[cmake] Consolidate building of GStreamer and OpenWebRTC code.
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-02-13  Konstantin Tokarev  <annulen@yandex.ru>
2
3         [cmake] Consolidate building of GStreamer and OpenWebRTC code.
4         https://bugs.webkit.org/show_bug.cgi?id=154116
5
6         Reviewed by Michael Catanzaro.
7
8         No new tests needed.
9
10         * PlatformEfl.cmake: Migrated shared code to GStreamer.cmake.
11         * PlatformGTK.cmake: Ditto.
12         * platform/GStreamer.cmake: Added.
13
14 2016-02-13  Mark Lam  <mark.lam@apple.com>
15
16         Add thread violation checks to WebView public APIs.
17         https://bugs.webkit.org/show_bug.cgi?id=154183
18
19         Reviewed by Timothy Hatcher.
20
21         No new tests.  Just adding a new thread violation round.
22
23         * platform/ThreadCheck.h:
24         * platform/mac/ThreadCheck.mm:
25         - Adding WebCoreThreadViolationCheckRoundThree().
26
27 2016-02-12  Nan Wang  <n_wang@apple.com>
28
29         AX: Implement paragraph related text marker functions using TextIterator
30         https://bugs.webkit.org/show_bug.cgi?id=154098
31         <rdar://problem/24269675>
32
33         Reviewed by Chris Fleizach.
34
35         Using CharacterOffset to implement paragraph related text marker calls. Reused
36         logic from VisibleUnits class. And refactored textMarkerForCharacterOffset method
37         to get better performance. Also fixed an issue where we can't navigate through a text
38         node with line breaks in it using next/previousCharacterOffset call.
39
40         Test: accessibility/mac/text-marker-paragraph-nav.html
41
42         * accessibility/AXObjectCache.cpp:
43         (WebCore::AXObjectCache::traverseToOffsetInRange):
44         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
45         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
46         (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
47         (WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
48         (WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
49         (WebCore::AXObjectCache::nextNode):
50         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
51         (WebCore::AXObjectCache::nextCharacterOffset):
52         (WebCore::AXObjectCache::previousCharacterOffset):
53         (WebCore::startWordBoundary):
54         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
55         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
56         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
57         (WebCore::AXObjectCache::previousWordBoundary):
58         (WebCore::AXObjectCache::startCharacterOffsetOfParagraph):
59         (WebCore::AXObjectCache::endCharacterOffsetOfParagraph):
60         (WebCore::AXObjectCache::paragraphForCharacterOffset):
61         (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
62         (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
63         (WebCore::AXObjectCache::rootAXEditableElement):
64         * accessibility/AXObjectCache.h:
65         (WebCore::CharacterOffset::remaining):
66         (WebCore::CharacterOffset::isNull):
67         (WebCore::CharacterOffset::isEqual):
68         (WebCore::AXObjectCache::isNodeInUse):
69         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
70         (+[WebAccessibilityTextMarker textMarkerWithCharacterOffset:cache:]):
71         (-[WebAccessibilityObjectWrapper nextMarkerForCharacterOffset:]):
72         (-[WebAccessibilityObjectWrapper previousMarkerForCharacterOffset:]):
73         (-[WebAccessibilityObjectWrapper rangeForTextMarkers:]):
74         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
75         (startOrEndTextmarkerForRange):
76         (nextTextMarkerForCharacterOffset):
77         (previousTextMarkerForCharacterOffset):
78         (-[WebAccessibilityObjectWrapper nextTextMarkerForCharacterOffset:]):
79         (-[WebAccessibilityObjectWrapper previousTextMarkerForCharacterOffset:]):
80         (-[WebAccessibilityObjectWrapper textMarkerForCharacterOffset:]):
81         (textMarkerForCharacterOffset):
82         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
83         (-[WebAccessibilityObjectWrapper nextTextMarkerForNode:offset:]): Deleted.
84         (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]): Deleted.
85         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]): Deleted.
86         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]): Deleted.
87         * editing/VisibleUnits.cpp:
88         (WebCore::nextSentencePosition):
89         (WebCore::findStartOfParagraph):
90         (WebCore::findEndOfParagraph):
91         (WebCore::startOfParagraph):
92         (WebCore::endOfParagraph):
93         * editing/VisibleUnits.h:
94
95 2016-02-12  Ryan Haddad  <ryanhaddad@apple.com>
96
97         Reset results for bindings tests after r196520
98
99         Unreviewed test gardening.
100
101         No new tests needed.
102
103         * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.cpp:
104         (webkit_dom_test_event_target_dispatch_event):
105         * bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
106         (webkit_dom_test_node_dispatch_event):
107
108 2016-02-12  Saam barati  <sbarati@apple.com>
109
110         Attempting build fix from https://bugs.webkit.org/show_bug.cgi?id=154144.
111
112         * bindings/js/JSDOMGlobalObject.cpp:
113         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
114
115 2016-02-12  Daniel Bates  <dabates@apple.com>
116
117         CSP: 'blob:' URLs should not match 'self' in CSP source expression lists.
118         https://bugs.webkit.org/show_bug.cgi?id=153158
119         <rdar://problem/24383264>
120
121         Reviewed by Brent Fulgham.
122
123         A blob URL should not match source 'self' by section Security Considerations for GUID URL schemes
124         of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/CSP2/> (21 July 2015).
125
126         Tests: http/tests/security/contentSecurityPolicy/blob-url-does-not-match-source-self.html
127                http/tests/security/contentSecurityPolicy/blob-url-matches-source-blob.html
128
129         * page/csp/ContentSecurityPolicySourceList.cpp:
130         (WebCore::ContentSecurityPolicySourceList::matches): Do not make a distinction between URLs that
131         contain a nested URL (e.g. blob://http://www.example.com/...) and URLs that do not contain a nested
132         URL. The URL of the requested resource should be matched against the source list source expressions.
133
134 2016-02-12  Daniel Bates  <dabates@apple.com>
135
136         CSP: Implement child-src directive
137         https://bugs.webkit.org/show_bug.cgi?id=153562
138         <rdar://problem/24610087>
139
140         Reviewed by Brent Fulgham.
141
142         Add support for the child-src directive, <https://w3c.github.io/webappsec-csp/2/#child_src> (29 August 2015),
143         which formally replaces the deprecated frame-src directive as of the Content Security Policy 2.0 spec. The
144         child-src directive was first introduced in the Content Security Policy 1.1 spec, <https://www.w3.org/TR/2014/WD-CSP11-20140211/>.
145
146         As a side effect of this change, the script URL for a Web Worker is checked against the child-src directive
147         as opposed to the script-src directive. This is a backward incompatible change from the CSP 1.0 spec.
148
149         Tests: http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-blocked.html
150                http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-redirect-blocked.html
151                http/tests/security/contentSecurityPolicy/1.1/child-src/frame-src-takes-precedence-over-child-src.html
152                http/tests/security/contentSecurityPolicy/1.1/child-src/worker-redirect-blocked.html
153                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-redirect.html
154
155         * loader/DocumentThreadableLoader.cpp:
156         (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Check child-src directive (if applicable).
157         * loader/ThreadableLoader.h: Add enum value EnforceChildSrcDirective to enum class ContentSecurityPolicyEnforcement to
158         enforce the child-src directive on redirect.
159         * page/csp/ContentSecurityPolicy.cpp:
160         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Added.
161         * page/csp/ContentSecurityPolicy.h:
162         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
163         (WebCore::ContentSecurityPolicyDirectiveList::checkSourceAndReportViolation): Add message prefix for a child-src violation.
164         We use the same message prefix as used by Blink.
165         (WebCore::ContentSecurityPolicyDirectiveList::allowChildContextFromSource): Added.
166         (WebCore::ContentSecurityPolicyDirectiveList::allowChildFrameFromSource): Modified to check the frame-src
167         directive (if specified) before checking the child-src directive by <https://w3c.github.io/webappsec-csp/2/#directive-child-src-nested>.
168         (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Parse the child-src directive.
169         * page/csp/ContentSecurityPolicyDirectiveList.h:
170         * workers/AbstractWorker.cpp:
171         (WebCore::AbstractWorker::resolveURL): Check if the script URL for the worker is allowed by the child-src directive
172         as opposed to the script-src directive. This is a backwards incompatible change from the CSP 1.0 spec.
173         * workers/Worker.cpp:
174         (WebCore::Worker::create): Enforce the child-src directive on redirects (if applicable).
175
176 2016-02-12  Saam barati  <sbarati@apple.com>
177
178         The parser doesn't properly protect against global variable references in builtins
179         https://bugs.webkit.org/show_bug.cgi?id=154144
180
181         Reviewed by Geoffrey Garen.
182
183         Change JS builtins to no longer reference global variables.
184
185         No new tests because old tests cover the issues here.
186
187         * Modules/mediastream/NavigatorUserMedia.js:
188         (webkitGetUserMedia):
189         * Modules/mediastream/RTCPeerConnection.js:
190         (addIceCandidate):
191         (getStats):
192         * Modules/mediastream/RTCPeerConnectionInternals.js:
193         (setLocalOrRemoteDescription):
194         * Modules/plugins/QuickTimePluginReplacement.js:
195         (Replacement.prototype.handleEvent):
196         * Modules/streams/ByteLengthQueuingStrategy.js:
197         (initializeByteLengthQueuingStrategy):
198         * Modules/streams/CountQueuingStrategy.js:
199         (initializeCountQueuingStrategy):
200         * Modules/streams/ReadableStreamInternals.js:
201         (teeReadableStream):
202         * bindings/js/JSDOMGlobalObject.cpp:
203         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
204         * bindings/js/WebCoreBuiltinNames.h:
205
206 2016-02-12  Jiewen Tan  <jiewen_tan@apple.com>
207
208         WebKit should expose the DOM 4 Event.isTrusted property
209         https://bugs.webkit.org/show_bug.cgi?id=76121
210         <rdar://problem/22558494>
211
212         Reviewed by Darin Adler.
213
214         Implements Event.isTrusted. The implementation here is slitely different from and better than
215         the DOM specification. Here Event.isTrusted will be initialized differently depending on the
216         callers of the constructors/create methods. If the caller is from user agent, the isTrusted
217         will be true. Otherwise, it will be false. Since a user agent dispatched event can be catched
218         and re-initialized/redispatched by the bindings, the flag will be unset at *Event::init*Event
219         and EventTarget::dispatchEventForBindings. As currently there is no way to let user agent to
220         dispatch a bindings created event, therefore we ensure that the Event.isTrusted is set for
221         events dispatched by user agent, and unset for those by bindings.
222
223         EventTarget::dispatchEvent(Event*, ExceptionCode&) is renamed to EventTarget::dispatchEventForBindings
224         in this patch as well. So that, together with the improved design of the API, developers in
225         the future will be less likely using a wrong dispatchEvent method and setting Event.isTrusted
226         incorrectly comparing to the DOM design.
227
228         After this patch, all events that are created by user agent should be dispatched by
229         EventTarget::dispatchEvent, and those are created by bindings should be dispatched by
230         EventTarget::dispatchEventForBindings.
231
232         Some of the changes in this patch referred Blink r198996:
233         https://codereview.chromium.org/1241613004
234
235         Test: imported/blink/fast/events/event-trusted.html
236
237         * bindings/scripts/CodeGeneratorGObject.pm:
238         (GenerateEventTargetIface):
239         * dom/Event.cpp:
240         (WebCore::Event::Event):
241         (WebCore::Event::initEvent):
242         * dom/Event.h:
243         (WebCore::Event::isTrusted):
244         (WebCore::Event::setUntrusted):
245         * dom/Event.idl:
246         * dom/EventTarget.cpp:
247         (WebCore::EventTarget::dispatchEventForBindings):
248         (WebCore::EventTarget::dispatchEvent): Deleted.
249         * dom/EventTarget.h:
250         * dom/EventTarget.idl:
251         * page/DOMWindow.idl:
252         * page/EventHandler.cpp:
253         (WebCore::EventHandler::dispatchDragEvent):
254         * workers/WorkerGlobalScope.idl:
255
256 2016-02-12  Brady Eidson  <beidson@apple.com>
257
258         Modern IDB: IDBObjectStore and IDBIndex need to be ActiveDOMObjects.
259         https://bugs.webkit.org/show_bug.cgi?id=154153
260
261         Reviewed by Alex Christensen.
262
263         No new tests (No testable change in behavior).
264
265         This is needed so that IDBObjectStore and IDBIndex JS wrappers are not garbage collected
266         while their IDBTransaction is still in progress.
267
268         * Modules/indexeddb/client/IDBIndexImpl.cpp:
269         (WebCore::IDBClient::IDBIndex::IDBIndex):
270         (WebCore::IDBClient::IDBIndex::activeDOMObjectName):
271         (WebCore::IDBClient::IDBIndex::canSuspendForDocumentSuspension):
272         (WebCore::IDBClient::IDBIndex::hasPendingActivity):
273         * Modules/indexeddb/client/IDBIndexImpl.h:
274         
275         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
276         (WebCore::IDBClient::IDBObjectStore::create):
277         (WebCore::IDBClient::IDBObjectStore::IDBObjectStore):
278         (WebCore::IDBClient::IDBObjectStore::activeDOMObjectName):
279         (WebCore::IDBClient::IDBObjectStore::canSuspendForDocumentSuspension):
280         (WebCore::IDBClient::IDBObjectStore::hasPendingActivity):
281         (WebCore::IDBClient::IDBObjectStore::index):
282         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
283         
284         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
285         (WebCore::IDBClient::IDBTransaction::objectStore):
286         (WebCore::IDBClient::IDBTransaction::createObjectStore):
287         (WebCore::IDBClient::IDBTransaction::createIndex):
288
289 2016-02-12  Brady Eidson  <beidson@apple.com>
290
291         Modern IDB: Simplify the relationship between IDBObjectStore and IDBIndex.
292         https://bugs.webkit.org/show_bug.cgi?id=154187
293
294         Reviewed by Alex Christensen.
295
296         Tests: storage/indexeddb/modern/deleteindex-3-private.html
297                storage/indexeddb/modern/deleteindex-3.html
298
299         Instead of allowing IDBIndex to have two different lifecycle modes, it is now always
300         owned by an IDBObjectStore.
301         
302         To support the case where an IDBIndex is deleted from its IDBObjectStore, the object
303         store simply hangs on to deleted indexes until it is destroyed itself.
304         
305         * Modules/indexeddb/client/IDBIndexImpl.cpp:
306         (WebCore::IDBClient::IDBIndex::markAsDeleted):
307         (WebCore::IDBClient::IDBIndex::ref):
308         (WebCore::IDBClient::IDBIndex::deref):
309         * Modules/indexeddb/client/IDBIndexImpl.h:
310         
311         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
312         (WebCore::IDBClient::IDBObjectStore::deleteIndex):
313         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
314
315 2016-02-12  Myles C. Maxfield  <mmaxfield@apple.com>
316
317         [CSS Font Loading] Implement CSSFontFace Boilerplate
318         https://bugs.webkit.org/show_bug.cgi?id=154145
319
320         Reviewed by Dean Jackson.
321
322         The CSS Font Loading spec[1] dictates that the FontFace object needs to have string
323         accessors and mutators for a bunch of properties. Our CSSFontFace object currently
324         contains this parsed information, but it isn't accessible via string-based methods.
325         This patch adds the necessary accessors and mutators, and migrates CSSFontSelector
326         to use these mutators where necessary.
327
328         There is more work to come on CSSFontFace; the next step is to create an .idl file
329         and hook it up to our CSSFontFace object. In this patch I have left some
330         unimplemented pieces (for example: where the spec dictates that some operation should
331         throw a JavaScript exception) which will be implemented in a follow-up patch. This
332         patch does not have any visible behavior change; I'm separating out the boilerplate
333         into this patch in order to ease reviewing burden.
334
335         This patch separates the externally-facing JavaScript API into a new class, FontFace.
336         This class owns a CSSFontFace, which provides the backing implementation. There will
337         be a system of shared ownership of these objects once FontFaceSet is implemented.
338
339         No new tests because there is no behavior change.
340
341         * CMakeLists.txt: Add new files to CMake builds.
342         * WebCore.vcxproj/WebCore.vcxproj: Ditto for Windows.
343         * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
344         * WebCore.xcodeproj/project.pbxproj: Ditto for Cocoa.
345         * css/CSSAllInOne.cpp: Ditto for All-In-One builds.
346         * css/CSSFontFace.cpp: Move shared code from CSSFontSelector into CSSFontFace.
347         (WebCore::CSSFontFace::CSSFontFace):
348         (WebCore::CSSFontFace::~CSSFontFace):
349         (WebCore::CSSFontFace::setFamilies):
350         (WebCore::CSSFontFace::setStyle):
351         (WebCore::CSSFontFace::setWeight):
352         (WebCore::CSSFontFace::setUnicodeRange):
353         (WebCore::CSSFontFace::setVariantLigatures):
354         (WebCore::CSSFontFace::setVariantPosition):
355         (WebCore::CSSFontFace::setVariantCaps):
356         (WebCore::CSSFontFace::setVariantNumeric):
357         (WebCore::CSSFontFace::setVariantAlternates):
358         (WebCore::CSSFontFace::setVariantEastAsian):
359         (WebCore::CSSFontFace::setFeatureSettings):
360         * css/CSSFontFace.h: Clean up.
361         (WebCore::CSSFontFace::create):
362         (WebCore::CSSFontFace::families):
363         (WebCore::CSSFontFace::traitsMask):
364         (WebCore::CSSFontFace::featureSettings):
365         (WebCore::CSSFontFace::variantSettings):
366         (WebCore::CSSFontFace::setVariantSettings):
367         (WebCore::CSSFontFace::setTraitsMask):
368         (WebCore::CSSFontFace::isLocalFallback):
369         (WebCore::CSSFontFace::addRange): Deleted.
370         (WebCore::CSSFontFace::insertFeature): Deleted.
371         (WebCore::CSSFontFace::setVariantCommonLigatures): Deleted.
372         (WebCore::CSSFontFace::setVariantDiscretionaryLigatures): Deleted.
373         (WebCore::CSSFontFace::setVariantHistoricalLigatures): Deleted.
374         (WebCore::CSSFontFace::setVariantContextualAlternates): Deleted.
375         (WebCore::CSSFontFace::setVariantPosition): Deleted.
376         (WebCore::CSSFontFace::setVariantCaps): Deleted.
377         (WebCore::CSSFontFace::setVariantNumericFigure): Deleted.
378         (WebCore::CSSFontFace::setVariantNumericSpacing): Deleted.
379         (WebCore::CSSFontFace::setVariantNumericFraction): Deleted.
380         (WebCore::CSSFontFace::setVariantNumericOrdinal): Deleted.
381         (WebCore::CSSFontFace::setVariantNumericSlashedZero): Deleted.
382         (WebCore::CSSFontFace::setVariantAlternates): Deleted.
383         (WebCore::CSSFontFace::setVariantEastAsianVariant): Deleted.
384         (WebCore::CSSFontFace::setVariantEastAsianWidth): Deleted.
385         (WebCore::CSSFontFace::setVariantEastAsianRuby): Deleted.
386         (WebCore::CSSFontFace::CSSFontFace): Deleted.
387         * css/CSSFontSelector.cpp: Migrate shared code into CSSFontFace, and udpate
388         to use the new API.
389         (WebCore::appendSources):
390         (WebCore::registerLocalFontFacesForFamily):
391         (WebCore::CSSFontSelector::addFontFaceRule):
392         (WebCore::computeTraitsMask): Deleted.
393         (WebCore::createFontFace): Deleted.
394         * css/FontFace.cpp: Added. External JavaScript API. Owns a CSSFontFace.
395         (WebCore::FontFace::FontFace):
396         (WebCore::FontFace::~FontFace):
397         (WebCore::parseString):
398         (WebCore::FontFace::setFamily):
399         (WebCore::FontFace::setStyle):
400         (WebCore::FontFace::setWeight):
401         (WebCore::FontFace::setStretch):
402         (WebCore::FontFace::setUnicodeRange):
403         (WebCore::FontFace::setVariant):
404         (WebCore::FontFace::setFeatureSettings):
405         (WebCore::FontFace::family):
406         (WebCore::FontFace::style):
407         (WebCore::FontFace::weight):
408         (WebCore::FontFace::stretch):
409         (WebCore::FontFace::unicodeRange):
410         (WebCore::FontFace::variant):
411         (WebCore::FontFace::featureSettings):
412         * css/FontFace.h: Added. Ditto.
413         (WebCore::FontFace::create):
414         * css/FontVariantBuilder.cpp: Added. Moved code here from FontVariantBuilder.h.
415         Refactored to support a new client (CSSFontFace).
416         (WebCore::extractFontVariantLigatures):
417         (WebCore::extractFontVariantNumeric):
418         (WebCore::extractFontVariantEastAsian):
419         (WebCore::computeFontVariant):
420         * css/FontVariantBuilder.h: Moved code from here into FontVariantBuilder.cpp.
421         (WebCore::applyValueFontVariantLigatures): Deleted.
422         (WebCore::applyValueFontVariantNumeric): Deleted.
423         (WebCore::applyValueFontVariantEastAsian): Deleted.
424         * css/StyleBuilderCustom.h: Update for new FontVariantBuilder API.
425         (WebCore::StyleBuilderCustom::applyValueFontVariantLigatures):
426         (WebCore::StyleBuilderCustom::applyValueFontVariantNumeric):
427         (WebCore::StyleBuilderCustom::applyValueFontVariantEastAsian):
428         * platform/text/TextFlags.h: Provide convenience classes.
429         (WebCore::FontVariantLigaturesValues::FontVariantLigaturesValues):
430         (WebCore::FontVariantNumericValues::FontVariantNumericValues):
431         (WebCore::FontVariantEastAsianValues::FontVariantEastAsianValues):
432
433 2016-02-12  Jer Noble  <jer.noble@apple.com>
434
435         Build fix after r196506; publish MediaResourceLoader.h as a private header so it can be used by
436         TestWebKitAPI.
437
438         * WebCore.xcodeproj/project.pbxproj:
439
440 2016-02-11  Jer Noble  <jer.noble@apple.com>
441
442         [Mac] Adopt MediaResourceLoader (instead of CachedResourceLoader) in WebCoreNSURLSession.
443         https://bugs.webkit.org/show_bug.cgi?id=154136
444
445         Reviewed by Alex Christensen.
446
447         MediaResourceLoader already supports using CORS attribute to verify CORS access requirements
448         when loading media resources, so use it, rather than CachedResourceLoader, as the backing for
449         WebCoreNSURLSession.
450
451         * platform/network/cocoa/WebCoreNSURLSession.h:
452         * platform/network/cocoa/WebCoreNSURLSession.mm:
453         (-[WebCoreNSURLSession delegateQueue]):
454         (-[WebCoreNSURLSession streamTaskWithNetService:]):
455         (-[WebCoreNSURLSession isKindOfClass:]):
456         (-[WebCoreNSURLSessionDataTask initWithSession:identifier:request:]):
457         (-[WebCoreNSURLSessionDataTask _restart]):
458         (-[WebCoreNSURLSessionDataTask _cancel]):
459         (-[WebCoreNSURLSessionDataTask resume]):
460         (-[WebCoreNSURLSessionDataTask _timingData]):
461         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
462         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
463         (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Deleted.
464         (-[WebCoreNSURLSession loader]): Deleted.
465         (WebCore::WebCoreNSURLSessionDataTaskClient::dataSent): Deleted.
466         (WebCore::WebCoreNSURLSessionDataTaskClient::responseReceived): Deleted.
467         (WebCore::WebCoreNSURLSessionDataTaskClient::dataReceived): Deleted.
468         (WebCore::WebCoreNSURLSessionDataTaskClient::redirectReceived): Deleted.
469         (WebCore::WebCoreNSURLSessionDataTaskClient::notifyFinished): Deleted.
470         (-[WebCoreNSURLSessionDataTask initWithSession:identifier:URL:]): Deleted.
471         (-[WebCoreNSURLSessionDataTask _finish]): Deleted.
472         (-[WebCoreNSURLSessionDataTask _setDefersLoading:]): Deleted.
473         (-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]): Deleted.
474         (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]): Deleted.
475         (-[WebCoreNSURLSessionDataTask resourceFinished:]): Deleted.
476         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
477         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
478
479 2016-02-12  Alex Christensen  <achristensen@webkit.org>
480
481         Fix non-internal builds when using NetworkSession
482         https://bugs.webkit.org/show_bug.cgi?id=152285
483
484         * platform/spi/cf/CFNetworkSPI.h:
485         Add SPI declaration used in r194156.
486
487 2016-02-12  Andreas Kling  <akling@apple.com>
488
489         Throw out all live resource decoded data on memory pressure / suspension.
490         <https://webkit.org/b/154176>
491
492         Reviewed by Antti Koivisto.
493
494         When pruning live resource decoded data from the memory cache,
495         we normally avoid pruning anything that's been painted in the last second.
