument::updateDuringParsing):
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::didReceiveDataOrBuffer):
        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::clearImage): Reset the update back off members.
        (WebCore::CachedImage::doUpdateBuffer): Don't update CachedImage with
        the new data if it comes in small chunks with fast rate.
        (WebCore::CachedImage::shouldDeferUpdateImageData const): This code is moved 
        from ImageSource::dataChanged().
        (WebCore::CachedImage::didUpdateImageData): Ditto.
        (WebCore::CachedImage::updateImageData):
        (WebCore::CachedImage::updateBuffer):
        (WebCore::CachedImage::updateData):
        (WebCore::CachedImage::finishLoading):
        (WebCore::CachedImage::addIncrementalDataBuffer): Deleted.
        (WebCore::CachedImage::setImageDataBuffer): Deleted.
        (WebCore::CachedImage::addDataBuffer): Deleted.
        (WebCore::CachedImage::addData): Deleted.
        * loader/cache/CachedImage.h:
        * loader/cache/CachedRawResource.cpp:
        (WebCore::CachedRawResource::updateBuffer):
        (WebCore::CachedRawResource::updateData):
        (WebCore::CachedRawResource::addDataBuffer): Deleted.
        (WebCore::CachedRawResource::addData): Deleted.
        * loader/cache/CachedRawResource.h:
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::updateBuffer):
        (WebCore::CachedResource::updateData):
        (WebCore::CachedResource::addDataBuffer): Deleted.
        (WebCore::CachedResource::addData): Deleted.
        * loader/cache/CachedResource.h:
        * loader/cache/CachedTextTrack.cpp:
        (WebCore::CachedTextTrack::doUpdateBuffer): Rename updateData() to doUpdateBuffer().
        (WebCore::CachedTextTrack::updateBuffer): Rename addDataBuffer() to updateBuffer().
        (WebCore::CachedTextTrack::finishLoading): Call the internal function doUpdateBuffer().
        (WebCore::CachedTextTrack::updateData): Deleted.
        (WebCore::CachedTextTrack::addDataBuffer): Deleted.
        * loader/cache/CachedTextTrack.h:
        * platform/graphics/ImageSource.cpp:
        (WebCore::ImageSource::dataChanged): Move the update back off code to CachedImage::updateData().
        * platform/graphics/ImageSource.h:

2017-10-09  Michael Saboff  <msaboff@apple.com>

        Implement RegExp Unicode property escapes
        https://bugs.webkit.org/show_bug.cgi?id=172069

        Reviewed by JF Bastien.

        Refactoring change - Added BuiltInCharacterClassID:: prefix to uses of the enum.

        * contentextensions/URLFilterParser.cpp:
        (WebCore::ContentExtensions::PatternParser::atomBuiltInCharacterClass):

2017-10-09  Andy Estes  <aestes@apple.com>

        [Payment Request] Implement PaymentRequest.show() and PaymentRequest.hide()
        https://bugs.webkit.org/show_bug.cgi?id=178043
        <rdar://problem/34076639>

        Reviewed by Tim Horton.

        Tests: http/tests/paymentrequest/payment-request-abort-method.https.html
               http/tests/paymentrequest/payment-request-show-method.https.html

        * Modules/applepay/PaymentCoordinator.h:
        * Modules/applepay/PaymentSession.h: Virtually inherited from PaymentSessionBase to
        accommodate ApplePayPaymentHandler inheriting from both this and PaymentHandler.
        (WebCore::PaymentSession::~PaymentSession): Deleted.
        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
        (WebCore::paymentCoordinator): Virtually inherited from PaymentSessionBase to accommodate
        ApplePayPaymentHandler inheriting from both this and PaymentSession.
        (WebCore::ApplePayPaymentHandler::hasActiveSession): Added. Calls PaymentCoordinator::hasActiveSession().
        (WebCore::ApplePayPaymentHandler::show): Added. Calls PaymentCoordinator::beginPaymentSession().
        (WebCore::ApplePayPaymentHandler::hide): Added. Calls PaymentCoordinator::abortPaymentSession().
        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h: Inherited from PaymentSession in
        addition to PaymentHandler so that this can be PaymentCoordinator active session.
        * Modules/paymentrequest/PaymentHandler.cpp:
        (WebCore::PaymentHandler::create):
        (WebCore::PaymentHandler::hasActiveSession):
        * Modules/paymentrequest/PaymentHandler.h:
        * Modules/paymentrequest/PaymentRequest.cpp:
        (WebCore::PaymentRequest::~PaymentRequest):
        (WebCore::PaymentRequest::show): Rejected the promise if PaymentCoordinator has an active session.
        (WebCore::PaymentRequest::abort): Called stop().
        (WebCore::PaymentRequest::canSuspendForDocumentSuspension const): Returned true if state is
        Interactive and there is an active handler showing.
        (WebCore::PaymentRequest::stop): Hid the active session if it's showing, then set state to
        Closed and rejected the show promise.
        * Modules/paymentrequest/PaymentRequest.h:
        * Modules/paymentrequest/PaymentSessionBase.h: Added. Inherits from
        RefCounted<PaymentSessionBase> and defines a virtual destructor. This allows subclasses to
        virtually inherit a single ref-count to support multiple inheritance.
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/scripts/CodeGeneratorJS.pm:
        (GetGnuVTableOffsetForType): Added ApplePaySession to the list of classes that need a vtable
        offset of 3.
        * page/MainFrame.cpp:
        (WebCore::MainFrame::setPaymentCoordinator): Added a setter for m_paymentCoordinator.
        * page/MainFrame.h:
        * testing/Internals.cpp:
        (WebCore::Internals::Internals): Set the main frame's payment coordinator to a new
        PaymentCoordinator with MockPaymentCoordinator as its client.
        * testing/MockPaymentCoordinator.cpp: Added a mock PaymentCoordinatorClient for testing.
        (WebCore::MockPaymentCoordinator::supportsVersion):
        (WebCore::MockPaymentCoordinator::canMakePayments):
        (WebCore::MockPaymentCoordinator::canMakePaymentsWithActiveCard):
        (WebCore::MockPaymentCoordinator::openPaymentSetup):
        (WebCore::MockPaymentCoordinator::showPaymentUI):
        (WebCore::MockPaymentCoordinator::paymentCoordinatorDestroyed):
        * testing/MockPaymentCoordinator.h: Added.

