Crashes in WebCore::AppendNodeCommand::create().
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2011-09-09  Shinya Kawanaka  <shinyak@google.com>
2
3         Crashes in WebCore::AppendNodeCommand::create().
4         https://bugs.webkit.org/show_bug.cgi?id=67767
5
6         Reviewed by Darin Adler.
7
8         In CompositeEditCommand::closeParagraphUnderNewElement(), lastNode could be a non Element node.
9         The current code assumes lastNode is an Element node. This patch checks it.
10
11         Test: editing/execCommand/ident-crashes-topnode-is-text.html
12
13         * editing/CompositeEditCommand.cpp:
14         (WebCore::CompositeEditCommand::cloneParagraphUnderNewElement): Added an element node check.
15
16 2011-09-09  Shinya Kawanaka  <shinyak@google.com>
17
18         Crashes in WebCore::ApplyStyleCommand.doApply()
19         https://bugs.webkit.org/show_bug.cgi?id=67765
20
21         Reviewed by Ryosuke Niwa.
22
23         WebCore::enclosingBlock may return null, but ApplyStyleCommand::applyBlockStyle did not check it. This patch make it to be checked.
24
25         Test: editing/style/remove-format-without-enclosing-block.html
26
27         * editing/ApplyStyleCommand.cpp:
28         (WebCore::ApplyStyleCommand::applyBlockStyle): Added null check.
29
30 2011-09-09  James Simonsen  <simonjam@chromium.org>
31
32         [Chromium] Fix leak of Skia stream with custom CSS fonts
33         https://bugs.webkit.org/show_bug.cgi?id=67815
34
35         Reviewed by Adam Barth.
36
37         Test: fast/css/font-face-opentype.html under valgrind
38
39         * platform/graphics/mac/FontCustomPlatformData.cpp:
40         (WebCore::createFontCustomPlatformData):
41         * platform/graphics/skia/FontCustomPlatformData.cpp:
42         (WebCore::createFontCustomPlatformData):
43
44 2011-09-07  Ryosuke Niwa  <rniwa@webkit.org>
45
46         Push more code from HTMLInputElement::setValue to TextFieldInputType::setValue
47         https://bugs.webkit.org/show_bug.cgi?id=67742
48
49         Reviewed by Darin Adler.
50
51         Moved more code in HTMLInputElement::setValue to TextFieldInputType::setValue, and merged
52         InputType::valueChanged into InputType::setValue. Also introduced
53         InputType::dispatchChangeEventInResponseToSetValue to be overridden by TextFieldInputType.
54
55         * html/BaseButtonInputType.cpp:
56         (WebCore::BaseButtonInputType::setValue):
57         * html/BaseButtonInputType.h:
58         * html/BaseCheckableInputType.cpp:
59         (WebCore::BaseCheckableInputType::setValue):
60         * html/BaseCheckableInputType.h:
61         * html/ColorInputType.cpp:
62         * html/ColorInputType.h:
63         * html/FileInputType.cpp:
64         (WebCore::FileInputType::setValue):
65         * html/FileInputType.h:
66         * html/HTMLInputElement.cpp:
67         (WebCore::HTMLInputElement::setValue):
68         * html/HTMLInputElement.h:
69         (WebCore::HTMLInputElement::cacheSelectionInResponseToSetValue):
70         * html/HiddenInputType.cpp:
71         (WebCore::HiddenInputType::setValue):
72         * html/HiddenInputType.h:
73         * html/InputType.cpp:
74         (WebCore::InputType::setValue):
75         (WebCore::InputType::dispatchChangeEventInResponseToSetValue):
76         * html/InputType.h:
77         * html/RangeInputType.cpp:
78         (WebCore::RangeInputType::setValue):
79         * html/RangeInputType.h:
80         * html/TextFieldInputType.cpp:
81         (WebCore::TextFieldInputType::setValue):
82         (WebCore::TextFieldInputType::dispatchChangeEventInResponseToSetValue):
83         * html/TextFieldInputType.h:
84
85 2011-09-08  Annie Sullivan  <sullivan@chromium.org>
86
87         Crashes in WebCore::InsertNodeBeforeCommand constructor.
88         https://bugs.webkit.org/show_bug.cgi?id=67763
89
90         Reviewed by Ryosuke Niwa.
91
92         Changes editableRootForPosition() to use the position's containerNode instead of deprecatedNode so that
93         positions which are before or after a given node cannot return that node as the editable root.
94
95         Test: editing/inserting/insert-paragraph-selection-outside-contenteditable.html
96
97         * editing/htmlediting.cpp:
98         (WebCore::editableRootForPosition): use containerNode instead of deprecatedNode.
99
100 2011-09-08  James Weatherall  <wez@chromium.org>
101
102         Release the reference to the HTMLPlugInElement's script object, when the element is removed from the document.  This breaks a cyclical reference that would otherwise cause the element to be retained until the document is torn down.
103         https://bugs.webkit.org/show_bug.cgi?id=66181
104
105         Reviewed by Anders Carlsson.
106
107         No new tests - no functional change.
108
109         * html/HTMLPlugInElement.cpp:
110         (WebCore::HTMLPlugInElement::removedFromDocument):
111         * html/HTMLPlugInElement.h:
112
113 2011-09-08  Daniel Bates  <dbates@webkit.org>
114
115         XSS filter bypass via non-standard URL encoding
116         https://bugs.webkit.org/show_bug.cgi?id=66588
117
118         Reviewed by Adam Barth.
119
120         Tests: http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair.html
121                http/tests/security/xssAuditor/script-tag-with-16bit-unicode.html
122                http/tests/security/xssAuditor/script-tag-with-16bit-unicode2.html
123                http/tests/security/xssAuditor/script-tag-with-16bit-unicode3.html
124                http/tests/security/xssAuditor/script-tag-with-16bit-unicode4.html
125                http/tests/security/xssAuditor/script-tag-with-16bit-unicode5.html
126                http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html
127                http/tests/security/xssAuditor/window-open-without-url-should-not-assert.html
128
129         Implement support for decoding non-standard 16-bit Unicode escape sequences of
130         the form %u26C4 as described in <http://www.w3.org/International/iri-edit/draft-duerst-iri.html#anchor29>.
131
132         See also <http://en.wikipedia.org/wiki/Percent-encoding#Non-standard_implementations>.
133
134         * GNUmakefile.list.am: Added DecodeEscapeSequences.h.
135         * WebCore.gypi: Ditto.
136         * WebCore.pro: Ditto.
137         * WebCore.vcproj/WebCore.vcproj: Ditto.
138         * WebCore.xcodeproj/project.pbxproj: Ditto.
139         * html/parser/XSSAuditor.cpp:
140         (WebCore::decode16BitUnicodeEscapeSequences): Added.
141         (WebCore::decodeStandardURLEscapeSequences): Added.
142         (WebCore::fullyDecodeString): Modified to call decode16BitUnicodeEscapeSequences().
143         (WebCore::XSSAuditor::init): Modified to return early when the URL of the document
144         is the empty string. This can happen when opening a new browser window or calling
145         window.open("").
146         * platform/KURL.cpp:
147         (WebCore::decodeURLEscapeSequences): Abstracted code into template-function decodeEscapeSequences().
148         This function just calls decodeEscapeSequences<URLEscapeSequence>().
149         * platform/text/DecodeEscapeSequences.h: Added.
150         (WebCore::Unicode16BitEscapeSequence::findInString):
151         (WebCore::Unicode16BitEscapeSequence::matchStringPrefix):
152         (WebCore::Unicode16BitEscapeSequence::decodeRun):
153         (WebCore::URLEscapeSequence::findInString):
154         (WebCore::URLEscapeSequence::matchStringPrefix):
155         (WebCore::URLEscapeSequence::decodeRun):
156         (WebCore::decodeEscapeSequences):
157
158 2011-09-08  Adam Barth  <abarth@webkit.org>
159
160         DocumentWriter::deprecatedFrameEncoding doesn't need to refert to Settings
161         https://bugs.webkit.org/show_bug.cgi?id=67812
162
163         Reviewed by Eric Seidel.
164
165         The one caller of this function does this work already.
166
167         * loader/DocumentWriter.cpp:
168         (WebCore::DocumentWriter::deprecatedFrameEncoding):
169
170 2011-09-08  Adam Klein  <adamk@chromium.org>
171
172         Always zero-out m_sortedTextBoxesPosition to avoid uninitialized read in TextIterator
173         https://bugs.webkit.org/show_bug.cgi?id=67810
174
175         Reviewed by Tony Chang.
176
177         Reported as a valgrind failure in http://crbug.com/84777.
178
179         No possible change in behavior, so no tests. The unitialized read
180         could never have an impact:
181
182            if (m_sortedTextBoxesPosition + 1 < m_sortedTextBoxes.size()) ...
183
184         Since m_sortedTextBoxes.size() will be zero here if
185         m_sortedTextBoxesPosition is uninitialized, and they're both unsigned,
186         so no possible value of m_sortedTextBoxesPosition could be < 0.
187
188         * editing/TextIterator.cpp:
189         (WebCore::TextIterator::TextIterator):
190
191 2011-09-08  Tony Chang  <tony@chromium.org>
192
193         Cleanup of switch statements with default cases
194         https://bugs.webkit.org/show_bug.cgi?id=67808
195
196         Reviewed by Adam Barth.
197
198         No new tests, just a small refactoring.
199
200         * page/WebKitAnimation.cpp:
201         (WebCore::WebKitAnimation::fillMode):
202         * platform/audio/Distance.cpp:
203         (WebCore::DistanceEffect::gain):
204
205 2011-09-08  Eric Seidel  <eric@webkit.org>
206
207         [BiDi] Add support for the BDI element
208         https://bugs.webkit.org/show_bug.cgi?id=50913
209
210         Reviewed by Ryosuke Niwa.
211
212         This patch is ridiculously trivial now that we have unicode-bidi: isolate support in WebKit.
213
214         Test: css3/bdi-element.html
215
216         * css/html.css:
217         (bdi):
218
219 2011-09-08  David Levin  <levin@chromium.org>
220
221         [chromium] KURL::copy doesn't produce something usable on another thread.
222         https://bugs.webkit.org/show_bug.cgi?id=67809
223
224         Reviewed by Adam Barth.
225
226         No new functionality exposed so no new test. This was caught by testing code: the thread
227         sanitizer run in Chromium (http://code.google.com/p/chromium/issues/detail?id=93708).
228
229         * platform/KURLGoogle.cpp:
230         (WebCore::KURLGooglePrivate::copyTo): Clear out the invalid String so that it will
231         not be used on another thread.
232
233 2011-09-08  Alexey Proskuryakov  <ap@apple.com>
234
235         REGRESSION (r66874): Missing RefPtr in ScriptController
236         https://bugs.webkit.org/show_bug.cgi?id=67748
237
238         Reviewed by Adam Barth.
239
240         * bindings/ScriptControllerBase.cpp: (WebCore::ScriptController::executeScript):
241
242 2011-09-08  Adam Barth  <abarth@webkit.org>
243
244         Second attempt to fix Chromium build.
245
246         * dom/Document.h:
247
248 2011-09-08  Oliver Hunt  <oliver@apple.com>
249
250         Use bump allocator for initial property storage
251         https://bugs.webkit.org/show_bug.cgi?id=67494
252
253         Reviewed by Geoffrey Garen.
254
255         Add a forwarding header.
256
257         * ForwardingHeaders/runtime/StorageBarrier.h: Added.
258
259 2011-09-08  Roland Steiner  <rolandsteiner@chromium.org>
260
261         Unreviewed, rolling out r94809.
262         http://trac.webkit.org/changeset/94809
263         https://bugs.webkit.org/show_bug.cgi?id=67718
264
265         commit _still_ premature, despite CQ eagerness
266
267         * html/HTMLAttributeNames.in:
268         * html/HTMLStyleElement.cpp:
269         * html/HTMLStyleElement.h:
270         * html/HTMLStyleElement.idl:
271
272 2011-09-08  Sam Weinig  <sam@webkit.org>
273
274         Remove the Completion object from JSC, I have never liked it
275         https://bugs.webkit.org/show_bug.cgi?id=67755
276
277         Reviewed by Gavin Barraclough.
278
279         * bindings/js/JSDOMBinding.cpp:
280         (WebCore::reportException):
281         * bindings/js/JSEventListener.cpp:
282         (WebCore::JSEventListener::handleEvent):
283         * bindings/js/JSInjectedScriptManager.cpp:
284         (WebCore::InjectedScriptManager::createInjectedScript):
285         * bindings/js/JSMainThreadExecState.h:
286         (WebCore::JSMainThreadExecState::evaluate):
287         * bindings/js/ScriptController.cpp:
288         (WebCore::ScriptController::evaluateInWorld):
289         * bindings/js/WorkerScriptController.cpp:
290         (WebCore::WorkerScriptController::evaluate):
291         * bindings/objc/WebScriptObject.mm:
292         (-[WebScriptObject evaluateWebScript:]):
293         * bridge/NP_jsobject.cpp:
294         (_NPN_Evaluate):
295         * bridge/jni/jni_jsobject.mm:
296         (JavaJSObject::eval):
297
298 2011-09-08  Adam Barth  <abarth@webkit.org>
299
300         Inline DocumentWriter::encoding() into it's only caller: deprecatedFrameEncoding()
301         https://bugs.webkit.org/show_bug.cgi?id=67807
302
303         Reviewed by Eric Seidel.
304
305         This function is super nutty.  We don't want any more folks to call it
306         thinking that it does something sane.
307
308         * loader/DocumentWriter.cpp:
309         (WebCore::DocumentWriter::deprecatedFrameEncoding):
310         * loader/DocumentWriter.h:
311
312 2011-09-08  Roland Steiner  <rolandsteiner@chromium.org>
313
314         <style scoped>: Add 'scoped' attribute
315         https://bugs.webkit.org/show_bug.cgi?id=67718
316
317         Add 'scoped' attribute to IDL and attribute list,
318         implement and test setting/resetting of the attribute.
319
320         Reviewed by Dimitri Glazkov.
321
322         Test: fast/css/style-scoped/basic-attribute.html
323
324         * html/HTMLAttributeNames.in:
325         * html/HTMLStyleElement.cpp:
326         (WebCore::HTMLStyleElement::scoped):
327         (WebCore::HTMLStyleElement::setScoped):
328         (WebCore::HTMLStyleElement::scopingElement):
329         * html/HTMLStyleElement.h:
330         * html/HTMLStyleElement.idl:
331
332 2011-09-08  Sheriff Bot  <webkit.review.bot@gmail.com>
333
334         Unreviewed, rolling out r94781.
335         http://trac.webkit.org/changeset/94781
336         https://bugs.webkit.org/show_bug.cgi?id=67806
337
338         Broke Objective-C binding on Mac (Requested by rniwa on
339         #webkit).
340
341         * dom/Element.idl:
342         * dom/Node.cpp:
343         (WebCore::Node::contains):
344         * dom/Node.idl:
345         * editing/DeleteSelectionCommand.cpp:
346         (WebCore::DeleteSelectionCommand::mergeParagraphs):
347
348 2011-09-08  Eric Seidel  <eric@webkit.org>
349
350         Remove DocumentWriter::setDecoder as a grep of WebKit shows no callers
351         https://bugs.webkit.org/show_bug.cgi?id=67803
352
353         Reviewed by Adam Barth.
354
355         Smells like dead code.
356
357         * loader/DocumentWriter.cpp:
358         * loader/DocumentWriter.h:
359
360 2011-09-08  Shinya Kawanaka  <shinyak@google.com>
361
362         Crashes in WebCore::ReplaceSelectionCommand::doApply
363         https://bugs.webkit.org/show_bug.cgi?id=67762
364
365         Reviewed by Ryosuke Niwa.
366
367         WebCore::enclosingBlock may return null, but its return value was not checked. This patch checks it.
368
369         Tests: editing/inserting/insert-without-enclosing-block.html
370
371         * editing/ReplaceSelectionCommand.cpp:
372         (WebCore::ReplaceSelectionCommand::doApply): Added null check.
373
374 2011-09-08  Sheriff Bot  <webkit.review.bot@gmail.com>
375
376         Unreviewed, rolling out r94784.
377         http://trac.webkit.org/changeset/94784
378         https://bugs.webkit.org/show_bug.cgi?id=67796
379
380         Commit was premature (Requested by rolandsteiner on #webkit).
381
382         * html/HTMLAttributeNames.in:
383         * html/HTMLStyleElement.cpp:
384         * html/HTMLStyleElement.h:
385         * html/HTMLStyleElement.idl:
386
387 2011-09-08  W. James MacLean  <wjmaclean@chromium.org>
388
389         [chromium] Add backend compositor support for rescaling (zooming) textures during zoom animation.
390         https://bugs.webkit.org/show_bug.cgi?id=66472
391
392         This patch contains plumbing from Internals to WebViewImpl that can be removed
393         at a later time when the zoom animator code is complete.
394
395         Reviewed by James Robinson.
396
397         Test: platform/chromium/compositing/zoom-animator-scale-test.html
398
399         * page/Settings.cpp:
400         (WebCore::Settings::Settings):
401         * page/Settings.h:
402         (WebCore::Settings::setZoomAnimatorScale):
403         (WebCore::Settings::zoomAnimatorScale):
404         * platform/graphics/chromium/LayerRendererChromium.cpp:
405         (WebCore::LayerRendererChromium::LayerRendererChromium):
406         (WebCore::LayerRendererChromium::drawLayersInternal):
407         * platform/graphics/chromium/LayerRendererChromium.h:
408         (WebCore::LayerRendererChromium::setZoomAnimatorScale):
409         * platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
410         (WebCore::CCLayerTreeHost::CCLayerTreeHost):
411         (WebCore::CCLayerTreeHost::commitTo):
412         (WebCore::CCLayerTreeHost::setZoomAnimatorScale):
413         (WebCore::CCLayerTreeHost::updateLayers):
414         * platform/graphics/chromium/cc/CCLayerTreeHost.h:
415         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
416         (WebCore::CCLayerTreeHostImpl::setZoomAnimatorScale):
417         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
418         * testing/Internals.cpp:
419         (WebCore::Internals::setZoomAnimatorScale):
420         * testing/Internals.h:
421         * testing/Internals.idl:
422
423 2011-09-08  Eric Carlson  <eric.carlson@apple.com>
424
425         HTMLMediaElement is missing initialTime attribute
426         https://bugs.webkit.org/show_bug.cgi?id=67791
427
428         Reviewed by Darin Adler.
429
430         Test: media/media-initialTime.html
431
432         * html/HTMLMediaElement.cpp:
433         (WebCore::HTMLMediaElement::initialTime):
434         * html/HTMLMediaElement.h:
435         * html/HTMLMediaElement.idl:
436         * platform/graphics/MediaPlayer.cpp:
437         (WebCore::MediaPlayer::initialTime):
438         * platform/graphics/MediaPlayer.h:
439         * platform/graphics/MediaPlayerPrivate.h:
440         (WebCore::MediaPlayerPrivateInterface::initialTime):
441
442 2011-09-03  Robert Hogan  <robert@webkit.org>
443
444         Elements with position:absolute don't move to correct position after images load
445         https://bugs.webkit.org/show_bug.cgi?id=54611
446
447         Reviewed by Simon Fraser.
448
449         Test: fast/block/positioning/absolute-layout-after-image-load.html
450
451         In the test the 'label' block is an absolutely positioned child of an inline flow. So during layout, 
452         this RenderBlock::layoutPositionedObjects fails to dirty it for rendering because it requires 
453         the parent to be a BlockFlow. The code to do this was introduced in http://trac.webkit.org/changeset/8284. 
454         There doesn't seem to be a good reason for requiring a BlockFlow, so remove the check. 
455
456         Note: Although the issue is encountered only on first load without a fragment identifier, it 
457         happens reliably when you include the fragment identifier in the url (#Footnote_1). This is so 
458         because scrolling to the fragment always happens before the image has loaded, rendering the page 
459         and clearing the initial dirty bits in the positioned element's renderer. When the image finally 
460         loads in this scenario, the positioned element is otherwise clean and relies on the above code to get 
461         re-rendered.
462
463         Note: This was originally landed in r94755 but positioned-float-layout-after-image-load.html exposed
464               an ASSERT bug, unrelated to this change, and was rolled out. That issue is tracked separately
465               in bug 67759.
466
467         * rendering/RenderBlock.cpp:
468         (WebCore::RenderBlock::layoutPositionedObjects): remove the check for r->parent()->isBlockFlow() when 
469                                                          deciding whether to mark children for layout
470
471 2011-09-08  Roland Steiner  <rolandsteiner@chromium.org>
472
473         <style scoped>: Add 'scoped' attribute
474         https://bugs.webkit.org/show_bug.cgi?id=67718
475
476         Add 'scoped' attribute to IDL and attribute list,
477         implement and test setting/resetting of the attribute.
478
479         Reviewed by Dimitri Glazkov.
480
481         Test: fast/css/style-scoped/basic-attribute.html
482
483         * html/HTMLAttributeNames.in:
484         * html/HTMLStyleElement.cpp:
485         (WebCore::HTMLStyleElement::scoped):
486         (WebCore::HTMLStyleElement::setScoped):
487         (WebCore::HTMLStyleElement::scopingElement):
488         * html/HTMLStyleElement.h:
489         * html/HTMLStyleElement.idl:
490
491 2011-09-08  Erik Arvidsson  <arv@chromium.org>
492
493         Move Element.contains to Node
494         https://bugs.webkit.org/show_bug.cgi?id=67651
495
496         Reviewed by Darin Adler.
497
498         This moves the contains method from Element to Node as in the DOM4 working draft: 
499         http://dvcs.w3.org/hg/domcore/raw-file/tip/Overview.html#dom-node-contains
500
501         This also special cases Document contains to make it O(1) instead of O(depth).
502
503         Tests: fast/dom/Node/contains-method.html
504                perf/document-contains.html
505
506         * dom/Element.idl:
507         * dom/Node.cpp:
508         (WebCore::Node::contains): Added document special case.
509         * dom/Node.idl:
510         * editing/DeleteSelectionCommand.cpp:
511         (WebCore::DeleteSelectionCommand::mergeParagraphs): Added a null check.
512
513 2011-09-08  Chris Rogers  <crogers@google.com>
514
515         Check AudioContext createChannelMerger() for thread safety
516         https://bugs.webkit.org/show_bug.cgi?id=67247
517
518         Reviewed by Kenneth Russell.
519
520         Test: webaudio/audiochannelmerger-stereo.html
521
522         * webaudio/AudioChannelMerger.cpp:
523         (WebCore::AudioChannelMerger::process):
524         (WebCore::AudioChannelMerger::checkNumberOfChannelsForInput):
525         * webaudio/AudioChannelMerger.h:
526
527 2011-09-08  Ned Holbrook  <nholbrook@apple.com>
528
529         Refactor hyphen measurement
530         https://bugs.webkit.org/show_bug.cgi?id=67728
531
532         Reviewed by Darin Adler.
533
534         No new tests, purely refactoring.
535
536         * rendering/RenderBlockLineLayout.cpp:
537         (WebCore::measureHyphenWidth): Added.
538         (WebCore::setLogicalWidthForTextRun): Use measureHyphenWidth().
539         (WebCore::tryHyphenating): Ditto.
540         (WebCore::RenderBlock::LineBreaker::nextLineBreak): Ditto.
541
542 2011-09-08  Julien Chaffraix  <jchaffraix@webkit.org>
543
544         Remove LayoutStateDisabler instances from RenderLayer
545         https://bugs.webkit.org/show_bug.cgi?id=66896
546
547         Reviewed by Simon Fraser.
548
549         As part of r93614, scrollTo does not call updateLayerPositions anymore.
550         This means that we don't need to disable LayoutState from the scrolling code
551         in RenderLayer.
552
553         This change is covered by the existing tests.
554
555         * rendering/RenderLayer.cpp:
556         (WebCore::RenderLayer::updateLayerPositions): Updated the comment
557         that was not accurate anymore. Also explained what is wrong with
558         LayoutState vs RenderLayer now. Note that the ASSERT is still
559         valid and will not trigger as the remaining calls to updateLayerPositions
560         are done *outside* layout() where LayoutState is not set (thus disabled).
561
562         (WebCore::RenderLayer::updateScrollInfoAfterLayout): Removed
563         2 LayoutStateDisabler surrounding scrollToOffset.
564
565 2011-09-08  Julien Chaffraix  <jchaffraix@webkit.org>
566
567         Factor out the code to get the first non-null RenderTableSection in RenderTable
568         https://bugs.webkit.org/show_bug.cgi?id=66972
569
570         Reviewed by Darin Adler.
571
572         Refactoring only, covered by existing tests.
573
574         * accessibility/AccessibilityTable.cpp:
575         (WebCore::AccessibilityTable::addChildren):
576         (WebCore::AccessibilityTable::cellForColumnAndRow):
577         * accessibility/AccessibilityTableCell.cpp:
578         (WebCore::AccessibilityTableCell::rowIndexRange):
579         Updated those for the signature change in sectionBelow. Also added
580         a FIXME where topSection should be used instead of iterating
581         over the section (and likely missing some corner cases).
582
583         * rendering/FixedTableLayout.cpp:
584         (WebCore::FixedTableLayout::calcWidthArray):
585         * rendering/RenderTable.cpp:
586         (WebCore::RenderTable::calcBorderStart):
587         (WebCore::RenderTable::calcBorderEnd):
588         (WebCore::RenderTable::outerBorderBefore):
589         (WebCore::RenderTable::sectionAbove):
590         (WebCore::RenderTable::sectionBelow):
591         (WebCore::RenderTable::firstLineBoxBaseline):
592         Updated all those functions to use the newly added functions. Also changed
593         the variable names to match the functions.
594
595         (WebCore::RenderTable::layout):
596         (WebCore::RenderTable::topNonEmptySection): Newly added function
597         that returns the top non null section of the table that has at least a
598         row.
599
600         (WebCore::RenderTable::cellAbove):
601         (WebCore::RenderTable::cellBelow):
602         Update the signature of those 2 functions to take an enum as it makes the
603         rest of the code more readable.