496         This is an optimization to avoid getting into image decoding loops.
497
498         For memory pressure / process suspension scenarios this doesn't really
499         make sense though:
500
501             - In the pressure case, if we have to render again soon it'll likely
502               be a new GIF frame which we have to decode anyway.
503
504             - In the process suspension case, we might *never* render again,
505               so we should be good citizens and drop all the decoded data we can.
506
507         This patch makes us drop all the decoded data, recently painted or not.
508
509         * platform/MemoryPressureHandler.cpp:
510         (WebCore::MemoryPressureHandler::releaseCriticalMemory):
511
512 2016-02-12  Gavin Barraclough  <barraclough@apple.com>
513
514         Separate out !allowsAccess path in JSDOMWindowCustom getOwnPropertySlot
515         https://bugs.webkit.org/show_bug.cgi?id=154156
516
517         Reviewed by Chris Dumez.
518
519         JSDOMWindowCustom getOwnPropertySlot currently allows cross-origin access to all
520         static properties, relying on the property to perform the access check. This is
521         a little insecure, since it is error prone - someone could easily add a property
522         to the static table without realizing it would be automatcially exposed.
523
524         Instead, add a hard-coded filter to restrict access. As a future implementation
525         we might consider autogenerating this (the properties are already tagged in IDL,
526         we might be able to track this in a flag on the static table).
527
528         By separating out the handling of the same- and cross-origin access we can
529         simplify & make the policy being enforced much clearer.
530
531         * bindings/js/JSDOMBinding.cpp:
532         (WebCore::objectToStringFunctionGetter): Deleted.
533             - removed objectToStringFunctionGetter - this duplicated functionality of
534               nonCachingStaticFunctionGetter.
535         * bindings/js/JSDOMBinding.h:
536         (WebCore::objectToStringFunctionGetter): Deleted.
537             - removed objectToStringFunctionGetter - this duplicated functionality of
538               nonCachingStaticFunctionGetter.
539         * bindings/js/JSDOMWindowCustom.cpp:
540         (WebCore::jsDOMWindowGetOwnPropertySlotDisallowAccess):
541             - explicitly handle providing access to only the things we do want to allow cross-origin.
542         (WebCore::JSDOMWindow::getOwnPropertySlot):
543         (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
544             - push all !allowsAccess handling to jsDOMWindowGetOwnPropertySlotDisallowAccess
545         (WebCore::childFrameGetter): Deleted.
546             - this was just a deoptimiztion - moving access into a callback saved very
547               little & caused more work to be duplicated.
548
549 2016-02-12  Sukolsak Sakshuwong  <sukolsak@gmail.com>
550
551         Update ICU header files to version 52
552         https://bugs.webkit.org/show_bug.cgi?id=154160
553
554         Reviewed by Alex Christensen.
555
556         Update ICU header files to version 52 to allow the use of newer APIs.
557
558         No new tests because there is no behavior change.
559
560         * icu/unicode/bytestream.h:
561         * icu/unicode/chariter.h:
562         * icu/unicode/localpointer.h:
563         * icu/unicode/platform.h:
564         * icu/unicode/ptypes.h:
565         * icu/unicode/putil.h:
566         * icu/unicode/rep.h:
567         (Replaceable::Replaceable):
568         * icu/unicode/std_string.h:
569         * icu/unicode/strenum.h:
570         * icu/unicode/stringpiece.h:
571         * icu/unicode/ubrk.h:
572         * icu/unicode/uchar.h:
573         * icu/unicode/ucnv.h:
574         * icu/unicode/ucol.h:
575         * icu/unicode/ucoleitr.h:
576         * icu/unicode/uconfig.h:
577         * icu/unicode/ucsdet.h:
578         * icu/unicode/uenum.h:
579         * icu/unicode/uidna.h:
580         * icu/unicode/uiter.h:
581         * icu/unicode/uloc.h:
582         * icu/unicode/umachine.h:
583         * icu/unicode/unistr.h:
584         (UnicodeString::UnicodeString):
585         (UnicodeString::operator== ):
586         (UnicodeString::startsWith):
587         (UnicodeString::setTo):
588         (UnicodeString::remove):
589         (UnicodeString::replace): Deleted.
590         (UnicodeString::extract): Deleted.
591         (UnicodeString::char32At): Deleted.
592         (UnicodeString::getChar32Start): Deleted.
593         (UnicodeString::getChar32Limit): Deleted.
594         (UnicodeString::getTerminatedBuffer): Deleted.
595         (UnicodeString::append): Deleted.
596         (UnicodeString::truncate): Deleted.
597         * icu/unicode/unorm2.h:
598         * icu/unicode/uobject.h:
599         * icu/unicode/urename.h:
600         * icu/unicode/uscript.h:
601         * icu/unicode/usearch.h:
602         * icu/unicode/uset.h:
603         * icu/unicode/ushape.h:
604         * icu/unicode/ustring.h:
605         * icu/unicode/utext.h:
606         * icu/unicode/utf.h:
607         * icu/unicode/utf16.h:
608         * icu/unicode/utf8.h:
609         * icu/unicode/utf_old.h:
610         * icu/unicode/utypes.h:
611         * icu/unicode/uvernum.h:
612         * icu/unicode/uversion.h:
613
614 2016-02-12  Andreas Kling  <akling@apple.com>
615
616         [Mac] BitmapImage::decodedDataIsPurgeable() is telling lies and causing massive memory usage.
617         <https://webkit.org/b/154172>
618
619         Reviewed by Antti Koivisto.
620
621         The underlying mechanism in CoreAnimation that made this work is no longer in place.
622
623         Instead of keeping purgeable frames and juggling volatility bits, we were simply caching
624         every single frame of large GIF animations, sometimes leading to monstrous memory usage.
625
626         Remove the code from WebCore since it's not doing at all what it means to.
627
628         Now iOS and Mac will behave the same again, and frame caching decisions will be
629         made by WebKit, based on total pixel byte size.
630
631         * loader/cache/CachedImage.h:
632         * loader/cache/CachedResource.h:
633         (WebCore::CachedResource::decodedDataIsPurgeable): Deleted.
634         * loader/cache/MemoryCache.cpp:
635         (WebCore::MemoryCache::pruneLiveResourcesToSize): Deleted.
636         * platform/graphics/BitmapImage.cpp:
637         (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
638         (WebCore::BitmapImage::destroyDecodedDataIfNecessary): Deleted.
639         * platform/graphics/BitmapImage.h:
640         * platform/graphics/Image.h:
641         (WebCore::Image::decodedDataIsPurgeable): Deleted.
642         * platform/graphics/cg/BitmapImageCG.cpp:
643         (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
644         * platform/graphics/cg/ImageSourceCG.cpp:
645         (WebCore::ImageSource::createFrameAtIndex): Deleted.
646
647 2016-02-12  Brady Eidson  <beidson@apple.com>
648
649         Modern IDB: Ref cycle between IDBObjectStore and IDBIndex.
650         https://bugs.webkit.org/show_bug.cgi?id=154110
651
652         Reviewed by Darin Adler.
653
654         No new tests (Currently untestable).
655
656         The lifetime of IDBObjectStore and IDBIndex are closely intertwined, but we have to break the ref cycle.
657         
658         This patch does a few semi-gnarly things:
659         1 - Makes both IDBIndex and IDBObjectStore have a custom marking function so they can add each other as 
660             opaque roots.
661         2 - Adds a lock to protect IDBObjectStore's collection of referenced indexes to support #1, as GC marking
662             can happen on any thread.
663         3 - Makes IDBIndex not be traditionally RefCounted; Instead, IDBIndex::ref()/deref() simply ref()/deref()
664             the owning IDBObjectStore.
665         4 - ...Except when somebody deletes an IDBIndex from its IDBObjectStore. Once that happens, the object
666             store no longer has a reference back to the index, but the index still needs a reference back to the
667             object store. To support this, the IDBIndex becomes "traditionally RefCounted" while holding a ref to
668             its IDBObjectStore.
669
670         * CMakeLists.txt:
671         * WebCore.xcodeproj/project.pbxproj:
672
673         * Modules/indexeddb/IDBIndex.h:
674         (WebCore::IDBIndex::isModern):
675         * Modules/indexeddb/IDBIndex.idl:
676         
677         * Modules/indexeddb/IDBObjectStore.h:
678         (WebCore::IDBObjectStore::isModern):
679         * Modules/indexeddb/IDBObjectStore.idl:
680         
681         * Modules/indexeddb/client/IDBIndexImpl.cpp:
682         (WebCore::IDBClient::IDBIndex::objectStore):
683         (WebCore::IDBClient::IDBIndex::openCursor):
684         (WebCore::IDBClient::IDBIndex::doCount):
685         (WebCore::IDBClient::IDBIndex::openKeyCursor):
686         (WebCore::IDBClient::IDBIndex::doGet):
687         (WebCore::IDBClient::IDBIndex::doGetKey):
688         (WebCore::IDBClient::IDBIndex::markAsDeleted):
689         (WebCore::IDBClient::IDBIndex::ref):
690         (WebCore::IDBClient::IDBIndex::deref):
691         (WebCore::IDBClient::IDBIndex::create): Deleted.
692         * Modules/indexeddb/client/IDBIndexImpl.h:
693         (WebCore::IDBClient::IDBIndex::modernObjectStore):
694         
695         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
696         (WebCore::IDBClient::IDBObjectStore::createIndex):
697         (WebCore::IDBClient::IDBObjectStore::index):
698         (WebCore::IDBClient::IDBObjectStore::deleteIndex):
699         (WebCore::IDBClient::IDBObjectStore::visitReferencedIndexes):
700         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
701         
702         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
703         (WebCore::IDBClient::IDBTransaction::createIndex):
704         * Modules/indexeddb/client/IDBTransactionImpl.h:
705         
706         * Modules/indexeddb/legacy/LegacyIndex.cpp:
707         (WebCore::LegacyIndex::ref):
708         (WebCore::LegacyIndex::deref):
709         * Modules/indexeddb/legacy/LegacyIndex.h:
710         
711         * bindings/js/JSIDBIndexCustom.cpp: Added.
712         (WebCore::JSIDBIndex::visitAdditionalChildren):
713         
714         * bindings/js/JSIDBObjectStoreCustom.cpp:
715         (WebCore::JSIDBObjectStore::visitAdditionalChildren):
716
717 2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>
718
719         [EFL][GTK] Fix ENABLE(SVG_OTF_CONVERTER) build
720         https://bugs.webkit.org/show_bug.cgi?id=154165
721
722         Reviewed by Alex Christensen.
723
724         * CMakeLists.txt:
725         * css/CSSFontFaceSource.cpp:
726         (WebCore::CSSFontFaceSource::font):
727         * svg/SVGToOTFFontConversion.cpp:
728         * svg/SVGToOTFFontConversion.h:
729
730 2016-02-12  Chris Dumez  <cdumez@apple.com>
731
732         Unreviewed nit fixes after r196466.
733
734         * Modules/speech/SpeechSynthesisUtterance.idl: Fix curly bracket
735           placement.
736         * bindings/scripts/CodeGeneratorJS.pm:
737         (GenerateHeader): Use wrappableObject instead of domObject.
738         * bindings/scripts/test/*: Rebaseline.
739         * dom/WebKitNamedFlow.idl: Drop unnecessary #if case.
740
741 2016-02-12  Carlos Garcia Campos  <cgarcia@igalia.com>
742
743         [GTK] Properly handle classes inheriting from EventTarget
744         https://bugs.webkit.org/show_bug.cgi?id=154158
745
746         Reviewed by Michael Catanzaro.
747
748         Instead of removing its parent we now handle the case of classes
749         having EventTarget as parent to make them implement the interface
750         instead.
751
752         * bindings/scripts/CodeGeneratorGObject.pm:
753         (ShouldBeExposedAsInterface): Whether the parent given class
754         should be exposed as an interface instead of a parent class.
755         (GetParentClassName): Return Object as parent for classes having
756         a parent that should be exposed as an interface.
757         (GetParentImplClassName): Ditto.
758         (GetBaseClass): Ditto.
759         (GetParentGObjType): Ditto.
760         (SkipFunction): Add FIXME comment.
761         (ImplementsInterface): Helper function to check if a class
762         implements the given interface.
763         (GenerateCFile): Check whether the class implements EventTarget to
764         generate the interface implementation.
765         (GenerateInterface): Do not remove the parent class when it's EventTarget.
766
767 2016-02-12  Commit Queue  <commit-queue@webkit.org>
768
769         Unreviewed, rolling out r196470.
770         https://bugs.webkit.org/show_bug.cgi?id=154167
771
772         Broke some tests (Requested by anttik on #webkit).
773
774         Reverted changeset:
775
776         "Factor class change style invalidation code into a class"
777         https://bugs.webkit.org/show_bug.cgi?id=154163
778         http://trac.webkit.org/changeset/196470
779
780 2016-02-12  Antti Koivisto  <antti@apple.com>
781
782         Factor class change style invalidation code into a class
783         https://bugs.webkit.org/show_bug.cgi?id=154163
784
785         Reviewed by Andreas Kling.
786
787         Factor this piece of functionality out of Element and into ClassChangeInvalidation class.
788
789         * CMakeLists.txt:
790         * WebCore.vcxproj/WebCore.vcxproj:
791         * WebCore.xcodeproj/project.pbxproj:
792         * dom/Element.cpp:
793         (WebCore::classStringHasClassName):
794         (WebCore::Element::classAttributeChanged):
795         (WebCore::collectClasses): Deleted.
796         (WebCore::computeClassChange): Deleted.
797         (WebCore::invalidateStyleForClassChange): Deleted.
798         * style/ClassChangeInvalidation.cpp: Added.
799         (WebCore::Style::ClassChangeInvalidation::computeClassChange):
800         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
801         * style/ClassChangeInvalidation.h: Added.
802         (WebCore::Style::ClassChangeInvalidation::needsInvalidation):
803         (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
804         (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):
805
806 2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>
807
808         GCC buildfix in Source/WebCore/svg/SVGToOTFFontConversion.cpp
809         https://bugs.webkit.org/show_bug.cgi?id=154162
810
811         Reviewed by Andreas Kling.
812
813         * svg/SVGToOTFFontConversion.cpp:
814         (WebCore::SVGToOTFFontConverter::finishAppendingKERNSubtable):
815
816 2016-02-12  Andreas Kling  <akling@apple.com>
817
818         Don't invalidate the FontCache on memory pressure.
819         <https://webkit.org/b/154161>
820
821         Reviewed by Antti Koivisto.
822
823         Invalidating the FontCache does more harm than good:
824
825             - Anything that's still in the cache at this point is also
826               referenced outside the cache, thus will not actually get deleted.
827
828             - Future deduplication will fail, leading to more objects.
829
830             - The global FontCache generation gets bumped, causing future style
831               recalcs to be less efficient and breaking style sharing.
832
833             - All FontSelector invalidation callbacks will fire, potentially
834               causing forced full-document style recalcs.
835
836         In fact, the only win from invalidating the FontCache comes from some
837         minor shrinkage in the containers that make up the cache itself.
838
839         * platform/MemoryPressureHandler.cpp:
840         (WebCore::MemoryPressureHandler::releaseCriticalMemory): Deleted.
841
842 2016-02-11  Chris Dumez  <cdumez@apple.com>
843
844         [Web IDL] interfaces should inherit EventTarget instead of duplicating the EventTarget API
845         https://bugs.webkit.org/show_bug.cgi?id=154121
846         <rdar://problem/24613234>
847
848         Reviewed by Gavin Barraclough.
849
850         Interfaces should inherit EventTarget instead of duplicating the
851         EventTarget API in their IDL. Not only the duplication is ugly and
852         error-prone, but this also does not match the specifications and
853         have subtle web-exposed differences.
854
855         This patch takes care of all interfaces except for DOMWindow and
856         WorkerGlobalScope. Those will be updated in the follow-up patch
857         as they will require a little bit more work and testing.
858
859         We should also be able to get rid of the [EventTarget] WebKit IDL
860         attribute in a follow-up.
861
862         No new tests, already covered by existing tests.
863
864         * Modules/battery/BatteryManager.idl:
865         * Modules/encryptedmedia/MediaKeySession.idl:
866         * Modules/indexeddb/IDBDatabase.h:
867         * Modules/indexeddb/IDBDatabase.idl:
868         * Modules/indexeddb/IDBRequest.h:
869         * Modules/indexeddb/IDBRequest.idl:
870         * Modules/indexeddb/IDBTransaction.h:
871         * Modules/indexeddb/IDBTransaction.idl:
872         * Modules/mediasession/MediaRemoteControls.idl:
873         * Modules/mediasource/MediaSource.h:
874         * Modules/mediasource/MediaSource.idl:
875         * Modules/mediasource/SourceBuffer.h:
876         * Modules/mediasource/SourceBuffer.idl:
877         * Modules/mediasource/SourceBufferList.h:
878         * Modules/mediasource/SourceBufferList.idl:
879         * Modules/mediastream/MediaStream.h:
880         * Modules/mediastream/MediaStream.idl:
881         * Modules/mediastream/MediaStreamTrack.h:
882         * Modules/mediastream/MediaStreamTrack.idl:
883         * Modules/mediastream/RTCDTMFSender.h:
884         * Modules/mediastream/RTCDTMFSender.idl:
885         * Modules/mediastream/RTCDataChannel.h:
886         * Modules/mediastream/RTCDataChannel.idl:
887         * Modules/mediastream/RTCPeerConnection.h:
888         * Modules/mediastream/RTCPeerConnection.idl:
889         * Modules/notifications/Notification.idl:
890         * Modules/speech/SpeechSynthesisUtterance.idl:
891         * Modules/webaudio/AudioContext.idl:
892         * Modules/webaudio/AudioNode.idl:
893         * Modules/websockets/WebSocket.idl:
894         * css/FontLoader.idl:
895         * dom/EventTarget.h:
896         * dom/MessagePort.idl:
897         * dom/Node.h:
898         * dom/Node.idl:
899         * dom/WebKitNamedFlow.idl:
900         * fileapi/FileReader.idl:
901         * html/MediaController.idl:
902         * html/track/AudioTrackList.idl:
903         * html/track/TextTrack.idl:
904         * html/track/TextTrackCue.idl:
905         * html/track/TextTrackList.idl:
906         * html/track/VideoTrackList.idl:
907         * loader/appcache/DOMApplicationCache.h:
908         * loader/appcache/DOMApplicationCache.idl:
909         * page/EventSource.idl:
910         * page/Performance.h:
911         * page/Performance.idl:
912         * workers/Worker.idl:
913         * xml/XMLHttpRequest.h:
914         * xml/XMLHttpRequest.idl:
915         * xml/XMLHttpRequestUpload.idl:
916         - Drop hardcoded EventTarget operations and inherit EventTarget instead.
917         - Drop JSGenerateToNativeObject / JSGenerateToJSObject IDL extended
918           attributes for interfaces inheriting the EventTarget interface as
919           the bindings generator now does this automatically for us.
920         - On native side, have EventTarget subclass ScriptWrappable instead of
921           each of its subclasses doing so. The issue was that
922           EventTargetOwner::finalize() was calling uncacheWrapper() with an
923           EventTarget*, which would not clear inlined cached wrapped (see
924           clearInlineCachedWrapper()) because EventTarget did not subclass
925           ScriptWrappable. However, cacheWrapper() is called is a specific
926           subtype pointer (e.g. Node*) and we would decide to create an
927           inline cached wrapper because Node subclassed ScriptWrappable
928           (as well as EventTarget).
929
930         * WebCore.xcodeproj/project.pbxproj:
931         Export JSEventTarget.h as private header to fix the build.
932
933         * bindings/js/JSDOMBinding.h:
934         (WebCore::wrapperKey):
935         (WebCore::getCachedWrapper):
936         (WebCore::cacheWrapper):
937         (WebCore::uncacheWrapper):
938         Use new wrapperKey() function that is generated for each bindings
939         class that also has wrapperOwner(). This is used instead of the
940         C cast to void* in order to cast to the base wrapped type to fix
941         issues with multiple inheritance. The issue was that cacheWrapper()
942         was getting called with a DOM object subtype pointer (e.g.
943         AudioContext*) but uncacheWrapper() was getting called with a base
944         wrapped type pointer (e.g. EventTarget*). Most of our DOM classes
945         use multiple inheritance and thus the pointer values (used as keys
946         in the weak map) may differ.
947
948         * bindings/js/JSTrackCustom.cpp:
949         (WebCore::toJS):
950         Call CREATE_DOM_WRAPPER() with an actual wrapped type (e.g. AudioTrack)
951         instead of TrackBase type. TrackBase does not have corresponding
952         generated bindings and therefore does not have a wrapperKey()
953         function.
954
955         * bindings/scripts/CodeGeneratorJS.pm:
956         (ShouldGenerateToWrapped):
957         (ShouldGenerateToJSDeclaration):
958         (GenerateHeader):
959         - Generate a wrapperKey() utility function along-side wrapperOwner()
960           to help cast to the base wrapped type.
961         - Generate toWrapped() / toJS() utility functions for interfaces
962           that inherit EventTarget as those are required by our
963           implementation and this avoids having to explicitly have them in
964           the IDL.
965
966         * bindings/scripts/test/*:
967         Rebaseline bindings tests.
968
969 2016-02-11  Brent Fulgham  <bfulgham@apple.com>
970
971         Optimize texture-complete checks
972         https://bugs.webkit.org/show_bug.cgi?id=98308
973
974         Reviewed by Dean Jackson.
975
976         No new tests: No change in behavior.
977
978         * html/canvas/WebGLRenderingContextBase.cpp:
979         (WebCore::WebGLRenderingContextBase::initializeNewContext): Initially consider all
980         textures as suspect.
981         (WebCore::WebGLRenderingContextBase::extensions): New helper function.
982         (WebCore::WebGLRenderingContextBase::reshape): Mark textures as invalid when appropriate.
983         (WebCore::WebGLRenderingContextBase::bindTexture): Identify invalid textures and mark
984         them for later fix-up. Likewise, remove 'known good' textures from the fix-up pass.
985         (WebCore::WebGLRenderingContextBase::deleteTexture): Remove instances of the deleted texture
986         from our set of invalid textures.
987         (WebCore::WebGLRenderingContextBase::checkTextureCompleteness): Only iterate through
988         the 'bad' textures, rather than checking every single texture.
989         * html/canvas/WebGLRenderingContextBase.h:
990
991 2016-02-11  Alex Christensen  <achristensen@webkit.org>
992
993         Assert that IDBTransaction::transitionedToFinishing transitions to finishing.
994         https://bugs.webkit.org/show_bug.cgi?id=154061
995
996         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
997         (WebCore::IDBClient::IDBTransaction::transitionedToFinishing):
998         Added assertion that we are transitioning to a finished or finishing state, based on Darin's feedback.
999
1000 2016-02-11  Enrica Casucci  <enrica@apple.com>
1001
1002         WebContent process crashes when performing data detection on content with existing data detector links.
1003         https://bugs.webkit.org/show_bug.cgi?id=154118
1004         rdar://problem/24511860
1005
1006         Reviewed by Tim Horton.
1007
1008         The DOM mutation caused by removing the existing links, can shift the range endpoints.
1009         We now save the range enpoints as positions so that we can recreate the ranges,
1010         if a DOM mutation occurred.
1011
1012         * editing/cocoa/DataDetection.mm:
1013         (WebCore::removeResultLinksFromAnchor):
1014         (WebCore::searchForLinkRemovingExistingDDLinks):
1015         (WebCore::DataDetection::detectContentInRange):
1016
1017 2016-02-11  Jer Noble  <jer.noble@apple.com>
1018
1019         Make MediaResourceLoader behave more like a CachedResourceLoader.
1020         https://bugs.webkit.org/show_bug.cgi?id=154117
1021
1022         Reviewed by Alex Christensen.
1023
1024         MediaResourceLoader currently can only handle a single request at a time. Split the class
1025         into two, MediaResourceLoader and MediaResource, effectively wrapping CachedResourceLoader
1026         and CachedRawResource respectively. With this devision, the same loader can be used to issue
1027         multiple simultaneous resource requests.
1028
1029         This necessecitates splitting PlatformMediaResource into two classes as well.  To simplify
1030         the HTMLMediaElement, MediaPlayer, and MediaPlayerClient APIs, do not require a client
1031         object when creating the loader; instead, the client is required to create the resource.
1032         This also matches the CachedRawResource API.
1033
1034         * html/HTMLMediaElement.cpp:
1035         (WebCore::HTMLMediaElement::mediaPlayerCreateResourceLoader): Remove the client parameter.
1036         * html/HTMLMediaElement.h:
1037         * loader/MediaResourceLoader.cpp:
1038         (WebCore::MediaResourceLoader::MediaResourceLoader):
1039         (WebCore::MediaResourceLoader::~MediaResourceLoader):
1040         (WebCore::MediaResourceLoader::requestResource): Renamed from start().
