The 2 first parameters to DOMImplementation.createDocument() should be mandatory
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-21  Chris Dumez  <cdumez@apple.com>
2
3         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
4         https://bugs.webkit.org/show_bug.cgi?id=160030
5
6         Reviewed by Sam Weinig.
7
8         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
9         as per the specification:
10         - https://dom.spec.whatwg.org/#domimplementation
11
12         Firefox and Chrome both agree with the specification. However, those
13         parameters were marked as optional in WebKit. Calling this function
14         without parameters would create a document element whose tag is the
15         string "undefined", which does not seem helpful. This patch thus
16         aligns our behavior with the specification and other browsers.
17
18         No new tests, rebaselined existing tests.
19
20         * dom/DOMImplementation.idl:
21
22 2016-07-21  Chris Dumez  <cdumez@apple.com>
23
24         Kill legacy valueToStringWithNullCheck() utility function
25         https://bugs.webkit.org/show_bug.cgi?id=159991
26
27         Reviewed by Sam Weinig.
28
29         Kill legacy valueToStringWithNullCheck() utility function. Treating null as
30         a null string is legacy behavior so drop this function so that people are
31         not tempted to use it. We should be using either:
32         1. JSValue::toWTFString() for non-nullable DOMStrings
33         2. valueToStringWithUndefinedOrNullCheck() for nullable DOMStrings
34         3. valueToStringTreatingNullAsEmptyString() for strings with [TreatNullAs=EmptyString]
35
36         No new tests, no web-exposed behavior change.
37
38         * bindings/js/JSDOMBinding.cpp:
39         (WebCore::valueToStringWithNullCheck): Deleted.
40         * bindings/js/JSDOMBinding.h:
41         * bindings/js/JSHTMLFrameElementCustom.cpp:
42         (WebCore::JSHTMLFrameElement::setLocation):
43         * html/HTMLFrameElement.idl:
44
45 2016-07-21  Zalan Bujtas  <zalan@apple.com>
46
47         Do not keep invalid IOSurface in ImageBufferData.
48         https://bugs.webkit.org/show_bug.cgi?id=160005
49         <rdar://problem/27208636>
50
51         Reviewed by Simon Fraser.
52
53         When we fail to initialize the IOSurface for the accelerated context, we switch over to
54         the non-accelerated code path. Since ImageBufferData::surface is used to indicate whether
55         the graphics context is in accelerated mode, we need to reset it when the initialization fails.
56
57         Unable to create a test case.
58
59         * platform/graphics/cg/ImageBufferCG.cpp:
60         (WebCore::ImageBuffer::ImageBuffer):
61
62 2016-07-21  Chris Dumez  <cdumez@apple.com>
63
64         playsInline IDL attribute has the wrong casing
65         https://bugs.webkit.org/show_bug.cgi?id=160029
66         <rdar://problem/27474031>
67
68         Reviewed by Jon Lee.
69
70         Fix case from video.playsinline to video.playsInline in order to match
71         the specification:
72         - https://html.spec.whatwg.org/multipage/embedded-content.html#the-video-element:dom-video-playsinline
73
74         It still reflects the "playsinline" content attribute though, as per
75         the specification:
76         - https://html.spec.whatwg.org/multipage/embedded-content.html#dom-video-playsinline
77
78         No new tests, updated existing test.
79
80         * html/HTMLVideoElement.idl:
81
82 2016-07-21  Chris Dumez  <cdumez@apple.com>
83
84         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
85         https://bugs.webkit.org/show_bug.cgi?id=160026
86
87         Reviewed by Sam Weinig.
88
89         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
90         attribute as it does not match the specification:
91         - https://html.spec.whatwg.org/multipage/scripting.html#canvascompositing
92
93         It does not change web-exposed behavior because assigning to "" or "null"
94         gets ignored as those are not valid operations.
95
96         Test: fast/canvas/context-globalCompositeOperation-null.html
97
98         * html/canvas/CanvasRenderingContext2D.idl:
99
100 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
101
102         [GTK][Threaded Compositor] Overlay scrollbars shouldn't be a requirement of the threaded compositor
103         https://bugs.webkit.org/show_bug.cgi?id=160020
104
105         Reviewed by Michael Catanzaro.
106
107         It has been a requirement only because we didn't really know why frame scrollbars were not rendered when using
108         the threaded compositor. The reason is that RenderView doesn't use layers for FrameView scrollbars by default,
109         unless using overlay scrollbars. When using the threaded compositor we really need layers for the FrameView
110         scrollbars even when not using overlay scrollbars.
111
112         * platform/gtk/ScrollbarThemeGtk.cpp:
113         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk): Stop enforcing overlay scrollbars when threaded compositor is enabled.
114         * rendering/RenderLayerCompositor.cpp:
115         (WebCore::RenderLayerCompositor::shouldCompositeOverflowControls): Always use layers for scrollbars when
116         threaded compositor is enabled.
117
118 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
119
120         [Cairo] Fix a crash in fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
121         https://bugs.webkit.org/show_bug.cgi?id=160014
122
123         Reviewed by Michael Catanzaro.
124
125         In r202887 some null checks were added for JSArray::createUninitialized (and related) but not for the
126         ImageBuffer cairo implementation.
127
128         * platform/graphics/cairo/ImageBufferCairo.cpp:
129         (WebCore::getImageData): Return early if Uint8ClampedArray::createUninitialized() returns nullptr.
130
131 2016-07-21  Miguel Gomez  <magomez@igalia.com>
132
133         [GTK] The GSTREAMER_GL path in MediaPlayerPrivateGStreamerBase::paintToTextureMapper() is missing a mutex lock
134         https://bugs.webkit.org/show_bug.cgi?id=160018
135
136         Reviewed by Philippe Normand.
137
138         Lock the video sample mutex while accessing it.
139
140         Covered by existent tests.
141
142         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
143         (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
144
145 2016-07-21  Miguel Gomez  <magomez@igalia.com>
146
147         [Threaded Compositor] Flickering when zooming in/out in maps.google.com
148         https://bugs.webkit.org/show_bug.cgi?id=154069
149
150         Reviewed by Carlos Garcia Campos.
151
152         Add a new extra buffer to GraphicsContext3D when using the Threaded Compositor,
153         so it doesn't have to reuse the buffers that are still waiting for composition.
154
155         Covered by existing tests.
156
157         * platform/graphics/GraphicsContext3D.h:
158         Add a new texture to use for the rendering. Remove the compositor fbo we were using.
159         * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
160         (WebCore::GraphicsContext3D::GraphicsContext3D):
161         Initialize the new texture and remove the previous fbo related code.
162         (WebCore::GraphicsContext3D::~GraphicsContext3D):
163         Properly destroy the new texture and remove the previous fbo related code.
164         * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
165         (WebCore::GraphicsContext3D::reshapeFBOs):
166         Allocate the new texture and remove the previous fbo allocation.
167         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
168         (WebCore::GraphicsContext3D::prepareTexture):
169         Use a single fbo with three textures instead of two fbos with a texture each.
170         Rotate the three textures usage so:
171         - m_texture becomes m_compositorTexture to be pushed to the compositor.
172         - m_intermediateTexture becomes m_texture to receive the next rendering.
173         - m_compositorTexture becomes m_intermediateTexture.
174         And add a glFlush() to ensure that the gl commands are sent to the pipeline.
175         * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
176         (WebCore::GraphicsContext3D::reshapeFBOs):
177         Allocate the new texture.
178
179 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
180
181         [GTK][Threaded Compositor] Web view background colors don't work
182         https://bugs.webkit.org/show_bug.cgi?id=159465
183
184         Reviewed by Michael Catanzaro.
185
186         * rendering/RenderLayerBacking.cpp:
187         (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): Initialize frame view layer opacity for platforms not
188         using the tiled cache layer.
189
190 2016-07-20  Youenn Fablet  <youenn@apple.com>
191
192         [XHR] Cache response JS object in case of arraybuffer and blob response types
193         https://bugs.webkit.org/show_bug.cgi?id=128903
194
195         Reviewed by Alex Christensen.
196
197         Covered by existing and modified tests.
198
199         Making response getter a JS builtin that caches response in @response private slot.
200         Handling invalidation of cached response with @responseCacheIsValid new private method.
201         Handling creation of cached response with @retrieveResponse new private method which reuses most of
202         JSXMLHttpRequest::response previous code.
203
204         Caching of responses is activated whenever load ended without any error for blob and arraybuffer response types.
205
206         Caching of response for document is also activated in case the response getter is used but not if responseXML getter is used.
207
208         * CMakeLists.txt: Adding XMLHttpRequest.js.
209         * DerivedSources.make: Ditto.
210         * bindings/js/JSXMLHttpRequestCustom.cpp:
211         (WebCore::JSXMLHttpRequest::retrieveResponse): Implements creation of to-be-cached response.
212         (WebCore::JSXMLHttpRequest::response): Deleted.
213         * bindings/js/WebCoreBuiltinNames.h: Adding new private names.
214         * xml/XMLHttpRequest.cpp:
215         (WebCore::XMLHttpRequest::didCacheResponse): Renamed from didCacheResponseJSON as all response types are now cached.
216         (WebCore::XMLHttpRequest::didCacheResponseJSON): Deleted.
217         * xml/XMLHttpRequest.h:
218         * xml/XMLHttpRequest.idl:
219
220 2016-07-20  Youenn Fablet  <youenn@apple.com>
221
222         Remove crossOriginRequestPolicy from ThreadableLoaderOptions
223         https://bugs.webkit.org/show_bug.cgi?id=159417
224
225         Reviewed by Alex Christensen.
226
227         No observable change.
228
229         * Modules/fetch/FetchLoader.cpp:
230         (WebCore::FetchLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
231         * fileapi/FileReaderLoader.cpp:
232         (WebCore::FileReaderLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
233         * inspector/InspectorNetworkAgent.cpp:
234         (WebCore::InspectorNetworkAgent::loadResource): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
235         * loader/DocumentThreadableLoader.cpp:
236         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
237         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest): UseAccessControl -> FetchOptions::Mode::Cors.
238         (WebCore::DocumentThreadableLoader::redirectReceived): Ditto.
239         (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
240         (WebCore::DocumentThreadableLoader::loadRequest): Use NoCors as option passed to ResourceLoader. This allows
241         desactivating ResourceLoader CORS checks as they are done in DocumentThreadableLoader right now. In the future,
242         these checks should be moved to ResourceLoader and DocumentThreadableLoader should directly pass the fetch mode
243         option.
244         (WebCore::DocumentThreadableLoader::isAllowedRedirect): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
245         * loader/ThreadableLoader.cpp:
246         (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing CrossOriginRequestPolicy.
247         * loader/ThreadableLoader.h: Ditto.
248         * loader/WorkerThreadableLoader.cpp:
249         (WebCore::LoaderTaskOptions::LoaderTaskOptions): Ditto.
250         * page/EventSource.cpp:
251         (WebCore::EventSource::connect): UseAccessControl -> FetchOptions::Mode::Cors.
252         * workers/Worker.cpp:
253         (WebCore::Worker::create): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
254         * workers/WorkerGlobalScope.cpp:
255         (WebCore::WorkerGlobalScope::importScripts): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
256         * workers/WorkerScriptLoader.cpp:
257         (WebCore::WorkerScriptLoader::loadSynchronously):
258         (WebCore::WorkerScriptLoader::loadAsynchronously):
259         * workers/WorkerScriptLoader.h:
260         * xml/XMLHttpRequest.cpp:
261         (WebCore::XMLHttpRequest::createRequest):
262
263 2016-07-20  Chris Dumez  <cdumez@apple.com>
264
265         Fix null handling of several Document attributes
266         https://bugs.webkit.org/show_bug.cgi?id=159997
267
268         Reviewed by Ryosuke Niwa.
269
270         Fix null handling of the following Document attributes: title, cookie
271         and domain.
272
273         In WebKit, they were all marked as [TreatNullAs=EmptyString], which
274         does not match the specification:
275         - https://html.spec.whatwg.org/multipage/dom.html#document
276
277         Details for each attribute:
278         - title: null is now treated as the string "null", thus setting the
279           document title to "null". This matches Firefox and Chrome.
280         - cookie: adds a "null" cookie instead of being a no-op. This matches
281                   both Firefox and Chrome.
282         - domain: Calls setDomain(String("null")) instead of
283                   setDomain(String()). This throws an exception because "null"
284                   is not a suffix of the effective domain name. The behavior
285                   is the same in Firefox and Chrome. Previously, we were
286                   already throwing an exception since setting the domain to
287                   the empty string throws, as per the specification.
288
289         Test: http/tests//dom/document-attributes-null-handling.html
290
291         * dom/Document.idl:
292
293 2016-07-20  Commit Queue  <commit-queue@webkit.org>
294
295         Unreviewed, rolling out r203471.
296         https://bugs.webkit.org/show_bug.cgi?id=160003
297
298         many iOS-simulator tests are failing (Requested by litherum on
299         #webkit).
300
301         Reverted changeset:
302
303         "[iPhone] Playing a video on tudou.com plays only sound, no
304         video"
305         https://bugs.webkit.org/show_bug.cgi?id=159967
306         http://trac.webkit.org/changeset/203471
307
308 2016-07-19  Ryosuke Niwa  <rniwa@webkit.org>
309
310         iOS: Cannot paste images in RTF content
311         https://bugs.webkit.org/show_bug.cgi?id=159964
312         <rdar://problem/27442806>
313
314         Reviewed by Enrica Casucci.
315
316         The bug was caused by setDefersLoading(true) not deferring image loading for the parsed fragment.
317         Worked around this bug by disabling image loading while parsing the document fragment.
318
319         * editing/ios/EditorIOS.mm:
320         (WebCore::Editor::createFragmentAndAddResources):
321
322 2016-07-20  Brady Eidson  <beidson@apple.com>
323
324         Address a small FIXME in IDB code.
325         https://bugs.webkit.org/show_bug.cgi?id=159999
326
327         Reviewed by Andy Estes.
328
329         No new tests (No behavior change).
330
331         * Modules/indexeddb/IDBRequest.cpp:
332         (WebCore::IDBRequest::IDBRequest):
333         
334         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
335         (WebCore::IDBResourceIdentifier::IDBResourceIdentifier): Deleted.
336         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
337
338 2016-07-20  Brady Eidson  <beidson@apple.com>
339
340         Remove some "modernFoo"s from IndexedDB code.
341         https://bugs.webkit.org/show_bug.cgi?id=159985
342
343         Reviewed by Andy Estes.
344
345         No new tests (No known behavior change).
346
347         * Modules/indexeddb/IDBCursor.cpp:
348         (WebCore::IDBCursor::IDBCursor):
349         (WebCore::IDBCursor::~IDBCursor):
350         (WebCore::IDBCursor::sourcesDeleted):
351         (WebCore::IDBCursor::effectiveObjectStore):
352         (WebCore::IDBCursor::transaction):
353         (WebCore::IDBCursor::direction):
354         (WebCore::IDBCursor::update):
355         (WebCore::IDBCursor::advance):
356         (WebCore::IDBCursor::continueFunction):
357         (WebCore::IDBCursor::uncheckedIterateCursor):
358         (WebCore::IDBCursor::deleteFunction):
359         (WebCore::IDBCursor::setGetResult):
360         
361         * Modules/indexeddb/IDBIndex.cpp:
362         (WebCore::IDBIndex::IDBIndex):
363         (WebCore::IDBIndex::~IDBIndex):
364         (WebCore::IDBIndex::hasPendingActivity):
365         (WebCore::IDBIndex::name):
366         (WebCore::IDBIndex::objectStore):
367         (WebCore::IDBIndex::keyPath):
368         (WebCore::IDBIndex::unique):
369         (WebCore::IDBIndex::multiEntry):
370         (WebCore::IDBIndex::openCursor):
371         (WebCore::IDBIndex::doCount):
372         (WebCore::IDBIndex::openKeyCursor):
373         (WebCore::IDBIndex::doGet):
374         (WebCore::IDBIndex::doGetKey):
375         (WebCore::IDBIndex::markAsDeleted):
376         * Modules/indexeddb/IDBIndex.h:
377         
378         * Modules/indexeddb/IDBObjectStore.cpp:
379         (WebCore::IDBObjectStore::transaction):
380         (WebCore::IDBObjectStore::deleteFunction): Deleted.
381         (WebCore::IDBObjectStore::modernDelete): Deleted.
382         * Modules/indexeddb/IDBObjectStore.h:
383         
384         * bindings/js/JSIDBIndexCustom.cpp:
385         (WebCore::JSIDBIndex::visitAdditionalChildren):
386
387 2016-07-20  Chris Dumez  <cdumez@apple.com>
388
389         Stop using valueToStringWithNullCheck() in JSCSSStyleDeclaration::putDelegate()
390         https://bugs.webkit.org/show_bug.cgi?id=159982
391
392         Reviewed by Ryosuke Niwa.
393
394         valueToStringWithNullCheck() treats null as the null String() which is
395         legacy / non standard behavior. The specification says we should treat
396         null as the empty string:
397         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
398
399         Therefore, we should be using valueToStringTreatingNullAsEmptyString() instead.
400
401         In practice, there is no web-exposed behavior change because
402         MutableStyleProperties::setProperty() removes the property wether the
403         value is the null String or the empty String.
404
405         This behavior is correct since the specification says that we should
406         remove the property if the value is the empty string:
407         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty (step 4)
408
409         I added test coverage to make sure we behave according to specification.
410         This test is passing in Firefox, Chrome and in WebKit (before and after
411         my change).
412
413         Test: fast/css/CSSStyleDeclaration-property-setter.html
414
415         * bindings/js/JSCSSStyleDeclarationCustom.cpp:
416         (WebCore::JSCSSStyleDeclaration::putDelegate):
417
418 2016-07-20  Chris Dumez  <cdumez@apple.com>
419
420         Fix null handling of HTMLFrameElement.marginWidth / marginHeight
421         https://bugs.webkit.org/show_bug.cgi?id=159987
422
423         Reviewed by Ryosuke Niwa.
424
425         Fix null handling of HTMLFrameElement.marginWidth / marginHeight:
426         - https://html.spec.whatwg.org/multipage/obsolete.html#htmlframeelement
427
428         We are supposed to treat null as the empty string but we treat it as
429         the string "null".
430
431         Firefox and Chrome both match the specification.
432
433         No new tests, updated existing tests.
434
435         * html/HTMLFrameElement.idl:
436
437 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
438
439         Pausing autoplayed media should not remove all restrictions for that media element
440         https://bugs.webkit.org/show_bug.cgi?id=159988
441
442         Reviewed by Jon Lee.
443
444         Localizes the removal of behavior restrictions introduced in r203464 upon pausing an
445         autoplaying video to just affect the hiding or showing of the media controller. This
446         prevents pages from using Javascript to start playing autoplaying videos that have
447         been paused by the user.
448
449         * html/HTMLMediaElement.cpp:
450         (WebCore::HTMLMediaElement::pause):
451
452 2016-07-20  Myles C. Maxfield  <mmaxfield@apple.com>
453
454         [iPhone] Playing a video on tudou.com plays only sound, no video
455         https://bugs.webkit.org/show_bug.cgi?id=159967
456         <rdar://problem/26964090>
457
458         Reviewed by Jon Lee.
459
460         WebKit recently starting honoring the playsinline and webkit-playsinline
461         attribute on iPhones. However, because these attributes previously did
462         nothing, some sites (such as Todou) were setting them on their content
463         and expecting that they are not honored. In this specific case, the
464         video is absolutely positioned to be 1 pixel x 1 pixel.
465
466         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
467         property on their WKWebView, which would honor the webkit-playsinline
468         attribute. Safari on iPhones didn't do this.
469
470         In order to not break these existing apps, it's important that the
471         allowsInlineMediaPlayback preference still allows webkit-playsinline
472         videos to play inline in apps using WKWebView. However, in Safari, these
473         videos should play fullscreen. (Todou videos have webkit-playsinline
474         but not playsinline.)
475
476         Therefore, in Safari, videos with playsinline should be inline, but
477         videos with webkit-playsinline should be fullscreen. In apps using
478         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
479         playsinline should be inline, and videos with webkit-playsinline should
480         also be inline. Videos on iPad and Mac should all be inline by default.
481
482         We can create some truth tables for the cases which need to be covered:
483
484         All apps on Mac / iPad:
485         Presence of playsinline | Presence of webkit-playsinline | Result
486         ========================|================================|===========
487         Not present             | Not present                    | Inline
488         Present                 | Not present                    | Inline
489         Not Present             | Present                        | Inline
490         Present                 | Present                        | Inline
491
492         Safari on iPhone:
493         Presence of playsinline | Presence of webkit-playsinline | Result
494         ========================|================================|===========
495         Not present             | Not present                    | Fullscreen
496         Present                 | Not present                    | Inline
497         Not Present             | Present                        | Fullscreen
498         Present                 | Present                        | Inline
499
500         App on iPhone which sets allowsInlineMediaPlayback:
501         Presence of playsinline | Presence of webkit-playsinline | Result
502         ========================|================================|===========
503         Not present             | Not present                    | Fullscreen
504         Present                 | Not present                    | Inline
505         Not Present             | Present                        | Inline
506         Present                 | Present                        | Inline
507
508         The way to distinguish Safari from another app is to create an SPI
509         boolean preference which Safari can set. This is already how the
510         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
511         which Safari sets but other apps don't. However, this preference is
512         no longer sufficient because Safari should now be discriminating
513         between the playsinline and webkit-playsinline attributes. Therefore,
514         this preference should be extended to two boolean preferences, which
515         this patch adds:
516
517         allowsInlineMediaPlaybackWithPlaysInlineAttribute
518         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
519
520         Safari on iPhone will set
521         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
522         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
523         false. Other apps on iPhone will get their defaults values (because they
524         are SPI) which means they will both be true. On iPad and Mac, apps will
525         use the defaults values where both are false.
526
527         This patch adds support for these two preferences, but does not remove
528         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
529         I will remove the exising preference as soon as I update Safari to migrate
530         off of it.
531
532         Test: media/video-playsinline.html
533
534         * html/MediaElementSession.cpp:
535         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
536         * page/Settings.cpp:
537         * page/Settings.in:
538         * testing/InternalSettings.cpp:
539         (WebCore::InternalSettings::Backup::Backup):
540         (WebCore::InternalSettings::Backup::restoreTo):
541         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
542         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
543         * testing/InternalSettings.h:
544         * testing/InternalSettings.idl:
545
546 2016-07-20  Chris Dumez  <cdumez@apple.com>
547
548         Get rid of custom bindings code for XMLHttpRequest.open()
549         https://bugs.webkit.org/show_bug.cgi?id=159984
550
551         Reviewed by Ryosuke Niwa.
552
553         Get rid of custom bindings code for XMLHttpRequest.open() as the
554         bindings generator is able to generate it.
