Resolve style iteratively
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-02-20  Antti Koivisto  <antti@apple.com>
2
3         Resolve style iteratively
4         https://bugs.webkit.org/show_bug.cgi?id=154355
5
6         Reviewed by Andreas Kling.
7
8         Instead of a set of recursive functions use ComposedTreeIterator for traversing the DOM
9         tree in composed tree order.
10
11         This, along with maintaining explicit parent stack makes style resolve code more tractable
12         for future work.
13
14         It also makes the ComposedTreeIterator the definite authority for the shape of the composed tree
15         instead of duplicating it as a set of recursive style resolve functions. This eliminates
16         a significant source of bugs and confusion.
17
18         The render tree building code path remains recursive for now.
19
20         * css/StyleInvalidationAnalysis.cpp:
21         (WebCore::StyleInvalidationAnalysis::invalidateIfNeeded):
22
23             Invalidate the host element instead of the shadow root. This reduces need for special handling for shadow roots.
24
25         * dom/ComposedTreeIterator.cpp:
26         (WebCore::ComposedTreeIterator::initializeContextStack):
27         (WebCore::ComposedTreeIterator::dropAssertions):
28
29             Add support for dropping DOM mutation assertions.
30
31         (WebCore::ComposedTreeIterator::traverseShadowRoot):
32         * dom/ComposedTreeIterator.h:
33         (WebCore::ComposedTreeIterator::context):
34         (WebCore::ComposedTreeIterator::current):
35         * dom/PseudoElement.h:
36         * style/StyleTreeResolver.cpp:
37         (WebCore::Style::TreeResolver::TreeResolver):
38         (WebCore::Style::TreeResolver::Scope::Scope):
39         (WebCore::Style::TreeResolver::Parent::Parent):
40         (WebCore::Style::TreeResolver::pushScope):
41         (WebCore::Style::resetStyleForNonRenderedDescendants):
42         (WebCore::Style::pseudoStyleCacheIsInvalid):
43         (WebCore::Style::TreeResolver::resolveElement):
44         (WebCore::Style::resolveTextNode):
45         (WebCore::Style::TreeResolver::resolveBeforeOrAfterPseudoElement):
46         (WebCore::Style::TreeResolver::pushParent):
47         (WebCore::Style::TreeResolver::popParent):
48         (WebCore::Style::TreeResolver::popParentsToDepth):
49
50             Maintain explicit parent stack.
51
52         (WebCore::Style::TreeResolver::resolveComposedTree):
53
54             The main loop that iterates over the composed tree and computes style for dirty elements.
55
56         (WebCore::Style::TreeResolver::resolve):
57         (WebCore::Style::detachRenderTree):
58         (WebCore::Style::TreeResolver::resolveLocally): Deleted.
59         (WebCore::Style::TreeResolver::resolveChildAtShadowBoundary): Deleted.
60         (WebCore::Style::TreeResolver::resolveShadowTree): Deleted.
61         (WebCore::Style::TreeResolver::resolveChildren): Deleted.
62         (WebCore::Style::TreeResolver::resolveSlotAssignees): Deleted.
63         (WebCore::Style::TreeResolver::resolveRecursively): Deleted.
64
65             Recursive functions go away.
66
67         * style/StyleTreeResolver.h:
68         (WebCore::Style::TreeResolver::scope):
69         (WebCore::Style::TreeResolver::parent):
70
71 2016-02-20  Andreas Kling  <akling@apple.com>
72
73         REGRESSION(r196780): Fake memory handler takes too long to run now.
74
75         Unreviewed bot fix.
76
77         Put the footprint comparison code behind a compile-time flag for now.
78         It's taking too long to run on bots, and memory is getting measured
79         before all the pressure relief code has a chance to run.
80
81         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
82         (WebCore::MemoryPressureHandler::install):
83
84 2016-02-20  Olivier Blin  <olivier.blin@softathome.com>
85
86         Do not require UDate in LocaleICU with !ENABLE_DATE_AND_TIME_INPUT_TYPES
87         https://bugs.webkit.org/show_bug.cgi?id=154483
88
89         Reviewed by Michael Catanzaro.
90
91         Put initializeShortDateFormat(), dateFormat(), m_shortDateFormat and
92         m_didCreateShortDateFormat under flag, since they are only used by
93         code under the ENABLE_DATE_AND_TIME_INPUT_TYPES flag.
94
95         This helps to build with a light ICU that does not provide UDate
96         features (with UCONFIG_NO_FORMATTING).
97
98         * platform/text/LocaleICU.cpp:
99         (WebCore::LocaleICU::LocaleICU):
100         (WebCore::LocaleICU::~LocaleICU):
101         (WebCore::createFallbackMonthLabels): Deleted.
102         (WebCore::createFallbackAMPMLabels): Deleted.
103         * platform/text/LocaleICU.h:
104
105 2016-02-20  Olivier Blin  <olivier.blin@softathome.com>
106
107         Remove declaration of unimplemented methods in LocaleICU
108         https://bugs.webkit.org/show_bug.cgi?id=154482
109
110         Reviewed by Michael Catanzaro.
111
112         detectSignAndGetDigitRange() and matchedDecimalSymbolIndex() are
113         implemented in PlatformLocale, not LocaleICU.
114
115         They were moved out from LocaleICU to NumberLocalizer in r124459
116         (2012), which has then been renamed as Localizer, then Locale, and
117         finally PlatformLocale.
118
119         * platform/text/LocaleICU.h:
120
121 2016-02-20  Commit Queue  <commit-queue@webkit.org>
122
123         Unreviewed, rolling out r196837.
124         https://bugs.webkit.org/show_bug.cgi?id=154495
125
126         It caused a lot of crashes in EFL and GTK bots (Requested by
127         KaL on #webkit).
128
129         Reverted changeset:
130
131         "Wheel event callback removing the window causes crash in
132         WebCore."
133         https://bugs.webkit.org/show_bug.cgi?id=150871
134         http://trac.webkit.org/changeset/196837
135
136 2016-02-19  Chris Dumez  <cdumez@apple.com>
137
138         Land release assertions to help track down a possible HTMLCollection lifetime bug
139         https://bugs.webkit.org/show_bug.cgi?id=154490
140
141         Reviewed by Ryosuke Niwa.
142
143         Land release assertions to help track down a possible HTMLCollection
144         lifetime bug: <rdar://problem/24457478>.
145
146         * bindings/js/JSHTMLCollectionCustom.cpp:
147         (WebCore::JSHTMLCollection::getOwnPropertyNames):
148         * html/HTMLCollection.cpp:
149         (WebCore::HTMLCollection::HTMLCollection):
150         (WebCore::HTMLCollection::~HTMLCollection):
151         * html/HTMLCollection.h:
152         (WebCore::HTMLCollection::wasDeletionStarted):
153         * html/HTMLCollection.idl:
154
155 2016-02-19  Doug Russell  <d_russell@apple.com>
156
157         Bug 154366 - AX: AXObjectCache::visiblePositionForTextMarkerData() doesn't account for equivalent visibly equivalent positions
158         https://bugs.webkit.org/show_bug.cgi?id=154366
159
160         Reviewed by Chris Fleizach.
161
162         Test: accessibility/mac/text-marker-line-boundary.html
163
164         * accessibility/AXObjectCache.cpp:
165         (WebCore::AXObjectCache::visiblePositionForTextMarkerData):
166
167 2016-02-19  Simon Fraser  <simon.fraser@apple.com>
168
169         Use more concrete types for parsing positions
170         https://bugs.webkit.org/show_bug.cgi?id=154481
171
172         Reviewed by Dean Jackson.
173
174         Use CSSPrimitiveValues for position-parsing functions where possible, to avoid
175         the need to downcast<> the values returned by the parsing functions.
176
177         * css/CSSParser.cpp:
178         (WebCore::CSSParser::parseValue):
179         (WebCore::CSSParser::parsePositionX):
180         (WebCore::CSSParser::parsePositionY):
181         (WebCore::CSSParser::parse4ValuesFillPosition):
182         (WebCore::CSSParser::parse3ValuesFillPosition):
183         (WebCore::CSSParser::parseFillPosition):
184         (WebCore::CSSParser::parse2ValuesFillPosition):
185         (WebCore::CSSParser::parseFillProperty):
186         (WebCore::CSSParser::parseTransformOriginShorthand):
187         (WebCore::CSSParser::parseBasicShapeCircle):
188         (WebCore::CSSParser::parseBasicShapeEllipse):
189         (WebCore::CSSParser::parseDeprecatedRadialGradient):
190         (WebCore::CSSParser::parseRadialGradient):
191         (WebCore::CSSParser::parseTransformOrigin):
192         (WebCore::CSSParser::parsePerspectiveOrigin):
193         * css/CSSParser.h:
194
195 2016-02-18  Gavin Barraclough  <barraclough@apple.com>
196
197         JSObject::getPropertySlot - index-as-propertyname, override on prototype, & shadow
198         https://bugs.webkit.org/show_bug.cgi?id=154416
199
200         Reviewed by Geoff Garen.
201
202         * testing/Internals.cpp:
203         (WebCore::Internals::isReadableStreamDisturbed):
204             - fastGetOwnPropertySlot -> getOwnPropertySlot
205               (internal method removed; test shouldn't really have been using this anyway)
206
207 2016-02-19  Chris Dumez  <cdumez@apple.com>
208
209         HTMLFormElement.autocomplete should only return known values
210         https://bugs.webkit.org/show_bug.cgi?id=154247
211         <rdar://problem/24658195>
212
213         Reviewed by Ryosuke Niwa.
214
215         Update HTMLFormElement.autocomplete to only return known values:
216         - https://html.spec.whatwg.org/multipage/forms.html#dom-form-autocomplete
217         - https://html.spec.whatwg.org/multipage/forms.html#attr-form-autocomplete
218
219         Also, update HTMLInputElement.autocomplete to fall back to using the form
220         owner's autocomplete attribute ("on" or "off") when it's autocomplete
221         attribute is omitted and the input element is wearing the "autofill
222         expectation mantle" (i.e. the input is not hidden). If there is no
223         form owner, the "on" value is used instead. This behavior is specified
224         in:
225         https://html.spec.whatwg.org/multipage/forms.html#autofilling-form-controls:-the-autocomplete-attribute:attr-fe-autocomplete-7
226
227         No new tests, already covered by existing tests.
228
229         * html/HTMLFormControlElement.cpp:
230         (WebCore::HTMLFormControlElement::autocomplete):
231         * html/HTMLFormElement.cpp:
232         (WebCore::HTMLFormElement::setAutocomplete):
233         (WebCore::HTMLFormElement::autocomplete):
234         * html/HTMLFormElement.h:
235         * html/HTMLFormElement.idl:
236
237 2016-02-19  Chris Dumez  <cdumez@apple.com>
238
239         Drop UnsafeVectorOverflow on ElementDescendantConstIterator::m_ancestorSiblingStack
240         https://bugs.webkit.org/show_bug.cgi?id=154477
241
242         Reviewed by Ryosuke Niwa.
243
244         Drop UnsafeVectorOverflow on ElementDescendantConstIterator::m_ancestorSiblingStack to
245         restore bounds checking.
246
247         Andreas already dropped in on ElementDescendantIterator::m_ancestorSiblingStack in
248         r178253 but did not update the "Const" counterpart.
249
250         * dom/ElementDescendantIterator.h:
251
252 2016-02-19  Simon Fraser  <simon.fraser@apple.com>
253
254         Wheel event callback removing the window causes crash in WebCore.
255         https://bugs.webkit.org/show_bug.cgi?id=150871
256
257         Reviewed by Brent Fulgham.
258
259         Null check the FrameView before using it, since the iframe may have been removed
260         from its parent document inside the event handler.
261         
262         The new test triggered a cross-load side-effect, where wheel event filtering wasn't
263         reset between page loads. Fix by calling clearLatchedState() in EventHandler::clear(),
264         which resets the filtering.
265
266         Test: fast/events/wheel-event-destroys-frame.html
267
268         * page/EventHandler.cpp:
269         (WebCore::EventHandler::clear):
270         * page/WheelEventDeltaFilter.cpp:
271         (WebCore::WheelEventDeltaFilter::filteredDelta):
272         * page/mac/EventHandlerMac.mm:
273         (WebCore::EventHandler::platformCompleteWheelEvent):
274         * rendering/RenderLayer.cpp:
275         (WebCore::RenderLayer::scrollTo):
276
277 2016-02-19  Myles C. Maxfield  <mmaxfield@apple.com>
278
279         [Win] [SVG -> OTF Converter] All uses of a font except the first one are invisible
280         https://bugs.webkit.org/show_bug.cgi?id=154465
281
282         Reviewed by Alex Christensen.
283
284         We should re-use the existing converted data if it exists.
285
286         Covered by existing tests.
287
288         * css/CSSFontFaceSource.cpp:
289         (WebCore::CSSFontFaceSource::font):
290
291 2016-02-19  Antti Koivisto  <antti@apple.com>
292
293         ComposedTreeIterator traverses normal children for elements with empty shadow root
294         https://bugs.webkit.org/show_bug.cgi?id=154464
295
296         Reviewed by Ryosuke Niwa.
297
298         Test: fast/shadow-dom/composed-tree-basic.html
299
300         * dom/ComposedTreeIterator.cpp:
301         (WebCore::ComposedTreeIterator::initializeContextStack):
302         (WebCore::ComposedTreeIterator::traverseShadowRoot):
303
304             If the shadow root is empty continue by skipping the real children.
305
306         (WebCore::ComposedTreeIterator::traverseNextInShadowTree):
307         (WebCore::composedTreeAsText):
308         (WebCore::ComposedTreeIterator::pushContext): Deleted.
309         * dom/ComposedTreeIterator.h:
310         (WebCore::ComposedTreeIterator::context):
311         (WebCore::ComposedTreeIterator::current):
312         (WebCore::ComposedTreeIterator::traverseNext):
313         (WebCore::composedTreeChildren):
314         * testing/Internals.cpp:
315         (WebCore::Internals::composedTreeAsText):
316
317             Testing support.
318
319         * testing/Internals.h:
320         * testing/Internals.idl:
321
322 2016-02-19  Jer Noble  <jer.noble@apple.com>
323
324         Adopt CachedRawResourceClient::shouldCacheResponse() in MediaResourceLoader and WebCoreNSURLSession
325         https://bugs.webkit.org/show_bug.cgi?id=154466
326
327         Reviewed by Alex Christensen.
328
329         Adopt the new shouldCacheResponse() callback so that byte-range
330         requests generated by WebCoreNSURLSession are not cached.
331
332         * loader/MediaResourceLoader.cpp:
333         (WebCore::MediaResource::shouldCacheResponse):
334         * loader/MediaResourceLoader.h:
335         * platform/graphics/PlatformMediaResourceLoader.h:
336         (WebCore::PlatformMediaResourceClient::shouldCacheResponse):
337         * platform/network/cocoa/WebCoreNSURLSession.mm:
338         (-[WebCoreNSURLSession downloadTaskWithRequest:]):
339         (-[WebCoreNSURLSession streamTaskWithHostName:port:]):
340         (-[WebCoreNSURLSession streamTaskWithNetService:]):
341         (-[WebCoreNSURLSessionDataTask _timingData]):
342         (-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]):
343
344 2016-02-12  Jer Noble  <jer.noble@apple.com>
345
346         [Mac] CORS-compliant videos throw security errors when painting to Canvas
347         https://bugs.webkit.org/show_bug.cgi?id=154188
348         <rdar://problem/22959556>
349
350         Reviewed by Alex Christensen.
351
352         Pass the CORS access check results from WebCoreNSURLSession to it's client,
353         MediaPlayerPrivateAVFoundationObjC.
354
355         * WebCore.xcodeproj/project.pbxproj:
356         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
357         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
358         (WebCore::MediaPlayerPrivateAVFoundationObjC::didPassCORSAccessCheck): Ask the WebCoreNSURLSession.
359         * platform/network/cocoa/WebCoreNSURLSession.h:
360         * platform/network/cocoa/WebCoreNSURLSession.mm:
361         (-[WebCoreNSURLSession task:didReceiveCORSAccessCheckResult:]): Conditionally set _corsResults.
362         (-[WebCoreNSURLSession didPassCORSAccessChecks]): Return _corsResults.
363         (WebCoreNSURLSessionDataTaskClient::accessControlCheckFailed): Call -resource:accessControlCheckFailedWithError:.
364         (WebCoreNSURLSessionDataTaskClient::loadFailed): Call -resource:loadFailedWithError:.
365         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Set _response within the delegate queue.
366         (-[WebCoreNSURLSessionDataTask _resource:loadFinishedWithError:]): Renamed from resourceFinished:
367         (-[WebCoreNSURLSessionDataTask resource:accessControlCheckFailedWithError:]): Ditto.
368         (-[WebCoreNSURLSessionDataTask resource:loadFailedWithError:]): Ditto.
369         (-[WebCoreNSURLSessionDataTask resourceFinished:]): Ditto.
370
371 2016-02-19  Chris Dumez  <cdumez@apple.com>
372
373         Unreviewed build fix.
374
375         * loader/cocoa/SubresourceLoaderCocoa.mm:
376         (WebCore::SubresourceLoader::willCacheResponse):
377
378 2016-02-19  Nan Wang  <n_wang@apple.com>
379
380         AX: Inconsistency between CharacterOffset and VisiblePostition
381         https://bugs.webkit.org/show_bug.cgi?id=154431
382
383         Reviewed by Chris Fleizach.
384
385         VoiceOver is not getting the correct text marker from VisiblePostition when
386         navigating using arrow keys. We should make the CharacterOffset behavior consistent
387         with VisiblePosition so that the conversion between the two won't create different
388         text markers.
389         
390         Changes are covered in the modified tests.
391
392         * accessibility/AXObjectCache.cpp:
393         (WebCore::AXObjectCache::characterOffsetForTextMarkerData):
394         (WebCore::AXObjectCache::traverseToOffsetInRange):
395         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
396         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
397         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
398         (WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
399         (WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
400         (WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
401         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
402         (WebCore::AXObjectCache::accessibilityObjectForTextMarkerData):
403         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
404         (WebCore::AXObjectCache::nextCharacterOffset):
405         (WebCore::AXObjectCache::previousCharacterOffset):
406         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
407         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
408         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
409         (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
410         (WebCore::AXObjectCache::previousSentenceStartCharacterOffset):
411         * accessibility/AXObjectCache.h:
412         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
413         (-[WebAccessibilityObjectWrapper doAXAttributedStringForTextMarkerRange:]):
414
415 2016-02-19  Jer Noble  <jer.noble@apple.com>
416
417         Allow CachedRawResource clients to opt out of caching on a per-response basis
418         https://bugs.webkit.org/show_bug.cgi?id=154453
419
420         Reviewed by Brady Eidson.
421
422         For CF or NS networking clients, the system loader will ask whether the client (the
423         SubResourceLoader in this case) wants the response to be cached. This breaks for byte
424         range requests due to <rdar://problem/20001985>. Allow the SubresourceLoader to query
425         its clients, and return null, if they opt out.
426
427         * loader/cache/CachedRawResource.cpp:
428         (WebCore::CachedRawResource::shouldCacheResponse):
429         * loader/cache/CachedRawResource.h:
430         * loader/cache/CachedRawResourceClient.h:
431         (WebCore::CachedRawResourceClient::shouldCacheResponse):
432         * loader/cache/CachedResource.h:
433         (WebCore::CachedResource::shouldCacheResponse):
434         * loader/cocoa/SubresourceLoaderCocoa.mm:
435         (WebCore::SubresourceLoader::willCacheResponse):
436
437 2016-02-19  Zalan Bujtas  <zalan@apple.com>
438
439         Blocked plug-in placeholder is sometimes not shown.
440         https://bugs.webkit.org/show_bug.cgi?id=154434
441         <rdar://problem/22584973>
442
443         Reviewed by Brent Fulgham.
444
445         m_isUnavailablePluginIndicatorHidden was set to false incorrectly as initial value.
446         It prevented RenderEmbeddedObject from issuing repaint when the plugin indicator
447         was set to visible (m_isUnavailablePluginIndicatorHidden <- false) the first time.
448         (The reason why the indicator showed up most of the time was because some renderer
449         triggered repaint on the view.)
450
451         Unable to test.
452
453         * rendering/RenderEmbeddedObject.cpp:
454         (WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsHidden):
455         (WebCore::RenderEmbeddedObject::RenderEmbeddedObject): Deleted.
456         (WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsPressed): Deleted.
