When navigating, discard decoded image data that is only live due to page cache.
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-06-20  Andreas Kling  <akling@apple.com>
2
3         When navigating, discard decoded image data that is only live due to page cache.
4         <https://webkit.org/b/158941>
5
6         Reviewed by Antti Koivisto.
7
8         A resource is "live" if it's currently in use by a web page, and "dead" if it's
9         only kept alive by the memory cache.
10
11         This patch adds a mechanism that looks at CachedImage resources to see if all the
12         clients that make them appear "live" are actually pages in the page cache.
13
14         If so, we let the "jettison expensive objects on top-level navigation" mechanism
15         discard the decoded data for such half-live images. This can reduce the peak
16         memory usage during navigations quite a bit.
17
18         * loader/FrameLoader.cpp:
19         (WebCore::FrameLoader::commitProvisionalLoad): Move the call to MemoryPressureHandler
20         before we add the outgoing page to the page cache. This allows the jettisoning code
21         to make decisions based on which pages were cached *before* the navigation.
22
23         * loader/cache/CachedImageClient.h:
24         (WebCore::CachedImageClient::inPageCache):
25         * loader/ImageLoader.h:
26         * loader/ImageLoader.cpp:
27         (WebCore::ImageLoader::inPageCache):
28         * rendering/RenderObject.h:
29         (WebCore::RenderObject::inPageCache): Added a CachedImageClient::inPageCache() virtual
30         to determine which clients are currently in page cache (answered by their Document.)
31
32         * loader/cache/CachedImage.h:
33         * loader/cache/CachedImage.cpp:
34         (WebCore::CachedImage::areAllClientsInPageCache): Walks all CachedImageClient clients
35         and returns true if all of them are inPageCache().
36
37         * platform/MemoryPressureHandler.cpp:
38         (WebCore::MemoryPressureHandler::jettisonExpensiveObjectsOnTopLevelNavigation):
39         Walk all the known CachedImages and nuke decoded data for those that have some but
40         are only considered live due to clients in the page cache.
41
42 2016-06-20  Chris Dumez  <cdumez@apple.com>
43
44         Unreviewed, fix post-landing review comment from Darin on r202188.
45
46         * platform/network/CacheValidation.cpp:
47         (WebCore::parseCacheHeader):
48
49 2016-06-19  Antti Koivisto  <antti@apple.com>
50
51         Updating class name of a shadow host does not update the style applied by :host()
52         https://bugs.webkit.org/show_bug.cgi?id=158900
53         <rdar://problem/26883707>
54
55         Reviewed by Simon Fraser.
56
57         Test: fast/shadow-dom/shadow-host-style-update.html
58
59         Teach style invalidation optimization code about :host.
60
61         * style/AttributeChangeInvalidation.cpp:
62         (WebCore::Style::mayBeAffectedByHostStyle):
63         (WebCore::Style::AttributeChangeInvalidation::invalidateStyle):
64         * style/ClassChangeInvalidation.cpp:
65         (WebCore::Style::computeClassChange):
66         (WebCore::Style::mayBeAffectedByHostStyle):
67         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
68         * style/IdChangeInvalidation.cpp:
69         (WebCore::Style::mayBeAffectedByHostStyle):
70         (WebCore::Style::IdChangeInvalidation::invalidateStyle):
71
72 2016-06-19  Gavin & Ellie Barraclough  <barraclough@apple.com>
73
74         Remove hasStaticPropertyTable (part 5: done!)
75         https://bugs.webkit.org/show_bug.cgi?id=158431
76
77         Reviewed by Chris Dumez.
78
79         * bindings/scripts/CodeGeneratorJS.pm:
80         (GenerateHeader):
81             - remove hasStaticPropertyTable.
82         * bindings/scripts/test/JS/JSInterfaceName.h:
83         (WebCore::JSInterfaceName::create):
84         * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
85         (WebCore::JSTestActiveDOMObject::create):
86         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
87         (WebCore::JSTestClassWithJSBuiltinConstructor::create):
88         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
89         (WebCore::JSTestCustomConstructorWithNoInterfaceObject::create):
90         * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
91         (WebCore::JSTestCustomNamedGetter::create):
92         * bindings/scripts/test/JS/JSTestEventConstructor.h:
93         (WebCore::JSTestEventConstructor::create):
94         * bindings/scripts/test/JS/JSTestEventTarget.h:
95         (WebCore::JSTestEventTarget::create):
96         * bindings/scripts/test/JS/JSTestException.h:
97         (WebCore::JSTestException::create):
98         * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
99         (WebCore::JSTestGenerateIsReachable::create):
100         * bindings/scripts/test/JS/JSTestGlobalObject.h:
101         * bindings/scripts/test/JS/JSTestInterface.h:
102         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h:
103         (WebCore::JSTestJSBuiltinConstructor::create):
104         * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
105         (WebCore::JSTestMediaQueryListListener::create):
106         * bindings/scripts/test/JS/JSTestNamedConstructor.h:
107         (WebCore::JSTestNamedConstructor::create):
108         * bindings/scripts/test/JS/JSTestNode.h:
109         * bindings/scripts/test/JS/JSTestNondeterministic.h:
110         (WebCore::JSTestNondeterministic::create):
111         * bindings/scripts/test/JS/JSTestObj.h:
112         (WebCore::JSTestObj::create):
113         * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
114         (WebCore::JSTestOverloadedConstructors::create):
115         * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
116         (WebCore::JSTestOverrideBuiltins::create):
117         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
118         (WebCore::JSTestSerializedScriptValueInterface::create):
119         * bindings/scripts/test/JS/JSTestTypedefs.h:
120         (WebCore::JSTestTypedefs::create):
121         * bindings/scripts/test/JS/JSattribute.h:
122         (WebCore::JSattribute::create):
123         * bindings/scripts/test/JS/JSreadonly.h:
124         (WebCore::JSreadonly::create):
125
126 2016-06-19  Youenn Fablet  <youenn.fablet@crf.canon.fr>
127
128         The JSBuiltinConstructor feature can't handle a JS interface extending an other JS interface
129         https://bugs.webkit.org/show_bug.cgi?id=158834
130
131         Reviewed by Eric Carlson.
132
133         No change of behavior.
134
135         * bindings/scripts/CodeGeneratorJS.pm:
136         (GenerateHeader): Explicitly setting DOMWrapped type definition from
137         JSXX class deriving from another JSYY class.
138         * bindings/scripts/test/JS/JSTestEventTarget.h: Rebased.
139         * bindings/scripts/test/JS/JSTestNode.h: Ditto.
140
141 2016-06-18  Antti Koivisto  <antti@apple.com>
142
143         Use time literals in WebCore
144         https://bugs.webkit.org/show_bug.cgi?id=158905
145
146         Reviewed by Andreas Kling.
147
148         std::chrono::milliseconds(1) -> 1ms etc.
149
150         * dom/Document.cpp:
151         (WebCore::Document::minimumLayoutDelay):
152         (WebCore::Document::elapsedTime):
153         * fileapi/FileReader.cpp:
154         (WebCore::FileReader::create):
155         * inspector/InspectorOverlay.cpp:
156         (WebCore::InspectorOverlay::showPaintRect):
157         * loader/CrossOriginPreflightResultCache.cpp:
158         (WebCore::CrossOriginPreflightResultCache::CrossOriginPreflightResultCache):
159         * loader/ProgressTracker.cpp:
160         (WebCore::ProgressTracker::progressStarted):
161         * loader/cache/CachedResource.cpp:
162         (WebCore::CachedResource::freshnessLifetime):
163         * page/ChromeClient.h:
164         * page/DOMTimer.cpp:
165         (WebCore::DOMTimer::intervalClampedToMinimum):
166         (WebCore::DOMTimer::alignedFireTime):
167         * page/DOMTimer.h:
168         * page/FrameView.cpp:
169         (WebCore::FrameView::scrollPositionChanged):
170         * page/ResourceUsageThread.cpp:
171         (WebCore::ResourceUsageThread::threadBody):
172         * page/Settings.cpp:
173         (WebCore::Settings::Settings):
174         * page/mac/ServicesOverlayController.mm:
175         (WebCore::ServicesOverlayController::remainingTimeUntilHighlightShouldBeShown):
176         * platform/graphics/FontCache.cpp:
177         (WebCore::FontCache::fontForFamily):
178         * platform/network/CacheValidation.cpp:
179         (WebCore::computeCurrentAge):
180         (WebCore::computeFreshnessLifetimeForHTTPFamily):
181
182 2016-06-17  Benjamin Poulain  <benjamin@webkit.org>
183
184         :indeterminate pseudo-class should match radios whose group has no checked radio
185         https://bugs.webkit.org/show_bug.cgi?id=156270
186
187         Reviewed by Simon Fraser.
188
189         The pseudo-class ":indeterminate" is supposed to match radio buttons
190         for which the entire group has no checked button.
191         Spec: https://html.spec.whatwg.org/#pseudo-classes:selector-indeterminate
192
193         The change is straightforward with one non-obvious choice:
194         I added matchesIndeterminatePseudoClass() in addition to shouldAppearIndeterminate().
195
196         The reason is shouldAppearIndeterminate() is used for styling and AX of elements
197         with an indeterminate states (check boxes and progress element). There is no such
198         UI for radio boxes.
199         I could have extended shouldAppearIndeterminate() to radio box
200         then filter out this case in RenderTheme. The problem is doing that would also requires
201         changes to the repaint logic to match :indeterminate. It seemed overkill to me to
202         change repaint() for a case that is never used in practice.
203
204         Tests: fast/css/pseudo-indeterminate-radio-buttons-basics.html
205                fast/css/pseudo-indeterminate-with-radio-buttons-style-invalidation.html
206                fast/selectors/detached-radio-button-checked-and-indeterminate-states.html
207                fast/selectors/pseudo-indeterminate-with-radio-buttons-style-update.html
208
209         * css/SelectorCheckerTestFunctions.h:
210         (WebCore::shouldAppearIndeterminate):
211         * dom/Element.cpp:
212         (WebCore::Element::matchesIndeterminatePseudoClass):
213         * dom/Element.h:
214         * dom/RadioButtonGroups.cpp:
215         (WebCore::RadioButtonGroup::setCheckedButton):
216         (WebCore::RadioButtonGroup::updateCheckedState):
217         (WebCore::RadioButtonGroup::remove):
218         (WebCore::RadioButtonGroup::setNeedsStyleRecalcForAllButtons):
219         (WebCore::RadioButtonGroups::hasCheckedButton):
220         * dom/RadioButtonGroups.h:
221         * html/CheckboxInputType.cpp:
222         (WebCore::CheckboxInputType::matchesIndeterminatePseudoClass):
223         (WebCore::CheckboxInputType::shouldAppearIndeterminate):
224         (WebCore::CheckboxInputType::supportsIndeterminateAppearance): Deleted.
225         * html/CheckboxInputType.h:
226         * html/HTMLInputElement.cpp:
227         (WebCore::HTMLInputElement::setChecked):
228         (WebCore::HTMLInputElement::matchesIndeterminatePseudoClass):
229         (WebCore::HTMLInputElement::shouldAppearIndeterminate):
230         (WebCore::HTMLInputElement::radioButtonGroups):
231         * html/HTMLInputElement.h:
232         * html/InputType.cpp:
233         (WebCore::InputType::matchesIndeterminatePseudoClass):
234         (WebCore::InputType::shouldAppearIndeterminate):
235         (WebCore::InputType::supportsIndeterminateAppearance): Deleted.
236         * html/InputType.h:
237         * html/RadioInputType.cpp:
238         (WebCore::RadioInputType::matchesIndeterminatePseudoClass):
239         (WebCore::RadioInputType::willDispatchClick): Deleted.
240         (WebCore::RadioInputType::didDispatchClick): Deleted.
241         (WebCore::RadioInputType::supportsIndeterminateAppearance): Deleted.
242         The iOS specific code is just plain wrong.
243         It was changing the indeterminate state of the input element.
244         The spec clearly says that state is only used by checkbox:
245         https://html.spec.whatwg.org/#dom-input-indeterminate
246
247         Moreover, the style update would not change the indeterminate state
248         of other buttons in the Button Group, which is just bizarre.
249         RenderThemeIOS does not make use of any of this with the current style.
250
251         * html/RadioInputType.h:
252         * style/StyleSharingResolver.cpp:
253         (WebCore::Style::SharingResolver::canShareStyleWithElement):
254         (WebCore::Style::canShareStyleWithControl): Deleted.
255         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes): Deleted.
256         Style sharing is unified behind the selector matching which is neat.
257
258 2016-06-17  Commit Queue  <commit-queue@webkit.org>
259
260         Unreviewed, rolling out r202152.
261         https://bugs.webkit.org/show_bug.cgi?id=158897
262
263         The new test is very unstable, timing out frequently
264         (Requested by ap on #webkit).
265
266         Reverted changeset:
267
268         "Web Inspector: console.profile should use the new Sampling
269         Profiler"
270         https://bugs.webkit.org/show_bug.cgi?id=153499
271         http://trac.webkit.org/changeset/202152
272
273 2016-06-17  Commit Queue  <commit-queue@webkit.org>
274
275         Unreviewed, rolling out r202068, r202115, and r202128.
276         https://bugs.webkit.org/show_bug.cgi?id=158896
277
278         The new test is very unstable, timing out frequently
279         (Requested by ap on #webkit).
280
281         Reverted changesets:
282
283         "decompose4 return value is unchecked, leading to potentially
284         uninitialized data."
285         https://bugs.webkit.org/show_bug.cgi?id=158761
286         http://trac.webkit.org/changeset/202068
287
288         "[mac] LayoutTest transforms/undecomposable.html is a flaky
289         timeout"
290         https://bugs.webkit.org/show_bug.cgi?id=158816
291         http://trac.webkit.org/changeset/202115
292
293         "[mac] LayoutTest transforms/undecomposable.html is a flaky
294         timeout"
295         https://bugs.webkit.org/show_bug.cgi?id=158816
296         http://trac.webkit.org/changeset/202128
297
298 2016-06-17  Chris Fleizach  <cfleizach@apple.com>
299
300         AX: HTML indeterminate IDL attribute not mapped to checkbox value=2 for native checkboxes
301         https://bugs.webkit.org/show_bug.cgi?id=158876
302         <rdar://problem/26842619>
303
304         Reviewed by Joanmarie Diggs.
305
306         The indeterminate state was not being reported for native checkboxes. 
307
308         Also the isIndeterminate() method was relying on whether the appearance changed, which does not happen on Mac, so that
309         was not being reported correctly. Changed that to check the actual attribute.
310
311         Test: accessibility/checkbox-mixed-value.html
312
313         * accessibility/AccessibilityNodeObject.cpp:
314         (WebCore::AccessibilityNodeObject::isIndeterminate):
315         (WebCore::AccessibilityNodeObject::isPressed):
316         (WebCore::AccessibilityNodeObject::checkboxOrRadioValue):
317         * accessibility/AccessibilityObject.cpp:
318         (WebCore::AccessibilityObject::checkboxOrRadioValue):
319
320 2016-06-17  Dean Jackson  <dino@apple.com>
321
322         REGRESSION (r199819): CrashTracer: [GraphicsContext3D::getInternalFramebufferSize
323         https://bugs.webkit.org/show_bug.cgi?id=158895
324         <rdar://problem/26423617>
325
326         Reviewed by Zalan Bujtas.
327
328         In r199819 we started resetting contexts if the page had too
329         many. Unfortunately there were entry points in the WebGL context
330         that didn't check for the validity of the object before trying
331         to access the lower level objects.
332
333         Test: webgl/many-contexts-access-after-loss.html
334
335         * html/canvas/WebGLRenderingContextBase.cpp:
336         (WebCore::WebGLRenderingContextBase::drawingBufferWidth): Return 0 if we're lost.
337         (WebCore::WebGLRenderingContextBase::drawingBufferHeight): Ditto.
338
339 2016-06-17  Daniel Bates  <dabates@apple.com>
340
341         Unreviewed, rolling out r202186.
342
343         Broke the Apple Windows, Apple Yosemite, GTK, and WinCairo
344         builds.
345
346         Reverted changeset:
347
348         "File scheme should not allow access of a resource on a
349         different volume."
350         https://bugs.webkit.org/show_bug.cgi?id=158552
351         http://trac.webkit.org/changeset/202186
352
353 2016-06-17  Daniel Bates  <dabates@apple.com>
354
355         Unreviewed, rolling out r202187.
356
357         202186
358
359         Reverted changeset:
360
361         "Unreviewed clean-up after r202186."
362         http://trac.webkit.org/changeset/202187
363
364 2016-06-17  Chris Dumez  <cdumez@apple.com>
365
366         Optimize parseCacheHeader() by using StringView
367         https://bugs.webkit.org/show_bug.cgi?id=158891
368
369         Reviewed by Darin Adler.
370
371         Optimize parseCacheHeader() and avoid some temporary String allocations
372         by using StringView. We now strip the whitespaces in the input string
373         at the beginning of the function, at the same as as we strip the
374         control characters. We are then able to leverage StringView in the
375         rest of the function to get substrings without the need for extra
376         String allocations.
377
378         * platform/network/CacheValidation.cpp:
379         (WebCore::isControlCharacterOrSpace):
380         (WebCore::trimToNextSeparator):
381         (WebCore::parseCacheHeader):
382
383 2016-06-17  Brent Fulgham  <bfulgham@apple.com>
384
385         Unreviewed clean-up after r202186.
386
387         * platform/FileSystem.cpp:
388         (WebCore::filesHaveSameVolume): Don't use C-style formatting.
389
390 2016-06-17  Pranjal Jumde  <pjumde@apple.com>
391
392         File scheme should not allow access of a resource on a different volume.
393         https://bugs.webkit.org/show_bug.cgi?id=158552
394         <rdar://problem/15307582>
395
396         Reviewed by Brent Fulgham.
397
398         Tests: Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm
399
400         * page/SecurityOrigin.cpp:
401         (WebCore::SecurityOrigin::canDisplay):
402         * platform/FileSystem.cpp:
403         (WebCore::platformFileStat):
404         (WebCore::filesHaveSameVolume):
405         Returns true if the files are on the same volume
406         * platform/FileSystem.h:
407
408 2016-06-17  Antoine Quint  <graouts@apple.com>
409
410         Web video playback controls should have RTL volume slider
411         https://bugs.webkit.org/show_bug.cgi?id=158856
412         <rdar://problem/25971769>
413
414         Reviewed by Tim Horton.
415
416         We reproduce the system used to propagate the page scale factor from the WebPage to the media controls to
417         propagate the user interface layout direction.
418
419         The Page exposes a new setUserInterfaceLayoutDirection() method which is set by the WebPage. The Page
420         then notifies the Document of a change, which propagates down to registered media elements, and finally sets
421         the usesLTRUserInterfaceLayoutDirection property on the media controller object in the injected JavaScript.
422         Based on the value of that property we toggle a new .uses-ltr-user-interface-layout-direction CSS class on the
423         .volume-box which applies a translate to the right and flips the volume controls on the x axis.
424
425         Since we're setting a new JS property from HTMLMediaController, we refactor much of the code out of the existing
426         pageScaleFactorChanged() and setPageScaleFactorProperty() into the new setControllerJSProperty() method so that
427         can easily set a named JS property with a given JSValue.
428
429         For testing purposes, we expose the WebCore::Page::setUserInterfaceLayoutDirection() method through Internals.
430
431         Test: fullscreen/video-controls-rtl.html
432
433         * Modules/mediacontrols/mediaControlsApple.css:
434         (video:-webkit-full-screen::-webkit-media-controls-panel .volume-box:not(.uses-ltr-user-interface-layout-direction)):
435         * Modules/mediacontrols/mediaControlsApple.js:
436         (Controller.prototype.set usesLTRUserInterfaceLayoutDirection):
437         * WebCore.xcodeproj/project.pbxproj:
438         * dom/Document.cpp:
439         (WebCore::Document::registerForUserInterfaceLayoutDirectionChangedCallbacks):
440         (WebCore::Document::unregisterForUserInterfaceLayoutDirectionChangedCallbacks):
441         (WebCore::Document::userInterfaceLayoutDirectionChanged):
442         * dom/Document.h:
443         * html/HTMLMediaElement.cpp:
444         (WebCore::HTMLMediaElement::registerWithDocument):
445         (WebCore::HTMLMediaElement::unregisterWithDocument):
446         (WebCore::HTMLMediaElement::updatePageScaleFactorJSProperty):
447         (WebCore::HTMLMediaElement::updateUsesLTRUserInterfaceLayoutDirectionJSProperty):
448         (WebCore::HTMLMediaElement::setControllerJSProperty):
449         (WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
450         (WebCore::HTMLMediaElement::pageScaleFactorChanged):
451         (WebCore::HTMLMediaElement::userInterfaceLayoutDirectionChanged):
452         (WebCore::setPageScaleFactorProperty): Deleted.