555
556         Relevant specification:
557         - https://xhr.spec.whatwg.org/#xmlhttprequest
558
559         The issue is that legacy content prevents treating the 'async' argument
560         being undefined identical from it being omitted. However, this can be
561         achieved by using overloading in IDL, like in the specification.
562
563         No new tests, already covered by the following tests:
564         - http/tests/xmlhttprequest/basic-auth.html
565         - http/tests/xmlhttprequest/open-async-overload.html
566
567         * bindings/js/JSXMLHttpRequestCustom.cpp:
568         (WebCore::SendFunctor::SendFunctor): Deleted.
569         (WebCore::SendFunctor::line): Deleted.
570         (WebCore::SendFunctor::column): Deleted.
571         (WebCore::SendFunctor::url): Deleted.
572         (WebCore::SendFunctor::operator()): Deleted.
573         * xml/XMLHttpRequest.cpp:
574         (WebCore::XMLHttpRequest::open):
575         * xml/XMLHttpRequest.h:
576         * xml/XMLHttpRequest.idl:
577
578 2016-07-20  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
579
580         Mark overriden methods in WebCore/svg final classes as final
581         https://bugs.webkit.org/show_bug.cgi?id=159966
582
583         Reviewed by Michael Catanzaro.
584
585         Update WebCore/svg classes so that overriden methods in final classes are marked final.
586
587         * svg/SVGAElement.h:
588         * svg/SVGAltGlyphDefElement.h:
589         * svg/SVGAltGlyphItemElement.h:
590         * svg/SVGAnimateTransformElement.h:
591         * svg/SVGAnimatedColor.h:
592         * svg/SVGCircleElement.h:
593         * svg/SVGClipPathElement.h:
594         * svg/SVGCursorElement.h:
595         * svg/SVGDefsElement.h:
596         * svg/SVGDescElement.h:
597         * svg/SVGEllipseElement.h:
598         * svg/SVGFEMergeNodeElement.h:
599         * svg/SVGFilterElement.h:
600         * svg/SVGFontElement.h:
601         * svg/SVGFontFaceElement.h:
602         * svg/SVGFontFaceFormatElement.h:
603         * svg/SVGFontFaceNameElement.h:
604         * svg/SVGFontFaceSrcElement.h:
605         * svg/SVGFontFaceUriElement.h:
606         * svg/SVGForeignObjectElement.h:
607         * svg/SVGGElement.h:
608         * svg/SVGGlyphElement.h:
609         * svg/SVGGlyphRefElement.h:
610         * svg/SVGHKernElement.h:
611         * svg/SVGImageElement.h:
612         * svg/SVGLineElement.h:
613         * svg/SVGMPathElement.h:
614         * svg/SVGMaskElement.h:
615         * svg/SVGMetadataElement.h:
616         * svg/SVGMissingGlyphElement.h:
617         * svg/SVGPathBuilder.h:
618         * svg/SVGPathByteStreamBuilder.h:
619         * svg/SVGPathByteStreamSource.h:
620         * svg/SVGPathElement.h:
621         * svg/SVGPathSegArcAbs.h:
622         * svg/SVGPathSegArcRel.h:
623         * svg/SVGPathSegClosePath.h:
624         * svg/SVGPathSegCurvetoCubicAbs.h:
625         * svg/SVGPathSegCurvetoCubicRel.h:
626         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
627         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
628         * svg/SVGPathSegCurvetoQuadraticAbs.h:
629         * svg/SVGPathSegCurvetoQuadraticRel.h:
630         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
631         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
632         * svg/SVGPathSegLinetoAbs.h:
633         * svg/SVGPathSegLinetoHorizontalAbs.h:
634         * svg/SVGPathSegLinetoHorizontalRel.h:
635         * svg/SVGPathSegLinetoRel.h:
636         * svg/SVGPathSegLinetoVerticalAbs.h:
637         * svg/SVGPathSegLinetoVerticalRel.h:
638         * svg/SVGPathSegListBuilder.h:
639         * svg/SVGPathSegListSource.h:
640         * svg/SVGPathSegMovetoAbs.h:
641         * svg/SVGPathSegMovetoRel.h:
642         * svg/SVGPathStringSource.h:
643         * svg/SVGPathTraversalStateBuilder.h:
644         * svg/SVGPatternElement.h:
645         * svg/SVGRectElement.h:
646         * svg/SVGScriptElement.h:
647         * svg/SVGStopElement.h:
648         * svg/SVGStyleElement.h:
649         * svg/SVGSwitchElement.h:
650         * svg/SVGTRefElement.cpp:
651         * svg/SVGTitleElement.h:
652         * svg/SVGToOTFFontConversion.cpp:
653         * svg/SVGUnknownElement.h:
654         * svg/SVGVKernElement.h:
655         * svg/SVGViewElement.h:
656         * svg/SVGZoomEvent.h:
657         * svg/animation/SVGSMILElement.cpp:
658         * svg/graphics/SVGImage.h:
659         * svg/graphics/SVGImageClients.h:
660         * svg/graphics/SVGImageForContainer.h:
661         * svg/graphics/filters/SVGFEImage.h:
662         * svg/graphics/filters/SVGFilter.h:
663         * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
664         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
665         * svg/properties/SVGAnimatedPropertyTearOff.h:
666         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
667         * svg/properties/SVGMatrixTearOff.h:
668         * svg/properties/SVGPathSegListPropertyTearOff.h:
669
670 2016-07-20  Brady Eidson  <beidson@apple.com>
671
672         Transition most IDB interfaces from ScriptExecutionContext to ExecState.
673         https://bugs.webkit.org/show_bug.cgi?id=159975
674
675         Reviewed by Alex Christensen.
676
677         No new tests (No known behavior change).
678
679         * Modules/indexeddb/IDBCursor.cpp:
680         (WebCore::IDBCursor::continueFunction):
681         (WebCore::IDBCursor::deleteFunction):
682         * Modules/indexeddb/IDBCursor.h:
683         * Modules/indexeddb/IDBCursor.idl:
684
685         * Modules/indexeddb/IDBDatabase.idl:
686
687         * Modules/indexeddb/IDBFactory.cpp:
688         (WebCore::IDBFactory::cmp):
689         * Modules/indexeddb/IDBFactory.h:
690         * Modules/indexeddb/IDBFactory.idl:
691
692         * Modules/indexeddb/IDBIndex.cpp:
693         (WebCore::IDBIndex::openCursor):
694         (WebCore::IDBIndex::count):
695         (WebCore::IDBIndex::doCount):
696         (WebCore::IDBIndex::openKeyCursor):
697         (WebCore::IDBIndex::get):
698         (WebCore::IDBIndex::doGet):
699         (WebCore::IDBIndex::getKey):
700         (WebCore::IDBIndex::doGetKey):
701         * Modules/indexeddb/IDBIndex.h:
702         * Modules/indexeddb/IDBIndex.idl:
703
704         * Modules/indexeddb/IDBKeyRange.cpp:
705         (WebCore::IDBKeyRange::only): Deleted.
706         * Modules/indexeddb/IDBKeyRange.h:
707
708         * Modules/indexeddb/IDBObjectStore.cpp:
709         (WebCore::IDBObjectStore::openCursor):
710         (WebCore::IDBObjectStore::get):
711         (WebCore::IDBObjectStore::putOrAdd):
712         (WebCore::IDBObjectStore::deleteFunction):
713         (WebCore::IDBObjectStore::doDelete):
714         (WebCore::IDBObjectStore::modernDelete):
715         (WebCore::IDBObjectStore::clear):
716         (WebCore::IDBObjectStore::createIndex):
717         (WebCore::IDBObjectStore::count):
718         (WebCore::IDBObjectStore::doCount):
719         * Modules/indexeddb/IDBObjectStore.h:
720         * Modules/indexeddb/IDBObjectStore.idl:
721
722         * Modules/indexeddb/IDBTransaction.cpp:
723         (WebCore::IDBTransaction::requestOpenCursor):
724         (WebCore::IDBTransaction::doRequestOpenCursor):
725         (WebCore::IDBTransaction::requestGetRecord):
726         (WebCore::IDBTransaction::requestGetValue):
727         (WebCore::IDBTransaction::requestGetKey):
728         (WebCore::IDBTransaction::requestIndexRecord):
729         (WebCore::IDBTransaction::requestCount):
730         (WebCore::IDBTransaction::requestDeleteRecord):
731         (WebCore::IDBTransaction::requestClearObjectStore):
732         (WebCore::IDBTransaction::requestPutOrAdd):
733         * Modules/indexeddb/IDBTransaction.h:
734
735         * inspector/InspectorIndexedDBAgent.cpp:
736
737 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
738
739         Media controls don't appear when pausing a small autoplaying video
740         https://bugs.webkit.org/show_bug.cgi?id=159972
741         <rdar://problem/27180657>
742
743         Reviewed by Beth Dakin.
744
745         When pausing an autoplaying video, remove behavior restrictions for the
746         initial user gesture and show media controls.
747
748         New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.
749
750         * html/HTMLMediaElement.cpp:
751         (WebCore::HTMLMediaElement::pause):
752
753 2016-07-20  Chris Dumez  <cdumez@apple.com>
754
755         Fix null handling of HTMLMediaElement.mediaGroup
756         https://bugs.webkit.org/show_bug.cgi?id=159974
757
758         Reviewed by Eric Carlson.
759
760         Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
761         - https://www.w3.org/TR/html5/embedded-content-0.html#media-elements
762
763         null is supposed to be treated as the String "null". This patch aligns
764         our behavior with the specification. I tested Firefox and Chrome but both
765         do not have this attribute on HTMLMediaElement.
766
767         Also remove support for [TreatNullAs=LegacyNullString] from our bindings
768         generator as HTMLMediaElement.mediaGroup was the last user.
769
770         No new tests, rebaselined existing test.
771
772         * bindings/scripts/CodeGeneratorJS.pm:
773         (JSValueToNative):
774         * bindings/scripts/IDLAttributes.txt:
775         * html/HTMLMediaElement.idl:
776
777 2016-07-20  Chris Dumez  <cdumez@apple.com>
778
779         CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
780         https://bugs.webkit.org/show_bug.cgi?id=159959
781
782         Reviewed by Alexey Proskuryakov.
783
784         CSSStyleDeclaration.setProperty() should be able to unsert "important"
785         on a property as per the latest specification:
786         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
787         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
788
789         Firefox and Chrome match the specification here but WebKit was ignoring calls
790         to setProperty() if there is already an "important" property wit this name
791         and if the new property does not have the "important" flag set.
792
793         This behavior was added a long time ago via Bug 60007. However, it does not
794         match the latest specification or other browsers.
795
796         Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html
797
798         * css/StyleProperties.cpp:
799         (WebCore::MutableStyleProperties::addParsedProperty):
800         Drop code that was added via Bug 60007 as this behavior no longer matches the
801         specification or other browsers. The layout test added in Bug 60007 fails in
802         other browsers and was updated in this patch to match the specification.
803
804 2016-07-20  Commit Queue  <commit-queue@webkit.org>
805
806         Unreviewed, rolling out r203423.
807         https://bugs.webkit.org/show_bug.cgi?id=159977
808
809         The test for this change is failing on Mac Release WK2
810         (Requested by ryanhaddad on #webkit).
811
812         Reverted changeset:
813
814         "HTMLVideoElement frames do not update on iOS when src is a
815         MediaStream blob"
816         https://bugs.webkit.org/show_bug.cgi?id=159833
817         http://trac.webkit.org/changeset/203423
818
819 2016-07-20  Chris Dumez  <cdumez@apple.com>
820
821         Fix null handling of HTMLSelectElement.value attribute
822         https://bugs.webkit.org/show_bug.cgi?id=159925
823
824         Reviewed by Benjamin Poulain.
825
826         Fix null handling of HTMLSelectElement.value attribute:
827         - https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement
828
829         We were treating null as the null String which would end up setting
830         selectedIndex to -1. However, we should treat null as the String "null"
831         which would set the selectedIndex to the index of the <option> element
832         whose value is "null".
833
834         Firefox and Chrome match the specification.
835
836         Test: fast/dom/HTMLSelectElement/value-null-handling.html
837
838         * html/HTMLSelectElement.cpp:
839         (WebCore::HTMLSelectElement::setValue):
840         * html/HTMLSelectElement.idl:
841
842 2016-07-20  Chris Dumez  <cdumez@apple.com>
843
844         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
845         https://bugs.webkit.org/show_bug.cgi?id=159962
846         <rdar://problem/21439264>
847
848         Reviewed by David Kilzer.
849
850         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
851         is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
852         call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
853         However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
854         other. It is therefore possible for a PostResolutionCallbackDisabler object to get
855         destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
856         ResourceLoadSuspender object is alive.
857
858         This leads to hard to investigate crashes where we end up re-entering WebKit and killing
859         the style resolver.
860
861         This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
862         There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
863         is better because it manages a resolutionNestingDepth counter internally to make sure
864         it only calls LoaderStrategy::resumePendingRequests() once all
865         PostResolutionCallbackDisabler instances are destroyed.
866
867         No new tests, there is no easy way to reproduce the crashes.
868
869         * dom/Document.cpp:
870         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
871         * loader/LoaderStrategy.cpp:
872         (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
873         (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
874         * loader/LoaderStrategy.h:
875
876 2016-07-19  Youenn Fablet  <youenn@apple.com>
877
878         [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
879         https://bugs.webkit.org/show_bug.cgi?id=159932
880
881         Reviewed by Alex Christensen.
882
883         Covered by existing tests.
884
885         Refactoring Headers initializeWith to use the new built-in internal that implements
886         https://fetch.spec.whatwg.org/#concept-headers-fill.
887
888         Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
889         Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.
890
891         * CMakeLists.txt: Adding FetchHeadersInternals.js
892         * DerivedSources.make: Ditto.
893         * Modules/fetch/FetchHeaders.js:
894         (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
895         * Modules/fetch/FetchInternals.js: Added.
896         (fillFetchHeaders):
897         * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
898         that the checks are done in the order defined by the spec.
899         (WebCore::FetchResponse::setStatus):
900         (WebCore::FetchResponse::initializeWith):
901         (WebCore::isNullBodyStatus): Deleted.
902         * Modules/fetch/FetchResponse.h:
903         * Modules/fetch/FetchResponse.idl:
904         * Modules/fetch/FetchResponse.js:
905         (initializeFetchResponse): New built-in internal.
906         * WebCore.xcodeproj/project.pbxproj:
907         * bindings/js/WebCoreBuiltinNames.h:
908
909 2016-07-19  Chris Dumez  <cdumez@apple.com>
910
911         Fix null handling of SVGScriptElement.type attribute
912         https://bugs.webkit.org/show_bug.cgi?id=159927
913
914         Reviewed by Benjamin Poulain.
915
916         Fix null handling of SVGScriptElement.type attribute:
917         - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement
918
919         We were treating null as the null String which would end up removing
920         the 'type' content attribute. However, we should treat null as the
921         String "null".
922
923         Firefox and Chrome match the specification.
924
925         No new tests, updated existing test.
926
927         * svg/SVGScriptElement.idl:
928
929 2016-07-19  Chris Dumez  <cdumez@apple.com>
930
931         Fix null handling of several HTMLDocument attributes
932         https://bugs.webkit.org/show_bug.cgi?id=159923
933
934         Reviewed by Benjamin Poulain.
935
936         Fix null handling of several HTMLDocument attributes:
937         - https://html.spec.whatwg.org/multipage/dom.html#document
938         - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial
939
940         In particular, null handling was incorrect in WebKit for 'dir',
941         'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.
942
943         Firefox and Chrome match the specification.
944
945         Test: fast/dom/HTMLDocument/null-handling.html
946
947         * html/HTMLDocument.idl:
948
949 2016-07-19  Chris Dumez  <cdumez@apple.com>
950
951         Document.createElementNS() / createAttributeNS() parameters should be mandatory
952         https://bugs.webkit.org/show_bug.cgi?id=159938
953
954         Reviewed by Benjamin Poulain.
955
956         Document.createElementNS() / createAttributeNS() parameters should be mandatory:
957         - https://dom.spec.whatwg.org/#document
958
959         They were optional in WebKit. However, Firefox and Chrome both match the
960         specification.
961
962         No new tests, rebaselined existing tests.
963
964         * dom/Document.idl:
965
966 2016-07-19  Benjamin Poulain  <bpoulain@apple.com>
967
968         Use getElementById for attribute matching if the attribute name is html's id
969         https://bugs.webkit.org/show_bug.cgi?id=159960
970
971         Reviewed by Chris Dumez.
972
973         Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
974         (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).
975
976         If we are not in quirks mode, IdForStyleResolution has the same value
977         as the Id attribute. We can use the same optimization for both cases.
978
979         Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
980                fast/selectors/id-attribute-querySelector-used-as-id-selector.html
981
982         * dom/SelectorQuery.cpp:
983         (WebCore::canBeUsedForIdFastPath):
984         (WebCore::findIdMatchingType):
985         (WebCore::SelectorDataList::SelectorDataList):
986         (WebCore::selectorForIdLookup):
987         (WebCore::filterRootById):
988
989 2016-07-19  Chris Dumez  <cdumez@apple.com>
990
991         Drop SVGElement.xmlbase attribute
992         https://bugs.webkit.org/show_bug.cgi?id=159926
993
994         Reviewed by Benjamin Poulain.
995
996         Drop SVGElement.xmlbase attribute as it is no longer part of the
997         specification:
998         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
999
1000         Both Firefox and Chrome have already dropped support for
1001         SVGElement.xmlbase.
1002
1003         Chrome's intent to remove:
1004         https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ
1005
1006         Test: svg/dom/SVGElement-xmlbase.html
1007
1008         * svg/SVGElement.cpp:
1009         (WebCore::SVGElement::removedFrom): Deleted.
1010         * svg/SVGElement.h:
1011         * svg/SVGElement.idl:
1012
1013 2016-07-19  Chris Dumez  <cdumez@apple.com>
1014
1015         Align CSSStyleDeclaration.setProperty() with the specification
1016         https://bugs.webkit.org/show_bug.cgi?id=159955
1017
1018         Reviewed by Benjamin Poulain.
1019
1020         Align CSSStyleDeclaration.setProperty() with the specification:
1021         - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface
1022
1023         In particular, the following changes were needed:
1024         1. The 'value' parameter should not be optional
1025         2. The 'priority' parameter should treat null as the empty string
1026            rather than the string "null".
1027         3. The 'priority' parameter's default value should be the empty string,
1028            not the string "undefined".
1029         4. CSSStyleDeclaration.setProperty() should return early if 'priority'
1030            is not the empty string and is not an ASCII case-insensitive match
1031            for the string "important".
1032
1033         Chrome matches the specification entirely.
1034         Firefox matches the specification with the exception that it does a
1035         case-sensitive match for "important".
1036
1037         Test: fast/css/CSSStyleDeclaration-setProperty.html
1038
1039         * css/CSSStyleDeclaration.idl:
1040         * css/PropertySetCSSStyleDeclaration.cpp:
1041         (WebCore::PropertySetCSSStyleDeclaration::setProperty):
1042
1043 2016-07-19  Daniel Bates  <dabates@apple.com>
1044
1045         CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
1046         https://bugs.webkit.org/show_bug.cgi?id=159841
1047         <rdar://problem/27381684>
1048
1049         Reviewed by Brent Fulgham.
1050
1051         Implement a first pass at sending multiple violation reports so as to more closely
1052         conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
1053         <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).
1054
1055         Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
1056                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
1057                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
1058                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1059                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1060                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
1061                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
1062                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
1063                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
1064                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1065                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1066                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
1067                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
1068                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
1069                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
1070                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1071                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1072                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
1073                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
1074                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
1075                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
1076                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1077                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1078                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
1079                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
1080                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html
1081
1082         * page/csp/ContentSecurityPolicy.cpp:
1083         (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
1084         is allowed by all of the policies with the specified disposition.
1085         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
1086         all of the enforced policies.
1087         (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
1088         Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
1089         so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
1090         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
1091         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
1092         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
1093         all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
1094         nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
1095         address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
1096         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
1097         (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
1098         matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
1099         report-only policies so that we only allow the resource for the former. As a side effect of this change
1100         we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
1101         for more details.
1102         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
1103         (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
1104         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
1105         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
1106         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
1107         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
1108         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
1109         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
1110         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
1111         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
1112         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
1113         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
1114         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
1115         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
1116         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
1117         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
1118         * page/csp/ContentSecurityPolicy.h:
1119         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.
1120
1121 2016-07-19  Chris Dumez  <cdumez@apple.com>
1122
1123         Fix null handling of HTMLScriptElement.text attribute
1124         https://bugs.webkit.org/show_bug.cgi?id=159943
1125
1126         Reviewed by Benjamin Poulain.
1127
1128         Fix null handling of HTMLScriptElement.text attribute:
1129         - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
1130
1131         We should treat null as the "null" String but we were treating it as
1132         the empty string.
1133
1134         Firefox and Chrome match the specification.
1135
1136         No new tests, rebaselined existing test.
1137
1138         * html/HTMLScriptElement.idl:
1139
1140 2016-07-19  Chris Dumez  <cdumez@apple.com>
1141
1142         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
1143         https://bugs.webkit.org/show_bug.cgi?id=159934
1144
1145         Reviewed by Benjamin Poulain.
1146
1147         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
1148         non-standard and we want to drop support for it from the bindings generator.
1149
1150         Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
1151         given that both a missing/empty attribute result in using the default
1152         autocapitalization mode and that autocapitalize returns the empty string by
1153         default.
1154
1155         Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html
1156
1157         * html/HTMLFormElement.idl:
1158         * html/HTMLInputElement.idl:
1159         * html/HTMLTextAreaElement.idl:
1160
1161 2016-07-19  Zalan Bujtas  <zalan@apple.com>
1162
1163         REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
1164         https://bugs.webkit.org/show_bug.cgi?id=159952
1165
1166         Reviewed by Simon Fraser.
1167
1168         Update ASSERTs to reflect new functionality, that is, now we can end up in a state
1169         where the container (RenderView) of one of the dirty subtrees is dirty.