2017-10-09  Youenn Fablet  <youenn@apple.com>

        Add quota to cache API
        https://bugs.webkit.org/show_bug.cgi?id=177552

        Reviewed by Alex Christensen.

        Tests: http/wpt/cache-storage/cache-quota.any.html

        Storing padded opaque response body sizes within FetchResponse and CacheStorageConnection.
        See https://github.com/whatwg/storage/issues/31 for the rationale about this padding.
        Storing in CacheStorageConnection is needed for handling cloned network fetched created responses.
        Storing in FetchResponse is needed for handling cloned cache-storage created opaque responses.

        Adding internals to query and set the fuzzed size of a response.

        * Modules/cache/CacheStorageConnection.cpp:
        (WebCore::computeRealBodySize):
        (WebCore::CacheStorageConnection::computeRecordBodySize):
        (WebCore::CacheStorageConnection::setResponseBodySizeWithPadding):
        (WebCore::CacheStorageConnection::responseBodySizeWithPadding const):
        * Modules/cache/CacheStorageConnection.h:
        * Modules/cache/DOMCache.cpp:
        (WebCore::DOMCache::toConnectionRecord):
        (WebCore::DOMCache::updateRecords):
        * Modules/cache/DOMCache.h:
        * Modules/cache/DOMCacheEngine.cpp:
        (WebCore::DOMCacheEngine::errorToException):
        (WebCore::DOMCacheEngine::Record::copy const):
        * Modules/cache/DOMCacheEngine.h:
        * Modules/cache/WorkerCacheStorageConnection.cpp:
        (WebCore::toCrossThreadRecordData):
        (WebCore::fromCrossThreadRecordData):
        * Modules/fetch/FetchResponse.cpp:
        (WebCore::FetchResponse::clone):
        (WebCore::FetchResponse::BodyLoader::didReceiveResponse):
        * Modules/fetch/FetchResponse.h:
        * Modules/fetch/FetchResponse.idl:
        * testing/Internals.cpp:
        (WebCore::Internals::setResponseSizeWithPadding):
        (WebCore::Internals::responseSizeWithPadding const):
        * testing/Internals.h:
        * testing/Internals.idl:

2017-10-09  Zalan Bujtas  <zalan@apple.com>

        Remove redundant RenderObject::virtualContinuation
        https://bugs.webkit.org/show_bug.cgi?id=178091
        <rdar://problem/34892906>

        Reviewed by Antti Koivisto.
 
        virtualContinuation sounds like a feature of continuation, while it's just a (not super useful)helper override.

        No change in functionality.

        * rendering/RenderBlock.cpp:
        (WebCore::canMergeContiguousAnonymousBlocks):
        (WebCore::RenderBlock::takeChild):
        * rendering/RenderBlock.h:
        * rendering/RenderInline.h:
        * rendering/RenderObject.h:
        (WebCore::RenderObject::isBlockElementContinuation const):
        (WebCore::RenderObject::virtualContinuation const): Deleted.

2017-10-09  Dean Jackson  <dino@apple.com>

        [WebGL] Third IOSurface buffer might be allocated with the wrong size
        https://bugs.webkit.org/show_bug.cgi?id=178092
        <rdar://problem/34893173>

        Reviewed by Jer Noble.

        If the WebGL canvas resizes after the third buffer was allocated, it
        was never getting told that its backing store should be thrown away.

        * platform/graphics/cocoa/WebGLLayer.mm: Allocate the third buffer at
        the same time as the first two.
        (-[WebGLLayer allocateIOSurfaceBackingStoreWithSize:usingAlpha:]):
        (-[WebGLLayer bindFramebufferToNextAvailableSurface]):

2017-10-09  Sam Weinig  <sam@webkit.org>

        Make HashMap::keys() and HashMap::values() work with WTF::map/WTF::copyToVector
        https://bugs.webkit.org/show_bug.cgi?id=178072

        Reviewed by Darin Adler.

        * platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.h:
        (WebCore::MediaSelectionGroupAVFObjC::options):
        
            Update for type change for HashMap::values().
            
2017-10-09  Wenson Hsieh  <wenson_hsieh@apple.com>

        Unreviewed, another build fix attempt after r223031

        The default constructor of DragTargetResponse is also invoked via initializer list in EventHandler.cpp, so we'll
        need to explicitly declare this constructor in the header.

        * page/EventHandler.h:

2017-10-09  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r223021.

        LayoutTests added with this change are failing.

        Reverted changeset:

        "[Payment Request] Implement PaymentRequest.show() and
        PaymentRequest.hide()"
        https://bugs.webkit.org/show_bug.cgi?id=178043
        http://trac.webkit.org/changeset/223021

2017-10-09  Jeremy Jones  <jeremyj@apple.com>

        Blurry captions on retina screens.
        https://bugs.webkit.org/show_bug.cgi?id=177560
        rdar://problem/17913388

        Reviewed by Jer Noble.

