[GTK][Threaded Compositor] Overlay scrollbars shouldn't be a requirement of the threa...
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
2
3         [GTK][Threaded Compositor] Overlay scrollbars shouldn't be a requirement of the threaded compositor
4         https://bugs.webkit.org/show_bug.cgi?id=160020
5
6         Reviewed by Michael Catanzaro.
7
8         It has been a requirement only because we didn't really know why frame scrollbars were not rendered when using
9         the threaded compositor. The reason is that RenderView doesn't use layers for FrameView scrollbars by default,
10         unless using overlay scrollbars. When using the threaded compositor we really need layers for the FrameView
11         scrollbars even when not using overlay scrollbars.
12
13         * platform/gtk/ScrollbarThemeGtk.cpp:
14         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk): Stop enforcing overlay scrollbars when threaded compositor is enabled.
15         * rendering/RenderLayerCompositor.cpp:
16         (WebCore::RenderLayerCompositor::shouldCompositeOverflowControls): Always use layers for scrollbars when
17         threaded compositor is enabled.
18
19 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
20
21         [Cairo] Fix a crash in fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
22         https://bugs.webkit.org/show_bug.cgi?id=160014
23
24         Reviewed by Michael Catanzaro.
25
26         In r202887 some null checks were added for JSArray::createUninitialized (and related) but not for the
27         ImageBuffer cairo implementation.
28
29         * platform/graphics/cairo/ImageBufferCairo.cpp:
30         (WebCore::getImageData): Return early if Uint8ClampedArray::createUninitialized() returns nullptr.
31
32 2016-07-21  Miguel Gomez  <magomez@igalia.com>
33
34         [GTK] The GSTREAMER_GL path in MediaPlayerPrivateGStreamerBase::paintToTextureMapper() is missing a mutex lock
35         https://bugs.webkit.org/show_bug.cgi?id=160018
36
37         Reviewed by Philippe Normand.
38
39         Lock the video sample mutex while accessing it.
40
41         Covered by existent tests.
42
43         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
44         (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
45
46 2016-07-21  Miguel Gomez  <magomez@igalia.com>
47
48         [Threaded Compositor] Flickering when zooming in/out in maps.google.com
49         https://bugs.webkit.org/show_bug.cgi?id=154069
50
51         Reviewed by Carlos Garcia Campos.
52
53         Add a new extra buffer to GraphicsContext3D when using the Threaded Compositor,
54         so it doesn't have to reuse the buffers that are still waiting for composition.
55
56         Covered by existing tests.
57
58         * platform/graphics/GraphicsContext3D.h:
59         Add a new texture to use for the rendering. Remove the compositor fbo we were using.
60         * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
61         (WebCore::GraphicsContext3D::GraphicsContext3D):
62         Initialize the new texture and remove the previous fbo related code.
63         (WebCore::GraphicsContext3D::~GraphicsContext3D):
64         Properly destroy the new texture and remove the previous fbo related code.
65         * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
66         (WebCore::GraphicsContext3D::reshapeFBOs):
67         Allocate the new texture and remove the previous fbo allocation.
68         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
69         (WebCore::GraphicsContext3D::prepareTexture):
70         Use a single fbo with three textures instead of two fbos with a texture each.
71         Rotate the three textures usage so:
72         - m_texture becomes m_compositorTexture to be pushed to the compositor.
73         - m_intermediateTexture becomes m_texture to receive the next rendering.
74         - m_compositorTexture becomes m_intermediateTexture.
75         And add a glFlush() to ensure that the gl commands are sent to the pipeline.
76         * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
77         (WebCore::GraphicsContext3D::reshapeFBOs):
78         Allocate the new texture.
79
80 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
81
82         [GTK][Threaded Compositor] Web view background colors don't work
83         https://bugs.webkit.org/show_bug.cgi?id=159465
84
85         Reviewed by Michael Catanzaro.
86
87         * rendering/RenderLayerBacking.cpp:
88         (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): Initialize frame view layer opacity for platforms not
89         using the tiled cache layer.
90
91 2016-07-20  Youenn Fablet  <youenn@apple.com>
92
93         [XHR] Cache response JS object in case of arraybuffer and blob response types
94         https://bugs.webkit.org/show_bug.cgi?id=128903
95
96         Reviewed by Alex Christensen.
97
98         Covered by existing and modified tests.
99
100         Making response getter a JS builtin that caches response in @response private slot.
101         Handling invalidation of cached response with @responseCacheIsValid new private method.
102         Handling creation of cached response with @retrieveResponse new private method which reuses most of
103         JSXMLHttpRequest::response previous code.
104
105         Caching of responses is activated whenever load ended without any error for blob and arraybuffer response types.
106
107         Caching of response for document is also activated in case the response getter is used but not if responseXML getter is used.
108
109         * CMakeLists.txt: Adding XMLHttpRequest.js.
110         * DerivedSources.make: Ditto.
111         * bindings/js/JSXMLHttpRequestCustom.cpp:
112         (WebCore::JSXMLHttpRequest::retrieveResponse): Implements creation of to-be-cached response.
113         (WebCore::JSXMLHttpRequest::response): Deleted.
114         * bindings/js/WebCoreBuiltinNames.h: Adding new private names.
115         * xml/XMLHttpRequest.cpp:
116         (WebCore::XMLHttpRequest::didCacheResponse): Renamed from didCacheResponseJSON as all response types are now cached.
117         (WebCore::XMLHttpRequest::didCacheResponseJSON): Deleted.
118         * xml/XMLHttpRequest.h:
119         * xml/XMLHttpRequest.idl:
120
121 2016-07-20  Youenn Fablet  <youenn@apple.com>
122
123         Remove crossOriginRequestPolicy from ThreadableLoaderOptions
124         https://bugs.webkit.org/show_bug.cgi?id=159417
125
126         Reviewed by Alex Christensen.
127
128         No observable change.
129
130         * Modules/fetch/FetchLoader.cpp:
131         (WebCore::FetchLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
132         * fileapi/FileReaderLoader.cpp:
133         (WebCore::FileReaderLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
134         * inspector/InspectorNetworkAgent.cpp:
135         (WebCore::InspectorNetworkAgent::loadResource): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
136         * loader/DocumentThreadableLoader.cpp:
137         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
138         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest): UseAccessControl -> FetchOptions::Mode::Cors.
139         (WebCore::DocumentThreadableLoader::redirectReceived): Ditto.
140         (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
141         (WebCore::DocumentThreadableLoader::loadRequest): Use NoCors as option passed to ResourceLoader. This allows
142         desactivating ResourceLoader CORS checks as they are done in DocumentThreadableLoader right now. In the future,
143         these checks should be moved to ResourceLoader and DocumentThreadableLoader should directly pass the fetch mode
144         option.
145         (WebCore::DocumentThreadableLoader::isAllowedRedirect): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
146         * loader/ThreadableLoader.cpp:
147         (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing CrossOriginRequestPolicy.
148         * loader/ThreadableLoader.h: Ditto.
149         * loader/WorkerThreadableLoader.cpp:
150         (WebCore::LoaderTaskOptions::LoaderTaskOptions): Ditto.
151         * page/EventSource.cpp:
152         (WebCore::EventSource::connect): UseAccessControl -> FetchOptions::Mode::Cors.
153         * workers/Worker.cpp:
154         (WebCore::Worker::create): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
155         * workers/WorkerGlobalScope.cpp:
156         (WebCore::WorkerGlobalScope::importScripts): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
157         * workers/WorkerScriptLoader.cpp:
158         (WebCore::WorkerScriptLoader::loadSynchronously):
159         (WebCore::WorkerScriptLoader::loadAsynchronously):
160         * workers/WorkerScriptLoader.h:
161         * xml/XMLHttpRequest.cpp:
162         (WebCore::XMLHttpRequest::createRequest):
163
164 2016-07-20  Chris Dumez  <cdumez@apple.com>
165
166         Fix null handling of several Document attributes
167         https://bugs.webkit.org/show_bug.cgi?id=159997
168
169         Reviewed by Ryosuke Niwa.
170
171         Fix null handling of the following Document attributes: title, cookie
172         and domain.
173
174         In WebKit, they were all marked as [TreatNullAs=EmptyString], which
175         does not match the specification:
176         - https://html.spec.whatwg.org/multipage/dom.html#document
177
178         Details for each attribute:
179         - title: null is now treated as the string "null", thus setting the
180           document title to "null". This matches Firefox and Chrome.
181         - cookie: adds a "null" cookie instead of being a no-op. This matches
182                   both Firefox and Chrome.
183         - domain: Calls setDomain(String("null")) instead of
184                   setDomain(String()). This throws an exception because "null"
185                   is not a suffix of the effective domain name. The behavior
186                   is the same in Firefox and Chrome. Previously, we were
187                   already throwing an exception since setting the domain to
188                   the empty string throws, as per the specification.
189
190         Test: http/tests//dom/document-attributes-null-handling.html
191
192         * dom/Document.idl:
193
194 2016-07-20  Commit Queue  <commit-queue@webkit.org>
195
196         Unreviewed, rolling out r203471.
197         https://bugs.webkit.org/show_bug.cgi?id=160003
198
199         many iOS-simulator tests are failing (Requested by litherum on
200         #webkit).
201
202         Reverted changeset:
203
204         "[iPhone] Playing a video on tudou.com plays only sound, no
205         video"
206         https://bugs.webkit.org/show_bug.cgi?id=159967
207         http://trac.webkit.org/changeset/203471
208
209 2016-07-19  Ryosuke Niwa  <rniwa@webkit.org>
210
211         iOS: Cannot paste images in RTF content
212         https://bugs.webkit.org/show_bug.cgi?id=159964
213         <rdar://problem/27442806>
214
215         Reviewed by Enrica Casucci.
216
217         The bug was caused by setDefersLoading(true) not deferring image loading for the parsed fragment.
218         Worked around this bug by disabling image loading while parsing the document fragment.
219
220         * editing/ios/EditorIOS.mm:
221         (WebCore::Editor::createFragmentAndAddResources):
222
223 2016-07-20  Brady Eidson  <beidson@apple.com>
224
225         Address a small FIXME in IDB code.
226         https://bugs.webkit.org/show_bug.cgi?id=159999
227
228         Reviewed by Andy Estes.
229
230         No new tests (No behavior change).
231
232         * Modules/indexeddb/IDBRequest.cpp:
233         (WebCore::IDBRequest::IDBRequest):
234         
235         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
236         (WebCore::IDBResourceIdentifier::IDBResourceIdentifier): Deleted.
237         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
238
239 2016-07-20  Brady Eidson  <beidson@apple.com>
240
241         Remove some "modernFoo"s from IndexedDB code.
242         https://bugs.webkit.org/show_bug.cgi?id=159985
243
244         Reviewed by Andy Estes.
245
246         No new tests (No known behavior change).
247
248         * Modules/indexeddb/IDBCursor.cpp:
249         (WebCore::IDBCursor::IDBCursor):
250         (WebCore::IDBCursor::~IDBCursor):
251         (WebCore::IDBCursor::sourcesDeleted):
252         (WebCore::IDBCursor::effectiveObjectStore):
253         (WebCore::IDBCursor::transaction):
254         (WebCore::IDBCursor::direction):
255         (WebCore::IDBCursor::update):
256         (WebCore::IDBCursor::advance):
257         (WebCore::IDBCursor::continueFunction):
258         (WebCore::IDBCursor::uncheckedIterateCursor):
259         (WebCore::IDBCursor::deleteFunction):
260         (WebCore::IDBCursor::setGetResult):
261         
262         * Modules/indexeddb/IDBIndex.cpp:
263         (WebCore::IDBIndex::IDBIndex):
264         (WebCore::IDBIndex::~IDBIndex):
265         (WebCore::IDBIndex::hasPendingActivity):
266         (WebCore::IDBIndex::name):
267         (WebCore::IDBIndex::objectStore):
268         (WebCore::IDBIndex::keyPath):
269         (WebCore::IDBIndex::unique):
270         (WebCore::IDBIndex::multiEntry):
271         (WebCore::IDBIndex::openCursor):
272         (WebCore::IDBIndex::doCount):
273         (WebCore::IDBIndex::openKeyCursor):
274         (WebCore::IDBIndex::doGet):
275         (WebCore::IDBIndex::doGetKey):
276         (WebCore::IDBIndex::markAsDeleted):
277         * Modules/indexeddb/IDBIndex.h:
278         
279         * Modules/indexeddb/IDBObjectStore.cpp:
280         (WebCore::IDBObjectStore::transaction):
281         (WebCore::IDBObjectStore::deleteFunction): Deleted.
282         (WebCore::IDBObjectStore::modernDelete): Deleted.
283         * Modules/indexeddb/IDBObjectStore.h:
284         
285         * bindings/js/JSIDBIndexCustom.cpp:
286         (WebCore::JSIDBIndex::visitAdditionalChildren):
287
288 2016-07-20  Chris Dumez  <cdumez@apple.com>
289
290         Stop using valueToStringWithNullCheck() in JSCSSStyleDeclaration::putDelegate()
291         https://bugs.webkit.org/show_bug.cgi?id=159982
292
293         Reviewed by Ryosuke Niwa.
294
295         valueToStringWithNullCheck() treats null as the null String() which is
296         legacy / non standard behavior. The specification says we should treat
297         null as the empty string:
298         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
299
300         Therefore, we should be using valueToStringTreatingNullAsEmptyString() instead.
301
302         In practice, there is no web-exposed behavior change because
303         MutableStyleProperties::setProperty() removes the property wether the
304         value is the null String or the empty String.
305
306         This behavior is correct since the specification says that we should
307         remove the property if the value is the empty string:
308         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty (step 4)
309
310         I added test coverage to make sure we behave according to specification.
311         This test is passing in Firefox, Chrome and in WebKit (before and after
312         my change).
313
314         Test: fast/css/CSSStyleDeclaration-property-setter.html
315
316         * bindings/js/JSCSSStyleDeclarationCustom.cpp:
317         (WebCore::JSCSSStyleDeclaration::putDelegate):
318
319 2016-07-20  Chris Dumez  <cdumez@apple.com>
320
321         Fix null handling of HTMLFrameElement.marginWidth / marginHeight
322         https://bugs.webkit.org/show_bug.cgi?id=159987
323
324         Reviewed by Ryosuke Niwa.
325
326         Fix null handling of HTMLFrameElement.marginWidth / marginHeight:
327         - https://html.spec.whatwg.org/multipage/obsolete.html#htmlframeelement
328
329         We are supposed to treat null as the empty string but we treat it as
330         the string "null".
331
332         Firefox and Chrome both match the specification.
333
334         No new tests, updated existing tests.
335
336         * html/HTMLFrameElement.idl:
337
338 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
339
340         Pausing autoplayed media should not remove all restrictions for that media element
341         https://bugs.webkit.org/show_bug.cgi?id=159988
342
343         Reviewed by Jon Lee.
344
345         Localizes the removal of behavior restrictions introduced in r203464 upon pausing an
346         autoplaying video to just affect the hiding or showing of the media controller. This
347         prevents pages from using Javascript to start playing autoplaying videos that have
348         been paused by the user.
349
350         * html/HTMLMediaElement.cpp:
351         (WebCore::HTMLMediaElement::pause):
352
353 2016-07-20  Myles C. Maxfield  <mmaxfield@apple.com>
354
355         [iPhone] Playing a video on tudou.com plays only sound, no video
356         https://bugs.webkit.org/show_bug.cgi?id=159967
357         <rdar://problem/26964090>
358
359         Reviewed by Jon Lee.
360
361         WebKit recently starting honoring the playsinline and webkit-playsinline
362         attribute on iPhones. However, because these attributes previously did
363         nothing, some sites (such as Todou) were setting them on their content
364         and expecting that they are not honored. In this specific case, the
365         video is absolutely positioned to be 1 pixel x 1 pixel.
366
367         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
368         property on their WKWebView, which would honor the webkit-playsinline
369         attribute. Safari on iPhones didn't do this.
370
371         In order to not break these existing apps, it's important that the
372         allowsInlineMediaPlayback preference still allows webkit-playsinline
373         videos to play inline in apps using WKWebView. However, in Safari, these
374         videos should play fullscreen. (Todou videos have webkit-playsinline
375         but not playsinline.)
376
377         Therefore, in Safari, videos with playsinline should be inline, but
378         videos with webkit-playsinline should be fullscreen. In apps using
379         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
380         playsinline should be inline, and videos with webkit-playsinline should
381         also be inline. Videos on iPad and Mac should all be inline by default.
382
383         We can create some truth tables for the cases which need to be covered:
384
385         All apps on Mac / iPad:
386         Presence of playsinline | Presence of webkit-playsinline | Result
387         ========================|================================|===========
388         Not present             | Not present                    | Inline
389         Present                 | Not present                    | Inline
390         Not Present             | Present                        | Inline
391         Present                 | Present                        | Inline
392
393         Safari on iPhone:
394         Presence of playsinline | Presence of webkit-playsinline | Result
395         ========================|================================|===========
396         Not present             | Not present                    | Fullscreen
397         Present                 | Not present                    | Inline
398         Not Present             | Present                        | Fullscreen
399         Present                 | Present                        | Inline
400
401         App on iPhone which sets allowsInlineMediaPlayback:
402         Presence of playsinline | Presence of webkit-playsinline | Result
403         ========================|================================|===========
404         Not present             | Not present                    | Fullscreen
405         Present                 | Not present                    | Inline
406         Not Present             | Present                        | Inline
407         Present                 | Present                        | Inline
408
409         The way to distinguish Safari from another app is to create an SPI
410         boolean preference which Safari can set. This is already how the
411         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
412         which Safari sets but other apps don't. However, this preference is
413         no longer sufficient because Safari should now be discriminating
414         between the playsinline and webkit-playsinline attributes. Therefore,
415         this preference should be extended to two boolean preferences, which
416         this patch adds:
417
418         allowsInlineMediaPlaybackWithPlaysInlineAttribute
419         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
420
421         Safari on iPhone will set
422         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
423         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
424         false. Other apps on iPhone will get their defaults values (because they
425         are SPI) which means they will both be true. On iPad and Mac, apps will
426         use the defaults values where both are false.
427
428         This patch adds support for these two preferences, but does not remove
429         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
430         I will remove the exising preference as soon as I update Safari to migrate
431         off of it.
432
433         Test: media/video-playsinline.html
434
435         * html/MediaElementSession.cpp:
436         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
437         * page/Settings.cpp:
438         * page/Settings.in:
439         * testing/InternalSettings.cpp:
440         (WebCore::InternalSettings::Backup::Backup):
441         (WebCore::InternalSettings::Backup::restoreTo):
442         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
443         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
444         * testing/InternalSettings.h:
445         * testing/InternalSettings.idl:
446
447 2016-07-20  Chris Dumez  <cdumez@apple.com>
448
449         Get rid of custom bindings code for XMLHttpRequest.open()
450         https://bugs.webkit.org/show_bug.cgi?id=159984
451
452         Reviewed by Ryosuke Niwa.
453
454         Get rid of custom bindings code for XMLHttpRequest.open() as the
455         bindings generator is able to generate it.
456
457         Relevant specification:
458         - https://xhr.spec.whatwg.org/#xmlhttprequest
459
460         The issue is that legacy content prevents treating the 'async' argument
461         being undefined identical from it being omitted. However, this can be
462         achieved by using overloading in IDL, like in the specification.
463
464         No new tests, already covered by the following tests:
465         - http/tests/xmlhttprequest/basic-auth.html
466         - http/tests/xmlhttprequest/open-async-overload.html
467
468         * bindings/js/JSXMLHttpRequestCustom.cpp:
469         (WebCore::SendFunctor::SendFunctor): Deleted.
470         (WebCore::SendFunctor::line): Deleted.
471         (WebCore::SendFunctor::column): Deleted.
472         (WebCore::SendFunctor::url): Deleted.
473         (WebCore::SendFunctor::operator()): Deleted.