457         * rendering/RenderEmbeddedObject.h:
458         (WebCore::RenderEmbeddedObject::showsUnavailablePluginIndicator):
459
460 2016-02-19  Csaba Osztrogonác  <ossy@webkit.org>
461
462         Fix pessimizing-move warnings
463         https://bugs.webkit.org/show_bug.cgi?id=154395
464
465         Reviewed by Michael Catanzaro.
466
467         * platform/graphics/efl/CairoUtilitiesEfl.cpp:
468         (WebCore::evasObjectFromCairoImageSurface):
469         * platform/graphics/surfaces/GLTransportSurface.cpp:
470         (WebCore::GLTransportSurface::createTransportSurface):
471         (WebCore::GLTransportSurfaceClient::createTransportSurfaceClient):
472
473 2016-02-19  Philippe Normand  <pnormand@igalia.com>
474
475         [GStreamer] clean-up various leaks
476         https://bugs.webkit.org/show_bug.cgi?id=154285
477
478         Reviewed by Carlos Garcia Campos.
479
480         * platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:
481         (webkit_web_audio_src_init): Take full ownership of the GstTask.
482         * platform/graphics/gstreamer/GRefPtrGStreamer.cpp:
483         (WTF::adoptGRef): Null pointer support in ASSERTs.
484         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
485         (WebCore::initializeGStreamerAndRegisterWebKitElements): Take full ownership of the GstElementFactory pointers.
486         (WebCore::MediaPlayerPrivateGStreamer::isAvailable): Ditto.
487
488 2016-02-18  Andy Estes  <aestes@apple.com>
489
490         Revert to dispatching the popstate event synchronously
491         https://bugs.webkit.org/show_bug.cgi?id=153297
492         rdar://problem/24092294
493
494         Reviewed by Brent Fulgham.
495
496         r192369 made the popstate event dispatch asynchronously, which matches what the HTML5 spec says to do. However,
497         due to compatibility regressions we need to revert back to dispatching synchronously. This change reverts
498         r192369's changes to Document.cpp, but retains the new tests.
499
500         Firing popstate synchronously makes both fast/loader/remove-iframe-during-history-navigation-different.html and
501         fast/loader/remove-iframe-during-history-navigation-same.html crash, because their onpopstate handlers remove
502         frames from the document that will later be accessed by HistoryController::recursiveGoToItem().
503
504         To prevent the crashes, this change does two things:
505         1. Keep a reference to the current frame inside FrameLoader::loadSameDocumentItem(), since calling
506            loadInSameDocument() might otherwise delete it.
507         2. Handle a null frame when iterating a HistoryItem's child frames in HistoryController::recursiveGoToItem(),
508            since calling goToItem() on one frame might cause another frame to be deleted.
509
510         Covered by existing tests. fast/loader/stateobjects/popstate-is-asynchronous.html was renamed to
511         fast/loader/stateobjects/popstate-is-synchronous.html and modified to expect synchronous dispatch.
512
513         * dom/Document.cpp:
514         (WebCore::Document::enqueuePopstateEvent):
515         * loader/FrameLoader.cpp:
516         (WebCore::FrameLoader::loadSameDocumentItem):
517         * loader/HistoryController.cpp:
518         (WebCore::HistoryController::recursiveGoToItem):
519
520 2016-02-19  Carlos Garcia Campos  <cgarcia@igalia.com>
521
522         Unreviewed. Fix GObject DOM bindings API break after r196769.
523
524         * html/HTMLTextAreaElement.idl:
525
526 2016-02-18  Gwang Yoon Hwang  <yoon@igalia.com>
527
528         [GTK] Limit the number of tiles according to the visible area
529         https://bugs.webkit.org/show_bug.cgi?id=126122
530
531         Reviewed by Carlos Garcia Campos.
532
533         TextureMapperTiledBackingStore creates tiles for whole layer bounds, which
534         means it creates the huge amount of textures if there is an excessively big
535         layer.  Not only it wastes the memory and the CPU time, it even can crash GPU
536         drivers.
537
538         This patch modifies TextureMapperTiledBackingStore to take into account the
539         visible area with a coverage multiplier when creating tiles.
540
541         * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
542         (WebCore::GraphicsLayerTextureMapper::GraphicsLayerTextureMapper):
543         Set a flag to recalculate the visible area of the layer when there are
544         geometric changes.
545         (WebCore::GraphicsLayerTextureMapper::setContentsToImage):
546         (WebCore::GraphicsLayerTextureMapper::flushCompositingStateForThisLayerOnly):
547         (WebCore::GraphicsLayerTextureMapper::updateBackingStoreIncludingSubLayers):
548         (WebCore::GraphicsLayerTextureMapper::updateBackingStoreIfNeeded):
549         (WebCore::GraphicsLayerTextureMapper::markVisibleRectAsDirty):
550         (WebCore::GraphicsLayerTextureMapper::selfOrAncestorHasActiveTransformAnimation):
551         (WebCore::GraphicsLayerTextureMapper::computeTransformedVisibleRect):
552         Compute the inverse transform matrix to map a global visible are to
553         the local visible area.
554         (WebCore::clampToContentsRectIfRectIsInfinite):
555         (WebCore::GraphicsLayerTextureMapper::transformedVisibleRect):
556         * platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:
557         (WebCore::TextureMapperTiledBackingStore::paintToTextureMapper):
558         In HiDPI, the directly composited image is uploaded to the unscaled
559         texture to reduce memory usages. So we should apply device scale
560         factor to render it correctly.
561         (WebCore::TextureMapperTiledBackingStore::createOrDestroyTilesIfNeeded):
562         Create tiles which covered by visible rect with a coverage multiplier.
563
564 2016-02-18  Brent Fulgham  <bfulgham@apple.com>
565
566         Extend HashCountedSet with a method to efficiently set the count of an entry
567         https://bugs.webkit.org/show_bug.cgi?id=154352
568
569         Reviewed by Geoffrey Garen.
570
571         Tested by new TestWebKitAPI tests.
572
573         * loader/ResourceLoadStatistics.cpp:
574         (WebCore::decodeHashCountedSet): Update to use new HashCountedSet::add method.
575
576 2016-02-18  Commit Queue  <commit-queue@webkit.org>
577
578         Unreviewed, rolling out r196790.
579         https://bugs.webkit.org/show_bug.cgi?id=154439
580
581         made fast/events/wheelevent-basic-actual.txt fail in WK2
582         (Requested by alexchristensen on #webkit).
583
584         Reverted changeset:
585
586         "Wheel event callback removing the window causes crash in
587         WebCore."
588         https://bugs.webkit.org/show_bug.cgi?id=150871
589         http://trac.webkit.org/changeset/196790
590
591 2016-02-18  Commit Queue  <commit-queue@webkit.org>
592
593         Unreviewed, rolling out r196791.
594         https://bugs.webkit.org/show_bug.cgi?id=154438
595
596         broke windows build (Requested by alexchristensen on #webkit).
597
598         Reverted changeset:
599
600         "Extend HashCountedSet with a method to efficiently set the
601         count of an entry"
602         https://bugs.webkit.org/show_bug.cgi?id=154352
603         http://trac.webkit.org/changeset/196791
604
605 2016-02-18  Chris Dumez  <cdumez@apple.com>
606
607         window.history / window.navigator should not be replaceable
608         https://bugs.webkit.org/show_bug.cgi?id=154412
609
610         Reviewed by Ryosuke Niwa.
611
612         window.history / window.navigator should not be replaceable as per
613         the latest HTML specification:
614         https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
615
616         Firefox and Chrome already match the specification. This patch aligns
617         our behavior.
618
619         No new tests, already covered by existing tests.
620
621         * page/DOMWindow.idl:
622
623 2016-02-18  Chris Dumez  <cdumez@apple.com>
624
625         HTMLTableHeaderCellElement.scope should only return known values
626         https://bugs.webkit.org/show_bug.cgi?id=154423
627         <rdar://problem/24731018>
628
629         Reviewed by Ryosuke Niwa.
630
631         HTMLTableHeaderCellElement.scope should only return known values as per:
632         - https://html.spec.whatwg.org/multipage/tables.html#dom-th-scope
633
634         Known values are document here:
635         - https://html.spec.whatwg.org/multipage/tables.html#attr-th-scope
636
637         No new tests, already covered by existing test.
638
639         * CMakeLists.txt:
640         * WebCore.vcxproj/WebCore.vcxproj:
641         * WebCore.vcxproj/WebCore.vcxproj.filters:
642         * WebCore.xcodeproj/project.pbxproj:
643         * html/HTMLElementsAllInOne.cpp:
644         * html/HTMLTableHeaderCellElement.cpp: Copied from Source/WebCore/html/HTMLTableHeaderCellElement.h.
645         (WebCore::HTMLTableHeaderCellElement::scope):
646         (WebCore::HTMLTableHeaderCellElement::setScope):
647         * html/HTMLTableHeaderCellElement.h:
648         * html/HTMLTableHeaderCellElement.idl:
649
650 2016-02-18  Brent Fulgham  <bfulgham@apple.com>
651
652         Extend HashCountedSet with a method to efficiently set the count of an entry
653         https://bugs.webkit.org/show_bug.cgi?id=154352
654
655         Reviewed by Geoffrey Garen.
656
657         Tested by new TestWebKitAPI tests.
658
659         * loader/ResourceLoadStatistics.cpp:
660         (WebCore::decodeHashCountedSet): Update to use new HashCountedSet::add method.
661
662 2016-02-18  Simon Fraser  <simon.fraser@apple.com>
663
664         Wheel event callback removing the window causes crash in WebCore.
665         https://bugs.webkit.org/show_bug.cgi?id=150871
666
667         Reviewed by Brent Fulgham.
668         
669         Null check the FrameView before using it, since the iframe may have been removed
670         from its parent document inside the event handler.
671
672         Test: fast/events/wheel-event-destroys-frame.html
673
674         * page/mac/EventHandlerMac.mm:
675         (WebCore::EventHandler::platformCompleteWheelEvent):
676
677 2016-02-18  Brady Eidson  <beidson@apple.com>
678
679         Modern IDB: Fix IDBGetResult encoder/decoder.
680         https://bugs.webkit.org/show_bug.cgi?id=154421
681
682         Reviewed by Alex Christensen.
683
684         No new tests, as Modern IDB is still disabled for WK2.
685         
686         But if you manually enable it, "Basic IndexedDB Seems To Work"
687
688         * Modules/indexeddb/IDBGetResult.h:
689         (WebCore::IDBGetResult::encode):
690         (WebCore::IDBGetResult::decode):
691
692 2016-02-18  Myles C. Maxfield  <mmaxfield@apple.com>
693
694         Addressing post-review comments after r196747.
695
696         Unreviewed.
697
698         * css/CSSFontFaceSet.h:
699         * css/FontFaceSet.cpp:
700         (WebCore::FontFaceSet::size):
701         (WebCore::FontFaceSet::clear):
702         * css/FontFaceSet.h:
703
704 2016-02-18  Zalan Bujtas  <zalan@apple.com>
705
706         Soft hyphen is not shown when it is placed at the end of an inline element
707         https://bugs.webkit.org/show_bug.cgi?id=153980
708
709         Reviewed by David Hyatt.
710
711         This patch handles the case when the character at the breaking position does not fit the
712         line and soft-hyphen, as the first breaking opportunity, is followed by this overflowing character.
713         (foo&shy;bar where b overflows the line).
714         In such cases we don't yet have an item in the breaking history so we need to take a look at
715         the current context instead.    
716
717         Test: fast/text/soft-hyphen-as-first-breaking-opportunity.html
718
719         * rendering/line/BreakingContext.h:
720         (WebCore::BreakingContext::InlineIteratorHistory::nextBreakablePosition):
721         (WebCore::BreakingContext::handleText):
722
723 2016-02-18  Andreas Kling  <akling@apple.com>
724
725         Fake memory pressure handler should log detailed memory breakdown.
726         <https://webkit.org/b/154415>
727
728         Reviewed by Antti Koivisto.
729
730         Piggyback on the RESOURCE_USAGE code to implement some detailed memory footprint diffing
731         and have the fake memory handler dump before/after/diff after it runs.
732
733         * page/ResourceUsageThread.h:
734         (WebCore::TagInfo::TagInfo):
735         * page/cocoa/ResourceUsageThreadCocoa.mm:
736         (WebCore::logFootprintComparison):
737         (WebCore::displayNameForVMTag):
738         (WebCore::pagesPerVMTag):
739         (WebCore::TagInfo::TagInfo): Deleted.
740         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
741         (WebCore::MemoryPressureHandler::install):
742
743 2016-02-18  Brady Eidson  <beidson@apple.com>
744
745         Modern IDB: Implement server->client operations in WK2.
746         https://bugs.webkit.org/show_bug.cgi?id=154411
747
748         Reviewed by Alex Christensen.
749
750         No change in behavior yet; Just laying the groundwork.
751     
752         * Modules/indexeddb/client/IDBConnectionToServer.h:
753         * Modules/indexeddb/server/IDBServer.h:
754         * Modules/indexeddb/shared/IDBTransactionInfo.h:
755         (WebCore::IDBTransactionInfo::encode):
756         (WebCore::IDBTransactionInfo::decode):
757
758 2016-02-18  Csaba Osztrogonác  <ossy@webkit.org>
759
760         Fix unused-const-variable warning on non Cocoa platforms
761         https://bugs.webkit.org/show_bug.cgi?id=154394
762
763         Reviewed by Michael Catanzaro.
764
765         * html/HTMLPlugInImageElement.cpp:
766
767 2016-02-18  Brady Eidson  <beidson@apple.com>
768
769         Modern IDB: Implement client->server operations in WK2.
770         https://bugs.webkit.org/show_bug.cgi?id=154400
771
772         Reviewed by Alex Christensen.
773
774         No change in behavior yet; Just laying the groundwork.
775
776         * Modules/indexeddb/server/IDBServer.h:
777         * Modules/indexeddb/server/UniqueIDBDatabase.h:
778         * Modules/indexeddb/shared/IDBIndexInfo.h:
779         * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
780
781 2016-02-18  Chris Dumez  <cdumez@apple.com>
782
783         [Unforgeable] operations should not be writable as per Web IDL
784         https://bugs.webkit.org/show_bug.cgi?id=154396
785         <rdar://problem/24721063>
786
787         Reviewed by Ryosuke Niwa.
788
789         [Unforgeable] operations should not be writable as per the Web IDL specification:
790         http://heycam.github.io/webidl/#es-operations
791
792         They were currently non-configurable in WebKit but still writable.
793
794         No new tests, already covered by existing test.
795
796         * bindings/scripts/CodeGeneratorJS.pm:
797         Mark [Unforgeable] operations as ReadOnly.
798
799         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
800         * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
801         * bindings/scripts/test/JS/JSTestObj.cpp:
802         * bindings/scripts/test/ObjC/DOMTestObj.h:
803         * bindings/scripts/test/ObjC/DOMTestObj.mm:
804         * bindings/scripts/test/TestObj.idl:
805         Add bindings test coverage for [Unforgeable].
806
807 2016-02-18  Chris Dumez  <cdumez@apple.com>
808
809         Fix behavior of reflecting unsigned long IDL attributes that are limited to only non-negative numbers greater than zero
810         https://bugs.webkit.org/show_bug.cgi?id=154398
811
812         Reviewed by Ryosuke Niwa.
813
814         Fix behavior of reflecting unsigned long IDL attributes that are limited
815         to only non-negative numbers greater than zero to comply with:
816         - https://html.spec.whatwg.org/#limited-to-only-non-negative-numbers-greater-than-zero
817
818         This patch updates the following IDL attributes:
819         - colgroup.span
820         - col.span
821         - input.size
822         - textarea.cols
823         - textareal.rows
824
825         All of them now:
826         - Have "unsigned long" type on IDL size and "unsigned" type on native
827           side.
828         - On getting, return the value if it is in the range [1; 2147483647],
829           otherwise return the default value.
830         - On setting, set to the input value if it is in the range
831           [1; 2147483647], otherwise, set to the default value.
832
833         Note that as per the specification, we are supposed to throw an
834         IndexSizeError exception when trying to set those attributes to zero.
835         However, we instead use the default value to match other browsers.
836         It would be risky to be the only browser to throw in this case.
837
838         No new tests, already covered by existing test.
839
840         * html/HTMLInputElement.cpp:
841         (WebCore::HTMLInputElement::parseAttribute):
842         (WebCore::HTMLInputElement::setSize):
843         * html/HTMLTableColElement.cpp:
844         (WebCore::HTMLTableColElement::parseAttribute):
845         (WebCore::HTMLTableColElement::setSpan):
846         * html/HTMLTableColElement.h:
847         * html/HTMLTableColElement.idl:
848         * html/HTMLTextAreaElement.cpp:
849         (WebCore::HTMLTextAreaElement::parseAttribute):
850         (WebCore::HTMLTextAreaElement::setCols):
851         (WebCore::HTMLTextAreaElement::setRows):
852         (WebCore::HTMLTextAreaElement::shouldUseInputMethod): Deleted.
853         * html/HTMLTextAreaElement.h:
854         * html/HTMLTextAreaElement.idl:
855         * html/parser/HTMLParserIdioms.h:
856         (WebCore::limitToOnlyNonNegativeNumbersGreaterThanZero):
857
858 2016-02-18  David Kilzer  <ddkilzer@apple.com>
859
860         Remove redundant ASSERT_WITH_MESSAGE_UNUSED() from SOFT_LINK_FRAMEWORK_FOR_SOURCE() macro
861
862         Follow-up fix noted by Andy Estes for:
863
864             [Cocoa] Always check the return value of dlopen() and dlsym() in Release builds
865             <http://webkit.org/b/154364>
866
867         * platform/mac/SoftLinking.h:
868         (SOFT_LINK_FRAMEWORK_FOR_SOURCE): Remove redundant
869         ASSERT_WITH_MESSAGE_UNUSED().
870
871 2016-02-18  Andreas Kling  <akling@apple.com>
872
873         Reduce tiling coverage immediately when memory pressure hits.
874         <https://webkit.org/b/154374>
875
876         Reviewed by Simon Fraser.
877
878         We already had a policy that reduced tiling coverage to a minimum while the system
879         is under memory pressure. However, that policy wouldn't kick in immediately after
880         receiving the pressure notification, but the next time we flush compositing state.
881
882         This change makes it happen sooner, improving our chances to escape death!
883
884         * page/Page.h:
885         * page/Page.cpp:
886         (WebCore::Page::forEachPage):
887
888             Add a little helper for visiting every Page.
889
890         * platform/MemoryPressureHandler.cpp:
891         (WebCore::MemoryPressureHandler::releaseCriticalMemory):
892
893             When under critical memory pressure, schedule a compositing flush in all Pages.
894             This ensures that the reduced tiling coverage policy takes effect, allowing us to
895             immediately drop several tiles in each visible web view.
896
897         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
898         (WebCore::MemoryPressureHandler::install):
899
900             To ensure that this behavior is testable with the fake memory pressure notification,
901             make the fake handler set the "in memory pressure" state just like the real one would.
902             I don't know why we were not doing this previously, it was just an oversight.
903             After the simulation completes, it schedules a runloop callback that resets the
904             "in memory pressure" state.
905
906 2016-02-17  Myles C. Maxfield  <mmaxfield@apple.com>
907
908         [Font Loading] Implement FontFaceSet
909         https://bugs.webkit.org/show_bug.cgi?id=153348
910
911         Reviewed by Simon Fraser.
912
913         The CSS Font Loading spec includes a FontFaceSet object which represents
914         a collection of FontFaces. This patch implements such an object, and
915         backs it with a vector of FontFaces. Similarly to the FontFace object,
916         FontFaceSet is separated into a FontFaceSet frontend object and a
917         CSSFontFaceSet backend object, which actually owns the FontFace objects.
918         All the interaction with Promises is performed in the frontend object.
919
920         This patch does not implement the EventTarget part of the FontFaceSet
921         API, so the only way to know when a font is finished loading is by using
922         the associated Promise objects.
923
924         The CSS Font Loading spec describes how the Document should vend an
925         instance of FontFaceSet which represents the font faces currently
926         associated with the Document. However, that functionality is
927         forthcoming. Currently, the only way to get a FontFaceSet is to create
928         one yourself (using the constructor). Therefore, this patch does not
929         implement the spec's notion of a "CSS-connected font face."
930
931         Test: fast/text/font-face-set-javascript.html
932
933         * CMakeLists.txt: Add new files.
934         * DerivedSources.make: Ditto.
935         * WebCore.vcxproj/WebCore.vcxproj: Ditto.
936         * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
937         * WebCore.xcodeproj/project.pbxproj: Ditto.
938         * bindings/js/JSFontFaceSetCustom.cpp: Added.
939         (WebCore::JSFontFaceSet::ready): Use the Promise member.
940         (WebCore::JSFontFaceSet::entries): Use existing iterator code.
941         (WebCore::JSFontFaceSet::keys):
942         (WebCore::JSFontFaceSet::values):
943         * css/CSSAllInOne.cpp: Add new files.
