[GStreamer][GL] crash within triggerRepaint
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-11  Philippe Normand  <pnormand@igalia.com>
2
3         [GStreamer][GL] crash within triggerRepaint
4         https://bugs.webkit.org/show_bug.cgi?id=159552
5
6         Reviewed by Xabier Rodriguez-Calvar.
7
8         Ensure the sizeChanged notification is emitted from the main
9         thread. When GStreamer-GL rendering is enabled the appsink draw
10         callbacks are fired in a non-main thread.
11
12         The WeakPtr support was moved to the player base class so that it
13         can be used there as well as in the MediaPlayerPrivateGStreamer
14         sub-class.
15
16         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
17         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
18         (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer): Deleted.
19         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
20         (WebCore::MediaPlayerPrivateGStreamer::createWeakPtr): Deleted.
21         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
22         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
23         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
24         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
25         (WebCore::MediaPlayerPrivateGStreamerBase::createWeakPtr):
26
27 2016-07-10  Chris Dumez  <cdumez@apple.com>
28
29         Setting document.title reuses <title>'s textnode child
30         https://bugs.webkit.org/show_bug.cgi?id=28864
31         <rdar://problem/7186473>
32
33         Reviewed by Benjamin Poulain.
34
35         Setting document.title should be equivalent to setting the 'textContent'
36         IDL attribute of the <title> element:
37         - https://html.spec.whatwg.org/multipage/dom.html#document.title
38
39         In particular, this means we should always create a new Text node and
40         replace all the <title>'s children with this new Node, as per:
41         - https://dom.spec.whatwg.org/#dom-node-textcontent
42
43         Previously, WebKit would in some cases reuse the existing <title>'s
44         Text node and merely update its data.
45
46         Firefox and Chrome behave as per the specification so this aligns our
47         behavior with other major browsers as well.
48
49         Test: fast/dom/title-setter-new-text-node.html
50
51         * dom/Document.cpp:
52         (WebCore::Document::setTitle):
53         - Call Node::setTextContent() instead of HTMLTitleElement::setText(),
54           as per the specification.
55         - Take an ExceptionCode parameter and pass it to Node::setTextContent()
56           as it may throw.
57
58         * dom/Document.h:
59         * dom/Document.idl:
60
61         * html/HTMLTitleElement.cpp:
62         (WebCore::HTMLTitleElement::setText):
63         Update implementation of HTMLTitleElement::setText() to call
64         setTextContent() as per the specification:
65         - https://html.spec.whatwg.org/multipage/semantics.html#dom-title-text
66
67         * html/HTMLTitleElement.h:
68         * html/HTMLTitleElement.idl:
69
70         * html/ImageDocument.cpp:
71         (WebCore::ImageDocument::finishedParsing):
72
73         * svg/SVGTitleElement.cpp:
74         * svg/SVGTitleElement.h:
75         Drop setText() setter which was duplicated from HTMLTitleElement::setText()
76         now that Document::setTitle() calls SVGTitleElement::setTextContent()
77         instead.
78
79 2016-07-10  Zalan Bujtas  <zalan@apple.com>
80
81         Fix LogicalSelectionOffsetCaches to work with detached render tree.
82         https://bugs.webkit.org/show_bug.cgi?id=159605
83         <rdar://problem/27248845>
84
85         Reviewed by Brent Fulgham.
86
87         When the renderer that is being destroyed is on a selection boundary,
88         we need to ensure that all its cached pointers across the selection code (e.g. SelectionSubtreeData)
89         are getting reset. In order to do that, we call clearSelection() on the RenderView.
90         One of the last steps of clearing selection is to collect the selection gaps. Selection gaps uses this
91         LogicalSelectionOffsetCaches helper class to collect selection information across blocks.
92         LogicalSelectionOffsetCaches normally operates on rooted renderers. However we need to ensure sure that
93         it can also handle renderers that are no longer part of the render tree.
94
95         Test: fast/text/selection-on-a-detached-tree.html
96
97         * rendering/LogicalSelectionOffsetCaches.h:
98         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::setBlock):
99         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalLeftSelectionOffset):
100         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalRightSelectionOffset):
101         * rendering/RenderBlock.cpp:
102         (WebCore::RenderBlock::logicalLeftSelectionOffset):
103         (WebCore::RenderBlock::logicalRightSelectionOffset):
104
105 2016-07-10  Chris Dumez  <cdumez@apple.com>
106
107         adoptNode() changes css class to lowercase for document loaded with XHR responseType = "document"
108         https://bugs.webkit.org/show_bug.cgi?id=159555
109         <rdar://problem/27252541>
110
111         Reviewed by Benjamin Poulain.
112
113         Follow-up on r203018 which was incomplete. We need to update ElementData's
114         m_classNames / m_idForStyleResolution when the source document is in strict
115         mode and the destination document is in quirks mode as well.
116
117         Test: fast/dom/Document/adoptNode-quirks-mismatch2.html
118
119         * dom/Element.cpp:
120         (WebCore::Element::didMoveToNewDocument):
121
122 2016-07-10  Sam Weinig  <sam@webkit.org>
123
124         Rename isEmojiModifier to isEmojiFitzpatrickModifier to better capture its function
125         https://bugs.webkit.org/show_bug.cgi?id=159610
126
127         Reviewed by Dan Bernstein.
128
129         * platform/graphics/FontCascade.cpp:
130         (WebCore::FontCascade::characterRangeCodePath):
131         * platform/graphics/mac/ComplexTextController.cpp:
132         (WebCore::advanceByCombiningCharacterSequence):
133         Update for rename.
134
135         * platform/text/CharacterProperties.h:
136         (WebCore::isEmojiGroupCandidate):
137         (WebCore::isEmojiFitzpatrickModifier):
138         (WebCore::isVariationSelector):
139         Rename isEmojiModifier -> isEmojiFitzpatrickModifier. Also add some comments
140         explaining what the characters these predicate act on to demystify them a bit.
141
142         * rendering/RenderText.cpp:
143         (WebCore::RenderText::previousOffsetForBackwardDeletion):
144         Update for rename and rename a related variable.
145
146 2016-07-10  Alex Christensen  <achristensen@webkit.org>
147
148         Fix client certificate authentication after r200463
149         https://bugs.webkit.org/show_bug.cgi?id=159574
150         <rdar://problem/26931006>
151
152         Reviewed by Sam Weinig.
153
154         No new tests.  We really need a test for this
155
156         * platform/network/cf/CertificateInfo.h:
157         (WebCore::CertificateInfo::CertificateInfo):
158         (WebCore::CertificateInfo::trust):
159         Make sure we only get the trust for Trust type CertificateInfos.  
160         If we mix up our types, we get unexpected nullptrs, which will cause authentication to fail.
161
162 2016-07-10  Myles C. Maxfield  <mmaxfield@apple.com>
163
164         Fix Windows build after r203038
165
166         Unreviewed.
167
168         * platform/text/TextAllInOne.cpp:
169
170 2016-07-10  Myles C. Maxfield  <mmaxfield@apple.com>
171
172         Move breaking iterator code to WTF
173         https://bugs.webkit.org/show_bug.cgi?id=159594
174
175         Reviewed by Alex Christensen.
176
177         This is in preparation for giving StringView a GraphemeClusters iterator.
178         Such an interator needs to be implemented on top of our breaking iterator
179         code.
180
181         No new tests because there is no behavior change.
182
183         * CMakeLists.txt:
184         * PlatformEfl.cmake:
185         * PlatformGTK.cmake:
186         * PlatformMac.cmake:
187         * PlatformWin.cmake:
188         * WebCore.xcodeproj/project.pbxproj:
189         * dom/CharacterData.cpp:
190         * editing/TextCheckingHelper.cpp:
191         * editing/TextIterator.cpp:
192         * editing/VisibleUnits.cpp:
193         * html/HTMLInputElement.cpp:
194         * html/HTMLTextAreaElement.cpp:
195         * html/InputType.cpp:
196         * html/TextFieldInputType.cpp:
197         * html/TextInputType.cpp:
198         * platform/LocalizedStrings.cpp:
199         * platform/graphics/StringTruncator.cpp:
200         * platform/graphics/cg/ColorCG.cpp:
201         (WTF::RetainPtr<CGColorRef>>::createValueForKey):
202         (WebCore::RetainPtr<CGColorRef>>::createValueForKey): Deleted.
203         * platform/graphics/mac/ComplexTextController.cpp:
204         * platform/text/LineBreakIteratorPoolICU.h:
205         (WebCore::LineBreakIteratorPool::LineBreakIteratorPool): Deleted.
206         (WebCore::LineBreakIteratorPool::sharedPool): Deleted.
207         (WebCore::LineBreakIteratorPool::makeLocaleWithBreakKeyword): Deleted.
208         (WebCore::LineBreakIteratorPool::take): Deleted.
209         (WebCore::LineBreakIteratorPool::put): Deleted.
210         * platform/text/TextBoundaries.cpp:
211         * platform/text/TextBreakIterator.cpp:
212         (WebCore::initializeIterator): Deleted.
213         (WebCore::initializeIteratorWithRules): Deleted.
214         (WebCore::setTextForIterator): Deleted.
215         (WebCore::setContextAwareTextForIterator): Deleted.
216         (WebCore::wordBreakIterator): Deleted.
217         (WebCore::sentenceBreakIterator): Deleted.
218         (WebCore::cursorMovementIterator): Deleted.
219         (WebCore::acquireLineBreakIterator): Deleted.
220         (WebCore::releaseLineBreakIterator): Deleted.
221         (WebCore::mapLineIteratorModeToRules): Deleted.
222         (WebCore::isCJKLocale): Deleted.
223         (WebCore::openLineBreakIterator): Deleted.
224         (WebCore::closeLineBreakIterator): Deleted.
225         (WebCore::compareAndSwapNonSharedCharacterBreakIterator): Deleted.
226         (WebCore::NonSharedCharacterBreakIterator::NonSharedCharacterBreakIterator): Deleted.
227         (WebCore::NonSharedCharacterBreakIterator::~NonSharedCharacterBreakIterator): Deleted.
228         (WebCore::textBreakFirst): Deleted.
229         (WebCore::textBreakLast): Deleted.
230         (WebCore::textBreakNext): Deleted.
231         (WebCore::textBreakPrevious): Deleted.
232         (WebCore::textBreakPreceding): Deleted.
233         (WebCore::textBreakFollowing): Deleted.
234         (WebCore::textBreakCurrent): Deleted.
235         (WebCore::isTextBreak): Deleted.
236         (WebCore::isWordTextBreak): Deleted.
237         (WebCore::numGraphemeClusters): Deleted.
238         (WebCore::numCharactersInGraphemeClusters): Deleted.
239         * platform/text/TextBreakIterator.h:
240         (WebCore::LazyLineBreakIterator::LazyLineBreakIterator): Deleted.
241         (WebCore::LazyLineBreakIterator::~LazyLineBreakIterator): Deleted.
242         (WebCore::LazyLineBreakIterator::string): Deleted.
243         (WebCore::LazyLineBreakIterator::isLooseCJKMode): Deleted.
244         (WebCore::LazyLineBreakIterator::lastCharacter): Deleted.
245         (WebCore::LazyLineBreakIterator::secondToLastCharacter): Deleted.
246         (WebCore::LazyLineBreakIterator::setPriorContext): Deleted.
247         (WebCore::LazyLineBreakIterator::updatePriorContext): Deleted.
248         (WebCore::LazyLineBreakIterator::resetPriorContext): Deleted.
249         (WebCore::LazyLineBreakIterator::priorContextLength): Deleted.
250         (WebCore::LazyLineBreakIterator::get): Deleted.
251         (WebCore::LazyLineBreakIterator::resetStringAndReleaseIterator): Deleted.
252         (WebCore::NonSharedCharacterBreakIterator::operator TextBreakIterator*): Deleted.
253         * platform/text/cf/HyphenationCF.cpp:
254         * platform/text/efl/TextBreakIteratorInternalICUEfl.cpp:
255         (WebCore::currentSearchLocaleID): Deleted.
256         (WebCore::currentTextBreakLocaleID): Deleted.
257         * platform/text/enchant/TextCheckerEnchant.cpp:
258         * platform/text/gtk/TextBreakIteratorInternalICUGtk.cpp:
259         (WebCore::currentSearchLocaleID): Deleted.
260         (WebCore::currentTextBreakLocaleID): Deleted.
261         * platform/text/icu/UTextProvider.cpp:
262         (WebCore::fixPointer): Deleted.
263         (WebCore::uTextCloneImpl): Deleted.
264         * platform/text/icu/UTextProvider.h:
265         (WebCore::uTextProviderContext): Deleted.
266         (WebCore::initializeContextAwareUTextProvider): Deleted.
267         (WebCore::uTextAccessPinIndex): Deleted.
268         (WebCore::uTextAccessInChunkOrOutOfRange): Deleted.
269         * platform/text/icu/UTextProviderLatin1.cpp:
270         (WebCore::uTextLatin1Clone): Deleted.
271         (WebCore::uTextLatin1NativeLength): Deleted.
272         (WebCore::uTextLatin1Access): Deleted.
273         (WebCore::uTextLatin1Extract): Deleted.
274         (WebCore::uTextLatin1MapOffsetToNative): Deleted.
275         (WebCore::uTextLatin1MapNativeIndexToUTF16): Deleted.
276         (WebCore::uTextLatin1Close): Deleted.
277         (WebCore::openLatin1UTextProvider): Deleted.
278         (WebCore::textLatin1ContextAwareGetCurrentContext): Deleted.
279         (WebCore::textLatin1ContextAwareMoveInPrimaryContext): Deleted.
280         (WebCore::textLatin1ContextAwareSwitchToPrimaryContext): Deleted.
281         (WebCore::textLatin1ContextAwareMoveInPriorContext): Deleted.
282         (WebCore::textLatin1ContextAwareSwitchToPriorContext): Deleted.
283         (WebCore::uTextLatin1ContextAwareClone): Deleted.
284         (WebCore::uTextLatin1ContextAwareNativeLength): Deleted.
285         (WebCore::uTextLatin1ContextAwareAccess): Deleted.
286         (WebCore::uTextLatin1ContextAwareExtract): Deleted.
287         (WebCore::uTextLatin1ContextAwareClose): Deleted.
288         (WebCore::openLatin1ContextAwareUTextProvider): Deleted.
289         * platform/text/icu/UTextProviderUTF16.cpp:
290         (WebCore::textUTF16ContextAwareGetCurrentContext): Deleted.
291         (WebCore::textUTF16ContextAwareMoveInPrimaryContext): Deleted.
292         (WebCore::textUTF16ContextAwareSwitchToPrimaryContext): Deleted.
293         (WebCore::textUTF16ContextAwareMoveInPriorContext): Deleted.
294         (WebCore::textUTF16ContextAwareSwitchToPriorContext): Deleted.
295         (WebCore::uTextUTF16ContextAwareClone): Deleted.
296         (WebCore::uTextUTF16ContextAwareNativeLength): Deleted.
297         (WebCore::uTextUTF16ContextAwareAccess): Deleted.
298         (WebCore::uTextUTF16ContextAwareExtract): Deleted.
299         (WebCore::uTextUTF16ContextAwareClose): Deleted.
300         (WebCore::openUTF16ContextAwareUTextProvider): Deleted.
301         * platform/text/mac/TextBoundaries.mm:
302         * platform/text/mac/TextBreakIteratorInternalICUMac.mm:
303         (WebCore::textBreakLocalePreference): Deleted.
304         (WebCore::topLanguagePreference): Deleted.
305         (WebCore::getLocale): Deleted.
306         (WebCore::getSearchLocale): Deleted.
307         (WebCore::currentSearchLocaleID): Deleted.
308         (WebCore::getTextBreakLocale): Deleted.
309         (WebCore::currentTextBreakLocaleID): Deleted.
310         * platform/text/win/TextBreakIteratorInternalICUWin.cpp:
311         (WebCore::currentSearchLocaleID): Deleted.
312         (WebCore::currentTextBreakLocaleID): Deleted.
313         * rendering/RenderBlock.cpp:
314         * rendering/RenderText.cpp:
315         * rendering/RenderText.h:
316         * rendering/SimpleLineLayoutTextFragmentIterator.h:
317         * rendering/break_lines.cpp:
318         * rendering/break_lines.h:
319         * rendering/line/LineBreaker.h:
320
321 2016-07-10  Yusuke Suzuki  <utatane.tea@gmail.com>
322
323         [GTK] Crash on https://diafygi.github.io/webcrypto-examples with ENABLE_SUBTLE_CRYPTO
324         https://bugs.webkit.org/show_bug.cgi?id=159189
325
326         Reviewed by Michael Catanzaro.
327
328         Currently, we explicitly release the pointers of std::unique_ptr<CryptoAlgorithm> and std::unique_ptr<CryptoAlgorithmParameters>,
329         and delete them in the asynchronously called lambdas. In GnuTLS version, callback function is accidentally called twice,
330         and it incurs the double free problem.
331         In SubtleCrypto code, we have the rule that we must not call failureCallback when the error code is filled in synchronous execution.
332         So we drop the failureCallback calling code in GnuTLS subtle crypto code.
333
334         But, rather than carefully handling un-smart-pointer-managed raw pointer's life time, we should use ref counted pointer for that.
335         Using the raw delete is error-prone.
336
337         This patch also changes CryptoAlgorithm and CryptoAlgorithmParameters to RefCounted. And use Ref and RefPtr instead.
338         The change eliminates the ad-hoc delete code. And now, the lambdas can be called multiple times since once the result of the promise
339         is resolved or rejected, subsequent resolve / reject calls are ignored.
340
341         And this patch also fixes the incorrect call to the lambda that is already WTFMoved.
342
343         While we can see several `return WTFMove(...)`, they are necessary since it uses implicit type conversions, like,
344         `Ref<A>` => `RefPtr<A>`, and `Ref<Derived>` => `Ref<Base>`.
345
346         * bindings/js/JSCryptoAlgorithmDictionary.cpp:
347         (WebCore::createAesCbcParams):
348         (WebCore::createAesKeyGenParams):
349         (WebCore::createHmacParams):
350         (WebCore::createHmacKeyParams):
351         (WebCore::createRsaKeyGenParams):
352         (WebCore::createRsaKeyParamsWithHash):
353         (WebCore::createRsaOaepParams):
354         (WebCore::createRsaSsaParams):
355         (WebCore::JSCryptoAlgorithmDictionary::createParametersForEncrypt):
356         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDecrypt):
357         (WebCore::JSCryptoAlgorithmDictionary::createParametersForSign):
358         (WebCore::JSCryptoAlgorithmDictionary::createParametersForVerify):
359         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDigest):
360         (WebCore::JSCryptoAlgorithmDictionary::createParametersForGenerateKey):
361         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDeriveKey):
362         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDeriveBits):
363         (WebCore::JSCryptoAlgorithmDictionary::createParametersForImportKey):
364         (WebCore::JSCryptoAlgorithmDictionary::createParametersForExportKey):
365         * bindings/js/JSCryptoAlgorithmDictionary.h:
366         * bindings/js/JSCryptoKeySerializationJWK.cpp:
367         (WebCore::createHMACParameters):
368         (WebCore::createRSAKeyParametersWithHash):
369         (WebCore::JSCryptoKeySerializationJWK::reconcileAlgorithm):
370         * bindings/js/JSCryptoKeySerializationJWK.h:
371         * bindings/js/JSSubtleCryptoCustom.cpp:
372         (WebCore::createAlgorithmFromJSValue):
373         (WebCore::importKey):
374         (WebCore::JSSubtleCrypto::importKey):
375         (WebCore::JSSubtleCrypto::wrapKey):
376         (WebCore::JSSubtleCrypto::unwrapKey):
377         * crypto/CryptoAlgorithm.h:
378         * crypto/CryptoAlgorithmParameters.h:
379         * crypto/CryptoAlgorithmRegistry.cpp:
380         (WebCore::CryptoAlgorithmRegistry::create):
381         * crypto/CryptoAlgorithmRegistry.h:
382         * crypto/CryptoKeySerialization.h:
383         * crypto/algorithms/CryptoAlgorithmAES_CBC.cpp:
384         (WebCore::CryptoAlgorithmAES_CBC::create):
385         * crypto/algorithms/CryptoAlgorithmAES_CBC.h:
386         * crypto/algorithms/CryptoAlgorithmAES_KW.cpp:
387         (WebCore::CryptoAlgorithmAES_KW::create):
388         * crypto/algorithms/CryptoAlgorithmAES_KW.h:
389         * crypto/algorithms/CryptoAlgorithmHMAC.cpp:
390         (WebCore::CryptoAlgorithmHMAC::create):
391         * crypto/algorithms/CryptoAlgorithmHMAC.h:
392         * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp:
393         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::create):
394         * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.h:
395         * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
396         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::create):
397         * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h:
398         * crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp:
399         (WebCore::CryptoAlgorithmRSA_OAEP::create):
400         * crypto/algorithms/CryptoAlgorithmRSA_OAEP.h:
401         * crypto/algorithms/CryptoAlgorithmSHA1.cpp:
402         (WebCore::CryptoAlgorithmSHA1::create):
403         * crypto/algorithms/CryptoAlgorithmSHA1.h:
404         * crypto/algorithms/CryptoAlgorithmSHA224.cpp:
405         (WebCore::CryptoAlgorithmSHA224::create):
406         * crypto/algorithms/CryptoAlgorithmSHA224.h:
407         * crypto/algorithms/CryptoAlgorithmSHA256.cpp:
408         (WebCore::CryptoAlgorithmSHA256::create):
409         * crypto/algorithms/CryptoAlgorithmSHA256.h:
410         * crypto/algorithms/CryptoAlgorithmSHA384.cpp:
411         (WebCore::CryptoAlgorithmSHA384::create):
412         * crypto/algorithms/CryptoAlgorithmSHA384.h:
413         * crypto/algorithms/CryptoAlgorithmSHA512.cpp:
414         (WebCore::CryptoAlgorithmSHA512::create):
415         * crypto/algorithms/CryptoAlgorithmSHA512.h:
416         * crypto/gnutls/CryptoAlgorithmAES_CBCGnuTLS.cpp:
417         (WebCore::CryptoAlgorithmAES_CBC::platformEncrypt):
418         (WebCore::CryptoAlgorithmAES_CBC::platformDecrypt):
419         * crypto/gnutls/CryptoAlgorithmAES_KWGnuTLS.cpp:
420         (WebCore::CryptoAlgorithmAES_KW::platformEncrypt):
421         (WebCore::CryptoAlgorithmAES_KW::platformDecrypt):
422         * crypto/gnutls/CryptoAlgorithmHMACGnuTLS.cpp:
423         (WebCore::CryptoAlgorithmHMAC::platformSign):
424         (WebCore::CryptoAlgorithmHMAC::platformVerify):
425         * crypto/gnutls/CryptoAlgorithmRSAES_PKCS1_v1_5GnuTLS.cpp:
426         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformEncrypt):
427         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformDecrypt):
428         * crypto/gnutls/CryptoAlgorithmRSASSA_PKCS1_v1_5GnuTLS.cpp:
429         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign):
430         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify):
431         * crypto/gnutls/CryptoAlgorithmRSA_OAEPGnuTLS.cpp:
432         (WebCore::CryptoAlgorithmRSA_OAEP::platformEncrypt):
433         (WebCore::CryptoAlgorithmRSA_OAEP::platformDecrypt):
434         * crypto/keys/CryptoKeySerializationRaw.cpp:
435         (WebCore::CryptoKeySerializationRaw::reconcileAlgorithm):
436         * crypto/keys/CryptoKeySerializationRaw.h:
437
438 2016-07-09  Antti Koivisto  <antti@apple.com>
439
440         REGRESSION (r202931): breaks release builds with ASSERT_WITH_SECURITY_IMPLICATION for fuzzing
441         https://bugs.webkit.org/show_bug.cgi?id=159599
442         rdar://problem/27248835
443
444         Reviewed by Chris Dumez.
445
446         Make RenderStyle::deletionHasBegun() available with ENABLE(SECURITY_ASSERTIONS)
447
448         * rendering/style/RenderStyle.cpp:
449         (WebCore::RenderStyle::~RenderStyle):
450         * rendering/style/RenderStyle.h:
451         (WebCore::RenderStyle::deletionHasBegun):
452
453 2016-07-09  Youenn Fablet  <youenn@apple.com>
454
455         Make use of PrivateIdentifier to simplify Fetch Headers built-in checks
456         https://bugs.webkit.org/show_bug.cgi?id=159554
457
458         Reviewed by Alex Christensen.
459
460         Test: fetch/header-constructor-overriden.html
461         Patch does not change visible behavior.
462
463         * Modules/fetch/FetchHeaders.idl: Adding PrivateIdentifier to the Headers constructor.
