Fix null handling of HTMLMediaElement.mediaGroup
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-20  Chris Dumez  <cdumez@apple.com>
2
3         Fix null handling of HTMLMediaElement.mediaGroup
4         https://bugs.webkit.org/show_bug.cgi?id=159974
5
6         Reviewed by Eric Carlson.
7
8         Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
9         - https://www.w3.org/TR/html5/embedded-content-0.html#media-elements
10
11         null is supposed to be treated as the String "null". This patch aligns
12         our behavior with the specification. I tested Firefox and Chrome but both
13         do not have this attribute on HTMLMediaElement.
14
15         Also remove support for [TreatNullAs=LegacyNullString] from our bindings
16         generator as HTMLMediaElement.mediaGroup was the last user.
17
18         No new tests, rebaselined existing test.
19
20         * bindings/scripts/CodeGeneratorJS.pm:
21         (JSValueToNative):
22         * bindings/scripts/IDLAttributes.txt:
23         * html/HTMLMediaElement.idl:
24
25 2016-07-20  Chris Dumez  <cdumez@apple.com>
26
27         CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
28         https://bugs.webkit.org/show_bug.cgi?id=159959
29
30         Reviewed by Alexey Proskuryakov.
31
32         CSSStyleDeclaration.setProperty() should be able to unsert "important"
33         on a property as per the latest specification:
34         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
35         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
36
37         Firefox and Chrome match the specification here but WebKit was ignoring calls
38         to setProperty() if there is already an "important" property wit this name
39         and if the new property does not have the "important" flag set.
40
41         This behavior was added a long time ago via Bug 60007. However, it does not
42         match the latest specification or other browsers.
43
44         Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html
45
46         * css/StyleProperties.cpp:
47         (WebCore::MutableStyleProperties::addParsedProperty):
48         Drop code that was added via Bug 60007 as this behavior no longer matches the
49         specification or other browsers. The layout test added in Bug 60007 fails in
50         other browsers and was updated in this patch to match the specification.
51
52 2016-07-20  Commit Queue  <commit-queue@webkit.org>
53
54         Unreviewed, rolling out r203423.
55         https://bugs.webkit.org/show_bug.cgi?id=159977
56
57         The test for this change is failing on Mac Release WK2
58         (Requested by ryanhaddad on #webkit).
59
60         Reverted changeset:
61
62         "HTMLVideoElement frames do not update on iOS when src is a
63         MediaStream blob"
64         https://bugs.webkit.org/show_bug.cgi?id=159833
65         http://trac.webkit.org/changeset/203423
66
67 2016-07-20  Chris Dumez  <cdumez@apple.com>
68
69         Fix null handling of HTMLSelectElement.value attribute
70         https://bugs.webkit.org/show_bug.cgi?id=159925
71
72         Reviewed by Benjamin Poulain.
73
74         Fix null handling of HTMLSelectElement.value attribute:
75         - https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement
76
77         We were treating null as the null String which would end up setting
78         selectedIndex to -1. However, we should treat null as the String "null"
79         which would set the selectedIndex to the index of the <option> element
80         whose value is "null".
81
82         Firefox and Chrome match the specification.
83
84         Test: fast/dom/HTMLSelectElement/value-null-handling.html
85
86         * html/HTMLSelectElement.cpp:
87         (WebCore::HTMLSelectElement::setValue):
88         * html/HTMLSelectElement.idl:
89
90 2016-07-20  Chris Dumez  <cdumez@apple.com>
91
92         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
93         https://bugs.webkit.org/show_bug.cgi?id=159962
94         <rdar://problem/21439264>
95
96         Reviewed by David Kilzer.
97
98         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
99         is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
100         call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
101         However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
102         other. It is therefore possible for a PostResolutionCallbackDisabler object to get
103         destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
104         ResourceLoadSuspender object is alive.
105
106         This leads to hard to investigate crashes where we end up re-entering WebKit and killing
107         the style resolver.
108
109         This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
110         There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
111         is better because it manages a resolutionNestingDepth counter internally to make sure
112         it only calls LoaderStrategy::resumePendingRequests() once all
113         PostResolutionCallbackDisabler instances are destroyed.
114
115         No new tests, there is no easy way to reproduce the crashes.
116
117         * dom/Document.cpp:
118         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
119         * loader/LoaderStrategy.cpp:
120         (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
121         (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
122         * loader/LoaderStrategy.h:
123
124 2016-07-19  Youenn Fablet  <youenn@apple.com>
125
126         [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
127         https://bugs.webkit.org/show_bug.cgi?id=159932
128
129         Reviewed by Alex Christensen.
130
131         Covered by existing tests.
132
133         Refactoring Headers initializeWith to use the new built-in internal that implements
134         https://fetch.spec.whatwg.org/#concept-headers-fill.
135
136         Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
137         Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.
138
139         * CMakeLists.txt: Adding FetchHeadersInternals.js
140         * DerivedSources.make: Ditto.
141         * Modules/fetch/FetchHeaders.js:
142         (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
143         * Modules/fetch/FetchInternals.js: Added.
144         (fillFetchHeaders):
145         * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
146         that the checks are done in the order defined by the spec.
147         (WebCore::FetchResponse::setStatus):
148         (WebCore::FetchResponse::initializeWith):
149         (WebCore::isNullBodyStatus): Deleted.
150         * Modules/fetch/FetchResponse.h:
151         * Modules/fetch/FetchResponse.idl:
152         * Modules/fetch/FetchResponse.js:
153         (initializeFetchResponse): New built-in internal.
154         * WebCore.xcodeproj/project.pbxproj:
155         * bindings/js/WebCoreBuiltinNames.h:
156
157 2016-07-19  Chris Dumez  <cdumez@apple.com>
158
159         Fix null handling of SVGScriptElement.type attribute
160         https://bugs.webkit.org/show_bug.cgi?id=159927
161
162         Reviewed by Benjamin Poulain.
163
164         Fix null handling of SVGScriptElement.type attribute:
165         - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement
166
167         We were treating null as the null String which would end up removing
168         the 'type' content attribute. However, we should treat null as the
169         String "null".
170
171         Firefox and Chrome match the specification.
172
173         No new tests, updated existing test.
174
175         * svg/SVGScriptElement.idl:
176
177 2016-07-19  Chris Dumez  <cdumez@apple.com>
178
179         Fix null handling of several HTMLDocument attributes
180         https://bugs.webkit.org/show_bug.cgi?id=159923
181
182         Reviewed by Benjamin Poulain.
183
184         Fix null handling of several HTMLDocument attributes:
185         - https://html.spec.whatwg.org/multipage/dom.html#document
186         - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial
187
188         In particular, null handling was incorrect in WebKit for 'dir',
189         'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.
190
191         Firefox and Chrome match the specification.
192
193         Test: fast/dom/HTMLDocument/null-handling.html
194
195         * html/HTMLDocument.idl:
196
197 2016-07-19  Chris Dumez  <cdumez@apple.com>
198
199         Document.createElementNS() / createAttributeNS() parameters should be mandatory
200         https://bugs.webkit.org/show_bug.cgi?id=159938
201
202         Reviewed by Benjamin Poulain.
203
204         Document.createElementNS() / createAttributeNS() parameters should be mandatory:
205         - https://dom.spec.whatwg.org/#document
206
207         They were optional in WebKit. However, Firefox and Chrome both match the
208         specification.
209
210         No new tests, rebaselined existing tests.
211
212         * dom/Document.idl:
213
214 2016-07-19  Benjamin Poulain  <bpoulain@apple.com>
215
216         Use getElementById for attribute matching if the attribute name is html's id
217         https://bugs.webkit.org/show_bug.cgi?id=159960
218
219         Reviewed by Chris Dumez.
220
221         Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
222         (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).
223
224         If we are not in quirks mode, IdForStyleResolution has the same value
225         as the Id attribute. We can use the same optimization for both cases.
226
227         Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
228                fast/selectors/id-attribute-querySelector-used-as-id-selector.html
229
230         * dom/SelectorQuery.cpp:
231         (WebCore::canBeUsedForIdFastPath):
232         (WebCore::findIdMatchingType):
233         (WebCore::SelectorDataList::SelectorDataList):
234         (WebCore::selectorForIdLookup):
235         (WebCore::filterRootById):
236
237 2016-07-19  Chris Dumez  <cdumez@apple.com>
238
239         Drop SVGElement.xmlbase attribute
240         https://bugs.webkit.org/show_bug.cgi?id=159926
241
242         Reviewed by Benjamin Poulain.
243
244         Drop SVGElement.xmlbase attribute as it is no longer part of the
245         specification:
246         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
247
248         Both Firefox and Chrome have already dropped support for
249         SVGElement.xmlbase.
250
251         Chrome's intent to remove:
252         https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ
253
254         Test: svg/dom/SVGElement-xmlbase.html
255
256         * svg/SVGElement.cpp:
257         (WebCore::SVGElement::removedFrom): Deleted.
258         * svg/SVGElement.h:
259         * svg/SVGElement.idl:
260
261 2016-07-19  Chris Dumez  <cdumez@apple.com>
262
263         Align CSSStyleDeclaration.setProperty() with the specification
264         https://bugs.webkit.org/show_bug.cgi?id=159955
265
266         Reviewed by Benjamin Poulain.
267
268         Align CSSStyleDeclaration.setProperty() with the specification:
269         - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface
270
271         In particular, the following changes were needed:
272         1. The 'value' parameter should not be optional
273         2. The 'priority' parameter should treat null as the empty string
274            rather than the string "null".
275         3. The 'priority' parameter's default value should be the empty string,
276            not the string "undefined".
277         4. CSSStyleDeclaration.setProperty() should return early if 'priority'
278            is not the empty string and is not an ASCII case-insensitive match
279            for the string "important".
280
281         Chrome matches the specification entirely.
282         Firefox matches the specification with the exception that it does a
283         case-sensitive match for "important".
284
285         Test: fast/css/CSSStyleDeclaration-setProperty.html
286
287         * css/CSSStyleDeclaration.idl:
288         * css/PropertySetCSSStyleDeclaration.cpp:
289         (WebCore::PropertySetCSSStyleDeclaration::setProperty):
290
291 2016-07-19  Daniel Bates  <dabates@apple.com>
292
293         CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
294         https://bugs.webkit.org/show_bug.cgi?id=159841
295         <rdar://problem/27381684>
296
297         Reviewed by Brent Fulgham.
298
299         Implement a first pass at sending multiple violation reports so as to more closely
300         conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
301         <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).
302
303         Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
304                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
305                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
306                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
307                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
308                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
309                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
310                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
311                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
312                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
313                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
314                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
315                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
316                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
317                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
318                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
319                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
320                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
321                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
322                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
323                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
324                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
325                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
326                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
327                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
328                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html
329
330         * page/csp/ContentSecurityPolicy.cpp:
331         (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
332         is allowed by all of the policies with the specified disposition.
333         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
334         all of the enforced policies.
335         (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
336         Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
337         so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
338         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
339         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
340         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
341         all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
342         nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
343         address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
344         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
345         (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
346         matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
347         report-only policies so that we only allow the resource for the former. As a side effect of this change
348         we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
349         for more details.
350         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
351         (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
352         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
353         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
354         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
355         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
356         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
357         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
358         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
359         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
360         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
361         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
362         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
363         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
364         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
365         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
366         * page/csp/ContentSecurityPolicy.h:
367         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.
368
369 2016-07-19  Chris Dumez  <cdumez@apple.com>
370
371         Fix null handling of HTMLScriptElement.text attribute
372         https://bugs.webkit.org/show_bug.cgi?id=159943
373
374         Reviewed by Benjamin Poulain.
375
376         Fix null handling of HTMLScriptElement.text attribute:
377         - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
378
379         We should treat null as the "null" String but we were treating it as
380         the empty string.
381
382         Firefox and Chrome match the specification.
383
384         No new tests, rebaselined existing test.
385
386         * html/HTMLScriptElement.idl:
387
388 2016-07-19  Chris Dumez  <cdumez@apple.com>
389
390         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
391         https://bugs.webkit.org/show_bug.cgi?id=159934
392
393         Reviewed by Benjamin Poulain.
394
395         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
396         non-standard and we want to drop support for it from the bindings generator.
397
398         Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
399         given that both a missing/empty attribute result in using the default
400         autocapitalization mode and that autocapitalize returns the empty string by
401         default.
402
403         Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html
404
405         * html/HTMLFormElement.idl:
406         * html/HTMLInputElement.idl:
407         * html/HTMLTextAreaElement.idl:
408
409 2016-07-19  Zalan Bujtas  <zalan@apple.com>
410
411         REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
412         https://bugs.webkit.org/show_bug.cgi?id=159952
413
414         Reviewed by Simon Fraser.
415
416         Update ASSERTs to reflect new functionality, that is, now we can end up in a state
417         where the container (RenderView) of one of the dirty subtrees is dirty.
418         See r203415.
419  
420         Covered by editing/pasteboard/drag-drop-input-in-svg.svg
421
422         * page/FrameView.cpp:
423         (WebCore::FrameView::scheduleRelayoutOfSubtree):
424
425 2016-07-19  Dean Jackson  <dino@apple.com>
426
427         REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
428         https://bugs.webkit.org/show_bug.cgi?id=159948
429         <rdar://problem/27391012>
430
431         Reviewed by Simon Fraser.
432
433         There is an iOS bug (<rdar://problem/27416744>) that is causing us
434         to not always get a color space on CGContextRefs. Investigation of this
435         exposed some optimizations we can take when we are creating ImageBuffers.
436         In particular, if we have a bitmap context or an IOSurfaceContext we
437         can simply copy their color space using API. Otherwise we stick with
438         the existing CGContextCopyDeviceColorSpace.
439
440         Lastly, if for some reason we are unable to copy the device color space,
441         we should fall back to sRGB.
442
443         * platform/graphics/cg/ImageBufferCG.cpp:
444         (WebCore::ImageBuffer::createCompatibleBuffer):
445         * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.
446
447
448 2016-07-19  George Ruan  <gruan@apple.com>
449
450         HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
451         https://bugs.webkit.org/show_bug.cgi?id=159833
452         <rdar://problem/27379487>
453
454         Reviewed by Eric Carlson.
455
456         Test: fast/mediastream/MediaStream-video-element-displays-buffer.html
457
458         * WebCore.xcodeproj/project.pbxproj:
459         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
460         of RefPtr<T>
461         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
462         MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
463         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
464         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
465         observers and AVSampleBufferDisplayLayer
466         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
467         is available.
468         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
469         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
470         for enqueuing sample buffers to the active video track.
471         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
472         exists.
473         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
474         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
475         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
476         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
477         new SampleBuffer is available.
478         (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
479         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
480         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
481         MediaPlayerPrivateMediaSourceAVFObjC.mm
482         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
483         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
484         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
485         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
486         * platform/mediastream/MediaStreamPrivate.cpp:
487         (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
488         * platform/mediastream/MediaStreamTrackPrivate.cpp:
489         (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
490         is available.
491         * platform/mediastream/MediaStreamTrackPrivate.h:
492         (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
493         a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
494         * platform/mediastream/RealtimeMediaSource.cpp:
495         (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
496         * platform/mediastream/RealtimeMediaSource.h:
497         * platform/mediastream/mac/AVVideoCaptureSource.mm:
498         (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.
499
500 2016-07-19  Anders Carlsson  <andersca@apple.com>
501
502         Get rid of a #define private public hack in WebCore
503         https://bugs.webkit.org/show_bug.cgi?id=159953
504
505         Reviewed by Dan Bernstein.
506
507         Use @package instead.
508
509         * bindings/objc/DOMInternal.h:
510         * bindings/objc/DOMObject.h:
511
512 2016-07-19  Andreas Kling  <akling@apple.com>
513
514         Fix SharedBuffer leak in MockContentFilter::replacementData().
515         <https://webkit.org/b/159945>
516
517         Reviewed by Andy Estes.
518
519         Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
520         Since this is in the mock filter, it only affected layout tests.
521
522         * testing/MockContentFilter.cpp:
523         (WebCore::MockContentFilter::replacementData):
524
525 2016-07-19  Zalan Bujtas  <zalan@apple.com>
526
527         theguardian.co.uk crossword puzzles are sometimes not displaying text
528         https://bugs.webkit.org/show_bug.cgi?id=159924
529         <rdar://problem/27409483>
530
531         Reviewed by Simon Fraser.
532
533         This patch fixes the case when
534         - 2 disjoint subtrees are dirty
535         - RenderView is also dirty.
536         and we end up not laying out one of the 2 subtrees.
537
538         In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
539         we already have a pending full layout which means that any previous subtree layouts have already been
540         converted to full layouts.
541         However this assumption is incorrect. RenderView can get dirty without checking if there's
542         already a pending subtree layout.
543         One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
544         so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
545         However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
546         The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
547         This patch implements the second option.
548
549         Test: fast/misc/subtree-layouts.html
550
551         * page/FrameView.cpp:
552         (WebCore::FrameView::scheduleRelayoutOfSubtree):
553
554 2016-07-19  Anders Carlsson  <andersca@apple.com>
555
556         Some payment authorization status values should keep the sheet active
557         https://bugs.webkit.org/show_bug.cgi?id=159936
558         rdar://problem/26756701
559
560         Reviewed by Tim Horton.
561
562         * Modules/applepay/ApplePaySession.cpp:
563         (WebCore::ApplePaySession::completePayment):
564         Keep the sheet active if the status isn't a final state status.
565
566         * Modules/applepay/PaymentAuthorizationStatus.h:
567         (WebCore::isFinalStateStatus):
568         Add a new helper function that returns whether a given payment authorization status is "final",
569         meaning that once that status has been passed to completePayment, the session is finished.
570
571 2016-07-19  Nan Wang  <n_wang@apple.com>
572
573         AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
574         https://bugs.webkit.org/show_bug.cgi?id=159910
575
576         Reviewed by Chris Fleizach.
577
578         We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
579         option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
580         fixed a word navigation issue based on that.
581
582         Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html
583
584         * accessibility/AXObjectCache.cpp:
585         (WebCore::AXObjectCache::traverseToOffsetInRange):
586         (WebCore::AXObjectCache::rangeForNodeContents):
587         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
588         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
589         (WebCore::AXObjectCache::rightWordRange):
590         (WebCore::AXObjectCache::previousBoundary):
591         * accessibility/AXObjectCache.h:
592         (WebCore::AXObjectCache::isNodeInUse):
593
594 2016-07-19  Youenn Fablet  <youenn@apple.com>
595
596         [Streams API] ReadableStreamController methods should throw if its stream is not readable
597         https://bugs.webkit.org/show_bug.cgi?id=159871
598
599         Reviewed by Xabier Rodriguez-Calvar.
600
601         Spec now mandates close and enqueue to throw if ReadableStream is not readable.
602         Covered by rebased and/or modified tests.
603
604         * Modules/streams/ReadableStreamController.js:
605         (enqueue): Throwing a TypeError if controlled stream is not readable.
606         (close): Ditto.
607
608 2016-07-19  Simon Fraser  <simon.fraser@apple.com>
609
610         Bubbles appear split for a brief moment in Messages
611         https://bugs.webkit.org/show_bug.cgi?id=159915
612         rdar://problem/27182267
613
614         Reviewed by David Hyatt.
615
616         RenderView::repaintRootContents() had a long-standing bug in WebView when the
617         view is scrolled. repaint() uses visualOverflowRect() but, for the 
618         RenderView, the visualOverflowRect() is the initial containing block
619         which is anchored at 0,0. When the view is scrolled it's clipped out and
620         calls to repaintRootContents() have no effect.
621         
622         Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
623         will clip it to the view if necessary.
624
625         Test: fast/repaint/scrolled-view-full-repaint.html
626
627         * rendering/RenderView.cpp:
628         (WebCore::RenderView::repaintRootContents):
629
630 2016-07-19  Dan Bernstein  <mitz@apple.com>
631
632         <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'
633
634         * bindings/js/JSDOMGlobalObject.cpp:
635         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.
636
637 2016-07-19  Youenn Fablet  <youenn@apple.com>
638
639         [Streams API] Make ReadableStream properties not enumerable
640         https://bugs.webkit.org/show_bug.cgi?id=159868
641
642         Reviewed by Darin Adler.
643
644         Covered by rebased tests.
645
646         Uopdating IDL definitions to mark all functions/attributes as not enumerable.
647         Updating IDL constructor definitions to correctly compute constructor length.
648         Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).
649
650         * Modules/streams/ReadableStream.idl:
651         * Modules/streams/ReadableStream.js:
652         * Modules/streams/ReadableStreamController.idl:
653         * Modules/streams/ReadableStreamReader.idl:
654
655 2016-07-19  Chris Dumez  <cdumez@apple.com>
656
657         form.enctype / encoding / method should treat null as "null" string
658         https://bugs.webkit.org/show_bug.cgi?id=159916
659
660         Reviewed by Ryosuke Niwa.
661
662         form.enctype / encoding / method should treat null as "null" string:
663         - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
664
665         Previously, WebKit would treat null as the null String, which would
666         end up removing the existing attribute.
667
668         Firefox and Chrome match the specification.
669
670         Test: fast/dom/HTMLFormElement/null-handling.html
671
672         * html/HTMLFormElement.h:
673         * html/HTMLFormElement.idl:
674
675 2016-07-18  Csaba Osztrogonác  <ossy@webkit.org>
676
677         All-in-one buildfix after r202439
678         https://bugs.webkit.org/show_bug.cgi?id=159877
679
680         Reviewed by Chris Dumez.
681
682         * Modules/webaudio/AudioDestinationNode.h:
683         (WebCore::AudioDestinationNode::resume):
684         (WebCore::AudioDestinationNode::suspend):
685         (WebCore::AudioDestinationNode::close):
686
687 2016-07-18  Frederic Wang  <fwang@igalia.com>
688
689         Move parsing of subscriptshift and superscriptshift from rendering to element classes
690         https://bugs.webkit.org/show_bug.cgi?id=159622
691
692         Reviewed by Darin Adler.
693
694         We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
695         mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
696         subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
697         attribute parsing to the DOM (bug 156536).
698
699         No new tests, rendering is unchanged.
700
701         * CMakeLists.txt: Add MathMLScriptsElement files.
702         * WebCore.xcodeproj/project.pbxproj: Ditto.
703         * mathml/MathMLAllInOne.cpp: Ditto.
704         * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
705         (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
706         * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
707         parsing for the subscriptshift and superscriptshift MathML lengths.
708         (WebCore::MathMLScriptsElement::MathMLScriptsElement):
709         (WebCore::MathMLScriptsElement::create):
710         (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
711         parsing the attribute again if necessary.
712         (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
713         (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
714         (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
715         * mathml/MathMLScriptsElement.h: Ditto.
716         * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
717         * rendering/mathml/RenderMathMLScripts.cpp:
718         (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
719         MathMLScriptsElement.
720         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
721         using the functions from the MathMLScriptsElement class.
722         * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
723
724 2016-07-18  Frederic Wang  <fwang@igalia.com>
725
726         Do not store gap and shift parameters on RenderMathMLFraction
727         https://bugs.webkit.org/show_bug.cgi?id=159876
728
729         Reviewed by Darin Adler.
730
731         After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
732         do not need to store them on the class. We remove them and split updateLayoutParameters into
733         three functions: one to update the linethickness and two others to retrieve the fraction and
734         stack respectively.