604
605         * rendering/RenderTable.h:
606         (WebCore::RenderTable::topSection): Newly added function to return
607         the top non null section in the table.
608
609 2011-04-19  Eric Seidel  <eric@webkit.org>
610
611         Reviewed by Ryosuke Niwa.
612
613         [BiDi] [CSS3] MASTER: Add support for the unicode-bidi:isolate CSS property
614         https://bugs.webkit.org/show_bug.cgi?id=50912
615
616         This patch adds support for CSS3 unicode-bidi: isolate property, under the -webkit- vendor prefix.
617         Parsing support was added in a previous patch, this wires up the RenderStyle values
618         to code changes in the BidiResolver.
619
620         The effect of this patch is that it makes it possible to "isolate" runs of text
621         so that their RTL-ness or LTR-ness does not bleed out into the rest of your text
622         and effect layout.  This is important because many unicode characters (like parenthesis, ':', '-', etc.)
623         do not have intrinsic directionality and are affected by whatever characters come before/after.
624         If you have usernames which include RTL text, if you inject those usernames in your page
625         you might end up with nearby characters moving!
626         (like 'RTL USERNAME - my awesome site' as a title, could end up as
627         'my awesome site - USERNAME RTL' when correct would be 'USERNAME RTL - my awesome site'.)
628         This patch makes it possible to wrap sections of text in isolated spans, so that
629         they correctly order all their RTL/LTR contents, but also correctly participate in the
630         larger RTL/LTR ordering without affecting nearby characters.
631
632         Because much of this code is old and rarely touched, I've included extra background
633         information in hopes of expanding my set of potential reviewers:
634
635         WebKit uses the standard "Unicode Bidi Algorithm" henceforth known as the UBA.
636         The UBA is defined at http://unicode.org/reports/tr9/ for those not faint of heart.
637
638         Text layout is done per-block (<div>, <p>, etc), and begins with a string of text
639         (which in our case comes from the rendering tree) and a specified width.
640         First:  Text is measured and wrapped into lines.
641         Second: The UBA is run over the lines of text.
642         Third:  WebKit builds InlineBoxes (its linebox tree) and eventually render the text.
643
644         This patch modifies our UBA to ignore all text content inside "isolated" inlines (treating them as neutral characters)
645         and then adds another step after running the UBA, where we run the UBA recursively on any
646         previously identified "isolated" content.
647
648         The result of the UBA is an ordered list of "runs" of text with the RTL runs
649         correctly RTL and the LTR runs LTR.
650
651         The UBA does three things:
652         1.  It assigns a "class" to each character in a text stream (like neutral, strongly-RTL, strongly-LTR, etc.)
653         2.  Divides the text stream up into "runs" of characters of the same directionality (all RTL, all LTR).
654         3.  Re-orders those runs.
655
656         The UBA in WebKit is implemented by BidiResolver<T> in BidiResolver.h
657
658         The InlineBidiResolver (BidiResolver specialization which knows about the rendering tree)
659         walks along its InlineIterators, looking at each character and running the
660         Unicode Bidi Algorithm (UBA).  It walks through the rendering tree subtree under
661         a block, using a (poorly named) bidiNext function which returns the next inline object.
662         Each inline object (or text character there-in) has a corresponding meaning in the UBA
663         such as a "strong RTL" character or a "neutral" character.  The UBA reads these sequence
664         of characters, and figures out what direction (RTL or LTR) to assign to any neutral
665         characters it encounters, based on surrounding characters.
666
667         As the InlineBidiResolver is walking the rendering tree, the InlineIterator::advance()
668         function calls bidiNext(), which in turn can call notifyObserverEnteredObject/notifyObserverWillExitObject
669         notifying InlineBidiResolver that it is entering or exiting an "isolated"
670         span, at which point it will either start or stop ignoring the stream of characters
671         from the InlineIterator.  When the InlineBidiResolver is ignoring the stream of
672         characters, instead of creating separate BidiRuns at each RTL/LTR boundary
673         as it normally would, it instead creates one "fake" run for the entire
674         isolated span.  These fake runs participate in the normal UBA run ordering process,
675         but after the main UBA, a second pass is made where we examine
676         the list of isolatedRuns() and run the UBA on each of them, replacing the fake
677         run we previously inserted, with the resulting list of runs from that inner UBA run.
678         The way it "ignores" characters is by treating them all as neutral when inside an isolate.
679         Thus all the characters end up grouped in a single run, but their directionality (as a group)
680         is correctly affected by any surrounding strong characters.
681
682         If you understood that last paragraph, than the rest of the change is just plumbing.
683
684         I added a huge number of FIXMEs to this code, because this code has a variety of
685         design choices (or lack there of) which make some of this very difficult.
686
687         For example the bidiNext iterator function has two sets of mutually exclusive
688         parameters and can be used optionally with or without an observer.  Prior to this
689         change there was only ever one object which cared about observing a walk over inlines
690         and that was InlineBidiResolver.  This patch (regretfully) templatizes bidiNext
691         to support a new Observer type.  The correct fix would be to rip bidiNext into
692         multiple functions and rip need for observation out of InlineBidiResolver.
693         Unfortunately I've tried both in separate bugs and failed.  This code is very very
694         old and very poorly understood.  We're slowly moving forward, this is another tiny step.
695
696         This is my fourth iteration of this patch (I'm happy to do more!), but I believe
697         it's a good compromise between fixing all of the design gotcha's of our bidi
698         system and doing the minimum amount to add this killer CSS feature.
699
700         I ran the PLT.  (It averaged 0.2% faster with this change, but I attribute that to noise).
701
702         Test: css3/unicode-bidi-isolate-basic.html and css3/unicode-bidi-isolate-aharon.html
703
704         * platform/text/BidiResolver.h:
705         (WebCore::BidiCharacterRun::setNext):
706          - Needed by the new replaceRunWithRuns function.
707         (WebCore::BidiResolver::BidiResolver):
708         (WebCore::BidiResolver::~BidiResolver):
709         (WebCore::BidiResolver::enterIsolate):
710         (WebCore::BidiResolver::exitIsolate):
711         (WebCore::BidiResolver::inIsolate):
712         (WebCore::BidiResolver::isolatedRuns):
713          - Used to track isolated spans of text as they're encoutered.
714            They're stuffed away here to be processed recursively
715            after the main UBA has done its thang.
716         (WebCore::::appendRun):
717         (WebCore::::embed):
718         (WebCore::::commitExplicitEmbedding):
719         (WebCore::::createBidiRunsForLine):
720         * platform/text/BidiRunList.h:
721         (WebCore::::replaceRunWithRuns):
722          - This effectively takes all the runs from one runlist and adds them to
723            this one, replacing the fake run we inserted during a previous pass of the UBA.
724          - This RunList now owns the runs, so we call clear() on the other RunList
725            so that we don't end up double-freeing the runs.
726         (WebCore::::clear):
727          - This allows us to "take" runs from another run list and then clear it.
728         * rendering/BidiRun.h:
729         (WebCore::BidiRun::object):
730         * rendering/InlineIterator.h:
731         (WebCore::InlineIterator::object):
732         (WebCore::InlineIterator::offset):
733         (WebCore::notifyObserverEnteredObject): Mostly just renaming and adding a FIXME about plaintext.
734         (WebCore::notifyObserverWillExitObject): Mostly just renaming.
735         (WebCore::addPlaceholderRunForIsolatedInline):
736         (WebCore::isIsolatedInline):
737         (WebCore::InlineBidiResolver::appendRun):
738         * rendering/RenderBlockLineLayout.cpp:
739         (WebCore::statusWithDirection):
740         (WebCore::constructBidiRuns):
741          - This is the heavy-lifting of this change.  This function
742            runs the UBA recursively on all the previously identified isolated spans.
743          - If we encounter more isolated spans in our run, we just add them to the
744            main list an keep going.  Because the runs are linked lists and we have
745            direct pointers to our placeholder objects, we don't care what order
746            we process the placeholders in, so long as when we're done, they're all processed.
747         (WebCore::RenderBlock::layoutInlineChildren):
748
749 2011-09-08  Kentaro Hara  <haraken@google.com>
750
751         Implement a ProgressEvent constructor for JSC
752         https://bugs.webkit.org/show_bug.cgi?id=67537
753
754         Reviewed by Sam Weinig.
755
756         The spec for the ProgressEvent constructor is here:
757         http://www.w3.org/TR/progress-events/#interface-progressevent
758
759         Test: fast/events/constructors/progress-event-constructor.html
760
761         * bindings/generic/EventConstructors.h: Added a definition for the ProgressEvent constructor.
762         * bindings/js/JSDictionary.cpp:
763         (WebCore::JSDictionary::convertValue): Converts an ECMA-262 Number into an IDL unsigned long long value. Spec: http://www.w3.org/TR/WebIDL/#es-unsigned-long-long
764         * bindings/js/JSEventConstructors.cpp: Added #includes for ProgressEvent.
765         * dom/ProgressEvent.cpp:
766         (WebCore::ProgressEventInit::ProgressEventInit):
767         (WebCore::ProgressEvent::ProgressEvent):
768         * dom/ProgressEvent.h: Added a definition for ProgressEventInit.
769         (WebCore::ProgressEvent::create):
770         * dom/ProgressEvent.idl: Makes ProgressEvent constructible.
771
772 2011-09-08  Ryosuke Niwa  <rniwa@webkit.org>
773
774         Make bindings tests quiet after r94701.
775
776         * bindings/scripts/test/JS/JSTestInterface.cpp:
777         * bindings/scripts/test/JS/JSTestInterface.h:
778         (WebCore::JSTestInterfacePrototype::JSTestInterfacePrototype):
779         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
780         * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
781         (WebCore::JSTestMediaQueryListListenerPrototype::JSTestMediaQueryListListenerPrototype):
782         * bindings/scripts/test/JS/JSTestObj.cpp:
783         * bindings/scripts/test/JS/JSTestObj.h:
784         (WebCore::JSTestObjPrototype::JSTestObjPrototype):
785         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
786         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
787         (WebCore::JSTestSerializedScriptValueInterfacePrototype::JSTestSerializedScriptValueInterfacePrototype):
788
789 2011-09-07  Pavel Podivilov  <podivilov@chromium.org>
790
791         Web Inspector: get rid of RawSourceCode.createSourceMappingIfNeeded.
792         https://bugs.webkit.org/show_bug.cgi?id=67717
793
794         Listen to SourceMappingUpdated event instead of using createSourceMappingIfNeeded.
795
796         Reviewed by Yury Semikhatsky.
797
798         * inspector/front-end/DebuggerPresentationModel.js:
799         (WebInspector.DebuggerPresentationModel):
800         (WebInspector.DebuggerPresentationModel.prototype.linkifyLocation.updateAnchor):
801         (WebInspector.DebuggerPresentationModel.prototype.linkifyLocation):
802         (WebInspector.DebuggerPresentationModel.prototype._updateSourceMapping):
803         (WebInspector.DebuggerPresentationModel.prototype._restoreBreakpoints):
804         (WebInspector.DebuggerPresentationModel.prototype._restoreConsoleMessages):
805         (WebInspector.DebuggerPresentationModel.prototype.setFormatSource):
806         (WebInspector.DebuggerPresentationModel.prototype._consoleMessageAdded):
807         (WebInspector.DebuggerPresentationModel.prototype._createPresentationMessage):
808         (WebInspector.DebuggerPresentationModel.prototype._consoleCleared):
809         (WebInspector.DebuggerPresentationModel.prototype.continueToLine):
810         (WebInspector.DebuggerPresentationModel.prototype.messagesForUISourceCode):
811         (WebInspector.DebuggerPresentationModel.prototype._debuggerReset):
812         (WebInspector.PresentationCallFrame.prototype.sourceLine.sourceMappingUpdated):
813         (WebInspector.PresentationCallFrame.prototype.sourceLine):
814         * inspector/front-end/SourceFile.js:
815
816 2011-09-06  Pavel Podivilov  <podivilov@chromium.org>
817
818         Web Inspector: do not re-create RawSourceCode when toggling pretty-print mode.
819         https://bugs.webkit.org/show_bug.cgi?id=67647
820
821         1) Implement RawSourceCode.setFormatted that allows toggling pretty-print mode on the fly without resetting everything.
822         2) Add RawSourceCode unit tests.
823         3) Remove source mapping listeners and console messages from presentation model (they live in RawSourceCode now).
824
825         Reviewed by Yury Semikhatsky.
826
827         Test: inspector/debugger/raw-source-code.html
828
829         * inspector/front-end/DebuggerPresentationModel.js:
830         (WebInspector.DebuggerPresentationModel):
831         (WebInspector.DebuggerPresentationModel.prototype.linkifyLocation):
832         (WebInspector.DebuggerPresentationModel.prototype._addScript):
833         (WebInspector.DebuggerPresentationModel.prototype._sourceMappingUpdated):
834         (WebInspector.DebuggerPresentationModel.prototype.setFormatSource):
835         (WebInspector.DebuggerPresentationModel.prototype._createRawSourceCodeId):
836         (WebInspector.DebuggerPresentationModel.prototype._debuggerReset):
837         * inspector/front-end/ScriptsPanel.js:
838         (WebInspector.ScriptsPanel.prototype._toggleFormatSource):
839         * inspector/front-end/SourceFile.js:
840         (WebInspector.RawSourceCode):
841         (WebInspector.RawSourceCode.prototype.get uiSourceCode):
842         (WebInspector.RawSourceCode.prototype.setFormatted):
843         (WebInspector.RawSourceCode.prototype.rawLocationToUILocation):
844         (WebInspector.RawSourceCode.prototype._saveSourceMapping):
845
846 2011-09-08  Alexander Pavlov  <apavlov@chromium.org>
847
848         Web Inspector: [REGRESSION] Clear console shortcut Ctrl + L broken
849         https://bugs.webkit.org/show_bug.cgi?id=67711
850
851         Reviewed by Yury Semikhatsky.
852
853         * inspector/front-end/ConsoleView.js:
854         (WebInspector.ConsoleView.prototype._consoleCleared):
855         (WebInspector.ConsoleView.prototype._registerShortcuts):
856         (WebInspector.ConsoleView.prototype._promptKeyDown):
857
858 2011-09-08  Andras Becsi  <andras.becsi@nokia.com>
859
860         [Qt] Build fails with strict compiler
861         https://bugs.webkit.org/show_bug.cgi?id=67778
862
863         Reviewed by Csaba Osztrogonác.
864
865         No new tests needed.
866
867         * platform/graphics/TiledBackingStore.cpp:
868         (WebCore::TiledBackingStore::resizeEdgeTiles): Remove unused contentsRect variable
869         which's usage was removed in r94681 to fix the build with [-Werror=unused-but-set-variable].
870
871 2011-09-08  Sheriff Bot  <webkit.review.bot@gmail.com>
872
873         Unreviewed, rolling out r94695.
874         http://trac.webkit.org/changeset/94695
875         https://bugs.webkit.org/show_bug.cgi?id=67776
876
877         Hitting an assertion on Snow Leopard, Qt, GTK (Requested by
878         Zoltan on #webkit).
879
880         * rendering/RenderBlock.cpp:
881         (WebCore::RenderBlock::positionedFloatsNeedRelayout):
882         (WebCore::RenderBlock::layoutPositionedObjects):
883
884 2011-09-08  Alexander Pavlov  <apavlov@chromium.org>
885
886         Unreviewed, strip trailing whitespace in the Web Inspector frontend (*.js and *.css).
887
888         * inspector/front-end/ApplicationCacheItemsView.js:
889         * inspector/front-end/AuditResultView.js:
890         * inspector/front-end/BinarySearch.js:
891         * inspector/front-end/CSSStyleModel.js:
892         * inspector/front-end/ConsoleMessage.js:
893         * inspector/front-end/ConsoleModel.js:
894         * inspector/front-end/ConsoleView.js:
895         * inspector/front-end/CookieItemsView.js:
896         * inspector/front-end/CookieParser.js:
897         * inspector/front-end/DOMAgent.js:
898         * inspector/front-end/DOMStorage.js:
899         * inspector/front-end/DOMStorageItemsView.js:
900         * inspector/front-end/DataGrid.js:
901         * inspector/front-end/Database.js:
902         * inspector/front-end/DatabaseQueryView.js:
903         * inspector/front-end/DetailedHeapshotGridNodes.js:
904         * inspector/front-end/DetailedHeapshotView.js:
905         * inspector/front-end/ElementsTreeOutline.js:
906         * inspector/front-end/EmptyView.js:
907         * inspector/front-end/EventListenersSidebarPane.js:
908         * inspector/front-end/ExtensionCommon.js:
909         * inspector/front-end/GoToLineDialog.js:
910         * inspector/front-end/HeapSnapshot.js:
911         * inspector/front-end/HeapSnapshotProxy.js:
912         * inspector/front-end/HeapSnapshotWorkerDispatcher.js:
913         * inspector/front-end/ImageView.js:
914         * inspector/front-end/InjectedFakeWorker.js:
915         * inspector/front-end/InspectorFrontendHostStub.js:
916         * inspector/front-end/MetricsSidebarPane.js:
917         * inspector/front-end/NetworkManager.js:
918         * inspector/front-end/NetworkPanel.js:
919         * inspector/front-end/ObjectPropertiesSection.js:
920         * inspector/front-end/PartialQuickSort.js:
921         * inspector/front-end/ProfileView.js:
922         * inspector/front-end/ProfilesPanel.js:
923         * inspector/front-end/RemoteObject.js:
924         * inspector/front-end/Resource.js:
925         * inspector/front-end/ResourceCategory.js:
926         * inspector/front-end/ResourceHTMLView.js:
927         * inspector/front-end/ResourceHeadersView.js:
928         * inspector/front-end/ResourceJSONView.js:
929         * inspector/front-end/ResourceTimingView.js:
930         * inspector/front-end/ResourceTreeModel.js:
931         * inspector/front-end/ResourceView.js:
932         * inspector/front-end/ResourcesPanel.js:
933         * inspector/front-end/SearchController.js:
934         * inspector/front-end/SettingsScreen.js:
935         * inspector/front-end/ShortcutsScreen.js:
936         * inspector/front-end/SourceCSSTokenizer.js:
937         * inspector/front-end/SourceHTMLTokenizer.js:
938         * inspector/front-end/SourceJavaScriptTokenizer.js:
939         * inspector/front-end/StatusBarButton.js:
940         * inspector/front-end/TextEditorModel.js:
941         * inspector/front-end/TimelineGrid.js:
942         * inspector/front-end/View.js:
943         * inspector/front-end/heapProfiler.css:
944         * inspector/front-end/inspector.css:
945         * inspector/front-end/inspector.js:
946         * inspector/front-end/inspectorSyntaxHighlight.css:
947         * inspector/front-end/networkPanel.css:
948         * inspector/front-end/treeoutline.js:
949         * inspector/front-end/utilities.js:
950
951 2011-09-07  Andrey Kosyakov  <caseq@chromium.org>
952
953         Web Inspector: trying to scroll mouse wheel when in TextViewer's gutter pane causes EventException::DISPATCH_REQUEST_ERR
954         https://bugs.webkit.org/show_bug.cgi?id=67715
955
956         Reviewed by Yury Semikhatsky.
957
958         - avoid exception on attempt to dispatch an event that is being dispatched by cloning the event.
959
960         * inspector/front-end/TextViewer.js:
961         (WebInspector.TextViewer.forwardWheelEvent):
962         (WebInspector.TextViewer):
963
964 2011-09-07  Sheriff Bot  <webkit.review.bot@gmail.com>
965
966         Unreviewed, rolling out r94674 and r94689.
967         http://trac.webkit.org/changeset/94674
968         http://trac.webkit.org/changeset/94689
969         https://bugs.webkit.org/show_bug.cgi?id=67754
970
971         Broke inspector/debugger/script-formatter.html (Requested by
972         rniwa on #webkit).
973
974         * inspector/front-end/DebuggerPresentationModel.js:
975         (WebInspector.DebuggerPresentationModel):
976         (WebInspector.DebuggerPresentationModel.prototype.addSourceMappingListener):
977         (WebInspector.DebuggerPresentationModel.prototype.removeSourceMappingListener):
978         (WebInspector.DebuggerPresentationModel.prototype.linkifyLocation):
979         (WebInspector.DebuggerPresentationModel.prototype._addScript):
980         (WebInspector.DebuggerPresentationModel.prototype._sourceMappingUpdated):
981         (WebInspector.DebuggerPresentationModel.prototype._restoreBreakpoints):
982         (WebInspector.DebuggerPresentationModel.prototype.setFormatSource):
983         (WebInspector.DebuggerPresentationModel.prototype._createRawSourceCodeId):
984         (WebInspector.DebuggerPresentationModel.prototype._debuggerReset):
985         * inspector/front-end/ScriptsPanel.js:
986         (WebInspector.ScriptsPanel.prototype._toggleFormatSource):
987         * inspector/front-end/SourceFile.js:
988         (WebInspector.RawSourceCode):
989         (WebInspector.RawSourceCode.prototype.get uiSourceCode):
990         (WebInspector.RawSourceCode.prototype.get rawSourceCode):
991         (WebInspector.RawSourceCode.prototype.rawLocationToUILocation):
992         (WebInspector.RawSourceCode.prototype.requestContent):
993         (WebInspector.RawSourceCode.prototype._saveSourceMapping):
994
995 2011-09-07  Julien Chaffraix  <jchaffraix@webkit.org>
996
997         offsetFromRoot optimization is disabled after r93837
998         https://bugs.webkit.org/show_bug.cgi?id=67677
999
1000         Reviewed by Simon Fraser.
1001
1002         Unfortunately not covered by any test as it does not change updateLayerPosition complexity (it is still O(n^2)
1003         because of clippedOverflowRectForRepaint). However it is a noticeable slowdown on some use cases but we don't
1004         have a good test harness to cover such slowdown.
1005
1006         * rendering/RenderLayer.cpp:
1007         (WebCore::RenderLayer::updateLayerPositions): Pass offsetFromRoot as not doing so means that we miss
1008         the optimization altogether.
1009
1010         (WebCore::RenderLayer::computeRepaintRects):
1011         (WebCore::RenderLayer::updateLayerPositionsAfterScroll):
1012         * rendering/RenderLayer.h:
1013         Renamed |cachedOffset| to |offsetFromRoot| to be consistent with our latest renaming.
1014
1015 2011-09-07  Ryosuke Niwa  <rniwa@webkit.org>
1016
1017         Windows build fix after r94737.
1018
1019         * rendering/RenderBlock.cpp:
1020         (WebCore::RenderBlock::adjustRectForColumns):
1021
1022 2011-09-07  Dan Bernstein  <mitz@apple.com>
1023
1024         Removed hyphenation function implementations for an usupported build configuration.
1025
1026         Reviewed by Sam Weinig.
1027
1028         * platform/text/cf/HyphenationCF.cpp:
1029
1030 2011-09-07  David Hyatt  <hyatt@apple.com>
1031
1032         https://bugs.webkit.org/show_bug.cgi?id=67739
1033
1034         adjustRectForColumns is O(# of columns) when it can be O(1). Fix the slow performance of this
1035         function by removing the loop and just computing the start and end column for a repaint rect
1036         and uniting everything in between.
1037
1038         Reviewed by Dan Bernstein.
1039
1040         * rendering/RenderBlock.cpp:
1041         (WebCore::RenderBlock::adjustRectForColumns):
1042
1043 2011-09-07  Sheriff Bot  <webkit.review.bot@gmail.com>
1044
1045         Unreviewed, rolling out r94714 and r94723.
1046         http://trac.webkit.org/changeset/94714
1047         http://trac.webkit.org/changeset/94723
1048         https://bugs.webkit.org/show_bug.cgi?id=67746
1049
1050         breaks gtk-linux tests with assertion failure (Requested by
1051         thorton on #webkit).
1052
1053         * platform/graphics/GraphicsContext.cpp:
1054         (WebCore::GraphicsContext::GraphicsContext):
1055         (WebCore::GraphicsContext::~GraphicsContext):
1056         * platform/graphics/GraphicsContext.h:
1057         (WebCore::GraphicsContext::inTransparencyLayer):
1058         * platform/graphics/cairo/GraphicsContextCairo.cpp:
1059         (WebCore::GraphicsContext::beginTransparencyLayer):
1060         (WebCore::GraphicsContext::endTransparencyLayer):
1061         * platform/graphics/cairo/GraphicsContextPlatformPrivateCairo.h:
1062         (WebCore::GraphicsContextPlatformPrivate::beginTransparencyLayer):
1063         (WebCore::GraphicsContextPlatformPrivate::endTransparencyLayer):
1064         * platform/graphics/cg/GraphicsContextCG.cpp:
1065         (WebCore::GraphicsContext::beginTransparencyLayer):
1066         (WebCore::GraphicsContext::endTransparencyLayer):
1067         * platform/graphics/cg/GraphicsContextPlatformPrivateCG.h:
1068         (WebCore::GraphicsContextPlatformPrivate::GraphicsContextPlatformPrivate):
1069         (WebCore::GraphicsContextPlatformPrivate::~GraphicsContextPlatformPrivate):
1070         (WebCore::GraphicsContextPlatformPrivate::beginTransparencyLayer):
1071         (WebCore::GraphicsContextPlatformPrivate::endTransparencyLayer):
1072         * platform/graphics/haiku/GraphicsContextHaiku.cpp:
1073         (WebCore::GraphicsContext::beginTransparencyLayer):
1074         (WebCore::GraphicsContext::endTransparencyLayer):
1075         * platform/graphics/mac/FontMac.mm:
1076         (WebCore::Font::drawGlyphs):
1077         * platform/graphics/openvg/GraphicsContextOpenVG.cpp:
1078         (WebCore::GraphicsContext::beginTransparencyLayer):
1079         (WebCore::GraphicsContext::endTransparencyLayer):
1080         * platform/graphics/qt/GraphicsContextQt.cpp:
1081         (WebCore::GraphicsContext::inTransparencyLayer):
1082         (WebCore::GraphicsContext::beginTransparencyLayer):
1083         (WebCore::GraphicsContext::endTransparencyLayer):
1084         * platform/graphics/skia/GraphicsContextSkia.cpp:
1085         (WebCore::GraphicsContext::beginTransparencyLayer):
1086         (WebCore::GraphicsContext::endTransparencyLayer):
1087         * platform/graphics/win/FontCGWin.cpp:
1088         (WebCore::drawGDIGlyphs):
1089         * platform/graphics/win/GraphicsContextCGWin.cpp:
1090         (WebCore::GraphicsContext::releaseWindowsContext):
1091         * platform/graphics/win/GraphicsContextCairoWin.cpp:
1092         (WebCore::GraphicsContext::releaseWindowsContext):
1093         * platform/graphics/win/GraphicsContextWin.cpp:
1094         (WebCore::GraphicsContext::inTransparencyLayer):
1095         (WebCore::GraphicsContext::getWindowsContext):
1096         * platform/graphics/wince/GraphicsContextWinCE.cpp:
1097         (WebCore::GraphicsContext::beginTransparencyLayer):
1098         (WebCore::GraphicsContext::endTransparencyLayer):
1099         * platform/graphics/wx/GraphicsContextWx.cpp:
1100         (WebCore::GraphicsContext::beginTransparencyLayer):
1101         (WebCore::GraphicsContext::endTransparencyLayer):
1102         * platform/win/ScrollbarThemeWin.cpp:
1103         (WebCore::ScrollbarThemeWin::paintTrackPiece):
1104         (WebCore::ScrollbarThemeWin::paintButton):
1105         (WebCore::ScrollbarThemeWin::paintThumb):
1106         * plugins/win/PluginViewWin.cpp:
1107         (WebCore::PluginView::paint):
1108         * rendering/RenderThemeWin.cpp:
1109         (WebCore::drawControl):
1110
1111 2011-09-07  Chris Fleizach  <cfleizach@apple.com>
1112
1113         Changes to aria-hidden don't change VO navigation
1114         https://bugs.webkit.org/show_bug.cgi?id=67722
1115
1116         Reviewed by Darin Adler.
1117
1118         When altering aria-hidden, WebCore needs to update the children caches of 
1119         affected elements. However, for elements that were children, but ignored, their
1120         caches did not get updated, and stale information would be propagated.