464         * Modules/fetch/FetchHeaders.js:
465         (initializeFetchHeaders): Checking directly with @Headers for improved clarity.
466         * Modules/fetch/FetchResponse.js: Using @Headers to check whether creating a Headers object or not before
467         passsing it to C++ FetchResponse initialize method.
468         (initializeFetchResponse):
469         * bindings/js/WebCoreBuiltinNames.h: Adding Headers private name.
470
471 2016-07-08  Chris Dumez  <cdumez@apple.com>
472
473         adoptNode() changes css class to lowercase for document loaded with XHR responseType = "document"
474         https://bugs.webkit.org/show_bug.cgi?id=159555
475         <rdar://problem/27252541>
476
477         Reviewed by Ryosuke Niwa.
478
479         When adopting an Element from another document which has a different quirks mode,
480         case-sensitivity for id and class attributes differs and we need to correctly
481         update members such as ElementData::m_classNames or ElementData::m_idForStyleResolution.
482
483         To address the issue, have Element override didMoveToNewDocument() and call
484         attributeChanged() for id and class attributes.
485
486         Test: fast/dom/Document/adoptNode-quirks-mismatch.html
487
488         * dom/Element.cpp:
489         (WebCore::Element::didMoveToNewDocument):
490         * dom/Element.h:
491
492 2016-07-08  Daniel Bates  <dabates@apple.com>
493
494         Cleanup: Remove use of PassRefPtr from class HTMLTableElement
495         https://bugs.webkit.org/show_bug.cgi?id=159587
496
497         Reviewed by Chris Dumez.
498
499         * html/HTMLTableElement.cpp:
500         (WebCore::HTMLTableElement::setCaption): Take a rvalue reference to a RefPtr instead of a PassRefPtr.
501         (WebCore::HTMLTableElement::setTHead): Take a rvalue reference to a RefPtr instead of a PassRefPtr. Also
502         fix a style nit; add curly braces around the for-loop body since its body is more than a single line.
503         (WebCore::HTMLTableElement::createTHead): Use Ref::copyRef() instead of Ref::ptr() to pass the instantiated
504         table section to better convey that we are passing a copy of the table section.
505         (WebCore::HTMLTableElement::createCaption): Ditto.
506         * html/HTMLTableElement.h:
507
508 2016-07-08  Daniel Bates  <dabates@apple.com>
509
510         Move shouldInheritSecurityOriginFromOwner() from URL to Document
511         https://bugs.webkit.org/show_bug.cgi?id=158987
512
513         Reviewed by Alex Christensen.
514
515         The URL class should not have knowledge of the concept of an origin or the semantics of origin
516         inheritance as these are higher level concepts. We should make URL::shouldInheritSecurityOriginFromOwner()
517         a static non-member, non-friend function of Document because its implements the origin semantics
518         for a Document object as described in section Origin of the HTML5 spec., <https://html.spec.whatwg.org/multipage/browsers.html#origin> (8 July 2016).
519         These semantics only apply to Documents.
520
521         No functionality changed. So, no new tests.
522
523         * dom/Document.cpp:
524         (WebCore::shouldInheritSecurityOriginFromOwner): Added.
525         (WebCore::Document::initSecurityContext): Modified to call WebCore::shouldInheritSecurityOriginFromOwner().
526         (WebCore::Document::initContentSecurityPolicy): Ditto.
527         * platform/URL.cpp:
528         (WebCore::URL::shouldInheritSecurityOriginFromOwner): Deleted.
529         * platform/URL.h:
530
531 2016-07-08  Daniel Bates  <dabates@apple.com>
532
533         Setting table.tFoot or calling table.createTFoot() should append HTML tfont element to the end of the table
534         https://bugs.webkit.org/show_bug.cgi?id=159583
535         <rdar://problem/27255292>
536
537         In HTMLTableElement::createTFoot() I inadvertently made use of WTFMove() to move the instantiated
538         HTMLTableSectionElement into the argument passed to setTFoot(). We should use Ref::copyRef() instead
539         because we want this function to return the instantiated table section.
540
541         * html/HTMLTableElement.cpp:
542         (WebCore::HTMLTableElement::createTFoot):
543
544 2016-07-08  Daniel Bates  <dabates@apple.com>
545
546         Setting table.tFoot or calling table.createTFoot() should append HTML tfont element to the end of the table
547         https://bugs.webkit.org/show_bug.cgi?id=159583
548         <rdar://problem/27255292>
549
550         Reviewed by Chris Dumez.
551
552         he HTML standard has long since been revised to describe that assignment to property table.tFoot
553         or invoking table.createTFoot() will append the HTML tfoot element to the end of the table. This
554         behavior is defined in <https://html.spec.whatwg.org/multipage/tables.html#dom-table-tfoot> (8 July 2016)
555         and <https://html.spec.whatwg.org/multipage/tables.html#dom-table-createtfoot> for the property
556         table.tFoot and table.createTFoot(), respectively. This change makes our behavior match the
557         behavior in Mozilla Firefox, Microsoft Edge, Microsoft Internet Explorer 8 and later.
558
559         * html/HTMLTableElement.cpp:
560         (WebCore::HTMLTableElement::setTFoot): Append <tfoot> to the end of the table. Use RefPtr<>&& instead of PassRefPtr.
561         (WebCore::HTMLTableElement::createTFoot): Use RefPtr<>&& instead of PassRefPtr.
562         * html/HTMLTableElement.h:
563
564 2016-07-08  Jer Noble  <jer.noble@apple.com>
565
566         Crash in layout test /media/video-buffered-range-contains-currentTime.html
567         https://bugs.webkit.org/show_bug.cgi?id=159109
568         <rdar://problem/26535750>
569
570         Reviewed by Alex Christensen.
571
572         Protect against _dataTasks being mutated and accessed on multiple simultaneous threads with a Lock.
573
574         * platform/network/cocoa/WebCoreNSURLSession.h:
575         * platform/network/cocoa/WebCoreNSURLSession.mm:
576         (-[WebCoreNSURLSession dealloc]):
577         (-[WebCoreNSURLSession taskCompleted:]):
578         (-[WebCoreNSURLSession finishTasksAndInvalidate]):
579         (-[WebCoreNSURLSession invalidateAndCancel]):
580         (-[WebCoreNSURLSession getTasksWithCompletionHandler:]):
581         (-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]):
582         (-[WebCoreNSURLSession dataTaskWithRequest:]):
583         (-[WebCoreNSURLSession dataTaskWithURL:]):
584
585 2016-07-08  Jeremy Jones  <jeremyj@apple.com>
586
587         Prevent fullscreen video dimension state from being reset after configuring.
588         https://bugs.webkit.org/show_bug.cgi?id=159578
589
590         Reviewed by Jer Noble.
591
592         This change moves setVideoElement() to after setMediaElement(), since setMediaElement() resets the
593         mediaState, undoing the configuration done by setVideoElement().
594
595         This change is fragile, but minimal. The proper, more comprehinsive fix will come later from
596         https://bugs.webkit.org/show_bug.cgi?id=159580.
597
598         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
599         (WebVideoFullscreenControllerContext::setUpFullscreen):
600
601 2016-07-08  Andy Estes  <aestes@apple.com>
602
603         [Content Filtering] Load blocked pages more like other error pages are loaded
604         https://bugs.webkit.org/show_bug.cgi?id=159485
605         <rdar://problem/26014076>
606
607         Reviewed by Brady Eidson.
608
609         Content filter blocked pages were being loaded by cancelling the provisional load of the
610         page that was blocked and then scheduling a navigation to the content filter error page.
611         Some clients would not expect a new, Web process-initiated provisional navigation to start
612         after a cancellation, though, and this would put them in a bad state.
613         
614         This patch changes blocked page loading to behave more like loading other error pages.
615         Specifically:
616         1. didFailProvisionalLoad is dispatched with a new, non-cancellation error code.
617         2. The blocked page is loaded immediately after dispatching didFailProvisionalLoad, which
618            prevents FrameLoader from creating a new back-forward list item for the substitute data load.
619         3. A substitute data load initiated by the client for the blocked URL is ignored if
620            ContentFilter will display its own error page.
621         4. A file: URL is used instead of a custom scheme for the base URL of the blocked page,
622            since some clients expect this.
623
624         Updated existing tests to capture frame load delegate callbacks and the back forward list.
625         Added new API tests: ContentFiltering.LoadAlternate*.
626
627         * English.lproj/Localizable.strings: Added a WebKitErrorFrameLoadBlockedByContentFilter description.
628         * Resources/ContentFilterBlockedPage.html: Added.
629         * WebCore.xcodeproj/project.pbxproj: Added ContentFilterBlockedPage.html as a frameowrk resource.
630         * loader/ContentFilter.cpp:
631         (WebCore::ContentFilter::continueAfterWillSendRequest): Protected m_documentLoader,
632         since it might otherwise be deallocated inside ContentFilter::didDecide() if the load is blocked.
633         (WebCore::ContentFilter::stopFilteringMainResource): Only set m_state to Stopped if not
634         already Blocked, so that we don't forget this ContentFilter was blocked when calling
635         cancelMailResourceLoad() in didDecide().
636         (WebCore::ContentFilter::continueAfterResponseReceived): Protected m_documentLoader,
637         since it might otherwise be deallocated inside ContentFilter::didDecide() if the load is blocked.
638         (WebCore::ContentFilter::continueAfterDataReceived): Ditto.
639         (WebCore::ContentFilter::continueAfterNotifyFinished): Ditto.
640         (WebCore::ContentFilter::didDecide): Moved code from DocumentLoader::contentFilterDidBlock() to here.
641         Created a blockedByContentFilterError() and called cancelMainResourceLoad().
642         (WebCore::blockedPageURL): Returned a file: URL to ContentFilterBlockedPage.html in WebCore.framework.
643         (WebCore::ContentFilter::continueAfterSubstituteDataRequest): If the substitute data load
644         is for the same failingURL as the currently-displayed blocked page, ignore it.
645         (WebCore::ContentFilter::handleProvisionalLoadFailure): Load the blocked page if m_state is Blocked
646         and the ResourceError matches the error we used when previously calling cancelMainResourceLoad().
647         (WebCore::ContentFilter::unblockHandler): Deleted.
648         (WebCore::ContentFilter::replacementData): Deleted.
649         (WebCore::ContentFilter::unblockRequestDeniedScript): Deleted.
650         * loader/ContentFilter.h:
651         * loader/DocumentLoader.cpp:
652         (WebCore::DocumentLoader::contentFilter): Returned m_contentFilter.
653         (WebCore::DocumentLoader::installContentFilterUnblockHandler): Deleted.
654         (WebCore::DocumentLoader::contentFilterDidBlock): Deleted.
655         * loader/DocumentLoader.h:
656         * loader/EmptyClients.h: Added a default implementation of blockedByContentFilterError().
657         * loader/FrameLoader.cpp:
658         (WebCore::FrameLoader::load): If m_loadType was already RedirectWithLockedBackForwardList
659         and we are loading subsitute data for a failing URL, continue to use RedirectWithLockedBackForwardList.
660         This prevents a new back-forward list item from being created when loading a blocked page in a subframe.
661         (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
662         Called ContentFilter::handleProvisionalLoadFailure() after dispatchDidFailProvisionalLoad().
663         (WebCore::FrameLoader::blockedByContentFilterError): Called FrameLoaderClient::blockedByContentFilterError().
664         * loader/FrameLoader.h:
665         * loader/FrameLoaderClient.h:
666         * loader/NavigationScheduler.cpp:
667         (WebCore::ScheduledSubstituteDataLoad::ScheduledSubstituteDataLoad): Deleted.
668         (WebCore::NavigationScheduler::scheduleSubstituteDataLoad): Deleted.
669         * loader/NavigationScheduler.h:
670         * loader/PolicyChecker.cpp:
671         (WebCore::PolicyChecker::checkNavigationPolicy): Ignored a substitute data load for a
672         failing URL if ContentFilter::continueAfterSubstituteDataRequest() returns false.
673
674 2016-07-08  Myles C. Maxfield  <mmaxfield@apple.com>
675
676         [Font Loading] The callback passed to document.fonts.ready should always be called
677         https://bugs.webkit.org/show_bug.cgi?id=158884
678
679         Reviewed by Dean Jackson.
680
681         The boolean was simply not being reset when loads start.
682
683         Test: fast/text/font-face-set-ready-fire.html
684
685         * css/FontFaceSet.cpp:
686         (WebCore::FontFaceSet::startedLoading):
687         * css/FontFaceSet.h:
688
689 2016-07-08  Commit Queue  <commit-queue@webkit.org>
690
691         Unreviewed, rolling out r202944.
692         https://bugs.webkit.org/show_bug.cgi?id=159570
693
694         caused some tests to crash under GuardMalloc (Requested by
695         estes on #webkit).
696
697         Reverted changeset:
698
699         "[Content Filtering] Load blocked pages more like other error
700         pages are loaded"
701         https://bugs.webkit.org/show_bug.cgi?id=159485
702         http://trac.webkit.org/changeset/202944
703
704 2016-07-08  Antti Koivisto  <antti@apple.com>
705
706         Regression(r201805): Crash with <use> resource that has Vary header
707         https://bugs.webkit.org/show_bug.cgi?id=159560
708         <rdar://problem/27034208>
709
710         Reviewed by Chris Dumez.
711
712         In some situations (SVG <use> element for example) we may try to load resources from frameless documents.
713         Such loads always fail. The new vary header verification code path tried to access the frame earlier without
714         null check.
715
716         Test: http/tests/cache/vary-frameless-document.html
717
718         * loader/cache/CachedResource.cpp:
719         (WebCore::CachedResource::failBeforeStarting):
720         (WebCore::addAdditionalRequestHeadersToRequest):
721
722             Null check frame.
723             Also move the resource type check here so all callers get the same behavior.
724
725         (WebCore::CachedResource::addAdditionalRequestHeaders):
726         (WebCore::CachedResource::load):
727         (WebCore::CachedResource::varyHeaderValuesMatch):
728
729 2016-07-08  Brady Eidson  <beidson@apple.com>
730
731         Clearing LocalStorage doesn't also delete -wal and -shm files.
732         <rdar://problem/27206772> and https://bugs.webkit.org/show_bug.cgi?id=159566
733
734         Reviewed by Brent Fulgham.
735         Also helpfully picked over by Andy "Never Forgets" Estes.
736
737         Covered by new API test.
738
739         * WebCore.xcodeproj/project.pbxproj:
740
741         * platform/sql/SQLiteFileSystem.h:
742
743 2016-07-08  Commit Queue  <commit-queue@webkit.org>
744
745         Unreviewed, rolling out r202945.
746         https://bugs.webkit.org/show_bug.cgi?id=159565
747
748         The test for this change is failing on all platforms.
749         (Requested by ryanhaddad on #webkit).
750
751         Reverted changeset:
752
753         "[Font Loading] The callback passed to document.fonts.ready
754         should always be called"
755         https://bugs.webkit.org/show_bug.cgi?id=158884
756         http://trac.webkit.org/changeset/202945
757
758 2016-07-08  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
759
760         ExecState should be passed by reference in JS bindings generator for custom constructors
761         https://bugs.webkit.org/show_bug.cgi?id=159357
762
763         Reviewed by Youenn Fablet.
764
765         Pass ExecState as a reference instead of pointer in JS bindings
766         code for custom constructors.
767
768         * bindings/js/JSAudioContextCustom.cpp:
769         (WebCore::constructJSAudioContext):
770         * bindings/js/JSBlobCustom.cpp:
771         (WebCore::constructJSBlob):
772         * bindings/js/JSDOMFormDataCustom.cpp:
773         (WebCore::constructJSDOMFormData):
774         (WebCore::JSDOMFormData::append):
775         * bindings/js/JSDataCueCustom.cpp:
776         (WebCore::constructJSDataCue):
777         * bindings/js/JSFileCustom.cpp:
778         (WebCore::constructJSFile):
779         * bindings/js/JSHTMLElementCustom.cpp:
780         (WebCore::constructJSHTMLElement):
781         * bindings/js/JSMediaSessionCustom.cpp:
782         (WebCore::constructJSMediaSession):
783         * bindings/js/JSMutationObserverCustom.cpp:
784         (WebCore::constructJSMutationObserver):
785         * bindings/js/JSReadableStreamPrivateConstructors.cpp:
786         (WebCore::constructJSReadableStreamController):
787         (WebCore::constructJSReadableStreamReader):
788         * bindings/js/JSWebKitPointCustom.cpp:
789         (WebCore::constructJSWebKitPoint):
790         * bindings/js/JSWorkerCustom.cpp:
791         (WebCore::constructJSWorker):
792         * bindings/scripts/CodeGeneratorJS.pm:
793         (GenerateHeader):
794         (GenerateConstructorDefinition):
795         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
796         (WebCore::JSTestCustomConstructorWithNoInterfaceObjectConstructor::construct):
797         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
798
799 2016-07-08  Olivier Blin  <olivier.blin@softathome.com>
800
801         Expose crossOrigin attribute as a static property in HTMLMediaElement
802         https://bugs.webkit.org/show_bug.cgi?id=159459
803
804         Reviewed by Chris Dumez.
805
806         The crossOrigin attribute is already used for MediaResourceLoader
807         (r119742 and r175050), but it was not exposed as a static property.
808
809         This fixes VR360 support in Dailymotion, since it uses the "in"
810         operator to detect if crossOrigin is supported by the
811         HTMLVideoElement, in order to enable VR360.
812
813         No new tests, rebaselined existing tests, 150 WPT tests are fixed.
814
815         * html/HTMLMediaElement.cpp:
816         (WebCore::HTMLMediaElement::setCrossOrigin):
817         (WebCore::HTMLMediaElement::crossOrigin):
818         * html/HTMLMediaElement.h:
819         * html/HTMLMediaElement.idl:
820
821 2016-03-20  Frederic Wang  <fwang@igalia.com>
822
823         Use Fraction* parameters from the OpenType MATH table
824         https://bugs.webkit.org/show_bug.cgi?id=155639
825
826         Reviewed by Brent Fulgham.
827
828         We improve the RenderMathMLFraction so minimal vertical shifts and gaps
829         from the MATH table (or arbitrary fallback) are used for fractions.
830         We also change the interpretation of "thick" and "thin" linethickness values
831         to match Gecko's behavior and the one suggested in the MathML in HTML5 implementation note.
832
833         Test: imported/mathml-in-html5/mathml/presentation-markup/fractions/frac-parameters-1.html
834
835         * rendering/mathml/MathMLStyle.cpp:
836         (WebCore::MathMLStyle::updateStyleIfNeeded): set NeedsLayout after displaystyle change
837         so that dynamic MathML tests still work.
838         * rendering/mathml/RenderMathMLFraction.cpp:
839         (WebCore::RenderMathMLFraction::RenderMathMLFraction): Init LayoutUnit members to zero.
840         (WebCore::RenderMathMLFraction::updateFromElement):
841         Set new members for fraction gaps and shifts using Fraction* constants or some fallback
842         values. Change the interpretation of "thick" and "thin".
843         (WebCore::RenderMathMLFraction::layoutBlock): Use new constants affecting vertical
844         positions of numerator and denominator.