944         * css/CSSFontFace.cpp: We now have a collection of clients (instead of
945         just one). Also, we need to keep a pointer to our FontFace wrapper.
946         (WebCore::CSSFontFace::CSSFontFace):
947         (WebCore::CSSFontFace::addClient):
948         (WebCore::CSSFontFace::removeClient):
949         (WebCore::CSSFontFace::setStatus): Rename the delegate callback to be
950         more clear.
951         (WebCore::CSSFontFace::fontLoaded):
952         (WebCore::CSSFontFace::addedToSegmentedFontFace): Deleted.
953         (WebCore::CSSFontFace::removedFromSegmentedFontFace): Deleted.
954         * css/CSSFontFace.h: Same as above.
955         (WebCore::CSSFontFace::create):
956         (WebCore::CSSFontFace::Client::~Client):
957         (WebCore::CSSFontFace::Client::kick):
958         (WebCore::CSSFontFace::Client::stateChanged):
959         (WebCore::CSSFontFace::wrapper):
960         (WebCore::CSSFontFaceClient::~CSSFontFaceClient): Deleted.
961         * css/CSSFontFaceSet.cpp: Added. Initial imlementation.
962         (WebCore::CSSFontFaceSet::CSSFontFaceSet):
963         (WebCore::CSSFontFaceSet::~CSSFontFaceSet):
964         (WebCore::CSSFontFaceSet::incrementActiveCount):
965         (WebCore::CSSFontFaceSet::decrementActiveCount):
966         (WebCore::CSSFontFaceSet::has):
967         (WebCore::CSSFontFaceSet::add):
968         (WebCore::CSSFontFaceSet::remove):
969         (WebCore::extractFamilies):
970         (WebCore::familiesIntersect): Because this is an initial imlementation,
971         this function is not optimized. A subsequent patch (which implements
972         Document.fonts) will optimize this.
973         (WebCore::CSSFontFaceSet::matchingFaces):
974         (WebCore::CSSFontFaceSet::load):
975         (WebCore::CSSFontFaceSet::check):
976         (WebCore::CSSFontFaceSet::stateChanged):
977         * css/CSSFontFaceSet.h: Added.
978         (WebCore::CSSFontFaceSetClient::~CSSFontFaceSetClient):
979         (WebCore::CSSFontFaceSet::size):
980         (WebCore::CSSFontFaceSet::operator[]):
981         (WebCore::CSSFontFaceSet::status):
982         * css/CSSFontSelector.cpp:
983         (WebCore::CSSFontSelector::familyNameFromPrimitive):
984         (WebCore::CSSFontSelector::registerLocalFontFacesForFamily):
985         (WebCore::CSSFontSelector::addFontFaceRule):
986         (WebCore::familyNameFromPrimitive): Deleted.
987         (WebCore::CSSFontSelector::kick): Deleted.
988         * css/CSSFontSelector.h:
989         * css/CSSSegmentedFontFace.cpp:
990         (WebCore::CSSSegmentedFontFace::~CSSSegmentedFontFace):
991         (WebCore::CSSSegmentedFontFace::appendFontFace):
992         (WebCore::CSSSegmentedFontFace::kick):
993         (WebCore::CSSSegmentedFontFace::fontLoaded): Deleted.
994         * css/CSSSegmentedFontFace.h:
995         * css/FontFace.cpp:
996         (WebCore::FontFace::FontFace):
997         (WebCore::FontFace::~FontFace):
998         (WebCore::FontFace::stateChanged): Renamed to make its purpose clearer.
999         (WebCore::FontFace::kick): Deleted.
1000         * css/FontFace.h:
1001         * css/FontFaceSet.cpp: Added.
1002         (WebCore::createPromise):
1003         (WebCore::FontFaceSet::FontFaceSet):
1004         (WebCore::FontFaceSet::~FontFaceSet):
1005         (WebCore::FontFaceSet::Iterator::Iterator):
1006         (WebCore::FontFaceSet::Iterator::next):
1007         (WebCore::FontFaceSet::PendingPromise::PendingPromise):
1008         (WebCore::FontFaceSet::PendingPromise::~PendingPromise):
1009         (WebCore::FontFaceSet::has):
1010         (WebCore::FontFaceSet::size):
1011         (WebCore::FontFaceSet::add):
1012         (WebCore::FontFaceSet::remove):
1013         (WebCore::FontFaceSet::clear):
1014         (WebCore::FontFaceSet::load): Most of the complexity of loading is
1015         due to the promises involved. Rather than use the Javascript function
1016         Promise.all(), this patch builds a data structure to represent the
1017         promises which need to be resolved. When fonts finish loading, we look
1018         at the data structure to determine which promises to resolve.
1019         (WebCore::FontFaceSet::check):
1020         (WebCore::FontFaceSet::status):
1021         (WebCore::FontFaceSet::canSuspendForDocumentSuspension):
1022         (WebCore::FontFaceSet::startedLoading):
1023         (WebCore::FontFaceSet::completedLoading):
1024         (WebCore::FontFaceSet::fulfillPromise): Keep the promise alive.
1025         (WebCore::FontFaceSet::faceFinished):
1026         * css/FontFaceSet.h: Added.
1027         (WebCore::FontFaceSet::create):
1028         (WebCore::FontFaceSet::load):
1029         (WebCore::FontFaceSet::check):
1030         (WebCore::FontFaceSet::createIterator):
1031         (WebCore::FontFaceSet::PendingPromise::create):
1032         * css/FontFaceSet.idl: Added.
1033         * dom/EventNames.h:
1034         * dom/EventTargetFactory.in:
1035
1036 2016-02-17  Mark Lam  <mark.lam@apple.com>
1037
1038         Callers of JSString::value() should check for exceptions thereafter.
1039         https://bugs.webkit.org/show_bug.cgi?id=154346
1040
1041         Reviewed by Geoffrey Garen.
1042
1043         No new tests.  The crash that results from this issue is dependent on a race
1044         condition where an OutOfMemory error occurs precisely at the point where the
1045         JSString::value() function is called on a rope JSString.
1046
1047         * bindings/js/JSHTMLAllCollectionCustom.cpp:
1048         (WebCore::callHTMLAllCollection):
1049         * bindings/js/JSStorageCustom.cpp:
1050         (WebCore::JSStorage::putDelegate):
1051         - Added a comment at the site of the exception check to clarify the meaning of
1052           the return value.
1053
1054 2016-02-17  David Kilzer  <ddkilzer@apple.com>
1055
1056         [Cocoa] Always check the return value of dlopen() and dlsym() in Release builds
1057         <http://webkit.org/b/154364>
1058
1059         Reviewed by Alexey Proskuryakov.
1060
1061         * platform/mac/SoftLinking.h:
1062         (SOFT_LINK_LIBRARY): Change ASSERT_WITH_MESSAGE() to
1063         RELEASE_ASSERT_WITH_MESSAGE().
1064         (SOFT_LINK_FRAMEWORK): Ditto.
1065         (SOFT_LINK_PRIVATE_FRAMEWORK): Ditto.
1066         (SOFT_LINK_STAGED_FRAMEWORK): Ditto.
1067         (SOFT_LINK_FRAMEWORK_IN_UMBRELLA): Ditto.
1068         (SOFT_LINK): Ditto.
1069         (SOFT_LINK_POINTER): Ditto.
1070         (SOFT_LINK_CONSTANT): Ditto.
1071         (SOFT_LINK_FRAMEWORK_FOR_SOURCE): Add
1072         RELEASE_ASSERT_WITH_MESSAGE() when soft-link is not
1073         optional.
1074
1075 2016-02-17  Chris Dumez  <cdumez@apple.com>
1076
1077         Regression(r196648): http://w3c-test.org/html/dom/interfaces.html redirects at the end of the test
1078         https://bugs.webkit.org/show_bug.cgi?id=154357
1079
1080         Reviewed by Alexey Proskuryakov.
1081
1082         Make location.assign() / location.replace()'s parameter mandatory,
1083         as per the specification:
1084         https://html.spec.whatwg.org/multipage/browsers.html#the-location-interface
1085
1086         Previously, calling location.assign() / location.replace() without
1087         parameter would be identical to calling location.assign("undefined") /
1088         location.replace("undefined"), which is not useful.
1089
1090         After r196648, http://w3c-test.org/html/dom/interfaces.html was able to
1091         test location.assign() / location.replace() further because they are now
1092         on the instance (where they should be) instead of the prototype. One of
1093         these tests calls these functions without parameter, expecting them to
1094         throw an exception. However, in WebKit, it would not throw and it would
1095         redirect us to http://w3c-test.org/html/dom/undefined.
1096
1097         Firefox and Chrome both follow the specification already and throw in
1098         this case.
1099
1100         No new tests, already covered by existing test.
1101
1102         * page/Location.idl:
1103         Make location.assign() / location.replace()'s parameter mandatory,
1104         as per the specification.
1105
1106 2016-02-17  Commit Queue  <commit-queue@webkit.org>
1107
1108         Unreviewed, rolling out r196738.
1109         https://bugs.webkit.org/show_bug.cgi?id=154380
1110
1111         broke css3/calc/transforms-translate.html (Requested by
1112         alexchristensen on #webkit).
1113
1114         Reverted changeset:
1115
1116         "WebKitCSSMatrix transformList with calculated relative length
1117         crashes Safari."
1118         https://bugs.webkit.org/show_bug.cgi?id=153333
1119         http://trac.webkit.org/changeset/196738
1120
1121 2016-02-17  Dean Jackson  <dino@apple.com>
1122
1123         WebKitCSSMatrix transformList with calculated relative length crashes Safari.
1124         https://bugs.webkit.org/show_bug.cgi?id=153333
1125         <rdar://problem/17198383>
1126
1127         Reviewed by Simon Fraser.
1128
1129         WebKitCSSMatrix objects should fail to construct when not
1130         using absolute lengths.
1131
1132         Updated existing tests:
1133         - transforms/cssmatrix-2d-interface.xhtml
1134         - transforms/cssmatrix-3d-interface.xhtml
1135
1136         * css/StyleBuilderConverter.h:
1137         (WebCore::StyleBuilderConverter::convertTransform): Tell transformsForValue
1138         that we don't require absolute lengths.
1139         * css/TransformFunctions.cpp:
1140         (WebCore::convertToFloatLength): Add an optional parameter that will
1141         cause the conversion to fail if the primitive value has a non-absolute
1142         length.
1143         (WebCore::transformsForValue): Pass the parameter for requiring an
1144         absolute length on to convertToFloatLength when necessary.
1145         * css/TransformFunctions.h:
1146         * css/WebKitCSSMatrix.cpp:
1147         (WebCore::WebKitCSSMatrix::setMatrixValue): In this case we do
1148         require all transform strings to have absolute lengths, not ones
1149         that depend on the font size or are calculated.
1150
1151 2016-02-17  Commit Queue  <commit-queue@webkit.org>
1152
1153         Unreviewed, rolling out r196712.
1154         https://bugs.webkit.org/show_bug.cgi?id=154371
1155
1156         This change caused 5 API test failures on ios-simulator
1157         (Requested by ryanhaddad on #webkit).
1158
1159         Reverted changeset:
1160
1161         "[iOS] Purge GraphicsServices font cache on memory warning."
1162         https://bugs.webkit.org/show_bug.cgi?id=154343
1163         http://trac.webkit.org/changeset/196712
1164
1165 2016-02-17  Brady Eidson  <beidson@apple.com>
1166
1167         Modern IDB: More Encoder/Decoder/Messaging scaffolding for WK2 IPC.
1168         https://bugs.webkit.org/show_bug.cgi?id=154356
1169
1170         Reviewed by Alex Christensen.
1171
1172         No change in behavior yet; Just laying the groundwork.
1173
1174         * Modules/indexeddb/shared/IDBDatabaseInfo.h:
1175         (WebCore::IDBDatabaseInfo::encode):
1176         (WebCore::IDBDatabaseInfo::decode):
1177
1178         * Modules/indexeddb/shared/IDBError.h:
1179         (WebCore::IDBError::encode):
1180         (WebCore::IDBError::decode):
1181
1182         * Modules/indexeddb/shared/IDBRequestData.h:
1183         (WebCore::IDBRequestData::decode):
1184
1185         * Modules/indexeddb/shared/IDBResultData.h:
1186         (WebCore::IDBResultData::encode):
1187         (WebCore::IDBResultData::decode):
1188
1189 2016-02-17  Saam barati  <sbarati@apple.com>
1190
1191         Implement Proxy [[Get]]
1192         https://bugs.webkit.org/show_bug.cgi?id=154081
1193
1194         Reviewed by Michael Saboff.
1195
1196         Tests are in JavaScriptCore.
1197
1198         * bindings/js/JSCryptoAlgorithmDictionary.cpp:
1199         (WebCore::getProperty):
1200         (WebCore::getHashAlgorithm):
1201         * bindings/js/JSCryptoKeySerializationJWK.cpp:
1202         (WebCore::getJSArrayFromJSON):
1203         (WebCore::getStringFromJSON):
1204         (WebCore::getBooleanFromJSON):
1205         * bindings/js/JSDOMWindowCustom.cpp:
1206         (WebCore::DialogHandler::returnValue):
1207         * bindings/js/JSDictionary.cpp:
1208         (WebCore::JSDictionary::tryGetProperty):
1209         * bindings/js/JSStorageCustom.cpp:
1210         (WebCore::JSStorage::deleteProperty):
1211         (WebCore::JSStorage::deletePropertyByIndex):
1212         (WebCore::JSStorage::putDelegate):
1213         * bindings/js/SerializedScriptValue.cpp:
1214         (WebCore::CloneSerializer::getProperty):
1215         * testing/Internals.cpp:
1216         (WebCore::Internals::isReadableStreamDisturbed):
1217
1218 2016-02-17  Simon Fraser  <simon.fraser@apple.com>
1219
1220         PDFPlugin's scrollableArea container is not properly unregistered when page is going into the PageCache
1221         https://bugs.webkit.org/show_bug.cgi?id=148182
1222
1223         Reviewed by Brent Fulgham.
1224
1225         When handling Command-arrow key while showing a scrollable PDF, the timing of PDFPlugin
1226         teardown and navigation could result in PDFPlugin::destroy() getting the wrong FrameView,
1227         so the old FrameView was left with a stale pointer in its scrollableAreaSet.
1228
1229         Fix this by adding an explicit willDetatchRenderer() which is called on the plugin
1230         before the Frame gets a new FrameView.
1231
1232         Also narrow the scope of the RefPtr<Widget> in HTMLPlugInElement::defaultEventHandler()
1233         so that the Widget is not kept alive over a possible navigation.
1234
1235         I was unable to make an automated test, because reproducing the bug requires handling
1236         a Command-arrow key event in a way that the last ref to a Widget is held over the event
1237         handling, and this wasn't possible in an iframe.
1238
1239         * html/HTMLPlugInElement.cpp:
1240         (WebCore::HTMLPlugInElement::defaultEventHandler):
1241         * html/HTMLPlugInImageElement.cpp:
1242         (WebCore::HTMLPlugInImageElement::willDetachRenderers):
1243         * plugins/PluginViewBase.h:
1244         (WebCore::PluginViewBase::willDetatchRenderer):
1245         * style/StyleTreeResolver.cpp:
1246         (WebCore::Style::detachRenderTree): Drive-by nullptr.
1247
1248 2016-02-17  Brady Eidson  <beidson@apple.com>
1249
1250         Modern IDB: Encoder/Decoder/Messaging scaffolding for WK2 IPC.
1251         https://bugs.webkit.org/show_bug.cgi?id=154351
1252
1253         Reviewed by Alex Christensen.
1254
1255         No change in behavior yet; Just laying the groundwork.
1256
1257         * Modules/indexeddb/IDBDatabaseIdentifier.h:
1258         (WebCore::IDBDatabaseIdentifier::encode):
1259         (WebCore::IDBDatabaseIdentifier::decode):
1260         
1261         * Modules/indexeddb/shared/IDBCursorInfo.h:
1262         (WebCore::IDBCursorInfo::encode):
1263         (WebCore::IDBCursorInfo::decode):
1264         
1265         * Modules/indexeddb/shared/IDBIndexInfo.h:
1266         (WebCore::IDBIndexInfo::encode):
1267         (WebCore::IDBIndexInfo::decode):
1268         
1269         * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
1270         (WebCore::IDBObjectStoreInfo::encode):
1271         (WebCore::IDBObjectStoreInfo::decode):
1272         
1273         * Modules/indexeddb/shared/IDBRequestData.h:
1274         (WebCore::IDBRequestData::encode):
1275         (WebCore::IDBRequestData::decode):
1276         
1277         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
1278         (WebCore::IDBResourceIdentifier::encode):
1279         (WebCore::IDBResourceIdentifier::decode):
1280         
1281         * Modules/indexeddb/shared/IDBTransactionInfo.h:
1282         (WebCore::IDBTransactionInfo::encode):
1283         (WebCore::IDBTransactionInfo::decode):
1284
1285 2016-02-17  Andreas Kling  <akling@apple.com>
1286
1287         [iOS] Purge GraphicsServices font cache on memory warning.
1288         <https://webkit.org/b/154343>
1289
1290         Reviewed by Antti Koivisto.
1291
1292         The GS font cache was holding on to the last retain on CSS fonts after they stop being used.
1293         Call SPI to purge it on memory pressure.
1294
1295         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1296         (WebCore::MemoryPressureHandler::platformReleaseMemory):
1297         * platform/spi/ios/GraphicsServicesSPI.h:
1298
1299 2016-02-17  Chris Dumez  <cdumez@apple.com>
1300
1301         Regression(r196648): window.showModalDialog is no longer undefined if the client does not allow showing modal dialog
1302         https://bugs.webkit.org/show_bug.cgi?id=154330
1303
1304         Reviewed by Gavin Barraclough.
1305
1306         window.showModalDialog is no longer undefined if the client does not
1307         allow showing modal dialog after r196648. This patch fixes the issue
1308         and add test coverage for this.
1309
1310         Test: fast/dom/Window/forbid-showModalDialog.html
1311
1312         * bindings/js/JSDOMWindowCustom.cpp:
1313         (WebCore::JSDOMWindow::getOwnPropertySlot):
1314         - Move the DOMWindow::canShowModalDialog() check *before* checking
1315           for static properties as showModalDialog is now in the static
1316           property table after r196648.
1317         - Add check for Base::getOwnPropertySlot() first to support overriding
1318           window.showModalDialog (This behavior matches Firefox).
1319         - Return false if DOMWindow::canShowModalDialog() returns false as this
1320           seems cleaner than claiming that the property is there but undefined.
1321
1322         * page/DOMWindow.cpp:
1323         (WebCore::DOMWindow::canShowModalDialogNow): Deleted.
1324         This was indentical to canShowModalDialog().
1325
1326         (WebCore::DOMWindow::canShowModalDialog):
1327         (WebCore::DOMWindow::setCanShowModalDialogOverride):
1328         (WebCore::DOMWindow::showModalDialog):
1329         * page/DOMWindow.h:
1330         * testing/Internals.cpp:
1331         (WebCore::Internals::setCanShowModalDialogOverride):
1332         * testing/Internals.h:
1333         * testing/Internals.idl:
1334         Add support for overriding the ChromeClient's canShowModalDialog
1335         decision and hook it up to Internals to add layout test coverage.
1336
1337 2016-02-17  Brady Eidson  <beidson@apple.com>
1338
1339         Modern IDB: More WK2 IPC Scaffolding.
1340         https://bugs.webkit.org/show_bug.cgi?id=154317
1341
1342         Reviewed by Alex Christensen.
1343
1344         No change in behavior yet; Just laying the groundwork.
1345
1346         * Modules/indexeddb/shared/IDBCursorInfo.cpp:
1347         (WebCore::IDBCursorInfo::IDBCursorInfo):
1348         * Modules/indexeddb/shared/IDBCursorInfo.h:
1349         (WebCore::IDBCursorInfo::decode):
1350         * Modules/indexeddb/shared/IDBError.h:
1351         (WebCore::IDBError::decode):
1352         * Modules/indexeddb/shared/IDBIndexInfo.h:
1353         (WebCore::IDBIndexInfo::decode):
1354         * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
1355         (WebCore::IDBObjectStoreInfo::decode):
1356         * Modules/indexeddb/shared/IDBRequestData.cpp:
1357         (WebCore::IDBRequestData::IDBRequestData):
1358         * Modules/indexeddb/shared/IDBRequestData.h:
1359         (WebCore::IDBRequestData::decode):
1360         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
1361         (WebCore::IDBResourceIdentifier::IDBResourceIdentifier):
1362         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
1363         (WebCore::IDBResourceIdentifier::decode):
1364         * Modules/indexeddb/shared/IDBResultData.cpp:
1365         (WebCore::IDBResultData::IDBResultData):
1366         * Modules/indexeddb/shared/IDBResultData.h:
1367         (WebCore::IDBResultData::decode):
1368         * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
1369         (WebCore::IDBTransactionInfo::IDBTransactionInfo):
1370         * Modules/indexeddb/shared/IDBTransactionInfo.h:
1371         (WebCore::IDBTransactionInfo::decode):
1372         * WebCore.xcodeproj/project.pbxproj:
1373
1374 2016-02-17  Eric Carlson  <eric.carlson@apple.com>
1375
1376         [Win] Allow ports to disable automatic text track selection
1377         https://bugs.webkit.org/show_bug.cgi?id=154322
1378         <rdar://problem/24623986>
1379
1380         Reviewed by Brent Fulgham.
1381
1382         * page/CaptionUserPreferencesMediaAF.cpp:
1383         (MTEnableCaption2015BehaviorPtr): Implement for Windows.