1121
1122         The fix is to always clearChildren() when a parent is asking for children. This 
1123         ensures information is always up to date when the parent itself is asking for new data.
1124
1125         Test: accessibility/aria-hidden-updates-alldescendants.html
1126
1127         * accessibility/AccessibilityObject.h:
1128         * accessibility/AccessibilityRenderObject.cpp:
1129         (WebCore::AccessibilityRenderObject::ariaIsHidden):
1130         (WebCore::AccessibilityRenderObject::childrenChanged):
1131         (WebCore::AccessibilityRenderObject::addChildren):
1132
1133 2011-09-07  Tim Horton  <timothy_horton@apple.com>
1134
1135         Text rendered with a simple (i.e. 0px blur) shadow inside a transparency layer has a double shadow
1136         https://bugs.webkit.org/show_bug.cgi?id=67543
1137         <rdar://problem/10070536>
1138
1139         Reviewed by Simon Fraser.
1140
1141         Generalize (begin|end)TransparencyLayer, which now forward
1142         through to (begin|end)PlatformTransparencyLayer, so that
1143         isInTransparencyLayer can exist on every platform.
1144
1145         Make use of isInTransparencyLayer in FontMac to disable
1146         "simple" shadow drawing when the text is being rendered
1147         into a transparency layer.
1148
1149         Test: svg/custom/simple-text-double-shadow.svg
1150
1151         * platform/graphics/GraphicsContext.cpp:
1152         (WebCore::GraphicsContext::GraphicsContext):
1153         (WebCore::GraphicsContext::~GraphicsContext):
1154         (WebCore::GraphicsContext::beginTransparencyLayer):
1155         (WebCore::GraphicsContext::endTransparencyLayer):
1156         (WebCore::GraphicsContext::isInTransparencyLayer):
1157         * platform/graphics/GraphicsContext.h:
1158         * platform/graphics/cairo/GraphicsContextCairo.cpp:
1159         (WebCore::GraphicsContext::beginPlatformTransparencyLayer):
1160         (WebCore::GraphicsContext::endPlatformTransparencyLayer):
1161         (WebCore::GraphicsContext::supportsTransparencyLayers):
1162         * platform/graphics/cairo/GraphicsContextPlatformPrivateCairo.h:
1163         * platform/graphics/cg/GraphicsContextCG.cpp:
1164         (WebCore::GraphicsContext::beginPlatformTransparencyLayer):
1165         (WebCore::GraphicsContext::endPlatformTransparencyLayer):
1166         (WebCore::GraphicsContext::supportsTransparencyLayers):
1167         * platform/graphics/cg/GraphicsContextPlatformPrivateCG.h:
1168         (WebCore::GraphicsContextPlatformPrivate::GraphicsContextPlatformPrivate):
1169         * platform/graphics/haiku/GraphicsContextHaiku.cpp:
1170         (WebCore::GraphicsContext::beginPlatformTransparencyLayer):
1171         (WebCore::GraphicsContext::endPlatformTransparencyLayer):
1172         (WebCore::GraphicsContext::supportsTransparencyLayers):
1173         * platform/graphics/mac/FontMac.mm:
1174         (WebCore::Font::drawGlyphs):
1175         * platform/graphics/openvg/GraphicsContextOpenVG.cpp:
1176         (WebCore::GraphicsContext::beginPlatformTransparencyLayer):
1177         (WebCore::GraphicsContext::endPlatformTransparencyLayer):
1178         (WebCore::GraphicsContext::supportsTransparencyLayers):
1179         * platform/graphics/qt/GraphicsContextQt.cpp:
1180         (WebCore::GraphicsContext::isInTransparencyLayer):
1181         (WebCore::GraphicsContext::beginPlatformTransparencyLayer):
1182         (WebCore::GraphicsContext::endPlatformTransparencyLayer):
1183         (WebCore::GraphicsContext::supportsTransparencyLayers):
1184         * platform/graphics/skia/GraphicsContextSkia.cpp:
1185         (WebCore::GraphicsContext::beginPlatformTransparencyLayer):
1186         (WebCore::GraphicsContext::endPlatformTransparencyLayer):
1187         (WebCore::GraphicsContext::supportsTransparencyLayers):
1188         * platform/graphics/win/FontCGWin.cpp:
1189         (WebCore::drawGDIGlyphs):
1190         * platform/graphics/win/GraphicsContextCGWin.cpp:
1191         (WebCore::GraphicsContext::releaseWindowsContext):
1192         * platform/graphics/win/GraphicsContextCairoWin.cpp:
1193         (WebCore::GraphicsContext::releaseWindowsContext):
1194         * platform/graphics/win/GraphicsContextWin.cpp:
1195         (WebCore::GraphicsContext::getWindowsContext):
1196         * platform/graphics/wince/GraphicsContextWinCE.cpp:
1197         (WebCore::GraphicsContext::beginPlatformTransparencyLayer):
1198         (WebCore::GraphicsContext::endPlatformTransparencyLayer):
1199         (WebCore::GraphicsContext::supportsTransparencyLayers):
1200         * platform/graphics/wx/GraphicsContextWx.cpp:
1201         (WebCore::GraphicsContext::beginPlatformTransparencyLayer):
1202         (WebCore::GraphicsContext::endPlatformTransparencyLayer):
1203         (WebCore::GraphicsContext::supportsTransparencyLayers):
1204         * platform/win/ScrollbarThemeWin.cpp:
1205         * plugins/win/PluginViewWin.cpp:
1206         * rendering/RenderThemeWin.cpp:
1207
1208 2011-09-07  Dan Bernstein  <mitz@apple.com>
1209
1210         <rdar://problem/8881922> Support the hyphenate-limit-lines property
1211         https://bugs.webkit.org/show_bug.cgi?id=67730
1212
1213         Reviewed by Dave Hyatt.
1214
1215         Tests: fast/css/parsing-hyphenate-limit-lines.html
1216                fast/text/hyphenate-limit-lines.html
1217
1218         * css/CSSComputedStyleDeclaration.cpp:
1219         (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue): Added hyphenate-limit-lines.
1220         * css/CSSParser.cpp:
1221         (WebCore::CSSParser::parseValue): Ditto. Valid values are non-negative integers and the keyword
1222         "no-limit".
1223         * css/CSSPropertyNames.in: Added -webkit-hyphenate-limit-lines.
1224         * css/CSSStyleSelector.cpp:
1225         (WebCore::CSSStyleSelector::applyProperty): Added hyphenate-limit-lines.
1226         * css/CSSValueKeywords.in: Added the "no-limit" value keyword.
1227         * rendering/RenderBlock.h:
1228         * rendering/RenderBlockLineLayout.cpp:
1229         (WebCore::RenderBlock::layoutRunsAndFloats): Count the number of consecutive hyphenated lines
1230         before the start line and pass it to layoutRunsAndFloatsInRange().
1231         (WebCore::RenderBlock::layoutRunsAndFloatsInRange): Keep track of the number of consecutive
1232         hyphenated lines before the current line and pass it to LineBreaker::nextLineBreak().
1233         (WebCore::tryHyphenating): Added parameters for the number of consecutive hyphenated lines before
1234         the current line and the limit on consecutive hyphenated lines, and an early return if the limit
1235         has been reached.
1236         (WebCore::RenderBlock::LineBreaker::nextLineBreak): Added a parameter for the number of consecutive
1237         hyphenated lines before the current line, which is passed through to tryHyphenating, along with
1238         the value of hyphenate-limit-lines.
1239         * rendering/RootInlineBox.cpp:
1240         (WebCore::RootInlineBox::isHyphenated): Added. Returns true if the line was hyphenated.
1241         * rendering/RootInlineBox.h:
1242         * rendering/style/RenderStyle.h:
1243         (WebCore::InheritedFlags::hyphenationLimitLines): Added this getter.
1244         (WebCore::InheritedFlags::setHyphenationLimitLines): Added this setter.
1245         (WebCore::InheritedFlags::initialHyphenationLimitLines): Added. The initial value is -1,
1246         corresponding to "no-limit".
1247         * rendering/style/StyleRareInheritedData.cpp:
1248         (WebCore::StyleRareInheritedData::StyleRareInheritedData): Initialize new member variable.
1249         (WebCore::StyleRareInheritedData::operator==): Compare new member variable.
1250         * rendering/style/StyleRareInheritedData.h:
1251
1252 2011-09-02  Ojan Vafai  <ojan@chromium.org>
1253
1254         split overrideSize into overrideHeight and overrideWidth
1255         https://bugs.webkit.org/show_bug.cgi?id=67550
1256
1257         Reviewed by Sam Weinig.
1258
1259         All uses of overrideSize only set one of the width or the height.
1260         This change removes a bool from RenderObject and removes some
1261         flexbox specific logic from RenderBox.
1262
1263         The only downside is that we have two global maps where we used
1264         to have one.
1265
1266         No functional changes so existing tests are sufficient.
1267
1268         * rendering/RenderBox.cpp:
1269         (WebCore::RenderBox::hasOverrideHeight):
1270         (WebCore::RenderBox::hasOverrideWidth):
1271         (WebCore::RenderBox::setOverrideHeight):
1272         (WebCore::RenderBox::setOverrideWidth):
1273         (WebCore::RenderBox::clearOverrideSize):
1274         (WebCore::RenderBox::overrideWidth):
1275         (WebCore::RenderBox::overrideHeight):
1276         (WebCore::RenderBox::computeLogicalWidth):
1277         (WebCore::RenderBox::computeLogicalHeight):
1278         (WebCore::RenderBox::computePercentageLogicalHeight):
1279         * rendering/RenderBox.h:
1280         * rendering/RenderDeprecatedFlexibleBox.cpp:
1281         (WebCore::RenderDeprecatedFlexibleBox::layoutHorizontalBox):
1282         (WebCore::RenderDeprecatedFlexibleBox::layoutVerticalBox):
1283         (WebCore::RenderDeprecatedFlexibleBox::applyLineClamp):
1284         * rendering/RenderFlexibleBox.cpp:
1285         (WebCore::RenderFlexibleBox::layoutAndPlaceChildrenHorizontal):
1286         * rendering/RenderObject.cpp:
1287         (WebCore::RenderObject::RenderObject):
1288         * rendering/RenderObject.h:
1289         * rendering/RenderTableCell.cpp:
1290         (WebCore::RenderTableCell::setOverrideHeightFromRowHeight):
1291         * rendering/RenderTableCell.h:
1292         * rendering/RenderTableSection.cpp:
1293         (WebCore::RenderTableSection::calcRowLogicalHeight):
1294         (WebCore::RenderTableSection::layoutRows):
1295
1296 2011-09-07  Alexei Svitkine  <asvitkine@chromium.org>
1297
1298         Add test infrastructure to test rubber-banding overhang drawing along with layout tests for existing Chromium Mac overhang drawing in the non-gpu path.
1299         https://bugs.webkit.org/show_bug.cgi?id=67511
1300
1301         Reviewed by Dimitri Glazkov.
1302
1303         Tests: platform/chromium-mac/rubberbanding/overhang-e.html
1304                platform/chromium-mac/rubberbanding/overhang-n.html
1305                platform/chromium-mac/rubberbanding/overhang-ne.html
1306                platform/chromium-mac/rubberbanding/overhang-nw.html
1307                platform/chromium-mac/rubberbanding/overhang-s.html
1308                platform/chromium-mac/rubberbanding/overhang-se.html
1309                platform/chromium-mac/rubberbanding/overhang-sw.html
1310                platform/chromium-mac/rubberbanding/overhang-w.html
1311
1312         * WebCore.exp.in:
1313         * platform/ScrollableArea.h:
1314         * testing/Internals.cpp:
1315         (WebCore::Internals::setScrollViewPosition):
1316         * testing/Internals.h:
1317         * testing/Internals.idl:
1318
1319 2011-09-07  David Reveman  <reveman@chromium.org>
1320
1321         [Chromium] Render surface anti-aliasing.
1322         https://bugs.webkit.org/show_bug.cgi?id=66437
1323
1324         Reviewed by James Robinson.
1325
1326         Add CCLayerQuad class and CCLayerQuad::Edge subclass to allow
1327         edge computations to be shared between tiled layers and render
1328         surfaces. Move isCCW utility function to FloatQuad class and
1329         add to2dTransform method to TransformationMatrix class. Add
1330         necessary anti-aliasing shaders for render surfaces and use them
1331         to avoid aliased edges.
1332
1333         Tests: compositing/reflections/nested-reflection-transformed.html (existing)
1334
1335         * WebCore.gypi:
1336         * platform/graphics/FloatQuad.cpp:
1337         (WebCore::FloatQuad::isCounterclockwise):
1338         * platform/graphics/FloatQuad.h:
1339         * platform/graphics/chromium/LayerChromium.cpp:
1340         (WebCore::LayerChromium::drawTexturedQuad):
1341         * platform/graphics/chromium/LayerChromium.h:
1342         * platform/graphics/chromium/LayerRendererChromium.cpp:
1343         (WebCore::LayerRendererChromium::LayerRendererChromium):
1344         (WebCore::LayerRendererChromium::headsUpDisplayProgram):
1345         (WebCore::LayerRendererChromium::renderSurfaceProgram):
1346         (WebCore::LayerRendererChromium::renderSurfaceProgramAA):
1347         (WebCore::LayerRendererChromium::renderSurfaceMaskProgram):
1348         (WebCore::LayerRendererChromium::renderSurfaceMaskProgramAA):
1349         (WebCore::LayerRendererChromium::tilerProgramSwizzle):
1350         (WebCore::LayerRendererChromium::canvasLayerProgram):
1351         (WebCore::LayerRendererChromium::pluginLayerProgram):
1352         (WebCore::LayerRendererChromium::videoLayerRGBAProgram):
1353         (WebCore::LayerRendererChromium::videoLayerYUVProgram):
1354         (WebCore::LayerRendererChromium::cleanupSharedObjects):
1355         * platform/graphics/chromium/LayerRendererChromium.h:
1356         (WebCore::LayerRendererChromium::sharedGeometryQuad):
1357         * platform/graphics/chromium/ShaderChromium.cpp:
1358         (WebCore::VertexShaderQuad::VertexShaderQuad):
1359         (WebCore::VertexShaderQuad::init):
1360         (WebCore::VertexShaderQuad::getShaderString):
1361         (WebCore::FragmentShaderRGBATexAlphaAA::FragmentShaderRGBATexAlphaAA):
1362         (WebCore::FragmentShaderRGBATexAlphaAA::init):
1363         (WebCore::FragmentShaderRGBATexAlphaAA::getShaderString):
1364         (WebCore::FragmentTexClampAlphaAABinding::FragmentTexClampAlphaAABinding):
1365         (WebCore::FragmentTexClampAlphaAABinding::init):
1366         (WebCore::FragmentShaderRGBATexClampAlphaAA::getShaderString):
1367         (WebCore::FragmentShaderRGBATexClampSwizzleAlphaAA::getShaderString):
1368         (WebCore::FragmentShaderRGBATexAlphaMaskAA::FragmentShaderRGBATexAlphaMaskAA):
1369         (WebCore::FragmentShaderRGBATexAlphaMaskAA::init):
1370         (WebCore::FragmentShaderRGBATexAlphaMaskAA::getShaderString):
1371         * platform/graphics/chromium/ShaderChromium.h:
1372         (WebCore::VertexShaderQuad::matrixLocation):
1373         (WebCore::VertexShaderQuad::pointLocation):
1374         (WebCore::FragmentShaderRGBATexAlphaAA::alphaLocation):
1375         (WebCore::FragmentShaderRGBATexAlphaAA::samplerLocation):
1376         (WebCore::FragmentShaderRGBATexAlphaAA::edgeLocation):
1377         (WebCore::FragmentShaderRGBATexAlphaMaskAA::alphaLocation):
1378         (WebCore::FragmentShaderRGBATexAlphaMaskAA::samplerLocation):
1379         (WebCore::FragmentShaderRGBATexAlphaMaskAA::maskSamplerLocation):
1380         (WebCore::FragmentShaderRGBATexAlphaMaskAA::edgeLocation):
1381         * platform/graphics/chromium/cc/CCCanvasLayerImpl.cpp:
1382         (WebCore::CCCanvasLayerImpl::draw):
1383         * platform/graphics/chromium/cc/CCHeadsUpDisplay.cpp:
1384         (WebCore::CCHeadsUpDisplay::draw):
1385         * platform/graphics/chromium/cc/CCLayerQuad.cpp: Added.
1386         (WebCore::CCLayerQuad::Edge::Edge):
1387         (WebCore::CCLayerQuad::CCLayerQuad):
1388         (WebCore::CCLayerQuad::floatQuad):
1389         (WebCore::CCLayerQuad::toFloatArray):
1390         * platform/graphics/chromium/cc/CCLayerQuad.h: Added.
1391         (WebCore::CCLayerQuad::Edge::Edge):
1392         (WebCore::CCLayerQuad::Edge::x):
1393         (WebCore::CCLayerQuad::Edge::y):
1394         (WebCore::CCLayerQuad::Edge::z):
1395         (WebCore::CCLayerQuad::Edge::setX):
1396         (WebCore::CCLayerQuad::Edge::setY):
1397         (WebCore::CCLayerQuad::Edge::setZ):
1398         (WebCore::CCLayerQuad::Edge::set):
1399         (WebCore::CCLayerQuad::Edge::moveX):
1400         (WebCore::CCLayerQuad::Edge::moveY):
1401         (WebCore::CCLayerQuad::Edge::moveZ):
1402         (WebCore::CCLayerQuad::Edge::move):
1403         (WebCore::CCLayerQuad::Edge::scaleX):
1404         (WebCore::CCLayerQuad::Edge::scaleY):
1405         (WebCore::CCLayerQuad::Edge::scaleZ):
1406         (WebCore::CCLayerQuad::Edge::scale):
1407         (WebCore::CCLayerQuad::Edge::intersect):
1408         (WebCore::CCLayerQuad::CCLayerQuad):
1409         (WebCore::CCLayerQuad::left):
1410         (WebCore::CCLayerQuad::top):
1411         (WebCore::CCLayerQuad::right):
1412         (WebCore::CCLayerQuad::bottom):
1413         (WebCore::CCLayerQuad::inflateX):
1414         (WebCore::CCLayerQuad::inflateY):
1415         (WebCore::CCLayerQuad::inflate):
1416         (WebCore::CCLayerQuad::inflateAntiAliasingDistance):
1417         * platform/graphics/chromium/cc/CCPluginLayerImpl.cpp:
1418         (WebCore::CCPluginLayerImpl::draw):
1419         * platform/graphics/chromium/cc/CCRenderSurface.cpp:
1420         (WebCore::CCRenderSurface::draw):
1421         (WebCore::CCRenderSurface::drawLayer):
1422         (WebCore::CCRenderSurface::drawSurface):
1423         * platform/graphics/chromium/cc/CCRenderSurface.h:
1424         * platform/graphics/chromium/cc/CCTiledLayerImpl.cpp:
1425         (WebCore::CCTiledLayerImpl::draw):
1426         (WebCore::CCTiledLayerImpl::drawTiles):
1427         * platform/graphics/chromium/cc/CCTiledLayerImpl.h:
1428         * platform/graphics/chromium/cc/CCVideoLayerImpl.cpp:
1429         (WebCore::CCVideoLayerImpl::drawYUV):
1430         (WebCore::CCVideoLayerImpl::drawRGBA):
1431         * platform/graphics/transforms/TransformationMatrix.cpp:
1432         (WebCore::TransformationMatrix::to2dTransform):
1433         * platform/graphics/transforms/TransformationMatrix.h:
1434
1435 2011-09-06  Oliver Hunt  <oliver@apple.com>
1436
1437         Remove JSObjectWithGlobalObject
1438         https://bugs.webkit.org/show_bug.cgi?id=67689
1439
1440         Reviewed by Geoff Garen.
1441
1442         Remove use of anonymous storage and JSObjectWithGlobalObject for
1443         accessing a JSObject's global object now that they're available
1444         on the object's structure.
1445
1446         * bindings/js/JSDOMWindowShell.cpp:
1447         (WebCore::JSDOMWindowShell::setWindow):
1448         * bindings/js/JSDOMWrapper.h:
1449         (WebCore::JSDOMWrapper::globalObject):
1450         (WebCore::JSDOMWrapper::JSDOMWrapper):
1451         * bindings/js/WorkerScriptController.cpp:
1452         (WebCore::WorkerScriptController::initScript):
1453         * bindings/scripts/CodeGeneratorJS.pm:
1454         (GenerateHeader):
1455         (GenerateImplementation):
1456         * bridge/objc/objc_runtime.h:
1457         * bridge/objc/objc_runtime.mm:
1458         (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
1459         (JSC::Bindings::ObjcFallbackObjectImp::finishCreation):
1460         * bridge/runtime_object.cpp:
1461         (JSC::Bindings::RuntimeObject::RuntimeObject):
1462         (JSC::Bindings::RuntimeObject::finishCreation):
1463         * bridge/runtime_object.h:
1464
1465 2011-09-07  Ryosuke Niwa  <rniwa@webkit.org>
1466
1467         Mac build fix after r94694.
1468
1469         * WebCore.xcodeproj/project.pbxproj:
1470
1471 2011-09-07  Tim Horton  <timothy_horton@apple.com>
1472
1473         FELighting is using width instead of height to determine skip for parallel(n>2) case
1474         https://bugs.webkit.org/show_bug.cgi?id=67719
1475         <rdar://problem/10086178>
1476
1477         Reviewed by Dirk Schulze.
1478
1479         No new tests, because the bug only exhibits under conditions which are currently
1480         impossible by default (using more than 2 cores) on some platforms.
1481
1482         * platform/graphics/filters/FELighting.cpp:
1483         (WebCore::FELighting::platformApplyGeneric):
1484
1485 2011-09-07  W. James MacLean  <wjmaclean@chromium.org>
1486
1487         Eliminate motion jitter in animated, blurred SVG image
1488         https://bugs.webkit.org/show_bug.cgi?id=67503
1489
1490         Fixes filter shear-free transform applied to SVG images.
1491
1492         In applyResource() the shearFreeAbsoluteTransform is applied to the drawing region,
1493         which is based on the object bounding box (which doesn't move). For a rotation
1494         around the centre of the box, this should really just be the identity matrix,
1495         since the BB should neither change size nor location. So really, we're just interested
1496         in the scale change of the BB here, and not in moving it.
1497
1498         This impacts how slices are extracted, and affects the {x|y}Mid and {x|y}Max extractions
1499         for vertical and horizontal slices, so the test verifies these.
1500
1501         Reviewed by Dirk Schulze.
1502
1503         Test: svg/W3C-SVG-1.1-SE/filters-image-05-f.svg
1504
1505         * rendering/svg/RenderSVGResourceFilter.cpp:
1506         (WebCore::RenderSVGResourceFilter::applyResource):
1507
1508 2011-09-03  Robert Hogan  <robert@webkit.org>
1509
1510         Elements with position:absolute don't move to correct position after images load
1511         https://bugs.webkit.org/show_bug.cgi?id=54611
1512
1513         Reviewed by Simon Fraser.
1514
1515         Test: fast/block/positioning/absolute-layout-after-image-load.html
1516               fast/block/positioning/positioned-float-layout-after-image-load.html
1517
1518         In the test the 'label' block is an absolutely positioned child of an inline flow. So during layout, 
1519         this RenderBlock::layoutPositionedObjects fails to dirty it for rendering because it requires 
1520         the parent to be a BlockFlow. The code to do this was introduced in http://trac.webkit.org/changeset/8284. 
1521         There doesn't seem to be a good reason for requiring a BlockFlow, so remove the check. Do the same
1522         for positioned floats in RenderBlock::positionedFloatsNeedRelayout(), although currently layoutPositionedObjects()
1523         takes care of it this at least ensures no regression in future.
1524
1525         Note: Although the issue is encountered only on first load without a fragment identifier, it 
1526         happens reliably when you include the fragment identifier in the url (#Footnote_1). This is so 
1527         because scrolling to the fragment always happens before the image has loaded, rendering the page 
1528         and clearing the initial dirty bits in the positioned element's renderer. When the image finally 
1529         loads in this scenario, the positioned element is otherwise clean and relies on the above code to get 
1530         re-rendered.
