Unreviewed, rolling out r203471.
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-20  Commit Queue  <commit-queue@webkit.org>
2
3         Unreviewed, rolling out r203471.
4         https://bugs.webkit.org/show_bug.cgi?id=160003
5
6         many iOS-simulator tests are failing (Requested by litherum on
7         #webkit).
8
9         Reverted changeset:
10
11         "[iPhone] Playing a video on tudou.com plays only sound, no
12         video"
13         https://bugs.webkit.org/show_bug.cgi?id=159967
14         http://trac.webkit.org/changeset/203471
15
16 2016-07-19  Ryosuke Niwa  <rniwa@webkit.org>
17
18         iOS: Cannot paste images in RTF content
19         https://bugs.webkit.org/show_bug.cgi?id=159964
20         <rdar://problem/27442806>
21
22         Reviewed by Enrica Casucci.
23
24         The bug was caused by setDefersLoading(true) not deferring image loading for the parsed fragment.
25         Worked around this bug by disabling image loading while parsing the document fragment.
26
27         * editing/ios/EditorIOS.mm:
28         (WebCore::Editor::createFragmentAndAddResources):
29
30 2016-07-20  Brady Eidson  <beidson@apple.com>
31
32         Address a small FIXME in IDB code.
33         https://bugs.webkit.org/show_bug.cgi?id=159999
34
35         Reviewed by Andy Estes.
36
37         No new tests (No behavior change).
38
39         * Modules/indexeddb/IDBRequest.cpp:
40         (WebCore::IDBRequest::IDBRequest):
41         
42         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
43         (WebCore::IDBResourceIdentifier::IDBResourceIdentifier): Deleted.
44         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
45
46 2016-07-20  Brady Eidson  <beidson@apple.com>
47
48         Remove some "modernFoo"s from IndexedDB code.
49         https://bugs.webkit.org/show_bug.cgi?id=159985
50
51         Reviewed by Andy Estes.
52
53         No new tests (No known behavior change).
54
55         * Modules/indexeddb/IDBCursor.cpp:
56         (WebCore::IDBCursor::IDBCursor):
57         (WebCore::IDBCursor::~IDBCursor):
58         (WebCore::IDBCursor::sourcesDeleted):
59         (WebCore::IDBCursor::effectiveObjectStore):
60         (WebCore::IDBCursor::transaction):
61         (WebCore::IDBCursor::direction):
62         (WebCore::IDBCursor::update):
63         (WebCore::IDBCursor::advance):
64         (WebCore::IDBCursor::continueFunction):
65         (WebCore::IDBCursor::uncheckedIterateCursor):
66         (WebCore::IDBCursor::deleteFunction):
67         (WebCore::IDBCursor::setGetResult):
68         
69         * Modules/indexeddb/IDBIndex.cpp:
70         (WebCore::IDBIndex::IDBIndex):
71         (WebCore::IDBIndex::~IDBIndex):
72         (WebCore::IDBIndex::hasPendingActivity):
73         (WebCore::IDBIndex::name):
74         (WebCore::IDBIndex::objectStore):
75         (WebCore::IDBIndex::keyPath):
76         (WebCore::IDBIndex::unique):
77         (WebCore::IDBIndex::multiEntry):
78         (WebCore::IDBIndex::openCursor):
79         (WebCore::IDBIndex::doCount):
80         (WebCore::IDBIndex::openKeyCursor):
81         (WebCore::IDBIndex::doGet):
82         (WebCore::IDBIndex::doGetKey):
83         (WebCore::IDBIndex::markAsDeleted):
84         * Modules/indexeddb/IDBIndex.h:
85         
86         * Modules/indexeddb/IDBObjectStore.cpp:
87         (WebCore::IDBObjectStore::transaction):
88         (WebCore::IDBObjectStore::deleteFunction): Deleted.
89         (WebCore::IDBObjectStore::modernDelete): Deleted.
90         * Modules/indexeddb/IDBObjectStore.h:
91         
92         * bindings/js/JSIDBIndexCustom.cpp:
93         (WebCore::JSIDBIndex::visitAdditionalChildren):
94
95 2016-07-20  Chris Dumez  <cdumez@apple.com>
96
97         Stop using valueToStringWithNullCheck() in JSCSSStyleDeclaration::putDelegate()
98         https://bugs.webkit.org/show_bug.cgi?id=159982
99
100         Reviewed by Ryosuke Niwa.
101
102         valueToStringWithNullCheck() treats null as the null String() which is
103         legacy / non standard behavior. The specification says we should treat
104         null as the empty string:
105         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
106
107         Therefore, we should be using valueToStringTreatingNullAsEmptyString() instead.
108
109         In practice, there is no web-exposed behavior change because
110         MutableStyleProperties::setProperty() removes the property wether the
111         value is the null String or the empty String.
112
113         This behavior is correct since the specification says that we should
114         remove the property if the value is the empty string:
115         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty (step 4)
116
117         I added test coverage to make sure we behave according to specification.
118         This test is passing in Firefox, Chrome and in WebKit (before and after
119         my change).
120
121         Test: fast/css/CSSStyleDeclaration-property-setter.html
122
123         * bindings/js/JSCSSStyleDeclarationCustom.cpp:
124         (WebCore::JSCSSStyleDeclaration::putDelegate):
125
126 2016-07-20  Chris Dumez  <cdumez@apple.com>
127
128         Fix null handling of HTMLFrameElement.marginWidth / marginHeight
129         https://bugs.webkit.org/show_bug.cgi?id=159987
130
131         Reviewed by Ryosuke Niwa.
132
133         Fix null handling of HTMLFrameElement.marginWidth / marginHeight:
134         - https://html.spec.whatwg.org/multipage/obsolete.html#htmlframeelement
135
136         We are supposed to treat null as the empty string but we treat it as
137         the string "null".
138
139         Firefox and Chrome both match the specification.
140
141         No new tests, updated existing tests.
142
143         * html/HTMLFrameElement.idl:
144
145 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
146
147         Pausing autoplayed media should not remove all restrictions for that media element
148         https://bugs.webkit.org/show_bug.cgi?id=159988
149
150         Reviewed by Jon Lee.
151
152         Localizes the removal of behavior restrictions introduced in r203464 upon pausing an
153         autoplaying video to just affect the hiding or showing of the media controller. This
154         prevents pages from using Javascript to start playing autoplaying videos that have
155         been paused by the user.
156
157         * html/HTMLMediaElement.cpp:
158         (WebCore::HTMLMediaElement::pause):
159
160 2016-07-20  Myles C. Maxfield  <mmaxfield@apple.com>
161
162         [iPhone] Playing a video on tudou.com plays only sound, no video
163         https://bugs.webkit.org/show_bug.cgi?id=159967
164         <rdar://problem/26964090>
165
166         Reviewed by Jon Lee.
167
168         WebKit recently starting honoring the playsinline and webkit-playsinline
169         attribute on iPhones. However, because these attributes previously did
170         nothing, some sites (such as Todou) were setting them on their content
171         and expecting that they are not honored. In this specific case, the
172         video is absolutely positioned to be 1 pixel x 1 pixel.
173
174         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
175         property on their WKWebView, which would honor the webkit-playsinline
176         attribute. Safari on iPhones didn't do this.
177
178         In order to not break these existing apps, it's important that the
179         allowsInlineMediaPlayback preference still allows webkit-playsinline
180         videos to play inline in apps using WKWebView. However, in Safari, these
181         videos should play fullscreen. (Todou videos have webkit-playsinline
182         but not playsinline.)
183
184         Therefore, in Safari, videos with playsinline should be inline, but
185         videos with webkit-playsinline should be fullscreen. In apps using
186         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
187         playsinline should be inline, and videos with webkit-playsinline should
188         also be inline. Videos on iPad and Mac should all be inline by default.
189
190         We can create some truth tables for the cases which need to be covered:
191
192         All apps on Mac / iPad:
193         Presence of playsinline | Presence of webkit-playsinline | Result
194         ========================|================================|===========
195         Not present             | Not present                    | Inline
196         Present                 | Not present                    | Inline
197         Not Present             | Present                        | Inline
198         Present                 | Present                        | Inline
199
200         Safari on iPhone:
201         Presence of playsinline | Presence of webkit-playsinline | Result
202         ========================|================================|===========
203         Not present             | Not present                    | Fullscreen
204         Present                 | Not present                    | Inline
205         Not Present             | Present                        | Fullscreen
206         Present                 | Present                        | Inline
207
208         App on iPhone which sets allowsInlineMediaPlayback:
209         Presence of playsinline | Presence of webkit-playsinline | Result
210         ========================|================================|===========
211         Not present             | Not present                    | Fullscreen
212         Present                 | Not present                    | Inline
213         Not Present             | Present                        | Inline
214         Present                 | Present                        | Inline
215
216         The way to distinguish Safari from another app is to create an SPI
217         boolean preference which Safari can set. This is already how the
218         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
219         which Safari sets but other apps don't. However, this preference is
220         no longer sufficient because Safari should now be discriminating
221         between the playsinline and webkit-playsinline attributes. Therefore,
222         this preference should be extended to two boolean preferences, which
223         this patch adds:
224
225         allowsInlineMediaPlaybackWithPlaysInlineAttribute
226         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
227
228         Safari on iPhone will set
229         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
230         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
231         false. Other apps on iPhone will get their defaults values (because they
232         are SPI) which means they will both be true. On iPad and Mac, apps will
233         use the defaults values where both are false.
234
235         This patch adds support for these two preferences, but does not remove
236         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
237         I will remove the exising preference as soon as I update Safari to migrate
238         off of it.
239
240         Test: media/video-playsinline.html
241
242         * html/MediaElementSession.cpp:
243         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
244         * page/Settings.cpp:
245         * page/Settings.in:
246         * testing/InternalSettings.cpp:
247         (WebCore::InternalSettings::Backup::Backup):
248         (WebCore::InternalSettings::Backup::restoreTo):
249         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
250         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
251         * testing/InternalSettings.h:
252         * testing/InternalSettings.idl:
253
254 2016-07-20  Chris Dumez  <cdumez@apple.com>
255
256         Get rid of custom bindings code for XMLHttpRequest.open()
257         https://bugs.webkit.org/show_bug.cgi?id=159984
258
259         Reviewed by Ryosuke Niwa.
260
261         Get rid of custom bindings code for XMLHttpRequest.open() as the
262         bindings generator is able to generate it.
263
264         Relevant specification:
265         - https://xhr.spec.whatwg.org/#xmlhttprequest
266
267         The issue is that legacy content prevents treating the 'async' argument
268         being undefined identical from it being omitted. However, this can be
269         achieved by using overloading in IDL, like in the specification.
270
271         No new tests, already covered by the following tests:
272         - http/tests/xmlhttprequest/basic-auth.html
273         - http/tests/xmlhttprequest/open-async-overload.html
274
275         * bindings/js/JSXMLHttpRequestCustom.cpp:
276         (WebCore::SendFunctor::SendFunctor): Deleted.
277         (WebCore::SendFunctor::line): Deleted.
278         (WebCore::SendFunctor::column): Deleted.
279         (WebCore::SendFunctor::url): Deleted.
280         (WebCore::SendFunctor::operator()): Deleted.
281         * xml/XMLHttpRequest.cpp:
282         (WebCore::XMLHttpRequest::open):
283         * xml/XMLHttpRequest.h:
284         * xml/XMLHttpRequest.idl:
285
286 2016-07-20  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
287
288         Mark overriden methods in WebCore/svg final classes as final
289         https://bugs.webkit.org/show_bug.cgi?id=159966
290
291         Reviewed by Michael Catanzaro.
292
293         Update WebCore/svg classes so that overriden methods in final classes are marked final.
294
295         * svg/SVGAElement.h:
296         * svg/SVGAltGlyphDefElement.h:
297         * svg/SVGAltGlyphItemElement.h:
298         * svg/SVGAnimateTransformElement.h:
299         * svg/SVGAnimatedColor.h:
300         * svg/SVGCircleElement.h:
301         * svg/SVGClipPathElement.h:
302         * svg/SVGCursorElement.h:
303         * svg/SVGDefsElement.h:
304         * svg/SVGDescElement.h:
305         * svg/SVGEllipseElement.h:
306         * svg/SVGFEMergeNodeElement.h:
307         * svg/SVGFilterElement.h:
308         * svg/SVGFontElement.h:
309         * svg/SVGFontFaceElement.h:
310         * svg/SVGFontFaceFormatElement.h:
311         * svg/SVGFontFaceNameElement.h:
312         * svg/SVGFontFaceSrcElement.h:
313         * svg/SVGFontFaceUriElement.h:
314         * svg/SVGForeignObjectElement.h:
315         * svg/SVGGElement.h:
316         * svg/SVGGlyphElement.h:
317         * svg/SVGGlyphRefElement.h:
318         * svg/SVGHKernElement.h:
319         * svg/SVGImageElement.h:
320         * svg/SVGLineElement.h:
321         * svg/SVGMPathElement.h:
322         * svg/SVGMaskElement.h:
323         * svg/SVGMetadataElement.h:
324         * svg/SVGMissingGlyphElement.h:
325         * svg/SVGPathBuilder.h:
326         * svg/SVGPathByteStreamBuilder.h:
327         * svg/SVGPathByteStreamSource.h:
328         * svg/SVGPathElement.h:
329         * svg/SVGPathSegArcAbs.h:
330         * svg/SVGPathSegArcRel.h:
331         * svg/SVGPathSegClosePath.h:
332         * svg/SVGPathSegCurvetoCubicAbs.h:
333         * svg/SVGPathSegCurvetoCubicRel.h:
334         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
335         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
336         * svg/SVGPathSegCurvetoQuadraticAbs.h:
337         * svg/SVGPathSegCurvetoQuadraticRel.h:
338         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
339         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
340         * svg/SVGPathSegLinetoAbs.h:
341         * svg/SVGPathSegLinetoHorizontalAbs.h:
342         * svg/SVGPathSegLinetoHorizontalRel.h:
343         * svg/SVGPathSegLinetoRel.h:
344         * svg/SVGPathSegLinetoVerticalAbs.h:
345         * svg/SVGPathSegLinetoVerticalRel.h:
346         * svg/SVGPathSegListBuilder.h:
347         * svg/SVGPathSegListSource.h:
348         * svg/SVGPathSegMovetoAbs.h:
349         * svg/SVGPathSegMovetoRel.h:
350         * svg/SVGPathStringSource.h:
351         * svg/SVGPathTraversalStateBuilder.h:
352         * svg/SVGPatternElement.h:
353         * svg/SVGRectElement.h:
354         * svg/SVGScriptElement.h:
355         * svg/SVGStopElement.h:
356         * svg/SVGStyleElement.h:
357         * svg/SVGSwitchElement.h:
358         * svg/SVGTRefElement.cpp:
359         * svg/SVGTitleElement.h:
360         * svg/SVGToOTFFontConversion.cpp:
361         * svg/SVGUnknownElement.h:
362         * svg/SVGVKernElement.h:
363         * svg/SVGViewElement.h:
364         * svg/SVGZoomEvent.h:
365         * svg/animation/SVGSMILElement.cpp:
366         * svg/graphics/SVGImage.h:
367         * svg/graphics/SVGImageClients.h:
368         * svg/graphics/SVGImageForContainer.h:
369         * svg/graphics/filters/SVGFEImage.h:
370         * svg/graphics/filters/SVGFilter.h:
371         * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
372         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
373         * svg/properties/SVGAnimatedPropertyTearOff.h:
374         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
375         * svg/properties/SVGMatrixTearOff.h:
376         * svg/properties/SVGPathSegListPropertyTearOff.h:
377
378 2016-07-20  Brady Eidson  <beidson@apple.com>
379
380         Transition most IDB interfaces from ScriptExecutionContext to ExecState.
381         https://bugs.webkit.org/show_bug.cgi?id=159975
382
383         Reviewed by Alex Christensen.
384
385         No new tests (No known behavior change).
386
387         * Modules/indexeddb/IDBCursor.cpp:
388         (WebCore::IDBCursor::continueFunction):
389         (WebCore::IDBCursor::deleteFunction):
390         * Modules/indexeddb/IDBCursor.h:
391         * Modules/indexeddb/IDBCursor.idl:
392
393         * Modules/indexeddb/IDBDatabase.idl:
394
395         * Modules/indexeddb/IDBFactory.cpp:
396         (WebCore::IDBFactory::cmp):
397         * Modules/indexeddb/IDBFactory.h:
398         * Modules/indexeddb/IDBFactory.idl:
399
400         * Modules/indexeddb/IDBIndex.cpp:
401         (WebCore::IDBIndex::openCursor):
402         (WebCore::IDBIndex::count):
403         (WebCore::IDBIndex::doCount):
404         (WebCore::IDBIndex::openKeyCursor):
405         (WebCore::IDBIndex::get):
406         (WebCore::IDBIndex::doGet):
407         (WebCore::IDBIndex::getKey):
408         (WebCore::IDBIndex::doGetKey):
409         * Modules/indexeddb/IDBIndex.h:
410         * Modules/indexeddb/IDBIndex.idl:
411
412         * Modules/indexeddb/IDBKeyRange.cpp:
413         (WebCore::IDBKeyRange::only): Deleted.
414         * Modules/indexeddb/IDBKeyRange.h:
415
416         * Modules/indexeddb/IDBObjectStore.cpp:
417         (WebCore::IDBObjectStore::openCursor):
418         (WebCore::IDBObjectStore::get):
419         (WebCore::IDBObjectStore::putOrAdd):
420         (WebCore::IDBObjectStore::deleteFunction):
421         (WebCore::IDBObjectStore::doDelete):
422         (WebCore::IDBObjectStore::modernDelete):
423         (WebCore::IDBObjectStore::clear):
424         (WebCore::IDBObjectStore::createIndex):
425         (WebCore::IDBObjectStore::count):
426         (WebCore::IDBObjectStore::doCount):
427         * Modules/indexeddb/IDBObjectStore.h:
428         * Modules/indexeddb/IDBObjectStore.idl:
429
430         * Modules/indexeddb/IDBTransaction.cpp:
431         (WebCore::IDBTransaction::requestOpenCursor):
432         (WebCore::IDBTransaction::doRequestOpenCursor):
433         (WebCore::IDBTransaction::requestGetRecord):
434         (WebCore::IDBTransaction::requestGetValue):
435         (WebCore::IDBTransaction::requestGetKey):
436         (WebCore::IDBTransaction::requestIndexRecord):
437         (WebCore::IDBTransaction::requestCount):
438         (WebCore::IDBTransaction::requestDeleteRecord):
439         (WebCore::IDBTransaction::requestClearObjectStore):
440         (WebCore::IDBTransaction::requestPutOrAdd):
441         * Modules/indexeddb/IDBTransaction.h:
442
443         * inspector/InspectorIndexedDBAgent.cpp:
444
445 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
446
447         Media controls don't appear when pausing a small autoplaying video
448         https://bugs.webkit.org/show_bug.cgi?id=159972
449         <rdar://problem/27180657>
450
451         Reviewed by Beth Dakin.
452
453         When pausing an autoplaying video, remove behavior restrictions for the
454         initial user gesture and show media controls.
455
456         New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.
457
458         * html/HTMLMediaElement.cpp:
459         (WebCore::HTMLMediaElement::pause):
460
461 2016-07-20  Chris Dumez  <cdumez@apple.com>
462
463         Fix null handling of HTMLMediaElement.mediaGroup
464         https://bugs.webkit.org/show_bug.cgi?id=159974
465
466         Reviewed by Eric Carlson.
467
468         Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
469         - https://www.w3.org/TR/html5/embedded-content-0.html#media-elements
470
471         null is supposed to be treated as the String "null". This patch aligns
472         our behavior with the specification. I tested Firefox and Chrome but both
473         do not have this attribute on HTMLMediaElement.
474
475         Also remove support for [TreatNullAs=LegacyNullString] from our bindings
476         generator as HTMLMediaElement.mediaGroup was the last user.
477
478         No new tests, rebaselined existing test.
479
480         * bindings/scripts/CodeGeneratorJS.pm:
481         (JSValueToNative):
482         * bindings/scripts/IDLAttributes.txt:
483         * html/HTMLMediaElement.idl:
484
485 2016-07-20  Chris Dumez  <cdumez@apple.com>
486
487         CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
488         https://bugs.webkit.org/show_bug.cgi?id=159959
489
490         Reviewed by Alexey Proskuryakov.
491
492         CSSStyleDeclaration.setProperty() should be able to unsert "important"
493         on a property as per the latest specification:
494         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
495         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
496
497         Firefox and Chrome match the specification here but WebKit was ignoring calls
498         to setProperty() if there is already an "important" property wit this name
499         and if the new property does not have the "important" flag set.
500
501         This behavior was added a long time ago via Bug 60007. However, it does not
502         match the latest specification or other browsers.
503
504         Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html
505
506         * css/StyleProperties.cpp:
507         (WebCore::MutableStyleProperties::addParsedProperty):
508         Drop code that was added via Bug 60007 as this behavior no longer matches the
509         specification or other browsers. The layout test added in Bug 60007 fails in
510         other browsers and was updated in this patch to match the specification.
511
512 2016-07-20  Commit Queue  <commit-queue@webkit.org>
513
514         Unreviewed, rolling out r203423.
515         https://bugs.webkit.org/show_bug.cgi?id=159977
516
517         The test for this change is failing on Mac Release WK2
518         (Requested by ryanhaddad on #webkit).
519
520         Reverted changeset:
521
522         "HTMLVideoElement frames do not update on iOS when src is a
523         MediaStream blob"
524         https://bugs.webkit.org/show_bug.cgi?id=159833
525         http://trac.webkit.org/changeset/203423
526
527 2016-07-20  Chris Dumez  <cdumez@apple.com>
528
529         Fix null handling of HTMLSelectElement.value attribute
530         https://bugs.webkit.org/show_bug.cgi?id=159925
531
532         Reviewed by Benjamin Poulain.
533
534         Fix null handling of HTMLSelectElement.value attribute:
535         - https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement
536
537         We were treating null as the null String which would end up setting
538         selectedIndex to -1. However, we should treat null as the String "null"
539         which would set the selectedIndex to the index of the <option> element
540         whose value is "null".
541
542         Firefox and Chrome match the specification.
543
544         Test: fast/dom/HTMLSelectElement/value-null-handling.html
545
546         * html/HTMLSelectElement.cpp:
547         (WebCore::HTMLSelectElement::setValue):
548         * html/HTMLSelectElement.idl:
549
550 2016-07-20  Chris Dumez  <cdumez@apple.com>
551
552         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
553         https://bugs.webkit.org/show_bug.cgi?id=159962
554         <rdar://problem/21439264>
555
556         Reviewed by David Kilzer.
557
558         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
559         is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
560         call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
561         However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
562         other. It is therefore possible for a PostResolutionCallbackDisabler object to get
563         destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
564         ResourceLoadSuspender object is alive.
565
566         This leads to hard to investigate crashes where we end up re-entering WebKit and killing
567         the style resolver.