1384
1385 2016-02-17  Gavin Barraclough  <barraclough@apple.com>
1386
1387         JSDOMWindow::put should not do the same thing twice
1388         https://bugs.webkit.org/show_bug.cgi?id=154334
1389
1390         Reviewed by Chris Dumez.
1391
1392         It either calls JSGlobalObject::put or Base::put. Hint: these are basically the same thing.
1393         In the latter case it might call lookupPut. That's redundant; JSObject::put handles static
1394         table entries.
1395
1396         * bindings/js/JSDOMWindowCustom.cpp:
1397         (WebCore::JSDOMWindow::put):
1398             - just call Base::put.
1399         (WebCore::JSDOMWindow::putByIndex):
1400             - just call Base::putByIndex.
1401
1402 2016-02-17  Nan Wang  <n_wang@apple.com>
1403
1404         AX: Implement sentence related text marker functions using TextIterator
1405         https://bugs.webkit.org/show_bug.cgi?id=154312
1406
1407         Reviewed by Chris Fleizach.
1408
1409         Using CharacterOffset to implement sentence related text marker calls. Reused
1410         logic from VisibleUnits class. Also fixed an issue where paragraph navigation
1411         should skip preceding and following BR nodes.
1412
1413         Test: accessibility/mac/text-marker-sentence-nav.html
1414
1415         * accessibility/AXObjectCache.cpp:
1416         (WebCore::resetNodeAndOffsetForReplacedNode):
1417         (WebCore::setRangeStartOrEndWithCharacterOffset):
1418         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
1419         (WebCore::AXObjectCache::previousCharacterOffset):
1420         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
1421         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
1422         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
1423         (WebCore::AXObjectCache::leftWordRange):
1424         (WebCore::AXObjectCache::rightWordRange):
1425         (WebCore::AXObjectCache::characterBefore):
1426         (WebCore::characterOffsetNodeIsBR):
1427         (WebCore::parentEditingBoundary):
1428         (WebCore::AXObjectCache::nextBoundary):
1429         (WebCore::AXObjectCache::previousBoundary):
1430         (WebCore::AXObjectCache::paragraphForCharacterOffset):
1431         (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
1432         (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
1433         (WebCore::AXObjectCache::startCharacterOffsetOfSentence):
1434         (WebCore::AXObjectCache::endCharacterOffsetOfSentence):
1435         (WebCore::AXObjectCache::sentenceForCharacterOffset):
1436         (WebCore::AXObjectCache::nextSentenceEndCharacterOffset):
1437         (WebCore::AXObjectCache::previousSentenceStartCharacterOffset):
1438         (WebCore::AXObjectCache::rootAXEditableElement):
1439         (WebCore::startWordBoundary): Deleted.
1440         (WebCore::endWordBoundary): Deleted.
1441         (WebCore::AXObjectCache::nextWordBoundary): Deleted.
1442         (WebCore::AXObjectCache::previousWordBoundary): Deleted.
1443         * accessibility/AXObjectCache.h:
1444         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
1445         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
1446         * editing/VisibleUnits.cpp:
1447         (WebCore::startWordBoundary):
1448         (WebCore::startOfWord):
1449         (WebCore::endWordBoundary):
1450         (WebCore::startSentenceBoundary):
1451         (WebCore::startOfSentence):
1452         (WebCore::endSentenceBoundary):
1453         * editing/VisibleUnits.h:
1454
1455 2016-02-17  Manuel Rego Casasnovas  <rego@igalia.com>
1456
1457         [css-grid] GridSpan refactoring
1458         https://bugs.webkit.org/show_bug.cgi?id=153868
1459
1460         Reviewed by Sergio Villar Senin.
1461
1462         Add new enum to know if a GridSpan is definite or indefinite.
1463         That way we don't need GridUnresolvedSpan class (which is removed).
1464         We can always have two GridSpans in GridCoordinate,
1465         if the position is "auto" the GridSpan will be marked as indefinite.
1466         This will allow in a follow-up patch to avoid repeated calls
1467         to methods that resolve positions.
1468
1469         Most operations in GridSpan are restricted to definite GridSpans (access
1470         to positions, iterator, etc.). For indefinite GridSpans we only need to
1471         know that they're indefinite, we shouldn't use the rest of the data.
1472
1473         No new tests, no change of behavior.
1474
1475         * css/CSSGridTemplateAreasValue.cpp:
1476         (WebCore::stringForPosition):
1477         * css/CSSParser.cpp:
1478         (WebCore::CSSParser::parseGridTemplateAreasRow):
1479         * css/StyleBuilderConverter.h:
1480         (WebCore::StyleBuilderConverter::createImplicitNamedGridLinesFromGridArea):
1481         * rendering/RenderGrid.cpp:
1482         (WebCore::RenderGrid::GridIterator::nextEmptyGridArea):
1483         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
1484         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
1485         (WebCore::RenderGrid::insertItemIntoGrid):
1486         (WebCore::RenderGrid::placeItemsOnGrid):
1487         (WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
1488         (WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
1489         (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
1490         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
1491         (WebCore::RenderGrid::gridAreaBreadthForChildIncludingAlignmentOffsets):
1492         (WebCore::RenderGrid::columnAxisOffsetForChild):
1493         (WebCore::RenderGrid::rowAxisOffsetForChild):
1494         (WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid): Deleted.
1495         (WebCore::RenderGrid::autoPlacementMinorAxisDirection): Deleted.
1496         (WebCore::RenderGrid::populateGridPositions): Deleted.
1497         * rendering/style/GridCoordinate.h:
1498         (WebCore::GridSpan::definiteGridSpan):
1499         (WebCore::GridSpan::indefiniteGridSpan):
1500         (WebCore::GridSpan::operator==):
1501         (WebCore::GridSpan::integerSpan):
1502         (WebCore::GridSpan::resolvedInitialPosition):
1503         (WebCore::GridSpan::resolvedFinalPosition):
1504         (WebCore::GridSpan::begin):
1505         (WebCore::GridSpan::end):
1506         (WebCore::GridSpan::isDefinite):
1507         (WebCore::GridSpan::GridSpan):
1508         (WebCore::GridCoordinate::GridCoordinate):
1509         * rendering/style/GridResolvedPosition.cpp:
1510         (WebCore::initialPositionSide):
1511         (WebCore::finalPositionSide):
1512         (WebCore::adjustGridPositionsFromStyle):
1513         (WebCore::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):
1514         (WebCore::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition):
1515         (WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
1516         (WebCore::resolveGridPositionAgainstOppositePosition):
1517         (WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition):
1518         (WebCore::GridResolvedPosition::resolveGridPositionsFromStyle):
1519         (WebCore::implicitNamedGridLineForSide): Deleted.
1520         (WebCore::GridResolvedPosition::isNonExistentNamedLineOrArea): Deleted.
1521         (WebCore::resolveNamedGridLinePositionFromStyle): Deleted.
1522         (WebCore::resolveGridPositionFromStyle): Deleted.
1523         * rendering/style/GridResolvedPosition.h:
1524         (WebCore::GridResolvedPosition::GridResolvedPosition): Deleted.
1525         (WebCore::GridResolvedPosition::operator*): Deleted.
1526         (WebCore::GridResolvedPosition::operator++): Deleted.
1527         (WebCore::GridResolvedPosition::operator==): Deleted.
1528
1529 2016-02-17  Chris Dumez  <cdumez@apple.com>
1530
1531         Window should have its 'constructor' property on the prototype
1532         https://bugs.webkit.org/show_bug.cgi?id=154037
1533         <rdar://problem/24689078>
1534
1535         Reviewed by Gavin Barraclough.
1536
1537         Window should have its 'constructor' property on the prototype as per
1538         the Web IDL specification:
1539         http://heycam.github.io/webidl/#interface-prototype-object
1540
1541         Firefox and Chrome already match the specification.
1542
1543         No new tests, covered by:
1544         - fast/dom/Window/window-constructor-settable.html
1545         - fast/dom/Window/window-constructor.html
1546         - http/tests/security/cross-origin-window-property-access.html
1547         - imported/w3c/web-platform-tests/html/dom/interfaces.html
1548
1549         * bindings/scripts/CodeGeneratorJS.pm:
1550         (ConstructorShouldBeOnInstance): Deleted.
1551         Drop this routine as all constructors are now on the prototype.
1552
1553         (InstancePropertyCount):
1554         Do not account for constructor properties as these can only be
1555         on the prototype now.
1556
1557         (PrototypePropertyCount):
1558         Increment the property count by 1 if the interface has a constructor
1559         property (e.g. [NoInterfaceObject] interfaces do not have one).
1560
1561         (GeneratePropertiesHashTable):
1562         Stop calling ConstructorShouldBeOnInstance() as it no longer exists.
1563         Always generated the "constructor" property if:
1564         1. We are generating the prototype hash table.
1565         and
1566         2. The interface needs a constructor (i.e. not marked as
1567            [NoInterfaceObject]).
1568
1569         (GenerateImplementation):
1570         - Drop code handling the case where ConstructorShouldBeOnInstance()
1571           returns true as constructors are not always on the prototype and
1572           the ConstructorShouldBeOnInstance() routine has been dropped.
1573         - Drop code handling [CustomProxyToJSObject]. Now that the constructor
1574           is always on the prototype, we never need to cast thisValue to a
1575           JSDOMWindow (by calling toJSDOMWindow). In the Window case, thisValue
1576           is now casted to a JSDOMWindowPrototype*, similarly to other interfaces
1577           so we don't need a special casting function anymore.
1578         - Stop generating security checks. This only impacts Window as it is the
1579           only interface marked as [CheckSecurity]. The cross-origin checking code
1580           as it was would not work when "constructor" is on the prototype because
1581           thisValue is a JSDOMWindowPrototype, not a JSDOMWindow and we have no
1582           way of getting the wrapped window. Also, the security check is no longer
1583           needed because:
1584           1. Accessing crossOriginWindow.constructor will not work now that
1585              constructor is on the prototype because
1586              JSDOMWindow::getOwnPropertySlot() already prevents access to the
1587              prototype in the cross-origin case.
1588           2. "constructor" is a value property, not a getter/setter. Therefore,
1589              it is no possible to use the getter/setter from a same origin window
1590              instance and call it on a cross origin window.
1591
1592 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1593
1594         Add a way to test ScrollAnimator
1595         https://bugs.webkit.org/show_bug.cgi?id=153479
1596
1597         Reviewed by Michael Catanzaro.
1598
1599         Tests: fast/scrolling/overlay-scrollbars-scroll-corner.html
1600                fast/scrolling/scroll-animator-basic-events.html
1601                fast/scrolling/scroll-animator-overlay-scrollbars-hovered.html
1602                fast/scrolling/scroll-animator-select-list-events.html
1603
1604         * CMakeLists.txt:
1605         * WebCore.xcodeproj/project.pbxproj:
1606         * page/FrameView.cpp:
1607         (WebCore::FrameView::usesMockScrollAnimator):
1608         (WebCore::FrameView::logMockScrollAnimatorMessage):
1609         * page/FrameView.h:
1610         * page/Settings.cpp:
1611         (WebCore::Settings::setUsesMockScrollAnimator):
1612         (WebCore::Settings::usesMockScrollAnimator):
1613         * page/Settings.h:
1614         * platform/ScrollableArea.cpp:
1615         (WebCore::ScrollableArea::scrollAnimator):
1616         * platform/ScrollableArea.h:
1617         (WebCore::ScrollableArea::usesMockScrollAnimator):
1618         (WebCore::ScrollableArea::logMockScrollAnimatorMessage):
1619         * platform/mock/ScrollAnimatorMock.cpp: Added.
1620         (WebCore::ScrollAnimatorMock::create):
1621         (WebCore::ScrollAnimatorMock::ScrollAnimatorMock):
1622         (WebCore::ScrollAnimatorMock::~ScrollAnimatorMock):
1623         (WebCore::ScrollAnimatorMock::didAddVerticalScrollbar):
1624         (WebCore::ScrollAnimatorMock::didAddHorizontalScrollbar):
1625         (WebCore::ScrollAnimatorMock::willRemoveVerticalScrollbar):
1626         (WebCore::ScrollAnimatorMock::willRemoveHorizontalScrollbar):
1627         (WebCore::ScrollAnimatorMock::mouseEnteredContentArea):
1628         (WebCore::ScrollAnimatorMock::mouseMovedInContentArea):
1629         (WebCore::ScrollAnimatorMock::mouseExitedContentArea):
1630         (WebCore::ScrollAnimatorMock::mouseEnteredScrollbar):
1631         (WebCore::ScrollAnimatorMock::mouseExitedScrollbar):
1632         (WebCore::ScrollAnimatorMock::mouseIsDownInScrollbar):
1633         * platform/mock/ScrollAnimatorMock.h: Added.
1634         * platform/mock/ScrollbarThemeMock.cpp:
1635         (WebCore::ScrollbarThemeMock::usesOverlayScrollbars):
1636         * platform/mock/ScrollbarThemeMock.h:
1637         * rendering/RenderLayer.cpp:
1638         (WebCore::RenderLayer::usesMockScrollAnimator):
1639         (WebCore::RenderLayer::logMockScrollAnimatorMessage):
1640         * rendering/RenderLayer.h:
1641         * rendering/RenderListBox.cpp:
1642         (WebCore::RenderListBox::usesMockScrollAnimator):
1643         (WebCore::RenderListBox::logMockScrollAnimatorMessage):
1644         * rendering/RenderListBox.h:
1645         * testing/Internals.cpp:
1646         (WebCore::Internals::resetToConsistentState):
1647         (WebCore::Internals::setUsesMockScrollAnimator):
1648         * testing/Internals.h:
1649         * testing/Internals.idl:
1650
1651 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1652
1653         Unreviewed. Enable overlay scrollbars in GTK+ after r196641.
1654
1655         This was blocked by bug #153404, but the commit that introduced
1656         the regression was rolled out in r196641.
1657
1658         * platform/gtk/ScrollbarThemeGtk.cpp:
1659         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
1660
1661 2016-02-16  Gavin Barraclough  <barraclough@apple.com>
1662
1663         JSDOMWindow::getOwnPropertySlot should just call getStaticPropertySlot
1664         https://bugs.webkit.org/show_bug.cgi?id=154257
1665
1666         Reviewed by Chris Dumez.
1667
1668         * bindings/js/JSDOMWindowCustom.cpp:
1669         (WebCore::JSDOMWindow::getOwnPropertySlot):
1670             - JSDOMWindow::getOwnPropertySlot should just call getStaticPropertySlot
1671
1672 2016-02-16  Gavin Barraclough  <barraclough@apple.com>
1673
1674         JSDOMWindow::getOwnPropertySlot should not search photo chain
1675         https://bugs.webkit.org/show_bug.cgi?id=154102
1676
1677         Reviewed by Chris Dumez.
1678
1679         Should only return *own* properties.
1680
1681         * bindings/js/JSDOMWindowCustom.cpp:
1682         (WebCore::jsDOMWindowGetOwnPropertySlotNamedItemGetter):
1683
1684 2016-02-16  Alex Christensen  <achristensen@webkit.org>
1685
1686         CMake build fix.
1687
1688         * PlatformMac.cmake:
1689
1690 2016-02-16  Chris Dumez  <cdumez@apple.com>
1691
1692         Navigator.geolocation should not be marked a [Replaceable] and should be on the prototype
1693         https://bugs.webkit.org/show_bug.cgi?id=154304
1694         <rdar://problem/24685092>
1695
1696         Reviewed by Gavin Barraclough.
1697
1698         1. Drop the [Replaceable] IDL extended attribute for navigator.geolocation
1699            as this does not match other browsers or the specification:
1700            - https://dev.w3.org/geo/api/spec-source.html#geolocation_interface
1701         2. Move Navigator attributes to the prototype, where they should be as
1702            per the Web IDL specification.
1703
1704         The previous behavior was meant as a workaround for a bug in the Amazon
1705         iOS app (rdar://problem/16332749). However, I have confirmed that the
1706         latest Amazon App no longer has any issue with those changes.
1707
1708         Test: js/navigator-set-geolocation.html
1709
1710         * Modules/geolocation/NavigatorGeolocation.idl:
1711         * bindings/scripts/CodeGeneratorJS.pm:
1712         (InterfaceRequiresAttributesOnInstanceForCompatibility): Deleted.
1713
1714 2016-02-16  Said Abou-Hallawa  <sabouhallawa@apple.com>
1715
1716         REGRESSION(r196268): WTFCrashWithSecurityImplication on SVG path animation tests
1717         https://bugs.webkit.org/show_bug.cgi?id=154221
1718
1719         Reviewed by Brent Fulgham.
1720
1721         In r196268, a destructor was added to SVGListPropertyTearOff that notifies
1722         its wrapper (the SVGAnimatedListPropertyTearoff) about its deletion. This
1723         allows the wrapper to nullify any references to the wrapped content.
1724         
1725         We needed to do the same thing for SVGPathSegListPropertyTearOff. Both
1726         SVGPathSegListPropertyTearOff and SVGListPropertyTearOff inherit from
1727         SVGListProperty and both hold pointers to SVGAnimatedListPropertyTearOff
1728         which needs to be notified.
1729         
1730         Tests: exiting svg path animation tests should not crash.
1731
1732         * svg/properties/SVGPathSegListPropertyTearOff.h:
1733         (WebCore::SVGPathSegListPropertyTearOff::~SVGPathSegListPropertyTearOff):
1734
1735 2016-02-16  Said Abou-Hallawa  <sabouhallawa@apple.com>
1736
1737         REGRESSION (r190430): WTFCrashWithSecurityImplication in:void SVGRootInlineBox::layoutCharactersInTextBoxes()
1738         https://bugs.webkit.org/show_bug.cgi?id=154185
1739
1740         Reviewed by Ryosuke Niwa.
1741
1742         This is a regression caused by adding support for HTMLSlotElement. The
1743         crash happens when adding an HTMLSlotElement to anther element which should
1744         not have it as a child like SVGTextElement for example. In this case, we
1745         were creating a RenderText which should not be happen inside an SVG document.
1746         The RenderText::createTextBox() was creating InlineTextBox for the slot's
1747         text and attach it to the SVGRootInlineBox. In layoutCharactersInTextBoxes(),
1748         the assumption is the inline box is either SVGInlineTextBox or SVGInlineFlowBox.
1749         But since we have an InlineTextBox instead, the crash happens when casting
1750         the InlineTextBox to SVGInlineFlowBox.
1751
1752         The fix is for createRenderTreeForSlotAssignees() to not create a renderer
1753         when the parent element should not have a renderer for the this element.
1754         This is the same thing we do for createRenderer() which handles the non
1755         HTMLSlotElement case and which is called also from createRenderTreeRecursively().
1756         
1757         Test: fast/shadow-dom/text-slot-child-crash.svg
1758
1759         * style/StyleTreeResolver.cpp:
1760         (WebCore::Style::moveToFlowThreadIfNeeded):
1761         (WebCore::Style::TreeResolver::createRenderer): Delete the check for
1762         shouldCreateRenderer() and handling the case when resolvedStyle is null
1763         since these are handled by the caller createRenderTreeRecursively().
1764         
1765         (WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
1766         Assert shouldCreateRenderer() is true for this element.
1767         
1768         (WebCore::Style::TreeResolver::createRenderTreeRecursively): Don't create
1769         the renderer if shouldCreateRenderer() returns false. Also handle the case
1770         when resolvedStyle is null and pass the new style to createRenderer().
1771         
1772         * style/StyleTreeResolver.h:
1773
1774 2016-02-16  Simon Fraser  <simon.fraser@apple.com>
1775
1776         Every RenderLayer should not have to remove itself from the scrollableArea set
1777         https://bugs.webkit.org/show_bug.cgi?id=154311
1778
1779         Reviewed by Zalan Bujtas.
1780
1781         A subset of RenderLayers are are scrollable, and get registered on the FrameView,
1782         but we pay the cost of a hash lookup for removal on every RenderLayer, which is a waste.
