Unreviewed, rolling out r231765.
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2018-05-15  Commit Queue  <commit-queue@webkit.org>
2
3         Unreviewed, rolling out r231765.
4         https://bugs.webkit.org/show_bug.cgi?id=185668
5
6         the layout test added with this change is very flaky
7         (Requested by realdawei on #webkit).
8
9         Reverted changeset:
10
11         "REGRESSION (r230574): Interrupted hardware transitions don't
12         behave correctly"
13         https://bugs.webkit.org/show_bug.cgi?id=185299
14         https://trac.webkit.org/changeset/231765
15
16 2018-05-15  Devin Rousso  <webkit@devinrousso.com>
17
18         Web Inspector: Add rulers and guides
19         https://bugs.webkit.org/show_bug.cgi?id=32263
20         <rdar://problem/19281564>
21
22         Reviewed by Matt Baker.
23
24         This patch is purely a visual change for WebInspector, and doesn't affect anything else.
25
26         * inspector/InspectorOverlay.h:
27         * inspector/InspectorOverlay.cpp:
28         (WebCore::InspectorOverlay::update):
29         (WebCore::InspectorOverlay::reset):
30         (WebCore::InspectorOverlay::drawGutter): Deleted.
31
32         * inspector/InspectorOverlayPage.html:
33         * inspector/InspectorOverlayPage.js:
34         (Bounds): Added.
35         (Bounds.prototype.get minX): Added.
36         (Bounds.prototype.get minY): Added.
37         (Bounds.prototype.get maxX): Added.
38         (Bounds.prototype.get maxY): Added.
39         (Bounds.prototype.update): Added.
40         (drawNodeHighlight):
41         (drawQuadHighlight):
42         (reset):
43         (_isolateActions): Added.
44         (_quadToPath): Added.
45         (_quadToPath.parseQuadPoint): Added.
46         (_drawOutlinedQuad): Added.
47         (_drawPath): Added.
48         (_drawPath.parsePoints): Added.
49         (_drawOutlinedQuadWithClip): Added.
50         (_drawElementTitle):
51         (_drawShapeHighlight):
52         (_drawFragmentHighlight):
53         (_drawRulers): Added.
54         (quadToPath): Deleted.
55         (drawOutlinedQuad): Deleted.
56         (pathCommand): Deleted.
57         (drawPath): Deleted.
58         (drawOutlinedQuadWithClip): Deleted.
59         (drawGutter): Deleted.
60         * inspector/InspectorOverlayPage.css:
61         (#log): Added.
62         (#right-gutter): Deleted.
63         (#bottom-gutter): Deleted.
64
65 2018-05-15  Jer Noble  <jer.noble@apple.com>
66
67         Media continues loading after rendered invisible (removed from DOM; scrolled off screen)
68         https://bugs.webkit.org/show_bug.cgi?id=185487
69
70         Reviewed by Eric Carlson.
71
72         Test: media/video-buffering-allowed.html
73
74         When a media element is removed from the dom (e.g. through innerHTML=""), it doesn't
75         necessarily stop loading media data; it will continue to do so until its destructor is
76         called through garbage collection. Similarly, when a media element is rendered not-visible
77         by being scrolled off-screen or being made display:none, media loading continues. There
78         are legitimate use cases for out-of-DOM media loading, so only temporarily block loading
79         when the element transitions out of the document. Similarly, only block loading for non-visible
80         media elements when returning from the "page is hidden" state, and only until the media
81         element is asked to play or is otherwise made visible.
82
83         Note: this refactors a lot of code out of PlatformMediaSession and into MediaElementSession,
84         since this code is specific to "media elements".
85
86         * html/HTMLMediaElement.cpp:
87         (WebCore::HTMLMediaElement::HTMLMediaElement):
88         (WebCore::HTMLMediaElement::insertedIntoAncestor):
89         (WebCore::HTMLMediaElement::removedFromAncestor):
90         (WebCore::HTMLMediaElement::playInternal):
91         (WebCore::HTMLMediaElement::stopWithoutDestroyingMediaPlayer):
92         (WebCore::HTMLMediaElement::resume):
93         (WebCore::HTMLMediaElement::visibilityStateChanged):
94         (WebCore::HTMLMediaElement::createMediaPlayer):
95         (WebCore::HTMLMediaElement::setShouldBufferData):
96         (WebCore::HTMLMediaElement::purgeBufferedDataIfPossible):
97         (WebCore::HTMLMediaElement::isVisibleInViewportChanged):
98         (WebCore::HTMLMediaElement::fullscreenModeChanged):
99         (WebCore::HTMLMediaElement::setInActiveDocument):
100         * html/HTMLMediaElement.h:
101         (WebCore::HTMLMediaElement::shouldBufferData const):
102         (WebCore::HTMLMediaElement::elementIsHidden const):
103         * html/MediaElementSession.cpp:
104         (WebCore::MediaElementSession::MediaElementSession):
105         (WebCore::MediaElementSession::clientWillBeginAutoplaying):
106         (WebCore::MediaElementSession::clientWillBeginPlayback):
107         (WebCore::MediaElementSession::clientWillPausePlayback):
108         (WebCore::MediaElementSession::visibilityChanged):
109         (WebCore::MediaElementSession::isVisibleInViewportChanged):
110         (WebCore::MediaElementSession::inActiveDocumentChanged):
111         (WebCore::MediaElementSession::scheduleClientDataBufferingCheck):
112         (WebCore::MediaElementSession::clientDataBufferingTimerFired):
113         (WebCore::MediaElementSession::updateClientDataBuffering):
114         (WebCore::MediaElementSession::dataBufferingPermitted const):
115         (WebCore::MediaElementSession::wantsToObserveViewportVisibilityForAutoplay const):
116         * html/MediaElementSession.h:
117         * platform/audio/PlatformMediaSession.cpp:
118         (WebCore::PlatformMediaSession::PlatformMediaSession):
119         (WebCore::PlatformMediaSession::clientWillBeginAutoplaying):
120         (WebCore::PlatformMediaSession::clientWillBeginPlayback):
121         (WebCore::PlatformMediaSession::clientWillPausePlayback):
122         (): Deleted.
123         (WebCore::PlatformMediaSession::visibilityChanged): Deleted.
124         (WebCore::PlatformMediaSession::scheduleClientDataBufferingCheck): Deleted.
125         (WebCore::PlatformMediaSession::clientDataBufferingTimerFired): Deleted.
126         (WebCore::PlatformMediaSession::updateClientDataBuffering): Deleted.
127         (WebCore::PlatformMediaSession::isHidden const): Deleted.
128         * platform/audio/PlatformMediaSession.h:
129         (WebCore::PlatformMediaSessionClient::setShouldBufferData): Deleted.
130         (WebCore::PlatformMediaSessionClient::elementIsHidden const): Deleted.
131         * platform/audio/PlatformMediaSessionManager.cpp:
132         (WebCore::PlatformMediaSessionManager::sessionCanLoadMedia const): Deleted.
133         * platform/audio/PlatformMediaSessionManager.h:
134         * platform/audio/ios/MediaSessionManagerIOS.h:
135         * platform/audio/ios/MediaSessionManagerIOS.mm:
136         (WebCore::MediaSessionManageriOS::sessionCanLoadMedia const): Deleted.
137         * rendering/RenderVideo.cpp:
138         (WebCore::RenderVideo::willBeDestroyed):
139         * testing/Internals.cpp:
140         (WebCore::Internals::elementShouldBufferData):
141         * testing/Internals.h:
142         * testing/Internals.idl:
143
144 2018-05-15  Charles Vazac  <cvazac@gmail.com>
145
146         Add the PerformanceServerTiming Interface which makes Server-Timing header timing values available to JavaScript running in the browser.
147         https://bugs.webkit.org/show_bug.cgi?id=175569
148
149         Reviewed by Youenn Fablet.
150
151         Tests were imported from web-platform-tests: WebKit/LayoutTests/imported/w3c/web-platform-tests/server-timing/*
152
153         * Sources.txt: Added references to HeaderFieldTokenizer.cpp, ServerTiming.cpp, and ServerTimingParser.cpp.
154         * WebCore.xcodeproj/project.pbxproj: Added various files.
155         * loader/HeaderFieldTokenizer.cpp: Added.
156         (WebCore::HeaderFieldTokenizer::HeaderFieldTokenizer): Added class for tokenizing header values.
157         (WebCore::HeaderFieldTokenizer::consume): Added method to consume a specified character.
158         (WebCore::HeaderFieldTokenizer::consumeQuotedString): Added method to consume a quote-string.
159         (WebCore::HeaderFieldTokenizer::consumeToken): Added a method to consume a token.
160         (WebCore::HeaderFieldTokenizer::consumeTokenOrQuotedString): Added method to consume a quote-string or quote-string, depending on net character.
161         (WebCore::HeaderFieldTokenizer::skipSpaces): Added method to skip whitespace.
162         (WebCore::HeaderFieldTokenizer::consumeBeforeAnyCharMatch): Added method to advance the cursor up until any of a list of characters.
163         * loader/HeaderFieldTokenizer.h: Added.
164         * loader/HTTPHeaderField.cpp: Expose isTokenCharacter and isWhitespace.
165         * loader/HTTPHeaderField.h: Expose isTokenCharacter and isWhitespace.
166         * loader/PolicyChecker.cpp: Added #include so source compiled on my machine.
167         * loader/ResourceTiming.cpp:
168         (WebCore::ResourceTiming::ResourceTiming): Added call to initServerTiming to parse the header.
169         (WebCore::ResourceTiming::initServerTiming): Added method to parse the header.
170         (WebCore::ResourceTiming::populateServerTiming): Added method to populate the server timing entries on a PerformanceResourceTiming object.
171         (WebCore::ResourceTiming::isolatedCopy const): Added code to copy over the server timing entries.
172         * loader/ResourceTiming.h:
173         (WebCore::ResourceTiming::ResourceTiming): Accept collection of server timing entries in c'tor.
174         * loader/ServerTiming.cpp: Added.
175         (WebCore::ServerTiming::setParameter): Set named parameters, ignoring unrecognized or duplicates.
176         (WebCore::ServerTiming::isolatedCopy const): Return a new pointer to the object.
177         * loader/ServerTiming.h: Added.
178         (WebCore::ServerTiming::ServerTiming): Added struct for the data needed by a server timing entry.
179         (WebCore::ServerTiming::name const): Added name field of a server timing entry.
180         (WebCore::ServerTiming::duration const): Added duration field of a server timing entry.
181         (WebCore::ServerTiming::description const): Added description field of a server timing entry.
182         * loader/ServerTimingParser.cpp: Added.
183         (WebCore::ServerTimingParser::parseServerTiming): Parses the header generating a collection of server timing structs.
184         * loader/ServerTimingParser.h: Added.
185         * loader/WorkerThreadableLoader.h: Fix build.
186         * page/Performance.cpp:
187         (WebCore::Performance::addResourceTiming): Fixed a typo.
188         * page/PerformanceResourceTiming.cpp:
189         (WebCore::PerformanceResourceTiming::PerformanceResourceTiming): Given a ResourceTiming object, populate our collection of PerformanceServerTiming objects.
190         * page/PerformanceResourceTiming.h: Added serverTiming member and getter.
191         * page/PerformanceResourceTiming.idl: Added serverTiming member to interface.
192         * platform/network/HTTPHeaderNames.in: Added "Server-Timing" to the header enum.
193         * platform/network/ResourceResponseBase.cpp: Added "Server-Timing" to isSafeCrossOriginResponseHeader whitelist.
194
195 2018-05-15  Brady Eidson  <beidson@apple.com>
196
197         Fix crash after a Worker terminates but there are still IDB transactions the server is trying to open for it.
198         <rdar://problem/33744241> and https://bugs.webkit.org/show_bug.cgi?id=185653
199
200         Reviewed by Andy Estes.
201
202         Test: storage/indexeddb/modern/worker-transaction-open-after-worker-stop.html
203
204         * Modules/indexeddb/client/IDBConnectionProxy.cpp:
205         (WebCore::IDBClient::IDBConnectionProxy::didStartTransaction): It's okay to not be able to find a pending TX
206           that the server has started. e.g. When it was a WebWorker that asked for the TX but it has since terminated.
207
208 2018-05-15  Thomas Klausner  <tk@giga.or.at>
209
210         Add missing header to fix build.
211         https://bugs.webkit.org/show_bug.cgi?id=185378
212
213         Reviewed by Michael Catanzaro.
214
215         * platform/network/soup/SoupNetworkSession.h:
216
217 2018-05-15  Carlos Alberto Lopez Perez  <clopez@igalia.com>
218
219         [WPE] Build failure with RPi userland drivers and gstreamer-gl
220         https://bugs.webkit.org/show_bug.cgi?id=185639
221
222         Reviewed by Philippe Normand.
223
224         When building for the RPi with userland drivers (dispmanx) override the
225         value of GST_GL_HAVE_GLSYNC to 1 to avoid that the gstreamer-gl headers
226         try to redefine the GLsync type that is already defined in libepoxy.
227
228         Defining __gl2_h_ is also needed to avoid other conflicting type
229         definitions that happen between libepoxy and RPi GLES2 userland
230         headers when the gstreamer-gl headers are included.
231
232         The issue doesn't happen with 1.14.0, so a check for that is added
233         as well.
234
235         No new tests, no behavior change. It is a build fix.
236
237         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
238
239 2018-05-15  Michael Catanzaro  <mcatanzaro@igalia.com>
240
241         Unreviewed, rolling out r230749
242
243         This did not work as desired.
244
245         * platform/UserAgentQuirks.cpp:
246         (WebCore::urlRequiresMacintoshPlatform):
247
248 2018-05-15  Dirk Schulze  <krit@webkit.org>
249
250         Add new SVGDOM SVGFEBLEND constants
251         https://bugs.webkit.org/show_bug.cgi?id=185581
252
253         Reviewed by Simon Fraser.
254
255         Provide new SVG DOM constants for the new blend modes added to feBlend.
256
257         https://drafts.fxtf.org/filter-effects-1/#InterfaceSVGFEBlendElement
258
259         * platform/graphics/GraphicsTypes.cpp:
260         (WebCore::blendModeName):
261         * platform/graphics/GraphicsTypes.h:
262         * svg/SVGFEBlendElement.h:
263         (WebCore::SVGPropertyTraits<BlendMode>::highestEnumValue):
264         (WebCore::SVGPropertyTraits<BlendMode>::toString):
265         * svg/SVGFEBlendElement.idl:
266
267 2018-05-15  Antoine Quint  <graouts@apple.com>
268
269         [Web Animations] Expose Web Animations CSS integration as an experimental feature
270         https://bugs.webkit.org/show_bug.cgi?id=185647
271
272         Reviewed by Dean Jackson.
273
274         Make the Web Animations CSS integration flag an experimental feature, and only indicate that it is on if the Web Animations
275         experimental feature is also enabled.
276
277         * dom/Document.cpp:
278         (WebCore::Document::didBecomeCurrentDocumentInFrame):
279         (WebCore::Document::resume):
280         * dom/Element.cpp:
281         (WebCore::Element::removedFromAncestor):
282         * dom/PseudoElement.cpp:
283         (WebCore::PseudoElement::clearHostElement):
284         * history/CachedFrame.cpp:
285         (WebCore::CachedFrameBase::restore):
286         * page/Frame.cpp:
287         (WebCore::Frame::clearTimers):
288         * page/FrameView.cpp:
289         (WebCore::FrameView::didDestroyRenderTree):
290         * page/Page.cpp:
291         (WebCore::Page::handleLowModePowerChange):
292         (WebCore::Page::setIsVisibleInternal):
293         (WebCore::Page::hiddenPageCSSAnimationSuspensionStateChanged):
294         * page/RuntimeEnabledFeatures.h:
295         (WebCore::RuntimeEnabledFeatures::setWebAnimationsCSSIntegrationEnabled):
296         (WebCore::RuntimeEnabledFeatures::webAnimationsCSSIntegrationEnabled const):
297         (WebCore::RuntimeEnabledFeatures::setCSSAnimationsAndCSSTransitionsBackedByWebAnimationsEnabled): Deleted.
298         (WebCore::RuntimeEnabledFeatures::cssAnimationsAndCSSTransitionsBackedByWebAnimationsEnabled const): Deleted.
299         * rendering/RenderLayer.cpp:
300         (WebCore::RenderLayer::currentTransform const):
301         (WebCore::RenderLayer::calculateClipRects const):
302         * rendering/RenderLayerBacking.cpp:
303         (WebCore::RenderLayerBacking::updateGeometry):
304         * rendering/RenderLayerCompositor.cpp:
305         (WebCore::RenderLayerCompositor::requiresCompositingForAnimation const):
306         (WebCore::RenderLayerCompositor::isRunningTransformAnimation const):
307         * rendering/updating/RenderTreeUpdater.cpp:
308         (WebCore::RenderTreeUpdater::tearDownRenderers):
309         * style/StyleTreeResolver.cpp:
310         (WebCore::Style::TreeResolver::createAnimatedElementUpdate):
311         * testing/InternalSettings.cpp:
312         (WebCore::InternalSettings::webAnimationsCSSIntegrationEnabled):
313         (WebCore::InternalSettings::cssAnimationsAndCSSTransitionsBackedByWebAnimationsEnabled): Deleted.
314         * testing/InternalSettings.h:
315         * testing/InternalSettings.idl:
316         * testing/Internals.cpp:
317         (WebCore::Internals::numberOfActiveAnimations const):
318         (WebCore::Internals::animationsAreSuspended const):
319         (WebCore::Internals::animationsInterval const):
320         (WebCore::Internals::suspendAnimations const):
321         (WebCore::Internals::resumeAnimations const):
322
323 2018-05-15  David Kilzer  <ddkilzer@apple.com>
324
325         Fix -Wreturn-std-move warnings in WebKit found by new clang compiler
326         <https://webkit.org/b/185621>
327
328         Reviewed by Youenn Fablet.
329
330         Fix warnings like the following:
331
332             In file included from DerivedSources/WebCore/unified-sources/UnifiedSource139.cpp:5:
333             ./Modules/mediastream/PeerConnectionBackend.cpp:412:16: error: local variable 'sdp' will be copied despite being returned by name [-Werror,-Wreturn-std-move]
334                     return sdp;
335                            ^~~
336             ./Modules/mediastream/PeerConnectionBackend.cpp:412:16: note: call 'std::move' explicitly to avoid copying
337                     return sdp;
338                            ^~~
339                            std::move(sdp)
340             1 error generated.
341
342         * Modules/mediastream/PeerConnectionBackend.cpp:
343         (WebCore::PeerConnectionBackend::filterSDP const):
344         * accessibility/AccessibilityObject.cpp:
345         (WebCore::rangeClosestToRange):
346         * bindings/js/JSDOMConvertSequences.h:
347         (WebCore::Detail::GenericSequenceConverter::convert):
348         (WebCore::Detail::NumericSequenceConverter::convertArray):
349         * bindings/js/JSDOMConvertStrings.cpp:
350         (WebCore::stringToByteString):
351         (WebCore::stringToUSVString):
352         - Use WTFMove() in return statements to fix the warnings.
353
354 2018-05-14  Dean Jackson  <dino@apple.com>
355
356         Download and present System Preview
357         https://bugs.webkit.org/show_bug.cgi?id=185459
358         <rdar://problem/40079228>
359
360         Reviewed by Tim Horton.
361
362         If an <a> is a system preview, tell the resource request about it.
363
364         * html/HTMLAnchorElement.cpp:
365         (WebCore::HTMLAnchorElement::handleClick):
366
367 2018-05-15  Antti Koivisto  <antti@apple.com>
368
369         animation-play-state: paused causes very high cpu load because of style invalidation loop
370         https://bugs.webkit.org/show_bug.cgi?id=182436
371         <rdar://problem/37182562>
372
373         Reviewed by Dean Jackson.
374
375         Test: animations/animation-playstate-paused-style-resolution.html
376
377         If the style of an element with 'animation-play-state: paused' is recomputed so it stays
378         paused we would enter zero-duration animation timer loop.
379
380         * page/animation/AnimationBase.cpp:
381         (WebCore::AnimationBase::updateStateMachine):
382
383         Don't move to AnimationState::PausedWaitResponse unless we get AnimationStateInput::StyleAvailable
384         (matching the comments). Otherwise just stay in the existing paused state.
385
386         Remove AnimationStateInput::StartAnimation from assertion as the case can't happen.
387
388 2018-05-14  Youenn Fablet  <youenn@apple.com>
389
390         readableStreamDefaultControllerError should return early if stream is not readable
391         https://bugs.webkit.org/show_bug.cgi?id=185602
392
393         Reviewed by Chris Dumez.
394
395         Return early if stream is not readable in @readableStreamDefaultControllerError.
396         Update call sites to no longer check for ReadableStream state.
397         Covered by unflaked and rebased tests.
398
399         * Modules/streams/ReadableStreamDefaultController.js:
400         (error):
401         * Modules/streams/ReadableStreamInternals.js:
402         (readableStreamDefaultControllerError):
403         (readableStreamDefaultControllerCallPullIfNeeded):
404
405 2018-05-14  Zalan Bujtas  <zalan@apple.com>
406
407         [LFC] Implement width computation for non-replaced block level inflow elements.
408         https://bugs.webkit.org/show_bug.cgi?id=185641
409
410         Reviewed by Sam Weinig.
411
412         Block level inflow elements participate in block formatting context.
413
414         * layout/FormattingContext.cpp:
415         (WebCore::Layout::FormattingContext::computeWidth const):
416         * layout/FormattingContext.h:
417         * layout/blockformatting/BlockFormattingContext.cpp:
418         (WebCore::Layout::BlockFormattingContext::computeInFlowWidth const):
419         * layout/blockformatting/BlockFormattingContext.h:
420         * layout/inlineformatting/InlineFormattingContext.cpp:
421         (WebCore::Layout::InlineFormattingContext::computeInFlowWidth const):
422         * layout/inlineformatting/InlineFormattingContext.h:
423
424 2018-05-14  Wenson Hsieh  <wenson_hsieh@apple.com>
425
426         Unreviewed, fix the iOS build after r231779
427
428         Also address a minor in-person review comment by returning "extrazoom" instead of the empty string.
429
430         * page/DisabledAdaptations.cpp:
431         (WebCore::extraZoomModeAdaptationName):
432
433 2018-05-14  Zalan Bujtas  <zalan@apple.com>
434
435         [LFC] FormattingContext:computeOutOfFlowNonReplacedHeight/Width should use the computed margins/paddings/borders
436         https://bugs.webkit.org/show_bug.cgi?id=185633
437
438         Reviewed by Sam Weinig.
439
440         By the time we start computing height and width, DisplayBox should already have the computed values for margin/padding/border.
441
442         * layout/FormattingContext.cpp:
443         (WebCore::Layout::FormattingContext::computeOutOfFlowNonReplacedHeight const):
444         (WebCore::Layout::FormattingContext::computeOutOfFlowNonReplacedWidth const):
445         * layout/displaytree/DisplayBox.h:
446         (WebCore::Display::Box::paddingTop const):
447         (WebCore::Display::Box::paddingLeft const):
448         (WebCore::Display::Box::paddingBottom const):
449         (WebCore::Display::Box::paddingRight const):
450         (WebCore::Display::Box::borderTop const):
451         (WebCore::Display::Box::borderLeft const):
452         (WebCore::Display::Box::borderBottom const):
453         (WebCore::Display::Box::borderRight const):
454
455 2018-05-14  Wenson Hsieh  <wenson_hsieh@apple.com>
456
457         [Extra zoom mode] Google search results are excessively zoomed in
458         https://bugs.webkit.org/show_bug.cgi?id=185347
459         <rdar://problem/39999778>
460
461         Reviewed by Tim Horton.
462
463         It turns out that basing minimum layout size and shrink-to-fit behaviors off of the `shrink-to-fit` viewport
464         argument poses compatibility risks with web pages that already specify `shrink-to-fit` to opt out of default
465         viewport shrinking behaviors in 1/3 multitasking mode on iPad.
466
467         One way to resolve this is to introduce a new viewport meta content attribute to disable viewport heuristics in
468         extra zoom mode. However, combined shrink-to-fit and minimum device width behaviors are difficult to describe
469         using a single backwards-compatible viewport meta content attribute, and the need to suppress the default
470         behavior of `shrink-to-fit=no` if such an attribute is not disabled further muddles our viewport story.
471
472         After some internal deliberation, we’ve decided to experiment with a new meta tag named "disabled-adaptations".
473         The content of this meta tag is a comma-separated list of adaptation names; if an adaptation name matches a
474         known adaptation type (for instance, extra zoom mode), we disable the class of behaviors used to adapt web
475         content. The first and only known adaptation type is extra zoom mode, which affects `shrink-to-fit` and layout
476         size adjustments.
477
478         See per-method changes below for more details.
479
480         Test: fast/viewport/extrazoom/viewport-disable-extra-zoom-adaptations.html
481
482         * Sources.txt:
483         * WebCore.xcodeproj/project.pbxproj:
484         * dom/Document.cpp:
485         (WebCore::Document::processDisabledAdaptations):
486         * dom/Document.h:
487         (WebCore::Document::disabledAdaptations const):
488
489         Add disabled adaptations to Document. Changes to disabled adaptations are not propagated if the parsed disabled
490         adaptation types don't change; upon changing adaptation types, notify the client to adjust for the new disabled
491         adaptations (currently, this only affects the viewport configuration).