474         * xml/XMLHttpRequest.cpp:
475         (WebCore::XMLHttpRequest::open):
476         * xml/XMLHttpRequest.h:
477         * xml/XMLHttpRequest.idl:
478
479 2016-07-20  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
480
481         Mark overriden methods in WebCore/svg final classes as final
482         https://bugs.webkit.org/show_bug.cgi?id=159966
483
484         Reviewed by Michael Catanzaro.
485
486         Update WebCore/svg classes so that overriden methods in final classes are marked final.
487
488         * svg/SVGAElement.h:
489         * svg/SVGAltGlyphDefElement.h:
490         * svg/SVGAltGlyphItemElement.h:
491         * svg/SVGAnimateTransformElement.h:
492         * svg/SVGAnimatedColor.h:
493         * svg/SVGCircleElement.h:
494         * svg/SVGClipPathElement.h:
495         * svg/SVGCursorElement.h:
496         * svg/SVGDefsElement.h:
497         * svg/SVGDescElement.h:
498         * svg/SVGEllipseElement.h:
499         * svg/SVGFEMergeNodeElement.h:
500         * svg/SVGFilterElement.h:
501         * svg/SVGFontElement.h:
502         * svg/SVGFontFaceElement.h:
503         * svg/SVGFontFaceFormatElement.h:
504         * svg/SVGFontFaceNameElement.h:
505         * svg/SVGFontFaceSrcElement.h:
506         * svg/SVGFontFaceUriElement.h:
507         * svg/SVGForeignObjectElement.h:
508         * svg/SVGGElement.h:
509         * svg/SVGGlyphElement.h:
510         * svg/SVGGlyphRefElement.h:
511         * svg/SVGHKernElement.h:
512         * svg/SVGImageElement.h:
513         * svg/SVGLineElement.h:
514         * svg/SVGMPathElement.h:
515         * svg/SVGMaskElement.h:
516         * svg/SVGMetadataElement.h:
517         * svg/SVGMissingGlyphElement.h:
518         * svg/SVGPathBuilder.h:
519         * svg/SVGPathByteStreamBuilder.h:
520         * svg/SVGPathByteStreamSource.h:
521         * svg/SVGPathElement.h:
522         * svg/SVGPathSegArcAbs.h:
523         * svg/SVGPathSegArcRel.h:
524         * svg/SVGPathSegClosePath.h:
525         * svg/SVGPathSegCurvetoCubicAbs.h:
526         * svg/SVGPathSegCurvetoCubicRel.h:
527         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
528         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
529         * svg/SVGPathSegCurvetoQuadraticAbs.h:
530         * svg/SVGPathSegCurvetoQuadraticRel.h:
531         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
532         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
533         * svg/SVGPathSegLinetoAbs.h:
534         * svg/SVGPathSegLinetoHorizontalAbs.h:
535         * svg/SVGPathSegLinetoHorizontalRel.h:
536         * svg/SVGPathSegLinetoRel.h:
537         * svg/SVGPathSegLinetoVerticalAbs.h:
538         * svg/SVGPathSegLinetoVerticalRel.h:
539         * svg/SVGPathSegListBuilder.h:
540         * svg/SVGPathSegListSource.h:
541         * svg/SVGPathSegMovetoAbs.h:
542         * svg/SVGPathSegMovetoRel.h:
543         * svg/SVGPathStringSource.h:
544         * svg/SVGPathTraversalStateBuilder.h:
545         * svg/SVGPatternElement.h:
546         * svg/SVGRectElement.h:
547         * svg/SVGScriptElement.h:
548         * svg/SVGStopElement.h:
549         * svg/SVGStyleElement.h:
550         * svg/SVGSwitchElement.h:
551         * svg/SVGTRefElement.cpp:
552         * svg/SVGTitleElement.h:
553         * svg/SVGToOTFFontConversion.cpp:
554         * svg/SVGUnknownElement.h:
555         * svg/SVGVKernElement.h:
556         * svg/SVGViewElement.h:
557         * svg/SVGZoomEvent.h:
558         * svg/animation/SVGSMILElement.cpp:
559         * svg/graphics/SVGImage.h:
560         * svg/graphics/SVGImageClients.h:
561         * svg/graphics/SVGImageForContainer.h:
562         * svg/graphics/filters/SVGFEImage.h:
563         * svg/graphics/filters/SVGFilter.h:
564         * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
565         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
566         * svg/properties/SVGAnimatedPropertyTearOff.h:
567         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
568         * svg/properties/SVGMatrixTearOff.h:
569         * svg/properties/SVGPathSegListPropertyTearOff.h:
570
571 2016-07-20  Brady Eidson  <beidson@apple.com>
572
573         Transition most IDB interfaces from ScriptExecutionContext to ExecState.
574         https://bugs.webkit.org/show_bug.cgi?id=159975
575
576         Reviewed by Alex Christensen.
577
578         No new tests (No known behavior change).
579
580         * Modules/indexeddb/IDBCursor.cpp:
581         (WebCore::IDBCursor::continueFunction):
582         (WebCore::IDBCursor::deleteFunction):
583         * Modules/indexeddb/IDBCursor.h:
584         * Modules/indexeddb/IDBCursor.idl:
585
586         * Modules/indexeddb/IDBDatabase.idl:
587
588         * Modules/indexeddb/IDBFactory.cpp:
589         (WebCore::IDBFactory::cmp):
590         * Modules/indexeddb/IDBFactory.h:
591         * Modules/indexeddb/IDBFactory.idl:
592
593         * Modules/indexeddb/IDBIndex.cpp:
594         (WebCore::IDBIndex::openCursor):
595         (WebCore::IDBIndex::count):
596         (WebCore::IDBIndex::doCount):
597         (WebCore::IDBIndex::openKeyCursor):
598         (WebCore::IDBIndex::get):
599         (WebCore::IDBIndex::doGet):
600         (WebCore::IDBIndex::getKey):
601         (WebCore::IDBIndex::doGetKey):
602         * Modules/indexeddb/IDBIndex.h:
603         * Modules/indexeddb/IDBIndex.idl:
604
605         * Modules/indexeddb/IDBKeyRange.cpp:
606         (WebCore::IDBKeyRange::only): Deleted.
607         * Modules/indexeddb/IDBKeyRange.h:
608
609         * Modules/indexeddb/IDBObjectStore.cpp:
610         (WebCore::IDBObjectStore::openCursor):
611         (WebCore::IDBObjectStore::get):
612         (WebCore::IDBObjectStore::putOrAdd):
613         (WebCore::IDBObjectStore::deleteFunction):
614         (WebCore::IDBObjectStore::doDelete):
615         (WebCore::IDBObjectStore::modernDelete):
616         (WebCore::IDBObjectStore::clear):
617         (WebCore::IDBObjectStore::createIndex):
618         (WebCore::IDBObjectStore::count):
619         (WebCore::IDBObjectStore::doCount):
620         * Modules/indexeddb/IDBObjectStore.h:
621         * Modules/indexeddb/IDBObjectStore.idl:
622
623         * Modules/indexeddb/IDBTransaction.cpp:
624         (WebCore::IDBTransaction::requestOpenCursor):
625         (WebCore::IDBTransaction::doRequestOpenCursor):
626         (WebCore::IDBTransaction::requestGetRecord):
627         (WebCore::IDBTransaction::requestGetValue):
628         (WebCore::IDBTransaction::requestGetKey):
629         (WebCore::IDBTransaction::requestIndexRecord):
630         (WebCore::IDBTransaction::requestCount):
631         (WebCore::IDBTransaction::requestDeleteRecord):
632         (WebCore::IDBTransaction::requestClearObjectStore):
633         (WebCore::IDBTransaction::requestPutOrAdd):
634         * Modules/indexeddb/IDBTransaction.h:
635
636         * inspector/InspectorIndexedDBAgent.cpp:
637
638 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
639
640         Media controls don't appear when pausing a small autoplaying video
641         https://bugs.webkit.org/show_bug.cgi?id=159972
642         <rdar://problem/27180657>
643
644         Reviewed by Beth Dakin.
645
646         When pausing an autoplaying video, remove behavior restrictions for the
647         initial user gesture and show media controls.
648
649         New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.
650
651         * html/HTMLMediaElement.cpp:
652         (WebCore::HTMLMediaElement::pause):
653
654 2016-07-20  Chris Dumez  <cdumez@apple.com>
655
656         Fix null handling of HTMLMediaElement.mediaGroup
657         https://bugs.webkit.org/show_bug.cgi?id=159974
658
659         Reviewed by Eric Carlson.
660
661         Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
662         - https://www.w3.org/TR/html5/embedded-content-0.html#media-elements
663
664         null is supposed to be treated as the String "null". This patch aligns
665         our behavior with the specification. I tested Firefox and Chrome but both
666         do not have this attribute on HTMLMediaElement.
667
668         Also remove support for [TreatNullAs=LegacyNullString] from our bindings
669         generator as HTMLMediaElement.mediaGroup was the last user.
670
671         No new tests, rebaselined existing test.
672
673         * bindings/scripts/CodeGeneratorJS.pm:
674         (JSValueToNative):
675         * bindings/scripts/IDLAttributes.txt:
676         * html/HTMLMediaElement.idl:
677
678 2016-07-20  Chris Dumez  <cdumez@apple.com>
679
680         CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
681         https://bugs.webkit.org/show_bug.cgi?id=159959
682
683         Reviewed by Alexey Proskuryakov.
684
685         CSSStyleDeclaration.setProperty() should be able to unsert "important"
686         on a property as per the latest specification:
687         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
688         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
689
690         Firefox and Chrome match the specification here but WebKit was ignoring calls
691         to setProperty() if there is already an "important" property wit this name
692         and if the new property does not have the "important" flag set.
693
694         This behavior was added a long time ago via Bug 60007. However, it does not
695         match the latest specification or other browsers.
696
697         Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html
698
699         * css/StyleProperties.cpp:
700         (WebCore::MutableStyleProperties::addParsedProperty):
701         Drop code that was added via Bug 60007 as this behavior no longer matches the
702         specification or other browsers. The layout test added in Bug 60007 fails in
703         other browsers and was updated in this patch to match the specification.
704
705 2016-07-20  Commit Queue  <commit-queue@webkit.org>
706
707         Unreviewed, rolling out r203423.
708         https://bugs.webkit.org/show_bug.cgi?id=159977
709
710         The test for this change is failing on Mac Release WK2
711         (Requested by ryanhaddad on #webkit).
712
713         Reverted changeset:
714
715         "HTMLVideoElement frames do not update on iOS when src is a
716         MediaStream blob"
717         https://bugs.webkit.org/show_bug.cgi?id=159833
718         http://trac.webkit.org/changeset/203423
719
720 2016-07-20  Chris Dumez  <cdumez@apple.com>
721
722         Fix null handling of HTMLSelectElement.value attribute
723         https://bugs.webkit.org/show_bug.cgi?id=159925
724
725         Reviewed by Benjamin Poulain.
726
727         Fix null handling of HTMLSelectElement.value attribute:
728         - https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement
729
730         We were treating null as the null String which would end up setting
731         selectedIndex to -1. However, we should treat null as the String "null"
732         which would set the selectedIndex to the index of the <option> element
733         whose value is "null".
734
735         Firefox and Chrome match the specification.
736
737         Test: fast/dom/HTMLSelectElement/value-null-handling.html
738
739         * html/HTMLSelectElement.cpp:
740         (WebCore::HTMLSelectElement::setValue):
741         * html/HTMLSelectElement.idl:
742
743 2016-07-20  Chris Dumez  <cdumez@apple.com>
744
745         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
746         https://bugs.webkit.org/show_bug.cgi?id=159962
747         <rdar://problem/21439264>
748
749         Reviewed by David Kilzer.
750
751         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
752         is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
753         call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
754         However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
755         other. It is therefore possible for a PostResolutionCallbackDisabler object to get
756         destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
757         ResourceLoadSuspender object is alive.
758
759         This leads to hard to investigate crashes where we end up re-entering WebKit and killing
760         the style resolver.
761
762         This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
763         There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
764         is better because it manages a resolutionNestingDepth counter internally to make sure
765         it only calls LoaderStrategy::resumePendingRequests() once all
766         PostResolutionCallbackDisabler instances are destroyed.
767
768         No new tests, there is no easy way to reproduce the crashes.
769
770         * dom/Document.cpp:
771         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
772         * loader/LoaderStrategy.cpp:
773         (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
774         (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
775         * loader/LoaderStrategy.h:
776
777 2016-07-19  Youenn Fablet  <youenn@apple.com>
778
779         [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
780         https://bugs.webkit.org/show_bug.cgi?id=159932
781
782         Reviewed by Alex Christensen.
783
784         Covered by existing tests.
785
786         Refactoring Headers initializeWith to use the new built-in internal that implements
787         https://fetch.spec.whatwg.org/#concept-headers-fill.
788
789         Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
790         Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.
791
792         * CMakeLists.txt: Adding FetchHeadersInternals.js
793         * DerivedSources.make: Ditto.
794         * Modules/fetch/FetchHeaders.js:
795         (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
796         * Modules/fetch/FetchInternals.js: Added.
797         (fillFetchHeaders):
798         * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
799         that the checks are done in the order defined by the spec.
800         (WebCore::FetchResponse::setStatus):
801         (WebCore::FetchResponse::initializeWith):
802         (WebCore::isNullBodyStatus): Deleted.
803         * Modules/fetch/FetchResponse.h:
804         * Modules/fetch/FetchResponse.idl:
805         * Modules/fetch/FetchResponse.js:
806         (initializeFetchResponse): New built-in internal.
807         * WebCore.xcodeproj/project.pbxproj:
808         * bindings/js/WebCoreBuiltinNames.h:
809
810 2016-07-19  Chris Dumez  <cdumez@apple.com>
811
812         Fix null handling of SVGScriptElement.type attribute
813         https://bugs.webkit.org/show_bug.cgi?id=159927
814
815         Reviewed by Benjamin Poulain.
816
817         Fix null handling of SVGScriptElement.type attribute:
818         - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement
819
820         We were treating null as the null String which would end up removing
821         the 'type' content attribute. However, we should treat null as the
822         String "null".
823
824         Firefox and Chrome match the specification.
825
826         No new tests, updated existing test.
827
828         * svg/SVGScriptElement.idl:
829
830 2016-07-19  Chris Dumez  <cdumez@apple.com>
831
832         Fix null handling of several HTMLDocument attributes
833         https://bugs.webkit.org/show_bug.cgi?id=159923
834
835         Reviewed by Benjamin Poulain.
836
837         Fix null handling of several HTMLDocument attributes:
838         - https://html.spec.whatwg.org/multipage/dom.html#document
839         - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial
840
841         In particular, null handling was incorrect in WebKit for 'dir',
842         'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.
843
844         Firefox and Chrome match the specification.
845
846         Test: fast/dom/HTMLDocument/null-handling.html
847
848         * html/HTMLDocument.idl:
849
850 2016-07-19  Chris Dumez  <cdumez@apple.com>
851
852         Document.createElementNS() / createAttributeNS() parameters should be mandatory
853         https://bugs.webkit.org/show_bug.cgi?id=159938
854
855         Reviewed by Benjamin Poulain.
856
857         Document.createElementNS() / createAttributeNS() parameters should be mandatory:
858         - https://dom.spec.whatwg.org/#document
859
860         They were optional in WebKit. However, Firefox and Chrome both match the
861         specification.
862
863         No new tests, rebaselined existing tests.
864
865         * dom/Document.idl:
866
867 2016-07-19  Benjamin Poulain  <bpoulain@apple.com>
868
869         Use getElementById for attribute matching if the attribute name is html's id
870         https://bugs.webkit.org/show_bug.cgi?id=159960
871
872         Reviewed by Chris Dumez.
873
874         Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
875         (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).
876
877         If we are not in quirks mode, IdForStyleResolution has the same value
878         as the Id attribute. We can use the same optimization for both cases.
879
880         Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
881                fast/selectors/id-attribute-querySelector-used-as-id-selector.html
882
883         * dom/SelectorQuery.cpp:
884         (WebCore::canBeUsedForIdFastPath):
885         (WebCore::findIdMatchingType):
886         (WebCore::SelectorDataList::SelectorDataList):
887         (WebCore::selectorForIdLookup):
888         (WebCore::filterRootById):
889
890 2016-07-19  Chris Dumez  <cdumez@apple.com>
891
892         Drop SVGElement.xmlbase attribute
893         https://bugs.webkit.org/show_bug.cgi?id=159926
894
895         Reviewed by Benjamin Poulain.
896
897         Drop SVGElement.xmlbase attribute as it is no longer part of the
898         specification:
899         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
900
901         Both Firefox and Chrome have already dropped support for
902         SVGElement.xmlbase.
903
904         Chrome's intent to remove:
905         https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ
906
907         Test: svg/dom/SVGElement-xmlbase.html
908
909         * svg/SVGElement.cpp:
910         (WebCore::SVGElement::removedFrom): Deleted.
911         * svg/SVGElement.h:
912         * svg/SVGElement.idl:
913
914 2016-07-19  Chris Dumez  <cdumez@apple.com>
915
916         Align CSSStyleDeclaration.setProperty() with the specification
917         https://bugs.webkit.org/show_bug.cgi?id=159955
918
919         Reviewed by Benjamin Poulain.
920
921         Align CSSStyleDeclaration.setProperty() with the specification:
922         - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface
923
924         In particular, the following changes were needed:
925         1. The 'value' parameter should not be optional
926         2. The 'priority' parameter should treat null as the empty string
927            rather than the string "null".
928         3. The 'priority' parameter's default value should be the empty string,
929            not the string "undefined".
930         4. CSSStyleDeclaration.setProperty() should return early if 'priority'
931            is not the empty string and is not an ASCII case-insensitive match
932            for the string "important".
933
934         Chrome matches the specification entirely.
935         Firefox matches the specification with the exception that it does a
936         case-sensitive match for "important".
937
938         Test: fast/css/CSSStyleDeclaration-setProperty.html
939
940         * css/CSSStyleDeclaration.idl:
941         * css/PropertySetCSSStyleDeclaration.cpp:
942         (WebCore::PropertySetCSSStyleDeclaration::setProperty):
943
944 2016-07-19  Daniel Bates  <dabates@apple.com>
945
946         CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
947         https://bugs.webkit.org/show_bug.cgi?id=159841
948         <rdar://problem/27381684>
949
950         Reviewed by Brent Fulgham.
951
952         Implement a first pass at sending multiple violation reports so as to more closely
953         conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
954         <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).
955
956         Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
957                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
958                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
959                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
960                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
961                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
962                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
963                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
964                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
965                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
966                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
967                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
968                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
969                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
970                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
971                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
972                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
973                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
974                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
975                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
976                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
977                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
978                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
979                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
980                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
981                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html
982
983         * page/csp/ContentSecurityPolicy.cpp:
984         (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
985         is allowed by all of the policies with the specified disposition.
986         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
987         all of the enforced policies.
988         (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
989         Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
990         so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
991         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
992         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
993         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
994         all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
995         nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
996         address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
997         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
998         (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
999         matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
1000         report-only policies so that we only allow the resource for the former. As a side effect of this change
1001         we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
1002         for more details.
1003         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
1004         (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
1005         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
1006         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
1007         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
1008         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
1009         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
1010         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
1011         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
1012         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
1013         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
1014         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
1015         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
1016         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
1017         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
1018         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
1019         * page/csp/ContentSecurityPolicy.h:
1020         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.
1021
1022 2016-07-19  Chris Dumez  <cdumez@apple.com>
1023
1024         Fix null handling of HTMLScriptElement.text attribute
1025         https://bugs.webkit.org/show_bug.cgi?id=159943
1026
1027         Reviewed by Benjamin Poulain.
1028
1029         Fix null handling of HTMLScriptElement.text attribute:
1030         - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
1031
1032         We should treat null as the "null" String but we were treating it as
1033         the empty string.
1034
1035         Firefox and Chrome match the specification.
1036
1037         No new tests, rebaselined existing test.
1038
1039         * html/HTMLScriptElement.idl:
1040
1041 2016-07-19  Chris Dumez  <cdumez@apple.com>
1042
1043         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
1044         https://bugs.webkit.org/show_bug.cgi?id=159934
1045
1046         Reviewed by Benjamin Poulain.
1047
1048         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
1049         non-standard and we want to drop support for it from the bindings generator.
1050
1051         Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
1052         given that both a missing/empty attribute result in using the default
1053         autocapitalization mode and that autocapitalize returns the empty string by
1054         default.
1055
1056         Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html
1057
1058         * html/HTMLFormElement.idl:
1059         * html/HTMLInputElement.idl:
1060         * html/HTMLTextAreaElement.idl:
1061
1062 2016-07-19  Zalan Bujtas  <zalan@apple.com>
1063
1064         REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
1065         https://bugs.webkit.org/show_bug.cgi?id=159952
1066
1067         Reviewed by Simon Fraser.
1068
1069         Update ASSERTs to reflect new functionality, that is, now we can end up in a state
1070         where the container (RenderView) of one of the dirty subtrees is dirty.
1071         See r203415.
1072  
1073         Covered by editing/pasteboard/drag-drop-input-in-svg.svg
1074
1075         * page/FrameView.cpp:
1076         (WebCore::FrameView::scheduleRelayoutOfSubtree):
1077
1078 2016-07-19  Dean Jackson  <dino@apple.com>
1079
1080         REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
1081         https://bugs.webkit.org/show_bug.cgi?id=159948
1082         <rdar://problem/27391012>
1083
1084         Reviewed by Simon Fraser.
1085
1086         There is an iOS bug (<rdar://problem/27416744>) that is causing us
1087         to not always get a color space on CGContextRefs. Investigation of this
1088         exposed some optimizations we can take when we are creating ImageBuffers.
1089         In particular, if we have a bitmap context or an IOSurfaceContext we
1090         can simply copy their color space using API. Otherwise we stick with
1091         the existing CGContextCopyDeviceColorSpace.
1092
1093         Lastly, if for some reason we are unable to copy the device color space,
1094         we should fall back to sRGB.
1095
1096         * platform/graphics/cg/ImageBufferCG.cpp:
1097         (WebCore::ImageBuffer::createCompatibleBuffer):
1098         * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.
1099
1100
1101 2016-07-19  George Ruan  <gruan@apple.com>
1102
1103         HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
1104         https://bugs.webkit.org/show_bug.cgi?id=159833
1105         <rdar://problem/27379487>
1106
1107         Reviewed by Eric Carlson.
1108
1109         Test: fast/mediastream/MediaStream-video-element-displays-buffer.html
1110
1111         * WebCore.xcodeproj/project.pbxproj:
1112         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
1113         of RefPtr<T>
1114         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
1115         MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
1116         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
1117         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
1118         observers and AVSampleBufferDisplayLayer
1119         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
1120         is available.
1121         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
1122         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
1123         for enqueuing sample buffers to the active video track.
1124         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
1125         exists.
1126         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
1127         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
1128         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
1129         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
1130         new SampleBuffer is available.
1131         (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
1132         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
1133         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
1134         MediaPlayerPrivateMediaSourceAVFObjC.mm
1135         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
1136         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
1137         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
1138         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
1139         * platform/mediastream/MediaStreamPrivate.cpp:
1140         (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
1141         * platform/mediastream/MediaStreamTrackPrivate.cpp:
1142         (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
1143         is available.
1144         * platform/mediastream/MediaStreamTrackPrivate.h:
1145         (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
1146         a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
1147         * platform/mediastream/RealtimeMediaSource.cpp:
1148         (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
1149         * platform/mediastream/RealtimeMediaSource.h:
1150         * platform/mediastream/mac/AVVideoCaptureSource.mm:
1151         (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.
1152
1153 2016-07-19  Anders Carlsson  <andersca@apple.com>
1154
1155         Get rid of a #define private public hack in WebCore
1156         https://bugs.webkit.org/show_bug.cgi?id=159953
1157
1158         Reviewed by Dan Bernstein.
1159
1160         Use @package instead.
1161
1162         * bindings/objc/DOMInternal.h:
1163         * bindings/objc/DOMObject.h:
1164
1165 2016-07-19  Andreas Kling  <akling@apple.com>
1166
1167         Fix SharedBuffer leak in MockContentFilter::replacementData().
1168         <https://webkit.org/b/159945>
1169
1170         Reviewed by Andy Estes.
1171
1172         Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
1173         Since this is in the mock filter, it only affected layout tests.
1174
1175         * testing/MockContentFilter.cpp:
1176         (WebCore::MockContentFilter::replacementData):
1177
1178 2016-07-19  Zalan Bujtas  <zalan@apple.com>
1179
1180         theguardian.co.uk crossword puzzles are sometimes not displaying text
1181         https://bugs.webkit.org/show_bug.cgi?id=159924
1182         <rdar://problem/27409483>
1183
1184         Reviewed by Simon Fraser.
1185
1186         This patch fixes the case when
1187         - 2 disjoint subtrees are dirty
1188         - RenderView is also dirty.
1189         and we end up not laying out one of the 2 subtrees.
1190
1191         In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
1192         we already have a pending full layout which means that any previous subtree layouts have already been
1193         converted to full layouts.
1194         However this assumption is incorrect. RenderView can get dirty without checking if there's
1195         already a pending subtree layout.