453         * html/HTMLMediaElement.h:
454         * page/Page.cpp:
455         (WebCore::Page::setUserInterfaceLayoutDirection):
456         * page/Page.h:
457         (WebCore::Page::userInterfaceLayoutDirection):
458         * platform/UserInterfaceLayoutDirection.h: Renamed from Source/WebKit2/UIProcess/UserInterfaceLayoutDirection.h.
459         * testing/Internals.cpp:
460         (WebCore::Internals::setUserInterfaceLayoutDirection):
461         * testing/Internals.h:
462         * testing/Internals.idl:
463
464 2016-06-17  Chris Dumez  <cdumez@apple.com>
465
466         TouchEvent should have a constructor
467         https://bugs.webkit.org/show_bug.cgi?id=158883
468         <rdar://problem/26063585>
469
470         Reviewed by Benjamin Poulain.
471
472         TouchEvent should have a constructor:
473         - https://w3c.github.io/touch-events/#touchevent-interface
474
475         Chrome already ships this:
476         - https://bugs.chromium.org/p/chromium/issues/detail?id=508675
477
478         Test: fast/events/touch/touch-event-constructor.html
479
480         * bindings/js/JSDictionary.cpp:
481         (WebCore::JSDictionary::convertValue):
482         * bindings/js/JSDictionary.h:
483         * dom/TouchEvent.cpp:
484         (WebCore::TouchEvent::TouchEvent):
485         * dom/TouchEvent.h:
486         * dom/TouchEvent.idl:
487
488 2016-06-17  Zalan Bujtas  <zalan@apple.com>
489
490         Potential null dereferencing on a detached positioned renderer.
491         https://bugs.webkit.org/show_bug.cgi?id=158879
492
493         Reviewed by Simon Fraser.
494
495         This patch fixes the case when the while loop to search for the absolute positioned ancestor
496         returns null (it happens when positioned renderer has been detached from the render tree).
497
498         Speculative fix.
499
500         * rendering/RenderBlock.cpp:
501         (WebCore::RenderBlock::markFixedPositionObjectForLayoutIfNeeded):
502         * rendering/RenderBlock.h:
503
504 2016-06-17  Chris Dumez  <cdumez@apple.com>
505
506         URL hash setter does not remove fragment identifier if argument is an empty string
507         https://bugs.webkit.org/show_bug.cgi?id=158869
508         <rdar://problem/26863430>
509
510         Reviewed by Darin Adler.
511
512         URL hash setter and URLUtils hash setter should remove the fragment identifier
513         if set to "#" or "":
514         - https://url.spec.whatwg.org/#dom-url-hash
515         - https://html.spec.whatwg.org/multipage/semantics.html#dom-hyperlink-hash
516
517         This patch aligns our behavior with the specification and with other browsers
518         (tested Firefox and Chrome).
519
520         This patch also updates HTMLAnchorElement to inherit URLUtils to avoid code
521         duplication. HTMLAnchorElement already implements URLUtils in the IDL, as per
522         the specification:
523         - https://html.spec.whatwg.org/multipage/semantics.html#htmlanchorelement
524
525         No new tests, rebaselined existing tests.
526
527         * html/HTMLAnchorElement.cpp:
528         (WebCore::HTMLAnchorElement::origin): Deleted.
529         (WebCore::HTMLAnchorElement::text): Deleted.
530         (WebCore::HTMLAnchorElement::setText): Deleted.
531         (WebCore::HTMLAnchorElement::toString): Deleted.
532         (WebCore::HTMLAnchorElement::isLiveLink): Deleted.
533         (WebCore::HTMLAnchorElement::sendPings): Deleted.
534         (WebCore::HTMLAnchorElement::handleClick): Deleted.
535         (WebCore::HTMLAnchorElement::eventType): Deleted.
536         (WebCore::HTMLAnchorElement::treatLinkAsLiveForEventType): Deleted.
537         (WebCore::isEnterKeyKeydownEvent): Deleted.
538         (WebCore::shouldProhibitLinks): Deleted.
539         (WebCore::HTMLAnchorElement::willRespondToMouseClickEvents): Deleted.
540         (WebCore::rootEditableElementMap): Deleted.
541         (WebCore::HTMLAnchorElement::rootEditableElementForSelectionOnMouseDown): Deleted.
542         (WebCore::HTMLAnchorElement::clearRootEditableElementForSelectionOnMouseDown): Deleted.
543         (WebCore::HTMLAnchorElement::setRootEditableElementForSelectionOnMouseDown): Deleted.
544         * html/HTMLAnchorElement.h:
545         (WebCore::HTMLAnchorElement::invalidateCachedVisitedLinkHash): Deleted.
546         * html/URLUtils.h:
547         (WebCore::URLUtils<T>::setHash):
548
549 2016-06-17  John Wilander  <wilander@apple.com>
550
551         Ignore case in the check for security origin inheritance
552         https://bugs.webkit.org/show_bug.cgi?id=158878
553
554         Reviewed by Alex Christensen.
555
556         Darin Adler commented in https://bugs.webkit.org/show_bug.cgi?id=158855:
557         "Are these comparisons intentionally case sensitive? Shouldn’t they ignore ASCII 
558         case? We could use equalIgnoringASCIICase and equalLettersIgnoringASCIICase for 
559         those two lines instead of using ==. URL::parse normalizes letters in the scheme 
560         and host by using toASCIILower, but does not normalize letters elsewhere in the 
561         URL, such as in the "blank" or "srcdoc" in the above URLs."
562
563         Test: http/tests/dom/window-open-about-uppercase-blank-and-access-document.html
564
565         * platform/URL.cpp:
566         (WebCore::URL::shouldInheritSecurityOriginFromOwner):
567
568 2016-06-17  Hyungwook Lee  <hyungwook.lee@navercorp.com>
569
570         Fix compilation errors when we enable DUMP_NODE_STATISTICS in Node.h
571         https://bugs.webkit.org/show_bug.cgi?id=158868
572
573         Reviewed by Alex Christensen.
574
575         Fix compilation errors in Node.cpp when we enable DUMP_NODE_STATISTICS
576
577         * dom/Node.cpp:
578         (WebCore::Node::dumpStatistics):
579
580 2016-06-17  Per Arne Vollan  <pvollan@apple.com>
581
582         [Win] Scrolling in popup menu scrolls past last entry.
583         https://bugs.webkit.org/show_bug.cgi?id=158870
584
585         Reviewed by Brent Fulgham.
586
587         When the popup has a scrollbar, the content size is not equal to the popup window size.
588   
589         * platform/win/PopupMenuWin.cpp:
590         (WebCore::PopupMenuWin::contentsSize):
591
592 2016-06-17  Frederic Wang  <fwang@igalia.com>
593
594         Refactor RenderMathMLRoot layout function to avoid using flexbox
595         https://bugs.webkit.org/show_bug.cgi?id=153987
596
597         Reviewed by Brent Fulgham.
598
599         No new tests, already covered by existing tests.
600         A case for RTL root has been added to roots.xhtml.
601
602         We reimplement RenderMathMLRoot without any flexbox or anonymous.
603         The anonymous RenderMathMLRadicalOperator used to draw the radical sign is replaced with
604         the MathOperator class introduced in bug 152244.
605         msqrt (row of children under a square root) is now implemented directly in RenderMathMLRoot,
606         so RenderMathMLSquareRoot is removed and RenderMathMLRoot now inherits from RenderMathMLRow.
607
608         * CMakeLists.txt: Remove files for RenderMathMLRadicalOperator and RenderMathMLSquareRoot.
609         * WebCore.xcodeproj/project.pbxproj: ditto.
610         * accessibility/AccessibilityRenderObject.cpp: Update code now that we do not use any
611         radical wrappers.
612         (WebCore::AccessibilityRenderObject::isMathRow): Now that RenderMathMLRoot inherits from
613         RenderMathMLRow, we must exclude MathRoot or otherwise some accessibility code may treat
614         roots as rows.
615         (WebCore::AccessibilityRenderObject::mathRadicandObject): Return the first child for
616         Root/SquareRoot or nullptr.
617         (WebCore::AccessibilityRenderObject::mathRootIndexObject): Return the second child for
618         Root and nullptr for SquareRoot.
619         * mathml/MathMLInlineContainerElement.cpp:
620         (WebCore::MathMLInlineContainerElement::childrenChanged): We no longer need a special case
621         for msqrt, it is treated as a normal RenderMathMLRow.
622         (WebCore::MathMLInlineContainerElement::createElementRenderer): Make msqrt create a
623         RenderMathMLRoot object.
624         * rendering/RenderObject.h:
625         (WebCore::RenderObject::isRenderMathMLRadicalOperator): Deleted.
626         * rendering/mathml/RenderMathMLBlock.cpp:
627         (WebCore::RenderMathMLBlock::mirrorIfNeeded): New function to mirror a child horizontal
628         offset according to the parent width.
629         (WebCore::RenderMathMLBlock::renderName):
630         * rendering/mathml/RenderMathMLBlock.h:
631         (WebCore::RenderMathMLBlock::mirrorIfNeeded): Moved from RenderMathMLScripts, just forward
632         call to the other mirrorIfNeeded function.
633         * rendering/mathml/RenderMathMLOperator.cpp: We no longer need this trailingSpaceError hack.
634         (WebCore::RenderMathMLOperator::trailingSpaceError): Deleted.
635         * rendering/mathml/RenderMathMLOperator.h: ditto.
636         * rendering/mathml/RenderMathMLRadicalOperator.cpp: Removed. The radical sign is now drawn
637         with a MathOperator.
638         * rendering/mathml/RenderMathMLRadicalOperator.h: Removed.
639         * rendering/mathml/RenderMathMLRoot.cpp: Complete refactoring to avoid using flexbox and
640         anonymous wrappers.
641         (WebCore::RenderMathMLRoot::RenderMathMLRoot): Set m_kind parameters to distinguish between
642         square root and general root and set the MathOperator member to draw the radical sign.
643         (WebCore::RenderMathMLRoot::isValid): Helper function to verify whether the child list is valid.
644         (WebCore::RenderMathMLRoot::getBase): Get the base of an mroot.
645         (WebCore::RenderMathMLRoot::getIndex): Get the index of an mroot.
646         (WebCore::RenderMathMLRoot::styleDidChange): Be sure to keep the style of the
647         MathOperator in sync with ours ; no need to skip empty roots.
648         (WebCore::RenderMathMLRoot::updateFromElement): Call the function from the new parent class ;
649         no need to skip empty roots.
650         (WebCore::RenderMathMLRoot::updateStyle): Remove the isEmpty ASSERT as it is valid to have
651         empty square root. Set the m_kernBeforeDegree, m_kernBeforeDegree members.
652         No need to set style for anonymous.
653         (WebCore::RenderMathMLRoot::computePreferredLogicalWidths): Implement this function.
654         (WebCore::RenderMathMLRoot::layoutBlock): Implement this function.
655         (WebCore::RenderMathMLRoot::paintChildren): Implement this function.
656         (WebCore::RenderMathMLRoot::paint): Remove the trailingSpaceError hack ;
657         paint the radical sign via MathOperator::paint
658         (WebCore::RenderMathMLRoot::baseWrapper): Deleted.
659         (WebCore::RenderMathMLRoot::radicalWrapper): Deleted.
660         (WebCore::RenderMathMLRoot::indexWrapper): Deleted.
661         (WebCore::RenderMathMLRoot::radicalOperator): Deleted.
662         (WebCore::RenderMathMLRoot::restructureWrappers): Deleted.
663         (WebCore::RenderMathMLRoot::addChild): Deleted.
664         (WebCore::RenderMathMLRoot::firstLineBaseline): Deleted.
665         (WebCore::RenderMathMLRoot::layout): Deleted.
666         (WebCore::RenderMathMLRootWrapper::createAnonymousWrapper): Deleted.
667         (WebCore::RenderMathMLRootWrapper::removeChildWithoutRestructuring): Deleted.
668         (WebCore::RenderMathMLRootWrapper::removeChild): Deleted.
669         * rendering/mathml/RenderMathMLRoot.h: Make RenderMathMLRoot inherit from RenderMathMLRow.
670         Make RenderMathMLRoot support <msqrt>.
671         Remove all the anonymous wrapper stuff and instead use a MathOperator for the radical symbol.
672         Update function declaration to implement layout without flexbox and add some helper functions.
673         * rendering/mathml/RenderMathMLRow.cpp: Allow to get the exact metrics of the chid row,
674         for use in RenderMathMLRoot.
675         (WebCore::RenderMathMLRow::computeLineVerticalStretch): rename parameters.
676         (WebCore::RenderMathMLRow::layoutRowItems): Set parameters to the final ascent, descent and
677         logical width of the chid row. Set the temporary logical width for RenderMathRoot before
678         laying the children out.
679         (WebCore::RenderMathMLRow::layoutBlock): Rename parameters ; add a dummy logicalWidth
680         parameter.
681         * rendering/mathml/RenderMathMLRow.h: Make some functions accessible or overridable by
682         RenderMathMLRoot. Make layoutRowItems return the final ascent, descent and logical width
683         after the chid row is laid out.
684         * rendering/mathml/RenderMathMLScripts.cpp: Move mirrorIfNeeded to RenderMathMLBlock.
685         (WebCore::RenderMathMLScripts::mirrorIfNeeded): Deleted.
686         * rendering/mathml/RenderMathMLScripts.h: Move mirrorIfNeeded to RenderMathMLBlock.
687         * rendering/mathml/RenderMathMLSquareRoot.cpp: Removed.
688         * rendering/mathml/RenderMathMLSquareRoot.h: Removed.
689         * rendering/mathml/MathOperator.cpp:
690         (WebCore::MathOperator::paint): Apply a mirroring scale transform to radical symbol
691         in RTL direction.
692
693 2016-06-17  Chris Dumez  <cdumez@apple.com>
694
695         Drop some unnecessary header includes
696         https://bugs.webkit.org/show_bug.cgi?id=158864
697
698         Reviewed by Alexey Proskuryakov.
699
700         Drop some unnecessary header includes to try and reduce build times.
701
702         * WebCore.xcodeproj/project.pbxproj:
703         * accessibility/AccessibilityList.cpp:
704         * css/CSSComputedStyleDeclaration.cpp:
705         * css/MediaQueryMatcher.cpp:
706         * css/StyleMedia.cpp:
707         * css/TransformFunctions.cpp:
708         * dom/NodeRenderStyle.h:
709         * dom/PseudoElement.h:
710         (isType): Deleted.
711         * html/HTMLTitleElement.cpp:
712         * html/shadow/MediaControlElementTypes.h:
713         * html/shadow/MediaControls.cpp:
714         * inspector/InspectorDOMAgent.h:
715         * inspector/InspectorLayerTreeAgent.h:
716         * inspector/InspectorPageAgent.cpp:
717         * page/scrolling/AsyncScrollingCoordinator.cpp:
718         * page/scrolling/ScrollingCoordinator.h:
719         * rendering/BidiRun.h:
720         * rendering/BorderEdge.h:
721         * rendering/RenderElement.h:
722         * rendering/RenderObject.h:
723         (WebCore::AnnotatedRegionValue::operator==): Deleted.
724         (WebCore::AnnotatedRegionValue::operator!=): Deleted.
725         * rendering/RenderObjectEnums.h: Added.
726         * rendering/RenderTheme.h:
727         * rendering/SimpleLineLayoutFlowContents.h:
728         * rendering/SimpleLineLayoutTextFragmentIterator.h:
729         * rendering/TextPainter.h:
730         * rendering/style/RenderStyle.h:
731         (WebCore::pseudoElementRendererIsNeeded):
732         * rendering/style/ShapeValue.cpp:
733         * rendering/style/ShapeValue.h:
734         * style/ClassChangeInvalidation.cpp:
735         * style/ClassChangeInvalidation.h:
736         * style/InlineTextBoxStyle.h:
737         * style/StyleUpdate.cpp:
738
739 2016-06-17  Andreas Kling  <akling@apple.com>
740
741         [iOS] Throw away linked code when navigating to a new page.
742         <https://webkit.org/b/153851>
743
744         Reviewed by Antti Koivisto.
745
746         When navigating to a new page, tell JSC to throw out any linked code it has lying around.
747         Linked code is tied to a specific global object, and as we're creating a new one for the
748         new page, none of it is useful to us here.
749
750         In the event that the user navigates back, the cost of relinking some code will be far
751         lower than the memory cost of keeping all of it around.
752
753         This was in-tree before but was rolled out due to regressing JSBench. It was a slowdown
754         due to the benchmark harness using top-level navigations to drive the tests.
755         This new version avoids that problem by only throwing out code if we haven't navigated
756         in the last 2 seconds. This also prevents excessive work in response to redirects.
757
758         I've also moved this into MemoryPressureHandler so we don't make a mess in FrameLoader.
759
760         * loader/FrameLoader.cpp:
761         (WebCore::FrameLoader::commitProvisionalLoad):
762         * platform/MemoryPressureHandler.cpp:
763         (WebCore::MemoryPressureHandler::jettisonExpensiveObjectsOnTopLevelNavigation):
764         * platform/MemoryPressureHandler.h:
765
766 2016-06-17  Youenn Fablet  <youenn.fablet@crf.canon.fr>
767
768         CORS preflight with a non-200 response should be a preflight failure
769         https://bugs.webkit.org/show_bug.cgi?id=111008
770
771         Reviewed by Darin Adler.
772
773         Covered by rebased tests.
774
775         * Modules/fetch/FetchResponse.h: Making use of ResourceResponse::isSuccessful.
776         * loader/CrossOriginPreflightChecker.cpp:
777         (WebCore::CrossOriginPreflightChecker::validatePreflightResponse): Checking that response status is code is
778         successful. If not, calling preflight failure callback.
779         (WebCore::CrossOriginPreflightChecker::startPreflight): Putting in manual redirection mode so that redirection
780         responses are processed as other responses.
781         * loader/ResourceLoaderOptions.h:
782         (WebCore::ResourceLoaderOptions::fetchOptions): Adding a non-const getter and fixing const getter to return a
783         const reference.
784         (WebCore::ResourceLoaderOptions::setFetchOptions): Passing options by reference.
785         * platform/network/ResourceResponseBase.cpp:
786         (WebCore::ResourceResponseBase::isSuccessful): Utility function.
787         * platform/network/ResourceResponseBase.h:
788
789 2016-06-17  Frederic Wang  <fwang@igalia.com>
790
791         MathOperator: Add fallback mechanisms for stretching and mirroring radical symbols
792         https://bugs.webkit.org/show_bug.cgi?id=156836
793
794         Reviewed by Sergio Villar Senin.
795
796         Some platforms do not have OpenType MATH fonts pre-installed and thus can not draw stretchy
797         operators using size variants or glyph assembly. This is especially problematic for the
798         radical symbol which is used to write roots. Currently, we have some fallback code to draw
799         that symbol using graphical primitives but it is a bit complex and makes the style of radical
800         inconsistent with the font used. We solve these issues by just scaling the base glyph via a
801         scale transform. Such scale transform is also used to mirror the radical symbol so that we
802         have some support for right-to-left roots until we can do glyph-level mirroring
803         via the OpenType rtlm feature.
804
805         Test: mathml/radical-fallback.html
806
807         * rendering/mathml/MathOperator.cpp: Add a constant for the code point U+221A of the radical.
808         (WebCore::MathOperator::reset): In general, we don't need any vertical scaling for radical
809         symbols so m_radicalVerticalScale is initialized to 1.
810         (WebCore::MathOperator::calculateStretchyData): If we don't have a font with a MATH table and we
811         try streching a radical, then we update the vertical metrics to match the target size and
812         set m_radicalVerticalScale to the value necessary to make the base glyph scaled to that size.
813         (WebCore::MathOperator::paint): For a radical operator, we may apply a scale transform of
814         parameters (radicalHorizontalScale, m_radicalVerticalScale) in order to support RTL
815         mirroring or vertical stretching.
816         * rendering/mathml/MathOperator.h: We add a m_radicalVerticalScale member to indicate the
817         scaling to apply to the base radical glyph when the stretchy fallback is necessary.
818         (WebCore::MathOperator::isStretched): The operator is also considered stretched when the
819         m_radicalVerticalScale is applied to the base size.
820         * rendering/mathml/RenderMathMLRadicalOperator.cpp: Remove code specific to the old fallback mechanism.