568
569         This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
570         There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
571         is better because it manages a resolutionNestingDepth counter internally to make sure
572         it only calls LoaderStrategy::resumePendingRequests() once all
573         PostResolutionCallbackDisabler instances are destroyed.
574
575         No new tests, there is no easy way to reproduce the crashes.
576
577         * dom/Document.cpp:
578         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
579         * loader/LoaderStrategy.cpp:
580         (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
581         (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
582         * loader/LoaderStrategy.h:
583
584 2016-07-19  Youenn Fablet  <youenn@apple.com>
585
586         [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
587         https://bugs.webkit.org/show_bug.cgi?id=159932
588
589         Reviewed by Alex Christensen.
590
591         Covered by existing tests.
592
593         Refactoring Headers initializeWith to use the new built-in internal that implements
594         https://fetch.spec.whatwg.org/#concept-headers-fill.
595
596         Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
597         Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.
598
599         * CMakeLists.txt: Adding FetchHeadersInternals.js
600         * DerivedSources.make: Ditto.
601         * Modules/fetch/FetchHeaders.js:
602         (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
603         * Modules/fetch/FetchInternals.js: Added.
604         (fillFetchHeaders):
605         * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
606         that the checks are done in the order defined by the spec.
607         (WebCore::FetchResponse::setStatus):
608         (WebCore::FetchResponse::initializeWith):
609         (WebCore::isNullBodyStatus): Deleted.
610         * Modules/fetch/FetchResponse.h:
611         * Modules/fetch/FetchResponse.idl:
612         * Modules/fetch/FetchResponse.js:
613         (initializeFetchResponse): New built-in internal.
614         * WebCore.xcodeproj/project.pbxproj:
615         * bindings/js/WebCoreBuiltinNames.h:
616
617 2016-07-19  Chris Dumez  <cdumez@apple.com>
618
619         Fix null handling of SVGScriptElement.type attribute
620         https://bugs.webkit.org/show_bug.cgi?id=159927
621
622         Reviewed by Benjamin Poulain.
623
624         Fix null handling of SVGScriptElement.type attribute:
625         - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement
626
627         We were treating null as the null String which would end up removing
628         the 'type' content attribute. However, we should treat null as the
629         String "null".
630
631         Firefox and Chrome match the specification.
632
633         No new tests, updated existing test.
634
635         * svg/SVGScriptElement.idl:
636
637 2016-07-19  Chris Dumez  <cdumez@apple.com>
638
639         Fix null handling of several HTMLDocument attributes
640         https://bugs.webkit.org/show_bug.cgi?id=159923
641
642         Reviewed by Benjamin Poulain.
643
644         Fix null handling of several HTMLDocument attributes:
645         - https://html.spec.whatwg.org/multipage/dom.html#document
646         - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial
647
648         In particular, null handling was incorrect in WebKit for 'dir',
649         'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.
650
651         Firefox and Chrome match the specification.
652
653         Test: fast/dom/HTMLDocument/null-handling.html
654
655         * html/HTMLDocument.idl:
656
657 2016-07-19  Chris Dumez  <cdumez@apple.com>
658
659         Document.createElementNS() / createAttributeNS() parameters should be mandatory
660         https://bugs.webkit.org/show_bug.cgi?id=159938
661
662         Reviewed by Benjamin Poulain.
663
664         Document.createElementNS() / createAttributeNS() parameters should be mandatory:
665         - https://dom.spec.whatwg.org/#document
666
667         They were optional in WebKit. However, Firefox and Chrome both match the
668         specification.
669
670         No new tests, rebaselined existing tests.
671
672         * dom/Document.idl:
673
674 2016-07-19  Benjamin Poulain  <bpoulain@apple.com>
675
676         Use getElementById for attribute matching if the attribute name is html's id
677         https://bugs.webkit.org/show_bug.cgi?id=159960
678
679         Reviewed by Chris Dumez.
680
681         Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
682         (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).
683
684         If we are not in quirks mode, IdForStyleResolution has the same value
685         as the Id attribute. We can use the same optimization for both cases.
686
687         Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
688                fast/selectors/id-attribute-querySelector-used-as-id-selector.html
689
690         * dom/SelectorQuery.cpp:
691         (WebCore::canBeUsedForIdFastPath):
692         (WebCore::findIdMatchingType):
693         (WebCore::SelectorDataList::SelectorDataList):
694         (WebCore::selectorForIdLookup):
695         (WebCore::filterRootById):
696
697 2016-07-19  Chris Dumez  <cdumez@apple.com>
698
699         Drop SVGElement.xmlbase attribute
700         https://bugs.webkit.org/show_bug.cgi?id=159926
701
702         Reviewed by Benjamin Poulain.
703
704         Drop SVGElement.xmlbase attribute as it is no longer part of the
705         specification:
706         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
707
708         Both Firefox and Chrome have already dropped support for
709         SVGElement.xmlbase.
710
711         Chrome's intent to remove:
712         https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ
713
714         Test: svg/dom/SVGElement-xmlbase.html
715
716         * svg/SVGElement.cpp:
717         (WebCore::SVGElement::removedFrom): Deleted.
718         * svg/SVGElement.h:
719         * svg/SVGElement.idl:
720
721 2016-07-19  Chris Dumez  <cdumez@apple.com>
722
723         Align CSSStyleDeclaration.setProperty() with the specification
724         https://bugs.webkit.org/show_bug.cgi?id=159955
725
726         Reviewed by Benjamin Poulain.
727
728         Align CSSStyleDeclaration.setProperty() with the specification:
729         - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface
730
731         In particular, the following changes were needed:
732         1. The 'value' parameter should not be optional
733         2. The 'priority' parameter should treat null as the empty string
734            rather than the string "null".
735         3. The 'priority' parameter's default value should be the empty string,
736            not the string "undefined".
737         4. CSSStyleDeclaration.setProperty() should return early if 'priority'
738            is not the empty string and is not an ASCII case-insensitive match
739            for the string "important".
740
741         Chrome matches the specification entirely.
742         Firefox matches the specification with the exception that it does a
743         case-sensitive match for "important".
744
745         Test: fast/css/CSSStyleDeclaration-setProperty.html
746
747         * css/CSSStyleDeclaration.idl:
748         * css/PropertySetCSSStyleDeclaration.cpp:
749         (WebCore::PropertySetCSSStyleDeclaration::setProperty):
750
751 2016-07-19  Daniel Bates  <dabates@apple.com>
752
753         CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
754         https://bugs.webkit.org/show_bug.cgi?id=159841
755         <rdar://problem/27381684>
756
757         Reviewed by Brent Fulgham.
758
759         Implement a first pass at sending multiple violation reports so as to more closely
760         conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
761         <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).
762
763         Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
764                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
765                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
766                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
767                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
768                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
769                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
770                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
771                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
772                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
773                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
774                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
775                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
776                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
777                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
778                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
779                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
780                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
781                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
782                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
783                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
784                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
785                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
786                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
787                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
788                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html
789
790         * page/csp/ContentSecurityPolicy.cpp:
791         (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
792         is allowed by all of the policies with the specified disposition.
793         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
794         all of the enforced policies.
795         (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
796         Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
797         so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
798         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
799         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
800         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
801         all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
802         nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
803         address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
804         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
805         (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
806         matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
807         report-only policies so that we only allow the resource for the former. As a side effect of this change
808         we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
809         for more details.
810         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
811         (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
812         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
813         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
814         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
815         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
816         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
817         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
818         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
819         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
820         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
821         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
822         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
823         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
824         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
825         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
826         * page/csp/ContentSecurityPolicy.h:
827         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.
828
829 2016-07-19  Chris Dumez  <cdumez@apple.com>
830
831         Fix null handling of HTMLScriptElement.text attribute
832         https://bugs.webkit.org/show_bug.cgi?id=159943
833
834         Reviewed by Benjamin Poulain.
835
836         Fix null handling of HTMLScriptElement.text attribute:
837         - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
838
839         We should treat null as the "null" String but we were treating it as
840         the empty string.
841
842         Firefox and Chrome match the specification.
843
844         No new tests, rebaselined existing test.
845
846         * html/HTMLScriptElement.idl:
847
848 2016-07-19  Chris Dumez  <cdumez@apple.com>
849
850         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
851         https://bugs.webkit.org/show_bug.cgi?id=159934
852
853         Reviewed by Benjamin Poulain.
854
855         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
856         non-standard and we want to drop support for it from the bindings generator.
857
858         Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
859         given that both a missing/empty attribute result in using the default
860         autocapitalization mode and that autocapitalize returns the empty string by
861         default.
862
863         Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html
864
865         * html/HTMLFormElement.idl:
866         * html/HTMLInputElement.idl:
867         * html/HTMLTextAreaElement.idl:
868
869 2016-07-19  Zalan Bujtas  <zalan@apple.com>
870
871         REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
872         https://bugs.webkit.org/show_bug.cgi?id=159952
873
874         Reviewed by Simon Fraser.
875
876         Update ASSERTs to reflect new functionality, that is, now we can end up in a state
877         where the container (RenderView) of one of the dirty subtrees is dirty.
878         See r203415.
879  
880         Covered by editing/pasteboard/drag-drop-input-in-svg.svg
881
882         * page/FrameView.cpp:
883         (WebCore::FrameView::scheduleRelayoutOfSubtree):
884
885 2016-07-19  Dean Jackson  <dino@apple.com>
886
887         REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
888         https://bugs.webkit.org/show_bug.cgi?id=159948
889         <rdar://problem/27391012>
890
891         Reviewed by Simon Fraser.
892
893         There is an iOS bug (<rdar://problem/27416744>) that is causing us
894         to not always get a color space on CGContextRefs. Investigation of this
895         exposed some optimizations we can take when we are creating ImageBuffers.
896         In particular, if we have a bitmap context or an IOSurfaceContext we
897         can simply copy their color space using API. Otherwise we stick with
898         the existing CGContextCopyDeviceColorSpace.
899
900         Lastly, if for some reason we are unable to copy the device color space,
901         we should fall back to sRGB.
902
903         * platform/graphics/cg/ImageBufferCG.cpp:
904         (WebCore::ImageBuffer::createCompatibleBuffer):
905         * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.
906
907
908 2016-07-19  George Ruan  <gruan@apple.com>
909
910         HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
911         https://bugs.webkit.org/show_bug.cgi?id=159833
912         <rdar://problem/27379487>
913
914         Reviewed by Eric Carlson.
915
916         Test: fast/mediastream/MediaStream-video-element-displays-buffer.html
917
918         * WebCore.xcodeproj/project.pbxproj:
919         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
920         of RefPtr<T>
921         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
922         MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
923         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
924         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
925         observers and AVSampleBufferDisplayLayer
926         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
927         is available.
928         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
929         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
930         for enqueuing sample buffers to the active video track.
931         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
932         exists.
933         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
934         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
935         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
936         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
937         new SampleBuffer is available.
938         (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
939         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
940         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
941         MediaPlayerPrivateMediaSourceAVFObjC.mm
942         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
943         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
944         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
945         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
946         * platform/mediastream/MediaStreamPrivate.cpp:
947         (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
948         * platform/mediastream/MediaStreamTrackPrivate.cpp:
949         (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
950         is available.
951         * platform/mediastream/MediaStreamTrackPrivate.h:
952         (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
953         a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
954         * platform/mediastream/RealtimeMediaSource.cpp:
955         (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
956         * platform/mediastream/RealtimeMediaSource.h:
957         * platform/mediastream/mac/AVVideoCaptureSource.mm:
958         (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.
959
960 2016-07-19  Anders Carlsson  <andersca@apple.com>
961
962         Get rid of a #define private public hack in WebCore
963         https://bugs.webkit.org/show_bug.cgi?id=159953
964
965         Reviewed by Dan Bernstein.
966
967         Use @package instead.
968
969         * bindings/objc/DOMInternal.h:
970         * bindings/objc/DOMObject.h:
971
972 2016-07-19  Andreas Kling  <akling@apple.com>
973
974         Fix SharedBuffer leak in MockContentFilter::replacementData().
975         <https://webkit.org/b/159945>
976
977         Reviewed by Andy Estes.
978
979         Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
980         Since this is in the mock filter, it only affected layout tests.
981
982         * testing/MockContentFilter.cpp:
983         (WebCore::MockContentFilter::replacementData):
984
985 2016-07-19  Zalan Bujtas  <zalan@apple.com>
986
987         theguardian.co.uk crossword puzzles are sometimes not displaying text
988         https://bugs.webkit.org/show_bug.cgi?id=159924
989         <rdar://problem/27409483>
990
991         Reviewed by Simon Fraser.
992
993         This patch fixes the case when
994         - 2 disjoint subtrees are dirty
995         - RenderView is also dirty.
996         and we end up not laying out one of the 2 subtrees.
997
998         In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
999         we already have a pending full layout which means that any previous subtree layouts have already been
1000         converted to full layouts.
1001         However this assumption is incorrect. RenderView can get dirty without checking if there's
1002         already a pending subtree layout.
1003         One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
1004         so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
1005         However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
1006         The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
1007         This patch implements the second option.
1008
1009         Test: fast/misc/subtree-layouts.html
1010
1011         * page/FrameView.cpp:
1012         (WebCore::FrameView::scheduleRelayoutOfSubtree):
1013
1014 2016-07-19  Anders Carlsson  <andersca@apple.com>
1015
1016         Some payment authorization status values should keep the sheet active
1017         https://bugs.webkit.org/show_bug.cgi?id=159936
1018         rdar://problem/26756701
1019
1020         Reviewed by Tim Horton.
1021
1022         * Modules/applepay/ApplePaySession.cpp:
1023         (WebCore::ApplePaySession::completePayment):
1024         Keep the sheet active if the status isn't a final state status.
1025
1026         * Modules/applepay/PaymentAuthorizationStatus.h:
1027         (WebCore::isFinalStateStatus):
1028         Add a new helper function that returns whether a given payment authorization status is "final",
1029         meaning that once that status has been passed to completePayment, the session is finished.
1030
1031 2016-07-19  Nan Wang  <n_wang@apple.com>
1032
1033         AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
1034         https://bugs.webkit.org/show_bug.cgi?id=159910
1035
1036         Reviewed by Chris Fleizach.
1037
1038         We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
1039         option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
1040         fixed a word navigation issue based on that.
1041
1042         Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html
1043
1044         * accessibility/AXObjectCache.cpp:
1045         (WebCore::AXObjectCache::traverseToOffsetInRange):
1046         (WebCore::AXObjectCache::rangeForNodeContents):
1047         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
1048         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
1049         (WebCore::AXObjectCache::rightWordRange):
1050         (WebCore::AXObjectCache::previousBoundary):
1051         * accessibility/AXObjectCache.h:
1052         (WebCore::AXObjectCache::isNodeInUse):
1053
1054 2016-07-19  Youenn Fablet  <youenn@apple.com>
1055
1056         [Streams API] ReadableStreamController methods should throw if its stream is not readable
1057         https://bugs.webkit.org/show_bug.cgi?id=159871
1058
1059         Reviewed by Xabier Rodriguez-Calvar.
1060
1061         Spec now mandates close and enqueue to throw if ReadableStream is not readable.
1062         Covered by rebased and/or modified tests.
1063
1064         * Modules/streams/ReadableStreamController.js:
1065         (enqueue): Throwing a TypeError if controlled stream is not readable.
1066         (close): Ditto.
1067
1068 2016-07-19  Simon Fraser  <simon.fraser@apple.com>
1069
1070         Bubbles appear split for a brief moment in Messages
1071         https://bugs.webkit.org/show_bug.cgi?id=159915
1072         rdar://problem/27182267
1073
1074         Reviewed by David Hyatt.
1075
1076         RenderView::repaintRootContents() had a long-standing bug in WebView when the
1077         view is scrolled. repaint() uses visualOverflowRect() but, for the 
1078         RenderView, the visualOverflowRect() is the initial containing block
1079         which is anchored at 0,0. When the view is scrolled it's clipped out and
1080         calls to repaintRootContents() have no effect.
1081         
1082         Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
1083         will clip it to the view if necessary.
1084
1085         Test: fast/repaint/scrolled-view-full-repaint.html
1086
1087         * rendering/RenderView.cpp:
1088         (WebCore::RenderView::repaintRootContents):
1089
1090 2016-07-19  Dan Bernstein  <mitz@apple.com>
1091
1092         <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'
1093
1094         * bindings/js/JSDOMGlobalObject.cpp:
1095         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.
1096
1097 2016-07-19  Youenn Fablet  <youenn@apple.com>
1098
1099         [Streams API] Make ReadableStream properties not enumerable
1100         https://bugs.webkit.org/show_bug.cgi?id=159868
1101
1102         Reviewed by Darin Adler.
1103
1104         Covered by rebased tests.
1105
1106         Uopdating IDL definitions to mark all functions/attributes as not enumerable.
1107         Updating IDL constructor definitions to correctly compute constructor length.
1108         Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).
1109
1110         * Modules/streams/ReadableStream.idl:
1111         * Modules/streams/ReadableStream.js:
1112         * Modules/streams/ReadableStreamController.idl:
1113         * Modules/streams/ReadableStreamReader.idl:
1114
1115 2016-07-19  Chris Dumez  <cdumez@apple.com>
1116
1117         form.enctype / encoding / method should treat null as "null" string
1118         https://bugs.webkit.org/show_bug.cgi?id=159916
1119
1120         Reviewed by Ryosuke Niwa.
1121
1122         form.enctype / encoding / method should treat null as "null" string:
1123         - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
1124
1125         Previously, WebKit would treat null as the null String, which would
1126         end up removing the existing attribute.
1127
1128         Firefox and Chrome match the specification.
1129
1130         Test: fast/dom/HTMLFormElement/null-handling.html
1131
1132         * html/HTMLFormElement.h:
1133         * html/HTMLFormElement.idl:
1134
1135 2016-07-18  Csaba Osztrogonác  <ossy@webkit.org>
1136
1137         All-in-one buildfix after r202439
1138         https://bugs.webkit.org/show_bug.cgi?id=159877
1139
1140         Reviewed by Chris Dumez.
1141
1142         * Modules/webaudio/AudioDestinationNode.h:
1143         (WebCore::AudioDestinationNode::resume):
1144         (WebCore::AudioDestinationNode::suspend):
1145         (WebCore::AudioDestinationNode::close):
1146
1147 2016-07-18  Frederic Wang  <fwang@igalia.com>
1148
1149         Move parsing of subscriptshift and superscriptshift from rendering to element classes
1150         https://bugs.webkit.org/show_bug.cgi?id=159622
1151
1152         Reviewed by Darin Adler.
1153
1154         We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
1155         mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
1156         subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
1157         attribute parsing to the DOM (bug 156536).
1158
1159         No new tests, rendering is unchanged.
1160
1161         * CMakeLists.txt: Add MathMLScriptsElement files.
1162         * WebCore.xcodeproj/project.pbxproj: Ditto.
1163         * mathml/MathMLAllInOne.cpp: Ditto.
1164         * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
1165         (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
1166         * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
1167         parsing for the subscriptshift and superscriptshift MathML lengths.
1168         (WebCore::MathMLScriptsElement::MathMLScriptsElement):
1169         (WebCore::MathMLScriptsElement::create):
1170         (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
1171         parsing the attribute again if necessary.
1172         (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
1173         (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
1174         (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
1175         * mathml/MathMLScriptsElement.h: Ditto.
1176         * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
1177         * rendering/mathml/RenderMathMLScripts.cpp:
1178         (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
1179         MathMLScriptsElement.
1180         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
1181         using the functions from the MathMLScriptsElement class.
1182         * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
1183
1184 2016-07-18  Frederic Wang  <fwang@igalia.com>
1185
1186         Do not store gap and shift parameters on RenderMathMLFraction
1187         https://bugs.webkit.org/show_bug.cgi?id=159876
1188
1189         Reviewed by Darin Adler.
1190
1191         After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
1192         do not need to store them on the class. We remove them and split updateLayoutParameters into
1193         three functions: one to update the linethickness and two others to retrieve the fraction and
1194         stack respectively.
1195
1196         No new tests, rendering is unchanged.
1197
1198         * rendering/mathml/RenderMathMLFraction.cpp:
1199         (WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
1200         (WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
1201         (WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
1202         (WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
1203         for fraction and stack parameters.
1204         (WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
1205         * rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
1206         for stack and fraction parameters.
1207
1208 2016-07-18  Chris Dumez  <cdumez@apple.com>
1209
1210         input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
1211         https://bugs.webkit.org/show_bug.cgi?id=159908
1212
1213         Reviewed by Alex Christensen.
1214
1215         input.formEnctype / formMethod and button.formEnctype / formMethod / type
1216         should treat null as "null" String:
1217         - https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
1218         - https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement
1219
1220         In WebKit, we would treat null as a null String which would end up
1221         removing the corresponding attribute. This does not match the
1222         specification. Firefox and Chrome match the specification here.
1223
1224         Tests:
1225         - fast/dom/HTMLButtonElement/null-handling.html
1226         - fast/dom/HTMLInputElement/null-handling.html
1227
1228         * html/HTMLButtonElement.idl:
1229         * html/HTMLInputElement.idl:
1230
1231 2016-07-18  Alex Christensen  <achristensen@webkit.org>
1232
1233         webbookmarksd needs to use the same AppCache directory as MobileSafari
1234         https://bugs.webkit.org/show_bug.cgi?id=159912
1235
1236         Reviewed by Alexey Proskuryakov.
1237
1238         No new tests.  This only changes behavior for webbookmarksd.
1239
1240         * platform/RuntimeApplicationChecks.h:
1241         * platform/RuntimeApplicationChecks.mm:
1242         (WebCore::IOSApplication::isWebBookmarksD): Added.
1243
1244 2016-07-18  Chris Dumez  <cdumez@apple.com>
1245
1246         EventTarget.dispatchEvent() parameter should not be nullable
1247         https://bugs.webkit.org/show_bug.cgi?id=159897
1248
1249         Reviewed by Benjamin Poulain.
1250
1251         EventTarget.dispatchEvent() parameter should not be nullable:
1252         - https://dom.spec.whatwg.org/#interface-eventtarget
1253
1254         Even though the parameter was marked as nullable in our IDL, our
1255         implementation does a null check and we already throw a TypeError
1256         when calling dispatchEvent(null).
1257
1258         Update our IDL so that it matches the specification and so that
1259         the null check is generated in the bindings instead.