735
736         No new tests, rendering is unchanged.
737
738         * rendering/mathml/RenderMathMLFraction.cpp:
739         (WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
740         (WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
741         (WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
742         (WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
743         for fraction and stack parameters.
744         (WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
745         * rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
746         for stack and fraction parameters.
747
748 2016-07-18  Chris Dumez  <cdumez@apple.com>
749
750         input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
751         https://bugs.webkit.org/show_bug.cgi?id=159908
752
753         Reviewed by Alex Christensen.
754
755         input.formEnctype / formMethod and button.formEnctype / formMethod / type
756         should treat null as "null" String:
757         - https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
758         - https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement
759
760         In WebKit, we would treat null as a null String which would end up
761         removing the corresponding attribute. This does not match the
762         specification. Firefox and Chrome match the specification here.
763
764         Tests:
765         - fast/dom/HTMLButtonElement/null-handling.html
766         - fast/dom/HTMLInputElement/null-handling.html
767
768         * html/HTMLButtonElement.idl:
769         * html/HTMLInputElement.idl:
770
771 2016-07-18  Alex Christensen  <achristensen@webkit.org>
772
773         webbookmarksd needs to use the same AppCache directory as MobileSafari
774         https://bugs.webkit.org/show_bug.cgi?id=159912
775
776         Reviewed by Alexey Proskuryakov.
777
778         No new tests.  This only changes behavior for webbookmarksd.
779
780         * platform/RuntimeApplicationChecks.h:
781         * platform/RuntimeApplicationChecks.mm:
782         (WebCore::IOSApplication::isWebBookmarksD): Added.
783
784 2016-07-18  Chris Dumez  <cdumez@apple.com>
785
786         EventTarget.dispatchEvent() parameter should not be nullable
787         https://bugs.webkit.org/show_bug.cgi?id=159897
788
789         Reviewed by Benjamin Poulain.
790
791         EventTarget.dispatchEvent() parameter should not be nullable:
792         - https://dom.spec.whatwg.org/#interface-eventtarget
793
794         Even though the parameter was marked as nullable in our IDL, our
795         implementation does a null check and we already throw a TypeError
796         when calling dispatchEvent(null).
797
798         Update our IDL so that it matches the specification and so that
799         the null check is generated in the bindings instead.
800
801         No new tests, rebaseline existing tests.
802
803         * dom/EventTarget.cpp:
804         (WebCore::EventTarget::dispatchEventForBindings):
805         * dom/EventTarget.h:
806         * dom/EventTarget.idl:
807
808 2016-07-18  Chris Dumez  <cdumez@apple.com>
809
810         DocType's publicId / systemId should not be nullable
811         https://bugs.webkit.org/show_bug.cgi?id=159901
812
813         Reviewed by Benjamin Poulain.
814
815         DocType's publicId / systemId should not be nullable. While they were
816         not marked as nullable in our IDL, they could be stored as null Strings
817         in our implementation depending on how the Node was constructed. This
818         led to subtle bugs where String() != emptyString().
819
820         In particular, Node.isEqualNode() would return false when DocumentType
821         nodes would mismatch because of their publicId / systemId being null
822         instead of the emptyString.
823
824         Serialization would DocumentType nodes would also be wrong when
825         publicId / systemId were empty Strings instead of null strings. The
826         new behavior now matches:
827         - https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)
828
829         To address these issues, we now always store publicId / systemId as
830         non-null Strings inside the DocumentType class.
831
832         Test: fast/dom/DocumentType/isEqualNode.html
833
834         * dom/DocumentType.cpp:
835         (WebCore::DocumentType::DocumentType):
836         * editing/MarkupAccumulator.cpp:
837         (WebCore::MarkupAccumulator::appendDocumentType):
838
839 2016-07-18  Jeremy Jones  <jeremyj@apple.com>
840
841         If previous media session interruptions were prevented, still allow subsequent interruptions to try.
842         https://bugs.webkit.org/show_bug.cgi?id=157553
843         rdar://problem/25740804
844
845         Reviewed by Eric Carlson.
846
847         Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html
848
849         When suspending under lock on iOS, there is first a resign active event, then a
850         suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
851         suspend under lock to interrupt playback.
852
853         Currently if there are nested interruptions only the first one is acted upon.
854
855         This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
856         previous interruptions were ignored.
857
858         This test is for iPad only, so it must be run manually.
859
860         * html/HTMLMediaElement.cpp:
861         (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
862         * platform/audio/PlatformMediaSession.cpp:
863         (WebCore::PlatformMediaSession::beginInterruption):
864         * testing/Internals.cpp:
865         (WebCore::Internals::beginMediaSessionInterruption):
866
867 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
868
869         Don't associate form-associated elements with forms in other trees.
870         https://bugs.webkit.org/show_bug.cgi?id=119451
871         <rdar://problem/27382946>
872
873         Change is based on the Blink change (patch by <adamk@chromium.org>):
874         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
875
876         Reviewed by Chris Dumez.
877
878         Prevent elements from being associated with forms that are not part of the same home subtree.
879         This brings us in line with the WhatWG HTML specification as of September, 2013.
880
881         Tests: fast/forms/image-disconnected-during-parse.html
882                fast/forms/input-disconnected-during-parse.html
883
884         * dom/Element.h:
885         (WebCore::Node::rootElement): Added.
886         * html/FormAssociatedElement.cpp:
887         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
888         is not part of the same tree, remove the association.
889         * html/HTMLImageElement.cpp:
890         (WebCore::HTMLImageElement::insertedInto): Ditto.
891
892 2016-07-18  Anders Carlsson  <andersca@apple.com>
893
894         WebKit nightly fails to build on macOS Sierra
895         https://bugs.webkit.org/show_bug.cgi?id=159902
896         rdar://problem/27365672
897
898         Reviewed by Tim Horton.
899
900         * Modules/applepay/cocoa/PaymentCocoa.mm:
901         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
902         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
903         * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
904         Use new PassKitSPI header.
905
906         * WebCore.xcodeproj/project.pbxproj:
907         Add new PassKitSPI header.
908
909         * icu/unicode/ucurr.h: Added.
910         Add ucurr.h from ICU.
911
912         * platform/spi/cocoa/PassKitSPI.h: Added.
913         Add new PassKitSPI header.
914
915 2016-07-18  Dean Jackson  <dino@apple.com>
916
917         REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
918         https://bugs.webkit.org/show_bug.cgi?id=159906
919         <rdar://problem/27391725>
920
921         Reviewed by Simon Fraser.
922
923         The fix for webkit.org/b/157569 in r200769 broke AMP pages.
924         The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.
925
926         Revert them both until we have better testing.
927
928         * css/CSSParser.cpp:
929         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
930         (WebCore::CSSParser::parseValue):
931         (WebCore::CSSParser::parseAnimationShorthand):
932         (WebCore::CSSParser::parseTransitionShorthand): Deleted.
933         * css/CSSPropertyNames.in:
934         * css/PropertySetCSSStyleDeclaration.cpp:
935         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
936         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
937         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
938         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
939         * css/StyleProperties.cpp:
940         (WebCore::MutableStyleProperties::removeShorthandProperty):
941         (WebCore::MutableStyleProperties::removeProperty):
942         (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
943         (WebCore::MutableStyleProperties::setProperty):
944         (WebCore::getIndexInShorthandVectorForPrefixingVariant):
945         (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
946         (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
947         (WebCore::StyleProperties::asText): Deleted.
948         * css/StyleProperties.h:
949
950 2016-07-18  Andreas Kling  <akling@apple.com>
951
952         There should be a way to simulate memory pressure in layout tests
953         <https://webkit.org/b/159743>
954
955         Reviewed by Simon Fraser.
956
957         Add three window.internal APIs:
958
959             - boolean isUnderMemoryPressure (readonly attribute)
960             - void beginSimulatedMemoryPressure()
961             - void endSimulatedMemoryPressure()
962
963         These make it possible to write tests that exercise behaviors that only
964         occur during memory pressure situations.
965
966         I also implemented the "org.WebKit.lowMemory" notification handler using the new API.
967
968         Test: memory/memory-pressure-simulation.html
969
970         * platform/MemoryPressureHandler.cpp:
971         (WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
972         (WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):
973         * platform/MemoryPressureHandler.h:
974         (WebCore::MemoryPressureHandler::isUnderMemoryPressure):
975         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
976         (WebCore::MemoryPressureHandler::platformReleaseMemory):
977         (WebCore::MemoryPressureHandler::install):
978         * testing/Internals.cpp:
979         (WebCore::Internals::isUnderMemoryPressure):
980         (WebCore::Internals::beginSimulatedMemoryPressure):
981         (WebCore::Internals::endSimulatedMemoryPressure):
982         * testing/Internals.h:
983         * testing/Internals.idl:
984
985 2016-07-18  Said Abou-Hallawa  <sabouhallawa@apple,com>
986
987         [iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
988         https://bugs.webkit.org/show_bug.cgi?id=158715
989
990         Reviewed by Dean Jackson.
991
992         Test: fast/images/displaced-non-cached-pdf.html
993
994         For iOS, we need to ensure the size of the cached PDF images will not
995         exceed some limit. Also we should be caching only a sub image of the PDF
996         if caching the whole image will exceed the memory limit.
997
998         * page/Settings.cpp:
999         (WebCore::Settings::Settings):
1000         (WebCore::Settings::setCachedPDFImageEnabled):
1001         * page/Settings.h:
1002         (WebCore::Settings::isCachedPDFImageEnabled):
1003             Add an option to disable caching the PDF images.
1004
1005         * platform/graphics/cg/PDFDocumentImage.cpp:
1006         (WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
1007             Allow the caller of draw() to disable caching the PDF images.
1008         
1009         (WebCore::PDFDocumentImage::cacheParametersMatch):
1010             Match the context dirty rectangle with the cached image rectangle.
1011         
1012         (WebCore::transformContextForPainting):
1013             When preparing the context for drawing the PDF, take the location 
1014             of the destination rectangle into account. We do not need to scale
1015             the location of the source rectangle because we scale the size of
1016             the rectangle but we don't scale the whole coordinate system.
1017
1018         (WebCore::cachedImageRect):
1019             Calculate the rectangle of the cached image such that it does not
1020             exceed the limit. Start from the center of the dirty rectangle and
1021             then expand around it.
1022             
1023         (WebCore::PDFDocumentImage::decodedSizeChanged):
1024             In addition to notifying the ImageObserver, it keeps track of the size
1025             of all the cached PDF images.
1026
1027         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
1028             Ensure the size of all the cached images does not exceed the limit
1029             
1030         (WebCore::PDFDocumentImage::destroyDecodedData):
1031         * platform/graphics/cg/PDFDocumentImage.h:
1032
1033         * rendering/RenderImage.cpp:
1034         (WebCore::RenderImage::paintIntoRect):
1035             Pass the option to disable caching the PDF images to PDFDocumentImage.
1036
1037         * testing/InternalSettings.cpp:
1038         (WebCore::InternalSettings::Backup::Backup):
1039         (WebCore::InternalSettings::Backup::restoreTo):
1040         (WebCore::InternalSettings::setCachedPDFImageEnabled):
1041         * testing/InternalSettings.h:
1042         * testing/InternalSettings.idl:
1043             Add an internal option to disable caching the PDF images.
1044
1045 2016-07-18  Chris Dumez  <cdumez@apple.com>
1046
1047         The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
1048         https://bugs.webkit.org/show_bug.cgi?id=158008
1049
1050         Reviewed by Darin Adler.
1051
1052         The 2 first parameters to addEventListener() / removeEventListener() should be
1053         mandatory:
1054         - https://dom.spec.whatwg.org/#interface-eventtarget
1055
1056         Firefox 46 and Chrome 50 both match the specification and throw an exception when those
1057         parameters are omitted. However, those parameters were marked as optional in WebKit and
1058         the calls were no-ops if those parameters were omitted. This patch aligns our behavior
1059         with the specification and other browsers.
1060
1061         Test: fast/dom/eventtarget-api-parameters.html
1062
1063         * bindings/scripts/CodeGeneratorJS.pm:
1064         (GetFunctionLength): Deleted.
1065         * dom/EventTarget.idl:
1066
1067 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1068
1069         Unreviewed, rolling out r203373.
1070
1071         Unaddressed
1072
1073         Reverted changeset:
1074
1075         "Don't associate form-associated elements with forms in other
1076         trees."
1077         https://bugs.webkit.org/show_bug.cgi?id=119451
1078         http://trac.webkit.org/changeset/203373
1079
1080 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1081
1082         Don't associate form-associated elements with forms in other trees.
1083         https://bugs.webkit.org/show_bug.cgi?id=119451
1084         <rdar://problem/27382946>
1085
1086         Change is based on the Blink change (patch by <adamk@chromium.org>):
1087         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
1088
1089         Reviewed by Zalan Bujtas.
1090
1091         Prevent elements from being associated with forms that are not part of the same home subtree.
1092         This brings us in line with the WhatWG HTML specification as of September, 2013.
1093
1094         Tests: fast/forms/image-disconnected-during-parse.html
1095                fast/forms/input-disconnected-during-parse.html
1096
1097         * dom/NodeTraversal.h:
1098         (WebCore::NodeTraversal::highestAncestorOrSelf): Added.
1099         * html/FormAssociatedElement.cpp:
1100         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
1101         is not part of the same tree, remove the association.
1102         * html/HTMLImageElement.cpp:
1103         (WebCore::HTMLImageElement::insertedInto): Ditto.
1104
1105 2016-07-18  George Ruan  <gruan@apple.com>
1106
1107         Move MediaSampleAVFObjC into its own file
1108         https://bugs.webkit.org/show_bug.cgi?id=159796
1109         <rdar://problem/27362488>
1110
1111         In preparation for a feature that uses MediaSampleAVFObjC, but does
1112         not need SourceBufferPrivateAVFObjC, it is beneficial to move
1113         MediaSampleAVFObjC to its own file.
1114
1115         Reviewed by Eric Carlson.
1116
1117         * WebCore.xcodeproj/project.pbxproj:
1118         * platform/MediaSample.h: Allow setting trackID to associate
1119         MediaSample id with MediaStreamTrackPrivate id.
1120         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Added.
1121         * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm: Moved
1122         from MediaSampleAVFObjC
1123         (WebCore::MediaSampleAVFObjC::presentationTime):
1124         (WebCore::MediaSampleAVFObjC::decodeTime):
1125         (WebCore::MediaSampleAVFObjC::duration):
1126         (WebCore::MediaSampleAVFObjC::sizeInBytes):
1127         (WebCore::MediaSampleAVFObjC::platformSample):
1128         (WebCore::CMSampleBufferIsRandomAccess):
1129         (WebCore::MediaSampleAVFObjC::flags):
1130         (WebCore::MediaSampleAVFObjC::presentationSize):
1131         (WebCore::MediaSampleAVFObjC::dump):
1132         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy):
1133         (WebCore::MediaSampleAVFObjC::setTimestamps):
1134         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1135         Moved MediaSampleAVFObjC to its own file.
1136         (WebCore::MediaSampleAVFObjC::platformSample): Deleted.
1137         (WebCore::CMSampleBufferIsRandomAccess): Deleted.
1138         (WebCore::MediaSampleAVFObjC::flags): Deleted.
1139         (WebCore::MediaSampleAVFObjC::presentationSize): Deleted.
1140         (WebCore::MediaSampleAVFObjC::dump): Deleted.
1141         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Deleted.
1142         (WebCore::MediaSampleAVFObjC::setTimestamps): Deleted.
1143         * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
1144
1145 2016-07-18  Eric Carlson  <eric.carlson@apple.com>
1146
1147         [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
1148         https://bugs.webkit.org/show_bug.cgi?id=159812
1149         <rdar://problem/27371624>
1150
1151         Reviewed by Jon Lee.
1152
1153         No new tests, it isn't possible to test this with our current testing infrastructure.
1154
1155         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
1156         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1157         (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
1158         been an HDCP error.
1159         (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.
1160
1161 2016-07-18  Yoav Weiss  <yoav@yoav.ws>
1162
1163         Add preload to features.json
1164         https://bugs.webkit.org/show_bug.cgi?id=159872
1165
1166         Reviewed by Darin Adler.
1167
1168         No new tests but no functional change.
1169
1170         * features.json:
1171
1172 2016-07-18  Youenn Fablet  <youenn@apple.com>
1173
1174         [Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
1175         https://bugs.webkit.org/show_bug.cgi?id=159870
1176
1177         Reviewed by Xabier Rodriguez-Calvar.
1178
1179         Covered by rebased test.
1180
1181         * Modules/streams/StreamInternals.js:
1182         (validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.
1183
1184 2016-07-18  Csaba Osztrogonác  <ossy@webkit.org>
1185
1186         Windows buildfix after r203338
1187         https://bugs.webkit.org/show_bug.cgi?id=159875
1188
1189         Unreviewed buildfix.
1190
1191         * dom/UserGestureIndicator.h:
1192         (WebCore::UserGestureToken::addDestructionObserver):
1193
1194 2016-07-18  Carlos Garcia Campos  <cgarcia@igalia.com>
1195
1196         MemoryPressureHandler doesn't work if cgroups aren't present in Linux
1197         https://bugs.webkit.org/show_bug.cgi?id=155255
1198
1199         Reviewed by Sergio Villar Senin.
1200
1201         Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
1202         available.
1203
1204         * platform/MemoryPressureHandler.h:
1205         * platform/linux/MemoryPressureHandlerLinux.cpp:
1206
1207 2016-07-17  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1208
1209         Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
1210         https://bugs.webkit.org/show_bug.cgi?id=159701
1211
1212         Reviewed by Alex Christensen.
1213
1214         No new tests, no behavior changes.
1215
1216         * Modules/encryptedmedia/CDM.h:
1217         * Modules/encryptedmedia/MediaKeySession.h:
1218         * Modules/encryptedmedia/MediaKeys.h:
1219         * Modules/quota/DOMWindowQuota.cpp:
1220         * Modules/quota/StorageErrorCallback.cpp:
1221         (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
1222         * Modules/quota/StorageErrorCallback.h:
1223         * Modules/quota/StorageInfo.h:
1224         * Modules/quota/StorageQuota.h:
1225         * Modules/speech/DOMWindowSpeechSynthesis.cpp:
1226         * Modules/speech/SpeechSynthesis.cpp:
1227         (WebCore::SpeechSynthesis::getVoices):
1228         (WebCore::SpeechSynthesis::startSpeakingImmediately):
1229         (WebCore::SpeechSynthesis::speak):
1230         (WebCore::SpeechSynthesis::cancel):
1231         (WebCore::SpeechSynthesis::handleSpeakingCompleted):
1232         (WebCore::SpeechSynthesis::boundaryEventOccurred):
1233         (WebCore::SpeechSynthesis::didStartSpeaking):
1234         (WebCore::SpeechSynthesis::didPauseSpeaking):
1235         (WebCore::SpeechSynthesis::didResumeSpeaking):
1236         (WebCore::SpeechSynthesis::didFinishSpeaking):
1237         (WebCore::SpeechSynthesis::speakingErrorOccurred):
1238         * Modules/speech/SpeechSynthesis.h:
1239         * Modules/speech/SpeechSynthesisEvent.h:
1240         * Modules/speech/SpeechSynthesisUtterance.h:
1241         * Modules/speech/SpeechSynthesisVoice.cpp:
1242         (WebCore::SpeechSynthesisVoice::create):
1243         (WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):
1244         * Modules/speech/SpeechSynthesisVoice.h:
1245         * platform/PlatformSpeechSynthesizer.h:
1246         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
1247         (WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):
1248         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
1249         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
1250         (WebCore::PlatformSpeechSynthesizerMock::speak):
1251         (WebCore::PlatformSpeechSynthesizerMock::cancel):
1252         (WebCore::PlatformSpeechSynthesizerMock::pause):
1253         (WebCore::PlatformSpeechSynthesizerMock::resume):
1254
1255 2016-07-16  Sam Weinig  <sam@webkit.org>
1256
1257         [WebKit API] Add SPI to track multiple navigations caused by a single user gesture
1258         <rdar://problem/26554137>
1259         https://bugs.webkit.org/show_bug.cgi?id=159856
1260
1261         Reviewed by Dan Bernstein.
1262
1263         - Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
1264         - Makes UserGestureIndicator track UserGestureToken.
1265         - Refines UserGestureIndicator's interface to use Optional and a smaller enum set
1266           to represent the different initial states.
1267         - Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, 
1268           postMessage, and ScheduledNavigation) rather than just a boolean.
1269
1270         * accessibility/AccessibilityNodeObject.cpp:
1271         (WebCore::AccessibilityNodeObject::increment):
1272         (WebCore::AccessibilityNodeObject::decrement):
1273         * accessibility/AccessibilityObject.cpp:
1274         (WebCore::AccessibilityObject::press):
1275         * bindings/js/ScriptController.cpp:
1276         (WebCore::ScriptController::executeScriptInWorld):
1277         (WebCore::ScriptController::executeScript):
1278         Update for new UserGestureIndicator interface.
1279
1280         * dom/UserGestureIndicator.cpp:
1281         (WebCore::currentToken):
1282         (WebCore::UserGestureToken::~UserGestureToken):
1283         (WebCore::UserGestureIndicator::UserGestureIndicator):
1284         (WebCore::UserGestureIndicator::~UserGestureIndicator):
1285         (WebCore::UserGestureIndicator::currentUserGesture):
1286         (WebCore::UserGestureIndicator::processingUserGesture):
1287         (WebCore::UserGestureIndicator::processingUserGestureForMedia):
1288         (WebCore::isDefinite): Deleted.
1289         * dom/UserGestureIndicator.h:
1290         (WebCore::UserGestureToken::create):
1291         (WebCore::UserGestureToken::state):
1292         (WebCore::UserGestureToken::processingUserGesture):
1293         (WebCore::UserGestureToken::processingUserGestureForMedia):
1294         (WebCore::UserGestureToken::addDestructionObserver):
1295         (WebCore::UserGestureToken::UserGestureToken):
1296         Add UserGestureToken and track the current one explicitly.
1297
1298         * html/HTMLMediaElement.cpp:
1299         (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
1300         * inspector/InspectorFrontendClientLocal.cpp:
1301         (WebCore::InspectorFrontendClientLocal::openInNewTab):
1302         * inspector/InspectorFrontendHost.cpp:
1303         * inspector/InspectorPageAgent.cpp:
1304         (WebCore::InspectorPageAgent::navigate):
1305         Update for new UserGestureIndicator interface.
1306
1307         * loader/NavigationAction.cpp:
1308         (WebCore::NavigationAction::NavigationAction):
1309         * loader/NavigationAction.h:
1310         (WebCore::NavigationAction::userGestureToken):
1311         (WebCore::NavigationAction::processingUserGesture):
1312         * loader/NavigationScheduler.cpp:
1313         (WebCore::ScheduledNavigation::ScheduledNavigation):
1314         (WebCore::ScheduledNavigation::~ScheduledNavigation):
1315         (WebCore::ScheduledNavigation::lockBackForwardList):
1316         (WebCore::ScheduledNavigation::wasDuringLoad):
1317         (WebCore::ScheduledNavigation::isLocationChange):
1318         (WebCore::ScheduledNavigation::userGestureToForward):
1319         (WebCore::ScheduledNavigation::clearUserGesture):
1320         (WebCore::NavigationScheduler::mustLockBackForwardList):
1321         (WebCore::NavigationScheduler::scheduleFormSubmission):
1322         (WebCore::ScheduledNavigation::wasUserGesture): Deleted.