492
493         * dom/ViewportArguments.h:
494         * html/HTMLMetaElement.cpp:
495         (WebCore::HTMLMetaElement::process):
496         * html/parser/HTMLPreloadScanner.cpp:
497         (WebCore::TokenPreloadScanner::StartTagScanner::StartTagScanner):
498         (WebCore::TokenPreloadScanner::StartTagScanner::processAttributes):
499         (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):
500         * loader/FrameLoader.cpp:
501         (WebCore::FrameLoader::commitProvisionalLoad):
502
503         Restore the set of disabled adaptations when restoring a page from the cache.
504
505         * page/Chrome.cpp:
506         (WebCore::Chrome::dispatchDisabledAdaptationsDidChange const):
507         * page/Chrome.h:
508         * page/ChromeClient.h:
509
510         Add plumbing for changes to the set of disabled adaptations.
511
512         * page/DisabledAdaptations.cpp: Added.
513         (WebCore::extraZoomModeAdaptationName):
514         * page/DisabledAdaptations.h: Added.
515
516         Introduce a header containing a new enum for the extra zoom mode adaptation, as well as a helper function to
517         return the extra zoom mode adaptation name.
518
519         * page/Page.cpp:
520         (WebCore::Page::disabledAdaptations const):
521
522         Returns the mainframe's set of adaptations to disable.
523
524         * page/Page.h:
525         * page/RemoteFrame.h:
526         * page/RuntimeEnabledFeatures.h:
527         (WebCore::RuntimeEnabledFeatures::setDisabledAdaptationsMetaTagEnabled):
528         (WebCore::RuntimeEnabledFeatures::disabledAdaptationsMetaTagEnabled const):
529
530         Add a new runtime feature to gate handling the "disabled-adaptations" meta tag.
531
532         * page/ViewportConfiguration.cpp:
533         (WebCore::shouldOverrideShrinkToFitArgument):
534         (WebCore::needsUpdateAfterChangingDisabledAdaptations):
535         (WebCore::ViewportConfiguration::setDisabledAdaptations):
536         (WebCore::ViewportConfiguration::shouldOverrideDeviceWidthAndShrinkToFit const):
537
538         Consult whether or not extra zoom mode adaptations are disabled, instead of the shrink-to-fit attribute value.
539
540         (WebCore::ViewportConfiguration::updateConfiguration):
541         * page/ViewportConfiguration.h:
542
543         Add an OptionSet of disabled adaptation types to ViewportConfiguration. Updates to the adaptation type are
544         propagated to the ViewportConfiguration from Document, through the ChromeClient and the client layer (refer to
545         changes in WebKit). Once the OptionSet is changed, we recompute the viewport configuration only if needed by the
546         platform.
547
548         (WebCore::ViewportConfiguration::viewLayoutSize const):
549         (WebCore::ViewportConfiguration::disabledAdaptations const):
550         * page/WindowFeatures.cpp:
551         (WebCore::parseDisabledAdaptations):
552         * page/WindowFeatures.h:
553
554         Add a new helper to parse the meta content of a "disabled-adaptations" tag as an OptionSet of disabled
555         adaptation types. The string is parsed by first splitting on the comma character, and then iterating over lower
556         case, whitespace-stripped tokens to look for known adaptation names. So far, only extra zoom mode is supported.
557
558         * testing/Internals.cpp:
559         (WebCore::Internals::extraZoomModeAdaptationName const):
560         * testing/Internals.h:
561         * testing/Internals.idl:
562
563         Expose the extra zoom mode adaptation name to the DOM, only when running layout tests.
564
565 2018-05-14  Joanmarie Diggs  <jdiggs@igalia.com>
566
567         AX: Listbox and Combobox roles embedded in labels should participate in name calculation
568         https://bugs.webkit.org/show_bug.cgi?id=185521
569
570         Reviewed by Chris Fleizach.
571
572         Take selected children into account when computing the name in accessibleNameForNode.
573         Add ListBox to the roles for which accessibleNameDerivesFromContent returns false so
574         that native select elements with size > 1 are treated the same way as ARIA listbox.
575         Also add ListBox to the roles which are treated as controls when used in ARIA. Finally,
576         prevent labels which contain unrelated controls from being used as an AXTitleUIElement.
577         This causes us to build a string from the label and its descendants, ensuring the latter
578         participate in the name calculation.
579
580         Test: accessibility/text-alternative-calculation-from-listbox.html
581
582         * accessibility/AccessibilityLabel.cpp:
583         (WebCore::childrenContainUnrelatedControls):
584         (WebCore::AccessibilityLabel::containsUnrelatedControls const):
585         * accessibility/AccessibilityLabel.h:
586         * accessibility/AccessibilityNodeObject.cpp:
587         (WebCore::accessibleNameForNode):
588         * accessibility/AccessibilityObject.cpp:
589         (WebCore::AccessibilityObject::accessibleNameDerivesFromContent const):
590         (WebCore::AccessibilityObject::isARIAControl):
591         * accessibility/AccessibilityRenderObject.cpp:
592         (WebCore::AccessibilityRenderObject::exposesTitleUIElement const):
593         (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored const):
594
595 2018-05-14  Antoine Quint  <graouts@apple.com>
596
597         [Web Animations] Tests using the new animation engine may crash under WebCore::FrameView::didDestroyRenderTree when using internals methods
598         https://bugs.webkit.org/show_bug.cgi?id=185612
599         <rdar://problem/39579344>
600
601         Reviewed by Dean Jackson.
602
603         Add a new internals.pseudoElement() method to obtain a pseudo element matching a given pseudo-id. This is necessary to be able to move off
604         internals.pauseTransitionAtTimeOnPseudoElement() and internals.pauseAnimationAtTimeOnPseudoElement() for Web Animations testing.
605
606         * testing/Internals.cpp:
607         (WebCore::Internals::pseudoElement):
608         * testing/Internals.h:
609         * testing/Internals.idl:
610
611 2018-05-14  Antoine Quint  <graouts@apple.com>
612
613         REGRESSION (r230574): Interrupted hardware transitions don't behave correctly
614         https://bugs.webkit.org/show_bug.cgi?id=185299
615         <rdar://problem/39630230>
616
617         Reviewed by Simon Fraser.
618
619         In r230574, the fix for webkit.org/b/184518, we changed the processing order in GraphicsLayerCA::updateAnimations() to first
620         process m_uncomittedAnimations and then m_animationsToProcess, so we are guaranteed animations exist before we attempt to pause
621         or seek them. This broke interrupting and resuming hardware animations (such as an interrupted CSS Transition or an animation
622         running in a non-visible tab) since a pause operation recorded _before_ an animation was added would be paused anyway since
623         the animation was now first added, and then paused. The fix is simply to clear any pending AnimationProcessingAction for a
624         newly-uncommitted animation.
625
626         Test: transitions/interrupted-transition-hardware.html
627
628         * platform/graphics/ca/GraphicsLayerCA.cpp:
629         (WebCore::GraphicsLayerCA::createAnimationFromKeyframes):
630         (WebCore::GraphicsLayerCA::appendToUncommittedAnimations):
631         (WebCore::GraphicsLayerCA::createTransformAnimationsFromKeyframes):
632         * platform/graphics/ca/GraphicsLayerCA.h:
633         (WebCore::GraphicsLayerCA::LayerPropertyAnimation::LayerPropertyAnimation):
634
635 2018-05-14  Thibault Saunier  <tsaunier@igalia.com>
636
637         [GStreamer] Fix style issue in MediaPlayerPrivateGStreamerBase
638         https://bugs.webkit.org/show_bug.cgi?id=185510
639
640         Reviewed by Philippe Normand.
641
642         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:629:  More than one command on the same line  [whitespace/newline] [4]
643         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:684:  More than one command on the same line  [whitespace/newline] [4]
644         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:807:  More than one command on the same line  [whitespace/newline] [4]
645
646         Indentation and style issue fixed only.
647
648         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
649         (WebCore::MediaPlayerPrivateGStreamerBase::volumeChangedCallback):
650         (WebCore::MediaPlayerPrivateGStreamerBase::muteChangedCallback):
651         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
652
653 2018-05-14  Zalan Bujtas  <zalan@apple.com>
654
655         [LFC] Implement height computation for non-replaced out of flow elements.
656         https://bugs.webkit.org/show_bug.cgi?id=185585
657
658         Reviewed by Antti Koivisto.
659
660         * layout/FormattingContext.cpp:
661         (WebCore::Layout::FormattingContext::computeHeight const):
662         (WebCore::Layout::FormattingContext::computeOutOfFlowHeight const):
663         (WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):
664         (WebCore::Layout::FormattingContext::computeOutOfFlowNonReplacedHeight const):
665         (WebCore::Layout::FormattingContext::computeHeightForBlockFormattingContextRootWithAutoHeight const):
666         * layout/FormattingContext.h:
667         * layout/blockformatting/BlockFormattingContext.h:
668         * layout/displaytree/DisplayBox.h:
669
670 2018-05-14  Manuel Rego Casasnovas  <rego@igalia.com>
671
672         Renaming of overrides in LayoutBox
673         https://bugs.webkit.org/show_bug.cgi?id=185609
674
675         Reviewed by Javier Fernandez.
676
677         The names of the methods for the overrides were not consistent,
678         this patch fixes it by using the same structure in all the cases.
679
680         No new tests, no change of behavior.
681
682         * rendering/GridLayoutFunctions.cpp:
683         (WebCore::GridLayoutFunctions::hasOverrideContainingBlockContentSizeForChild):
684         * rendering/GridTrackSizingAlgorithm.cpp:
685         (WebCore::GridTrackSizingAlgorithmStrategy::logicalHeightForChild const):
686         * rendering/RenderBlock.cpp:
687         (WebCore::RenderBlock::computeChildPreferredLogicalWidths const):
688         (WebCore::RenderBlock::availableLogicalHeightForPercentageComputation const):
689         * rendering/RenderBlockFlow.cpp:
690         (WebCore::RenderBlockFlow::fitBorderToLinesIfNeeded):
691         * rendering/RenderBlockLineLayout.cpp:
692         (WebCore::RenderBlockFlow::updateRubyForJustifiedText):
693         * rendering/RenderBox.cpp:
694         (WebCore::RenderBox::willBeDestroyed):
695         (WebCore::RenderBox::hasOverrideContentLogicalHeight const):
696         (WebCore::RenderBox::hasOverrideContentLogicalWidth const):
697         (WebCore::RenderBox::setOverrideContentLogicalHeight):
698         (WebCore::RenderBox::setOverrideContentLogicalWidth):
699         (WebCore::RenderBox::clearOverrideContentLogicalHeight):
700         (WebCore::RenderBox::clearOverrideContentLogicalWidth):
701         (WebCore::RenderBox::clearOverrideContentSize):
702         (WebCore::RenderBox::overrideContentLogicalWidth const):
703         (WebCore::RenderBox::overrideContentLogicalHeight const):
704         (WebCore::RenderBox::overrideContainingBlockContentLogicalWidth const):
705         (WebCore::RenderBox::overrideContainingBlockContentLogicalHeight const):
706         (WebCore::RenderBox::hasOverrideContainingBlockContentLogicalWidth const):
707         (WebCore::RenderBox::hasOverrideContainingBlockContentLogicalHeight const):
708         (WebCore::RenderBox::setOverrideContainingBlockContentLogicalWidth):
709         (WebCore::RenderBox::setOverrideContainingBlockContentLogicalHeight):
710         (WebCore::RenderBox::clearOverrideContainingBlockContentSize):
711         (WebCore::RenderBox::clearOverrideContainingBlockContentLogicalHeight):
712         (WebCore::RenderBox::containingBlockLogicalWidthForContent const):
713         (WebCore::RenderBox::containingBlockLogicalHeightForContent const):
714         (WebCore::RenderBox::perpendicularContainingBlockLogicalHeight const):
715         (WebCore::RenderBox::computeLogicalWidthInFragment const):
716         (WebCore::RenderBox::computeLogicalHeight const):
717         (WebCore::RenderBox::computePercentageLogicalHeight const):
718         (WebCore::RenderBox::computeReplacedLogicalHeightUsing const):
719         (WebCore::RenderBox::availableLogicalHeightUsing const):
720         (WebCore::RenderBox::containingBlockLogicalWidthForPositioned const):
721         (WebCore::RenderBox::containingBlockLogicalHeightForPositioned const):
722         * rendering/RenderBox.h:
723         * rendering/RenderBoxModelObject.cpp:
724         (WebCore::RenderBoxModelObject::hasAutoHeightOrContainingBlockWithAutoHeight const):
725         * rendering/RenderDeprecatedFlexibleBox.cpp:
726         (WebCore::contentWidthForChild):
727         (WebCore::contentHeightForChild):
728         (WebCore::gatherFlexChildrenInfo):
729         (WebCore::RenderDeprecatedFlexibleBox::layoutHorizontalBox):
730         (WebCore::RenderDeprecatedFlexibleBox::layoutVerticalBox):
731         (WebCore::RenderDeprecatedFlexibleBox::applyLineClamp):
732         (WebCore::RenderDeprecatedFlexibleBox::clearLineClamp):
733         * rendering/RenderFlexibleBox.cpp:
734         (WebCore::RenderFlexibleBox::computeInnerFlexBaseSizeForChild):
735         (WebCore::RenderFlexibleBox::crossSizeForPercentageResolution):
736         (WebCore::RenderFlexibleBox::mainSizeForPercentageResolution):
737         (WebCore::RenderFlexibleBox::constructFlexItem):
738         (WebCore::RenderFlexibleBox::setOverrideMainAxisContentSizeForChild):
739         (WebCore::RenderFlexibleBox::applyStretchAlignmentToChild):
740         * rendering/RenderFullScreen.cpp:
741         (WebCore::RenderFullScreen::unwrapRenderer):
742         * rendering/RenderGrid.cpp:
743         (WebCore::RenderGrid::layoutBlock):
744         (WebCore::RenderGrid::layoutGridItems):
745         (WebCore::RenderGrid::applyStretchAlignmentToChildIfNeeded):
746         * rendering/RenderRubyBase.cpp:
747         (WebCore::RenderRubyBase::adjustInlineDirectionLineBounds const):
748         * rendering/RenderTableCell.cpp:
749         (WebCore::RenderTableCell::setOverrideContentLogicalHeightFromRowHeight):
750         * rendering/RenderTableCell.h:
751         * rendering/RenderTableSection.cpp:
752         (WebCore::RenderTableSection::calcRowLogicalHeight):
753         (WebCore::RenderTableSection::relayoutCellIfFlexed):
754
755 2018-05-14  Zalan Bujtas  <zalan@apple.com>
756
757         [LFC] Implement width computation for non-replaced out of flow elements.
758         https://bugs.webkit.org/show_bug.cgi?id=185598
759
760         Reviewed by Antti Koivisto.
761
762         * layout/FormattingContext.cpp:
763         (WebCore::Layout::FormattingContext::computeWidth const):
764         (WebCore::Layout::FormattingContext::computeOutOfFlowWidth const):
765         (WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):
766         (WebCore::Layout::FormattingContext::computeOutOfFlowNonReplacedWidth const):
767         (WebCore::Layout::FormattingContext::shrinkToFitWidth const):
768         * layout/FormattingContext.h:
769         * layout/blockformatting/BlockFormattingContext.cpp:
770         (WebCore::Layout::BlockFormattingContext::layout const):
771         * layout/displaytree/DisplayBox.h:
772
773 2018-05-14  Zan Dobersek  <zdobersek@igalia.com>
774
775         Drop the m_compositorTexture member variable in TextureMapperGC3DPlatformLayer.
776         It's not used at all inside the class or outside it.
777
778         Rubber-stamped by Michael Catanzaro.
779
780         * platform/graphics/texmap/TextureMapperGC3DPlatformLayer.h:
781
782 2018-05-14  Zan Dobersek  <zdobersek@igalia.com>
783
784         [GTK] REGRESSION(r231170) Build broken with Clang 5.0
785         https://bugs.webkit.org/show_bug.cgi?id=185198
786
787         Reviewed by Michael Catanzaro.
788
789         Avoid gperf files using the register keyword which has been made
790         reserved and as such unusable in C++17.
791
792         * css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
793         * css/makeSelectorPseudoElementsMap.py:
794         * css/makeprop.pl:
795         * css/makevalues.pl:
796         * platform/ColorData.gperf:
797         * platform/ReferrerPolicy.h: With std::optional forward declaration
798         gone, explicitly include the WTF Optional.h header.
799         * platform/Theme.h: Ditto.
800         * platform/network/create-http-header-name-table:
801
802 2018-05-14  Commit Queue  <commit-queue@webkit.org>
803
804         Unreviewed, rolling out r219515.
805         https://bugs.webkit.org/show_bug.cgi?id=185603
806
807         It sometimes makes AudioUnitInitialize call to fail in
808         CoreAudioCaptureSource (Requested by youenn on #webkit).
809
810         Reverted changeset:
811
812         "Remove CoreAudioCaptureSource speaker configuration"
813         https://bugs.webkit.org/show_bug.cgi?id=174512
814         https://trac.webkit.org/changeset/219515
815
816 2018-05-13  Dirk Schulze  <krit@webkit.org>
817
818         Implement SVGGeometryElement's isPointInFill and isPointInStroke
819         https://bugs.webkit.org/show_bug.cgi?id=185580
820
821         Reviewed by Antti Koivisto.
822
823         Implement isPointInFill and isPointInStroke methods for
824         SVGGeometryElement interface from SVG2.
825
826         https://svgwg.org/svg2-draft/types.html#InterfaceSVGGeometryElement
827
828         Tests: svg/dom/SVGGeometry-isPointInFill.xhtml
829                svg/dom/SVGGeometry-isPointInStroke.xhtml
830
831         * rendering/svg/RenderSVGEllipse.cpp:
832         (WebCore::RenderSVGEllipse::shapeDependentStrokeContains): Flag
833                 to switch between local and "global" coordinate space for hit testing.
834         * rendering/svg/RenderSVGEllipse.h:
835         * rendering/svg/RenderSVGPath.cpp:
836         (WebCore::RenderSVGPath::shapeDependentStrokeContains): Flag
837                 to switch between local and "global" coordinate space for hit testing.
838         * rendering/svg/RenderSVGPath.h:
839         * rendering/svg/RenderSVGRect.cpp:
840         (WebCore::RenderSVGRect::shapeDependentStrokeContains): Flag
841                 to switch between local and "global" coordinate space for hit testing.
842         * rendering/svg/RenderSVGRect.h:
843         * rendering/svg/RenderSVGShape.cpp:
844         (WebCore::RenderSVGShape::shapeDependentStrokeContains): Flag
845                 to switch between local and "global" coordinate space for hit testing.
846         (WebCore::RenderSVGShape::isPointInFill): Take the winding rule given by
847                 `fill-rule` to test if a given point is in the fill area of a path.
848         (WebCore::RenderSVGShape::isPointInStroke): Take stroke properties into
849                 account to check if a point is on top of the stroke area.
850         * rendering/svg/RenderSVGShape.h:
851         * svg/SVGGeometryElement.cpp:
852         (WebCore::SVGGeometryElement::isPointInFill):
853         (WebCore::SVGGeometryElement::isPointInStroke):
854         (WebCore::SVGGeometryElement::createElementRenderer): Deleted. This is getting implemented
855                 by inheriting classes. No need to create RenderSVGPath here.
856         * svg/SVGGeometryElement.h:
857         * svg/SVGGeometryElement.idl:
858
859 2018-05-12  Zalan Bujtas  <zalan@apple.com>
860
861         Use WeakPtr for m_enclosingPaginationLayer in RenderLayer
862         https://bugs.webkit.org/show_bug.cgi?id=185566
863         <rdar://problem/36486052>
864
865         Reviewed by Simon Fraser.
866
867         Since RenderLayer does not own the enclosing pagination layout, it should
868         construct a weak pointer instead of holding on to a raw pointer.
869
870         Unable to create a reliably reproducible test case.
871
872         * page/mac/EventHandlerMac.mm:
873         (WebCore::scrollableAreaForEventTarget):
874         (WebCore::scrollableAreaForContainerNode):
875         (WebCore::EventHandler::platformPrepareForWheelEvents):
876         * platform/ScrollableArea.h:
877         (WebCore::ScrollableArea::weakPtrFactory const):
878         (WebCore::ScrollableArea::createWeakPtr): Deleted.
879         * rendering/RenderLayer.cpp:
880         (WebCore::RenderLayer::RenderLayer):
881         (WebCore::RenderLayer::updatePagination):
882         * rendering/RenderLayer.h:
883
884 2018-05-11  Daniel Bates  <dabates@apple.com>
885
886         X-Frame-Options: SAMEORIGIN needs to check all ancestor frames
887         https://bugs.webkit.org/show_bug.cgi?id=185567
888         <rdar://problem/40175008>
889
890         Reviewed by Brent Fulgham.
891
892         Change the behavior of "X-Frame-Options: SAMEORIGIN" to ensure that all ancestors frames
893         are same-origin with the document that delivered this header. This prevents an intermediary
894         malicious frame from clickjacking a child frame whose document is same-origin with the top-
895         level frame. It also makes the behavior of X-Frame-Options in WebKit more closely match
896         the behavior of X-Frame-Options in other browsers, including Chrome and Firefox.
897         
898         Currently a document delivered with "X-Frame-Options: SAMEORIGIN" must only be same-origin
899         with the top-level frame's document in order to be displayed. This prevents clickjacking by
900         a malicious page that embeds a page delivered with "X-Frame-Options: SAMEORIGIN". However,
901         it does not protect against clickjacking of the "X-Frame-Options: SAMEORIGIN" page (victim)
902         if embedded by an intermediate malicious iframe, say a "rogue ad", that was embedded in a
903         document same origin with the victim page. We should protect against such attacks. 
904
905         Tests: http/tests/security/XFrameOptions/x-frame-options-ancestors-same-origin-allow.html
906                http/tests/security/XFrameOptions/x-frame-options-ancestors-same-origin-deny.html
907
908         * loader/FrameLoader.cpp:
909         (WebCore::FrameLoader::shouldInterruptLoadForXFrameOptions):
910
911 2018-05-11  Daniel Bates  <dabates@apple.com>
912
913         [iOS] Text decoration of dragged content does not paint with opacity
914         https://bugs.webkit.org/show_bug.cgi?id=185551
915         <rdar://problem/40166867>
916
917         Reviewed by Wenson Hsieh.
918
919         Respect alpha when painting the text decoration for dragged content.
920
921         * rendering/InlineTextBox.cpp:
922         (WebCore::InlineTextBox::MarkedTextStyle::areDecorationMarkedTextStylesEqual): Consider alpha when
923         comparing decoration styles for equality so that we do not coalesce styles with differing alpha.
924         (WebCore::InlineTextBox::paintMarkedTextDecoration): Respect alpha when painting dragged content.
925
926 2018-05-11  Nan Wang  <n_wang@apple.com>
927
928         AX: In role=dialog elements with aria-modal=true VoiceOver iOS/macOS can't manually focus or read dialog paragraph description text inside the modal.
929         https://bugs.webkit.org/show_bug.cgi?id=185219
930         <rdar://problem/39920009>
931
932         Reviewed by Chris Fleizach.
933
934         The text node descendants of a modal dialog are ignored. Fixed it by using AccessibilityObject's 
935         node() to determine if it's the descendant of the modal dialog node.
936
937         Test: accessibility/aria-modal-text-descendants.html
938
939         * accessibility/AccessibilityObject.cpp:
940         (WebCore::AccessibilityObject::isModalDescendant const):
941
942 2018-05-11  Ryosuke Niwa  <rniwa@webkit.org>
943
944         Tapping after CSS-based table casues an infinite loop in wordRangeFromPosition
945         https://bugs.webkit.org/show_bug.cgi?id=185465
946         <rdar://problem/35263057>
947
948         Reviewed by Antti Koivisto.
949
950         The bug was caused by TextIterator not emitting a line break when exiting a CSS-based table when an element
951         with `display: table-row` has an invisible text node. Specifically, TextIterator::exitNode is never called on
952         an element with `table-cell: row` when m_node is a text node with whitespaces which appears after an element
953         with `display: table-cell`.
954
955         For example, for a tree structure like:
956         table-row (R)
957           table-cell (C)
958             "text" (1)
959           " " (2)
960         Getting out of (C) would result in moving onto (2) without generating a line break for (R).
961
962         When this happens in nextBoundary as it tries to find the end of the last word in the table cell, we end up
963         finding the end of the document as the end of the word. As a result, nextWordBoundaryInDirection, the caller
964         of nextBoundary, ends up infinite looping between the positon at the end of the document and the position
965         immediately before the last word in the last table cell when it traverses words backwards.
966
967         This patch fixes the hang by addressing this root cause in TextIterator. Namely, TextIterator now generates
968         a line break when exiting a block while walking up ancestors in TextIterator::advance().