        No new tests because the contents scale of the captions layer is not exposed to the DOM.

        The captions layer contents scale needs to take into account the device screen scale to get the correct resolution for captions.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentation):
        (WebCore::MediaControlTextTrackContainerElement::updateSizes):

2017-10-09  Wenson Hsieh  <wenson_hsieh@apple.com>

        Unreviewed, fix the Windows build after r223031

        Speculative build fix; no change in behavior.

        * page/EventHandler.h:
        (WebCore::EventHandler::DragTargetResponse::DragTargetResponse):

2017-10-09  Alex Christensen  <achristensen@webkit.org>

        Reduce includes in Document.h
        https://bugs.webkit.org/show_bug.cgi?id=178035

        Reviewed by Darin Adler.

        * dom/Document.h:

2017-10-09  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [ATK] Explicitly-set aria-sort value of "none" should be exposed as an object attribute
        https://bugs.webkit.org/show_bug.cgi?id=177955

        Reviewed by Chris Fleizach.

        Expose "none" as the value of aria-sort when the attribute is present and not
        one of the other valid sort types. Also add a new AccessibilitySortDirection,
        SortDirectionInvalid. This is currently only being used when the sort direction
        is sought for a role which does not support this ARIA attribute, but might come
        in handy if we want to add further sanity checks on the author-provided values.

        Test: accessibility/gtk/aria-sort-values.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::sortDirection const):
        * accessibility/AccessibilityObject.h:
        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (webkitAccessibleGetAttributes):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper additionalAccessibilityAttributeNames]):

2017-10-09  Robin Morisset  <rmorisset@apple.com>

        Make the names of the options consistent 
        https://bugs.webkit.org/show_bug.cgi?id=177933

        Reviewed by Saam Barati.

        No functional change, just fixing comments.

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::buffered const):
        (WebCore::MediaSource::monitorSourceBuffers):
        * Modules/webaudio/AudioBufferSourceNode.cpp:
        (WebCore::AudioBufferSourceNode::process):
        * bindings/scripts/generate-bindings.pl:
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle):
        * editing/BreakBlockquoteCommand.cpp:
        (WebCore::BreakBlockquoteCommand::doApply):
        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplaceSelectionCommand::doApply):
        * editing/VisibleSelection.cpp:
        (WebCore::VisibleSelection::setStartAndEndFromBaseAndExtentRespectingGranularity):
        * editing/VisibleUnits.cpp:
        (WebCore::closestWordBoundaryForPosition):
        * html/parser/AtomicHTMLToken.h:
        * html/parser/HTMLDocumentParser.cpp:
        (WebCore::HTMLDocumentParser::end):
        * inspector/InspectorOverlayPage.js:
        (reset):
        * page/ViewportConfiguration.cpp:
        (WebCore::ViewportConfiguration::layoutWidth const):
        (WebCore::ViewportConfiguration::layoutHeight const):
        * platform/graphics/FloatPolygon.h:
        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
        (WebCore::InbandTextTrackPrivateAVF::processCueAttributes):
        * platform/graphics/filters/FilterOperation.h:
        * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
        (WebCore::GraphicsContext3D::texImage2D):
        * platform/mac/WidgetMac.mm:
        (WebCore::safeRemoveFromSuperview):
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::collapseMarginsWithChildInfo):
        * rendering/RenderBlockFlow.h:
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computePositionedLogicalWidthReplaced const):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded const):
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::disabledTextColor const):
        * style/ClassChangeInvalidation.cpp:
        (WebCore::Style::computeClassChange):
        * style/StyleScope.cpp:
        (WebCore::Style::Scope::didChangeStyleSheetEnvironment):
        * svg/SVGAltGlyphDefElement.cpp:
        (WebCore::SVGAltGlyphDefElement::hasValidGlyphElements const):

2017-10-09  Adrian Perez de Castro  <aperez@igalia.com>

        [WPE][GTK] Propagate libepoxy compiler flags obtained from pkg-config
        https://bugs.webkit.org/show_bug.cgi?id=178081

        Reviewed by Carlos Alberto Lopez Perez.

        No new tests needed.

        * CMakeLists.txt: Use ${LIBEPOXY_DEFINITIONS} for building WebCore.

2017-10-09  Romain Bellessort  <romain.bellessort@crf.canon.fr>

        [Readable Streams API] Implement canCloseOrEnqueue
        https://bugs.webkit.org/show_bug.cgi?id=178005

        Reviewed by Youenn Fablet.

        Implemented readableStreamDefaultControllerCanCloseOrEnqueue [1]. This is
        just a refactoring (based on spec) aiming at factorizing a set of tests
        that are done at multiple places.

        [1] https://streams.spec.whatwg.org/#readable-stream-default-controller-can-close-or-enqueue

        No new tests (refactoring, no new behavior).

        * Modules/streams/ReadableStreamDefaultController.js:
        (enqueue): Updated.
        (close): Updated.
        * Modules/streams/ReadableStreamInternals.js:
        (readableStreamDefaultControllerClose): Updated.
        (readableStreamDefaultControllerCanCloseOrEnqueue): Added.

2017-10-05  Frederic Wang  <fwang@igalia.com>

        Remove WOFF2 from Source/ThirdParty.
        https://bugs.webkit.org/show_bug.cgi?id=177862

        Reviewed by Michael Catanzaro.