1323         * page/DOMTimer.cpp:
1324         (WebCore::shouldForwardUserGesture):
1325         (WebCore::userGestureTokenToForward):
1326         (WebCore::DOMTimer::DOMTimer):
1327         (WebCore::DOMTimer::fired):
1328         * page/DOMTimer.h:
1329         * page/DOMWindow.cpp:
1330         (WebCore::PostMessageTimer::PostMessageTimer):
1331         Store the active UserGestureToken rather than just a bit.
1332
1333         * page/EventHandler.cpp:
1334         (WebCore::EventHandler::handleMousePressEvent):
1335         (WebCore::EventHandler::handleMouseDoubleClickEvent):
1336         (WebCore::EventHandler::handleMouseReleaseEvent):
1337         (WebCore::EventHandler::keyEvent):
1338         (WebCore::EventHandler::handleTouchEvent):
1339         * rendering/HitTestResult.cpp:
1340         (WebCore::HitTestResult::toggleMediaFullscreenState):
1341         (WebCore::HitTestResult::enterFullscreenForVideo):
1342         (WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
1343         Update for new UserGestureIndicator interface.
1344
1345 2016-07-17  Ryosuke Niwa  <rniwa@webkit.org>
1346
1347         Rename fastHasAttribute to hasAttributeWithoutSynchronization
1348         https://bugs.webkit.org/show_bug.cgi?id=159864
1349
1350         Reviewed by Chris Dumez.
1351
1352         Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.
1353
1354         * accessibility/AccessibilityListBoxOption.cpp:
1355         (WebCore::AccessibilityListBoxOption::isEnabled):
1356         * accessibility/AccessibilityObject.cpp:
1357         (WebCore::AccessibilityObject::hasAttribute):
1358         (WebCore::AccessibilityObject::getAttribute):
1359         * accessibility/AccessibilityRenderObject.cpp:
1360         (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
1361         * bindings/scripts/CodeGenerator.pm:
1362         (GetterExpression):
1363         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
1364         * bindings/scripts/test/JS/JSTestObj.cpp:
1365         (WebCore::jsTestObjReflectedBooleanAttr):
1366         (WebCore::jsTestObjReflectedCustomBooleanAttr):
1367         * bindings/scripts/test/ObjC/DOMTestObj.mm:
1368         (-[DOMTestObj reflectedBooleanAttr]):
1369         (-[DOMTestObj setReflectedBooleanAttr:]):
1370         (-[DOMTestObj reflectedCustomBooleanAttr]):
1371         (-[DOMTestObj setReflectedCustomBooleanAttr:]):
1372         * dom/Document.cpp:
1373         (WebCore::Document::hasManifest):
1374         (WebCore::Document::doctype):
1375         * dom/Element.h:
1376         (WebCore::Node::parentElement):
1377         (WebCore::Element::hasAttributeWithoutSynchronization):
1378         (WebCore::Element::fastHasAttribute): Deleted.
1379         * editing/ApplyStyleCommand.cpp:
1380         (WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):
1381         * editing/DeleteSelectionCommand.cpp:
1382         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
1383         * editing/markup.cpp:
1384         (WebCore::createMarkupInternal):
1385         * html/ColorInputType.cpp:
1386         (WebCore::ColorInputType::shouldShowSuggestions):
1387         * html/FileInputType.cpp:
1388         (WebCore::FileInputType::handleDOMActivateEvent):
1389         (WebCore::FileInputType::receiveDroppedFiles):
1390         * html/FormAssociatedElement.cpp:
1391         (WebCore::FormAssociatedElement::didMoveToNewDocument):
1392         (WebCore::FormAssociatedElement::insertedInto):
1393         (WebCore::FormAssociatedElement::removedFrom):
1394         (WebCore::FormAssociatedElement::formAttributeChanged):
1395         * html/FormController.cpp:
1396         (WebCore::ownerFormForState):
1397         * html/GenericCachedHTMLCollection.cpp:
1398         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
1399         * html/HTMLAnchorElement.cpp:
1400         (WebCore::HTMLAnchorElement::draggable):
1401         (WebCore::HTMLAnchorElement::href):
1402         (WebCore::HTMLAnchorElement::sendPings):
1403         * html/HTMLAppletElement.cpp:
1404         (WebCore::HTMLAppletElement::rendererIsNeeded):
1405         * html/HTMLElement.cpp:
1406         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
1407         (WebCore::elementAffectsDirectionality):
1408         (WebCore::setHasDirAutoFlagRecursively):
1409         * html/HTMLEmbedElement.cpp:
1410         (WebCore::HTMLEmbedElement::rendererIsNeeded):
1411         * html/HTMLFieldSetElement.cpp:
1412         (WebCore::updateFromControlElementsAncestorDisabledStateUnder):
1413         (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
1414         (WebCore::HTMLFieldSetElement::disabledStateChanged):
1415         (WebCore::HTMLFieldSetElement::childrenChanged):
1416         * html/HTMLFormControlElement.cpp:
1417         (WebCore::HTMLFormControlElement::formNoValidate):
1418         (WebCore::HTMLFormControlElement::formAction):
1419         (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
1420         (WebCore::shouldAutofocus):
1421         * html/HTMLFormElement.cpp:
1422         (WebCore::HTMLFormElement::formElementIndex):
1423         (WebCore::HTMLFormElement::noValidate):
1424         * html/HTMLFrameElement.cpp:
1425         (WebCore::HTMLFrameElement::noResize):
1426         (WebCore::HTMLFrameElement::didAttachRenderers):
1427         * html/HTMLFrameElementBase.cpp:
1428         (WebCore::HTMLFrameElementBase::parseAttribute):
1429         (WebCore::HTMLFrameElementBase::location):
1430         * html/HTMLHRElement.cpp:
1431         (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
1432         * html/HTMLImageElement.cpp:
1433         (WebCore::HTMLImageElement::isServerMap):
1434         * html/HTMLInputElement.cpp:
1435         (WebCore::HTMLInputElement::finishParsingChildren):
1436         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
1437         (WebCore::HTMLInputElement::isActivatedSubmit):
1438         (WebCore::HTMLInputElement::reset):
1439         (WebCore::HTMLInputElement::multiple):
1440         (WebCore::HTMLInputElement::setSize):
1441         (WebCore::HTMLInputElement::shouldUseMediaCapture):
1442         * html/HTMLMarqueeElement.cpp:
1443         (WebCore::HTMLMarqueeElement::minimumDelay):
1444         * html/HTMLMediaElement.cpp:
1445         (WebCore::HTMLMediaElement::insertedInto):
1446         (WebCore::HTMLMediaElement::selectMediaResource):
1447         (WebCore::HTMLMediaElement::loadResource):
1448         (WebCore::HTMLMediaElement::autoplay):
1449         (WebCore::HTMLMediaElement::preload):
1450         (WebCore::HTMLMediaElement::loop):
1451         (WebCore::HTMLMediaElement::setLoop):
1452         (WebCore::HTMLMediaElement::controls):
1453         (WebCore::HTMLMediaElement::setControls):
1454         (WebCore::HTMLMediaElement::muted):
1455         (WebCore::HTMLMediaElement::setMuted):
1456         (WebCore::HTMLMediaElement::selectNextSourceChild):
1457         (WebCore::HTMLMediaElement::sourceWasAdded):
1458         (WebCore::HTMLMediaElement::mediaSessionTitle):
1459         * html/HTMLObjectElement.cpp:
1460         (WebCore::HTMLObjectElement::parseAttribute):
1461         * html/HTMLOptGroupElement.cpp:
1462         (WebCore::HTMLOptGroupElement::isDisabledFormControl):
1463         (WebCore::HTMLOptGroupElement::isFocusable):
1464         * html/HTMLOptionElement.cpp:
1465         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
1466         (WebCore::HTMLOptionElement::text):
1467         * html/HTMLProgressElement.cpp:
1468         (WebCore::HTMLProgressElement::isDeterminate):
1469         (WebCore::HTMLProgressElement::didElementStateChange):
1470         * html/HTMLScriptElement.cpp:
1471         (WebCore::HTMLScriptElement::async):
1472         (WebCore::HTMLScriptElement::setCrossOrigin):
1473         (WebCore::HTMLScriptElement::asyncAttributeValue):
1474         (WebCore::HTMLScriptElement::deferAttributeValue):
1475         (WebCore::HTMLScriptElement::hasSourceAttribute):
1476         (WebCore::HTMLScriptElement::dispatchLoadEvent):
1477         * html/HTMLSelectElement.cpp:
1478         (WebCore::HTMLSelectElement::reset):
1479         * html/HTMLTrackElement.cpp:
1480         (WebCore::HTMLTrackElement::isDefault):
1481         (WebCore::HTMLTrackElement::ensureTrack):
1482         (WebCore::HTMLTrackElement::loadTimerFired):
1483         * html/MediaElementSession.cpp:
1484         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
1485         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
1486         (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading):
1487         * html/SearchInputType.cpp:
1488         (WebCore::SearchInputType::searchEventsShouldBeDispatched):
1489         (WebCore::SearchInputType::didSetValueByUserEdit):
1490         * inspector/InspectorDOMAgent.cpp:
1491         (WebCore::InspectorDOMAgent::buildObjectForNode):
1492         * loader/FrameLoader.cpp:
1493         (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
1494         (WebCore::FrameLoader::findFrameForNavigation):
1495         * loader/ImageLoader.cpp:
1496         (WebCore::ImageLoader::notifyFinished):
1497         * mathml/MathMLSelectElement.cpp:
1498         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
1499         * rendering/RenderTableCell.cpp:
1500         (WebCore::RenderTableCell::computePreferredLogicalWidths):
1501         * rendering/RenderThemeIOS.mm:
1502         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
1503         * rendering/SimpleLineLayout.cpp:
1504         (WebCore::SimpleLineLayout::canUseForWithReason):
1505         * rendering/svg/RenderSVGResourceClipper.cpp:
1506         (WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):
1507         * svg/SVGAnimateMotionElement.cpp:
1508         (WebCore::SVGAnimateMotionElement::updateAnimationPath):
1509         * svg/SVGAnimationElement.cpp:
1510         (WebCore::SVGAnimationElement::startedActiveInterval):
1511         (WebCore::SVGAnimationElement::updateAnimation):
1512         * svg/animation/SVGSMILElement.cpp:
1513         (WebCore::SVGSMILElement::insertedInto):
1514
1515 2016-07-17  Brady Eidson  <beidson@apple.com>
1516
1517         Exceptions logged to the JS console should use toString().
1518         https://bugs.webkit.org/show_bug.cgi?id=159855
1519
1520         Reviewed by Darin Adler.
1521
1522         No new tests (No change in behavior).
1523
1524         * bindings/js/JSDOMBinding.cpp:
1525         (WebCore::reportException):
1526
1527         * dom/DOMCoreException.h:
1528         (WebCore::DOMCoreException::DOMCoreException):
1529
1530         * dom/ExceptionBase.cpp:
1531         (WebCore::ExceptionBase::ExceptionBase):
1532         (WebCore::ExceptionBase::toString):
1533         (WebCore::ExceptionBase::consoleErrorMessage): Deleted.
1534         * dom/ExceptionBase.h:
1535         (WebCore::ExceptionBase::description): Deleted.
1536
1537         * svg/SVGException.h:
1538
1539         * xml/XPathException.h:
1540         (WebCore::XPathException::XPathException):
1541
1542 2016-07-17  Brady Eidson  <beidson@apple.com>
1543
1544         Update DOMCoreException to use the description in toString().
1545         https://bugs.webkit.org/show_bug.cgi?id=159857
1546
1547         Reviewed by Darin Adler.
1548
1549         No new tests (Covered by changes to existing tests).
1550
1551         * bindings/js/JSDOMBinding.cpp:
1552         (WebCore::createDOMException):
1553
1554         * dom/DOMCoreException.h:
1555         (WebCore::DOMCoreException::DOMCoreException):
1556         (WebCore::DOMCoreException::createWithDescriptionAsMessage): Deleted.
1557
1558 2016-07-17  Myles C. Maxfield  <mmaxfield@apple.com>
1559
1560         Support new emoji group candidates
1561         https://bugs.webkit.org/show_bug.cgi?id=159755
1562         <rdar://problem/27325521>
1563
1564         Reviewed by Dean Jackson.
1565
1566         There are a few code points which should be able to be joined (with ZWJ) to
1567         either U+2640 or U+2642 to change the gender of the emoji. These patterns
1568         should also work with an additional 0xFE0F variation selector. This patch
1569         adds these new patterns to our existing emoji group candidate infrastructure.
1570
1571         Tests: fast/text/emoji-gender-2-3.html
1572                fast/text/emoji-gender-2-4.html
1573                fast/text/emoji-gender-2-5.html
1574                fast/text/emoji-gender-2-6.html
1575                fast/text/emoji-gender-2-7.html
1576                fast/text/emoji-gender-2-8.html
1577                fast/text/emoji-gender-2-9.html
1578                fast/text/emoji-gender-2.html
1579                fast/text/emoji-gender-3.html
1580                fast/text/emoji-gender-4.html
1581                fast/text/emoji-gender-5.html
1582                fast/text/emoji-gender-6.html
1583                fast/text/emoji-gender-7.html
1584                fast/text/emoji-gender-8.html
1585                fast/text/emoji-gender-9.html
1586                fast/text/emoji-gender-fe0f-3.html
1587                fast/text/emoji-gender-fe0f-4.html
1588                fast/text/emoji-gender-fe0f-5.html
1589                fast/text/emoji-gender-fe0f-6.html
1590                fast/text/emoji-gender-fe0f-7.html
1591                fast/text/emoji-gender-fe0f-8.html
1592                fast/text/emoji-gender-fe0f-9.html
1593                fast/text/emoji-gender.html
1594                fast/text/emoji-num-glyphs.html
1595                fast/text/emoji-single-parent-family-2.html
1596                fast/text/emoji-single-parent-family.html
1597
1598         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
1599         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
1600         * platform/graphics/FontCascade.cpp:
1601         (WebCore::FontCascade::characterRangeCodePath):
1602         * platform/text/CharacterProperties.h:
1603         (WebCore::isEmojiGroupCandidate):
1604
1605 2016-07-16  Brady Eidson  <beidson@apple.com>
1606
1607         Update SVGException to use the description in toString().
1608         https://bugs.webkit.org/show_bug.cgi?id=159847
1609
1610         Reviewed by Darin Adler.
1611
1612         No new tests (Covered by changes to existing tests).
1613
1614         * bindings/js/JSDOMBinding.cpp:
1615         (WebCore::reportException): use consoleErrorMessage for now.
1616
1617         * dom/ExceptionBase.cpp:
1618         (WebCore::ExceptionBase::consoleErrorMessage):
1619         * dom/ExceptionBase.h:
1620
1621         * svg/SVGException.h:
1622
1623 2016-07-16  Chris Dumez  <cdumez@apple.com>
1624
1625         Use fastHasAttribute() when possible
1626         https://bugs.webkit.org/show_bug.cgi?id=159838
1627
1628         Reviewed by Ryosuke Niwa.
1629
1630         Use fastHasAttribute() when possible, for performance.
1631
1632         * editing/DeleteSelectionCommand.cpp:
1633         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
1634         * editing/markup.cpp:
1635         (WebCore::createMarkupInternal):
1636         * html/HTMLAnchorElement.cpp:
1637         (WebCore::HTMLAnchorElement::draggable):
1638         * html/HTMLFrameElementBase.cpp:
1639         (WebCore::HTMLFrameElementBase::parseAttribute):
1640         * mathml/MathMLSelectElement.cpp:
1641         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
1642         * rendering/RenderThemeIOS.mm:
1643         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
1644
1645 2016-07-16  Ryosuke Niwa  <rniwa@webkit.org>
1646
1647         Rename fastGetAttribute to attributeWithoutSynchronization
1648         https://bugs.webkit.org/show_bug.cgi?id=159852
1649
1650         Reviewed by Darin Adler.
1651
1652         Renamed fastGetAttribute to attributeWithoutSynchronization for clarity.
1653
1654         * accessibility/AXObjectCache.cpp:
1655         (WebCore::AXObjectCache::findAriaModalNodes):
1656         (WebCore::nodeHasRole):
1657         (WebCore::AXObjectCache::handleLiveRegionCreated):
1658         (WebCore::AXObjectCache::handleMenuItemSelected):
1659         (WebCore::AXObjectCache::handleAriaModalChange):
1660         (WebCore::isNodeAriaVisible):
1661         * accessibility/AccessibilityNodeObject.cpp:
1662         (WebCore::siblingWithAriaRole):
1663         (WebCore::AccessibilityNodeObject::titleElementText):
1664         (WebCore::AccessibilityNodeObject::alternativeTextForWebArea):
1665         (WebCore::AccessibilityNodeObject::hierarchicalLevel):
1666         (WebCore::AccessibilityNodeObject::stringValue):
1667         (WebCore::accessibleNameForNode):
1668         * accessibility/AccessibilityObject.cpp:
1669         (WebCore::AccessibilityObject::contentEditableAttributeIsEnabled):
1670         (WebCore::AccessibilityObject::getAttribute):
1671         * accessibility/AccessibilityRenderObject.cpp:
1672         (WebCore::AccessibilityRenderObject::stringValue):
1673         (WebCore::AccessibilityRenderObject::exposesTitleUIElement):
1674         * accessibility/AccessibilitySVGElement.cpp:
1675         (WebCore::AccessibilitySVGElement::childElementWithMatchingLanguage):
1676         (WebCore::AccessibilitySVGElement::accessibilityDescription):
1677         * bindings/objc/DOM.mm:
1678         (-[DOMHTMLLinkElement _mediaQueryMatches]):
1679         * bindings/scripts/CodeGenerator.pm:
1680         (GetterExpression):
1681         * bindings/scripts/CodeGeneratorObjC.pm:
1682         (GenerateImplementation):
1683         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
1684         * bindings/scripts/test/JS/JSTestObj.cpp:
1685         (WebCore::jsTestObjReflectedStringAttr):
1686         * dom/AuthorStyleSheets.cpp:
1687         (WebCore::AuthorStyleSheets::collectActiveStyleSheets):
1688         * dom/Document.cpp:
1689         (WebCore::Document::buildAccessKeyMap):
1690         (WebCore::Document::processBaseElement):
1691         * dom/DocumentOrderedMap.cpp:
1692         (WebCore::DocumentOrderedMap::getElementByLabelForAttribute):
1693         * dom/Element.cpp:
1694         (WebCore::Element::imageSourceURL):
1695         (WebCore::Element::rendererIsNeeded):
1696         (WebCore::Element::insertedInto):
1697         (WebCore::Element::removedFrom):
1698         (WebCore::Element::pseudo):
1699         (WebCore::Element::setPseudo):
1700         (WebCore::Element::spellcheckAttributeState):
1701         (WebCore::Element::canContainRangeEndPoint):
1702         (WebCore::Element::completeURLsInAttributeValue):
1703         * dom/Element.h:
1704         (WebCore::Element::fastHasAttribute):
1705         (WebCore::Element::attributeWithoutSynchronization):
1706         (WebCore::Element::fastGetAttribute): Deleted.