1041         (WebCore::MediaResourceLoader::removeResource): Remove resource from live resource list.
1042         (WebCore::MediaResource::create): Utility factory.
1043         (WebCore::MediaResource::MediaResource):
1044         (WebCore::MediaResource::~MediaResource):
1045         (WebCore::MediaResource::stop): Moved from MediaResourceLoader.
1046         (WebCore::MediaResource::setDefersLoading): Ditto.
1047         (WebCore::MediaResource::responseReceived): Ditto.
1048         (WebCore::MediaResource::redirectReceived): Ditto.
1049         (WebCore::MediaResource::dataSent): Ditto.
1050         (WebCore::MediaResource::dataReceived): Ditto.
1051         (WebCore::MediaResource::notifyFinished): Ditto.
1052         (WebCore::MediaResource::getOrCreateReadBuffer): Ditto.
1053         * loader/MediaResourceLoader.h:
1054         * platform/graphics/MediaPlayer.cpp:
1055         (WebCore::MediaPlayer::createResourceLoader):
1056         * platform/graphics/MediaPlayer.h:
1057         (WebCore::MediaPlayerClient::mediaPlayerCreateResourceLoader):
1058         * platform/graphics/PlatformMediaResourceLoader.h:
1059         (WebCore::PlatformMediaResourceClient::~PlatformMediaResourceClient): Renamed from PlatformMediaResourceLoaderClient.
1060         (WebCore::PlatformMediaResourceClient::responseReceived): Client methods now take a reference to the resource.
1061         (WebCore::PlatformMediaResourceClient::redirectReceived): Ditto.
1062         (WebCore::PlatformMediaResourceClient::dataSent): Ditto. 
1063         (WebCore::PlatformMediaResourceClient::dataReceived): Ditto.
1064         (WebCore::PlatformMediaResourceClient::accessControlCheckFailed): Ditto.
1065         (WebCore::PlatformMediaResourceClient::loadFailed): Ditto.
1066         (WebCore::PlatformMediaResourceClient::loadFinished): Ditto.
1067         (WebCore::PlatformMediaResourceClient::getOrCreateReadBuffer): Ditto.
1068         (WebCore::PlatformMediaResourceLoader::PlatformMediaResourceLoader): Ditto.
1069         (WebCore::PlatformMediaResource::PlatformMediaResource): 
1070         (WebCore::PlatformMediaResource::~PlatformMediaResource): 
1071         (WebCore::PlatformMediaResource::setClient):
1072         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
1073         (webKitWebSrcStart):
1074         (webKitWebSrcNeedData):
1075         (webKitWebSrcEnoughData):
1076         (CachedResourceStreamingClient::getOrCreateReadBuffer):
1077         (CachedResourceStreamingClient::responseReceived):
1078         (CachedResourceStreamingClient::dataReceived):
1079         (CachedResourceStreamingClient::accessControlCheckFailed):
1080         (CachedResourceStreamingClient::loadFailed):
1081         (CachedResourceStreamingClient::loadFinished):
1082
1083 2016-02-11  Zalan Bujtas  <zalan@apple.com>
1084
1085         Subpixel rendering: Make focusring painting subpixel aware.
1086         https://bugs.webkit.org/show_bug.cgi?id=154111
1087
1088         Reviewed by David Hyatt.
1089
1090         Do not integral snap focusring rects while collecting them (use device pixel snapping instead
1091         right before passing them to GraphicsContext::drawFocusRing).
1092
1093         Unable to test.
1094
1095         * platform/graphics/GraphicsContext.h:
1096         * platform/graphics/displaylists/DisplayListItems.h:
1097         (WebCore::DisplayList::DrawFocusRingRects::create):
1098         (WebCore::DisplayList::DrawFocusRingRects::rects):
1099         (WebCore::DisplayList::DrawFocusRingRects::DrawFocusRingRects):
1100         * platform/graphics/displaylists/DisplayListRecorder.cpp:
1101         (WebCore::DisplayList::Recorder::drawFocusRing):
1102         * platform/graphics/displaylists/DisplayListRecorder.h:
1103         * platform/graphics/mac/GraphicsContextMac.mm:
1104         (WebCore::GraphicsContext::drawFocusRing):
1105         * rendering/RenderBlock.cpp:
1106         (WebCore::RenderBlock::addFocusRingRectsForInlineChildren):
1107         (WebCore::RenderBlock::addFocusRingRects):
1108         * rendering/RenderBlock.h:
1109         * rendering/RenderBlockFlow.cpp:
1110         (WebCore::RenderBlockFlow::addFocusRingRectsForInlineChildren):
1111         * rendering/RenderBlockFlow.h:
1112         * rendering/RenderBox.cpp:
1113         (WebCore::RenderBox::addFocusRingRects):
1114         * rendering/RenderBox.h:
1115         * rendering/RenderElement.cpp:
1116         (WebCore::RenderElement::paintFocusRing):
1117         (WebCore::RenderElement::issueRepaintForOutlineAuto):
1118         * rendering/RenderInline.cpp:
1119         (WebCore::RenderInline::absoluteRects):
1120         (WebCore::RenderInline::addFocusRingRects):
1121         * rendering/RenderInline.h:
1122         * rendering/RenderListBox.cpp:
1123         (WebCore::RenderListBox::addFocusRingRects):
1124         * rendering/RenderListBox.h:
1125         * rendering/RenderObject.cpp:
1126         (WebCore::RenderObject::addPDFURLRect):
1127         (WebCore::RenderObject::absoluteFocusRingQuads):
1128         * rendering/RenderObject.h:
1129         (WebCore::RenderObject::addFocusRingRects):
1130         * rendering/RenderTextControl.cpp:
1131         (WebCore::RenderTextControl::addFocusRingRects):
1132         * rendering/RenderTextControl.h:
1133         * rendering/svg/RenderSVGContainer.cpp:
1134         (WebCore::RenderSVGContainer::addFocusRingRects):
1135         * rendering/svg/RenderSVGContainer.h:
1136         * rendering/svg/RenderSVGImage.cpp:
1137         (WebCore::RenderSVGImage::addFocusRingRects):
1138         * rendering/svg/RenderSVGImage.h:
1139         * rendering/svg/RenderSVGShape.cpp:
1140         (WebCore::RenderSVGShape::addFocusRingRects):
1141         * rendering/svg/RenderSVGShape.h:
1142
1143 2016-02-11  Myles C. Maxfield  <mmaxfield@apple.com>
1144
1145         Addressing post-review comments after r196393
1146
1147         Unreviewed.
1148
1149         * css/CSSFontSelector.cpp:
1150         (WebCore::CSSFontSelector::getFontFace):
1151         * css/CSSSegmentedFontFace.h:
1152
1153 2016-02-11  Antti Koivisto  <antti@apple.com>
1154
1155         Rename Element::style() to Element::cssomStyle()
1156         https://bugs.webkit.org/show_bug.cgi?id=154107
1157
1158         Reviewed by Alex Christensen.
1159
1160         It implements the IDL "style" attribute that returns a CSSOM object.
1161         Inside WebCore "style" generally refers to a RenderStyle.
1162
1163         * dom/Element.cpp:
1164         (WebCore::Element::hasAttributeNS):
1165         (WebCore::Element::cssomStyle):
1166         (WebCore::Element::focus):
1167         (WebCore::Element::style): Deleted.
1168         * dom/Element.h:
1169         (WebCore::Element::tagQName):
1170         * dom/Element.idl:
1171         * dom/StyledElement.cpp:
1172         (WebCore::StyledElement::~StyledElement):
1173         (WebCore::StyledElement::cssomStyle):
1174         (WebCore::StyledElement::style): Deleted.
1175         * dom/StyledElement.h:
1176         (WebCore::StyledElement::synchronizeStyleAttributeInternal):
1177         (WebCore::StyledElement::collectStyleForPresentationAttribute):
1178         * editing/Editor.cpp:
1179         (WebCore::Editor::applyEditingStyleToElement):
1180         * inspector/InspectorCSSAgent.cpp:
1181         (WebCore::InspectorCSSAgent::getMatchedStylesForNode):
1182         (WebCore::InspectorCSSAgent::getInlineStylesForNode):
1183         (WebCore::InspectorCSSAgent::asInspectorStyleSheet):
1184         * inspector/InspectorStyleSheet.cpp:
1185         (WebCore::InspectorStyleSheetForInlineStyle::didModifyElementAttribute):
1186         (WebCore::InspectorStyleSheetForInlineStyle::inlineStyle):
1187         (WebCore::InspectorStyleSheetForInlineStyle::elementStyleText):
1188         * svg/SVGElement.idl:
1189
1190 2016-02-11  Konstantin Tokarev  <annulen@yandex.ru>
1191
1192         [cmake] Consolidate TextureMapper file and include dir lists.
1193         https://bugs.webkit.org/show_bug.cgi?id=154106
1194
1195         Reviewed by Michael Catanzaro.
1196
1197         No new tests needed.
1198
1199         * CMakeLists.txt: Moved texmap include dir and source list to
1200         TextureMapper.cmake, removed non-existent include dir "filters/texmap".
1201         * PlatformEfl.cmake: Moved texmap and coordinatedgraphics include
1202         dirs and source list to TextureMapper.cmake.
1203         * PlatformGTK.cmake: Ditto, also removed non-existent include dir
1204         "texmap/threadedcompositor"
1205         * PlatformWinCairo.cmake: Moved texmap files to TextureMapper.cmake.
1206         * platform/TextureMapper.cmake: Added.
1207
1208 2016-02-11  Chris Dumez  <cdumez@apple.com>
1209
1210         Move 'length' property to the prototype
1211         https://bugs.webkit.org/show_bug.cgi?id=154051
1212         <rdar://problem/24577385>
1213
1214         Reviewed by Darin Adler.
1215
1216         Move 'length' property to the prototype, where it should be. We used to
1217         keep it on the instance because our implementation of
1218         getOwnPropertySlot() was wrong for interfaces with a named property
1219         getter. However, our implementation of getOwnPropertySlot() is now
1220         spec-compliant so this should be OK.
1221
1222         Moving 'length' to the prototype is also a little bit risky in terms of
1223         performance, especially for HTMLCollection / NodeList. However, I did
1224         not see an impact on realistic benchmarks like Speedometer and only saw
1225         a small impact (< 5%) on micro-benchmarks. I propose we make our behavior
1226         correct and monitor performance. If we see any benchmark we care about
1227         regress then we should try and optimize while keeping the attribute on
1228         the prototype.
1229
1230         No new tests, already covered by existing tests.
1231
1232         * bindings/js/JSDOMBinding.h:
1233         (WebCore::getStaticValueSlotEntryWithoutCaching):
1234         * bindings/js/JSHTMLDocumentCustom.cpp:
1235         (WebCore::JSHTMLDocument::getOwnPropertySlot):
1236         (WebCore::JSHTMLDocument::nameGetter): Deleted.
1237         * bindings/js/JSLocationCustom.cpp:
1238         (WebCore::JSLocation::putDelegate):
1239         * bindings/js/JSPluginElementFunctions.h:
1240         (WebCore::pluginElementCustomGetOwnPropertySlot):
1241         * bindings/js/JSStorageCustom.cpp:
1242         (WebCore::JSStorage::deleteProperty):
1243         (WebCore::JSStorage::deletePropertyByIndex):
1244         (WebCore::JSStorage::putDelegate):
1245         Leverage the new hasStaticPropertyTable static property in the
1246         generated bindings for performance.
1247
1248         * bindings/scripts/CodeGeneratorJS.pm:
1249         (GenerateHeader):
1250         Generate a "hasStaticPropertyTable" static const boolean property
1251         for each bindings class so we can check at build time if
1252         ClassInfo::staticPropHashTable is null.
1253
1254         (AttributeShouldBeOnInstance):
1255         Move "length" to the prototype.
1256
1257         * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
1258         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
1259         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
1260         * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
1261         * bindings/scripts/test/JS/JSTestEventConstructor.h:
1262         * bindings/scripts/test/JS/JSTestEventTarget.h:
1263         * bindings/scripts/test/JS/JSTestException.h:
1264         * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
1265         * bindings/scripts/test/JS/JSTestInterface.h:
1266         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h:
1267         * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
1268         * bindings/scripts/test/JS/JSTestNamedConstructor.h:
1269         * bindings/scripts/test/JS/JSTestNode.h:
1270         * bindings/scripts/test/JS/JSTestNondeterministic.h:
1271         * bindings/scripts/test/JS/JSTestObj.h:
1272         * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
1273         * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
1274         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
1275         * bindings/scripts/test/JS/JSTestTypedefs.h:
1276         * bindings/scripts/test/JS/JSattribute.h:
1277         * bindings/scripts/test/JS/JSreadonly.h:
1278         Rebaseline bindings tests.
1279
1280
1281 2016-02-11  Csaba Osztrogonác  <ossy@webkit.org>
1282
1283         Fix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
1284         https://bugs.webkit.org/show_bug.cgi?id=154035
1285
1286         Reviewed by Antti Koivisto.
1287
1288         Follow-up fix after r196365. Removed guards around slotNodeIndex.
1289
1290         * dom/ComposedTreeIterator.h:
1291         (WebCore::ComposedTreeIterator::Context::Context):
1292
1293 2016-02-10  Ryan Haddad  <ryanhaddad@apple.com>
1294
1295         Updating bindings test reference file for JSTestEventConstructor.cpp after r196400
1296
1297         Unreviewed test gardening.
1298
1299         No new tests needed.
1300
1301         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
1302         (WebCore::JSTestEventConstructorConstructor::construct):
1303
1304 2016-02-10  Eric Carlson  <eric.carlson@apple.com>
1305
1306         Update "manual" caption track logic
1307         https://bugs.webkit.org/show_bug.cgi?id=154084
1308         <rdar://problem/24530516>
1309
1310         Reviewed by Dean Jackson.
1311
1312         No new tests, media/track/track-manual-mode.html was updated.
1313
1314         * English.lproj/Localizable.strings: Add new string.
1315
1316         * html/HTMLMediaElement.cpp:
1317         (WebCore::HTMLMediaElement::addTextTrack): track.setManualSelectionMode is no more.
1318         (WebCore::HTMLMediaElement::configureTextTrackGroup): Never enable a track automatically when
1319           in manual selection mode.
1320         (WebCore::HTMLMediaElement::captionPreferencesChanged):  track.setManualSelectionMode is no more.
1321
1322         * html/track/TextTrack.cpp:
1323         (WebCore::TextTrack::containsOnlyForcedSubtitles): Return true for forced tracks.
1324         (WebCore::TextTrack::kind): Deleted.
1325         * html/track/TextTrack.h:
1326
1327         * html/track/TrackBase.h:
1328         (WebCore::TrackBase::kind): De-virtualize, nobody overrides it.
1329
1330         * page/CaptionUserPreferencesMediaAF.cpp:
1331         (WebCore::trackDisplayName): Include "forced" in the name of forced tracks.
1332
1333         * platform/LocalizedStrings.cpp:
1334         (WebCore::forcedTrackMenuItemText): New.
1335         * platform/LocalizedStrings.h:
1336
1337 2016-02-10  Jiewen Tan  <jiewen_tan@apple.com>
1338
1339         Rename *Event::create* which creates events for bindings to *Event::createForBindings* and cleanup corresponding paths
1340         https://bugs.webkit.org/show_bug.cgi?id=153903
1341         <rdar://problem/24518146>
1342
1343         Reviewed by Darin Adler.
1344
1345         Rename Event::create(const AtomicString&, const EventInit&) to Event::createForBindings
1346         (const AtomicString&, const EventInit&) and for all the subclasses as well in order to
1347         support Event.isTrusted. Besides, some of the subclasses use the create method for bindings
1348         to create events not for bindings and vice versa. Therefore, this patch also cleanup
1349         corresponding paths to ensure no misuse of the create mehtod. The same for Event::create()
1350         as it is combined with Event::initEvent to create an event for bindings for legacy content.
1351
1352         After this patch, all call sites of *Event::create* are supposed to use *Event::create
1353         to create events for user agent and *Event::createForBindings for bindings.
1354
1355         No change in behavior.
1356
1357         * Modules/airplay/WebKitPlaybackTargetAvailabilityEvent.h:
1358         (WebCore::WebKitPlaybackTargetAvailabilityEvent::create):
1359         (WebCore::WebKitPlaybackTargetAvailabilityEvent::createForBindings):
1360         (WebCore::WebKitPlaybackTargetAvailabilityEventInit::WebKitPlaybackTargetAvailabilityEventInit): Deleted.
1361         * Modules/encryptedmedia/MediaKeyMessageEvent.cpp:
1362         (WebCore::MediaKeyMessageEvent::MediaKeyMessageEvent):
1363         (WebCore::MediaKeyMessageEventInit::MediaKeyMessageEventInit): Deleted.
1364         * Modules/encryptedmedia/MediaKeyMessageEvent.h:
1365         (WebCore::MediaKeyMessageEvent::create):
1366         (WebCore::MediaKeyMessageEvent::createForBindings):
1367         * Modules/encryptedmedia/MediaKeyNeededEvent.cpp:
1368         (WebCore::MediaKeyNeededEvent::MediaKeyNeededEvent):
1369         (WebCore::MediaKeyNeededEventInit::MediaKeyNeededEventInit): Deleted.
1370         * Modules/encryptedmedia/MediaKeyNeededEvent.h:
1371         (WebCore::MediaKeyNeededEvent::create):
1372         (WebCore::MediaKeyNeededEvent::createForBindings):
1373         * Modules/encryptedmedia/MediaKeySession.cpp:
1374         (WebCore::MediaKeySession::sendMessage):
1375         * Modules/gamepad/GamepadEvent.h:
1376         (WebCore::GamepadEvent::create):
1377         (WebCore::GamepadEvent::createForBindings):
1378         (WebCore::GamepadEventInit::GamepadEventInit): Deleted.
1379         * Modules/indieui/UIRequestEvent.cpp:
1380         (WebCore::UIRequestEvent::createForBindings):
1381         (WebCore::UIRequestEvent::UIRequestEvent):
1382         (WebCore::UIRequestEventInit::UIRequestEventInit): Deleted.
1383         (WebCore::UIRequestEvent::create): Deleted.
1384         * Modules/indieui/UIRequestEvent.h:
1385         * Modules/mediastream/MediaStreamEvent.cpp:
1386         (WebCore::MediaStreamEvent::createForBindings):
1387         (WebCore::MediaStreamEventInit::MediaStreamEventInit): Deleted.
1388         (WebCore::MediaStreamEvent::create): Deleted.
1389         * Modules/mediastream/MediaStreamEvent.h:
1390         * Modules/mediastream/MediaStreamTrackEvent.cpp:
1391         (WebCore::MediaStreamTrackEvent::createForBindings):
1392         (WebCore::MediaStreamTrackEventInit::MediaStreamTrackEventInit): Deleted.
1393         (WebCore::MediaStreamTrackEvent::create): Deleted.
1394         * Modules/mediastream/MediaStreamTrackEvent.h:
1395         * Modules/mediastream/RTCDTMFToneChangeEvent.cpp:
1396         (WebCore::RTCDTMFToneChangeEvent::createForBindings):
1397         (WebCore::RTCDTMFToneChangeEvent::create): Deleted.
1398         * Modules/mediastream/RTCDTMFToneChangeEvent.h:
1399         * Modules/mediastream/RTCDataChannelEvent.cpp:
1400         (WebCore::RTCDataChannelEvent::createForBindings):
1401         (WebCore::RTCDataChannelEvent::create): Deleted.
1402         * Modules/mediastream/RTCDataChannelEvent.h:
1403         * Modules/mediastream/RTCIceCandidateEvent.cpp:
1404         (WebCore::RTCIceCandidateEvent::createForBindings):
1405         (WebCore::RTCIceCandidateEvent::create): Deleted.
1406         * Modules/mediastream/RTCIceCandidateEvent.h:
1407         * Modules/mediastream/RTCTrackEvent.cpp:
1408         (WebCore::RTCTrackEvent::createForBindings):
1409         (WebCore::RTCTrackEventInit::RTCTrackEventInit): Deleted.
1410         (WebCore::RTCTrackEvent::create): Deleted.
1411         * Modules/mediastream/RTCTrackEvent.h:
1412         * Modules/speech/SpeechSynthesisEvent.cpp:
1413         (WebCore::SpeechSynthesisEvent::createForBindings):
1414         (WebCore::SpeechSynthesisEvent::create):
1415         (WebCore::SpeechSynthesisEvent::SpeechSynthesisEvent):
1416         * Modules/speech/SpeechSynthesisEvent.h:
1417         * Modules/webaudio/AudioProcessingEvent.cpp:
1418         (WebCore::AudioProcessingEvent::create): Deleted.
1419         * Modules/webaudio/AudioProcessingEvent.h:
1420         (WebCore::AudioProcessingEvent::create):
1421         (WebCore::AudioProcessingEvent::createForBindings):
1422         * Modules/webaudio/OfflineAudioCompletionEvent.cpp:
1423         (WebCore::OfflineAudioCompletionEvent::createForBindings):
1424         (WebCore::OfflineAudioCompletionEvent::create): Deleted.
1425         * Modules/webaudio/OfflineAudioCompletionEvent.h:
1426         * Modules/websockets/CloseEvent.h:
1427         (WebCore::CloseEvent::create):
1428         (WebCore::CloseEvent::createForBindings):
1429         (WebCore::CloseEvent::CloseEvent):
1430         (WebCore::CloseEventInit::CloseEventInit): Deleted.
1431         * bindings/objc/DOM.mm:
1432         (-[DOMNode nextFocusNode]):
1433         (-[DOMNode previousFocusNode]):
1434         * bindings/scripts/CodeGeneratorJS.pm:
1435         (GenerateConstructorDefinition):
1436         * dom/AnimationEvent.cpp:
1437         (WebCore::AnimationEventInit::AnimationEventInit): Deleted.
1438         * dom/AnimationEvent.h:
1439         * dom/BeforeLoadEvent.h:
1440         (WebCore::BeforeLoadEventInit::BeforeLoadEventInit): Deleted.
1441         * dom/ClipboardEvent.h:
1442         * dom/CompositionEvent.cpp:
1443         (WebCore::CompositionEventInit::CompositionEventInit): Deleted.
1444         * dom/CompositionEvent.h:
1445         * dom/CustomEvent.cpp:
1446         (WebCore::CustomEventInit::CustomEventInit): Deleted.
1447         * dom/CustomEvent.h:
1448         * dom/DeviceMotionEvent.h:
1449         * dom/DeviceOrientationEvent.h:
1450         * dom/Document.cpp:
1451         (WebCore::Document::createEvent):
1452         * dom/Element.cpp:
1453         (WebCore::Element::dispatchMouseEvent):
1454         * dom/ErrorEvent.cpp:
1455         (WebCore::ErrorEventInit::ErrorEventInit): Deleted.
1456         * dom/ErrorEvent.h:
1457         * dom/Event.cpp:
1458         (WebCore::EventInit::EventInit): Deleted.
1459         * dom/Event.h:
1460         (WebCore::Event::createForBindings):
1461         (WebCore::Event::create): Deleted.
1462         * dom/FocusEvent.cpp:
1463         (WebCore::FocusEventInit::FocusEventInit): Deleted.
1464         * dom/FocusEvent.h:
1465         * dom/HashChangeEvent.h:
1466         (WebCore::HashChangeEventInit::HashChangeEventInit): Deleted.
1467         * dom/KeyboardEvent.cpp:
1468         (WebCore::KeyboardEvent::KeyboardEvent):
1469         (WebCore::KeyboardEventInit::KeyboardEventInit): Deleted.
1470         * dom/KeyboardEvent.h:
1471         * dom/MessageEvent.cpp:
1472         (WebCore::MessageEvent::MessageEvent):
1473         (WebCore::MessageEventInit::MessageEventInit): Deleted.
1474         * dom/MessageEvent.h:
1475         * dom/MouseEvent.cpp:
1476         (WebCore::MouseEvent::createForBindings):
1477         (WebCore::MouseEvent::create):
1478         (WebCore::MouseEvent::MouseEvent):
1479         (WebCore::MouseEvent::cloneFor):
1480         (WebCore::MouseEventInit::MouseEventInit): Deleted.
1481         * dom/MouseEvent.h:
1482         (WebCore::MouseEvent::createForBindings):
1483         (WebCore::MouseEvent::create): Deleted.