1531
1532         * rendering/RenderBlock.cpp:
1533         (WebCore::RenderBlock::layoutPositionedObjects): remove the check for r->parent()->isBlockFlow() when 
1534                                                          deciding whether to mark children for layout
1535         (WebCore::RenderBlock::positionedFloatsNeedRelayout): ditto
1536
1537 2011-09-07  Anna Cavender  <annacc@chromium.org>
1538
1539         Moving platform/track to html/track to avoid layering violation.
1540         https://bugs.webkit.org/show_bug.cgi?id=67680
1541
1542         Reviewed by Adam Barth.
1543
1544         No new tests. No new functionality.
1545
1546         * CMakeLists.txt:
1547         * GNUmakefile.am:
1548         * GNUmakefile.list.am:
1549         * WebCore.gyp/WebCore.gyp:
1550         * WebCore.gypi:
1551         * WebCore.pri:
1552         * WebCore.pro:
1553         * html/track/CueParser.cpp: Renamed from Source/WebCore/platform/track/CueParser.cpp.
1554         * html/track/CueParser.h: Renamed from Source/WebCore/platform/track/CueParser.h.
1555         * html/track/CueParserPrivate.h: Renamed from Source/WebCore/platform/track/CueParserPrivate.h.
1556         * html/track/WebVTTParser.cpp: Renamed from Source/WebCore/platform/track/WebVTTParser.cpp.
1557         * html/track/WebVTTParser.h: Renamed from Source/WebCore/platform/track/WebVTTParser.h.
1558         * html/track/WebVTTToken.h: Renamed from Source/WebCore/platform/track/WebVTTToken.h.
1559         * html/track/WebVTTTokenizer.cpp: Renamed from Source/WebCore/platform/track/WebVTTTokenizer.cpp.
1560         * html/track/WebVTTTokenizer.h: Renamed from Source/WebCore/platform/track/WebVTTTokenizer.h.
1561
1562 2011-09-07  David Hyatt  <hyatt@apple.com>
1563
1564         https://bugs.webkit.org/show_bug.cgi?id=67286
1565
1566         REGRESSION: css2.1/t090204-display-change-01-b-ao.html fails after r94084.
1567
1568         Make sure that the trailing floats line box explicitly sets the line top with leading and line bottom with
1569         leading to just be the block height.
1570
1571         Reviewed by Dan Bernstein.
1572
1573         * rendering/RenderBlockLineLayout.cpp:
1574         (WebCore::RenderBlock::linkToEndLineIfNeeded):
1575
1576 2011-09-06  Abhishek Arya  <inferno@chromium.org>
1577
1578         Null owningRenderer crash in RenderScrollbar::updateScrollbarParts.
1579         https://bugs.webkit.org/show_bug.cgi?id=67669
1580
1581         Reviewed by James Robinson.
1582
1583         Owning renderer can be cleared for custom scrollbars in clearOwningRenderer()
1584         call. We need a null check in updateScrollbarParts, so that we do not crash.
1585
1586         No tests since issue seen in crash reports only and I donot know a way to
1587         reproduce.
1588
1589         * rendering/RenderScrollbar.cpp:
1590         (WebCore::RenderScrollbar::updateScrollbarParts):
1591
1592 2011-09-05  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
1593
1594         [Qt][WK2] Make TiledDrawingArea request tiles only in the direction the viewport is panned to.
1595         https://bugs.webkit.org/show_bug.cgi?id=67606
1596
1597         Reviewed by Noam Rosenthal.
1598
1599         TiledBackingStore previously used different values for horizontal and vertial multiplication
1600         to calculate the cover area.
1601         This patch replaces this mechanism, used to give a bigger panning range to vertical panning,
1602         with the possibility to use the motion vector of the viewport to request tiles ahead instead.
1603         This allows economies on rendering resources as tiles won't be rendered beside the trajectory
1604         of the viewport.
1605
1606         * platform/graphics/TiledBackingStore.cpp:
1607         (WebCore::TiledBackingStore::TiledBackingStore):
1608         (WebCore::TiledBackingStore::setKeepAndCoverAreaMultipliers):
1609         (WebCore::TiledBackingStore::setCoverAreaFocusVector):
1610         (WebCore::TiledBackingStore::createTiles):
1611         (WebCore::TiledBackingStore::calculateKeepRect):
1612         (WebCore::TiledBackingStore::calculateCoverRect):
1613         * platform/graphics/TiledBackingStore.h:
1614         (WebCore::TiledBackingStore::getKeepAndCoverAreaMultipliers):
1615
1616 2011-09-01  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
1617
1618         [Qt] TiledBackingStore: Import the resizeEdgeTiles logic from TiledDrawindAreaProxy.
1619         https://bugs.webkit.org/show_bug.cgi?id=67416
1620
1621         Reviewed by Kenneth Rohde Christiansen.
1622
1623         Original code by Antti Koivisto.
1624         With the current code, when the page is layouted during load, edge tiles will
1625         get removed instead of continuing to show their front buffer while the tile
1626         is being rendered for the new size.
1627
1628         * platform/graphics/Tile.h:
1629         * platform/graphics/TiledBackingStore.cpp:
1630         (WebCore::TiledBackingStore::createTiles):
1631         (WebCore::TiledBackingStore::resizeEdgeTiles):
1632         * platform/graphics/TiledBackingStore.h:
1633         * platform/graphics/qt/TileQt.cpp:
1634         (WebCore::TileQt::resize):
1635         * platform/graphics/qt/TileQt.h:
1636
1637 2011-09-07  Tim Horton  <timothy_horton@apple.com>
1638
1639         Don't round-trip through TransformationMatrix in SVGImageBufferTools::clearAffineTransform2DRotation
1640         https://bugs.webkit.org/show_bug.cgi?id=67242
1641         <rdar://problem/10069770>
1642
1643         Reviewed by Dirk Schulze.
1644
1645         No new tests, minor performance improvement.
1646
1647         * platform/graphics/transforms/AffineTransform.cpp:
1648         (WebCore::AffineTransform::blend):
1649         (WebCore::AffineTransform::decompose):
1650         (WebCore::AffineTransform::recompose):
1651         * platform/graphics/transforms/AffineTransform.h:
1652         * rendering/svg/SVGImageBufferTools.cpp:
1653         (WebCore::SVGImageBufferTools::clear2DRotation):
1654
1655 2011-09-06  Pavel Podivilov  <podivilov@chromium.org>
1656
1657         Web Inspector: do not re-create RawSourceCode when toggling pretty-print mode.
1658         https://bugs.webkit.org/show_bug.cgi?id=67647
1659
1660         1) Implement RawSourceCode.setFormatted that allows toggling pretty-print mode on the fly without resetting everything.
1661         2) Add RawSourceCode unit tests.
1662         3) Remove source mapping listeners and console messages from presentation model (they live in RawSourceCode now).
1663
1664         Reviewed by Yury Semikhatsky.
1665
1666         Test: inspector/debugger/raw-source-code.html
1667
1668         * inspector/front-end/DebuggerPresentationModel.js:
1669         (WebInspector.DebuggerPresentationModel):
1670         (WebInspector.DebuggerPresentationModel.prototype.linkifyLocation):
1671         (WebInspector.DebuggerPresentationModel.prototype._addScript):
1672         (WebInspector.DebuggerPresentationModel.prototype._sourceMappingUpdated):
1673         (WebInspector.DebuggerPresentationModel.prototype.setFormatSource):
1674         (WebInspector.DebuggerPresentationModel.prototype._createRawSourceCodeId):
1675         (WebInspector.DebuggerPresentationModel.prototype._debuggerReset):
1676         * inspector/front-end/ScriptsPanel.js:
1677         (WebInspector.ScriptsPanel.prototype._toggleFormatSource):
1678         * inspector/front-end/SourceFile.js:
1679         (WebInspector.RawSourceCode):
1680         (WebInspector.RawSourceCode.prototype.get uiSourceCode):
1681         (WebInspector.RawSourceCode.prototype.setFormatted):
1682         (WebInspector.RawSourceCode.prototype.rawLocationToUILocation):
1683         (WebInspector.RawSourceCode.prototype._saveSourceMapping):
1684
1685 2011-09-07  Alexander Pavlov  <apavlov@chromium.org>
1686
1687         Web Inspector: Implement circular tabbing through the Styles sidebar pane contents
1688         https://bugs.webkit.org/show_bug.cgi?id=67127
1689
1690         Reviewed by Yury Semikhatsky.
1691
1692         * inspector/front-end/Section.js:
1693         (WebInspector.Section.prototype.get firstSibling):
1694         (WebInspector.Section.prototype.get lastSibling):
1695         * inspector/front-end/StylesSidebarPane.js:
1696         (WebInspector.StylePropertiesSection.prototype.nextEditableSibling):
1697         (WebInspector.StylePropertiesSection.prototype.previousEditableSibling):
1698         (WebInspector.StylePropertiesSection.prototype.startEditingSelector):
1699         (WebInspector.StylePropertiesSection.prototype._moveEditorFromSelector):
1700         (WebInspector.StylePropertiesSection.prototype.editingSelectorCommitted.successCallback):
1701         (WebInspector.StylePropertiesSection.prototype.editingSelectorCommitted):
1702         (WebInspector.StylePropertyTreeElement.prototype):
1703         (WebInspector.StylePropertyTreeElement.prototype.element.userInput.previousContent.context.moveDirection):
1704
1705 2011-09-02  Andrey Kosyakov  <caseq@chromium.org>
1706
1707         Web Inspector: [Extensions API] expose console API
1708         https://bugs.webkit.org/show_bug.cgi?id=67506
1709
1710         Reviewed by Pavel Feldman.
1711
1712         Test: inspector/extensions/extensions-console.html
1713
1714         * inspector/front-end/ConsoleMessage.js:
1715         (WebInspector.ConsoleMessage.prototype.get text):
1716         (WebInspector.ConsoleMessage.prototype.get parameters):
1717         * inspector/front-end/ExtensionAPI.js:
1718         (WebInspector.injectedExtensionAPI.InspectorExtensionAPI):
1719         (WebInspector.injectedExtensionAPI):
1720         (WebInspector.injectedExtensionAPI.Console.prototype.getMessages):
1721         (WebInspector.injectedExtensionAPI.Console.prototype.addMessage):
1722         (WebInspector.injectedExtensionAPI.Console.prototype.get MessageLevel):
1723         (WebInspector.injectedExtensionAPI.Network.dispatchRequestEvent):
1724         (WebInspector.injectedExtensionAPI.Network):
1725         (WebInspector.injectedExtensionAPI.AuditCategoryImpl.dispatchAuditEvent):
1726         (WebInspector.injectedExtensionAPI.AuditCategoryImpl):
1727         (WebInspector.injectedExtensionAPI.InspectedWindow.dispatchResourceEvent):
1728         (WebInspector.injectedExtensionAPI.InspectedWindow.dispatchResourceContentEvent):
1729         (WebInspector.injectedExtensionAPI.InspectedWindow):
1730         * inspector/front-end/ExtensionCommon.js:
1731         (WebInspector.commonExtensionSymbols):
1732         * inspector/front-end/ExtensionServer.js:
1733         (WebInspector.ExtensionServer):
1734         (WebInspector.ExtensionServer.prototype._notifyConsoleMessageAdded):
1735         (WebInspector.ExtensionServer.prototype._onGetConsoleMessages):
1736         (WebInspector.ExtensionServer.prototype._onAddConsoleMessage):
1737         (WebInspector.ExtensionServer.prototype._makeConsoleMessage):
1738         (WebInspector.ExtensionServer.prototype._makeConsoleMessage.convertParameter):
1739         (WebInspector.ExtensionServer.prototype._dispatchCallback):
1740         (WebInspector.ExtensionServer.prototype.initExtensions):
1741
1742 2011-09-05  Andrey Kosyakov  <caseq@chromium.org>
1743
1744         Web Inspector: disable popover when a mouse button is pressed
1745         https://bugs.webkit.org/show_bug.cgi?id=67610
1746
1747         Reviewed by Pavel Feldman.
1748
1749         - disable popover when a mouse button is pressed
1750         - disable popover in a SourceFrame when the source is being edited
1751
1752         * inspector/front-end/Popover.js:
1753         (WebInspector.PopoverHelper):
1754         (WebInspector.PopoverHelper.prototype._mouseUp):
1755         (WebInspector.PopoverHelper.prototype._mouseDown):
1756         (WebInspector.PopoverHelper.prototype._handleMouseAction):
1757         * inspector/front-end/SourceFrame.js:
1758         (WebInspector.SourceFrame.prototype._onHidePopover):
1759         (WebInspector.SourceFrame.prototype.doubleClick):
1760
1761 2011-09-07  Antti Koivisto  <antti@apple.com>
1762
1763         https://bugs.webkit.org/show_bug.cgi?id=67634
1764         De-virtualize styleForRenderer()
1765
1766         Reviewed by Sam Weinig.
1767         
1768         This has performance and code clarity benefits.
1769
1770         - move styleForRenderer from Node to Element
1771         - get rid of the now unnecessary NodeRenderingContext parameter
1772         - de-virtualize, add virtual customStyleForRenderer()
1773
1774         * dom/Element.cpp:
1775         (WebCore::Element::customStyleForRenderer):
1776         (WebCore::Element::styleForRenderer):
1777         (WebCore::Element::recalcStyle):
1778         * dom/Element.h:
1779         * dom/Node.cpp:
1780         * dom/Node.h:
1781         (WebCore::Node::hasCustomWillOrDidRecalcStyle):
1782         (WebCore::Node::setHasCustomWillOrDidRecalcStyle):
1783         (WebCore::Node::hasCustomStyleForRenderer):
1784         (WebCore::Node::setHasCustomStyleForRenderer):
1785         
1786             Move styleForRenderer, add customStyleForRenderer, add a bit.
1787         
1788         * dom/NodeRenderingContext.cpp:
1789         (WebCore::NodeRendererFactory::createRendererAndStyle): 
1790         
1791             Handle non-element case separately since styleForRenderer was moved from Node to Element.
1792
1793         * html/HTMLNoScriptElement.cpp:
1794         (WebCore::HTMLNoScriptElement::HTMLNoScriptElement):
1795         (WebCore::HTMLNoScriptElement::customStyleForRenderer):
1796         * html/HTMLNoScriptElement.h:
1797         
1798             Move a strange XHTMLMP special case to where it belongs.
1799
1800         * html/HTMLOptGroupElement.cpp:
1801         (WebCore::HTMLOptGroupElement::attach):
1802         * html/HTMLOptionElement.cpp:
1803         (WebCore::HTMLOptionElement::attach):
1804         * html/HTMLTitleElement.cpp:
1805         (WebCore::HTMLTitleElement::textWithDirection):
1806         * html/shadow/TextControlInnerElements.cpp:
1807         (WebCore::TextControlInnerElement::TextControlInnerElement):
1808         (WebCore::TextControlInnerElement::customStyleForRenderer):
1809         (WebCore::TextControlInnerTextElement::TextControlInnerTextElement):
1810         (WebCore::TextControlInnerTextElement::customStyleForRenderer):
1811         * html/shadow/TextControlInnerElements.h:
1812         * rendering/svg/SVGShadowTreeElements.cpp:
1813         (WebCore::SVGShadowTreeContainerElement::customStyleForRenderer):
1814         * rendering/svg/SVGShadowTreeElements.h:
1815         * svg/SVGElement.cpp:
1816         (WebCore::SVGElement::SVGElement):
1817         (WebCore::SVGElement::customStyleForRenderer):
1818         * svg/SVGElement.h:
1819         
1820             Adopt customStyleForRenderer().
1821
1822 2011-09-07  Ryosuke Niwa  <rniwa@webkit.org>
1823
1824         Change event is not fired for input[type=number] when the user reverts a change made by script
1825         https://bugs.webkit.org/show_bug.cgi?id=67697
1826
1827         Reviewed by Kent Tamura.
1828
1829         The bug was caused by HTMLInputElement::setValue not calling setTextAsOfLastFormControlChangeEvent
1830         for text fields other than type=text.
1831
1832         Also fixed a that stepUpFromRenderer does not call setTextAsOfLastFormControlChangeEvent at appropriate
1833         timing due to setValueAsNumber always passing sendChangeEvent=false to setValue by propagating values
1834         through setValueAsNumber and applyStep. This refactoring allows us to remove calls to dispatch* in
1835         stepUpFromRenderer because they're now called in setValueAsNumber or applyStep.
1836
1837         Test: fast/forms/number-input-changeevent.html
1838
1839         * html/BaseDateAndTimeInputType.cpp:
1840         (WebCore::BaseDateAndTimeInputType::setValueAsNumber):
1841         * html/BaseDateAndTimeInputType.h:
1842         * html/HTMLInputElement.cpp:
1843         (WebCore::HTMLInputElement::applyStep):
1844         (WebCore::HTMLInputElement::stepUp):
1845         (WebCore::HTMLInputElement::stepDown):
1846         (WebCore::HTMLInputElement::setValue):
1847         (WebCore::HTMLInputElement::setValueAsNumber):
1848         (WebCore::HTMLInputElement::stepUpFromRenderer):
1849         * html/HTMLInputElement.h:
1850         * html/InputType.cpp:
1851         (WebCore::InputType::setValueAsNumber):
1852         * html/InputType.h:
1853         * html/NumberInputType.cpp:
1854         (WebCore::NumberInputType::setValueAsNumber):
1855         * html/NumberInputType.h:
1856         * html/RangeInputType.cpp:
1857         (WebCore::RangeInputType::setValueAsNumber):
1858         (WebCore::RangeInputType::handleKeydownEvent):
1859         * html/RangeInputType.h:
1860
1861 2011-09-07  Antti Koivisto  <antti@apple.com>
1862
1863         Try to fix Qt build by moving the Qt specific include (which is not really allowed here!).
1864
1865         Not reviewed.
1866
1867         * css/CSSStyleSelector.cpp:
1868         * css/SelectorChecker.cpp:
1869         (WebCore::SelectorChecker::determineLinkStateSlowCase):
1870
1871 2011-09-07  Antti Koivisto  <antti@apple.com>
1872
1873         Move SelectorChecker out from CSSStyleSelector scope
1874         https://bugs.webkit.org/show_bug.cgi?id=67648
1875
1876         Reviewed by Sam Weinig.
1877
1878         - Move SelectorChecker to SelectorChecker.h/cpp
1879         - Make private functions private
1880         - Make members private, add accessors
1881         - Move m_sameOriginOnly to CSSStyleSelector as it is not used by SelectorChecker
1882
1883         * CMakeLists.txt:
1884         * GNUmakefile.list.am:
1885         * WebCore.gypi:
1886         * WebCore.pro:
1887         * WebCore.vcproj/WebCore.vcproj:
1888         * WebCore.xcodeproj/project.pbxproj:
1889         * css/CSSStyleSelector.cpp:
1890         (WebCore::CSSStyleSelector::CSSStyleSelector):
1891         (WebCore::CSSStyleSelector::matchRules):
1892         (WebCore::CSSStyleSelector::matchRulesForList):
1893         (WebCore::CSSStyleSelector::sortMatchedRules):
1894         (WebCore::CSSStyleSelector::initForStyleResolve):
1895         (WebCore::CSSStyleSelector::matchUARules):
1896         (WebCore::CSSStyleSelector::styleForElement):
1897         (WebCore::CSSStyleSelector::pseudoStyleForElement):
1898         (WebCore::CSSStyleSelector::styleForPage):
1899         (WebCore::CSSStyleSelector::adjustRenderStyle):
1900         (WebCore::CSSStyleSelector::pseudoStyleRulesForElement):
1901         (WebCore::CSSStyleSelector::checkSelector):
1902         (WebCore::RuleData::RuleData):
1903         (WebCore::CSSStyleSelector::applyProperty):
1904         (WebCore::CSSStyleSelector::checkForGenericFamilyChange):
1905         (WebCore::CSSStyleSelector::setFontSize):
1906         (WebCore::CSSStyleSelector::getColorFromPrimitiveValue):
1907         * css/CSSStyleSelector.h:
1908         (WebCore::CSSStyleSelector::style):
1909         (WebCore::CSSStyleSelector::parentStyle):
1910         (WebCore::CSSStyleSelector::rootElementStyle):
1911         (WebCore::CSSStyleSelector::element):
1912         (WebCore::CSSStyleSelector::fontDescription):
1913         (WebCore::CSSStyleSelector::parentFontDescription):
1914         (WebCore::CSSStyleSelector::setFontDescription):
1915         (WebCore::CSSStyleSelector::setZoom):
1916         (WebCore::CSSStyleSelector::setEffectiveZoom):
1917         (WebCore::CSSStyleSelector::setTextSizeAdjust):
1918         (WebCore::CSSStyleSelector::setStyle):
1919         (WebCore::CSSStyleSelector::fontSelector):
1920         (WebCore::CSSStyleSelector::allVisitedStateChanged):
1921         (WebCore::CSSStyleSelector::visitedStateChanged):
1922         (WebCore::CSSStyleSelector::usesSiblingRules):
1923         (WebCore::CSSStyleSelector::usesFirstLineRules):
1924         (WebCore::CSSStyleSelector::usesBeforeAfterRules):
1925         (WebCore::CSSStyleSelector::usesLinkRules):
1926         (WebCore::CSSStyleSelector::addMatchedRule):
1927         (WebCore::CSSStyleSelector::isRightPage):
1928         (WebCore::CSSStyleSelector::ParentStackFrame::ParentStackFrame):
1929         (WebCore::CSSStyleSelector::styleNotYetAvailable):
1930         * css/SelectorChecker.cpp: Added.
1931         (WebCore::SelectorChecker::SelectorChecker):
1932         (WebCore::linkAttribute):
1933         (WebCore::SelectorChecker::determineLinkStateSlowCase):
1934         (WebCore::SelectorChecker::checkSelector):
1935         (WebCore::SelectorChecker::fastCheckSelector):
1936         (WebCore::SelectorChecker::isFastCheckableSelector):
1937         (WebCore::addLocalNameToSet):
1938         (WebCore::createHtmlCaseInsensitiveAttributesSet):
1939         (WebCore::htmlAttributeHasCaseInsensitiveValue):
1940         (WebCore::attributeQualifiedNameMatches):
1941         (WebCore::attributeValueMatches):
1942         (WebCore::anyAttributeMatches):
1943         (WebCore::SelectorChecker::checkOneSelector):
1944         (WebCore::SelectorChecker::checkScrollbarPseudoClass):
1945         (WebCore::SelectorChecker::allVisitedStateChanged):
1946         (WebCore::SelectorChecker::visitedStateChanged):
1947         * css/SelectorChecker.h: Added.
1948         (WebCore::SelectorChecker::document):
1949         (WebCore::SelectorChecker::strictParsing):
1950         (WebCore::SelectorChecker::isCollectingRulesOnly):
1951         (WebCore::SelectorChecker::setCollectingRulesOnly):
1952         (WebCore::SelectorChecker::isMatchingVisitedPseudoClass):
1953         (WebCore::SelectorChecker::setMatchingVisitedPseudoClass):
1954         (WebCore::SelectorChecker::pseudoStyle):
1955         (WebCore::SelectorChecker::setPseudoStyle):
1956         (WebCore::SelectorChecker::hasUnknownPseudoElements):
1957         (WebCore::SelectorChecker::clearHasUnknownPseudoElements):
1958         (WebCore::SelectorChecker::determineLinkState):
1959         * dom/Element.cpp:
1960         (WebCore::Element::webkitMatchesSelector):
1961         * dom/SelectorQuery.cpp:
1962         (WebCore::SelectorQuery::SelectorQuery):
1963         * dom/SelectorQuery.h:
1964
1965 2011-09-07  Dmitry Lomov  <dslomov@google.com>
1966
1967         https://bugs.webkit.org/show_bug.cgi?id=67413 
1968         [Chromium]Web Inspector: inspected page with dedicated worker crashes on refresh.
1969         This patch enforces lifetime ordering between WorkerInspectorController and WorkerScriptController.
1970
1971         Reviewed by Yury Semikhatsky.
1972
1973         * workers/WorkerContext.cpp:
1974         (WebCore::WorkerContext::clearInspector):
1975         * workers/WorkerContext.h:
1976         * workers/WorkerThread.cpp:
1977         (WebCore::WorkerThreadShutdownFinishTask::performTask):
1978
1979 2011-09-07  Sheriff Bot  <webkit.review.bot@gmail.com>
1980
1981         Unreviewed, rolling out r94627 and r94632.
1982         http://trac.webkit.org/changeset/94627
1983         http://trac.webkit.org/changeset/94632
1984         https://bugs.webkit.org/show_bug.cgi?id=67698
1985
1986         It broke tests on GTK and Qt (Requested by Ossy on #webkit).
1987
1988         * WebCore.exp.in:
1989         * bindings/js/JSDOMBinding.h:
1990         (WebCore::DOMConstructorObject::DOMConstructorObject):
1991         * bindings/js/JSDOMGlobalObject.cpp:
1992         (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
1993         * bindings/js/JSDOMGlobalObject.h:
1994         * bindings/js/JSDOMWindowShell.cpp:
1995         (WebCore::JSDOMWindowShell::create):
1996         * bindings/js/JSDOMWindowShell.h:
1997         * bindings/js/JSDOMWrapper.h:
1998         (WebCore::JSDOMWrapper::JSDOMWrapper):
1999         * bindings/scripts/CodeGeneratorJS.pm:
2000         (GenerateImplementation):
2001         * bindings/scripts/test/JS/JSTestInterface.cpp:
2002         (WebCore::JSTestInterface::JSTestInterface):
2003         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
2004         (WebCore::JSTestMediaQueryListListener::JSTestMediaQueryListListener):
2005         * bindings/scripts/test/JS/JSTestObj.cpp:
2006         (WebCore::JSTestObj::JSTestObj):
2007         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
2008         (WebCore::JSTestSerializedScriptValueInterface::JSTestSerializedScriptValueInterface):
2009         * bridge/c/CRuntimeObject.cpp:
2010         (JSC::Bindings::CRuntimeObject::CRuntimeObject):
2011         * bridge/c/CRuntimeObject.h:
2012         * bridge/jni/jsc/JavaRuntimeObject.cpp:
2013         (JSC::Bindings::JavaRuntimeObject::JavaRuntimeObject):
2014         * bridge/jni/jsc/JavaRuntimeObject.h:
2015         * bridge/objc/ObjCRuntimeObject.h:
2016         * bridge/objc/ObjCRuntimeObject.mm:
2017         (JSC::Bindings::ObjCRuntimeObject::ObjCRuntimeObject):
2018         * bridge/objc/objc_runtime.h:
2019         (JSC::Bindings::ObjcFallbackObjectImp::create):
2020         * bridge/objc/objc_runtime.mm:
2021         (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
2022         * bridge/qt/qt_instance.cpp:
2023         (JSC::Bindings::QtRuntimeObject::QtRuntimeObject):
2024         * bridge/qt/qt_pixmapruntime.cpp:
2025         (JSC::Bindings::QtPixmapRuntimeObject::QtPixmapRuntimeObject):
2026         * bridge/qt/qt_runtime.cpp:
2027         (JSC::Bindings::QtRuntimeMethod::QtRuntimeMethod):
2028         * bridge/qt/qt_runtime.h:
2029         * bridge/runtime_array.cpp:
2030         (JSC::RuntimeArray::RuntimeArray):
2031         * bridge/runtime_array.h:
2032         (JSC::RuntimeArray::create):
2033         * bridge/runtime_method.cpp:
2034         (JSC::RuntimeMethod::RuntimeMethod):
2035         * bridge/runtime_method.h:
2036         * bridge/runtime_object.cpp:
2037         (JSC::Bindings::RuntimeObject::RuntimeObject):
2038         * bridge/runtime_object.h:
2039         (JSC::Bindings::RuntimeObject::create):
2040
2041 2011-08-31  Yury Semikhatsky  <yurys@chromium.org>
2042
2043         fast/workers/worker-script-error.html fails on Chromium after r94061
2044         https://bugs.webkit.org/show_bug.cgi?id=67206
2045
2046         Default action should be prevented if window.onerror returned true and stay
2047         not prevented otherwise.
