ea627c22c3ba685a96be41e832d0f2a27ab37d0d
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-02-19  Chris Dumez  <cdumez@apple.com>
2
3         Land release assertions to help track down a possible HTMLCollection lifetime bug
4         https://bugs.webkit.org/show_bug.cgi?id=154490
5
6         Reviewed by Ryosuke Niwa.
7
8         Land release assertions to help track down a possible HTMLCollection
9         lifetime bug: <rdar://problem/24457478>.
10
11         * bindings/js/JSHTMLCollectionCustom.cpp:
12         (WebCore::JSHTMLCollection::getOwnPropertyNames):
13         * html/HTMLCollection.cpp:
14         (WebCore::HTMLCollection::HTMLCollection):
15         (WebCore::HTMLCollection::~HTMLCollection):
16         * html/HTMLCollection.h:
17         (WebCore::HTMLCollection::wasDeletionStarted):
18         * html/HTMLCollection.idl:
19
20 2016-02-19  Doug Russell  <d_russell@apple.com>
21
22         Bug 154366 - AX: AXObjectCache::visiblePositionForTextMarkerData() doesn't account for equivalent visibly equivalent positions
23         https://bugs.webkit.org/show_bug.cgi?id=154366
24
25         Reviewed by Chris Fleizach.
26
27         Test: accessibility/mac/text-marker-line-boundary.html
28
29         * accessibility/AXObjectCache.cpp:
30         (WebCore::AXObjectCache::visiblePositionForTextMarkerData):
31
32 2016-02-19  Simon Fraser  <simon.fraser@apple.com>
33
34         Use more concrete types for parsing positions
35         https://bugs.webkit.org/show_bug.cgi?id=154481
36
37         Reviewed by Dean Jackson.
38
39         Use CSSPrimitiveValues for position-parsing functions where possible, to avoid
40         the need to downcast<> the values returned by the parsing functions.
41
42         * css/CSSParser.cpp:
43         (WebCore::CSSParser::parseValue):
44         (WebCore::CSSParser::parsePositionX):
45         (WebCore::CSSParser::parsePositionY):
46         (WebCore::CSSParser::parse4ValuesFillPosition):
47         (WebCore::CSSParser::parse3ValuesFillPosition):
48         (WebCore::CSSParser::parseFillPosition):
49         (WebCore::CSSParser::parse2ValuesFillPosition):
50         (WebCore::CSSParser::parseFillProperty):
51         (WebCore::CSSParser::parseTransformOriginShorthand):
52         (WebCore::CSSParser::parseBasicShapeCircle):
53         (WebCore::CSSParser::parseBasicShapeEllipse):
54         (WebCore::CSSParser::parseDeprecatedRadialGradient):
55         (WebCore::CSSParser::parseRadialGradient):
56         (WebCore::CSSParser::parseTransformOrigin):
57         (WebCore::CSSParser::parsePerspectiveOrigin):
58         * css/CSSParser.h:
59
60 2016-02-18  Gavin Barraclough  <barraclough@apple.com>
61
62         JSObject::getPropertySlot - index-as-propertyname, override on prototype, & shadow
63         https://bugs.webkit.org/show_bug.cgi?id=154416
64
65         Reviewed by Geoff Garen.
66
67         * testing/Internals.cpp:
68         (WebCore::Internals::isReadableStreamDisturbed):
69             - fastGetOwnPropertySlot -> getOwnPropertySlot
70               (internal method removed; test shouldn't really have been using this anyway)
71
72 2016-02-19  Chris Dumez  <cdumez@apple.com>
73
74         HTMLFormElement.autocomplete should only return known values
75         https://bugs.webkit.org/show_bug.cgi?id=154247
76         <rdar://problem/24658195>
77
78         Reviewed by Ryosuke Niwa.
79
80         Update HTMLFormElement.autocomplete to only return known values:
81         - https://html.spec.whatwg.org/multipage/forms.html#dom-form-autocomplete
82         - https://html.spec.whatwg.org/multipage/forms.html#attr-form-autocomplete
83
84         Also, update HTMLInputElement.autocomplete to fall back to using the form
85         owner's autocomplete attribute ("on" or "off") when it's autocomplete
86         attribute is omitted and the input element is wearing the "autofill
87         expectation mantle" (i.e. the input is not hidden). If there is no
88         form owner, the "on" value is used instead. This behavior is specified
89         in:
90         https://html.spec.whatwg.org/multipage/forms.html#autofilling-form-controls:-the-autocomplete-attribute:attr-fe-autocomplete-7
91
92         No new tests, already covered by existing tests.
93
94         * html/HTMLFormControlElement.cpp:
95         (WebCore::HTMLFormControlElement::autocomplete):
96         * html/HTMLFormElement.cpp:
97         (WebCore::HTMLFormElement::setAutocomplete):
98         (WebCore::HTMLFormElement::autocomplete):
99         * html/HTMLFormElement.h:
100         * html/HTMLFormElement.idl:
101
102 2016-02-19  Chris Dumez  <cdumez@apple.com>
103
104         Drop UnsafeVectorOverflow on ElementDescendantConstIterator::m_ancestorSiblingStack
105         https://bugs.webkit.org/show_bug.cgi?id=154477
106
107         Reviewed by Ryosuke Niwa.
108
109         Drop UnsafeVectorOverflow on ElementDescendantConstIterator::m_ancestorSiblingStack to
110         restore bounds checking.
111
112         Andreas already dropped in on ElementDescendantIterator::m_ancestorSiblingStack in
113         r178253 but did not update the "Const" counterpart.
114
115         * dom/ElementDescendantIterator.h:
116
117 2016-02-19  Simon Fraser  <simon.fraser@apple.com>
118
119         Wheel event callback removing the window causes crash in WebCore.
120         https://bugs.webkit.org/show_bug.cgi?id=150871
121
122         Reviewed by Brent Fulgham.
123
124         Null check the FrameView before using it, since the iframe may have been removed
125         from its parent document inside the event handler.
126         
127         The new test triggered a cross-load side-effect, where wheel event filtering wasn't
128         reset between page loads. Fix by calling clearLatchedState() in EventHandler::clear(),
129         which resets the filtering.
130
131         Test: fast/events/wheel-event-destroys-frame.html
132
133         * page/EventHandler.cpp:
134         (WebCore::EventHandler::clear):
135         * page/WheelEventDeltaFilter.cpp:
136         (WebCore::WheelEventDeltaFilter::filteredDelta):
137         * page/mac/EventHandlerMac.mm:
138         (WebCore::EventHandler::platformCompleteWheelEvent):
139         * rendering/RenderLayer.cpp:
140         (WebCore::RenderLayer::scrollTo):
141
142 2016-02-19  Myles C. Maxfield  <mmaxfield@apple.com>
143
144         [Win] [SVG -> OTF Converter] All uses of a font except the first one are invisible
145         https://bugs.webkit.org/show_bug.cgi?id=154465
146
147         Reviewed by Alex Christensen.
148
149         We should re-use the existing converted data if it exists.
150
151         Covered by existing tests.
152
153         * css/CSSFontFaceSource.cpp:
154         (WebCore::CSSFontFaceSource::font):
155
156 2016-02-19  Antti Koivisto  <antti@apple.com>
157
158         ComposedTreeIterator traverses normal children for elements with empty shadow root
159         https://bugs.webkit.org/show_bug.cgi?id=154464
160
161         Reviewed by Ryosuke Niwa.
162
163         Test: fast/shadow-dom/composed-tree-basic.html
164
165         * dom/ComposedTreeIterator.cpp:
166         (WebCore::ComposedTreeIterator::initializeContextStack):
167         (WebCore::ComposedTreeIterator::traverseShadowRoot):
168
169             If the shadow root is empty continue by skipping the real children.
170
171         (WebCore::ComposedTreeIterator::traverseNextInShadowTree):
172         (WebCore::composedTreeAsText):
173         (WebCore::ComposedTreeIterator::pushContext): Deleted.
174         * dom/ComposedTreeIterator.h:
175         (WebCore::ComposedTreeIterator::context):
176         (WebCore::ComposedTreeIterator::current):
177         (WebCore::ComposedTreeIterator::traverseNext):
178         (WebCore::composedTreeChildren):
179         * testing/Internals.cpp:
180         (WebCore::Internals::composedTreeAsText):
181
182             Testing support.
183
184         * testing/Internals.h:
185         * testing/Internals.idl:
186
187 2016-02-19  Jer Noble  <jer.noble@apple.com>
188
189         Adopt CachedRawResourceClient::shouldCacheResponse() in MediaResourceLoader and WebCoreNSURLSession
190         https://bugs.webkit.org/show_bug.cgi?id=154466
191
192         Reviewed by Alex Christensen.
193
194         Adopt the new shouldCacheResponse() callback so that byte-range
195         requests generated by WebCoreNSURLSession are not cached.
196
197         * loader/MediaResourceLoader.cpp:
198         (WebCore::MediaResource::shouldCacheResponse):
199         * loader/MediaResourceLoader.h:
200         * platform/graphics/PlatformMediaResourceLoader.h:
201         (WebCore::PlatformMediaResourceClient::shouldCacheResponse):
202         * platform/network/cocoa/WebCoreNSURLSession.mm:
203         (-[WebCoreNSURLSession downloadTaskWithRequest:]):
204         (-[WebCoreNSURLSession streamTaskWithHostName:port:]):
205         (-[WebCoreNSURLSession streamTaskWithNetService:]):
206         (-[WebCoreNSURLSessionDataTask _timingData]):
207         (-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]):
208
209 2016-02-12  Jer Noble  <jer.noble@apple.com>
210
211         [Mac] CORS-compliant videos throw security errors when painting to Canvas
212         https://bugs.webkit.org/show_bug.cgi?id=154188
213         <rdar://problem/22959556>
214
215         Reviewed by Alex Christensen.
216
217         Pass the CORS access check results from WebCoreNSURLSession to it's client,
218         MediaPlayerPrivateAVFoundationObjC.
219
220         * WebCore.xcodeproj/project.pbxproj:
221         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
222         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
223         (WebCore::MediaPlayerPrivateAVFoundationObjC::didPassCORSAccessCheck): Ask the WebCoreNSURLSession.
224         * platform/network/cocoa/WebCoreNSURLSession.h:
225         * platform/network/cocoa/WebCoreNSURLSession.mm:
226         (-[WebCoreNSURLSession task:didReceiveCORSAccessCheckResult:]): Conditionally set _corsResults.
227         (-[WebCoreNSURLSession didPassCORSAccessChecks]): Return _corsResults.
228         (WebCoreNSURLSessionDataTaskClient::accessControlCheckFailed): Call -resource:accessControlCheckFailedWithError:.
229         (WebCoreNSURLSessionDataTaskClient::loadFailed): Call -resource:loadFailedWithError:.
230         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Set _response within the delegate queue.
231         (-[WebCoreNSURLSessionDataTask _resource:loadFinishedWithError:]): Renamed from resourceFinished:
232         (-[WebCoreNSURLSessionDataTask resource:accessControlCheckFailedWithError:]): Ditto.
233         (-[WebCoreNSURLSessionDataTask resource:loadFailedWithError:]): Ditto.
234         (-[WebCoreNSURLSessionDataTask resourceFinished:]): Ditto.
235
236 2016-02-19  Chris Dumez  <cdumez@apple.com>
237
238         Unreviewed build fix.
239
240         * loader/cocoa/SubresourceLoaderCocoa.mm:
241         (WebCore::SubresourceLoader::willCacheResponse):
242
243 2016-02-19  Nan Wang  <n_wang@apple.com>
244
245         AX: Inconsistency between CharacterOffset and VisiblePostition
246         https://bugs.webkit.org/show_bug.cgi?id=154431
247
248         Reviewed by Chris Fleizach.
249
250         VoiceOver is not getting the correct text marker from VisiblePostition when
251         navigating using arrow keys. We should make the CharacterOffset behavior consistent
252         with VisiblePosition so that the conversion between the two won't create different
253         text markers.
254         
255         Changes are covered in the modified tests.
256
257         * accessibility/AXObjectCache.cpp:
258         (WebCore::AXObjectCache::characterOffsetForTextMarkerData):
259         (WebCore::AXObjectCache::traverseToOffsetInRange):
260         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
261         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
262         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
263         (WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
264         (WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
265         (WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
266         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
267         (WebCore::AXObjectCache::accessibilityObjectForTextMarkerData):
268         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
269         (WebCore::AXObjectCache::nextCharacterOffset):
270         (WebCore::AXObjectCache::previousCharacterOffset):
271         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
272         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
273         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
274         (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
275         (WebCore::AXObjectCache::previousSentenceStartCharacterOffset):
276         * accessibility/AXObjectCache.h:
277         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
278         (-[WebAccessibilityObjectWrapper doAXAttributedStringForTextMarkerRange:]):
279
280 2016-02-19  Jer Noble  <jer.noble@apple.com>
281
282         Allow CachedRawResource clients to opt out of caching on a per-response basis
283         https://bugs.webkit.org/show_bug.cgi?id=154453
284
285         Reviewed by Brady Eidson.
286
287         For CF or NS networking clients, the system loader will ask whether the client (the
288         SubResourceLoader in this case) wants the response to be cached. This breaks for byte
289         range requests due to <rdar://problem/20001985>. Allow the SubresourceLoader to query
290         its clients, and return null, if they opt out.
291
292         * loader/cache/CachedRawResource.cpp:
293         (WebCore::CachedRawResource::shouldCacheResponse):
294         * loader/cache/CachedRawResource.h:
295         * loader/cache/CachedRawResourceClient.h:
296         (WebCore::CachedRawResourceClient::shouldCacheResponse):
297         * loader/cache/CachedResource.h:
298         (WebCore::CachedResource::shouldCacheResponse):
299         * loader/cocoa/SubresourceLoaderCocoa.mm:
300         (WebCore::SubresourceLoader::willCacheResponse):
301
302 2016-02-19  Zalan Bujtas  <zalan@apple.com>
303
304         Blocked plug-in placeholder is sometimes not shown.
305         https://bugs.webkit.org/show_bug.cgi?id=154434
306         <rdar://problem/22584973>
307
308         Reviewed by Brent Fulgham.
309
310         m_isUnavailablePluginIndicatorHidden was set to false incorrectly as initial value.
311         It prevented RenderEmbeddedObject from issuing repaint when the plugin indicator
312         was set to visible (m_isUnavailablePluginIndicatorHidden <- false) the first time.
313         (The reason why the indicator showed up most of the time was because some renderer
314         triggered repaint on the view.)
315
316         Unable to test.
317
318         * rendering/RenderEmbeddedObject.cpp:
319         (WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsHidden):
320         (WebCore::RenderEmbeddedObject::RenderEmbeddedObject): Deleted.
321         (WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsPressed): Deleted.
322         * rendering/RenderEmbeddedObject.h:
323         (WebCore::RenderEmbeddedObject::showsUnavailablePluginIndicator):
324
325 2016-02-19  Csaba Osztrogonác  <ossy@webkit.org>
326
327         Fix pessimizing-move warnings
328         https://bugs.webkit.org/show_bug.cgi?id=154395
329
330         Reviewed by Michael Catanzaro.
331
332         * platform/graphics/efl/CairoUtilitiesEfl.cpp:
333         (WebCore::evasObjectFromCairoImageSurface):
334         * platform/graphics/surfaces/GLTransportSurface.cpp:
335         (WebCore::GLTransportSurface::createTransportSurface):
336         (WebCore::GLTransportSurfaceClient::createTransportSurfaceClient):
337
338 2016-02-19  Philippe Normand  <pnormand@igalia.com>
339
340         [GStreamer] clean-up various leaks
341         https://bugs.webkit.org/show_bug.cgi?id=154285
342
343         Reviewed by Carlos Garcia Campos.
344
345         * platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:
346         (webkit_web_audio_src_init): Take full ownership of the GstTask.
347         * platform/graphics/gstreamer/GRefPtrGStreamer.cpp:
348         (WTF::adoptGRef): Null pointer support in ASSERTs.
349         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
350         (WebCore::initializeGStreamerAndRegisterWebKitElements): Take full ownership of the GstElementFactory pointers.
351         (WebCore::MediaPlayerPrivateGStreamer::isAvailable): Ditto.
352
353 2016-02-18  Andy Estes  <aestes@apple.com>
354
355         Revert to dispatching the popstate event synchronously
356         https://bugs.webkit.org/show_bug.cgi?id=153297
357         rdar://problem/24092294
358
359         Reviewed by Brent Fulgham.
360
361         r192369 made the popstate event dispatch asynchronously, which matches what the HTML5 spec says to do. However,
362         due to compatibility regressions we need to revert back to dispatching synchronously. This change reverts
363         r192369's changes to Document.cpp, but retains the new tests.
364
365         Firing popstate synchronously makes both fast/loader/remove-iframe-during-history-navigation-different.html and
366         fast/loader/remove-iframe-during-history-navigation-same.html crash, because their onpopstate handlers remove
367         frames from the document that will later be accessed by HistoryController::recursiveGoToItem().
368
369         To prevent the crashes, this change does two things:
370         1. Keep a reference to the current frame inside FrameLoader::loadSameDocumentItem(), since calling
371            loadInSameDocument() might otherwise delete it.
372         2. Handle a null frame when iterating a HistoryItem's child frames in HistoryController::recursiveGoToItem(),
373            since calling goToItem() on one frame might cause another frame to be deleted.
374
375         Covered by existing tests. fast/loader/stateobjects/popstate-is-asynchronous.html was renamed to
376         fast/loader/stateobjects/popstate-is-synchronous.html and modified to expect synchronous dispatch.
377
378         * dom/Document.cpp:
379         (WebCore::Document::enqueuePopstateEvent):
380         * loader/FrameLoader.cpp:
381         (WebCore::FrameLoader::loadSameDocumentItem):
382         * loader/HistoryController.cpp:
383         (WebCore::HistoryController::recursiveGoToItem):
384
385 2016-02-19  Carlos Garcia Campos  <cgarcia@igalia.com>
386
387         Unreviewed. Fix GObject DOM bindings API break after r196769.
388
389         * html/HTMLTextAreaElement.idl:
390
391 2016-02-18  Gwang Yoon Hwang  <yoon@igalia.com>
392
393         [GTK] Limit the number of tiles according to the visible area
394         https://bugs.webkit.org/show_bug.cgi?id=126122
395
396         Reviewed by Carlos Garcia Campos.
397
398         TextureMapperTiledBackingStore creates tiles for whole layer bounds, which
399         means it creates the huge amount of textures if there is an excessively big
400         layer.  Not only it wastes the memory and the CPU time, it even can crash GPU
401         drivers.
402
403         This patch modifies TextureMapperTiledBackingStore to take into account the
404         visible area with a coverage multiplier when creating tiles.
405
406         * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
407         (WebCore::GraphicsLayerTextureMapper::GraphicsLayerTextureMapper):
408         Set a flag to recalculate the visible area of the layer when there are
409         geometric changes.
410         (WebCore::GraphicsLayerTextureMapper::setContentsToImage):
411         (WebCore::GraphicsLayerTextureMapper::flushCompositingStateForThisLayerOnly):
412         (WebCore::GraphicsLayerTextureMapper::updateBackingStoreIncludingSubLayers):
413         (WebCore::GraphicsLayerTextureMapper::updateBackingStoreIfNeeded):
414         (WebCore::GraphicsLayerTextureMapper::markVisibleRectAsDirty):
415         (WebCore::GraphicsLayerTextureMapper::selfOrAncestorHasActiveTransformAnimation):
416         (WebCore::GraphicsLayerTextureMapper::computeTransformedVisibleRect):
417         Compute the inverse transform matrix to map a global visible are to
418         the local visible area.
419         (WebCore::clampToContentsRectIfRectIsInfinite):
420         (WebCore::GraphicsLayerTextureMapper::transformedVisibleRect):
421         * platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:
422         (WebCore::TextureMapperTiledBackingStore::paintToTextureMapper):
423         In HiDPI, the directly composited image is uploaded to the unscaled
424         texture to reduce memory usages. So we should apply device scale
425         factor to render it correctly.
426         (WebCore::TextureMapperTiledBackingStore::createOrDestroyTilesIfNeeded):
427         Create tiles which covered by visible rect with a coverage multiplier.
428
429 2016-02-18  Brent Fulgham  <bfulgham@apple.com>
430
431         Extend HashCountedSet with a method to efficiently set the count of an entry
432         https://bugs.webkit.org/show_bug.cgi?id=154352
433
434         Reviewed by Geoffrey Garen.
435
436         Tested by new TestWebKitAPI tests.
437
438         * loader/ResourceLoadStatistics.cpp:
439         (WebCore::decodeHashCountedSet): Update to use new HashCountedSet::add method.
440
441 2016-02-18  Commit Queue  <commit-queue@webkit.org>
442
443         Unreviewed, rolling out r196790.
444         https://bugs.webkit.org/show_bug.cgi?id=154439
445
446         made fast/events/wheelevent-basic-actual.txt fail in WK2
447         (Requested by alexchristensen on #webkit).
448
449         Reverted changeset:
450
451         "Wheel event callback removing the window causes crash in
452         WebCore."
453         https://bugs.webkit.org/show_bug.cgi?id=150871
454         http://trac.webkit.org/changeset/196790
455
456 2016-02-18  Commit Queue  <commit-queue@webkit.org>
457
458         Unreviewed, rolling out r196791.
459         https://bugs.webkit.org/show_bug.cgi?id=154438
460
461         broke windows build (Requested by alexchristensen on #webkit).
462
463         Reverted changeset:
464
465         "Extend HashCountedSet with a method to efficiently set the
466         count of an entry"
467         https://bugs.webkit.org/show_bug.cgi?id=154352
468         http://trac.webkit.org/changeset/196791
469
470 2016-02-18  Chris Dumez  <cdumez@apple.com>
471
472         window.history / window.navigator should not be replaceable
473         https://bugs.webkit.org/show_bug.cgi?id=154412
474
475         Reviewed by Ryosuke Niwa.
476
477         window.history / window.navigator should not be replaceable as per
478         the latest HTML specification:
479         https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
480
481         Firefox and Chrome already match the specification. This patch aligns
482         our behavior.
483
484         No new tests, already covered by existing tests.
485
486         * page/DOMWindow.idl:
487
488 2016-02-18  Chris Dumez  <cdumez@apple.com>
489
490         HTMLTableHeaderCellElement.scope should only return known values
491         https://bugs.webkit.org/show_bug.cgi?id=154423
492         <rdar://problem/24731018>
493
494         Reviewed by Ryosuke Niwa.
495
496         HTMLTableHeaderCellElement.scope should only return known values as per:
497         - https://html.spec.whatwg.org/multipage/tables.html#dom-th-scope
498
499         Known values are document here:
500         - https://html.spec.whatwg.org/multipage/tables.html#attr-th-scope
501
502         No new tests, already covered by existing test.
503
504         * CMakeLists.txt:
505         * WebCore.vcxproj/WebCore.vcxproj:
506         * WebCore.vcxproj/WebCore.vcxproj.filters:
507         * WebCore.xcodeproj/project.pbxproj:
508         * html/HTMLElementsAllInOne.cpp:
509         * html/HTMLTableHeaderCellElement.cpp: Copied from Source/WebCore/html/HTMLTableHeaderCellElement.h.
510         (WebCore::HTMLTableHeaderCellElement::scope):
511         (WebCore::HTMLTableHeaderCellElement::setScope):
512         * html/HTMLTableHeaderCellElement.h:
513         * html/HTMLTableHeaderCellElement.idl:
514
515 2016-02-18  Brent Fulgham  <bfulgham@apple.com>
516
517         Extend HashCountedSet with a method to efficiently set the count of an entry
518         https://bugs.webkit.org/show_bug.cgi?id=154352
519
520         Reviewed by Geoffrey Garen.
521
522         Tested by new TestWebKitAPI tests.
523
524         * loader/ResourceLoadStatistics.cpp:
525         (WebCore::decodeHashCountedSet): Update to use new HashCountedSet::add method.
526
527 2016-02-18  Simon Fraser  <simon.fraser@apple.com>
528
529         Wheel event callback removing the window causes crash in WebCore.
530         https://bugs.webkit.org/show_bug.cgi?id=150871
531
532         Reviewed by Brent Fulgham.
533         
534         Null check the FrameView before using it, since the iframe may have been removed
535         from its parent document inside the event handler.
