[Web Animations] Make WPT test at interfaces/Animation/finish.html pass reliably
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2018-07-05  Antoine Quint  <graouts@apple.com>
2
3         [Web Animations] Make WPT test at interfaces/Animation/finish.html pass reliably
4         https://bugs.webkit.org/show_bug.cgi?id=186496
5         <rdar://problem/41000179>
6
7         Reviewed by Dean Jackson.
8
9         We used to only resolve animations that had a target element, but animations need not have a target and their
10         current time should still advance so that their finished promise may resolve. We now maintain a list of animations
11         without targets and we iterate through them as well as animations with targets in DocumentTimeline::updateAnimations().
12
13         * animation/AnimationTimeline.cpp:
14         (WebCore::AnimationTimeline::addAnimation):
15         (WebCore::AnimationTimeline::removeAnimation):
16         (WebCore::AnimationTimeline::animationWasAddedToElement):
17         (WebCore::AnimationTimeline::animationWasRemovedFromElement):
18         * animation/AnimationTimeline.h:
19         (WebCore::AnimationTimeline:: const):
20         * animation/DocumentTimeline.cpp:
21         (WebCore::DocumentTimeline::updateAnimations):
22         * animation/WebAnimation.cpp:
23         (WebCore::WebAnimation::resolve):
24         * animation/WebAnimation.h:
25
26 2018-07-05  Antoine Quint  <graouts@apple.com>
27
28         [Web Animations] Make WPT test at interfaces/Animation/finished.html pass reliably
29         https://bugs.webkit.org/show_bug.cgi?id=186497
30         <rdar://problem/41000193>
31
32         Reviewed by Dean Jackson.
33
34         We need to ensure the finished state is updated as a result of any timing property changing.
35
36         * animation/AnimationEffectReadOnly.cpp:
37         (WebCore::AnimationEffectReadOnly::timingDidChange):
38         * animation/WebAnimation.cpp:
39         (WebCore::WebAnimation::effectTimingPropertiesDidChange):
40         * animation/WebAnimation.h:
41
42 2018-07-06  Antoine Quint  <graouts@apple.com>
43
44         [Web Animations] Using a Web Animation leaks the Document
45         https://bugs.webkit.org/show_bug.cgi?id=187088
46         <rdar://problem/41392046>
47
48         Reviewed by Darin Adler.
49
50         Test: webanimations/leak-document-with-web-animation.html
51
52         We need to ensure that any remaining animation is cleared when the DocumentTimeline is detached from its Document.
53         We rename WebAnimation::prepareAnimationForRemoval() to WebAnimation::remove() since it really actively disassociates
54         the animation from its timeline.
55
56         An earlier version of this patch (r233349) was rolled out due to crashes caught in the ASan configuration. The following
57         changes were made to make it safe:
58
59         - We protect the DocumentAnimationScheduler instance in displayRefreshFired() against code that might run in a
60         requestAnimationFrame() callback that would trigger the object to be deleted.
61
62         - We protect the WebAnimation instance in remove() against setEffectInternal() or setTimelineInternal() potentially
63         causing the object to be deleted. Similar protections were addede to setEffect() and setTimeline().
64
65         - We changed ~DocumentTimeline() to a default implementation to ensure it calls ~DisplayRefreshMonitorClient()
66         to avoid callbacks after the object has been marked for deletion.
67
68
69         * animation/AnimationTimeline.cpp:
70         (WebCore::AnimationTimeline::removeAnimationsForElement): We no longer need the call to removeAnimation()
71         since the new WebAnimation::remove() method will also set the timeline to null which will eventually call
72         removeAnimation() on the disassociated timeline.
73         * animation/DeclarativeAnimation.cpp:
74         (WebCore::DeclarativeAnimation::remove):
75         (WebCore::DeclarativeAnimation::prepareAnimationForRemoval): Deleted.
76         * animation/DeclarativeAnimation.h:
77         * animation/DocumentAnimationScheduler.cpp:
78         (WebCore::DocumentAnimationScheduler::displayRefreshFired):
79         * animation/DocumentTimeline.cpp:
80         (WebCore::DocumentTimeline::detachFromDocument): Call remove() on all known animations.
81         (WebCore::DocumentTimeline::~DocumentTimeline): Deleted.
82         * animation/WebAnimation.cpp:
83         (WebCore::WebAnimation::remove): Set the timeline to null to fully disassociate this animation from its timeline.
84         (WebCore::WebAnimation::setEffect):
85         (WebCore::WebAnimation::setEffectInternal):
86         (WebCore::WebAnimation::setTimeline): Factor the internal timeline-association code out of this JS API method so
87         that we can call this code without any JS-facing implications.
88         (WebCore::WebAnimation::setTimelineInternal):
89         (WebCore::WebAnimation::prepareAnimationForRemoval): Deleted.
90         * animation/WebAnimation.h:
91
92 2018-07-06  Daniel Bates  <dabates@apple.com>
93
94         Remove Strong Confirmation Password button
95         https://bugs.webkit.org/show_bug.cgi?id=187306
96         <rdar://problem/41795185>
97
98         Reviewed by Sam Weinig.
99
100         Remove support for the Strong Confirmation Password button because we never made use of it.
101
102         * English.lproj/Localizable.strings:
103         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
104         (-[WebAccessibilityObjectWrapper _accessibilityIsStrongPasswordField]):
105         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
106         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):
107         * html/HTMLInputElement.h:
108         (WebCore::HTMLInputElement::hasAutoFillStrongPasswordButton const):
109         * html/HTMLTextFormControlElement.h:
110         * html/TextFieldInputType.cpp:
111         (WebCore::autoFillButtonTypeToAccessibilityLabel):
112         (WebCore::autoFillButtonTypeToAutoFillButtonText):
113         (WebCore::autoFillButtonTypeToAutoFillButtonPseudoClassName):
114         (WebCore::isAutoFillButtonTypeChanged):
115         * platform/LocalizedStrings.cpp:
116         (WebCore::AXAutoFillStrongConfirmationPasswordLabel): Deleted.
117         * platform/LocalizedStrings.h:
118         * rendering/RenderTextControlSingleLine.cpp:
119         (WebCore::RenderTextControlSingleLine::layout):
120         * testing/Internals.cpp:
121         (WebCore::toAutoFillButtonType):
122         (WebCore::toInternalsAutoFillButtonType):
123         * testing/Internals.h:
124         * testing/Internals.idl:
125
126 2018-07-06  Carlos Garcia Campos  <cgarcia@igalia.com>
127
128         [GTK][WPE] REGRESSION(r233239): proxy settings not applied after r233239
129         https://bugs.webkit.org/show_bug.cgi?id=187381
130
131         Reviewed by Yusuke Suzuki.
132
133         This is because the static variable for proxy settings was replaced by a NeverDestroyed, but the function is not
134         returning a reference, but a copy. This is causing several unit tests to fail.
135
136         * platform/network/soup/SoupNetworkSession.cpp:
137         (WebCore::proxySettings):
138
139 2018-07-06  Frederic Wang  <fwang@igalia.com>
140
141         [Crash] Illegal use of uninitialized std::optional value in WebCore::AnimationBase::updateStateMachine
142         https://bugs.webkit.org/show_bug.cgi?id=187382
143
144         Reviewed by Carlos Garcia Campos.
145
146         WebCore::AnimationBase::updateStateMachine has two potential places where the use of an
147         uninitialized std:optional value is possible and one of them is hit when using Google drive.
148         Since that old animation code is going to be removed soon, we just quickly patch this issue
149         via value_or() so that we can restore the ASSERT added in bug 186536.
150
151         No new tests, code is going to be removed soon.
152
153         * page/animation/AnimationBase.cpp:
154         (WebCore::AnimationBase::updateStateMachine): Use value_or(0) to avoid potential crashes.
155
156 2018-07-06  Frederic Wang  <fwang@igalia.com>
157
158         Rename HTMLTreeBuilder::didCreateCustomOrCallbackElement
159         https://bugs.webkit.org/show_bug.cgi?id=187317
160
161         Reviewed by Ryosuke Niwa.
162
163         This function is called with a new custom element or the fallback HTMLUnknownElement element
164         so we rename it didCreateCustomOrFallbackElement.
165
166         No new tests, behavior unchanged.
167
168         * html/parser/HTMLDocumentParser.cpp:
169         (WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder):
170         * html/parser/HTMLTreeBuilder.cpp:
171         (WebCore::HTMLTreeBuilder::didCreateCustomOrFallbackElement):
172         (WebCore::HTMLTreeBuilder::didCreateCustomOrCallbackElement): Deleted.
173         * html/parser/HTMLTreeBuilder.h:
174
175 2018-07-05  Ryosuke Niwa  <rniwa@webkit.org>
176
177         REGRESSION(r233496): macOS Sierra hits debug assertions in TrackListBase::suspend
178         https://bugs.webkit.org/show_bug.cgi?id=187378
179         <rdar://problem/41878885>
180
181         Reviewed by Eric Carlson.
182
183         These assertions were wrong since inline debugger, alert, etc... can suspend active DOM objects without
184         calling canSuspendForDocumentSuspension. Fixed the bug by removing the assertion and instead suspending
185         and resuming the generic event queue.
186
187         * Modules/mediasource/MediaSource.cpp:
188         (WebCore::MediaSource::suspend):
189         (WebCore::MediaSource::resume):
190         * Modules/mediasource/SourceBuffer.cpp:
191         (WebCore::SourceBuffer::suspend):
192         (WebCore::SourceBuffer::resume):
193         * Modules/mediasource/SourceBufferList.cpp:
194         (WebCore::SourceBufferList::suspend):
195         (WebCore::SourceBufferList::resume):
196         * html/track/TrackListBase.cpp:
197         (WebCore::TrackListBase::suspend):
198         (WebCore::TrackListBase::resume):
199
200 2018-07-05  Youenn Fablet  <youenn@apple.com>
201
202         REGRESSION (r230843): Flash doesn't work; Produces blue box on page
203         https://bugs.webkit.org/show_bug.cgi?id=187346
204         <rdar://problem/41773974>
205
206         Reviewed by Ryosuke Niwa.
207
208         Introduce clearPagesPluginData used by WebProcess when a plugin policy changes.
209         Add a new internals API to get the plugin count as navigator.plugin is filtering plugins.
210
211         Test: http/tests/plugins/plugin-allow-then-reload.html
212
213         * plugins/PluginData.h:
214         * plugins/PluginInfoProvider.cpp:
215         (WebCore::PluginInfoProvider::clearPagesPluginData):
216         * plugins/PluginInfoProvider.h:
217         * testing/Internals.cpp:
218         (WebCore::Internals::pluginCount):
219         * testing/Internals.h:
220         * testing/Internals.idl:
221
222 2018-07-05  Brady Eidson  <beidson@apple.com>
223
224         IndexedDB operations in a Page fail after a StorageProcess crash.
225         <rdar://problem/41626526> and https://bugs.webkit.org/show_bug.cgi?id=187123
226
227         Reviewed by Alex Christensen.
228
229         Test: storage/indexeddb/modern/opendatabase-after-storage-crash.html
230
231         When the connection to a StorageProcess goes away, explicitly tell all of the WebPages
232         in the WebProcess about it.
233         
234         This puts Documents/Workers in an error mode where requests fail instead of timeout.
235         It also clears the Page's connection so *new* Documents and Workers will get a fresh 
236         new connection that works.
237         
238         * Modules/indexeddb/client/IDBConnectionToServer.cpp:
239         (WebCore::IDBClient::IDBConnectionToServer::callResultFunctionLater):
240         (WebCore::IDBClient::IDBConnectionToServer::deleteDatabase):
241         (WebCore::IDBClient::IDBConnectionToServer::openDatabase):
242         (WebCore::IDBClient::IDBConnectionToServer::createObjectStore):
243         (WebCore::IDBClient::IDBConnectionToServer::deleteObjectStore):
244         (WebCore::IDBClient::IDBConnectionToServer::renameObjectStore):
245         (WebCore::IDBClient::IDBConnectionToServer::clearObjectStore):
246         (WebCore::IDBClient::IDBConnectionToServer::createIndex):
247         (WebCore::IDBClient::IDBConnectionToServer::deleteIndex):
248         (WebCore::IDBClient::IDBConnectionToServer::renameIndex):
249         (WebCore::IDBClient::IDBConnectionToServer::putOrAdd):
250         (WebCore::IDBClient::IDBConnectionToServer::getRecord):
251         (WebCore::IDBClient::IDBConnectionToServer::getAllRecords):
252         (WebCore::IDBClient::IDBConnectionToServer::getCount):
253         (WebCore::IDBClient::IDBConnectionToServer::deleteRecord):
254         (WebCore::IDBClient::IDBConnectionToServer::openCursor):
255         (WebCore::IDBClient::IDBConnectionToServer::iterateCursor):
256         (WebCore::IDBClient::IDBConnectionToServer::establishTransaction):
257         (WebCore::IDBClient::IDBConnectionToServer::commitTransaction):
258         (WebCore::IDBClient::IDBConnectionToServer::didFinishHandlingVersionChangeTransaction):
259         (WebCore::IDBClient::IDBConnectionToServer::abortTransaction):
260         (WebCore::IDBClient::IDBConnectionToServer::didFireVersionChangeEvent):
261         (WebCore::IDBClient::IDBConnectionToServer::confirmDidCloseFromServer):
262         (WebCore::IDBClient::IDBConnectionToServer::connectionToServerLost):
263         (WebCore::IDBClient::IDBConnectionToServer::openDBRequestCancelled):
264         (WebCore::IDBClient::IDBConnectionToServer::databaseConnectionPendingClose):
265         (WebCore::IDBClient::IDBConnectionToServer::databaseConnectionClosed):
266         (WebCore::IDBClient::IDBConnectionToServer::abortOpenAndUpgradeNeeded):
267         (WebCore::IDBClient::IDBConnectionToServer::getAllDatabaseNames):
268         * Modules/indexeddb/client/IDBConnectionToServer.h:
269
270         * Modules/indexeddb/shared/IDBError.h:
271         (WebCore::IDBError::serverConnectionLostError):
272
273         * page/Page.cpp:
274         (WebCore::Page::setSessionID):
275         (WebCore::Page::idbConnection):
276         (WebCore::Page::optionalIDBConnection):
277         (WebCore::Page::clearIDBConnection):
278         * page/Page.h:
279
280 2018-07-05  Ryosuke Niwa  <rniwa@webkit.org>
281
282         Youtube video pages crash after a couple of minutes
283         https://bugs.webkit.org/show_bug.cgi?id=187316
284
285         Reviewed by Antti Koivisto.
286
287         The crash was caused by HTMLMediaElement::stopWithoutDestroyingMediaPlayer invoking updatePlaybackControlsManager,
288         which traverses all media players across different documents including the one in the main frame while its iframe
289         is getting removed (to update the Touch Bar's media control).
290
291         Fixed the bug by making this code async in both stopWithoutDestroyingMediaPlayer and ~HTMLMediaElement. To do this,
292         this patch moves the timer to update the playback controls manager from HTMLMediaElement to Page since scheduling
293         a timer owned by HTMLMediaElement in its destructor wouldn't work as the timer would get destructed immediately.
294
295         Also replaced the call to clientWillPausePlayback by a call to stopSession in stopWithoutDestroyingMediaPlayer
296         since the former also updates the layout synchronously via updateNowPlayingInfo; the latter function schedules
297         a timer via scheduleUpdateNowPlayingInfo instead.
298
299         Test: media/remove-video-best-media-element-in-main-frame-crash.html
300
301         * html/HTMLMediaElement.cpp:
302         (WebCore::HTMLMediaElement::~HTMLMediaElement): Call scheduleUpdatePlaybackControlsManager now that timer has been
303         moved to Page.
304         (WebCore::HTMLMediaElement::bestMediaElementForShowingPlaybackControlsManager): Made this return a RefPtr instead of
305         a raw pointer while we're at it.
306         (WebCore::HTMLMediaElement::clearMediaPlayer): Call scheduleUpdatePlaybackControlsManager.
307         (WebCore::HTMLMediaElement::stopWithoutDestroyingMediaPlayer): Ditto. Also invoke stopSession instead of
308         clientWillPausePlayback on MediaSession since clientWillPausePlayback will synchronously try to update the layout.
309         (WebCore::HTMLMediaElement::contextDestroyed):
310         (WebCore::HTMLMediaElement::stop):
311         (WebCore::HTMLMediaElement::schedulePlaybackControlsManagerUpdate): Renamed from scheduleUpdatePlaybackControlsManager.
312         (WebCore::HTMLMediaElement::updatePlaybackControlsManager): Moved to Page::playbackControlsManagerUpdateTimerFired.
313         * html/HTMLMediaElement.h:
314         * page/Page.cpp:
315         (WebCore::Page::Page):
316         (WebCore::Page::schedulePlaybackControlsManagerUpdate): Added.
317         (WebCore::Page::playbackControlsManagerUpdateTimerFired): Moved from HTMLMediaElement::updatePlaybackControlsManager.
318         * page/Page.h:
319         * testing/Internals.cpp:
320         (WebCore::Internals::bestMediaElementForShowingPlaybackControlsManager):
321         * testing/Internals.h:
322
323 2018-07-05  Ryosuke Niwa  <rniwa@webkit.org>
324
325         REGRESSION(r233496): Crash in WebCore::VideoTrack::clearClient()
326         https://bugs.webkit.org/show_bug.cgi?id=187377
327
328         Reviewed by Simon Fraser.
329
330         Clear m_client of an audio track or a video track before removing it from the list
331         since TrackListBase::m_inbandTracks may hold the last ref to the track.
332
333         * html/HTMLMediaElement.cpp:
334         (WebCore::HTMLMediaElement::removeAudioTrack):
335         (WebCore::HTMLMediaElement::removeVideoTrack):
336
337 2018-07-05  Fujii Hironori  <Hironori.Fujii@sony.com>
338
339         REGRESSION(r233495) [cairo] drawGlyphsShadow should use the fast path for zero blur-radius
340         https://bugs.webkit.org/show_bug.cgi?id=187336
341
342         Reviewed by Carlos Garcia Campos.
343
344         drawGlyphsShadow has a fast path to draw a shadow without a shadow
345         layer. Since r233495, it is not used for zero blur-radius shadow.
346
347         In Bug 187244, I changed ShadowState::isRequired not to check
348         blur-radius is zero. This is not a right fix.
349
350         This change reverts r233495.
351
352         No new tests (Covered by existing tests).
353
354         * platform/graphics/cairo/CairoOperations.cpp:
355         (WebCore::Cairo::ShadowState::isRequired const): Return false if
356         'blur' is zero.
357         (WebCore::Cairo::fillRectWithRoundedHole): Use
358         ShadowState::isVisible instead of ShadowState::isRequired to check
359         a shadow should be drawn.
360
361 2018-07-05  Timothy Hatcher  <timothy@apple.com>
362
363         Rename and flip the meaning of defaultAppearance to be useDarkAppearance.
364         https://bugs.webkit.org/show_bug.cgi?id=187369
365         rdar://problem/41870420
366
367         Reviewed by Tim Horton.
368
369         * Modules/mediasession/WebMediaSessionManager.cpp:
370         (WebCore::WebMediaSessionManager::showPlaybackTargetPicker):
371         * css/MediaQueryEvaluator.cpp:
372         (WebCore::prefersDarkInterfaceEvaluate):
373         * css/StyleColor.h:
374         * dom/Document.cpp:
375         (WebCore::Document::useDarkAppearance const):
376         (WebCore::Document::styleColorOptions const):
377         (WebCore::Document::useDefaultAppearance const): Deleted.
378         * dom/Document.h:
379         * inspector/InspectorOverlay.cpp:
380         (WebCore::InspectorOverlay::paint):
381         * page/Page.cpp:
382         (WebCore::Page::useDarkAppearance const):
383         (WebCore::Page::defaultAppearance const): Deleted.
384         * page/Page.h:
385         (WebCore::Page::setUseDarkAppearance):
386         (WebCore::Page::setDefaultAppearance): Deleted.
387         * platform/Theme.h:
388         * platform/graphics/MediaPlaybackTargetPicker.h:
389         * platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.h:
390         * platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:
391         (WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker):
392         * platform/mac/DragImageMac.mm:
393         (WebCore::createDragImageForLink):
394         * platform/mac/LocalDefaultSystemAppearance.h:
395         * platform/mac/LocalDefaultSystemAppearance.mm:
396         (WebCore::LocalDefaultSystemAppearance::LocalDefaultSystemAppearance):
397         * platform/mac/ThemeMac.h:
398         * platform/mac/ThemeMac.mm:
399         (WebCore::ThemeMac::paint):
400         * platform/mock/MediaPlaybackTargetPickerMock.cpp:
401         (WebCore::MediaPlaybackTargetPickerMock::showPlaybackTargetPicker):
402         * platform/mock/MediaPlaybackTargetPickerMock.h:
403         * rendering/InlineTextBox.cpp:
404         (WebCore::InlineTextBox::resolveStyleForMarkedText):
405         * rendering/RenderLayerBacking.cpp:
406         (WebCore::RenderLayerBacking::paintContents):
407         * rendering/RenderLayerCompositor.cpp:
408         (WebCore::RenderLayerCompositor::paintContents):
409         * rendering/RenderTheme.cpp:
410         (WebCore::RenderTheme::paint):
411         * rendering/RenderThemeMac.mm:
412         (WebCore::RenderThemeMac::documentViewFor const):
413         (WebCore::RenderThemeMac::platformActiveSelectionBackgroundColor const):
414         (WebCore::RenderThemeMac::platformInactiveSelectionBackgroundColor const):
415         (WebCore::RenderThemeMac::supportsSelectionForegroundColors const):
416         (WebCore::RenderThemeMac::platformActiveSelectionForegroundColor const):
417         (WebCore::RenderThemeMac::platformInactiveSelectionForegroundColor const):
418         (WebCore::RenderThemeMac::platformActiveListBoxSelectionBackgroundColor const):
419         (WebCore::RenderThemeMac::platformInactiveListBoxSelectionBackgroundColor const):
420         (WebCore::RenderThemeMac::platformActiveListBoxSelectionForegroundColor const):
421         (WebCore::RenderThemeMac::platformInactiveListBoxSelectionForegroundColor const):
422         (WebCore::RenderThemeMac::platformActiveTextSearchHighlightColor const):
423         (WebCore::RenderThemeMac::colorCache const):
424         (WebCore::RenderThemeMac::systemColor const):
425         (WebCore::RenderThemeMac::paintCellAndSetFocusedElementNeedsRepaintIfNecessary):
426         (WebCore::RenderThemeMac::paintSliderThumb):
427         * svg/graphics/SVGImage.cpp:
428         (WebCore::SVGImage::draw):
429
430 2018-07-05  Commit Queue  <commit-queue@webkit.org>
431
432         Unreviewed, rolling out r233539.
433         https://bugs.webkit.org/show_bug.cgi?id=187368
434
435         Changes made for youtube crashes has caused 15 api failures
436         (Requested by Truitt on #webkit).