1783         
1784         Store a bit that tells RenderLayer that it's in the set and needs to be removed.
1785
1786         * rendering/RenderLayer.cpp:
1787         (WebCore::RenderLayer::RenderLayer):
1788         (WebCore::RenderLayer::~RenderLayer):
1789         (WebCore::RenderLayer::calculateClipRects):
1790         * rendering/RenderLayer.h:
1791
1792 2016-02-16  Daniel Bates  <dabates@apple.com>
1793
1794         CSP: Update violation report 'Content-Type' header
1795         https://bugs.webkit.org/show_bug.cgi?id=153166
1796         <rdar://problem/24383327>
1797
1798         Reviewed by Brent Fulgham.
1799
1800         Inspired by Blink patch:
1801         <https://src.chromium.org/viewvc/blink?view=rev&revision=154215>
1802
1803         Post the Content Security Policy violation report with Content-Type application/csp-report as
1804         per section Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.
1805
1806         Currently we post CSP violation reports with Content-Type application/json.
1807
1808         * html/parser/XSSAuditorDelegate.cpp:
1809         (WebCore::XSSAuditorDelegate::didBlockScript): Use report type ViolationReportType::XSSAuditor to PingLoader.
1810         * loader/PingLoader.cpp:
1811         (WebCore::PingLoader::sendViolationReport): Modified to take argument of type ViolationReportType
1812         to determine the appropriate Content-Type header to use for the report. For a XSS Auditor violation report
1813         we use Content-Type application/json. For a Content Security Policy violation report we use Content-Type
1814         application/csp-report. Additionally, pass a ASCIILiteral() to ResourceRequestBase::setHTTPMethod()
1815         as opposed to a constant string literal to avoid a copy of a constant string literal.
1816         * loader/PingLoader.h: Add enum class ViolationReportType.
1817         * page/csp/ContentSecurityPolicy.cpp:
1818         (WebCore::ContentSecurityPolicy::reportViolation): Use report type ViolationReportType::ContentSecurityPolicy.
1819
1820 2016-02-16  Alex Christensen  <achristensen@webkit.org>
1821
1822         Add checks before redirecting with NetworkSession
1823         https://bugs.webkit.org/show_bug.cgi?id=154298
1824
1825         Reviewed by Andy Estes.
1826
1827         This fixes http/tests/security/cors-post-redirect-307.html and 
1828         http/tests/navigation/post-307-response.html when using NetworkSession.
1829
1830         * platform/network/ResourceRequestBase.h:
1831         WEBCORE_EXPORT some functions newly used in WebKit2.
1832
1833 2016-02-16  Daniel Bates  <dabates@apple.com>
1834
1835         CSP: Fix parsing of 'host/path' source expressions
1836         https://bugs.webkit.org/show_bug.cgi?id=153170
1837         <rdar://problem/24383407>
1838
1839         Reviewed by Brent Fulgham.
1840
1841         Merged from Blink (patch by Mike West):
1842         <https://src.chromium.org/viewvc/blink?revision=154875&view=revision>
1843
1844         Fixes an issue where a source of the form example.com/A/ was incorrectly considered
1845         invalid and hence such a requested resource would be blocked. A source of this form
1846         is valid by the definition of host-source in section Source List Syntax of the Content
1847         Security Policy 2.0 spec., <http://www.w3.org/TR/2015/CR-CSP2-20150721/>.
1848
1849         * page/csp/ContentSecurityPolicySourceList.cpp:
1850         (WebCore::ContentSecurityPolicySourceList::parseSource):
1851
1852 2016-02-16  Daniel Bates  <dabates@apple.com>
1853
1854         CSP: Disallow an empty host in a host-source source expression
1855         https://bugs.webkit.org/show_bug.cgi?id=153168
1856         <rdar://problem/24383366>
1857
1858         Reviewed by Brent Fulgham.
1859
1860         Merged from Blink (patch by rob@robwu.nl):
1861         <https://src.chromium.org/viewvc/blink?revision=180407&view=revision>
1862
1863         * page/csp/ContentSecurityPolicySourceList.cpp:
1864         (WebCore::ContentSecurityPolicySourceList::parseSource):
1865
1866 2016-02-16  Brady Eidson  <beidson@apple.com>
1867
1868         Modern IDB: WK2 IPC Scaffolding.
1869         https://bugs.webkit.org/show_bug.cgi?id=154296
1870
1871         Reviewed by Alex Christensen.
1872         
1873         No change in behavior yet; Just laying the groundwork.
1874
1875         * Modules/indexeddb/client/IDBConnectionToServer.h:
1876         * Modules/indexeddb/server/IDBConnectionToClient.h:
1877         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
1878
1879 2016-02-16  Chris Dumez  <cdumez@apple.com>
1880
1881         [Web IDL] Operations should be on the instance for global objects or if [Unforgeable]
1882         https://bugs.webkit.org/show_bug.cgi?id=154120
1883         <rdar://problem/24613231>
1884
1885         Reviewed by Gavin Barraclough.
1886
1887         Operations should be on the instance for global objects or if
1888         [Unforgeable] as per the Web IDL specification:
1889         - http://heycam.github.io/webidl/#es-operations
1890         - http://heycam.github.io/webidl/#dfn-unforgeable-on-an-interface
1891
1892         This patch implements this behavior in order to align
1893         with the specification and other browsers.
1894
1895         No new tests, already covered by existing tests.
1896
1897         * bindings/js/JSDOMWindowCustom.cpp:
1898         (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
1899         Update function names now that they have "Instance" in their
1900         name instead of "Prototype".
1901
1902         (WebCore::JSDOMWindow::getOwnPropertySlot):
1903         - Update function names now that they have "Instance" in their
1904           name instead of "Prototype".
1905         - Move the functions hard-coding *before* the static table check
1906           now that these functions are in the static table to maintain
1907           the previous behavior.
1908
1909         * bindings/js/JSLocationCustom.cpp:
1910         (WebCore::JSLocation::getOwnPropertySlotDelegate):
1911         Update function names now that they have "Instance" in their
1912         name instead of "Prototype".
1913
1914         * bindings/scripts/CodeGeneratorJS.pm:
1915         - Move functions to the instance if their interface is a global
1916           object or if they are marked as [Unforgeable]. Operations are
1917           now treated more like attributes, as they can now be either on
1918           the instance or the prototype. In a lot of places, I now use
1919           the naming "properties" instead of "attributes" as "properties"
1920           refer both "attributes" and "operations" / "functions".
1921
1922         * bindings/scripts/test/JS/JSTestInterface.cpp:
1923         * bindings/scripts/test/JS/JSTestObj.cpp:
1924         Rebaseline bindings tests.
1925
1926 2016-02-16  Simon Fraser  <simon.fraser@apple.com>
1927
1928         Rollout r188659. This broke scrolling of iframes and overflow when
1929         navigating back to a page in the page cache.
1930         
1931         The fix was overly agressive and had no layout test. I will fix the original
1932         issue a different way.
1933
1934         * history/CachedFrame.cpp:
1935         (WebCore::CachedFrame::CachedFrame):
1936         * page/FrameView.cpp:
1937         (WebCore::FrameView::clearScrollableAreas): Deleted.
1938         * page/FrameView.h:
1939
1940 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1941
1942         [GTK] No hover-horizontal scrolling available
1943         https://bugs.webkit.org/show_bug.cgi?id=122859
1944
1945         Reviewed by Michael Catanzaro.
1946
1947         This is a regression of WebKit2, because in WebKit1 we used native
1948         widgets for frame scrollbars that handled this automatically. Now
1949         we need to also check if the mouse is over frame scrollbars to
1950         adjust the wheel event.
1951
1952         Test: platform/gtk/scrollbars/main-frame-scrollbar-horizontal-wheel-scroll.html
1953
1954         * page/EventHandler.cpp:
1955         (WebCore::EventHandler::handleWheelEvent): Pass the adjusted wheel
1956         event to platformCompleteWheelEvent().
1957         * page/gtk/EventHandlerGtk.cpp:
1958         (WebCore::EventHandler::shouldTurnVerticalTicksIntoHorizontal):
1959         Check also frame scrollbars.
1960
1961 2016-02-16  Antti Koivisto  <antti@apple.com>
1962
1963         Factor id mutation style invalidation code into a class
1964         https://bugs.webkit.org/show_bug.cgi?id=154287
1965
1966         Reviewed by Andreas Kling.
1967
1968         Also add a cheap basic optimization that avoids descendant invalidation if they can not be affected.
1969
1970         It would be easy to implement fine grained invalidation like with classes and attribute selectors.
1971         However dynamic id changes are not common enough (nor recommended) to pay the memory cost of
1972         the required data structures.
1973
1974         Test: fast/css/style-invalidation-id-change-descendants.html
1975
1976         * CMakeLists.txt:
1977         * WebCore.vcxproj/WebCore.vcxproj:
1978         * WebCore.xcodeproj/project.pbxproj:
1979         * css/RuleFeature.cpp:
1980         (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
1981         (WebCore::RuleFeatureSet::add):
1982         (WebCore::RuleFeatureSet::clear):
1983         * css/RuleFeature.h:
1984         * dom/Element.cpp:
1985         (WebCore::makeIdForStyleResolution):
1986         (WebCore::Element::attributeChanged):
1987         (WebCore::checkNeedsStyleInvalidationForIdChange): Deleted.
1988         * style/IdChangeInvalidation.cpp: Added.
1989         (WebCore::Style::IdChangeInvalidation::invalidateStyle):
1990         * style/IdChangeInvalidation.h: Added.
1991         (WebCore::Style::IdChangeInvalidation::IdChangeInvalidation):
1992         (WebCore::Style::IdChangeInvalidation::~IdChangeInvalidation):
1993
1994 2016-02-16  Andreas Kling  <akling@apple.com>
1995
1996         Drop StyleResolver and SelectorQueryCache when entering PageCache.
1997         <https://webkit.org/b/154238>
1998
1999         Reviewed by Antti Koivisto.
2000
2001         Stop keeping these around for cached pages to save lots of memory.
2002         We can easily rebuild them if a cached navigation occurs, and this
2003         way we also don't need to worry about invalidating style for cached
2004         pages in all the right places.
2005
2006         Restoring a cached page will now lead to a forced style recalc.
2007         We don't try to defer this (beyond a zero-timer) since it's going
2008         to happen anyway, and it's nicer to front-load the cost rather than
2009         stuttering on the first user content interaction.
2010
2011         * dom/Document.cpp:
2012         (WebCore::Document::setInPageCache):
2013         * history/CachedPage.cpp:
2014         (WebCore::CachedPage::restore):
2015         (WebCore::CachedPage::clear): Deleted.
2016         * history/CachedPage.h:
2017         (WebCore::CachedPage::markForVisitedLinkStyleRecalc): Deleted.
2018         (WebCore::CachedPage::markForFullStyleRecalc): Deleted.
2019         * history/PageCache.cpp:
2020         (WebCore::PageCache::markPagesForVisitedLinkStyleRecalc): Deleted.
2021         (WebCore::PageCache::markPagesForFullStyleRecalc): Deleted.
2022         * history/PageCache.h:
2023         * page/Frame.cpp:
2024         (WebCore::Frame::setPageAndTextZoomFactors): Deleted.
2025         * page/Page.cpp:
2026         (WebCore::Page::setViewScaleFactor): Deleted.
2027         (WebCore::Page::setDeviceScaleFactor): Deleted.
2028         (WebCore::Page::setPagination): Deleted.
2029         (WebCore::Page::setPaginationLineGridEnabled): Deleted.
2030         (WebCore::Page::setVisitedLinkStore): Deleted.
2031
2032 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
2033
2034         [GTK] clicking on the scrollbar trough steps rather than jumps to the clicked position
2035         https://bugs.webkit.org/show_bug.cgi?id=115363
2036
2037         Reviewed by Michael Catanzaro.
2038
2039         Allow ScrollbarTheme to decide the behavior of a button press event,
2040         instead of only deciding whether to center on thumb or not. This
2041         way we can match the current GTK+ behavior in WebKit, without
2042         affecting other ports.
2043
2044         * platform/ScrollTypes.h: Add ScrollbarButtonPressAction enum.
2045         * platform/Scrollbar.cpp:
2046         (WebCore::Scrollbar::mouseDown): Ask ScrollbarTheme to handle the
2047         event for the pressed part and do the requested action.
2048         * platform/ScrollbarTheme.cpp:
2049         (WebCore::ScrollbarTheme::handleMousePressEvent): Add default
2050         implementation. It's equivalent to the previous default implementation.
2051         * platform/ScrollbarTheme.h:
2052         * platform/gtk/ScrollbarThemeGtk.cpp:
2053         (WebCore::ScrollbarThemeGtk::handleMousePressEvent): Match current
2054         GTK+ behavior: left click centers on thumb and right click
2055         scrolls. Dragging the thumb works for left and middle buttons.
2056         * platform/gtk/ScrollbarThemeGtk.h:
2057         * platform/ios/ScrollbarThemeIOS.h: Remove shouldCenterOnThumb,
2058         and don't override handleMousePressEvent since iOS wants the
2059         default behavior.
2060         * platform/ios/ScrollbarThemeIOS.mm:
2061         * platform/mac/ScrollbarThemeMac.h: Override handleMousePressEvent
2062         and remove shouldCenterOnThumb.
2063         * platform/mac/ScrollbarThemeMac.mm:
2064         (WebCore::shouldCenterOnThumb): Same implementation just made it
2065         static to be used as helper.
2066         (WebCore::ScrollbarThemeMac::handleMousePressEvent): Return the
2067         desired action keeping the same behavior.
2068         * platform/win/ScrollbarThemeWin.cpp:
2069         (WebCore::ScrollbarThemeWin::handleMousePressEvent): Ditto.
2070         * platform/win/ScrollbarThemeWin.h:
2071         * rendering/RenderScrollbarTheme.h:
2072
2073 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
2074
2075         Mouse cursor doesn't change when entering scrollbars
2076         https://bugs.webkit.org/show_bug.cgi?id=154243
2077
2078         Reviewed by Simon Fraser.
2079
2080         If the scrollbar is over or very close to text or a link, when
2081         entering the scrollbar the cursor is not changed, keeping the beam
2082         or hand cursor when using the scrollbar. Same happens for image
2083         documents where the magnifier cursor is used and it remains when
2084         entering the scrollbars. We should use pointer cursor always for
2085         scrollbars.
2086
2087         * page/EventHandler.cpp:
2088         (WebCore::EventHandler::updateCursor): Request also to include
2089         frame scrollbars in hit test result.
2090         (WebCore::EventHandler::selectCursor): Use always pointer cursor
2091         for scrollbars.
2092
2093 2016-02-15  Antti Koivisto  <antti@apple.com>
2094
2095         Optimize style invalidations for attribute selectors
2096         https://bugs.webkit.org/show_bug.cgi?id=154242
2097
2098         Reviewed by Andreas Kling.
2099
2100         Currently we invalidate the whole element subtree if there are any attribute selectors for the changed attribute.
2101         This is slow as generally few if any elements are really affected. Using attribute selectors for dynamic styling
2102         should be performant.
2103
2104         This patch implements optimization strategy for attributes similar to what we already have for classes:
2105
2106         - Collect a map of all rules that contains descendant-affecting attribute selectors for a given attribute.
2107         - When an attribute value changes check if there are any such rules for it.
2108         - Check if the value change affects the results of any of the attribute selectors.
2109         - Only if it does invalidate the exact descendant elements affected by the rules.
2110
2111         Test: fast/css/style-invalidation-attribute-change-descendants.html
2112
2113         * WebCore.xcodeproj/project.pbxproj:
2114         * css/DocumentRuleSets.cpp:
2115         (WebCore::DocumentRuleSets::ancestorClassRules):
2116         (WebCore::DocumentRuleSets::ancestorAttributeRulesForHTML):
2117
2118             Create optimization RuleSets when needed.
2119
2120         * css/DocumentRuleSets.h:
2121         (WebCore::DocumentRuleSets::uncommonAttribute):
2122         (WebCore::DocumentRuleSets::features):
2123         * css/RuleFeature.cpp:
2124         (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
2125         (WebCore::makeAttributeSelectorKey):
2126         (WebCore::RuleFeatureSet::collectFeatures):
2127
2128             Collect rules with descendant affecting attribute selectors.
2129
2130         (WebCore::RuleFeatureSet::add):
2131         (WebCore::RuleFeatureSet::clear):
2132         (WebCore::RuleFeatureSet::shrinkToFit):
2133         * css/RuleFeature.h:
2134         * css/SelectorChecker.cpp:
2135         (WebCore::anyAttributeMatches):
2136         (WebCore::SelectorChecker::attributeSelectorMatches):
2137
2138             Expose function for matching single attribute selectors.
2139
2140         (WebCore::canMatchHoverOrActiveInQuirksMode):
2141         * css/SelectorChecker.h:
2142         * dom/Attr.cpp:
2143         (WebCore::Attr::setValue):
2144         (WebCore::Attr::childrenChanged):
2145         * dom/Element.cpp:
2146         (WebCore::Element::setAttributeInternal):
2147         (WebCore::makeIdForStyleResolution):
2148         (WebCore::Element::attributeChanged):
2149         (WebCore::Element::removeAttributeInternal):
2150         (WebCore::Element::addAttributeInternal):
2151         (WebCore::Element::removeAttribute):
2152
2153             Add AttributeChangeInvalidation where needed.
2154
2155         (WebCore::Element::needsStyleInvalidation):
2156
2157             Move to Element from ClassChangeInvalidation.
2158
2159         (WebCore::Element::willModifyAttribute):
2160
2161             No more full style invalidation on attribute change.
2162
2163         * style/AttributeChangeInvalidation.cpp: Added.
2164         (WebCore::Style::AttributeChangeInvalidation::invalidateStyle):
2165
2166             Invalidate local style.
2167             Check if we need to invalidate descendants by looking into ancestorAttributeRules.
2168
2169         (WebCore::Style::AttributeChangeInvalidation::invalidateDescendants):
2170
2171             Use StyleInvalidationAnalysis to invalidate the subtree for the relevant rules.
2172
2173         * style/AttributeChangeInvalidation.h: Added.
2174         (WebCore::Style::AttributeChangeInvalidation::needsInvalidation):
2175         (WebCore::Style::AttributeChangeInvalidation::AttributeChangeInvalidation):
2176         (WebCore::Style::AttributeChangeInvalidation::~AttributeChangeInvalidation):
2177
2178             If needed, invalidate descendants before and after attribute change to catch rules that start and stop applying.
2179
2180 2016-02-16  Chris Dumez  <cdumez@apple.com>
2181
2182         Do security checks early in JSDOMWindow::put*()
2183         https://bugs.webkit.org/show_bug.cgi?id=154270
2184
2185         Reviewed by Gavin Barraclough.
2186
2187         Do security checks early in JSDOMWindow::put() / JSDOMWindow::putByIndex()
2188         and return as soon as possible. This makes it less error-prone as we need
2189         to do the security check only once, at the top of the function.
2190
2191         Also lock down the security further by calling lookupPut() only if the
2192         property name is "location". The "location" property is the only one that
2193         can be set cross-origin. Previously, trying to set a property such as
2194         "name" (which cannot be set cross-origin) relied on the attribute setter
2195         doing the security check when getting called. The new check is less error
2196         prone and will correctly prevent overriding window's method cross-origin
2197         once these move down from the prototype (Bug 154120).
2198
2199         Finally, the previous code was failing to set the "location" property
2200         cross-origin after the window has been reified. This patch fixes the
2201         issue by always calling the original "location" property setter from the
2202         static table in the cross-origin case.
2203
2204         Test: http/tests/security/cross-origin-reified-window-location-setting.html
2205
2206         * bindings/js/JSDOMWindowCustom.cpp:
2207         (WebCore::JSDOMWindow::put):
2208         (WebCore::JSDOMWindow::putByIndex):
2209
2210 2016-02-15  Brent Fulgham  <bfulgham@apple.com>
2211
2212         [Mac] Gather some rudimentary statistics during resource load 
2213         https://bugs.webkit.org/show_bug.cgi?id=153575
2214         <rdar://problem/24075254>
2215
2216         Reviewed by Brady Eidson.
2217
2218         Tested by: http/tests/navigation/statistics.html
2219
2220         * CMakeLists.txt:
2221         * PlatformWin.cmake:
2222         * WebCore.xcodeproj/project.pbxproj:
2223         * dom/Document.cpp:
2224         (WebCore::Document::updateLastHandledUserGestureTimestamp): Log user interaction
2225         with the ResourceLoadObserver.
2226         * loader/DocumentLoader.cpp:
2227         (WebCore::DocumentLoader::willSendRequest): Track load statistics if the
2228         user interacted with the document.
2229         * loader/ResourceLoadObserver.cpp: Added.
2230         * loader/ResourceLoadObserver.h: Added.