1707         * dom/InlineStyleSheetOwner.cpp:
1708         (WebCore::InlineStyleSheetOwner::createSheet):
1709         * dom/ScriptElement.cpp:
1710         (WebCore::ScriptElement::requestScript):
1711         (WebCore::ScriptElement::executeScript):
1712         * dom/SlotAssignment.cpp:
1713         (WebCore::slotNameFromSlotAttribute):
1714         (WebCore::SlotAssignment::SlotAssignment):
1715         (WebCore::recursivelyFireSlotChangeEvent):
1716         (WebCore::SlotAssignment::didChangeSlot):
1717         (WebCore::SlotAssignment::hostChildElementDidChange):
1718         (WebCore::SlotAssignment::assignedNodesForSlot):
1719         (WebCore::SlotAssignment::resolveAllSlotElements):
1720         * dom/TreeScope.cpp:
1721         (WebCore::TreeScope::labelElementForId):
1722         * dom/VisitedLinkState.cpp:
1723         (WebCore::linkAttribute):
1724         * editing/ApplyStyleCommand.cpp:
1725         (WebCore::isLegacyAppleStyleSpan):
1726         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
1727         * editing/EditingStyle.cpp:
1728         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
1729         * editing/ReplaceSelectionCommand.cpp:
1730         (WebCore::isInterchangeNewlineNode):
1731         (WebCore::isInterchangeConvertedSpaceSpan):
1732         (WebCore::positionAvoidingPrecedingNodes):
1733         (WebCore::isMailPasteAsQuotationNode):
1734         (WebCore::isHeaderElement):
1735         (WebCore::isInlineNodeWithStyle):
1736         * editing/TextIterator.cpp:
1737         (WebCore::isRendererReplacedElement):
1738         * editing/cocoa/DataDetection.mm:
1739         (WebCore::DataDetection::isDataDetectorLink):
1740         (WebCore::DataDetection::requiresExtendedContext):
1741         (WebCore::DataDetection::dataDetectorIdentifier):
1742         (WebCore::DataDetection::shouldCancelDefaultAction):
1743         (WebCore::removeResultLinksFromAnchor):
1744         (WebCore::searchForLinkRemovingExistingDDLinks):
1745         * editing/gtk/EditorGtk.cpp:
1746         (WebCore::elementURL):
1747         * editing/htmlediting.cpp:
1748         (WebCore::isTabSpanNode):
1749         (WebCore::isTabSpanTextNode):
1750         (WebCore::isMailBlockquote):
1751         (WebCore::caretMinOffset):
1752         * editing/markup.cpp:
1753         (WebCore::createFragmentFromMarkup):
1754         * html/Autofill.cpp:
1755         (WebCore::AutofillData::createFromHTMLFormControlElement):
1756         * html/BaseTextInputType.cpp:
1757         (WebCore::BaseTextInputType::patternMismatch):
1758         * html/DateInputType.cpp:
1759         (WebCore::DateInputType::createStepRange):
1760         * html/DateTimeInputType.cpp:
1761         (WebCore::DateTimeInputType::createStepRange):
1762         * html/DateTimeLocalInputType.cpp:
1763         (WebCore::DateTimeLocalInputType::createStepRange):
1764         * html/FormAssociatedElement.cpp:
1765         (WebCore::FormAssociatedElement::findAssociatedForm):
1766         (WebCore::FormAssociatedElement::resetFormAttributeTargetObserver):
1767         (WebCore::FormAssociatedElement::formAttributeTargetChanged):
1768         * html/HTMLAnchorElement.cpp:
1769         (WebCore::HTMLAnchorElement::draggable):
1770         (WebCore::HTMLAnchorElement::href):
1771         (WebCore::HTMLAnchorElement::setHref):
1772         (WebCore::HTMLAnchorElement::target):
1773         (WebCore::HTMLAnchorElement::origin):
1774         (WebCore::HTMLAnchorElement::sendPings):
1775         (WebCore::HTMLAnchorElement::handleClick):
1776         * html/HTMLAnchorElement.h:
1777         (WebCore::HTMLAnchorElement::visitedLinkHash):
1778         * html/HTMLAppletElement.cpp:
1779         (WebCore::HTMLAppletElement::updateWidget):
1780         * html/HTMLAreaElement.cpp:
1781         (WebCore::HTMLAreaElement::target):
1782         * html/HTMLAttachmentElement.cpp:
1783         (WebCore::HTMLAttachmentElement::attachmentTitle):
1784         (WebCore::HTMLAttachmentElement::attachmentType):
1785         * html/HTMLBaseElement.cpp:
1786         (WebCore::HTMLBaseElement::target):
1787         (WebCore::HTMLBaseElement::href):
1788         * html/HTMLBodyElement.cpp:
1789         (WebCore::HTMLBodyElement::addSubresourceAttributeURLs):
1790         * html/HTMLButtonElement.cpp:
1791         (WebCore::HTMLButtonElement::value):
1792         (WebCore::HTMLButtonElement::computeWillValidate):
1793         * html/HTMLCanvasElement.cpp:
1794         (WebCore::HTMLCanvasElement::reset):
1795         * html/HTMLDocument.cpp:
1796         (WebCore::HTMLDocument::bgColor):
1797         (WebCore::HTMLDocument::setBgColor):
1798         (WebCore::HTMLDocument::fgColor):
1799         (WebCore::HTMLDocument::setFgColor):
1800         (WebCore::HTMLDocument::alinkColor):
1801         (WebCore::HTMLDocument::setAlinkColor):
1802         (WebCore::HTMLDocument::linkColor):
1803         (WebCore::HTMLDocument::setLinkColor):
1804         (WebCore::HTMLDocument::vlinkColor):
1805         (WebCore::HTMLDocument::setVlinkColor):
1806         * html/HTMLElement.cpp:
1807         (WebCore::contentEditableType):
1808         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
1809         (WebCore::HTMLElement::dir):
1810         (WebCore::HTMLElement::setDir):
1811         (WebCore::HTMLElement::draggable):
1812         (WebCore::HTMLElement::setDraggable):
1813         (WebCore::HTMLElement::title):
1814         (WebCore::HTMLElement::tabIndex):
1815         (WebCore::HTMLElement::translateAttributeMode):
1816         (WebCore::HTMLElement::hasDirectionAuto):
1817         (WebCore::HTMLElement::directionality):
1818         * html/HTMLEmbedElement.cpp:
1819         (WebCore::HTMLEmbedElement::imageSourceURL):
1820         (WebCore::HTMLEmbedElement::addSubresourceAttributeURLs):
1821         * html/HTMLFormControlElement.cpp:
1822         (WebCore::HTMLFormControlElement::formEnctype):
1823         (WebCore::HTMLFormControlElement::formMethod):
1824         (WebCore::HTMLFormControlElement::formAction):
1825         (WebCore::HTMLFormControlElement::autocorrect):
1826         (WebCore::HTMLFormControlElement::autocapitalizeType):
1827         * html/HTMLFormElement.cpp:
1828         (WebCore::HTMLFormElement::autocorrect):
1829         (WebCore::HTMLFormElement::autocapitalizeType):
1830         (WebCore::HTMLFormElement::autocapitalize):
1831         (WebCore::HTMLFormElement::action):
1832         (WebCore::HTMLFormElement::setAction):
1833         (WebCore::HTMLFormElement::target):
1834         (WebCore::HTMLFormElement::wasUserSubmitted):
1835         (WebCore::HTMLFormElement::shouldAutocomplete):
1836         (WebCore::HTMLFormElement::finishParsingChildren):
1837         (WebCore::HTMLFormElement::autocomplete):
1838         * html/HTMLFrameElementBase.cpp:
1839         (WebCore::HTMLFrameElementBase::location):
1840         (WebCore::HTMLFrameElementBase::setLocation):
1841         * html/HTMLHtmlElement.cpp:
1842         (WebCore::HTMLHtmlElement::insertedByParser):
1843         * html/HTMLImageElement.cpp:
1844         (WebCore::HTMLImageElement::imageSourceURL):
1845         (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
1846         (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
1847         (WebCore::HTMLImageElement::selectImageSource):
1848         (WebCore::HTMLImageElement::altText):
1849         (WebCore::HTMLImageElement::createElementRenderer):
1850         (WebCore::HTMLImageElement::width):
1851         (WebCore::HTMLImageElement::height):
1852         (WebCore::HTMLImageElement::alt):
1853         (WebCore::HTMLImageElement::draggable):
1854         (WebCore::HTMLImageElement::setHeight):
1855         (WebCore::HTMLImageElement::src):
1856         (WebCore::HTMLImageElement::setSrc):
1857         (WebCore::HTMLImageElement::addSubresourceAttributeURLs):
1858         (WebCore::HTMLImageElement::didMoveToNewDocument):
1859         (WebCore::HTMLImageElement::isServerMap):
1860         (WebCore::HTMLImageElement::crossOrigin):
1861         * html/HTMLInputElement.cpp:
1862         (WebCore::HTMLInputElement::updateType):
1863         (WebCore::HTMLInputElement::initializeInputType):
1864         (WebCore::HTMLInputElement::altText):
1865         (WebCore::HTMLInputElement::value):
1866         (WebCore::HTMLInputElement::defaultValue):
1867         (WebCore::HTMLInputElement::setDefaultValue):
1868         (WebCore::HTMLInputElement::acceptMIMETypes):
1869         (WebCore::HTMLInputElement::acceptFileExtensions):
1870         (WebCore::HTMLInputElement::accept):
1871         (WebCore::HTMLInputElement::alt):
1872         (WebCore::HTMLInputElement::effectiveMaxLength):
1873         (WebCore::HTMLInputElement::src):
1874         (WebCore::HTMLInputElement::setAutoFilled):
1875         (WebCore::HTMLInputElement::dataList):
1876         (WebCore::HTMLInputElement::resetListAttributeTargetObserver):
1877         * html/HTMLKeygenElement.cpp:
1878         (WebCore::HTMLKeygenElement::isKeytypeRSA):
1879         (WebCore::HTMLKeygenElement::appendFormData):
1880         * html/HTMLLIElement.cpp:
1881         (WebCore::HTMLLIElement::didAttachRenderers):
1882         (WebCore::HTMLLIElement::parseValue):
1883         * html/HTMLLabelElement.cpp:
1884         (WebCore::HTMLLabelElement::control):
1885         * html/HTMLLinkElement.cpp:
1886         (WebCore::HTMLLinkElement::crossOrigin):
1887         (WebCore::HTMLLinkElement::process):
1888         (WebCore::HTMLLinkElement::href):
1889         (WebCore::HTMLLinkElement::rel):
1890         (WebCore::HTMLLinkElement::target):
1891         (WebCore::HTMLLinkElement::type):
1892         (WebCore::HTMLLinkElement::iconType):
1893         * html/HTMLMarqueeElement.cpp:
1894         (WebCore::HTMLMarqueeElement::scrollAmount):
1895         (WebCore::HTMLMarqueeElement::setScrollAmount):
1896         (WebCore::HTMLMarqueeElement::scrollDelay):
1897         (WebCore::HTMLMarqueeElement::setScrollDelay):
1898         (WebCore::HTMLMarqueeElement::loop):
1899         * html/HTMLMediaElement.cpp:
1900         (WebCore::HTMLMediaElement::insertedInto):
1901         (WebCore::HTMLMediaElement::crossOrigin):
1902         (WebCore::HTMLMediaElement::networkState):
1903         (WebCore::HTMLMediaElement::mediaSessionTitle):
1904         (WebCore::HTMLMediaElement::doesHaveAttribute):
1905         * html/HTMLMetaElement.cpp:
1906         (WebCore::HTMLMetaElement::process):
1907         (WebCore::HTMLMetaElement::content):
1908         (WebCore::HTMLMetaElement::httpEquiv):
1909         (WebCore::HTMLMetaElement::name):
1910         * html/HTMLMeterElement.cpp:
1911         (WebCore::HTMLMeterElement::min):
1912         (WebCore::HTMLMeterElement::setMin):
1913         (WebCore::HTMLMeterElement::max):
1914         (WebCore::HTMLMeterElement::setMax):
1915         (WebCore::HTMLMeterElement::value):
1916         (WebCore::HTMLMeterElement::low):
1917         (WebCore::HTMLMeterElement::high):
1918         (WebCore::HTMLMeterElement::optimum):
1919         * html/HTMLObjectElement.cpp:
1920         (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk):
1921         (WebCore::HTMLObjectElement::hasValidClassId):
1922         (WebCore::HTMLObjectElement::imageSourceURL):
1923         (WebCore::HTMLObjectElement::renderFallbackContent):
1924         (WebCore::HTMLObjectElement::containsJavaApplet):
1925         (WebCore::HTMLObjectElement::addSubresourceAttributeURLs):
1926         * html/HTMLOptGroupElement.cpp:
1927         (WebCore::HTMLOptGroupElement::groupLabelText):
1928         * html/HTMLOptionElement.cpp:
1929         (WebCore::HTMLOptionElement::value):
1930         (WebCore::HTMLOptionElement::label):
1931         * html/HTMLParamElement.cpp:
1932         (WebCore::HTMLParamElement::value):
1933         (WebCore::HTMLParamElement::isURLParameter):
1934         * html/HTMLProgressElement.cpp:
1935         (WebCore::HTMLProgressElement::value):
1936         (WebCore::HTMLProgressElement::max):
1937         * html/HTMLScriptElement.cpp:
1938         (WebCore::HTMLScriptElement::crossOrigin):
1939         (WebCore::HTMLScriptElement::src):
1940         (WebCore::HTMLScriptElement::sourceAttributeValue):
1941         (WebCore::HTMLScriptElement::charsetAttributeValue):
1942         (WebCore::HTMLScriptElement::typeAttributeValue):
1943         (WebCore::HTMLScriptElement::languageAttributeValue):
1944         (WebCore::HTMLScriptElement::forAttributeValue):
1945         (WebCore::HTMLScriptElement::eventAttributeValue):
1946         (WebCore::HTMLScriptElement::asyncAttributeValue):
1947         * html/HTMLSlotElement.cpp:
1948         (WebCore::HTMLSlotElement::insertedInto):
1949         (WebCore::HTMLSlotElement::removedFrom):
1950         * html/HTMLSourceElement.cpp:
1951         (WebCore::HTMLSourceElement::media):
1952         (WebCore::HTMLSourceElement::setMedia):
1953         (WebCore::HTMLSourceElement::type):
1954         (WebCore::HTMLSourceElement::setType):
1955         * html/HTMLTableCellElement.cpp:
1956         (WebCore::HTMLTableCellElement::colSpanForBindings):
1957         (WebCore::HTMLTableCellElement::rowSpan):
1958         (WebCore::HTMLTableCellElement::rowSpanForBindings):
1959         (WebCore::HTMLTableCellElement::cellIndex):
1960         (WebCore::HTMLTableCellElement::abbr):
1961         (WebCore::HTMLTableCellElement::axis):
1962         (WebCore::HTMLTableCellElement::setColSpanForBindings):
1963         (WebCore::HTMLTableCellElement::headers):
1964         (WebCore::HTMLTableCellElement::setRowSpanForBindings):
1965         (WebCore::HTMLTableCellElement::scope):
1966         (WebCore::HTMLTableCellElement::addSubresourceAttributeURLs):
1967         (WebCore::HTMLTableCellElement::cellAbove):
1968         * html/HTMLTableColElement.cpp:
1969         (WebCore::HTMLTableColElement::width):
1970         * html/HTMLTableElement.cpp:
1971         (WebCore::HTMLTableElement::rules):
1972         (WebCore::HTMLTableElement::summary):
1973         (WebCore::HTMLTableElement::addSubresourceAttributeURLs):
1974         * html/HTMLTableSectionElement.cpp:
1975         (WebCore::HTMLTableSectionElement::align):
1976         (WebCore::HTMLTableSectionElement::setAlign):
1977         (WebCore::HTMLTableSectionElement::ch):
1978         (WebCore::HTMLTableSectionElement::setCh):
1979         (WebCore::HTMLTableSectionElement::chOff):
1980         (WebCore::HTMLTableSectionElement::setChOff):
1981         (WebCore::HTMLTableSectionElement::vAlign):
1982         (WebCore::HTMLTableSectionElement::setVAlign):
1983         * html/HTMLTextAreaElement.cpp:
1984         (WebCore::HTMLTextAreaElement::appendFormData):
1985         * html/HTMLTextFormControlElement.cpp:
1986         (WebCore::HTMLTextFormControlElement::strippedPlaceholder):
1987         (WebCore::HTMLTextFormControlElement::isPlaceholderEmpty):
1988         (WebCore::HTMLTextFormControlElement::directionForFormData):
1989         * html/HTMLTrackElement.cpp:
1990         (WebCore::HTMLTrackElement::srclang):
1991         (WebCore::HTMLTrackElement::label):
1992         (WebCore::HTMLTrackElement::isDefault):
1993         (WebCore::HTMLTrackElement::ensureTrack):
1994         (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
1995         * html/HTMLVideoElement.cpp:
1996         (WebCore::HTMLVideoElement::parseAttribute):
1997         (WebCore::HTMLVideoElement::imageSourceURL):
1998         * html/ImageInputType.cpp:
1999         (WebCore::ImageInputType::height):
2000         (WebCore::ImageInputType::width):
2001         * html/InputType.cpp:
2002         (WebCore::InputType::applyStep):
2003         * html/MediaElementSession.cpp:
2004         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
2005         * html/MonthInputType.cpp:
2006         (WebCore::MonthInputType::createStepRange):
2007         * html/NumberInputType.cpp:
2008         (WebCore::NumberInputType::createStepRange):
2009         (WebCore::NumberInputType::sizeShouldIncludeDecoration):
2010         * html/RangeInputType.cpp:
2011         (WebCore::RangeInputType::createStepRange):
2012         (WebCore::RangeInputType::handleKeydownEvent):
2013         * html/TextFieldInputType.cpp:
2014         (WebCore::TextFieldInputType::appendFormData):
2015         (WebCore::TextFieldInputType::updateAutoFillButton):
2016         * html/TimeInputType.cpp:
2017         (WebCore::TimeInputType::createStepRange):
2018         * html/ValidationMessage.cpp:
2019         (WebCore::ValidationMessage::updateValidationMessage):
2020         * html/WeekInputType.cpp:
2021         (WebCore::WeekInputType::createStepRange):
2022         * html/track/WebVTTElement.cpp:
2023         (WebCore::WebVTTElement::createEquivalentHTMLElement):
2024         * inspector/InspectorPageAgent.cpp:
2025         (WebCore::InspectorPageAgent::buildObjectForFrame):
2026         * loader/FormSubmission.cpp:
2027         (WebCore::FormSubmission::create):
2028         * loader/FrameLoader.cpp:
2029         (WebCore::FrameLoader::defaultSubstituteDataForURL):
2030         * loader/ImageLoader.cpp:
2031         (WebCore::ImageLoader::updateFromElement):
2032         * loader/SubframeLoader.cpp:
2033         (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy):
2034         * mathml/MathMLElement.cpp:
2035         (WebCore::MathMLElement::colSpan):
2036         (WebCore::MathMLElement::rowSpan):
2037         (WebCore::MathMLElement::childShouldCreateRenderer):
2038         (WebCore::MathMLElement::defaultEventHandler):
2039         (WebCore::MathMLElement::cachedMathMLLength):
2040         * mathml/MathMLFractionElement.cpp:
2041         (WebCore::MathMLFractionElement::lineThickness):
2042         (WebCore::MathMLFractionElement::cachedFractionAlignment):
2043         * mathml/MathMLSelectElement.cpp:
2044         (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
2045         (WebCore::MathMLSelectElement::getSelectedActionChild):
2046         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2047         (WebCore::MathMLSelectElement::defaultEventHandler):
2048         (WebCore::MathMLSelectElement::willRespondToMouseClickEvents):
2049         (WebCore::MathMLSelectElement::toggle):
2050         * page/EventHandler.cpp:
2051         (WebCore::findDropZone):
2052         * page/Frame.cpp:
2053         (WebCore::Frame::matchLabelsAgainstElement):
2054         * page/PageSerializer.cpp:
2055         (WebCore::PageSerializer::serializeFrame):
2056         * platform/win/PasteboardWin.cpp:
2057         (WebCore::Pasteboard::writeImageToDataObject):
2058         * rendering/HitTestResult.cpp:
2059         (WebCore::HitTestResult::altDisplayString):
2060         * rendering/RenderDetailsMarker.cpp:
2061         (WebCore::RenderDetailsMarker::isOpen):
2062         * rendering/RenderImage.cpp:
2063         (WebCore::RenderImage::imageMap):
2064         (WebCore::RenderImage::nodeAtPoint):
2065         * rendering/RenderMenuList.cpp:
2066         (RenderMenuList::itemAccessibilityText):
2067         (RenderMenuList::itemToolTip):
2068         * rendering/RenderSearchField.cpp:
2069         (WebCore::RenderSearchField::autosaveName):
2070         * rendering/RenderThemeIOS.mm:
2071         (WebCore::getAttachmentProgress):
2072         (WebCore::AttachmentInfo::AttachmentInfo):
2073         * rendering/RenderThemeMac.mm:
2074         (WebCore::AttachmentLayout::layOutSubtitle):
2075         (WebCore::RenderThemeMac::paintAttachment):
2076         * rendering/mathml/MathMLStyle.cpp:
2077         (WebCore::MathMLStyle::resolveMathMLStyle):
2078         * rendering/mathml/RenderMathMLFenced.cpp:
2079         (WebCore::RenderMathMLFenced::updateFromElement):
2080         * rendering/mathml/RenderMathMLOperator.cpp:
2081         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
2082         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttributeValue):
2083         (WebCore::RenderMathMLOperator::setOperatorProperties):
2084         * rendering/mathml/RenderMathMLScripts.cpp:
2085         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
2086         * rendering/mathml/RenderMathMLUnderOver.cpp:
2087         (WebCore::RenderMathMLUnderOver::hasAccent):
2088         * style/StyleSharingResolver.cpp:
2089         (WebCore::Style::SharingResolver::canShareStyleWithElement):
2090         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
2091         * svg/SVGAElement.cpp:
2092         (WebCore::SVGAElement::title):
2093         (WebCore::SVGAElement::defaultEventHandler):
2094         * svg/SVGAltGlyphElement.cpp:
2095         (WebCore::SVGAltGlyphElement::glyphRef):
2096         (WebCore::SVGAltGlyphElement::setFormat):
2097         (WebCore::SVGAltGlyphElement::format):
2098         (WebCore::SVGAltGlyphElement::childShouldCreateRenderer):
2099         * svg/SVGAnimationElement.cpp:
2100         (WebCore::SVGAnimationElement::toValue):
2101         (WebCore::SVGAnimationElement::byValue):
2102         (WebCore::SVGAnimationElement::fromValue):
2103         (WebCore::SVGAnimationElement::isAdditive):
2104         (WebCore::SVGAnimationElement::isAccumulated):
2105         * svg/SVGElement.cpp:
2106         (WebCore::SVGElement::xmlbase):
2107         (WebCore::SVGElement::setXmlbase):
2108         * svg/SVGFontFaceElement.cpp:
2109         (WebCore::SVGFontFaceElement::unitsPerEm):
2110         (WebCore::SVGFontFaceElement::xHeight):
2111         (WebCore::SVGFontFaceElement::capHeight):
2112         (WebCore::SVGFontFaceElement::horizontalOriginX):
2113         (WebCore::SVGFontFaceElement::horizontalOriginY):
2114         (WebCore::SVGFontFaceElement::horizontalAdvanceX):
2115         (WebCore::SVGFontFaceElement::verticalOriginX):
2116         (WebCore::SVGFontFaceElement::verticalOriginY):
2117         (WebCore::SVGFontFaceElement::verticalAdvanceY):
2118         (WebCore::SVGFontFaceElement::ascent):
2119         (WebCore::SVGFontFaceElement::descent):
2120         * svg/SVGFontFaceNameElement.cpp:
2121         (WebCore::SVGFontFaceNameElement::srcValue):
2122         * svg/SVGFontFaceUriElement.cpp:
2123         (WebCore::SVGFontFaceUriElement::srcValue):
2124         * svg/SVGGlyphRefElement.cpp:
2125         (WebCore::SVGGlyphRefElement::glyphRef):
2126         (WebCore::SVGGlyphRefElement::setGlyphRef):
2127         * svg/SVGHKernElement.cpp:
2128         (WebCore::SVGHKernElement::buildHorizontalKerningPair):
2129         * svg/SVGSVGElement.cpp:
2130         (WebCore::SVGSVGElement::contentScriptType):
2131         (WebCore::SVGSVGElement::contentStyleType):
2132         * svg/SVGStyleElement.cpp:
2133         (WebCore::SVGStyleElement::media):
2134         (WebCore::SVGStyleElement::title):
2135         (WebCore::SVGStyleElement::setTitle):
2136         * svg/SVGToOTFFontConversion.cpp:
2137         (WebCore::SVGToOTFFontConverter::appendOS2Table):
2138         (WebCore::SVGToOTFFontConverter::appendCFFTable):
2139         (WebCore::SVGToOTFFontConverter::appendArabicReplacementSubtable):
2140         (WebCore::SVGToOTFFontConverter::appendVORGTable):
2141         (WebCore::SVGToOTFFontConverter::transcodeGlyphPaths):
2142         (WebCore::SVGToOTFFontConverter::processGlyphElement):
2143         (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically):
2144         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
2145         * svg/SVGVKernElement.cpp:
2146         (WebCore::SVGVKernElement::buildVerticalKerningPair):
2147         * svg/animation/SVGSMILElement.cpp:
2148         (WebCore::SVGSMILElement::insertedInto):
2149         (WebCore::SVGSMILElement::parseAttribute):
2150         (WebCore::SVGSMILElement::svgAttributeChanged):
2151         (WebCore::SVGSMILElement::restart):
2152         (WebCore::SVGSMILElement::fill):
2153         (WebCore::SVGSMILElement::dur):
2154         (WebCore::SVGSMILElement::repeatDur):
2155         (WebCore::SVGSMILElement::repeatCount):
2156         (WebCore::SVGSMILElement::maxValue):
2157         (WebCore::SVGSMILElement::minValue):
2158
2159 2016-07-16  Carlos Garcia Campos  <cgarcia@igalia.com>
2160
2161         ASSERTION FAILED: isMainThread() in ~UniqueIDBDatabase() since r201997
2162         https://bugs.webkit.org/show_bug.cgi?id=159809
2163
2164         Reviewed by Brady Eidson.
2165
2166         In r201997 the UniqueIDBDatabase was protected in executeNextDatabaseTask() because the last reference could be
2167         removed while the task is performed. However UniqueIDBDatabase is expected to be deleted in the main thread, and
2168         the destructor asserts when not called in the main thread, but executeNextDatabaseTask() is always called on a
2169         secondary thread. So, if the protector contains the last reference, the object is deleted in the secondary thread.