821         * rendering/mathml/RenderMathMLRadicalOperator.h: Ditto.
822
823 2016-06-16  Commit Queue  <commit-queue@webkit.org>
824
825         Unreviewed, rolling out r202147.
826         https://bugs.webkit.org/show_bug.cgi?id=158867
827
828         Broke scrolling tests on iOS Simulator (Requested by ap on
829         #webkit).
830
831         Reverted changeset:
832
833         "Focus event dispatched in iframe causes parent document to
834         scroll incorrectly"
835         https://bugs.webkit.org/show_bug.cgi?id=158629
836         http://trac.webkit.org/changeset/202147
837
838 2016-06-16  Benjamin Poulain  <bpoulain@apple.com>
839
840         :in-range & :out-of-range CSS pseudo-classes shouldn't match disabled or readonly inputs
841         https://bugs.webkit.org/show_bug.cgi?id=156530
842
843         Reviewed by Simon Fraser.
844
845         Elements should only match :in-range and :out-of-range
846         when they are candidate for constraint validation.
847
848         Tests: fast/css/pseudo-in-range-on-disabled-input-basics.html
849                fast/css/pseudo-in-range-on-readonly-input-basics.html
850                fast/css/pseudo-in-range-out-of-range-on-disabled-input-trivial.html
851                fast/css/pseudo-out-of-range-on-disabled-input-basics.html
852                fast/css/pseudo-out-of-range-on-readonly-input-basics.html
853                fast/selectors/in-range-out-of-range-style-update.html
854
855         * html/BaseDateAndTimeInputType.cpp:
856         (WebCore::BaseDateAndTimeInputType::minOrMaxAttributeChanged):
857         * html/NumberInputType.cpp:
858         (WebCore::NumberInputType::minOrMaxAttributeChanged):
859         I forgot to handle style update in r202143.
860         This is covered by the new style invalidation test.
861
862         * html/BaseDateAndTimeInputType.h:
863         * html/HTMLInputElement.cpp:
864         (WebCore::HTMLInputElement::isInRange):
865         (WebCore::HTMLInputElement::isOutOfRange):
866
867 2016-06-16  Frederic Wang  <fwang@igalia.com>
868
869         Add separate MathOperator for selection/measuring/drawing of stretchy operators
870         https://bugs.webkit.org/show_bug.cgi?id=152244
871
872         Reviewed by Brent Fulgham.
873
874         We complete the class to select, measure and draw stretchy operators that is independent
875         from RenderMathMLOperator. That way, we will be able use stretchy operator without having
876         to introduce & manage anonymous RenderMathMLOperator's
877         (e.g for <mroot>, <msqrt> and <mfenced>).
878
879         No new tests, already covered by existing tests.
880
881         * rendering/mathml/MathOperator.cpp:
882         (WebCore::ascentForGlyph): Add this helper function to get glyph ascent.
883         (WebCore::descentForGlyph): Add this helper function to get glyph descent.
884         (WebCore::MathOperator::reset): Initialize all the data and calculate ascent/descent of the
885         base glyph.
886         (WebCore::MathOperator::setSizeVariant): Set the width/ascent/descent.
887         (WebCore::MathOperator::setGlyphAssembly): Ditto.
888         (WebCore::MathOperator::calculateDisplayStyleLargeOperator): Remove the STIX Word hack and
889         change m_maxPreferredWidth to use the actual width instead.
890         (WebCore::MathOperator::stretchTo): New functions to execute the actual operator streching.
891         (WebCore::MathOperator::fillWithVerticalExtensionGlyph): Add a FIXME for bug 155434.
892         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph): Align all the glyph baselines on
893         the same axis, given by m_ascent.
894         Add a FIXME for bug 155434.
895         (WebCore::MathOperator::paintHorizontalGlyphAssembly): Ditto.
896         (WebCore::MathOperator::paint): Public function to do the painting.
897         (WebCore::MathOperator::paintVerticalGlyphAssembly): Deleted.
898         * rendering/mathml/MathOperator.h: Update declarations and make most of the members private.
899         (WebCore::MathOperator::ascent): Function to expose m_ascent.
900         (WebCore::MathOperator::descent): Function to expose m_descent.
901         * rendering/mathml/RenderMathMLOperator.cpp:
902         (WebCore::RenderMathMLOperator::stretchTo): Forward the stretching call to MathOperator.
903         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Unfold advanceForGlyph
904         since we delete RenderMathMLOperator::advanceForGlyph. Just rely on
905         MathOperator::maxPreferredWidth to determine the preferred width of stretchy operators.
906         For horizontal operators, we just use the width of the base glyph.
907         Finally, we remove the dirty flag on preferred logical width.
908         (WebCore::RenderMathMLOperator::rebuildTokenContent): Reinit the MathOperator instance.
909         (WebCore::RenderMathMLOperator::updateFromElement): Force more updates of
910         RenderMathMLOperator to avoid test breakage.
911         (WebCore::RenderMathMLOperator::styleDidChange): Call MathOperator::reset to take into
912         account style change.
913         (WebCore::RenderMathMLOperator::updateStyle): Remove unused code.
914         (WebCore::RenderMathMLOperator::firstLineBaseline): Use MathOperator::ascent() function.
915         (WebCore::RenderMathMLOperator::computeLogicalHeight): Use MathOperator::ascent() and
916         MathOperator::descent() functions to calculate the height.
917         (WebCore::RenderMathMLOperator::paint): Only stretched operators are treated specially.
918         We center horizontal operator and forward the paint() call to MathOperator.
919         (WebCore::RenderMathMLOperator::trailingSpaceError): The error is now just the difference
920         between the values returned by MathOperator::maxPreferredWidth() and
921         MathOperator::width().
922         (WebCore::boundsForGlyph): Deleted.
923         (WebCore::heightForGlyph): Deleted.
924         (WebCore::advanceWidthForGlyph): Deleted.
925         (WebCore::RenderMathMLOperator::updateStyle): Deleted.
926
927 2016-06-16  Jiewen Tan  <jiewen_tan@apple.com>
928
929         CSP: Content Security Policy should allow '*' to match the originating page's scheme
930         https://bugs.webkit.org/show_bug.cgi?id=158811
931         <rdar://problem/26819568>
932
933         Reviewed by Daniel Bates.
934
935         Tests: security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star.html
936                security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star.html
937                security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star.html
938                security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star.html
939
940         * page/csp/ContentSecurityPolicySourceList.cpp:
941         (WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):
942
943 2016-06-16  Chris Dumez  <cdumez@apple.com>
944
945         Add HTTPHeaderMap::set() overload taking a NSString*
946         https://bugs.webkit.org/show_bug.cgi?id=158857
947
948         Reviewed by Darin Adler.
949
950         Add HTTPHeaderMap::set() overloading taking a NSString* in addition to
951         the one taking a CFStringRef. It is useful for the Cocoa implementation
952         of ResourceRequest::doUpdateResourceRequest().
953
954         * platform/network/HTTPHeaderMap.h:
955         (WebCore::HTTPHeaderMap::set):
956
957 2016-06-16  Joseph Pecoraro  <pecoraro@apple.com>
958
959         Web Inspector: console.profile should use the new Sampling Profiler
960         https://bugs.webkit.org/show_bug.cgi?id=153499
961         <rdar://problem/24352431>
962
963         Reviewed by Timothy Hatcher.
964
965         Test: inspector/timeline/setInstruments-programmatic-capture.html
966
967         * inspector/InspectorTimelineAgent.cpp:
968         (WebCore::InspectorTimelineAgent::startFromConsole):
969         (WebCore::InspectorTimelineAgent::stopFromConsole):
970         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
971         (WebCore::InspectorTimelineAgent::startProgrammaticCapture):
972         (WebCore::InspectorTimelineAgent::stopProgrammaticCapture):
973         (WebCore::InspectorTimelineAgent::toggleInstruments):
974         (WebCore::InspectorTimelineAgent::toggleScriptProfilerInstrument):
975         (WebCore::InspectorTimelineAgent::toggleHeapInstrument):
976         (WebCore::InspectorTimelineAgent::toggleMemoryInstrument):
977         (WebCore::InspectorTimelineAgent::toggleTimelineInstrument):
978         * inspector/InspectorTimelineAgent.h:
979         Web implementation of console.profile/profileEnd.
980         Make helpers for startings / stopping instruments.
981
982 2016-06-16  John Wilander  <wilander@apple.com>
983
984         Restrict security origin inheritance to empty, about:blank, and about:srcdoc URLs
985         https://bugs.webkit.org/show_bug.cgi?id=158855
986         <rdar://problem/26142632>
987
988         Reviewed by Alex Christensen.
989
990         Tests: http/tests/dom/window-open-about-blank-and-access-document.html
991                http/tests/dom/window-open-about-webkit-org-and-access-document.html
992
993         Document.cpp previously checked whether a document should inherit its owner's 
994         security origin by checking if the URL is either empty or blank. URL.cpp in 
995         turn only checks if the protocol is "about:" in the isBlankURL() function. 
996         Thus all about:* URLs inherited security origin. This patch restricts 
997         security origin inheritance to empty, about:blank, and about:srcdoc URLs.
998
999         Quotes and links from the WHATWG spec regarding about:srcdoc:
1000
1001         7.1 Browsing contexts
1002         A browsing context can have a creator browsing context, the browsing context 
1003         that was responsible for its creation. If a browsing context has a parent 
1004         browsing context, then that is its creator browsing context. Otherwise, if the 
1005         browsing context has an opener browsing context, then that is its creator 
1006         browsing context. Otherwise, the browsing context has no creator browsing 
1007         context.
1008         https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc
1009
1010         7.1.1 Nested browsing contexts
1011         Certain elements (for example, iframe elements) can instantiate further 
1012         browsing contexts. These are called nested browsing contexts. If a browsing 
1013         context P has a Document D with an element E that nests another browsing 
1014         context C inside it, then C is said to be nested through D, and E is said to 
1015         be the browsing context container of C. If the browsing context container 
1016         element E is in the Document D, then P is said to be the parent browsing 
1017         context of C and C is said to be a child browsing context of P. Otherwise, 
1018         the nested browsing context C has no parent browsing context.
1019         https://html.spec.whatwg.org/multipage/browsers.html#nested-browsing-context
1020
1021         4.8.5 The iframe element
1022         The iframe element represents a nested browsing context.
1023         ...
1024         If the srcdoc attribute is specified
1025             Navigate the element's child browsing context to a new response whose 
1026             url list consists of about:srcdoc ...
1027         https://html.spec.whatwg.org/multipage/embedded-content.html#attr-iframe-srcdoc
1028
1029         * dom/Document.cpp:
1030         (WebCore::Document::initSecurityContext):
1031             Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
1032         (WebCore::Document::initContentSecurityPolicy):
1033             Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
1034         (WebCore::shouldInheritSecurityOriginFromOwner): Deleted.
1035             Moved to URL::shouldInheritSecurityOriginFromOwner() and restricted the check.
1036         * platform/URL.cpp:
1037         (WebCore::URL::shouldInheritSecurityOriginFromOwner):
1038         * platform/URL.h:
1039             Moved the function from Document and restricted the check to only allow
1040             security origin inheritance for empty, about:blank, and about:srcdoc URLs.
1041
1042 2016-06-16  Simon Fraser  <simon.fraser@apple.com>
1043
1044         [iOS] Focus event dispatched in iframe causes parent document to scroll incorrectly
1045         https://bugs.webkit.org/show_bug.cgi?id=158629
1046         rdar://problem/26521616
1047
1048         Reviewed by Enrica Casucci.
1049
1050         When focussing elements in iframes, the page could scroll to an incorrect location.
1051         This happened because code in Element::focus() tried to disable scrolling on focus,
1052         but did so only for the current frame, so ancestor frames got programmatically scrolled.
1053         On iOS we handle the scrolling in the UI process, so never want the web process to
1054         do programmatic scrolling.
1055
1056         Fix by changing the focus and cache restore code to use SelectionRevealMode::DoNotReveal,
1057         rather than manually prohibiting frame scrolling.
1058
1059         Tests: fast/forms/ios/focus-input-in-iframe.html
1060                fast/forms/ios/programmatic-focus-input-in-iframe.html
1061
1062         * dom/Element.cpp:
1063         (WebCore::Element::focus):
1064         * history/CachedPage.cpp:
1065         (WebCore::CachedPage::restore):
1066
1067 2016-06-16  Zalan Bujtas  <zalan@apple.com>
1068
1069         [New Block-Inside-Inline Model] Do not attempt to re-run margin collapsing on the block sequence.
1070         https://bugs.webkit.org/show_bug.cgi?id=158854
1071
1072         Reviewed by David Hyatt.
1073
1074         Test: fast/block/inside-inlines/crash-on-first-line-change.html
1075
1076         * rendering/RenderBlockLineLayout.cpp:
1077         (WebCore::RenderBlockFlow::marginCollapseLinesFromStart):
1078
1079 2016-06-16  Ting-Wei Lan  <lantw44@gmail.com>
1080
1081         Include cstdlib before using std::atexit
1082         https://bugs.webkit.org/show_bug.cgi?id=158681
1083
1084         Reviewed by Brent Fulgham.
1085
1086         * platform/graphics/PlatformDisplay.cpp:
1087
1088 2016-06-16  Chris Dumez  <cdumez@apple.com>
1089
1090         Use StringView::toAtomicString() in HTMLImageElement::setBestFitURLAndDPRFromImageCandidate()
1091         https://bugs.webkit.org/show_bug.cgi?id=158853
1092
1093         Reviewed by Brent Fulgham.
1094
1095         Use StringView::toAtomicString() in HTMLImageElement::setBestFitURLAndDPRFromImageCandidate()
1096         as m_bestFitImageURL data member is an AtomicString. This avoids constructing a String and
1097         then atomizing it.
1098
1099         * html/HTMLImageElement.cpp:
1100         (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
1101
1102 2016-06-16  Benjamin Poulain  <bpoulain@apple.com>
1103
1104         :in-range & :out-of-range CSS pseudo-classes shouldn't match inputs without range limitations
1105         https://bugs.webkit.org/show_bug.cgi?id=156558
1106
1107         Reviewed by Simon Fraser.
1108
1109         The pseudo selectors :in-range and :out-of-range should only
1110         apply if:
1111         -minimum/maximum are defined for the input type
1112         -the input value is/is-not suffering from underflow/overflow.
1113
1114         Only certain types have a valid minimum and maximum:
1115         -number
1116         -range
1117         -date
1118         -month
1119         -week
1120         -time
1121         -datetime-local
1122
1123         Of those, only one has a default minimum and maximum: range.
1124         For all the others, the minimum or maximum is only defined
1125         if the min/max attribute is defined and valid.
1126
1127         This patch addresses these constraints for number and range.
1128         The date types range validation is severely broken and is
1129         left untouched. It really needs a clean rewrite.
1130
1131         Tests: fast/css/pseudo-in-range-basics.html
1132                fast/css/pseudo-in-range-out-of-range-trivial.html
1133                fast/css/pseudo-out-of-range-basics.html
1134
1135         * html/DateInputType.cpp:
1136         (WebCore::DateInputType::createStepRange):
1137         * html/DateTimeInputType.cpp:
1138         (WebCore::DateTimeInputType::createStepRange):
1139         * html/DateTimeLocalInputType.cpp:
1140         (WebCore::DateTimeLocalInputType::createStepRange):
1141         * html/InputType.cpp:
1142         (WebCore::InputType::isInRange):
1143         (WebCore::InputType::isOutOfRange):
1144         Notice the isEmpty() shortcut.
1145         A value can only overflow/underflow if it is not empty.
1146
1147         * html/MonthInputType.cpp:
1148         (WebCore::MonthInputType::createStepRange):
1149         * html/NumberInputType.cpp:
1150         (WebCore::NumberInputType::createStepRange):
1151         * html/RangeInputType.cpp:
1152         (WebCore::RangeInputType::createStepRange):
1153         * html/StepRange.cpp:
1154         (WebCore::StepRange::StepRange):
1155         * html/StepRange.h:
1156         (WebCore::StepRange::hasRangeLimitations):
1157         * html/WeekInputType.cpp:
1158         (WebCore::WeekInputType::createStepRange):
1159
1160 2016-06-16  Anders Carlsson  <andersca@apple.com>
1161
1162         Fix macOS Sierra build
1163         https://bugs.webkit.org/show_bug.cgi?id=158849
1164
1165         Reviewed by Tim Horton.
1166
1167         Add WebCore:: qualifiers for IOSurface, to avoid conflicts with the IOSurface Objective-C class.
1168         
1169         Also, add an asLayerContents() getter that will return an id that's suitable for setting 
1170         as the contents of a CALayer.
1171
1172         * platform/graphics/cocoa/IOSurface.h:
1173         * platform/graphics/cocoa/IOSurface.mm:
1174
1175 2016-06-16  Andreas Kling  <akling@apple.com>
1176
1177         REGRESSION(r196217): 3% JSBench regression on iPhone 5.
1178         <https://webkit.org/b/158848>
1179         <rdar://problem/26609622>
1180
1181         Unreviewed rollout.
1182
1183         Don't jettison linked code on every top-level navigation as that was hurting JSBench on iPhone 5.
1184
1185         * loader/FrameLoader.cpp:
1186         (WebCore::FrameLoader::commitProvisionalLoad):
1187
1188 2016-06-16  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1189
1190         WebRTC: Check type of this in RTCPeerConnection JS built-in functions
1191         https://bugs.webkit.org/show_bug.cgi?id=151303
1192
1193         Reviewed by Youenn Fablet.
1194
1195         Check type of 'this' in RTCPeerConnection JS built-in functions.
1196
1197         Test: fast/mediastream/RTCPeerConnection-js-built-ins-check-this.html
1198
1199         * Modules/mediastream/RTCPeerConnection.js:
1200         (createOffer):
1201         (createAnswer):
1202         (setLocalDescription):
1203         (setRemoteDescription):
1204         (addIceCandidate):
1205         (getStats):
1206         Reject if 'this' isn't of type RTCPeerConnection.
1207         * Modules/mediastream/RTCPeerConnectionInternals.js:
1208         (isRTCPeerConnection):
1209         Add helper function to perform type check. Needs further robustifying.
1210
1211 2016-06-16  Myles C. Maxfield  <mmaxfield@apple.com>
1212
1213         Sporadic crash in HashTableAddResult following CSSValuePool::createFontFamilyValue
1214         https://bugs.webkit.org/show_bug.cgi?id=158297
1215
1216         Reviewed by Darin Adler.
1217
1218         In an effort to reduce the flash of unstyled content, we force all elements
1219         to have display: none during an external stylesheet load. We do this by
1220         ignoring the CSS cascade and forcing all elements to have a placeholder style
1221         which hardcodes display: none. (This is necessary to make elements created by
1222         script during the stylesheet load not flash.)
1223
1224         This style is exposed to web content via getComputedStyle(), which means it
1225         needs to maintain the invariant that font-families can never be null strings.
1226         We enforce this by forcing the font-family to be the standard font name.
1227
1228         Test: fast/text/placeholder-renderstyle-null-font.html
1229
1230         * style/StyleTreeResolver.cpp:
1231         (WebCore::Style::ensurePlaceholderStyle):
1232
1233 2016-06-16  Chris Dumez  <cdumez@apple.com>
1234
1235         Avoid some temporary String allocations for common HTTP headers in ResourceResponse::platformLazyInit()
1236         https://bugs.webkit.org/show_bug.cgi?id=158827
1237
1238         Reviewed by Darin Adler.
1239
1240         Add a HTTPHeaderMap::set() overload taking in a CFStringRef. The
1241         implementation has a fast path which gets the internal characters
1242         of the CFStringRef when possible and constructs a StringView for
1243         it in order to call findHTTPHeaderName(). As a result, we avoid
1244         allocating a temporary String when findHTTPHeaderName() succeeds.
1245
1246         This new HTTPHeaderMap::set() overload is called from both the
1247         CF and Cocoa implementations of ResourceResponse::platformLazyInit().
1248
1249         I have confirmed locally on both Mac and iOS that the fast path
1250         is used ~93% of the time. CFStringGetCStringPtr() returns null in
1251         rare cases, causing the regular code path to be used.
1252
1253         * platform/network/HTTPHeaderMap.cpp:
1254         (WebCore::HTTPHeaderMap::set):
1255         * platform/network/HTTPHeaderMap.h:
1256
1257 2016-06-15  Zalan Bujtas  <zalan@apple.com>
1258
1259         Decouple the percent height and positioned descendants maps.
1260         https://bugs.webkit.org/show_bug.cgi?id=158773
1261
1262         Reviewed by David Hyatt and Chris Dumez.
1263
1264         We track renderers with percent height across multiple containers using
1265         HashMap<const RenderBox*, std::unique_ptr<HashSet<const RenderBlock*>>>.
1266         We also use the same data structure to track positioned descendants.
1267         However a positioned renderer can have only one containing block so tracking it
1268         with a 1:many type is defective.