1484         * dom/MouseRelatedEvent.cpp:
1485         (WebCore::MouseRelatedEvent::MouseRelatedEvent):
1486         (WebCore::MouseRelatedEvent::init):
1487         * dom/MouseRelatedEvent.h:
1488         (WebCore::MouseRelatedEvent::screenX):
1489         (WebCore::MouseRelatedEvent::screenY):
1490         (WebCore::MouseRelatedEvent::screenLocation):
1491         (WebCore::MouseRelatedEvent::clientX):
1492         (WebCore::MouseRelatedEvent::clientY):
1493         (WebCore::MouseRelatedEvent::movementX):
1494         (WebCore::MouseRelatedEvent::movementY):
1495         (WebCore::MouseRelatedEvent::clientLocation):
1496         (WebCore::MouseRelatedEvent::isSimulated):
1497         (WebCore::MouseRelatedEvent::absoluteLocation):
1498         (WebCore::MouseRelatedEvent::setAbsoluteLocation):
1499         * dom/MutationEvent.h:
1500         * dom/OverflowEvent.cpp:
1501         (WebCore::OverflowEvent::OverflowEvent):
1502         (WebCore::OverflowEvent::initOverflowEvent):
1503         (WebCore::OverflowEventInit::OverflowEventInit): Deleted.
1504         * dom/OverflowEvent.h:
1505         * dom/PageTransitionEvent.cpp:
1506         (WebCore::PageTransitionEventInit::PageTransitionEventInit): Deleted.
1507         * dom/PageTransitionEvent.h:
1508         * dom/PopStateEvent.cpp:
1509         (WebCore::PopStateEvent::createForBindings):
1510         (WebCore::PopStateEventInit::PopStateEventInit): Deleted.
1511         (WebCore::PopStateEvent::PopStateEvent): Deleted.
1512         (WebCore::PopStateEvent::create): Deleted.
1513         * dom/PopStateEvent.h:
1514         * dom/ProgressEvent.cpp:
1515         (WebCore::ProgressEventInit::ProgressEventInit): Deleted.
1516         * dom/ProgressEvent.h:
1517         (WebCore::ProgressEvent::createForBindings):
1518         (WebCore::ProgressEvent::create): Deleted.
1519         * dom/SecurityPolicyViolationEvent.h:
1520         (WebCore::SecurityPolicyViolationEventInit::SecurityPolicyViolationEventInit): Deleted.
1521         * dom/TextEvent.cpp:
1522         (WebCore::TextEvent::createForBindings):
1523         (WebCore::TextEvent::create): Deleted.
1524         * dom/TextEvent.h:
1525         * dom/TouchEvent.h:
1526         * dom/TransitionEvent.cpp:
1527         (WebCore::TransitionEventInit::TransitionEventInit): Deleted.
1528         * dom/TransitionEvent.h:
1529         * dom/UIEvent.cpp:
1530         (WebCore::UIEventInit::UIEventInit): Deleted.
1531         * dom/UIEvent.h:
1532         (WebCore::UIEvent::createForBindings):
1533         (WebCore::UIEvent::create): Deleted.
1534         * dom/UIEventWithKeyState.h:
1535         (WebCore::UIEventWithKeyState::ctrlKey):
1536         (WebCore::UIEventWithKeyState::shiftKey):
1537         (WebCore::UIEventWithKeyState::altKey):
1538         (WebCore::UIEventWithKeyState::metaKey):
1539         (WebCore::UIEventWithKeyState::UIEventWithKeyState):
1540         * dom/WebKitAnimationEvent.cpp:
1541         (WebCore::WebKitAnimationEventInit::WebKitAnimationEventInit): Deleted.
1542         * dom/WebKitAnimationEvent.h:
1543         * dom/WebKitTransitionEvent.cpp:
1544         (WebCore::WebKitTransitionEventInit::WebKitTransitionEventInit): Deleted.
1545         * dom/WebKitTransitionEvent.h:
1546         * dom/WheelEvent.h:
1547         * html/HTMLMediaElement.cpp:
1548         (WebCore::HTMLMediaElement::mediaPlayerKeyAdded):
1549         (WebCore::HTMLMediaElement::mediaPlayerKeyError):
1550         (WebCore::HTMLMediaElement::mediaPlayerKeyMessage):
1551         (WebCore::HTMLMediaElement::mediaPlayerKeyNeeded):
1552         * html/MediaKeyEvent.cpp:
1553         (WebCore::MediaKeyEvent::MediaKeyEvent):
1554         (WebCore::MediaKeyEventInit::MediaKeyEventInit): Deleted.
1555         * html/MediaKeyEvent.h:
1556         * html/canvas/WebGLContextEvent.cpp:
1557         (WebCore::WebGLContextEventInit::WebGLContextEventInit): Deleted.
1558         * html/canvas/WebGLContextEvent.h:
1559         * html/track/TrackEvent.cpp:
1560         (WebCore::TrackEvent::TrackEvent):
1561         (WebCore::TrackEventInit::TrackEventInit): Deleted.
1562         * html/track/TrackEvent.h:
1563         * html/track/TrackListBase.cpp:
1564         (TrackListBase::scheduleTrackEvent):
1565         (TrackListBase::scheduleChangeEvent):
1566         * page/EventSource.cpp:
1567         (WebCore::EventSource::createMessageEvent):
1568         * page/csp/ContentSecurityPolicy.cpp:
1569         (WebCore::ContentSecurityPolicy::reportViolation):
1570         (WebCore::gatherSecurityPolicyViolationEventData): Deleted.
1571         * storage/StorageEvent.cpp:
1572         (WebCore::StorageEvent::createForBindings):
1573         (WebCore::StorageEventInit::StorageEventInit): Deleted.
1574         (WebCore::StorageEvent::create): Deleted.
1575         * storage/StorageEvent.h:
1576         * svg/SVGZoomEvent.h:
1577         (WebCore::SVGZoomEvent::createForBindings):
1578         (WebCore::SVGZoomEvent::create): Deleted.
1579         * xml/XMLHttpRequestProgressEvent.h:
1580         (WebCore::XMLHttpRequestProgressEvent::createForBindings):
1581         (WebCore::XMLHttpRequestProgressEvent::create): Deleted.
1582
1583 2016-02-10  Ryan Haddad  <ryanhaddad@apple.com>
1584
1585         Rebaselining bindings tests
1586
1587         Unreviewed test gardening.
1588
1589         No new tests needed.
1590
1591         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
1592         * bindings/scripts/test/JS/JSTestCallback.cpp:
1593         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
1594         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
1595         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
1596         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
1597         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
1598         * bindings/scripts/test/JS/JSTestException.cpp:
1599         * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
1600         * bindings/scripts/test/JS/JSTestInterface.cpp:
1601         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
1602         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
1603         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
1604         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
1605         * bindings/scripts/test/JS/JSTestObj.cpp:
1606         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
1607         * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
1608         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
1609         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
1610         * bindings/scripts/test/JS/JSattribute.cpp:
1611         * bindings/scripts/test/JS/JSreadonly.cpp:
1612
1613 2016-02-10  Konstantin Tokarev  <annulen@yandex.ru>
1614
1615         [cmake] Consolidate CMake code related to image decoders.
1616         https://bugs.webkit.org/show_bug.cgi?id=154074
1617
1618         Reviewed by Alex Christensen.
1619
1620         Common image decoder sources, includes and libs are moved to
1621         platform/ImageDecoders.cmake.
1622
1623         Also, added include directories of libjpeg and libpng to
1624         WebCore_SYSTEM_INCLUDE_DIRECTORIES.
1625
1626         No new tests needed.
1627
1628         * CMakeLists.txt: Moved common include paths to ImageDecoders.cmake.
1629         * PlatformEfl.cmake: Moved common sources and libs to ImageDecoders.cmake.
1630         * PlatformGTK.cmake: Ditto.
1631         * PlatformWinCairo.cmake: Moved common sources to ImageDecoders.cmake.
1632         * platform/ImageDecoders.cmake: Added.
1633
1634 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
1635
1636         CSSSegmentedFontFace does not need to be reference counted
1637         https://bugs.webkit.org/show_bug.cgi?id=154083
1638
1639         Reviewed by Antti Koivisto.
1640
1641         ...There is only ever a single reference to one.
1642
1643         No new tests because there is no behavior change.
1644
1645         * css/CSSFontSelector.cpp:
1646         (WebCore::CSSFontSelector::getFontFace):
1647         * css/CSSFontSelector.h:
1648         * css/CSSSegmentedFontFace.h:
1649         (WebCore::CSSSegmentedFontFace::create): Deleted.
1650
1651 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
1652
1653         FontCache's clients should use references instead of pointers
1654         https://bugs.webkit.org/show_bug.cgi?id=154085
1655
1656         Reviewed by Antti Koivisto.
1657
1658         They are never null.
1659
1660         No new tests because there is no behavior change.
1661
1662         * css/CSSFontSelector.cpp:
1663         (WebCore::CSSFontSelector::CSSFontSelector):
1664         (WebCore::CSSFontSelector::~CSSFontSelector):
1665         * platform/graphics/FontCache.cpp:
1666         (WebCore::FontCache::addClient):
1667         (WebCore::FontCache::removeClient):
1668         * platform/graphics/FontCache.h:
1669
1670 2016-02-10  Chris Dumez  <cdumez@apple.com>
1671
1672         [Web IDL] interface objects should be Function objects
1673         https://bugs.webkit.org/show_bug.cgi?id=154038
1674         <rdar://problem/24569358>
1675
1676         Reviewed by Geoffrey Garen.
1677
1678         interface objects should be Function objects as per Web IDL:
1679         - http://heycam.github.io/webidl/#interface-object
1680         - http://heycam.github.io/webidl/#es-interfaces
1681
1682         So window.Event should be a Function object for e.g. but in WebKit it
1683         is a regular EventConstructor JSObject.
1684         Firefox and Chrome match the specification.
1685
1686         Test: js/interface-objects.html
1687
1688         * bindings/js/JSDOMBinding.cpp:
1689         (WebCore::callThrowTypeError):
1690         (WebCore::DOMConstructorObject::getCallData):
1691         When calling the interface object as a function, we throw a TypeError
1692         with a message asking to use the 'new' operator to match the behavior
1693         of Firefox and Chrome.
1694
1695         * bindings/js/JSDOMBinding.h:
1696         Add JSC::TypeOfShouldCallGetCallData structure flag and implement
1697         getCallData() so that typeof returns "function", as per the
1698         specification and the behavior of other browsers.
1699
1700         (WebCore::DOMConstructorObject::className):
1701         Implement className() and return "Function" to match the specification and
1702         other browsers. Otherwise, it would fall back to using ClassInfo::className
1703         which os the function name and interface name (e.g. "Event").
1704
1705         * bindings/js/JSDOMConstructor.h:
1706         (WebCore::JSDOMConstructorNotConstructable::callThrowTypeError):
1707         (WebCore::JSDOMConstructorNotConstructable::getCallData):
1708         As per the specification, interfaces that do not have a [Constructor]
1709         should throw a TypeError when called as a function. Use the "Illegal
1710         constructor" error message to match Firefox and Chrome.
1711
1712         * bindings/js/JSDOMGlobalObject.h:
1713         (WebCore::getDOMConstructor):
1714         Instead of using objectPrototype as prototype for all DOM constructors,
1715         we now call the prototypeForStructure() static function that is
1716         generated for each bindings class. As per the Web IDL specification,
1717         The [[Prototype]] internal property of an interface object for a
1718         non-callback interface is determined as follows:
1719         1. If the interface inherits from some other interface, the value of
1720            [[Prototype]] is the interface object for that other interface.
1721         2. If the interface doesn't inherit from any other interface, the value
1722            of [[Prototype]] is %FunctionPrototype% ([ECMA-262], section 6.1.7.4).
1723
1724         * bindings/js/JSImageConstructor.cpp:
1725         (WebCore::JSImageConstructor::prototypeForStructure):
1726         Have the Image's interface object use HTMLElement's interface object
1727         as prototype as HTMLImageElement inherits HTMLElement.
1728
1729         * bindings/scripts/CodeGenerator.pm:
1730         (getInterfaceExtendedAttributesFromName):
1731         Add a utility function to cheaply retrieve an interface's IDL extended
1732         attributes without actually parsing the IDL. This is used to check if
1733         an interface's parent is marked as [NoInterfaceObject] currently.
1734
1735         * bindings/scripts/CodeGeneratorJS.pm:
1736         (GenerateHeader):
1737         (GenerateImplementation):
1738         (GenerateCallbackHeader):
1739         (GenerateCallbackImplementation):
1740         Mark JSGlobalObject* parameter as const as the implementation does not
1741         alter the globalObject.
1742
1743         (GenerateConstructorHelperMethods):
1744         - Generate prototypeForStructure() function for each bindings class that
1745           is not marked as [NoInterfaceObject] so getDOMConstructor() knows which
1746           prototype to use for the interface object / constructor when constructing
1747           it.
1748         - Use the interface name for the interface object, without the "Constructor"
1749           suffix, to match the behavior of Firefox and Chrome.
1750
1751         * bindings/scripts/test/*:
1752         Rebaseline bindings tests.
1753
1754 2016-02-10  Jer Noble  <jer.noble@apple.com>
1755
1756         [Mac] Graphical corruption in videos when enabling custom loading path
1757         https://bugs.webkit.org/show_bug.cgi?id=154044
1758
1759         Reviewed by Alex Christensen.
1760
1761         Revert the "Drive-by fix" in r196345 as it breaks the WebCoreNSURLSessionTests.BasicOperation API test.
1762
1763         * platform/network/cocoa/WebCoreNSURLSession.mm:
1764         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
1765
1766 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
1767
1768         CSSSegmentedFontFace does not need to be reference counted
1769         https://bugs.webkit.org/show_bug.cgi?id=154083
1770
1771         Reviewed by Antti Koivisto.
1772
1773         ...There is only ever a single reference to one.
1774
1775         No new tests because there is no behavior change.
1776
1777         * css/CSSFontSelector.cpp:
1778         (WebCore::CSSFontSelector::getFontFace):
1779         * css/CSSFontSelector.h:
1780         * css/CSSSegmentedFontFace.h:
1781         (WebCore::CSSSegmentedFontFace::create): Deleted.
1782
1783 2016-02-10  Antti Koivisto  <antti@apple.com>
1784
1785         Optimize style invalidation after class attribute change
1786         https://bugs.webkit.org/show_bug.cgi?id=154075
1787         rdar://problem/12526450
1788
1789         Reviewed by Andreas Kling.
1790
1791         Currently a class attribute change invalidates style for the entire element subtree for any class found in the
1792         active stylesheet set.
1793
1794         This patch optimizes class changes by building a new optimization structure called ancestorClassRules. It contains
1795         rules that have class selectors in the portion of the complex selector that matches ancestor elements. The sets
1796         of rules are hashes by the class name.
1797
1798         On class attribute change the existing StyleInvalidationAnalysis mechanism is used with ancestorClassRules to invalidate
1799         exactly those descendants that are affected by the addition or removal of the class name. This is fast because the CSS JIT
1800         makes selector matching cheap and the number of relevant rules is typically small.
1801
1802         This optimization is very effective on many dynamic pages. For example when focusing and unfocusing the web inspector it
1803         cuts down the number of resolved elements from ~1000 to ~50. Even in PLT it reduces the number of resolved elements by ~11%.
1804
1805         * css/DocumentRuleSets.cpp:
1806         (WebCore::DocumentRuleSets::collectFeatures):
1807         (WebCore::DocumentRuleSets::ancestorClassRules):
1808
1809             Create optimization RuleSets on-demand when there is an actual dynamic class change.
1810
1811         * css/DocumentRuleSets.h:
1812         (WebCore::DocumentRuleSets::features):
1813         (WebCore::DocumentRuleSets::sibling):
1814         (WebCore::DocumentRuleSets::uncommonAttribute):
1815         * css/ElementRuleCollector.cpp:
1816         (WebCore::ElementRuleCollector::ElementRuleCollector):
1817
1818             Add a new constructor that doesn't requires DocumentRuleSets. Only the user and author style is required.
1819
1820         (WebCore::ElementRuleCollector::matchAuthorRules):
1821         (WebCore::ElementRuleCollector::matchUserRules):
1822         * css/ElementRuleCollector.h:
1823         * css/RuleFeature.cpp:
1824         (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
1825
1826             Collect class names that show up in the ancestor portion of the selector.
1827             Make this a member.
1828
1829         (WebCore::RuleFeatureSet::collectFeatures):
1830
1831             Move this code from RuleData.
1832             Add the rule to ancestorClassRules if needed.
1833
1834         (WebCore::RuleFeatureSet::add):
1835         (WebCore::RuleFeatureSet::clear):
1836         (WebCore::RuleFeatureSet::shrinkToFit):
1837         (WebCore::recursivelyCollectFeaturesFromSelector): Deleted.
1838         (WebCore::RuleFeatureSet::collectFeaturesFromSelector): Deleted.
1839         * css/RuleFeature.h:
1840         (WebCore::RuleFeature::RuleFeature):
1841         (WebCore::RuleFeatureSet::RuleFeatureSet): Deleted.
1842         * css/RuleSet.cpp:
1843         (WebCore::RuleData::RuleData):
1844         (WebCore::RuleSet::RuleSet):
1845         (WebCore::RuleSet::~RuleSet):
1846         (WebCore::RuleSet::addToRuleSet):
1847         (WebCore::RuleSet::addRule):
1848         (WebCore::RuleSet::addRulesFromSheet):
1849         (WebCore::collectFeaturesFromRuleData): Deleted.
1850         * css/RuleSet.h:
1851         (WebCore::RuleSet::tagRules):
1852         (WebCore::RuleSet::RuleSet): Deleted.
1853         * css/StyleInvalidationAnalysis.cpp:
1854         (WebCore::shouldDirtyAllStyle):
1855         (WebCore::StyleInvalidationAnalysis::StyleInvalidationAnalysis):
1856
1857             Add a new constructor that takes a ready made RuleSet instead of a stylesheet.
1858
1859         (WebCore::StyleInvalidationAnalysis::invalidateIfNeeded):
1860         (WebCore::StyleInvalidationAnalysis::invalidateStyleForTree):
1861         (WebCore::StyleInvalidationAnalysis::invalidateStyle):
1862         (WebCore::StyleInvalidationAnalysis::invalidateStyle):
1863
1864             New function for invalidating a subtree instead of the whole document.
1865
1866         * css/StyleInvalidationAnalysis.h:
1867         (WebCore::StyleInvalidationAnalysis::dirtiesAllStyle):
1868         (WebCore::StyleInvalidationAnalysis::hasShadowPseudoElementRulesInAuthorSheet):
1869         * dom/Element.cpp:
1870         (WebCore::classStringHasClassName):
1871         (WebCore::collectClasses):
1872         (WebCore::computeClassChange):
1873
1874             Factor to return the changed classes.
1875
1876         (WebCore::invalidateStyleForClassChange):
1877
1878             First filter out classes that don't show up in stylesheets. If something remains invalidate the current
1879             element for inline style change (that is a style change that doesn't affect descendants).
1880
1881             Next check if there are any ancestorClassRules for the changed class. If so use the StyleInvalidationAnalysis
1882             to find any affected descendants and invalidate them with inline style change as well.
1883
1884         (WebCore::Element::classAttributeChanged):
1885
1886             Invalidate for removed classes before setting new attribute value, invalidate for added classes afterwards.
1887
1888         (WebCore::Element::absoluteLinkURL):
1889         (WebCore::checkSelectorForClassChange): Deleted.
1890         * dom/ElementData.h:
1891         (WebCore::ElementData::setClassNames):
1892         (WebCore::ElementData::classNames):
1893         (WebCore::ElementData::classNamesMemoryOffset):
1894         (WebCore::ElementData::clearClass): Deleted.
1895         (WebCore::ElementData::setClass): Deleted.
1896
1897 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
1898
1899         Addressing post-review comments after r196322
1900
1901         Unreviwed.
1902
1903         * css/CSSFontFaceSource.cpp:
1904         (WebCore::CSSFontFaceSource::font):
1905         * css/CSSFontFaceSource.h:
1906
1907 2016-02-10  Chris Dumez  <cdumez@apple.com>
1908
1909         Attributes on the Window instance should be configurable unless [Unforgeable]
1910         https://bugs.webkit.org/show_bug.cgi?id=153920
1911         <rdar://problem/24563211>
1912
1913         Reviewed by Darin Adler.
1914
1915         Attributes on the Window instance should be configurable unless [Unforgeable]:
1916         1. 'constructor' property:
1917            - http://www.w3.org/TR/WebIDL/#interface-prototype-object
1918         2. Constructor properties (e.g. window.Node):
1919            - http://www.w3.org/TR/WebIDL/#es-interfaces
1920         3. IDL attributes:
1921            - http://heycam.github.io/webidl/#es-attributes (configurable unless
1922              [Unforgeable], e.g. window.location)
1923
1924         Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.
1925
1926         Test: fast/dom/Window/window-properties-configurable.html
1927
1928         * bindings/js/JSDOMWindowCustom.cpp:
1929         (WebCore::JSDOMWindow::getOwnPropertySlot):
1930         For known Window properties (i.e. properties in the static property table),
1931         if we have reified and this is same-origin access, then call
1932         Base::getOwnPropertySlot() to get the property from the local property
1933         storage. If we have not reified yet, or this is cross-origin access, query
1934         the static property table. This is to match the behavior of Firefox and
1935         Chrome which seem to keep returning the original properties upon cross
1936         origin access, even if those were deleted or redefined.
1937
1938         (WebCore::JSDOMWindow::put):
1939         The previous code used to call the static property setter for properties in
1940         the static table. However, this does not do the right thing if properties
1941         were reified. For example, deleting window.name and then trying to set it
1942         again would not work. Therefore, update this code to only do this if the
1943         properties have not been reified, similarly to what is done in
1944         JSObject::putInlineSlow().
1945
1946         * bindings/scripts/CodeGeneratorJS.pm:
1947         (ConstructorShouldBeOnInstance):
1948         Add a FIXME comment indicating that window.constructor should be on
1949         the prototype as per the Web IDL specification.
1950
1951         (GenerateAttributesHashTable):
1952         - Mark 'constructor' property as configurable for Window, as per the
1953           specification and consistently with other 'constructor' properties:
1954           http://www.w3.org/TR/WebIDL/#interface-prototype-object
1955         - Mark properties as configurable even though they are on the instance.
1956           Window has its properties on the instance as per the specification:
1957           1. http://heycam.github.io/webidl/#es-attributes
1958           2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
1959           However, these properties should be configurable as long as they are
1960           not marked as [Unforgeable], as per 1.
1961
1962         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
1963         * bindings/scripts/test/JS/JSTestException.cpp:
1964         * bindings/scripts/test/JS/JSTestObj.cpp:
1965         Rebaseline bindings tests.
1966
1967 2016-02-10  Brady Eidson  <beidson@apple.com>
1968
1969         Modern IDB: Ref cycle between IDBObjectStore and IDBTransaction.
1970         https://bugs.webkit.org/show_bug.cgi?id=154061
1971
1972         Reviewed by Alex Christensen.
1973
1974         No new tests (Currently untestable).
1975
1976         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
1977         (WebCore::IDBClient::IDBTransaction::transitionedToFinishing): Make sure the new state makes sense,
1978           set the new state, and then clear the set of referenced object stores which is no longer needed.
1979         (WebCore::IDBClient::IDBTransaction::abort):
1980         (WebCore::IDBClient::IDBTransaction::commit):
1981         * Modules/indexeddb/client/IDBTransactionImpl.h:
1982
1983 2016-02-10  Jer Noble  <jer.noble@apple.com>
1984
1985         REGRESSION(r195770): Use-after-free in ResourceLoaderOptions::cachingPolicy
1986         https://bugs.webkit.org/show_bug.cgi?id=153727
1987         <rdar://problem/24429886>
1988
1989         Reviewed by Darin Adler.
1990
1991         Follow-up after r195965. Only protect those parts of CachedResource::removeClient() which
1992         affect the MemoryCache when allowsCaching() is false.
1993
1994         * loader/cache/CachedResource.cpp:
1995         (WebCore::CachedResource::removeClient):
1996
1997 2016-02-10  Csaba Osztrogonác  <ossy@webkit.org>
1998
1999         Fix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
2000         https://bugs.webkit.org/show_bug.cgi?id=154035
2001
2002         Reviewed by Antti Koivisto.
2003
2004         * dom/ComposedTreeIterator.h:
2005         (WebCore::ComposedTreeIterator::Context::Context):
2006
2007 2016-02-09  Carlos Garcia Campos  <cgarcia@igalia.com>
2008
2009         [GTK] Toggle buttons are blurry with GTK+ 3.19
2010         https://bugs.webkit.org/show_bug.cgi?id=154007
2011
2012         Reviewed by Michael Catanzaro.
2013
2014         Use min-width/min-height style properties when GTK+ >= 3.19.7 to
2015         get the size of toggle buttons.