2170
2171         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
2172         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask): Use callOnMainThread to ensure the object is
2173         deleted in the main thread in case the protector contains the last reference.
2174
2175 2016-07-15  Chris Dumez  <cdumez@apple.com>
2176
2177         Use emptyString() / nullAtom when possible
2178         https://bugs.webkit.org/show_bug.cgi?id=159850
2179
2180         Reviewed by Ryosuke Niwa.
2181
2182         Use emptyString() / nullAtom when possible, for performance.
2183
2184         * Modules/webaudio/AudioNode.cpp:
2185         (WebCore::AudioNode::channelCountMode):
2186         (WebCore::AudioNode::channelInterpretation):
2187         * Modules/webdatabase/DatabaseTracker.cpp:
2188         (WebCore::DatabaseTracker::tracker):
2189         * Modules/websockets/WebSocket.cpp:
2190         (WebCore::WebSocket::WebSocket):
2191         (WebCore::WebSocket::didConnect):
2192         * Modules/websockets/WebSocketChannel.cpp:
2193         (WebCore::WebSocketChannel::subprotocol):
2194         (WebCore::WebSocketChannel::extensions):
2195         * accessibility/AccessibilityObject.cpp:
2196         (WebCore::AccessibilityObject::supportsPressAction):
2197         * accessibility/mac/AXObjectCacheMac.mm:
2198         (WebCore::AXObjectCache::postTextStateChangePlatformNotification):
2199         * css/CSSPropertySourceData.cpp:
2200         (WebCore::CSSPropertySourceData::CSSPropertySourceData):
2201         * css/PageRuleCollector.cpp:
2202         (WebCore::PageRuleCollector::pageName):
2203         * css/PropertySetCSSStyleDeclaration.cpp:
2204         (WebCore::PropertySetCSSStyleDeclaration::getPropertyPriority):
2205         * dom/DocumentMarkerController.cpp:
2206         (WebCore::DocumentMarkerController::addDictationPhraseWithAlternativesMarker):
2207         * dom/Element.cpp:
2208         (WebCore::Element::setPrefix):
2209         * editing/AlternativeTextController.cpp:
2210         (WebCore::AlternativeTextController::respondToMarkerAtEndOfWord):
2211         (WebCore::AlternativeTextController::markerDescriptionForAppliedAlternativeText):
2212         * editing/CompositeEditCommand.cpp:
2213         (WebCore::CompositeEditCommand::removeNodeAttribute):
2214         (WebCore::CompositeEditCommand::moveParagraphs):
2215         * editing/InsertTextCommand.cpp:
2216         (WebCore::InsertTextCommand::positionInsideTextNode):
2217         * editing/TextCheckingHelper.cpp:
2218         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
2219         * editing/TypingCommand.cpp:
2220         (WebCore::TypingCommand::deleteSelection):
2221         (WebCore::TypingCommand::deleteKeyPressed):
2222         (WebCore::TypingCommand::forwardDeleteKeyPressed):
2223         (WebCore::TypingCommand::insertLineBreak):
2224         (WebCore::TypingCommand::insertParagraphSeparator):
2225         * editing/cocoa/EditorCocoa.mm:
2226         (WebCore::Editor::styleForSelectionStart):
2227         * editing/mac/EditorMac.mm:
2228         (WebCore::Editor::stringSelectionForPasteboard):
2229         (WebCore::Editor::stringSelectionForPasteboardWithImageAltText):
2230         * fileapi/FileReaderLoader.cpp:
2231         (WebCore::FileReaderLoader::FileReaderLoader):
2232         * html/FileInputType.cpp:
2233         (WebCore::FileInputType::appendFormData):
2234         * html/HTMLMediaElement.cpp:
2235         (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
2236         * html/HTMLOutputElement.cpp:
2237         (WebCore::HTMLOutputElement::HTMLOutputElement):
2238         * html/SearchInputType.cpp:
2239         (WebCore::SearchInputType::handleKeydownEvent):
2240         * html/TextFieldInputType.cpp:
2241         (WebCore::autoFillButtonTypeToAccessibilityLabel):
2242         * html/canvas/WebGLDebugShaders.cpp:
2243         (WebCore::WebGLDebugShaders::getTranslatedShaderSource):
2244         * html/canvas/WebGLRenderingContextBase.cpp:
2245         (WebCore::WebGLRenderingContextBase::dispatchContextLostEvent):
2246         (WebCore::WebGLRenderingContextBase::maybeRestoreContext):
2247         * html/canvas/WebGLShader.cpp:
2248         (WebCore::WebGLShader::WebGLShader):
2249         * html/shadow/MediaControlElements.cpp:
2250         (WebCore::MediaControlStatusDisplayElement::update):
2251         * html/track/TextTrack.cpp:
2252         (WebCore::TextTrack::captionMenuOffItem):
2253         (WebCore::TextTrack::captionMenuAutomaticItem):
2254         * html/track/VTTRegion.cpp:
2255         (WebCore::VTTRegion::scroll):
2256         * html/track/VTTRegion.h:
2257         * inspector/InspectorDOMAgent.cpp:
2258         (WebCore::InspectorDOMAgent::toErrorString):
2259         (WebCore::InspectorDOMAgent::resolveNode):
2260         (WebCore::InspectorDOMAgent::documentURLString):
2261         (WebCore::documentBaseURLString):
2262         * inspector/InspectorDOMDebuggerAgent.cpp:
2263         (WebCore::domTypeName):
2264         * inspector/InspectorFrontendHost.cpp:
2265         (WebCore::InspectorFrontendHost::localizedStringsURL):
2266         * inspector/InspectorHistory.cpp:
2267         (WebCore::InspectorHistory::Action::mergeId):
2268         * inspector/InspectorPageAgent.cpp:
2269         (WebCore::InspectorPageAgent::reload):
2270         (WebCore::InspectorPageAgent::frameId):
2271         (WebCore::InspectorPageAgent::loaderId):
2272         * inspector/InspectorStyleSheet.cpp:
2273         (WebCore::InspectorStyleSheet::ruleSelector):
2274         * loader/EmptyClients.h:
2275         * loader/FrameLoader.cpp:
2276         (WebCore::FrameLoader::referrer):
2277         * loader/ImageLoader.cpp:
2278         (WebCore::ImageLoader::clearFailedLoadURL):
2279         * loader/ResourceLoader.cpp:
2280         (WebCore::ResourceLoader::didReceiveResponse):
2281         * page/ContextMenuController.cpp:
2282         (WebCore::ContextMenuController::contextMenuItemSelected):
2283         * page/FrameTree.cpp:
2284         (WebCore::FrameTree::setName):
2285         (WebCore::FrameTree::clearName):
2286         * page/Location.cpp:
2287         (WebCore::Location::port):
2288         * platform/network/ProtectionSpaceBase.cpp:
2289         (WebCore::ProtectionSpaceBase::ProtectionSpaceBase):
2290         * xml/parser/XMLDocumentParserLibxml2.cpp:
2291         (WebCore::handleElementAttributes):
2292
2293 2016-07-15  Simon Fraser  <simon.fraser@apple.com>
2294
2295         Repaints rects drawn incorrectly when inspecting a WebView on a Retina display
2296         https://bugs.webkit.org/show_bug.cgi?id=159824
2297         rdar://problem/27376305
2298
2299         Reviewed by Brian Burg.
2300
2301         InspectorOverlayPage.js set up the canvases with a deviceScaleFactor passed into
2302         reset(), which comes from the overlay's m_page.deviceScaleFactor(). However, updatePaintRects()
2303         used window.devicePixelRatio which was always 1.
2304
2305         Fix by setting the deviceScaleFactor on the m_overlayPage.
2306
2307         * inspector/InspectorOverlay.cpp:
2308         (WebCore::InspectorOverlay::overlayPage):
2309
2310 2016-07-15  Myles C. Maxfield  <mmaxfield@apple.com>
2311
2312         [macOS] Work around crash in [NSAttributedString nextWordFromIndex:forward:]
2313         https://bugs.webkit.org/show_bug.cgi?id=159842
2314
2315         Reviewed by Jon Lee.
2316
2317         <rdar://problem/27380532> describes a crash inside [NSAttributedString nextWordFromIndex:forward:].
2318         This must be worked around for https://bugs.webkit.org/show_bug.cgi?id=159755 and
2319         <rdar://problem/27325521>.
2320
2321         * platform/text/mac/TextBoundaries.mm:
2322         (WebCore::findNextWordFromIndex):
2323
2324 2016-07-15  Brady Eidson  <beidson@apple.com>
2325
2326         Update XPathException to use the description in toString().
2327         https://bugs.webkit.org/show_bug.cgi?id=159848
2328
2329         Reviewed by Alex Christensen.
2330
2331         No new tests (Covered by changes to existing tests).
2332
2333         * bindings/js/JSDOMBinding.cpp:
2334         (WebCore::createDOMException):
2335         * xml/XPathException.h:
2336         (WebCore::XPathException::XPathException):
2337
2338 2016-07-15  Brady Eidson  <beidson@apple.com>
2339
2340         Change toString() behavior for exceptions constructed with "createWithDescriptionAsMessage".
2341         https://bugs.webkit.org/show_bug.cgi?id=159839
2342
2343         Reviewed by Alex Christensen.
2344
2345         No new tests (Covered by changes to existing tests).
2346
2347         This is the first step towards extended exception messages for all exception types.
2348
2349         * dom/ExceptionBase.cpp:
2350         (WebCore::ExceptionBase::ExceptionBase):
2351         (WebCore::ExceptionBase::toString):
2352         * dom/ExceptionBase.h:
2353
2354 2016-07-15  Geoffrey Garen  <ggaren@apple.com>
2355
2356         Added a makeRef<T> helper
2357         https://bugs.webkit.org/show_bug.cgi?id=159835
2358
2359         Reviewed by Andreas Kling.
2360
2361         Anders told me to!
2362
2363         * Modules/indexeddb/IDBTransaction.cpp:
2364         (WebCore::IDBTransaction::putOrAddOnServer):
2365         * Modules/indexeddb/shared/InProcessIDBServer.cpp:
2366         (WebCore::InProcessIDBServer::deleteDatabase):
2367         (WebCore::InProcessIDBServer::didDeleteDatabase):
2368         (WebCore::InProcessIDBServer::openDatabase):
2369         (WebCore::InProcessIDBServer::didOpenDatabase):
2370         (WebCore::InProcessIDBServer::didAbortTransaction):
2371         (WebCore::InProcessIDBServer::didCommitTransaction):
2372         (WebCore::InProcessIDBServer::didCreateObjectStore):
2373         (WebCore::InProcessIDBServer::didDeleteObjectStore):
2374         (WebCore::InProcessIDBServer::didClearObjectStore):
2375         (WebCore::InProcessIDBServer::didCreateIndex):
2376         (WebCore::InProcessIDBServer::didDeleteIndex):
2377         (WebCore::InProcessIDBServer::didPutOrAdd):
2378         (WebCore::InProcessIDBServer::didGetRecord):
2379         (WebCore::InProcessIDBServer::didGetCount):
2380         (WebCore::InProcessIDBServer::didDeleteRecord):
2381         (WebCore::InProcessIDBServer::didOpenCursor):
2382         (WebCore::InProcessIDBServer::didIterateCursor):
2383         (WebCore::InProcessIDBServer::abortTransaction):
2384         (WebCore::InProcessIDBServer::commitTransaction):
2385         (WebCore::InProcessIDBServer::didFinishHandlingVersionChangeTransaction):
2386         (WebCore::InProcessIDBServer::createObjectStore):
2387         (WebCore::InProcessIDBServer::deleteObjectStore):
2388         (WebCore::InProcessIDBServer::clearObjectStore):
2389         (WebCore::InProcessIDBServer::createIndex):
2390         (WebCore::InProcessIDBServer::deleteIndex):
2391         (WebCore::InProcessIDBServer::putOrAdd):
2392         (WebCore::InProcessIDBServer::getRecord):
2393         (WebCore::InProcessIDBServer::getCount):
2394         (WebCore::InProcessIDBServer::deleteRecord):
2395         (WebCore::InProcessIDBServer::openCursor):
2396         (WebCore::InProcessIDBServer::iterateCursor):
2397         (WebCore::InProcessIDBServer::establishTransaction):
2398         (WebCore::InProcessIDBServer::fireVersionChangeEvent):
2399         (WebCore::InProcessIDBServer::didStartTransaction):
2400         (WebCore::InProcessIDBServer::didCloseFromServer):
2401         (WebCore::InProcessIDBServer::notifyOpenDBRequestBlocked):
2402         (WebCore::InProcessIDBServer::databaseConnectionClosed):
2403         (WebCore::InProcessIDBServer::abortOpenAndUpgradeNeeded):
2404         (WebCore::InProcessIDBServer::didFireVersionChangeEvent):
2405         (WebCore::InProcessIDBServer::openDBRequestCancelled):
2406         (WebCore::InProcessIDBServer::confirmDidCloseFromServer):
2407         (WebCore::InProcessIDBServer::getAllDatabaseNames):
2408         (WebCore::InProcessIDBServer::didGetAllDatabaseNames):
2409         * Modules/mediastream/MediaDevicesRequest.cpp:
2410         (WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest):
2411         * Modules/mediastream/UserMediaRequest.cpp:
2412         (WebCore::UserMediaRequest::constraintsValidated):
2413         (WebCore::UserMediaRequest::userMediaAccessGranted):
2414         * Modules/webaudio/AudioContext.cpp:
2415         (WebCore::AudioContext::scheduleNodeDeletion):
2416         (WebCore::AudioContext::isPlayingAudioDidChange):
2417         (WebCore::AudioContext::suspend):
2418         (WebCore::AudioContext::resume):
2419         (WebCore::AudioContext::close):
2420         (WebCore::AudioContext::suspendPlayback):
2421         (WebCore::AudioContext::mayResumePlayback):
2422         * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
2423         (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
2424         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
2425         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
2426         (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
2427         (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
2428         (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
2429         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
2430         (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
2431         * Modules/websockets/WebSocket.cpp:
2432         (WebCore::WebSocket::connect):
2433         * bindings/js/JSEventListener.h:
2434         (WebCore::JSEventListener::jsFunction):
2435         * dom/Node.cpp:
2436         (WebCore::Node::setTextContent):
2437         * html/HTMLMediaElement.cpp:
2438         (WebCore::HTMLMediaElement::layoutSizeChanged):
2439         * inspector/CommandLineAPIHost.cpp:
2440         (WebCore::CommandLineAPIHost::wrapper):
2441         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
2442         (WebCore::AudioSourceProviderAVFObjC::prepare):
2443         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
2444         (WebCore::WebCoreAVCFResourceLoader::invalidate):
2445         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
2446         (WebCore::WebCoreAVFResourceLoader::invalidate):
2447         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
2448         (WebVideoFullscreenControllerContext::setExternalPlayback):
2449         * platform/network/BlobResourceHandle.cpp:
2450         (WebCore::BlobResourceHandle::start):
2451         (WebCore::BlobResourceHandle::notifyFinish):
2452         * platform/network/SocketStreamHandleBase.cpp:
2453         (WebCore::SocketStreamHandleBase::disconnect):
2454         * platform/network/curl/CurlDownload.cpp:
2455         (WebCore::CurlDownload::didReceiveHeader):
2456
2457 2016-07-15  Chris Dumez  <cdumez@apple.com>
2458
2459         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible
2460         https://bugs.webkit.org/show_bug.cgi?id=159793
2461
2462         Reviewed by Ryosuke Niwa.
2463
2464         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible, for performance.
2465
2466         * Modules/plugins/YouTubePluginReplacement.cpp:
2467         (WebCore::YouTubePluginReplacement::installReplacement):
2468         * dom/Element.h:
2469         (WebCore::Element::setIdAttribute):
2470         * editing/ApplyStyleCommand.cpp:
2471         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
2472         (WebCore::createFontElement):
2473         (WebCore::ApplyStyleCommand::applyInlineStyleChange):
2474         * editing/EditingStyle.cpp:
2475         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
2476         * editing/Editor.cpp:
2477         (WebCore::Editor::setBaseWritingDirection):
2478         * editing/ReplaceSelectionCommand.cpp:
2479         (WebCore::isMailPasteAsQuotationNode):
2480         (WebCore::isInlineNodeWithStyle):
2481         * editing/cocoa/DataDetection.mm:
2482         (WebCore::DataDetection::detectContentInRange):
2483         * editing/htmlediting.cpp:
2484         (WebCore::createTabSpanElement):
2485         * editing/ios/EditorIOS.mm:
2486         (WebCore::Editor::setTextAlignmentForChangedBaseWritingDirection):
2487         (WebCore::Editor::WebContentReader::readURL):
2488         * editing/mac/EditorMac.mm:
2489         (WebCore::Editor::WebContentReader::readURL):
2490         * editing/markup.cpp:
2491         (WebCore::createFragmentFromText):
2492         * html/BaseButtonInputType.cpp:
2493         (WebCore::BaseButtonInputType::setValue):
2494         * html/BaseCheckableInputType.cpp:
2495         (WebCore::BaseCheckableInputType::setValue):
2496         * html/FTPDirectoryDocument.cpp:
2497         (WebCore::FTPDirectoryDocumentParser::appendEntry):
2498         (WebCore::FTPDirectoryDocumentParser::createTDForFilename):
2499         (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
2500         (WebCore::FTPDirectoryDocumentParser::createBasicDocument):
2501         * html/HTMLAnchorElement.cpp:
2502         (WebCore::HTMLAnchorElement::href):
2503         (WebCore::HTMLAnchorElement::setHref):
2504         (WebCore::HTMLAnchorElement::target):
2505         * html/HTMLAreaElement.cpp:
2506         (WebCore::HTMLAreaElement::target):
2507         * html/HTMLBaseElement.cpp:
2508         (WebCore::HTMLBaseElement::setHref):
2509         * html/HTMLButtonElement.cpp:
2510         (WebCore::HTMLButtonElement::setType):
2511         * html/HTMLDetailsElement.cpp:
2512         (WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot):
2513         (WebCore::HTMLDetailsElement::toggleOpen):
2514         * html/HTMLDocument.cpp:
2515         (WebCore::HTMLDocument::setBgColor):
2516         (WebCore::HTMLDocument::setFgColor):
2517         (WebCore::HTMLDocument::setAlinkColor):
2518         (WebCore::HTMLDocument::setLinkColor):
2519         (WebCore::HTMLDocument::setVlinkColor):
2520         * html/HTMLElement.cpp:
2521         (WebCore::HTMLElement::setDir):
2522         (WebCore::HTMLElement::setContentEditable):
2523         (WebCore::HTMLElement::setDraggable):
2524         (WebCore::HTMLElement::setSpellcheck):
2525         (WebCore::HTMLElement::setTranslate):
2526         * html/HTMLFormControlElement.cpp:
2527         (WebCore::HTMLFormControlElement::setFormEnctype):
2528         (WebCore::HTMLFormControlElement::setFormMethod):
2529         (WebCore::HTMLFormControlElement::setAutocorrect):
2530         (WebCore::HTMLFormControlElement::setAutocapitalize):
2531         (WebCore::HTMLFormControlElement::setAutocomplete):
2532         * html/HTMLFormElement.cpp:
2533         (WebCore::HTMLFormElement::setAutocorrect):
2534         (WebCore::HTMLFormElement::setAutocapitalize):
2535         (WebCore::HTMLFormElement::setAction):
2536         (WebCore::HTMLFormElement::setEnctype):
2537         (WebCore::HTMLFormElement::setMethod):
2538         (WebCore::HTMLFormElement::target):
2539         * html/HTMLImageElement.cpp:
2540         (WebCore::HTMLImageElement::width):
2541         (WebCore::HTMLImageElement::height):
2542         (WebCore::HTMLImageElement::setSrc):
2543         * html/HTMLInputElement.cpp:
2544         (WebCore::HTMLInputElement::setType):
2545         (WebCore::HTMLInputElement::updateType):
2546         (WebCore::HTMLInputElement::altText):
2547         (WebCore::HTMLInputElement::setDefaultValue):
2548         * html/HTMLLinkElement.cpp:
2549         (WebCore::HTMLLinkElement::href):
2550         (WebCore::HTMLLinkElement::target):
2551         (WebCore::HTMLLinkElement::type):
2552         * html/HTMLMediaElement.cpp:
2553         (WebCore::HTMLMediaElement::setSrc):
2554         (WebCore::HTMLMediaElement::setPreload):
2555         * html/HTMLMeterElement.cpp:
2556         (WebCore::HTMLMeterElement::min):
2557         (WebCore::HTMLMeterElement::setMin):
2558         (WebCore::HTMLMeterElement::max):
2559         (WebCore::HTMLMeterElement::setMax):
2560         (WebCore::HTMLMeterElement::value):
2561         (WebCore::HTMLMeterElement::setValue):
2562         (WebCore::HTMLMeterElement::low):
2563         (WebCore::HTMLMeterElement::setLow):
2564         (WebCore::HTMLMeterElement::high):
2565         (WebCore::HTMLMeterElement::setHigh):
2566         (WebCore::HTMLMeterElement::optimum):
2567         (WebCore::HTMLMeterElement::setOptimum):
2568         * html/HTMLObjectElement.cpp:
2569         (WebCore::HTMLObjectElement::containsJavaApplet):
2570         * html/HTMLOptionElement.cpp:
2571         (WebCore::HTMLOptionElement::createForJSConstructor):
2572         (WebCore::HTMLOptionElement::setValue):
2573         (WebCore::HTMLOptionElement::setLabel):
2574         * html/HTMLProgressElement.cpp:
2575         (WebCore::HTMLProgressElement::setValue):
2576         (WebCore::HTMLProgressElement::setMax):
2577         * html/HTMLScriptElement.cpp:
2578         (WebCore::HTMLScriptElement::typeAttributeValue):
2579         * html/HTMLSelectElement.cpp:
2580         (WebCore::HTMLSelectElement::setMultiple):
2581         * html/HTMLSourceElement.cpp:
2582         (WebCore::HTMLSourceElement::setSrc):
2583         (WebCore::HTMLSourceElement::media):
2584         (WebCore::HTMLSourceElement::setMedia):
2585         (WebCore::HTMLSourceElement::type):
2586         (WebCore::HTMLSourceElement::setType):
2587         * html/HTMLTableSectionElement.cpp:
2588         (WebCore::HTMLTableSectionElement::setAlign):
2589         (WebCore::HTMLTableSectionElement::setCh):
2590         (WebCore::HTMLTableSectionElement::chOff):
2591         (WebCore::HTMLTableSectionElement::setChOff):
2592         (WebCore::HTMLTableSectionElement::setVAlign):
2593         * html/HTMLTextFormControlElement.cpp:
2594         (WebCore::HTMLTextFormControlElement::updateInnerTextElementEditability):
2595         * html/HTMLVideoElement.cpp:
2596         (WebCore::HTMLVideoElement::imageSourceURL):
2597         * html/HiddenInputType.cpp:
2598         (WebCore::HiddenInputType::restoreFormControlState):
2599         (WebCore::HiddenInputType::setValue):
2600         * html/MediaDocument.cpp:
2601         (WebCore::MediaDocumentParser::createDocumentStructure):
2602         (WebCore::MediaDocument::replaceMediaElementTimerFired):
2603         * html/PluginDocument.cpp:
2604         (WebCore::PluginDocumentParser::createDocumentStructure):
2605         * html/TextFieldInputType.cpp:
2606         (WebCore::TextFieldInputType::createAutoFillButton):
2607         (WebCore::TextFieldInputType::updateAutoFillButton):
2608         * html/parser/HTMLTreeBuilder.cpp:
2609         (WebCore::HTMLTreeBuilder::processIsindexStartTagForInBody):
2610         * html/shadow/MediaControlElements.cpp:
2611         (WebCore::MediaControlClosedCaptionsContainerElement::create):
2612         (WebCore::MediaControlTimelineElement::create):
2613         (WebCore::MediaControlPanelVolumeSliderElement::create):
2614         (WebCore::MediaControlFullscreenVolumeSliderElement::create):
2615         * html/shadow/TextControlInnerElements.cpp:
2616         (WebCore::SearchFieldCancelButtonElement::SearchFieldCancelButtonElement):
2617         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
2618         (WebCore::ImageControlsButtonElementMac::tryCreate):
2619         * html/shadow/mac/ImageControlsRootElementMac.cpp:
2620         (WebCore::ImageControlsRootElement::tryCreate):
2621         * html/track/WebVTTElement.cpp:
2622         (WebCore::WebVTTElement::createEquivalentHTMLElement):
2623         * html/track/WebVTTParser.cpp:
2624         (WebCore::WebVTTTreeBuilder::constructTreeFromToken):
2625         * inspector/InspectorCSSAgent.cpp:
2626         (WebCore::InspectorCSSAgent::createInspectorStyleSheetForDocument):
2627         * inspector/InspectorPageAgent.cpp:
2628         (WebCore::InspectorPageAgent::buildObjectForFrame):
2629         * mathml/MathMLSelectElement.cpp:
2630         (WebCore::MathMLSelectElement::toggle):
2631         * page/PageSerializer.cpp:
2632         (WebCore::PageSerializer::serializeFrame):
2633         * rendering/RenderDetailsMarker.cpp:
2634         (WebCore::RenderDetailsMarker::isOpen):
2635         * rendering/mathml/RenderMathMLFraction.cpp:
2636         (WebCore::RenderMathMLFraction::updateFromElement):
2637         * svg/SVGElement.cpp:
2638         (WebCore::SVGElement::setXmlbase):
2639         * svg/SVGSVGElement.cpp:
2640         (WebCore::SVGSVGElement::setContentScriptType):
2641         (WebCore::SVGSVGElement::setContentStyleType):
2642         * svg/SVGStyleElement.cpp:
2643         (WebCore::SVGStyleElement::setMedia):
2644         (WebCore::SVGStyleElement::setTitle):