969
970         Tests: editing/selection/tapping-in-table-at-end-of-document.html
971                editing/text-iterator/table-at-end-of-document.html
972
973         * editing/TextIterator.cpp:
974         (WebCore::TextIterator::advance): Fixed the bug.
975         (WebCore::shouldEmitNewlineAfterNode): Do generate a new line at the end of a document when we're trying to
976         generate every visible poitions even there are no renderers beyond this point. e.g. a position inside the
977         last cell of a table at the end of a document hits this condition.
978         (WebCore::shouldEmitExtraNewlineForNode): Don't emit a line break when the render box's height is 0px
979         to avoid generating many empty lines for empty paragraph and header elements (this function is used to generate
980         a blank line between p's and h1/h2/...'s).
981         (WebCore::TextIterator::exitNode):
982
983 2018-05-11  Dean Jackson  <dino@apple.com>
984
985         System preview badge doesn't show on <picture> elements
986         https://bugs.webkit.org/show_bug.cgi?id=185559
987         <rdar://problem/40150066>
988
989         Reviewed by Tim Horton.
990
991         We should also identify <img>s that are the child of a <picture>
992         contained inside the appropriate <a> element.
993
994         Tested internally, since the badge is platform specific.
995
996         * html/HTMLImageElement.cpp:
997         (WebCore::HTMLImageElement::isSystemPreviewImage const): Add logic
998         to look for <picture> parents.
999
1000 2018-05-11  Chris Dumez  <cdumez@apple.com>
1001
1002         REGRESSION (async policy delegate): Revoking an object URL immediately after triggering download breaks file download
1003         https://bugs.webkit.org/show_bug.cgi?id=185531
1004         <rdar://problem/39909589>
1005
1006         Reviewed by Geoffrey Garen.
1007
1008         Whenever we start an asynchronous navigation policy decision for a blob URL, create a temporary
1009         blob URL pointing to the same data, and update the request's URL. This way, if the page's JS revokes
1010         the URL during the policy decision, the load will still succeed.
1011
1012         Test: fast/dom/HTMLAnchorElement/anchor-file-blob-download-then-revoke.html
1013
1014         * loader/DocumentLoader.cpp:
1015         (WebCore::DocumentLoader::willSendRequest):
1016         * loader/FrameLoader.cpp:
1017         (WebCore::FrameLoader::loadURL):
1018         (WebCore::FrameLoader::load):
1019         (WebCore::FrameLoader::loadPostRequest):
1020         * loader/PolicyChecker.cpp:
1021         (WebCore::PolicyChecker::extendBlobURLLifetimeIfNecessary const):
1022         (WebCore::PolicyChecker::checkNavigationPolicy):
1023         (WebCore::PolicyChecker::checkNewWindowPolicy):
1024         * loader/PolicyChecker.h:
1025
1026 2018-05-11  Antti Koivisto  <antti@apple.com>
1027
1028         LinkLoader fails to remove CachedResourceClient in some cases
1029         https://bugs.webkit.org/show_bug.cgi?id=185553
1030         <rdar://problem/36879656>
1031
1032         Reviewed by Geoffrey Garen.
1033
1034         Test: http/tests/preload/link-preload-client-remove.html
1035
1036         * loader/LinkLoader.cpp:
1037         (WebCore::LinkLoader::loadLink):
1038
1039         If there is a link preload already in progress, we fail to clear the client for the ongoing load.
1040         This may leave the CachedResource client map in a bad state.
1041
1042 2018-05-11  Charles Vazac  <cvazac@gmail.com>
1043
1044         Runtime feature flag for Server-Timing
1045         https://bugs.webkit.org/show_bug.cgi?id=184758
1046
1047         Reviewed by Youenn Fablet.
1048
1049         * Source/WebCore/CMakeLists.txt: Added reference to PerformanceServerTiming.idl.
1050         * Source/WebCore/DerivedSources.make: Added reference to PerformanceServerTiming.idl.
1051         * Source/WebCore/Sources.txt: Added reference to PerformanceServerTiming.cpp and JSPerformanceServerTiming.cpp.
1052         * Source/WebCore/WebCore.xcodeproj/project.pbxproj: Added references to PerformanceServerTiming.cpp, PerformanceServerTiming.h, and PerformanceServerTiming.idl.
1053         * Source/WebCore/bindings/js/WebCoreBuiltinNames.h: Added PerformanceServerTiming.
1054         * Source/WebCore/page/PerformanceResourceTiming.h: Added serverTiming member.
1055         * Source/WebCore/page/PerformanceResourceTiming.idl: Added serverTiming attribute.
1056         * Source/WebCore/page/PerformanceServerTiming.cpp: Added.
1057         * Source/WebCore/page/PerformanceServerTiming.h: Added.
1058         * Source/WebCore/page/PerformanceServerTiming.idl: Added.
1059
1060 2018-05-11  Brady Eidson  <beidson@apple.com>
1061
1062         Make sure history navigations reuse the existing process when necessary.
1063         <rdar://problem/39746516> and https://bugs.webkit.org/show_bug.cgi?id=185532
1064
1065         Reviewed by Ryosuke Niwa.
1066
1067         Covered by new API tests.
1068
1069         In WebCore-land, make sure *all* NavigationActions to a back/forward item are tagged with
1070         the item identifier.
1071
1072         * history/HistoryItem.cpp:
1073         (WebCore::HistoryItem::HistoryItem):
1074         (WebCore::HistoryItem::logString const):
1075         * history/HistoryItem.h:
1076
1077         * loader/FrameLoader.cpp:
1078         (WebCore::FrameLoader::loadDifferentDocumentItem):
1079
1080         * loader/NavigationAction.cpp:
1081         (WebCore::NavigationAction::setTargetBackForwardItem):
1082
1083         * loader/NavigationAction.h:
1084         (WebCore::NavigationAction::targetBackForwardItemIdentifier const):
1085
1086 2018-05-11  Yacine Bandou  <yacine.bandou_ext@softathome.com>
1087
1088         [EME][GStreamer] Handle the protection event in MediaPlayerPrivate
1089         https://bugs.webkit.org/show_bug.cgi?id=185535
1090
1091         Reviewed by Xabier Rodriguez-Calvar.
1092
1093         This patch is based on this calvaris's commit
1094         https://github.com/WebPlatformForEmbedded/WPEWebKit/commit/d966168b0d2b65f9ca9415426e26d3752c78b03e
1095
1096         It adds a handler for the protection event in MediaPalyerPrivateGStreamerBase, it extracts the InitData from the event
1097         and sends the encrypted event to JS via HTMLMediaElement.
1098         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1099         (WebCore::MediaPlayerPrivateGStreamerBase::initializationDataEncountered):
1100         (WebCore::MediaPlayerPrivateGStreamerBase::handleProtectionEvent):
1101         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
1102         * platform/graphics/gstreamer/eme/GStreamerEMEUtilities.h: Add a new type InitData.
1103
1104 2018-05-11  Basuke Suzuki  <Basuke.Suzuki@sony.com>
1105
1106         [Curl] Make the cipher suites, the signing algorithms and the curve lists configurable.
1107         https://bugs.webkit.org/show_bug.cgi?id=185139
1108
1109         Add interface to configure the cipher suites, the signing algorithms and the curve lists 
1110         used by OpenSSL and libcurl to exchange, to sign or to verify keys.
1111
1112         Reviewed by Youenn Fablet.
1113
1114         No new tests in public. Have tested internally.
1115
1116         * platform/network/curl/CurlContext.cpp:
1117         (WebCore::CurlHandle::setSslCipherList):
1118         * platform/network/curl/CurlContext.h:
1119         * platform/network/curl/CurlRequest.cpp:
1120         (WebCore::CurlRequest::setupTransfer):
1121         (WebCore::CurlRequest::willSetupSslCtx):
1122         * platform/network/curl/CurlSSLHandle.cpp:
1123         (WebCore::CurlSSLHandle::getCACertPathEnv):
1124         * platform/network/curl/CurlSSLHandle.h:
1125         (WebCore::CurlSSLHandle::getCipherList const):
1126         (WebCore::CurlSSLHandle::getSignatureAlgorithmsList const):
1127         (WebCore::CurlSSLHandle::getCurvesList const):
1128         (WebCore::CurlSSLHandle::setCipherList):
1129         (WebCore::CurlSSLHandle::setSignatureAlgorithmsList):
1130         (WebCore::CurlSSLHandle::setCurvesList):
1131         (WebCore::CurlSSLHandle::getCACertPath const):
1132         (WebCore::CurlSSLHandle::setCACertPath):
1133         * platform/network/curl/CurlSSLVerifier.cpp:
1134         (WebCore::CurlSSLVerifier::CurlSSLVerifier):
1135
1136 2018-05-10  Daniel Bates  <dabates@apple.com>
1137
1138         Use PlatformStrategies to switch between WebKit and WebKitLegacy checking of CSP frame-ancestors and X-Frame-Options
1139         https://bugs.webkit.org/show_bug.cgi?id=185412
1140
1141         Reviewed by Ryosuke Niwa.
1142
1143         Consolidate the knowledge on how to determine whether security checks were performed on a ResourceResponse
1144         into LoaderStrategy::havePerformedSecurityChecks() (default implementation returns false) and query it
1145         to determine whether CSP frame-ancestors and X-Frame-Options need to be checked for a ResourceResponse.
1146
1147         Additionally, rename LoaderStrategy::isDoingLoadingSecurityChecks() to shouldPerformSecurityChecks()
1148         for consistency with havePerformedSecurityChecks(). Querying shouldPerformSecurityChecks() answers the
1149         question of whether the loader strategy is responsible for performing security checks when building up
1150         a ResourceRequest to have the loader strategy load. And LoaderStrategy::havePerformedSecurityChecks()
1151         is used to determine whether the loader strategy performed these security checks for a given ResourceResponse.
1152
1153         * inspector/agents/InspectorNetworkAgent.cpp:
1154         (WebCore::InspectorNetworkAgent::didReceiveResponse):
1155         (WebCore::InspectorNetworkAgent::didFinishLoading):
1156         (WebCore::isResponseProbablyComingFromNetworkProcess): Deleted.
1157         * loader/DocumentLoader.cpp:
1158         (WebCore::DocumentLoader::responseReceived):
1159         * loader/DocumentThreadableLoader.cpp:
1160         (WebCore::shouldPerformSecurityChecks):
1161         (WebCore::DocumentThreadableLoader::shouldSetHTTPHeadersToKeep const):
1162         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
1163         (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest):
1164         (WebCore::DocumentThreadableLoader::redirectReceived):
1165         (WebCore::DocumentThreadableLoader::didFail):
1166         (WebCore::DocumentThreadableLoader::loadRequest):
1167         (WebCore::isDoingSecurityChecksInNetworkProcess): Deleted.
1168         (WebCore::isResponseComingFromNetworkProcess): Deleted.
1169         * loader/LoaderStrategy.cpp:
1170         * loader/LoaderStrategy.h:
1171         * page/Settings.yaml: Remove setting networkProcessCSPFrameAncestorsCheckingEnabled as we now make
1172         use of the loader strategy to determine whether to perform CSP frame-ancestors and X-Frame-Options
1173         checking in DocumentLoader.
1174         * platform/network/ResourceResponseBase.h:
1175         (WebCore::ResourceResponseBase::setSource): Added an ASSERT to catch the programming error of setting
1176         source to ResourceResponse::Source::Unknown. This source type represents an uninitialized ResourceResponse.
1177
1178 2018-05-10  Tim Horton  <timothy_horton@apple.com>
1179
1180         Lookup sometimes shows a second yellow highlight on top of WebKit's TextIndicator
1181         https://bugs.webkit.org/show_bug.cgi?id=185538
1182         <rdar://problem/38817825>
1183
1184         Reviewed by Sam Weinig.
1185
1186         * editing/mac/DictionaryLookup.mm:
1187         (WebCore::showPopupOrCreateAnimationController):
1188         Options can be nil, in which case we can't mutableCopy it and add
1189         LUTermOptionDisableSearchTermIndicator. Instead, create a new dictionary,
1190         and add the items from options, if it's not nil.
1191
1192 2018-05-10  Matt Baker  <mattbaker@apple.com>
1193
1194         Web Inspector: ASSERT_NOT_REACHED in PageDebuggerAgent::didAddEventListener when page adds attribute event listener
1195         https://bugs.webkit.org/show_bug.cgi?id=181580
1196         <rdar://problem/36461309>
1197
1198         Reviewed by Brian Burg.
1199
1200         EventTarget should pass newly added EventListeners to InspectorInstrumentation,
1201         instead of PageDebuggerAgent assuming the last item in the EventListenerVector
1202         is the most recently added listener. This assumption does not hold when
1203         the new listener replaces an existing listener.
1204
1205         * dom/EventTarget.cpp:
1206         (WebCore::EventTarget::addEventListener):
1207         (WebCore::EventTarget::setAttributeEventListener):
1208
1209         * inspector/InspectorInstrumentation.cpp:
1210         (WebCore::InspectorInstrumentation::didAddEventListenerImpl):
1211
1212         * inspector/InspectorInstrumentation.h:
1213         (WebCore::InspectorInstrumentation::didAddEventListener):
1214
1215         * inspector/agents/page/PageDebuggerAgent.cpp:
1216         (WebCore::PageDebuggerAgent::didAddEventListener):
1217         * inspector/agents/page/PageDebuggerAgent.h:
1218
1219 2018-05-10  Chris Dumez  <cdumez@apple.com>
1220
1221         'Cross-Origin-Options header implementation follow-up
1222         https://bugs.webkit.org/show_bug.cgi?id=185520
1223
1224         Reviewed by Ryosuke Niwa.
1225
1226         * dom/Document.cpp:
1227         * dom/Document.h:
1228         * loader/FrameLoader.cpp:
1229         (WebCore::FrameLoader::didBeginDocument):
1230         Using isNull() check is sufficient here as the header parsing
1231         function will do the right thing when passed the empty string.
1232         Also set the options directly on the window instead of the
1233         document. The window is guaranteed to have been constructed
1234         by then because didBeginDocument() is called DocumentWriter::begin()
1235         which calls Document::createDOMWindow() or Document::takeDOMWindowFrom().
1236
1237         * page/AbstractDOMWindow.cpp:
1238         (WebCore::AbstractDOMWindow::AbstractDOMWindow):
1239         * page/AbstractDOMWindow.h:
1240         * page/DOMWindow.cpp:
1241         (WebCore::DOMWindow::DOMWindow):
1242         (WebCore::DOMWindow::didSecureTransitionTo):
1243         * page/RemoteDOMWindow.cpp:
1244         (WebCore::RemoteDOMWindow::RemoteDOMWindow):
1245         * page/RemoteDOMWindow.h:
1246         CrossOriginOptions are now stored only on the Window, not the Document.
1247
1248         * platform/network/HTTPParsers.cpp:
1249         (WebCore::parseCrossOriginOptionsHeader):
1250         Drop strippedHeader local variable as it is not strictly needed.
1251
1252 2018-05-10  Tim Horton  <timothy_horton@apple.com>
1253
1254         Fix the build after r231393
1255         https://bugs.webkit.org/show_bug.cgi?id=185519
1256         <rdar://problem/40131741>
1257
1258         Reviewed by Simon Fraser.
1259
1260         * Configurations/WebCore.xcconfig:
1261
1262 2018-05-10  Eric Carlson  <eric.carlson@apple.com>
1263
1264         Log missing cues correctly
1265         https://bugs.webkit.org/show_bug.cgi?id=185499
1266         <rdar://problem/40113821>
1267
1268         Reviewed by Daniel Bates.
1269
1270         No new tests, tested manually.
1271
1272         * html/track/InbandGenericTextTrack.cpp:
1273         (WebCore::InbandGenericTextTrack::removeGenericCue): Log the cue we searched for, not
1274         the NULL cue.
1275
1276 2018-05-10  Zalan Bujtas  <zalan@apple.com>
1277
1278         [LFC] Implement height computation for non-replaced inflow elements.
1279         https://bugs.webkit.org/show_bug.cgi?id=185474
1280
1281         Reviewed by Antti Koivisto.
1282
1283         Initial implementation. Does not cover all the cases.
1284
1285         * layout/FormattingContext.cpp:
1286         (WebCore::Layout::FormattingContext::computeHeight const):
1287         * layout/FormattingContext.h:
1288         * layout/blockformatting/BlockFormattingContext.cpp:
1289         (WebCore::Layout::BlockFormattingContext::layout const):
1290         (WebCore::Layout::BlockFormattingContext::computeInFlowHeight const):
1291         (WebCore::Layout::BlockFormattingContext::computeInFlowNonReplacedHeight const):
1292         * layout/blockformatting/BlockFormattingContext.h:
1293         * layout/blockformatting/BlockMarginCollapse.cpp:
1294         (WebCore::Layout::collapsedMarginBottomFromLastChild):
1295         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithParent):
1296         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithParentMarginBottom):
1297         (WebCore::Layout::isMarginBottomCollapsedWithParent): Deleted.
1298         * layout/blockformatting/BlockMarginCollapse.h:
1299         * layout/inlineformatting/InlineFormattingContext.cpp:
1300         (WebCore::Layout::InlineFormattingContext::computeInFlowHeight const):
1301         * layout/inlineformatting/InlineFormattingContext.h:
1302         * layout/layouttree/LayoutBox.cpp:
1303         (WebCore::Layout::Box::isReplaced const):
1304         * layout/layouttree/LayoutBox.h:
1305
1306 2018-05-10  Thibault Saunier  <tsaunier@igalia.com>
1307
1308         [GTK] Implement ImageBuffer::toBGRAData
1309         https://bugs.webkit.org/show_bug.cgi?id=185511
1310
1311         Reviewed by Michael Catanzaro.
1312
1313         This was never implemented but will be required for the MediaStream API
1314         tests.
1315
1316         * platform/graphics/ImageBuffer.cpp:
1317         (WebCore::ImageBuffer::toBGRAData const):
1318         * platform/graphics/cg/ImageBufferCG.cpp:
1319         (WebCore::ImageBuffer::toBGRAData const):
1320         * platform/graphics/gtk/ImageBufferGtk.cpp:
1321         (WebCore::ImageBuffer::toBGRAData const):
1322
1323 2018-05-10  Yacine Bandou  <yacine.bandou_ext@softathome.com>
1324
1325         [EME][GStreamer] Add a handler for GStreamer protection event
1326         https://bugs.webkit.org/show_bug.cgi?id=185245
1327
1328         Reviewed by Xabier Rodriguez-Calvar.
1329
1330         Qtdemux sends the protection event when encountered a new PSSH box (encrypted content).
1331
1332         The Decryptor is moved from AppendPipeline to PlaybackPipeline (see https://bugs.webkit.org/show_bug.cgi?id=181855),
1333         thus the protection event is no longer handled because the Decryptor is not in the same pipeline as qtdemux.
1334
1335         AppendPipeline: httpsrc-->qtdemux-->appsink
1336         PlaybackPipeline: appsrc-->parser--> decryptor-->decoder-->sink
1337
1338         This patch attaches a probe to the sink pad of the appsink in the appendPipeline in order to
1339         catch and manage the protection event.
1340
1341         * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
1342         (WebCore::AppendPipeline::AppendPipeline):
1343         (WebCore::AppendPipeline::~AppendPipeline):
1344         (WebCore::appendPipelineAppsinkPadEventProbe):
1345         * platform/graphics/gstreamer/mse/AppendPipeline.h:
1346         (WebCore::AppendPipeline::playerPrivate):
1347
1348 2018-05-10  Yacine Bandou  <yacine.bandou_ext@softathome.com>
1349
1350         [EME][GStreamer] Move the decryptor from AppendPipeline to PlaybackPipeline.
1351         https://bugs.webkit.org/show_bug.cgi?id=181855
1352
1353         Reviewed by Xabier Rodriguez-Calvar.
1354
1355         The goal of this move is to handle the limitation of SVP (Secure Video Path) memory size.
1356
1357         When the decryptor is in the AppendPipeline and we use SVP, we buffer in MediaSource queue
1358         the decrypted GstBuffers that are in SVP memory.
1359         This behavior cause an out-of-memory error, because we are limited in SVP memory size.
1360
1361         By moving the decryptor in PlaybackPipeline, we avoid to buffer the decrypted GstBuffers
1362         which use the SVP memory and we buffer the encrypted GstBuffers that are in system memory.
1363
1364         This new architecture also allows to start the buffering before obtaining the DRM license
1365         and it makes easier to manage dynamic change of the license or Key.
1366
1367         The decryptor is auto plugged by GStreamer playbin in PlaybackPipeline.
1368
1369         SVP: Secure Video Path also named trusted or protected video path, it is a memory which is
1370         protected by a hardware access control engine, it is not accessible to other unauthorised
1371         software or hardware components.
1372
1373         Tests:
1374             media/encrypted-media/clearKey/clearKey-cenc-audio-playback-mse.html
1375             media/encrypted-media/clearKey/clearKey-cenc-video-playback-mse.html
1376
1377         * platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:
1378         (webkitMediaCommonEncryptionDecryptSinkEventHandler):
1379         * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
1380         (WebCore::dumpAppendState):
1381         (WebCore::AppendPipeline::AppendPipeline):
1382         (WebCore::AppendPipeline::handleNeedContextSyncMessage):
1383         (WebCore::AppendPipeline::handleAppsrcNeedDataReceived):
1384         (WebCore::AppendPipeline::setAppendState):
1385         (WebCore::AppendPipeline::parseDemuxerSrcPadCaps):
1386         (WebCore::AppendPipeline::appsinkNewSample):
1387         (WebCore::AppendPipeline::connectDemuxerSrcPadToAppsinkFromAnyThread):
1388         (WebCore::AppendPipeline::disconnectDemuxerSrcPadFromAppsinkFromAnyThread):
1389         (WebCore::appendPipelineElementMessageCallback): Deleted.
1390         (WebCore::AppendPipeline::handleElementMessage): Deleted.
1391         (WebCore::AppendPipeline::dispatchPendingDecryptionStructure): Deleted.
1392         (WebCore::AppendPipeline::dispatchDecryptionStructure): Deleted.
1393         * platform/graphics/gstreamer/mse/AppendPipeline.h:
1394         * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
1395         (WebCore::MediaPlayerPrivateGStreamerMSE::attemptToDecryptWithInstance):
1396         * platform/graphics/gstreamer/mse/PlaybackPipeline.cpp:
1397
1398 2018-05-09  Nan Wang  <n_wang@apple.com>
1399
1400         AX: VoiceOver iframe scrolling focus jumping bug
1401         https://bugs.webkit.org/show_bug.cgi?id=176615
1402         <rdar://problem/34333067>
1403
1404         Reviewed by Chris Fleizach.
1405
1406         Scrolling to make elements visible is not working correctly for elements inside an
1407         offscreen iframe. Fixed it by using RenderLayer::scrollRectToVisible() to handle
1408         scrolling more properly.
1409
1410         Test: accessibility/scroll-to-make-visible-iframe-offscreen.html
1411
1412         * accessibility/AccessibilityObject.cpp:
1413         (WebCore::AccessibilityObject::scrollToMakeVisible const):
1414
1415 2018-05-09  Joanmarie Diggs  <jdiggs@igalia.com>
1416
1417         AX: accessibleNameForNode should simplify whitespace when using innerText
1418         https://bugs.webkit.org/show_bug.cgi?id=185498
1419
1420         Reviewed by Chris Fleizach.
1421
1422         Test: accessibility/text-alternative-calculation-from-unrendered-table.html
1423
1424         Call simplifyWhiteSpace() before returning the innerText value.
1425
1426         * accessibility/AccessibilityNodeObject.cpp:
1427         (WebCore::accessibleNameForNode):
1428
1429 2018-05-09  Chris Dumez  <cdumez@apple.com>
1430
1431         Add initial support for 'Cross-Origin-Options' HTTP response header
1432         https://bugs.webkit.org/show_bug.cgi?id=184996
1433         <rdar://problem/39664620>
1434
1435         Reviewed by Geoff Garen.
1436
1437         Add initial support for 'Cross-Origin-Options' HTTP response header behind an experimental
1438         feature flag, on by default. When the HTTP server services this HTTP response header for a
1439         main resource, we'll set these options on the corresponding Document. This will impact the
1440         behavior of the Document's associated Window API when cross-origin.
1441
1442         The HTTP header has 3 possible values:
1443         - allow: This is the default. Regular cross-origin Window API is available.
1444         - allow-postmessage: Only postMessage() is available on a cross-origin window, trying to
1445           access anything else will throw a SecurityError.
1446         - deny: Trying to do anything with a cross-origin window will throw a SecurityError.
1447
1448         The header has no effect when accessing same origin windows.
1449
1450         Note that on cross-origin access from Window A to Window B, we check the cross-origin
1451         options for both Window A and Window B and use the lowest common denominator as effective
1452         cross-origin options for the access. So if Window A has 'Cross-Origin-Options: deny' and
1453         tries to call postMessage() on Window B which has 'Cross-Origin-Options: allow-postmessage',
1454         we will throw a SecurityError. This is because Window A's more restrictive options (deny)
1455         apply.