1260
1261         No new tests, rebaseline existing tests.
1262
1263         * dom/EventTarget.cpp:
1264         (WebCore::EventTarget::dispatchEventForBindings):
1265         * dom/EventTarget.h:
1266         * dom/EventTarget.idl:
1267
1268 2016-07-18  Chris Dumez  <cdumez@apple.com>
1269
1270         DocType's publicId / systemId should not be nullable
1271         https://bugs.webkit.org/show_bug.cgi?id=159901
1272
1273         Reviewed by Benjamin Poulain.
1274
1275         DocType's publicId / systemId should not be nullable. While they were
1276         not marked as nullable in our IDL, they could be stored as null Strings
1277         in our implementation depending on how the Node was constructed. This
1278         led to subtle bugs where String() != emptyString().
1279
1280         In particular, Node.isEqualNode() would return false when DocumentType
1281         nodes would mismatch because of their publicId / systemId being null
1282         instead of the emptyString.
1283
1284         Serialization would DocumentType nodes would also be wrong when
1285         publicId / systemId were empty Strings instead of null strings. The
1286         new behavior now matches:
1287         - https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)
1288
1289         To address these issues, we now always store publicId / systemId as
1290         non-null Strings inside the DocumentType class.
1291
1292         Test: fast/dom/DocumentType/isEqualNode.html
1293
1294         * dom/DocumentType.cpp:
1295         (WebCore::DocumentType::DocumentType):
1296         * editing/MarkupAccumulator.cpp:
1297         (WebCore::MarkupAccumulator::appendDocumentType):
1298
1299 2016-07-18  Jeremy Jones  <jeremyj@apple.com>
1300
1301         If previous media session interruptions were prevented, still allow subsequent interruptions to try.
1302         https://bugs.webkit.org/show_bug.cgi?id=157553
1303         rdar://problem/25740804
1304
1305         Reviewed by Eric Carlson.
1306
1307         Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html
1308
1309         When suspending under lock on iOS, there is first a resign active event, then a
1310         suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
1311         suspend under lock to interrupt playback.
1312
1313         Currently if there are nested interruptions only the first one is acted upon.
1314
1315         This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
1316         previous interruptions were ignored.
1317
1318         This test is for iPad only, so it must be run manually.
1319
1320         * html/HTMLMediaElement.cpp:
1321         (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
1322         * platform/audio/PlatformMediaSession.cpp:
1323         (WebCore::PlatformMediaSession::beginInterruption):
1324         * testing/Internals.cpp:
1325         (WebCore::Internals::beginMediaSessionInterruption):
1326
1327 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1328
1329         Don't associate form-associated elements with forms in other trees.
1330         https://bugs.webkit.org/show_bug.cgi?id=119451
1331         <rdar://problem/27382946>
1332
1333         Change is based on the Blink change (patch by <adamk@chromium.org>):
1334         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
1335
1336         Reviewed by Chris Dumez.
1337
1338         Prevent elements from being associated with forms that are not part of the same home subtree.
1339         This brings us in line with the WhatWG HTML specification as of September, 2013.
1340
1341         Tests: fast/forms/image-disconnected-during-parse.html
1342                fast/forms/input-disconnected-during-parse.html
1343
1344         * dom/Element.h:
1345         (WebCore::Node::rootElement): Added.
1346         * html/FormAssociatedElement.cpp:
1347         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
1348         is not part of the same tree, remove the association.
1349         * html/HTMLImageElement.cpp:
1350         (WebCore::HTMLImageElement::insertedInto): Ditto.
1351
1352 2016-07-18  Anders Carlsson  <andersca@apple.com>
1353
1354         WebKit nightly fails to build on macOS Sierra
1355         https://bugs.webkit.org/show_bug.cgi?id=159902
1356         rdar://problem/27365672
1357
1358         Reviewed by Tim Horton.
1359
1360         * Modules/applepay/cocoa/PaymentCocoa.mm:
1361         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
1362         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
1363         * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
1364         Use new PassKitSPI header.
1365
1366         * WebCore.xcodeproj/project.pbxproj:
1367         Add new PassKitSPI header.
1368
1369         * icu/unicode/ucurr.h: Added.
1370         Add ucurr.h from ICU.
1371
1372         * platform/spi/cocoa/PassKitSPI.h: Added.
1373         Add new PassKitSPI header.
1374
1375 2016-07-18  Dean Jackson  <dino@apple.com>
1376
1377         REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
1378         https://bugs.webkit.org/show_bug.cgi?id=159906
1379         <rdar://problem/27391725>
1380
1381         Reviewed by Simon Fraser.
1382
1383         The fix for webkit.org/b/157569 in r200769 broke AMP pages.
1384         The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.
1385
1386         Revert them both until we have better testing.
1387
1388         * css/CSSParser.cpp:
1389         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
1390         (WebCore::CSSParser::parseValue):
1391         (WebCore::CSSParser::parseAnimationShorthand):
1392         (WebCore::CSSParser::parseTransitionShorthand): Deleted.
1393         * css/CSSPropertyNames.in:
1394         * css/PropertySetCSSStyleDeclaration.cpp:
1395         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
1396         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
1397         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
1398         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
1399         * css/StyleProperties.cpp:
1400         (WebCore::MutableStyleProperties::removeShorthandProperty):
1401         (WebCore::MutableStyleProperties::removeProperty):
1402         (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
1403         (WebCore::MutableStyleProperties::setProperty):
1404         (WebCore::getIndexInShorthandVectorForPrefixingVariant):
1405         (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
1406         (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
1407         (WebCore::StyleProperties::asText): Deleted.
1408         * css/StyleProperties.h:
1409
1410 2016-07-18  Andreas Kling  <akling@apple.com>
1411
1412         There should be a way to simulate memory pressure in layout tests
1413         <https://webkit.org/b/159743>
1414
1415         Reviewed by Simon Fraser.
1416
1417         Add three window.internal APIs:
1418
1419             - boolean isUnderMemoryPressure (readonly attribute)
1420             - void beginSimulatedMemoryPressure()
1421             - void endSimulatedMemoryPressure()
1422
1423         These make it possible to write tests that exercise behaviors that only
1424         occur during memory pressure situations.
1425
1426         I also implemented the "org.WebKit.lowMemory" notification handler using the new API.
1427
1428         Test: memory/memory-pressure-simulation.html
1429
1430         * platform/MemoryPressureHandler.cpp:
1431         (WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
1432         (WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):
1433         * platform/MemoryPressureHandler.h:
1434         (WebCore::MemoryPressureHandler::isUnderMemoryPressure):
1435         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1436         (WebCore::MemoryPressureHandler::platformReleaseMemory):
1437         (WebCore::MemoryPressureHandler::install):
1438         * testing/Internals.cpp:
1439         (WebCore::Internals::isUnderMemoryPressure):
1440         (WebCore::Internals::beginSimulatedMemoryPressure):
1441         (WebCore::Internals::endSimulatedMemoryPressure):
1442         * testing/Internals.h:
1443         * testing/Internals.idl:
1444
1445 2016-07-18  Said Abou-Hallawa  <sabouhallawa@apple,com>
1446
1447         [iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
1448         https://bugs.webkit.org/show_bug.cgi?id=158715
1449
1450         Reviewed by Dean Jackson.
1451
1452         Test: fast/images/displaced-non-cached-pdf.html
1453
1454         For iOS, we need to ensure the size of the cached PDF images will not
1455         exceed some limit. Also we should be caching only a sub image of the PDF
1456         if caching the whole image will exceed the memory limit.
1457
1458         * page/Settings.cpp:
1459         (WebCore::Settings::Settings):
1460         (WebCore::Settings::setCachedPDFImageEnabled):
1461         * page/Settings.h:
1462         (WebCore::Settings::isCachedPDFImageEnabled):
1463             Add an option to disable caching the PDF images.
1464
1465         * platform/graphics/cg/PDFDocumentImage.cpp:
1466         (WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
1467             Allow the caller of draw() to disable caching the PDF images.
1468         
1469         (WebCore::PDFDocumentImage::cacheParametersMatch):
1470             Match the context dirty rectangle with the cached image rectangle.
1471         
1472         (WebCore::transformContextForPainting):
1473             When preparing the context for drawing the PDF, take the location 
1474             of the destination rectangle into account. We do not need to scale
1475             the location of the source rectangle because we scale the size of
1476             the rectangle but we don't scale the whole coordinate system.
1477
1478         (WebCore::cachedImageRect):
1479             Calculate the rectangle of the cached image such that it does not
1480             exceed the limit. Start from the center of the dirty rectangle and
1481             then expand around it.
1482             
1483         (WebCore::PDFDocumentImage::decodedSizeChanged):
1484             In addition to notifying the ImageObserver, it keeps track of the size
1485             of all the cached PDF images.
1486
1487         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
1488             Ensure the size of all the cached images does not exceed the limit
1489             
1490         (WebCore::PDFDocumentImage::destroyDecodedData):
1491         * platform/graphics/cg/PDFDocumentImage.h:
1492
1493         * rendering/RenderImage.cpp:
1494         (WebCore::RenderImage::paintIntoRect):
1495             Pass the option to disable caching the PDF images to PDFDocumentImage.
1496
1497         * testing/InternalSettings.cpp:
1498         (WebCore::InternalSettings::Backup::Backup):
1499         (WebCore::InternalSettings::Backup::restoreTo):
1500         (WebCore::InternalSettings::setCachedPDFImageEnabled):
1501         * testing/InternalSettings.h:
1502         * testing/InternalSettings.idl:
1503             Add an internal option to disable caching the PDF images.
1504
1505 2016-07-18  Chris Dumez  <cdumez@apple.com>
1506
1507         The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
1508         https://bugs.webkit.org/show_bug.cgi?id=158008
1509
1510         Reviewed by Darin Adler.
1511
1512         The 2 first parameters to addEventListener() / removeEventListener() should be
1513         mandatory:
1514         - https://dom.spec.whatwg.org/#interface-eventtarget
1515
1516         Firefox 46 and Chrome 50 both match the specification and throw an exception when those
1517         parameters are omitted. However, those parameters were marked as optional in WebKit and
1518         the calls were no-ops if those parameters were omitted. This patch aligns our behavior
1519         with the specification and other browsers.
1520
1521         Test: fast/dom/eventtarget-api-parameters.html
1522
1523         * bindings/scripts/CodeGeneratorJS.pm:
1524         (GetFunctionLength): Deleted.
1525         * dom/EventTarget.idl:
1526
1527 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1528
1529         Unreviewed, rolling out r203373.
1530
1531         Unaddressed
1532
1533         Reverted changeset:
1534
1535         "Don't associate form-associated elements with forms in other
1536         trees."
1537         https://bugs.webkit.org/show_bug.cgi?id=119451
1538         http://trac.webkit.org/changeset/203373
1539
1540 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1541
1542         Don't associate form-associated elements with forms in other trees.
1543         https://bugs.webkit.org/show_bug.cgi?id=119451
1544         <rdar://problem/27382946>
1545
1546         Change is based on the Blink change (patch by <adamk@chromium.org>):
1547         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
1548
1549         Reviewed by Zalan Bujtas.
1550
1551         Prevent elements from being associated with forms that are not part of the same home subtree.
1552         This brings us in line with the WhatWG HTML specification as of September, 2013.
1553
1554         Tests: fast/forms/image-disconnected-during-parse.html
1555                fast/forms/input-disconnected-during-parse.html
1556
1557         * dom/NodeTraversal.h:
1558         (WebCore::NodeTraversal::highestAncestorOrSelf): Added.
1559         * html/FormAssociatedElement.cpp:
1560         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
1561         is not part of the same tree, remove the association.
1562         * html/HTMLImageElement.cpp:
1563         (WebCore::HTMLImageElement::insertedInto): Ditto.
1564
1565 2016-07-18  George Ruan  <gruan@apple.com>
1566
1567         Move MediaSampleAVFObjC into its own file
1568         https://bugs.webkit.org/show_bug.cgi?id=159796
1569         <rdar://problem/27362488>
1570
1571         In preparation for a feature that uses MediaSampleAVFObjC, but does
1572         not need SourceBufferPrivateAVFObjC, it is beneficial to move
1573         MediaSampleAVFObjC to its own file.
1574
1575         Reviewed by Eric Carlson.
1576
1577         * WebCore.xcodeproj/project.pbxproj:
1578         * platform/MediaSample.h: Allow setting trackID to associate
1579         MediaSample id with MediaStreamTrackPrivate id.
1580         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Added.
1581         * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm: Moved
1582         from MediaSampleAVFObjC
1583         (WebCore::MediaSampleAVFObjC::presentationTime):
1584         (WebCore::MediaSampleAVFObjC::decodeTime):
1585         (WebCore::MediaSampleAVFObjC::duration):
1586         (WebCore::MediaSampleAVFObjC::sizeInBytes):
1587         (WebCore::MediaSampleAVFObjC::platformSample):
1588         (WebCore::CMSampleBufferIsRandomAccess):
1589         (WebCore::MediaSampleAVFObjC::flags):
1590         (WebCore::MediaSampleAVFObjC::presentationSize):
1591         (WebCore::MediaSampleAVFObjC::dump):
1592         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy):
1593         (WebCore::MediaSampleAVFObjC::setTimestamps):
1594         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1595         Moved MediaSampleAVFObjC to its own file.
1596         (WebCore::MediaSampleAVFObjC::platformSample): Deleted.
1597         (WebCore::CMSampleBufferIsRandomAccess): Deleted.
1598         (WebCore::MediaSampleAVFObjC::flags): Deleted.
1599         (WebCore::MediaSampleAVFObjC::presentationSize): Deleted.
1600         (WebCore::MediaSampleAVFObjC::dump): Deleted.
1601         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Deleted.
1602         (WebCore::MediaSampleAVFObjC::setTimestamps): Deleted.
1603         * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
1604
1605 2016-07-18  Eric Carlson  <eric.carlson@apple.com>
1606
1607         [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
1608         https://bugs.webkit.org/show_bug.cgi?id=159812
1609         <rdar://problem/27371624>
1610
1611         Reviewed by Jon Lee.
1612
1613         No new tests, it isn't possible to test this with our current testing infrastructure.
1614
1615         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
1616         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1617         (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
1618         been an HDCP error.
1619         (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.
1620
1621 2016-07-18  Yoav Weiss  <yoav@yoav.ws>
1622
1623         Add preload to features.json
1624         https://bugs.webkit.org/show_bug.cgi?id=159872
1625
1626         Reviewed by Darin Adler.
1627
1628         No new tests but no functional change.
1629
1630         * features.json:
1631
1632 2016-07-18  Youenn Fablet  <youenn@apple.com>
1633
1634         [Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
1635         https://bugs.webkit.org/show_bug.cgi?id=159870
1636
1637         Reviewed by Xabier Rodriguez-Calvar.
1638
1639         Covered by rebased test.
1640
1641         * Modules/streams/StreamInternals.js:
1642         (validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.
1643
1644 2016-07-18  Csaba Osztrogonác  <ossy@webkit.org>
1645
1646         Windows buildfix after r203338
1647         https://bugs.webkit.org/show_bug.cgi?id=159875
1648
1649         Unreviewed buildfix.
1650
1651         * dom/UserGestureIndicator.h:
1652         (WebCore::UserGestureToken::addDestructionObserver):
1653
1654 2016-07-18  Carlos Garcia Campos  <cgarcia@igalia.com>
1655
1656         MemoryPressureHandler doesn't work if cgroups aren't present in Linux
1657         https://bugs.webkit.org/show_bug.cgi?id=155255
1658
1659         Reviewed by Sergio Villar Senin.
1660
1661         Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
1662         available.
1663
1664         * platform/MemoryPressureHandler.h:
1665         * platform/linux/MemoryPressureHandlerLinux.cpp:
1666
1667 2016-07-17  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1668
1669         Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
1670         https://bugs.webkit.org/show_bug.cgi?id=159701
1671
1672         Reviewed by Alex Christensen.
1673
1674         No new tests, no behavior changes.
1675
1676         * Modules/encryptedmedia/CDM.h:
1677         * Modules/encryptedmedia/MediaKeySession.h:
1678         * Modules/encryptedmedia/MediaKeys.h:
1679         * Modules/quota/DOMWindowQuota.cpp:
1680         * Modules/quota/StorageErrorCallback.cpp:
1681         (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
1682         * Modules/quota/StorageErrorCallback.h:
1683         * Modules/quota/StorageInfo.h:
1684         * Modules/quota/StorageQuota.h:
1685         * Modules/speech/DOMWindowSpeechSynthesis.cpp:
1686         * Modules/speech/SpeechSynthesis.cpp:
1687         (WebCore::SpeechSynthesis::getVoices):
1688         (WebCore::SpeechSynthesis::startSpeakingImmediately):
1689         (WebCore::SpeechSynthesis::speak):
1690         (WebCore::SpeechSynthesis::cancel):
1691         (WebCore::SpeechSynthesis::handleSpeakingCompleted):
1692         (WebCore::SpeechSynthesis::boundaryEventOccurred):
1693         (WebCore::SpeechSynthesis::didStartSpeaking):
1694         (WebCore::SpeechSynthesis::didPauseSpeaking):
1695         (WebCore::SpeechSynthesis::didResumeSpeaking):
1696         (WebCore::SpeechSynthesis::didFinishSpeaking):
1697         (WebCore::SpeechSynthesis::speakingErrorOccurred):
1698         * Modules/speech/SpeechSynthesis.h:
1699         * Modules/speech/SpeechSynthesisEvent.h:
1700         * Modules/speech/SpeechSynthesisUtterance.h:
1701         * Modules/speech/SpeechSynthesisVoice.cpp:
1702         (WebCore::SpeechSynthesisVoice::create):
1703         (WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):
1704         * Modules/speech/SpeechSynthesisVoice.h:
1705         * platform/PlatformSpeechSynthesizer.h:
1706         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
1707         (WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):
1708         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
1709         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
1710         (WebCore::PlatformSpeechSynthesizerMock::speak):
1711         (WebCore::PlatformSpeechSynthesizerMock::cancel):
1712         (WebCore::PlatformSpeechSynthesizerMock::pause):
1713         (WebCore::PlatformSpeechSynthesizerMock::resume):
1714
1715 2016-07-16  Sam Weinig  <sam@webkit.org>
1716
1717         [WebKit API] Add SPI to track multiple navigations caused by a single user gesture
1718         <rdar://problem/26554137>
1719         https://bugs.webkit.org/show_bug.cgi?id=159856
1720
1721         Reviewed by Dan Bernstein.
1722
1723         - Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
1724         - Makes UserGestureIndicator track UserGestureToken.
1725         - Refines UserGestureIndicator's interface to use Optional and a smaller enum set
1726           to represent the different initial states.
1727         - Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, 
1728           postMessage, and ScheduledNavigation) rather than just a boolean.
1729
1730         * accessibility/AccessibilityNodeObject.cpp:
1731         (WebCore::AccessibilityNodeObject::increment):
1732         (WebCore::AccessibilityNodeObject::decrement):
1733         * accessibility/AccessibilityObject.cpp:
1734         (WebCore::AccessibilityObject::press):
1735         * bindings/js/ScriptController.cpp:
1736         (WebCore::ScriptController::executeScriptInWorld):
1737         (WebCore::ScriptController::executeScript):
1738         Update for new UserGestureIndicator interface.
1739
1740         * dom/UserGestureIndicator.cpp:
1741         (WebCore::currentToken):
1742         (WebCore::UserGestureToken::~UserGestureToken):
1743         (WebCore::UserGestureIndicator::UserGestureIndicator):
1744         (WebCore::UserGestureIndicator::~UserGestureIndicator):
1745         (WebCore::UserGestureIndicator::currentUserGesture):
1746         (WebCore::UserGestureIndicator::processingUserGesture):
1747         (WebCore::UserGestureIndicator::processingUserGestureForMedia):
1748         (WebCore::isDefinite): Deleted.
1749         * dom/UserGestureIndicator.h:
1750         (WebCore::UserGestureToken::create):
1751         (WebCore::UserGestureToken::state):
1752         (WebCore::UserGestureToken::processingUserGesture):
1753         (WebCore::UserGestureToken::processingUserGestureForMedia):
1754         (WebCore::UserGestureToken::addDestructionObserver):
1755         (WebCore::UserGestureToken::UserGestureToken):
1756         Add UserGestureToken and track the current one explicitly.
1757
1758         * html/HTMLMediaElement.cpp:
1759         (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
1760         * inspector/InspectorFrontendClientLocal.cpp:
1761         (WebCore::InspectorFrontendClientLocal::openInNewTab):
1762         * inspector/InspectorFrontendHost.cpp:
1763         * inspector/InspectorPageAgent.cpp:
1764         (WebCore::InspectorPageAgent::navigate):
1765         Update for new UserGestureIndicator interface.
1766
1767         * loader/NavigationAction.cpp:
1768         (WebCore::NavigationAction::NavigationAction):
1769         * loader/NavigationAction.h:
1770         (WebCore::NavigationAction::userGestureToken):
1771         (WebCore::NavigationAction::processingUserGesture):
1772         * loader/NavigationScheduler.cpp:
1773         (WebCore::ScheduledNavigation::ScheduledNavigation):
1774         (WebCore::ScheduledNavigation::~ScheduledNavigation):
1775         (WebCore::ScheduledNavigation::lockBackForwardList):
1776         (WebCore::ScheduledNavigation::wasDuringLoad):
1777         (WebCore::ScheduledNavigation::isLocationChange):
1778         (WebCore::ScheduledNavigation::userGestureToForward):
1779         (WebCore::ScheduledNavigation::clearUserGesture):
1780         (WebCore::NavigationScheduler::mustLockBackForwardList):
1781         (WebCore::NavigationScheduler::scheduleFormSubmission):
1782         (WebCore::ScheduledNavigation::wasUserGesture): Deleted.
1783         * page/DOMTimer.cpp:
1784         (WebCore::shouldForwardUserGesture):
1785         (WebCore::userGestureTokenToForward):
1786         (WebCore::DOMTimer::DOMTimer):
1787         (WebCore::DOMTimer::fired):
1788         * page/DOMTimer.h:
1789         * page/DOMWindow.cpp:
1790         (WebCore::PostMessageTimer::PostMessageTimer):
1791         Store the active UserGestureToken rather than just a bit.
1792
1793         * page/EventHandler.cpp:
1794         (WebCore::EventHandler::handleMousePressEvent):
1795         (WebCore::EventHandler::handleMouseDoubleClickEvent):
1796         (WebCore::EventHandler::handleMouseReleaseEvent):
1797         (WebCore::EventHandler::keyEvent):
1798         (WebCore::EventHandler::handleTouchEvent):
1799         * rendering/HitTestResult.cpp:
1800         (WebCore::HitTestResult::toggleMediaFullscreenState):
1801         (WebCore::HitTestResult::enterFullscreenForVideo):
1802         (WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
1803         Update for new UserGestureIndicator interface.
1804
1805 2016-07-17  Ryosuke Niwa  <rniwa@webkit.org>
1806
1807         Rename fastHasAttribute to hasAttributeWithoutSynchronization
1808         https://bugs.webkit.org/show_bug.cgi?id=159864
1809
1810         Reviewed by Chris Dumez.
1811
1812         Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.
