Transition most IDB interfaces from ScriptExecutionContext to ExecState.
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-20  Brady Eidson  <beidson@apple.com>
2
3         Transition most IDB interfaces from ScriptExecutionContext to ExecState.
4         https://bugs.webkit.org/show_bug.cgi?id=159975
5
6         Reviewed by Alex Christensen.
7
8         No new tests (No known behavior change).
9
10         * Modules/indexeddb/IDBCursor.cpp:
11         (WebCore::IDBCursor::continueFunction):
12         (WebCore::IDBCursor::deleteFunction):
13         * Modules/indexeddb/IDBCursor.h:
14         * Modules/indexeddb/IDBCursor.idl:
15
16         * Modules/indexeddb/IDBDatabase.idl:
17
18         * Modules/indexeddb/IDBFactory.cpp:
19         (WebCore::IDBFactory::cmp):
20         * Modules/indexeddb/IDBFactory.h:
21         * Modules/indexeddb/IDBFactory.idl:
22
23         * Modules/indexeddb/IDBIndex.cpp:
24         (WebCore::IDBIndex::openCursor):
25         (WebCore::IDBIndex::count):
26         (WebCore::IDBIndex::doCount):
27         (WebCore::IDBIndex::openKeyCursor):
28         (WebCore::IDBIndex::get):
29         (WebCore::IDBIndex::doGet):
30         (WebCore::IDBIndex::getKey):
31         (WebCore::IDBIndex::doGetKey):
32         * Modules/indexeddb/IDBIndex.h:
33         * Modules/indexeddb/IDBIndex.idl:
34
35         * Modules/indexeddb/IDBKeyRange.cpp:
36         (WebCore::IDBKeyRange::only): Deleted.
37         * Modules/indexeddb/IDBKeyRange.h:
38
39         * Modules/indexeddb/IDBObjectStore.cpp:
40         (WebCore::IDBObjectStore::openCursor):
41         (WebCore::IDBObjectStore::get):
42         (WebCore::IDBObjectStore::putOrAdd):
43         (WebCore::IDBObjectStore::deleteFunction):
44         (WebCore::IDBObjectStore::doDelete):
45         (WebCore::IDBObjectStore::modernDelete):
46         (WebCore::IDBObjectStore::clear):
47         (WebCore::IDBObjectStore::createIndex):
48         (WebCore::IDBObjectStore::count):
49         (WebCore::IDBObjectStore::doCount):
50         * Modules/indexeddb/IDBObjectStore.h:
51         * Modules/indexeddb/IDBObjectStore.idl:
52
53         * Modules/indexeddb/IDBTransaction.cpp:
54         (WebCore::IDBTransaction::requestOpenCursor):
55         (WebCore::IDBTransaction::doRequestOpenCursor):
56         (WebCore::IDBTransaction::requestGetRecord):
57         (WebCore::IDBTransaction::requestGetValue):
58         (WebCore::IDBTransaction::requestGetKey):
59         (WebCore::IDBTransaction::requestIndexRecord):
60         (WebCore::IDBTransaction::requestCount):
61         (WebCore::IDBTransaction::requestDeleteRecord):
62         (WebCore::IDBTransaction::requestClearObjectStore):
63         (WebCore::IDBTransaction::requestPutOrAdd):
64         * Modules/indexeddb/IDBTransaction.h:
65
66         * inspector/InspectorIndexedDBAgent.cpp:
67
68 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
69
70         Media controls don't appear when pausing a small autoplaying video
71         https://bugs.webkit.org/show_bug.cgi?id=159972
72         <rdar://problem/27180657>
73
74         Reviewed by Beth Dakin.
75
76         When pausing an autoplaying video, remove behavior restrictions for the
77         initial user gesture and show media controls.
78
79         New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.
80
81         * html/HTMLMediaElement.cpp:
82         (WebCore::HTMLMediaElement::pause):
83
84 2016-07-20  Chris Dumez  <cdumez@apple.com>
85
86         Fix null handling of HTMLMediaElement.mediaGroup
87         https://bugs.webkit.org/show_bug.cgi?id=159974
88
89         Reviewed by Eric Carlson.
90
91         Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
92         - https://www.w3.org/TR/html5/embedded-content-0.html#media-elements
93
94         null is supposed to be treated as the String "null". This patch aligns
95         our behavior with the specification. I tested Firefox and Chrome but both
96         do not have this attribute on HTMLMediaElement.
97
98         Also remove support for [TreatNullAs=LegacyNullString] from our bindings
99         generator as HTMLMediaElement.mediaGroup was the last user.
100
101         No new tests, rebaselined existing test.
102
103         * bindings/scripts/CodeGeneratorJS.pm:
104         (JSValueToNative):
105         * bindings/scripts/IDLAttributes.txt:
106         * html/HTMLMediaElement.idl:
107
108 2016-07-20  Chris Dumez  <cdumez@apple.com>
109
110         CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
111         https://bugs.webkit.org/show_bug.cgi?id=159959
112
113         Reviewed by Alexey Proskuryakov.
114
115         CSSStyleDeclaration.setProperty() should be able to unsert "important"
116         on a property as per the latest specification:
117         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
118         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
119
120         Firefox and Chrome match the specification here but WebKit was ignoring calls
121         to setProperty() if there is already an "important" property wit this name
122         and if the new property does not have the "important" flag set.
123
124         This behavior was added a long time ago via Bug 60007. However, it does not
125         match the latest specification or other browsers.
126
127         Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html
128
129         * css/StyleProperties.cpp:
130         (WebCore::MutableStyleProperties::addParsedProperty):
131         Drop code that was added via Bug 60007 as this behavior no longer matches the
132         specification or other browsers. The layout test added in Bug 60007 fails in
133         other browsers and was updated in this patch to match the specification.
134
135 2016-07-20  Commit Queue  <commit-queue@webkit.org>
136
137         Unreviewed, rolling out r203423.
138         https://bugs.webkit.org/show_bug.cgi?id=159977
139
140         The test for this change is failing on Mac Release WK2
141         (Requested by ryanhaddad on #webkit).
142
143         Reverted changeset:
144
145         "HTMLVideoElement frames do not update on iOS when src is a
146         MediaStream blob"
147         https://bugs.webkit.org/show_bug.cgi?id=159833
148         http://trac.webkit.org/changeset/203423
149
150 2016-07-20  Chris Dumez  <cdumez@apple.com>
151
152         Fix null handling of HTMLSelectElement.value attribute
153         https://bugs.webkit.org/show_bug.cgi?id=159925
154
155         Reviewed by Benjamin Poulain.
156
157         Fix null handling of HTMLSelectElement.value attribute:
158         - https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement
159
160         We were treating null as the null String which would end up setting
161         selectedIndex to -1. However, we should treat null as the String "null"
162         which would set the selectedIndex to the index of the <option> element
163         whose value is "null".
164
165         Firefox and Chrome match the specification.
166
167         Test: fast/dom/HTMLSelectElement/value-null-handling.html
168
169         * html/HTMLSelectElement.cpp:
170         (WebCore::HTMLSelectElement::setValue):
171         * html/HTMLSelectElement.idl:
172
173 2016-07-20  Chris Dumez  <cdumez@apple.com>
174
175         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
176         https://bugs.webkit.org/show_bug.cgi?id=159962
177         <rdar://problem/21439264>
178
179         Reviewed by David Kilzer.
180
181         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
182         is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
183         call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
184         However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
185         other. It is therefore possible for a PostResolutionCallbackDisabler object to get
186         destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
187         ResourceLoadSuspender object is alive.
188
189         This leads to hard to investigate crashes where we end up re-entering WebKit and killing
190         the style resolver.
191
192         This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
193         There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
194         is better because it manages a resolutionNestingDepth counter internally to make sure
195         it only calls LoaderStrategy::resumePendingRequests() once all
196         PostResolutionCallbackDisabler instances are destroyed.
197
198         No new tests, there is no easy way to reproduce the crashes.
199
200         * dom/Document.cpp:
201         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
202         * loader/LoaderStrategy.cpp:
203         (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
204         (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
205         * loader/LoaderStrategy.h:
206
207 2016-07-19  Youenn Fablet  <youenn@apple.com>
208
209         [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
210         https://bugs.webkit.org/show_bug.cgi?id=159932
211
212         Reviewed by Alex Christensen.
213
214         Covered by existing tests.
215
216         Refactoring Headers initializeWith to use the new built-in internal that implements
217         https://fetch.spec.whatwg.org/#concept-headers-fill.
218
219         Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
220         Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.
221
222         * CMakeLists.txt: Adding FetchHeadersInternals.js
223         * DerivedSources.make: Ditto.
224         * Modules/fetch/FetchHeaders.js:
225         (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
226         * Modules/fetch/FetchInternals.js: Added.
227         (fillFetchHeaders):
228         * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
229         that the checks are done in the order defined by the spec.
230         (WebCore::FetchResponse::setStatus):
231         (WebCore::FetchResponse::initializeWith):
232         (WebCore::isNullBodyStatus): Deleted.
233         * Modules/fetch/FetchResponse.h:
234         * Modules/fetch/FetchResponse.idl:
235         * Modules/fetch/FetchResponse.js:
236         (initializeFetchResponse): New built-in internal.
237         * WebCore.xcodeproj/project.pbxproj:
238         * bindings/js/WebCoreBuiltinNames.h:
239
240 2016-07-19  Chris Dumez  <cdumez@apple.com>
241
242         Fix null handling of SVGScriptElement.type attribute
243         https://bugs.webkit.org/show_bug.cgi?id=159927
244
245         Reviewed by Benjamin Poulain.
246
247         Fix null handling of SVGScriptElement.type attribute:
248         - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement
249
250         We were treating null as the null String which would end up removing
251         the 'type' content attribute. However, we should treat null as the
252         String "null".
253
254         Firefox and Chrome match the specification.
255
256         No new tests, updated existing test.
257
258         * svg/SVGScriptElement.idl:
259
260 2016-07-19  Chris Dumez  <cdumez@apple.com>
261
262         Fix null handling of several HTMLDocument attributes
263         https://bugs.webkit.org/show_bug.cgi?id=159923
264
265         Reviewed by Benjamin Poulain.
266
267         Fix null handling of several HTMLDocument attributes:
268         - https://html.spec.whatwg.org/multipage/dom.html#document
269         - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial
270
271         In particular, null handling was incorrect in WebKit for 'dir',
272         'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.
273
274         Firefox and Chrome match the specification.
275
276         Test: fast/dom/HTMLDocument/null-handling.html
277
278         * html/HTMLDocument.idl:
279
280 2016-07-19  Chris Dumez  <cdumez@apple.com>
281
282         Document.createElementNS() / createAttributeNS() parameters should be mandatory
283         https://bugs.webkit.org/show_bug.cgi?id=159938
284
285         Reviewed by Benjamin Poulain.
286
287         Document.createElementNS() / createAttributeNS() parameters should be mandatory:
288         - https://dom.spec.whatwg.org/#document
289
290         They were optional in WebKit. However, Firefox and Chrome both match the
291         specification.
292
293         No new tests, rebaselined existing tests.
294
295         * dom/Document.idl:
296
297 2016-07-19  Benjamin Poulain  <bpoulain@apple.com>
298
299         Use getElementById for attribute matching if the attribute name is html's id
300         https://bugs.webkit.org/show_bug.cgi?id=159960
301
302         Reviewed by Chris Dumez.
303
304         Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
305         (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).
306
307         If we are not in quirks mode, IdForStyleResolution has the same value
308         as the Id attribute. We can use the same optimization for both cases.
309
310         Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
311                fast/selectors/id-attribute-querySelector-used-as-id-selector.html
312
313         * dom/SelectorQuery.cpp:
314         (WebCore::canBeUsedForIdFastPath):
315         (WebCore::findIdMatchingType):
316         (WebCore::SelectorDataList::SelectorDataList):
317         (WebCore::selectorForIdLookup):
318         (WebCore::filterRootById):
319
320 2016-07-19  Chris Dumez  <cdumez@apple.com>
321
322         Drop SVGElement.xmlbase attribute
323         https://bugs.webkit.org/show_bug.cgi?id=159926
324
325         Reviewed by Benjamin Poulain.
326
327         Drop SVGElement.xmlbase attribute as it is no longer part of the
328         specification:
329         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
330
331         Both Firefox and Chrome have already dropped support for
332         SVGElement.xmlbase.
333
334         Chrome's intent to remove:
335         https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ
336
337         Test: svg/dom/SVGElement-xmlbase.html
338
339         * svg/SVGElement.cpp:
340         (WebCore::SVGElement::removedFrom): Deleted.
341         * svg/SVGElement.h:
342         * svg/SVGElement.idl:
343
344 2016-07-19  Chris Dumez  <cdumez@apple.com>
345
346         Align CSSStyleDeclaration.setProperty() with the specification
347         https://bugs.webkit.org/show_bug.cgi?id=159955
348
349         Reviewed by Benjamin Poulain.
350
351         Align CSSStyleDeclaration.setProperty() with the specification:
352         - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface
353
354         In particular, the following changes were needed:
355         1. The 'value' parameter should not be optional
356         2. The 'priority' parameter should treat null as the empty string
357            rather than the string "null".
358         3. The 'priority' parameter's default value should be the empty string,
359            not the string "undefined".
360         4. CSSStyleDeclaration.setProperty() should return early if 'priority'
361            is not the empty string and is not an ASCII case-insensitive match
362            for the string "important".
363
364         Chrome matches the specification entirely.
365         Firefox matches the specification with the exception that it does a
366         case-sensitive match for "important".
367
368         Test: fast/css/CSSStyleDeclaration-setProperty.html
369
370         * css/CSSStyleDeclaration.idl:
371         * css/PropertySetCSSStyleDeclaration.cpp:
372         (WebCore::PropertySetCSSStyleDeclaration::setProperty):
373
374 2016-07-19  Daniel Bates  <dabates@apple.com>
375
376         CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
377         https://bugs.webkit.org/show_bug.cgi?id=159841
378         <rdar://problem/27381684>
379
380         Reviewed by Brent Fulgham.
381
382         Implement a first pass at sending multiple violation reports so as to more closely
383         conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
384         <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).
385
386         Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
387                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
388                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
389                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
390                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
391                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
392                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
393                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
394                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
395                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
396                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
397                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
398                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
399                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
400                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
401                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
402                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
403                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
404                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
405                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
406                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
407                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
408                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
409                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
410                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
411                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html
412
413         * page/csp/ContentSecurityPolicy.cpp:
414         (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
415         is allowed by all of the policies with the specified disposition.
416         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
417         all of the enforced policies.
418         (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
419         Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
420         so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
421         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
422         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
423         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
424         all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
425         nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
426         address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
427         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
428         (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
429         matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
430         report-only policies so that we only allow the resource for the former. As a side effect of this change
431         we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
432         for more details.
433         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
434         (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
435         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
436         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
437         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
438         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
439         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
440         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
441         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
442         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
443         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
444         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
445         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
446         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
447         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
448         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
449         * page/csp/ContentSecurityPolicy.h:
450         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.
451
452 2016-07-19  Chris Dumez  <cdumez@apple.com>
453
454         Fix null handling of HTMLScriptElement.text attribute
455         https://bugs.webkit.org/show_bug.cgi?id=159943
456
457         Reviewed by Benjamin Poulain.
458
459         Fix null handling of HTMLScriptElement.text attribute:
460         - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
461
462         We should treat null as the "null" String but we were treating it as
463         the empty string.
464
465         Firefox and Chrome match the specification.
466
467         No new tests, rebaselined existing test.
468
469         * html/HTMLScriptElement.idl:
470
471 2016-07-19  Chris Dumez  <cdumez@apple.com>
472
473         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
474         https://bugs.webkit.org/show_bug.cgi?id=159934
475
476         Reviewed by Benjamin Poulain.
477
478         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
479         non-standard and we want to drop support for it from the bindings generator.
480
481         Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
482         given that both a missing/empty attribute result in using the default
483         autocapitalization mode and that autocapitalize returns the empty string by
484         default.
485
486         Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html
487
488         * html/HTMLFormElement.idl:
489         * html/HTMLInputElement.idl:
490         * html/HTMLTextAreaElement.idl:
491
492 2016-07-19  Zalan Bujtas  <zalan@apple.com>
493
494         REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
495         https://bugs.webkit.org/show_bug.cgi?id=159952
496
497         Reviewed by Simon Fraser.
498
499         Update ASSERTs to reflect new functionality, that is, now we can end up in a state
500         where the container (RenderView) of one of the dirty subtrees is dirty.
501         See r203415.
502  
503         Covered by editing/pasteboard/drag-drop-input-in-svg.svg
504
505         * page/FrameView.cpp:
506         (WebCore::FrameView::scheduleRelayoutOfSubtree):
507
508 2016-07-19  Dean Jackson  <dino@apple.com>
509
510         REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
511         https://bugs.webkit.org/show_bug.cgi?id=159948
512         <rdar://problem/27391012>
513
514         Reviewed by Simon Fraser.
515
516         There is an iOS bug (<rdar://problem/27416744>) that is causing us
517         to not always get a color space on CGContextRefs. Investigation of this
518         exposed some optimizations we can take when we are creating ImageBuffers.
519         In particular, if we have a bitmap context or an IOSurfaceContext we
520         can simply copy their color space using API. Otherwise we stick with
521         the existing CGContextCopyDeviceColorSpace.
522
523         Lastly, if for some reason we are unable to copy the device color space,
524         we should fall back to sRGB.
525
526         * platform/graphics/cg/ImageBufferCG.cpp:
527         (WebCore::ImageBuffer::createCompatibleBuffer):
528         * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.
529
530
531 2016-07-19  George Ruan  <gruan@apple.com>
532
533         HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
534         https://bugs.webkit.org/show_bug.cgi?id=159833
535         <rdar://problem/27379487>
536
537         Reviewed by Eric Carlson.
538
539         Test: fast/mediastream/MediaStream-video-element-displays-buffer.html
540
541         * WebCore.xcodeproj/project.pbxproj:
542         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
543         of RefPtr<T>
544         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
545         MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
546         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
547         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
548         observers and AVSampleBufferDisplayLayer
549         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
550         is available.
551         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
552         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
553         for enqueuing sample buffers to the active video track.
554         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
555         exists.
556         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
557         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
558         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
559         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
560         new SampleBuffer is available.
561         (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
562         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
563         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
564         MediaPlayerPrivateMediaSourceAVFObjC.mm
565         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
566         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
567         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
568         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
569         * platform/mediastream/MediaStreamPrivate.cpp:
570         (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
571         * platform/mediastream/MediaStreamTrackPrivate.cpp:
572         (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
573         is available.
574         * platform/mediastream/MediaStreamTrackPrivate.h:
575         (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
576         a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
577         * platform/mediastream/RealtimeMediaSource.cpp:
578         (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
579         * platform/mediastream/RealtimeMediaSource.h:
580         * platform/mediastream/mac/AVVideoCaptureSource.mm:
581         (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.
582
583 2016-07-19  Anders Carlsson  <andersca@apple.com>
584
585         Get rid of a #define private public hack in WebCore
586         https://bugs.webkit.org/show_bug.cgi?id=159953
587
588         Reviewed by Dan Bernstein.
589
590         Use @package instead.
591
592         * bindings/objc/DOMInternal.h:
593         * bindings/objc/DOMObject.h:
594
595 2016-07-19  Andreas Kling  <akling@apple.com>
596
597         Fix SharedBuffer leak in MockContentFilter::replacementData().
598         <https://webkit.org/b/159945>
599
600         Reviewed by Andy Estes.
601
602         Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
603         Since this is in the mock filter, it only affected layout tests.
604
605         * testing/MockContentFilter.cpp:
606         (WebCore::MockContentFilter::replacementData):
607
608 2016-07-19  Zalan Bujtas  <zalan@apple.com>
609
610         theguardian.co.uk crossword puzzles are sometimes not displaying text
611         https://bugs.webkit.org/show_bug.cgi?id=159924
612         <rdar://problem/27409483>
613
614         Reviewed by Simon Fraser.
615
616         This patch fixes the case when
617         - 2 disjoint subtrees are dirty
618         - RenderView is also dirty.
619         and we end up not laying out one of the 2 subtrees.
620
621         In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
622         we already have a pending full layout which means that any previous subtree layouts have already been
623         converted to full layouts.
624         However this assumption is incorrect. RenderView can get dirty without checking if there's
625         already a pending subtree layout.
626         One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
627         so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
628         However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
629         The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
630         This patch implements the second option.
631
632         Test: fast/misc/subtree-layouts.html
633
634         * page/FrameView.cpp:
635         (WebCore::FrameView::scheduleRelayoutOfSubtree):
636
637 2016-07-19  Anders Carlsson  <andersca@apple.com>
638
639         Some payment authorization status values should keep the sheet active
640         https://bugs.webkit.org/show_bug.cgi?id=159936
641         rdar://problem/26756701
642
643         Reviewed by Tim Horton.
644
645         * Modules/applepay/ApplePaySession.cpp:
646         (WebCore::ApplePaySession::completePayment):
647         Keep the sheet active if the status isn't a final state status.
648
649         * Modules/applepay/PaymentAuthorizationStatus.h:
650         (WebCore::isFinalStateStatus):
651         Add a new helper function that returns whether a given payment authorization status is "final",
652         meaning that once that status has been passed to completePayment, the session is finished.
653
654 2016-07-19  Nan Wang  <n_wang@apple.com>
655
656         AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
657         https://bugs.webkit.org/show_bug.cgi?id=159910
658
659         Reviewed by Chris Fleizach.
660
661         We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
662         option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
663         fixed a word navigation issue based on that.
664
665         Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html
666
667         * accessibility/AXObjectCache.cpp:
668         (WebCore::AXObjectCache::traverseToOffsetInRange):
669         (WebCore::AXObjectCache::rangeForNodeContents):
670         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
671         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
672         (WebCore::AXObjectCache::rightWordRange):
673         (WebCore::AXObjectCache::previousBoundary):
674         * accessibility/AXObjectCache.h:
675         (WebCore::AXObjectCache::isNodeInUse):
676
677 2016-07-19  Youenn Fablet  <youenn@apple.com>
678
679         [Streams API] ReadableStreamController methods should throw if its stream is not readable
680         https://bugs.webkit.org/show_bug.cgi?id=159871
681
682         Reviewed by Xabier Rodriguez-Calvar.
683
684         Spec now mandates close and enqueue to throw if ReadableStream is not readable.
685         Covered by rebased and/or modified tests.
686
687         * Modules/streams/ReadableStreamController.js:
688         (enqueue): Throwing a TypeError if controlled stream is not readable.
689         (close): Ditto.
690
691 2016-07-19  Simon Fraser  <simon.fraser@apple.com>
692
693         Bubbles appear split for a brief moment in Messages
694         https://bugs.webkit.org/show_bug.cgi?id=159915
695         rdar://problem/27182267
696
697         Reviewed by David Hyatt.
698
699         RenderView::repaintRootContents() had a long-standing bug in WebView when the
700         view is scrolled. repaint() uses visualOverflowRect() but, for the 
701         RenderView, the visualOverflowRect() is the initial containing block
702         which is anchored at 0,0. When the view is scrolled it's clipped out and
703         calls to repaintRootContents() have no effect.