2645
2646 2016-07-15  Chris Dumez  <cdumez@apple.com>
2647
2648         Modernize StaticNodeList / StaticElementList
2649         https://bugs.webkit.org/show_bug.cgi?id=159831
2650
2651         Reviewed by Ryosuke Niwa.
2652
2653         Modernize StaticNodeList / StaticElementList. Pass vector to adopt
2654         as an rvalue reference instead of a non-const reference.
2655
2656         * bindings/js/JSHTMLAllCollectionCustom.cpp:
2657         (WebCore::namedItems):
2658         * dom/ChildListMutationScope.cpp:
2659         (WebCore::ChildListMutationAccumulator::enqueueMutationRecord):
2660         * dom/MutationRecord.cpp:
2661         * dom/SelectorQuery.cpp:
2662         (WebCore::SelectorDataList::queryAll):
2663         * dom/StaticNodeList.h:
2664         * dom/WebKitNamedFlow.cpp:
2665         (WebCore::WebKitNamedFlow::getRegionsByContent):
2666         (WebCore::WebKitNamedFlow::getRegions):
2667         (WebCore::WebKitNamedFlow::getContent):
2668         * svg/SVGSVGElement.cpp:
2669         (WebCore::SVGSVGElement::collectIntersectionOrEnclosureList):
2670         * testing/Internals.cpp:
2671         (WebCore::Internals::nodesFromRect):
2672
2673 2016-07-15  Brent Fulgham  <bfulgham@apple.com>
2674
2675         Block insecure script running in a data: frame when the top-level page is HTTPS
2676         https://bugs.webkit.org/show_bug.cgi?id=125806
2677         <rdar://problem/27331825>
2678
2679         Reviewed by Brady Eidson.
2680
2681         Fix based on a Blink change (patch by <tsepez@chromium.org>):
2682         <https://chromium.googlesource.com/chromium/blink/+/33e553bd96e040151c1472289a0d80803bfca3a5>
2683
2684         Test: http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html
2685
2686         * loader/cache/CachedResourceLoader.cpp:
2687         (WebCore::CachedResourceLoader::checkInsecureContent): Check the top-level frame's security state
2688         before allowing insecure scripts to be used.        
2689
2690 2016-07-15  Chris Dumez  <cdumez@apple.com>
2691
2692         Let the compiler generate QualifiedName copy constructor and assignment operator
2693         https://bugs.webkit.org/show_bug.cgi?id=159826
2694
2695         Reviewed by Alex Christensen.
2696
2697         Let the compiler generate QualifiedName copy constructor and assignment operator
2698         as our custom implementation does nothing special. This also makes QualifiedName
2699         movable as the compiler is now able to generate the move constructor / assignment
2700         operator as well.
2701
2702         * dom/QualifiedName.h:
2703         (WebCore::QualifiedName::QualifiedName): Deleted.
2704         (WebCore::QualifiedName::operator=): Deleted.
2705
2706 2016-07-15  Antonio Gomes  <tonikitoo@igalia.com>
2707
2708         ScrollView::setHasHorizontalScrollbar / setHasVerticalScrollbar duplicate their logic
2709         https://bugs.webkit.org/show_bug.cgi?id=159825
2710
2711         Patch introduces a (private) method to ScrollView
2712         to share the code/logic of setHas{Horizontal,Vertical}Scrollbar.
2713
2714         Reviewed by Simon Fraser.
2715
2716         No new tests needed.
2717
2718         * platform/ScrollView.cpp:
2719         (WebCore::ScrollView::setHasScrollbarInternal):
2720         (WebCore::ScrollView::setHasHorizontalScrollbar):
2721         (WebCore::ScrollView::setHasVerticalScrollbar):
2722         * platform/ScrollView.h:
2723
2724 2016-07-15  Frederic Wang  <fwang@igalia.com>
2725
2726         MathOperator: Improve alignment for vertical size variant
2727         https://bugs.webkit.org/show_bug.cgi?id=158866
2728
2729         Reviewed by Brent Fulgham.
2730
2731         The MathOperator class may stretch operators with either a large glyph or a glyph assembly.
2732         In the latter case, the assembly is adjusted to match the stretch ascent and descent
2733         requested by the callers. But in the former case the glyph ascent and descent are used
2734         instead. We solve this by making MathOperator::stretchTo only take a targetSize and let
2735         callers do the vertical alignment they want. This improves the rendering of fences with some
2736         math fonts (e.g. XITS) and allows to pass the two cases of mo-axis-height-1.html.
2737
2738         Test: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
2739
2740         * rendering/mathml/MathOperator.cpp:
2741         (WebCore::MathOperator::stretchTo): Merge vertical and horizontal stretching into the same
2742         function with only the targetSize as a parameter.
2743         * rendering/mathml/RenderMathMLOperator.cpp:
2744         (WebCore::RenderMathMLOperator::stretchTo): Updated to use the new signature.
2745         (WebCore::RenderMathMLOperator::verticalStretchedOperatorShift): Helper function to calculate
2746         the shift necessary to align the baseline of the MathOperator instance with the one of the
2747         RenderMathMLOperator.
2748         (WebCore::RenderMathMLOperator::firstLineBaseline): Adjust the baseline.
2749         * rendering/mathml/RenderMathMLOperator.h: Declare verticalStretchedOperatorShift.
2750         * rendering/mathml/RenderMathMLRoot.cpp:
2751         (WebCore::RenderMathMLRoot::layoutBlock): Use the new signature. This function aligns the top
2752         of the radical with the overbar so we do not need to adjust baseline alignment here.
2753
2754 2016-07-15  Brady Eidson  <beidson@apple.com>
2755
2756         WebKit should prevent push/replace state with username in URL.
2757         <rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818
2758
2759         Reviewed by Brent Fulgham.
2760
2761         Test: http/tests/security/history-username-password.html
2762
2763         * page/History.cpp:
2764         (WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.
2765
2766 2016-07-15  Ryan Haddad  <ryanhaddad@apple.com>
2767
2768         Unreviewed, rolling out r203266.
2769
2770         This change caused editing/deleting/delete-emoji.html to time
2771         out on El Capitan, crash under GuardMalloc
2772
2773         Reverted changeset:
2774
2775         "Support new emoji group candidates"
2776         https://bugs.webkit.org/show_bug.cgi?id=159755
2777         http://trac.webkit.org/changeset/203266
2778
2779 2016-07-15  Frederic Wang  <fwang@igalia.com>
2780
2781         Move parsing of mfrac attributes into a MathMLFractionElement class
2782         https://bugs.webkit.org/show_bug.cgi?id=159624
2783
2784         Reviewed by Brent Fulgham.
2785
2786         We move the parsing of mfrac attributes to a MathMLFractionElement class. This allows to
2787         minimize the updates in RenderMathMLFraction and to remove the alignment members. Many of
2788         the members in updateLayoutParameters are actually only used in layoutBlock and could be
2789         removed in a follow-up patch. We also improve the resolution of negative line thickness value
2790         since the MathML recommendation says it should be rounded up to the nearest valid
2791         value (which is zero) instead of ignoring the attribute and using the line thickness.
2792
2793         No new tests, already covered by existing tests.
2794
2795         * CMakeLists.txt: Add MathMLFractionElement.
2796         * WebCore.xcodeproj/project.pbxproj: Ditto.
2797         * mathml/MathMLAllInOne.cpp: Ditto.
2798         * mathml/MathMLFractionElement.cpp: Added.
2799         (WebCore::MathMLFractionElement::MathMLFractionElement):
2800         (WebCore::MathMLFractionElement::create):
2801         (WebCore::MathMLFractionElement::lineThickness): Return the cached linethickness length,
2802         parsing it again if it is dirty. This handles the special values "thin", "medium" and "thick"
2803         or fallback to the general parseMathMLLength for MathML lengths.
2804         (WebCore::MathMLFractionElement::cachedFractionAlignment): Return the cached alignment value,
2805         parsing it again if it is dirty.
2806         (WebCore::MathMLFractionElement::numeratorAlignment): Return the cached alignment.
2807         (WebCore::MathMLFractionElement::denominatorAlignment): Ditto.
2808         (WebCore::MathMLFractionElement::parseAttribute): Make attributes dirty.
2809         (WebCore::MathMLFractionElement::createElementRenderer): Create a RenderMathMLFraction.
2810         * mathml/MathMLFractionElement.h: Added.
2811         * mathml/MathMLInlineContainerElement.cpp: We no longer need to handle fraction here.
2812         (WebCore::MathMLInlineContainerElement::createElementRenderer):
2813         * mathml/mathtags.in: Use MathMLFractionElement for mfrac.
2814         * rendering/mathml/RenderMathMLFraction.cpp:
2815         (WebCore::RenderMathMLFraction::updateLayoutParameters): New helper function to set the
2816         layout parameters, replacing updateFromElement. We no longer parse and store the alignment
2817         values here. We also change the resolution of negative values.
2818         (WebCore::RenderMathMLFraction::horizontalOffset): Use the enum from MathMLFractionElement.
2819         (WebCore::RenderMathMLFraction::layoutBlock): We call updateLayoutParameters instead of
2820         updateFromElement. The numerator and denominator alignments are resolved here.
2821         (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Deleted. Parsing of alignment
2822         attribute is now handled in MathMLFractionElement.
2823         (WebCore::RenderMathMLFraction::updateFromElement): Deleted. Attribute changes are now
2824         handled in MathMLFractionElement.
2825         (WebCore::RenderMathMLFraction::styleDidChange): Deleted. Font changes are properly handled.
2826         * rendering/mathml/RenderMathMLFraction.h: Update declarations.
2827
2828 2016-07-15  Frederic Wang  <fwang@igalia.com>
2829
2830         Check whether font is nonnull for GlyphData instead of calling GlyphData::isValid()
2831         https://bugs.webkit.org/show_bug.cgi?id=159783
2832
2833         Reviewed by Brent Fulgham.
2834
2835         GlyphData::isValid() returns true for GlyphData with null 'font' pointer when the 'glyph'
2836         index is nonzero. This behavior is not expected by the MathML code and we have had crashes
2837         in our test suite in the past on Windows (e.g. bug 140653). We thus replace the call to
2838         GlyphData::isValid() with a stronger verification: Whether the 'font' pointer is nonzero.
2839
2840         No new tests, this only makes null pointer checks stronger.
2841
2842         * rendering/mathml/MathOperator.cpp:
2843         (WebCore::boundsForGlyph):
2844         (WebCore::advanceWidthForGlyph):
2845         (WebCore::MathOperator::getBaseGlyph):
2846         (WebCore::MathOperator::setSizeVariant):
2847         (WebCore::MathOperator::fillWithVerticalExtensionGlyph):
2848         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph):
2849         (WebCore::MathOperator::paintVerticalGlyphAssembly):
2850         (WebCore::MathOperator::paintHorizontalGlyphAssembly):
2851         (WebCore::MathOperator::paint):
2852         * rendering/mathml/RenderMathMLOperator.cpp:
2853         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
2854         * rendering/mathml/RenderMathMLToken.cpp:
2855         (WebCore::RenderMathMLToken::computePreferredLogicalWidths):
2856         (WebCore::RenderMathMLToken::firstLineBaseline):
2857         (WebCore::RenderMathMLToken::layoutBlock):
2858         (WebCore::RenderMathMLToken::paint):
2859         (WebCore::RenderMathMLToken::paintChildren):
2860
2861 2016-07-15  Frederic Wang  <fwang@igalia.com>
2862
2863         Add DejaVu Math TeX Gyre to the list of math fonts.
2864         https://bugs.webkit.org/show_bug.cgi?id=159805
2865
2866         Reviewed by Brent Fulgham.
2867
2868         DejaVu 2.36 has a new math font that can be used for MathML rendering. Because this font is
2869         likely to be installed on many systems (Linux, LibreOffice, etc) we include it in the default
2870         list of font-families in mathml.css in order to increase the chance to find a math font.
2871
2872         No new tests, it only affects rendering when DejaVu Math TeX Gyre is installed on the system.
2873
2874         * css/mathml.css:
2875         (math):
2876
2877 2016-07-15  Eric Carlson  <eric.carlson@apple.com>
2878
2879         [MSE] Increase the SourceBuffer "fudge factor"
2880         https://bugs.webkit.org/show_bug.cgi?id=159813
2881         <rdar://problem/27372033>
2882
2883         Reviewed by Jon Lee.
2884         
2885         Some media encoding/conversion pipelines are sloppy when doing sample time/timescale
2886         math, and the error accumulation results in small gaps in the media timeline. r202641
2887         increased the maximum allowable gap from 0.01 second to one 24fps frame, but it turns
2888         out that at least one large provider has a significant amount of content encoded with
2889         up to two 24fps frames.
2890
2891         No new tests, updated media/media-source/media-source-small-gap.html.
2892
2893         * Modules/mediasource/SourceBuffer.cpp:
2894         (WebCore::currentTimeFudgeFactor): Increase maximum gap to 2002 / 24000 frames.
2895
2896 2016-07-15  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
2897
2898         Add final keyword to WebCore/svg classes
2899         https://bugs.webkit.org/show_bug.cgi?id=159802
2900
2901         Reviewed by Youenn Fablet.
2902
2903         Updated classes in the WebCore/svg directory to be marked as final where appropriate.
2904
2905         * svg/SVGException.h:
2906         * svg/SVGLengthList.h:
2907         * svg/SVGMatrix.h:
2908         * svg/SVGNumberList.h:
2909         * svg/SVGPaint.h:
2910         * svg/SVGPathBuilder.h:
2911         * svg/SVGPathByteStreamBuilder.h:
2912         * svg/SVGPathByteStreamSource.h:
2913         * svg/SVGPathSegArcAbs.h:
2914         * svg/SVGPathSegArcRel.h:
2915         * svg/SVGPathSegClosePath.h:
2916         * svg/SVGPathSegCurvetoCubicAbs.h:
2917         * svg/SVGPathSegCurvetoCubicRel.h:
2918         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
2919         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
2920         * svg/SVGPathSegCurvetoQuadraticAbs.h:
2921         * svg/SVGPathSegCurvetoQuadraticRel.h:
2922         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
2923         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
2924         * svg/SVGPathSegLinetoAbs.h:
2925         * svg/SVGPathSegLinetoHorizontalAbs.h:
2926         * svg/SVGPathSegLinetoHorizontalRel.h:
2927         * svg/SVGPathSegLinetoRel.h:
2928         * svg/SVGPathSegLinetoVerticalAbs.h:
2929         * svg/SVGPathSegLinetoVerticalRel.h:
2930         * svg/SVGPathSegListBuilder.h:
2931         * svg/SVGPathSegListSource.h:
2932         * svg/SVGPathSegMovetoAbs.h:
2933         * svg/SVGPathSegMovetoRel.h:
2934         * svg/SVGPathStringSource.h:
2935         * svg/SVGPathTraversalStateBuilder.h:
2936         * svg/SVGPointList.h:
2937         * svg/SVGRenderingIntent.h:
2938         * svg/SVGStringList.h:
2939         * svg/SVGTRefElement.cpp:
2940         * svg/SVGToOTFFontConversion.cpp:
2941         * svg/SVGTransformList.h:
2942         * svg/SVGUnitTypes.h:
2943         * svg/SVGViewSpec.h:
2944         * svg/SVGZoomEvent.h:
2945         * svg/animation/SMILTimeContainer.h:
2946         * svg/animation/SVGSMILElement.cpp:
2947         * svg/graphics/filters/SVGFEImage.h:
2948         * svg/graphics/filters/SVGFilter.h:
2949         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
2950         * svg/properties/SVGAnimatedPropertyTearOff.h:
2951         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
2952         * svg/properties/SVGMatrixTearOff.h:
2953         * svg/properties/SVGPathSegListPropertyTearOff.h:
2954         * svg/properties/SVGStaticListPropertyTearOff.h:
2955         * svg/properties/SVGStaticPropertyTearOff.h:
2956         * svg/properties/SVGTransformListPropertyTearOff.h:
2957
2958 2016-07-15  Per Arne Vollan  <pvollan@apple.com>
2959
2960         Uninitialized variable in DIBPixelData can cause a dangerous memory write
2961         https://bugs.webkit.org/show_bug.cgi?id=159414
2962
2963         Reviewed by Brent Fulgham.
2964
2965         Initialize local BITMAP variable, in case the ::GetObject function that should initialize it
2966         fails to do so, because the bitmap handle is invalid.
2967
2968         Tests: Tools/TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp
2969
2970         * platform/graphics/win/DIBPixelData.cpp:
2971         (WebCore::DIBPixelData::initialize): Initialize local variable.
2972         (WebCore::DIBPixelData::setRGBABitmapAlpha): Return early if we have no bitmap.
2973         * platform/graphics/win/DIBPixelData.h: Link fix.
2974
2975 2016-07-14  Yoav Weiss  <yoav@yoav.ws>
2976
2977         Change CSSParser::sourceSize returning Optional<CSSParser::SourceSize>
2978         https://bugs.webkit.org/show_bug.cgi?id=159666
2979
2980         Reviewed by Michael Catanzaro.
2981
2982         Tests:
2983             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
2984
2985         * css/CSSGrammar.y.in: Avoid adding SourceSize to source_size_list when the value is a Nullopt.
2986         * css/CSSParser.cpp:
2987         (WebCore::CSSParser::sourceSize): Return a Nullopt when an invalid value is encountered.
2988         * css/CSSParser.h:
2989
2990 2016-07-14  Antonio Gomes  <tonikitoo@igalia.com>
2991
2992         [RTL Scrollbars] Frame scrollbars don't move to the right when text direction changes to RTL
2993         https://bugs.webkit.org/show_bug.cgi?id=158252
2994
2995         Reviewed by Myles C. Maxfield.
2996
2997         When the 'dir' attribute changes either on body or on the document
2998         element level, the associated FrameView does not trigger an update on
2999         the frame level vertical scrollbar.
3000
3001         Patch adds a 'hook' so that RenderBox::styleDidChange can call in
3002         order to get the document level scrollbar placed properly in the next
3003         layout.
3004
3005         Test: fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement.html
3006               fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2.html
3007               fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement.html
3008
3009         * page/FrameView.cpp:
3010         (WebCore::FrameView::topContentDirectionDidChange):
3011         * page/FrameView.h:
3012         * rendering/RenderBox.cpp:
3013         (WebCore::RenderBox::styleDidChange):
3014
3015 2016-07-14  Myles C. Maxfield  <mmaxfield@apple.com>
3016
3017         Support new emoji group candidates
3018         https://bugs.webkit.org/show_bug.cgi?id=159755
3019         <rdar://problem/27325521>
3020
3021         Reviewed by Dean Jackson.
3022
3023         There are a few code points which should be able to be joined (with ZWJ) to
3024         either U+2640 or U+2642 to change the gender of the emoji. These patterns
3025         should also work with an additional 0xFE0F variation selector. This patch
3026         adds these new patterns to our existing emoji group candidate infrastructure.
3027
3028         Tests: fast/text/emoji-gender-2-3.html
3029                fast/text/emoji-gender-2-4.html
3030                fast/text/emoji-gender-2-5.html
3031                fast/text/emoji-gender-2-6.html
3032                fast/text/emoji-gender-2-7.html
3033                fast/text/emoji-gender-2-8.html
3034                fast/text/emoji-gender-2-9.html
3035                fast/text/emoji-gender-2.html
3036                fast/text/emoji-gender-3.html
3037                fast/text/emoji-gender-4.html
3038                fast/text/emoji-gender-5.html
3039                fast/text/emoji-gender-6.html
3040                fast/text/emoji-gender-7.html
3041                fast/text/emoji-gender-8.html
3042                fast/text/emoji-gender-9.html
3043                fast/text/emoji-gender-fe0f-3.html
3044                fast/text/emoji-gender-fe0f-4.html
3045                fast/text/emoji-gender-fe0f-5.html
3046                fast/text/emoji-gender-fe0f-6.html
3047                fast/text/emoji-gender-fe0f-7.html
3048                fast/text/emoji-gender-fe0f-8.html
3049                fast/text/emoji-gender-fe0f-9.html
3050                fast/text/emoji-gender.html
3051                fast/text/emoji-num-glyphs.html
3052                fast/text/emoji-single-parent-family-2.html
3053                fast/text/emoji-single-parent-family.html
3054
3055         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
3056         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
3057         * platform/graphics/FontCascade.cpp:
3058         (WebCore::FontCascade::characterRangeCodePath):
3059         * platform/text/CharacterProperties.h:
3060         (WebCore::isEmojiGroupCandidate):
3061
3062 2016-07-14  Dean Jackson  <dino@apple.com>
3063
3064         CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::MediaQueryEvaluator::evaluate const
3065         https://bugs.webkit.org/show_bug.cgi?id=159799
3066         <rdar://problem/27346959>
3067
3068         Reviewed by Myles Maxfield.
3069
3070         Speculative fix for this crash, which seems to happen when asking for the Node's
3071         renderer(). From the incoming crash logs, it is triggered by mutations on
3072         a <picture> or <img> element, which would require choosing a new source,
3073         and causing some media queries to evaluate.