437
438         Reverted changeset:
439
440         "Youtube video pages crash after a couple of minutes"
441         https://bugs.webkit.org/show_bug.cgi?id=187316
442         https://trac.webkit.org/changeset/233539
443
444 2018-07-05  Chris Dumez  <cdumez@apple.com>
445
446         Update Element API to use qualifiedName instead of name/localName where applicable
447         https://bugs.webkit.org/show_bug.cgi?id=187347
448
449         Reviewed by Darin Adler.
450
451         Update Element API to use qualifiedName instead of name/localName where applicable. Naming
452         is now consistent with the IDL and the specification:
453         - https://dom.spec.whatwg.org/#element
454
455         Our implementation properly deals with qualified names already, even though the parameters
456         were named localName.
457
458         * dom/Element.cpp:
459         (WebCore::Element::getAttribute const):
460         (WebCore::Element::toggleAttribute):
461         (WebCore::Element::setAttribute):
462         (WebCore::Element::removeAttribute):
463         (WebCore::Element::getAttributeNode):
464         (WebCore::Element::hasAttribute const):
465         * dom/Element.h:
466
467 2018-07-04  Ryosuke Niwa  <rniwa@webkit.org>
468
469         Youtube video pages crash after a couple of minutes
470         https://bugs.webkit.org/show_bug.cgi?id=187316
471
472         Reviewed by Antti Koivisto.
473
474         The crash was caused by HTMLMediaElement::stopWithoutDestroyingMediaPlayer invoking updatePlaybackControlsManager,
475         which traverses all media players across different documents including the one in the main frame while its iframe
476         is getting removed (to update the Touch Bar's media control).
477
478         Fixed the bug by making this code async in both stopWithoutDestroyingMediaPlayer and ~HTMLMediaElement. To do this,
479         this patch moves the timer to update the playback controls manager from HTMLMediaElement to Page since scheduling
480         a timer owned by HTMLMediaElement in its destructor wouldn't work as the timer would get destructed immediately.
481
482         Also replaced the call to clientWillPausePlayback by a call to stopSession in stopWithoutDestroyingMediaPlayer
483         since the former also updates the layout synchronously via updateNowPlayingInfo; the latter function schedules
484         a timer via scheduleUpdateNowPlayingInfo instead.
485
486         Test: media/remove-video-best-media-element-in-main-frame-crash.html
487
488         * html/HTMLMediaElement.cpp:
489         (WebCore::HTMLMediaElement::~HTMLMediaElement): Call scheduleUpdatePlaybackControlsManager now that timer has been
490         moved to Page.
491         (WebCore::HTMLMediaElement::bestMediaElementForShowingPlaybackControlsManager): Made this return a RefPtr instead of
492         a raw pointer while we're at it.
493         (WebCore::HTMLMediaElement::clearMediaPlayer): Call scheduleUpdatePlaybackControlsManager.
494         (WebCore::HTMLMediaElement::stopWithoutDestroyingMediaPlayer): Ditto. Also invoke stopSession instead of
495         clientWillPausePlayback on MediaSession since clientWillPausePlayback will synchronously try to update the layout.
496         (WebCore::HTMLMediaElement::contextDestroyed):
497         (WebCore::HTMLMediaElement::stop):
498         (WebCore::HTMLMediaElement::scheduleUpdatePlaybackControlsManager):
499         (WebCore::HTMLMediaElement::updatePlaybackControlsManager): Moved to Page::schedulePlaybackControlsManagerUpdate.
500         * html/HTMLMediaElement.h:
501         * page/Page.cpp:
502         (WebCore::Page::schedulePlaybackControlsManagerUpdate): Added.
503         * page/Page.h:
504         * testing/Internals.cpp:
505         (WebCore::Internals::bestMediaElementForShowingPlaybackControlsManager):
506         * testing/Internals.h:
507
508 2018-07-05  Zalan Bujtas  <zalan@apple.com>
509
510         Do not assume that hypen's width can be computed using the simplified text measure codepath.
511         https://bugs.webkit.org/show_bug.cgi?id=187352
512         <rdar://problem/40821283>
513
514         Reviewed by Simon Fraser.
515
516         Just because the text content is qualified for simplified text measure, it does not necessarily mean the hyphen is simple enough as well.
517
518         Test: fast/text/hyphen-is-complex-crash.html
519
520         * rendering/SimpleLineLayoutTextFragmentIterator.cpp:
521         (WebCore::SimpleLineLayout::TextFragmentIterator::Style::Style):
522         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragmentIterator):
523         * rendering/SimpleLineLayoutTextFragmentIterator.h:
524
525 2018-07-05  Eric Carlson  <eric.carlson@apple.com>
526
527         Video sometimes flickers when playing to AppleTV
528         https://bugs.webkit.org/show_bug.cgi?id=187193
529         <rdar://problem/40153865>
530
531         Unreviewed, fix a broken API test.
532
533         * platform/audio/ios/AudioSessionIOS.mm:
534         (WebCore::AudioSession::setCategory): None should set the category to AVAudioSessionCategoryAmbient, 
535         because it signals that WebKit is not playing audio so we want allow other apps to play.
536
537 2018-07-05  Per Arne Vollan  <pvollan@apple.com>
538
539         Use ENABLE(WEBPROCESS_WINDOWSERVER_BLOCKING) in ScrollAnimatorMac.mm
540         https://bugs.webkit.org/show_bug.cgi?id=187334
541
542         Reviewed by Alex Christensen.
543
544         Use ENABLE(WEBPROCESS_WINDOWSERVER_BLOCKING) instead of __MAC_OS_X_VERSION_MIN_REQUIRED when deciding
545         to use NSTimer or NSAnimation for scrollbar animation.
546
547         No new tests. No change in behavior.
548
549         * platform/mac/ScrollAnimatorMac.mm:
550         (-[WebScrollbarPartAnimation initWithScrollbar:featureToAnimate:animateFrom:animateTo:duration:]):
551         (-[WebScrollbarPartAnimation startAnimation]):
552         (-[WebScrollbarPartAnimation setCurrentProgress:setCurrentProgress:]):
553
554 2018-07-05  Timothy Hatcher  <timothy@apple.com>
555
556         Don't invert text color for selections in light mode.
557         https://bugs.webkit.org/show_bug.cgi?id=187349
558         rdar://problem/41297946
559
560         Reviewed by Tim Horton.
561
562         Fix color caching in RenderTheme so we don't cache a dark mode color
563         for a light appearance, or vise versa. Use the new color caching
564         in RenderThemeMac, and clear the color caches in purgeCaches.
565
566         Allow supportsSelectionForegroundColors to conditionalize on StyleColor::Options.
567         Return true only in dark mode.
568
569         * rendering/RenderTheme.cpp:
570         (WebCore::RenderTheme::activeSelectionBackgroundColor const):
571         (WebCore::RenderTheme::inactiveSelectionBackgroundColor const):
572         (WebCore::RenderTheme::activeSelectionForegroundColor const):
573         (WebCore::RenderTheme::inactiveSelectionForegroundColor const):
574         (WebCore::RenderTheme::activeListBoxSelectionBackgroundColor const):
575         (WebCore::RenderTheme::inactiveListBoxSelectionBackgroundColor const):
576         (WebCore::RenderTheme::activeListBoxSelectionForegroundColor const):
577         (WebCore::RenderTheme::inactiveListBoxSelectionForegroundColor const):
578         (WebCore::RenderTheme::purgeCaches):
579         (WebCore::RenderTheme::platformColorsDidChange):
580         (WebCore::RenderTheme::activeTextSearchHighlightColor const):
581         (WebCore::RenderTheme::inactiveTextSearchHighlightColor const):
582         * rendering/RenderTheme.h:
583         (WebCore::RenderTheme::supportsSelectionForegroundColors const):
584         (WebCore::RenderTheme::supportsListBoxSelectionForegroundColors const):
585         (WebCore::RenderTheme::colorCache const):
586         (WebCore::RenderTheme::purgeCaches): Deleted.
587         * rendering/RenderThemeMac.h:
588         * rendering/RenderThemeMac.mm:
589         (WebCore::RenderThemeMac::purgeCaches):
590         (WebCore::RenderThemeMac::supportsSelectionForegroundColors const):
591         (WebCore::RenderThemeMac::platformActiveSelectionForegroundColor const):
592         (WebCore::RenderThemeMac::platformInactiveSelectionForegroundColor const):
593         (WebCore::RenderThemeMac::platformColorsDidChange):
594         (WebCore::RenderThemeMac::colorCache const):
595         (WebCore::RenderThemeMac::systemColor const):
596
597 2018-07-05  Zalan Bujtas  <zalan@apple.com>
598
599         SimpleLineLayout::FlowContents wastes 54KB of Vector capacity on nytimes.com
600         https://bugs.webkit.org/show_bug.cgi?id=186709
601         <rdar://problem/41173793>
602
603         Reviewed by Simon Fraser.
604
605         The size of the m_segments vector in SimpleLineLayoutFlowContents is alway pre-computed and don't change after the initial append.  
606
607         Not testable.
608
609         * rendering/SimpleLineLayoutFlowContents.h:
610
611 2018-07-05  Nan Wang  <n_wang@apple.com>
612
613         AX: setValue on text controls should send out key events
614         https://bugs.webkit.org/show_bug.cgi?id=186690
615         <rdar://problem/41169985>
616
617         Reviewed by Chris Fleizach.
618
619         Use Editor's insertText function when the text control element is being
620         focused, so that the InputEvent will be dispatched properly.
621
622         Test: accessibility/mac/set-value-editable-dispatch-events.html
623
624         * accessibility/AccessibilityRenderObject.cpp:
625         (WebCore::AccessibilityRenderObject::setValue):
626
627 2018-07-05  Chris Dumez  <cdumez@apple.com>
628
629         ASSERT(m_dictionaryStack.size() == 1) assertion hit in ~KeyedDecoderCF() when decoding fails
630         https://bugs.webkit.org/show_bug.cgi?id=187152
631
632         Reviewed by Brent Fulgham.
633
634         Whenever a call to KeyedDecoderCF::beginArrayElement() succeeds (returns true), it
635         appends an item to m_dictionaryStack which is expected to get popped later on via
636         a matching call to KeyedDecoderCF::endArrayElement(). The ASSERT(m_dictionaryStack.size() == 1)
637         assertion in the destructor protects against a begin / end mismatch.
638
639         However, there was a bug in KeyedDecoder::decodeObjects(), which would cause us to return early
640         after a call to beginArrayElement() when the lambda function call returns false, causing us
641         not to call the matching endArrayElement() in this case. This patch addresses the issue by
642         calling endArrayElement() before returning early.
643
644         This bug was uncovered by r233309 which slightly changed the ITP encoding / decoding format.
645         Because empty HashCountedSets are now expected to be encoded as empty array, decoding of old
646         data fails and we hit the buggy code path.
647
648         * platform/KeyedCoding.h:
649         (WebCore::KeyedDecoder::decodeObjects):
650
651 2018-07-05  Antti Koivisto  <antti@apple.com>
652
653         Move CSSParserContext to a file of its own
654         https://bugs.webkit.org/show_bug.cgi?id=187342
655
656         Reviewed by Zalan Bujtas.
657
658         Move it out from CSSParserMode.h and CSSParser.cpp.
659
660         * Sources.txt:
661         * WebCore.xcodeproj/project.pbxproj:
662         * contentextensions/ContentExtensionParser.cpp:
663         * css/PropertySetCSSStyleDeclaration.h:
664         * css/StyleProperties.h:
665         * css/StyleSheetContents.h:
666         * css/parser/CSSDeferredParser.h:
667         * css/parser/CSSParser.cpp:
668         (WebCore::strictCSSParserContext): Deleted.
669         (WebCore::CSSParserContext::CSSParserContext): Deleted.
670         (WebCore::operator==): Deleted.
671         * css/parser/CSSParser.h:
672         * css/parser/CSSParserContext.cpp: Added.
673         (WebCore::strictCSSParserContext):
674         (WebCore::CSSParserContext::CSSParserContext):
675         (WebCore::operator==):
676
677         Also add the missing textAutosizingEnabled bit.
678
679         * css/parser/CSSParserContext.h: Copied from Source/WebCore/css/parser/CSSParserMode.h.
680         (WebCore::CSSParserContextHash::hash):
681
682         Also add the missing bits to the hash function.
683         
684         (WebCore::isQuirksModeBehavior): Deleted.
685         (WebCore::isUASheetBehavior): Deleted.
686         (WebCore::isUnitLessValueParsingEnabledForMode): Deleted.
687         (WebCore::isCSSViewportParsingEnabledForMode): Deleted.
688         (WebCore::strictToCSSParserMode): Deleted.
689         (WebCore::isStrictParserMode): Deleted.
690         * css/parser/CSSParserIdioms.h:
691         * css/parser/CSSParserImpl.h:
692         * css/parser/CSSParserMode.h:
693         (WebCore::CSSParserContext::completeURL const): Deleted.
694         (WebCore::operator!=): Deleted.
695         (WebCore::CSSParserContextHash::hash): Deleted.
696         (WebCore::CSSParserContextHash::equal): Deleted.
697         (WTF::HashTraits<WebCore::CSSParserContext>::constructDeletedValue): Deleted.
698         (WTF::HashTraits<WebCore::CSSParserContext>::isDeletedValue): Deleted.
699         (WTF::HashTraits<WebCore::CSSParserContext>::emptyValue): Deleted.
700         * css/parser/CSSPropertyParserHelpers.h:
701         * css/parser/CSSSelectorParser.cpp:
702         * css/parser/CSSVariableParser.cpp:
703
704 2018-07-05  Antoine Quint  <graouts@apple.com>
705
706         [Web Animations] The ready promise should initially be resolved
707         https://bugs.webkit.org/show_bug.cgi?id=187341
708         <rdar://problem/41844711>
709
710         Reviewed by Dean Jackson.
711
712         The Web Animations spec mandates that the ready promise is initially resolved.
713
714         * animation/WebAnimation.cpp:
715         (WebCore::WebAnimation::WebAnimation):
716
717 2018-07-05  Sergio Villar Senin  <svillar@igalia.com>
718
719         [WebVR] Fix VRDisplayEvent implementation
720         https://bugs.webkit.org/show_bug.cgi?id=187337
721
722         Reviewed by Žan Doberšek.
723
724         VRDisplayEvent implementation had two issues. First there were no attributes storing the
725         VRDisplay the event refers to. Secondly the VRDisplayEventReason is not mandatory so it
726         should be handled via an optional.
727
728         * Modules/webvr/VRDisplayEvent.cpp:
729         (WebCore::VRDisplayEvent::VRDisplayEvent):
730         (WebCore::VRDisplayEvent::display const): Deleted.
731         (WebCore::VRDisplayEvent::reason const): Deleted.
732         * Modules/webvr/VRDisplayEvent.h:
733
734 2018-07-04  Carlos Garcia Campos  <cgarcia@igalia.com>
735
736         REGRESSION(r233325): [GTK] Broke 40 animations tests
737         https://bugs.webkit.org/show_bug.cgi?id=187264
738
739         Reviewed by Žan Doberšek.
740
741         This is because DocumentAnimationScheduler uses DisplayRefreshMonitor, that is only used by GTK port when
742         accelerated compositing is enabled. Add a GTK display refresh monitor implementation to be used as the default.
743
744         * PlatformGTK.cmake: Add new file to compilation.
745         * platform/graphics/DisplayRefreshMonitor.cpp:
746         (WebCore::DisplayRefreshMonitor::createDefaultDisplayRefreshMonitor): Create DisplayRefreshMonitorGtk in GTK.
747         * platform/graphics/gtk/DisplayRefreshMonitorGtk.cpp: Added.
748         (WebCore::DisplayRefreshMonitorGtk::DisplayRefreshMonitorGtk):
749         (WebCore::DisplayRefreshMonitorGtk::~DisplayRefreshMonitorGtk):
750         (WebCore::onFrameClockUpdate):
751         (WebCore::DisplayRefreshMonitorGtk::requestRefreshCallback):
752         (WebCore::DisplayRefreshMonitorGtk::displayLinkFired):
753         * platform/graphics/gtk/DisplayRefreshMonitorGtk.h: Added.
754         (WebCore::DisplayRefreshMonitorGtk::create):
755
756 2018-07-04  Antti Koivisto  <antti@apple.com>
757
758         Reparse user stylesheets when _useSystemAppearance changes
759         https://bugs.webkit.org/show_bug.cgi?id=187312
760         <rdar://problem/38565834>
761
762         Reviewed by Tim Horton.
763
764         This setting may affect user stylesheet parsing. Reparse if it changes.
765
766         Test: fast/media/use-system-appearance-user-stylesheet-parsing.html
767
768         * page/Page.cpp:
769         (WebCore::Page::setUseSystemAppearance):
770         * page/Page.h:
771         (WebCore::Page::setUseSystemAppearance): Deleted.
772         * testing/Internals.cpp:
773         (WebCore::Internals::setUseSystemAppearance):
774         * testing/Internals.h:
775         * testing/Internals.idl:
776
777 2018-07-04  Thibault Saunier  <tsaunier@igalia.com>
778
779         RealtimeIncomingVideoSources: Call stop() directly in the destructor
780         https://bugs.webkit.org/show_bug.cgi?id=187303
781
782         Reviewed by Youenn Fablet.
783
784         Avoiding to call stopProducingData when we are not actually producing data.
785
786         This fixes tests that will run once the WPE/GTK PeerConnection implementation is merged.
787
788         * platform/mediastream/RealtimeIncomingVideoSource.h:
789         (WebCore::RealtimeIncomingVideoSource::~RealtimeIncomingVideoSource):
790
791 2018-07-04  Thibault Saunier  <tsaunier@igalia.com>
792
793         [GTK][WPE] Stop pushing the StreamCollection as event in GStreamerMediaStreamSource
794         https://bugs.webkit.org/show_bug.cgi?id=187304
795
796         Reviewed by Philippe Normand.
797
798         We let parsebin build the StreamCollection for us and pass extra metadata through the
799         `TAG_EVENT` pushing the collection ourself is not bringing anything but adds extra work in the
800         MediaPlayerGStreamer duplicating the STREAM_COLLECTION message for no good reason.
801
802         MediaStream layout tests already test that code path.
803
804         * platform/mediastream/gstreamer/GStreamerMediaStreamSource.cpp:
805         (WebCore::webkitMediaStreamSrcPadProbeCb):
806
807 2018-07-04  Frederic Wang  <fwang@igalia.com>
808
809         [WebIDL] Remove custom bindings for HTMLDocument
810         https://bugs.webkit.org/show_bug.cgi?id=173444
811
812         Unreviewed, add missing bugzilla link for FIXME comments.
813
814         * dom/Document.cpp:
815         (WebCore::Document::closeForBindings):
816         (WebCore::Document::write):
817         (WebCore::Document::writeln):
818
819 2018-07-04  Tim Horton  <timothy_horton@apple.com>
820
821         Introduce PLATFORM(IOSMAC)
822         https://bugs.webkit.org/show_bug.cgi?id=187315
823
824         Reviewed by Dan Bernstein.
825
826         * Configurations/Base.xcconfig:
827         * Configurations/FeatureDefines.xcconfig:
828         * Configurations/WebCore.xcconfig:
829         * Modules/geolocation/ios/GeolocationPositionIOS.mm:
830         (WebCore::GeolocationPosition::GeolocationPosition):
831         * page/cocoa/MemoryReleaseCocoa.mm:
832         (WebCore::platformReleaseMemory):
833         * platform/audio/ios/AudioSessionIOS.mm:
834         (WebCore::AudioSession::setCategory):
835         (WebCore::AudioSession::routingContextUID const):
836         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
837         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer):
838         (WebCore::MediaPlayerPrivateAVFoundationObjC::setShouldDisableSleep):
839         * platform/ios/PlatformPasteboardIOS.mm:
840         (WebCore::registerItemToPasteboard):
841         * platform/ios/WebItemProviderPasteboard.mm:
842         (-[WebItemProviderRegistrationInfoList itemProvider]):
843
844 2018-07-03  Antoine Quint  <graouts@apple.com>
845
846         [Web Animations] Make WPT test at timing-model/timelines/timelines.html pass reliably
847         https://bugs.webkit.org/show_bug.cgi?id=186508
848         <rdar://problem/41000260>
849
850         Reviewed by Dean Jackson.
851
852         The remaining failing assertion in this test assumes that the ready promise for an animation is fired
853         prior to requestAnimationFrame callbacks being fired in the current event loop such that registering
854         the requestAnimationFrame() call within the ready promise has its callback fired with the same timeline
855         time. To ensure that is true, we perform a microtask checkpoint as soon as we're done running pending
856         tasks, which will resolve the ready promise for any play-pending animations.