1813
1814         * accessibility/AccessibilityListBoxOption.cpp:
1815         (WebCore::AccessibilityListBoxOption::isEnabled):
1816         * accessibility/AccessibilityObject.cpp:
1817         (WebCore::AccessibilityObject::hasAttribute):
1818         (WebCore::AccessibilityObject::getAttribute):
1819         * accessibility/AccessibilityRenderObject.cpp:
1820         (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
1821         * bindings/scripts/CodeGenerator.pm:
1822         (GetterExpression):
1823         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
1824         * bindings/scripts/test/JS/JSTestObj.cpp:
1825         (WebCore::jsTestObjReflectedBooleanAttr):
1826         (WebCore::jsTestObjReflectedCustomBooleanAttr):
1827         * bindings/scripts/test/ObjC/DOMTestObj.mm:
1828         (-[DOMTestObj reflectedBooleanAttr]):
1829         (-[DOMTestObj setReflectedBooleanAttr:]):
1830         (-[DOMTestObj reflectedCustomBooleanAttr]):
1831         (-[DOMTestObj setReflectedCustomBooleanAttr:]):
1832         * dom/Document.cpp:
1833         (WebCore::Document::hasManifest):
1834         (WebCore::Document::doctype):
1835         * dom/Element.h:
1836         (WebCore::Node::parentElement):
1837         (WebCore::Element::hasAttributeWithoutSynchronization):
1838         (WebCore::Element::fastHasAttribute): Deleted.
1839         * editing/ApplyStyleCommand.cpp:
1840         (WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):
1841         * editing/DeleteSelectionCommand.cpp:
1842         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
1843         * editing/markup.cpp:
1844         (WebCore::createMarkupInternal):
1845         * html/ColorInputType.cpp:
1846         (WebCore::ColorInputType::shouldShowSuggestions):
1847         * html/FileInputType.cpp:
1848         (WebCore::FileInputType::handleDOMActivateEvent):
1849         (WebCore::FileInputType::receiveDroppedFiles):
1850         * html/FormAssociatedElement.cpp:
1851         (WebCore::FormAssociatedElement::didMoveToNewDocument):
1852         (WebCore::FormAssociatedElement::insertedInto):
1853         (WebCore::FormAssociatedElement::removedFrom):
1854         (WebCore::FormAssociatedElement::formAttributeChanged):
1855         * html/FormController.cpp:
1856         (WebCore::ownerFormForState):
1857         * html/GenericCachedHTMLCollection.cpp:
1858         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
1859         * html/HTMLAnchorElement.cpp:
1860         (WebCore::HTMLAnchorElement::draggable):
1861         (WebCore::HTMLAnchorElement::href):
1862         (WebCore::HTMLAnchorElement::sendPings):
1863         * html/HTMLAppletElement.cpp:
1864         (WebCore::HTMLAppletElement::rendererIsNeeded):
1865         * html/HTMLElement.cpp:
1866         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
1867         (WebCore::elementAffectsDirectionality):
1868         (WebCore::setHasDirAutoFlagRecursively):
1869         * html/HTMLEmbedElement.cpp:
1870         (WebCore::HTMLEmbedElement::rendererIsNeeded):
1871         * html/HTMLFieldSetElement.cpp:
1872         (WebCore::updateFromControlElementsAncestorDisabledStateUnder):
1873         (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
1874         (WebCore::HTMLFieldSetElement::disabledStateChanged):
1875         (WebCore::HTMLFieldSetElement::childrenChanged):
1876         * html/HTMLFormControlElement.cpp:
1877         (WebCore::HTMLFormControlElement::formNoValidate):
1878         (WebCore::HTMLFormControlElement::formAction):
1879         (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
1880         (WebCore::shouldAutofocus):
1881         * html/HTMLFormElement.cpp:
1882         (WebCore::HTMLFormElement::formElementIndex):
1883         (WebCore::HTMLFormElement::noValidate):
1884         * html/HTMLFrameElement.cpp:
1885         (WebCore::HTMLFrameElement::noResize):
1886         (WebCore::HTMLFrameElement::didAttachRenderers):
1887         * html/HTMLFrameElementBase.cpp:
1888         (WebCore::HTMLFrameElementBase::parseAttribute):
1889         (WebCore::HTMLFrameElementBase::location):
1890         * html/HTMLHRElement.cpp:
1891         (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
1892         * html/HTMLImageElement.cpp:
1893         (WebCore::HTMLImageElement::isServerMap):
1894         * html/HTMLInputElement.cpp:
1895         (WebCore::HTMLInputElement::finishParsingChildren):
1896         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
1897         (WebCore::HTMLInputElement::isActivatedSubmit):
1898         (WebCore::HTMLInputElement::reset):
1899         (WebCore::HTMLInputElement::multiple):
1900         (WebCore::HTMLInputElement::setSize):
1901         (WebCore::HTMLInputElement::shouldUseMediaCapture):
1902         * html/HTMLMarqueeElement.cpp:
1903         (WebCore::HTMLMarqueeElement::minimumDelay):
1904         * html/HTMLMediaElement.cpp:
1905         (WebCore::HTMLMediaElement::insertedInto):
1906         (WebCore::HTMLMediaElement::selectMediaResource):
1907         (WebCore::HTMLMediaElement::loadResource):
1908         (WebCore::HTMLMediaElement::autoplay):
1909         (WebCore::HTMLMediaElement::preload):
1910         (WebCore::HTMLMediaElement::loop):
1911         (WebCore::HTMLMediaElement::setLoop):
1912         (WebCore::HTMLMediaElement::controls):
1913         (WebCore::HTMLMediaElement::setControls):
1914         (WebCore::HTMLMediaElement::muted):
1915         (WebCore::HTMLMediaElement::setMuted):
1916         (WebCore::HTMLMediaElement::selectNextSourceChild):
1917         (WebCore::HTMLMediaElement::sourceWasAdded):
1918         (WebCore::HTMLMediaElement::mediaSessionTitle):
1919         * html/HTMLObjectElement.cpp:
1920         (WebCore::HTMLObjectElement::parseAttribute):
1921         * html/HTMLOptGroupElement.cpp:
1922         (WebCore::HTMLOptGroupElement::isDisabledFormControl):
1923         (WebCore::HTMLOptGroupElement::isFocusable):
1924         * html/HTMLOptionElement.cpp:
1925         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
1926         (WebCore::HTMLOptionElement::text):
1927         * html/HTMLProgressElement.cpp:
1928         (WebCore::HTMLProgressElement::isDeterminate):
1929         (WebCore::HTMLProgressElement::didElementStateChange):
1930         * html/HTMLScriptElement.cpp:
1931         (WebCore::HTMLScriptElement::async):
1932         (WebCore::HTMLScriptElement::setCrossOrigin):
1933         (WebCore::HTMLScriptElement::asyncAttributeValue):
1934         (WebCore::HTMLScriptElement::deferAttributeValue):
1935         (WebCore::HTMLScriptElement::hasSourceAttribute):
1936         (WebCore::HTMLScriptElement::dispatchLoadEvent):
1937         * html/HTMLSelectElement.cpp:
1938         (WebCore::HTMLSelectElement::reset):
1939         * html/HTMLTrackElement.cpp:
1940         (WebCore::HTMLTrackElement::isDefault):
1941         (WebCore::HTMLTrackElement::ensureTrack):
1942         (WebCore::HTMLTrackElement::loadTimerFired):
1943         * html/MediaElementSession.cpp:
1944         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
1945         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
1946         (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading):
1947         * html/SearchInputType.cpp:
1948         (WebCore::SearchInputType::searchEventsShouldBeDispatched):
1949         (WebCore::SearchInputType::didSetValueByUserEdit):
1950         * inspector/InspectorDOMAgent.cpp:
1951         (WebCore::InspectorDOMAgent::buildObjectForNode):
1952         * loader/FrameLoader.cpp:
1953         (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
1954         (WebCore::FrameLoader::findFrameForNavigation):
1955         * loader/ImageLoader.cpp:
1956         (WebCore::ImageLoader::notifyFinished):
1957         * mathml/MathMLSelectElement.cpp:
1958         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
1959         * rendering/RenderTableCell.cpp:
1960         (WebCore::RenderTableCell::computePreferredLogicalWidths):
1961         * rendering/RenderThemeIOS.mm:
1962         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
1963         * rendering/SimpleLineLayout.cpp:
1964         (WebCore::SimpleLineLayout::canUseForWithReason):
1965         * rendering/svg/RenderSVGResourceClipper.cpp:
1966         (WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):
1967         * svg/SVGAnimateMotionElement.cpp:
1968         (WebCore::SVGAnimateMotionElement::updateAnimationPath):
1969         * svg/SVGAnimationElement.cpp:
1970         (WebCore::SVGAnimationElement::startedActiveInterval):
1971         (WebCore::SVGAnimationElement::updateAnimation):
1972         * svg/animation/SVGSMILElement.cpp:
1973         (WebCore::SVGSMILElement::insertedInto):
1974
1975 2016-07-17  Brady Eidson  <beidson@apple.com>
1976
1977         Exceptions logged to the JS console should use toString().
1978         https://bugs.webkit.org/show_bug.cgi?id=159855
1979
1980         Reviewed by Darin Adler.
1981
1982         No new tests (No change in behavior).
1983
1984         * bindings/js/JSDOMBinding.cpp:
1985         (WebCore::reportException):
1986
1987         * dom/DOMCoreException.h:
1988         (WebCore::DOMCoreException::DOMCoreException):
1989
1990         * dom/ExceptionBase.cpp:
1991         (WebCore::ExceptionBase::ExceptionBase):
1992         (WebCore::ExceptionBase::toString):
1993         (WebCore::ExceptionBase::consoleErrorMessage): Deleted.
1994         * dom/ExceptionBase.h:
1995         (WebCore::ExceptionBase::description): Deleted.
1996
1997         * svg/SVGException.h:
1998
1999         * xml/XPathException.h:
2000         (WebCore::XPathException::XPathException):
2001
2002 2016-07-17  Brady Eidson  <beidson@apple.com>
2003
2004         Update DOMCoreException to use the description in toString().
2005         https://bugs.webkit.org/show_bug.cgi?id=159857
2006
2007         Reviewed by Darin Adler.
2008
2009         No new tests (Covered by changes to existing tests).
2010
2011         * bindings/js/JSDOMBinding.cpp:
2012         (WebCore::createDOMException):
2013
2014         * dom/DOMCoreException.h:
2015         (WebCore::DOMCoreException::DOMCoreException):
2016         (WebCore::DOMCoreException::createWithDescriptionAsMessage): Deleted.
2017
2018 2016-07-17  Myles C. Maxfield  <mmaxfield@apple.com>
2019
2020         Support new emoji group candidates
2021         https://bugs.webkit.org/show_bug.cgi?id=159755
2022         <rdar://problem/27325521>
2023
2024         Reviewed by Dean Jackson.
2025
2026         There are a few code points which should be able to be joined (with ZWJ) to
2027         either U+2640 or U+2642 to change the gender of the emoji. These patterns
2028         should also work with an additional 0xFE0F variation selector. This patch
2029         adds these new patterns to our existing emoji group candidate infrastructure.
2030
2031         Tests: fast/text/emoji-gender-2-3.html
2032                fast/text/emoji-gender-2-4.html
2033                fast/text/emoji-gender-2-5.html
2034                fast/text/emoji-gender-2-6.html
2035                fast/text/emoji-gender-2-7.html
2036                fast/text/emoji-gender-2-8.html
2037                fast/text/emoji-gender-2-9.html
2038                fast/text/emoji-gender-2.html
2039                fast/text/emoji-gender-3.html
2040                fast/text/emoji-gender-4.html
2041                fast/text/emoji-gender-5.html
2042                fast/text/emoji-gender-6.html
2043                fast/text/emoji-gender-7.html
2044                fast/text/emoji-gender-8.html
2045                fast/text/emoji-gender-9.html
2046                fast/text/emoji-gender-fe0f-3.html
2047                fast/text/emoji-gender-fe0f-4.html
2048                fast/text/emoji-gender-fe0f-5.html
2049                fast/text/emoji-gender-fe0f-6.html
2050                fast/text/emoji-gender-fe0f-7.html
2051                fast/text/emoji-gender-fe0f-8.html
2052                fast/text/emoji-gender-fe0f-9.html
2053                fast/text/emoji-gender.html
2054                fast/text/emoji-num-glyphs.html
2055                fast/text/emoji-single-parent-family-2.html
2056                fast/text/emoji-single-parent-family.html
2057
2058         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
2059         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
2060         * platform/graphics/FontCascade.cpp:
2061         (WebCore::FontCascade::characterRangeCodePath):
2062         * platform/text/CharacterProperties.h:
2063         (WebCore::isEmojiGroupCandidate):
2064
2065 2016-07-16  Brady Eidson  <beidson@apple.com>
2066
2067         Update SVGException to use the description in toString().
2068         https://bugs.webkit.org/show_bug.cgi?id=159847
2069
2070         Reviewed by Darin Adler.
2071
2072         No new tests (Covered by changes to existing tests).
2073
2074         * bindings/js/JSDOMBinding.cpp:
2075         (WebCore::reportException): use consoleErrorMessage for now.
2076
2077         * dom/ExceptionBase.cpp:
2078         (WebCore::ExceptionBase::consoleErrorMessage):
2079         * dom/ExceptionBase.h:
2080
2081         * svg/SVGException.h:
2082
2083 2016-07-16  Chris Dumez  <cdumez@apple.com>
2084
2085         Use fastHasAttribute() when possible
2086         https://bugs.webkit.org/show_bug.cgi?id=159838
2087
2088         Reviewed by Ryosuke Niwa.
2089
2090         Use fastHasAttribute() when possible, for performance.
2091
2092         * editing/DeleteSelectionCommand.cpp:
2093         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
2094         * editing/markup.cpp:
2095         (WebCore::createMarkupInternal):
2096         * html/HTMLAnchorElement.cpp:
2097         (WebCore::HTMLAnchorElement::draggable):
2098         * html/HTMLFrameElementBase.cpp:
2099         (WebCore::HTMLFrameElementBase::parseAttribute):
2100         * mathml/MathMLSelectElement.cpp:
2101         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2102         * rendering/RenderThemeIOS.mm:
2103         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
2104
2105 2016-07-16  Ryosuke Niwa  <rniwa@webkit.org>
2106
2107         Rename fastGetAttribute to attributeWithoutSynchronization
2108         https://bugs.webkit.org/show_bug.cgi?id=159852
2109
2110         Reviewed by Darin Adler.
2111
2112         Renamed fastGetAttribute to attributeWithoutSynchronization for clarity.
2113
2114         * accessibility/AXObjectCache.cpp:
2115         (WebCore::AXObjectCache::findAriaModalNodes):
2116         (WebCore::nodeHasRole):
2117         (WebCore::AXObjectCache::handleLiveRegionCreated):
2118         (WebCore::AXObjectCache::handleMenuItemSelected):
2119         (WebCore::AXObjectCache::handleAriaModalChange):
2120         (WebCore::isNodeAriaVisible):
2121         * accessibility/AccessibilityNodeObject.cpp:
2122         (WebCore::siblingWithAriaRole):
2123         (WebCore::AccessibilityNodeObject::titleElementText):
2124         (WebCore::AccessibilityNodeObject::alternativeTextForWebArea):
2125         (WebCore::AccessibilityNodeObject::hierarchicalLevel):
2126         (WebCore::AccessibilityNodeObject::stringValue):
2127         (WebCore::accessibleNameForNode):
2128         * accessibility/AccessibilityObject.cpp:
2129         (WebCore::AccessibilityObject::contentEditableAttributeIsEnabled):
2130         (WebCore::AccessibilityObject::getAttribute):
2131         * accessibility/AccessibilityRenderObject.cpp:
2132         (WebCore::AccessibilityRenderObject::stringValue):
2133         (WebCore::AccessibilityRenderObject::exposesTitleUIElement):
2134         * accessibility/AccessibilitySVGElement.cpp:
2135         (WebCore::AccessibilitySVGElement::childElementWithMatchingLanguage):
2136         (WebCore::AccessibilitySVGElement::accessibilityDescription):
2137         * bindings/objc/DOM.mm:
2138         (-[DOMHTMLLinkElement _mediaQueryMatches]):
2139         * bindings/scripts/CodeGenerator.pm:
2140         (GetterExpression):
2141         * bindings/scripts/CodeGeneratorObjC.pm:
2142         (GenerateImplementation):
2143         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2144         * bindings/scripts/test/JS/JSTestObj.cpp:
2145         (WebCore::jsTestObjReflectedStringAttr):
2146         * dom/AuthorStyleSheets.cpp:
2147         (WebCore::AuthorStyleSheets::collectActiveStyleSheets):
2148         * dom/Document.cpp:
2149         (WebCore::Document::buildAccessKeyMap):
2150         (WebCore::Document::processBaseElement):
2151         * dom/DocumentOrderedMap.cpp:
2152         (WebCore::DocumentOrderedMap::getElementByLabelForAttribute):
2153         * dom/Element.cpp:
2154         (WebCore::Element::imageSourceURL):
2155         (WebCore::Element::rendererIsNeeded):
2156         (WebCore::Element::insertedInto):
2157         (WebCore::Element::removedFrom):
2158         (WebCore::Element::pseudo):
2159         (WebCore::Element::setPseudo):
2160         (WebCore::Element::spellcheckAttributeState):
2161         (WebCore::Element::canContainRangeEndPoint):
2162         (WebCore::Element::completeURLsInAttributeValue):
2163         * dom/Element.h:
2164         (WebCore::Element::fastHasAttribute):
2165         (WebCore::Element::attributeWithoutSynchronization):
2166         (WebCore::Element::fastGetAttribute): Deleted.