845         (WebCore::RenderMathMLFraction::paint): Use m_ascent to set the vertical position
846         of the fraction bar.
847         (WebCore::RenderMathMLFraction::firstLineBaseline): We just return m_ascent.
848         * rendering/mathml/RenderMathMLFraction.h: Make updateFromElement public so that
849         it can be used in MathMLStyle. Add LayoutUnit members for the ascent of the fraction
850         and for minimal shifts/gaps values.
851
852 2016-07-08  Frederic Wang  <fwang@igalia.com>
853
854         Use Radical* constants from the OpenType MATH table.
855         https://bugs.webkit.org/show_bug.cgi?id=155638
856
857         Reviewed by Brent Fulgham.
858
859         Test: mathml/mathml-in-html5/root-parameters-1.html
860
861         We make the radical vertical gap depends on displaystyle.
862         This is the only remaining step to use all the Radical* constants from the MATH table.
863         We also introduce a ruleThicknessFallback function for future use.
864
865         * rendering/mathml/RenderMathMLBlock.h:
866         (WebCore::RenderMathMLBlock::ruleThicknessFallback): Add this helper function since that
867         calculation is used in several places.
868         * rendering/mathml/RenderMathMLRoot.cpp:
869         (WebCore::RenderMathMLRoot::updateStyle): Reorganize the way we set constant parameters,
870         add more comments and take into account the displaystyle for the vertical gap.
871
872 2016-07-08  Commit Queue  <commit-queue@webkit.org>
873
874         Unreviewed, rolling out r202967.
875         https://bugs.webkit.org/show_bug.cgi?id=159556
876
877         This patch caused crashes in https tests on Windows (Requested
878         by perarne on #webkit).
879
880         Reverted changeset:
881
882         "[Win] The test http/tests/security/contentSecurityPolicy
883         /upgrade-insecure-requests/basic-upgrade.https.html is
884         failing."
885         https://bugs.webkit.org/show_bug.cgi?id=159510
886         http://trac.webkit.org/changeset/202967
887
888 2016-07-08  Youenn Fablet  <youenn@apple.com>
889
890         Generate WebCore builtin wrapper files
891         https://bugs.webkit.org/show_bug.cgi?id=159461
892
893         Reviewed by Brian Burg.
894
895         No change of behavior.
896
897         Updating build system to handle new built-in generators without modifying WebCoreJSBuiltins* files.
898         The generator is now passed all built-ins at once so that wrapper files can be generated.
899         Removing WebCoreJSBuiltins* checked-in wrapper files.
900
901         * CMakeLists.txt:
902         * DerivedSources.make:
903         * WebCore.xcodeproj/project.pbxproj:
904         * bindings/js/JSDOMGlobalObject.cpp:
905         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
906         * bindings/js/JSDOMGlobalObject.h:
907         * bindings/js/WebCoreJSBuiltinInternals.cpp: Removed.
908         * bindings/js/WebCoreJSBuiltinInternals.h: Removed.
909         * bindings/js/WebCoreJSBuiltins.cpp: Removed.
910         * bindings/js/WebCoreJSBuiltins.h: Removed.
911
912 2016-07-08  Manuel Rego Casasnovas  <rego@igalia.com>
913
914         [css-grid] Inline size is never indefinite during layout
915         https://bugs.webkit.org/show_bug.cgi?id=159253
916
917         Reviewed by Sergio Villar Senin.
918
919         The issue is that the inline size of the grid container
920         is only indefinite while we're computing the intrinsic sizes.
921         During layout we should be able to resolve the percentage tracks
922         against that size. This makes Grid Layout compatible with regular blocks
923         regarding how inline percentages are resolved.
924
925         The patch passes the SizingOperation enum to RenderGrid::gridTrackSize().
926         That way we can know if we're computing the intrinsic sizes or not.
927
928         Test: fast/css-grid-layout/grid-container-percentage-columns.html
929
930         * rendering/RenderGrid.cpp:
931         (WebCore::RenderGrid::computeTrackSizesForDirection):
932         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
933         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
934         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
935         (WebCore::RenderGrid::gridTrackSize):
936         (WebCore::RenderGrid::minSizeForChild):
937         (WebCore::RenderGrid::spanningItemCrossesFlexibleSizedTracks):
938         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
939         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
940         (WebCore::RenderGrid::tracksAreWiderThanMinTrackBreadth):
941         (WebCore::RenderGrid::rawGridTrackSize): Deleted.
942         * rendering/RenderGrid.h:
943
944 2016-07-08  Frederic Wang  <fwang@igalia.com>
945
946         Use OpenType MATH constant AxisHeight.
947         https://bugs.webkit.org/show_bug.cgi?id=133567
948
949         Reviewed by Brent Fulgham.
950
951         We make RenderMathMLOperator and RenderMathMLTable use the OpenType MATH constant AxisHeight.
952         These are the only remaining cases to handle since RenderMathMLFraction already uses that constant.
953
954         Tests: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
955               imported/mathml-in-html5/mathml/presentation-markup/tables/table-axis-height.html
956
957         * rendering/mathml/RenderMathMLBlock.cpp: Make RenderMathMLTable use the math axis
958         for its vertical alignment and update a bit the comments.
959         (WebCore::axisHeight): Move the code in a static function that can be called by
960         RenderMathMLBlock and RenderMathMLTable.
961         (WebCore::RenderMathMLBlock::mathAxisHeight): Use axisHeight.
962         (WebCore::RenderMathMLTable::firstLineBaseline): Ditto.
963         * rendering/mathml/RenderMathMLOperator.cpp:
964         (WebCore::RenderMathMLOperator::stretchTo):
965
966 2016-07-08  Manuel Rego Casasnovas  <rego@igalia.com>
967
968         [css-grid] Disallow repeat() in grid-template shorthand
969         https://bugs.webkit.org/show_bug.cgi?id=159200
970
971         Reviewed by Sergio Villar Senin.
972
973         As discussed on www-style, "repeat()" notation shouldn't be allowed
974         in the ASCII branch of the grid-template shorthand.
975         https://lists.w3.org/Archives/Public/www-style/2016May/0193.html
976
977         The patch uses an enum to invalidate "repeat()" when parsing
978         the grid-template shorthand.
979
980         Test: fast/css-grid-layout/grid-template-shorthand-get-set.html
981
982         * css/CSSParser.cpp:
983         (WebCore::CSSParser::parseGridTemplateColumns): Add enum.
984         (WebCore::CSSParser::parseGridTemplateRowsAndAreasAndColumns): Pass "DisallowRepeat"
985         when calling parseGridTemplateColumns().
986         (WebCore::CSSParser::parseGridTrackList): Use enum to allow/disallow repeat.
987         * css/CSSParser.h: Define the new enum and modify method signatures to use it,
988         setting it to "AllowRepeat" by default.
989
990 2016-07-08  Frederic Wang  <fwang@igalia.com>
991
992         Add support for movablelimits.
993         https://bugs.webkit.org/show_bug.cgi?id=155542
994
995         Reviewed by Brent Fulgham.
996
997         Tests: mathml/presentation/displaystyle-1.html
998                mathml/presentation/displaystyle-2.html
999                mathml/presentation/displaystyle-3.html
1000                mathml/presentation/mo-movablelimits-default.html
1001                mathml/presentation/mo-movablelimits-dynamic.html
1002                mathml/presentation/mo-movablelimits.html
1003
1004         * mathml/MathMLTextElement.cpp:
1005         (WebCore::MathMLTextElement::parseAttribute): Take into account change of movablelimits.
1006         * rendering/mathml/MathMLOperatorDictionary.h: Remove FIXME comment.
1007         * rendering/mathml/MathMLStyle.cpp:
1008         (WebCore::MathMLStyle::updateStyleIfNeeded): Force relayout and width computation when a
1009         displaystyle value change.
1010         * rendering/mathml/RenderMathMLOperator.h:
1011         (WebCore::RenderMathMLOperator::shouldMoveLimits): Helper function to test if the operator
1012         should have his limits moved when used as a base of munder/mover/munderover.
1013         * rendering/mathml/RenderMathMLScripts.cpp: Allow munderover/munder/mover elements to use
1014         this class and take the same behavior as the corresponding msubsup/msub/sup except for
1015         the *scriptshift attributes.
1016         (WebCore::RenderMathMLScripts::RenderMathMLScripts):
1017         (WebCore::RenderMathMLScripts::getBaseAndScripts):
1018         (WebCore::RenderMathMLScripts::computePreferredLogicalWidths):
1019         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
1020         (WebCore::RenderMathMLScripts::layoutBlock):
1021         * rendering/mathml/RenderMathMLScripts.h: Allow some members to be accessible/overridden
1022         by RenderMathMLUnderOver and add munderover/munder/mover in the kind.
1023         * rendering/mathml/RenderMathMLUnderOver.cpp:
1024         (WebCore::RenderMathMLUnderOver::RenderMathMLUnderOver): We use the code from
1025         RenderMathMLScripts to initialize m_kind.
1026         (WebCore::RenderMathMLUnderOver::shouldMoveLimits): New function to determine if the base
1027         should move its limits.
1028         (WebCore::RenderMathMLUnderOver::computePreferredLogicalWidths): We use the code from
1029         RenderMathMLScripts when the base should move its limits.
1030         (WebCore::RenderMathMLUnderOver::layoutBlock): We use the code from RenderMathMLScripts when
1031         the base should move its limits. Also improve the early return for invalid markup.
1032         (WebCore::RenderMathMLUnderOver::unembellishedOperator): Deleted. We use the code from RenderMathMLScripts.
1033         (WebCore::RenderMathMLUnderOver::firstLineBaseline): Deleted. We use the code from RenderMathMLScripts.
1034         * rendering/mathml/RenderMathMLUnderOver.h: We now inherit from RenderMathMLScripts and can
1035         just remove members that exist in the parent. We define shouldMoveLimits() to determine
1036         when the layout should be done the same as RenderMathMLScripts. For now, we try and be
1037         safe with the rest of the code by continuing to claim that we are not a RenderMathMLScripts.
1038
1039 2016-07-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1040
1041         Clean up PassRefPtr in Modules/webaudio
1042         https://bugs.webkit.org/show_bug.cgi?id=159540
1043
1044         Reviewed by Alex Christensen.
1045
1046         Purge PassRefPtr in webaudio directory.
1047
1048         No new tests, no behavior changes.
1049
1050         * Modules/webaudio/AsyncAudioDecoder.h:
1051         * Modules/webaudio/AudioBasicProcessorNode.h:
1052         * Modules/webaudio/AudioBuffer.h:
1053         * Modules/webaudio/AudioBufferSourceNode.h:
1054         * Modules/webaudio/AudioListener.h:
1055         * Modules/webaudio/AudioParam.h:
1056         * Modules/webaudio/AudioParamTimeline.h:
1057         (WebCore::AudioParamTimeline::ParamEvent::ParamEvent):
1058         * Modules/webaudio/AudioProcessingEvent.cpp:
1059         (WebCore::AudioProcessingEvent::AudioProcessingEvent):
1060         * Modules/webaudio/AudioProcessingEvent.h:
1061         (WebCore::AudioProcessingEvent::create):
1062         * Modules/webaudio/ChannelMergerNode.h:
1063         * Modules/webaudio/ChannelSplitterNode.h:
1064         * Modules/webaudio/GainNode.h:
1065         * Modules/webaudio/MediaElementAudioSourceNode.h:
1066         * Modules/webaudio/MediaStreamAudioDestinationNode.h:
1067         * Modules/webaudio/MediaStreamAudioSource.cpp:
1068         (WebCore::MediaStreamAudioSource::addAudioConsumer):
1069         * Modules/webaudio/MediaStreamAudioSource.h:
1070         * Modules/webaudio/OfflineAudioCompletionEvent.cpp:
1071         (WebCore::OfflineAudioCompletionEvent::create):
1072         (WebCore::OfflineAudioCompletionEvent::OfflineAudioCompletionEvent):
1073         * Modules/webaudio/OfflineAudioCompletionEvent.h:
1074         * Modules/webaudio/OfflineAudioDestinationNode.h:
1075         * Modules/webaudio/OscillatorNode.h:
1076         * Modules/webaudio/PeriodicWave.h:
1077         * Modules/webaudio/ScriptProcessorNode.h:
1078
1079 2016-07-07  Per Arne Vollan  <pvollan@apple.com>
1080
1081         [Win] The test http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade.https.html is failing.
1082         https://bugs.webkit.org/show_bug.cgi?id=159510
1083
1084         Reviewed by Brent Fulgham.
1085
1086         On Windows, validate certificate chain even when any https certificate is allowed.
1087
1088         * platform/network/cf/ResourceHandleCFNet.cpp:
1089         (WebCore::ResourceHandle::createCFURLConnection):
1090
1091 2016-07-07  Frederic Wang  <fwang@igalia.com>
1092
1093         Bug 155792 - Basic implementation of mpadded
1094         https://bugs.webkit.org/show_bug.cgi?id=155792
1095
1096         Reviewed by Brent Fulgham.
1097
1098         We implement a basic support for the mpadded element.
1099         We support most of the attribute values except pseudo-units or negative values.
1100
1101         Tests: mathml/presentation/mpadded-1-2.html
1102                mathml/presentation/mpadded-1.html
1103                mathml/presentation/mpadded-2.html
1104                mathml/presentation/mpadded-3.html
1105                mathml/presentation/mpadded-unsupported-values.html
1106                mathml/presentation/mpadded-dynamic.html
1107
1108         * CMakeLists.txt: Add RenderMathMLPadded to the build system.
1109         * WebCore.xcodeproj/project.pbxproj: Ditto.
1110         * mathml/MathMLInlineContainerElement.cpp:
1111         (WebCore::MathMLInlineContainerElement::createElementRenderer): Create the renderer
1112         for mpadded.
1113         * mathml/mathattrs.in: Add voffset attribute.
1114         * mathml/mathtags.in: Make mpadded use MathMLInlineContainerElement.
1115         * rendering/RenderObject.h:
1116         (WebCore::RenderObject::isRenderMathMLPadded): Define isRenderMathMLPadded.
1117         * rendering/mathml/RenderMathMLPadded.cpp: Added.
1118         We do a simple implementation by overriding the behavior of RenderMathMLRow and forcing
1119         relayout after attribute or style change.
1120         (WebCore::RenderMathMLPadded::RenderMathMLPadded):
1121         (WebCore::RenderMathMLPadded::computePreferredLogicalWidths):
1122         (WebCore::RenderMathMLPadded::layoutBlock):
1123         (WebCore::RenderMathMLPadded::updateFromElement):
1124         (WebCore::RenderMathMLPadded::styleDidChange):
1125         (WebCore::RenderMathMLPadded::firstLineBaseline):
1126         * rendering/mathml/RenderMathMLPadded.h: Added.
1127
1128 2016-07-07  Frederic Wang  <fwang@igalia.com>
1129
1130         Move MathML-specific code into a separate accessibility class
1131         https://bugs.webkit.org/show_bug.cgi?id=159213
1132
1133         Reviewed by Chris Fleizach.
1134
1135         Currently, MathML accessibility is completely handled in the generic AccessibilityRenderObject
1136         and it's sometimes messy and unconvenient. Hence we move most of the MathML-specific code
1137         into a separate AccessibilityMathMLElement class to facilitate future work and maintenance.
1138
1139         No new tests, already covered by existing tests.
1140
1141         * CMakeLists.txt: Add new AccessibilityMathMLElement module.
1142         * WebCore.xcodeproj/project.pbxproj: Ditto.
1143         * accessibility/AccessibilityAllInOne.cpp: Ditto.
1144         * accessibility/AXObjectCache.cpp: Add MathML headers and create AccessibilityMathMLElement.
1145         (WebCore::createFromRenderer): Create AccessibilityMathMLElement for MathML elements and
1146         anonymous operators created by the mfenced element.
1147         * accessibility/AccessibilityMathMLElement.cpp: Added. This class handles all the MathML
1148         elements as well as the anonymous operators created by the mfenced element. A boolean is
1149         passed to the constructor to indicate whether we are in the latter case.
1150         (WebCore::AccessibilityMathMLElement::AccessibilityMathMLElement):
1151         (WebCore::AccessibilityMathMLElement::~AccessibilityMathMLElement):
1152         (WebCore::AccessibilityMathMLElement::create):
1153         (WebCore::AccessibilityMathMLElement::determineAccessibilityRole): Move handling of specific
1154         MathElementRole and DocumentMathRole here.
1155         (WebCore::AccessibilityMathMLElement::textUnderElement): Move retrieval of text from the
1156         anonymous operators here.
1157         (WebCore::AccessibilityMathMLElement::stringValue): Ditto.
1158         (WebCore::AccessibilityMathMLElement::isIgnoredElementWithinMathTree): Move the determination
1159         of ignored math elements here.
1160         (WebCore::AccessibilityMathMLElement::isMathFraction): Moved from AccessibilityRenderObject.
1161         (WebCore::AccessibilityMathMLElement::isMathFenced): Ditto.
1162         (WebCore::AccessibilityMathMLElement::isMathSubscriptSuperscript): Ditto.
1163         (WebCore::AccessibilityMathMLElement::isMathRow): Ditto.
1164         (WebCore::AccessibilityMathMLElement::isMathUnderOver): Ditto.
1165         (WebCore::AccessibilityMathMLElement::isMathSquareRoot): Ditto.
1166         (WebCore::AccessibilityMathMLElement::isMathToken): Ditto.
1167         (WebCore::AccessibilityMathMLElement::isMathRoot): Ditto.
1168         (WebCore::AccessibilityMathMLElement::isMathOperator): Ditto.
1169         (WebCore::AccessibilityMathMLElement::isAnonymousMathOperator): Move the determination of
1170         anonymous operators here. We now just return the boolean passed at creation time.
1171         (WebCore::AccessibilityMathMLElement::isMathFenceOperator): Moved from
1172         AccessibilityRenderObject.
1173         (WebCore::AccessibilityMathMLElement::isMathSeparatorOperator): Ditto.
1174         (WebCore::AccessibilityMathMLElement::isMathText): Ditto.
1175         (WebCore::AccessibilityMathMLElement::isMathNumber): Ditto.
1176         (WebCore::AccessibilityMathMLElement::isMathIdentifier): Ditto.
1177         (WebCore::AccessibilityMathMLElement::isMathMultiscript): Ditto.
1178         (WebCore::AccessibilityMathMLElement::isMathTable): Ditto.
1179         (WebCore::AccessibilityMathMLElement::isMathTableRow): Ditto.
1180         (WebCore::AccessibilityMathMLElement::isMathTableCell): Ditto.
1181         (WebCore::AccessibilityMathMLElement::isMathScriptObject): Ditto.
1182         (WebCore::AccessibilityMathMLElement::isMathMultiscriptObject): Ditto.
1183         (WebCore::AccessibilityMathMLElement::mathRadicandObject): Ditto.
1184         (WebCore::AccessibilityMathMLElement::mathRootIndexObject): Ditto.
1185         (WebCore::AccessibilityMathMLElement::mathNumeratorObject): Ditto.
1186         (WebCore::AccessibilityMathMLElement::mathDenominatorObject): Ditto.
1187         (WebCore::AccessibilityMathMLElement::mathUnderObject): Ditto.
1188         (WebCore::AccessibilityMathMLElement::mathOverObject): Ditto.
1189         (WebCore::AccessibilityMathMLElement::mathBaseObject): Ditto.
1190         (WebCore::AccessibilityMathMLElement::mathSubscriptObject): Ditto.
1191         (WebCore::AccessibilityMathMLElement::mathSuperscriptObject): Ditto.
1192         (WebCore::AccessibilityMathMLElement::mathFencedOpenString): Ditto.
1193         (WebCore::AccessibilityMathMLElement::mathFencedCloseString): Ditto.
1194         (WebCore::AccessibilityMathMLElement::mathPrescripts): Ditto.
1195         (WebCore::AccessibilityMathMLElement::mathPostscripts): Ditto.
1196         (WebCore::AccessibilityMathMLElement::mathLineThickness): Ditto.
1197         * accessibility/AccessibilityMathMLElement.h: Added.
1198         * accessibility/AccessibilityRenderObject.cpp:
1199         (WebCore::AccessibilityRenderObject::isIgnoredElementWithinMathTree): The cases of
1200         AccessibilityMathMLElement objects are now handled in the derived class. We remove the case
1201         of text node since the MathML code no longer creates anonymous text nodes after r202420.
1202         Anonymous block inserted into RenderMathMLBlocks to honor CSS rules are not AccessibilityMathMLElements
1203         and it does not seem safe to modify AXObjectCache::createFromRenderer to force that. Hence
1204         we still need to be handle them here.
1205         (WebCore::AccessibilityRenderObject::textUnderElement): This code is moved into AccessibilityMathMLElement.
1206         (WebCore::AccessibilityRenderObject::stringValue): Ditto.
1207         (WebCore::AccessibilityRenderObject::determineAccessibilityRole): Ditto.
1208         (WebCore::AccessibilityRenderObject::isMathElement): Deleted.
1209         (WebCore::AccessibilityRenderObject::isMathFraction): Deleted.
1210         (WebCore::AccessibilityRenderObject::isMathFenced): Deleted.
1211         (WebCore::AccessibilityRenderObject::isMathSubscriptSuperscript): Deleted.
1212         (WebCore::AccessibilityRenderObject::isMathRow): Deleted.
1213         (WebCore::AccessibilityRenderObject::isMathUnderOver): Deleted.
1214         (WebCore::AccessibilityRenderObject::isMathSquareRoot): Deleted.
1215         (WebCore::AccessibilityRenderObject::isMathToken): Deleted.
1216         (WebCore::AccessibilityRenderObject::isMathRoot): Deleted.
1217         (WebCore::AccessibilityRenderObject::isMathOperator): Deleted.
1218         (WebCore::AccessibilityRenderObject::isAnonymousMathOperator): Deleted.
1219         (WebCore::AccessibilityRenderObject::isMathFenceOperator): Deleted.