2231         * loader/ResourceLoadStatistics.cpp: Added.
2232         * loader/ResourceLoadStatistics.h: Added.
2233         * loader/SubresourceLoader.cpp:
2234         (WebCore::SubresourceLoader::willSendRequestInternal): Track load statistics.
2235         * page/Settings.cpp:
2236         (WebCore::Settings::setResourceLoadStatisticsEnabled): Added.
2237         * page/Settings.h:
2238         (WebCore::Settings::resourceLoadStatisticsEnabled): Added.
2239         * platform/Logging.h:
2240         * testing/Internals.cpp:
2241         (WebCore::Internals::resourceLoadStatisticsForOrigin):
2242         (WebCore::Internals::setResourceLoadStatisticsEnabled):
2243         * testing/Internals.h:
2244         * testing/Internals.idl:
2245
2246 2016-02-15  Chris Dumez  <cdumez@apple.com>
2247
2248         The following properties should exist on the global object: AudioTrackList, AudioTrack, VideoTrackList, VideoTrack
2249         https://bugs.webkit.org/show_bug.cgi?id=154250
2250         <rdar://problem/24660829>
2251
2252         Reviewed by Eric Carlson.
2253
2254         The following properties should exist on the global object:
2255         - AudioTrackList, AudioTrack, VideoTrackList, VideoTrack
2256
2257         These interfaces are not marked as [NoInterfaceObject] in:
2258         - https://html.spec.whatwg.org/#audiotracklist-and-videotracklist-objects
2259
2260         No new tests, already covered by existing tests.
2261
2262         * html/track/AudioTrack.idl:
2263         * html/track/AudioTrackList.idl:
2264         * html/track/VideoTrack.idl:
2265         * html/track/VideoTrackList.idl:
2266
2267 2016-02-15  Sam Weinig  <sam@webkit.org>
2268
2269         Stop using NSMapTable in places where we were only using it to be GC safe
2270         <rdar://problem/24063723>
2271         https://bugs.webkit.org/show_bug.cgi?id=154264
2272
2273         Reviewed by Dan Bernstein.
2274
2275         Switch from NSMapTable to HashMap.
2276
2277         * WebCore.xcodeproj/project.pbxproj:
2278         * bindings/objc/DOMInternal.h:
2279         * bindings/objc/DOMInternal.mm:
2280         * bindings/objc/WebScriptObject.mm:
2281         * bridge/objc/objc_instance.mm:
2282         * platform/spi/cocoa/NSPointerFunctionsSPI.h: Removed. No longer used.
2283
2284 2016-02-15  Myles C. Maxfield  <mmaxfield@apple.com>
2285
2286         [Font Loading] Implement FontFace JavaScript object
2287         https://bugs.webkit.org/show_bug.cgi?id=153345
2288
2289         Reviewed by Antti Koivisto.
2290
2291         Test: fast/text/font-face-javascript.html
2292
2293         This patch implements the FontFace Javascript object. This object mostly consists of
2294         style getters / setters, which we implement by parsing input strings and generating
2295         output strings similarly to getComputedStyle(). This object also has a load() function
2296         which returns a promise which will be fulfilled or rejected depending on the load.
2297         There is also a "loaded" attribute which exposes this promise directly. Also, a status
2298         field is exposed so script knows what the state of the load is.
2299
2300         Currently, loading depends on our CachedResourceLoader which is part of the Document,
2301         so this API is not available in a non-document context.
2302
2303         Another caveat is that immediate-mode font loading (where the content provides an
2304         ArrayBuffer containing the bytes of the font file) is forthcoming. This requires
2305         changing the relationship between CSSFontFaceSource and CachedFont.
2306
2307         CSSFontFace has been modified to keep a strong reference to the CSSFontSelector. This
2308         is because the lifetime of the CSSFontFace can now outlive the CSSFontSelector. When
2309         the CSSFontSelector is removed from the Document, it explicitly clears its constituent
2310         CSSFontFaces, thereby breaking the reference cycle.
2311
2312         Test: fast/text/font-face-javascript-expected.html
2313
2314         * CMakeLists.txt: Add new files.
2315         * DerivedSources.cpp: Ditto.
2316         * DerivedSources.make: Ditto.
2317         * WebCore.vcxproj/WebCore.vcxproj: Ditto.
2318         * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
2319         * WebCore.xcodeproj/project.pbxproj: Ditto.
2320         * bindings/js/JSDOMPromise.cpp:
2321         (WebCore::DeferredWrapper::globalObject): Remove whitespace.
2322         (WebCore::DeferredWrapper::deferred): Allow access to the inner JSC object.
2323         * bindings/js/JSDOMPromise.h:
2324         (WebCore::DOMPromise::deferred): Ditto.
2325         * bindings/js/JSFontFaceCustom.cpp: Copied from Source/WebCore/bindings/js/JSDOMPromise.cpp.
2326         (WebCore::JSFontFace::loaded):
2327         (WebCore::JSFontFace::load):
2328         * css/CSSFontFace.cpp:
2329         (WebCore::CSSFontFace::CSSFontFace): 
2330         (WebCore::CSSFontFace::adoptSource):
2331         (WebCore::CSSFontFace::updateStatus): Enforce the state machine's transitions.
2332         (WebCore::CSSFontFace::fontLoaded):
2333         (WebCore::CSSFontFace::pump):
2334         (WebCore::CSSFontFace::load):
2335         * css/CSSFontFace.h:
2336         (WebCore::CSSFontFaceClient::~CSSFontFaceClient):
2337         (WebCore::CSSFontFace::create):
2338         (WebCore::CSSFontFace::status):
2339         * css/CSSFontSelector.cpp:
2340         (WebCore::CSSFontSelector::appendSources): Update for new CSSFontFace API.
2341         (WebCore::CSSFontSelector::registerLocalFontFacesForFamily): Ditto.
2342         (WebCore::CSSFontSelector::addFontFaceRule): Ditto.
2343         (WebCore::CSSFontSelector::kick): Ditto.
2344         (WebCore::appendSources): Deleted.
2345         (WebCore::registerLocalFontFacesForFamily): Deleted.
2346         * css/CSSFontSelector.h:
2347         * css/CSSUnicodeRangeValue.cpp: Use for serializing the "unicodeRange" property.
2348         * css/FontFace.cpp:
2349         (WebCore::createPromise): Implement the remaining Javascript API functions.
2350         (WebCore::valueFromDictionary):
2351         (WebCore::FontFace::create):
2352         (WebCore::FontFace::FontFace):
2353         (WebCore::FontFace::parseString):
2354         (WebCore::FontFace::status):
2355         (WebCore::FontFace::kick):
2356         (WebCore::FontFace::load):
2357         (WebCore::FontFace::fulfillPromise):
2358         (WebCore::FontFace::rejectPromise):
2359         (WebCore::parseString): Deleted.
2360         * css/FontFace.h:
2361         (WebCore::FontFace::promise):
2362         (WebCore::FontFace::backing):
2363         (WebCore::FontFace::create): Deleted.
2364         * css/FontFace.idl: Copied from Source/WebCore/bindings/js/JSDOMPromise.cpp.
2365
2366 2016-02-15  Jer Noble  <jer.noble@apple.com>
2367
2368         Null-deref crash in DefaultAudioDestinationNode::suspend()
2369         https://bugs.webkit.org/show_bug.cgi?id=154248
2370
2371         Reviewed by Alex Christensen.
2372
2373         Drive-by fix: AudioContext should be a reference, not a pointer.
2374
2375         * Modules/webaudio/AnalyserNode.cpp:
2376         (WebCore::AnalyserNode::AnalyserNode):
2377         * Modules/webaudio/AnalyserNode.h:
2378         (WebCore::AnalyserNode::create):
2379         * Modules/webaudio/AudioBasicInspectorNode.cpp:
2380         (WebCore::AudioBasicInspectorNode::AudioBasicInspectorNode):
2381         (WebCore::AudioBasicInspectorNode::connect):
2382         (WebCore::AudioBasicInspectorNode::disconnect):
2383         (WebCore::AudioBasicInspectorNode::checkNumberOfChannelsForInput):
2384         (WebCore::AudioBasicInspectorNode::updatePullStatus):
2385         * Modules/webaudio/AudioBasicInspectorNode.h:
2386         * Modules/webaudio/AudioBasicProcessorNode.cpp:
2387         (WebCore::AudioBasicProcessorNode::AudioBasicProcessorNode):
2388         (WebCore::AudioBasicProcessorNode::checkNumberOfChannelsForInput):
2389         * Modules/webaudio/AudioBasicProcessorNode.h:
2390         * Modules/webaudio/AudioBufferSourceNode.cpp:
2391         (WebCore::AudioBufferSourceNode::create):
2392         (WebCore::AudioBufferSourceNode::AudioBufferSourceNode):
2393         (WebCore::AudioBufferSourceNode::renderFromBuffer):
2394         (WebCore::AudioBufferSourceNode::setBuffer):
2395         (WebCore::AudioBufferSourceNode::startPlaying):
2396         (WebCore::AudioBufferSourceNode::looping):
2397         (WebCore::AudioBufferSourceNode::setLooping):
2398         * Modules/webaudio/AudioBufferSourceNode.h:
2399         * Modules/webaudio/AudioContext.cpp:
2400         (WebCore::AudioContext::AudioContext):
2401         (WebCore::AudioContext::createBufferSource):
2402         (WebCore::AudioContext::createMediaElementSource):
2403         (WebCore::AudioContext::createMediaStreamDestination):
2404         (WebCore::AudioContext::createScriptProcessor):
2405         (WebCore::AudioContext::createBiquadFilter):
2406         (WebCore::AudioContext::createWaveShaper):
2407         (WebCore::AudioContext::createPanner):
2408         (WebCore::AudioContext::createConvolver):
2409         (WebCore::AudioContext::createDynamicsCompressor):
2410         (WebCore::AudioContext::createAnalyser):
2411         (WebCore::AudioContext::createGain):
2412         (WebCore::AudioContext::createDelay):
2413         (WebCore::AudioContext::createChannelSplitter):
2414         (WebCore::AudioContext::createChannelMerger):
2415         (WebCore::AudioContext::createOscillator):
2416         * Modules/webaudio/AudioContext.h:
2417         (WebCore::operator==):
2418         (WebCore::operator!=):
2419         * Modules/webaudio/AudioDestinationNode.cpp:
2420         (WebCore::AudioDestinationNode::AudioDestinationNode):
2421         (WebCore::AudioDestinationNode::render):
2422         (WebCore::AudioDestinationNode::updateIsEffectivelyPlayingAudio):
2423         * Modules/webaudio/AudioDestinationNode.h:
2424         * Modules/webaudio/AudioNode.cpp:
2425         (WebCore::AudioNode::AudioNode):
2426         (WebCore::AudioNode::connect):
2427         (WebCore::AudioNode::disconnect):
2428         (WebCore::AudioNode::setChannelCount):
2429         (WebCore::AudioNode::setChannelCountMode):
2430         (WebCore::AudioNode::setChannelInterpretation):
2431         (WebCore::AudioNode::scriptExecutionContext):
2432         (WebCore::AudioNode::processIfNecessary):
2433         (WebCore::AudioNode::checkNumberOfChannelsForInput):
2434         (WebCore::AudioNode::propagatesSilence):
2435         (WebCore::AudioNode::pullInputs):
2436         (WebCore::AudioNode::enableOutputsIfNecessary):
2437         (WebCore::AudioNode::deref):
2438         (WebCore::AudioNode::finishDeref):
2439         * Modules/webaudio/AudioNode.h:
2440         (WebCore::AudioNode::context):
2441         * Modules/webaudio/AudioNodeInput.cpp:
2442         (WebCore::AudioNodeInput::connect):
2443         (WebCore::AudioNodeInput::disconnect):
2444         (WebCore::AudioNodeInput::disable):
2445         (WebCore::AudioNodeInput::enable):
2446         (WebCore::AudioNodeInput::updateInternalBus):
2447         (WebCore::AudioNodeInput::bus):
2448         (WebCore::AudioNodeInput::internalSummingBus):
2449         (WebCore::AudioNodeInput::sumAllConnections):
2450         (WebCore::AudioNodeInput::pull):
2451         * Modules/webaudio/AudioNodeOutput.cpp:
2452         (WebCore::AudioNodeOutput::setNumberOfChannels):
2453         (WebCore::AudioNodeOutput::updateNumberOfChannels):
2454         (WebCore::AudioNodeOutput::propagateChannelCount):
2455         (WebCore::AudioNodeOutput::pull):
2456         (WebCore::AudioNodeOutput::bus):
2457         (WebCore::AudioNodeOutput::fanOutCount):
2458         (WebCore::AudioNodeOutput::paramFanOutCount):
2459         (WebCore::AudioNodeOutput::addInput):
2460         (WebCore::AudioNodeOutput::removeInput):
2461         (WebCore::AudioNodeOutput::disconnectAllInputs):
2462         (WebCore::AudioNodeOutput::addParam):
2463         (WebCore::AudioNodeOutput::removeParam):
2464         (WebCore::AudioNodeOutput::disconnectAllParams):
2465         (WebCore::AudioNodeOutput::disable):
2466         (WebCore::AudioNodeOutput::enable):
2467         * Modules/webaudio/AudioNodeOutput.h:
2468         (WebCore::AudioNodeOutput::context):
2469         * Modules/webaudio/AudioParam.cpp:
2470         (WebCore::AudioParam::value):
2471         (WebCore::AudioParam::smooth):
2472         (WebCore::AudioParam::calculateSampleAccurateValues):
2473         (WebCore::AudioParam::calculateFinalValues):
2474         (WebCore::AudioParam::calculateTimelineValues):
2475         (WebCore::AudioParam::connect):
2476         (WebCore::AudioParam::disconnect):
2477         * Modules/webaudio/AudioParam.h:
2478         (WebCore::AudioParam::create):
2479         (WebCore::AudioParam::AudioParam):
2480         * Modules/webaudio/AudioParamTimeline.cpp:
2481         (WebCore::AudioParamTimeline::valueForContextTime):
2482         * Modules/webaudio/AudioParamTimeline.h:
2483         * Modules/webaudio/AudioScheduledSourceNode.cpp:
2484         (WebCore::AudioScheduledSourceNode::AudioScheduledSourceNode):
2485         (WebCore::AudioScheduledSourceNode::updateSchedulingInfo):
2486         (WebCore::AudioScheduledSourceNode::start):
2487         (WebCore::AudioScheduledSourceNode::finish):
2488         * Modules/webaudio/AudioScheduledSourceNode.h:
2489         * Modules/webaudio/AudioSummingJunction.cpp:
2490         (WebCore::AudioSummingJunction::AudioSummingJunction):
2491         (WebCore::AudioSummingJunction::~AudioSummingJunction):
2492         (WebCore::AudioSummingJunction::changedOutputs):
2493         (WebCore::AudioSummingJunction::updateRenderingState):
2494         * Modules/webaudio/AudioSummingJunction.h:
2495         (WebCore::AudioSummingJunction::context):
2496         * Modules/webaudio/BiquadFilterNode.cpp:
2497         (WebCore::BiquadFilterNode::BiquadFilterNode):
2498         * Modules/webaudio/BiquadFilterNode.h:
2499         (WebCore::BiquadFilterNode::create):
2500         * Modules/webaudio/BiquadProcessor.cpp:
2501         (WebCore::BiquadProcessor::BiquadProcessor):
2502         * Modules/webaudio/BiquadProcessor.h:
2503         * Modules/webaudio/ChannelMergerNode.cpp:
2504         (WebCore::ChannelMergerNode::create):
2505         (WebCore::ChannelMergerNode::ChannelMergerNode):
2506         (WebCore::ChannelMergerNode::checkNumberOfChannelsForInput):
2507         * Modules/webaudio/ChannelMergerNode.h:
2508         * Modules/webaudio/ChannelSplitterNode.cpp:
2509         (WebCore::ChannelSplitterNode::create):
2510         (WebCore::ChannelSplitterNode::ChannelSplitterNode):
2511         * Modules/webaudio/ChannelSplitterNode.h:
2512         * Modules/webaudio/ConvolverNode.cpp:
2513         (WebCore::ConvolverNode::ConvolverNode):
2514         (WebCore::ConvolverNode::setBuffer):
2515         * Modules/webaudio/ConvolverNode.h:
2516         (WebCore::ConvolverNode::create):
2517         * Modules/webaudio/DefaultAudioDestinationNode.cpp:
2518         (WebCore::DefaultAudioDestinationNode::DefaultAudioDestinationNode):
2519         (WebCore::DefaultAudioDestinationNode::resume):
2520         (WebCore::DefaultAudioDestinationNode::suspend):
2521         (WebCore::DefaultAudioDestinationNode::close):
2522         * Modules/webaudio/DefaultAudioDestinationNode.h:
2523         (WebCore::DefaultAudioDestinationNode::create):
2524         * Modules/webaudio/DelayNode.cpp:
2525         (WebCore::DelayNode::DelayNode):
2526         * Modules/webaudio/DelayNode.h:
2527         (WebCore::DelayNode::create):
2528         * Modules/webaudio/DelayProcessor.cpp:
2529         (WebCore::DelayProcessor::DelayProcessor):
2530         * Modules/webaudio/DelayProcessor.h:
2531         * Modules/webaudio/DynamicsCompressorNode.cpp:
2532         (WebCore::DynamicsCompressorNode::DynamicsCompressorNode):
2533         * Modules/webaudio/DynamicsCompressorNode.h:
2534         (WebCore::DynamicsCompressorNode::create):
2535         * Modules/webaudio/GainNode.cpp:
2536         (WebCore::GainNode::GainNode):
2537         (WebCore::GainNode::checkNumberOfChannelsForInput):
2538         * Modules/webaudio/GainNode.h:
2539         (WebCore::GainNode::create):
2540         * Modules/webaudio/MediaElementAudioSourceNode.cpp:
2541         (WebCore::MediaElementAudioSourceNode::create):
2542         (WebCore::MediaElementAudioSourceNode::MediaElementAudioSourceNode):
2543         (WebCore::MediaElementAudioSourceNode::setFormat):
2544         * Modules/webaudio/MediaElementAudioSourceNode.h:
2545         * Modules/webaudio/MediaStreamAudioDestinationNode.cpp:
2546         (WebCore::MediaStreamAudioDestinationNode::create):
2547         (WebCore::MediaStreamAudioDestinationNode::MediaStreamAudioDestinationNode):
2548         * Modules/webaudio/MediaStreamAudioDestinationNode.h:
2549         * Modules/webaudio/MediaStreamAudioSourceNode.cpp:
2550         (WebCore::MediaStreamAudioSourceNode::MediaStreamAudioSourceNode):
2551         (WebCore::MediaStreamAudioSourceNode::setFormat):
2552         * Modules/webaudio/OfflineAudioDestinationNode.cpp:
2553         (WebCore::OfflineAudioDestinationNode::OfflineAudioDestinationNode):
2554         (WebCore::OfflineAudioDestinationNode::offlineRender):
2555         (WebCore::OfflineAudioDestinationNode::notifyComplete):
2556         * Modules/webaudio/OfflineAudioDestinationNode.h:
2557         (WebCore::OfflineAudioDestinationNode::create):
2558         * Modules/webaudio/OscillatorNode.cpp:
2559         (WebCore::OscillatorNode::create):
2560         (WebCore::OscillatorNode::OscillatorNode):
2561         * Modules/webaudio/OscillatorNode.h:
2562         * Modules/webaudio/PannerNode.cpp:
2563         (WebCore::PannerNode::PannerNode):
2564         (WebCore::PannerNode::pullInputs):
2565         (WebCore::PannerNode::process):
2566         (WebCore::PannerNode::listener):
2567         (WebCore::PannerNode::setPanningModel):
2568         * Modules/webaudio/PannerNode.h:
2569         (WebCore::PannerNode::create):
2570         * Modules/webaudio/ScriptProcessorNode.cpp:
2571         (WebCore::ScriptProcessorNode::create):
2572         (WebCore::ScriptProcessorNode::ScriptProcessorNode):
2573         (WebCore::ScriptProcessorNode::initialize):
2574         (WebCore::ScriptProcessorNode::fireProcessEvent):
2575         * Modules/webaudio/ScriptProcessorNode.h:
2576         * Modules/webaudio/WaveShaperNode.cpp:
2577         (WebCore::WaveShaperNode::WaveShaperNode):
2578         (WebCore::WaveShaperNode::setOversample):
2579         * Modules/webaudio/WaveShaperNode.h:
2580         (WebCore::WaveShaperNode::create):
2581
2582 2016-02-15  Jer Noble  <jer.noble@apple.com>
2583
2584         Null-deref crash in DefaultAudioDestinationNode::suspend()
2585         https://bugs.webkit.org/show_bug.cgi?id=154248
2586
2587         Reviewed by Alex Christensen.
2588
2589         Null-check scriptExecutionContext() before deref.
2590
2591         * Modules/webaudio/DefaultAudioDestinationNode.cpp:
2592         (WebCore::DefaultAudioDestinationNode::resume):
2593         (WebCore::DefaultAudioDestinationNode::suspend):
2594         (WebCore::DefaultAudioDestinationNode::close):
2595
2596 2016-02-15  Chris Dumez  <cdumez@apple.com>
2597
2598         XMLHttpRequest / XMLHttpRequestUpload should inherit XMLHttpRequestEventTarget
2599         https://bugs.webkit.org/show_bug.cgi?id=154230
2600
2601         Reviewed by Alex Christensen.
2602
2603         MLHttpRequest / XMLHttpRequestUpload should inherit XMLHttpRequestEventTarget
2604         as per:
2605         https://xhr.spec.whatwg.org/#xmlhttprequesteventtarget
2606
2607         Firefox and Chrome already match the specification.
2608
2609         No new tests, already covered by existing tests.
2610
2611         * CMakeLists.txt:
2612         * DerivedSources.make:
2613         * WebCore.vcxproj/WebCore.vcxproj:
2614         * WebCore.vcxproj/WebCore.vcxproj.filters:
2615         * WebCore.xcodeproj/project.pbxproj:
2616         * xml/XMLHttpRequest.h:
2617         * xml/XMLHttpRequest.idl:
2618         * xml/XMLHttpRequestEventTarget.h: Added.