2167         * dom/InlineStyleSheetOwner.cpp:
2168         (WebCore::InlineStyleSheetOwner::createSheet):
2169         * dom/ScriptElement.cpp:
2170         (WebCore::ScriptElement::requestScript):
2171         (WebCore::ScriptElement::executeScript):
2172         * dom/SlotAssignment.cpp:
2173         (WebCore::slotNameFromSlotAttribute):
2174         (WebCore::SlotAssignment::SlotAssignment):
2175         (WebCore::recursivelyFireSlotChangeEvent):
2176         (WebCore::SlotAssignment::didChangeSlot):
2177         (WebCore::SlotAssignment::hostChildElementDidChange):
2178         (WebCore::SlotAssignment::assignedNodesForSlot):
2179         (WebCore::SlotAssignment::resolveAllSlotElements):
2180         * dom/TreeScope.cpp:
2181         (WebCore::TreeScope::labelElementForId):
2182         * dom/VisitedLinkState.cpp:
2183         (WebCore::linkAttribute):
2184         * editing/ApplyStyleCommand.cpp:
2185         (WebCore::isLegacyAppleStyleSpan):
2186         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
2187         * editing/EditingStyle.cpp:
2188         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
2189         * editing/ReplaceSelectionCommand.cpp:
2190         (WebCore::isInterchangeNewlineNode):
2191         (WebCore::isInterchangeConvertedSpaceSpan):
2192         (WebCore::positionAvoidingPrecedingNodes):
2193         (WebCore::isMailPasteAsQuotationNode):
2194         (WebCore::isHeaderElement):
2195         (WebCore::isInlineNodeWithStyle):
2196         * editing/TextIterator.cpp:
2197         (WebCore::isRendererReplacedElement):
2198         * editing/cocoa/DataDetection.mm:
2199         (WebCore::DataDetection::isDataDetectorLink):
2200         (WebCore::DataDetection::requiresExtendedContext):
2201         (WebCore::DataDetection::dataDetectorIdentifier):
2202         (WebCore::DataDetection::shouldCancelDefaultAction):
2203         (WebCore::removeResultLinksFromAnchor):
2204         (WebCore::searchForLinkRemovingExistingDDLinks):
2205         * editing/gtk/EditorGtk.cpp:
2206         (WebCore::elementURL):
2207         * editing/htmlediting.cpp:
2208         (WebCore::isTabSpanNode):
2209         (WebCore::isTabSpanTextNode):
2210         (WebCore::isMailBlockquote):
2211         (WebCore::caretMinOffset):
2212         * editing/markup.cpp:
2213         (WebCore::createFragmentFromMarkup):
2214         * html/Autofill.cpp:
2215         (WebCore::AutofillData::createFromHTMLFormControlElement):
2216         * html/BaseTextInputType.cpp:
2217         (WebCore::BaseTextInputType::patternMismatch):
2218         * html/DateInputType.cpp:
2219         (WebCore::DateInputType::createStepRange):
2220         * html/DateTimeInputType.cpp:
2221         (WebCore::DateTimeInputType::createStepRange):
2222         * html/DateTimeLocalInputType.cpp:
2223         (WebCore::DateTimeLocalInputType::createStepRange):
2224         * html/FormAssociatedElement.cpp:
2225         (WebCore::FormAssociatedElement::findAssociatedForm):
2226         (WebCore::FormAssociatedElement::resetFormAttributeTargetObserver):
2227         (WebCore::FormAssociatedElement::formAttributeTargetChanged):
2228         * html/HTMLAnchorElement.cpp:
2229         (WebCore::HTMLAnchorElement::draggable):
2230         (WebCore::HTMLAnchorElement::href):
2231         (WebCore::HTMLAnchorElement::setHref):
2232         (WebCore::HTMLAnchorElement::target):
2233         (WebCore::HTMLAnchorElement::origin):
2234         (WebCore::HTMLAnchorElement::sendPings):
2235         (WebCore::HTMLAnchorElement::handleClick):
2236         * html/HTMLAnchorElement.h:
2237         (WebCore::HTMLAnchorElement::visitedLinkHash):
2238         * html/HTMLAppletElement.cpp:
2239         (WebCore::HTMLAppletElement::updateWidget):
2240         * html/HTMLAreaElement.cpp:
2241         (WebCore::HTMLAreaElement::target):
2242         * html/HTMLAttachmentElement.cpp:
2243         (WebCore::HTMLAttachmentElement::attachmentTitle):
2244         (WebCore::HTMLAttachmentElement::attachmentType):
2245         * html/HTMLBaseElement.cpp:
2246         (WebCore::HTMLBaseElement::target):
2247         (WebCore::HTMLBaseElement::href):
2248         * html/HTMLBodyElement.cpp:
2249         (WebCore::HTMLBodyElement::addSubresourceAttributeURLs):
2250         * html/HTMLButtonElement.cpp:
2251         (WebCore::HTMLButtonElement::value):
2252         (WebCore::HTMLButtonElement::computeWillValidate):
2253         * html/HTMLCanvasElement.cpp:
2254         (WebCore::HTMLCanvasElement::reset):
2255         * html/HTMLDocument.cpp:
2256         (WebCore::HTMLDocument::bgColor):
2257         (WebCore::HTMLDocument::setBgColor):
2258         (WebCore::HTMLDocument::fgColor):
2259         (WebCore::HTMLDocument::setFgColor):
2260         (WebCore::HTMLDocument::alinkColor):
2261         (WebCore::HTMLDocument::setAlinkColor):
2262         (WebCore::HTMLDocument::linkColor):
2263         (WebCore::HTMLDocument::setLinkColor):
2264         (WebCore::HTMLDocument::vlinkColor):
2265         (WebCore::HTMLDocument::setVlinkColor):
2266         * html/HTMLElement.cpp:
2267         (WebCore::contentEditableType):
2268         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
2269         (WebCore::HTMLElement::dir):
2270         (WebCore::HTMLElement::setDir):
2271         (WebCore::HTMLElement::draggable):
2272         (WebCore::HTMLElement::setDraggable):
2273         (WebCore::HTMLElement::title):
2274         (WebCore::HTMLElement::tabIndex):
2275         (WebCore::HTMLElement::translateAttributeMode):
2276         (WebCore::HTMLElement::hasDirectionAuto):
2277         (WebCore::HTMLElement::directionality):
2278         * html/HTMLEmbedElement.cpp:
2279         (WebCore::HTMLEmbedElement::imageSourceURL):
2280         (WebCore::HTMLEmbedElement::addSubresourceAttributeURLs):
2281         * html/HTMLFormControlElement.cpp:
2282         (WebCore::HTMLFormControlElement::formEnctype):
2283         (WebCore::HTMLFormControlElement::formMethod):
2284         (WebCore::HTMLFormControlElement::formAction):
2285         (WebCore::HTMLFormControlElement::autocorrect):
2286         (WebCore::HTMLFormControlElement::autocapitalizeType):
2287         * html/HTMLFormElement.cpp:
2288         (WebCore::HTMLFormElement::autocorrect):
2289         (WebCore::HTMLFormElement::autocapitalizeType):
2290         (WebCore::HTMLFormElement::autocapitalize):
2291         (WebCore::HTMLFormElement::action):
2292         (WebCore::HTMLFormElement::setAction):
2293         (WebCore::HTMLFormElement::target):
2294         (WebCore::HTMLFormElement::wasUserSubmitted):
2295         (WebCore::HTMLFormElement::shouldAutocomplete):
2296         (WebCore::HTMLFormElement::finishParsingChildren):
2297         (WebCore::HTMLFormElement::autocomplete):
2298         * html/HTMLFrameElementBase.cpp:
2299         (WebCore::HTMLFrameElementBase::location):
2300         (WebCore::HTMLFrameElementBase::setLocation):
2301         * html/HTMLHtmlElement.cpp:
2302         (WebCore::HTMLHtmlElement::insertedByParser):
2303         * html/HTMLImageElement.cpp:
2304         (WebCore::HTMLImageElement::imageSourceURL):
2305         (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
2306         (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
2307         (WebCore::HTMLImageElement::selectImageSource):
2308         (WebCore::HTMLImageElement::altText):
2309         (WebCore::HTMLImageElement::createElementRenderer):
2310         (WebCore::HTMLImageElement::width):
2311         (WebCore::HTMLImageElement::height):
2312         (WebCore::HTMLImageElement::alt):
2313         (WebCore::HTMLImageElement::draggable):
2314         (WebCore::HTMLImageElement::setHeight):
2315         (WebCore::HTMLImageElement::src):
2316         (WebCore::HTMLImageElement::setSrc):
2317         (WebCore::HTMLImageElement::addSubresourceAttributeURLs):
2318         (WebCore::HTMLImageElement::didMoveToNewDocument):
2319         (WebCore::HTMLImageElement::isServerMap):
2320         (WebCore::HTMLImageElement::crossOrigin):
2321         * html/HTMLInputElement.cpp:
2322         (WebCore::HTMLInputElement::updateType):
2323         (WebCore::HTMLInputElement::initializeInputType):
2324         (WebCore::HTMLInputElement::altText):
2325         (WebCore::HTMLInputElement::value):
2326         (WebCore::HTMLInputElement::defaultValue):
2327         (WebCore::HTMLInputElement::setDefaultValue):
2328         (WebCore::HTMLInputElement::acceptMIMETypes):
2329         (WebCore::HTMLInputElement::acceptFileExtensions):
2330         (WebCore::HTMLInputElement::accept):
2331         (WebCore::HTMLInputElement::alt):
2332         (WebCore::HTMLInputElement::effectiveMaxLength):
2333         (WebCore::HTMLInputElement::src):
2334         (WebCore::HTMLInputElement::setAutoFilled):
2335         (WebCore::HTMLInputElement::dataList):
2336         (WebCore::HTMLInputElement::resetListAttributeTargetObserver):
2337         * html/HTMLKeygenElement.cpp:
2338         (WebCore::HTMLKeygenElement::isKeytypeRSA):
2339         (WebCore::HTMLKeygenElement::appendFormData):
2340         * html/HTMLLIElement.cpp:
2341         (WebCore::HTMLLIElement::didAttachRenderers):
2342         (WebCore::HTMLLIElement::parseValue):
2343         * html/HTMLLabelElement.cpp:
2344         (WebCore::HTMLLabelElement::control):
2345         * html/HTMLLinkElement.cpp:
2346         (WebCore::HTMLLinkElement::crossOrigin):
2347         (WebCore::HTMLLinkElement::process):
2348         (WebCore::HTMLLinkElement::href):
2349         (WebCore::HTMLLinkElement::rel):
2350         (WebCore::HTMLLinkElement::target):
2351         (WebCore::HTMLLinkElement::type):
2352         (WebCore::HTMLLinkElement::iconType):
2353         * html/HTMLMarqueeElement.cpp:
2354         (WebCore::HTMLMarqueeElement::scrollAmount):
2355         (WebCore::HTMLMarqueeElement::setScrollAmount):
2356         (WebCore::HTMLMarqueeElement::scrollDelay):
2357         (WebCore::HTMLMarqueeElement::setScrollDelay):
2358         (WebCore::HTMLMarqueeElement::loop):
2359         * html/HTMLMediaElement.cpp:
2360         (WebCore::HTMLMediaElement::insertedInto):
2361         (WebCore::HTMLMediaElement::crossOrigin):
2362         (WebCore::HTMLMediaElement::networkState):
2363         (WebCore::HTMLMediaElement::mediaSessionTitle):
2364         (WebCore::HTMLMediaElement::doesHaveAttribute):
2365         * html/HTMLMetaElement.cpp:
2366         (WebCore::HTMLMetaElement::process):
2367         (WebCore::HTMLMetaElement::content):
2368         (WebCore::HTMLMetaElement::httpEquiv):
2369         (WebCore::HTMLMetaElement::name):
2370         * html/HTMLMeterElement.cpp:
2371         (WebCore::HTMLMeterElement::min):
2372         (WebCore::HTMLMeterElement::setMin):
2373         (WebCore::HTMLMeterElement::max):
2374         (WebCore::HTMLMeterElement::setMax):
2375         (WebCore::HTMLMeterElement::value):
2376         (WebCore::HTMLMeterElement::low):
2377         (WebCore::HTMLMeterElement::high):
2378         (WebCore::HTMLMeterElement::optimum):
2379         * html/HTMLObjectElement.cpp:
2380         (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk):
2381         (WebCore::HTMLObjectElement::hasValidClassId):
2382         (WebCore::HTMLObjectElement::imageSourceURL):
2383         (WebCore::HTMLObjectElement::renderFallbackContent):
2384         (WebCore::HTMLObjectElement::containsJavaApplet):
2385         (WebCore::HTMLObjectElement::addSubresourceAttributeURLs):
2386         * html/HTMLOptGroupElement.cpp:
2387         (WebCore::HTMLOptGroupElement::groupLabelText):
2388         * html/HTMLOptionElement.cpp:
2389         (WebCore::HTMLOptionElement::value):
2390         (WebCore::HTMLOptionElement::label):
2391         * html/HTMLParamElement.cpp:
2392         (WebCore::HTMLParamElement::value):
2393         (WebCore::HTMLParamElement::isURLParameter):
2394         * html/HTMLProgressElement.cpp:
2395         (WebCore::HTMLProgressElement::value):
2396         (WebCore::HTMLProgressElement::max):
2397         * html/HTMLScriptElement.cpp:
2398         (WebCore::HTMLScriptElement::crossOrigin):
2399         (WebCore::HTMLScriptElement::src):
2400         (WebCore::HTMLScriptElement::sourceAttributeValue):
2401         (WebCore::HTMLScriptElement::charsetAttributeValue):
2402         (WebCore::HTMLScriptElement::typeAttributeValue):
2403         (WebCore::HTMLScriptElement::languageAttributeValue):
2404         (WebCore::HTMLScriptElement::forAttributeValue):
2405         (WebCore::HTMLScriptElement::eventAttributeValue):
2406         (WebCore::HTMLScriptElement::asyncAttributeValue):
2407         * html/HTMLSlotElement.cpp:
2408         (WebCore::HTMLSlotElement::insertedInto):
2409         (WebCore::HTMLSlotElement::removedFrom):
2410         * html/HTMLSourceElement.cpp:
2411         (WebCore::HTMLSourceElement::media):
2412         (WebCore::HTMLSourceElement::setMedia):
2413         (WebCore::HTMLSourceElement::type):
2414         (WebCore::HTMLSourceElement::setType):
2415         * html/HTMLTableCellElement.cpp:
2416         (WebCore::HTMLTableCellElement::colSpanForBindings):
2417         (WebCore::HTMLTableCellElement::rowSpan):
2418         (WebCore::HTMLTableCellElement::rowSpanForBindings):
2419         (WebCore::HTMLTableCellElement::cellIndex):
2420         (WebCore::HTMLTableCellElement::abbr):
2421         (WebCore::HTMLTableCellElement::axis):
2422         (WebCore::HTMLTableCellElement::setColSpanForBindings):
2423         (WebCore::HTMLTableCellElement::headers):
2424         (WebCore::HTMLTableCellElement::setRowSpanForBindings):
2425         (WebCore::HTMLTableCellElement::scope):
2426         (WebCore::HTMLTableCellElement::addSubresourceAttributeURLs):
2427         (WebCore::HTMLTableCellElement::cellAbove):
2428         * html/HTMLTableColElement.cpp:
2429         (WebCore::HTMLTableColElement::width):
2430         * html/HTMLTableElement.cpp:
2431         (WebCore::HTMLTableElement::rules):
2432         (WebCore::HTMLTableElement::summary):
2433         (WebCore::HTMLTableElement::addSubresourceAttributeURLs):
2434         * html/HTMLTableSectionElement.cpp:
2435         (WebCore::HTMLTableSectionElement::align):
2436         (WebCore::HTMLTableSectionElement::setAlign):
2437         (WebCore::HTMLTableSectionElement::ch):
2438         (WebCore::HTMLTableSectionElement::setCh):
2439         (WebCore::HTMLTableSectionElement::chOff):
2440         (WebCore::HTMLTableSectionElement::setChOff):
2441         (WebCore::HTMLTableSectionElement::vAlign):
2442         (WebCore::HTMLTableSectionElement::setVAlign):
2443         * html/HTMLTextAreaElement.cpp:
2444         (WebCore::HTMLTextAreaElement::appendFormData):
2445         * html/HTMLTextFormControlElement.cpp:
2446         (WebCore::HTMLTextFormControlElement::strippedPlaceholder):
2447         (WebCore::HTMLTextFormControlElement::isPlaceholderEmpty):
2448         (WebCore::HTMLTextFormControlElement::directionForFormData):
2449         * html/HTMLTrackElement.cpp:
2450         (WebCore::HTMLTrackElement::srclang):
2451         (WebCore::HTMLTrackElement::label):
2452         (WebCore::HTMLTrackElement::isDefault):
2453         (WebCore::HTMLTrackElement::ensureTrack):
2454         (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
2455         * html/HTMLVideoElement.cpp:
2456         (WebCore::HTMLVideoElement::parseAttribute):
2457         (WebCore::HTMLVideoElement::imageSourceURL):
2458         * html/ImageInputType.cpp:
2459         (WebCore::ImageInputType::height):
2460         (WebCore::ImageInputType::width):
2461         * html/InputType.cpp:
2462         (WebCore::InputType::applyStep):
2463         * html/MediaElementSession.cpp:
2464         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
2465         * html/MonthInputType.cpp:
2466         (WebCore::MonthInputType::createStepRange):
2467         * html/NumberInputType.cpp:
2468         (WebCore::NumberInputType::createStepRange):
2469         (WebCore::NumberInputType::sizeShouldIncludeDecoration):
2470         * html/RangeInputType.cpp:
2471         (WebCore::RangeInputType::createStepRange):
2472         (WebCore::RangeInputType::handleKeydownEvent):
2473         * html/TextFieldInputType.cpp:
2474         (WebCore::TextFieldInputType::appendFormData):
2475         (WebCore::TextFieldInputType::updateAutoFillButton):
2476         * html/TimeInputType.cpp:
2477         (WebCore::TimeInputType::createStepRange):
2478         * html/ValidationMessage.cpp:
2479         (WebCore::ValidationMessage::updateValidationMessage):
2480         * html/WeekInputType.cpp:
2481         (WebCore::WeekInputType::createStepRange):
2482         * html/track/WebVTTElement.cpp:
2483         (WebCore::WebVTTElement::createEquivalentHTMLElement):
2484         * inspector/InspectorPageAgent.cpp:
2485         (WebCore::InspectorPageAgent::buildObjectForFrame):
2486         * loader/FormSubmission.cpp:
2487         (WebCore::FormSubmission::create):
2488         * loader/FrameLoader.cpp:
2489         (WebCore::FrameLoader::defaultSubstituteDataForURL):
2490         * loader/ImageLoader.cpp:
2491         (WebCore::ImageLoader::updateFromElement):
2492         * loader/SubframeLoader.cpp:
2493         (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy):
2494         * mathml/MathMLElement.cpp:
2495         (WebCore::MathMLElement::colSpan):
2496         (WebCore::MathMLElement::rowSpan):
2497         (WebCore::MathMLElement::childShouldCreateRenderer):
2498         (WebCore::MathMLElement::defaultEventHandler):
2499         (WebCore::MathMLElement::cachedMathMLLength):
2500         * mathml/MathMLFractionElement.cpp:
2501         (WebCore::MathMLFractionElement::lineThickness):
2502         (WebCore::MathMLFractionElement::cachedFractionAlignment):
2503         * mathml/MathMLSelectElement.cpp:
2504         (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
2505         (WebCore::MathMLSelectElement::getSelectedActionChild):
2506         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2507         (WebCore::MathMLSelectElement::defaultEventHandler):
2508         (WebCore::MathMLSelectElement::willRespondToMouseClickEvents):
2509         (WebCore::MathMLSelectElement::toggle):
2510         * page/EventHandler.cpp:
2511         (WebCore::findDropZone):
2512         * page/Frame.cpp:
2513         (WebCore::Frame::matchLabelsAgainstElement):
2514         * page/PageSerializer.cpp:
2515         (WebCore::PageSerializer::serializeFrame):
2516         * platform/win/PasteboardWin.cpp:
2517         (WebCore::Pasteboard::writeImageToDataObject):
2518         * rendering/HitTestResult.cpp:
2519         (WebCore::HitTestResult::altDisplayString):
2520         * rendering/RenderDetailsMarker.cpp:
2521         (WebCore::RenderDetailsMarker::isOpen):
2522         * rendering/RenderImage.cpp:
2523         (WebCore::RenderImage::imageMap):
2524         (WebCore::RenderImage::nodeAtPoint):
2525         * rendering/RenderMenuList.cpp:
2526         (RenderMenuList::itemAccessibilityText):
2527         (RenderMenuList::itemToolTip):
2528         * rendering/RenderSearchField.cpp:
2529         (WebCore::RenderSearchField::autosaveName):
2530         * rendering/RenderThemeIOS.mm:
2531         (WebCore::getAttachmentProgress):
2532         (WebCore::AttachmentInfo::AttachmentInfo):
2533         * rendering/RenderThemeMac.mm:
2534         (WebCore::AttachmentLayout::layOutSubtitle):
2535         (WebCore::RenderThemeMac::paintAttachment):
2536         * rendering/mathml/MathMLStyle.cpp:
2537         (WebCore::MathMLStyle::resolveMathMLStyle):
2538         * rendering/mathml/RenderMathMLFenced.cpp:
2539         (WebCore::RenderMathMLFenced::updateFromElement):
2540         * rendering/mathml/RenderMathMLOperator.cpp:
2541         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
2542         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttributeValue):
2543         (WebCore::RenderMathMLOperator::setOperatorProperties):
2544         * rendering/mathml/RenderMathMLScripts.cpp:
2545         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
2546         * rendering/mathml/RenderMathMLUnderOver.cpp:
2547         (WebCore::RenderMathMLUnderOver::hasAccent):
2548         * style/StyleSharingResolver.cpp:
2549         (WebCore::Style::SharingResolver::canShareStyleWithElement):
2550         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
2551         * svg/SVGAElement.cpp:
2552         (WebCore::SVGAElement::title):
2553         (WebCore::SVGAElement::defaultEventHandler):
2554         * svg/SVGAltGlyphElement.cpp:
2555         (WebCore::SVGAltGlyphElement::glyphRef):
2556         (WebCore::SVGAltGlyphElement::setFormat):
2557         (WebCore::SVGAltGlyphElement::format):
2558         (WebCore::SVGAltGlyphElement::childShouldCreateRenderer):
2559         * svg/SVGAnimationElement.cpp:
2560         (WebCore::SVGAnimationElement::toValue):
2561         (WebCore::SVGAnimationElement::byValue):
2562         (WebCore::SVGAnimationElement::fromValue):
2563         (WebCore::SVGAnimationElement::isAdditive):
2564         (WebCore::SVGAnimationElement::isAccumulated):
2565         * svg/SVGElement.cpp:
2566         (WebCore::SVGElement::xmlbase):
2567         (WebCore::SVGElement::setXmlbase):
2568         * svg/SVGFontFaceElement.cpp:
2569         (WebCore::SVGFontFaceElement::unitsPerEm):
2570         (WebCore::SVGFontFaceElement::xHeight):
2571         (WebCore::SVGFontFaceElement::capHeight):
2572         (WebCore::SVGFontFaceElement::horizontalOriginX):
2573         (WebCore::SVGFontFaceElement::horizontalOriginY):
2574         (WebCore::SVGFontFaceElement::horizontalAdvanceX):
2575         (WebCore::SVGFontFaceElement::verticalOriginX):
2576         (WebCore::SVGFontFaceElement::verticalOriginY):
2577         (WebCore::SVGFontFaceElement::verticalAdvanceY):
2578         (WebCore::SVGFontFaceElement::ascent):
2579         (WebCore::SVGFontFaceElement::descent):
2580         * svg/SVGFontFaceNameElement.cpp:
2581         (WebCore::SVGFontFaceNameElement::srcValue):
2582         * svg/SVGFontFaceUriElement.cpp:
2583         (WebCore::SVGFontFaceUriElement::srcValue):
2584         * svg/SVGGlyphRefElement.cpp:
2585         (WebCore::SVGGlyphRefElement::glyphRef):
2586         (WebCore::SVGGlyphRefElement::setGlyphRef):
2587         * svg/SVGHKernElement.cpp:
2588         (WebCore::SVGHKernElement::buildHorizontalKerningPair):
2589         * svg/SVGSVGElement.cpp:
2590         (WebCore::SVGSVGElement::contentScriptType):
2591         (WebCore::SVGSVGElement::contentStyleType):
2592         * svg/SVGStyleElement.cpp:
2593         (WebCore::SVGStyleElement::media):
2594         (WebCore::SVGStyleElement::title):
2595         (WebCore::SVGStyleElement::setTitle):
2596         * svg/SVGToOTFFontConversion.cpp:
2597         (WebCore::SVGToOTFFontConverter::appendOS2Table):
2598         (WebCore::SVGToOTFFontConverter::appendCFFTable):
2599         (WebCore::SVGToOTFFontConverter::appendArabicReplacementSubtable):
2600         (WebCore::SVGToOTFFontConverter::appendVORGTable):
2601         (WebCore::SVGToOTFFontConverter::transcodeGlyphPaths):
2602         (WebCore::SVGToOTFFontConverter::processGlyphElement):
2603         (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically):
2604         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
2605         * svg/SVGVKernElement.cpp:
2606         (WebCore::SVGVKernElement::buildVerticalKerningPair):
2607         * svg/animation/SVGSMILElement.cpp:
2608         (WebCore::SVGSMILElement::insertedInto):
2609         (WebCore::SVGSMILElement::parseAttribute):
2610         (WebCore::SVGSMILElement::svgAttributeChanged):
2611         (WebCore::SVGSMILElement::restart):
2612         (WebCore::SVGSMILElement::fill):
2613         (WebCore::SVGSMILElement::dur):
2614         (WebCore::SVGSMILElement::repeatDur):
2615         (WebCore::SVGSMILElement::repeatCount):
2616         (WebCore::SVGSMILElement::maxValue):
2617         (WebCore::SVGSMILElement::minValue):
2618
2619 2016-07-16  Carlos Garcia Campos  <cgarcia@igalia.com>
2620
2621         ASSERTION FAILED: isMainThread() in ~UniqueIDBDatabase() since r201997
2622         https://bugs.webkit.org/show_bug.cgi?id=159809
2623
2624         Reviewed by Brady Eidson.
2625
2626         In r201997 the UniqueIDBDatabase was protected in executeNextDatabaseTask() because the last reference could be
2627         removed while the task is performed. However UniqueIDBDatabase is expected to be deleted in the main thread, and
2628         the destructor asserts when not called in the main thread, but executeNextDatabaseTask() is always called on a
2629         secondary thread. So, if the protector contains the last reference, the object is deleted in the secondary thread.
2630
2631         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
2632         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask): Use callOnMainThread to ensure the object is
2633         deleted in the main thread in case the protector contains the last reference.