        No new tests, already covered by existing tests.

        * CMakeLists.txt: Use the system brotli/woff2 headers/libraries.

2017-10-08  Darin Adler  <darin@apple.com>

        Update HTMLOListElement.start to behavior from latest HTML specification
        https://bugs.webkit.org/show_bug.cgi?id=178057

        Reviewed by Chris Dumez.

        * html/HTMLOListElement.cpp:
        (optionalValue): Added. Helper function that we can put into Expected.h later
        if we like; makes it easier to turn Expected into std::optional.
        (WebCore::HTMLOListElement::HTMLOListElement): Moved data member initialization
        into class definition so it doesn't have to be done here.
        (WebCore::HTMLOListElement::parseAttribute): Simplified using the new
        optionalValue function. Moved the call to update values in here since it's
        a trivial one-liner (albeit done twice).
        (WebCore::HTMLOListElement::updateItemValues): Deleted. Moved this into the
        parseAttribute function.
        (WebCore::HTMLOListElement::itemCount): Updated to use std::optional instead
        of a separate m_shouldRecalculateItemCount flag. Also inlined the
        recalculateItemCount function since it's a trivial one-liner.
        (WebCore::HTMLOListElement::itemCountAfterLayout): Deleted. The only use of
        this was to implement the now-obsolete behavior of the start attribute.
        (WebCore::HTMLOListElement::recalculateItemCount): Deleted. Moved this into
        the itemCount function.

        * html/HTMLOListElement.h: Changed startForBindings to return 1 when start
        is not specified; this what the HTML specification now calls for. Updated
        for the changes above. Merged m_itemCount and m_shouldRecalculateItemCount
        into a single optional m_itemCount, and made it mutable so it can be
        computed as a side effect of calling the const member function start.

2017-10-08  Darin Adler  <darin@apple.com>

        Fix bugs related to setting reflected floating point DOM attributes
        https://bugs.webkit.org/show_bug.cgi?id=178061

        Reviewed by Sam Weinig.

        * html/HTMLProgressElement.cpp:
        (WebCore::HTMLProgressElement::setValue): Changed the semantics to match what
        the HTML specification calls for. When a caller passes a negative number or
        zero, the value does get set on the element. Negative numbers are not allowed
        when you get the current value, but are allowed to be set.
        (WebCore::HTMLProgressElement::setMax): Changed the semantics to match what
        the HTML specification calls for. When a caller passes a negative number or
        zero, this should leave the attribute unchanged.

        * html/shadow/MediaControlElementTypes.cpp:
        (WebCore::MediaControlVolumeSliderElement::setVolume): Use
        String::numberToStringECMAScript instead of String::number since that is what
        we want any time we are setting an attribute value from a floating point value.
        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTimelineElement::setPosition): Ditto.
        (WebCore::MediaControlTimelineElement::setDuration): Removed unneeded check
        of std::isfinite since the single caller already checks that.

2017-10-08  Wenson Hsieh  <wenson_hsieh@apple.com>

        DataTransfer.items does not contain items for custom types supplied via add or setData
        https://bugs.webkit.org/show_bug.cgi?id=178016

        Reviewed by Darin Adler.

        Minor tweaks to expose pasteboard types and data through DataTransfer's item list. This patch fixes two primary
        issues: (1) custom pasteboard data is not exposed through the item list in any way, and (2) the "Files"
        compatibility type is exposed as a separate data transfer item of kind 'string' when dropping or pasting files.

        Tests: editing/pasteboard/data-transfer-items-add-custom-data.html
               editing/pasteboard/data-transfer-items-drop-file.html

        * dom/DataTransfer.cpp:
        (WebCore::normalizeType):

        Use stripLeadingAndTrailingHTMLSpaces instead of stripWhitespace.

        (WebCore::shouldReadOrWriteTypeAsCustomData):
        (WebCore::DataTransfer::getDataForItem const):
        (WebCore::DataTransfer::getData const):

        Add getDataForItem, a version of getData that does not normalize types before reading from the pasteboard. This
        normalization step is only needed for backwards compatibility with legacy types (such as "text" and "url")
        written to and read from using getData and setData; when using DataTransferItemList.add to set data, adding data
        for these types should instead write as custom pasteboard data.

        (WebCore::DataTransfer::setDataFromItemList):
        (WebCore::DataTransfer::types const):
        (WebCore::DataTransfer::typesForItemList const):

        Add typesForItemList, which fetches the list of types to expose as items on the DataTransfer. Importantly, this
        does not include the "Files" type added for compatibility when accessing DataTransfer.types, instead returning
        an empty array. The actual files are added separately, by iterating over DataTransfer's files in ensureItems.

        Note that when starting a drag or copying, we will still expose the full list of file and string types to
        bindings and not just file-backed items. Since all of this information is supplied by the page in the first
        place, we don't have to worry about exposing information, such as file paths, that may exist on the pasteboard.

        * dom/DataTransfer.h:
        * dom/DataTransferItem.cpp:
        (WebCore::DataTransferItem::getAsString const):
        * dom/DataTransferItemList.cpp:
        (WebCore::shouldExposeTypeInItemList):
        (WebCore::DataTransferItemList::add):
        (WebCore::DataTransferItemList::ensureItems const):
        (WebCore::isSupportedType): Deleted.

2017-10-08  Darin Adler  <darin@apple.com>

        CustomElementRegistry.define was throwing a JavaScript syntax error instead of a DOM syntax error
        https://bugs.webkit.org/show_bug.cgi?id=178055

        Reviewed by Sam Weinig.

