[WebKit-https.git] / Source / WebCore / ChangeLog

2016-07-25  Chris Dumez  <cdumez@apple.com>

        ClientRect properties should be on the prototype
        https://bugs.webkit.org/show_bug.cgi?id=160165

        Reviewed by Geoffrey Garen.

        Move ClientRect properties from the instance to the prototype. This
        matches the specification, Firefox and Chrome.

        Also add a serializer to ClientRect in order to match the specification:
        - https://drafts.fxtf.org/geometry/Overview.html#domrectreadonly
        - https://heycam.github.io/webidl/#es-serializer

        This avoids breaking content that relies on JSON.stringify() to
        serialize ClientRect objects.

        Tests: fast/css/ClientRect-attributes-prototype.html
               fast/css/ClientRect-serialization.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSClientRectCustom.cpp: Added.
        (WebCore::JSClientRect::toJSON):
        * bindings/scripts/CodeGeneratorJS.pm:
        * dom/ClientRect.idl:

2016-07-25  Chris Dumez  <cdumez@apple.com>

        Parameters to DOMImplementation.createDocumentType() should be mandatory and non-nullable
        https://bugs.webkit.org/show_bug.cgi?id=160167

        Reviewed by Ryosuke Niwa.

        Parameters to DOMImplementation.createDocumentType() should be mandatory
        and non-nullable:
        - https://dom.spec.whatwg.org/#domimplementation

        Firefox and Chrome both agree with the specification. However, those
        parameters were nullable and optional in WebKit.

        Test: fast/dom/DOMImplementation/createDocumentType-parameters.html

        * dom/DOMImplementation.idl:

2016-07-25  Wenson Hsieh  <wenson_hsieh@apple.com>

        Media controls should not be displayed for a video until it starts playing
        https://bugs.webkit.org/show_bug.cgi?id=160092
        <rdar://problem/26986673>

        Reviewed by Beth Dakin.

        For videos that have never played back yet, we should not show media controls. To ensure this
        behavior, we ensure that the playback behavior restriction is set upon creating the media
        element. This restriction is then removed when the media element begins to play.

        Added two new WebKit API tests.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):

2016-07-25  Jiewen Tan  <jiewen_tan@apple.com>

        Rename SubtleCrypto to WebKitSubtleCrypto
        https://bugs.webkit.org/show_bug.cgi?id=160067
        <rdar://problem/27483617>

        Reviewed by Brent Fulgham.

        Tests: crypto/webkitSubtle/gc-2.html
               crypto/webkitSubtle/gc-3.html
               crypto/webkitSubtle/gc.html

        Rename Class SubtleCrypto to WebKitSubtleCrypto, and Crypto.subtle to Crypto.webkitSubtle in order
        to let the new implementation to reuse the name SubtleCrypto. This renaming should match what our
        current JSBindings use, and therefore should not introduce any change of behavoir.

        * CMakeLists.txt:
        Revise project files for for new file names.
        * DerivedSources.cpp:
        * DerivedSources.make:
        * PlatformEfl.cmake:
        * PlatformGTK.cmake:
        * PlatformMac.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        Revise project files for for new file names.
        * bindings/js/JSWebKitSubtleCryptoCustom.cpp: Renamed from Source/WebCore/bindings/js/JSSubtleCryptoCustom.cpp.
        * crypto/WebKitSubtleCrypto.cpp: Renamed from Source/WebCore/crypto/SubtleCrypto.cpp.
        * crypto/WebKitSubtleCrypto.h: Renamed from Source/WebCore/crypto/SubtleCrypto.h.
        * crypto/WebKitSubtleCrypto.idl: Renamed from Source/WebCore/crypto/SubtleCrypto.idl.
        * page/Crypto.cpp:
        (WebCore::Crypto::webkitSubtle):
        (WebCore::Crypto::subtle): Deleted.
        * page/Crypto.h:
        * page/Crypto.idl:

2016-07-25  Brady Eidson  <beidson@apple.com>

        Allow LocalStorage by default for file URLs.
        https://bugs.webkit.org/show_bug.cgi?id=160169

        Reviewed by Brent Fulgham.

        Test: storage/domstorage/localstorage/file-can-access.html

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::canAccessStorage): Remove the m_universalAccess check for local URLs.

2016-07-25  Nan Wang  <n_wang@apple.com>

        AX: AccessibilityRenderObject is adding duplicated children when CSS first-letter is being used.
        https://bugs.webkit.org/show_bug.cgi?id=160155

        Reviewed by Chris Fleizach.

        We were adding the same text node twice if CSS first-letter selector was being used. Added a
        check for the inline continuation so that we only add it once. 

        Test: accessibility/mac/css-first-letter-children.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::firstChildConsideringContinuation):

2016-07-25  Wenson Hsieh  <wenson_hsieh@apple.com>

        Media controls on apple.com don't disappear when movie finishes playing
        https://bugs.webkit.org/show_bug.cgi?id=160068
        <rdar://problem/26668526>

        Reviewed by Darin Adler.

        When a video ends, it should cause media controls to hide. While current logic
        mostly accounts for this, it does not account for programmatic seeks causing
        the video to lose its 'ended' status before querying for whether or not to
        show media controls.

        Three new API tests: large-video-seek-after-ending.html
        large-video-hides-controls-after-seek-to-end.html
        large-video-seek-to-beginning-and-play-after-ending.html

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaPlayerTimeChanged):
        (WebCore::HTMLMediaElement::setPlaying):
        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::canControlControlsManager):
        * html/MediaElementSession.h:

2016-07-25  Frederic Wang  <fwang@igalia.com>

        Introduce a MathMLOperatorElement class
        https://bugs.webkit.org/show_bug.cgi?id=160034

        Reviewed by Darin Adler.

        No new tests, rendering is unchaned.

        * CMakeLists.txt: Add MathMLOperatorElement to the build file.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * mathml/MathMLAllInOne.cpp: Ditto.
        * mathml/MathMLOperatorElement.cpp: New DOM class for <mo> element.
        (WebCore::MathMLOperatorElement::MathMLOperatorElement):
        (WebCore::MathMLOperatorElement::create):
        (WebCore::MathMLOperatorElement::parseAttribute): Handle mo attributes.
        (WebCore::MathMLOperatorElement::createElementRenderer): Create RenderMathMLOperator.
        * mathml/MathMLOperatorElement.h: Declare a class deriving from MathMLTextElement.
        * mathml/MathMLTextElement.cpp: Remove all the RenderMathMLOperator parts.
        (WebCore::MathMLTextElement::MathMLTextElement): Remove inline keyword so that the class can
        be overriden.
        (WebCore::MathMLTextElement::parseAttribute): Remove code handled in MathMLOperatorElement.
        (WebCore::MathMLTextElement::createElementRenderer): Ditto.
        * mathml/MathMLTextElement.h: Make class and members overridable.
        * mathml/mathtags.in: Map mo to MathMLOperatorElement.
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::RenderMathMLOperator): Make the constructor take a
        MathMLOperatorElement.
        * rendering/mathml/RenderMathMLOperator.h: Ditto.

2016-07-25  Darin Adler  <darin@apple.com>

        Speed up make process slightly by improving "list of files" idiom
        https://bugs.webkit.org/show_bug.cgi?id=160164

        Reviewed by Mark Lam.

        * DerivedSources.make: Change rules that build lists of files to only run when
        DerivedSources.make has been modified since the last time they were run. Since the
        list of files are inside this file, this is safe, and this is faster than always
        comparing and regenerating the file containing the list of files each time.

2016-07-24  Wenson Hsieh  <wenson_hsieh@apple.com>

        The web process hangs when computing elements-based snap points for a container with large max scroll offset
        https://bugs.webkit.org/show_bug.cgi?id=152605
        <rdar://problem/25353661>

        Reviewed by Simon Fraser.

        Fixes a bug in the computation of axis snap points. The ScrollSnapPoints object, which tracks
        snap points along a particular axis, has two flags, hasRepeat and usesElements. For elements-
        based snapping, both flags would be turned on, since StyleBuilderConverter::convertScrollSnapPoints
        short-circuits for elements-based snapping and does not default usesRepeat to false. To address this,
        we make ScrollSnapPoints not repeat(100%) by default.

        Test: css3/scroll-snap/scroll-snap-elements-container-larger-than-children.html

        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertScrollSnapPoints): Deleted.
        * rendering/style/StyleScrollSnapPoints.cpp:
        (WebCore::ScrollSnapPoints::ScrollSnapPoints):

2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r200931): Invalid cast in highestAncestorToWrapMarkup()
        https://bugs.webkit.org/show_bug.cgi?id=160163

        Reviewed by Michael Catanzaro.

        Since r200931 the result of enclosingNodeOfType() in highestAncestorToWrapMarkup() is downcasted to Element, but
        the result of enclosingNodeOfType() can be a Node that is not an Element, in this case is Text. The cast is not
        needed at all since that node is passed to editingIgnoresContent() and selectionFromContentsOfNode() and both
        receive a Node not an Element.

        * editing/markup.cpp:
        (WebCore::highestAncestorToWrapMarkup): Remove invalid cast.

2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Coordinated Graphics] ASSERTION FAILED: m_coordinator->isFlushingLayerChanges() in fast/repaint/animation-after-layer-scroll.html
        https://bugs.webkit.org/show_bug.cgi?id=160156

        Reviewed by Michael Catanzaro.

        So, we fixed an assertion in r203663, but now is hitting the next one. As explained in bug #160142, flush
        compositing state can be triggered in tests by RenderLayerCompositor::layerTreeAsText(), without the coordinator
        even noticing it, so the assert can be just removed.

        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
        (WebCore::CoordinatedGraphicsLayer::flushCompositingStateForThisLayerOnly): Remove incorrect assert.

2016-07-25  Zalan Bujtas  <zalan@apple.com>

        EllipsisBox ctor's isVertical parameter should read isHorizontal.
        https://bugs.webkit.org/show_bug.cgi?id=160153

        Reviewed by Andreas Kling.

        It indicates whether the ellipsis box is horizontal. (both the callsites
        and the parent class use isHorizontal)

        No change in functionality.

        * rendering/EllipsisBox.cpp:
        (WebCore::EllipsisBox::EllipsisBox):
        * rendering/EllipsisBox.h:

2016-07-25  Sergio Villar Senin  <svillar@igalia.com>

        [css-grid] Implement repeat(auto-fit)
        https://bugs.webkit.org/show_bug.cgi?id=159771

        Reviewed by Darin Adler.

        The auto-fit keyword works exactly as the already implemented auto-fill except that all
        empty tracks collapse (became 0px). Absolutely positioned items do not participate on the
        layout of the grid so they are not considered (a grid with only absolutely positioned items
        is considered an empty grid).

        Whenever a track collapses the gutters on either side do also collapse. When a collapsed
        track's gutters collapse, they coincide exactly. If one side of a collapsed track does not
        have a gutter then collapsing its gutters results in no gutter on either "side" of the
        collapsed track.

        In practice this means that is not possible to know the gap between 2 consecutive auto
        repeat tracks without examining some others whenever there are collapsed tracks.

        Uncommented the auto-fit cases from Mozilla tests. They have to be adapted as the reftest
        machinery requires all the content to be rendered in the original 800x600 viewport.

        Tests: fast/css-grid-layout/grid-auto-fit-columns.html
        fast/css-grid-layout/grid-auto-fit-rows.html
        fast/css-grid-layout/mozilla/grid-repeat-auto-fill-fit-005-part-1.html
        fast/css-grid-layout/mozilla/grid-repeat-auto-fill-fit-005-part-2.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::valueForGridTrackList): Use the newly added trackSizesForComputedStyle().
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::computeTrackBasedLogicalHeight):
        (WebCore::RenderGrid::computeTrackSizesForDirection):
        (WebCore::RenderGrid::isEmptyAutoRepeatTrack):
        (WebCore::RenderGrid::gridGapForDirection): Returns the gap directly from the style.
        (WebCore::RenderGrid::guttersSize): Computes the gap between a startLine and an
        endLine. This method may need to inspect some other surrounding tracks to compute the gap.
        (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
        (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
        (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
        (WebCore::RenderGrid::gridTrackSize):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
        (WebCore::RenderGrid::computeAutoRepeatTracksCount):
        (WebCore::RenderGrid::computeEmptyTracksForAutoRepeat): Returns a Vector with the auto
        repeat tracks that are going to be collapsed because they're empty.
        (WebCore::RenderGrid::placeItemsOnGrid):
        (WebCore::RenderGrid::trackSizesForComputedStyle): Used by ComputedStyle logic to print the
        size of tracks. Added in order to hide the actual contents of m_columnPositions and
        m_rowPositions to the outter world.
        (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
        (WebCore::RenderGrid::gridAreaBreadthForChild):
        (WebCore::RenderGrid::populateGridPositionsForDirection): Added some extra code to compute
        gaps as they cannot be directly added between tracks in case of having collapsed tracks.
        (WebCore::RenderGrid::columnAxisOffsetForChild):
        (WebCore::RenderGrid::rowAxisOffsetForChild):
        (WebCore::RenderGrid::offsetBetweenTracks): Deleted.
        * rendering/RenderGrid.h: Made some API private. Added new required methods/attributes.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::valueForGridTrackList):
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::computeTrackBasedLogicalHeight):
        (WebCore::RenderGrid::computeTrackSizesForDirection):
        (WebCore::RenderGrid::hasAutoRepeatEmptyTracks):
        (WebCore::RenderGrid::isEmptyAutoRepeatTrack):
        (WebCore::RenderGrid::gridGapForDirection):
        (WebCore::RenderGrid::guttersSize):
        (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
        (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
        (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
        (WebCore::RenderGrid::gridTrackSize):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
        (WebCore::RenderGrid::computeAutoRepeatTracksCount):
        (WebCore::RenderGrid::computeEmptyTracksForAutoRepeat):
        (WebCore::RenderGrid::placeItemsOnGrid):
        (WebCore::RenderGrid::trackSizesForComputedStyle):
        (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
        (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):
        (WebCore::RenderGrid::gridAreaBreadthForChild):
        (WebCore::RenderGrid::populateGridPositionsForDirection):
        (WebCore::RenderGrid::columnAxisOffsetForChild):
        (WebCore::RenderGrid::rowAxisOffsetForChild):
        (WebCore::RenderGrid::offsetBetweenTracks): Deleted.
        * rendering/RenderGrid.h:

2016-07-24  Frederic Wang  <fwang@igalia.com>

        Move parsing of display, displaystyle and mathvariant attributes into MathML element classes
        https://bugs.webkit.org/show_bug.cgi?id=159623

        Reviewed by Brent Fulgham.

        No new tests, already covered by existing tests.

        * mathml/MathMLElement.cpp:
        (WebCore::MathMLElement::parseMathVariantAttribute): Move helper function to parse the
        mathvariant attribute.
        (WebCore::MathMLElement::getSpecifiedDisplayStyle): Helper function to set the displaystyle
        value from the attribute specified on the MathML element.
        (WebCore::MathMLElement::getSpecifiedMathVariant): Helper function to set the mathvariant
        value from the attribute specified on the MathML element.
        * mathml/MathMLElement.h: Move the enum for mathvariant values and declare new members.
        (WebCore::MathMLElement::acceptsDisplayStyleAttribute): Indicate whether the element accepts
        displaystyle attribute (false for most of them).
        (WebCore::MathMLElement::acceptsMathVariantAttribute): Indicate whether the element accepts
        mathvariant attribute (false for most of them).
        * mathml/MathMLInlineContainerElement.cpp:
        (WebCore::MathMLInlineContainerElement::acceptsDisplayStyleAttribute): Add mstyle and mtable
        to the list of elements accepting the displaystyle attribute.
        (WebCore::MathMLInlineContainerElement::acceptsMathVariantAttribute): Add mstyle to the list
        of elements accepting the mathvariant attribute.
        (WebCore::MathMLInlineContainerElement::parseAttribute): Mark displaystyle and mathvariant
        dirty if necessary. Also use the new accepts*Attribute function.
        * mathml/MathMLInlineContainerElement.h: Declare overridden accepts*Attribute members.
        * mathml/MathMLMathElement.cpp:
        (WebCore::MathMLMathElement::getSpecifiedDisplayStyle): Override acceptsDisplayStyleAttribute
        so that the display attribute is also used to set the default value if the displaystyle
        attribute is absent.
        (WebCore::MathMLMathElement::parseAttribute): Mark displaystyle and mathvariant dirty if
        necessary. We directly MathMLElement::parseAttribute to avoid duplicate work.
        * mathml/MathMLMathElement.h: Add the math tag to the list of elements accepting the
        displaystyle and mathvariant attributes. Declare overridden getSpecifiedDisplayStyle.
        * mathml/MathMLTextElement.cpp:
        (WebCore::MathMLTextElement::parseAttribute): Mark mathvariant as dirty.
        * mathml/MathMLTextElement.h: Add token elements to the list of elements accepting the
        mathvariant attribute.
        * rendering/mathml/MathMLStyle.cpp:
        (WebCore::MathMLStyle::updateStyleIfNeeded): Use the new MathMLElement::MathVariant enum.
        (WebCore::MathMLStyle::resolveMathMLStyle):  We no longer parse the display value to
        initialize the default value on the math tag, because this is handled in
        getSpecifiedDisplayStyle. In general, we also just call getSpecifiedDisplayStyle and
        getSpecifiedMathVariant on the MathML elements instead of parsing the displaystyle and
        mathvariant attributes here.
        (WebCore::MathMLStyle::parseMathVariant): Deleted. This is moved into MathMLElement.
        * rendering/mathml/MathMLStyle.h: Use the new MathMLElement::MathVariant enum.
        * rendering/mathml/RenderMathMLToken.cpp: Ditto.
        (WebCore::mathVariant): Ditto.
        (WebCore::RenderMathMLToken::updateMathVariantGlyph): Ditto.

2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Remove unneeded header includes from CoordinatedGraphicsLayer.

        Not only thjey are not needed, they are a layer violation, CoordinatedGraphicsLayer shouldn't know anything
        about Page, Frame and FrameView.

        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:

2016-07-24  Youenn Fablet  <youenn@apple.com>

        [Fetch API] Request should be created with any HeadersInit data
        https://bugs.webkit.org/show_bug.cgi?id=159672

        Reviewed by Sam Weinig.

        Made Request use JSBuiltinConstructor.
        This allows initializing newly created Request with a JS built-in function, initializeFetchRequest.
        initializeFetchRequest can call @fillFetchHeaders internal built-in to handle any HeadersInit data.
        Future effort should be made to migrate more initialization code in initializeFetchRequest.

        Made window and worker fetch function as a JS built-in.
        This becomes more handy as these new functions can construct the Request object.
        They can then call a single private function that takes a Request object as input.
        Updated DOMWindowFetch and WorkerGlobalScopeFetch code accordingly.

        To enable this, the binding generator is updated to support runtime-enabled JS built-in functions and
        private functions atttached to global objects.

        Covered by existing and modified tests.
        Binding generator test covered by updated binding tests.

        * CMakeLists.txt: Adding DOMWindowFetch.js, FetchRequest.js and WorkerGlobalScopeFetch.js built-in files.
        * DerivedSources.make: Ditto.
        * Modules/fetch/DOMWindowFetch.cpp: Removed overloaded fetch and updated according new signature.
        (WebCore::DOMWindowFetch::fetch):
        * Modules/fetch/DOMWindowFetch.h: Ditto.
        * Modules/fetch/DOMWindowFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
        * Modules/fetch/DOMWindowFetch.js: Added.
        (fetch):
        * Modules/fetch/FetchHeaders.h:
        (WebCore::FetchHeaders::setGuard): Used by FetchRequest when initializing headers.
        * Modules/fetch/FetchRequest.cpp: 
        (WebCore::buildHeaders): Removed as implemented in JS.
        (WebCore::FetchRequest::initializeOptions): Added to handle most of the dictionary initialization.
        (WebCore::FetchRequest::initializeWith): Method called from built-in constructor function.
        (WebCore::FetchRequest::setBody): Corresponding to @setBody private method.
        (WebCore::buildBody): Deleted.
        * Modules/fetch/FetchRequest.h:
        * Modules/fetch/FetchRequest.idl:
        * Modules/fetch/FetchRequest.js: Added.
        (initializeFetchRequest): Implements fetch Request(input, init) constructor.
        * Modules/fetch/FetchResponse.cpp:
        (WebCore::FetchResponse::fetch): Removed the construction of FetchRequest in fetch method since it is done by JS built-in code.
        * Modules/fetch/FetchResponse.h:
        * Modules/fetch/WorkerGlobalScopeFetch.cpp: Removed overloaded fetch and updated according new signature.
        (WebCore::WorkerGlobalScopeFetch::fetch):
        * Modules/fetch/WorkerGlobalScopeFetch.h: Ditto.
        * Modules/fetch/WorkerGlobalScopeFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
        * Modules/fetch/WorkerGlobalScopeFetch.js: Added.
        (fetch):
        * bindings/js/WebCoreBuiltinNames.h: Adding fetchRequest, setBody and Request private identifiers.
        * bindings/scripts/CodeGenerator.pm:
        (WK_lcfirst): Replacing dOM by dom.
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation): Adding support for runtime-enabled built-in methods and private methods.
        * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
        (WebCore::JSTestGlobalObject::finishCreation):
        (WebCore::jsTestGlobalObjectInstanceFunctionTestPrivateFunction):
        * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm:
        (-[DOMTestGlobalObject testJSBuiltinFunction]):
        * bindings/scripts/test/TestGlobalObject.idl: Adding tests for runtime-enabled global built-in methods and private methods.

2016-07-24  Nan Wang  <n_wang@apple.com>

        AX: Video Controls: Volume cannot be adjusted using VO.
        https://bugs.webkit.org/show_bug.cgi?id=160107

        Reviewed by Dean Jackson.

        The volume slider in video tag had 0.01 step which caused the screen reader adjusting it slowly.
        Changed the step to 0.05 and added the aria-valuetext attribute to the slider, so that the value
        is spoken in percentage. 

        Test: accessibility/mac/video-volume-slider-accessibility.html

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.createControls):
        (Controller.prototype.handleVolumeSliderInput):
        (Controller.prototype.updateVolume):

2016-07-24  David Kilzer  <ddkilzer@apple.com>

        REGRESSION (r203106): Crash in WebCore::MathMLElement::parseMathMLLength()
        <https://webkit.org/b/160111>
        <rdar://problem/27506489>

        Reviewed by Chris Dumez.

        Test: mathml/mpadded-crash.html

        * mathml/MathMLElement.cpp:
        (WebCore::skipLeadingAndTrailingWhitespace): Change to take
        StringView parameter instead of String to avoid creating a
        temporary String that's released on return.

2016-07-24  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Coordinated Graphics] ASSERTION FAILED: !m_flushingLayers in fast/repaint/animation-after-layer-scroll.html
        https://bugs.webkit.org/show_bug.cgi?id=160142

        Reviewed by Michael Catanzaro.

        This only happens in layout tests, because it happens when RenderLayerCompositor::layerTreeAsText() is
        called. The thing is that CoordinatedGraphicsLayer::flushCompositingState() calls notifyFlushRequired() that
        checks if the coordinator is flusing layers and if not it calls RenderLayerCompositor::notifyFlushRequired() and
        returns early. This normally works because the coodinator is the one starting the layer flush, so that when
        RenderLayerCompositor::flushPendingLayerChanges() is called the coordinator is always flusing layers. But
        RenderLayerCompositor::layerTreeAsText() calls RenderLayerCompositor::flushPendingLayerChanges() directly, so at
        that moment the coordinator is not flusing layers, what causes that
        CoordinatedGraphicsLayer::flushCompositingState() ends up calling RenderLayerCompositor::notifyFlushRequired()
        that schedules a new flush while flusing layers causing the
        assertion. CoordinatedGraphicsLayer::flushCompositingState() is always called from
        CompositingCoordinator::flushPendingLayerChanges() or RenderLayerCompositor::flushPendingLayerChanges() so we
        never need to call RenderLayerCompositor::notifyFlushRequired() from there.

        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
        (WebCore::CoordinatedGraphicsLayer::notifyFlushRequired): This is void now since the return value is not checked anywhere.
        (WebCore::CoordinatedGraphicsLayer::flushCompositingState): Remove the call to notifyFlushRequired().
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:

2016-07-24  Darin Adler  <darin@apple.com>

        Adding a new WebCore JavaScript built-in source file does not trigger rebuild of WebCoreJSBuiltins*
        https://bugs.webkit.org/show_bug.cgi?id=160115

        Reviewed by Youenn Fablet.

        * DerivedSources.make: Added a missing dependency so the rule that builds WebCore_BUILTINS_WRAPPERS
        kicks in when the list of WebCore_BUILTINS_SOURCES is modified. Also added another missing dependency
        so that changes to the JavaScript built-ins Python scripts will also trigger WebCore_BUILTINS_WRAPPERS.

        * make-generated-sources.sh: Removed. Was unused.

2016-07-23  Zalan Bujtas  <zalan@apple.com>

        Stop isEmpty() from leaking out of SVG.
        https://bugs.webkit.org/show_bug.cgi?id=160121

        Reviewed by Simon Fraser.

        It's unclear what isEmpty() actually means and it doesn't bring any value to Render* classes.

        No change in functionality.

        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::addBlockPlaceholderIfNeeded):
        * rendering/RenderElement.h:
        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::isEmpty): Deleted.
        * rendering/RenderListItem.h:
        * rendering/RenderObject.h:
        (WebCore::RenderObject::isEmpty): Deleted.
        * rendering/RenderRubyRun.cpp:
        (WebCore::RenderRubyRun::removeChild):
        (WebCore::RenderRubyRun::isEmpty): Deleted.
        * rendering/RenderRubyRun.h:
        * rendering/mathml/RenderMathMLFenced.cpp:
        (WebCore::RenderMathMLFenced::updateFromElement):
        (WebCore::RenderMathMLFenced::addChild):
        * rendering/mathml/RenderMathMLRoot.cpp:
        (WebCore::RenderMathMLRoot::paint):
        * rendering/svg/RenderSVGShape.h:

2016-07-23  Zalan Bujtas  <zalan@apple.com>

        table*BorderAdjoiningCell and borderAdjoiningCell* should take reference instead of RenderTableCell*.
        https://bugs.webkit.org/show_bug.cgi?id=160123

        Reviewed by Simon Fraser.

        No change in functionality.

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::tableStartBorderAdjoiningCell):
        (WebCore::RenderTable::tableEndBorderAdjoiningCell):
        * rendering/RenderTable.h:
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::computeCollapsedStartBorder):
        (WebCore::RenderTableCell::computeCollapsedEndBorder):
        * rendering/RenderTableCell.h:
        (WebCore::RenderTableCell::borderAdjoiningCellBefore):
        (WebCore::RenderTableCell::borderAdjoiningCellAfter):
        * rendering/RenderTableCol.cpp:
        (WebCore::RenderTableCol::borderAdjoiningCellStartBorder):
        (WebCore::RenderTableCol::borderAdjoiningCellEndBorder):
        (WebCore::RenderTableCol::borderAdjoiningCellBefore):
        (WebCore::RenderTableCol::borderAdjoiningCellAfter):
        * rendering/RenderTableCol.h:
        * rendering/RenderTableRow.cpp:
        (WebCore::RenderTableRow::borderAdjoiningStartCell):
        (WebCore::RenderTableRow::borderAdjoiningEndCell):
        * rendering/RenderTableRow.h:
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::borderAdjoiningStartCell):
        (WebCore::RenderTableSection::borderAdjoiningEndCell):
        * rendering/RenderTableSection.h:

2016-07-23  Zalan Bujtas  <zalan@apple.com>

        Remove unused enum and stale comment from RenderObject.
        https://bugs.webkit.org/show_bug.cgi?id=160122

        Reviewed by Simon Fraser.

        No change in functionality.

        * rendering/RenderBox.h:

2016-07-23  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Coordinated Graphics] Lots of flaky tests
        https://bugs.webkit.org/show_bug.cgi?id=160118

        Reviewed by Michael Catanzaro.

        Since the GTK+ ported to threaded compositor (coordinated graphics) there are a lot of flaky tests in the
        bots. In manu of the cases the diff shows a different size in the FrameView layer.

        This happens for tests run in the same WTR after fast/fixed-layout/fixed-layout.html. This is what happens:

         1.- Test fast/fixed-layout/fixed-layout.html runs and sets fixed layout to true and fixed layout size to 400x400
         2.- When it finishes TestController::resetStateToConsistentValues() is called.
         3.- Blank URL is loaded after state has been updated
         4.- Then Reset message is handled in the web process and Internals::resetToConsistentState() resets the fixed
             layout state and size.
         5.- onresize happens and the handler set in fast/fixed-layout/fixed-layout.html is invoked setting the fixed
             layout to true and size to 400x400 again.
         6.- about_blank is then loaded with the fixed layout enabled, as well as other tests after this one.

        In addition to this, coordinated graphics uses a fixedVisibleContentRect in ScrollView that is never reset.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::unscaledVisibleContentSizeIncludingObscuredArea): Only use m_fixedVisibleContentRect when
        fixed layout is enabled.
        (WebCore::ScrollView::unscaledUnobscuredVisibleContentSize): Ditto.
        (WebCore::ScrollView::visibleContentRectInternal): Ditto.
        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState): Reset also the m_fixedVisibleContentRect.

2016-07-23  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Coordinated Graphics] Test imported/blink/svg/custom/svg-image-layers-crash.html crashes
        https://bugs.webkit.org/show_bug.cgi?id=160078

        Reviewed by Michael Catanzaro.

        This is a merge of Blink r155373.
        https://chromiumcodereview.appspot.com/20789004

        Disable accelerated compositing for SVGImage content layers. SVGImageChromeClient does not support it.

        Fixes imported/blink/svg/custom/svg-image-layers-crash.html.

        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::dataChanged):

2016-07-23  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r203641.
        https://bugs.webkit.org/show_bug.cgi?id=160116

        It broke make-based builds (Requested by youenn on #webkit).

        Reverted changeset:

        "[Fetch API] Request should be created with any HeadersInit
        data"
        https://bugs.webkit.org/show_bug.cgi?id=159672
        http://trac.webkit.org/changeset/203641

2016-07-23  Youenn Fablet  <youenn@apple.com>

        [Fetch API] Request should be created with any HeadersInit data
        https://bugs.webkit.org/show_bug.cgi?id=159672

        Reviewed by Sam Weinig.

        Made Request use JSBuiltinConstructor.
        This allows initializing newly created Request with a JS built-in function, initializeFetchRequest.
        initializeFetchRequest can call @fillFetchHeaders internal built-in to handle any HeadersInit data.
        Future effort should be made to migrate more initialization code in initializeFetchRequest.

        Made window and worker fetch function as a JS built-in.
        This becomes more handy as these new functions can construct the Request object.
        They can then call a single private function that takes a Request object as input.
        Updated DOMWindowFetch and WorkerGlobalScopeFetch code accordingly.

        To enable this, the binding generator is updated to support runtime-enabled JS built-in functions and
        private functions atttached to global objects.

        Covered by existing and modified tests.
        Binding generator test covered by updated binding tests.

        * CMakeLists.txt: Adding DOMWindowFetch.js, FetchRequest.js and WorkerGlobalScopeFetch.js built-in files.
        * DerivedSources.make: Ditto.
        * Modules/fetch/DOMWindowFetch.cpp: Removed overloaded fetch and updated according new signature.
        (WebCore::DOMWindowFetch::fetch):
        * Modules/fetch/DOMWindowFetch.h: Ditto.
        * Modules/fetch/DOMWindowFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
        * Modules/fetch/DOMWindowFetch.js: Added.
        (fetch):
        * Modules/fetch/FetchHeaders.h:
        (WebCore::FetchHeaders::setGuard): Used by FetchRequest when initializing headers.
        * Modules/fetch/FetchRequest.cpp: 
        (WebCore::buildHeaders): Removed as implemented in JS.
        (WebCore::FetchRequest::initializeOptions): Added to handle most of the dictionary initialization.
        (WebCore::FetchRequest::initializeWith): Method called from built-in constructor function.
        (WebCore::FetchRequest::setBody): Corresponding to @setBody private method.
        (WebCore::buildBody): Deleted.
        * Modules/fetch/FetchRequest.h:
        * Modules/fetch/FetchRequest.idl:
        * Modules/fetch/FetchRequest.js: Added.
        (initializeFetchRequest): Implements fetch Request(input, init) constructor.
        * Modules/fetch/FetchResponse.cpp:
        (WebCore::FetchResponse::fetch): Removed the construction of FetchRequest in fetch method since it is done by JS built-in code.
        * Modules/fetch/FetchResponse.h:
        * Modules/fetch/WorkerGlobalScopeFetch.cpp: Removed overloaded fetch and updated according new signature.
        (WebCore::WorkerGlobalScopeFetch::fetch):
        * Modules/fetch/WorkerGlobalScopeFetch.h: Ditto.
        * Modules/fetch/WorkerGlobalScopeFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
        * Modules/fetch/WorkerGlobalScopeFetch.js: Added.
        (fetch):
        * bindings/js/WebCoreBuiltinNames.h: Adding fetchRequest, setBody and Request private identifiers.
        * bindings/scripts/CodeGenerator.pm:
        (WK_lcfirst): Replacing dOM by dom.
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation): Adding support for runtime-enabled built-in methods and private methods.
        * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
        (WebCore::JSTestGlobalObject::finishCreation):
        (WebCore::jsTestGlobalObjectInstanceFunctionTestPrivateFunction):
        * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm:
        (-[DOMTestGlobalObject testJSBuiltinFunction]):
        * bindings/scripts/test/TestGlobalObject.idl: Adding tests for runtime-enabled global built-in methods and private methods.

2016-07-23  Frederic Wang  <fwang@igalia.com>

        Reset font-style on the <math> element
        https://bugs.webkit.org/show_bug.cgi?id=160074

        Reviewed by Darin Adler.

        Mathematical formulas with italic font-style render poorly (slanted operators, mathvariant
        italic etc). We align on Gecko and make the user agent stylesheet reset the font-style to
        'normal' by default. This addresses the concrete use case of formula inside theorem or
        proposition statements, which are often written in italic.

        Test: mathml/presentation/math-font-style.html

        * css/mathml.css:
        (math): Reset the font-style to normal.

2016-07-23  Frederic Wang  <fwang@igalia.com>

        [MathML] PaintInfo state is not properly restored after applyTransform.
        https://bugs.webkit.org/show_bug.cgi?id=160077

        Reviewed by Simon Fraser.

        PaintInfo::applyTransform modifies PaintInfo::rect and the original state is not properly
        restored by GraphicsContextStateSaver. To avoid some weird rendering bugs in MathOperator
        and RenderMathMLMenclose, we follow what is done in SVG renderers and make a copy of the
        original PaintInfo before applying the transform.

        Test: mathml/presentation/bug160077.html

        * rendering/mathml/MathOperator.cpp:
        (WebCore::MathOperator::paint):
        * rendering/mathml/RenderMathMLMenclose.cpp:
        (WebCore::RenderMathMLMenclose::paint):

2016-07-23  Youenn Fablet  <youenn@apple.com>

        [Fetch API] Fetch response stream should enqueue Uint8Array
        https://bugs.webkit.org/show_bug.cgi?id=160083

        Reviewed by Sam Weinig.

        Covered by updated tests.

        Before enqueuing, ReadableStreamController::enqueue will convert ArrayBuffer as Uint8Array.
        It also returns a boolean whether the operation is successful or not.

        If returned value is false, calling code will stop loading or if everything is loaded it will refrain from closing the stream.
        The enqueuing should be succesful except in OutOfMemory cases. This case is not yet handled in test cases.

        Updated the code to remove templated enqueuing as Fetch has no use of it.

        * Modules/fetch/FetchBody.cpp:
        (WebCore::FetchBody::consumeAsStream): Do not close the stream if enqueuing failed.
        * Modules/fetch/FetchBodyOwner.cpp:
        (WebCore::FetchBodyOwner::blobChunk): Stop blob loading if enqueuing failed.
        * Modules/fetch/FetchResponse.cpp:
        (WebCore::FetchResponse::BodyLoader::didReceiveData): Stop resource loading if enqueuing failed.
        (WebCore::FetchResponse::consumeBodyAsStream): Ditto.
        * Modules/fetch/FetchResponseSource.h:
        * bindings/js/ReadableStreamController.h:
        (WebCore::ReadableStreamController::enqueue):
        (WebCore::ReadableStreamController::enqueue<RefPtr<JSC::ArrayBuffer>>): Deleted.

2016-07-22  Youenn Fablet  <youenn@apple.com>

        Use a private property to implement FetchResponse.body getter
        https://bugs.webkit.org/show_bug.cgi?id=159808

        Reviewed by Sam Weinig.

        Covered by existing test sets.

        Previously, body was handled as a CachedAttribute.
        Using a private property will allow direct use of this property from JS built-ins which will allow easier
        handling of ReadableStream cloning in Response.clone.
        Also, this allows removing some binding custom code.

        Updated redirect and error static methods to take NewObject keyword, as this removes a search into cached wrappers.
        Ditto for createReadableStreamSource.

        * CMakeLists.txt: Removing JSFetchResponseCustom.cpp.
        * Modules/fetch/FetchResponse.idl: Adding createReadableStreamSource and isDisturbed private functions.
        Making body getter a JSBuiltin.
        * Modules/fetch/FetchResponse.js:
        (body): Adding getter which will call createReadableStreamSource if needed.
        * WebCore.xcodeproj/project.pbxproj: Removing JSFetchResponseCustom.cpp.
        * bindings/js/JSFetchResponseCustom.cpp: Removed.
        * bindings/js/ReadableStreamController.cpp:
        (WebCore::createReadableStream): Deleted.
        (WebCore::getReadableStreamReader): Deleted.
        * bindings/js/ReadableStreamController.h: Removing unneeded ReadableStream helper routine now that they can be
        handled within JS built-in code.
        * bindings/js/WebCoreBuiltinNames.h: Adding @createReadableStreamSource, @isDisturbed  and @Response identifiers.

2016-07-22  Zalan Bujtas  <zalan@apple.com>

        Handle cases when IOSurface initialization fails.
        https://bugs.webkit.org/show_bug.cgi?id=160006
        <rdar://problem/27495102>

        Reviewed by Tim Horton and Simon Fraser.

        This is an additional fix to r203514 to check if IOSurface initialization was successful.

        Unable to test.

        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::ImageBuffer):
        * platform/graphics/cocoa/IOSurface.h: Merge 2 c'tors.
        * platform/graphics/cocoa/IOSurface.mm: Remove redundant IOSurface::create() code.  
        (WebCore::IOSurface::create):
        (WebCore::IOSurface::createFromImage):
        (WebCore::IOSurface::IOSurface):
        (WebCore::IOSurface::convertToFormat):

2016-07-22  Wenson Hsieh  <wenson_hsieh@apple.com>

        Media controls should be displayed for media in media documents
        https://bugs.webkit.org/show_bug.cgi?id=160104
        <rdar://problem/27438936>

        Reviewed by Myles C. Maxfield.

        Make videos that would otherwise not have been large enough or have the right
        aspect ratio cause media controls to appear. This is because media elements in
        a media document are implied to be main content.

        Added a new API test.

        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::canControlControlsManager):

2016-07-22  Myles C. Maxfield  <mmaxfield@apple.com>

        All dancers with bunny ears are female
        https://bugs.webkit.org/show_bug.cgi?id=160102
        <rdar://problem/27453479>

        Reviewed by Simon Fraser.

        In r203330 I added support for new emoji group candidates. I accidentally
        missed one of the new emoji code points.

        Tests: editing/deleting/delete-emoji.html:
               fast/text/emoji-gender-2-9.html:
               fast/text/emoji-gender-9.html:
               fast/text/emoji-gender-fe0f-9.html:

        * platform/text/CharacterProperties.h:
        (WebCore::isEmojiGroupCandidate):

2016-07-22  Chris Dumez  <cdumez@apple.com>

        Parameter to HTMLCollection.item() / namedItem() should be mandatory
        https://bugs.webkit.org/show_bug.cgi?id=160099

        Reviewed by Sam Weinig.

        Parameter to HTMLCollection.item() / namedItem() should be mandatory:
        - https://dom.spec.whatwg.org/#interface-htmlcollection
        - https://html.spec.whatwg.org/multipage/infrastructure.html#htmlformcontrolscollection
        - https://html.spec.whatwg.org/multipage/infrastructure.html#the-htmloptionscollection-interface

        Firefox and Chrome agree with the specification.

        No new tests, rebaselined existing tests.

        * bindings/js/JSHTMLFormControlsCollectionCustom.cpp:
        (WebCore::JSHTMLFormControlsCollection::namedItem):
        * html/HTMLCollection.idl:
        * html/HTMLFormControlsCollection.idl:
        * html/HTMLOptionsCollection.idl:

2016-07-22  Chris Dumez  <cdumez@apple.com>

        First parameter to Window.getComputedStyle() should be mandatory and non-nullable
        https://bugs.webkit.org/show_bug.cgi?id=160097

        Reviewed by Ryosuke Niwa.

        First parameter to Window.getComputedStyle() should be mandatory and
        non-nullable:
        - https://drafts.csswg.org/cssom/#extensions-to-the-window-interface

        Firefox and Chrome agree with the specification.

        Test: fast/dom/Window/getComputedStyle-missing-parameter.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::ComputedStyleExtractor):
        (WebCore::CSSComputedStyleDeclaration::CSSComputedStyleDeclaration):
        (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
        (WebCore::CSSComputedStyleDeclaration::copyProperties):
        (WebCore::CSSComputedStyleDeclaration::length):
        (WebCore::CSSComputedStyleDeclaration::item):
        (WebCore::CSSComputedStyleDeclaration::getPropertyValue):
        * css/CSSComputedStyleDeclaration.h:
        * dom/Document.idl:
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::getComputedStyleForNode):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::getComputedStyle):
        * page/DOMWindow.h:
        * page/DOMWindow.idl:
        * testing/Internals.cpp:
        (WebCore::Internals::computedStyleIncludingVisitedInfo):
        * testing/Internals.h:
        * testing/Internals.idl:

2016-07-22  Brady Eidson  <beidson@apple.com>

        Removing IndexedDatabases that have stored blobs doesn't remove the blob files.
        https://bugs.webkit.org/show_bug.cgi?id=160089

        Reviewed by Darin Adler.

        Tested by API test IndexedDB.StoreBlobThenDelete.

        Blob filenames exist in the IDB directory with the name "[0-9]+.blob".
        
        That is, one or more digits, followed by ".blob".
        
        So when we delete an IndexedDB.sqlite3 and related files, we should delete those blob files as well.
        
        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::removeAllDatabasesForOriginPath):

2016-07-22  Chris Dumez  <cdumez@apple.com>

        Fix default parameter values for window.alert() / prompt() / confirm()
        https://bugs.webkit.org/show_bug.cgi?id=160085

        Reviewed by Ryosuke Niwa.

        Fix default parameter values for window.alert() / prompt() / confirm() to
        match the specification:
        - https://html.spec.whatwg.org/multipage/browsers.html#the-window-object

        They should default to the empty string, not the string "undefined".

        Firefox and chrome agree with the specification.

        No new tests, updated existing test.

        * page/DOMWindow.h:
        * page/DOMWindow.idl:

2016-07-22  Daniel Bates  <dabates@apple.com>

        CSP: object-src and plugin-types directives are not respected for plugin replacements
        https://bugs.webkit.org/show_bug.cgi?id=159761
        <rdar://problem/27365724>

        Reviewed by Brent Fulgham.

        Apply the Content Security Policy (CSP) object-src and plugin-types directives to content that will
        load with a plugin replacement.

        Tests: security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html
               security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html
               security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html
               security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html
               security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html
               security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html
               security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html
               security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html

        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::allowedToLoadPluginContent): Added.
        (WebCore::HTMLPlugInImageElement::requestObject): Only request loading plugin content if we
        are allowed to load such content.
        * html/HTMLPlugInImageElement.h:
        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::pluginIsLoadable): Removed code to check CSP as we will check CSP
        earlier in HTMLPlugInImageElement::requestObject().
        (WebCore::SubframeLoader::requestPlugin): Ditto.
        (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Deleted; moved implementation
        to HTMLPlugInImageElement::allowedToLoadPluginContent().
        (WebCore::SubframeLoader::requestObject): Deleted.
        * loader/SubframeLoader.h:
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::upgradeInsecureRequestIfNeeded): Changed signature from a non-const
        function to a const function since these functions do not modify |this|.
        * page/csp/ContentSecurityPolicy.h: 

2016-07-22  Chris Dumez  <cdumez@apple.com>

        Parameters to Node.replaceChild() / insertBefore() should be mandatory
        https://bugs.webkit.org/show_bug.cgi?id=160091

        Reviewed by Darin Adler.

        Parameters to Node.replaceChild() / insertBefore() should be mandatory:
        - https://dom.spec.whatwg.org/#node

        The compatibility risk should be low since Firefox and Chrome both agree
        with the specification and because it does not make much sense to omit
        parameters when using this API.

        No new tests, rebaselined existing tests.

        * bindings/js/JSNodeCustom.cpp:
        (WebCore::JSNode::insertBefore):
        (WebCore::JSNode::replaceChild):

2016-07-22  Chris Dumez  <cdumez@apple.com>

        Parameter to Node.contains() should be mandatory
        https://bugs.webkit.org/show_bug.cgi?id=160084

        Reviewed by Darin Adler.

        Parameter to Node.contains() should be mandatory as per the
        specification:
        - https://dom.spec.whatwg.org/#node

        The compatibility risk should be low because both Firefox and Chrome
        both agree with the specification. Also, it does not make much sense
        to call this API without parameter.

        No new tests, rebaselined existing tests.

        * dom/Node.idl:

2016-07-22  Said Abou-Hallawa  <sabouhallawa@apple.com>

        [iOS] REGRESSION(203378): PDFDocumentImage::updateCachedImageIfNeeded() uses the unscaled size when deciding whether to cache the PDF image
        https://bugs.webkit.org/show_bug.cgi?id=159933

        Reviewed by Simon Fraser.

        We need to use the scaled size when deciding whether to cache the PDF image
        or not. This is because ImageBuffer takes the display resolution into account
        which gives higher resolution for the image when zooming.

        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):

2016-07-22  Chris Dumez  <cdumez@apple.com>

        First parameter to getElementById() should be mandatory
        https://bugs.webkit.org/show_bug.cgi?id=160087

        Reviewed by Darin Adler.

        First parameter to getElementById() should be mandatory:
        - https://dom.spec.whatwg.org/#nonelementparentnode
        - https://www.w3.org/TR/SVG/struct.html#InterfaceSVGSVGElement

        Both Firefox and Chrome agree with the specification.

        Test: svg/dom/SVGSVGElement-getElementById.html

        * dom/NonElementParentNode.idl:
        * svg/SVGSVGElement.idl:

2016-07-22  Chris Dumez  <cdumez@apple.com>

        Parameter to Node.lookupPrefix() / lookupNamespaceURI() / isDefaultNamespace() should be mandatory
        https://bugs.webkit.org/show_bug.cgi?id=160086

        Reviewed by Darin Adler.

        Parameter to Node.lookupPrefix() / lookupNamespaceURI() / isDefaultNamespace()
        should be mandatory:
        - https://dom.spec.whatwg.org/#node

        Firefox and Chrome both agree with the specification.

        No new tests, rebaselined existing tests.

        * dom/Node.idl:

2016-07-22  Chris Dumez  <cdumez@apple.com>

        Parameter to Node.compareDocumentPosition() should be mandatory and non-nullable
        https://bugs.webkit.org/show_bug.cgi?id=160071

        Reviewed by Ryosuke Niwa.

        
        Parameter to Node.compareDocumentPosition() should be mandatory and
        non-nullable:
        - https://dom.spec.whatwg.org/#interface-node

        Firefox and Chrome agree with the specification so the compatibility
        risk should be low. Also, it does not make much sense to call this
        operation without parameter.

        No new tests, rebaselined existing tests.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::rangeClosestToRange):
        * dom/AuthorStyleSheets.cpp:
        (WebCore::AuthorStyleSheets::addStyleSheetCandidateNode):
        * dom/Node.cpp:
        (WebCore::compareDetachedElementsPosition):
        (WebCore::Node::compareDocumentPosition):
        * dom/Node.h:
        * dom/Node.idl:
        * dom/Position.h:
        (WebCore::operator<):
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::formElementIndexWithFormAttribute):
        (WebCore::HTMLFormElement::formElementIndex):
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::nextRendererForElement):
        (WebCore::compareRenderNamedFlowFragments):
        (WebCore::RenderNamedFlowThread::registerNamedFlowContentElement):

2016-07-22  Konstantin Tokarev  <annulen@yandex.ru>

        [cmake] Removed obsolete plugins/win directory
        https://bugs.webkit.org/show_bug.cgi?id=160081

        Reviewed by Per Arne Vollan.

        It was removed in r178219.

        No new tests needed.

        * PlatformWin.cmake:

2016-07-22  Youenn Fablet  <youenn@apple.com>

        run-builtins-generator-tests should be able to test WebCore builtins wrapper with more than one file
        https://bugs.webkit.org/show_bug.cgi?id=159921

        Reviewed by Brian Burg.

        Covered by existing and added built-ins tests.

        Updating built system according ---wrappers-only new meaning.
        builtin generator is now called for each individual built-in file plus once for WebCore wrapper files.
        WebCore wrapper files allow handling things like conditionally guarded features.
        They also remove the need to use built-ins macros outside generated code.

        * CMakeLists.txt:
        * DerivedSources.make:

2016-07-21  Frederic Wang  <fwang@igalia.com>

        Move parsing of accentunder and accent attributes from renderer to element classes
        https://bugs.webkit.org/show_bug.cgi?id=159625

        Reviewed by Brent Fulgham.

        We introduce a new MathMLUnderOverElement that is used for elements munder, mover and
        munderover in order to create RenderMathMLUnderOver and parse and expose the values of the
        accent and accentunder attributes. This is one more step toward moving MathML attribute
        parsing to the DOM (bug 156536). We also do minor clean-up for this and previous renderer
        classes that no longer do attribute parsing: the MathMLNames namespace is no longer necessary
        and constructors can take a more accurate element type.

        No new tests, already covered by existing test.

        * CMakeLists.txt: Add MathMLUnderOverElement files.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * mathml/MathMLAllInOne.cpp: Ditto.
        * mathml/MathMLElement.cpp:
        (WebCore::MathMLElement::cachedBooleanAttribute): Add parsing of boolean attributes.
        * mathml/MathMLElement.h: New type and helper functions for boolean attributes.
        * mathml/MathMLInlineContainerElement.cpp:
        (WebCore::MathMLInlineContainerElement::createElementRenderer): Remove handling of
        under/over/underover elements.
        * mathml/MathMLScriptsElement.cpp:
        (WebCore::MathMLScriptsElement::MathMLScriptsElement): Remove inline keyword to avoid link
        errors now that MathMLUnderOverElement overrides that class.
        * mathml/MathMLScriptsElement.h: Allow MathMLUnderOverElement to override this class.
        * mathml/MathMLUnderOverElement.cpp:
        (WebCore::MathMLUnderOverElement::MathMLUnderOverElement):
        (WebCore::MathMLUnderOverElement::create):
        (WebCore::MathMLUnderOverElement::accent): Helper function to access the accent value.
        (WebCore::MathMLUnderOverElement::accentUnder): Helper function to access the accentunder value.
        (WebCore::MathMLUnderOverElement::parseAttribute): Make accent and accentunder dirty.
        (WebCore::MathMLUnderOverElement::createElementRenderer): Create RenderMathMLUnderOver
        * mathml/MathMLUnderOverElement.h:
        * mathml/mathtags.in: Map under/over/underover to MathMLUnderOverElement.
        * rendering/mathml/RenderMathMLFraction.cpp: Remove MathMLNames and make the constructor
        take a MathMLFractionElement.
        (WebCore::RenderMathMLFraction::RenderMathMLFraction):
        * rendering/mathml/RenderMathMLFraction.h:
        * rendering/mathml/RenderMathMLPadded.cpp: Remove MathMLNames and make the constructor
        take a MathMLPaddedElement.
        (WebCore::RenderMathMLPadded::RenderMathMLPadded):
        * rendering/mathml/RenderMathMLPadded.h:
        * rendering/mathml/RenderMathMLScripts.cpp: Remove MathMLNames and make the constructor
        take a MathMLScriptsElement. Also rename scriptsElement() to element().
        (WebCore::RenderMathMLScripts::RenderMathMLScripts):
        (WebCore::RenderMathMLScripts::element):
        (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
        (WebCore::RenderMathMLScripts::scriptsElement): Deleted.
        * rendering/mathml/RenderMathMLScripts.h:
        * rendering/mathml/RenderMathMLUnderOver.cpp: Remove MathMLNames and make the constructor
        take a RenderMathMLUnderOver.
        (WebCore::RenderMathMLUnderOver::RenderMathMLUnderOver):
        (WebCore::RenderMathMLUnderOver::element):
        (WebCore::RenderMathMLUnderOver::hasAccent): Use the helper functions for accent and accentunder.
        * rendering/mathml/RenderMathMLUnderOver.h:

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Parameter to Node.isSameNode() / isEqualNode() should be mandatory
        https://bugs.webkit.org/show_bug.cgi?id=160070

        Reviewed by Ryosuke Niwa.

        Parameter to Node.isSameNode() / isEqualNode() should be mandatory as
        per the specification:
        - https://dom.spec.whatwg.org/#interface-node

        Chrome and Firefox agree with the specification (although Firefox does
        not support isSameNode()).

        No new tests, rebaselined existing tests.

        * dom/Node.idl:

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Parameter to Document.createEvent() should be mandatory
        https://bugs.webkit.org/show_bug.cgi?id=160065

        Reviewed by Darin Adler.

        Parameter to Document.createEvent() should be mandatory as per the
        specification:
        - https://dom.spec.whatwg.org/#document

        We already throw anyway when the parameter is omitted because we use
        "undefined" as event type, which is invalid. However, we throw the
        wrong exception.

        Firefox and Chrome agree with the specification here.

        No new tests, rebaselined existing tests.

        * dom/Document.idl:

2016-07-21  Brian Burg  <bburg@apple.com>

        REGRESSION(r62549): Objective-C DOM bindings sometimes fail to regenerate when CodeGenerator.pm is modified
        https://bugs.webkit.org/show_bug.cgi?id=160031

        Reviewed by Darin Adler.

        This bug was caused by a refactoring 6 years ago. Not all uses of a variable
        were renamed, so the ObjC bindings target pattern was not specifying any
        build scripts as target dependencies.

        * DerivedSources.make: Standardize on {COMMON,JS,DOM}_BINDINGS_SCRIPTS.

2016-07-21  Darin Adler  <darin@apple.com>

        Remove unneeded content attribute name "playsinline"
        https://bugs.webkit.org/show_bug.cgi?id=160069

        Reviewed by Chris Dumez.

        * html/HTMLVideoElement.idl: Removed explicit content attribute name on Reflect
        attribute since it is the same as the name that the code generator will generate.

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Make parameters to Element.getElementsBy*() operations mandatory
        https://bugs.webkit.org/show_bug.cgi?id=160060

        Reviewed by Darin Adler.

        Make parameters to Element.getElementsBy*() operations mandatory to
        match the specification:
        - https://dom.spec.whatwg.org/#interface-element

        Firefox and Chrome agree with the specification so the compatibility
        risk should be low.

        It makes very little sense to call these operations without parameter,
        especially considering WebKit uses the string "undefined" if the
        parameter is omitted.

        No new tests, rebaselined existing tests.

        * dom/Element.idl:

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Make parameters mandatory for attribute-related API on Element
        https://bugs.webkit.org/show_bug.cgi?id=160059

        Reviewed by Ryosuke Niwa.

        Make parameters mandatory for attribute-related API on Element to match
        the specification:
        - https://dom.spec.whatwg.org/#element

        Firefox and Chrome agree with the specification. Calling this API
        without the parameters does not make much sense, especially considering
        WebKit uses the string "undefined" when the parameter is omitted.

        No new tests, rebaselined existing tests.

        * dom/Element.idl:

2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>

        Remove support for deprecated SPI inlineMediaPlaybackRequiresPlaysInlineAttribute
        https://bugs.webkit.org/show_bug.cgi?id=160066

        Reviewed by Dean Jackson.

        r203520 deprecated inlineMediaPlaybackRequiresPlaysInlineAttribute in favor of
        allowsInlineMediaPlaybackWithPlaysInlineAttribute and
        allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute. The old
        inlineMediaPlaybackRequiresPlaysInlineAttribute is SPI and was never released
        to the public. Therefore, it can be removed safely.

        No new tests because there is no behavior change.

        * page/Settings.cpp:
        * page/Settings.in:
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::Backup::Backup): Deleted.
        (WebCore::InternalSettings::Backup::restoreTo): Deleted.
        (WebCore::InternalSettings::setInlineMediaPlaybackRequiresPlaysInlineAttribute): Deleted.
        * testing/InternalSettings.h:
        * testing/InternalSettings.idl:

2016-07-21  Dean Jackson  <dino@apple.com>

        REGRESSION (r202927): The internal size of the ImageBuffer is scaled twice by the context scaleFactor
        https://bugs.webkit.org/show_bug.cgi?id=159981
        <rdar://problem/27429465>

        Reviewed by Myles Maxfield.

        The change to propagate color spaces through ImageBuffers created an
        alternate version of createCompatibleBuffer. This version accidentally
        attempted to take the display resolution (i.e. hidpi) into account
        when creating the buffer, which meant it was being applied twice.

        The fix is simply to remove that logic. The caller of the method
        will take the resolution into account, the same way they did
        with the old createCompatibleBuffer method.

        Test: fast/hidpi/pdf-image-scaled.html

        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::createCompatibleBuffer): Don't calculate
        a resolution - just use the value of 1.0.

2016-07-21  John Wilander  <wilander@apple.com>

        Block mixed content synchronous XHR
        https://bugs.webkit.org/show_bug.cgi?id=105462
        <rdar://problem/13666424>

        Reviewed by Brent Fulgham.

        Test: http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame.html

        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::loadRequest):

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Make parameters to Document.getElementsBy*() operations mandatory
        https://bugs.webkit.org/show_bug.cgi?id=160050

        Reviewed by Daniel Bates.

        Make parameters to Document.getElementsBy*() operations mandatory to
        match the specification:
        - https://dom.spec.whatwg.org/#interface-document

        Firefox and Chrome agree with the specification so the compatibility
        risk should be low.

        It makes very little sense to call these operations without parameter,
        especially considering WebKit uses the string "undefined" if the
        parameter is omitted.

        No new tests, rebaselined existing tests.

        * dom/Document.idl:

2016-07-21  Nan Wang  <n_wang@apple.com>

        AX: aria-label not being used correctly in accessible name calculation of heading
        https://bugs.webkit.org/show_bug.cgi?id=160009

        Reviewed by Chris Fleizach.

        Actually we are exposing the correct information for heading objects. On macOS, 
        VoiceOver should handle the logic that picks the right information to speak.
        On iOS, VoiceOver is speaking the static text child instead of the heading object.
        So we should set the accessibilityLabel of the static text based on the parent's 
        alternate label.

        Test: accessibility/ios-simulator/heading-with-aria-label.html

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper _accessibilityTraitsFromAncestors]):

2016-07-21  Saam Barati  <sbarati@apple.com>

        op_add/ValueAdd should be an IC in all JIT tiers
        https://bugs.webkit.org/show_bug.cgi?id=159649

        Reviewed by Benjamin Poulain.

        * ForwardingHeaders/jit/JITMathICForwards.h: Added.

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Make parameters mandatory for Document.create*() operations
        https://bugs.webkit.org/show_bug.cgi?id=160047

        Reviewed by Ryosuke Niwa.

        Make parameters mandatory for Document.create*() operations:
        createTextNode(), createComment(), createCDataSection(),
        createAttribute() and createProcessingInstruction().

        This matches the specification:
        - https://dom.spec.whatwg.org/#interface-document

        Firefox and Chrome both agree with the specification so the
        compatibility risk should be low. Also WebKit uses the string
        "undefined" when the parameter is omitted, which is not very
        helpful.

        No new tests, rebaselined existing tests.

        * dom/Document.idl:

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Fix null handling of SVGAngle/SVGLength.valueAsString attribute
        https://bugs.webkit.org/show_bug.cgi?id=160025

        Reviewed by Ryosuke Niwa.

        Fix null handling of SVGAngle/SVGLength.valueAsString attribute
        to match the specification:
        - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGAngle
        - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGLength

        In particular, this patch drops [TreatNullAs=EmptyString] IDL
        extended attribute from this attribute. This is not supposed
        to change behavior given that both "" and "null" are invalid
        numbers and the specification says to throw a SYNTAX_ERR in
        this case.

        However, WebKit currently ignores assignments to "" instead
        of throwing. As a result, assigning to null will now throw
        instead of being ignored. The compatibility risk should be
        low because both Firefox and Chrome throw when assigning
        null.

        I did not change the behavior when assigning to "" because
        it is a bit out of scope for this patch and browsers to not
        seem to agree:
        - Firefox throws
        - Chrome set value to "0"
        - WebKit ignores the assignment

        The specification seems to agree with Firefox as far as I
        can tell given that "" is not a valid number as per:
        - https://www.w3.org/TR/css3-values/#numbers

        Test: svg/dom/valueAsString-null.html

        * svg/SVGAngle.idl:
        * svg/SVGLength.idl:

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Fix null handling of HTMLFontElement.color
        https://bugs.webkit.org/show_bug.cgi?id=160036

        Reviewed by Ryosuke Niwa.

        Fix null handling of HTMLFontElement.color to match the specification:
        - https://html.spec.whatwg.org/#htmlfontelement

        We are supposed to treat null as the empty string. Both Firefox and
        Chrome agree with the specification.

        No new tests, rebaselined existing tests.

        * html/HTMLFontElement.idl:

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Fix null handling for several HTMLTableElement attributes
        https://bugs.webkit.org/show_bug.cgi?id=160041

        Reviewed by Ryosuke Niwa.

        Fix null handling for several HTMLTableElement attributes to match the
        specification:
        - https://html.spec.whatwg.org/#HTMLTableElement-partial

        The attributes in question are 'bicolor', 'cellSpacing' and
        'cellPadding'. We are supposed to treat null as the empty string for
        these attributes.

        Firefox and Chrome both agree with the specification.

        No new tests, rebaselined existing tests.

        * html/HTMLTableElement.idl:

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Fix null handling for HTMLObjectElement.border
        https://bugs.webkit.org/show_bug.cgi?id=160040

        Reviewed by Ryosuke Niwa.

        Fix null handling for HTMLObjectElement.border to match the specification:
        - https://html.spec.whatwg.org/#HTMLObjectElement-partial

        We are supposed to treat null as the empty string.

        Both Firefox and Chrome agree with the specification.

        No new tests, rebaselined existing tests.

        * html/HTMLObjectElement.idl:

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Fix null handling for td.bgColor / tr.bgColor
        https://bugs.webkit.org/show_bug.cgi?id=160043

        Reviewed by Ryosuke Niwa.

        Fix null handling for td.bgColor / tr.bgColor to match the
        specification:
        - https://html.spec.whatwg.org/#HTMLTableCellElement-partial
        - https://html.spec.whatwg.org/#HTMLTableRowElement-partial

        We are supposed to treat null as the empty string.

        Firefox and Chrome both agree with the specification.

        No new tests, rebaselined existing tests.

        * html/HTMLTableCellElement.idl:
        * html/HTMLTableRowElement.idl:

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Fix null handling for several HTMLBodyElement attributes
        https://bugs.webkit.org/show_bug.cgi?id=160044

        Reviewed by Ryosuke Niwa.

        Fix null handling for several HTMLBodyElement attributes to match the
        specification:
        - https://html.spec.whatwg.org/#HTMLBodyElement-partial

        The attributes in question are: 'text', 'link', 'vlink', 'alink' and
        'bgcolor'.

        We are supposed to treat null as the empty string for these attributes.

        Firefox and Chrome both agree with the specification.

        No new tests, rebaselined existing tests.

        * html/HTMLBodyElement.idl:

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Fix null handling for HTMLIFrameElement.marginWidth / marginHeight
        https://bugs.webkit.org/show_bug.cgi?id=160037

        Reviewed by Ryosuke Niwa.

        Fix null handling for HTMLIFrameElement.marginWidth / marginHeight to
        match the specification:
        - https://html.spec.whatwg.org/#HTMLIFrameElement-partial

        We are supposed to treat null as the empty string. Both Firefox and
        Chrome agree with the specification.

        No new tests, rebaselined existing tests.

        * html/HTMLIFrameElement.idl:

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Fix null handling for HTMLImageElement.border
        https://bugs.webkit.org/show_bug.cgi?id=160039

        Reviewed by Ryosuke Niwa.

        Fix null handling for HTMLImageElement.border to match the specification:
        - https://html.spec.whatwg.org/#HTMLImageElement-partial

        We are supposed to treat null as the empty string.

        Both Firefox and Chrome agree with the specification.

        No new tests, rebaselined existing tests.

        * html/HTMLImageElement.idl:

2016-07-21  Daniel Bates  <dabates@apple.com>

        REGRESSION: Plugin replaced YouTube Flash videos always have the same width
        https://bugs.webkit.org/show_bug.cgi?id=159998
        <rdar://problem/27462285>

        Reviewed by Simon Fraser.

        Fixes an issue where the width of a plugin replaced YouTube video loaded via an HTML embed
        element would always have the same width regardless of value of the width attribute.

        For YouTube Flash videos the YouTube plugin replacement substitutes a shadow DOM subtree
        for the default renderer of an HTML embed element. The root of this shadow DOM subtree
        is an HTML div element. Currently we set inline styles on this <div> when it is instantiated.
        In particular, we set inline display and position to "inline-block" and "relative", respectively,
        and set an invalid height and width (we specify a font weight value instead of a CSS length value
        - this causes an ASSERT_NOT_REACHED() assertion failure in StyleBuilderConverter::convertLengthSizing()
        in a debug build). These styles never worked as intended and we ultimately created an inline
        renderer (ignoring display "inline-block") that had auto width and height. Instead it is sufficient
        to remove all these inline styles and create a RenderBlockFlow renderer for this <div> so that it
        renders as a block, non-replaced element to achieve the intended illusion that the <embed> is a
        single element.

        * html/shadow/YouTubeEmbedShadowElement.cpp: Remove unused header HTMLEmbedElement.h and include
        header RenderBlockFlow.h. Also update copyright in license block.
        (WebCore::YouTubeEmbedShadowElement::YouTubeEmbedShadowElement): Remove inline styles as these
        never worked as intended.
        (WebCore::YouTubeEmbedShadowElement::createElementRenderer): Override; create a block-flow
        renderer for us so that we layout as a block, non-replaced element.
        * html/shadow/YouTubeEmbedShadowElement.h:

2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>

        [iPhone] Playing a video on tudou.com plays only sound, no video
        https://bugs.webkit.org/show_bug.cgi?id=159967
        <rdar://problem/26964090>

        Reviewed by Jon Lee, Jeremy Jones, and Anders Carlsson.

        WebKit recently starting honoring the playsinline and webkit-playsinline
        attribute on iPhones. However, because these attributes previously did
        nothing, some sites (such as Todou) were setting them on their content
        and expecting that they are not honored. In this specific case, the
        video is absolutely positioned to be 1 pixel x 1 pixel.

        Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
        property on their WKWebView, which would honor the webkit-playsinline
        attribute. Safari on iPhones didn't do this.

        In order to not break these existing apps, it's important that the
        allowsInlineMediaPlayback preference still allows webkit-playsinline
        videos to play inline in apps using WKWebView. However, in Safari, these
        videos should play fullscreen. (Todou videos have webkit-playsinline
        but not playsinline.)

        Therefore, in Safari, videos with playsinline should be inline, but
        videos with webkit-playsinline should be fullscreen. In apps using
        WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
        playsinline should be inline, and videos with webkit-playsinline should
        also be inline. Videos on iPad and Mac should all be inline by default.

        We can create some truth tables for the cases which need to be covered:

        All apps on Mac / iPad:
        Presence of playsinline | Presence of webkit-playsinline | Result
        ========================|================================|===========
        Not present             | Not present                    | Inline
        Present                 | Not present                    | Inline
        Not Present             | Present                        | Inline
        Present                 | Present                        | Inline

        Safari on iPhone:
        Presence of playsinline | Presence of webkit-playsinline | Result
        ========================|================================|===========
        Not present             | Not present                    | Fullscreen
        Present                 | Not present                    | Inline
        Not Present             | Present                        | Fullscreen
        Present                 | Present                        | Inline

        App on iPhone which sets allowsInlineMediaPlayback:
        Presence of playsinline | Presence of webkit-playsinline | Result
        ========================|================================|===========
        Not present             | Not present                    | Fullscreen
        Present                 | Not present                    | Inline
        Not Present             | Present                        | Inline
        Present                 | Present                        | Inline

        The way to distinguish Safari from another app is to create an SPI
        boolean preference which Safari can set. This is already how the
        iPhone and iPad are differentiated using the requiresPlayInlineAttribute
        which Safari sets but other apps don't. However, this preference is
        no longer sufficient because Safari should now be discriminating
        between the playsinline and webkit-playsinline attributes. Therefore,
        this preference should be extended to two boolean preferences, which
        this patch adds:

        allowsInlineMediaPlaybackWithPlaysInlineAttribute
        allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute

        Safari on iPhone will set
        allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
        and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
        false. Other apps on iPhone will get their defaults values (because they
        are SPI) which means they will both be true. On iPad and Mac, apps will
        use the defaults values where both are false.

        This patch adds support for these two preferences, but does not remove
        the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
        I will remove the exising preference as soon as I update Safari to migrate
        off of it.

        Test: media/video-playsinline.html

        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
        * page/Settings.cpp:
        * page/Settings.in:
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::Backup::Backup):
        (WebCore::InternalSettings::Backup::restoreTo):
        (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
        (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
        * testing/InternalSettings.h:
        * testing/InternalSettings.idl:

2016-07-21  Ryosuke Niwa  <rniwa@webkit.org>

        Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply
        https://bugs.webkit.org/show_bug.cgi?id=160011

        Reviewed by Chris Dumez.

        Add a null pointer check for renderer() call.

        Unfortunately no new tests since we don't have a reproduction.

        * editing/DeleteSelectionCommand.cpp:
        (WebCore::DeleteSelectionCommand::doApply):

2016-07-21  Chris Dumez  <cdumez@apple.com>

        The 2 first parameters to DOMImplementation.createDocument() should be mandatory
        https://bugs.webkit.org/show_bug.cgi?id=160030

        Reviewed by Sam Weinig.

        The 2 first parameters to DOMImplementation.createDocument() should be mandatory
        as per the specification:
        - https://dom.spec.whatwg.org/#domimplementation

        Firefox and Chrome both agree with the specification. However, those
        parameters were marked as optional in WebKit. Calling this function
        without parameters would create a document element whose tag is the
        string "undefined", which does not seem helpful. This patch thus
        aligns our behavior with the specification and other browsers.

        No new tests, rebaselined existing tests.

        * dom/DOMImplementation.idl:

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Kill legacy valueToStringWithNullCheck() utility function
        https://bugs.webkit.org/show_bug.cgi?id=159991

        Reviewed by Sam Weinig.

        Kill legacy valueToStringWithNullCheck() utility function. Treating null as
        a null string is legacy behavior so drop this function so that people are
        not tempted to use it. We should be using either:
        1. JSValue::toWTFString() for non-nullable DOMStrings
        2. valueToStringWithUndefinedOrNullCheck() for nullable DOMStrings
        3. valueToStringTreatingNullAsEmptyString() for strings with [TreatNullAs=EmptyString]

        No new tests, no web-exposed behavior change.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::valueToStringWithNullCheck): Deleted.
        * bindings/js/JSDOMBinding.h:
        * bindings/js/JSHTMLFrameElementCustom.cpp:
        (WebCore::JSHTMLFrameElement::setLocation):
        * html/HTMLFrameElement.idl:

2016-07-21  Zalan Bujtas  <zalan@apple.com>

        Do not keep invalid IOSurface in ImageBufferData.
        https://bugs.webkit.org/show_bug.cgi?id=160005
        <rdar://problem/27208636>

        Reviewed by Simon Fraser.

        When we fail to initialize the IOSurface for the accelerated context, we switch over to
        the non-accelerated code path. Since ImageBufferData::surface is used to indicate whether
        the graphics context is in accelerated mode, we need to reset it when the initialization fails.

        Unable to create a test case.

        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::ImageBuffer):

2016-07-21  Chris Dumez  <cdumez@apple.com>

        playsInline IDL attribute has the wrong casing
        https://bugs.webkit.org/show_bug.cgi?id=160029
        <rdar://problem/27474031>

        Reviewed by Jon Lee.

        Fix case from video.playsinline to video.playsInline in order to match
        the specification:
        - https://html.spec.whatwg.org/multipage/embedded-content.html#the-video-element:dom-video-playsinline

        It still reflects the "playsinline" content attribute though, as per
        the specification:
        - https://html.spec.whatwg.org/multipage/embedded-content.html#dom-video-playsinline

        No new tests, updated existing test.

        * html/HTMLVideoElement.idl:

2016-07-21  Chris Dumez  <cdumez@apple.com>

        Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
        https://bugs.webkit.org/show_bug.cgi?id=160026

        Reviewed by Sam Weinig.

        Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
        attribute as it does not match the specification:
        - https://html.spec.whatwg.org/multipage/scripting.html#canvascompositing

        It does not change web-exposed behavior because assigning to "" or "null"
        gets ignored as those are not valid operations.

        Test: fast/canvas/context-globalCompositeOperation-null.html

        * html/canvas/CanvasRenderingContext2D.idl:

2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK][Threaded Compositor] Overlay scrollbars shouldn't be a requirement of the threaded compositor
        https://bugs.webkit.org/show_bug.cgi?id=160020

        Reviewed by Michael Catanzaro.

        It has been a requirement only because we didn't really know why frame scrollbars were not rendered when using
        the threaded compositor. The reason is that RenderView doesn't use layers for FrameView scrollbars by default,
        unless using overlay scrollbars. When using the threaded compositor we really need layers for the FrameView
        scrollbars even when not using overlay scrollbars.

        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk): Stop enforcing overlay scrollbars when threaded compositor is enabled.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::shouldCompositeOverflowControls): Always use layers for scrollbars when
        threaded compositor is enabled.

2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Cairo] Fix a crash in fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
        https://bugs.webkit.org/show_bug.cgi?id=160014

        Reviewed by Michael Catanzaro.

        In r202887 some null checks were added for JSArray::createUninitialized (and related) but not for the
        ImageBuffer cairo implementation.

        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::getImageData): Return early if Uint8ClampedArray::createUninitialized() returns nullptr.

2016-07-21  Miguel Gomez  <magomez@igalia.com>

        [GTK] The GSTREAMER_GL path in MediaPlayerPrivateGStreamerBase::paintToTextureMapper() is missing a mutex lock
        https://bugs.webkit.org/show_bug.cgi?id=160018

        Reviewed by Philippe Normand.

        Lock the video sample mutex while accessing it.

        Covered by existent tests.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):

2016-07-21  Miguel Gomez  <magomez@igalia.com>

        [Threaded Compositor] Flickering when zooming in/out in maps.google.com
        https://bugs.webkit.org/show_bug.cgi?id=154069

        Reviewed by Carlos Garcia Campos.

        Add a new extra buffer to GraphicsContext3D when using the Threaded Compositor,
        so it doesn't have to reuse the buffers that are still waiting for composition.

        Covered by existing tests.

        * platform/graphics/GraphicsContext3D.h:
        Add a new texture to use for the rendering. Remove the compositor fbo we were using.
        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
        (WebCore::GraphicsContext3D::GraphicsContext3D):
        Initialize the new texture and remove the previous fbo related code.
        (WebCore::GraphicsContext3D::~GraphicsContext3D):
        Properly destroy the new texture and remove the previous fbo related code.
        * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
        (WebCore::GraphicsContext3D::reshapeFBOs):
        Allocate the new texture and remove the previous fbo allocation.
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::prepareTexture):
        Use a single fbo with three textures instead of two fbos with a texture each.
        Rotate the three textures usage so:
        - m_texture becomes m_compositorTexture to be pushed to the compositor.
        - m_intermediateTexture becomes m_texture to receive the next rendering.
        - m_compositorTexture becomes m_intermediateTexture.
        And add a glFlush() to ensure that the gl commands are sent to the pipeline.
        * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
        (WebCore::GraphicsContext3D::reshapeFBOs):
        Allocate the new texture.

2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK][Threaded Compositor] Web view background colors don't work
        https://bugs.webkit.org/show_bug.cgi?id=159465

        Reviewed by Michael Catanzaro.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): Initialize frame view layer opacity for platforms not
        using the tiled cache layer.

2016-07-20  Youenn Fablet  <youenn@apple.com>

        [XHR] Cache response JS object in case of arraybuffer and blob response types
        https://bugs.webkit.org/show_bug.cgi?id=128903

        Reviewed by Alex Christensen.

        Covered by existing and modified tests.

        Making response getter a JS builtin that caches response in @response private slot.
        Handling invalidation of cached response with @responseCacheIsValid new private method.
        Handling creation of cached response with @retrieveResponse new private method which reuses most of
        JSXMLHttpRequest::response previous code.

        Caching of responses is activated whenever load ended without any error for blob and arraybuffer response types.

        Caching of response for document is also activated in case the response getter is used but not if responseXML getter is used.

        * CMakeLists.txt: Adding XMLHttpRequest.js.
        * DerivedSources.make: Ditto.
        * bindings/js/JSXMLHttpRequestCustom.cpp:
        (WebCore::JSXMLHttpRequest::retrieveResponse): Implements creation of to-be-cached response.
        (WebCore::JSXMLHttpRequest::response): Deleted.
        * bindings/js/WebCoreBuiltinNames.h: Adding new private names.
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::didCacheResponse): Renamed from didCacheResponseJSON as all response types are now cached.
        (WebCore::XMLHttpRequest::didCacheResponseJSON): Deleted.
        * xml/XMLHttpRequest.h:
        * xml/XMLHttpRequest.idl:

2016-07-20  Youenn Fablet  <youenn@apple.com>

        Remove crossOriginRequestPolicy from ThreadableLoaderOptions
        https://bugs.webkit.org/show_bug.cgi?id=159417

        Reviewed by Alex Christensen.

        No observable change.

        * Modules/fetch/FetchLoader.cpp:
        (WebCore::FetchLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
        * fileapi/FileReaderLoader.cpp:
        (WebCore::FileReaderLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
        * inspector/InspectorNetworkAgent.cpp:
        (WebCore::InspectorNetworkAgent::loadResource): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
        (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest): UseAccessControl -> FetchOptions::Mode::Cors.
        (WebCore::DocumentThreadableLoader::redirectReceived): Ditto.
        (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
        (WebCore::DocumentThreadableLoader::loadRequest): Use NoCors as option passed to ResourceLoader. This allows
        desactivating ResourceLoader CORS checks as they are done in DocumentThreadableLoader right now. In the future,
        these checks should be moved to ResourceLoader and DocumentThreadableLoader should directly pass the fetch mode
        option.
        (WebCore::DocumentThreadableLoader::isAllowedRedirect): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
        * loader/ThreadableLoader.cpp:
        (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing CrossOriginRequestPolicy.
        * loader/ThreadableLoader.h: Ditto.
        * loader/WorkerThreadableLoader.cpp:
        (WebCore::LoaderTaskOptions::LoaderTaskOptions): Ditto.
        * page/EventSource.cpp:
        (WebCore::EventSource::connect): UseAccessControl -> FetchOptions::Mode::Cors.
        * workers/Worker.cpp:
        (WebCore::Worker::create): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::importScripts): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::loadSynchronously):
        (WebCore::WorkerScriptLoader::loadAsynchronously):
        * workers/WorkerScriptLoader.h:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest):

2016-07-20  Chris Dumez  <cdumez@apple.com>

        Fix null handling of several Document attributes
        https://bugs.webkit.org/show_bug.cgi?id=159997

        Reviewed by Ryosuke Niwa.

        Fix null handling of the following Document attributes: title, cookie
        and domain.

        In WebKit, they were all marked as [TreatNullAs=EmptyString], which
        does not match the specification:
        - https://html.spec.whatwg.org/multipage/dom.html#document

        Details for each attribute:
        - title: null is now treated as the string "null", thus setting the
          document title to "null". This matches Firefox and Chrome.
        - cookie: adds a "null" cookie instead of being a no-op. This matches
                  both Firefox and Chrome.
        - domain: Calls setDomain(String("null")) instead of
                  setDomain(String()). This throws an exception because "null"
                  is not a suffix of the effective domain name. The behavior
                  is the same in Firefox and Chrome. Previously, we were
                  already throwing an exception since setting the domain to
                  the empty string throws, as per the specification.

        Test: http/tests//dom/document-attributes-null-handling.html

        * dom/Document.idl:

2016-07-20  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r203471.
        https://bugs.webkit.org/show_bug.cgi?id=160003

        many iOS-simulator tests are failing (Requested by litherum on
        #webkit).

        Reverted changeset:

        "[iPhone] Playing a video on tudou.com plays only sound, no
        video"
        https://bugs.webkit.org/show_bug.cgi?id=159967
        http://trac.webkit.org/changeset/203471

2016-07-19  Ryosuke Niwa  <rniwa@webkit.org>

        iOS: Cannot paste images in RTF content
        https://bugs.webkit.org/show_bug.cgi?id=159964
        <rdar://problem/27442806>

        Reviewed by Enrica Casucci.

        The bug was caused by setDefersLoading(true) not deferring image loading for the parsed fragment.
        Worked around this bug by disabling image loading while parsing the document fragment.

        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::createFragmentAndAddResources):

2016-07-20  Brady Eidson  <beidson@apple.com>

        Address a small FIXME in IDB code.
        https://bugs.webkit.org/show_bug.cgi?id=159999

        Reviewed by Andy Estes.

        No new tests (No behavior change).

        * Modules/indexeddb/IDBRequest.cpp:
        (WebCore::IDBRequest::IDBRequest):
        
        * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
        (WebCore::IDBResourceIdentifier::IDBResourceIdentifier): Deleted.
        * Modules/indexeddb/shared/IDBResourceIdentifier.h:

2016-07-20  Brady Eidson  <beidson@apple.com>

        Remove some "modernFoo"s from IndexedDB code.
        https://bugs.webkit.org/show_bug.cgi?id=159985

        Reviewed by Andy Estes.

        No new tests (No known behavior change).

        * Modules/indexeddb/IDBCursor.cpp:
        (WebCore::IDBCursor::IDBCursor):
        (WebCore::IDBCursor::~IDBCursor):
        (WebCore::IDBCursor::sourcesDeleted):
        (WebCore::IDBCursor::effectiveObjectStore):
        (WebCore::IDBCursor::transaction):
        (WebCore::IDBCursor::direction):
        (WebCore::IDBCursor::update):
        (WebCore::IDBCursor::advance):
        (WebCore::IDBCursor::continueFunction):
        (WebCore::IDBCursor::uncheckedIterateCursor):
        (WebCore::IDBCursor::deleteFunction):
        (WebCore::IDBCursor::setGetResult):
        
        * Modules/indexeddb/IDBIndex.cpp:
        (WebCore::IDBIndex::IDBIndex):
        (WebCore::IDBIndex::~IDBIndex):
        (WebCore::IDBIndex::hasPendingActivity):
        (WebCore::IDBIndex::name):
        (WebCore::IDBIndex::objectStore):
        (WebCore::IDBIndex::keyPath):
        (WebCore::IDBIndex::unique):
        (WebCore::IDBIndex::multiEntry):
        (WebCore::IDBIndex::openCursor):
        (WebCore::IDBIndex::doCount):
        (WebCore::IDBIndex::openKeyCursor):
        (WebCore::IDBIndex::doGet):
        (WebCore::IDBIndex::doGetKey):
        (WebCore::IDBIndex::markAsDeleted):
        * Modules/indexeddb/IDBIndex.h:
        
        * Modules/indexeddb/IDBObjectStore.cpp:
        (WebCore::IDBObjectStore::transaction):
        (WebCore::IDBObjectStore::deleteFunction): Deleted.
        (WebCore::IDBObjectStore::modernDelete): Deleted.
        * Modules/indexeddb/IDBObjectStore.h:
        
        * bindings/js/JSIDBIndexCustom.cpp:
        (WebCore::JSIDBIndex::visitAdditionalChildren):

2016-07-20  Chris Dumez  <cdumez@apple.com>

        Stop using valueToStringWithNullCheck() in JSCSSStyleDeclaration::putDelegate()
        https://bugs.webkit.org/show_bug.cgi?id=159982

        Reviewed by Ryosuke Niwa.

        valueToStringWithNullCheck() treats null as the null String() which is
        legacy / non standard behavior. The specification says we should treat
        null as the empty string:
        - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute

        Therefore, we should be using valueToStringTreatingNullAsEmptyString() instead.

        In practice, there is no web-exposed behavior change because
        MutableStyleProperties::setProperty() removes the property wether the
        value is the null String or the empty String.

        This behavior is correct since the specification says that we should
        remove the property if the value is the empty string:
        - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty (step 4)

        I added test coverage to make sure we behave according to specification.
        This test is passing in Firefox, Chrome and in WebKit (before and after
        my change).

        Test: fast/css/CSSStyleDeclaration-property-setter.html

        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        (WebCore::JSCSSStyleDeclaration::putDelegate):

2016-07-20  Chris Dumez  <cdumez@apple.com>

        Fix null handling of HTMLFrameElement.marginWidth / marginHeight
        https://bugs.webkit.org/show_bug.cgi?id=159987

        Reviewed by Ryosuke Niwa.

        Fix null handling of HTMLFrameElement.marginWidth / marginHeight:
        - https://html.spec.whatwg.org/multipage/obsolete.html#htmlframeelement

        We are supposed to treat null as the empty string but we treat it as
        the string "null".

        Firefox and Chrome both match the specification.

        No new tests, updated existing tests.

        * html/HTMLFrameElement.idl:

2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>

        Pausing autoplayed media should not remove all restrictions for that media element
        https://bugs.webkit.org/show_bug.cgi?id=159988

        Reviewed by Jon Lee.

        Localizes the removal of behavior restrictions introduced in r203464 upon pausing an
        autoplaying video to just affect the hiding or showing of the media controller. This
        prevents pages from using Javascript to start playing autoplaying videos that have
        been paused by the user.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::pause):

2016-07-20  Myles C. Maxfield  <mmaxfield@apple.com>

        [iPhone] Playing a video on tudou.com plays only sound, no video
        https://bugs.webkit.org/show_bug.cgi?id=159967
        <rdar://problem/26964090>

        Reviewed by Jon Lee.

        WebKit recently starting honoring the playsinline and webkit-playsinline
        attribute on iPhones. However, because these attributes previously did
        nothing, some sites (such as Todou) were setting them on their content
        and expecting that they are not honored. In this specific case, the
        video is absolutely positioned to be 1 pixel x 1 pixel.

        Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
        property on their WKWebView, which would honor the webkit-playsinline
        attribute. Safari on iPhones didn't do this.

        In order to not break these existing apps, it's important that the
        allowsInlineMediaPlayback preference still allows webkit-playsinline
        videos to play inline in apps using WKWebView. However, in Safari, these
        videos should play fullscreen. (Todou videos have webkit-playsinline
        but not playsinline.)

        Therefore, in Safari, videos with playsinline should be inline, but
        videos with webkit-playsinline should be fullscreen. In apps using
        WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
        playsinline should be inline, and videos with webkit-playsinline should
        also be inline. Videos on iPad and Mac should all be inline by default.

        We can create some truth tables for the cases which need to be covered:

        All apps on Mac / iPad:
        Presence of playsinline | Presence of webkit-playsinline | Result
        ========================|================================|===========
        Not present             | Not present                    | Inline
        Present                 | Not present                    | Inline
        Not Present             | Present                        | Inline
        Present                 | Present                        | Inline

        Safari on iPhone:
        Presence of playsinline | Presence of webkit-playsinline | Result
        ========================|================================|===========
        Not present             | Not present                    | Fullscreen
        Present                 | Not present                    | Inline
        Not Present             | Present                        | Fullscreen
        Present                 | Present                        | Inline

        App on iPhone which sets allowsInlineMediaPlayback:
        Presence of playsinline | Presence of webkit-playsinline | Result
        ========================|================================|===========
        Not present             | Not present                    | Fullscreen
        Present                 | Not present                    | Inline
        Not Present             | Present                        | Inline
        Present                 | Present                        | Inline

        The way to distinguish Safari from another app is to create an SPI
        boolean preference which Safari can set. This is already how the
        iPhone and iPad are differentiated using the requiresPlayInlineAttribute
        which Safari sets but other apps don't. However, this preference is
        no longer sufficient because Safari should now be discriminating
        between the playsinline and webkit-playsinline attributes. Therefore,
        this preference should be extended to two boolean preferences, which
        this patch adds:

        allowsInlineMediaPlaybackWithPlaysInlineAttribute
        allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute

        Safari on iPhone will set
        allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
        and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
        false. Other apps on iPhone will get their defaults values (because they
        are SPI) which means they will both be true. On iPad and Mac, apps will
        use the defaults values where both are false.

        This patch adds support for these two preferences, but does not remove
        the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
        I will remove the exising preference as soon as I update Safari to migrate
        off of it.

        Test: media/video-playsinline.html

        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
        * page/Settings.cpp:
        * page/Settings.in:
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::Backup::Backup):
        (WebCore::InternalSettings::Backup::restoreTo):
        (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
        (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
        * testing/InternalSettings.h:
        * testing/InternalSettings.idl:

2016-07-20  Chris Dumez  <cdumez@apple.com>

        Get rid of custom bindings code for XMLHttpRequest.open()
        https://bugs.webkit.org/show_bug.cgi?id=159984

        Reviewed by Ryosuke Niwa.

        Get rid of custom bindings code for XMLHttpRequest.open() as the
        bindings generator is able to generate it.

        Relevant specification:
        - https://xhr.spec.whatwg.org/#xmlhttprequest

        The issue is that legacy content prevents treating the 'async' argument
        being undefined identical from it being omitted. However, this can be
        achieved by using overloading in IDL, like in the specification.

        No new tests, already covered by the following tests:
        - http/tests/xmlhttprequest/basic-auth.html
        - http/tests/xmlhttprequest/open-async-overload.html

        * bindings/js/JSXMLHttpRequestCustom.cpp:
        (WebCore::SendFunctor::SendFunctor): Deleted.
        (WebCore::SendFunctor::line): Deleted.
        (WebCore::SendFunctor::column): Deleted.
        (WebCore::SendFunctor::url): Deleted.
        (WebCore::SendFunctor::operator()): Deleted.
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::open):
        * xml/XMLHttpRequest.h:
        * xml/XMLHttpRequest.idl:

2016-07-20  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>

        Mark overriden methods in WebCore/svg final classes as final
        https://bugs.webkit.org/show_bug.cgi?id=159966

        Reviewed by Michael Catanzaro.

        Update WebCore/svg classes so that overriden methods in final classes are marked final.

        * svg/SVGAElement.h:
        * svg/SVGAltGlyphDefElement.h:
        * svg/SVGAltGlyphItemElement.h:
        * svg/SVGAnimateTransformElement.h:
        * svg/SVGAnimatedColor.h:
        * svg/SVGCircleElement.h:
        * svg/SVGClipPathElement.h:
        * svg/SVGCursorElement.h:
        * svg/SVGDefsElement.h:
        * svg/SVGDescElement.h:
        * svg/SVGEllipseElement.h:
        * svg/SVGFEMergeNodeElement.h:
        * svg/SVGFilterElement.h:
        * svg/SVGFontElement.h:
        * svg/SVGFontFaceElement.h:
        * svg/SVGFontFaceFormatElement.h:
        * svg/SVGFontFaceNameElement.h:
        * svg/SVGFontFaceSrcElement.h:
        * svg/SVGFontFaceUriElement.h:
        * svg/SVGForeignObjectElement.h:
        * svg/SVGGElement.h:
        * svg/SVGGlyphElement.h:
        * svg/SVGGlyphRefElement.h:
        * svg/SVGHKernElement.h:
        * svg/SVGImageElement.h:
        * svg/SVGLineElement.h:
        * svg/SVGMPathElement.h:
        * svg/SVGMaskElement.h:
        * svg/SVGMetadataElement.h:
        * svg/SVGMissingGlyphElement.h:
        * svg/SVGPathBuilder.h:
        * svg/SVGPathByteStreamBuilder.h:
        * svg/SVGPathByteStreamSource.h:
        * svg/SVGPathElement.h:
        * svg/SVGPathSegArcAbs.h:
        * svg/SVGPathSegArcRel.h:
        * svg/SVGPathSegClosePath.h:
        * svg/SVGPathSegCurvetoCubicAbs.h:
        * svg/SVGPathSegCurvetoCubicRel.h:
        * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
        * svg/SVGPathSegCurvetoCubicSmoothRel.h:
        * svg/SVGPathSegCurvetoQuadraticAbs.h:
        * svg/SVGPathSegCurvetoQuadraticRel.h:
        * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
        * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
        * svg/SVGPathSegLinetoAbs.h:
        * svg/SVGPathSegLinetoHorizontalAbs.h:
        * svg/SVGPathSegLinetoHorizontalRel.h:
        * svg/SVGPathSegLinetoRel.h:
        * svg/SVGPathSegLinetoVerticalAbs.h:
        * svg/SVGPathSegLinetoVerticalRel.h:
        * svg/SVGPathSegListBuilder.h:
        * svg/SVGPathSegListSource.h:
        * svg/SVGPathSegMovetoAbs.h:
        * svg/SVGPathSegMovetoRel.h:
        * svg/SVGPathStringSource.h:
        * svg/SVGPathTraversalStateBuilder.h:
        * svg/SVGPatternElement.h:
        * svg/SVGRectElement.h:
        * svg/SVGScriptElement.h:
        * svg/SVGStopElement.h:
        * svg/SVGStyleElement.h:
        * svg/SVGSwitchElement.h:
        * svg/SVGTRefElement.cpp:
        * svg/SVGTitleElement.h:
        * svg/SVGToOTFFontConversion.cpp:
        * svg/SVGUnknownElement.h:
        * svg/SVGVKernElement.h:
        * svg/SVGViewElement.h:
        * svg/SVGZoomEvent.h:
        * svg/animation/SVGSMILElement.cpp:
        * svg/graphics/SVGImage.h:
        * svg/graphics/SVGImageClients.h:
        * svg/graphics/SVGImageForContainer.h:
        * svg/graphics/filters/SVGFEImage.h:
        * svg/graphics/filters/SVGFilter.h:
        * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
        * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
        * svg/properties/SVGAnimatedPropertyTearOff.h:
        * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
        * svg/properties/SVGMatrixTearOff.h:
        * svg/properties/SVGPathSegListPropertyTearOff.h:

2016-07-20  Brady Eidson  <beidson@apple.com>

        Transition most IDB interfaces from ScriptExecutionContext to ExecState.
        https://bugs.webkit.org/show_bug.cgi?id=159975

        Reviewed by Alex Christensen.

        No new tests (No known behavior change).

        * Modules/indexeddb/IDBCursor.cpp:
        (WebCore::IDBCursor::continueFunction):
        (WebCore::IDBCursor::deleteFunction):
        * Modules/indexeddb/IDBCursor.h:
        * Modules/indexeddb/IDBCursor.idl:

        * Modules/indexeddb/IDBDatabase.idl:

        * Modules/indexeddb/IDBFactory.cpp:
        (WebCore::IDBFactory::cmp):
        * Modules/indexeddb/IDBFactory.h:
        * Modules/indexeddb/IDBFactory.idl:

        * Modules/indexeddb/IDBIndex.cpp:
        (WebCore::IDBIndex::openCursor):
        (WebCore::IDBIndex::count):
        (WebCore::IDBIndex::doCount):
        (WebCore::IDBIndex::openKeyCursor):
        (WebCore::IDBIndex::get):
        (WebCore::IDBIndex::doGet):
        (WebCore::IDBIndex::getKey):
        (WebCore::IDBIndex::doGetKey):
        * Modules/indexeddb/IDBIndex.h:
        * Modules/indexeddb/IDBIndex.idl:

        * Modules/indexeddb/IDBKeyRange.cpp:
        (WebCore::IDBKeyRange::only): Deleted.
        * Modules/indexeddb/IDBKeyRange.h:

        * Modules/indexeddb/IDBObjectStore.cpp:
        (WebCore::IDBObjectStore::openCursor):
        (WebCore::IDBObjectStore::get):
        (WebCore::IDBObjectStore::putOrAdd):
        (WebCore::IDBObjectStore::deleteFunction):
        (WebCore::IDBObjectStore::doDelete):
        (WebCore::IDBObjectStore::modernDelete):
        (WebCore::IDBObjectStore::clear):
        (WebCore::IDBObjectStore::createIndex):
        (WebCore::IDBObjectStore::count):
        (WebCore::IDBObjectStore::doCount):
        * Modules/indexeddb/IDBObjectStore.h:
        * Modules/indexeddb/IDBObjectStore.idl:

        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::requestOpenCursor):
        (WebCore::IDBTransaction::doRequestOpenCursor):
        (WebCore::IDBTransaction::requestGetRecord):
        (WebCore::IDBTransaction::requestGetValue):
        (WebCore::IDBTransaction::requestGetKey):
        (WebCore::IDBTransaction::requestIndexRecord):
        (WebCore::IDBTransaction::requestCount):
        (WebCore::IDBTransaction::requestDeleteRecord):
        (WebCore::IDBTransaction::requestClearObjectStore):
        (WebCore::IDBTransaction::requestPutOrAdd):
        * Modules/indexeddb/IDBTransaction.h:

        * inspector/InspectorIndexedDBAgent.cpp:

2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>

        Media controls don't appear when pausing a small autoplaying video
        https://bugs.webkit.org/show_bug.cgi?id=159972
        <rdar://problem/27180657>

        Reviewed by Beth Dakin.

        When pausing an autoplaying video, remove behavior restrictions for the
        initial user gesture and show media controls.

        New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::pause):

2016-07-20  Chris Dumez  <cdumez@apple.com>

        Fix null handling of HTMLMediaElement.mediaGroup
        https://bugs.webkit.org/show_bug.cgi?id=159974

        Reviewed by Eric Carlson.

        Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
        - https://www.w3.org/TR/html5/embedded-content-0.html#media-elements

        null is supposed to be treated as the String "null". This patch aligns
        our behavior with the specification. I tested Firefox and Chrome but both
        do not have this attribute on HTMLMediaElement.

        Also remove support for [TreatNullAs=LegacyNullString] from our bindings
        generator as HTMLMediaElement.mediaGroup was the last user.

        No new tests, rebaselined existing test.

        * bindings/scripts/CodeGeneratorJS.pm:
        (JSValueToNative):
        * bindings/scripts/IDLAttributes.txt:
        * html/HTMLMediaElement.idl:

2016-07-20  Chris Dumez  <cdumez@apple.com>

        CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
        https://bugs.webkit.org/show_bug.cgi?id=159959

        Reviewed by Alexey Proskuryakov.

        CSSStyleDeclaration.setProperty() should be able to unsert "important"
        on a property as per the latest specification:
        - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
        - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute

        Firefox and Chrome match the specification here but WebKit was ignoring calls
        to setProperty() if there is already an "important" property wit this name
        and if the new property does not have the "important" flag set.

        This behavior was added a long time ago via Bug 60007. However, it does not
        match the latest specification or other browsers.

        Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html

        * css/StyleProperties.cpp:
        (WebCore::MutableStyleProperties::addParsedProperty):
        Drop code that was added via Bug 60007 as this behavior no longer matches the
        specification or other browsers. The layout test added in Bug 60007 fails in
        other browsers and was updated in this patch to match the specification.

2016-07-20  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r203423.
        https://bugs.webkit.org/show_bug.cgi?id=159977

        The test for this change is failing on Mac Release WK2
        (Requested by ryanhaddad on #webkit).

        Reverted changeset:

        "HTMLVideoElement frames do not update on iOS when src is a
        MediaStream blob"
        https://bugs.webkit.org/show_bug.cgi?id=159833
        http://trac.webkit.org/changeset/203423

2016-07-20  Chris Dumez  <cdumez@apple.com>

        Fix null handling of HTMLSelectElement.value attribute
        https://bugs.webkit.org/show_bug.cgi?id=159925

        Reviewed by Benjamin Poulain.

        Fix null handling of HTMLSelectElement.value attribute:
        - https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement

        We were treating null as the null String which would end up setting
        selectedIndex to -1. However, we should treat null as the String "null"
        which would set the selectedIndex to the index of the <option> element
        whose value is "null".

        Firefox and Chrome match the specification.

        Test: fast/dom/HTMLSelectElement/value-null-handling.html

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::setValue):
        * html/HTMLSelectElement.idl:

2016-07-20  Chris Dumez  <cdumez@apple.com>

        PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
        https://bugs.webkit.org/show_bug.cgi?id=159962
        <rdar://problem/21439264>

        Reviewed by David Kilzer.

        PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
        is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
        call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
        However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
        other. It is therefore possible for a PostResolutionCallbackDisabler object to get
        destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
        ResourceLoadSuspender object is alive.

        This leads to hard to investigate crashes where we end up re-entering WebKit and killing
        the style resolver.

        This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
        There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
        is better because it manages a resolutionNestingDepth counter internally to make sure
        it only calls LoaderStrategy::resumePendingRequests() once all
        PostResolutionCallbackDisabler instances are destroyed.

        No new tests, there is no easy way to reproduce the crashes.

        * dom/Document.cpp:
        (WebCore::Document::styleForElementIgnoringPendingStylesheets):
        * loader/LoaderStrategy.cpp:
        (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
        (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
        * loader/LoaderStrategy.h:

2016-07-19  Youenn Fablet  <youenn@apple.com>

        [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
        https://bugs.webkit.org/show_bug.cgi?id=159932

        Reviewed by Alex Christensen.

        Covered by existing tests.

        Refactoring Headers initializeWith to use the new built-in internal that implements
        https://fetch.spec.whatwg.org/#concept-headers-fill.

        Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
        Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.

        * CMakeLists.txt: Adding FetchHeadersInternals.js
        * DerivedSources.make: Ditto.
        * Modules/fetch/FetchHeaders.js:
        (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
        * Modules/fetch/FetchInternals.js: Added.
        (fillFetchHeaders):
        * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
        that the checks are done in the order defined by the spec.
        (WebCore::FetchResponse::setStatus):
        (WebCore::FetchResponse::initializeWith):
        (WebCore::isNullBodyStatus): Deleted.
        * Modules/fetch/FetchResponse.h:
        * Modules/fetch/FetchResponse.idl:
        * Modules/fetch/FetchResponse.js:
        (initializeFetchResponse): New built-in internal.
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:

2016-07-19  Chris Dumez  <cdumez@apple.com>

        Fix null handling of SVGScriptElement.type attribute
        https://bugs.webkit.org/show_bug.cgi?id=159927

        Reviewed by Benjamin Poulain.

        Fix null handling of SVGScriptElement.type attribute:
        - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement

        We were treating null as the null String which would end up removing
        the 'type' content attribute. However, we should treat null as the
        String "null".

        Firefox and Chrome match the specification.

        No new tests, updated existing test.

        * svg/SVGScriptElement.idl:

2016-07-19  Chris Dumez  <cdumez@apple.com>

        Fix null handling of several HTMLDocument attributes
        https://bugs.webkit.org/show_bug.cgi?id=159923

        Reviewed by Benjamin Poulain.

        Fix null handling of several HTMLDocument attributes:
        - https://html.spec.whatwg.org/multipage/dom.html#document
        - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial

        In particular, null handling was incorrect in WebKit for 'dir',
        'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.

        Firefox and Chrome match the specification.

        Test: fast/dom/HTMLDocument/null-handling.html

        * html/HTMLDocument.idl:

2016-07-19  Chris Dumez  <cdumez@apple.com>

        Document.createElementNS() / createAttributeNS() parameters should be mandatory
        https://bugs.webkit.org/show_bug.cgi?id=159938

        Reviewed by Benjamin Poulain.

        Document.createElementNS() / createAttributeNS() parameters should be mandatory:
        - https://dom.spec.whatwg.org/#document

        They were optional in WebKit. However, Firefox and Chrome both match the
        specification.

        No new tests, rebaselined existing tests.

        * dom/Document.idl:

2016-07-19  Benjamin Poulain  <bpoulain@apple.com>

        Use getElementById for attribute matching if the attribute name is html's id
        https://bugs.webkit.org/show_bug.cgi?id=159960

        Reviewed by Chris Dumez.

        Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
        (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).

        If we are not in quirks mode, IdForStyleResolution has the same value
        as the Id attribute. We can use the same optimization for both cases.

        Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
               fast/selectors/id-attribute-querySelector-used-as-id-selector.html

        * dom/SelectorQuery.cpp:
        (WebCore::canBeUsedForIdFastPath):
        (WebCore::findIdMatchingType):
        (WebCore::SelectorDataList::SelectorDataList):
        (WebCore::selectorForIdLookup):
        (WebCore::filterRootById):

2016-07-19  Chris Dumez  <cdumez@apple.com>

        Drop SVGElement.xmlbase attribute
        https://bugs.webkit.org/show_bug.cgi?id=159926

        Reviewed by Benjamin Poulain.

        Drop SVGElement.xmlbase attribute as it is no longer part of the
        specification:
        - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement

        Both Firefox and Chrome have already dropped support for
        SVGElement.xmlbase.

        Chrome's intent to remove:
        https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ

        Test: svg/dom/SVGElement-xmlbase.html

        * svg/SVGElement.cpp:
        (WebCore::SVGElement::removedFrom): Deleted.
        * svg/SVGElement.h:
        * svg/SVGElement.idl:

2016-07-19  Chris Dumez  <cdumez@apple.com>

        Align CSSStyleDeclaration.setProperty() with the specification
        https://bugs.webkit.org/show_bug.cgi?id=159955

        Reviewed by Benjamin Poulain.

        Align CSSStyleDeclaration.setProperty() with the specification:
        - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface

        In particular, the following changes were needed:
        1. The 'value' parameter should not be optional
        2. The 'priority' parameter should treat null as the empty string
           rather than the string "null".
        3. The 'priority' parameter's default value should be the empty string,
           not the string "undefined".
        4. CSSStyleDeclaration.setProperty() should return early if 'priority'
           is not the empty string and is not an ASCII case-insensitive match
           for the string "important".

        Chrome matches the specification entirely.
        Firefox matches the specification with the exception that it does a
        case-sensitive match for "important".

        Test: fast/css/CSSStyleDeclaration-setProperty.html

        * css/CSSStyleDeclaration.idl:
        * css/PropertySetCSSStyleDeclaration.cpp:
        (WebCore::PropertySetCSSStyleDeclaration::setProperty):

2016-07-19  Daniel Bates  <dabates@apple.com>

        CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
        https://bugs.webkit.org/show_bug.cgi?id=159841
        <rdar://problem/27381684>

        Reviewed by Brent Fulgham.

        Implement a first pass at sending multiple violation reports so as to more closely
        conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
        <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).

        Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
               http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
               http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
               http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
               http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
               http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
               http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
               http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
               http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
               http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
               http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
               http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
               http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
               http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
               http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
               http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
               http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
               http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
               http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
               http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
               http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
               http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
               http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
               http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
               http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
               http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html

        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
        is allowed by all of the policies with the specified disposition.
        (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
        all of the enforced policies.
        (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
        Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
        so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
        (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
        (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
        (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
        all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
        nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
        address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
        (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
        (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
        matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
        report-only policies so that we only allow the resource for the former. As a side effect of this change
        we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
        for more details.
        (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
        (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
        (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
        (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
        (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
        (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
        (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
        (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
        (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
        (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
        (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
        (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
        (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
        (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
        (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
        (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
        * page/csp/ContentSecurityPolicy.h:
        (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.

2016-07-19  Chris Dumez  <cdumez@apple.com>

        Fix null handling of HTMLScriptElement.text attribute
        https://bugs.webkit.org/show_bug.cgi?id=159943

        Reviewed by Benjamin Poulain.

        Fix null handling of HTMLScriptElement.text attribute:
        - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element

        We should treat null as the "null" String but we were treating it as
        the empty string.

        Firefox and Chrome match the specification.

        No new tests, rebaselined existing test.

        * html/HTMLScriptElement.idl:

2016-07-19  Chris Dumez  <cdumez@apple.com>

        autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
        https://bugs.webkit.org/show_bug.cgi?id=159934

        Reviewed by Benjamin Poulain.

        autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
        non-standard and we want to drop support for it from the bindings generator.

        Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
        given that both a missing/empty attribute result in using the default
        autocapitalization mode and that autocapitalize returns the empty string by
        default.

        Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html

        * html/HTMLFormElement.idl:
        * html/HTMLInputElement.idl:
        * html/HTMLTextAreaElement.idl:

2016-07-19  Zalan Bujtas  <zalan@apple.com>

        REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
        https://bugs.webkit.org/show_bug.cgi?id=159952

        Reviewed by Simon Fraser.

        Update ASSERTs to reflect new functionality, that is, now we can end up in a state
        where the container (RenderView) of one of the dirty subtrees is dirty.
        See r203415.
 
        Covered by editing/pasteboard/drag-drop-input-in-svg.svg

        * page/FrameView.cpp:
        (WebCore::FrameView::scheduleRelayoutOfSubtree):

2016-07-19  Dean Jackson  <dino@apple.com>

        REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
        https://bugs.webkit.org/show_bug.cgi?id=159948
        <rdar://problem/27391012>

        Reviewed by Simon Fraser.

        There is an iOS bug (<rdar://problem/27416744>) that is causing us
        to not always get a color space on CGContextRefs. Investigation of this
        exposed some optimizations we can take when we are creating ImageBuffers.
        In particular, if we have a bitmap context or an IOSurfaceContext we
        can simply copy their color space using API. Otherwise we stick with
        the existing CGContextCopyDeviceColorSpace.

        Lastly, if for some reason we are unable to copy the device color space,
        we should fall back to sRGB.

        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::createCompatibleBuffer):
        * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.


2016-07-19  George Ruan  <gruan@apple.com>

        HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
        https://bugs.webkit.org/show_bug.cgi?id=159833
        <rdar://problem/27379487>

        Reviewed by Eric Carlson.

        Test: fast/mediastream/MediaStream-video-element-displays-buffer.html

        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
        of RefPtr<T>
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
        MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
        observers and AVSampleBufferDisplayLayer
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
        is available.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
        for enqueuing sample buffers to the active video track.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
        exists.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
        new SampleBuffer is available.
        (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
        MediaPlayerPrivateMediaSourceAVFObjC.mm
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
        * platform/mediastream/MediaStreamTrackPrivate.cpp:
        (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
        is available.
        * platform/mediastream/MediaStreamTrackPrivate.h:
        (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
        a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
        * platform/mediastream/RealtimeMediaSource.h:
        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.

2016-07-19  Anders Carlsson  <andersca@apple.com>

        Get rid of a #define private public hack in WebCore
        https://bugs.webkit.org/show_bug.cgi?id=159953

        Reviewed by Dan Bernstein.

        Use @package instead.

        * bindings/objc/DOMInternal.h:
        * bindings/objc/DOMObject.h:

2016-07-19  Andreas Kling  <akling@apple.com>

        Fix SharedBuffer leak in MockContentFilter::replacementData().
        <https://webkit.org/b/159945>

        Reviewed by Andy Estes.

        Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
        Since this is in the mock filter, it only affected layout tests.

        * testing/MockContentFilter.cpp:
        (WebCore::MockContentFilter::replacementData):

2016-07-19  Zalan Bujtas  <zalan@apple.com>

        theguardian.co.uk crossword puzzles are sometimes not displaying text
        https://bugs.webkit.org/show_bug.cgi?id=159924
        <rdar://problem/27409483>

        Reviewed by Simon Fraser.

        This patch fixes the case when
        - 2 disjoint subtrees are dirty
        - RenderView is also dirty.
        and we end up not laying out one of the 2 subtrees.

        In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
        we already have a pending full layout which means that any previous subtree layouts have already been
        converted to full layouts.
        However this assumption is incorrect. RenderView can get dirty without checking if there's
        already a pending subtree layout.
        One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
        so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
        However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
        The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
        This patch implements the second option.

        Test: fast/misc/subtree-layouts.html

        * page/FrameView.cpp:
        (WebCore::FrameView::scheduleRelayoutOfSubtree):

2016-07-19  Anders Carlsson  <andersca@apple.com>

        Some payment authorization status values should keep the sheet active
        https://bugs.webkit.org/show_bug.cgi?id=159936
        rdar://problem/26756701

        Reviewed by Tim Horton.

        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::ApplePaySession::completePayment):
        Keep the sheet active if the status isn't a final state status.

        * Modules/applepay/PaymentAuthorizationStatus.h:
        (WebCore::isFinalStateStatus):
        Add a new helper function that returns whether a given payment authorization status is "final",
        meaning that once that status has been passed to completePayment, the session is finished.

2016-07-19  Nan Wang  <n_wang@apple.com>

        AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
        https://bugs.webkit.org/show_bug.cgi?id=159910

        Reviewed by Chris Fleizach.

        We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
        option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
        fixed a word navigation issue based on that.

        Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::traverseToOffsetInRange):
        (WebCore::AXObjectCache::rangeForNodeContents):
        (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
        (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
        (WebCore::AXObjectCache::rightWordRange):
        (WebCore::AXObjectCache::previousBoundary):
        * accessibility/AXObjectCache.h:
        (WebCore::AXObjectCache::isNodeInUse):

2016-07-19  Youenn Fablet  <youenn@apple.com>

        [Streams API] ReadableStreamController methods should throw if its stream is not readable
        https://bugs.webkit.org/show_bug.cgi?id=159871

        Reviewed by Xabier Rodriguez-Calvar.

        Spec now mandates close and enqueue to throw if ReadableStream is not readable.
        Covered by rebased and/or modified tests.

        * Modules/streams/ReadableStreamController.js:
        (enqueue): Throwing a TypeError if controlled stream is not readable.
        (close): Ditto.

2016-07-19  Simon Fraser  <simon.fraser@apple.com>

        Bubbles appear split for a brief moment in Messages
        https://bugs.webkit.org/show_bug.cgi?id=159915
        rdar://problem/27182267

        Reviewed by David Hyatt.

        RenderView::repaintRootContents() had a long-standing bug in WebView when the
        view is scrolled. repaint() uses visualOverflowRect() but, for the 
        RenderView, the visualOverflowRect() is the initial containing block
        which is anchored at 0,0. When the view is scrolled it's clipped out and
        calls to repaintRootContents() have no effect.
        
        Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
        will clip it to the view if necessary.

        Test: fast/repaint/scrolled-view-full-repaint.html

        * rendering/RenderView.cpp:
        (WebCore::RenderView::repaintRootContents):

2016-07-19  Dan Bernstein  <mitz@apple.com>

        <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'

        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.

2016-07-19  Youenn Fablet  <youenn@apple.com>

        [Streams API] Make ReadableStream properties not enumerable
        https://bugs.webkit.org/show_bug.cgi?id=159868

        Reviewed by Darin Adler.

        Covered by rebased tests.

        Uopdating IDL definitions to mark all functions/attributes as not enumerable.
        Updating IDL constructor definitions to correctly compute constructor length.
        Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).

        * Modules/streams/ReadableStream.idl:
        * Modules/streams/ReadableStream.js:
        * Modules/streams/ReadableStreamController.idl:
        * Modules/streams/ReadableStreamReader.idl:

2016-07-19  Chris Dumez  <cdumez@apple.com>

        form.enctype / encoding / method should treat null as "null" string
        https://bugs.webkit.org/show_bug.cgi?id=159916

        Reviewed by Ryosuke Niwa.

        form.enctype / encoding / method should treat null as "null" string:
        - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement

        Previously, WebKit would treat null as the null String, which would
        end up removing the existing attribute.

        Firefox and Chrome match the specification.

        Test: fast/dom/HTMLFormElement/null-handling.html

        * html/HTMLFormElement.h:
        * html/HTMLFormElement.idl:

2016-07-18  Csaba Osztrogonác  <ossy@webkit.org>

        All-in-one buildfix after r202439
        https://bugs.webkit.org/show_bug.cgi?id=159877

        Reviewed by Chris Dumez.

        * Modules/webaudio/AudioDestinationNode.h:
        (WebCore::AudioDestinationNode::resume):
        (WebCore::AudioDestinationNode::suspend):
        (WebCore::AudioDestinationNode::close):

2016-07-18  Frederic Wang  <fwang@igalia.com>

        Move parsing of subscriptshift and superscriptshift from rendering to element classes
        https://bugs.webkit.org/show_bug.cgi?id=159622

        Reviewed by Darin Adler.

        We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
        mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
        subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
        attribute parsing to the DOM (bug 156536).

        No new tests, rendering is unchanged.

        * CMakeLists.txt: Add MathMLScriptsElement files.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * mathml/MathMLAllInOne.cpp: Ditto.
        * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
        (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
        * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
        parsing for the subscriptshift and superscriptshift MathML lengths.
        (WebCore::MathMLScriptsElement::MathMLScriptsElement):
        (WebCore::MathMLScriptsElement::create):
        (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
        parsing the attribute again if necessary.
        (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
        (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
        (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
        * mathml/MathMLScriptsElement.h: Ditto.
        * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
        * rendering/mathml/RenderMathMLScripts.cpp:
        (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
        MathMLScriptsElement.
        (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
        using the functions from the MathMLScriptsElement class.
        * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.

2016-07-18  Frederic Wang  <fwang@igalia.com>

        Do not store gap and shift parameters on RenderMathMLFraction
        https://bugs.webkit.org/show_bug.cgi?id=159876

        Reviewed by Darin Adler.

        After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
        do not need to store them on the class. We remove them and split updateLayoutParameters into
        three functions: one to update the linethickness and two others to retrieve the fraction and
        stack respectively.

        No new tests, rendering is unchanged.

        * rendering/mathml/RenderMathMLFraction.cpp:
        (WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
        (WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
        (WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
        (WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
        for fraction and stack parameters.
        (WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
        * rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
        for stack and fraction parameters.

2016-07-18  Chris Dumez  <cdumez@apple.com>

        input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
        https://bugs.webkit.org/show_bug.cgi?id=159908

        Reviewed by Alex Christensen.

        input.formEnctype / formMethod and button.formEnctype / formMethod / type
        should treat null as "null" String:
        - https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
        - https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement

        In WebKit, we would treat null as a null String which would end up
        removing the corresponding attribute. This does not match the
        specification. Firefox and Chrome match the specification here.

        Tests:
        - fast/dom/HTMLButtonElement/null-handling.html
        - fast/dom/HTMLInputElement/null-handling.html

        * html/HTMLButtonElement.idl:
        * html/HTMLInputElement.idl:

2016-07-18  Alex Christensen  <achristensen@webkit.org>

        webbookmarksd needs to use the same AppCache directory as MobileSafari
        https://bugs.webkit.org/show_bug.cgi?id=159912

        Reviewed by Alexey Proskuryakov.

        No new tests.  This only changes behavior for webbookmarksd.

        * platform/RuntimeApplicationChecks.h:
        * platform/RuntimeApplicationChecks.mm:
        (WebCore::IOSApplication::isWebBookmarksD): Added.

2016-07-18  Chris Dumez  <cdumez@apple.com>

        EventTarget.dispatchEvent() parameter should not be nullable
        https://bugs.webkit.org/show_bug.cgi?id=159897

        Reviewed by Benjamin Poulain.

        EventTarget.dispatchEvent() parameter should not be nullable:
        - https://dom.spec.whatwg.org/#interface-eventtarget

        Even though the parameter was marked as nullable in our IDL, our
        implementation does a null check and we already throw a TypeError
        when calling dispatchEvent(null).

        Update our IDL so that it matches the specification and so that
        the null check is generated in the bindings instead.

        No new tests, rebaseline existing tests.

        * dom/EventTarget.cpp:
        (WebCore::EventTarget::dispatchEventForBindings):
        * dom/EventTarget.h:
        * dom/EventTarget.idl:

2016-07-18  Chris Dumez  <cdumez@apple.com>

        DocType's publicId / systemId should not be nullable
        https://bugs.webkit.org/show_bug.cgi?id=159901

        Reviewed by Benjamin Poulain.

        DocType's publicId / systemId should not be nullable. While they were
        not marked as nullable in our IDL, they could be stored as null Strings
        in our implementation depending on how the Node was constructed. This
        led to subtle bugs where String() != emptyString().

        In particular, Node.isEqualNode() would return false when DocumentType
        nodes would mismatch because of their publicId / systemId being null
        instead of the emptyString.

        Serialization would DocumentType nodes would also be wrong when
        publicId / systemId were empty Strings instead of null strings. The
        new behavior now matches:
        - https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)

        To address these issues, we now always store publicId / systemId as
        non-null Strings inside the DocumentType class.

        Test: fast/dom/DocumentType/isEqualNode.html

        * dom/DocumentType.cpp:
        (WebCore::DocumentType::DocumentType):
        * editing/MarkupAccumulator.cpp:
        (WebCore::MarkupAccumulator::appendDocumentType):

2016-07-18  Jeremy Jones  <jeremyj@apple.com>

        If previous media session interruptions were prevented, still allow subsequent interruptions to try.
        https://bugs.webkit.org/show_bug.cgi?id=157553
        rdar://problem/25740804

        Reviewed by Eric Carlson.

        Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html

        When suspending under lock on iOS, there is first a resign active event, then a
        suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
        suspend under lock to interrupt playback.

        Currently if there are nested interruptions only the first one is acted upon.

        This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
        previous interruptions were ignored.

        This test is for iPad only, so it must be run manually.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
        * platform/audio/PlatformMediaSession.cpp:
        (WebCore::PlatformMediaSession::beginInterruption):
        * testing/Internals.cpp:
        (WebCore::Internals::beginMediaSessionInterruption):

2016-07-18  Brent Fulgham  <bfulgham@apple.com>

        Don't associate form-associated elements with forms in other trees.
        https://bugs.webkit.org/show_bug.cgi?id=119451
        <rdar://problem/27382946>

        Change is based on the Blink change (patch by <adamk@chromium.org>):
        <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>

        Reviewed by Chris Dumez.

        Prevent elements from being associated with forms that are not part of the same home subtree.
        This brings us in line with the WhatWG HTML specification as of September, 2013.

        Tests: fast/forms/image-disconnected-during-parse.html
               fast/forms/input-disconnected-during-parse.html

        * dom/Element.h:
        (WebCore::Node::rootElement): Added.
        * html/FormAssociatedElement.cpp:
        (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
        is not part of the same tree, remove the association.
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::insertedInto): Ditto.

2016-07-18  Anders Carlsson  <andersca@apple.com>

        WebKit nightly fails to build on macOS Sierra
        https://bugs.webkit.org/show_bug.cgi?id=159902
        rdar://problem/27365672

        Reviewed by Tim Horton.

        * Modules/applepay/cocoa/PaymentCocoa.mm:
        * Modules/applepay/cocoa/PaymentContactCocoa.mm:
        * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
        * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
        Use new PassKitSPI header.

        * WebCore.xcodeproj/project.pbxproj:
        Add new PassKitSPI header.

        * icu/unicode/ucurr.h: Added.
        Add ucurr.h from ICU.

        * platform/spi/cocoa/PassKitSPI.h: Added.
        Add new PassKitSPI header.

2016-07-18  Dean Jackson  <dino@apple.com>

        REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
        https://bugs.webkit.org/show_bug.cgi?id=159906
        <rdar://problem/27391725>

        Reviewed by Simon Fraser.

        The fix for webkit.org/b/157569 in r200769 broke AMP pages.
        The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.

        Revert them both until we have better testing.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::addPropertyWithPrefixingVariant):
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseAnimationShorthand):
        (WebCore::CSSParser::parseTransitionShorthand): Deleted.
        * css/CSSPropertyNames.in:
        * css/PropertySetCSSStyleDeclaration.cpp:
        (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
        (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
        (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
        (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
        * css/StyleProperties.cpp:
        (WebCore::MutableStyleProperties::removeShorthandProperty):
        (WebCore::MutableStyleProperties::removeProperty):
        (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
        (WebCore::MutableStyleProperties::setProperty):
        (WebCore::getIndexInShorthandVectorForPrefixingVariant):
        (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
        (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
        (WebCore::StyleProperties::asText): Deleted.
        * css/StyleProperties.h:

2016-07-18  Andreas Kling  <akling@apple.com>

        There should be a way to simulate memory pressure in layout tests
        <https://webkit.org/b/159743>

        Reviewed by Simon Fraser.

        Add three window.internal APIs:

            - boolean isUnderMemoryPressure (readonly attribute)
            - void beginSimulatedMemoryPressure()
            - void endSimulatedMemoryPressure()

        These make it possible to write tests that exercise behaviors that only
        occur during memory pressure situations.

        I also implemented the "org.WebKit.lowMemory" notification handler using the new API.

        Test: memory/memory-pressure-simulation.html

        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
        (WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):
        * platform/MemoryPressureHandler.h:
        (WebCore::MemoryPressureHandler::isUnderMemoryPressure):
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::platformReleaseMemory):
        (WebCore::MemoryPressureHandler::install):
        * testing/Internals.cpp:
        (WebCore::Internals::isUnderMemoryPressure):
        (WebCore::Internals::beginSimulatedMemoryPressure):
        (WebCore::Internals::endSimulatedMemoryPressure):
        * testing/Internals.h:
        * testing/Internals.idl:

2016-07-18  Said Abou-Hallawa  <sabouhallawa@apple,com>

        [iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
        https://bugs.webkit.org/show_bug.cgi?id=158715

        Reviewed by Dean Jackson.

        Test: fast/images/displaced-non-cached-pdf.html

        For iOS, we need to ensure the size of the cached PDF images will not
        exceed some limit. Also we should be caching only a sub image of the PDF
        if caching the whole image will exceed the memory limit.

        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        (WebCore::Settings::setCachedPDFImageEnabled):
        * page/Settings.h:
        (WebCore::Settings::isCachedPDFImageEnabled):
            Add an option to disable caching the PDF images.

        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
            Allow the caller of draw() to disable caching the PDF images.
        
        (WebCore::PDFDocumentImage::cacheParametersMatch):
            Match the context dirty rectangle with the cached image rectangle.
        
        (WebCore::transformContextForPainting):
            When preparing the context for drawing the PDF, take the location 
            of the destination rectangle into account. We do not need to scale
            the location of the source rectangle because we scale the size of
            the rectangle but we don't scale the whole coordinate system.

        (WebCore::cachedImageRect):
            Calculate the rectangle of the cached image such that it does not
            exceed the limit. Start from the center of the dirty rectangle and
            then expand around it.
            
        (WebCore::PDFDocumentImage::decodedSizeChanged):
            In addition to notifying the ImageObserver, it keeps track of the size
            of all the cached PDF images.

        (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
            Ensure the size of all the cached images does not exceed the limit
            
        (WebCore::PDFDocumentImage::destroyDecodedData):
        * platform/graphics/cg/PDFDocumentImage.h:

        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintIntoRect):
            Pass the option to disable caching the PDF images to PDFDocumentImage.

        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::Backup::Backup):
        (WebCore::InternalSettings::Backup::restoreTo):
        (WebCore::InternalSettings::setCachedPDFImageEnabled):
        * testing/InternalSettings.h:
        * testing/InternalSettings.idl:
            Add an internal option to disable caching the PDF images.

2016-07-18  Chris Dumez  <cdumez@apple.com>

        The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
        https://bugs.webkit.org/show_bug.cgi?id=158008

        Reviewed by Darin Adler.

        The 2 first parameters to addEventListener() / removeEventListener() should be
        mandatory:
        - https://dom.spec.whatwg.org/#interface-eventtarget

        Firefox 46 and Chrome 50 both match the specification and throw an exception when those
        parameters are omitted. However, those parameters were marked as optional in WebKit and
        the calls were no-ops if those parameters were omitted. This patch aligns our behavior
        with the specification and other browsers.

        Test: fast/dom/eventtarget-api-parameters.html

        * bindings/scripts/CodeGeneratorJS.pm:
        (GetFunctionLength): Deleted.
        * dom/EventTarget.idl:

2016-07-18  Brent Fulgham  <bfulgham@apple.com>

        Unreviewed, rolling out r203373.

        Unaddressed

        Reverted changeset:

        "Don't associate form-associated elements with forms in other
        trees."
        https://bugs.webkit.org/show_bug.cgi?id=119451
        http://trac.webkit.org/changeset/203373

2016-07-18  Brent Fulgham  <bfulgham@apple.com>

        Don't associate form-associated elements with forms in other trees.
        https://bugs.webkit.org/show_bug.cgi?id=119451
        <rdar://problem/27382946>

        Change is based on the Blink change (patch by <adamk@chromium.org>):
        <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>

        Reviewed by Zalan Bujtas.

        Prevent elements from being associated with forms that are not part of the same home subtree.
        This brings us in line with the WhatWG HTML specification as of September, 2013.

        Tests: fast/forms/image-disconnected-during-parse.html
               fast/forms/input-disconnected-during-parse.html

        * dom/NodeTraversal.h:
        (WebCore::NodeTraversal::highestAncestorOrSelf): Added.
        * html/FormAssociatedElement.cpp:
        (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
        is not part of the same tree, remove the association.
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::insertedInto): Ditto.

2016-07-18  George Ruan  <gruan@apple.com>

        Move MediaSampleAVFObjC into its own file
        https://bugs.webkit.org/show_bug.cgi?id=159796
        <rdar://problem/27362488>

        In preparation for a feature that uses MediaSampleAVFObjC, but does
        not need SourceBufferPrivateAVFObjC, it is beneficial to move
        MediaSampleAVFObjC to its own file.

        Reviewed by Eric Carlson.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/MediaSample.h: Allow setting trackID to associate
        MediaSample id with MediaStreamTrackPrivate id.
        * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Added.
        * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm: Moved
        from MediaSampleAVFObjC
        (WebCore::MediaSampleAVFObjC::presentationTime):
        (WebCore::MediaSampleAVFObjC::decodeTime):
        (WebCore::MediaSampleAVFObjC::duration):
        (WebCore::MediaSampleAVFObjC::sizeInBytes):
        (WebCore::MediaSampleAVFObjC::platformSample):
        (WebCore::CMSampleBufferIsRandomAccess):
        (WebCore::MediaSampleAVFObjC::flags):
        (WebCore::MediaSampleAVFObjC::presentationSize):
        (WebCore::MediaSampleAVFObjC::dump):
        (WebCore::MediaSampleAVFObjC::offsetTimestampsBy):
        (WebCore::MediaSampleAVFObjC::setTimestamps):
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        Moved MediaSampleAVFObjC to its own file.
        (WebCore::MediaSampleAVFObjC::platformSample): Deleted.
        (WebCore::CMSampleBufferIsRandomAccess): Deleted.
        (WebCore::MediaSampleAVFObjC::flags): Deleted.
        (WebCore::MediaSampleAVFObjC::presentationSize): Deleted.
        (WebCore::MediaSampleAVFObjC::dump): Deleted.
        (WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Deleted.
        (WebCore::MediaSampleAVFObjC::setTimestamps): Deleted.
        * platform/mock/mediasource/MockSourceBufferPrivate.cpp:

2016-07-18  Eric Carlson  <eric.carlson@apple.com>

        [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
        https://bugs.webkit.org/show_bug.cgi?id=159812
        <rdar://problem/27371624>

        Reviewed by Jon Lee.

        No new tests, it isn't possible to test this with our current testing infrastructure.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
        been an HDCP error.
        (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.

2016-07-18  Yoav Weiss  <yoav@yoav.ws>

        Add preload to features.json
        https://bugs.webkit.org/show_bug.cgi?id=159872

        Reviewed by Darin Adler.

        No new tests but no functional change.

        * features.json:

2016-07-18  Youenn Fablet  <youenn@apple.com>

        [Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
        https://bugs.webkit.org/show_bug.cgi?id=159870

        Reviewed by Xabier Rodriguez-Calvar.

        Covered by rebased test.

        * Modules/streams/StreamInternals.js:
        (validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.

2016-07-18  Csaba Osztrogonác  <ossy@webkit.org>

        Windows buildfix after r203338
        https://bugs.webkit.org/show_bug.cgi?id=159875

        Unreviewed buildfix.

        * dom/UserGestureIndicator.h:
        (WebCore::UserGestureToken::addDestructionObserver):

2016-07-18  Carlos Garcia Campos  <cgarcia@igalia.com>

        MemoryPressureHandler doesn't work if cgroups aren't present in Linux
        https://bugs.webkit.org/show_bug.cgi?id=155255

        Reviewed by Sergio Villar Senin.

        Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
        available.

        * platform/MemoryPressureHandler.h:
        * platform/linux/MemoryPressureHandlerLinux.cpp:

2016-07-17  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
        https://bugs.webkit.org/show_bug.cgi?id=159701

        Reviewed by Alex Christensen.

        No new tests, no behavior changes.

        * Modules/encryptedmedia/CDM.h:
        * Modules/encryptedmedia/MediaKeySession.h:
        * Modules/encryptedmedia/MediaKeys.h:
        * Modules/quota/DOMWindowQuota.cpp:
        * Modules/quota/StorageErrorCallback.cpp:
        (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
        * Modules/quota/StorageErrorCallback.h:
        * Modules/quota/StorageInfo.h:
        * Modules/quota/StorageQuota.h:
        * Modules/speech/DOMWindowSpeechSynthesis.cpp:
        * Modules/speech/SpeechSynthesis.cpp:
        (WebCore::SpeechSynthesis::getVoices):
        (WebCore::SpeechSynthesis::startSpeakingImmediately):
        (WebCore::SpeechSynthesis::speak):
        (WebCore::SpeechSynthesis::cancel):
        (WebCore::SpeechSynthesis::handleSpeakingCompleted):
        (WebCore::SpeechSynthesis::boundaryEventOccurred):
        (WebCore::SpeechSynthesis::didStartSpeaking):
        (WebCore::SpeechSynthesis::didPauseSpeaking):
        (WebCore::SpeechSynthesis::didResumeSpeaking):
        (WebCore::SpeechSynthesis::didFinishSpeaking):
        (WebCore::SpeechSynthesis::speakingErrorOccurred):
        * Modules/speech/SpeechSynthesis.h:
        * Modules/speech/SpeechSynthesisEvent.h:
        * Modules/speech/SpeechSynthesisUtterance.h:
        * Modules/speech/SpeechSynthesisVoice.cpp:
        (WebCore::SpeechSynthesisVoice::create):
        (WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):
        * Modules/speech/SpeechSynthesisVoice.h:
        * platform/PlatformSpeechSynthesizer.h:
        * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
        (WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):
        * platform/mock/PlatformSpeechSynthesizerMock.cpp:
        (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
        (WebCore::PlatformSpeechSynthesizerMock::speak):
        (WebCore::PlatformSpeechSynthesizerMock::cancel):
        (WebCore::PlatformSpeechSynthesizerMock::pause):
        (WebCore::PlatformSpeechSynthesizerMock::resume):

2016-07-16  Sam Weinig  <sam@webkit.org>

        [WebKit API] Add SPI to track multiple navigations caused by a single user gesture
        <rdar://problem/26554137>
        https://bugs.webkit.org/show_bug.cgi?id=159856

        Reviewed by Dan Bernstein.

        - Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
        - Makes UserGestureIndicator track UserGestureToken.
        - Refines UserGestureIndicator's interface to use Optional and a smaller enum set
          to represent the different initial states.
        - Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, 
          postMessage, and ScheduledNavigation) rather than just a boolean.

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::increment):
        (WebCore::AccessibilityNodeObject::decrement):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::press):
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::executeScriptInWorld):
        (WebCore::ScriptController::executeScript):
        Update for new UserGestureIndicator interface.

        * dom/UserGestureIndicator.cpp:
        (WebCore::currentToken):
        (WebCore::UserGestureToken::~UserGestureToken):
        (WebCore::UserGestureIndicator::UserGestureIndicator):
        (WebCore::UserGestureIndicator::~UserGestureIndicator):
        (WebCore::UserGestureIndicator::currentUserGesture):
        (WebCore::UserGestureIndicator::processingUserGesture):
        (WebCore::UserGestureIndicator::processingUserGestureForMedia):
        (WebCore::isDefinite): Deleted.
        * dom/UserGestureIndicator.h:
        (WebCore::UserGestureToken::create):
        (WebCore::UserGestureToken::state):
        (WebCore::UserGestureToken::processingUserGesture):
        (WebCore::UserGestureToken::processingUserGestureForMedia):
        (WebCore::UserGestureToken::addDestructionObserver):
        (WebCore::UserGestureToken::UserGestureToken):
        Add UserGestureToken and track the current one explicitly.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::openInNewTab):
        * inspector/InspectorFrontendHost.cpp:
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::navigate):
        Update for new UserGestureIndicator interface.

        * loader/NavigationAction.cpp:
        (WebCore::NavigationAction::NavigationAction):
        * loader/NavigationAction.h:
        (WebCore::NavigationAction::userGestureToken):
        (WebCore::NavigationAction::processingUserGesture):
        * loader/NavigationScheduler.cpp:
        (WebCore::ScheduledNavigation::ScheduledNavigation):
        (WebCore::ScheduledNavigation::~ScheduledNavigation):
        (WebCore::ScheduledNavigation::lockBackForwardList):
        (WebCore::ScheduledNavigation::wasDuringLoad):
        (WebCore::ScheduledNavigation::isLocationChange):
        (WebCore::ScheduledNavigation::userGestureToForward):
        (WebCore::ScheduledNavigation::clearUserGesture):
        (WebCore::NavigationScheduler::mustLockBackForwardList):
        (WebCore::NavigationScheduler::scheduleFormSubmission):
        (WebCore::ScheduledNavigation::wasUserGesture): Deleted.
        * page/DOMTimer.cpp:
        (WebCore::shouldForwardUserGesture):
        (WebCore::userGestureTokenToForward):
        (WebCore::DOMTimer::DOMTimer):
        (WebCore::DOMTimer::fired):
        * page/DOMTimer.h:
        * page/DOMWindow.cpp:
        (WebCore::PostMessageTimer::PostMessageTimer):
        Store the active UserGestureToken rather than just a bit.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleMousePressEvent):
        (WebCore::EventHandler::handleMouseDoubleClickEvent):
        (WebCore::EventHandler::handleMouseReleaseEvent):
        (WebCore::EventHandler::keyEvent):
        (WebCore::EventHandler::handleTouchEvent):
        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::toggleMediaFullscreenState):
        (WebCore::HitTestResult::enterFullscreenForVideo):
        (WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
        Update for new UserGestureIndicator interface.

2016-07-17  Ryosuke Niwa  <rniwa@webkit.org>

        Rename fastHasAttribute to hasAttributeWithoutSynchronization
        https://bugs.webkit.org/show_bug.cgi?id=159864

        Reviewed by Chris Dumez.

        Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.

        * accessibility/AccessibilityListBoxOption.cpp:
        (WebCore::AccessibilityListBoxOption::isEnabled):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::hasAttribute):
        (WebCore::AccessibilityObject::getAttribute):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
        * bindings/scripts/CodeGenerator.pm:
        (GetterExpression):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjReflectedBooleanAttr):
        (WebCore::jsTestObjReflectedCustomBooleanAttr):
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj reflectedBooleanAttr]):
        (-[DOMTestObj setReflectedBooleanAttr:]):
        (-[DOMTestObj reflectedCustomBooleanAttr]):
        (-[DOMTestObj setReflectedCustomBooleanAttr:]):
        * dom/Document.cpp:
        (WebCore::Document::hasManifest):
        (WebCore::Document::doctype):
        * dom/Element.h:
        (WebCore::Node::parentElement):
        (WebCore::Element::hasAttributeWithoutSynchronization):
        (WebCore::Element::fastHasAttribute): Deleted.
        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):
        * editing/DeleteSelectionCommand.cpp:
        (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
        * editing/markup.cpp:
        (WebCore::createMarkupInternal):
        * html/ColorInputType.cpp:
        (WebCore::ColorInputType::shouldShowSuggestions):
        * html/FileInputType.cpp:
        (WebCore::FileInputType::handleDOMActivateEvent):
        (WebCore::FileInputType::receiveDroppedFiles):
        * html/FormAssociatedElement.cpp:
        (WebCore::FormAssociatedElement::didMoveToNewDocument):
        (WebCore::FormAssociatedElement::insertedInto):
        (WebCore::FormAssociatedElement::removedFrom):
        (WebCore::FormAssociatedElement::formAttributeChanged):
        * html/FormController.cpp:
        (WebCore::ownerFormForState):
        * html/GenericCachedHTMLCollection.cpp:
        (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::draggable):
        (WebCore::HTMLAnchorElement::href):
        (WebCore::HTMLAnchorElement::sendPings):
        * html/HTMLAppletElement.cpp:
        (WebCore::HTMLAppletElement::rendererIsNeeded):
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::collectStyleForPresentationAttribute):
        (WebCore::elementAffectsDirectionality):
        (WebCore::setHasDirAutoFlagRecursively):
        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::rendererIsNeeded):
        * html/HTMLFieldSetElement.cpp:
        (WebCore::updateFromControlElementsAncestorDisabledStateUnder):
        (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
        (WebCore::HTMLFieldSetElement::disabledStateChanged):
        (WebCore::HTMLFieldSetElement::childrenChanged):
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::formNoValidate):
        (WebCore::HTMLFormControlElement::formAction):
        (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
        (WebCore::shouldAutofocus):
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::formElementIndex):
        (WebCore::HTMLFormElement::noValidate):
        * html/HTMLFrameElement.cpp:
        (WebCore::HTMLFrameElement::noResize):
        (WebCore::HTMLFrameElement::didAttachRenderers):
        * html/HTMLFrameElementBase.cpp:
        (WebCore::HTMLFrameElementBase::parseAttribute):
        (WebCore::HTMLFrameElementBase::location):
        * html/HTMLHRElement.cpp:
        (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::isServerMap):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::finishParsingChildren):
        (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
        (WebCore::HTMLInputElement::isActivatedSubmit):
        (WebCore::HTMLInputElement::reset):
        (WebCore::HTMLInputElement::multiple):
        (WebCore::HTMLInputElement::setSize):
        (WebCore::HTMLInputElement::shouldUseMediaCapture):
        * html/HTMLMarqueeElement.cpp:
        (WebCore::HTMLMarqueeElement::minimumDelay):