2634
2635 2016-07-15  Chris Dumez  <cdumez@apple.com>
2636
2637         Use emptyString() / nullAtom when possible
2638         https://bugs.webkit.org/show_bug.cgi?id=159850
2639
2640         Reviewed by Ryosuke Niwa.
2641
2642         Use emptyString() / nullAtom when possible, for performance.
2643
2644         * Modules/webaudio/AudioNode.cpp:
2645         (WebCore::AudioNode::channelCountMode):
2646         (WebCore::AudioNode::channelInterpretation):
2647         * Modules/webdatabase/DatabaseTracker.cpp:
2648         (WebCore::DatabaseTracker::tracker):
2649         * Modules/websockets/WebSocket.cpp:
2650         (WebCore::WebSocket::WebSocket):
2651         (WebCore::WebSocket::didConnect):
2652         * Modules/websockets/WebSocketChannel.cpp:
2653         (WebCore::WebSocketChannel::subprotocol):
2654         (WebCore::WebSocketChannel::extensions):
2655         * accessibility/AccessibilityObject.cpp:
2656         (WebCore::AccessibilityObject::supportsPressAction):
2657         * accessibility/mac/AXObjectCacheMac.mm:
2658         (WebCore::AXObjectCache::postTextStateChangePlatformNotification):
2659         * css/CSSPropertySourceData.cpp:
2660         (WebCore::CSSPropertySourceData::CSSPropertySourceData):
2661         * css/PageRuleCollector.cpp:
2662         (WebCore::PageRuleCollector::pageName):
2663         * css/PropertySetCSSStyleDeclaration.cpp:
2664         (WebCore::PropertySetCSSStyleDeclaration::getPropertyPriority):
2665         * dom/DocumentMarkerController.cpp:
2666         (WebCore::DocumentMarkerController::addDictationPhraseWithAlternativesMarker):
2667         * dom/Element.cpp:
2668         (WebCore::Element::setPrefix):
2669         * editing/AlternativeTextController.cpp:
2670         (WebCore::AlternativeTextController::respondToMarkerAtEndOfWord):
2671         (WebCore::AlternativeTextController::markerDescriptionForAppliedAlternativeText):
2672         * editing/CompositeEditCommand.cpp:
2673         (WebCore::CompositeEditCommand::removeNodeAttribute):
2674         (WebCore::CompositeEditCommand::moveParagraphs):
2675         * editing/InsertTextCommand.cpp:
2676         (WebCore::InsertTextCommand::positionInsideTextNode):
2677         * editing/TextCheckingHelper.cpp:
2678         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
2679         * editing/TypingCommand.cpp:
2680         (WebCore::TypingCommand::deleteSelection):
2681         (WebCore::TypingCommand::deleteKeyPressed):
2682         (WebCore::TypingCommand::forwardDeleteKeyPressed):
2683         (WebCore::TypingCommand::insertLineBreak):
2684         (WebCore::TypingCommand::insertParagraphSeparator):
2685         * editing/cocoa/EditorCocoa.mm:
2686         (WebCore::Editor::styleForSelectionStart):
2687         * editing/mac/EditorMac.mm:
2688         (WebCore::Editor::stringSelectionForPasteboard):
2689         (WebCore::Editor::stringSelectionForPasteboardWithImageAltText):
2690         * fileapi/FileReaderLoader.cpp:
2691         (WebCore::FileReaderLoader::FileReaderLoader):
2692         * html/FileInputType.cpp:
2693         (WebCore::FileInputType::appendFormData):
2694         * html/HTMLMediaElement.cpp:
2695         (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
2696         * html/HTMLOutputElement.cpp:
2697         (WebCore::HTMLOutputElement::HTMLOutputElement):
2698         * html/SearchInputType.cpp:
2699         (WebCore::SearchInputType::handleKeydownEvent):
2700         * html/TextFieldInputType.cpp:
2701         (WebCore::autoFillButtonTypeToAccessibilityLabel):
2702         * html/canvas/WebGLDebugShaders.cpp:
2703         (WebCore::WebGLDebugShaders::getTranslatedShaderSource):
2704         * html/canvas/WebGLRenderingContextBase.cpp:
2705         (WebCore::WebGLRenderingContextBase::dispatchContextLostEvent):
2706         (WebCore::WebGLRenderingContextBase::maybeRestoreContext):
2707         * html/canvas/WebGLShader.cpp:
2708         (WebCore::WebGLShader::WebGLShader):
2709         * html/shadow/MediaControlElements.cpp:
2710         (WebCore::MediaControlStatusDisplayElement::update):
2711         * html/track/TextTrack.cpp:
2712         (WebCore::TextTrack::captionMenuOffItem):
2713         (WebCore::TextTrack::captionMenuAutomaticItem):
2714         * html/track/VTTRegion.cpp:
2715         (WebCore::VTTRegion::scroll):
2716         * html/track/VTTRegion.h:
2717         * inspector/InspectorDOMAgent.cpp:
2718         (WebCore::InspectorDOMAgent::toErrorString):
2719         (WebCore::InspectorDOMAgent::resolveNode):
2720         (WebCore::InspectorDOMAgent::documentURLString):
2721         (WebCore::documentBaseURLString):
2722         * inspector/InspectorDOMDebuggerAgent.cpp:
2723         (WebCore::domTypeName):
2724         * inspector/InspectorFrontendHost.cpp:
2725         (WebCore::InspectorFrontendHost::localizedStringsURL):
2726         * inspector/InspectorHistory.cpp:
2727         (WebCore::InspectorHistory::Action::mergeId):
2728         * inspector/InspectorPageAgent.cpp:
2729         (WebCore::InspectorPageAgent::reload):
2730         (WebCore::InspectorPageAgent::frameId):
2731         (WebCore::InspectorPageAgent::loaderId):
2732         * inspector/InspectorStyleSheet.cpp:
2733         (WebCore::InspectorStyleSheet::ruleSelector):
2734         * loader/EmptyClients.h:
2735         * loader/FrameLoader.cpp:
2736         (WebCore::FrameLoader::referrer):
2737         * loader/ImageLoader.cpp:
2738         (WebCore::ImageLoader::clearFailedLoadURL):
2739         * loader/ResourceLoader.cpp:
2740         (WebCore::ResourceLoader::didReceiveResponse):
2741         * page/ContextMenuController.cpp:
2742         (WebCore::ContextMenuController::contextMenuItemSelected):
2743         * page/FrameTree.cpp:
2744         (WebCore::FrameTree::setName):
2745         (WebCore::FrameTree::clearName):
2746         * page/Location.cpp:
2747         (WebCore::Location::port):
2748         * platform/network/ProtectionSpaceBase.cpp:
2749         (WebCore::ProtectionSpaceBase::ProtectionSpaceBase):
2750         * xml/parser/XMLDocumentParserLibxml2.cpp:
2751         (WebCore::handleElementAttributes):
2752
2753 2016-07-15  Simon Fraser  <simon.fraser@apple.com>
2754
2755         Repaints rects drawn incorrectly when inspecting a WebView on a Retina display
2756         https://bugs.webkit.org/show_bug.cgi?id=159824
2757         rdar://problem/27376305
2758
2759         Reviewed by Brian Burg.
2760
2761         InspectorOverlayPage.js set up the canvases with a deviceScaleFactor passed into
2762         reset(), which comes from the overlay's m_page.deviceScaleFactor(). However, updatePaintRects()
2763         used window.devicePixelRatio which was always 1.
2764
2765         Fix by setting the deviceScaleFactor on the m_overlayPage.
2766
2767         * inspector/InspectorOverlay.cpp:
2768         (WebCore::InspectorOverlay::overlayPage):
2769
2770 2016-07-15  Myles C. Maxfield  <mmaxfield@apple.com>
2771
2772         [macOS] Work around crash in [NSAttributedString nextWordFromIndex:forward:]
2773         https://bugs.webkit.org/show_bug.cgi?id=159842
2774
2775         Reviewed by Jon Lee.
2776
2777         <rdar://problem/27380532> describes a crash inside [NSAttributedString nextWordFromIndex:forward:].
2778         This must be worked around for https://bugs.webkit.org/show_bug.cgi?id=159755 and
2779         <rdar://problem/27325521>.
2780
2781         * platform/text/mac/TextBoundaries.mm:
2782         (WebCore::findNextWordFromIndex):
2783
2784 2016-07-15  Brady Eidson  <beidson@apple.com>
2785
2786         Update XPathException to use the description in toString().
2787         https://bugs.webkit.org/show_bug.cgi?id=159848
2788
2789         Reviewed by Alex Christensen.
2790
2791         No new tests (Covered by changes to existing tests).
2792
2793         * bindings/js/JSDOMBinding.cpp:
2794         (WebCore::createDOMException):
2795         * xml/XPathException.h:
2796         (WebCore::XPathException::XPathException):
2797
2798 2016-07-15  Brady Eidson  <beidson@apple.com>
2799
2800         Change toString() behavior for exceptions constructed with "createWithDescriptionAsMessage".
2801         https://bugs.webkit.org/show_bug.cgi?id=159839
2802
2803         Reviewed by Alex Christensen.
2804
2805         No new tests (Covered by changes to existing tests).
2806
2807         This is the first step towards extended exception messages for all exception types.
2808
2809         * dom/ExceptionBase.cpp:
2810         (WebCore::ExceptionBase::ExceptionBase):
2811         (WebCore::ExceptionBase::toString):
2812         * dom/ExceptionBase.h:
2813
2814 2016-07-15  Geoffrey Garen  <ggaren@apple.com>
2815
2816         Added a makeRef<T> helper
2817         https://bugs.webkit.org/show_bug.cgi?id=159835
2818
2819         Reviewed by Andreas Kling.
2820
2821         Anders told me to!
2822
2823         * Modules/indexeddb/IDBTransaction.cpp:
2824         (WebCore::IDBTransaction::putOrAddOnServer):
2825         * Modules/indexeddb/shared/InProcessIDBServer.cpp:
2826         (WebCore::InProcessIDBServer::deleteDatabase):
2827         (WebCore::InProcessIDBServer::didDeleteDatabase):
2828         (WebCore::InProcessIDBServer::openDatabase):
2829         (WebCore::InProcessIDBServer::didOpenDatabase):
2830         (WebCore::InProcessIDBServer::didAbortTransaction):
2831         (WebCore::InProcessIDBServer::didCommitTransaction):
2832         (WebCore::InProcessIDBServer::didCreateObjectStore):
2833         (WebCore::InProcessIDBServer::didDeleteObjectStore):
2834         (WebCore::InProcessIDBServer::didClearObjectStore):
2835         (WebCore::InProcessIDBServer::didCreateIndex):
2836         (WebCore::InProcessIDBServer::didDeleteIndex):
2837         (WebCore::InProcessIDBServer::didPutOrAdd):
2838         (WebCore::InProcessIDBServer::didGetRecord):
2839         (WebCore::InProcessIDBServer::didGetCount):
2840         (WebCore::InProcessIDBServer::didDeleteRecord):
2841         (WebCore::InProcessIDBServer::didOpenCursor):
2842         (WebCore::InProcessIDBServer::didIterateCursor):
2843         (WebCore::InProcessIDBServer::abortTransaction):
2844         (WebCore::InProcessIDBServer::commitTransaction):
2845         (WebCore::InProcessIDBServer::didFinishHandlingVersionChangeTransaction):
2846         (WebCore::InProcessIDBServer::createObjectStore):
2847         (WebCore::InProcessIDBServer::deleteObjectStore):
2848         (WebCore::InProcessIDBServer::clearObjectStore):
2849         (WebCore::InProcessIDBServer::createIndex):
2850         (WebCore::InProcessIDBServer::deleteIndex):
2851         (WebCore::InProcessIDBServer::putOrAdd):
2852         (WebCore::InProcessIDBServer::getRecord):
2853         (WebCore::InProcessIDBServer::getCount):
2854         (WebCore::InProcessIDBServer::deleteRecord):
2855         (WebCore::InProcessIDBServer::openCursor):
2856         (WebCore::InProcessIDBServer::iterateCursor):
2857         (WebCore::InProcessIDBServer::establishTransaction):
2858         (WebCore::InProcessIDBServer::fireVersionChangeEvent):
2859         (WebCore::InProcessIDBServer::didStartTransaction):
2860         (WebCore::InProcessIDBServer::didCloseFromServer):
2861         (WebCore::InProcessIDBServer::notifyOpenDBRequestBlocked):
2862         (WebCore::InProcessIDBServer::databaseConnectionClosed):
2863         (WebCore::InProcessIDBServer::abortOpenAndUpgradeNeeded):
2864         (WebCore::InProcessIDBServer::didFireVersionChangeEvent):
2865         (WebCore::InProcessIDBServer::openDBRequestCancelled):
2866         (WebCore::InProcessIDBServer::confirmDidCloseFromServer):
2867         (WebCore::InProcessIDBServer::getAllDatabaseNames):
2868         (WebCore::InProcessIDBServer::didGetAllDatabaseNames):
2869         * Modules/mediastream/MediaDevicesRequest.cpp:
2870         (WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest):
2871         * Modules/mediastream/UserMediaRequest.cpp:
2872         (WebCore::UserMediaRequest::constraintsValidated):
2873         (WebCore::UserMediaRequest::userMediaAccessGranted):
2874         * Modules/webaudio/AudioContext.cpp:
2875         (WebCore::AudioContext::scheduleNodeDeletion):
2876         (WebCore::AudioContext::isPlayingAudioDidChange):
2877         (WebCore::AudioContext::suspend):
2878         (WebCore::AudioContext::resume):
2879         (WebCore::AudioContext::close):
2880         (WebCore::AudioContext::suspendPlayback):
2881         (WebCore::AudioContext::mayResumePlayback):
2882         * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
2883         (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
2884         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
2885         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
2886         (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
2887         (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
2888         (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
2889         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
2890         (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
2891         * Modules/websockets/WebSocket.cpp:
2892         (WebCore::WebSocket::connect):
2893         * bindings/js/JSEventListener.h:
2894         (WebCore::JSEventListener::jsFunction):
2895         * dom/Node.cpp:
2896         (WebCore::Node::setTextContent):
2897         * html/HTMLMediaElement.cpp:
2898         (WebCore::HTMLMediaElement::layoutSizeChanged):
2899         * inspector/CommandLineAPIHost.cpp:
2900         (WebCore::CommandLineAPIHost::wrapper):
2901         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
2902         (WebCore::AudioSourceProviderAVFObjC::prepare):
2903         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
2904         (WebCore::WebCoreAVCFResourceLoader::invalidate):
2905         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
2906         (WebCore::WebCoreAVFResourceLoader::invalidate):
2907         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
2908         (WebVideoFullscreenControllerContext::setExternalPlayback):
2909         * platform/network/BlobResourceHandle.cpp:
2910         (WebCore::BlobResourceHandle::start):
2911         (WebCore::BlobResourceHandle::notifyFinish):
2912         * platform/network/SocketStreamHandleBase.cpp:
2913         (WebCore::SocketStreamHandleBase::disconnect):
2914         * platform/network/curl/CurlDownload.cpp:
2915         (WebCore::CurlDownload::didReceiveHeader):
2916
2917 2016-07-15  Chris Dumez  <cdumez@apple.com>
2918
2919         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible
2920         https://bugs.webkit.org/show_bug.cgi?id=159793
2921
2922         Reviewed by Ryosuke Niwa.
2923
2924         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible, for performance.
2925
2926         * Modules/plugins/YouTubePluginReplacement.cpp:
2927         (WebCore::YouTubePluginReplacement::installReplacement):
2928         * dom/Element.h:
2929         (WebCore::Element::setIdAttribute):
2930         * editing/ApplyStyleCommand.cpp:
2931         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
2932         (WebCore::createFontElement):
2933         (WebCore::ApplyStyleCommand::applyInlineStyleChange):
2934         * editing/EditingStyle.cpp:
2935         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
2936         * editing/Editor.cpp:
2937         (WebCore::Editor::setBaseWritingDirection):
2938         * editing/ReplaceSelectionCommand.cpp:
2939         (WebCore::isMailPasteAsQuotationNode):
2940         (WebCore::isInlineNodeWithStyle):
2941         * editing/cocoa/DataDetection.mm:
2942         (WebCore::DataDetection::detectContentInRange):
2943         * editing/htmlediting.cpp:
2944         (WebCore::createTabSpanElement):
2945         * editing/ios/EditorIOS.mm:
2946         (WebCore::Editor::setTextAlignmentForChangedBaseWritingDirection):
2947         (WebCore::Editor::WebContentReader::readURL):
2948         * editing/mac/EditorMac.mm:
2949         (WebCore::Editor::WebContentReader::readURL):
2950         * editing/markup.cpp:
2951         (WebCore::createFragmentFromText):
2952         * html/BaseButtonInputType.cpp:
2953         (WebCore::BaseButtonInputType::setValue):
2954         * html/BaseCheckableInputType.cpp:
2955         (WebCore::BaseCheckableInputType::setValue):
2956         * html/FTPDirectoryDocument.cpp:
2957         (WebCore::FTPDirectoryDocumentParser::appendEntry):
2958         (WebCore::FTPDirectoryDocumentParser::createTDForFilename):
2959         (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
2960         (WebCore::FTPDirectoryDocumentParser::createBasicDocument):
2961         * html/HTMLAnchorElement.cpp:
2962         (WebCore::HTMLAnchorElement::href):
2963         (WebCore::HTMLAnchorElement::setHref):
2964         (WebCore::HTMLAnchorElement::target):
2965         * html/HTMLAreaElement.cpp:
2966         (WebCore::HTMLAreaElement::target):
2967         * html/HTMLBaseElement.cpp:
2968         (WebCore::HTMLBaseElement::setHref):
2969         * html/HTMLButtonElement.cpp:
2970         (WebCore::HTMLButtonElement::setType):
2971         * html/HTMLDetailsElement.cpp:
2972         (WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot):
2973         (WebCore::HTMLDetailsElement::toggleOpen):
2974         * html/HTMLDocument.cpp:
2975         (WebCore::HTMLDocument::setBgColor):
2976         (WebCore::HTMLDocument::setFgColor):
2977         (WebCore::HTMLDocument::setAlinkColor):
2978         (WebCore::HTMLDocument::setLinkColor):
2979         (WebCore::HTMLDocument::setVlinkColor):
2980         * html/HTMLElement.cpp:
2981         (WebCore::HTMLElement::setDir):
2982         (WebCore::HTMLElement::setContentEditable):
2983         (WebCore::HTMLElement::setDraggable):
2984         (WebCore::HTMLElement::setSpellcheck):
2985         (WebCore::HTMLElement::setTranslate):
2986         * html/HTMLFormControlElement.cpp:
2987         (WebCore::HTMLFormControlElement::setFormEnctype):
2988         (WebCore::HTMLFormControlElement::setFormMethod):
2989         (WebCore::HTMLFormControlElement::setAutocorrect):
2990         (WebCore::HTMLFormControlElement::setAutocapitalize):
2991         (WebCore::HTMLFormControlElement::setAutocomplete):
2992         * html/HTMLFormElement.cpp:
2993         (WebCore::HTMLFormElement::setAutocorrect):
2994         (WebCore::HTMLFormElement::setAutocapitalize):
2995         (WebCore::HTMLFormElement::setAction):
2996         (WebCore::HTMLFormElement::setEnctype):
2997         (WebCore::HTMLFormElement::setMethod):
2998         (WebCore::HTMLFormElement::target):
2999         * html/HTMLImageElement.cpp:
3000         (WebCore::HTMLImageElement::width):
3001         (WebCore::HTMLImageElement::height):
3002         (WebCore::HTMLImageElement::setSrc):
3003         * html/HTMLInputElement.cpp:
3004         (WebCore::HTMLInputElement::setType):
3005         (WebCore::HTMLInputElement::updateType):
3006         (WebCore::HTMLInputElement::altText):
3007         (WebCore::HTMLInputElement::setDefaultValue):
3008         * html/HTMLLinkElement.cpp:
3009         (WebCore::HTMLLinkElement::href):
3010         (WebCore::HTMLLinkElement::target):
3011         (WebCore::HTMLLinkElement::type):
3012         * html/HTMLMediaElement.cpp:
3013         (WebCore::HTMLMediaElement::setSrc):
3014         (WebCore::HTMLMediaElement::setPreload):
3015         * html/HTMLMeterElement.cpp:
3016         (WebCore::HTMLMeterElement::min):
3017         (WebCore::HTMLMeterElement::setMin):
3018         (WebCore::HTMLMeterElement::max):
3019         (WebCore::HTMLMeterElement::setMax):
3020         (WebCore::HTMLMeterElement::value):
3021         (WebCore::HTMLMeterElement::setValue):
3022         (WebCore::HTMLMeterElement::low):
3023         (WebCore::HTMLMeterElement::setLow):
3024         (WebCore::HTMLMeterElement::high):
3025         (WebCore::HTMLMeterElement::setHigh):
3026         (WebCore::HTMLMeterElement::optimum):
3027         (WebCore::HTMLMeterElement::setOptimum):
3028         * html/HTMLObjectElement.cpp:
3029         (WebCore::HTMLObjectElement::containsJavaApplet):
3030         * html/HTMLOptionElement.cpp:
3031         (WebCore::HTMLOptionElement::createForJSConstructor):
3032         (WebCore::HTMLOptionElement::setValue):
3033         (WebCore::HTMLOptionElement::setLabel):
3034         * html/HTMLProgressElement.cpp:
3035         (WebCore::HTMLProgressElement::setValue):
3036         (WebCore::HTMLProgressElement::setMax):
3037         * html/HTMLScriptElement.cpp:
3038         (WebCore::HTMLScriptElement::typeAttributeValue):
3039         * html/HTMLSelectElement.cpp:
3040         (WebCore::HTMLSelectElement::setMultiple):
3041         * html/HTMLSourceElement.cpp:
3042         (WebCore::HTMLSourceElement::setSrc):
3043         (WebCore::HTMLSourceElement::media):
3044         (WebCore::HTMLSourceElement::setMedia):
3045         (WebCore::HTMLSourceElement::type):
3046         (WebCore::HTMLSourceElement::setType):
3047         * html/HTMLTableSectionElement.cpp:
3048         (WebCore::HTMLTableSectionElement::setAlign):
3049         (WebCore::HTMLTableSectionElement::setCh):
3050         (WebCore::HTMLTableSectionElement::chOff):
3051         (WebCore::HTMLTableSectionElement::setChOff):
3052         (WebCore::HTMLTableSectionElement::setVAlign):
3053         * html/HTMLTextFormControlElement.cpp:
3054         (WebCore::HTMLTextFormControlElement::updateInnerTextElementEditability):
3055         * html/HTMLVideoElement.cpp:
3056         (WebCore::HTMLVideoElement::imageSourceURL):
3057         * html/HiddenInputType.cpp:
3058         (WebCore::HiddenInputType::restoreFormControlState):
3059         (WebCore::HiddenInputType::setValue):
3060         * html/MediaDocument.cpp:
3061         (WebCore::MediaDocumentParser::createDocumentStructure):
3062         (WebCore::MediaDocument::replaceMediaElementTimerFired):
3063         * html/PluginDocument.cpp:
3064         (WebCore::PluginDocumentParser::createDocumentStructure):
3065         * html/TextFieldInputType.cpp:
3066         (WebCore::TextFieldInputType::createAutoFillButton):
3067         (WebCore::TextFieldInputType::updateAutoFillButton):
3068         * html/parser/HTMLTreeBuilder.cpp:
3069         (WebCore::HTMLTreeBuilder::processIsindexStartTagForInBody):
3070         * html/shadow/MediaControlElements.cpp:
3071         (WebCore::MediaControlClosedCaptionsContainerElement::create):
3072         (WebCore::MediaControlTimelineElement::create):
3073         (WebCore::MediaControlPanelVolumeSliderElement::create):
3074         (WebCore::MediaControlFullscreenVolumeSliderElement::create):
3075         * html/shadow/TextControlInnerElements.cpp:
3076         (WebCore::SearchFieldCancelButtonElement::SearchFieldCancelButtonElement):
3077         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
3078         (WebCore::ImageControlsButtonElementMac::tryCreate):
3079         * html/shadow/mac/ImageControlsRootElementMac.cpp:
3080         (WebCore::ImageControlsRootElement::tryCreate):
3081         * html/track/WebVTTElement.cpp:
3082         (WebCore::WebVTTElement::createEquivalentHTMLElement):
3083         * html/track/WebVTTParser.cpp:
3084         (WebCore::WebVTTTreeBuilder::constructTreeFromToken):
3085         * inspector/InspectorCSSAgent.cpp:
3086         (WebCore::InspectorCSSAgent::createInspectorStyleSheetForDocument):
3087         * inspector/InspectorPageAgent.cpp:
3088         (WebCore::InspectorPageAgent::buildObjectForFrame):
3089         * mathml/MathMLSelectElement.cpp:
3090         (WebCore::MathMLSelectElement::toggle):
3091         * page/PageSerializer.cpp:
3092         (WebCore::PageSerializer::serializeFrame):
3093         * rendering/RenderDetailsMarker.cpp:
3094         (WebCore::RenderDetailsMarker::isOpen):
3095         * rendering/mathml/RenderMathMLFraction.cpp:
3096         (WebCore::RenderMathMLFraction::updateFromElement):
3097         * svg/SVGElement.cpp:
3098         (WebCore::SVGElement::setXmlbase):
3099         * svg/SVGSVGElement.cpp:
3100         (WebCore::SVGSVGElement::setContentScriptType):
3101         (WebCore::SVGSVGElement::setContentStyleType):
3102         * svg/SVGStyleElement.cpp:
3103         (WebCore::SVGStyleElement::setMedia):
3104         (WebCore::SVGStyleElement::setTitle):
3105
3106 2016-07-15  Chris Dumez  <cdumez@apple.com>
3107
3108         Modernize StaticNodeList / StaticElementList
3109         https://bugs.webkit.org/show_bug.cgi?id=159831
3110
3111         Reviewed by Ryosuke Niwa.
3112
3113         Modernize StaticNodeList / StaticElementList. Pass vector to adopt
3114         as an rvalue reference instead of a non-const reference.