1220         (WebCore::AccessibilityRenderObject::isMathSeparatorOperator): Deleted.
1221         (WebCore::AccessibilityRenderObject::isMathText): Deleted.
1222         (WebCore::AccessibilityRenderObject::isMathNumber): Deleted.
1223         (WebCore::AccessibilityRenderObject::isMathIdentifier): Deleted.
1224         (WebCore::AccessibilityRenderObject::isMathMultiscript): Deleted.
1225         (WebCore::AccessibilityRenderObject::isMathTable): Deleted.
1226         (WebCore::AccessibilityRenderObject::isMathTableRow): Deleted.
1227         (WebCore::AccessibilityRenderObject::isMathTableCell): Deleted.
1228         (WebCore::AccessibilityRenderObject::isMathScriptObject): Deleted.
1229         (WebCore::AccessibilityRenderObject::isMathMultiscriptObject): Deleted.
1230         (WebCore::AccessibilityRenderObject::mathRadicandObject): Deleted.
1231         (WebCore::AccessibilityRenderObject::mathRootIndexObject): Deleted.
1232         (WebCore::AccessibilityRenderObject::mathNumeratorObject): Deleted.
1233         (WebCore::AccessibilityRenderObject::mathDenominatorObject): Deleted.
1234         (WebCore::AccessibilityRenderObject::mathUnderObject): Deleted.
1235         (WebCore::AccessibilityRenderObject::mathOverObject): Deleted.
1236         (WebCore::AccessibilityRenderObject::mathBaseObject): Deleted.
1237         (WebCore::AccessibilityRenderObject::mathSubscriptObject): Deleted.
1238         (WebCore::AccessibilityRenderObject::mathSuperscriptObject): Deleted.
1239         (WebCore::AccessibilityRenderObject::mathFencedOpenString): Deleted.
1240         (WebCore::AccessibilityRenderObject::mathFencedCloseString): Deleted.
1241         (WebCore::AccessibilityRenderObject::mathPrescripts): Deleted.
1242         (WebCore::AccessibilityRenderObject::mathPostscripts): Deleted.
1243         (WebCore::AccessibilityRenderObject::mathLineThickness): Deleted.
1244         * accessibility/AccessibilityRenderObject.h: Remove declarations of functions that are now
1245         overridden in AccessibilityMathMLElement. Make isIgnoredElementWithinMathTree virtual so that
1246         it can be reimplemented in AccessibilityMathMLElement.
1247
1248 2016-07-07  Frederic Wang  <fwang@igalia.com>
1249
1250         Implement an internal style property for displaystyle.
1251         https://bugs.webkit.org/show_bug.cgi?id=133845
1252
1253         Reviewed by Brent Fulgham.
1254
1255         Tests: mathml/opentype/large-operators-displaystyle-dynamic.html
1256                mathml/opentype/large-operators-displaystyle.html
1257
1258         This is based on a patch by Alejandro G. Castro <alex@igalia.com>
1259
1260         * CMakeLists.txt: Add MathMLStyle to the build system.
1261         * WebCore.xcodeproj/project.pbxproj: ditto.
1262         * mathml/MathMLInlineContainerElement.cpp:
1263         (WebCore::MathMLInlineContainerElement::parseAttribute): Resolve the mathml style when the
1264         displaystyle attribute changes on the mtable or mstyle elements.
1265         * mathml/MathMLInlineContainerElement.h: Define parseAttribute.
1266         * mathml/MathMLMathElement.cpp:
1267         (WebCore::MathMLMathElement::MathMLMathElement): Indicate that we have custom style.
1268         (WebCore::MathMLMathElement::parseAttribute): Resolve the mathml style when the display or
1269         displaystyle attributes change on the math element.
1270         (WebCore::MathMLMathElement::didAttachRenderers): Resolve the mathml style when one
1271         renderer is attached.
1272         * mathml/MathMLMathElement.h: Declare parseAttribute and didAttachRenderers.
1273         * mathml/mathattrs.in: Declare the display and displaystyle attributes.
1274         * rendering/mathml/MathMLStyle.cpp: Added.
1275         (WebCore::MathMLStyle::MathMLStyle): New class to handle custom MathML style.
1276         (WebCore::MathMLStyle::create):
1277         (WebCore::MathMLStyle::setDisplayStyle): Helper function to take the displaystyle from
1278         the specified rendered.
1279         (WebCore::MathMLStyle::resolveMathMLStyleTree): Helper function to resolve the custom
1280         MathML style in renderer subtree.
1281         (WebCore::MathMLStyle::getMathMLParentNode): Helper function to get a MathML ancestor of
1282         the specified renderer.
1283         (WebCore::MathMLStyle::updateStyleIfNeeded): Helper function to update the style of the
1284         specified renderer if needed.
1285         (WebCore::MathMLStyle::resolveMathMLStyle): Resolve the MathML style of a given renderer.
1286         For displaystyle, we inherit the value of the parent except for the cases mentioned in the
1287         MathML recommendation.
1288         * rendering/mathml/MathMLStyle.h: New class header for custom MathML style.
1289         Only displaystyle is supported for now.
1290         * rendering/mathml/RenderMathMLBlock.cpp: Add a member and getter for custom MathML style.
1291         (WebCore::RenderMathMLBlock::RenderMathMLBlock):
1292         * rendering/mathml/RenderMathMLBlock.h: ditto.
1293         (WebCore::RenderMathMLBlock::mathMLStyle):
1294         * rendering/mathml/RenderMathMLMath.h: Add definition to use the syntax is<RenderMathMLMath>.
1295         * rendering/mathml/RenderMathMLOperator.h:
1296         (WebCore::RenderMathMLOperator::isLargeOperatorInDisplayStyle): Do not rerturn true when
1297         the operator is not in displaystyle.
1298         * rendering/mathml/RenderMathMLRoot.h: Make updateStyle public, so that it can be called
1299         by MathMLStyle::updateStyleIfNeeded.
1300         * rendering/mathml/RenderMathMLUnderOver.h: Add definition to use the syntax
1301         is<RenderMathMLUnderOver>.
1302
1303 2016-07-07  Ryosuke Niwa  <rniwa@webkit.org>
1304
1305         Replace scoped flag in Event by composed flag
1306         https://bugs.webkit.org/show_bug.cgi?id=158415
1307
1308         Reviewed by Chris Dumez.
1309
1310         Replace `scoped` flag with `composed` flag and negate its meaning per the latest spec:
1311         https://dom.spec.whatwg.org/#dom-event-composed
1312         https://github.com/w3c/webcomponents/issues/513
1313
1314         In the old spec, every event was assumed to be "composed" (crosses shadow boundaries)
1315         by default and there was `scoped` flag which prevented the event from crossing bondaries,
1316         and there was a handful of events for which `scoped` was set true when dispatched by UA.
1317
1318         In the new spec, every event is assumed to be "scoped" and a handful of user-initiated
1319         events set `composed` flag to true, which is also exposed in EventInit dictionary.
1320         `relatedTargetScoped` flag has been removed. New behavior is identical to when this flag
1321         was set to true.
1322
1323         No new tests since existing tests are updated to test the new flag and behavior.
1324
1325         * dom/CompositionEvent.cpp:
1326         (WebCore::CompositionEvent::isCompositionEvent): Added.
1327         * dom/CompositionEvent.h:
1328         * dom/Event.cpp:
1329         (WebCore::Event::Event): Initialize m_composed. Also re-ordered m_type and m_isInitialized
1330         for better packing.
1331         (WebCore::Event::composed): Renamed from Event::composed. We return true whenever composed
1332         is set to true in EventInit, or the engine is dispatching an user-initiated event listed in:
1333         https://github.com/w3c/webcomponents/issues/513#issuecomment-224183937
1334         as well as keypress, cut, paste, and, copy as discussed in:
1335         https://github.com/w3c/webcomponents/issues/513#issuecomment-230988170
1336         (WebCore::Event::isCompositionEvent): Added.
1337         * dom/Event.h:
1338         (WebCore::Event::composed): Added.
1339         (WebCore::Event::scoped): Deleted.
1340         (WebCore::Event::relatedTargetScoped): Deleted.
1341         (WebCore::Event): Reordered m_type and m_isInitialized for better packing. Added m_composed
1342         and removed m_scoped and m_relatedTargetScoped.
1343         * dom/Event.idl:
1344         * dom/EventPath.cpp:
1345         (WebCore::shouldEventCrossShadowBoundary): Returns true if the event did not originate from
1346         a shadow tree (this event entered the current shadow tree via a slot so we need to proceed with
1347         the normal bubble path outside the shadow tree) or composed flag is set true.
1348         (WebCore::EventPath::EventPath): m_event no longer exists, which was only used to get the value
1349         of relatedTargetScoped which has been removed.
1350         (WebCore::EventPath::setRelatedTarget): Behave as if relatedTargetScoped is always set true
1351         since the flag has been removed.
1352         * dom/EventPath.h:
1353         * dom/FocusEvent.cpp:
1354         (WebCore::FocusEvent::relatedTargetScoped): Deleted.
1355         * dom/FocusEvent.h:
1356         * dom/MouseEvent.cpp:
1357         (WebCore::MouseEvent::relatedTargetScoped): Deleted.
1358         * dom/MouseEvent.h:
1359
1360 2016-07-07  Chris Dumez  <cdumez@apple.com>
1361
1362         tdody.deleteRow(-1) and tr.deleteCell(-1) should not throw when there are no rows / cells
1363         https://bugs.webkit.org/show_bug.cgi?id=159527
1364         <rdar://problem/27232261>
1365
1366         Reviewed by Alex Christensen.
1367
1368         tdody.deleteRow(-1) and tr.deleteCell(-1) should not throw when there
1369         are no rows / cells:
1370         - https://html.spec.whatwg.org/multipage/tables.html#dom-tbody-deleterow
1371         - https://html.spec.whatwg.org/multipage/tables.html#dom-tr-deletecell
1372
1373         Firefox and Chrome do not throw but WebKit was throwing.
1374
1375         No new tests, rebaselined existing tests.
1376
1377         * html/HTMLTableRowElement.cpp:
1378         (WebCore::HTMLTableRowElement::deleteCell):
1379         * html/HTMLTableSectionElement.cpp:
1380         (WebCore::HTMLTableSectionElement::deleteRow):
1381
1382 2016-07-07  Chris Dumez  <cdumez@apple.com>
1383
1384         HTMLTitleElement.text should only account for direct children Text nodes
1385         https://bugs.webkit.org/show_bug.cgi?id=159536
1386
1387         Reviewed by Ryosuke Niwa.
1388
1389         HTMLTitleElement.text should only account for direct children Text nodes:
1390         - https://html.spec.whatwg.org/multipage/semantics.html#dom-title-text
1391         - https://html.spec.whatwg.org/multipage/infrastructure.html#child-text-content
1392
1393         Firefox and Chrome match the specification. However, WebKit accounted for all
1394         Text nodes that are descendants, not just children. This patch aligns our
1395         behavior with the specification and other browsers.
1396
1397         No new tests, rebaselined existing tests.
1398
1399         * html/HTMLTitleElement.cpp:
1400         (WebCore::HTMLTitleElement::text):
1401
1402 2016-07-07  Dean Jackson  <dino@apple.com>
1403
1404         REGRESSION(r200769): animations are no longer overridden
1405         https://bugs.webkit.org/show_bug.cgi?id=159450
1406         <rdar://problem/27120570>
1407
1408         Reviewed by Zalan Bujtas.
1409
1410         The change in r200769 removed a lot of the prefixing variant
1411         handling, but unfortunately we can't be completely rid
1412         of it until we alias the prefixed transitions and animations
1413         to the non-prefixed form. For example, setting the prefixed
1414         shorthand has to reset the non-prefixed longhands.
1415
1416         The fix was to explicitly call the variant forms when
1417         parsing such longhands, and make sure that MutableStyleProperties
1418         removes all prefixed variants when removing shorthands.
1419
1420         The existing test was amended to cover this case:
1421         fast/css/shorthand-omitted-initial-value-overrides-shorthand.html
1422
1423         * css/CSSParser.cpp:
1424         (WebCore::CSSParser::parseAnimationShorthand):
1425         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
1426         (WebCore::CSSParser::parseTransitionShorthand):
1427         * css/CSSParser.h:
1428         * css/StyleProperties.cpp:
1429         (WebCore::MutableStyleProperties::removeShorthandProperty):
1430
1431 2016-07-07  Alex Christensen  <achristensen@webkit.org>
1432
1433         Fix CMake build.
1434
1435         * PlatformMac.cmake:
1436
1437 2016-07-07  Alex Christensen  <achristensen@webkit.org>
1438
1439         Fix CMake build.
1440
1441         * PlatformMac.cmake:
1442
1443 2016-07-07  Myles C. Maxfield  <mmaxfield@apple.com> and Frédéric Wang  <fred.wang@free.fr>
1444
1445         [Font Loading] The callback passed to document.fonts.ready should always be called
1446         https://bugs.webkit.org/show_bug.cgi?id=158884
1447
1448         Reviewed by Dean Jackson.
1449
1450         The boolean was simply not being reset when loads start.
1451
1452         Test: fast/text/font-face-set-ready-fire.html
1453
1454         * css/FontFaceSet.cpp:
1455         (WebCore::FontFaceSet::startedLoading):
1456         * css/FontFaceSet.h:
1457
1458 2016-07-07  Andy Estes  <aestes@apple.com>
1459
1460         [Content Filtering] Load blocked pages more like other error pages are loaded
1461         https://bugs.webkit.org/show_bug.cgi?id=159485
1462         <rdar://problem/26014076>
1463
1464         Reviewed by Brady Eidson.
1465
1466         Content filter blocked pages were being loaded by cancelling the provisional load of the
1467         page that was blocked and then scheduling a navigation to the content filter error page.
1468         Some clients would not expect a new, Web process-initiated provisional navigation to start
1469         after a cancellation, though, and this would put them in a bad state.
1470         
1471         This patch changes blocked page loading to behave more like loading other error pages.
1472         Specifically:
1473         1. didFailProvisionalLoad is dispatched with a new, non-cancellation error code.
1474         2. The blocked page is loaded immediately after dispatching didFailProvisionalLoad, which
1475            prevents FrameLoader from creating a new back-forward list item for the substitute data load.
1476         3. A substitute data load initiated by the client for the blocked URL is ignored if
1477            ContentFilter will display its own error page.
1478         4. A file: URL is used instead of a custom scheme for the base URL of the blocked page,
1479            since some clients expect this.
1480
1481         Updated existing tests to capture frame load delegate callbacks and the back forward list.
1482         Added new API tests: ContentFiltering.LoadAlternate*.
1483
1484         * English.lproj/Localizable.strings: Added a WebKitErrorFrameLoadBlockedByContentFilter description.
1485         * Resources/ContentFilterBlockedPage.html: Added.
1486         * WebCore.xcodeproj/project.pbxproj: Added ContentFilterBlockedPage.html as a frameowrk resource.
1487         * loader/ContentFilter.cpp:
1488         (WebCore::ContentFilter::stopFilteringMainResource): Only set m_state to Stopped if not
1489         already Blocked, so that we don't forget this ContentFilter was blocked when calling
1490         cancelMailResourceLoad() in didDecide().
1491         (WebCore::ContentFilter::didDecide): Moved code from DocumentLoader::contentFilterDidBlock() to here.
1492         Created a blockedByContentFilterError() and called cancelMainResourceLoad().
1493         (WebCore::blockedPageURL): Returned a file: URL to ContentFilterBlockedPage.html in WebCore.framework.
1494         (WebCore::ContentFilter::continueAfterSubstituteDataRequest): If the substitute data load
1495         is for the same failingURL as the currently-displayed blocked page, ignore it.
1496         (WebCore::ContentFilter::handleProvisionalLoadFailure): Load the blocked page if m_state is Blocked
1497         and the ResourceError matches the error we used when previously calling cancelMainResourceLoad().
1498         (WebCore::ContentFilter::unblockHandler): Deleted.
1499         (WebCore::ContentFilter::replacementData): Deleted.
1500         (WebCore::ContentFilter::unblockRequestDeniedScript): Deleted.
1501         * loader/ContentFilter.h:
1502         * loader/DocumentLoader.cpp:
1503         (WebCore::DocumentLoader::contentFilter): Returned m_contentFilter.
1504         (WebCore::DocumentLoader::installContentFilterUnblockHandler): Deleted.
1505         (WebCore::DocumentLoader::contentFilterDidBlock): Deleted.
1506         * loader/DocumentLoader.h:
1507         * loader/EmptyClients.h: Added a default implementation of blockedByContentFilterError().
1508         * loader/FrameLoader.cpp:
1509         (WebCore::FrameLoader::load): If m_loadType was already RedirectWithLockedBackForwardList
1510         and we are loading subsitute data for a failing URL, continue to use RedirectWithLockedBackForwardList.
1511         This prevents a new back-forward list item from being created when loading a blocked page in a subframe.
1512         (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
1513         Called ContentFilter::handleProvisionalLoadFailure() after dispatchDidFailProvisionalLoad().
1514         (WebCore::FrameLoader::blockedByContentFilterError): Called FrameLoaderClient::blockedByContentFilterError().
1515         * loader/FrameLoader.h:
1516         * loader/FrameLoaderClient.h:
1517         * loader/NavigationScheduler.cpp:
1518         (WebCore::ScheduledSubstituteDataLoad::ScheduledSubstituteDataLoad): Deleted.
1519         (WebCore::NavigationScheduler::scheduleSubstituteDataLoad): Deleted.
1520         * loader/NavigationScheduler.h:
1521         * loader/PolicyChecker.cpp:
1522         (WebCore::PolicyChecker::checkNavigationPolicy): Ignored a substitute data load for a
1523         failing URL if ContentFilter::continueAfterSubstituteDataRequest() returns false.
1524
1525 2016-07-07  Chris Dumez  <cdumez@apple.com>
1526
1527         td / th should be exposed as HTMLTableCellElement objects
1528         https://bugs.webkit.org/show_bug.cgi?id=159518
1529         <rdar://problem/27225436>
1530
1531         Reviewed by Ryosuke Niwa.
1532
1533         td / th should be exposed as HTMLTableCellElement objects:
1534         - https://html.spec.whatwg.org/multipage/tables.html#the-td-element
1535         - https://html.spec.whatwg.org/multipage/tables.html#the-th-element
1536
1537         We were using HTMLTableDataCellElement / HTMLTableHeaderCellElement
1538         sub-types.
1539
1540         Firefox and Chrome match the current specification.
1541
1542         We actually introduced these types recently via Bug 148859 to align
1543         with an older version of the HTML specification. However, it seems the
1544         specification has been updated to match Firefox / Chrome in the mean
1545         time.
1546
1547         Since we have not shipped those subtypes yet, the compatibility risk is
1548         low.
1549
1550         No new tests, rebaselined existing tests.
1551
1552         * CMakeLists.txt:
1553         * DerivedSources.cpp:
1554         * DerivedSources.make:
1555         * WebCore.xcodeproj/project.pbxproj:
1556         * html/HTMLElementsAllInOne.cpp:
1557         * html/HTMLTableCellElement.cpp:
1558         (WebCore::HTMLTableCellElement::create):
1559         (WebCore::HTMLTableCellElement::scope):
1560         (WebCore::HTMLTableCellElement::setScope):
1561         (WebCore::HTMLTableCellElement::setRowSpanForBindings): Deleted.
1562         * html/HTMLTableCellElement.h:
1563         * html/HTMLTableCellElement.idl:
1564         * html/HTMLTableDataCellElement.h: Removed.
1565         * html/HTMLTableDataCellElement.idl: Removed.
1566         * html/HTMLTableHeaderCellElement.cpp: Removed.
1567         * html/HTMLTableHeaderCellElement.h: Removed.
1568         * html/HTMLTableHeaderCellElement.idl: Removed.
1569         * html/HTMLTableRowElement.cpp:
1570         (WebCore::HTMLTableRowElement::insertCell):
1571         * html/HTMLTagNames.in:
1572
1573 2016-07-07  Brady Eidson  <beidson@apple.com>
1574
1575         Modern IDB: When IDBDatabase objects are garbage collected, they don't close their server connection.
1576         <rdar://problem/25910345> and https://bugs.webkit.org/show_bug.cgi?id=159523
1577
1578         Reviewed by Alex Christensen.
1579
1580         Tests: storage/indexeddb/modern/gc-closes-database-private.html
1581                storage/indexeddb/modern/gc-closes-database.html
1582
1583         * Modules/indexeddb/IDBDatabase.cpp:
1584         (WebCore::IDBDatabase::IDBDatabase): New logging.
1585         (WebCore::IDBDatabase::~IDBDatabase): Close server connection.
1586         (WebCore::IDBDatabase::fireVersionChangeEvent): New logging.
1587         (WebCore::IDBDatabase::dispatchEvent): New logging.
1588
1589         * Modules/indexeddb/client/IDBConnectionToServer.cpp:
1590         (WebCore::IDBClient::IDBConnectionToServer::openDatabase): New logging.
1591
1592 2016-07-07  Frederic Wang  <fwang@igalia.com>
1593
1594         Refactor layout functions to avoid using flexbox in MathML
1595         https://bugs.webkit.org/show_bug.cgi?id=153991
1596
1597         Reviewed by Brent Fulgham.
1598
1599         No new tests, already covered by existing tests.
1600
1601         * css/mathml.css:
1602         (math): Change inline mathematical formulas from inline-flex to inline.
1603         (math[display="block"]): Change display mathematical formulas from flex to block and
1604         remove flexbox property justify-content.
1605         (ms, mspace, mtext, mi, mn, mo, mrow, mfenced, mfrac, msub, msup, msubsup, mmultiscripts,
1606          mprescripts, none, munder, mover, munderover, msqrt, mroot, merror, mphantom, mstyle)
1607          menclose, semantics, mpadded, maction): In order to render properly, all children of the
1608          classes derived from RenderMathMLBlock must now be block-level. So we add more elements in
1609          this list and update the display property.