704         
705         Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
706         will clip it to the view if necessary.
707
708         Test: fast/repaint/scrolled-view-full-repaint.html
709
710         * rendering/RenderView.cpp:
711         (WebCore::RenderView::repaintRootContents):
712
713 2016-07-19  Dan Bernstein  <mitz@apple.com>
714
715         <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'
716
717         * bindings/js/JSDOMGlobalObject.cpp:
718         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.
719
720 2016-07-19  Youenn Fablet  <youenn@apple.com>
721
722         [Streams API] Make ReadableStream properties not enumerable
723         https://bugs.webkit.org/show_bug.cgi?id=159868
724
725         Reviewed by Darin Adler.
726
727         Covered by rebased tests.
728
729         Uopdating IDL definitions to mark all functions/attributes as not enumerable.
730         Updating IDL constructor definitions to correctly compute constructor length.
731         Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).
732
733         * Modules/streams/ReadableStream.idl:
734         * Modules/streams/ReadableStream.js:
735         * Modules/streams/ReadableStreamController.idl:
736         * Modules/streams/ReadableStreamReader.idl:
737
738 2016-07-19  Chris Dumez  <cdumez@apple.com>
739
740         form.enctype / encoding / method should treat null as "null" string
741         https://bugs.webkit.org/show_bug.cgi?id=159916
742
743         Reviewed by Ryosuke Niwa.
744
745         form.enctype / encoding / method should treat null as "null" string:
746         - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
747
748         Previously, WebKit would treat null as the null String, which would
749         end up removing the existing attribute.
750
751         Firefox and Chrome match the specification.
752
753         Test: fast/dom/HTMLFormElement/null-handling.html
754
755         * html/HTMLFormElement.h:
756         * html/HTMLFormElement.idl:
757
758 2016-07-18  Csaba Osztrogonác  <ossy@webkit.org>
759
760         All-in-one buildfix after r202439
761         https://bugs.webkit.org/show_bug.cgi?id=159877
762
763         Reviewed by Chris Dumez.
764
765         * Modules/webaudio/AudioDestinationNode.h:
766         (WebCore::AudioDestinationNode::resume):
767         (WebCore::AudioDestinationNode::suspend):
768         (WebCore::AudioDestinationNode::close):
769
770 2016-07-18  Frederic Wang  <fwang@igalia.com>
771
772         Move parsing of subscriptshift and superscriptshift from rendering to element classes
773         https://bugs.webkit.org/show_bug.cgi?id=159622
774
775         Reviewed by Darin Adler.
776
777         We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
778         mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
779         subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
780         attribute parsing to the DOM (bug 156536).
781
782         No new tests, rendering is unchanged.
783
784         * CMakeLists.txt: Add MathMLScriptsElement files.
785         * WebCore.xcodeproj/project.pbxproj: Ditto.
786         * mathml/MathMLAllInOne.cpp: Ditto.
787         * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
788         (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
789         * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
790         parsing for the subscriptshift and superscriptshift MathML lengths.
791         (WebCore::MathMLScriptsElement::MathMLScriptsElement):
792         (WebCore::MathMLScriptsElement::create):
793         (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
794         parsing the attribute again if necessary.
795         (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
796         (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
797         (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
798         * mathml/MathMLScriptsElement.h: Ditto.
799         * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
800         * rendering/mathml/RenderMathMLScripts.cpp:
801         (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
802         MathMLScriptsElement.
803         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
804         using the functions from the MathMLScriptsElement class.
805         * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
806
807 2016-07-18  Frederic Wang  <fwang@igalia.com>
808
809         Do not store gap and shift parameters on RenderMathMLFraction
810         https://bugs.webkit.org/show_bug.cgi?id=159876
811
812         Reviewed by Darin Adler.
813
814         After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
815         do not need to store them on the class. We remove them and split updateLayoutParameters into
816         three functions: one to update the linethickness and two others to retrieve the fraction and
817         stack respectively.
818
819         No new tests, rendering is unchanged.
820
821         * rendering/mathml/RenderMathMLFraction.cpp:
822         (WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
823         (WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
824         (WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
825         (WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
826         for fraction and stack parameters.
827         (WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
828         * rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
829         for stack and fraction parameters.
830
831 2016-07-18  Chris Dumez  <cdumez@apple.com>
832
833         input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
834         https://bugs.webkit.org/show_bug.cgi?id=159908
835
836         Reviewed by Alex Christensen.
837
838         input.formEnctype / formMethod and button.formEnctype / formMethod / type
839         should treat null as "null" String:
840         - https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
841         - https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement
842
843         In WebKit, we would treat null as a null String which would end up
844         removing the corresponding attribute. This does not match the
845         specification. Firefox and Chrome match the specification here.
846
847         Tests:
848         - fast/dom/HTMLButtonElement/null-handling.html
849         - fast/dom/HTMLInputElement/null-handling.html
850
851         * html/HTMLButtonElement.idl:
852         * html/HTMLInputElement.idl:
853
854 2016-07-18  Alex Christensen  <achristensen@webkit.org>
855
856         webbookmarksd needs to use the same AppCache directory as MobileSafari
857         https://bugs.webkit.org/show_bug.cgi?id=159912
858
859         Reviewed by Alexey Proskuryakov.
860
861         No new tests.  This only changes behavior for webbookmarksd.
862
863         * platform/RuntimeApplicationChecks.h:
864         * platform/RuntimeApplicationChecks.mm:
865         (WebCore::IOSApplication::isWebBookmarksD): Added.
866
867 2016-07-18  Chris Dumez  <cdumez@apple.com>
868
869         EventTarget.dispatchEvent() parameter should not be nullable
870         https://bugs.webkit.org/show_bug.cgi?id=159897
871
872         Reviewed by Benjamin Poulain.
873
874         EventTarget.dispatchEvent() parameter should not be nullable:
875         - https://dom.spec.whatwg.org/#interface-eventtarget
876
877         Even though the parameter was marked as nullable in our IDL, our
878         implementation does a null check and we already throw a TypeError
879         when calling dispatchEvent(null).
880
881         Update our IDL so that it matches the specification and so that
882         the null check is generated in the bindings instead.
883
884         No new tests, rebaseline existing tests.
885
886         * dom/EventTarget.cpp:
887         (WebCore::EventTarget::dispatchEventForBindings):
888         * dom/EventTarget.h:
889         * dom/EventTarget.idl:
890
891 2016-07-18  Chris Dumez  <cdumez@apple.com>
892
893         DocType's publicId / systemId should not be nullable
894         https://bugs.webkit.org/show_bug.cgi?id=159901
895
896         Reviewed by Benjamin Poulain.
897
898         DocType's publicId / systemId should not be nullable. While they were
899         not marked as nullable in our IDL, they could be stored as null Strings
900         in our implementation depending on how the Node was constructed. This
901         led to subtle bugs where String() != emptyString().
902
903         In particular, Node.isEqualNode() would return false when DocumentType
904         nodes would mismatch because of their publicId / systemId being null
905         instead of the emptyString.
906
907         Serialization would DocumentType nodes would also be wrong when
908         publicId / systemId were empty Strings instead of null strings. The
909         new behavior now matches:
910         - https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)
911
912         To address these issues, we now always store publicId / systemId as
913         non-null Strings inside the DocumentType class.
914
915         Test: fast/dom/DocumentType/isEqualNode.html
916
917         * dom/DocumentType.cpp:
918         (WebCore::DocumentType::DocumentType):
919         * editing/MarkupAccumulator.cpp:
920         (WebCore::MarkupAccumulator::appendDocumentType):
921
922 2016-07-18  Jeremy Jones  <jeremyj@apple.com>
923
924         If previous media session interruptions were prevented, still allow subsequent interruptions to try.
925         https://bugs.webkit.org/show_bug.cgi?id=157553
926         rdar://problem/25740804
927
928         Reviewed by Eric Carlson.
929
930         Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html
931
932         When suspending under lock on iOS, there is first a resign active event, then a
933         suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
934         suspend under lock to interrupt playback.
935
936         Currently if there are nested interruptions only the first one is acted upon.
937
938         This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
939         previous interruptions were ignored.
940
941         This test is for iPad only, so it must be run manually.
942
943         * html/HTMLMediaElement.cpp:
944         (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
945         * platform/audio/PlatformMediaSession.cpp:
946         (WebCore::PlatformMediaSession::beginInterruption):
947         * testing/Internals.cpp:
948         (WebCore::Internals::beginMediaSessionInterruption):
949
950 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
951
952         Don't associate form-associated elements with forms in other trees.
953         https://bugs.webkit.org/show_bug.cgi?id=119451
954         <rdar://problem/27382946>
955
956         Change is based on the Blink change (patch by <adamk@chromium.org>):
957         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
958
959         Reviewed by Chris Dumez.
960
961         Prevent elements from being associated with forms that are not part of the same home subtree.
962         This brings us in line with the WhatWG HTML specification as of September, 2013.
963
964         Tests: fast/forms/image-disconnected-during-parse.html
965                fast/forms/input-disconnected-during-parse.html
966
967         * dom/Element.h:
968         (WebCore::Node::rootElement): Added.
969         * html/FormAssociatedElement.cpp:
970         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
971         is not part of the same tree, remove the association.
972         * html/HTMLImageElement.cpp:
973         (WebCore::HTMLImageElement::insertedInto): Ditto.
974
975 2016-07-18  Anders Carlsson  <andersca@apple.com>
976
977         WebKit nightly fails to build on macOS Sierra
978         https://bugs.webkit.org/show_bug.cgi?id=159902
979         rdar://problem/27365672
980
981         Reviewed by Tim Horton.
982
983         * Modules/applepay/cocoa/PaymentCocoa.mm:
984         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
985         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
986         * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
987         Use new PassKitSPI header.
988
989         * WebCore.xcodeproj/project.pbxproj:
990         Add new PassKitSPI header.
991
992         * icu/unicode/ucurr.h: Added.
993         Add ucurr.h from ICU.
994
995         * platform/spi/cocoa/PassKitSPI.h: Added.
996         Add new PassKitSPI header.
997
998 2016-07-18  Dean Jackson  <dino@apple.com>
999
1000         REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
1001         https://bugs.webkit.org/show_bug.cgi?id=159906
1002         <rdar://problem/27391725>
1003
1004         Reviewed by Simon Fraser.
1005
1006         The fix for webkit.org/b/157569 in r200769 broke AMP pages.
1007         The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.
1008
1009         Revert them both until we have better testing.
1010
1011         * css/CSSParser.cpp:
1012         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
1013         (WebCore::CSSParser::parseValue):
1014         (WebCore::CSSParser::parseAnimationShorthand):
1015         (WebCore::CSSParser::parseTransitionShorthand): Deleted.
1016         * css/CSSPropertyNames.in:
1017         * css/PropertySetCSSStyleDeclaration.cpp:
1018         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
1019         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
1020         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
1021         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
1022         * css/StyleProperties.cpp:
1023         (WebCore::MutableStyleProperties::removeShorthandProperty):
1024         (WebCore::MutableStyleProperties::removeProperty):
1025         (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
1026         (WebCore::MutableStyleProperties::setProperty):
1027         (WebCore::getIndexInShorthandVectorForPrefixingVariant):
1028         (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
1029         (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
1030         (WebCore::StyleProperties::asText): Deleted.
1031         * css/StyleProperties.h:
1032
1033 2016-07-18  Andreas Kling  <akling@apple.com>
1034
1035         There should be a way to simulate memory pressure in layout tests
1036         <https://webkit.org/b/159743>
1037
1038         Reviewed by Simon Fraser.
1039
1040         Add three window.internal APIs:
1041
1042             - boolean isUnderMemoryPressure (readonly attribute)
1043             - void beginSimulatedMemoryPressure()
1044             - void endSimulatedMemoryPressure()
1045
1046         These make it possible to write tests that exercise behaviors that only
1047         occur during memory pressure situations.
1048
1049         I also implemented the "org.WebKit.lowMemory" notification handler using the new API.
1050
1051         Test: memory/memory-pressure-simulation.html
1052
1053         * platform/MemoryPressureHandler.cpp:
1054         (WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
1055         (WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):
1056         * platform/MemoryPressureHandler.h:
1057         (WebCore::MemoryPressureHandler::isUnderMemoryPressure):
1058         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1059         (WebCore::MemoryPressureHandler::platformReleaseMemory):
1060         (WebCore::MemoryPressureHandler::install):
1061         * testing/Internals.cpp:
1062         (WebCore::Internals::isUnderMemoryPressure):
1063         (WebCore::Internals::beginSimulatedMemoryPressure):
1064         (WebCore::Internals::endSimulatedMemoryPressure):
1065         * testing/Internals.h:
1066         * testing/Internals.idl:
1067
1068 2016-07-18  Said Abou-Hallawa  <sabouhallawa@apple,com>
1069
1070         [iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
1071         https://bugs.webkit.org/show_bug.cgi?id=158715
1072
1073         Reviewed by Dean Jackson.
1074
1075         Test: fast/images/displaced-non-cached-pdf.html
1076
1077         For iOS, we need to ensure the size of the cached PDF images will not
1078         exceed some limit. Also we should be caching only a sub image of the PDF
1079         if caching the whole image will exceed the memory limit.
1080
1081         * page/Settings.cpp:
1082         (WebCore::Settings::Settings):
1083         (WebCore::Settings::setCachedPDFImageEnabled):
1084         * page/Settings.h:
1085         (WebCore::Settings::isCachedPDFImageEnabled):
1086             Add an option to disable caching the PDF images.
1087
1088         * platform/graphics/cg/PDFDocumentImage.cpp:
1089         (WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
1090             Allow the caller of draw() to disable caching the PDF images.
1091         
1092         (WebCore::PDFDocumentImage::cacheParametersMatch):
1093             Match the context dirty rectangle with the cached image rectangle.
1094         
1095         (WebCore::transformContextForPainting):
1096             When preparing the context for drawing the PDF, take the location 
1097             of the destination rectangle into account. We do not need to scale
1098             the location of the source rectangle because we scale the size of
1099             the rectangle but we don't scale the whole coordinate system.
1100
1101         (WebCore::cachedImageRect):
1102             Calculate the rectangle of the cached image such that it does not
1103             exceed the limit. Start from the center of the dirty rectangle and
1104             then expand around it.
1105             
1106         (WebCore::PDFDocumentImage::decodedSizeChanged):
1107             In addition to notifying the ImageObserver, it keeps track of the size
1108             of all the cached PDF images.
1109
1110         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
1111             Ensure the size of all the cached images does not exceed the limit
1112             
1113         (WebCore::PDFDocumentImage::destroyDecodedData):
1114         * platform/graphics/cg/PDFDocumentImage.h:
1115
1116         * rendering/RenderImage.cpp:
1117         (WebCore::RenderImage::paintIntoRect):
1118             Pass the option to disable caching the PDF images to PDFDocumentImage.
1119
1120         * testing/InternalSettings.cpp:
1121         (WebCore::InternalSettings::Backup::Backup):
1122         (WebCore::InternalSettings::Backup::restoreTo):
1123         (WebCore::InternalSettings::setCachedPDFImageEnabled):
1124         * testing/InternalSettings.h:
1125         * testing/InternalSettings.idl:
1126             Add an internal option to disable caching the PDF images.
1127
1128 2016-07-18  Chris Dumez  <cdumez@apple.com>
1129
1130         The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
1131         https://bugs.webkit.org/show_bug.cgi?id=158008
1132
1133         Reviewed by Darin Adler.
1134
1135         The 2 first parameters to addEventListener() / removeEventListener() should be
1136         mandatory:
1137         - https://dom.spec.whatwg.org/#interface-eventtarget
1138
1139         Firefox 46 and Chrome 50 both match the specification and throw an exception when those
1140         parameters are omitted. However, those parameters were marked as optional in WebKit and
1141         the calls were no-ops if those parameters were omitted. This patch aligns our behavior
1142         with the specification and other browsers.
1143
1144         Test: fast/dom/eventtarget-api-parameters.html
1145
1146         * bindings/scripts/CodeGeneratorJS.pm:
1147         (GetFunctionLength): Deleted.
1148         * dom/EventTarget.idl:
1149
1150 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1151
1152         Unreviewed, rolling out r203373.
1153
1154         Unaddressed
1155
1156         Reverted changeset:
1157
1158         "Don't associate form-associated elements with forms in other
1159         trees."
1160         https://bugs.webkit.org/show_bug.cgi?id=119451
1161         http://trac.webkit.org/changeset/203373
1162
1163 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1164
1165         Don't associate form-associated elements with forms in other trees.
1166         https://bugs.webkit.org/show_bug.cgi?id=119451
1167         <rdar://problem/27382946>
1168
1169         Change is based on the Blink change (patch by <adamk@chromium.org>):
1170         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
1171
1172         Reviewed by Zalan Bujtas.
1173
1174         Prevent elements from being associated with forms that are not part of the same home subtree.
1175         This brings us in line with the WhatWG HTML specification as of September, 2013.
1176
1177         Tests: fast/forms/image-disconnected-during-parse.html
1178                fast/forms/input-disconnected-during-parse.html
1179
1180         * dom/NodeTraversal.h:
1181         (WebCore::NodeTraversal::highestAncestorOrSelf): Added.
1182         * html/FormAssociatedElement.cpp:
1183         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
1184         is not part of the same tree, remove the association.
1185         * html/HTMLImageElement.cpp:
1186         (WebCore::HTMLImageElement::insertedInto): Ditto.
1187
1188 2016-07-18  George Ruan  <gruan@apple.com>
1189
1190         Move MediaSampleAVFObjC into its own file
1191         https://bugs.webkit.org/show_bug.cgi?id=159796
1192         <rdar://problem/27362488>
1193
1194         In preparation for a feature that uses MediaSampleAVFObjC, but does
1195         not need SourceBufferPrivateAVFObjC, it is beneficial to move
1196         MediaSampleAVFObjC to its own file.
1197
1198         Reviewed by Eric Carlson.
1199
1200         * WebCore.xcodeproj/project.pbxproj:
1201         * platform/MediaSample.h: Allow setting trackID to associate
1202         MediaSample id with MediaStreamTrackPrivate id.
1203         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Added.
1204         * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm: Moved
1205         from MediaSampleAVFObjC
1206         (WebCore::MediaSampleAVFObjC::presentationTime):
1207         (WebCore::MediaSampleAVFObjC::decodeTime):
1208         (WebCore::MediaSampleAVFObjC::duration):
1209         (WebCore::MediaSampleAVFObjC::sizeInBytes):
1210         (WebCore::MediaSampleAVFObjC::platformSample):
1211         (WebCore::CMSampleBufferIsRandomAccess):
1212         (WebCore::MediaSampleAVFObjC::flags):
1213         (WebCore::MediaSampleAVFObjC::presentationSize):
1214         (WebCore::MediaSampleAVFObjC::dump):
1215         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy):
1216         (WebCore::MediaSampleAVFObjC::setTimestamps):
1217         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1218         Moved MediaSampleAVFObjC to its own file.
1219         (WebCore::MediaSampleAVFObjC::platformSample): Deleted.
1220         (WebCore::CMSampleBufferIsRandomAccess): Deleted.
1221         (WebCore::MediaSampleAVFObjC::flags): Deleted.
1222         (WebCore::MediaSampleAVFObjC::presentationSize): Deleted.
1223         (WebCore::MediaSampleAVFObjC::dump): Deleted.
1224         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Deleted.
1225         (WebCore::MediaSampleAVFObjC::setTimestamps): Deleted.
1226         * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
1227
1228 2016-07-18  Eric Carlson  <eric.carlson@apple.com>
1229
1230         [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
1231         https://bugs.webkit.org/show_bug.cgi?id=159812
1232         <rdar://problem/27371624>
1233
1234         Reviewed by Jon Lee.
1235
1236         No new tests, it isn't possible to test this with our current testing infrastructure.
1237
1238         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
1239         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1240         (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
1241         been an HDCP error.
1242         (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.
1243
1244 2016-07-18  Yoav Weiss  <yoav@yoav.ws>
1245
1246         Add preload to features.json
1247         https://bugs.webkit.org/show_bug.cgi?id=159872
1248
1249         Reviewed by Darin Adler.
1250
1251         No new tests but no functional change.
1252
1253         * features.json:
1254
1255 2016-07-18  Youenn Fablet  <youenn@apple.com>
1256
1257         [Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
1258         https://bugs.webkit.org/show_bug.cgi?id=159870
1259
1260         Reviewed by Xabier Rodriguez-Calvar.
1261
1262         Covered by rebased test.
1263
1264         * Modules/streams/StreamInternals.js:
1265         (validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.
1266
1267 2016-07-18  Csaba Osztrogonác  <ossy@webkit.org>
1268
1269         Windows buildfix after r203338
1270         https://bugs.webkit.org/show_bug.cgi?id=159875
1271
1272         Unreviewed buildfix.
1273
1274         * dom/UserGestureIndicator.h:
1275         (WebCore::UserGestureToken::addDestructionObserver):
1276
1277 2016-07-18  Carlos Garcia Campos  <cgarcia@igalia.com>
1278
1279         MemoryPressureHandler doesn't work if cgroups aren't present in Linux
1280         https://bugs.webkit.org/show_bug.cgi?id=155255
1281
1282         Reviewed by Sergio Villar Senin.
1283
1284         Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
1285         available.
1286
1287         * platform/MemoryPressureHandler.h:
1288         * platform/linux/MemoryPressureHandlerLinux.cpp:
1289
1290 2016-07-17  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1291
1292         Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
1293         https://bugs.webkit.org/show_bug.cgi?id=159701
1294
1295         Reviewed by Alex Christensen.
1296
1297         No new tests, no behavior changes.
1298
1299         * Modules/encryptedmedia/CDM.h:
1300         * Modules/encryptedmedia/MediaKeySession.h:
1301         * Modules/encryptedmedia/MediaKeys.h:
1302         * Modules/quota/DOMWindowQuota.cpp:
1303         * Modules/quota/StorageErrorCallback.cpp:
1304         (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
1305         * Modules/quota/StorageErrorCallback.h:
1306         * Modules/quota/StorageInfo.h:
1307         * Modules/quota/StorageQuota.h:
1308         * Modules/speech/DOMWindowSpeechSynthesis.cpp:
1309         * Modules/speech/SpeechSynthesis.cpp:
1310         (WebCore::SpeechSynthesis::getVoices):
1311         (WebCore::SpeechSynthesis::startSpeakingImmediately):
1312         (WebCore::SpeechSynthesis::speak):
1313         (WebCore::SpeechSynthesis::cancel):
1314         (WebCore::SpeechSynthesis::handleSpeakingCompleted):
1315         (WebCore::SpeechSynthesis::boundaryEventOccurred):
1316         (WebCore::SpeechSynthesis::didStartSpeaking):
1317         (WebCore::SpeechSynthesis::didPauseSpeaking):
1318         (WebCore::SpeechSynthesis::didResumeSpeaking):
1319         (WebCore::SpeechSynthesis::didFinishSpeaking):
1320         (WebCore::SpeechSynthesis::speakingErrorOccurred):
1321         * Modules/speech/SpeechSynthesis.h:
1322         * Modules/speech/SpeechSynthesisEvent.h:
1323         * Modules/speech/SpeechSynthesisUtterance.h:
1324         * Modules/speech/SpeechSynthesisVoice.cpp:
1325         (WebCore::SpeechSynthesisVoice::create):
1326         (WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):
1327         * Modules/speech/SpeechSynthesisVoice.h:
1328         * platform/PlatformSpeechSynthesizer.h:
1329         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
1330         (WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):
1331         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
1332         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
1333         (WebCore::PlatformSpeechSynthesizerMock::speak):
1334         (WebCore::PlatformSpeechSynthesizerMock::cancel):
1335         (WebCore::PlatformSpeechSynthesizerMock::pause):
1336         (WebCore::PlatformSpeechSynthesizerMock::resume):
1337
1338 2016-07-16  Sam Weinig  <sam@webkit.org>
1339
1340         [WebKit API] Add SPI to track multiple navigations caused by a single user gesture
1341         <rdar://problem/26554137>
1342         https://bugs.webkit.org/show_bug.cgi?id=159856
1343
1344         Reviewed by Dan Bernstein.
1345
1346         - Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
1347         - Makes UserGestureIndicator track UserGestureToken.