2016
2017         * rendering/RenderThemeGtk.cpp:
2018         (WebCore::setToggleSize):
2019         (WebCore::paintToggle):
2020
2021 2016-02-09  Aakash Jain  <aakash_jain@apple.com>
2022
2023         Headers that use WEBCORE_EXPORT should include PlatformExportMacros.h
2024         https://bugs.webkit.org/show_bug.cgi?id=146984
2025
2026         Reviewed by Alexey Proskuryakov.
2027
2028         * Modules/speech/SpeechSynthesis.h:
2029         * contentextensions/ContentExtensionError.h:
2030         * dom/DeviceOrientationClient.h:
2031         * platform/graphics/Color.h:
2032         * platform/ios/wak/WebCoreThread.h:
2033         * platform/network/CacheValidation.h:
2034         * platform/network/cf/CertificateInfo.h:
2035
2036 2016-02-09  Nan Wang  <n_wang@apple.com>
2037
2038         AX: Implement word related text marker functions using TextIterator
2039         https://bugs.webkit.org/show_bug.cgi?id=153939
2040         <rdar://problem/24269605>
2041
2042         Reviewed by Chris Fleizach.
2043
2044         Using CharacterOffset to implement word related text marker calls. Reused
2045         logic from previousBoundary and nextBoundary in VisibleUnits class.
2046
2047         Test: accessibility/mac/text-marker-word-nav.html
2048
2049         * accessibility/AXObjectCache.cpp:
2050         (WebCore::AXObjectCache::traverseToOffsetInRange):
2051         (WebCore::AXObjectCache::rangeForNodeContents):
2052         (WebCore::isReplacedNodeOrBR):
2053         (WebCore::characterOffsetsInOrder):
2054         (WebCore::resetNodeAndOffsetForReplacedNode):
2055         (WebCore::setRangeStartOrEndWithCharacterOffset):
2056         (WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets):
2057         (WebCore::AXObjectCache::setTextMarkerDataWithCharacterOffset):
2058         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
2059         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
2060         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
2061         (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
2062         (WebCore::AXObjectCache::previousNode):
2063         (WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
2064         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
2065         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
2066         (WebCore::AXObjectCache::nextCharacterOffset):
2067         (WebCore::AXObjectCache::previousCharacterOffset):
2068         (WebCore::startWordBoundary):
2069         (WebCore::endWordBoundary):
2070         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
2071         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
2072         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
2073         (WebCore::AXObjectCache::nextWordEndCharacterOffset):
2074         (WebCore::AXObjectCache::leftWordRange):
2075         (WebCore::AXObjectCache::rightWordRange):
2076         (WebCore::characterForCharacterOffset):
2077         (WebCore::AXObjectCache::characterAfter):
2078         (WebCore::AXObjectCache::characterBefore):
2079         (WebCore::parentEditingBoundary):
2080         (WebCore::AXObjectCache::nextWordBoundary):
2081         (WebCore::AXObjectCache::previousWordBoundary):
2082         (WebCore::AXObjectCache::rootAXEditableElement):
2083         * accessibility/AXObjectCache.h:
2084         (WebCore::AXObjectCache::removeNodeForUse):
2085         (WebCore::AXObjectCache::isNodeInUse):
2086         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
2087         (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]):
2088         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]):
2089         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]):
2090         (textMarkerForCharacterOffset):
2091         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
2092         * editing/VisibleUnits.cpp:
2093         (WebCore::rightWordPosition):
2094         (WebCore::prepend):
2095         (WebCore::appendRepeatedCharacter):
2096         (WebCore::suffixLengthForRange):
2097         (WebCore::prefixLengthForRange):
2098         (WebCore::backwardSearchForBoundaryWithTextIterator):
2099         (WebCore::forwardSearchForBoundaryWithTextIterator):
2100         (WebCore::previousBoundary):
2101         (WebCore::nextBoundary):
2102         * editing/VisibleUnits.h:
2103
2104 2016-02-09  Daniel Bates  <dabates@apple.com>
2105
2106         CSP: Extract helper classes into their own files
2107         https://bugs.webkit.org/show_bug.cgi?id=154040
2108         <rdar://problem/24571189>
2109
2110         Reviewed by Brent Fulgham.
2111
2112         No functionality was changed. So, no new tests.
2113
2114         * CMakeLists.txt: Add files ContentSecurityPolicy{DirectiveList, MediaListDirective, Source, SourceList, SourceListDirective}.cpp.
2115         * WebCore.xcodeproj/project.pbxproj: Ditto.
2116         * page/csp/ContentSecurityPolicy.cpp: Clean up #includes. Include header ParsingUtilities.h so that we can remove our own
2117         variants of skip{Exactly, Until, While}(). Update code as necessary for class renames.
2118         (WebCore::skipExactly): Deleted; instead use the analogous function in ParsingUtilities.h.
2119         (WebCore::skipUntil): Deleted; instead use the analogous function in ParsingUtilities.h.
2120         (WebCore::skipWhile): Deleted; instead use the analogous function in ParsingUtilities.h.
2121         (WebCore::isSourceListNone): Moved to file ContentSecurityPolicySourceList.cpp.
2122         (WebCore::CSPSource): Deleted; moved implementation to files ContentSecurityPolicySource.{cpp, h}.
2123         (WebCore::CSPSourceList): Deleted; moved implementation to files ContentSecurityPolicySourceList.{cpp, h}.
2124         (WebCore::CSPDirective): Deleted; moved implementation to file ContentSecurityPolicyDirective.h.
2125         (WebCore::MediaListDirective): Deleted; moved implementation to files ContentSecurityPolicyMediaListDirective.{cpp, h}.
2126         (WebCore::SourceListDirective): Deleted; moved implementation to files ContentSecurityPolicySourceListDirective.{cpp, h}.
2127         (WebCore::CSPDirectiveList): Deleted; moved implementation to files ContentSecurityPolicyDirectiveList.{cpp, h}.
2128         * page/csp/ContentSecurityPolicy.h:
2129         * page/csp/ContentSecurityPolicyDirective.h: Added.
2130         * page/csp/ContentSecurityPolicyDirectiveList.cpp: Added; removed use of ternary operator where it made the code less readable.
2131         Updated code to make use of the functions defined in ParsingUtilities.h.
2132         (WebCore::isExperimentalDirectiveName): Moved from file ContentSecurityPolicy.cpp.
2133         (WebCore::isCSPDirectiveName): Ditto.
2134         (WebCore::isDirectiveNameCharacter): Ditto.
2135         (WebCore::isDirectiveValueCharacter): Ditto.
2136         (WebCore::isNotASCIISpace): Ditto.
2137         * page/csp/ContentSecurityPolicyDirectiveList.h: Added.
2138         * page/csp/ContentSecurityPolicyMediaListDirective.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.
2139         (WebCore::isMediaTypeCharacter): Moved from file ContentSecurityPolicy.cpp.
2140         (WebCore::isNotASCIISpace): Ditto.
2141         * page/csp/ContentSecurityPolicyMediaListDirective.h: Added.
2142         * page/csp/ContentSecurityPolicySource.cpp: Added.
2143         * page/csp/ContentSecurityPolicySource.h: Added.
2144         * page/csp/ContentSecurityPolicySourceList.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.
2145         (WebCore::isSourceCharacter): Moved from file ContentSecurityPolicy.cpp.
2146         (WebCore::isHostCharacter): Ditto.
2147         (WebCore::isPathComponentCharacter): Ditto.
2148         (WebCore::isSchemeContinuationCharacter): Ditto.
2149         (WebCore::isNotColonOrSlash): Ditto.
2150         (WebCore::isSourceListNone): Ditto.
2151         * page/csp/ContentSecurityPolicySourceList.h: Added.
2152         * page/csp/ContentSecurityPolicySourceListDirective.cpp: Added.
2153         * page/csp/ContentSecurityPolicySourceListDirective.h: Added.
2154
2155 2016-02-09  Brady Eidson  <beidson@apple.com>
2156
2157         Modern IDB: TransactionOperation objects leak.
2158         https://bugs.webkit.org/show_bug.cgi?id=154054
2159
2160         Reviewed by Alex Christensen.
2161
2162         No new tests (Currently untestable).
2163
2164         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
2165         (WebCore::IDBClient::IDBTransaction::abortOnServerAndCancelRequests): Remove the TransactionOperation from
2166           the map, as this operation doesn't complete "normally" like most others.
2167         (WebCore::IDBClient::IDBTransaction::commitOnServer): Ditto.
2168         
2169         * Modules/indexeddb/client/TransactionOperation.h:
2170         (WebCore::IDBClient::TransactionOperation::perform): Clear the m_performFunction after use,
2171           as it holds a lambda that holds a RefPtr to the IDBTransaction, as well as a self-ref.
2172         (WebCore::IDBClient::TransactionOperation::completed): Clear m_completeFunction for the same reasons.
2173
2174 2016-02-09  Jer Noble  <jer.noble@apple.com>
2175
2176         [Mac] Graphical corruption in videos when enabling custom loading path
2177         https://bugs.webkit.org/show_bug.cgi?id=154044
2178
2179         Reviewed by Alex Christensen.
2180
2181         The NSOperationQueue provided by AVFoundation from the AVAssetResourceLoader queue is not
2182         set to be a serial queue. So when adding dataReceived operations to that queue, there exists
2183         the possibility that some operations are handled before others, and the client will receieve
2184         data out of order.
2185
2186         A real NSURLSession object will only issue another operation when the first operation
2187         completes, so emulate this behavior in WebCoreNSURLSession by using a serial dispatch queue.
2188         The internal queue will enqueue an operation to the resource loader's queue, and block until
2189         that operation completes, thus ensuring ordering of the data (and other) operations.
2190
2191         * platform/network/cocoa/WebCoreNSURLSession.h:
2192         * platform/network/cocoa/WebCoreNSURLSession.mm:
2193         (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Initialize _internalQueue
2194         (-[WebCoreNSURLSession addDelegateOperation:]): Added utility method.
2195         (-[WebCoreNSURLSession taskCompleted:]): Call -addDelegateOperation:
2196         (-[WebCoreNSURLSession finishTasksAndInvalidate]): Ditto.
2197         (-[WebCoreNSURLSession resetWithCompletionHandler:]): Ditto.
2198         (-[WebCoreNSURLSession flushWithCompletionHandler:]): Ditto.
2199         (-[WebCoreNSURLSession getTasksWithCompletionHandler:]): Ditto.
2200         (-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]): Ditto.
2201         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Ditto.
2202         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Ditto.
2203         (-[WebCoreNSURLSessionDataTask resourceFinished:]): Ditto.
2204
2205         Drive-by fix:
2206         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Set countOfBytesReceived outside the operation,
2207             queue, matching NSURLSessionDataTask's behavior.
2208
2209 2016-02-09  Nan Wang  <n_wang@apple.com>
2210
2211         [iOS Simulator] accessibility/text-marker/text-marker-range-stale-node-crash.html crashing
2212         https://bugs.webkit.org/show_bug.cgi?id=154039
2213
2214         Reviewed by Chris Fleizach.
2215
2216         We are accessing the derefed node in the CharacterOffset object, we should create an empty
2217         CharacterOffset object if the node is not in use.
2218
2219         It's covered by the test accessibility/text-marker/text-marker-range-stale-node-crash.html.
2220
2221         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
2222         (-[WebAccessibilityTextMarker characterOffset]):
2223         (-[WebAccessibilityTextMarker isIgnored]):
2224
2225 2016-02-09  Myles C. Maxfield  <mmaxfield@apple.com>
2226
2227         Unreviewed build fix after r196322
2228
2229         Unreviewed.
2230
2231         * css/CSSFontFace.cpp:
2232         (WebCore::CSSFontFace::font):
2233
2234 2016-02-09  Zalan Bujtas  <zalan@apple.com>
2235
2236         Outline corners do not align properly for multiline inlines.
2237         https://bugs.webkit.org/show_bug.cgi?id=154025
2238
2239         Reviewed by David Hyatt.
2240
2241         Adjust border position when outline-offset > 0. This patch also
2242         removes integral pixelsnapping (drawLineForBoxSide takes care of
2243         device pixelsnapping). 
2244
2245         Test: fast/inline/outline-corners-with-offset.html
2246
2247         * rendering/RenderInline.cpp:
2248         (WebCore::RenderInline::paintOutlineForLine):
2249
2250 2016-02-09  Jer Noble  <jer.noble@apple.com>
2251
2252         [Mac] Adopt NSURLSession properties in AVAssetResourceLoader
2253
2254         Rubber-stamped by Eric Carlson;
2255
2256         Set the correct global variable from setAVFoundationNSURLSessionEnabled().
2257
2258         * page/Settings.cpp:
2259         (WebCore::Settings::setAVFoundationNSURLSessionEnabled):
2260
2261 2016-02-07  Gavin Barraclough  <barraclough@apple.com>
2262
2263         GetValueFunc/PutValueFunc should not take both slotBase and thisValue
2264         https://bugs.webkit.org/show_bug.cgi?id=154009
2265
2266         Reviewed by Geoff Garen.
2267
2268         In JavaScript there are two types of properties - regular value properties, and accessor properties.
2269         One difference between these is how they are reflected by getOwnPropertyDescriptor, and another is
2270         what object they operate on in the case of a prototype access. If you access a value property of a
2271         prototype object it return a value pertinent to the prototype, but in the case of a prototype object
2272         returning an accessor, then the accessor function is applied to the base object of the access.
2273
2274         JSC supports special 'custom' properties implemented as a c++ callback, and these custom properties
2275         can be used to implement either value- or accessor-like behavior. getOwnPropertyDescriptor behavior
2276         is selected via the CustomAccessor attribute. Value- or accessor-like object selection is current
2277         supported by passing both the slotBase and the thisValue to the callback,and hoping it uses the
2278         right one. This is probably inefficient, bug-prone, and leads to crazy like JSBoundSlotBaseFunction.
2279
2280         Instead, just pass one thisValue to the callback functions, consistent with CustomAccessor.
2281
2282         * bindings/js/JSDOMBinding.cpp:
2283         (WebCore::printErrorMessageForFrame):
2284         (WebCore::objectToStringFunctionGetter):
2285         * bindings/js/JSDOMBinding.h:
2286         (WebCore::propertyNameToString):
2287         (WebCore::getStaticValueSlotEntryWithoutCaching<JSDOMObject>):
2288         (WebCore::nonCachingStaticFunctionGetter):
2289         * bindings/js/JSDOMWindowCustom.cpp:
2290         (WebCore::JSDOMWindow::visitAdditionalChildren):
2291         (WebCore::childFrameGetter):
2292         (WebCore::namedItemGetter):
2293         (WebCore::jsDOMWindowWebKit):
2294         (WebCore::jsDOMWindowIndexedDB):
2295             - add missing null check, in case indexDB acessor is applied to non-window object.
2296         * bindings/js/JSPluginElementFunctions.cpp:
2297         (WebCore::pluginScriptObject):
2298         (WebCore::pluginElementPropertyGetter):
2299         * bindings/js/JSPluginElementFunctions.h:
2300         * bindings/scripts/CodeGeneratorJS.pm:
2301         (GenerateHeader):
2302         (GenerateImplementation):
2303         * bridge/runtime_array.cpp:
2304         (JSC::RuntimeArray::destroy):
2305         (JSC::RuntimeArray::lengthGetter):
2306         * bridge/runtime_array.h:
2307         * bridge/runtime_method.cpp:
2308         (JSC::RuntimeMethod::finishCreation):
2309         (JSC::RuntimeMethod::lengthGetter):
2310         * bridge/runtime_method.h:
2311         * bridge/runtime_object.cpp:
2312         (JSC::Bindings::RuntimeObject::invalidate):
2313         (JSC::Bindings::RuntimeObject::fallbackObjectGetter):
2314         (JSC::Bindings::RuntimeObject::fieldGetter):
2315         (JSC::Bindings::RuntimeObject::methodGetter):
2316         * bridge/runtime_object.h:
2317             - Merged slotBase & thisValue to custom property callbacks.
2318
2319 2016-02-09  Jer Noble  <jer.noble@apple.com>
2320
2321         Build-fix; add Nullibility macros around previously un-macro'd class definitions.
2322
2323         * platform/spi/mac/AVFoundationSPI.h:
2324
2325 2016-02-04  Jer Noble  <jer.noble@apple.com>
2326
2327         [Mac] Adopt NSURLSession properties in AVAssetResourceLoader
2328         https://bugs.webkit.org/show_bug.cgi?id=153873
2329
2330         Reviewed by Eric Carlson.
2331
2332         Adopt a new AVAssetResourceLoader API allowing clients to specify a NSURLSession object to
2333         use for media loading, and control the use of this property with a new Setting.
2334
2335         * page/Settings.cpp:
2336         (WebCore::Settings::setAVFoundationNSURLSessionEnabled):
2337         * page/Settings.h:
2338         (WebCore::Settings::isAVFoundationNSURLSessionEnabled):
2339         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
2340         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
2341         * platform/spi/mac/AVFoundationSPI.h:
2342
2343 2016-02-09  Myles C. Maxfield  <mmaxfield@apple.com>
2344
2345         Decouple font creation from font loading
2346         https://bugs.webkit.org/show_bug.cgi?id=153414
2347
2348         Reviewed by Darin Adler.
2349
2350         Previously, CSSFontFaceSource never triggered a font download until that font was actually used. This means
2351         that the function which triggers the download also has the goal of returning a font to use. However,
2352         the CSS Font Loading JavaScript API requires being able to trigger a font download without this extra font
2353         creation overhead.
2354
2355         In addition, this patch adds an explicit (and enforced) state transition diagram. The diagram looks like
2356         this:
2357                             => Success
2358                           //
2359         Pending => Loading
2360                           \\
2361                             => Failure
2362
2363         Therefore, the API for CSSFontFaceSource has changed to expose the concept of these new states. This means
2364         that its user (CSSSegmentedFontFaceSource) has been updated to handle each possible state that its constituent
2365         CSSFontFaceSources may be in.
2366
2367         No new tests because there is no behavior change.
2368
2369         * css/CSSFontFace.cpp:
2370         (WebCore::CSSFontFace::allSourcesFailed): Renamed to make the name clearer.
2371         (WebCore::CSSFontFace::addedToSegmentedFontFace): Use references instead of pointers.
2372         (WebCore::CSSFontFace::removedFromSegmentedFontFace): Ditto.
2373         (WebCore::CSSFontFace::adoptSource): Renamed to make the name clearer.
2374         (WebCore::CSSFontFace::fontLoaded): Use references instead of pointers. Also, remove old dead code.
2375         (WebCore::CSSFontFace::font): Adapt to the new API of CSSFontFaceSource.
2376         (WebCore::CSSFontFace::isValid): Deleted.
2377         (WebCore::CSSFontFace::addSource): Deleted.
2378         (WebCore::CSSFontFace::notifyFontLoader): Deleted. Old dead code.
2379         (WebCore::CSSFontFace::notifyLoadingDone): Deleted. Old dead code.
2380         * css/CSSFontFace.h:
2381         (WebCore::CSSFontFace::create): Remove old dead code.
2382         (WebCore::CSSFontFace::CSSFontFace): Use references instead of pointers.
2383         (WebCore::CSSFontFace::loadState): Deleted. Remove old dead code.
2384         * css/CSSFontFaceSource.cpp:
2385         (WebCore::CSSFontFaceSource::setStatus): Enforce state transitions.
2386         (WebCore::CSSFontFaceSource::CSSFontFaceSource): Explicitly handle new state transitions.
2387         (WebCore::CSSFontFaceSource::fontLoaded): Update for new states.
2388         (WebCore::CSSFontFaceSource::load): Pulled out code from font().
2389         (WebCore::CSSFontFaceSource::font): Moved code into load().
2390         (WebCore::CSSFontFaceSource::isValid): Deleted.
2391         (WebCore::CSSFontFaceSource::isDecodeError): Deleted.
2392         (WebCore::CSSFontFaceSource::ensureFontData): Deleted.
2393         * css/CSSFontFaceSource.h: Much cleaner API.
2394         * css/CSSFontSelector.cpp:
2395         (WebCore::createFontFace): Migrate to references instead of pointers. This requires a little
2396         reorganization.
2397         (WebCore::registerLocalFontFacesForFamily): Update to new CSSFontFaceSource API.
2398         (WebCore::CSSFontSelector::addFontFaceRule): Ditto.
2399         (WebCore::CSSFontSelector::getFontFace): Ditto.
2400         * css/CSSSegmentedFontFace.cpp:
2401         (WebCore::CSSSegmentedFontFace::CSSSegmentedFontFace): Migrate to references instead of pointers.
2402         (WebCore::CSSSegmentedFontFace::~CSSSegmentedFontFace): Ditto.
2403         (WebCore::CSSSegmentedFontFace::fontLoaded): Remove old dead code.
2404         (WebCore::CSSSegmentedFontFace::appendFontFace): Cleanup.
2405         (WebCore::CSSSegmentedFontFace::fontRanges): Adopt to new API.
2406         (WebCore::CSSSegmentedFontFace::pruneTable): Deleted.
2407         (WebCore::CSSSegmentedFontFace::isLoading): Deleted. Old dead code.
2408         (WebCore::CSSSegmentedFontFace::checkFont): Deleted. Ditto.
2409         (WebCore::CSSSegmentedFontFace::loadFont): Deleted. Ditto.
2410         * css/CSSSegmentedFontFace.h:
2411         (WebCore::CSSSegmentedFontFace::create): Migrate to references instead of pointers.
2412         (WebCore::CSSSegmentedFontFace::fontSelector): Ditto.
2413         (WebCore::CSSSegmentedFontFace::LoadFontCallback::~LoadFontCallback): Deleted.
2414         * loader/cache/CachedFont.cpp:
2415         (WebCore::CachedFont::didAddClient): Migrate to references instead of pointers.
2416         (WebCore::CachedFont::checkNotify): Ditto.
2417         * loader/cache/CachedFontClient.h:
2418         (WebCore::CachedFontClient::fontLoaded): Ditto.
2419
2420 2016-02-09  Brady Eidson  <beidson@apple.com>
2421
2422         Modern IDB: IDBOpenDBRequests leak.
2423         https://bugs.webkit.org/show_bug.cgi?id=154032
2424
2425         Reviewed by Alex Christensen.
2426
2427         No new tests (Currently untestable).
2428
2429         * CMakeLists.txt:
2430         * WebCore.xcodeproj/project.pbxproj:
2431
2432         Add a simple Event subclass that holds a ref to an IDBRequest, to make sure that we
2433         drop the last ref to the request after its last event fires or is otherwise destroyed:
2434         * Modules/indexeddb/IDBRequestCompletionEvent.cpp: Added.
2435         (WebCore::IDBRequestCompletionEvent::IDBRequestCompletionEvent):
2436         * Modules/indexeddb/IDBRequestCompletionEvent.h: Added.
2437         (WebCore::IDBRequestCompletionEvent::create):
2438
2439         * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
2440         (WebCore::IDBClient::IDBOpenDBRequest::onError): IDBRequestCompletionEvent instead of Event.
2441         (WebCore::IDBClient::IDBOpenDBRequest::fireSuccessAfterVersionChangeCommit): Ditto.
2442         (WebCore::IDBClient::IDBOpenDBRequest::fireErrorAfterVersionChangeCompletion): Ditto.
2443         (WebCore::IDBClient::IDBOpenDBRequest::onSuccess): Ditto.
2444
2445         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
2446         (WebCore::IDBClient::IDBTransaction::dispatchEvent): After setting up the request's 
2447           completion event to fire, clear the back-ref to the request.
2448
2449 2016-02-09  Commit Queue  <commit-queue@webkit.org>
2450
2451         Unreviewed, rolling out r196286.
2452         https://bugs.webkit.org/show_bug.cgi?id=154026
2453
2454         Looks like 5% iOS PLT regression (Requested by kling on
2455         #webkit).
2456
2457         Reverted changeset:
2458
2459         "[iOS] Throw away some unlinked code when navigating to a new
2460         page."
2461         https://bugs.webkit.org/show_bug.cgi?id=154014
2462         http://trac.webkit.org/changeset/196286
2463
2464 2016-02-08  Chris Dumez  <cdumez@apple.com>
2465
2466         Attribute getters should not require an explicit 'this' value for Window properties
2467         https://bugs.webkit.org/show_bug.cgi?id=153968
2468
2469         Reviewed by Darin Adler.
2470
2471         Attribute getters should not require an explicit 'this' value for
2472         Window properties. This is because the Window interface is marked
2473         as [ImplicitThis]:
2474         - http://heycam.github.io/webidl/#ImplicitThis
2475         - https://www.w3.org/Bugs/Public/show_bug.cgi?id=29421
2476
2477         This matches the behavior of Firefox and the expectations of the W3C
2478         web-platform-tests.
2479
2480         No new tests, already covered by existing tests.
2481
2482         * bindings/scripts/CodeGeneratorJS.pm:
2483         In attribute getters of an interface marked as [ImplicitThis],
2484         if 'thisValue' is undefined or null, fall back to using the
2485         global object as 'thisValue'.