1196         One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
1197         so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
1198         However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
1199         The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
1200         This patch implements the second option.
1201
1202         Test: fast/misc/subtree-layouts.html
1203
1204         * page/FrameView.cpp:
1205         (WebCore::FrameView::scheduleRelayoutOfSubtree):
1206
1207 2016-07-19  Anders Carlsson  <andersca@apple.com>
1208
1209         Some payment authorization status values should keep the sheet active
1210         https://bugs.webkit.org/show_bug.cgi?id=159936
1211         rdar://problem/26756701
1212
1213         Reviewed by Tim Horton.
1214
1215         * Modules/applepay/ApplePaySession.cpp:
1216         (WebCore::ApplePaySession::completePayment):
1217         Keep the sheet active if the status isn't a final state status.
1218
1219         * Modules/applepay/PaymentAuthorizationStatus.h:
1220         (WebCore::isFinalStateStatus):
1221         Add a new helper function that returns whether a given payment authorization status is "final",
1222         meaning that once that status has been passed to completePayment, the session is finished.
1223
1224 2016-07-19  Nan Wang  <n_wang@apple.com>
1225
1226         AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
1227         https://bugs.webkit.org/show_bug.cgi?id=159910
1228
1229         Reviewed by Chris Fleizach.
1230
1231         We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
1232         option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
1233         fixed a word navigation issue based on that.
1234
1235         Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html
1236
1237         * accessibility/AXObjectCache.cpp:
1238         (WebCore::AXObjectCache::traverseToOffsetInRange):
1239         (WebCore::AXObjectCache::rangeForNodeContents):
1240         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
1241         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
1242         (WebCore::AXObjectCache::rightWordRange):
1243         (WebCore::AXObjectCache::previousBoundary):
1244         * accessibility/AXObjectCache.h:
1245         (WebCore::AXObjectCache::isNodeInUse):
1246
1247 2016-07-19  Youenn Fablet  <youenn@apple.com>
1248
1249         [Streams API] ReadableStreamController methods should throw if its stream is not readable
1250         https://bugs.webkit.org/show_bug.cgi?id=159871
1251
1252         Reviewed by Xabier Rodriguez-Calvar.
1253
1254         Spec now mandates close and enqueue to throw if ReadableStream is not readable.
1255         Covered by rebased and/or modified tests.
1256
1257         * Modules/streams/ReadableStreamController.js:
1258         (enqueue): Throwing a TypeError if controlled stream is not readable.
1259         (close): Ditto.
1260
1261 2016-07-19  Simon Fraser  <simon.fraser@apple.com>
1262
1263         Bubbles appear split for a brief moment in Messages
1264         https://bugs.webkit.org/show_bug.cgi?id=159915
1265         rdar://problem/27182267
1266
1267         Reviewed by David Hyatt.
1268
1269         RenderView::repaintRootContents() had a long-standing bug in WebView when the
1270         view is scrolled. repaint() uses visualOverflowRect() but, for the 
1271         RenderView, the visualOverflowRect() is the initial containing block
1272         which is anchored at 0,0. When the view is scrolled it's clipped out and
1273         calls to repaintRootContents() have no effect.
1274         
1275         Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
1276         will clip it to the view if necessary.
1277
1278         Test: fast/repaint/scrolled-view-full-repaint.html
1279
1280         * rendering/RenderView.cpp:
1281         (WebCore::RenderView::repaintRootContents):
1282
1283 2016-07-19  Dan Bernstein  <mitz@apple.com>
1284
1285         <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'
1286
1287         * bindings/js/JSDOMGlobalObject.cpp:
1288         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.
1289
1290 2016-07-19  Youenn Fablet  <youenn@apple.com>
1291
1292         [Streams API] Make ReadableStream properties not enumerable
1293         https://bugs.webkit.org/show_bug.cgi?id=159868
1294
1295         Reviewed by Darin Adler.
1296
1297         Covered by rebased tests.
1298
1299         Uopdating IDL definitions to mark all functions/attributes as not enumerable.
1300         Updating IDL constructor definitions to correctly compute constructor length.
1301         Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).
1302
1303         * Modules/streams/ReadableStream.idl:
1304         * Modules/streams/ReadableStream.js:
1305         * Modules/streams/ReadableStreamController.idl:
1306         * Modules/streams/ReadableStreamReader.idl:
1307
1308 2016-07-19  Chris Dumez  <cdumez@apple.com>
1309
1310         form.enctype / encoding / method should treat null as "null" string
1311         https://bugs.webkit.org/show_bug.cgi?id=159916
1312
1313         Reviewed by Ryosuke Niwa.
1314
1315         form.enctype / encoding / method should treat null as "null" string:
1316         - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
1317
1318         Previously, WebKit would treat null as the null String, which would
1319         end up removing the existing attribute.
1320
1321         Firefox and Chrome match the specification.
1322
1323         Test: fast/dom/HTMLFormElement/null-handling.html
1324
1325         * html/HTMLFormElement.h:
1326         * html/HTMLFormElement.idl:
1327
1328 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
1329
1330         All-in-one buildfix after r202439
1331         https://bugs.webkit.org/show_bug.cgi?id=159877
1332
1333         Reviewed by Chris Dumez.
1334
1335         * Modules/webaudio/AudioDestinationNode.h:
1336         (WebCore::AudioDestinationNode::resume):
1337         (WebCore::AudioDestinationNode::suspend):
1338         (WebCore::AudioDestinationNode::close):
1339
1340 2016-07-18  Frederic Wang  <fwang@igalia.com>
1341
1342         Move parsing of subscriptshift and superscriptshift from rendering to element classes
1343         https://bugs.webkit.org/show_bug.cgi?id=159622
1344
1345         Reviewed by Darin Adler.
1346
1347         We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
1348         mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
1349         subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
1350         attribute parsing to the DOM (bug 156536).
1351
1352         No new tests, rendering is unchanged.
1353
1354         * CMakeLists.txt: Add MathMLScriptsElement files.
1355         * WebCore.xcodeproj/project.pbxproj: Ditto.
1356         * mathml/MathMLAllInOne.cpp: Ditto.
1357         * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
1358         (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
1359         * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
1360         parsing for the subscriptshift and superscriptshift MathML lengths.
1361         (WebCore::MathMLScriptsElement::MathMLScriptsElement):
1362         (WebCore::MathMLScriptsElement::create):
1363         (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
1364         parsing the attribute again if necessary.
1365         (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
1366         (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
1367         (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
1368         * mathml/MathMLScriptsElement.h: Ditto.
1369         * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
1370         * rendering/mathml/RenderMathMLScripts.cpp:
1371         (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
1372         MathMLScriptsElement.
1373         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
1374         using the functions from the MathMLScriptsElement class.
1375         * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
1376
1377 2016-07-18  Frederic Wang  <fwang@igalia.com>
1378
1379         Do not store gap and shift parameters on RenderMathMLFraction
1380         https://bugs.webkit.org/show_bug.cgi?id=159876
1381
1382         Reviewed by Darin Adler.
1383
1384         After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
1385         do not need to store them on the class. We remove them and split updateLayoutParameters into
1386         three functions: one to update the linethickness and two others to retrieve the fraction and
1387         stack respectively.
1388
1389         No new tests, rendering is unchanged.
1390
1391         * rendering/mathml/RenderMathMLFraction.cpp:
1392         (WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
1393         (WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
1394         (WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
1395         (WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
1396         for fraction and stack parameters.
1397         (WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
1398         * rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
1399         for stack and fraction parameters.
1400
1401 2016-07-18  Chris Dumez  <cdumez@apple.com>
1402
1403         input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
1404         https://bugs.webkit.org/show_bug.cgi?id=159908
1405
1406         Reviewed by Alex Christensen.
1407
1408         input.formEnctype / formMethod and button.formEnctype / formMethod / type
1409         should treat null as "null" String:
1410         - https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
1411         - https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement
1412
1413         In WebKit, we would treat null as a null String which would end up
1414         removing the corresponding attribute. This does not match the
1415         specification. Firefox and Chrome match the specification here.
1416
1417         Tests:
1418         - fast/dom/HTMLButtonElement/null-handling.html
1419         - fast/dom/HTMLInputElement/null-handling.html
1420
1421         * html/HTMLButtonElement.idl:
1422         * html/HTMLInputElement.idl:
1423
1424 2016-07-18  Alex Christensen  <achristensen@webkit.org>
1425
1426         webbookmarksd needs to use the same AppCache directory as MobileSafari
1427         https://bugs.webkit.org/show_bug.cgi?id=159912
1428
1429         Reviewed by Alexey Proskuryakov.
1430
1431         No new tests.  This only changes behavior for webbookmarksd.
1432
1433         * platform/RuntimeApplicationChecks.h:
1434         * platform/RuntimeApplicationChecks.mm:
1435         (WebCore::IOSApplication::isWebBookmarksD): Added.
1436
1437 2016-07-18  Chris Dumez  <cdumez@apple.com>
1438
1439         EventTarget.dispatchEvent() parameter should not be nullable
1440         https://bugs.webkit.org/show_bug.cgi?id=159897
1441
1442         Reviewed by Benjamin Poulain.
1443
1444         EventTarget.dispatchEvent() parameter should not be nullable:
1445         - https://dom.spec.whatwg.org/#interface-eventtarget
1446
1447         Even though the parameter was marked as nullable in our IDL, our
1448         implementation does a null check and we already throw a TypeError
1449         when calling dispatchEvent(null).
1450
1451         Update our IDL so that it matches the specification and so that
1452         the null check is generated in the bindings instead.
1453
1454         No new tests, rebaseline existing tests.
1455
1456         * dom/EventTarget.cpp:
1457         (WebCore::EventTarget::dispatchEventForBindings):
1458         * dom/EventTarget.h:
1459         * dom/EventTarget.idl:
1460
1461 2016-07-18  Chris Dumez  <cdumez@apple.com>
1462
1463         DocType's publicId / systemId should not be nullable
1464         https://bugs.webkit.org/show_bug.cgi?id=159901
1465
1466         Reviewed by Benjamin Poulain.
1467
1468         DocType's publicId / systemId should not be nullable. While they were
1469         not marked as nullable in our IDL, they could be stored as null Strings
1470         in our implementation depending on how the Node was constructed. This
1471         led to subtle bugs where String() != emptyString().
1472
1473         In particular, Node.isEqualNode() would return false when DocumentType
1474         nodes would mismatch because of their publicId / systemId being null
1475         instead of the emptyString.
1476
1477         Serialization would DocumentType nodes would also be wrong when
1478         publicId / systemId were empty Strings instead of null strings. The
1479         new behavior now matches:
1480         - https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)
1481
1482         To address these issues, we now always store publicId / systemId as
1483         non-null Strings inside the DocumentType class.
1484
1485         Test: fast/dom/DocumentType/isEqualNode.html
1486
1487         * dom/DocumentType.cpp:
1488         (WebCore::DocumentType::DocumentType):
1489         * editing/MarkupAccumulator.cpp:
1490         (WebCore::MarkupAccumulator::appendDocumentType):
1491
1492 2016-07-18  Jeremy Jones  <jeremyj@apple.com>
1493
1494         If previous media session interruptions were prevented, still allow subsequent interruptions to try.
1495         https://bugs.webkit.org/show_bug.cgi?id=157553
1496         rdar://problem/25740804
1497
1498         Reviewed by Eric Carlson.
1499
1500         Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html
1501
1502         When suspending under lock on iOS, there is first a resign active event, then a
1503         suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
1504         suspend under lock to interrupt playback.
1505
1506         Currently if there are nested interruptions only the first one is acted upon.
1507
1508         This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
1509         previous interruptions were ignored.
1510
1511         This test is for iPad only, so it must be run manually.
1512
1513         * html/HTMLMediaElement.cpp:
1514         (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
1515         * platform/audio/PlatformMediaSession.cpp:
1516         (WebCore::PlatformMediaSession::beginInterruption):
1517         * testing/Internals.cpp:
1518         (WebCore::Internals::beginMediaSessionInterruption):
1519
1520 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1521
1522         Don't associate form-associated elements with forms in other trees.
1523         https://bugs.webkit.org/show_bug.cgi?id=119451
1524         <rdar://problem/27382946>
1525
1526         Change is based on the Blink change (patch by <adamk@chromium.org>):
1527         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
1528
1529         Reviewed by Chris Dumez.
1530
1531         Prevent elements from being associated with forms that are not part of the same home subtree.
1532         This brings us in line with the WhatWG HTML specification as of September, 2013.
1533
1534         Tests: fast/forms/image-disconnected-during-parse.html
1535                fast/forms/input-disconnected-during-parse.html
1536
1537         * dom/Element.h:
1538         (WebCore::Node::rootElement): Added.
1539         * html/FormAssociatedElement.cpp:
1540         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
1541         is not part of the same tree, remove the association.
1542         * html/HTMLImageElement.cpp:
1543         (WebCore::HTMLImageElement::insertedInto): Ditto.
1544
1545 2016-07-18  Anders Carlsson  <andersca@apple.com>
1546
1547         WebKit nightly fails to build on macOS Sierra
1548         https://bugs.webkit.org/show_bug.cgi?id=159902
1549         rdar://problem/27365672
1550
1551         Reviewed by Tim Horton.
1552
1553         * Modules/applepay/cocoa/PaymentCocoa.mm:
1554         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
1555         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
1556         * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
1557         Use new PassKitSPI header.
1558
1559         * WebCore.xcodeproj/project.pbxproj:
1560         Add new PassKitSPI header.
1561
1562         * icu/unicode/ucurr.h: Added.
1563         Add ucurr.h from ICU.
1564
1565         * platform/spi/cocoa/PassKitSPI.h: Added.
1566         Add new PassKitSPI header.
1567
1568 2016-07-18  Dean Jackson  <dino@apple.com>
1569
1570         REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
1571         https://bugs.webkit.org/show_bug.cgi?id=159906
1572         <rdar://problem/27391725>
1573
1574         Reviewed by Simon Fraser.
1575
1576         The fix for webkit.org/b/157569 in r200769 broke AMP pages.
1577         The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.
1578
1579         Revert them both until we have better testing.
1580
1581         * css/CSSParser.cpp:
1582         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
1583         (WebCore::CSSParser::parseValue):
1584         (WebCore::CSSParser::parseAnimationShorthand):
1585         (WebCore::CSSParser::parseTransitionShorthand): Deleted.
1586         * css/CSSPropertyNames.in:
1587         * css/PropertySetCSSStyleDeclaration.cpp:
1588         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
1589         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
1590         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
1591         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
1592         * css/StyleProperties.cpp:
1593         (WebCore::MutableStyleProperties::removeShorthandProperty):
1594         (WebCore::MutableStyleProperties::removeProperty):
1595         (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
1596         (WebCore::MutableStyleProperties::setProperty):
1597         (WebCore::getIndexInShorthandVectorForPrefixingVariant):
1598         (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
1599         (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
1600         (WebCore::StyleProperties::asText): Deleted.
1601         * css/StyleProperties.h:
1602
1603 2016-07-18  Andreas Kling  <akling@apple.com>
1604
1605         There should be a way to simulate memory pressure in layout tests
1606         <https://webkit.org/b/159743>
1607
1608         Reviewed by Simon Fraser.
1609
1610         Add three window.internal APIs:
1611
1612             - boolean isUnderMemoryPressure (readonly attribute)
1613             - void beginSimulatedMemoryPressure()
1614             - void endSimulatedMemoryPressure()
1615
1616         These make it possible to write tests that exercise behaviors that only
1617         occur during memory pressure situations.
1618
1619         I also implemented the "org.WebKit.lowMemory" notification handler using the new API.
1620
1621         Test: memory/memory-pressure-simulation.html
1622
1623         * platform/MemoryPressureHandler.cpp:
1624         (WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
1625         (WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):
1626         * platform/MemoryPressureHandler.h:
1627         (WebCore::MemoryPressureHandler::isUnderMemoryPressure):
1628         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1629         (WebCore::MemoryPressureHandler::platformReleaseMemory):
1630         (WebCore::MemoryPressureHandler::install):
1631         * testing/Internals.cpp:
1632         (WebCore::Internals::isUnderMemoryPressure):
1633         (WebCore::Internals::beginSimulatedMemoryPressure):
1634         (WebCore::Internals::endSimulatedMemoryPressure):
1635         * testing/Internals.h:
1636         * testing/Internals.idl:
1637
1638 2016-07-18  Said Abou-Hallawa  <sabouhallawa@apple,com>
1639
1640         [iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
1641         https://bugs.webkit.org/show_bug.cgi?id=158715
1642
1643         Reviewed by Dean Jackson.
1644
1645         Test: fast/images/displaced-non-cached-pdf.html
1646
1647         For iOS, we need to ensure the size of the cached PDF images will not
1648         exceed some limit. Also we should be caching only a sub image of the PDF
1649         if caching the whole image will exceed the memory limit.
1650
1651         * page/Settings.cpp:
1652         (WebCore::Settings::Settings):
1653         (WebCore::Settings::setCachedPDFImageEnabled):
1654         * page/Settings.h:
1655         (WebCore::Settings::isCachedPDFImageEnabled):
1656             Add an option to disable caching the PDF images.
1657
1658         * platform/graphics/cg/PDFDocumentImage.cpp:
1659         (WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
1660             Allow the caller of draw() to disable caching the PDF images.
1661         
1662         (WebCore::PDFDocumentImage::cacheParametersMatch):
1663             Match the context dirty rectangle with the cached image rectangle.
1664         
1665         (WebCore::transformContextForPainting):
1666             When preparing the context for drawing the PDF, take the location 
1667             of the destination rectangle into account. We do not need to scale
1668             the location of the source rectangle because we scale the size of
1669             the rectangle but we don't scale the whole coordinate system.
1670
1671         (WebCore::cachedImageRect):
1672             Calculate the rectangle of the cached image such that it does not
1673             exceed the limit. Start from the center of the dirty rectangle and
1674             then expand around it.
1675             
1676         (WebCore::PDFDocumentImage::decodedSizeChanged):
1677             In addition to notifying the ImageObserver, it keeps track of the size
1678             of all the cached PDF images.
1679
1680         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
1681             Ensure the size of all the cached images does not exceed the limit
1682             
1683         (WebCore::PDFDocumentImage::destroyDecodedData):
1684         * platform/graphics/cg/PDFDocumentImage.h:
1685
1686         * rendering/RenderImage.cpp:
1687         (WebCore::RenderImage::paintIntoRect):
1688             Pass the option to disable caching the PDF images to PDFDocumentImage.
1689
1690         * testing/InternalSettings.cpp:
1691         (WebCore::InternalSettings::Backup::Backup):
1692         (WebCore::InternalSettings::Backup::restoreTo):
1693         (WebCore::InternalSettings::setCachedPDFImageEnabled):
1694         * testing/InternalSettings.h:
1695         * testing/InternalSettings.idl:
1696             Add an internal option to disable caching the PDF images.
1697
1698 2016-07-18  Chris Dumez  <cdumez@apple.com>
1699
1700         The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
1701         https://bugs.webkit.org/show_bug.cgi?id=158008
1702
1703         Reviewed by Darin Adler.
1704
1705         The 2 first parameters to addEventListener() / removeEventListener() should be
1706         mandatory:
1707         - https://dom.spec.whatwg.org/#interface-eventtarget
1708
1709         Firefox 46 and Chrome 50 both match the specification and throw an exception when those
1710         parameters are omitted. However, those parameters were marked as optional in WebKit and
1711         the calls were no-ops if those parameters were omitted. This patch aligns our behavior
1712         with the specification and other browsers.
1713
1714         Test: fast/dom/eventtarget-api-parameters.html
1715
1716         * bindings/scripts/CodeGeneratorJS.pm:
1717         (GetFunctionLength): Deleted.
1718         * dom/EventTarget.idl:
1719
1720 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1721
1722         Unreviewed, rolling out r203373.
1723
1724         Unaddressed
1725
1726         Reverted changeset:
1727
1728         "Don't associate form-associated elements with forms in other
1729         trees."
1730         https://bugs.webkit.org/show_bug.cgi?id=119451
1731         http://trac.webkit.org/changeset/203373
1732
1733 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1734
1735         Don't associate form-associated elements with forms in other trees.
1736         https://bugs.webkit.org/show_bug.cgi?id=119451
1737         <rdar://problem/27382946>
1738
1739         Change is based on the Blink change (patch by <adamk@chromium.org>):
1740         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
1741
1742         Reviewed by Zalan Bujtas.
1743
1744         Prevent elements from being associated with forms that are not part of the same home subtree.
1745         This brings us in line with the WhatWG HTML specification as of September, 2013.
1746
1747         Tests: fast/forms/image-disconnected-during-parse.html
1748                fast/forms/input-disconnected-during-parse.html
1749
1750         * dom/NodeTraversal.h:
1751         (WebCore::NodeTraversal::highestAncestorOrSelf): Added.
1752         * html/FormAssociatedElement.cpp:
1753         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
1754         is not part of the same tree, remove the association.
1755         * html/HTMLImageElement.cpp:
1756         (WebCore::HTMLImageElement::insertedInto): Ditto.
1757
1758 2016-07-18  George Ruan  <gruan@apple.com>
1759
1760         Move MediaSampleAVFObjC into its own file
1761         https://bugs.webkit.org/show_bug.cgi?id=159796
1762         <rdar://problem/27362488>
1763
1764         In preparation for a feature that uses MediaSampleAVFObjC, but does
1765         not need SourceBufferPrivateAVFObjC, it is beneficial to move
1766         MediaSampleAVFObjC to its own file.
1767
1768         Reviewed by Eric Carlson.
1769
1770         * WebCore.xcodeproj/project.pbxproj:
1771         * platform/MediaSample.h: Allow setting trackID to associate
1772         MediaSample id with MediaStreamTrackPrivate id.
1773         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Added.
1774         * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm: Moved
1775         from MediaSampleAVFObjC
1776         (WebCore::MediaSampleAVFObjC::presentationTime):
1777         (WebCore::MediaSampleAVFObjC::decodeTime):
1778         (WebCore::MediaSampleAVFObjC::duration):
1779         (WebCore::MediaSampleAVFObjC::sizeInBytes):
1780         (WebCore::MediaSampleAVFObjC::platformSample):
1781         (WebCore::CMSampleBufferIsRandomAccess):
1782         (WebCore::MediaSampleAVFObjC::flags):
1783         (WebCore::MediaSampleAVFObjC::presentationSize):
1784         (WebCore::MediaSampleAVFObjC::dump):
1785         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy):
1786         (WebCore::MediaSampleAVFObjC::setTimestamps):
1787         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1788         Moved MediaSampleAVFObjC to its own file.
1789         (WebCore::MediaSampleAVFObjC::platformSample): Deleted.
1790         (WebCore::CMSampleBufferIsRandomAccess): Deleted.
1791         (WebCore::MediaSampleAVFObjC::flags): Deleted.
1792         (WebCore::MediaSampleAVFObjC::presentationSize): Deleted.