1269         It allows multiple inserts for positioned descendants, which could lead to
1270         inconsistent layout state as the rendering logic expects these type of renderers
1271         with only one containing block.
1272         This patch decouples percent height and positioned tracking by introducing
1273         the PositionedDescendantsMap class. This class is responsible for tracking
1274         the positioned descendants inbetween layouts.
1275
1276         No change in functionality.
1277
1278         Tests: fast/block/positioning/change-containing-block-for-absolute-positioned.html
1279                fast/block/positioning/change-containing-block-for-fixed-positioned.html
1280
1281         * rendering/RenderBlock.cpp:
1282         (WebCore::insertIntoTrackedRendererMaps):
1283         (WebCore::removeFromTrackedRendererMaps):
1284         (WebCore::PositionedDescendantsMap::addDescendant): Add more defensive ASSERT_NOT_REACHED
1285         to the double insert branch when webkit.org/b/158772 gets fixed.
1286         (WebCore::PositionedDescendantsMap::removeDescendant):
1287         (WebCore::PositionedDescendantsMap::removeContainingBlock):
1288         (WebCore::PositionedDescendantsMap::positionedRenderers):
1289         (WebCore::positionedDescendantsMap):
1290         (WebCore::removeBlockFromPercentageDescendantAndContainerMaps):
1291         (WebCore::RenderBlock::~RenderBlock):
1292         (WebCore::RenderBlock::positionedObjects):
1293         (WebCore::RenderBlock::insertPositionedObject):
1294         (WebCore::RenderBlock::removePositionedObject):
1295         (WebCore::RenderBlock::addPercentHeightDescendant):
1296         (WebCore::RenderBlock::removePercentHeightDescendant):
1297         (WebCore::RenderBlock::percentHeightDescendants):
1298         (WebCore::RenderBlock::checkPositionedObjectsNeedLayout):
1299         (WebCore::removeBlockFromDescendantAndContainerMaps): Deleted.
1300         * rendering/RenderBlock.h:
1301
1302 2016-06-15  David Kilzer  <ddkilzer@apple.com>
1303
1304         Move SoftLinking.h to platform/cococa from platform/mac
1305         <https://webkit.org/b/158825>
1306
1307         Reviewed by Andy Estes.
1308
1309         * PlatformMac.cmake: Update for new directory.
1310         * WebCore.xcodeproj/project.pbxproj: Ditto.
1311         * platform/cocoa/SoftLinking.h: Renamed from Source/WebCore/platform/mac/SoftLinking.h.
1312
1313 2016-06-15  Chris Dumez  <cdumez@apple.com>
1314
1315         [Cocoa] Clean up / optimize ResourceResponse::platformLazyInit(InitLevel)
1316         https://bugs.webkit.org/show_bug.cgi?id=158809
1317
1318         Reviewed by Darin Adler.
1319
1320         Clean up / optimize ResourceResponse::platformLazyInit(InitLevel).
1321
1322         * platform/network/HTTPParsers.cpp:
1323         (WebCore::extractReasonPhraseFromHTTPStatusLine):
1324         * platform/network/HTTPParsers.h:
1325         Have extractReasonPhraseFromHTTPStatusLine() return an AtomicString as the
1326         Reason is stored as an AtomicString on ResourceResponse. Have the
1327         implementation use StringView::subString()::toAtomicString().
1328
1329         * platform/network/cocoa/ResourceResponseCocoa.mm:
1330         (WebCore::stripLeadingAndTrailingDoubleQuote):
1331         Move the stripLeadingAndTrailingDoubleQuote logic from platformLazyInit()
1332         to its own function. Have it use StringView::subString()::toAtomicString()
1333         to avoid unnecessarily atomizing the textEncodingName that has surrounding
1334         double-quotes.
1335
1336         (WebCore::initializeHTTPHeaders):
1337         Move HTTP headers initialization to its own function for clarity.
1338
1339         (WebCore::extractHTTPStatusText):
1340         Move HTTP status Text extraction to its own function for clarity.
1341
1342         (WebCore::ResourceResponse::platformLazyInit):
1343         - The function is streamlined a bit because most of the logic was moved
1344           into separate functions.
1345         - Drop unnecessary (initLevel >= CommonFieldsOnly) check in the first
1346           if case and replace with an assertion. This function is always called
1347           with CommonFieldsOnly or above (AllFields).
1348         - Drop unnecessary (m_initLevel < AllFields) check in the second if
1349           case as this is always true. If not, we would have returned early
1350           at the beginning of the function when checking
1351           m_initLevel >= initLevel.
1352         - Use AutodrainedPool instead of NSAutoreleasePool for convenience and have
1353           only 1 pool instead of 2.
1354         - Drop unnecessary copyNSURLResponseStatusLine() function and call directly
1355           CFHTTPMessageCopyResponseStatusLine() since we already have a
1356           CFHTTPMessageRef at the call site.
1357
1358 2016-06-15  Tim Horton  <timothy_horton@apple.com>
1359
1360         <attachment> elements jump around a lot around when subtitle text changes slightly
1361         https://bugs.webkit.org/show_bug.cgi?id=158818
1362         <rdar://problem/24450270>
1363
1364         Reviewed by Simon Fraser.
1365
1366         Test: fast/attachment/attachment-subtitle-resize.html
1367
1368         * rendering/RenderAttachment.cpp:
1369         (WebCore::RenderAttachment::layout):
1370         * rendering/RenderAttachment.h:
1371         * rendering/RenderThemeMac.mm:
1372         (WebCore::AttachmentLayout::AttachmentLayout):
1373         (WebCore::RenderThemeMac::paintAttachment):
1374         In order to avoid changes to the centered subtitle text causing the whole
1375         attachment to bounce around a lot, make it so that attachment width can only
1376         increase, never decrease, and round the subtitle's width up to the nearest
1377         increment of 10px when determining its affect on the whole element's width.
1378         Also, center the attachment in its element, instead of left-aligning it,
1379         so that the extra width we may have is evenly distributed between the two sides.
1380
1381 2016-06-15  Ryan Haddad  <ryanhaddad@apple.com>
1382
1383         Reset bindings test results after r202105
1384
1385         Unreviewed test gardening.
1386
1387         * bindings/scripts/test/JS/JSTestObj.cpp:
1388
1389 2016-06-15  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1390
1391         WebRTC: (Refactor) Align the structure of RTCPeerConnection.idl with the header file
1392         https://bugs.webkit.org/show_bug.cgi?id=158779
1393
1394         Reviewed by Eric Carlson.
1395
1396         Restructure RTCPeerConnection.idl to make it easer to read and extend in the future.
1397
1398         No change in behavior.
1399
1400         * Modules/mediastream/RTCPeerConnection.idl:
1401
1402 2016-06-15  Chris Dumez  <cdumez@apple.com>
1403
1404         Drop some unnecessary header includes
1405         https://bugs.webkit.org/show_bug.cgi?id=158788
1406
1407         Reviewed by Alexey Proskuryakov.
1408
1409         Drop some unnecessary header includes in headers to speed up build time.
1410
1411         * Modules/encryptedmedia/MediaKeySession.cpp:
1412         * Modules/gamepad/GamepadManager.cpp:
1413         * Modules/indexeddb/IDBDatabase.cpp:
1414         * Modules/indexeddb/IDBOpenDBRequest.cpp:
1415         * Modules/indexeddb/IDBRequest.cpp:
1416         * Modules/indexeddb/IDBTransaction.cpp:
1417         * Modules/mediasource/MediaSource.cpp:
1418         * Modules/mediasource/SourceBuffer.cpp:
1419         * Modules/mediasource/SourceBufferList.cpp:
1420         * Modules/mediastream/MediaStream.cpp:
1421         * Modules/mediastream/MediaStreamTrack.cpp:
1422         * Modules/speech/SpeechSynthesis.cpp:
1423         * Modules/webaudio/AudioScheduledSourceNode.cpp:
1424         * Modules/webaudio/ScriptProcessorNode.cpp:
1425         * bindings/scripts/CodeGeneratorJS.pm:
1426         (GenerateImplementation):
1427         * dom/CharacterData.cpp:
1428         * dom/ContainerNode.cpp:
1429         * dom/DOMNamedFlowCollection.cpp:
1430         * dom/DeviceMotionController.cpp:
1431         * dom/DeviceOrientationController.cpp:
1432         * dom/Document.cpp:
1433         * dom/Document.h:
1434         * dom/DocumentEventQueue.cpp:
1435         * dom/DocumentOrderedMap.h:
1436         * dom/Element.cpp:
1437         * dom/Event.cpp:
1438         * dom/EventDispatcher.cpp:
1439         * dom/EventTarget.cpp:
1440         * dom/EventTarget.h:
1441         * dom/KeyboardEvent.cpp:
1442         * dom/MessageEvent.cpp:
1443         * dom/MessagePort.cpp:
1444         * dom/ScriptElement.cpp:
1445         * dom/ScriptExecutionContext.cpp:
1446         * dom/ScriptExecutionContext.h:
1447         * dom/SecurityContext.h:
1448         * dom/SimulatedClick.cpp:
1449         * dom/TextEvent.cpp:
1450         * dom/WebKitNamedFlow.cpp:
1451         * editing/FrameSelection.cpp:
1452         * fileapi/FileReader.cpp:
1453         * html/HTMLLinkElement.cpp:
1454         * html/HTMLPlugInImageElement.cpp:
1455         * html/HTMLStyleElement.cpp:
1456         * html/HTMLSummaryElement.cpp:
1457         * html/HTMLTrackElement.cpp:
1458         * html/HTMLVideoElement.cpp:
1459         * html/InputType.cpp:
1460         * html/MediaController.cpp:
1461         * html/TextFieldInputType.cpp:
1462         * html/canvas/WebGLRenderingContextBase.cpp:
1463         * html/parser/HTMLScriptRunner.cpp:
1464         * html/shadow/MediaControlElementTypes.cpp:
1465         * html/shadow/MediaControls.cpp:
1466         * html/shadow/MediaControlsApple.cpp:
1467         * html/shadow/SliderThumbElement.cpp:
1468         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
1469         * inspector/InspectorIndexedDBAgent.cpp:
1470         * loader/DocumentLoader.cpp:
1471         * loader/ImageLoader.cpp:
1472         * loader/PolicyChecker.cpp:
1473         * mathml/MathMLSelectElement.cpp:
1474         * page/DOMWindow.h:
1475         * page/EventSource.cpp:
1476         * page/FrameView.cpp:
1477         * page/Performance.cpp:
1478         * page/csp/ContentSecurityPolicy.cpp:
1479         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
1480         * platform/network/HTTPHeaderMap.h:
1481         * platform/network/ResourceHandle.cpp:
1482         * rendering/RenderEmbeddedObject.cpp:
1483         * rendering/RenderSnapshottedPlugIn.cpp:
1484         * svg/SVGSVGElement.cpp:
1485         * svg/SVGUseElement.cpp:
1486         * svg/animation/SVGSMILElement.cpp:
1487         * workers/WorkerGlobalScope.h:
1488         * xml/XMLHttpRequest.cpp:
1489         * xml/XMLHttpRequestProgressEventThrottle.cpp:
1490         * xml/XMLHttpRequestUpload.cpp:
1491
1492 2016-06-15  Antti Koivisto  <antti@apple.com>
1493
1494         GoogleMaps transit schedule explorer comes up blank initially
1495         https://bugs.webkit.org/show_bug.cgi?id=158803
1496         rdar://problem/25818080
1497
1498         Reviewed by Andreas Kling.
1499
1500         In case we had something like
1501
1502         .foo bar { ... }
1503
1504         and later a new stylesheet was added dynamically that contained
1505
1506         .foo baz { ... }
1507
1508         we would fail to add the new rules to the descendant invalidation rule sets for ".foo". This could
1509         cause some style invalidations to be missed.
1510
1511         * css/DocumentRuleSets.cpp:
1512         (WebCore::DocumentRuleSets::collectFeatures):
1513
1514         Reset the ancestorClassRules and ancestorAttributeRulesForHTML rule set caches when new style sheets
1515         are added (==collectFeatures is called).
1516
1517 2016-06-15  Javier Fernandez  <jfernandez@igalia.com>
1518
1519         [css-sizing] Item borders are missing with 'min-width:-webkit-fill-available' and zero available width
1520         https://bugs.webkit.org/show_bug.cgi?id=158258
1521
1522         Reviewed by Darin Adler.
1523
1524         The "fill-available" size is defined as the containing block's size less
1525         the box's border and padding size. However, when used for min-width we
1526         should ensure we don't get negative values as result of logical width
1527         computation.
1528
1529         http://www.w3.org/TR/css-sizing-3/#fill-available-sizing
1530
1531         This patch ensure fill-available value computed value will be always
1532         greater than box's boder and padding width.
1533
1534         Test: fast/css-intrinsic-dimensions/fill-available-with-zero-width.html
1535
1536         * rendering/RenderBox.cpp:
1537         (WebCore::RenderBox::computeIntrinsicLogicalWidthUsing):
1538
1539 2016-06-15  Alex Christensen  <achristensen@webkit.org>
1540
1541         Fix 2d canvas transform after r192900
1542         https://bugs.webkit.org/show_bug.cgi?id=158725
1543         rdar://problem/26774230
1544
1545         Reviewed by Dean Jackson.
1546
1547         Test: fast/canvas/canvas-transform-inverse.html
1548
1549         * html/canvas/CanvasRenderingContext2D.cpp:
1550         (WebCore::CanvasRenderingContext2D::transform):
1551         r192900 was intended to have no change in behavior, but I made a typo.
1552         We need to apply the inverse of the original transform to the path to be correct.
1553         This affects transforms applied to the canvas during the creation of a path.
1554
1555 2016-06-15  Eric Carlson  <eric.carlson@apple.com>
1556
1557         [iOS] Make HTMLMediaElement.muted mutable
1558         https://bugs.webkit.org/show_bug.cgi?id=158787
1559         <rdar://problem/24452567>
1560
1561         Reviewed by Dean Jackson.
1562
1563         Tests: media/audio-playback-restriction-removed-muted.html
1564                media/audio-playback-restriction-removed-track-enabled.html
1565
1566         * html/HTMLMediaElement.cpp:
1567         (WebCore::HTMLMediaElement::audioTrackEnabledChanged): Remove most behavior restrictions if
1568           the track state was changed as a result of a user gesture.
1569         (WebCore::HTMLMediaElement::setMuted): Ditto.
1570         (WebCore::HTMLMediaElement::removeBehaviorsRestrictionsAfterFirstUserGesture): Add mask 
1571           parameter so caller can choose which restrictions are removed.
1572         * html/HTMLMediaElement.h:
1573
1574         * html/MediaElementSession.cpp:
1575         (WebCore::restrictionName): Drive-by fix: remove duplicate label.
1576         * html/MediaElementSession.h:
1577
1578         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
1579         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
1580         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer): Set muted on AVPlayer if setMuted
1581           was called before the player was created.
1582         (WebCore::MediaPlayerPrivateAVFoundationObjC::setVolume): Drive-by fix: return early if there
1583           is no AVPlayer, not if we won't have metadata yet.
1584         (WebCore::MediaPlayerPrivateAVFoundationObjC::setMuted): New.
1585
1586 2016-06-15  Romain Bellessort  <romain.bellessort@crf.canon.fr>
1587
1588         Enabling Shadow DOM for all platforms
1589         https://bugs.webkit.org/show_bug.cgi?id=158738
1590
1591         Reviewed by Ryosuke Niwa.
1592
1593         No new tests (no new behavior to be tested).
1594
1595         Removed Shadow DOM from options (enabled by default)
1596         (comprises removal of corresponding preprocessor directives)
1597
1598         * Configurations/FeatureDefines.xcconfig:
1599         * DerivedSources.make:
1600         * bindings/generic/RuntimeEnabledFeatures.h:
1601         * bindings/js/JSDocumentFragmentCustom.cpp:
1602         * bindings/js/JSNodeCustom.cpp:
1603         * css/CSSGrammar.y.in:
1604         * css/CSSParser.cpp:
1605         * css/CSSParserValues.cpp:
1606         * css/CSSParserValues.h:
1607         * css/CSSSelector.cpp:
1608         * css/CSSSelector.h:
1609         * css/ElementRuleCollector.cpp:
1610         * css/ElementRuleCollector.h:
1611         * css/RuleSet.cpp:
1612         * css/RuleSet.h:
1613         * css/SelectorChecker.cpp:
1614         * css/SelectorChecker.h:
1615         * css/SelectorPseudoClassAndCompatibilityElementMap.in:
1616         * css/StyleResolver.cpp:
1617         * cssjit/SelectorCompiler.cpp:
1618         * dom/ComposedTreeAncestorIterator.h:
1619         * dom/ComposedTreeIterator.cpp:
1620         * dom/ComposedTreeIterator.h:
1621         * dom/ContainerNode.cpp:
1622         * dom/Document.cpp:
1623         * dom/Document.h:
1624         * dom/Element.cpp:
1625         * dom/Element.h:
1626         * dom/Element.idl:
1627         * dom/Event.idl:
1628         * dom/EventPath.cpp:
1629         * dom/Node.cpp:
1630         * dom/Node.h:
1631         * dom/NonDocumentTypeChildNode.idl:
1632         * dom/ShadowRoot.cpp:
1633         * dom/ShadowRoot.h:
1634         * dom/ShadowRoot.idl:
1635         * dom/SlotAssignment.cpp:
1636         * dom/SlotAssignment.h:
1637         * html/HTMLSlotElement.cpp:
1638         * html/HTMLSlotElement.h:
1639         * html/HTMLSlotElement.idl:
1640         * html/HTMLTagNames.in:
1641         * page/FocusController.cpp:
1642         * style/StyleSharingResolver.cpp:
1643         * style/StyleTreeResolver.cpp:
1644
1645 2016-06-15  Andreas Kling  <akling@apple.com>
1646
1647         [Cocoa] Add two notify listeners for poking the garbage collector.
1648         <https://webkit.org/b/158783>
1649
1650         Reviewed by Antti Koivisto.
1651
1652         Add two new notify listeners:
1653
1654         - com.apple.WebKit.fullGC
1655
1656             Trigger a full garbage collection in the main WebCore VM immediately.
1657
1658         - com.apple.WebKit.deleteAllCode
1659
1660             Throw away all of JSC's linked and unlinked code, and do a full GC.
1661
1662         These will make it easier to diagnose memory growth issues by having a lever that
1663         eliminates many of the large object graphs without going after behavior-changing things
1664         like the memory cache.
1665
1666         * platform/MemoryPressureHandler.cpp:
1667         (WebCore::MemoryPressureHandler::platformInitialize):
1668         * platform/MemoryPressureHandler.h:
1669         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1670         (WebCore::MemoryPressureHandler::platformInitialize):
1671
1672 2016-06-15  Antti Koivisto  <antti@apple.com>
1673
1674         Vary:Cookie validation doesn't work in private browsing
1675         https://bugs.webkit.org/show_bug.cgi?id=158616
1676         <rdar://problem/26755067>
1677
1678         Reviewed by Andreas Kling.
1679
1680         There wasn't a way to get cookie based on SessionID from WebCore.
1681
1682         * platform/CookiesStrategy.h:
1683
1684             Add a cookie retrival function that takes SessionID instead of NetworkStorageSession.
1685
1686         * platform/network/CacheValidation.cpp:
1687         (WebCore::headerValueForVary):
1688
1689             Use it.
1690
1691         (WebCore::verifyVaryingRequestHeaders):
1692
1693 2016-06-15  Per Arne Vollan  <pvollan@apple.com>
1694
1695         [Win] The test accessibility/selected-text-range-aria-elements.html is failing.