        Both the JavaScript language and the DOM have "syntax error" exceptions, but
        they are not the same thing.

        Also, since the time a while back where we moved JavaScript error handling to
        use WebCore::Exception and WebCore::ExceptionOr, there are a number of functions
        that are no longer used and can be deleted.

        * bindings/js/JSCustomElementRegistryCustom.cpp:
        (WebCore::validateCustomElementNameAndThrowIfNeeded): Call throwDOMSyntaxError
        instead of throwSyntaxError.

        * bindings/js/JSDOMExceptionHandling.cpp:
        (WebCore::reportDeprecatedGetterError): Deleted. Unused.
        (WebCore::reportDeprecatedSetterError): Deleted. Unused.
        (WebCore::throwNotSupportedError): Deleted the overload without an error message,
        since it's unused. Changed the other overload to take an ASCIILiteral, since
        that is what all the callers need.
        (WebCore::throwInvalidStateError): Take ASCIILiteral as above.
        (WebCore::throwArrayElementTypeError): Deleted. Unused.
        (WebCore::throwDOMSyntaxError): Added an ASCIILiteral message argument. This
        function was unused; it's now being used above, always with a literal message.
        (WebCore::throwIndexSizeError): Deleted. Unused.
        (WebCore::throwTypeMismatchError): Deleted. Unused.
        * bindings/js/JSDOMExceptionHandling.h: Updated for the changes above.

        * bindings/js/JSHTMLElementCustom.cpp:
        (WebCore::constructJSHTMLElement): Fixed a typo in the error message.

2017-10-08  Ryosuke Niwa  <rniwa@webkit.org>

        dragenter and dragleave shouldn't use the same data transfer object
        https://bugs.webkit.org/show_bug.cgi?id=178056

        Reviewed by Darin Adler.

        This patch fixes the bug that we were using a single DataTransfer to fire dragleave and dragenter events
        when the drag target moves from one element to another.

        It alos refactors DragController and EventHandler code so that the construction of DataTransfer object
        happens in EventHandler instead of DragController, and extracts createForUpdatingDropTarget out of
        createForDrop to have a better encapsulation over the data store mode.

        drag related functions in EventHandler now takes std::unique_ptr<Pasteboard>&&, drag operation mask set
        by the drag source, and a boolean indicating whether this drag & drop is for files or not. updateDragAndDrop
        takes a closure which makes a pasteboard because it has to create two instances of DataTransfer one for
        dragleave event and another one for dragenter event in some cases.

        Test: editing/pasteboard/data-transfer-is-unique-for-dragenter-and-dragleave.html

        * dom/DataTransfer.cpp:
        (WebCore::DataTransfer::createForDrop): Now takes Pasteboard instead of DragData.
        (WebCore::DataTransfer::createForUpdatingDropTarget): Extracted out of createForDrop. Moved the code to
        use Readonly mode in dashboad here from createDataTransferToUpdateDrag in DragController.cpp.
        * dom/DataTransfer.h:
        * page/DragController.cpp:
        (WebCore::createDataTransferToUpdateDrag): Deleted.
        (WebCore::DragController::dragExited):
        (WebCore::DragController::performDragOperation):
        (WebCore::DragController::tryDHTMLDrag):
        * page/EventHandler.cpp:
        (WebCore::EventHandler::dispatchDragEvent): Made this fucntion take DataTransfer& instead of DataTransfer*.
        (WebCore::findDropZone): Ditto.
        (WebCore::EventHandler::dispatchDragEnterOrDragOverEvent): Added.
        (WebCore::EventHandler::updateDragAndDrop):
        (WebCore::EventHandler::cancelDragAndDrop):
        (WebCore::EventHandler::performDragAndDrop):
        (WebCore::EventHandler::dispatchDragSrcEvent):
        (WebCore::EventHandler::dispatchDragStartEventOnSourceElement):
        * page/EventHandler.h:

2017-10-08  Jer Noble  <jer.noble@apple.com>

        SourceBuffer remove throws out way more content than requested
        https://bugs.webkit.org/show_bug.cgi?id=177884
        <rdar://problem/34817104>

        Reviewed by Darin Adler.

        Test: media/media-source/media-source-remove-too-much.html

        The end parameter is exclusive, not inclusive, of the range to be removed.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::removeCodedFrames):

2017-10-08  Brent Fulgham  <bfulgham@apple.com>

        Nullptr deref in WebCore::Node::computeEditability
        https://bugs.webkit.org/show_bug.cgi?id=177905
        <rdar://problem/34138402>

        Reviewed by Darin Adler.

        Script can run when setting focus, because a blur event and a focus event are generated.
        A handler for one of these events can cause the focused element to be cleared. We should
        handle this possibility gracefully.

        Test: fast/dom/focus-shift-crash.html

        * dom/Document.cpp:
        (WebCore::Document::setFocusedElement):

2017-10-07  Darin Adler  <darin@apple.com>

        Update Document.createEvent for recent DOM specification changes
        https://bugs.webkit.org/show_bug.cgi?id=178052

        Reviewed by Chris Dumez.

        * dom/BeforeUnloadEvent.cpp:
        (WebCore::BeforeUnloadEvent::BeforeUnloadEvent): Added a constructor for
        createForBindings.
        (WebCore::BeforeUnloadEvent::~BeforeUnloadEvent): Deleted. Just let the
        compiler generate this.
        * dom/BeforeUnloadEvent.h: Added createForBindings. Also made more things private.

        * dom/Document.cpp:
        (WebCore::Document::createEvent): Updated comments for clarity. Responding to
        changes to the DOM specification, added support for "beforeunloadevent", "focusevent",
        and "svgevents", moved "keyboardevents" and "popstateevent" into the list of strings
        we should remove, and moved "compositionevent", "devicemotionevent",
        "deviceorientationevent", "hashchangeevent", "storageevent", and "textevent" into
        the list of strings we should keep.

        * dom/Event.h: Added a virtual setRelatedTarget alongside the virtual relatedTarget
        to allow us to clean up the code that manipulates it.

        * dom/EventContext.cpp:
        (WebCore::MouseOrFocusEventContext::handleLocalEvents const): Call the virtual
        setRelatedTarget instead of doing a little type casting dance.

        * dom/FocusEvent.h: Added createForBindings. Made more functions private and
        changed setRelatedTarget into a private final override.

        * dom/MouseEvent.h: Changed setRelatedTarget into a private final override.

2017-10-07  Andy Estes  <aestes@apple.com>

        [Payment Request] Implement PaymentRequest.show() and PaymentRequest.hide()
        https://bugs.webkit.org/show_bug.cgi?id=178043
        <rdar://problem/34076639>

        Reviewed by Tim Horton.

        Tests: http/tests/paymentrequest/payment-request-abort-method.https.html
               http/tests/paymentrequest/payment-request-show-method.https.html

        * Modules/applepay/PaymentSession.h: Virtually inherited from PaymentSessionBase to
        accommodate ApplePayPaymentHandler inheriting from both this and PaymentHandler.
        (WebCore::PaymentSession::~PaymentSession): Deleted.
        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
        (WebCore::paymentCoordinator): Virtually inherited from PaymentSessionBase to accommodate
        ApplePayPaymentHandler inheriting from both this and PaymentSession.
        (WebCore::ApplePayPaymentHandler::hasActiveSession): Added. Calls PaymentCoordinator::hasActiveSession().
        (WebCore::ApplePayPaymentHandler::show): Added. Calls PaymentCoordinator::beginPaymentSession().
        (WebCore::ApplePayPaymentHandler::hide): Added. Calls PaymentCoordinator::abortPaymentSession().
        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h: Inherited from PaymentSession in
        addition to PaymentHandler so that this can be PaymentCoordinator active session.
        * Modules/paymentrequest/PaymentHandler.cpp:
        (WebCore::PaymentHandler::create):
        (WebCore::PaymentHandler::hasActiveSession):
        * Modules/paymentrequest/PaymentHandler.h:
        * Modules/paymentrequest/PaymentRequest.cpp:
        (WebCore::PaymentRequest::~PaymentRequest):
        (WebCore::PaymentRequest::show): Rejected the promise if PaymentCoordinator has an active session.
        (WebCore::PaymentRequest::abort): Called stop().
        (WebCore::PaymentRequest::canSuspendForDocumentSuspension const): Returned true if state is
        Interactive and there is an active handler showing.
        (WebCore::PaymentRequest::stop): Hid the active session if it's showing, then set state to
        Closed and rejected the show promise.
        * Modules/paymentrequest/PaymentRequest.h:
        * Modules/paymentrequest/PaymentSessionBase.h: Added. Inherits from
        RefCounted<PaymentSessionBase> and defines a virtual destructor. This allows subclasses to
        virtually inherit a single ref-count to support multiple inheritance.
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/scripts/CodeGeneratorJS.pm:
        (GetGnuVTableOffsetForType): Added ApplePaySession to the list of classes that need a vtable
        offset of 3.

2017-10-07  Ryosuke Niwa  <rniwa@webkit.org>

        WebContentReader::readHTML should be shared between macOS and iOS
        https://bugs.webkit.org/show_bug.cgi?id=178044

        Reviewed by Wenson Hsieh.

        Merged the implementations for WebContentReader::readHTML between macOS and iOS.

        * editing/cocoa/WebContentReaderCocoa.mm:
        (WebCore::WebContentReader::readHTML):
        * editing/ios/WebContentReaderIOS.mm:
        (WebCore::WebContentReader::readHTML): Deleted.
        * editing/mac/WebContentReaderMac.mm:
        (WebCore::WebContentReader::readHTML): Deleted.

2017-10-06  Zalan Bujtas  <zalan@apple.com>

        RenderTable should not hold a collection of raw pointers to RenderTableCaption
        https://bugs.webkit.org/show_bug.cgi?id=178026
        <rdar://problem/34863090>

        Reviewed by Simon Fraser.

        Similar to sections, RenderTable should not store captions as raw pointers. Their lifetimes are
        not guaranteed to be sync with the RenderTable's.

        Covered by existing tests.

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::addCaption):
        (WebCore::RenderTable::removeCaption):
        (WebCore::RenderTable::addOverflowFromChildren):
        * rendering/RenderTable.h:
        * rendering/RenderTableCaption.cpp:
        (WebCore::RenderTableCaption::insertedIntoTree):
        (WebCore::RenderTableCaption::willBeRemovedFromTree):

2017-10-06  Daniel Bates  <dabates@apple.com>

        Spelling error annotation should encompass hyphen in misspelled word that wraps across multiple lines
        https://bugs.webkit.org/show_bug.cgi?id=177980
        <rdar://problem/34847454>

        Reviewed by Simon Fraser.

        On macOS the spelling and grammar annotations for a word or word phrase encompass
        hyphenations added because the word or word phrase wraps across more than one line.
        The effect tends to be more aesthetically pleasing and consistent with how these
        annotations would be pointed out by a person in conversation: by identify the word
        or phrase that has a spelling or grammar issue regardless of whether that word or
        phrase is broken into halves due to line wrapping. The same argument applies to
        other annotations on macOS, including text matches. Therefore, we should always
        include any hyphens encompassed by a marker that were added due to line wrapping
        when painting the marker.