1793         (WebCore::MediaSampleAVFObjC::dump): Deleted.
1794         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Deleted.
1795         (WebCore::MediaSampleAVFObjC::setTimestamps): Deleted.
1796         * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
1797
1798 2016-07-18  Eric Carlson  <eric.carlson@apple.com>
1799
1800         [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
1801         https://bugs.webkit.org/show_bug.cgi?id=159812
1802         <rdar://problem/27371624>
1803
1804         Reviewed by Jon Lee.
1805
1806         No new tests, it isn't possible to test this with our current testing infrastructure.
1807
1808         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
1809         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1810         (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
1811         been an HDCP error.
1812         (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.
1813
1814 2016-07-18  Yoav Weiss  <yoav@yoav.ws>
1815
1816         Add preload to features.json
1817         https://bugs.webkit.org/show_bug.cgi?id=159872
1818
1819         Reviewed by Darin Adler.
1820
1821         No new tests but no functional change.
1822
1823         * features.json:
1824
1825 2016-07-18  Youenn Fablet  <youenn@apple.com>
1826
1827         [Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
1828         https://bugs.webkit.org/show_bug.cgi?id=159870
1829
1830         Reviewed by Xabier Rodriguez-Calvar.
1831
1832         Covered by rebased test.
1833
1834         * Modules/streams/StreamInternals.js:
1835         (validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.
1836
1837 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
1838
1839         Windows buildfix after r203338
1840         https://bugs.webkit.org/show_bug.cgi?id=159875
1841
1842         Unreviewed buildfix.
1843
1844         * dom/UserGestureIndicator.h:
1845         (WebCore::UserGestureToken::addDestructionObserver):
1846
1847 2016-07-18  Carlos Garcia Campos  <cgarcia@igalia.com>
1848
1849         MemoryPressureHandler doesn't work if cgroups aren't present in Linux
1850         https://bugs.webkit.org/show_bug.cgi?id=155255
1851
1852         Reviewed by Sergio Villar Senin.
1853
1854         Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
1855         available.
1856
1857         * platform/MemoryPressureHandler.h:
1858         * platform/linux/MemoryPressureHandlerLinux.cpp:
1859
1860 2016-07-17  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1861
1862         Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
1863         https://bugs.webkit.org/show_bug.cgi?id=159701
1864
1865         Reviewed by Alex Christensen.
1866
1867         No new tests, no behavior changes.
1868
1869         * Modules/encryptedmedia/CDM.h:
1870         * Modules/encryptedmedia/MediaKeySession.h:
1871         * Modules/encryptedmedia/MediaKeys.h:
1872         * Modules/quota/DOMWindowQuota.cpp:
1873         * Modules/quota/StorageErrorCallback.cpp:
1874         (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
1875         * Modules/quota/StorageErrorCallback.h:
1876         * Modules/quota/StorageInfo.h:
1877         * Modules/quota/StorageQuota.h:
1878         * Modules/speech/DOMWindowSpeechSynthesis.cpp:
1879         * Modules/speech/SpeechSynthesis.cpp:
1880         (WebCore::SpeechSynthesis::getVoices):
1881         (WebCore::SpeechSynthesis::startSpeakingImmediately):
1882         (WebCore::SpeechSynthesis::speak):
1883         (WebCore::SpeechSynthesis::cancel):
1884         (WebCore::SpeechSynthesis::handleSpeakingCompleted):
1885         (WebCore::SpeechSynthesis::boundaryEventOccurred):
1886         (WebCore::SpeechSynthesis::didStartSpeaking):
1887         (WebCore::SpeechSynthesis::didPauseSpeaking):
1888         (WebCore::SpeechSynthesis::didResumeSpeaking):
1889         (WebCore::SpeechSynthesis::didFinishSpeaking):
1890         (WebCore::SpeechSynthesis::speakingErrorOccurred):
1891         * Modules/speech/SpeechSynthesis.h:
1892         * Modules/speech/SpeechSynthesisEvent.h:
1893         * Modules/speech/SpeechSynthesisUtterance.h:
1894         * Modules/speech/SpeechSynthesisVoice.cpp:
1895         (WebCore::SpeechSynthesisVoice::create):
1896         (WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):
1897         * Modules/speech/SpeechSynthesisVoice.h:
1898         * platform/PlatformSpeechSynthesizer.h:
1899         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
1900         (WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):
1901         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
1902         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
1903         (WebCore::PlatformSpeechSynthesizerMock::speak):
1904         (WebCore::PlatformSpeechSynthesizerMock::cancel):
1905         (WebCore::PlatformSpeechSynthesizerMock::pause):
1906         (WebCore::PlatformSpeechSynthesizerMock::resume):
1907
1908 2016-07-16  Sam Weinig  <sam@webkit.org>
1909
1910         [WebKit API] Add SPI to track multiple navigations caused by a single user gesture
1911         <rdar://problem/26554137>
1912         https://bugs.webkit.org/show_bug.cgi?id=159856
1913
1914         Reviewed by Dan Bernstein.
1915
1916         - Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
1917         - Makes UserGestureIndicator track UserGestureToken.
1918         - Refines UserGestureIndicator's interface to use Optional and a smaller enum set
1919           to represent the different initial states.
1920         - Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, 
1921           postMessage, and ScheduledNavigation) rather than just a boolean.
1922
1923         * accessibility/AccessibilityNodeObject.cpp:
1924         (WebCore::AccessibilityNodeObject::increment):
1925         (WebCore::AccessibilityNodeObject::decrement):
1926         * accessibility/AccessibilityObject.cpp:
1927         (WebCore::AccessibilityObject::press):
1928         * bindings/js/ScriptController.cpp:
1929         (WebCore::ScriptController::executeScriptInWorld):
1930         (WebCore::ScriptController::executeScript):
1931         Update for new UserGestureIndicator interface.
1932
1933         * dom/UserGestureIndicator.cpp:
1934         (WebCore::currentToken):
1935         (WebCore::UserGestureToken::~UserGestureToken):
1936         (WebCore::UserGestureIndicator::UserGestureIndicator):
1937         (WebCore::UserGestureIndicator::~UserGestureIndicator):
1938         (WebCore::UserGestureIndicator::currentUserGesture):
1939         (WebCore::UserGestureIndicator::processingUserGesture):
1940         (WebCore::UserGestureIndicator::processingUserGestureForMedia):
1941         (WebCore::isDefinite): Deleted.
1942         * dom/UserGestureIndicator.h:
1943         (WebCore::UserGestureToken::create):
1944         (WebCore::UserGestureToken::state):
1945         (WebCore::UserGestureToken::processingUserGesture):
1946         (WebCore::UserGestureToken::processingUserGestureForMedia):
1947         (WebCore::UserGestureToken::addDestructionObserver):
1948         (WebCore::UserGestureToken::UserGestureToken):
1949         Add UserGestureToken and track the current one explicitly.
1950
1951         * html/HTMLMediaElement.cpp:
1952         (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
1953         * inspector/InspectorFrontendClientLocal.cpp:
1954         (WebCore::InspectorFrontendClientLocal::openInNewTab):
1955         * inspector/InspectorFrontendHost.cpp:
1956         * inspector/InspectorPageAgent.cpp:
1957         (WebCore::InspectorPageAgent::navigate):
1958         Update for new UserGestureIndicator interface.
1959
1960         * loader/NavigationAction.cpp:
1961         (WebCore::NavigationAction::NavigationAction):
1962         * loader/NavigationAction.h:
1963         (WebCore::NavigationAction::userGestureToken):
1964         (WebCore::NavigationAction::processingUserGesture):
1965         * loader/NavigationScheduler.cpp:
1966         (WebCore::ScheduledNavigation::ScheduledNavigation):
1967         (WebCore::ScheduledNavigation::~ScheduledNavigation):
1968         (WebCore::ScheduledNavigation::lockBackForwardList):
1969         (WebCore::ScheduledNavigation::wasDuringLoad):
1970         (WebCore::ScheduledNavigation::isLocationChange):
1971         (WebCore::ScheduledNavigation::userGestureToForward):
1972         (WebCore::ScheduledNavigation::clearUserGesture):
1973         (WebCore::NavigationScheduler::mustLockBackForwardList):
1974         (WebCore::NavigationScheduler::scheduleFormSubmission):
1975         (WebCore::ScheduledNavigation::wasUserGesture): Deleted.
1976         * page/DOMTimer.cpp:
1977         (WebCore::shouldForwardUserGesture):
1978         (WebCore::userGestureTokenToForward):
1979         (WebCore::DOMTimer::DOMTimer):
1980         (WebCore::DOMTimer::fired):
1981         * page/DOMTimer.h:
1982         * page/DOMWindow.cpp:
1983         (WebCore::PostMessageTimer::PostMessageTimer):
1984         Store the active UserGestureToken rather than just a bit.
1985
1986         * page/EventHandler.cpp:
1987         (WebCore::EventHandler::handleMousePressEvent):
1988         (WebCore::EventHandler::handleMouseDoubleClickEvent):
1989         (WebCore::EventHandler::handleMouseReleaseEvent):
1990         (WebCore::EventHandler::keyEvent):
1991         (WebCore::EventHandler::handleTouchEvent):
1992         * rendering/HitTestResult.cpp:
1993         (WebCore::HitTestResult::toggleMediaFullscreenState):
1994         (WebCore::HitTestResult::enterFullscreenForVideo):
1995         (WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
1996         Update for new UserGestureIndicator interface.
1997
1998 2016-07-17  Ryosuke Niwa  <rniwa@webkit.org>
1999
2000         Rename fastHasAttribute to hasAttributeWithoutSynchronization
2001         https://bugs.webkit.org/show_bug.cgi?id=159864
2002
2003         Reviewed by Chris Dumez.
2004
2005         Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.
2006
2007         * accessibility/AccessibilityListBoxOption.cpp:
2008         (WebCore::AccessibilityListBoxOption::isEnabled):
2009         * accessibility/AccessibilityObject.cpp:
2010         (WebCore::AccessibilityObject::hasAttribute):
2011         (WebCore::AccessibilityObject::getAttribute):
2012         * accessibility/AccessibilityRenderObject.cpp:
2013         (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
2014         * bindings/scripts/CodeGenerator.pm:
2015         (GetterExpression):
2016         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2017         * bindings/scripts/test/JS/JSTestObj.cpp:
2018         (WebCore::jsTestObjReflectedBooleanAttr):
2019         (WebCore::jsTestObjReflectedCustomBooleanAttr):
2020         * bindings/scripts/test/ObjC/DOMTestObj.mm:
2021         (-[DOMTestObj reflectedBooleanAttr]):
2022         (-[DOMTestObj setReflectedBooleanAttr:]):
2023         (-[DOMTestObj reflectedCustomBooleanAttr]):
2024         (-[DOMTestObj setReflectedCustomBooleanAttr:]):
2025         * dom/Document.cpp:
2026         (WebCore::Document::hasManifest):
2027         (WebCore::Document::doctype):
2028         * dom/Element.h:
2029         (WebCore::Node::parentElement):
2030         (WebCore::Element::hasAttributeWithoutSynchronization):
2031         (WebCore::Element::fastHasAttribute): Deleted.
2032         * editing/ApplyStyleCommand.cpp:
2033         (WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):
2034         * editing/DeleteSelectionCommand.cpp:
2035         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
2036         * editing/markup.cpp:
2037         (WebCore::createMarkupInternal):
2038         * html/ColorInputType.cpp:
2039         (WebCore::ColorInputType::shouldShowSuggestions):
2040         * html/FileInputType.cpp:
2041         (WebCore::FileInputType::handleDOMActivateEvent):
2042         (WebCore::FileInputType::receiveDroppedFiles):
2043         * html/FormAssociatedElement.cpp:
2044         (WebCore::FormAssociatedElement::didMoveToNewDocument):
2045         (WebCore::FormAssociatedElement::insertedInto):
2046         (WebCore::FormAssociatedElement::removedFrom):
2047         (WebCore::FormAssociatedElement::formAttributeChanged):
2048         * html/FormController.cpp:
2049         (WebCore::ownerFormForState):
2050         * html/GenericCachedHTMLCollection.cpp:
2051         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
2052         * html/HTMLAnchorElement.cpp:
2053         (WebCore::HTMLAnchorElement::draggable):
2054         (WebCore::HTMLAnchorElement::href):
2055         (WebCore::HTMLAnchorElement::sendPings):
2056         * html/HTMLAppletElement.cpp:
2057         (WebCore::HTMLAppletElement::rendererIsNeeded):
2058         * html/HTMLElement.cpp:
2059         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
2060         (WebCore::elementAffectsDirectionality):
2061         (WebCore::setHasDirAutoFlagRecursively):
2062         * html/HTMLEmbedElement.cpp:
2063         (WebCore::HTMLEmbedElement::rendererIsNeeded):
2064         * html/HTMLFieldSetElement.cpp:
2065         (WebCore::updateFromControlElementsAncestorDisabledStateUnder):
2066         (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
2067         (WebCore::HTMLFieldSetElement::disabledStateChanged):
2068         (WebCore::HTMLFieldSetElement::childrenChanged):
2069         * html/HTMLFormControlElement.cpp:
2070         (WebCore::HTMLFormControlElement::formNoValidate):
2071         (WebCore::HTMLFormControlElement::formAction):
2072         (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
2073         (WebCore::shouldAutofocus):
2074         * html/HTMLFormElement.cpp:
2075         (WebCore::HTMLFormElement::formElementIndex):
2076         (WebCore::HTMLFormElement::noValidate):
2077         * html/HTMLFrameElement.cpp:
2078         (WebCore::HTMLFrameElement::noResize):
2079         (WebCore::HTMLFrameElement::didAttachRenderers):
2080         * html/HTMLFrameElementBase.cpp:
2081         (WebCore::HTMLFrameElementBase::parseAttribute):
2082         (WebCore::HTMLFrameElementBase::location):
2083         * html/HTMLHRElement.cpp:
2084         (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
2085         * html/HTMLImageElement.cpp:
2086         (WebCore::HTMLImageElement::isServerMap):
2087         * html/HTMLInputElement.cpp:
2088         (WebCore::HTMLInputElement::finishParsingChildren):
2089         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
2090         (WebCore::HTMLInputElement::isActivatedSubmit):
2091         (WebCore::HTMLInputElement::reset):
2092         (WebCore::HTMLInputElement::multiple):
2093         (WebCore::HTMLInputElement::setSize):
2094         (WebCore::HTMLInputElement::shouldUseMediaCapture):
2095         * html/HTMLMarqueeElement.cpp:
2096         (WebCore::HTMLMarqueeElement::minimumDelay):
2097         * html/HTMLMediaElement.cpp:
2098         (WebCore::HTMLMediaElement::insertedInto):
2099         (WebCore::HTMLMediaElement::selectMediaResource):
2100         (WebCore::HTMLMediaElement::loadResource):
2101         (WebCore::HTMLMediaElement::autoplay):
2102         (WebCore::HTMLMediaElement::preload):
2103         (WebCore::HTMLMediaElement::loop):
2104         (WebCore::HTMLMediaElement::setLoop):
2105         (WebCore::HTMLMediaElement::controls):
2106         (WebCore::HTMLMediaElement::setControls):
2107         (WebCore::HTMLMediaElement::muted):
2108         (WebCore::HTMLMediaElement::setMuted):
2109         (WebCore::HTMLMediaElement::selectNextSourceChild):
2110         (WebCore::HTMLMediaElement::sourceWasAdded):
2111         (WebCore::HTMLMediaElement::mediaSessionTitle):
2112         * html/HTMLObjectElement.cpp:
2113         (WebCore::HTMLObjectElement::parseAttribute):
2114         * html/HTMLOptGroupElement.cpp:
2115         (WebCore::HTMLOptGroupElement::isDisabledFormControl):
2116         (WebCore::HTMLOptGroupElement::isFocusable):
2117         * html/HTMLOptionElement.cpp:
2118         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
2119         (WebCore::HTMLOptionElement::text):
2120         * html/HTMLProgressElement.cpp:
2121         (WebCore::HTMLProgressElement::isDeterminate):
2122         (WebCore::HTMLProgressElement::didElementStateChange):
2123         * html/HTMLScriptElement.cpp:
2124         (WebCore::HTMLScriptElement::async):
2125         (WebCore::HTMLScriptElement::setCrossOrigin):
2126         (WebCore::HTMLScriptElement::asyncAttributeValue):
2127         (WebCore::HTMLScriptElement::deferAttributeValue):
2128         (WebCore::HTMLScriptElement::hasSourceAttribute):
2129         (WebCore::HTMLScriptElement::dispatchLoadEvent):
2130         * html/HTMLSelectElement.cpp:
2131         (WebCore::HTMLSelectElement::reset):
2132         * html/HTMLTrackElement.cpp:
2133         (WebCore::HTMLTrackElement::isDefault):
2134         (WebCore::HTMLTrackElement::ensureTrack):
2135         (WebCore::HTMLTrackElement::loadTimerFired):
2136         * html/MediaElementSession.cpp:
2137         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
2138         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
2139         (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading):
2140         * html/SearchInputType.cpp:
2141         (WebCore::SearchInputType::searchEventsShouldBeDispatched):
2142         (WebCore::SearchInputType::didSetValueByUserEdit):
2143         * inspector/InspectorDOMAgent.cpp:
2144         (WebCore::InspectorDOMAgent::buildObjectForNode):
2145         * loader/FrameLoader.cpp:
2146         (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
2147         (WebCore::FrameLoader::findFrameForNavigation):
2148         * loader/ImageLoader.cpp:
2149         (WebCore::ImageLoader::notifyFinished):
2150         * mathml/MathMLSelectElement.cpp:
2151         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2152         * rendering/RenderTableCell.cpp:
2153         (WebCore::RenderTableCell::computePreferredLogicalWidths):
2154         * rendering/RenderThemeIOS.mm:
2155         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
2156         * rendering/SimpleLineLayout.cpp:
2157         (WebCore::SimpleLineLayout::canUseForWithReason):
2158         * rendering/svg/RenderSVGResourceClipper.cpp:
2159         (WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):
2160         * svg/SVGAnimateMotionElement.cpp:
2161         (WebCore::SVGAnimateMotionElement::updateAnimationPath):
2162         * svg/SVGAnimationElement.cpp:
2163         (WebCore::SVGAnimationElement::startedActiveInterval):
2164         (WebCore::SVGAnimationElement::updateAnimation):
2165         * svg/animation/SVGSMILElement.cpp:
2166         (WebCore::SVGSMILElement::insertedInto):
2167
2168 2016-07-17  Brady Eidson  <beidson@apple.com>
2169
2170         Exceptions logged to the JS console should use toString().
2171         https://bugs.webkit.org/show_bug.cgi?id=159855
2172
2173         Reviewed by Darin Adler.
2174
2175         No new tests (No change in behavior).
2176
2177         * bindings/js/JSDOMBinding.cpp:
2178         (WebCore::reportException):
2179
2180         * dom/DOMCoreException.h:
2181         (WebCore::DOMCoreException::DOMCoreException):
2182
2183         * dom/ExceptionBase.cpp:
2184         (WebCore::ExceptionBase::ExceptionBase):
2185         (WebCore::ExceptionBase::toString):
2186         (WebCore::ExceptionBase::consoleErrorMessage): Deleted.
2187         * dom/ExceptionBase.h:
2188         (WebCore::ExceptionBase::description): Deleted.
2189
2190         * svg/SVGException.h:
2191
2192         * xml/XPathException.h:
2193         (WebCore::XPathException::XPathException):
2194
2195 2016-07-17  Brady Eidson  <beidson@apple.com>
2196
2197         Update DOMCoreException to use the description in toString().
2198         https://bugs.webkit.org/show_bug.cgi?id=159857
2199
2200         Reviewed by Darin Adler.
2201
2202         No new tests (Covered by changes to existing tests).
2203
2204         * bindings/js/JSDOMBinding.cpp:
2205         (WebCore::createDOMException):
2206
2207         * dom/DOMCoreException.h:
2208         (WebCore::DOMCoreException::DOMCoreException):
2209         (WebCore::DOMCoreException::createWithDescriptionAsMessage): Deleted.
2210
2211 2016-07-17  Myles C. Maxfield  <mmaxfield@apple.com>
2212
2213         Support new emoji group candidates
2214         https://bugs.webkit.org/show_bug.cgi?id=159755
2215         <rdar://problem/27325521>
2216
2217         Reviewed by Dean Jackson.
2218
2219         There are a few code points which should be able to be joined (with ZWJ) to
2220         either U+2640 or U+2642 to change the gender of the emoji. These patterns
2221         should also work with an additional 0xFE0F variation selector. This patch
2222         adds these new patterns to our existing emoji group candidate infrastructure.
2223
2224         Tests: fast/text/emoji-gender-2-3.html
2225                fast/text/emoji-gender-2-4.html
2226                fast/text/emoji-gender-2-5.html
2227                fast/text/emoji-gender-2-6.html
2228                fast/text/emoji-gender-2-7.html
2229                fast/text/emoji-gender-2-8.html
2230                fast/text/emoji-gender-2-9.html
2231                fast/text/emoji-gender-2.html
2232                fast/text/emoji-gender-3.html
2233                fast/text/emoji-gender-4.html
2234                fast/text/emoji-gender-5.html
2235                fast/text/emoji-gender-6.html
2236                fast/text/emoji-gender-7.html
2237                fast/text/emoji-gender-8.html
2238                fast/text/emoji-gender-9.html
2239                fast/text/emoji-gender-fe0f-3.html
2240                fast/text/emoji-gender-fe0f-4.html
2241                fast/text/emoji-gender-fe0f-5.html
2242                fast/text/emoji-gender-fe0f-6.html
2243                fast/text/emoji-gender-fe0f-7.html
2244                fast/text/emoji-gender-fe0f-8.html
2245                fast/text/emoji-gender-fe0f-9.html
2246                fast/text/emoji-gender.html
2247                fast/text/emoji-num-glyphs.html
2248                fast/text/emoji-single-parent-family-2.html
2249                fast/text/emoji-single-parent-family.html
2250
2251         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
2252         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
2253         * platform/graphics/FontCascade.cpp:
2254         (WebCore::FontCascade::characterRangeCodePath):
2255         * platform/text/CharacterProperties.h:
2256         (WebCore::isEmojiGroupCandidate):
2257
2258 2016-07-16  Brady Eidson  <beidson@apple.com>
2259
2260         Update SVGException to use the description in toString().
2261         https://bugs.webkit.org/show_bug.cgi?id=159847
2262
2263         Reviewed by Darin Adler.
2264
2265         No new tests (Covered by changes to existing tests).
2266
2267         * bindings/js/JSDOMBinding.cpp:
2268         (WebCore::reportException): use consoleErrorMessage for now.