1696         https://bugs.webkit.org/show_bug.cgi?id=158732
1697
1698         Reviewed by Brent Fulgham.
1699
1700         Implement support for getting selected text range.
1701
1702         * accessibility/win/AccessibilityObjectWrapperWin.cpp:
1703         (WebCore::AccessibilityObjectWrapper::accessibilityAttributeValue):
1704
1705 2016-06-14  Myles C. Maxfield  <mmaxfield@apple.com>
1706
1707         Addressing post-review comments after r201971
1708         https://bugs.webkit.org/show_bug.cgi?id=158450
1709
1710         Unreviewed.
1711
1712         * css/CSSFontFaceSet.cpp:
1713         (WebCore::CSSFontFaceSet::add):
1714         (WebCore::CSSFontFaceSet::remove):
1715
1716 2016-06-14  Myles C. Maxfield  <mmaxfield@apple.com>
1717
1718         Honor bidi unicode codepoints
1719         https://bugs.webkit.org/show_bug.cgi?id=149170
1720         <rdar://problem/26527378>
1721
1722         Reviewed by Simon Fraser.
1723
1724         BidiResolver doesn't have any concept of isolate Unicode code points, so produces
1725         unexpected output when they are present. Fix by considering such code points as
1726         whitespace in the bidi algorithm. This is a stop-gap measure until we can support
1727         the codepoints fully in our Bidi algorithm.
1728
1729         Test: fast/text/isolate-ignore.html
1730
1731         * platform/graphics/Font.cpp:
1732         (WebCore::createAndFillGlyphPage):
1733         * platform/text/BidiResolver.h:
1734         (WebCore::Subclass>::createBidiRunsForLine):
1735
1736 2016-06-14  Antoine Quint  <graouts@apple.com>
1737
1738         [iOS] Play glyph is pixelated when the page zoom is large
1739         https://bugs.webkit.org/show_bug.cgi?id=158770
1740         <rdar://problem/26092124>
1741
1742         Reviewed by Dean Jackson.
1743
1744         Use the same technique that we use to scale the video controls by using a combination
1745         of CSS "zoom" and "transform" properties to have the video play glyph scaled at its
1746         native size regardless of page zoom.
1747
1748         * Modules/mediacontrols/mediaControlsiOS.js:
1749         (ControllerIOS.prototype.set pageScaleFactor):
1750
1751 2016-06-14  Chris Dumez  <cdumez@apple.com>
1752
1753         Regression(r201534): Compile time greatly regressed
1754         https://bugs.webkit.org/show_bug.cgi?id=158765
1755         <rdar://problem/26587342>
1756
1757         Reviewed by Darin Adler.
1758
1759         Compile time greatly regressed by r201534 due to Document.h now including
1760         TextAutoSizing.h. Move the TextAutoSizingTraits back to Document.h to
1761         restore pre-r201534 behavior.
1762
1763         * WebCore.xcodeproj/project.pbxproj:
1764         * dom/Document.cpp:
1765         (WebCore::TextAutoSizingTraits::constructDeletedValue):
1766         (WebCore::TextAutoSizingTraits::isDeletedValue):
1767         * dom/Document.h:
1768         * rendering/TextAutoSizing.h:
1769         (WebCore::TextAutoSizingTraits::constructDeletedValue): Deleted.
1770         (WebCore::TextAutoSizingTraits::isDeletedValue): Deleted.
1771
1772 2016-06-14  Antoine Quint  <graouts@apple.com>
1773
1774         Inline media controls cut off PiP and fullscreen buttons on cnn.com
1775         https://bugs.webkit.org/show_bug.cgi?id=158766
1776         <rdar://problem/24175161>
1777
1778         Reviewed by Dean Jackson.
1779
1780         The display of the picture-in-picture and fullscreen buttons are dependent on the availability
1781         of video tracks through a call to hasVideo(). We need to ensure that the display properties of
1782         both those buttons are updated when the number of video tracks has changed since the controls
1783         may be populated prior to the availability of video tracks.
1784
1785         * Modules/mediacontrols/mediaControlsApple.js:
1786         (Controller.prototype.updateHasVideo):
1787
1788 2016-06-14  Joseph Pecoraro  <pecoraro@apple.com>
1789
1790         Web Inspector: Rename Timeline.setAutoCaptureInstruments to Timeline.setInstruments
1791         https://bugs.webkit.org/show_bug.cgi?id=158762
1792
1793         Reviewed by Timothy Hatcher.
1794
1795         Test: inspector/timeline/setInstruments-errors.html
1796
1797         * inspector/InspectorTimelineAgent.cpp:
1798         (WebCore::InspectorTimelineAgent::willDestroyFrontendAndBackend):
1799         (WebCore::InspectorTimelineAgent::setInstruments):
1800         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
1801         (WebCore::InspectorTimelineAgent::setAutoCaptureInstruments): Deleted.
1802         * inspector/InspectorTimelineAgent.h:
1803
1804 2016-06-14  Dean Jackson  <dino@apple.com>
1805
1806         decompose4 return value is unchecked, leading to potentially uninitialized data.
1807         https://bugs.webkit.org/show_bug.cgi?id=158761
1808         <rdar://problem/17526268>
1809
1810         Reviewed by Simon Fraser.
1811
1812         WebCore::decompose4 could return early without initializing data.
1813         I now initialize it, but I also started checking the return
1814         value at all the call sites to make sure everything is sensible.
1815
1816         Test: transforms/undecomposable.html
1817
1818         * platform/graphics/transforms/PerspectiveTransformOperation.cpp:
1819         (WebCore::PerspectiveTransformOperation::blend):
1820         * platform/graphics/transforms/RotateTransformOperation.cpp:
1821         (WebCore::RotateTransformOperation::blend):
1822         * platform/graphics/transforms/TransformationMatrix.cpp:
1823         (WebCore::decompose4):
1824         (WebCore::TransformationMatrix::blend4):
1825         * platform/graphics/transforms/TransformationMatrix.h:
1826
1827 2016-06-14  Benjamin Poulain  <bpoulain@apple.com>
1828
1829         Add the unprefixed version of the pseudo element ::placeholder
1830         https://bugs.webkit.org/show_bug.cgi?id=158653
1831
1832         Reviewed by Dean Jackson.
1833
1834         Test: fast/forms/placeholder-pseudo-element-with-webkit-prefix.html
1835
1836         The pseudo element ::-webkit-input-placeholder is stupidly popular
1837         which forces other engines to support this exact name.
1838
1839         The pseudo-element spec provides a new standard name we can adopt
1840         to drop the prefix: https://drafts.csswg.org/css-pseudo-4/#placeholder-pseudo
1841
1842         This patch does just that, make ::placeholder the standard name to select
1843         the placeholder element in the shadow dom of input elements.
1844
1845         Unlike pseudo classes, we did not have any support for prefixes and aliasing.
1846         I want to keep the absurdly efficient matching we currently use for styling
1847         because style updates are more common than stylesheet updates.
1848         With that constraint in mind, the value of CSSSelector has to be the unprefixed
1849         version for both forms of input.
1850
1851         This leaves us with the problem of displaying the CSSSelector for CSSOM.
1852         To differentiate the legacy form from the standard form, I added
1853         a new type of PseudoElement: PseudoElementWebKitCustomLegacyPrefixed.
1854         When parsing, PseudoElementWebKitCustomLegacyPrefixed let us replace
1855         the original value "-webkit-input-placeholder" by the standard value.
1856         When creating the selectorText for CSSOM, PseudoElementWebKitCustomLegacyPrefixed
1857         let us replace the standard for by the legacy form.
1858
1859         * css/CSSParserValues.cpp:
1860         (WebCore::CSSParserSelector::parsePseudoElementSelector):
1861         * css/CSSSelector.cpp:
1862         (WebCore::CSSSelector::pseudoId):
1863         (WebCore::CSSSelector::selectorText):
1864         * css/CSSSelector.h:
1865         (WebCore::CSSSelector::isCustomPseudoElement):
1866         (WebCore::CSSSelector::isWebKitCustomPseudoElement):
1867         * css/SelectorChecker.cpp:
1868         (WebCore::SelectorChecker::matchRecursively):
1869         * css/SelectorPseudoElementTypeMap.in:
1870         * css/html.css:
1871         (::placeholder):
1872         (input::placeholder, isindex::placeholder):
1873         (textarea::placeholder):
1874         (::-webkit-input-placeholder): Deleted.
1875         (input::-webkit-input-placeholder, isindex::-webkit-input-placeholder): Deleted.
1876         (textarea::-webkit-input-placeholder): Deleted.
1877         * features.json:
1878         * html/shadow/TextControlInnerElements.cpp:
1879         (WebCore::TextControlPlaceholderElement::TextControlPlaceholderElement):
1880
1881 2016-06-14  Doug Russell  <d_russell@apple.com>
1882
1883         AX: Form label text should be exposed as static text if it contains only static text
1884         https://bugs.webkit.org/show_bug.cgi?id=158634
1885
1886         Reviewed by Chris Fleizach.
1887
1888         Use AccessibilityLabel to represent HTMLLabelElement to assistive technology.
1889         AccessibilityLabel::containsOnlyStaticText() searches label subtree to evaluate 
1890         if all children are static text.
1891         AccessibilityLabel::stringValue() consults containsOnlyStaticText() and returns
1892         textUnderElement() if true.
1893         WebAccessibilityObjectWrapperMac consults containsOnlyStaticText() and substitutes
1894         StaticTextRole for LabelRole if true.
1895         Cache containsOnlyStaticText() in the common case when updating children.
1896
1897         Tests: accessibility/mac/label-element-all-text-string-value.html
1898                accessibility/mac/label-element-with-link-string-value.html
1899
1900         * CMakeLists.txt:
1901         * WebCore.xcodeproj/project.pbxproj:
1902         * accessibility/AXObjectCache.cpp:
1903         (WebCore::createFromRenderer):
1904         * accessibility/AccessibilityAllInOne.cpp:
1905         * accessibility/AccessibilityLabel.cpp: Added.
1906         (WebCore::AccessibilityLabel::AccessibilityLabel):
1907         (WebCore::AccessibilityLabel::~AccessibilityLabel):
1908         (WebCore::AccessibilityLabel::create):
1909         (WebCore::AccessibilityLabel::computeAccessibilityIsIgnored):
1910         (WebCore::AccessibilityLabel::stringValue):
1911         (WebCore::childrenContainOnlyStaticText):
1912         (WebCore::AccessibilityLabel::containsOnlyStaticText):
1913         (WebCore::AccessibilityLabel::updateChildrenIfNecessary):
1914         (WebCore::AccessibilityLabel::clearChildren):
1915         (WebCore::AccessibilityLabel::insertChild):
1916         * accessibility/AccessibilityLabel.h: Added.
1917         * accessibility/AccessibilityObject.h:
1918         (WebCore::AccessibilityObject::isLabel):
1919         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
1920         (-[WebAccessibilityObjectWrapper role]):
1921
1922 2016-06-14  Commit Queue  <commit-queue@webkit.org>
1923
1924         Unreviewed, rolling out r202057.
1925         https://bugs.webkit.org/show_bug.cgi?id=158749
1926
1927         This change broke the Windows build. (Requested by ryanhaddad
1928         on #webkit).
1929
1930         Reverted changeset:
1931
1932         "Honor bidi unicode codepoints"
1933         https://bugs.webkit.org/show_bug.cgi?id=149170
1934         http://trac.webkit.org/changeset/202057
1935
1936 2016-06-14  Myles C. Maxfield  <mmaxfield@apple.com>
1937
1938         Honor bidi unicode codepoints
1939         https://bugs.webkit.org/show_bug.cgi?id=149170
1940         <rdar://problem/26527378>
1941
1942         Reviewed by Simon Fraser.
1943
1944         BidiResolver doesn't have any concept of isolate Unicode code points, so produces
1945         unexpected output when they are present. Fix by considering such code points as
1946         whitespace in the bidi algorithm. This is a stop-gap measure until we can support
1947         the codepoints fully in our Bidi algorithm.
1948
1949         Test: fast/text/isolate-ignore.html
1950
1951         * platform/graphics/Font.cpp:
1952         (WebCore::createAndFillGlyphPage):
1953         * platform/text/BidiResolver.h:
1954         (WebCore::Subclass>::createBidiRunsForLine):
1955
1956 2016-06-14  Commit Queue  <commit-queue@webkit.org>
1957
1958         Unreviewed, rolling out r200455.
1959         https://bugs.webkit.org/show_bug.cgi?id=158740
1960
1961         hangs twitter/facebook (Requested by mcatanzaro on #webkit).
1962
1963         Reverted changeset:
1964
1965         "[GStreamer] Adaptive streaming issues"
1966         https://bugs.webkit.org/show_bug.cgi?id=144040
1967         http://trac.webkit.org/changeset/200455
1968
1969 2016-06-14  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
1970
1971         WebRTC: RTCPeerConnection::addTrack() should throw InvalidAccessError instead of InvalidModificationError.
1972         https://bugs.webkit.org/show_bug.cgi?id=158735
1973
1974         Reviewed by Eric Carlson.
1975
1976         Throw InvalidAccessError instead of InvalidModificationError when track already exists in connection's
1977         set of senders as per specification (https://w3c.github.io/webrtc-pc/#dom-rtcpeerconnection-addtrack).
1978
1979         Updated existing test results: fast/mediastream/RTCPeerConnection-add-removeTrack-expected.txt
1980
1981         * Modules/mediastream/RTCPeerConnection.cpp:
1982         (WebCore::RTCPeerConnection::addTrack):
1983
1984 2016-06-14  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1985
1986         WebRTC: Imlement MediaEndpointPeerConnection::addIceCandidate()
1987         https://bugs.webkit.org/show_bug.cgi?id=158690
1988
1989         Reviewed by Eric Carlson.
1990
1991         Implement MediaEndpointPeerConnection::addIceCandidate() that is the MediaEndpoint
1992         implementation of RTCPeerConnection.addIceCandidate() [1].
1993
1994         [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#dom-peerconnection-addicecandidate
1995
1996         Test: fast/mediastream/RTCPeerConnection-addIceCandidate.html
1997
1998         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
1999         (WebCore::MediaEndpointPeerConnection::addIceCandidate):
2000         (WebCore::MediaEndpointPeerConnection::addIceCandidateTask):
2001         Implemented.
2002         * Modules/mediastream/MediaEndpointPeerConnection.h:
2003         * platform/mediastream/MediaEndpoint.h:
2004         Use mid instead of mdescIndex to identify the target media description in the backend.
2005         * platform/mock/MockMediaEndpoint.cpp:
2006         Update mock method signature accordingly.
2007         (WebCore::MockMediaEndpoint::addRemoteCandidate):
2008         * platform/mock/MockMediaEndpoint.h:
2009
2010 2016-06-14  Zalan Bujtas  <zalan@apple.com>
2011
2012         Make RenderBlock::insertInto/RemoveFromTrackedRendererMaps functions static.
2013         https://bugs.webkit.org/show_bug.cgi?id=158722
2014
2015         Reviewed by Simon Fraser.
2016
2017         These functions manipulate static tracker hashmaps. They don't need to be on RenderBlock.
2018         This is also in preparation for decoupling positioned descendant tracking from descendent percentage height handling.
2019         (gPositionedDescendantsMap and gPercentHeightDescendantsMap) 
2020
2021         No change in functionality.
2022
2023         * rendering/RenderBlock.cpp:
2024         (WebCore::insertIntoTrackedRendererMaps):
2025         (WebCore::removeFromTrackedRendererMaps):
2026         (WebCore::removeBlockFromDescendantAndContainerMaps):
2027         (WebCore::RenderBlock::insertPositionedObject):
2028         (WebCore::RenderBlock::addPercentHeightDescendant):
2029         (WebCore::RenderBlock::insertIntoTrackedRendererMaps): Deleted.
2030         (WebCore::RenderBlock::removeFromTrackedRendererMaps): Deleted.
2031         * rendering/RenderBlock.h:
2032
2033 2016-06-14  Adam Bergkvist  <adam.bergkvist@ericsson.com>
2034
2035         WebRTC: Add media setup test where media is set up in one direction at a time
2036         https://bugs.webkit.org/show_bug.cgi?id=158691
2037
2038         Reviewed by Eric Carlson.
2039
2040         Add test for setting up media in one direction at a time. This requires a change in sdp.js
2041         to allow an SDP that doesn't contain a stream id or track id (representing
2042         a track being sent). In this test, the first answer doesn't contain any sending media.
2043
2044         Test: fast/mediastream/RTCPeerConnection-media-setup-two-dialogs.html
2045
2046         * Modules/mediastream/sdp.js:
2047
2048 2016-06-14  Chris Dumez  <cdumez@apple.com>
2049
2050         [Cocoa] Avoid extra copy of headers dictionary in ResourceResponse::platformLazyInit()
2051         https://bugs.webkit.org/show_bug.cgi?id=158717
2052
2053         Reviewed by Alex Christensen.
2054
2055         Avoid extra copy of headers dictionary in ResourceResponse::platformLazyInit() by
2056         calling CFHTTPMessageCopyAllHeaderFields() instead of [NSURLResponse allHeaderFields].
2057
2058         CFHTTPMessageCopyAllHeaderFields() creates only 1 copy while
2059         [NSURLResponse allHeaderFields] creates 2 (see <rdar://problem/26778863>).
2060
2061         * platform/network/cocoa/ResourceResponseCocoa.mm:
2062         (WebCore::addToHTTPHeaderMap):
2063         (WebCore::ResourceResponse::platformLazyInit):
2064
2065 2016-06-14  David Kilzer  <ddkilzer@apple.com>
2066
2067         REGRESSION (r151608): Leak of QTMovieLayer or AVPlayerLayer in -[WebVideoFullscreenController setVideoElement:]
2068         <https://webkit.org/b/158729>
2069
2070         Reviewed by Eric Carlson.
2071
2072         * platform/mac/WebVideoFullscreenController.mm:
2073         (-[WebVideoFullscreenController setVideoElement:]): Use
2074         RetainPtr<> to prevent leaks.
2075         * platform/mac/WebVideoFullscreenHUDWindowController.mm:
2076         Drive-by fix to remove unused <wtf/RetainPtr.h> import.
2077
2078 2016-06-14  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2079
2080         The vector of mediastreams should be passed via a reference to RTCPeerConnection::addTrack()
2081         https://bugs.webkit.org/show_bug.cgi?id=158701
2082
2083         Pass vector of mediastreams by reference.
2084
2085         Reviewed by Youenn Fablet.
2086
2087         * Modules/mediastream/RTCPeerConnection.cpp:
2088         (WebCore::RTCPeerConnection::addTrack):
2089         * Modules/mediastream/RTCPeerConnection.h:
2090
2091 2016-06-14  Ryosuke Niwa  <rniwa@webkit.org>
2092
2093         Crash inside firstPositionInNode in checkLoadCompleteForThisFrame
2094         https://bugs.webkit.org/show_bug.cgi?id=158724
2095
2096         Reviewed by Alex Christensen.
2097
2098         Added null checks for document and document element since they could be nullptr here.
2099
2100         * loader/FrameLoader.cpp:
2101         (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
2102
2103 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2104
2105         Remove hasStaticPropertyTable (part 3: JSLocation::putDelegate)
2106         https://bugs.webkit.org/show_bug.cgi?id=158431
2107
2108         Unreviewed build fix.
2109
2110         * bindings/js/JSLocationCustom.cpp:
2111         (WebCore::JSLocation::putDelegate):
2112
2113 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2114
2115         Remove hasStaticPropertyTable (part 4: JSHTMLDocument & JSStorage)
2116         https://bugs.webkit.org/show_bug.cgi?id=158431
2117
2118         Reviewed by Chris Dumez.
2119
2120         All uses of hasStaticPropertyTable flag generated by bindings are wrong.
2121
2122         JSHTMLDocument & JSStorage contain a number of static_asserts claiming that
2123         various methods do not support static properties. These asserts were likely
2124         correct at the time they were added, as JSObject::getOwnPropertySlot and
2125         JSObject::deleteProperty did not support getting / deleting static value.
2126         This is no longer the case, and these asserts are now incorrect.
2127
2128         * bindings/js/JSHTMLDocumentCustom.cpp:
2129         (WebCore::JSHTMLDocument::getOwnPropertySlot):
2130         * bindings/js/JSStorageCustom.cpp:
2131         (WebCore::JSStorage::deleteProperty):
2132         (WebCore::JSStorage::deletePropertyByIndex):
2133         (WebCore::JSStorage::putDelegate):
2134             - remove incorrect static_asserts.
2135
2136 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2137
2138         Remove hasStaticPropertyTable (part 3: JSLocation::putDelegate)
2139         https://bugs.webkit.org/show_bug.cgi?id=158431
2140
2141         Reviewed by Geoff Garen.
2142
2143         All uses of hasStaticPropertyTable flag generated by bindings are wrong.
2144
2145         JSLocation::putDelegate checks the static property table redundantly.
2146
2147         In the case of same origin access, if the property is not in the static
2148         table the method will call JSObject::put and return true (indicating the
2149         delegate handled the put). If the property is in the static table, the
2150         method will return false (indicating the the delegate did not handle the
2151         access) - in which case the calling function will call JSObject::put.
2152         Checking for the property in the static table is redundant - same origin
2153         access does not require any special handling, and should just always
2154         return false & let the caller handle the put.
2155
2156         In the case of cross origin access, if the property is not in the static
2157         table we return true (indicating the access was handled, and silently
2158         blocking it). If it is a static property, we check the name, and if the
2159         name is not 'href' we also return true, silently blocking. In the case
2160         that the name is 'href' we'll return false, indicating to the caller
2161         that the access was not handled by the delegate, resulting in it taking
2162         place. The additional check of the static table is redundant, since we
2163         only have special behaviour in the case of 'href'. (Moreover it is
2164         unnecesszarily fragile, since if we made a change such that 'href' was no
2165         longer implemented as a static property with would fail.)
2166
2167         - for same origin, always return false.
2168         - for cross origin, return false for 'href', otherwise return true.
2169
2170         * bindings/js/JSLocationCustom.cpp:
2171         (WebCore::JSLocation::putDelegate):
2172             - restructure & remove static table check.
2173
2174 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2175
2176         Remove hasStaticPropertyTable (part 2: JSPluginElement)
2177         https://bugs.webkit.org/show_bug.cgi?id=158431
2178
2179         Reviewed by Chris Dumez.
2180
2181         All uses of hasStaticPropertyTable flag generated by bindings are wrong.
2182
2183         The check in pluginElementCustomGetOwnPropertySlot was somewhat dubious in the
2184         first place (for types with static properties it would give precedence to both
2185         static and also property storage properties; for types without static properties
2186         it would check neither - an odd asymetry in the case of values in the storage
2187         array, and was depending on an implementation detail that could change).
2188
2189         This is all now redundant anyway. None of these types have static properties.
2190         All properties are now corretcly on the prototype (which is handled appropriately
2191         below). This is just dead code.
2192
2193         * bindings/js/JSPluginElementFunctions.h:
2194         (WebCore::pluginElementCustomGetOwnPropertySlot):
2195             - remove dead code.
2196
2197 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2198
2199         Remove hasStaticPropertyTable (part 1: DOM bindings)
2200         https://bugs.webkit.org/show_bug.cgi?id=158431
2201
2202         Reviewed by Chris Dumez.
2203
2204         All uses of hasStaticPropertyTable flag generated by bindings are wrong.
2205
2206         * bindings/js/JSDOMBinding.h:
2207         (WebCore::getStaticValueSlotEntryWithoutCaching): Deleted.
2208         (WebCore::getStaticValueSlotEntryWithoutCaching<JSDOMObject>): Deleted.
2209             - this method is not used anywhere.
2210
2211 2016-06-13  Adam Bergkvist  <adam.bergkvist@ericsson.com>
2212
2213         WebRTC: Imlement MediaEndpointPeerConnection::replaceTrack()
2214         https://bugs.webkit.org/show_bug.cgi?id=158688
2215
2216         Reviewed by Eric Carlson.
2217
2218         Implement MediaEndpointPeerConnection::replaceTrack() that is the MediaEndpoint implementation
2219         of RTCRtpSender.replaceTrack() [1].
2220
2221         [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#dom-rtcrtpsender-replacetrack
2222
2223         Updated fast/mediastream/RTCRtpSender-replaceTrack.html
2224
2225         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
2226         (WebCore::MediaEndpointPeerConnection::replaceTrack):
2227         (WebCore::MediaEndpointPeerConnection::replaceTrackTask):
2228         Implemented.
2229         * Modules/mediastream/MediaEndpointPeerConnection.h:
2230         * Modules/mediastream/PeerConnectionBackend.h:
2231         * Modules/mediastream/RTCPeerConnection.cpp:
2232         (WebCore::RTCPeerConnection::replaceTrack):
2233         * Modules/mediastream/RTCPeerConnection.h:
2234         Move the MediaStreamTrack instance of sending a reference to it. This change is the main
2235         reason many files are touched by this change.
2236         * Modules/mediastream/RTCRtpSender.h:
2237         * Modules/mediastream/RTCRtpSender.idl:
2238         * platform/mediastream/MediaEndpoint.h:
2239         Use mid instead of mdescIndex to identify the media description in the backend.
2240         * platform/mock/MockMediaEndpoint.cpp:
2241         (WebCore::MockMediaEndpoint::replaceSendSource):
2242         * platform/mock/MockMediaEndpoint.h:
2243
2244 2016-06-13  Joseph Pecoraro  <pecoraro@apple.com>
2245
2246         window.onerror should pass the ErrorEvent's 'error' property as the 5th argument to the event handler
2247         https://bugs.webkit.org/show_bug.cgi?id=55092
2248         <rdar://problem/25731279>
2249
2250         Reviewed by Dean Jackson.
2251
2252         This includes the actual Error in window.error / ErrorEvent:
2253         https://html.spec.whatwg.org/multipage/webappapis.html#the-errorevent-interface
2254
2255         This is useful for scripts to be able to get an error stack
2256         from uncaught exceptions, by checking the error itself.
2257
2258         Tests: fast/events/window-onerror17.html
2259                http/tests/security/cross-origin-script-error-event-redirected.html
2260                http/tests/security/cross-origin-script-error-event.html
2261                http/tests/security/script-crossorigin-error-event-information.html
2262                http/tests/security/script-no-crossorigin-error-event-should-be-sanitized.html
2263                userscripts/window-onerror-for-isolated-world-3.html
2264
2265         * CMakeLists.txt:
2266         * WebCore.xcodeproj/project.pbxproj:
2267         * bindings/js/JSBindingsAllInOne.cpp:
2268         Add new custom error event file.
2269
2270         * bindings/js/JSDOMBinding.cpp:
2271         (WebCore::reportException):
2272         Include the JSC::Exception when reporting exceptions, so the error value is available.
2273         
2274         * bindings/js/JSErrorEventCustom.cpp:
2275         (WebCore::JSErrorEvent::error):
2276         Sanitized access to the ErrorEvent's error property to prevent leaking objects
2277         across isolated world boundaries. This is like CustomEvent's data property.
2278
2279         * bindings/js/JSErrorHandler.cpp:
2280         (WebCore::JSErrorHandler::handleEvent):
2281         * bindings/js/JSErrorHandler.h:
2282         Include the error object as the 4th argument to the window.onerror event handler.
2283
2284         * dom/ScriptExecutionContext.cpp:
2285         (WebCore::ScriptExecutionContext::sanitizeScriptError):
2286         (WebCore::ScriptExecutionContext::reportException):
2287         (WebCore::ScriptExecutionContext::dispatchErrorEvent):
2288         * dom/ScriptExecutionContext.h:
2289         Include the error object in the ErrorEvent constructed when dispatching error events.
2290
2291         * dom/ErrorEvent.cpp:
2292         (WebCore::ErrorEvent::ErrorEvent):
2293         (WebCore::ErrorEvent::sanitizedErrorValue):
2294         (WebCore::ErrorEvent::trySerializeError):
2295         * dom/ErrorEvent.h:
2296         * dom/ErrorEvent.idl:
2297         Include an any "error" property on the ErrorEvent, and allow it in initialization.
2298
2299         * bindings/js/WorkerScriptController.cpp:
2300         (WebCore::WorkerScriptController::evaluate):
2301         * workers/WorkerMessagingProxy.cpp:
2302         (WebCore::WorkerMessagingProxy::postExceptionToWorkerObject):
2303         Within the Worker world, the error is included in the event.
2304         When re-dispatching the error on the world object in the world that spawned the
2305         Worker the event does not include an error object. This matches other browsers
2306         right now, but could be improved to have the same cross world serialization
2307         as isolated worlds have with the error data.
2308
2309         * dom/CustomEvent.h:
2310         Remove unimplemented stale method.
2311
2312 2016-06-13  Dean Jackson  <dino@apple.com>
2313
2314         SVG elements don't blend correctly into HTML
2315         https://bugs.webkit.org/show_bug.cgi?id=158718
2316         <rdar://problem/26782004>
2317
2318         Reviewed by Antoine Quint.
2319
2320         We were not creating any transparency layers for the root SVG nodes.
2321         This is ok if the SVG is the root document, because it is the backdrop.
2322         However, if it is inline SVG, it needs to apply the operation in
2323         order to composite into the document.
2324
2325         Test: svg/css/mix-blend-mode-with-inline-svg.html
2326
2327         * rendering/RenderLayer.cpp:
2328         (WebCore::RenderLayer::beginTransparencyLayers):
2329
2330 2016-06-13  Brady Eidson  <beidson@apple.com>
2331
2332         storage/indexeddb/modern/leaks-1.html leaks the database connection handle.
2333         https://bugs.webkit.org/show_bug.cgi?id=158643
2334
2335         Reviewed by Alex Christensen.
2336
2337         Tested by changes to existing test.
2338
2339         * Modules/indexeddb/IDBDatabase.cpp:
2340         (WebCore::IDBDatabase::hasPendingActivity):
2341         
2342         * dom/EventTarget.h:
2343         (WebCore::EventTarget::eventTargetData):
2344         (WebCore::EventTarget::hasEventListeners):
2345
2346
2347 2016-06-13  Enrica Casucci  <enrica@apple.com>
2348
2349         REGRESSION(r201956): Failure to initialize new internal settings produced random test failures in release.
2350         https://bugs.webkit.org/show_bug.cgi?id=158713
2351         rdar://26769957
2352
2353         Reviewed by Simon Fraser.
2354
2355         Failed to initialize the new member variable in both Settings and InternalSettings classes.
2356
2357         * page/Settings.cpp:
2358         (WebCore::Settings::Settings):
2359         * testing/InternalSettings.cpp:
2360         (WebCore::InternalSettings::Backup::Backup):
2361
2362 2016-06-13  Chris Dumez  <cdumez@apple.com>
2363
2364         Drop HipChat hack introduced in r197548
2365         https://bugs.webkit.org/show_bug.cgi?id=158711
2366
2367         Reviewed by Geoffrey Garen.
2368
2369         Drop HipChat hack introduced in r197548. This hack is no longer needed
2370         as the bug was fixed in HipChat since then:
2371         https://support.atlassian.com/servicedesk/customer/portal/32/HCP-7532
2372
2373         I have confirmed locally that the latest version (4.0.12.665) is able
2374         to connect without the hack.
2375
2376         * bindings/js/JSLocationCustom.cpp:
2377         (WebCore::JSLocation::putDelegate): Deleted.
2378         * platform/RuntimeApplicationChecks.h:
2379         * platform/RuntimeApplicationChecks.mm:
2380         (WebCore::MacApplication::isHipChat): Deleted.
2381
2382 2016-06-13  Chris Fleizach  <cfleizach@apple.com>
2383
2384         AX: CrashTracer: com.apple.WebKit.WebContent at WebCore::AccessibilityRenderObject::remoteSVGRootElement const + 227
2385         https://bugs.webkit.org/show_bug.cgi?id=158685
2386
2387         Reviewed by David Kilzer.
2388
2389         Crash reports show a null access at a line that tries to dereference a pointer. 
2390         I still don't have a way to layout test this, as it seems tied to tear down of the main document.
2391
2392         * accessibility/AccessibilityRenderObject.cpp:
2393         (WebCore::AccessibilityRenderObject::remoteSVGRootElement):
2394
2395 2016-06-13  Jeremy Jones  <jeremyj@apple.com>
2396
2397         Use two video layer solution only on mac.
2398         https://bugs.webkit.org/show_bug.cgi?id=158705
2399         rdar://problem/26776360
2400
2401         Reviewed by Jer Noble.
2402
2403         Two video layer solution is only useful on the mac to prevent flicker, so don't do it elsewhere.
2404
2405         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
2406         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer):
2407
2408 2016-06-13  Jeremy Jones  <jeremyj@apple.com>
2409
2410         Decrease PiP flicker by not removing window prematurely.
2411         https://bugs.webkit.org/show_bug.cgi?id=158436
2412         <rdar://problem/19052639>
2413
2414         Reviewed by Darin Adler.
2415
2416         UIWindow shouldn't be removed until cleanupFullscreen, so the video layer has a chance
2417         to be reparented in the DOM first.
2418
2419         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
2420         (WebVideoFullscreenInterfaceAVKit::didStopPictureInPicture):
2421
2422 2016-06-13  Alex Christensen  <achristensen@webkit.org>
2423
2424         Add WebSocketProvider stub
2425         https://bugs.webkit.org/show_bug.cgi?id=158702
2426
2427         Reviewed by Brady Eidson.
2428
2429         No new tests.  No change in behavior.
2430
2431         * WebCore.xcodeproj/project.pbxproj:
2432         * dom/DocumentMarkerController.cpp:
2433         * dom/ScriptedAnimationController.cpp:
2434         * html/HTMLMediaElement.cpp:
2435         * html/MediaDocument.cpp:
2436         * html/shadow/MediaControlElements.cpp:
2437         * html/shadow/MediaControls.cpp:
2438         * html/shadow/MediaControls.h:
2439         * html/shadow/MediaControlsApple.cpp:
2440         * inspector/InspectorInstrumentation.cpp:
2441         * inspector/InspectorInstrumentation.h:
2442         * inspector/InspectorOverlay.cpp:
2443         (WebCore::InspectorOverlay::overlayPage):
2444         * loader/EmptyClients.h:
2445         * loader/FrameLoader.cpp:
2446         * loader/FrameLoader.h:
2447         * loader/appcache/ApplicationCacheHost.cpp:
2448         * loader/cache/CachedResource.cpp:
2449         * page/FrameView.cpp:
2450         * page/Page.cpp:
2451         (WebCore::Page::Page):
2452         * page/Page.h:
2453         (WebCore::Page::applicationCacheStorage):
2454         (WebCore::Page::databaseProvider):
2455         (WebCore::Page::socketProvider):
2456         (WebCore::Page::storageNamespaceProvider):
2457         * page/PageConfiguration.cpp:
2458         (WebCore::PageConfiguration::PageConfiguration):
2459         * page/PageConfiguration.h:
2460         * page/ResourceUsageOverlay.cpp:
2461         * page/SocketProvider.h: Added.
2462         (WebCore::SocketProvider::~SocketProvider):
2463         * page/cocoa/ResourceUsageOverlayCocoa.mm:
2464         * rendering/RenderElement.cpp:
2465         * rendering/RenderLayerBacking.cpp:
2466         * style/StyleResolveForDocument.cpp:
2467         * style/StyleTreeResolver.cpp:
2468         * svg/graphics/SVGImage.cpp:
2469         (WebCore::SVGImage::dataChanged):
2470         * testing/MockPageOverlayClient.cpp:
2471
2472 2016-06-13  Brady Eidson  <beidson@apple.com>
2473
2474         Crashes in WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask.
2475         <rdar://problem/26768449> and https://bugs.webkit.org/show_bug.cgi?id=158696
2476
2477         Reviewed by David Kilzer.
2478
2479         No new tests (Covered by all existing tests in Gmalloc/ASAN configs).
2480
2481         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
2482         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask):
2483         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
2484
2485 2016-06-13  Brady Eidson  <beidson@apple.com>
2486
2487         Modern IDB: IDBOpenDBRequest objects leak.
2488         https://bugs.webkit.org/show_bug.cgi?id=158694
2489
2490         Reviewed by Alex Christensen.
2491
2492         No new tests (Currently have no testing strategy for guaranteeing lifetime of WebCore DOM objects)
2493
2494         * Modules/indexeddb/client/IDBConnectionProxy.cpp:
2495         (WebCore::IDBClient::IDBConnectionProxy::completeOpenDBRequest): At this point we never need the
2496             request again, so remove it from the map.
2497
2498 2016-06-13  Chris Dumez  <cdumez@apple.com>
2499
2500         Make sure HTTPHeaderMap gets a move constructor / assignment operator
2501         https://bugs.webkit.org/show_bug.cgi?id=158695
2502         <rdar://problem/26729511>
2503
2504         Reviewed by Alex Christensen.
2505
2506         Make sure HTTPHeaderMap gets a move constructor / assignment operator.
2507         It was not getting an implicit one because of its user-declared
2508         destructor. This patch drops the user-declared destructor so that
2509         HTTPHeaderMap now gets an implicit move constructor / assignment
2510         operator.
2511
2512         Not having a move constructor / assignment operator is an issue because
2513         we rely on HTTPHeaderMap::isolatedCopy() / WTFMove() since r201623 to
2514         pass HTTPHeaderMap across thread.
2515
2516         * platform/network/HTTPHeaderMap.cpp:
2517         (WebCore::HTTPHeaderMap::~HTTPHeaderMap): Deleted.
2518         * platform/network/HTTPHeaderMap.h:
2519
2520 2016-06-13  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2521
2522         Remove useless parameter from GenerateParametersCheck signature
2523         https://bugs.webkit.org/show_bug.cgi?id=158692
2524
2525         Reviewed by Chris Dumez.
2526
2527         Remove one parameter which is passed to GenerateParametersCheck
2528         but never used in the caller code.
2529
2530         * bindings/scripts/CodeGeneratorJS.pm:
2531         (GenerateImplementation):
2532         (GenerateParametersCheck):
2533         (GenerateConstructorDefinition):
2534
2535 2016-06-13  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2536
2537         Improve code generator for functions with variadic parameters
2538         https://bugs.webkit.org/show_bug.cgi?id=158529
2539
2540         Reviewed by Darin Adler.
2541
2542         JS bindings code of functions with variadic parameters is improved.
2543
2544         Functions with variadic parameters are skipped for ObjC and GObject code generators.
2545
2546         * bindings/scripts/CodeGeneratorGObject.pm:
2547         (SkipFunction): Skip functions with variadic parameters.
2548         * bindings/scripts/CodeGeneratorJS.pm:
2549         (GenerateParametersCheck):
2550         * bindings/scripts/CodeGeneratorObjC.pm:
2551         (SkipFunction): Skip functions with variadic parameters.
2552         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2553         (webkit_dom_test_obj_any): Deleted.
2554         (webkit_dom_test_obj_attach_shadow_root): Deleted.
2555         (webkit_dom_test_obj_get_read_only_long_attr): Deleted.
2556         (webkit_dom_test_obj_get_read_only_string_attr): Deleted.
2557         * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
2558         * bindings/scripts/test/JS/JSTestObj.cpp:
2559         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod12):
2560         (WebCore::jsTestObjPrototypeFunctionVariadicStringMethod):
2561         (WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethod):
2562         (WebCore::jsTestObjPrototypeFunctionVariadicNodeMethod):
2563         * bindings/scripts/test/ObjC/DOMTestObj.h:
2564         * bindings/scripts/test/ObjC/DOMTestObj.mm:
2565
2566 2016-06-12  Zalan Bujtas  <zalan@apple.com>
2567
2568         Cleanup RenderBlock::removePositionedObjects
2569         https://bugs.webkit.org/show_bug.cgi?id=158670
2570
2571         Reviewed by Simon Fraser.
2572
2573         No change in functionality.
2574
2575         * rendering/RenderBlock.cpp:
2576         (WebCore::RenderBlock::insertPositionedObject):
2577         (WebCore::RenderBlock::removePositionedObject):
2578         (WebCore::RenderBlock::removePositionedObjects):
2579         * rendering/RenderBlock.h:
2580
2581 2016-06-12  Zalan Bujtas  <zalan@apple.com>
2582
2583         Remove positioned descendants when RenderBlock is no longer a containing block.
2584         https://bugs.webkit.org/show_bug.cgi?id=158655
2585         <rdar://problem/26510032>
2586
2587         Reviewed by Simon Fraser.
2588
2589         Normally the RenderView is the containing block for fixed positioned renderers.
2590         However when a renderer acquires some transform related properties, it becomes the containing
2591         block for all the fixed positioned renderers in its descendant tree.
2592         When the last transform related property is removed, the renderer is no longer a containing block
2593         and we need to remove all these positioned renderers from the descendant tracker map (gPositionedDescendantsMap).
2594         They will be inserted back into the tracker map during the next layout (either under the RenderView or
2595         under the next transformed renderer in the ancestor chain).
2596
2597         Test: fast/block/fixed-position-reparent-when-transition-is-removed.html
2598
2599         * rendering/RenderBlock.cpp:
2600         (WebCore::RenderBlock::removePositionedObjectsIfNeeded):
2601
2602 2016-06-11  Myles C. Maxfield  <mmaxfield@apple.com>
2603
2604         Addressing post-review comments after r201978.
2605         https://bugs.webkit.org/show_bug.cgi?id=158649
2606         <rdar://problem/13258122>
2607
2608         Unreviewed.
2609
2610         * platform/graphics/FontCache.cpp:
2611         (WebCore::FontCache::alternateFamilyName):
2612         * platform/graphics/cocoa/FontCacheCoreText.cpp:
2613         (WebCore::FontCache::platformAlternateFamilyName):
2614
2615 2016-06-11  Darin Adler  <darin@apple.com>
2616
2617         Tighten code to build set of tag names
2618         https://bugs.webkit.org/show_bug.cgi?id=158662
2619
2620         Reviewed by Alexey Proskuryakov.
2621
2622         * dom/Element.cpp:
2623         (WebCore::canAttachAuthorShadowRoot): Use an array of pointers that the loader
2624         can initialize as part of loading the library, rather than an array that needs
2625         to be initialized with code at runtime.
2626
2627 2016-06-11  Myles C. Maxfield  <mmaxfield@apple.com>
2628
2629         [Win] [EFL] Build fix after r201978.
2630         https://bugs.webkit.org/show_bug.cgi?id=158649
2631         <rdar://problem/13258122>
2632
2633         Unreviewed
2634
2635         * platform/graphics/freetype/FontCacheFreeType.cpp:
2636         (WebCore::FontCache::platformAlternateFamilyName):
2637         * platform/graphics/win/FontCacheWin.cpp:
2638
2639 2016-06-11  Myles C. Maxfield  <mmaxfield@apple.com>
2640
2641         [Cocoa] Map commonly used Chinese Windows font names to names present on Cocoa operating systems
2642         https://bugs.webkit.org/show_bug.cgi?id=158649
2643         <rdar://problem/13258122>
2644
2645         Reviewed by Darin Adler.
2646
2647         There are many Chinese websites which hardcode Windows font names.
2648         We should map these to fonts which best match them on Cocoa operating
2649         systems. We can do this by using our existing fallback font name
2650         infrastructure.
2651
2652         Tests: fast/text/chinese-font-name-aliases-2.html
2653                fast/text/chinese-font-name-aliases.html
2654
2655         * platform/graphics/FontCache.cpp:
2656         (WebCore::FontCache::alternateFamilyName):
2657         (WebCore::alternateFamilyName): Deleted.
2658         * platform/graphics/FontCache.h:
2659         * platform/graphics/cocoa/FontCacheCoreText.cpp:
2660         (WebCore::FontCache::platformAlternateFamilyName):
2661         * platform/graphics/freetype/FontCacheFreeType.cpp:
2662         (WebCore::FontCache::platformAlternateFamilyName):
2663         * platform/graphics/win/FontCacheWin.cpp:
2664         (WebCore::FontCache::platformAlternateFamilyName):
2665
2666 2016-06-11  Commit Queue  <commit-queue@webkit.org>
2667
2668         Unreviewed, rolling out r201967, r201968, and r201972.
2669         https://bugs.webkit.org/show_bug.cgi?id=158665
2670
2671         Caused flaky failures on IndexedDB tests (Requested by ap on
2672         #webkit).
2673
2674         Reverted changesets:
2675
2676         "Vary:Cookie validation doesn't work in private browsing"
2677         https://bugs.webkit.org/show_bug.cgi?id=158616
2678         http://trac.webkit.org/changeset/201967
2679
2680         "Build fix."
2681         http://trac.webkit.org/changeset/201968
2682
2683         "WinCairo build fix attempt."
2684         http://trac.webkit.org/changeset/201972
2685
2686 2016-06-11  Konstantin Tokarev  <annulen@yandex.ru>
2687
2688         Fixed compilation of LocaleICU with ENABLE(DATE_AND_TIME_INPUT_TYPES)
2689         https://bugs.webkit.org/show_bug.cgi?id=158659
2690
2691         Reviewed by Darin Adler.
2692
2693         No new tests needed.
2694
2695         * platform/text/LocaleICU.cpp:
2696         (WebCore::getFormatForSkeleton):
2697         (WebCore::LocaleICU::monthFormat):
2698         (WebCore::LocaleICU::shortMonthFormat):
2699
2700 2016-06-11  Antti Koivisto  <antti@apple.com>
2701
2702         WinCairo build fix attempt.
2703
2704         * platform/network/NetworkStorageSession.cpp:
2705         * platform/network/NetworkStorageSession.h:
2706         * platform/network/NetworkStorageSessionStub.cpp:
2707         (WebCore::NetworkStorageSession::NetworkStorageSession):
2708         (WebCore::NetworkStorageSession::context):
2709         (WebCore::NetworkStorageSession::createPrivateBrowsingSession):
2710         (WebCore::NetworkStorageSession::switchToNewTestingSession):
2711         (WebCore::NetworkStorageSession::~NetworkStorageSession): Deleted.
2712         (WebCore::defaultSession): Deleted.
2713         (WebCore::NetworkStorageSession::defaultStorageSession): Deleted.
2714
2715 2016-06-11  Myles C. Maxfield  <mmaxfield@apple.com>
2716
2717         Deleting a CSSOM style rule invalidates any previously-added FontFaces
2718         https://bugs.webkit.org/show_bug.cgi?id=158450
2719
2720         Reviewed by Darin Adler.
2721
2722         This patch has two pieces: updating the CSSOM when the FontFace changes, and
2723         updating the FontFace when the CSSOM changes.
2724
2725         1: Updating the CSSOM when the FontFace changes: CSSFontFaces already have a RefPtr
2726         to their StyleRuleFontFace which represents their CSS-connection. When changing a
2727         property of the CSSFontFace, we simply reach into the StyleRule and update it to
2728         match. Our existing infrastructure of invalidation due to the attribute changes
2729         makes sure that all the necessary updates occur.
2730
2731         2. Updating the FontFace when the CSSOM changes: If the CSSOM changes in a trivial
2732         way (for example, a new @font-face is appended to the end of the last <style>
2733         element), we can handle it directly. However, when something more invasive occurs,
2734         we end up clearing the entire CSSFontSelector, and then adding all the style rules
2735         from scratch. This involves three steps:
2736             a) CSSFontSelector::buildStarted() is run, which means "we're about to start
2737                building up all the @font-face rules from scratch." We take this opportunity
2738                to purge as many fonts as possible. This is valuable because, for example,
2739                this function gets run when the page gets put into the page cache, so we
2740                want to destroy as much as possible. Not everything can be purged, however -
2741                only CSS-connected fonts which have never been inspected by script are
2742                purgeable. We don't allow fonts inspected by script to be purged because
2743                purging might result in a font appearing from JavaScript to transition from
2744                a success -> failure state, which we don't allow.
2745             b) Upon style recalc (possibly asynchronously) CSSFontSelector::addFontFaceRule()
2746                is called for each @font-face rule. We actually detect that we're in the
2747                middle of a style rebuild, and defer this step.
2748             c) When we're done adding all the font face rules, we call
2749                CSSFontSelector::buildCompleted(). This is where we compare the newly built-
2750                up list of font faces with what existed previously (as remembered in
2751                CSSFontSelector::buildStarted()) in order to detect font faces which were
2752                deleted from the document. Fonts which were newly added to the document
2753                are handled naturally.
2754                Fonts which have a property modified on them are created as if they were new.
2755                However, instead of simply adding the CSSFontFace, we search for the existing
2756                CSSFontFace (by CSS connection pointer) and tell the existing FontFace to
2757                adopt this new CSSFontFace. This means that the JavaScript object will just
2758                pick up any newly-written values in the CSSOM. It also means that the
2759                "status" attribute of the JavaScript object is reset, but this is expected
2760                and allowed by the spec. (For example, if you change the "src" attribute of
2761                an @font-face block via the CSSOM, all bets are off when you inspect the
2762                FontFace JS object representing that block.)
2763
2764         Test: fast/text/font-face-set-cssom.html
2765
2766         * css/CSSFontFace.cpp:
2767         (WebCore::CSSFontFace::CSSFontFace):
2768         (WebCore::CSSFontFace::setFamilies):
2769         (WebCore::CSSFontFace::setStyle):
2770         (WebCore::CSSFontFace::setWeight):
2771         (WebCore::CSSFontFace::setUnicodeRange):
2772         (WebCore::CSSFontFace::setVariantLigatures):
2773         (WebCore::CSSFontFace::setVariantPosition):
2774         (WebCore::CSSFontFace::setVariantCaps):
2775         (WebCore::CSSFontFace::setVariantNumeric):
2776         (WebCore::CSSFontFace::setVariantAlternates):
2777         (WebCore::CSSFontFace::setVariantEastAsian):
2778         (WebCore::CSSFontFace::setFeatureSettings):
2779         (WebCore::CSSFontFace::initializeWrapper):
2780         (WebCore::CSSFontFace::wrapper):
2781         (WebCore::CSSFontFace::setWrapper):
2782         (WebCore::CSSFontFace::purgeable):
2783         (WebCore::CSSFontFace::updateStyleIfNeeded):
2784         * css/CSSFontFace.h:
2785         * css/CSSFontFaceSet.cpp:
2786         (WebCore::CSSFontFaceSet::remove):
2787         (WebCore::CSSFontFaceSet::containsCSSConnection):
2788         (WebCore::CSSFontFaceSet::purge):
2789         * css/CSSFontFaceSet.h:
2790         * css/CSSFontSelector.cpp:
2791         (WebCore::CSSFontSelector::buildStarted):
2792         (WebCore::CSSFontSelector::buildCompleted):
2793         (WebCore::CSSFontSelector::addFontFaceRule):
2794         * css/CSSFontSelector.h:
2795         * css/FontFace.cpp:
2796         (WebCore::FontFace::family):
2797         (WebCore::FontFace::style):
2798         (WebCore::FontFace::weight):
2799         (WebCore::FontFace::unicodeRange):
2800         (WebCore::FontFace::variant):
2801         (WebCore::FontFace::featureSettings):
2802         (WebCore::FontFace::adopt):
2803         * css/FontFace.h:
2804
2805 2016-06-11  Chris Dumez  <cdumez@apple.com>
2806
2807         WorkerNavigator is missing some attributes
2808         https://bugs.webkit.org/show_bug.cgi?id=158593
2809         <rdar://problem/26731334>
2810
2811         Reviewed by Darin Adler.
2812
2813         Add attributes that are missing on WorkerNavigator:
2814         - appCodeName
2815         - hardwareConcurrency
2816         - language
2817         - product
2818         - productSub
2819         - vendor
2820         - vendorSub
2821
2822         Firefox and Chrome already expose those attributes.
2823
2824         Relevant specification:
2825         https://html.spec.whatwg.org/multipage/workers.html#the-workernavigator-object
2826
2827         This patch also refactors the IDL to match the specification more
2828         closely and promote sharing between Navigator and WorkerNavigator.
2829
2830         No new tests, updated existing test.
2831
2832         * CMakeLists.txt:
2833         * DerivedSources.make:
2834         Add new supplemental IDL files.
2835
2836         * page/Navigator.cpp:
2837         * page/Navigator.h:
2838         Moved language() / hardwareConcurrency() from Navigator to NavigatorBase
2839         so that it can be used by NavigatorWorker as well.
2840
2841         * page/NavigatorBase.h:
2842         * page/NavigatorBase.cpp:
2843         (WebCore::NavigatorBase::language):
2844         The implementation still calls defaultLanguage() but I updated it to be
2845         thread safe on all platforms.
2846
2847         (WebCore::NavigatorBase::hardwareConcurrency):
2848         Use std::call_once() for thread safety.
2849
2850         * page/Navigator.idl:
2851         * page/NavigatorConcurrentHardware.idl: Copied from Source/WebCore/page/WorkerNavigator.idl.
2852         * page/NavigatorID.idl: Copied from Source/WebCore/page/WorkerNavigator.idl.
2853         * page/NavigatorLanguage.idl: Copied from Source/WebCore/page/WorkerNavigator.idl.
2854         * page/NavigatorOnLine.idl: Copied from Source/WebCore/page/WorkerNavigator.idl.
2855         * page/WorkerNavigator.idl:
2856         Move several attributes to their own supplemental interfaces to match
2857         the specification and promote sharing with WorkerNavigator.
2858
2859         * platform/Language.cpp:
2860         (WebCore::userPreferredLanguages):
2861         * platform/Language.h:
2862         Made thread-safe on all platforms.
2863
2864 2016-06-11  Antti Koivisto  <antti@apple.com>
2865
2866         Build fix.
2867
2868         * platform/network/cf/NetworkStorageSessionCFNet.cpp:
2869         (WebCore::NetworkStorageSession::switchToNewTestingSession):
2870
2871 2016-06-10  Antti Koivisto  <antti@apple.com>
2872
2873         Vary:Cookie validation doesn't work in private browsing
2874         https://bugs.webkit.org/show_bug.cgi?id=158616
2875         rdar://problem/26755067
2876
2877         Reviewed by Darin Adler.
2878
2879         This wasn't implemented because there was no way to get NetworkStorageSession from
2880         a SessionID on WebCore side.
2881
2882         The patch adds a simple WebCore level weak map that allows getting NetworkStorageSessions
2883         from SessionID. This seemed like the cleanest way to do this without a big refactoring
2884         around the currently WebKit2 level SessionTracker.
2885
2886         * CMakeLists.txt:
2887         * WebCore.xcodeproj/project.pbxproj:
2888         * platform/network/CacheValidation.cpp:
2889         (WebCore::headerValueForVary):
2890
2891             Get NetworkStorageSession from SessionID for cookies
2892
2893         (WebCore::verifyVaryingRequestHeaders):
2894         * platform/network/NetworkStorageSession.cpp: Added.
2895
2896             Add platform independent .cpp for NetworkStorageSession.
2897             Implement a weak map for SessionID -> NetworkStorageSession.
2898
2899         (WebCore::sessionsMap):
2900         (WebCore::NetworkStorageSession::NetworkStorageSession):
2901         (WebCore::NetworkStorageSession::~NetworkStorageSession):
2902         (WebCore::NetworkStorageSession::forSessionID):
2903
2904             Get NetworkStorageSession for sessionID.
2905
2906         * platform/network/NetworkStorageSession.h:
2907         (WebCore::NetworkStorageSession::sessionID):
2908         (WebCore::NetworkStorageSession::credentialStorage):
2909         * platform/network/cf/NetworkStorageSessionCFNet.cpp:
2910         (WebCore::NetworkStorageSession::NetworkStorageSession):
2911
2912             Call to common constructor.
2913
2914         (WebCore::defaultNetworkStorageSession):
2915         * platform/network/soup/NetworkStorageSessionSoup.cpp:
2916         (WebCore::NetworkStorageSession::NetworkStorageSession):
2917
2918             Call to common constructor.
2919
2920         (WebCore::defaultSession):
2921         (WebCore::NetworkStorageSession::~NetworkStorageSession): Deleted.
2922
2923 2016-06-10  Ada Chan  <adachan@apple.com>
2924
2925         Use the video element's video box when getting the inline video rect in WebVideoFullscreenManager
2926         https://bugs.webkit.org/show_bug.cgi?id=158351
2927         <rdar://problem/26567938>
2928
2929         Reviewed by Darin Adler.
2930
2931         * WebCore.xcodeproj/project.pbxproj:
2932         Change the visibility of RenderVideo.h and RenderMedia.h since we'll be importing RenderVideo.h from WebKit2.
2933         * rendering/RenderVideo.h:
2934
2935 2016-06-10  Benjamin Poulain  <bpoulain@apple.com>
2936
2937         Add support for passive event listeners on touch events
2938         https://bugs.webkit.org/show_bug.cgi?id=158601
2939
2940         Reviewed by Simon Fraser.
2941
2942         This patch wires "passive" state of EventTarget to the delivery of touch
2943         events in WebKit2.
2944
2945         Instead of having a NonFastScrollableRegion, we have a pair of regions
2946         in EventTrackingRegions.
2947         The "asynchronousDispatchRegion" tracks the area for which all event
2948         listeners are passive. For those, events should be dispatched asynchronously.
2949         The "synchronousDispatchRegion" tracks the area for which there is at
2950         least one active event listener. Events have to be dispatched synchronously
2951         for correctness.
2952
2953         Tests: fast/events/touch/ios/tap-with-active-listener-on-elements.html
2954                fast/events/touch/ios/tap-with-active-listener-on-window.html
2955                fast/events/touch/ios/tap-with-passive-listener-on-elements.html
2956                fast/events/touch/ios/tap-with-passive-listener-on-window.html
2957
2958         * WebCore.xcodeproj/project.pbxproj:
2959         * dom/Document.cpp:
2960         (WebCore::Document::wheelEventHandlersChanged):
2961         (WebCore::Document::Document): Deleted.
2962         * dom/Document.h:
2963
2964         * dom/EventListenerMap.cpp:
2965         (WebCore::EventListenerMap::containsActive):
2966         If a Target has multiple listener for an event type, we want to know
2967         if any of them is active.
2968
2969         * dom/EventListenerMap.h:
2970         * dom/EventTarget.cpp:
2971         (WebCore::EventTarget::hasActiveEventListeners):
2972         (WebCore::EventTarget::hasActiveTouchEventListeners):
2973         * dom/EventTarget.h:
2974
2975         * page/DebugPageOverlays.cpp:
2976         (WebCore::NonFastScrollableRegionOverlay::updateRegion):
2977         I did not change the debug overlays.
2978         The NonFastScrollable area is the region for which events needs
2979         synchronous dispatch. Everything else should scroll without delay.
2980
2981         * page/FrameView.cpp:
2982         (WebCore::FrameView::scrollableAreaSetChanged):
2983         * page/Page.cpp:
2984         (WebCore::Page::nonFastScrollableRects):
2985         * page/scrolling/AsyncScrollingCoordinator.cpp:
2986         (WebCore::AsyncScrollingCoordinator::setEventTrackingRegionsDirty):
2987         (WebCore::AsyncScrollingCoordinator::willCommitTree):
2988         (WebCore::AsyncScrollingCoordinator::updateEventTrackingRegions):
2989         (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated):
2990         (WebCore::AsyncScrollingCoordinator::frameViewEventTrackingRegionsChanged):
2991         (WebCore::AsyncScrollingCoordinator::scrollingStateTreeAsText):
2992         (WebCore::AsyncScrollingCoordinator::setNonFastScrollableRegionDirty): Deleted.
2993         (WebCore::AsyncScrollingCoordinator::updateNonFastScrollableRegion): Deleted.
2994         (WebCore::AsyncScrollingCoordinator::frameViewNonFastScrollableRegionChanged): Deleted.
2995         * page/scrolling/AsyncScrollingCoordinator.h:
2996         (WebCore::AsyncScrollingCoordinator::eventTrackingRegionsDirty):
2997         (WebCore::AsyncScrollingCoordinator::nonFastScrollableRegionDirty): Deleted.
2998
2999         * page/scrolling/ScrollingCoordinator.cpp:
3000         (WebCore::ScrollingCoordinator::absoluteEventTrackingRegionsForFrame):
3001         (WebCore::ScrollingCoordinator::absoluteEventTrackingRegions):
3002         (WebCore::ScrollingCoordinator::absoluteNonFastScrollableRegionForFrame): Deleted.
3003         (WebCore::ScrollingCoordinator::absoluteNonFastScrollableRegion): Deleted.
3004         I intentionally left the Wheel event with synchronous dispatch.
3005         This use case will need its own set of tests.
3006
3007         * page/scrolling/ScrollingCoordinator.h:
3008         (WebCore::ScrollingCoordinator::frameViewEventTrackingRegionsChanged):
3009         (WebCore::ScrollingCoordinator::frameViewNonFastScrollableRegionChanged): Deleted.
3010         * page/scrolling/ScrollingStateFrameScrollingNode.cpp:
3011         (WebCore::ScrollingStateFrameScrollingNode::ScrollingStateFrameScrollingNode):
3012         (WebCore::ScrollingStateFrameScrollingNode::setEventTrackingRegions):
3013         (WebCore::ScrollingStateFrameScrollingNode::dumpProperties):
3014         (WebCore::ScrollingStateFrameScrollingNode::setNonFastScrollableRegion): Deleted.
3015         * page/scrolling/ScrollingStateFrameScrollingNode.h:
3016         * page/scrolling/ScrollingTree.cpp:
3017         (WebCore::ScrollingTree::shouldHandleWheelEventSynchronously):
3018         (WebCore::ScrollingTree::commitNewTreeState):
3019         (WebCore::ScrollingTree::eventTrackingTypeForPoint):
3020         (WebCore::ScrollingTree::isPointInNonFastScrollableRegion): Deleted.
3021         * page/scrolling/ScrollingTree.h:
3022         * page/scrolling/mac/ScrollingCoordinatorMac.mm:
3023         (WebCore::ScrollingCoordinatorMac::scheduleTreeStateCommit):
3024         * platform/EventTrackingRegions.h: Added.
3025         (WebCore::EventTrackingRegions::isEmpty):
3026         (WebCore::EventTrackingRegions::trackingTypeForPoint):
3027         (WebCore::operator==):
3028
3029 2016-06-10  Enrica Casucci  <enrica@apple.com>
3030
3031         REGRESSION(r198177): Cannot paste an image when the pasteboard format is mime type.
3032         https://bugs.webkit.org/show_bug.cgi?id=158590
3033         rdar://problem/25471371
3034
3035         Reviewed by Darin Adler.
3036
3037         When creating a fragment from an image resource, the resource needs to
3038         be added to the document loader before setting the src attribute to the
3039         image element, otherwise loading is triggered and the loading fails.
3040         In r198177 the order of the operations was changed causing the bug.
3041         This patch adds support to test the scenario where the image in the pasteboard
3042         is available only as mime type (not WebArchive or RTFD), a situation that occurs
3043         more frequently on iOS.
3044
3045         Test: editing/pasteboard/image-in-iframe.html
3046
3047         * editing/ios/EditorIOS.mm:
3048         (WebCore::Editor::createFragmentForImageResourceAndAddResource):
3049         * editing/mac/EditorMac.mm:
3050         (WebCore::Editor::WebContentReader::readWebArchive):
3051         (WebCore::Editor::WebContentReader::readRTFD):
3052         (WebCore::Editor::WebContentReader::readRTF):
3053         (WebCore::Editor::createFragmentForImageResourceAndAddResource):
3054         * page/Settings.cpp:
3055         (WebCore::Settings::setImagesEnabled):
3056         (WebCore::Settings::setPreferMimeTypeForImages):
3057         (WebCore::Settings::setForcePendingWebGLPolicy):
3058         * page/Settings.h:
3059         (WebCore::Settings::areImagesEnabled):
3060         (WebCore::Settings::preferMimeTypeForImages):
3061         (WebCore::Settings::arePluginsEnabled):
3062         * testing/InternalSettings.cpp:
3063         (WebCore::InternalSettings::Backup::restoreTo):
3064         (WebCore::InternalSettings::setLangAttributeAwareFormControlUIEnabled):
3065         (WebCore::InternalSettings::setPreferMimeTypeForImages):
3066         (WebCore::InternalSettings::setImagesEnabled):
3067         * testing/InternalSettings.h:
3068         * testing/InternalSettings.idl:
3069
3070 2016-06-10  Alex Christensen  <achristensen@webkit.org>
3071
3072         Fix WinCairo build after r201943
3073
3074         * platform/network/curl/MultipartHandle.cpp:
3075         (WebCore::MultipartHandle::didReceiveResponse):
3076         * platform/network/curl/ResourceHandleManager.cpp:
3077         (WebCore::handleLocalReceiveResponse):
3078         (WebCore::headerCallback):
3079         (WebCore::ResourceHandleManager::dispatchSynchronousJob):
3080
3081 2016-06-10  Alex Christensen  <achristensen@webkit.org>
3082
3083         handleDataURL is only used by curl
3084         https://bugs.webkit.org/show_bug.cgi?id=158636
3085
3086         Reviewed by Tim Horton.
3087
3088         * CMakeLists.txt:
3089         * platform/network/DataURL.cpp: Removed.
3090         * platform/network/DataURL.h: Removed.
3091         * platform/network/curl/ResourceHandleManager.cpp:
3092         (WebCore::ResourceHandleManager::startScheduledJobs):
3093         (WebCore::handleDataURL):
3094         (WebCore::ResourceHandleManager::dispatchSynchronousJob):
3095
3096 2016-06-10  Alex Christensen  <achristensen@webkit.org>
3097
3098         Reduce ResourceResponse copying
3099         https://bugs.webkit.org/show_bug.cgi?id=158232
3100
3101         Reviewed by Darin Adler.
3102
3103         No new tests.  No change in behavior except removing an unnecessary copy on cocoa platforms.
3104
3105         * loader/ResourceLoader.cpp:
3106         (WebCore::ResourceLoader::didSendData):
3107         (WebCore::ResourceLoader::didReceiveResponse):
3108         * loader/ResourceLoader.h:
3109         * loader/appcache/ApplicationCacheGroup.cpp:
3110         (WebCore::ApplicationCacheGroup::createResourceHandle):
3111         (WebCore::ApplicationCacheGroup::didReceiveResponse):
3112         * loader/appcache/ApplicationCacheGroup.h:
3113         * platform/graphics/PlatformMediaResourceLoader.h:
3114         (WebCore::PlatformMediaResourceClient::~PlatformMediaResourceClient):
3115         (WebCore::PlatformMediaResourceClient::responseReceived):
3116         (WebCore::PlatformMediaResourceClient::redirectReceived):
3117         (WebCore::PlatformMediaResourceClient::shouldCacheResponse):
3118         (WebCore::PlatformMediaResourceClient::dataSent):
3119         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.h:
3120         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
3121         (ResourceHandleStreamingClient::willSendRequest):
3122         (ResourceHandleStreamingClient::didReceiveResponse):
3123         * platform/network/BlobResourceHandle.cpp:
3124         (WebCore::BlobResourceHandle::notifyResponseOnSuccess):
3125         (WebCore::BlobResourceHandle::notifyResponseOnError):
3126         (WebCore::BlobResourceHandle::notifyReceiveData):
3127         * platform/network/DataURL.cpp:
3128         (WebCore::handleDataURL):
3129         * platform/network/PingHandle.h:
3130         (WebCore::PingHandle::PingHandle):
3131         * platform/network/ResourceHandleClient.cpp:
3132         (WebCore::ResourceHandleClient::willSendRequestAsync):
3133         (WebCore::ResourceHandleClient::didReceiveResponseAsync):
3134         * platform/network/ResourceHandleClient.h:
3135         (WebCore::ResourceHandleClient::didSendData):
3136         (WebCore::ResourceHandleClient::didReceiveResponse):
3137         (WebCore::ResourceHandleClient::didReceiveData):
3138         * platform/network/ResourceResponseBase.cpp:
3139         (WebCore::ResourceResponseBase::ResourceResponseBase):
3140         (WebCore::ResourceResponseBase::includeCertificateInfo):
3141         (WebCore::ResourceResponseBase::suggestedFilename):
3142         (WebCore::ResourceResponseBase::certificateInfo): Deleted.
3143         * platform/network/ResourceResponseBase.h:
3144         (WebCore::ResourceResponseBase::certificateInfo):
3145         (WebCore::ResourceResponseBase::encode):
3146         (WebCore::ResourceResponseBase::decode):
3147         (WebCore::ResourceResponseBase::containsCertificateInfo): Deleted.
3148         * platform/network/SynchronousLoaderClient.cpp:
3149         (WebCore::SynchronousLoaderClient::canAuthenticateAgainstProtectionSpace):
3150         (WebCore::SynchronousLoaderClient::didReceiveResponse):
3151         (WebCore::SynchronousLoaderClient::didReceiveData):
3152         * platform/network/SynchronousLoaderClient.h:
3153         * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
3154         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
3155         * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp:
3156         (WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveResponse):
3157         (WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveData):
3158         * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
3159         (-[WebCoreResourceHandleAsDelegate connection:didReceiveResponse:]):
3160         * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
3161         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
3162         * platform/network/soup/ResourceHandleSoup.cpp:
3163         (WebCore::nextMultipartResponsePartCallback):
3164         (WebCore::sendRequestCallback):
3165
3166 2016-06-09  Ryosuke Niwa  <rniwa@webkit.org>
3167
3168         Add SPI to disable spellchecking on auto-fillable text fields
3169         https://bugs.webkit.org/show_bug.cgi?id=158611
3170
3171         Reviewed by Anders Carlsson.
3172
3173         Added a boolean flag m_isSpellCheckingEnabled to HTMLInputElement. This flag defaults to true, and can be set
3174         to false by WebKit2 C API.
3175
3176         * editing/Editor.cpp:
3177         (WebCore::Editor::isSpellCheckingEnabledFor): Fixed a bug that we were calling isSpellCheckingEnabled on
3178         the div inside an input element's shadow tree instead of the input element itself.
3179         * html/HTMLInputElement.cpp:
3180         (WebCore::HTMLInputElement::HTMLInputElement): Initialize m_spellcheckEnabled to true (it's a bit field).
3181         (WebCore::HTMLInputElement::isSpellCheckingEnabled): Added. Return false if m_spellcheckEnabled is false.
3182         * html/HTMLInputElement.h:
3183         (WebCore::HTMLInputElement::setSpellcheckEnabled): Added.
3184
3185 2016-06-10  Alex Christensen  <achristensen@webkit.org>
3186
3187         Introduce WTF::UniqueRef
3188         https://bugs.webkit.org/show_bug.cgi?id=158596
3189
3190         Reviewed by Brady Eidson.
3191
3192         No new tests.  No change in behavior.
3193
3194         * inspector/InspectorOverlay.cpp:
3195         (WebCore::InspectorOverlay::overlayPage):
3196         * loader/EmptyClients.cpp:
3197         (WebCore::fillWithEmptyClients):
3198         * page/Page.cpp:
3199         (WebCore::Page::Page):
3200         * page/Page.h:
3201         (WebCore::Page::canStartMedia):
3202         (WebCore::Page::editorClient):
3203         (WebCore::Page::plugInClient):
3204         (WebCore::Page::mainFrame):
3205         (WebCore::Page::groupPtr): Deleted.
3206         * page/PageConfiguration.cpp:
3207         (WebCore::PageConfiguration::PageConfiguration):
3208         * page/PageConfiguration.h:
3209         * svg/graphics/SVGImage.cpp:
3210         (WebCore::SVGImage::dataChanged):
3211
3212 2016-06-10  Joseph Pecoraro  <pecoraro@apple.com>
3213
3214         Web Inspector: Cleanup InspectorIndexedDBAgent a bit
3215         https://bugs.webkit.org/show_bug.cgi?id=158598
3216
3217         Reviewed by Darin Adler.
3218
3219         * inspector/InspectorIndexedDBAgent.cpp:
3220
3221 2016-06-10  Youenn Fablet  <youenn.fablet@crf.canon.fr>
3222
3223         Origin header is not included in CORS requests for preloaded cross-origin resources
3224         https://bugs.webkit.org/show_bug.cgi?id=155761
3225         <rdar://problem/25351850>
3226
3227         Reviewed by Alex Christensen.
3228
3229         Making HTML preloader fully aware of crossorigin attribute value.
3230         Introducing CachedResourceRequest::setAsPotentiallyCrossOrigin as a helper routine to activate CORS mode.
3231         Making HTMLLinkElement and HTMLResourcePreloader use that routine.
3232         Making TokenPreloadScanner store the crossorigin attribute value in preload requests.
3233         Making TokenPreloadScanner store the crossorigin attribute value for link elements.
3234
3235         Test: http/tests/security/cross-origin-css-9.html
3236
3237         * html/HTMLLinkElement.cpp:
3238         (WebCore::HTMLLinkElement::process):
3239         * html/parser/HTMLPreloadScanner.cpp:
3240         (WebCore::TokenPreloadScanner::StartTagScanner::createPreloadRequest):
3241         (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):
3242         * html/parser/HTMLResourcePreloader.cpp:
3243         (WebCore::crossOriginModeAllowsCookies):
3244         (WebCore::PreloadRequest::resourceRequest):
3245         * html/parser/HTMLResourcePreloader.h:
3246         (WebCore::PreloadRequest::setCrossOriginMode):
3247         (WebCore::PreloadRequest::PreloadRequest): Deleted.
3248         (WebCore::PreloadRequest::resourceType): Deleted.
3249         * loader/cache/CachedResourceRequest.cpp:
3250         (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin):
3251         * loader/cache/CachedResourceRequest.h:
3252
3253 2016-06-10  Chris Dumez  <cdumez@apple.com>
3254
3255         ErrorEvent / ProgressEvent should be exposed to workers
3256         https://bugs.webkit.org/show_bug.cgi?id=158606
3257
3258         Reviewed by Brady Eidson.
3259
3260         ErrorEvent / ProgressEvent should be exposed to workers:
3261         - https://html.spec.whatwg.org/multipage/webappapis.html#errorevent
3262         - https://xhr.spec.whatwg.org/#interface-progressevent
3263
3264         Firefox and Chrome both already expose those.
3265
3266         No new tests, rebaselined existing test.
3267
3268         * dom/ErrorEvent.idl:
3269         * dom/ProgressEvent.idl:
3270
3271 2016-06-10  Chris Dumez  <cdumez@apple.com>
3272
3273         MessagePort should be exposed to workers
3274         https://bugs.webkit.org/show_bug.cgi?id=158607
3275
3276         Reviewed by Brady Eidson.
3277
3278         MessagePort should be exposed to workers:
3279         https://html.spec.whatwg.org/multipage/comms.html#messageport
3280
3281         Firefox and Chrome both already expose it.
3282
3283         No new tests, rebaselined existing test.
3284
3285         * dom/MessagePort.idl:
3286
3287 2016-06-10  Youenn Fablet  <youenn.fablet@crf.canon.fr>
3288
3289         Move preflight check code outside of DocumentThreadableLoader
3290         https://bugs.webkit.org/show_bug.cgi?id=158425
3291
3292         Reviewed by Darin Adler.
3293
3294         Moving preflight check code in its own class.
3295         This allows code to be easier to read, use/reuse and update.
3296
3297         Behavior should be the same as before except in the case of a preflight response
3298         being a 3XX redirect response.
3299         Before this patch, the 3XX response was directly passed to the code processing regular responses.
3300         To keep compatibility with existing tests, a didFailRedirectCheck callback is called.
3301         This should be change to a preflight failure.
3302
3303         Covered by existing tests.
3304
3305         * CMakeLists.txt:
3306         * WebCore.xcodeproj/project.pbxproj:
3307         * loader/CrossOriginPreflightChecker.cpp: Added.
3308         (WebCore::CrossOriginPreflightChecker::CrossOriginPreflightChecker):
3309         (WebCore::CrossOriginPreflightChecker::~CrossOriginPreflightChecker):
3310         (WebCore::CrossOriginPreflightChecker::handleLoadingFailure):
3311         (WebCore::CrossOriginPreflightChecker::validatePreflightResponse):
3312         (WebCore::CrossOriginPreflightChecker::notifyFinished):
3313         (WebCore::CrossOriginPreflightChecker::startPreflight):
3314         (WebCore::CrossOriginPreflightChecker::doPreflight):
3315         (WebCore::CrossOriginPreflightChecker::redirectReceived):
3316         (WebCore::CrossOriginPreflightChecker::setDefersLoading):
3317         (WebCore::CrossOriginPreflightChecker::isXMLHttpRequest):
3318         * loader/CrossOriginPreflightChecker.h: Added.
3319         * loader/DocumentThreadableLoader.cpp:
3320         (WebCore::DocumentThreadableLoader::create):
3321         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
3322         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight):
3323         (WebCore::DocumentThreadableLoader::setDefersLoading):
3324         (WebCore::DocumentThreadableLoader::clearResource):
3325         (WebCore::DocumentThreadableLoader::didReceiveResponse):
3326         (WebCore::DocumentThreadableLoader::didReceiveData):
3327         (WebCore::DocumentThreadableLoader::notifyFinished):
3328         (WebCore::DocumentThreadableLoader::didFinishLoading):
3329         (WebCore::DocumentThreadableLoader::didFail):
3330         (WebCore::DocumentThreadableLoader::preflightSuccess):
3331         (WebCore::DocumentThreadableLoader::preflightFailure):
3332         (WebCore::DocumentThreadableLoader::loadRequest):
3333         (WebCore::DocumentThreadableLoader::responseReceived): Deleted.
3334         (WebCore::DocumentThreadableLoader::dataReceived): Deleted.
3335         (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Deleted.
3336         * loader/DocumentThreadableLoader.h:
3337         (WebCore::DocumentThreadableLoader::options):
3338         (WebCore::DocumentThreadableLoader::isLoading):
3339         (WebCore::DocumentThreadableLoader::document):
3340
3341 2016-06-10  Adam Bergkvist  <adam.bergkvist@ericsson.com>
3342
3343         WebRTC: Imlement MediaEndpointPeerConnection::createAnswer()
3344         https://bugs.webkit.org/show_bug.cgi?id=158566
3345
3346         Reviewed by Eric Carlson.
3347
3348         Add the MediaEndpointPeerConnection implementation of RTCPeerConnection.createAnswer [1].
3349         createAnswer() creates a 'reply' to an remote offer set with setRemoteDescription(),
3350         completes the offer/answer dialog and brings the RTCPeerConnection back to the 'stable'
3351         signaling state.
3352
3353         [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#dom-rtcpeerconnection-createanswer
3354
3355         Test: fast/mediastream/RTCPeerConnection-inspect-answer.html
3356
3357         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
3358         (WebCore::MediaEndpointPeerConnection::createOfferTask):
3359         Align creation of RTCSessionDescription with createAnswerTask.
3360         (WebCore::MediaEndpointPeerConnection::createAnswer):
3361         (WebCore::MediaEndpointPeerConnection::createAnswerTask):
3362         Add Implementation.
3363         * Modules/mediastream/MediaEndpointPeerConnection.h:
3364
3365 2016-06-08  Sergio Villar Senin  <svillar@igalia.com>
3366
3367         [css-grid] CRASH when getting the computed style of a grid with only absolutely positioned children
3368         https://bugs.webkit.org/show_bug.cgi?id=158537
3369
3370         Reviewed by Darin Adler.
3371
3372         Absolute positioning occurs after layout of the grid and its in-flow contents, and does not
3373         contribute to the sizing of any grid tracks or affect the size/configuration of the grid in
3374         any way. This means that we should treat as empty any grid whose only children are
3375         absolutely positioned items.
3376
3377         Since r201510 empty grids are no longer internally represented by a 1x1 matrix. As we were
3378         not considering grids-with-only-absolutely-positioned-children as empty, we were trying to
3379         access some invalid position in the internal representation of the grid triggering an ASSERT
3380         in debug builds and a crash in release.
3381
3382         Test: fast/css-grid-layout/grid-only-abspos-item-computed-style-crash.html
3383
3384         * css/CSSComputedStyleDeclaration.cpp:
3385         (WebCore::valueForGridTrackList):
3386
3387 2016-06-10  Chris Dumez  <cdumez@apple.com>
3388
3389         DOMException should be exposed to workers
3390         https://bugs.webkit.org/show_bug.cgi?id=158608
3391
3392         Reviewed by Alex Christensen.
3393
3394         DOMException should be exposed to workers:
3395         https://heycam.github.io/webidl/#es-DOMException-call
3396
3397         Both Firefox and Chrome expose DOMException to workers already.
3398
3399         No new tests, rebaselined existing test.
3400
3401         * dom/DOMCoreException.idl:
3402
3403 2016-06-09  Alex Christensen  <achristensen@webkit.org>
3404
3405         Fix CMake build.
3406
3407         * PlatformMac.cmake:
3408
3409 2016-06-09  Alex Christensen  <achristensen@webkit.org>
3410
3411         Fix AppleWin build after r201901.
3412         https://bugs.webkit.org/show_bug.cgi?id=119839
3413
3414         * platform/graphics/ca/win/PlatformCALayerWin.cpp:
3415         (PlatformCALayerWin::backingStoreAttached):
3416         (PlatformCALayerWin::userInteractionEnabled):
3417         (PlatformCALayerWin::setUserInteractionEnabled):
3418         (PlatformCALayerWin::geometryFlipped):
3419         * platform/graphics/ca/win/PlatformCALayerWin.h:
3420
3421 2016-06-09  Chris Fleizach  <cfleizach@apple.com>
3422
3423         AX: VoiceOver Unable to View Download Progress or Completion Status for Mail Attachments
3424         https://bugs.webkit.org/show_bug.cgi?id=158581
3425
3426         Reviewed by Darin Adler.
3427
3428         Update attachment element accessibility so that:
3429            1) the action name comes first to match UI
3430            2) on iOS, it has the updates frequently trait
3431
3432         Make sure this test now runs on iOS as well.
3433
3434         Modified tests: accessibility/attachment-element.html
3435
3436         * accessibility/AccessibilityAttachment.cpp:
3437         (WebCore::AccessibilityAttachment::accessibilityText):
3438         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
3439         (-[WebAccessibilityObjectWrapper accessibilityCanFuzzyHitTest]):
3440         (-[WebAccessibilityObjectWrapper accessibilityTraits]):
3441         (-[WebAccessibilityObjectWrapper accessibilityValue]):