        Test: editing/spelling/spelling-marker-includes-hyphen.html

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paintDocumentMarker): Compute the text run including any
        added hyphens. If a hyphen was added then the inline text box represents that text
        up to the hyphen. Adjust the end position of the marker to be the length of the text
        run if its greater than or equal to the length of the text box.

2017-10-06  Zalan Bujtas  <zalan@apple.com>

        RenderTable should not hold a collection of raw pointers to RenderTableCol
        https://bugs.webkit.org/show_bug.cgi?id=178030
        <rdar://problem/34865236>

        Reviewed by Simon Fraser.

        In addition to the m_columnRenderersValid flag, this patch ensures that
        we don't dereference stale column renderers even when the flag is out of sync.

        Covered by existing tests.

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::updateColumnCache const):
        (WebCore::RenderTable::slowColElement const):
        * rendering/RenderTable.h:

2017-10-06  Zalan Bujtas  <zalan@apple.com>

        RootInlineBox should not hold a collection of raw pointers to RenderBox
        https://bugs.webkit.org/show_bug.cgi?id=178025
        <rdar://problem/34862488>

        Reviewed by Simon Fraser.

        There are already some assertions in place to check if the renderers are valid.

        Covered by existing test cases.

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::reattachCleanLineFloats):
        (WebCore::RenderBlockFlow::determineStartPosition):
        (WebCore::RenderBlockFlow::determineEndPosition):
        * rendering/RootInlineBox.h:
        (WebCore::RootInlineBox::appendFloat):
        (WebCore::RootInlineBox::floatsPtr):

2017-10-06  Zalan Bujtas  <zalan@apple.com>

        Continuation map should not hold a raw pointer
        https://bugs.webkit.org/show_bug.cgi?id=178021
        <rdar://problem/34861590>

        Reviewed by Simon Fraser.

        This patch ensures proper lifetime management for renderers stored in the Continuation map
        (currently they rely on the correctness of addChild/takeChild methods).

        Covered by existing tests.

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::continuation const):
        (WebCore::RenderBoxModelObject::setContinuation):

2017-10-06  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r222791 and r222873.
        https://bugs.webkit.org/show_bug.cgi?id=178031

        Caused crashes with workers/wasm LayoutTests (Requested by
        ryanhaddad on #webkit).

        Reverted changesets:

        "WebAssembly: no VM / JS version of everything but Instance"
        https://bugs.webkit.org/show_bug.cgi?id=177473
        http://trac.webkit.org/changeset/222791

        "WebAssembly: address no VM / JS follow-ups"
        https://bugs.webkit.org/show_bug.cgi?id=177887
        http://trac.webkit.org/changeset/222873

2017-10-06  Alex Christensen  <achristensen@webkit.org>

        Add more infrastructure to apply custom header fields to same-origin requests
        https://bugs.webkit.org/show_bug.cgi?id=177629

        Reviewed by Ryosuke Niwa.

        Covered by new API tests.

        * loader/DocumentLoader.h:
        (WebCore::DocumentLoader::customHeaderFields):
        * loader/HTTPHeaderField.cpp:
        (WebCore::HTTPHeaderField::create):
        (WebCore::HTTPHeaderField::HTTPHeaderField): Deleted.
        * loader/HTTPHeaderField.h:
        (WebCore::HTTPHeaderField::encode const):
        (WebCore::HTTPHeaderField::decode):
        
        Change HTTPHeaderField from one String containing the name and value
        to a string for the name and another for value.  This matches HTTPHeaderMap
        and NSURLRequest more closely where names and values are treated as separate Strings.
        
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::requestResource):
        
        If the DocumentLoader has custom header fields from the WebsitePolicies, apply them to any same-origin requests.
        
        * loader/cache/CachedResourceRequest.h:
        (WebCore::CachedResourceRequest::resourceRequest):
        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::setCachePolicy):
        (WebCore::ResourceRequestBase::setTimeoutInterval):
        (WebCore::ResourceRequestBase::setHTTPMethod):
        (WebCore::ResourceRequestBase::setHTTPHeaderField):
        (WebCore::ResourceRequestBase::clearHTTPAuthorization):
        (WebCore::ResourceRequestBase::clearHTTPContentType):
        (WebCore::ResourceRequestBase::clearHTTPReferrer):
        (WebCore::ResourceRequestBase::clearHTTPOrigin):
        (WebCore::ResourceRequestBase::clearHTTPUserAgent):
        (WebCore::ResourceRequestBase::clearHTTPAccept):
        (WebCore::ResourceRequestBase::clearHTTPAcceptEncoding):
        (WebCore::ResourceRequestBase::setResponseContentDispositionEncodingFallbackArray):
        (WebCore::ResourceRequestBase::setHTTPBody):
        (WebCore::ResourceRequestBase::setAllowCookies):
        (WebCore::ResourceRequestBase::setPriority):
        (WebCore::ResourceRequestBase::addHTTPHeaderFieldIfNotPresent):
        (WebCore::ResourceRequestBase::addHTTPHeaderField):
        (WebCore::ResourceRequestBase::setHTTPHeaderFields):
        
        non-HTTP/HTTPS ResourceRequests need to be updated, too, if header fields are added.
        Skipping updating non-HTTP/HTTPS ResourceRequests is not a valid shortcut, and with the
        growing importance of custom schemes with our new public API, we should update ResourceRequests
        of custom schemes correctly.

2017-10-06  Sam Weinig  <sam@webkit.org>

        Add basic support for getting a ImageBitmapRenderingContext
        https://bugs.webkit.org/show_bug.cgi?id=177983

        Reviewed by Dean Jackson.

        Add initial support for ImageBitmapRenderingContext.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        
            Add new files.
        
        * dom/Document.cpp:
        * dom/Document.h:
        * dom/Document.idl:
        
            Add ImageBitmapRenderingContext to RenderingContext variant so it wil be able to
            be used with Document.getCSSCanvasContext.
        
        * html/HTMLCanvasElement.h:
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::setHeight):
        (WebCore::HTMLCanvasElement::setWidth):
        
            Throw an exception if the context is in the placeholder mode (which we
            signify via a special PlaceholderRenderingContext) as speced. This can't
            currently be hit, as setting a placeholder requires offscreen canvas
            support, coming soon.
        
        (WebCore::HTMLCanvasElement::getContext):
        
            Re-work to match the spec's matrix of options, adding in support
            for 'bitmaprenderer'/ ImageBitmapRenderingContext type as well as 
            the placeholder mode.
        
        (WebCore::HTMLCanvasElement::createContext2d):
        (WebCore::HTMLCanvasElement::getContext2d):
        (WebCore::HTMLCanvasElement::isWebGLType):
        (WebCore::HTMLCanvasElement::createContextWebGL):
        (WebCore::HTMLCanvasElement::getContextWebGL):
        (WebCore::HTMLCanvasElement::createContextWebGPU):
        (WebCore::HTMLCanvasElement::getContextWebGPU):
        (WebCore::HTMLCanvasElement::isBitmapRendererType):
        (WebCore::HTMLCanvasElement::createContextBitmapRenderer):
        (WebCore::HTMLCanvasElement::getContextBitmapRenderer):

            Split creation out of the get functions so it can be called
            by getContext, where we know if the canvas is null or not.

        * html/HTMLCanvasElement.idl:
        
            Add ImageBitmapRenderingContext to RenderingContext variant so it wil be able to
            be used with HTMLCanvasElement.getContext.

        * html/canvas/CanvasRenderingContext.h:
        (WebCore::CanvasRenderingContext::isBitmapRenderer const):
        (WebCore::CanvasRenderingContext::isPlaceholder const):
        
            Add predicates for ImageBitmapRenderingContext and 
            PlaceholderRenderingContext.
        
        * html/canvas/ImageBitmapRenderingContext.cpp: Added.
        (WebCore::ImageBitmapRenderingContext::ImageBitmapRenderingContext):
        * html/canvas/ImageBitmapRenderingContext.h: Added.
        * html/canvas/ImageBitmapRenderingContext.idl: Added.
        * html/canvas/PlaceholderRenderingContext.cpp: Added.
        (WebCore::PlaceholderRenderingContext::PlaceholderRenderingContext):
        * html/canvas/PlaceholderRenderingContext.h: Added.
        
            Add stubbed out implementations for the new contexts.

2017-10-06  Jer Noble  <jer.noble@apple.com>

        Netflix playback fails with S7353 error
        https://bugs.webkit.org/show_bug.cgi?id=178023

        Reviewed by Dean Jackson.

        On certain platforms, WebCoreDecompressionSession will fail to produce CVImageBuffers when presented with
        encrypted content. On those platforms, the seek() command will fail, because frames at the destination time
        cannot be decoded. This occurs for Netflix because the <video> element is not in the DOM at decode time.

        Only create a WebCoreDecompressionSession in MediaPlayerPrivateMediaSourceAVFObjC when we have explicitly
        been asked to paint into a WebGL canvas.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::acceleratedRenderingStateChanged):

2017-10-06  Jiewen Tan  <jiewen_tan@apple.com>

        Replace some stack raw pointers with RefPtrs within WebCore/dom
        https://bugs.webkit.org/show_bug.cgi?id=177852
        <rdar://problem/34804487>

        Reviewed by Ryosuke Niwa.

        This is an effort to reduce raw pointer usage in DOM code. In this patch,
        stack raw pointers that could be freed during their lifetime because of
        event dispatching, layout updating and etc are selected. All selections are
        basing on code speculation.

        No changes in behaviours.

        * dom/ContainerNodeAlgorithms.cpp:
        (WebCore::addChildNodesToDeletionQueue):
        Escalate the RefPtr to where node is first defined.
        * dom/Document.cpp:
        (WebCore::Document::setVisualUpdatesAllowed):
        (WebCore::Document::updateLayout):
        (WebCore::Document::updateLayoutIfDimensionsOutOfDate):
        Possible layout updates during their lifetime.
        (WebCore::Document::implicitClose):
        Possible event dispatching during its lifetime.
        (WebCore::Document::nodeChildrenWillBeRemoved):
        (WebCore::Document::nodeWillBeRemoved):
        Possible node removal during their lifetime.
        (WebCore::command):
        Possible layout updates during its lifetime.
        * dom/DocumentMarkerController.cpp:
        (WebCore::DocumentMarkerController::renderedRectsForMarkers):
        Possible layout updates during its lifetime.
        * dom/Element.cpp:
        (WebCore::Element::removedFrom):
         Possible event dispatching during its lifetime.
        (WebCore::checkForSiblingStyleChanges):
        Possible layout updates during their lifetime.
        * dom/MouseRelatedEvent.cpp:
        (WebCore::MouseRelatedEvent::computeRelativePosition):