1170         See r203415.
1171  
1172         Covered by editing/pasteboard/drag-drop-input-in-svg.svg
1173
1174         * page/FrameView.cpp:
1175         (WebCore::FrameView::scheduleRelayoutOfSubtree):
1176
1177 2016-07-19  Dean Jackson  <dino@apple.com>
1178
1179         REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
1180         https://bugs.webkit.org/show_bug.cgi?id=159948
1181         <rdar://problem/27391012>
1182
1183         Reviewed by Simon Fraser.
1184
1185         There is an iOS bug (<rdar://problem/27416744>) that is causing us
1186         to not always get a color space on CGContextRefs. Investigation of this
1187         exposed some optimizations we can take when we are creating ImageBuffers.
1188         In particular, if we have a bitmap context or an IOSurfaceContext we
1189         can simply copy their color space using API. Otherwise we stick with
1190         the existing CGContextCopyDeviceColorSpace.
1191
1192         Lastly, if for some reason we are unable to copy the device color space,
1193         we should fall back to sRGB.
1194
1195         * platform/graphics/cg/ImageBufferCG.cpp:
1196         (WebCore::ImageBuffer::createCompatibleBuffer):
1197         * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.
1198
1199
1200 2016-07-19  George Ruan  <gruan@apple.com>
1201
1202         HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
1203         https://bugs.webkit.org/show_bug.cgi?id=159833
1204         <rdar://problem/27379487>
1205
1206         Reviewed by Eric Carlson.
1207
1208         Test: fast/mediastream/MediaStream-video-element-displays-buffer.html
1209
1210         * WebCore.xcodeproj/project.pbxproj:
1211         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
1212         of RefPtr<T>
1213         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
1214         MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
1215         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
1216         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
1217         observers and AVSampleBufferDisplayLayer
1218         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
1219         is available.
1220         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
1221         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
1222         for enqueuing sample buffers to the active video track.
1223         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
1224         exists.
1225         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
1226         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
1227         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
1228         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
1229         new SampleBuffer is available.
1230         (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
1231         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
1232         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
1233         MediaPlayerPrivateMediaSourceAVFObjC.mm
1234         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
1235         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
1236         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
1237         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
1238         * platform/mediastream/MediaStreamPrivate.cpp:
1239         (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
1240         * platform/mediastream/MediaStreamTrackPrivate.cpp:
1241         (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
1242         is available.
1243         * platform/mediastream/MediaStreamTrackPrivate.h:
1244         (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
1245         a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
1246         * platform/mediastream/RealtimeMediaSource.cpp:
1247         (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
1248         * platform/mediastream/RealtimeMediaSource.h:
1249         * platform/mediastream/mac/AVVideoCaptureSource.mm:
1250         (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.
1251
1252 2016-07-19  Anders Carlsson  <andersca@apple.com>
1253
1254         Get rid of a #define private public hack in WebCore
1255         https://bugs.webkit.org/show_bug.cgi?id=159953
1256
1257         Reviewed by Dan Bernstein.
1258
1259         Use @package instead.
1260
1261         * bindings/objc/DOMInternal.h:
1262         * bindings/objc/DOMObject.h:
1263
1264 2016-07-19  Andreas Kling  <akling@apple.com>
1265
1266         Fix SharedBuffer leak in MockContentFilter::replacementData().
1267         <https://webkit.org/b/159945>
1268
1269         Reviewed by Andy Estes.
1270
1271         Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
1272         Since this is in the mock filter, it only affected layout tests.
1273
1274         * testing/MockContentFilter.cpp:
1275         (WebCore::MockContentFilter::replacementData):
1276
1277 2016-07-19  Zalan Bujtas  <zalan@apple.com>
1278
1279         theguardian.co.uk crossword puzzles are sometimes not displaying text
1280         https://bugs.webkit.org/show_bug.cgi?id=159924
1281         <rdar://problem/27409483>
1282
1283         Reviewed by Simon Fraser.
1284
1285         This patch fixes the case when
1286         - 2 disjoint subtrees are dirty
1287         - RenderView is also dirty.
1288         and we end up not laying out one of the 2 subtrees.
1289
1290         In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
1291         we already have a pending full layout which means that any previous subtree layouts have already been
1292         converted to full layouts.
1293         However this assumption is incorrect. RenderView can get dirty without checking if there's
1294         already a pending subtree layout.
1295         One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
1296         so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
1297         However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
1298         The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
1299         This patch implements the second option.
1300
1301         Test: fast/misc/subtree-layouts.html
1302
1303         * page/FrameView.cpp:
1304         (WebCore::FrameView::scheduleRelayoutOfSubtree):
1305
1306 2016-07-19  Anders Carlsson  <andersca@apple.com>
1307
1308         Some payment authorization status values should keep the sheet active
1309         https://bugs.webkit.org/show_bug.cgi?id=159936
1310         rdar://problem/26756701
1311
1312         Reviewed by Tim Horton.
1313
1314         * Modules/applepay/ApplePaySession.cpp:
1315         (WebCore::ApplePaySession::completePayment):
1316         Keep the sheet active if the status isn't a final state status.
1317
1318         * Modules/applepay/PaymentAuthorizationStatus.h:
1319         (WebCore::isFinalStateStatus):
1320         Add a new helper function that returns whether a given payment authorization status is "final",
1321         meaning that once that status has been passed to completePayment, the session is finished.
1322
1323 2016-07-19  Nan Wang  <n_wang@apple.com>
1324
1325         AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
1326         https://bugs.webkit.org/show_bug.cgi?id=159910
1327
1328         Reviewed by Chris Fleizach.
1329
1330         We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
1331         option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
1332         fixed a word navigation issue based on that.
1333
1334         Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html
1335
1336         * accessibility/AXObjectCache.cpp:
1337         (WebCore::AXObjectCache::traverseToOffsetInRange):
1338         (WebCore::AXObjectCache::rangeForNodeContents):
1339         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
1340         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
1341         (WebCore::AXObjectCache::rightWordRange):
1342         (WebCore::AXObjectCache::previousBoundary):
1343         * accessibility/AXObjectCache.h:
1344         (WebCore::AXObjectCache::isNodeInUse):
1345
1346 2016-07-19  Youenn Fablet  <youenn@apple.com>
1347
1348         [Streams API] ReadableStreamController methods should throw if its stream is not readable
1349         https://bugs.webkit.org/show_bug.cgi?id=159871
1350
1351         Reviewed by Xabier Rodriguez-Calvar.
1352
1353         Spec now mandates close and enqueue to throw if ReadableStream is not readable.
1354         Covered by rebased and/or modified tests.
1355
1356         * Modules/streams/ReadableStreamController.js:
1357         (enqueue): Throwing a TypeError if controlled stream is not readable.
1358         (close): Ditto.
1359
1360 2016-07-19  Simon Fraser  <simon.fraser@apple.com>
1361
1362         Bubbles appear split for a brief moment in Messages
1363         https://bugs.webkit.org/show_bug.cgi?id=159915
1364         rdar://problem/27182267
1365
1366         Reviewed by David Hyatt.
1367
1368         RenderView::repaintRootContents() had a long-standing bug in WebView when the
1369         view is scrolled. repaint() uses visualOverflowRect() but, for the 
1370         RenderView, the visualOverflowRect() is the initial containing block
1371         which is anchored at 0,0. When the view is scrolled it's clipped out and
1372         calls to repaintRootContents() have no effect.
1373         
1374         Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
1375         will clip it to the view if necessary.
1376
1377         Test: fast/repaint/scrolled-view-full-repaint.html
1378
1379         * rendering/RenderView.cpp:
1380         (WebCore::RenderView::repaintRootContents):
1381
1382 2016-07-19  Dan Bernstein  <mitz@apple.com>
1383
1384         <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'
1385
1386         * bindings/js/JSDOMGlobalObject.cpp:
1387         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.
1388
1389 2016-07-19  Youenn Fablet  <youenn@apple.com>
1390
1391         [Streams API] Make ReadableStream properties not enumerable
1392         https://bugs.webkit.org/show_bug.cgi?id=159868
1393
1394         Reviewed by Darin Adler.
1395
1396         Covered by rebased tests.
1397
1398         Uopdating IDL definitions to mark all functions/attributes as not enumerable.
1399         Updating IDL constructor definitions to correctly compute constructor length.
1400         Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).
1401
1402         * Modules/streams/ReadableStream.idl:
1403         * Modules/streams/ReadableStream.js:
1404         * Modules/streams/ReadableStreamController.idl:
1405         * Modules/streams/ReadableStreamReader.idl:
1406
1407 2016-07-19  Chris Dumez  <cdumez@apple.com>
1408
1409         form.enctype / encoding / method should treat null as "null" string
1410         https://bugs.webkit.org/show_bug.cgi?id=159916
1411
1412         Reviewed by Ryosuke Niwa.
1413
1414         form.enctype / encoding / method should treat null as "null" string:
1415         - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
1416
1417         Previously, WebKit would treat null as the null String, which would
1418         end up removing the existing attribute.
1419
1420         Firefox and Chrome match the specification.
1421
1422         Test: fast/dom/HTMLFormElement/null-handling.html
1423
1424         * html/HTMLFormElement.h:
1425         * html/HTMLFormElement.idl:
1426
1427 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
1428
1429         All-in-one buildfix after r202439
1430         https://bugs.webkit.org/show_bug.cgi?id=159877
1431
1432         Reviewed by Chris Dumez.
1433
1434         * Modules/webaudio/AudioDestinationNode.h:
1435         (WebCore::AudioDestinationNode::resume):
1436         (WebCore::AudioDestinationNode::suspend):
1437         (WebCore::AudioDestinationNode::close):
1438
1439 2016-07-18  Frederic Wang  <fwang@igalia.com>
1440
1441         Move parsing of subscriptshift and superscriptshift from rendering to element classes
1442         https://bugs.webkit.org/show_bug.cgi?id=159622
1443
1444         Reviewed by Darin Adler.
1445
1446         We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
1447         mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
1448         subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
1449         attribute parsing to the DOM (bug 156536).
1450
1451         No new tests, rendering is unchanged.
1452
1453         * CMakeLists.txt: Add MathMLScriptsElement files.
1454         * WebCore.xcodeproj/project.pbxproj: Ditto.
1455         * mathml/MathMLAllInOne.cpp: Ditto.
1456         * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
1457         (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
1458         * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
1459         parsing for the subscriptshift and superscriptshift MathML lengths.
1460         (WebCore::MathMLScriptsElement::MathMLScriptsElement):
1461         (WebCore::MathMLScriptsElement::create):
1462         (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
1463         parsing the attribute again if necessary.
1464         (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
1465         (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
1466         (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
1467         * mathml/MathMLScriptsElement.h: Ditto.
1468         * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
1469         * rendering/mathml/RenderMathMLScripts.cpp:
1470         (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
1471         MathMLScriptsElement.
1472         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
1473         using the functions from the MathMLScriptsElement class.
1474         * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
1475
1476 2016-07-18  Frederic Wang  <fwang@igalia.com>
1477
1478         Do not store gap and shift parameters on RenderMathMLFraction
1479         https://bugs.webkit.org/show_bug.cgi?id=159876
1480
1481         Reviewed by Darin Adler.
1482
1483         After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
1484         do not need to store them on the class. We remove them and split updateLayoutParameters into
1485         three functions: one to update the linethickness and two others to retrieve the fraction and
1486         stack respectively.
1487
1488         No new tests, rendering is unchanged.
1489
1490         * rendering/mathml/RenderMathMLFraction.cpp:
1491         (WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
1492         (WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
1493         (WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
1494         (WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
1495         for fraction and stack parameters.
1496         (WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
1497         * rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
1498         for stack and fraction parameters.
1499
1500 2016-07-18  Chris Dumez  <cdumez@apple.com>
1501
1502         input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
1503         https://bugs.webkit.org/show_bug.cgi?id=159908
1504
1505         Reviewed by Alex Christensen.
1506
1507         input.formEnctype / formMethod and button.formEnctype / formMethod / type
1508         should treat null as "null" String:
1509         - https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
1510         - https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement
1511
1512         In WebKit, we would treat null as a null String which would end up
1513         removing the corresponding attribute. This does not match the
1514         specification. Firefox and Chrome match the specification here.
1515
1516         Tests:
1517         - fast/dom/HTMLButtonElement/null-handling.html
1518         - fast/dom/HTMLInputElement/null-handling.html
1519
1520         * html/HTMLButtonElement.idl:
1521         * html/HTMLInputElement.idl:
1522
1523 2016-07-18  Alex Christensen  <achristensen@webkit.org>
1524
1525         webbookmarksd needs to use the same AppCache directory as MobileSafari
1526         https://bugs.webkit.org/show_bug.cgi?id=159912
1527
1528         Reviewed by Alexey Proskuryakov.
1529
1530         No new tests.  This only changes behavior for webbookmarksd.
1531
1532         * platform/RuntimeApplicationChecks.h:
1533         * platform/RuntimeApplicationChecks.mm:
1534         (WebCore::IOSApplication::isWebBookmarksD): Added.
1535
1536 2016-07-18  Chris Dumez  <cdumez@apple.com>
1537
1538         EventTarget.dispatchEvent() parameter should not be nullable
1539         https://bugs.webkit.org/show_bug.cgi?id=159897
1540
1541         Reviewed by Benjamin Poulain.
1542
1543         EventTarget.dispatchEvent() parameter should not be nullable:
1544         - https://dom.spec.whatwg.org/#interface-eventtarget
1545
1546         Even though the parameter was marked as nullable in our IDL, our
1547         implementation does a null check and we already throw a TypeError
1548         when calling dispatchEvent(null).
1549
1550         Update our IDL so that it matches the specification and so that
1551         the null check is generated in the bindings instead.
1552
1553         No new tests, rebaseline existing tests.
1554
1555         * dom/EventTarget.cpp:
1556         (WebCore::EventTarget::dispatchEventForBindings):
1557         * dom/EventTarget.h:
1558         * dom/EventTarget.idl:
1559
1560 2016-07-18  Chris Dumez  <cdumez@apple.com>
1561
1562         DocType's publicId / systemId should not be nullable
1563         https://bugs.webkit.org/show_bug.cgi?id=159901
1564
1565         Reviewed by Benjamin Poulain.
1566
1567         DocType's publicId / systemId should not be nullable. While they were
1568         not marked as nullable in our IDL, they could be stored as null Strings
1569         in our implementation depending on how the Node was constructed. This
1570         led to subtle bugs where String() != emptyString().
1571
1572         In particular, Node.isEqualNode() would return false when DocumentType
1573         nodes would mismatch because of their publicId / systemId being null
1574         instead of the emptyString.
1575
1576         Serialization would DocumentType nodes would also be wrong when
1577         publicId / systemId were empty Strings instead of null strings. The
1578         new behavior now matches:
1579         - https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)
1580
1581         To address these issues, we now always store publicId / systemId as
1582         non-null Strings inside the DocumentType class.
1583
1584         Test: fast/dom/DocumentType/isEqualNode.html
1585
1586         * dom/DocumentType.cpp:
1587         (WebCore::DocumentType::DocumentType):
1588         * editing/MarkupAccumulator.cpp:
1589         (WebCore::MarkupAccumulator::appendDocumentType):
1590
1591 2016-07-18  Jeremy Jones  <jeremyj@apple.com>
1592
1593         If previous media session interruptions were prevented, still allow subsequent interruptions to try.
1594         https://bugs.webkit.org/show_bug.cgi?id=157553
1595         rdar://problem/25740804
1596
1597         Reviewed by Eric Carlson.
1598
1599         Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html
1600
1601         When suspending under lock on iOS, there is first a resign active event, then a
1602         suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
1603         suspend under lock to interrupt playback.
1604
1605         Currently if there are nested interruptions only the first one is acted upon.
1606
1607         This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
1608         previous interruptions were ignored.
1609
1610         This test is for iPad only, so it must be run manually.
1611
1612         * html/HTMLMediaElement.cpp:
1613         (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
1614         * platform/audio/PlatformMediaSession.cpp:
1615         (WebCore::PlatformMediaSession::beginInterruption):
1616         * testing/Internals.cpp:
1617         (WebCore::Internals::beginMediaSessionInterruption):
1618
1619 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1620
1621         Don't associate form-associated elements with forms in other trees.
1622         https://bugs.webkit.org/show_bug.cgi?id=119451
1623         <rdar://problem/27382946>
1624
1625         Change is based on the Blink change (patch by <adamk@chromium.org>):
1626         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
1627
1628         Reviewed by Chris Dumez.
1629
1630         Prevent elements from being associated with forms that are not part of the same home subtree.
1631         This brings us in line with the WhatWG HTML specification as of September, 2013.
1632
1633         Tests: fast/forms/image-disconnected-during-parse.html
1634                fast/forms/input-disconnected-during-parse.html
1635
1636         * dom/Element.h:
1637         (WebCore::Node::rootElement): Added.
1638         * html/FormAssociatedElement.cpp:
1639         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
1640         is not part of the same tree, remove the association.
1641         * html/HTMLImageElement.cpp:
1642         (WebCore::HTMLImageElement::insertedInto): Ditto.
1643
1644 2016-07-18  Anders Carlsson  <andersca@apple.com>
1645
1646         WebKit nightly fails to build on macOS Sierra
1647         https://bugs.webkit.org/show_bug.cgi?id=159902
1648         rdar://problem/27365672
1649
1650         Reviewed by Tim Horton.
1651
1652         * Modules/applepay/cocoa/PaymentCocoa.mm:
1653         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
1654         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
1655         * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
1656         Use new PassKitSPI header.
1657
1658         * WebCore.xcodeproj/project.pbxproj:
1659         Add new PassKitSPI header.
1660
1661         * icu/unicode/ucurr.h: Added.
1662         Add ucurr.h from ICU.
1663
1664         * platform/spi/cocoa/PassKitSPI.h: Added.
1665         Add new PassKitSPI header.
1666
1667 2016-07-18  Dean Jackson  <dino@apple.com>
1668
1669         REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
1670         https://bugs.webkit.org/show_bug.cgi?id=159906
1671         <rdar://problem/27391725>
1672
1673         Reviewed by Simon Fraser.
1674
1675         The fix for webkit.org/b/157569 in r200769 broke AMP pages.
1676         The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.
1677
1678         Revert them both until we have better testing.
1679
1680         * css/CSSParser.cpp:
1681         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
1682         (WebCore::CSSParser::parseValue):
1683         (WebCore::CSSParser::parseAnimationShorthand):
1684         (WebCore::CSSParser::parseTransitionShorthand): Deleted.
1685         * css/CSSPropertyNames.in:
1686         * css/PropertySetCSSStyleDeclaration.cpp:
1687         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
1688         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
1689         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
1690         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
1691         * css/StyleProperties.cpp:
1692         (WebCore::MutableStyleProperties::removeShorthandProperty):
1693         (WebCore::MutableStyleProperties::removeProperty):
1694         (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
1695         (WebCore::MutableStyleProperties::setProperty):
1696         (WebCore::getIndexInShorthandVectorForPrefixingVariant):
1697         (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
1698         (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
1699         (WebCore::StyleProperties::asText): Deleted.
1700         * css/StyleProperties.h:
1701
1702 2016-07-18  Andreas Kling  <akling@apple.com>
1703
1704         There should be a way to simulate memory pressure in layout tests
1705         <https://webkit.org/b/159743>
1706
1707         Reviewed by Simon Fraser.
1708
1709         Add three window.internal APIs:
1710
1711             - boolean isUnderMemoryPressure (readonly attribute)
1712             - void beginSimulatedMemoryPressure()
1713             - void endSimulatedMemoryPressure()
1714
1715         These make it possible to write tests that exercise behaviors that only
1716         occur during memory pressure situations.
1717
1718         I also implemented the "org.WebKit.lowMemory" notification handler using the new API.
1719
1720         Test: memory/memory-pressure-simulation.html
1721
1722         * platform/MemoryPressureHandler.cpp:
1723         (WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
1724         (WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):
1725         * platform/MemoryPressureHandler.h:
1726         (WebCore::MemoryPressureHandler::isUnderMemoryPressure):
1727         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1728         (WebCore::MemoryPressureHandler::platformReleaseMemory):
1729         (WebCore::MemoryPressureHandler::install):
1730         * testing/Internals.cpp:
1731         (WebCore::Internals::isUnderMemoryPressure):
1732         (WebCore::Internals::beginSimulatedMemoryPressure):
1733         (WebCore::Internals::endSimulatedMemoryPressure):
1734         * testing/Internals.h:
1735         * testing/Internals.idl:
1736
1737 2016-07-18  Said Abou-Hallawa  <sabouhallawa@apple,com>
1738
1739         [iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
1740         https://bugs.webkit.org/show_bug.cgi?id=158715
1741
1742         Reviewed by Dean Jackson.
1743
1744         Test: fast/images/displaced-non-cached-pdf.html
1745
1746         For iOS, we need to ensure the size of the cached PDF images will not
1747         exceed some limit. Also we should be caching only a sub image of the PDF
1748         if caching the whole image will exceed the memory limit.
1749
1750         * page/Settings.cpp:
1751         (WebCore::Settings::Settings):
1752         (WebCore::Settings::setCachedPDFImageEnabled):
1753         * page/Settings.h:
1754         (WebCore::Settings::isCachedPDFImageEnabled):
1755             Add an option to disable caching the PDF images.
1756
1757         * platform/graphics/cg/PDFDocumentImage.cpp:
1758         (WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
1759             Allow the caller of draw() to disable caching the PDF images.
1760         
1761         (WebCore::PDFDocumentImage::cacheParametersMatch):
1762             Match the context dirty rectangle with the cached image rectangle.
1763         
1764         (WebCore::transformContextForPainting):
1765             When preparing the context for drawing the PDF, take the location 
1766             of the destination rectangle into account. We do not need to scale
1767             the location of the source rectangle because we scale the size of
1768             the rectangle but we don't scale the whole coordinate system.
1769
1770         (WebCore::cachedImageRect):
1771             Calculate the rectangle of the cached image such that it does not
1772             exceed the limit. Start from the center of the dirty rectangle and
1773             then expand around it.
1774             
1775         (WebCore::PDFDocumentImage::decodedSizeChanged):
1776             In addition to notifying the ImageObserver, it keeps track of the size
1777             of all the cached PDF images.
1778
1779         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
1780             Ensure the size of all the cached images does not exceed the limit
1781             
1782         (WebCore::PDFDocumentImage::destroyDecodedData):
1783         * platform/graphics/cg/PDFDocumentImage.h:
1784
1785         * rendering/RenderImage.cpp:
1786         (WebCore::RenderImage::paintIntoRect):
1787             Pass the option to disable caching the PDF images to PDFDocumentImage.
1788
1789         * testing/InternalSettings.cpp:
1790         (WebCore::InternalSettings::Backup::Backup):
1791         (WebCore::InternalSettings::Backup::restoreTo):
1792         (WebCore::InternalSettings::setCachedPDFImageEnabled):
1793         * testing/InternalSettings.h:
1794         * testing/InternalSettings.idl:
1795             Add an internal option to disable caching the PDF images.
1796
1797 2016-07-18  Chris Dumez  <cdumez@apple.com>
1798
1799         The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
1800         https://bugs.webkit.org/show_bug.cgi?id=158008
1801
1802         Reviewed by Darin Adler.
1803
1804         The 2 first parameters to addEventListener() / removeEventListener() should be
1805         mandatory:
1806         - https://dom.spec.whatwg.org/#interface-eventtarget
1807
1808         Firefox 46 and Chrome 50 both match the specification and throw an exception when those
1809         parameters are omitted. However, those parameters were marked as optional in WebKit and
1810         the calls were no-ops if those parameters were omitted. This patch aligns our behavior
1811         with the specification and other browsers.
1812
1813         Test: fast/dom/eventtarget-api-parameters.html
1814
1815         * bindings/scripts/CodeGeneratorJS.pm:
1816         (GetFunctionLength): Deleted.
1817         * dom/EventTarget.idl:
1818
1819 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1820
1821         Unreviewed, rolling out r203373.
1822
1823         Unaddressed
1824
1825         Reverted changeset:
1826
1827         "Don't associate form-associated elements with forms in other
1828         trees."
1829         https://bugs.webkit.org/show_bug.cgi?id=119451
1830         http://trac.webkit.org/changeset/203373
1831
1832 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1833
1834         Don't associate form-associated elements with forms in other trees.
1835         https://bugs.webkit.org/show_bug.cgi?id=119451
1836         <rdar://problem/27382946>
1837
1838         Change is based on the Blink change (patch by <adamk@chromium.org>):
1839         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
1840
1841         Reviewed by Zalan Bujtas.
1842
1843         Prevent elements from being associated with forms that are not part of the same home subtree.
1844         This brings us in line with the WhatWG HTML specification as of September, 2013.
1845
1846         Tests: fast/forms/image-disconnected-during-parse.html
1847                fast/forms/input-disconnected-during-parse.html
1848
1849         * dom/NodeTraversal.h:
1850         (WebCore::NodeTraversal::highestAncestorOrSelf): Added.
1851         * html/FormAssociatedElement.cpp:
1852         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
1853         is not part of the same tree, remove the association.
1854         * html/HTMLImageElement.cpp:
1855         (WebCore::HTMLImageElement::insertedInto): Ditto.
1856
1857 2016-07-18  George Ruan  <gruan@apple.com>
1858
1859         Move MediaSampleAVFObjC into its own file
1860         https://bugs.webkit.org/show_bug.cgi?id=159796
1861         <rdar://problem/27362488>
1862
1863         In preparation for a feature that uses MediaSampleAVFObjC, but does
1864         not need SourceBufferPrivateAVFObjC, it is beneficial to move
1865         MediaSampleAVFObjC to its own file.
1866
1867         Reviewed by Eric Carlson.
1868
1869         * WebCore.xcodeproj/project.pbxproj:
1870         * platform/MediaSample.h: Allow setting trackID to associate
1871         MediaSample id with MediaStreamTrackPrivate id.
1872         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Added.
1873         * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm: Moved
1874         from MediaSampleAVFObjC
1875         (WebCore::MediaSampleAVFObjC::presentationTime):
1876         (WebCore::MediaSampleAVFObjC::decodeTime):
1877         (WebCore::MediaSampleAVFObjC::duration):
1878         (WebCore::MediaSampleAVFObjC::sizeInBytes):
1879         (WebCore::MediaSampleAVFObjC::platformSample):
1880         (WebCore::CMSampleBufferIsRandomAccess):
1881         (WebCore::MediaSampleAVFObjC::flags):
1882         (WebCore::MediaSampleAVFObjC::presentationSize):
1883         (WebCore::MediaSampleAVFObjC::dump):
1884         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy):
1885         (WebCore::MediaSampleAVFObjC::setTimestamps):
1886         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1887         Moved MediaSampleAVFObjC to its own file.
1888         (WebCore::MediaSampleAVFObjC::platformSample): Deleted.
1889         (WebCore::CMSampleBufferIsRandomAccess): Deleted.
1890         (WebCore::MediaSampleAVFObjC::flags): Deleted.
1891         (WebCore::MediaSampleAVFObjC::presentationSize): Deleted.
1892         (WebCore::MediaSampleAVFObjC::dump): Deleted.
1893         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Deleted.
1894         (WebCore::MediaSampleAVFObjC::setTimestamps): Deleted.
1895         * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
1896
1897 2016-07-18  Eric Carlson  <eric.carlson@apple.com>
1898
1899         [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
1900         https://bugs.webkit.org/show_bug.cgi?id=159812
1901         <rdar://problem/27371624>
1902
1903         Reviewed by Jon Lee.
1904
1905         No new tests, it isn't possible to test this with our current testing infrastructure.
1906
1907         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
1908         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1909         (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
1910         been an HDCP error.
1911         (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.
1912
1913 2016-07-18  Yoav Weiss  <yoav@yoav.ws>
1914
1915         Add preload to features.json
1916         https://bugs.webkit.org/show_bug.cgi?id=159872
1917
1918         Reviewed by Darin Adler.
1919
1920         No new tests but no functional change.
1921
1922         * features.json:
1923
1924 2016-07-18  Youenn Fablet  <youenn@apple.com>
1925
1926         [Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
1927         https://bugs.webkit.org/show_bug.cgi?id=159870
1928
1929         Reviewed by Xabier Rodriguez-Calvar.
1930
1931         Covered by rebased test.
1932
1933         * Modules/streams/StreamInternals.js:
1934         (validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.
1935
1936 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
1937
1938         Windows buildfix after r203338
1939         https://bugs.webkit.org/show_bug.cgi?id=159875
1940
1941         Unreviewed buildfix.
1942
1943         * dom/UserGestureIndicator.h:
1944         (WebCore::UserGestureToken::addDestructionObserver):
1945
1946 2016-07-18  Carlos Garcia Campos  <cgarcia@igalia.com>
1947
1948         MemoryPressureHandler doesn't work if cgroups aren't present in Linux
1949         https://bugs.webkit.org/show_bug.cgi?id=155255
1950
1951         Reviewed by Sergio Villar Senin.
1952
1953         Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
1954         available.
1955
1956         * platform/MemoryPressureHandler.h:
1957         * platform/linux/MemoryPressureHandlerLinux.cpp:
1958
1959 2016-07-17  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1960
1961         Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
1962         https://bugs.webkit.org/show_bug.cgi?id=159701
1963
1964         Reviewed by Alex Christensen.
1965
1966         No new tests, no behavior changes.
1967
1968         * Modules/encryptedmedia/CDM.h:
1969         * Modules/encryptedmedia/MediaKeySession.h:
1970         * Modules/encryptedmedia/MediaKeys.h:
1971         * Modules/quota/DOMWindowQuota.cpp:
1972         * Modules/quota/StorageErrorCallback.cpp:
1973         (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
1974         * Modules/quota/StorageErrorCallback.h:
1975         * Modules/quota/StorageInfo.h:
1976         * Modules/quota/StorageQuota.h:
1977         * Modules/speech/DOMWindowSpeechSynthesis.cpp:
1978         * Modules/speech/SpeechSynthesis.cpp:
1979         (WebCore::SpeechSynthesis::getVoices):
1980         (WebCore::SpeechSynthesis::startSpeakingImmediately):
1981         (WebCore::SpeechSynthesis::speak):
1982         (WebCore::SpeechSynthesis::cancel):
1983         (WebCore::SpeechSynthesis::handleSpeakingCompleted):
1984         (WebCore::SpeechSynthesis::boundaryEventOccurred):
1985         (WebCore::SpeechSynthesis::didStartSpeaking):
1986         (WebCore::SpeechSynthesis::didPauseSpeaking):
1987         (WebCore::SpeechSynthesis::didResumeSpeaking):
1988         (WebCore::SpeechSynthesis::didFinishSpeaking):
1989         (WebCore::SpeechSynthesis::speakingErrorOccurred):
1990         * Modules/speech/SpeechSynthesis.h:
1991         * Modules/speech/SpeechSynthesisEvent.h:
1992         * Modules/speech/SpeechSynthesisUtterance.h:
1993         * Modules/speech/SpeechSynthesisVoice.cpp:
1994         (WebCore::SpeechSynthesisVoice::create):
1995         (WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):
1996         * Modules/speech/SpeechSynthesisVoice.h:
1997         * platform/PlatformSpeechSynthesizer.h:
1998         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
1999         (WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):
2000         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
2001         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
2002         (WebCore::PlatformSpeechSynthesizerMock::speak):
2003         (WebCore::PlatformSpeechSynthesizerMock::cancel):
2004         (WebCore::PlatformSpeechSynthesizerMock::pause):
2005         (WebCore::PlatformSpeechSynthesizerMock::resume):
2006
2007 2016-07-16  Sam Weinig  <sam@webkit.org>
2008
2009         [WebKit API] Add SPI to track multiple navigations caused by a single user gesture
2010         <rdar://problem/26554137>
2011         https://bugs.webkit.org/show_bug.cgi?id=159856
2012
2013         Reviewed by Dan Bernstein.
2014
2015         - Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
2016         - Makes UserGestureIndicator track UserGestureToken.
2017         - Refines UserGestureIndicator's interface to use Optional and a smaller enum set
2018           to represent the different initial states.
2019         - Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, 
2020           postMessage, and ScheduledNavigation) rather than just a boolean.
2021
2022         * accessibility/AccessibilityNodeObject.cpp:
2023         (WebCore::AccessibilityNodeObject::increment):
2024         (WebCore::AccessibilityNodeObject::decrement):
2025         * accessibility/AccessibilityObject.cpp:
2026         (WebCore::AccessibilityObject::press):
2027         * bindings/js/ScriptController.cpp:
2028         (WebCore::ScriptController::executeScriptInWorld):
2029         (WebCore::ScriptController::executeScript):
2030         Update for new UserGestureIndicator interface.
2031
2032         * dom/UserGestureIndicator.cpp:
2033         (WebCore::currentToken):
2034         (WebCore::UserGestureToken::~UserGestureToken):
2035         (WebCore::UserGestureIndicator::UserGestureIndicator):
2036         (WebCore::UserGestureIndicator::~UserGestureIndicator):
2037         (WebCore::UserGestureIndicator::currentUserGesture):
2038         (WebCore::UserGestureIndicator::processingUserGesture):
2039         (WebCore::UserGestureIndicator::processingUserGestureForMedia):
2040         (WebCore::isDefinite): Deleted.
2041         * dom/UserGestureIndicator.h:
2042         (WebCore::UserGestureToken::create):
2043         (WebCore::UserGestureToken::state):
2044         (WebCore::UserGestureToken::processingUserGesture):
2045         (WebCore::UserGestureToken::processingUserGestureForMedia):
2046         (WebCore::UserGestureToken::addDestructionObserver):
2047         (WebCore::UserGestureToken::UserGestureToken):
2048         Add UserGestureToken and track the current one explicitly.
2049
2050         * html/HTMLMediaElement.cpp:
2051         (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
2052         * inspector/InspectorFrontendClientLocal.cpp:
2053         (WebCore::InspectorFrontendClientLocal::openInNewTab):
2054         * inspector/InspectorFrontendHost.cpp:
2055         * inspector/InspectorPageAgent.cpp:
2056         (WebCore::InspectorPageAgent::navigate):
2057         Update for new UserGestureIndicator interface.
2058
2059         * loader/NavigationAction.cpp:
2060         (WebCore::NavigationAction::NavigationAction):
2061         * loader/NavigationAction.h:
2062         (WebCore::NavigationAction::userGestureToken):
2063         (WebCore::NavigationAction::processingUserGesture):
2064         * loader/NavigationScheduler.cpp:
2065         (WebCore::ScheduledNavigation::ScheduledNavigation):
2066         (WebCore::ScheduledNavigation::~ScheduledNavigation):
2067         (WebCore::ScheduledNavigation::lockBackForwardList):
2068         (WebCore::ScheduledNavigation::wasDuringLoad):
2069         (WebCore::ScheduledNavigation::isLocationChange):
2070         (WebCore::ScheduledNavigation::userGestureToForward):
2071         (WebCore::ScheduledNavigation::clearUserGesture):
2072         (WebCore::NavigationScheduler::mustLockBackForwardList):
2073         (WebCore::NavigationScheduler::scheduleFormSubmission):
2074         (WebCore::ScheduledNavigation::wasUserGesture): Deleted.
2075         * page/DOMTimer.cpp:
2076         (WebCore::shouldForwardUserGesture):
2077         (WebCore::userGestureTokenToForward):
2078         (WebCore::DOMTimer::DOMTimer):
2079         (WebCore::DOMTimer::fired):
2080         * page/DOMTimer.h:
2081         * page/DOMWindow.cpp:
2082         (WebCore::PostMessageTimer::PostMessageTimer):
2083         Store the active UserGestureToken rather than just a bit.
2084
2085         * page/EventHandler.cpp:
2086         (WebCore::EventHandler::handleMousePressEvent):
2087         (WebCore::EventHandler::handleMouseDoubleClickEvent):
2088         (WebCore::EventHandler::handleMouseReleaseEvent):
2089         (WebCore::EventHandler::keyEvent):
2090         (WebCore::EventHandler::handleTouchEvent):
2091         * rendering/HitTestResult.cpp:
2092         (WebCore::HitTestResult::toggleMediaFullscreenState):
2093         (WebCore::HitTestResult::enterFullscreenForVideo):
2094         (WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
2095         Update for new UserGestureIndicator interface.
2096
2097 2016-07-17  Ryosuke Niwa  <rniwa@webkit.org>
2098
2099         Rename fastHasAttribute to hasAttributeWithoutSynchronization
2100         https://bugs.webkit.org/show_bug.cgi?id=159864
2101
2102         Reviewed by Chris Dumez.
2103
2104         Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.
2105
2106         * accessibility/AccessibilityListBoxOption.cpp:
2107         (WebCore::AccessibilityListBoxOption::isEnabled):
2108         * accessibility/AccessibilityObject.cpp:
2109         (WebCore::AccessibilityObject::hasAttribute):
2110         (WebCore::AccessibilityObject::getAttribute):
2111         * accessibility/AccessibilityRenderObject.cpp:
2112         (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
2113         * bindings/scripts/CodeGenerator.pm:
2114         (GetterExpression):
2115         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2116         * bindings/scripts/test/JS/JSTestObj.cpp:
2117         (WebCore::jsTestObjReflectedBooleanAttr):
2118         (WebCore::jsTestObjReflectedCustomBooleanAttr):
2119         * bindings/scripts/test/ObjC/DOMTestObj.mm:
2120         (-[DOMTestObj reflectedBooleanAttr]):
2121         (-[DOMTestObj setReflectedBooleanAttr:]):
2122         (-[DOMTestObj reflectedCustomBooleanAttr]):
2123         (-[DOMTestObj setReflectedCustomBooleanAttr:]):
2124         * dom/Document.cpp:
2125         (WebCore::Document::hasManifest):
2126         (WebCore::Document::doctype):
2127         * dom/Element.h:
2128         (WebCore::Node::parentElement):
2129         (WebCore::Element::hasAttributeWithoutSynchronization):
2130         (WebCore::Element::fastHasAttribute): Deleted.
2131         * editing/ApplyStyleCommand.cpp:
2132         (WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):
2133         * editing/DeleteSelectionCommand.cpp:
2134         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
2135         * editing/markup.cpp:
2136         (WebCore::createMarkupInternal):
2137         * html/ColorInputType.cpp:
2138         (WebCore::ColorInputType::shouldShowSuggestions):
2139         * html/FileInputType.cpp:
2140         (WebCore::FileInputType::handleDOMActivateEvent):
2141         (WebCore::FileInputType::receiveDroppedFiles):
2142         * html/FormAssociatedElement.cpp:
2143         (WebCore::FormAssociatedElement::didMoveToNewDocument):
2144         (WebCore::FormAssociatedElement::insertedInto):
2145         (WebCore::FormAssociatedElement::removedFrom):
2146         (WebCore::FormAssociatedElement::formAttributeChanged):
2147         * html/FormController.cpp:
2148         (WebCore::ownerFormForState):
2149         * html/GenericCachedHTMLCollection.cpp:
2150         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
2151         * html/HTMLAnchorElement.cpp:
2152         (WebCore::HTMLAnchorElement::draggable):
2153         (WebCore::HTMLAnchorElement::href):
2154         (WebCore::HTMLAnchorElement::sendPings):
2155         * html/HTMLAppletElement.cpp:
2156         (WebCore::HTMLAppletElement::rendererIsNeeded):
2157         * html/HTMLElement.cpp:
2158         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
2159         (WebCore::elementAffectsDirectionality):
2160         (WebCore::setHasDirAutoFlagRecursively):
2161         * html/HTMLEmbedElement.cpp:
2162         (WebCore::HTMLEmbedElement::rendererIsNeeded):
2163         * html/HTMLFieldSetElement.cpp:
2164         (WebCore::updateFromControlElementsAncestorDisabledStateUnder):
2165         (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
2166         (WebCore::HTMLFieldSetElement::disabledStateChanged):
2167         (WebCore::HTMLFieldSetElement::childrenChanged):
2168         * html/HTMLFormControlElement.cpp:
2169         (WebCore::HTMLFormControlElement::formNoValidate):
2170         (WebCore::HTMLFormControlElement::formAction):
2171         (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
2172         (WebCore::shouldAutofocus):
2173         * html/HTMLFormElement.cpp:
2174         (WebCore::HTMLFormElement::formElementIndex):
2175         (WebCore::HTMLFormElement::noValidate):
2176         * html/HTMLFrameElement.cpp:
2177         (WebCore::HTMLFrameElement::noResize):
2178         (WebCore::HTMLFrameElement::didAttachRenderers):
2179         * html/HTMLFrameElementBase.cpp:
2180         (WebCore::HTMLFrameElementBase::parseAttribute):
2181         (WebCore::HTMLFrameElementBase::location):
2182         * html/HTMLHRElement.cpp:
2183         (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
2184         * html/HTMLImageElement.cpp:
2185         (WebCore::HTMLImageElement::isServerMap):
2186         * html/HTMLInputElement.cpp:
2187         (WebCore::HTMLInputElement::finishParsingChildren):
2188         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
2189         (WebCore::HTMLInputElement::isActivatedSubmit):
2190         (WebCore::HTMLInputElement::reset):
2191         (WebCore::HTMLInputElement::multiple):
2192         (WebCore::HTMLInputElement::setSize):
2193         (WebCore::HTMLInputElement::shouldUseMediaCapture):
2194         * html/HTMLMarqueeElement.cpp:
2195         (WebCore::HTMLMarqueeElement::minimumDelay):
2196         * html/HTMLMediaElement.cpp:
2197         (WebCore::HTMLMediaElement::insertedInto):
2198         (WebCore::HTMLMediaElement::selectMediaResource):
2199         (WebCore::HTMLMediaElement::loadResource):
2200         (WebCore::HTMLMediaElement::autoplay):
2201         (WebCore::HTMLMediaElement::preload):
2202         (WebCore::HTMLMediaElement::loop):
2203         (WebCore::HTMLMediaElement::setLoop):
2204         (WebCore::HTMLMediaElement::controls):
2205         (WebCore::HTMLMediaElement::setControls):
2206         (WebCore::HTMLMediaElement::muted):
2207         (WebCore::HTMLMediaElement::setMuted):
2208         (WebCore::HTMLMediaElement::selectNextSourceChild):
2209         (WebCore::HTMLMediaElement::sourceWasAdded):
2210         (WebCore::HTMLMediaElement::mediaSessionTitle):
2211         * html/HTMLObjectElement.cpp:
2212         (WebCore::HTMLObjectElement::parseAttribute):
2213         * html/HTMLOptGroupElement.cpp:
2214         (WebCore::HTMLOptGroupElement::isDisabledFormControl):
2215         (WebCore::HTMLOptGroupElement::isFocusable):
2216         * html/HTMLOptionElement.cpp:
2217         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
2218         (WebCore::HTMLOptionElement::text):
2219         * html/HTMLProgressElement.cpp:
2220         (WebCore::HTMLProgressElement::isDeterminate):
2221         (WebCore::HTMLProgressElement::didElementStateChange):
2222         * html/HTMLScriptElement.cpp:
2223         (WebCore::HTMLScriptElement::async):
2224         (WebCore::HTMLScriptElement::setCrossOrigin):
2225         (WebCore::HTMLScriptElement::asyncAttributeValue):
2226         (WebCore::HTMLScriptElement::deferAttributeValue):
2227         (WebCore::HTMLScriptElement::hasSourceAttribute):
2228         (WebCore::HTMLScriptElement::dispatchLoadEvent):
2229         * html/HTMLSelectElement.cpp:
2230         (WebCore::HTMLSelectElement::reset):
2231         * html/HTMLTrackElement.cpp:
2232         (WebCore::HTMLTrackElement::isDefault):
2233         (WebCore::HTMLTrackElement::ensureTrack):
2234         (WebCore::HTMLTrackElement::loadTimerFired):
2235         * html/MediaElementSession.cpp:
2236         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
2237         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
2238         (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading):
2239         * html/SearchInputType.cpp:
2240         (WebCore::SearchInputType::searchEventsShouldBeDispatched):
2241         (WebCore::SearchInputType::didSetValueByUserEdit):
2242         * inspector/InspectorDOMAgent.cpp:
2243         (WebCore::InspectorDOMAgent::buildObjectForNode):
2244         * loader/FrameLoader.cpp:
2245         (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
2246         (WebCore::FrameLoader::findFrameForNavigation):
2247         * loader/ImageLoader.cpp:
2248         (WebCore::ImageLoader::notifyFinished):
2249         * mathml/MathMLSelectElement.cpp:
2250         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2251         * rendering/RenderTableCell.cpp:
2252         (WebCore::RenderTableCell::computePreferredLogicalWidths):
2253         * rendering/RenderThemeIOS.mm:
2254         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
2255         * rendering/SimpleLineLayout.cpp:
2256         (WebCore::SimpleLineLayout::canUseForWithReason):
2257         * rendering/svg/RenderSVGResourceClipper.cpp:
2258         (WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):
2259         * svg/SVGAnimateMotionElement.cpp:
2260         (WebCore::SVGAnimateMotionElement::updateAnimationPath):
2261         * svg/SVGAnimationElement.cpp:
2262         (WebCore::SVGAnimationElement::startedActiveInterval):
2263         (WebCore::SVGAnimationElement::updateAnimation):
2264         * svg/animation/SVGSMILElement.cpp:
2265         (WebCore::SVGSMILElement::insertedInto):
2266
2267 2016-07-17  Brady Eidson  <beidson@apple.com>
2268
2269         Exceptions logged to the JS console should use toString().
2270         https://bugs.webkit.org/show_bug.cgi?id=159855
2271
2272         Reviewed by Darin Adler.
2273
2274         No new tests (No change in behavior).
2275
2276         * bindings/js/JSDOMBinding.cpp:
2277         (WebCore::reportException):
2278
2279         * dom/DOMCoreException.h:
2280         (WebCore::DOMCoreException::DOMCoreException):
2281
2282         * dom/ExceptionBase.cpp:
2283         (WebCore::ExceptionBase::ExceptionBase):
2284         (WebCore::ExceptionBase::toString):
2285         (WebCore::ExceptionBase::consoleErrorMessage): Deleted.