3074
3075         The only place in MediaQueryEvaluator that has anything to do with
3076         renderers is when gathering up some style information to pass to the
3077         actual evaluation function. I put a guard against a missing documentElement
3078         in there.
3079
3080         * css/MediaQueryEvaluator.cpp:
3081         (WebCore::MediaQueryEvaluator::evaluate): Make sure documentElement is not
3082         null.
3083
3084 2016-07-14  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
3085
3086         Update HTML*Element class override methods in final classes
3087         https://bugs.webkit.org/show_bug.cgi?id=159456
3088
3089         Reviewed by Youenn Fablet.
3090
3091         Update HTML*Element classes so that overriden methods in final classes are marked final.
3092         Also marked HTMLDivElement overriden methods as final since they are not overridden by derived classes.
3093
3094         * html/HTMLAppletElement.h:
3095         * html/HTMLAreaElement.h:
3096         * html/HTMLAttachmentElement.h:
3097         * html/HTMLAudioElement.h:
3098         * html/HTMLBRElement.h:
3099         * html/HTMLBaseElement.h:
3100         * html/HTMLBodyElement.h:
3101         * html/HTMLButtonElement.h:
3102         * html/HTMLCanvasElement.h:
3103         * html/HTMLDataElement.h:
3104         * html/HTMLDetailsElement.h:
3105         * html/HTMLDivElement.h:
3106         * html/HTMLEmbedElement.h:
3107         * html/HTMLFieldSetElement.h:
3108         * html/HTMLFontElement.h:
3109         * html/HTMLFormElement.h:
3110         * html/HTMLFrameSetElement.h:
3111         * html/HTMLHRElement.h:
3112         * html/HTMLHtmlElement.h:
3113         * html/HTMLKeygenElement.h:
3114         * html/HTMLLIElement.h:
3115         * html/HTMLLabelElement.h:
3116         * html/HTMLLegendElement.h:
3117         * html/HTMLLinkElement.h:
3118         * html/HTMLMapElement.h:
3119         * html/HTMLMarqueeElement.h:
3120         * html/HTMLMetaElement.h:
3121         * html/HTMLMeterElement.h:
3122         * html/HTMLModElement.h:
3123         * html/HTMLOListElement.h:
3124         * html/HTMLObjectElement.h:
3125         * html/HTMLOptGroupElement.h:
3126         * html/HTMLOptionElement.h:
3127         * html/HTMLOutputElement.h:
3128         * html/HTMLParagraphElement.h:
3129         * html/HTMLParamElement.h:
3130         * html/HTMLPreElement.h:
3131         * html/HTMLProgressElement.h:
3132         * html/HTMLQuoteElement.h:
3133         * html/HTMLScriptElement.h:
3134         * html/HTMLSourceElement.h:
3135         * html/HTMLStyleElement.h:
3136         * html/HTMLSummaryElement.h:
3137         * html/HTMLTableCaptionElement.h:
3138         * html/HTMLTableColElement.h:
3139         * html/HTMLTableElement.h:
3140         * html/HTMLTableSectionElement.h:
3141         * html/HTMLTemplateElement.h:
3142         * html/HTMLTextAreaElement.h:
3143         * html/HTMLTitleElement.h:
3144         * html/HTMLUListElement.h:
3145         * html/HTMLUnknownElement.h:
3146         * html/HTMLVideoElement.h:
3147         * html/HTMLWBRElement.h:
3148
3149 2016-07-14  Chris Dumez  <cdumez@apple.com>
3150
3151         Modernize GlyphMetricsMap
3152         https://bugs.webkit.org/show_bug.cgi?id=159788
3153
3154         Reviewed by Darin Adler.
3155
3156         Modernize GlyphMetricsMap a bit.
3157
3158         * platform/graphics/GlyphMetricsMap.h:
3159         - Drop WTF_MAKE_NONCOPYABLE as the class is already non-copyable due to having
3160           to having a std::unique_ptr data member.
3161         - Drop GlyphMetricsMap default constructor and let the compiler generate it
3162           instead. This required using inline initialization for m_filledPrimaryPage.
3163
3164         (WebCore::GlyphMetricsMap::GlyphMetricsPage::GlyphMetricsPage):
3165         - Make m_metrics data member private as it does not need to be public.
3166         - Make setMetricsForIndex(unsigned index, const T& metrics) setter private
3167           as it does not need to be public.
3168         - Make GlyphMetricsPage(const T& initialValue) constructor explicit as it
3169           takes only 1 parameter.
3170
3171         (WebCore::GlyphMetricsMap<T>::locatePageSlowCase):
3172         - Use HashMap::ensure() to make the code a bit nicer.
3173
3174 2016-07-14  Simon Fraser  <simon.fraser@apple.com>
3175
3176         [iOS WK2] When scrolling apple.com/music on iPad Pro in landscape, left-hand tiles appear first
3177         https://bugs.webkit.org/show_bug.cgi?id=159798
3178         rdar://problem/27362717
3179
3180         Reviewed by Tim Horton.
3181
3182         In out-of-visible tiled layers, we always allocated the top-left tile, wasting
3183         memory and causing ugliness when scrolling that layer into view. This happened
3184         because getTileIndexRangeForRect() had no way to express the fact that no tiles
3185         should be created.
3186
3187         Fix getTileIndexRangeForRect() to return a bool, and fix callers to respect the
3188         return value.
3189
3190         Test: compositing/tiling/offscreen-tiled-layer.html
3191
3192         * platform/graphics/ca/GraphicsLayerCA.cpp:
3193         (WebCore::GraphicsLayerCA::dumpAdditionalProperties):
3194         * platform/graphics/ca/TileGrid.cpp:
3195         (WebCore::TileGrid::setNeedsDisplayInRect):
3196         (WebCore::TileGrid::tilesWouldChangeForCoverageRect):
3197         (WebCore::TileGrid::getTileIndexRangeForRect):
3198         (WebCore::TileGrid::revalidateTiles):
3199         (WebCore::TileGrid::ensureTilesForRect):
3200         (WebCore::TileGrid::extent):
3201         * platform/graphics/ca/TileGrid.h:
3202
3203 2016-07-14  John Wilander  <wilander@apple.com>
3204
3205         Remove credentials in URL when accessed through location.href
3206         https://bugs.webkit.org/show_bug.cgi?id=139562
3207         <rdar://problem/27331164>
3208
3209         Reviewed by Brent Fulgham.
3210
3211         Test: http/tests/security/location-href-clears-username-password.html
3212
3213         The reason for this change is to not allow scripts on the page to
3214         exfiltrate username and password from the URL.
3215
3216         * page/Location.cpp:
3217         (WebCore::Location::href):
3218             Now checks if there is a username or password in the URL. If so,
3219             it copies the URL and removes the username and password.
3220
3221 2016-07-14  Javier Fernandez  <jfernandez@igalia.com>
3222
3223         [css-grid] Handle min-content/max-content with orthogonal flows
3224         https://bugs.webkit.org/show_bug.cgi?id=159294
3225
3226         Reviewed by Darin Adler.
3227
3228         Currently there is no support for orthogonal flows in many aspects of the
3229         Grid Layout logic.
3230
3231         The Grid sizing algorithm should be adapted to this scenario, hence this
3232         patch focus on the min-content and max-content functions, used to resolve
3233         content based track sizes.
3234
3235         There are still issues related to alignment and sizes using percentages,
3236         but they will be addressed in different patches.
3237
3238         Tests: fast/css-grid-layout/grid-item-positioning-with-orthogonal-flows.html
3239                fast/css-grid-layout/grid-item-sizing-with-orthogonal-flows.html
3240                fast/css-grid-layout/grid-item-spanning-and-orthogonal-flows.html
3241                fast/css-grid-layout/grid-track-sizing-with-orthogonal-flows.html
3242                fast/css-grid-layout/grid-track-sizing-with-percentages-and-orthogonal-flows.html
3243
3244         * rendering/RenderBox.cpp:
3245         (WebCore::RenderBox::computeLogicalWidthInRegion):
3246         * rendering/RenderGrid.cpp:
3247         (WebCore::RenderGrid::GridSizingData::advanceNextState):
3248         (WebCore::RenderGrid::GridSizingData::isValidTransitionForDirection):
3249         (WebCore::RenderGrid::computeTrackSizesForDirection):
3250         (WebCore::RenderGrid::repeatTracksSizingIfNeeded): Added.
3251         (WebCore::RenderGrid::layoutBlock):
3252         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
3253         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
3254         (WebCore::hasOverrideContainingBlockContentSizeForChild):
3255         (WebCore::overrideContainingBlockContentSizeForChild):
3256         (WebCore::setOverrideContainingBlockContentSizeForChild):
3257         (WebCore::shouldClearOverrideContainingBlockContentSizeForChild):
3258         (WebCore::RenderGrid::gridTrackSize):
3259         (WebCore::RenderGrid::isOrthogonalChild): Added.
3260         (WebCore::RenderGrid::logicalHeightForChild):
3261         (WebCore::RenderGrid::flowAwareDirectionForChild): Added.
3262         (WebCore::RenderGrid::minSizeForChild):
3263         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
3264         (WebCore::RenderGrid::minContentForChild):
3265         (WebCore::RenderGrid::maxContentForChild):
3266         (WebCore::RenderGrid::placeItemsOnGrid):
3267         (WebCore::RenderGrid::layoutPositionedObject):
3268         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
3269         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild): Added.
3270         (WebCore::RenderGrid::gridAreaBreadthForChild):
3271         (WebCore::RenderGrid::columnAxisPositionForChild):
3272         (WebCore::RenderGrid::rowAxisPositionForChild):
3273         (WebCore::RenderGrid::findChildLogicalPosition):
3274         * rendering/RenderGrid.h:
3275         (WebCore::RenderGrid::SizingOperation): This enum has been moved to the header file.
3276         (WebCore::RenderGrid::m_hasAnyOrthogonalChild): New class attribute to know if there are any orthogonal grid items.
3277         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
3278         (WebCore::RenderGrid::logicalHeightForChild):
3279         (WebCore::RenderGrid::gridAreaBreadthForChild):
3280         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):
3281
3282
3283
3284 2016-07-14  Chris Dumez  <cdumez@apple.com>
3285
3286         Use emptyString() instead of "" when possible
3287         https://bugs.webkit.org/show_bug.cgi?id=159789
3288
3289         Reviewed by Alex Christensen.
3290
3291         Use emptyString() instead of "" when possible to reduce String allocations.
3292
3293         * Modules/webdatabase/Database.cpp:
3294         (WebCore::Database::performOpenAndVerify):
3295         * css/CSSSelector.h:
3296         * css/StyleProperties.cpp:
3297         (WebCore::MutableStyleProperties::removeProperty):
3298         (WebCore::MutableStyleProperties::removeCustomProperty):
3299         * editing/TextCheckingHelper.cpp:
3300         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
3301         (WebCore::TextCheckingHelper::findFirstBadGrammar):
3302         * editing/TypingCommand.h:
3303         (WebCore::TypingCommand::create):
3304         * fileapi/FileReaderLoader.cpp:
3305         (WebCore::FileReaderLoader::cleanup):
3306         * inspector/InspectorStyleSheet.cpp:
3307         (WebCore::fillMediaListChain):
3308         * page/UserContentURLPattern.cpp:
3309         (WebCore::UserContentURLPattern::parse):
3310         * platform/graphics/MediaPlayer.cpp:
3311         (WebCore::MediaPlayer::load):
3312         * platform/gtk/DataObjectGtk.h:
3313         (WebCore::DataObjectGtk::clearURIList):
3314         * platform/network/curl/ResourceHandleCurl.cpp:
3315         (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
3316         * platform/network/curl/ResourceHandleManager.h:
3317         * rendering/RenderLayerCompositor.cpp:
3318         (WebCore::RenderLayerCompositor::layerTreeAsText):
3319         * rendering/RenderListMarker.cpp:
3320         (WebCore::RenderListMarker::updateContent):
3321         * rendering/style/RenderStyle.cpp:
3322         (WebCore::RenderStyle::noneDashboardRegions):
3323         * rendering/svg/SVGTextMetrics.cpp:
3324         (WebCore::SVGTextMetrics::SVGTextMetrics):
3325         * xml/XPathParser.cpp:
3326         (WebCore::XPath::Parser::lexString):
3327
3328 2016-07-14  Brent Fulgham  <bfulgham@apple.com>
3329
3330         editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc 
3331         https://bugs.webkit.org/show_bug.cgi?id=142969
3332         <rdar://problem/27331095>
3333
3334         Reviewed by Alex Christensen.
3335
3336         Fix based on a Blink change (patch by <rouslan@chromium.org>):
3337         <https://chromium.googlesource.com/chromium/blink/+/c713736b122c2224804b2db72f1f711cb47ee260%5E%21/#F1>
3338
3339         Test: editing/spelling/copy-paste-crash.html
3340               editing/spelling/spellcheck-async.html
3341
3342         * editing/SpellChecker.cpp:
3343         (WebCore::SpellCheckRequest::didSucceed):
3344         (WebCore::SpellCheckRequest::didCancel):
3345
3346 2016-07-14  Zalan Bujtas  <zalan@apple.com>
3347
3348         ImageBuffer's succes flag should be set to false at the very beginning of the c'tor.
3349         https://bugs.webkit.org/show_bug.cgi?id=159784
3350
3351         Reviewed by Simon Fraser.
3352
3353         No change in functionality.
3354
3355         * platform/graphics/cg/ImageBufferCG.cpp:
3356         (WebCore::ImageBuffer::ImageBuffer):
3357
3358 2016-07-14  Alex Christensen  <achristensen@webkit.org>
3359
3360         Use SocketProvider to create SocketStreamHandles
3361         https://bugs.webkit.org/show_bug.cgi?id=159774
3362
3363         Reviewed by Brady Eidson.
3364
3365         No new tests.  No change in behaviour.
3366         
3367         In r202930 I introduced the SocketProvider, but I used it to make a WebSocketChannel
3368         instead of a SocketStreamHandle, which is the class I want to make into an interface
3369         and proxy the web traffic over to the NetworkProcess.
3370
3371         * CMakeLists.txt:
3372         * Modules/websockets/ThreadableWebSocketChannel.cpp: Added.
3373         (WebCore::ThreadableWebSocketChannel::create):
3374         I removed this in 202930, so this is restoring it from that patch, hence the old copyright.
3375         * Modules/websockets/ThreadableWebSocketChannel.h:
3376         (WebCore::ThreadableWebSocketChannel::ThreadableWebSocketChannel):
3377         * Modules/websockets/WebSocket.cpp:
3378         (WebCore::WebSocket::connect):
3379         * Modules/websockets/WebSocketChannel.cpp:
3380         (WebCore::WebSocketChannel::WebSocketChannel):
3381         (WebCore::WebSocketChannel::connect):
3382         * Modules/websockets/WebSocketChannel.h:
3383         (WebCore::WebSocketChannel::create):
3384         * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
3385         (WebCore::WorkerThreadableWebSocketChannel::WorkerThreadableWebSocketChannel):
3386         (WebCore::WorkerThreadableWebSocketChannel::resume):
3387         (WebCore::WorkerThreadableWebSocketChannel::Peer::Peer):
3388         (WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveMessageError):
3389         (WebCore::WorkerThreadableWebSocketChannel::Bridge::Bridge):
3390         (WebCore::WorkerThreadableWebSocketChannel::Bridge::~Bridge):
3391         (WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
3392         (WebCore::WorkerThreadableWebSocketChannel::Bridge::initialize):
3393         * Modules/websockets/WorkerThreadableWebSocketChannel.h:
3394         (WebCore::WorkerThreadableWebSocketChannel::create):
3395         (WebCore::WorkerThreadableWebSocketChannel::Bridge::create):
3396         * WebCore.xcodeproj/project.pbxproj:
3397         * inspector/InspectorOverlay.cpp:
3398         (WebCore::InspectorOverlay::overlayPage):
3399         * loader/EmptyClients.cpp:
3400         (WebCore::EmptyEditorClient::registerRedoStep):
3401         (WebCore::EmptySocketProvider::createWebSocketChannel): Deleted.
3402         * loader/EmptyClients.h:
3403         * page/SocketProvider.cpp: Added.
3404         (WebCore::SocketProvider::createSocketStreamHandle):
3405         * page/SocketProvider.h:
3406         (WebCore::SocketProvider::~SocketProvider): Deleted.
3407         * platform/network/cf/SocketStreamHandle.h:
3408         * svg/graphics/SVGImage.cpp:
3409         (WebCore::SVGImage::dataChanged):
3410
3411 2016-07-14  Brady Eidson  <beidson@apple.com>
3412
3413         "User delete" tests are flakey timeouts (and/or DatabaseProcess crashes).
3414         https://bugs.webkit.org/show_bug.cgi?id=158741
3415
3416         Reviewed by Alex Christensen.
3417
3418         No new tests (Covered by existing tests in some configurations)
3419
3420         - Check if a database hard delete is complete in more places.
3421         - Asynchronously clear out the hard close protector instead of synchronously.
3422         
3423         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
3424         (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
3425         (WebCore::IDBServer::UniqueIDBDatabase::didPerformUnconditionalDeleteBackingStore):
3426         (WebCore::IDBServer::UniqueIDBDatabase::didFinishHandlingVersionChange):
3427         (WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient):
3428         (WebCore::IDBServer::UniqueIDBDatabase::transactionCompleted):
3429         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
3430         (WebCore::IDBServer::UniqueIDBDatabase::maybeFinishHardClose):
3431         (WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):
3432         (WebCore::IDBServer::UniqueIDBDatabase::doneWithHardClose): Deleted.
3433
3434         * Modules/indexeddb/server/UniqueIDBDatabase.h:
3435         (WebCore::IDBServer::UniqueIDBDatabase::hardClosedForUserDelete):
3436
3437         * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
3438         (WebCore::IDBServer::UniqueIDBDatabaseConnection::didAbortTransaction):
3439
3440 2016-07-13  Brent Fulgham  <bfulgham@apple.com>
3441
3442         CSSStyleSheet members should clear their owner node when destroyed
3443         https://bugs.webkit.org/show_bug.cgi?id=117470
3444
3445         Reviewed by Chris Dumez.
3446
3447         Make sure that CSSStyleSheet members are detached from their owner node when
3448         the owning object is destroyed.
3449
3450         I audited other CSSStyleSheet uses, and found one other place where the owner node was not
3451         being cleared during destruction. The Inspector also uses CSSStyleSheet, but seems to
3452         handle the node ownership properly.
3453
3454         Fix based on a Blink change (patch by <haraken@chromium.org>):
3455         <https://chromium.googlesource.com/chromium/blink/+/c4949bfdeb2a613701afa1410bdae70531b8f6bf>
3456
3457         Also includes a follow-up fix (patch by <haraken@chromium.org>):
3458         <https://chromium.googlesource.com/chromium/blink/+/9c3932dc80b33429db3a5873cb266b726c8a19bf>
3459
3460         No test case. Was found by the Chromium team through review of their crash traces under minor DOM GC.
3461
3462         * contentextensions/ContentExtensionStyleSheet.cpp:
3463         (WebCore::ContentExtensions::ContentExtensionStyleSheet::~ContentExtensionStyleSheet):
3464         * contentextensions/ContentExtensionStyleSheet.h:
3465         * dom/InlineStyleSheetOwner.cpp:
3466         (WebCore::InlineStyleSheetOwner::~InlineStyleSheetOwner):
3467         (WebCore::authorStyleSheetsForElement):
3468
3469 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
3470
3471         Fix the !ENABLE(WEB_SOCKETS) build after r202930
3472         https://bugs.webkit.org/show_bug.cgi?id=159768
3473
3474         Reviewed by Alex Christensen.
3475
3476         * loader/EmptyClients.cpp:
3477         * loader/EmptyClients.h:
3478         * page/SocketProvider.h:
3479         * workers/WorkerGlobalScope.cpp:
3480         (WebCore::WorkerGlobalScope::WorkerGlobalScope):
3481         * workers/WorkerThread.cpp:
3482         (WebCore::WorkerThread::WorkerThread):
3483
3484 2016-07-14  Youenn Fablet  <youenn@apple.com>
3485
3486         DOMIterators should be assigned a correct prototype
3487         https://bugs.webkit.org/show_bug.cgi?id=159115
3488
3489         Reviewed by Chris Dumez.
3490
3491         Default iterator object internal prototype property is the Iterator prototype as defined in
3492         http://heycam.github.io/webidl/#dfn-iterator-prototype-object.
3493         Linking DOMIterator prototype to IteratorPrototype.
3494         This allows adding @@iterator property to the result of entries, keys and values methods.
3495         This in turns allow doing for-of loops on them.
3496
3497         Covered by updated test.
3498
3499         * ForwardingHeaders/runtime/IteratorPrototype.h: Added.
3500         * bindings/js/JSDOMIterator.h: Setting correct prototype and marking next prototype property as enumerable.
3501
3502 2016-07-14  Youenn Fablet  <youenn@apple.com>
3503
3504         Remove support for value iterators from JSDOMIterator
3505         https://bugs.webkit.org/show_bug.cgi?id=159293
3506
3507         Reviewed by Chris Dumez.
3508
3509         Value iterators are now handled without using DOMIterator.
3510         Since FontFaceSet is using DOMIterator as an intermediate step towards supporting set-like,
3511         entries and forEach implementation should be made compliant with set-like.
3512         This means that item value should be passed instead of an index in entries iterator and forEach callback.
3513
3514         Covered by updated test.
3515
3516         * bindings/js/JSDOMIterator.h:
3517         (WebCore::JSDOMIterator<JSWrapper>::asJS): Pass set item as entries value field.
3518         (WebCore::appendForEachArguments): Pass set item as second parameter.
3519         (WebCore::iteratorForEach): Remove index handling.