1456
1457         Tests: http/wpt/cross-origin-options/allow-postmessage-from-deny.html
1458                http/wpt/cross-origin-options/allow-postmessage.html
1459                http/wpt/cross-origin-options/cross-origin-options-header.html
1460
1461         * bindings/js/JSDOMBindingSecurity.cpp:
1462         (WebCore::BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginOptions):
1463         * bindings/js/JSDOMBindingSecurity.h:
1464         * bindings/js/JSDOMWindowCustom.cpp:
1465         (WebCore::effectiveCrossOriginOptionsForAccess):
1466         (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
1467         (WebCore::JSDOMWindow::getOwnPropertySlot):
1468         (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
1469         (WebCore::addCrossOriginWindowPropertyNames):
1470         (WebCore::addScopedChildrenIndexes):
1471         (WebCore::addCrossOriginWindowOwnPropertyNames):
1472         (WebCore::JSDOMWindow::getOwnPropertyNames):
1473         * bindings/js/JSDOMWindowCustom.h:
1474         * bindings/js/JSRemoteDOMWindowCustom.cpp:
1475         (WebCore::JSRemoteDOMWindow::getOwnPropertySlot):
1476         (WebCore::JSRemoteDOMWindow::getOwnPropertySlotByIndex):
1477         (WebCore::JSRemoteDOMWindow::getOwnPropertyNames):
1478         * bindings/scripts/CodeGeneratorJS.pm:
1479         (GenerateAttributeGetterBodyDefinition):
1480         (GetCrossOriginsOptionsFromExtendedAttributeValue):
1481         (GenerateAttributeSetterBodyDefinition):
1482         (GenerateOperationBodyDefinition):
1483         * bindings/scripts/IDLAttributes.json:
1484         * dom/Document.cpp:
1485         (WebCore::Document::setCrossOriginOptions):
1486         * dom/Document.h:
1487         (WebCore::Document::crossOriginOptions const):
1488         * loader/FrameLoader.cpp:
1489         (WebCore::FrameLoader::didBeginDocument):
1490         * page/AbstractDOMWindow.cpp:
1491         (WebCore::AbstractDOMWindow::AbstractDOMWindow):
1492         * page/AbstractDOMWindow.h:
1493         (WebCore::AbstractDOMWindow::crossOriginOptions):
1494         (WebCore::AbstractDOMWindow::setCrossOriginOptions):
1495         * page/DOMWindow.cpp:
1496         (WebCore::DOMWindow::DOMWindow):
1497         (WebCore::DOMWindow::didSecureTransitionTo):
1498         * page/DOMWindow.idl:
1499         * page/Frame.h:
1500         * page/RemoteDOMWindow.cpp:
1501         (WebCore::RemoteDOMWindow::RemoteDOMWindow):
1502         * page/RemoteDOMWindow.h:
1503         * page/Settings.yaml:
1504         * platform/network/HTTPHeaderNames.in:
1505         * platform/network/HTTPParsers.cpp:
1506         (WebCore::parseCrossOriginOptionsHeader):
1507         * platform/network/HTTPParsers.h:
1508
1509 2018-05-09  Ryosuke Niwa  <rniwa@webkit.org>
1510
1511         Release assert in TreeScopeOrderedMap::remove via HTMLImageElement::removedFromAncestor
1512         https://bugs.webkit.org/show_bug.cgi?id=185493
1513
1514         Reviewed by Brent Fulgham.
1515
1516         Fixed the bug that HTMLImageElement::removedFromAncestor and HTMLMapElement::removedFromAncestor
1517         were calling removeImageElementByUsemap on the document instead of the shadow tree from which it was removed.
1518
1519         Test: fast/images/imagemap-in-shadow-tree-removed.html
1520
1521         * html/HTMLImageElement.cpp:
1522         (WebCore::HTMLImageElement::removedFromAncestor):
1523         * html/HTMLMapElement.cpp:
1524         (WebCore::HTMLMapElement::removedFromAncestor):
1525
1526 2018-05-09  Joanmarie Diggs  <jdiggs@igalia.com>
1527
1528         AX: Hidden nodes which are not directly referenced should not participate name/description from content
1529         https://bugs.webkit.org/show_bug.cgi?id=185478
1530
1531         Reviewed by Chris Fleizach.
1532
1533         Add a check to AccessibilityNodeObject::textUnderElement() and return early
1534         if the node is hidden, not referenced by aria-labelledby or aria-describedby,
1535         not an HTMLLabelElement, and not fallback content for an HTMLCanvasElement.
1536
1537         Test: accessibility/text-alternative-calculation-hidden-nodes.html
1538
1539         * accessibility/AccessibilityNodeObject.cpp:
1540         (WebCore::AccessibilityNodeObject::textUnderElement const):
1541
1542 2018-05-09  Eric Carlson  <eric.carlson@apple.com>
1543
1544         Update MediaSession to use release logging
1545         https://bugs.webkit.org/show_bug.cgi?id=185376
1546         <rdar://problem/40022203>
1547
1548         Reviewed by Youenn Fablet.
1549
1550         No new tests, tested manually.
1551
1552         * Modules/mediastream/MediaStream.h: hostingDocument() doesn't need to return a const Document.
1553         * Modules/webaudio/AudioContext.cpp:
1554         (WebCore::AudioContext::hostingDocument const): Ditto.
1555         * Modules/webaudio/AudioContext.h:
1556
1557         * html/HTMLMediaElement.h: Ditto.
1558
1559         * html/MediaElementSession.cpp:
1560         (WebCore::MediaElementSession::MediaElementSession):
1561         (WebCore::MediaElementSession::addBehaviorRestriction):
1562         (WebCore::MediaElementSession::removeBehaviorRestriction):
1563         (WebCore::MediaElementSession::dataLoadingPermitted const):
1564         (WebCore::MediaElementSession::fullscreenPermitted const):
1565         (WebCore::MediaElementSession::pageAllowsDataLoading const):
1566         (WebCore::MediaElementSession::pageAllowsPlaybackAfterResuming const):
1567         (WebCore::MediaElementSession::canShowControlsManager const):
1568         (WebCore::MediaElementSession::showPlaybackTargetPicker):
1569         (WebCore::MediaElementSession::hasWirelessPlaybackTargets const):
1570         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled const):
1571         (WebCore::MediaElementSession::setWirelessVideoPlaybackDisabled):
1572         (WebCore::MediaElementSession::setHasPlaybackTargetAvailabilityListeners):
1573         (WebCore::MediaElementSession::externalOutputDeviceAvailableDidChange):
1574         (WebCore::MediaElementSession::setShouldPlayToPlaybackTarget):
1575         (WebCore::MediaElementSession::mediaEngineUpdated):
1576         (WebCore::MediaElementSession::willLog const): Deleted.
1577         (WebCore::MediaElementSession::logger const): Deleted.
1578         (WebCore::MediaElementSession::logIdentifier const): Deleted.
1579         (WebCore::MediaElementSession::logChannel const): Deleted.
1580         * html/MediaElementSession.h:
1581
1582         * platform/audio/PlatformMediaSession.cpp:
1583         (WebCore::nextLogIdentifier):
1584         (WebCore::convertEnumerationToString):
1585         (WebCore::PlatformMediaSession::PlatformMediaSession):
1586         (WebCore::PlatformMediaSession::setState):
1587         (WebCore::PlatformMediaSession::beginInterruption):
1588         (WebCore::PlatformMediaSession::endInterruption):
1589         (WebCore::PlatformMediaSession::clientWillBeginAutoplaying):
1590         (WebCore::PlatformMediaSession::clientWillPausePlayback):
1591         (WebCore::PlatformMediaSession::pauseSession):
1592         (WebCore::PlatformMediaSession::stopSession):
1593         (WebCore::PlatformMediaSession::clientDataBufferingTimerFired):
1594         (WebCore::PlatformMediaSession::logChannel const):
1595         (WebCore::stateName): Deleted.
1596         (WebCore::interruptionName): Deleted.
1597         * platform/audio/PlatformMediaSession.h:
1598         (WTF::LogArgument<WebCore::PlatformMediaSession::State>::toString):
1599         (WTF::LogArgument<WebCore::PlatformMediaSession::InterruptionType>::toString):
1600
1601 2018-05-09  Thibault Saunier  <tsaunier@igalia.com>
1602
1603         [GStreamer] Never call updateTracks if running on legacy pipeline
1604         https://bugs.webkit.org/show_bug.cgi?id=184581
1605
1606         This makes sure failling code path is never reached in the conditions where it should not have been reached.
1607
1608         Reviewed by Philippe Normand.
1609
1610         Re enables all tests that were disabled after fixing.
1611
1612         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
1613         (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
1614
1615 2018-05-09  Daniel Bates  <dabates@apple.com>
1616
1617         REGRESSION (r231479): http/tests/appcache/x-frame-options-prevents-framing.php is timing out
1618         https://bugs.webkit.org/show_bug.cgi?id=185443
1619         <rdar://problem/40100660>
1620
1621         Reviewed by Andy Estes.
1622
1623         Following r231479 when using WebKit2 and Restricted HTTP Response Access is enabled (enabled in
1624         WebKitTestRunner) we only check the CSP frame-ancestors directive and X-Frame-Options in
1625         NetworkProcess. We need to check these security requirements in WebContent process whenever
1626         we are performing a substitute data load, such as for app cache, as these loads do not go
1627         through NetworkProcess.
1628
1629         * loader/DocumentLoader.cpp:
1630         (WebCore::DocumentLoader::responseReceived):
1631
1632 2018-05-09  Justin Fan  <justin_fan@apple.com>
1633
1634         Hooked up ASTC support in WebGL; requires OpenGL ES 3 context to work. 
1635         https://bugs.webkit.org/show_bug.cgi?id=185272
1636         <rdar://problem/15745737>
1637
1638         Reviewed by Dean Jackson.
1639
1640         Also added in Khronos' ASTC test from version 1.0.4 beta of their conformance test suite,
1641         although again, this requires OpenGL ES 3 context for WebKit to detect proper support.
1642
1643         Test: fast/canvas/webgl/webgl-compressed-texture-astc.html
1644
1645         * DerivedSources.make:
1646         * Sources.txt:
1647         * WebCore.xcodeproj/project.pbxproj:
1648         * bindings/js/JSDOMConvertWebGL.cpp:
1649         (WebCore::convertToJSValue):
1650         * html/canvas/WebGL2RenderingContext.cpp:
1651         (WebCore::WebGL2RenderingContext::getExtension):
1652         (WebCore::WebGL2RenderingContext::getSupportedExtensions):
1653         * html/canvas/WebGLCompressedTextureASTC.cpp: Added.
1654         (WebCore::WebGLCompressedTextureASTC::WebGLCompressedTextureASTC):
1655         (WebCore::WebGLCompressedTextureASTC::getName const):
1656         (WebCore::WebGLCompressedTextureASTC::supported):
1657         (WebCore::WebGLCompressedTextureASTC::getSupportedProfiles):
1658         * html/canvas/WebGLCompressedTextureASTC.h: Added.
1659         * html/canvas/WebGLCompressedTextureASTC.idl: Added.
1660         * html/canvas/WebGLExtension.h:
1661         * html/canvas/WebGLRenderingContext.cpp:
1662         (WebCore::WebGLRenderingContext::getExtension):
1663         (WebCore::WebGLRenderingContext::getSupportedExtensions):
1664         * html/canvas/WebGLRenderingContextBase.cpp:
1665         (WebCore::WebGLRenderingContextBase::validateCompressedTexFuncData):
1666         (WebCore::WebGLRenderingContextBase::validateCompressedTexDimensions):
1667         * html/canvas/WebGLRenderingContextBase.h:
1668         * platform/graphics/Extensions3D.h:
1669
1670 2018-05-09  Youenn Fablet  <youenn@apple.com>
1671
1672         Allow WebResourceLoader to cancel a load served from a service worker
1673         https://bugs.webkit.org/show_bug.cgi?id=185274
1674
1675         Reviewed by Chris Dumez.
1676
1677         Add support for cancelling a fetch from WebProcess to service worker process.
1678         Use FetchIdentifier instead of uint64_t.
1679
1680         * Modules/fetch/FetchIdentifier.h: Added.
1681         * WebCore.xcodeproj/project.pbxproj:
1682         * workers/service/context/ServiceWorkerFetch.h:
1683         * workers/service/context/ServiceWorkerThreadProxy.cpp:
1684         (WebCore::ServiceWorkerThreadProxy::startFetch):
1685         (WebCore::ServiceWorkerThreadProxy::cancelFetch):
1686         * workers/service/context/ServiceWorkerThreadProxy.h:
1687
1688 2018-05-09  Thibault Saunier  <tsaunier@igalia.com>
1689
1690         [GStreamer] Fix style issue in MediaPlayerPrivateGStreamer
1691         https://bugs.webkit.org/show_bug.cgi?id=185479
1692
1693         Reviewed by Philippe Normand.
1694
1695         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:114:  Multi line control clauses should use braces.  [whitespace/braces] [4]
1696         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:194:  Multi line control clauses should use braces.  [whitespace/braces] [4]
1697         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:398:  One line control clauses should not use braces.  [whitespace/braces] [4]
1698         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:440:  One line control clauses should not use braces.  [whitespace/braces] [4]
1699         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:806:  More than one command on the same line  [whitespace/newline] [4]
1700         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:869:  More than one command on the same line  [whitespace/newline] [4]
1701         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:880:  More than one command on the same line  [whitespace/newline] [4]
1702         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:940:  More than one command on the same line  [whitespace/newline] [4]
1703         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:1102:  Multi line control clauses should use braces.  [whitespace/braces] [4]
1704         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:1109:  Multi line control clauses should use braces.  [whitespace/braces] [4]
1705
1706         Indentation and style issue fixed only.
1707
1708         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
1709         (WebCore::MediaPlayerPrivateGStreamer::registerMediaEngine):
1710         (WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer):
1711         (WebCore::MediaPlayerPrivateGStreamer::changePipelineState):
1712         (WebCore::MediaPlayerPrivateGStreamer::play):
1713         (WebCore::MediaPlayerPrivateGStreamer::videoChangedCallback):
1714         (WebCore::MediaPlayerPrivateGStreamer::videoSinkCapsChangedCallback):
1715         (WebCore::MediaPlayerPrivateGStreamer::audioChangedCallback):
1716         (WebCore::MediaPlayerPrivateGStreamer::textChangedCallback):
1717         (WebCore::MediaPlayerPrivateGStreamer::buffered const):
1718         (WebCore::MediaPlayerPrivateGStreamer::loadNextLocation):
1719
1720 2018-05-09  Daniel Bates  <dabates@apple.com>
1721
1722         REGRESSION (r231479): com.apple.WebCore crash in WebCore::DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied()
1723         https://bugs.webkit.org/show_bug.cgi?id=185475
1724         <rdar://problem/40093853>
1725
1726         Reviewed by Andy Estes.
1727
1728         DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() must extends its lifetime
1729         until completion as dispatching a DOM load event at the associated frame can cause JavaScript execution
1730         that can do anything, including destroying the loader that dispatched the event.
1731
1732         Following r231479 DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() is now
1733         invoked by both DocumentLoader::responseReceived() and WebResourceLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied().
1734         The latter only can happen when using WebKit2 and the experimental feature Restricted HTTP Response Access
1735         is enabled (RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()). Unlike DocumentLoader::responseReceived()
1736         WebResourceLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() does not take out a ref
1737         on the DocumentLoader before invoking DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied().
1738         Therefore, DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() can cause its
1739         own destruction as a result of dispatching a DOM load event at the frame. We should take out a ref on
1740         the DocumentLoader when executing DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied().
1741
1742         * loader/DocumentLoader.cpp:
1743         (WebCore::DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied):
1744
1745 2018-05-09  Tim Horton  <timothy_horton@apple.com>
1746
1747         Fix the build by ignoring some deprecation warnings
1748
1749         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
1750         (WebCore::MediaPlayerPrivateAVFoundationObjC::setShouldDisableSleep):
1751
1752 2018-05-09  Michael Catanzaro  <mcatanzaro@igalia.com>
1753
1754         [WPE] Build cleanly with GCC 8 and ICU 60
1755         https://bugs.webkit.org/show_bug.cgi?id=185462
1756
1757         Reviewed by Carlos Alberto Lopez Perez.
1758
1759         * PlatformGTK.cmake: Include directories are in the wrong place.
1760         * accessibility/AXObjectCache.cpp: Silence -Wclass-memaccess problems and leave warnings.
1761         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
1762         (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
1763         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
1764         (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl):
1765         * css/CSSFontFace.cpp: Silence -Wfallthrough
1766         (WebCore::CSSFontFace::fontLoadTiming const):
1767         * css/CSSSelectorList.cpp: Silence -Wclass-memaccess, this one is intentional.
1768         (WebCore::CSSSelectorList::adoptSelectorVector):
1769         * editing/TextIterator.cpp: Silence ICU deprecation warnings.
1770         * platform/Length.h:
1771         (WebCore::Length::operator=): More -Wclass-memaccess, looks benign.
1772         * platform/graphics/Gradient.cpp:
1773         (WebCore::Gradient::hash const): -Wclass-memaccess again. Leave a warning.
1774         * platform/graphics/SurrogatePairAwareTextIterator.cpp: Silence ICU deprecation warnings.
1775         * platform/graphics/cairo/FontCairoHarfbuzzNG.cpp:
1776         (WebCore::FontCascade::fontForCombiningCharacterSequence const): Silence ICU deprecation.
1777         * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:
1778         (WebCore::FontCustomPlatformData::FontCustomPlatformData): Silence -Wcast-function-type.
1779         * platform/graphics/freetype/SimpleFontDataFreeType.cpp:
1780         (WebCore::Font::canRenderCombiningCharacterSequence const): Silence ICU deprecation.
1781         * platform/graphics/gstreamer/GstAllocatorFastMalloc.cpp:
1782         (gstAllocatorFastMallocMemUnmap): Fix -Wcast-function-type.
1783         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
1784         (WebCore::MediaPlayerPrivateGStreamer::updateTracks): Fix bad printf.
1785         (WebCore::MediaPlayerPrivateGStreamer::enableTrack): Another bad printf.
1786         (WebCore::findHLSQueue): Fix -Wcast-function-type.
1787         * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
1788         (webKitMediaClearKeyDecryptorDecrypt): Fix another bad printf.
1789         * platform/network/soup/SocketStreamHandleImplSoup.cpp: Silence -Wcast-function-type.
1790         (WebCore::SocketStreamHandleImpl::beginWaitingForSocketWritability):
1791         * platform/text/TextEncoding.cpp: Silence ICU deprecration.
1792
1793 2018-05-08  Simon Fraser  <simon.fraser@apple.com>
1794
1795         SVG lighting colors need to be converted into linearSRGB
1796         https://bugs.webkit.org/show_bug.cgi?id=181196
1797
1798         Reviewed by Darin Adler.
1799
1800         Address post-commit comments. Don't make a Color that contains linearRGB components,
1801         but use FloatComponents instead. Since these FloatComponents are in the 0-1 range,
1802         FELighting::setPixelInternal() needs to multiply by 255 since the output pixels are
1803         8-bit 0-255.
1804         
1805         Change linearToSRGBColorComponent() and sRGBToLinearColorComponent() to do math in
1806         floats without promoting to doubles.
1807
1808         * platform/graphics/ColorUtilities.cpp:
1809         (WebCore::FloatComponents::FloatComponents):
1810         (WebCore::linearToSRGBColorComponent):
1811         (WebCore::sRGBToLinearColorComponent):
1812         (WebCore::sRGBColorToLinearComponents):
1813         (WebCore::linearToSRGBColor): Deleted.
1814         (WebCore::sRGBToLinearColor): Deleted.
1815         * platform/graphics/ColorUtilities.h:
1816         * platform/graphics/filters/FELighting.cpp:
1817         (WebCore::FELighting::setPixelInternal):
1818         (WebCore::FELighting::drawLighting):
1819
1820 2018-05-09  Timothy Hatcher  <timothy@apple.com>
1821
1822         Use StyleColor::Options in more places.
1823
1824         https://bugs.webkit.org/show_bug.cgi?id=185458
1825         rdar://problem/39853798
1826
1827         Add UseDefaultAppearance to StyleColor::Options, to avoid passing yet another
1828         boolean on some of these functions.
1829
1830         Reviewed by Tim Horton.
1831
1832         * css/MediaQueryEvaluator.cpp:
1833         * css/StyleColor.h:
1834         * dom/Document.cpp:
1835         (WebCore::Document::useDefaultAppearance const):
1836         (WebCore::Document::styleColorOptions const):
1837         * dom/Document.h:
1838         * platform/Theme.cpp:
1839         (WebCore::Theme::paint):
1840         * platform/Theme.h:
1841         * platform/mac/LocalDefaultSystemAppearance.h:
1842         * platform/mac/LocalDefaultSystemAppearance.mm:
1843         (WebCore::LocalDefaultSystemAppearance::LocalDefaultSystemAppearance):
1844         (WebCore::LocalDefaultSystemAppearance::~LocalDefaultSystemAppearance):
1845         * platform/mac/ThemeMac.h:
1846         * platform/mac/ThemeMac.mm:
1847         (WebCore::paintToggleButton):
1848         (WebCore::paintButton):
1849         (WebCore::ThemeMac::ensuredView):
1850         (WebCore::ThemeMac::drawCellOrFocusRingWithViewIntoContext):
1851         (WebCore::ThemeMac::paint):
1852         (-[WebCoreThemeView initWithUseSystemAppearance:]): Deleted.
1853         * platform/wpe/ThemeWPE.cpp:
1854         (WebCore::ThemeWPE::paint):
1855         * platform/wpe/ThemeWPE.h:
1856         * rendering/RenderListBox.cpp:
1857         (WebCore::RenderListBox::paintItemBackground):
1858         * rendering/RenderTheme.cpp:
1859         (WebCore::RenderTheme::paint):
1860         (WebCore::RenderTheme::inactiveListBoxSelectionBackgroundColor const):
1861         (WebCore::RenderTheme::platformInactiveListBoxSelectionBackgroundColor const):
1862         * rendering/RenderTheme.h:
1863         * rendering/RenderThemeGtk.cpp:
1864         (WebCore::RenderThemeGtk::platformInactiveListBoxSelectionBackgroundColor const):
1865         * rendering/RenderThemeGtk.h:
1866         * rendering/RenderThemeMac.h:
1867         * rendering/RenderThemeMac.mm:
1868         (WebCore::RenderThemeMac::documentViewFor const):
1869         (WebCore::RenderThemeMac::platformInactiveListBoxSelectionBackgroundColor const):
1870         (WebCore::RenderThemeMac::systemColor const):
1871         (WebCore::RenderThemeMac::paintCellAndSetFocusedElementNeedsRepaintIfNecessary):
1872         (WebCore::RenderThemeMac::paintSliderThumb):
1873
1874 2018-05-09  Yacine Bandou  <yacine.bandou_ext@softathome.com>
1875
1876         [EME][GStreamer] Crash when the mediaKeys are created before loading the media in debug conf
1877         https://bugs.webkit.org/show_bug.cgi?id=185244
1878
1879         Reviewed by Xabier Rodriguez-Calvar.
1880
1881         The function "MediaPlayerPrivateGStreamerBase::cdmInstanceAttached" is expected to be called once,
1882         so there is an ASSERT(!m_cdmInstance).
1883         But when the MediaKeys are created before loading the media, the cdminstance is created and attached
1884         to the MediaPlayerPrivate via "MediaPlayerPrivateGStreamerBase::cdmInstanceAttached" before loading
1885         the media, then when the media is loading, the function "MediaPlayerPrivateGStreamerBase::cdmInstanceAttached"
1886         will be called several times via the function "mediaEngineWasUpdated" wich is called for each change
1887         in the MediaElement state, thus the WebProcess crashes in the ASSERT(!m_cdmInstance).
1888
1889         This commit avoid the crash by replacing the assert with a simple check.
1890
1891         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1892         (WebCore::MediaPlayerPrivateGStreamerBase::cdmInstanceAttached):
1893         (WebCore::MediaPlayerPrivateGStreamerBase::cdmInstanceDetached):
1894
1895 2018-05-09  Antti Koivisto  <antti@apple.com>
1896
1897         Add OptionSet::operator& and operator bool
1898         https://bugs.webkit.org/show_bug.cgi?id=185306
1899
1900         Reviewed by Anders Carlsson.
1901
1902         Use it in a few places.
1903
1904         * loader/FrameLoader.cpp:
1905         (WebCore::FrameLoader::reload):
1906         * rendering/RenderLayerCompositor.cpp:
1907         (WebCore::RenderLayerCompositor::logReasonsForCompositing):
1908         (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):
1909
1910 2018-05-08  Dean Jackson  <dino@apple.com>
1911
1912         Disable system preview link fetching
1913         https://bugs.webkit.org/show_bug.cgi?id=185463
1914
1915         Reviewed by Jon Lee.
1916
1917         Temporarily disable system preview detection when a link
1918         is clicked.