2619         * xml/XMLHttpRequestEventTarget.idl: Copied from Source/WebCore/xml/XMLHttpRequestUpload.idl.
2620         * xml/XMLHttpRequestUpload.h:
2621         * xml/XMLHttpRequestUpload.idl:
2622
2623 2016-02-15  Jiewen Tan  <jiewen_tan@apple.com>
2624
2625         Refine SimulatedMouseEvent to support Event.isTrusted
2626         https://bugs.webkit.org/show_bug.cgi?id=154133
2627         <rdar://problem/24616246>
2628
2629         Reviewed by Darin Adler.
2630
2631         This patch extracts everything related to create/dispatch SimulatedMouseEvent from MouseEvent.h/cpp
2632         and EventDispatcher.h/cpp, and produces SimulateClick.h/cpp which will handle simulated click solely.
2633         After that, we hide the SimulatedMouseEvent and only expose simulateClick to be called. The reason is
2634         that we both want to tell whether the call sites are from user agent/bindings and keep the
2635         SimulatedMouseEvent intact.
2636
2637         Also, this patch separate Element::dispatchSimulatedClick into two: one for the user agent, and another
2638         for the bindings. Therefore, HTMLElement.click will be treated as untrusted.
2639
2640         Some of the changes in this patch referred Blink r200401:
2641         https://codereview.chromium.org/1285793004
2642
2643         Modified test:
2644         LayoutTests/imported/blink/fast/events/event-trusted.html
2645
2646         * CMakeLists.txt:
2647         * WebCore.xcodeproj/project.pbxproj:
2648         * dom/Element.cpp:
2649         (WebCore::Element::dispatchSimulatedClick):
2650         (WebCore::Element::dispatchSimulatedClickForBindings):
2651         * dom/Element.h:
2652         * dom/EventDispatcher.cpp:
2653         (WebCore::EventDispatcher::dispatchSimulatedClick): Deleted.
2654         * dom/EventDispatcher.h:
2655         * dom/MouseEvent.cpp:
2656         (WebCore::SimulatedMouseEvent::create): Deleted.
2657         (WebCore::SimulatedMouseEvent::~SimulatedMouseEvent): Deleted.
2658         (WebCore::SimulatedMouseEvent::SimulatedMouseEvent): Deleted.
2659         * dom/MouseEvent.h:
2660         * dom/SimulatedClick.cpp: Added.
2661         (WebCore::simulateMouseEvent):
2662         (WebCore::simulateClick):
2663         * dom/SimulatedClick.h: Added.
2664         * html/HTMLElement.cpp:
2665         (WebCore::HTMLElement::click):
2666
2667 2016-02-15  Joseph Pecoraro  <pecoraro@apple.com>
2668
2669         Web Inspector: Web Workers have no access to console for debugging
2670         https://bugs.webkit.org/show_bug.cgi?id=26237
2671
2672         Reviewed by Timothy Hatcher.
2673
2674         This adds the most basic console message support to Workers.
2675         Messages logged from workers get surfaced through the Page's console.
2676         This lacks support for logging and interacting with arguments,
2677         which would be addressed when adding more complete Worker
2678         debugging tools.
2679
2680         Test: inspector/console/messageAdded-from-worker.html
2681
2682         * CMakeLists.txt:
2683         * WebCore.xcodeproj/project.pbxproj:
2684         Add new files.
2685
2686         * bindings/js/WorkerScriptController.cpp:
2687         (WebCore::WorkerScriptController::~WorkerScriptController):
2688         (WebCore::WorkerScriptController::initScript):
2689         Set the ConsoleClient for the Worker's global object. We route
2690         the messages to the Page's console.
2691
2692         * bindings/js/WorkerScriptController.h:
2693         * workers/WorkerConsoleClient.h: Added.
2694         * workers/WorkerConsoleClient.cpp: Added.
2695         (WebCore::WorkerConsoleClient::WorkerConsoleClient):
2696         (WebCore::WorkerConsoleClient::~WorkerConsoleClient):
2697         (WebCore::WorkerConsoleClient::profile):
2698         (WebCore::WorkerConsoleClient::profileEnd):
2699         (WebCore::WorkerConsoleClient::count):
2700         (WebCore::WorkerConsoleClient::time):
2701         (WebCore::WorkerConsoleClient::timeEnd):
2702         (WebCore::WorkerConsoleClient::timeStamp):
2703         Stub most console methods in a Worker.
2704
2705         (WebCore::WorkerConsoleClient::messageWithTypeAndLevel):
2706         Send worker log messages to the global scope and on to the main page.
2707
2708         * workers/WorkerGlobalScope.h:
2709         * workers/WorkerGlobalScope.cpp:
2710         (WebCore::WorkerGlobalScope::addConsoleMessage):
2711         (WebCore::WorkerGlobalScope::addMessageToWorkerConsole):
2712         Ideally we want to converge on simple addConsoleMessage
2713         APIs that just take a ConsoleMessage, without a barrage
2714         of parameters. Add these versions now.
2715
2716 2016-02-15  Alex Christensen  <achristensen@webkit.org>
2717
2718         CMake build fix.
2719
2720         * PlatformMac.cmake:
2721
2722 2016-02-15  Chris Dumez  <cdumez@apple.com>
2723
2724         Regression(r196563): It is no longer possible to call window.addEventListener without an explicit 'this'
2725         https://bugs.webkit.org/show_bug.cgi?id=154245
2726
2727         Reviewed by Ryosuke Niwa.
2728
2729         This patch adds support for calling the EventListener API without an
2730         explicit 'this' value. If no explicit 'this' value is passed, then we
2731         fall back to using the global object. This matches Chrome and Firefox's
2732         behavior. It also fixes the Dromaeo/cssquery-dojo.html test.
2733
2734         Test: fast/dom/Window/addEventListener-implicit-this.html
2735
2736         * bindings/scripts/CodeGeneratorJS.pm:
2737         (GenerateFunctionCastedThis):
2738
2739 2016-02-14  Gavin Barraclough  <barraclough@apple.com>
2740
2741         Organize, deduplicate & comment JSDOMWindowCustom getOwnPropertySlot
2742         https://bugs.webkit.org/show_bug.cgi?id=154224
2743
2744         Reviewed by Chris Dumez.
2745
2746         * bindings/js/JSDOMWindowCustom.cpp:
2747         (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
2748         (WebCore::jsDOMWindowGetOwnPropertySlotNamedItemGetter):
2749         (WebCore::JSDOMWindow::getOwnPropertySlot):
2750         (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
2751             - organized property access sequence into a more logical order, removed
2752               duplicated code & added comments.
2753         (WebCore::namedItemGetter): Deleted.
2754             - there was no need for a custom callback here; merged functionality into
2755               jsDOMWindowGetOwnPropertySlotNamedItemGetter.
2756         (WebCore::jsDOMWindowGetOwnPropertySlotCrossOrigin): Deleted.
2757             - renamed to jsDOMWindowGetOwnPropertySlotRestrictedAccess
2758               (this now also handles frameless access).
2759
2760 2016-02-15  Daniel Bates  <dabates@apple.com>
2761
2762         CSP: 'sandbox' should be ignored in report-only mode
2763         https://bugs.webkit.org/show_bug.cgi?id=153167
2764         <rdar://problem/22708669>
2765
2766         Reviewed by Brent Fulgham.
2767
2768         Merged from Blink (patch by Mike West):
2769         <https://src.chromium.org/viewvc/blink?revision=165322&view=revision>
2770
2771         * page/csp/ContentSecurityPolicy.cpp:
2772         (WebCore::ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode): Added. Logs a
2773         console message to the console to explain that the specified directive is invalid in
2774         report-only mode.
2775         * page/csp/ContentSecurityPolicy.h:
2776         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
2777         (WebCore::ContentSecurityPolicyDirectiveList::applySandboxPolicy): Do not apply sandbox
2778         policy when in report-only mode and call ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode()
2779         to log a message to the console.
2780
2781 2016-02-15  Daniel Bates  <dabates@apple.com>
2782
2783         CSP: Allow schemeless source expressions to match an HTTP or HTTPS resource
2784         https://bugs.webkit.org/show_bug.cgi?id=154177
2785         <rdar://problem/22708772>
2786
2787         Reviewed by Brent Fulgham.
2788
2789         Allow a schemeless source expression to match an HTTP or HTTPS subresource when the page is
2790         delivered over HTTP as per section Matching Source Expressions of the Content Security Policy
2791         2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/> (21 July 2015).
2792
2793         Currently we have logic that implements this functionality, but it is guarded behind the compile-
2794         time macro ENABLE(CSP_NEXT) that is disabled by default. Instead we should always compile such
2795         code. In subsequent commits we will move more code out from under the ENABLE(CSP_NEXT)-guard
2796         towards removing the ENABLE_CSP_NEXT macro entirely.
2797
2798         * page/csp/ContentSecurityPolicy.cpp:
2799         (WebCore::ContentSecurityPolicy::protocolMatchesSelf):
2800
2801 2016-02-15  Konstantin Tokarev  <annulen@yandex.ru>
2802
2803         [cmake] Consolidated Linux-specific file lists.
2804         https://bugs.webkit.org/show_bug.cgi?id=154219
2805
2806         Reviewed by Gyuyoung Kim.
2807
2808         No new tests needed.
2809
2810         * PlatformEfl.cmake: Moved Linux files and include dir to Linux.cmake.
2811         * PlatformGTK.cmake: Ditto.
2812         * platform/Linux.cmake: Added.
2813
2814 2016-02-15  Csaba Osztrogonác  <ossy@webkit.org>
2815
2816         Fix the !(ENABLE(SVG_FONTS) || ENABLE(SVG_OTF_CONVERTER)) build after r196322
2817         https://bugs.webkit.org/show_bug.cgi?id=154104
2818
2819         Reviewed by Myles C. Maxfield.
2820
2821         * css/CSSFontFaceSource.cpp:
2822         (WebCore::CSSFontFaceSource::CSSFontFaceSource):
2823
2824 2016-02-14  Antti Koivisto  <antti@apple.com>
2825
2826         Add test for class change style invalidation optimization
2827         https://bugs.webkit.org/show_bug.cgi?id=154226
2828
2829         Reviewed by Myles Maxfield.
2830
2831         Test for https://trac.webkit.org/r196383
2832
2833         Add internals.styleChangeType function.
2834
2835         Test: fast/css/style-invalidation-class-change-descendants.html
2836
2837         * testing/Internals.cpp:
2838         (WebCore::Internals::nodeNeedsStyleRecalc):
2839         (WebCore::asString):
2840         (WebCore::Internals::styleChangeType):
2841         (WebCore::Internals::description):
2842         * testing/Internals.h:
2843         * testing/Internals.idl:
2844
2845 2016-02-14  Simon Fraser  <simon.fraser@apple.com>
2846
2847         [CSS Filters] When applying an SVG filter on a composited image using CSS the image is rendered without the filter
2848         https://bugs.webkit.org/show_bug.cgi?id=154108
2849
2850         Reviewed by Sam Weinig.
2851         
2852         When checking whether we can directly composite an image, we need to check for software-rendered
2853         filters.
2854
2855         Test: compositing/filters/simple-image-with-svg-filter.html
2856
2857         * rendering/RenderLayerBacking.cpp:
2858         (WebCore::RenderLayerBacking::isDirectlyCompositedImage):
2859
2860 2016-02-14  Chris Dumez  <cdumez@apple.com>
2861
2862         Drop the [EventTarget] WebKit-specific IDL extended attribute
2863         https://bugs.webkit.org/show_bug.cgi?id=154171
2864
2865         Reviewed by Sam Weinig.
2866
2867         Drop the [EventTarget] WebKit-specific IDL extended attribute now that
2868         all interfaces inherit EventTarget when they should.
2869
2870         No new tests, no Web-Exposed behavior change.
2871
2872         * Modules/battery/BatteryManager.idl:
2873         * Modules/encryptedmedia/MediaKeySession.idl:
2874         * Modules/indexeddb/IDBDatabase.idl:
2875         * Modules/indexeddb/IDBOpenDBRequest.idl:
2876         * Modules/indexeddb/IDBRequest.idl:
2877         * Modules/indexeddb/IDBTransaction.idl:
2878         * Modules/mediasession/MediaRemoteControls.idl:
2879         * Modules/mediasource/MediaSource.idl:
2880         * Modules/mediasource/SourceBuffer.idl:
2881         * Modules/mediasource/SourceBufferList.idl:
2882         * Modules/mediastream/MediaStream.idl:
2883         * Modules/mediastream/MediaStreamTrack.idl:
2884         * Modules/mediastream/RTCDTMFSender.idl:
2885         * Modules/mediastream/RTCDataChannel.idl:
2886         * Modules/mediastream/RTCPeerConnection.idl:
2887         * Modules/notifications/Notification.idl:
2888         * Modules/speech/SpeechSynthesisUtterance.idl:
2889         * Modules/webaudio/AudioContext.idl:
2890         * Modules/webaudio/AudioNode.idl:
2891         * Modules/webaudio/OfflineAudioContext.idl:
2892         * Modules/websockets/WebSocket.idl:
2893         * bindings/scripts/CodeGeneratorGObject.pm:
2894         (ImplementsInterface):
2895         (SkipFunction): Deleted.
2896         (GenerateCFile): Deleted.
2897         * bindings/scripts/CodeGeneratorJS.pm:
2898         (InstanceNeedsVisitChildren):
2899         (GenerateImplementation):
2900         * bindings/scripts/IDLAttributes.txt:
2901         * bindings/scripts/test/TestEventTarget.idl:
2902         * bindings/scripts/test/TestNode.idl:
2903         * css/FontLoader.idl:
2904         * dom/EventTarget.idl:
2905         * dom/MessagePort.idl:
2906         * dom/Node.idl:
2907         * dom/WebKitNamedFlow.idl:
2908         * fileapi/FileReader.idl:
2909         * html/MediaController.idl:
2910         * html/track/AudioTrackList.idl:
2911         * html/track/TextTrack.idl:
2912         * html/track/TextTrackCue.idl:
2913         * html/track/TextTrackList.idl:
2914         * html/track/VideoTrackList.idl:
2915         * loader/appcache/DOMApplicationCache.idl:
2916         * page/DOMWindow.idl:
2917         * page/EventSource.idl:
2918         * page/Performance.idl:
2919         * workers/WorkerGlobalScope.idl:
2920         * xml/XMLHttpRequest.idl:
2921         * xml/XMLHttpRequestUpload.idl:
2922
2923 2016-02-14  Chris Dumez  <cdumez@apple.com>
2924
2925         Unreviewed attempt to fix the Mac CMake build after r196136
2926
2927         * PlatformMac.cmake:
2928
2929 2016-02-14  Chris Dumez  <cdumez@apple.com>
2930
2931         Unreviewed attempt to fix the Windows build.
2932
2933         * Modules/webdatabase/Database.cpp:
2934         * bridge/c/c_utility.cpp:
2935         * platform/MemoryPressureHandler.cpp:
2936
2937 2016-02-14  Chris Dumez  <cdumez@apple.com>
2938
2939         Window and WorkerGlobalScope should inherit EventTarget
2940         https://bugs.webkit.org/show_bug.cgi?id=154170
2941         <rdar://problem/24642377>
2942
2943         Reviewed by Darin Adler.
2944
2945         Window and WorkerGlobalScope should inherit EventTarget instead of
2946         duplicating the EventTarget API in their IDL. These were the last
2947         interfaces that needed fixing. The next step will be to get rid
2948         of the [EventTarget] IDL extended attribute and rely entirely
2949         on the EventTarget inheritance.
2950
2951         Test:
2952         - fast/frames/detached-frame-eventListener.html
2953         - Covered by existing tests.
2954
2955         * WebCore.xcodeproj/project.pbxproj:
2956         Add JSEventTargetCustom.h header to the project.
2957
2958         * bindings/js/JSDOMWindowCustom.cpp:
2959         Drop custom bindings for Window's addEventListener() and
2960         removeEventListener(). The only reason these needed custom
2961         code was to add a check for frameless windows. The frameless
2962         Window checks was moved to the respective methods in the
2963         JSEventTarget generated bindings.
2964
2965         * bindings/js/JSDOMWindowShell.cpp:
2966         (WebCore::JSDOMWindowShell::setWindow):
2967         Set WindowPrototype's prototype to EventTarget's prototype.
2968
2969         * bindings/js/JSDOMWindowShell.h:
2970         * bindings/js/JSDictionary.cpp:
2971         Include "DOMWindow.h" to fix the build.
2972
2973         * bindings/js/JSEventTargetCustom.cpp:
2974         (WebCore::JSEventTarget::toWrapped):
2975         Handle DOMWindow and WorkerGlobalScope explicitely in toWrapped()
2976         and get rid of the DOM_EVENT_TARGET_INTERFACES_FOR_EACH(TRY_TO_UNWRAP_WITH_INTERFACE)
2977         now that all interfaces inherit EventTarget when they should.
2978         The reason DOMWindow and WorkerGlobalScope still need special
2979         handling is because their wrappers (JSDOMWindow /
2980         JSWorkerGlobalScope) do not subclass JSEventTarget.
2981
2982         (WebCore::JSEventTargetOrGlobalScope::create):
2983         * bindings/js/JSEventTargetCustom.h: Added.
2984         (WebCore::JSEventTargetOrGlobalScope::wrapped):
2985         (WebCore::JSEventTargetOrGlobalScope::operator JSC::JSObject&):
2986         (WebCore::JSEventTargetOrGlobalScope::JSEventTargetOrGlobalScope):
2987         Add a wrapper type for JSEventTarget / JSDOMWindow and
2988         JSWorkerGlobalScope for use in the generated bindings. This is
2989         needed because JSDOMWindow and JSWorkerGlobalScope do not
2990         subclass JSEventTarget. Subclassing JSEventTarget would be
2991         complicated for them because they already subclass
2992         JSDOMWindowBase / JSWorkerGlobalScopeBase, which subclasses
2993         JSDOMGlobalObject.
2994
2995         * bindings/js/WorkerScriptController.cpp:
2996         (WebCore::WorkerScriptController::initScript):
2997         Set WorkerGlobalScopePrototype's prototype to EventTarget's prototype.
2998
2999         * bindings/scripts/CodeGeneratorJS.pm:
3000         (ShouldGenerateToJSDeclaration):
3001         Do not generate to toJS() implementation for interfaces that use
3002         the [CustomProxyToJSObject] IDL extended attribute, even if they
3003         inherit EventTarget.
3004
3005         (GetCastingHelperForThisObject):
3006         To initialize castedThis from thisValue JSValue, we now use the
3007         JSEventTargetOrGlobalScope wrapper for the EventTarget
3008         implementation. This is to work around the fact that JSDOMWindow
3009         and JSWorkerGlobalScope do not subclass JSEventTarget.
3010
3011         (GenerateFunctionCastedThis):
3012         - Drop code handling [WorkerGlobalScope] IDL extended attribute
3013           as there is no such attribute.
3014         - Use auto instead of auto* type for castedThis because
3015           JSEventTargetOrGlobalScope::create() returns a unique_ptr.
3016         - Do not check that castedThis inherits JSEventTarget in the
3017           EventTarget bindings code as this no longer holds true.
3018
3019         (GenerateImplementation):
3020         Generate frameless window() and security checks for EventTarget
3021         methods when thisValue is a JSDOMWindow.
3022
3023         * dom/EventTarget.idl:
3024         Add [JSCustomHeader] IDL Extended attribute as we need a header
3025         to expose JSEventTargetOrGlobalScope class.
3026
3027         * page/DOMWindow.idl:
3028         * workers/WorkerGlobalScope.idl:
3029         Inherit EventTarget and stop duplicating the EventTarget API.
3030         This matches the HTML specification.
3031
3032 2016-02-14  Darin Adler  <darin@apple.com>
3033
3034         Small tweaks to some SimpleLineLayout code
3035         https://bugs.webkit.org/show_bug.cgi?id=154229
3036
3037         Reviewed by Zalan Bujtas.
3038
3039         * rendering/SimpleLineLayoutFunctions.cpp:
3040         (WebCore::SimpleLineLayout::paintFlow): Use std::ceil instead of ceilf.
3041         Use auto instead of const auto& for a for loop where the local object is
3042         copied and not a reference.
3043         (WebCore::SimpleLineLayout::hitTestFlow): Use modern for loop.
3044         (WebCore::SimpleLineLayout::collectFlowOverflow): Use std::ceil instead of
3045         ceilf. Use a modern for loop, and use slightly more descriptive local
3046         variable names.
3047         (WebCore::SimpleLineLayout::computeBoundingBox): Use auto instead of
3048         const auto& as above.
3049         (WebCore::SimpleLineLayout::computeFirstRunLocation): Use auto and use
3050         the name "range" for the range rather than the name "it", since the range
3051         is not an iterator.
3052         (WebCore::SimpleLineLayout::collectAbsoluteRects): Use auto instead of
3053         const auto& as above.
3054         (WebCore::SimpleLineLayout::collectAbsoluteQuads): Ditto.
3055         (WebCore::SimpleLineLayout::showLineLayoutForFlow): Use modern for loop.
3056
3057         * rendering/SimpleLineLayoutResolver.cpp:
3058         (WebCore::SimpleLineLayout::RunResolver::Run::text): Convert from a String
3059         to a StringView using the StringView constructor instead of writing out
3060         explicit 8-bit and 16-bit cases.
3061
3062 2016-02-13  Antti Koivisto  <antti@apple.com>
3063
3064         Factor class change style invalidation code into a class
3065         https://bugs.webkit.org/show_bug.cgi?id=154163
3066
3067         Reviewed by Andreas Kling.
3068
3069         Factor this piece of functionality out of Element and into ClassChangeInvalidation class.
3070
3071         * CMakeLists.txt:
3072         * WebCore.vcxproj/WebCore.vcxproj:
3073         * WebCore.xcodeproj/project.pbxproj:
3074         * dom/Element.cpp:
3075         (WebCore::classStringHasClassName):
3076         (WebCore::Element::classAttributeChanged):
3077         (WebCore::collectClasses): Deleted.
3078         (WebCore::computeClassChange): Deleted.
3079         (WebCore::invalidateStyleForClassChange): Deleted.
3080         * style/ClassChangeInvalidation.cpp: Added.
3081         (WebCore::Style::ClassChangeInvalidation::computeClassChange):
3082         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
3083         * style/ClassChangeInvalidation.h: Added.
3084         (WebCore::Style::ClassChangeInvalidation::needsInvalidation):
3085         (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
3086         (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):
3087
3088 2016-02-13  Myles C. Maxfield  <mmaxfield@apple.com>
3089
3090         [Win] [SVG -> OTF Converter] SVG fonts drawn into ImageBuffers are invisible
3091         https://bugs.webkit.org/show_bug.cgi?id=154222
3092
3093         Reviewed by Antti Koivisto.
3094
3095         Windows ImageBuffer code is sensitive to broken bounding box and
3096         descent code.
3097
3098         Covered by existing tests.
3099
3100         * svg/SVGToOTFFontConversion.cpp:
3101         (WebCore::SVGToOTFFontConverter::appendHHEATable):
3102         (WebCore::SVGToOTFFontConverter::appendOS2Table):
3103         (WebCore::SVGToOTFFontConverter::processGlyphElement):
3104         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
3105
3106 2016-02-13  Antti Koivisto  <antti@apple.com>
3107
3108         Add version number for default stylesheet
3109         https://bugs.webkit.org/show_bug.cgi?id=154220
3110
3111         Reviewed by Ryosuke Niwa.
3112
3113         We currently fail to update RuleFeatureSets for shadow trees when the default stylesheet grows
3114         (for example when media controls stylesheet is initialized).
3115
3116         No test since this is not causing known bugs. It is blocking optimizations in shadow trees that
3117         rely on rule features being up-to-date.
3118
3119         * css/CSSDefaultStyleSheets.cpp:
3120         (WebCore::CSSDefaultStyleSheets::loadSimpleDefaultStyle):
3121         (WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement):
3122
3123             Increment version number when the default stylesheet changes.
3124
3125         * css/CSSDefaultStyleSheets.h:
3126         * css/DocumentRuleSets.cpp:
3127         (WebCore::DocumentRuleSets::appendAuthorStyleSheets):
3128         (WebCore::DocumentRuleSets::collectFeatures):
3129
3130             Store the current default stylesheet version number.
3131
3132         * css/DocumentRuleSets.h:
3133         (WebCore::DocumentRuleSets::features):
3134
3135             Collect features again if the default stylesheet has changed.
3136
3137         * css/StyleResolver.cpp:
3138         (WebCore::StyleResolver::styleForElement):
3139
3140 2016-02-13  Konstantin Tokarev  <annulen@yandex.ru>
3141
3142         [cmake] Consolidate building of GStreamer and OpenWebRTC code.
3143         https://bugs.webkit.org/show_bug.cgi?id=154116
3144
3145         Reviewed by Michael Catanzaro.
3146
3147         No new tests needed.
3148
3149         * PlatformEfl.cmake: Migrated shared code to GStreamer.cmake.
3150         * PlatformGTK.cmake: Ditto.
3151         * platform/GStreamer.cmake: Added.
3152
3153 2016-02-13  Mark Lam  <mark.lam@apple.com>
3154
3155         Add thread violation checks to WebView public APIs.
3156         https://bugs.webkit.org/show_bug.cgi?id=154183
3157
3158         Reviewed by Timothy Hatcher.
3159
3160         No new tests.  Just adding a new thread violation round.
3161
3162         * platform/ThreadCheck.h:
3163         * platform/mac/ThreadCheck.mm:
3164         - Adding WebCoreThreadViolationCheckRoundThree().
3165
3166 2016-02-12  Nan Wang  <n_wang@apple.com>
3167
3168         AX: Implement paragraph related text marker functions using TextIterator
3169         https://bugs.webkit.org/show_bug.cgi?id=154098
3170         <rdar://problem/24269675>
3171
3172         Reviewed by Chris Fleizach.
3173
3174         Using CharacterOffset to implement paragraph related text marker calls. Reused
3175         logic from VisibleUnits class. And refactored textMarkerForCharacterOffset method
3176         to get better performance. Also fixed an issue where we can't navigate through a text
3177         node with line breaks in it using next/previousCharacterOffset call.
3178
3179         Test: accessibility/mac/text-marker-paragraph-nav.html
3180
3181         * accessibility/AXObjectCache.cpp:
3182         (WebCore::AXObjectCache::traverseToOffsetInRange):
3183         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
3184         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
3185         (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
3186         (WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
3187         (WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
3188         (WebCore::AXObjectCache::nextNode):
3189         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
3190         (WebCore::AXObjectCache::nextCharacterOffset):
3191         (WebCore::AXObjectCache::previousCharacterOffset):
3192         (WebCore::startWordBoundary):
3193         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
3194         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
3195         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
3196         (WebCore::AXObjectCache::previousWordBoundary):
3197         (WebCore::AXObjectCache::startCharacterOffsetOfParagraph):
3198         (WebCore::AXObjectCache::endCharacterOffsetOfParagraph):
3199         (WebCore::AXObjectCache::paragraphForCharacterOffset):
3200         (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
3201         (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
3202         (WebCore::AXObjectCache::rootAXEditableElement):
3203         * accessibility/AXObjectCache.h:
3204         (WebCore::CharacterOffset::remaining):
3205         (WebCore::CharacterOffset::isNull):
3206         (WebCore::CharacterOffset::isEqual):
3207         (WebCore::AXObjectCache::isNodeInUse):
3208         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
3209         (+[WebAccessibilityTextMarker textMarkerWithCharacterOffset:cache:]):
3210         (-[WebAccessibilityObjectWrapper nextMarkerForCharacterOffset:]):
3211         (-[WebAccessibilityObjectWrapper previousMarkerForCharacterOffset:]):
3212         (-[WebAccessibilityObjectWrapper rangeForTextMarkers:]):
3213         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
3214         (startOrEndTextmarkerForRange):
3215         (nextTextMarkerForCharacterOffset):
3216         (previousTextMarkerForCharacterOffset):
3217         (-[WebAccessibilityObjectWrapper nextTextMarkerForCharacterOffset:]):
3218         (-[WebAccessibilityObjectWrapper previousTextMarkerForCharacterOffset:]):
3219         (-[WebAccessibilityObjectWrapper textMarkerForCharacterOffset:]):
3220         (textMarkerForCharacterOffset):
3221         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
3222         (-[WebAccessibilityObjectWrapper nextTextMarkerForNode:offset:]): Deleted.
3223         (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]): Deleted.
3224         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]): Deleted.
3225         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]): Deleted.
3226         * editing/VisibleUnits.cpp:
3227         (WebCore::nextSentencePosition):
3228         (WebCore::findStartOfParagraph):
3229         (WebCore::findEndOfParagraph):
3230         (WebCore::startOfParagraph):
3231         (WebCore::endOfParagraph):
3232         * editing/VisibleUnits.h:
3233
3234 2016-02-12  Ryan Haddad  <ryanhaddad@apple.com>
3235
3236         Reset results for bindings tests after r196520
3237
3238         Unreviewed test gardening.
3239
3240         No new tests needed.
3241
3242         * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.cpp:
3243         (webkit_dom_test_event_target_dispatch_event):
3244         * bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
3245         (webkit_dom_test_node_dispatch_event):
3246
3247 2016-02-12  Saam barati  <sbarati@apple.com>
3248
3249         Attempting build fix from https://bugs.webkit.org/show_bug.cgi?id=154144.
3250
3251         * bindings/js/JSDOMGlobalObject.cpp:
3252         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
3253
3254 2016-02-12  Daniel Bates  <dabates@apple.com>
3255
3256         CSP: 'blob:' URLs should not match 'self' in CSP source expression lists.
3257         https://bugs.webkit.org/show_bug.cgi?id=153158
3258         <rdar://problem/24383264>
3259
3260         Reviewed by Brent Fulgham.
3261
3262         A blob URL should not match source 'self' by section Security Considerations for GUID URL schemes
3263         of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/CSP2/> (21 July 2015).
3264
3265         Tests: http/tests/security/contentSecurityPolicy/blob-url-does-not-match-source-self.html
3266                http/tests/security/contentSecurityPolicy/blob-url-matches-source-blob.html
3267
3268         * page/csp/ContentSecurityPolicySourceList.cpp:
3269         (WebCore::ContentSecurityPolicySourceList::matches): Do not make a distinction between URLs that
3270         contain a nested URL (e.g. blob://http://www.example.com/...) and URLs that do not contain a nested
3271         URL. The URL of the requested resource should be matched against the source list source expressions.
3272
3273 2016-02-12  Daniel Bates  <dabates@apple.com>
3274
3275         CSP: Implement child-src directive
3276         https://bugs.webkit.org/show_bug.cgi?id=153562
3277         <rdar://problem/24610087>
3278
3279         Reviewed by Brent Fulgham.
3280
3281         Add support for the child-src directive, <https://w3c.github.io/webappsec-csp/2/#child_src> (29 August 2015),
3282         which formally replaces the deprecated frame-src directive as of the Content Security Policy 2.0 spec. The
3283         child-src directive was first introduced in the Content Security Policy 1.1 spec, <https://www.w3.org/TR/2014/WD-CSP11-20140211/>.
3284
3285         As a side effect of this change, the script URL for a Web Worker is checked against the child-src directive
3286         as opposed to the script-src directive. This is a backward incompatible change from the CSP 1.0 spec.
3287
3288         Tests: http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-blocked.html
3289                http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-redirect-blocked.html
3290                http/tests/security/contentSecurityPolicy/1.1/child-src/frame-src-takes-precedence-over-child-src.html
3291                http/tests/security/contentSecurityPolicy/1.1/child-src/worker-redirect-blocked.html
3292                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-redirect.html
3293
3294         * loader/DocumentThreadableLoader.cpp:
3295         (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Check child-src directive (if applicable).
3296         * loader/ThreadableLoader.h: Add enum value EnforceChildSrcDirective to enum class ContentSecurityPolicyEnforcement to
3297         enforce the child-src directive on redirect.
3298         * page/csp/ContentSecurityPolicy.cpp:
3299         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Added.
3300         * page/csp/ContentSecurityPolicy.h:
3301         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
3302         (WebCore::ContentSecurityPolicyDirectiveList::checkSourceAndReportViolation): Add message prefix for a child-src violation.
3303         We use the same message prefix as used by Blink.
3304         (WebCore::ContentSecurityPolicyDirectiveList::allowChildContextFromSource): Added.
3305         (WebCore::ContentSecurityPolicyDirectiveList::allowChildFrameFromSource): Modified to check the frame-src
3306         directive (if specified) before checking the child-src directive by <https://w3c.github.io/webappsec-csp/2/#directive-child-src-nested>.
3307         (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Parse the child-src directive.
3308         * page/csp/ContentSecurityPolicyDirectiveList.h:
3309         * workers/AbstractWorker.cpp:
3310         (WebCore::AbstractWorker::resolveURL): Check if the script URL for the worker is allowed by the child-src directive
3311         as opposed to the script-src directive. This is a backwards incompatible change from the CSP 1.0 spec.
3312         * workers/Worker.cpp:
3313         (WebCore::Worker::create): Enforce the child-src directive on redirects (if applicable).
3314
3315 2016-02-12  Saam barati  <sbarati@apple.com>
3316
3317         The parser doesn't properly protect against global variable references in builtins
3318         https://bugs.webkit.org/show_bug.cgi?id=154144
3319
3320         Reviewed by Geoffrey Garen.
3321
3322         Change JS builtins to no longer reference global variables.
3323
3324         No new tests because old tests cover the issues here.
3325
3326         * Modules/mediastream/NavigatorUserMedia.js:
3327         (webkitGetUserMedia):
3328         * Modules/mediastream/RTCPeerConnection.js:
3329         (addIceCandidate):
3330         (getStats):
3331         * Modules/mediastream/RTCPeerConnectionInternals.js:
3332         (setLocalOrRemoteDescription):
3333         * Modules/plugins/QuickTimePluginReplacement.js:
3334         (Replacement.prototype.handleEvent):
3335         * Modules/streams/ByteLengthQueuingStrategy.js:
3336         (initializeByteLengthQueuingStrategy):
3337         * Modules/streams/CountQueuingStrategy.js:
3338         (initializeCountQueuingStrategy):
3339         * Modules/streams/ReadableStreamInternals.js:
3340         (teeReadableStream):
3341         * bindings/js/JSDOMGlobalObject.cpp:
3342         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
3343         * bindings/js/WebCoreBuiltinNames.h:
3344
3345 2016-02-12  Jiewen Tan  <jiewen_tan@apple.com>
3346
3347         WebKit should expose the DOM 4 Event.isTrusted property
3348         https://bugs.webkit.org/show_bug.cgi?id=76121
3349         <rdar://problem/22558494>
3350
3351         Reviewed by Darin Adler.
3352
3353         Implements Event.isTrusted. The implementation here is slitely different from and better than
3354         the DOM specification. Here Event.isTrusted will be initialized differently depending on the
3355         callers of the constructors/create methods. If the caller is from user agent, the isTrusted
3356         will be true. Otherwise, it will be false. Since a user agent dispatched event can be catched
3357         and re-initialized/redispatched by the bindings, the flag will be unset at *Event::init*Event
3358         and EventTarget::dispatchEventForBindings. As currently there is no way to let user agent to
3359         dispatch a bindings created event, therefore we ensure that the Event.isTrusted is set for
3360         events dispatched by user agent, and unset for those by bindings.
3361
3362         EventTarget::dispatchEvent(Event*, ExceptionCode&) is renamed to EventTarget::dispatchEventForBindings
3363         in this patch as well. So that, together with the improved design of the API, developers in
3364         the future will be less likely using a wrong dispatchEvent method and setting Event.isTrusted
3365         incorrectly comparing to the DOM design.
3366
3367         After this patch, all events that are created by user agent should be dispatched by
3368         EventTarget::dispatchEvent, and those are created by bindings should be dispatched by
3369         EventTarget::dispatchEventForBindings.
3370
3371         Some of the changes in this patch referred Blink r198996:
3372         https://codereview.chromium.org/1241613004
3373
3374         Test: imported/blink/fast/events/event-trusted.html
3375
3376         * bindings/scripts/CodeGeneratorGObject.pm:
3377         (GenerateEventTargetIface):
3378         * dom/Event.cpp:
3379         (WebCore::Event::Event):
3380         (WebCore::Event::initEvent):
3381         * dom/Event.h:
3382         (WebCore::Event::isTrusted):
3383         (WebCore::Event::setUntrusted):
3384         * dom/Event.idl:
3385         * dom/EventTarget.cpp:
3386         (WebCore::EventTarget::dispatchEventForBindings):
3387         (WebCore::EventTarget::dispatchEvent): Deleted.
3388         * dom/EventTarget.h:
3389         * dom/EventTarget.idl:
3390         * page/DOMWindow.idl:
3391         * page/EventHandler.cpp:
3392         (WebCore::EventHandler::dispatchDragEvent):
3393         * workers/WorkerGlobalScope.idl:
3394
3395 2016-02-12  Brady Eidson  <beidson@apple.com>
3396
3397         Modern IDB: IDBObjectStore and IDBIndex need to be ActiveDOMObjects.
3398         https://bugs.webkit.org/show_bug.cgi?id=154153
3399
3400         Reviewed by Alex Christensen.
3401
3402         No new tests (No testable change in behavior).
3403
3404         This is needed so that IDBObjectStore and IDBIndex JS wrappers are not garbage collected
3405         while their IDBTransaction is still in progress.
3406
3407         * Modules/indexeddb/client/IDBIndexImpl.cpp:
3408         (WebCore::IDBClient::IDBIndex::IDBIndex):
3409         (WebCore::IDBClient::IDBIndex::activeDOMObjectName):
3410         (WebCore::IDBClient::IDBIndex::canSuspendForDocumentSuspension):
3411         (WebCore::IDBClient::IDBIndex::hasPendingActivity):
3412         * Modules/indexeddb/client/IDBIndexImpl.h:
3413         
3414         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
3415         (WebCore::IDBClient::IDBObjectStore::create):
3416         (WebCore::IDBClient::IDBObjectStore::IDBObjectStore):
3417         (WebCore::IDBClient::IDBObjectStore::activeDOMObjectName):
3418         (WebCore::IDBClient::IDBObjectStore::canSuspendForDocumentSuspension):
3419         (WebCore::IDBClient::IDBObjectStore::hasPendingActivity):
3420         (WebCore::IDBClient::IDBObjectStore::index):
3421         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
3422         
3423         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
3424         (WebCore::IDBClient::IDBTransaction::objectStore):
3425         (WebCore::IDBClient::IDBTransaction::createObjectStore):
3426         (WebCore::IDBClient::IDBTransaction::createIndex):
3427
3428 2016-02-12  Brady Eidson  <beidson@apple.com>
3429
3430         Modern IDB: Simplify the relationship between IDBObjectStore and IDBIndex.
3431         https://bugs.webkit.org/show_bug.cgi?id=154187
3432
3433         Reviewed by Alex Christensen.
3434
3435         Tests: storage/indexeddb/modern/deleteindex-3-private.html
3436                storage/indexeddb/modern/deleteindex-3.html
3437
3438         Instead of allowing IDBIndex to have two different lifecycle modes, it is now always
3439         owned by an IDBObjectStore.
3440         
3441         To support the case where an IDBIndex is deleted from its IDBObjectStore, the object
3442         store simply hangs on to deleted indexes until it is destroyed itself.
3443         
3444         * Modules/indexeddb/client/IDBIndexImpl.cpp:
3445         (WebCore::IDBClient::IDBIndex::markAsDeleted):
3446         (WebCore::IDBClient::IDBIndex::ref):
3447         (WebCore::IDBClient::IDBIndex::deref):
3448         * Modules/indexeddb/client/IDBIndexImpl.h:
3449         
3450         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
3451         (WebCore::IDBClient::IDBObjectStore::deleteIndex):