2048
2049         Reviewed by Dmitry Titov.
2050
2051         Tests: fast/events/window-onerror14.html
2052                fast/events/window-onerror15.html
2053                fast/events/window-onerror16.html
2054
2055         * bindings/v8/V8AbstractEventListener.cpp:
2056         (WebCore::V8AbstractEventListener::invokeEventHandler):
2057         (WebCore::V8AbstractEventListener::shouldPreventDefault): allow specific
2058         event listeners to decide when to prevent default action based on the handler
2059         return value.
2060         * bindings/v8/V8AbstractEventListener.h:
2061         * bindings/v8/V8WindowErrorHandler.cpp:
2062         (WebCore::V8WindowErrorHandler::callListenerFunction):
2063         (WebCore::V8WindowErrorHandler::shouldPreventDefault):
2064         * bindings/v8/V8WindowErrorHandler.h:
2065         * bindings/v8/V8WorkerContextErrorHandler.cpp:
2066         (WebCore::V8WorkerContextErrorHandler::callListenerFunction):
2067         (WebCore::V8WorkerContextErrorHandler::shouldPreventDefault):
2068         * bindings/v8/V8WorkerContextErrorHandler.h:
2069
2070 2011-09-06  Xianzhu Wang  <wangxianzhu@chromium.org>
2071
2072         Replace usages of Vector<UChar> with existing StringBuilder
2073         https://bugs.webkit.org/show_bug.cgi?id=67079
2074
2075         Reviewed by Gavin Barraclough.
2076
2077         No new tests. All existing unit tests and layout tests should run
2078         as before.
2079
2080         * css/CSSOMUtils.cpp:
2081         (WebCore::appendCharacter):
2082         (WebCore::serializeCharacter):
2083         (WebCore::serializeCharacterAsCodePoint):
2084         (WebCore::serializeIdentifier):
2085         (WebCore::serializeString):
2086         * css/CSSOMUtils.h:
2087         * css/CSSPrimitiveValue.cpp:
2088         (WebCore::CSSPrimitiveValue::cssText):
2089         * css/CSSStyleSelector.cpp:
2090         (WebCore::CSSStyleSelector::SelectorChecker::determineLinkStateSlowCase):
2091         * css/CSSWrapShapes.cpp:
2092         (WebCore::CSSWrapShapeRect::cssText):
2093         (WebCore::CSSWrapShapeCircle::cssText):
2094         (WebCore::CSSWrapShapeEllipse::cssText):
2095         (WebCore::CSSWrapShapePolygon::cssText):
2096         * editing/HTMLInterchange.cpp:
2097         (WebCore::convertHTMLTextToInterchangeFormat):
2098         * editing/MarkupAccumulator.cpp:
2099         (WebCore::appendCharactersReplacingEntities):
2100         (WebCore::MarkupAccumulator::serializeNodes):
2101         (WebCore::MarkupAccumulator::appendStartTag):
2102         (WebCore::MarkupAccumulator::appendEndTag):
2103         (WebCore::MarkupAccumulator::concatenateMarkup):
2104         (WebCore::MarkupAccumulator::appendAttributeValue):
2105         (WebCore::MarkupAccumulator::appendCustomAttributes):
2106         (WebCore::MarkupAccumulator::appendQuotedURLAttributeValue):
2107         (WebCore::MarkupAccumulator::appendNodeValue):
2108         (WebCore::MarkupAccumulator::appendNamespace):
2109         (WebCore::MarkupAccumulator::appendText):
2110         (WebCore::MarkupAccumulator::appendComment):
2111         (WebCore::MarkupAccumulator::appendDocumentType):
2112         (WebCore::MarkupAccumulator::appendProcessingInstruction):
2113         (WebCore::MarkupAccumulator::appendElement):
2114         (WebCore::MarkupAccumulator::appendOpenTag):
2115         (WebCore::MarkupAccumulator::appendCloseTag):
2116         (WebCore::MarkupAccumulator::appendAttribute):
2117         (WebCore::MarkupAccumulator::appendCDATASection):
2118         (WebCore::MarkupAccumulator::appendStartMarkup):
2119         (WebCore::MarkupAccumulator::appendEndMarkup):
2120         * editing/MarkupAccumulator.h:
2121         * editing/markup.cpp:
2122         (WebCore::StyledMarkupAccumulator::appendElement):
2123         (WebCore::StyledMarkupAccumulator::wrapWithNode):
2124         (WebCore::StyledMarkupAccumulator::wrapWithStyleNode):
2125         (WebCore::StyledMarkupAccumulator::appendStyleNodeOpenTag):
2126         (WebCore::StyledMarkupAccumulator::takeResults):
2127         (WebCore::StyledMarkupAccumulator::appendText):
2128         (WebCore::urlToMarkup):
2129         * html/DOMTokenList.cpp:
2130         (WebCore::DOMTokenList::removeToken):
2131         * html/HTMLFontElement.cpp:
2132         (WebCore::parseFontSize):
2133         * html/HTMLTextFormControlElement.cpp:
2134         (WebCore::HTMLTextFormControlElement::strippedPlaceholder):
2135         * html/parser/CSSPreloadScanner.cpp:
2136         (WebCore::CSSPreloadScanner::emitRule):
2137         * html/parser/CSSPreloadScanner.h:
2138         * html/parser/HTMLEntityParser.cpp:
2139         (WebCore::consumeHTMLEntity):
2140         * html/parser/HTMLEntityParser.h:
2141         * html/parser/HTMLParserIdioms.cpp:
2142         (WebCore::parseHTMLInteger):
2143         (WebCore::parseHTMLNonNegativeInteger):
2144         * html/parser/HTMLTokenizer.cpp:
2145         (WebCore::HTMLTokenizer::processEntity):
2146         (WebCore::HTMLTokenizer::nextToken):
2147         * html/parser/HTMLTreeBuilder.cpp:
2148         (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::giveRemainingTo):
2149         (WebCore::HTMLTreeBuilder::defaultForInTableText):
2150         * html/parser/HTMLTreeBuilder.h:
2151         * inspector/InspectorValues.cpp:
2152         (WebCore::InspectorValue::toJSONString):
2153         (WebCore::InspectorValue::writeJSON):
2154         (WebCore::InspectorBasicValue::writeJSON):
2155         (WebCore::InspectorString::writeJSON):
2156         (WebCore::InspectorObject::writeJSON):
2157         (WebCore::InspectorArray::writeJSON):
2158         * inspector/InspectorValues.h:
2159         * loader/CrossOriginAccessControl.cpp:
2160         (WebCore::createAccessControlPreflightRequest):
2161         * loader/appcache/ApplicationCacheStorage.cpp:
2162         (WebCore::ApplicationCacheStorage::store):
2163         * page/Chrome.cpp:
2164         (WebCore::Chrome::setToolTip):
2165         * page/PageSerializer.cpp:
2166         (WebCore::SerializerMarkupAccumulator::appendText):
2167         (WebCore::SerializerMarkupAccumulator::appendElement):
2168         (WebCore::SerializerMarkupAccumulator::appendCustomAttributes):
2169         * page/SecurityOrigin.cpp:
2170         (WebCore::SecurityOrigin::toString):
2171         * platform/KURL.cpp:
2172         (WebCore::KURL::deprecatedString):
2173         (WebCore::decodeURLEscapeSequences):
2174         * platform/LinkHash.cpp:
2175         (WebCore::squeezeOutNullCharacters):
2176         (WebCore::cleanSlashDotDotSlashes):
2177         (WebCore::mergeDoubleSlashes):
2178         (WebCore::cleanSlashDotSlashes):
2179         (WebCore::cleanPath):
2180         (WebCore::visitedURLInline):
2181         (WebCore::visitedURL):
2182         (WebCore::visitedLinkHash):
2183         * platform/LinkHash.h:
2184         * platform/gtk/DataObjectGtk.cpp:
2185         (WebCore::DataObjectGtk::setURL):
2186         * platform/network/HTTPParsers.cpp:
2187         (WebCore::extractMIMETypeFromMediaType):
2188         * platform/text/TextCodecICU.cpp:
2189         (WebCore::TextCodecICU::decode):
2190         * platform/text/TextStream.cpp:
2191         (WebCore::TextStream::operator<<):
2192         (WebCore::TextStream::release):
2193         * platform/text/TextStream.h:
2194         * plugins/PluginStream.cpp:
2195         (WebCore::PluginStream::startStream):
2196         * rendering/InlineTextBox.cpp:
2197         (WebCore::adjustCharactersAndLengthForHyphen):
2198         * rendering/InlineTextBox.h:
2199         (WebCore::BufferForAppendingHyphen::BufferForAppendingHyphen):
2200         * rendering/RenderListItem.cpp:
2201         (WebCore::RenderListItem::markerTextWithSuffix):
2202         * rendering/RenderListMarker.cpp:
2203         (WebCore::toSymbolic):
2204         (WebCore::RenderListMarker::paint):
2205         (WebCore::RenderListMarker::suffix):
2206         * rendering/RenderTreeAsText.cpp:
2207         (WebCore::quoteAndEscapeNonPrintables):
2208         * rendering/mathml/RenderMathMLFenced.cpp:
2209         (WebCore::RenderMathMLFenced::updateFromElement):
2210         * storage/IDBLevelDBCoding.cpp:
2211         (WebCore::IDBLevelDBCoding::decodeString):
2212         * xml/XMLHttpRequest.cpp:
2213         (WebCore::XMLHttpRequest::getAllResponseHeaders):
2214         * xml/XPathFunctions.cpp:
2215         (WebCore::XPath::FunId::evaluate):
2216         (WebCore::XPath::FunConcat::evaluate):
2217         * xml/XPathUtil.cpp:
2218         (WebCore::XPath::stringValue):
2219         * xml/XSLTProcessorLibxslt.cpp:
2220         (WebCore::writeToStringBuilder):
2221         (WebCore::saveResultToString):
2222         * xml/parser/CharacterReferenceParserInlineMethods.h:
2223         (WebCore::unconsumeCharacters):
2224         (WebCore::consumeCharacterReference):
2225         * xml/parser/XMLCharacterReferenceParser.cpp:
2226         (WebCore::consumeXMLCharacterReference):
2227         * xml/parser/XMLCharacterReferenceParser.h:
2228         * xml/parser/XMLTokenizer.cpp:
2229         (WebCore::XMLTokenizer::nextToken):
2230
2231 2011-09-05  Kent Tamura  <tkent@chromium.org>
2232
2233         REGRESSION (Safari 5.1 - ToT): File input retains its file icon when the value is reset
2234         https://bugs.webkit.org/show_bug.cgi?id=67567
2235
2236         Reviewed by Dimitri Glazkov.
2237
2238         - Introduce InputType::setValue(), which is called by HTMLInputElement::setValue().
2239         - Clear m_icon in FileInputType::setValue().
2240
2241         Tests: fast/forms/file/file-reset-in-change-expected.html
2242                fast/forms/file/file-reset-in-change.html
2243
2244         * html/BaseButtonInputType.cpp:
2245         (WebCore::BaseButtonInputType::setValue):
2246         Implemenation for the "default" mode.
2247         http://www.whatwg.org/specs/web-apps/current-work/multipage/common-input-element-attributes.html#dom-input-value-default
2248         * html/BaseButtonInputType.h:
2249         * html/BaseCheckableInputType.cpp:
2250         (WebCore::BaseCheckableInputType::setValue):
2251         Implemenation for the "default/on" mode.
2252         http://www.whatwg.org/specs/web-apps/current-work/multipage/common-input-element-attributes.html#dom-input-value-default-on
2253         * html/BaseCheckableInputType.h:
2254         * html/FileInputType.cpp:
2255         (WebCore::FileInputType::setValue):
2256         Implemenation for the "filename" mode, and clearing m_icon.
2257         http://www.whatwg.org/specs/web-apps/current-work/multipage/common-input-element-attributes.html#dom-input-value-filename
2258         * html/FileInputType.h:
2259         * html/HTMLInputElement.cpp:
2260         (WebCore::HTMLInputElement::setValue):
2261         Move some code to InputType::setValue().
2262         (WebCore::HTMLInputElement::setValueInternal): A helper for InputType::setValue().
2263         * html/HTMLInputElement.h:
2264         * html/HiddenInputType.cpp:
2265         (WebCore::HiddenInputType::setValue):
2266         Implementation for the "default" mode.
2267         * html/HiddenInputType.h:
2268         * html/InputType.cpp:
2269         (WebCore::InputType::setValue):
2270         Implementation for the "value" mode.
2271         http://www.whatwg.org/specs/web-apps/current-work/multipage/common-input-element-attributes.html#dom-input-value-value
2272         * html/InputType.h:
2273         * html/TextFieldInputType.cpp:
2274         (WebCore::TextFieldInputType::setValue):
2275         In addition to the "value" mode processing, updates placeholder visibililty.
2276         * html/TextFieldInputType.h:
2277
2278 2011-09-06  Ryosuke Niwa  <rniwa@webkit.org>
2279
2280         REGRESSION(r94274): The inner text value of an input element is not updated when input.value is set
2281         https://bugs.webkit.org/show_bug.cgi?id=67681
2282
2283         Reviewed by Kent Tamura.
2284
2285         The bug was caused by HTMLInputElement::setValue's not clearing m_suggestedValue before updateInnerTextValue is called.
2286         Since updateInnerTextValue uses the suggested value when one is present, we need to clear m_suggestedValue in advance.
2287
2288         Test: fast/forms/suggested-value-after-setvalue.html
2289
2290         * html/HTMLInputElement.cpp:
2291         (WebCore::HTMLInputElement::setValue):
2292
2293 2011-09-06  Adam Barth  <abarth@webkit.org>
2294
2295         Attempt to fix GTK build.
2296
2297         * bindings/gobject/WebKitHTMLElementWrapperFactory.cpp:
2298         (WebKit::createHTMLElementWrapper):
2299
2300 2011-09-06  Ryosuke Niwa  <rniwa@webkit.org>
2301
2302         fast/forms/suggested-value-crash.html crashes on Windows
2303         https://bugs.webkit.org/show_bug.cgi?id=67688
2304
2305         Reviewed by Adam Barth.
2306
2307         The crash was caused because functions in internals were accessing uninitialized QualifiedNames.
2308         Fixed the bug by avoiding to link to inputTag and textareaTag. Instead, we resort to toInputElement
2309         and string comparison.
2310
2311         * testing/Internals.cpp:
2312         (WebCore::Internals::wasLastChangeUserEdit):
2313         (WebCore::Internals::suggestedValue):
2314         (WebCore::Internals::setSuggestedValue):
2315
2316 2011-09-06  Mark Hahnenberg  <mhahnenberg@apple.com>
2317
2318         Unzip initialization lists and constructors in JSCell hierarchy (5/7)
2319         https://bugs.webkit.org/show_bug.cgi?id=67420
2320
2321         Reviewed by Geoffrey Garen.
2322
2323         No new tests.
2324
2325         Completed the fifth level of the refactoring to add finishCreation() 
2326         methods to all classes within the JSCell hierarchy with non-trivial 
2327         constructor bodies.
2328
2329         This primarily consists of pushing the calls to finishCreation() down 
2330         into the constructors of the subclasses of the second level of the hierarchy 
2331         as well as pulling the finishCreation() calls out into the class's corresponding
2332         create() method if it has one.  Doing both simultaneously allows us to 
2333         maintain the invariant that the finishCreation() method chain is called exactly 
2334         once during the creation of an object, since calling it any other number of 
2335         times (0, 2, or more) will cause an assertion failure.
2336
2337         * WebCore.exp.in:
2338         * bindings/js/JSDOMBinding.h:
2339         (WebCore::DOMConstructorObject::DOMConstructorObject):
2340         * bindings/js/JSDOMGlobalObject.cpp:
2341         (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
2342         (WebCore::JSDOMGlobalObject::finishCreation):
2343         * bindings/js/JSDOMGlobalObject.h:
2344         * bindings/js/JSDOMWindowShell.cpp:
2345         * bindings/js/JSDOMWindowShell.h:
2346         (WebCore::JSDOMWindowShell::create):
2347         * bindings/js/JSDOMWrapper.h:
2348         (WebCore::JSDOMWrapper::JSDOMWrapper):
2349         * bindings/scripts/CodeGeneratorJS.pm:
2350         (GenerateImplementation):
2351         * bindings/scripts/test/JS/JSTestInterface.cpp:
2352         (WebCore::JSTestInterface::JSTestInterface):
2353         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
2354         (WebCore::JSTestMediaQueryListListener::JSTestMediaQueryListListener):
2355         * bindings/scripts/test/JS/JSTestObj.cpp:
2356         (WebCore::JSTestObj::JSTestObj):
2357         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
2358         (WebCore::JSTestSerializedScriptValueInterface::JSTestSerializedScriptValueInterface):
2359         * bridge/c/CRuntimeObject.cpp:
2360         (JSC::Bindings::CRuntimeObject::CRuntimeObject):
2361         (JSC::Bindings::CRuntimeObject::finishCreation):
2362         * bridge/c/CRuntimeObject.h:
2363         * bridge/jni/jsc/JavaRuntimeObject.cpp:
2364         (JSC::Bindings::JavaRuntimeObject::JavaRuntimeObject):
2365         (JSC::Bindings::JavaRuntimeObject::finishCreation):
2366         * bridge/jni/jsc/JavaRuntimeObject.h:
2367         * bridge/objc/ObjCRuntimeObject.h:
2368         * bridge/objc/ObjCRuntimeObject.mm:
2369         (JSC::Bindings::ObjCRuntimeObject::ObjCRuntimeObject):
2370         (JSC::Bindings::ObjCRuntimeObject::finishCreation):
2371         * bridge/objc/objc_runtime.h:
2372         (JSC::Bindings::ObjcFallbackObjectImp::create):
2373         * bridge/objc/objc_runtime.mm:
2374         (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
2375         * bridge/qt/qt_instance.cpp:
2376         (JSC::Bindings::QtRuntimeObject::QtRuntimeObject):
2377         * bridge/qt/qt_pixmapruntime.cpp:
2378         (JSC::Bindings::QtPixmapRuntimeObject::QtPixmapRuntimeObject):
2379         * bridge/qt/qt_runtime.cpp:
2380         (JSC::Bindings::QtRuntimeMethod::QtRuntimeMethod):
2381         (JSC::Bindings::QtRuntimeMethod::finishCreation):
2382         * bridge/qt/qt_runtime.h:
2383         * bridge/runtime_array.cpp:
2384         (JSC::RuntimeArray::RuntimeArray):
2385         * bridge/runtime_array.h:
2386         (JSC::RuntimeArray::create):
2387         * bridge/runtime_method.cpp:
2388         (JSC::RuntimeMethod::RuntimeMethod):
2389         (JSC::RuntimeMethod::finishCreation):
2390         * bridge/runtime_method.h:
2391         * bridge/runtime_object.cpp:
2392         (JSC::Bindings::RuntimeObject::RuntimeObject):
2393         * bridge/runtime_object.h:
2394         (JSC::Bindings::RuntimeObject::create):
2395
2396 2011-09-06  Luke Macpherson   <macpherson@chromium.org>
2397
2398         Implement list style properties in CSSStyleApplyProperty.
2399         https://bugs.webkit.org/show_bug.cgi?id=67103
2400
2401         Reviewed by Eric Seidel.
2402
2403         No new tests / no behavioral changes.
2404
2405         * css/CSSStyleApplyProperty.cpp:
2406         Add class to wrap call to CSSStyleSelector::styleImage().
2407         (WebCore::ApplyPropertyStyleImage::ApplyPropertyStyleImage):
2408         (WebCore::ApplyPropertyStyleImage::applyValue):
2409         (WebCore::CSSStyleApplyProperty::CSSStyleApplyProperty):
2410         Initialize handlers for list style properties.
2411         * css/CSSStyleSelector.cpp:
2412         (WebCore::CSSStyleSelector::applyProperty):
2413         Remove existing property implementations.
2414
2415 2011-09-06  Alexis Menard  <alexis.menard@openbossa.org>
2416
2417         [Qt] Move away from QPointer as it is slow and it has a replacement QWeakPointer.
2418         https://bugs.webkit.org/show_bug.cgi?id=67673
2419
2420         Reviewed by Ariya Hidayat.
2421
2422         Move away from QPointer to QWeakPointer, it is faster.
2423
2424         No new tests, the existing ones should cover.
2425
2426         * bridge/qt/qt_instance.cpp:
2427         (JSC::Bindings::QtInstance::~QtInstance):
2428         (JSC::Bindings::QtInstance::getClass):
2429         (JSC::Bindings::QtField::name):
2430         (JSC::Bindings::QtField::valueFromInstance):
2431         * bridge/qt/qt_instance.h:
2432         (JSC::Bindings::QtInstance::getObject):
2433         * bridge/qt/qt_runtime.h:
2434         * platform/qt/SharedTimerQt.cpp:
2435         (WebCore::SharedTimerQt::inst):
2436
2437 2011-09-06  Oliver Hunt  <oliver@apple.com>
2438
2439         Update expected results of bindings tests.
2440
2441         * bindings/scripts/test/JS/JSTestInterface.cpp:
2442         (WebCore::JSTestInterfaceConstructor::createStructure):
2443         (WebCore::JSTestInterface::createPrototype):
2444         * bindings/scripts/test/JS/JSTestInterface.h:
2445         (WebCore::JSTestInterface::createStructure):
2446         (WebCore::JSTestInterfacePrototype::createStructure):
2447         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
2448         (WebCore::JSTestMediaQueryListListenerConstructor::createStructure):
2449         (WebCore::JSTestMediaQueryListListener::createPrototype):
2450         * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
2451         (WebCore::JSTestMediaQueryListListener::createStructure):
2452         (WebCore::JSTestMediaQueryListListenerPrototype::createStructure):
2453         * bindings/scripts/test/JS/JSTestObj.cpp:
2454         (WebCore::JSTestObjConstructor::createStructure):
2455         (WebCore::JSTestObj::createPrototype):
2456         * bindings/scripts/test/JS/JSTestObj.h:
2457         (WebCore::JSTestObj::createStructure):
2458         (WebCore::JSTestObjPrototype::createStructure):
2459         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
2460         (WebCore::JSTestSerializedScriptValueInterfaceConstructor::createStructure):
2461         (WebCore::JSTestSerializedScriptValueInterface::createPrototype):
2462         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
2463         (WebCore::JSTestSerializedScriptValueInterface::createStructure):
2464         (WebCore::JSTestSerializedScriptValueInterfacePrototype::createStructure):
2465
2466 2011-09-06  Eric Seidel  <eric@webkit.org>
2467
2468         Remove window.HTMLBlockquoteElement per HTML5 (and DOM Core 1)
2469         https://bugs.webkit.org/show_bug.cgi?id=67678
2470
2471         Reviewed by Darin Adler.
2472
2473         This is why we can't have nice things.
2474
2475         There was some confusion in the original DOM HTML 1 spec about
2476         the existence of HTMlBlockquoteElement which was clarified by
2477         a later errata, removing HTMLBlockquoteElement:
2478         http://www.w3.org/DOM/updates/REC-DOM-Level-1-19981001-errata.html
2479         "This interface is an error and must be ignored. The Interface HTMLQuoteElement is used for both the Q and BLOCKQUOTE elements"
2480
2481         Le sigh.  Personally I think having a separate HTMLBlockquoteElement
2482         is clearer, but thats not how the web works.  Removed it and updated test results.
2483
2484         * CMakeLists.txt:
2485         * CodeGenerators.pri:
2486         * DerivedSources.cpp:
2487         * DerivedSources.make:
2488         * GNUmakefile.list.am:
2489         * WebCore.gypi:
2490         * WebCore.pro:
2491         * WebCore.vcproj/WebCore.vcproj:
2492         * WebCore.xcodeproj/project.pbxproj:
2493         * bindings/gobject/GNUmakefile.am:
2494         * editing/IndentOutdentCommand.cpp:
2495         * html/HTMLBlockquoteElement.cpp: Removed.
2496         * html/HTMLBlockquoteElement.h: Removed.
2497         * html/HTMLBlockquoteElement.idl: Removed.
2498         * html/HTMLElementsAllInOne.cpp:
2499         * html/HTMLQuoteElement.cpp:
2500         (WebCore::HTMLQuoteElement::HTMLQuoteElement):
2501         (WebCore::HTMLQuoteElement::insertedIntoDocument):
2502         * html/HTMLTagNames.in:
2503         * page/DOMWindow.idl:
2504
2505 2011-09-06  Ryosuke Niwa  <rniwa@webkit.org>
2506
2507         Rename confirmCompositionWithoutDisturbingSelection to cancelComposition
2508         https://bugs.webkit.org/show_bug.cgi?id=67569
2509
2510         Reviewed by Antonio Gomes.
2511
2512         Renamed Editor::confirmCompositionWithoutDisturbingSelection to Editor::cancelComposition.
2513         Also renamed the shared function from confirmComposition to setComposition.
2514
2515         * WebCore.exp.in:
2516         * editing/Editor.cpp:
2517         (WebCore::Editor::confirmComposition):
2518         (WebCore::Editor::cancelComposition):
2519         (WebCore::Editor::setComposition):
2520         * editing/Editor.h:
2521
2522 2011-09-06  Sam Weinig  <sam@webkit.org>
2523
2524         WebVTTTokenizer files in the wrong place in the Xcode project.
2525
2526         * WebCore.xcodeproj/project.pbxproj:
2527         Move WebVTTTokenizer files so they are in the right place in the project.
2528
2529 2011-09-06  Chris Rogers  <crogers@google.com>
2530
2531         MediaElementAudioSourceNode destruction triggers ASSERTS
2532         https://bugs.webkit.org/show_bug.cgi?id=67665
2533
2534         Reviewed by Nate Chapin.
2535
2536         Test: webaudio/mediaelementaudiosourcenode-gc.html
2537
2538         * html/HTMLMediaElement.cpp:
2539         (WebCore::HTMLMediaElement::setAudioSourceNode):
2540         * webaudio/AudioContext.cpp:
2541         (WebCore::AudioContext::uninitializeDispatch):
2542         (WebCore::AudioContext::stop):
2543         * webaudio/AudioContext.h:
2544
2545 2011-09-05  Oliver Hunt  <oliver@apple.com>
2546
2547         An object's structure should reference the global object responsible for its creation
2548         https://bugs.webkit.org/show_bug.cgi?id=67624
2549
2550         Reviewed by Gavin Barraclough.
2551
2552         Update calls to Structure::create() to pass the globalObject in,
2553         and update the CodeGenerator to generate appropriate createStructure
2554         methods.
2555
2556         * bindings/js/JSAudioConstructor.h:
2557         (WebCore::JSAudioConstructor::createStructure):
2558         * bindings/js/JSDOMBinding.h:
2559         (WebCore::DOMConstructorObject::createStructure):
2560         (WebCore::getDOMStructure):
2561         * bindings/js/JSDOMGlobalObject.h:
2562         (WebCore::JSDOMGlobalObject::createStructure):
2563         (WebCore::getDOMConstructor):
2564         * bindings/js/JSDOMWindowBase.h:
2565         (WebCore::JSDOMWindowBase::createStructure):
2566         * bindings/js/JSDOMWindowShell.cpp:
2567         (WebCore::JSDOMWindowShell::setWindow):
2568         * bindings/js/JSDOMWindowShell.h:
2569         (WebCore::JSDOMWindowShell::createStructure):
2570         * bindings/js/JSDOMWrapper.h:
2571         (WebCore::JSDOMWrapper::createStructure):
2572         * bindings/js/JSImageConstructor.h:
2573         (WebCore::JSImageConstructor::createStructure):
2574         * bindings/js/JSImageDataCustom.cpp:
2575         (WebCore::toJS):
2576         * bindings/js/JSOptionConstructor.h:
2577         (WebCore::JSOptionConstructor::createStructure):
2578         * bindings/js/JSWorkerContextBase.h:
2579         (WebCore::JSWorkerContextBase::createStructure):
2580         * bindings/js/WorkerScriptController.cpp:
2581         (WebCore::WorkerScriptController::initScript):
2582         * bindings/scripts/CodeGeneratorJS.pm:
2583         (GenerateHeader):
2584         (GenerateImplementation):
2585         (GenerateConstructorDeclaration):
2586         * bridge/c/CRuntimeObject.h:
2587         (JSC::Bindings::CRuntimeObject::createStructure):
2588         * bridge/c/c_instance.cpp:
2589         (JSC::Bindings::CRuntimeMethod::createStructure):
2590         * bridge/jni/jsc/JavaInstanceJSC.cpp:
2591         (JavaRuntimeMethod::createStructure):
2592         * bridge/jni/jsc/JavaRuntimeObject.h:
2593         (JSC::Bindings::JavaRuntimeObject::createStructure):
2594         * bridge/objc/ObjCRuntimeObject.h:
2595         (JSC::Bindings::ObjCRuntimeObject::createStructure):
2596         * bridge/objc/objc_instance.mm:
2597         (ObjCRuntimeMethod::createStructure):
2598         * bridge/objc/objc_runtime.h:
2599         (JSC::Bindings::ObjcFallbackObjectImp::createStructure):
2600         * bridge/runtime_array.h:
2601         (JSC::RuntimeArray::createStructure):
2602         * bridge/runtime_method.h:
2603         (JSC::RuntimeMethod::createStructure):
2604         * bridge/runtime_object.h:
2605         (JSC::Bindings::RuntimeObject::createStructure):
2606
2607 2011-09-06  Anders Carlsson  <andersca@apple.com>
2608
2609         Move NPAPI headers in bridge to plugins
2610         https://bugs.webkit.org/show_bug.cgi?id=67661
2611
2612         Reviewed by Darin Adler.
2613
2614         * WebCore.gypi:
2615         * WebCore.pro:
2616         * WebCore.vcproj/WebCore.vcproj:
2617         * WebCore.xcodeproj/project.pbxproj:
2618         Update build systems.
2619
2620         * bridge/npapi.h: Removed.
2621         * bridge/npruntime.h: Removed.
2622         * bridge/nptypes.h: Removed.
2623         * plugins/npapi.h: Copied from Source/WebCore/bridge/npapi.h.
2624         * plugins/npruntime.h: Copied from Source/WebCore/bridge/npruntime.h.
2625         * plugins/nptypes.h: Copied from Source/WebCore/bridge/nptypes.h.
2626
2627 2011-09-06  David Hyatt  <hyatt@apple.com>
2628
2629         https://bugs.webkit.org/show_bug.cgi?id=67672
2630         
2631         Improve background-size parsing. Make it actually dump auto values properly, and also make it omit
2632         auto if it is the second value. Fix the parsing to not create a value list when only a singleton value
2633         is specified.
2634
2635         Reviewed by Beth Dakin.
2636
2637         Covered well by existing tests.
2638
2639         * css/CSSComputedStyleDeclaration.cpp:
2640         (WebCore::fillSizeToCSSValue):
2641         * css/CSSParser.cpp:
2642         (WebCore::CSSParser::parseFillSize):
2643         * css/CSSStyleSelector.cpp:
2644         (WebCore::CSSStyleSelector::mapFillSize):
2645
2646 2011-09-06  David Hyatt  <hyatt@apple.com>
2647
2648         https://bugs.webkit.org/show_bug.cgi?id=67657
2649         
2650         Implement border-image-width. This patch stops short of converting -webkit-border-image to a shorthand.
2651         I'll do that in the next patch.
2652
2653         Note that unlike the -webkit-border-image syntax, border-image-width does not actually set the border
2654         width values. It simply makes cuts into the border image drawing area (which for now is just the border
2655         box, but that will change once border-image-outset is implemented).
2656         
2657         This means we need additional storage for the slices, since they are now separate from the border widths.
2658         
2659         For backwards compatibility, -webkit-border-image will continue to set the border widths when
2660         border-image-width is specified in the -webkit-border-image shorthand.
2661
2662         Reviewed by Beth Dakin.
2663
2664         Added new tests in fast/borders.
2665
2666         * css/CSSBorderImageSliceValue.cpp:
2667         (WebCore::CSSBorderImageSliceValue::CSSBorderImageSliceValue):
2668         (WebCore::CSSBorderImageSliceValue::cssText):
2669         * css/CSSBorderImageSliceValue.h:
2670         (WebCore::CSSBorderImageSliceValue::create):
2671         (WebCore::CSSBorderImageSliceValue::slices):
2672         Rename slices() to imageSlices() and add borderSlices() and m_borderSlices to hold the desired cuts
2673         for the border image drawing area. Converted the slices over to the new Quad primitive value (a RectBase
2674         subclass that is identical to Rect but dumps as a quad instead of a rect primitive).
2675
2676         * css/CSSBorderImageValue.cpp:
2677         (WebCore::CSSBorderImageValue::CSSBorderImageValue):
2678         (WebCore::CSSBorderImageValue::cssText):
2679         * css/CSSBorderImageValue.h:
2680         (WebCore::CSSBorderImageValue::create):
2681         Make CSSBorderImageValue take the border slices during construction now.
2682     
2683         * css/CSSComputedStyleDeclaration.cpp:
2684         (WebCore::valueForNinePieceImageSlice):
2685         (WebCore::valueForNinePieceImageWidth):
2686         (WebCore::valueForNinePieceImageRepeat):
2687         (WebCore::valueForNinePieceImage):
2688         (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
2689         Add support for computed style via valueForNinePieceImageWidth. Patch all of the border image properties
2690         to dump the most compact form possible for the property values, e.g., "stretch stretch" becomes "stretch."
2691
2692         * css/CSSParser.cpp:
2693         (WebCore::CSSParser::parseValue):
2694         (WebCore::CSSParser::parseReflect):
2695         (WebCore::BorderImageParseContext::BorderImageParseContext):
2696         (WebCore::BorderImageParseContext::commitImageSlice):
2697         (WebCore::BorderImageParseContext::commitBorderWidth):
2698         (WebCore::BorderImageParseContext::commitBorderImage):
2699         (WebCore::CSSParser::parseBorderImage):
2700         (WebCore::isBorderImageRepeatKeyword):
2701         (WebCore::CSSParser::parseBorderImageRepeat):
2702         (WebCore::BorderImageSliceParseContext::commitBorderImageSlice):
2703         (WebCore::CSSParser::parseBorderImageSlice):
2704         (WebCore::BorderImageWidthParseContext::BorderImageWidthParseContext):
2705         (WebCore::BorderImageWidthParseContext::allowNumber):
2706         (WebCore::BorderImageWidthParseContext::allowFinalCommit):
2707         (WebCore::BorderImageWidthParseContext::top):
2708         (WebCore::BorderImageWidthParseContext::commitNumber):
2709         (WebCore::BorderImageWidthParseContext::setAllowFinalCommit):
2710         (WebCore::BorderImageWidthParseContext::setTop):
2711         (WebCore::BorderImageWidthParseContext::commitBorderImageWidth):
2712         (WebCore::CSSParser::parseBorderImageWidth):
2713         * css/CSSParser.h:
2714         Modify the border-image code to pass off border-image-width parsing to parseBorderImageWidth.
2715
2716         * css/CSSPrimitiveValue.cpp:
2717         (WebCore::isValidCSSUnitTypeForDoubleConversion):
2718         (WebCore::CSSPrimitiveValue::init):
2719         (WebCore::CSSPrimitiveValue::cleanup):
2720         (WebCore::CSSPrimitiveValue::getQuadValue):
2721         (WebCore::CSSPrimitiveValue::cssText):
2722         * css/CSSPrimitiveValue.h:
2723         (WebCore::CSSPrimitiveValue::getQuadValue):
2724         Add the new Quad value to CSSPrimitiveValue.
2725     
2726         * css/CSSPropertyNames.in:
2727         Add the new properties for border-image-width and -webkit-mask-box-image-width.
2728
2729         * css/CSSStyleSelector.cpp:
2730         (WebCore::CSSStyleSelector::applyProperty):
2731         (WebCore::CSSStyleSelector::mapNinePieceImage):
2732         (WebCore::CSSStyleSelector::mapNinePieceImageSlice):
2733         (WebCore::CSSStyleSelector::mapNinePieceImageWidth):
2734         (WebCore::CSSStyleSelector::loadPendingImages):
2735         * css/CSSStyleSelector.h:
2736         Add the code to map the image width into border slices.
2737     
2738         * css/Rect.h:
2739         (WebCore::RectBase::top):
2740         (WebCore::RectBase::right):
2741         (WebCore::RectBase::bottom):
2742         (WebCore::RectBase::left):
2743         (WebCore::RectBase::setTop):
2744         (WebCore::RectBase::setRight):
2745         (WebCore::RectBase::setBottom):
2746         (WebCore::RectBase::setLeft):
2747         (WebCore::RectBase::RectBase):
2748         (WebCore::RectBase::~RectBase):
2749         (WebCore::Rect::create):
2750         (WebCore::Rect::Rect):
2751         (WebCore::Quad::create):
2752         (WebCore::Quad::Quad):
2753         Adding the new Quad value.
2754
2755         * rendering/RenderBoxModelObject.cpp:
2756         (WebCore::computeBorderImageSide):
2757         (WebCore::RenderBoxModelObject::paintNinePieceImage):
2758         Modify painting to treat the border slices as separate from the border widths.
2759         
2760         * rendering/style/NinePieceImage.cpp:
2761         (WebCore::NinePieceImage::operator==):
2762         * rendering/style/NinePieceImage.h:
2763         (WebCore::NinePieceImage::NinePieceImage):
2764         (WebCore::NinePieceImage::imageSlices):
2765         (WebCore::NinePieceImage::setImageSlices):
2766         (WebCore::NinePieceImage::borderSlices):
2767         (WebCore::NinePieceImage::setBorderSlices):
2768         (WebCore::NinePieceImage::copyImageSlicesFrom):
2769         (WebCore::NinePieceImage::copyBorderSlicesFrom):
2770         * rendering/style/StyleRareNonInheritedData.cpp:
2771         Add the border slices.
2772         
2773         (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
2774         * rendering/style/StyleReflection.h:
2775         (WebCore::StyleReflection::StyleReflection):
2776         Make sure masks and reflections default border-image-width to auto instead of 1, since that matches
2777         old behavior.
2778
2779 2011-09-06  Noel Gordon  <noel.gordon@gmail.com>
2780
2781         [chromium skia] JPEGImageEncoder: hoist constants out of the encoding loop
2782         https://bugs.webkit.org/show_bug.cgi?id=67589
2783
2784         Reviewed by Kenneth Russell.
2785
2786         Change the row converter function signatures to be the same.  Call them via a function
2787         pointer during the encoding loop.  Minor webkit style cleanup, remove unused include.
2788
2789         No new tests.  Covered by existing canvas 2d and 3d tests.
2790         canvas/philip/tests/toDataURL.jpeg.alpha.html
2791         fast/canvas/webgl/premultiplyalpha-test.html
2792
2793         * platform/image-encoders/skia/JPEGImageEncoder.cpp:  Remove SkUnPreMultiply.h (not used).
2794         (WebCore::preMultipliedBGRAtoRGB):  Use unsigned char* instead of void* for pixels.
2795         (WebCore::RGBAtoRGB):  pixels & pixelCount to match the preMultipliedBGRAtoRGB() signature.
2796         (WebCore::encodePixels):  Move constants out of the encoding loop: use a function pointer
2797         to call preMultipliedBGRAtoRGB or RGBAtoRGB (now they have identical signatures), define
2798         and use pixelRowStride constant.
2799         (WebCore::JPEGImageEncoder::encode):
2800
2801 2011-09-06  Aaron Colwell  <acolwell@chromium.org>
2802
2803         Allow MediaSource API to be enabled at runtime.
2804         https://bugs.webkit.org/show_bug.cgi?id=67306
2805
2806         Reviewed by Eric Carlson.
2807
2808         * bindings/generic/RuntimeEnabledFeatures.cpp:
2809         * bindings/generic/RuntimeEnabledFeatures.h:
2810         (WebCore::RuntimeEnabledFeatures::webkitMediaSourceEnabled):
2811         (WebCore::RuntimeEnabledFeatures::setWebkitMediaSourceEnabled):
2812         * html/HTMLMediaElement.idl:
2813
2814 2011-09-06  Mike Reed  <reed@google.com>
2815
2816         [skia] never draw with GDI, so that all text can be gpu-accelerated
2817         https://bugs.webkit.org/show_bug.cgi?id=65203
2818
2819         Reviewed by Kenneth Russell.
2820
2821         * platform/graphics/chromium/FontChromiumWin.cpp:
2822         (WebCore::TransparencyAwareFontPainter::TransparencyAwareFontPainter::TransparencyAwareFontPainter):
2823         (WebCore::TransparencyAwareFontPainter::TransparencyAwareGlyphPainter::TransparencyAwareGlyphPainter):
2824         (WebCore::TransparencyAwareFontPainter::TransparencyAwareGlyphPainter::drawGlyphs):
2825         (WebCore::TransparencyAwareFontPainter::TransparencyAwareUniscribePainter::TransparencyAwareUniscribePainter):
2826         (WebCore::drawGlyphsWin):
2827         (WebCore::Font::drawComplexText):
2828         * platform/graphics/chromium/UniscribeHelper.cpp:
2829         (WebCore::UniscribeHelper::draw):
2830         * platform/graphics/skia/PlatformContextSkia.cpp:
2831         * platform/graphics/skia/PlatformContextSkia.h:
2832         * platform/graphics/skia/SkiaFontWin.cpp:
2833         (WebCore::skiaDrawText):
2834         * platform/graphics/skia/SkiaFontWin.h:
2835
2836 2011-09-06  Nat Duca  <nduca@chromium.org>
2837
2838         [chromium] REGRESSION(94353): requestAnimationFrame not throttled in compositing path
2839         https://bugs.webkit.org/show_bug.cgi?id=67621
2840
2841         CCSingleThreadProxy should not perform layout when called
2842         via the compositeImmediately path. Doing so makes it look
2843         like frame rate is unbounded.
2844
2845         Reviewed by James Robinson.
2846
2847         * platform/graphics/chromium/cc/CCSingleThreadProxy.cpp:
2848         (WebCore::CCSingleThreadProxy::compositeAndReadback):
2849         (WebCore::CCSingleThreadProxy::compositeImmediately):
2850         (WebCore::CCSingleThreadProxy::commitIfNeeded):
2851         * platform/graphics/chromium/cc/CCSingleThreadProxy.h:
2852
2853 2011-09-06  Ryosuke Niwa  <rniwa@webkit.org>
2854
2855         REGRESSION(r94274): FormManagerTest.PreviewForm and FillFormNonEmptyField fail on chromium
2856         https://bugs.webkit.org/show_bug.cgi?id=67453
2857
2858         Reviewed by Kent Tamura.
2859
2860         Fixed the bug by updating inner text value in setSuggestedValue.
2861
2862         Also added a suggestedValue and setSuggestedValue on window.internals for testing purposes.
2863
2864         Test: fast/forms/suggested-value.html
2865
2866         * WebCore.exp.in:
2867         * testing/Internals.cpp:
2868         (WebCore::Internals::suggestedValue):
2869         (WebCore::Internals::setSuggestedValue):
2870         * testing/Internals.h:
2871         * testing/Internals.idl:
2872
2873 2011-09-06  Eric Carlson  <eric.carlson@apple.com>
2874
2875         load() does not reset the resource selection algorithm
2876         https://bugs.webkit.org/show_bug.cgi?id=64917
2877
2878         Reviewed by Darin Adler.
2879
2880         Test: media/video-source-load.html
2881
2882         * html/HTMLMediaElement.cpp:
2883         (WebCore::HTMLMediaElement::selectMediaResource): Reset m_nextChildNodeToConsider, update
2884             comments and rearrange logic to more closely match logic in spec.
2885         (WebCore::HTMLMediaElement::noneSupported): Update comments.
2886
2887 2011-09-06  Abhishek Arya  <inferno@chromium.org>
2888
2889         Style not propagated to anonymous boxes and anonymous
2890         inline-blocks.
2891         https://bugs.webkit.org/show_bug.cgi?id=67364
2892
2893         Reviewed by James Robinson.
2894
2895         Share propagateStyleToAnonymousChildren with RenderBlock::styleDidChange.
2896
2897         * rendering/RenderBlock.cpp:
2898         (WebCore::RenderBlock::styleDidChange):
2899         * rendering/RenderObject.cpp:
2900         (WebCore::RenderObject::propagateStyleToAnonymousChildren):
2901         * rendering/RenderObject.h:
2902
2903 2011-09-06  Robin Cao  <robin.cao@torchmobile.com.cn>
2904
2905         [skia] States of GraphicsContext may never be restored after clipToImageBuffer
2906         https://bugs.webkit.org/show_bug.cgi?id=67358
2907
2908         beginLayerClippedToImage/applyClipFromImage are mismatched when clipping to
2909         an empty ImageBuffer, which will make states of GraphicsContext incorrect.
2910
2911         Reviewed by James Robinson.
2912
2913         Test: fast/repaint/background-clip-text.html
2914
2915         * platform/graphics/skia/PlatformContextSkia.cpp:
2916         (WebCore::PlatformContextSkia::beginLayerClippedToImage):
2917
2918 2011-09-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
2919
2920         [EFL] Do not allocate memory for extremely large surfaces.
2921         https://bugs.webkit.org/show_bug.cgi?id=65192
2922
2923         Reviewed by Martin Robinson.
2924
2925         So far, RenderThemeEfl tried to allocate a buffer and a cairo surface
2926         the size of the whole form element passed to it.
2927
2928         In the case of
2929         fast/overflow/overflow-height-float-not-removed-crash.html and others,
2930         this meant extremely large widgets, which crashed the code.
2931
2932         We now only render the widgets if they are smaller than some hardcoded
2933         and sufficiently large values which should work in most cases.
2934
2935         No new tests, as this was uncovered by existing ones.
2936
2937         * platform/efl/RenderThemeEfl.cpp:
2938         (WebCore::RenderThemeEfl::isFormElementTooLargeToDisplay):
2939         (WebCore::RenderThemeEfl::cacheThemePartNew):
2940         (WebCore::RenderThemeEfl::paintThemePart):
2941         * platform/efl/RenderThemeEfl.h:
2942
2943 2011-08-30  Pavel Podivilov  <podivilov@chromium.org>
2944
2945         Web Inspector: implement source map v3 consumer.
2946         https://bugs.webkit.org/show_bug.cgi?id=67205
2947
2948         Reviewed by Yury Semikhatsky.
2949
2950         Test: inspector/debugger/compiler-source-mapping.html
2951
2952         * WebCore.gypi:
2953         * WebCore.vcproj/WebCore.vcproj:
2954         * inspector/front-end/CompilerSourceMapping.js: Added.
2955         (WebInspector.CompilerSourceMapping):
2956         (WebInspector.CompilerSourceMapping.prototype.compiledLocationToSourceLocation):
2957         (WebInspector.CompilerSourceMapping.prototype.sourceLocationToCompiledLocation):
2958         (WebInspector.CompilerSourceMapping.prototype.get sources):
2959         (WebInspector.ClosureCompilerSourceMapping):
2960         (WebInspector.ClosureCompilerSourceMapping.prototype.compiledLocationToSourceLocation):
2961         (WebInspector.ClosureCompilerSourceMapping.prototype.sourceLocationToCompiledLocation):
2962         (WebInspector.ClosureCompilerSourceMapping.prototype.get sources):
2963         (WebInspector.ClosureCompilerSourceMapping.prototype._findMapping):
2964         (WebInspector.ClosureCompilerSourceMapping.prototype._parsePayload):
2965         (WebInspector.ClosureCompilerSourceMapping.prototype._isSeparator):
2966         (WebInspector.ClosureCompilerSourceMapping.prototype._decodeVLQ):
2967         (WebInspector.ClosureCompilerSourceMapping.StringCharIterator):
2968         (WebInspector.ClosureCompilerSourceMapping.StringCharIterator.prototype.next):
2969         (WebInspector.ClosureCompilerSourceMapping.StringCharIterator.prototype.peek):
2970         (WebInspector.ClosureCompilerSourceMapping.StringCharIterator.prototype.hasNext):
2971         * inspector/front-end/WebKit.qrc:
2972         * inspector/front-end/inspector.html:
2973
2974 2011-09-05  Pavel Podivilov  <podivilov@chromium.org>
2975
2976         Web Inspector: re-implement RawSourceCode.
2977         https://bugs.webkit.org/show_bug.cgi?id=67609
2978
2979         RawSourceCode content and source mapping loading logic is too complex, re-implement it using simpler semantics:
2980         1) Initially, RawSourceCode doesn't have any content or mapping because content loading and
2981         formatting operations are asynchronous, it only has scripts metadata. We don't update UI right
2982         after RawSourceCode creation until full RawSourceCode representation is ready (content + mapping).
2983         2) When RawSourceCode representation is ready (e.g. resource is finished, or content is formatted
2984         if in pretty-print mode) we dispatch SourceMappingUpdated event to notify the listeners that
2985         source code should be shown to user and raw locations should be converted to ui locations
2986         (to show breakpoins, messages, call frames etc in UI). At this moment, all source file's content
2987         is ready for loading and source mapping is available.
2988         3) Later, RawSourceCode representation may change again, e.g. if pretty-print mode is toggled, or
2989         blocked resource is finished etc., in that case SourceMappingUpdated is dispatched again to update
2990         source code, links and decorations in UI.
2991
2992         Reviewed by Yury Semikhatsky.
2993
2994         * inspector/front-end/DebuggerPresentationModel.js:
2995         (WebInspector.DebuggerPresentationModel.prototype.linkifyLocation):
2996         (WebInspector.DebuggerPresentationModel.prototype._addScript):
2997         (WebInspector.DebuggerPresentationModel.prototype._sourceMappingUpdated):
2998         (WebInspector.DebuggerPresentationModel.prototype._restoreBreakpoints):
2999         (WebInspector.DebuggerPresentationModel.prototype._addConsoleMessage.didGetUILocation):
3000         (WebInspector.DebuggerPresentationModel.prototype._addConsoleMessage):
3001         (WebInspector.DebuggerPresentationModel.prototype.messagesForUISourceCode):
3002         * inspector/front-end/ScriptsPanel.js:
3003         (WebInspector.ScriptsPanel.prototype._uiSourceCodeReplaced):
3004         (WebInspector.ScriptsPanel.prototype._sourceFrameLoaded):
3005         * inspector/front-end/SourceFile.js:
3006         (WebInspector.RawSourceCode):
3007         (WebInspector.RawSourceCode.prototype.addScript):
3008         (WebInspector.RawSourceCode.prototype.contentEdited):
3009         (WebInspector.RawSourceCode.prototype._resourceFinished):
3010         (WebInspector.RawSourceCode.prototype.requestContent):
3011         (WebInspector.RawSourceCode.prototype.createSourceMappingIfNeeded.sourceMappingUpdated):
3012         (WebInspector.RawSourceCode.prototype.createSourceMappingIfNeeded):
3013         (WebInspector.RawSourceCode.prototype.forceLoadContent):
3014         (WebInspector.RawSourceCode.prototype._updateSourceMapping.didCreateSourceMapping):
3015         (WebInspector.RawSourceCode.prototype._updateSourceMapping):
3016         (WebInspector.RawSourceCode.prototype._createContentProvider):
3017         (WebInspector.RawSourceCode.prototype._createSourceMapping.didRequestContent.didFormatContent):
3018         (WebInspector.RawSourceCode.prototype._createSourceMapping.didRequestContent):
3019         (WebInspector.RawSourceCode.prototype._createSourceMapping):
3020         (WebInspector.RawSourceCode.prototype._saveSourceMapping):
3021         (WebInspector.StaticContentProvider):
3022         (WebInspector.StaticContentProvider.prototype.requestContent):
3023
3024 2011-09-06  Csaba Osztrogonác  <ossy@webkit.org>
3025
3026         Unreviewed, rolling out r94564.
3027         http://trac.webkit.org/changeset/94564
3028         https://bugs.webkit.org/show_bug.cgi?id=67555
3029
3030         It broke many tests
3031
3032         * svg/SVGTRefElement.cpp:
3033         (WebCore::SVGTRefElement::svgAttributeChanged):
3034
3035 2011-09-06  Rob Buis  <rbuis@rim.com>
3036
3037         use after free in WebCore::SVGTRefElement::updateReferencedText
3038         https://bugs.webkit.org/show_bug.cgi?id=67555
3039
3040         Reviewed by Nikolas Zimmermann.
3041
3042         Do not install event listener if tref is not part of any document.
3043
3044         Test: svg/custom/tref-clone-crash.html
3045
3046         * svg/SVGTRefElement.cpp:
3047         (WebCore::SVGTRefElement::svgAttributeChanged):
3048
3049 2011-09-06  Sheriff Bot  <webkit.review.bot@gmail.com>
3050
3051         Unreviewed, rolling out r94560.
3052         http://trac.webkit.org/changeset/94560
3053         https://bugs.webkit.org/show_bug.cgi?id=67636
3054
3055         It made inspector/debugger/script-formatter.html flakey
3056         (Requested by Ossy on #webkit).
3057
3058         * inspector/front-end/BreakpointManager.js:
3059         (WebInspector.BreakpointManager.prototype.set reset):
3060         * inspector/front-end/DebuggerPresentationModel.js:
3061         (WebInspector.DebuggerPresentationModel.prototype._addScript.didCreateSourceMapping):
3062         (WebInspector.DebuggerPresentationModel.prototype._addScript):
3063         (WebInspector.DebuggerPresentationModel.prototype._uiSourceCodeReplaced):
3064         (WebInspector.DebuggerPresentationModel.prototype.setFormatSource):
3065         (WebInspector.DebuggerPresentationModel.prototype._addConsoleMessage.didGetUILocation):
3066         (WebInspector.DebuggerPresentationModel.prototype._addConsoleMessage):
3067         (WebInspector.PresenationCallFrame.prototype.select):
3068         * inspector/front-end/ScriptsPanel.js:
3069         (WebInspector.ScriptsPanel.prototype._uiSourceCodeReplaced):
3070         (WebInspector.ScriptsPanel.prototype._sourceFrameLoaded):
3071         * inspector/front-end/SourceFile.js:
3072         (WebInspector.RawSourceCode):
3073         (WebInspector.RawSourceCode.prototype.addScript):
3074         (WebInspector.RawSourceCode.prototype.contentEdited):
3075         (WebInspector.RawSourceCode.prototype.requestContent):
3076         (WebInspector.RawSourceCode.prototype.createSourceMappingIfNeeded.didRequestContent):
3077         (WebInspector.RawSourceCode.prototype.createSourceMappingIfNeeded):
3078         (WebInspector.RawSourceCode.prototype._setContentProvider):
3079         (WebInspector.RawSourceCode.prototype.forceLoadContent):
3080         (WebInspector.RawSourceCode.prototype._reload):
3081         (WebInspector.RawSourceCode.prototype._requestContent):
3082         (WebInspector.RawSourceCode.prototype._loadResourceContent):
3083         (WebInspector.RawSourceCode.prototype._loadScriptContent):
3084         (WebInspector.RawSourceCode.prototype._loadAndConcatenateScriptsContent):
3085         (WebInspector.RawSourceCode.prototype._didRequestContent):
3086         (WebInspector.RawSourceCode.prototype._hasPendingResource):
3087         (WebInspector.FormattedContentProvider):
3088         (WebInspector.FormattedContentProvider.prototype.requestContent.didRequestContent.didFormatContent):
3089         (WebInspector.FormattedContentProvider.prototype.requestContent):
3090
3091 2011-09-06  Antti Koivisto  <antti@apple.com>
3092
3093         https://bugs.webkit.org/show_bug.cgi?id=67480
3094         [Chromium] [REGRESSION] Layout Test svg/batik/text/textStyles.svg is failing
3095
3096         Reviewed by Dimitri Glazkov.
3097
3098         The text node needs willRecalcStyle mechanism too.
3099
3100         * dom/Text.cpp:
3101         (WebCore::Text::recalcTextStyle):
3102         * dom/Text.h:
3103         (WebCore::Text::willRecalcTextStyle):
3104         * svg/SVGTRefElement.cpp:
3105         (WebCore::SVGTRefElement::SVGTRefElement):
3106         (WebCore::SVGShadowText::SVGShadowText):
3107         (WebCore::SVGShadowText::willRecalcTextStyle):
3108
3109 2011-09-05  Pavel Podivilov  <podivilov@chromium.org>
3110
3111         Web Inspector: re-implement RawSourceCode.
3112         https://bugs.webkit.org/show_bug.cgi?id=67609
3113
3114         RawSourceCode content and source mapping loading logic is too complex, re-implement it using simpler semantics:
3115         1) Initially, RawSourceCode doesn't have any content or mapping because content loading and
3116         formatting operations are asynchronous, it only has scripts metadata. We don't update UI right
3117         after RawSourceCode creation until full RawSourceCode representation is ready (content + mapping).
3118         2) When RawSourceCode representation is ready (e.g. resource is finished, or content is formatted
3119         if in pretty-print mode) we dispatch SourceMappingUpdated event to notify the listeners that
3120         source code should be shown to user and raw locations should be converted to ui locations
3121         (to show breakpoins, messages, call frames etc in UI). At this moment, all source file's content
3122         is ready for loading and source mapping is available.
3123         3) Later, RawSourceCode representation may change again, e.g. if pretty-print mode is toggled, or
3124         blocked resource is finished etc., in that case SourceMappingUpdated is dispatched again to update
3125         source code, links and decorations in UI.
3126
3127         Reviewed by Yury Semikhatsky.
3128
3129         * inspector/front-end/DebuggerPresentationModel.js:
3130         (WebInspector.DebuggerPresentationModel.prototype.linkifyLocation):
3131         (WebInspector.DebuggerPresentationModel.prototype._addScript):
3132         (WebInspector.DebuggerPresentationModel.prototype._sourceMappingUpdated):
3133         (WebInspector.DebuggerPresentationModel.prototype._restoreBreakpoints):
3134         (WebInspector.DebuggerPresentationModel.prototype._addConsoleMessage.didGetUILocation):
3135         (WebInspector.DebuggerPresentationModel.prototype._addConsoleMessage):
3136         (WebInspector.DebuggerPresentationModel.prototype.messagesForUISourceCode):
3137         * inspector/front-end/ScriptsPanel.js:
3138         (WebInspector.ScriptsPanel.prototype._uiSourceCodeReplaced):
3139         (WebInspector.ScriptsPanel.prototype._sourceFrameLoaded):
3140         * inspector/front-end/SourceFile.js:
3141         (WebInspector.RawSourceCode):
3142         (WebInspector.RawSourceCode.prototype.addScript):
3143         (WebInspector.RawSourceCode.prototype.contentEdited):
3144         (WebInspector.RawSourceCode.prototype._resourceFinished):
3145         (WebInspector.RawSourceCode.prototype.requestContent):
3146         (WebInspector.RawSourceCode.prototype.createSourceMappingIfNeeded.sourceMappingUpdated):
3147         (WebInspector.RawSourceCode.prototype.createSourceMappingIfNeeded):
3148         (WebInspector.RawSourceCode.prototype.forceLoadContent):
3149         (WebInspector.RawSourceCode.prototype._updateSourceMapping.didCreateSourceMapping):
3150         (WebInspector.RawSourceCode.prototype._updateSourceMapping):
3151         (WebInspector.RawSourceCode.prototype._createContentProvider):
3152         (WebInspector.RawSourceCode.prototype._createSourceMapping.didRequestContent.didFormatContent):
3153         (WebInspector.RawSourceCode.prototype._createSourceMapping.didRequestContent):
3154         (WebInspector.RawSourceCode.prototype._createSourceMapping):
3155         (WebInspector.RawSourceCode.prototype._saveSourceMapping):
3156         (WebInspector.StaticContentProvider):
3157         (WebInspector.StaticContentProvider.prototype.requestContent):
3158
3159 2011-09-06  Dirk Schulze  <krit@webkit.org>
3160
3161         Return to transform multiplication: motion transform * other transforms
3162         https://bugs.webkit.org/show_bug.cgi?id=67601
3163
3164         Reviewed by Nikolas Zimmermann.
3165         
3166         Right now we take the current transform of a transformable SVG element, post multiply the animation transform
3167         and post multiply the motion transform to the other both:
3168
3169           transform * animation transform * motion transform
3170
3171         We switched to this behavior with the clean up of AffineTransform.
3172         While the specification of SVG demands us to do so, no other SVG viewer is doing it that way. Now switching back to:
3173
3174           motion transform * transform * animation transform
3175
3176         This is done by other SVG viewers as well. While their is no consense about how to multiply the different transforms
3177         on the SVG WG, their is a consense that the current specified behavior is unwanted. See
3178         http://lists.w3.org/Archives/Public/www-svg/2011Jan/0055.html for more details.
3179
3180         We pass the following tests of the official W3C SVG test suite again now:
3181
3182         - animate-elem-24-t.svg
3183         - animate-elem-30-t.svg
3184
3185         * svg/SVGStyledTransformableElement.cpp:
3186         (WebCore::SVGStyledTransformableElement::animatedLocalTransform):
3187         * svg/SVGTextElement.cpp:
3188         (WebCore::SVGTextElement::animatedLocalTransform):
3189
3190 2011-09-05  Adam Barth  <abarth@webkit.org>
3191
3192         window.HTMLSpanElement does not exist
3193         https://bugs.webkit.org/show_bug.cgi?id=67571
3194
3195         Reviewed by Sam Weinig.
3196
3197         We have these objects for most other elements and HTMLSpanElement
3198         exists in Firefox and in the HTML5 spec.  This patch adds it.
3199
3200         Test: fast/dom/wrapper-classes.html
3201
3202         * CMakeLists.txt:
3203         * CodeGenerators.pri:
3204         * DerivedSources.cpp:
3205         * DerivedSources.make:
3206         * GNUmakefile.list.am:
3207         * WebCore.gypi:
3208         * WebCore.pro:
3209         * WebCore.vcproj/WebCore.vcproj:
3210         * WebCore.xcodeproj/project.pbxproj:
3211         * html/HTMLElementsAllInOne.cpp:
3212         * html/HTMLSpanElement.cpp: Added.
3213         (WebCore::HTMLSpanElement::HTMLSpanElement):
3214         (WebCore::HTMLSpanElement::create):
3215         * html/HTMLSpanElement.h: Added.
3216         * html/HTMLSpanElement.idl: Added.
3217         * html/HTMLTagNames.in:
3218         * page/DOMWindow.idl:
3219
3220 2011-09-04  Abhishek Arya  <inferno@chromium.org>
3221
3222         Style not propagated to anonymous boxes and anonymous
3223         inline-blocks.
3224         https://bugs.webkit.org/show_bug.cgi?id=67364
3225
3226         Reviewed by James Robinson.
3227
3228         Tests: fast/ruby/ruby-block-style-not-updated-with-before-after-content.html
3229                fast/ruby/ruby-block-style-not-updated.html
3230                fast/ruby/ruby-inline-style-not-updated-with-before-after-content.html
3231                fast/ruby/ruby-inline-style-not-updated.html
3232                fast/table/table-row-style-not-updated-with-after-content.html
3233                fast/table/table-row-style-not-updated-with-before-content.html
3234                fast/table/table-row-style-not-updated.html
3235                fast/table/table-style-not-updated.html
3236
3237         * rendering/RenderObject.cpp:
3238         (WebCore::RenderObject::propagateStyleToAnonymousChildren):
3239         * rendering/RenderObject.h:
3240         (WebCore::RenderObject::isBeforeAfterContent):
3241         * rendering/RenderRuby.cpp:
3242         (WebCore::RenderRubyAsInline::styleDidChange):
3243         (WebCore::RenderRubyAsBlock::styleDidChange):
3244         * rendering/RenderRuby.h:
3245         * rendering/RenderTable.cpp:
3246         (WebCore::RenderTable::styleDidChange):
3247         * rendering/RenderTableRow.cpp:
3248         (WebCore::RenderTableRow::styleDidChange):
3249         (WebCore::RenderTableRow::addChild):
3250         * rendering/RenderTableSection.cpp:
3251         (WebCore::RenderTableSection::styleDidChange):
3252         (WebCore::RenderTableSection::addChild):
3253         * rendering/RenderTableSection.h:
3254
3255 2011-09-05  Abhishek Arya  <inferno@chromium.org>
3256
3257         Crash in RenderObjectChildList::destroyLeftOverChildren()
3258         https://bugs.webkit.org/show_bug.cgi?id=64753
3259
3260         Reviewed by James Robinson.
3261
3262         If any of the ancestors between column span element and containing
3263         column's block is a continuation, then don't attempt to render the
3264         column span by splitting the block into continuations.
3265
3266         Test: fast/multicol/column-span-parent-continuation-crash.html
3267
3268         * rendering/RenderBlock.cpp:
3269         (WebCore::RenderBlock::columnsBlockForSpanningElement):
3270
3271 2011-09-05  Sheriff Bot  <webkit.review.bot@gmail.com>
3272
3273         Unreviewed, rolling out r94537.
3274         http://trac.webkit.org/changeset/94537
3275         https://bugs.webkit.org/show_bug.cgi?id=67618
3276
3277         Does not compile on Chromium Mac (Requested by abarth_ on
3278         #webkit).
3279
3280         * platform/image-encoders/skia/JPEGImageEncoder.cpp:
3281         (WebCore::preMultipliedBGRAtoRGB):
3282         (WebCore::RGBAtoRGB):
3283         (WebCore::encodePixels):
3284         (WebCore::JPEGImageEncoder::encode):
3285
3286 2011-09-05  Noel Gordon  <noel.gordon@gmail.com>
3287
3288         [chromium skia] JPEGImageEncoder: hoist contants out of the encoding loop
3289         https://bugs.webkit.org/show_bug.cgi?id=67589
3290
3291         Reviewed by Adam Barth.
3292
3293         Change the row converter function signatures to be the same.  Call them via a function
3294         pointer during the encoding loop.  Minor webkit stlye cleanup, remove unused include.
3295
3296         No new tests.  Covered by existing canvas 2d and 3d tests.
3297         canvas/philip/tests/toDataURL.jpeg.alpha.html
3298         fast/canvas/webgl/premultiplyalpha-test.html
3299
3300         * platform/image-encoders/skia/JPEGImageEncoder.cpp:  Remove SkUnPreMultiply.h (not used).
3301         (WebCore::preMultipliedBGRAtoRGB):  Use unsigned char* instead of void* for pixels.
3302         (WebCore::RGBAtoRGB):  pixels & pixelCount to match the preMultipliedBGRAtoRGB() signature.
3303         (WebCore::encodePixels):  Move contants out of the encoding loop: use a function pointer to
3304         call preMultipliedBGRAtoRGB or RGBAtoRGB (now they have identical signatures) during the
3305         image row encoding loop.  Add/use pixelRowStride constant.
3306         (WebCore::JPEGImageEncoder::encode):  webkit style: no need to split lines.
3307
3308 2011-09-05  John Knottenbelt  <jknotten@chromium.org>
3309
3310         Take pageScaleFactor into account for MouseRelatedEvents.
3311         https://bugs.webkit.org/show_bug.cgi?id=67592
3312
3313         Reviewed by Dimitri Glazkov.
3314
3315         Test: fast/events/page-scaled-mouse-click.html
3316
3317         * dom/MouseRelatedEvent.cpp:
3318         (WebCore::MouseRelatedEvent::MouseRelatedEvent):
3319
3320 2011-09-02  Pavel Podivilov  <podivilov@chromium.org>
3321
3322         Web Inspector: rename RawSourceCode.reload to contentEdited.
3323         https://bugs.webkit.org/show_bug.cgi?id=67504
3324
3325         Make RawSourceCode.reload private and remove RawSourceCode.content getter and setter
3326         (RawSourceCode isn't supposed to have any content).
3327
3328         Reviewed by Yury Semikhatsky.
3329
3330         * inspector/front-end/DebuggerPresentationModel.js:
3331         (WebInspector.DebuggerPresentationModel.prototype.setScriptSource.didEditScriptSource):
3332         (WebInspector.DebuggerPresentationModel.prototype.setScriptSource):
3333         (WebInspector.DebuggerPresentationModelResourceBinding.prototype.canSetContent):
3334         (WebInspector.DebuggerPresentationModelResourceBinding.prototype.setContent):
3335         (WebInspector.DebuggerPresentationModelResourceBinding.prototype._setContentWithInitialContent):
3336         * inspector/front-end/SourceFile.js:
3337         (WebInspector.RawSourceCode):
3338         (WebInspector.RawSourceCode.prototype.contentEdited):
3339         (WebInspector.RawSourceCode.prototype.forceLoadContent):
3340         (WebInspector.RawSourceCode.prototype._reload):
3341         (WebInspector.RawSourceCode.prototype._didRequestContent):
3342
3343 2011-09-05  Leandro Gracia Gil  <leandrogracia@chromium.org>
3344
3345         Fix the regression of bug 65333 introduced by 60170.
3346         This caused the speech input bubble to appear in the wrong side for RTL text inputs.
3347         https://bugs.webkit.org/show_bug.cgi?id=67597
3348
3349         Reviewed by Tony Gentilcore.
3350
3351         No new tests. Fixing regression.
3352
3353         * html/shadow/TextControlInnerElements.cpp:
3354         (WebCore::InputFieldSpeechButtonElement::startSpeechInput):
3355
3356 2011-09-05  Alexander Pavlov  <apavlov@chromium.org>
3357
3358         Web Inspector: F5 results in a Web Inspector frontend reload on non-Macs
3359         https://bugs.webkit.org/show_bug.cgi?id=67602
3360
3361         Reviewed by Yury Semikhatsky.
3362
3363         * inspector/front-end/inspector.js:
3364         (WebInspector.documentKeyDown):
3365
3366 2011-09-05  Sheriff Bot  <webkit.review.bot@gmail.com>
3367
3368         Unreviewed, rolling out r94525.
3369         http://trac.webkit.org/changeset/94525
3370         https://bugs.webkit.org/show_bug.cgi?id=67599
3371
3372         WinCE compilation failed. (Requested by loislo on #webkit).
3373
3374         * platform/text/TextBoundaries.cpp:
3375         * platform/text/TextBreakIteratorICU.cpp:
3376         * platform/text/qt/TextBoundariesQt.cpp:
3377         * platform/text/qt/TextBreakIteratorQt.cpp:
3378
3379 2011-09-05  Alexander Færøy  <alexander.faeroy@nokia.com>
3380
3381         [Qt] Compiling using system ICU uses QTextBreakIterator in some cases.
3382         https://bugs.webkit.org/show_bug.cgi?id=67391
3383
3384         Reviewed by Kenneth Rohde Christiansen.
3385
3386         * platform/text/TextBoundaries.cpp:
3387         * platform/text/TextBreakIteratorICU.cpp:
3388         * platform/text/qt/TextBoundariesQt.cpp:
3389         * platform/text/qt/TextBreakIteratorQt.cpp:
3390
3391 2011-09-05  Kaustubh Atrawalkar  <kaustubh@motorola.com>
3392
3393         Logic from HTMLElement::deprecatedCreateContextualFragment moved into
3394         Range::createContextualFragment function.
3395         https://bugs.webkit.org/show_bug.cgi?id=67056
3396
3397         Reviewed by Ryosuke Niwa.
3398
3399         Code Refactoring for deprecatedCreateContextualFragment.
3400
3401         No new tests. Code Re-factoring.
3402
3403         * dom/Element.cpp:
3404         * dom/Element.h:
3405         * dom/Range.cpp:
3406         (WebCore::insertIntoFragment):
3407         (WebCore::Range::createDocumentFragmentForElement):
3408         (WebCore::Range::createContextualFragment):
3409         * dom/Range.h:
3410         * editing/markup.cpp:
3411         (WebCore::createFragmentFromMarkup):
3412         * html/HTMLElement.cpp:
3413         * html/HTMLElement.h:
3414
3415 2011-09-04  James Kozianski  <koz@chromium.org>
3416
3417         Unreviewed, rolling out r94510.
3418         http://trac.webkit.org/changeset/94510
3419         https://bugs.webkit.org/show_bug.cgi?id=66531
3420
3421         Causes layout test crashes.
3422
3423         * dom/Document.cpp:
3424         (WebCore::Document::webkitWillEnterFullScreenForElement):
3425         (WebCore::Document::webkitDidExitFullScreenForElement):
3426         * dom/NodeRenderingContext.cpp:
3427         (WebCore::wrapWithRenderFullScreen):
3428         (WebCore::NodeRendererFactory::createRendererIfNeeded):
3429         * rendering/RenderFullScreen.cpp:
3430         (RenderFullScreen::createFullScreenStyle):
3431         * rendering/RenderFullScreen.h:
3432
3433 2011-09-04  Abhishek Arya  <inferno@chromium.org>
3434
3435         Unreviewed. Compile fix for r94511.
3436
3437         * dom/Range.cpp:
3438         (WebCore::Range::processContents):
3439         (WebCore::Range::processAncestorsAndTheirSiblings):
3440
3441 2011-09-04  Abhishek Arya  <inferno@chromium.org>
3442
3443         Crash in Range::processAncestorsAndTheirSiblings.
3444         https://bugs.webkit.org/show_bug.cgi?id=67556
3445
3446         Reviewed by Ryosuke Niwa.
3447
3448         Create a temporary RefPtr Node vector to keep all the ancestor's
3449         childs so that we don't access removed child nodes.
3450
3451         Test: fast/dom/Range/range-delete-contents-event-fire-crash.html
3452
3453         * dom/Range.cpp:
3454         (WebCore::Range::processContents):
3455         (WebCore::Range::processAncestorsAndTheirSiblings):
3456
3457 2011-09-04  Jeremy Apthorp  <jeremya@google.com>
3458
3459         Don't detach elements from the render tree when entering fullscreen mode
3460         https://bugs.webkit.org/show_bug.cgi?id=66531
3461
3462         This prevents plugin instances from being destroyed and reinstantiated
3463         when entering fullscreen mode.
3464
3465         Reviewed by Darin Fisher.
3466
3467         Test: plugins/fullscreen-plugins-dont-reload.html
3468
3469         * dom/Document.cpp:
3470         (WebCore::Document::webkitWillEnterFullScreenForElement):
3471         (WebCore::Document::webkitDidExitFullScreenForElement):
3472         * dom/NodeRenderingContext.cpp:
3473         (WebCore::NodeRendererFactory::createRendererIfNeeded):
3474         * rendering/RenderFullScreen.cpp:
3475         (createFullScreenStyle):
3476         (RenderFullScreen::wrapRenderer):
3477         (RenderFullScreen::unwrapRenderer):
3478         * rendering/RenderFullScreen.h:
3479
3480 2011-09-04  Dan Bernstein  <mitz@apple.com>
3481
3482         <rdar://problem/10071256> Retain retired custom fonts until the next style recalc
3483
3484         Reviewed by Darin Adler.
3485
3486         Test: fast/css/font-face-used-after-retired.html
3487
3488         During style recalc, existing renderers may reference their old style, including font data.
3489         Allow them to do so safely by keeping retired custom font data around until after style recalc.
3490
3491         * css/CSSFontFace.cpp:
3492         (WebCore::CSSFontFace::retireCustomFont): Added. Calls through to CSSFontSelector, if the font
3493         face is still part of any segmented font face. Otherwise, deletes the custom font data.
3494         * css/CSSFontFace.h:
3495         * css/CSSFontFaceSource.cpp:
3496         (WebCore::CSSFontFaceSource::pruneTable): Changed to call retireCustomFont() instead of deleting
3497         retired font data.
3498         * css/CSSFontSelector.cpp:
3499         (WebCore::CSSFontSelector::retireCustomFont): Added. Calls through to the Document, if this is
3500         still the active font selector for a document. Otherwise, deletes the custom font data.
3501         * css/CSSFontSelector.h:
3502         * css/CSSSegmentedFontFace.cpp:
3503         (WebCore::CSSSegmentedFontFace::pruneTable): Changed to call retireCustomFont() instead of
3504         deleting retired font data.
3505         * dom/Document.cpp:
3506         (WebCore::Document::~Document): Added a call to deleteRetiredCustomFonts(), in case the Document
3507         is destroyed before getting a chance to recalc style after custom fonts have been retired.
3508         (WebCore::Document::recalcStyle): Added a call to deleteRetiredCustomFonts() after style recalc.
3509         (WebCore::Document::deleteRetiredCustomFonts): Added. Deletes all previously-retired custom font
3510         data.
3511         * dom/Document.h:
3512         (WebCore::Document::retireCustomFont): Added.
3513
3514 2011-09-04  Sam Weinig  <sam@webkit.org>
3515
3516         Document.createEvent should support all the interfaces of Event we got
3517         https://bugs.webkit.org/show_bug.cgi?id=67568
3518
3519         Reviewed by Anders Carlsson.
3520
3521         Updated fast/events/event-creation.html
3522
3523         * dom/BeforeLoadEvent.h:
3524         (WebCore::BeforeLoadEvent::create):
3525         (WebCore::BeforeLoadEvent::BeforeLoadEvent):
3526         Added empty create.
3527         
3528         * dom/Document.cpp:
3529         (WebCore::Document::createEvent):
3530         Add missing interfaces.
3531
3532         * dom/HashChangeEvent.h:
3533         (WebCore::HashChangeEvent::create):
3534         (WebCore::HashChangeEvent::HashChangeEvent):
3535         Added empty create.
3536
3537         * page/SpeechInputEvent.cpp:
3538         (WebCore::SpeechInputEvent::create):
3539         (WebCore::SpeechInputEvent::SpeechInputEvent):
3540         (WebCore::SpeechInputEvent::~SpeechInputEvent):
3541         * page/SpeechInputEvent.h:
3542         Added empty create.
3543
3544 2011-09-04  Adam Barth  <abarth@webkit.org>
3545
3546         [Chromium] Add memory threshold values to WebKitPlatformSupport.h
3547         https://bugs.webkit.org/show_bug.cgi?id=67575
3548
3549         Reviewed by Darin Fisher.
3550
3551         Grab these memory thresholds from PlatformSupport rather than hard-coding them.
3552
3553         * bindings/v8/V8GCController.cpp:
3554         (WebCore::V8GCController::checkMemoryUsage):
3555         * platform/chromium/PlatformSupport.h:
3556         * platform/qt/PlatformSupport.h:
3557         (WebCore::PlatformSupport::lowMemoryUsageMB):
3558         (WebCore::PlatformSupport::highMemoryUsageMB):
3559         (WebCore::PlatformSupport::highUsageDeltaMB):
3560
3561 2011-09-04  Kevin Ollivier  <kevino@theolliviers.com>
3562
3563         [wx] Unreviewed build fix. Add new / moved files missing from last commit.
3564
3565         * platform/wx/LocalDC.h: Added.
3566         (WebCore::LocalDC::LocalDC):
3567         (WebCore::LocalDC::context):
3568         (WebCore::LocalDC::~LocalDC):
3569         * platform/wx/wxcode/cairo: Added.
3570         * platform/wx/wxcode/cairo/non-kerned-drawing.cpp: Added.
3571         (WebCore::pangoFontMap):
3572         (WebCore::createPangoFontForFont):
3573         (WebCore::createScaledFontForFont):
3574         (WebCore::pango_font_get_glyph):
3575         (WebCore::drawTextWithSpacing):
3576         * platform/wx/wxcode/gdiplus: Added.
3577         * platform/wx/wxcode/gdiplus/non-kerned-drawing.cpp: Added.
3578         (dmin):
3579         (dmax):
3580         (DegToRad):
3581         (RadToDeg):
3582         (WebCore::drawTextWithSpacing):
3583
3584 2011-09-04  Robin Dunn  <robin@alldunn.com>
3585
3586         [wx] Enable wxWebKit to run using the wxGC Cairo backend on platforms other than GTK.
3587         https://bugs.webkit.org/show_bug.cgi?id=67577
3588
3589         Reviewed by Kevin Ollivier.
3590
3591         * platform/graphics/GlyphBuffer.h:
3592         (WebCore::GlyphBuffer::glyphAt):
3593         (WebCore::GlyphBuffer::add):
3594         * platform/graphics/wx/GraphicsContextWx.cpp:
3595         (WebCore::GraphicsContext::clipOut):
3596         (WebCore::GraphicsContext::clipPath):
3597         * platform/graphics/wx/PathWx.cpp:
3598         (WebCore::Path::Path):
3599         (WebCore::Path::clear):
3600         * platform/graphics/wx/TransformationMatrixWx.cpp:
3601         (WebCore::TransformationMatrix::operator wxGraphicsMatrix):
3602         (WebCore::AffineTransform::operator wxGraphicsMatrix):
3603         * platform/image-decoders/wx/ImageDecoderWx.cpp:
3604         (WebCore::ImageFrame::asNewNativeImage):
3605         * platform/wx/ContextMenuWx.cpp:
3606         (ContextMenu::ContextMenu):
3607         * platform/wx/LocalDC.h: Added.
3608         (WebCore::LocalDC::LocalDC):
3609         (WebCore::LocalDC::context):
3610         (WebCore::LocalDC::~LocalDC):
3611         * platform/wx/RenderThemeWx.cpp:
3612         (WebCore::RenderThemeWx::paintButton):
3613         (WebCore::RenderThemeWx::paintTextField):
3614         (WebCore::RenderThemeWx::paintMenuList):
3615         (WebCore::RenderThemeWx::paintMenuListButton):
3616         * platform/wx/ScrollbarThemeWx.cpp:
3617         (WebCore::ScrollbarThemeWx::paint):
3618         * platform/wx/wxcode/cairo: Added.
3619         * platform/wx/wxcode/cairo/non-kerned-drawing.cpp: Added.
3620         (WebCore::pangoFontMap):
3621         (WebCore::createPangoFontForFont):
3622         (WebCore::createScaledFontForFont):
3623         (WebCore::pango_font_get_glyph):
3624         (WebCore::drawTextWithSpacing):
3625         * platform/wx/wxcode/gdiplus: Added.
3626         * platform/wx/wxcode/gdiplus/non-kerned-drawing.cpp: Added.
3627         (dmin):
3628         (dmax):
3629         (DegToRad):
3630         (RadToDeg):
3631         (WebCore::drawTextWithSpacing):
3632         * platform/wx/wxcode/gtk/non-kerned-drawing.cpp: Removed.
3633         * platform/wx/wxcode/win/non-kerned-drawing.cpp: Removed.
3634         * platform/wx/wxcode/win/scrollbar_render.cpp:
3635         (GraphicsHDC::GraphicsHDC):
3636         (GraphicsHDC::~GraphicsHDC):
3637         (wxRenderer_DrawScrollbar):
3638
3639 2011-09-03  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
3640
3641         REGRESSION (r86268): Fix for qt_networkAccessAllowed()
3642         https://bugs.webkit.org/show_bug.cgi?id=67570
3643
3644         Reviewed by Noam Rosenthal.
3645
3646         No new tests as this change only removes dead code.
3647         Support for Qt 4.6 has  been removed a while back.
3648
3649         * WebCore.pri:
3650         * WebCore.pro:
3651         * features.pri:
3652         * platform/network/NetworkStateNotifier.h:
3653         * platform/network/qt/NetworkStateNotifierQt.cpp:
3654
3655 2011-09-03  Ryosuke Niwa  <rniwa@webkit.org>
3656
3657         REGRESSION(r94274): selection-change-closes-typing.html fails
3658         https://bugs.webkit.org/show_bug.cgi?id=67377
3659
3660         Reviewed by Kent Tamura.
3661
3662         The problem was that when the shadow DOM is updated by setInnerTextValue, WebKit layer detects the selection
3663         change and calls confirmCompositionWithoutDisturbingSelection, which in turn modifies the shadow DOM by
3664         inserting text.
3665
3666         Fixed the bug by not inserting text in confirmCompositionWithoutDisturbingSelection. It turned out that this
3667         function is only used to cancel composition but never to confirming composition and restoring selection.
3668
3669         Test: platform/mac/editing/input/selection-change-closes-typing-2.html
3670
3671         * editing/Editor.cpp:
3672         (WebCore::Editor::confirmCompositionWithoutDisturbingSelection):
3673         (WebCore::Editor::confirmComposition):
3674
3675 2011-09-03  Sam Weinig  <sam@webkit.org>
3676
3677         Add missing Event constructors to DOMWindow.idl
3678         https://bugs.webkit.org/show_bug.cgi?id=67449
3679
3680         Reviewed by Anders Carlsson.
3681
3682         Covered by existing tests.
3683
3684         * page/DOMWindow.idl:
3685
3686 2011-08-27  Robert Hogan  <robert@webkit.org>
3687
3688         div align="center" rendering problem
3689         https://bugs.webkit.org/show_bug.cgi?id=4860
3690
3691         Reviewed by David Hyatt.
3692
3693         When an inline element with absolute position was the sole or first child of a render block with
3694         centred alignment, it wasn't obeying its parent's alignment. However it would obey the
3695         alignment if it was preceded by some text. The problem was that the element's render object
3696         was getting skipped as leading white space, so it was not included in a normal line block in
3697         a bidi run. Instead, its position was getting set by RenderBlockLineLayout::setStaticPositions()
3698         which does not pay attention to alignment. Preceding the element with some text allowed the object
3699         to get included in a Bidi run and so get a linebox which would get properly aligned.
3700
3701         The fix is to get RenderBlockLineLayout::setStaticPositions() to obey the alignment specified by
3702         the object's container. This allows WebKit to get the same result on the test as Firefox and IE.
3703         Opera has the same bug as unpatched WebKit.
3704
3705         Tests: fast/css/bug4860-absolute-block-child-does-not-inherit-alignment.html
3706                - Ensure positioned block elements inherit alignment.
3707                fast/css/bug4860-absolute-inline-child-inherits-alignment.html
3708                - Ensure positioned inline elements inherit alignment.
3709                fast/inline/absolute-positioned-inline-in-centred-block.html
3710                - Ensure positioned inline element that's the sole or first child of a rendered block
3711                  obeys parents alignment.
3712                fast/inline/absolute-positioned-block-in-centred-block.html
3713                - As above, but a positioned block should not inherit alignment.
3714
3715         * rendering/RenderBlock.h:
3716         * rendering/RenderBlockLineLayout.cpp:
3717         (WebCore::RenderBlock::updateLogicalWidthForAlignment):
3718         (WebCore::RenderBlock::computeInlineDirectionPositionsForLine): Move the alignment check to updateLogicalWidthForAlignment.
3719         (WebCore::setStaticPositions): use startAlignedOffsetForLine and use startAlignedOffsetForBlock
3720         (WebCore::RenderBlock::startAlignedOffsetForLine): New function, find the aligned offset using updateLogicalWidthForAlignment
3721
3722 2011-09-03  Andreas Kling  <kling@webkit.org>
3723
3724         Remove two unused functions from Element.
3725         https://bugs.webkit.org/show_bug.cgi?id=67492
3726
3727         Reviewed by Benjamin Poulain.
3728
3729         Removed openTagStartToString() and setCStringAttribute() as they are
3730         not called from anywhere.
3731
3732         * dom/Element.cpp:
3733         * dom/Element.h:
3734
3735 2011-09-03  Andrew Wason  <rectalogic@rectalogic.com>
3736
3737         [Qt] Enable support for WebGL OES_standard_derivatives for Qt
3738         https://bugs.webkit.org/show_bug.cgi?id=67430
3739
3740         Reviewed by Noam Rosenthal.
3741
3742         Tested using https://cvs.khronos.org/svn/repos/registry/trunk/public/webgl/sdk/tests/conformance/extensions/oes-standard-derivatives.html
3743
3744         Enable existing support for OES_standard_derivatives for Qt.
3745
3746         * platform/graphics/opengl/Extensions3DOpenGL.cpp:
3747         (WebCore::Extensions3DOpenGL::ensureEnabled):
3748         (WebCore::Extensions3DOpenGL::isEnabled):
3749
3750 2011-09-03  Yuta Kitamura  <yutak@chromium.org>
3751
3752         WebSocket: Send ArrayBuffer as WebSocket binary message
3753         https://bugs.webkit.org/show_bug.cgi?id=67477
3754
3755         Reviewed by Kent Tamura.
3756
3757         Tests: http/tests/websocket/tests/hybi/send-arraybuffer.html
3758                http/tests/websocket/tests/hybi/workers/send-arraybuffer.html
3759                http/tests/websocket/tests/hybi/bufferedAmount-after-close.html (updated)
3760
3761         * bindings/js/JSWebSocketCustom.cpp:
3762         (WebCore::JSWebSocket::send):
3763         * bindings/v8/custom/V8WebSocketCustom.cpp:
3764         (WebCore::V8WebSocket::sendCallback):
3765         * websockets/ThreadableWebSocketChannel.h:
3766         * websockets/ThreadableWebSocketChannelClientWrapper.cpp:
3767         (WebCore::ThreadableWebSocketChannelClientWrapper::ThreadableWebSocketChannelClientWrapper):
3768         (WebCore::ThreadableWebSocketChannelClientWrapper::sendRequestResult):
3769         (WebCore::ThreadableWebSocketChannelClientWrapper::setSendRequestResult):
3770         * websockets/ThreadableWebSocketChannelClientWrapper.h:
3771         Rename "sent" to "sendRequestResult" to clarify the meaning. Messages from the script may not
3772         be sent immediately, thus the return value of WebSocketChannel::send() indicates whether the
3773         message has been queued successfully, rather than whether the message has been sent or not.
3774         * websockets/WebSocket.cpp:
3775         (WebCore::WebSocket::send):
3776         Case of sending "[object ArrayBuffer]" is covered by an existing test
3777         http/tests/websocket/tests/{hybi,hixie76}/send-object.html.
3778         * websockets/WebSocket.h:
3779         * websockets/WebSocket.idl:
3780         * websockets/WebSocketChannel.cpp:
3781         (WebCore::WebSocketChannel::send):
3782         * websockets/WebSocketChannel.h:
3783         * websockets/WorkerThreadableWebSocketChannel.cpp:
3784         (WebCore::WorkerThreadableWebSocketChannel::send):
3785         (WebCore::workerContextDidSend):
3786         (WebCore::WorkerThreadableWebSocketChannel::Peer::send):
3787         (WebCore::WorkerThreadableWebSocketChannel::mainThreadSendArrayBuffer):
3788         Construct an ArrayBuffer from the data on Vector<char>.
3789         (WebCore::WorkerThreadableWebSocketChannel::Bridge::send):
3790         Copy the content into temporary buffer of Vector<char>, and send it to the main thread.
3791         * websockets/WorkerThreadableWebSocketChannel.h:
3792
3793 2011-09-02  Kentaro Hara  <haraken@google.com>
3794
3795         Implement a CustomEvent constructor for V8
3796         https://bugs.webkit.org/show_bug.cgi?id=67527
3797
3798         Reviewed by Sam Weinig.
3799
3800         Test: fast/events/constructors/custom-event-constructor.html
3801
3802         * bindings/v8/OptionsObject.h:
3803         (WebCore::OptionsObject::getKeyValue): Returns ScriptValue corresponding to a given key.
3804         * bindings/v8/custom/V8EventConstructors.cpp: Added the CustomEvent constructor.
3805         * dom/CustomEvent.idl: Added a 'V8CustomConstructor' attribute.
3806
3807 2011-09-02  Adrienne Walker  <enne@google.com>
3808
3809         [chromium] Move updateLayers from LayerRendererChromium to CCLayerTreeHost
3810         https://bugs.webkit.org/show_bug.cgi?id=67438
3811
3812         Reviewed by James Robinson.
3813
3814         Covered by existing tests.
3815
3816         Move functionality used by both CCLayerTreeHost and
3817         LayerRendererChromium into CCLayerTreeHostCommon. Move update, paint,
3818         and updateCompositorResource functions into CClayerTreeHost.
3819
3820         * WebCore.gypi:
3821         * platform/graphics/chromium/LayerChromium.cpp:
3822         (WebCore::sortLayers):
3823         * platform/graphics/chromium/LayerChromium.h:
3824         * platform/graphics/chromium/LayerRendererChromium.cpp:
3825         (WebCore::LayerRendererChromium::textureMemoryReclaimLimit):
3826         (WebCore::LayerRendererChromium::drawLayers):
3827         (WebCore::LayerRendererChromium::drawLayersInternal):
3828         * platform/graphics/chromium/LayerRendererChromium.h:
3829         * platform/graphics/chromium/cc/CCLayerImpl.cpp:
3830         (WebCore::sortLayers):
3831         * platform/graphics/chromium/cc/CCLayerImpl.h:
3832         * platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
3833         (WebCore::CCLayerTreeHost::commitTo):
3834         (WebCore::CCLayerTreeHost::updateLayers):
3835         (WebCore::paintContentsIfDirty):
3836         (WebCore::CCLayerTreeHost::paintLayerContents):
3837         (WebCore::CCLayerTreeHost::updateCompositorResources):
3838         * platform/graphics/chromium/cc/CCLayerTreeHost.h:
3839         * platform/graphics/chromium/cc/CCLayerTreeHostCommon.cpp: Added.
3840         (WebCore::CCLayerTreeHostCommon::isScaleOrTranslation):
3841         (WebCore::CCLayerTreeHostCommon::calculateVisibleRect):
3842         (WebCore::CCLayerTreeHostCommon::calculateVisibleLayerRect):
3843         * platform/graphics/chromium/cc/CCLayerTreeHostCommon.h: Added.
3844         (WebCore::CCLayerTreeHostCommon::calculateDrawTransformsAndVisibility):
3845         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
3846         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
3847         * platform/graphics/chromium/cc/CCSingleThreadProxy.cpp:
3848         (WebCore::CCSingleThreadProxy::commitIfNeeded):
3849
3850 2011-09-02  Chris Marrin  <cmarrin@apple.com>
3851
3852         https://bugs.webkit.org/show_bug.cgi?id=67510
3853         Crash can occur when doing a PlatformCAAnimation::copy() with no valueFunction
3854
3855         Reviewed by Simon Fraser.
3856         
3857         Do a null check in two places to avoid sending nulls to CACF ValueFunction API.
3858
3859         Test: animations/pause-crash.html
3860
3861         * platform/graphics/ca/win/PlatformCAAnimationWin.cpp:
3862         (PlatformCAAnimation::valueFunction):
3863         (PlatformCAAnimation::setValueFunction):
3864
3865 2011-09-02  Bill Budge  <bbudge@chromium.org>
3866
3867         Add a 'didDownloadData' method to ResourceLoader, SubresourceLoader,
3868         SubresourceLoaderClient, DocumentThreadableLoader, ResourceHandleClient,
3869         and ThreadableLoaderClient for the Chromium port only, so we can pass
3870         these notifications from our ResourceHandle implementation through the
3871         WebCore loader framework.
3872         https://bugs.webkit.org/show_bug.cgi?id=67229
3873
3874         Reviewed by Darin Fisher.
3875
3876         No new tests. Exposes no new functionality.
3877
3878         * WebCore.gypi:
3879         * loader/DocumentThreadableLoader.h:
3880         * loader/ResourceLoader.h:
3881         * loader/SubresourceLoader.h:
3882         * loader/SubresourceLoaderClient.h:
3883         (WebCore::SubresourceLoaderClient::didDownloadData):
3884         * loader/ThreadableLoaderClient.h:
3885         (WebCore::ThreadableLoaderClient::didDownloadData):
3886         * loader/ThreadableLoaderClientWrapper.h:
3887         (WebCore::ThreadableLoaderClientWrapper::didDownloadData):
3888         * loader/chromium: Added.
3889         * loader/chromium/DocumentThreadableLoaderChromium.cpp: Added.
3890         (WebCore::DocumentThreadableLoader::didDownloadData):
3891         * loader/chromium/ResourceLoaderChromium.cpp: Added.
3892         (WebCore::ResourceLoader::didDownloadData):
3893         * loader/chromium/SubresourceLoaderChromium.cpp: Added.
3894         (WebCore::SubresourceLoader::didDownloadData):
3895         * platform/network/ResourceHandleClient.h:
3896         (WebCore::ResourceHandleClient::didDownloadData):
3897
3898 2011-09-02  Jeff Miller  <jeffm@apple.com>
3899
3900         Assert that PlatformCALayerWinInternal::displayCallback() is only called on the main thread
3901         https://bugs.webkit.org/show_bug.cgi?id=67541
3902
3903         Reviewed by Simon Fraser.
3904
3905         No new tests, covered by existing media tests.
3906
3907         * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp:
3908         (PlatformCALayerWinInternal::displayCallback): Assert that is function is only called on the main thread.
3909
3910 2011-09-02  Julien Chaffraix  <jchaffraix@webkit.org>
3911
3912         Enable RenderLayer::updateLayerPosition's cachedOffset optimization for more cases
3913         https://bugs.webkit.org/show_bug.cgi?id=66901
3914
3915         Reviewed by Simon Fraser.
3916
3917         Test: fast/layers/assert-RenderLayer-update-positions.html
3918               Also covered by existing tests under the new ASSERT.
3919
3920         This change extends the range of callers making use of the cachedOffset optimization.
3921
3922         Most callers did not make use of cachedOffset as it did not work when called on a subtree.
3923         This limitation is now gone thus we can enable it more widely.
3924
3925         The semantics of the optimization are changed a bit as we now return if it is enabled whereas
3926         the old code would check if it was *disabled*. Also there were some renames done to match more
3927         closely what was going on (s/cachedOffset/offsetFromRoot/ and s/cachedOffsetDisabled/hasLayerOffset/).
3928
3929         Note that this is an optimistic optimization: if cachedOffset is not used, then we have
3930         done at least an extra traversal up to the root. I have found it to be a wash on file
3931         cycler (alexa) but to be a nice improvement (~20%) on some table benchmarks (modifying
3932         a cell, scrolling).
3933
3934         * page/FrameView.cpp:
3935         (WebCore::FrameView::layout): Extended the use of cachedOffset to subtree layouts.
3936         * rendering/RenderBoxModelObject.cpp:
3937         (WebCore::RenderBoxModelObject::styleDidChange): Forbid the use cachedOffset in this
3938         case as we have only a single layer to update.
3939
3940         * rendering/RenderLayer.cpp:
3941         (WebCore::RenderLayer::computeOffsetFromRoot): Added this function to get the offset from the root
3942         layer at a certain point in the RenderLayer's tree. It gets the root layer's checking if no layer
3943         in between would prevent convertToLayerCoords to work and return the position relative to
3944         this layer.
3945
3946         (WebCore::RenderLayer::updateLayerPositions): Added a new ASSERT to make sure our cachedOffset
3947         is always fine. Also added a comment about calling convertToLayerCoords.
3948
3949         (WebCore::RenderLayer::removeOnlyThisLayer): Added cachedOffset here too as we may have to
3950         update several layers. We save the offset prior to being removed from the hierarchy for
3951         correctness.
3952
3953         (WebCore::RenderLayer::paintChildLayerIntoColumns): Added a comment here about calling convertToLayerCoords.
3954
3955         * rendering/RenderLayer.h: Swapped the argument in updateLayerPositions to make
3956         cachedOffset a mandatory field. Patched all the callers.
3957
3958         (WebCore::RenderLayer::canUseConvertToLayerCoords): Added this helper method to know when a
3959         renderer prevents convertToLayerCoords from working. Added some FIXME around suspicious use
3960         of convertToLayerCoords.
3961
3962 2011-08-30  Matthew Delaney  <mdelaney@apple.com>
3963
3964         Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData
3965         https://bugs.webkit.org/show_bug.cgi?id=65352
3966
3967         Reviewed by Simon Fraser.
3968
3969         New test: fast/canvas/canvas-getImageData-large-crash.html
3970
3971         This patch prevents overflows from happening in getImageData, createImageData, and canvas creation
3972         calls that specify widths and heights that end up overflowing the ints that we store those values in
3973         as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer
3974         arithmetic is detected via the use of the new Checked type that was introduced in r94207.
3975
3976         * html/HTMLCanvasElement.cpp:
3977         (WebCore::HTMLCanvasElement::convertLogicalToDevice): Removed dependency on ints, using FloatRects/Sizes instead.
3978         (WebCore::HTMLCanvasElement::createImageBuffer): Moved the check for max canvas area and dimensions here.
3979           Added in check that prevents us from having canvases of sizes that will cause overflows.
3980         (WebCore::HTMLCanvasElement::baseTransform): Updated use of convertLogicalToDevice.
3981         * html/HTMLCanvasElement.h: Updated method signatures.
3982         * html/canvas/CanvasRenderingContext2D.cpp:
3983         (WebCore::createEmptyImageData): Added in check to prevent creating ImageData objects that will cause overflow when computing their size.
3984         (WebCore::CanvasRenderingContext2D::createImageData): Avoid creating ImageData objects of size that will overflow later.
3985         (WebCore::CanvasRenderingContext2D::getImageData): Added in check to prevent trying to get ImageData objects that will cause overflow when computing their size.
3986         * platform/graphics/FloatRect.cpp:
3987         (WebCore::FloatRect::isExpressibleAsIntRect): New method that tests whether a FloatRect can become an IntRect without overflow or having to be clamped.
3988         * platform/graphics/FloatRect.h:
3989         * platform/graphics/FloatSize.cpp:
3990         (WebCore::FloatSize::isExpressibleAsIntSize): Same as FloatRect, but for FloatSize->IntSize.
3991         * platform/graphics/FloatSize.h:
3992         * platform/graphics/cg/ImageBufferCG.cpp: Added check for overflow.
3993         (WebCore::ImageBuffer::ImageBuffer):
3994
3995 2011-09-02  Dan Bernstein  <mitz@apple.com>
3996
3997         <rdar://problem/9755843> anonymous RenderMathMLOperator sets itself as the renderer of its parent mfenced node
3998
3999         Reviewed by Darin Adler.
4000
4001         Test: mathml/operator-hijacks-fenced-node.xhtml
4002
4003         * rendering/mathml/RenderMathMLOperator.cpp:
4004         (WebCore::RenderMathMLOperator::updateFromElement): Rather than unconditionally setting the
4005         node’s renderer&nbs