1919
1920         * html/HTMLAnchorElement.cpp:
1921         (WebCore::HTMLAnchorElement::handleClick):
1922
1923 2018-05-08  Wenson Hsieh  <wenson_hsieh@apple.com>
1924
1925         Unreviewed, fix the internal iOS build
1926
1927         Add a missing import statement in an implementation file.
1928
1929         * editing/cocoa/WebContentReaderCocoa.mm:
1930
1931 2018-05-08  Ryan Haddad  <ryanhaddad@apple.com>
1932
1933         Unreviewed, rolling out r231486.
1934
1935         Caused service worker LayoutTest failures on macOS Debug WK2.
1936
1937         Reverted changeset:
1938
1939         "Allow WebResourceLoader to cancel a load served from a
1940         service worker"
1941         https://bugs.webkit.org/show_bug.cgi?id=185274
1942         https://trac.webkit.org/changeset/231486
1943
1944 2018-05-08  Wenson Hsieh  <wenson_hsieh@apple.com>
1945
1946         Consolidate WebContentReaderIOS and WebContentReaderMac into WebContentReaderCocoa
1947         https://bugs.webkit.org/show_bug.cgi?id=185340
1948
1949         Reviewed by Tim Horton.
1950
1951         WebContentReader::readURL is currently the only method implemented separately in iOS and macOS platform
1952         WebContentReader files. The implementation across macOS and iOS is nearly identical (with some exceptions with
1953         the way iOS handles file URLs and plain text editing), so we can merge these into a single method
1954         WebContentReaderCocoa and delete WebContentReaderIOS and WebContentReaderMac.
1955
1956         This also has the added bonus of fixing a latent bug in WebContentReaderMac, wherein URLs written to the
1957         pasteboard using -[NSPasteboard writeObjects:] are currently pasted as empty anchor elements. In this case, the
1958         link title isn't made explicit, so the `title` passed in to WebContentReader::readURL is empty. On iOS, we have
1959         code to fall back to pasting the absolute string of the URL if the title is empty, but on macOS, we'll just use
1960         this empty string as the title of the anchor.
1961
1962         Test: PasteMixedContent.PasteURLWrittenToPasteboardUsingWriteObjects
1963
1964         * SourcesCocoa.txt:
1965         * WebCore.xcodeproj/project.pbxproj:
1966         * editing/cocoa/WebContentReaderCocoa.mm:
1967         (WebCore::WebContentReader::readURL):
1968         * editing/ios/WebContentReaderIOS.mm: Removed.
1969         * editing/mac/WebContentReaderMac.mm: Removed.
1970
1971 2018-05-08  Zalan Bujtas  <zalan@apple.com>
1972
1973         [Simple line layout] Cache run resolver.
1974         https://bugs.webkit.org/show_bug.cgi?id=185411
1975
1976         Reviewed by Antti Koivisto.
1977
1978         This patch caches the run resolver on the [SimpleLine]Layout object. 
1979         In certain cases, when the block container has thousands of elements (foobar1<br>foobar2<br>.....foobar9999<br>),
1980         constructing the resolver (and its dependencies) in a repeating fashion could hang the WebProcess.
1981
1982         Covered by existing tests.
1983
1984         * rendering/SimpleLineLayout.cpp:
1985         (WebCore::SimpleLineLayout::create):
1986         (WebCore::SimpleLineLayout::Layout::create):
1987         (WebCore::SimpleLineLayout::Layout::Layout):
1988         * rendering/SimpleLineLayout.h:
1989         (WebCore::SimpleLineLayout::Layout::runResolver const):
1990         * rendering/SimpleLineLayoutFunctions.cpp:
1991         (WebCore::SimpleLineLayout::paintFlow):
1992         (WebCore::SimpleLineLayout::hitTestFlow):
1993         (WebCore::SimpleLineLayout::collectFlowOverflow):
1994         (WebCore::SimpleLineLayout::computeBoundingBox):
1995         (WebCore::SimpleLineLayout::computeFirstRunLocation):
1996         (WebCore::SimpleLineLayout::collectAbsoluteRects):
1997         (WebCore::SimpleLineLayout::collectAbsoluteQuads):
1998         (WebCore::SimpleLineLayout::textOffsetForPoint):
1999         (WebCore::SimpleLineLayout::collectAbsoluteQuadsForRange):
2000         (WebCore::SimpleLineLayout::generateLineBoxTree):
2001         * rendering/SimpleLineLayoutResolver.cpp:
2002         (WebCore::SimpleLineLayout::LineResolver::LineResolver):
2003         * rendering/SimpleLineLayoutResolver.h:
2004         (WebCore::SimpleLineLayout::lineResolver):
2005
2006 2018-05-08  Brent Fulgham  <bfulgham@apple.com>
2007
2008         Switch some RELEASE_ASSERTS to plain debug ASSERTS in PlatformScreenMac.mm
2009         https://bugs.webkit.org/show_bug.cgi?id=185451
2010         <rdar://problem/39620348>
2011
2012         Reviewed by Zalan Bujtas.
2013
2014         Change a set of RELEASE_ASSERTS used to prevent accessing NSScreen related functions in the
2015         PlatformScreenMac implementation to less expensive Debug ASSERTS.
2016
2017         No change in behavior.
2018
2019         * platform/mac/PlatformScreenMac.mm:
2020         (WebCore::screenHasInvertedColors):
2021         (WebCore::screenDepth):
2022         (WebCore::screenDepthPerComponent):
2023         (WebCore::screenRectForDisplay):
2024         (WebCore::screenRect):
2025         (WebCore::screenAvailableRect):
2026         (WebCore::screenColorSpace):
2027         (WebCore::screenSupportsExtendedColor):
2028
2029 2018-05-08  Daniel Bates  <dabates@apple.com>
2030
2031         Resign Strong Password appearance when text field value changes
2032         https://bugs.webkit.org/show_bug.cgi?id=185433
2033         <rdar://problem/39958508>
2034
2035         Reviewed by Ryosuke Niwa.
2036
2037         Remove the Strong Password decoration when the text field's value changes to avoid interfering
2038         with web sites that allow a person to clear the password field.
2039
2040         Tests: fast/forms/auto-fill-button/auto-fill-strong-password-button-when-maxlength-changes.html
2041                fast/forms/auto-fill-button/auto-fill-strong-password-button-when-minlength-changes.html
2042                fast/forms/auto-fill-button/hide-auto-fill-strong-password-button-when-value-changes.html
2043
2044         * html/HTMLInputElement.cpp:
2045         (WebCore::HTMLInputElement::resignStrongPasswordAppearance): Extracted from HTMLInputElement::updateType().
2046         (WebCore::HTMLInputElement::updateType): Extract out logic to resign the Strong Password appearance
2047         into a function that can be shared by this function and HTMLInputElement::setValue().
2048         (WebCore::HTMLInputElement::setValue): Resign the Strong Password appearance if this field was
2049         changed programmatically (i.e. no DOM change event was dispatched).
2050         * html/HTMLInputElement.h:
2051
2052 2018-05-08  Jer Noble  <jer.noble@apple.com>
2053
2054         Unreviewed build fix; add missing function definition.
2055
2056         * html/HTMLMediaElement.h:
2057         (WebCore::HTMLMediaElement::didPassCORSAccessCheck const):
2058
2059 2018-05-08  Jer Noble  <jer.noble@apple.com>
2060
2061         Mute MediaElementSourceNode when tainted.
2062         https://bugs.webkit.org/show_bug.cgi?id=184866
2063
2064         Reviewed by Eric Carlson.
2065
2066         Test: http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin.html
2067
2068         * Modules/webaudio/AudioContext.cpp:
2069         (WebCore::AudioContext::wouldTaintOrigin const):
2070         * Modules/webaudio/AudioContext.h:
2071         * Modules/webaudio/MediaElementAudioSourceNode.cpp:
2072         (WebCore::MediaElementAudioSourceNode::setFormat):
2073         (WebCore::MediaElementAudioSourceNode::wouldTaintOrigin):
2074         (WebCore::MediaElementAudioSourceNode::process):
2075         * Modules/webaudio/MediaElementAudioSourceNode.h:
2076
2077 2018-05-08  Eric Carlson  <eric.carlson@apple.com>
2078
2079         Log rtcstats as JSON
2080         https://bugs.webkit.org/show_bug.cgi?id=185437
2081         <rdar://problem/40065332>
2082
2083         Reviewed by Youenn Fablet.
2084
2085         * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
2086         (WebCore::RTCStatsLogger::RTCStatsLogger): Create a wrapper class so we don't have to add a
2087         toJSONString method to libwebrtc.
2088         (WebCore::RTCStatsLogger::toJSONString const): Log stats as JSON.
2089         (WebCore::LibWebRTCMediaEndpoint::OnStatsDelivered): Don't use the LOGIDENTIFIER macro because
2090         it doesn't work well inside of a lambda.
2091         (WTF::LogArgument<WebCore::RTCStatsLogger>::toString): Move into .cpp file because it is only
2092         used here.
2093         * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.h:
2094         (WTF::LogArgument<webrtc::RTCStats>::toString): Deleted. Move to .cpp file.
2095
2096 2018-05-08  Dean Jackson  <dino@apple.com>
2097
2098         System Preview links should trigger a download
2099         https://bugs.webkit.org/show_bug.cgi?id=185439
2100         <rdar://problem/40065545>
2101
2102         Reviewed by Jon Lee.
2103
2104         Add a new field to FrameLoadRequest, which then is copied
2105         into ResourceRequest, identifying if the link clicked
2106         is a system preview.
2107
2108         * html/HTMLAnchorElement.cpp:
2109         (WebCore::HTMLAnchorElement::handleClick): Look for isSystemPreviewLink().
2110         * loader/FrameLoadRequest.cpp:
2111         (WebCore::FrameLoadRequest::FrameLoadRequest):
2112         * loader/FrameLoadRequest.h: New property.
2113         (WebCore::FrameLoadRequest::FrameLoadRequest):
2114         (WebCore::FrameLoadRequest::isSystemPreview const):
2115         * loader/FrameLoader.cpp:
2116         (WebCore::FrameLoader::urlSelected):
2117         (WebCore::FrameLoader::loadURL):
2118         * loader/FrameLoader.h:
2119         * platform/network/ResourceRequestBase.cpp:
2120         (WebCore::ResourceRequestBase::isSystemPreview const):
2121         (WebCore::ResourceRequestBase::setSystemPreview):
2122         * platform/network/ResourceRequestBase.h:
2123
2124 2018-05-08  Commit Queue  <commit-queue@webkit.org>
2125
2126         Unreviewed, rolling out r231491.
2127         https://bugs.webkit.org/show_bug.cgi?id=185434
2128
2129         Setting the Created key on a cookie does not work yet, due a
2130         bug in CFNetwork (Requested by ggaren on #webkit).
2131
2132         Reverted changeset:
2133
2134         "[WKHTTPCookieStore getAllCookies] returns inconsistent
2135         creation time"
2136         https://bugs.webkit.org/show_bug.cgi?id=185041
2137         https://trac.webkit.org/changeset/231491
2138
2139 2018-05-08  Sihui Liu  <sihui_liu@apple.com>
2140
2141         [WKHTTPCookieStore getAllCookies] returns inconsistent creation time
2142         https://bugs.webkit.org/show_bug.cgi?id=185041
2143         <rdar://problem/34684214>
2144
2145         Reviewed by Geoffrey Garen.
2146
2147         Set creationtime property when creating Cookie object to keep consistency after conversion.
2148
2149         New API test: WebKit.WKHTTPCookieStoreCreationTime.
2150
2151         * platform/network/cocoa/CookieCocoa.mm:
2152         (WebCore::Cookie::operator NSHTTPCookie * const):
2153
2154 2018-05-08  Eric Carlson  <eric.carlson@apple.com>
2155
2156         Text track cue logging should include cue text
2157         https://bugs.webkit.org/show_bug.cgi?id=185353
2158         <rdar://problem/40003565>
2159
2160         Reviewed by Brent Fulgham.
2161
2162         No new tests, tested manually.
2163
2164         * html/track/VTTCue.cpp:
2165         (WebCore::VTTCue::toJSON const):
2166         * platform/graphics/InbandTextTrackPrivateClient.h:
2167         (WebCore::GenericCueData::toJSONString const):
2168         * platform/graphics/iso/ISOVTTCue.cpp:
2169         (WebCore::ISOWebVTTCue::toJSONString const):
2170
2171 2018-05-08  Sam Weinig  <sam@webkit.org>
2172
2173         More cleanup of XMLHttpRequestUpload
2174         https://bugs.webkit.org/show_bug.cgi?id=185409
2175
2176         Reviewed by Alex Christensen.
2177
2178         - Remove unneeded #includes
2179         - Rename m_xmlHttpRequest to m_request
2180         - Make some overloaded some methods private, and mark them as final rather
2181           than override.
2182
2183         * xml/XMLHttpRequestUpload.cpp:
2184         (WebCore::XMLHttpRequestUpload::XMLHttpRequestUpload):
2185         * xml/XMLHttpRequestUpload.h:
2186
2187 2018-05-08  Zalan Bujtas  <zalan@apple.com>
2188
2189         [LFC] Start using BlockMarginCollapse
2190         https://bugs.webkit.org/show_bug.cgi?id=185424
2191
2192         Reviewed by Antti Koivisto.
2193
2194         BlockMarginCollapse could be all static.
2195
2196         * layout/blockformatting/BlockFormattingContext.cpp:
2197         (WebCore::Layout::BlockFormattingContext::marginTop const):
2198         (WebCore::Layout::BlockFormattingContext::marginBottom const):
2199         * layout/blockformatting/BlockMarginCollapse.cpp:
2200         (WebCore::Layout::isMarginTopCollapsedWithSibling):
2201         (WebCore::Layout::isMarginBottomCollapsedWithSibling):
2202         (WebCore::Layout::isMarginTopCollapsedWithParent):
2203         (WebCore::Layout::isMarginBottomCollapsedWithParent):
2204         (WebCore::Layout::collapsedMarginTopFromFirstChild):
2205         (WebCore::Layout::collapsedMarginBottomFromLastChild):
2206         (WebCore::Layout::nonCollapsedMarginTop):
2207         (WebCore::Layout::nonCollapsedMarginBottom):
2208         (WebCore::Layout::BlockMarginCollapse::marginTop):
2209         (WebCore::Layout::BlockMarginCollapse::marginBottom):
2210         (WebCore::Layout::BlockMarginCollapse::BlockMarginCollapse): Deleted.
2211         (WebCore::Layout::BlockMarginCollapse::marginTop const): Deleted.
2212         (WebCore::Layout::BlockMarginCollapse::marginBottom const): Deleted.
2213         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithSibling const): Deleted.
2214         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithSibling const): Deleted.
2215         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithParent const): Deleted.
2216         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithParent const): Deleted.
2217         (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginTop const): Deleted.
2218         (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginBottom const): Deleted.
2219         (WebCore::Layout::BlockMarginCollapse::collapsedMarginTopFromFirstChild const): Deleted.
2220         (WebCore::Layout::BlockMarginCollapse::collapsedMarginBottomFromLastChild const): Deleted.
2221         (WebCore::Layout::BlockMarginCollapse::hasAdjoiningMarginTopAndBottom const): Deleted.
2222         * layout/blockformatting/BlockMarginCollapse.h:
2223
2224 2018-05-08  Youenn Fablet  <youenn@apple.com>
2225
2226         Allow WebResourceLoader to cancel a load served from a service worker
2227         https://bugs.webkit.org/show_bug.cgi?id=185274
2228
2229         Reviewed by Chris Dumez.
2230
2231         Add support for cancelling a fetch from WebProcess to service worker process.
2232         Use FetchIdentifier instead of uint64_t.
2233
2234         * Modules/fetch/FetchIdentifier.h: Added.
2235         * WebCore.xcodeproj/project.pbxproj:
2236         * workers/service/context/ServiceWorkerFetch.h:
2237         * workers/service/context/ServiceWorkerThreadProxy.cpp:
2238         (WebCore::ServiceWorkerThreadProxy::startFetch):
2239         (WebCore::ServiceWorkerThreadProxy::cancelFetch):
2240         * workers/service/context/ServiceWorkerThreadProxy.h:
2241
2242 2018-05-08  Said Abou-Hallawa  <sabouhallawa@apple.com>
2243
2244         feTurbulence is not rendered correctly on Retina display
2245         https://bugs.webkit.org/show_bug.cgi?id=183798
2246
2247         Reviewed by Simon Fraser.
2248
2249         On 2x display the feTurbulence filter creates a scaled ImageBuffer but
2250         processes only the unscaled size. This is a remaining work of r168577 and
2251         is very similar to what was done for the feMorphology filter in r188271.
2252
2253         Test: fast/hidpi/filters-turbulence.html
2254
2255         * platform/graphics/filters/FETurbulence.cpp:
2256         (WebCore::FETurbulence::fillRegion const):
2257         (WebCore::FETurbulence::platformApplySoftware):
2258
2259 2018-05-07  Zalan Bujtas  <zalan@apple.com>
2260
2261         [LFC] Add FormattingContext::layoutOutOfFlowDescendants implementation
2262         https://bugs.webkit.org/show_bug.cgi?id=185377
2263
2264         Reviewed by Antti Koivisto.
2265
2266         Also, remove FormattingContext's m_layoutContext member and pass it in to ::layout() instead.
2267         In theory LayoutContext is needed only during ::layout() call. 
2268
2269         * layout/FormattingContext.cpp:
2270         (WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):
2271         * layout/FormattingContext.h:
2272         (WebCore::Layout::FormattingContext::layoutContext const):
2273         * layout/LayoutContext.cpp:
2274         (WebCore::Layout::LayoutContext::updateLayout):
2275         * layout/blockformatting/BlockFormattingContext.cpp:
2276         (WebCore::Layout::BlockFormattingContext::layout const):
2277         * layout/blockformatting/BlockFormattingContext.h:
2278         * layout/inlineformatting/InlineFormattingContext.cpp:
2279         (WebCore::Layout::InlineFormattingContext::layout const):
2280         * layout/inlineformatting/InlineFormattingContext.h:
2281
2282 2018-05-07  Daniel Bates  <dabates@apple.com>
2283
2284         Check X-Frame-Options and CSP frame-ancestors in network process
2285         https://bugs.webkit.org/show_bug.cgi?id=185410
2286         <rdar://problem/37733934>
2287
2288         Reviewed by Ryosuke Niwa.
2289
2290         * WebCore.xcodeproj/project.pbxproj: Make PingLoader.h a private header so that we can include it in WebKit.
2291         * loader/DocumentLoader.cpp:
2292         (WebCore::DocumentLoader::responseReceived): Only check CSP frame-ancestors and X-Frame-Options here if
2293         we are not checking them in the NetworkProcess and HTTP response access is restricted. I code is otherwise kept
2294         unchanged. There may be opportunities to clean this code up more and share more of it. We should look into this
2295         in subsequent bugs.
2296         * loader/DocumentLoader.h: Change visibility of stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() from
2297         private to public and export it so that we can call it from the WebKit.
2298         * loader/PingLoader.h:
2299         * page/Settings.yaml: Add a new setting called networkProcessCSPFrameAncestorsCheckingEnabled (defaults: false)
2300         and is hardcoded in WebPage.cpp to be enabled. This setting is used to determine if we will be using the NetworkProcess.
2301         Ideally we wouldn't have this setting and just key off RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess().
2302         However RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() is always enabled in WebKit Legacy
2303         at the time of writing (why?). And, strangely, RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()
2304         is conditionally enabled in WebKit. For now, we add a new setting, networkProcessCSPFrameAncestorsCheckingEnabled,
2305         to determine if CSP checking should be performed in NetworkProcess. For checking to actually happen in NetworkProcess
2306         and not in DocumentLoader::responseReceived() RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()
2307         will also need to be enabled.
2308         * page/csp/ContentSecurityPolicy.cpp:
2309         (WebCore::ContentSecurityPolicy::allowFrameAncestors const): Added a variant that takes a vector of ancestor origins.
2310         * page/csp/ContentSecurityPolicy.h:
2311         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
2312         (WebCore::checkFrameAncestors): Ditto.
2313         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForFrameAncestorOrigins const): Ditto.
2314         * page/csp/ContentSecurityPolicyDirectiveList.h: Export constructor so that we can invoke it from NetworkResourceLoader::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions().
2315         * page/csp/ContentSecurityPolicyResponseHeaders.h:
2316         * platform/network/HTTPParsers.h: Export XFrameOptionsDisposition() so that we can use in WebKit.
2317
2318 2018-05-07  Daniel Bates  <dabates@apple.com>
2319
2320         Abstract logic to log console messages and send CSP violation reports into a client
2321         https://bugs.webkit.org/show_bug.cgi?id=185393
2322         <rdar://problem/40036053>
2323
2324         Reviewed by Brent Fulgham.
2325
2326         First pass at adding infrastructure to supporting CSP reporting from NetworkProcess and workers.
2327         Replaces the existing ContentSecurityPolicy constructor that takes a Frame with one that
2328         takes a ContentSecurityPolicyClient to delegate to for logging and sending reports. We will look
2329         to remove ContentSecurityPolicy constructor that takes a ScriptExecutionContext in a follow up.
2330
2331         Standardize on instantiating a ContentSecurityPolicy with the full URL to resource that it protects
2332         instead of taking only the SecurityOrigin of this URL. By taking the full URL the ContentSecurityPolicy
2333         object is now capable of resolving a relative report URL without needing a Document/ScriptExecutionContext.
2334
2335         We are underutilizing the CSPInfo struct and ContentSecurityPolicyClient::willSendCSPViolationReport()
2336         delegate callback in this patch. We will make use of this functionality in a subsequent patch to
2337         support collecting script state (e.g. source line number) when reporting CSP violations in worker
2338         threads. We also no longer go through the unnecessary motions to try to collect script state for a
2339         frame-ancestors violation (since DocumentLoader extends ContentSecurityPolicyClient and does not
2340         implement ContentSecurityPolicyClient::willSendCSPViolationReport()). The frame-ancestors directive
2341         is checked before a document is parsed and executes script; => there will never be any script state
2342         to collect; => it is not necessary to try to collect it as we currently do.
2343
2344         * Sources.txt: Add file ContentSecurityPolicyClient.cpp. See the remarks for ContentSecurityPolicyClient.cpp
2345         below on why we have this file.
2346         * WebCore.xcodeproj/project.pbxproj: Add files ContentSecurityPolicyClient.{h, cpp}.
2347         * dom/Document.cpp:
2348         (WebCore::Document::initSecurityContext): Pass the URL of the protected document.
2349         * loader/DocumentLoader.cpp:
2350         (WebCore::DocumentLoader::responseReceived): Ditto.
2351         (WebCore::DocumentLoader::addConsoleMessage): Added.
2352         (WebCore::DocumentLoader::sendCSPViolationReport): Added.
2353         (WebCore::DocumentLoader::dispatchSecurityPolicyViolationEvent): Added.
2354         * loader/DocumentLoader.h:
2355         * loader/FrameLoaderClient.h: Fix typo in comment.
2356         * loader/WorkerThreadableLoader.cpp:
2357         (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass the URL of the worker script.
2358         * page/csp/ContentSecurityPolicy.cpp:
2359         (WebCore::ContentSecurityPolicy::ContentSecurityPolicy): Added overload that takes a URL&& and an optional
2360         ContentSecurityPolicyClient*.
2361         (WebCore::ContentSecurityPolicy::deprecatedURLForReporting const): Extracted and simplified stripURLForUseInReport()
2362         into this member function.
2363         (WebCore::ContentSecurityPolicy::reportViolation const): Modified to make use of the client, if we have
2364         one and removed code for handling a ContentSecurityPolicy that was instantiated with a Frame.
2365         (WebCore::ContentSecurityPolicy::logToConsole const): Ditto.
2366         (WebCore::stripURLForUseInReport): Deleted; incorporated into ContentSecurityPolicy::deprecatedURLForReporting().
2367         * page/csp/ContentSecurityPolicy.h:
2368         * page/csp/ContentSecurityPolicyClient.cpp: Added. This file exists so that we can define the virtual
2369         destructor out-of-line and export this abstract class so as to avoid the need for the vtable to be
2370         defined in the translation unit of each derived class.
2371         * page/csp/ContentSecurityPolicyClient.h: Added.
2372         * page/csp/ContentSecurityPolicySource.cpp:
2373         (WebCore::ContentSecurityPolicySource::operator SecurityOriginData const): Added.
2374         * page/csp/ContentSecurityPolicySource.h:
2375         * workers/WorkerGlobalScope.cpp:
2376         (WebCore::WorkerGlobalScope::WorkerGlobalScope): Instantiate the ContentSecurityPolicy object with the
2377         URL of the worker script.
2378
2379 2018-05-07  Simon Fraser  <simon.fraser@apple.com>
2380
2381         CSS filters which reference SVG filters fail to respect the "color-interpolation-filters" of the filter
2382         https://bugs.webkit.org/show_bug.cgi?id=185343
2383
2384         Reviewed by Dean Jackson.
2385
2386         Test: css3/filters/color-interpolation-filters.html
2387         
2388         When applying CSS reference filters, apply the value of "color-interpolation-filters" for the
2389         referenced filter effect element, just as we do for SVG filters.