3115
3116         * bindings/js/JSHTMLAllCollectionCustom.cpp:
3117         (WebCore::namedItems):
3118         * dom/ChildListMutationScope.cpp:
3119         (WebCore::ChildListMutationAccumulator::enqueueMutationRecord):
3120         * dom/MutationRecord.cpp:
3121         * dom/SelectorQuery.cpp:
3122         (WebCore::SelectorDataList::queryAll):
3123         * dom/StaticNodeList.h:
3124         * dom/WebKitNamedFlow.cpp:
3125         (WebCore::WebKitNamedFlow::getRegionsByContent):
3126         (WebCore::WebKitNamedFlow::getRegions):
3127         (WebCore::WebKitNamedFlow::getContent):
3128         * svg/SVGSVGElement.cpp:
3129         (WebCore::SVGSVGElement::collectIntersectionOrEnclosureList):
3130         * testing/Internals.cpp:
3131         (WebCore::Internals::nodesFromRect):
3132
3133 2016-07-15  Brent Fulgham  <bfulgham@apple.com>
3134
3135         Block insecure script running in a data: frame when the top-level page is HTTPS
3136         https://bugs.webkit.org/show_bug.cgi?id=125806
3137         <rdar://problem/27331825>
3138
3139         Reviewed by Brady Eidson.
3140
3141         Fix based on a Blink change (patch by <tsepez@chromium.org>):
3142         <https://chromium.googlesource.com/chromium/blink/+/33e553bd96e040151c1472289a0d80803bfca3a5>
3143
3144         Test: http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html
3145
3146         * loader/cache/CachedResourceLoader.cpp:
3147         (WebCore::CachedResourceLoader::checkInsecureContent): Check the top-level frame's security state
3148         before allowing insecure scripts to be used.        
3149
3150 2016-07-15  Chris Dumez  <cdumez@apple.com>
3151
3152         Let the compiler generate QualifiedName copy constructor and assignment operator
3153         https://bugs.webkit.org/show_bug.cgi?id=159826
3154
3155         Reviewed by Alex Christensen.
3156
3157         Let the compiler generate QualifiedName copy constructor and assignment operator
3158         as our custom implementation does nothing special. This also makes QualifiedName
3159         movable as the compiler is now able to generate the move constructor / assignment
3160         operator as well.
3161
3162         * dom/QualifiedName.h:
3163         (WebCore::QualifiedName::QualifiedName): Deleted.
3164         (WebCore::QualifiedName::operator=): Deleted.
3165
3166 2016-07-15  Antonio Gomes  <tonikitoo@igalia.com>
3167
3168         ScrollView::setHasHorizontalScrollbar / setHasVerticalScrollbar duplicate their logic
3169         https://bugs.webkit.org/show_bug.cgi?id=159825
3170
3171         Patch introduces a (private) method to ScrollView
3172         to share the code/logic of setHas{Horizontal,Vertical}Scrollbar.
3173
3174         Reviewed by Simon Fraser.
3175
3176         No new tests needed.
3177
3178         * platform/ScrollView.cpp:
3179         (WebCore::ScrollView::setHasScrollbarInternal):
3180         (WebCore::ScrollView::setHasHorizontalScrollbar):
3181         (WebCore::ScrollView::setHasVerticalScrollbar):
3182         * platform/ScrollView.h:
3183
3184 2016-07-15  Frederic Wang  <fwang@igalia.com>
3185
3186         MathOperator: Improve alignment for vertical size variant
3187         https://bugs.webkit.org/show_bug.cgi?id=158866
3188
3189         Reviewed by Brent Fulgham.
3190
3191         The MathOperator class may stretch operators with either a large glyph or a glyph assembly.
3192         In the latter case, the assembly is adjusted to match the stretch ascent and descent
3193         requested by the callers. But in the former case the glyph ascent and descent are used
3194         instead. We solve this by making MathOperator::stretchTo only take a targetSize and let
3195         callers do the vertical alignment they want. This improves the rendering of fences with some
3196         math fonts (e.g. XITS) and allows to pass the two cases of mo-axis-height-1.html.
3197
3198         Test: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
3199
3200         * rendering/mathml/MathOperator.cpp:
3201         (WebCore::MathOperator::stretchTo): Merge vertical and horizontal stretching into the same
3202         function with only the targetSize as a parameter.
3203         * rendering/mathml/RenderMathMLOperator.cpp:
3204         (WebCore::RenderMathMLOperator::stretchTo): Updated to use the new signature.
3205         (WebCore::RenderMathMLOperator::verticalStretchedOperatorShift): Helper function to calculate
3206         the shift necessary to align the baseline of the MathOperator instance with the one of the
3207         RenderMathMLOperator.
3208         (WebCore::RenderMathMLOperator::firstLineBaseline): Adjust the baseline.
3209         * rendering/mathml/RenderMathMLOperator.h: Declare verticalStretchedOperatorShift.
3210         * rendering/mathml/RenderMathMLRoot.cpp:
3211         (WebCore::RenderMathMLRoot::layoutBlock): Use the new signature. This function aligns the top
3212         of the radical with the overbar so we do not need to adjust baseline alignment here.
3213
3214 2016-07-15  Brady Eidson  <beidson@apple.com>
3215
3216         WebKit should prevent push/replace state with username in URL.
3217         <rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818
3218
3219         Reviewed by Brent Fulgham.
3220
3221         Test: http/tests/security/history-username-password.html
3222
3223         * page/History.cpp:
3224         (WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.
3225
3226 2016-07-15  Ryan Haddad  <ryanhaddad@apple.com>
3227
3228         Unreviewed, rolling out r203266.
3229
3230         This change caused editing/deleting/delete-emoji.html to time
3231         out on El Capitan, crash under GuardMalloc
3232
3233         Reverted changeset:
3234
3235         "Support new emoji group candidates"
3236         https://bugs.webkit.org/show_bug.cgi?id=159755
3237         http://trac.webkit.org/changeset/203266
3238
3239 2016-07-15  Frederic Wang  <fwang@igalia.com>
3240
3241         Move parsing of mfrac attributes into a MathMLFractionElement class
3242         https://bugs.webkit.org/show_bug.cgi?id=159624
3243
3244         Reviewed by Brent Fulgham.
3245
3246         We move the parsing of mfrac attributes to a MathMLFractionElement class. This allows to
3247         minimize the updates in RenderMathMLFraction and to remove the alignment members. Many of
3248         the members in updateLayoutParameters are actually only used in layoutBlock and could be
3249         removed in a follow-up patch. We also improve the resolution of negative line thickness value
3250         since the MathML recommendation says it should be rounded up to the nearest valid
3251         value (which is zero) instead of ignoring the attribute and using the line thickness.
3252
3253         No new tests, already covered by existing tests.
3254
3255         * CMakeLists.txt: Add MathMLFractionElement.
3256         * WebCore.xcodeproj/project.pbxproj: Ditto.
3257         * mathml/MathMLAllInOne.cpp: Ditto.
3258         * mathml/MathMLFractionElement.cpp: Added.
3259         (WebCore::MathMLFractionElement::MathMLFractionElement):
3260         (WebCore::MathMLFractionElement::create):
3261         (WebCore::MathMLFractionElement::lineThickness): Return the cached linethickness length,
3262         parsing it again if it is dirty. This handles the special values "thin", "medium" and "thick"
3263         or fallback to the general parseMathMLLength for MathML lengths.
3264         (WebCore::MathMLFractionElement::cachedFractionAlignment): Return the cached alignment value,
3265         parsing it again if it is dirty.
3266         (WebCore::MathMLFractionElement::numeratorAlignment): Return the cached alignment.
3267         (WebCore::MathMLFractionElement::denominatorAlignment): Ditto.
3268         (WebCore::MathMLFractionElement::parseAttribute): Make attributes dirty.
3269         (WebCore::MathMLFractionElement::createElementRenderer): Create a RenderMathMLFraction.
3270         * mathml/MathMLFractionElement.h: Added.
3271         * mathml/MathMLInlineContainerElement.cpp: We no longer need to handle fraction here.
3272         (WebCore::MathMLInlineContainerElement::createElementRenderer):
3273         * mathml/mathtags.in: Use MathMLFractionElement for mfrac.
3274         * rendering/mathml/RenderMathMLFraction.cpp:
3275         (WebCore::RenderMathMLFraction::updateLayoutParameters): New helper function to set the
3276         layout parameters, replacing updateFromElement. We no longer parse and store the alignment
3277         values here. We also change the resolution of negative values.
3278         (WebCore::RenderMathMLFraction::horizontalOffset): Use the enum from MathMLFractionElement.
3279         (WebCore::RenderMathMLFraction::layoutBlock): We call updateLayoutParameters instead of
3280         updateFromElement. The numerator and denominator alignments are resolved here.
3281         (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Deleted. Parsing of alignment
3282         attribute is now handled in MathMLFractionElement.
3283         (WebCore::RenderMathMLFraction::updateFromElement): Deleted. Attribute changes are now
3284         handled in MathMLFractionElement.
3285         (WebCore::RenderMathMLFraction::styleDidChange): Deleted. Font changes are properly handled.
3286         * rendering/mathml/RenderMathMLFraction.h: Update declarations.
3287
3288 2016-07-15  Frederic Wang  <fwang@igalia.com>
3289
3290         Check whether font is nonnull for GlyphData instead of calling GlyphData::isValid()
3291         https://bugs.webkit.org/show_bug.cgi?id=159783
3292
3293         Reviewed by Brent Fulgham.
3294
3295         GlyphData::isValid() returns true for GlyphData with null 'font' pointer when the 'glyph'
3296         index is nonzero. This behavior is not expected by the MathML code and we have had crashes
3297         in our test suite in the past on Windows (e.g. bug 140653). We thus replace the call to
3298         GlyphData::isValid() with a stronger verification: Whether the 'font' pointer is nonzero.
3299
3300         No new tests, this only makes null pointer checks stronger.
3301
3302         * rendering/mathml/MathOperator.cpp:
3303         (WebCore::boundsForGlyph):
3304         (WebCore::advanceWidthForGlyph):
3305         (WebCore::MathOperator::getBaseGlyph):
3306         (WebCore::MathOperator::setSizeVariant):
3307         (WebCore::MathOperator::fillWithVerticalExtensionGlyph):
3308         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph):
3309         (WebCore::MathOperator::paintVerticalGlyphAssembly):
3310         (WebCore::MathOperator::paintHorizontalGlyphAssembly):
3311         (WebCore::MathOperator::paint):
3312         * rendering/mathml/RenderMathMLOperator.cpp:
3313         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
3314         * rendering/mathml/RenderMathMLToken.cpp:
3315         (WebCore::RenderMathMLToken::computePreferredLogicalWidths):
3316         (WebCore::RenderMathMLToken::firstLineBaseline):
3317         (WebCore::RenderMathMLToken::layoutBlock):
3318         (WebCore::RenderMathMLToken::paint):
3319         (WebCore::RenderMathMLToken::paintChildren):
3320
3321 2016-07-15  Frederic Wang  <fwang@igalia.com>
3322
3323         Add DejaVu Math TeX Gyre to the list of math fonts.
3324         https://bugs.webkit.org/show_bug.cgi?id=159805
3325
3326         Reviewed by Brent Fulgham.
3327
3328         DejaVu 2.36 has a new math font that can be used for MathML rendering. Because this font is
3329         likely to be installed on many systems (Linux, LibreOffice, etc) we include it in the default
3330         list of font-families in mathml.css in order to increase the chance to find a math font.
3331
3332         No new tests, it only affects rendering when DejaVu Math TeX Gyre is installed on the system.
3333
3334         * css/mathml.css:
3335         (math):
3336
3337 2016-07-15  Eric Carlson  <eric.carlson@apple.com>
3338
3339         [MSE] Increase the SourceBuffer "fudge factor"
3340         https://bugs.webkit.org/show_bug.cgi?id=159813
3341         <rdar://problem/27372033>
3342
3343         Reviewed by Jon Lee.
3344         
3345         Some media encoding/conversion pipelines are sloppy when doing sample time/timescale
3346         math, and the error accumulation results in small gaps in the media timeline. r202641
3347         increased the maximum allowable gap from 0.01 second to one 24fps frame, but it turns
3348         out that at least one large provider has a significant amount of content encoded with
3349         up to two 24fps frames.
3350
3351         No new tests, updated media/media-source/media-source-small-gap.html.
3352
3353         * Modules/mediasource/SourceBuffer.cpp:
3354         (WebCore::currentTimeFudgeFactor): Increase maximum gap to 2002 / 24000 frames.
3355
3356 2016-07-15  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
3357
3358         Add final keyword to WebCore/svg classes
3359         https://bugs.webkit.org/show_bug.cgi?id=159802
3360
3361         Reviewed by Youenn Fablet.
3362
3363         Updated classes in the WebCore/svg directory to be marked as final where appropriate.
3364
3365         * svg/SVGException.h:
3366         * svg/SVGLengthList.h:
3367         * svg/SVGMatrix.h:
3368         * svg/SVGNumberList.h:
3369         * svg/SVGPaint.h:
3370         * svg/SVGPathBuilder.h:
3371         * svg/SVGPathByteStreamBuilder.h:
3372         * svg/SVGPathByteStreamSource.h:
3373         * svg/SVGPathSegArcAbs.h:
3374         * svg/SVGPathSegArcRel.h:
3375         * svg/SVGPathSegClosePath.h:
3376         * svg/SVGPathSegCurvetoCubicAbs.h:
3377         * svg/SVGPathSegCurvetoCubicRel.h:
3378         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
3379         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
3380         * svg/SVGPathSegCurvetoQuadraticAbs.h:
3381         * svg/SVGPathSegCurvetoQuadraticRel.h:
3382         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
3383         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
3384         * svg/SVGPathSegLinetoAbs.h:
3385         * svg/SVGPathSegLinetoHorizontalAbs.h:
3386         * svg/SVGPathSegLinetoHorizontalRel.h:
3387         * svg/SVGPathSegLinetoRel.h:
3388         * svg/SVGPathSegLinetoVerticalAbs.h:
3389         * svg/SVGPathSegLinetoVerticalRel.h:
3390         * svg/SVGPathSegListBuilder.h:
3391         * svg/SVGPathSegListSource.h:
3392         * svg/SVGPathSegMovetoAbs.h:
3393         * svg/SVGPathSegMovetoRel.h:
3394         * svg/SVGPathStringSource.h:
3395         * svg/SVGPathTraversalStateBuilder.h:
3396         * svg/SVGPointList.h:
3397         * svg/SVGRenderingIntent.h:
3398         * svg/SVGStringList.h:
3399         * svg/SVGTRefElement.cpp:
3400         * svg/SVGToOTFFontConversion.cpp:
3401         * svg/SVGTransformList.h:
3402         * svg/SVGUnitTypes.h:
3403         * svg/SVGViewSpec.h:
3404         * svg/SVGZoomEvent.h:
3405         * svg/animation/SMILTimeContainer.h:
3406         * svg/animation/SVGSMILElement.cpp:
3407         * svg/graphics/filters/SVGFEImage.h:
3408         * svg/graphics/filters/SVGFilter.h:
3409         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
3410         * svg/properties/SVGAnimatedPropertyTearOff.h:
3411         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
3412         * svg/properties/SVGMatrixTearOff.h:
3413         * svg/properties/SVGPathSegListPropertyTearOff.h:
3414         * svg/properties/SVGStaticListPropertyTearOff.h:
3415         * svg/properties/SVGStaticPropertyTearOff.h:
3416         * svg/properties/SVGTransformListPropertyTearOff.h:
3417
3418 2016-07-15  Per Arne Vollan  <pvollan@apple.com>
3419
3420         Uninitialized variable in DIBPixelData can cause a dangerous memory write
3421         https://bugs.webkit.org/show_bug.cgi?id=159414
3422
3423         Reviewed by Brent Fulgham.
3424
3425         Initialize local BITMAP variable, in case the ::GetObject function that should initialize it
3426         fails to do so, because the bitmap handle is invalid.
3427
3428         Tests: Tools/TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp
3429
3430         * platform/graphics/win/DIBPixelData.cpp:
3431         (WebCore::DIBPixelData::initialize): Initialize local variable.
3432         (WebCore::DIBPixelData::setRGBABitmapAlpha): Return early if we have no bitmap.
3433         * platform/graphics/win/DIBPixelData.h: Link fix.
3434
3435 2016-07-14  Yoav Weiss  <yoav@yoav.ws>
3436
3437         Change CSSParser::sourceSize returning Optional<CSSParser::SourceSize>
3438         https://bugs.webkit.org/show_bug.cgi?id=159666
3439
3440         Reviewed by Michael Catanzaro.
3441
3442         Tests:
3443             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
3444
3445         * css/CSSGrammar.y.in: Avoid adding SourceSize to source_size_list when the value is a Nullopt.
3446         * css/CSSParser.cpp:
3447         (WebCore::CSSParser::sourceSize): Return a Nullopt when an invalid value is encountered.
3448         * css/CSSParser.h:
3449
3450 2016-07-14  Antonio Gomes  <tonikitoo@igalia.com>
3451
3452         [RTL Scrollbars] Frame scrollbars don't move to the right when text direction changes to RTL
3453         https://bugs.webkit.org/show_bug.cgi?id=158252
3454
3455         Reviewed by Myles C. Maxfield.
3456
3457         When the 'dir' attribute changes either on body or on the document
3458         element level, the associated FrameView does not trigger an update on
3459         the frame level vertical scrollbar.
3460
3461         Patch adds a 'hook' so that RenderBox::styleDidChange can call in
3462         order to get the document level scrollbar placed properly in the next
3463         layout.
3464
3465         Test: fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement.html
3466               fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2.html
3467               fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement.html
3468
3469         * page/FrameView.cpp:
3470         (WebCore::FrameView::topContentDirectionDidChange):
3471         * page/FrameView.h:
3472         * rendering/RenderBox.cpp:
3473         (WebCore::RenderBox::styleDidChange):
3474
3475 2016-07-14  Myles C. Maxfield  <mmaxfield@apple.com>
3476
3477         Support new emoji group candidates
3478         https://bugs.webkit.org/show_bug.cgi?id=159755
3479         <rdar://problem/27325521>
3480
3481         Reviewed by Dean Jackson.
3482
3483         There are a few code points which should be able to be joined (with ZWJ) to
3484         either U+2640 or U+2642 to change the gender of the emoji. These patterns
3485         should also work with an additional 0xFE0F variation selector. This patch
3486         adds these new patterns to our existing emoji group candidate infrastructure.
3487
3488         Tests: fast/text/emoji-gender-2-3.html
3489                fast/text/emoji-gender-2-4.html
3490                fast/text/emoji-gender-2-5.html
3491                fast/text/emoji-gender-2-6.html
3492                fast/text/emoji-gender-2-7.html
3493                fast/text/emoji-gender-2-8.html
3494                fast/text/emoji-gender-2-9.html
3495                fast/text/emoji-gender-2.html
3496                fast/text/emoji-gender-3.html
3497                fast/text/emoji-gender-4.html
3498                fast/text/emoji-gender-5.html
3499                fast/text/emoji-gender-6.html
3500                fast/text/emoji-gender-7.html
3501                fast/text/emoji-gender-8.html
3502                fast/text/emoji-gender-9.html
3503                fast/text/emoji-gender-fe0f-3.html
3504                fast/text/emoji-gender-fe0f-4.html
3505                fast/text/emoji-gender-fe0f-5.html
3506                fast/text/emoji-gender-fe0f-6.html
3507                fast/text/emoji-gender-fe0f-7.html
3508                fast/text/emoji-gender-fe0f-8.html
3509                fast/text/emoji-gender-fe0f-9.html
3510                fast/text/emoji-gender.html
3511                fast/text/emoji-num-glyphs.html
3512                fast/text/emoji-single-parent-family-2.html
3513                fast/text/emoji-single-parent-family.html
3514
3515         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
3516         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
3517         * platform/graphics/FontCascade.cpp:
3518         (WebCore::FontCascade::characterRangeCodePath):
3519         * platform/text/CharacterProperties.h:
3520         (WebCore::isEmojiGroupCandidate):
3521
3522 2016-07-14  Dean Jackson  <dino@apple.com>
3523
3524         CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::MediaQueryEvaluator::evaluate const
3525         https://bugs.webkit.org/show_bug.cgi?id=159799
3526         <rdar://problem/27346959>
3527
3528         Reviewed by Myles Maxfield.
3529
3530         Speculative fix for this crash, which seems to happen when asking for the Node's
3531         renderer(). From the incoming crash logs, it is triggered by mutations on
3532         a <picture> or <img> element, which would require choosing a new source,
3533         and causing some media queries to evaluate.