857
858         * animation/DocumentTimeline.cpp:
859         (WebCore::DocumentTimeline::updateAnimations):
860
861 2018-07-03  Ryosuke Niwa  <rniwa@webkit.org>
862
863         Nullptr crash accessing Document in GenericEventQueue::dispatchOneEvent()
864         https://bugs.webkit.org/show_bug.cgi?id=187284
865
866         Reviewed by Eric Carlson.
867
868         The null pointer crash was caused by some GenericEventQueue dispatching an event in a stopped document,
869         which does not have a valid script execution context because some uses of GenericEventQueue in media code
870         was not closing the queue upon stopping of all active DOM objects.
871
872         Fixed all uses of GenericEventQueue which did not suspend or stop the queue with active DOM objects.
873         Made SourceBufferList and TrackListBase (along with AudioTrackList, TextTrackList, and VideoTrackList)
874         inherit from ActiveDOMObject instead of ContextDestructionObserver to do this.
875
876         Also fixed a bug that media elements inside a template element (and other cases where the document doesn't
877         have a browsing context) were scheduling events since this would hit the newly added debug assertion in
878         GenericEventQueue::dispatchOneEvent.
879
880         Test: media/track/video-track-addition-and-frame-removal.html
881
882         * Modules/encryptedmedia/legacy/WebKitMediaKeySession.cpp:
883         (WebCore::WebKitMediaKeySession::suspend): Assert that we never try to suspend when the document has
884         this object alive since canSuspendForDocumentSuspension always returns false.
885         (WebCore::WebKitMediaKeySession::resume): Ditto.
886         (WebCore::WebKitMediaKeySession::stop): Stop the event queue to avoid the crash.
887         * Modules/encryptedmedia/legacy/WebKitMediaKeySession.h:
888         * Modules/mediasource/MediaSource.cpp:
889         (WebCore::MediaSource::removeSourceBuffer): Don't do any work to update tracks when the active DOM
890         objects are stopped since this MediaSource and the related media objects are about to be destructed.
891         (WebCore::MediaSource::suspend): Assert that m_asyncEventQueue is empty as canSuspendForDocumentSuspension
892         returns false whenever the queue is not empty.
893         (WebCore::MediaSource::resume): Ditto.
894         * Modules/mediasource/MediaSource.h:
895         * Modules/mediasource/SourceBuffer.cpp:
896         (WebCore::SourceBuffer::suspend): Ditto.
897         (WebCore::SourceBuffer::resume): Ditto.
898         (WebCore::SourceBuffer::stop): Stop the event queue to avoid the crash.
899         * Modules/mediasource/SourceBuffer.h:
900         * Modules/mediasource/SourceBufferList.cpp:
901         (WebCore::SourceBufferList): Made this an active DOM object.
902         (WebCore::SourceBufferList::SourceBufferList):
903         (WebCore::SourceBufferList::canSuspendForDocumentSuspension const): Added. Return false when there are
904         pending events to match other media code.
905         (WebCore::SourceBufferList::suspend): Added. Assert that the event queue is empty here.
906         (WebCore::SourceBufferList::resume): Ditto.
907         (WebCore::SourceBufferList::stop): Added. Stop the event queue to avoid the crash.
908         (WebCore::SourceBufferList::activeDOMObjectName const): Added.
909         * Modules/mediasource/SourceBufferList.h:
910         (WebCore::SourceBufferList): Made this an active DOM object.
911         * Modules/mediasource/SourceBufferList.idl:
912         * dom/Document.h:
913         (WebCore::Document::hasBrowsingContext const): Added.
914         * dom/GenericEventQueue.cpp:
915         (WebCore::GenericEventQueue::dispatchOneEvent): Added an assertion to catch when an event is dispatched
916         inside a stopped document, which is never correct and causes this crash down the line.
917         * html/HTMLMediaElement.cpp:
918         (WebCore::HTMLMediaElement::playInternal): Exit early when the document doesn't have a browsing context;
919         e.g. when the media element is inside a template element.
920         (WebCore::HTMLMediaElement::pauseInternal): Ditto.
921         (WebCore::HTMLMediaElement::sourceWasAdded): Ditto.
922         * html/track/AudioTrackList.cpp:
923         (AudioTrackList::activeDOMObjectName const): Added.
924         * html/track/AudioTrackList.h:
925         * html/track/AudioTrackList.idl:
926         * html/track/TextTrackList.cpp::
927         (TextTrackList::activeDOMObjectName const): Added.
928         * html/track/TextTrackList.h:
929         * html/track/TextTrackList.idl:
930         * html/track/TrackListBase.cpp:
931         (WebCore::TrackListBase): Made this an active DOM object.
932         (WebCore::TrackListBase::TrackListBase): 
933         (WebCore::TrackListBase::canSuspendForDocumentSuspension const): Added. Return false when there are pending events
934         to match other media code.
935         (WebCore::TrackListBase::suspend): Added. Assert that the event queue is empty here.
936         (WebCore::TrackListBase::resume): Ditto.
937         (WebCore::TrackListBase::stop): Added. Stop the event queue to avoid the crash.
938         * html/track/TrackListBase.h:
939         * html/track/VideoTrackList.cpp:
940         (VideoTrackList::activeDOMObjectName const): Added.
941         * html/track/VideoTrackList.h:
942         * html/track/VideoTrackList.idl:
943
944 2018-07-03  Fujii Hironori  <Hironori.Fujii@sony.com>
945
946         [cairo] Doesn't paint box-shadow with zero blur-radius
947         https://bugs.webkit.org/show_bug.cgi?id=187244
948
949         Reviewed by Žan Doberšek.
950
951         Cairo::ShadowState::isRequired() returned false if blur-radius is
952         zero.
953
954         No new tests (Covered by existing tests).
955
956         * platform/graphics/cairo/CairoOperations.cpp:
957         (WebCore::Cairo::ShadowState::isRequired const): Do not check blur
958         is zero.
959
960 2018-07-03  Ryosuke Niwa  <rniwa@webkit.org>
961
962         Add a release assert to diagnose infinite recursions in removeAllEventListeners()
963         https://bugs.webkit.org/show_bug.cgi?id=187287
964
965         Reviewed by Keith Miller.
966
967         Assert that we never re-enter removeAllEventListeners per thread.
968
969         * dom/EventTarget.cpp:
970         (WebCore::EventTarget::removeAllEventListeners):
971         * platform/ThreadGlobalData.h:
972         (WebCore::ThreadGlobalData::ThreadGlobalData::isInRemoveAllEventListeners const):
973         (WebCore::ThreadGlobalData::ThreadGlobalData::setIsInRemoveAllEventListeners):
974
975 2018-07-03  Chris Dumez  <cdumez@apple.com>
976
977         performance-api/performance-observer-no-document-leak.html is flaky
978         https://bugs.webkit.org/show_bug.cgi?id=186938
979         <rdar://problem/41379336>
980
981         Reviewed by Simon Fraser.
982
983         Add internals API to get the identifier of a document and to ask if the document with
984         a given identifier is still alive. This is helpful to write tests for document leaking
985         fixes.
986
987         * testing/Internals.cpp:
988         (WebCore::Internals::documentIdentifier const):
989         (WebCore::Internals::isDocumentAlive const):
990         * testing/Internals.h:
991         * testing/Internals.idl:
992
993 2018-07-03  Chris Dumez  <cdumez@apple.com>
994
995         Improve window.event compliance: Should not be set when target is in shadow tree
996         https://bugs.webkit.org/show_bug.cgi?id=186266
997
998         Reviewed by Ryosuke Niwa.
999
1000         Stop exposing window.event to Shadow DOM by not setting window.event if the event's target
1001         is a Node inside a shadow tree. This is as per the latest DOM specification:
1002         - https://github.com/whatwg/dom/pull/407
1003
1004         This aligns our behavior with Blink as well:
1005         - https://bugs.chromium.org/p/chromium/issues/detail?id=779461
1006
1007         Tests: imported/w3c/web-platform-tests/dom/events/event-global.html
1008                imported/w3c/web-platform-tests/dom/events/event-global.worker.html
1009
1010         * bindings/js/JSEventListener.cpp:
1011         (WebCore::JSEventListener::handleEvent):
1012
1013 2018-07-03  Chris Dumez  <cdumez@apple.com>
1014
1015         [Cocoa] Disable vnode guard related simulated crashes for WKTR / DRT and WebSQL
1016         https://bugs.webkit.org/show_bug.cgi?id=187270
1017         <rdar://problem/40674034>
1018
1019         Reviewed by Geoffrey Garen.
1020
1021         Disable vnode guard related simulated crashes for WebSQL by setting the expected
1022         environment variable, if not already set by WKTR / DRT.
1023
1024         * Modules/webdatabase/DatabaseManager.cpp:
1025         (WebCore::DatabaseManager::initialize):
1026         (WebCore::DatabaseManager::platformInitialize):
1027         * Modules/webdatabase/DatabaseManager.h:
1028         * Modules/webdatabase/cocoa/DatabaseManagerCocoa.mm: Added.
1029         (WebCore::DatabaseManager::paltformInitialize):
1030         * SourcesCocoa.txt:
1031         * WebCore.xcodeproj/project.pbxproj:
1032         * platform/FileSystem.h:
1033         * platform/posix/FileSystemPOSIX.cpp:
1034         (WebCore::FileSystem::realPath):
1035         * platform/win/FileSystemWin.cpp:
1036         (WebCore::FileSystem::realPath):
1037
1038 2018-07-03  Eric Carlson  <eric.carlson@apple.com>
1039
1040         Don't allow autoplay when the element is suspended
1041         https://bugs.webkit.org/show_bug.cgi?id=187299
1042         <rdar://problem/41044691>
1043
1044         Reviewed by Youenn Fablet.
1045         
1046         Block autoplay when a media element is suspended. Add more release logging to the methods
1047         that handle autoplay attempts to help diagnose future media playback problems.
1048
1049         * html/HTMLMediaElement.cpp:
1050         (WebCore::convertEnumerationToString): Convert PlaybackWithoutUserGesture to a string.
1051         (WebCore::HTMLMediaElement::dispatchPlayPauseEventsIfNeedsQuirks): Add logging.
1052         (WebCore::HTMLMediaElement::hardwareMutedStateDidChange): Ditto.
1053         (WebCore::HTMLMediaElement::handleAutoplayEvent): Ditto.
1054         (WebCore::HTMLMediaElement::userDidInterfereWithAutoplay): Ditto.
1055         (WebCore::HTMLMediaElement::setPlaybackWithoutUserGesture): Ditto.
1056         * html/HTMLMediaElement.h:
1057         (WTF::LogArgument<WebCore::HTMLMediaElement::PlaybackWithoutUserGesture>::toString):
1058
1059         * html/MediaElementSession.cpp:
1060         (WebCore::MediaElementSession::playbackPermitted const): Playback is not permitted when the
1061         element is suspended.
1062         * html/MediaElementSession.h:
1063
1064 2018-07-03  Zalan Bujtas  <zalan@apple.com>
1065
1066         [LFC] Generate anonymous inline box for text content.
1067         https://bugs.webkit.org/show_bug.cgi?id=187301
1068
1069         Reviewed by Antti Koivisto.
1070
1071         Always have a inline container for text content (and no dedicated text renderer).
1072
1073         * layout/layouttree/LayoutInlineBox.cpp:
1074         (WebCore::Layout::InlineBox::InlineBox):
1075         * layout/layouttree/LayoutInlineBox.h:
1076         (WebCore::Layout::InlineBox::setContent):
1077         * layout/layouttree/LayoutTreeBuilder.cpp:
1078         (WebCore::Layout::TreeBuilder::createSubTree):
1079
1080 2018-07-03  Basuke Suzuki  <Basuke.Suzuki@sony.com>
1081
1082         [Curl] Embed certificate information into ResourceResponse.
1083         https://bugs.webkit.org/show_bug.cgi?id=187102
1084
1085         Reviewed by Youenn Fablet.
1086
1087         No new tests but tested internally.
1088
1089         Collect certificate information from the communication and put them into
1090         ResourceResponse for the sake of advanced security checking and information
1091         providing to the user.
1092
1093         * platform/Curl.cmake:
1094         * platform/network/curl/CertificateInfo.cpp: Copied from Source/WebCore/platform/network/curl/CertificateInfo.h.
1095         (WebCore::CertificateInfo::CertificateInfo):
1096         (WebCore::CertificateInfo::isolatedCopy const):
1097         (WebCore::CertificateInfo::makeCertificate):
1098         * platform/network/curl/CertificateInfo.h:
1099         (WebCore::CertificateInfo::verificationError const):
1100         (WebCore::CertificateInfo::certificateChain const):
1101         (WebCore::operator==):
1102         (WebCore::CertificateInfo::CertificateInfo): Deleted.
1103         * platform/network/curl/CurlRequest.cpp:
1104         (WebCore::CurlRequest::didReceiveHeader):
1105         (WebCore::CurlRequest::didCompleteTransfer):
1106         * platform/network/curl/CurlRequest.h:
1107         (WebCore::CurlRequest::getCertificateInfo const):
1108         (WebCore::CurlRequest::getNetworkLoadMetrics const):
1109         (WebCore::CurlRequest::getNetworkLoadMetrics): Deleted.
1110         * platform/network/curl/CurlResourceHandleDelegate.cpp:
1111         (WebCore::CurlResourceHandleDelegate::curlDidReceiveResponse):
1112         (WebCore::CurlResourceHandleDelegate::curlDidComplete):
1113         * platform/network/curl/CurlSSLHandle.cpp:
1114         (WebCore::CurlSSLHandle::setHostAllowsAnyHTTPSCertificate):
1115         (WebCore::CurlSSLHandle::canIgnoredHTTPSCertificate):
1116         * platform/network/curl/CurlSSLHandle.h:
1117         * platform/network/curl/CurlSSLVerifier.cpp:
1118         (WebCore::CurlSSLVerifier::CurlSSLVerifier):
1119         (WebCore::CurlSSLVerifier::verifyCallback):
1120         (WebCore::StackOfX509::StackOfX509): For RAII. Used in pemDataFromCtx().
1121         (WebCore::StackOfX509::~StackOfX509): Ditto.
1122         (WebCore::StackOfX509::count): Ditto.
1123         (WebCore::StackOfX509::item): Ditto.
1124         (WebCore::BIOHolder::BIOHolder): Ditto.
1125         (WebCore::BIOHolder::~BIOHolder): Ditto.
1126         (WebCore::BIOHolder::write): Ditto.
1127         (WebCore::BIOHolder::asCertificate): Ditto.
1128         (WebCore::pemDataFromCtx): Become simple static function.
1129         (WebCore::convertToSSLCertificateFlags): Ditto.
1130         (WebCore::CurlSSLVerifier::certVerifyCallback): Deleted.
1131         (WebCore::CurlSSLVerifier::getPemDataFromCtx): Deleted.
1132         (WebCore::CurlSSLVerifier::convertToSSLCertificateFlags): Deleted.
1133         * platform/network/curl/CurlSSLVerifier.h:
1134         (WebCore::CurlSSLVerifier::verificationError):
1135         (WebCore::CurlSSLVerifier::certificateChain const):
1136         * platform/network/curl/ResourceError.h:
1137         * platform/network/curl/ResourceErrorCurl.cpp:
1138         (WebCore::ResourceError::isSSLConnectError const):
1139         (WebCore::ResourceError::isSSLCertVerificationError const):
1140         (WebCore::ResourceError::hasSSLConnectError const): Deleted.
1141         * platform/network/curl/ResourceResponse.h:
1142         * platform/network/curl/ResourceResponseCurl.cpp:
1143         (WebCore::ResourceResponse::setCertificateInfo):
1144         (WebCore::ResourceResponse::setDeprecatedNetworkLoadMetrics):
1145
1146 2018-07-02  Simon Fraser  <simon.fraser@apple.com>
1147
1148         Clean up the layer volatility code and logging
1149         https://bugs.webkit.org/show_bug.cgi?id=187286
1150
1151         Reviewed by Tim Horton.
1152
1153         Export a function.
1154
1155         * platform/graphics/cocoa/IOSurface.h:
1156
1157 2018-07-03  Commit Queue  <commit-queue@webkit.org>
1158
1159         Unreviewed, rolling out r233112.
1160         https://bugs.webkit.org/show_bug.cgi?id=187300
1161
1162         this revision is causing crashes on iOS 11 simulator
1163         (Requested by Truitt on #webkit).
1164
1165         Reverted changeset:
1166
1167         "[Fullscreen] Restore ASSERT_NOT_REACHED() checks in exit
1168         fullscreen handler after r231924"
1169         https://bugs.webkit.org/show_bug.cgi?id=186945
1170         https://trac.webkit.org/changeset/233112
1171
1172 2018-07-03  Chris Dumez  <cdumez@apple.com>
1173
1174         Implement support for Element.toggleAttribute
1175         https://bugs.webkit.org/show_bug.cgi?id=186883
1176
1177         Reviewed by Sam Weinig.
1178
1179         Implement support for Element.toggleAttribute as per:
1180         - https://github.com/whatwg/dom/issues/461
1181         - https://dom.spec.whatwg.org/#dom-element-toggleattribute
1182
1183         This was already implemented in Blink:
1184         - https://bugs.chromium.org/p/chromium/issues/detail?id=854960
1185
1186         Edge expressed public support:
1187         - https://github.com/whatwg/dom/issues/461#issuecomment-398206390
1188
1189         Gecko is working on it:
1190         - https://bugzilla.mozilla.org/show_bug.cgi?id=1469592
1191
1192         * dom/Element.cpp:
1193         (WebCore::Element::toggleAttribute):
1194         * dom/Element.h:
1195         * dom/Element.idl:
1196
1197 2018-07-03  Zalan Bujtas  <zalan@apple.com>
1198
1199         [LFC] Implement minimum/maximum content width logic.
1200         https://bugs.webkit.org/show_bug.cgi?id=187241
1201
1202         Reviewed by Antti Koivisto.
1203
1204         Compute the minimum/maximum content width if needed and cache the values on the formatting state.
1205
1206         * layout/FormattingContext.cpp:
1207         (WebCore::Layout::FormattingContext::computeFloatingWidthAndMargin const):
1208         (WebCore::Layout::FormattingContext::computeOutOfFlowHorizontalGeometry const):
1209         (WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):
1210         * layout/FormattingContext.h:
1211         * layout/FormattingContextGeometry.cpp:
1212         (WebCore::Layout::FormattingContext::Geometry::shrinkToFitWidth):
1213         (WebCore::Layout::FormattingContext::Geometry::outOfFlowNonReplacedHorizontalGeometry):
1214         (WebCore::Layout::FormattingContext::Geometry::floatingNonReplacedWidthAndMargin):
1215         (WebCore::Layout::FormattingContext::Geometry::outOfFlowHorizontalGeometry):
1216         (WebCore::Layout::FormattingContext::Geometry::floatingWidthAndMargin):
1217         (WebCore::Layout::shrinkToFitWidth): Deleted.
1218         * layout/FormattingState.cpp:
1219         (WebCore::Layout::FormattingState::FormattingState):
1220         * layout/FormattingState.h:
1221         (WebCore::Layout::FormattingState::setMinimumMaximumContentWidth):
1222         (WebCore::Layout::FormattingState::clearMinimumMaximumContentWidth):
1223         (WebCore::Layout::FormattingState::minimumMaximumContentWidth const):
1224         * layout/LayoutContext.cpp:
1225         (WebCore::Layout::LayoutContext::establishedFormattingState):
1226         * layout/LayoutContext.h:
1227         * layout/Verification.cpp:
1228         (WebCore::Layout::LayoutContext::verifyAndOutputMismatchingLayoutTree const):
1229         * layout/blockformatting/BlockFormattingContext.cpp:
1230         (WebCore::Layout::BlockFormattingContext::createFormattingState const):
1231         (WebCore::Layout::BlockFormattingContext::minimumMaximumContentWidth const):
1232         * layout/blockformatting/BlockFormattingContext.h:
1233         * layout/blockformatting/BlockFormattingContextGeometry.cpp:
1234         (WebCore::Layout::BlockFormattingContext::Geometry::minimumMaximumContentWidthNeedsChildrenWidth):
1235         (WebCore::Layout::BlockFormattingContext::Geometry::minimumMaximumContentWidth):
1236         * layout/blockformatting/BlockFormattingState.cpp:
1237         (WebCore::Layout::BlockFormattingState::BlockFormattingState):
1238         * layout/blockformatting/BlockFormattingState.h:
1239         * layout/inlineformatting/InlineFormattingContext.cpp:
1240         (WebCore::Layout::InlineFormattingContext::createFormattingState const):
1241         (WebCore::Layout::InlineFormattingContext::minimumMaximumContentWidth const):
1242         * layout/inlineformatting/InlineFormattingContext.h:
1243         * layout/inlineformatting/InlineFormattingState.cpp:
1244         (WebCore::Layout::InlineFormattingState::InlineFormattingState):
1245         * layout/inlineformatting/InlineFormattingState.h:
1246         * page/FrameViewLayoutContext.cpp:
1247
1248 2018-07-03  Jonathan Bedard  <jbedard@apple.com>
1249
1250         Unreviewed, rolling out r233461.
1251
1252         Assertions triggered during iOS 11 debug layout and API tests
1253
1254         Reverted changeset:
1255
1256         "[iOS] Add assert to catch improper use of WebCore::Timer in
1257         UI Process"
1258         https://bugs.webkit.org/show_bug.cgi?id=185330
1259         https://trac.webkit.org/changeset/233461
1260
1261 2018-07-03  Jer Noble  <jer.noble@apple.com>
1262
1263         Update Fullscreen anti-phishing alert text
1264         https://bugs.webkit.org/show_bug.cgi?id=187199
1265         <rdar://problem/41162543>
1266
1267         Reviewed by Brent Fulgham.
1268
1269         * English.lproj/Localizable.strings:
1270
1271 2018-07-03  Frederic Wang  <fwang@igalia.com>
1272
1273         REGRESSION (r232186): Hardware-accelerated CSS animations using steps() timing function no longer work
1274         https://bugs.webkit.org/show_bug.cgi?id=186129
1275
1276         Reviewed by Antoine Quint.
1277
1278         When the WebAnimationsCSSIntegration flag is enabled, animating the transform property with
1279         a steps() timing function no longer works. This is because the WebAnimation code wrongly
1280         assumes that the transform property can always be accelerated (for counterexamples, see
1281         GraphicsLayerCA::animationCanBeAccelerated). For consistency with AnimationBase, we make
1282         WebAnimation fallback to non-accelerated mode when RenderBoxModelObject::startAnimation
1283         fails. This addresses the regression previously mentioned.