2390
2391         * rendering/FilterEffectRenderer.cpp:
2392         (WebCore::FilterEffectRenderer::buildReferenceFilter):
2393
2394 2018-05-07  Daniel Bates  <dabates@apple.com>
2395
2396         CSP status-code incorrect for document blocked due to violation of its frame-ancestors directive
2397         https://bugs.webkit.org/show_bug.cgi?id=185366
2398         <rdar://problem/40035116>
2399
2400         Reviewed by Brent Fulgham.
2401
2402         Fixes an issue where the status-code in the sent CSP report for an HTTP document blocked because
2403         its frame-ancestors directive was violated would be the status code of the previously loaded
2404         document in the frame. If the previously loaded document was about:blank then this would be 0.
2405
2406         Currently whenever we send a CSP report we ask the document's loader (Document::loader()) for the
2407         HTTP status code for the last response. Document::loader() returns the loader for the last committed
2408         document its frame. For a frame-ancestors violation, a CSP report is sent before the document
2409         that had the frame-ancestors directive has been committed and after it has been associate with a frame.
2410         As a result we are in are in a transient transition state for the frame and hence the last response
2411         for new document's loader (Document::loader()) is actually the last response of the previously loaded
2412         document in the frame. Instead we need to take care to tell CSP about the HTTP status code for the
2413         response associated with the document the CSP came from.
2414
2415         * dom/Document.cpp:
2416         (WebCore::Document::processHttpEquiv):
2417         (WebCore::Document::initSecurityContext):
2418         Pass the HTTP status code to CSP.
2419
2420         * page/csp/ContentSecurityPolicy.cpp:
2421         (WebCore::ContentSecurityPolicy::copyStateFrom):
2422         (WebCore::ContentSecurityPolicy::responseHeaders const):
2423         (WebCore::ContentSecurityPolicy::didReceiveHeaders):
2424         (WebCore::ContentSecurityPolicy::didReceiveHeader):
2425         (WebCore::ContentSecurityPolicy::reportViolation const):
2426         * page/csp/ContentSecurityPolicy.h:
2427         Modify existing functions to take the HTTP status code, store it in a instance variable,
2428         and reference this variable when reporting a violation.
2429
2430         * page/csp/ContentSecurityPolicyResponseHeaders.cpp:
2431         (WebCore::ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders):
2432         (WebCore::ContentSecurityPolicyResponseHeaders::isolatedCopy const):
2433         * page/csp/ContentSecurityPolicyResponseHeaders.h:
2434         (WebCore::ContentSecurityPolicyResponseHeaders::encode const):
2435         (WebCore::ContentSecurityPolicyResponseHeaders::decode):
2436         Store the HTTP status code along with the response headers.
2437
2438 2018-05-07  Daniel Bates  <dabates@apple.com>
2439
2440         CSP referrer incorrect for document blocked due to violation of its frame-ancestors directive
2441         https://bugs.webkit.org/show_bug.cgi?id=185380
2442
2443         Reviewed by Brent Fulgham.
2444
2445         Similar to <https://bugs.webkit.org/show_bug.cgi?id=185366>, fixes an issue where the referrer
2446         in the sent CSP report for an HTTP document blocked because its frame-ancestors directive was
2447         violated would be the referrer of the previously loaded document in the frame.
2448
2449         Currently whenever we send a CSP report we ask the document's loader (Document::loader()) for
2450         the referrer for the last request. Document::loader() returns the loader for the last committed
2451         document in its frame. For a frame-ancestors violation, a CSP report is sent before the document
2452         that had the frame-ancestors directive has been committed and after it has been associate with a
2453         frame. As a result we are in a transient transition state for the frame and hence the last request
2454         for the new document's loader (Document::loader()) is actually the last request of the previously
2455         loaded document in the frame. Instead we need to take care to tell CSP about the referrer for the
2456         request associated with the document the CSP came from.
2457
2458         * loader/DocumentLoader.cpp:
2459         (WebCore::DocumentLoader::responseReceived):
2460
2461 2018-05-07  Brent Fulgham  <bfulgham@apple.com>
2462
2463         Add experimental feature to prompt for Storage Access API use
2464         https://bugs.webkit.org/show_bug.cgi?id=185335
2465         <rdar://problem/39994649>
2466
2467         Reviewed by Alex Christensen and Youenn Fablet.
2468
2469         Create a new experimental feature that gates the ability of WebKit clients to prompt the user when
2470         Storage Access API is invoked.
2471
2472         Currently this feature doesn't have any user-visible impact.
2473
2474         * page/RuntimeEnabledFeatures.h:
2475         (WebCore::RuntimeEnabledFeatures::setStorageAccessPromptsEnabled):
2476         (WebCore::RuntimeEnabledFeatures::storageAccessPromptsEnabled const):
2477         * testing/InternalSettings.cpp:
2478         (WebCore::InternalSettings::Backup::Backup):
2479         (WebCore::InternalSettings::Backup::restoreTo):
2480         (WebCore::InternalSettings::setStorageAccessPromptsEnabled):
2481         * testing/InternalSettings.h:
2482         * testing/InternalSettings.idl:
2483
2484 2018-05-07  Chris Dumez  <cdumez@apple.com>
2485
2486         Stop using an iframe's id as fallback if its name attribute is not set
2487         https://bugs.webkit.org/show_bug.cgi?id=11388
2488
2489         Reviewed by Geoff Garen.
2490
2491         WebKit had logic to use an iframe's id as fallback name when its name
2492         content attribute is not set. This behavior was not standard and did not
2493         match other browsers:
2494         - https://html.spec.whatwg.org/#attr-iframe-name
2495
2496         Gecko / Trident never behaved this way. Blink was aligned with us until
2497         they started to match the specification in:
2498         - https://bugs.chromium.org/p/chromium/issues/detail?id=347169
2499
2500         This WebKit quirk was causing some Web-compatibility issues because it
2501         would affect the behavior of Window's name property getter when trying
2502         to look up an iframe by id. Because of Window's named property getter
2503         behavior [1], we would return the frame's contentWindow instead of the
2504         iframe element itself.
2505
2506         [1] https://html.spec.whatwg.org/multipage/window-object.html#named-access-on-the-window-object
2507
2508         Test: fast/dom/Window/named-getter-frame-id.html
2509
2510         * html/HTMLFrameElementBase.cpp:
2511         (WebCore::HTMLFrameElementBase::openURL):
2512         (WebCore::HTMLFrameElementBase::parseAttribute):
2513         (WebCore::HTMLFrameElementBase::didFinishInsertingNode):
2514         * html/HTMLFrameElementBase.h:
2515
2516 2018-05-07  Chris Dumez  <cdumez@apple.com>
2517
2518         ASSERT(!childItemWithTarget(child->target())) is hit in HistoryItem::addChildItem()
2519         https://bugs.webkit.org/show_bug.cgi?id=185322
2520
2521         Reviewed by Geoff Garen.
2522
2523         We generate unique names for Frame to be used in HistoryItem. Those names not only
2524         need to be unique, they also need to be repeatable to avoid layout tests flakiness
2525         and for things like restoring form state from a HistoryItem.
2526
2527         The previously generated frame names were relying on the Frame's index among a
2528         parent Frame's children. The issue was that we could end up with duplicate names
2529         because one could insert a Frame *before* an existing one. This is because the code
2530         would not take care of updating existing Frames' unique name on frame tree mutation.
2531
2532         Updating frame tree names on mutation would be inefficient and is also not necessary.
2533         The approach chosen in this patch is to stop using the Frame's index and instead rely
2534         on an increasing counter stored on the top-frame's FrameTree. To make the names
2535         repeatable, we reset the counter on page navigation.
2536
2537         * page/Frame.cpp:
2538         (WebCore::Frame::setDocument):
2539         * page/FrameTree.cpp:
2540         (WebCore::FrameTree::uniqueChildName const):
2541         (WebCore::FrameTree::generateUniqueName const):
2542         * page/FrameTree.h:
2543         (WebCore::FrameTree::resetFrameIdentifiers):
2544
2545 2018-05-07  Yacine Bandou  <yacine.bandou_ext@softathome.com>
2546
2547         [EME][GStreamer] Fix wrong subsample parsing on r227067
2548         https://bugs.webkit.org/show_bug.cgi?id=185382
2549
2550         Reviewed by Philippe Normand.
2551
2552         The initialization of sampleIndex should be moved outside of the loop.
2553         Without this patch we will have a bad log and the check of the subsample
2554         count will be useless.
2555
2556         * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
2557         (webKitMediaClearKeyDecryptorDecrypt):
2558
2559 2018-05-07  Daniel Bates  <dabates@apple.com>
2560
2561         CSP should be passed the referrer
2562         https://bugs.webkit.org/show_bug.cgi?id=185367
2563
2564         Reviewed by Per Arne Vollan.
2565
2566         As a step towards formalizing a CSP delegate object and removing the dependencies
2567         on ScriptExecutionContext and Frame, we should pass the document's referrer directly
2568         instead of indirectly obtaining it from the ScriptExecutionContext or Frame used
2569         to instantiate the ContentSecurityPolicy object.
2570
2571         * dom/Document.cpp:
2572         (WebCore::Document::processHttpEquiv): Pass the document's referrer.
2573         (WebCore::Document::initSecurityContext): Ditto.
2574         (WebCore::Document::applyQuickLookSandbox): Ditto.
2575         * loader/DocumentLoader.cpp:
2576         (WebCore::DocumentLoader::responseReceived): Ditto.
2577         * loader/FrameLoader.cpp:
2578         (WebCore::FrameLoader::didBeginDocument): Ditto.
2579         * page/csp/ContentSecurityPolicy.cpp:
2580         (WebCore::ContentSecurityPolicy::copyStateFrom): We pass a null string for the referrer
2581         to didReceiveHeader() as a placeholder since it requires the referrer be given to it. We
2582         fix up the referrer (m_referrer) after copying all the policy headers.
2583         (WebCore::ContentSecurityPolicy::didReceiveHeaders): Ditto.
2584         (WebCore::ContentSecurityPolicy::didReceiveHeader): Modified to take a referrer and WTFMove()s
2585         it into an instance variable (m_referrer).
2586         (WebCore::ContentSecurityPolicy::reportViolation const): Modified to use the stored referrer.
2587         * page/csp/ContentSecurityPolicy.h:
2588         * workers/WorkerGlobalScope.cpp:
2589         (WebCore::WorkerGlobalScope::applyContentSecurityPolicyResponseHeaders): Pass a null string
2590         for the referrer as a worker does not have a referrer.
2591
2592 2018-05-07  Daniel Bates  <dabates@apple.com>
2593
2594         CSP should only notify Inspector to pause the debugger on the first policy to violate a directive
2595         https://bugs.webkit.org/show_bug.cgi?id=185364
2596
2597         Reviewed by Brent Fulgham.
2598
2599         Notify Web Inspector that a script was blocked on the first enforced CSP policy that it
2600         violates.
2601
2602         A page can have more than one enforced Content Security Policy. Currently for inline
2603         scripts, inline event handlers, JavaScript URLs, and eval() that are blocked by CSP
2604         we notify Web Inspector that it was blocked for each CSP policy that blocked it. When
2605         Web Inspector is notified it pauses script execution. It does not seem very meaningful
2606         to pause script execution on the same script for each CSP policy that blocked it.
2607         Therefore, only tell Web Inspector that a script was blocked for the first enforced CSP
2608         policy that blocked it.
2609
2610         * page/csp/ContentSecurityPolicy.cpp:
2611         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs const):
2612         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers const):
2613         (WebCore::ContentSecurityPolicy::allowInlineScript const):
2614         (WebCore::ContentSecurityPolicy::allowEval const):
2615
2616 2018-05-07  Daniel Bates  <dabates@apple.com>
2617
2618         Substitute CrossOriginPreflightResultCache::clear() for CrossOriginPreflightResultCache::empty()
2619         https://bugs.webkit.org/show_bug.cgi?id=185170
2620
2621         Reviewed by Per Arne Vollan.
2622
2623         Rename CrossOriginPreflightResultCache::empty() to CrossOriginPreflightResultCache::clear() make
2624         it consistent with the terminology we use in WebKit to signify a function that clears a collection.
2625         A member function named "empty" is expected to return an instance of a class in its "empty state".
2626         For example, StringImpl::empty() returns a StringImpl instance that represents the empty string.
2627         However CrossOriginPreflightResultCache::empty() clears out the cache in-place. We should rename
2628         this function to better describe its purpose.
2629
2630         * loader/CrossOriginPreflightResultCache.cpp:
2631         (WebCore::CrossOriginPreflightResultCache::clear):
2632         (WebCore::CrossOriginPreflightResultCache::empty): Deleted.
2633         * loader/CrossOriginPreflightResultCache.h:
2634
2635 2018-05-06  Dean Jackson  <dino@apple.com>
2636
2637         WebGL: Reset simulated values after validation fails
2638         https://bugs.webkit.org/show_bug.cgi?id=185363
2639         <rdar://problem/39733417>
2640
2641         Reviewed by Anders Carlsson.
2642
2643         While fixing a previous bug, I forgot to reset some values
2644         when validation fails. This caused a bug where a subsequent
2645         invalid call might use those values and escape detection.
2646
2647         Test: fast/canvas/webgl/index-validation-with-subsequent-draws.html
2648
2649         * html/canvas/WebGLRenderingContextBase.cpp:
2650         (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): Reset the
2651         sizes when validation fails.
2652         * html/canvas/WebGLRenderingContextBase.h:
2653
2654 2018-05-07  Ms2ger  <Ms2ger@igalia.com>
2655
2656         Support negative sw/sh values in createImageBitmap().
2657         https://bugs.webkit.org/show_bug.cgi?id=184449
2658
2659         Reviewed by Dean Jackson.
2660
2661         Tests: LayoutTests/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage.html
2662                LayoutTests/http/wpt/2dcontext/imagebitmap/createImageBitmap.html
2663
2664         * html/ImageBitmap.cpp:
2665         (WebCore::ImageBitmap::createPromise): handle negative values per spec.
2666
2667 2018-05-07  Brian Burg  <bburg@apple.com>
2668
2669         Web Inspector: opt out of process swap on navigation if a Web Inspector frontend is connected
2670         https://bugs.webkit.org/show_bug.cgi?id=184861
2671         <rdar://problem/39153768>
2672
2673         Reviewed by Timothy Hatcher.
2674
2675         Notify the client of the current connection count whenever a frontend connects or disconnects.
2676
2677         Covered by new API test.
2678
2679         * inspector/InspectorClient.h:
2680         (WebCore::InspectorClient::frontendCountChanged):
2681         * inspector/InspectorController.cpp:
2682         (WebCore::InspectorController::connectFrontend):
2683         (WebCore::InspectorController::disconnectFrontend):
2684         (WebCore::InspectorController::disconnectAllFrontends):
2685         * inspector/InspectorController.h:
2686
2687 2018-05-07  Eric Carlson  <eric.carlson@apple.com>
2688
2689         Text track cue logging should include cue text
2690         https://bugs.webkit.org/show_bug.cgi?id=185353
2691         <rdar://problem/40003565>
2692
2693         Reviewed by Youenn Fablet.
2694
2695         No new tests, tested manually.
2696
2697         * html/track/VTTCue.cpp:
2698         (WebCore::VTTCue::toJSONString const): Use toJSON.
2699         (WebCore::VTTCue::toJSON const): New.
2700         * html/track/VTTCue.h:
2701
2702         * platform/graphics/InbandTextTrackPrivateClient.h:
2703         (WebCore::GenericCueData::toJSONString const): Log m_content.
2704
2705         * platform/graphics/iso/ISOVTTCue.cpp:
2706         (WebCore::ISOWebVTTCue::toJSONString const): Log m_cueText.
2707
2708 2018-05-06  Zalan Bujtas  <zalan@apple.com>
2709
2710         [LFC] Add assertions for stale Display::Box geometry
2711         https://bugs.webkit.org/show_bug.cgi?id=185357
2712
2713         Reviewed by Antti Koivisto.
2714
2715         Ensure that we don't access stale geometry of other boxes during layout.
2716         For example, in order to layout a block child we need the containing block's content box top/left and width (but not the height)
2717
2718         * layout/displaytree/DisplayBox.h:
2719         (WebCore::Display::Box::invalidateTop):
2720         (WebCore::Display::Box::invalidateLeft):
2721         (WebCore::Display::Box::invalidateWidth):
2722         (WebCore::Display::Box::invalidateHeight):
2723         (WebCore::Display::Box::hasValidPosition const):
2724         (WebCore::Display::Box::hasValidSize const):
2725         (WebCore::Display::Box::hasValidGeometry const):
2726         (WebCore::Display::Box::invalidatePosition):
2727         (WebCore::Display::Box::invalidateSize):
2728         (WebCore::Display::Box::setHasValidPosition):
2729         (WebCore::Display::Box::setHasValidSize):
2730         (WebCore::Display::Box::setHasValidGeometry):
2731         (WebCore::Display::Box::rect const):
2732         (WebCore::Display::Box::top const):
2733         (WebCore::Display::Box::left const):
2734         (WebCore::Display::Box::bottom const):
2735         (WebCore::Display::Box::right const):
2736         (WebCore::Display::Box::topLeft const):
2737         (WebCore::Display::Box::bottomRight const):
2738         (WebCore::Display::Box::size const):
2739         (WebCore::Display::Box::width const):
2740         (WebCore::Display::Box::height const):
2741         (WebCore::Display::Box::setRect):
2742         (WebCore::Display::Box::setTopLeft):
2743         (WebCore::Display::Box::setTop):
2744         (WebCore::Display::Box::setLeft):
2745         (WebCore::Display::Box::setSize):
2746         (WebCore::Display::Box::setWidth):
2747         (WebCore::Display::Box::setHeight):
2748
2749 2018-05-06  Zalan Bujtas  <zalan@apple.com>
2750
2751         [LFC] Add BlockFormattingContext::computeStaticPosition
2752         https://bugs.webkit.org/show_bug.cgi?id=185352
2753
2754         Reviewed by Antti Koivisto.
2755
2756         This is the core logic for positioning inflow boxes in a block formatting context (very naive though).
2757
2758         * layout/blockformatting/BlockFormattingContext.cpp:
2759         (WebCore::Layout::BlockFormattingContext::computeStaticPosition const):
2760         * layout/displaytree/DisplayBox.h:
2761
2762 2018-05-05  Sam Weinig  <sam@webkit.org>
2763
2764         Cleanup XMLHttpRequestUpload a little
2765         https://bugs.webkit.org/show_bug.cgi?id=185344
2766
2767         Reviewed by Yusuke Suzuki.
2768
2769         * bindings/js/JSXMLHttpRequestCustom.cpp:
2770         (WebCore::JSXMLHttpRequest::visitAdditionalChildren):
2771         Use auto to reduce redundancy.
2772
2773         * xml/XMLHttpRequest.cpp:
2774         (WebCore::XMLHttpRequest::upload):
2775         * xml/XMLHttpRequest.h:
2776         Switch upload() to return a reference.
2777         
2778         * xml/XMLHttpRequestUpload.cpp:
2779         (WebCore::XMLHttpRequestUpload::XMLHttpRequestUpload):
2780         (WebCore::XMLHttpRequestUpload::dispatchProgressEvent):
2781         * xml/XMLHttpRequestUpload.h:
2782         Cleanup formatting, modernize and switch XMLHttpRequest member from a pointer
2783         to a reference.
2784
2785 2018-05-05  Dean Jackson  <dino@apple.com>
2786
2787         Draw a drop-shadow behind the system preview badge
2788         https://bugs.webkit.org/show_bug.cgi?id=185356
2789         <rdar://problem/40004936>
2790
2791         Reviewed by Wenson Hsieh.
2792
2793         Draw a very subtle drop-shadow under the system
2794         preview badge so that it is more visible on a pure
2795         white background.
2796
2797         I also moved some code around to make it more clear
2798         and improved comments.
2799
2800         * rendering/RenderThemeIOS.mm:
2801         (WebCore::RenderThemeIOS::paintSystemPreviewBadge):
2802
2803 2018-05-04  Wenson Hsieh  <wenson_hsieh@apple.com>
2804
2805         [iOS] Multiple links in Mail are dropped in a single line, and are difficult to tell apart
2806         https://bugs.webkit.org/show_bug.cgi?id=185289
2807         <rdar://problem/35756912>
2808
2809         Reviewed by Tim Horton and Darin Adler.
2810
2811         When inserting multiple URLs as individual items in a single drop, we currently separate each item with a space
2812         (see r217284). However, it still seems difficult to tell dropped links apart. This patch makes some slight
2813         tweaks to WebContentReader::readURL so that it inserts line breaks before dropped URLs, if the dropped URL isn't
2814         the first item to be inserted in the resulting document fragment.
2815
2816         Augments existing API tests in DataInteractionTests.
2817
2818         * editing/ios/WebContentReaderIOS.mm:
2819
2820         Additionally remove some extraneous header imports from this implementation file.
2821
2822         (WebCore::WebContentReader::readURL):
2823
2824 2018-05-02  Dean Jackson  <dino@apple.com>
2825
2826         Use IOSurfaces for CoreImage operations where possible
2827         https://bugs.webkit.org/show_bug.cgi?id=185230
2828         <rdar://problem/39926929>
2829
2830         Reviewed by Jon Lee.
2831
2832         On iOS hardware, we can use IOSurfaces as a rendering destination
2833         for CoreImage, which means we're keeping data on the GPU
2834         for rendering.
2835
2836         As a drive-by fix, I used a convenience method for Gaussian blurs.
2837
2838         * rendering/RenderThemeIOS.mm:
2839         (WebCore::RenderThemeIOS::paintSystemPreviewBadge):
2840
2841 2018-05-04  Tim Horton  <timothy_horton@apple.com>
2842
2843         Shift to a lower-level framework for simplifying URLs
2844         https://bugs.webkit.org/show_bug.cgi?id=185334
2845
2846         Reviewed by Dan Bernstein.
2847
2848         * Configurations/WebCore.xcconfig:
2849         * platform/mac/DragImageMac.mm:
2850         (WebCore::LinkImageLayout::LinkImageLayout):
2851
2852 2018-05-03  Ryosuke Niwa  <rniwa@webkit.org>
2853
2854         Release assert in ScriptController::canExecuteScripts via HTMLMediaElement::~HTMLMediaElement()
2855         https://bugs.webkit.org/show_bug.cgi?id=185288
2856
2857         Reviewed by Jer Noble.
2858
2859         The crash is caused by HTMLMediaElement::~HTMLMediaElement canceling the resource load via CachedResource
2860         which ends up calling FrameLoader::checkCompleted() and fire load event on the document synchronously.
2861         Speculatively fix the crash by scheduling the check instead.
2862
2863         In long term, ResourceLoader::cancel should never fire load event synchronously: webkit.org/b/185284.
2864
2865         Unfortunately, no new tests since I can't get MediaResource to get destructed at the right time.
2866
2867         * html/HTMLMediaElement.cpp:
2868         (WebCore::HTMLMediaElement::isRunningDestructor): Added to detect this specific case.
2869         (WebCore::HTMLMediaElementDestructorScope): Added.
2870         (WebCore::HTMLMediaElementDestructorScope::HTMLMediaElementDestructorScope): Added.
2871         (WebCore::HTMLMediaElementDestructorScope::~HTMLMediaElementDestructorScope): Added.
2872         (WebCore::HTMLMediaElement::~HTMLMediaElement): Instantiate HTMLMediaElement.
2873         * html/HTMLMediaElement.h:
2874         * loader/FrameLoader.cpp:
2875         (WebCore::FrameLoader::checkCompleted): Call scheduleCheckCompleted instead of synchronously calling
2876         checkCompleted if we're in the middle of destructing a HTMLMediaElement.
2877
2878 2018-05-04  Ryosuke Niwa  <rniwa@webkit.org>
2879
2880         Rename DocumentOrderedMap to TreeScopeOrderedMap
2881         https://bugs.webkit.org/show_bug.cgi?id=185290
2882
2883         Reviewed by Zalan Bujtas.
2884
2885         Renamed the class since it's almost always a mistake to use this class as a member variable of Document.
2886
2887         * Sources.txt:
2888         * WebCore.xcodeproj/project.pbxproj:
2889         * dom/MouseRelatedEvent.cpp: Include the forgotten DOMWindow.h. Unified build files bit us here.
2890         * dom/TreeScope.cpp:
2891         (WebCore::TreeScope::addElementById):
2892         (WebCore::TreeScope::addElementByName):
2893         (WebCore::TreeScope::addImageMap):
2894         (WebCore::TreeScope::addImageElementByUsemap):
2895         (WebCore::TreeScope::labelElementForId):
2896         * dom/TreeScope.h:
2897         * dom/TreeScopeOrderedMap.cpp: Renamed from DocumentOrderedMap.cpp
2898         * dom/TreeScopeOrderedMap.h: Renamed from DocumentOrderedMap.h
2899         * html/HTMLDocument.h:
2900
2901 2018-05-04  Don Olmstead  <don.olmstead@sony.com>
2902
2903         [Win][WebKit] Fix forwarding headers for Windows build
2904         https://bugs.webkit.org/show_bug.cgi?id=184412
2905
2906         Reviewed by Alex Christensen.
2907
2908         No new tests. No change in behavior.
2909
2910         * PlatformWin.cmake:
2911
2912 2018-05-04  Zalan Bujtas  <zalan@apple.com>
2913
2914         [Simple line layout] Add support for line layout box generation with multiple text renderers.