3534
3535         The only place in MediaQueryEvaluator that has anything to do with
3536         renderers is when gathering up some style information to pass to the
3537         actual evaluation function. I put a guard against a missing documentElement
3538         in there.
3539
3540         * css/MediaQueryEvaluator.cpp:
3541         (WebCore::MediaQueryEvaluator::evaluate): Make sure documentElement is not
3542         null.
3543
3544 2016-07-14  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
3545
3546         Update HTML*Element class override methods in final classes
3547         https://bugs.webkit.org/show_bug.cgi?id=159456
3548
3549         Reviewed by Youenn Fablet.
3550
3551         Update HTML*Element classes so that overriden methods in final classes are marked final.
3552         Also marked HTMLDivElement overriden methods as final since they are not overridden by derived classes.
3553
3554         * html/HTMLAppletElement.h:
3555         * html/HTMLAreaElement.h:
3556         * html/HTMLAttachmentElement.h:
3557         * html/HTMLAudioElement.h:
3558         * html/HTMLBRElement.h:
3559         * html/HTMLBaseElement.h:
3560         * html/HTMLBodyElement.h:
3561         * html/HTMLButtonElement.h:
3562         * html/HTMLCanvasElement.h:
3563         * html/HTMLDataElement.h:
3564         * html/HTMLDetailsElement.h:
3565         * html/HTMLDivElement.h:
3566         * html/HTMLEmbedElement.h:
3567         * html/HTMLFieldSetElement.h:
3568         * html/HTMLFontElement.h:
3569         * html/HTMLFormElement.h:
3570         * html/HTMLFrameSetElement.h:
3571         * html/HTMLHRElement.h:
3572         * html/HTMLHtmlElement.h:
3573         * html/HTMLKeygenElement.h:
3574         * html/HTMLLIElement.h:
3575         * html/HTMLLabelElement.h:
3576         * html/HTMLLegendElement.h:
3577         * html/HTMLLinkElement.h:
3578         * html/HTMLMapElement.h:
3579         * html/HTMLMarqueeElement.h:
3580         * html/HTMLMetaElement.h:
3581         * html/HTMLMeterElement.h:
3582         * html/HTMLModElement.h:
3583         * html/HTMLOListElement.h:
3584         * html/HTMLObjectElement.h:
3585         * html/HTMLOptGroupElement.h:
3586         * html/HTMLOptionElement.h:
3587         * html/HTMLOutputElement.h:
3588         * html/HTMLParagraphElement.h:
3589         * html/HTMLParamElement.h:
3590         * html/HTMLPreElement.h:
3591         * html/HTMLProgressElement.h:
3592         * html/HTMLQuoteElement.h:
3593         * html/HTMLScriptElement.h:
3594         * html/HTMLSourceElement.h:
3595         * html/HTMLStyleElement.h:
3596         * html/HTMLSummaryElement.h:
3597         * html/HTMLTableCaptionElement.h:
3598         * html/HTMLTableColElement.h:
3599         * html/HTMLTableElement.h:
3600         * html/HTMLTableSectionElement.h:
3601         * html/HTMLTemplateElement.h:
3602         * html/HTMLTextAreaElement.h:
3603         * html/HTMLTitleElement.h:
3604         * html/HTMLUListElement.h:
3605         * html/HTMLUnknownElement.h:
3606         * html/HTMLVideoElement.h:
3607         * html/HTMLWBRElement.h:
3608
3609 2016-07-14  Chris Dumez  <cdumez@apple.com>
3610
3611         Modernize GlyphMetricsMap
3612         https://bugs.webkit.org/show_bug.cgi?id=159788
3613
3614         Reviewed by Darin Adler.
3615
3616         Modernize GlyphMetricsMap a bit.
3617
3618         * platform/graphics/GlyphMetricsMap.h:
3619         - Drop WTF_MAKE_NONCOPYABLE as the class is already non-copyable due to having
3620           to having a std::unique_ptr data member.
3621         - Drop GlyphMetricsMap default constructor and let the compiler generate it
3622           instead. This required using inline initialization for m_filledPrimaryPage.
3623
3624         (WebCore::GlyphMetricsMap::GlyphMetricsPage::GlyphMetricsPage):
3625         - Make m_metrics data member private as it does not need to be public.
3626         - Make setMetricsForIndex(unsigned index, const T& metrics) setter private
3627           as it does not need to be public.
3628         - Make GlyphMetricsPage(const T& initialValue) constructor explicit as it
3629           takes only 1 parameter.
3630
3631         (WebCore::GlyphMetricsMap<T>::locatePageSlowCase):
3632         - Use HashMap::ensure() to make the code a bit nicer.
3633
3634 2016-07-14  Simon Fraser  <simon.fraser@apple.com>
3635
3636         [iOS WK2] When scrolling apple.com/music on iPad Pro in landscape, left-hand tiles appear first
3637         https://bugs.webkit.org/show_bug.cgi?id=159798
3638         rdar://problem/27362717
3639
3640         Reviewed by Tim Horton.
3641
3642         In out-of-visible tiled layers, we always allocated the top-left tile, wasting
3643         memory and causing ugliness when scrolling that layer into view. This happened
3644         because getTileIndexRangeForRect() had no way to express the fact that no tiles
3645         should be created.
3646
3647         Fix getTileIndexRangeForRect() to return a bool, and fix callers to respect the
3648         return value.
3649
3650         Test: compositing/tiling/offscreen-tiled-layer.html
3651
3652         * platform/graphics/ca/GraphicsLayerCA.cpp:
3653         (WebCore::GraphicsLayerCA::dumpAdditionalProperties):
3654         * platform/graphics/ca/TileGrid.cpp:
3655         (WebCore::TileGrid::setNeedsDisplayInRect):
3656         (WebCore::TileGrid::tilesWouldChangeForCoverageRect):
3657         (WebCore::TileGrid::getTileIndexRangeForRect):
3658         (WebCore::TileGrid::revalidateTiles):
3659         (WebCore::TileGrid::ensureTilesForRect):
3660         (WebCore::TileGrid::extent):
3661         * platform/graphics/ca/TileGrid.h:
3662
3663 2016-07-14  John Wilander  <wilander@apple.com>
3664
3665         Remove credentials in URL when accessed through location.href
3666         https://bugs.webkit.org/show_bug.cgi?id=139562
3667         <rdar://problem/27331164>
3668
3669         Reviewed by Brent Fulgham.
3670
3671         Test: http/tests/security/location-href-clears-username-password.html
3672
3673         The reason for this change is to not allow scripts on the page to
3674         exfiltrate username and password from the URL.
3675
3676         * page/Location.cpp:
3677         (WebCore::Location::href):
3678             Now checks if there is a username or password in the URL. If so,
3679             it copies the URL and removes the username and password.
3680
3681 2016-07-14  Javier Fernandez  <jfernandez@igalia.com>
3682
3683         [css-grid] Handle min-content/max-content with orthogonal flows
3684         https://bugs.webkit.org/show_bug.cgi?id=159294
3685
3686         Reviewed by Darin Adler.
3687
3688         Currently there is no support for orthogonal flows in many aspects of the
3689         Grid Layout logic.
3690
3691         The Grid sizing algorithm should be adapted to this scenario, hence this
3692         patch focus on the min-content and max-content functions, used to resolve
3693         content based track sizes.
3694
3695         There are still issues related to alignment and sizes using percentages,
3696         but they will be addressed in different patches.
3697
3698         Tests: fast/css-grid-layout/grid-item-positioning-with-orthogonal-flows.html
3699                fast/css-grid-layout/grid-item-sizing-with-orthogonal-flows.html
3700                fast/css-grid-layout/grid-item-spanning-and-orthogonal-flows.html
3701                fast/css-grid-layout/grid-track-sizing-with-orthogonal-flows.html
3702                fast/css-grid-layout/grid-track-sizing-with-percentages-and-orthogonal-flows.html
3703
3704         * rendering/RenderBox.cpp:
3705         (WebCore::RenderBox::computeLogicalWidthInRegion):
3706         * rendering/RenderGrid.cpp:
3707         (WebCore::RenderGrid::GridSizingData::advanceNextState):
3708         (WebCore::RenderGrid::GridSizingData::isValidTransitionForDirection):
3709         (WebCore::RenderGrid::computeTrackSizesForDirection):
3710         (WebCore::RenderGrid::repeatTracksSizingIfNeeded): Added.
3711         (WebCore::RenderGrid::layoutBlock):
3712         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
3713         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
3714         (WebCore::hasOverrideContainingBlockContentSizeForChild):
3715         (WebCore::overrideContainingBlockContentSizeForChild):
3716         (WebCore::setOverrideContainingBlockContentSizeForChild):
3717         (WebCore::shouldClearOverrideContainingBlockContentSizeForChild):
3718         (WebCore::RenderGrid::gridTrackSize):
3719         (WebCore::RenderGrid::isOrthogonalChild): Added.
3720         (WebCore::RenderGrid::logicalHeightForChild):
3721         (WebCore::RenderGrid::flowAwareDirectionForChild): Added.
3722         (WebCore::RenderGrid::minSizeForChild):
3723         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
3724         (WebCore::RenderGrid::minContentForChild):
3725         (WebCore::RenderGrid::maxContentForChild):
3726         (WebCore::RenderGrid::placeItemsOnGrid):
3727         (WebCore::RenderGrid::layoutPositionedObject):
3728         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
3729         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild): Added.
3730         (WebCore::RenderGrid::gridAreaBreadthForChild):
3731         (WebCore::RenderGrid::columnAxisPositionForChild):
3732         (WebCore::RenderGrid::rowAxisPositionForChild):
3733         (WebCore::RenderGrid::findChildLogicalPosition):
3734         * rendering/RenderGrid.h:
3735         (WebCore::RenderGrid::SizingOperation): This enum has been moved to the header file.
3736         (WebCore::RenderGrid::m_hasAnyOrthogonalChild): New class attribute to know if there are any orthogonal grid items.
3737         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
3738         (WebCore::RenderGrid::logicalHeightForChild):
3739         (WebCore::RenderGrid::gridAreaBreadthForChild):
3740         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):
3741
3742
3743
3744 2016-07-14  Chris Dumez  <cdumez@apple.com>
3745
3746         Use emptyString() instead of "" when possible
3747         https://bugs.webkit.org/show_bug.cgi?id=159789
3748
3749         Reviewed by Alex Christensen.
3750
3751         Use emptyString() instead of "" when possible to reduce String allocations.
3752
3753         * Modules/webdatabase/Database.cpp:
3754         (WebCore::Database::performOpenAndVerify):
3755         * css/CSSSelector.h:
3756         * css/StyleProperties.cpp:
3757         (WebCore::MutableStyleProperties::removeProperty):
3758         (WebCore::MutableStyleProperties::removeCustomProperty):
3759         * editing/TextCheckingHelper.cpp:
3760         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
3761         (WebCore::TextCheckingHelper::findFirstBadGrammar):
3762         * editing/TypingCommand.h:
3763         (WebCore::TypingCommand::create):
3764         * fileapi/FileReaderLoader.cpp:
3765         (WebCore::FileReaderLoader::cleanup):
3766         * inspector/InspectorStyleSheet.cpp:
3767         (WebCore::fillMediaListChain):
3768         * page/UserContentURLPattern.cpp:
3769         (WebCore::UserContentURLPattern::parse):
3770         * platform/graphics/MediaPlayer.cpp:
3771         (WebCore::MediaPlayer::load):
3772         * platform/gtk/DataObjectGtk.h:
3773         (WebCore::DataObjectGtk::clearURIList):
3774         * platform/network/curl/ResourceHandleCurl.cpp:
3775         (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
3776         * platform/network/curl/ResourceHandleManager.h:
3777         * rendering/RenderLayerCompositor.cpp:
3778         (WebCore::RenderLayerCompositor::layerTreeAsText):
3779         * rendering/RenderListMarker.cpp:
3780         (WebCore::RenderListMarker::updateContent):
3781         * rendering/style/RenderStyle.cpp:
3782         (WebCore::RenderStyle::noneDashboardRegions):
3783         * rendering/svg/SVGTextMetrics.cpp:
3784         (WebCore::SVGTextMetrics::SVGTextMetrics):
3785         * xml/XPathParser.cpp:
3786         (WebCore::XPath::Parser::lexString):
3787
3788 2016-07-14  Brent Fulgham  <bfulgham@apple.com>
3789
3790         editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc 
3791         https://bugs.webkit.org/show_bug.cgi?id=142969
3792         <rdar://problem/27331095>
3793
3794         Reviewed by Alex Christensen.
3795
3796         Fix based on a Blink change (patch by <rouslan@chromium.org>):
3797         <https://chromium.googlesource.com/chromium/blink/+/c713736b122c2224804b2db72f1f711cb47ee260%5E%21/#F1>
3798
3799         Test: editing/spelling/copy-paste-crash.html
3800               editing/spelling/spellcheck-async.html
3801
3802         * editing/SpellChecker.cpp:
3803         (WebCore::SpellCheckRequest::didSucceed):
3804         (WebCore::SpellCheckRequest::didCancel):
3805
3806 2016-07-14  Zalan Bujtas  <zalan@apple.com>
3807
3808         ImageBuffer's succes flag should be set to false at the very beginning of the c'tor.
3809         https://bugs.webkit.org/show_bug.cgi?id=159784
3810
3811         Reviewed by Simon Fraser.
3812
3813         No change in functionality.
3814
3815         * platform/graphics/cg/ImageBufferCG.cpp:
3816         (WebCore::ImageBuffer::ImageBuffer):
3817
3818 2016-07-14  Alex Christensen  <achristensen@webkit.org>
3819
3820         Use SocketProvider to create SocketStreamHandles
3821         https://bugs.webkit.org/show_bug.cgi?id=159774
3822
3823         Reviewed by Brady Eidson.
3824
3825         No new tests.  No change in behaviour.
3826         
3827         In r202930 I introduced the SocketProvider, but I used it to make a WebSocketChannel
3828         instead of a SocketStreamHandle, which is the class I want to make into an interface
3829         and proxy the web traffic over to the NetworkProcess.
3830
3831         * CMakeLists.txt:
3832         * Modules/websockets/ThreadableWebSocketChannel.cpp: Added.
3833         (WebCore::ThreadableWebSocketChannel::create):
3834         I removed this in 202930, so this is restoring it from that patch, hence the old copyright.
3835         * Modules/websockets/ThreadableWebSocketChannel.h:
3836         (WebCore::ThreadableWebSocketChannel::ThreadableWebSocketChannel):
3837         * Modules/websockets/WebSocket.cpp:
3838         (WebCore::WebSocket::connect):
3839         * Modules/websockets/WebSocketChannel.cpp:
3840         (WebCore::WebSocketChannel::WebSocketChannel):
3841         (WebCore::WebSocketChannel::connect):
3842         * Modules/websockets/WebSocketChannel.h:
3843         (WebCore::WebSocketChannel::create):
3844         * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
3845         (WebCore::WorkerThreadableWebSocketChannel::WorkerThreadableWebSocketChannel):
3846         (WebCore::WorkerThreadableWebSocketChannel::resume):
3847         (WebCore::WorkerThreadableWebSocketChannel::Peer::Peer):
3848         (WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveMessageError):
3849         (WebCore::WorkerThreadableWebSocketChannel::Bridge::Bridge):
3850         (WebCore::WorkerThreadableWebSocketChannel::Bridge::~Bridge):
3851         (WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
3852         (WebCore::WorkerThreadableWebSocketChannel::Bridge::initialize):
3853         * Modules/websockets/WorkerThreadableWebSocketChannel.h:
3854         (WebCore::WorkerThreadableWebSocketChannel::create):
3855         (WebCore::WorkerThreadableWebSocketChannel::Bridge::create):
3856         * WebCore.xcodeproj/project.pbxproj:
3857         * inspector/InspectorOverlay.cpp:
3858         (WebCore::InspectorOverlay::overlayPage):
3859         * loader/EmptyClients.cpp:
3860         (WebCore::EmptyEditorClient::registerRedoStep):
3861         (WebCore::EmptySocketProvider::createWebSocketChannel): Deleted.
3862         * loader/EmptyClients.h:
3863         * page/SocketProvider.cpp: Added.
3864         (WebCore::SocketProvider::createSocketStreamHandle):
3865         * page/SocketProvider.h:
3866         (WebCore::SocketProvider::~SocketProvider): Deleted.
3867         * platform/network/cf/SocketStreamHandle.h:
3868         * svg/graphics/SVGImage.cpp:
3869         (WebCore::SVGImage::dataChanged):
3870
3871 2016-07-14  Brady Eidson  <beidson@apple.com>
3872
3873         "User delete" tests are flakey timeouts (and/or DatabaseProcess crashes).
3874         https://bugs.webkit.org/show_bug.cgi?id=158741
3875
3876         Reviewed by Alex Christensen.
3877
3878         No new tests (Covered by existing tests in some configurations)
3879
3880         - Check if a database hard delete is complete in more places.
3881         - Asynchronously clear out the hard close protector instead of synchronously.
3882         
3883         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
3884         (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
3885         (WebCore::IDBServer::UniqueIDBDatabase::didPerformUnconditionalDeleteBackingStore):
3886         (WebCore::IDBServer::UniqueIDBDatabase::didFinishHandlingVersionChange):
3887         (WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient):
3888         (WebCore::IDBServer::UniqueIDBDatabase::transactionCompleted):
3889         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
3890         (WebCore::IDBServer::UniqueIDBDatabase::maybeFinishHardClose):
3891         (WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):
3892         (WebCore::IDBServer::UniqueIDBDatabase::doneWithHardClose): Deleted.
3893
3894         * Modules/indexeddb/server/UniqueIDBDatabase.h:
3895         (WebCore::IDBServer::UniqueIDBDatabase::hardClosedForUserDelete):
3896
3897         * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
3898         (WebCore::IDBServer::UniqueIDBDatabaseConnection::didAbortTransaction):
3899
3900 2016-07-13  Brent Fulgham  <bfulgham@apple.com>
3901
3902         CSSStyleSheet members should clear their owner node when destroyed
3903         https://bugs.webkit.org/show_bug.cgi?id=117470
3904
3905         Reviewed by Chris Dumez.
3906
3907         Make sure that CSSStyleSheet members are detached from their owner node when
3908         the owning object is destroyed.
3909
3910         I audited other CSSStyleSheet uses, and found one other place where the owner node was not
3911         being cleared during destruction. The Inspector also uses CSSStyleSheet, but seems to
3912         handle the node ownership properly.
3913
3914         Fix based on a Blink change (patch by <haraken@chromium.org>):
3915         <https://chromium.googlesource.com/chromium/blink/+/c4949bfdeb2a613701afa1410bdae70531b8f6bf>
3916
3917         Also includes a follow-up fix (patch by <haraken@chromium.org>):
3918         <https://chromium.googlesource.com/chromium/blink/+/9c3932dc80b33429db3a5873cb266b726c8a19bf>
3919
3920         No test case. Was found by the Chromium team through review of their crash traces under minor DOM GC.
3921
3922         * contentextensions/ContentExtensionStyleSheet.cpp:
3923         (WebCore::ContentExtensions::ContentExtensionStyleSheet::~ContentExtensionStyleSheet):
3924         * contentextensions/ContentExtensionStyleSheet.h:
3925         * dom/InlineStyleSheetOwner.cpp:
3926         (WebCore::InlineStyleSheetOwner::~InlineStyleSheetOwner):
3927         (WebCore::authorStyleSheetsForElement):
3928
3929 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
3930
3931         Fix the !ENABLE(WEB_SOCKETS) build after r202930
3932         https://bugs.webkit.org/show_bug.cgi?id=159768
3933
3934         Reviewed by Alex Christensen.
3935
3936         * loader/EmptyClients.cpp:
3937         * loader/EmptyClients.h:
3938         * page/SocketProvider.h:
3939         * workers/WorkerGlobalScope.cpp:
3940         (WebCore::WorkerGlobalScope::WorkerGlobalScope):
3941         * workers/WorkerThread.cpp:
3942         (WebCore::WorkerThread::WorkerThread):
3943
3944 2016-07-14  Youenn Fablet  <youenn@apple.com>
3945
3946         DOMIterators should be assigned a correct prototype
3947         https://bugs.webkit.org/show_bug.cgi?id=159115
3948
3949         Reviewed by Chris Dumez.
3950
3951         Default iterator object internal prototype property is the Iterator prototype as defined in
3952         http://heycam.github.io/webidl/#dfn-iterator-prototype-object.
3953         Linking DOMIterator prototype to IteratorPrototype.
3954         This allows adding @@iterator property to the result of entries, keys and values methods.
3955         This in turns allow doing for-of loops on them.
3956
3957         Covered by updated test.
3958
3959         * ForwardingHeaders/runtime/IteratorPrototype.h: Added.
3960         * bindings/js/JSDOMIterator.h: Setting correct prototype and marking next prototype property as enumerable.
3961
3962 2016-07-14  Youenn Fablet  <youenn@apple.com>
3963
3964         Remove support for value iterators from JSDOMIterator
3965         https://bugs.webkit.org/show_bug.cgi?id=159293
3966
3967         Reviewed by Chris Dumez.
3968
3969         Value iterators are now handled without using DOMIterator.
3970         Since FontFaceSet is using DOMIterator as an intermediate step towards supporting set-like,
3971         entries and forEach implementation should be made compliant with set-like.
3972         This means that item value should be passed instead of an index in entries iterator and forEach callback.
3973
3974         Covered by updated test.
3975
3976         * bindings/js/JSDOMIterator.h:
3977         (WebCore::JSDOMIterator<JSWrapper>::asJS): Pass set item as entries value field.
3978         (WebCore::appendForEachArguments): Pass set item as second parameter.
3979         (WebCore::iteratorForEach): Remove index handling.
3980
3981 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
3982
3983         Fix the !ENABLE(MATHML) build after r201739
3984         https://bugs.webkit.org/show_bug.cgi?id=159767
3985
3986         Reviewed by Alex Christensen.
3987
3988         * dom/Document.cpp:
3989         (WebCore::Document::validateCustomElementName):
3990
3991 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>