2286         * dom/ExceptionBase.h:
2287         (WebCore::ExceptionBase::description): Deleted.
2288
2289         * svg/SVGException.h:
2290
2291         * xml/XPathException.h:
2292         (WebCore::XPathException::XPathException):
2293
2294 2016-07-17  Brady Eidson  <beidson@apple.com>
2295
2296         Update DOMCoreException to use the description in toString().
2297         https://bugs.webkit.org/show_bug.cgi?id=159857
2298
2299         Reviewed by Darin Adler.
2300
2301         No new tests (Covered by changes to existing tests).
2302
2303         * bindings/js/JSDOMBinding.cpp:
2304         (WebCore::createDOMException):
2305
2306         * dom/DOMCoreException.h:
2307         (WebCore::DOMCoreException::DOMCoreException):
2308         (WebCore::DOMCoreException::createWithDescriptionAsMessage): Deleted.
2309
2310 2016-07-17  Myles C. Maxfield  <mmaxfield@apple.com>
2311
2312         Support new emoji group candidates
2313         https://bugs.webkit.org/show_bug.cgi?id=159755
2314         <rdar://problem/27325521>
2315
2316         Reviewed by Dean Jackson.
2317
2318         There are a few code points which should be able to be joined (with ZWJ) to
2319         either U+2640 or U+2642 to change the gender of the emoji. These patterns
2320         should also work with an additional 0xFE0F variation selector. This patch
2321         adds these new patterns to our existing emoji group candidate infrastructure.
2322
2323         Tests: fast/text/emoji-gender-2-3.html
2324                fast/text/emoji-gender-2-4.html
2325                fast/text/emoji-gender-2-5.html
2326                fast/text/emoji-gender-2-6.html
2327                fast/text/emoji-gender-2-7.html
2328                fast/text/emoji-gender-2-8.html
2329                fast/text/emoji-gender-2-9.html
2330                fast/text/emoji-gender-2.html
2331                fast/text/emoji-gender-3.html
2332                fast/text/emoji-gender-4.html
2333                fast/text/emoji-gender-5.html
2334                fast/text/emoji-gender-6.html
2335                fast/text/emoji-gender-7.html
2336                fast/text/emoji-gender-8.html
2337                fast/text/emoji-gender-9.html
2338                fast/text/emoji-gender-fe0f-3.html
2339                fast/text/emoji-gender-fe0f-4.html
2340                fast/text/emoji-gender-fe0f-5.html
2341                fast/text/emoji-gender-fe0f-6.html
2342                fast/text/emoji-gender-fe0f-7.html
2343                fast/text/emoji-gender-fe0f-8.html
2344                fast/text/emoji-gender-fe0f-9.html
2345                fast/text/emoji-gender.html
2346                fast/text/emoji-num-glyphs.html
2347                fast/text/emoji-single-parent-family-2.html
2348                fast/text/emoji-single-parent-family.html
2349
2350         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
2351         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
2352         * platform/graphics/FontCascade.cpp:
2353         (WebCore::FontCascade::characterRangeCodePath):
2354         * platform/text/CharacterProperties.h:
2355         (WebCore::isEmojiGroupCandidate):
2356
2357 2016-07-16  Brady Eidson  <beidson@apple.com>
2358
2359         Update SVGException to use the description in toString().
2360         https://bugs.webkit.org/show_bug.cgi?id=159847
2361
2362         Reviewed by Darin Adler.
2363
2364         No new tests (Covered by changes to existing tests).
2365
2366         * bindings/js/JSDOMBinding.cpp:
2367         (WebCore::reportException): use consoleErrorMessage for now.
2368
2369         * dom/ExceptionBase.cpp:
2370         (WebCore::ExceptionBase::consoleErrorMessage):
2371         * dom/ExceptionBase.h:
2372
2373         * svg/SVGException.h:
2374
2375 2016-07-16  Chris Dumez  <cdumez@apple.com>
2376
2377         Use fastHasAttribute() when possible
2378         https://bugs.webkit.org/show_bug.cgi?id=159838
2379
2380         Reviewed by Ryosuke Niwa.
2381
2382         Use fastHasAttribute() when possible, for performance.
2383
2384         * editing/DeleteSelectionCommand.cpp:
2385         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
2386         * editing/markup.cpp:
2387         (WebCore::createMarkupInternal):
2388         * html/HTMLAnchorElement.cpp:
2389         (WebCore::HTMLAnchorElement::draggable):
2390         * html/HTMLFrameElementBase.cpp:
2391         (WebCore::HTMLFrameElementBase::parseAttribute):
2392         * mathml/MathMLSelectElement.cpp:
2393         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2394         * rendering/RenderThemeIOS.mm:
2395         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
2396
2397 2016-07-16  Ryosuke Niwa  <rniwa@webkit.org>
2398
2399         Rename fastGetAttribute to attributeWithoutSynchronization
2400         https://bugs.webkit.org/show_bug.cgi?id=159852
2401
2402         Reviewed by Darin Adler.
2403
2404         Renamed fastGetAttribute to attributeWithoutSynchronization for clarity.
2405
2406         * accessibility/AXObjectCache.cpp:
2407         (WebCore::AXObjectCache::findAriaModalNodes):
2408         (WebCore::nodeHasRole):
2409         (WebCore::AXObjectCache::handleLiveRegionCreated):
2410         (WebCore::AXObjectCache::handleMenuItemSelected):
2411         (WebCore::AXObjectCache::handleAriaModalChange):
2412         (WebCore::isNodeAriaVisible):
2413         * accessibility/AccessibilityNodeObject.cpp:
2414         (WebCore::siblingWithAriaRole):
2415         (WebCore::AccessibilityNodeObject::titleElementText):
2416         (WebCore::AccessibilityNodeObject::alternativeTextForWebArea):
2417         (WebCore::AccessibilityNodeObject::hierarchicalLevel):
2418         (WebCore::AccessibilityNodeObject::stringValue):
2419         (WebCore::accessibleNameForNode):
2420         * accessibility/AccessibilityObject.cpp:
2421         (WebCore::AccessibilityObject::contentEditableAttributeIsEnabled):
2422         (WebCore::AccessibilityObject::getAttribute):
2423         * accessibility/AccessibilityRenderObject.cpp:
2424         (WebCore::AccessibilityRenderObject::stringValue):
2425         (WebCore::AccessibilityRenderObject::exposesTitleUIElement):
2426         * accessibility/AccessibilitySVGElement.cpp:
2427         (WebCore::AccessibilitySVGElement::childElementWithMatchingLanguage):
2428         (WebCore::AccessibilitySVGElement::accessibilityDescription):
2429         * bindings/objc/DOM.mm:
2430         (-[DOMHTMLLinkElement _mediaQueryMatches]):
2431         * bindings/scripts/CodeGenerator.pm:
2432         (GetterExpression):
2433         * bindings/scripts/CodeGeneratorObjC.pm:
2434         (GenerateImplementation):
2435         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2436         * bindings/scripts/test/JS/JSTestObj.cpp:
2437         (WebCore::jsTestObjReflectedStringAttr):
2438         * dom/AuthorStyleSheets.cpp:
2439         (WebCore::AuthorStyleSheets::collectActiveStyleSheets):
2440         * dom/Document.cpp:
2441         (WebCore::Document::buildAccessKeyMap):
2442         (WebCore::Document::processBaseElement):
2443         * dom/DocumentOrderedMap.cpp:
2444         (WebCore::DocumentOrderedMap::getElementByLabelForAttribute):
2445         * dom/Element.cpp:
2446         (WebCore::Element::imageSourceURL):
2447         (WebCore::Element::rendererIsNeeded):
2448         (WebCore::Element::insertedInto):
2449         (WebCore::Element::removedFrom):
2450         (WebCore::Element::pseudo):
2451         (WebCore::Element::setPseudo):
2452         (WebCore::Element::spellcheckAttributeState):
2453         (WebCore::Element::canContainRangeEndPoint):
2454         (WebCore::Element::completeURLsInAttributeValue):
2455         * dom/Element.h:
2456         (WebCore::Element::fastHasAttribute):
2457         (WebCore::Element::attributeWithoutSynchronization):
2458         (WebCore::Element::fastGetAttribute): Deleted.
2459         * dom/InlineStyleSheetOwner.cpp:
2460         (WebCore::InlineStyleSheetOwner::createSheet):
2461         * dom/ScriptElement.cpp:
2462         (WebCore::ScriptElement::requestScript):
2463         (WebCore::ScriptElement::executeScript):
2464         * dom/SlotAssignment.cpp:
2465         (WebCore::slotNameFromSlotAttribute):
2466         (WebCore::SlotAssignment::SlotAssignment):
2467         (WebCore::recursivelyFireSlotChangeEvent):
2468         (WebCore::SlotAssignment::didChangeSlot):
2469         (WebCore::SlotAssignment::hostChildElementDidChange):
2470         (WebCore::SlotAssignment::assignedNodesForSlot):
2471         (WebCore::SlotAssignment::resolveAllSlotElements):
2472         * dom/TreeScope.cpp:
2473         (WebCore::TreeScope::labelElementForId):
2474         * dom/VisitedLinkState.cpp:
2475         (WebCore::linkAttribute):
2476         * editing/ApplyStyleCommand.cpp:
2477         (WebCore::isLegacyAppleStyleSpan):
2478         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
2479         * editing/EditingStyle.cpp:
2480         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
2481         * editing/ReplaceSelectionCommand.cpp:
2482         (WebCore::isInterchangeNewlineNode):
2483         (WebCore::isInterchangeConvertedSpaceSpan):
2484         (WebCore::positionAvoidingPrecedingNodes):
2485         (WebCore::isMailPasteAsQuotationNode):
2486         (WebCore::isHeaderElement):
2487         (WebCore::isInlineNodeWithStyle):
2488         * editing/TextIterator.cpp:
2489         (WebCore::isRendererReplacedElement):
2490         * editing/cocoa/DataDetection.mm:
2491         (WebCore::DataDetection::isDataDetectorLink):
2492         (WebCore::DataDetection::requiresExtendedContext):
2493         (WebCore::DataDetection::dataDetectorIdentifier):
2494         (WebCore::DataDetection::shouldCancelDefaultAction):
2495         (WebCore::removeResultLinksFromAnchor):
2496         (WebCore::searchForLinkRemovingExistingDDLinks):
2497         * editing/gtk/EditorGtk.cpp:
2498         (WebCore::elementURL):
2499         * editing/htmlediting.cpp:
2500         (WebCore::isTabSpanNode):
2501         (WebCore::isTabSpanTextNode):
2502         (WebCore::isMailBlockquote):
2503         (WebCore::caretMinOffset):
2504         * editing/markup.cpp:
2505         (WebCore::createFragmentFromMarkup):
2506         * html/Autofill.cpp:
2507         (WebCore::AutofillData::createFromHTMLFormControlElement):
2508         * html/BaseTextInputType.cpp:
2509         (WebCore::BaseTextInputType::patternMismatch):
2510         * html/DateInputType.cpp:
2511         (WebCore::DateInputType::createStepRange):
2512         * html/DateTimeInputType.cpp:
2513         (WebCore::DateTimeInputType::createStepRange):
2514         * html/DateTimeLocalInputType.cpp:
2515         (WebCore::DateTimeLocalInputType::createStepRange):
2516         * html/FormAssociatedElement.cpp:
2517         (WebCore::FormAssociatedElement::findAssociatedForm):
2518         (WebCore::FormAssociatedElement::resetFormAttributeTargetObserver):
2519         (WebCore::FormAssociatedElement::formAttributeTargetChanged):
2520         * html/HTMLAnchorElement.cpp:
2521         (WebCore::HTMLAnchorElement::draggable):
2522         (WebCore::HTMLAnchorElement::href):
2523         (WebCore::HTMLAnchorElement::setHref):
2524         (WebCore::HTMLAnchorElement::target):
2525         (WebCore::HTMLAnchorElement::origin):
2526         (WebCore::HTMLAnchorElement::sendPings):
2527         (WebCore::HTMLAnchorElement::handleClick):
2528         * html/HTMLAnchorElement.h:
2529         (WebCore::HTMLAnchorElement::visitedLinkHash):
2530         * html/HTMLAppletElement.cpp:
2531         (WebCore::HTMLAppletElement::updateWidget):
2532         * html/HTMLAreaElement.cpp:
2533         (WebCore::HTMLAreaElement::target):
2534         * html/HTMLAttachmentElement.cpp:
2535         (WebCore::HTMLAttachmentElement::attachmentTitle):
2536         (WebCore::HTMLAttachmentElement::attachmentType):
2537         * html/HTMLBaseElement.cpp:
2538         (WebCore::HTMLBaseElement::target):
2539         (WebCore::HTMLBaseElement::href):
2540         * html/HTMLBodyElement.cpp:
2541         (WebCore::HTMLBodyElement::addSubresourceAttributeURLs):
2542         * html/HTMLButtonElement.cpp:
2543         (WebCore::HTMLButtonElement::value):
2544         (WebCore::HTMLButtonElement::computeWillValidate):
2545         * html/HTMLCanvasElement.cpp:
2546         (WebCore::HTMLCanvasElement::reset):
2547         * html/HTMLDocument.cpp:
2548         (WebCore::HTMLDocument::bgColor):
2549         (WebCore::HTMLDocument::setBgColor):
2550         (WebCore::HTMLDocument::fgColor):
2551         (WebCore::HTMLDocument::setFgColor):
2552         (WebCore::HTMLDocument::alinkColor):
2553         (WebCore::HTMLDocument::setAlinkColor):
2554         (WebCore::HTMLDocument::linkColor):
2555         (WebCore::HTMLDocument::setLinkColor):
2556         (WebCore::HTMLDocument::vlinkColor):
2557         (WebCore::HTMLDocument::setVlinkColor):
2558         * html/HTMLElement.cpp:
2559         (WebCore::contentEditableType):
2560         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
2561         (WebCore::HTMLElement::dir):
2562         (WebCore::HTMLElement::setDir):
2563         (WebCore::HTMLElement::draggable):
2564         (WebCore::HTMLElement::setDraggable):
2565         (WebCore::HTMLElement::title):
2566         (WebCore::HTMLElement::tabIndex):
2567         (WebCore::HTMLElement::translateAttributeMode):
2568         (WebCore::HTMLElement::hasDirectionAuto):
2569         (WebCore::HTMLElement::directionality):
2570         * html/HTMLEmbedElement.cpp:
2571         (WebCore::HTMLEmbedElement::imageSourceURL):
2572         (WebCore::HTMLEmbedElement::addSubresourceAttributeURLs):
2573         * html/HTMLFormControlElement.cpp:
2574         (WebCore::HTMLFormControlElement::formEnctype):
2575         (WebCore::HTMLFormControlElement::formMethod):
2576         (WebCore::HTMLFormControlElement::formAction):
2577         (WebCore::HTMLFormControlElement::autocorrect):
2578         (WebCore::HTMLFormControlElement::autocapitalizeType):
2579         * html/HTMLFormElement.cpp:
2580         (WebCore::HTMLFormElement::autocorrect):
2581         (WebCore::HTMLFormElement::autocapitalizeType):
2582         (WebCore::HTMLFormElement::autocapitalize):
2583         (WebCore::HTMLFormElement::action):
2584         (WebCore::HTMLFormElement::setAction):
2585         (WebCore::HTMLFormElement::target):
2586         (WebCore::HTMLFormElement::wasUserSubmitted):
2587         (WebCore::HTMLFormElement::shouldAutocomplete):
2588         (WebCore::HTMLFormElement::finishParsingChildren):
2589         (WebCore::HTMLFormElement::autocomplete):
2590         * html/HTMLFrameElementBase.cpp:
2591         (WebCore::HTMLFrameElementBase::location):
2592         (WebCore::HTMLFrameElementBase::setLocation):
2593         * html/HTMLHtmlElement.cpp:
2594         (WebCore::HTMLHtmlElement::insertedByParser):
2595         * html/HTMLImageElement.cpp:
2596         (WebCore::HTMLImageElement::imageSourceURL):
2597         (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
2598         (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
2599         (WebCore::HTMLImageElement::selectImageSource):
2600         (WebCore::HTMLImageElement::altText):
2601         (WebCore::HTMLImageElement::createElementRenderer):
2602         (WebCore::HTMLImageElement::width):
2603         (WebCore::HTMLImageElement::height):
2604         (WebCore::HTMLImageElement::alt):
2605         (WebCore::HTMLImageElement::draggable):
2606         (WebCore::HTMLImageElement::setHeight):
2607         (WebCore::HTMLImageElement::src):
2608         (WebCore::HTMLImageElement::setSrc):
2609         (WebCore::HTMLImageElement::addSubresourceAttributeURLs):
2610         (WebCore::HTMLImageElement::didMoveToNewDocument):
2611         (WebCore::HTMLImageElement::isServerMap):
2612         (WebCore::HTMLImageElement::crossOrigin):
2613         * html/HTMLInputElement.cpp:
2614         (WebCore::HTMLInputElement::updateType):
2615         (WebCore::HTMLInputElement::initializeInputType):
2616         (WebCore::HTMLInputElement::altText):
2617         (WebCore::HTMLInputElement::value):
2618         (WebCore::HTMLInputElement::defaultValue):
2619         (WebCore::HTMLInputElement::setDefaultValue):
2620         (WebCore::HTMLInputElement::acceptMIMETypes):
2621         (WebCore::HTMLInputElement::acceptFileExtensions):
2622         (WebCore::HTMLInputElement::accept):
2623         (WebCore::HTMLInputElement::alt):
2624         (WebCore::HTMLInputElement::effectiveMaxLength):
2625         (WebCore::HTMLInputElement::src):
2626         (WebCore::HTMLInputElement::setAutoFilled):
2627         (WebCore::HTMLInputElement::dataList):
2628         (WebCore::HTMLInputElement::resetListAttributeTargetObserver):
2629         * html/HTMLKeygenElement.cpp:
2630         (WebCore::HTMLKeygenElement::isKeytypeRSA):
2631         (WebCore::HTMLKeygenElement::appendFormData):
2632         * html/HTMLLIElement.cpp:
2633         (WebCore::HTMLLIElement::didAttachRenderers):
2634         (WebCore::HTMLLIElement::parseValue):
2635         * html/HTMLLabelElement.cpp:
2636         (WebCore::HTMLLabelElement::control):
2637         * html/HTMLLinkElement.cpp:
2638         (WebCore::HTMLLinkElement::crossOrigin):
2639         (WebCore::HTMLLinkElement::process):
2640         (WebCore::HTMLLinkElement::href):
2641         (WebCore::HTMLLinkElement::rel):
2642         (WebCore::HTMLLinkElement::target):
2643         (WebCore::HTMLLinkElement::type):
2644         (WebCore::HTMLLinkElement::iconType):
2645         * html/HTMLMarqueeElement.cpp:
2646         (WebCore::HTMLMarqueeElement::scrollAmount):
2647         (WebCore::HTMLMarqueeElement::setScrollAmount):
2648         (WebCore::HTMLMarqueeElement::scrollDelay):
2649         (WebCore::HTMLMarqueeElement::setScrollDelay):
2650         (WebCore::HTMLMarqueeElement::loop):
2651         * html/HTMLMediaElement.cpp:
2652         (WebCore::HTMLMediaElement::insertedInto):
2653         (WebCore::HTMLMediaElement::crossOrigin):
2654         (WebCore::HTMLMediaElement::networkState):
2655         (WebCore::HTMLMediaElement::mediaSessionTitle):
2656         (WebCore::HTMLMediaElement::doesHaveAttribute):
2657         * html/HTMLMetaElement.cpp:
2658         (WebCore::HTMLMetaElement::process):
2659         (WebCore::HTMLMetaElement::content):
2660         (WebCore::HTMLMetaElement::httpEquiv):
2661         (WebCore::HTMLMetaElement::name):
2662         * html/HTMLMeterElement.cpp:
2663         (WebCore::HTMLMeterElement::min):
2664         (WebCore::HTMLMeterElement::setMin):
2665         (WebCore::HTMLMeterElement::max):
2666         (WebCore::HTMLMeterElement::setMax):
2667         (WebCore::HTMLMeterElement::value):
2668         (WebCore::HTMLMeterElement::low):
2669         (WebCore::HTMLMeterElement::high):
2670         (WebCore::HTMLMeterElement::optimum):
2671         * html/HTMLObjectElement.cpp:
2672         (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk):
2673         (WebCore::HTMLObjectElement::hasValidClassId):
2674         (WebCore::HTMLObjectElement::imageSourceURL):
2675         (WebCore::HTMLObjectElement::renderFallbackContent):
2676         (WebCore::HTMLObjectElement::containsJavaApplet):
2677         (WebCore::HTMLObjectElement::addSubresourceAttributeURLs):
2678         * html/HTMLOptGroupElement.cpp:
2679         (WebCore::HTMLOptGroupElement::groupLabelText):
2680         * html/HTMLOptionElement.cpp:
2681         (WebCore::HTMLOptionElement::value):
2682         (WebCore::HTMLOptionElement::label):
2683         * html/HTMLParamElement.cpp:
2684         (WebCore::HTMLParamElement::value):
2685         (WebCore::HTMLParamElement::isURLParameter):
2686         * html/HTMLProgressElement.cpp:
2687         (WebCore::HTMLProgressElement::value):
2688         (WebCore::HTMLProgressElement::max):
2689         * html/HTMLScriptElement.cpp:
2690         (WebCore::HTMLScriptElement::crossOrigin):
2691         (WebCore::HTMLScriptElement::src):
2692         (WebCore::HTMLScriptElement::sourceAttributeValue):
2693         (WebCore::HTMLScriptElement::charsetAttributeValue):
2694         (WebCore::HTMLScriptElement::typeAttributeValue):
2695         (WebCore::HTMLScriptElement::languageAttributeValue):
2696         (WebCore::HTMLScriptElement::forAttributeValue):
2697         (WebCore::HTMLScriptElement::eventAttributeValue):
2698         (WebCore::HTMLScriptElement::asyncAttributeValue):
2699         * html/HTMLSlotElement.cpp:
2700         (WebCore::HTMLSlotElement::insertedInto):
2701         (WebCore::HTMLSlotElement::removedFrom):
2702         * html/HTMLSourceElement.cpp:
2703         (WebCore::HTMLSourceElement::media):
2704         (WebCore::HTMLSourceElement::setMedia):
2705         (WebCore::HTMLSourceElement::type):
2706         (WebCore::HTMLSourceElement::setType):
2707         * html/HTMLTableCellElement.cpp:
2708         (WebCore::HTMLTableCellElement::colSpanForBindings):
2709         (WebCore::HTMLTableCellElement::rowSpan):
2710         (WebCore::HTMLTableCellElement::rowSpanForBindings):
2711         (WebCore::HTMLTableCellElement::cellIndex):
2712         (WebCore::HTMLTableCellElement::abbr):
2713         (WebCore::HTMLTableCellElement::axis):
2714         (WebCore::HTMLTableCellElement::setColSpanForBindings):
2715         (WebCore::HTMLTableCellElement::headers):
2716         (WebCore::HTMLTableCellElement::setRowSpanForBindings):
2717         (WebCore::HTMLTableCellElement::scope):
2718         (WebCore::HTMLTableCellElement::addSubresourceAttributeURLs):
2719         (WebCore::HTMLTableCellElement::cellAbove):
2720         * html/HTMLTableColElement.cpp:
2721         (WebCore::HTMLTableColElement::width):
2722         * html/HTMLTableElement.cpp:
2723         (WebCore::HTMLTableElement::rules):
2724         (WebCore::HTMLTableElement::summary):
2725         (WebCore::HTMLTableElement::addSubresourceAttributeURLs):
2726         * html/HTMLTableSectionElement.cpp:
2727         (WebCore::HTMLTableSectionElement::align):
2728         (WebCore::HTMLTableSectionElement::setAlign):
2729         (WebCore::HTMLTableSectionElement::ch):
2730         (WebCore::HTMLTableSectionElement::setCh):
2731         (WebCore::HTMLTableSectionElement::chOff):
2732         (WebCore::HTMLTableSectionElement::setChOff):
2733         (WebCore::HTMLTableSectionElement::vAlign):
2734         (WebCore::HTMLTableSectionElement::setVAlign):
2735         * html/HTMLTextAreaElement.cpp:
2736         (WebCore::HTMLTextAreaElement::appendFormData):
2737         * html/HTMLTextFormControlElement.cpp:
2738         (WebCore::HTMLTextFormControlElement::strippedPlaceholder):
2739         (WebCore::HTMLTextFormControlElement::isPlaceholderEmpty):
2740         (WebCore::HTMLTextFormControlElement::directionForFormData):
2741         * html/HTMLTrackElement.cpp:
2742         (WebCore::HTMLTrackElement::srclang):
2743         (WebCore::HTMLTrackElement::label):
2744         (WebCore::HTMLTrackElement::isDefault):
2745         (WebCore::HTMLTrackElement::ensureTrack):
2746         (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
2747         * html/HTMLVideoElement.cpp:
2748         (WebCore::HTMLVideoElement::parseAttribute):
2749         (WebCore::HTMLVideoElement::imageSourceURL):
2750         * html/ImageInputType.cpp:
2751         (WebCore::ImageInputType::height):
2752         (WebCore::ImageInputType::width):
2753         * html/InputType.cpp:
2754         (WebCore::InputType::applyStep):
2755         * html/MediaElementSession.cpp:
2756         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
2757         * html/MonthInputType.cpp:
2758         (WebCore::MonthInputType::createStepRange):
2759         * html/NumberInputType.cpp:
2760         (WebCore::NumberInputType::createStepRange):
2761         (WebCore::NumberInputType::sizeShouldIncludeDecoration):
2762         * html/RangeInputType.cpp:
2763         (WebCore::RangeInputType::createStepRange):
2764         (WebCore::RangeInputType::handleKeydownEvent):
2765         * html/TextFieldInputType.cpp:
2766         (WebCore::TextFieldInputType::appendFormData):
2767         (WebCore::TextFieldInputType::updateAutoFillButton):
2768         * html/TimeInputType.cpp:
2769         (WebCore::TimeInputType::createStepRange):
2770         * html/ValidationMessage.cpp:
2771         (WebCore::ValidationMessage::updateValidationMessage):
2772         * html/WeekInputType.cpp:
2773         (WebCore::WeekInputType::createStepRange):
2774         * html/track/WebVTTElement.cpp:
2775         (WebCore::WebVTTElement::createEquivalentHTMLElement):
2776         * inspector/InspectorPageAgent.cpp:
2777         (WebCore::InspectorPageAgent::buildObjectForFrame):
2778         * loader/FormSubmission.cpp:
2779         (WebCore::FormSubmission::create):
2780         * loader/FrameLoader.cpp:
2781         (WebCore::FrameLoader::defaultSubstituteDataForURL):
2782         * loader/ImageLoader.cpp:
2783         (WebCore::ImageLoader::updateFromElement):
2784         * loader/SubframeLoader.cpp:
2785         (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy):
2786         * mathml/MathMLElement.cpp:
2787         (WebCore::MathMLElement::colSpan):
2788         (WebCore::MathMLElement::rowSpan):
2789         (WebCore::MathMLElement::childShouldCreateRenderer):
2790         (WebCore::MathMLElement::defaultEventHandler):
2791         (WebCore::MathMLElement::cachedMathMLLength):
2792         * mathml/MathMLFractionElement.cpp:
2793         (WebCore::MathMLFractionElement::lineThickness):
2794         (WebCore::MathMLFractionElement::cachedFractionAlignment):
2795         * mathml/MathMLSelectElement.cpp:
2796         (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
2797         (WebCore::MathMLSelectElement::getSelectedActionChild):
2798         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2799         (WebCore::MathMLSelectElement::defaultEventHandler):
2800         (WebCore::MathMLSelectElement::willRespondToMouseClickEvents):
2801         (WebCore::MathMLSelectElement::toggle):
2802         * page/EventHandler.cpp:
2803         (WebCore::findDropZone):
2804         * page/Frame.cpp:
2805         (WebCore::Frame::matchLabelsAgainstElement):
2806         * page/PageSerializer.cpp:
2807         (WebCore::PageSerializer::serializeFrame):
2808         * platform/win/PasteboardWin.cpp:
2809         (WebCore::Pasteboard::writeImageToDataObject):
2810         * rendering/HitTestResult.cpp:
2811         (WebCore::HitTestResult::altDisplayString):
2812         * rendering/RenderDetailsMarker.cpp:
2813         (WebCore::RenderDetailsMarker::isOpen):
2814         * rendering/RenderImage.cpp:
2815         (WebCore::RenderImage::imageMap):
2816         (WebCore::RenderImage::nodeAtPoint):
2817         * rendering/RenderMenuList.cpp:
2818         (RenderMenuList::itemAccessibilityText):
2819         (RenderMenuList::itemToolTip):
2820         * rendering/RenderSearchField.cpp:
2821         (WebCore::RenderSearchField::autosaveName):
2822         * rendering/RenderThemeIOS.mm:
2823         (WebCore::getAttachmentProgress):
2824         (WebCore::AttachmentInfo::AttachmentInfo):
2825         * rendering/RenderThemeMac.mm:
2826         (WebCore::AttachmentLayout::layOutSubtitle):
2827         (WebCore::RenderThemeMac::paintAttachment):
2828         * rendering/mathml/MathMLStyle.cpp:
2829         (WebCore::MathMLStyle::resolveMathMLStyle):
2830         * rendering/mathml/RenderMathMLFenced.cpp:
2831         (WebCore::RenderMathMLFenced::updateFromElement):
2832         * rendering/mathml/RenderMathMLOperator.cpp:
2833         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
2834         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttributeValue):
2835         (WebCore::RenderMathMLOperator::setOperatorProperties):
2836         * rendering/mathml/RenderMathMLScripts.cpp:
2837         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
2838         * rendering/mathml/RenderMathMLUnderOver.cpp:
2839         (WebCore::RenderMathMLUnderOver::hasAccent):
2840         * style/StyleSharingResolver.cpp:
2841         (WebCore::Style::SharingResolver::canShareStyleWithElement):
2842         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
2843         * svg/SVGAElement.cpp:
2844         (WebCore::SVGAElement::title):
2845         (WebCore::SVGAElement::defaultEventHandler):
2846         * svg/SVGAltGlyphElement.cpp:
2847         (WebCore::SVGAltGlyphElement::glyphRef):
2848         (WebCore::SVGAltGlyphElement::setFormat):
2849         (WebCore::SVGAltGlyphElement::format):
2850         (WebCore::SVGAltGlyphElement::childShouldCreateRenderer):
2851         * svg/SVGAnimationElement.cpp:
2852         (WebCore::SVGAnimationElement::toValue):
2853         (WebCore::SVGAnimationElement::byValue):
2854         (WebCore::SVGAnimationElement::fromValue):
2855         (WebCore::SVGAnimationElement::isAdditive):
2856         (WebCore::SVGAnimationElement::isAccumulated):
2857         * svg/SVGElement.cpp:
2858         (WebCore::SVGElement::xmlbase):
2859         (WebCore::SVGElement::setXmlbase):
2860         * svg/SVGFontFaceElement.cpp:
2861         (WebCore::SVGFontFaceElement::unitsPerEm):
2862         (WebCore::SVGFontFaceElement::xHeight):
2863         (WebCore::SVGFontFaceElement::capHeight):
2864         (WebCore::SVGFontFaceElement::horizontalOriginX):
2865         (WebCore::SVGFontFaceElement::horizontalOriginY):
2866         (WebCore::SVGFontFaceElement::horizontalAdvanceX):
2867         (WebCore::SVGFontFaceElement::verticalOriginX):
2868         (WebCore::SVGFontFaceElement::verticalOriginY):
2869         (WebCore::SVGFontFaceElement::verticalAdvanceY):
2870         (WebCore::SVGFontFaceElement::ascent):
2871         (WebCore::SVGFontFaceElement::descent):
2872         * svg/SVGFontFaceNameElement.cpp:
2873         (WebCore::SVGFontFaceNameElement::srcValue):
2874         * svg/SVGFontFaceUriElement.cpp:
2875         (WebCore::SVGFontFaceUriElement::srcValue):
2876         * svg/SVGGlyphRefElement.cpp:
2877         (WebCore::SVGGlyphRefElement::glyphRef):
2878         (WebCore::SVGGlyphRefElement::setGlyphRef):
2879         * svg/SVGHKernElement.cpp:
2880         (WebCore::SVGHKernElement::buildHorizontalKerningPair):
2881         * svg/SVGSVGElement.cpp:
2882         (WebCore::SVGSVGElement::contentScriptType):
2883         (WebCore::SVGSVGElement::contentStyleType):
2884         * svg/SVGStyleElement.cpp:
2885         (WebCore::SVGStyleElement::media):
2886         (WebCore::SVGStyleElement::title):
2887         (WebCore::SVGStyleElement::setTitle):
2888         * svg/SVGToOTFFontConversion.cpp:
2889         (WebCore::SVGToOTFFontConverter::appendOS2Table):
2890         (WebCore::SVGToOTFFontConverter::appendCFFTable):
2891         (WebCore::SVGToOTFFontConverter::appendArabicReplacementSubtable):
2892         (WebCore::SVGToOTFFontConverter::appendVORGTable):
2893         (WebCore::SVGToOTFFontConverter::transcodeGlyphPaths):
2894         (WebCore::SVGToOTFFontConverter::processGlyphElement):
2895         (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically):
2896         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
2897         * svg/SVGVKernElement.cpp:
2898         (WebCore::SVGVKernElement::buildVerticalKerningPair):
2899         * svg/animation/SVGSMILElement.cpp:
2900         (WebCore::SVGSMILElement::insertedInto):
2901         (WebCore::SVGSMILElement::parseAttribute):
2902         (WebCore::SVGSMILElement::svgAttributeChanged):
2903         (WebCore::SVGSMILElement::restart):
2904         (WebCore::SVGSMILElement::fill):
2905         (WebCore::SVGSMILElement::dur):
2906         (WebCore::SVGSMILElement::repeatDur):
2907         (WebCore::SVGSMILElement::repeatCount):
2908         (WebCore::SVGSMILElement::maxValue):
2909         (WebCore::SVGSMILElement::minValue):
2910
2911 2016-07-16  Carlos Garcia Campos  <cgarcia@igalia.com>
2912
2913         ASSERTION FAILED: isMainThread() in ~UniqueIDBDatabase() since r201997
2914         https://bugs.webkit.org/show_bug.cgi?id=159809
2915
2916         Reviewed by Brady Eidson.
2917
2918         In r201997 the UniqueIDBDatabase was protected in executeNextDatabaseTask() because the last reference could be
2919         removed while the task is performed. However UniqueIDBDatabase is expected to be deleted in the main thread, and
2920         the destructor asserts when not called in the main thread, but executeNextDatabaseTask() is always called on a
2921         secondary thread. So, if the protector contains the last reference, the object is deleted in the secondary thread.
2922
2923         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
2924         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask): Use callOnMainThread to ensure the object is
2925         deleted in the main thread in case the protector contains the last reference.
2926
2927 2016-07-15  Chris Dumez  <cdumez@apple.com>
2928
2929         Use emptyString() / nullAtom when possible
2930         https://bugs.webkit.org/show_bug.cgi?id=159850
2931
2932         Reviewed by Ryosuke Niwa.
2933
2934         Use emptyString() / nullAtom when possible, for performance.
2935
2936         * Modules/webaudio/AudioNode.cpp:
2937         (WebCore::AudioNode::channelCountMode):
2938         (WebCore::AudioNode::channelInterpretation):
2939         * Modules/webdatabase/DatabaseTracker.cpp:
2940         (WebCore::DatabaseTracker::tracker):
2941         * Modules/websockets/WebSocket.cpp:
2942         (WebCore::WebSocket::WebSocket):
2943         (WebCore::WebSocket::didConnect):
2944         * Modules/websockets/WebSocketChannel.cpp:
2945         (WebCore::WebSocketChannel::subprotocol):
2946         (WebCore::WebSocketChannel::extensions):
2947         * accessibility/AccessibilityObject.cpp:
2948         (WebCore::AccessibilityObject::supportsPressAction):
2949         * accessibility/mac/AXObjectCacheMac.mm:
2950         (WebCore::AXObjectCache::postTextStateChangePlatformNotification):
2951         * css/CSSPropertySourceData.cpp:
2952         (WebCore::CSSPropertySourceData::CSSPropertySourceData):
2953         * css/PageRuleCollector.cpp:
2954         (WebCore::PageRuleCollector::pageName):
2955         * css/PropertySetCSSStyleDeclaration.cpp:
2956         (WebCore::PropertySetCSSStyleDeclaration::getPropertyPriority):
2957         * dom/DocumentMarkerController.cpp:
2958         (WebCore::DocumentMarkerController::addDictationPhraseWithAlternativesMarker):
2959         * dom/Element.cpp:
2960         (WebCore::Element::setPrefix):
2961         * editing/AlternativeTextController.cpp:
2962         (WebCore::AlternativeTextController::respondToMarkerAtEndOfWord):
2963         (WebCore::AlternativeTextController::markerDescriptionForAppliedAlternativeText):
2964         * editing/CompositeEditCommand.cpp:
2965         (WebCore::CompositeEditCommand::removeNodeAttribute):
2966         (WebCore::CompositeEditCommand::moveParagraphs):
2967         * editing/InsertTextCommand.cpp:
2968         (WebCore::InsertTextCommand::positionInsideTextNode):
2969         * editing/TextCheckingHelper.cpp:
2970         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
2971         * editing/TypingCommand.cpp:
2972         (WebCore::TypingCommand::deleteSelection):
2973         (WebCore::TypingCommand::deleteKeyPressed):
2974         (WebCore::TypingCommand::forwardDeleteKeyPressed):
2975         (WebCore::TypingCommand::insertLineBreak):
2976         (WebCore::TypingCommand::insertParagraphSeparator):
2977         * editing/cocoa/EditorCocoa.mm:
2978         (WebCore::Editor::styleForSelectionStart):
2979         * editing/mac/EditorMac.mm:
2980         (WebCore::Editor::stringSelectionForPasteboard):
2981         (WebCore::Editor::stringSelectionForPasteboardWithImageAltText):
2982         * fileapi/FileReaderLoader.cpp:
2983         (WebCore::FileReaderLoader::FileReaderLoader):
2984         * html/FileInputType.cpp:
2985         (WebCore::FileInputType::appendFormData):
2986         * html/HTMLMediaElement.cpp:
2987         (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
2988         * html/HTMLOutputElement.cpp:
2989         (WebCore::HTMLOutputElement::HTMLOutputElement):
2990         * html/SearchInputType.cpp:
2991         (WebCore::SearchInputType::handleKeydownEvent):
2992         * html/TextFieldInputType.cpp:
2993         (WebCore::autoFillButtonTypeToAccessibilityLabel):
2994         * html/canvas/WebGLDebugShaders.cpp:
2995         (WebCore::WebGLDebugShaders::getTranslatedShaderSource):
2996         * html/canvas/WebGLRenderingContextBase.cpp:
2997         (WebCore::WebGLRenderingContextBase::dispatchContextLostEvent):
2998         (WebCore::WebGLRenderingContextBase::maybeRestoreContext):
2999         * html/canvas/WebGLShader.cpp:
3000         (WebCore::WebGLShader::WebGLShader):
3001         * html/shadow/MediaControlElements.cpp:
3002         (WebCore::MediaControlStatusDisplayElement::update):
3003         * html/track/TextTrack.cpp:
3004         (WebCore::TextTrack::captionMenuOffItem):
3005         (WebCore::TextTrack::captionMenuAutomaticItem):
3006         * html/track/VTTRegion.cpp:
3007         (WebCore::VTTRegion::scroll):
3008         * html/track/VTTRegion.h:
3009         * inspector/InspectorDOMAgent.cpp:
3010         (WebCore::InspectorDOMAgent::toErrorString):
3011         (WebCore::InspectorDOMAgent::resolveNode):
3012         (WebCore::InspectorDOMAgent::documentURLString):
3013         (WebCore::documentBaseURLString):
3014         * inspector/InspectorDOMDebuggerAgent.cpp:
3015         (WebCore::domTypeName):
3016         * inspector/InspectorFrontendHost.cpp:
3017         (WebCore::InspectorFrontendHost::localizedStringsURL):
3018         * inspector/InspectorHistory.cpp:
3019         (WebCore::InspectorHistory::Action::mergeId):
3020         * inspector/InspectorPageAgent.cpp:
3021         (WebCore::InspectorPageAgent::reload):
3022         (WebCore::InspectorPageAgent::frameId):
3023         (WebCore::InspectorPageAgent::loaderId):
3024         * inspector/InspectorStyleSheet.cpp:
3025         (WebCore::InspectorStyleSheet::ruleSelector):
3026         * loader/EmptyClients.h:
3027         * loader/FrameLoader.cpp:
3028         (WebCore::FrameLoader::referrer):
3029         * loader/ImageLoader.cpp:
3030         (WebCore::ImageLoader::clearFailedLoadURL):
3031         * loader/ResourceLoader.cpp:
3032         (WebCore::ResourceLoader::didReceiveResponse):
3033         * page/ContextMenuController.cpp:
3034         (WebCore::ContextMenuController::contextMenuItemSelected):
3035         * page/FrameTree.cpp:
3036         (WebCore::FrameTree::setName):
3037         (WebCore::FrameTree::clearName):
3038         * page/Location.cpp:
3039         (WebCore::Location::port):
3040         * platform/network/ProtectionSpaceBase.cpp:
3041         (WebCore::ProtectionSpaceBase::ProtectionSpaceBase):
3042         * xml/parser/XMLDocumentParserLibxml2.cpp:
3043         (WebCore::handleElementAttributes):
3044
3045 2016-07-15  Simon Fraser  <simon.fraser@apple.com>
3046
3047         Repaints rects drawn incorrectly when inspecting a WebView on a Retina display
3048         https://bugs.webkit.org/show_bug.cgi?id=159824
3049         rdar://problem/27376305
3050
3051         Reviewed by Brian Burg.
3052
3053         InspectorOverlayPage.js set up the canvases with a deviceScaleFactor passed into
3054         reset(), which comes from the overlay's m_page.deviceScaleFactor(). However, updatePaintRects()
3055         used window.devicePixelRatio which was always 1.
3056
3057         Fix by setting the deviceScaleFactor on the m_overlayPage.
3058
3059         * inspector/InspectorOverlay.cpp:
3060         (WebCore::InspectorOverlay::overlayPage):
3061
3062 2016-07-15  Myles C. Maxfield  <mmaxfield@apple.com>
3063
3064         [macOS] Work around crash in [NSAttributedString nextWordFromIndex:forward:]
3065         https://bugs.webkit.org/show_bug.cgi?id=159842
3066
3067         Reviewed by Jon Lee.
3068
3069         <rdar://problem/27380532> describes a crash inside [NSAttributedString nextWordFromIndex:forward:].
3070         This must be worked around for https://bugs.webkit.org/show_bug.cgi?id=159755 and
3071         <rdar://problem/27325521>.