2915         https://bugs.webkit.org/show_bug.cgi?id=185276
2916
2917         Reviewed by Antti Koivisto.
2918
2919         Covered by existing tests.
2920
2921         * rendering/SimpleLineLayoutFunctions.cpp:
2922         (WebCore::SimpleLineLayout::canUseForLineBoxTree):
2923         (WebCore::SimpleLineLayout::generateLineBoxTree):
2924         * rendering/SimpleLineLayoutResolver.cpp:
2925         (WebCore::SimpleLineLayout::RunResolver::Run::renderer const):
2926         (WebCore::SimpleLineLayout::RunResolver::Run::localStart const):
2927         (WebCore::SimpleLineLayout::RunResolver::Run::localEnd const):
2928         * rendering/SimpleLineLayoutResolver.h:
2929
2930 2018-05-04  Timothy Hatcher  <timothy@apple.com>
2931
2932         Deprecate legacy WebView and friends
2933         https://bugs.webkit.org/show_bug.cgi?id=185279
2934         rdar://problem/33268700
2935
2936         Reviewed by Tim Horton.
2937
2938         * Configurations/WebCore.xcconfig:
2939         Added BUILDING_WEBKIT define to disable the deprecation macros.
2940         * bridge/objc/WebScriptObject.h:
2941         Added deprecation macros to WebScriptObject and WebUndefined.
2942         * platform/cocoa/WebKitAvailability.h:
2943         Added more macros and a way to disable deprecation warnings for
2944         WebKit build and in clients like Safari.
2945
2946 2018-05-04  Eric Carlson  <eric.carlson@apple.com>
2947
2948         Log media time range as JSON
2949         https://bugs.webkit.org/show_bug.cgi?id=185321
2950         <rdar://problem/39986746>
2951
2952         Reviewed by Youenn Fablet.
2953
2954         No new tests, tested manually.
2955
2956         * html/HTMLMediaElement.cpp:
2957         (WebCore::HTMLMediaElement::addPlayedRange): Log as time range.
2958         (WebCore::HTMLMediaElement::visibilityStateChanged): Cleanup.
2959
2960         * platform/graphics/MediaPlayer.h:
2961         (WTF::LogArgument<MediaTime>::toString):
2962         (WTF::LogArgument<MediaTimeRange>::toString):
2963
2964         * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
2965         (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings): Log error as time range.
2966
2967 2018-05-04  Zalan Bujtas  <zalan@apple.com>
2968
2969         Use the containing block to compute the pagination gap when the container is inline.
2970         https://bugs.webkit.org/show_bug.cgi?id=184724
2971         <rdar://problem/39521800>
2972
2973         Reviewed by Simon Fraser.
2974
2975         Test: fast/overflow/page-overflow-with-inline-body-crash.html
2976
2977         * page/FrameView.cpp:
2978         (WebCore::FrameView::applyPaginationToViewport):
2979
2980 2018-05-04  Tim Horton  <timothy_horton@apple.com>
2981
2982         Don't use GSFont* in minimal simulator mode
2983         https://bugs.webkit.org/show_bug.cgi?id=185320
2984         <rdar://problem/39734478>
2985
2986         Reviewed by Beth Dakin.
2987
2988         * page/cocoa/MemoryReleaseCocoa.mm:
2989         (WebCore::platformReleaseMemory):
2990
2991 2018-05-04  Chris Dumez  <cdumez@apple.com>
2992
2993         Unreviewed, rolling out r231331.
2994
2995         Caused a few tests to assert
2996
2997         Reverted changeset:
2998
2999         "Stop using an iframe's id as fallback if its name attribute
3000         is not set"
3001         https://bugs.webkit.org/show_bug.cgi?id=11388
3002         https://trac.webkit.org/changeset/231331
3003
3004 2018-05-04  Youenn Fablet  <youenn@apple.com>
3005
3006         Use more references in updateTracksOfType
3007         https://bugs.webkit.org/show_bug.cgi?id=185305
3008
3009         Reviewed by Eric Carlson.
3010
3011         No change of behavior.
3012
3013         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
3014         (WebCore::updateTracksOfType):
3015         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks):
3016
3017 2018-05-04  Myles C. Maxfield  <mmaxfield@apple.com>
3018
3019         Text shaping in the simple path is flipped in the y direction
3020         https://bugs.webkit.org/show_bug.cgi?id=185062
3021         <rdar://problem/39778678>
3022
3023         Reviewed by Simon Fraser.
3024
3025         Shaping in our simple codepath occurs in an "increasing-y-goes-up" coordinate system, but our painting
3026         code uses an "increasing-y-goes-down" coordinate system. We weren't fixing up the coordinate systems
3027         because we never noticed. This is because the simple codepath is only designed for kerning and ligatures,
3028         neither of which move glyphs vertically in the common case.
3029
3030         Test: fast/text/vertical-displacement-simple-codepath.html
3031
3032         * platform/graphics/Font.cpp:
3033         (WebCore::Font::applyTransforms const):
3034         * platform/graphics/WidthIterator.cpp:
3035         (WebCore::WidthIterator::applyFontTransforms):
3036
3037 2018-05-04  Chris Nardi  <cnardi@chromium.org>
3038
3039         Serialize all URLs with double-quotes per CSSOM spec
3040         https://bugs.webkit.org/show_bug.cgi?id=184935
3041
3042         Reviewed by Antti Koivisto.
3043
3044         According to https://drafts.csswg.org/cssom/#serialize-a-url, all URLs should be serialized as strings,
3045         which means they should have double quotes around the text of the URL. Update our implementation to match
3046         this (and Firefox/Chrome). Also remove isCSSTokenizerURL() as this method is no longer needed.
3047
3048         Tests: Many LayoutTests updated to use double quotes.
3049
3050         * css/CSSMarkup.cpp:
3051         (WebCore::serializeString): Remove FIXME as this was already fixed in a previous patch.
3052         (WebCore::serializeURL): Remove FIXME and update implementation.
3053
3054 2018-05-04  Youenn Fablet  <youenn@apple.com>
3055
3056         LayoutTests/fast/mediastream/change-tracks-media-stream-being-played.html is crashing after r231304
3057         https://bugs.webkit.org/show_bug.cgi?id=185303
3058
3059         Reviewed by Eric Carlson.
3060
3061         We need to stop observing the audio track like we do for video track once we are no longer interested in it.
3062         Covered by test no longer crashing.
3063
3064         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
3065         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks):
3066
3067 2018-05-04  Zalan Bujtas  <zalan@apple.com>
3068
3069         [LFC] Set the invalidation root as the result of style change.
3070         https://bugs.webkit.org/show_bug.cgi?id=185301
3071
3072         Reviewed by Antti Koivisto.
3073
3074         Compute/propagate the update type on the ancestor chain and return the invalidation root
3075         so that LayoutContext could use it as the entry point for the next layout frame.
3076
3077         * layout/LayoutContext.cpp:
3078         (WebCore::Layout::LayoutContext::updateLayout):
3079         (WebCore::Layout::LayoutContext::styleChanged):
3080         * layout/LayoutContext.h: order is not important.
3081         * layout/blockformatting/BlockInvalidation.cpp:
3082         (WebCore::Layout::invalidationStopsAtFormattingContextBoundary):
3083         (WebCore::Layout::computeUpdateType):
3084         (WebCore::Layout::computeUpdateTypeForAncestor):
3085         (WebCore::Layout::BlockInvalidation::invalidate):
3086         * layout/blockformatting/BlockInvalidation.h:
3087         * layout/inlineformatting/InlineInvalidation.cpp:
3088         (WebCore::Layout::InlineInvalidation::invalidate):
3089         * layout/inlineformatting/InlineInvalidation.h:
3090
3091 2018-05-04  Youenn Fablet  <youenn@apple.com>
3092
3093         PeerConnection should have its connectionState closed even if doing gathering
3094         https://bugs.webkit.org/show_bug.cgi?id=185267
3095
3096         Reviewed by Darin Adler.
3097
3098         Test: webrtc/addICECandidate-closed.html
3099
3100         In case m_iceConnectionState is closed, m_connectionState should also be set to closed
3101         and RTCPeerConnection should be closed so as to reject any other call.
3102
3103         * Modules/mediastream/RTCPeerConnection.cpp:
3104         (WebCore::RTCPeerConnection::close):
3105         (WebCore::RTCPeerConnection::updateConnectionState):
3106
3107 2018-05-04  Yacine Bandou  <yacine.bandou_ext@softathome.com>
3108
3109         [MSE][GStreamer] Delete properly the stream from the WebKitMediaSource
3110         https://bugs.webkit.org/show_bug.cgi?id=185242
3111
3112         Reviewed by Xabier Rodriguez-Calvar.
3113
3114         When the sourceBuffer is removed from mediasource, the appropriate stream is not
3115         properly deleted from WebKitMediaSource, because the appsrc and parser elements
3116         of the stream are not removed from the WebKitMediaSource bin.
3117
3118         This patch avoids the regression of r231089, see https://bugs.webkit.org/show_bug.cgi?id=185071
3119
3120         * platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp:
3121         (webKitMediaSrcFreeStream):
3122
3123 2018-05-04  Carlos Garcia Campos  <cgarcia@igalia.com>
3124
3125         [GTK] Epiphany (GNOME Web) says "Error downloading: Service Unavailable." when trying to download an image from discogs.com
3126         https://bugs.webkit.org/show_bug.cgi?id=174730
3127
3128         Reviewed by Michael Catanzaro.
3129
3130         Export ResourceRequestBase::hasHTTPHeaderField().
3131
3132         * platform/network/ResourceRequestBase.h:
3133
3134 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
3135
3136         Use subprocess.call instead of os.system to handle path with spaces
3137         https://bugs.webkit.org/show_bug.cgi?id=185291
3138
3139         Reviewed by Darin Adler.
3140
3141         If gperf path includes spaces, these python scripts fail to execute gperf.
3142         We use subprocess module instead of os.system to invoke gperf.
3143
3144         * css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
3145         * css/makeSelectorPseudoElementsMap.py:
3146         * platform/network/create-http-header-name-table:
3147
3148 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
3149
3150         Unreviewed, attempt to fix WinCairo build failure
3151         https://bugs.webkit.org/show_bug.cgi?id=185218
3152
3153         * platform/text/win/LocaleWin.cpp:
3154         (WebCore::LocaleWin::getLocaleInfoString):
3155
3156 2018-05-03  Filip Pizlo  <fpizlo@apple.com>
3157
3158         Strings should not be allocated in a gigacage
3159         https://bugs.webkit.org/show_bug.cgi?id=185218
3160
3161         Reviewed by Saam Barati.
3162
3163         No new tests because no new behavior.
3164
3165         * Modules/indexeddb/server/IDBSerialization.cpp:
3166         (WebCore::decodeKey):
3167         * bindings/js/SerializedScriptValue.cpp:
3168         (WebCore::CloneDeserializer::readString):
3169         * html/canvas/CanvasRenderingContext2D.cpp:
3170         (WebCore::normalizeSpaces):
3171         * html/parser/HTMLTreeBuilder.cpp:
3172         (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::takeRemainingWhitespace):
3173         * platform/URLParser.cpp:
3174         (WebCore::percentEncodeByte):
3175         (WebCore::serializeURLEncodedForm):
3176         (WebCore::URLParser::serialize):
3177         * platform/URLParser.h:
3178         * platform/graphics/FourCC.cpp:
3179         (WebCore::FourCC::toString const):
3180         * platform/graphics/ca/GraphicsLayerCA.cpp:
3181         (WebCore::GraphicsLayerCA::ReplicaState::cloneID const):
3182         * platform/text/LocaleICU.cpp:
3183         (WebCore::LocaleICU::decimalSymbol):
3184         (WebCore::LocaleICU::decimalTextAttribute):
3185         (WebCore::getDateFormatPattern):
3186         (WebCore::LocaleICU::createLabelVector):
3187         (WebCore::getFormatForSkeleton):
3188         * platform/win/FileSystemWin.cpp:
3189         (WebCore::FileSystem::getFinalPathName):
3190         (WebCore::FileSystem::pathByAppendingComponent):
3191         (WebCore::FileSystem::storageDirectory):
3192
3193 2018-05-02  Brent Fulgham  <bfulgham@apple.com>
3194
3195         Widgets should hold a WeakPtr to their parents
3196         https://bugs.webkit.org/show_bug.cgi?id=185239
3197         <rdar://problem/39741250>
3198
3199         Reviewed by Zalan Bujtas.
3200
3201         * platform/ScrollView.h:
3202         (WebCore::ScrollView::weakPtrFactory): Added.
3203         * platform/Widget.cpp:
3204         (WebCore::Widget::init): Don't perform an unnecessary assignment.
3205         (WebCore::Widget::setParent): Grab a WeakPtr to the parent ScrollView.
3206         * platform/Widget.h:
3207         (WebCore::Widget::parent const): Change type to a WeakPtr.
3208
3209 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
3210
3211         Use pointer instead of std::optional<T&>
3212         https://bugs.webkit.org/show_bug.cgi?id=185186
3213
3214         Reviewed by Alex Christensen.
3215
3216         std::optional<T&> is not accepted in C++17 spec.
3217         In this patch, we replace it with T*, which is well-aligned to
3218         WebKit's convention.
3219
3220         * Modules/mediastream/RTCPeerConnection.cpp:
3221         (WebCore::iceServersFromConfiguration):
3222         (WebCore::RTCPeerConnection::initializeConfiguration):
3223         (WebCore::RTCPeerConnection::setConfiguration):
3224         * css/parser/CSSParser.cpp:
3225         (WebCore::CSSParser::parseSystemColor):
3226         * css/parser/CSSParser.h:
3227         * dom/DatasetDOMStringMap.cpp:
3228         (WebCore::DatasetDOMStringMap::item const):
3229         (WebCore::DatasetDOMStringMap::namedItem const):
3230         (WebCore:: const): Deleted.
3231         * dom/DatasetDOMStringMap.h:
3232         * dom/Element.cpp:
3233         (WebCore::Element::insertAdjacentHTML):
3234         * dom/Element.h:
3235         * html/canvas/CanvasStyle.cpp:
3236         (WebCore::parseColor):
3237         * inspector/DOMEditor.cpp:
3238         * platform/network/curl/CurlFormDataStream.cpp:
3239         (WebCore::CurlFormDataStream::getPostData):
3240         (): Deleted.
3241         * platform/network/curl/CurlFormDataStream.h:
3242         * platform/network/curl/CurlRequest.cpp:
3243         (WebCore::CurlRequest::setupPOST):
3244         * testing/MockCDMFactory.cpp:
3245         (WebCore::MockCDMFactory::keysForSessionWithID const):
3246         (WebCore::MockCDMInstance::updateLicense):
3247         (WebCore:: const): Deleted.
3248         * testing/MockCDMFactory.h:
3249
3250 2018-05-03  Chris Dumez  <cdumez@apple.com>
3251
3252         Stop using an iframe's id as fallback if its name attribute is not set
3253         https://bugs.webkit.org/show_bug.cgi?id=11388
3254
3255         Reviewed by Geoff Garen.
3256
3257         WebKit had logic to use an iframe's id as fallback name when its name
3258         content attribute is not set. This behavior was not standard and did not
3259         match other browsers:
3260         - https://html.spec.whatwg.org/#attr-iframe-name
3261
3262         Gecko / Trident never behaved this way. Blink was aligned with us until
3263         they started to match the specification in:
3264         - https://bugs.chromium.org/p/chromium/issues/detail?id=347169
3265
3266         This WebKit quirk was causing some Web-compatibility issues because it
3267         would affect the behavior of Window's name property getter when trying
3268         to look up an iframe by id. Because of Window's named property getter
3269         behavior [1], we would return the frame's contentWindow instead of the
3270         iframe element itself.
3271
3272         [1] https://html.spec.whatwg.org/multipage/window-object.html#named-access-on-the-window-object
3273
3274         Test: fast/dom/Window/named-getter-frame-id.html
3275
3276         * html/HTMLFrameElementBase.cpp:
3277         (WebCore::HTMLFrameElementBase::openURL):
3278         (WebCore::HTMLFrameElementBase::parseAttribute):
3279         (WebCore::HTMLFrameElementBase::didFinishInsertingNode):
3280         * html/HTMLFrameElementBase.h:
3281
3282 2018-05-03  Eric Carlson  <eric.carlson@apple.com>
3283
3284         [iOS] Internal text and audio tracks not in fullscreen menu
3285         https://bugs.webkit.org/show_bug.cgi?id=185268
3286         <rdar://problem/38673440>
3287
3288         Reviewed by Jer Noble.
3289
3290         * platform/cocoa/PlaybackSessionModelMediaElement.mm:
3291         (WebCore::PlaybackSessionModelMediaElement::setMediaElement): 'addtrack' and 'removetrack'
3292         events are fired at the track lists, not the media element.
3293
3294 2018-05-03  Ryosuke Niwa  <rniwa@webkit.org>
3295
3296         Using image map inside a shadow tree results hits a release assert in DocumentOrderedMap::add
3297         https://bugs.webkit.org/show_bug.cgi?id=185238
3298
3299         Reviewed by Antti Koivisto.
3300
3301         The bug was caused by DocumentOrderedMap for the image elements with usemap being stored in Document
3302         even if those image elements were in a shadow tree. Fixed the bug by moving the map to TreeScope.
3303
3304         Test: fast/images/imagemap-in-nested-shadow-tree.html
3305               fast/images/imagemap-in-shadow-tree.html
3306
3307         * dom/Document.cpp:
3308         (WebCore::Document::addImageElementByUsemap): Moved to TreeScope.
3309         (WebCore::Document::removeImageElementByUsemap): Ditto.
3310         (WebCore::Document::imageElementByUsemap const): Ditto.
3311         * dom/Document.h:
3312         * dom/TreeScope.cpp:
3313         (WebCore::TreeScope::destroyTreeScopeData): Clear m_imagesByUsemap as well as m_elementsByName.
3314         (WebCore::TreeScope::getImageMap const): Removed the code to parse usemap. RenderImage::imageMap()
3315         which used to call this function with the raw value of the usemap content attribute now calls it
3316         via HTMLImageElement::associatedMapElement(), which uses the parsed usemap.
3317         (WebCore::TreeScope::addImageElementByUsemap): Moved from Document.
3318         (WebCore::TreeScope::removeImageElementByUsemap): Ditto.
3319         (WebCore::TreeScope::imageElementByUsemap const): Ditto.
3320         * dom/TreeScope.h:
3321         * html/HTMLImageElement.cpp:
3322         (WebCore::HTMLImageElement::parseAttribute):
3323         (WebCore::HTMLImageElement::insertedIntoAncestor): This image element can be associated with a map element
3324         if it's connected to a document.
3325         (WebCore::HTMLImageElement::removedFromAncestor):
3326         (WebCore::HTMLImageElement::associatedMapElement const):
3327         * html/HTMLImageElement.h:
3328         * html/HTMLMapElement.cpp:
3329         (WebCore::HTMLMapElement::imageElement):
3330         * rendering/RenderImage.cpp:
3331         (WebCore::RenderImage::imageMap const):
3332
3333 2018-05-03  Justin Fan  <justin_fan@apple.com>
3334
3335         [WebGL] Add runtime flag for enabling ASTC support in WebGL
3336         https://bugs.webkit.org/show_bug.cgi?id=184840
3337
3338         Reviewed by Myles C. Maxfield.
3339
3340         Added runtime flag for ASTC support in WebGL, to turn on/off when extension is implemented.
3341
3342         * page/RuntimeEnabledFeatures.h:
3343         (WebCore::RuntimeEnabledFeatures::setWebGLCompressedTextureASTCSupportEnabled):
3344         (WebCore::RuntimeEnabledFeatures::webGLCompressedTextureASTCSupportEnabled const):
3345
3346 2018-05-03  Chris Nardi  <cnardi@chromium.org>
3347
3348         Remove [NoInterfaceObject] from DOMRectList
3349         https://bugs.webkit.org/show_bug.cgi?id=185255
3350
3351         Reviewed by Chris Dumez.
3352
3353         In https://github.com/w3c/fxtf-drafts/issues/233, [NoInterfaceObject] was removed
3354         from DOMRectList. Remove it from our implementation to match the spec, as well as
3355         Chrome and Firefox.
3356
3357         Updated web platform tests IDL test for the Geometry spec.
3358
3359         * dom/DOMRectList.idl:
3360
3361 2018-05-03  Chris Dumez  <cdumez@apple.com>
3362
3363         REGRESSION(iOS 11.3): Crashes in TimerBase::~TimerBase() in Tencent x5gamehelper
3364         https://bugs.webkit.org/show_bug.cgi?id=185073
3365         <rdar://problem/39821223>
3366
3367         Reviewed by Alexey Proskuryakov.
3368
3369         The following changes were made:
3370         - Make sure SocketStream callbacks are always scheduled on the right runloop:
3371           WebThreadRunLoop() on WebKitLegacy iOS, loaderRunLoop() on Windows and
3372           main runloop otherwise.
3373         - When the SocketStream callbacks are called, unconditionally call callOnMainThreadAndWait()
3374           before calling methods on the SocketStream client. Previously, this code path
3375           was specific to Windows but there is no reason to have platform-specific code here.
3376           callOnMainThreadAndWait() calls the function right away if we're already on the main
3377           thread, which will be the case on other platform than Windows.
3378
3379         * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
3380         (WebCore::callbacksRunLoop):
3381         (WebCore::callbacksRunLoopMode):
3382         (WebCore::SocketStreamHandleImpl::scheduleStreams):
3383         (WebCore::SocketStreamHandleImpl::pacExecutionCallback):
3384         (WebCore::SocketStreamHandleImpl::executePACFileURL):
3385         (WebCore::SocketStreamHandleImpl::removePACRunLoopSource):
3386         (WebCore::SocketStreamHandleImpl::readStreamCallback):
3387         (WebCore::SocketStreamHandleImpl::writeStreamCallback):
3388         (WebCore::SocketStreamHandleImpl::platformClose):
3389
3390 2018-05-03  Zalan Bujtas  <zalan@apple.com>
3391
3392         [LFC] Enable multiple layout roots for incremental layout.
3393         https://bugs.webkit.org/show_bug.cgi?id=185185
3394
3395         Reviewed by Antti Koivisto.
3396
3397         With certain type of style changes, we can stop the box invalidation at the formatting context boundary.
3398         When multiple boxes need updating in different formatting contexts, instead of marking the parent containing block chain all
3399         the way up to a common ancestor, we could just work with a list of layout entry points per layout frame.
3400
3401         * layout/FormattingState.h:
3402         * layout/LayoutContext.cpp:
3403         (WebCore::Layout::LayoutContext::updateLayout):
3404         (WebCore::Layout::LayoutContext::addLayoutEntryPoint):
3405         * layout/LayoutContext.h:
3406
3407 2018-05-03  Zalan Bujtas  <zalan@apple.com>
3408
3409         [LFC] Box invalidation logic should go to dedicated classes.
3410         https://bugs.webkit.org/show_bug.cgi?id=185249
3411
3412         Reviewed by Antti Koivisto.
3413
3414         Each formatting context can initiate a different type of invalidation when
3415         style attribute changes in a box.
3416
3417         * Sources.txt:
3418         * WebCore.xcodeproj/project.pbxproj:
3419         * layout/FormattingState.cpp:
3420         (WebCore::Layout::FormattingState::FormattingState):
3421         * layout/FormattingState.h:
3422         (WebCore::Layout::FormattingState::isBlockFormattingState const):
3423         (WebCore::Layout::FormattingState::isInlineFormattingState const):
3424         * layout/LayoutContext.cpp:
3425         (WebCore::Layout::LayoutContext::styleChanged):
3426         (WebCore::Layout::LayoutContext::markNeedsUpdate):
3427         * layout/LayoutContext.h:
3428         * layout/blockformatting/BlockFormattingState.cpp:
3429         (WebCore::Layout::BlockFormattingState::BlockFormattingState):
3430         * layout/blockformatting/BlockFormattingState.h:
3431         * layout/blockformatting/BlockInvalidation.cpp: Copied from Source/WebCore/layout/blockformatting/BlockFormattingState.cpp.
3432         (WebCore::Layout::BlockInvalidation::invalidate):
3433         * layout/blockformatting/BlockInvalidation.h: Copied from Source/WebCore/layout/inlineformatting/InlineFormattingState.h.
3434         * layout/inlineformatting/InlineFormattingState.cpp:
3435         (WebCore::Layout::InlineFormattingState::InlineFormattingState):
3436         * layout/inlineformatting/InlineFormattingState.h:
3437         * layout/inlineformatting/InlineInvalidation.cpp: Copied from Source/WebCore/layout/inlineformatting/InlineFormattingState.cpp.