536
537         Test: fast/events/wheel-event-destroys-frame.html
538
539         * page/mac/EventHandlerMac.mm:
540         (WebCore::EventHandler::platformCompleteWheelEvent):
541
542 2016-02-18  Brady Eidson  <beidson@apple.com>
543
544         Modern IDB: Fix IDBGetResult encoder/decoder.
545         https://bugs.webkit.org/show_bug.cgi?id=154421
546
547         Reviewed by Alex Christensen.
548
549         No new tests, as Modern IDB is still disabled for WK2.
550         
551         But if you manually enable it, "Basic IndexedDB Seems To Work"
552
553         * Modules/indexeddb/IDBGetResult.h:
554         (WebCore::IDBGetResult::encode):
555         (WebCore::IDBGetResult::decode):
556
557 2016-02-18  Myles C. Maxfield  <mmaxfield@apple.com>
558
559         Addressing post-review comments after r196747.
560
561         Unreviewed.
562
563         * css/CSSFontFaceSet.h:
564         * css/FontFaceSet.cpp:
565         (WebCore::FontFaceSet::size):
566         (WebCore::FontFaceSet::clear):
567         * css/FontFaceSet.h:
568
569 2016-02-18  Zalan Bujtas  <zalan@apple.com>
570
571         Soft hyphen is not shown when it is placed at the end of an inline element
572         https://bugs.webkit.org/show_bug.cgi?id=153980
573
574         Reviewed by David Hyatt.
575
576         This patch handles the case when the character at the breaking position does not fit the
577         line and soft-hyphen, as the first breaking opportunity, is followed by this overflowing character.
578         (foo&shy;bar where b overflows the line).
579         In such cases we don't yet have an item in the breaking history so we need to take a look at
580         the current context instead.    
581
582         Test: fast/text/soft-hyphen-as-first-breaking-opportunity.html
583
584         * rendering/line/BreakingContext.h:
585         (WebCore::BreakingContext::InlineIteratorHistory::nextBreakablePosition):
586         (WebCore::BreakingContext::handleText):
587
588 2016-02-18  Andreas Kling  <akling@apple.com>
589
590         Fake memory pressure handler should log detailed memory breakdown.
591         <https://webkit.org/b/154415>
592
593         Reviewed by Antti Koivisto.
594
595         Piggyback on the RESOURCE_USAGE code to implement some detailed memory footprint diffing
596         and have the fake memory handler dump before/after/diff after it runs.
597
598         * page/ResourceUsageThread.h:
599         (WebCore::TagInfo::TagInfo):
600         * page/cocoa/ResourceUsageThreadCocoa.mm:
601         (WebCore::logFootprintComparison):
602         (WebCore::displayNameForVMTag):
603         (WebCore::pagesPerVMTag):
604         (WebCore::TagInfo::TagInfo): Deleted.
605         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
606         (WebCore::MemoryPressureHandler::install):
607
608 2016-02-18  Brady Eidson  <beidson@apple.com>
609
610         Modern IDB: Implement server->client operations in WK2.
611         https://bugs.webkit.org/show_bug.cgi?id=154411
612
613         Reviewed by Alex Christensen.
614
615         No change in behavior yet; Just laying the groundwork.
616     
617         * Modules/indexeddb/client/IDBConnectionToServer.h:
618         * Modules/indexeddb/server/IDBServer.h:
619         * Modules/indexeddb/shared/IDBTransactionInfo.h:
620         (WebCore::IDBTransactionInfo::encode):
621         (WebCore::IDBTransactionInfo::decode):
622
623 2016-02-18  Csaba Osztrogonác  <ossy@webkit.org>
624
625         Fix unused-const-variable warning on non Cocoa platforms
626         https://bugs.webkit.org/show_bug.cgi?id=154394
627
628         Reviewed by Michael Catanzaro.
629
630         * html/HTMLPlugInImageElement.cpp:
631
632 2016-02-18  Brady Eidson  <beidson@apple.com>
633
634         Modern IDB: Implement client->server operations in WK2.
635         https://bugs.webkit.org/show_bug.cgi?id=154400
636
637         Reviewed by Alex Christensen.
638
639         No change in behavior yet; Just laying the groundwork.
640
641         * Modules/indexeddb/server/IDBServer.h:
642         * Modules/indexeddb/server/UniqueIDBDatabase.h:
643         * Modules/indexeddb/shared/IDBIndexInfo.h:
644         * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
645
646 2016-02-18  Chris Dumez  <cdumez@apple.com>
647
648         [Unforgeable] operations should not be writable as per Web IDL
649         https://bugs.webkit.org/show_bug.cgi?id=154396
650         <rdar://problem/24721063>
651
652         Reviewed by Ryosuke Niwa.
653
654         [Unforgeable] operations should not be writable as per the Web IDL specification:
655         http://heycam.github.io/webidl/#es-operations
656
657         They were currently non-configurable in WebKit but still writable.
658
659         No new tests, already covered by existing test.
660
661         * bindings/scripts/CodeGeneratorJS.pm:
662         Mark [Unforgeable] operations as ReadOnly.
663
664         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
665         * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
666         * bindings/scripts/test/JS/JSTestObj.cpp:
667         * bindings/scripts/test/ObjC/DOMTestObj.h:
668         * bindings/scripts/test/ObjC/DOMTestObj.mm:
669         * bindings/scripts/test/TestObj.idl:
670         Add bindings test coverage for [Unforgeable].
671
672 2016-02-18  Chris Dumez  <cdumez@apple.com>
673
674         Fix behavior of reflecting unsigned long IDL attributes that are limited to only non-negative numbers greater than zero
675         https://bugs.webkit.org/show_bug.cgi?id=154398
676
677         Reviewed by Ryosuke Niwa.
678
679         Fix behavior of reflecting unsigned long IDL attributes that are limited
680         to only non-negative numbers greater than zero to comply with:
681         - https://html.spec.whatwg.org/#limited-to-only-non-negative-numbers-greater-than-zero
682
683         This patch updates the following IDL attributes:
684         - colgroup.span
685         - col.span
686         - input.size
687         - textarea.cols
688         - textareal.rows
689
690         All of them now:
691         - Have "unsigned long" type on IDL size and "unsigned" type on native
692           side.
693         - On getting, return the value if it is in the range [1; 2147483647],
694           otherwise return the default value.
695         - On setting, set to the input value if it is in the range
696           [1; 2147483647], otherwise, set to the default value.
697
698         Note that as per the specification, we are supposed to throw an
699         IndexSizeError exception when trying to set those attributes to zero.
700         However, we instead use the default value to match other browsers.
701         It would be risky to be the only browser to throw in this case.
702
703         No new tests, already covered by existing test.
704
705         * html/HTMLInputElement.cpp:
706         (WebCore::HTMLInputElement::parseAttribute):
707         (WebCore::HTMLInputElement::setSize):
708         * html/HTMLTableColElement.cpp:
709         (WebCore::HTMLTableColElement::parseAttribute):
710         (WebCore::HTMLTableColElement::setSpan):
711         * html/HTMLTableColElement.h:
712         * html/HTMLTableColElement.idl:
713         * html/HTMLTextAreaElement.cpp:
714         (WebCore::HTMLTextAreaElement::parseAttribute):
715         (WebCore::HTMLTextAreaElement::setCols):
716         (WebCore::HTMLTextAreaElement::setRows):
717         (WebCore::HTMLTextAreaElement::shouldUseInputMethod): Deleted.
718         * html/HTMLTextAreaElement.h:
719         * html/HTMLTextAreaElement.idl:
720         * html/parser/HTMLParserIdioms.h:
721         (WebCore::limitToOnlyNonNegativeNumbersGreaterThanZero):
722
723 2016-02-18  David Kilzer  <ddkilzer@apple.com>
724
725         Remove redundant ASSERT_WITH_MESSAGE_UNUSED() from SOFT_LINK_FRAMEWORK_FOR_SOURCE() macro
726
727         Follow-up fix noted by Andy Estes for:
728
729             [Cocoa] Always check the return value of dlopen() and dlsym() in Release builds
730             <http://webkit.org/b/154364>
731
732         * platform/mac/SoftLinking.h:
733         (SOFT_LINK_FRAMEWORK_FOR_SOURCE): Remove redundant
734         ASSERT_WITH_MESSAGE_UNUSED().
735
736 2016-02-18  Andreas Kling  <akling@apple.com>
737
738         Reduce tiling coverage immediately when memory pressure hits.
739         <https://webkit.org/b/154374>
740
741         Reviewed by Simon Fraser.
742
743         We already had a policy that reduced tiling coverage to a minimum while the system
744         is under memory pressure. However, that policy wouldn't kick in immediately after
745         receiving the pressure notification, but the next time we flush compositing state.
746
747         This change makes it happen sooner, improving our chances to escape death!
748
749         * page/Page.h:
750         * page/Page.cpp:
751         (WebCore::Page::forEachPage):
752
753             Add a little helper for visiting every Page.
754
755         * platform/MemoryPressureHandler.cpp:
756         (WebCore::MemoryPressureHandler::releaseCriticalMemory):
757
758             When under critical memory pressure, schedule a compositing flush in all Pages.
759             This ensures that the reduced tiling coverage policy takes effect, allowing us to
760             immediately drop several tiles in each visible web view.
761
762         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
763         (WebCore::MemoryPressureHandler::install):
764
765             To ensure that this behavior is testable with the fake memory pressure notification,
766             make the fake handler set the "in memory pressure" state just like the real one would.
767             I don't know why we were not doing this previously, it was just an oversight.
768             After the simulation completes, it schedules a runloop callback that resets the
769             "in memory pressure" state.
770
771 2016-02-17  Myles C. Maxfield  <mmaxfield@apple.com>
772
773         [Font Loading] Implement FontFaceSet
774         https://bugs.webkit.org/show_bug.cgi?id=153348
775
776         Reviewed by Simon Fraser.
777
778         The CSS Font Loading spec includes a FontFaceSet object which represents
779         a collection of FontFaces. This patch implements such an object, and
780         backs it with a vector of FontFaces. Similarly to the FontFace object,
781         FontFaceSet is separated into a FontFaceSet frontend object and a
782         CSSFontFaceSet backend object, which actually owns the FontFace objects.
783         All the interaction with Promises is performed in the frontend object.
784
785         This patch does not implement the EventTarget part of the FontFaceSet
786         API, so the only way to know when a font is finished loading is by using
787         the associated Promise objects.
788
789         The CSS Font Loading spec describes how the Document should vend an
790         instance of FontFaceSet which represents the font faces currently
791         associated with the Document. However, that functionality is
792         forthcoming. Currently, the only way to get a FontFaceSet is to create
793         one yourself (using the constructor). Therefore, this patch does not
794         implement the spec's notion of a "CSS-connected font face."
795
796         Test: fast/text/font-face-set-javascript.html
797
798         * CMakeLists.txt: Add new files.
799         * DerivedSources.make: Ditto.
800         * WebCore.vcxproj/WebCore.vcxproj: Ditto.
801         * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
802         * WebCore.xcodeproj/project.pbxproj: Ditto.
803         * bindings/js/JSFontFaceSetCustom.cpp: Added.
804         (WebCore::JSFontFaceSet::ready): Use the Promise member.
805         (WebCore::JSFontFaceSet::entries): Use existing iterator code.
806         (WebCore::JSFontFaceSet::keys):
807         (WebCore::JSFontFaceSet::values):
808         * css/CSSAllInOne.cpp: Add new files.
809         * css/CSSFontFace.cpp: We now have a collection of clients (instead of
810         just one). Also, we need to keep a pointer to our FontFace wrapper.
811         (WebCore::CSSFontFace::CSSFontFace):
812         (WebCore::CSSFontFace::addClient):
813         (WebCore::CSSFontFace::removeClient):
814         (WebCore::CSSFontFace::setStatus): Rename the delegate callback to be
815         more clear.
816         (WebCore::CSSFontFace::fontLoaded):
817         (WebCore::CSSFontFace::addedToSegmentedFontFace): Deleted.
818         (WebCore::CSSFontFace::removedFromSegmentedFontFace): Deleted.
819         * css/CSSFontFace.h: Same as above.
820         (WebCore::CSSFontFace::create):
821         (WebCore::CSSFontFace::Client::~Client):
822         (WebCore::CSSFontFace::Client::kick):
823         (WebCore::CSSFontFace::Client::stateChanged):
824         (WebCore::CSSFontFace::wrapper):
825         (WebCore::CSSFontFaceClient::~CSSFontFaceClient): Deleted.
826         * css/CSSFontFaceSet.cpp: Added. Initial imlementation.
827         (WebCore::CSSFontFaceSet::CSSFontFaceSet):
828         (WebCore::CSSFontFaceSet::~CSSFontFaceSet):
829         (WebCore::CSSFontFaceSet::incrementActiveCount):
830         (WebCore::CSSFontFaceSet::decrementActiveCount):
831         (WebCore::CSSFontFaceSet::has):
832         (WebCore::CSSFontFaceSet::add):
833         (WebCore::CSSFontFaceSet::remove):
834         (WebCore::extractFamilies):
835         (WebCore::familiesIntersect): Because this is an initial imlementation,
836         this function is not optimized. A subsequent patch (which implements
837         Document.fonts) will optimize this.
838         (WebCore::CSSFontFaceSet::matchingFaces):
839         (WebCore::CSSFontFaceSet::load):
840         (WebCore::CSSFontFaceSet::check):
841         (WebCore::CSSFontFaceSet::stateChanged):
842         * css/CSSFontFaceSet.h: Added.
843         (WebCore::CSSFontFaceSetClient::~CSSFontFaceSetClient):
844         (WebCore::CSSFontFaceSet::size):
845         (WebCore::CSSFontFaceSet::operator[]):
846         (WebCore::CSSFontFaceSet::status):
847         * css/CSSFontSelector.cpp:
848         (WebCore::CSSFontSelector::familyNameFromPrimitive):
849         (WebCore::CSSFontSelector::registerLocalFontFacesForFamily):
850         (WebCore::CSSFontSelector::addFontFaceRule):
851         (WebCore::familyNameFromPrimitive): Deleted.
852         (WebCore::CSSFontSelector::kick): Deleted.
853         * css/CSSFontSelector.h:
854         * css/CSSSegmentedFontFace.cpp:
855         (WebCore::CSSSegmentedFontFace::~CSSSegmentedFontFace):
856         (WebCore::CSSSegmentedFontFace::appendFontFace):
857         (WebCore::CSSSegmentedFontFace::kick):
858         (WebCore::CSSSegmentedFontFace::fontLoaded): Deleted.
859         * css/CSSSegmentedFontFace.h:
860         * css/FontFace.cpp:
861         (WebCore::FontFace::FontFace):
862         (WebCore::FontFace::~FontFace):
863         (WebCore::FontFace::stateChanged): Renamed to make its purpose clearer.
864         (WebCore::FontFace::kick): Deleted.
865         * css/FontFace.h:
866         * css/FontFaceSet.cpp: Added.
867         (WebCore::createPromise):
868         (WebCore::FontFaceSet::FontFaceSet):
869         (WebCore::FontFaceSet::~FontFaceSet):
870         (WebCore::FontFaceSet::Iterator::Iterator):
871         (WebCore::FontFaceSet::Iterator::next):
872         (WebCore::FontFaceSet::PendingPromise::PendingPromise):
873         (WebCore::FontFaceSet::PendingPromise::~PendingPromise):
874         (WebCore::FontFaceSet::has):
875         (WebCore::FontFaceSet::size):
876         (WebCore::FontFaceSet::add):
877         (WebCore::FontFaceSet::remove):
878         (WebCore::FontFaceSet::clear):
879         (WebCore::FontFaceSet::load): Most of the complexity of loading is
880         due to the promises involved. Rather than use the Javascript function
881         Promise.all(), this patch builds a data structure to represent the
882         promises which need to be resolved. When fonts finish loading, we look
883         at the data structure to determine which promises to resolve.
884         (WebCore::FontFaceSet::check):
885         (WebCore::FontFaceSet::status):
886         (WebCore::FontFaceSet::canSuspendForDocumentSuspension):
887         (WebCore::FontFaceSet::startedLoading):
888         (WebCore::FontFaceSet::completedLoading):
889         (WebCore::FontFaceSet::fulfillPromise): Keep the promise alive.
890         (WebCore::FontFaceSet::faceFinished):
891         * css/FontFaceSet.h: Added.
892         (WebCore::FontFaceSet::create):
893         (WebCore::FontFaceSet::load):
894         (WebCore::FontFaceSet::check):
895         (WebCore::FontFaceSet::createIterator):
896         (WebCore::FontFaceSet::PendingPromise::create):
897         * css/FontFaceSet.idl: Added.
898         * dom/EventNames.h:
899         * dom/EventTargetFactory.in:
900
901 2016-02-17  Mark Lam  <mark.lam@apple.com>
902
903         Callers of JSString::value() should check for exceptions thereafter.
904         https://bugs.webkit.org/show_bug.cgi?id=154346
905
906         Reviewed by Geoffrey Garen.
907
908         No new tests.  The crash that results from this issue is dependent on a race
909         condition where an OutOfMemory error occurs precisely at the point where the
910         JSString::value() function is called on a rope JSString.
911
912         * bindings/js/JSHTMLAllCollectionCustom.cpp:
913         (WebCore::callHTMLAllCollection):
914         * bindings/js/JSStorageCustom.cpp:
915         (WebCore::JSStorage::putDelegate):
916         - Added a comment at the site of the exception check to clarify the meaning of
917           the return value.
918
919 2016-02-17  David Kilzer  <ddkilzer@apple.com>
920
921         [Cocoa] Always check the return value of dlopen() and dlsym() in Release builds
922         <http://webkit.org/b/154364>
923
924         Reviewed by Alexey Proskuryakov.
925
926         * platform/mac/SoftLinking.h:
927         (SOFT_LINK_LIBRARY): Change ASSERT_WITH_MESSAGE() to
928         RELEASE_ASSERT_WITH_MESSAGE().
929         (SOFT_LINK_FRAMEWORK): Ditto.
930         (SOFT_LINK_PRIVATE_FRAMEWORK): Ditto.
931         (SOFT_LINK_STAGED_FRAMEWORK): Ditto.
932         (SOFT_LINK_FRAMEWORK_IN_UMBRELLA): Ditto.
933         (SOFT_LINK): Ditto.
934         (SOFT_LINK_POINTER): Ditto.
935         (SOFT_LINK_CONSTANT): Ditto.
936         (SOFT_LINK_FRAMEWORK_FOR_SOURCE): Add
937         RELEASE_ASSERT_WITH_MESSAGE() when soft-link is not
938         optional.
939
940 2016-02-17  Chris Dumez  <cdumez@apple.com>
941
942         Regression(r196648): http://w3c-test.org/html/dom/interfaces.html redirects at the end of the test
943         https://bugs.webkit.org/show_bug.cgi?id=154357
944
945         Reviewed by Alexey Proskuryakov.
946
947         Make location.assign() / location.replace()'s parameter mandatory,
948         as per the specification:
949         https://html.spec.whatwg.org/multipage/browsers.html#the-location-interface
950
951         Previously, calling location.assign() / location.replace() without
952         parameter would be identical to calling location.assign("undefined") /
953         location.replace("undefined"), which is not useful.
954
955         After r196648, http://w3c-test.org/html/dom/interfaces.html was able to
956         test location.assign() / location.replace() further because they are now
957         on the instance (where they should be) instead of the prototype. One of
958         these tests calls these functions without parameter, expecting them to
959         throw an exception. However, in WebKit, it would not throw and it would
960         redirect us to http://w3c-test.org/html/dom/undefined.
961
962         Firefox and Chrome both follow the specification already and throw in
963         this case.
964
965         No new tests, already covered by existing test.
966
967         * page/Location.idl:
968         Make location.assign() / location.replace()'s parameter mandatory,
969         as per the specification.
970
971 2016-02-17  Commit Queue  <commit-queue@webkit.org>
972
973         Unreviewed, rolling out r196738.
974         https://bugs.webkit.org/show_bug.cgi?id=154380
975
976         broke css3/calc/transforms-translate.html (Requested by
977         alexchristensen on #webkit).
978
979         Reverted changeset:
980
981         "WebKitCSSMatrix transformList with calculated relative length
982         crashes Safari."
983         https://bugs.webkit.org/show_bug.cgi?id=153333
984         http://trac.webkit.org/changeset/196738
985
986 2016-02-17  Dean Jackson  <dino@apple.com>
987
988         WebKitCSSMatrix transformList with calculated relative length crashes Safari.
989         https://bugs.webkit.org/show_bug.cgi?id=153333
990         <rdar://problem/17198383>
991
992         Reviewed by Simon Fraser.
993
994         WebKitCSSMatrix objects should fail to construct when not
995         using absolute lengths.
996
997         Updated existing tests:
998         - transforms/cssmatrix-2d-interface.xhtml
999         - transforms/cssmatrix-3d-interface.xhtml
1000
1001         * css/StyleBuilderConverter.h:
1002         (WebCore::StyleBuilderConverter::convertTransform): Tell transformsForValue
1003         that we don't require absolute lengths.
1004         * css/TransformFunctions.cpp:
1005         (WebCore::convertToFloatLength): Add an optional parameter that will
1006         cause the conversion to fail if the primitive value has a non-absolute
1007         length.
1008         (WebCore::transformsForValue): Pass the parameter for requiring an
1009         absolute length on to convertToFloatLength when necessary.
1010         * css/TransformFunctions.h:
1011         * css/WebKitCSSMatrix.cpp:
1012         (WebCore::WebKitCSSMatrix::setMatrixValue): In this case we do
1013         require all transform strings to have absolute lengths, not ones
1014         that depend on the font size or are calculated.
1015
1016 2016-02-17  Commit Queue  <commit-queue@webkit.org>
1017
1018         Unreviewed, rolling out r196712.
1019         https://bugs.webkit.org/show_bug.cgi?id=154371
1020
1021         This change caused 5 API test failures on ios-simulator
1022         (Requested by ryanhaddad on #webkit).
1023
1024         Reverted changeset:
1025
1026         "[iOS] Purge GraphicsServices font cache on memory warning."
1027         https://bugs.webkit.org/show_bug.cgi?id=154343
1028         http://trac.webkit.org/changeset/196712
1029
1030 2016-02-17  Brady Eidson  <beidson@apple.com>
1031
1032         Modern IDB: More Encoder/Decoder/Messaging scaffolding for WK2 IPC.
1033         https://bugs.webkit.org/show_bug.cgi?id=154356
1034
1035         Reviewed by Alex Christensen.
1036
1037         No change in behavior yet; Just laying the groundwork.
1038
1039         * Modules/indexeddb/shared/IDBDatabaseInfo.h:
1040         (WebCore::IDBDatabaseInfo::encode):
1041         (WebCore::IDBDatabaseInfo::decode):
1042
1043         * Modules/indexeddb/shared/IDBError.h:
1044         (WebCore::IDBError::encode):
1045         (WebCore::IDBError::decode):
1046
1047         * Modules/indexeddb/shared/IDBRequestData.h:
1048         (WebCore::IDBRequestData::decode):
1049
1050         * Modules/indexeddb/shared/IDBResultData.h:
1051         (WebCore::IDBResultData::encode):
1052         (WebCore::IDBResultData::decode):
1053
1054 2016-02-17  Saam barati  <sbarati@apple.com>
1055
1056         Implement Proxy [[Get]]
1057         https://bugs.webkit.org/show_bug.cgi?id=154081
1058
1059         Reviewed by Michael Saboff.
1060
1061         Tests are in JavaScriptCore.
1062
1063         * bindings/js/JSCryptoAlgorithmDictionary.cpp:
1064         (WebCore::getProperty):
1065         (WebCore::getHashAlgorithm):
1066         * bindings/js/JSCryptoKeySerializationJWK.cpp:
1067         (WebCore::getJSArrayFromJSON):
1068         (WebCore::getStringFromJSON):
1069         (WebCore::getBooleanFromJSON):
1070         * bindings/js/JSDOMWindowCustom.cpp:
1071         (WebCore::DialogHandler::returnValue):
1072         * bindings/js/JSDictionary.cpp:
1073         (WebCore::JSDictionary::tryGetProperty):
1074         * bindings/js/JSStorageCustom.cpp:
1075         (WebCore::JSStorage::deleteProperty):
1076         (WebCore::JSStorage::deletePropertyByIndex):
1077         (WebCore::JSStorage::putDelegate):
1078         * bindings/js/SerializedScriptValue.cpp:
1079         (WebCore::CloneSerializer::getProperty):
1080         * testing/Internals.cpp:
1081         (WebCore::Internals::isReadableStreamDisturbed):
1082
1083 2016-02-17  Simon Fraser  <simon.fraser@apple.com>
1084
1085         PDFPlugin's scrollableArea container is not properly unregistered when page is going into the PageCache
1086         https://bugs.webkit.org/show_bug.cgi?id=148182
1087
1088         Reviewed by Brent Fulgham.
1089
1090         When handling Command-arrow key while showing a scrollable PDF, the timing of PDFPlugin
1091         teardown and navigation could result in PDFPlugin::destroy() getting the wrong FrameView,
1092         so the old FrameView was left with a stale pointer in its scrollableAreaSet.