3072
3073         * platform/text/mac/TextBoundaries.mm:
3074         (WebCore::findNextWordFromIndex):
3075
3076 2016-07-15  Brady Eidson  <beidson@apple.com>
3077
3078         Update XPathException to use the description in toString().
3079         https://bugs.webkit.org/show_bug.cgi?id=159848
3080
3081         Reviewed by Alex Christensen.
3082
3083         No new tests (Covered by changes to existing tests).
3084
3085         * bindings/js/JSDOMBinding.cpp:
3086         (WebCore::createDOMException):
3087         * xml/XPathException.h:
3088         (WebCore::XPathException::XPathException):
3089
3090 2016-07-15  Brady Eidson  <beidson@apple.com>
3091
3092         Change toString() behavior for exceptions constructed with "createWithDescriptionAsMessage".
3093         https://bugs.webkit.org/show_bug.cgi?id=159839
3094
3095         Reviewed by Alex Christensen.
3096
3097         No new tests (Covered by changes to existing tests).
3098
3099         This is the first step towards extended exception messages for all exception types.
3100
3101         * dom/ExceptionBase.cpp:
3102         (WebCore::ExceptionBase::ExceptionBase):
3103         (WebCore::ExceptionBase::toString):
3104         * dom/ExceptionBase.h:
3105
3106 2016-07-15  Geoffrey Garen  <ggaren@apple.com>
3107
3108         Added a makeRef<T> helper
3109         https://bugs.webkit.org/show_bug.cgi?id=159835
3110
3111         Reviewed by Andreas Kling.
3112
3113         Anders told me to!
3114
3115         * Modules/indexeddb/IDBTransaction.cpp:
3116         (WebCore::IDBTransaction::putOrAddOnServer):
3117         * Modules/indexeddb/shared/InProcessIDBServer.cpp:
3118         (WebCore::InProcessIDBServer::deleteDatabase):
3119         (WebCore::InProcessIDBServer::didDeleteDatabase):
3120         (WebCore::InProcessIDBServer::openDatabase):
3121         (WebCore::InProcessIDBServer::didOpenDatabase):
3122         (WebCore::InProcessIDBServer::didAbortTransaction):
3123         (WebCore::InProcessIDBServer::didCommitTransaction):
3124         (WebCore::InProcessIDBServer::didCreateObjectStore):
3125         (WebCore::InProcessIDBServer::didDeleteObjectStore):
3126         (WebCore::InProcessIDBServer::didClearObjectStore):
3127         (WebCore::InProcessIDBServer::didCreateIndex):
3128         (WebCore::InProcessIDBServer::didDeleteIndex):
3129         (WebCore::InProcessIDBServer::didPutOrAdd):
3130         (WebCore::InProcessIDBServer::didGetRecord):
3131         (WebCore::InProcessIDBServer::didGetCount):
3132         (WebCore::InProcessIDBServer::didDeleteRecord):
3133         (WebCore::InProcessIDBServer::didOpenCursor):
3134         (WebCore::InProcessIDBServer::didIterateCursor):
3135         (WebCore::InProcessIDBServer::abortTransaction):
3136         (WebCore::InProcessIDBServer::commitTransaction):
3137         (WebCore::InProcessIDBServer::didFinishHandlingVersionChangeTransaction):
3138         (WebCore::InProcessIDBServer::createObjectStore):
3139         (WebCore::InProcessIDBServer::deleteObjectStore):
3140         (WebCore::InProcessIDBServer::clearObjectStore):
3141         (WebCore::InProcessIDBServer::createIndex):
3142         (WebCore::InProcessIDBServer::deleteIndex):
3143         (WebCore::InProcessIDBServer::putOrAdd):
3144         (WebCore::InProcessIDBServer::getRecord):
3145         (WebCore::InProcessIDBServer::getCount):
3146         (WebCore::InProcessIDBServer::deleteRecord):
3147         (WebCore::InProcessIDBServer::openCursor):
3148         (WebCore::InProcessIDBServer::iterateCursor):
3149         (WebCore::InProcessIDBServer::establishTransaction):
3150         (WebCore::InProcessIDBServer::fireVersionChangeEvent):
3151         (WebCore::InProcessIDBServer::didStartTransaction):
3152         (WebCore::InProcessIDBServer::didCloseFromServer):
3153         (WebCore::InProcessIDBServer::notifyOpenDBRequestBlocked):
3154         (WebCore::InProcessIDBServer::databaseConnectionClosed):
3155         (WebCore::InProcessIDBServer::abortOpenAndUpgradeNeeded):
3156         (WebCore::InProcessIDBServer::didFireVersionChangeEvent):
3157         (WebCore::InProcessIDBServer::openDBRequestCancelled):
3158         (WebCore::InProcessIDBServer::confirmDidCloseFromServer):
3159         (WebCore::InProcessIDBServer::getAllDatabaseNames):
3160         (WebCore::InProcessIDBServer::didGetAllDatabaseNames):
3161         * Modules/mediastream/MediaDevicesRequest.cpp:
3162         (WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest):
3163         * Modules/mediastream/UserMediaRequest.cpp:
3164         (WebCore::UserMediaRequest::constraintsValidated):
3165         (WebCore::UserMediaRequest::userMediaAccessGranted):
3166         * Modules/webaudio/AudioContext.cpp:
3167         (WebCore::AudioContext::scheduleNodeDeletion):
3168         (WebCore::AudioContext::isPlayingAudioDidChange):
3169         (WebCore::AudioContext::suspend):
3170         (WebCore::AudioContext::resume):
3171         (WebCore::AudioContext::close):
3172         (WebCore::AudioContext::suspendPlayback):
3173         (WebCore::AudioContext::mayResumePlayback):
3174         * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
3175         (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
3176         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
3177         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
3178         (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
3179         (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
3180         (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
3181         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
3182         (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
3183         * Modules/websockets/WebSocket.cpp:
3184         (WebCore::WebSocket::connect):
3185         * bindings/js/JSEventListener.h:
3186         (WebCore::JSEventListener::jsFunction):
3187         * dom/Node.cpp:
3188         (WebCore::Node::setTextContent):
3189         * html/HTMLMediaElement.cpp:
3190         (WebCore::HTMLMediaElement::layoutSizeChanged):
3191         * inspector/CommandLineAPIHost.cpp:
3192         (WebCore::CommandLineAPIHost::wrapper):
3193         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
3194         (WebCore::AudioSourceProviderAVFObjC::prepare):
3195         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
3196         (WebCore::WebCoreAVCFResourceLoader::invalidate):
3197         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
3198         (WebCore::WebCoreAVFResourceLoader::invalidate):
3199         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
3200         (WebVideoFullscreenControllerContext::setExternalPlayback):
3201         * platform/network/BlobResourceHandle.cpp:
3202         (WebCore::BlobResourceHandle::start):
3203         (WebCore::BlobResourceHandle::notifyFinish):
3204         * platform/network/SocketStreamHandleBase.cpp:
3205         (WebCore::SocketStreamHandleBase::disconnect):
3206         * platform/network/curl/CurlDownload.cpp:
3207         (WebCore::CurlDownload::didReceiveHeader):
3208
3209 2016-07-15  Chris Dumez  <cdumez@apple.com>
3210
3211         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible
3212         https://bugs.webkit.org/show_bug.cgi?id=159793
3213
3214         Reviewed by Ryosuke Niwa.
3215
3216         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible, for performance.
3217
3218         * Modules/plugins/YouTubePluginReplacement.cpp:
3219         (WebCore::YouTubePluginReplacement::installReplacement):
3220         * dom/Element.h:
3221         (WebCore::Element::setIdAttribute):
3222         * editing/ApplyStyleCommand.cpp:
3223         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
3224         (WebCore::createFontElement):
3225         (WebCore::ApplyStyleCommand::applyInlineStyleChange):
3226         * editing/EditingStyle.cpp:
3227         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
3228         * editing/Editor.cpp:
3229         (WebCore::Editor::setBaseWritingDirection):
3230         * editing/ReplaceSelectionCommand.cpp:
3231         (WebCore::isMailPasteAsQuotationNode):
3232         (WebCore::isInlineNodeWithStyle):
3233         * editing/cocoa/DataDetection.mm:
3234         (WebCore::DataDetection::detectContentInRange):
3235         * editing/htmlediting.cpp:
3236         (WebCore::createTabSpanElement):
3237         * editing/ios/EditorIOS.mm:
3238         (WebCore::Editor::setTextAlignmentForChangedBaseWritingDirection):
3239         (WebCore::Editor::WebContentReader::readURL):
3240         * editing/mac/EditorMac.mm:
3241         (WebCore::Editor::WebContentReader::readURL):
3242         * editing/markup.cpp:
3243         (WebCore::createFragmentFromText):
3244         * html/BaseButtonInputType.cpp:
3245         (WebCore::BaseButtonInputType::setValue):
3246         * html/BaseCheckableInputType.cpp:
3247         (WebCore::BaseCheckableInputType::setValue):
3248         * html/FTPDirectoryDocument.cpp:
3249         (WebCore::FTPDirectoryDocumentParser::appendEntry):
3250         (WebCore::FTPDirectoryDocumentParser::createTDForFilename):
3251         (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
3252         (WebCore::FTPDirectoryDocumentParser::createBasicDocument):
3253         * html/HTMLAnchorElement.cpp:
3254         (WebCore::HTMLAnchorElement::href):
3255         (WebCore::HTMLAnchorElement::setHref):
3256         (WebCore::HTMLAnchorElement::target):
3257         * html/HTMLAreaElement.cpp:
3258         (WebCore::HTMLAreaElement::target):
3259         * html/HTMLBaseElement.cpp:
3260         (WebCore::HTMLBaseElement::setHref):
3261         * html/HTMLButtonElement.cpp:
3262         (WebCore::HTMLButtonElement::setType):
3263         * html/HTMLDetailsElement.cpp:
3264         (WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot):
3265         (WebCore::HTMLDetailsElement::toggleOpen):
3266         * html/HTMLDocument.cpp:
3267         (WebCore::HTMLDocument::setBgColor):
3268         (WebCore::HTMLDocument::setFgColor):
3269         (WebCore::HTMLDocument::setAlinkColor):
3270         (WebCore::HTMLDocument::setLinkColor):
3271         (WebCore::HTMLDocument::setVlinkColor):
3272         * html/HTMLElement.cpp:
3273         (WebCore::HTMLElement::setDir):
3274         (WebCore::HTMLElement::setContentEditable):
3275         (WebCore::HTMLElement::setDraggable):
3276         (WebCore::HTMLElement::setSpellcheck):
3277         (WebCore::HTMLElement::setTranslate):
3278         * html/HTMLFormControlElement.cpp:
3279         (WebCore::HTMLFormControlElement::setFormEnctype):
3280         (WebCore::HTMLFormControlElement::setFormMethod):
3281         (WebCore::HTMLFormControlElement::setAutocorrect):
3282         (WebCore::HTMLFormControlElement::setAutocapitalize):
3283         (WebCore::HTMLFormControlElement::setAutocomplete):
3284         * html/HTMLFormElement.cpp:
3285         (WebCore::HTMLFormElement::setAutocorrect):
3286         (WebCore::HTMLFormElement::setAutocapitalize):
3287         (WebCore::HTMLFormElement::setAction):
3288         (WebCore::HTMLFormElement::setEnctype):
3289         (WebCore::HTMLFormElement::setMethod):
3290         (WebCore::HTMLFormElement::target):
3291         * html/HTMLImageElement.cpp:
3292         (WebCore::HTMLImageElement::width):
3293         (WebCore::HTMLImageElement::height):
3294         (WebCore::HTMLImageElement::setSrc):
3295         * html/HTMLInputElement.cpp:
3296         (WebCore::HTMLInputElement::setType):
3297         (WebCore::HTMLInputElement::updateType):
3298         (WebCore::HTMLInputElement::altText):
3299         (WebCore::HTMLInputElement::setDefaultValue):
3300         * html/HTMLLinkElement.cpp:
3301         (WebCore::HTMLLinkElement::href):
3302         (WebCore::HTMLLinkElement::target):
3303         (WebCore::HTMLLinkElement::type):
3304         * html/HTMLMediaElement.cpp:
3305         (WebCore::HTMLMediaElement::setSrc):
3306         (WebCore::HTMLMediaElement::setPreload):
3307         * html/HTMLMeterElement.cpp:
3308         (WebCore::HTMLMeterElement::min):
3309         (WebCore::HTMLMeterElement::setMin):
3310         (WebCore::HTMLMeterElement::max):
3311         (WebCore::HTMLMeterElement::setMax):
3312         (WebCore::HTMLMeterElement::value):
3313         (WebCore::HTMLMeterElement::setValue):
3314         (WebCore::HTMLMeterElement::low):
3315         (WebCore::HTMLMeterElement::setLow):
3316         (WebCore::HTMLMeterElement::high):
3317         (WebCore::HTMLMeterElement::setHigh):
3318         (WebCore::HTMLMeterElement::optimum):
3319         (WebCore::HTMLMeterElement::setOptimum):
3320         * html/HTMLObjectElement.cpp:
3321         (WebCore::HTMLObjectElement::containsJavaApplet):
3322         * html/HTMLOptionElement.cpp:
3323         (WebCore::HTMLOptionElement::createForJSConstructor):
3324         (WebCore::HTMLOptionElement::setValue):
3325         (WebCore::HTMLOptionElement::setLabel):
3326         * html/HTMLProgressElement.cpp:
3327         (WebCore::HTMLProgressElement::setValue):
3328         (WebCore::HTMLProgressElement::setMax):
3329         * html/HTMLScriptElement.cpp:
3330         (WebCore::HTMLScriptElement::typeAttributeValue):
3331         * html/HTMLSelectElement.cpp:
3332         (WebCore::HTMLSelectElement::setMultiple):
3333         * html/HTMLSourceElement.cpp:
3334         (WebCore::HTMLSourceElement::setSrc):
3335         (WebCore::HTMLSourceElement::media):
3336         (WebCore::HTMLSourceElement::setMedia):
3337         (WebCore::HTMLSourceElement::type):
3338         (WebCore::HTMLSourceElement::setType):
3339         * html/HTMLTableSectionElement.cpp:
3340         (WebCore::HTMLTableSectionElement::setAlign):
3341         (WebCore::HTMLTableSectionElement::setCh):
3342         (WebCore::HTMLTableSectionElement::chOff):
3343         (WebCore::HTMLTableSectionElement::setChOff):
3344         (WebCore::HTMLTableSectionElement::setVAlign):
3345         * html/HTMLTextFormControlElement.cpp:
3346         (WebCore::HTMLTextFormControlElement::updateInnerTextElementEditability):
3347         * html/HTMLVideoElement.cpp:
3348         (WebCore::HTMLVideoElement::imageSourceURL):
3349         * html/HiddenInputType.cpp:
3350         (WebCore::HiddenInputType::restoreFormControlState):
3351         (WebCore::HiddenInputType::setValue):
3352         * html/MediaDocument.cpp:
3353         (WebCore::MediaDocumentParser::createDocumentStructure):
3354         (WebCore::MediaDocument::replaceMediaElementTimerFired):
3355         * html/PluginDocument.cpp:
3356         (WebCore::PluginDocumentParser::createDocumentStructure):
3357         * html/TextFieldInputType.cpp:
3358         (WebCore::TextFieldInputType::createAutoFillButton):
3359         (WebCore::TextFieldInputType::updateAutoFillButton):
3360         * html/parser/HTMLTreeBuilder.cpp:
3361         (WebCore::HTMLTreeBuilder::processIsindexStartTagForInBody):
3362         * html/shadow/MediaControlElements.cpp:
3363         (WebCore::MediaControlClosedCaptionsContainerElement::create):
3364         (WebCore::MediaControlTimelineElement::create):
3365         (WebCore::MediaControlPanelVolumeSliderElement::create):
3366         (WebCore::MediaControlFullscreenVolumeSliderElement::create):
3367         * html/shadow/TextControlInnerElements.cpp:
3368         (WebCore::SearchFieldCancelButtonElement::SearchFieldCancelButtonElement):
3369         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
3370         (WebCore::ImageControlsButtonElementMac::tryCreate):
3371         * html/shadow/mac/ImageControlsRootElementMac.cpp:
3372         (WebCore::ImageControlsRootElement::tryCreate):
3373         * html/track/WebVTTElement.cpp:
3374         (WebCore::WebVTTElement::createEquivalentHTMLElement):
3375         * html/track/WebVTTParser.cpp:
3376         (WebCore::WebVTTTreeBuilder::constructTreeFromToken):
3377         * inspector/InspectorCSSAgent.cpp:
3378         (WebCore::InspectorCSSAgent::createInspectorStyleSheetForDocument):
3379         * inspector/InspectorPageAgent.cpp:
3380         (WebCore::InspectorPageAgent::buildObjectForFrame):
3381         * mathml/MathMLSelectElement.cpp:
3382         (WebCore::MathMLSelectElement::toggle):
3383         * page/PageSerializer.cpp:
3384         (WebCore::PageSerializer::serializeFrame):
3385         * rendering/RenderDetailsMarker.cpp:
3386         (WebCore::RenderDetailsMarker::isOpen):
3387         * rendering/mathml/RenderMathMLFraction.cpp:
3388         (WebCore::RenderMathMLFraction::updateFromElement):
3389         * svg/SVGElement.cpp:
3390         (WebCore::SVGElement::setXmlbase):
3391         * svg/SVGSVGElement.cpp:
3392         (WebCore::SVGSVGElement::setContentScriptType):
3393         (WebCore::SVGSVGElement::setContentStyleType):
3394         * svg/SVGStyleElement.cpp:
3395         (WebCore::SVGStyleElement::setMedia):
3396         (WebCore::SVGStyleElement::setTitle):
3397
3398 2016-07-15  Chris Dumez  <cdumez@apple.com>
3399
3400         Modernize StaticNodeList / StaticElementList
3401         https://bugs.webkit.org/show_bug.cgi?id=159831
3402
3403         Reviewed by Ryosuke Niwa.
3404
3405         Modernize StaticNodeList / StaticElementList. Pass vector to adopt
3406         as an rvalue reference instead of a non-const reference.
3407
3408         * bindings/js/JSHTMLAllCollectionCustom.cpp:
3409         (WebCore::namedItems):
3410         * dom/ChildListMutationScope.cpp:
3411         (WebCore::ChildListMutationAccumulator::enqueueMutationRecord):
3412         * dom/MutationRecord.cpp:
3413         * dom/SelectorQuery.cpp:
3414         (WebCore::SelectorDataList::queryAll):
3415         * dom/StaticNodeList.h:
3416         * dom/WebKitNamedFlow.cpp:
3417         (WebCore::WebKitNamedFlow::getRegionsByContent):
3418         (WebCore::WebKitNamedFlow::getRegions):
3419         (WebCore::WebKitNamedFlow::getContent):
3420         * svg/SVGSVGElement.cpp:
3421         (WebCore::SVGSVGElement::collectIntersectionOrEnclosureList):
3422         * testing/Internals.cpp:
3423         (WebCore::Internals::nodesFromRect):
3424
3425 2016-07-15  Brent Fulgham  <bfulgham@apple.com>
3426
3427         Block insecure script running in a data: frame when the top-level page is HTTPS
3428         https://bugs.webkit.org/show_bug.cgi?id=125806
3429         <rdar://problem/27331825>
3430
3431         Reviewed by Brady Eidson.
3432
3433         Fix based on a Blink change (patch by <tsepez@chromium.org>):
3434         <https://chromium.googlesource.com/chromium/blink/+/33e553bd96e040151c1472289a0d80803bfca3a5>
3435
3436         Test: http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html
3437
3438         * loader/cache/CachedResourceLoader.cpp:
3439         (WebCore::CachedResourceLoader::checkInsecureContent): Check the top-level frame's security state
3440         before allowing insecure scripts to be used.        
3441
3442 2016-07-15  Chris Dumez  <cdumez@apple.com>
3443
3444         Let the compiler generate QualifiedName copy constructor and assignment operator
3445         https://bugs.webkit.org/show_bug.cgi?id=159826
3446
3447         Reviewed by Alex Christensen.
3448
3449         Let the compiler generate QualifiedName copy constructor and assignment operator
3450         as our custom implementation does nothing special. This also makes QualifiedName
3451         movable as the compiler is now able to generate the move constructor / assignment
3452         operator as well.
3453
3454         * dom/QualifiedName.h:
3455         (WebCore::QualifiedName::QualifiedName): Deleted.
3456         (WebCore::QualifiedName::operator=): Deleted.
3457
3458 2016-07-15  Antonio Gomes  <tonikitoo@igalia.com>
3459
3460         ScrollView::setHasHorizontalScrollbar / setHasVerticalScrollbar duplicate their logic
3461         https://bugs.webkit.org/show_bug.cgi?id=159825
3462
3463         Patch introduces a (private) method to ScrollView
3464         to share the code/logic of setHas{Horizontal,Vertical}Scrollbar.
3465
3466         Reviewed by Simon Fraser.
3467
3468         No new tests needed.
3469
3470         * platform/ScrollView.cpp:
3471         (WebCore::ScrollView::setHasScrollbarInternal):
3472         (WebCore::ScrollView::setHasHorizontalScrollbar):
3473         (WebCore::ScrollView::setHasVerticalScrollbar):
3474         * platform/ScrollView.h:
3475
3476 2016-07-15  Frederic Wang  <fwang@igalia.com>
3477
3478         MathOperator: Improve alignment for vertical size variant
3479         https://bugs.webkit.org/show_bug.cgi?id=158866
3480
3481         Reviewed by Brent Fulgham.
3482
3483         The MathOperator class may stretch operators with either a large glyph or a glyph assembly.
3484         In the latter case, the assembly is adjusted to match the stretch ascent and descent
3485         requested by the callers. But in the former case the glyph ascent and descent are used
3486         instead. We solve this by making MathOperator::stretchTo only take a targetSize and let
3487         callers do the vertical alignment they want. This improves the rendering of fences with some
3488         math fonts (e.g. XITS) and allows to pass the two cases of mo-axis-height-1.html.
3489
3490         Test: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
3491
3492         * rendering/mathml/MathOperator.cpp:
3493         (WebCore::MathOperator::stretchTo): Merge vertical and horizontal stretching into the same
3494         function with only the targetSize as a parameter.
3495         * rendering/mathml/RenderMathMLOperator.cpp:
3496         (WebCore::RenderMathMLOperator::stretchTo): Updated to use the new signature.
3497         (WebCore::RenderMathMLOperator::verticalStretchedOperatorShift): Helper function to calculate
3498         the shift necessary to align the baseline of the MathOperator instance with the one of the
3499         RenderMathMLOperator.
3500         (WebCore::RenderMathMLOperator::firstLineBaseline): Adjust the baseline.
3501         * rendering/mathml/RenderMathMLOperator.h: Declare verticalStretchedOperatorShift.
3502         * rendering/mathml/RenderMathMLRoot.cpp:
3503         (WebCore::RenderMathMLRoot::layoutBlock): Use the new signature. This function aligns the top
3504         of the radical with the overbar so we do not need to adjust baseline alignment here.
3505
3506 2016-07-15  Brady Eidson  <beidson@apple.com>
3507
3508         WebKit should prevent push/replace state with username in URL.
3509         <rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818
3510
3511         Reviewed by Brent Fulgham.
3512
3513         Test: http/tests/security/history-username-password.html
3514
3515         * page/History.cpp:
3516         (WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.