2269
2270         * dom/ExceptionBase.cpp:
2271         (WebCore::ExceptionBase::consoleErrorMessage):
2272         * dom/ExceptionBase.h:
2273
2274         * svg/SVGException.h:
2275
2276 2016-07-16  Chris Dumez  <cdumez@apple.com>
2277
2278         Use fastHasAttribute() when possible
2279         https://bugs.webkit.org/show_bug.cgi?id=159838
2280
2281         Reviewed by Ryosuke Niwa.
2282
2283         Use fastHasAttribute() when possible, for performance.
2284
2285         * editing/DeleteSelectionCommand.cpp:
2286         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
2287         * editing/markup.cpp:
2288         (WebCore::createMarkupInternal):
2289         * html/HTMLAnchorElement.cpp:
2290         (WebCore::HTMLAnchorElement::draggable):
2291         * html/HTMLFrameElementBase.cpp:
2292         (WebCore::HTMLFrameElementBase::parseAttribute):
2293         * mathml/MathMLSelectElement.cpp:
2294         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2295         * rendering/RenderThemeIOS.mm:
2296         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
2297
2298 2016-07-16  Ryosuke Niwa  <rniwa@webkit.org>
2299
2300         Rename fastGetAttribute to attributeWithoutSynchronization
2301         https://bugs.webkit.org/show_bug.cgi?id=159852
2302
2303         Reviewed by Darin Adler.
2304
2305         Renamed fastGetAttribute to attributeWithoutSynchronization for clarity.
2306
2307         * accessibility/AXObjectCache.cpp:
2308         (WebCore::AXObjectCache::findAriaModalNodes):
2309         (WebCore::nodeHasRole):
2310         (WebCore::AXObjectCache::handleLiveRegionCreated):
2311         (WebCore::AXObjectCache::handleMenuItemSelected):
2312         (WebCore::AXObjectCache::handleAriaModalChange):
2313         (WebCore::isNodeAriaVisible):
2314         * accessibility/AccessibilityNodeObject.cpp:
2315         (WebCore::siblingWithAriaRole):
2316         (WebCore::AccessibilityNodeObject::titleElementText):
2317         (WebCore::AccessibilityNodeObject::alternativeTextForWebArea):
2318         (WebCore::AccessibilityNodeObject::hierarchicalLevel):
2319         (WebCore::AccessibilityNodeObject::stringValue):
2320         (WebCore::accessibleNameForNode):
2321         * accessibility/AccessibilityObject.cpp:
2322         (WebCore::AccessibilityObject::contentEditableAttributeIsEnabled):
2323         (WebCore::AccessibilityObject::getAttribute):
2324         * accessibility/AccessibilityRenderObject.cpp:
2325         (WebCore::AccessibilityRenderObject::stringValue):
2326         (WebCore::AccessibilityRenderObject::exposesTitleUIElement):
2327         * accessibility/AccessibilitySVGElement.cpp:
2328         (WebCore::AccessibilitySVGElement::childElementWithMatchingLanguage):
2329         (WebCore::AccessibilitySVGElement::accessibilityDescription):
2330         * bindings/objc/DOM.mm:
2331         (-[DOMHTMLLinkElement _mediaQueryMatches]):
2332         * bindings/scripts/CodeGenerator.pm:
2333         (GetterExpression):
2334         * bindings/scripts/CodeGeneratorObjC.pm:
2335         (GenerateImplementation):
2336         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2337         * bindings/scripts/test/JS/JSTestObj.cpp:
2338         (WebCore::jsTestObjReflectedStringAttr):
2339         * dom/AuthorStyleSheets.cpp:
2340         (WebCore::AuthorStyleSheets::collectActiveStyleSheets):
2341         * dom/Document.cpp:
2342         (WebCore::Document::buildAccessKeyMap):
2343         (WebCore::Document::processBaseElement):
2344         * dom/DocumentOrderedMap.cpp:
2345         (WebCore::DocumentOrderedMap::getElementByLabelForAttribute):
2346         * dom/Element.cpp:
2347         (WebCore::Element::imageSourceURL):
2348         (WebCore::Element::rendererIsNeeded):
2349         (WebCore::Element::insertedInto):
2350         (WebCore::Element::removedFrom):
2351         (WebCore::Element::pseudo):
2352         (WebCore::Element::setPseudo):
2353         (WebCore::Element::spellcheckAttributeState):
2354         (WebCore::Element::canContainRangeEndPoint):
2355         (WebCore::Element::completeURLsInAttributeValue):
2356         * dom/Element.h:
2357         (WebCore::Element::fastHasAttribute):
2358         (WebCore::Element::attributeWithoutSynchronization):
2359         (WebCore::Element::fastGetAttribute): Deleted.
2360         * dom/InlineStyleSheetOwner.cpp:
2361         (WebCore::InlineStyleSheetOwner::createSheet):
2362         * dom/ScriptElement.cpp:
2363         (WebCore::ScriptElement::requestScript):
2364         (WebCore::ScriptElement::executeScript):
2365         * dom/SlotAssignment.cpp:
2366         (WebCore::slotNameFromSlotAttribute):
2367         (WebCore::SlotAssignment::SlotAssignment):
2368         (WebCore::recursivelyFireSlotChangeEvent):
2369         (WebCore::SlotAssignment::didChangeSlot):
2370         (WebCore::SlotAssignment::hostChildElementDidChange):
2371         (WebCore::SlotAssignment::assignedNodesForSlot):
2372         (WebCore::SlotAssignment::resolveAllSlotElements):
2373         * dom/TreeScope.cpp:
2374         (WebCore::TreeScope::labelElementForId):
2375         * dom/VisitedLinkState.cpp:
2376         (WebCore::linkAttribute):
2377         * editing/ApplyStyleCommand.cpp:
2378         (WebCore::isLegacyAppleStyleSpan):
2379         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
2380         * editing/EditingStyle.cpp:
2381         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
2382         * editing/ReplaceSelectionCommand.cpp:
2383         (WebCore::isInterchangeNewlineNode):
2384         (WebCore::isInterchangeConvertedSpaceSpan):
2385         (WebCore::positionAvoidingPrecedingNodes):
2386         (WebCore::isMailPasteAsQuotationNode):
2387         (WebCore::isHeaderElement):
2388         (WebCore::isInlineNodeWithStyle):
2389         * editing/TextIterator.cpp:
2390         (WebCore::isRendererReplacedElement):
2391         * editing/cocoa/DataDetection.mm:
2392         (WebCore::DataDetection::isDataDetectorLink):
2393         (WebCore::DataDetection::requiresExtendedContext):
2394         (WebCore::DataDetection::dataDetectorIdentifier):
2395         (WebCore::DataDetection::shouldCancelDefaultAction):
2396         (WebCore::removeResultLinksFromAnchor):
2397         (WebCore::searchForLinkRemovingExistingDDLinks):
2398         * editing/gtk/EditorGtk.cpp:
2399         (WebCore::elementURL):
2400         * editing/htmlediting.cpp:
2401         (WebCore::isTabSpanNode):
2402         (WebCore::isTabSpanTextNode):
2403         (WebCore::isMailBlockquote):
2404         (WebCore::caretMinOffset):
2405         * editing/markup.cpp:
2406         (WebCore::createFragmentFromMarkup):
2407         * html/Autofill.cpp:
2408         (WebCore::AutofillData::createFromHTMLFormControlElement):
2409         * html/BaseTextInputType.cpp:
2410         (WebCore::BaseTextInputType::patternMismatch):
2411         * html/DateInputType.cpp:
2412         (WebCore::DateInputType::createStepRange):
2413         * html/DateTimeInputType.cpp:
2414         (WebCore::DateTimeInputType::createStepRange):
2415         * html/DateTimeLocalInputType.cpp:
2416         (WebCore::DateTimeLocalInputType::createStepRange):
2417         * html/FormAssociatedElement.cpp:
2418         (WebCore::FormAssociatedElement::findAssociatedForm):
2419         (WebCore::FormAssociatedElement::resetFormAttributeTargetObserver):
2420         (WebCore::FormAssociatedElement::formAttributeTargetChanged):
2421         * html/HTMLAnchorElement.cpp:
2422         (WebCore::HTMLAnchorElement::draggable):
2423         (WebCore::HTMLAnchorElement::href):
2424         (WebCore::HTMLAnchorElement::setHref):
2425         (WebCore::HTMLAnchorElement::target):
2426         (WebCore::HTMLAnchorElement::origin):
2427         (WebCore::HTMLAnchorElement::sendPings):
2428         (WebCore::HTMLAnchorElement::handleClick):
2429         * html/HTMLAnchorElement.h:
2430         (WebCore::HTMLAnchorElement::visitedLinkHash):
2431         * html/HTMLAppletElement.cpp:
2432         (WebCore::HTMLAppletElement::updateWidget):
2433         * html/HTMLAreaElement.cpp:
2434         (WebCore::HTMLAreaElement::target):
2435         * html/HTMLAttachmentElement.cpp:
2436         (WebCore::HTMLAttachmentElement::attachmentTitle):
2437         (WebCore::HTMLAttachmentElement::attachmentType):
2438         * html/HTMLBaseElement.cpp:
2439         (WebCore::HTMLBaseElement::target):
2440         (WebCore::HTMLBaseElement::href):
2441         * html/HTMLBodyElement.cpp:
2442         (WebCore::HTMLBodyElement::addSubresourceAttributeURLs):
2443         * html/HTMLButtonElement.cpp:
2444         (WebCore::HTMLButtonElement::value):
2445         (WebCore::HTMLButtonElement::computeWillValidate):
2446         * html/HTMLCanvasElement.cpp:
2447         (WebCore::HTMLCanvasElement::reset):
2448         * html/HTMLDocument.cpp:
2449         (WebCore::HTMLDocument::bgColor):
2450         (WebCore::HTMLDocument::setBgColor):
2451         (WebCore::HTMLDocument::fgColor):
2452         (WebCore::HTMLDocument::setFgColor):
2453         (WebCore::HTMLDocument::alinkColor):
2454         (WebCore::HTMLDocument::setAlinkColor):
2455         (WebCore::HTMLDocument::linkColor):
2456         (WebCore::HTMLDocument::setLinkColor):
2457         (WebCore::HTMLDocument::vlinkColor):
2458         (WebCore::HTMLDocument::setVlinkColor):
2459         * html/HTMLElement.cpp:
2460         (WebCore::contentEditableType):
2461         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
2462         (WebCore::HTMLElement::dir):
2463         (WebCore::HTMLElement::setDir):
2464         (WebCore::HTMLElement::draggable):
2465         (WebCore::HTMLElement::setDraggable):
2466         (WebCore::HTMLElement::title):
2467         (WebCore::HTMLElement::tabIndex):
2468         (WebCore::HTMLElement::translateAttributeMode):
2469         (WebCore::HTMLElement::hasDirectionAuto):
2470         (WebCore::HTMLElement::directionality):
2471         * html/HTMLEmbedElement.cpp:
2472         (WebCore::HTMLEmbedElement::imageSourceURL):
2473         (WebCore::HTMLEmbedElement::addSubresourceAttributeURLs):
2474         * html/HTMLFormControlElement.cpp:
2475         (WebCore::HTMLFormControlElement::formEnctype):
2476         (WebCore::HTMLFormControlElement::formMethod):
2477         (WebCore::HTMLFormControlElement::formAction):
2478         (WebCore::HTMLFormControlElement::autocorrect):
2479         (WebCore::HTMLFormControlElement::autocapitalizeType):
2480         * html/HTMLFormElement.cpp:
2481         (WebCore::HTMLFormElement::autocorrect):
2482         (WebCore::HTMLFormElement::autocapitalizeType):
2483         (WebCore::HTMLFormElement::autocapitalize):
2484         (WebCore::HTMLFormElement::action):
2485         (WebCore::HTMLFormElement::setAction):
2486         (WebCore::HTMLFormElement::target):
2487         (WebCore::HTMLFormElement::wasUserSubmitted):
2488         (WebCore::HTMLFormElement::shouldAutocomplete):
2489         (WebCore::HTMLFormElement::finishParsingChildren):
2490         (WebCore::HTMLFormElement::autocomplete):
2491         * html/HTMLFrameElementBase.cpp:
2492         (WebCore::HTMLFrameElementBase::location):
2493         (WebCore::HTMLFrameElementBase::setLocation):
2494         * html/HTMLHtmlElement.cpp:
2495         (WebCore::HTMLHtmlElement::insertedByParser):
2496         * html/HTMLImageElement.cpp:
2497         (WebCore::HTMLImageElement::imageSourceURL):
2498         (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
2499         (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
2500         (WebCore::HTMLImageElement::selectImageSource):
2501         (WebCore::HTMLImageElement::altText):
2502         (WebCore::HTMLImageElement::createElementRenderer):
2503         (WebCore::HTMLImageElement::width):
2504         (WebCore::HTMLImageElement::height):
2505         (WebCore::HTMLImageElement::alt):
2506         (WebCore::HTMLImageElement::draggable):
2507         (WebCore::HTMLImageElement::setHeight):
2508         (WebCore::HTMLImageElement::src):
2509         (WebCore::HTMLImageElement::setSrc):
2510         (WebCore::HTMLImageElement::addSubresourceAttributeURLs):
2511         (WebCore::HTMLImageElement::didMoveToNewDocument):
2512         (WebCore::HTMLImageElement::isServerMap):
2513         (WebCore::HTMLImageElement::crossOrigin):
2514         * html/HTMLInputElement.cpp:
2515         (WebCore::HTMLInputElement::updateType):
2516         (WebCore::HTMLInputElement::initializeInputType):
2517         (WebCore::HTMLInputElement::altText):
2518         (WebCore::HTMLInputElement::value):
2519         (WebCore::HTMLInputElement::defaultValue):
2520         (WebCore::HTMLInputElement::setDefaultValue):
2521         (WebCore::HTMLInputElement::acceptMIMETypes):
2522         (WebCore::HTMLInputElement::acceptFileExtensions):
2523         (WebCore::HTMLInputElement::accept):
2524         (WebCore::HTMLInputElement::alt):
2525         (WebCore::HTMLInputElement::effectiveMaxLength):
2526         (WebCore::HTMLInputElement::src):
2527         (WebCore::HTMLInputElement::setAutoFilled):
2528         (WebCore::HTMLInputElement::dataList):
2529         (WebCore::HTMLInputElement::resetListAttributeTargetObserver):
2530         * html/HTMLKeygenElement.cpp:
2531         (WebCore::HTMLKeygenElement::isKeytypeRSA):
2532         (WebCore::HTMLKeygenElement::appendFormData):
2533         * html/HTMLLIElement.cpp:
2534         (WebCore::HTMLLIElement::didAttachRenderers):
2535         (WebCore::HTMLLIElement::parseValue):
2536         * html/HTMLLabelElement.cpp:
2537         (WebCore::HTMLLabelElement::control):
2538         * html/HTMLLinkElement.cpp:
2539         (WebCore::HTMLLinkElement::crossOrigin):
2540         (WebCore::HTMLLinkElement::process):
2541         (WebCore::HTMLLinkElement::href):
2542         (WebCore::HTMLLinkElement::rel):
2543         (WebCore::HTMLLinkElement::target):
2544         (WebCore::HTMLLinkElement::type):
2545         (WebCore::HTMLLinkElement::iconType):
2546         * html/HTMLMarqueeElement.cpp:
2547         (WebCore::HTMLMarqueeElement::scrollAmount):
2548         (WebCore::HTMLMarqueeElement::setScrollAmount):
2549         (WebCore::HTMLMarqueeElement::scrollDelay):
2550         (WebCore::HTMLMarqueeElement::setScrollDelay):
2551         (WebCore::HTMLMarqueeElement::loop):
2552         * html/HTMLMediaElement.cpp:
2553         (WebCore::HTMLMediaElement::insertedInto):
2554         (WebCore::HTMLMediaElement::crossOrigin):
2555         (WebCore::HTMLMediaElement::networkState):
2556         (WebCore::HTMLMediaElement::mediaSessionTitle):
2557         (WebCore::HTMLMediaElement::doesHaveAttribute):
2558         * html/HTMLMetaElement.cpp:
2559         (WebCore::HTMLMetaElement::process):
2560         (WebCore::HTMLMetaElement::content):
2561         (WebCore::HTMLMetaElement::httpEquiv):
2562         (WebCore::HTMLMetaElement::name):
2563         * html/HTMLMeterElement.cpp:
2564         (WebCore::HTMLMeterElement::min):
2565         (WebCore::HTMLMeterElement::setMin):
2566         (WebCore::HTMLMeterElement::max):
2567         (WebCore::HTMLMeterElement::setMax):
2568         (WebCore::HTMLMeterElement::value):
2569         (WebCore::HTMLMeterElement::low):
2570         (WebCore::HTMLMeterElement::high):
2571         (WebCore::HTMLMeterElement::optimum):
2572         * html/HTMLObjectElement.cpp:
2573         (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk):
2574         (WebCore::HTMLObjectElement::hasValidClassId):
2575         (WebCore::HTMLObjectElement::imageSourceURL):
2576         (WebCore::HTMLObjectElement::renderFallbackContent):
2577         (WebCore::HTMLObjectElement::containsJavaApplet):
2578         (WebCore::HTMLObjectElement::addSubresourceAttributeURLs):
2579         * html/HTMLOptGroupElement.cpp:
2580         (WebCore::HTMLOptGroupElement::groupLabelText):
2581         * html/HTMLOptionElement.cpp:
2582         (WebCore::HTMLOptionElement::value):
2583         (WebCore::HTMLOptionElement::label):
2584         * html/HTMLParamElement.cpp:
2585         (WebCore::HTMLParamElement::value):
2586         (WebCore::HTMLParamElement::isURLParameter):
2587         * html/HTMLProgressElement.cpp:
2588         (WebCore::HTMLProgressElement::value):
2589         (WebCore::HTMLProgressElement::max):
2590         * html/HTMLScriptElement.cpp:
2591         (WebCore::HTMLScriptElement::crossOrigin):
2592         (WebCore::HTMLScriptElement::src):
2593         (WebCore::HTMLScriptElement::sourceAttributeValue):
2594         (WebCore::HTMLScriptElement::charsetAttributeValue):
2595         (WebCore::HTMLScriptElement::typeAttributeValue):
2596         (WebCore::HTMLScriptElement::languageAttributeValue):
2597         (WebCore::HTMLScriptElement::forAttributeValue):
2598         (WebCore::HTMLScriptElement::eventAttributeValue):
2599         (WebCore::HTMLScriptElement::asyncAttributeValue):
2600         * html/HTMLSlotElement.cpp:
2601         (WebCore::HTMLSlotElement::insertedInto):
2602         (WebCore::HTMLSlotElement::removedFrom):
2603         * html/HTMLSourceElement.cpp:
2604         (WebCore::HTMLSourceElement::media):
2605         (WebCore::HTMLSourceElement::setMedia):
2606         (WebCore::HTMLSourceElement::type):
2607         (WebCore::HTMLSourceElement::setType):
2608         * html/HTMLTableCellElement.cpp:
2609         (WebCore::HTMLTableCellElement::colSpanForBindings):
2610         (WebCore::HTMLTableCellElement::rowSpan):
2611         (WebCore::HTMLTableCellElement::rowSpanForBindings):
2612         (WebCore::HTMLTableCellElement::cellIndex):
2613         (WebCore::HTMLTableCellElement::abbr):
2614         (WebCore::HTMLTableCellElement::axis):
2615         (WebCore::HTMLTableCellElement::setColSpanForBindings):
2616         (WebCore::HTMLTableCellElement::headers):
2617         (WebCore::HTMLTableCellElement::setRowSpanForBindings):
2618         (WebCore::HTMLTableCellElement::scope):
2619         (WebCore::HTMLTableCellElement::addSubresourceAttributeURLs):
2620         (WebCore::HTMLTableCellElement::cellAbove):
2621         * html/HTMLTableColElement.cpp:
2622         (WebCore::HTMLTableColElement::width):
2623         * html/HTMLTableElement.cpp:
2624         (WebCore::HTMLTableElement::rules):
2625         (WebCore::HTMLTableElement::summary):
2626         (WebCore::HTMLTableElement::addSubresourceAttributeURLs):
2627         * html/HTMLTableSectionElement.cpp:
2628         (WebCore::HTMLTableSectionElement::align):
2629         (WebCore::HTMLTableSectionElement::setAlign):
2630         (WebCore::HTMLTableSectionElement::ch):
2631         (WebCore::HTMLTableSectionElement::setCh):
2632         (WebCore::HTMLTableSectionElement::chOff):
2633         (WebCore::HTMLTableSectionElement::setChOff):
2634         (WebCore::HTMLTableSectionElement::vAlign):
2635         (WebCore::HTMLTableSectionElement::setVAlign):
2636         * html/HTMLTextAreaElement.cpp:
2637         (WebCore::HTMLTextAreaElement::appendFormData):
2638         * html/HTMLTextFormControlElement.cpp:
2639         (WebCore::HTMLTextFormControlElement::strippedPlaceholder):
2640         (WebCore::HTMLTextFormControlElement::isPlaceholderEmpty):
2641         (WebCore::HTMLTextFormControlElement::directionForFormData):
2642         * html/HTMLTrackElement.cpp:
2643         (WebCore::HTMLTrackElement::srclang):
2644         (WebCore::HTMLTrackElement::label):
2645         (WebCore::HTMLTrackElement::isDefault):
2646         (WebCore::HTMLTrackElement::ensureTrack):
2647         (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
2648         * html/HTMLVideoElement.cpp:
2649         (WebCore::HTMLVideoElement::parseAttribute):
2650         (WebCore::HTMLVideoElement::imageSourceURL):
2651         * html/ImageInputType.cpp:
2652         (WebCore::ImageInputType::height):
2653         (WebCore::ImageInputType::width):
2654         * html/InputType.cpp:
2655         (WebCore::InputType::applyStep):
2656         * html/MediaElementSession.cpp:
2657         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
2658         * html/MonthInputType.cpp:
2659         (WebCore::MonthInputType::createStepRange):
2660         * html/NumberInputType.cpp:
2661         (WebCore::NumberInputType::createStepRange):
2662         (WebCore::NumberInputType::sizeShouldIncludeDecoration):
2663         * html/RangeInputType.cpp:
2664         (WebCore::RangeInputType::createStepRange):
2665         (WebCore::RangeInputType::handleKeydownEvent):
2666         * html/TextFieldInputType.cpp:
2667         (WebCore::TextFieldInputType::appendFormData):
2668         (WebCore::TextFieldInputType::updateAutoFillButton):
2669         * html/TimeInputType.cpp:
2670         (WebCore::TimeInputType::createStepRange):
2671         * html/ValidationMessage.cpp:
2672         (WebCore::ValidationMessage::updateValidationMessage):
2673         * html/WeekInputType.cpp:
2674         (WebCore::WeekInputType::createStepRange):
2675         * html/track/WebVTTElement.cpp:
2676         (WebCore::WebVTTElement::createEquivalentHTMLElement):
2677         * inspector/InspectorPageAgent.cpp:
2678         (WebCore::InspectorPageAgent::buildObjectForFrame):
2679         * loader/FormSubmission.cpp:
2680         (WebCore::FormSubmission::create):
2681         * loader/FrameLoader.cpp:
2682         (WebCore::FrameLoader::defaultSubstituteDataForURL):
2683         * loader/ImageLoader.cpp:
2684         (WebCore::ImageLoader::updateFromElement):
2685         * loader/SubframeLoader.cpp:
2686         (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy):
2687         * mathml/MathMLElement.cpp:
2688         (WebCore::MathMLElement::colSpan):
2689         (WebCore::MathMLElement::rowSpan):
2690         (WebCore::MathMLElement::childShouldCreateRenderer):
2691         (WebCore::MathMLElement::defaultEventHandler):
2692         (WebCore::MathMLElement::cachedMathMLLength):
2693         * mathml/MathMLFractionElement.cpp:
2694         (WebCore::MathMLFractionElement::lineThickness):
2695         (WebCore::MathMLFractionElement::cachedFractionAlignment):