1093
1094         Fix this by adding an explicit willDetatchRenderer() which is called on the plugin
1095         before the Frame gets a new FrameView.
1096
1097         Also narrow the scope of the RefPtr<Widget> in HTMLPlugInElement::defaultEventHandler()
1098         so that the Widget is not kept alive over a possible navigation.
1099
1100         I was unable to make an automated test, because reproducing the bug requires handling
1101         a Command-arrow key event in a way that the last ref to a Widget is held over the event
1102         handling, and this wasn't possible in an iframe.
1103
1104         * html/HTMLPlugInElement.cpp:
1105         (WebCore::HTMLPlugInElement::defaultEventHandler):
1106         * html/HTMLPlugInImageElement.cpp:
1107         (WebCore::HTMLPlugInImageElement::willDetachRenderers):
1108         * plugins/PluginViewBase.h:
1109         (WebCore::PluginViewBase::willDetatchRenderer):
1110         * style/StyleTreeResolver.cpp:
1111         (WebCore::Style::detachRenderTree): Drive-by nullptr.
1112
1113 2016-02-17  Brady Eidson  <beidson@apple.com>
1114
1115         Modern IDB: Encoder/Decoder/Messaging scaffolding for WK2 IPC.
1116         https://bugs.webkit.org/show_bug.cgi?id=154351
1117
1118         Reviewed by Alex Christensen.
1119
1120         No change in behavior yet; Just laying the groundwork.
1121
1122         * Modules/indexeddb/IDBDatabaseIdentifier.h:
1123         (WebCore::IDBDatabaseIdentifier::encode):
1124         (WebCore::IDBDatabaseIdentifier::decode):
1125         
1126         * Modules/indexeddb/shared/IDBCursorInfo.h:
1127         (WebCore::IDBCursorInfo::encode):
1128         (WebCore::IDBCursorInfo::decode):
1129         
1130         * Modules/indexeddb/shared/IDBIndexInfo.h:
1131         (WebCore::IDBIndexInfo::encode):
1132         (WebCore::IDBIndexInfo::decode):
1133         
1134         * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
1135         (WebCore::IDBObjectStoreInfo::encode):
1136         (WebCore::IDBObjectStoreInfo::decode):
1137         
1138         * Modules/indexeddb/shared/IDBRequestData.h:
1139         (WebCore::IDBRequestData::encode):
1140         (WebCore::IDBRequestData::decode):
1141         
1142         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
1143         (WebCore::IDBResourceIdentifier::encode):
1144         (WebCore::IDBResourceIdentifier::decode):
1145         
1146         * Modules/indexeddb/shared/IDBTransactionInfo.h:
1147         (WebCore::IDBTransactionInfo::encode):
1148         (WebCore::IDBTransactionInfo::decode):
1149
1150 2016-02-17  Andreas Kling  <akling@apple.com>
1151
1152         [iOS] Purge GraphicsServices font cache on memory warning.
1153         <https://webkit.org/b/154343>
1154
1155         Reviewed by Antti Koivisto.
1156
1157         The GS font cache was holding on to the last retain on CSS fonts after they stop being used.
1158         Call SPI to purge it on memory pressure.
1159
1160         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1161         (WebCore::MemoryPressureHandler::platformReleaseMemory):
1162         * platform/spi/ios/GraphicsServicesSPI.h:
1163
1164 2016-02-17  Chris Dumez  <cdumez@apple.com>
1165
1166         Regression(r196648): window.showModalDialog is no longer undefined if the client does not allow showing modal dialog
1167         https://bugs.webkit.org/show_bug.cgi?id=154330
1168
1169         Reviewed by Gavin Barraclough.
1170
1171         window.showModalDialog is no longer undefined if the client does not
1172         allow showing modal dialog after r196648. This patch fixes the issue
1173         and add test coverage for this.
1174
1175         Test: fast/dom/Window/forbid-showModalDialog.html
1176
1177         * bindings/js/JSDOMWindowCustom.cpp:
1178         (WebCore::JSDOMWindow::getOwnPropertySlot):
1179         - Move the DOMWindow::canShowModalDialog() check *before* checking
1180           for static properties as showModalDialog is now in the static
1181           property table after r196648.
1182         - Add check for Base::getOwnPropertySlot() first to support overriding
1183           window.showModalDialog (This behavior matches Firefox).
1184         - Return false if DOMWindow::canShowModalDialog() returns false as this
1185           seems cleaner than claiming that the property is there but undefined.
1186
1187         * page/DOMWindow.cpp:
1188         (WebCore::DOMWindow::canShowModalDialogNow): Deleted.
1189         This was indentical to canShowModalDialog().
1190
1191         (WebCore::DOMWindow::canShowModalDialog):
1192         (WebCore::DOMWindow::setCanShowModalDialogOverride):
1193         (WebCore::DOMWindow::showModalDialog):
1194         * page/DOMWindow.h:
1195         * testing/Internals.cpp:
1196         (WebCore::Internals::setCanShowModalDialogOverride):
1197         * testing/Internals.h:
1198         * testing/Internals.idl:
1199         Add support for overriding the ChromeClient's canShowModalDialog
1200         decision and hook it up to Internals to add layout test coverage.
1201
1202 2016-02-17  Brady Eidson  <beidson@apple.com>
1203
1204         Modern IDB: More WK2 IPC Scaffolding.
1205         https://bugs.webkit.org/show_bug.cgi?id=154317
1206
1207         Reviewed by Alex Christensen.
1208
1209         No change in behavior yet; Just laying the groundwork.
1210
1211         * Modules/indexeddb/shared/IDBCursorInfo.cpp:
1212         (WebCore::IDBCursorInfo::IDBCursorInfo):
1213         * Modules/indexeddb/shared/IDBCursorInfo.h:
1214         (WebCore::IDBCursorInfo::decode):
1215         * Modules/indexeddb/shared/IDBError.h:
1216         (WebCore::IDBError::decode):
1217         * Modules/indexeddb/shared/IDBIndexInfo.h:
1218         (WebCore::IDBIndexInfo::decode):
1219         * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
1220         (WebCore::IDBObjectStoreInfo::decode):
1221         * Modules/indexeddb/shared/IDBRequestData.cpp:
1222         (WebCore::IDBRequestData::IDBRequestData):
1223         * Modules/indexeddb/shared/IDBRequestData.h:
1224         (WebCore::IDBRequestData::decode):
1225         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
1226         (WebCore::IDBResourceIdentifier::IDBResourceIdentifier):
1227         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
1228         (WebCore::IDBResourceIdentifier::decode):
1229         * Modules/indexeddb/shared/IDBResultData.cpp:
1230         (WebCore::IDBResultData::IDBResultData):
1231         * Modules/indexeddb/shared/IDBResultData.h:
1232         (WebCore::IDBResultData::decode):
1233         * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
1234         (WebCore::IDBTransactionInfo::IDBTransactionInfo):
1235         * Modules/indexeddb/shared/IDBTransactionInfo.h:
1236         (WebCore::IDBTransactionInfo::decode):
1237         * WebCore.xcodeproj/project.pbxproj:
1238
1239 2016-02-17  Eric Carlson  <eric.carlson@apple.com>
1240
1241         [Win] Allow ports to disable automatic text track selection
1242         https://bugs.webkit.org/show_bug.cgi?id=154322
1243         <rdar://problem/24623986>
1244
1245         Reviewed by Brent Fulgham.
1246
1247         * page/CaptionUserPreferencesMediaAF.cpp:
1248         (MTEnableCaption2015BehaviorPtr): Implement for Windows.
1249
1250 2016-02-17  Gavin Barraclough  <barraclough@apple.com>
1251
1252         JSDOMWindow::put should not do the same thing twice
1253         https://bugs.webkit.org/show_bug.cgi?id=154334
1254
1255         Reviewed by Chris Dumez.
1256
1257         It either calls JSGlobalObject::put or Base::put. Hint: these are basically the same thing.
1258         In the latter case it might call lookupPut. That's redundant; JSObject::put handles static
1259         table entries.
1260
1261         * bindings/js/JSDOMWindowCustom.cpp:
1262         (WebCore::JSDOMWindow::put):
1263             - just call Base::put.
1264         (WebCore::JSDOMWindow::putByIndex):
1265             - just call Base::putByIndex.
1266
1267 2016-02-17  Nan Wang  <n_wang@apple.com>
1268
1269         AX: Implement sentence related text marker functions using TextIterator
1270         https://bugs.webkit.org/show_bug.cgi?id=154312
1271
1272         Reviewed by Chris Fleizach.
1273
1274         Using CharacterOffset to implement sentence related text marker calls. Reused
1275         logic from VisibleUnits class. Also fixed an issue where paragraph navigation
1276         should skip preceding and following BR nodes.
1277
1278         Test: accessibility/mac/text-marker-sentence-nav.html
1279
1280         * accessibility/AXObjectCache.cpp:
1281         (WebCore::resetNodeAndOffsetForReplacedNode):
1282         (WebCore::setRangeStartOrEndWithCharacterOffset):
1283         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
1284         (WebCore::AXObjectCache::previousCharacterOffset):
1285         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
1286         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
1287         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
1288         (WebCore::AXObjectCache::leftWordRange):
1289         (WebCore::AXObjectCache::rightWordRange):
1290         (WebCore::AXObjectCache::characterBefore):
1291         (WebCore::characterOffsetNodeIsBR):
1292         (WebCore::parentEditingBoundary):
1293         (WebCore::AXObjectCache::nextBoundary):
1294         (WebCore::AXObjectCache::previousBoundary):
1295         (WebCore::AXObjectCache::paragraphForCharacterOffset):
1296         (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
1297         (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
1298         (WebCore::AXObjectCache::startCharacterOffsetOfSentence):
1299         (WebCore::AXObjectCache::endCharacterOffsetOfSentence):
1300         (WebCore::AXObjectCache::sentenceForCharacterOffset):
1301         (WebCore::AXObjectCache::nextSentenceEndCharacterOffset):
1302         (WebCore::AXObjectCache::previousSentenceStartCharacterOffset):
1303         (WebCore::AXObjectCache::rootAXEditableElement):
1304         (WebCore::startWordBoundary): Deleted.
1305         (WebCore::endWordBoundary): Deleted.
1306         (WebCore::AXObjectCache::nextWordBoundary): Deleted.
1307         (WebCore::AXObjectCache::previousWordBoundary): Deleted.
1308         * accessibility/AXObjectCache.h:
1309         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
1310         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
1311         * editing/VisibleUnits.cpp:
1312         (WebCore::startWordBoundary):
1313         (WebCore::startOfWord):
1314         (WebCore::endWordBoundary):
1315         (WebCore::startSentenceBoundary):
1316         (WebCore::startOfSentence):
1317         (WebCore::endSentenceBoundary):
1318         * editing/VisibleUnits.h:
1319
1320 2016-02-17  Manuel Rego Casasnovas  <rego@igalia.com>
1321
1322         [css-grid] GridSpan refactoring
1323         https://bugs.webkit.org/show_bug.cgi?id=153868
1324
1325         Reviewed by Sergio Villar Senin.
1326
1327         Add new enum to know if a GridSpan is definite or indefinite.
1328         That way we don't need GridUnresolvedSpan class (which is removed).
1329         We can always have two GridSpans in GridCoordinate,
1330         if the position is "auto" the GridSpan will be marked as indefinite.
1331         This will allow in a follow-up patch to avoid repeated calls
1332         to methods that resolve positions.
1333
1334         Most operations in GridSpan are restricted to definite GridSpans (access
1335         to positions, iterator, etc.). For indefinite GridSpans we only need to
1336         know that they're indefinite, we shouldn't use the rest of the data.
1337
1338         No new tests, no change of behavior.
1339
1340         * css/CSSGridTemplateAreasValue.cpp:
1341         (WebCore::stringForPosition):
1342         * css/CSSParser.cpp:
1343         (WebCore::CSSParser::parseGridTemplateAreasRow):
1344         * css/StyleBuilderConverter.h:
1345         (WebCore::StyleBuilderConverter::createImplicitNamedGridLinesFromGridArea):
1346         * rendering/RenderGrid.cpp:
1347         (WebCore::RenderGrid::GridIterator::nextEmptyGridArea):
1348         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
1349         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
1350         (WebCore::RenderGrid::insertItemIntoGrid):
1351         (WebCore::RenderGrid::placeItemsOnGrid):
1352         (WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
1353         (WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
1354         (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
1355         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
1356         (WebCore::RenderGrid::gridAreaBreadthForChildIncludingAlignmentOffsets):
1357         (WebCore::RenderGrid::columnAxisOffsetForChild):
1358         (WebCore::RenderGrid::rowAxisOffsetForChild):
1359         (WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid): Deleted.
1360         (WebCore::RenderGrid::autoPlacementMinorAxisDirection): Deleted.
1361         (WebCore::RenderGrid::populateGridPositions): Deleted.
1362         * rendering/style/GridCoordinate.h:
1363         (WebCore::GridSpan::definiteGridSpan):
1364         (WebCore::GridSpan::indefiniteGridSpan):
1365         (WebCore::GridSpan::operator==):
1366         (WebCore::GridSpan::integerSpan):
1367         (WebCore::GridSpan::resolvedInitialPosition):
1368         (WebCore::GridSpan::resolvedFinalPosition):
1369         (WebCore::GridSpan::begin):
1370         (WebCore::GridSpan::end):
1371         (WebCore::GridSpan::isDefinite):
1372         (WebCore::GridSpan::GridSpan):
1373         (WebCore::GridCoordinate::GridCoordinate):
1374         * rendering/style/GridResolvedPosition.cpp:
1375         (WebCore::initialPositionSide):
1376         (WebCore::finalPositionSide):
1377         (WebCore::adjustGridPositionsFromStyle):
1378         (WebCore::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):
1379         (WebCore::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition):
1380         (WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
1381         (WebCore::resolveGridPositionAgainstOppositePosition):
1382         (WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition):
1383         (WebCore::GridResolvedPosition::resolveGridPositionsFromStyle):
1384         (WebCore::implicitNamedGridLineForSide): Deleted.
1385         (WebCore::GridResolvedPosition::isNonExistentNamedLineOrArea): Deleted.
1386         (WebCore::resolveNamedGridLinePositionFromStyle): Deleted.
1387         (WebCore::resolveGridPositionFromStyle): Deleted.
1388         * rendering/style/GridResolvedPosition.h:
1389         (WebCore::GridResolvedPosition::GridResolvedPosition): Deleted.
1390         (WebCore::GridResolvedPosition::operator*): Deleted.
1391         (WebCore::GridResolvedPosition::operator++): Deleted.
1392         (WebCore::GridResolvedPosition::operator==): Deleted.
1393
1394 2016-02-17  Chris Dumez  <cdumez@apple.com>
1395
1396         Window should have its 'constructor' property on the prototype
1397         https://bugs.webkit.org/show_bug.cgi?id=154037
1398         <rdar://problem/24689078>
1399
1400         Reviewed by Gavin Barraclough.
1401
1402         Window should have its 'constructor' property on the prototype as per
1403         the Web IDL specification:
1404         http://heycam.github.io/webidl/#interface-prototype-object
1405
1406         Firefox and Chrome already match the specification.
1407
1408         No new tests, covered by:
1409         - fast/dom/Window/window-constructor-settable.html
1410         - fast/dom/Window/window-constructor.html
1411         - http/tests/security/cross-origin-window-property-access.html
1412         - imported/w3c/web-platform-tests/html/dom/interfaces.html
1413
1414         * bindings/scripts/CodeGeneratorJS.pm:
1415         (ConstructorShouldBeOnInstance): Deleted.
1416         Drop this routine as all constructors are now on the prototype.
1417
1418         (InstancePropertyCount):
1419         Do not account for constructor properties as these can only be
1420         on the prototype now.
1421
1422         (PrototypePropertyCount):
1423         Increment the property count by 1 if the interface has a constructor
1424         property (e.g. [NoInterfaceObject] interfaces do not have one).
1425
1426         (GeneratePropertiesHashTable):
1427         Stop calling ConstructorShouldBeOnInstance() as it no longer exists.
1428         Always generated the "constructor" property if:
1429         1. We are generating the prototype hash table.
1430         and
1431         2. The interface needs a constructor (i.e. not marked as
1432            [NoInterfaceObject]).
1433
1434         (GenerateImplementation):
1435         - Drop code handling the case where ConstructorShouldBeOnInstance()
1436           returns true as constructors are not always on the prototype and
1437           the ConstructorShouldBeOnInstance() routine has been dropped.
1438         - Drop code handling [CustomProxyToJSObject]. Now that the constructor
1439           is always on the prototype, we never need to cast thisValue to a
1440           JSDOMWindow (by calling toJSDOMWindow). In the Window case, thisValue
1441           is now casted to a JSDOMWindowPrototype*, similarly to other interfaces
1442           so we don't need a special casting function anymore.
1443         - Stop generating security checks. This only impacts Window as it is the
1444           only interface marked as [CheckSecurity]. The cross-origin checking code
1445           as it was would not work when "constructor" is on the prototype because
1446           thisValue is a JSDOMWindowPrototype, not a JSDOMWindow and we have no
1447           way of getting the wrapped window. Also, the security check is no longer
1448           needed because:
1449           1. Accessing crossOriginWindow.constructor will not work now that
1450              constructor is on the prototype because
1451              JSDOMWindow::getOwnPropertySlot() already prevents access to the
1452              prototype in the cross-origin case.
1453           2. "constructor" is a value property, not a getter/setter. Therefore,
1454              it is no possible to use the getter/setter from a same origin window
1455              instance and call it on a cross origin window.
1456
1457 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1458
1459         Add a way to test ScrollAnimator
1460         https://bugs.webkit.org/show_bug.cgi?id=153479
1461
1462         Reviewed by Michael Catanzaro.
1463
1464         Tests: fast/scrolling/overlay-scrollbars-scroll-corner.html
1465                fast/scrolling/scroll-animator-basic-events.html
1466                fast/scrolling/scroll-animator-overlay-scrollbars-hovered.html
1467                fast/scrolling/scroll-animator-select-list-events.html
1468
1469         * CMakeLists.txt:
1470         * WebCore.xcodeproj/project.pbxproj:
1471         * page/FrameView.cpp:
1472         (WebCore::FrameView::usesMockScrollAnimator):
1473         (WebCore::FrameView::logMockScrollAnimatorMessage):
1474         * page/FrameView.h:
1475         * page/Settings.cpp:
1476         (WebCore::Settings::setUsesMockScrollAnimator):
1477         (WebCore::Settings::usesMockScrollAnimator):
1478         * page/Settings.h:
1479         * platform/ScrollableArea.cpp:
1480         (WebCore::ScrollableArea::scrollAnimator):
1481         * platform/ScrollableArea.h:
1482         (WebCore::ScrollableArea::usesMockScrollAnimator):
1483         (WebCore::ScrollableArea::logMockScrollAnimatorMessage):
1484         * platform/mock/ScrollAnimatorMock.cpp: Added.
1485         (WebCore::ScrollAnimatorMock::create):
1486         (WebCore::ScrollAnimatorMock::ScrollAnimatorMock):
1487         (WebCore::ScrollAnimatorMock::~ScrollAnimatorMock):
1488         (WebCore::ScrollAnimatorMock::didAddVerticalScrollbar):
1489         (WebCore::ScrollAnimatorMock::didAddHorizontalScrollbar):
1490         (WebCore::ScrollAnimatorMock::willRemoveVerticalScrollbar):
1491         (WebCore::ScrollAnimatorMock::willRemoveHorizontalScrollbar):
1492         (WebCore::ScrollAnimatorMock::mouseEnteredContentArea):
1493         (WebCore::ScrollAnimatorMock::mouseMovedInContentArea):
1494         (WebCore::ScrollAnimatorMock::mouseExitedContentArea):
1495         (WebCore::ScrollAnimatorMock::mouseEnteredScrollbar):
1496         (WebCore::ScrollAnimatorMock::mouseExitedScrollbar):
1497         (WebCore::ScrollAnimatorMock::mouseIsDownInScrollbar):
1498         * platform/mock/ScrollAnimatorMock.h: Added.
1499         * platform/mock/ScrollbarThemeMock.cpp:
1500         (WebCore::ScrollbarThemeMock::usesOverlayScrollbars):
1501         * platform/mock/ScrollbarThemeMock.h:
1502         * rendering/RenderLayer.cpp:
1503         (WebCore::RenderLayer::usesMockScrollAnimator):
1504         (WebCore::RenderLayer::logMockScrollAnimatorMessage):
1505         * rendering/RenderLayer.h:
1506         * rendering/RenderListBox.cpp:
1507         (WebCore::RenderListBox::usesMockScrollAnimator):
1508         (WebCore::RenderListBox::logMockScrollAnimatorMessage):
1509         * rendering/RenderListBox.h:
1510         * testing/Internals.cpp:
1511         (WebCore::Internals::resetToConsistentState):
1512         (WebCore::Internals::setUsesMockScrollAnimator):
1513         * testing/Internals.h:
1514         * testing/Internals.idl:
1515
1516 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1517
1518         Unreviewed. Enable overlay scrollbars in GTK+ after r196641.
1519
1520         This was blocked by bug #153404, but the commit that introduced
1521         the regression was rolled out in r196641.
1522
1523         * platform/gtk/ScrollbarThemeGtk.cpp:
1524         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
1525
1526 2016-02-16  Gavin Barraclough  <barraclough@apple.com>
1527
1528         JSDOMWindow::getOwnPropertySlot should just call getStaticPropertySlot
1529         https://bugs.webkit.org/show_bug.cgi?id=154257
1530
1531         Reviewed by Chris Dumez.
1532
1533         * bindings/js/JSDOMWindowCustom.cpp:
1534         (WebCore::JSDOMWindow::getOwnPropertySlot):
1535             - JSDOMWindow::getOwnPropertySlot should just call getStaticPropertySlot
1536
1537 2016-02-16  Gavin Barraclough  <barraclough@apple.com>
1538
1539         JSDOMWindow::getOwnPropertySlot should not search photo chain
1540         https://bugs.webkit.org/show_bug.cgi?id=154102
1541
1542         Reviewed by Chris Dumez.
1543
1544         Should only return *own* properties.
1545
1546         * bindings/js/JSDOMWindowCustom.cpp:
1547         (WebCore::jsDOMWindowGetOwnPropertySlotNamedItemGetter):
1548
1549 2016-02-16  Alex Christensen  <achristensen@webkit.org>
1550
1551         CMake build fix.
1552
1553         * PlatformMac.cmake:
1554
1555 2016-02-16  Chris Dumez  <cdumez@apple.com>
1556
1557         Navigator.geolocation should not be marked a [Replaceable] and should be on the prototype
1558         https://bugs.webkit.org/show_bug.cgi?id=154304
1559         <rdar://problem/24685092>
1560
1561         Reviewed by Gavin Barraclough.
1562
1563         1. Drop the [Replaceable] IDL extended attribute for navigator.geolocation
1564            as this does not match other browsers or the specification:
1565            - https://dev.w3.org/geo/api/spec-source.html#geolocation_interface
1566         2. Move Navigator attributes to the prototype, where they should be as
1567            per the Web IDL specification.
1568
1569         The previous behavior was meant as a workaround for a bug in the Amazon
1570         iOS app (rdar://problem/16332749). However, I have confirmed that the
1571         latest Amazon App no longer has any issue with those changes.
1572
1573         Test: js/navigator-set-geolocation.html
1574
1575         * Modules/geolocation/NavigatorGeolocation.idl:
1576         * bindings/scripts/CodeGeneratorJS.pm:
1577         (InterfaceRequiresAttributesOnInstanceForCompatibility): Deleted.