1348         - Refines UserGestureIndicator's interface to use Optional and a smaller enum set
1349           to represent the different initial states.
1350         - Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, 
1351           postMessage, and ScheduledNavigation) rather than just a boolean.
1352
1353         * accessibility/AccessibilityNodeObject.cpp:
1354         (WebCore::AccessibilityNodeObject::increment):
1355         (WebCore::AccessibilityNodeObject::decrement):
1356         * accessibility/AccessibilityObject.cpp:
1357         (WebCore::AccessibilityObject::press):
1358         * bindings/js/ScriptController.cpp:
1359         (WebCore::ScriptController::executeScriptInWorld):
1360         (WebCore::ScriptController::executeScript):
1361         Update for new UserGestureIndicator interface.
1362
1363         * dom/UserGestureIndicator.cpp:
1364         (WebCore::currentToken):
1365         (WebCore::UserGestureToken::~UserGestureToken):
1366         (WebCore::UserGestureIndicator::UserGestureIndicator):
1367         (WebCore::UserGestureIndicator::~UserGestureIndicator):
1368         (WebCore::UserGestureIndicator::currentUserGesture):
1369         (WebCore::UserGestureIndicator::processingUserGesture):
1370         (WebCore::UserGestureIndicator::processingUserGestureForMedia):
1371         (WebCore::isDefinite): Deleted.
1372         * dom/UserGestureIndicator.h:
1373         (WebCore::UserGestureToken::create):
1374         (WebCore::UserGestureToken::state):
1375         (WebCore::UserGestureToken::processingUserGesture):
1376         (WebCore::UserGestureToken::processingUserGestureForMedia):
1377         (WebCore::UserGestureToken::addDestructionObserver):
1378         (WebCore::UserGestureToken::UserGestureToken):
1379         Add UserGestureToken and track the current one explicitly.
1380
1381         * html/HTMLMediaElement.cpp:
1382         (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
1383         * inspector/InspectorFrontendClientLocal.cpp:
1384         (WebCore::InspectorFrontendClientLocal::openInNewTab):
1385         * inspector/InspectorFrontendHost.cpp:
1386         * inspector/InspectorPageAgent.cpp:
1387         (WebCore::InspectorPageAgent::navigate):
1388         Update for new UserGestureIndicator interface.
1389
1390         * loader/NavigationAction.cpp:
1391         (WebCore::NavigationAction::NavigationAction):
1392         * loader/NavigationAction.h:
1393         (WebCore::NavigationAction::userGestureToken):
1394         (WebCore::NavigationAction::processingUserGesture):
1395         * loader/NavigationScheduler.cpp:
1396         (WebCore::ScheduledNavigation::ScheduledNavigation):
1397         (WebCore::ScheduledNavigation::~ScheduledNavigation):
1398         (WebCore::ScheduledNavigation::lockBackForwardList):
1399         (WebCore::ScheduledNavigation::wasDuringLoad):
1400         (WebCore::ScheduledNavigation::isLocationChange):
1401         (WebCore::ScheduledNavigation::userGestureToForward):
1402         (WebCore::ScheduledNavigation::clearUserGesture):
1403         (WebCore::NavigationScheduler::mustLockBackForwardList):
1404         (WebCore::NavigationScheduler::scheduleFormSubmission):
1405         (WebCore::ScheduledNavigation::wasUserGesture): Deleted.
1406         * page/DOMTimer.cpp:
1407         (WebCore::shouldForwardUserGesture):
1408         (WebCore::userGestureTokenToForward):
1409         (WebCore::DOMTimer::DOMTimer):
1410         (WebCore::DOMTimer::fired):
1411         * page/DOMTimer.h:
1412         * page/DOMWindow.cpp:
1413         (WebCore::PostMessageTimer::PostMessageTimer):
1414         Store the active UserGestureToken rather than just a bit.
1415
1416         * page/EventHandler.cpp:
1417         (WebCore::EventHandler::handleMousePressEvent):
1418         (WebCore::EventHandler::handleMouseDoubleClickEvent):
1419         (WebCore::EventHandler::handleMouseReleaseEvent):
1420         (WebCore::EventHandler::keyEvent):
1421         (WebCore::EventHandler::handleTouchEvent):
1422         * rendering/HitTestResult.cpp:
1423         (WebCore::HitTestResult::toggleMediaFullscreenState):
1424         (WebCore::HitTestResult::enterFullscreenForVideo):
1425         (WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
1426         Update for new UserGestureIndicator interface.
1427
1428 2016-07-17  Ryosuke Niwa  <rniwa@webkit.org>
1429
1430         Rename fastHasAttribute to hasAttributeWithoutSynchronization
1431         https://bugs.webkit.org/show_bug.cgi?id=159864
1432
1433         Reviewed by Chris Dumez.
1434
1435         Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.
1436
1437         * accessibility/AccessibilityListBoxOption.cpp:
1438         (WebCore::AccessibilityListBoxOption::isEnabled):
1439         * accessibility/AccessibilityObject.cpp:
1440         (WebCore::AccessibilityObject::hasAttribute):
1441         (WebCore::AccessibilityObject::getAttribute):
1442         * accessibility/AccessibilityRenderObject.cpp:
1443         (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
1444         * bindings/scripts/CodeGenerator.pm:
1445         (GetterExpression):
1446         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
1447         * bindings/scripts/test/JS/JSTestObj.cpp:
1448         (WebCore::jsTestObjReflectedBooleanAttr):
1449         (WebCore::jsTestObjReflectedCustomBooleanAttr):
1450         * bindings/scripts/test/ObjC/DOMTestObj.mm:
1451         (-[DOMTestObj reflectedBooleanAttr]):
1452         (-[DOMTestObj setReflectedBooleanAttr:]):
1453         (-[DOMTestObj reflectedCustomBooleanAttr]):
1454         (-[DOMTestObj setReflectedCustomBooleanAttr:]):
1455         * dom/Document.cpp:
1456         (WebCore::Document::hasManifest):
1457         (WebCore::Document::doctype):
1458         * dom/Element.h:
1459         (WebCore::Node::parentElement):
1460         (WebCore::Element::hasAttributeWithoutSynchronization):
1461         (WebCore::Element::fastHasAttribute): Deleted.
1462         * editing/ApplyStyleCommand.cpp:
1463         (WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):
1464         * editing/DeleteSelectionCommand.cpp:
1465         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
1466         * editing/markup.cpp:
1467         (WebCore::createMarkupInternal):
1468         * html/ColorInputType.cpp:
1469         (WebCore::ColorInputType::shouldShowSuggestions):
1470         * html/FileInputType.cpp:
1471         (WebCore::FileInputType::handleDOMActivateEvent):
1472         (WebCore::FileInputType::receiveDroppedFiles):
1473         * html/FormAssociatedElement.cpp:
1474         (WebCore::FormAssociatedElement::didMoveToNewDocument):
1475         (WebCore::FormAssociatedElement::insertedInto):
1476         (WebCore::FormAssociatedElement::removedFrom):
1477         (WebCore::FormAssociatedElement::formAttributeChanged):
1478         * html/FormController.cpp:
1479         (WebCore::ownerFormForState):
1480         * html/GenericCachedHTMLCollection.cpp:
1481         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
1482         * html/HTMLAnchorElement.cpp:
1483         (WebCore::HTMLAnchorElement::draggable):
1484         (WebCore::HTMLAnchorElement::href):
1485         (WebCore::HTMLAnchorElement::sendPings):
1486         * html/HTMLAppletElement.cpp:
1487         (WebCore::HTMLAppletElement::rendererIsNeeded):
1488         * html/HTMLElement.cpp:
1489         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
1490         (WebCore::elementAffectsDirectionality):
1491         (WebCore::setHasDirAutoFlagRecursively):
1492         * html/HTMLEmbedElement.cpp:
1493         (WebCore::HTMLEmbedElement::rendererIsNeeded):
1494         * html/HTMLFieldSetElement.cpp:
1495         (WebCore::updateFromControlElementsAncestorDisabledStateUnder):
1496         (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
1497         (WebCore::HTMLFieldSetElement::disabledStateChanged):
1498         (WebCore::HTMLFieldSetElement::childrenChanged):
1499         * html/HTMLFormControlElement.cpp:
1500         (WebCore::HTMLFormControlElement::formNoValidate):
1501         (WebCore::HTMLFormControlElement::formAction):
1502         (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
1503         (WebCore::shouldAutofocus):
1504         * html/HTMLFormElement.cpp:
1505         (WebCore::HTMLFormElement::formElementIndex):
1506         (WebCore::HTMLFormElement::noValidate):
1507         * html/HTMLFrameElement.cpp:
1508         (WebCore::HTMLFrameElement::noResize):
1509         (WebCore::HTMLFrameElement::didAttachRenderers):
1510         * html/HTMLFrameElementBase.cpp:
1511         (WebCore::HTMLFrameElementBase::parseAttribute):
1512         (WebCore::HTMLFrameElementBase::location):
1513         * html/HTMLHRElement.cpp:
1514         (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
1515         * html/HTMLImageElement.cpp:
1516         (WebCore::HTMLImageElement::isServerMap):
1517         * html/HTMLInputElement.cpp:
1518         (WebCore::HTMLInputElement::finishParsingChildren):
1519         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
1520         (WebCore::HTMLInputElement::isActivatedSubmit):
1521         (WebCore::HTMLInputElement::reset):
1522         (WebCore::HTMLInputElement::multiple):
1523         (WebCore::HTMLInputElement::setSize):
1524         (WebCore::HTMLInputElement::shouldUseMediaCapture):
1525         * html/HTMLMarqueeElement.cpp:
1526         (WebCore::HTMLMarqueeElement::minimumDelay):
1527         * html/HTMLMediaElement.cpp:
1528         (WebCore::HTMLMediaElement::insertedInto):
1529         (WebCore::HTMLMediaElement::selectMediaResource):
1530         (WebCore::HTMLMediaElement::loadResource):
1531         (WebCore::HTMLMediaElement::autoplay):
1532         (WebCore::HTMLMediaElement::preload):
1533         (WebCore::HTMLMediaElement::loop):
1534         (WebCore::HTMLMediaElement::setLoop):
1535         (WebCore::HTMLMediaElement::controls):
1536         (WebCore::HTMLMediaElement::setControls):
1537         (WebCore::HTMLMediaElement::muted):
1538         (WebCore::HTMLMediaElement::setMuted):
1539         (WebCore::HTMLMediaElement::selectNextSourceChild):
1540         (WebCore::HTMLMediaElement::sourceWasAdded):
1541         (WebCore::HTMLMediaElement::mediaSessionTitle):
1542         * html/HTMLObjectElement.cpp:
1543         (WebCore::HTMLObjectElement::parseAttribute):
1544         * html/HTMLOptGroupElement.cpp:
1545         (WebCore::HTMLOptGroupElement::isDisabledFormControl):
1546         (WebCore::HTMLOptGroupElement::isFocusable):
1547         * html/HTMLOptionElement.cpp:
1548         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
1549         (WebCore::HTMLOptionElement::text):
1550         * html/HTMLProgressElement.cpp:
1551         (WebCore::HTMLProgressElement::isDeterminate):
1552         (WebCore::HTMLProgressElement::didElementStateChange):
1553         * html/HTMLScriptElement.cpp:
1554         (WebCore::HTMLScriptElement::async):
1555         (WebCore::HTMLScriptElement::setCrossOrigin):
1556         (WebCore::HTMLScriptElement::asyncAttributeValue):
1557         (WebCore::HTMLScriptElement::deferAttributeValue):
1558         (WebCore::HTMLScriptElement::hasSourceAttribute):
1559         (WebCore::HTMLScriptElement::dispatchLoadEvent):
1560         * html/HTMLSelectElement.cpp:
1561         (WebCore::HTMLSelectElement::reset):
1562         * html/HTMLTrackElement.cpp:
1563         (WebCore::HTMLTrackElement::isDefault):
1564         (WebCore::HTMLTrackElement::ensureTrack):
1565         (WebCore::HTMLTrackElement::loadTimerFired):
1566         * html/MediaElementSession.cpp:
1567         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
1568         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
1569         (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading):
1570         * html/SearchInputType.cpp:
1571         (WebCore::SearchInputType::searchEventsShouldBeDispatched):
1572         (WebCore::SearchInputType::didSetValueByUserEdit):
1573         * inspector/InspectorDOMAgent.cpp:
1574         (WebCore::InspectorDOMAgent::buildObjectForNode):
1575         * loader/FrameLoader.cpp:
1576         (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
1577         (WebCore::FrameLoader::findFrameForNavigation):
1578         * loader/ImageLoader.cpp:
1579         (WebCore::ImageLoader::notifyFinished):
1580         * mathml/MathMLSelectElement.cpp:
1581         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
1582         * rendering/RenderTableCell.cpp:
1583         (WebCore::RenderTableCell::computePreferredLogicalWidths):
1584         * rendering/RenderThemeIOS.mm:
1585         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
1586         * rendering/SimpleLineLayout.cpp:
1587         (WebCore::SimpleLineLayout::canUseForWithReason):
1588         * rendering/svg/RenderSVGResourceClipper.cpp:
1589         (WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):
1590         * svg/SVGAnimateMotionElement.cpp:
1591         (WebCore::SVGAnimateMotionElement::updateAnimationPath):
1592         * svg/SVGAnimationElement.cpp:
1593         (WebCore::SVGAnimationElement::startedActiveInterval):
1594         (WebCore::SVGAnimationElement::updateAnimation):
1595         * svg/animation/SVGSMILElement.cpp:
1596         (WebCore::SVGSMILElement::insertedInto):
1597
1598 2016-07-17  Brady Eidson  <beidson@apple.com>
1599
1600         Exceptions logged to the JS console should use toString().
1601         https://bugs.webkit.org/show_bug.cgi?id=159855
1602
1603         Reviewed by Darin Adler.
1604
1605         No new tests (No change in behavior).
1606
1607         * bindings/js/JSDOMBinding.cpp:
1608         (WebCore::reportException):
1609
1610         * dom/DOMCoreException.h:
1611         (WebCore::DOMCoreException::DOMCoreException):
1612
1613         * dom/ExceptionBase.cpp:
1614         (WebCore::ExceptionBase::ExceptionBase):
1615         (WebCore::ExceptionBase::toString):
1616         (WebCore::ExceptionBase::consoleErrorMessage): Deleted.
1617         * dom/ExceptionBase.h:
1618         (WebCore::ExceptionBase::description): Deleted.
1619
1620         * svg/SVGException.h:
1621
1622         * xml/XPathException.h:
1623         (WebCore::XPathException::XPathException):
1624
1625 2016-07-17  Brady Eidson  <beidson@apple.com>
1626
1627         Update DOMCoreException to use the description in toString().
1628         https://bugs.webkit.org/show_bug.cgi?id=159857
1629
1630         Reviewed by Darin Adler.
1631
1632         No new tests (Covered by changes to existing tests).
1633
1634         * bindings/js/JSDOMBinding.cpp:
1635         (WebCore::createDOMException):
1636
1637         * dom/DOMCoreException.h:
1638         (WebCore::DOMCoreException::DOMCoreException):
1639         (WebCore::DOMCoreException::createWithDescriptionAsMessage): Deleted.
1640
1641 2016-07-17  Myles C. Maxfield  <mmaxfield@apple.com>
1642
1643         Support new emoji group candidates
1644         https://bugs.webkit.org/show_bug.cgi?id=159755
1645         <rdar://problem/27325521>
1646
1647         Reviewed by Dean Jackson.
1648
1649         There are a few code points which should be able to be joined (with ZWJ) to
1650         either U+2640 or U+2642 to change the gender of the emoji. These patterns
1651         should also work with an additional 0xFE0F variation selector. This patch
1652         adds these new patterns to our existing emoji group candidate infrastructure.
1653
1654         Tests: fast/text/emoji-gender-2-3.html
1655                fast/text/emoji-gender-2-4.html
1656                fast/text/emoji-gender-2-5.html
1657                fast/text/emoji-gender-2-6.html
1658                fast/text/emoji-gender-2-7.html
1659                fast/text/emoji-gender-2-8.html
1660                fast/text/emoji-gender-2-9.html
1661                fast/text/emoji-gender-2.html
1662                fast/text/emoji-gender-3.html
1663                fast/text/emoji-gender-4.html
1664                fast/text/emoji-gender-5.html
1665                fast/text/emoji-gender-6.html
1666                fast/text/emoji-gender-7.html
1667                fast/text/emoji-gender-8.html
1668                fast/text/emoji-gender-9.html
1669                fast/text/emoji-gender-fe0f-3.html
1670                fast/text/emoji-gender-fe0f-4.html
1671                fast/text/emoji-gender-fe0f-5.html
1672                fast/text/emoji-gender-fe0f-6.html
1673                fast/text/emoji-gender-fe0f-7.html
1674                fast/text/emoji-gender-fe0f-8.html
1675                fast/text/emoji-gender-fe0f-9.html
1676                fast/text/emoji-gender.html
1677                fast/text/emoji-num-glyphs.html
1678                fast/text/emoji-single-parent-family-2.html
1679                fast/text/emoji-single-parent-family.html
1680
1681         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
1682         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
1683         * platform/graphics/FontCascade.cpp:
1684         (WebCore::FontCascade::characterRangeCodePath):
1685         * platform/text/CharacterProperties.h:
1686         (WebCore::isEmojiGroupCandidate):
1687
1688 2016-07-16  Brady Eidson  <beidson@apple.com>
1689
1690         Update SVGException to use the description in toString().
1691         https://bugs.webkit.org/show_bug.cgi?id=159847
1692
1693         Reviewed by Darin Adler.
1694
1695         No new tests (Covered by changes to existing tests).
1696
1697         * bindings/js/JSDOMBinding.cpp:
1698         (WebCore::reportException): use consoleErrorMessage for now.
1699
1700         * dom/ExceptionBase.cpp:
1701         (WebCore::ExceptionBase::consoleErrorMessage):
1702         * dom/ExceptionBase.h:
1703
1704         * svg/SVGException.h:
1705
1706 2016-07-16  Chris Dumez  <cdumez@apple.com>
1707
1708         Use fastHasAttribute() when possible
1709         https://bugs.webkit.org/show_bug.cgi?id=159838
1710
1711         Reviewed by Ryosuke Niwa.
1712
1713         Use fastHasAttribute() when possible, for performance.
1714
1715         * editing/DeleteSelectionCommand.cpp:
1716         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
1717         * editing/markup.cpp:
1718         (WebCore::createMarkupInternal):
1719         * html/HTMLAnchorElement.cpp:
1720         (WebCore::HTMLAnchorElement::draggable):
1721         * html/HTMLFrameElementBase.cpp:
1722         (WebCore::HTMLFrameElementBase::parseAttribute):
1723         * mathml/MathMLSelectElement.cpp:
1724         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
1725         * rendering/RenderThemeIOS.mm:
1726         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
1727
1728 2016-07-16  Ryosuke Niwa  <rniwa@webkit.org>
1729
1730         Rename fastGetAttribute to attributeWithoutSynchronization
1731         https://bugs.webkit.org/show_bug.cgi?id=159852
1732
1733         Reviewed by Darin Adler.
1734
1735         Renamed fastGetAttribute to attributeWithoutSynchronization for clarity.
1736
1737         * accessibility/AXObjectCache.cpp:
1738         (WebCore::AXObjectCache::findAriaModalNodes):
1739         (WebCore::nodeHasRole):
1740         (WebCore::AXObjectCache::handleLiveRegionCreated):
1741         (WebCore::AXObjectCache::handleMenuItemSelected):
1742         (WebCore::AXObjectCache::handleAriaModalChange):
1743         (WebCore::isNodeAriaVisible):
1744         * accessibility/AccessibilityNodeObject.cpp:
1745         (WebCore::siblingWithAriaRole):
1746         (WebCore::AccessibilityNodeObject::titleElementText):
1747         (WebCore::AccessibilityNodeObject::alternativeTextForWebArea):
1748         (WebCore::AccessibilityNodeObject::hierarchicalLevel):
1749         (WebCore::AccessibilityNodeObject::stringValue):
1750         (WebCore::accessibleNameForNode):
1751         * accessibility/AccessibilityObject.cpp:
1752         (WebCore::AccessibilityObject::contentEditableAttributeIsEnabled):
1753         (WebCore::AccessibilityObject::getAttribute):
1754         * accessibility/AccessibilityRenderObject.cpp:
1755         (WebCore::AccessibilityRenderObject::stringValue):
1756         (WebCore::AccessibilityRenderObject::exposesTitleUIElement):
1757         * accessibility/AccessibilitySVGElement.cpp:
1758         (WebCore::AccessibilitySVGElement::childElementWithMatchingLanguage):
1759         (WebCore::AccessibilitySVGElement::accessibilityDescription):
1760         * bindings/objc/DOM.mm:
1761         (-[DOMHTMLLinkElement _mediaQueryMatches]):
1762         * bindings/scripts/CodeGenerator.pm:
1763         (GetterExpression):
1764         * bindings/scripts/CodeGeneratorObjC.pm:
1765         (GenerateImplementation):
1766         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
1767         * bindings/scripts/test/JS/JSTestObj.cpp:
1768         (WebCore::jsTestObjReflectedStringAttr):
1769         * dom/AuthorStyleSheets.cpp:
1770         (WebCore::AuthorStyleSheets::collectActiveStyleSheets):
1771         * dom/Document.cpp:
1772         (WebCore::Document::buildAccessKeyMap):
1773         (WebCore::Document::processBaseElement):
1774         * dom/DocumentOrderedMap.cpp:
1775         (WebCore::DocumentOrderedMap::getElementByLabelForAttribute):
1776         * dom/Element.cpp:
1777         (WebCore::Element::imageSourceURL):
1778         (WebCore::Element::rendererIsNeeded):
1779         (WebCore::Element::insertedInto):
1780         (WebCore::Element::removedFrom):
1781         (WebCore::Element::pseudo):
1782         (WebCore::Element::setPseudo):
1783         (WebCore::Element::spellcheckAttributeState):
1784         (WebCore::Element::canContainRangeEndPoint):
1785         (WebCore::Element::completeURLsInAttributeValue):
1786         * dom/Element.h:
1787         (WebCore::Element::fastHasAttribute):
1788         (WebCore::Element::attributeWithoutSynchronization):
1789         (WebCore::Element::fastGetAttribute): Deleted.
1790         * dom/InlineStyleSheetOwner.cpp:
1791         (WebCore::InlineStyleSheetOwner::createSheet):
1792         * dom/ScriptElement.cpp:
1793         (WebCore::ScriptElement::requestScript):
1794         (WebCore::ScriptElement::executeScript):
1795         * dom/SlotAssignment.cpp:
1796         (WebCore::slotNameFromSlotAttribute):
1797         (WebCore::SlotAssignment::SlotAssignment):
1798         (WebCore::recursivelyFireSlotChangeEvent):
1799         (WebCore::SlotAssignment::didChangeSlot):
1800         (WebCore::SlotAssignment::hostChildElementDidChange):
1801         (WebCore::SlotAssignment::assignedNodesForSlot):
1802         (WebCore::SlotAssignment::resolveAllSlotElements):
1803         * dom/TreeScope.cpp:
1804         (WebCore::TreeScope::labelElementForId):
1805         * dom/VisitedLinkState.cpp:
1806         (WebCore::linkAttribute):
1807         * editing/ApplyStyleCommand.cpp:
1808         (WebCore::isLegacyAppleStyleSpan):
1809         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
1810         * editing/EditingStyle.cpp:
1811         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
1812         * editing/ReplaceSelectionCommand.cpp:
1813         (WebCore::isInterchangeNewlineNode):
1814         (WebCore::isInterchangeConvertedSpaceSpan):
1815         (WebCore::positionAvoidingPrecedingNodes):
1816         (WebCore::isMailPasteAsQuotationNode):
1817         (WebCore::isHeaderElement):
1818         (WebCore::isInlineNodeWithStyle):
1819         * editing/TextIterator.cpp:
1820         (WebCore::isRendererReplacedElement):
1821         * editing/cocoa/DataDetection.mm:
1822         (WebCore::DataDetection::isDataDetectorLink):
1823         (WebCore::DataDetection::requiresExtendedContext):
1824         (WebCore::DataDetection::dataDetectorIdentifier):
1825         (WebCore::DataDetection::shouldCancelDefaultAction):
1826         (WebCore::removeResultLinksFromAnchor):
1827         (WebCore::searchForLinkRemovingExistingDDLinks):
1828         * editing/gtk/EditorGtk.cpp:
1829         (WebCore::elementURL):
1830         * editing/htmlediting.cpp:
1831         (WebCore::isTabSpanNode):
1832         (WebCore::isTabSpanTextNode):
1833         (WebCore::isMailBlockquote):
1834         (WebCore::caretMinOffset):
1835         * editing/markup.cpp:
1836         (WebCore::createFragmentFromMarkup):
1837         * html/Autofill.cpp:
1838         (WebCore::AutofillData::createFromHTMLFormControlElement):
1839         * html/BaseTextInputType.cpp:
1840         (WebCore::BaseTextInputType::patternMismatch):
1841         * html/DateInputType.cpp:
1842         (WebCore::DateInputType::createStepRange):
1843         * html/DateTimeInputType.cpp:
1844         (WebCore::DateTimeInputType::createStepRange):
1845         * html/DateTimeLocalInputType.cpp:
1846         (WebCore::DateTimeLocalInputType::createStepRange):
1847         * html/FormAssociatedElement.cpp:
1848         (WebCore::FormAssociatedElement::findAssociatedForm):
1849         (WebCore::FormAssociatedElement::resetFormAttributeTargetObserver):
1850         (WebCore::FormAssociatedElement::formAttributeTargetChanged):
1851         * html/HTMLAnchorElement.cpp:
1852         (WebCore::HTMLAnchorElement::draggable):
1853         (WebCore::HTMLAnchorElement::href):
1854         (WebCore::HTMLAnchorElement::setHref):
1855         (WebCore::HTMLAnchorElement::target):
1856         (WebCore::HTMLAnchorElement::origin):
1857         (WebCore::HTMLAnchorElement::sendPings):
1858         (WebCore::HTMLAnchorElement::handleClick):
1859         * html/HTMLAnchorElement.h:
1860         (WebCore::HTMLAnchorElement::visitedLinkHash):
1861         * html/HTMLAppletElement.cpp:
1862         (WebCore::HTMLAppletElement::updateWidget):
1863         * html/HTMLAreaElement.cpp:
1864         (WebCore::HTMLAreaElement::target):
1865         * html/HTMLAttachmentElement.cpp:
1866         (WebCore::HTMLAttachmentElement::attachmentTitle):
1867         (WebCore::HTMLAttachmentElement::attachmentType):
1868         * html/HTMLBaseElement.cpp:
1869         (WebCore::HTMLBaseElement::target):
1870         (WebCore::HTMLBaseElement::href):
1871         * html/HTMLBodyElement.cpp:
1872         (WebCore::HTMLBodyElement::addSubresourceAttributeURLs):
1873         * html/HTMLButtonElement.cpp:
1874         (WebCore::HTMLButtonElement::value):
1875         (WebCore::HTMLButtonElement::computeWillValidate):
1876         * html/HTMLCanvasElement.cpp:
1877         (WebCore::HTMLCanvasElement::reset):
1878         * html/HTMLDocument.cpp:
1879         (WebCore::HTMLDocument::bgColor):
1880         (WebCore::HTMLDocument::setBgColor):
1881         (WebCore::HTMLDocument::fgColor):
1882         (WebCore::HTMLDocument::setFgColor):
1883         (WebCore::HTMLDocument::alinkColor):
1884         (WebCore::HTMLDocument::setAlinkColor):
1885         (WebCore::HTMLDocument::linkColor):
1886         (WebCore::HTMLDocument::setLinkColor):
1887         (WebCore::HTMLDocument::vlinkColor):
1888         (WebCore::HTMLDocument::setVlinkColor):
1889         * html/HTMLElement.cpp:
1890         (WebCore::contentEditableType):
1891         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
1892         (WebCore::HTMLElement::dir):
1893         (WebCore::HTMLElement::setDir):
1894         (WebCore::HTMLElement::draggable):
1895         (WebCore::HTMLElement::setDraggable):
1896         (WebCore::HTMLElement::title):
1897         (WebCore::HTMLElement::tabIndex):
1898         (WebCore::HTMLElement::translateAttributeMode):
1899         (WebCore::HTMLElement::hasDirectionAuto):
1900         (WebCore::HTMLElement::directionality):
1901         * html/HTMLEmbedElement.cpp:
1902         (WebCore::HTMLEmbedElement::imageSourceURL):
1903         (WebCore::HTMLEmbedElement::addSubresourceAttributeURLs):
1904         * html/HTMLFormControlElement.cpp:
1905         (WebCore::HTMLFormControlElement::formEnctype):
1906         (WebCore::HTMLFormControlElement::formMethod):
1907         (WebCore::HTMLFormControlElement::formAction):
1908         (WebCore::HTMLFormControlElement::autocorrect):
1909         (WebCore::HTMLFormControlElement::autocapitalizeType):
1910         * html/HTMLFormElement.cpp:
1911         (WebCore::HTMLFormElement::autocorrect):
1912         (WebCore::HTMLFormElement::autocapitalizeType):
1913         (WebCore::HTMLFormElement::autocapitalize):
1914         (WebCore::HTMLFormElement::action):
1915         (WebCore::HTMLFormElement::setAction):
1916         (WebCore::HTMLFormElement::target):
1917         (WebCore::HTMLFormElement::wasUserSubmitted):
1918         (WebCore::HTMLFormElement::shouldAutocomplete):
1919         (WebCore::HTMLFormElement::finishParsingChildren):
1920         (WebCore::HTMLFormElement::autocomplete):
1921         * html/HTMLFrameElementBase.cpp:
1922         (WebCore::HTMLFrameElementBase::location):
1923         (WebCore::HTMLFrameElementBase::setLocation):
1924         * html/HTMLHtmlElement.cpp:
1925         (WebCore::HTMLHtmlElement::insertedByParser):
1926         * html/HTMLImageElement.cpp:
1927         (WebCore::HTMLImageElement::imageSourceURL):
1928         (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
1929         (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
1930         (WebCore::HTMLImageElement::selectImageSource):
1931         (WebCore::HTMLImageElement::altText):
1932         (WebCore::HTMLImageElement::createElementRenderer):
1933         (WebCore::HTMLImageElement::width):
1934         (WebCore::HTMLImageElement::height):
1935         (WebCore::HTMLImageElement::alt):
1936         (WebCore::HTMLImageElement::draggable):
1937         (WebCore::HTMLImageElement::setHeight):
1938         (WebCore::HTMLImageElement::src):
1939         (WebCore::HTMLImageElement::setSrc):
1940         (WebCore::HTMLImageElement::addSubresourceAttributeURLs):
1941         (WebCore::HTMLImageElement::didMoveToNewDocument):
1942         (WebCore::HTMLImageElement::isServerMap):
1943         (WebCore::HTMLImageElement::crossOrigin):
1944         * html/HTMLInputElement.cpp:
1945         (WebCore::HTMLInputElement::updateType):
1946         (WebCore::HTMLInputElement::initializeInputType):
1947         (WebCore::HTMLInputElement::altText):
1948         (WebCore::HTMLInputElement::value):
1949         (WebCore::HTMLInputElement::defaultValue):
1950         (WebCore::HTMLInputElement::setDefaultValue):
1951         (WebCore::HTMLInputElement::acceptMIMETypes):
1952         (WebCore::HTMLInputElement::acceptFileExtensions):
1953         (WebCore::HTMLInputElement::accept):
1954         (WebCore::HTMLInputElement::alt):
1955         (WebCore::HTMLInputElement::effectiveMaxLength):
1956         (WebCore::HTMLInputElement::src):
1957         (WebCore::HTMLInputElement::setAutoFilled):
1958         (WebCore::HTMLInputElement::dataList):
1959         (WebCore::HTMLInputElement::resetListAttributeTargetObserver):
1960         * html/HTMLKeygenElement.cpp:
1961         (WebCore::HTMLKeygenElement::isKeytypeRSA):
1962         (WebCore::HTMLKeygenElement::appendFormData):
1963         * html/HTMLLIElement.cpp:
1964         (WebCore::HTMLLIElement::didAttachRenderers):
1965         (WebCore::HTMLLIElement::parseValue):
1966         * html/HTMLLabelElement.cpp:
1967         (WebCore::HTMLLabelElement::control):
1968         * html/HTMLLinkElement.cpp:
1969         (WebCore::HTMLLinkElement::crossOrigin):
1970         (WebCore::HTMLLinkElement::process):
1971         (WebCore::HTMLLinkElement::href):
1972         (WebCore::HTMLLinkElement::rel):
1973         (WebCore::HTMLLinkElement::target):
1974         (WebCore::HTMLLinkElement::type):
1975         (WebCore::HTMLLinkElement::iconType):
1976         * html/HTMLMarqueeElement.cpp:
1977         (WebCore::HTMLMarqueeElement::scrollAmount):
1978         (WebCore::HTMLMarqueeElement::setScrollAmount):
1979         (WebCore::HTMLMarqueeElement::scrollDelay):
1980         (WebCore::HTMLMarqueeElement::setScrollDelay):
1981         (WebCore::HTMLMarqueeElement::loop):
1982         * html/HTMLMediaElement.cpp:
1983         (WebCore::HTMLMediaElement::insertedInto):
1984         (WebCore::HTMLMediaElement::crossOrigin):
1985         (WebCore::HTMLMediaElement::networkState):
1986         (WebCore::HTMLMediaElement::mediaSessionTitle):
1987         (WebCore::HTMLMediaElement::doesHaveAttribute):
1988         * html/HTMLMetaElement.cpp:
1989         (WebCore::HTMLMetaElement::process):
1990         (WebCore::HTMLMetaElement::content):
1991         (WebCore::HTMLMetaElement::httpEquiv):
1992         (WebCore::HTMLMetaElement::name):
1993         * html/HTMLMeterElement.cpp:
1994         (WebCore::HTMLMeterElement::min):
1995         (WebCore::HTMLMeterElement::setMin):
1996         (WebCore::HTMLMeterElement::max):
1997         (WebCore::HTMLMeterElement::setMax):
1998         (WebCore::HTMLMeterElement::value):
1999         (WebCore::HTMLMeterElement::low):
2000         (WebCore::HTMLMeterElement::high):
2001         (WebCore::HTMLMeterElement::optimum):
2002         * html/HTMLObjectElement.cpp:
2003         (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk):
2004         (WebCore::HTMLObjectElement::hasValidClassId):
2005         (WebCore::HTMLObjectElement::imageSourceURL):
2006         (WebCore::HTMLObjectElement::renderFallbackContent):
2007         (WebCore::HTMLObjectElement::containsJavaApplet):
2008         (WebCore::HTMLObjectElement::addSubresourceAttributeURLs):
2009         * html/HTMLOptGroupElement.cpp:
2010         (WebCore::HTMLOptGroupElement::groupLabelText):
2011         * html/HTMLOptionElement.cpp:
2012         (WebCore::HTMLOptionElement::value):
2013         (WebCore::HTMLOptionElement::label):
2014         * html/HTMLParamElement.cpp:
2015         (WebCore::HTMLParamElement::value):
2016         (WebCore::HTMLParamElement::isURLParameter):
2017         * html/HTMLProgressElement.cpp:
2018         (WebCore::HTMLProgressElement::value):
2019         (WebCore::HTMLProgressElement::max):
2020         * html/HTMLScriptElement.cpp:
2021         (WebCore::HTMLScriptElement::crossOrigin):
2022         (WebCore::HTMLScriptElement::src):
2023         (WebCore::HTMLScriptElement::sourceAttributeValue):
2024         (WebCore::HTMLScriptElement::charsetAttributeValue):
2025         (WebCore::HTMLScriptElement::typeAttributeValue):
2026         (WebCore::HTMLScriptElement::languageAttributeValue):
2027         (WebCore::HTMLScriptElement::forAttributeValue):
2028         (WebCore::HTMLScriptElement::eventAttributeValue):
2029         (WebCore::HTMLScriptElement::asyncAttributeValue):
2030         * html/HTMLSlotElement.cpp:
2031         (WebCore::HTMLSlotElement::insertedInto):
2032         (WebCore::HTMLSlotElement::removedFrom):
2033         * html/HTMLSourceElement.cpp:
2034         (WebCore::HTMLSourceElement::media):
2035         (WebCore::HTMLSourceElement::setMedia):
2036         (WebCore::HTMLSourceElement::type):
2037         (WebCore::HTMLSourceElement::setType):
2038         * html/HTMLTableCellElement.cpp:
2039         (WebCore::HTMLTableCellElement::colSpanForBindings):
2040         (WebCore::HTMLTableCellElement::rowSpan):
2041         (WebCore::HTMLTableCellElement::rowSpanForBindings):
2042         (WebCore::HTMLTableCellElement::cellIndex):
2043         (WebCore::HTMLTableCellElement::abbr):
2044         (WebCore::HTMLTableCellElement::axis):
2045         (WebCore::HTMLTableCellElement::setColSpanForBindings):
2046         (WebCore::HTMLTableCellElement::headers):
2047         (WebCore::HTMLTableCellElement::setRowSpanForBindings):
2048         (WebCore::HTMLTableCellElement::scope):
2049         (WebCore::HTMLTableCellElement::addSubresourceAttributeURLs):
2050         (WebCore::HTMLTableCellElement::cellAbove):
2051         * html/HTMLTableColElement.cpp:
2052         (WebCore::HTMLTableColElement::width):
2053         * html/HTMLTableElement.cpp:
2054         (WebCore::HTMLTableElement::rules):
2055         (WebCore::HTMLTableElement::summary):
2056         (WebCore::HTMLTableElement::addSubresourceAttributeURLs):
2057         * html/HTMLTableSectionElement.cpp:
2058         (WebCore::HTMLTableSectionElement::align):
2059         (WebCore::HTMLTableSectionElement::setAlign):
2060         (WebCore::HTMLTableSectionElement::ch):
2061         (WebCore::HTMLTableSectionElement::setCh):
2062         (WebCore::HTMLTableSectionElement::chOff):
2063         (WebCore::HTMLTableSectionElement::setChOff):
2064         (WebCore::HTMLTableSectionElement::vAlign):
2065         (WebCore::HTMLTableSectionElement::setVAlign):
2066         * html/HTMLTextAreaElement.cpp:
2067         (WebCore::HTMLTextAreaElement::appendFormData):
2068         * html/HTMLTextFormControlElement.cpp:
2069         (WebCore::HTMLTextFormControlElement::strippedPlaceholder):
2070         (WebCore::HTMLTextFormControlElement::isPlaceholderEmpty):
2071         (WebCore::HTMLTextFormControlElement::directionForFormData):
2072         * html/HTMLTrackElement.cpp:
2073         (WebCore::HTMLTrackElement::srclang):
2074         (WebCore::HTMLTrackElement::label):
2075         (WebCore::HTMLTrackElement::isDefault):
2076         (WebCore::HTMLTrackElement::ensureTrack):
2077         (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
2078         * html/HTMLVideoElement.cpp:
2079         (WebCore::HTMLVideoElement::parseAttribute):
2080         (WebCore::HTMLVideoElement::imageSourceURL):
2081         * html/ImageInputType.cpp:
2082         (WebCore::ImageInputType::height):
2083         (WebCore::ImageInputType::width):
2084         * html/InputType.cpp:
2085         (WebCore::InputType::applyStep):
2086         * html/MediaElementSession.cpp:
2087         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
2088         * html/MonthInputType.cpp:
2089         (WebCore::MonthInputType::createStepRange):
2090         * html/NumberInputType.cpp:
2091         (WebCore::NumberInputType::createStepRange):
2092         (WebCore::NumberInputType::sizeShouldIncludeDecoration):
2093         * html/RangeInputType.cpp:
2094         (WebCore::RangeInputType::createStepRange):
2095         (WebCore::RangeInputType::handleKeydownEvent):
2096         * html/TextFieldInputType.cpp:
2097         (WebCore::TextFieldInputType::appendFormData):
2098         (WebCore::TextFieldInputType::updateAutoFillButton):
2099         * html/TimeInputType.cpp:
2100         (WebCore::TimeInputType::createStepRange):
2101         * html/ValidationMessage.cpp:
2102         (WebCore::ValidationMessage::updateValidationMessage):
2103         * html/WeekInputType.cpp:
2104         (WebCore::WeekInputType::createStepRange):
2105         * html/track/WebVTTElement.cpp:
2106         (WebCore::WebVTTElement::createEquivalentHTMLElement):
2107         * inspector/InspectorPageAgent.cpp:
2108         (WebCore::InspectorPageAgent::buildObjectForFrame):
2109         * loader/FormSubmission.cpp:
2110         (WebCore::FormSubmission::create):
2111         * loader/FrameLoader.cpp:
2112         (WebCore::FrameLoader::defaultSubstituteDataForURL):
2113         * loader/ImageLoader.cpp:
2114         (WebCore::ImageLoader::updateFromElement):
2115         * loader/SubframeLoader.cpp:
2116         (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy):
2117         * mathml/MathMLElement.cpp:
2118         (WebCore::MathMLElement::colSpan):
2119         (WebCore::MathMLElement::rowSpan):
2120         (WebCore::MathMLElement::childShouldCreateRenderer):
2121         (WebCore::MathMLElement::defaultEventHandler):
2122         (WebCore::MathMLElement::cachedMathMLLength):
2123         * mathml/MathMLFractionElement.cpp:
2124         (WebCore::MathMLFractionElement::lineThickness):
2125         (WebCore::MathMLFractionElement::cachedFractionAlignment):
2126         * mathml/MathMLSelectElement.cpp:
2127         (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
2128         (WebCore::MathMLSelectElement::getSelectedActionChild):
2129         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2130         (WebCore::MathMLSelectElement::defaultEventHandler):
2131         (WebCore::MathMLSelectElement::willRespondToMouseClickEvents):
2132         (WebCore::MathMLSelectElement::toggle):
2133         * page/EventHandler.cpp:
2134         (WebCore::findDropZone):
2135         * page/Frame.cpp:
2136         (WebCore::Frame::matchLabelsAgainstElement):
2137         * page/PageSerializer.cpp:
2138         (WebCore::PageSerializer::serializeFrame):
2139         * platform/win/PasteboardWin.cpp:
2140         (WebCore::Pasteboard::writeImageToDataObject):
2141         * rendering/HitTestResult.cpp:
2142         (WebCore::HitTestResult::altDisplayString):
2143         * rendering/RenderDetailsMarker.cpp:
2144         (WebCore::RenderDetailsMarker::isOpen):
2145         * rendering/RenderImage.cpp:
2146         (WebCore::RenderImage::imageMap):
2147         (WebCore::RenderImage::nodeAtPoint):
2148         * rendering/RenderMenuList.cpp:
2149         (RenderMenuList::itemAccessibilityText):
2150         (RenderMenuList::itemToolTip):
2151         * rendering/RenderSearchField.cpp:
2152         (WebCore::RenderSearchField::autosaveName):
2153         * rendering/RenderThemeIOS.mm:
2154         (WebCore::getAttachmentProgress):
2155         (WebCore::AttachmentInfo::AttachmentInfo):
2156         * rendering/RenderThemeMac.mm:
2157         (WebCore::AttachmentLayout::layOutSubtitle):
2158         (WebCore::RenderThemeMac::paintAttachment):
2159         * rendering/mathml/MathMLStyle.cpp:
2160         (WebCore::MathMLStyle::resolveMathMLStyle):
2161         * rendering/mathml/RenderMathMLFenced.cpp:
2162         (WebCore::RenderMathMLFenced::updateFromElement):
2163         * rendering/mathml/RenderMathMLOperator.cpp:
2164         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
2165         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttributeValue):
2166         (WebCore::RenderMathMLOperator::setOperatorProperties):
2167         * rendering/mathml/RenderMathMLScripts.cpp:
2168         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
2169         * rendering/mathml/RenderMathMLUnderOver.cpp:
2170         (WebCore::RenderMathMLUnderOver::hasAccent):
2171         * style/StyleSharingResolver.cpp:
2172         (WebCore::Style::SharingResolver::canShareStyleWithElement):
2173         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
2174         * svg/SVGAElement.cpp:
2175         (WebCore::SVGAElement::title):
2176         (WebCore::SVGAElement::defaultEventHandler):
2177         * svg/SVGAltGlyphElement.cpp:
2178         (WebCore::SVGAltGlyphElement::glyphRef):
2179         (WebCore::SVGAltGlyphElement::setFormat):
2180         (WebCore::SVGAltGlyphElement::format):
2181         (WebCore::SVGAltGlyphElement::childShouldCreateRenderer):
2182         * svg/SVGAnimationElement.cpp:
2183         (WebCore::SVGAnimationElement::toValue):
2184         (WebCore::SVGAnimationElement::byValue):
2185         (WebCore::SVGAnimationElement::fromValue):
2186         (WebCore::SVGAnimationElement::isAdditive):
2187         (WebCore::SVGAnimationElement::isAccumulated):
2188         * svg/SVGElement.cpp:
2189         (WebCore::SVGElement::xmlbase):
2190         (WebCore::SVGElement::setXmlbase):
2191         * svg/SVGFontFaceElement.cpp:
2192         (WebCore::SVGFontFaceElement::unitsPerEm):
2193         (WebCore::SVGFontFaceElement::xHeight):
2194         (WebCore::SVGFontFaceElement::capHeight):
2195         (WebCore::SVGFontFaceElement::horizontalOriginX):
2196         (WebCore::SVGFontFaceElement::horizontalOriginY):
2197         (WebCore::SVGFontFaceElement::horizontalAdvanceX):
2198         (WebCore::SVGFontFaceElement::verticalOriginX):
2199         (WebCore::SVGFontFaceElement::verticalOriginY):
2200         (WebCore::SVGFontFaceElement::verticalAdvanceY):
2201         (WebCore::SVGFontFaceElement::ascent):
2202         (WebCore::SVGFontFaceElement::descent):
2203         * svg/SVGFontFaceNameElement.cpp:
2204         (WebCore::SVGFontFaceNameElement::srcValue):
2205         * svg/SVGFontFaceUriElement.cpp:
2206         (WebCore::SVGFontFaceUriElement::srcValue):
2207         * svg/SVGGlyphRefElement.cpp:
2208         (WebCore::SVGGlyphRefElement::glyphRef):
2209         (WebCore::SVGGlyphRefElement::setGlyphRef):
2210         * svg/SVGHKernElement.cpp:
2211         (WebCore::SVGHKernElement::buildHorizontalKerningPair):
2212         * svg/SVGSVGElement.cpp:
2213         (WebCore::SVGSVGElement::contentScriptType):
2214         (WebCore::SVGSVGElement::contentStyleType):
2215         * svg/SVGStyleElement.cpp:
2216         (WebCore::SVGStyleElement::media):
2217         (WebCore::SVGStyleElement::title):
2218         (WebCore::SVGStyleElement::setTitle):
2219         * svg/SVGToOTFFontConversion.cpp:
2220         (WebCore::SVGToOTFFontConverter::appendOS2Table):
2221         (WebCore::SVGToOTFFontConverter::appendCFFTable):
2222         (WebCore::SVGToOTFFontConverter::appendArabicReplacementSubtable):
2223         (WebCore::SVGToOTFFontConverter::appendVORGTable):
2224         (WebCore::SVGToOTFFontConverter::transcodeGlyphPaths):
2225         (WebCore::SVGToOTFFontConverter::processGlyphElement):
2226         (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically):
2227         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
2228         * svg/SVGVKernElement.cpp:
2229         (WebCore::SVGVKernElement::buildVerticalKerningPair):
2230         * svg/animation/SVGSMILElement.cpp:
2231         (WebCore::SVGSMILElement::insertedInto):
2232         (WebCore::SVGSMILElement::parseAttribute):
2233         (WebCore::SVGSMILElement::svgAttributeChanged):
2234         (WebCore::SVGSMILElement::restart):
2235         (WebCore::SVGSMILElement::fill):
2236         (WebCore::SVGSMILElement::dur):
2237         (WebCore::SVGSMILElement::repeatDur):
2238         (WebCore::SVGSMILElement::repeatCount):
2239         (WebCore::SVGSMILElement::maxValue):
2240         (WebCore::SVGSMILElement::minValue):
2241
2242 2016-07-16  Carlos Garcia Campos  <cgarcia@igalia.com>
2243
2244         ASSERTION FAILED: isMainThread() in ~UniqueIDBDatabase() since r201997
2245         https://bugs.webkit.org/show_bug.cgi?id=159809
2246
2247         Reviewed by Brady Eidson.
2248
2249         In r201997 the UniqueIDBDatabase was protected in executeNextDatabaseTask() because the last reference could be
2250         removed while the task is performed. However UniqueIDBDatabase is expected to be deleted in the main thread, and
2251         the destructor asserts when not called in the main thread, but executeNextDatabaseTask() is always called on a
2252         secondary thread. So, if the protector contains the last reference, the object is deleted in the secondary thread.
2253
2254         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
2255         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask): Use callOnMainThread to ensure the object is
2256         deleted in the main thread in case the protector contains the last reference.
2257
2258 2016-07-15  Chris Dumez  <cdumez@apple.com>
2259
2260         Use emptyString() / nullAtom when possible
2261         https://bugs.webkit.org/show_bug.cgi?id=159850
2262
2263         Reviewed by Ryosuke Niwa.
2264
2265         Use emptyString() / nullAtom when possible, for performance.
2266
2267         * Modules/webaudio/AudioNode.cpp:
2268         (WebCore::AudioNode::channelCountMode):
2269         (WebCore::AudioNode::channelInterpretation):
2270         * Modules/webdatabase/DatabaseTracker.cpp:
2271         (WebCore::DatabaseTracker::tracker):
2272         * Modules/websockets/WebSocket.cpp:
2273         (WebCore::WebSocket::WebSocket):
2274         (WebCore::WebSocket::didConnect):
2275         * Modules/websockets/WebSocketChannel.cpp:
2276         (WebCore::WebSocketChannel::subprotocol):
2277         (WebCore::WebSocketChannel::extensions):
2278         * accessibility/AccessibilityObject.cpp:
2279         (WebCore::AccessibilityObject::supportsPressAction):
2280         * accessibility/mac/AXObjectCacheMac.mm:
2281         (WebCore::AXObjectCache::postTextStateChangePlatformNotification):
2282         * css/CSSPropertySourceData.cpp:
2283         (WebCore::CSSPropertySourceData::CSSPropertySourceData):
2284         * css/PageRuleCollector.cpp:
2285         (WebCore::PageRuleCollector::pageName):
2286         * css/PropertySetCSSStyleDeclaration.cpp:
2287         (WebCore::PropertySetCSSStyleDeclaration::getPropertyPriority):
2288         * dom/DocumentMarkerController.cpp:
2289         (WebCore::DocumentMarkerController::addDictationPhraseWithAlternativesMarker):
2290         * dom/Element.cpp:
2291         (WebCore::Element::setPrefix):
2292         * editing/AlternativeTextController.cpp:
2293         (WebCore::AlternativeTextController::respondToMarkerAtEndOfWord):
2294         (WebCore::AlternativeTextController::markerDescriptionForAppliedAlternativeText):
2295         * editing/CompositeEditCommand.cpp:
2296         (WebCore::CompositeEditCommand::removeNodeAttribute):
2297         (WebCore::CompositeEditCommand::moveParagraphs):
2298         * editing/InsertTextCommand.cpp:
2299         (WebCore::InsertTextCommand::positionInsideTextNode):
2300         * editing/TextCheckingHelper.cpp:
2301         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
2302         * editing/TypingCommand.cpp:
2303         (WebCore::TypingCommand::deleteSelection):
2304         (WebCore::TypingCommand::deleteKeyPressed):
2305         (WebCore::TypingCommand::forwardDeleteKeyPressed):
2306         (WebCore::TypingCommand::insertLineBreak):
2307         (WebCore::TypingCommand::insertParagraphSeparator):
2308         * editing/cocoa/EditorCocoa.mm:
2309         (WebCore::Editor::styleForSelectionStart):
2310         * editing/mac/EditorMac.mm:
2311         (WebCore::Editor::stringSelectionForPasteboard):
2312         (WebCore::Editor::stringSelectionForPasteboardWithImageAltText):
2313         * fileapi/FileReaderLoader.cpp:
2314         (WebCore::FileReaderLoader::FileReaderLoader):
2315         * html/FileInputType.cpp:
2316         (WebCore::FileInputType::appendFormData):
2317         * html/HTMLMediaElement.cpp:
2318         (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
2319         * html/HTMLOutputElement.cpp:
2320         (WebCore::HTMLOutputElement::HTMLOutputElement):
2321         * html/SearchInputType.cpp:
2322         (WebCore::SearchInputType::handleKeydownEvent):
2323         * html/TextFieldInputType.cpp:
2324         (WebCore::autoFillButtonTypeToAccessibilityLabel):
2325         * html/canvas/WebGLDebugShaders.cpp:
2326         (WebCore::WebGLDebugShaders::getTranslatedShaderSource):
2327         * html/canvas/WebGLRenderingContextBase.cpp:
2328         (WebCore::WebGLRenderingContextBase::dispatchContextLostEvent):
2329         (WebCore::WebGLRenderingContextBase::maybeRestoreContext):
2330         * html/canvas/WebGLShader.cpp:
2331         (WebCore::WebGLShader::WebGLShader):
2332         * html/shadow/MediaControlElements.cpp:
2333         (WebCore::MediaControlStatusDisplayElement::update):
2334         * html/track/TextTrack.cpp:
2335         (WebCore::TextTrack::captionMenuOffItem):
2336         (WebCore::TextTrack::captionMenuAutomaticItem):
2337         * html/track/VTTRegion.cpp:
2338         (WebCore::VTTRegion::scroll):
2339         * html/track/VTTRegion.h:
2340         * inspector/InspectorDOMAgent.cpp:
2341         (WebCore::InspectorDOMAgent::toErrorString):
2342         (WebCore::InspectorDOMAgent::resolveNode):
2343         (WebCore::InspectorDOMAgent::documentURLString):
2344         (WebCore::documentBaseURLString):
2345         * inspector/InspectorDOMDebuggerAgent.cpp:
2346         (WebCore::domTypeName):
2347         * inspector/InspectorFrontendHost.cpp:
2348         (WebCore::InspectorFrontendHost::localizedStringsURL):
2349         * inspector/InspectorHistory.cpp:
2350         (WebCore::InspectorHistory::Action::mergeId):
2351         * inspector/InspectorPageAgent.cpp:
2352         (WebCore::InspectorPageAgent::reload):
2353         (WebCore::InspectorPageAgent::frameId):
2354         (WebCore::InspectorPageAgent::loaderId):
2355         * inspector/InspectorStyleSheet.cpp:
2356         (WebCore::InspectorStyleSheet::ruleSelector):
2357         * loader/EmptyClients.h:
2358         * loader/FrameLoader.cpp:
2359         (WebCore::FrameLoader::referrer):
2360         * loader/ImageLoader.cpp:
2361         (WebCore::ImageLoader::clearFailedLoadURL):
2362         * loader/ResourceLoader.cpp:
2363         (WebCore::ResourceLoader::didReceiveResponse):
2364         * page/ContextMenuController.cpp:
2365         (WebCore::ContextMenuController::contextMenuItemSelected):
2366         * page/FrameTree.cpp:
2367         (WebCore::FrameTree::setName):
2368         (WebCore::FrameTree::clearName):
2369         * page/Location.cpp:
2370         (WebCore::Location::port):
2371         * platform/network/ProtectionSpaceBase.cpp:
2372         (WebCore::ProtectionSpaceBase::ProtectionSpaceBase):
2373         * xml/parser/XMLDocumentParserLibxml2.cpp:
2374         (WebCore::handleElementAttributes):
2375
2376 2016-07-15  Simon Fraser  <simon.fraser@apple.com>
2377
2378         Repaints rects drawn incorrectly when inspecting a WebView on a Retina display
2379         https://bugs.webkit.org/show_bug.cgi?id=159824
2380         rdar://problem/27376305
2381
2382         Reviewed by Brian Burg.
2383
2384         InspectorOverlayPage.js set up the canvases with a deviceScaleFactor passed into
2385         reset(), which comes from the overlay's m_page.deviceScaleFactor(). However, updatePaintRects()
2386         used window.devicePixelRatio which was always 1.
2387
2388         Fix by setting the deviceScaleFactor on the m_overlayPage.
2389
2390         * inspector/InspectorOverlay.cpp:
2391         (WebCore::InspectorOverlay::overlayPage):
2392
2393 2016-07-15  Myles C. Maxfield  <mmaxfield@apple.com>
2394
2395         [macOS] Work around crash in [NSAttributedString nextWordFromIndex:forward:]
2396         https://bugs.webkit.org/show_bug.cgi?id=159842
2397
2398         Reviewed by Jon Lee.
2399
2400         <rdar://problem/27380532> describes a crash inside [NSAttributedString nextWordFromIndex:forward:].
2401         This must be worked around for https://bugs.webkit.org/show_bug.cgi?id=159755 and
2402         <rdar://problem/27325521>.
2403
2404         * platform/text/mac/TextBoundaries.mm:
2405         (WebCore::findNextWordFromIndex):
2406
2407 2016-07-15  Brady Eidson  <beidson@apple.com>
2408
2409         Update XPathException to use the description in toString().
2410         https://bugs.webkit.org/show_bug.cgi?id=159848
2411
2412         Reviewed by Alex Christensen.
2413
2414         No new tests (Covered by changes to existing tests).
2415
2416         * bindings/js/JSDOMBinding.cpp:
2417         (WebCore::createDOMException):
2418         * xml/XPathException.h:
2419         (WebCore::XPathException::XPathException):
2420
2421 2016-07-15  Brady Eidson  <beidson@apple.com>
2422
2423         Change toString() behavior for exceptions constructed with "createWithDescriptionAsMessage".
2424         https://bugs.webkit.org/show_bug.cgi?id=159839
2425
2426         Reviewed by Alex Christensen.
2427
2428         No new tests (Covered by changes to existing tests).
2429
2430         This is the first step towards extended exception messages for all exception types.
2431
2432         * dom/ExceptionBase.cpp:
2433         (WebCore::ExceptionBase::ExceptionBase):
2434         (WebCore::ExceptionBase::toString):
2435         * dom/ExceptionBase.h:
2436
2437 2016-07-15  Geoffrey Garen  <ggaren@apple.com>
2438
2439         Added a makeRef<T> helper
2440         https://bugs.webkit.org/show_bug.cgi?id=159835
2441
2442         Reviewed by Andreas Kling.
2443
2444         Anders told me to!
2445
2446         * Modules/indexeddb/IDBTransaction.cpp:
2447         (WebCore::IDBTransaction::putOrAddOnServer):
2448         * Modules/indexeddb/shared/InProcessIDBServer.cpp:
2449         (WebCore::InProcessIDBServer::deleteDatabase):
2450         (WebCore::InProcessIDBServer::didDeleteDatabase):
2451         (WebCore::InProcessIDBServer::openDatabase):
2452         (WebCore::InProcessIDBServer::didOpenDatabase):
2453         (WebCore::InProcessIDBServer::didAbortTransaction):
2454         (WebCore::InProcessIDBServer::didCommitTransaction):
2455         (WebCore::InProcessIDBServer::didCreateObjectStore):
2456         (WebCore::InProcessIDBServer::didDeleteObjectStore):
2457         (WebCore::InProcessIDBServer::didClearObjectStore):
2458         (WebCore::InProcessIDBServer::didCreateIndex):
2459         (WebCore::InProcessIDBServer::didDeleteIndex):
2460         (WebCore::InProcessIDBServer::didPutOrAdd):
2461         (WebCore::InProcessIDBServer::didGetRecord):
2462         (WebCore::InProcessIDBServer::didGetCount):
2463         (WebCore::InProcessIDBServer::didDeleteRecord):
2464         (WebCore::InProcessIDBServer::didOpenCursor):
2465         (WebCore::InProcessIDBServer::didIterateCursor):
2466         (WebCore::InProcessIDBServer::abortTransaction):
2467         (WebCore::InProcessIDBServer::commitTransaction):
2468         (WebCore::InProcessIDBServer::didFinishHandlingVersionChangeTransaction):
2469         (WebCore::InProcessIDBServer::createObjectStore):
2470         (WebCore::InProcessIDBServer::deleteObjectStore):
2471         (WebCore::InProcessIDBServer::clearObjectStore):
2472         (WebCore::InProcessIDBServer::createIndex):
2473         (WebCore::InProcessIDBServer::deleteIndex):
2474         (WebCore::InProcessIDBServer::putOrAdd):
2475         (WebCore::InProcessIDBServer::getRecord):
2476         (WebCore::InProcessIDBServer::getCount):
2477         (WebCore::InProcessIDBServer::deleteRecord):
2478         (WebCore::InProcessIDBServer::openCursor):
2479         (WebCore::InProcessIDBServer::iterateCursor):
2480         (WebCore::InProcessIDBServer::establishTransaction):
2481         (WebCore::InProcessIDBServer::fireVersionChangeEvent):
2482         (WebCore::InProcessIDBServer::didStartTransaction):
2483         (WebCore::InProcessIDBServer::didCloseFromServer):
2484         (WebCore::InProcessIDBServer::notifyOpenDBRequestBlocked):
2485         (WebCore::InProcessIDBServer::databaseConnectionClosed):
2486         (WebCore::InProcessIDBServer::abortOpenAndUpgradeNeeded):
2487         (WebCore::InProcessIDBServer::didFireVersionChangeEvent):
2488         (WebCore::InProcessIDBServer::openDBRequestCancelled):
2489         (WebCore::InProcessIDBServer::confirmDidCloseFromServer):
2490         (WebCore::InProcessIDBServer::getAllDatabaseNames):
2491         (WebCore::InProcessIDBServer::didGetAllDatabaseNames):
2492         * Modules/mediastream/MediaDevicesRequest.cpp:
2493         (WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest):
2494         * Modules/mediastream/UserMediaRequest.cpp:
2495         (WebCore::UserMediaRequest::constraintsValidated):
2496         (WebCore::UserMediaRequest::userMediaAccessGranted):
2497         * Modules/webaudio/AudioContext.cpp:
2498         (WebCore::AudioContext::scheduleNodeDeletion):
2499         (WebCore::AudioContext::isPlayingAudioDidChange):
2500         (WebCore::AudioContext::suspend):
2501         (WebCore::AudioContext::resume):
2502         (WebCore::AudioContext::close):
2503         (WebCore::AudioContext::suspendPlayback):
2504         (WebCore::AudioContext::mayResumePlayback):
2505         * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
2506         (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
2507         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
2508         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
2509         (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
2510         (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
2511         (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
2512         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
2513         (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
2514         * Modules/websockets/WebSocket.cpp:
2515         (WebCore::WebSocket::connect):
2516         * bindings/js/JSEventListener.h:
2517         (WebCore::JSEventListener::jsFunction):
2518         * dom/Node.cpp:
2519         (WebCore::Node::setTextContent):
2520         * html/HTMLMediaElement.cpp:
2521         (WebCore::HTMLMediaElement::layoutSizeChanged):
2522         * inspector/CommandLineAPIHost.cpp:
2523         (WebCore::CommandLineAPIHost::wrapper):
2524         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
2525         (WebCore::AudioSourceProviderAVFObjC::prepare):
2526         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
2527         (WebCore::WebCoreAVCFResourceLoader::invalidate):
2528         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
2529         (WebCore::WebCoreAVFResourceLoader::invalidate):
2530         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
2531         (WebVideoFullscreenControllerContext::setExternalPlayback):
2532         * platform/network/BlobResourceHandle.cpp:
2533         (WebCore::BlobResourceHandle::start):
2534         (WebCore::BlobResourceHandle::notifyFinish):
2535         * platform/network/SocketStreamHandleBase.cpp:
2536         (WebCore::SocketStreamHandleBase::disconnect):
2537         * platform/network/curl/CurlDownload.cpp:
2538         (WebCore::CurlDownload::didReceiveHeader):
2539
2540 2016-07-15  Chris Dumez  <cdumez@apple.com>
2541
2542         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible
2543         https://bugs.webkit.org/show_bug.cgi?id=159793
2544
2545         Reviewed by Ryosuke Niwa.
2546
2547         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible, for performance.
2548
2549         * Modules/plugins/YouTubePluginReplacement.cpp:
2550         (WebCore::YouTubePluginReplacement::installReplacement):
2551         * dom/Element.h:
2552         (WebCore::Element::setIdAttribute):
2553         * editing/ApplyStyleCommand.cpp:
2554         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
2555         (WebCore::createFontElement):
2556         (WebCore::ApplyStyleCommand::applyInlineStyleChange):
2557         * editing/EditingStyle.cpp:
2558         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
2559         * editing/Editor.cpp:
2560         (WebCore::Editor::setBaseWritingDirection):
2561         * editing/ReplaceSelectionCommand.cpp:
2562         (WebCore::isMailPasteAsQuotationNode):
2563         (WebCore::isInlineNodeWithStyle):
2564         * editing/cocoa/DataDetection.mm:
2565         (WebCore::DataDetection::detectContentInRange):
2566         * editing/htmlediting.cpp:
2567         (WebCore::createTabSpanElement):
2568         * editing/ios/EditorIOS.mm:
2569         (WebCore::Editor::setTextAlignmentForChangedBaseWritingDirection):
2570         (WebCore::Editor::WebContentReader::readURL):
2571         * editing/mac/EditorMac.mm:
2572         (WebCore::Editor::WebContentReader::readURL):
2573         * editing/markup.cpp:
2574         (WebCore::createFragmentFromText):
2575         * html/BaseButtonInputType.cpp:
2576         (WebCore::BaseButtonInputType::setValue):
2577         * html/BaseCheckableInputType.cpp:
2578         (WebCore::BaseCheckableInputType::setValue):
2579         * html/FTPDirectoryDocument.cpp:
2580         (WebCore::FTPDirectoryDocumentParser::appendEntry):
2581         (WebCore::FTPDirectoryDocumentParser::createTDForFilename):
2582         (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
2583         (WebCore::FTPDirectoryDocumentParser::createBasicDocument):
2584         * html/HTMLAnchorElement.cpp:
2585         (WebCore::HTMLAnchorElement::href):
2586         (WebCore::HTMLAnchorElement::setHref):
2587         (WebCore::HTMLAnchorElement::target):
2588         * html/HTMLAreaElement.cpp:
2589         (WebCore::HTMLAreaElement::target):
2590         * html/HTMLBaseElement.cpp:
2591         (WebCore::HTMLBaseElement::setHref):
2592         * html/HTMLButtonElement.cpp:
2593         (WebCore::HTMLButtonElement::setType):
2594         * html/HTMLDetailsElement.cpp:
2595         (WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot):
2596         (WebCore::HTMLDetailsElement::toggleOpen):
2597         * html/HTMLDocument.cpp:
2598         (WebCore::HTMLDocument::setBgColor):
2599         (WebCore::HTMLDocument::setFgColor):
2600         (WebCore::HTMLDocument::setAlinkColor):
2601         (WebCore::HTMLDocument::setLinkColor):
2602         (WebCore::HTMLDocument::setVlinkColor):
2603         * html/HTMLElement.cpp:
2604         (WebCore::HTMLElement::setDir):
2605         (WebCore::HTMLElement::setContentEditable):
2606         (WebCore::HTMLElement::setDraggable):
2607         (WebCore::HTMLElement::setSpellcheck):
2608         (WebCore::HTMLElement::setTranslate):
2609         * html/HTMLFormControlElement.cpp:
2610         (WebCore::HTMLFormControlElement::setFormEnctype):
2611         (WebCore::HTMLFormControlElement::setFormMethod):
2612         (WebCore::HTMLFormControlElement::setAutocorrect):
2613         (WebCore::HTMLFormControlElement::setAutocapitalize):
2614         (WebCore::HTMLFormControlElement::setAutocomplete):
2615         * html/HTMLFormElement.cpp:
2616         (WebCore::HTMLFormElement::setAutocorrect):
2617         (WebCore::HTMLFormElement::setAutocapitalize):
2618         (WebCore::HTMLFormElement::setAction):
2619         (WebCore::HTMLFormElement::setEnctype):
2620         (WebCore::HTMLFormElement::setMethod):
2621         (WebCore::HTMLFormElement::target):
2622         * html/HTMLImageElement.cpp:
2623         (WebCore::HTMLImageElement::width):
2624         (WebCore::HTMLImageElement::height):
2625         (WebCore::HTMLImageElement::setSrc):
2626         * html/HTMLInputElement.cpp:
2627         (WebCore::HTMLInputElement::setType):
2628         (WebCore::HTMLInputElement::updateType):
2629         (WebCore::HTMLInputElement::altText):
2630         (WebCore::HTMLInputElement::setDefaultValue):
2631         * html/HTMLLinkElement.cpp:
2632         (WebCore::HTMLLinkElement::href):
2633         (WebCore::HTMLLinkElement::target):
2634         (WebCore::HTMLLinkElement::type):
2635         * html/HTMLMediaElement.cpp:
2636         (WebCore::HTMLMediaElement::setSrc):
2637         (WebCore::HTMLMediaElement::setPreload):
2638         * html/HTMLMeterElement.cpp:
2639         (WebCore::HTMLMeterElement::min):
2640         (WebCore::HTMLMeterElement::setMin):
2641         (WebCore::HTMLMeterElement::max):
2642         (WebCore::HTMLMeterElement::setMax):
2643         (WebCore::HTMLMeterElement::value):
2644         (WebCore::HTMLMeterElement::setValue):
2645         (WebCore::HTMLMeterElement::low):
2646         (WebCore::HTMLMeterElement::setLow):
2647         (WebCore::HTMLMeterElement::high):
2648         (WebCore::HTMLMeterElement::setHigh):
2649         (WebCore::HTMLMeterElement::optimum):
2650         (WebCore::HTMLMeterElement::setOptimum):
2651         * html/HTMLObjectElement.cpp:
2652         (WebCore::HTMLObjectElement::containsJavaApplet):
2653         * html/HTMLOptionElement.cpp:
2654         (WebCore::HTMLOptionElement::createForJSConstructor):
2655         (WebCore::HTMLOptionElement::setValue):
2656         (WebCore::HTMLOptionElement::setLabel):
2657         * html/HTMLProgressElement.cpp:
2658         (WebCore::HTMLProgressElement::setValue):
2659         (WebCore::HTMLProgressElement::setMax):
2660         * html/HTMLScriptElement.cpp:
2661         (WebCore::HTMLScriptElement::typeAttributeValue):
2662         * html/HTMLSelectElement.cpp:
2663         (WebCore::HTMLSelectElement::setMultiple):
2664         * html/HTMLSourceElement.cpp:
2665         (WebCore::HTMLSourceElement::setSrc):
2666         (WebCore::HTMLSourceElement::media):
2667         (WebCore::HTMLSourceElement::setMedia):
2668         (WebCore::HTMLSourceElement::type):
2669         (WebCore::HTMLSourceElement::setType):
2670         * html/HTMLTableSectionElement.cpp:
2671         (WebCore::HTMLTableSectionElement::setAlign):
2672         (WebCore::HTMLTableSectionElement::setCh):
2673         (WebCore::HTMLTableSectionElement::chOff):
2674         (WebCore::HTMLTableSectionElement::setChOff):
2675         (WebCore::HTMLTableSectionElement::setVAlign):
2676         * html/HTMLTextFormControlElement.cpp:
2677         (WebCore::HTMLTextFormControlElement::updateInnerTextElementEditability):
2678         * html/HTMLVideoElement.cpp:
2679         (WebCore::HTMLVideoElement::imageSourceURL):
2680         * html/HiddenInputType.cpp:
2681         (WebCore::HiddenInputType::restoreFormControlState):
2682         (WebCore::HiddenInputType::setValue):
2683         * html/MediaDocument.cpp:
2684         (WebCore::MediaDocumentParser::createDocumentStructure):
2685         (WebCore::MediaDocument::replaceMediaElementTimerFired):
2686         * html/PluginDocument.cpp:
2687         (WebCore::PluginDocumentParser::createDocumentStructure):
2688         * html/TextFieldInputType.cpp:
2689         (WebCore::TextFieldInputType::createAutoFillButton):
2690         (WebCore::TextFieldInputType::updateAutoFillButton):
2691         * html/parser/HTMLTreeBuilder.cpp:
2692         (WebCore::HTMLTreeBuilder::processIsindexStartTagForInBody):
2693         * html/shadow/MediaControlElements.cpp:
2694         (WebCore::MediaControlClosedCaptionsContainerElement::create):
2695         (WebCore::MediaControlTimelineElement::create):
2696         (WebCore::MediaControlPanelVolumeSliderElement::create):
2697         (WebCore::MediaControlFullscreenVolumeSliderElement::create):
2698         * html/shadow/TextControlInnerElements.cpp:
2699         (WebCore::SearchFieldCancelButtonElement::SearchFieldCancelButtonElement):
2700         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
2701         (WebCore::ImageControlsButtonElementMac::tryCreate):
2702         * html/shadow/mac/ImageControlsRootElementMac.cpp:
2703         (WebCore::ImageControlsRootElement::tryCreate):
2704         * html/track/WebVTTElement.cpp:
2705         (WebCore::WebVTTElement::createEquivalentHTMLElement):
2706         * html/track/WebVTTParser.cpp:
2707         (WebCore::WebVTTTreeBuilder::constructTreeFromToken):
2708         * inspector/InspectorCSSAgent.cpp:
2709         (WebCore::InspectorCSSAgent::createInspectorStyleSheetForDocument):
2710         * inspector/InspectorPageAgent.cpp:
2711         (WebCore::InspectorPageAgent::buildObjectForFrame):
2712         * mathml/MathMLSelectElement.cpp:
2713         (WebCore::MathMLSelectElement::toggle):
2714         * page/PageSerializer.cpp:
2715         (WebCore::PageSerializer::serializeFrame):
2716         * rendering/RenderDetailsMarker.cpp:
2717         (WebCore::RenderDetailsMarker::isOpen):
2718         * rendering/mathml/RenderMathMLFraction.cpp:
2719         (WebCore::RenderMathMLFraction::updateFromElement):
2720         * svg/SVGElement.cpp:
2721         (WebCore::SVGElement::setXmlbase):
2722         * svg/SVGSVGElement.cpp:
2723         (WebCore::SVGSVGElement::setContentScriptType):
2724         (WebCore::SVGSVGElement::setContentStyleType):
2725         * svg/SVGStyleElement.cpp:
2726         (WebCore::SVGStyleElement::setMedia):
2727         (WebCore::SVGStyleElement::setTitle):
2728
2729 2016-07-15  Chris Dumez  <cdumez@apple.com>
2730
2731         Modernize StaticNodeList / StaticElementList
2732         https://bugs.webkit.org/show_bug.cgi?id=159831
2733
2734         Reviewed by Ryosuke Niwa.
2735
2736         Modernize StaticNodeList / StaticElementList. Pass vector to adopt
2737         as an rvalue reference instead of a non-const reference.
2738
2739         * bindings/js/JSHTMLAllCollectionCustom.cpp:
2740         (WebCore::namedItems):
2741         * dom/ChildListMutationScope.cpp:
2742         (WebCore::ChildListMutationAccumulator::enqueueMutationRecord):
2743         * dom/MutationRecord.cpp:
2744         * dom/SelectorQuery.cpp:
2745         (WebCore::SelectorDataList::queryAll):
2746         * dom/StaticNodeList.h:
2747         * dom/WebKitNamedFlow.cpp:
2748         (WebCore::WebKitNamedFlow::getRegionsByContent):
2749         (WebCore::WebKitNamedFlow::getRegions):
2750         (WebCore::WebKitNamedFlow::getContent):
2751         * svg/SVGSVGElement.cpp:
2752         (WebCore::SVGSVGElement::collectIntersectionOrEnclosureList):
2753         * testing/Internals.cpp:
2754         (WebCore::Internals::nodesFromRect):
2755
2756 2016-07-15  Brent Fulgham  <bfulgham@apple.com>
2757
2758         Block insecure script running in a data: frame when the top-level page is HTTPS
2759         https://bugs.webkit.org/show_bug.cgi?id=125806
2760         <rdar://problem/27331825>
2761
2762         Reviewed by Brady Eidson.
2763
2764         Fix based on a Blink change (patch by <tsepez@chromium.org>):
2765         <https://chromium.googlesource.com/chromium/blink/+/33e553bd96e040151c1472289a0d80803bfca3a5>
2766
2767         Test: http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html
2768
2769         * loader/cache/CachedResourceLoader.cpp:
2770         (WebCore::CachedResourceLoader::checkInsecureContent): Check the top-level frame's security state
2771         before allowing insecure scripts to be used.        
2772
2773 2016-07-15  Chris Dumez  <cdumez@apple.com>
2774
2775         Let the compiler generate QualifiedName copy constructor and assignment operator
2776         https://bugs.webkit.org/show_bug.cgi?id=159826
2777
2778         Reviewed by Alex Christensen.
2779
2780         Let the compiler generate QualifiedName copy constructor and assignment operator
2781         as our custom implementation does nothing special. This also makes QualifiedName
2782         movable as the compiler is now able to generate the move constructor / assignment
2783         operator as well.
2784
2785         * dom/QualifiedName.h:
2786         (WebCore::QualifiedName::QualifiedName): Deleted.
2787         (WebCore::QualifiedName::operator=): Deleted.
2788
2789 2016-07-15  Antonio Gomes  <tonikitoo@igalia.com>
2790
2791         ScrollView::setHasHorizontalScrollbar / setHasVerticalScrollbar duplicate their logic
2792         https://bugs.webkit.org/show_bug.cgi?id=159825
2793
2794         Patch introduces a (private) method to ScrollView
2795         to share the code/logic of setHas{Horizontal,Vertical}Scrollbar.
2796
2797         Reviewed by Simon Fraser.
2798
2799         No new tests needed.
2800
2801         * platform/ScrollView.cpp:
2802         (WebCore::ScrollView::setHasScrollbarInternal):
2803         (WebCore::ScrollView::setHasHorizontalScrollbar):
2804         (WebCore::ScrollView::setHasVerticalScrollbar):
2805         * platform/ScrollView.h:
2806
2807 2016-07-15  Frederic Wang  <fwang@igalia.com>
2808
2809         MathOperator: Improve alignment for vertical size variant
2810         https://bugs.webkit.org/show_bug.cgi?id=158866
2811
2812         Reviewed by Brent Fulgham.
2813
2814         The MathOperator class may stretch operators with either a large glyph or a glyph assembly.
2815         In the latter case, the assembly is adjusted to match the stretch ascent and descent
2816         requested by the callers. But in the former case the glyph ascent and descent are used
2817         instead. We solve this by making MathOperator::stretchTo only take a targetSize and let
2818         callers do the vertical alignment they want. This improves the rendering of fences with some
2819         math fonts (e.g. XITS) and allows to pass the two cases of mo-axis-height-1.html.
2820
2821         Test: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
2822
2823         * rendering/mathml/MathOperator.cpp:
2824         (WebCore::MathOperator::stretchTo): Merge vertical and horizontal stretching into the same
2825         function with only the targetSize as a parameter.
2826         * rendering/mathml/RenderMathMLOperator.cpp:
2827         (WebCore::RenderMathMLOperator::stretchTo): Updated to use the new signature.
2828         (WebCore::RenderMathMLOperator::verticalStretchedOperatorShift): Helper function to calculate
2829         the shift necessary to align the baseline of the MathOperator instance with the one of the
2830         RenderMathMLOperator.
2831         (WebCore::RenderMathMLOperator::firstLineBaseline): Adjust the baseline.
2832         * rendering/mathml/RenderMathMLOperator.h: Declare verticalStretchedOperatorShift.
2833         * rendering/mathml/RenderMathMLRoot.cpp:
2834         (WebCore::RenderMathMLRoot::layoutBlock): Use the new signature. This function aligns the top
2835         of the radical with the overbar so we do not need to adjust baseline alignment here.
2836
2837 2016-07-15  Brady Eidson  <beidson@apple.com>
2838
2839         WebKit should prevent push/replace state with username in URL.
2840         <rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818
2841
2842         Reviewed by Brent Fulgham.
2843
2844         Test: http/tests/security/history-username-password.html
2845
2846         * page/History.cpp:
2847         (WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.
2848
2849 2016-07-15  Ryan Haddad  <ryanhaddad@apple.com>
2850
2851         Unreviewed, rolling out r203266.
2852
2853         This change caused editing/deleting/delete-emoji.html to time
2854         out on El Capitan, crash under GuardMalloc
2855
2856         Reverted changeset:
2857
2858         "Support new emoji group candidates"
2859         https://bugs.webkit.org/show_bug.cgi?id=159755
2860         http://trac.webkit.org/changeset/203266
2861
2862 2016-07-15  Frederic Wang  <fwang@igalia.com>
2863
2864         Move parsing of mfrac attributes into a MathMLFractionElement class
2865         https://bugs.webkit.org/show_bug.cgi?id=159624
2866
2867         Reviewed by Brent Fulgham.
2868
2869         We move the parsing of mfrac attributes to a MathMLFractionElement class. This allows to
2870         minimize the updates in RenderMathMLFraction and to remove the alignment members. Many of
2871         the members in updateLayoutParameters are actually only used in layoutBlock and could be
2872         removed in a follow-up patch. We also improve the resolution of negative line thickness value
2873         since the MathML recommendation says it should be rounded up to the nearest valid
2874         value (which is zero) instead of ignoring the attribute and using the line thickness.
2875
2876         No new tests, already covered by existing tests.
2877
2878         * CMakeLists.txt: Add MathMLFractionElement.
2879         * WebCore.xcodeproj/project.pbxproj: Ditto.
2880         * mathml/MathMLAllInOne.cpp: Ditto.
2881         * mathml/MathMLFractionElement.cpp: Added.
2882         (WebCore::MathMLFractionElement::MathMLFractionElement):
2883         (WebCore::MathMLFractionElement::create):
2884         (WebCore::MathMLFractionElement::lineThickness): Return the cached linethickness length,
2885         parsing it again if it is dirty. This handles the special values "thin", "medium" and "thick"
2886         or fallback to the general parseMathMLLength for MathML lengths.
2887         (WebCore::MathMLFractionElement::cachedFractionAlignment): Return the cached alignment value,
2888         parsing it again if it is dirty.
2889         (WebCore::MathMLFractionElement::numeratorAlignment): Return the cached alignment.
2890         (WebCore::MathMLFractionElement::denominatorAlignment): Ditto.
2891         (WebCore::MathMLFractionElement::parseAttribute): Make attributes dirty.
2892         (WebCore::MathMLFractionElement::createElementRenderer): Create a RenderMathMLFraction.
2893         * mathml/MathMLFractionElement.h: Added.
2894         * mathml/MathMLInlineContainerElement.cpp: We no longer need to handle fraction here.
2895         (WebCore::MathMLInlineContainerElement::createElementRenderer):
2896         * mathml/mathtags.in: Use MathMLFractionElement for mfrac.
2897         * rendering/mathml/RenderMathMLFraction.cpp:
2898         (WebCore::RenderMathMLFraction::updateLayoutParameters): New helper function to set the
2899         layout parameters, replacing updateFromElement. We no longer parse and store the alignment
2900         values here. We also change the resolution of negative values.
2901         (WebCore::RenderMathMLFraction::horizontalOffset): Use the enum from MathMLFractionElement.
2902         (WebCore::RenderMathMLFraction::layoutBlock): We call updateLayoutParameters instead of
2903         updateFromElement. The numerator and denominator alignments are resolved here.
2904         (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Deleted. Parsing of alignment
2905         attribute is now handled in MathMLFractionElement.
2906         (WebCore::RenderMathMLFraction::updateFromElement): Deleted. Attribute changes are now
2907         handled in MathMLFractionElement.
2908         (WebCore::RenderMathMLFraction::styleDidChange): Deleted. Font changes are properly handled.
2909         * rendering/mathml/RenderMathMLFraction.h: Update declarations.
2910
2911 2016-07-15  Frederic Wang  <fwang@igalia.com>
2912
2913         Check whether font is nonnull for GlyphData instead of calling GlyphData::isValid()
2914         https://bugs.webkit.org/show_bug.cgi?id=159783
2915
2916         Reviewed by Brent Fulgham.
2917
2918         GlyphData::isValid() returns true for GlyphData with null 'font' pointer when the 'glyph'
2919         index is nonzero. This behavior is not expected by the MathML code and we have had crashes
2920         in our test suite in the past on Windows (e.g. bug 140653). We thus replace the call to
2921         GlyphData::isValid() with a stronger verification: Whether the 'font' pointer is nonzero.
2922
2923         No new tests, this only makes null pointer checks stronger.
2924
2925         * rendering/mathml/MathOperator.cpp:
2926         (WebCore::boundsForGlyph):
2927         (WebCore::advanceWidthForGlyph):
2928         (WebCore::MathOperator::getBaseGlyph):
2929         (WebCore::MathOperator::setSizeVariant):
2930         (WebCore::MathOperator::fillWithVerticalExtensionGlyph):
2931         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph):
2932         (WebCore::MathOperator::paintVerticalGlyphAssembly):
2933         (WebCore::MathOperator::paintHorizontalGlyphAssembly):
2934         (WebCore::MathOperator::paint):
2935         * rendering/mathml/RenderMathMLOperator.cpp:
2936         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
2937         * rendering/mathml/RenderMathMLToken.cpp:
2938         (WebCore::RenderMathMLToken::computePreferredLogicalWidths):
2939         (WebCore::RenderMathMLToken::firstLineBaseline):
2940         (WebCore::RenderMathMLToken::layoutBlock):
2941         (WebCore::RenderMathMLToken::paint):
2942         (WebCore::RenderMathMLToken::paintChildren):
2943
2944 2016-07-15  Frederic Wang  <fwang@igalia.com>
2945
2946         Add DejaVu Math TeX Gyre to the list of math fonts.
2947         https://bugs.webkit.org/show_bug.cgi?id=159805
2948
2949         Reviewed by Brent Fulgham.
2950
2951         DejaVu 2.36 has a new math font that can be used for MathML rendering. Because this font is
2952         likely to be installed on many systems (Linux, LibreOffice, etc) we include it in the default
2953         list of font-families in mathml.css in order to increase the chance to find a math font.
2954
2955         No new tests, it only affects rendering when DejaVu Math TeX Gyre is installed on the system.
2956
2957         * css/mathml.css:
2958         (math):
2959
2960 2016-07-15  Eric Carlson  <eric.carlson@apple.com>
2961
2962         [MSE] Increase the SourceBuffer "fudge factor"
2963         https://bugs.webkit.org/show_bug.cgi?id=159813
2964         <rdar://problem/27372033>
2965
2966         Reviewed by Jon Lee.
2967         
2968         Some media encoding/conversion pipelines are sloppy when doing sample time/timescale
2969         math, and the error accumulation results in small gaps in the media timeline. r202641
2970         increased the maximum allowable gap from 0.01 second to one 24fps frame, but it turns
2971         out that at least one large provider has a significant amount of content encoded with
2972         up to two 24fps frames.
2973
2974         No new tests, updated media/media-source/media-source-small-gap.html.
2975
2976         * Modules/mediasource/SourceBuffer.cpp:
2977         (WebCore::currentTimeFudgeFactor): Increase maximum gap to 2002 / 24000 frames.
2978
2979 2016-07-15  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
2980
2981         Add final keyword to WebCore/svg classes
2982         https://bugs.webkit.org/show_bug.cgi?id=159802
2983
2984         Reviewed by Youenn Fablet.
2985
2986         Updated classes in the WebCore/svg directory to be marked as final where appropriate.
2987
2988         * svg/SVGException.h:
2989         * svg/SVGLengthList.h:
2990         * svg/SVGMatrix.h:
2991         * svg/SVGNumberList.h:
2992         * svg/SVGPaint.h:
2993         * svg/SVGPathBuilder.h:
2994         * svg/SVGPathByteStreamBuilder.h:
2995         * svg/SVGPathByteStreamSource.h:
2996         * svg/SVGPathSegArcAbs.h:
2997         * svg/SVGPathSegArcRel.h:
2998         * svg/SVGPathSegClosePath.h:
2999         * svg/SVGPathSegCurvetoCubicAbs.h:
3000         * svg/SVGPathSegCurvetoCubicRel.h:
3001         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
3002         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
3003         * svg/SVGPathSegCurvetoQuadraticAbs.h:
3004         * svg/SVGPathSegCurvetoQuadraticRel.h:
3005         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
3006         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
3007         * svg/SVGPathSegLinetoAbs.h:
3008         * svg/SVGPathSegLinetoHorizontalAbs.h:
3009         * svg/SVGPathSegLinetoHorizontalRel.h:
3010         * svg/SVGPathSegLinetoRel.h:
3011         * svg/SVGPathSegLinetoVerticalAbs.h:
3012         * svg/SVGPathSegLinetoVerticalRel.h:
3013         * svg/SVGPathSegListBuilder.h:
3014         * svg/SVGPathSegListSource.h:
3015         * svg/SVGPathSegMovetoAbs.h:
3016         * svg/SVGPathSegMovetoRel.h:
3017         * svg/SVGPathStringSource.h:
3018         * svg/SVGPathTraversalStateBuilder.h:
3019         * svg/SVGPointList.h:
3020         * svg/SVGRenderingIntent.h:
3021         * svg/SVGStringList.h:
3022         * svg/SVGTRefElement.cpp:
3023         * svg/SVGToOTFFontConversion.cpp:
3024         * svg/SVGTransformList.h:
3025         * svg/SVGUnitTypes.h:
3026         * svg/SVGViewSpec.h:
3027         * svg/SVGZoomEvent.h:
3028         * svg/animation/SMILTimeContainer.h:
3029         * svg/animation/SVGSMILElement.cpp:
3030         * svg/graphics/filters/SVGFEImage.h:
3031         * svg/graphics/filters/SVGFilter.h:
3032         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
3033         * svg/properties/SVGAnimatedPropertyTearOff.h:
3034         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
3035         * svg/properties/SVGMatrixTearOff.h:
3036         * svg/properties/SVGPathSegListPropertyTearOff.h:
3037         * svg/properties/SVGStaticListPropertyTearOff.h:
3038         * svg/properties/SVGStaticPropertyTearOff.h:
3039         * svg/properties/SVGTransformListPropertyTearOff.h:
3040
3041 2016-07-15  Per Arne Vollan  <pvollan@apple.com>
3042
3043         Uninitialized variable in DIBPixelData can cause a dangerous memory write
3044         https://bugs.webkit.org/show_bug.cgi?id=159414
3045
3046         Reviewed by Brent Fulgham.
3047
3048         Initialize local BITMAP variable, in case the ::GetObject function that should initialize it
3049         fails to do so, because the bitmap handle is invalid.
3050
3051         Tests: Tools/TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp
3052
3053         * platform/graphics/win/DIBPixelData.cpp:
3054         (WebCore::DIBPixelData::initialize): Initialize local variable.
3055         (WebCore::DIBPixelData::setRGBABitmapAlpha): Return early if we have no bitmap.