1610         (mtd > *): However, we use inline-block for children of the cell so that the text-align
1611          property is taken into account.
1612         * rendering/RenderBox.cpp:
1613         (WebCore::RenderBox::computeLogicalWidthInRegion): Add a special case for RenderMathMLBlock
1614         to preserve the old behavior.
1615         (WebCore::RenderBox::sizesLogicalWidthToFitContent): Ditto.
1616         * rendering/RenderFlexibleBox.h: No need to override layoutBlock anymore.
1617         * rendering/mathml/RenderMathMLBlock.cpp: Include LayoutRepainter header for use in layoutBlock.
1618         (WebCore::RenderMathMLBlock::RenderMathMLBlock): Inherit from RenderBlock and ensure that
1619         our children are block-level.
1620         (WebCore::RenderMathMLBlock::~RenderMathMLBlock): Added.
1621         (WebCore::RenderMathMLBlock::baselinePosition): If the baselinefirstLineBaseline() is
1622         undefined, just returns 0.
1623         (WebCore::RenderMathMLBlock::paint): Call RenderBlock::paint.
1624         (WebCore::RenderMathMLBlock::layoutItems): Implement a simplified version of
1625         RenderFlexibleBox::layoutItems where we assume horizontal layout for all children.
1626         (WebCore::RenderMathMLBlock::layoutBlock): Add a basic implementation based on
1627         RenderFlexibleBox::layoutBlock.
1628         (WebCore::RenderMathMLBlock::renderName): Deleted. There is now a simple implementation in the header.
1629         * rendering/mathml/RenderMathMLBlock.h: Use RenderBlock instead of RenderFlexibleBox and
1630         define layout functions. Define avoidsFloats and canDropAnonymousBlockChild to preserve
1631         the old behavior and remove isFlexibleBoxImpl.
1632         * rendering/mathml/RenderMathMLFenced.cpp:
1633         (WebCore::RenderMathMLFenced::createMathMLOperator): Use block for anonymous RenderMathMLOperator.
1634         * rendering/mathml/RenderMathMLRow.cpp:
1635         (WebCore::RenderMathMLRow::layoutRowItems): No need to handle the flexbox case anymore.
1636         (WebCore::RenderMathMLRow::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
1637         * rendering/mathml/RenderMathMLRow.h:
1638         * rendering/mathml/RenderMathMLFraction.cpp:
1639         (WebCore::RenderMathMLFraction::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
1640         * rendering/mathml/RenderMathMLFraction.h:
1641         * rendering/mathml/RenderMathMLRoot.cpp:
1642         (WebCore::RenderMathMLRoot::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
1643         * rendering/mathml/RenderMathMLRoot.h:
1644         * rendering/mathml/RenderMathMLScripts.cpp:
1645         (WebCore::RenderMathMLScripts::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
1646         * rendering/mathml/RenderMathMLScripts.h:
1647         * rendering/mathml/RenderMathMLUnderOver.cpp:
1648         (WebCore::RenderMathMLUnderOver::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
1649         * rendering/mathml/RenderMathMLUnderOver.h:
1650
1651 2016-07-07  Antti Koivisto  <antti@apple.com>
1652
1653         REGRESSION (r199054): CrashTracer: [USER] parseWebKit at WebCore: WebCore::RenderBlockFlow::checkFloatsInCleanLine + 107
1654         https://bugs.webkit.org/show_bug.cgi?id=159519
1655
1656         Reviewed by Zalan Bujtas.
1657
1658         Test: fast/inline/trailing-floats-inline-crash.html
1659
1660         * rendering/RenderBlockLineLayout.cpp:
1661         (WebCore::RenderBlockFlow::checkFloatsInCleanLine):
1662
1663             Use the existing deletionHasBegun bit in RenderStyle to assert against this reliably.
1664
1665         * rendering/RenderLineBoxList.cpp:
1666         (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild):
1667
1668             In some cases a special TrailingFloatsRootInlineBox may be added as the last root linebox of a flow.
1669             If it is combined with br the existing invalidation that invalidates the next and previous line may
1670             not be sufficient. Test for this case and invalidate the TrailingFloatsRootInlineBox too if it exists.
1671
1672         * rendering/RootInlineBox.h:
1673         (WebCore::RootInlineBox::isTrailingFloatsRootInlineBox):
1674         * rendering/TrailingFloatsRootInlineBox.h:
1675         * rendering/style/RenderStyle.h:
1676         (WebCore::RenderStyle::deletionHasBegun):
1677
1678             Expose the bit in debug.
1679
1680 2016-07-07  Alex Christensen  <achristensen@webkit.org>
1681
1682         Use SocketProvider to create WebSocketChannels
1683         https://bugs.webkit.org/show_bug.cgi?id=158776
1684
1685         Reviewed by Brent Fulgham.
1686
1687         This patch should have no change in behavior except making an InvalidStateError in
1688         conditions where we should not be able to do networking, like in a detached frame.
1689         It just replaces ThreadableWebSocketChannel::create with SocketProvider::createWebSocketChannel
1690         which does the same thing as ThreadableWebSocketChannel::create for Mac and 
1691         Windows WebKit1.  The WebKit2 implementation is the same right now, but it will
1692         be replaced by a proxy that will do the WebSocket operations in the NetworkProcess.
1693
1694         * Modules/websockets/ThreadableWebSocketChannel.cpp: Removed.
1695         * Modules/websockets/ThreadableWebSocketChannel.h:
1696         (WebCore::ThreadableWebSocketChannel::ThreadableWebSocketChannel):
1697         * Modules/websockets/WebSocket.cpp:
1698         (WebCore::WebSocket::connect):
1699         * Modules/websockets/WebSocketChannel.h:
1700         * Modules/websockets/WorkerThreadableWebSocketChannel.h:
1701         * WebCore.xcodeproj/project.pbxproj:
1702         * dom/Document.cpp:
1703         (WebCore::Document::idbConnectionProxy):
1704         (WebCore::Document::socketProvider):
1705         (WebCore::Document::canNavigate):
1706         * dom/Document.h:
1707         (WebCore::Document::notifyRemovePendingSheetIfNeeded):
1708         * dom/ScriptExecutionContext.h:
1709         * inspector/InspectorOverlay.cpp:
1710         (WebCore::InspectorOverlay::overlayPage):
1711         * loader/EmptyClients.cpp:
1712         (WebCore::EmptyEditorClient::registerRedoStep):
1713         (WebCore::EmptySocketProvider::createWebSocketChannel):
1714         * loader/EmptyClients.h:
1715         * page/Page.h:
1716         * page/PageConfiguration.cpp:
1717         (WebCore::PageConfiguration::PageConfiguration):
1718         * page/PageConfiguration.h:
1719         * page/SocketProvider.h:
1720         (WebCore::SocketProvider::~SocketProvider):
1721         * svg/graphics/SVGImage.cpp:
1722         (WebCore::SVGImage::dataChanged):
1723         * workers/DedicatedWorkerGlobalScope.cpp:
1724         (WebCore::DedicatedWorkerGlobalScope::create):
1725         (WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope):
1726         * workers/DedicatedWorkerGlobalScope.h:
1727         * workers/DedicatedWorkerThread.cpp:
1728         (WebCore::DedicatedWorkerThread::DedicatedWorkerThread):
1729         (WebCore::DedicatedWorkerThread::createWorkerGlobalScope):
1730         (WebCore::DedicatedWorkerThread::runEventLoop):
1731         * workers/DedicatedWorkerThread.h:
1732         * workers/WorkerGlobalScope.cpp:
1733         (WebCore::WorkerGlobalScope::WorkerGlobalScope):
1734         (WebCore::WorkerGlobalScope::disableEval):
1735         (WebCore::WorkerGlobalScope::socketProvider):
1736         (WebCore::WorkerGlobalScope::idbConnectionProxy):
1737         * workers/WorkerGlobalScope.h:
1738         (WebCore::WorkerGlobalScope::script):
1739         * workers/WorkerMessagingProxy.cpp:
1740         (WebCore::WorkerMessagingProxy::startWorkerGlobalScope):
1741         * workers/WorkerThread.cpp:
1742         (WebCore::WorkerThreadStartupData::WorkerThreadStartupData):
1743         (WebCore::WorkerThread::WorkerThread):
1744         (WebCore::WorkerThread::idbConnectionProxy):
1745         (WebCore::WorkerThread::socketProvider):
1746         * workers/WorkerThread.h:
1747         (WebCore::WorkerThread::workerGlobalScope):
1748
1749 2016-07-07  Commit Queue  <commit-queue@webkit.org>
1750
1751         Unreviewed, rolling out r202905 and r202911.
1752         https://bugs.webkit.org/show_bug.cgi?id=159522
1753
1754         This test is fails on El Capitan and Sierra WK1 (Requested by
1755         ryanhaddad on #webkit).
1756
1757         Reverted changesets:
1758
1759         "Add a test for media control dropoff"
1760         https://bugs.webkit.org/show_bug.cgi?id=151287
1761         http://trac.webkit.org/changeset/202905
1762
1763         "Add a test for media control dropoff"
1764         https://bugs.webkit.org/show_bug.cgi?id=151287
1765         http://trac.webkit.org/changeset/202911
1766
1767 2016-07-07  Antoine Quint  <graouts@apple.com>
1768
1769         <img> with a wide gamut PDF does not display using a wide gamut color space
1770         https://bugs.webkit.org/show_bug.cgi?id=158983
1771         <rdar://problem/25720247>
1772
1773         Reviewed by Dean Jackson.
1774
1775         Calls to ImageBuffer::createCompatibleBuffer() that do not provide an explicit
1776         color space will now infer the color space from the provided graphics context
1777         on platforms using CG. The method signature that takes in a GraphicsContext
1778         without a color space is now split into a CG-specified implementation and a
1779         Cairo one to avoid having diverging platform code in ImageBuffer.cpp.
1780
1781         Some call sites need to provide an explicit color space still, so we add a new
1782         ImageBuffer::createCompatibleBuffer() that allows for that while inferring
1783         sizing and scaling from a GraphicsContext.
1784         
1785         All signatures of ImageBuffer::createCompatibleBuffer() are losing the
1786         hasAlpha parameter which was always ignored. All call sites that were using
1787         hasAlpha have been updated.
1788
1789         In addition, we make all the IOSurface and IOSurfacePool code, which is
1790         CG-specific, use the plaform-specific type CGColorSpaceRef instead of ColorSpace
1791         so that we may pick up on the color space copied over from the graphics context
1792         in the CG-specific implementation of ImageBuffer::createCompatibleBuffer().
1793
1794         * html/canvas/CanvasRenderingContext2D.cpp:
1795         (WebCore::CanvasRenderingContext2D::drawTextInternal):
1796         * platform/graphics/BitmapImage.cpp:
1797         (WebCore::BitmapImage::drawPattern):
1798         * platform/graphics/GradientImage.cpp:
1799         (WebCore::GradientImage::drawPattern):
1800         * platform/graphics/ImageBuffer.cpp:
1801         (WebCore::ImageBuffer::createCompatibleBuffer):
1802         * platform/graphics/ImageBuffer.h:
1803         * platform/graphics/NamedImageGeneratedImage.cpp:
1804         (WebCore::NamedImageGeneratedImage::drawPattern):
1805         * platform/graphics/cairo/ImageBufferCairo.cpp:
1806         (WebCore::ImageBuffer::createCompatibleBuffer):
1807         * platform/graphics/cg/IOSurfacePool.cpp:
1808         (WebCore::surfaceMatchesParameters):
1809         (WebCore::IOSurfacePool::takeSurface):
1810         * platform/graphics/cg/IOSurfacePool.h:
1811         * platform/graphics/cg/ImageBufferCG.cpp:
1812         (WebCore::ImageBuffer::createCompatibleBuffer):
1813         (WebCore::ImageBuffer::ImageBuffer):
1814         * platform/graphics/cocoa/IOSurface.h:
1815         * platform/graphics/cocoa/IOSurface.mm:
1816         (WebCore::IOSurface::surfaceFromPool):
1817         (WebCore::IOSurface::create):
1818         (WebCore::IOSurface::createFromSendRight):
1819         (WebCore::IOSurface::createFromSurface):
1820         (WebCore::IOSurface::createFromImage):
1821         (WebCore::IOSurface::IOSurface):
1822         (WebCore::IOSurface::ensurePlatformContext):
1823         * platform/mac/ThemeMac.mm:
1824         (WebCore::ThemeMac::drawCellOrFocusRingWithViewIntoContext):
1825         * platform/spi/cg/CoreGraphicsSPI.h:
1826         * rendering/RenderBoxModelObject.cpp:
1827         (WebCore::RenderBoxModelObject::paintFillLayerExtended):
1828         * rendering/RenderThemeMac.mm:
1829         (WebCore::RenderThemeMac::paintProgressBar):
1830         * rendering/svg/SVGRenderingContext.cpp:
1831         (WebCore::SVGRenderingContext::bufferForeground):
1832         * svg/graphics/SVGImage.cpp:
1833         (WebCore::SVGImage::drawPatternForContainer):
1834
1835 2016-07-07  Beth Dakin  <bdakin@apple.com>
1836
1837         All fullscreen videos should be able the control the controls manager
1838         https://bugs.webkit.org/show_bug.cgi?id=159496
1839         -and corresponding-
1840         rdar://problem/27009446
1841
1842         Reviewed by Eric Carlson.
1843
1844         * html/HTMLMediaElement.cpp:
1845         (WebCore::HTMLMediaElement::fullscreenModeChanged):
1846         * html/MediaElementSession.cpp:
1847         (WebCore::MediaElementSession::canControlControlsManager):
1848
1849 2016-07-07  Jer Noble  <jer.noble@apple.com>
1850
1851         Crash due to HTMLMediaElement at JavaScriptCore: JSC::JSLockHolder::JSLockHolder
1852         https://bugs.webkit.org/show_bug.cgi?id=159517
1853         <rdar://problem/27221109>
1854
1855         Reviewed by Eric Carlson.
1856
1857         When WebKit on iOS gets a notification that the UIProcess has been backgrounded, it sends an
1858         interruption event to the WebProcess to pause any playing HTMLMediaElements. When the
1859         elements which get this interruption have pending promises created during a previous call to
1860         play(), these promises get rejected.
1861
1862         However, if the HTMLMediaElement's document has already been destroyed, the pending Promises
1863         are in an inconsistent state: their script execution context (the document) has been
1864         destroyed, leading to the crash in JSLockHolder.
1865
1866         When HTMLMediaElement is notified that its ScriptExecutionContext has been destroyed, also
1867         clear the list of pending Promises.
1868
1869         * html/HTMLMediaElement.cpp:
1870         (WebCore::HTMLMediaElement::contextDestroyed):
1871
1872 2016-07-05  Jer Noble  <jer.noble@apple.com>
1873
1874         Facebook videos without audio tracks will sometimes cause playback controls to appear.
1875         https://bugs.webkit.org/show_bug.cgi?id=159437
1876
1877         Reviewed by Eric Carlson.
1878
1879         Because updatePlaybackControlsManager() will cause the session manager to walk through all
1880         the outstanding sessions asking if it canControlControlsManager(), some sessions will say
1881         they can control the controls manager if we are currently processing a user gesture. This is
1882         obviously not intended (there may be a user gesture to un-mute video 1, but an unrelated
1883         video 2 should not be allowed to use that use gesture to fulfill its own requirements.)
1884
1885         So in those situations where conditions may have changed and updatePlaybackControlsManager()
1886         needs to be called, instead schedule the update for the next run loop.
1887         
1888         * html/HTMLMediaElement.cpp:
1889         (WebCore::HTMLMediaElement::setMuted):
1890         (WebCore::HTMLMediaElement::layoutSizeChanged):
1891         (WebCore::HTMLMediaElement::updatePlayState):
1892         (WebCore::HTMLMediaElement::createMediaPlayer):
1893         (WebCore::HTMLMediaElement::scheduleUpdatePlaybackControlsManager):
1894         * html/HTMLMediaElement.h:
1895
1896 2016-07-07  Jer Noble  <jer.noble@apple.com>
1897
1898         Unreviewed build fix after r202908. Fix the webPlaybackSessionInterfaceMac @property.
1899
1900         * platform/mac/WebPlaybackControlsManager.h:
1901         * platform/mac/WebPlaybackControlsManager.mm:
1902
1903 2016-07-07  Youenn Fablet  <youenn@apple.com>
1904
1905         [Fetch API] Response constructor should throw in case of bad reason phrase
1906         https://bugs.webkit.org/show_bug.cgi?id=159508
1907
1908         Reviewed by Alex Christensen.
1909
1910         Covered by rebased test.
1911
1912         * Modules/fetch/FetchResponse.cpp:
1913         (WebCore::FetchResponse::initializeWith): Validating reason phrase with new routine.
1914         Throwing a TypeError in case of error.
1915         * platform/network/HTTPParsers.cpp:
1916         (WebCore::isValidReasonPhrase): Added to validate reason phrase according
1917         https://tools.ietf.org/html/rfc7230#section-3.1.2
1918         * platform/network/HTTPParsers.h:
1919
1920 2016-07-07  Youenn Fablet  <youenn@apple.com>
1921
1922         [Fetch API] Response.redirect should throw a RangeError in case of bad status code
1923         https://bugs.webkit.org/show_bug.cgi?id=159507
1924
1925         Reviewed by Alex Christensen.
1926
1927         Covered by rebased test.
1928
1929         * Modules/fetch/FetchResponse.cpp:
1930         (WebCore::FetchResponse::redirect): Throw a RangeError in case of bad status.
1931
1932 2016-07-05  Jer Noble  <jer.noble@apple.com>
1933
1934         Ownership between WebPlaybackSessionInterfaceMac and WebPlaybackControlsManager is backwards.
1935         https://bugs.webkit.org/show_bug.cgi?id=159441
1936
1937         Reviewed by Eric Carlson.
1938
1939         The WebPlaybackControlsManager should own the WebPlaybackSessionInterfaceMac, and not
1940         vice versa.
1941
1942         * platform/mac/WebPlaybackControlsManager.h:
1943         * platform/mac/WebPlaybackControlsManager.mm:
1944         (-[WebPlaybackControlsManager webPlaybackSessionInterfaceMac]):
1945         (-[WebPlaybackControlsManager setWebPlaybackSessionInterfaceMac:]):
1946         * platform/mac/WebPlaybackSessionInterfaceMac.h:
1947         * platform/mac/WebPlaybackSessionInterfaceMac.mm:
1948         (WebCore::WebPlaybackSessionInterfaceMac::playBackControlsManager):
1949
1950 2016-07-07  Eric Carlson  <eric.carlson@apple.com>
1951
1952         Add a test for media control dropoff
1953         https://bugs.webkit.org/show_bug.cgi?id=151287
1954         <rdar://problem/23544666>
1955
1956         Reviewed by Antoine Quint.
1957
1958         Test: media/controls/inline-elements-dropoff-order.html
1959
1960         * Modules/mediacontrols/mediaControlsApple.js: Expose more state to testing.
1961
1962 2016-07-07  Miguel Gomez  <magomez@igalia.com>
1963
1964         [GTK] Painting a video into a canvas doesn't work when accelerated compositing is enabled
1965         https://bugs.webkit.org/show_bug.cgi?id=159405
1966
1967         Reviewed by Xabier Rodriguez-Calvar.
1968
1969         Implement video frame painting to the canvas when accelerated compositing is enabled.
1970
1971         Already covered by existent tests.
1972
1973         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
1974         (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
1975         Replace custom enumeration for the video rotation with the ImageOrientation class.
1976         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1977         (WebCore::MediaPlayerPrivateGStreamerBase::naturalSize):
1978         Replace the orientation value comparison with ImageOrientation::usesWidthAsHeight().
1979         (WebCore::MediaPlayerPrivateGStreamerBase::paint):
1980         Perform the frame painting taking into account the video orientation tag.
1981         (WebCore::MediaPlayerPrivateGStreamerBase::nativeImageForCurrentTime):
1982         Rotate the native image before returning it.
1983         (WebCore::MediaPlayerPrivateGStreamerBase::setVideoSourceOrientation):
1984         Replace custom enumeration for the video rotation with the ImageOrientation class.
1985         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase): Deleted.
1986         Remove orientation initialization.
1987         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
1988         Remove custom enumeration for the video orientation.
1989
1990 2016-07-07  Philippe Normand  <pnormand@igalia.com>
1991
1992         [GStreamer][GL] switch to appsink
1993         https://bugs.webkit.org/show_bug.cgi?id=159466
1994
1995         Reviewed by Carlos Garcia Campos.
1996
1997         Fakesink is mostly used for tests. Appsink provides the same
1998         functionality and is actually meant to be used on application
1999         side.
2000
2001         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2002         (WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
2003         (WebCore::newSampleCallback):
2004         (WebCore::newPrerollCallback):
2005         (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSinkGL):
2006         (WebCore::MediaPlayerPrivateGStreamerBase::drawCallback): Deleted.
2007         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
2008
2009 2016-07-06  Chris Dumez  <cdumez@apple.com>
2010
2011         Document.title setter does not work for SVG documents
2012         https://bugs.webkit.org/show_bug.cgi?id=159503
2013         <rdar://problem/27212313>
2014
2015         Reviewed by Ryosuke Niwa.
2016
2017         Document.title setter should work for SVG documents:
2018         - https://html.spec.whatwg.org/multipage/dom.html#document.title
2019
2020         This patch aligns our behavior with the specification
2021         and with Firefox / Chrome.
2022
2023         No new tests, rebaselined existing test.
2024
2025         * dom/Document.cpp:
2026         (WebCore::Document::setTitle):
2027         - Reverse the if conditions for clarity.
2028         - If the document element is an SVG svg element, create a
2029           SVGTitleElement and insert it as first child of the
2030           document element.
2031         - Call SVGTitleElement::setText() instead of
2032           HTMLTitleElement::setText() at the end of the method if
2033           m_titleElement is a SVGTitleElement.