1578
1579 2016-02-16  Said Abou-Hallawa  <sabouhallawa@apple.com>
1580
1581         REGRESSION(r196268): WTFCrashWithSecurityImplication on SVG path animation tests
1582         https://bugs.webkit.org/show_bug.cgi?id=154221
1583
1584         Reviewed by Brent Fulgham.
1585
1586         In r196268, a destructor was added to SVGListPropertyTearOff that notifies
1587         its wrapper (the SVGAnimatedListPropertyTearoff) about its deletion. This
1588         allows the wrapper to nullify any references to the wrapped content.
1589         
1590         We needed to do the same thing for SVGPathSegListPropertyTearOff. Both
1591         SVGPathSegListPropertyTearOff and SVGListPropertyTearOff inherit from
1592         SVGListProperty and both hold pointers to SVGAnimatedListPropertyTearOff
1593         which needs to be notified.
1594         
1595         Tests: exiting svg path animation tests should not crash.
1596
1597         * svg/properties/SVGPathSegListPropertyTearOff.h:
1598         (WebCore::SVGPathSegListPropertyTearOff::~SVGPathSegListPropertyTearOff):
1599
1600 2016-02-16  Said Abou-Hallawa  <sabouhallawa@apple.com>
1601
1602         REGRESSION (r190430): WTFCrashWithSecurityImplication in:void SVGRootInlineBox::layoutCharactersInTextBoxes()
1603         https://bugs.webkit.org/show_bug.cgi?id=154185
1604
1605         Reviewed by Ryosuke Niwa.
1606
1607         This is a regression caused by adding support for HTMLSlotElement. The
1608         crash happens when adding an HTMLSlotElement to anther element which should
1609         not have it as a child like SVGTextElement for example. In this case, we
1610         were creating a RenderText which should not be happen inside an SVG document.
1611         The RenderText::createTextBox() was creating InlineTextBox for the slot's
1612         text and attach it to the SVGRootInlineBox. In layoutCharactersInTextBoxes(),
1613         the assumption is the inline box is either SVGInlineTextBox or SVGInlineFlowBox.
1614         But since we have an InlineTextBox instead, the crash happens when casting
1615         the InlineTextBox to SVGInlineFlowBox.
1616
1617         The fix is for createRenderTreeForSlotAssignees() to not create a renderer
1618         when the parent element should not have a renderer for the this element.
1619         This is the same thing we do for createRenderer() which handles the non
1620         HTMLSlotElement case and which is called also from createRenderTreeRecursively().
1621         
1622         Test: fast/shadow-dom/text-slot-child-crash.svg
1623
1624         * style/StyleTreeResolver.cpp:
1625         (WebCore::Style::moveToFlowThreadIfNeeded):
1626         (WebCore::Style::TreeResolver::createRenderer): Delete the check for
1627         shouldCreateRenderer() and handling the case when resolvedStyle is null
1628         since these are handled by the caller createRenderTreeRecursively().
1629         
1630         (WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
1631         Assert shouldCreateRenderer() is true for this element.
1632         
1633         (WebCore::Style::TreeResolver::createRenderTreeRecursively): Don't create
1634         the renderer if shouldCreateRenderer() returns false. Also handle the case
1635         when resolvedStyle is null and pass the new style to createRenderer().
1636         
1637         * style/StyleTreeResolver.h:
1638
1639 2016-02-16  Simon Fraser  <simon.fraser@apple.com>
1640
1641         Every RenderLayer should not have to remove itself from the scrollableArea set
1642         https://bugs.webkit.org/show_bug.cgi?id=154311
1643
1644         Reviewed by Zalan Bujtas.
1645
1646         A subset of RenderLayers are are scrollable, and get registered on the FrameView,
1647         but we pay the cost of a hash lookup for removal on every RenderLayer, which is a waste.
1648         
1649         Store a bit that tells RenderLayer that it's in the set and needs to be removed.
1650
1651         * rendering/RenderLayer.cpp:
1652         (WebCore::RenderLayer::RenderLayer):
1653         (WebCore::RenderLayer::~RenderLayer):
1654         (WebCore::RenderLayer::calculateClipRects):
1655         * rendering/RenderLayer.h:
1656
1657 2016-02-16  Daniel Bates  <dabates@apple.com>
1658
1659         CSP: Update violation report 'Content-Type' header
1660         https://bugs.webkit.org/show_bug.cgi?id=153166
1661         <rdar://problem/24383327>
1662
1663         Reviewed by Brent Fulgham.
1664
1665         Inspired by Blink patch:
1666         <https://src.chromium.org/viewvc/blink?view=rev&revision=154215>
1667
1668         Post the Content Security Policy violation report with Content-Type application/csp-report as
1669         per section Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.
1670
1671         Currently we post CSP violation reports with Content-Type application/json.
1672
1673         * html/parser/XSSAuditorDelegate.cpp:
1674         (WebCore::XSSAuditorDelegate::didBlockScript): Use report type ViolationReportType::XSSAuditor to PingLoader.
1675         * loader/PingLoader.cpp:
1676         (WebCore::PingLoader::sendViolationReport): Modified to take argument of type ViolationReportType
1677         to determine the appropriate Content-Type header to use for the report. For a XSS Auditor violation report
1678         we use Content-Type application/json. For a Content Security Policy violation report we use Content-Type
1679         application/csp-report. Additionally, pass a ASCIILiteral() to ResourceRequestBase::setHTTPMethod()
1680         as opposed to a constant string literal to avoid a copy of a constant string literal.
1681         * loader/PingLoader.h: Add enum class ViolationReportType.
1682         * page/csp/ContentSecurityPolicy.cpp:
1683         (WebCore::ContentSecurityPolicy::reportViolation): Use report type ViolationReportType::ContentSecurityPolicy.
1684
1685 2016-02-16  Alex Christensen  <achristensen@webkit.org>
1686
1687         Add checks before redirecting with NetworkSession
1688         https://bugs.webkit.org/show_bug.cgi?id=154298
1689
1690         Reviewed by Andy Estes.
1691
1692         This fixes http/tests/security/cors-post-redirect-307.html and 
1693         http/tests/navigation/post-307-response.html when using NetworkSession.
1694
1695         * platform/network/ResourceRequestBase.h:
1696         WEBCORE_EXPORT some functions newly used in WebKit2.
1697
1698 2016-02-16  Daniel Bates  <dabates@apple.com>
1699
1700         CSP: Fix parsing of 'host/path' source expressions
1701         https://bugs.webkit.org/show_bug.cgi?id=153170
1702         <rdar://problem/24383407>
1703
1704         Reviewed by Brent Fulgham.
1705
1706         Merged from Blink (patch by Mike West):
1707         <https://src.chromium.org/viewvc/blink?revision=154875&view=revision>
1708
1709         Fixes an issue where a source of the form example.com/A/ was incorrectly considered
1710         invalid and hence such a requested resource would be blocked. A source of this form
1711         is valid by the definition of host-source in section Source List Syntax of the Content
1712         Security Policy 2.0 spec., <http://www.w3.org/TR/2015/CR-CSP2-20150721/>.
1713
1714         * page/csp/ContentSecurityPolicySourceList.cpp:
1715         (WebCore::ContentSecurityPolicySourceList::parseSource):
1716
1717 2016-02-16  Daniel Bates  <dabates@apple.com>
1718
1719         CSP: Disallow an empty host in a host-source source expression
1720         https://bugs.webkit.org/show_bug.cgi?id=153168
1721         <rdar://problem/24383366>
1722
1723         Reviewed by Brent Fulgham.
1724
1725         Merged from Blink (patch by rob@robwu.nl):
1726         <https://src.chromium.org/viewvc/blink?revision=180407&view=revision>
1727
1728         * page/csp/ContentSecurityPolicySourceList.cpp:
1729         (WebCore::ContentSecurityPolicySourceList::parseSource):
1730
1731 2016-02-16  Brady Eidson  <beidson@apple.com>
1732
1733         Modern IDB: WK2 IPC Scaffolding.
1734         https://bugs.webkit.org/show_bug.cgi?id=154296
1735
1736         Reviewed by Alex Christensen.
1737         
1738         No change in behavior yet; Just laying the groundwork.
1739
1740         * Modules/indexeddb/client/IDBConnectionToServer.h:
1741         * Modules/indexeddb/server/IDBConnectionToClient.h:
1742         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
1743
1744 2016-02-16  Chris Dumez  <cdumez@apple.com>
1745
1746         [Web IDL] Operations should be on the instance for global objects or if [Unforgeable]
1747         https://bugs.webkit.org/show_bug.cgi?id=154120
1748         <rdar://problem/24613231>
1749
1750         Reviewed by Gavin Barraclough.
1751
1752         Operations should be on the instance for global objects or if
1753         [Unforgeable] as per the Web IDL specification:
1754         - http://heycam.github.io/webidl/#es-operations
1755         - http://heycam.github.io/webidl/#dfn-unforgeable-on-an-interface
1756
1757         This patch implements this behavior in order to align
1758         with the specification and other browsers.
1759
1760         No new tests, already covered by existing tests.
1761
1762         * bindings/js/JSDOMWindowCustom.cpp:
1763         (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
1764         Update function names now that they have "Instance" in their
1765         name instead of "Prototype".
1766
1767         (WebCore::JSDOMWindow::getOwnPropertySlot):
1768         - Update function names now that they have "Instance" in their
1769           name instead of "Prototype".
1770         - Move the functions hard-coding *before* the static table check
1771           now that these functions are in the static table to maintain
1772           the previous behavior.
1773
1774         * bindings/js/JSLocationCustom.cpp:
1775         (WebCore::JSLocation::getOwnPropertySlotDelegate):
1776         Update function names now that they have "Instance" in their
1777         name instead of "Prototype".
1778
1779         * bindings/scripts/CodeGeneratorJS.pm:
1780         - Move functions to the instance if their interface is a global
1781           object or if they are marked as [Unforgeable]. Operations are
1782           now treated more like attributes, as they can now be either on
1783           the instance or the prototype. In a lot of places, I now use
1784           the naming "properties" instead of "attributes" as "properties"
1785           refer both "attributes" and "operations" / "functions".
1786
1787         * bindings/scripts/test/JS/JSTestInterface.cpp:
1788         * bindings/scripts/test/JS/JSTestObj.cpp:
1789         Rebaseline bindings tests.
1790
1791 2016-02-16  Simon Fraser  <simon.fraser@apple.com>
1792
1793         Rollout r188659. This broke scrolling of iframes and overflow when
1794         navigating back to a page in the page cache.
1795         
1796         The fix was overly agressive and had no layout test. I will fix the original
1797         issue a different way.
1798
1799         * history/CachedFrame.cpp:
1800         (WebCore::CachedFrame::CachedFrame):
1801         * page/FrameView.cpp:
1802         (WebCore::FrameView::clearScrollableAreas): Deleted.
1803         * page/FrameView.h:
1804
1805 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1806
1807         [GTK] No hover-horizontal scrolling available
1808         https://bugs.webkit.org/show_bug.cgi?id=122859
1809
1810         Reviewed by Michael Catanzaro.
1811
1812         This is a regression of WebKit2, because in WebKit1 we used native
1813         widgets for frame scrollbars that handled this automatically. Now
1814         we need to also check if the mouse is over frame scrollbars to
1815         adjust the wheel event.
1816
1817         Test: platform/gtk/scrollbars/main-frame-scrollbar-horizontal-wheel-scroll.html
1818
1819         * page/EventHandler.cpp:
1820         (WebCore::EventHandler::handleWheelEvent): Pass the adjusted wheel
1821         event to platformCompleteWheelEvent().
1822         * page/gtk/EventHandlerGtk.cpp:
1823         (WebCore::EventHandler::shouldTurnVerticalTicksIntoHorizontal):
1824         Check also frame scrollbars.
1825
1826 2016-02-16  Antti Koivisto  <antti@apple.com>
1827
1828         Factor id mutation style invalidation code into a class
1829         https://bugs.webkit.org/show_bug.cgi?id=154287
1830
1831         Reviewed by Andreas Kling.
1832
1833         Also add a cheap basic optimization that avoids descendant invalidation if they can not be affected.
1834
1835         It would be easy to implement fine grained invalidation like with classes and attribute selectors.
1836         However dynamic id changes are not common enough (nor recommended) to pay the memory cost of
1837         the required data structures.
1838
1839         Test: fast/css/style-invalidation-id-change-descendants.html
1840
1841         * CMakeLists.txt:
1842         * WebCore.vcxproj/WebCore.vcxproj:
1843         * WebCore.xcodeproj/project.pbxproj:
1844         * css/RuleFeature.cpp:
1845         (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
1846         (WebCore::RuleFeatureSet::add):
1847         (WebCore::RuleFeatureSet::clear):
1848         * css/RuleFeature.h:
1849         * dom/Element.cpp:
1850         (WebCore::makeIdForStyleResolution):
1851         (WebCore::Element::attributeChanged):
1852         (WebCore::checkNeedsStyleInvalidationForIdChange): Deleted.
1853         * style/IdChangeInvalidation.cpp: Added.
1854         (WebCore::Style::IdChangeInvalidation::invalidateStyle):
1855         * style/IdChangeInvalidation.h: Added.
1856         (WebCore::Style::IdChangeInvalidation::IdChangeInvalidation):
1857         (WebCore::Style::IdChangeInvalidation::~IdChangeInvalidation):
1858
1859 2016-02-16  Andreas Kling  <akling@apple.com>
1860
1861         Drop StyleResolver and SelectorQueryCache when entering PageCache.
1862         <https://webkit.org/b/154238>
1863
1864         Reviewed by Antti Koivisto.
1865
1866         Stop keeping these around for cached pages to save lots of memory.
1867         We can easily rebuild them if a cached navigation occurs, and this
1868         way we also don't need to worry about invalidating style for cached
1869         pages in all the right places.
1870
1871         Restoring a cached page will now lead to a forced style recalc.
1872         We don't try to defer this (beyond a zero-timer) since it's going
1873         to happen anyway, and it's nicer to front-load the cost rather than
1874         stuttering on the first user content interaction.
1875
1876         * dom/Document.cpp:
1877         (WebCore::Document::setInPageCache):
1878         * history/CachedPage.cpp:
1879         (WebCore::CachedPage::restore):
1880         (WebCore::CachedPage::clear): Deleted.
1881         * history/CachedPage.h:
1882         (WebCore::CachedPage::markForVisitedLinkStyleRecalc): Deleted.
1883         (WebCore::CachedPage::markForFullStyleRecalc): Deleted.
1884         * history/PageCache.cpp:
1885         (WebCore::PageCache::markPagesForVisitedLinkStyleRecalc): Deleted.
1886         (WebCore::PageCache::markPagesForFullStyleRecalc): Deleted.
1887         * history/PageCache.h:
1888         * page/Frame.cpp:
1889         (WebCore::Frame::setPageAndTextZoomFactors): Deleted.
1890         * page/Page.cpp:
1891         (WebCore::Page::setViewScaleFactor): Deleted.
1892         (WebCore::Page::setDeviceScaleFactor): Deleted.
1893         (WebCore::Page::setPagination): Deleted.
1894         (WebCore::Page::setPaginationLineGridEnabled): Deleted.
1895         (WebCore::Page::setVisitedLinkStore): Deleted.
1896
1897 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1898
1899         [GTK] clicking on the scrollbar trough steps rather than jumps to the clicked position
1900         https://bugs.webkit.org/show_bug.cgi?id=115363
1901
1902         Reviewed by Michael Catanzaro.
1903
1904         Allow ScrollbarTheme to decide the behavior of a button press event,
1905         instead of only deciding whether to center on thumb or not. This
1906         way we can match the current GTK+ behavior in WebKit, without
1907         affecting other ports.
1908
1909         * platform/ScrollTypes.h: Add ScrollbarButtonPressAction enum.
1910         * platform/Scrollbar.cpp:
1911         (WebCore::Scrollbar::mouseDown): Ask ScrollbarTheme to handle the
1912         event for the pressed part and do the requested action.
1913         * platform/ScrollbarTheme.cpp:
1914         (WebCore::ScrollbarTheme::handleMousePressEvent): Add default
1915         implementation. It's equivalent to the previous default implementation.
1916         * platform/ScrollbarTheme.h:
1917         * platform/gtk/ScrollbarThemeGtk.cpp:
1918         (WebCore::ScrollbarThemeGtk::handleMousePressEvent): Match current
1919         GTK+ behavior: left click centers on thumb and right click
1920         scrolls. Dragging the thumb works for left and middle buttons.
1921         * platform/gtk/ScrollbarThemeGtk.h:
1922         * platform/ios/ScrollbarThemeIOS.h: Remove shouldCenterOnThumb,
1923         and don't override handleMousePressEvent since iOS wants the
1924         default behavior.
1925         * platform/ios/ScrollbarThemeIOS.mm:
1926         * platform/mac/ScrollbarThemeMac.h: Override handleMousePressEvent
1927         and remove shouldCenterOnThumb.
1928         * platform/mac/ScrollbarThemeMac.mm:
1929         (WebCore::shouldCenterOnThumb): Same implementation just made it
1930         static to be used as helper.
1931         (WebCore::ScrollbarThemeMac::handleMousePressEvent): Return the
1932         desired action keeping the same behavior.
1933         * platform/win/ScrollbarThemeWin.cpp:
1934         (WebCore::ScrollbarThemeWin::handleMousePressEvent): Ditto.
1935         * platform/win/ScrollbarThemeWin.h:
1936         * rendering/RenderScrollbarTheme.h:
1937
1938 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1939
1940         Mouse cursor doesn't change when entering scrollbars
1941         https://bugs.webkit.org/show_bug.cgi?id=154243
1942
1943         Reviewed by Simon Fraser.
1944
1945         If the scrollbar is over or very close to text or a link, when
1946         entering the scrollbar the cursor is not changed, keeping the beam
1947         or hand cursor when using the scrollbar. Same happens for image
1948         documents where the magnifier cursor is used and it remains when
1949         entering the scrollbars. We should use pointer cursor always for
1950         scrollbars.
1951
1952         * page/EventHandler.cpp:
1953         (WebCore::EventHandler::updateCursor): Request also to include
1954         frame scrollbars in hit test result.
1955         (WebCore::EventHandler::selectCursor): Use always pointer cursor
1956         for scrollbars.
1957
1958 2016-02-15  Antti Koivisto  <antti@apple.com>
1959
1960         Optimize style invalidations for attribute selectors
1961         https://bugs.webkit.org/show_bug.cgi?id=154242
1962
1963         Reviewed by Andreas Kling.
1964
1965         Currently we invalidate the whole element subtree if there are any attribute selectors for the changed attribute.
1966         This is slow as generally few if any elements are really affected. Using attribute selectors for dynamic styling
1967         should be performant.
1968
1969         This patch implements optimization strategy for attributes similar to what we already have for classes:
1970
1971         - Collect a map of all rules that contains descendant-affecting attribute selectors for a given attribute.
1972         - When an attribute value changes check if there are any such rules for it.
1973         - Check if the value change affects the results of any of the attribute selectors.
1974         - Only if it does invalidate the exact descendant elements affected by the rules.
1975
1976         Test: fast/css/style-invalidation-attribute-change-descendants.html
1977
1978         * WebCore.xcodeproj/project.pbxproj:
1979         * css/DocumentRuleSets.cpp:
1980         (WebCore::DocumentRuleSets::ancestorClassRules):
1981         (WebCore::DocumentRuleSets::ancestorAttributeRulesForHTML):
1982
1983             Create optimization RuleSets when needed.
1984
1985         * css/DocumentRuleSets.h:
1986         (WebCore::DocumentRuleSets::uncommonAttribute):
1987         (WebCore::DocumentRuleSets::features):
1988         * css/RuleFeature.cpp:
1989         (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
1990         (WebCore::makeAttributeSelectorKey):
1991         (WebCore::RuleFeatureSet::collectFeatures):
1992
1993             Collect rules with descendant affecting attribute selectors.
1994
1995         (WebCore::RuleFeatureSet::add):
1996         (WebCore::RuleFeatureSet::clear):
1997         (WebCore::RuleFeatureSet::shrinkToFit):
1998         * css/RuleFeature.h:
1999         * css/SelectorChecker.cpp:
2000         (WebCore::anyAttributeMatches):
2001         (WebCore::SelectorChecker::attributeSelectorMatches):
2002
2003             Expose function for matching single attribute selectors.
2004
2005         (WebCore::canMatchHoverOrActiveInQuirksMode):
2006         * css/SelectorChecker.h:
2007         * dom/Attr.cpp:
2008         (WebCore::Attr::setValue):
2009         (WebCore::Attr::childrenChanged):
2010         * dom/Element.cpp:
2011         (WebCore::Element::setAttributeInternal):
2012         (WebCore::makeIdForStyleResolution):
2013         (WebCore::Element::attributeChanged):
2014         (WebCore::Element::removeAttributeInternal):
2015         (WebCore::Element::addAttributeInternal):
2016         (WebCore::Element::removeAttribute):
2017
2018             Add AttributeChangeInvalidation where needed.
2019
2020         (WebCore::Element::needsStyleInvalidation):
2021
2022             Move to Element from ClassChangeInvalidation.
2023
2024         (WebCore::Element::willModifyAttribute):
2025
2026             No more full style invalidation on attribute change.
2027
2028         * style/AttributeChangeInvalidation.cpp: Added.
2029         (WebCore::Style::AttributeChangeInvalidation::invalidateStyle):
2030
2031             Invalidate local style.
2032             Check if we need to invalidate descendants by looking into ancestorAttributeRules.
2033
2034         (WebCore::Style::AttributeChangeInvalidation::invalidateDescendants):
2035
2036             Use StyleInvalidationAnalysis to invalidate the subtree for the relevant rules.
2037
2038         * style/AttributeChangeInvalidation.h: Added.
2039         (WebCore::Style::AttributeChangeInvalidation::needsInvalidation):
2040         (WebCore::Style::AttributeChangeInvalidation::AttributeChangeInvalidation):
2041         (WebCore::Style::AttributeChangeInvalidation::~AttributeChangeInvalidation):
2042
2043             If needed, invalidate descendants before and after attribute change to catch rules that start and stop applying.
2044
2045 2016-02-16  Chris Dumez  <cdumez@apple.com>
2046
2047         Do security checks early in JSDOMWindow::put*()
2048         https://bugs.webkit.org/show_bug.cgi?id=154270
2049
2050         Reviewed by Gavin Barraclough.
2051
2052         Do security checks early in JSDOMWindow::put() / JSDOMWindow::putByIndex()
2053         and return as soon as possible. This makes it less error-prone as we need
2054         to do the security check only once, at the top of the function.
2055
2056         Also lock down the security further by calling lookupPut() only if the
2057         property name is "location". The "location" property is the only one that
2058         can be set cross-origin. Previously, trying to set a property such as
2059         "name" (which cannot be set cross-origin) relied on the attribute setter
2060         doing the security check when getting called. The new check is less error
2061         prone and will correctly prevent overriding window's method cross-origin
2062         once these move down from the prototype (Bug 154120).
2063
2064         Finally, the previous code was failing to set the "location" property
2065         cross-origin after the window has been reified. This patch fixes the
2066         issue by always calling the original "location" property setter from the
2067         static table in the cross-origin case.
2068
2069         Test: http/tests/security/cross-origin-reified-window-location-setting.html
2070
2071         * bindings/js/JSDOMWindowCustom.cpp:
2072         (WebCore::JSDOMWindow::put):
2073         (WebCore::JSDOMWindow::putByIndex):
2074
2075 2016-02-15  Brent Fulgham  <bfulgham@apple.com>
2076
2077         [Mac] Gather some rudimentary statistics during resource load 
2078         https://bugs.webkit.org/show_bug.cgi?id=153575
2079         <rdar://problem/24075254>
2080
2081         Reviewed by Brady Eidson.
2082
2083         Tested by: http/tests/navigation/statistics.html
2084
2085         * CMakeLists.txt:
2086         * PlatformWin.cmake:
2087         * WebCore.xcodeproj/project.pbxproj:
2088         * dom/Document.cpp:
2089         (WebCore::Document::updateLastHandledUserGestureTimestamp): Log user interaction
2090         with the ResourceLoadObserver.
2091         * loader/DocumentLoader.cpp:
2092         (WebCore::DocumentLoader::willSendRequest): Track load statistics if the
2093         user interacted with the document.
2094         * loader/ResourceLoadObserver.cpp: Added.
2095         * loader/ResourceLoadObserver.h: Added.