3056         * platform/graphics/win/DIBPixelData.h: Link fix.
3057
3058 2016-07-14  Yoav Weiss  <yoav@yoav.ws>
3059
3060         Change CSSParser::sourceSize returning Optional<CSSParser::SourceSize>
3061         https://bugs.webkit.org/show_bug.cgi?id=159666
3062
3063         Reviewed by Michael Catanzaro.
3064
3065         Tests:
3066             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
3067
3068         * css/CSSGrammar.y.in: Avoid adding SourceSize to source_size_list when the value is a Nullopt.
3069         * css/CSSParser.cpp:
3070         (WebCore::CSSParser::sourceSize): Return a Nullopt when an invalid value is encountered.
3071         * css/CSSParser.h:
3072
3073 2016-07-14  Antonio Gomes  <tonikitoo@igalia.com>
3074
3075         [RTL Scrollbars] Frame scrollbars don't move to the right when text direction changes to RTL
3076         https://bugs.webkit.org/show_bug.cgi?id=158252
3077
3078         Reviewed by Myles C. Maxfield.
3079
3080         When the 'dir' attribute changes either on body or on the document
3081         element level, the associated FrameView does not trigger an update on
3082         the frame level vertical scrollbar.
3083
3084         Patch adds a 'hook' so that RenderBox::styleDidChange can call in
3085         order to get the document level scrollbar placed properly in the next
3086         layout.
3087
3088         Test: fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement.html
3089               fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2.html
3090               fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement.html
3091
3092         * page/FrameView.cpp:
3093         (WebCore::FrameView::topContentDirectionDidChange):
3094         * page/FrameView.h:
3095         * rendering/RenderBox.cpp:
3096         (WebCore::RenderBox::styleDidChange):
3097
3098 2016-07-14  Myles C. Maxfield  <mmaxfield@apple.com>
3099
3100         Support new emoji group candidates
3101         https://bugs.webkit.org/show_bug.cgi?id=159755
3102         <rdar://problem/27325521>
3103
3104         Reviewed by Dean Jackson.
3105
3106         There are a few code points which should be able to be joined (with ZWJ) to
3107         either U+2640 or U+2642 to change the gender of the emoji. These patterns
3108         should also work with an additional 0xFE0F variation selector. This patch
3109         adds these new patterns to our existing emoji group candidate infrastructure.
3110
3111         Tests: fast/text/emoji-gender-2-3.html
3112                fast/text/emoji-gender-2-4.html
3113                fast/text/emoji-gender-2-5.html
3114                fast/text/emoji-gender-2-6.html
3115                fast/text/emoji-gender-2-7.html
3116                fast/text/emoji-gender-2-8.html
3117                fast/text/emoji-gender-2-9.html
3118                fast/text/emoji-gender-2.html
3119                fast/text/emoji-gender-3.html
3120                fast/text/emoji-gender-4.html
3121                fast/text/emoji-gender-5.html
3122                fast/text/emoji-gender-6.html
3123                fast/text/emoji-gender-7.html
3124                fast/text/emoji-gender-8.html
3125                fast/text/emoji-gender-9.html
3126                fast/text/emoji-gender-fe0f-3.html
3127                fast/text/emoji-gender-fe0f-4.html
3128                fast/text/emoji-gender-fe0f-5.html
3129                fast/text/emoji-gender-fe0f-6.html
3130                fast/text/emoji-gender-fe0f-7.html
3131                fast/text/emoji-gender-fe0f-8.html
3132                fast/text/emoji-gender-fe0f-9.html
3133                fast/text/emoji-gender.html
3134                fast/text/emoji-num-glyphs.html
3135                fast/text/emoji-single-parent-family-2.html
3136                fast/text/emoji-single-parent-family.html
3137
3138         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
3139         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
3140         * platform/graphics/FontCascade.cpp:
3141         (WebCore::FontCascade::characterRangeCodePath):
3142         * platform/text/CharacterProperties.h:
3143         (WebCore::isEmojiGroupCandidate):
3144
3145 2016-07-14  Dean Jackson  <dino@apple.com>
3146
3147         CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::MediaQueryEvaluator::evaluate const
3148         https://bugs.webkit.org/show_bug.cgi?id=159799
3149         <rdar://problem/27346959>
3150
3151         Reviewed by Myles Maxfield.
3152
3153         Speculative fix for this crash, which seems to happen when asking for the Node's
3154         renderer(). From the incoming crash logs, it is triggered by mutations on
3155         a <picture> or <img> element, which would require choosing a new source,
3156         and causing some media queries to evaluate.
3157
3158         The only place in MediaQueryEvaluator that has anything to do with
3159         renderers is when gathering up some style information to pass to the
3160         actual evaluation function. I put a guard against a missing documentElement
3161         in there.
3162
3163         * css/MediaQueryEvaluator.cpp:
3164         (WebCore::MediaQueryEvaluator::evaluate): Make sure documentElement is not
3165         null.
3166
3167 2016-07-14  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
3168
3169         Update HTML*Element class override methods in final classes
3170         https://bugs.webkit.org/show_bug.cgi?id=159456
3171
3172         Reviewed by Youenn Fablet.
3173
3174         Update HTML*Element classes so that overriden methods in final classes are marked final.
3175         Also marked HTMLDivElement overriden methods as final since they are not overridden by derived classes.
3176
3177         * html/HTMLAppletElement.h:
3178         * html/HTMLAreaElement.h:
3179         * html/HTMLAttachmentElement.h:
3180         * html/HTMLAudioElement.h:
3181         * html/HTMLBRElement.h:
3182         * html/HTMLBaseElement.h:
3183         * html/HTMLBodyElement.h:
3184         * html/HTMLButtonElement.h:
3185         * html/HTMLCanvasElement.h:
3186         * html/HTMLDataElement.h:
3187         * html/HTMLDetailsElement.h:
3188         * html/HTMLDivElement.h:
3189         * html/HTMLEmbedElement.h:
3190         * html/HTMLFieldSetElement.h:
3191         * html/HTMLFontElement.h:
3192         * html/HTMLFormElement.h:
3193         * html/HTMLFrameSetElement.h:
3194         * html/HTMLHRElement.h:
3195         * html/HTMLHtmlElement.h:
3196         * html/HTMLKeygenElement.h:
3197         * html/HTMLLIElement.h:
3198         * html/HTMLLabelElement.h:
3199         * html/HTMLLegendElement.h:
3200         * html/HTMLLinkElement.h:
3201         * html/HTMLMapElement.h:
3202         * html/HTMLMarqueeElement.h:
3203         * html/HTMLMetaElement.h:
3204         * html/HTMLMeterElement.h:
3205         * html/HTMLModElement.h:
3206         * html/HTMLOListElement.h:
3207         * html/HTMLObjectElement.h:
3208         * html/HTMLOptGroupElement.h:
3209         * html/HTMLOptionElement.h:
3210         * html/HTMLOutputElement.h:
3211         * html/HTMLParagraphElement.h:
3212         * html/HTMLParamElement.h:
3213         * html/HTMLPreElement.h:
3214         * html/HTMLProgressElement.h:
3215         * html/HTMLQuoteElement.h:
3216         * html/HTMLScriptElement.h:
3217         * html/HTMLSourceElement.h:
3218         * html/HTMLStyleElement.h:
3219         * html/HTMLSummaryElement.h:
3220         * html/HTMLTableCaptionElement.h:
3221         * html/HTMLTableColElement.h:
3222         * html/HTMLTableElement.h:
3223         * html/HTMLTableSectionElement.h:
3224         * html/HTMLTemplateElement.h:
3225         * html/HTMLTextAreaElement.h:
3226         * html/HTMLTitleElement.h:
3227         * html/HTMLUListElement.h:
3228         * html/HTMLUnknownElement.h:
3229         * html/HTMLVideoElement.h:
3230         * html/HTMLWBRElement.h:
3231
3232 2016-07-14  Chris Dumez  <cdumez@apple.com>
3233
3234         Modernize GlyphMetricsMap
3235         https://bugs.webkit.org/show_bug.cgi?id=159788
3236
3237         Reviewed by Darin Adler.
3238
3239         Modernize GlyphMetricsMap a bit.
3240
3241         * platform/graphics/GlyphMetricsMap.h:
3242         - Drop WTF_MAKE_NONCOPYABLE as the class is already non-copyable due to having
3243           to having a std::unique_ptr data member.
3244         - Drop GlyphMetricsMap default constructor and let the compiler generate it
3245           instead. This required using inline initialization for m_filledPrimaryPage.
3246
3247         (WebCore::GlyphMetricsMap::GlyphMetricsPage::GlyphMetricsPage):
3248         - Make m_metrics data member private as it does not need to be public.
3249         - Make setMetricsForIndex(unsigned index, const T& metrics) setter private
3250           as it does not need to be public.
3251         - Make GlyphMetricsPage(const T& initialValue) constructor explicit as it
3252           takes only 1 parameter.
3253
3254         (WebCore::GlyphMetricsMap<T>::locatePageSlowCase):
3255         - Use HashMap::ensure() to make the code a bit nicer.
3256
3257 2016-07-14  Simon Fraser  <simon.fraser@apple.com>
3258
3259         [iOS WK2] When scrolling apple.com/music on iPad Pro in landscape, left-hand tiles appear first
3260         https://bugs.webkit.org/show_bug.cgi?id=159798
3261         rdar://problem/27362717
3262
3263         Reviewed by Tim Horton.
3264
3265         In out-of-visible tiled layers, we always allocated the top-left tile, wasting
3266         memory and causing ugliness when scrolling that layer into view. This happened
3267         because getTileIndexRangeForRect() had no way to express the fact that no tiles
3268         should be created.
3269
3270         Fix getTileIndexRangeForRect() to return a bool, and fix callers to respect the
3271         return value.
3272
3273         Test: compositing/tiling/offscreen-tiled-layer.html
3274
3275         * platform/graphics/ca/GraphicsLayerCA.cpp:
3276         (WebCore::GraphicsLayerCA::dumpAdditionalProperties):
3277         * platform/graphics/ca/TileGrid.cpp:
3278         (WebCore::TileGrid::setNeedsDisplayInRect):
3279         (WebCore::TileGrid::tilesWouldChangeForCoverageRect):
3280         (WebCore::TileGrid::getTileIndexRangeForRect):
3281         (WebCore::TileGrid::revalidateTiles):
3282         (WebCore::TileGrid::ensureTilesForRect):
3283         (WebCore::TileGrid::extent):
3284         * platform/graphics/ca/TileGrid.h:
3285
3286 2016-07-14  John Wilander  <wilander@apple.com>
3287
3288         Remove credentials in URL when accessed through location.href
3289         https://bugs.webkit.org/show_bug.cgi?id=139562
3290         <rdar://problem/27331164>
3291
3292         Reviewed by Brent Fulgham.
3293
3294         Test: http/tests/security/location-href-clears-username-password.html
3295
3296         The reason for this change is to not allow scripts on the page to
3297         exfiltrate username and password from the URL.
3298
3299         * page/Location.cpp:
3300         (WebCore::Location::href):
3301             Now checks if there is a username or password in the URL. If so,
3302             it copies the URL and removes the username and password.
3303
3304 2016-07-14  Javier Fernandez  <jfernandez@igalia.com>
3305
3306         [css-grid] Handle min-content/max-content with orthogonal flows
3307         https://bugs.webkit.org/show_bug.cgi?id=159294
3308
3309         Reviewed by Darin Adler.
3310
3311         Currently there is no support for orthogonal flows in many aspects of the
3312         Grid Layout logic.
3313
3314         The Grid sizing algorithm should be adapted to this scenario, hence this
3315         patch focus on the min-content and max-content functions, used to resolve
3316         content based track sizes.
3317
3318         There are still issues related to alignment and sizes using percentages,
3319         but they will be addressed in different patches.
3320
3321         Tests: fast/css-grid-layout/grid-item-positioning-with-orthogonal-flows.html
3322                fast/css-grid-layout/grid-item-sizing-with-orthogonal-flows.html
3323                fast/css-grid-layout/grid-item-spanning-and-orthogonal-flows.html
3324                fast/css-grid-layout/grid-track-sizing-with-orthogonal-flows.html
3325                fast/css-grid-layout/grid-track-sizing-with-percentages-and-orthogonal-flows.html
3326
3327         * rendering/RenderBox.cpp:
3328         (WebCore::RenderBox::computeLogicalWidthInRegion):
3329         * rendering/RenderGrid.cpp:
3330         (WebCore::RenderGrid::GridSizingData::advanceNextState):
3331         (WebCore::RenderGrid::GridSizingData::isValidTransitionForDirection):
3332         (WebCore::RenderGrid::computeTrackSizesForDirection):
3333         (WebCore::RenderGrid::repeatTracksSizingIfNeeded): Added.
3334         (WebCore::RenderGrid::layoutBlock):
3335         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
3336         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
3337         (WebCore::hasOverrideContainingBlockContentSizeForChild):
3338         (WebCore::overrideContainingBlockContentSizeForChild):
3339         (WebCore::setOverrideContainingBlockContentSizeForChild):
3340         (WebCore::shouldClearOverrideContainingBlockContentSizeForChild):
3341         (WebCore::RenderGrid::gridTrackSize):
3342         (WebCore::RenderGrid::isOrthogonalChild): Added.
3343         (WebCore::RenderGrid::logicalHeightForChild):
3344         (WebCore::RenderGrid::flowAwareDirectionForChild): Added.
3345         (WebCore::RenderGrid::minSizeForChild):
3346         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
3347         (WebCore::RenderGrid::minContentForChild):
3348         (WebCore::RenderGrid::maxContentForChild):
3349         (WebCore::RenderGrid::placeItemsOnGrid):
3350         (WebCore::RenderGrid::layoutPositionedObject):
3351         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
3352         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild): Added.
3353         (WebCore::RenderGrid::gridAreaBreadthForChild):
3354         (WebCore::RenderGrid::columnAxisPositionForChild):
3355         (WebCore::RenderGrid::rowAxisPositionForChild):
3356         (WebCore::RenderGrid::findChildLogicalPosition):
3357         * rendering/RenderGrid.h:
3358         (WebCore::RenderGrid::SizingOperation): This enum has been moved to the header file.
3359         (WebCore::RenderGrid::m_hasAnyOrthogonalChild): New class attribute to know if there are any orthogonal grid items.
3360         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
3361         (WebCore::RenderGrid::logicalHeightForChild):
3362         (WebCore::RenderGrid::gridAreaBreadthForChild):
3363         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):
3364
3365
3366
3367 2016-07-14  Chris Dumez  <cdumez@apple.com>
3368
3369         Use emptyString() instead of "" when possible
3370         https://bugs.webkit.org/show_bug.cgi?id=159789
3371
3372         Reviewed by Alex Christensen.
3373
3374         Use emptyString() instead of "" when possible to reduce String allocations.
3375
3376         * Modules/webdatabase/Database.cpp:
3377         (WebCore::Database::performOpenAndVerify):
3378         * css/CSSSelector.h:
3379         * css/StyleProperties.cpp:
3380         (WebCore::MutableStyleProperties::removeProperty):
3381         (WebCore::MutableStyleProperties::removeCustomProperty):
3382         * editing/TextCheckingHelper.cpp:
3383         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
3384         (WebCore::TextCheckingHelper::findFirstBadGrammar):
3385         * editing/TypingCommand.h:
3386         (WebCore::TypingCommand::create):
3387         * fileapi/FileReaderLoader.cpp:
3388         (WebCore::FileReaderLoader::cleanup):
3389         * inspector/InspectorStyleSheet.cpp:
3390         (WebCore::fillMediaListChain):
3391         * page/UserContentURLPattern.cpp:
3392         (WebCore::UserContentURLPattern::parse):
3393         * platform/graphics/MediaPlayer.cpp:
3394         (WebCore::MediaPlayer::load):
3395         * platform/gtk/DataObjectGtk.h:
3396         (WebCore::DataObjectGtk::clearURIList):
3397         * platform/network/curl/ResourceHandleCurl.cpp:
3398         (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
3399         * platform/network/curl/ResourceHandleManager.h:
3400         * rendering/RenderLayerCompositor.cpp:
3401         (WebCore::RenderLayerCompositor::layerTreeAsText):
3402         * rendering/RenderListMarker.cpp:
3403         (WebCore::RenderListMarker::updateContent):
3404         * rendering/style/RenderStyle.cpp:
3405         (WebCore::RenderStyle::noneDashboardRegions):
3406         * rendering/svg/SVGTextMetrics.cpp:
3407         (WebCore::SVGTextMetrics::SVGTextMetrics):
3408         * xml/XPathParser.cpp:
3409         (WebCore::XPath::Parser::lexString):
3410
3411 2016-07-14  Brent Fulgham  <bfulgham@apple.com>
3412
3413         editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc 
3414         https://bugs.webkit.org/show_bug.cgi?id=142969
3415         <rdar://problem/27331095>
3416
3417         Reviewed by Alex Christensen.
3418
3419         Fix based on a Blink change (patch by <rouslan@chromium.org>):
3420         <https://chromium.googlesource.com/chromium/blink/+/c713736b122c2224804b2db72f1f711cb47ee260%5E%21/#F1>
3421
3422         Test: editing/spelling/copy-paste-crash.html
3423               editing/spelling/spellcheck-async.html
3424
3425         * editing/SpellChecker.cpp:
3426         (WebCore::SpellCheckRequest::didSucceed):
3427         (WebCore::SpellCheckRequest::didCancel):
3428
3429 2016-07-14  Zalan Bujtas  <zalan@apple.com>
3430
3431         ImageBuffer's succes flag should be set to false at the very beginning of the c'tor.
3432         https://bugs.webkit.org/show_bug.cgi?id=159784
3433
3434         Reviewed by Simon Fraser.
3435
3436         No change in functionality.
3437
3438         * platform/graphics/cg/ImageBufferCG.cpp:
3439         (WebCore::ImageBuffer::ImageBuffer):
3440
3441 2016-07-14  Alex Christensen  <achristensen@webkit.org>
3442
3443         Use SocketProvider to create SocketStreamHandles
3444         https://bugs.webkit.org/show_bug.cgi?id=159774
3445
3446         Reviewed by Brady Eidson.
3447
3448         No new tests.  No change in behaviour.
3449         
3450         In r202930 I introduced the SocketProvider, but I used it to make a WebSocketChannel
3451         instead of a SocketStreamHandle, which is the class I want to make into an interface
3452         and proxy the web traffic over to the NetworkProcess.
3453
3454         * CMakeLists.txt:
3455         * Modules/websockets/ThreadableWebSocketChannel.cpp: Added.
3456         (WebCore::ThreadableWebSocketChannel::create):
3457         I removed this in 202930, so this is restoring it from that patch, hence the old copyright.
3458         * Modules/websockets/ThreadableWebSocketChannel.h:
3459         (WebCore::ThreadableWebSocketChannel::ThreadableWebSocketChannel):
3460         * Modules/websockets/WebSocket.cpp:
3461         (WebCore::WebSocket::connect):
3462         * Modules/websockets/WebSocketChannel.cpp:
3463         (WebCore::WebSocketChannel::WebSocketChannel):
3464         (WebCore::WebSocketChannel::connect):
3465         * Modules/websockets/WebSocketChannel.h:
3466         (WebCore::WebSocketChannel::create):
3467         * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
3468         (WebCore::WorkerThreadableWebSocketChannel::WorkerThreadableWebSocketChannel):
3469         (WebCore::WorkerThreadableWebSocketChannel::resume):
3470         (WebCore::WorkerThreadableWebSocketChannel::Peer::Peer):
3471         (WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveMessageError):
3472         (WebCore::WorkerThreadableWebSocketChannel::Bridge::Bridge):
3473         (WebCore::WorkerThreadableWebSocketChannel::Bridge::~Bridge):
3474         (WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
3475         (WebCore::WorkerThreadableWebSocketChannel::Bridge::initialize):
3476         * Modules/websockets/WorkerThreadableWebSocketChannel.h:
3477         (WebCore::WorkerThreadableWebSocketChannel::create):
3478         (WebCore::WorkerThreadableWebSocketChannel::Bridge::create):
3479         * WebCore.xcodeproj/project.pbxproj:
3480         * inspector/InspectorOverlay.cpp:
3481         (WebCore::InspectorOverlay::overlayPage):
3482         * loader/EmptyClients.cpp:
3483         (WebCore::EmptyEditorClient::registerRedoStep):
3484         (WebCore::EmptySocketProvider::createWebSocketChannel): Deleted.
3485         * loader/EmptyClients.h:
3486         * page/SocketProvider.cpp: Added.
3487         (WebCore::SocketProvider::createSocketStreamHandle):
3488         * page/SocketProvider.h:
3489         (WebCore::SocketProvider::~SocketProvider): Deleted.
3490         * platform/network/cf/SocketStreamHandle.h:
3491         * svg/graphics/SVGImage.cpp:
3492         (WebCore::SVGImage::dataChanged):
3493
3494 2016-07-14  Brady Eidson  <beidson@apple.com>
3495
3496         "User delete" tests are flakey timeouts (and/or DatabaseProcess crashes).
3497         https://bugs.webkit.org/show_bug.cgi?id=158741
3498
3499         Reviewed by Alex Christensen.
3500
3501         No new tests (Covered by existing tests in some configurations)
3502
3503         - Check if a database hard delete is complete in more places.
3504         - Asynchronously clear out the hard close protector instead of synchronously.
3505         
3506         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
3507         (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
3508         (WebCore::IDBServer::UniqueIDBDatabase::didPerformUnconditionalDeleteBackingStore):
3509         (WebCore::IDBServer::UniqueIDBDatabase::didFinishHandlingVersionChange):
3510         (WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient):
3511         (WebCore::IDBServer::UniqueIDBDatabase::transactionCompleted):
3512         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
3513         (WebCore::IDBServer::UniqueIDBDatabase::maybeFinishHardClose):
3514         (WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):
3515         (WebCore::IDBServer::UniqueIDBDatabase::doneWithHardClose): Deleted.
3516
3517         * Modules/indexeddb/server/UniqueIDBDatabase.h:
3518         (WebCore::IDBServer::UniqueIDBDatabase::hardClosedForUserDelete):
3519
3520         * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
3521         (WebCore::IDBServer::UniqueIDBDatabaseConnection::didAbortTransaction):
3522
3523 2016-07-13  Brent Fulgham  <bfulgham@apple.com>
3524
3525         CSSStyleSheet members should clear their owner node when destroyed
3526         https://bugs.webkit.org/show_bug.cgi?id=117470
3527
3528         Reviewed by Chris Dumez.
3529
3530         Make sure that CSSStyleSheet members are detached from their owner node when
3531         the owning object is destroyed.
3532
3533         I audited other CSSStyleSheet uses, and found one other place where the owner node was not
3534         being cleared during destruction. The Inspector also uses CSSStyleSheet, but seems to
3535         handle the node ownership properly.
3536
3537         Fix based on a Blink change (patch by <haraken@chromium.org>):
3538         <https://chromium.googlesource.com/chromium/blink/+/c4949bfdeb2a613701afa1410bdae70531b8f6bf>
3539
3540         Also includes a follow-up fix (patch by <haraken@chromium.org>):
3541         <https://chromium.googlesource.com/chromium/blink/+/9c3932dc80b33429db3a5873cb266b726c8a19bf>
3542
3543         No test case. Was found by the Chromium team through review of their crash traces under minor DOM GC.
3544
3545         * contentextensions/ContentExtensionStyleSheet.cpp:
3546         (WebCore::ContentExtensions::ContentExtensionStyleSheet::~ContentExtensionStyleSheet):
3547         * contentextensions/ContentExtensionStyleSheet.h:
3548         * dom/InlineStyleSheetOwner.cpp:
3549         (WebCore::InlineStyleSheetOwner::~InlineStyleSheetOwner):
3550         (WebCore::authorStyleSheetsForElement):
3551
3552 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
3553
3554         Fix the !ENABLE(WEB_SOCKETS) build after r202930
3555         https://bugs.webkit.org/show_bug.cgi?id=159768
3556
3557         Reviewed by Alex Christensen.
3558
3559         * loader/EmptyClients.cpp:
3560         * loader/EmptyClients.h:
3561         * page/SocketProvider.h:
3562         * workers/WorkerGlobalScope.cpp:
3563         (WebCore::WorkerGlobalScope::WorkerGlobalScope):
3564         * workers/WorkerThread.cpp:
3565         (WebCore::WorkerThread::WorkerThread):
3566
3567 2016-07-14  Youenn Fablet  <youenn@apple.com>
3568
3569         DOMIterators should be assigned a correct prototype
3570         https://bugs.webkit.org/show_bug.cgi?id=159115
3571
3572         Reviewed by Chris Dumez.
3573
3574         Default iterator object internal prototype property is the Iterator prototype as defined in
3575         http://heycam.github.io/webidl/#dfn-iterator-prototype-object.
3576         Linking DOMIterator prototype to IteratorPrototype.
3577         This allows adding @@iterator property to the result of entries, keys and values methods.
3578         This in turns allow doing for-of loops on them.
3579
3580         Covered by updated test.
3581
3582         * ForwardingHeaders/runtime/IteratorPrototype.h: Added.
3583         * bindings/js/JSDOMIterator.h: Setting correct prototype and marking next prototype property as enumerable.
3584
3585 2016-07-14  Youenn Fablet  <youenn@apple.com>
3586
3587         Remove support for value iterators from JSDOMIterator
3588         https://bugs.webkit.org/show_bug.cgi?id=159293
3589
3590         Reviewed by Chris Dumez.
3591
3592         Value iterators are now handled without using DOMIterator.
3593         Since FontFaceSet is using DOMIterator as an intermediate step towards supporting set-like,
3594         entries and forEach implementation should be made compliant with set-like.
3595         This means that item value should be passed instead of an index in entries iterator and forEach callback.
3596
3597         Covered by updated test.
3598
3599         * bindings/js/JSDOMIterator.h:
3600         (WebCore::JSDOMIterator<JSWrapper>::asJS): Pass set item as entries value field.
3601         (WebCore::appendForEachArguments): Pass set item as second parameter.
3602         (WebCore::iteratorForEach): Remove index handling.
3603
3604 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
3605
3606         Fix the !ENABLE(MATHML) build after r201739
3607         https://bugs.webkit.org/show_bug.cgi?id=159767
3608
3609         Reviewed by Alex Christensen.
3610
3611         * dom/Document.cpp:
3612         (WebCore::Document::validateCustomElementName):
3613
3614 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
3615
3616         Fix the !ENABLE(CSS_IMAGE_SET) build
3617         https://bugs.webkit.org/show_bug.cgi?id=159766
3618
3619         Reviewed by Alex Christensen.
3620
3621         * css/CSSParser.cpp:
3622
3623 2016-07-14  Frederic Wang  <fred.wang@free.fr>
3624
3625         Cleanup of MathML headers
3626         https://bugs.webkit.org/show_bug.cgi?id=159336
3627
3628         Reviewed by Alex Christensen.
3629
3630         We do some cleanup in MathML headers:
3631         - Use #pragma once
3632         - Use final for class that are not extended.
3633         - Use final instead of override for virtual members that are not overridden by derived classes.
3634         - Try and reduce the visibility of function members to private or protected as appropriate.
3635         - Remove useless #include
3636         - Remove useless class or friendship declaration
3637         - Remove unused functions
3638
3639         No new tests, behavior is unchanged.
3640
3641         * mathml/MathMLElement.h:
3642         * mathml/MathMLInlineContainerElement.h:
3643         * mathml/MathMLMathElement.h:
3644         * mathml/MathMLMencloseElement.h:
3645         * mathml/MathMLOperatorDictionary.h:
3646         * mathml/MathMLPaddedElement.h:
3647         * mathml/MathMLSelectElement.h:
3648         * mathml/MathMLSpaceElement.h:
3649         * mathml/MathMLTextElement.h:
3650         * rendering/mathml/MathOperator.h:
3651         * rendering/mathml/RenderMathMLBlock.h:
3652         * rendering/mathml/RenderMathMLFenced.h:
3653         * rendering/mathml/RenderMathMLFraction.h:
3654         * rendering/mathml/RenderMathMLMath.h:
3655         * rendering/mathml/RenderMathMLMenclose.h:
3656         * rendering/mathml/RenderMathMLOperator.h:
3657         * rendering/mathml/RenderMathMLRoot.h:
3658         * rendering/mathml/RenderMathMLRow.cpp:
3659         (WebCore::RenderMathMLRow::RenderMathMLRow): Deleted. We no longer create anonymous row.
3660         * rendering/mathml/RenderMathMLRow.h:
3661         * rendering/mathml/RenderMathMLScripts.h:
3662         * rendering/mathml/RenderMathMLSpace.h:
3663         * rendering/mathml/RenderMathMLToken.h:
3664         * rendering/mathml/RenderMathMLUnderOver.h:
3665
3666 2016-07-14  Alex Christensen  <achristensen@webkit.org>
3667
3668         Pass SessionID to WebSocketHandle constructor
3669         https://bugs.webkit.org/show_bug.cgi?id=159772
3670
3671         Reviewed by Brady Eidson.
3672
3673         No new tests.  No change in behavior.
3674
3675         * Modules/websockets/WebSocketChannel.cpp:
3676         (WebCore::WebSocketChannel::connect):
3677         * platform/network/cf/SocketStreamHandle.h:
3678         (WebCore::SocketStreamHandle::create):
3679         * platform/network/cf/SocketStreamHandleCFNet.cpp:
3680         (WebCore::SocketStreamHandle::SocketStreamHandle):
3681         * platform/network/curl/SocketStreamHandle.h:
3682         (WebCore::SocketStreamHandle::create):
3683         * platform/network/soup/SocketStreamHandle.h:
3684
3685 2016-07-14  Carlos Garcia Campos  <cgarcia@igalia.com>
3686
3687         [GLib] Use a GSource instead of a thread to poll memory pressure eventFD in linux implementation
3688         https://bugs.webkit.org/show_bug.cgi?id=159346
3689
3690         Reviewed by Antonio Gomes.
3691
3692         This is a follow up of r203216 to fix wrong use of Optional values.
3693
3694         * platform/linux/MemoryPressureHandlerLinux.cpp:
3695
3696 2016-07-14  Youenn Fablet  <youenn@apple.com>
3697
3698         DOM value iterable interfaces should use Array prototype methods
3699         https://bugs.webkit.org/show_bug.cgi?id=159296
3700
3701         Reviewed by Chris Dumez and Mark Lam.
3702
3703         Test: fast/dom/NodeList/nodelist-iterable.html
3704         Also covered by updated layout test and binding tests.
3705
3706         For value iterators, copy the iterator methods from Array prototype: as per https://heycam.github.io/webidl/#es-iterable,
3707         [re: entries] If the interface has a value iterator, then the Function object is the initial value of the "entries" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
3708         [re: keys] If the interface has a value iterator, then the Function object is the initial value of the "keys" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
3709         [re: forEach] If the interface defines an indexed property getter, then the Function object is the initial value of the "forEach" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
3710         [re: Symbol.iterator] If the interface defines an indexed property getter, then the Function object is %ArrayProto_values% ([ECMA-262], section 6.1.7.4).
3711         [re: values] If the interface has a value iterator, then the Function object is the value of the @@iterator property.
3712
3713         This change applies only to NodeList at the moment.
3714         Copy of Array prototype iterator methods is disabled if the interface has no indexed getter.
3715
3716         * CMakeLists.txt:
3717         * ForwardingHeaders/builtins/BuiltinNames.h: Added.
3718         * ForwardingHeaders/builtins/JSCBuiltins.h: Added.
3719         * ForwardingHeaders/runtime/CommonIdentifiers.h: Added.
3720         * WebCore.xcodeproj/project.pbxproj:
3721         * bindings/js/JSDOMIterator.cpp: Added.
3722         (WebCore::addValueIterableMethods): Copy iterator methods from array prototype.
3723         * bindings/js/JSDOMIterator.h:
3724         * bindings/scripts/CodeGeneratorJS.pm:
3725         (GeneratePropertiesHashTable):
3726         (GenerateImplementation):
3727         (IsValueIterableInterface): Introduced to only copy iterator methods if the interface has an indexed getter.
3728         (IsKeyValueIterableInterface): Introduced to detect whether generating iterator methods.
3729         (GenerateImplementationIterableFunctions):
3730         * bindings/scripts/test/GObject/WebKitDOMTestIterable.cpp: Added.
3731         * bindings/scripts/test/GObject/WebKitDOMTestIterable.h: Added.
3732         * bindings/scripts/test/GObject/WebKitDOMTestIterablePrivate.h: Added.
3733         * bindings/scripts/test/JS/JSTestIterable.cpp: Added.
3734         * bindings/scripts/test/JS/JSTestIterable.h: Added.
3735         * bindings/scripts/test/JS/JSTestObj.cpp: Updated as TestObj defines both iterable<> and indexed getter.
3736         * bindings/scripts/test/ObjC/DOMTestIterable.h: Added.
3737         * bindings/scripts/test/ObjC/DOMTestIterable.mm: Added.
3738         * bindings/scripts/test/ObjC/DOMTestIterableInternal.h: Added.
3739         * bindings/scripts/test/TestIterable.idl: Added to handle the case of value iterator without indexed getter defined.
3740         Array prototype methods should not be copied.
3741         * bindings/scripts/test/TestObj.idl: Changing to be a value iterator (with indexed getter already defined).
3742         Array prototype methods should be copied.
3743
3744 2016-07-14  Youenn Fablet  <youenn@apple.com>
3745
3746         [Fetch API] Request and Response url getter should use URL serialization
3747         https://bugs.webkit.org/show_bug.cgi?id=159705
3748
3749         Reviewed by Alex Christensen.
3750
3751         Tests: fetch/fetch-url-serialization.html
3752                imported/w3c/web-platform-tests/fetch/api/basic/response-url-worker.html
3753                imported/w3c/web-platform-tests/fetch/api/basic/response-url.html
3754
3755         Implementing https://url.spec.whatwg.org/#concept-url-serializer and applying it to Request and Response getter.
3756         Adding a temporary routine to compute url cannot-be-a-base-url flag. The parsing routine should store that
3757         information in the URL itself.
3758
3759         Added tests to cover serialization routine. Failing tests are mostly due to limitations of the URL parser.
3760         Tests do not check for URLs with username and password as Request constructor throws with such URLs.
3761
3762         * Modules/fetch/FetchRequest.cpp:
3763         (WebCore::FetchRequest::url): Adding request url serialization, fragment included.
3764         * Modules/fetch/FetchRequest.h:
3765         * Modules/fetch/FetchResponse.cpp:
3766         (WebCore::FetchResponse::url): Adding response url serialization, fragment excluded.
3767         * Modules/fetch/FetchResponse.h:
3768         * platform/URL.cpp:
3769         (WebCore::cannotBeABaseURL): Temporary helper function to have a coarse evaluation of url cannot-be-a-base-url flag.
3770         (WebCore::URL::serialize): Implementation of https://url.spec.whatwg.org/#concept-url-serializer.
3771         * platform/URL.h:
3772         (WebCore::URL::hasUser): Helper getter.
3773         (WebCore::URL::hasPassword): Ditto.
3774         (WebCore::URL::hasQuery): Ditto.
3775         (WebCore::URL::hasFragment): Ditto.
3776
3777 2016-07-14  Sergio Villar Senin  <svillar@igalia.com>
3778
3779         [css-grid] Const-ify track sizing algorithm
3780         https://bugs.webkit.org/show_bug.cgi?id=159716
3781
3782         Reviewed by Carlos Garcia Campos.
3783
3784         All the methods used to run the track sizing algorithm should not
3785         modify the state of LayoutGrid. We can safely const-ify all of them
3786         and remove the ugly const_cast in computeIntrinsicLogicalWidths().
3787
3788         No new tests needed as there is no change in behavior.
3789
3790         * rendering/RenderGrid.cpp:
3791         (WebCore::RenderGrid::logicalHeightForChild):
3792         (WebCore::RenderGrid::minSizeForChild):
3793         (WebCore::RenderGrid::updateOverrideContainingBlockContentLogicalWidthForChild):
3794         (WebCore::RenderGrid::minContentForChild):
3795         (WebCore::RenderGrid::maxContentForChild):
3796         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
3797         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
3798         (WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase):
3799         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
3800         (WebCore::RenderGrid::distributeSpaceToTracks):
3801         * rendering/RenderGrid.h:
3802
3803 2016-07-14  Jer Noble  <jer.noble@apple.com>
3804
3805         REGRESSION (r202918): LayoutTest media/video-main-content-allow-then-deny.html is flaky, failing almost every time on El Capitan
3806         https://bugs.webkit.org/show_bug.cgi?id=159533
3807
3808         Reviewed by Eric Carlson.
3809
3810         Move the contents of mainContentCheckTimerFired() into updateIsMainContent() so that the
3811         results of changing the m_isMainContent ivar are acted upon no matter why m_isMainContent
3812         changes.
3813
3814         * html/MediaElementSession.cpp:
3815         (WebCore::MediaElementSession::mainContentCheckTimerFired):
3816         (WebCore::MediaElementSession::updateIsMainContent):
3817
3818 2016-07-13  Alex Christensen  <achristensen@webkit.org>
3819
3820         Modernize WebSocket handle
3821         https://bugs.webkit.org/show_bug.cgi?id=159750
3822
3823         Reviewed by Brady Eidson.
3824
3825         No new tests.  No change in behavior.
3826         This patch just removes ThreadableWebSocketChannel::InvalidMessage which is never used
3827         and makes our use of SocketStreamHandleClient a reference instead of a pointer.
3828
3829         * Modules/websockets/ThreadableWebSocketChannel.h:
3830         * Modules/websockets/WebSocket.cpp:
3831         (WebCore::WebSocket::send):
3832         * Modules/websockets/WebSocketChannel.cpp:
3833         (WebCore::WebSocketChannel::connect):
3834         * platform/network/SocketStreamHandleBase.cpp:
3835         (WebCore::SocketStreamHandleBase::SocketStreamHandleBase):
3836         (WebCore::SocketStreamHandleBase::send):
3837         (WebCore::SocketStreamHandleBase::disconnect):
3838         (WebCore::SocketStreamHandleBase::sendPendingData):
3839         (WebCore::SocketStreamHandleBase::setClient): Deleted.
3840         * platform/network/SocketStreamHandleBase.h:
3841         (WebCore::SocketStreamHandleBase::~SocketStreamHandleBase):
3842         (WebCore::SocketStreamHandleBase::bufferedAmount):
3843         (WebCore::SocketStreamHandleBase::client):
3844         * platform/network/cf/SocketStreamHandle.h:
3845         (WebCore::SocketStreamHandle::create):
3846         * platform/network/cf/SocketStreamHandleCFNet.cpp:
3847         (WebCore::SocketStreamHandle::SocketStreamHandle):
3848         (WebCore::SocketStreamHandle::addCONNECTCredentials):
3849         (WebCore::SocketStreamHandle::copyCFStreamDescription):
3850         (WebCore::SocketStreamHandle::readStreamCallback):
3851         (WebCore::SocketStreamHandle::writeStreamCallback):
3852         (WebCore::SocketStreamHandle::reportErrorToClient):
3853         (WebCore::SocketStreamHandle::~SocketStreamHandle):
3854         (WebCore::SocketStreamHandle::platformClose):
3855         (WebCore::SocketStreamHandle::port):
3856         * platform/network/curl/SocketStreamHandle.h:
3857         (WebCore::SocketStreamHandle::create):
3858         * platform/network/curl/SocketStreamHandleCurl.cpp:
3859         (WebCore::SocketStreamHandle::SocketStreamHandle):
3860         (WebCore::SocketStreamHandle::platformClose):
3861         (WebCore::SocketStreamHandle::readData):
3862         (WebCore::SocketStreamHandle::didReceiveData):
3863         (WebCore::SocketStreamHandle::didOpenSocket):
3864         (WebCore::SocketStreamHandle::createCopy):
3865         * platform/network/soup/SocketStreamHandle.h:
3866         * platform/network/soup/SocketStreamHandleSoup.cpp:
3867         (WebCore::SocketStreamHandle::SocketStreamHandle):
3868         (WebCore::SocketStreamHandle::~SocketStreamHandle):
3869         (WebCore::SocketStreamHandle::connected):
3870         (WebCore::SocketStreamHandle::connectedCallback):
3871         (WebCore::SocketStreamHandle::readBytes):
3872         (WebCore::SocketStreamHandle::didFail):
3873         (WebCore::SocketStreamHandle::writeReady):
3874         (WebCore::SocketStreamHandle::platformClose):
3875         (WebCore::SocketStreamHandle::beginWaitingForSocketWritability):
3876
3877 2016-07-13  Carlos Garcia Campos  <cgarcia@igalia.com>
3878
3879         [GLib] Use a GSource instead of a thread to poll memory pressure eventFD in linux implementation
3880         https://bugs.webkit.org/show_bug.cgi?id=159346
3881
3882         Reviewed by Antonio Gomes.
3883
3884         The eventFD file descriptor is pollable, so it would be much better to use a poll instead of a blocking read in
3885         a secondary thread and then communicate back to the main thread. This is very easy to do with GSource in GLib,
3886         so we could use that when GLib is available and keep the current implementation as a fallback.
3887
3888         * platform/MemoryPressureHandler.cpp:
3889         (WebCore::m_holdOffTimer): Use a RunLoop timer.
3890         * platform/MemoryPressureHandler.h:
3891         * platform/linux/MemoryPressureHandlerLinux.cpp:
3892         (WebCore::MemoryPressureHandler::EventFDPoller::EventFDPoller): Helper class do the eventFD polling.
3893         (WebCore::MemoryPressureHandler::logErrorAndCloseFDs): Check if file descriptors are -1 not 0.
3894         (WebCore::MemoryPressureHandler::install): Return early also if the hold off timer is active. Use EventFDPoller
3895         to do the polling.
3896         (WebCore::MemoryPressureHandler::uninstall): Stop the hold off timer and clear the EventFDPoller.
3897
3898 2016-07-13  Benjamin Poulain  <benjamin@webkit.org>
3899
3900         [CSS][ARMv7] :nth-child() do not reserve enough registers if it is in backtracking chain
3901         https://bugs.webkit.org/show_bug.cgi?id=159746
3902         rdar://problem/26156169
3903
3904         Reviewed by Andreas Kling.
3905
3906         The generator generateElementIsNthChild() requires 6 registers in style resolution
3907         to mark previous siblings with generateAddStyleRelationIfResolvingStyle() in the loop.
3908
3909         We were only reserving 5, which is a problem is the sixth is taken by the backtracking
3910         register. x86_64 was already requiring 6 for unrelated reasons and ARM64 has so many registers
3911         that you cannot possibly run out of them in CSS JIT.
3912
3913         I generalized the x86_64 path to all architectures.
3914         I did not limit this case to style resolution because the extra register is irrelevant
3915         in most cases. The only difference is one extra push/pop on ARMv7 if you use querySelector
3916         with :nth-child in a backtracking chain.
3917
3918         This problem is covered by the existing test fast/selectors/nth-child-with-backtracking.html
3919
3920         * cssjit/SelectorCompiler.cpp:
3921         (WebCore::SelectorCompiler::minimumRegisterRequirements): Deleted.
3922
3923 2016-07-13  Chris Dumez  <cdumez@apple.com>
3924
3925         Drop unnecessary check from ContainerNode::removeChild()
3926         https://bugs.webkit.org/show_bug.cgi?id=159747
3927
3928         Reviewed by Andreas Kling.
3929
3930         Drop unnecessary check from ContainerNode::removeChild() to make sure that
3931         the parent of the node being removed is |this|. We already do this check
3932         a few lines above. The only thing that happens in between is the ref'ing
3933         of the node, which does not cause any JS execution.
3934
3935         This check was introduced in r55783 because there used to be a call to
3936         document()->removeFocusedNodeOfSubtree(child.get());
3937         between the two checks. However, this call has been removed since then
3938         and the extra parentNode() check was left in.
3939
3940         * dom/ContainerNode.cpp:
3941         (WebCore::ContainerNode::removeChild): Deleted.
3942
3943 2016-07-12  Ryosuke Niwa  <rniwa@webkit.org>
3944
3945         REGRESSION(r202953): Clicking on input[type=file] doesn't open a file picker
3946         https://bugs.webkit.org/show_bug.cgi?id=159686
3947
3948         Reviewed by Chris Dumez.
3949
3950         The bug was caused by DOMActivate event not propagating out of the user-agent shadow tree
3951         of a file input, and FileInputType not receiving the event to open the file picker.
3952
3953         Made DOMActivate "composed" event which cross shadow boundaries to fix the bug. The feedback
3954         was given back to W3C on https://github.com/w3c/webcomponents/issues/513#issuecomment-231851617
3955
3956         Test: fast/forms/file/open-file-panel.html
3957
3958         * dom/Event.cpp:
3959         (WebCore::Event::composed):
3960
3961 2016-07-13  Antti Koivisto  <antti@apple.com>
3962
3963         v2: WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()
3964         https://bugs.webkit.org/show_bug.cgi?id=159722
3965
3966         Reviewed by Andreas Kling.
3967
3968         We have crashes where a StyleResolver is deleted underneath pseudoStyleForElement (key parts of the stack):
3969
3970         0   WebCore::StyleResolver::~StyleResolver
3971         3   WebCore::AuthorStyleSheets::updateActiveStyleSheets
3972         4   WebCore::Document::styleResolverChanged
3973         5   WebKit::WebPage::viewportConfigurationChanged()
3974         6   WebKit::WebPage::mainFrameDidLayout()
3975         9   WebCore::FrameLoader::checkCompleted
3976         13  WebCore::ResourceLoader::cancel
3977         19  WebKit::WebLoaderStrategy::loadResource
3978         24  WebCore::Style::loadPendingImage
3979         27  WebCore::StyleResolver::pseudoStyleForElement
3980         29  WebCore::RenderTreeUpdater::updateBeforeOrAfterPseudoElement
3981         33  WebCore::Document::recalcStyle
3982
3983         This appears to be happening when a content blocker blocks a resource load for an image referenced from a stylesheet
3984         and triggers synchronous cancellation of the load. With engine in suitable state this can clear style resolver.