2696         * mathml/MathMLSelectElement.cpp:
2697         (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
2698         (WebCore::MathMLSelectElement::getSelectedActionChild):
2699         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2700         (WebCore::MathMLSelectElement::defaultEventHandler):
2701         (WebCore::MathMLSelectElement::willRespondToMouseClickEvents):
2702         (WebCore::MathMLSelectElement::toggle):
2703         * page/EventHandler.cpp:
2704         (WebCore::findDropZone):
2705         * page/Frame.cpp:
2706         (WebCore::Frame::matchLabelsAgainstElement):
2707         * page/PageSerializer.cpp:
2708         (WebCore::PageSerializer::serializeFrame):
2709         * platform/win/PasteboardWin.cpp:
2710         (WebCore::Pasteboard::writeImageToDataObject):
2711         * rendering/HitTestResult.cpp:
2712         (WebCore::HitTestResult::altDisplayString):
2713         * rendering/RenderDetailsMarker.cpp:
2714         (WebCore::RenderDetailsMarker::isOpen):
2715         * rendering/RenderImage.cpp:
2716         (WebCore::RenderImage::imageMap):
2717         (WebCore::RenderImage::nodeAtPoint):
2718         * rendering/RenderMenuList.cpp:
2719         (RenderMenuList::itemAccessibilityText):
2720         (RenderMenuList::itemToolTip):
2721         * rendering/RenderSearchField.cpp:
2722         (WebCore::RenderSearchField::autosaveName):
2723         * rendering/RenderThemeIOS.mm:
2724         (WebCore::getAttachmentProgress):
2725         (WebCore::AttachmentInfo::AttachmentInfo):
2726         * rendering/RenderThemeMac.mm:
2727         (WebCore::AttachmentLayout::layOutSubtitle):
2728         (WebCore::RenderThemeMac::paintAttachment):
2729         * rendering/mathml/MathMLStyle.cpp:
2730         (WebCore::MathMLStyle::resolveMathMLStyle):
2731         * rendering/mathml/RenderMathMLFenced.cpp:
2732         (WebCore::RenderMathMLFenced::updateFromElement):
2733         * rendering/mathml/RenderMathMLOperator.cpp:
2734         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
2735         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttributeValue):
2736         (WebCore::RenderMathMLOperator::setOperatorProperties):
2737         * rendering/mathml/RenderMathMLScripts.cpp:
2738         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
2739         * rendering/mathml/RenderMathMLUnderOver.cpp:
2740         (WebCore::RenderMathMLUnderOver::hasAccent):
2741         * style/StyleSharingResolver.cpp:
2742         (WebCore::Style::SharingResolver::canShareStyleWithElement):
2743         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
2744         * svg/SVGAElement.cpp:
2745         (WebCore::SVGAElement::title):
2746         (WebCore::SVGAElement::defaultEventHandler):
2747         * svg/SVGAltGlyphElement.cpp:
2748         (WebCore::SVGAltGlyphElement::glyphRef):
2749         (WebCore::SVGAltGlyphElement::setFormat):
2750         (WebCore::SVGAltGlyphElement::format):
2751         (WebCore::SVGAltGlyphElement::childShouldCreateRenderer):
2752         * svg/SVGAnimationElement.cpp:
2753         (WebCore::SVGAnimationElement::toValue):
2754         (WebCore::SVGAnimationElement::byValue):
2755         (WebCore::SVGAnimationElement::fromValue):
2756         (WebCore::SVGAnimationElement::isAdditive):
2757         (WebCore::SVGAnimationElement::isAccumulated):
2758         * svg/SVGElement.cpp:
2759         (WebCore::SVGElement::xmlbase):
2760         (WebCore::SVGElement::setXmlbase):
2761         * svg/SVGFontFaceElement.cpp:
2762         (WebCore::SVGFontFaceElement::unitsPerEm):
2763         (WebCore::SVGFontFaceElement::xHeight):
2764         (WebCore::SVGFontFaceElement::capHeight):
2765         (WebCore::SVGFontFaceElement::horizontalOriginX):
2766         (WebCore::SVGFontFaceElement::horizontalOriginY):
2767         (WebCore::SVGFontFaceElement::horizontalAdvanceX):
2768         (WebCore::SVGFontFaceElement::verticalOriginX):
2769         (WebCore::SVGFontFaceElement::verticalOriginY):
2770         (WebCore::SVGFontFaceElement::verticalAdvanceY):
2771         (WebCore::SVGFontFaceElement::ascent):
2772         (WebCore::SVGFontFaceElement::descent):
2773         * svg/SVGFontFaceNameElement.cpp:
2774         (WebCore::SVGFontFaceNameElement::srcValue):
2775         * svg/SVGFontFaceUriElement.cpp:
2776         (WebCore::SVGFontFaceUriElement::srcValue):
2777         * svg/SVGGlyphRefElement.cpp:
2778         (WebCore::SVGGlyphRefElement::glyphRef):
2779         (WebCore::SVGGlyphRefElement::setGlyphRef):
2780         * svg/SVGHKernElement.cpp:
2781         (WebCore::SVGHKernElement::buildHorizontalKerningPair):
2782         * svg/SVGSVGElement.cpp:
2783         (WebCore::SVGSVGElement::contentScriptType):
2784         (WebCore::SVGSVGElement::contentStyleType):
2785         * svg/SVGStyleElement.cpp:
2786         (WebCore::SVGStyleElement::media):
2787         (WebCore::SVGStyleElement::title):
2788         (WebCore::SVGStyleElement::setTitle):
2789         * svg/SVGToOTFFontConversion.cpp:
2790         (WebCore::SVGToOTFFontConverter::appendOS2Table):
2791         (WebCore::SVGToOTFFontConverter::appendCFFTable):
2792         (WebCore::SVGToOTFFontConverter::appendArabicReplacementSubtable):
2793         (WebCore::SVGToOTFFontConverter::appendVORGTable):
2794         (WebCore::SVGToOTFFontConverter::transcodeGlyphPaths):
2795         (WebCore::SVGToOTFFontConverter::processGlyphElement):
2796         (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically):
2797         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
2798         * svg/SVGVKernElement.cpp:
2799         (WebCore::SVGVKernElement::buildVerticalKerningPair):
2800         * svg/animation/SVGSMILElement.cpp:
2801         (WebCore::SVGSMILElement::insertedInto):
2802         (WebCore::SVGSMILElement::parseAttribute):
2803         (WebCore::SVGSMILElement::svgAttributeChanged):
2804         (WebCore::SVGSMILElement::restart):
2805         (WebCore::SVGSMILElement::fill):
2806         (WebCore::SVGSMILElement::dur):
2807         (WebCore::SVGSMILElement::repeatDur):
2808         (WebCore::SVGSMILElement::repeatCount):
2809         (WebCore::SVGSMILElement::maxValue):
2810         (WebCore::SVGSMILElement::minValue):
2811
2812 2016-07-16  Carlos Garcia Campos  <cgarcia@igalia.com>
2813
2814         ASSERTION FAILED: isMainThread() in ~UniqueIDBDatabase() since r201997
2815         https://bugs.webkit.org/show_bug.cgi?id=159809
2816
2817         Reviewed by Brady Eidson.
2818
2819         In r201997 the UniqueIDBDatabase was protected in executeNextDatabaseTask() because the last reference could be
2820         removed while the task is performed. However UniqueIDBDatabase is expected to be deleted in the main thread, and
2821         the destructor asserts when not called in the main thread, but executeNextDatabaseTask() is always called on a
2822         secondary thread. So, if the protector contains the last reference, the object is deleted in the secondary thread.
2823
2824         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
2825         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask): Use callOnMainThread to ensure the object is
2826         deleted in the main thread in case the protector contains the last reference.
2827
2828 2016-07-15  Chris Dumez  <cdumez@apple.com>
2829
2830         Use emptyString() / nullAtom when possible
2831         https://bugs.webkit.org/show_bug.cgi?id=159850
2832
2833         Reviewed by Ryosuke Niwa.
2834
2835         Use emptyString() / nullAtom when possible, for performance.
2836
2837         * Modules/webaudio/AudioNode.cpp:
2838         (WebCore::AudioNode::channelCountMode):
2839         (WebCore::AudioNode::channelInterpretation):
2840         * Modules/webdatabase/DatabaseTracker.cpp:
2841         (WebCore::DatabaseTracker::tracker):
2842         * Modules/websockets/WebSocket.cpp:
2843         (WebCore::WebSocket::WebSocket):
2844         (WebCore::WebSocket::didConnect):
2845         * Modules/websockets/WebSocketChannel.cpp:
2846         (WebCore::WebSocketChannel::subprotocol):
2847         (WebCore::WebSocketChannel::extensions):
2848         * accessibility/AccessibilityObject.cpp:
2849         (WebCore::AccessibilityObject::supportsPressAction):
2850         * accessibility/mac/AXObjectCacheMac.mm:
2851         (WebCore::AXObjectCache::postTextStateChangePlatformNotification):
2852         * css/CSSPropertySourceData.cpp:
2853         (WebCore::CSSPropertySourceData::CSSPropertySourceData):
2854         * css/PageRuleCollector.cpp:
2855         (WebCore::PageRuleCollector::pageName):
2856         * css/PropertySetCSSStyleDeclaration.cpp:
2857         (WebCore::PropertySetCSSStyleDeclaration::getPropertyPriority):
2858         * dom/DocumentMarkerController.cpp:
2859         (WebCore::DocumentMarkerController::addDictationPhraseWithAlternativesMarker):
2860         * dom/Element.cpp:
2861         (WebCore::Element::setPrefix):
2862         * editing/AlternativeTextController.cpp:
2863         (WebCore::AlternativeTextController::respondToMarkerAtEndOfWord):
2864         (WebCore::AlternativeTextController::markerDescriptionForAppliedAlternativeText):
2865         * editing/CompositeEditCommand.cpp:
2866         (WebCore::CompositeEditCommand::removeNodeAttribute):
2867         (WebCore::CompositeEditCommand::moveParagraphs):
2868         * editing/InsertTextCommand.cpp:
2869         (WebCore::InsertTextCommand::positionInsideTextNode):
2870         * editing/TextCheckingHelper.cpp:
2871         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
2872         * editing/TypingCommand.cpp:
2873         (WebCore::TypingCommand::deleteSelection):
2874         (WebCore::TypingCommand::deleteKeyPressed):
2875         (WebCore::TypingCommand::forwardDeleteKeyPressed):
2876         (WebCore::TypingCommand::insertLineBreak):
2877         (WebCore::TypingCommand::insertParagraphSeparator):
2878         * editing/cocoa/EditorCocoa.mm:
2879         (WebCore::Editor::styleForSelectionStart):
2880         * editing/mac/EditorMac.mm:
2881         (WebCore::Editor::stringSelectionForPasteboard):
2882         (WebCore::Editor::stringSelectionForPasteboardWithImageAltText):
2883         * fileapi/FileReaderLoader.cpp:
2884         (WebCore::FileReaderLoader::FileReaderLoader):
2885         * html/FileInputType.cpp:
2886         (WebCore::FileInputType::appendFormData):
2887         * html/HTMLMediaElement.cpp:
2888         (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
2889         * html/HTMLOutputElement.cpp:
2890         (WebCore::HTMLOutputElement::HTMLOutputElement):
2891         * html/SearchInputType.cpp:
2892         (WebCore::SearchInputType::handleKeydownEvent):
2893         * html/TextFieldInputType.cpp:
2894         (WebCore::autoFillButtonTypeToAccessibilityLabel):
2895         * html/canvas/WebGLDebugShaders.cpp:
2896         (WebCore::WebGLDebugShaders::getTranslatedShaderSource):
2897         * html/canvas/WebGLRenderingContextBase.cpp:
2898         (WebCore::WebGLRenderingContextBase::dispatchContextLostEvent):
2899         (WebCore::WebGLRenderingContextBase::maybeRestoreContext):
2900         * html/canvas/WebGLShader.cpp:
2901         (WebCore::WebGLShader::WebGLShader):
2902         * html/shadow/MediaControlElements.cpp:
2903         (WebCore::MediaControlStatusDisplayElement::update):
2904         * html/track/TextTrack.cpp:
2905         (WebCore::TextTrack::captionMenuOffItem):
2906         (WebCore::TextTrack::captionMenuAutomaticItem):
2907         * html/track/VTTRegion.cpp:
2908         (WebCore::VTTRegion::scroll):
2909         * html/track/VTTRegion.h:
2910         * inspector/InspectorDOMAgent.cpp:
2911         (WebCore::InspectorDOMAgent::toErrorString):
2912         (WebCore::InspectorDOMAgent::resolveNode):
2913         (WebCore::InspectorDOMAgent::documentURLString):
2914         (WebCore::documentBaseURLString):
2915         * inspector/InspectorDOMDebuggerAgent.cpp:
2916         (WebCore::domTypeName):
2917         * inspector/InspectorFrontendHost.cpp:
2918         (WebCore::InspectorFrontendHost::localizedStringsURL):
2919         * inspector/InspectorHistory.cpp:
2920         (WebCore::InspectorHistory::Action::mergeId):
2921         * inspector/InspectorPageAgent.cpp:
2922         (WebCore::InspectorPageAgent::reload):
2923         (WebCore::InspectorPageAgent::frameId):
2924         (WebCore::InspectorPageAgent::loaderId):
2925         * inspector/InspectorStyleSheet.cpp:
2926         (WebCore::InspectorStyleSheet::ruleSelector):
2927         * loader/EmptyClients.h:
2928         * loader/FrameLoader.cpp:
2929         (WebCore::FrameLoader::referrer):
2930         * loader/ImageLoader.cpp:
2931         (WebCore::ImageLoader::clearFailedLoadURL):
2932         * loader/ResourceLoader.cpp:
2933         (WebCore::ResourceLoader::didReceiveResponse):
2934         * page/ContextMenuController.cpp:
2935         (WebCore::ContextMenuController::contextMenuItemSelected):
2936         * page/FrameTree.cpp:
2937         (WebCore::FrameTree::setName):
2938         (WebCore::FrameTree::clearName):
2939         * page/Location.cpp:
2940         (WebCore::Location::port):
2941         * platform/network/ProtectionSpaceBase.cpp:
2942         (WebCore::ProtectionSpaceBase::ProtectionSpaceBase):
2943         * xml/parser/XMLDocumentParserLibxml2.cpp:
2944         (WebCore::handleElementAttributes):
2945
2946 2016-07-15  Simon Fraser  <simon.fraser@apple.com>
2947
2948         Repaints rects drawn incorrectly when inspecting a WebView on a Retina display
2949         https://bugs.webkit.org/show_bug.cgi?id=159824
2950         rdar://problem/27376305
2951
2952         Reviewed by Brian Burg.
2953
2954         InspectorOverlayPage.js set up the canvases with a deviceScaleFactor passed into
2955         reset(), which comes from the overlay's m_page.deviceScaleFactor(). However, updatePaintRects()
2956         used window.devicePixelRatio which was always 1.
2957
2958         Fix by setting the deviceScaleFactor on the m_overlayPage.
2959
2960         * inspector/InspectorOverlay.cpp:
2961         (WebCore::InspectorOverlay::overlayPage):
2962
2963 2016-07-15  Myles C. Maxfield  <mmaxfield@apple.com>
2964
2965         [macOS] Work around crash in [NSAttributedString nextWordFromIndex:forward:]
2966         https://bugs.webkit.org/show_bug.cgi?id=159842
2967
2968         Reviewed by Jon Lee.
2969
2970         <rdar://problem/27380532> describes a crash inside [NSAttributedString nextWordFromIndex:forward:].
2971         This must be worked around for https://bugs.webkit.org/show_bug.cgi?id=159755 and
2972         <rdar://problem/27325521>.
2973
2974         * platform/text/mac/TextBoundaries.mm:
2975         (WebCore::findNextWordFromIndex):
2976
2977 2016-07-15  Brady Eidson  <beidson@apple.com>
2978
2979         Update XPathException to use the description in toString().
2980         https://bugs.webkit.org/show_bug.cgi?id=159848
2981
2982         Reviewed by Alex Christensen.
2983
2984         No new tests (Covered by changes to existing tests).
2985
2986         * bindings/js/JSDOMBinding.cpp:
2987         (WebCore::createDOMException):
2988         * xml/XPathException.h:
2989         (WebCore::XPathException::XPathException):
2990
2991 2016-07-15  Brady Eidson  <beidson@apple.com>
2992
2993         Change toString() behavior for exceptions constructed with "createWithDescriptionAsMessage".
2994         https://bugs.webkit.org/show_bug.cgi?id=159839
2995
2996         Reviewed by Alex Christensen.
2997
2998         No new tests (Covered by changes to existing tests).
2999
3000         This is the first step towards extended exception messages for all exception types.
3001
3002         * dom/ExceptionBase.cpp:
3003         (WebCore::ExceptionBase::ExceptionBase):
3004         (WebCore::ExceptionBase::toString):
3005         * dom/ExceptionBase.h:
3006
3007 2016-07-15  Geoffrey Garen  <ggaren@apple.com>
3008
3009         Added a makeRef<T> helper
3010         https://bugs.webkit.org/show_bug.cgi?id=159835
3011
3012         Reviewed by Andreas Kling.
3013
3014         Anders told me to!
3015
3016         * Modules/indexeddb/IDBTransaction.cpp:
3017         (WebCore::IDBTransaction::putOrAddOnServer):
3018         * Modules/indexeddb/shared/InProcessIDBServer.cpp:
3019         (WebCore::InProcessIDBServer::deleteDatabase):
3020         (WebCore::InProcessIDBServer::didDeleteDatabase):
3021         (WebCore::InProcessIDBServer::openDatabase):
3022         (WebCore::InProcessIDBServer::didOpenDatabase):
3023         (WebCore::InProcessIDBServer::didAbortTransaction):
3024         (WebCore::InProcessIDBServer::didCommitTransaction):
3025         (WebCore::InProcessIDBServer::didCreateObjectStore):
3026         (WebCore::InProcessIDBServer::didDeleteObjectStore):
3027         (WebCore::InProcessIDBServer::didClearObjectStore):
3028         (WebCore::InProcessIDBServer::didCreateIndex):
3029         (WebCore::InProcessIDBServer::didDeleteIndex):
3030         (WebCore::InProcessIDBServer::didPutOrAdd):
3031         (WebCore::InProcessIDBServer::didGetRecord):
3032         (WebCore::InProcessIDBServer::didGetCount):
3033         (WebCore::InProcessIDBServer::didDeleteRecord):
3034         (WebCore::InProcessIDBServer::didOpenCursor):
3035         (WebCore::InProcessIDBServer::didIterateCursor):
3036         (WebCore::InProcessIDBServer::abortTransaction):
3037         (WebCore::InProcessIDBServer::commitTransaction):
3038         (WebCore::InProcessIDBServer::didFinishHandlingVersionChangeTransaction):
3039         (WebCore::InProcessIDBServer::createObjectStore):
3040         (WebCore::InProcessIDBServer::deleteObjectStore):
3041         (WebCore::InProcessIDBServer::clearObjectStore):
3042         (WebCore::InProcessIDBServer::createIndex):
3043         (WebCore::InProcessIDBServer::deleteIndex):
3044         (WebCore::InProcessIDBServer::putOrAdd):
3045         (WebCore::InProcessIDBServer::getRecord):
3046         (WebCore::InProcessIDBServer::getCount):
3047         (WebCore::InProcessIDBServer::deleteRecord):
3048         (WebCore::InProcessIDBServer::openCursor):
3049         (WebCore::InProcessIDBServer::iterateCursor):
3050         (WebCore::InProcessIDBServer::establishTransaction):
3051         (WebCore::InProcessIDBServer::fireVersionChangeEvent):
3052         (WebCore::InProcessIDBServer::didStartTransaction):
3053         (WebCore::InProcessIDBServer::didCloseFromServer):
3054         (WebCore::InProcessIDBServer::notifyOpenDBRequestBlocked):
3055         (WebCore::InProcessIDBServer::databaseConnectionClosed):
3056         (WebCore::InProcessIDBServer::abortOpenAndUpgradeNeeded):
3057         (WebCore::InProcessIDBServer::didFireVersionChangeEvent):
3058         (WebCore::InProcessIDBServer::openDBRequestCancelled):
3059         (WebCore::InProcessIDBServer::confirmDidCloseFromServer):
3060         (WebCore::InProcessIDBServer::getAllDatabaseNames):
3061         (WebCore::InProcessIDBServer::didGetAllDatabaseNames):
3062         * Modules/mediastream/MediaDevicesRequest.cpp:
3063         (WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest):
3064         * Modules/mediastream/UserMediaRequest.cpp:
3065         (WebCore::UserMediaRequest::constraintsValidated):
3066         (WebCore::UserMediaRequest::userMediaAccessGranted):
3067         * Modules/webaudio/AudioContext.cpp:
3068         (WebCore::AudioContext::scheduleNodeDeletion):
3069         (WebCore::AudioContext::isPlayingAudioDidChange):
3070         (WebCore::AudioContext::suspend):
3071         (WebCore::AudioContext::resume):
3072         (WebCore::AudioContext::close):
3073         (WebCore::AudioContext::suspendPlayback):
3074         (WebCore::AudioContext::mayResumePlayback):
3075         * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
3076         (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
3077         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
3078         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
3079         (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
3080         (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
3081         (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
3082         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
3083         (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
3084         * Modules/websockets/WebSocket.cpp:
3085         (WebCore::WebSocket::connect):
3086         * bindings/js/JSEventListener.h:
3087         (WebCore::JSEventListener::jsFunction):
3088         * dom/Node.cpp:
3089         (WebCore::Node::setTextContent):
3090         * html/HTMLMediaElement.cpp:
3091         (WebCore::HTMLMediaElement::layoutSizeChanged):
3092         * inspector/CommandLineAPIHost.cpp:
3093         (WebCore::CommandLineAPIHost::wrapper):
3094         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
3095         (WebCore::AudioSourceProviderAVFObjC::prepare):
3096         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
3097         (WebCore::WebCoreAVCFResourceLoader::invalidate):
3098         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
3099         (WebCore::WebCoreAVFResourceLoader::invalidate):
3100         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
3101         (WebVideoFullscreenControllerContext::setExternalPlayback):
3102         * platform/network/BlobResourceHandle.cpp:
3103         (WebCore::BlobResourceHandle::start):
3104         (WebCore::BlobResourceHandle::notifyFinish):
3105         * platform/network/SocketStreamHandleBase.cpp:
3106         (WebCore::SocketStreamHandleBase::disconnect):
3107         * platform/network/curl/CurlDownload.cpp:
3108         (WebCore::CurlDownload::didReceiveHeader):
3109
3110 2016-07-15  Chris Dumez  <cdumez@apple.com>
3111
3112         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible
3113         https://bugs.webkit.org/show_bug.cgi?id=159793
3114
3115         Reviewed by Ryosuke Niwa.
3116
3117         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible, for performance.