2096         * loader/ResourceLoadStatistics.cpp: Added.
2097         * loader/ResourceLoadStatistics.h: Added.
2098         * loader/SubresourceLoader.cpp:
2099         (WebCore::SubresourceLoader::willSendRequestInternal): Track load statistics.
2100         * page/Settings.cpp:
2101         (WebCore::Settings::setResourceLoadStatisticsEnabled): Added.
2102         * page/Settings.h:
2103         (WebCore::Settings::resourceLoadStatisticsEnabled): Added.
2104         * platform/Logging.h:
2105         * testing/Internals.cpp:
2106         (WebCore::Internals::resourceLoadStatisticsForOrigin):
2107         (WebCore::Internals::setResourceLoadStatisticsEnabled):
2108         * testing/Internals.h:
2109         * testing/Internals.idl:
2110
2111 2016-02-15  Chris Dumez  <cdumez@apple.com>
2112
2113         The following properties should exist on the global object: AudioTrackList, AudioTrack, VideoTrackList, VideoTrack
2114         https://bugs.webkit.org/show_bug.cgi?id=154250
2115         <rdar://problem/24660829>
2116
2117         Reviewed by Eric Carlson.
2118
2119         The following properties should exist on the global object:
2120         - AudioTrackList, AudioTrack, VideoTrackList, VideoTrack
2121
2122         These interfaces are not marked as [NoInterfaceObject] in:
2123         - https://html.spec.whatwg.org/#audiotracklist-and-videotracklist-objects
2124
2125         No new tests, already covered by existing tests.
2126
2127         * html/track/AudioTrack.idl:
2128         * html/track/AudioTrackList.idl:
2129         * html/track/VideoTrack.idl:
2130         * html/track/VideoTrackList.idl:
2131
2132 2016-02-15  Sam Weinig  <sam@webkit.org>
2133
2134         Stop using NSMapTable in places where we were only using it to be GC safe
2135         <rdar://problem/24063723>
2136         https://bugs.webkit.org/show_bug.cgi?id=154264
2137
2138         Reviewed by Dan Bernstein.
2139
2140         Switch from NSMapTable to HashMap.
2141
2142         * WebCore.xcodeproj/project.pbxproj:
2143         * bindings/objc/DOMInternal.h:
2144         * bindings/objc/DOMInternal.mm:
2145         * bindings/objc/WebScriptObject.mm:
2146         * bridge/objc/objc_instance.mm:
2147         * platform/spi/cocoa/NSPointerFunctionsSPI.h: Removed. No longer used.
2148
2149 2016-02-15  Myles C. Maxfield  <mmaxfield@apple.com>
2150
2151         [Font Loading] Implement FontFace JavaScript object
2152         https://bugs.webkit.org/show_bug.cgi?id=153345
2153
2154         Reviewed by Antti Koivisto.
2155
2156         Test: fast/text/font-face-javascript.html
2157
2158         This patch implements the FontFace Javascript object. This object mostly consists of
2159         style getters / setters, which we implement by parsing input strings and generating
2160         output strings similarly to getComputedStyle(). This object also has a load() function
2161         which returns a promise which will be fulfilled or rejected depending on the load.
2162         There is also a "loaded" attribute which exposes this promise directly. Also, a status
2163         field is exposed so script knows what the state of the load is.
2164
2165         Currently, loading depends on our CachedResourceLoader which is part of the Document,
2166         so this API is not available in a non-document context.
2167
2168         Another caveat is that immediate-mode font loading (where the content provides an
2169         ArrayBuffer containing the bytes of the font file) is forthcoming. This requires
2170         changing the relationship between CSSFontFaceSource and CachedFont.
2171
2172         CSSFontFace has been modified to keep a strong reference to the CSSFontSelector. This
2173         is because the lifetime of the CSSFontFace can now outlive the CSSFontSelector. When
2174         the CSSFontSelector is removed from the Document, it explicitly clears its constituent
2175         CSSFontFaces, thereby breaking the reference cycle.
2176
2177         Test: fast/text/font-face-javascript-expected.html
2178
2179         * CMakeLists.txt: Add new files.
2180         * DerivedSources.cpp: Ditto.
2181         * DerivedSources.make: Ditto.
2182         * WebCore.vcxproj/WebCore.vcxproj: Ditto.
2183         * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
2184         * WebCore.xcodeproj/project.pbxproj: Ditto.
2185         * bindings/js/JSDOMPromise.cpp:
2186         (WebCore::DeferredWrapper::globalObject): Remove whitespace.
2187         (WebCore::DeferredWrapper::deferred): Allow access to the inner JSC object.
2188         * bindings/js/JSDOMPromise.h:
2189         (WebCore::DOMPromise::deferred): Ditto.
2190         * bindings/js/JSFontFaceCustom.cpp: Copied from Source/WebCore/bindings/js/JSDOMPromise.cpp.
2191         (WebCore::JSFontFace::loaded):
2192         (WebCore::JSFontFace::load):
2193         * css/CSSFontFace.cpp:
2194         (WebCore::CSSFontFace::CSSFontFace): 
2195         (WebCore::CSSFontFace::adoptSource):
2196         (WebCore::CSSFontFace::updateStatus): Enforce the state machine's transitions.
2197         (WebCore::CSSFontFace::fontLoaded):
2198         (WebCore::CSSFontFace::pump):
2199         (WebCore::CSSFontFace::load):
2200         * css/CSSFontFace.h:
2201         (WebCore::CSSFontFaceClient::~CSSFontFaceClient):
2202         (WebCore::CSSFontFace::create):
2203         (WebCore::CSSFontFace::status):
2204         * css/CSSFontSelector.cpp:
2205         (WebCore::CSSFontSelector::appendSources): Update for new CSSFontFace API.
2206         (WebCore::CSSFontSelector::registerLocalFontFacesForFamily): Ditto.
2207         (WebCore::CSSFontSelector::addFontFaceRule): Ditto.
2208         (WebCore::CSSFontSelector::kick): Ditto.
2209         (WebCore::appendSources): Deleted.
2210         (WebCore::registerLocalFontFacesForFamily): Deleted.
2211         * css/CSSFontSelector.h:
2212         * css/CSSUnicodeRangeValue.cpp: Use for serializing the "unicodeRange" property.
2213         * css/FontFace.cpp:
2214         (WebCore::createPromise): Implement the remaining Javascript API functions.
2215         (WebCore::valueFromDictionary):
2216         (WebCore::FontFace::create):
2217         (WebCore::FontFace::FontFace):
2218         (WebCore::FontFace::parseString):
2219         (WebCore::FontFace::status):
2220         (WebCore::FontFace::kick):
2221         (WebCore::FontFace::load):
2222         (WebCore::FontFace::fulfillPromise):
2223         (WebCore::FontFace::rejectPromise):
2224         (WebCore::parseString): Deleted.
2225         * css/FontFace.h:
2226         (WebCore::FontFace::promise):
2227         (WebCore::FontFace::backing):
2228         (WebCore::FontFace::create): Deleted.
2229         * css/FontFace.idl: Copied from Source/WebCore/bindings/js/JSDOMPromise.cpp.
2230
2231 2016-02-15  Jer Noble  <jer.noble@apple.com>
2232
2233         Null-deref crash in DefaultAudioDestinationNode::suspend()
2234         https://bugs.webkit.org/show_bug.cgi?id=154248
2235
2236         Reviewed by Alex Christensen.
2237
2238         Drive-by fix: AudioContext should be a reference, not a pointer.
2239
2240         * Modules/webaudio/AnalyserNode.cpp:
2241         (WebCore::AnalyserNode::AnalyserNode):
2242         * Modules/webaudio/AnalyserNode.h:
2243         (WebCore::AnalyserNode::create):
2244         * Modules/webaudio/AudioBasicInspectorNode.cpp:
2245         (WebCore::AudioBasicInspectorNode::AudioBasicInspectorNode):
2246         (WebCore::AudioBasicInspectorNode::connect):
2247         (WebCore::AudioBasicInspectorNode::disconnect):
2248         (WebCore::AudioBasicInspectorNode::checkNumberOfChannelsForInput):
2249         (WebCore::AudioBasicInspectorNode::updatePullStatus):
2250         * Modules/webaudio/AudioBasicInspectorNode.h:
2251         * Modules/webaudio/AudioBasicProcessorNode.cpp:
2252         (WebCore::AudioBasicProcessorNode::AudioBasicProcessorNode):
2253         (WebCore::AudioBasicProcessorNode::checkNumberOfChannelsForInput):
2254         * Modules/webaudio/AudioBasicProcessorNode.h:
2255         * Modules/webaudio/AudioBufferSourceNode.cpp:
2256         (WebCore::AudioBufferSourceNode::create):
2257         (WebCore::AudioBufferSourceNode::AudioBufferSourceNode):
2258         (WebCore::AudioBufferSourceNode::renderFromBuffer):
2259         (WebCore::AudioBufferSourceNode::setBuffer):
2260         (WebCore::AudioBufferSourceNode::startPlaying):
2261         (WebCore::AudioBufferSourceNode::looping):
2262         (WebCore::AudioBufferSourceNode::setLooping):
2263         * Modules/webaudio/AudioBufferSourceNode.h:
2264         * Modules/webaudio/AudioContext.cpp:
2265         (WebCore::AudioContext::AudioContext):
2266         (WebCore::AudioContext::createBufferSource):
2267         (WebCore::AudioContext::createMediaElementSource):
2268         (WebCore::AudioContext::createMediaStreamDestination):
2269         (WebCore::AudioContext::createScriptProcessor):
2270         (WebCore::AudioContext::createBiquadFilter):
2271         (WebCore::AudioContext::createWaveShaper):
2272         (WebCore::AudioContext::createPanner):
2273         (WebCore::AudioContext::createConvolver):
2274         (WebCore::AudioContext::createDynamicsCompressor):
2275         (WebCore::AudioContext::createAnalyser):
2276         (WebCore::AudioContext::createGain):
2277         (WebCore::AudioContext::createDelay):
2278         (WebCore::AudioContext::createChannelSplitter):
2279         (WebCore::AudioContext::createChannelMerger):
2280         (WebCore::AudioContext::createOscillator):
2281         * Modules/webaudio/AudioContext.h:
2282         (WebCore::operator==):
2283         (WebCore::operator!=):
2284         * Modules/webaudio/AudioDestinationNode.cpp:
2285         (WebCore::AudioDestinationNode::AudioDestinationNode):
2286         (WebCore::AudioDestinationNode::render):
2287         (WebCore::AudioDestinationNode::updateIsEffectivelyPlayingAudio):
2288         * Modules/webaudio/AudioDestinationNode.h:
2289         * Modules/webaudio/AudioNode.cpp:
2290         (WebCore::AudioNode::AudioNode):
2291         (WebCore::AudioNode::connect):
2292         (WebCore::AudioNode::disconnect):
2293         (WebCore::AudioNode::setChannelCount):
2294         (WebCore::AudioNode::setChannelCountMode):
2295         (WebCore::AudioNode::setChannelInterpretation):
2296         (WebCore::AudioNode::scriptExecutionContext):
2297         (WebCore::AudioNode::processIfNecessary):
2298         (WebCore::AudioNode::checkNumberOfChannelsForInput):
2299         (WebCore::AudioNode::propagatesSilence):
2300         (WebCore::AudioNode::pullInputs):
2301         (WebCore::AudioNode::enableOutputsIfNecessary):
2302         (WebCore::AudioNode::deref):
2303         (WebCore::AudioNode::finishDeref):
2304         * Modules/webaudio/AudioNode.h:
2305         (WebCore::AudioNode::context):
2306         * Modules/webaudio/AudioNodeInput.cpp:
2307         (WebCore::AudioNodeInput::connect):
2308         (WebCore::AudioNodeInput::disconnect):
2309         (WebCore::AudioNodeInput::disable):
2310         (WebCore::AudioNodeInput::enable):
2311         (WebCore::AudioNodeInput::updateInternalBus):
2312         (WebCore::AudioNodeInput::bus):
2313         (WebCore::AudioNodeInput::internalSummingBus):
2314         (WebCore::AudioNodeInput::sumAllConnections):
2315         (WebCore::AudioNodeInput::pull):
2316         * Modules/webaudio/AudioNodeOutput.cpp:
2317         (WebCore::AudioNodeOutput::setNumberOfChannels):
2318         (WebCore::AudioNodeOutput::updateNumberOfChannels):
2319         (WebCore::AudioNodeOutput::propagateChannelCount):
2320         (WebCore::AudioNodeOutput::pull):
2321         (WebCore::AudioNodeOutput::bus):
2322         (WebCore::AudioNodeOutput::fanOutCount):
2323         (WebCore::AudioNodeOutput::paramFanOutCount):
2324         (WebCore::AudioNodeOutput::addInput):
2325         (WebCore::AudioNodeOutput::removeInput):
2326         (WebCore::AudioNodeOutput::disconnectAllInputs):
2327         (WebCore::AudioNodeOutput::addParam):
2328         (WebCore::AudioNodeOutput::removeParam):
2329         (WebCore::AudioNodeOutput::disconnectAllParams):
2330         (WebCore::AudioNodeOutput::disable):
2331         (WebCore::AudioNodeOutput::enable):
2332         * Modules/webaudio/AudioNodeOutput.h:
2333         (WebCore::AudioNodeOutput::context):
2334         * Modules/webaudio/AudioParam.cpp:
2335         (WebCore::AudioParam::value):
2336         (WebCore::AudioParam::smooth):
2337         (WebCore::AudioParam::calculateSampleAccurateValues):
2338         (WebCore::AudioParam::calculateFinalValues):
2339         (WebCore::AudioParam::calculateTimelineValues):
2340         (WebCore::AudioParam::connect):
2341         (WebCore::AudioParam::disconnect):
2342         * Modules/webaudio/AudioParam.h:
2343         (WebCore::AudioParam::create):
2344         (WebCore::AudioParam::AudioParam):
2345         * Modules/webaudio/AudioParamTimeline.cpp:
2346         (WebCore::AudioParamTimeline::valueForContextTime):
2347         * Modules/webaudio/AudioParamTimeline.h:
2348         * Modules/webaudio/AudioScheduledSourceNode.cpp:
2349         (WebCore::AudioScheduledSourceNode::AudioScheduledSourceNode):
2350         (WebCore::AudioScheduledSourceNode::updateSchedulingInfo):
2351         (WebCore::AudioScheduledSourceNode::start):
2352         (WebCore::AudioScheduledSourceNode::finish):
2353         * Modules/webaudio/AudioScheduledSourceNode.h:
2354         * Modules/webaudio/AudioSummingJunction.cpp:
2355         (WebCore::AudioSummingJunction::AudioSummingJunction):
2356         (WebCore::AudioSummingJunction::~AudioSummingJunction):
2357         (WebCore::AudioSummingJunction::changedOutputs):
2358         (WebCore::AudioSummingJunction::updateRenderingState):
2359         * Modules/webaudio/AudioSummingJunction.h:
2360         (WebCore::AudioSummingJunction::context):
2361         * Modules/webaudio/BiquadFilterNode.cpp:
2362         (WebCore::BiquadFilterNode::BiquadFilterNode):
2363         * Modules/webaudio/BiquadFilterNode.h:
2364         (WebCore::BiquadFilterNode::create):
2365         * Modules/webaudio/BiquadProcessor.cpp:
2366         (WebCore::BiquadProcessor::BiquadProcessor):
2367         * Modules/webaudio/BiquadProcessor.h:
2368         * Modules/webaudio/ChannelMergerNode.cpp:
2369         (WebCore::ChannelMergerNode::create):
2370         (WebCore::ChannelMergerNode::ChannelMergerNode):
2371         (WebCore::ChannelMergerNode::checkNumberOfChannelsForInput):
2372         * Modules/webaudio/ChannelMergerNode.h:
2373         * Modules/webaudio/ChannelSplitterNode.cpp:
2374         (WebCore::ChannelSplitterNode::create):
2375         (WebCore::ChannelSplitterNode::ChannelSplitterNode):
2376         * Modules/webaudio/ChannelSplitterNode.h:
2377         * Modules/webaudio/ConvolverNode.cpp:
2378         (WebCore::ConvolverNode::ConvolverNode):
2379         (WebCore::ConvolverNode::setBuffer):
2380         * Modules/webaudio/ConvolverNode.h:
2381         (WebCore::ConvolverNode::create):
2382         * Modules/webaudio/DefaultAudioDestinationNode.cpp:
2383         (WebCore::DefaultAudioDestinationNode::DefaultAudioDestinationNode):
2384         (WebCore::DefaultAudioDestinationNode::resume):
2385         (WebCore::DefaultAudioDestinationNode::suspend):
2386         (WebCore::DefaultAudioDestinationNode::close):
2387         * Modules/webaudio/DefaultAudioDestinationNode.h:
2388         (WebCore::DefaultAudioDestinationNode::create):
2389         * Modules/webaudio/DelayNode.cpp:
2390         (WebCore::DelayNode::DelayNode):
2391         * Modules/webaudio/DelayNode.h:
2392         (WebCore::DelayNode::create):
2393         * Modules/webaudio/DelayProcessor.cpp:
2394         (WebCore::DelayProcessor::DelayProcessor):
2395         * Modules/webaudio/DelayProcessor.h:
2396         * Modules/webaudio/DynamicsCompressorNode.cpp:
2397         (WebCore::DynamicsCompressorNode::DynamicsCompressorNode):
2398         * Modules/webaudio/DynamicsCompressorNode.h:
2399         (WebCore::DynamicsCompressorNode::create):
2400         * Modules/webaudio/GainNode.cpp:
2401         (WebCore::GainNode::GainNode):
2402         (WebCore::GainNode::checkNumberOfChannelsForInput):
2403         * Modules/webaudio/GainNode.h:
2404         (WebCore::GainNode::create):
2405         * Modules/webaudio/MediaElementAudioSourceNode.cpp:
2406         (WebCore::MediaElementAudioSourceNode::create):
2407         (WebCore::MediaElementAudioSourceNode::MediaElementAudioSourceNode):
2408         (WebCore::MediaElementAudioSourceNode::setFormat):
2409         * Modules/webaudio/MediaElementAudioSourceNode.h:
2410         * Modules/webaudio/MediaStreamAudioDestinationNode.cpp:
2411         (WebCore::MediaStreamAudioDestinationNode::create):
2412         (WebCore::MediaStreamAudioDestinationNode::MediaStreamAudioDestinationNode):
2413         * Modules/webaudio/MediaStreamAudioDestinationNode.h:
2414         * Modules/webaudio/MediaStreamAudioSourceNode.cpp:
2415         (WebCore::MediaStreamAudioSourceNode::MediaStreamAudioSourceNode):
2416         (WebCore::MediaStreamAudioSourceNode::setFormat):
2417         * Modules/webaudio/OfflineAudioDestinationNode.cpp:
2418         (WebCore::OfflineAudioDestinationNode::OfflineAudioDestinationNode):
2419         (WebCore::OfflineAudioDestinationNode::offlineRender):
2420         (WebCore::OfflineAudioDestinationNode::notifyComplete):
2421         * Modules/webaudio/OfflineAudioDestinationNode.h:
2422         (WebCore::OfflineAudioDestinationNode::create):
2423         * Modules/webaudio/OscillatorNode.cpp:
2424         (WebCore::OscillatorNode::create):
2425         (WebCore::OscillatorNode::OscillatorNode):
2426         * Modules/webaudio/OscillatorNode.h:
2427         * Modules/webaudio/PannerNode.cpp:
2428         (WebCore::PannerNode::PannerNode):
2429         (WebCore::PannerNode::pullInputs):
2430         (WebCore::PannerNode::process):
2431         (WebCore::PannerNode::listener):
2432         (WebCore::PannerNode::setPanningModel):
2433         * Modules/webaudio/PannerNode.h:
2434         (WebCore::PannerNode::create):
2435         * Modules/webaudio/ScriptProcessorNode.cpp:
2436         (WebCore::ScriptProcessorNode::create):
2437         (WebCore::ScriptProcessorNode::ScriptProcessorNode):
2438         (WebCore::ScriptProcessorNode::initialize):
2439         (WebCore::ScriptProcessorNode::fireProcessEvent):
2440         * Modules/webaudio/ScriptProcessorNode.h:
2441         * Modules/webaudio/WaveShaperNode.cpp:
2442         (WebCore::WaveShaperNode::WaveShaperNode):
2443         (WebCore::WaveShaperNode::setOversample):
2444         * Modules/webaudio/WaveShaperNode.h:
2445         (WebCore::WaveShaperNode::create):
2446
2447 2016-02-15  Jer Noble  <jer.noble@apple.com>
2448
2449         Null-deref crash in DefaultAudioDestinationNode::suspend()
2450         https://bugs.webkit.org/show_bug.cgi?id=154248
2451
2452         Reviewed by Alex Christensen.
2453
2454         Null-check scriptExecutionContext() before deref.
2455
2456         * Modules/webaudio/DefaultAudioDestinationNode.cpp:
2457         (WebCore::DefaultAudioDestinationNode::resume):
2458         (WebCore::DefaultAudioDestinationNode::suspend):
2459         (WebCore::DefaultAudioDestinationNode::close):
2460
2461 2016-02-15  Chris Dumez  <cdumez@apple.com>
2462
2463         XMLHttpRequest / XMLHttpRequestUpload should inherit XMLHttpRequestEventTarget
2464         https://bugs.webkit.org/show_bug.cgi?id=154230
2465
2466         Reviewed by Alex Christensen.
2467
2468         MLHttpRequest / XMLHttpRequestUpload should inherit XMLHttpRequestEventTarget
2469         as per:
2470         https://xhr.spec.whatwg.org/#xmlhttprequesteventtarget
2471
2472         Firefox and Chrome already match the specification.
2473
2474         No new tests, already covered by existing tests.
2475
2476         * CMakeLists.txt:
2477         * DerivedSources.make:
2478         * WebCore.vcxproj/WebCore.vcxproj:
2479         * WebCore.vcxproj/WebCore.vcxproj.filters:
2480         * WebCore.xcodeproj/project.pbxproj:
2481         * xml/XMLHttpRequest.h:
2482         * xml/XMLHttpRequest.idl:
2483         * xml/XMLHttpRequestEventTarget.h: Added.
2484         * xml/XMLHttpRequestEventTarget.idl: Copied from Source/WebCore/xml/XMLHttpRequestUpload.idl.
2485         * xml/XMLHttpRequestUpload.h:
2486         * xml/XMLHttpRequestUpload.idl:
2487
2488 2016-02-15  Jiewen Tan  <jiewen_tan@apple.com>
2489
2490         Refine SimulatedMouseEvent to support Event.isTrusted
2491         https://bugs.webkit.org/show_bug.cgi?id=154133
2492         <rdar://problem/24616246>
2493
2494         Reviewed by Darin Adler.
2495
2496         This patch extracts everything related to create/dispatch SimulatedMouseEvent from MouseEvent.h/cpp
2497         and EventDispatcher.h/cpp, and produces SimulateClick.h/cpp which will handle simulated click solely.
2498         After that, we hide the SimulatedMouseEvent and only expose simulateClick to be called. The reason is
2499         that we both want to tell whether the call sites are from user agent/bindings and keep the
2500         SimulatedMouseEvent intact.
2501
2502         Also, this patch separate Element::dispatchSimulatedClick into two: one for the user agent, and another
2503         for the bindings. Therefore, HTMLElement.click will be treated as untrusted.
2504
2505         Some of the changes in this patch referred Blink r200401:
2506         https://codereview.chromium.org/1285793004
2507
2508         Modified test:
2509         LayoutTests/imported/blink/fast/events/event-trusted.html
2510
2511         * CMakeLists.txt:
2512         * WebCore.xcodeproj/project.pbxproj:
2513         * dom/Element.cpp:
2514         (WebCore::Element::dispatchSimulatedClick):
2515         (WebCore::Element::dispatchSimulatedClickForBindings):
2516         * dom/Element.h:
2517         * dom/EventDispatcher.cpp:
2518         (WebCore::EventDispatcher::dispatchSimulatedClick): Deleted.
2519         * dom/EventDispatcher.h:
2520         * dom/MouseEvent.cpp:
2521         (WebCore::SimulatedMouseEvent::create): Deleted.
2522         (WebCore::SimulatedMouseEvent::~SimulatedMouseEvent): Deleted.
2523         (WebCore::SimulatedMouseEvent::SimulatedMouseEvent): Deleted.