2486
2487         * bindings/scripts/IDLAttributes.txt:
2488         Add support for [ImplicitThis]:
2489         http://heycam.github.io/webidl/#ImplicitThis
2490
2491         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
2492         * bindings/scripts/test/JS/JSTestException.cpp:
2493         * bindings/scripts/test/JS/JSTestInterface.cpp:
2494         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
2495         * bindings/scripts/test/JS/JSTestNode.cpp:
2496         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
2497         * bindings/scripts/test/JS/JSTestObj.cpp:
2498         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
2499         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
2500         * bindings/scripts/test/JS/JSattribute.cpp:
2501         Rebaseline bindings tests.
2502
2503         * page/DOMWindow.idl:
2504         Mark Window as [ImplicitThis]:
2505         http://heycam.github.io/webidl/#ImplicitThis
2506
2507 2016-02-08  Nan Wang  <n_wang@apple.com>
2508
2509         AX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&)
2510         https://bugs.webkit.org/show_bug.cgi?id=154018
2511
2512         Reviewed by Chris Fleizach.
2513
2514         Sometimes rangeForUnorderedCharacterOffsets call is accessing derefed node objects
2515         and leading to a crash. Fixed it by checking isNodeInUse before creating the CharacterOffset
2516         object.
2517
2518         Test: accessibility/text-marker/text-marker-range-stale-node-crash.html
2519
2520         * accessibility/AXObjectCache.cpp:
2521         (WebCore::AXObjectCache::visiblePositionForTextMarkerData):
2522         (WebCore::AXObjectCache::characterOffsetForTextMarkerData):
2523         (WebCore::AXObjectCache::traverseToOffsetInRange):
2524         * accessibility/AXObjectCache.h:
2525         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
2526         (-[WebAccessibilityObjectWrapper rangeForTextMarkerRange:]):
2527         (characterOffsetForTextMarker):
2528         (-[WebAccessibilityObjectWrapper characterOffsetForTextMarker:]):
2529         (textMarkerForVisiblePosition):
2530
2531 2016-02-08  Andreas Kling  <akling@apple.com>
2532
2533         [iOS] Throw away some unlinked code when navigating to a new page.
2534         <https://webkit.org/b/154014>
2535
2536         Reviewed by Gavin Barraclough.
2537
2538         Extended the mechanism introduced earlier to also throw away unlinked code
2539         that's only relevant to the page that we're navigating away from.
2540
2541         The new JSC::VM API is deleteAllCodeExceptCaches() and it does what it sounds
2542         like, deleting unlinked and linked code but leaving code caches alone.
2543
2544         This means that if the page we're navigating to wants to parse some of the
2545         same JS that the page we're leaving had on it, it might still be found in the
2546         JSC::CodeCache.
2547
2548         Doing a back navigation to a PageCache'd page may now incur some reparsing,
2549         just like leaving the app or tab would.
2550
2551         * bindings/js/GCController.cpp:
2552         (WebCore::GCController::deleteAllCodeExceptCaches):
2553         (WebCore::GCController::deleteAllLinkedCode): Deleted.
2554         * bindings/js/GCController.h:
2555         * loader/FrameLoader.cpp:
2556         (WebCore::FrameLoader::commitProvisionalLoad):
2557
2558 2016-02-08  Daniel Bates  <dabates@apple.com>
2559
2560         CSP connect-src directive should block redirects
2561         https://bugs.webkit.org/show_bug.cgi?id=69359
2562         <rdar://problem/24383025>
2563
2564         Reviewed by Brent Fulgham.
2565
2566         Inspired by Blink patch:
2567         <https://src.chromium.org/viewvc/blink?revision=150246&view=revision>
2568
2569         Apply the connect-src directive of the Content Security Policy for the document or worker to the redirect URL
2570         of an XMLHttpRequest and EventSource load so as to conform to section Paths and Redirects of the CSP 2.0 spec.,
2571         <https://w3c.github.io/webappsec-csp/2/#source-list-paths-and-redirects> (29 August 2015).
2572
2573         Additionally, check that each requested script URL passed to WorkerGlobalScope.importScripts() is allowed by
2574         the CSP of the worker before initiating a load for it. If some URL i is blocked by the CSP policy
2575         then we do not try to load URLs j >= i.
2576
2577         Tests: http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html
2578                http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html
2579                http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html
2580                http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html
2581                http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html
2582                http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html
2583                http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html
2584                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html
2585                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html
2586                http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html
2587                http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html
2588
2589         * fileapi/FileReaderLoader.cpp:
2590         (WebCore::FileReaderLoader::start): Do not enforce a CSP directive as CSP is not applicable to File API.
2591         * inspector/InspectorNetworkAgent.cpp:
2592         (WebCore::InspectorNetworkAgent::loadResource): Do not enforce a CSP directive as CSP should not interfere
2593         with the Web Inspector.
2594         * loader/DocumentThreadableLoader.cpp:
2595         (WebCore::DocumentThreadableLoader::loadResourceSynchronously): Modified to take an optional ContentSecurityPolicy
2596         and pass it through to DocumentThreadableLoader::create().
2597         (WebCore::DocumentThreadableLoader::create): Modified to take an optional ContentSecurityPolicy and pass it through
2598         to DocumentThreadableLoader::DocumentThreadableLoader().
2599         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Modified to take an optional ContentSecurityPolicy.
2600         Asserts that the CSP allows the load of the request URL so as to catch when a caller creates a loader for a request
2601         that is not allowed by the CSP. The caller should not create a loader for such a request.
2602         (WebCore::DocumentThreadableLoader::redirectReceived): Check if the CSP allows the redirect URL. If it does not
2603         then notify the client that the redirect check failed.
2604         (WebCore::DocumentThreadableLoader::loadRequest): Ditto.
2605         (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Checks that the specified URL is allowed
2606         by the enforced CSP directive.
2607         (WebCore::DocumentThreadableLoader::contentSecurityPolicy): Returns the ContentSecurityPolicy object passed to
2608         DocumentThreadableLoader on instantiation or the ContentSecurityPolicy object of the associated document.
2609         * loader/DocumentThreadableLoader.h: Add overloaded variants of DocumentThreadableLoader::{create, loadResourceSynchronously}()
2610         that take a std::unique_ptr<ContentSecurityPolicy>&&. Remove some unnecessary headers.
2611         * loader/ThreadableLoader.cpp:
2612         (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Take the CSP directive to enforce and store it.
2613         (WebCore::ThreadableLoaderOptions::isolatedCopy): Copy the CSP directive to enforce.
2614         * loader/ThreadableLoader.h: Added member field to store the CSP directive to enforce (defaults to enforce the
2615         directive connect-src - the most appropriate directive in most circumstances). As of the time of writing,
2616         only WorkerGlobalScope.importScripts() enforces a different directive: script-src.
2617         * loader/WorkerThreadableLoader.cpp:
2618         (WebCore::WorkerThreadableLoader::WorkerThreadableLoader): Pass the SecurityOrigin and ContentSecurityPolicy associated
2619         with the WorkerGlobalScope to WorkerThreadableLoader::MainThreadBridge::MainThreadBridge().
2620         (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass a copy of the worker's ContentSecurityPolicy
2621         to the DocumentThreadableLoader.
2622         * loader/WorkerThreadableLoader.h:
2623         * page/EventSource.cpp:
2624         (WebCore::EventSource::connect): Enforce the CSP directive connect-src on redirects unless we are running in an isolated world.
2625         * workers/AbstractWorker.cpp:
2626         (WebCore::AbstractWorker::resolveURL): Modified to take a boolean whether to bypass the main world Content Security Policy
2627         instead of querying for it directly.
2628         * workers/AbstractWorker.h:
2629         * workers/Worker.cpp:
2630         (WebCore::Worker::create): Added FIXME to enforce child-src directive of the document's CSP to the worker's script URL
2631         on redirect once we fix <https://bugs.webkit.org/show_bug.cgi?id=153562>. For now, do not enforce a CSP policy on redirect
2632         of the worker's script URL.
2633         * workers/WorkerGlobalScope.cpp:
2634         (WebCore::WorkerGlobalScope::importScripts): Check that the requested URL is allowed by the CSP of the worker (if applicable).
2635         Enforce the CSP directive script-src on redirects unless we are running in an isolated world.
2636         * workers/WorkerScriptLoader.cpp:
2637         (WebCore::WorkerScriptLoader::loadSynchronously): Pass SecurityOrigin and ContentSecurityPolicyEnforcement to WorkerThreadableLoader.
2638         (WebCore::WorkerScriptLoader::loadAsynchronously): Ditto.
2639         * workers/WorkerScriptLoader.h:
2640         * xml/XMLHttpRequest.cpp:
2641         (WebCore::XMLHttpRequest::createRequest): Enforce the CSP directive connect-src on redirects unless we are running in
2642         an isolated world.
2643
2644 2016-02-08  Antti Koivisto  <antti@apple.com>
2645
2646         Try to fix Yosemite build.
2647
2648         * dom/ComposedTreeIterator.h:
2649         (WebCore::ComposedTreeIterator::ComposedTreeIterator):
2650         (WebCore::ComposedTreeIterator::traverseNext):
2651
2652 2016-02-08  Antti Koivisto  <antti@apple.com>
2653
2654         Implement ComposedTreeIterator in terms of ElementAndTextDescendantIterator
2655         https://bugs.webkit.org/show_bug.cgi?id=154003
2656
2657         Reviewed by Darin Adler.
2658
2659         Currently ComposedTreeIterator implements tree traversal using NodeTraversal. This makes it overly complicated.
2660         It can also return nodes other than Element and Text which should not be part of the composed tree.
2661
2662         This patch adds a new iterator type, ElementAndTextDescendantIterator, similar to the existing ElementDescendantIterator.
2663         ComposedTreeIterator is then implemented using this new iterator.
2664
2665         When entering a shadow tree or a slot the local iterator is pushed along with the context stack and a new local
2666         iterator is initialized for the new context. When leaving a shadow tree the context stack is popped and the previous
2667         local iterator becomes active.
2668
2669         * WebCore.xcodeproj/project.pbxproj:
2670         * dom/ComposedTreeIterator.cpp:
2671         (WebCore::ComposedTreeIterator::ComposedTreeIterator):
2672         (WebCore::ComposedTreeIterator::initializeContextStack):
2673         (WebCore::ComposedTreeIterator::pushContext):
2674         (WebCore::ComposedTreeIterator::traverseNextInShadowTree):
2675         (WebCore::ComposedTreeIterator::traverseNextLeavingContext):
2676         (WebCore::ComposedTreeIterator::advanceInSlot):
2677         (WebCore::ComposedTreeIterator::traverseSiblingInSlot):
2678         (WebCore::ComposedTreeIterator::initializeShadowStack): Deleted.
2679         (WebCore::ComposedTreeIterator::traverseParentInShadowTree): Deleted.
2680         (WebCore::ComposedTreeIterator::traverseNextSiblingSlot): Deleted.
2681         (WebCore::ComposedTreeIterator::traversePreviousSiblingSlot): Deleted.
2682         * dom/ComposedTreeIterator.h:
2683         (WebCore::ComposedTreeIterator::operator*):
2684         (WebCore::ComposedTreeIterator::operator->):
2685         (WebCore::ComposedTreeIterator::operator==):
2686         (WebCore::ComposedTreeIterator::operator!=):
2687         (WebCore::ComposedTreeIterator::operator++):
2688         (WebCore::ComposedTreeIterator::Context::Context):
2689         (WebCore::ComposedTreeIterator::context):
2690         (WebCore::ComposedTreeIterator::current):
2691         (WebCore::ComposedTreeIterator::ComposedTreeIterator):
2692         (WebCore::ComposedTreeIterator::traverseNext):
2693         (WebCore::ComposedTreeIterator::traverseNextSkippingChildren):
2694         (WebCore::ComposedTreeIterator::traverseNextSibling):
2695         (WebCore::ComposedTreeIterator::traversePreviousSibling):
2696         (WebCore::ComposedTreeDescendantAdapter::ComposedTreeDescendantAdapter):
2697         (WebCore::ComposedTreeDescendantAdapter::begin):
2698         (WebCore::ComposedTreeDescendantAdapter::end):
2699         (WebCore::ComposedTreeDescendantAdapter::at):
2700         (WebCore::ComposedTreeChildAdapter::Iterator::Iterator):
2701         (WebCore::ComposedTreeChildAdapter::ComposedTreeChildAdapter):
2702         (WebCore::ComposedTreeChildAdapter::begin):
2703         (WebCore::ComposedTreeChildAdapter::end):
2704         (WebCore::ComposedTreeChildAdapter::at):
2705         (WebCore::ComposedTreeIterator::ShadowContext::ShadowContext): Deleted.
2706         (WebCore::ComposedTreeIterator::traverseParent): Deleted.
2707         * dom/ElementAndTextDescendantIterator.h: Added.
2708
2709             New iterator type that traverses Element and Text nodes (that is renderable nodes only).
2710             It also tracks depth for future use.
2711
2712 2016-02-08  Joseph Pecoraro  <pecoraro@apple.com>
2713
2714         Web Inspector: copy({x:1}) should copy "{x:1}", not "[object Object]"
2715         https://bugs.webkit.org/show_bug.cgi?id=148605
2716
2717         Reviewed by Brian Burg.
2718
2719         Test: inspector/console/command-line-api-copy.html
2720
2721         * inspector/CommandLineAPIModuleSource.js:
2722         (CommandLineAPIImpl.prototype.copy):
2723         Support copying different types. This is meant to be more
2724         convenient then just JSON.stringify, so it handles types
2725         like Node, Symbol, RegExp, and Function a bit better.
2726
2727 2016-02-08  Said Abou-Hallawa  <sabouhallawa@apple.com>
2728
2729         REGRESSION(r181345): SVG polyline and polygon leak page
2730         https://bugs.webkit.org/show_bug.cgi?id=152759
2731
2732         Reviewed by Darin Adler.
2733
2734         The leak happens because of cyclic reference between SVGListPropertyTearOff 
2735         and SVGAnimatedListPropertyTearOff which is derived from SVGAnimatedProperty.
2736         There is also cyclic reference between SVGAnimatedProperty and SVGElement
2737         and this causes the whole document to be leaked. So if the JS requests, for
2738         example, an instance of SVGPolylineElement.points, the whole document will be
2739         leaked.
2740
2741         The fix depends on having the cyclic reference as is since the owning and the
2742         owned classes have to live together if any of them is referenced. But the owning
2743         class caches a raw 'ref-counted' pointer of the owned class. If it is requested
2744         for an instance of the owned class it returned a RefPtr<> of it. Once the owned
2745         class is not used, it can delete itself. The only thing needed here is to notify
2746         the owner class of the deletion so it cleans its caches and be able to create a
2747         new pointer if it is requested for an instance of the owned class later.
2748
2749         Revert the change of r181345 in SVGAnimatedProperty::lookupOrCreateWrapper()
2750         to break the cyclic reference between SVGElement and SVGAnimatedProperty.
2751         
2752         Also apply the same approach in SVGAnimatedListPropertyTearOff::baseVal() and
2753         animVal() to break cyclic reference between SVGListPropertyTearOff and
2754         SVGAnimatedListPropertyTearOff.
2755
2756         Test: svg/animations/smil-leak-list-property-instances.svg
2757
2758         * bindings/scripts/CodeGeneratorJS.pm:
2759         (NativeToJSValue): The SVG non-string list tear-off properties became of
2760         type RefPtr<>. So we need to use get() with the casting expressions.
2761         
2762         * svg/SVGMarkerElement.cpp:
2763         (WebCore::SVGMarkerElement::orientType):
2764         Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().
2765
2766         * svg/SVGPathElement.cpp:
2767         (WebCore::SVGPathElement::pathByteStream):
2768         (WebCore::SVGPathElement::lookupOrCreateDWrapper):
2769         Since SVGAnimatedProperty::lookupWrappe() returns a RefPtr<> we need to 
2770         use get() for the casting expressions.
2771         
2772         (WebCore::SVGPathElement::pathSegList):
2773         (WebCore::SVGPathElement::normalizedPathSegList):
2774         (WebCore::SVGPathElement::animatedPathSegList):
2775         (WebCore::SVGPathElement::animatedNormalizedPathSegList):
2776         * svg/SVGPathElement.h:
2777         Change the return value from raw pointer to RefPtr<>.
2778
2779         * svg/SVGPathSegWithContext.h:
2780         (WebCore::SVGPathSegWithContext::animatedProperty):
2781         Change the return type to be RefPtr<> to preserve the value from being deleted.
2782         
2783         * svg/SVGPolyElement.cpp:
2784         (WebCore::SVGPolyElement::parseAttribute):
2785         Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to 
2786         use get() for the casting expressions.
2787         
2788         (WebCore::SVGPolyElement::points):
2789         (WebCore::SVGPolyElement::animatedPoints):
2790         * svg/SVGPolyElement.h:
2791         Change the return value from raw pointer to RefPtr<>.
2792         
2793         * svg/SVGViewSpec.cpp:
2794         (WebCore::SVGViewSpec::setTransformString):
2795         Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to 
2796         use get() for the casting expressions.
2797
2798         (WebCore::SVGViewSpec::transform):
2799         * svg/SVGViewSpec.h:
2800         Change the return value from raw pointer to RefPtr<>.
2801         
2802         * svg/properties/SVGAnimatedListPropertyTearOff.h:
2803         (WebCore::SVGAnimatedListPropertyTearOff::baseVal):
2804         (WebCore::SVGAnimatedListPropertyTearOff::animVal):
2805         Change the return value from raw pointer to RefPtr<> and change the cached
2806         value from RefPtr<> to raw pointer. If the property is null, it will be
2807         created, its raw pointer will be cached and the only ref-counted RefPtr<>
2808         will be returned. This will guarantee, the RefPtr<> will be deleted once
2809         it is not used anymore. 
2810         
2811         (WebCore::SVGAnimatedListPropertyTearOff::propertyWillBeDeleted):
2812         Clean the raw pointer caches m_baseVal and m_animVal upon deleting the
2813         actual pointer. This function will be called from the destructor of
2814         SVGListPropertyTearOff.
2815         
2816         (WebCore::SVGAnimatedListPropertyTearOff::findItem):
2817         (WebCore::SVGAnimatedListPropertyTearOff::removeItemFromList):
2818         We have to ensure the baseVal() is created before using it.
2819         
2820         (WebCore::SVGAnimatedListPropertyTearOff::detachListWrappers):
2821         (WebCore::SVGAnimatedListPropertyTearOff::currentAnimatedValue):
2822         (WebCore::SVGAnimatedListPropertyTearOff::animationStarted):
2823         (WebCore::SVGAnimatedListPropertyTearOff::animationEnded):
2824         (WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
2825         (WebCore::SVGAnimatedListPropertyTearOff::animValWillChange):
2826         (WebCore::SVGAnimatedListPropertyTearOff::animValDidChange):
2827         For animation, a separate RefPtr<> 'm_animatingAnimVal' will be assigned
2828         to the animVal(). This will prevent deleting m_animVal while animation.
2829         
2830         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
2831         (WebCore::SVGAnimatedPathSegListPropertyTearOff::baseVal):
2832         (WebCore::SVGAnimatedPathSegListPropertyTearOff::animVal):
2833         Same as what is done in SVGAnimatedListPropertyTearOff.
2834         
2835         (WebCore::SVGAnimatedPathSegListPropertyTearOff::findItem):
2836         (WebCore::SVGAnimatedPathSegListPropertyTearOff::removeItemFromList):
2837         Same as what is done in SVGAnimatedListPropertyTearOff.
2838         
2839         * svg/properties/SVGAnimatedProperty.h:
2840         (WebCore::SVGAnimatedProperty::lookupOrCreateWrapper):
2841         Change the return value from raw reference to Ref<> and change the
2842         cached value from Ref<> to raw pointer. This reverts the change of
2843         r181345 in this function.
2844         
2845         (WebCore::SVGAnimatedProperty::lookupWrapper):
2846         Change the return value from raw pointer to RefPtr<>.
2847         
2848         * svg/properties/SVGAnimatedPropertyMacros.h:
2849         Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().
2850         
2851         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
2852         (WebCore::SVGAnimatedTransformListPropertyTearOff::baseVal):
2853         (WebCore::SVGAnimatedTransformListPropertyTearOff::animVal):
2854         Same as what is done in SVGAnimatedListPropertyTearOff.
2855
2856         * svg/properties/SVGListPropertyTearOff.h:
2857         (WebCore::SVGListPropertyTearOff::~SVGListPropertyTearOff):
2858         Call the SVGAnimatedListPropertyTearOff::propertyWillBeDeleted() to clean
2859         its raw pointers when the RefPtr<> deletes itself.
2860
2861 2016-02-08  Carlos Garcia Campos  <cgarcia@igalia.com>
2862
2863         [GTK] WebKitWebView should send crossing events to the WebProcess
2864         https://bugs.webkit.org/show_bug.cgi?id=153740
2865
2866         Reviewed by Michael Catanzaro.
2867
2868         Update the target element under the mouse also when only updating
2869         scrollbars, so that if the mouse enters the page when the window
2870         is not active, the scroll animator is notified that the mouse
2871         entered the scrollable area.
2872
2873         * page/EventHandler.cpp:
2874         (WebCore::EventHandler::handleMouseMoveEvent): Call
2875         updateMouseEventTargetNode() before early returning in case of
2876         only updating scrollbars.
2877
2878 2016-02-08  Jeremy Jones  <jeremyj@apple.com>
2879
2880         PiP and external playback are mutually exclusive.
2881         https://bugs.webkit.org/show_bug.cgi?id=153988
2882         rdar://problem/24108661
2883
2884         Reviewed by Eric Carlson.
2885
2886         Adding isPlayingOnSecondScreen to isPlayingOnExternalScreen allows AVKit to disable PiP
2887         when appropriate. Testing video fullscreen mode in updateDisableExternalPlayback allows us to 
2888         turn-off external playback when entering picture-in-picture.
2889
2890         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
2891         (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenMode):
2892         (WebCore::MediaPlayerPrivateAVFoundationObjC::updateDisableExternalPlayback):
2893         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
2894         (-[WebAVPlayerController isPlayingOnExternalScreen]):
2895         (+[WebAVPlayerController keyPathsForValuesAffectingPlayingOnExternalScreen]):
2896
2897 2016-02-08  Commit Queue  <commit-queue@webkit.org>
2898
2899         Unreviewed, rolling out r196253.
2900         https://bugs.webkit.org/show_bug.cgi?id=153990
2901
2902         Caused several crashes in GTK+ bots (Requested by KaL on
2903         #webkit).
2904
2905         Reverted changeset:
2906
2907         "[GTK] WebKitWebView should send crossing events to the
2908         WebProcess"
2909         https://bugs.webkit.org/show_bug.cgi?id=153740
2910         http://trac.webkit.org/changeset/196253
2911
2912 2016-02-08  Jeremy Jones  <jeremyj@apple.com>
2913
2914         WebAVPlayerController should implement currentTimeWithinEndTimes.
2915         https://bugs.webkit.org/show_bug.cgi?id=153983
2916         rdar://problem/22864621
2917
2918         Reviewed by Eric Carlson.
2919
2920         Implement currentTimeWithinEndTimes in terms of seekToTime and AVTiming. This is a trivial
2921         implementation becuase AVPlayer start and end times aren't used.
2922
2923         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
2924         (-[WebAVPlayerController currentTimeWithinEndTimes]):
2925         (-[WebAVPlayerController setCurrentTimeWithinEndTimes:]):
2926         (+[WebAVPlayerController keyPathsForValuesAffectingCurrentTimeWithinEndTimes]):
2927
2928 2016-02-08  Carlos Garcia Campos  <cgarcia@igalia.com>
2929
2930         [GTK] WebKitWebView should send crossing events to the WebProcess
2931         https://bugs.webkit.org/show_bug.cgi?id=153740
2932
2933         Reviewed by Michael Catanzaro.
2934
2935         Update the target element under the mouse also when only updating
2936         scrollbars, so that if the mouse enters the page when the window
2937         is not active, the scroll animator is notified that the mouse
2938         entered the scrollable area.
2939
2940         * page/EventHandler.cpp:
2941         (WebCore::EventHandler::handleMouseMoveEvent): Call
2942         updateMouseEventTargetNode() before early returning in case of
2943         only updating scrollbars.
2944
2945 2016-02-08  Jeremy Jones  <jeremyj@apple.com>
2946
2947         WebVideoFullscreenInterface should handle video resizing.
2948         https://bugs.webkit.org/show_bug.cgi?id=153982
2949         rdar://problem/22031249
2950
2951         Reviewed by Eric Carlson.
2952
2953         Video fullscreen can be initiated before video dimension are available.
2954         Protect against an initial width or height of zero and observe resize events 
2955         to update once video dimensions become available or change.
2956
2957         * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
2958         (WebVideoFullscreenModelVideoElement::updateForEventName):
2959         (WebVideoFullscreenModelVideoElement::observedEventNames):
2960         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
2961         (-[WebAVPlayerLayer layoutSublayers]):
2962         (-[WebAVPlayerLayer videoRect]):
2963         (WebVideoFullscreenInterfaceAVKit::setVideoDimensions):
2964
2965 2016-02-08  Adrien Plazas  <aplazas@igalia.com>
2966
2967         Indent inline box test fails due to assertion in VisibleSelection::selectionFromContentsOfNode()
2968         https://bugs.webkit.org/show_bug.cgi?id=153824
2969
2970         Reviewed by Michael Catanzaro.
2971
2972         * editing/markup.cpp:
2973         (WebCore::highestAncestorToWrapMarkup):
2974
2975 2016-02-07  Sam Weinig  <sam@webkit.org>
2976
2977         Remove unused enum ScrollbarOverlayState.
2978
2979         Rubber-stamped by Dan Bernstein.
2980
2981         * platform/ScrollTypes.h:
2982
2983 2016-02-07  Sam Weinig  <sam@webkit.org>
2984
2985         Remove unnecessary respondsToSelector checks for methods that exist on all supported platforms
2986         https://bugs.webkit.org/show_bug.cgi?id=153970
2987
2988         Reviewed by Dan Bernstein.
2989
2990         -[NSScrollerImp mouseEnteredScroller], -[NSScrollerImp expansionTransitionProgress],
2991         -[NSScrollerImpPair contentAreaScrolledInDirection:], and -[NSScrollerImp setExpanded:]
2992         are now available on all supported OS's. No need to check for them.
2993
2994         * platform/mac/ScrollAnimatorMac.mm:
2995         (macScrollbarTheme):
2996         (-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):
2997         (-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
2998         (WebCore::ScrollAnimatorMac::mouseEnteredScrollbar):
2999         (WebCore::ScrollAnimatorMac::mouseExitedScrollbar):
3000         (WebCore::ScrollAnimatorMac::sendContentAreaScrolled):
3001         (WebCore::ScrollAnimatorMac::sendContentAreaScrolledTimerFired):
3002         (supportsUIStateTransitionProgress): Deleted.
3003         (supportsExpansionTransitionProgress): Deleted.
3004         (supportsContentAreaScrolledInDirection): Deleted.
3005         * platform/mac/ScrollbarThemeMac.mm:
3006         (+[WebScrollbarPrefsObserver appearancePrefsChanged:]):
3007         (+[WebScrollbarPrefsObserver behaviorPrefsChanged:]):
3008         (WebCore::ScrollbarThemeMac::scrollbarThickness):
3009
3010 2016-02-07  Sam Weinig  <sam@webkit.org>
3011
3012         Use modern SPI header idiom for NSScrollerImp and NSScrollerImpPair
3013         https://bugs.webkit.org/show_bug.cgi?id=153969
3014
3015         Reviewed by Dan Bernstein.
3016
3017         * WebCore.xcodeproj/project.pbxproj:
3018         Add new file NSScrollerImpSPI.h
3019
3020         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
3021         Use new include of NSScrollerImpSPI.h.
3022
3023         * platform/ScrollbarThemeComposite.h:
3024         Define ScrollbarPainter more precisely as NSScrollerImp * now that the type is available to us.
3025
3026         * platform/mac/NSScrollerImpDetails.h:
3027         Remove NSObject category based SPI usage with the modern one NSScrollerImpSPI.h
3028
3029         * platform/mac/NSScrollerImpDetails.mm:
3030         (WebCore::recommendedScrollerStyle):
3031         Simplify recommendedScrollerStyle() now that all OS's we ship on have +[NSScroller preferredScrollerStyle].
3032
3033         * platform/mac/ScrollAnimatorMac.mm:
3034         (supportsUIStateTransitionProgress):
3035         (supportsExpansionTransitionProgress):
3036         (supportsContentAreaScrolledInDirection):
3037         Stop using NSClassFromString now that we can reference the classes explicitly.
3038
3039         (-[WebScrollbarPainterControllerDelegate invalidate]):
3040         (-[WebScrollbarPainterControllerDelegate contentAreaRectForScrollerImpPair:]):
3041         (-[WebScrollbarPainterControllerDelegate inLiveResizeForScrollerImpPair:]):
3042         (-[WebScrollbarPainterControllerDelegate mouseLocationInContentAreaForScrollerImpPair:]):
3043         (-[WebScrollbarPainterControllerDelegate scrollerImpPair:convertContentPoint:toScrollerImp:]):
3044         (-[WebScrollbarPainterControllerDelegate scrollerImpPair:setContentAreaNeedsDisplayInRect:]):
3045         (-[WebScrollbarPainterControllerDelegate scrollerImpPair:updateScrollerStyleForNewRecommendedScrollerStyle:]):
3046         (-[WebScrollbarPainterDelegate layer]):
3047         (-[WebScrollbarPainterDelegate mouseLocationInScrollerForScrollerImp:]):
3048         (-[WebScrollbarPainterDelegate convertRectToLayer:]):
3049         (-[WebScrollbarPainterDelegate shouldUseLayerPerPartForScrollerImp:]):
3050         (-[WebScrollbarPainterDelegate setUpAlphaAnimation:scrollerPainter:part:animateAlphaTo:duration:]):
3051         (-[WebScrollbarPainterDelegate scrollerImp:animateKnobAlphaTo:duration:]):
3052         (-[WebScrollbarPainterDelegate scrollerImp:animateTrackAlphaTo:duration:]):
3053         (-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):
3054         (-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
3055         (-[WebScrollbarPainterDelegate scrollerImp:overlayScrollerStateChangedTo:]):
3056         (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
3057         (WebCore::ScrollAnimatorMac::lockOverlayScrollbarStateToHidden):
3058         (WebCore::ScrollAnimatorMac::didAddVerticalScrollbar):
3059         (WebCore::ScrollAnimatorMac::didAddHorizontalScrollbar):
3060         (WebCore::ScrollAnimatorMac::updateScrollerStyle):
3061         Add proper conforming to protocols and replace ids with proper types.
3062
3063         * platform/mac/ScrollbarThemeMac.mm:
3064         (WebCore::supportsExpandedScrollbars):
3065         (WebCore::ScrollbarThemeMac::registerScrollbar):
3066         (WebCore::ScrollbarThemeMac::scrollbarThickness):
3067         (WebCore::ScrollbarThemeMac::setUpContentShadowLayer):
3068         Stop using NSClassFromString now that we can reference the classes explicitly.
3069
3070         * platform/spi/mac/NSScrollerImpSPI.h: Added.
3071
3072 2016-02-07  Zalan Bujtas  <zalan@apple.com>
3073
3074         Outline does not clip when ancestor has overflow: hidden and requires layer.
3075         https://bugs.webkit.org/show_bug.cgi?id=153901
3076
3077         Now that outline is part of visual overflow, we no longer need the special outline cliprect.
3078         PaintPhaseChildOutlines drawing will switch to foreground cliprect. It ensures proper overflow clipping
3079         at parent level. PaintPhaseSelfOutline drawing will start using the visual overflow inflated background cliprect.
3080         With this change, outline will be using the same cliprects as the other visual overflow properties (box-shadow etc). 
3081
3082         Reviewed by David Hyatt.
3083
3084         Test: fast/repaint/outline-with-overflow-hidden-ancestor.html
3085
3086         * rendering/LayerFragment.h:
3087         (WebCore::LayerFragment::setRects):
3088         (WebCore::LayerFragment::moveBy): Deleted.
3089         (WebCore::LayerFragment::intersect): Deleted.
3090         * rendering/RenderLayer.cpp:
3091         (WebCore::RenderLayer::collectFragments):
3092         (WebCore::RenderLayer::paintOutlineForFragments):
3093         (WebCore::RenderLayer::calculateClipRects):
3094         (WebCore::RenderLayer::paintForegroundForFragments): Deleted.
3095         * rendering/RenderLayer.h:
3096         * rendering/RenderTreeAsText.cpp:
3097         (WebCore::write):
3098         (WebCore::writeLayers):
3099
3100 2016-02-07  Daniel Bates  <dabates@apple.com>
3101
3102         CSP: Allow Web Workers initiated from an isolated world to bypass the main world Content Security Policy
3103         https://bugs.webkit.org/show_bug.cgi?id=153622
3104         <rdar://problem/24400023>
3105
3106         Reviewed by Gavin Barraclough.
3107
3108         Fixes an issue where Web Workers initiated from an isolated world (say, a Safari Content Script Extension)
3109         would be subject to the Content Security Policy of the page.
3110
3111         Currently code in an isolated world that does not execute in a Web Worker is exempt from the CSP of
3112         the page. However, code that runs inside a Web Worker that was initiated from an isolated world is
3113         subject to the CSP of the page. Instead, such Web Worker code should also be exempt from the CSP of
3114         the page.
3115
3116         Tests: http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval.html
3117                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr.html
3118                http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html
3119
3120         * Modules/websockets/WebSocket.cpp:
3121         (WebCore::WebSocket::connect): Modified to ask the script execution context whether to bypass the
3122         main world Content Security Policy now that script execution context knows this information.
3123         * bindings/js/ScriptController.cpp:
3124         (WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy): Deleted; moved logic from here...
3125         * bindings/js/ScriptController.h:
3126         * dom/Document.cpp:
3127         (WebCore::Document::shouldBypassMainWorldContentSecurityPolicy): ...to here.
3128         * dom/Document.h:
3129         * dom/ScriptExecutionContext.h:
3130         (WebCore::ScriptExecutionContext::shouldBypassMainWorldContentSecurityPolicy): Added; defaults to false -
3131         do not bypass the main world Content Security Policy.
3132         * page/EventSource.cpp:
3133         (WebCore::EventSource::create): Modified to ask the script execution context whether to bypass the
3134         main world Content Security Policy now that script execution context knows this information.
3135         * page/csp/ContentSecurityPolicy.cpp:
3136         (WebCore::ContentSecurityPolicy::shouldBypassMainWorldContentSecurityPolicy): Deleted.
3137         * page/csp/ContentSecurityPolicy.h:
3138         * workers/AbstractWorker.cpp:
3139         (WebCore::AbstractWorker::resolveURL): Bypass the main world Content Security Policy if applicable.
3140         Added FIXME comment to enforce the child-src directive of the document's CSP (as opposed to the script-src
3141         directive) on the worker's script URL. Also, scriptExecutionContext()->contentSecurityPolicy() should
3142         always be non-null just as we expect scriptExecutionContext()->securityOrigin() to be non-null. Assert
3143         this invariant to catch cases where a ScriptExecutionContext is not properly initialized.
3144         * workers/DedicatedWorkerGlobalScope.cpp:
3145         (WebCore::DedicatedWorkerGlobalScope::create): Modified to take boolean argument shouldBypassMainWorldContentSecurityPolicy
3146         as to whether to bypass the main world Content Security Policy and only apply the Content Security
3147         Policy headers when shouldBypassMainWorldContentSecurityPolicy is false.
3148         (WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
3149         as to whether to bypass the main world Content Security Policy.
3150         * workers/DedicatedWorkerGlobalScope.h:
3151         * workers/DedicatedWorkerThread.cpp:
3152         (WebCore::DedicatedWorkerThread::DedicatedWorkerThread): Ditto.
3153         (WebCore::DedicatedWorkerThread::createWorkerGlobalScope): Ditto.
3154         * workers/DedicatedWorkerThread.h:
3155         * workers/Worker.cpp:
3156         (WebCore::Worker::create): Store whether we should bypass the main world Content Security Policy so
3157         that we can pass it to WorkerMessagingProxy::startWorkerGlobalScope() in Worker::notifyFinished().
3158         We need to store this decision here as opposed to determining it at any later time (say, in Worker::notifyFinished())
3159         because it is dependent on the current JavaScript program stack at the time this function is invoked.
3160         (WebCore::Worker::notifyFinished): Pass whether to bypass the main world Content Security Policy.
3161         * workers/Worker.h:
3162         * workers/WorkerGlobalScope.cpp:
3163         (WebCore::WorkerGlobalScope::WorkerGlobalScope): Modified to take a boolean as to whether to bypass the
3164         main world Content Security Policy and store it in a member field. Also, always instantiate a Content
3165         Security Policy object as our current code assumes that one is always created.
3166         * workers/WorkerGlobalScope.h:
3167         * workers/WorkerGlobalScopeProxy.h:
3168         * workers/WorkerMessagingProxy.cpp:
3169         (WebCore::WorkerMessagingProxy::startWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
3170         as to whether to bypass the main world Content Security Policy.
3171         * workers/WorkerMessagingProxy.h:
3172         * workers/WorkerThread.cpp:
3173         (WebCore::WorkerThreadStartupData::WorkerThreadStartupData): Modified to take a boolean argument as to
3174         whether to bypass the main world Content Security Policy and store it in a member field.
3175         (WebCore::WorkerThread::WorkerThread): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
3176         as to whether to bypass the main world Content Security Policy.
3177         (WebCore::WorkerThread::workerThread): Ditto.
3178         * workers/WorkerThread.h:
3179         * xml/XMLHttpRequest.cpp:
3180         (WebCore::XMLHttpRequest::open): Modified to ask the script execution context whether to bypass the
3181         main world Content Security Policy now that script execution context knows this information.
3182
3183 2016-02-07  Dan Bernstein  <mitz@apple.com>
3184
3185         [Cocoa] Replace __has_include guards around inclusion of Apple-internal-SDK headers with USE(APPLE_INTERNAL_SDK)
3186         https://bugs.webkit.org/show_bug.cgi?id=153963
3187
3188         Reviewed by Sam Weinig.
3189
3190         * accessibility/mac/AXObjectCacheMac.mm:
3191         * crypto/CommonCryptoUtilities.cpp:
3192         * crypto/CommonCryptoUtilities.h:
3193         * editing/mac/TextUndoInsertionMarkupMac.h:
3194         * editing/mac/TextUndoInsertionMarkupMac.mm:
3195         * platform/cocoa/TelephoneNumberDetectorCocoa.cpp:
3196         * platform/graphics/cg/ImageSourceCG.cpp:
3197         * platform/graphics/mac/PDFDocumentImageMac.mm:
3198         * platform/network/ios/NetworkStateNotifierIOS.mm:
3199         * platform/network/mac/BlobDataFileReferenceMac.mm:
3200         * platform/network/mac/ResourceHandleMac.mm:
3201         * rendering/RenderThemeMac.mm:
3202
3203 2016-02-07  Carlos Garcia Campos  <cgarcia@igalia.com>
3204
3205         REGRESSION(r195661): [GTK] Scrollbar tests crashing after overlay scrollbar groundwork
3206         https://bugs.webkit.org/show_bug.cgi?id=153695
3207
3208         Reviewed by Michael Catanzaro.
3209
3210         The problem is that ScrollAnimation objects are not destroyed by
3211         the ScrollAnimator destructor, because I forgot to add a virtual
3212         destructor for ScrollAnimation in r195661.
3213
3214         * platform/ScrollAnimation.h:
3215         (WebCore::ScrollAnimation::~ScrollAnimation):
3216
3217 2016-02-06  Chris Dumez  <cdumez@apple.com>
3218
3219         Prevent cross-origin access to window.history
3220         https://bugs.webkit.org/show_bug.cgi?id=153931
3221
3222         Reviewed by Darin Adler.
3223
3224         Prevent cross-origin access to window.history to match the specification [1]
3225         and the behavior of other browsers (tested Firefox and Chrome).
3226
3227         [1] https://html.spec.whatwg.org/multipage/browsers.html#security-window
3228
3229         No new tests, already covered by existing tests that
3230         were updated in this patch.
3231
3232         * bindings/js/JSHistoryCustom.cpp:
3233         (WebCore::JSHistory::pushState):
3234         (WebCore::JSHistory::replaceState):
3235         (WebCore::JSHistory::state): Deleted.
3236         * page/DOMWindow.idl:
3237         * page/History.idl:
3238
3239 2016-02-06  Beth Dakin  <bdakin@apple.com>
3240
3241         ScrollbarPainters needs to be deallocated on the main thread
3242         https://bugs.webkit.org/show_bug.cgi?id=153932
3243         -and corresponding-
3244         rdar://problem/24015483
3245
3246         Reviewed by Dan Bernstein.
3247
3248         Darin pointed out that this was still race-y. There was still a race 
3249         condition between the destruction of the two local variables and the
3250         destruction of the lambda on the main thread. This should fix that. 
3251         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
3252         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
3253         (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
3254         (WebCore::ScrollingTreeFrameScrollingNodeMac::releaseReferencesToScrollbarPaintersOnTheMainThread):
3255         (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):
3256
3257 2016-02-06  Darin Adler  <darin@apple.com>
3258
3259         Finish auditing call sites of upper() and lower(), eliminate many, and rename the functions
3260         https://bugs.webkit.org/show_bug.cgi?id=153905
3261
3262         Reviewed by Sam Weinig.
3263
3264         * Modules/mediasource/MediaSource.cpp:
3265         (WebCore::MediaSource::isTypeSupported): Use convertToASCIILowercase on MIME type.
3266
3267         * accessibility/AccessibilityObject.cpp:
3268         (WebCore::AccessibilityObject::selectText): Use new names for lower and upper. Also
3269         tweaked style a tiny bit and used u_toupper rather than converting an entire
3270         string to uppercase.
3271
3272         * dom/Document.cpp:
3273         (WebCore::Document::addImageElementByCaseFoldedUsemap): Renamed to reflect the use
3274         of case folding rather than lowercasing.
3275         (WebCore::Document::removeImageElementByCaseFoldedUsemap): Ditto.
3276         (WebCore::Document::imageElementByCaseFoldedUsemap): Ditto.
3277         * dom/Document.h: Ditto.
3278         * dom/DocumentOrderedMap.cpp:
3279         (WebCore::DocumentOrderedMap::getElementByCaseFoldedMapName): Ditto.
3280         (WebCore::DocumentOrderedMap::getElementByCaseFoldedUsemap): Ditto.
3281         * dom/DocumentOrderedMap.h: Ditto.
3282
3283         * dom/TreeScope.cpp:
3284         (WebCore::TreeScope::getImageMap): Removed unneeded special case for null string.
3285         Simplified logic for cases where the URL does not have a "#" character in it.
3286         Use case folding instead of lowercase.
3287
3288         * editing/cocoa/HTMLConverter.mm:
3289         (HTMLConverter::_processText): Removed unneded special case for the empty string.
3290         Use makCapitalized instead of Cocoa function for "capitalize". Use upper and lower
3291         functions by their new names.
3292
3293         * html/HTMLImageElement.cpp:
3294         (WebCore::HTMLImageElement::parseAttribute): Use case folding instead of
3295         lowerasing for the usemap attribute.
3296         (WebCore::HTMLImageElement::insertedInto): Ditto.
3297         (WebCore::HTMLImageElement::removedFrom): Ditto.
3298         (WebCore::HTMLImageElement::matchesCaseFoldedUsemap): Ditto.
3299         * html/HTMLImageElement.h: Rename since usemap is case folded now, not lowercased.
3300
3301         * html/HTMLMapElement.cpp:
3302         (WebCore::HTMLMapElement::imageElement): Use case folding instead of lowercasing
3303         for usemap.
3304         (WebCore::HTMLMapElement::parseAttribute): Ditto.
3305
3306         * platform/Language.cpp:
3307         (WebCore::canonicalLanguageIdentifier): Use convertToASCIILowercase for language code.
3308         (WebCore::indexOfBestMatchingLanguageInList): Ditto.
3309
3310         * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
3311         (WebCore::HarfBuzzShaper::shapeHarfBuzzRuns): Use new name for the upper function.
3312
3313         * platform/network/HTTPParsers.cpp:
3314         (WebCore::parseContentTypeOptionsHeader): Use equalLettersIgnoringASCIICase instead
3315         of lowercasing to check for a specific header value.
3316
3317         * platform/network/MIMEHeader.cpp:
3318         (WebCore::retrieveKeyValuePairs): Use convertToASCIILowercase for MIME header name.
3319         (WebCore::MIMEHeader::parseContentTransferEncoding): Use equalLettersIgnoringASCIICase
3320         instead of lowercasing.
3321
3322         * platform/network/cf/ResourceHandleCFNet.cpp:
3323         (WebCore::allowsAnyHTTPSCertificateHosts): Make this hash ASCII case-insensitive.
3324         (WebCore::clientCertificates): Ditto.
3325         (WebCore::ResourceHandle::createCFURLConnection): Remove call to lower since the
3326         set is now ASCII case-insensitive.
3327         (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Ditto.
3328         (WebCore::ResourceHandle::setClientCertificate): Ditto.
3329
3330         * platform/network/curl/CookieJarCurl.cpp:
3331         (WebCore::getNetscapeCookieFormat): Use equalLettersIgnoringASCIICase instead of
3332         lowercasing.
3333
3334         * platform/network/curl/MultipartHandle.cpp:
3335         (WebCore::MultipartHandle::didReceiveResponse): Use convertToASCIILowercase to
3336         make a MIME type lowercase.
3337
3338         * platform/network/curl/ResourceHandleCurl.cpp:
3339         (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Removed unneeded
3340         conversion to lowercase now that the set is ASCII case-insensitive.
3341         (WebCore::ResourceHandle::setClientCertificate): Removed code that populates a map
3342         that is then never used for anything.
3343
3344         * platform/network/curl/ResourceHandleManager.cpp:
3345         (WebCore::headerCallback): Use convertToASCIILowercase for MIME type.
3346
3347         * platform/network/curl/SSLHandle.cpp: Made hash maps keyed by host names
3348         ASCII case-insensitive.
3349         (WebCore::addAllowedClientCertificate): Removed lowercasing since the map itself
3350         is now ASCII case insensitve.
3351         (WebCore::setSSLClientCertificate): Ditto. Also use auto for iterator type so we
3352         don't have to write out the map type.
3353         (WebCore::sslIgnoreHTTPSCertificate): Ditto.
3354         (WebCore::certVerifyCallback): Ditto.
3355
3356         * platform/network/soup/ResourceHandleSoup.cpp: Made hash maps keyed by host names
3357         ASCII case-insensitive.
3358         (WebCore::allowsAnyHTTPSCertificateHosts): Ditto.
3359         (WebCore::handleUnignoredTLSErrors): Ditto.
3360         (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Ditto.
3361         (WebCore::ResourceHandle::setClientCertificate): Ditto.
3362
3363         * platform/text/LocaleToScriptMappingDefault.cpp: Made hash maps keyed by script
3364         names ASCII case-insensitive. USE WTF_ARRAY_LENGTH as appropriate.
3365         (WebCore::scriptNameToCode): Use modern style to initialize the map. Removed
3366         unnecessary lowercasing of the script name before looking at the map.
3367         (WebCore::localeToScriptCodeForFontSelection): Ditto.
3368
3369         * platform/text/win/LocaleWin.cpp:
3370         (WebCore::convertLocaleNameToLCID): Made map ASCII case-insensitive and removed
3371         unneeded lowercasing.
3372
3373         * platform/win/PasteboardWin.cpp:
3374         (WebCore::clipboardTypeFromMIMEType): Use equalLettersIgnoringASCIICase instead
3375         of lowercasing.
3376
3377         * rendering/RenderText.cpp:
3378         (WebCore::applyTextTransform): Use new names for the upper and lower functions.
3379
3380         * xml/XMLHttpRequest.cpp:
3381         (WebCore::XMLHttpRequest::responseIsXML): Remove unneeded lowercasing, since
3382         DOMImplementation now has ASCII case-insensitive handling of MIME types.
3383
3384 2016-02-06  Zalan Bujtas  <zalan@apple.com>
3385
3386         Outline should contribute to visual overflow.
3387         https://bugs.webkit.org/show_bug.cgi?id=153299
3388
3389         This patch eliminates the special outline handling (RenderView::setMaximalOutlineSize).
3390         Now that outline is part of visual overflow, we don't have to inflate the layers to accomodate
3391         outline borders.
3392         This patch fixes several focusring related repaint issues. However when both the outline: auto
3393         and the descendant renderer are composited, we still don't paint properly in certain cases. -not a regression.
3394         (Also when parent renderer has overflow: hidden repaint does not take outline into account. -regression.)
3395         It changes column behavior (see TestExpectations) since outline behaves now like any other visual overflow properties.
3396
3397         Reviewed by David Hyatt.
3398
3399         Test: fast/repaint/focus-ring-repaint.html
3400               fast/repaint/focus-ring-repaint-with-negative-offset.html
3401
3402         * css/html.css: resetting to old behavior.
3403         (:focus):
3404         (input:focus, textarea:focus, isindex:focus, keygen:focus, select:focus):
3405         * rendering/InlineFlowBox.cpp:
3406         (WebCore::InlineFlowBox::addToLine):
3407         (WebCore::InlineFlowBox::addOutlineVisualOverflow):
3408         (WebCore::InlineFlowBox::computeOverflow):
3409         (WebCore::InlineFlowBox::paint): Deleted.
3410         * rendering/InlineFlowBox.h:
3411         * rendering/RenderBlock.cpp:
3412         (WebCore::RenderBlock::computeOverflow):
3413         (WebCore::RenderBlock::outlineStyleForRepaint):
3414         (WebCore::RenderBlock::paint): Deleted.
3415         * rendering/RenderBlockFlow.cpp:
3416         (WebCore::RenderBlockFlow::layoutBlock): Deleted.
3417         (WebCore::RenderBlockFlow::addFocusRingRectsForInlineChildren): Deleted.
3418         * rendering/RenderBlockLineLayout.cpp:
3419         (WebCore::RenderBlockFlow::addOverflowFromInlineChildren):
3420         * rendering/RenderBox.cpp:
3421         (WebCore::RenderBox::addVisualEffectOverflow):
3422         (WebCore::RenderBox::applyVisualEffectOverflow):
3423         (WebCore::RenderBox::clippedOverflowRectForRepaint): Deleted.
3424         * rendering/RenderBoxModelObject.h:
3425         * rendering/RenderDetailsMarker.cpp:
3426         (WebCore::RenderDetailsMarker::paint): Deleted.
3427         * rendering/RenderElement.cpp:
3428         (WebCore::RenderElement::insertChildInternal):
3429         (WebCore::RenderElement::styleDidChange):
3430         (WebCore::RenderElement::repaintAfterLayoutIfNeeded):
3431         (WebCore::RenderElement::issueRepaintForOutlineAuto):
3432         (WebCore::RenderElement::updateOutlineAutoAncestor):
3433         (WebCore::RenderElement::computeMaxOutlineSize): Deleted.
3434         (WebCore::RenderElement::styleWillChange): Deleted.
3435         * rendering/RenderElement.h:
3436         (WebCore::RenderElement::hasContinuation):
3437         * rendering/RenderInline.cpp:
3438         (WebCore::RenderInline::paintOutlineForLine): Deleted.
3439         * rendering/RenderLayer.cpp:
3440         (WebCore::RenderLayer::calculateClipRects):
3441         * rendering/RenderLineBoxList.cpp:
3442         (WebCore::RenderLineBoxList::anyLineIntersectsRect):
3443         (WebCore::RenderLineBoxList::lineIntersectsDirtyRect):
3444         (WebCore::RenderLineBoxList::paint):
3445         (WebCore::isOutlinePhase): Deleted.
3446         * rendering/RenderLineBoxList.h:
3447         * rendering/RenderListBox.cpp:
3448         (WebCore::RenderListBox::computePreferredLogicalWidths):
3449         * rendering/RenderListMarker.cpp:
3450         (WebCore::RenderListMarker::paint): Deleted.
3451         * rendering/RenderObject.cpp:
3452         (WebCore::RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded): The renderer with outline: auto is responsible for
3453         painting focusring around the descendants. If we issued repaint only on the descendant when it changes,
3454         the focusring would not refresh properly. We have to find the ancestor with outline: auto, inflate the repaint rect and
3455         issue the repaint on the ancestor if we crossed repaint container.
3456  
3457         (WebCore::RenderObject::repaintUsingContainer):
3458         (WebCore::RenderObject::adjustRectForOutlineAndShadow):
3459         (WebCore::RenderObject::setHasOutlineAutoAncestor):
3460         (WebCore::RenderObject::adjustRectWithMaximumOutline): Deleted.
3461         
3462         * rendering/RenderObject.h: We mark the descendants of outline: auto so that
3463         when a child renderer changes we can propagate the repaint to the ancestor with outline.
3464
3465         (WebCore::RenderObject::hasOutlineAutoAncestor):
3466         (WebCore::RenderObject::RenderObjectRareData::RenderObjectRareData):
3467         * rendering/RenderRegion.cpp:
3468         (WebCore::RenderRegion::overflowRectForFlowThreadPortion):
3469         * rendering/RenderReplaced.cpp:
3470         (WebCore::RenderReplaced::shouldPaint): Deleted.
3471         (WebCore::RenderReplaced::clippedOverflowRectForRepaint): Deleted.
3472         * rendering/RenderTable.cpp:
3473         (WebCore::RenderTable::paint): Deleted.
3474         * rendering/RenderTableCell.cpp:
3475         (WebCore::RenderTableCell::clippedOverflowRectForRepaint): Deleted.
3476         (WebCore::RenderTableCell::paintCollapsedBorders): Deleted.
3477         * rendering/RenderTableRow.cpp:
3478         (WebCore::RenderTableRow::layout):
3479         (WebCore::RenderTableRow::clippedOverflowRectForRepaint): Deleted.
3480         * rendering/RenderTableSection.cpp:
3481         (WebCore::RenderTableSection::layoutRows):
3482         (WebCore::RenderTableSection::computeOverflowFromCells): Deleted.
3483         (WebCore::RenderTableSection::paintObject): Deleted.
3484         * rendering/RenderTheme.h:
3485         (WebCore::RenderTheme::platformFocusRingWidth):
3486         * rendering/RenderView.cpp:
3487         (WebCore::RenderView::setMaximalOutlineSize): Deleted.
3488         * rendering/RenderView.h:
3489         * rendering/style/RenderStyle.cpp:
3490         (WebCore::RenderStyle::changeAffectsVisualOverflow):
3491         (WebCore::RenderStyle::outlineWidth):
3492         * rendering/style/RenderStyle.h:
3493
3494 2016-02-06  Andreas Kling  <akling@apple.com>
3495
3496         [iOS] Throw away linked code when navigating to a new page.
3497         <https://webkit.org/b/153851>
3498
3499         Reviewed by Gavin Barraclough.
3500
3501         When navigating to a new page, tell JSC to throw out any linked code it has lying around.
3502         Linked code is tied to a specific global object, and as we're creating a new one for the
3503         new page, none of it is useful to us here.
3504
3505         In the event that the user navigates back, the cost of relinking some code will be far
3506         lower than the memory cost of keeping all of it around.
3507
3508         This landed previously but was rolled out due to a Speedometer regression. I've made one
3509         minor but important change here: only throw away code if we're navigating away from an
3510         existing history item. Or in other words, don't throw away code for "force peeks" or any
3511         other navigations that are not traditional top-level main frame navigations.
3512
3513         * bindings/js/GCController.cpp:
3514         (WebCore::GCController::deleteAllLinkedCode):
3515         * bindings/js/GCController.h:
3516         * loader/FrameLoader.cpp:
3517         (WebCore::FrameLoader::commitProvisionalLoad):
3518
3519 2016-02-06  Konstantin Tokarev  <annulen@yandex.ru>
3520
3521         Added implementations of AXObjectCache methods for !HAVE(ACCESSIBILITY).
3522         https://bugs.webkit.org/show_bug.cgi?id=153924
3523
3524         Reviewed by Andreas Kling.
3525
3526         No new tests needed.
3527
3528         * accessibility/AXObjectCache.h:
3529         (WebCore::AXObjectCache::ariaModalNode): Added stub implementation.
3530         (WebCore::AXObjectCache::postLiveRegionChangeNotification): Ditto.
3531         (WebCore::AXObjectCache::rangeForNodeContents): Ditto.
3532         (WebCore::AXObjectCache::setIsSynchronizingSelection): Ditto.
3533         (WebCore::AXObjectCache::setTextSelectionIntent): Ditto.
3534         (WebCore::AXAttributeCacheEnabler::AXAttributeCacheEnabler): Ditto.
3535         (WebCore::AXAttributeCacheEnabler::~AXAttributeCacheEnabler): Ditto.
3536
3537 2016-02-04  Antti Koivisto  <antti@apple.com>
3538
3539         Use scope stack instead of nested TreeResolvers for shadow trees
3540         https://bugs.webkit.org/show_bug.cgi?id=153893
3541
3542         Reviewed by Andreas Kling.
3543
3544         Make TreeResolver per-document. This is a step towards iterative style resolve.
3545
3546         This is done replacing use of nested TreeResolvers with a scope stack that maintains
3547         the style resolver and the selector filter for the current tree scope.
3548
3549         * style/StyleTreeResolver.cpp:
3550         (WebCore::Style::ensurePlaceholderStyle):
3551         (WebCore::Style::TreeResolver::Scope::Scope):
3552         (WebCore::Style::TreeResolver::TreeResolver):
3553         (WebCore::Style::shouldCreateRenderer):
3554         (WebCore::Style::TreeResolver::styleForElement):
3555         (WebCore::Style::TreeResolver::createRenderTreeForShadowRoot):
3556         (WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
3557         (WebCore::Style::TreeResolver::createRenderTreeRecursively):
3558         (WebCore::Style::TreeResolver::resolveLocally):
3559         (WebCore::Style::TreeResolver::resolveShadowTree):
3560         (WebCore::Style::TreeResolver::resolveBeforeOrAfterPseudoElement):
3561         (WebCore::Style::TreeResolver::resolveChildren):
3562         (WebCore::Style::TreeResolver::resolveSlotAssignees):
3563         (WebCore::Style::TreeResolver::resolveRecursively):
3564         (WebCore::Style::TreeResolver::resolve):
3565         (WebCore::Style::detachRenderTree):
3566         * style/StyleTreeResolver.h:
3567         (WebCore::Style::TreeResolver::scope):
3568         (WebCore::Style::TreeResolver::pushScope):
3569         (WebCore::Style::TreeResolver::pushEnclosingScope):
3570         (WebCore::Style::TreeResolver::popScope):
3571
3572 2016-02-06  Commit Queue  <commit-queue@webkit.org>
3573
3574         Unreviewed, rolling out r196104.
3575         https://bugs.webkit.org/show_bug.cgi?id=153940
3576
3577         Regressed Speedometer on iOS (Requested by kling on #webkit).
3578
3579         Reverted changeset:
3580
3581         "[iOS] Throw away linked code when navigating to a new page."
3582         https://bugs.webkit.org/show_bug.cgi?id=153851
3583         http://trac.webkit.org/changeset/196104
3584
3585 2016-02-05  Beth Dakin  <bdakin@apple.com>
3586
3587         ScrollbarPainters needs to be deallocated on the main thread
3588         https://bugs.webkit.org/show_bug.cgi?id=153932
3589         -and corresponding-
3590         rdar://problem/24015483
3591
3592         Reviewed by Geoff Garen.
3593
3594         Follow-up fix since the first one was still race-y.
3595         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
3596         (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
3597         (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):
3598
3599 2016-02-05  Beth Dakin  <bdakin@apple.com>
3600
3601         ScrollbarPainters needs to be deallocated on the main thread
3602         https://bugs.webkit.org/show_bug.cgi?id=153932
3603         -and corresponding-
3604         rdar://problem/24015483
3605
3606         Reviewed by Tim Horton.
3607
3608         Ensure the the destructor of ScrollingTreeFrameScrollingNodeMac and the 
3609         assignments done in this class are not responsible for deallocating the 
3610         ScrollbarPainter. 
3611         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
3612         (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
3613         (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):
3614
3615 2016-02-05  Chris Dumez  <cdumez@apple.com>
3616
3617         Instance property getters / setters cannot be called on another instance of the same type
3618         https://bugs.webkit.org/show_bug.cgi?id=153895
3619
3620         Reviewed by Gavin Barraclough.
3621
3622         It should be possible to call instance property getters / setters on
3623         other instances of the same type, as per the WEB IDL specification:
3624         - http://heycam.github.io/webidl/#dfn-attribute-getter
3625         - http://heycam.github.io/webidl/#dfn-attribute-setter
3626
3627         This matches the behavior of Firefox.
3628
3629         The issue without our bindings was that the getters / setters were
3630         using |slotBase| instead of |thisValue| and therefore ended up using
3631         the instance the getter was taken from instead of the actual target
3632         object.
3633
3634         Test:
3635         js/instance-property-getter-other-instance.html
3636         js/instance-property-setter-other-instance.html
3637
3638         * bindings/scripts/CodeGeneratorJS.pm:
3639         (GenerateImplementation):
3640         - Have instance getters / setters use thisValue instead of slotBase.
3641         - In the case of interfaces that have attributes on the instance for
3642           compatibility reasons, try the prototype object if |thisValue| does
3643           does have the right type, instead of using slotBase like previously.
3644           I believe this maintains the original compatibility intention while
3645           also behaving correctly when called on another instance.
3646
3647         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
3648         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
3649         * bindings/scripts/test/JS/JSTestException.cpp:
3650         * bindings/scripts/test/JS/JSTestInterface.cpp:
3651         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
3652         * bindings/scripts/test/JS/JSTestNode.cpp:
3653         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
3654         * bindings/scripts/test/JS/JSTestObj.cpp:
3655         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
3656         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
3657         * bindings/scripts/test/JS/JSattribute.cpp:
3658         Rebaseline bindings tests.
3659
3660 2016-02-05  Brady Eidson  <beidson@apple.com>
3661
3662         Modern IDB: UniqueIDBDatabase's m_databaseInfo is unsafely used from multiple threads.
3663         https://bugs.webkit.org/show_bug.cgi?id=153912
3664
3665         Reviewed by Alex Christensen.
3666
3667         No new tests (Anything testable about this patch is already covered by existing tests).
3668
3669         * Modules/indexeddb/server/IDBBackingStore.h:
3670
3671         * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
3672         (WebCore::IDBServer::MemoryIDBBackingStore::infoForObjectStore):
3673         * Modules/indexeddb/server/MemoryIDBBackingStore.h:
3674
3675         Teach the SQLiteIDBBackingStore to actually keep its m_databaseInfo up to date as it changes,
3676         and to revert it when version change transactions abort:
3677         * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
3678         (WebCore::IDBServer::SQLiteIDBBackingStore::beginTransaction):
3679         (WebCore::IDBServer::SQLiteIDBBackingStore::abortTransaction):
3680         (WebCore::IDBServer::SQLiteIDBBackingStore::commitTransaction):
3681         (WebCore::IDBServer::SQLiteIDBBackingStore::createObjectStore):
3682         (WebCore::IDBServer::SQLiteIDBBackingStore::deleteObjectStore):
3683         (WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
3684         (WebCore::IDBServer::SQLiteIDBBackingStore::deleteIndex):
3685         (WebCore::IDBServer::SQLiteIDBBackingStore::infoForObjectStore):
3686         * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
3687
3688         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
3689         (WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd): Use the IDBBackingStore's copy of the 
3690           IDBObjectStoreInfo, meant only for the database thread, instead of the UniqueIDBDatabase's copy, 
3691           which is meant only for the main thread.
3692
3693 2016-02-05  Alex Christensen  <achristensen@webkit.org>
3694
3695         Clean up Blob code
3696         https://bugs.webkit.org/show_bug.cgi?id=153910
3697
3698         Reviewed by Alexey Proskuryakov.
3699
3700         No new tests, no change in behavior.
3701
3702         * css/StyleSheet.h:
3703         * fileapi/Blob.cpp:
3704         (WebCore::Blob::Blob):
3705         (WebCore::Blob::normalizedContentType):
3706         (WebCore::Blob::isNormalizedContentType):
3707         (WebCore::Blob::registry):
3708         * fileapi/Blob.h:
3709         * fileapi/BlobURL.cpp:
3710         (WebCore::BlobURL::createPublicURL):
3711         * fileapi/BlobURL.h:
3712         (WebCore::BlobURL::BlobURL):
3713         (WebCore::BlobURL::blobProtocol): Deleted.
3714         * platform/PlatformStrategies.cpp:
3715         (WebCore::setPlatformStrategies):
3716         (WebCore::hasPlatformStrategies): Deleted.
3717         * platform/PlatformStrategies.h:
3718         * platform/network/BlobRegistry.cpp:
3719         (WebCore::blobRegistry):
3720         * platform/network/BlobRegistry.h:
3721         * platform/network/BlobRegistryImpl.cpp:
3722         (WebCore::BlobRegistryImpl::~BlobRegistryImpl):
3723         (WebCore::createResourceHandle):
3724         (WebCore::registerBlobResourceHandleConstructor):
3725         (WebCore::BlobRegistryImpl::createResourceHandle):
3726         (WebCore::BlobRegistryImpl::appendStorageItems):
3727         (WebCore::BlobRegistryImpl::registerFileBlobURL):
3728         (WebCore::BlobRegistryImpl::registerBlobURL):
3729         * platform/network/BlobRegistryImpl.h:
3730         * platform/network/BlobResourceHandle.cpp:
3731         (WebCore::BlobResourceHandle::loadResourceSynchronously):
3732         (WebCore::BlobResourceHandle::BlobResourceHandle):
3733         * platform/network/ResourceHandle.h:
3734
3735 2016-02-05  Carlos Garcia Campos  <cgarcia@igalia.com>
3736
3737         [GTK] Scrollbars incorrectly rendered with older versions of GTK+
3738         https://bugs.webkit.org/show_bug.cgi?id=153861
3739
3740         Reviewed by Michael Catanzaro.
3741
3742         The theme doesn't really know it's a scrollbar. Older versions of
3743         GTK+ require to explicitly add the scrollbar style class to the
3744         child GtkStyleContext.
3745
3746         * platform/gtk/ScrollbarThemeGtk.cpp:
3747         (WebCore::createChildStyleContext):
3748
3749 2016-02-05  Carlos Garcia Campos  <cgarcia@igalia.com>
3750
3751         [GTK] Scrollbars not correctly rendered in non GNOME environments
3752         https://bugs.webkit.org/show_bug.cgi?id=153860
3753
3754         Reviewed by Michael Catanzaro.
3755
3756         I noticed this in a matchbox environment, where there's no
3757         gnome-setting-daemon running. The problem is only with the
3758         scrollbars, because we initialize the GtkSettings in
3759         RenderThemeGtk and notify the ScrollbarTheme when it changes, but
3760         ScrollbarTheme is created before RenderThemeGtk so we initialize
3761         the theme properties before the GtkSettings have been
3762         initialized. We can just let the ScrollbarTheme monitor the
3763         theme itself instead of relying on being notified by the WebCore
3764         layer.
3765
3766         * platform/gtk/ScrollbarThemeGtk.cpp:
3767         (WebCore::themeChangedCallback):
3768         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
3769         * rendering/RenderThemeGtk.cpp:
3770         (WebCore::gtkStyleChangedCallback): Deleted.
3771
3772 2016-02-05  Youenn Fablet  <youenn.fablet@crf.canon.fr>
3773
3774         Remove DOMWrapped parameter from JSKeyValueIterator
3775         https://bugs.webkit.org/show_bug.cgi?id=153859
3776
3777         Reviewed by Sam Weinig.
3778
3779         No change in behavior.
3780
3781         Using std::declval to infer DOMWrapped from JSWrapper::wrapped.
3782
3783         * bindings/js/JSFetchHeadersCustom.cpp:
3784         (WebCore::JSFetchHeaders::entries):
3785         (WebCore::JSFetchHeaders::keys):
3786         (WebCore::JSFetchHeaders::values):
3787         * bindings/js/JSKeyValueIterator.h:
3788         (WebCore::createIterator):
3789         (WebCore::JSKeyValueIterator<JSWrapper>::destroy):
3790         (WebCore::JSKeyValueIterator<JSWrapper>::next):
3791         (WebCore::JSKeyValueIteratorPrototypeFunctionNext):
3792         (WebCore::JSKeyValueIteratorPrototype<JSWrapper>::finishCreation):
3793
3794 2016-02-05  Nan Wang  <n_wang@apple.com>
3795
3796         AX: WebKit hanging when VoiceOver attempts to focus in on page
3797         https://bugs.webkit.org/show_bug.cgi?id=153899
3798         <rdar://problem/24506603>
3799
3800         Reviewed by Chris Fleizach.
3801
3802         The VisiblePosition to CharacterOffset conversion will lead to an infinite loop if the
3803         nextVisiblePostion call is returning the original VisiblePosition. Fixed it by breaking out
3804         of the loop early in that situation. 
3805
3806         Test: accessibility/text-marker/character-offset-visible-position-conversion-hang.html
3807
3808         * accessibility/AXObjectCache.cpp:
3809         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
3810
3811 2016-02-04  Joseph Pecoraro  <pecoraro@apple.com>
3812
3813         Web Inspector: InspectorTimelineAgent doesn't need to recompile functions because it now uses the sampling profiler
3814         https://bugs.webkit.org/show_bug.cgi?id=153500
3815         <rdar://problem/24352458>
3816
3817         Reviewed by Timothy Hatcher.
3818
3819         * bindings/js/JSDOMWindowBase.cpp:
3820         (WebCore::JSDOMWindowBase::supportsLegacyProfiling):
3821         (WebCore::JSDOMWindowBase::supportsRichSourceInfo):
3822         (WebCore::JSDOMWindowBase::supportsProfiling): Deleted.
3823         * bindings/js/JSDOMWindowBase.h:
3824         * bindings/js/JSWorkerGlobalScopeBase.cpp:
3825         (WebCore::JSWorkerGlobalScopeBase::supportsLegacyProfiling):
3826         (WebCore::JSWorkerGlobalScopeBase::supportsProfiling): Deleted.
3827         * bindings/js/JSWorkerGlobalScopeBase.h:
3828         * inspector/InspectorController.h:
3829         * inspector/InspectorController.cpp:
3830         (WebCore::InspectorController::legacyProfilerEnabled):
3831         (WebCore::InspectorController::setLegacyProfilerEnabled):
3832         Be more explicit about enabling legacy profiling.
3833
3834         * inspector/InspectorTimelineAgent.cpp:
3835         (WebCore::InspectorTimelineAgent::willDestroyFrontendAndBackend):
3836         (WebCore::InspectorTimelineAgent::didCreateFrontendAndBackend): Deleted.
3837         TimelineAgent doesn't need to recompile if using the sampling profiler.
3838         This breaks console.profile, but console.profile should move to using
3839         the sampling profiler as well.
3840
3841         (WebCore::InspectorTimelineAgent::startFromConsole):
3842         (WebCore::InspectorTimelineAgent::stopFromConsole):
3843         (WebCore::startProfiling): Deleted.
3844         (WebCore::stopProfiling): Deleted.
3845         Inlined the use once static functions.
3846
3847         * page/PageConsoleClient.cpp:
3848         (WebCore::PageConsoleClient::profile):
3849         (WebCore::PageConsoleClient::profileEnd):
3850         Added FIXMEs for improving console.profile and profileEnd.
3851
3852         * testing/Internals.cpp:
3853         (WebCore::Internals::resetToConsistentState):
3854         (WebCore::Internals::setLegacyJavaScriptProfilingEnabled):
3855         (WebCore::Internals::setJavaScriptProfilingEnabled): Deleted.
3856         * testing/Internals.h:
3857         * testing/Internals.idl:
3858         Be more explicit about enabling legacy profiling.
3859
3860 2016-02-04  Brent Fulgham  <bfulgham@apple.com>
3861
3862         Follow-up: Add "WebKit built-in PDF" Plugin to set of publicly visible plugins
3863         https://bugs.webkit.org/show_bug.cgi?id=153657
3864         <rdar://problem/24413107>
3865
3866         Reviewed by Darin Adler.
3867
3868         * plugins/PluginData.cpp:
3869         (WebCore::shouldBePubliclyVisible): Revise comments to provide a
3870         better explanation of the function and why it exists.
3871
3872 2016-02-04  Jonathan Davis  <jond@apple.com>
3873
3874         Add Fetch API and CSS Variables to feature status
3875         https://bugs.webkit.org/show_bug.cgi?id=153896
3876
3877         Reviewed by Timothy Hatcher.
3878
3879         * features.json:
3880
3881 2016-02-04  Daniel Bates  <dabates@apple.com>
3882
3883         WebKit for iOS Simulator fails to build with public iOS SDK
3884         https://bugs.webkit.org/show_bug.cgi?id=153881
3885
3886         Reviewed by Alex Christensen.
3887
3888         Make constants have internal linkage to match the Apple Internal SDK.
3889
3890         * platform/spi/ios/MobileGestaltSPI.h:
3891
3892 2016-02-04  Chris Dumez  <cdumez@apple.com>
3893
3894         Object.getOwnPropertyDescriptor() returns incomplete descriptor for instance properties
3895         https://bugs.webkit.org/show_bug.cgi?id=153817
3896
3897         Reviewed by Geoffrey Garen.
3898
3899         Update the bindings generator so that property getters / setters now
3900         make sure |this| has the right type and throw a TypeError if it does
3901         not, as per:
3902         - http://heycam.github.io/webidl/#dfn-attribute-getter (step 2.4.2)
3903         - http://heycam.github.io/webidl/#dfn-attribute-setter (step 3.5)
3904
3905         This was an issue when doing something like:
3906         Object.getOwnPropertyDescriptor(window, "location").get.call(nonWindow)
3907
3908         We would call toJSDOMWindow(thisValue), which would return null as
3909         thisValue is not a JSDOMWindow. We would then dereference this null
3910         pointer and crash. We now do a null check and throw a TypeError in
3911         this case, as per the Web IDL specification.
3912
3913         The generated bindings still have some non-spec compliant behavior
3914         though:
3915         1. The getters / setters of instance properties use slotBase instead
3916            of thisValue, which means that calling instanceA's getter on
3917            instanceB returns instanceA's property insteas of instanceB's.
3918         2. Global object property getters should not require an explicit
3919            |this| so calling the following should work:
3920            - Object.getOwnPropertyDescriptor(window, "location").get.call()