3118
3119         * Modules/plugins/YouTubePluginReplacement.cpp:
3120         (WebCore::YouTubePluginReplacement::installReplacement):
3121         * dom/Element.h:
3122         (WebCore::Element::setIdAttribute):
3123         * editing/ApplyStyleCommand.cpp:
3124         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
3125         (WebCore::createFontElement):
3126         (WebCore::ApplyStyleCommand::applyInlineStyleChange):
3127         * editing/EditingStyle.cpp:
3128         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
3129         * editing/Editor.cpp:
3130         (WebCore::Editor::setBaseWritingDirection):
3131         * editing/ReplaceSelectionCommand.cpp:
3132         (WebCore::isMailPasteAsQuotationNode):
3133         (WebCore::isInlineNodeWithStyle):
3134         * editing/cocoa/DataDetection.mm:
3135         (WebCore::DataDetection::detectContentInRange):
3136         * editing/htmlediting.cpp:
3137         (WebCore::createTabSpanElement):
3138         * editing/ios/EditorIOS.mm:
3139         (WebCore::Editor::setTextAlignmentForChangedBaseWritingDirection):
3140         (WebCore::Editor::WebContentReader::readURL):
3141         * editing/mac/EditorMac.mm:
3142         (WebCore::Editor::WebContentReader::readURL):
3143         * editing/markup.cpp:
3144         (WebCore::createFragmentFromText):
3145         * html/BaseButtonInputType.cpp:
3146         (WebCore::BaseButtonInputType::setValue):
3147         * html/BaseCheckableInputType.cpp:
3148         (WebCore::BaseCheckableInputType::setValue):
3149         * html/FTPDirectoryDocument.cpp:
3150         (WebCore::FTPDirectoryDocumentParser::appendEntry):
3151         (WebCore::FTPDirectoryDocumentParser::createTDForFilename):
3152         (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
3153         (WebCore::FTPDirectoryDocumentParser::createBasicDocument):
3154         * html/HTMLAnchorElement.cpp:
3155         (WebCore::HTMLAnchorElement::href):
3156         (WebCore::HTMLAnchorElement::setHref):
3157         (WebCore::HTMLAnchorElement::target):
3158         * html/HTMLAreaElement.cpp:
3159         (WebCore::HTMLAreaElement::target):
3160         * html/HTMLBaseElement.cpp:
3161         (WebCore::HTMLBaseElement::setHref):
3162         * html/HTMLButtonElement.cpp:
3163         (WebCore::HTMLButtonElement::setType):
3164         * html/HTMLDetailsElement.cpp:
3165         (WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot):
3166         (WebCore::HTMLDetailsElement::toggleOpen):
3167         * html/HTMLDocument.cpp:
3168         (WebCore::HTMLDocument::setBgColor):
3169         (WebCore::HTMLDocument::setFgColor):
3170         (WebCore::HTMLDocument::setAlinkColor):
3171         (WebCore::HTMLDocument::setLinkColor):
3172         (WebCore::HTMLDocument::setVlinkColor):
3173         * html/HTMLElement.cpp:
3174         (WebCore::HTMLElement::setDir):
3175         (WebCore::HTMLElement::setContentEditable):
3176         (WebCore::HTMLElement::setDraggable):
3177         (WebCore::HTMLElement::setSpellcheck):
3178         (WebCore::HTMLElement::setTranslate):
3179         * html/HTMLFormControlElement.cpp:
3180         (WebCore::HTMLFormControlElement::setFormEnctype):
3181         (WebCore::HTMLFormControlElement::setFormMethod):
3182         (WebCore::HTMLFormControlElement::setAutocorrect):
3183         (WebCore::HTMLFormControlElement::setAutocapitalize):
3184         (WebCore::HTMLFormControlElement::setAutocomplete):
3185         * html/HTMLFormElement.cpp:
3186         (WebCore::HTMLFormElement::setAutocorrect):
3187         (WebCore::HTMLFormElement::setAutocapitalize):
3188         (WebCore::HTMLFormElement::setAction):
3189         (WebCore::HTMLFormElement::setEnctype):
3190         (WebCore::HTMLFormElement::setMethod):
3191         (WebCore::HTMLFormElement::target):
3192         * html/HTMLImageElement.cpp:
3193         (WebCore::HTMLImageElement::width):
3194         (WebCore::HTMLImageElement::height):
3195         (WebCore::HTMLImageElement::setSrc):
3196         * html/HTMLInputElement.cpp:
3197         (WebCore::HTMLInputElement::setType):
3198         (WebCore::HTMLInputElement::updateType):
3199         (WebCore::HTMLInputElement::altText):
3200         (WebCore::HTMLInputElement::setDefaultValue):
3201         * html/HTMLLinkElement.cpp:
3202         (WebCore::HTMLLinkElement::href):
3203         (WebCore::HTMLLinkElement::target):
3204         (WebCore::HTMLLinkElement::type):
3205         * html/HTMLMediaElement.cpp:
3206         (WebCore::HTMLMediaElement::setSrc):
3207         (WebCore::HTMLMediaElement::setPreload):
3208         * html/HTMLMeterElement.cpp:
3209         (WebCore::HTMLMeterElement::min):
3210         (WebCore::HTMLMeterElement::setMin):
3211         (WebCore::HTMLMeterElement::max):
3212         (WebCore::HTMLMeterElement::setMax):
3213         (WebCore::HTMLMeterElement::value):
3214         (WebCore::HTMLMeterElement::setValue):
3215         (WebCore::HTMLMeterElement::low):
3216         (WebCore::HTMLMeterElement::setLow):
3217         (WebCore::HTMLMeterElement::high):
3218         (WebCore::HTMLMeterElement::setHigh):
3219         (WebCore::HTMLMeterElement::optimum):
3220         (WebCore::HTMLMeterElement::setOptimum):
3221         * html/HTMLObjectElement.cpp:
3222         (WebCore::HTMLObjectElement::containsJavaApplet):
3223         * html/HTMLOptionElement.cpp:
3224         (WebCore::HTMLOptionElement::createForJSConstructor):
3225         (WebCore::HTMLOptionElement::setValue):
3226         (WebCore::HTMLOptionElement::setLabel):
3227         * html/HTMLProgressElement.cpp:
3228         (WebCore::HTMLProgressElement::setValue):
3229         (WebCore::HTMLProgressElement::setMax):
3230         * html/HTMLScriptElement.cpp:
3231         (WebCore::HTMLScriptElement::typeAttributeValue):
3232         * html/HTMLSelectElement.cpp:
3233         (WebCore::HTMLSelectElement::setMultiple):
3234         * html/HTMLSourceElement.cpp:
3235         (WebCore::HTMLSourceElement::setSrc):
3236         (WebCore::HTMLSourceElement::media):
3237         (WebCore::HTMLSourceElement::setMedia):
3238         (WebCore::HTMLSourceElement::type):
3239         (WebCore::HTMLSourceElement::setType):
3240         * html/HTMLTableSectionElement.cpp:
3241         (WebCore::HTMLTableSectionElement::setAlign):
3242         (WebCore::HTMLTableSectionElement::setCh):
3243         (WebCore::HTMLTableSectionElement::chOff):
3244         (WebCore::HTMLTableSectionElement::setChOff):
3245         (WebCore::HTMLTableSectionElement::setVAlign):
3246         * html/HTMLTextFormControlElement.cpp:
3247         (WebCore::HTMLTextFormControlElement::updateInnerTextElementEditability):
3248         * html/HTMLVideoElement.cpp:
3249         (WebCore::HTMLVideoElement::imageSourceURL):
3250         * html/HiddenInputType.cpp:
3251         (WebCore::HiddenInputType::restoreFormControlState):
3252         (WebCore::HiddenInputType::setValue):
3253         * html/MediaDocument.cpp:
3254         (WebCore::MediaDocumentParser::createDocumentStructure):
3255         (WebCore::MediaDocument::replaceMediaElementTimerFired):
3256         * html/PluginDocument.cpp:
3257         (WebCore::PluginDocumentParser::createDocumentStructure):
3258         * html/TextFieldInputType.cpp:
3259         (WebCore::TextFieldInputType::createAutoFillButton):
3260         (WebCore::TextFieldInputType::updateAutoFillButton):
3261         * html/parser/HTMLTreeBuilder.cpp:
3262         (WebCore::HTMLTreeBuilder::processIsindexStartTagForInBody):
3263         * html/shadow/MediaControlElements.cpp:
3264         (WebCore::MediaControlClosedCaptionsContainerElement::create):
3265         (WebCore::MediaControlTimelineElement::create):
3266         (WebCore::MediaControlPanelVolumeSliderElement::create):
3267         (WebCore::MediaControlFullscreenVolumeSliderElement::create):
3268         * html/shadow/TextControlInnerElements.cpp:
3269         (WebCore::SearchFieldCancelButtonElement::SearchFieldCancelButtonElement):
3270         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
3271         (WebCore::ImageControlsButtonElementMac::tryCreate):
3272         * html/shadow/mac/ImageControlsRootElementMac.cpp:
3273         (WebCore::ImageControlsRootElement::tryCreate):
3274         * html/track/WebVTTElement.cpp:
3275         (WebCore::WebVTTElement::createEquivalentHTMLElement):
3276         * html/track/WebVTTParser.cpp:
3277         (WebCore::WebVTTTreeBuilder::constructTreeFromToken):
3278         * inspector/InspectorCSSAgent.cpp:
3279         (WebCore::InspectorCSSAgent::createInspectorStyleSheetForDocument):
3280         * inspector/InspectorPageAgent.cpp:
3281         (WebCore::InspectorPageAgent::buildObjectForFrame):
3282         * mathml/MathMLSelectElement.cpp:
3283         (WebCore::MathMLSelectElement::toggle):
3284         * page/PageSerializer.cpp:
3285         (WebCore::PageSerializer::serializeFrame):
3286         * rendering/RenderDetailsMarker.cpp:
3287         (WebCore::RenderDetailsMarker::isOpen):
3288         * rendering/mathml/RenderMathMLFraction.cpp:
3289         (WebCore::RenderMathMLFraction::updateFromElement):
3290         * svg/SVGElement.cpp:
3291         (WebCore::SVGElement::setXmlbase):
3292         * svg/SVGSVGElement.cpp:
3293         (WebCore::SVGSVGElement::setContentScriptType):
3294         (WebCore::SVGSVGElement::setContentStyleType):
3295         * svg/SVGStyleElement.cpp:
3296         (WebCore::SVGStyleElement::setMedia):
3297         (WebCore::SVGStyleElement::setTitle):
3298
3299 2016-07-15  Chris Dumez  <cdumez@apple.com>
3300
3301         Modernize StaticNodeList / StaticElementList
3302         https://bugs.webkit.org/show_bug.cgi?id=159831
3303
3304         Reviewed by Ryosuke Niwa.
3305
3306         Modernize StaticNodeList / StaticElementList. Pass vector to adopt
3307         as an rvalue reference instead of a non-const reference.
3308
3309         * bindings/js/JSHTMLAllCollectionCustom.cpp:
3310         (WebCore::namedItems):
3311         * dom/ChildListMutationScope.cpp:
3312         (WebCore::ChildListMutationAccumulator::enqueueMutationRecord):
3313         * dom/MutationRecord.cpp:
3314         * dom/SelectorQuery.cpp:
3315         (WebCore::SelectorDataList::queryAll):
3316         * dom/StaticNodeList.h:
3317         * dom/WebKitNamedFlow.cpp:
3318         (WebCore::WebKitNamedFlow::getRegionsByContent):
3319         (WebCore::WebKitNamedFlow::getRegions):
3320         (WebCore::WebKitNamedFlow::getContent):
3321         * svg/SVGSVGElement.cpp:
3322         (WebCore::SVGSVGElement::collectIntersectionOrEnclosureList):
3323         * testing/Internals.cpp:
3324         (WebCore::Internals::nodesFromRect):
3325
3326 2016-07-15  Brent Fulgham  <bfulgham@apple.com>
3327
3328         Block insecure script running in a data: frame when the top-level page is HTTPS
3329         https://bugs.webkit.org/show_bug.cgi?id=125806
3330         <rdar://problem/27331825>
3331
3332         Reviewed by Brady Eidson.
3333
3334         Fix based on a Blink change (patch by <tsepez@chromium.org>):
3335         <https://chromium.googlesource.com/chromium/blink/+/33e553bd96e040151c1472289a0d80803bfca3a5>
3336
3337         Test: http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html
3338
3339         * loader/cache/CachedResourceLoader.cpp:
3340         (WebCore::CachedResourceLoader::checkInsecureContent): Check the top-level frame's security state
3341         before allowing insecure scripts to be used.        
3342
3343 2016-07-15  Chris Dumez  <cdumez@apple.com>
3344
3345         Let the compiler generate QualifiedName copy constructor and assignment operator
3346         https://bugs.webkit.org/show_bug.cgi?id=159826
3347
3348         Reviewed by Alex Christensen.
3349
3350         Let the compiler generate QualifiedName copy constructor and assignment operator
3351         as our custom implementation does nothing special. This also makes QualifiedName
3352         movable as the compiler is now able to generate the move constructor / assignment
3353         operator as well.
3354
3355         * dom/QualifiedName.h:
3356         (WebCore::QualifiedName::QualifiedName): Deleted.
3357         (WebCore::QualifiedName::operator=): Deleted.
3358
3359 2016-07-15  Antonio Gomes  <tonikitoo@igalia.com>
3360
3361         ScrollView::setHasHorizontalScrollbar / setHasVerticalScrollbar duplicate their logic
3362         https://bugs.webkit.org/show_bug.cgi?id=159825
3363
3364         Patch introduces a (private) method to ScrollView
3365         to share the code/logic of setHas{Horizontal,Vertical}Scrollbar.
3366
3367         Reviewed by Simon Fraser.
3368
3369         No new tests needed.
3370
3371         * platform/ScrollView.cpp:
3372         (WebCore::ScrollView::setHasScrollbarInternal):
3373         (WebCore::ScrollView::setHasHorizontalScrollbar):
3374         (WebCore::ScrollView::setHasVerticalScrollbar):
3375         * platform/ScrollView.h:
3376
3377 2016-07-15  Frederic Wang  <fwang@igalia.com>
3378
3379         MathOperator: Improve alignment for vertical size variant
3380         https://bugs.webkit.org/show_bug.cgi?id=158866
3381
3382         Reviewed by Brent Fulgham.
3383
3384         The MathOperator class may stretch operators with either a large glyph or a glyph assembly.
3385         In the latter case, the assembly is adjusted to match the stretch ascent and descent
3386         requested by the callers. But in the former case the glyph ascent and descent are used
3387         instead. We solve this by making MathOperator::stretchTo only take a targetSize and let
3388         callers do the vertical alignment they want. This improves the rendering of fences with some
3389         math fonts (e.g. XITS) and allows to pass the two cases of mo-axis-height-1.html.
3390
3391         Test: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
3392
3393         * rendering/mathml/MathOperator.cpp:
3394         (WebCore::MathOperator::stretchTo): Merge vertical and horizontal stretching into the same
3395         function with only the targetSize as a parameter.
3396         * rendering/mathml/RenderMathMLOperator.cpp:
3397         (WebCore::RenderMathMLOperator::stretchTo): Updated to use the new signature.
3398         (WebCore::RenderMathMLOperator::verticalStretchedOperatorShift): Helper function to calculate
3399         the shift necessary to align the baseline of the MathOperator instance with the one of the
3400         RenderMathMLOperator.
3401         (WebCore::RenderMathMLOperator::firstLineBaseline): Adjust the baseline.
3402         * rendering/mathml/RenderMathMLOperator.h: Declare verticalStretchedOperatorShift.
3403         * rendering/mathml/RenderMathMLRoot.cpp:
3404         (WebCore::RenderMathMLRoot::layoutBlock): Use the new signature. This function aligns the top
3405         of the radical with the overbar so we do not need to adjust baseline alignment here.
3406
3407 2016-07-15  Brady Eidson  <beidson@apple.com>
3408
3409         WebKit should prevent push/replace state with username in URL.
3410         <rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818
3411
3412         Reviewed by Brent Fulgham.
3413
3414         Test: http/tests/security/history-username-password.html
3415
3416         * page/History.cpp:
3417         (WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.
3418
3419 2016-07-15  Ryan Haddad  <ryanhaddad@apple.com>
3420
3421         Unreviewed, rolling out r203266.
3422
3423         This change caused editing/deleting/delete-emoji.html to time
3424         out on El Capitan, crash under GuardMalloc
3425
3426         Reverted changeset:
3427
3428         "Support new emoji group candidates"
3429         https://bugs.webkit.org/show_bug.cgi?id=159755
3430         http://trac.webkit.org/changeset/203266
3431
3432 2016-07-15  Frederic Wang  <fwang@igalia.com>
3433
3434         Move parsing of mfrac attributes into a MathMLFractionElement class
3435         https://bugs.webkit.org/show_bug.cgi?id=159624
3436
3437         Reviewed by Brent Fulgham.
3438
3439         We move the parsing of mfrac attributes to a MathMLFractionElement class. This allows to
3440         minimize the updates in RenderMathMLFraction and to remove the alignment members. Many of
3441         the members in updateLayoutParameters are actually only used in layoutBlock and could be
3442         removed in a follow-up patch. We also improve the resolution of negative line thickness value
3443         since the MathML recommendation says it should be rounded up to the nearest valid
3444         value (which is zero) instead of ignoring the attribute and using the line thickness.
3445
3446         No new tests, already covered by existing tests.
3447
3448         * CMakeLists.txt: Add MathMLFractionElement.
3449         * WebCore.xcodeproj/project.pbxproj: Ditto.
3450         * mathml/MathMLAllInOne.cpp: Ditto.
3451         * mathml/MathMLFractionElement.cpp: Added.
3452         (WebCore::MathMLFractionElement::MathMLFractionElement):
3453         (WebCore::MathMLFractionElement::create):
3454         (WebCore::MathMLFractionElement::lineThickness): Return the cached linethickness length,
3455         parsing it again if it is dirty. This handles the special values "thin", "medium" and "thick"
3456         or fallback to the general parseMathMLLength for MathML lengths.
3457         (WebCore::MathMLFractionElement::cachedFractionAlignment): Return the cached alignment value,
3458         parsing it again if it is dirty.
3459         (WebCore::MathMLFractionElement::numeratorAlignment): Return the cached alignment.
3460         (WebCore::MathMLFractionElement::denominatorAlignment): Ditto.
3461         (WebCore::MathMLFractionElement::parseAttribute): Make attributes dirty.
3462         (WebCore::MathMLFractionElement::createElementRenderer): Create a RenderMathMLFraction.
3463         * mathml/MathMLFractionElement.h: Added.
3464         * mathml/MathMLInlineContainerElement.cpp: We no longer need to handle fraction here.
3465         (WebCore::MathMLInlineContainerElement::createElementRenderer):
3466         * mathml/mathtags.in: Use MathMLFractionElement for mfrac.
3467         * rendering/mathml/RenderMathMLFraction.cpp:
3468         (WebCore::RenderMathMLFraction::updateLayoutParameters): New helper function to set the
3469         layout parameters, replacing updateFromElement. We no longer parse and store the alignment
3470         values here. We also change the resolution of negative values.
3471         (WebCore::RenderMathMLFraction::horizontalOffset): Use the enum from MathMLFractionElement.
3472         (WebCore::RenderMathMLFraction::layoutBlock): We call updateLayoutParameters instead of
3473         updateFromElement. The numerator and denominator alignments are resolved here.
3474         (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Deleted. Parsing of alignment
3475         attribute is now handled in MathMLFractionElement.
3476         (WebCore::RenderMathMLFraction::updateFromElement): Deleted. Attribute changes are now
3477         handled in MathMLFractionElement.
3478         (WebCore::RenderMathMLFraction::styleDidChange): Deleted. Font changes are properly handled.
3479         * rendering/mathml/RenderMathMLFraction.h: Update declarations.
3480
3481 2016-07-15  Frederic Wang  <fwang@igalia.com>
3482
3483         Check whether font is nonnull for GlyphData instead of calling GlyphData::isValid()
3484         https://bugs.webkit.org/show_bug.cgi?id=159783
3485
3486         Reviewed by Brent Fulgham.
3487
3488         GlyphData::isValid() returns true for GlyphData with null 'font' pointer when the 'glyph'
3489         index is nonzero. This behavior is not expected by the MathML code and we have had crashes
3490         in our test suite in the past on Windows (e.g. bug 140653). We thus replace the call to
3491         GlyphData::isValid() with a stronger verification: Whether the 'font' pointer is nonzero.
3492
3493         No new tests, this only makes null pointer checks stronger.
3494
3495         * rendering/mathml/MathOperator.cpp:
3496         (WebCore::boundsForGlyph):
3497         (WebCore::advanceWidthForGlyph):
3498         (WebCore::MathOperator::getBaseGlyph):
3499         (WebCore::MathOperator::setSizeVariant):
3500         (WebCore::MathOperator::fillWithVerticalExtensionGlyph):
3501         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph):
3502         (WebCore::MathOperator::paintVerticalGlyphAssembly):
3503         (WebCore::MathOperator::paintHorizontalGlyphAssembly):
3504         (WebCore::MathOperator::paint):
3505         * rendering/mathml/RenderMathMLOperator.cpp:
3506         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
3507         * rendering/mathml/RenderMathMLToken.cpp:
3508         (WebCore::RenderMathMLToken::computePreferredLogicalWidths):
3509         (WebCore::RenderMathMLToken::firstLineBaseline):
3510         (WebCore::RenderMathMLToken::layoutBlock):
3511         (WebCore::RenderMathMLToken::paint):
3512         (WebCore::RenderMathMLToken::paintChildren):
3513
3514 2016-07-15  Frederic Wang  <fwang@igalia.com>
3515
3516         Add DejaVu Math TeX Gyre to the list of math fonts.
3517         https://bugs.webkit.org/show_bug.cgi?id=159805
3518
3519         Reviewed by Brent Fulgham.
3520
3521         DejaVu 2.36 has a new math font that can be used for MathML rendering. Because this font is
3522         likely to be installed on many systems (Linux, LibreOffice, etc) we include it in the default
3523         list of font-families in mathml.css in order to increase the chance to find a math font.
3524
3525         No new tests, it only affects rendering when DejaVu Math TeX Gyre is installed on the system.
3526
3527         * css/mathml.css:
3528         (math):
3529
3530 2016-07-15  Eric Carlson  <eric.carlson@apple.com>
3531
3532         [MSE] Increase the SourceBuffer "fudge factor"
3533         https://bugs.webkit.org/show_bug.cgi?id=159813
3534         <rdar://problem/27372033>
3535
3536         Reviewed by Jon Lee.
3537         
3538         Some media encoding/conversion pipelines are sloppy when doing sample time/timescale
3539         math, and the error accumulation results in small gaps in the media timeline. r202641
3540         increased the maximum allowable gap from 0.01 second to one 24fps frame, but it turns
3541         out that at least one large provider has a significant amount of content encoded with
3542         up to two 24fps frames.
3543
3544         No new tests, updated media/media-source/media-source-small-gap.html.
3545
3546         * Modules/mediasource/SourceBuffer.cpp:
3547         (WebCore::currentTimeFudgeFactor): Increase maximum gap to 2002 / 24000 frames.
3548
3549 2016-07-15  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
3550
3551         Add final keyword to WebCore/svg classes
3552         https://bugs.webkit.org/show_bug.cgi?id=159802
3553
3554         Reviewed by Youenn Fablet.
3555
3556         Updated classes in the WebCore/svg directory to be marked as final where appropriate.
3557
3558         * svg/SVGException.h:
3559         * svg/SVGLengthList.h:
3560         * svg/SVGMatrix.h:
3561         * svg/SVGNumberList.h:
3562         * svg/SVGPaint.h:
3563         * svg/SVGPathBuilder.h:
3564         * svg/SVGPathByteStreamBuilder.h:
3565         * svg/SVGPathByteStreamSource.h:
3566         * svg/SVGPathSegArcAbs.h:
3567         * svg/SVGPathSegArcRel.h:
3568         * svg/SVGPathSegClosePath.h:
3569         * svg/SVGPathSegCurvetoCubicAbs.h:
3570         * svg/SVGPathSegCurvetoCubicRel.h:
3571         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
3572         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
3573         * svg/SVGPathSegCurvetoQuadraticAbs.h:
3574         * svg/SVGPathSegCurvetoQuadraticRel.h:
3575         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
3576         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
3577         * svg/SVGPathSegLinetoAbs.h:
3578         * svg/SVGPathSegLinetoHorizontalAbs.h:
3579         * svg/SVGPathSegLinetoHorizontalRel.h:
3580         * svg/SVGPathSegLinetoRel.h:
3581         * svg/SVGPathSegLinetoVerticalAbs.h:
3582         * svg/SVGPathSegLinetoVerticalRel.h:
3583         * svg/SVGPathSegListBuilder.h:
3584         * svg/SVGPathSegListSource.h:
3585         * svg/SVGPathSegMovetoAbs.h:
3586         * svg/SVGPathSegMovetoRel.h:
3587         * svg/SVGPathStringSource.h:
3588         * svg/SVGPathTraversalStateBuilder.h:
3589         * svg/SVGPointList.h:
3590         * svg/SVGRenderingIntent.h:
3591         * svg/SVGStringList.h:
3592         * svg/SVGTRefElement.cpp:
3593         * svg/SVGToOTFFontConversion.cpp:
3594         * svg/SVGTransformList.h:
3595         * svg/SVGUnitTypes.h:
3596         * svg/SVGViewSpec.h:
3597         * svg/SVGZoomEvent.h:
3598         * svg/animation/SMILTimeContainer.h:
3599         * svg/animation/SVGSMILElement.cpp:
3600         * svg/graphics/filters/SVGFEImage.h:
3601         * svg/graphics/filters/SVGFilter.h:
3602         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
3603         * svg/properties/SVGAnimatedPropertyTearOff.h:
3604         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
3605         * svg/properties/SVGMatrixTearOff.h:
3606         * svg/properties/SVGPathSegListPropertyTearOff.h:
3607         * svg/properties/SVGStaticListPropertyTearOff.h:
3608         * svg/properties/SVGStaticPropertyTearOff.h:
3609         * svg/properties/SVGTransformListPropertyTearOff.h:
3610
3611 2016-07-15  Per Arne Vollan  <pvollan@apple.com>
3612
3613         Uninitialized variable in DIBPixelData can cause a dangerous memory write
3614         https://bugs.webkit.org/show_bug.cgi?id=159414
3615
3616         Reviewed by Brent Fulgham.
3617
3618         Initialize local BITMAP variable, in case the ::GetObject function that should initialize it
3619         fails to do so, because the bitmap handle is invalid.
3620
3621         Tests: Tools/TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp
3622
3623         * platform/graphics/win/DIBPixelData.cpp:
3624         (WebCore::DIBPixelData::initialize): Initialize local variable.
3625         (WebCore::DIBPixelData::setRGBABitmapAlpha): Return early if we have no bitmap.
3626         * platform/graphics/win/DIBPixelData.h: Link fix.
3627
3628 2016-07-14  Yoav Weiss  <yoav@yoav.ws>
3629
3630         Change CSSParser::sourceSize returning Optional<CSSParser::SourceSize>
3631         https://bugs.webkit.org/show_bug.cgi?id=159666
3632
3633         Reviewed by Michael Catanzaro.
3634
3635         Tests:
3636             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
3637
3638         * css/CSSGrammar.y.in: Avoid adding SourceSize to source_size_list when the value is a Nullopt.
3639         * css/CSSParser.cpp:
3640         (WebCore::CSSParser::sourceSize): Return a Nullopt when an invalid value is encountered.
3641         * css/CSSParser.h:
3642
3643 2016-07-14  Antonio Gomes  <tonikitoo@igalia.com>
3644
3645         [RTL Scrollbars] Frame scrollbars don't move to the right when text direction changes to RTL
3646         https://bugs.webkit.org/show_bug.cgi?id=158252
3647
3648         Reviewed by Myles C. Maxfield.
3649
3650         When the 'dir' attribute changes either on body or on the document
3651         element level, the associated FrameView does not trigger an update on
3652         the frame level vertical scrollbar.
3653
3654         Patch adds a 'hook' so that RenderBox::styleDidChange can call in
3655         order to get the document level scrollbar placed properly in the next
3656         layout.
3657
3658         Test: fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement.html
3659               fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2.html
3660               fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement.html
3661
3662         * page/FrameView.cpp:
3663         (WebCore::FrameView::topContentDirectionDidChange):
3664         * page/FrameView.h:
3665         * rendering/RenderBox.cpp:
3666         (WebCore::RenderBox::styleDidChange):
3667
3668 2016-07-14  Myles C. Maxfield  <mmaxfield@apple.com>
3669
3670         Support new emoji group candidates
3671         https://bugs.webkit.org/show_bug.cgi?id=159755
3672         <rdar://problem/27325521>
3673
3674         Reviewed by Dean Jackson.
3675
3676         There are a few code points which should be able to be joined (with ZWJ) to
3677         either U+2640 or U+2642 to change the gender of the emoji. These patterns
3678         should also work with an additional 0xFE0F variation selector. This patch
3679         adds these new patterns to our existing emoji group candidate infrastructure.
3680
3681         Tests: fast/text/emoji-gender-2-3.html
3682                fast/text/emoji-gender-2-4.html
3683                fast/text/emoji-gender-2-5.html
3684                fast/text/emoji-gender-2-6.html
3685                fast/text/emoji-gender-2-7.html
3686                fast/text/emoji-gender-2-8.html
3687                fast/text/emoji-gender-2-9.html
3688                fast/text/emoji-gender-2.html
3689                fast/text/emoji-gender-3.html
3690                fast/text/emoji-gender-4.html
3691                fast/text/emoji-gender-5.html
3692                fast/text/emoji-gender-6.html
3693                fast/text/emoji-gender-7.html
3694                fast/text/emoji-gender-8.html
3695                fast/text/emoji-gender-9.html
3696                fast/text/emoji-gender-fe0f-3.html
3697                fast/text/emoji-gender-fe0f-4.html
3698                fast/text/emoji-gender-fe0f-5.html
3699                fast/text/emoji-gender-fe0f-6.html
3700                fast/text/emoji-gender-fe0f-7.html
3701                fast/text/emoji-gender-fe0f-8.html
3702                fast/text/emoji-gender-fe0f-9.html
3703                fast/text/emoji-gender.html
3704                fast/text/emoji-num-glyphs.html
3705                fast/text/emoji-single-parent-family-2.html
3706                fast/text/emoji-single-parent-family.html
3707
3708         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
3709         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
3710         * platform/graphics/FontCascade.cpp:
3711         (WebCore::FontCascade::characterRangeCodePath):
3712         * platform/text/CharacterProperties.h:
3713         (WebCore::isEmojiGroupCandidate):
3714
3715 2016-07-14  Dean Jackson  <dino@apple.com>
3716
3717         CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::MediaQueryEvaluator::evaluate const
3718         https://bugs.webkit.org/show_bug.cgi?id=159799
3719         <rdar://problem/27346959>
3720
3721         Reviewed by Myles Maxfield.
3722
3723         Speculative fix for this crash, which seems to happen when asking for the Node's
3724         renderer(). From the incoming crash logs, it is triggered by mutations on
3725         a <picture> or <img> element, which would require choosing a new source,
3726         and causing some media queries to evaluate.
3727
3728         The only place in MediaQueryEvaluator that has anything to do with
3729         renderers is when gathering up some style information to pass to the
3730         actual evaluation function. I put a guard against a missing documentElement
3731         in there.
3732
3733         * css/MediaQueryEvaluator.cpp:
3734         (WebCore::MediaQueryEvaluator::evaluate): Make sure documentElement is not
3735         null.
3736
3737 2016-07-14  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
3738
3739         Update HTML*Element class override methods in final classes
3740         https://bugs.webkit.org/show_bug.cgi?id=159456
3741
3742         Reviewed by Youenn Fablet.
3743
3744         Update HTML*Element classes so that overriden methods in final classes are marked final.
3745         Also marked HTMLDivElement overriden methods as final since they are not overridden by derived classes.
3746
3747         * html/HTMLAppletElement.h:
3748         * html/HTMLAreaElement.h:
3749         * html/HTMLAttachmentElement.h:
3750         * html/HTMLAudioElement.h:
3751         * html/HTMLBRElement.h:
3752         * html/HTMLBaseElement.h:
3753         * html/HTMLBodyElement.h:
3754         * html/HTMLButtonElement.h:
3755         * html/HTMLCanvasElement.h:
3756         * html/HTMLDataElement.h:
3757         * html/HTMLDetailsElement.h:
3758         * html/HTMLDivElement.h:
3759         * html/HTMLEmbedElement.h:
3760         * html/HTMLFieldSetElement.h:
3761         * html/HTMLFontElement.h:
3762         * html/HTMLFormElement.h:
3763         * html/HTMLFrameSetElement.h:
3764         * html/HTMLHRElement.h:
3765         * html/HTMLHtmlElement.h:
3766         * html/HTMLKeygenElement.h:
3767         * html/HTMLLIElement.h:
3768         * html/HTMLLabelElement.h:
3769         * html/HTMLLegendElement.h:
3770         * html/HTMLLinkElement.h:
3771         * html/HTMLMapElement.h:
3772         * html/HTMLMarqueeElement.h:
3773         * html/HTMLMetaElement.h:
3774         * html/HTMLMeterElement.h:
3775         * html/HTMLModElement.h:
3776         * html/HTMLOListElement.h:
3777         * html/HTMLObjectElement.h:
3778         * html/HTMLOptGroupElement.h:
3779         * html/HTMLOptionElement.h:
3780         * html/HTMLOutputElement.h:
3781         * html/HTMLParagraphElement.h:
3782         * html/HTMLParamElement.h:
3783         * html/HTMLPreElement.h:
3784         * html/HTMLProgressElement.h:
3785         * html/HTMLQuoteElement.h:
3786         * html/HTMLScriptElement.h:
3787         * html/HTMLSourceElement.h:
3788         * html/HTMLStyleElement.h:
3789         * html/HTMLSummaryElement.h:
3790         * html/HTMLTableCaptionElement.h:
3791         * html/HTMLTableColElement.h:
3792         * html/HTMLTableElement.h:
3793         * html/HTMLTableSectionElement.h:
3794         * html/HTMLTemplateElement.h:
3795         * html/HTMLTextAreaElement.h:
3796         * html/HTMLTitleElement.h:
3797         * html/HTMLUListElement.h:
3798         * html/HTMLUnknownElement.h:
3799         * html/HTMLVideoElement.h:
3800         * html/HTMLWBRElement.h:
3801
3802 2016-07-14  Chris Dumez  <cdumez@apple.com>
3803
3804         Modernize GlyphMetricsMap
3805         https://bugs.webkit.org/show_bug.cgi?id=159788
3806
3807         Reviewed by Darin Adler.
3808
3809         Modernize GlyphMetricsMap a bit.
3810
3811         * platform/graphics/GlyphMetricsMap.h:
3812         - Drop WTF_MAKE_NONCOPYABLE as the class is already non-copyable due to having
3813           to having a std::unique_ptr data member.
3814         - Drop GlyphMetricsMap default constructor and let the compiler generate it
3815           instead. This required using inline initialization for m_filledPrimaryPage.
3816
3817         (WebCore::GlyphMetricsMap::GlyphMetricsPage::GlyphMetricsPage):
3818         - Make m_metrics data member private as it does not need to be public.
3819         - Make setMetricsForIndex(unsigned index, const T& metrics) setter private
3820           as it does not need to be public.
3821         - Make GlyphMetricsPage(const T& initialValue) constructor explicit as it
3822           takes only 1 parameter.
3823
3824         (WebCore::GlyphMetricsMap<T>::locatePageSlowCase):
3825         - Use HashMap::ensure() to make the code a bit nicer.
3826
3827 2016-07-14  Simon Fraser  <simon.fraser@apple.com>
3828
3829         [iOS WK2] When scrolling apple.com/music on iPad Pro in landscape, left-hand tiles appear first
3830         https://bugs.webkit.org/show_bug.cgi?id=159798
3831         rdar://problem/27362717
3832
3833         Reviewed by Tim Horton.
3834
3835         In out-of-visible tiled layers, we always allocated the top-left tile, wasting
3836         memory and causing ugliness when scrolling that layer into view. This happened
3837         because getTileIndexRangeForRect() had no way to express the fact that no tiles
3838         should be created.
3839
3840         Fix getTileIndexRangeForRect() to return a bool, and fix callers to respect the
3841         return value.
3842
3843         Test: compositing/tiling/offscreen-tiled-layer.html
3844
3845         * platform/graphics/ca/GraphicsLayerCA.cpp:
3846         (WebCore::GraphicsLayerCA::dumpAdditionalProperties):
3847         * platform/graphics/ca/TileGrid.cpp:
3848         (WebCore::TileGrid::setNeedsDisplayInRect):
3849         (WebCore::TileGrid::tilesWouldChangeForCoverageRect):
3850         (WebCore::TileGrid::getTileIndexRangeForRect):
3851         (WebCore::TileGrid::revalidateTiles):
3852         (WebCore::TileGrid::ensureTilesForRect):
3853         (WebCore::TileGrid::extent):
3854         * platform/graphics/ca/TileGrid.h:
3855
3856 2016-07-14  John Wilander  <wilander@apple.com>
3857
3858         Remove credentials in URL when accessed through location.href
3859         https://bugs.webkit.org/show_bug.cgi?id=139562
3860         <rdar://problem/27331164>
3861
3862         Reviewed by Brent Fulgham.
3863
3864         Test: http/tests/security/location-href-clears-username-password.html
3865
3866         The reason for this change is to not allow scripts on the page to
3867         exfiltrate username and password from the URL.
3868
3869         * page/Location.cpp:
3870         (WebCore::Location::href):
3871             Now checks if there is a username or password in the URL. If so,
3872             it copies the URL and removes the username and password.
3873
3874 2016-07-14  Javier Fernandez  <jfernandez@igalia.com>
3875
3876         [css-grid] Handle min-content/max-content with orthogonal flows
3877         https://bugs.webkit.org/show_bug.cgi?id=159294
3878
3879         Reviewed by Darin Adler.
3880
3881         Currently there is no support for orthogonal flows in many aspects of the
3882         Grid Layout logic.
3883
3884         The Grid sizing algorithm should be adapted to this scenario, hence this
3885         patch focus on the min-content and max-content functions, used to resolve
3886         content based track sizes.
3887
3888         There are still issues related to alignment and sizes using percentages,
3889         but they will be addressed in different patches.
3890
3891         Tests: fast/css-grid-layout/grid-item-positioning-with-orthogonal-flows.html
3892                fast/css-grid-layout/grid-item-sizing-with-orthogonal-flows.html
3893                fast/css-grid-layout/grid-item-spanning-and-orthogonal-flows.html
3894                fast/css-grid-layout/grid-track-sizing-with-orthogonal-flows.html
3895                fast/css-grid-layout/grid-track-sizing-with-percentages-and-orthogonal-flows.html
3896
3897         * rendering/RenderBox.cpp:
3898         (WebCore::RenderBox::computeLogicalWidthInRegion):
3899         * rendering/RenderGrid.cpp:
3900         (WebCore::RenderGrid::GridSizingData::advanceNextState):
3901         (WebCore::RenderGrid::GridSizingData::isValidTransitionForDirection):
3902         (WebCore::RenderGrid::computeTrackSizesForDirection):
3903         (WebCore::RenderGrid::repeatTracksSizingIfNeeded): Added.
3904         (WebCore::RenderGrid::layoutBlock):
3905         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
3906         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
3907         (WebCore::hasOverrideContainingBlockContentSizeForChild):
3908         (WebCore::overrideContainingBlockContentSizeForChild):
3909         (WebCore::setOverrideContainingBlockContentSizeForChild):
3910         (WebCore::shouldClearOverrideContainingBlockContentSizeForChild):
3911         (WebCore::RenderGrid::gridTrackSize):
3912         (WebCore::RenderGrid::isOrthogonalChild): Added.
3913         (WebCore::RenderGrid::logicalHeightForChild):
3914         (WebCore::RenderGrid::flowAwareDirectionForChild): Added.
3915         (WebCore::RenderGrid::minSizeForChild):
3916         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
3917         (WebCore::RenderGrid::minContentForChild):
3918         (WebCore::RenderGrid::maxContentForChild):
3919         (WebCore::RenderGrid::placeItemsOnGrid):
3920         (WebCore::RenderGrid::layoutPositionedObject):
3921         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
3922         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild): Added.
3923         (WebCore::RenderGrid::gridAreaBreadthForChild):
3924         (WebCore::RenderGrid::columnAxisPositionForChild):
3925         (WebCore::RenderGrid::rowAxisPositionForChild):
3926         (WebCore::RenderGrid::findChildLogicalPosition):
3927         * rendering/RenderGrid.h:
3928         (WebCore::RenderGrid::SizingOperation): This enum has been moved to the header file.
3929         (WebCore::RenderGrid::m_hasAnyOrthogonalChild): New class attribute to know if there are any orthogonal grid items.
3930         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
3931         (WebCore::RenderGrid::logicalHeightForChild):
3932         (WebCore::RenderGrid::gridAreaBreadthForChild):
3933         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):
3934
3935
3936
3937 2016-07-14  Chris Dumez  <cdumez@apple.com>
3938
3939         Use emptyString() instead of "" when possible
3940         https://bugs.webkit.org/show_bug.cgi?id=159789
3941
3942         Reviewed by Alex Christensen.
3943
3944         Use emptyString() instead of "" when possible to reduce String allocations.
3945
3946         * Modules/webdatabase/Database.cpp:
3947         (WebCore::Database::performOpenAndVerify):
3948         * css/CSSSelector.h:
3949         * css/StyleProperties.cpp:
3950         (WebCore::MutableStyleProperties::removeProperty):
3951         (WebCore::MutableStyleProperties::removeCustomProperty):
3952         * editing/TextCheckingHelper.cpp:
3953         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
3954         (WebCore::TextCheckingHelper::findFirstBadGrammar):
3955         * editing/TypingCommand.h:
3956         (WebCore::TypingCommand::create):
3957         * fileapi/FileReaderLoader.cpp:
3958         (WebCore::FileReaderLoader::cleanup):
3959         * inspector/InspectorStyleSheet.cpp:
3960         (WebCore::fillMediaListChain):
3961         * page/UserContentURLPattern.cpp:
3962         (WebCore::UserContentURLPattern::parse):
3963         * platform/graphics/MediaPlayer.cpp:
3964         (WebCore::MediaPlayer::load):
3965         * platform/gtk/DataObjectGtk.h:
3966         (WebCore::DataObjectGtk::clearURIList):
3967         * platform/network/curl/ResourceHandleCurl.cpp:
3968         (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
3969         * platform/network/curl/ResourceHandleManager.h:
3970         * rendering/RenderLayerCompositor.cpp:
3971         (WebCore::RenderLayerCompositor::layerTreeAsText):
3972         * rendering/RenderListMarker.cpp:
3973         (WebCore::RenderListMarker::updateContent):
3974         * rendering/style/RenderStyle.cpp:
3975         (WebCore::RenderStyle::noneDashboardRegions):
3976         * rendering/svg/SVGTextMetrics.cpp:
3977         (WebCore::SVGTextMetrics::SVGTextMetrics):
3978         * xml/XPathParser.cpp:
3979         (WebCore::XPath::Parser::lexString):
3980