3438         (WebCore::Layout::InlineInvalidation::invalidate):
3439         * layout/inlineformatting/InlineInvalidation.h: Copied from Source/WebCore/layout/blockformatting/BlockFormattingState.h.
3440
3441 2018-05-03  Michael Catanzaro  <mcatanzaro@igalia.com>
3442
3443         WebKit should send fake macOS user agent to docs.google.com
3444         https://bugs.webkit.org/show_bug.cgi?id=185165
3445
3446         Reviewed by Carlos Garcia Campos.
3447
3448         * platform/UserAgentQuirks.cpp:
3449         (WebCore::urlRequiresMacintoshPlatform):
3450         (WebCore::urlRequiresLinuxDesktopPlatform):
3451
3452 2018-05-03  Commit Queue  <commit-queue@webkit.org>
3453
3454         Unreviewed, rolling out r231223 and r231288.
3455         https://bugs.webkit.org/show_bug.cgi?id=185256
3456
3457         The change in r231223 breaks internal builds, and r231288 is a
3458         dependent change. (Requested by ryanhaddad on #webkit).
3459
3460         Reverted changesets:
3461
3462         "Use default std::optional if it is provided"
3463         https://bugs.webkit.org/show_bug.cgi?id=185159
3464         https://trac.webkit.org/changeset/231223
3465
3466         "Use pointer instead of
3467         std::optional<std::reference_wrapper<>>"
3468         https://bugs.webkit.org/show_bug.cgi?id=185186
3469         https://trac.webkit.org/changeset/231288
3470
3471 2018-05-03  Ryan Haddad  <ryanhaddad@apple.com>
3472
3473         Unreviewed, rolling out r231253.
3474
3475         The API test added with this change is crashing on the bots.
3476
3477         Reverted changeset:
3478
3479         "Web Inspector: opt out of process swap on navigation if a Web
3480         Inspector frontend is connected"
3481         https://bugs.webkit.org/show_bug.cgi?id=184861
3482         https://trac.webkit.org/changeset/231253
3483
3484 2018-05-03  Youenn Fablet  <youenn@apple.com>
3485
3486         A MediaStream being played should allow removing some of its tracks
3487         https://bugs.webkit.org/show_bug.cgi?id=185233
3488
3489         Reviewed by Eric Carlson.
3490
3491         Update the tracks out of the for loop.
3492         Test: fast/mediastream/change-tracks-media-stream-being-played.html
3493
3494         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
3495         (WebCore::updateTracksOfType):
3496
3497 2018-05-03  Miguel Gomez  <magomez@igalia.com>
3498
3499         WebCore::TextureMapperLayer object used after freed
3500         https://bugs.webkit.org/show_bug.cgi?id=184729
3501
3502         Reviewed by Michael Catanzaro.
3503
3504         Replace the raw pointers with WeakPtr for effectTarget, maskLayer and replicaLayer
3505         inside TextureMapperLayer.
3506
3507         * platform/graphics/texmap/TextureMapperLayer.cpp:
3508         (WebCore::TextureMapperLayer::~TextureMapperLayer):
3509         (WebCore::TextureMapperLayer::setMaskLayer):
3510         (WebCore::TextureMapperLayer::setReplicaLayer):
3511         * platform/graphics/texmap/TextureMapperLayer.h:
3512
3513 2018-05-03  Basuke Suzuki  <Basuke.Suzuki@sony.com>
3514
3515         [Curl] Add OpenSSL/LibreSSL multi-threading support
3516         https://bugs.webkit.org/show_bug.cgi?id=185138
3517
3518         The older OpenSSL manual says the locking_function and threadid_function should
3519         be set when use it in multi-threading environment. This applies to LibreSSL also.
3520         https://www.openssl.org/docs/man1.0.2/crypto/threads.html
3521
3522         For unix and other similar os, the default threadId_function implementation is
3523         good enough. We'll set custom callback only for Windows OS.
3524
3525         Note it's not required for OpenSSL 1.1.0 and after.
3526         https://www.openssl.org/blog/blog/2017/02/21/threads/
3527
3528         Reviewed by Per Arne Vollan.
3529
3530         * platform/network/curl/CurlSSLHandle.cpp:
3531         (WebCore::CurlSSLHandle::CurlSSLHandle):
3532         (WebCore::CurlSSLHandle::ThreadSupport::ThreadSupport):
3533         (WebCore::CurlSSLHandle::ThreadSupport::lockingCallback):
3534         (WebCore::CurlSSLHandle::ThreadSupport::threadIdCallback):
3535         * platform/network/curl/CurlSSLHandle.h:
3536         (WebCore::CurlSSLHandle::ThreadSupport::setup):
3537         (WebCore::CurlSSLHandle::ThreadSupport::singleton):
3538         (WebCore::CurlSSLHandle::ThreadSupport::lock):
3539         (WebCore::CurlSSLHandle::ThreadSupport::unlock):
3540
3541 2018-05-02  Ryosuke Niwa  <rniwa@webkit.org>
3542
3543         Remove superfluous check for a null attribute value check in Element::removeAttributeInternal
3544         https://bugs.webkit.org/show_bug.cgi?id=185227
3545
3546         Reviewed by Chris Dumez.
3547
3548         Removed the check. The attribute value string can never be null.
3549
3550         * dom/Element.cpp:
3551         (WebCore::Element::removeAttributeInternal):
3552
3553 2018-05-02  Zalan Bujtas  <zalan@apple.com>
3554
3555         [LFC] Implement LayoutContext::createDisplayBox
3556         https://bugs.webkit.org/show_bug.cgi?id=185158
3557
3558         Reviewed by Antti Koivisto.
3559
3560         Now compute*() functions take both the const layout and the corresponding non-const display boxes.
3561         Display boxes are owned by the LayoutContext and they don't form a tree structure (only implicitly through the layout tree).
3562         (This might need to change in the future if we decide to arrange them in some sort of painting order)
3563
3564         * layout/FloatingContext.cpp:
3565         (WebCore::Layout::FloatingContext::computePosition):
3566         * layout/FloatingContext.h:
3567         * layout/FormattingContext.cpp:
3568         (WebCore::Layout::FormattingContext::computeStaticPosition const):
3569         (WebCore::Layout::FormattingContext::computeInFlowPositionedPosition const):
3570         (WebCore::Layout::FormattingContext::computeOutOfFlowPosition const):
3571         (WebCore::Layout::FormattingContext::computeWidth const):
3572         (WebCore::Layout::FormattingContext::computeHeight const):
3573         (WebCore::Layout::FormattingContext::computeOutOfFlowWidth const):
3574         (WebCore::Layout::FormattingContext::computeFloatingWidth const):
3575         (WebCore::Layout::FormattingContext::computeOutOfFlowHeight const):
3576         (WebCore::Layout::FormattingContext::computeFloatingHeight const):
3577         * layout/FormattingContext.h:
3578         * layout/LayoutContext.cpp:
3579         (WebCore::Layout::LayoutContext::createDisplayBox):
3580         * layout/LayoutContext.h:
3581         (WebCore::Layout::LayoutContext::displayBoxForLayoutBox const):
3582         * layout/blockformatting/BlockFormattingContext.cpp:
3583         (WebCore::Layout::BlockFormattingContext::layout const):
3584         (WebCore::Layout::BlockFormattingContext::computeStaticPosition const):
3585         (WebCore::Layout::BlockFormattingContext::computeInFlowWidth const):
3586         (WebCore::Layout::BlockFormattingContext::computeInFlowHeight const):
3587         * layout/blockformatting/BlockFormattingContext.h:
3588         * layout/displaytree/DisplayBox.h:
3589         (WebCore::Display::Box::parent const): Deleted.
3590         (WebCore::Display::Box::nextSibling const): Deleted.
3591         (WebCore::Display::Box::previousSibling const): Deleted.
3592         (WebCore::Display::Box::firstChild const): Deleted.
3593         (WebCore::Display::Box::lastChild const): Deleted.
3594         (WebCore::Display::Box::setParent): Deleted.
3595         (WebCore::Display::Box::setNextSibling): Deleted.
3596         (WebCore::Display::Box::setPreviousSibling): Deleted.
3597         (WebCore::Display::Box::setFirstChild): Deleted.
3598         (WebCore::Display::Box::setLastChild): Deleted.
3599         (): Deleted.
3600         * layout/inlineformatting/InlineFormattingContext.cpp:
3601         (WebCore::Layout::InlineFormattingContext::computeInFlowWidth const):
3602         (WebCore::Layout::InlineFormattingContext::computeInFlowHeight const):
3603         * layout/inlineformatting/InlineFormattingContext.h:
3604
3605 2018-05-02  Said Abou-Hallawa  <sabouhallawa@apple.com>
3606
3607         Hiding then showing an <object> of type image makes the underlaying image disappear
3608         https://bugs.webkit.org/show_bug.cgi?id=185216
3609         <rdar://problem/39055630>
3610
3611         Reviewed by Youenn Fablet.
3612
3613         Ensure the HTMLPlugInImageElement updates the RenderImageResource of its
3614         RenderImage with the CachedImage of its ImageLoader when the RenderImage
3615         is recreated.
3616
3617         Test: fast/images/object-image-hide-show.html
3618
3619         * html/HTMLPlugInImageElement.cpp:
3620         (WebCore::HTMLPlugInImageElement::didAttachRenderers):
3621         This is very similar to what we do in HTMLImageElement::didAttachRenderers().
3622
3623
3624 2018-05-02  Brent Fulgham  <bfulgham@apple.com>
3625
3626         Use RetainPtr for form input type
3627         https://bugs.webkit.org/show_bug.cgi?id=185210
3628         <rdar://problem/39734040>
3629
3630         Reviewed by Ryosuke Niwa.
3631
3632         Refactor our HTMLInputElement class to store its InputType member as a RefPtr.
3633
3634         Test: fast/forms/access-key-mutation-2.html.
3635
3636         * html/HTMLInputElement.cpp:
3637         (WebCore::HTMLInputElement::HTMLInputElement):
3638         (WebCore::HTMLInputElement::didAddUserAgentShadowRoot):
3639         (WebCore::HTMLInputElement::accessKeyAction):
3640         (WebCore::HTMLInputElement::parseAttribute):
3641         (WebCore::HTMLInputElement::appendFormData):
3642         * html/HTMLInputElement.h:
3643         * html/InputType.cpp:
3644         (WebCore::createInputType):
3645         (WebCore::InputType::create):
3646         (WebCore::InputType::createText):
3647         * html/InputType.h:
3648
3649 2018-05-01  Yusuke Suzuki  <utatane.tea@gmail.com>
3650
3651         Use pointer instead of std::optional<std::reference_wrapper<>>
3652         https://bugs.webkit.org/show_bug.cgi?id=185186
3653
3654         Reviewed by Alex Christensen.
3655
3656         std::optional<T&> is not accepted in C++17 spec. So we replaced it
3657         with std::optional<std::reference_wrapper<T>>.
3658
3659         In this patch, we replace it with T*, which is well-aligned to
3660         WebKit's convention.
3661
3662         * Modules/mediastream/RTCPeerConnection.cpp:
3663         (WebCore::iceServersFromConfiguration):
3664         (WebCore::RTCPeerConnection::initializeConfiguration):
3665         (WebCore::RTCPeerConnection::setConfiguration):
3666         * css/parser/CSSParser.cpp:
3667         (WebCore::CSSParser::parseSystemColor):
3668         * css/parser/CSSParser.h:
3669         * dom/DatasetDOMStringMap.cpp:
3670         (WebCore::DatasetDOMStringMap::item const):
3671         (WebCore::DatasetDOMStringMap::namedItem const):
3672         * dom/DatasetDOMStringMap.h:
3673         * dom/Element.cpp:
3674         (WebCore::Element::insertAdjacentHTML):
3675         * dom/Element.h:
3676         * html/canvas/CanvasStyle.cpp:
3677         (WebCore::parseColor):
3678         * inspector/DOMEditor.cpp:
3679         * platform/network/curl/CurlFormDataStream.cpp:
3680         (WebCore::CurlFormDataStream::getPostData):
3681         * platform/network/curl/CurlFormDataStream.h:
3682         * platform/network/curl/CurlRequest.cpp:
3683         (WebCore::CurlRequest::setupPOST):
3684         * testing/MockCDMFactory.cpp:
3685         (WebCore::MockCDMFactory::keysForSessionWithID const):
3686         (WebCore::MockCDMInstance::updateLicense):
3687         * testing/MockCDMFactory.h:
3688
3689 2018-05-02  Keith Rollin  <krollin@apple.com>
3690
3691         Add facility for tracking times and results of page and resource loading
3692         https://bugs.webkit.org/show_bug.cgi?id=184838
3693         <rdar://problem/36548974>
3694
3695         Reviewed by Brent Fulgham.
3696
3697         Update FrameProgressTracker to send the necessary page load start/stop
3698         signals so that we can track the entire page load at a network level.
3699         Add an empty override of the pure virtual
3700         LoaderStrategy::pageLoadCompleted method.
3701
3702         No new tests. There is no testable effect from these changes. On
3703         Cocoa, measurable changes take place in another (non-WebKit) process.
3704         On non-Cocoa systems, this facility is currently disabled.
3705
3706         * loader/FrameLoader.cpp:
3707         (WebCore::FrameLoader::FrameProgressTracker::progressCompleted):
3708         * loader/LoaderStrategy.h:
3709
3710 2018-05-02  Aditya Keerthi  <akeerthi@apple.com>
3711
3712         Can't copy and paste URLs that have no title into Mail (macOS)
3713         https://bugs.webkit.org/show_bug.cgi?id=185205
3714         <rdar://problem/36352406>
3715
3716         Reviewed by Tim Horton.
3717
3718         The pasteboardURL generated has an empty title for URLs without titles. Currently, the pasteboardURL.title is being saved to the pasteboard.
3719
3720         To fix the error, we check whether the title is empty and instead save the lastPathComponent to the pasteboard. This matches current behavior as the fallback title.
3721
3722         Augmented WebKitLegacy.ContextMenuCanCopyURL test
3723
3724         * platform/mac/PasteboardMac.mm:
3725         (WebCore::writeURLForTypes):
3726
3727 2018-05-01  Ryosuke Niwa  <rniwa@webkit.org>
3728
3729         REGRESSION(r225868): Release assert when removing an SVGUseElement from Document::m_svgUseElements
3730         https://bugs.webkit.org/show_bug.cgi?id=182188
3731         <rdar://problem/36689240>
3732
3733         Reviewed by Antti Koivisto.
3734
3735         Fixed the crash by removing up the release assert.
3736
3737         The crash is likely caused by re-entrancy to Document::resolveStyle during SVGUseElement::updateShadowTree.
3738         Because Document::resolveStyle invokes updateShadowTree on SVG use elements in Document::m_svgUseElements
3739         without clearing the map, the nested call to resolveStyle ends up calling updateShadowTree() for all elements
3740         in m_svgUseElements and removing them all from the map. When the stack frame eventually comes back to the outer
3741         invocation of Document::resolveStyle, updateShadowTree gets invoked for the second time on SVG use elements
3742         whose shadow tree had already been updated within the inner invocation to updateShadowTree, and release-asserts.
3743
3744         There is an alternative fix: avoid calling updateShadowTree on a svg element when shadowTreeNeedsUpdate returns
3745         true on the element in resolveStyle. However, removing the release assert is a sure way to fix the crash so
3746         this patch opts for that fix instead especially since we don't have any reproducible test case for this crash.
3747
3748         This release assertion was added in r225868 as a cautious measure to catch any use-after-frees of SVGUseElement's
3749         since m_svgUseElements stored raw pointes to SVG use elements but this crash is not an indicative of any UAF,
3750         and there is no evidence that r225868 has led to new UAFs even after five months.
3751
3752         No new tests. I couldn't find a way to trigger a nested style update inside SVGUseElement::updateShadowTree.
3753
3754         * dom/Document.cpp:
3755         (WebCore::Document::removeSVGUseElement):
3756
3757 2018-05-02  Dirk Schulze  <dschulze@chromium.org>
3758
3759         getCharNumAtPosition should take DOMPointInit as argument
3760         https://bugs.webkit.org/show_bug.cgi?id=184695
3761
3762         Reviewed by Antti Koivisto.
3763
3764         Extend existing tests for getCharNumAtPosition.
3765
3766         * svg/SVGTextContentElement.cpp:
3767         (WebCore::SVGTextContentElement::getCharNumAtPosition):
3768         * svg/SVGTextContentElement.h:
3769         * svg/SVGTextContentElement.idl: Use DOMPointInit argument.
3770
3771 2018-05-02  Youenn Fablet  <youenn@apple.com>
3772
3773         Use NetworkLoadChecker for navigation loads
3774         https://bugs.webkit.org/show_bug.cgi?id=184892
3775         <rdar://problem/39652686>
3776
3777         Reviewed by Chris Dumez.
3778
3779         Sanitize headers according response tainting.
3780         If tainting is basic, it means same origin load in which case we only filter Cookie related headers.
3781         If tainting is Opaque, we filter all uncommon headers.
3782         If tainting is CORS, we filter all uncommon headers except the one explicitely allowed by CORS headers.
3783         Covered by updated test.
3784
3785         * platform/network/ResourceResponseBase.cpp:
3786         (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting):
3787         (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFields):
3788         * platform/network/ResourceResponseBase.h:
3789
3790 2018-05-02  Myles C. Maxfield  <mmaxfield@apple.com>
3791
3792         Collection fragment identifiers don't use PostScript names
3793         https://bugs.webkit.org/show_bug.cgi?id=184624
3794         <rdar://problem/39432089>
3795
3796         Reviewed by Simon Fraser.
3797
3798         In a previous version of the CSS Fonts spec, there was text saying that items in font collections
3799         should be 1-indexed (so the first item would be MyFonts.ttc#1). However, this is unfortunate because
3800         inserting an item into the middle of a collection would throw off all content that uses the file.
3801         Instead, the spec has since changed to use PostScript names (so the content instead would say
3802         MyFonts.ttc#MyFont-Regular).
3803
3804         Test: fast/text/font-collection.html
3805
3806         * css/CSSFontFaceSource.cpp:
3807         (WebCore::CSSFontFaceSource::load):
3808         * loader/cache/CachedFont.cpp:
3809         (WebCore::CachedFont::calculateItemInCollection const):
3810         (WebCore::CachedFont::ensureCustomFontData):
3811         (WebCore::CachedFont::createCustomFontData):
3812         (WebCore::CachedFont::calculateIndex const): Deleted.
3813         * loader/cache/CachedFont.h:
3814         * platform/graphics/mac/FontCustomPlatformData.cpp:
3815         (WebCore::createFontCustomPlatformData):
3816         * platform/graphics/mac/FontCustomPlatformData.h:
3817
3818 2018-05-02  Brian Burg  <bburg@apple.com>
3819
3820         Web Inspector: opt out of process swap on navigation if a Web Inspector frontend is connected
3821         https://bugs.webkit.org/show_bug.cgi?id=184861
3822         <rdar://problem/39153768>
3823
3824         Reviewed by Ryosuke Niwa.
3825
3826         Notify the client of the current connection count whenever a frontend connects or disconnects.
3827
3828         Covered by new API test.
3829
3830         * inspector/InspectorClient.h:
3831         (WebCore::InspectorClient::frontendCountChanged):
3832         * inspector/InspectorController.cpp:
3833         (WebCore::InspectorController::connectFrontend):
3834         (WebCore::InspectorController::disconnectFrontend):
3835         (WebCore::InspectorController::disconnectAllFrontends):
3836         * inspector/InspectorController.h:
3837
3838 2018-05-02  Carlos Alberto Lopez Perez  <clopez@igalia.com>
3839
3840         [GStreamer] Remove unneeded include of gstgldisplay_wayland.h after r228866 and r229022
3841         https://bugs.webkit.org/show_bug.cgi?id=185207
3842
3843         Reviewed by Michael Catanzaro.
3844
3845         Remove unneeded include of gstgldisplay_wayland.h
3846
3847         No new tests, no change in behaviour.
3848
3849         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
3850
3851 2018-05-02  Chris Dumez  <cdumez@apple.com>
3852
3853         document.open() event listener removal is not immediate
3854         https://bugs.webkit.org/show_bug.cgi?id=185191
3855
3856         Reviewed by Darin Adler.
3857
3858         We need to make sure we set the 'wasremoved' flag on RegisteredEventListeners
3859         whenever they get removed from the EventListenerMap. We were doing so correctly
3860         in EventListenerMap:remove() but not EventListenerMap::clear(). This patch
3861         updates clear() accordingly.
3862
3863         The reason we need to set this flag is that RegisteredEventListeners is RefCounted
3864         and EventTarget::fireEventListeners() may be currently running and calling
3865         each listener one by one, holding a reference to all listener of a given event.
3866
3867         Test: fast/dom/Document/document-open-removes-all-listeners.html
3868
3869         * dom/EventListenerMap.cpp:
3870         (WebCore::EventListenerMap::clear):
3871
3872 2018-05-02  Zalan Bujtas <zalan@apple.com>
3873
3874         Use WeakPtr in GridCell
3875         https://bugs.webkit.org/show_bug.cgi?id=185180
3876         <rdar://problem/39432165>
3877
3878         Reviewed by Antti Koivisto.
3879
3880         Since GridCell does not own the renderers, it should
3881         construct weak pointers.
3882
3883         Unable to create a reliably reproducible test case.
3884
3885         * rendering/Grid.cpp:
3886         (WebCore::Grid::insert):
3887         (WebCore::GridIterator::nextGridItem):
3888         * rendering/Grid.h:
3889         * rendering/RenderGrid.cpp:
3890         (WebCore::RenderGrid::firstLineBaseline const):
3891
3892 2018-05-02  Eric Carlson  <eric.carlson@apple.com>
3893
3894         [iOS] Provide audio route information when invoking AirPlay picker
3895         https://bugs.webkit.org/show_bug.cgi?id=185199
3896         <rdar://problem/39853103>
3897
3898         Reviewed by Jer Noble.
3899
3900         No new tests, this requires a specific hardware setup.
3901
3902         * dom/Document.cpp:
3903         (WebCore::Document::showPlaybackTargetPicker): Pass route sharing policy and routing context UID.
3904         * dom/Document.h:
3905
3906         * html/MediaElementSession.cpp:
3907         (WebCore::MediaElementSession::showPlaybackTargetPicker): Ditto.
3908
3909         * loader/EmptyClients.h:
3910         * page/ChromeClient.h:
3911
3912         * page/Page.cpp:
3913         (WebCore::Page::showPlaybackTargetPicker): Ditto.
3914         * page/Page.h:
3915
3916         * platform/audio/AudioSession.cpp:
3917         (WebCore::AudioSession::routeSharingPolicy const): Empty implementation for non-iOS ports.
3918         (WebCore::routingContextUID const): Ditto.
3919         * platform/audio/AudioSession.h:
3920
3921         * platform/audio/ios/AudioSessionIOS.mm:
3922         (WebCore::AudioSession::routeSharingPolicy const): Return the route sharing policy.
3923         (WebCore::AudioSession::routingContextUID const): Return the route context UID.
3924
3925 2018-05-02  Dean Jackson  <dino@apple.com>
3926
3927         Draw SystemPreview badge to specification on iOS
3928         https://bugs.webkit.org/show_bug.cgi?id=185203
3929         <rdar://problem/39908855>
3930
3931         Reviewed by Tim Horton.
3932
3933         Use CoreImage to render a badge with a blurred background,
3934         at particular sizes.
3935
3936         This will be tested internally while we're getting artwork
3937         from WebKitAdditions.
3938
3939         * Configurations/WebCore.xcconfig: Link against CoreImage.
3940         * rendering/RenderThemeIOS.h:
3941         * rendering/RenderThemeIOS.mm:
3942         (WebCore::RenderThemeIOS::paintSystemPreviewBadge): New function
3943         in the iOS platform RenderTheme that draws the system preview.
3944
3945 2018-05-01  Brent Fulgham  <bfulgham@apple.com>
3946
3947         Prevent Debug ASSERT when changing forms
3948         https://bugs.webkit.org/show_bug.cgi?id=185173
3949         <rdar://problem/39738669>
3950
3951         Reviewed by Ryosuke Niwa.
3952
3953         Form submission could trigger a debug assertion during validation when
3954         a form is changed during an input submission. Fix this by cleaning up
3955         the event handling logic and make it more consistent with modern WebKit
3956         coding style.
3957
3958         Test: fast/forms/form-submission-crash-3.html
3959
3960         * html/HTMLButtonElement.cpp:
3961         (WebCore::HTMLButtonElement::defaultEventHandler): Make sure layout runs before
3962         attempting to perform event handling.
3963         * html/HTMLFormElement.cpp:
3964         (WebCore::HTMLFormElement::reportValidity): Ditto.
3965         (WebCore::HTMLFormElement::validateInteractively): Remove call to perform layout here,
3966         since we expect this to happen earlier in the layout pass. Add an assertion that the
3967         tree is not dirty.
3968         * html/ImageInputType.cpp:
3969         (WebCore::ImageInputType::handleDOMActivateEvent): Make sure layout runs before
3970         attempting to perform event handling.
3971         * html/SubmitInputType.cpp: