Fix null handling for HTMLIFrameElement.marginWidth / marginHeight
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-21  Chris Dumez  <cdumez@apple.com>
2
3         Fix null handling for HTMLIFrameElement.marginWidth / marginHeight
4         https://bugs.webkit.org/show_bug.cgi?id=160037
5
6         Reviewed by Ryosuke Niwa.
7
8         Fix null handling for HTMLIFrameElement.marginWidth / marginHeight to
9         match the specification:
10         - https://html.spec.whatwg.org/#HTMLIFrameElement-partial
11
12         We are supposed to treat null as the empty string. Both Firefox and
13         Chrome agree with the specification.
14
15         No new tests, rebaselined existing tests.
16
17         * html/HTMLIFrameElement.idl:
18
19 2016-07-21  Chris Dumez  <cdumez@apple.com>
20
21         Fix null handling for HTMLImageElement.border
22         https://bugs.webkit.org/show_bug.cgi?id=160039
23
24         Reviewed by Ryosuke Niwa.
25
26         Fix null handling for HTMLImageElement.border to match the specification:
27         - https://html.spec.whatwg.org/#HTMLImageElement-partial
28
29         We are supposed to treat null as the empty string.
30
31         Both Firefox and Chrome agree with the specification.
32
33         No new tests, rebaselined existing tests.
34
35         * html/HTMLImageElement.idl:
36
37 2016-07-21  Daniel Bates  <dabates@apple.com>
38
39         REGRESSION: Plugin replaced YouTube Flash videos always have the same width
40         https://bugs.webkit.org/show_bug.cgi?id=159998
41         <rdar://problem/27462285>
42
43         Reviewed by Simon Fraser.
44
45         Fixes an issue where the width of a plugin replaced YouTube video loaded via an HTML embed
46         element would always have the same width regardless of value of the width attribute.
47
48         For YouTube Flash videos the YouTube plugin replacement substitutes a shadow DOM subtree
49         for the default renderer of an HTML embed element. The root of this shadow DOM subtree
50         is an HTML div element. Currently we set inline styles on this <div> when it is instantiated.
51         In particular, we set inline display and position to "inline-block" and "relative", respectively,
52         and set an invalid height and width (we specify a font weight value instead of a CSS length value
53         - this causes an ASSERT_NOT_REACHED() assertion failure in StyleBuilderConverter::convertLengthSizing()
54         in a debug build). These styles never worked as intended and we ultimately created an inline
55         renderer (ignoring display "inline-block") that had auto width and height. Instead it is sufficient
56         to remove all these inline styles and create a RenderBlockFlow renderer for this <div> so that it
57         renders as a block, non-replaced element to achieve the intended illusion that the <embed> is a
58         single element.
59
60         * html/shadow/YouTubeEmbedShadowElement.cpp: Remove unused header HTMLEmbedElement.h and include
61         header RenderBlockFlow.h. Also update copyright in license block.
62         (WebCore::YouTubeEmbedShadowElement::YouTubeEmbedShadowElement): Remove inline styles as these
63         never worked as intended.
64         (WebCore::YouTubeEmbedShadowElement::createElementRenderer): Override; create a block-flow
65         renderer for us so that we layout as a block, non-replaced element.
66         * html/shadow/YouTubeEmbedShadowElement.h:
67
68 2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>
69
70         [iPhone] Playing a video on tudou.com plays only sound, no video
71         https://bugs.webkit.org/show_bug.cgi?id=159967
72         <rdar://problem/26964090>
73
74         Reviewed by Jon Lee, Jeremy Jones, and Anders Carlsson.
75
76         WebKit recently starting honoring the playsinline and webkit-playsinline
77         attribute on iPhones. However, because these attributes previously did
78         nothing, some sites (such as Todou) were setting them on their content
79         and expecting that they are not honored. In this specific case, the
80         video is absolutely positioned to be 1 pixel x 1 pixel.
81
82         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
83         property on their WKWebView, which would honor the webkit-playsinline
84         attribute. Safari on iPhones didn't do this.
85
86         In order to not break these existing apps, it's important that the
87         allowsInlineMediaPlayback preference still allows webkit-playsinline
88         videos to play inline in apps using WKWebView. However, in Safari, these
89         videos should play fullscreen. (Todou videos have webkit-playsinline
90         but not playsinline.)
91
92         Therefore, in Safari, videos with playsinline should be inline, but
93         videos with webkit-playsinline should be fullscreen. In apps using
94         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
95         playsinline should be inline, and videos with webkit-playsinline should
96         also be inline. Videos on iPad and Mac should all be inline by default.
97
98         We can create some truth tables for the cases which need to be covered:
99
100         All apps on Mac / iPad:
101         Presence of playsinline | Presence of webkit-playsinline | Result
102         ========================|================================|===========
103         Not present             | Not present                    | Inline
104         Present                 | Not present                    | Inline
105         Not Present             | Present                        | Inline
106         Present                 | Present                        | Inline
107
108         Safari on iPhone:
109         Presence of playsinline | Presence of webkit-playsinline | Result
110         ========================|================================|===========
111         Not present             | Not present                    | Fullscreen
112         Present                 | Not present                    | Inline
113         Not Present             | Present                        | Fullscreen
114         Present                 | Present                        | Inline
115
116         App on iPhone which sets allowsInlineMediaPlayback:
117         Presence of playsinline | Presence of webkit-playsinline | Result
118         ========================|================================|===========
119         Not present             | Not present                    | Fullscreen
120         Present                 | Not present                    | Inline
121         Not Present             | Present                        | Inline
122         Present                 | Present                        | Inline
123
124         The way to distinguish Safari from another app is to create an SPI
125         boolean preference which Safari can set. This is already how the
126         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
127         which Safari sets but other apps don't. However, this preference is
128         no longer sufficient because Safari should now be discriminating
129         between the playsinline and webkit-playsinline attributes. Therefore,
130         this preference should be extended to two boolean preferences, which
131         this patch adds:
132
133         allowsInlineMediaPlaybackWithPlaysInlineAttribute
134         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
135
136         Safari on iPhone will set
137         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
138         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
139         false. Other apps on iPhone will get their defaults values (because they
140         are SPI) which means they will both be true. On iPad and Mac, apps will
141         use the defaults values where both are false.
142
143         This patch adds support for these two preferences, but does not remove
144         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
145         I will remove the exising preference as soon as I update Safari to migrate
146         off of it.
147
148         Test: media/video-playsinline.html
149
150         * html/MediaElementSession.cpp:
151         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
152         * page/Settings.cpp:
153         * page/Settings.in:
154         * testing/InternalSettings.cpp:
155         (WebCore::InternalSettings::Backup::Backup):
156         (WebCore::InternalSettings::Backup::restoreTo):
157         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
158         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
159         * testing/InternalSettings.h:
160         * testing/InternalSettings.idl:
161
162 2016-07-21  Ryosuke Niwa  <rniwa@webkit.org>
163
164         Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply
165         https://bugs.webkit.org/show_bug.cgi?id=160011
166
167         Reviewed by Chris Dumez.
168
169         Add a null pointer check for renderer() call.
170
171         Unfortunately no new tests since we don't have a reproduction.
172
173         * editing/DeleteSelectionCommand.cpp:
174         (WebCore::DeleteSelectionCommand::doApply):
175
176 2016-07-21  Chris Dumez  <cdumez@apple.com>
177
178         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
179         https://bugs.webkit.org/show_bug.cgi?id=160030
180
181         Reviewed by Sam Weinig.
182
183         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
184         as per the specification:
185         - https://dom.spec.whatwg.org/#domimplementation
186
187         Firefox and Chrome both agree with the specification. However, those
188         parameters were marked as optional in WebKit. Calling this function
189         without parameters would create a document element whose tag is the
190         string "undefined", which does not seem helpful. This patch thus
191         aligns our behavior with the specification and other browsers.
192
193         No new tests, rebaselined existing tests.
194
195         * dom/DOMImplementation.idl:
196
197 2016-07-21  Chris Dumez  <cdumez@apple.com>
198
199         Kill legacy valueToStringWithNullCheck() utility function
200         https://bugs.webkit.org/show_bug.cgi?id=159991
201
202         Reviewed by Sam Weinig.
203
204         Kill legacy valueToStringWithNullCheck() utility function. Treating null as
205         a null string is legacy behavior so drop this function so that people are
206         not tempted to use it. We should be using either:
207         1. JSValue::toWTFString() for non-nullable DOMStrings
208         2. valueToStringWithUndefinedOrNullCheck() for nullable DOMStrings
209         3. valueToStringTreatingNullAsEmptyString() for strings with [TreatNullAs=EmptyString]
210
211         No new tests, no web-exposed behavior change.
212
213         * bindings/js/JSDOMBinding.cpp:
214         (WebCore::valueToStringWithNullCheck): Deleted.
215         * bindings/js/JSDOMBinding.h:
216         * bindings/js/JSHTMLFrameElementCustom.cpp:
217         (WebCore::JSHTMLFrameElement::setLocation):
218         * html/HTMLFrameElement.idl:
219
220 2016-07-21  Zalan Bujtas  <zalan@apple.com>
221
222         Do not keep invalid IOSurface in ImageBufferData.
223         https://bugs.webkit.org/show_bug.cgi?id=160005
224         <rdar://problem/27208636>
225
226         Reviewed by Simon Fraser.
227
228         When we fail to initialize the IOSurface for the accelerated context, we switch over to
229         the non-accelerated code path. Since ImageBufferData::surface is used to indicate whether
230         the graphics context is in accelerated mode, we need to reset it when the initialization fails.
231
232         Unable to create a test case.
233
234         * platform/graphics/cg/ImageBufferCG.cpp:
235         (WebCore::ImageBuffer::ImageBuffer):
236
237 2016-07-21  Chris Dumez  <cdumez@apple.com>
238
239         playsInline IDL attribute has the wrong casing
240         https://bugs.webkit.org/show_bug.cgi?id=160029
241         <rdar://problem/27474031>
242
243         Reviewed by Jon Lee.
244
245         Fix case from video.playsinline to video.playsInline in order to match
246         the specification:
247         - https://html.spec.whatwg.org/multipage/embedded-content.html#the-video-element:dom-video-playsinline
248
249         It still reflects the "playsinline" content attribute though, as per
250         the specification:
251         - https://html.spec.whatwg.org/multipage/embedded-content.html#dom-video-playsinline
252
253         No new tests, updated existing test.
254
255         * html/HTMLVideoElement.idl:
256
257 2016-07-21  Chris Dumez  <cdumez@apple.com>
258
259         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
260         https://bugs.webkit.org/show_bug.cgi?id=160026
261
262         Reviewed by Sam Weinig.
263
264         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
265         attribute as it does not match the specification:
266         - https://html.spec.whatwg.org/multipage/scripting.html#canvascompositing
267
268         It does not change web-exposed behavior because assigning to "" or "null"
269         gets ignored as those are not valid operations.
270
271         Test: fast/canvas/context-globalCompositeOperation-null.html
272
273         * html/canvas/CanvasRenderingContext2D.idl:
274
275 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
276
277         [GTK][Threaded Compositor] Overlay scrollbars shouldn't be a requirement of the threaded compositor
278         https://bugs.webkit.org/show_bug.cgi?id=160020
279
280         Reviewed by Michael Catanzaro.
281
282         It has been a requirement only because we didn't really know why frame scrollbars were not rendered when using
283         the threaded compositor. The reason is that RenderView doesn't use layers for FrameView scrollbars by default,
284         unless using overlay scrollbars. When using the threaded compositor we really need layers for the FrameView
285         scrollbars even when not using overlay scrollbars.
286
287         * platform/gtk/ScrollbarThemeGtk.cpp:
288         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk): Stop enforcing overlay scrollbars when threaded compositor is enabled.
289         * rendering/RenderLayerCompositor.cpp:
290         (WebCore::RenderLayerCompositor::shouldCompositeOverflowControls): Always use layers for scrollbars when
291         threaded compositor is enabled.
292
293 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
294
295         [Cairo] Fix a crash in fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
296         https://bugs.webkit.org/show_bug.cgi?id=160014
297
298         Reviewed by Michael Catanzaro.
299
300         In r202887 some null checks were added for JSArray::createUninitialized (and related) but not for the
301         ImageBuffer cairo implementation.
302
303         * platform/graphics/cairo/ImageBufferCairo.cpp:
304         (WebCore::getImageData): Return early if Uint8ClampedArray::createUninitialized() returns nullptr.
305
306 2016-07-21  Miguel Gomez  <magomez@igalia.com>
307
308         [GTK] The GSTREAMER_GL path in MediaPlayerPrivateGStreamerBase::paintToTextureMapper() is missing a mutex lock
309         https://bugs.webkit.org/show_bug.cgi?id=160018
310
311         Reviewed by Philippe Normand.
312
313         Lock the video sample mutex while accessing it.
314
315         Covered by existent tests.
316
317         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
318         (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
319
320 2016-07-21  Miguel Gomez  <magomez@igalia.com>
321
322         [Threaded Compositor] Flickering when zooming in/out in maps.google.com
323         https://bugs.webkit.org/show_bug.cgi?id=154069
324
325         Reviewed by Carlos Garcia Campos.
326
327         Add a new extra buffer to GraphicsContext3D when using the Threaded Compositor,
328         so it doesn't have to reuse the buffers that are still waiting for composition.
329
330         Covered by existing tests.
331
332         * platform/graphics/GraphicsContext3D.h:
333         Add a new texture to use for the rendering. Remove the compositor fbo we were using.
334         * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
335         (WebCore::GraphicsContext3D::GraphicsContext3D):
336         Initialize the new texture and remove the previous fbo related code.
337         (WebCore::GraphicsContext3D::~GraphicsContext3D):
338         Properly destroy the new texture and remove the previous fbo related code.
339         * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
340         (WebCore::GraphicsContext3D::reshapeFBOs):
341         Allocate the new texture and remove the previous fbo allocation.
342         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
343         (WebCore::GraphicsContext3D::prepareTexture):
344         Use a single fbo with three textures instead of two fbos with a texture each.
345         Rotate the three textures usage so:
346         - m_texture becomes m_compositorTexture to be pushed to the compositor.
347         - m_intermediateTexture becomes m_texture to receive the next rendering.
348         - m_compositorTexture becomes m_intermediateTexture.
349         And add a glFlush() to ensure that the gl commands are sent to the pipeline.
350         * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
351         (WebCore::GraphicsContext3D::reshapeFBOs):
352         Allocate the new texture.
353
354 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
355
356         [GTK][Threaded Compositor] Web view background colors don't work
357         https://bugs.webkit.org/show_bug.cgi?id=159465
358
359         Reviewed by Michael Catanzaro.
360
361         * rendering/RenderLayerBacking.cpp:
362         (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): Initialize frame view layer opacity for platforms not
363         using the tiled cache layer.
364
365 2016-07-20  Youenn Fablet  <youenn@apple.com>
366
367         [XHR] Cache response JS object in case of arraybuffer and blob response types
368         https://bugs.webkit.org/show_bug.cgi?id=128903
369
370         Reviewed by Alex Christensen.
371
372         Covered by existing and modified tests.
373
374         Making response getter a JS builtin that caches response in @response private slot.
375         Handling invalidation of cached response with @responseCacheIsValid new private method.
376         Handling creation of cached response with @retrieveResponse new private method which reuses most of
377         JSXMLHttpRequest::response previous code.
378
379         Caching of responses is activated whenever load ended without any error for blob and arraybuffer response types.
380
381         Caching of response for document is also activated in case the response getter is used but not if responseXML getter is used.
382
383         * CMakeLists.txt: Adding XMLHttpRequest.js.
384         * DerivedSources.make: Ditto.
385         * bindings/js/JSXMLHttpRequestCustom.cpp:
386         (WebCore::JSXMLHttpRequest::retrieveResponse): Implements creation of to-be-cached response.
387         (WebCore::JSXMLHttpRequest::response): Deleted.
388         * bindings/js/WebCoreBuiltinNames.h: Adding new private names.
389         * xml/XMLHttpRequest.cpp:
390         (WebCore::XMLHttpRequest::didCacheResponse): Renamed from didCacheResponseJSON as all response types are now cached.
391         (WebCore::XMLHttpRequest::didCacheResponseJSON): Deleted.
392         * xml/XMLHttpRequest.h:
393         * xml/XMLHttpRequest.idl:
394
395 2016-07-20  Youenn Fablet  <youenn@apple.com>
396
397         Remove crossOriginRequestPolicy from ThreadableLoaderOptions
398         https://bugs.webkit.org/show_bug.cgi?id=159417
399
400         Reviewed by Alex Christensen.
401
402         No observable change.
403
404         * Modules/fetch/FetchLoader.cpp:
405         (WebCore::FetchLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
406         * fileapi/FileReaderLoader.cpp:
407         (WebCore::FileReaderLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
408         * inspector/InspectorNetworkAgent.cpp:
409         (WebCore::InspectorNetworkAgent::loadResource): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
410         * loader/DocumentThreadableLoader.cpp:
411         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
412         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest): UseAccessControl -> FetchOptions::Mode::Cors.
413         (WebCore::DocumentThreadableLoader::redirectReceived): Ditto.
414         (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
415         (WebCore::DocumentThreadableLoader::loadRequest): Use NoCors as option passed to ResourceLoader. This allows
416         desactivating ResourceLoader CORS checks as they are done in DocumentThreadableLoader right now. In the future,
417         these checks should be moved to ResourceLoader and DocumentThreadableLoader should directly pass the fetch mode
418         option.
419         (WebCore::DocumentThreadableLoader::isAllowedRedirect): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
420         * loader/ThreadableLoader.cpp:
421         (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing CrossOriginRequestPolicy.
422         * loader/ThreadableLoader.h: Ditto.
423         * loader/WorkerThreadableLoader.cpp:
424         (WebCore::LoaderTaskOptions::LoaderTaskOptions): Ditto.
425         * page/EventSource.cpp:
426         (WebCore::EventSource::connect): UseAccessControl -> FetchOptions::Mode::Cors.
427         * workers/Worker.cpp:
428         (WebCore::Worker::create): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
429         * workers/WorkerGlobalScope.cpp:
430         (WebCore::WorkerGlobalScope::importScripts): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
431         * workers/WorkerScriptLoader.cpp:
432         (WebCore::WorkerScriptLoader::loadSynchronously):
433         (WebCore::WorkerScriptLoader::loadAsynchronously):
434         * workers/WorkerScriptLoader.h:
435         * xml/XMLHttpRequest.cpp:
436         (WebCore::XMLHttpRequest::createRequest):
437
438 2016-07-20  Chris Dumez  <cdumez@apple.com>
439
440         Fix null handling of several Document attributes
441         https://bugs.webkit.org/show_bug.cgi?id=159997
442
443         Reviewed by Ryosuke Niwa.
444
445         Fix null handling of the following Document attributes: title, cookie
446         and domain.
447
448         In WebKit, they were all marked as [TreatNullAs=EmptyString], which
449         does not match the specification:
450         - https://html.spec.whatwg.org/multipage/dom.html#document
451
452         Details for each attribute:
453         - title: null is now treated as the string "null", thus setting the
454           document title to "null". This matches Firefox and Chrome.
455         - cookie: adds a "null" cookie instead of being a no-op. This matches
456                   both Firefox and Chrome.
457         - domain: Calls setDomain(String("null")) instead of
458                   setDomain(String()). This throws an exception because "null"
459                   is not a suffix of the effective domain name. The behavior
460                   is the same in Firefox and Chrome. Previously, we were
461                   already throwing an exception since setting the domain to
462                   the empty string throws, as per the specification.
463
464         Test: http/tests//dom/document-attributes-null-handling.html
465
466         * dom/Document.idl:
467
468 2016-07-20  Commit Queue  <commit-queue@webkit.org>
469
470         Unreviewed, rolling out r203471.
471         https://bugs.webkit.org/show_bug.cgi?id=160003
472
473         many iOS-simulator tests are failing (Requested by litherum on
474         #webkit).
475
476         Reverted changeset:
477
478         "[iPhone] Playing a video on tudou.com plays only sound, no
479         video"
480         https://bugs.webkit.org/show_bug.cgi?id=159967
481         http://trac.webkit.org/changeset/203471
482
483 2016-07-19  Ryosuke Niwa  <rniwa@webkit.org>
484
485         iOS: Cannot paste images in RTF content
486         https://bugs.webkit.org/show_bug.cgi?id=159964
487         <rdar://problem/27442806>
488
489         Reviewed by Enrica Casucci.
490
491         The bug was caused by setDefersLoading(true) not deferring image loading for the parsed fragment.
492         Worked around this bug by disabling image loading while parsing the document fragment.
493
494         * editing/ios/EditorIOS.mm:
495         (WebCore::Editor::createFragmentAndAddResources):
496
497 2016-07-20  Brady Eidson  <beidson@apple.com>
498
499         Address a small FIXME in IDB code.
500         https://bugs.webkit.org/show_bug.cgi?id=159999
501
502         Reviewed by Andy Estes.
503
504         No new tests (No behavior change).
505
506         * Modules/indexeddb/IDBRequest.cpp:
507         (WebCore::IDBRequest::IDBRequest):
508         
509         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
510         (WebCore::IDBResourceIdentifier::IDBResourceIdentifier): Deleted.
511         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
512
513 2016-07-20  Brady Eidson  <beidson@apple.com>
514
515         Remove some "modernFoo"s from IndexedDB code.
516         https://bugs.webkit.org/show_bug.cgi?id=159985
517
518         Reviewed by Andy Estes.
519
520         No new tests (No known behavior change).
521
522         * Modules/indexeddb/IDBCursor.cpp:
523         (WebCore::IDBCursor::IDBCursor):
524         (WebCore::IDBCursor::~IDBCursor):
525         (WebCore::IDBCursor::sourcesDeleted):
526         (WebCore::IDBCursor::effectiveObjectStore):
527         (WebCore::IDBCursor::transaction):
528         (WebCore::IDBCursor::direction):
529         (WebCore::IDBCursor::update):
530         (WebCore::IDBCursor::advance):
531         (WebCore::IDBCursor::continueFunction):
532         (WebCore::IDBCursor::uncheckedIterateCursor):
533         (WebCore::IDBCursor::deleteFunction):
534         (WebCore::IDBCursor::setGetResult):
535         
536         * Modules/indexeddb/IDBIndex.cpp:
537         (WebCore::IDBIndex::IDBIndex):
538         (WebCore::IDBIndex::~IDBIndex):
539         (WebCore::IDBIndex::hasPendingActivity):
540         (WebCore::IDBIndex::name):
541         (WebCore::IDBIndex::objectStore):
542         (WebCore::IDBIndex::keyPath):
543         (WebCore::IDBIndex::unique):
544         (WebCore::IDBIndex::multiEntry):
545         (WebCore::IDBIndex::openCursor):
546         (WebCore::IDBIndex::doCount):
547         (WebCore::IDBIndex::openKeyCursor):
548         (WebCore::IDBIndex::doGet):
549         (WebCore::IDBIndex::doGetKey):
550         (WebCore::IDBIndex::markAsDeleted):
551         * Modules/indexeddb/IDBIndex.h:
552         
553         * Modules/indexeddb/IDBObjectStore.cpp:
554         (WebCore::IDBObjectStore::transaction):
555         (WebCore::IDBObjectStore::deleteFunction): Deleted.
556         (WebCore::IDBObjectStore::modernDelete): Deleted.
557         * Modules/indexeddb/IDBObjectStore.h:
558         
559         * bindings/js/JSIDBIndexCustom.cpp:
560         (WebCore::JSIDBIndex::visitAdditionalChildren):
561
562 2016-07-20  Chris Dumez  <cdumez@apple.com>
563
564         Stop using valueToStringWithNullCheck() in JSCSSStyleDeclaration::putDelegate()
565         https://bugs.webkit.org/show_bug.cgi?id=159982
566
567         Reviewed by Ryosuke Niwa.
568
569         valueToStringWithNullCheck() treats null as the null String() which is
570         legacy / non standard behavior. The specification says we should treat
571         null as the empty string:
572         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
573
574         Therefore, we should be using valueToStringTreatingNullAsEmptyString() instead.
575
576         In practice, there is no web-exposed behavior change because
577         MutableStyleProperties::setProperty() removes the property wether the
578         value is the null String or the empty String.
579
580         This behavior is correct since the specification says that we should
581         remove the property if the value is the empty string:
582         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty (step 4)
583
584         I added test coverage to make sure we behave according to specification.
585         This test is passing in Firefox, Chrome and in WebKit (before and after
586         my change).
587
588         Test: fast/css/CSSStyleDeclaration-property-setter.html
589
590         * bindings/js/JSCSSStyleDeclarationCustom.cpp:
591         (WebCore::JSCSSStyleDeclaration::putDelegate):
592
593 2016-07-20  Chris Dumez  <cdumez@apple.com>
594
595         Fix null handling of HTMLFrameElement.marginWidth / marginHeight
596         https://bugs.webkit.org/show_bug.cgi?id=159987
597
598         Reviewed by Ryosuke Niwa.
599
600         Fix null handling of HTMLFrameElement.marginWidth / marginHeight:
601         - https://html.spec.whatwg.org/multipage/obsolete.html#htmlframeelement
602
603         We are supposed to treat null as the empty string but we treat it as
604         the string "null".
605
606         Firefox and Chrome both match the specification.
607
608         No new tests, updated existing tests.
609
610         * html/HTMLFrameElement.idl:
611
612 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
613
614         Pausing autoplayed media should not remove all restrictions for that media element
615         https://bugs.webkit.org/show_bug.cgi?id=159988
616
617         Reviewed by Jon Lee.
618
619         Localizes the removal of behavior restrictions introduced in r203464 upon pausing an
620         autoplaying video to just affect the hiding or showing of the media controller. This
621         prevents pages from using Javascript to start playing autoplaying videos that have
622         been paused by the user.
623
624         * html/HTMLMediaElement.cpp:
625         (WebCore::HTMLMediaElement::pause):
626
627 2016-07-20  Myles C. Maxfield  <mmaxfield@apple.com>
628
629         [iPhone] Playing a video on tudou.com plays only sound, no video
630         https://bugs.webkit.org/show_bug.cgi?id=159967
631         <rdar://problem/26964090>
632
633         Reviewed by Jon Lee.
634
635         WebKit recently starting honoring the playsinline and webkit-playsinline
636         attribute on iPhones. However, because these attributes previously did
637         nothing, some sites (such as Todou) were setting them on their content
638         and expecting that they are not honored. In this specific case, the
639         video is absolutely positioned to be 1 pixel x 1 pixel.
640
641         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
642         property on their WKWebView, which would honor the webkit-playsinline
643         attribute. Safari on iPhones didn't do this.
644
645         In order to not break these existing apps, it's important that the
646         allowsInlineMediaPlayback preference still allows webkit-playsinline
647         videos to play inline in apps using WKWebView. However, in Safari, these
648         videos should play fullscreen. (Todou videos have webkit-playsinline
649         but not playsinline.)
650
651         Therefore, in Safari, videos with playsinline should be inline, but
652         videos with webkit-playsinline should be fullscreen. In apps using
653         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
654         playsinline should be inline, and videos with webkit-playsinline should
655         also be inline. Videos on iPad and Mac should all be inline by default.
656
657         We can create some truth tables for the cases which need to be covered:
658
659         All apps on Mac / iPad:
660         Presence of playsinline | Presence of webkit-playsinline | Result
661         ========================|================================|===========
662         Not present             | Not present                    | Inline
663         Present                 | Not present                    | Inline
664         Not Present             | Present                        | Inline
665         Present                 | Present                        | Inline
666
667         Safari on iPhone:
668         Presence of playsinline | Presence of webkit-playsinline | Result
669         ========================|================================|===========
670         Not present             | Not present                    | Fullscreen
671         Present                 | Not present                    | Inline
672         Not Present             | Present                        | Fullscreen
673         Present                 | Present                        | Inline
674
675         App on iPhone which sets allowsInlineMediaPlayback:
676         Presence of playsinline | Presence of webkit-playsinline | Result
677         ========================|================================|===========
678         Not present             | Not present                    | Fullscreen
679         Present                 | Not present                    | Inline
680         Not Present             | Present                        | Inline
681         Present                 | Present                        | Inline
682
683         The way to distinguish Safari from another app is to create an SPI
684         boolean preference which Safari can set. This is already how the
685         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
686         which Safari sets but other apps don't. However, this preference is
687         no longer sufficient because Safari should now be discriminating
688         between the playsinline and webkit-playsinline attributes. Therefore,
689         this preference should be extended to two boolean preferences, which
690         this patch adds:
691
692         allowsInlineMediaPlaybackWithPlaysInlineAttribute
693         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
694
695         Safari on iPhone will set
696         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
697         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
698         false. Other apps on iPhone will get their defaults values (because they
699         are SPI) which means they will both be true. On iPad and Mac, apps will
700         use the defaults values where both are false.
701
702         This patch adds support for these two preferences, but does not remove
703         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
704         I will remove the exising preference as soon as I update Safari to migrate
705         off of it.
706
707         Test: media/video-playsinline.html
708
709         * html/MediaElementSession.cpp:
710         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
711         * page/Settings.cpp:
712         * page/Settings.in:
713         * testing/InternalSettings.cpp:
714         (WebCore::InternalSettings::Backup::Backup):
715         (WebCore::InternalSettings::Backup::restoreTo):
716         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
717         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
718         * testing/InternalSettings.h:
719         * testing/InternalSettings.idl:
720
721 2016-07-20  Chris Dumez  <cdumez@apple.com>
722
723         Get rid of custom bindings code for XMLHttpRequest.open()
724         https://bugs.webkit.org/show_bug.cgi?id=159984
725
726         Reviewed by Ryosuke Niwa.
727
728         Get rid of custom bindings code for XMLHttpRequest.open() as the
729         bindings generator is able to generate it.
730
731         Relevant specification:
732         - https://xhr.spec.whatwg.org/#xmlhttprequest
733
734         The issue is that legacy content prevents treating the 'async' argument
735         being undefined identical from it being omitted. However, this can be
736         achieved by using overloading in IDL, like in the specification.
737
738         No new tests, already covered by the following tests:
739         - http/tests/xmlhttprequest/basic-auth.html
740         - http/tests/xmlhttprequest/open-async-overload.html
741
742         * bindings/js/JSXMLHttpRequestCustom.cpp:
743         (WebCore::SendFunctor::SendFunctor): Deleted.
744         (WebCore::SendFunctor::line): Deleted.
745         (WebCore::SendFunctor::column): Deleted.
746         (WebCore::SendFunctor::url): Deleted.
747         (WebCore::SendFunctor::operator()): Deleted.
748         * xml/XMLHttpRequest.cpp:
749         (WebCore::XMLHttpRequest::open):
750         * xml/XMLHttpRequest.h:
751         * xml/XMLHttpRequest.idl:
752
753 2016-07-20  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
754
755         Mark overriden methods in WebCore/svg final classes as final
756         https://bugs.webkit.org/show_bug.cgi?id=159966
757
758         Reviewed by Michael Catanzaro.
759
760         Update WebCore/svg classes so that overriden methods in final classes are marked final.
761
762         * svg/SVGAElement.h:
763         * svg/SVGAltGlyphDefElement.h:
764         * svg/SVGAltGlyphItemElement.h:
765         * svg/SVGAnimateTransformElement.h:
766         * svg/SVGAnimatedColor.h:
767         * svg/SVGCircleElement.h:
768         * svg/SVGClipPathElement.h:
769         * svg/SVGCursorElement.h:
770         * svg/SVGDefsElement.h:
771         * svg/SVGDescElement.h:
772         * svg/SVGEllipseElement.h:
773         * svg/SVGFEMergeNodeElement.h:
774         * svg/SVGFilterElement.h:
775         * svg/SVGFontElement.h:
776         * svg/SVGFontFaceElement.h:
777         * svg/SVGFontFaceFormatElement.h:
778         * svg/SVGFontFaceNameElement.h:
779         * svg/SVGFontFaceSrcElement.h:
780         * svg/SVGFontFaceUriElement.h:
781         * svg/SVGForeignObjectElement.h:
782         * svg/SVGGElement.h:
783         * svg/SVGGlyphElement.h:
784         * svg/SVGGlyphRefElement.h:
785         * svg/SVGHKernElement.h:
786         * svg/SVGImageElement.h:
787         * svg/SVGLineElement.h:
788         * svg/SVGMPathElement.h:
789         * svg/SVGMaskElement.h:
790         * svg/SVGMetadataElement.h:
791         * svg/SVGMissingGlyphElement.h:
792         * svg/SVGPathBuilder.h:
793         * svg/SVGPathByteStreamBuilder.h:
794         * svg/SVGPathByteStreamSource.h:
795         * svg/SVGPathElement.h:
796         * svg/SVGPathSegArcAbs.h:
797         * svg/SVGPathSegArcRel.h:
798         * svg/SVGPathSegClosePath.h:
799         * svg/SVGPathSegCurvetoCubicAbs.h:
800         * svg/SVGPathSegCurvetoCubicRel.h:
801         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
802         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
803         * svg/SVGPathSegCurvetoQuadraticAbs.h:
804         * svg/SVGPathSegCurvetoQuadraticRel.h:
805         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
806         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
807         * svg/SVGPathSegLinetoAbs.h:
808         * svg/SVGPathSegLinetoHorizontalAbs.h:
809         * svg/SVGPathSegLinetoHorizontalRel.h:
810         * svg/SVGPathSegLinetoRel.h:
811         * svg/SVGPathSegLinetoVerticalAbs.h:
812         * svg/SVGPathSegLinetoVerticalRel.h:
813         * svg/SVGPathSegListBuilder.h:
814         * svg/SVGPathSegListSource.h:
815         * svg/SVGPathSegMovetoAbs.h:
816         * svg/SVGPathSegMovetoRel.h:
817         * svg/SVGPathStringSource.h:
818         * svg/SVGPathTraversalStateBuilder.h:
819         * svg/SVGPatternElement.h:
820         * svg/SVGRectElement.h:
821         * svg/SVGScriptElement.h:
822         * svg/SVGStopElement.h:
823         * svg/SVGStyleElement.h:
824         * svg/SVGSwitchElement.h:
825         * svg/SVGTRefElement.cpp:
826         * svg/SVGTitleElement.h:
827         * svg/SVGToOTFFontConversion.cpp:
828         * svg/SVGUnknownElement.h:
829         * svg/SVGVKernElement.h:
830         * svg/SVGViewElement.h:
831         * svg/SVGZoomEvent.h:
832         * svg/animation/SVGSMILElement.cpp:
833         * svg/graphics/SVGImage.h:
834         * svg/graphics/SVGImageClients.h:
835         * svg/graphics/SVGImageForContainer.h:
836         * svg/graphics/filters/SVGFEImage.h:
837         * svg/graphics/filters/SVGFilter.h:
838         * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
839         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
840         * svg/properties/SVGAnimatedPropertyTearOff.h:
841         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
842         * svg/properties/SVGMatrixTearOff.h:
843         * svg/properties/SVGPathSegListPropertyTearOff.h:
844
845 2016-07-20  Brady Eidson  <beidson@apple.com>
846
847         Transition most IDB interfaces from ScriptExecutionContext to ExecState.
848         https://bugs.webkit.org/show_bug.cgi?id=159975
849
850         Reviewed by Alex Christensen.
851
852         No new tests (No known behavior change).
853
854         * Modules/indexeddb/IDBCursor.cpp:
855         (WebCore::IDBCursor::continueFunction):
856         (WebCore::IDBCursor::deleteFunction):
857         * Modules/indexeddb/IDBCursor.h:
858         * Modules/indexeddb/IDBCursor.idl:
859
860         * Modules/indexeddb/IDBDatabase.idl:
861
862         * Modules/indexeddb/IDBFactory.cpp:
863         (WebCore::IDBFactory::cmp):
864         * Modules/indexeddb/IDBFactory.h:
865         * Modules/indexeddb/IDBFactory.idl:
866
867         * Modules/indexeddb/IDBIndex.cpp:
868         (WebCore::IDBIndex::openCursor):
869         (WebCore::IDBIndex::count):
870         (WebCore::IDBIndex::doCount):
871         (WebCore::IDBIndex::openKeyCursor):
872         (WebCore::IDBIndex::get):
873         (WebCore::IDBIndex::doGet):
874         (WebCore::IDBIndex::getKey):
875         (WebCore::IDBIndex::doGetKey):
876         * Modules/indexeddb/IDBIndex.h:
877         * Modules/indexeddb/IDBIndex.idl:
878
879         * Modules/indexeddb/IDBKeyRange.cpp:
880         (WebCore::IDBKeyRange::only): Deleted.
881         * Modules/indexeddb/IDBKeyRange.h:
882
883         * Modules/indexeddb/IDBObjectStore.cpp:
884         (WebCore::IDBObjectStore::openCursor):
885         (WebCore::IDBObjectStore::get):
886         (WebCore::IDBObjectStore::putOrAdd):
887         (WebCore::IDBObjectStore::deleteFunction):
888         (WebCore::IDBObjectStore::doDelete):
889         (WebCore::IDBObjectStore::modernDelete):
890         (WebCore::IDBObjectStore::clear):
891         (WebCore::IDBObjectStore::createIndex):
892         (WebCore::IDBObjectStore::count):
893         (WebCore::IDBObjectStore::doCount):
894         * Modules/indexeddb/IDBObjectStore.h:
895         * Modules/indexeddb/IDBObjectStore.idl:
896
897         * Modules/indexeddb/IDBTransaction.cpp:
898         (WebCore::IDBTransaction::requestOpenCursor):
899         (WebCore::IDBTransaction::doRequestOpenCursor):
900         (WebCore::IDBTransaction::requestGetRecord):
901         (WebCore::IDBTransaction::requestGetValue):
902         (WebCore::IDBTransaction::requestGetKey):
903         (WebCore::IDBTransaction::requestIndexRecord):
904         (WebCore::IDBTransaction::requestCount):
905         (WebCore::IDBTransaction::requestDeleteRecord):
906         (WebCore::IDBTransaction::requestClearObjectStore):
907         (WebCore::IDBTransaction::requestPutOrAdd):
908         * Modules/indexeddb/IDBTransaction.h:
909
910         * inspector/InspectorIndexedDBAgent.cpp:
911
912 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
913
914         Media controls don't appear when pausing a small autoplaying video
915         https://bugs.webkit.org/show_bug.cgi?id=159972
916         <rdar://problem/27180657>
917
918         Reviewed by Beth Dakin.
919
920         When pausing an autoplaying video, remove behavior restrictions for the
921         initial user gesture and show media controls.
922
923         New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.
924
925         * html/HTMLMediaElement.cpp:
926         (WebCore::HTMLMediaElement::pause):
927
928 2016-07-20  Chris Dumez  <cdumez@apple.com>
929
930         Fix null handling of HTMLMediaElement.mediaGroup
931         https://bugs.webkit.org/show_bug.cgi?id=159974
932
933         Reviewed by Eric Carlson.
934
935         Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
936         - https://www.w3.org/TR/html5/embedded-content-0.html#media-elements
937
938         null is supposed to be treated as the String "null". This patch aligns
939         our behavior with the specification. I tested Firefox and Chrome but both
940         do not have this attribute on HTMLMediaElement.
941
942         Also remove support for [TreatNullAs=LegacyNullString] from our bindings
943         generator as HTMLMediaElement.mediaGroup was the last user.
944
945         No new tests, rebaselined existing test.
946
947         * bindings/scripts/CodeGeneratorJS.pm:
948         (JSValueToNative):
949         * bindings/scripts/IDLAttributes.txt:
950         * html/HTMLMediaElement.idl:
951
952 2016-07-20  Chris Dumez  <cdumez@apple.com>
953
954         CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
955         https://bugs.webkit.org/show_bug.cgi?id=159959
956
957         Reviewed by Alexey Proskuryakov.
958
959         CSSStyleDeclaration.setProperty() should be able to unsert "important"
960         on a property as per the latest specification:
961         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
962         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
963
964         Firefox and Chrome match the specification here but WebKit was ignoring calls
965         to setProperty() if there is already an "important" property wit this name
966         and if the new property does not have the "important" flag set.
967
968         This behavior was added a long time ago via Bug 60007. However, it does not
969         match the latest specification or other browsers.
970
971         Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html
972
973         * css/StyleProperties.cpp:
974         (WebCore::MutableStyleProperties::addParsedProperty):
975         Drop code that was added via Bug 60007 as this behavior no longer matches the
976         specification or other browsers. The layout test added in Bug 60007 fails in
977         other browsers and was updated in this patch to match the specification.
978
979 2016-07-20  Commit Queue  <commit-queue@webkit.org>
980
981         Unreviewed, rolling out r203423.
982         https://bugs.webkit.org/show_bug.cgi?id=159977
983
984         The test for this change is failing on Mac Release WK2
985         (Requested by ryanhaddad on #webkit).
986
987         Reverted changeset:
988
989         "HTMLVideoElement frames do not update on iOS when src is a
990         MediaStream blob"
991         https://bugs.webkit.org/show_bug.cgi?id=159833
992         http://trac.webkit.org/changeset/203423
993
994 2016-07-20  Chris Dumez  <cdumez@apple.com>
995
996         Fix null handling of HTMLSelectElement.value attribute
997         https://bugs.webkit.org/show_bug.cgi?id=159925
998
999         Reviewed by Benjamin Poulain.
1000
1001         Fix null handling of HTMLSelectElement.value attribute:
1002         - https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement
1003
1004         We were treating null as the null String which would end up setting
1005         selectedIndex to -1. However, we should treat null as the String "null"
1006         which would set the selectedIndex to the index of the <option> element
1007         whose value is "null".
1008
1009         Firefox and Chrome match the specification.
1010
1011         Test: fast/dom/HTMLSelectElement/value-null-handling.html
1012
1013         * html/HTMLSelectElement.cpp:
1014         (WebCore::HTMLSelectElement::setValue):
1015         * html/HTMLSelectElement.idl:
1016
1017 2016-07-20  Chris Dumez  <cdumez@apple.com>
1018
1019         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
1020         https://bugs.webkit.org/show_bug.cgi?id=159962
1021         <rdar://problem/21439264>
1022
1023         Reviewed by David Kilzer.
1024
1025         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
1026         is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
1027         call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
1028         However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
1029         other. It is therefore possible for a PostResolutionCallbackDisabler object to get
1030         destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
1031         ResourceLoadSuspender object is alive.
1032
1033         This leads to hard to investigate crashes where we end up re-entering WebKit and killing
1034         the style resolver.
1035
1036         This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
1037         There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
1038         is better because it manages a resolutionNestingDepth counter internally to make sure
1039         it only calls LoaderStrategy::resumePendingRequests() once all
1040         PostResolutionCallbackDisabler instances are destroyed.
1041
1042         No new tests, there is no easy way to reproduce the crashes.
1043
1044         * dom/Document.cpp:
1045         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
1046         * loader/LoaderStrategy.cpp:
1047         (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
1048         (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
1049         * loader/LoaderStrategy.h:
1050
1051 2016-07-19  Youenn Fablet  <youenn@apple.com>
1052
1053         [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
1054         https://bugs.webkit.org/show_bug.cgi?id=159932
1055
1056         Reviewed by Alex Christensen.
1057
1058         Covered by existing tests.
1059
1060         Refactoring Headers initializeWith to use the new built-in internal that implements
1061         https://fetch.spec.whatwg.org/#concept-headers-fill.
1062
1063         Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
1064         Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.
1065
1066         * CMakeLists.txt: Adding FetchHeadersInternals.js
1067         * DerivedSources.make: Ditto.
1068         * Modules/fetch/FetchHeaders.js:
1069         (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
1070         * Modules/fetch/FetchInternals.js: Added.
1071         (fillFetchHeaders):
1072         * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
1073         that the checks are done in the order defined by the spec.
1074         (WebCore::FetchResponse::setStatus):
1075         (WebCore::FetchResponse::initializeWith):
1076         (WebCore::isNullBodyStatus): Deleted.
1077         * Modules/fetch/FetchResponse.h:
1078         * Modules/fetch/FetchResponse.idl:
1079         * Modules/fetch/FetchResponse.js:
1080         (initializeFetchResponse): New built-in internal.
1081         * WebCore.xcodeproj/project.pbxproj:
1082         * bindings/js/WebCoreBuiltinNames.h:
1083
1084 2016-07-19  Chris Dumez  <cdumez@apple.com>
1085
1086         Fix null handling of SVGScriptElement.type attribute
1087         https://bugs.webkit.org/show_bug.cgi?id=159927
1088
1089         Reviewed by Benjamin Poulain.
1090
1091         Fix null handling of SVGScriptElement.type attribute:
1092         - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement
1093
1094         We were treating null as the null String which would end up removing
1095         the 'type' content attribute. However, we should treat null as the
1096         String "null".
1097
1098         Firefox and Chrome match the specification.
1099
1100         No new tests, updated existing test.
1101
1102         * svg/SVGScriptElement.idl:
1103
1104 2016-07-19  Chris Dumez  <cdumez@apple.com>
1105
1106         Fix null handling of several HTMLDocument attributes
1107         https://bugs.webkit.org/show_bug.cgi?id=159923
1108
1109         Reviewed by Benjamin Poulain.
1110
1111         Fix null handling of several HTMLDocument attributes:
1112         - https://html.spec.whatwg.org/multipage/dom.html#document
1113         - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial
1114
1115         In particular, null handling was incorrect in WebKit for 'dir',
1116         'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.
1117
1118         Firefox and Chrome match the specification.
1119
1120         Test: fast/dom/HTMLDocument/null-handling.html
1121
1122         * html/HTMLDocument.idl:
1123
1124 2016-07-19  Chris Dumez  <cdumez@apple.com>
1125
1126         Document.createElementNS() / createAttributeNS() parameters should be mandatory
1127         https://bugs.webkit.org/show_bug.cgi?id=159938
1128
1129         Reviewed by Benjamin Poulain.
1130
1131         Document.createElementNS() / createAttributeNS() parameters should be mandatory:
1132         - https://dom.spec.whatwg.org/#document
1133
1134         They were optional in WebKit. However, Firefox and Chrome both match the
1135         specification.
1136
1137         No new tests, rebaselined existing tests.
1138
1139         * dom/Document.idl:
1140
1141 2016-07-19  Benjamin Poulain  <bpoulain@apple.com>
1142
1143         Use getElementById for attribute matching if the attribute name is html's id
1144         https://bugs.webkit.org/show_bug.cgi?id=159960
1145
1146         Reviewed by Chris Dumez.
1147
1148         Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
1149         (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).
1150
1151         If we are not in quirks mode, IdForStyleResolution has the same value
1152         as the Id attribute. We can use the same optimization for both cases.
1153
1154         Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
1155                fast/selectors/id-attribute-querySelector-used-as-id-selector.html
1156
1157         * dom/SelectorQuery.cpp:
1158         (WebCore::canBeUsedForIdFastPath):
1159         (WebCore::findIdMatchingType):
1160         (WebCore::SelectorDataList::SelectorDataList):
1161         (WebCore::selectorForIdLookup):
1162         (WebCore::filterRootById):
1163
1164 2016-07-19  Chris Dumez  <cdumez@apple.com>
1165
1166         Drop SVGElement.xmlbase attribute
1167         https://bugs.webkit.org/show_bug.cgi?id=159926
1168
1169         Reviewed by Benjamin Poulain.
1170
1171         Drop SVGElement.xmlbase attribute as it is no longer part of the
1172         specification:
1173         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
1174
1175         Both Firefox and Chrome have already dropped support for
1176         SVGElement.xmlbase.
1177
1178         Chrome's intent to remove:
1179         https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ
1180
1181         Test: svg/dom/SVGElement-xmlbase.html
1182
1183         * svg/SVGElement.cpp:
1184         (WebCore::SVGElement::removedFrom): Deleted.
1185         * svg/SVGElement.h:
1186         * svg/SVGElement.idl:
1187
1188 2016-07-19  Chris Dumez  <cdumez@apple.com>
1189
1190         Align CSSStyleDeclaration.setProperty() with the specification
1191         https://bugs.webkit.org/show_bug.cgi?id=159955
1192
1193         Reviewed by Benjamin Poulain.
1194
1195         Align CSSStyleDeclaration.setProperty() with the specification:
1196         - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface
1197
1198         In particular, the following changes were needed:
1199         1. The 'value' parameter should not be optional
1200         2. The 'priority' parameter should treat null as the empty string
1201            rather than the string "null".
1202         3. The 'priority' parameter's default value should be the empty string,
1203            not the string "undefined".
1204         4. CSSStyleDeclaration.setProperty() should return early if 'priority'
1205            is not the empty string and is not an ASCII case-insensitive match
1206            for the string "important".
1207
1208         Chrome matches the specification entirely.
1209         Firefox matches the specification with the exception that it does a
1210         case-sensitive match for "important".
1211
1212         Test: fast/css/CSSStyleDeclaration-setProperty.html
1213
1214         * css/CSSStyleDeclaration.idl:
1215         * css/PropertySetCSSStyleDeclaration.cpp:
1216         (WebCore::PropertySetCSSStyleDeclaration::setProperty):
1217
1218 2016-07-19  Daniel Bates  <dabates@apple.com>
1219
1220         CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
1221         https://bugs.webkit.org/show_bug.cgi?id=159841
1222         <rdar://problem/27381684>
1223
1224         Reviewed by Brent Fulgham.
1225
1226         Implement a first pass at sending multiple violation reports so as to more closely
1227         conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
1228         <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).
1229
1230         Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
1231                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
1232                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
1233                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1234                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1235                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
1236                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
1237                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
1238                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
1239                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1240                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1241                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
1242                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
1243                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
1244                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
1245                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1246                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1247                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
1248                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
1249                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
1250                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
1251                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1252                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1253                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
1254                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
1255                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html
1256
1257         * page/csp/ContentSecurityPolicy.cpp:
1258         (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
1259         is allowed by all of the policies with the specified disposition.
1260         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
1261         all of the enforced policies.
1262         (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
1263         Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
1264         so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
1265         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
1266         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
1267         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
1268         all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
1269         nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
1270         address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
1271         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
1272         (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
1273         matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
1274         report-only policies so that we only allow the resource for the former. As a side effect of this change
1275         we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
1276         for more details.
1277         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
1278         (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
1279         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
1280         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
1281         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
1282         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
1283         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
1284         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
1285         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
1286         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
1287         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
1288         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
1289         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
1290         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
1291         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
1292         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
1293         * page/csp/ContentSecurityPolicy.h:
1294         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.
1295
1296 2016-07-19  Chris Dumez  <cdumez@apple.com>
1297
1298         Fix null handling of HTMLScriptElement.text attribute
1299         https://bugs.webkit.org/show_bug.cgi?id=159943
1300
1301         Reviewed by Benjamin Poulain.
1302
1303         Fix null handling of HTMLScriptElement.text attribute:
1304         - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
1305
1306         We should treat null as the "null" String but we were treating it as
1307         the empty string.
1308
1309         Firefox and Chrome match the specification.
1310
1311         No new tests, rebaselined existing test.
1312
1313         * html/HTMLScriptElement.idl:
1314
1315 2016-07-19  Chris Dumez  <cdumez@apple.com>
1316
1317         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
1318         https://bugs.webkit.org/show_bug.cgi?id=159934
1319
1320         Reviewed by Benjamin Poulain.
1321
1322         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
1323         non-standard and we want to drop support for it from the bindings generator.
1324
1325         Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
1326         given that both a missing/empty attribute result in using the default
1327         autocapitalization mode and that autocapitalize returns the empty string by
1328         default.
1329
1330         Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html
1331
1332         * html/HTMLFormElement.idl:
1333         * html/HTMLInputElement.idl:
1334         * html/HTMLTextAreaElement.idl:
1335
1336 2016-07-19  Zalan Bujtas  <zalan@apple.com>
1337
1338         REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
1339         https://bugs.webkit.org/show_bug.cgi?id=159952
1340
1341         Reviewed by Simon Fraser.
1342
1343         Update ASSERTs to reflect new functionality, that is, now we can end up in a state
1344         where the container (RenderView) of one of the dirty subtrees is dirty.
1345         See r203415.
1346  
1347         Covered by editing/pasteboard/drag-drop-input-in-svg.svg
1348
1349         * page/FrameView.cpp:
1350         (WebCore::FrameView::scheduleRelayoutOfSubtree):
1351
1352 2016-07-19  Dean Jackson  <dino@apple.com>
1353
1354         REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
1355         https://bugs.webkit.org/show_bug.cgi?id=159948
1356         <rdar://problem/27391012>
1357
1358         Reviewed by Simon Fraser.
1359
1360         There is an iOS bug (<rdar://problem/27416744>) that is causing us
1361         to not always get a color space on CGContextRefs. Investigation of this
1362         exposed some optimizations we can take when we are creating ImageBuffers.
1363         In particular, if we have a bitmap context or an IOSurfaceContext we
1364         can simply copy their color space using API. Otherwise we stick with
1365         the existing CGContextCopyDeviceColorSpace.
1366
1367         Lastly, if for some reason we are unable to copy the device color space,
1368         we should fall back to sRGB.
1369
1370         * platform/graphics/cg/ImageBufferCG.cpp:
1371         (WebCore::ImageBuffer::createCompatibleBuffer):
1372         * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.
1373
1374
1375 2016-07-19  George Ruan  <gruan@apple.com>
1376
1377         HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
1378         https://bugs.webkit.org/show_bug.cgi?id=159833
1379         <rdar://problem/27379487>
1380
1381         Reviewed by Eric Carlson.
1382
1383         Test: fast/mediastream/MediaStream-video-element-displays-buffer.html
1384
1385         * WebCore.xcodeproj/project.pbxproj:
1386         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
1387         of RefPtr<T>
1388         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
1389         MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
1390         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
1391         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
1392         observers and AVSampleBufferDisplayLayer
1393         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
1394         is available.
1395         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
1396         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
1397         for enqueuing sample buffers to the active video track.
1398         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
1399         exists.
1400         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
1401         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
1402         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
1403         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
1404         new SampleBuffer is available.
1405         (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
1406         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
1407         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
1408         MediaPlayerPrivateMediaSourceAVFObjC.mm
1409         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
1410         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
1411         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
1412         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
1413         * platform/mediastream/MediaStreamPrivate.cpp:
1414         (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
1415         * platform/mediastream/MediaStreamTrackPrivate.cpp:
1416         (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
1417         is available.
1418         * platform/mediastream/MediaStreamTrackPrivate.h:
1419         (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
1420         a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
1421         * platform/mediastream/RealtimeMediaSource.cpp:
1422         (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
1423         * platform/mediastream/RealtimeMediaSource.h:
1424         * platform/mediastream/mac/AVVideoCaptureSource.mm:
1425         (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.
1426
1427 2016-07-19  Anders Carlsson  <andersca@apple.com>
1428
1429         Get rid of a #define private public hack in WebCore
1430         https://bugs.webkit.org/show_bug.cgi?id=159953
1431
1432         Reviewed by Dan Bernstein.
1433
1434         Use @package instead.
1435
1436         * bindings/objc/DOMInternal.h:
1437         * bindings/objc/DOMObject.h:
1438
1439 2016-07-19  Andreas Kling  <akling@apple.com>
1440
1441         Fix SharedBuffer leak in MockContentFilter::replacementData().
1442         <https://webkit.org/b/159945>
1443
1444         Reviewed by Andy Estes.
1445
1446         Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
1447         Since this is in the mock filter, it only affected layout tests.
1448
1449         * testing/MockContentFilter.cpp:
1450         (WebCore::MockContentFilter::replacementData):
1451
1452 2016-07-19  Zalan Bujtas  <zalan@apple.com>
1453
1454         theguardian.co.uk crossword puzzles are sometimes not displaying text
1455         https://bugs.webkit.org/show_bug.cgi?id=159924
1456         <rdar://problem/27409483>
1457
1458         Reviewed by Simon Fraser.
1459
1460         This patch fixes the case when
1461         - 2 disjoint subtrees are dirty
1462         - RenderView is also dirty.
1463         and we end up not laying out one of the 2 subtrees.
1464
1465         In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
1466         we already have a pending full layout which means that any previous subtree layouts have already been
1467         converted to full layouts.
1468         However this assumption is incorrect. RenderView can get dirty without checking if there's
1469         already a pending subtree layout.
1470         One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
1471         so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
1472         However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
1473         The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
1474         This patch implements the second option.
1475
1476         Test: fast/misc/subtree-layouts.html
1477
1478         * page/FrameView.cpp:
1479         (WebCore::FrameView::scheduleRelayoutOfSubtree):
1480
1481 2016-07-19  Anders Carlsson  <andersca@apple.com>
1482
1483         Some payment authorization status values should keep the sheet active
1484         https://bugs.webkit.org/show_bug.cgi?id=159936
1485         rdar://problem/26756701
1486
1487         Reviewed by Tim Horton.
1488
1489         * Modules/applepay/ApplePaySession.cpp:
1490         (WebCore::ApplePaySession::completePayment):
1491         Keep the sheet active if the status isn't a final state status.
1492
1493         * Modules/applepay/PaymentAuthorizationStatus.h:
1494         (WebCore::isFinalStateStatus):
1495         Add a new helper function that returns whether a given payment authorization status is "final",
1496         meaning that once that status has been passed to completePayment, the session is finished.
1497
1498 2016-07-19  Nan Wang  <n_wang@apple.com>
1499
1500         AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
1501         https://bugs.webkit.org/show_bug.cgi?id=159910
1502
1503         Reviewed by Chris Fleizach.
1504
1505         We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
1506         option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
1507         fixed a word navigation issue based on that.
1508
1509         Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html
1510
1511         * accessibility/AXObjectCache.cpp:
1512         (WebCore::AXObjectCache::traverseToOffsetInRange):
1513         (WebCore::AXObjectCache::rangeForNodeContents):
1514         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
1515         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
1516         (WebCore::AXObjectCache::rightWordRange):
1517         (WebCore::AXObjectCache::previousBoundary):
1518         * accessibility/AXObjectCache.h:
1519         (WebCore::AXObjectCache::isNodeInUse):
1520
1521 2016-07-19  Youenn Fablet  <youenn@apple.com>
1522
1523         [Streams API] ReadableStreamController methods should throw if its stream is not readable
1524         https://bugs.webkit.org/show_bug.cgi?id=159871
1525
1526         Reviewed by Xabier Rodriguez-Calvar.
1527
1528         Spec now mandates close and enqueue to throw if ReadableStream is not readable.
1529         Covered by rebased and/or modified tests.
1530
1531         * Modules/streams/ReadableStreamController.js:
1532         (enqueue): Throwing a TypeError if controlled stream is not readable.
1533         (close): Ditto.
1534
1535 2016-07-19  Simon Fraser  <simon.fraser@apple.com>
1536
1537         Bubbles appear split for a brief moment in Messages
1538         https://bugs.webkit.org/show_bug.cgi?id=159915
1539         rdar://problem/27182267
1540
1541         Reviewed by David Hyatt.
1542
1543         RenderView::repaintRootContents() had a long-standing bug in WebView when the
1544         view is scrolled. repaint() uses visualOverflowRect() but, for the 
1545         RenderView, the visualOverflowRect() is the initial containing block
1546         which is anchored at 0,0. When the view is scrolled it's clipped out and
1547         calls to repaintRootContents() have no effect.
1548         
1549         Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
1550         will clip it to the view if necessary.
1551
1552         Test: fast/repaint/scrolled-view-full-repaint.html
1553
1554         * rendering/RenderView.cpp:
1555         (WebCore::RenderView::repaintRootContents):
1556
1557 2016-07-19  Dan Bernstein  <mitz@apple.com>
1558
1559         <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'
1560
1561         * bindings/js/JSDOMGlobalObject.cpp:
1562         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.
1563
1564 2016-07-19  Youenn Fablet  <youenn@apple.com>
1565
1566         [Streams API] Make ReadableStream properties not enumerable
1567         https://bugs.webkit.org/show_bug.cgi?id=159868
1568
1569         Reviewed by Darin Adler.
1570
1571         Covered by rebased tests.
1572
1573         Uopdating IDL definitions to mark all functions/attributes as not enumerable.
1574         Updating IDL constructor definitions to correctly compute constructor length.
1575         Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).
1576
1577         * Modules/streams/ReadableStream.idl:
1578         * Modules/streams/ReadableStream.js:
1579         * Modules/streams/ReadableStreamController.idl:
1580         * Modules/streams/ReadableStreamReader.idl:
1581
1582 2016-07-19  Chris Dumez  <cdumez@apple.com>
1583
1584         form.enctype / encoding / method should treat null as "null" string
1585         https://bugs.webkit.org/show_bug.cgi?id=159916
1586
1587         Reviewed by Ryosuke Niwa.
1588
1589         form.enctype / encoding / method should treat null as "null" string:
1590         - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
1591
1592         Previously, WebKit would treat null as the null String, which would
1593         end up removing the existing attribute.
1594
1595         Firefox and Chrome match the specification.
1596
1597         Test: fast/dom/HTMLFormElement/null-handling.html
1598
1599         * html/HTMLFormElement.h:
1600         * html/HTMLFormElement.idl:
1601
1602 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
1603
1604         All-in-one buildfix after r202439
1605         https://bugs.webkit.org/show_bug.cgi?id=159877
1606
1607         Reviewed by Chris Dumez.
1608
1609         * Modules/webaudio/AudioDestinationNode.h:
1610         (WebCore::AudioDestinationNode::resume):
1611         (WebCore::AudioDestinationNode::suspend):
1612         (WebCore::AudioDestinationNode::close):
1613
1614 2016-07-18  Frederic Wang  <fwang@igalia.com>
1615
1616         Move parsing of subscriptshift and superscriptshift from rendering to element classes
1617         https://bugs.webkit.org/show_bug.cgi?id=159622
1618
1619         Reviewed by Darin Adler.
1620
1621         We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
1622         mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
1623         subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
1624         attribute parsing to the DOM (bug 156536).
1625
1626         No new tests, rendering is unchanged.
1627
1628         * CMakeLists.txt: Add MathMLScriptsElement files.
1629         * WebCore.xcodeproj/project.pbxproj: Ditto.
1630         * mathml/MathMLAllInOne.cpp: Ditto.
1631         * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
1632         (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
1633         * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
1634         parsing for the subscriptshift and superscriptshift MathML lengths.
1635         (WebCore::MathMLScriptsElement::MathMLScriptsElement):
1636         (WebCore::MathMLScriptsElement::create):
1637         (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
1638         parsing the attribute again if necessary.
1639         (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
1640         (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
1641         (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
1642         * mathml/MathMLScriptsElement.h: Ditto.
1643         * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
1644         * rendering/mathml/RenderMathMLScripts.cpp:
1645         (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
1646         MathMLScriptsElement.
1647         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
1648         using the functions from the MathMLScriptsElement class.
1649         * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
1650
1651 2016-07-18  Frederic Wang  <fwang@igalia.com>
1652
1653         Do not store gap and shift parameters on RenderMathMLFraction
1654         https://bugs.webkit.org/show_bug.cgi?id=159876
1655
1656         Reviewed by Darin Adler.
1657
1658         After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
1659         do not need to store them on the class. We remove them and split updateLayoutParameters into
1660         three functions: one to update the linethickness and two others to retrieve the fraction and
1661         stack respectively.
1662
1663         No new tests, rendering is unchanged.
1664
1665         * rendering/mathml/RenderMathMLFraction.cpp:
1666         (WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
1667         (WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
1668         (WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
1669         (WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
1670         for fraction and stack parameters.
1671         (WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
1672         * rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
1673         for stack and fraction parameters.
1674
1675 2016-07-18  Chris Dumez  <cdumez@apple.com>
1676
1677         input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
1678         https://bugs.webkit.org/show_bug.cgi?id=159908
1679
1680         Reviewed by Alex Christensen.
1681
1682         input.formEnctype / formMethod and button.formEnctype / formMethod / type
1683         should treat null as "null" String:
1684         - https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
1685         - https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement
1686
1687         In WebKit, we would treat null as a null String which would end up
1688         removing the corresponding attribute. This does not match the
1689         specification. Firefox and Chrome match the specification here.
1690
1691         Tests:
1692         - fast/dom/HTMLButtonElement/null-handling.html
1693         - fast/dom/HTMLInputElement/null-handling.html
1694
1695         * html/HTMLButtonElement.idl:
1696         * html/HTMLInputElement.idl:
1697
1698 2016-07-18  Alex Christensen  <achristensen@webkit.org>
1699
1700         webbookmarksd needs to use the same AppCache directory as MobileSafari
1701         https://bugs.webkit.org/show_bug.cgi?id=159912
1702
1703         Reviewed by Alexey Proskuryakov.
1704
1705         No new tests.  This only changes behavior for webbookmarksd.
1706
1707         * platform/RuntimeApplicationChecks.h:
1708         * platform/RuntimeApplicationChecks.mm:
1709         (WebCore::IOSApplication::isWebBookmarksD): Added.
1710
1711 2016-07-18  Chris Dumez  <cdumez@apple.com>
1712
1713         EventTarget.dispatchEvent() parameter should not be nullable
1714         https://bugs.webkit.org/show_bug.cgi?id=159897
1715
1716         Reviewed by Benjamin Poulain.
1717
1718         EventTarget.dispatchEvent() parameter should not be nullable:
1719         - https://dom.spec.whatwg.org/#interface-eventtarget
1720
1721         Even though the parameter was marked as nullable in our IDL, our
1722         implementation does a null check and we already throw a TypeError
1723         when calling dispatchEvent(null).
1724
1725         Update our IDL so that it matches the specification and so that
1726         the null check is generated in the bindings instead.
1727
1728         No new tests, rebaseline existing tests.
1729
1730         * dom/EventTarget.cpp:
1731         (WebCore::EventTarget::dispatchEventForBindings):
1732         * dom/EventTarget.h:
1733         * dom/EventTarget.idl:
1734
1735 2016-07-18  Chris Dumez  <cdumez@apple.com>
1736
1737         DocType's publicId / systemId should not be nullable
1738         https://bugs.webkit.org/show_bug.cgi?id=159901
1739
1740         Reviewed by Benjamin Poulain.
1741
1742         DocType's publicId / systemId should not be nullable. While they were
1743         not marked as nullable in our IDL, they could be stored as null Strings
1744         in our implementation depending on how the Node was constructed. This
1745         led to subtle bugs where String() != emptyString().
1746
1747         In particular, Node.isEqualNode() would return false when DocumentType
1748         nodes would mismatch because of their publicId / systemId being null
1749         instead of the emptyString.
1750
1751         Serialization would DocumentType nodes would also be wrong when
1752         publicId / systemId were empty Strings instead of null strings. The
1753         new behavior now matches:
1754         - https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)
1755
1756         To address these issues, we now always store publicId / systemId as
1757         non-null Strings inside the DocumentType class.
1758
1759         Test: fast/dom/DocumentType/isEqualNode.html
1760
1761         * dom/DocumentType.cpp:
1762         (WebCore::DocumentType::DocumentType):
1763         * editing/MarkupAccumulator.cpp:
1764         (WebCore::MarkupAccumulator::appendDocumentType):
1765
1766 2016-07-18  Jeremy Jones  <jeremyj@apple.com>
1767
1768         If previous media session interruptions were prevented, still allow subsequent interruptions to try.
1769         https://bugs.webkit.org/show_bug.cgi?id=157553
1770         rdar://problem/25740804
1771
1772         Reviewed by Eric Carlson.
1773
1774         Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html
1775
1776         When suspending under lock on iOS, there is first a resign active event, then a
1777         suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
1778         suspend under lock to interrupt playback.
1779
1780         Currently if there are nested interruptions only the first one is acted upon.
1781
1782         This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
1783         previous interruptions were ignored.
1784
1785         This test is for iPad only, so it must be run manually.
1786
1787         * html/HTMLMediaElement.cpp:
1788         (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
1789         * platform/audio/PlatformMediaSession.cpp:
1790         (WebCore::PlatformMediaSession::beginInterruption):
1791         * testing/Internals.cpp:
1792         (WebCore::Internals::beginMediaSessionInterruption):
1793
1794 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1795
1796         Don't associate form-associated elements with forms in other trees.
1797         https://bugs.webkit.org/show_bug.cgi?id=119451
1798         <rdar://problem/27382946>
1799
1800         Change is based on the Blink change (patch by <adamk@chromium.org>):
1801         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
1802
1803         Reviewed by Chris Dumez.
1804
1805         Prevent elements from being associated with forms that are not part of the same home subtree.
1806         This brings us in line with the WhatWG HTML specification as of September, 2013.
1807
1808         Tests: fast/forms/image-disconnected-during-parse.html
1809                fast/forms/input-disconnected-during-parse.html
1810
1811         * dom/Element.h:
1812         (WebCore::Node::rootElement): Added.
1813         * html/FormAssociatedElement.cpp:
1814         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
1815         is not part of the same tree, remove the association.
1816         * html/HTMLImageElement.cpp:
1817         (WebCore::HTMLImageElement::insertedInto): Ditto.
1818
1819 2016-07-18  Anders Carlsson  <andersca@apple.com>
1820
1821         WebKit nightly fails to build on macOS Sierra
1822         https://bugs.webkit.org/show_bug.cgi?id=159902
1823         rdar://problem/27365672
1824
1825         Reviewed by Tim Horton.
1826
1827         * Modules/applepay/cocoa/PaymentCocoa.mm:
1828         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
1829         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
1830         * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
1831         Use new PassKitSPI header.
1832
1833         * WebCore.xcodeproj/project.pbxproj:
1834         Add new PassKitSPI header.
1835
1836         * icu/unicode/ucurr.h: Added.
1837         Add ucurr.h from ICU.
1838
1839         * platform/spi/cocoa/PassKitSPI.h: Added.
1840         Add new PassKitSPI header.
1841
1842 2016-07-18  Dean Jackson  <dino@apple.com>
1843
1844         REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
1845         https://bugs.webkit.org/show_bug.cgi?id=159906
1846         <rdar://problem/27391725>
1847
1848         Reviewed by Simon Fraser.
1849
1850         The fix for webkit.org/b/157569 in r200769 broke AMP pages.
1851         The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.
1852
1853         Revert them both until we have better testing.
1854
1855         * css/CSSParser.cpp:
1856         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
1857         (WebCore::CSSParser::parseValue):
1858         (WebCore::CSSParser::parseAnimationShorthand):
1859         (WebCore::CSSParser::parseTransitionShorthand): Deleted.
1860         * css/CSSPropertyNames.in:
1861         * css/PropertySetCSSStyleDeclaration.cpp:
1862         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
1863         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
1864         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
1865         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
1866         * css/StyleProperties.cpp:
1867         (WebCore::MutableStyleProperties::removeShorthandProperty):
1868         (WebCore::MutableStyleProperties::removeProperty):
1869         (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
1870         (WebCore::MutableStyleProperties::setProperty):
1871         (WebCore::getIndexInShorthandVectorForPrefixingVariant):
1872         (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
1873         (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
1874         (WebCore::StyleProperties::asText): Deleted.
1875         * css/StyleProperties.h:
1876
1877 2016-07-18  Andreas Kling  <akling@apple.com>
1878
1879         There should be a way to simulate memory pressure in layout tests
1880         <https://webkit.org/b/159743>
1881
1882         Reviewed by Simon Fraser.
1883
1884         Add three window.internal APIs:
1885
1886             - boolean isUnderMemoryPressure (readonly attribute)
1887             - void beginSimulatedMemoryPressure()
1888             - void endSimulatedMemoryPressure()
1889
1890         These make it possible to write tests that exercise behaviors that only
1891         occur during memory pressure situations.
1892
1893         I also implemented the "org.WebKit.lowMemory" notification handler using the new API.
1894
1895         Test: memory/memory-pressure-simulation.html
1896
1897         * platform/MemoryPressureHandler.cpp:
1898         (WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
1899         (WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):
1900         * platform/MemoryPressureHandler.h:
1901         (WebCore::MemoryPressureHandler::isUnderMemoryPressure):
1902         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1903         (WebCore::MemoryPressureHandler::platformReleaseMemory):
1904         (WebCore::MemoryPressureHandler::install):
1905         * testing/Internals.cpp:
1906         (WebCore::Internals::isUnderMemoryPressure):
1907         (WebCore::Internals::beginSimulatedMemoryPressure):
1908         (WebCore::Internals::endSimulatedMemoryPressure):
1909         * testing/Internals.h:
1910         * testing/Internals.idl:
1911
1912 2016-07-18  Said Abou-Hallawa  <sabouhallawa@apple,com>
1913
1914         [iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
1915         https://bugs.webkit.org/show_bug.cgi?id=158715
1916
1917         Reviewed by Dean Jackson.
1918
1919         Test: fast/images/displaced-non-cached-pdf.html
1920
1921         For iOS, we need to ensure the size of the cached PDF images will not
1922         exceed some limit. Also we should be caching only a sub image of the PDF
1923         if caching the whole image will exceed the memory limit.
1924
1925         * page/Settings.cpp:
1926         (WebCore::Settings::Settings):
1927         (WebCore::Settings::setCachedPDFImageEnabled):
1928         * page/Settings.h:
1929         (WebCore::Settings::isCachedPDFImageEnabled):
1930             Add an option to disable caching the PDF images.
1931
1932         * platform/graphics/cg/PDFDocumentImage.cpp:
1933         (WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
1934             Allow the caller of draw() to disable caching the PDF images.
1935         
1936         (WebCore::PDFDocumentImage::cacheParametersMatch):
1937             Match the context dirty rectangle with the cached image rectangle.
1938         
1939         (WebCore::transformContextForPainting):
1940             When preparing the context for drawing the PDF, take the location 
1941             of the destination rectangle into account. We do not need to scale
1942             the location of the source rectangle because we scale the size of
1943             the rectangle but we don't scale the whole coordinate system.
1944
1945         (WebCore::cachedImageRect):
1946             Calculate the rectangle of the cached image such that it does not
1947             exceed the limit. Start from the center of the dirty rectangle and
1948             then expand around it.
1949             
1950         (WebCore::PDFDocumentImage::decodedSizeChanged):
1951             In addition to notifying the ImageObserver, it keeps track of the size
1952             of all the cached PDF images.
1953
1954         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
1955             Ensure the size of all the cached images does not exceed the limit
1956             
1957         (WebCore::PDFDocumentImage::destroyDecodedData):
1958         * platform/graphics/cg/PDFDocumentImage.h:
1959
1960         * rendering/RenderImage.cpp:
1961         (WebCore::RenderImage::paintIntoRect):
1962             Pass the option to disable caching the PDF images to PDFDocumentImage.
1963
1964         * testing/InternalSettings.cpp:
1965         (WebCore::InternalSettings::Backup::Backup):
1966         (WebCore::InternalSettings::Backup::restoreTo):
1967         (WebCore::InternalSettings::setCachedPDFImageEnabled):
1968         * testing/InternalSettings.h:
1969         * testing/InternalSettings.idl:
1970             Add an internal option to disable caching the PDF images.
1971
1972 2016-07-18  Chris Dumez  <cdumez@apple.com>
1973
1974         The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
1975         https://bugs.webkit.org/show_bug.cgi?id=158008
1976
1977         Reviewed by Darin Adler.
1978
1979         The 2 first parameters to addEventListener() / removeEventListener() should be
1980         mandatory:
1981         - https://dom.spec.whatwg.org/#interface-eventtarget
1982
1983         Firefox 46 and Chrome 50 both match the specification and throw an exception when those
1984         parameters are omitted. However, those parameters were marked as optional in WebKit and
1985         the calls were no-ops if those parameters were omitted. This patch aligns our behavior
1986         with the specification and other browsers.
1987
1988         Test: fast/dom/eventtarget-api-parameters.html
1989
1990         * bindings/scripts/CodeGeneratorJS.pm:
1991         (GetFunctionLength): Deleted.
1992         * dom/EventTarget.idl:
1993
1994 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1995
1996         Unreviewed, rolling out r203373.
1997
1998         Unaddressed
1999
2000         Reverted changeset:
2001
2002         "Don't associate form-associated elements with forms in other
2003         trees."
2004         https://bugs.webkit.org/show_bug.cgi?id=119451
2005         http://trac.webkit.org/changeset/203373
2006
2007 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
2008
2009         Don't associate form-associated elements with forms in other trees.
2010         https://bugs.webkit.org/show_bug.cgi?id=119451
2011         <rdar://problem/27382946>
2012
2013         Change is based on the Blink change (patch by <adamk@chromium.org>):
2014         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
2015
2016         Reviewed by Zalan Bujtas.
2017
2018         Prevent elements from being associated with forms that are not part of the same home subtree.
2019         This brings us in line with the WhatWG HTML specification as of September, 2013.
2020
2021         Tests: fast/forms/image-disconnected-during-parse.html
2022                fast/forms/input-disconnected-during-parse.html
2023
2024         * dom/NodeTraversal.h:
2025         (WebCore::NodeTraversal::highestAncestorOrSelf): Added.
2026         * html/FormAssociatedElement.cpp:
2027         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
2028         is not part of the same tree, remove the association.
2029         * html/HTMLImageElement.cpp:
2030         (WebCore::HTMLImageElement::insertedInto): Ditto.
2031
2032 2016-07-18  George Ruan  <gruan@apple.com>
2033
2034         Move MediaSampleAVFObjC into its own file
2035         https://bugs.webkit.org/show_bug.cgi?id=159796
2036         <rdar://problem/27362488>
2037
2038         In preparation for a feature that uses MediaSampleAVFObjC, but does
2039         not need SourceBufferPrivateAVFObjC, it is beneficial to move
2040         MediaSampleAVFObjC to its own file.
2041
2042         Reviewed by Eric Carlson.
2043
2044         * WebCore.xcodeproj/project.pbxproj:
2045         * platform/MediaSample.h: Allow setting trackID to associate
2046         MediaSample id with MediaStreamTrackPrivate id.
2047         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Added.
2048         * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm: Moved
2049         from MediaSampleAVFObjC
2050         (WebCore::MediaSampleAVFObjC::presentationTime):
2051         (WebCore::MediaSampleAVFObjC::decodeTime):
2052         (WebCore::MediaSampleAVFObjC::duration):
2053         (WebCore::MediaSampleAVFObjC::sizeInBytes):
2054         (WebCore::MediaSampleAVFObjC::platformSample):
2055         (WebCore::CMSampleBufferIsRandomAccess):
2056         (WebCore::MediaSampleAVFObjC::flags):
2057         (WebCore::MediaSampleAVFObjC::presentationSize):
2058         (WebCore::MediaSampleAVFObjC::dump):
2059         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy):
2060         (WebCore::MediaSampleAVFObjC::setTimestamps):
2061         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
2062         Moved MediaSampleAVFObjC to its own file.
2063         (WebCore::MediaSampleAVFObjC::platformSample): Deleted.
2064         (WebCore::CMSampleBufferIsRandomAccess): Deleted.
2065         (WebCore::MediaSampleAVFObjC::flags): Deleted.
2066         (WebCore::MediaSampleAVFObjC::presentationSize): Deleted.
2067         (WebCore::MediaSampleAVFObjC::dump): Deleted.
2068         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Deleted.
2069         (WebCore::MediaSampleAVFObjC::setTimestamps): Deleted.
2070         * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
2071
2072 2016-07-18  Eric Carlson  <eric.carlson@apple.com>
2073
2074         [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
2075         https://bugs.webkit.org/show_bug.cgi?id=159812
2076         <rdar://problem/27371624>
2077
2078         Reviewed by Jon Lee.
2079
2080         No new tests, it isn't possible to test this with our current testing infrastructure.
2081
2082         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
2083         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
2084         (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
2085         been an HDCP error.
2086         (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.
2087
2088 2016-07-18  Yoav Weiss  <yoav@yoav.ws>
2089
2090         Add preload to features.json
2091         https://bugs.webkit.org/show_bug.cgi?id=159872
2092
2093         Reviewed by Darin Adler.
2094
2095         No new tests but no functional change.
2096
2097         * features.json:
2098
2099 2016-07-18  Youenn Fablet  <youenn@apple.com>
2100
2101         [Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
2102         https://bugs.webkit.org/show_bug.cgi?id=159870
2103
2104         Reviewed by Xabier Rodriguez-Calvar.
2105
2106         Covered by rebased test.
2107
2108         * Modules/streams/StreamInternals.js:
2109         (validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.
2110
2111 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
2112
2113         Windows buildfix after r203338
2114         https://bugs.webkit.org/show_bug.cgi?id=159875
2115
2116         Unreviewed buildfix.
2117
2118         * dom/UserGestureIndicator.h:
2119         (WebCore::UserGestureToken::addDestructionObserver):
2120
2121 2016-07-18  Carlos Garcia Campos  <cgarcia@igalia.com>
2122
2123         MemoryPressureHandler doesn't work if cgroups aren't present in Linux
2124         https://bugs.webkit.org/show_bug.cgi?id=155255
2125
2126         Reviewed by Sergio Villar Senin.
2127
2128         Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
2129         available.
2130
2131         * platform/MemoryPressureHandler.h:
2132         * platform/linux/MemoryPressureHandlerLinux.cpp:
2133
2134 2016-07-17  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
2135
2136         Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
2137         https://bugs.webkit.org/show_bug.cgi?id=159701
2138
2139         Reviewed by Alex Christensen.
2140
2141         No new tests, no behavior changes.
2142
2143         * Modules/encryptedmedia/CDM.h:
2144         * Modules/encryptedmedia/MediaKeySession.h:
2145         * Modules/encryptedmedia/MediaKeys.h:
2146         * Modules/quota/DOMWindowQuota.cpp:
2147         * Modules/quota/StorageErrorCallback.cpp:
2148         (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
2149         * Modules/quota/StorageErrorCallback.h:
2150         * Modules/quota/StorageInfo.h:
2151         * Modules/quota/StorageQuota.h:
2152         * Modules/speech/DOMWindowSpeechSynthesis.cpp:
2153         * Modules/speech/SpeechSynthesis.cpp:
2154         (WebCore::SpeechSynthesis::getVoices):
2155         (WebCore::SpeechSynthesis::startSpeakingImmediately):
2156         (WebCore::SpeechSynthesis::speak):
2157         (WebCore::SpeechSynthesis::cancel):
2158         (WebCore::SpeechSynthesis::handleSpeakingCompleted):
2159         (WebCore::SpeechSynthesis::boundaryEventOccurred):
2160         (WebCore::SpeechSynthesis::didStartSpeaking):
2161         (WebCore::SpeechSynthesis::didPauseSpeaking):
2162         (WebCore::SpeechSynthesis::didResumeSpeaking):
2163         (WebCore::SpeechSynthesis::didFinishSpeaking):
2164         (WebCore::SpeechSynthesis::speakingErrorOccurred):
2165         * Modules/speech/SpeechSynthesis.h:
2166         * Modules/speech/SpeechSynthesisEvent.h:
2167         * Modules/speech/SpeechSynthesisUtterance.h:
2168         * Modules/speech/SpeechSynthesisVoice.cpp:
2169         (WebCore::SpeechSynthesisVoice::create):
2170         (WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):
2171         * Modules/speech/SpeechSynthesisVoice.h:
2172         * platform/PlatformSpeechSynthesizer.h:
2173         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
2174         (WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):
2175         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
2176         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
2177         (WebCore::PlatformSpeechSynthesizerMock::speak):
2178         (WebCore::PlatformSpeechSynthesizerMock::cancel):
2179         (WebCore::PlatformSpeechSynthesizerMock::pause):
2180         (WebCore::PlatformSpeechSynthesizerMock::resume):
2181
2182 2016-07-16  Sam Weinig  <sam@webkit.org>
2183
2184         [WebKit API] Add SPI to track multiple navigations caused by a single user gesture
2185         <rdar://problem/26554137>
2186         https://bugs.webkit.org/show_bug.cgi?id=159856
2187
2188         Reviewed by Dan Bernstein.
2189
2190         - Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
2191         - Makes UserGestureIndicator track UserGestureToken.
2192         - Refines UserGestureIndicator's interface to use Optional and a smaller enum set
2193           to represent the different initial states.
2194         - Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, 
2195           postMessage, and ScheduledNavigation) rather than just a boolean.
2196
2197         * accessibility/AccessibilityNodeObject.cpp:
2198         (WebCore::AccessibilityNodeObject::increment):
2199         (WebCore::AccessibilityNodeObject::decrement):
2200         * accessibility/AccessibilityObject.cpp:
2201         (WebCore::AccessibilityObject::press):
2202         * bindings/js/ScriptController.cpp:
2203         (WebCore::ScriptController::executeScriptInWorld):
2204         (WebCore::ScriptController::executeScript):
2205         Update for new UserGestureIndicator interface.
2206
2207         * dom/UserGestureIndicator.cpp:
2208         (WebCore::currentToken):
2209         (WebCore::UserGestureToken::~UserGestureToken):
2210         (WebCore::UserGestureIndicator::UserGestureIndicator):
2211         (WebCore::UserGestureIndicator::~UserGestureIndicator):
2212         (WebCore::UserGestureIndicator::currentUserGesture):
2213         (WebCore::UserGestureIndicator::processingUserGesture):
2214         (WebCore::UserGestureIndicator::processingUserGestureForMedia):
2215         (WebCore::isDefinite): Deleted.
2216         * dom/UserGestureIndicator.h:
2217         (WebCore::UserGestureToken::create):
2218         (WebCore::UserGestureToken::state):
2219         (WebCore::UserGestureToken::processingUserGesture):
2220         (WebCore::UserGestureToken::processingUserGestureForMedia):
2221         (WebCore::UserGestureToken::addDestructionObserver):
2222         (WebCore::UserGestureToken::UserGestureToken):
2223         Add UserGestureToken and track the current one explicitly.
2224
2225         * html/HTMLMediaElement.cpp:
2226         (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
2227         * inspector/InspectorFrontendClientLocal.cpp:
2228         (WebCore::InspectorFrontendClientLocal::openInNewTab):
2229         * inspector/InspectorFrontendHost.cpp:
2230         * inspector/InspectorPageAgent.cpp:
2231         (WebCore::InspectorPageAgent::navigate):
2232         Update for new UserGestureIndicator interface.
2233
2234         * loader/NavigationAction.cpp:
2235         (WebCore::NavigationAction::NavigationAction):
2236         * loader/NavigationAction.h:
2237         (WebCore::NavigationAction::userGestureToken):
2238         (WebCore::NavigationAction::processingUserGesture):
2239         * loader/NavigationScheduler.cpp:
2240         (WebCore::ScheduledNavigation::ScheduledNavigation):
2241         (WebCore::ScheduledNavigation::~ScheduledNavigation):
2242         (WebCore::ScheduledNavigation::lockBackForwardList):
2243         (WebCore::ScheduledNavigation::wasDuringLoad):
2244         (WebCore::ScheduledNavigation::isLocationChange):
2245         (WebCore::ScheduledNavigation::userGestureToForward):
2246         (WebCore::ScheduledNavigation::clearUserGesture):
2247         (WebCore::NavigationScheduler::mustLockBackForwardList):
2248         (WebCore::NavigationScheduler::scheduleFormSubmission):
2249         (WebCore::ScheduledNavigation::wasUserGesture): Deleted.
2250         * page/DOMTimer.cpp:
2251         (WebCore::shouldForwardUserGesture):
2252         (WebCore::userGestureTokenToForward):
2253         (WebCore::DOMTimer::DOMTimer):
2254         (WebCore::DOMTimer::fired):
2255         * page/DOMTimer.h:
2256         * page/DOMWindow.cpp:
2257         (WebCore::PostMessageTimer::PostMessageTimer):
2258         Store the active UserGestureToken rather than just a bit.
2259
2260         * page/EventHandler.cpp:
2261         (WebCore::EventHandler::handleMousePressEvent):
2262         (WebCore::EventHandler::handleMouseDoubleClickEvent):
2263         (WebCore::EventHandler::handleMouseReleaseEvent):
2264         (WebCore::EventHandler::keyEvent):
2265         (WebCore::EventHandler::handleTouchEvent):
2266         * rendering/HitTestResult.cpp:
2267         (WebCore::HitTestResult::toggleMediaFullscreenState):
2268         (WebCore::HitTestResult::enterFullscreenForVideo):
2269         (WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
2270         Update for new UserGestureIndicator interface.
2271
2272 2016-07-17  Ryosuke Niwa  <rniwa@webkit.org>
2273
2274         Rename fastHasAttribute to hasAttributeWithoutSynchronization
2275         https://bugs.webkit.org/show_bug.cgi?id=159864
2276
2277         Reviewed by Chris Dumez.
2278
2279         Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.
2280
2281         * accessibility/AccessibilityListBoxOption.cpp:
2282         (WebCore::AccessibilityListBoxOption::isEnabled):
2283         * accessibility/AccessibilityObject.cpp:
2284         (WebCore::AccessibilityObject::hasAttribute):
2285         (WebCore::AccessibilityObject::getAttribute):
2286         * accessibility/AccessibilityRenderObject.cpp:
2287         (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
2288         * bindings/scripts/CodeGenerator.pm:
2289         (GetterExpression):
2290         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2291         * bindings/scripts/test/JS/JSTestObj.cpp:
2292         (WebCore::jsTestObjReflectedBooleanAttr):
2293         (WebCore::jsTestObjReflectedCustomBooleanAttr):
2294         * bindings/scripts/test/ObjC/DOMTestObj.mm:
2295         (-[DOMTestObj reflectedBooleanAttr]):
2296         (-[DOMTestObj setReflectedBooleanAttr:]):
2297         (-[DOMTestObj reflectedCustomBooleanAttr]):
2298         (-[DOMTestObj setReflectedCustomBooleanAttr:]):
2299         * dom/Document.cpp:
2300         (WebCore::Document::hasManifest):
2301         (WebCore::Document::doctype):
2302         * dom/Element.h:
2303         (WebCore::Node::parentElement):
2304         (WebCore::Element::hasAttributeWithoutSynchronization):
2305         (WebCore::Element::fastHasAttribute): Deleted.
2306         * editing/ApplyStyleCommand.cpp:
2307         (WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):
2308         * editing/DeleteSelectionCommand.cpp:
2309         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
2310         * editing/markup.cpp:
2311         (WebCore::createMarkupInternal):
2312         * html/ColorInputType.cpp:
2313         (WebCore::ColorInputType::shouldShowSuggestions):
2314         * html/FileInputType.cpp:
2315         (WebCore::FileInputType::handleDOMActivateEvent):
2316         (WebCore::FileInputType::receiveDroppedFiles):
2317         * html/FormAssociatedElement.cpp:
2318         (WebCore::FormAssociatedElement::didMoveToNewDocument):
2319         (WebCore::FormAssociatedElement::insertedInto):
2320         (WebCore::FormAssociatedElement::removedFrom):
2321         (WebCore::FormAssociatedElement::formAttributeChanged):
2322         * html/FormController.cpp:
2323         (WebCore::ownerFormForState):
2324         * html/GenericCachedHTMLCollection.cpp:
2325         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
2326         * html/HTMLAnchorElement.cpp:
2327         (WebCore::HTMLAnchorElement::draggable):
2328         (WebCore::HTMLAnchorElement::href):
2329         (WebCore::HTMLAnchorElement::sendPings):
2330         * html/HTMLAppletElement.cpp:
2331         (WebCore::HTMLAppletElement::rendererIsNeeded):
2332         * html/HTMLElement.cpp:
2333         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
2334         (WebCore::elementAffectsDirectionality):
2335         (WebCore::setHasDirAutoFlagRecursively):
2336         * html/HTMLEmbedElement.cpp:
2337         (WebCore::HTMLEmbedElement::rendererIsNeeded):
2338         * html/HTMLFieldSetElement.cpp:
2339         (WebCore::updateFromControlElementsAncestorDisabledStateUnder):
2340         (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
2341         (WebCore::HTMLFieldSetElement::disabledStateChanged):
2342         (WebCore::HTMLFieldSetElement::childrenChanged):
2343         * html/HTMLFormControlElement.cpp:
2344         (WebCore::HTMLFormControlElement::formNoValidate):
2345         (WebCore::HTMLFormControlElement::formAction):
2346         (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
2347         (WebCore::shouldAutofocus):
2348         * html/HTMLFormElement.cpp:
2349         (WebCore::HTMLFormElement::formElementIndex):
2350         (WebCore::HTMLFormElement::noValidate):
2351         * html/HTMLFrameElement.cpp:
2352         (WebCore::HTMLFrameElement::noResize):
2353         (WebCore::HTMLFrameElement::didAttachRenderers):
2354         * html/HTMLFrameElementBase.cpp:
2355         (WebCore::HTMLFrameElementBase::parseAttribute):
2356         (WebCore::HTMLFrameElementBase::location):
2357         * html/HTMLHRElement.cpp:
2358         (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
2359         * html/HTMLImageElement.cpp:
2360         (WebCore::HTMLImageElement::isServerMap):
2361         * html/HTMLInputElement.cpp:
2362         (WebCore::HTMLInputElement::finishParsingChildren):
2363         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
2364         (WebCore::HTMLInputElement::isActivatedSubmit):
2365         (WebCore::HTMLInputElement::reset):
2366         (WebCore::HTMLInputElement::multiple):
2367         (WebCore::HTMLInputElement::setSize):
2368         (WebCore::HTMLInputElement::shouldUseMediaCapture):
2369         * html/HTMLMarqueeElement.cpp:
2370         (WebCore::HTMLMarqueeElement::minimumDelay):
2371         * html/HTMLMediaElement.cpp:
2372         (WebCore::HTMLMediaElement::insertedInto):
2373         (WebCore::HTMLMediaElement::selectMediaResource):
2374         (WebCore::HTMLMediaElement::loadResource):
2375         (WebCore::HTMLMediaElement::autoplay):
2376         (WebCore::HTMLMediaElement::preload):
2377         (WebCore::HTMLMediaElement::loop):
2378         (WebCore::HTMLMediaElement::setLoop):
2379         (WebCore::HTMLMediaElement::controls):
2380         (WebCore::HTMLMediaElement::setControls):
2381         (WebCore::HTMLMediaElement::muted):
2382         (WebCore::HTMLMediaElement::setMuted):
2383         (WebCore::HTMLMediaElement::selectNextSourceChild):
2384         (WebCore::HTMLMediaElement::sourceWasAdded):
2385         (WebCore::HTMLMediaElement::mediaSessionTitle):
2386         * html/HTMLObjectElement.cpp:
2387         (WebCore::HTMLObjectElement::parseAttribute):
2388         * html/HTMLOptGroupElement.cpp:
2389         (WebCore::HTMLOptGroupElement::isDisabledFormControl):
2390         (WebCore::HTMLOptGroupElement::isFocusable):
2391         * html/HTMLOptionElement.cpp:
2392         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
2393         (WebCore::HTMLOptionElement::text):
2394         * html/HTMLProgressElement.cpp:
2395         (WebCore::HTMLProgressElement::isDeterminate):
2396         (WebCore::HTMLProgressElement::didElementStateChange):
2397         * html/HTMLScriptElement.cpp:
2398         (WebCore::HTMLScriptElement::async):
2399         (WebCore::HTMLScriptElement::setCrossOrigin):
2400         (WebCore::HTMLScriptElement::asyncAttributeValue):
2401         (WebCore::HTMLScriptElement::deferAttributeValue):
2402         (WebCore::HTMLScriptElement::hasSourceAttribute):
2403         (WebCore::HTMLScriptElement::dispatchLoadEvent):
2404         * html/HTMLSelectElement.cpp:
2405         (WebCore::HTMLSelectElement::reset):
2406         * html/HTMLTrackElement.cpp:
2407         (WebCore::HTMLTrackElement::isDefault):
2408         (WebCore::HTMLTrackElement::ensureTrack):
2409         (WebCore::HTMLTrackElement::loadTimerFired):
2410         * html/MediaElementSession.cpp:
2411         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
2412         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
2413         (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading):
2414         * html/SearchInputType.cpp:
2415         (WebCore::SearchInputType::searchEventsShouldBeDispatched):
2416         (WebCore::SearchInputType::didSetValueByUserEdit):
2417         * inspector/InspectorDOMAgent.cpp:
2418         (WebCore::InspectorDOMAgent::buildObjectForNode):
2419         * loader/FrameLoader.cpp:
2420         (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
2421         (WebCore::FrameLoader::findFrameForNavigation):
2422         * loader/ImageLoader.cpp:
2423         (WebCore::ImageLoader::notifyFinished):
2424         * mathml/MathMLSelectElement.cpp:
2425         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2426         * rendering/RenderTableCell.cpp:
2427         (WebCore::RenderTableCell::computePreferredLogicalWidths):
2428         * rendering/RenderThemeIOS.mm:
2429         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
2430         * rendering/SimpleLineLayout.cpp:
2431         (WebCore::SimpleLineLayout::canUseForWithReason):
2432         * rendering/svg/RenderSVGResourceClipper.cpp:
2433         (WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):
2434         * svg/SVGAnimateMotionElement.cpp:
2435         (WebCore::SVGAnimateMotionElement::updateAnimationPath):
2436         * svg/SVGAnimationElement.cpp:
2437         (WebCore::SVGAnimationElement::startedActiveInterval):
2438         (WebCore::SVGAnimationElement::updateAnimation):
2439         * svg/animation/SVGSMILElement.cpp:
2440         (WebCore::SVGSMILElement::insertedInto):
2441
2442 2016-07-17  Brady Eidson  <beidson@apple.com>
2443
2444         Exceptions logged to the JS console should use toString().
2445         https://bugs.webkit.org/show_bug.cgi?id=159855
2446
2447         Reviewed by Darin Adler.
2448
2449         No new tests (No change in behavior).
2450
2451         * bindings/js/JSDOMBinding.cpp:
2452         (WebCore::reportException):
2453
2454         * dom/DOMCoreException.h:
2455         (WebCore::DOMCoreException::DOMCoreException):
2456
2457         * dom/ExceptionBase.cpp:
2458         (WebCore::ExceptionBase::ExceptionBase):
2459         (WebCore::ExceptionBase::toString):
2460         (WebCore::ExceptionBase::consoleErrorMessage): Deleted.
2461         * dom/ExceptionBase.h:
2462         (WebCore::ExceptionBase::description): Deleted.
2463
2464         * svg/SVGException.h:
2465
2466         * xml/XPathException.h:
2467         (WebCore::XPathException::XPathException):
2468
2469 2016-07-17  Brady Eidson  <beidson@apple.com>
2470
2471         Update DOMCoreException to use the description in toString().
2472         https://bugs.webkit.org/show_bug.cgi?id=159857
2473
2474         Reviewed by Darin Adler.
2475
2476         No new tests (Covered by changes to existing tests).
2477
2478         * bindings/js/JSDOMBinding.cpp:
2479         (WebCore::createDOMException):
2480
2481         * dom/DOMCoreException.h:
2482         (WebCore::DOMCoreException::DOMCoreException):
2483         (WebCore::DOMCoreException::createWithDescriptionAsMessage): Deleted.
2484
2485 2016-07-17  Myles C. Maxfield  <mmaxfield@apple.com>
2486
2487         Support new emoji group candidates
2488         https://bugs.webkit.org/show_bug.cgi?id=159755
2489         <rdar://problem/27325521>
2490
2491         Reviewed by Dean Jackson.
2492
2493         There are a few code points which should be able to be joined (with ZWJ) to
2494         either U+2640 or U+2642 to change the gender of the emoji. These patterns
2495         should also work with an additional 0xFE0F variation selector. This patch
2496         adds these new patterns to our existing emoji group candidate infrastructure.
2497
2498         Tests: fast/text/emoji-gender-2-3.html
2499                fast/text/emoji-gender-2-4.html
2500                fast/text/emoji-gender-2-5.html
2501                fast/text/emoji-gender-2-6.html
2502                fast/text/emoji-gender-2-7.html
2503                fast/text/emoji-gender-2-8.html
2504                fast/text/emoji-gender-2-9.html
2505                fast/text/emoji-gender-2.html
2506                fast/text/emoji-gender-3.html
2507                fast/text/emoji-gender-4.html
2508                fast/text/emoji-gender-5.html
2509                fast/text/emoji-gender-6.html
2510                fast/text/emoji-gender-7.html
2511                fast/text/emoji-gender-8.html
2512                fast/text/emoji-gender-9.html
2513                fast/text/emoji-gender-fe0f-3.html
2514                fast/text/emoji-gender-fe0f-4.html
2515                fast/text/emoji-gender-fe0f-5.html
2516                fast/text/emoji-gender-fe0f-6.html
2517                fast/text/emoji-gender-fe0f-7.html
2518                fast/text/emoji-gender-fe0f-8.html
2519                fast/text/emoji-gender-fe0f-9.html
2520                fast/text/emoji-gender.html
2521                fast/text/emoji-num-glyphs.html
2522                fast/text/emoji-single-parent-family-2.html
2523                fast/text/emoji-single-parent-family.html
2524
2525         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
2526         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
2527         * platform/graphics/FontCascade.cpp:
2528         (WebCore::FontCascade::characterRangeCodePath):
2529         * platform/text/CharacterProperties.h:
2530         (WebCore::isEmojiGroupCandidate):
2531
2532 2016-07-16  Brady Eidson  <beidson@apple.com>
2533
2534         Update SVGException to use the description in toString().
2535         https://bugs.webkit.org/show_bug.cgi?id=159847
2536
2537         Reviewed by Darin Adler.
2538
2539         No new tests (Covered by changes to existing tests).
2540
2541         * bindings/js/JSDOMBinding.cpp:
2542         (WebCore::reportException): use consoleErrorMessage for now.
2543
2544         * dom/ExceptionBase.cpp:
2545         (WebCore::ExceptionBase::consoleErrorMessage):
2546         * dom/ExceptionBase.h:
2547
2548         * svg/SVGException.h:
2549
2550 2016-07-16  Chris Dumez  <cdumez@apple.com>
2551
2552         Use fastHasAttribute() when possible
2553         https://bugs.webkit.org/show_bug.cgi?id=159838
2554
2555         Reviewed by Ryosuke Niwa.
2556
2557         Use fastHasAttribute() when possible, for performance.
2558
2559         * editing/DeleteSelectionCommand.cpp:
2560         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
2561         * editing/markup.cpp:
2562         (WebCore::createMarkupInternal):
2563         * html/HTMLAnchorElement.cpp:
2564         (WebCore::HTMLAnchorElement::draggable):
2565         * html/HTMLFrameElementBase.cpp:
2566         (WebCore::HTMLFrameElementBase::parseAttribute):
2567         * mathml/MathMLSelectElement.cpp:
2568         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2569         * rendering/RenderThemeIOS.mm:
2570         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
2571
2572 2016-07-16  Ryosuke Niwa  <rniwa@webkit.org>
2573
2574         Rename fastGetAttribute to attributeWithoutSynchronization
2575         https://bugs.webkit.org/show_bug.cgi?id=159852
2576
2577         Reviewed by Darin Adler.
2578
2579         Renamed fastGetAttribute to attributeWithoutSynchronization for clarity.
2580
2581         * accessibility/AXObjectCache.cpp:
2582         (WebCore::AXObjectCache::findAriaModalNodes):
2583         (WebCore::nodeHasRole):
2584         (WebCore::AXObjectCache::handleLiveRegionCreated):
2585         (WebCore::AXObjectCache::handleMenuItemSelected):
2586         (WebCore::AXObjectCache::handleAriaModalChange):
2587         (WebCore::isNodeAriaVisible):
2588         * accessibility/AccessibilityNodeObject.cpp:
2589         (WebCore::siblingWithAriaRole):
2590         (WebCore::AccessibilityNodeObject::titleElementText):
2591         (WebCore::AccessibilityNodeObject::alternativeTextForWebArea):
2592         (WebCore::AccessibilityNodeObject::hierarchicalLevel):
2593         (WebCore::AccessibilityNodeObject::stringValue):
2594         (WebCore::accessibleNameForNode):
2595         * accessibility/AccessibilityObject.cpp:
2596         (WebCore::AccessibilityObject::contentEditableAttributeIsEnabled):
2597         (WebCore::AccessibilityObject::getAttribute):
2598         * accessibility/AccessibilityRenderObject.cpp:
2599         (WebCore::AccessibilityRenderObject::stringValue):
2600         (WebCore::AccessibilityRenderObject::exposesTitleUIElement):
2601         * accessibility/AccessibilitySVGElement.cpp:
2602         (WebCore::AccessibilitySVGElement::childElementWithMatchingLanguage):
2603         (WebCore::AccessibilitySVGElement::accessibilityDescription):
2604         * bindings/objc/DOM.mm:
2605         (-[DOMHTMLLinkElement _mediaQueryMatches]):
2606         * bindings/scripts/CodeGenerator.pm:
2607         (GetterExpression):
2608         * bindings/scripts/CodeGeneratorObjC.pm:
2609         (GenerateImplementation):
2610         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2611         * bindings/scripts/test/JS/JSTestObj.cpp:
2612         (WebCore::jsTestObjReflectedStringAttr):
2613         * dom/AuthorStyleSheets.cpp:
2614         (WebCore::AuthorStyleSheets::collectActiveStyleSheets):
2615         * dom/Document.cpp:
2616         (WebCore::Document::buildAccessKeyMap):
2617         (WebCore::Document::processBaseElement):
2618         * dom/DocumentOrderedMap.cpp:
2619         (WebCore::DocumentOrderedMap::getElementByLabelForAttribute):
2620         * dom/Element.cpp:
2621         (WebCore::Element::imageSourceURL):
2622         (WebCore::Element::rendererIsNeeded):
2623         (WebCore::Element::insertedInto):
2624         (WebCore::Element::removedFrom):
2625         (WebCore::Element::pseudo):
2626         (WebCore::Element::setPseudo):
2627         (WebCore::Element::spellcheckAttributeState):
2628         (WebCore::Element::canContainRangeEndPoint):
2629         (WebCore::Element::completeURLsInAttributeValue):
2630         * dom/Element.h:
2631         (WebCore::Element::fastHasAttribute):
2632         (WebCore::Element::attributeWithoutSynchronization):
2633         (WebCore::Element::fastGetAttribute): Deleted.
2634         * dom/InlineStyleSheetOwner.cpp:
2635         (WebCore::InlineStyleSheetOwner::createSheet):
2636         * dom/ScriptElement.cpp:
2637         (WebCore::ScriptElement::requestScript):
2638         (WebCore::ScriptElement::executeScript):
2639         * dom/SlotAssignment.cpp:
2640         (WebCore::slotNameFromSlotAttribute):
2641         (WebCore::SlotAssignment::SlotAssignment):
2642         (WebCore::recursivelyFireSlotChangeEvent):
2643         (WebCore::SlotAssignment::didChangeSlot):
2644         (WebCore::SlotAssignment::hostChildElementDidChange):
2645         (WebCore::SlotAssignment::assignedNodesForSlot):
2646         (WebCore::SlotAssignment::resolveAllSlotElements):
2647         * dom/TreeScope.cpp:
2648         (WebCore::TreeScope::labelElementForId):
2649         * dom/VisitedLinkState.cpp:
2650         (WebCore::linkAttribute):
2651         * editing/ApplyStyleCommand.cpp:
2652         (WebCore::isLegacyAppleStyleSpan):
2653         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
2654         * editing/EditingStyle.cpp:
2655         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
2656         * editing/ReplaceSelectionCommand.cpp:
2657         (WebCore::isInterchangeNewlineNode):
2658         (WebCore::isInterchangeConvertedSpaceSpan):
2659         (WebCore::positionAvoidingPrecedingNodes):
2660         (WebCore::isMailPasteAsQuotationNode):
2661         (WebCore::isHeaderElement):
2662         (WebCore::isInlineNodeWithStyle):
2663         * editing/TextIterator.cpp:
2664         (WebCore::isRendererReplacedElement):
2665         * editing/cocoa/DataDetection.mm:
2666         (WebCore::DataDetection::isDataDetectorLink):
2667         (WebCore::DataDetection::requiresExtendedContext):
2668         (WebCore::DataDetection::dataDetectorIdentifier):
2669         (WebCore::DataDetection::shouldCancelDefaultAction):
2670         (WebCore::removeResultLinksFromAnchor):
2671         (WebCore::searchForLinkRemovingExistingDDLinks):
2672         * editing/gtk/EditorGtk.cpp:
2673         (WebCore::elementURL):
2674         * editing/htmlediting.cpp:
2675         (WebCore::isTabSpanNode):
2676         (WebCore::isTabSpanTextNode):
2677         (WebCore::isMailBlockquote):
2678         (WebCore::caretMinOffset):
2679         * editing/markup.cpp:
2680         (WebCore::createFragmentFromMarkup):
2681         * html/Autofill.cpp:
2682         (WebCore::AutofillData::createFromHTMLFormControlElement):
2683         * html/BaseTextInputType.cpp:
2684         (WebCore::BaseTextInputType::patternMismatch):
2685         * html/DateInputType.cpp:
2686         (WebCore::DateInputType::createStepRange):
2687         * html/DateTimeInputType.cpp:
2688         (WebCore::DateTimeInputType::createStepRange):
2689         * html/DateTimeLocalInputType.cpp:
2690         (WebCore::DateTimeLocalInputType::createStepRange):
2691         * html/FormAssociatedElement.cpp:
2692         (WebCore::FormAssociatedElement::findAssociatedForm):
2693         (WebCore::FormAssociatedElement::resetFormAttributeTargetObserver):
2694         (WebCore::FormAssociatedElement::formAttributeTargetChanged):
2695         * html/HTMLAnchorElement.cpp:
2696         (WebCore::HTMLAnchorElement::draggable):
2697         (WebCore::HTMLAnchorElement::href):
2698         (WebCore::HTMLAnchorElement::setHref):
2699         (WebCore::HTMLAnchorElement::target):
2700         (WebCore::HTMLAnchorElement::origin):
2701         (WebCore::HTMLAnchorElement::sendPings):
2702         (WebCore::HTMLAnchorElement::handleClick):
2703         * html/HTMLAnchorElement.h:
2704         (WebCore::HTMLAnchorElement::visitedLinkHash):
2705         * html/HTMLAppletElement.cpp:
2706         (WebCore::HTMLAppletElement::updateWidget):
2707         * html/HTMLAreaElement.cpp:
2708         (WebCore::HTMLAreaElement::target):
2709         * html/HTMLAttachmentElement.cpp:
2710         (WebCore::HTMLAttachmentElement::attachmentTitle):
2711         (WebCore::HTMLAttachmentElement::attachmentType):
2712         * html/HTMLBaseElement.cpp:
2713         (WebCore::HTMLBaseElement::target):
2714         (WebCore::HTMLBaseElement::href):
2715         * html/HTMLBodyElement.cpp:
2716         (WebCore::HTMLBodyElement::addSubresourceAttributeURLs):
2717         * html/HTMLButtonElement.cpp:
2718         (WebCore::HTMLButtonElement::value):
2719         (WebCore::HTMLButtonElement::computeWillValidate):
2720         * html/HTMLCanvasElement.cpp:
2721         (WebCore::HTMLCanvasElement::reset):
2722         * html/HTMLDocument.cpp:
2723         (WebCore::HTMLDocument::bgColor):
2724         (WebCore::HTMLDocument::setBgColor):
2725         (WebCore::HTMLDocument::fgColor):
2726         (WebCore::HTMLDocument::setFgColor):
2727         (WebCore::HTMLDocument::alinkColor):
2728         (WebCore::HTMLDocument::setAlinkColor):
2729         (WebCore::HTMLDocument::linkColor):
2730         (WebCore::HTMLDocument::setLinkColor):
2731         (WebCore::HTMLDocument::vlinkColor):
2732         (WebCore::HTMLDocument::setVlinkColor):
2733         * html/HTMLElement.cpp:
2734         (WebCore::contentEditableType):
2735         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
2736         (WebCore::HTMLElement::dir):
2737         (WebCore::HTMLElement::setDir):
2738         (WebCore::HTMLElement::draggable):
2739         (WebCore::HTMLElement::setDraggable):
2740         (WebCore::HTMLElement::title):
2741         (WebCore::HTMLElement::tabIndex):
2742         (WebCore::HTMLElement::translateAttributeMode):
2743         (WebCore::HTMLElement::hasDirectionAuto):
2744         (WebCore::HTMLElement::directionality):
2745         * html/HTMLEmbedElement.cpp:
2746         (WebCore::HTMLEmbedElement::imageSourceURL):
2747         (WebCore::HTMLEmbedElement::addSubresourceAttributeURLs):
2748         * html/HTMLFormControlElement.cpp:
2749         (WebCore::HTMLFormControlElement::formEnctype):
2750         (WebCore::HTMLFormControlElement::formMethod):
2751         (WebCore::HTMLFormControlElement::formAction):
2752         (WebCore::HTMLFormControlElement::autocorrect):
2753         (WebCore::HTMLFormControlElement::autocapitalizeType):
2754         * html/HTMLFormElement.cpp:
2755         (WebCore::HTMLFormElement::autocorrect):
2756         (WebCore::HTMLFormElement::autocapitalizeType):
2757         (WebCore::HTMLFormElement::autocapitalize):
2758         (WebCore::HTMLFormElement::action):
2759         (WebCore::HTMLFormElement::setAction):
2760         (WebCore::HTMLFormElement::target):
2761         (WebCore::HTMLFormElement::wasUserSubmitted):
2762         (WebCore::HTMLFormElement::shouldAutocomplete):
2763         (WebCore::HTMLFormElement::finishParsingChildren):
2764         (WebCore::HTMLFormElement::autocomplete):
2765         * html/HTMLFrameElementBase.cpp:
2766         (WebCore::HTMLFrameElementBase::location):
2767         (WebCore::HTMLFrameElementBase::setLocation):
2768         * html/HTMLHtmlElement.cpp:
2769         (WebCore::HTMLHtmlElement::insertedByParser):
2770         * html/HTMLImageElement.cpp:
2771         (WebCore::HTMLImageElement::imageSourceURL):
2772         (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
2773         (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
2774         (WebCore::HTMLImageElement::selectImageSource):
2775         (WebCore::HTMLImageElement::altText):
2776         (WebCore::HTMLImageElement::createElementRenderer):
2777         (WebCore::HTMLImageElement::width):
2778         (WebCore::HTMLImageElement::height):
2779         (WebCore::HTMLImageElement::alt):
2780         (WebCore::HTMLImageElement::draggable):
2781         (WebCore::HTMLImageElement::setHeight):
2782         (WebCore::HTMLImageElement::src):
2783         (WebCore::HTMLImageElement::setSrc):
2784         (WebCore::HTMLImageElement::addSubresourceAttributeURLs):
2785         (WebCore::HTMLImageElement::didMoveToNewDocument):
2786         (WebCore::HTMLImageElement::isServerMap):
2787         (WebCore::HTMLImageElement::crossOrigin):
2788         * html/HTMLInputElement.cpp:
2789         (WebCore::HTMLInputElement::updateType):
2790         (WebCore::HTMLInputElement::initializeInputType):
2791         (WebCore::HTMLInputElement::altText):
2792         (WebCore::HTMLInputElement::value):
2793         (WebCore::HTMLInputElement::defaultValue):
2794         (WebCore::HTMLInputElement::setDefaultValue):
2795         (WebCore::HTMLInputElement::acceptMIMETypes):
2796         (WebCore::HTMLInputElement::acceptFileExtensions):
2797         (WebCore::HTMLInputElement::accept):
2798         (WebCore::HTMLInputElement::alt):
2799         (WebCore::HTMLInputElement::effectiveMaxLength):
2800         (WebCore::HTMLInputElement::src):
2801         (WebCore::HTMLInputElement::setAutoFilled):
2802         (WebCore::HTMLInputElement::dataList):
2803         (WebCore::HTMLInputElement::resetListAttributeTargetObserver):
2804         * html/HTMLKeygenElement.cpp:
2805         (WebCore::HTMLKeygenElement::isKeytypeRSA):
2806         (WebCore::HTMLKeygenElement::appendFormData):
2807         * html/HTMLLIElement.cpp:
2808         (WebCore::HTMLLIElement::didAttachRenderers):
2809         (WebCore::HTMLLIElement::parseValue):
2810         * html/HTMLLabelElement.cpp:
2811         (WebCore::HTMLLabelElement::control):
2812         * html/HTMLLinkElement.cpp:
2813         (WebCore::HTMLLinkElement::crossOrigin):
2814         (WebCore::HTMLLinkElement::process):
2815         (WebCore::HTMLLinkElement::href):
2816         (WebCore::HTMLLinkElement::rel):
2817         (WebCore::HTMLLinkElement::target):
2818         (WebCore::HTMLLinkElement::type):
2819         (WebCore::HTMLLinkElement::iconType):
2820         * html/HTMLMarqueeElement.cpp:
2821         (WebCore::HTMLMarqueeElement::scrollAmount):
2822         (WebCore::HTMLMarqueeElement::setScrollAmount):
2823         (WebCore::HTMLMarqueeElement::scrollDelay):
2824         (WebCore::HTMLMarqueeElement::setScrollDelay):
2825         (WebCore::HTMLMarqueeElement::loop):
2826         * html/HTMLMediaElement.cpp:
2827         (WebCore::HTMLMediaElement::insertedInto):
2828         (WebCore::HTMLMediaElement::crossOrigin):
2829         (WebCore::HTMLMediaElement::networkState):
2830         (WebCore::HTMLMediaElement::mediaSessionTitle):
2831         (WebCore::HTMLMediaElement::doesHaveAttribute):
2832         * html/HTMLMetaElement.cpp:
2833         (WebCore::HTMLMetaElement::process):
2834         (WebCore::HTMLMetaElement::content):
2835         (WebCore::HTMLMetaElement::httpEquiv):
2836         (WebCore::HTMLMetaElement::name):
2837         * html/HTMLMeterElement.cpp:
2838         (WebCore::HTMLMeterElement::min):
2839         (WebCore::HTMLMeterElement::setMin):
2840         (WebCore::HTMLMeterElement::max):
2841         (WebCore::HTMLMeterElement::setMax):
2842         (WebCore::HTMLMeterElement::value):
2843         (WebCore::HTMLMeterElement::low):
2844         (WebCore::HTMLMeterElement::high):
2845         (WebCore::HTMLMeterElement::optimum):
2846         * html/HTMLObjectElement.cpp:
2847         (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk):
2848         (WebCore::HTMLObjectElement::hasValidClassId):
2849         (WebCore::HTMLObjectElement::imageSourceURL):
2850         (WebCore::HTMLObjectElement::renderFallbackContent):
2851         (WebCore::HTMLObjectElement::containsJavaApplet):
2852         (WebCore::HTMLObjectElement::addSubresourceAttributeURLs):
2853         * html/HTMLOptGroupElement.cpp:
2854         (WebCore::HTMLOptGroupElement::groupLabelText):
2855         * html/HTMLOptionElement.cpp:
2856         (WebCore::HTMLOptionElement::value):
2857         (WebCore::HTMLOptionElement::label):
2858         * html/HTMLParamElement.cpp:
2859         (WebCore::HTMLParamElement::value):
2860         (WebCore::HTMLParamElement::isURLParameter):
2861         * html/HTMLProgressElement.cpp:
2862         (WebCore::HTMLProgressElement::value):
2863         (WebCore::HTMLProgressElement::max):
2864         * html/HTMLScriptElement.cpp:
2865         (WebCore::HTMLScriptElement::crossOrigin):
2866         (WebCore::HTMLScriptElement::src):
2867         (WebCore::HTMLScriptElement::sourceAttributeValue):
2868         (WebCore::HTMLScriptElement::charsetAttributeValue):
2869         (WebCore::HTMLScriptElement::typeAttributeValue):
2870         (WebCore::HTMLScriptElement::languageAttributeValue):
2871         (WebCore::HTMLScriptElement::forAttributeValue):
2872         (WebCore::HTMLScriptElement::eventAttributeValue):
2873         (WebCore::HTMLScriptElement::asyncAttributeValue):
2874         * html/HTMLSlotElement.cpp:
2875         (WebCore::HTMLSlotElement::insertedInto):
2876         (WebCore::HTMLSlotElement::removedFrom):
2877         * html/HTMLSourceElement.cpp:
2878         (WebCore::HTMLSourceElement::media):
2879         (WebCore::HTMLSourceElement::setMedia):
2880         (WebCore::HTMLSourceElement::type):
2881         (WebCore::HTMLSourceElement::setType):
2882         * html/HTMLTableCellElement.cpp:
2883         (WebCore::HTMLTableCellElement::colSpanForBindings):
2884         (WebCore::HTMLTableCellElement::rowSpan):
2885         (WebCore::HTMLTableCellElement::rowSpanForBindings):
2886         (WebCore::HTMLTableCellElement::cellIndex):
2887         (WebCore::HTMLTableCellElement::abbr):
2888         (WebCore::HTMLTableCellElement::axis):
2889         (WebCore::HTMLTableCellElement::setColSpanForBindings):
2890         (WebCore::HTMLTableCellElement::headers):
2891         (WebCore::HTMLTableCellElement::setRowSpanForBindings):
2892         (WebCore::HTMLTableCellElement::scope):
2893         (WebCore::HTMLTableCellElement::addSubresourceAttributeURLs):
2894         (WebCore::HTMLTableCellElement::cellAbove):
2895         * html/HTMLTableColElement.cpp:
2896         (WebCore::HTMLTableColElement::width):
2897         * html/HTMLTableElement.cpp:
2898         (WebCore::HTMLTableElement::rules):
2899         (WebCore::HTMLTableElement::summary):
2900         (WebCore::HTMLTableElement::addSubresourceAttributeURLs):
2901         * html/HTMLTableSectionElement.cpp:
2902         (WebCore::HTMLTableSectionElement::align):
2903         (WebCore::HTMLTableSectionElement::setAlign):
2904         (WebCore::HTMLTableSectionElement::ch):
2905         (WebCore::HTMLTableSectionElement::setCh):
2906         (WebCore::HTMLTableSectionElement::chOff):
2907         (WebCore::HTMLTableSectionElement::setChOff):
2908         (WebCore::HTMLTableSectionElement::vAlign):
2909         (WebCore::HTMLTableSectionElement::setVAlign):
2910         * html/HTMLTextAreaElement.cpp:
2911         (WebCore::HTMLTextAreaElement::appendFormData):
2912         * html/HTMLTextFormControlElement.cpp:
2913         (WebCore::HTMLTextFormControlElement::strippedPlaceholder):
2914         (WebCore::HTMLTextFormControlElement::isPlaceholderEmpty):
2915         (WebCore::HTMLTextFormControlElement::directionForFormData):
2916         * html/HTMLTrackElement.cpp:
2917         (WebCore::HTMLTrackElement::srclang):
2918         (WebCore::HTMLTrackElement::label):
2919         (WebCore::HTMLTrackElement::isDefault):
2920         (WebCore::HTMLTrackElement::ensureTrack):
2921         (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
2922         * html/HTMLVideoElement.cpp:
2923         (WebCore::HTMLVideoElement::parseAttribute):
2924         (WebCore::HTMLVideoElement::imageSourceURL):
2925         * html/ImageInputType.cpp:
2926         (WebCore::ImageInputType::height):
2927         (WebCore::ImageInputType::width):
2928         * html/InputType.cpp:
2929         (WebCore::InputType::applyStep):
2930         * html/MediaElementSession.cpp:
2931         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
2932         * html/MonthInputType.cpp:
2933         (WebCore::MonthInputType::createStepRange):
2934         * html/NumberInputType.cpp:
2935         (WebCore::NumberInputType::createStepRange):
2936         (WebCore::NumberInputType::sizeShouldIncludeDecoration):
2937         * html/RangeInputType.cpp:
2938         (WebCore::RangeInputType::createStepRange):
2939         (WebCore::RangeInputType::handleKeydownEvent):
2940         * html/TextFieldInputType.cpp:
2941         (WebCore::TextFieldInputType::appendFormData):
2942         (WebCore::TextFieldInputType::updateAutoFillButton):
2943         * html/TimeInputType.cpp:
2944         (WebCore::TimeInputType::createStepRange):
2945         * html/ValidationMessage.cpp:
2946         (WebCore::ValidationMessage::updateValidationMessage):
2947         * html/WeekInputType.cpp:
2948         (WebCore::WeekInputType::createStepRange):
2949         * html/track/WebVTTElement.cpp:
2950         (WebCore::WebVTTElement::createEquivalentHTMLElement):
2951         * inspector/InspectorPageAgent.cpp:
2952         (WebCore::InspectorPageAgent::buildObjectForFrame):
2953         * loader/FormSubmission.cpp:
2954         (WebCore::FormSubmission::create):
2955         * loader/FrameLoader.cpp:
2956         (WebCore::FrameLoader::defaultSubstituteDataForURL):
2957         * loader/ImageLoader.cpp:
2958         (WebCore::ImageLoader::updateFromElement):
2959         * loader/SubframeLoader.cpp:
2960         (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy):
2961         * mathml/MathMLElement.cpp:
2962         (WebCore::MathMLElement::colSpan):
2963         (WebCore::MathMLElement::rowSpan):
2964         (WebCore::MathMLElement::childShouldCreateRenderer):
2965         (WebCore::MathMLElement::defaultEventHandler):
2966         (WebCore::MathMLElement::cachedMathMLLength):
2967         * mathml/MathMLFractionElement.cpp:
2968         (WebCore::MathMLFractionElement::lineThickness):
2969         (WebCore::MathMLFractionElement::cachedFractionAlignment):
2970         * mathml/MathMLSelectElement.cpp:
2971         (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
2972         (WebCore::MathMLSelectElement::getSelectedActionChild):
2973         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2974         (WebCore::MathMLSelectElement::defaultEventHandler):
2975         (WebCore::MathMLSelectElement::willRespondToMouseClickEvents):
2976         (WebCore::MathMLSelectElement::toggle):
2977         * page/EventHandler.cpp:
2978         (WebCore::findDropZone):
2979         * page/Frame.cpp:
2980         (WebCore::Frame::matchLabelsAgainstElement):
2981         * page/PageSerializer.cpp:
2982         (WebCore::PageSerializer::serializeFrame):
2983         * platform/win/PasteboardWin.cpp:
2984         (WebCore::Pasteboard::writeImageToDataObject):
2985         * rendering/HitTestResult.cpp:
2986         (WebCore::HitTestResult::altDisplayString):
2987         * rendering/RenderDetailsMarker.cpp:
2988         (WebCore::RenderDetailsMarker::isOpen):
2989         * rendering/RenderImage.cpp:
2990         (WebCore::RenderImage::imageMap):
2991         (WebCore::RenderImage::nodeAtPoint):
2992         * rendering/RenderMenuList.cpp:
2993         (RenderMenuList::itemAccessibilityText):
2994         (RenderMenuList::itemToolTip):
2995         * rendering/RenderSearchField.cpp:
2996         (WebCore::RenderSearchField::autosaveName):
2997         * rendering/RenderThemeIOS.mm:
2998         (WebCore::getAttachmentProgress):
2999         (WebCore::AttachmentInfo::AttachmentInfo):
3000         * rendering/RenderThemeMac.mm:
3001         (WebCore::AttachmentLayout::layOutSubtitle):
3002         (WebCore::RenderThemeMac::paintAttachment):
3003         * rendering/mathml/MathMLStyle.cpp:
3004         (WebCore::MathMLStyle::resolveMathMLStyle):
3005         * rendering/mathml/RenderMathMLFenced.cpp:
3006         (WebCore::RenderMathMLFenced::updateFromElement):
3007         * rendering/mathml/RenderMathMLOperator.cpp:
3008         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
3009         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttributeValue):
3010         (WebCore::RenderMathMLOperator::setOperatorProperties):
3011         * rendering/mathml/RenderMathMLScripts.cpp:
3012         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
3013         * rendering/mathml/RenderMathMLUnderOver.cpp:
3014         (WebCore::RenderMathMLUnderOver::hasAccent):
3015         * style/StyleSharingResolver.cpp:
3016         (WebCore::Style::SharingResolver::canShareStyleWithElement):
3017         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
3018         * svg/SVGAElement.cpp:
3019         (WebCore::SVGAElement::title):
3020         (WebCore::SVGAElement::defaultEventHandler):
3021         * svg/SVGAltGlyphElement.cpp:
3022         (WebCore::SVGAltGlyphElement::glyphRef):
3023         (WebCore::SVGAltGlyphElement::setFormat):
3024         (WebCore::SVGAltGlyphElement::format):
3025         (WebCore::SVGAltGlyphElement::childShouldCreateRenderer):
3026         * svg/SVGAnimationElement.cpp:
3027         (WebCore::SVGAnimationElement::toValue):
3028         (WebCore::SVGAnimationElement::byValue):
3029         (WebCore::SVGAnimationElement::fromValue):
3030         (WebCore::SVGAnimationElement::isAdditive):
3031         (WebCore::SVGAnimationElement::isAccumulated):
3032         * svg/SVGElement.cpp:
3033         (WebCore::SVGElement::xmlbase):
3034         (WebCore::SVGElement::setXmlbase):
3035         * svg/SVGFontFaceElement.cpp:
3036         (WebCore::SVGFontFaceElement::unitsPerEm):
3037         (WebCore::SVGFontFaceElement::xHeight):
3038         (WebCore::SVGFontFaceElement::capHeight):
3039         (WebCore::SVGFontFaceElement::horizontalOriginX):
3040         (WebCore::SVGFontFaceElement::horizontalOriginY):
3041         (WebCore::SVGFontFaceElement::horizontalAdvanceX):
3042         (WebCore::SVGFontFaceElement::verticalOriginX):
3043         (WebCore::SVGFontFaceElement::verticalOriginY):
3044         (WebCore::SVGFontFaceElement::verticalAdvanceY):
3045         (WebCore::SVGFontFaceElement::ascent):
3046         (WebCore::SVGFontFaceElement::descent):
3047         * svg/SVGFontFaceNameElement.cpp:
3048         (WebCore::SVGFontFaceNameElement::srcValue):
3049         * svg/SVGFontFaceUriElement.cpp:
3050         (WebCore::SVGFontFaceUriElement::srcValue):
3051         * svg/SVGGlyphRefElement.cpp:
3052         (WebCore::SVGGlyphRefElement::glyphRef):
3053         (WebCore::SVGGlyphRefElement::setGlyphRef):
3054         * svg/SVGHKernElement.cpp:
3055         (WebCore::SVGHKernElement::buildHorizontalKerningPair):
3056         * svg/SVGSVGElement.cpp:
3057         (WebCore::SVGSVGElement::contentScriptType):
3058         (WebCore::SVGSVGElement::contentStyleType):
3059         * svg/SVGStyleElement.cpp:
3060         (WebCore::SVGStyleElement::media):
3061         (WebCore::SVGStyleElement::title):
3062         (WebCore::SVGStyleElement::setTitle):
3063         * svg/SVGToOTFFontConversion.cpp:
3064         (WebCore::SVGToOTFFontConverter::appendOS2Table):
3065         (WebCore::SVGToOTFFontConverter::appendCFFTable):
3066         (WebCore::SVGToOTFFontConverter::appendArabicReplacementSubtable):
3067         (WebCore::SVGToOTFFontConverter::appendVORGTable):
3068         (WebCore::SVGToOTFFontConverter::transcodeGlyphPaths):
3069         (WebCore::SVGToOTFFontConverter::processGlyphElement):
3070         (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically):
3071         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
3072         * svg/SVGVKernElement.cpp:
3073         (WebCore::SVGVKernElement::buildVerticalKerningPair):
3074         * svg/animation/SVGSMILElement.cpp:
3075         (WebCore::SVGSMILElement::insertedInto):
3076         (WebCore::SVGSMILElement::parseAttribute):
3077         (WebCore::SVGSMILElement::svgAttributeChanged):
3078         (WebCore::SVGSMILElement::restart):
3079         (WebCore::SVGSMILElement::fill):
3080         (WebCore::SVGSMILElement::dur):
3081         (WebCore::SVGSMILElement::repeatDur):
3082         (WebCore::SVGSMILElement::repeatCount):
3083         (WebCore::SVGSMILElement::maxValue):
3084         (WebCore::SVGSMILElement::minValue):
3085
3086 2016-07-16  Carlos Garcia Campos  <cgarcia@igalia.com>
3087
3088         ASSERTION FAILED: isMainThread() in ~UniqueIDBDatabase() since r201997
3089         https://bugs.webkit.org/show_bug.cgi?id=159809
3090
3091         Reviewed by Brady Eidson.
3092
3093         In r201997 the UniqueIDBDatabase was protected in executeNextDatabaseTask() because the last reference could be
3094         removed while the task is performed. However UniqueIDBDatabase is expected to be deleted in the main thread, and
3095         the destructor asserts when not called in the main thread, but executeNextDatabaseTask() is always called on a
3096         secondary thread. So, if the protector contains the last reference, the object is deleted in the secondary thread.
3097
3098         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
3099         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask): Use callOnMainThread to ensure the object is
3100         deleted in the main thread in case the protector contains the last reference.
3101
3102 2016-07-15  Chris Dumez  <cdumez@apple.com>
3103
3104         Use emptyString() / nullAtom when possible
3105         https://bugs.webkit.org/show_bug.cgi?id=159850
3106
3107         Reviewed by Ryosuke Niwa.
3108
3109         Use emptyString() / nullAtom when possible, for performance.
3110
3111         * Modules/webaudio/AudioNode.cpp:
3112         (WebCore::AudioNode::channelCountMode):
3113         (WebCore::AudioNode::channelInterpretation):
3114         * Modules/webdatabase/DatabaseTracker.cpp:
3115         (WebCore::DatabaseTracker::tracker):
3116         * Modules/websockets/WebSocket.cpp:
3117         (WebCore::WebSocket::WebSocket):
3118         (WebCore::WebSocket::didConnect):
3119         * Modules/websockets/WebSocketChannel.cpp:
3120         (WebCore::WebSocketChannel::subprotocol):
3121         (WebCore::WebSocketChannel::extensions):
3122         * accessibility/AccessibilityObject.cpp:
3123         (WebCore::AccessibilityObject::supportsPressAction):
3124         * accessibility/mac/AXObjectCacheMac.mm:
3125         (WebCore::AXObjectCache::postTextStateChangePlatformNotification):
3126         * css/CSSPropertySourceData.cpp:
3127         (WebCore::CSSPropertySourceData::CSSPropertySourceData):
3128         * css/PageRuleCollector.cpp:
3129         (WebCore::PageRuleCollector::pageName):
3130         * css/PropertySetCSSStyleDeclaration.cpp:
3131         (WebCore::PropertySetCSSStyleDeclaration::getPropertyPriority):
3132         * dom/DocumentMarkerController.cpp:
3133         (WebCore::DocumentMarkerController::addDictationPhraseWithAlternativesMarker):
3134         * dom/Element.cpp:
3135         (WebCore::Element::setPrefix):
3136         * editing/AlternativeTextController.cpp:
3137         (WebCore::AlternativeTextController::respondToMarkerAtEndOfWord):
3138         (WebCore::AlternativeTextController::markerDescriptionForAppliedAlternativeText):
3139         * editing/CompositeEditCommand.cpp:
3140         (WebCore::CompositeEditCommand::removeNodeAttribute):
3141         (WebCore::CompositeEditCommand::moveParagraphs):
3142         * editing/InsertTextCommand.cpp:
3143         (WebCore::InsertTextCommand::positionInsideTextNode):
3144         * editing/TextCheckingHelper.cpp:
3145         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
3146         * editing/TypingCommand.cpp:
3147         (WebCore::TypingCommand::deleteSelection):
3148         (WebCore::TypingCommand::deleteKeyPressed):
3149         (WebCore::TypingCommand::forwardDeleteKeyPressed):
3150         (WebCore::TypingCommand::insertLineBreak):
3151         (WebCore::TypingCommand::insertParagraphSeparator):
3152         * editing/cocoa/EditorCocoa.mm:
3153         (WebCore::Editor::styleForSelectionStart):
3154         * editing/mac/EditorMac.mm:
3155         (WebCore::Editor::stringSelectionForPasteboard):
3156         (WebCore::Editor::stringSelectionForPasteboardWithImageAltText):
3157         * fileapi/FileReaderLoader.cpp:
3158         (WebCore::FileReaderLoader::FileReaderLoader):
3159         * html/FileInputType.cpp:
3160         (WebCore::FileInputType::appendFormData):
3161         * html/HTMLMediaElement.cpp:
3162         (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
3163         * html/HTMLOutputElement.cpp:
3164         (WebCore::HTMLOutputElement::HTMLOutputElement):
3165         * html/SearchInputType.cpp:
3166         (WebCore::SearchInputType::handleKeydownEvent):
3167         * html/TextFieldInputType.cpp:
3168         (WebCore::autoFillButtonTypeToAccessibilityLabel):
3169         * html/canvas/WebGLDebugShaders.cpp:
3170         (WebCore::WebGLDebugShaders::getTranslatedShaderSource):
3171         * html/canvas/WebGLRenderingContextBase.cpp:
3172         (WebCore::WebGLRenderingContextBase::dispatchContextLostEvent):
3173         (WebCore::WebGLRenderingContextBase::maybeRestoreContext):
3174         * html/canvas/WebGLShader.cpp:
3175         (WebCore::WebGLShader::WebGLShader):
3176         * html/shadow/MediaControlElements.cpp:
3177         (WebCore::MediaControlStatusDisplayElement::update):
3178         * html/track/TextTrack.cpp:
3179         (WebCore::TextTrack::captionMenuOffItem):
3180         (WebCore::TextTrack::captionMenuAutomaticItem):
3181         * html/track/VTTRegion.cpp:
3182         (WebCore::VTTRegion::scroll):
3183         * html/track/VTTRegion.h:
3184         * inspector/InspectorDOMAgent.cpp:
3185         (WebCore::InspectorDOMAgent::toErrorString):
3186         (WebCore::InspectorDOMAgent::resolveNode):
3187         (WebCore::InspectorDOMAgent::documentURLString):
3188         (WebCore::documentBaseURLString):
3189         * inspector/InspectorDOMDebuggerAgent.cpp:
3190         (WebCore::domTypeName):
3191         * inspector/InspectorFrontendHost.cpp:
3192         (WebCore::InspectorFrontendHost::localizedStringsURL):
3193         * inspector/InspectorHistory.cpp:
3194         (WebCore::InspectorHistory::Action::mergeId):
3195         * inspector/InspectorPageAgent.cpp:
3196         (WebCore::InspectorPageAgent::reload):
3197         (WebCore::InspectorPageAgent::frameId):
3198         (WebCore::InspectorPageAgent::loaderId):
3199         * inspector/InspectorStyleSheet.cpp:
3200         (WebCore::InspectorStyleSheet::ruleSelector):
3201         * loader/EmptyClients.h:
3202         * loader/FrameLoader.cpp:
3203         (WebCore::FrameLoader::referrer):
3204         * loader/ImageLoader.cpp:
3205         (WebCore::ImageLoader::clearFailedLoadURL):
3206         * loader/ResourceLoader.cpp:
3207         (WebCore::ResourceLoader::didReceiveResponse):
3208         * page/ContextMenuController.cpp:
3209         (WebCore::ContextMenuController::contextMenuItemSelected):
3210         * page/FrameTree.cpp:
3211         (WebCore::FrameTree::setName):
3212         (WebCore::FrameTree::clearName):
3213         * page/Location.cpp:
3214         (WebCore::Location::port):
3215         * platform/network/ProtectionSpaceBase.cpp:
3216         (WebCore::ProtectionSpaceBase::ProtectionSpaceBase):
3217         * xml/parser/XMLDocumentParserLibxml2.cpp:
3218         (WebCore::handleElementAttributes):
3219
3220 2016-07-15  Simon Fraser  <simon.fraser@apple.com>
3221
3222         Repaints rects drawn incorrectly when inspecting a WebView on a Retina display
3223         https://bugs.webkit.org/show_bug.cgi?id=159824
3224         rdar://problem/27376305
3225
3226         Reviewed by Brian Burg.
3227
3228         InspectorOverlayPage.js set up the canvases with a deviceScaleFactor passed into
3229         reset(), which comes from the overlay's m_page.deviceScaleFactor(). However, updatePaintRects()
3230         used window.devicePixelRatio which was always 1.
3231
3232         Fix by setting the deviceScaleFactor on the m_overlayPage.
3233
3234         * inspector/InspectorOverlay.cpp:
3235         (WebCore::InspectorOverlay::overlayPage):
3236
3237 2016-07-15  Myles C. Maxfield  <mmaxfield@apple.com>
3238
3239         [macOS] Work around crash in [NSAttributedString nextWordFromIndex:forward:]
3240         https://bugs.webkit.org/show_bug.cgi?id=159842
3241
3242         Reviewed by Jon Lee.
3243
3244         <rdar://problem/27380532> describes a crash inside [NSAttributedString nextWordFromIndex:forward:].
3245         This must be worked around for https://bugs.webkit.org/show_bug.cgi?id=159755 and
3246         <rdar://problem/27325521>.
3247
3248         * platform/text/mac/TextBoundaries.mm:
3249         (WebCore::findNextWordFromIndex):
3250
3251 2016-07-15  Brady Eidson  <beidson@apple.com>
3252
3253         Update XPathException to use the description in toString().
3254         https://bugs.webkit.org/show_bug.cgi?id=159848
3255
3256         Reviewed by Alex Christensen.
3257
3258         No new tests (Covered by changes to existing tests).
3259
3260         * bindings/js/JSDOMBinding.cpp:
3261         (WebCore::createDOMException):
3262         * xml/XPathException.h:
3263         (WebCore::XPathException::XPathException):
3264
3265 2016-07-15  Brady Eidson  <beidson@apple.com>
3266
3267         Change toString() behavior for exceptions constructed with "createWithDescriptionAsMessage".
3268         https://bugs.webkit.org/show_bug.cgi?id=159839
3269
3270         Reviewed by Alex Christensen.
3271
3272         No new tests (Covered by changes to existing tests).
3273
3274         This is the first step towards extended exception messages for all exception types.
3275
3276         * dom/ExceptionBase.cpp:
3277         (WebCore::ExceptionBase::ExceptionBase):
3278         (WebCore::ExceptionBase::toString):
3279         * dom/ExceptionBase.h:
3280
3281 2016-07-15  Geoffrey Garen  <ggaren@apple.com>
3282
3283         Added a makeRef<T> helper
3284         https://bugs.webkit.org/show_bug.cgi?id=159835
3285
3286         Reviewed by Andreas Kling.
3287
3288         Anders told me to!
3289
3290         * Modules/indexeddb/IDBTransaction.cpp:
3291         (WebCore::IDBTransaction::putOrAddOnServer):
3292         * Modules/indexeddb/shared/InProcessIDBServer.cpp:
3293         (WebCore::InProcessIDBServer::deleteDatabase):
3294         (WebCore::InProcessIDBServer::didDeleteDatabase):
3295         (WebCore::InProcessIDBServer::openDatabase):
3296         (WebCore::InProcessIDBServer::didOpenDatabase):
3297         (WebCore::InProcessIDBServer::didAbortTransaction):
3298         (WebCore::InProcessIDBServer::didCommitTransaction):
3299         (WebCore::InProcessIDBServer::didCreateObjectStore):
3300         (WebCore::InProcessIDBServer::didDeleteObjectStore):
3301         (WebCore::InProcessIDBServer::didClearObjectStore):
3302         (WebCore::InProcessIDBServer::didCreateIndex):
3303         (WebCore::InProcessIDBServer::didDeleteIndex):
3304         (WebCore::InProcessIDBServer::didPutOrAdd):
3305         (WebCore::InProcessIDBServer::didGetRecord):
3306         (WebCore::InProcessIDBServer::didGetCount):
3307         (WebCore::InProcessIDBServer::didDeleteRecord):
3308         (WebCore::InProcessIDBServer::didOpenCursor):
3309         (WebCore::InProcessIDBServer::didIterateCursor):
3310         (WebCore::InProcessIDBServer::abortTransaction):
3311         (WebCore::InProcessIDBServer::commitTransaction):
3312         (WebCore::InProcessIDBServer::didFinishHandlingVersionChangeTransaction):
3313         (WebCore::InProcessIDBServer::createObjectStore):
3314         (WebCore::InProcessIDBServer::deleteObjectStore):
3315         (WebCore::InProcessIDBServer::clearObjectStore):
3316         (WebCore::InProcessIDBServer::createIndex):
3317         (WebCore::InProcessIDBServer::deleteIndex):
3318         (WebCore::InProcessIDBServer::putOrAdd):
3319         (WebCore::InProcessIDBServer::getRecord):
3320         (WebCore::InProcessIDBServer::getCount):
3321         (WebCore::InProcessIDBServer::deleteRecord):
3322         (WebCore::InProcessIDBServer::openCursor):
3323         (WebCore::InProcessIDBServer::iterateCursor):
3324         (WebCore::InProcessIDBServer::establishTransaction):
3325         (WebCore::InProcessIDBServer::fireVersionChangeEvent):
3326         (WebCore::InProcessIDBServer::didStartTransaction):
3327         (WebCore::InProcessIDBServer::didCloseFromServer):
3328         (WebCore::InProcessIDBServer::notifyOpenDBRequestBlocked):
3329         (WebCore::InProcessIDBServer::databaseConnectionClosed):
3330         (WebCore::InProcessIDBServer::abortOpenAndUpgradeNeeded):
3331         (WebCore::InProcessIDBServer::didFireVersionChangeEvent):
3332         (WebCore::InProcessIDBServer::openDBRequestCancelled):
3333         (WebCore::InProcessIDBServer::confirmDidCloseFromServer):
3334         (WebCore::InProcessIDBServer::getAllDatabaseNames):
3335         (WebCore::InProcessIDBServer::didGetAllDatabaseNames):
3336         * Modules/mediastream/MediaDevicesRequest.cpp:
3337         (WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest):
3338         * Modules/mediastream/UserMediaRequest.cpp:
3339         (WebCore::UserMediaRequest::constraintsValidated):
3340         (WebCore::UserMediaRequest::userMediaAccessGranted):
3341         * Modules/webaudio/AudioContext.cpp:
3342         (WebCore::AudioContext::scheduleNodeDeletion):
3343         (WebCore::AudioContext::isPlayingAudioDidChange):
3344         (WebCore::AudioContext::suspend):
3345         (WebCore::AudioContext::resume):
3346         (WebCore::AudioContext::close):
3347         (WebCore::AudioContext::suspendPlayback):
3348         (WebCore::AudioContext::mayResumePlayback):
3349         * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
3350         (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
3351         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
3352         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
3353         (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
3354         (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
3355         (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
3356         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
3357         (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
3358         * Modules/websockets/WebSocket.cpp:
3359         (WebCore::WebSocket::connect):
3360         * bindings/js/JSEventListener.h:
3361         (WebCore::JSEventListener::jsFunction):
3362         * dom/Node.cpp:
3363         (WebCore::Node::setTextContent):
3364         * html/HTMLMediaElement.cpp:
3365         (WebCore::HTMLMediaElement::layoutSizeChanged):
3366         * inspector/CommandLineAPIHost.cpp:
3367         (WebCore::CommandLineAPIHost::wrapper):
3368         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
3369         (WebCore::AudioSourceProviderAVFObjC::prepare):
3370         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
3371         (WebCore::WebCoreAVCFResourceLoader::invalidate):
3372         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
3373         (WebCore::WebCoreAVFResourceLoader::invalidate):
3374         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
3375         (WebVideoFullscreenControllerContext::setExternalPlayback):
3376         * platform/network/BlobResourceHandle.cpp:
3377         (WebCore::BlobResourceHandle::start):
3378         (WebCore::BlobResourceHandle::notifyFinish):
3379         * platform/network/SocketStreamHandleBase.cpp:
3380         (WebCore::SocketStreamHandleBase::disconnect):
3381         * platform/network/curl/CurlDownload.cpp:
3382         (WebCore::CurlDownload::didReceiveHeader):
3383
3384 2016-07-15  Chris Dumez  <cdumez@apple.com>
3385
3386         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible
3387         https://bugs.webkit.org/show_bug.cgi?id=159793
3388
3389         Reviewed by Ryosuke Niwa.
3390
3391         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible, for performance.
3392
3393         * Modules/plugins/YouTubePluginReplacement.cpp:
3394         (WebCore::YouTubePluginReplacement::installReplacement):
3395         * dom/Element.h:
3396         (WebCore::Element::setIdAttribute):
3397         * editing/ApplyStyleCommand.cpp:
3398         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
3399         (WebCore::createFontElement):
3400         (WebCore::ApplyStyleCommand::applyInlineStyleChange):
3401         * editing/EditingStyle.cpp:
3402         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
3403         * editing/Editor.cpp:
3404         (WebCore::Editor::setBaseWritingDirection):
3405         * editing/ReplaceSelectionCommand.cpp:
3406         (WebCore::isMailPasteAsQuotationNode):
3407         (WebCore::isInlineNodeWithStyle):
3408         * editing/cocoa/DataDetection.mm:
3409         (WebCore::DataDetection::detectContentInRange):
3410         * editing/htmlediting.cpp:
3411         (WebCore::createTabSpanElement):
3412         * editing/ios/EditorIOS.mm:
3413         (WebCore::Editor::setTextAlignmentForChangedBaseWritingDirection):
3414         (WebCore::Editor::WebContentReader::readURL):
3415         * editing/mac/EditorMac.mm:
3416         (WebCore::Editor::WebContentReader::readURL):
3417         * editing/markup.cpp:
3418         (WebCore::createFragmentFromText):
3419         * html/BaseButtonInputType.cpp:
3420         (WebCore::BaseButtonInputType::setValue):
3421         * html/BaseCheckableInputType.cpp:
3422         (WebCore::BaseCheckableInputType::setValue):
3423         * html/FTPDirectoryDocument.cpp:
3424         (WebCore::FTPDirectoryDocumentParser::appendEntry):
3425         (WebCore::FTPDirectoryDocumentParser::createTDForFilename):
3426         (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
3427         (WebCore::FTPDirectoryDocumentParser::createBasicDocument):
3428         * html/HTMLAnchorElement.cpp:
3429         (WebCore::HTMLAnchorElement::href):
3430         (WebCore::HTMLAnchorElement::setHref):
3431         (WebCore::HTMLAnchorElement::target):
3432         * html/HTMLAreaElement.cpp:
3433         (WebCore::HTMLAreaElement::target):
3434         * html/HTMLBaseElement.cpp:
3435         (WebCore::HTMLBaseElement::setHref):
3436         * html/HTMLButtonElement.cpp:
3437         (WebCore::HTMLButtonElement::setType):
3438         * html/HTMLDetailsElement.cpp:
3439         (WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot):
3440         (WebCore::HTMLDetailsElement::toggleOpen):
3441         * html/HTMLDocument.cpp:
3442         (WebCore::HTMLDocument::setBgColor):
3443         (WebCore::HTMLDocument::setFgColor):
3444         (WebCore::HTMLDocument::setAlinkColor):
3445         (WebCore::HTMLDocument::setLinkColor):
3446         (WebCore::HTMLDocument::setVlinkColor):
3447         * html/HTMLElement.cpp:
3448         (WebCore::HTMLElement::setDir):
3449         (WebCore::HTMLElement::setContentEditable):
3450         (WebCore::HTMLElement::setDraggable):
3451         (WebCore::HTMLElement::setSpellcheck):
3452         (WebCore::HTMLElement::setTranslate):
3453         * html/HTMLFormControlElement.cpp:
3454         (WebCore::HTMLFormControlElement::setFormEnctype):
3455         (WebCore::HTMLFormControlElement::setFormMethod):
3456         (WebCore::HTMLFormControlElement::setAutocorrect):
3457         (WebCore::HTMLFormControlElement::setAutocapitalize):
3458         (WebCore::HTMLFormControlElement::setAutocomplete):
3459         * html/HTMLFormElement.cpp:
3460         (WebCore::HTMLFormElement::setAutocorrect):
3461         (WebCore::HTMLFormElement::setAutocapitalize):
3462         (WebCore::HTMLFormElement::setAction):
3463         (WebCore::HTMLFormElement::setEnctype):
3464         (WebCore::HTMLFormElement::setMethod):
3465         (WebCore::HTMLFormElement::target):
3466         * html/HTMLImageElement.cpp:
3467         (WebCore::HTMLImageElement::width):
3468         (WebCore::HTMLImageElement::height):
3469         (WebCore::HTMLImageElement::setSrc):
3470         * html/HTMLInputElement.cpp:
3471         (WebCore::HTMLInputElement::setType):
3472         (WebCore::HTMLInputElement::updateType):
3473         (WebCore::HTMLInputElement::altText):
3474         (WebCore::HTMLInputElement::setDefaultValue):
3475         * html/HTMLLinkElement.cpp:
3476         (WebCore::HTMLLinkElement::href):
3477         (WebCore::HTMLLinkElement::target):
3478         (WebCore::HTMLLinkElement::type):
3479         * html/HTMLMediaElement.cpp:
3480         (WebCore::HTMLMediaElement::setSrc):
3481         (WebCore::HTMLMediaElement::setPreload):
3482         * html/HTMLMeterElement.cpp:
3483         (WebCore::HTMLMeterElement::min):
3484         (WebCore::HTMLMeterElement::setMin):
3485         (WebCore::HTMLMeterElement::max):
3486         (WebCore::HTMLMeterElement::setMax):
3487         (WebCore::HTMLMeterElement::value):
3488         (WebCore::HTMLMeterElement::setValue):
3489         (WebCore::HTMLMeterElement::low):
3490         (WebCore::HTMLMeterElement::setLow):
3491         (WebCore::HTMLMeterElement::high):
3492         (WebCore::HTMLMeterElement::setHigh):
3493         (WebCore::HTMLMeterElement::optimum):
3494         (WebCore::HTMLMeterElement::setOptimum):
3495         * html/HTMLObjectElement.cpp:
3496         (WebCore::HTMLObjectElement::containsJavaApplet):
3497         * html/HTMLOptionElement.cpp:
3498         (WebCore::HTMLOptionElement::createForJSConstructor):
3499         (WebCore::HTMLOptionElement::setValue):
3500         (WebCore::HTMLOptionElement::setLabel):
3501         * html/HTMLProgressElement.cpp:
3502         (WebCore::HTMLProgressElement::setValue):
3503         (WebCore::HTMLProgressElement::setMax):
3504         * html/HTMLScriptElement.cpp:
3505         (WebCore::HTMLScriptElement::typeAttributeValue):
3506         * html/HTMLSelectElement.cpp:
3507         (WebCore::HTMLSelectElement::setMultiple):
3508         * html/HTMLSourceElement.cpp:
3509         (WebCore::HTMLSourceElement::setSrc):
3510         (WebCore::HTMLSourceElement::media):
3511         (WebCore::HTMLSourceElement::setMedia):
3512         (WebCore::HTMLSourceElement::type):
3513         (WebCore::HTMLSourceElement::setType):
3514         * html/HTMLTableSectionElement.cpp:
3515         (WebCore::HTMLTableSectionElement::setAlign):
3516         (WebCore::HTMLTableSectionElement::setCh):
3517         (WebCore::HTMLTableSectionElement::chOff):
3518         (WebCore::HTMLTableSectionElement::setChOff):
3519         (WebCore::HTMLTableSectionElement::setVAlign):
3520         * html/HTMLTextFormControlElement.cpp:
3521         (WebCore::HTMLTextFormControlElement::updateInnerTextElementEditability):
3522         * html/HTMLVideoElement.cpp:
3523         (WebCore::HTMLVideoElement::imageSourceURL):
3524         * html/HiddenInputType.cpp:
3525         (WebCore::HiddenInputType::restoreFormControlState):
3526         (WebCore::HiddenInputType::setValue):
3527         * html/MediaDocument.cpp:
3528         (WebCore::MediaDocumentParser::createDocumentStructure):
3529         (WebCore::MediaDocument::replaceMediaElementTimerFired):
3530         * html/PluginDocument.cpp:
3531         (WebCore::PluginDocumentParser::createDocumentStructure):
3532         * html/TextFieldInputType.cpp:
3533         (WebCore::TextFieldInputType::createAutoFillButton):
3534         (WebCore::TextFieldInputType::updateAutoFillButton):
3535         * html/parser/HTMLTreeBuilder.cpp:
3536         (WebCore::HTMLTreeBuilder::processIsindexStartTagForInBody):
3537         * html/shadow/MediaControlElements.cpp:
3538         (WebCore::MediaControlClosedCaptionsContainerElement::create):
3539         (WebCore::MediaControlTimelineElement::create):
3540         (WebCore::MediaControlPanelVolumeSliderElement::create):
3541         (WebCore::MediaControlFullscreenVolumeSliderElement::create):
3542         * html/shadow/TextControlInnerElements.cpp:
3543         (WebCore::SearchFieldCancelButtonElement::SearchFieldCancelButtonElement):
3544         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
3545         (WebCore::ImageControlsButtonElementMac::tryCreate):
3546         * html/shadow/mac/ImageControlsRootElementMac.cpp:
3547         (WebCore::ImageControlsRootElement::tryCreate):
3548         * html/track/WebVTTElement.cpp:
3549         (WebCore::WebVTTElement::createEquivalentHTMLElement):
3550         * html/track/WebVTTParser.cpp:
3551         (WebCore::WebVTTTreeBuilder::constructTreeFromToken):
3552         * inspector/InspectorCSSAgent.cpp:
3553         (WebCore::InspectorCSSAgent::createInspectorStyleSheetForDocument):
3554         * inspector/InspectorPageAgent.cpp:
3555         (WebCore::InspectorPageAgent::buildObjectForFrame):
3556         * mathml/MathMLSelectElement.cpp:
3557         (WebCore::MathMLSelectElement::toggle):
3558         * page/PageSerializer.cpp:
3559         (WebCore::PageSerializer::serializeFrame):
3560         * rendering/RenderDetailsMarker.cpp:
3561         (WebCore::RenderDetailsMarker::isOpen):
3562         * rendering/mathml/RenderMathMLFraction.cpp:
3563         (WebCore::RenderMathMLFraction::updateFromElement):
3564         * svg/SVGElement.cpp:
3565         (WebCore::SVGElement::setXmlbase):
3566         * svg/SVGSVGElement.cpp:
3567         (WebCore::SVGSVGElement::setContentScriptType):
3568         (WebCore::SVGSVGElement::setContentStyleType):
3569         * svg/SVGStyleElement.cpp:
3570         (WebCore::SVGStyleElement::setMedia):
3571         (WebCore::SVGStyleElement::setTitle):
3572
3573 2016-07-15  Chris Dumez  <cdumez@apple.com>
3574
3575         Modernize StaticNodeList / StaticElementList
3576         https://bugs.webkit.org/show_bug.cgi?id=159831
3577
3578         Reviewed by Ryosuke Niwa.
3579
3580         Modernize StaticNodeList / StaticElementList. Pass vector to adopt
3581         as an rvalue reference instead of a non-const reference.
3582
3583         * bindings/js/JSHTMLAllCollectionCustom.cpp:
3584         (WebCore::namedItems):
3585         * dom/ChildListMutationScope.cpp:
3586         (WebCore::ChildListMutationAccumulator::enqueueMutationRecord):
3587         * dom/MutationRecord.cpp:
3588         * dom/SelectorQuery.cpp:
3589         (WebCore::SelectorDataList::queryAll):
3590         * dom/StaticNodeList.h:
3591         * dom/WebKitNamedFlow.cpp:
3592         (WebCore::WebKitNamedFlow::getRegionsByContent):
3593         (WebCore::WebKitNamedFlow::getRegions):
3594         (WebCore::WebKitNamedFlow::getContent):
3595         * svg/SVGSVGElement.cpp:
3596         (WebCore::SVGSVGElement::collectIntersectionOrEnclosureList):
3597         * testing/Internals.cpp:
3598         (WebCore::Internals::nodesFromRect):
3599
3600 2016-07-15  Brent Fulgham  <bfulgham@apple.com>
3601
3602         Block insecure script running in a data: frame when the top-level page is HTTPS
3603         https://bugs.webkit.org/show_bug.cgi?id=125806
3604         <rdar://problem/27331825>
3605
3606         Reviewed by Brady Eidson.
3607
3608         Fix based on a Blink change (patch by <tsepez@chromium.org>):
3609         <https://chromium.googlesource.com/chromium/blink/+/33e553bd96e040151c1472289a0d80803bfca3a5>
3610
3611         Test: http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html
3612
3613         * loader/cache/CachedResourceLoader.cpp:
3614         (WebCore::CachedResourceLoader::checkInsecureContent): Check the top-level frame's security state
3615         before allowing insecure scripts to be used.        
3616
3617 2016-07-15  Chris Dumez  <cdumez@apple.com>
3618
3619         Let the compiler generate QualifiedName copy constructor and assignment operator
3620         https://bugs.webkit.org/show_bug.cgi?id=159826
3621
3622         Reviewed by Alex Christensen.
3623
3624         Let the compiler generate QualifiedName copy constructor and assignment operator
3625         as our custom implementation does nothing special. This also makes QualifiedName
3626         movable as the compiler is now able to generate the move constructor / assignment
3627         operator as well.
3628
3629         * dom/QualifiedName.h:
3630         (WebCore::QualifiedName::QualifiedName): Deleted.
3631         (WebCore::QualifiedName::operator=): Deleted.
3632
3633 2016-07-15  Antonio Gomes  <tonikitoo@igalia.com>
3634
3635         ScrollView::setHasHorizontalScrollbar / setHasVerticalScrollbar duplicate their logic
3636         https://bugs.webkit.org/show_bug.cgi?id=159825
3637
3638         Patch introduces a (private) method to ScrollView
3639         to share the code/logic of setHas{Horizontal,Vertical}Scrollbar.
3640
3641         Reviewed by Simon Fraser.
3642
3643         No new tests needed.
3644
3645         * platform/ScrollView.cpp:
3646         (WebCore::ScrollView::setHasScrollbarInternal):
3647         (WebCore::ScrollView::setHasHorizontalScrollbar):
3648         (WebCore::ScrollView::setHasVerticalScrollbar):
3649         * platform/ScrollView.h:
3650
3651 2016-07-15  Frederic Wang  <fwang@igalia.com>
3652
3653         MathOperator: Improve alignment for vertical size variant
3654         https://bugs.webkit.org/show_bug.cgi?id=158866
3655
3656         Reviewed by Brent Fulgham.
3657
3658         The MathOperator class may stretch operators with either a large glyph or a glyph assembly.
3659         In the latter case, the assembly is adjusted to match the stretch ascent and descent
3660         requested by the callers. But in the former case the glyph ascent and descent are used
3661         instead. We solve this by making MathOperator::stretchTo only take a targetSize and let
3662         callers do the vertical alignment they want. This improves the rendering of fences with some
3663         math fonts (e.g. XITS) and allows to pass the two cases of mo-axis-height-1.html.
3664
3665         Test: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
3666
3667         * rendering/mathml/MathOperator.cpp:
3668         (WebCore::MathOperator::stretchTo): Merge vertical and horizontal stretching into the same
3669         function with only the targetSize as a parameter.
3670         * rendering/mathml/RenderMathMLOperator.cpp:
3671         (WebCore::RenderMathMLOperator::stretchTo): Updated to use the new signature.
3672         (WebCore::RenderMathMLOperator::verticalStretchedOperatorShift): Helper function to calculate
3673         the shift necessary to align the baseline of the MathOperator instance with the one of the
3674         RenderMathMLOperator.
3675         (WebCore::RenderMathMLOperator::firstLineBaseline): Adjust the baseline.
3676         * rendering/mathml/RenderMathMLOperator.h: Declare verticalStretchedOperatorShift.
3677         * rendering/mathml/RenderMathMLRoot.cpp:
3678         (WebCore::RenderMathMLRoot::layoutBlock): Use the new signature. This function aligns the top
3679         of the radical with the overbar so we do not need to adjust baseline alignment here.
3680
3681 2016-07-15  Brady Eidson  <beidson@apple.com>
3682
3683         WebKit should prevent push/replace state with username in URL.
3684         <rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818
3685
3686         Reviewed by Brent Fulgham.
3687
3688         Test: http/tests/security/history-username-password.html
3689
3690         * page/History.cpp:
3691         (WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.
3692
3693 2016-07-15  Ryan Haddad  <ryanhaddad@apple.com>
3694
3695         Unreviewed, rolling out r203266.
3696
3697         This change caused editing/deleting/delete-emoji.html to time
3698         out on El Capitan, crash under GuardMalloc
3699
3700         Reverted changeset:
3701
3702         "Support new emoji group candidates"
3703         https://bugs.webkit.org/show_bug.cgi?id=159755
3704         http://trac.webkit.org/changeset/203266
3705
3706 2016-07-15  Frederic Wang  <fwang@igalia.com>
3707
3708         Move parsing of mfrac attributes into a MathMLFractionElement class
3709         https://bugs.webkit.org/show_bug.cgi?id=159624
3710
3711         Reviewed by Brent Fulgham.
3712
3713         We move the parsing of mfrac attributes to a MathMLFractionElement class. This allows to
3714         minimize the updates in RenderMathMLFraction and to remove the alignment members. Many of
3715         the members in updateLayoutParameters are actually only used in layoutBlock and could be
3716         removed in a follow-up patch. We also improve the resolution of negative line thickness value
3717         since the MathML recommendation says it should be rounded up to the nearest valid
3718         value (which is zero) instead of ignoring the attribute and using the line thickness.
3719
3720         No new tests, already covered by existing tests.
3721
3722         * CMakeLists.txt: Add MathMLFractionElement.
3723         * WebCore.xcodeproj/project.pbxproj: Ditto.
3724         * mathml/MathMLAllInOne.cpp: Ditto.
3725         * mathml/MathMLFractionElement.cpp: Added.
3726         (WebCore::MathMLFractionElement::MathMLFractionElement):
3727         (WebCore::MathMLFractionElement::create):
3728         (WebCore::MathMLFractionElement::lineThickness): Return the cached linethickness length,
3729         parsing it again if it is dirty. This handles the special values "thin", "medium" and "thick"
3730         or fallback to the general parseMathMLLength for MathML lengths.
3731         (WebCore::MathMLFractionElement::cachedFractionAlignment): Return the cached alignment value,
3732         parsing it again if it is dirty.
3733         (WebCore::MathMLFractionElement::numeratorAlignment): Return the cached alignment.
3734         (WebCore::MathMLFractionElement::denominatorAlignment): Ditto.
3735         (WebCore::MathMLFractionElement::parseAttribute): Make attributes dirty.
3736         (WebCore::MathMLFractionElement::createElementRenderer): Create a RenderMathMLFraction.
3737         * mathml/MathMLFractionElement.h: Added.
3738         * mathml/MathMLInlineContainerElement.cpp: We no longer need to handle fraction here.
3739         (WebCore::MathMLInlineContainerElement::createElementRenderer):
3740         * mathml/mathtags.in: Use MathMLFractionElement for mfrac.
3741         * rendering/mathml/RenderMathMLFraction.cpp:
3742         (WebCore::RenderMathMLFraction::updateLayoutParameters): New helper function to set the
3743         layout parameters, replacing updateFromElement. We no longer parse and store the alignment
3744         values here. We also change the resolution of negative values.
3745         (WebCore::RenderMathMLFraction::horizontalOffset): Use the enum from MathMLFractionElement.
3746         (WebCore::RenderMathMLFraction::layoutBlock): We call updateLayoutParameters instead of
3747         updateFromElement. The numerator and denominator alignments are resolved here.
3748         (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Deleted. Parsing of alignment
3749         attribute is now handled in MathMLFractionElement.
3750         (WebCore::RenderMathMLFraction::updateFromElement): Deleted. Attribute changes are now
3751         handled in MathMLFractionElement.
3752         (WebCore::RenderMathMLFraction::styleDidChange): Deleted. Font changes are properly handled.
3753         * rendering/mathml/RenderMathMLFraction.h: Update declarations.
3754
3755 2016-07-15  Frederic Wang  <fwang@igalia.com>
3756
3757         Check whether font is nonnull for GlyphData instead of calling GlyphData::isValid()
3758         https://bugs.webkit.org/show_bug.cgi?id=159783
3759
3760         Reviewed by Brent Fulgham.
3761
3762         GlyphData::isValid() returns true for GlyphData with null 'font' pointer when the 'glyph'
3763         index is nonzero. This behavior is not expected by the MathML code and we have had crashes
3764         in our test suite in the past on Windows (e.g. bug 140653). We thus replace the call to
3765         GlyphData::isValid() with a stronger verification: Whether the 'font' pointer is nonzero.
3766
3767         No new tests, this only makes null pointer checks stronger.
3768
3769         * rendering/mathml/MathOperator.cpp:
3770         (WebCore::boundsForGlyph):
3771         (WebCore::advanceWidthForGlyph):
3772         (WebCore::MathOperator::getBaseGlyph):
3773         (WebCore::MathOperator::setSizeVariant):
3774         (WebCore::MathOperator::fillWithVerticalExtensionGlyph):
3775         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph):
3776         (WebCore::MathOperator::paintVerticalGlyphAssembly):
3777         (WebCore::MathOperator::paintHorizontalGlyphAssembly):
3778         (WebCore::MathOperator::paint):
3779         * rendering/mathml/RenderMathMLOperator.cpp:
3780         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
3781         * rendering/mathml/RenderMathMLToken.cpp:
3782         (WebCore::RenderMathMLToken::computePreferredLogicalWidths):
3783         (WebCore::RenderMathMLToken::firstLineBaseline):
3784         (WebCore::RenderMathMLToken::layoutBlock):
3785         (WebCore::RenderMathMLToken::paint):
3786         (WebCore::RenderMathMLToken::paintChildren):
3787
3788 2016-07-15  Frederic Wang  <fwang@igalia.com>
3789
3790         Add DejaVu Math TeX Gyre to the list of math fonts.
3791         https://bugs.webkit.org/show_bug.cgi?id=159805
3792
3793         Reviewed by Brent Fulgham.
3794
3795         DejaVu 2.36 has a new math font that can be used for MathML rendering. Because this font is
3796         likely to be installed on many systems (Linux, LibreOffice, etc) we include it in the default
3797         list of font-families in mathml.css in order to increase the chance to find a math font.
3798
3799         No new tests, it only affects rendering when DejaVu Math TeX Gyre is installed on the system.
3800
3801         * css/mathml.css:
3802         (math):
3803
3804 2016-07-15  Eric Carlson  <eric.carlson@apple.com>
3805
3806         [MSE] Increase the SourceBuffer "fudge factor"
3807         https://bugs.webkit.org/show_bug.cgi?id=159813
3808         <rdar://problem/27372033>
3809
3810         Reviewed by Jon Lee.
3811         
3812         Some media encoding/conversion pipelines are sloppy when doing sample time/timescale
3813         math, and the error accumulation results in small gaps in the media timeline. r202641
3814         increased the maximum allowable gap from 0.01 second to one 24fps frame, but it turns
3815         out that at least one large provider has a significant amount of content encoded with
3816         up to two 24fps frames.
3817
3818         No new tests, updated media/media-source/media-source-small-gap.html.
3819
3820         * Modules/mediasource/SourceBuffer.cpp:
3821         (WebCore::currentTimeFudgeFactor): Increase maximum gap to 2002 / 24000 frames.
3822
3823 2016-07-15  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
3824
3825         Add final keyword to WebCore/svg classes
3826         https://bugs.webkit.org/show_bug.cgi?id=159802
3827
3828         Reviewed by Youenn Fablet.
3829
3830         Updated classes in the WebCore/svg directory to be marked as final where appropriate.
3831
3832         * svg/SVGException.h:
3833         * svg/SVGLengthList.h:
3834         * svg/SVGMatrix.h:
3835         * svg/SVGNumberList.h:
3836         * svg/SVGPaint.h:
3837         * svg/SVGPathBuilder.h:
3838         * svg/SVGPathByteStreamBuilder.h:
3839         * svg/SVGPathByteStreamSource.h:
3840         * svg/SVGPathSegArcAbs.h:
3841         * svg/SVGPathSegArcRel.h:
3842         * svg/SVGPathSegClosePath.h:
3843         * svg/SVGPathSegCurvetoCubicAbs.h:
3844         * svg/SVGPathSegCurvetoCubicRel.h:
3845         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
3846         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
3847         * svg/SVGPathSegCurvetoQuadraticAbs.h:
3848         * svg/SVGPathSegCurvetoQuadraticRel.h:
3849         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
3850         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
3851         * svg/SVGPathSegLinetoAbs.h:
3852         * svg/SVGPathSegLinetoHorizontalAbs.h:
3853         * svg/SVGPathSegLinetoHorizontalRel.h:
3854         * svg/SVGPathSegLinetoRel.h:
3855         * svg/SVGPathSegLinetoVerticalAbs.h:
3856         * svg/SVGPathSegLinetoVerticalRel.h:
3857         * svg/SVGPathSegListBuilder.h:
3858         * svg/SVGPathSegListSource.h:
3859         * svg/SVGPathSegMovetoAbs.h:
3860         * svg/SVGPathSegMovetoRel.h:
3861         * svg/SVGPathStringSource.h:
3862         * svg/SVGPathTraversalStateBuilder.h:
3863         * svg/SVGPointList.h:
3864         * svg/SVGRenderingIntent.h:
3865         * svg/SVGStringList.h:
3866         * svg/SVGTRefElement.cpp:
3867         * svg/SVGToOTFFontConversion.cpp:
3868         * svg/SVGTransformList.h:
3869         * svg/SVGUnitTypes.h:
3870         * svg/SVGViewSpec.h:
3871         * svg/SVGZoomEvent.h:
3872         * svg/animation/SMILTimeContainer.h:
3873         * svg/animation/SVGSMILElement.cpp:
3874         * svg/graphics/filters/SVGFEImage.h:
3875         * svg/graphics/filters/SVGFilter.h:
3876         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
3877         * svg/properties/SVGAnimatedPropertyTearOff.h:
3878         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
3879         * svg/properties/SVGMatrixTearOff.h:
3880         * svg/properties/SVGPathSegListPropertyTearOff.h:
3881         * svg/properties/SVGStaticListPropertyTearOff.h:
3882         * svg/properties/SVGStaticPropertyTearOff.h:
3883         * svg/properties/SVGTransformListPropertyTearOff.h:
3884
3885 2016-07-15  Per Arne Vollan  <pvollan@apple.com>
3886
3887         Uninitialized variable in DIBPixelData can cause a dangerous memory write
3888         https://bugs.webkit.org/show_bug.cgi?id=159414
3889
3890         Reviewed by Brent Fulgham.
3891
3892         Initialize local BITMAP variable, in case the ::GetObject function that should initialize it
3893         fails to do so, because the bitmap handle is invalid.
3894
3895         Tests: Tools/TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp
3896
3897         * platform/graphics/win/DIBPixelData.cpp:
3898         (WebCore::DIBPixelData::initialize): Initialize local variable.
3899         (WebCore::DIBPixelData::setRGBABitmapAlpha): Return early if we have no bitmap.
3900         * platform/graphics/win/DIBPixelData.h: Link fix.
3901
3902 2016-07-14  Yoav Weiss  <yoav@yoav.ws>
3903
3904         Change CSSParser::sourceSize returning Optional<CSSParser::SourceSize>
3905         https://bugs.webkit.org/show_bug.cgi?id=159666
3906
3907         Reviewed by Michael Catanzaro.
3908
3909         Tests:
3910             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
3911
3912         * css/CSSGrammar.y.in: Avoid adding SourceSize to source_size_list when the value is a Nullopt.
3913         * css/CSSParser.cpp:
3914         (WebCore::CSSParser::sourceSize): Return a Nullopt when an invalid value is encountered.
3915         * css/CSSParser.h:
3916
3917 2016-07-14  Antonio Gomes  <tonikitoo@igalia.com>
3918
3919         [RTL Scrollbars] Frame scrollbars don't move to the right when text direction changes to RTL
3920         https://bugs.webkit.org/show_bug.cgi?id=158252
3921
3922         Reviewed by Myles C. Maxfield.
3923
3924         When the 'dir' attribute changes either on body or on the document
3925         element level, the associated FrameView does not trigger an update on
3926         the frame level vertical scrollbar.
3927
3928         Patch adds a 'hook' so that RenderBox::styleDidChange can call in
3929         order to get the document level scrollbar placed properly in the next
3930         layout.
3931
3932         Test: fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement.html
3933               fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2.html
3934               fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement.html
3935
3936         * page/FrameView.cpp:
3937         (WebCore::FrameView::topContentDirectionDidChange):
3938         * page/FrameView.h:
3939         * rendering/RenderBox.cpp:
3940         (WebCore::RenderBox::styleDidChange):
3941
3942 2016-07-14  Myles C. Maxfield  <mmaxfield@apple.com>
3943
3944         Support new emoji group candidates
3945         https://bugs.webkit.org/show_bug.cgi?id=159755
3946         <rdar://problem/27325521>
3947
3948         Reviewed by Dean Jackson.
3949
3950         There are a few code points which should be able to be joined (with ZWJ) to
3951         either U+2640 or U+2642 to change the gender of the emoji. These patterns
3952         should also work with an additional 0xFE0F variation selector. This patch
3953         adds these new patterns to our existing emoji group candidate infrastructure.
3954
3955         Tests: fast/text/emoji-gender-2-3.html
3956                fast/text/emoji-gender-2-4.html
3957                fast/text/emoji-gender-2-5.html
3958                fast/text/emoji-gender-2-6.html
3959                fast/text/emoji-gender-2-7.html
3960                fast/text/emoji-gender-2-8.html
3961                fast/text/emoji-gender-2-9.html
3962                fast/text/emoji-gender-2.html
3963                fast/text/emoji-gender-3.html
3964                fast/text/emoji-gender-4.html
3965                fast/text/emoji-gender-5.html
3966                fast/text/emoji-gender-6.html
3967                fast/text/emoji-gender-7.html