2034
2035         (WebCore::Document::updateTitleElement):
2036         - If document element is an SVG svg element, use the first
2037           child of the document element that is a SVGTitleElement.
2038
2039         * svg/SVGTitleElement.cpp:
2040         (WebCore::SVGTitleElement::setText):
2041         * svg/SVGTitleElement.h:
2042         Add SVGTitleElement::setText() method that does the same
2043         thing as HTMLTitleElement::setText().
2044
2045 2016-07-06  Chris Dumez  <cdumez@apple.com>
2046
2047         Align Document.body setter with the HTML specification
2048         https://bugs.webkit.org/show_bug.cgi?id=159490
2049
2050         Reviewed by Alex Christensen.
2051
2052         Align Document.body setter with the HTML specification:
2053         - https://html.spec.whatwg.org/multipage/dom.html#dom-document-body
2054
2055         In particular, the following web-exposed changes were made:
2056         - It is now possible to set document.body to a frameset element.
2057         - We no longer call importNode() on the passed in body. Therefore,
2058           if the body comes from another document, its will be adopted /
2059           transferred rather than cloned.
2060
2061         Both changes match the behavior of Firefox and Chrome.
2062
2063         No new tests, updated / rebaselined existing tests.
2064
2065         * dom/Document.cpp:
2066         (WebCore::Document::setBodyOrFrameset):
2067
2068 2016-07-06  Brady Eidson  <beidson@apple.com>
2069
2070         Fix my bogus json I landed earlier today.
2071
2072         * features.json:
2073
2074 2016-07-06  Benjamin Poulain  <bpoulain@apple.com>
2075
2076         [JSC] Unify how we throw TypeError from C++
2077         https://bugs.webkit.org/show_bug.cgi?id=159500
2078
2079         Reviewed by Saam Barati.
2080
2081         * bindings/js/JSBiquadFilterNodeCustom.cpp:
2082         (WebCore::JSBiquadFilterNode::setType):
2083         * bindings/js/JSBlobCustom.cpp:
2084         (WebCore::constructJSBlob):
2085         * bindings/js/JSCryptoKeySerializationJWK.cpp:
2086         (WebCore::getBigIntegerVectorFromJSON):
2087         (WebCore::JSCryptoKeySerializationJWK::JSCryptoKeySerializationJWK):
2088         (WebCore::tryJWKKeyOpsValue):
2089         (WebCore::JSCryptoKeySerializationJWK::reconcileUsages):
2090         (WebCore::JSCryptoKeySerializationJWK::keyDataOctetSequence):
2091         (WebCore::JSCryptoKeySerializationJWK::keyDataRSAComponents):
2092         (WebCore::JSCryptoKeySerializationJWK::keyData):
2093         (WebCore::addJWKAlgorithmToJSON):
2094         (WebCore::JSCryptoKeySerializationJWK::serialize):
2095         * bindings/js/JSCryptoOperationData.cpp:
2096         (WebCore::cryptoOperationDataFromJSValue):
2097         * bindings/js/JSDOMBinding.cpp:
2098         (WebCore::enforceRange):
2099         (WebCore::throwTypeError):
2100         (WebCore::throwArgumentMustBeEnumError):
2101         (WebCore::throwArgumentMustBeFunctionError):
2102         (WebCore::throwArgumentTypeError):
2103         (WebCore::throwArrayElementTypeError):
2104         (WebCore::throwGetterTypeError):
2105         (WebCore::throwThisTypeError):
2106         * bindings/js/JSDataCueCustom.cpp:
2107         (WebCore::constructJSDataCue):
2108         * bindings/js/JSDocumentCustom.cpp:
2109         (WebCore::JSDocument::defineElement):
2110         * bindings/js/JSFileCustom.cpp:
2111         (WebCore::constructJSFile):
2112         * bindings/js/JSModuleLoader.cpp:
2113         (WebCore::JSModuleLoader::evaluate):
2114         * bindings/js/JSMutationObserverCustom.cpp:
2115         (WebCore::constructJSMutationObserver):
2116         * bindings/js/JSOscillatorNodeCustom.cpp:
2117         (WebCore::JSOscillatorNode::setType):
2118         * bindings/js/JSPannerNodeCustom.cpp:
2119         (WebCore::JSPannerNode::setPanningModel):
2120         (WebCore::JSPannerNode::setDistanceModel):
2121         * bindings/js/JSReadableStreamPrivateConstructors.cpp:
2122         (WebCore::constructJSReadableStreamController):
2123         (WebCore::constructJSReadableStreamReader):
2124         * bindings/js/JSSubtleCryptoCustom.cpp:
2125         (WebCore::cryptoKeyFormatFromJSValue):
2126         (WebCore::importKey):
2127         (WebCore::exportKey):
2128         * bindings/js/ReadableStreamController.cpp:
2129         (WebCore::ReadableStreamController::invoke):
2130         * bindings/js/SerializedScriptValue.cpp:
2131         (WebCore::CloneDeserializer::throwValidationError):
2132         (WebCore::SerializedScriptValue::maybeThrowExceptionIfSerializationFailed):
2133         * bridge/c/c_instance.cpp:
2134         (JSC::Bindings::CInstance::invokeMethod):
2135         * bridge/objc/objc_instance.mm:
2136         (ObjcInstance::invokeMethod):
2137         * bridge/objc/objc_runtime.mm:
2138         (JSC::Bindings::ObjcArray::setValueAt):
2139
2140 2016-07-06  Tim Horton  <timothy_horton@apple.com>
2141
2142         Email from June 1st containing text 'Today @ 7:10PM' is linkified, but shouldn't be
2143         https://bugs.webkit.org/show_bug.cgi?id=159498
2144         <rdar://problem/26719903>
2145
2146         Reviewed by Sam Weinig.
2147
2148         New API test: WebKit2.DataDetectionReferenceDate
2149
2150         * editing/cocoa/DataDetection.h:
2151         * editing/cocoa/DataDetection.mm:
2152         (WebCore::DataDetection::detectContentInRange):
2153         Extract the reference date from the DataDetectors context dictionary if it exists,
2154         and pass it along to DataDetectors.
2155
2156         * loader/FrameLoader.cpp:
2157         (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
2158         * loader/FrameLoaderClient.h:
2159         Plumb the DataDetectors context dictionary through from WebPage.
2160
2161 2016-07-06  Chris Dumez  <cdumez@apple.com>
2162
2163         [WK2][Cocoa] Disable ResourceResponse lazy initialization
2164         https://bugs.webkit.org/show_bug.cgi?id=159497
2165         <rdar://problem/27209066>
2166
2167         Reviewed by Alex Christensen.
2168
2169         Add method to Cocoa's ResponseResponse header to disable
2170         lazy initialization.
2171
2172         * platform/network/cf/ResourceResponse.h:
2173         * platform/network/cocoa/ResourceResponseCocoa.mm:
2174         (WebCore::ResourceResponse::disableLazyInitialization):
2175
2176 2016-07-06  Brent Fulgham  <bfulgham@apple.com>
2177
2178         Return values of JSArray::createUninitialized (and related) are not consistently checked for nullptr
2179         https://bugs.webkit.org/show_bug.cgi?id=159495
2180         <rdar://problem/26075433>
2181
2182         Reviewed by Dean Jackson.
2183
2184         Test: fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
2185
2186         * html/ImageData.cpp:
2187         (WebCore::ImageData::ImageData): Assert at construction if we could not create a valid
2188         buffer.
2189         * platform/SharedBuffer.cpp:
2190         (WebCore::SharedBuffer::createArrayBuffer): Check for a null buffer before using it.
2191         * platform/graphics/cg/ImageBufferDataCG.cpp:
2192         (WebCore::ImageBufferData::getData): Ditto.
2193         * platform/graphics/filters/FEGaussianBlur.cpp:
2194         (WebCore::FEGaussianBlur::platformApplySoftware): Ditto.
2195         * platform/graphics/filters/FilterEffect.cpp:
2196         (WebCore::FilterEffect::copyImageBytes): Ditto.
2197         (WebCore::FilterEffect::copyUnmultipliedImage): Ditto.
2198         (WebCore::FilterEffect::copyPremultipliedImage): Ditto.
2199
2200 2016-07-06  Chris Dumez  <cdumez@apple.com>
2201
2202         Document.body should return the first child of the html element that is either a body / frameset element
2203         https://bugs.webkit.org/show_bug.cgi?id=159488
2204
2205         Reviewed by Ryosuke Niwa.
2206
2207         Document.body should return the first child of the html element that is
2208         either a body / frameset element:
2209         - https://html.spec.whatwg.org/multipage/dom.html#dom-document-body
2210         - https://html.spec.whatwg.org/multipage/dom.html#the-body-element-2
2211
2212         We used the first child of the *document* element that is either a
2213         body / frameset element, even if the document element is not an html
2214         element.
2215
2216         Firefox and Chrome match the specification.
2217
2218         Test: imported/w3c/web-platform-tests/html/dom/documents/dom-tree-accessors/Document.body.html
2219
2220         * dom/Document.cpp:
2221         (WebCore::Document::bodyOrFrameset):
2222
2223 2016-07-06  Dean Jackson  <dino@apple.com>
2224
2225         Adopt new PiP glyph
2226         https://bugs.webkit.org/show_bug.cgi?id=159494
2227         <rdar://problem/27061084>
2228
2229         Reviewed by Ada Chan.
2230
2231         We got new artwork for Picture-in-Picture on macOS from
2232         our designers.
2233
2234         * Modules/mediacontrols/mediaControlsApple.css:
2235         (video::-webkit-media-controls-panel .picture-in-picture-button):
2236         (video::-webkit-media-controls-panel .picture-in-picture-button.return-from-picture-in-picture):
2237
2238 2016-07-06  Commit Queue  <commit-queue@webkit.org>
2239
2240         Unreviewed, rolling out r202867.
2241         https://bugs.webkit.org/show_bug.cgi?id=159491
2242
2243         This change caused an existing LayoutTest to crash on ios-
2244         simulator (Requested by ryanhaddad on #webkit).
2245
2246         Reverted changeset:
2247
2248         "<img> with a wide gamut PDF does not display using a wide
2249         gamut color space"
2250         https://bugs.webkit.org/show_bug.cgi?id=158983
2251         http://trac.webkit.org/changeset/202867
2252
2253 2016-07-06  Chris Dumez  <cdumez@apple.com>
2254
2255         [ShadowDOM] assignedSlot property should be on Text, not CharacterData
2256         https://bugs.webkit.org/show_bug.cgi?id=159482
2257         <rdar://problem/27201687>
2258
2259         Reviewed by Ryosuke Niwa.
2260
2261         assignedSlot property should be on Text, not CharacterData as per:
2262         - https://dom.spec.whatwg.org/#mixin-slotable
2263
2264         Align with the latest specification.
2265
2266         No new tests, rebaselined existing test.
2267
2268         * CMakeLists.txt:
2269         * DerivedSources.make:
2270         * WebCore.xcodeproj/project.pbxproj:
2271         * dom/Element.idl:
2272         * dom/NonDocumentTypeChildNode.idl:
2273         * dom/Slotable.idl: Copied from Source/WebCore/dom/NonDocumentTypeChildNode.idl.
2274         * dom/Text.idl:
2275
2276 2016-07-06  Jeremy Jones  <jeremyj@apple.com>
2277
2278         Do not animate video fullscreen exit when page has navigated away.
2279         https://bugs.webkit.org/show_bug.cgi?id=159479
2280
2281         Reviewed by Eric Carlson.
2282
2283         No new tests there is no effect on the DOM. The only effect is to video fullscreen window animation.
2284
2285         When the page has been navigated away, the fullscreen or picture-in-picture window should
2286         not animate back inline in the page, since the page has already navigated to a new page.
2287         Instead exit the fullscreen mode without animating.
2288
2289         * html/HTMLMediaElement.cpp:
2290         (WebCore::HTMLMediaElement::exitFullscreen):
2291
2292 2016-07-06  Jeremy Jones  <jeremyj@apple.com>
2293
2294         Signal that media element is prepared for inline when being stopped since script won't be able to.
2295         https://bugs.webkit.org/show_bug.cgi?id=159163
2296         rdar://problem/26844557
2297
2298         Reviewed by Jer Noble.
2299
2300         No new tests since this don't change behavior in the DOM. It prevents a race that could cause 
2301         fullscreen and picture in picture to fail to tear down completely.
2302   
2303         When an element exits a fullscreen mode and is immediately removed from the DOM by the page, 
2304         its JavaScript stops running. The fullscreen code is then blocked waiting for JS to signal 
2305         that it has updated its state in preparation for inline mode. This change explicitly signals
2306         this since JS wont be able to.
2307
2308         Additionally, when going from PiP back to inline, don't go through fullscreen first, when the 
2309         request comes from the DOM. This was causing the presentation mode to become confused. The
2310         page requests inline. PiP would exit back to fullscreen and set the presentation mode to
2311         fullscreen. Then it would exit fullscreen back to inline, but the DOM still had the wrong
2312         presentation mode. Skipping this removes an unnecessary step in the animation and keeps the
2313         presentation mode state consistent.
2314
2315         * html/HTMLMediaElement.cpp:
2316         (WebCore::HTMLMediaElement::stopWithoutDestroyingMediaPlayer):
2317         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: Set prepared for inline.
2318         (WebVideoFullscreenInterfaceAVKit::exitFullscreen): Return directly to inlne.
2319
2320 2016-07-06  Chris Dumez  <cdumez@apple.com>
2321
2322         Add support for Node.isConnected
2323         https://bugs.webkit.org/show_bug.cgi?id=159474
2324         <rdar://problem/27197947>
2325
2326         Reviewed by Ryosuke Niwa.
2327
2328         Add support for Node.isConnected as per:
2329         - https://dom.spec.whatwg.org/#dom-node-isconnected
2330
2331         Chrome already supports this.
2332
2333         Test: imported/w3c/web-platform-tests/dom/nodes/Node-isConnected.html
2334
2335         * dom/Node.idl:
2336
2337 2016-07-06  Brady Eidson  <beidson@apple.com>
2338
2339         Update IndexedDB's status on the feature page (How had we not done this already?)
2340
2341         Rubberstamped by Sam Weinig.
2342
2343         * features.json:
2344
2345 2016-07-06  Antoine Quint  <graouts@apple.com>
2346
2347         <img> with a wide gamut PDF does not display using a wide gamut color space
2348         https://bugs.webkit.org/show_bug.cgi?id=158983
2349         <rdar://problem/25720247>
2350
2351         Reviewed by Tim Horton.
2352
2353         Calls to ImageBuffer::createCompatibleBuffer() that do not provide an explicit
2354         color space will now infer the color space from the provided graphics context
2355         on platforms using CG. The method signature that takes in a GraphicsContext
2356         without a color space is now split into a CG-specified implementation and a
2357         Cairo one to avoid having diverging platform code in ImageBuffer.cpp.
2358
2359         Some call sites need to provide an explicit color space still, so we add a new
2360         ImageBuffer::createCompatibleBuffer() that allows for that while inferring
2361         sizing and scaling from a GraphicsContext.
2362         
2363         All signatures of ImageBuffer::createCompatibleBuffer() are losing the
2364         hasAlpha parameter which was always ignored. All call sites that were using
2365         hasAlpha have been updated.
2366
2367         In addition, we make all the IOSurface and IOSurfacePool code, which is
2368         CG-specific, use the plaform-specific type CGColorSpaceRef instead of ColorSpace
2369         so that we may pick up on the color space copied over from the graphics context
2370         in the CG-specific implementation of ImageBuffer::createCompatibleBuffer().
2371
2372         * html/canvas/CanvasRenderingContext2D.cpp:
2373         (WebCore::CanvasRenderingContext2D::drawTextInternal):
2374         * platform/graphics/GradientImage.cpp:
2375         (WebCore::GradientImage::drawPattern):
2376         * platform/graphics/ImageBuffer.cpp:
2377         (WebCore::ImageBuffer::createCompatibleBuffer):
2378         * platform/graphics/ImageBuffer.h:
2379         * platform/graphics/NamedImageGeneratedImage.cpp:
2380         (WebCore::NamedImageGeneratedImage::drawPattern):
2381         * platform/graphics/cairo/ImageBufferCairo.cpp:
2382         (WebCore::ImageBuffer::createCompatibleBuffer):
2383         * platform/graphics/cg/IOSurfacePool.cpp:
2384         (WebCore::surfaceMatchesParameters):
2385         (WebCore::IOSurfacePool::takeSurface):
2386         * platform/graphics/cg/IOSurfacePool.h:
2387         * platform/graphics/cg/ImageBufferCG.cpp:
2388         (WebCore::ImageBuffer::createCompatibleBuffer):
2389         (WebCore::ImageBuffer::ImageBuffer):
2390         * platform/graphics/cocoa/IOSurface.h:
2391         * platform/graphics/cocoa/IOSurface.mm:
2392         (WebCore::IOSurface::surfaceFromPool):
2393         (WebCore::IOSurface::create):
2394         (WebCore::IOSurface::createFromSendRight):
2395         (WebCore::IOSurface::createFromSurface):
2396         (WebCore::IOSurface::createFromImage):
2397         (WebCore::IOSurface::IOSurface):
2398         (WebCore::IOSurface::ensurePlatformContext):
2399         * platform/mac/ThemeMac.mm:
2400         (WebCore::ThemeMac::drawCellOrFocusRingWithViewIntoContext):
2401         * platform/spi/cg/CoreGraphicsSPI.h:
2402         * rendering/RenderBoxModelObject.cpp:
2403         (WebCore::RenderBoxModelObject::paintFillLayerExtended):
2404         * rendering/RenderThemeMac.mm:
2405         (WebCore::RenderThemeMac::paintProgressBar):
2406         * rendering/svg/SVGRenderingContext.cpp:
2407         (WebCore::SVGRenderingContext::bufferForeground):
2408         * svg/graphics/SVGImage.cpp:
2409         (WebCore::SVGImage::drawPatternForContainer):
2410
2411 2016-07-06  Tim Horton  <timothy_horton@apple.com>
2412
2413         Long spin editing text at top of message containing Reader version of web page with many GIFs
2414         https://bugs.webkit.org/show_bug.cgi?id=159444
2415         <rdar://problem/26790386>
2416
2417         Reviewed by Sam Weinig.
2418
2419         * editing/cocoa/HTMLConverter.mm:
2420         (fileWrapperForElement):
2421         Instead of looking up the image's data in the cache by URL, just use the
2422         CachedImage on the HTMLImageElement. There are situations (which seem to involve
2423         cloning the DOM then having the cloned DOM get garbage collected) where the image
2424         can be removed from the cache, but still be live in the document.
2425
2426 2016-07-06  Brady Eidson  <beidson@apple.com>
2427
2428         Hold RefPtr<>'s to UniqueIDBDatabases while performing user delete.
2429         https://bugs.webkit.org/show_bug.cgi?id=159471
2430
2431         Reviewed by Brent Fulgham.
2432
2433         * Modules/indexeddb/server/IDBServer.cpp:
2434         (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesModifiedSince):
2435         (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesForOrigins):
2436
2437 2016-07-06  Commit Queue  <commit-queue@webkit.org>
2438
2439         Unreviewed, rolling out r202725.
2440         https://bugs.webkit.org/show_bug.cgi?id=159473
2441
2442         didn't reduce coreui memory usage (Requested by kling on
2443         #webkit).
2444
2445         Reverted changeset:
2446
2447         "[Mac] Get rid of the old timey rubber-banding linen pattern."
2448         https://bugs.webkit.org/show_bug.cgi?id=159329
2449         http://trac.webkit.org/changeset/202725
2450
2451 2016-07-06  Philippe Normand  <pnormand@igalia.com>
2452
2453         [GStreamer] duration query improvements
2454         https://bugs.webkit.org/show_bug.cgi?id=159458
2455
2456         Reviewed by Carlos Garcia Campos.
2457
2458         Currently the player caches the result of the duration query but
2459         this is overkill because it's cached by playbin already. The only
2460         time where the player needs to cache the duration is when EOS was
2461         reached because in that situation the query would fail.
2462
2463         No new tests, existing media tests cover this patch.
2464
2465         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
2466         (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer): Member variables update.
2467         (WebCore::MediaPlayerPrivateGStreamer::load): Stop the fill timer
2468         before loading a new URL, the same player can be used for
2469         different assets.
2470         (WebCore::MediaPlayerPrivateGStreamer::playbackPosition): Perform
2471         a duration query, the duration value is no longer locally cached.
2472         (WebCore::MediaPlayerPrivateGStreamer::duration): Return cached value only after EOS was reached.
2473         (WebCore::MediaPlayerPrivateGStreamer::fillTimerFired): Perform
2474         a duration query, the duration value is no longer locally cached.
2475         (WebCore::MediaPlayerPrivateGStreamer::maxTimeSeekable): Ditto.
2476         (WebCore::MediaPlayerPrivateGStreamer::maxTimeLoaded): Ditto.
2477         (WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress): Ditto.
2478         (WebCore::MediaPlayerPrivateGStreamer::updateStates): Remove duration caching support.
2479         (WebCore::MediaPlayerPrivateGStreamer::didEnd): Ditto.
2480         (WebCore::MediaPlayerPrivateGStreamer::durationChanged): Ditto.
2481         (WebCore::MediaPlayerPrivateGStreamer::cacheDuration): Deleted.
2482         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
2483
2484 2016-07-06  Manuel Rego Casasnovas  <rego@igalia.com>
2485
2486         [css-grid] Height percentages are not properly resolved for item's children
2487         https://bugs.webkit.org/show_bug.cgi?id=159258
2488
2489         Reviewed by Sergio Villar Senin.
2490
2491         When grid items are vertically stretched (default behavior)
2492         they store their height on RenderBox::overrideLogicalContentHeight().
2493         In order to resolve the percentage height on the grid item's children
2494         we need to use that size.
2495
2496         Test: fast/css-grid-layout/percent-resolution-grid-item-children.html
2497
2498         * rendering/RenderBox.cpp:
2499         (WebCore::RenderBox::computePercentageLogicalHeight):
2500
2501 2016-07-06  Zan Dobersek  <zdobersek@igalia.com>
2502
2503         [GTK] Better guard TextureMapper header and CMake includes
2504         https://bugs.webkit.org/show_bug.cgi?id=159415
2505
2506         Reviewed by Carlos Garcia Campos.
2507
2508         * PlatformGTK.cmake: Only include TextureMapper.cmake if USE_TEXTURE_MAPPER is enabled.
2509         * platform/graphics/GraphicsContext3DPrivate.h: Guard texmap header inclusions with USE(TEXTURE_MAPPER).
2510         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h: Ditto, but wrap it around
2511         the existing USE(TEXTURE_MAPPER_GL) block.
2512
2513 2016-07-05  Olivier Blin  <olivier.blin@softathome.com>
2514
2515         [GStreamer] Do not build MediaPlayerPrivateGStreamerOwr when VIDEO is disabled
2516         https://bugs.webkit.org/show_bug.cgi?id=159425
2517
2518         Reviewed by Philippe Normand.
2519
2520         MediaPlayer backends are useful and can be built only when VIDEO is enabled.
2521
2522         No new tests, behavior is unchanged.
2523
2524         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:
2525         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.h:
2526
2527 2016-07-05  Per Arne Vollan  <pvollan@apple.com>
2528
2529         [Win] Layout Test http/tests/security/contentSecurityPolicy/source-list-parsing-10.html is failing
2530         https://bugs.webkit.org/show_bug.cgi?id=147646
2531
2532         Reviewed by Brent Fulgham.
2533
2534         Fix build error when CSP_NEXT is disabled.
2535
2536         * DerivedSources.cpp:
2537
2538 2016-07-05  David Kilzer  <ddkilzer@apple.com>
2539
2540         Throw exceptions for invalid number of channels for ConvolverNode
2541         <https://webkit.org/b/159238>
2542
2543         Reviewed by Brent Fulgham.
2544
2545         Fix based on a Blink change (patch by <rtoy@chromium.org>):
2546         <https://chromium.googlesource.com/chromium/src.git/+/0cc26bbb7175aec77910d0b47faf9f8c8a640fe5>
2547
2548         Also includes a related fix for ReverbConvolverStage (patch by <rtoy@chromium.org>):
2549         <https://src.chromium.org/viewvc/blink?revision=157832&view=revision>
2550
2551         Test: webaudio/convolver-channels.html
2552
2553         * Modules/webaudio/ConvolverNode.cpp:
2554         (WebCore::ConvolverNode::setBuffer): Throw an exception for
2555         anything but 1, 2 or 4 channels.
2556         * platform/audio/ReverbConvolverStage.cpp:
2557         (WebCore::ReverbConvolverStage::ReverbConvolverStage): Don't read past the end of
2558         the impulseResponse array.
2559
2560 2016-07-05  Johan K. Jensen  <jj@johanjensen.dk>
2561
2562         Web Inspector: Sending XHR with UTF8 encoded data shows garbled data in Resource sidebar
2563         https://bugs.webkit.org/show_bug.cgi?id=159358
2564
2565         Reviewed by Joseph Pecoraro.
2566
2567         Test: http/tests/inspector/network/xhr-request-data-encoded-correctly.html
2568
2569         * inspector/InspectorNetworkAgent.cpp:
2570         (WebCore::buildObjectForResourceRequest):
2571         * inspector/NetworkResourcesData.cpp:
2572         (WebCore::NetworkResourcesData::setResourceContent):
2573
2574 2016-07-05  Chris Fleizach  <cfleizach@apple.com>
2575
2576         AX: Image attachment in email does not show up in AX tree
2577         https://bugs.webkit.org/show_bug.cgi?id=159422
2578
2579         Reviewed by Joanmarie Diggs.
2580
2581         When an image loads after the accessibility tree has already been created, the ignored status
2582         of that image does not get updated.
2583
2584         Test: accessibility/image-load-on-delay.html
2585
2586         * rendering/RenderImage.cpp:
2587         (WebCore::RenderImage::imageChanged):
2588
2589 2016-07-05  Alex Christensen  <achristensen@webkit.org>
2590
2591         Fix Windows build.
2592         https://bugs.webkit.org/show_bug.cgi?id=159103
2593
2594         * Modules/indexeddb/IDBActiveDOMObject.h:
2595         (WebCore::IDBActiveDOMObject::callFunctionOnOriginThread):
2596         WTF.
2597
2598 2016-07-05  Enrica Casucci  <enrica@apple.com>
2599
2600         HTMLAttachment elements don't receive clicks after the first on iOS.
2601         https://bugs.webkit.org/show_bug.cgi?id=159310
2602         rdar://problem/25776940
2603
2604         Reviewed by Tim Horton.
2605
2606         shouldSelectOnMouseDown() now returns false on iOS.
2607
2608         * html/HTMLAttachmentElement.h:
2609
2610 2016-07-05  Brady Eidson  <beidson@apple.com>
2611
2612         IDBDatabase can null deref its ScriptExecutionContext inside connectionToServerLost.
2613         <rdar://problem/27169924> and https://bugs.webkit.org/show_bug.cgi?id=159432
2614
2615         Reviewed by Alex Christensen.
2616
2617         No new tests (Targeted test not possible, covered peripherally by all IDB tests).
2618
2619         * Modules/indexeddb/IDBActiveDOMObject.h:
2620         * Modules/indexeddb/IDBDatabase.cpp:
2621         (WebCore::IDBDatabase::connectionToServerLost): Make sure there is still a script execution context.
2622
2623 2016-07-01  Jer Noble  <jer.noble@apple.com>
2624
2625         REGRESSION (r202641): Netflix playback stalls after a few seconds
2626         https://bugs.webkit.org/show_bug.cgi?id=159365
2627
2628         Reviewed by Eric Carlson.
2629
2630         Test: LayoutTests/media/media-source/media-source-small-gap.html
2631
2632         In r202641, we removed a "fudge factor" of 1 millisecond added onto the duration
2633         of every sample for the purposes of calculating a SourceBuffer's buffered ranges.
2634         Netflix (and likely other providers) have streams that have 1 "timeScale" gaps
2635         between segments (e.g., 1/9000s, 1/3003s, etc.). Fill those gaps by looking for
2636         the previous and next samples and extending the buffered range to cover the gaps
2637         if they're short enough. We have to ensure that we correctly remove those extended
2638         durations when we remove samples from the SourceBuffer as well.
2639
2640         * Modules/mediasource/SourceBuffer.cpp:
2641         (WebCore::removeSamplesFromTrackBuffer):
2642         (WebCore::SourceBuffer::removeCodedFrames):
2643         (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
2644
2645 2016-07-05  Brady Eidson  <beidson@apple.com>
2646
2647         Database process crashes deleting a corrupt SQLite database file (null deref).
2648         https://bugs.webkit.org/show_bug.cgi?id=155506.
2649
2650         Reviewed by Alex Christensen.
2651
2652         Covered by new API test.
2653
2654         * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
2655         (WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore): Null check.
2656
2657 2016-07-05  Brady Eidson  <beidson@apple.com>
2658
2659         TransactionOperations can get destroyed on the wrong thread.
2660         https://bugs.webkit.org/show_bug.cgi?id=159103
2661
2662         Reviewed by Alex Christensen.
2663
2664         No new tests (Very racy, not feasible to write a dedicated test for, caught on bots occasionally as-is).
2665
2666         * Modules/indexeddb/IDBActiveDOMObject.h:
2667         (WebCore::IDBActiveDOMObject::callFunctionOnOriginThread):
2668         
2669         * Modules/indexeddb/client/IDBConnectionProxy.cpp:
2670         (WebCore::IDBClient::IDBConnectionProxy::completeOperation): Pass the last ref to the operation to its
2671           origin thread to be deleted there.
2672         
2673         * Modules/indexeddb/client/TransactionOperation.h:
2674         (WebCore::IDBClient::TransactionOperation::performCompleteOnOriginThread):
2675
2676 2016-07-05  Youenn Fablet  <youenn@apple.com>
2677
2678         Remove CredentialRequest ResourceLoaderOptions
2679         https://bugs.webkit.org/show_bug.cgi?id=159404
2680
2681         Reviewed by Sam Weinig.
2682
2683         No observable change of behavior.
2684         Removing CredentialRequest from ResourceLoaderOptions and replacing it by FetchOptions::Credentials.
2685         As per https://fetch.spec.whatwg.org/#http-fetch, credentials flag is set according FetchOptions::Credentials.
2686
2687         * loader/DocumentLoader.cpp:
2688         (WebCore::DocumentLoader::startLoadingMainResource): Set credentials mode to Include.
2689         * loader/DocumentThreadableLoader.cpp:
2690         (WebCore::DocumentThreadableLoader::redirectReceived): Disable credentials if credentials mode is SameOrigin
2691         (request being cross origin).
2692         * loader/MediaResourceLoader.cpp: Refqctoring to use CachedResourceReauest::setAsPotentiallyCrossOrigin.
2693         Removed unnecessary ResourceRequest copy by using the mutable request of CachedResourceRequest.
2694         (WebCore::MediaResourceLoader::requestResource):
2695         * loader/NetscapePlugInStreamLoader.cpp:
2696         (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader): Set credential mode  to Include
2697         * loader/ResourceLoaderOptions.h: Removing CredentialRequest option.
2698         (WebCore::ResourceLoaderOptions::ResourceLoaderOptions):
2699         (WebCore::ResourceLoaderOptions::credentialRequest): Deleted.
2700         (WebCore::ResourceLoaderOptions::setCredentialRequest): Deleted.
2701         * loader/cache/CachedResourceLoader.cpp:
2702         (WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Set credential mode to Include.
2703         (WebCore::CachedResourceLoader::defaultCachedResourceOptions): Ditto.
2704         * loader/cache/CachedResourceRequest.cpp:
2705         (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin): Set credential mode according crossorigin
2706         atribute value.
2707         * loader/icon/IconLoader.cpp:
2708         (WebCore::IconLoader::startLoading): Set credential mode to Omit.
2709         * page/EventSource.cpp:
2710         (WebCore::EventSource::connect): Set credential mode according crossorigin atribute value.
2711         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
2712         (WebCore::WebCoreAVCFResourceLoader::startLoading): Set credential mode to Omit.
2713         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
2714         (WebCore::WebCoreAVFResourceLoader::startLoading): Ditto.
2715         * platform/network/ResourceHandleTypes.h: Removed definition of CredentialRequest.
2716         * xml/XMLHttpRequest.cpp:
2717         (WebCore::XMLHttpRequest::createRequest): Set credential mode according crossorigin atribute value.
2718
2719 2016-07-04  Fujii Hironori  <Hironori.Fujii@sony.com>
2720
2721         [GTK] Null Node dereference in FrameSelection::notifyAccessibilityForSelectionChange of FrameSelectionAtk.cpp
2722         https://bugs.webkit.org/show_bug.cgi?id=159411
2723
2724         Reviewed by Carlos Garcia Campos.
2725
2726         Tests:
2727             editing/selection/selection-in-iframe-removed-crash.html
2728
2729         * editing/atk/FrameSelectionAtk.cpp:
2730         (WebCore::FrameSelection::notifyAccessibilityForSelectionChange):
2731         Added a null check for the return value of containerNode().
2732
2733 2016-07-04  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
2734
2735         [EFL] Remove mac configuration dependency in WebKit Version definition
2736         https://bugs.webkit.org/show_bug.cgi?id=159407
2737
2738         Reviewed by Yusuke Suzuki.
2739
2740         EFL port has been used Version.xconfig file in WebKit/mac/Configurations
2741         in order to generate WebKitVersion.h file. But it can be simply defined
2742         in cmake.
2743
2744         * PlatformEfl.cmake: Remove WebKitVersion.h generation.
2745         * platform/efl/UserAgentEfl.cpp:
2746         (WebCore::versionForUAString): Use USER_AGENT_EFL_MAJOR_VERSION and USER_AGENT_EFL_MINOR_VERSION.
2747
2748 2016-07-04  Carlos Garcia Campos  <cgarcia@igalia.com>
2749
2750         [Coordinated Graphics] Modernize and cleanup CompositingCoordinator
2751         https://bugs.webkit.org/show_bug.cgi?id=159212
2752
2753         Reviewed by Žan Doberšek.
2754
2755         Use references instead of pointers when possible.
2756
2757         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
2758         (WebCore::CoordinatedGraphicsLayer::paintToSurface):
2759         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
2760         * platform/graphics/texmap/coordinated/CoordinatedImageBacking.cpp:
2761         (WebCore::CoordinatedImageBacking::update):
2762         * platform/graphics/texmap/coordinated/CoordinatedImageBacking.h:
2763         * platform/graphics/texmap/coordinated/CoordinatedSurface.h:
2764         * platform/graphics/texmap/coordinated/Tile.cpp:
2765         (WebCore::Tile::updateBackBuffer):
2766         * platform/graphics/texmap/coordinated/TiledBackingStoreClient.h:
2767
2768 2016-07-04  Youenn Fablet  <youenn@apple.com>
2769
2770         Remove RequestOriginPolicy from ResourceLoaderOptions
2771         https://bugs.webkit.org/show_bug.cgi?id=159406
2772
2773         Reviewed by Sam Weinig.
2774
2775         Using FetchOptions::mode in lieu of ResourceLoaderOptions::RequestOriginPolicy.
2776         The cors, no-cors and same-origin values match PotentiallyCrossOriginEnabled,
2777         UseDefaultOriginRestrictionsForType and RestrictToSameOrigin, default being
2778         cors/UseDefaultOriginRestrictionsForType as per fetch specification.
2779
2780         No change of behavior.
2781
2782         * css/CSSImageSetValue.cpp:
2783         (WebCore::CSSImageSetValue::cachedImageSet):
2784         * css/CSSImageValue.cpp:
2785         (WebCore::CSSImageValue::cachedImage):
2786         * loader/DocumentLoader.cpp:
2787         (WebCore::DocumentLoader::startLoadingMainResource):
2788         * loader/MediaResourceLoader.cpp:
2789         (WebCore::MediaResourceLoader::requestResource):
2790         * loader/NetscapePlugInStreamLoader.cpp:
2791         (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader):
2792         * loader/ResourceLoaderOptions.h:
2793         (WebCore::ResourceLoaderOptions::ResourceLoaderOptions):
2794         (WebCore::ResourceLoaderOptions::requestOriginPolicy): Deleted.
2795         (WebCore::ResourceLoaderOptions::setRequestOriginPolicy): Deleted.
2796         * loader/SubresourceLoader.cpp:
2797         (WebCore::SubresourceLoader::init):
2798         (WebCore::SubresourceLoader::willSendRequestInternal):
2799         * loader/cache/CachedResourceLoader.cpp:
2800         (WebCore::CachedResourceLoader::requestUserCSSStyleSheet):
2801         (WebCore::CachedResourceLoader::canRequest):
2802         (WebCore::CachedResourceLoader::defaultCachedResourceOptions):
2803         * loader/cache/CachedResourceRequest.cpp:
2804         (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin):
2805         * loader/icon/IconLoader.cpp:
2806         (WebCore::IconLoader::startLoading):
2807         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
2808         (WebCore::WebCoreAVCFResourceLoader::startLoading):
2809         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
2810         (WebCore::WebCoreAVFResourceLoader::startLoading):
2811         * style/StylePendingResources.cpp:
2812         (WebCore::Style::loadPendingImage):
2813
2814 2016-07-04  Youenn Fablet  <youenn@apple.com>
2815
2816         Shield WebRTC JS built-ins from user scripts
2817         https://bugs.webkit.org/show_bug.cgi?id=155964
2818
2819         Reviewed by Sam Weinig.
2820
2821         Making use of Promise.prototype.@then instead of Promise.prototype.then.
2822         Covered by updated tests.
2823
2824         * Modules/mediastream/RTCPeerConnection.js:
2825         (createOffer):
2826         (createAnswer):
2827         (setLocalDescription):
2828         (setRemoteDescription):
2829         (addIceCandidate):
2830         (getStats):
2831         * Modules/mediastream/RTCPeerConnectionInternals.js:
2832         (enqueueOperation):
2833
2834 2016-07-04  Brady Eidson  <beidson@apple.com>
2835
2836         WebProcesses don't handle DatabaseProcess going away uncleanly..
2837         https://bugs.webkit.org/show_bug.cgi?id=159371
2838
2839         Reviewed by Alex Christensen.
2840
2841         Covered by new API test.
2842
2843         * Modules/indexeddb/IDBDatabase.cpp:
2844         (WebCore::IDBDatabase::didCloseFromServer):
2845         (WebCore::IDBDatabase::connectionToServerLost):
2846         * Modules/indexeddb/IDBDatabase.h:
2847         
2848         * Modules/indexeddb/client/IDBConnectionProxy.cpp:
2849         (WebCore::IDBClient::IDBConnectionProxy::connectionToServerLost): Notify all IDBDatabase
2850           connections, as well as all pending IDBOpenDBRequests, with the error about the
2851           server connection dropping.
2852         * Modules/indexeddb/client/IDBConnectionProxy.h:
2853         
2854         * Modules/indexeddb/client/IDBConnectionToServer.cpp:
2855         (WebCore::IDBClient::IDBConnectionToServer::connectionToServerLost):
2856         * Modules/indexeddb/client/IDBConnectionToServer.h:
2857         
2858         * Modules/indexeddb/shared/IDBError.h:
2859
2860 2016-07-04  Philippe Normand  <pnormand@igalia.com>
2861
2862         Release build with logging enabled fails
2863         https://bugs.webkit.org/show_bug.cgi?id=159403
2864
2865         Reviewed by Žan Doberšek.
2866
2867         Protect logging-related methods with !LOG_DISABLED.
2868
2869         * Modules/indexeddb/IDBDatabaseIdentifier.cpp:
2870         * Modules/indexeddb/IDBDatabaseIdentifier.h:
2871         * Modules/indexeddb/IDBKey.cpp:
2872         * Modules/indexeddb/IDBKey.h:
2873         * Modules/indexeddb/IDBKeyData.cpp:
2874         * Modules/indexeddb/IDBKeyData.h:
2875         * Modules/indexeddb/IDBKeyPath.cpp:
2876         (WebCore::IDBKeyPath::IDBKeyPath):
2877         * Modules/indexeddb/IDBKeyRangeData.cpp:
2878         * Modules/indexeddb/IDBKeyRangeData.h:
2879         * Modules/indexeddb/server/IndexValueEntry.cpp:
2880         (WebCore::IDBServer::IndexValueEntry::Iterator::isValid):
2881         * Modules/indexeddb/server/IndexValueStore.cpp:
2882         * Modules/indexeddb/server/IndexValueStore.h:
2883         * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
2884         (WebCore::IDBServer::MemoryIDBBackingStore::clearObjectStore):
2885         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
2886         (WebCore::IDBServer::UniqueIDBDatabase::isVersionChangeInProgress):
2887         * Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
2888         * Modules/indexeddb/shared/IDBDatabaseInfo.h:
2889         * Modules/indexeddb/shared/IDBIndexInfo.cpp:
2890         * Modules/indexeddb/shared/IDBIndexInfo.h:
2891         * Modules/indexeddb/shared/IDBObjectStoreInfo.cpp:
2892         * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
2893         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
2894         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
2895         * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
2896         * Modules/indexeddb/shared/IDBTransactionInfo.h:
2897         * page/SecurityOriginData.cpp:
2898         * page/SecurityOriginData.h:
2899
2900 2016-07-04  Commit Queue  <commit-queue@webkit.org>
2901
2902         Unreviewed, rolling out r202556.
2903         https://bugs.webkit.org/show_bug.cgi?id=159399
2904
2905         introduces deadlocks (Requested by philn on #webkit).
2906
2907         Reverted changeset:
2908
2909         "[GStreamer] improved duration query support in the HTTP
2910         source element"
2911         https://bugs.webkit.org/show_bug.cgi?id=159204
2912         http://trac.webkit.org/changeset/202556
2913
2914 2016-07-03  Carlos Garcia Campos  <cgarcia@igalia.com>
2915
2916         [image-decoders] Make ImageDecoder::size() lazily decode the image if needed to return a valid size
2917         https://bugs.webkit.org/show_bug.cgi?id=159297
2918
2919         Reviewed by Antonio Gomes.
2920
2921         It's otherwise confusing leading to bugs like #159089.
2922
2923         * platform/image-decoders/ImageDecoder.cpp:
2924         (WebCore::ImageDecoder::createFrameImageAtIndex): Check the size at the beginning and return early if it's
2925         empty. We no longer need to check the size after calling frameBufferAtIndex().
2926         * platform/image-decoders/ImageDecoder.h:
2927         (WebCore::ImageDecoder::size): Check first is size is available, which lazily decodes the image.
2928         (WebCore::ImageDecoder::scaledSize): Remove const.
2929         (WebCore::ImageDecoder::frameSizeAtIndex): Ditto.
2930         * platform/image-decoders/ico/ICOImageDecoder.cpp:
2931         (WebCore::ICOImageDecoder::size): Ditto.
2932         (WebCore::ICOImageDecoder::frameSizeAtIndex): Ditto.
2933         * platform/image-decoders/ico/ICOImageDecoder.h:
2934
2935 2016-07-02  Youenn Fablet  <youenn@apple.com>
2936
2937         Synchronous preflight checker should set loading options to not use credentials
2938         https://bugs.webkit.org/show_bug.cgi?id=159351
2939
2940         Reviewed by Alex Christensen.
2941
2942         Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials.
2943
2944         No change of behavior as preflight request is expressly set to not use credentials in
2945         createAccessControlPreflightRequest.