2524         * dom/MouseEvent.h:
2525         * dom/SimulatedClick.cpp: Added.
2526         (WebCore::simulateMouseEvent):
2527         (WebCore::simulateClick):
2528         * dom/SimulatedClick.h: Added.
2529         * html/HTMLElement.cpp:
2530         (WebCore::HTMLElement::click):
2531
2532 2016-02-15  Joseph Pecoraro  <pecoraro@apple.com>
2533
2534         Web Inspector: Web Workers have no access to console for debugging
2535         https://bugs.webkit.org/show_bug.cgi?id=26237
2536
2537         Reviewed by Timothy Hatcher.
2538
2539         This adds the most basic console message support to Workers.
2540         Messages logged from workers get surfaced through the Page's console.
2541         This lacks support for logging and interacting with arguments,
2542         which would be addressed when adding more complete Worker
2543         debugging tools.
2544
2545         Test: inspector/console/messageAdded-from-worker.html
2546
2547         * CMakeLists.txt:
2548         * WebCore.xcodeproj/project.pbxproj:
2549         Add new files.
2550
2551         * bindings/js/WorkerScriptController.cpp:
2552         (WebCore::WorkerScriptController::~WorkerScriptController):
2553         (WebCore::WorkerScriptController::initScript):
2554         Set the ConsoleClient for the Worker's global object. We route
2555         the messages to the Page's console.
2556
2557         * bindings/js/WorkerScriptController.h:
2558         * workers/WorkerConsoleClient.h: Added.
2559         * workers/WorkerConsoleClient.cpp: Added.
2560         (WebCore::WorkerConsoleClient::WorkerConsoleClient):
2561         (WebCore::WorkerConsoleClient::~WorkerConsoleClient):
2562         (WebCore::WorkerConsoleClient::profile):
2563         (WebCore::WorkerConsoleClient::profileEnd):
2564         (WebCore::WorkerConsoleClient::count):
2565         (WebCore::WorkerConsoleClient::time):
2566         (WebCore::WorkerConsoleClient::timeEnd):
2567         (WebCore::WorkerConsoleClient::timeStamp):
2568         Stub most console methods in a Worker.
2569
2570         (WebCore::WorkerConsoleClient::messageWithTypeAndLevel):
2571         Send worker log messages to the global scope and on to the main page.
2572
2573         * workers/WorkerGlobalScope.h:
2574         * workers/WorkerGlobalScope.cpp:
2575         (WebCore::WorkerGlobalScope::addConsoleMessage):
2576         (WebCore::WorkerGlobalScope::addMessageToWorkerConsole):
2577         Ideally we want to converge on simple addConsoleMessage
2578         APIs that just take a ConsoleMessage, without a barrage
2579         of parameters. Add these versions now.
2580
2581 2016-02-15  Alex Christensen  <achristensen@webkit.org>
2582
2583         CMake build fix.
2584
2585         * PlatformMac.cmake:
2586
2587 2016-02-15  Chris Dumez  <cdumez@apple.com>
2588
2589         Regression(r196563): It is no longer possible to call window.addEventListener without an explicit 'this'
2590         https://bugs.webkit.org/show_bug.cgi?id=154245
2591
2592         Reviewed by Ryosuke Niwa.
2593
2594         This patch adds support for calling the EventListener API without an
2595         explicit 'this' value. If no explicit 'this' value is passed, then we
2596         fall back to using the global object. This matches Chrome and Firefox's
2597         behavior. It also fixes the Dromaeo/cssquery-dojo.html test.
2598
2599         Test: fast/dom/Window/addEventListener-implicit-this.html
2600
2601         * bindings/scripts/CodeGeneratorJS.pm:
2602         (GenerateFunctionCastedThis):
2603
2604 2016-02-14  Gavin Barraclough  <barraclough@apple.com>
2605
2606         Organize, deduplicate & comment JSDOMWindowCustom getOwnPropertySlot
2607         https://bugs.webkit.org/show_bug.cgi?id=154224
2608
2609         Reviewed by Chris Dumez.
2610
2611         * bindings/js/JSDOMWindowCustom.cpp:
2612         (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
2613         (WebCore::jsDOMWindowGetOwnPropertySlotNamedItemGetter):
2614         (WebCore::JSDOMWindow::getOwnPropertySlot):
2615         (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
2616             - organized property access sequence into a more logical order, removed
2617               duplicated code & added comments.
2618         (WebCore::namedItemGetter): Deleted.
2619             - there was no need for a custom callback here; merged functionality into
2620               jsDOMWindowGetOwnPropertySlotNamedItemGetter.
2621         (WebCore::jsDOMWindowGetOwnPropertySlotCrossOrigin): Deleted.
2622             - renamed to jsDOMWindowGetOwnPropertySlotRestrictedAccess
2623               (this now also handles frameless access).
2624
2625 2016-02-15  Daniel Bates  <dabates@apple.com>
2626
2627         CSP: 'sandbox' should be ignored in report-only mode
2628         https://bugs.webkit.org/show_bug.cgi?id=153167
2629         <rdar://problem/22708669>
2630
2631         Reviewed by Brent Fulgham.
2632
2633         Merged from Blink (patch by Mike West):
2634         <https://src.chromium.org/viewvc/blink?revision=165322&view=revision>
2635
2636         * page/csp/ContentSecurityPolicy.cpp:
2637         (WebCore::ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode): Added. Logs a
2638         console message to the console to explain that the specified directive is invalid in
2639         report-only mode.
2640         * page/csp/ContentSecurityPolicy.h:
2641         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
2642         (WebCore::ContentSecurityPolicyDirectiveList::applySandboxPolicy): Do not apply sandbox
2643         policy when in report-only mode and call ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode()
2644         to log a message to the console.
2645
2646 2016-02-15  Daniel Bates  <dabates@apple.com>
2647
2648         CSP: Allow schemeless source expressions to match an HTTP or HTTPS resource
2649         https://bugs.webkit.org/show_bug.cgi?id=154177
2650         <rdar://problem/22708772>
2651
2652         Reviewed by Brent Fulgham.
2653
2654         Allow a schemeless source expression to match an HTTP or HTTPS subresource when the page is
2655         delivered over HTTP as per section Matching Source Expressions of the Content Security Policy
2656         2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/> (21 July 2015).
2657
2658         Currently we have logic that implements this functionality, but it is guarded behind the compile-
2659         time macro ENABLE(CSP_NEXT) that is disabled by default. Instead we should always compile such
2660         code. In subsequent commits we will move more code out from under the ENABLE(CSP_NEXT)-guard
2661         towards removing the ENABLE_CSP_NEXT macro entirely.
2662
2663         * page/csp/ContentSecurityPolicy.cpp:
2664         (WebCore::ContentSecurityPolicy::protocolMatchesSelf):
2665
2666 2016-02-15  Konstantin Tokarev  <annulen@yandex.ru>
2667
2668         [cmake] Consolidated Linux-specific file lists.
2669         https://bugs.webkit.org/show_bug.cgi?id=154219
2670
2671         Reviewed by Gyuyoung Kim.
2672
2673         No new tests needed.
2674
2675         * PlatformEfl.cmake: Moved Linux files and include dir to Linux.cmake.
2676         * PlatformGTK.cmake: Ditto.
2677         * platform/Linux.cmake: Added.
2678
2679 2016-02-15  Csaba Osztrogonác  <ossy@webkit.org>
2680
2681         Fix the !(ENABLE(SVG_FONTS) || ENABLE(SVG_OTF_CONVERTER)) build after r196322
2682         https://bugs.webkit.org/show_bug.cgi?id=154104
2683
2684         Reviewed by Myles C. Maxfield.
2685
2686         * css/CSSFontFaceSource.cpp:
2687         (WebCore::CSSFontFaceSource::CSSFontFaceSource):
2688
2689 2016-02-14  Antti Koivisto  <antti@apple.com>
2690
2691         Add test for class change style invalidation optimization
2692         https://bugs.webkit.org/show_bug.cgi?id=154226
2693
2694         Reviewed by Myles Maxfield.
2695
2696         Test for https://trac.webkit.org/r196383
2697
2698         Add internals.styleChangeType function.
2699
2700         Test: fast/css/style-invalidation-class-change-descendants.html
2701
2702         * testing/Internals.cpp:
2703         (WebCore::Internals::nodeNeedsStyleRecalc):
2704         (WebCore::asString):
2705         (WebCore::Internals::styleChangeType):
2706         (WebCore::Internals::description):
2707         * testing/Internals.h:
2708         * testing/Internals.idl:
2709
2710 2016-02-14  Simon Fraser  <simon.fraser@apple.com>
2711
2712         [CSS Filters] When applying an SVG filter on a composited image using CSS the image is rendered without the filter
2713         https://bugs.webkit.org/show_bug.cgi?id=154108
2714
2715         Reviewed by Sam Weinig.
2716         
2717         When checking whether we can directly composite an image, we need to check for software-rendered
2718         filters.
2719
2720         Test: compositing/filters/simple-image-with-svg-filter.html
2721
2722         * rendering/RenderLayerBacking.cpp:
2723         (WebCore::RenderLayerBacking::isDirectlyCompositedImage):
2724
2725 2016-02-14  Chris Dumez  <cdumez@apple.com>
2726
2727         Drop the [EventTarget] WebKit-specific IDL extended attribute
2728         https://bugs.webkit.org/show_bug.cgi?id=154171
2729
2730         Reviewed by Sam Weinig.
2731
2732         Drop the [EventTarget] WebKit-specific IDL extended attribute now that
2733         all interfaces inherit EventTarget when they should.
2734
2735         No new tests, no Web-Exposed behavior change.
2736
2737         * Modules/battery/BatteryManager.idl:
2738         * Modules/encryptedmedia/MediaKeySession.idl:
2739         * Modules/indexeddb/IDBDatabase.idl:
2740         * Modules/indexeddb/IDBOpenDBRequest.idl:
2741         * Modules/indexeddb/IDBRequest.idl:
2742         * Modules/indexeddb/IDBTransaction.idl:
2743         * Modules/mediasession/MediaRemoteControls.idl:
2744         * Modules/mediasource/MediaSource.idl:
2745         * Modules/mediasource/SourceBuffer.idl:
2746         * Modules/mediasource/SourceBufferList.idl:
2747         * Modules/mediastream/MediaStream.idl:
2748         * Modules/mediastream/MediaStreamTrack.idl:
2749         * Modules/mediastream/RTCDTMFSender.idl:
2750         * Modules/mediastream/RTCDataChannel.idl:
2751         * Modules/mediastream/RTCPeerConnection.idl:
2752         * Modules/notifications/Notification.idl:
2753         * Modules/speech/SpeechSynthesisUtterance.idl:
2754         * Modules/webaudio/AudioContext.idl:
2755         * Modules/webaudio/AudioNode.idl:
2756         * Modules/webaudio/OfflineAudioContext.idl:
2757         * Modules/websockets/WebSocket.idl:
2758         * bindings/scripts/CodeGeneratorGObject.pm:
2759         (ImplementsInterface):
2760         (SkipFunction): Deleted.
2761         (GenerateCFile): Deleted.
2762         * bindings/scripts/CodeGeneratorJS.pm:
2763         (InstanceNeedsVisitChildren):
2764         (GenerateImplementation):
2765         * bindings/scripts/IDLAttributes.txt:
2766         * bindings/scripts/test/TestEventTarget.idl:
2767         * bindings/scripts/test/TestNode.idl:
2768         * css/FontLoader.idl:
2769         * dom/EventTarget.idl:
2770         * dom/MessagePort.idl:
2771         * dom/Node.idl:
2772         * dom/WebKitNamedFlow.idl:
2773         * fileapi/FileReader.idl:
2774         * html/MediaController.idl:
2775         * html/track/AudioTrackList.idl:
2776         * html/track/TextTrack.idl:
2777         * html/track/TextTrackCue.idl:
2778         * html/track/TextTrackList.idl:
2779         * html/track/VideoTrackList.idl:
2780         * loader/appcache/DOMApplicationCache.idl:
2781         * page/DOMWindow.idl:
2782         * page/EventSource.idl:
2783         * page/Performance.idl:
2784         * workers/WorkerGlobalScope.idl:
2785         * xml/XMLHttpRequest.idl:
2786         * xml/XMLHttpRequestUpload.idl:
2787
2788 2016-02-14  Chris Dumez  <cdumez@apple.com>
2789
2790         Unreviewed attempt to fix the Mac CMake build after r196136
2791
2792         * PlatformMac.cmake:
2793
2794 2016-02-14  Chris Dumez  <cdumez@apple.com>
2795
2796         Unreviewed attempt to fix the Windows build.
2797
2798         * Modules/webdatabase/Database.cpp:
2799         * bridge/c/c_utility.cpp:
2800         * platform/MemoryPressureHandler.cpp:
2801
2802 2016-02-14  Chris Dumez  <cdumez@apple.com>
2803
2804         Window and WorkerGlobalScope should inherit EventTarget
2805         https://bugs.webkit.org/show_bug.cgi?id=154170
2806         <rdar://problem/24642377>
2807
2808         Reviewed by Darin Adler.
2809
2810         Window and WorkerGlobalScope should inherit EventTarget instead of
2811         duplicating the EventTarget API in their IDL. These were the last
2812         interfaces that needed fixing. The next step will be to get rid
2813         of the [EventTarget] IDL extended attribute and rely entirely
2814         on the EventTarget inheritance.
2815
2816         Test:
2817         - fast/frames/detached-frame-eventListener.html
2818         - Covered by existing tests.
2819
2820         * WebCore.xcodeproj/project.pbxproj:
2821         Add JSEventTargetCustom.h header to the project.
2822
2823         * bindings/js/JSDOMWindowCustom.cpp:
2824         Drop custom bindings for Window's addEventListener() and
2825         removeEventListener(). The only reason these needed custom
2826         code was to add a check for frameless windows. The frameless
2827         Window checks was moved to the respective methods in the
2828         JSEventTarget generated bindings.
2829
2830         * bindings/js/JSDOMWindowShell.cpp:
2831         (WebCore::JSDOMWindowShell::setWindow):
2832         Set WindowPrototype's prototype to EventTarget's prototype.
2833
2834         * bindings/js/JSDOMWindowShell.h:
2835         * bindings/js/JSDictionary.cpp:
2836         Include "DOMWindow.h" to fix the build.
2837
2838         * bindings/js/JSEventTargetCustom.cpp:
2839         (WebCore::JSEventTarget::toWrapped):
2840         Handle DOMWindow and WorkerGlobalScope explicitely in toWrapped()
2841         and get rid of the DOM_EVENT_TARGET_INTERFACES_FOR_EACH(TRY_TO_UNWRAP_WITH_INTERFACE)
2842         now that all interfaces inherit EventTarget when they should.
2843         The reason DOMWindow and WorkerGlobalScope still need special
2844         handling is because their wrappers (JSDOMWindow /
2845         JSWorkerGlobalScope) do not subclass JSEventTarget.
2846
2847         (WebCore::JSEventTargetOrGlobalScope::create):
2848         * bindings/js/JSEventTargetCustom.h: Added.
2849         (WebCore::JSEventTargetOrGlobalScope::wrapped):
2850         (WebCore::JSEventTargetOrGlobalScope::operator JSC::JSObject&):
2851         (WebCore::JSEventTargetOrGlobalScope::JSEventTargetOrGlobalScope):
2852         Add a wrapper type for JSEventTarget / JSDOMWindow and
2853         JSWorkerGlobalScope for use in the generated bindings. This is
2854         needed because JSDOMWindow and JSWorkerGlobalScope do not
2855         subclass JSEventTarget. Subclassing JSEventTarget would be
2856         complicated for them because they already subclass
2857         JSDOMWindowBase / JSWorkerGlobalScopeBase, which subclasses
2858         JSDOMGlobalObject.
2859
2860         * bindings/js/WorkerScriptController.cpp:
2861         (WebCore::WorkerScriptController::initScript):
2862         Set WorkerGlobalScopePrototype's prototype to EventTarget's prototype.
2863
2864         * bindings/scripts/CodeGeneratorJS.pm:
2865         (ShouldGenerateToJSDeclaration):
2866         Do not generate to toJS() implementation for interfaces that use
2867         the [CustomProxyToJSObject] IDL extended attribute, even if they
2868         inherit EventTarget.
2869
2870         (GetCastingHelperForThisObject):
2871         To initialize castedThis from thisValue JSValue, we now use the
2872         JSEventTargetOrGlobalScope wrapper for the EventTarget
2873         implementation. This is to work around the fact that JSDOMWindow
2874         and JSWorkerGlobalScope do not subclass JSEventTarget.
2875
2876         (GenerateFunctionCastedThis):
2877         - Drop code handling [WorkerGlobalScope] IDL extended attribute
2878           as there is no such attribute.
2879         - Use auto instead of auto* type for castedThis because
2880           JSEventTargetOrGlobalScope::create() returns a unique_ptr.
2881         - Do not check that castedThis inherits JSEventTarget in the
2882           EventTarget bindings code as this no longer holds true.
2883
2884         (GenerateImplementation):
2885         Generate frameless window() and security checks for EventTarget
2886         methods when thisValue is a JSDOMWindow.
2887
2888         * dom/EventTarget.idl:
2889         Add [JSCustomHeader] IDL Extended attribute as we need a header
2890         to expose JSEventTargetOrGlobalScope class.
2891
2892         * page/DOMWindow.idl:
2893         * workers/WorkerGlobalScope.idl:
2894         Inherit EventTarget and stop duplicating the EventTarget API.
2895         This matches the HTML specification.
2896
2897 2016-02-14  Darin Adler  <darin@apple.com>
2898
2899         Small tweaks to some SimpleLineLayout code
2900         https://bugs.webkit.org/show_bug.cgi?id=154229
2901
2902         Reviewed by Zalan Bujtas.
2903
2904         * rendering/SimpleLineLayoutFunctions.cpp:
2905         (WebCore::SimpleLineLayout::paintFlow): Use std::ceil instead of ceilf.
2906         Use auto instead of const auto& for a for loop where the local object is
2907         copied and not a reference.
2908         (WebCore::SimpleLineLayout::hitTestFlow): Use modern for loop.
2909         (WebCore::SimpleLineLayout::collectFlowOverflow): Use std::ceil instead of
2910         ceilf. Use a modern for loop, and use slightly more descriptive local
2911         variable names.
2912         (WebCore::SimpleLineLayout::computeBoundingBox): Use auto instead of
2913         const auto& as above.
2914         (WebCore::SimpleLineLayout::computeFirstRunLocation): Use auto and use
2915         the name "range" for the range rather than the name "it", since the range
2916         is not an iterator.
2917         (WebCore::SimpleLineLayout::collectAbsoluteRects): Use auto instead of
2918         const auto& as above.
2919         (WebCore::SimpleLineLayout::collectAbsoluteQuads): Ditto.
2920         (WebCore::SimpleLineLayout::showLineLayoutForFlow): Use modern for loop.
2921
2922         * rendering/SimpleLineLayoutResolver.cpp:
2923         (WebCore::SimpleLineLayout::RunResolver::Run::text): Convert from a String
2924         to a StringView using the StringView constructor instead of writing out
2925         explicit 8-bit and 16-bit cases.
2926
2927 2016-02-13  Antti Koivisto  <antti@apple.com>
2928
2929         Factor class change style invalidation code into a class
2930         https://bugs.webkit.org/show_bug.cgi?id=154163
2931
2932         Reviewed by Andreas Kling.
2933
2934         Factor this piece of functionality out of Element and into ClassChangeInvalidation class.
2935
2936         * CMakeLists.txt:
2937         * WebCore.vcxproj/WebCore.vcxproj:
2938         * WebCore.xcodeproj/project.pbxproj:
2939         * dom/Element.cpp:
2940         (WebCore::classStringHasClassName):
2941         (WebCore::Element::classAttributeChanged):
2942         (WebCore::collectClasses): Deleted.
2943         (WebCore::computeClassChange): Deleted.
2944         (WebCore::invalidateStyleForClassChange): Deleted.
2945         * style/ClassChangeInvalidation.cpp: Added.
2946         (WebCore::Style::ClassChangeInvalidation::computeClassChange):
2947         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
2948         * style/ClassChangeInvalidation.h: Added.
2949         (WebCore::Style::ClassChangeInvalidation::needsInvalidation):
2950         (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
2951         (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):
2952
2953 2016-02-13  Myles C. Maxfield  <mmaxfield@apple.com>
2954
2955         [Win] [SVG -> OTF Converter] SVG fonts drawn into ImageBuffers are invisible
2956         https://bugs.webkit.org/show_bug.cgi?id=154222
2957
2958         Reviewed by Antti Koivisto.
2959
2960         Windows ImageBuffer code is sensitive to broken bounding box and
2961         descent code.
2962
2963         Covered by existing tests.
2964
2965         * svg/SVGToOTFFontConversion.cpp:
2966         (WebCore::SVGToOTFFontConverter::appendHHEATable):
2967         (WebCore::SVGToOTFFontConverter::appendOS2Table):
2968         (WebCore::SVGToOTFFontConverter::processGlyphElement):
2969         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
2970
2971 2016-02-13  Antti Koivisto  <antti@apple.com>
2972
2973         Add version number for default stylesheet
2974         https://bugs.webkit.org/show_bug.cgi?id=154220
2975
2976         Reviewed by Ryosuke Niwa.
2977
2978         We currently fail to update RuleFeatureSets for shadow trees when the default stylesheet grows
2979         (for example when media controls stylesheet is initialized).
2980
2981         No test since this is not causing known bugs. It is blocking optimizations in shadow trees that
2982         rely on rule features being up-to-date.
2983
2984         * css/CSSDefaultStyleSheets.cpp:
2985         (WebCore::CSSDefaultStyleSheets::loadSimpleDefaultStyle):
2986         (WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement):
2987
2988             Increment version number when the default stylesheet changes.
2989
2990         * css/CSSDefaultStyleSheets.h:
2991         * css/DocumentRuleSets.cpp:
2992         (WebCore::DocumentRuleSets::appendAuthorStyleSheets):
2993         (WebCore::DocumentRuleSets::collectFeatures):
2994
2995             Store the current default stylesheet version number.
2996
2997         * css/DocumentRuleSets.h:
2998         (WebCore::DocumentRuleSets::features):
2999
3000             Collect features again if the default stylesheet has changed.
3001
3002         * css/StyleResolver.cpp:
3003         (WebCore::StyleResolver::styleForElement):
3004
3005 2016-02-13  Konstantin Tokarev  <annulen@yandex.ru>
3006
3007         [cmake] Consolidate building of GStreamer and OpenWebRTC code.
3008         https://bugs.webkit.org/show_bug.cgi?id=154116
3009
3010         Reviewed by Michael Catanzaro.
3011
3012         No new tests needed.
3013
3014         * PlatformEfl.cmake: Migrated shared code to GStreamer.cmake.
3015         * PlatformGTK.cmake: Ditto.
3016         * platform/GStreamer.cmake: Added.
3017
3018 2016-02-13  Mark Lam  <mark.lam@apple.com>
3019
3020         Add thread violation checks to WebView public APIs.
3021         https://bugs.webkit.org/show_bug.cgi?id=154183
3022
3023         Reviewed by Timothy Hatcher.
3024
3025         No new tests.  Just adding a new thread violation round.
3026
3027         * platform/ThreadCheck.h:
3028         * platform/mac/ThreadCheck.mm:
3029         - Adding WebCoreThreadViolationCheckRoundThree().
3030
3031 2016-02-12  Nan Wang  <n_wang@apple.com>
3032
3033         AX: Implement paragraph related text marker functions using TextIterator
3034         https://bugs.webkit.org/show_bug.cgi?id=154098
3035         <rdar://problem/24269675>
3036
3037         Reviewed by Chris Fleizach.
3038
3039         Using CharacterOffset to implement paragraph related text marker calls. Reused
3040         logic from VisibleUnits class. And refactored textMarkerForCharacterOffset method
3041         to get better performance. Also fixed an issue where we can't navigate through a text
3042         node with line breaks in it using next/previousCharacterOffset call.
3043
3044         Test: accessibility/mac/text-marker-paragraph-nav.html
3045
3046         * accessibility/AXObjectCache.cpp:
3047         (WebCore::AXObjectCache::traverseToOffsetInRange):
3048         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
3049         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
3050         (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
3051         (WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
3052         (WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
3053         (WebCore::AXObjectCache::nextNode):
3054         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
3055         (WebCore::AXObjectCache::nextCharacterOffset):
3056         (WebCore::AXObjectCache::previousCharacterOffset):
3057         (WebCore::startWordBoundary):
3058         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
3059         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
3060         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
3061         (WebCore::AXObjectCache::previousWordBoundary):
3062         (WebCore::AXObjectCache::startCharacterOffsetOfParagraph):
3063         (WebCore::AXObjectCache::endCharacterOffsetOfParagraph):
3064         (WebCore::AXObjectCache::paragraphForCharacterOffset):
3065         (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
3066         (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
3067         (WebCore::AXObjectCache::rootAXEditableElement):
3068         * accessibility/AXObjectCache.h:
3069         (WebCore::CharacterOffset::remaining):
3070         (WebCore::CharacterOffset::isNull):
3071         (WebCore::CharacterOffset::isEqual):
3072         (WebCore::AXObjectCache::isNodeInUse):
3073         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
3074         (+[WebAccessibilityTextMarker textMarkerWithCharacterOffset:cache:]):
3075         (-[WebAccessibilityObjectWrapper nextMarkerForCharacterOffset:]):
3076         (-[WebAccessibilityObjectWrapper previousMarkerForCharacterOffset:]):
3077         (-[WebAccessibilityObjectWrapper rangeForTextMarkers:]):
3078         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
3079         (startOrEndTextmarkerForRange):
3080         (nextTextMarkerForCharacterOffset):
3081         (previousTextMarkerForCharacterOffset):
3082         (-[WebAccessibilityObjectWrapper nextTextMarkerForCharacterOffset:]):
3083         (-[WebAccessibilityObjectWrapper previousTextMarkerForCharacterOffset:]):
3084         (-[WebAccessibilityObjectWrapper textMarkerForCharacterOffset:]):
3085         (textMarkerForCharacterOffset):
3086         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
3087         (-[WebAccessibilityObjectWrapper nextTextMarkerForNode:offset:]): Deleted.
3088         (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]): Deleted.
3089         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]): Deleted.
3090         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]): Deleted.
3091         * editing/VisibleUnits.cpp:
3092         (WebCore::nextSentencePosition):
3093         (WebCore::findStartOfParagraph):
3094         (WebCore::findEndOfParagraph):
3095         (WebCore::startOfParagraph):
3096         (WebCore::endOfParagraph):
3097         * editing/VisibleUnits.h:
3098
3099 2016-02-12  Ryan Haddad  <ryanhaddad@apple.com>
3100
3101         Reset results for bindings tests after r196520
3102
3103         Unreviewed test gardening.
3104
3105         No new tests needed.
3106
3107         * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.cpp:
3108         (webkit_dom_test_event_target_dispatch_event):
3109         * bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
3110         (webkit_dom_test_node_dispatch_event):
3111
3112 2016-02-12  Saam barati  <sbarati@apple.com>
3113
3114         Attempting build fix from https://bugs.webkit.org/show_bug.cgi?id=154144.
3115
3116         * bindings/js/JSDOMGlobalObject.cpp:
3117         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
3118
3119 2016-02-12  Daniel Bates  <dabates@apple.com>
3120
3121         CSP: 'blob:' URLs should not match 'self' in CSP source expression lists.
3122         https://bugs.webkit.org/show_bug.cgi?id=153158
3123         <rdar://problem/24383264>
3124
3125         Reviewed by Brent Fulgham.
3126
3127         A blob URL should not match source 'self' by section Security Considerations for GUID URL schemes
3128         of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/CSP2/> (21 July 2015).
3129
3130         Tests: http/tests/security/contentSecurityPolicy/blob-url-does-not-match-source-self.html
3131                http/tests/security/contentSecurityPolicy/blob-url-matches-source-blob.html
3132
3133         * page/csp/ContentSecurityPolicySourceList.cpp:
3134         (WebCore::ContentSecurityPolicySourceList::matches): Do not make a distinction between URLs that
3135         contain a nested URL (e.g. blob://http://www.example.com/...) and URLs that do not contain a nested
3136         URL. The URL of the requested resource should be matched against the source list source expressions.
3137
3138 2016-02-12  Daniel Bates  <dabates@apple.com>
3139
3140         CSP: Implement child-src directive
3141         https://bugs.webkit.org/show_bug.cgi?id=153562
3142         <rdar://problem/24610087>
3143
3144         Reviewed by Brent Fulgham.
3145
3146         Add support for the child-src directive, <https://w3c.github.io/webappsec-csp/2/#child_src> (29 August 2015),
3147         which formally replaces the deprecated frame-src directive as of the Content Security Policy 2.0 spec. The
3148         child-src directive was first introduced in the Content Security Policy 1.1 spec, <https://www.w3.org/TR/2014/WD-CSP11-20140211/>.
3149
3150         As a side effect of this change, the script URL for a Web Worker is checked against the child-src directive
3151         as opposed to the script-src directive. This is a backward incompatible change from the CSP 1.0 spec.
3152
3153         Tests: http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-blocked.html
3154                http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-redirect-blocked.html
3155                http/tests/security/contentSecurityPolicy/1.1/child-src/frame-src-takes-precedence-over-child-src.html
3156                http/tests/security/contentSecurityPolicy/1.1/child-src/worker-redirect-blocked.html
3157                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-redirect.html
3158
3159         * loader/DocumentThreadableLoader.cpp:
3160         (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Check child-src directive (if applicable).
3161         * loader/ThreadableLoader.h: Add enum value EnforceChildSrcDirective to enum class ContentSecurityPolicyEnforcement to
3162         enforce the child-src directive on redirect.
3163         * page/csp/ContentSecurityPolicy.cpp:
3164         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Added.
3165         * page/csp/ContentSecurityPolicy.h:
3166         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
3167         (WebCore::ContentSecurityPolicyDirectiveList::checkSourceAndReportViolation): Add message prefix for a child-src violation.
3168         We use the same message prefix as used by Blink.
3169         (WebCore::ContentSecurityPolicyDirectiveList::allowChildContextFromSource): Added.
3170         (WebCore::ContentSecurityPolicyDirectiveList::allowChildFrameFromSource): Modified to check the frame-src
3171         directive (if specified) before checking the child-src directive by <https://w3c.github.io/webappsec-csp/2/#directive-child-src-nested>.
3172         (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Parse the child-src directive.
3173         * page/csp/ContentSecurityPolicyDirectiveList.h:
3174         * workers/AbstractWorker.cpp:
3175         (WebCore::AbstractWorker::resolveURL): Check if the script URL for the worker is allowed by the child-src directive
3176         as opposed to the script-src directive. This is a backwards incompatible change from the CSP 1.0 spec.
3177         * workers/Worker.cpp:
3178         (WebCore::Worker::create): Enforce the child-src directive on redirects (if applicable).
3179
3180 2016-02-12  Saam barati  <sbarati@apple.com>
3181
3182         The parser doesn't properly protect against global variable references in builtins
3183         https://bugs.webkit.org/show_bug.cgi?id=154144
3184
3185         Reviewed by Geoffrey Garen.
3186
3187         Change JS builtins to no longer reference global variables.
3188
3189         No new tests because old tests cover the issues here.
3190
3191         * Modules/mediastream/NavigatorUserMedia.js:
3192         (webkitGetUserMedia):
3193         * Modules/mediastream/RTCPeerConnection.js:
3194         (addIceCandidate):
3195         (getStats):
3196         * Modules/mediastream/RTCPeerConnectionInternals.js:
3197         (setLocalOrRemoteDescription):
3198         * Modules/plugins/QuickTimePluginReplacement.js:
3199         (Replacement.prototype.handleEvent):
3200         * Modules/streams/ByteLengthQueuingStrategy.js:
3201         (initializeByteLengthQueuingStrategy):
3202         * Modules/streams/CountQueuingStrategy.js:
3203         (initializeCountQueuingStrategy):
3204         * Modules/streams/ReadableStreamInternals.js:
3205         (teeReadableStream):
3206         * bindings/js/JSDOMGlobalObject.cpp:
3207         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
3208         * bindings/js/WebCoreBuiltinNames.h:
3209
3210 2016-02-12  Jiewen Tan  <jiewen_tan@apple.com>
3211
3212         WebKit should expose the DOM 4 Event.isTrusted property
3213         https://bugs.webkit.org/show_bug.cgi?id=76121
3214         <rdar://problem/22558494>
3215
3216         Reviewed by Darin Adler.
3217
3218         Implements Event.isTrusted. The implementation here is slitely different from and better than
3219         the DOM specification. Here Event.isTrusted will be initialized differently depending on the
3220         callers of the constructors/create methods. If the caller is from user agent, the isTrusted
3221         will be true. Otherwise, it will be false. Since a user agent dispatched event can be catched
3222         and re-initialized/redispatched by the bindings, the flag will be unset at *Event::init*Event
3223         and EventTarget::dispatchEventForBindings. As currently there is no way to let user agent to
3224         dispatch a bindings created event, therefore we ensure that the Event.isTrusted is set for
3225         events dispatched by user agent, and unset for those by bindings.
3226
3227         EventTarget::dispatchEvent(Event*, ExceptionCode&) is renamed to EventTarget::dispatchEventForBindings
3228         in this patch as well. So that, together with the improved design of the API, developers in
3229         the future will be less likely using a wrong dispatchEvent method and setting Event.isTrusted
3230         incorrectly comparing to the DOM design.
3231
3232         After this patch, all events that are created by user agent should be dispatched by
3233         EventTarget::dispatchEvent, and those are created by bindings should be dispatched by
3234         EventTarget::dispatchEventForBindings.
3235
3236         Some of the changes in this patch referred Blink r198996:
3237         https://codereview.chromium.org/1241613004
3238
3239         Test: imported/blink/fast/events/event-trusted.html
3240
3241         * bindings/scripts/CodeGeneratorGObject.pm:
3242         (GenerateEventTargetIface):
3243         * dom/Event.cpp:
3244         (WebCore::Event::Event):
3245         (WebCore::Event::initEvent):
3246         * dom/Event.h:
3247         (WebCore::Event::isTrusted):
3248         (WebCore::Event::setUntrusted):
3249         * dom/Event.idl:
3250         * dom/EventTarget.cpp:
3251         (WebCore::EventTarget::dispatchEventForBindings):
3252         (WebCore::EventTarget::dispatchEvent): Deleted.
3253         * dom/EventTarget.h:
3254         * dom/EventTarget.idl:
3255         * page/DOMWindow.idl:
3256         * page/EventHandler.cpp:
3257         (WebCore::EventHandler::dispatchDragEvent):
3258         * workers/WorkerGlobalScope.idl:
3259
3260 2016-02-12  Brady Eidson  <beidson@apple.com>
3261
3262         Modern IDB: IDBObjectStore and IDBIndex need to be ActiveDOMObjects.
3263         https://bugs.webkit.org/show_bug.cgi?id=154153
3264
3265         Reviewed by Alex Christensen.
3266
3267         No new tests (No testable change in behavior).
3268
3269         This is needed so that IDBObjectStore and IDBIndex JS wrappers are not garbage collected
3270         while their IDBTransaction is still in progress.
3271
3272         * Modules/indexeddb/client/IDBIndexImpl.cpp:
3273         (WebCore::IDBClient::IDBIndex::IDBIndex):
3274         (WebCore::IDBClient::IDBIndex::activeDOMObjectName):
3275         (WebCore::IDBClient::IDBIndex::canSuspendForDocumentSuspension):
3276         (WebCore::IDBClient::IDBIndex::hasPendingActivity):
3277         * Modules/indexeddb/client/IDBIndexImpl.h:
3278         
3279         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
3280         (WebCore::IDBClient::IDBObjectStore::create):
3281         (WebCore::IDBClient::IDBObjectStore::IDBObjectStore):
3282         (WebCore::IDBClient::IDBObjectStore::activeDOMObjectName):
3283         (WebCore::IDBClient::IDBObjectStore::canSuspendForDocumentSuspension):
3284         (WebCore::IDBClient::IDBObjectStore::hasPendingActivity):
3285         (WebCore::IDBClient::IDBObjectStore::index):
3286         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
3287         
3288         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
3289         (WebCore::IDBClient::IDBTransaction::objectStore):
3290         (WebCore::IDBClient::IDBTransaction::createObjectStore):
3291         (WebCore::IDBClient::IDBTransaction::createIndex):
3292
3293 2016-02-12  Brady Eidson  <beidson@apple.com>
3294
3295         Modern IDB: Simplify the relationship between IDBObjectStore and IDBIndex.
3296         https://bugs.webkit.org/show_bug.cgi?id=154187
3297
3298         Reviewed by Alex Christensen.
3299
3300         Tests: storage/indexeddb/modern/deleteindex-3-private.html
3301                storage/indexeddb/modern/deleteindex-3.html
3302
3303         Instead of allowing IDBIndex to have two different lifecycle modes, it is now always
3304         owned by an IDBObjectStore.
3305         
3306         To support the case where an IDBIndex is deleted from its IDBObjectStore, the object
3307         store simply hangs on to deleted indexes until it is destroyed itself.
3308         
3309         * Modules/indexeddb/client/IDBIndexImpl.cpp:
3310         (WebCore::IDBClient::IDBIndex::markAsDeleted):
3311         (WebCore::IDBClient::IDBIndex::ref):
3312         (WebCore::IDBClient::IDBIndex::deref):
3313         * Modules/indexeddb/client/IDBIndexImpl.h:
3314         
3315         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
3316         (WebCore::IDBClient::IDBObjectStore::deleteIndex):
3317         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
3318
3319 2016-02-12  Myles C. Maxfield  <mmaxfield@apple.com>
3320
3321         [CSS Font Loading] Implement CSSFontFace Boilerplate
3322         https://bugs.webkit.org/show_bug.cgi?id=154145
3323
3324         Reviewed by Dean Jackson.
3325
3326         The CSS Font Loading spec[1] dictates that the FontFace object needs to have string
3327         accessors and mutators for a bunch of properties. Our CSSFontFace object currently
3328         contains this parsed information, but it isn't accessible via string-based methods.
3329         This patch adds the necessary accessors and mutators, and migrates CSSFontSelector
3330         to use these mutators where necessary.
3331
3332         There is more work to come on CSSFontFace; the next step is to create an .idl file
3333         and hook it up to our CSSFontFace object. In this patch I have left some
3334         unimplemented pieces (for example: where the spec dictates that some operation should
3335         throw a JavaScript exception) which will be implemented in a follow-up patch. This
3336         patch does not have any visible behavior change; I'm separating out the boilerplate
3337         into this patch in order to ease reviewing burden.
3338
3339         This patch separates the externally-facing JavaScript API into a new class, FontFace.
3340         This class owns a CSSFontFace, which provides the backing implementation. There will
3341         be a system of shared ownership of these objects once FontFaceSet is implemented.
3342
3343         No new tests because there is no behavior change.
3344
3345         * CMakeLists.txt: Add new files to CMake builds.
3346         * WebCore.vcxproj/WebCore.vcxproj: Ditto for Windows.
3347         * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
3348         * WebCore.xcodeproj/project.pbxproj: Ditto for Cocoa.
3349         * css/CSSAllInOne.cpp: Ditto for All-In-One builds.
3350         * css/CSSFontFace.cpp: Move shared code from CSSFontSelector into CSSFontFace.
3351         (WebCore::CSSFontFace::CSSFontFace):
3352         (WebCore::CSSFontFace::~CSSFontFace):
3353         (WebCore::CSSFontFace::setFamilies):
3354         (WebCore::CSSFontFace::setStyle):
3355         (WebCore::CSSFontFace::setWeight):
3356         (WebCore::CSSFontFace::setUnicodeRange):
3357         (WebCore::CSSFontFace::setVariantLigatures):
3358         (WebCore::CSSFontFace::setVariantPosition):
3359         (WebCore::CSSFontFace::setVariantCaps):
3360         (WebCore::CSSFontFace::setVariantNumeric):
3361         (WebCore::CSSFontFace::setVariantAlternates):
3362         (WebCore::CSSFontFace::setVariantEastAsian):
3363         (WebCore::CSSFontFace::setFeatureSettings):
3364         * css/CSSFontFace.h: Clean up.
3365         (WebCore::CSSFontFace::create):
3366         (WebCore::CSSFontFace::families):
3367         (WebCore::CSSFontFace::traitsMask):
3368         (WebCore::CSSFontFace::featureSettings):
3369         (WebCore::CSSFontFace::variantSettings):
3370         (WebCore::CSSFontFace::setVariantSettings):
3371         (WebCore::CSSFontFace::setTraitsMask):
3372         (WebCore::CSSFontFace::isLocalFallback):
3373         (WebCore::CSSFontFace::addRange): Deleted.
3374         (WebCore::CSSFontFace::insertFeature): Deleted.
3375         (WebCore::CSSFontFace::setVariantCommonLigatures): Deleted.
3376         (WebCore::CSSFontFace::setVariantDiscretionaryLigatures): Deleted.
3377         (WebCore::CSSFontFace::setVariantHistoricalLigatures): Deleted.
3378         (WebCore::CSSFontFace::setVariantContextualAlternates): Deleted.
3379         (WebCore::CSSFontFace::setVariantPosition): Deleted.
3380         (WebCore::CSSFontFace::setVariantCaps): Deleted.
3381         (WebCore::CSSFontFace::setVariantNumericFigure): Deleted.
3382         (WebCore::CSSFontFace::setVariantNumericSpacing): Deleted.
3383         (WebCore::CSSFontFace::setVariantNumericFraction): Deleted.
3384         (WebCore::CSSFontFace::setVariantNumericOrdinal): Deleted.
3385         (WebCore::CSSFontFace::setVariantNumericSlashedZero): Deleted.
3386         (WebCore::CSSFontFace::setVariantAlternates): Deleted.
3387         (WebCore::CSSFontFace::setVariantEastAsianVariant): Deleted.
3388         (WebCore::CSSFontFace::setVariantEastAsianWidth): Deleted.
3389         (WebCore::CSSFontFace::setVariantEastAsianRuby): Deleted.
3390         (WebCore::CSSFontFace::CSSFontFace): Deleted.
3391         * css/CSSFontSelector.cpp: Migrate shared code into CSSFontFace, and udpate
3392         to use the new API.
3393         (WebCore::appendSources):
3394         (WebCore::registerLocalFontFacesForFamily):
3395         (WebCore::CSSFontSelector::addFontFaceRule):
3396         (WebCore::computeTraitsMask): Deleted.
3397         (WebCore::createFontFace): Deleted.
3398         * css/FontFace.cpp: Added. External JavaScript API. Owns a CSSFontFace.
3399         (WebCore::FontFace::FontFace):
3400         (WebCore::FontFace::~FontFace):
3401         (WebCore::parseString):
3402         (WebCore::FontFace::setFamily):
3403         (WebCore::FontFace::setStyle):
3404         (WebCore::FontFace::setWeight):
3405         (WebCore::FontFace::setStretch):
3406         (WebCore::FontFace::setUnicodeRange):
3407         (WebCore::FontFace::setVariant):
3408         (WebCore::FontFace::setFeatureSettings):
3409         (WebCore::FontFace::family):
3410         (WebCore::FontFace::style):
3411         (WebCore::FontFace::weight):
3412         (WebCore::FontFace::stretch):
3413         (WebCore::FontFace::unicodeRange):
3414         (WebCore::FontFace::variant):
3415         (WebCore::FontFace::featureSettings):
3416         * css/FontFace.h: Added. Ditto.
3417         (WebCore::FontFace::create):
3418         * css/FontVariantBuilder.cpp: Added. Moved code here from FontVariantBuilder.h.
3419         Refactored to support a new client (CSSFontFace).
3420         (WebCore::extractFontVariantLigatures):
3421         (WebCore::extractFontVariantNumeric):
3422         (WebCore::extractFontVariantEastAsian):
3423         (WebCore::computeFontVariant):
3424         * css/FontVariantBuilder.h: Moved code from here into FontVariantBuilder.cpp.
3425         (WebCore::applyValueFontVariantLigatures): Deleted.
3426         (WebCore::applyValueFontVariantNumeric): Deleted.
3427         (WebCore::applyValueFontVariantEastAsian): Deleted.
3428         * css/StyleBuilderCustom.h: Update for new FontVariantBuilder API.
3429         (WebCore::StyleBuilderCustom::applyValueFontVariantLigatures):
3430         (WebCore::StyleBuilderCustom::applyValueFontVariantNumeric):
3431         (WebCore::StyleBuilderCustom::applyValueFontVariantEastAsian):
3432         * platform/text/TextFlags.h: Provide convenience classes.
3433         (WebCore::FontVariantLigaturesValues::FontVariantLigaturesValues):
3434         (WebCore::FontVariantNumericValues::FontVariantNumericValues):
3435         (WebCore::FontVariantEastAsianValues::FontVariantEastAsianValues):
3436
3437 2016-02-12  Jer Noble  <jer.noble@apple.com>
3438
3439         Build fix after r196506; publish MediaResourceLoader.h as a private header so it can be used by
3440         TestWebKitAPI.
3441
3442         * WebCore.xcodeproj/project.pbxproj:
3443
3444 2016-02-11  Jer Noble  <jer.noble@apple.com>
3445
3446         [Mac] Adopt MediaResourceLoader (instead of CachedResourceLoader) in WebCoreNSURLSession.
3447         https://bugs.webkit.org/show_bug.cgi?id=154136
3448
3449         Reviewed by Alex Christensen.
3450
3451         MediaResourceLoader already supports using CORS attribute to verify CORS access requirements
3452         when loading media resources, so use it, rather than CachedResourceLoader, as the backing for
3453         WebCoreNSURLSession.
3454
3455         * platform/network/cocoa/WebCoreNSURLSession.h:
3456         * platform/network/cocoa/WebCoreNSURLSession.mm:
3457         (-[WebCoreNSURLSession delegateQueue]):
3458         (-[WebCoreNSURLSession streamTaskWithNetService:]):
3459         (-[WebCoreNSURLSession isKindOfClass:]):
3460         (-[WebCoreNSURLSessionDataTask initWithSession:identifier:request:]):
3461         (-[WebCoreNSURLSessionDataTask _restart]):
3462         (-[WebCoreNSURLSessionDataTask _cancel]):
3463         (-[WebCoreNSURLSessionDataTask resume]):
3464         (-[WebCoreNSURLSessionDataTask _timingData]):
3465         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
3466         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
3467         (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Deleted.
3468         (-[WebCoreNSURLSession loader]): Deleted.
3469         (WebCore::WebCoreNSURLSessionDataTaskClient::dataSent): Deleted.
3470         (WebCore::WebCoreNSURLSessionDataTaskClient::responseReceived): Deleted.
3471         (WebCore::WebCoreNSURLSessionDataTaskClient::dataReceived): Deleted.
3472         (WebCore::WebCoreNSURLSessionDataTaskClient::redirectReceived): Deleted.
3473         (WebCore::WebCoreNSURLSessionDataTaskClient::notifyFinished): Deleted.
3474         (-[WebCoreNSURLSessionDataTask initWithSession:identifier:URL:]): Deleted.
3475         (-[WebCoreNSURLSessionDataTask _finish]): Deleted.
3476         (-[WebCoreNSURLSessionDataTask _setDefersLoading:]): Deleted.
3477         (-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]): Deleted.
3478         (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]): Deleted.
3479         (-[WebCoreNSURLSessionDataTask resourceFinished:]): Deleted.
3480         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
3481         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
3482
3483 2016-02-12  Alex Christensen  <achristensen@webkit.org>
3484
3485         Fix non-internal builds when using NetworkSession
3486         https://bugs.webkit.org/show_bug.cgi?id=152285
3487
3488         * platform/spi/cf/CFNetworkSPI.h:
3489         Add SPI declaration used in r194156.
3490
3491 2016-02-12  Andreas Kling  <akling@apple.com>
3492
3493         Throw out all live resource decoded data on memory pressure / suspension.
3494         <https://webkit.org/b/154176>
3495
3496         Reviewed by Antti Koivisto.
3497
3498         When pruning live resource decoded data from the memory cache,
3499         we normally avoid pruning anything that's been painted in the last second.
3500         This is an optimization to avoid getting into image decoding loops.
3501
3502         For memory pressure / process suspension scenarios this doesn't really
3503         make sense though:
3504
3505             - In the pressure case, if we have to render again soon it'll likely
3506               be a new GIF frame which we have to decode anyway.
3507
3508             - In the process suspension case, we might *never* render again,
3509               so we should be good citizens and drop all the decoded data we can.
3510
3511         This patch makes us drop all the decoded data, recently painted or not.
3512
3513         * platform/MemoryPressureHandler.cpp:
3514         (WebCore::MemoryPressureHandler::releaseCriticalMemory):
3515
3516 2016-02-12  Gavin Barraclough  <barraclough@apple.com>
3517
3518         Separate out !allowsAccess path in JSDOMWindowCustom getOwnPropertySlot
3519         https://bugs.webkit.org/show_bug.cgi?id=154156
3520
3521         Reviewed by Chris Dumez.
3522
3523         JSDOMWindowCustom getOwnPropertySlot currently allows cross-origin access to all
3524         static properties, relying on the property to perform the access check. This is
3525         a little insecure, since it is error prone - someone could easily add a property
3526         to the static table without realizing it would be automatcially exposed.
3527
3528         Instead, add a hard-coded filter to restrict access. As a future implementation
3529         we might consider autogenerating this (the properties are already tagged in IDL,
3530         we might be able to track this in a flag on the static table).
3531
3532         By separating out the handling of the same- and cross-origin access we can
3533         simplify & make the policy being enforced much clearer.
3534
3535         * bindings/js/JSDOMBinding.cpp:
3536         (WebCore::objectToStringFunctionGetter): Deleted.
3537             - removed objectToStringFunctionGetter - this duplicated functionality of
3538               nonCachingStaticFunctionGetter.
3539         * bindings/js/JSDOMBinding.h:
3540         (WebCore::objectToStringFunctionGetter): Deleted.
3541             - removed objectToStringFunctionGetter - this duplicated functionality of
3542               nonCachingStaticFunctionGetter.
3543         * bindings/js/JSDOMWindowCustom.cpp:
3544         (WebCore::jsDOMWindowGetOwnPropertySlotDisallowAccess):
3545             - explicitly handle providing access to only the things we do want to allow cross-origin.
3546         (WebCore::JSDOMWindow::getOwnPropertySlot):
3547         (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
3548             - push all !allowsAccess handling to jsDOMWindowGetOwnPropertySlotDisallowAccess
3549         (WebCore::childFrameGetter): Deleted.
3550             - this was just a deoptimiztion - moving access into a callback saved very
3551               little & caused more work to be duplicated.
3552
3553 2016-02-12  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3554
3555         Update ICU header files to version 52
3556         https://bugs.webkit.org/show_bug.cgi?id=154160
3557
3558         Reviewed by Alex Christensen.
3559
3560         Update ICU header files to version 52 to allow the use of newer APIs.
3561
3562         No new tests because there is no behavior change.
3563
3564         * icu/unicode/bytestream.h:
3565         * icu/unicode/chariter.h:
3566         * icu/unicode/localpointer.h:
3567         * icu/unicode/platform.h:
3568         * icu/unicode/ptypes.h:
3569         * icu/unicode/putil.h:
3570         * icu/unicode/rep.h:
3571         (Replaceable::Replaceable):
3572         * icu/unicode/std_string.h:
3573         * icu/unicode/strenum.h:
3574         * icu/unicode/stringpiece.h:
3575         * icu/unicode/ubrk.h:
3576         * icu/unicode/uchar.h:
3577         * icu/unicode/ucnv.h:
3578         * icu/unicode/ucol.h:
3579         * icu/unicode/ucoleitr.h:
3580         * icu/unicode/uconfig.h:
3581         * icu/unicode/ucsdet.h:
3582         * icu/unicode/uenum.h:
3583         * icu/unicode/uidna.h:
3584         * icu/unicode/uiter.h:
3585         * icu/unicode/uloc.h:
3586         * icu/unicode/umachine.h:
3587         * icu/unicode/unistr.h:
3588         (UnicodeString::UnicodeString):
3589         (UnicodeString::operator== ):
3590         (UnicodeString::startsWith):
3591         (UnicodeString::setTo):
3592         (UnicodeString::remove):
3593         (UnicodeString::replace): Deleted.
3594         (UnicodeString::extract): Deleted.
3595         (UnicodeString::char32At): Deleted.
3596         (UnicodeString::getChar32Start): Deleted.
3597         (UnicodeString::getChar32Limit): Deleted.
3598         (UnicodeString::getTerminatedBuffer): Deleted.
3599         (UnicodeString::append): Deleted.
3600         (UnicodeString::truncate): Deleted.
3601         * icu/unicode/unorm2.h:
3602         * icu/unicode/uobject.h:
3603         * icu/unicode/urename.h:
3604         * icu/unicode/uscript.h:
3605         * icu/unicode/usearch.h:
3606         * icu/unicode/uset.h:
3607         * icu/unicode/ushape.h:
3608         * icu/unicode/ustring.h:
3609         * icu/unicode/utext.h:
3610         * icu/unicode/utf.h:
3611         * icu/unicode/utf16.h:
3612         * icu/unicode/utf8.h:
3613         * icu/unicode/utf_old.h:
3614         * icu/unicode/utypes.h:
3615         * icu/unicode/uvernum.h:
3616         * icu/unicode/uversion.h:
3617
3618 2016-02-12  Andreas Kling  <akling@apple.com>
3619
3620         [Mac] BitmapImage::decodedDataIsPurgeable() is telling lies and causing massive memory usage.
3621         <https://webkit.org/b/154172>
3622
3623         Reviewed by Antti Koivisto.
3624
3625         The underlying mechanism in CoreAnimation that made this work is no longer in place.
3626
3627         Instead of keeping purgeable frames and juggling volatility bits, we were simply caching
3628         every single frame of large GIF animations, sometimes leading to monstrous memory usage.
3629
3630         Remove the code from WebCore since it's not doing at all what it means to.
3631
3632         Now iOS and Mac will behave the same again, and frame caching decisions will be
3633         made by WebKit, based on total pixel byte size.
3634
3635         * loader/cache/CachedImage.h:
3636         * loader/cache/CachedResource.h:
3637         (WebCore::CachedResource::decodedDataIsPurgeable): Deleted.
3638         * loader/cache/MemoryCache.cpp:
3639         (WebCore::MemoryCache::pruneLiveResourcesToSize): Deleted.
3640         * platform/graphics/BitmapImage.cpp:
3641         (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
3642         (WebCore::BitmapImage::destroyDecodedDataIfNecessary): Deleted.
3643         * platform/graphics/BitmapImage.h:
3644         * platform/graphics/Image.h:
3645         (WebCore::Image::decodedDataIsPurgeable): Deleted.
3646         * platform/graphics/cg/BitmapImageCG.cpp:
3647         (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
3648         * platform/graphics/cg/ImageSourceCG.cpp:
3649         (WebCore::ImageSource::createFrameAtIndex): Deleted.
3650
3651 2016-02-12  Brady Eidson  <beidson@apple.com>
3652
3653         Modern IDB: Ref cycle between IDBObjectStore and IDBIndex.
3654         https://bugs.webkit.org/show_bug.cgi?id=154110
3655
3656         Reviewed by Darin Adler.
3657
3658         No new tests (Currently untestable).
3659
3660         The lifetime of IDBObjectStore and IDBIndex are closely intertwined, but we have to break the ref cycle.
3661         
3662         This patch does a few semi-gnarly things:
3663         1 - Makes both IDBIndex and IDBObjectStore have a custom marking function so they can add each other as 
3664             opaque roots.
3665         2 - Adds a lock to protect IDBObjectStore's collection of referenced indexes to support #1, as GC marking
3666             can happen on any thread.
3667         3 - Makes IDBIndex not be traditionally RefCounted; Instead, IDBIndex::ref()/deref() simply ref()/deref()
3668             the owning IDBObjectStore.
3669         4 - ...Except when somebody deletes an IDBIndex from its IDBObjectStore. Once that happens, the object
3670             store no longer has a reference back to the index, but the index still needs a reference back to the
3671             object store. To support this, the IDBIndex becomes "traditionally RefCounted" while holding a ref to
3672             its IDBObjectStore.
3673
3674         * CMakeLists.txt:
3675         * WebCore.xcodeproj/project.pbxproj:
3676
3677         * Modules/indexeddb/IDBIndex.h:
3678         (WebCore::IDBIndex::isModern):
3679         * Modules/indexeddb/IDBIndex.idl:
3680         
3681         * Modules/indexeddb/IDBObjectStore.h:
3682         (WebCore::IDBObjectStore::isModern):
3683         * Modules/indexeddb/IDBObjectStore.idl:
3684         
3685         * Modules/indexeddb/client/IDBIndexImpl.cpp:
3686         (WebCore::IDBClient::IDBIndex::objectStore):
3687         (WebCore::IDBClient::IDBIndex::openCursor):
3688         (WebCore::IDBClient::IDBIndex::doCount):
3689         (WebCore::IDBClient::IDBIndex::openKeyCursor):
3690         (WebCore::IDBClient::IDBIndex::doGet):
3691         (WebCore::IDBClient::IDBIndex::doGetKey):
3692         (WebCore::IDBClient::IDBIndex::markAsDeleted):
3693         (WebCore::IDBClient::IDBIndex::ref):
3694         (WebCore::IDBClient::IDBIndex::deref):
3695         (WebCore::IDBClient::IDBIndex::create): Deleted.
3696         * Modules/indexeddb/client/IDBIndexImpl.h:
3697         (WebCore::IDBClient::IDBIndex::modernObjectStore):
3698         
3699         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
3700         (WebCore::IDBClient::IDBObjectStore::createIndex):
3701         (WebCore::IDBClient::IDBObjectStore::index):
3702         (WebCore::IDBClient::IDBObjectStore::deleteIndex):
3703         (WebCore::IDBClient::IDBObjectStore::visitReferencedIndexes):
3704         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
3705         
3706         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
3707         (WebCore::IDBClient::IDBTransaction::createIndex):
3708         * Modules/indexeddb/client/IDBTransactionImpl.h:
3709         
3710         * Modules/indexeddb/legacy/LegacyIndex.cpp:
3711         (WebCore::LegacyIndex::ref):
3712         (WebCore::LegacyIndex::deref):
3713         * Modules/indexeddb/legacy/LegacyIndex.h:
3714         
3715         * bindings/js/JSIDBIndexCustom.cpp: Added.
3716         (WebCore::JSIDBIndex::visitAdditionalChildren):
3717         
3718         * bindings/js/JSIDBObjectStoreCustom.cpp:
3719         (WebCore::JSIDBObjectStore::visitAdditionalChildren):
3720
3721 2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>
3722
3723         [EFL][GTK] Fix ENABLE(SVG_OTF_CONVERTER) build
3724         https://bugs.webkit.org/show_bug.cgi?id=154165
3725
3726         Reviewed by Alex Christensen.
3727
3728         * CMakeLists.txt:
3729         * css/CSSFontFaceSource.cpp:
3730         (WebCore::CSSFontFaceSource::font):
3731         * svg/SVGToOTFFontConversion.cpp:
3732         * svg/SVGToOTFFontConversion.h:
3733
3734 2016-02-12  Chris Dumez  <cdumez@apple.com>
3735
3736         Unreviewed nit fixes after r196466.
3737
3738         * Modules/speech/SpeechSynthesisUtterance.idl: Fix curly bracket
3739           placement.
3740         * bindings/scripts/CodeGeneratorJS.pm:
3741         (GenerateHeader): Use wrappableObject instead of domObject.
3742         * bindings/scripts/test/*: Rebaseline.
3743         * dom/WebKitNamedFlow.idl: Drop unnecessary #if case.
3744
3745 2016-02-12  Carlos Garcia Campos  <cgarcia@igalia.com>
3746
3747         [GTK] Properly handle classes inheriting from EventTarget
3748         https://bugs.webkit.org/show_bug.cgi?id=154158
3749
3750         Reviewed by Michael Catanzaro.
3751
3752         Instead of removing its parent we now handle the case of classes
3753         having EventTarget as parent to make them implement the interface
3754         instead.
3755
3756         * bindings/scripts/CodeGeneratorGObject.pm:
3757         (ShouldBeExposedAsInterface): Whether the parent given class
3758         should be exposed as an interface instead of a parent class.
3759         (GetParentClassName): Return Object as parent for classes having
3760         a parent that should be exposed as an interface.
3761         (GetParentImplClassName): Ditto.
3762         (GetBaseClass): Ditto.
3763         (GetParentGObjType): Ditto.
3764         (SkipFunction): Add FIXME comment.
3765         (ImplementsInterface): Helper function to check if a class
3766         implements the given interface.
3767         (GenerateCFile): Check whether the class implements EventTarget to
3768         generate the interface implementation.
3769         (GenerateInterface): Do not remove the parent class when it's EventTarget.
3770
3771 2016-02-12  Commit Queue  <commit-queue@webkit.org>
3772
3773         Unreviewed, rolling out r196470.
3774         https://bugs.webkit.org/show_bug.cgi?id=154167
3775
3776         Broke some tests (Requested by anttik on #webkit).
3777
3778         Reverted changeset:
3779
3780         "Factor class change style invalidation code into a class"
3781         https://bugs.webkit.org/show_bug.cgi?id=154163
3782         http://trac.webkit.org/changeset/196470
3783
3784 2016-02-12  Antti Koivisto  <antti@apple.com>
3785
3786         Factor class change style invalidation code into a class
3787         https://bugs.webkit.org/show_bug.cgi?id=154163
3788
3789         Reviewed by Andreas Kling.
3790
3791         Factor this piece of functionality out of Element and into ClassChangeInvalidation class.
3792
3793         * CMakeLists.txt:
3794         * WebCore.vcxproj/WebCore.vcxproj:
3795         * WebCore.xcodeproj/project.pbxproj:
3796         * dom/Element.cpp:
3797         (WebCore::classStringHasClassName):
3798         (WebCore::Element::classAttributeChanged):
3799         (WebCore::collectClasses): Deleted.
3800         (WebCore::computeClassChange): Deleted.
3801         (WebCore::invalidateStyleForClassChange): Deleted.
3802         * style/ClassChangeInvalidation.cpp: Added.
3803         (WebCore::Style::ClassChangeInvalidation::computeClassChange):
3804         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
3805         * style/ClassChangeInvalidation.h: Added.
3806         (WebCore::Style::ClassChangeInvalidation::needsInvalidation):
3807         (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
3808         (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):
3809
3810 2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>
3811
3812         GCC buildfix in Source/WebCore/svg/SVGToOTFFontConversion.cpp
3813         https://bugs.webkit.org/show_bug.cgi?id=154162
3814
3815         Reviewed by Andreas Kling.
3816
3817         * svg/SVGToOTFFontConversion.cpp:
3818         (WebCore::SVGToOTFFontConverter::finishAppendingKERNSubtable):
3819
3820 2016-02-12  Andreas Kling  <akling@apple.com>
3821
3822         Don't invalidate the FontCache on memory pressure.
3823         <https://webkit.org/b/154161>
3824
3825         Reviewed by Antti Koivisto.
3826
3827         Invalidating the FontCache does more harm than good:
3828
3829             - Anything that's still in the cache at this point is also
3830               referenced outside the cache, thus will not actually get deleted.
3831
3832             - Future deduplication will fail, leading to more objects.
3833
3834             - The global FontCache generation gets bumped, causing future style
3835               recalcs to be less efficient and breaking style sharing.
3836
3837             - All FontSelector invalidation callbacks will fire, potentially
3838               causing forced full-document style recalcs.
3839
3840         In fact, the only win from invalidating the FontCache comes from some
3841         minor shrinkage in the containers that make up the cache itself.
3842
3843         * platform/MemoryPressureHandler.cpp:
3844         (WebCore::MemoryPressureHandler::releaseCriticalMemory): Deleted.
3845
3846 2016-02-11  Chris Dumez  <cdumez@apple.com>
3847
3848         [Web IDL] interfaces should inherit EventTarget instead of duplicating the EventTarget API
3849         https://bugs.webkit.org/show_bug.cgi?id=154121
3850         <rdar://problem/24613234>
3851
3852         Reviewed by Gavin Barraclough.
3853
3854         Interfaces should inherit EventTarget instead of duplicating the
3855         EventTarget API in their IDL. Not only the duplication is ugly and
3856         error-prone, but this also does not match the specifications and
3857         have subtle web-exposed differences.
3858
3859         This patch takes care of all interfaces except for DOMWindow and
3860         WorkerGlobalScope. Those will be updated in the follow-up patch
3861         as they will require a little bit more work and testing.
3862
3863         We should also be able to get rid of the [EventTarget] WebKit IDL
3864         attribute in a follow-up.
3865
3866         No new tests, already covered by existing tests.
3867
3868         * Modules/battery/BatteryManager.idl:
3869         * Modules/encryptedmedia/MediaKeySession.idl:
3870         * Modules/indexeddb/IDBDatabase.h:
3871         * Modules/indexeddb/IDBDatabase.idl:
3872         * Modules/indexeddb/IDBRequest.h:
3873         * Modules/indexeddb/IDBRequest.idl:
3874         * Modules/indexeddb/IDBTransaction.h:
3875         * Modules/indexeddb/IDBTransaction.idl:
3876         * Modules/mediasession/MediaRemoteControls.idl:
3877         * Modules/mediasource/MediaSource.h:
3878         * Modules/mediasource/MediaSource.idl:
3879         * Modules/mediasource/SourceBuffer.h:
3880         * Modules/mediasource/SourceBuffer.idl:
3881         * Modules/mediasource/SourceBufferList.h:
3882         * Modules/mediasource/SourceBufferList.idl:
3883         * Modules/mediastream/MediaStream.h:
3884         * Modules/mediastream/MediaStream.idl:
3885         * Modules/mediastream/MediaStreamTrack.h:
3886         * Modules/mediastream/MediaStreamTrack.idl:
3887         * Modules/mediastream/RTCDTMFSender.h:
3888         * Modules/mediastream/RTCDTMFSender.idl:
3889         * Modules/mediastream/RTCDataChannel.h:
3890         * Modules/mediastream/RTCDataChannel.idl:
3891         * Modules/mediastream/RTCPeerConnection.h:
3892         * Modules/mediastream/RTCPeerConnection.idl:
3893         * Modules/notifications/Notification.idl:
3894         * Modules/speech/SpeechSynthesisUtterance.idl:
3895         * Modules/webaudio/AudioContext.idl:
3896         * Modules/webaudio/AudioNode.idl:
3897         * Modules/websockets/WebSocket.idl:
3898         * css/FontLoader.idl:
3899         * dom/EventTarget.h:
3900         * dom/MessagePort.idl:
3901         * dom/Node.h:
3902         * dom/Node.idl:
3903         * dom/WebKitNamedFlow.idl:
3904         * fileapi/FileReader.idl:
3905         * html/MediaController.idl:
3906         * html/track/AudioTrackList.idl:
3907         * html/track/TextTrack.idl:
3908         * html/track/TextTrackCue.idl:
3909         * html/track/TextTrackList.idl:
3910         * html/track/VideoTrackList.idl:
3911         * loader/appcache/DOMApplicationCache.h:
3912         * loader/appcache/DOMApplicationCache.idl:
3913         * page/EventSource.idl:
3914         * page/Performance.h:
3915         * page/Performance.idl:
3916         * workers/Worker.idl:
3917         * xml/XMLHttpRequest.h:
3918         * xml/XMLHttpRequest.idl:
3919         * xml/XMLHttpRequestUpload.idl:
3920         - Drop hardcoded EventTarget operations and inherit EventTarget instead.
3921         - Drop JSGenerateToNativeObject / JSGenerateToJSObject IDL extended
3922           attributes for interfaces inheriting the EventTarget interface as
3923           the bindings generator now does this automatically for us.
3924         - On native side, have EventTarget subclass ScriptWrappable instead of
3925           each of its subclasses doing so. The issue was that
3926           EventTargetOwner::finalize() was calling uncacheWrapper() with an
3927           EventTarget*, which would not clear inlined cached wrapped (see
3928           clearInlineCachedWrapper()) because EventTarget did not subclass
3929           ScriptWrappable. However, cacheWrapper() is called is a specific
3930           subtype pointer (e.g. Node*) and we would decide to create an
3931           inline cached wrapper because Node subclassed ScriptWrappable
3932           (as well as EventTarget).
3933
3934         * WebCore.xcodeproj/project.pbxproj:
3935         Export JSEventTarget.h as private header to fix the build.
3936
3937         * bindings/js/JSDOMBinding.h:
3938         (WebCore::wrapperKey):
3939         (WebCore::getCachedWrapper):
3940         (WebCore::cacheWrapper):
3941         (WebCore::uncacheWrapper):
3942         Use new wrapperKey() function that is generated for each bindings
3943         class that also has wrapperOwner(). This is used instead of the
3944         C cast to void* in order to cast to the base wrapped type to fix
3945         issues with multiple inheritance. The issue was that cacheWrapper()
3946         was getting called with a DOM object subtype pointer (e.g.
3947         AudioContext*) but uncacheWrapper() was getting called with a base
3948         wrapped type pointer (e.g. EventTarget*). Most of our DOM classes
3949         use multiple inheritance and thus the pointer values (used as keys
3950         in the weak map) may differ.
3951
3952         * bindings/js/JSTrackCustom.cpp:
3953         (WebCore::toJS):
3954         Call CREATE_DOM_WRAPPER() with an actual wrapped type (e.g. AudioTrack)
3955         instead of TrackBase type. TrackBase does not have corresponding
3956         generated bindings and therefore does not have a wrapperKey()
3957         function.
3958
3959         * bindings/scripts/CodeGeneratorJS.pm:
3960         (ShouldGenerateToWrapped):
3961         (ShouldGenerateToJSDeclaration):
3962         (GenerateHeader):
3963         - Generate a wrapperKey() utility function along-side wrapperOwner()
3964           to help cast to the base wrapped type.
3965         - Generate toWrapped() / toJS() utility functions for interfaces
3966           that inherit EventTarget as those are required by our
3967           implementation and this avoids having to explicitly have them in
3968           the IDL.
3969
3970         * bindings/scripts/test/*:
3971         Rebaseline bindings tests.
3972
3973 2016-02-11  Brent Fulgham  <bfulgham@apple.com>
3974
3975         Optimize texture-complete checks
3976         https://bugs.webkit.org/show_bug.cgi?id=98308
3977
3978         Reviewed by Dean Jackson.
3979
3980         No new tests: No change in behavior.
3981
3982         * html/canvas/WebGLRenderingContextBase.cpp:
3983         (WebCore::WebGLRenderingContextBase::initializeNewContext): Initially consider all
3984         textures as suspect.
3985         (WebCore::WebGLRenderingContextBase::extensions): New helper function.
3986         (WebCore::WebGLRenderingContextBase::reshape): Mark textures as invalid when appropriate.
3987         (WebCore::WebGLRenderingContextBase::bindTexture): Identify invalid textures and mark
3988         them for later fix-up. Likewise, remove 'known good' textures from the fix-up pass.
3989         (WebCore::WebGLRenderingContextBase::deleteTexture): Remove instances of the deleted texture
3990         from our set of invalid textures.
3991         (WebCore::WebGLRenderingContextBase::checkTextureCompleteness): Only iterate through
3992         the 'bad' textures, rather than checking every single texture.
3993         * html/canvas/WebGLRenderingContextBase.h:
3994
3995 2016-02-11  Alex Christensen  <achristensen@webkit.org>
3996
3997         Assert that IDBTransaction::transitionedToFinishing transitions to finishing.
3998         https://bugs.webkit.org/show_bug.cgi?id=154061
3999
4000         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
4001         (WebCore::IDBClient::IDBTransaction::transitionedToFinishing):
4002         Added assertion that we are transitioning to a finished or finishing state, based on Darin's feedback.
4003
4004 2016-02-11  Enrica Casucci  <enrica@apple.com>
4005
4006         WebContent process crashes when performing data detection on content with existing data detector links.
4007         https://bugs.webkit.org/show_bug.cgi?id=154118
4008         rdar://problem/24511860
4009
4010         Reviewed by Tim Horton.
4011
4012         The DOM mutation caused by removing the existing links, can shift the range endpoints.
4013         We now save the range enpoints as positions so that we can recreate the ranges,
4014         if a DOM mutation occurred.
4015
4016         * editing/cocoa/DataDetection.mm:
4017         (WebCore::removeResultLinksFromAnchor):
4018         (WebCore::searchForLinkRemovingExistingDDLinks):
4019         (WebCore::DataDetection::detectContentInRange):
4020
4021 2016-02-11  Jer Noble  <jer.noble@apple.com>
4022
4023         Make MediaResourceLoade