1284
1285         Test: http/wpt/css/css-animations/start-animation-001.html
1286
1287         * animation/KeyframeEffectReadOnly.cpp:
1288         (WebCore::KeyframeEffectReadOnly::applyPendingAcceleratedActions): Fallback to
1289         non-accelerated mode if startAnimation failed.
1290
1291 2018-07-03  David Kilzer  <ddkilzer@apple.com>
1292
1293         [iOS] Add assert to catch improper use of WebCore::Timer in UI Process
1294         <https://webkit.org/b/185330>
1295         <rdar://problem/32816079>
1296
1297         Reviewed by Darin Adler.
1298
1299         * platform/RuntimeApplicationChecks.cpp:
1300         (WebCore::s_webKitProcessType): Add. Global to track process
1301         type.
1302         (WebCore::setWebKitProcessType): Implement new function that is
1303         called when initializing Web, Network, and Storage processes.
1304         (WebCore::isInNetworkProcess): Add.
1305         (WebCore::isInStorageProcess): Add.
1306         (WebCore::isInWebProcess): Add.
1307         - Check value in s_webKitProcessType to determine which process
1308           is currently running.
1309         * platform/RuntimeApplicationChecks.h:
1310         (WebCore::isInNetworkProcess): Add.
1311         (WebCore::isInStorageProcess): Add.
1312         (WebCore::isInWebProcess):
1313         - Make available for all platforms.
1314
1315         * platform/Timer.cpp:
1316         (WebCore::TimerBase::TimerBase): Add assert and os_log_fault.
1317         This catches the unwanted behavior on iOS using isAllowed().
1318         (WebCore::TimerBase::isAllowed): Add implementation.
1319         * platform/Timer.h:
1320         (WebCore::TimerBase::isAllowed): Add declaration.
1321
1322         * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
1323         (WebCore::isInWebProcess): Delete.  Replace with method in
1324         RuntimeApplicationChecks.cpp.
1325
1326 2018-07-02  Antti Koivisto  <antti@apple.com>
1327
1328         Tighter limit for canvas memory use on iOS
1329         https://bugs.webkit.org/show_bug.cgi?id=187279
1330         <rdar://problem/38420562>
1331
1332         Reviewed by Simon Fraser.
1333
1334         We allowed 448MB of canvas buffer memory. This is still too much in some cases. Painting a large
1335         canvas may also requires several other temporary canvas sized buffers getting us easily over
1336         the process size limit.
1337
1338         * html/HTMLCanvasElement.cpp:
1339         (WebCore::maxActivePixelMemory):
1340
1341         Drop to (ramSize() / 4) which computes to 224MB on 2GB devices.
1342
1343 2018-07-02  Myles C. Maxfield  <mmaxfield@apple.com>
1344
1345         [Cocoa] Google Fonts doesn't work if the user has the requested font locally-installed
1346         https://bugs.webkit.org/show_bug.cgi?id=187228
1347         <rdar://problem/40967280>
1348
1349         Reviewed by Brent Fulgham.
1350
1351         This is due to the local() items in the src: descriptor in the @font-family blocks.
1352
1353         This is because of a behavior difference between CSSFontFaceSource::load() and CSSFontFaceSource::font().
1354         load() is supposed to set the status() to Success iff the font can be used, and then CSSFontFaceSource::font()
1355         is supposed to return the font itself to use. load() works by constructing a dummy FontDescription and
1356         performing a system lookup (to see if the local font really exists). However, this dummy FontDescription
1357         doesn't set the ShouldAllowUserInstalledFonts flag. Then, in CSSFontFaceSource::font(), a similar lookup is
1358         performed, except this one has the original FontDescription (with the correct value of the
1359         ShouldAllowUserInstalledFonts flag set. Therefore, the two functions disagree about the state of the flag.
1360
1361         When the CSSFontFaceSource's status gets set to Success, that means "this is the font face source that
1362         represents the @font-face block" but when CSSFontFaceSource::font() returns nullptr, that means "The font face
1363         source can't be used for some reason" so we then continue searching down the font-family list (and render the
1364         text in Helvetica or whatever comes next).
1365
1366         The solution is simple - just set the ShouldAllowUserInstalledFonts flag correctly in the dummy
1367         FontDescription.
1368
1369         Test: fast/text/user-installed-fonts/local.html
1370
1371         * css/CSSFontFace.cpp:
1372         (WebCore::CSSFontFace::allowUserInstalledFonts const):
1373         * css/CSSFontFace.h:
1374         * css/CSSFontFaceSet.cpp:
1375         (WebCore::CSSFontFaceSet::ensureLocalFontFacesForFamilyRegistered):
1376         * css/CSSFontFaceSource.cpp:
1377         (WebCore::CSSFontFaceSource::load):
1378
1379 2018-06-29  Ryosuke Niwa  <rniwa@webkit.org>
1380
1381         Generate event and event target interface types directly instead of via macros
1382         https://bugs.webkit.org/show_bug.cgi?id=187215
1383
1384         Reviewed by Chris Dumez.
1385
1386         Made make_event_factory.pl directly generate EventInterface enum values and toJSNewlyCreated for Event,
1387         and EventTargetInterface enum values and toJS for EventTarget. Removed the code to generate EventFactory::create
1388         since it was never even compiled or used anywhere.
1389
1390         This patch faithfully replicates what the macro used to generate but we should consider always generating either
1391         toJS or toJSNewlyCreated for both interfaces in the future.
1392
1393         No new tests since there should be no observable behavioral changes.
1394
1395         * DerivedSources.make: Generate EventTargetFactory.cpp, which is used to generate toJS function for EventTarget.
1396         * Sources.txt:
1397         * WebCore.xcodeproj/project.pbxproj:
1398         * bindings/js/JSEventCustom.cpp:
1399         (WebCore::toJSNewlyCreated): Deleted. Now generated directly in EventFactory.cpp.
1400         * bindings/js/JSEventTargetCustom.cpp:
1401         (WebCore::JSEventTarget::toWrapped): Removed the use of TRY_TO_UNWRAP_WITH_INTERFACE.
1402         (WebCore::toJS): Deleted. Now generated directly in EventFactory.cpp.
1403         * bindings/scripts/InFilesCompiler.pm:
1404         (generateInterfacesHeader): Use #pragma once. Generate enum values directly. Added the support for suffixing
1405         each type name with namespace for EventTarget.
1406         * dom/Event.h: Removed the declaration of EventInterface enum. It's now directly generated in EventInterfaces.h
1407         * dom/EventNames.in: Generate toJSNewlyCreated.
1408         * dom/EventTarget.h: Removed the declaration of EventTargetInterface as it's now done in EventTargetInterfaces.h.
1409         * dom/EventTargetFactory.in: Generate toJS.
1410         * dom/make_event_factory.pl:
1411         (defaultParameters): Added two new options. factoryFunction specifies whether toJS or toJSNewlyCreated is generated,
1412         and useNamespaceAsSuffix specifies whether each entry should be suffixed by the namespace (used by EventTarget).
1413         (generateCode): Added a missing semicolon.
1414         (generateImplementation): Removed the early exit for EventTarget since we now need to generate its toJS function.
1415         Replaced the code to generate EventFactory::create by the one to generate toJS / toJSNewlyCreated.
1416
1417 2018-07-02  Zalan Bujtas  <zalan@apple.com>
1418
1419         HTML widget displays blank when playing on page
1420         https://bugs.webkit.org/show_bug.cgi?id=187272
1421         <rdar://problem/39317899>
1422
1423         Reviewed by Simon Fraser.
1424
1425         When a composited layer gains content (in this particular case, going from NoContentsLayer to ContentsLayerForMedia),
1426         we need to size the associated graphics layer accordingly (NoContentsLayer means zero sized graphics layer).  
1427
1428         Not testable on iOS.
1429
1430         * rendering/RenderLayerBacking.cpp:
1431         (WebCore::RenderLayerBacking::updateConfiguration):
1432
1433 2018-07-02  David Kilzer  <ddkilzer@apple.com>
1434
1435         Refactor InlineTextBox::emphasisMarkExistsAndIsAbove()
1436         <https://webkit.org/b/187204>
1437
1438         Reviewed by Darin Adler.
1439
1440         No new tests since there is no change in behavior.
1441
1442         Refactor emphasisMarkExistsAndIsAbove() to return a
1443         std::optional<bool> instead of returning a bool and taking a
1444         std::optional<bool> argument.  The state returned is now:
1445         - std::nullopt => emphasis mark doesn't exist or is suppressed.
1446         - false => emphasis mark exists and is not suppressed, but is not above.
1447         - true => emphasis mark exists and is not suppressed, and is above.
1448
1449         * rendering/InlineFlowBox.cpp:
1450         (WebCore::InlineFlowBox::placeBoxesInBlockDirection):
1451         (WebCore::InlineFlowBox::addTextBoxVisualOverflow):
1452         (WebCore::InlineFlowBox::computeOverAnnotationAdjustment const):
1453         (WebCore::InlineFlowBox::computeUnderAnnotationAdjustment const):
1454         - Update for refactored method.  Remove some redundant checks
1455           for TextEmphasisMark::None that already happen in
1456           emphasisMarkExistsAndIsAbove().
1457         * rendering/InlineTextBox.cpp:
1458         (WebCore::emphasisPositionHasNeitherLeftNorRight): Delete.
1459         - Replaced by an OptionSet<TextEmphasisPosition>.
1460         (WebCore::InlineTextBox::emphasisMarkExistsAndIsAbove const):
1461         - Refactor as described above.
1462         (WebCore::InlineTextBox::paintMarkedTextForeground):
1463         - Update for refactored method.
1464         * rendering/InlineTextBox.h:
1465         (WebCore::InlineTextBox::emphasisMarkExistsAndIsAbove const):
1466         - Update for new method signature.
1467
1468 2018-07-02  Megan Gardner  <megan_gardner@apple.com>
1469
1470         Enable copy paste on iOS apps for Mac
1471         https://bugs.webkit.org/show_bug.cgi?id=187194
1472         <rdar://problem/41451148>
1473
1474         Reviewed by Darin Adler.
1475
1476         Difficult to test this platform.
1477
1478         UIKit doesn't support itemProviders for iOS apps for Mac, so we need to revert to the
1479         older way of setting a dictionary of objects and keys for items. Not everything is
1480         availble in this form, and we haven't cleaned up our itemProvider code yet, so we 
1481         need to case some things out for now. Hopefully in the future, this will be implmented
1482         and can just work as expected, but for now, this is the best workaround.
1483
1484         * platform/ios/PlatformPasteboardIOS.mm:
1485         (WebCore::registerItemToPasteboard):
1486         (WebCore::PlatformPasteboard::write):
1487         (WebCore::PlatformPasteboard::readURL):
1488         * platform/ios/WebItemProviderPasteboard.h:
1489         * platform/ios/WebItemProviderPasteboard.mm:
1490         (-[WebItemProviderRegistrationInfoList itemProvider]):
1491
1492 2018-07-02  Eric Carlson  <eric.carlson@apple.com>
1493
1494         Video sometimes flickers when playing to AppleTV
1495         https://bugs.webkit.org/show_bug.cgi?id=187193
1496         <rdar://problem/40153865>
1497
1498         Reviewed by Jer Noble and Youenn Fablet.
1499         
1500         No new tests, existing test updated.
1501
1502         Delay 100ms before changing the iOS audio session category because it is an expensive and
1503         potentially disruptive operation, and changing an audio or video element configuration
1504         can result in several quick, ultimately unnecessary, category changes.
1505
1506         * platform/audio/PlatformMediaSession.cpp:
1507         (WebCore::PlatformMediaSession::clientWillBeginPlayback): Add logging.
1508
1509         * platform/audio/PlatformMediaSessionManager.cpp:
1510         (WebCore::PlatformMediaSessionManager::PlatformMediaSessionManager): Initialize timer.
1511         (WebCore::PlatformMediaSessionManager::removeSession): Deactivate audio session when there
1512         are no sessions.
1513         (WebCore::PlatformMediaSessionManager::updateSessionStateTimerFired): New, update session now.
1514         (WebCore::PlatformMediaSessionManager::updateSessionState): Add parameter.
1515         * platform/audio/PlatformMediaSessionManager.h:
1516
1517         * platform/audio/cocoa/MediaSessionManagerCocoa.cpp:
1518         (PlatformMediaSessionManager::updateSessionState): Defer update if it isn't supposed to happen
1519         immediately.
1520
1521         * platform/audio/ios/AudioSessionIOS.mm:
1522         (WebCore::AudioSession::setCategory): Drive-by: setting the audio category to nil is a noop,
1523         so don't waste time doing it.
1524         (WebCore::AudioSession::tryToSetActive): Allow other apps to resume playback when we deactivate
1525         the audio session.
1526
1527         * platform/Timer.h:
1528         (WebCore::DeferrableOneShotTimer): Add WTF_MAKE_FAST_ALLOCATED so it can be used in a unique_ptr.
1529
1530 2018-07-02  Wenson Hsieh  <wenson_hsieh@apple.com>
1531
1532         Clean up some spellchecking code
1533         https://bugs.webkit.org/show_bug.cgi?id=187238
1534
1535         Reviewed by Tim Horton.
1536
1537         A few minor tweaks to modernize some spellchecking code. No change in behavior.
1538
1539         * editing/AlternativeTextController.cpp:
1540         (WebCore::AlternativeTextController::timerFired):
1541         * editing/Editor.cpp:
1542         (WebCore::Editor::markMisspellingsAfterTypingToWord):
1543
1544         Use move semantics when passing Ranges to markAllMisspellingsAndBadGrammarInRanges.
1545
1546         (WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges):
1547
1548         Change this to take RefPtr<Range>&& instead of Range*.
1549
1550         (WebCore::Editor::markMisspellingsAndBadGrammar):
1551
1552         Remove an unnecessary call to `RefPtr::get()`.
1553
1554         * editing/Editor.h:
1555         * editing/TextCheckingHelper.cpp:
1556         (WebCore::TextCheckingParagraph::invalidateParagraphRangeValues):
1557         (WebCore::TextCheckingParagraph::checkingStart const):
1558         (WebCore::TextCheckingParagraph::checkingEnd const):
1559         (WebCore::TextCheckingParagraph::checkingLength const):
1560         (WebCore::TextCheckingParagraph::automaticReplacementStart const):
1561         (WebCore::TextCheckingParagraph::automaticReplacementLength const):
1562
1563         Currently, all of these cached range offsets are `int`s, and use a value of -1 to denote that their values are
1564         missing and must be recomputed. Instead, make these `std::optional`s and let `std::nullopt` represent the
1565         missing value.
1566
1567         * editing/TextCheckingHelper.h:
1568
1569 2018-07-02  Antoine Quint  <graouts@apple.com>
1570
1571         Crash in WebCore::WebAnimation::timeToNextRequiredTick when running imported/w3c/web-platform-tests/web-animations/interfaces/Animatable/animate-no-browsing-context.html
1572         https://bugs.webkit.org/show_bug.cgi?id=187145
1573
1574         Reviewed by Dean Jackson.
1575
1576         Ensure we have a resolved time value before trying to use it.
1577
1578         * animation/WebAnimation.cpp:
1579         (WebCore::WebAnimation::timeToNextRequiredTick const):
1580
1581 2018-07-02  Antoine Quint  <graouts@apple.com>
1582
1583         [Web Animations] Crash in KeyframeEffectReadOnly::applyPendingAcceleratedActions()
1584         https://bugs.webkit.org/show_bug.cgi?id=187139
1585
1586         Reviewed by Dean Jackson.
1587
1588         Ensure we have a resolved time value before trying to use it.
1589
1590         * animation/KeyframeEffectReadOnly.cpp:
1591         (WebCore::KeyframeEffectReadOnly::applyPendingAcceleratedActions):
1592
1593 2018-07-02  Youenn Fablet  <youenn@apple.com>
1594
1595         Reject getUserMedia promise if capture fails
1596         https://bugs.webkit.org/show_bug.cgi?id=187190
1597
1598         Reviewed by Eric Carlson.
1599
1600         In case PendingActivationMediaStream is notified of a change,
1601         Check whether any track failed to capture.
1602         If so, reject the promise.
1603         Add more release logging in error case.
1604
1605         Covered by manual testing.
1606
1607         * Modules/mediastream/UserMediaRequest.cpp:
1608         (WebCore::UserMediaRequest::PendingActivationMediaStream::~PendingActivationMediaStream):
1609         (WebCore::UserMediaRequest::PendingActivationMediaStream::characteristicsChanged):
1610         (WebCore::UserMediaRequest::mediaStreamIsReady):
1611         (WebCore::UserMediaRequest::mediaStreamDidFail):
1612         * Modules/mediastream/UserMediaRequest.h:
1613         * platform/mediastream/MediaStreamPrivate.h:
1614         * platform/mediastream/RealtimeMediaSource.cpp:
1615         (WebCore::RealtimeMediaSource::captureFailed):
1616         * platform/mediastream/mac/AVVideoCaptureSource.mm:
1617         (WebCore::AVVideoCaptureSource::setupCaptureSession):
1618
1619 2018-07-01  Fujii Hironori  <Hironori.Fujii@sony.com>
1620
1621         [WK2] fast/parser/document-open-in-unload.html makes the following test crash
1622         https://bugs.webkit.org/show_bug.cgi?id=98345
1623         <rdar://problem/12474923>
1624
1625         Reviewed by Ryosuke Niwa.
1626
1627         m_documentLoader can become null in the middle of
1628         FrameLoader::commitProvisionalLoad by stopping the loading.
1629
1630         No new tests (Covered by existing tests).
1631
1632         * loader/FrameLoader.cpp:
1633         (WebCore::FrameLoader::commitProvisionalLoad): Do null check of m_documentLoader.
1634
1635 2018-07-01  Myles C. Maxfield  <mmaxfield@apple.com>
1636
1637         [Cocoa] LastResort in the font family list causes emoji with joiners to be rendered as multiple .notdef characters
1638         https://bugs.webkit.org/show_bug.cgi?id=187209
1639         <rdar://problem/40920785>
1640
1641         Reviewed by Darin Adler.
1642
1643         Inside our complex text codepath, we perform our own font fallback, which
1644         includes a function that asks "can this font support this grapheme cluster?"
1645         Because of the mechanics of how fonts work, the implementation of this
1646         function is "Does the font's cmap table support every character of the
1647         cluster?" We were using Font::glyphForCharacter() to determine this; however,
1648         this function maps certain control characters to the zero width space
1649         character (with the intention that these control characters shouldn't be
1650         visible in the fast text codepath). That replacement, however, was causing
1651         us to get false negatives, because Apple Color Emoji doesn't support zero
1652         width space. Therefore, Apple Color Emoji was looking like it didn't support
1653         emoji combining sequences.
1654
1655         The best solution to this would be to get Font::glyphForCharacter() to stop
1656         performing these replacements (see https://bugs.webkit.org/show_bug.cgi?id=187166).
1657         However, that is too risky of a change to be making right now. Instead,
1658         a more localized solution is to implement a version of "Does the font's cmap
1659         table support every character of the cluster" that doesn't perform the
1660         substitutions. This patch does exactly that, and uses a bit vector to cache
1661         the results. In order to not have a giant bit vector, we take the old code
1662         path if we know the substitutions won't affect us (and uses ASSERT()s to 
1663         validate this) so the bit vector only holds at maximum 3 words of storage.
1664
1665         Test: fast/text/emoji-with-joiner.html
1666
1667         * platform/graphics/Font.cpp:
1668         (WebCore::codePointSupportIndex):
1669         (WebCore::createAndFillGlyphPage):
1670         (WebCore::Font::platformSupportsCodePoint const):
1671         (WebCore::Font::supportsCodePoint const):
1672         (WebCore::Font::canRenderCombiningCharacterSequence const):
1673         * platform/graphics/Font.h:
1674         * platform/graphics/cocoa/FontCocoa.mm:
1675         (WebCore::Font::platformSupportsCodePoint const):
1676
1677 2018-07-01  Wenson Hsieh  <wenson_hsieh@apple.com>
1678
1679         [macOS] Text replacements that end with symbols are expanded immediately
1680         https://bugs.webkit.org/show_bug.cgi?id=187225
1681         <rdar://problem/41112433>
1682
1683         Reviewed by Darin Adler.
1684
1685         In shipping Safari, enabling grammar correction causes text shortcuts that end with symbols or punctuation marks
1686         to immediately trigger when typing; normally, when grammar correction is off, this is only triggered after the
1687         user has additionally inserted a punctuation mark or whitespace character after the replaced text.
1688
1689         This bug happens because enabling grammar checking causes the spell checking range to expand to the range of the
1690         full sentence, so any text checking results that replace an existing range are triggered as long as they end
1691         anywhere in the sentence. In contrast, when grammar checking is disabled, the spell checking range is limited to
1692         the nearest adjacent word, which prevents text replacement from occurring elsewhere in the sentence.