2946
2947         * loader/CrossOriginPreflightChecker.cpp:
2948         (WebCore::CrossOriginPreflightChecker::doPreflight):
2949
2950 2016-07-01  Commit Queue  <commit-queue@webkit.org>
2951
2952         Unreviewed, rolling out r202766.
2953         https://bugs.webkit.org/show_bug.cgi?id=159382
2954
2955         The new test asserts every time (Requested by ap on #webkit).
2956
2957         Reverted changeset:
2958
2959         "Web Inspector: Sending XHR with UTF8 encoded data shows
2960         garbled data in Resource sidebar"
2961         https://bugs.webkit.org/show_bug.cgi?id=159358
2962         http://trac.webkit.org/changeset/202766
2963
2964 2016-07-01  Zalan Bujtas  <zalan@apple.com>
2965
2966         prepareForDestruction() always needs to be called before destroying the Document object.
2967         https://bugs.webkit.org/show_bug.cgi?id=159372
2968         rdar://problem/26788150
2969
2970         Reviewed by Antti Koivisto.
2971
2972         We should never start destroying the Document object without calling prepareForDestruction() first.
2973         It ensures that render tree gets nuked before we start tearing down the node tree.
2974
2975         Test: fast/history/page-cache-destroy-document.html
2976
2977         * dom/Document.cpp:
2978         (WebCore::Document::removedLastRef):
2979
2980 2016-07-01  Johan K. Jensen  <jj@johanjensen.dk>
2981
2982         Web Inspector: Sending XHR with UTF8 encoded data shows garbled data in Resource sidebar
2983         https://bugs.webkit.org/show_bug.cgi?id=159358
2984
2985         Reviewed by Joseph Pecoraro.
2986
2987         Test: http/tests/inspector/network/xhr-request-data-encoded-correctly.html
2988
2989         * inspector/InspectorNetworkAgent.cpp:
2990         (WebCore::buildObjectForResourceRequest):
2991
2992 2016-07-01  Dean Jackson  <dino@apple.com>
2993
2994         "image-src" support is missing. We only support "-webkit-image-src"
2995         https://bugs.webkit.org/show_bug.cgi?id=159373
2996         <rdar://problem/27140443>
2997
2998         Patch by Brent Fulgham and Dean Jackson.
2999         Reviewed by Dean Jackson and Brent Fulgham.
3000
3001         Support unprefixed image-set.
3002
3003         Test: fast/css/image-set-unprefixed.html
3004
3005         * css/CSSImageSetValue.cpp:
3006         (WebCore::CSSImageSetValue::customCSSText):
3007         * css/CSSParser.cpp:
3008         (WebCore::isImageSetFunctionValue): New helper function
3009         that checks prefixed and unprefixed form.
3010         (WebCore::CSSParser::parseValue): Use the helper.
3011         (WebCore::CSSParser::parseContent):
3012         (WebCore::CSSParser::parseFillImage):
3013         (WebCore::CSSParser::parseBorderImage):
3014
3015 2016-07-01  Chris Dumez  <cdumez@apple.com>
3016
3017         Possible null Range dereference under AXObjectCache::visiblePositionFromCharacterOffset()
3018         https://bugs.webkit.org/show_bug.cgi?id=159330
3019         <rdar://problem/27123752>
3020
3021         Reviewed by Benjamin Poulain.
3022
3023         rangeForUnorderedCharacterOffsets() can return a null Range but we failed
3024         to do a null check before dereferencing it.
3025
3026         * accessibility/AXObjectCache.cpp:
3027         (WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
3028
3029 2016-07-01  Chris Dumez  <cdumez@apple.com>
3030
3031         Regression(r199087): window.focus() / window.close() can no longer be called by a Window's opener
3032         https://bugs.webkit.org/show_bug.cgi?id=159364
3033         <rdar://problem/27117169>
3034
3035         Reviewed by Gavin Barraclough.
3036
3037         window.focus() / window.close() could no longer be called by a Window's opener
3038         after r199087, which would break focusing of open iWork documents on icloud.com.
3039
3040         Before r199087, we would construct a new function in the caller's context every
3041         time window.focus and window.close was accessed. r199087 fixed the issue so that
3042         we always call the same function. However, those functions are using
3043         [CallWith=Document] and they are were no longer passed the *caller*'s document
3044         as a result. This broke focus / close permission checking as the code needed the
3045         caller's document to do the check.
3046
3047         This patch introduces [CallWith=CallerDocument] and [CallWith=CallerWindow] so
3048         that the implementation can now pass the caller's Document / Window to the
3049         implementation. The bindings rely on JSDOMWindow's callerDOMWindow() to get the
3050         caller DOMWindow / document. This new functionality is now used for window.close
3051         and window.focus to unbreak their permission checking.
3052
3053         Test: fast/dom/Window/child-window-focus.html
3054
3055         * bindings/scripts/CodeGeneratorJS.pm:
3056         (GenerateCallWith):
3057         * bindings/scripts/IDLAttributes.txt:
3058         * page/DOMWindow.cpp:
3059         (WebCore::DOMWindow::focus):
3060         * page/DOMWindow.h:
3061         * page/DOMWindow.idl:
3062
3063 2016-07-01  Chris Dumez  <cdumez@apple.com>
3064
3065         [iOS] Possible null Range dereference under computeAutocorrectionContext()
3066         https://bugs.webkit.org/show_bug.cgi?id=159328
3067         <rdar://problem/26766720>
3068
3069         Reviewed by Benjamin Poulain.
3070
3071         * editing/Editor.cpp:
3072         (WebCore::Editor::compositionRange):
3073         * editing/Editor.h:
3074         Update to return a RefPtr instead of a PassRefPtr and use nullptr
3075         instead of 0 in the implementation.
3076
3077 2016-07-01  Jon Davis  <jond@apple.com>
3078
3079         Updated Picture element and WOFF 2 status
3080         https://bugs.webkit.org/show_bug.cgi?id=159356
3081
3082         Reviewed by Timothy Hatcher.
3083         
3084         Status updates and clean-up to move Web Animations and Resource Timing entries from JSC to WebCore.
3085
3086         * features.json:
3087
3088 2016-07-01  Andreas Kling  <akling@apple.com>
3089
3090         Add early return when processing content extensions if there aren't any.
3091         <https://webkit.org/b/159363>
3092
3093         Reviewed by Antti Koivisto.
3094
3095         Short-circuit outta there if there aren't any extensions to query.
3096
3097         * contentextensions/ContentExtensionsBackend.cpp:
3098         (WebCore::ContentExtensions::ContentExtensionsBackend::processContentExtensionRulesForLoad):
3099
3100 2016-07-01  Eric Carlson  <eric.carlson@apple.com>
3101
3102         HTMLMediaElement::resume() may cause JavaScript execution
3103         https://bugs.webkit.org/show_bug.cgi?id=159327
3104         <rdar://problem/27131641>
3105
3106         Reviewed by Jer Noble.
3107
3108         HTMLMediaElement::updatePlayState can cause an element to begin playing and enter fullscreen,
3109         which can result in a call to the media controls and JavaScript execution. Javascript is not
3110         allowed allowed to run when a page resumes, so make the call to updatePlayState asynchronous.
3111
3112         No new tests, I wasn't able to create a test that triggers the crash.
3113
3114         * html/HTMLMediaElement.cpp:
3115         (WebCore::HTMLMediaElement::scheduleDelayedAction): Support UpdatePlayState.
3116         (WebCore::HTMLMediaElement::pendingActionTimerFired): Ditto.
3117         (WebCore::HTMLMediaElement::setReadyState): UpdateMediaState -> UpdateState.
3118         (WebCore::HTMLMediaElement::playInternal): Don't call updateMediaController, it is called
3119           by updatePlayState.
3120         (WebCore::HTMLMediaElement::setMuted): UpdateMediaState -> UpdateState.
3121         (WebCore::HTMLMediaElement::mediaPlayerTimeChanged): Ditto.
3122         (WebCore::HTMLMediaElement::mediaEngineWasUpdated): Update media state asynchronously.
3123         (WebCore::HTMLMediaElement::updatePlayState): Add parameter to allow update to happen
3124           asynchronously.
3125         (WebCore::HTMLMediaElement::setPlaying): UpdateMediaState -> UpdateState.
3126         (WebCore::HTMLMediaElement::setPausedInternal): Update media state asynchronously.
3127         (WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged):  
3128           UpdateMediaState -> UpdateState.
3129         (WebCore::HTMLMediaElement::removeEventListener): Ditto.
3130         (WebCore::HTMLMediaElement::enqueuePlaybackTargetAvailabilityChangedEvent): Ditto.
3131         (WebCore::HTMLMediaElement::updateMediaState): UpdateMediaState -> UpdateState
3132         * html/HTMLMediaElement.h:
3133         * html/HTMLMediaElementEnums.h: Add UpdatePlayState.
3134
3135 2016-07-01  Brady Eidson  <beidson@apple.com>
3136
3137         Blob content type not preserved when retrieving blobs from IndexedDB.
3138         <rdar://problem/27057357> and https://bugs.webkit.org/show_bug.cgi?id=159360
3139
3140         Reviewed by Alex Christensen.
3141
3142         Test: storage/indexeddb/modern/blob-svg-image.html
3143
3144         * fileapi/Blob.cpp:
3145         (WebCore::Blob::Blob):
3146
3147         * fileapi/ThreadableBlobRegistry.cpp:
3148         (WebCore::postToMainThread):
3149         (WebCore::ThreadableBlobRegistry::registerBlobURLOptionallyFileBacked): Pass along the content type
3150           to the blob registry so that if the file-backed blob takes over, it has the content type.
3151         (WebCore::threadableQueue): Deleted.
3152         * fileapi/ThreadableBlobRegistry.h:
3153
3154         * platform/network/BlobRegistry.h:
3155
3156         * platform/network/BlobRegistryImpl.cpp:
3157         (WebCore::BlobRegistryImpl::registerBlobURL):
3158         (WebCore::BlobRegistryImpl::registerBlobURLOptionallyFileBacked):
3159         * platform/network/BlobRegistryImpl.h:
3160
3161 2016-07-01  Youenn Fablet  <youenn@apple.com>
3162
3163         Make ResourceLoaderOptions derive from FetchOptions
3164         https://bugs.webkit.org/show_bug.cgi?id=159345
3165
3166         Reviewed by Alex Christensen.
3167
3168         No change of behavior.
3169
3170         * Modules/fetch/FetchLoader.cpp:
3171         (WebCore::FetchLoader::start):
3172         * loader/CrossOriginPreflightChecker.cpp:
3173         (WebCore::CrossOriginPreflightChecker::startPreflight):
3174         * loader/ResourceLoaderOptions.h:
3175         (WebCore::ResourceLoaderOptions::fetchOptions): Deleted.
3176         (WebCore::ResourceLoaderOptions::setFetchOptions): Deleted.
3177         * loader/SubresourceLoader.cpp:
3178         (WebCore::SubresourceLoader::willSendRequestInternal):
3179         * loader/ThreadableLoader.h: Removing securityOrigin field (left over from https://bugs.webkit.org/show_bug.cgi?id=159221)
3180
3181 2016-07-01  Per Arne Vollan  <pvollan@apple.com>
3182
3183         [Win] Animations tests are crashing in debug mode.
3184         https://bugs.webkit.org/show_bug.cgi?id=159335
3185
3186         Reviewed by Alex Christensen.
3187
3188         A MSVC runtime check fails because an uninitialized variable is being used.
3189
3190         * css/StyleResolver.cpp:
3191         (WebCore::StyleResolver::keyframeStylesForAnimation):
3192
3193 2016-07-01  Youenn Fablet  <youennf@gmail.com>
3194
3195         Add a runtime flag for DOM iterators
3196         https://bugs.webkit.org/show_bug.cgi?id=159300
3197
3198         Reviewed by Alex Christensen.
3199
3200         * Modules/fetch/FetchHeaders.idl: Making iterator runtime-enabled.
3201         * bindings/generic/RuntimeEnabledFeatures.h:
3202         (WebCore::RuntimeEnabledFeatures::setDOMIteratorEnabled):
3203         (WebCore::RuntimeEnabledFeatures::domIteratorEnabled):
3204         * bindings/scripts/CodeGeneratorJS.pm:
3205         (ToMethodName): Fixing dOM -> dom casing issue.
3206         (GenerateImplementation): Using addIterableProperties new method.
3207         (addIterableProperties): Activating property addition according runtime flag if iterator is rnutime flagged.
3208         * bindings/scripts/IDLParser.pm:
3209         (parseOptionalIterableInterface): Adding extendedAttributes to iterable.
3210         * bindings/scripts/test/JS/JSTestNode.cpp:
3211         (WebCore::JSTestNodePrototype::finishCreation):
3212         * bindings/scripts/test/JS/JSTestObj.cpp:
3213         (WebCore::JSTestObjPrototype::finishCreation):
3214         * bindings/scripts/test/TestNode.idl: Making iterator runtime-enabled.
3215         * bindings/scripts/test/TestObj.idl: Ditto.
3216         * css/FontFaceSet.idl: Ditto.
3217         * dom/NodeList.idl: Ditto.
3218
3219 2016-07-01  Frederic Wang  <fwang.igalia.com>
3220
3221         Eliminate trailing whitespace in MathML code
3222         https://bugs.webkit.org/show_bug.cgi?id=159091
3223
3224         Reviewed by Alex Christensen.
3225
3226         No new tests, behavior is unchanged.
3227
3228         * rendering/mathml/RenderMathMLBlock.cpp:
3229         (WebCore::RenderMathMLBlock::baselinePosition):
3230         (WebCore::RenderMathMLBlock::paint):
3231         (WebCore::parseMathMLNamedSpace):
3232         * rendering/mathml/RenderMathMLBlock.h:
3233         * rendering/mathml/RenderMathMLFenced.cpp:
3234         (WebCore::RenderMathMLFenced::updateFromElement):
3235         (WebCore::RenderMathMLFenced::addChild):
3236         * rendering/mathml/RenderMathMLFenced.h:
3237         * rendering/mathml/RenderMathMLFraction.cpp:
3238         (WebCore::RenderMathMLFraction::styleDidChange):
3239         (WebCore::RenderMathMLFraction::paint):
3240         * rendering/mathml/RenderMathMLFraction.h:
3241         * rendering/mathml/RenderMathMLMath.h:
3242         * rendering/mathml/RenderMathMLMenclose.h:
3243         * rendering/mathml/RenderMathMLOperator.cpp:
3244         * rendering/mathml/RenderMathMLOperator.h:
3245         * rendering/mathml/RenderMathMLRoot.cpp:
3246         (WebCore::RenderMathMLRoot::paint):
3247         * rendering/mathml/RenderMathMLScripts.cpp:
3248         * rendering/mathml/RenderMathMLSpace.cpp:
3249         * rendering/mathml/RenderMathMLSpace.h:
3250         * rendering/mathml/RenderMathMLToken.h:
3251         * rendering/mathml/RenderMathMLUnderOver.cpp:
3252         * rendering/mathml/RenderMathMLUnderOver.h:
3253
3254 2016-07-01  Frederic Wang  <fwang@igalia.com>
3255
3256         Small cleanup: Remove unused functions RenderObject::isRenderMathML*Wrapper
3257         https://bugs.webkit.org/show_bug.cgi?id=159333
3258
3259         Reviewed by Alex Christensen.
3260
3261         After the refactoring of RenderMathMLRoot and RenderMathMLScripts, the anonymous flexbox
3262         wrappers used in the old layout implementation have been removed. We thus remove the
3263         corresponding isRender* function from RenderObject.
3264
3265         No new tests, behavior is unchanged.
3266
3267         * rendering/RenderObject.h:
3268         (WebCore::RenderObject::isRenderMathMLRootWrapper): Deleted.
3269         (WebCore::RenderObject::isRenderMathMLScriptsWrapper): Deleted.
3270
3271 2016-07-01  Andreas Kling  <akling@apple.com>
3272
3273         [Mac] Get rid of the old timey rubber-banding linen pattern.
3274         <https://webkit.org/b/159329>
3275
3276         Reviewed by Benjamin Poulain.
3277
3278         Remove the "ScrollingOverhang" custom GraphicsLayer appearance since that was only used to
3279         install the old timey linen pattern behind the web content.
3280
3281         We now always just set the overhang area's background color to the document background color.
3282
3283         This fixes an issue where we could end up loading the linen pattern and keeping it in memory
3284         despite never actually showing it on screen.
3285
3286         * platform/ScrollbarTheme.h:
3287         (WebCore::ScrollbarTheme::setUpOverhangAreasLayerContents): Deleted.
3288         * platform/graphics/GraphicsLayer.cpp:
3289         * platform/graphics/GraphicsLayer.h:
3290         * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
3291         (PlatformCALayerCocoa::updateCustomAppearance):
3292         * platform/mac/ScrollbarThemeMac.h:
3293         * platform/mac/ScrollbarThemeMac.mm:
3294         (WebCore::linenBackgroundColor): Deleted.
3295         (WebCore::ScrollbarThemeMac::setUpOverhangAreaBackground): Deleted.
3296         (WebCore::ScrollbarThemeMac::removeOverhangAreaBackground): Deleted.
3297         (WebCore::ScrollbarThemeMac::setUpOverhangAreasLayerContents): Deleted.
3298         * rendering/RenderLayerCompositor.cpp:
3299         (WebCore::RenderLayerCompositor::updateOverflowControlsLayers):
3300         (WebCore::RenderLayerCompositor::setRootExtendedBackgroundColor):
3301
3302 2016-06-30  Jiewen Tan  <jiewen_tan@apple.com>
3303
3304         Create a generic "linked-on-or-after" check for new CSP Rules
3305         https://bugs.webkit.org/show_bug.cgi?id=159322
3306         <rdar://problem/27117220>
3307
3308         Reviewed by Brent Fulgham.
3309
3310         Create a generic "linked-on-or-after" check for new CSP Rules and cleanup
3311         quirks for Ecobee, Quora and XtraMat.
3312
3313         * platform/RuntimeApplicationChecks.h:
3314         * platform/RuntimeApplicationChecks.mm:
3315         (WebCore::IOSApplication::isEcobee): Deleted.
3316         (WebCore::IOSApplication::isQuora): Deleted.
3317         (WebCore::IOSApplication::isXtraMath): Deleted.
3318
3319 2016-06-30  Antti Koivisto  <antti@apple.com>
3320
3321         WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()
3322         https://bugs.webkit.org/show_bug.cgi?id=159307
3323         <rdar://problem/26184868>
3324
3325         Reviewed by Andreas Kling.
3326
3327         Pseudo elements are resolved in RenderTreeUpdater (instead of Style::TreeResolver). Their resolution may trigger
3328         resource loads which can cause synchronous layout (when failing synchronously) and lead to destruction of the
3329         the style resolver in post layout task.
3330
3331         No known reliable way to test this.
3332
3333         * style/RenderTreeUpdater.cpp:
3334         (WebCore::RenderTreeUpdater::commit):
3335
3336             Use PostResolutionCallbackDisabler in RenderTreeUpdater similarly to Style::TreeResolver. This prevents
3337             post layout tasks from running synchronously and closes this particular crash path.
3338
3339 2016-06-30  Antoine Quint  <graouts@apple.com>
3340
3341         Drawing an SVG image into a <canvas> that is not in the DOM draws the wrong region
3342         https://bugs.webkit.org/show_bug.cgi?id=159276
3343
3344         Reviewed by Dean Jackson.
3345
3346         In the event where the <img> element that we are passing to CanvasRenderingContext2D.drawImage()
3347         points to an SVG resource, we ensure that the container for the SVG image is sized to match the
3348         HTML element. The necessity for setting this container size, explained in webkit.org/b/148845,
3349         is that we must ensure a cached image does not have an outdated container size.
3350
3351         Tests: svg/as-image/img-with-svg-resource-in-dom-and-drawImage.html
3352                svg/as-image/img-with-svg-resource-in-dom-no-size-and-drawImage.html
3353                svg/as-image/img-with-svg-resource-not-in-dom-and-drawImage.html
3354                svg/as-image/img-with-svg-resource-not-in-dom-no-size-and-drawImage.html
3355
3356         * html/canvas/CanvasRenderingContext2D.cpp:
3357         (WebCore::CanvasRenderingContext2D::drawImage):
3358
3359 2016-06-30  Eric Carlson  <eric.carlson@apple.com>
3360
3361         getUserMedia() exposed, but not functional
3362         https://bugs.webkit.org/show_bug.cgi?id=158393
3363         <rdar://problem/26642259>
3364
3365         Reviewed by Dean Jackson.
3366         
3367         Set default value of the Media Stream runtime flag to false on Mac OS X and iOS until the
3368         browser support is in place.
3369
3370         * bindings/generic/RuntimeEnabledFeatures.cpp:
3371         (WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures): Disable media stream by default
3372         on Mac OS X and iOS.
3373         * bindings/generic/RuntimeEnabledFeatures.h:
3374
3375 2016-06-30  Commit Queue  <commit-queue@webkit.org>
3376
3377         Unreviewed, rolling out r202676.
3378         https://bugs.webkit.org/show_bug.cgi?id=159314
3379
3380         This change caused storage/websql tests to crash on Mac and
3381         iOS WK1 (Requested by ryanhaddad on #webkit).
3382
3383         Reverted changeset:
3384
3385         "Purge PassRefPtr in Modules/webdatabase"
3386         https://bugs.webkit.org/show_bug.cgi?id=159255
3387         http://trac.webkit.org/changeset/202676
3388
3389 2016-06-30  Antoine Quint  <graouts@apple.com>
3390
3391         [iOS] Media controls are too cramped with small video
3392         https://bugs.webkit.org/show_bug.cgi?id=158815
3393         <rdar://problem/26824238>
3394
3395         Reviewed by Eric Carlson.
3396
3397         In updateLayoutForDisplayedWidth(), we try to ensure a minimum width is guaranteed
3398         for the progress indicator. However, we were not accounting for the width used by
3399         the current and remaining time labels on either side of it, so we would incorrectly
3400         conclude that we were guaranteeing the minimum time and yield incorrect layouts since
3401         we were trying to fit more buttons than we had room for.
3402
3403         In order to correctly compute the available width for the progress indicator, we now
3404         have clones of the current and remaining time labels, hidden from video and VoiceOver,