3517
3518 2016-07-15  Ryan Haddad  <ryanhaddad@apple.com>
3519
3520         Unreviewed, rolling out r203266.
3521
3522         This change caused editing/deleting/delete-emoji.html to time
3523         out on El Capitan, crash under GuardMalloc
3524
3525         Reverted changeset:
3526
3527         "Support new emoji group candidates"
3528         https://bugs.webkit.org/show_bug.cgi?id=159755
3529         http://trac.webkit.org/changeset/203266
3530
3531 2016-07-15  Frederic Wang  <fwang@igalia.com>
3532
3533         Move parsing of mfrac attributes into a MathMLFractionElement class
3534         https://bugs.webkit.org/show_bug.cgi?id=159624
3535
3536         Reviewed by Brent Fulgham.
3537
3538         We move the parsing of mfrac attributes to a MathMLFractionElement class. This allows to
3539         minimize the updates in RenderMathMLFraction and to remove the alignment members. Many of
3540         the members in updateLayoutParameters are actually only used in layoutBlock and could be
3541         removed in a follow-up patch. We also improve the resolution of negative line thickness value
3542         since the MathML recommendation says it should be rounded up to the nearest valid
3543         value (which is zero) instead of ignoring the attribute and using the line thickness.
3544
3545         No new tests, already covered by existing tests.
3546
3547         * CMakeLists.txt: Add MathMLFractionElement.
3548         * WebCore.xcodeproj/project.pbxproj: Ditto.
3549         * mathml/MathMLAllInOne.cpp: Ditto.
3550         * mathml/MathMLFractionElement.cpp: Added.
3551         (WebCore::MathMLFractionElement::MathMLFractionElement):
3552         (WebCore::MathMLFractionElement::create):
3553         (WebCore::MathMLFractionElement::lineThickness): Return the cached linethickness length,
3554         parsing it again if it is dirty. This handles the special values "thin", "medium" and "thick"
3555         or fallback to the general parseMathMLLength for MathML lengths.
3556         (WebCore::MathMLFractionElement::cachedFractionAlignment): Return the cached alignment value,
3557         parsing it again if it is dirty.
3558         (WebCore::MathMLFractionElement::numeratorAlignment): Return the cached alignment.
3559         (WebCore::MathMLFractionElement::denominatorAlignment): Ditto.
3560         (WebCore::MathMLFractionElement::parseAttribute): Make attributes dirty.
3561         (WebCore::MathMLFractionElement::createElementRenderer): Create a RenderMathMLFraction.
3562         * mathml/MathMLFractionElement.h: Added.
3563         * mathml/MathMLInlineContainerElement.cpp: We no longer need to handle fraction here.
3564         (WebCore::MathMLInlineContainerElement::createElementRenderer):
3565         * mathml/mathtags.in: Use MathMLFractionElement for mfrac.
3566         * rendering/mathml/RenderMathMLFraction.cpp:
3567         (WebCore::RenderMathMLFraction::updateLayoutParameters): New helper function to set the
3568         layout parameters, replacing updateFromElement. We no longer parse and store the alignment
3569         values here. We also change the resolution of negative values.
3570         (WebCore::RenderMathMLFraction::horizontalOffset): Use the enum from MathMLFractionElement.
3571         (WebCore::RenderMathMLFraction::layoutBlock): We call updateLayoutParameters instead of
3572         updateFromElement. The numerator and denominator alignments are resolved here.
3573         (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Deleted. Parsing of alignment
3574         attribute is now handled in MathMLFractionElement.
3575         (WebCore::RenderMathMLFraction::updateFromElement): Deleted. Attribute changes are now
3576         handled in MathMLFractionElement.
3577         (WebCore::RenderMathMLFraction::styleDidChange): Deleted. Font changes are properly handled.
3578         * rendering/mathml/RenderMathMLFraction.h: Update declarations.
3579
3580 2016-07-15  Frederic Wang  <fwang@igalia.com>
3581
3582         Check whether font is nonnull for GlyphData instead of calling GlyphData::isValid()
3583         https://bugs.webkit.org/show_bug.cgi?id=159783
3584
3585         Reviewed by Brent Fulgham.
3586
3587         GlyphData::isValid() returns true for GlyphData with null 'font' pointer when the 'glyph'
3588         index is nonzero. This behavior is not expected by the MathML code and we have had crashes
3589         in our test suite in the past on Windows (e.g. bug 140653). We thus replace the call to
3590         GlyphData::isValid() with a stronger verification: Whether the 'font' pointer is nonzero.
3591
3592         No new tests, this only makes null pointer checks stronger.
3593
3594         * rendering/mathml/MathOperator.cpp:
3595         (WebCore::boundsForGlyph):
3596         (WebCore::advanceWidthForGlyph):
3597         (WebCore::MathOperator::getBaseGlyph):
3598         (WebCore::MathOperator::setSizeVariant):
3599         (WebCore::MathOperator::fillWithVerticalExtensionGlyph):
3600         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph):
3601         (WebCore::MathOperator::paintVerticalGlyphAssembly):
3602         (WebCore::MathOperator::paintHorizontalGlyphAssembly):
3603         (WebCore::MathOperator::paint):
3604         * rendering/mathml/RenderMathMLOperator.cpp:
3605         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
3606         * rendering/mathml/RenderMathMLToken.cpp:
3607         (WebCore::RenderMathMLToken::computePreferredLogicalWidths):
3608         (WebCore::RenderMathMLToken::firstLineBaseline):
3609         (WebCore::RenderMathMLToken::layoutBlock):
3610         (WebCore::RenderMathMLToken::paint):
3611         (WebCore::RenderMathMLToken::paintChildren):
3612
3613 2016-07-15  Frederic Wang  <fwang@igalia.com>
3614
3615         Add DejaVu Math TeX Gyre to the list of math fonts.
3616         https://bugs.webkit.org/show_bug.cgi?id=159805
3617
3618         Reviewed by Brent Fulgham.
3619
3620         DejaVu 2.36 has a new math font that can be used for MathML rendering. Because this font is
3621         likely to be installed on many systems (Linux, LibreOffice, etc) we include it in the default
3622         list of font-families in mathml.css in order to increase the chance to find a math font.
3623
3624         No new tests, it only affects rendering when DejaVu Math TeX Gyre is installed on the system.
3625
3626         * css/mathml.css:
3627         (math):
3628
3629 2016-07-15  Eric Carlson  <eric.carlson@apple.com>
3630
3631         [MSE] Increase the SourceBuffer "fudge factor"
3632         https://bugs.webkit.org/show_bug.cgi?id=159813
3633         <rdar://problem/27372033>
3634
3635         Reviewed by Jon Lee.
3636         
3637         Some media encoding/conversion pipelines are sloppy when doing sample time/timescale
3638         math, and the error accumulation results in small gaps in the media timeline. r202641
3639         increased the maximum allowable gap from 0.01 second to one 24fps frame, but it turns
3640         out that at least one large provider has a significant amount of content encoded with
3641         up to two 24fps frames.
3642
3643         No new tests, updated media/media-source/media-source-small-gap.html.
3644
3645         * Modules/mediasource/SourceBuffer.cpp:
3646         (WebCore::currentTimeFudgeFactor): Increase maximum gap to 2002 / 24000 frames.
3647
3648 2016-07-15  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
3649
3650         Add final keyword to WebCore/svg classes
3651         https://bugs.webkit.org/show_bug.cgi?id=159802
3652
3653         Reviewed by Youenn Fablet.
3654
3655         Updated classes in the WebCore/svg directory to be marked as final where appropriate.
3656
3657         * svg/SVGException.h:
3658         * svg/SVGLengthList.h:
3659         * svg/SVGMatrix.h:
3660         * svg/SVGNumberList.h:
3661         * svg/SVGPaint.h:
3662         * svg/SVGPathBuilder.h:
3663         * svg/SVGPathByteStreamBuilder.h:
3664         * svg/SVGPathByteStreamSource.h:
3665         * svg/SVGPathSegArcAbs.h:
3666         * svg/SVGPathSegArcRel.h:
3667         * svg/SVGPathSegClosePath.h:
3668         * svg/SVGPathSegCurvetoCubicAbs.h:
3669         * svg/SVGPathSegCurvetoCubicRel.h:
3670         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
3671         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
3672         * svg/SVGPathSegCurvetoQuadraticAbs.h:
3673         * svg/SVGPathSegCurvetoQuadraticRel.h:
3674         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
3675         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
3676         * svg/SVGPathSegLinetoAbs.h:
3677         * svg/SVGPathSegLinetoHorizontalAbs.h:
3678         * svg/SVGPathSegLinetoHorizontalRel.h:
3679         * svg/SVGPathSegLinetoRel.h:
3680         * svg/SVGPathSegLinetoVerticalAbs.h:
3681         * svg/SVGPathSegLinetoVerticalRel.h:
3682         * svg/SVGPathSegListBuilder.h:
3683         * svg/SVGPathSegListSource.h:
3684         * svg/SVGPathSegMovetoAbs.h:
3685         * svg/SVGPathSegMovetoRel.h:
3686         * svg/SVGPathStringSource.h:
3687         * svg/SVGPathTraversalStateBuilder.h:
3688         * svg/SVGPointList.h:
3689         * svg/SVGRenderingIntent.h:
3690         * svg/SVGStringList.h:
3691         * svg/SVGTRefElement.cpp:
3692         * svg/SVGToOTFFontConversion.cpp:
3693         * svg/SVGTransformList.h:
3694         * svg/SVGUnitTypes.h:
3695         * svg/SVGViewSpec.h:
3696         * svg/SVGZoomEvent.h:
3697         * svg/animation/SMILTimeContainer.h:
3698         * svg/animation/SVGSMILElement.cpp:
3699         * svg/graphics/filters/SVGFEImage.h:
3700         * svg/graphics/filters/SVGFilter.h:
3701         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
3702         * svg/properties/SVGAnimatedPropertyTearOff.h:
3703         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
3704         * svg/properties/SVGMatrixTearOff.h:
3705         * svg/properties/SVGPathSegListPropertyTearOff.h:
3706         * svg/properties/SVGStaticListPropertyTearOff.h:
3707         * svg/properties/SVGStaticPropertyTearOff.h:
3708         * svg/properties/SVGTransformListPropertyTearOff.h:
3709
3710 2016-07-15  Per Arne Vollan  <pvollan@apple.com>
3711
3712         Uninitialized variable in DIBPixelData can cause a dangerous memory write
3713         https://bugs.webkit.org/show_bug.cgi?id=159414
3714
3715         Reviewed by Brent Fulgham.
3716
3717         Initialize local BITMAP variable, in case the ::GetObject function that should initialize it
3718         fails to do so, because the bitmap handle is invalid.
3719
3720         Tests: Tools/TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp
3721
3722         * platform/graphics/win/DIBPixelData.cpp:
3723         (WebCore::DIBPixelData::initialize): Initialize local variable.
3724         (WebCore::DIBPixelData::setRGBABitmapAlpha): Return early if we have no bitmap.
3725         * platform/graphics/win/DIBPixelData.h: Link fix.
3726
3727 2016-07-14  Yoav Weiss  <yoav@yoav.ws>
3728
3729         Change CSSParser::sourceSize returning Optional<CSSParser::SourceSize>
3730         https://bugs.webkit.org/show_bug.cgi?id=159666
3731
3732         Reviewed by Michael Catanzaro.
3733
3734         Tests:
3735             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
3736
3737         * css/CSSGrammar.y.in: Avoid adding SourceSize to source_size_list when the value is a Nullopt.
3738         * css/CSSParser.cpp:
3739         (WebCore::CSSParser::sourceSize): Return a Nullopt when an invalid value is encountered.
3740         * css/CSSParser.h:
3741
3742 2016-07-14  Antonio Gomes  <tonikitoo@igalia.com>
3743
3744         [RTL Scrollbars] Frame scrollbars don't move to the right when text direction changes to RTL
3745         https://bugs.webkit.org/show_bug.cgi?id=158252
3746
3747         Reviewed by Myles C. Maxfield.
3748
3749         When the 'dir' attribute changes either on body or on the document
3750         element level, the associated FrameView does not trigger an update on
3751         the frame level vertical scrollbar.
3752
3753         Patch adds a 'hook' so that RenderBox::styleDidChange can call in
3754         order to get the document level scrollbar placed properly in the next
3755         layout.
3756
3757         Test: fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement.html
3758               fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2.html
3759               fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement.html
3760
3761         * page/FrameView.cpp:
3762         (WebCore::FrameView::topContentDirectionDidChange):
3763         * page/FrameView.h:
3764         * rendering/RenderBox.cpp:
3765         (WebCore::RenderBox::styleDidChange):
3766
3767 2016-07-14  Myles C. Maxfield  <mmaxfield@apple.com>
3768
3769         Support new emoji group candidates
3770         https://bugs.webkit.org/show_bug.cgi?id=159755
3771         <rdar://problem/27325521>
3772
3773         Reviewed by Dean Jackson.
3774
3775         There are a few code points which should be able to be joined (with ZWJ) to
3776         either U+2640 or U+2642 to change the gender of the emoji. These patterns
3777         should also work with an additional 0xFE0F variation selector. This patch
3778         adds these new patterns to our existing emoji group candidate infrastructure.
3779
3780         Tests: fast/text/emoji-gender-2-3.html
3781                fast/text/emoji-gender-2-4.html
3782                fast/text/emoji-gender-2-5.html
3783                fast/text/emoji-gender-2-6.html
3784                fast/text/emoji-gender-2-7.html
3785                fast/text/emoji-gender-2-8.html
3786                fast/text/emoji-gender-2-9.html
3787                fast/text/emoji-gender-2.html
3788                fast/text/emoji-gender-3.html
3789                fast/text/emoji-gender-4.html
3790                fast/text/emoji-gender-5.html
3791                fast/text/emoji-gender-6.html
3792                fast/text/emoji-gender-7.html
3793                fast/text/emoji-gender-8.html
3794                fast/text/emoji-gender-9.html
3795                fast/text/emoji-gender-fe0f-3.html
3796                fast/text/emoji-gender-fe0f-4.html
3797                fast/text/emoji-gender-fe0f-5.html
3798                fast/text/emoji-gender-fe0f-6.html
3799                fast/text/emoji-gender-fe0f-7.html
3800                fast/text/emoji-gender-fe0f-8.html
3801                fast/text/emoji-gender-fe0f-9.html
3802                fast/text/emoji-gender.html
3803                fast/text/emoji-num-glyphs.html
3804                fast/text/emoji-single-parent-family-2.html
3805                fast/text/emoji-single-parent-family.html
3806
3807         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
3808         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
3809         * platform/graphics/FontCascade.cpp:
3810         (WebCore::FontCascade::characterRangeCodePath):
3811         * platform/text/CharacterProperties.h:
3812         (WebCore::isEmojiGroupCandidate):
3813
3814 2016-07-14  Dean Jackson  <dino@apple.com>
3815
3816         CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::MediaQueryEvaluator::evaluate const
3817         https://bugs.webkit.org/show_bug.cgi?id=159799
3818         <rdar://problem/27346959>
3819
3820         Reviewed by Myles Maxfield.
3821
3822         Speculative fix for this crash, which seems to happen when asking for the Node's
3823         renderer(). From the incoming crash logs, it is triggered by mutations on
3824         a <picture> or <img> element, which would require choosing a new source,
3825         and causing some media queries to evaluate.
3826
3827         The only place in MediaQueryEvaluator that has anything to do with
3828         renderers is when gathering up some style information to pass to the
3829         actual evaluation function. I put a guard against a missing documentElement
3830         in there.
3831
3832         * css/MediaQueryEvaluator.cpp:
3833         (WebCore::MediaQueryEvaluator::evaluate): Make sure documentElement is not
3834         null.
3835
3836 2016-07-14  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
3837
3838         Update HTML*Element class override methods in final classes
3839         https://bugs.webkit.org/show_bug.cgi?id=159456
3840
3841         Reviewed by Youenn Fablet.
3842
3843         Update HTML*Element classes so that overriden methods in final classes are marked final.
3844         Also marked HTMLDivElement overriden methods as final since they are not overridden by derived classes.
3845
3846         * html/HTMLAppletElement.h:
3847         * html/HTMLAreaElement.h:
3848         * html/HTMLAttachmentElement.h:
3849         * html/HTMLAudioElement.h:
3850         * html/HTMLBRElement.h:
3851         * html/HTMLBaseElement.h:
3852         * html/HTMLBodyElement.h:
3853         * html/HTMLButtonElement.h:
3854         * html/HTMLCanvasElement.h:
3855         * html/HTMLDataElement.h:
3856         * html/HTMLDetailsElement.h:
3857         * html/HTMLDivElement.h:
3858         * html/HTMLEmbedElement.h:
3859         * html/HTMLFieldSetElement.h:
3860         * html/HTMLFontElement.h:
3861         * html/HTMLFormElement.h:
3862         * html/HTMLFrameSetElement.h:
3863         * html/HTMLHRElement.h:
3864         * html/HTMLHtmlElement.h:
3865         * html/HTMLKeygenElement.h:
3866         * html/HTMLLIElement.h:
3867         * html/HTMLLabelElement.h:
3868         * html/HTMLLegendElement.h:
3869         * html/HTMLLinkElement.h:
3870         * html/HTMLMapElement.h:
3871         * html/HTMLMarqueeElement.h:
3872         * html/HTMLMetaElement.h:
3873         * html/HTMLMeterElement.h:
3874         * html/HTMLModElement.h:
3875         * html/HTMLOListElement.h:
3876         * html/HTMLObjectElement.h:
3877         * html/HTMLOptGroupElement.h:
3878         * html/HTMLOptionElement.h:
3879         * html/HTMLOutputElement.h:
3880         * html/HTMLParagraphElement.h:
3881         * html/HTMLParamElement.h:
3882         * html/HTMLPreElement.h:
3883         * html/HTMLProgressElement.h:
3884         * html/HTMLQuoteElement.h:
3885         * html/HTMLScriptElement.h:
3886         * html/HTMLSourceElement.h:
3887         * html/HTMLStyleElement.h:
3888         * html/HTMLSummaryElement.h:
3889         * html/HTMLTableCaptionElement.h:
3890         * html/HTMLTableColElement.h:
3891         * html/HTMLTableElement.h:
3892         * html/HTMLTableSectionElement.h:
3893         * html/HTMLTemplateElement.h:
3894         * html/HTMLTextAreaElement.h:
3895         * html/HTMLTitleElement.h:
3896         * html/HTMLUListElement.h:
3897         * html/HTMLUnknownElement.h:
3898         * html/HTMLVideoElement.h:
3899         * html/HTMLWBRElement.h:
3900
3901 2016-07-14  Chris Dumez  <cdumez@apple.com>
3902
3903         Modernize GlyphMetricsMap
3904         https://bugs.webkit.org/show_bug.cgi?id=159788
3905
3906         Reviewed by Darin Adler.
3907
3908         Modernize GlyphMetricsMap a bit.
3909
3910         * platform/graphics/GlyphMetricsMap.h:
3911         - Drop WTF_MAKE_NONCOPYABLE as the class is already non-copyable due to having
3912           to having a std::unique_ptr data member.
3913         - Drop GlyphMetricsMap default constructor and let the compiler generate it
3914           instead. This required using inline initialization for m_filledPrimaryPage.
3915
3916         (WebCore::GlyphMetricsMap::GlyphMetricsPage::GlyphMetricsPage):
3917         - Make m_metrics data member private as it does not need to be public.
3918         - Make setMetricsForIndex(unsigned index, const T& metrics) setter private
3919           as it does not need to be public.
3920         - Make GlyphMetricsPage(const T& initialValue) constructor explicit as it
3921           takes only 1 parameter.
3922
3923         (WebCore::GlyphMetricsMap<T>::locatePageSlowCase):
3924         - Use HashMap::ensure() to make the code a bit nicer.
3925
3926 2016-07-14  Simon Fraser  <simon.fraser@apple.com>
3927
3928         [iOS WK2] When scrolling apple.com/music on iPad Pro in landscape, left-hand tiles appear first
3929         https://bugs.webkit.org/show_bug.cgi?id=159798
3930         rdar://problem/27362717
3931
3932         Reviewed by Tim Horton.
3933
3934         In out-of-visible tiled layers, we always allocated the top-left tile, wasting
3935         memory and causing ugliness when scrolling that layer into view. This happened
3936         because getTileIndexRangeForRect() had no way to express the fact that no tiles
3937         should be created.
3938
3939         Fix getTileIndexRangeForRect() to return a bool, and fix callers to respect the
3940         return value.
3941
3942         Test: compositing/tiling/offscreen-tiled-layer.html
3943
3944         * platform/graphics/ca/GraphicsLayerCA.cpp:
3945         (WebCore::GraphicsLayerCA::dumpAdditionalProperties):
3946         * platform/graphics/ca/TileGrid.cpp:
3947         (WebCore::TileGrid::setNeedsDisplayInRect):
3948         (WebCore::TileGrid::tilesWouldChangeForCoverageRect):
3949         (WebCore::TileGrid::getTileIndexRangeForRect):
3950         (WebCore::TileGrid::revalidateTiles):
3951         (WebCore::TileGrid::ensureTilesForRect):
3952         (WebCore::TileGrid::extent):
3953         * platform/graphics/ca/TileGrid.h:
3954
3955 2016-07-14  John Wilander  <wilander@apple.com>
3956
3957         Remove credentials in URL when accessed through location.href
3958         https://bugs.webkit.org/show_bug.cgi?id=139562
3959         <rdar://problem/27331164>
3960
3961         Reviewed by Brent Fulgham.
3962
3963         Test: http/tests/security/location-href-clears-username-password.html
3964
3965         The reason for this change is to not allow scripts on the page to
3966         exfiltrate username and password from the URL.
3967
3968         * page/Location.cpp:
3969         (WebCore::Location::href):
3970             Now checks if there is a username or password in the URL. If so,
3971             it copies the URL and removes the username and password.
3972
3973 2016-07-14  Javier Fernandez  <jfernandez@igalia.com>
3974
3975         [css-grid] Handle min-content/max-content with orthogonal flows
3976         https://bugs.webkit.org/show_bug.cgi?id=159294
3977
3978         Reviewed by Darin Adler.
3979
3980         Currently there is no support for orthogonal flows in many aspects of the
3981         Grid Layout logic.
3982
3983         The Grid sizing algorithm should be adapted to this scenario, hence this
3984         patch focus on the min-content and max-content functions, used to resolve
3985         content based t