1693
1694         However, after r232530, we now always expand the spell checking range to the extent of the sentence when a word
1695         is typed regardless of whether grammar checking is enabled, which means that the issue described above now
1696         happens everywhere. To fix this recent regression and the existing bug, we:
1697
1698         -   Augment our spellchecking codepaths to include a new automatic text replacement range, alongside
1699             spellchecking and paragraph ranges.
1700         -   Let this automatic text replacement range be the range of the adjacent word in the case where the user has
1701             finished typing a word.
1702         -   When marking and replacing text checking results, consult this new automatic text replacement instead of the
1703             spellchecking range.
1704
1705         This keeps the behavior grammar and sentence retro correction results intact, while limiting the scope in which
1706         text replacement results are applied.
1707
1708         Test: editing/spelling/text-replacement-after-typing-to-word.html
1709
1710         * editing/AlternativeTextController.cpp:
1711         (WebCore::AlternativeTextController::timerFired):
1712         * editing/Editor.cpp:
1713         (WebCore::Editor::replaceSelectionWithFragment):
1714         (WebCore::Editor::markMisspellingsAfterTypingToWord):
1715
1716         Pass in the adjacent word range for the `automaticReplacementRange`, instead of the spell checking range (which
1717         may be extended to the full range of the sentence).
1718
1719         (WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges):
1720
1721         Add an `automaticReplacementRange` argument to markAllMisspellingsAndBadGrammarInRanges, and adjust call sites
1722         to pass in a range (generally the same as the spell checking range, but in the case where a word has been typed,
1723         this is a narrower range).
1724
1725         (WebCore::correctSpellcheckingPreservingTextCheckingParagraph):
1726         (WebCore::Editor::markAndReplaceFor):
1727
1728         When replacing text, only allow text replacement in the automatic replacement range rather than the spell
1729         checking range.
1730
1731         (WebCore::Editor::markMisspellingsAndBadGrammar):
1732         * editing/Editor.h:
1733         * editing/SpellChecker.cpp:
1734         (WebCore::SpellCheckRequest::SpellCheckRequest):
1735
1736         Add a new version of this constructor that takes a single Range representing both the spellchecking range and
1737         the automatic text replacement range, for convenience.
1738
1739         (WebCore::SpellCheckRequest::create):
1740         * editing/SpellChecker.h:
1741
1742         Add plumbing for the automatic replacement range.
1743
1744         (WebCore::SpellCheckRequest::automaticReplacementRange const):
1745         * editing/TextCheckingHelper.cpp:
1746
1747         Add plumbing for the automatic replacement range, and new helpers to locate the range as offsets within the
1748         text checking paragraph range.
1749
1750         (WebCore::TextCheckingParagraph::TextCheckingParagraph):
1751         (WebCore::TextCheckingParagraph::invalidateParagraphRangeValues):
1752         (WebCore::TextCheckingParagraph::automaticReplacementStart const):
1753         (WebCore::TextCheckingParagraph::automaticReplacementLength const):
1754         * editing/TextCheckingHelper.h:
1755
1756 2018-06-30  David Kilzer  <ddkilzer@apple.com>
1757
1758         Follow-up: Fix clang static analyzer warnings: Garbage return value
1759         <https://webkit.org/b/187224>
1760
1761         Address review feedback from Eric Carlson.
1762
1763         * platform/mediastream/MediaConstraints.h:
1764         (WebCore::NumericConstraint::valueForCapabilityRange const):
1765         - Use brace initialization for more local variables.
1766
1767 2018-06-30  Michael Catanzaro  <mcatanzaro@igalia.com>
1768
1769         Asan false positive: stack use after scope under WebCore::ApplyPropertyBorderImageModifier in WebCore::Length::Length(WebCore::Length&&)
1770         https://bugs.webkit.org/show_bug.cgi?id=186980
1771         <rdar://problem/41409838>
1772
1773         Reviewed by Oliver Hunt.
1774
1775         We believe that we have found a bug in GCC's address sanitizer. It is blocking work on other
1776         issues, so work around it by changing a temporary into a local variable.
1777
1778         * css/StyleBuilderCustom.h:
1779         (WebCore::ApplyPropertyBorderImageModifier::applyInitialValue):
1780
1781 2018-06-30  David Kilzer  <ddkilzer@apple.com>
1782
1783         Fix clang static analyzer warnings: Garbage return value
1784         <https://webkit.org/b/187224>
1785
1786         Reviewed by Eric Carlson.
1787
1788         * platform/mediastream/MediaConstraints.h:
1789         (WebCore::NumericConstraint::valueForCapabilityRange const):
1790         - Use brace initialization for local variables.
1791
1792 2018-06-30  Zalan Bujtas  <zalan@apple.com>
1793
1794         [LFC] Do not add the containing block's offset while computing the out-of-flow static position.
1795         https://bugs.webkit.org/show_bug.cgi?id=187202
1796
1797         Reviewed by Antti Koivisto.
1798
1799         The static position for an out-of-flow elements is
1800         1. the distance from the parent's border box.
1801         2. climbing up on the containing block chain and offset the containers until we reach the out-of-flow element's containing block.
1802
1803         * layout/FormattingContextGeometry.cpp:
1804         (WebCore::Layout::staticVerticalPositionForOutOfFlowPositioned):
1805         (WebCore::Layout::staticHorizontalPositionForOutOfFlowPositioned):
1806
1807 2018-06-30  Zalan Bujtas  <zalan@apple.com>
1808
1809         [LFC] If the top and bottom margins of a box are adjoining, then it is possible for margins to collapse through it.
1810         https://bugs.webkit.org/show_bug.cgi?id=187220
1811
1812         Reviewed by Antti Koivisto.
1813
1814         * layout/blockformatting/BlockMarginCollapse.cpp:
1815         (WebCore::Layout::isMarginBottomCollapsedThrough):
1816         (WebCore::Layout::BlockFormattingContext::MarginCollapse::collapsedMarginTopFromFirstChild):
1817         (WebCore::Layout::BlockFormattingContext::MarginCollapse::marginTop):
1818         (WebCore::Layout::BlockFormattingContext::MarginCollapse::marginBottom):
1819         (WebCore::Layout::BlockFormattingContext::MarginCollapse::isMarginBottomCollapsedWithParent):
1820         (WebCore::Layout::BlockFormattingContext::MarginCollapse::collapsedMarginBottomFromLastChild):
1821
1822 2018-06-30  Zalan Bujtas  <zalan@apple.com>
1823
1824         [LFC] Adjust final out-of-flow position with the computed margin value.
1825         https://bugs.webkit.org/show_bug.cgi?id=187219
1826
1827         Reviewed by Antti Koivisto.
1828
1829         * layout/FormattingContext.cpp:
1830         (WebCore::Layout::FormattingContext::computeOutOfFlowVerticalGeometry const):
1831         (WebCore::Layout::FormattingContext::computeOutOfFlowHorizontalGeometry const):
1832
1833 2018-06-29  Antoine Quint  <graouts@apple.com>
1834
1835         [Web Animations] Make WPT test at timing-model/timelines/document-timelines.html pass reliably
1836         https://bugs.webkit.org/show_bug.cgi?id=186507
1837         <rdar://problem/41000257>
1838
1839         Reviewed by Dean Jackson.
1840
1841         The Web Animations spec, along with the HTML5 event loop spec, specify some assumptions on the time reported by
1842         document.timeline.currentTime:
1843
1844         - it should only increase once per frame
1845         - it should have the same value as the timestamp passed to requestAnimationFrame() callbacks
1846
1847         The WPT test at web-platform-tests/web-animations/timing-model/timelines/document-timelines.html relies on these
1848         assumptions to be true so that we check that the start time of a new animation is not the same as the timeline time
1849         when it was created, since it will be in the "play-pending" state for a frame.
1850
1851         In order to support this, we add two new methods on DocumentAnimationScheduler. First, when a scheduled display update
1852         fires, we record the timestamp and expose it via lastTimestamp() such that DocumentTimeline and ScriptedAnimationController
1853         can use the same value when updating animations. Then, to know whether code is run as a result of a display update, we
1854         expose isFiring().
1855
1856         Now, within DocumentTimeline::currentTime(), we can cache the current time this way:
1857
1858         - if we're in the middle of a display update, use the value returned by lastTimestamp().
1859         - otherwise, compute what would have been the ideal number of frames (at 60fps or less if throttled) and add those to
1860         the lastTimestamp() value.
1861
1862         Then, we remove this cached current time when both currently-running JavaScript has completed and all animation update
1863         code has completed by waiting on the invalidation task to run.
1864
1865         * animation/DocumentAnimationScheduler.cpp:
1866         (WebCore::DocumentAnimationScheduler::displayRefreshFired):
1867         * animation/DocumentAnimationScheduler.h:
1868         (WebCore::DocumentAnimationScheduler::lastTimestamp):
1869         (WebCore::DocumentAnimationScheduler::isFiring const):
1870         * animation/DocumentTimeline.cpp:
1871         (WebCore::DocumentTimeline::currentTime):
1872         (WebCore::DocumentTimeline::performInvalidationTask):
1873         (WebCore::DocumentTimeline::maybeClearCachedCurrentTime):
1874         * animation/DocumentTimeline.h:
1875         * dom/ScriptedAnimationController.cpp:
1876         (WebCore::ScriptedAnimationController::serviceScriptedAnimations):
1877         (WebCore::ScriptedAnimationController::documentAnimationSchedulerDidFire):
1878
1879 2018-06-29  Nan Wang  <n_wang@apple.com>
1880
1881         Crash under WebCore::AXObjectCache::handleMenuItemSelected
1882         https://bugs.webkit.org/show_bug.cgi?id=186918
1883         <rdar://problem/41365984>
1884
1885         Reviewed by Chris Fleizach.
1886
1887         When a node is being destroyed, we deregister it from the AX cache through the Node's destructor.
1888         But we did not remove the corresponding entry from the m_deferredFocusedNodeChange list. It would
1889         then lead to a crash if we try to access the deleted node from m_deferredFocusedNodeChange.
1890         Fixed it by removing the entry if the newly focused node is being destroyed.
1891
1892         Test: accessibility/accessibility-crash-focused-element-change.html
1893
1894         * accessibility/AXObjectCache.cpp:
1895         (WebCore::AXObjectCache::remove):
1896
1897 2018-06-29  Antti Koivisto  <antti@apple.com>
1898
1899         REGRESSION (r232806): Facebook login fields have blue fill background instead of white
1900         https://bugs.webkit.org/show_bug.cgi?id=187207
1901         <rdar://problem/41606349>
1902
1903         Reviewed by Tim Horton.
1904
1905         This happens because a 'prefers-dark-interface' media query on UA sheet always evaluates to true in dark mode.
1906
1907         Tests: fast/forms/input-background-ua-media-query.html
1908
1909         * css/MediaQueryEvaluator.cpp:
1910         (WebCore::prefersDarkInterfaceEvaluate):
1911
1912         Make prefers-dark-interface media query match only when using system appearance.
1913
1914 2018-06-29  Daniel Bates  <dabates@apple.com>
1915
1916         REGRESSION (r230921): Cannot log in to forums.swift.org using GitHub account
1917         https://bugs.webkit.org/show_bug.cgi?id=187197
1918         <rdar://problem/40420821>
1919
1920         Reviewed by Brent Fulgham.
1921
1922         Fixes an issue where a Same-Site cookies are not sent with any child window load if the
1923         load is cross-origin with respect to the window's opener. One example where this issue
1924         manifest itself was in the GitHub sign in flow on forums.swift.org.
1925
1926         Currently we always consider the origin of the window's opener (if we have one) when
1927         determining whether a frame load request is same-origin and hence should send Same-Site
1928         cookies when performing the request. So, when page A.com opens a child window to B.com and
1929         then a person clicks a hyperlink or submits a form to B.com/b2 then we do not send Same-
1930         Site cookies with the request to B.com/b2 (because its origin, B.com, is cross-origin
1931         with its opener, A.com). But we should send Same-Site cookies with the request to B.com/b2
1932         because it is same-origin with the page that initiated the request, B.com. Instead of
1933         always considering the origin the window's opener for every frame load we should only
1934         consider it for the first non-empty document load.
1935
1936         Tests: http/tests/cookies/same-site/fetch-in-about-blank-popup.html
1937                http/tests/cookies/same-site/post-from-cross-site-popup.html
1938
1939         * loader/FrameLoader.cpp:
1940         (WebCore::FrameLoader::addExtraFieldsToRequest):
1941
1942 2018-06-29  Nan Wang  <n_wang@apple.com>
1943
1944         AX: [iOS] VoiceOver scroll position is jumpy in frames
1945         https://bugs.webkit.org/show_bug.cgi?id=186956
1946
1947         Reviewed by Simon Fraser.
1948
1949         iOS is using delegate scrolling and we should not take into account
1950         the scroll offset when converting rects.
1951
1952         Also fixed a issue where we want to scroll the element into view even
1953         if it's partially visible.
1954
1955         Test: fast/scrolling/ios/iframe-scroll-into-view.html
1956
1957         * accessibility/AccessibilityObject.cpp:
1958         (WebCore::AccessibilityObject::scrollToMakeVisible const):
1959         * platform/ScrollView.cpp:
1960         (WebCore::ScrollView::contentsToContainingViewContents const):
1961
1962 2018-06-29  Chris Dumez  <cdumez@apple.com>
1963
1964         WebKitLegacy: Can trigger recursive loads triggering debug assertions
1965         https://bugs.webkit.org/show_bug.cgi?id=187121
1966         <rdar://problem/41259430>
1967
1968         Reviewed by Brent Fulgham.
1969
1970         In order to support asynchronous policy delegates, r229722 added a call to
1971         FrameLoader::clearProvisionalLoadForPolicyCheck() when starting a navigation
1972         policy decision in PolicyChecker::checkNavigationPolicy(). This calls
1973         stopLoading() on the current provisional loader if there is one, and potentially
1974         calls the didFailProvisionalLoadWithError cleint delegate. This delegate call
1975         is synchronous on WebKit1, so the client may start a new load from this delegate
1976         and re-enter Webcore. This happens in practive with Quickens 2017 / 2018 on Mac.
1977
1978         Before r229722, this was not an issue because pending loads were canceled after
1979         the (asynchronous) navigation policy decision, via FrameLoader::stopAllLoaders().
1980         FrameLoader::stopAllLoaders() sets a m_inStopAllLoaders flag and we return early
1981         in FrameLoader::loadRequest() when this flag is set to prevent recursive loads.
1982
1983         To maintain shipping behavior as much as possible, this patch introduces a similar
1984         inClearProvisionalLoadForPolicyCheck which gets set during
1985         FrameLoader::clearProvisionalLoadForPolicyCheck() and we prevent new loads while
1986         this flag is set.
1987
1988         I have verified that Quickens 2017 / 2018 works again after this change and I added
1989         API test coverage for this behavior.
1990
1991         * loader/FrameLoader.cpp:
1992         (WebCore::FrameLoader::loadURL):
1993         (WebCore::FrameLoader::load):
1994         (WebCore::FrameLoader::clearProvisionalLoadForPolicyCheck):
1995         * loader/FrameLoader.h:
1996
1997 2018-06-25  Said Abou-Hallawa  <sabouhallawa@apple.com>
1998
1999         Infinite loop if a <use> element references its ancestor and the DOMNodeInserted event handler of one its ancestor's descents updates the document style
2000         https://bugs.webkit.org/show_bug.cgi?id=186925
2001
2002         Reviewed by Antti Koivisto.
2003
2004         This patches fixes two issues:
2005         -- SVGTRefTargetEventListener should not assume it has to be attached to
2006         target when its handleEvent() is called.
2007         Because SVGTRefTargetEventListener::handleEvent() references the target
2008         element, we just return if the listener is detached.
2009
2010         -- The <use> element should not clone its shadow tree if it references one
2011         of its ancestors. The DOMNodeInserted of any node in the target element
2012         tree may issue a document command. This document command will cause the 
2013         shadow tree to be re-cloned so this will cause infinite loop to happen.
2014
2015         Test: svg/dom/svg-use-infinite-loop-cloning.html
2016
2017         * svg/SVGTRefElement.cpp:
2018         (WebCore::SVGTRefTargetEventListener::handleEvent):
2019         * svg/SVGUseElement.cpp:
2020         (WebCore::SVGUseElement::updateShadowTree):
2021
2022 2018-06-29  Manuel Rego Casasnovas  <rego@igalia.com>
2023
2024         [WPE] Three CSS Grid Layout tests crash due to valueless std::optional access
2025         https://bugs.webkit.org/show_bug.cgi?id=186752
2026
2027         Reviewed by Frédéric Wang.
2028
2029         This is a simple fix for the crash we're getting on WPE
2030         in IndefiniteSizeStrategy::freeSpaceForStretchAutoTracksStep().
2031
2032         Covered by existent tests, just remove them from TestExpectations file.
2033
2034         * rendering/GridTrackSizingAlgorithm.cpp:
2035         (WebCore::IndefiniteSizeStrategy::freeSpaceForStretchAutoTracksStep const):
2036         Check if minSize is null before trying to access it's value.
2037
2038 2018-06-29  David Fenton  <david_fenton@apple.com>
2039
2040         Unreviewed, rolling out r233349.
2041
2042         caused 42 crashes on iOS GuardMalloc and iOS ASan tests
2043
2044         Reverted changeset:
2045
2046         "[Web Animations] Using a Web Animation leaks the Document"
2047         https://bugs.webkit.org/show_bug.cgi?id=187088
2048         https://trac.webkit.org/changeset/233349
2049
2050 2018-06-29  Jer Noble  <jer.noble@apple.com>
2051
2052         Returning PiP'd video to fullscreen while playing leaves video muted.
2053         https://bugs.webkit.org/show_bug.cgi?id=187181
2054         <rdar://problem/41408335>
2055
2056         Reviewed by Eric Carlson.
2057
2058         Test: media/picture-in-picture-interruption.html
2059
2060         Don't reset the media session's state at the end of an interruption if it wasn't changed an the beginning of one.
2061
2062         * platform/audio/PlatformMediaSession.cpp:
2063         (WebCore::PlatformMediaSession::endInterruption):
2064         * testing/Internals.cpp:
2065         (WebCore::Internals::mediaSessionState):
2066         * testing/Internals.h:
2067         * testing/Internals.idl:
2068
2069 2018-06-29  Zalan Bujtas  <zalan@apple.com>
2070
2071         [LFC] When the formatting root is also a containing block for out-of-flow elements.
2072         https://bugs.webkit.org/show_bug.cgi?id=187179
2073
2074         Reviewed by Antti Koivisto.
2075
2076         Out-of-flow descendants' layout requires their containing block height to be computed. This patch takes care of the case
2077         when the containing block is also a formatting context root (e.g. relative positioned with overflow other than visible).
2078
2079         * layout/Verification.cpp:
2080         (WebCore::Layout::LayoutContext::verifyAndOutputMismatchingLayoutTree const):
2081         * layout/blockformatting/BlockFormattingContext.cpp:
2082         (WebCore::Layout::BlockFormattingContext::layoutFormattingContextRoot const):
2083
2084 2018-06-29  Zalan Bujtas  <zalan@apple.com>
2085
2086         [LFC] Do not skip the next inflow sibling after finishing a formatting context root layout.
2087         https://bugs.webkit.org/show_bug.cgi?id=187178
2088
2089         Reviewed by Antti Koivisto.
2090
2091         Since the block formatting layout is based on pre-order traversal, after finishing a formatting
2092         context layout (which takes care of its entire subtre), we need to visit the next (in-flow)sibling. 
2093
2094         * layout/blockformatting/BlockFormattingContext.cpp:
2095         (WebCore::Layout::BlockFormattingContext::layout const):
2096
2097 2018-06-29  Zalan Bujtas  <zalan@apple.com>
2098
2099         [LFC] The static position for an out-of-flow box should include the previous sibling's collapsed margin
2100         https://bugs.webkit.org/show_bug.cgi?id=187169
2101
2102         Reviewed by Antti Koivisto.
2103
2104         When computing the static position of an absolutely positioned box, we need to look at the previous sibling's bottom margin.
2105         If the previous sibling happens to collapse its bottom margin with the parent's bottom margin, we still need to account for it
2106         and compute the static vertical position as if the bottom margin was not collapsed.
2107
2108         * layout/FormattingContext.cpp:
2109         (WebCore::Layout::FormattingContext::computeFloatingHeightAndMargin const):
2110         (WebCore::Layout::FormattingContext::computeOutOfFlowVerticalGeometry const):
2111         * layout/FormattingContextGeometry.cpp:
2112         (WebCore::Layout::staticVerticalPositionForOutOfFlowPositioned):
2113         * layout/LayoutContext.cpp:
2114         (WebCore::Layout::LayoutContext::initializeRoot):
2115         * layout/Verification.cpp:
2116         (WebCore::Layout::outputMismatchingBoxInformationIfNeeded):
2117         * layout/blockformatting/BlockFormattingContext.cpp:
2118         (WebCore::Layout::BlockFormattingContext::computeInFlowHeightAndMargin const):
2119         * layout/displaytree/DisplayBox.cpp:
2120         (WebCore::Display::Box::nonCollapsedMarginBox const):
2121         * layout/displaytree/DisplayBox.h:
2122         (WebCore::Display::Box::setHasValidVerticalNonCollapsedMargin):
2123         (WebCore::Display::Box::setVerticalMargin):
2124         (WebCore::Display::Box::setVerticalNonCollapsedMargin):
2125         (WebCore::Display::Box::nonCollapsedMarginTop const):
2126         (WebCore::Display::Box::nonCollapsedMarginBottom const):
2127
2128 2018-06-27  Antoine Quint  <graouts@apple.com>
2129
2130         [Web Animations] Using a Web Animation leaks the Document
2131         https://bugs.webkit.org/show_bug.cgi?id=187088
2132         <rdar://problem/41392046>
2133
2134         Reviewed by Dean Jackson.
2135
2136         Test: webanimations/leak-document-with-web-animation.html
2137
2138         We need to ensure that any remaining animation is cleared when the DocumentTimeline is detached from its Document.
2139         We rename WebAnimation::prepareAnimationForRemoval() to WebAnimation::remove() since it really actively disassociates
2140         the animation from its timeline.
2141
2142         * animation/AnimationTimeline.cpp:
2143         (WebCore::AnimationTimeline::removeAnimationsForElement): We no longer need the call to removeAnimation()
2144         since the new WebAnimation::remove() method will also set the timeline to null which will eventually call
2145         removeAnimation() on the disassociated timeline.
2146         * animation/DeclarativeAnimation.cpp:
2147         (WebCore::DeclarativeAnimation::remove):
2148         (WebCore::DeclarativeAnimation::prepareAnimationForRemoval): Deleted.
2149         * animation/DeclarativeAnimation.h:
2150         * animation/DocumentTimeline.cpp:
2151         (WebCore::DocumentTimeline::detachFromDocument): Call remove() on all known animations.
2152         * animation/WebAnimation.cpp:
2153         (WebCore::WebAnimation::remove): Set the timeline to null to fully disassociate this animation from its timeline.
2154         (WebCore::WebAnimation::setTimeline): Factor the internal timeline-association code out of this JS API method so
2155         that we can call this code without any JS-facing implications.
2156         (WebCore::WebAnimation::setTimelineInternal):
2157         (WebCore::WebAnimation::prepareAnimationForRemoval): Deleted.
2158         * animation/WebAnimation.h:
2159
2160 2018-06-28  Zalan Bujtas  <zalan@apple.com>
2161
2162         [LFC] Out-of-flow positioned height does not necessarily equal to "bottom - top".
2163         https://bugs.webkit.org/show_bug.cgi?id=187168
2164
2165         Reviewed by Antti Koivisto.
2166
2167         According to the spec "For absolutely positioned elements, the used values of the vertical dimensions must satisfy this constraint:
2168         'top' + 'margin-top' + 'border-top-width' + 'padding-top' + 'height' + 'padding-bottom' + 'border-bottom-width' + 'margin-bottom' + 'bottom' = height of containing block"
2169         With a non-auto "height" value, the bottom - top does not necessarily compute to the height of the element.
2170
2171         * layout/FormattingContext.cpp:
2172         (WebCore::Layout::FormattingContext::computeOutOfFlowVerticalGeometry const):
2173
2174 2018-06-28  Olivia Barnett  <obarnett@apple.com>
2175
2176         Find in page for typographic quotes does not find low (German) quotes
2177         https://bugs.webkit.org/show_bug.cgi?id=187164
2178         <rdar://problem/29612785>
2179
2180         Reviewed by Tim Horton.
2181
2182         Added additional quote test to LayoutTests/fast/text/find-quotes.html.
2183
2184         Added functionality to replace German quotes when matching.
2185
2186         * editing/TextIterator.cpp:
2187         (WebCore::foldQuoteMark):
2188         (WebCore::foldQuoteMarks):
2189
2190 2018-06-28  Antti Koivisto  <antti@apple.com>
2191
2192         REGRESSION (233281): fast/dom/location-new-window-no-crash.html and some other tests are timing out
2193         https://bugs.webkit.org/show_bug.cgi?id=187156
2194
2195         Reviewed by Zalan Bujtas.
2196
2197         We need still need to re-enable memory cache client calls even when not doing other post-resolution callbacks.
2198
2199         * style/StyleTreeResolver.cpp:
2200         (WebCore::Style::memoryCacheClientCallsResumeQueue):
2201
2202         Add a separate queue for this.
2203
2204         (WebCore::Style::suspendMemoryCacheClientCalls):
2205         (WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler):
2206
2207 2018-06-28  Wenson Hsieh  <wenson_hsieh@apple.com>
2208
2209         [iOS] DataTransfer.getData always returns the empty string when dropping text
2210         https://bugs.webkit.org/show_bug.cgi?id=187130
2211         <rdar://problem/41014117>
2212
2213         Reviewed by Ryosuke Niwa.
2214
2215         Currently, DataTransfer.getData() always returns the empty string on drop. This is because all data on drop is
2216         backed by local files in the temporary directory, so the number of files is never 0; this, combined with the
2217         fact that WebKit will suppress access to the DataTransfer object if there is one or more file in the pasteboard,
2218         means that getData() never works for drag and drop on iOS at the moment. To fix this, we need to know whether a
2219         dropped item provider is a file.
2220
2221         Ideally, we'd have a flag to tell us whether or not an NSItemProvider being dropped is a file, or instead just
2222         inline data - in fact, this flag already exists in the form of UIPreferredPresentationStyle. Unfortunately, not
2223         all apps that vend draggable files specify this, so we can't simply ask the item provider whether it's intended
2224         to be a file. As a workaround, we can use several heuristics to determine the "file content state" of the drag
2225         pasteboard on iOS (see below for more details).
2226
2227         This patch adds some plumbing through the client layers to grab a list of item information describing each
2228         dropped item provider on iOS. Using this information, we tweak the logic in Pasteboard::fileContentState to make
2229         an educated guess at whether or not the pasteboard really contains files; if we determine that the pasteboard
2230         probably contains no files, we'll allow DataTransfer.getData() to retrieve information from the pasteboard.
2231         Otherwise, if the pasteboard may contain files, we'll fall back to our current behavior of including the "Files"
2232         type in DataTransfer.types and allowing the page to grab file data using DataTransfer.files or
2233         DataTransfer.items.
2234
2235         Tests:  DataInteractionTests.DataTransferGetDataReadPlainAndRichText
2236                 DataInteractionTests.DataTransferSuppressGetDataDueToPresenceOfTextFile
2237
2238         * dom/DataTransfer.cpp:
2239         (WebCore::DataTransfer::filesFromPasteboardAndItemList const):
2240
2241         Check Pasteboard::fileContentState() to ensure that we don't expose files when DataTransfer.types does not
2242         contain the "Files" type, and vice versa, and DataTranser.files is also empty in this case.
2243
2244         * dom/DataTransferItemList.cpp:
2245         * platform/PasteboardItemInfo.h:
2246
2247         Add a couple of additional members to PasteboardItemInfo: suggestedFileName and hasDeclaredNonTextType, a flag
2248         that indicates whether or not the pasteboard item has a type representation that is a declared type, but is not
2249         a text type (i.e. does not conform to "public.text", "public.url", or rich text format with attachment types).
2250
2251         (WebCore::PasteboardItemInfo::encode const):
2252         (WebCore::PasteboardItemInfo::decode):
2253         * platform/PasteboardStrategy.h:
2254         * platform/PlatformPasteboard.h:
2255         * platform/cocoa/PasteboardCocoa.mm:
2256         (WebCore::Pasteboard::fileContentState):
2257
2258         Instead of always considering a dropped item provider on iOS to represent a file, only do so if at least one of
2259         the following conditions are met:
2260         - The drop session contains multiple item providers (flocking text selections is a very rare use case).
2261         - The item provider was explicitly marked as an attachment.
2262         - The item provider has a suggested file name.
2263         - The item provider has any other content that is not text.
2264
2265         In the case where none of the above conditions are met, the item provider (if it ends up being a file) is
2266         essentially indistinguishable from inline data. An example of this is dropping a plain text file that is
2267         unnamed, with no presentation style, and alongside no other items nor other known type representations. These
2268         are cases in which whether the item is treated as a file or as inline data is (hopefully) irrelevant.
2269
2270         * platform/ios/PlatformPasteboardIOS.mm:
2271         (WebCore::PlatformPasteboard::allPasteboardItemInfo):
2272         (WebCore::PlatformPasteboard::informationForItemAtIndex):
2273
2274 2018-06-28  Timothy Hatcher  <timothy@apple.com>
2275
2276         Don't force black text when TextIndicator draws backgrounds or all content.
2277         https://bugs.webkit.org/show_bug.cgi?id=187161
2278         rdar://problem/40434644
2279
2280         Reviewed by Tim Horton.
2281
2282         * page/TextIndicator.cpp:
2283         (WebCore::snapshotOptionsForTextIndicatorOptions):
2284         Only set SnapshotOptionsForceBlackText when TextIndicatorOptionRespectTextColor and
2285         TextIndicatorOptionPaintBackgrounds are not set.
2286
2287 2018-06-28  Timothy Hatcher  <timothy@apple.com>
2288
2289         Find on page selection color isn't adapted for dark mode.
2290         https://bugs.webkit.org/show_bug.cgi?id=187072
2291
2292         Unreviewed, revert part of r233280.
2293
2294         * rendering/RenderThemeMac.mm:
2295         (WebCore::RenderThemeMac::platformActiveTextSearchHighlightColor const): Use pure yellow again.
2296
2297 2018-06-28  Antoine Quint  <graouts@apple.com>
2298
2299         [Web Animations] Make imported/mozilla/css-animations/test_animation-starttime.html pass reliably
2300         https://bugs.webkit.org/show_bug.cgi?id=183834
2301         <rdar://problem/40997932>
2302
2303         Reviewed by Dean Jackson.
2304
2305         We need to run pending tasks in the "update animations" procedure to ensure that the start time has been set
2306         to a different time than the timeline time at the time the animation was asked to play(). This ensure the
2307         timeline current time has progressed and can be queried to a different value in a requestAnimationFrame()
2308         callback.
2309
2310         When invalidating events, we need to make sure we disregard instances when an animation has and is still pending
2311         so that we wait until we change the pending state to work out which events to enqueue.
2312
2313         * animation/DeclarativeAnimation.cpp:
2314         (WebCore::DeclarativeAnimation::invalidateDOMEvents):
2315         * animation/DocumentTimeline.cpp:
2316         (WebCore::DocumentTimeline::updateAnimations):
2317         * animation/WebAnimation.cpp:
2318         (WebCore::WebAnimation::updatePendingTasks):
2319         (WebCore::WebAnimation::timeToNextRequiredTick const):
2320         (WebCore::WebAnimation::runPendingTasks):
2321         * animation/WebAnimation.h:
2322
2323 2018-06-28  Ryosuke Niwa  <rniwa@webkit.org>
2324
2325         Release assert in ScriptController::canExecuteScripts via WebCore::SVGUseElement::insertedIntoAncestor
2326         https://bugs.webkit.org/show_bug.cgi?id=187137
2327         <rdar://problem/41081885>
2328
2329         Reviewed by Zalan Bujtas.
2330
2331         The bug was caused by SVGUseElement::notifyFinished firing a DOM event via SVGUseElement::updateExternalDocument
2332         inside SVGUseElement::insertedIntoAncestor. Ideally, we make every call to notifyFinished asynchronous
2333         but simply delay the call to updateExternalDocument() until didFinishInsertingNode() for now.
2334
2335         No new tests since the failure is caught with the newly added assertion in notifyFinished by existing SVG tests
2336         such as svg/batik/filters/filterRegions.svg and svg/batik/text/smallFonts.svg. Unfortunately, I could not
2337         construct a test case which hits this release assertion since the real crash happens when the cached resource
2338         had an error but in the all cases I could find, the resource response with an error results in a reload or
2339         an asynchronous failure callback.
2340
2341         * loader/cache/CachedResource.cpp:
2342         (WebCore::CachedResource::didAddClient): Added a FIXME.
2343         * svg/SVGUseElement.cpp:
2344         (WebCore::SVGUseElement::insertedIntoAncestor): Delay the call to updateExternalDocument.
2345         (WebCore::SVGUseElement::didFinishInsertingNode): Invoke updateExternalDocument.
2346         (WebCore::SVGUseElement::notifyFinished): Added an assertion.
2347         * svg/SVGUseElement.h:
2348
2349 2018-06-28  Chris Dumez  <cdumez@apple.com>
2350
2351         Unreviewed, rolling out r233309.
2352
2353         Invalidates previous database model without versioning
2354
2355         Reverted changeset:
2356
2357         "Fix encoding / decoding issues in ResourceLoadStatistics"
2358         https://bugs.webkit.org/show_bug.cgi?id=186890
2359         https://trac.webkit.org/changeset/233309
2360
2361 2018-06-28  Timothy Hatcher  <timothy@apple.com>
2362
2363         Focus ring color does not honor dark mode or system accent color.
2364         https://bugs.webkit.org/show_bug.cgi?id=187144
2365         rdar://problem/41105081
2366
2367         Reviewed by Tim Horton.
2368
2369         Pass the focus ring color through to the GraphicsContext methods that draw it.
2370
2371         * platform/graphics/GraphicsContext.h:
2372         * platform/graphics/cocoa/GraphicsContextCocoa.mm:
2373         (WebCore::drawFocusRingAtTime):
2374         (WebCore::drawFocusRing):
2375         (WebCore::drawFocusRingToContext):
2376         (WebCore::drawFocusRingToContextAtTime):
2377         (WebCore::GraphicsContext::drawFocusRing):
2378         (WebCore::GraphicsContext::focusRingColor): Deleted.
2379         * platform/mac/ThemeMac.mm:
2380         (WebCore::drawCellFocusRingWithFrameAtTime):
2381         * rendering/RenderElement.cpp:
2382         (WebCore::RenderElement::paintFocusRing):
2383         * rendering/RenderImage.cpp:
2384         (WebCore::RenderImage::paintAreaElementFocusRing):
2385
2386 2018-06-28  Aditya Keerthi  <akeerthi@apple.com>
2387
2388         REGRESSION (r232040): Cursor jumping in Safari text fields
2389         https://bugs.webkit.org/show_bug.cgi?id=187142
2390         <rdar://problem/41397577>
2391
2392         Reviewed by Tim Horton.
2393
2394         r232040 enabled click events to fire on nodes that are already being edited in
2395         iOS. This resulted FrameSelection::setSelection being called twice. One call
2396         originated from the UIWKTextInteractionAssistant, which snaps the caret to word
2397         boundaries. The other call originates from handleMousePressEvent in EventHandler,
2398         and uses character boundaries. Consequently, we see the caret jumping around.
2399
2400         To fix this issue, an early return was added in the handleMousePressEvent
2401         codepath, which prevents FrameSelection::setSelection from being called when
2402         clicking on a node that is already being edited. This ensures that the
2403         UIWKTextInteractionAssistant codepath is the only influence on the caret position.
2404
2405         Test: fast/events/ios/click-selectionchange-once.html
2406
2407         * page/EventHandler.cpp:
2408         (WebCore::EventHandler::handleMousePressEventSingleClick):
2409
2410 2018-06-28  Chris Dumez  <cdumez@apple.com>
2411
2412         Fix encoding / decoding issues in ResourceLoadStatistics
2413         https://bugs.webkit.org/show_bug.cgi?id=186890
2414
2415         Reviewed by Brent Fulgham.
2416
2417         * loader/ResourceLoadStatistics.cpp:
2418         (WebCore::encodeHashCountedSet):
2419         (WebCore::encodeHashSet):
2420         Do not return early if the container we're trying to encode is empty. Instead,
2421         have the encoder encode an empty array. This is important for encoding / decoding
2422         to be fully symmetric. Otherwise, when trying to decode one of these empty containers,
2423         the decoder would fail (silently since we were ignoring decoding errors). Worse, the
2424         decoder might succeed but actually be decoding the *next* container in the file, since
2425         we have several HashCountedSets / HashSets encoded one after another.
2426
2427         (WebCore::decodeHashCountedSet):
2428         (WebCore::decodeHashSet):
2429         Return a boolean to indicate if the decoding suceeded or not.
2430
2431         (WebCore::ResourceLoadStatistics::decode):
2432         Check for container decoding errors and return false when decoding fails.
2433         Otherwise, we would just silently keep going.
2434
2435 2018-06-28  Sihui Liu  <sihui_liu@apple.com>
2436
2437         Cookie API: cookie creation time is wrong
2438         https://bugs.webkit.org/show_bug.cgi?id=187101
2439
2440         Reviewed by Geoffrey Garen.
2441
2442         Covered by API test: WebKit.WKHTTPCookieStoreCreationTime.
2443
2444         * platform/network/cocoa/CookieCocoa.mm:
2445         (WebCore::Cookie::operator NSHTTPCookie * _Nullable  const):
2446
2447 2018-06-28  Zalan Bujtas  <zalan@apple.com>
2448
2449         [LFC] Add Display::Box::nonCollapsedMarginBox for verification purposes.
2450         https://bugs.webkit.org/show_bug.cgi?id=187140
2451
2452         Reviewed by Antti Koivisto.
2453
2454         * layout/FormattingContext.cpp:
2455         (WebCore::Layout::FormattingContext::computeFloatingHeightAndMargin const):
2456         (WebCore::Layout::FormattingContext::computeOutOfFlowHorizontalGeometry const):
2457         * layout/Verification.cpp:
2458         (WebCore::Layout::outputMismatchingBoxInformationIfNeeded):
2459         * layout/blockformatting/BlockFormattingContext.cpp:
2460         (WebCore::Layout::BlockFormattingContext::computeInFlowHeightAndMargin const):
2461         * layout/displaytree/DisplayBox.cpp:
2462         (WebCore::Display::Box::nonCollapsedMarginBox const):
2463         * layout/displaytree/DisplayBox.h:
2464         (WebCore::Display::Box::setVerticalNonCollapsedMargin):
2465
2466 2018-06-28  Zalan Bujtas  <zalan@apple.com>
2467
2468         [LFC] The margin bottom of the document element does not collapse with its last inflow child's bottom margin.
2469         https://bugs.webkit.org/show_bug.cgi?id=187135
2470
2471         Reviewed by Antti Koivisto.
2472
2473         * layout/blockformatting/BlockFormattingContext.h:
2474         * layout/blockformatting/BlockFormattingContextGeometry.cpp:
2475         (WebCore::Layout::BlockFormattingContext::Geometry::inFlowNonReplacedHeightAndMargin):
2476         * layout/blockformatting/BlockMarginCollapse.cpp:
2477         (WebCore::Layout::BlockFormattingContext::MarginCollapse::marginBottom):
2478         (WebCore::Layout::BlockFormattingContext::MarginCollapse::isMarginBottomCollapsedWithParent):
2479         (WebCore::Layout::BlockFormattingContext::MarginCollapse::collapsedMarginBottomFromLastChild):
2480
2481 2018-06-28  Dirk Schulze  <krit@webkit.org>
2482
2483         [css-masking] Update clip-path box mapping to unified box
2484         https://bugs.webkit.org/show_bug.cgi?id=185797
2485
2486         Reviewed by Simon Fraser.
2487
2488         The box mapping for fill-box, stroke-box, view-box on HTML elements
2489         and content-box, padding-box, margin-box, border-box for SVG elements
2490         was aligned with the transform-box CSS property.
2491
2492         Furthermore, the keywords fill changed to fill-box and stroke changed
2493         to stroke-box.
2494
2495         https://drafts.fxtf.org/css-masking-1/#typedef-geometry-box
2496
2497         Update the -webkit-clip-path property.
2498
2499         Tests: svg/clip-path/clip-path-shape-border-box-expected.svg
2500                svg/clip-path/clip-path-shape-border-box.svg
2501                svg/clip-path/clip-path-shape-content-box-expected.svg
2502                svg/clip-path/clip-path-shape-content-box.svg
2503                svg/clip-path/clip-path-shape-margin-box-expected.svg
2504                svg/clip-path/clip-path-shape-margin-box.svg
2505                svg/clip-path/clip-path-shape-padding-box-expected.svg
2506                svg/clip-path/clip-path-shape-padding-box.svg
2507
2508         * css/CSSPrimitiveValueMappings.h:
2509         (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
2510         (WebCore::CSSPrimitiveValue::operator CSSBoxType const):
2511         * css/CSSValueKeywords.in:
2512         * css/StyleBuilderConverter.h:
2513         (WebCore::StyleBuilderConverter::convertClipPath):
2514         * css/parser/CSSPropertyParser.cpp:
2515         (WebCore::consumeBasicShapeOrBox):
2516         * rendering/RenderBlock.cpp:
2517         (WebCore::RenderBlock::nodeAtPoint):
2518         * rendering/RenderLayer.cpp:
2519         (WebCore::computeReferenceBox):
2520         * rendering/shapes/BoxShape.cpp:
2521         (WebCore::computeRoundedRectForBoxShape):
2522         * rendering/shapes/ShapeOutsideInfo.cpp:
2523         (WebCore::ShapeOutsideInfo::setReferenceBoxLogicalSize):
2524         (WebCore::ShapeOutsideInfo::logicalTopOffset const):
2525         (WebCore::ShapeOutsideInfo::logicalLeftOffset const):
2526         * rendering/style/RenderStyleConstants.h:
2527         * rendering/svg/SVGRenderingContext.cpp:
2528         (WebCore::SVGRenderingContext::prepareToRenderSVGContent):
2529
2530 2018-06-27  Timothy Hatcher  <timothy@apple.com>
2531
2532         Don't expose new semantic -apple-system color keywords on iOS.
2533         https://bugs.webkit.org/show_bug.cgi?id=187080
2534         rdar://problem/41505699
2535
2536         Reviewed by Tim Horton.
2537
2538         * DerivedSources.make: Use gnu++14, since gnu++17 is giving errors on macOS 10.12.
2539         * css/CSSValueKeywords.in: Define new semantic colors only on macOS.
2540
2541 2018-06-27  Zalan Bujtas  <zalan@apple.com>
2542
2543         [LFC] Compute both the collapsed and the non-collapsed margin values.
2544         https://bugs.webkit.org/show_bug.cgi?id=187129
2545
2546         Reviewed by Antti Koivisto.
2547
2548         For validation purposes only at this point.
2549
2550         * layout/FormattingContext.cpp:
2551         (WebCore::Layout::FormattingContext::computeFloatingHeightAndMargin const):
2552         (WebCore::Layout::FormattingContext::computeOutOfFlowVerticalGeometry const):
2553         * layout/FormattingContext.h:
2554         * layout/FormattingContextGeometry.cpp:
2555         (WebCore::Layout::FormattingContext::Geometry::outOfFlowNonReplacedVerticalGeometry):
2556         (WebCore::Layout::FormattingContext::Geometry::outOfFlowReplacedVerticalGeometry):
2557         (WebCore::Layout::FormattingContext::Geometry::floatingNonReplacedHeightAndMargin):
2558         (WebCore::Layout::FormattingContext::Geometry::inlineReplacedHeightAndMargin):
2559         * layout/blockformatting/BlockFormattingContext.cpp:
2560         (WebCore::Layout::BlockFormattingContext::computeInFlowHeightAndMargin const):
2561         * layout/blockformatting/BlockFormattingContextGeometry.cpp:
2562         (WebCore::Layout::BlockFormattingContext::Geometry::inFlowNonReplacedHeightAndMargin):
2563         * layout/blockformatting/BlockMarginCollapse.cpp:
2564         (WebCore::Layout::isMarginTopCollapsedWithParent):
2565         (WebCore::Layout::BlockFormattingContext::MarginCollapse::collapsedMarginTopFromFirstChild):
2566         (WebCore::Layout::BlockFormattingContext::MarginCollapse::marginTop):
2567
2568 2018-06-27  Zalan Bujtas  <zalan@apple.com>
2569
2570         [LFC] Align inFlowNonReplacedHeightAndMargin() style with the rest of the compute functions.
2571         https://bugs.webkit.org/show_bug.cgi?id=187126
2572
2573         Reviewed by Antti Koivisto.
2574
2575         * layout/blockformatting/BlockFormattingContextGeometry.cpp:
2576         (WebCore::Layout::BlockFormattingContext::Geometry::inFlowNonReplacedHeightAndMargin):
2577
2578 2018-06-27  Yusuke Suzuki  <utatane.tea@gmail.com>
2579
2580         [GTK][WPE] Use LazyNeverDestroyed<XErrorTrapper> to remove static initializers
2581         https://bugs.webkit.org/show_bug.cgi?id=187089
2582
2583         Reviewed by Michael Catanzaro.
2584
2585         Do not allow copying since XErrorTrapper's logic relies on the address of XErrorTrapper.
2586
2587         * platform/graphics/x11/XErrorTrapper.h:
2588
2589 2018-06-27  Zalan Bujtas  <zalan@apple.com>
2590
2591         [LFC] Align inFlowNonReplacedWidthAndMargin() style with the rest of the compute functions.
2592         https://bugs.webkit.org/show_bug.cgi?id=187124
2593
2594         Reviewed by Antti Koivisto.
2595
2596         * layout/blockformatting/BlockFormattingContextGeometry.cpp:
2597         (WebCore::Layout::BlockFormattingContext::Geometry::inFlowNonReplacedWidthAndMargin):
2598
2599 2018-06-27  Dirk Schulze  <krit@webkit.org>
2600
2601         -webkit-clip-path wrong offset for clipPath references
2602         https://bugs.webkit.org/show_bug.cgi?id=129246
2603
2604         Reviewed by Simon Fraser.
2605
2606         Compute the correct offset for reference clip-paths by reusing
2607         some of the logic from basic shapes.
2608         Makes reference based clip-path interoperable and follows the
2609         spec.
2610
2611         Test: css3/masking/clip-path-reference-2.html
2612
2613         * rendering/RenderLayer.cpp:
2614         (WebCore::computeReferenceBox):
2615         (WebCore::RenderLayer::computeClipPath const):
2616         (WebCore::RenderLayer::setupClipPath):
2617
2618 2018-06-27  Antti Koivisto  <antti@apple.com>
2619
2620         Don't invoke post resolution callbacks when resolving computed style
2621         https://bugs.webkit.org/show_bug.cgi?id=187113
2622         <rdar://problem/41365766>
2623
2624         Reviewed by Geoff Garen.
2625
2626         Post-resolution callbacks should only be invoked when we resolve the full document style,
2627         not when resolving computed style for a single element.
2628
2629         Tests: fast/dom/object-computed-style-event.html
2630
2631         * dom/Document.cpp:
2632         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
2633         * dom/Element.cpp:
2634         (WebCore::Element::resolveComputedStyle):
2635
2636         Also ref the ancestor stack to be safe.
2637
2638         * style/StyleTreeResolver.cpp:
2639         (WebCore::Style::PostResolutionCallbackDisabler::PostResolutionCallbackDisabler):
2640         (WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler):
2641
2642         Add an option to not drain the callback queue on destruction. In this mode we
2643         just block network loads.
2644
2645         * style/StyleTreeResolver.h:
2646
2647 2018-06-27  Timothy Hatcher  <timothy@apple.com>
2648
2649         Find on page selection color isn't adapted for dark mode.
2650         https://bugs.webkit.org/show_bug.cgi?id=187072
2651         rdar://problem/40354841
2652
2653         Reviewed by Tim Horton.
2654
2655         * page/mac/TextIndicatorWindow.mm:
2656         (-[WebTextIndicatorView initWithFrame:textIndicator:margin:offset:]): Use [NSColor findHighlightColor].
2657         * platform/mac/LocalDefaultSystemAppearance.h:
2658         (WebCore::LocalDefaultSystemAppearance::usingDarkAppearance const): Added.
2659         * platform/mac/LocalDefaultSystemAppearance.mm:
2660         (WebCore::LocalDefaultSystemAppearance::LocalDefaultSystemAppearance): Set m_usingDarkAppearance.
2661         * rendering/InlineTextBox.cpp:
2662         (WebCore::InlineTextBox::paintPlatformDocumentMarkers): Use TextPaintPhase::Decoration since this
2663         matches step three of InlineTextBox::paint ("Paint fancy decorations"). This allows TextMatch to
2664         paint a forground and not end up painting during this "fancy decorations" phase.
2665         (WebCore::InlineTextBox::resolveStyleForMarkedText): Set the fillColor for TextMarker to force a
2666         dark text color which will draw over the yellow highlight.
2667         (WebCore::InlineTextBox::collectMarkedTextsForDocumentMarkers): Added support for TextPaintPhase::Decoration.
2668         Seperate DocumentMarker::TelephoneNumber and DocumentMarker::TextMatch. Have DocumentMarker::TextMatch
2669         support Forground and Background phases.
2670         * rendering/RenderTheme.cpp:
2671         (WebCore::RenderTheme::platformColorsDidChange):
2672         (WebCore::RenderTheme::activeTextSearchHighlightColor const): Added. Call the platfrom version.
2673         (WebCore::RenderTheme::inactiveTextSearchHighlightColor const): Added. Ditto.
2674         (WebCore::RenderTheme::platformActiveTextSearchHighlightColor const): Added StyleColor::Options.
2675         (WebCore::RenderTheme::platformInactiveTextSearchHighlightColor const): Ditto.
2676         * rendering/RenderTheme.h:
2677         * rendering/RenderThemeMac.h:
2678         * rendering/RenderThemeMac.mm:
2679         (WebCore::RenderThemeMac::platformActiveTextSearchHighlightColor const): Added.
2680         (WebCore::RenderThemeMac::platformInactiveTextSearchHighlightColor const): Added.
2681         (WebCore::RenderThemeMac::platformColorsDidChange): Clear new color caches.
2682         (WebCore::RenderThemeMac::systemColor const): Cache system colors by light and dark mode.
2683
2684 2018-06-27  Chris Dumez  <cdumez@apple.com>
2685
2686         Crash under SWServer::unregisterServiceWorkerClient()
2687         https://bugs.webkit.org/show_bug.cgi?id=187115
2688         <rdar://problem/41539197>
2689
2690         Reviewed by Youenn Fablet.
2691
2692         Connections are usually destroyed before their SWServer. However, as per crash traces, it is possible
2693         for SWServers to get destroyed while they still have connections. When this happens, the connections
2694         (which are owned by the SWServer) get destroyed with other SWServer data members. In turn, the
2695         connection destructor tries to unregister its clients from the server that is currently being destroyed.
2696
2697         To address the issue, the SWServer destructor now destroys remaining connections early, before SWServer's
2698         other data members get destroyed.
2699
2700         * workers/service/server/SWServer.cpp:
2701         (WebCore::SWServer::~SWServer):
2702
2703 2018-06-27  Youenn Fablet  <youenn@apple.com>
2704
2705         NetworkLoadChecker should not need to hard ref NetworkConnectionToWebProcess
2706         https://bugs.webkit.org/show_bug.cgi?id=186551
2707
2708         Reviewed by Daniel Bates.
2709
2710         No change of behavior.
2711         Add a way to set the client receiving any CSP warning/error notification.
2712
2713         * page/csp/ContentSecurityPolicy.h:
2714         (WebCore::ContentSecurityPolicy::setClient):
2715
2716 2018-06-27  Zalan Bujtas  <zalan@apple.com>
2717
2718         [LFC] Do not collapse margin with the parent when element has border/padding.
2719         https://bugs.webkit.org/show_bug.cgi?id=187114
2720
2721         Reviewed by Antti Koivisto.
2722
2723         * layout/blockformatting/BlockFormattingContext.cpp:
2724         (WebCore::Layout::BlockFormattingContext::layout const):
2725         * layout/blockformatting/BlockMarginCollapse.cpp:
2726         (WebCore::Layout::isMarginTopCollapsedWithParent):
2727         (WebCore::Layout::BlockFormattingContext::MarginCollapse::collapsedMarginTopFromFirstChild):
2728         (WebCore::Layout::BlockFormattingContext::MarginCollapse::marginTop):
2729
2730 2018-06-27  Simon Fraser  <simon.fraser@apple.com>
2731
2732         Fix Windows build after r233268.
2733
2734         * platform/graphics/ca/win/PlatformCALayerWin.cpp:
2735         (PlatformCALayerWin::hasContents const):
2736         * platform/graphics/ca/win/PlatformCALayerWin.h:
2737
2738 2018-06-27  Zalan Bujtas  <zalan@apple.com>
2739
2740         [LFC] Out-of-flow positioned element's height depends on its containing block's height.
2741         https://bugs.webkit.org/show_bug.cgi?id=187082
2742
2743         Reviewed by Antti Koivisto.
2744
2745         We can't really compute the final height of an out-of-flow element until after its containing block's height is computed.
2746
2747         * layout/FormattingContext.cpp:
2748         (WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):
2749         * layout/FormattingContext.h:
2750         * layout/LayoutContext.cpp:
2751         (WebCore::Layout::LayoutContext::updateLayout):
2752         (WebCore::Layout::LayoutContext::layoutFormattingContextSubtree):
2753         * layout/LayoutContext.h:
2754         * layout/blockformatting/BlockFormattingContext.cpp:
2755         (WebCore::Layout::BlockFormattingContext::layout const):
2756         * layout/layouttree/LayoutContainer.h:
2757         (WebCore::Layout::Container::outOfFlowDescendants const):
2758         (WebCore::Layout::Container::outOfFlowDescendants): Deleted.
2759
2760 2018-06-27  Youenn Fablet  <youenn@apple.com>
2761
2762         Disable content blockers in NetworkLoadChecker except for ping loads
2763         https://bugs.webkit.org/show_bug.cgi?id=187083
2764         <rdar://problem/41440083>
2765
2766         Reviewed by Chris Dumez.
2767
2768         Add internals API to reload a frame without content extensions.
2769
2770         Test: http/tests/contentextensions/reload-without-contentextensions.html
2771
2772         * testing/Internals.cpp:
2773         (WebCore::Internals::reloadWithoutContentExtensions):
2774         * testing/Internals.h:
2775         * testing/Internals.idl:
2776
2777 2018-06-27  Simon Fraser  <simon.fraser@apple.com>
2778
2779         https://hackernoon.com/ uses lots of layer backing store
2780         https://bugs.webkit.org/show_bug.cgi?id=186909
2781         rdar://problem/40257540
2782
2783         Reviewed by Tim Horton.
2784         
2785         The existing "backing store detached" logic, which was used to eliminate backing store
2786         for compositing layers outside the viewport, had a number of bugs that allowed layers
2787         to have backing store when they should not.
2788         
2789         Specifically, any code path that ended up in setNeedsDisplay{InRect}() in PlatformCALayer
2790         could trigger backing store creation on layers that should have never had any.
2791         
2792         Rather than monkeypatch all the GraphicsLayerCA call sites that call setNeedsDisplay{InRect}(),
2793         just bail early from the PlatformCALayer* methods that trigger repaints.
2794         
2795         Tests didn't catch this because they just dumped the state of the backingStoreAttached flag. To fix this,
2796         create backingStoreAttachedForTesting() which also tests whether the layer has contents.
2797
2798         Test: compositing/backing/backing-store-attachment-outside-viewport.html
2799
2800         * platform/graphics/GraphicsLayer.cpp:
2801         (WebCore::GraphicsLayer::dumpProperties const):
2802         (showGraphicsLayerTree):
2803         * platform/graphics/GraphicsLayer.h:
2804         (WebCore::GraphicsLayer::backingStoreAttachedForTesting const):
2805         * platform/graphics/GraphicsLayerClient.h:
2806         * platform/graphics/ca/GraphicsLayerCA.cpp:
2807         (WebCore::GraphicsLayerCA::backingStoreAttachedForTesting const):
2808         (WebCore::GraphicsLayerCA::setNeedsDisplay):
2809         * platform/graphics/ca/GraphicsLayerCA.h:
2810         * platform/graphics/ca/PlatformCALayer.h:
2811         * platform/graphics/ca/cocoa/PlatformCALayerCocoa.h:
2812         * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
2813         (PlatformCALayerCocoa::setNeedsDisplay):
2814         (PlatformCALayerCocoa::setNeedsDisplayInRect):
2815         (PlatformCALayerCocoa::hasContents const):
2816
2817 2018-06-27  David Kilzer  <ddkilzer@apple.com>
2818
2819         Fix clang static analyzer warnings: Branch condition evaluates to a garbage value
2820         <https://webkit.org/b/186968>
2821
2822         Reviewed by Zalan Bujtas.
2823
2824         This patch changes two stack-allocated `bool` variables into
2825         `std::optional<bool>` since the functions that set the variable
2826         may return early without setting it.  It also changes one
2827         stack-allocated pointer to be initialized to `nullptr`.
2828
2829         * animation/AnimationTimeline.cpp:
2830         (WebCore::AnimationTimeline::updateCSSTransitionsForElement):
2831         Update for change to CSSPropertyAnimation::getPropertyAtIndex()
2832         argument type.
2833
2834         * editing/ios/EditorIOS.mm:
2835         (WebCore::Editor::writeImageToPasteboard): Initialize
2836         `cachedImage` stack pointer to nullptr since getImage() has an
2837         early return that doesn't set `cachedImage`.
2838         * editing/mac/EditorMac.mm:
2839         (WebCore::Editor::writeImageToPasteboard): Ditto.
2840
2841         * page/animation/CSSPropertyAnimation.cpp:
2842         (WebCore::CSSPropertyAnimation::getPropertyAtIndex):
2843         * page/animation/CSSPropertyAnimation.h:
2844         (WebCore::CSSPropertyAnimation::getPropertyAtIndex):
2845         - Change method to take `std::optional<bool>` instead of `bool`
2846           as second argument since the method may return early without
2847           setting `isShorthand`.
2848
2849         * page/animation/CompositeAnimation.cpp:
2850         (WebCore::CompositeAnimation::updateTransitions): Update for
2851         change to CSSPropertyAnimation::getPropertyAtIndex() argument
2852         type.
2853
2854         * rendering/InlineFlowBox.cpp:
2855         (WebCore::InlineFlowBox::placeBoxesInBlockDirection): Also
2856         rename local `emphasisMarkIsOver` to `emphasisMarkIsAbove` to
2857         match other call sites.
2858         (WebCore::InlineFlowBox::addTextBoxVisualOverflow):
2859         (WebCore::InlineFlowBox::computeOverAnnotationAdjustment const):
2860         (WebCore::InlineFlowBox::computeUnderAnnotationAdjustment const):
2861         - Update for change to InlineTextBox::emphasisMarkExistsAndIsAbove()
2862           argument type.
2863         * rendering/InlineTextBox.cpp:
2864         (WebCore::InlineTextBox::emphasisMarkExistsAndIsAbove const):
2865         - Change method to take `std::optional<bool>` instead of `bool`
2866           as second argument since the method may return early without
2867           setting `above`.
2868         (WebCore::InlineTextBox::paintMarkedTextForeground):
2869         - Update for change to InlineTextBox::emphasisMarkExistsAndIsAbove()
2870           argument type.
2871         * rendering/InlineTextBox.h:
2872         (WebCore::InlineTextBox::emphasisMarkExistsAndIsAbove const):
2873         - Change method to take `std::optional<bool>` instead of `bool`.
2874
2875 2018-06-27  Zalan Bujtas  <zalan@apple.com>
2876
2877         [LFC] Move formatting context root layout logic to a dedicated function.
2878         https://bugs.webkit.org/show_bug.cgi?id=187097
2879
2880         Reviewed by Antti Koivisto.
2881
2882         * layout/blockformatting/BlockFormattingContext.cpp:
2883         (WebCore::Layout::BlockFormattingContext::layout const):
2884         (WebCore::Layout::BlockFormattingContext::layoutFormattingContextRoot const):
2885         * layout/blockformatting/BlockFormattingContext.h:
2886
2887 2018-06-27  Zalan Bujtas  <zalan@apple.com>
2888
2889         [LFC] Compute static position for out-of-flow elements only when required.
2890         https://bugs.webkit.org/show_bug.cgi?id=187096
2891
2892         Reviewed by Antti Koivisto.
2893
2894         Computing static position for out-of-flow elements could be somewhat expensive, so let's not do it unless we actually need it.
2895
2896         * layout/FormattingContextGeometry.cpp:
2897         (WebCore::Layout::staticVerticalPositionForOutOfFlowPositioned):
2898         (WebCore::Layout::staticHorizontalPositionForOutOfFlowPositioned):
2899         (WebCore::Layout::FormattingContext::Geometry::outOfFlowNonReplacedVerticalGeometry):
2900         (WebCore::Layout::FormattingContext::Geometry::outOfFlowNonReplacedHorizontalGeometry):
2901         (WebCore::Layout::FormattingContext::Geometry::outOfFlowReplacedVerticalGeometry):
2902         (WebCore::Layout::FormattingContext::Geometry::outOfFlowReplacedHorizontalGeometry):
2903         * layout/blockformatting/BlockFormattingContextGeometry.cpp:
2904         (WebCore::Layout::BlockFormattingContext::Geometry::staticPosition):
2905         (WebCore::Layout::BlockFormattingContext::Geometry::staticPositionForOutOfFlowPositioned): Deleted.
2906
2907 2018-06-27  Nan Wang  <n_wang@apple.com>
2908
2909         AX: [iOS] Remove the ability to set keyboard focus when VoiceOver takes focus
2910         https://bugs.webkit.org/show_bug.cgi?id=187076
2911
2912         Reviewed by Chris Fleizach.
2913
2914         We shouldn't set keyboard focus when assistive technology takes focus since
2915         this is causing website incompatibility issues by causing focus to be lost.
2916
2917         Test: accessibility/ios-simulator/accessibility-focus-do-not-set-focus.html
2918
2919         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
2920         (-[WebAccessibilityObjectWrapper accessibilityElementDidBecomeFocused]):
2921
2922 2018-06-21  Emilio Cobos Álvarez  <emilio@crisal.io>
2923
2924         Move clearChildNeedsStyleRecalc into resetStyleForNonRenderedDescendants.
2925         https://bugs.webkit.org/show_bug.cgi?id=186881
2926
2927         Reviewed by Antti Koivisto.
2928
2929         Every caller does this already.
2930
2931         No new tests, no change in behavior.
2932
2933         * style/StyleTreeResolver.cpp:
2934         (WebCore::Style::resetStyleForNonRenderedDescendants):
2935         (WebCore::Style::TreeResolver::resolveComposedTree):
2936
2937 2018-06-27  Tomas Popela  <tpopela@redhat.com>
2938
2939         [GStreamer] Coverity scan issues
2940         https://bugs.webkit.org/show_bug.cgi?id=187087
2941
2942         Reviewed by Xabier Rodriguez-Calvar.
2943
2944         Fix uninitialized members.
2945
2946         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2947         * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
2948         * platform/graphics/gstreamer/mse/SourceBufferPrivateGStreamer.h:
2949
2950 2018-06-27  Zan Dobersek  <zdobersek@igalia.com>
2951
2952         [GCrypt] Move definitions of GCryptUtilities helpers into a separate source file
2953         https://bugs.webkit.org/show_bug.cgi?id=187033
2954
2955         Reviewed by Michael Catanzaro.
2956
2957         Move the GCryptUtilities helpers that operate on libgcrypt values and
2958         constants into a separate source file. This limits a bit the amount of
2959         inlining the compiler might feel compelled to do, and the resulting
2960         shared library is 8kB smaller in size.
2961
2962         * crypto/gcrypt/GCryptUtilities.cpp: Copied from Source/WebCore/crypto/gcrypt/GCryptUtilities.h.
2963         (WebCore::hmacAlgorithm):
2964         (WebCore::digestAlgorithm):
2965         (WebCore::hashCryptoDigestAlgorithm):
2966         (WebCore::mpiLength):
2967         (WebCore::mpiData):
2968         (WebCore::mpiZeroPrefixedData):
2969         (WebCore::mpiSignedData):
2970         * crypto/gcrypt/GCryptUtilities.h:
2971         (WebCore::hmacAlgorithm): Deleted.
2972         (WebCore::digestAlgorithm): Deleted.
2973         (WebCore::hashCryptoDigestAlgorithm): Deleted.
2974         (WebCore::mpiLength): Deleted.
2975         (WebCore::mpiData): Deleted.
2976         (WebCore::mpiZeroPrefixedData): Deleted.
2977         (WebCore::mpiSignedData): Deleted.
2978         * platform/SourcesGCrypt.txt:
2979
2980 2018-06-26  Yusuke Suzuki  <utatane.tea@gmail.com>
2981
2982         [JSC] Pass VM& to functions more
2983         https://bugs.webkit.org/show_bug.cgi?id=186241
2984
2985         Reviewed by Mark Lam.
2986
2987         * bindings/js/JSCustomElementRegistryCustom.cpp:
2988         (WebCore::JSCustomElementRegistry::define):
2989
2990 2018-06-26  Simon Fraser  <simon.fraser@apple.com>
2991
2992         CSSGradientValue's color stops vector wastes 12KB on theverge.com
2993         https://bugs.webkit.org/show_bug.cgi?id=186988
2994
2995         Reviewed by Sam Weinig.
2996
2997         Shrink the color stops vector when we're done parsing the stops.
2998
2999         * css/CSSGradientValue.h:
3000         (WebCore::CSSGradientValue::doneAddingStops):
3001         * css/parser/CSSPropertyParserHelpers.cpp:
3002         (WebCore::CSSPropertyParserHelpers::consumeDeprecatedGradient):
3003         (WebCore::CSSPropertyParserHelpers::consumeGradientColorStops):
3004         (WebCore::CSSPropertyParserHelpers::consumeAngularGradientColorStops):
3005
3006 2018-06-25  Yusuke Suzuki  <utatane.tea@gmail.com>
3007
3008         Remove static initializers more
3009         https://bugs.webkit.org/show_bug.cgi?id=186969
3010
3011         Reviewed by Michael Catanzaro.
3012
3013         This patch removes static initializers more. They typically exists in GTK port.
3014
3015         No behavior change.
3016
3017         * Sources.txt:
3018         * WebCore.xcodeproj/project.pbxproj:
3019         * page/ResourceUsageData.cpp: Removed.
3020         * page/ResourceUsageData.h:
3021         Remove ResourceUsageData constructors since default constructors are enough.
3022
3023         (WebCore::MemoryCategoryInfo::MemoryCategoryInfo):
3024         * platform/gtk/PasteboardHelper.cpp:
3025         (WebCore::markupPrefix):
3026         (WebCore::removeMarkupPrefix):
3027         (WebCore::PasteboardHelper::fillSelectionData):
3028         Use NeverDestroyed<> and static functions.
3029
3030         * platform/mediastream/gstreamer/GStreamerAudioCaptureSource.cpp:
3031         (WebCore::defaultVolumeCapability):
3032         (WebCore::GStreamerAudioCaptureSource::capabilities const):
3033         CapabilityValueOrRange's constructor is not constexpr.
3034
3035         * platform/network/soup/SoupNetworkSession.cpp:
3036         (WebCore::initialAcceptLanguages):
3037         (WebCore::proxySettings):
3038         (WebCore::SoupNetworkSession::SoupNetworkSession):
3039         (WebCore::SoupNetworkSession::setupProxy):
3040         (WebCore::SoupNetworkSession::setProxySettings):
3041         (WebCore::SoupNetworkSession::setInitialAcceptLanguages):
3042         Use NeverDestroyed<> and static functions.
3043
3044 2018-06-26  Daniel Bates  <dabates@apple.com>
3045
3046         REGRESSION (r231479): Unable to buy Odeon cinema tickets in STP (bogus 'X-Frame-Options' to 'SAMEORIGIN')
3047         https://bugs.webkit.org/show_bug.cgi?id=186090
3048         <rdar://problem/40692595>
3049
3050         Reviewed by Andy Estes.
3051
3052         Fix up Content Security Policy logic for checking the frame ancestors now that we
3053         exclude the frame that initiated the load request.
3054
3055         Test: http/tests/security/XFrameOptions/cross-origin-iframe-post-form-to-parent-same-origin-x-frame-options-page-allow.html
3056
3057         * page/csp/ContentSecurityPolicy.cpp:
3058         (WebCore::ContentSecurityPolicy::allowFrameAncestors const): 
3059         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
3060         (WebCore::checkFrameAncestors):
3061
3062 2018-06-26  Chris Dumez  <cdumez@apple.com>
3063
3064         Simplify NetworkStorageSession::getAllStorageAccessEntries()
3065         https://bugs.webkit.org/show_bug.cgi?id=187016
3066
3067         Reviewed by Youenn Fablet.
3068
3069         Iterate over the HashMaps' values instead of iterating over their keys and then looking them
3070         up in the HashMap.
3071
3072         * platform/network/cf/NetworkStorageSessionCFNet.cpp:
3073         (WebCore::NetworkStorageSession::getAllStorageAccessEntries const):
3074
3075 2018-06-26  Eric Carlson  <eric.carlson@apple.com>
3076
3077         [Mac] AirPlay picker uses incorrect theme in Dark mode
3078         https://bugs.webkit.org/show_bug.cgi?id=187054
3079         <rdar://problem/41291093>
3080
3081         Reviewed by Timothy Hatcher.
3082
3083         * Modules/mediasession/WebMediaSessionManager.cpp:
3084         (WebCore::WebMediaSessionManager::showPlaybackTargetPicker): Add useDefaultAppearance parameter.
3085         * Modules/mediasession/WebMediaSessionManager.h:
3086
3087         * platform/graphics/MediaPlaybackTargetPicker.cpp:
3088         (WebCore::MediaPlaybackTargetPicker::showPlaybackTargetPicker): Ditto.
3089         * platform/graphics/MediaPlaybackTargetPicker.h:
3090
3091         * platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.h:
3092         * platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:
3093         (WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker): Choose theme based on
3094         useDefaultAppearance parameter.
3095
3096         * platform/mock/MediaPlaybackTargetPickerMock.cpp:
3097         (WebCore::MediaPlaybackTargetPickerMock::showPlaybackTargetPicker): Log parameter.
3098         * platform/mock/MediaPlaybackTargetPickerMock.h:
3099
3100 2018-06-26  Thibault Saunier  <tsaunier@igalia.com>
3101
3102         [GStreamer] Do not forget to set stream on track switching
3103         https://bugs.webkit.org/show_bug.cgi?id=187049
3104
3105         Reviewed by Philippe Normand.
3106
3107         This was an overlooked issue introduced in Bug #186678
3108
3109         This is already tested, but we currently run only tests against playbin2
3110
3111         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
3112         (WebCore::MediaPlayerPrivateGStreamer::enableTrack):
3113
3114 2018-06-26  Zalan Bujtas  <zalan@apple.com>
3115
3116         [LFC] Fixed positioning is a subcategory of absolute positioning.
3117         https://bugs.webkit.org/show_bug.cgi?id=187043
3118
3119         Reviewed by Antti Koivisto.
3120
3121         https://www.w3.org/TR/CSS22/visuren.html#absolute-positioning
3122         References in this specification to an absolutely positioned element (or its box) imply that the element's 'position'
3123         property has the value 'absolute' or 'fixed'.
3124
3125         * layout/layouttree/LayoutBox.cpp:
3126         (WebCore::Layout::Box::isAbsolutelyPositioned const):
3127         * layout/layouttree/LayoutBox.h:
3128         (WebCore::Layout::Box::isOutOfFlowPositioned const):
3129
3130 2018-06-26  Commit Queue  <commit-queue@webkit.org>
3131
3132         Unreviewed, rolling out r233143.
3133         https://bugs.webkit.org/show_bug.cgi?id=187046
3134
3135         broke media/video-ended-event-negative-playback.html
3136         (Requested by philn on #webkit).
3137
3138         Reverted changeset:
3139
3140         "[GStreamer] Remove useless workaround"
3141         https://bugs.webkit.org/show_bug.cgi?id=186921
3142         https://trac.webkit.org/changeset/233143
3143
3144 2018-06-25  Zalan Bujtas  <zalan@apple.com>
3145
3146         [LFC] Computed height for in-flow non-replaced should not include padding and border.
3147         https://bugs.webkit.org/show_bug.cgi?id=187031
3148
3149         Reviewed by Antti Koivisto.
3150
3151         In certain cases the height of a non-replaced in-flow box is computed using the bottom position of its last in-flow child.
3152         The in-flow child's bottom position is in the coordinate system of the containing block's border box (border box's top left is 0, 0) ->
3153         it includes both the (top) border and the padding of the containing block.
3154
3155         * layout/blockformatting/BlockFormattingContextGeometry.cpp:
3156         (WebCore::Layout::BlockFormattingContext::Geometry::inFlowNonReplacedHeightAndMargin):
3157
3158 2018-06-26  Zan Dobersek  <zdobersek@igalia.com>
3159
3160         Crash in WebAnimation::runPendingPlayTask
3161         https://bugs.webkit.org/show_bug.cgi?id=186189
3162
3163         Reviewed by Carlos Garcia Campos.
3164
3165         Avoid crashes on nullopt std::optional dereference in the
3166         runPendingPlayTask() and runPendingPauseTask() methods of the
3167         WebAnimation class by defaulting to a Seconds(0) value.
3168
3169         In both cases the std::optional value is the current time retrieved from
3170         the associated DocumentTimeline object. But there's no guarantee that
3171         the timeline is active and the resulting time value is resolved (i.e.
3172         not nullopt). Dereferencing the nullopt Seconds value doesn't cause a
3173         problem on configurations still building as C++14 and the fallback
3174         std::optional implementation provided by WTF -- no signal is raised, and
3175         a 0 value is returned. Configurations building as C++17 on the other
3176         hand use the stdlib-provided std::optional that does raise a signal on
3177         invalid access, leading to crashes.
3178
3179         The default-to-Seconds(0) solution avoids crashes on configurations
3180         that build with C++17 support enabled, and thus match configurations
3181         that are still using WTF's std::optional. This still doesn't address the
3182         underlying problem of retrieving current time from an inactive document
3183         timeline and using it as ready time for the pending play/pause task
3184         execution.
3185
3186         runPendingPlayTask() change addresses crashes in the following tests:
3187         - fast/animation/css-animation-resuming-when-visible.html
3188         - fast/animation/css-animation-resuming-when-visible-with-style-change.html
3189         - imported/w3c/web-platform-tests/web-animations/interfaces/Animatable/animate-no-browsing-context.html
3190         - imported/w3c/web-platform-tests/web-animations/interfaces/Animatable/getAnimations.html
3191
3192         runPendingPauseTask() change addresses crashes in the following tests:
3193         - animations/multiple-animations-timing-function.html
3194
3195         * animation/WebAnimation.cpp:
3196         (WebCore::WebAnimation::runPendingPlayTask):
3197         (WebCore::WebAnimation::runPendingPauseTask):
3198
3199 2018-06-26  Antoine Quint  <graouts@apple.com>
3200
3201         [Web Animations] Show the feature as "Supported in Preview"
3202         https://bugs.webkit.org/show_bug.cgi?id=187037
3203
3204         Reviewed by Dean Jackson.
3205
3206         Web Animations are enabled by default in STP.
3207
3208         * features.json:
3209
3210 2018-06-26  Miguel Gomez  <magomez@igalia.com>
3211
3212         [GTK] Many webpages can crash the browser in WebCore::CoordinatedGraphicsLayer::transformedVisibleRect
3213         https://bugs.webkit.org/show_bug.cgi?id=179304
3214
3215         Reviewed by Michael Catanzaro.
3216
3217         When adding new CoordinatedGraphicsLayers to the tree, check that they have the appropriate
3218         CompositingCoordinator. If that's not the case, set the appropriate one to the layer and its
3219         children and set the state of those layers so they are rendered properly.
3220
3221         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
3222         (WebCore::CoordinatedGraphicsLayer::addChild):
3223         (WebCore::CoordinatedGraphicsLayer::addChildAtIndex):
3224         (WebCore::CoordinatedGraphicsLayer::addChildAbove):
3225         (WebCore::CoordinatedGraphicsLayer::addChildBelow):
3226         (WebCore::CoordinatedGraphicsLayer::replaceChild):
3227         (WebCore::CoordinatedGraphicsLayer::setCoordinatorIncludingSubLayersIfNeeded):
3228         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
3229
3230 2018-06-25  Keith Rollin  <krollin@apple.com>
3231
3232         Adjust WEBCORE_EXPORT annotations for LTO
3233         https://bugs.webkit.org/show_bug.cgi?id=186944
3234         <rdar://problem/41384880>
3235
3236         Reviewed by David Kilzer.
3237
3238         Adjust a number of places that result in WebKit's
3239         'check-for-weak-vtables-and-externals' script reporting weak external
3240         symbols:
3241
3242             ERROR: WebCore has a weak external symbol in it (/Volumes/Data/dev/webkit/OpenSource/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore)
3243             ERROR: A weak external symbol is generated when a symbol is defined in multiple compilation units and is also marked as being exported from the library.
3244             ERROR: A common cause of weak external symbols is when an inline function is listed in the linker export file.
3245             ...
3246
3247         These cases are caused by inline methods being marked with WTF_EXPORT
3248         (or related macro) or with an inline function being in a class marked
3249         as such, and when enabling LTO builds.
3250
3251         For the most part, address these by removing the WEBCORE_EXPORT
3252         annotation from inline methods. In some cases, move the implementation
3253         out-of-line because it's the class that has the WEBCORE_EXPORT on it
3254         and removing the annotation from the class would be too disruptive.
3255         Finally, in other cases, move the implementation out-of-line because
3256         check-for-weak-vtables-and-externals still complains when keeping the
3257         implementation inline and removing the annotation; this seems to
3258         typically (but not always) happen with destructors.
3259
3260         No new tests. There is no changed functionality. Only the annotation
3261         and treatment of inline methods are altered.
3262
3263         * animation/AnimationTimeline.h:
3264         (WebCore::AnimationTimeline::pause):
3265         * page/CacheStorageProvider.h:
3266         (): Deleted.
3267         * page/scrolling/ScrollingTree.h:
3268         (WebCore::ScrollingTree::reportSynchronousScrollingReasonsChanged):
3269         (WebCore::ScrollingTree::reportExposedUnfilledArea):
3270         * platform/audio/PlatformMediaSessionManager.h:
3271         (WebCore::PlatformMediaSessionManager::hasActiveNowPlayingSession const):
3272         (WebCore::PlatformMediaSessionManager::lastUpdatedNowPlayingTitle const):
3273         (WebCore::PlatformMediaSessionManager::lastUpdatedNowPlayingDuration const):
3274         (WebCore::PlatformMediaSessionManager::lastUpdatedNowPlayingElapsedTime const):
3275         (WebCore::PlatformMediaSessionManager::lastUpdatedNowPlayingInfoUniqueIdentifier const):
3276         (WebCore::PlatformMediaSessionManager::registeredAsNowPlayingApplication const):
3277         * platform/audio/mac/CARingBuffer.cpp:
3278         (WebCore::CARingBuffer::~CARingBuffer):
3279         * platform/audio/mac/CARingBuffer.h:
3280         (WebCore::CARingBuffer::~CARingBuffer): Deleted.
3281         * platform/cocoa/VideoFullscreenModelVideoElement.h:
3282         * platform/gamepad/GamepadProvider.h:
3283         * platform/graphics/GraphicsLayer.h:
3284         (WebCore::GraphicsLayer::displayListAsText const):
3285         (WebCore::GraphicsLayer::setIsTrackingDisplayListReplay):
3286         (WebCore::GraphicsLayer::isTrackingDisplayListReplay const):
3287         (WebCore::GraphicsLayer::replayDisplayListAsText const):
3288         * platform/mac/PlaybackSessionInterfaceMac.h:
3289         * platform/mediastream/RealtimeMediaSourceCenter.h:
3290         (WebCore::RealtimeMediaSourceCenter::setAudioFactory):
3291         (WebCore::RealtimeMediaSourceCenter::unsetAudioFactory):
3292         * platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:
3293         (WebCore::LibWebRTCProvider::setActive):
3294         (WebCore::LibWebRTCProvider::createDecoderFactory):
3295         (WebCore::LibWebRTCProvider::createEncoderFactory):
3296         (WebCore::LibWebRTCProvider::disableEnumeratingAllNetworkInterfaces):
3297         (WebCore::LibWebRTCProvider::enableEnumeratingAllNetworkInterfaces):
3298         * platform/mediastream/libwebrtc/LibWebRTCProvider.h:
3299         * platform/network/ResourceHandleClient.h:
3300         (WebCore::ResourceHandleClient::willCacheResponseAsync):
3301         * testing/MockGamepadProvider.h:
3302         * workers/service/server/SWServer.h:
3303         (WebCore::SWServer::Connection::~Connection):
3304
3305 2018-06-25  Zalan Bujtas  <zalan@apple.com>
3306
3307         [LFC] Adjust static position for out-of-flow positioned boxes.
3308         https://bugs.webkit.org/show_bug.cgi?id=187000
3309
3310         Reviewed by Antti Koivisto.
3311
3312         The static position of an out-of-flow positioned box is the the position where box would go
3313         if it was in-flow positioned. This position needs to the resolved in the containing block's coordinate system.
3314
3315         * layout/blockformatting/BlockFormattingContext.h:
3316         * layout/blockformatting/BlockFormattingContextGeometry.cpp:
3317         (WebCore::Layout::BlockFormattingContext::Geometry::inFlowReplacedWidthAndMargin):
3318         (WebCore::Layout::BlockFormattingContext::Geometry::staticPositionForOutOfFlowPositioned):
3319         (WebCore::Layout::BlockFormattingContext::Geometry::staticPosition):
3320
3321 2018-06-25  Brady Eidson  <beidson@apple.com>
3322
3323         Remove RELEASE_ASSERT added in r230875.
3324         <rdar://problem/40860061> and https://bugs.webkit.org/show_bug.cgi?id=187022
3325
3326         Reviewed by Brent Fulgham.
3327
3328         There's actually more than one way for a network session to be destroyed, and that can happen
3329         asynchronously and unpredictably.
3330
3331         And the request to start up a WebSocket and do its handshake is also asynchronous and unpredictable
3332  
3333         It's an expected race.
3334
3335         If the NetworkStorageSession cannot be found then the WebSocket handshake should just fail.
3336
3337         * platform/network/SocketStreamHandleImpl.cpp:
3338         (WebCore::cookieDataForHandshake): If the NetworkStorageSession cannot be found, return std::nullopt.
3339         (WebCore::SocketStreamHandleImpl::platformSendHandshake): If the cookieData is null, fail the handshake.
3340
3341 2018-06-25  Wenson Hsieh  <wenson_hsieh@apple.com>
3342
3343         [iPad apps on macOS] Web process crashes when attempting to play embedded YouTube video in News
3344         https://bugs.webkit.org/show_bug.cgi?id=187011
3345         <rdar://problem/40906808>
3346
3347         Reviewed by Tim Horton.
3348
3349         Disable remote media commands when running iOS WebKit on macOS. The iOS flavor of RemoteCommandListener
3350         currently throws an exception when attempting to soft-link the MediaPlayer framework, which prevents video from
3351         being played altogether. For a followup tracking touch bar integration in iOS WebKit on macOS, see:
3352         <rdar://problem/39164732>.
3353
3354         Manually tested by playing a YouTube video in News.
3355
3356         * platform/RemoteCommandListener.cpp:
3357         * platform/ios/RemoteCommandListenerIOS.h:
3358         * platform/ios/RemoteCommandListenerIOS.mm:
3359
3360 2018-06-25  Keith Rollin  <krollin@apple.com>
3361         Unreviewed, rolling out r233087.
3362
3363         Causes 5% Mac PLT regression.
3364
3365         Reverted changeset:
3366
3367         "Recalc styles every time defaultAppearance changes."
3368         https://bugs.webkit.org/show_bug.cgi?id=186866
3369         https://trac.webkit.org/changeset/233087
3370
3371 2018-06-25  Brent Fulgham  <bfulgham@apple.com>
3372
3373         REGRESSION(r229722): WebKitLegacy clients can crash when loading alternate page
3374         https://bugs.webkit.org/show_bug.cgi?id=187008
3375         
3376         Reviewed by Chris Dumez.
3377
3378         The new call to 'clearProvisionalLoadForPolicyCheck' added in r229722 broke loading
3379         behavior in WebKitLegacy.
3380
3381         1. We can now enter 'cancelPolicyCheckIfNeeded' without a Frame loader, in what appears
3382            to be a recursive call during the load cancellation (the 'm_waitingForContentPolicy'
3383            and 'm_waitingForNavigationPolicy' have already been nulled). It seems like we should
3384            return early here, or perhaps just move the RELEASE_ASSERT inside the case where we
3385            have an active policy check happening.
3386
3387         2. We also enter FrameLoader::checkContentPolicy without an active document loader. We
3388            should recognize this case and handle it, rather than trying to dereference a nullptr
3389            document loader.
3390
3391         * loader/DocumentLoader.cpp:
3392         (WebCore::DocumentLoader::cancelPolicyCheckIfNeeded): Move the RELEASE_ASSERT inside the
3393         conditional where the frameLoader is actually used.
3394         * loader/FrameLoader.cpp:
3395         (WebCore::FrameLoader::checkContentPolicy): Recognize that the activeDocumentLoader may
3396         be nullptr at this point, and take appropriate action (rather than crashing).
3397
3398 2018-06-25  Simon Fraser  <simon.fraser@apple.com>
3399
3400         MatchedPropertiesCacheItem wastes 388KB of vector capacity on nytimes.com
3401         https://bugs.webkit.org/show_bug.cgi?id=186990
3402
3403         Reviewed by Antti Koivisto.
3404
3405         MatchedPropertiesCacheItem.matchedProperties was appended to, so it allocated capacity
3406         in 16-size chunks. Instead, assign to it so it only allocates as much capacity as is needed.
3407         Copy-constructing is