3520
3521 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
3522
3523         Fix the !ENABLE(MATHML) build after r201739
3524         https://bugs.webkit.org/show_bug.cgi?id=159767
3525
3526         Reviewed by Alex Christensen.
3527
3528         * dom/Document.cpp:
3529         (WebCore::Document::validateCustomElementName):
3530
3531 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
3532
3533         Fix the !ENABLE(CSS_IMAGE_SET) build
3534         https://bugs.webkit.org/show_bug.cgi?id=159766
3535
3536         Reviewed by Alex Christensen.
3537
3538         * css/CSSParser.cpp:
3539
3540 2016-07-14  Frederic Wang  <fred.wang@free.fr>
3541
3542         Cleanup of MathML headers
3543         https://bugs.webkit.org/show_bug.cgi?id=159336
3544
3545         Reviewed by Alex Christensen.
3546
3547         We do some cleanup in MathML headers:
3548         - Use #pragma once
3549         - Use final for class that are not extended.
3550         - Use final instead of override for virtual members that are not overridden by derived classes.
3551         - Try and reduce the visibility of function members to private or protected as appropriate.
3552         - Remove useless #include
3553         - Remove useless class or friendship declaration
3554         - Remove unused functions
3555
3556         No new tests, behavior is unchanged.
3557
3558         * mathml/MathMLElement.h:
3559         * mathml/MathMLInlineContainerElement.h:
3560         * mathml/MathMLMathElement.h:
3561         * mathml/MathMLMencloseElement.h:
3562         * mathml/MathMLOperatorDictionary.h:
3563         * mathml/MathMLPaddedElement.h:
3564         * mathml/MathMLSelectElement.h:
3565         * mathml/MathMLSpaceElement.h:
3566         * mathml/MathMLTextElement.h:
3567         * rendering/mathml/MathOperator.h:
3568         * rendering/mathml/RenderMathMLBlock.h:
3569         * rendering/mathml/RenderMathMLFenced.h:
3570         * rendering/mathml/RenderMathMLFraction.h:
3571         * rendering/mathml/RenderMathMLMath.h:
3572         * rendering/mathml/RenderMathMLMenclose.h:
3573         * rendering/mathml/RenderMathMLOperator.h:
3574         * rendering/mathml/RenderMathMLRoot.h:
3575         * rendering/mathml/RenderMathMLRow.cpp:
3576         (WebCore::RenderMathMLRow::RenderMathMLRow): Deleted. We no longer create anonymous row.
3577         * rendering/mathml/RenderMathMLRow.h:
3578         * rendering/mathml/RenderMathMLScripts.h:
3579         * rendering/mathml/RenderMathMLSpace.h:
3580         * rendering/mathml/RenderMathMLToken.h:
3581         * rendering/mathml/RenderMathMLUnderOver.h:
3582
3583 2016-07-14  Alex Christensen  <achristensen@webkit.org>
3584
3585         Pass SessionID to WebSocketHandle constructor
3586         https://bugs.webkit.org/show_bug.cgi?id=159772
3587
3588         Reviewed by Brady Eidson.
3589
3590         No new tests.  No change in behavior.
3591
3592         * Modules/websockets/WebSocketChannel.cpp:
3593         (WebCore::WebSocketChannel::connect):
3594         * platform/network/cf/SocketStreamHandle.h:
3595         (WebCore::SocketStreamHandle::create):
3596         * platform/network/cf/SocketStreamHandleCFNet.cpp:
3597         (WebCore::SocketStreamHandle::SocketStreamHandle):
3598         * platform/network/curl/SocketStreamHandle.h:
3599         (WebCore::SocketStreamHandle::create):
3600         * platform/network/soup/SocketStreamHandle.h:
3601
3602 2016-07-14  Carlos Garcia Campos  <cgarcia@igalia.com>
3603
3604         [GLib] Use a GSource instead of a thread to poll memory pressure eventFD in linux implementation
3605         https://bugs.webkit.org/show_bug.cgi?id=159346
3606
3607         Reviewed by Antonio Gomes.
3608
3609         This is a follow up of r203216 to fix wrong use of Optional values.
3610
3611         * platform/linux/MemoryPressureHandlerLinux.cpp:
3612
3613 2016-07-14  Youenn Fablet  <youenn@apple.com>
3614
3615         DOM value iterable interfaces should use Array prototype methods
3616         https://bugs.webkit.org/show_bug.cgi?id=159296
3617
3618         Reviewed by Chris Dumez and Mark Lam.
3619
3620         Test: fast/dom/NodeList/nodelist-iterable.html
3621         Also covered by updated layout test and binding tests.
3622
3623         For value iterators, copy the iterator methods from Array prototype: as per https://heycam.github.io/webidl/#es-iterable,
3624         [re: entries] If the interface has a value iterator, then the Function object is the initial value of the "entries" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
3625         [re: keys] If the interface has a value iterator, then the Function object is the initial value of the "keys" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
3626         [re: forEach] If the interface defines an indexed property getter, then the Function object is the initial value of the "forEach" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
3627         [re: Symbol.iterator] If the interface defines an indexed property getter, then the Function object is %ArrayProto_values% ([ECMA-262], section 6.1.7.4).
3628         [re: values] If the interface has a value iterator, then the Function object is the value of the @@iterator property.
3629
3630         This change applies only to NodeList at the moment.
3631         Copy of Array prototype iterator methods is disabled if the interface has no indexed getter.
3632
3633         * CMakeLists.txt:
3634         * ForwardingHeaders/builtins/BuiltinNames.h: Added.
3635         * ForwardingHeaders/builtins/JSCBuiltins.h: Added.
3636         * ForwardingHeaders/runtime/CommonIdentifiers.h: Added.
3637         * WebCore.xcodeproj/project.pbxproj:
3638         * bindings/js/JSDOMIterator.cpp: Added.
3639         (WebCore::addValueIterableMethods): Copy iterator methods from array prototype.
3640         * bindings/js/JSDOMIterator.h:
3641         * bindings/scripts/CodeGeneratorJS.pm:
3642         (GeneratePropertiesHashTable):
3643         (GenerateImplementation):
3644         (IsValueIterableInterface): Introduced to only copy iterator methods if the interface has an indexed getter.
3645         (IsKeyValueIterableInterface): Introduced to detect whether generating iterator methods.
3646         (GenerateImplementationIterableFunctions):
3647         * bindings/scripts/test/GObject/WebKitDOMTestIterable.cpp: Added.
3648         * bindings/scripts/test/GObject/WebKitDOMTestIterable.h: Added.
3649         * bindings/scripts/test/GObject/WebKitDOMTestIterablePrivate.h: Added.
3650         * bindings/scripts/test/JS/JSTestIterable.cpp: Added.
3651         * bindings/scripts/test/JS/JSTestIterable.h: Added.
3652         * bindings/scripts/test/JS/JSTestObj.cpp: Updated as TestObj defines both iterable<> and indexed getter.
3653         * bindings/scripts/test/ObjC/DOMTestIterable.h: Added.
3654         * bindings/scripts/test/ObjC/DOMTestIterable.mm: Added.
3655         * bindings/scripts/test/ObjC/DOMTestIterableInternal.h: Added.
3656         * bindings/scripts/test/TestIterable.idl: Added to handle the case of value iterator without indexed getter defined.
3657         Array prototype methods should not be copied.
3658         * bindings/scripts/test/TestObj.idl: Changing to be a value iterator (with indexed getter already defined).
3659         Array prototype methods should be copied.
3660
3661 2016-07-14  Youenn Fablet  <youenn@apple.com>
3662
3663         [Fetch API] Request and Response url getter should use URL serialization
3664         https://bugs.webkit.org/show_bug.cgi?id=159705
3665
3666         Reviewed by Alex Christensen.
3667
3668         Tests: fetch/fetch-url-serialization.html
3669                imported/w3c/web-platform-tests/fetch/api/basic/response-url-worker.html
3670                imported/w3c/web-platform-tests/fetch/api/basic/response-url.html
3671
3672         Implementing https://url.spec.whatwg.org/#concept-url-serializer and applying it to Request and Response getter.
3673         Adding a temporary routine to compute url cannot-be-a-base-url flag. The parsing routine should store that
3674         information in the URL itself.
3675
3676         Added tests to cover serialization routine. Failing tests are mostly due to limitations of the URL parser.
3677         Tests do not check for URLs with username and password as Request constructor throws with such URLs.
3678
3679         * Modules/fetch/FetchRequest.cpp:
3680         (WebCore::FetchRequest::url): Adding request url serialization, fragment included.
3681         * Modules/fetch/FetchRequest.h:
3682         * Modules/fetch/FetchResponse.cpp:
3683         (WebCore::FetchResponse::url): Adding response url serialization, fragment excluded.
3684         * Modules/fetch/FetchResponse.h:
3685         * platform/URL.cpp:
3686         (WebCore::cannotBeABaseURL): Temporary helper function to have a coarse evaluation of url cannot-be-a-base-url flag.
3687         (WebCore::URL::serialize): Implementation of https://url.spec.whatwg.org/#concept-url-serializer.
3688         * platform/URL.h:
3689         (WebCore::URL::hasUser): Helper getter.
3690         (WebCore::URL::hasPassword): Ditto.
3691         (WebCore::URL::hasQuery): Ditto.
3692         (WebCore::URL::hasFragment): Ditto.
3693
3694 2016-07-14  Sergio Villar Senin  <svillar@igalia.com>
3695
3696         [css-grid] Const-ify track sizing algorithm
3697         https://bugs.webkit.org/show_bug.cgi?id=159716
3698
3699         Reviewed by Carlos Garcia Campos.
3700
3701         All the methods used to run the track sizing algorithm should not
3702         modify the state of LayoutGrid. We can safely const-ify all of them
3703         and remove the ugly const_cast in computeIntrinsicLogicalWidths().
3704
3705         No new tests needed as there is no change in behavior.
3706
3707         * rendering/RenderGrid.cpp:
3708         (WebCore::RenderGrid::logicalHeightForChild):
3709         (WebCore::RenderGrid::minSizeForChild):
3710         (WebCore::RenderGrid::updateOverrideContainingBlockContentLogicalWidthForChild):
3711         (WebCore::RenderGrid::minContentForChild):
3712         (WebCore::RenderGrid::maxContentForChild):
3713         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
3714         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
3715         (WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase):
3716         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
3717         (WebCore::RenderGrid::distributeSpaceToTracks):
3718         * rendering/RenderGrid.h:
3719
3720 2016-07-14  Jer Noble  <jer.noble@apple.com>
3721
3722         REGRESSION (r202918): LayoutTest media/video-main-content-allow-then-deny.html is flaky, failing almost every time on El Capitan
3723         https://bugs.webkit.org/show_bug.cgi?id=159533
3724
3725         Reviewed by Eric Carlson.
3726
3727         Move the contents of mainContentCheckTimerFired() into updateIsMainContent() so that the
3728         results of changing the m_isMainContent ivar are acted upon no matter why m_isMainContent
3729         changes.
3730
3731         * html/MediaElementSession.cpp:
3732         (WebCore::MediaElementSession::mainContentCheckTimerFired):
3733         (WebCore::MediaElementSession::updateIsMainContent):
3734
3735 2016-07-13  Alex Christensen  <achristensen@webkit.org>
3736
3737         Modernize WebSocket handle
3738         https://bugs.webkit.org/show_bug.cgi?id=159750
3739
3740         Reviewed by Brady Eidson.
3741
3742         No new tests.  No change in behavior.
3743         This patch just removes ThreadableWebSocketChannel::InvalidMessage which is never used
3744         and makes our use of SocketStreamHandleClient a reference instead of a pointer.
3745
3746         * Modules/websockets/ThreadableWebSocketChannel.h:
3747         * Modules/websockets/WebSocket.cpp:
3748         (WebCore::WebSocket::send):
3749         * Modules/websockets/WebSocketChannel.cpp:
3750         (WebCore::WebSocketChannel::connect):
3751         * platform/network/SocketStreamHandleBase.cpp:
3752         (WebCore::SocketStreamHandleBase::SocketStreamHandleBase):
3753         (WebCore::SocketStreamHandleBase::send):
3754         (WebCore::SocketStreamHandleBase::disconnect):
3755         (WebCore::SocketStreamHandleBase::sendPendingData):
3756         (WebCore::SocketStreamHandleBase::setClient): Deleted.
3757         * platform/network/SocketStreamHandleBase.h:
3758         (WebCore::SocketStreamHandleBase::~SocketStreamHandleBase):
3759         (WebCore::SocketStreamHandleBase::bufferedAmount):
3760         (WebCore::SocketStreamHandleBase::client):
3761         * platform/network/cf/SocketStreamHandle.h:
3762         (WebCore::SocketStreamHandle::create):
3763         * platform/network/cf/SocketStreamHandleCFNet.cpp:
3764         (WebCore::SocketStreamHandle::SocketStreamHandle):
3765         (WebCore::SocketStreamHandle::addCONNECTCredentials):
3766         (WebCore::SocketStreamHandle::copyCFStreamDescription):
3767         (WebCore::SocketStreamHandle::readStreamCallback):
3768         (WebCore::SocketStreamHandle::writeStreamCallback):
3769         (WebCore::SocketStreamHandle::reportErrorToClient):
3770         (WebCore::SocketStreamHandle::~SocketStreamHandle):
3771         (WebCore::SocketStreamHandle::platformClose):
3772         (WebCore::SocketStreamHandle::port):
3773         * platform/network/curl/SocketStreamHandle.h:
3774         (WebCore::SocketStreamHandle::create):
3775         * platform/network/curl/SocketStreamHandleCurl.cpp:
3776         (WebCore::SocketStreamHandle::SocketStreamHandle):
3777         (WebCore::SocketStreamHandle::platformClose):
3778         (WebCore::SocketStreamHandle::readData):
3779         (WebCore::SocketStreamHandle::didReceiveData):
3780         (WebCore::SocketStreamHandle::didOpenSocket):
3781         (WebCore::SocketStreamHandle::createCopy):
3782         * platform/network/soup/SocketStreamHandle.h:
3783         * platform/network/soup/SocketStreamHandleSoup.cpp:
3784         (WebCore::SocketStreamHandle::SocketStreamHandle):
3785         (WebCore::SocketStreamHandle::~SocketStreamHandle):
3786         (WebCore::SocketStreamHandle::connected):
3787         (WebCore::SocketStreamHandle::connectedCallback):
3788         (WebCore::SocketStreamHandle::readBytes):
3789         (WebCore::SocketStreamHandle::didFail):
3790         (WebCore::SocketStreamHandle::writeReady):
3791         (WebCore::SocketStreamHandle::platformClose):
3792         (WebCore::SocketStreamHandle::beginWaitingForSocketWritability):
3793
3794 2016-07-13  Carlos Garcia Campos  <cgarcia@igalia.com>
3795
3796         [GLib] Use a GSource instead of a thread to poll memory pressure eventFD in linux implementation
3797         https://bugs.webkit.org/show_bug.cgi?id=159346
3798
3799         Reviewed by Antonio Gomes.
3800
3801         The eventFD file descriptor is pollable, so it would be much better to use a poll instead of a blocking read in
3802         a secondary thread and then communicate back to the main thread. This is very easy to do with GSource in GLib,
3803         so we could use that when GLib is available and keep the current implementation as a fallback.
3804
3805         * platform/MemoryPressureHandler.cpp:
3806         (WebCore::m_holdOffTimer): Use a RunLoop timer.
3807         * platform/MemoryPressureHandler.h:
3808         * platform/linux/MemoryPressureHandlerLinux.cpp:
3809         (WebCore::MemoryPressureHandler::EventFDPoller::EventFDPoller): Helper class do the eventFD polling.
3810         (WebCore::MemoryPressureHandler::logErrorAndCloseFDs): Check if file descriptors are -1 not 0.
3811         (WebCore::MemoryPressureHandler::install): Return early also if the hold off timer is active. Use EventFDPoller
3812         to do the polling.
3813         (WebCore::MemoryPressureHandler::uninstall): Stop the hold off timer and clear the EventFDPoller.
3814
3815 2016-07-13  Benjamin Poulain  <benjamin@webkit.org>
3816
3817         [CSS][ARMv7] :nth-child() do not reserve enough registers if it is in backtracking chain
3818         https://bugs.webkit.org/show_bug.cgi?id=159746
3819         rdar://problem/26156169
3820
3821         Reviewed by Andreas Kling.
3822
3823         The generator generateElementIsNthChild() requires 6 registers in style resolution
3824         to mark previous siblings with generateAddStyleRelationIfResolvingStyle() in the loop.
3825
3826         We were only reserving 5, which is a problem is the sixth is taken by the backtracking
3827         register. x86_64 was already requiring 6 for unrelated reasons and ARM64 has so many registers
3828         that you cannot possibly run out of them in CSS JIT.
3829
3830         I generalized the x86_64 path to all architectures.
3831         I did not limit this case to style resolution because the extra register is irrelevant
3832         in most cases. The only difference is one extra push/pop on ARMv7 if you use querySelector
3833         with :nth-child in a backtracking chain.
3834
3835         This problem is covered by the existing test fast/selectors/nth-child-with-backtracking.html
3836
3837         * cssjit/SelectorCompiler.cpp:
3838         (WebCore::SelectorCompiler::minimumRegisterRequirements): Deleted.
3839
3840 2016-07-13  Chris Dumez  <cdumez@apple.com>
3841
3842         Drop unnecessary check from ContainerNode::removeChild()
3843         https://bugs.webkit.org/show_bug.cgi?id=159747
3844
3845         Reviewed by Andreas Kling.
3846
3847         Drop unnecessary check from ContainerNode::removeChild() to make sure that
3848         the parent of the node being removed is |this|. We already do this check
3849         a few lines above. The only thing that happens in between is the ref'ing
3850         of the node, which does not cause any JS execution.
3851
3852         This check was introduced in r55783 because there used to be a call to
3853         document()->removeFocusedNodeOfSubtree(child.get());
3854         between the two checks. However, this call has been removed since then
3855         and the extra parentNode() check was left in.
3856
3857         * dom/ContainerNode.cpp:
3858         (WebCore::ContainerNode::removeChild): Deleted.
3859
3860 2016-07-12  Ryosuke Niwa  <rniwa@webkit.org>
3861
3862         REGRESSION(r202953): Clicking on input[type=file] doesn't open a file picker
3863         https://bugs.webkit.org/show_bug.cgi?id=159686
3864
3865         Reviewed by Chris Dumez.
3866
3867         The bug was caused by DOMActivate event not propagating out of the user-agent shadow tree
3868         of a file input, and FileInputType not receiving the event to open the file picker.
3869
3870         Made DOMActivate "composed" event which cross shadow boundaries to fix the bug. The feedback
3871         was given back to W3C on https://github.com/w3c/webcomponents/issues/513#issuecomment-231851617
3872
3873         Test: fast/forms/file/open-file-panel.html
3874
3875         * dom/Event.cpp:
3876         (WebCore::Event::composed):
3877
3878 2016-07-13  Antti Koivisto  <antti@apple.com>
3879
3880         v2: WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()
3881         https://bugs.webkit.org/show_bug.cgi?id=159722
3882
3883         Reviewed by Andreas Kling.
3884
3885         We have crashes where a StyleResolver is deleted underneath pseudoStyleForElement (key parts of the stack):
3886
3887         0   WebCore::StyleResolver::~StyleResolver
3888         3   WebCore::AuthorStyleSheets::updateActiveStyleSheets
3889         4   WebCore::Document::styleResolverChanged
3890         5   WebKit::WebPage::viewportConfigurationChanged()
3891         6   WebKit::WebPage::mainFrameDidLayout()
3892         9   WebCore::FrameLoader::checkCompleted
3893         13  WebCore::ResourceLoader::cancel
3894         19  WebKit::WebLoaderStrategy::loadResource
3895         24  WebCore::Style::loadPendingImage
3896         27  WebCore::StyleResolver::pseudoStyleForElement
3897         29  WebCore::RenderTreeUpdater::updateBeforeOrAfterPseudoElement
3898         33  WebCore::Document::recalcStyle
3899
3900         This appears to be happening when a content blocker blocks a resource load for an image referenced from a stylesheet
3901         and triggers synchronous cancellation of the load. With engine in suitable state this can clear style resolver.
3902
3903         No test, don't know how to make one. This is very timing and engine state dependent.
3904
3905         * dom/AuthorStyleSheets.cpp:
3906         (WebCore::AuthorStyleSheets::updateActiveStyleSheets):
3907
3908         We have an existing check here that prevents destruction of the style resolver when we are in the middle of
3909         a style resolution. However the old inStyleRecalc() bit no longer covers the render tree update phase. Pseudo
3910         elements are resolved during render tree update.
3911
3912         Fix by adding a check for inRenderTreeUpdate() bit too.
3913
3914         This just fixes a regression. A proper fix would be to gather all resources during style resolution
3915         and trigger the loads afterwards.
3916
3917 2016-07-13  Frederic Wang  <fred.wang@free.fr>
3918
3919         Remove padding and margin around the <math> element
3920         https://bugs.webkit.org/show_bug.cgi?id=157989
3921
3922         Reviewed by Brent Fulgham.
3923
3924         No new tests, already covered by existing tests.
3925
3926         * css/mathml.css:
3927         (math): Remove padding.
3928         (math[display="block"]): Remove margin.
3929
3930 2016-07-13  Enrica Casucci  <enrica@apple.com>
3931
3932         Update supported platforms in xcconfig files to match the sdk names.
3933         https://bugs.webkit.org/show_bug.cgi?id=159728
3934
3935         Reviewed by Tim Horton.
3936
3937         * Configurations/Base.xcconfig:
3938
3939 2016-07-13  Anders Carlsson  <andersca@apple.com>
3940
3941         "requiredShippingAddressFields" has been deprecated error thrown when using "requiredBillingAddressFields"
3942         https://bugs.webkit.org/show_bug.cgi?id=159729
3943         rdar://problem/27314974
3944
3945         Reviewed by Tim Horton.
3946
3947         Fix a paste-o.
3948
3949         * Modules/applepay/ApplePaySession.cpp:
3950         (WebCore::createPaymentRequest):
3951
3952 2016-07-13  Brent Fulgham  <bfulgham@apple.com>
3953
3954         [WK1][iOS] Crash when WebSocket attempts to dispatch a mixed content blocker event
3955         https://bugs.webkit.org/show_bug.cgi?id=159680
3956         <rdar://problem/22102028>
3957
3958         Reviewed by Zalan Bujtas.
3959
3960         WK1 on iOS should not use RunLoop::main(). Instead, it should be dispatching events
3961         on the WebThread.
3962
3963         Test: http/tests/ssl/mixedContent/insecure-websocket.html
3964
3965         * Modules/websockets/WebSocket.cpp:
3966         (WebCore::WebSocket::connect): Do not use RunLoop::main() when we should be using
3967         the WebThread.
3968
3969 2016-07-13  Frederic Wang  <fwang@igalia.com>
3970
3971         The display property of many MathML elements can not be overriden by page authors
3972         https://bugs.webkit.org/show_bug.cgi?id=139403
3973
3974         The mathml.css user agent stylesheet currently forces most MathML elements to render with
3975         'display: block'. We remove the !important keyword so that users can override the display
3976         property, for example to hide elements with 'display: none'. This is consistent with the
3977         behavior for SVG or HTML elements.
3978
3979         Reviewed by Brent Fulgham.
3980
3981         Test: imported/mathml-in-html5/mathml/relations/css-styling/display-1.html
3982
3983         * css/mathml.css: