Fix null handling for HTMLObjectElement.border
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-21  Chris Dumez  <cdumez@apple.com>
2
3         Fix null handling for HTMLObjectElement.border
4         https://bugs.webkit.org/show_bug.cgi?id=160040
5
6         Reviewed by Ryosuke Niwa.
7
8         Fix null handling for HTMLObjectElement.border to match the specification:
9         - https://html.spec.whatwg.org/#HTMLObjectElement-partial
10
11         We are supposed to treat null as the empty string.
12
13         Both Firefox and Chrome agree with the specification.
14
15         No new tests, rebaselined existing tests.
16
17         * html/HTMLObjectElement.idl:
18
19 2016-07-21  Chris Dumez  <cdumez@apple.com>
20
21         Fix null handling for td.bgColor / tr.bgColor
22         https://bugs.webkit.org/show_bug.cgi?id=160043
23
24         Reviewed by Ryosuke Niwa.
25
26         Fix null handling for td.bgColor / tr.bgColor to match the
27         specification:
28         - https://html.spec.whatwg.org/#HTMLTableCellElement-partial
29         - https://html.spec.whatwg.org/#HTMLTableRowElement-partial
30
31         We are supposed to treat null as the empty string.
32
33         Firefox and Chrome both agree with the specification.
34
35         No new tests, rebaselined existing tests.
36
37         * html/HTMLTableCellElement.idl:
38         * html/HTMLTableRowElement.idl:
39
40 2016-07-21  Chris Dumez  <cdumez@apple.com>
41
42         Fix null handling for several HTMLBodyElement attributes
43         https://bugs.webkit.org/show_bug.cgi?id=160044
44
45         Reviewed by Ryosuke Niwa.
46
47         Fix null handling for several HTMLBodyElement attributes to match the
48         specification:
49         - https://html.spec.whatwg.org/#HTMLBodyElement-partial
50
51         The attributes in question are: 'text', 'link', 'vlink', 'alink' and
52         'bgcolor'.
53
54         We are supposed to treat null as the empty string for these attributes.
55
56         Firefox and Chrome both agree with the specification.
57
58         No new tests, rebaselined existing tests.
59
60         * html/HTMLBodyElement.idl:
61
62 2016-07-21  Chris Dumez  <cdumez@apple.com>
63
64         Fix null handling for HTMLIFrameElement.marginWidth / marginHeight
65         https://bugs.webkit.org/show_bug.cgi?id=160037
66
67         Reviewed by Ryosuke Niwa.
68
69         Fix null handling for HTMLIFrameElement.marginWidth / marginHeight to
70         match the specification:
71         - https://html.spec.whatwg.org/#HTMLIFrameElement-partial
72
73         We are supposed to treat null as the empty string. Both Firefox and
74         Chrome agree with the specification.
75
76         No new tests, rebaselined existing tests.
77
78         * html/HTMLIFrameElement.idl:
79
80 2016-07-21  Chris Dumez  <cdumez@apple.com>
81
82         Fix null handling for HTMLImageElement.border
83         https://bugs.webkit.org/show_bug.cgi?id=160039
84
85         Reviewed by Ryosuke Niwa.
86
87         Fix null handling for HTMLImageElement.border to match the specification:
88         - https://html.spec.whatwg.org/#HTMLImageElement-partial
89
90         We are supposed to treat null as the empty string.
91
92         Both Firefox and Chrome agree with the specification.
93
94         No new tests, rebaselined existing tests.
95
96         * html/HTMLImageElement.idl:
97
98 2016-07-21  Daniel Bates  <dabates@apple.com>
99
100         REGRESSION: Plugin replaced YouTube Flash videos always have the same width
101         https://bugs.webkit.org/show_bug.cgi?id=159998
102         <rdar://problem/27462285>
103
104         Reviewed by Simon Fraser.
105
106         Fixes an issue where the width of a plugin replaced YouTube video loaded via an HTML embed
107         element would always have the same width regardless of value of the width attribute.
108
109         For YouTube Flash videos the YouTube plugin replacement substitutes a shadow DOM subtree
110         for the default renderer of an HTML embed element. The root of this shadow DOM subtree
111         is an HTML div element. Currently we set inline styles on this <div> when it is instantiated.
112         In particular, we set inline display and position to "inline-block" and "relative", respectively,
113         and set an invalid height and width (we specify a font weight value instead of a CSS length value
114         - this causes an ASSERT_NOT_REACHED() assertion failure in StyleBuilderConverter::convertLengthSizing()
115         in a debug build). These styles never worked as intended and we ultimately created an inline
116         renderer (ignoring display "inline-block") that had auto width and height. Instead it is sufficient
117         to remove all these inline styles and create a RenderBlockFlow renderer for this <div> so that it
118         renders as a block, non-replaced element to achieve the intended illusion that the <embed> is a
119         single element.
120
121         * html/shadow/YouTubeEmbedShadowElement.cpp: Remove unused header HTMLEmbedElement.h and include
122         header RenderBlockFlow.h. Also update copyright in license block.
123         (WebCore::YouTubeEmbedShadowElement::YouTubeEmbedShadowElement): Remove inline styles as these
124         never worked as intended.
125         (WebCore::YouTubeEmbedShadowElement::createElementRenderer): Override; create a block-flow
126         renderer for us so that we layout as a block, non-replaced element.
127         * html/shadow/YouTubeEmbedShadowElement.h:
128
129 2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>
130
131         [iPhone] Playing a video on tudou.com plays only sound, no video
132         https://bugs.webkit.org/show_bug.cgi?id=159967
133         <rdar://problem/26964090>
134
135         Reviewed by Jon Lee, Jeremy Jones, and Anders Carlsson.
136
137         WebKit recently starting honoring the playsinline and webkit-playsinline
138         attribute on iPhones. However, because these attributes previously did
139         nothing, some sites (such as Todou) were setting them on their content
140         and expecting that they are not honored. In this specific case, the
141         video is absolutely positioned to be 1 pixel x 1 pixel.
142
143         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
144         property on their WKWebView, which would honor the webkit-playsinline
145         attribute. Safari on iPhones didn't do this.
146
147         In order to not break these existing apps, it's important that the
148         allowsInlineMediaPlayback preference still allows webkit-playsinline
149         videos to play inline in apps using WKWebView. However, in Safari, these
150         videos should play fullscreen. (Todou videos have webkit-playsinline
151         but not playsinline.)
152
153         Therefore, in Safari, videos with playsinline should be inline, but
154         videos with webkit-playsinline should be fullscreen. In apps using
155         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
156         playsinline should be inline, and videos with webkit-playsinline should
157         also be inline. Videos on iPad and Mac should all be inline by default.
158
159         We can create some truth tables for the cases which need to be covered:
160
161         All apps on Mac / iPad:
162         Presence of playsinline | Presence of webkit-playsinline | Result
163         ========================|================================|===========
164         Not present             | Not present                    | Inline
165         Present                 | Not present                    | Inline
166         Not Present             | Present                        | Inline
167         Present                 | Present                        | Inline
168
169         Safari on iPhone:
170         Presence of playsinline | Presence of webkit-playsinline | Result
171         ========================|================================|===========
172         Not present             | Not present                    | Fullscreen
173         Present                 | Not present                    | Inline
174         Not Present             | Present                        | Fullscreen
175         Present                 | Present                        | Inline
176
177         App on iPhone which sets allowsInlineMediaPlayback:
178         Presence of playsinline | Presence of webkit-playsinline | Result
179         ========================|================================|===========
180         Not present             | Not present                    | Fullscreen
181         Present                 | Not present                    | Inline
182         Not Present             | Present                        | Inline
183         Present                 | Present                        | Inline
184
185         The way to distinguish Safari from another app is to create an SPI
186         boolean preference which Safari can set. This is already how the
187         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
188         which Safari sets but other apps don't. However, this preference is
189         no longer sufficient because Safari should now be discriminating
190         between the playsinline and webkit-playsinline attributes. Therefore,
191         this preference should be extended to two boolean preferences, which
192         this patch adds:
193
194         allowsInlineMediaPlaybackWithPlaysInlineAttribute
195         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
196
197         Safari on iPhone will set
198         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
199         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
200         false. Other apps on iPhone will get their defaults values (because they
201         are SPI) which means they will both be true. On iPad and Mac, apps will
202         use the defaults values where both are false.
203
204         This patch adds support for these two preferences, but does not remove
205         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
206         I will remove the exising preference as soon as I update Safari to migrate
207         off of it.
208
209         Test: media/video-playsinline.html
210
211         * html/MediaElementSession.cpp:
212         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
213         * page/Settings.cpp:
214         * page/Settings.in:
215         * testing/InternalSettings.cpp:
216         (WebCore::InternalSettings::Backup::Backup):
217         (WebCore::InternalSettings::Backup::restoreTo):
218         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
219         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
220         * testing/InternalSettings.h:
221         * testing/InternalSettings.idl:
222
223 2016-07-21  Ryosuke Niwa  <rniwa@webkit.org>
224
225         Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply
226         https://bugs.webkit.org/show_bug.cgi?id=160011
227
228         Reviewed by Chris Dumez.
229
230         Add a null pointer check for renderer() call.
231
232         Unfortunately no new tests since we don't have a reproduction.
233
234         * editing/DeleteSelectionCommand.cpp:
235         (WebCore::DeleteSelectionCommand::doApply):
236
237 2016-07-21  Chris Dumez  <cdumez@apple.com>
238
239         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
240         https://bugs.webkit.org/show_bug.cgi?id=160030
241
242         Reviewed by Sam Weinig.
243
244         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
245         as per the specification:
246         - https://dom.spec.whatwg.org/#domimplementation
247
248         Firefox and Chrome both agree with the specification. However, those
249         parameters were marked as optional in WebKit. Calling this function
250         without parameters would create a document element whose tag is the
251         string "undefined", which does not seem helpful. This patch thus
252         aligns our behavior with the specification and other browsers.
253
254         No new tests, rebaselined existing tests.
255
256         * dom/DOMImplementation.idl:
257
258 2016-07-21  Chris Dumez  <cdumez@apple.com>
259
260         Kill legacy valueToStringWithNullCheck() utility function
261         https://bugs.webkit.org/show_bug.cgi?id=159991
262
263         Reviewed by Sam Weinig.
264
265         Kill legacy valueToStringWithNullCheck() utility function. Treating null as
266         a null string is legacy behavior so drop this function so that people are
267         not tempted to use it. We should be using either:
268         1. JSValue::toWTFString() for non-nullable DOMStrings
269         2. valueToStringWithUndefinedOrNullCheck() for nullable DOMStrings
270         3. valueToStringTreatingNullAsEmptyString() for strings with [TreatNullAs=EmptyString]
271
272         No new tests, no web-exposed behavior change.
273
274         * bindings/js/JSDOMBinding.cpp:
275         (WebCore::valueToStringWithNullCheck): Deleted.
276         * bindings/js/JSDOMBinding.h:
277         * bindings/js/JSHTMLFrameElementCustom.cpp:
278         (WebCore::JSHTMLFrameElement::setLocation):
279         * html/HTMLFrameElement.idl:
280
281 2016-07-21  Zalan Bujtas  <zalan@apple.com>
282
283         Do not keep invalid IOSurface in ImageBufferData.
284         https://bugs.webkit.org/show_bug.cgi?id=160005
285         <rdar://problem/27208636>
286
287         Reviewed by Simon Fraser.
288
289         When we fail to initialize the IOSurface for the accelerated context, we switch over to
290         the non-accelerated code path. Since ImageBufferData::surface is used to indicate whether
291         the graphics context is in accelerated mode, we need to reset it when the initialization fails.
292
293         Unable to create a test case.
294
295         * platform/graphics/cg/ImageBufferCG.cpp:
296         (WebCore::ImageBuffer::ImageBuffer):
297
298 2016-07-21  Chris Dumez  <cdumez@apple.com>
299
300         playsInline IDL attribute has the wrong casing
301         https://bugs.webkit.org/show_bug.cgi?id=160029
302         <rdar://problem/27474031>
303
304         Reviewed by Jon Lee.
305
306         Fix case from video.playsinline to video.playsInline in order to match
307         the specification:
308         - https://html.spec.whatwg.org/multipage/embedded-content.html#the-video-element:dom-video-playsinline
309
310         It still reflects the "playsinline" content attribute though, as per
311         the specification:
312         - https://html.spec.whatwg.org/multipage/embedded-content.html#dom-video-playsinline
313
314         No new tests, updated existing test.
315
316         * html/HTMLVideoElement.idl:
317
318 2016-07-21  Chris Dumez  <cdumez@apple.com>
319
320         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
321         https://bugs.webkit.org/show_bug.cgi?id=160026
322
323         Reviewed by Sam Weinig.
324
325         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
326         attribute as it does not match the specification:
327         - https://html.spec.whatwg.org/multipage/scripting.html#canvascompositing
328
329         It does not change web-exposed behavior because assigning to "" or "null"
330         gets ignored as those are not valid operations.
331
332         Test: fast/canvas/context-globalCompositeOperation-null.html
333
334         * html/canvas/CanvasRenderingContext2D.idl:
335
336 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
337
338         [GTK][Threaded Compositor] Overlay scrollbars shouldn't be a requirement of the threaded compositor
339         https://bugs.webkit.org/show_bug.cgi?id=160020
340
341         Reviewed by Michael Catanzaro.
342
343         It has been a requirement only because we didn't really know why frame scrollbars were not rendered when using
344         the threaded compositor. The reason is that RenderView doesn't use layers for FrameView scrollbars by default,
345         unless using overlay scrollbars. When using the threaded compositor we really need layers for the FrameView
346         scrollbars even when not using overlay scrollbars.
347
348         * platform/gtk/ScrollbarThemeGtk.cpp:
349         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk): Stop enforcing overlay scrollbars when threaded compositor is enabled.
350         * rendering/RenderLayerCompositor.cpp:
351         (WebCore::RenderLayerCompositor::shouldCompositeOverflowControls): Always use layers for scrollbars when
352         threaded compositor is enabled.
353
354 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
355
356         [Cairo] Fix a crash in fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
357         https://bugs.webkit.org/show_bug.cgi?id=160014
358
359         Reviewed by Michael Catanzaro.
360
361         In r202887 some null checks were added for JSArray::createUninitialized (and related) but not for the
362         ImageBuffer cairo implementation.
363
364         * platform/graphics/cairo/ImageBufferCairo.cpp:
365         (WebCore::getImageData): Return early if Uint8ClampedArray::createUninitialized() returns nullptr.
366
367 2016-07-21  Miguel Gomez  <magomez@igalia.com>
368
369         [GTK] The GSTREAMER_GL path in MediaPlayerPrivateGStreamerBase::paintToTextureMapper() is missing a mutex lock
370         https://bugs.webkit.org/show_bug.cgi?id=160018
371
372         Reviewed by Philippe Normand.
373
374         Lock the video sample mutex while accessing it.
375
376         Covered by existent tests.
377
378         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
379         (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
380
381 2016-07-21  Miguel Gomez  <magomez@igalia.com>
382
383         [Threaded Compositor] Flickering when zooming in/out in maps.google.com
384         https://bugs.webkit.org/show_bug.cgi?id=154069
385
386         Reviewed by Carlos Garcia Campos.
387
388         Add a new extra buffer to GraphicsContext3D when using the Threaded Compositor,
389         so it doesn't have to reuse the buffers that are still waiting for composition.
390
391         Covered by existing tests.
392
393         * platform/graphics/GraphicsContext3D.h:
394         Add a new texture to use for the rendering. Remove the compositor fbo we were using.
395         * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
396         (WebCore::GraphicsContext3D::GraphicsContext3D):
397         Initialize the new texture and remove the previous fbo related code.
398         (WebCore::GraphicsContext3D::~GraphicsContext3D):
399         Properly destroy the new texture and remove the previous fbo related code.
400         * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
401         (WebCore::GraphicsContext3D::reshapeFBOs):
402         Allocate the new texture and remove the previous fbo allocation.
403         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
404         (WebCore::GraphicsContext3D::prepareTexture):
405         Use a single fbo with three textures instead of two fbos with a texture each.
406         Rotate the three textures usage so:
407         - m_texture becomes m_compositorTexture to be pushed to the compositor.
408         - m_intermediateTexture becomes m_texture to receive the next rendering.
409         - m_compositorTexture becomes m_intermediateTexture.
410         And add a glFlush() to ensure that the gl commands are sent to the pipeline.
411         * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
412         (WebCore::GraphicsContext3D::reshapeFBOs):
413         Allocate the new texture.
414
415 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
416
417         [GTK][Threaded Compositor] Web view background colors don't work
418         https://bugs.webkit.org/show_bug.cgi?id=159465
419
420         Reviewed by Michael Catanzaro.
421
422         * rendering/RenderLayerBacking.cpp:
423         (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): Initialize frame view layer opacity for platforms not
424         using the tiled cache layer.
425
426 2016-07-20  Youenn Fablet  <youenn@apple.com>
427
428         [XHR] Cache response JS object in case of arraybuffer and blob response types
429         https://bugs.webkit.org/show_bug.cgi?id=128903
430
431         Reviewed by Alex Christensen.
432
433         Covered by existing and modified tests.
434
435         Making response getter a JS builtin that caches response in @response private slot.
436         Handling invalidation of cached response with @responseCacheIsValid new private method.
437         Handling creation of cached response with @retrieveResponse new private method which reuses most of
438         JSXMLHttpRequest::response previous code.
439
440         Caching of responses is activated whenever load ended without any error for blob and arraybuffer response types.
441
442         Caching of response for document is also activated in case the response getter is used but not if responseXML getter is used.
443
444         * CMakeLists.txt: Adding XMLHttpRequest.js.
445         * DerivedSources.make: Ditto.
446         * bindings/js/JSXMLHttpRequestCustom.cpp:
447         (WebCore::JSXMLHttpRequest::retrieveResponse): Implements creation of to-be-cached response.
448         (WebCore::JSXMLHttpRequest::response): Deleted.
449         * bindings/js/WebCoreBuiltinNames.h: Adding new private names.
450         * xml/XMLHttpRequest.cpp:
451         (WebCore::XMLHttpRequest::didCacheResponse): Renamed from didCacheResponseJSON as all response types are now cached.
452         (WebCore::XMLHttpRequest::didCacheResponseJSON): Deleted.
453         * xml/XMLHttpRequest.h:
454         * xml/XMLHttpRequest.idl:
455
456 2016-07-20  Youenn Fablet  <youenn@apple.com>
457
458         Remove crossOriginRequestPolicy from ThreadableLoaderOptions
459         https://bugs.webkit.org/show_bug.cgi?id=159417
460
461         Reviewed by Alex Christensen.
462
463         No observable change.
464
465         * Modules/fetch/FetchLoader.cpp:
466         (WebCore::FetchLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
467         * fileapi/FileReaderLoader.cpp:
468         (WebCore::FileReaderLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
469         * inspector/InspectorNetworkAgent.cpp:
470         (WebCore::InspectorNetworkAgent::loadResource): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
471         * loader/DocumentThreadableLoader.cpp:
472         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
473         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest): UseAccessControl -> FetchOptions::Mode::Cors.
474         (WebCore::DocumentThreadableLoader::redirectReceived): Ditto.
475         (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
476         (WebCore::DocumentThreadableLoader::loadRequest): Use NoCors as option passed to ResourceLoader. This allows
477         desactivating ResourceLoader CORS checks as they are done in DocumentThreadableLoader right now. In the future,
478         these checks should be moved to ResourceLoader and DocumentThreadableLoader should directly pass the fetch mode
479         option.
480         (WebCore::DocumentThreadableLoader::isAllowedRedirect): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
481         * loader/ThreadableLoader.cpp:
482         (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing CrossOriginRequestPolicy.
483         * loader/ThreadableLoader.h: Ditto.
484         * loader/WorkerThreadableLoader.cpp:
485         (WebCore::LoaderTaskOptions::LoaderTaskOptions): Ditto.
486         * page/EventSource.cpp:
487         (WebCore::EventSource::connect): UseAccessControl -> FetchOptions::Mode::Cors.
488         * workers/Worker.cpp:
489         (WebCore::Worker::create): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
490         * workers/WorkerGlobalScope.cpp:
491         (WebCore::WorkerGlobalScope::importScripts): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
492         * workers/WorkerScriptLoader.cpp:
493         (WebCore::WorkerScriptLoader::loadSynchronously):
494         (WebCore::WorkerScriptLoader::loadAsynchronously):
495         * workers/WorkerScriptLoader.h:
496         * xml/XMLHttpRequest.cpp:
497         (WebCore::XMLHttpRequest::createRequest):
498
499 2016-07-20  Chris Dumez  <cdumez@apple.com>
500
501         Fix null handling of several Document attributes
502         https://bugs.webkit.org/show_bug.cgi?id=159997
503
504         Reviewed by Ryosuke Niwa.
505
506         Fix null handling of the following Document attributes: title, cookie
507         and domain.
508
509         In WebKit, they were all marked as [TreatNullAs=EmptyString], which
510         does not match the specification:
511         - https://html.spec.whatwg.org/multipage/dom.html#document
512
513         Details for each attribute:
514         - title: null is now treated as the string "null", thus setting the
515           document title to "null". This matches Firefox and Chrome.
516         - cookie: adds a "null" cookie instead of being a no-op. This matches
517                   both Firefox and Chrome.
518         - domain: Calls setDomain(String("null")) instead of
519                   setDomain(String()). This throws an exception because "null"
520                   is not a suffix of the effective domain name. The behavior
521                   is the same in Firefox and Chrome. Previously, we were
522                   already throwing an exception since setting the domain to
523                   the empty string throws, as per the specification.
524
525         Test: http/tests//dom/document-attributes-null-handling.html
526
527         * dom/Document.idl:
528
529 2016-07-20  Commit Queue  <commit-queue@webkit.org>
530
531         Unreviewed, rolling out r203471.
532         https://bugs.webkit.org/show_bug.cgi?id=160003
533
534         many iOS-simulator tests are failing (Requested by litherum on
535         #webkit).
536
537         Reverted changeset:
538
539         "[iPhone] Playing a video on tudou.com plays only sound, no
540         video"
541         https://bugs.webkit.org/show_bug.cgi?id=159967
542         http://trac.webkit.org/changeset/203471
543
544 2016-07-19  Ryosuke Niwa  <rniwa@webkit.org>
545
546         iOS: Cannot paste images in RTF content
547         https://bugs.webkit.org/show_bug.cgi?id=159964
548         <rdar://problem/27442806>
549
550         Reviewed by Enrica Casucci.
551
552         The bug was caused by setDefersLoading(true) not deferring image loading for the parsed fragment.
553         Worked around this bug by disabling image loading while parsing the document fragment.
554
555         * editing/ios/EditorIOS.mm:
556         (WebCore::Editor::createFragmentAndAddResources):
557
558 2016-07-20  Brady Eidson  <beidson@apple.com>
559
560         Address a small FIXME in IDB code.
561         https://bugs.webkit.org/show_bug.cgi?id=159999
562
563         Reviewed by Andy Estes.
564
565         No new tests (No behavior change).
566
567         * Modules/indexeddb/IDBRequest.cpp:
568         (WebCore::IDBRequest::IDBRequest):
569         
570         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
571         (WebCore::IDBResourceIdentifier::IDBResourceIdentifier): Deleted.
572         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
573
574 2016-07-20  Brady Eidson  <beidson@apple.com>
575
576         Remove some "modernFoo"s from IndexedDB code.
577         https://bugs.webkit.org/show_bug.cgi?id=159985
578
579         Reviewed by Andy Estes.
580
581         No new tests (No known behavior change).
582
583         * Modules/indexeddb/IDBCursor.cpp:
584         (WebCore::IDBCursor::IDBCursor):
585         (WebCore::IDBCursor::~IDBCursor):
586         (WebCore::IDBCursor::sourcesDeleted):
587         (WebCore::IDBCursor::effectiveObjectStore):
588         (WebCore::IDBCursor::transaction):
589         (WebCore::IDBCursor::direction):
590         (WebCore::IDBCursor::update):
591         (WebCore::IDBCursor::advance):
592         (WebCore::IDBCursor::continueFunction):
593         (WebCore::IDBCursor::uncheckedIterateCursor):
594         (WebCore::IDBCursor::deleteFunction):
595         (WebCore::IDBCursor::setGetResult):
596         
597         * Modules/indexeddb/IDBIndex.cpp:
598         (WebCore::IDBIndex::IDBIndex):
599         (WebCore::IDBIndex::~IDBIndex):
600         (WebCore::IDBIndex::hasPendingActivity):
601         (WebCore::IDBIndex::name):
602         (WebCore::IDBIndex::objectStore):
603         (WebCore::IDBIndex::keyPath):
604         (WebCore::IDBIndex::unique):
605         (WebCore::IDBIndex::multiEntry):
606         (WebCore::IDBIndex::openCursor):
607         (WebCore::IDBIndex::doCount):
608         (WebCore::IDBIndex::openKeyCursor):
609         (WebCore::IDBIndex::doGet):
610         (WebCore::IDBIndex::doGetKey):
611         (WebCore::IDBIndex::markAsDeleted):
612         * Modules/indexeddb/IDBIndex.h:
613         
614         * Modules/indexeddb/IDBObjectStore.cpp:
615         (WebCore::IDBObjectStore::transaction):
616         (WebCore::IDBObjectStore::deleteFunction): Deleted.
617         (WebCore::IDBObjectStore::modernDelete): Deleted.
618         * Modules/indexeddb/IDBObjectStore.h:
619         
620         * bindings/js/JSIDBIndexCustom.cpp:
621         (WebCore::JSIDBIndex::visitAdditionalChildren):
622
623 2016-07-20  Chris Dumez  <cdumez@apple.com>
624
625         Stop using valueToStringWithNullCheck() in JSCSSStyleDeclaration::putDelegate()
626         https://bugs.webkit.org/show_bug.cgi?id=159982
627
628         Reviewed by Ryosuke Niwa.
629
630         valueToStringWithNullCheck() treats null as the null String() which is
631         legacy / non standard behavior. The specification says we should treat
632         null as the empty string:
633         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
634
635         Therefore, we should be using valueToStringTreatingNullAsEmptyString() instead.
636
637         In practice, there is no web-exposed behavior change because
638         MutableStyleProperties::setProperty() removes the property wether the
639         value is the null String or the empty String.
640
641         This behavior is correct since the specification says that we should
642         remove the property if the value is the empty string:
643         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty (step 4)
644
645         I added test coverage to make sure we behave according to specification.
646         This test is passing in Firefox, Chrome and in WebKit (before and after
647         my change).
648
649         Test: fast/css/CSSStyleDeclaration-property-setter.html
650
651         * bindings/js/JSCSSStyleDeclarationCustom.cpp:
652         (WebCore::JSCSSStyleDeclaration::putDelegate):
653
654 2016-07-20  Chris Dumez  <cdumez@apple.com>
655
656         Fix null handling of HTMLFrameElement.marginWidth / marginHeight
657         https://bugs.webkit.org/show_bug.cgi?id=159987
658
659         Reviewed by Ryosuke Niwa.
660
661         Fix null handling of HTMLFrameElement.marginWidth / marginHeight:
662         - https://html.spec.whatwg.org/multipage/obsolete.html#htmlframeelement
663
664         We are supposed to treat null as the empty string but we treat it as
665         the string "null".
666
667         Firefox and Chrome both match the specification.
668
669         No new tests, updated existing tests.
670
671         * html/HTMLFrameElement.idl:
672
673 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
674
675         Pausing autoplayed media should not remove all restrictions for that media element
676         https://bugs.webkit.org/show_bug.cgi?id=159988
677
678         Reviewed by Jon Lee.
679
680         Localizes the removal of behavior restrictions introduced in r203464 upon pausing an
681         autoplaying video to just affect the hiding or showing of the media controller. This
682         prevents pages from using Javascript to start playing autoplaying videos that have
683         been paused by the user.
684
685         * html/HTMLMediaElement.cpp:
686         (WebCore::HTMLMediaElement::pause):
687
688 2016-07-20  Myles C. Maxfield  <mmaxfield@apple.com>
689
690         [iPhone] Playing a video on tudou.com plays only sound, no video
691         https://bugs.webkit.org/show_bug.cgi?id=159967
692         <rdar://problem/26964090>
693
694         Reviewed by Jon Lee.
695
696         WebKit recently starting honoring the playsinline and webkit-playsinline
697         attribute on iPhones. However, because these attributes previously did
698         nothing, some sites (such as Todou) were setting them on their content
699         and expecting that they are not honored. In this specific case, the
700         video is absolutely positioned to be 1 pixel x 1 pixel.
701
702         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
703         property on their WKWebView, which would honor the webkit-playsinline
704         attribute. Safari on iPhones didn't do this.
705
706         In order to not break these existing apps, it's important that the
707         allowsInlineMediaPlayback preference still allows webkit-playsinline
708         videos to play inline in apps using WKWebView. However, in Safari, these
709         videos should play fullscreen. (Todou videos have webkit-playsinline
710         but not playsinline.)
711
712         Therefore, in Safari, videos with playsinline should be inline, but
713         videos with webkit-playsinline should be fullscreen. In apps using
714         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
715         playsinline should be inline, and videos with webkit-playsinline should
716         also be inline. Videos on iPad and Mac should all be inline by default.
717
718         We can create some truth tables for the cases which need to be covered:
719
720         All apps on Mac / iPad:
721         Presence of playsinline | Presence of webkit-playsinline | Result
722         ========================|================================|===========
723         Not present             | Not present                    | Inline
724         Present                 | Not present                    | Inline
725         Not Present             | Present                        | Inline
726         Present                 | Present                        | Inline
727
728         Safari on iPhone:
729         Presence of playsinline | Presence of webkit-playsinline | Result
730         ========================|================================|===========
731         Not present             | Not present                    | Fullscreen
732         Present                 | Not present                    | Inline
733         Not Present             | Present                        | Fullscreen
734         Present                 | Present                        | Inline
735
736         App on iPhone which sets allowsInlineMediaPlayback:
737         Presence of playsinline | Presence of webkit-playsinline | Result
738         ========================|================================|===========
739         Not present             | Not present                    | Fullscreen
740         Present                 | Not present                    | Inline
741         Not Present             | Present                        | Inline
742         Present                 | Present                        | Inline
743
744         The way to distinguish Safari from another app is to create an SPI
745         boolean preference which Safari can set. This is already how the
746         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
747         which Safari sets but other apps don't. However, this preference is
748         no longer sufficient because Safari should now be discriminating
749         between the playsinline and webkit-playsinline attributes. Therefore,
750         this preference should be extended to two boolean preferences, which
751         this patch adds:
752
753         allowsInlineMediaPlaybackWithPlaysInlineAttribute
754         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
755
756         Safari on iPhone will set
757         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
758         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
759         false. Other apps on iPhone will get their defaults values (because they
760         are SPI) which means they will both be true. On iPad and Mac, apps will
761         use the defaults values where both are false.
762
763         This patch adds support for these two preferences, but does not remove
764         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
765         I will remove the exising preference as soon as I update Safari to migrate
766         off of it.
767
768         Test: media/video-playsinline.html
769
770         * html/MediaElementSession.cpp:
771         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
772         * page/Settings.cpp:
773         * page/Settings.in:
774         * testing/InternalSettings.cpp:
775         (WebCore::InternalSettings::Backup::Backup):
776         (WebCore::InternalSettings::Backup::restoreTo):
777         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
778         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
779         * testing/InternalSettings.h:
780         * testing/InternalSettings.idl:
781
782 2016-07-20  Chris Dumez  <cdumez@apple.com>
783
784         Get rid of custom bindings code for XMLHttpRequest.open()
785         https://bugs.webkit.org/show_bug.cgi?id=159984
786
787         Reviewed by Ryosuke Niwa.
788
789         Get rid of custom bindings code for XMLHttpRequest.open() as the
790         bindings generator is able to generate it.
791
792         Relevant specification:
793         - https://xhr.spec.whatwg.org/#xmlhttprequest
794
795         The issue is that legacy content prevents treating the 'async' argument
796         being undefined identical from it being omitted. However, this can be
797         achieved by using overloading in IDL, like in the specification.
798
799         No new tests, already covered by the following tests:
800         - http/tests/xmlhttprequest/basic-auth.html
801         - http/tests/xmlhttprequest/open-async-overload.html
802
803         * bindings/js/JSXMLHttpRequestCustom.cpp:
804         (WebCore::SendFunctor::SendFunctor): Deleted.
805         (WebCore::SendFunctor::line): Deleted.
806         (WebCore::SendFunctor::column): Deleted.
807         (WebCore::SendFunctor::url): Deleted.
808         (WebCore::SendFunctor::operator()): Deleted.
809         * xml/XMLHttpRequest.cpp:
810         (WebCore::XMLHttpRequest::open):
811         * xml/XMLHttpRequest.h:
812         * xml/XMLHttpRequest.idl:
813
814 2016-07-20  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
815
816         Mark overriden methods in WebCore/svg final classes as final
817         https://bugs.webkit.org/show_bug.cgi?id=159966
818
819         Reviewed by Michael Catanzaro.
820
821         Update WebCore/svg classes so that overriden methods in final classes are marked final.
822
823         * svg/SVGAElement.h:
824         * svg/SVGAltGlyphDefElement.h:
825         * svg/SVGAltGlyphItemElement.h:
826         * svg/SVGAnimateTransformElement.h:
827         * svg/SVGAnimatedColor.h:
828         * svg/SVGCircleElement.h:
829         * svg/SVGClipPathElement.h:
830         * svg/SVGCursorElement.h:
831         * svg/SVGDefsElement.h:
832         * svg/SVGDescElement.h:
833         * svg/SVGEllipseElement.h:
834         * svg/SVGFEMergeNodeElement.h:
835         * svg/SVGFilterElement.h:
836         * svg/SVGFontElement.h:
837         * svg/SVGFontFaceElement.h:
838         * svg/SVGFontFaceFormatElement.h:
839         * svg/SVGFontFaceNameElement.h:
840         * svg/SVGFontFaceSrcElement.h:
841         * svg/SVGFontFaceUriElement.h:
842         * svg/SVGForeignObjectElement.h:
843         * svg/SVGGElement.h:
844         * svg/SVGGlyphElement.h:
845         * svg/SVGGlyphRefElement.h:
846         * svg/SVGHKernElement.h:
847         * svg/SVGImageElement.h:
848         * svg/SVGLineElement.h:
849         * svg/SVGMPathElement.h:
850         * svg/SVGMaskElement.h:
851         * svg/SVGMetadataElement.h:
852         * svg/SVGMissingGlyphElement.h:
853         * svg/SVGPathBuilder.h:
854         * svg/SVGPathByteStreamBuilder.h:
855         * svg/SVGPathByteStreamSource.h:
856         * svg/SVGPathElement.h:
857         * svg/SVGPathSegArcAbs.h:
858         * svg/SVGPathSegArcRel.h:
859         * svg/SVGPathSegClosePath.h:
860         * svg/SVGPathSegCurvetoCubicAbs.h:
861         * svg/SVGPathSegCurvetoCubicRel.h:
862         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
863         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
864         * svg/SVGPathSegCurvetoQuadraticAbs.h:
865         * svg/SVGPathSegCurvetoQuadraticRel.h:
866         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
867         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
868         * svg/SVGPathSegLinetoAbs.h:
869         * svg/SVGPathSegLinetoHorizontalAbs.h:
870         * svg/SVGPathSegLinetoHorizontalRel.h:
871         * svg/SVGPathSegLinetoRel.h:
872         * svg/SVGPathSegLinetoVerticalAbs.h:
873         * svg/SVGPathSegLinetoVerticalRel.h:
874         * svg/SVGPathSegListBuilder.h:
875         * svg/SVGPathSegListSource.h:
876         * svg/SVGPathSegMovetoAbs.h:
877         * svg/SVGPathSegMovetoRel.h:
878         * svg/SVGPathStringSource.h:
879         * svg/SVGPathTraversalStateBuilder.h:
880         * svg/SVGPatternElement.h:
881         * svg/SVGRectElement.h:
882         * svg/SVGScriptElement.h:
883         * svg/SVGStopElement.h:
884         * svg/SVGStyleElement.h:
885         * svg/SVGSwitchElement.h:
886         * svg/SVGTRefElement.cpp:
887         * svg/SVGTitleElement.h:
888         * svg/SVGToOTFFontConversion.cpp:
889         * svg/SVGUnknownElement.h:
890         * svg/SVGVKernElement.h:
891         * svg/SVGViewElement.h:
892         * svg/SVGZoomEvent.h:
893         * svg/animation/SVGSMILElement.cpp:
894         * svg/graphics/SVGImage.h:
895         * svg/graphics/SVGImageClients.h:
896         * svg/graphics/SVGImageForContainer.h:
897         * svg/graphics/filters/SVGFEImage.h:
898         * svg/graphics/filters/SVGFilter.h:
899         * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
900         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
901         * svg/properties/SVGAnimatedPropertyTearOff.h:
902         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
903         * svg/properties/SVGMatrixTearOff.h:
904         * svg/properties/SVGPathSegListPropertyTearOff.h:
905
906 2016-07-20  Brady Eidson  <beidson@apple.com>
907
908         Transition most IDB interfaces from ScriptExecutionContext to ExecState.
909         https://bugs.webkit.org/show_bug.cgi?id=159975
910
911         Reviewed by Alex Christensen.
912
913         No new tests (No known behavior change).
914
915         * Modules/indexeddb/IDBCursor.cpp:
916         (WebCore::IDBCursor::continueFunction):
917         (WebCore::IDBCursor::deleteFunction):
918         * Modules/indexeddb/IDBCursor.h:
919         * Modules/indexeddb/IDBCursor.idl:
920
921         * Modules/indexeddb/IDBDatabase.idl:
922
923         * Modules/indexeddb/IDBFactory.cpp:
924         (WebCore::IDBFactory::cmp):
925         * Modules/indexeddb/IDBFactory.h:
926         * Modules/indexeddb/IDBFactory.idl:
927
928         * Modules/indexeddb/IDBIndex.cpp:
929         (WebCore::IDBIndex::openCursor):
930         (WebCore::IDBIndex::count):
931         (WebCore::IDBIndex::doCount):
932         (WebCore::IDBIndex::openKeyCursor):
933         (WebCore::IDBIndex::get):
934         (WebCore::IDBIndex::doGet):
935         (WebCore::IDBIndex::getKey):
936         (WebCore::IDBIndex::doGetKey):
937         * Modules/indexeddb/IDBIndex.h:
938         * Modules/indexeddb/IDBIndex.idl:
939
940         * Modules/indexeddb/IDBKeyRange.cpp:
941         (WebCore::IDBKeyRange::only): Deleted.
942         * Modules/indexeddb/IDBKeyRange.h:
943
944         * Modules/indexeddb/IDBObjectStore.cpp:
945         (WebCore::IDBObjectStore::openCursor):
946         (WebCore::IDBObjectStore::get):
947         (WebCore::IDBObjectStore::putOrAdd):
948         (WebCore::IDBObjectStore::deleteFunction):
949         (WebCore::IDBObjectStore::doDelete):
950         (WebCore::IDBObjectStore::modernDelete):
951         (WebCore::IDBObjectStore::clear):
952         (WebCore::IDBObjectStore::createIndex):
953         (WebCore::IDBObjectStore::count):
954         (WebCore::IDBObjectStore::doCount):
955         * Modules/indexeddb/IDBObjectStore.h:
956         * Modules/indexeddb/IDBObjectStore.idl:
957
958         * Modules/indexeddb/IDBTransaction.cpp:
959         (WebCore::IDBTransaction::requestOpenCursor):
960         (WebCore::IDBTransaction::doRequestOpenCursor):
961         (WebCore::IDBTransaction::requestGetRecord):
962         (WebCore::IDBTransaction::requestGetValue):
963         (WebCore::IDBTransaction::requestGetKey):
964         (WebCore::IDBTransaction::requestIndexRecord):
965         (WebCore::IDBTransaction::requestCount):
966         (WebCore::IDBTransaction::requestDeleteRecord):
967         (WebCore::IDBTransaction::requestClearObjectStore):
968         (WebCore::IDBTransaction::requestPutOrAdd):
969         * Modules/indexeddb/IDBTransaction.h:
970
971         * inspector/InspectorIndexedDBAgent.cpp:
972
973 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
974
975         Media controls don't appear when pausing a small autoplaying video
976         https://bugs.webkit.org/show_bug.cgi?id=159972
977         <rdar://problem/27180657>
978
979         Reviewed by Beth Dakin.
980
981         When pausing an autoplaying video, remove behavior restrictions for the
982         initial user gesture and show media controls.
983
984         New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.
985
986         * html/HTMLMediaElement.cpp:
987         (WebCore::HTMLMediaElement::pause):
988
989 2016-07-20  Chris Dumez  <cdumez@apple.com>
990
991         Fix null handling of HTMLMediaElement.mediaGroup
992         https://bugs.webkit.org/show_bug.cgi?id=159974
993
994         Reviewed by Eric Carlson.
995
996         Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
997         - https://www.w3.org/TR/html5/embedded-content-0.html#media-elements
998
999         null is supposed to be treated as the String "null". This patch aligns
1000         our behavior with the specification. I tested Firefox and Chrome but both
1001         do not have this attribute on HTMLMediaElement.
1002
1003         Also remove support for [TreatNullAs=LegacyNullString] from our bindings
1004         generator as HTMLMediaElement.mediaGroup was the last user.
1005
1006         No new tests, rebaselined existing test.
1007
1008         * bindings/scripts/CodeGeneratorJS.pm:
1009         (JSValueToNative):
1010         * bindings/scripts/IDLAttributes.txt:
1011         * html/HTMLMediaElement.idl:
1012
1013 2016-07-20  Chris Dumez  <cdumez@apple.com>
1014
1015         CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
1016         https://bugs.webkit.org/show_bug.cgi?id=159959
1017
1018         Reviewed by Alexey Proskuryakov.
1019
1020         CSSStyleDeclaration.setProperty() should be able to unsert "important"
1021         on a property as per the latest specification:
1022         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
1023         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
1024
1025         Firefox and Chrome match the specification here but WebKit was ignoring calls
1026         to setProperty() if there is already an "important" property wit this name
1027         and if the new property does not have the "important" flag set.
1028
1029         This behavior was added a long time ago via Bug 60007. However, it does not
1030         match the latest specification or other browsers.
1031
1032         Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html
1033
1034         * css/StyleProperties.cpp:
1035         (WebCore::MutableStyleProperties::addParsedProperty):
1036         Drop code that was added via Bug 60007 as this behavior no longer matches the
1037         specification or other browsers. The layout test added in Bug 60007 fails in
1038         other browsers and was updated in this patch to match the specification.
1039
1040 2016-07-20  Commit Queue  <commit-queue@webkit.org>
1041
1042         Unreviewed, rolling out r203423.
1043         https://bugs.webkit.org/show_bug.cgi?id=159977
1044
1045         The test for this change is failing on Mac Release WK2
1046         (Requested by ryanhaddad on #webkit).
1047
1048         Reverted changeset:
1049
1050         "HTMLVideoElement frames do not update on iOS when src is a
1051         MediaStream blob"
1052         https://bugs.webkit.org/show_bug.cgi?id=159833
1053         http://trac.webkit.org/changeset/203423
1054
1055 2016-07-20  Chris Dumez  <cdumez@apple.com>
1056
1057         Fix null handling of HTMLSelectElement.value attribute
1058         https://bugs.webkit.org/show_bug.cgi?id=159925
1059
1060         Reviewed by Benjamin Poulain.
1061
1062         Fix null handling of HTMLSelectElement.value attribute:
1063         - https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement
1064
1065         We were treating null as the null String which would end up setting
1066         selectedIndex to -1. However, we should treat null as the String "null"
1067         which would set the selectedIndex to the index of the <option> element
1068         whose value is "null".
1069
1070         Firefox and Chrome match the specification.
1071
1072         Test: fast/dom/HTMLSelectElement/value-null-handling.html
1073
1074         * html/HTMLSelectElement.cpp:
1075         (WebCore::HTMLSelectElement::setValue):
1076         * html/HTMLSelectElement.idl:
1077
1078 2016-07-20  Chris Dumez  <cdumez@apple.com>
1079
1080         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
1081         https://bugs.webkit.org/show_bug.cgi?id=159962
1082         <rdar://problem/21439264>
1083
1084         Reviewed by David Kilzer.
1085
1086         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
1087         is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
1088         call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
1089         However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
1090         other. It is therefore possible for a PostResolutionCallbackDisabler object to get
1091         destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
1092         ResourceLoadSuspender object is alive.
1093
1094         This leads to hard to investigate crashes where we end up re-entering WebKit and killing
1095         the style resolver.
1096
1097         This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
1098         There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
1099         is better because it manages a resolutionNestingDepth counter internally to make sure
1100         it only calls LoaderStrategy::resumePendingRequests() once all
1101         PostResolutionCallbackDisabler instances are destroyed.
1102
1103         No new tests, there is no easy way to reproduce the crashes.
1104
1105         * dom/Document.cpp:
1106         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
1107         * loader/LoaderStrategy.cpp:
1108         (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
1109         (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
1110         * loader/LoaderStrategy.h:
1111
1112 2016-07-19  Youenn Fablet  <youenn@apple.com>
1113
1114         [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
1115         https://bugs.webkit.org/show_bug.cgi?id=159932
1116
1117         Reviewed by Alex Christensen.
1118
1119         Covered by existing tests.
1120
1121         Refactoring Headers initializeWith to use the new built-in internal that implements
1122         https://fetch.spec.whatwg.org/#concept-headers-fill.
1123
1124         Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
1125         Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.
1126
1127         * CMakeLists.txt: Adding FetchHeadersInternals.js
1128         * DerivedSources.make: Ditto.
1129         * Modules/fetch/FetchHeaders.js:
1130         (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
1131         * Modules/fetch/FetchInternals.js: Added.
1132         (fillFetchHeaders):
1133         * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
1134         that the checks are done in the order defined by the spec.
1135         (WebCore::FetchResponse::setStatus):
1136         (WebCore::FetchResponse::initializeWith):
1137         (WebCore::isNullBodyStatus): Deleted.
1138         * Modules/fetch/FetchResponse.h:
1139         * Modules/fetch/FetchResponse.idl:
1140         * Modules/fetch/FetchResponse.js:
1141         (initializeFetchResponse): New built-in internal.
1142         * WebCore.xcodeproj/project.pbxproj:
1143         * bindings/js/WebCoreBuiltinNames.h:
1144
1145 2016-07-19  Chris Dumez  <cdumez@apple.com>
1146
1147         Fix null handling of SVGScriptElement.type attribute
1148         https://bugs.webkit.org/show_bug.cgi?id=159927
1149
1150         Reviewed by Benjamin Poulain.
1151
1152         Fix null handling of SVGScriptElement.type attribute:
1153         - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement
1154
1155         We were treating null as the null String which would end up removing
1156         the 'type' content attribute. However, we should treat null as the
1157         String "null".
1158
1159         Firefox and Chrome match the specification.
1160
1161         No new tests, updated existing test.
1162
1163         * svg/SVGScriptElement.idl:
1164
1165 2016-07-19  Chris Dumez  <cdumez@apple.com>
1166
1167         Fix null handling of several HTMLDocument attributes
1168         https://bugs.webkit.org/show_bug.cgi?id=159923
1169
1170         Reviewed by Benjamin Poulain.
1171
1172         Fix null handling of several HTMLDocument attributes:
1173         - https://html.spec.whatwg.org/multipage/dom.html#document
1174         - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial
1175
1176         In particular, null handling was incorrect in WebKit for 'dir',
1177         'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.
1178
1179         Firefox and Chrome match the specification.
1180
1181         Test: fast/dom/HTMLDocument/null-handling.html
1182
1183         * html/HTMLDocument.idl:
1184
1185 2016-07-19  Chris Dumez  <cdumez@apple.com>
1186
1187         Document.createElementNS() / createAttributeNS() parameters should be mandatory
1188         https://bugs.webkit.org/show_bug.cgi?id=159938
1189
1190         Reviewed by Benjamin Poulain.
1191
1192         Document.createElementNS() / createAttributeNS() parameters should be mandatory:
1193         - https://dom.spec.whatwg.org/#document
1194
1195         They were optional in WebKit. However, Firefox and Chrome both match the
1196         specification.
1197
1198         No new tests, rebaselined existing tests.
1199
1200         * dom/Document.idl:
1201
1202 2016-07-19  Benjamin Poulain  <bpoulain@apple.com>
1203
1204         Use getElementById for attribute matching if the attribute name is html's id
1205         https://bugs.webkit.org/show_bug.cgi?id=159960
1206
1207         Reviewed by Chris Dumez.
1208
1209         Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
1210         (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).
1211
1212         If we are not in quirks mode, IdForStyleResolution has the same value
1213         as the Id attribute. We can use the same optimization for both cases.
1214
1215         Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
1216                fast/selectors/id-attribute-querySelector-used-as-id-selector.html
1217
1218         * dom/SelectorQuery.cpp:
1219         (WebCore::canBeUsedForIdFastPath):
1220         (WebCore::findIdMatchingType):
1221         (WebCore::SelectorDataList::SelectorDataList):
1222         (WebCore::selectorForIdLookup):
1223         (WebCore::filterRootById):
1224
1225 2016-07-19  Chris Dumez  <cdumez@apple.com>
1226
1227         Drop SVGElement.xmlbase attribute
1228         https://bugs.webkit.org/show_bug.cgi?id=159926
1229
1230         Reviewed by Benjamin Poulain.
1231
1232         Drop SVGElement.xmlbase attribute as it is no longer part of the
1233         specification:
1234         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
1235
1236         Both Firefox and Chrome have already dropped support for
1237         SVGElement.xmlbase.
1238
1239         Chrome's intent to remove:
1240         https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ
1241
1242         Test: svg/dom/SVGElement-xmlbase.html
1243
1244         * svg/SVGElement.cpp:
1245         (WebCore::SVGElement::removedFrom): Deleted.
1246         * svg/SVGElement.h:
1247         * svg/SVGElement.idl:
1248
1249 2016-07-19  Chris Dumez  <cdumez@apple.com>
1250
1251         Align CSSStyleDeclaration.setProperty() with the specification
1252         https://bugs.webkit.org/show_bug.cgi?id=159955
1253
1254         Reviewed by Benjamin Poulain.
1255
1256         Align CSSStyleDeclaration.setProperty() with the specification:
1257         - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface
1258
1259         In particular, the following changes were needed:
1260         1. The 'value' parameter should not be optional
1261         2. The 'priority' parameter should treat null as the empty string
1262            rather than the string "null".
1263         3. The 'priority' parameter's default value should be the empty string,
1264            not the string "undefined".
1265         4. CSSStyleDeclaration.setProperty() should return early if 'priority'
1266            is not the empty string and is not an ASCII case-insensitive match
1267            for the string "important".
1268
1269         Chrome matches the specification entirely.
1270         Firefox matches the specification with the exception that it does a
1271         case-sensitive match for "important".
1272
1273         Test: fast/css/CSSStyleDeclaration-setProperty.html
1274
1275         * css/CSSStyleDeclaration.idl:
1276         * css/PropertySetCSSStyleDeclaration.cpp:
1277         (WebCore::PropertySetCSSStyleDeclaration::setProperty):
1278
1279 2016-07-19  Daniel Bates  <dabates@apple.com>
1280
1281         CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
1282         https://bugs.webkit.org/show_bug.cgi?id=159841
1283         <rdar://problem/27381684>
1284
1285         Reviewed by Brent Fulgham.
1286
1287         Implement a first pass at sending multiple violation reports so as to more closely
1288         conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
1289         <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).
1290
1291         Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
1292                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
1293                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
1294                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1295                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1296                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
1297                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
1298                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
1299                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
1300                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1301                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1302                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
1303                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
1304                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
1305                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
1306                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1307                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1308                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
1309                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
1310                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
1311                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
1312                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1313                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1314                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
1315                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
1316                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html
1317
1318         * page/csp/ContentSecurityPolicy.cpp:
1319         (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
1320         is allowed by all of the policies with the specified disposition.
1321         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
1322         all of the enforced policies.
1323         (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
1324         Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
1325         so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
1326         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
1327         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
1328         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
1329         all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
1330         nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
1331         address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
1332         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
1333         (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
1334         matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
1335         report-only policies so that we only allow the resource for the former. As a side effect of this change
1336         we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
1337         for more details.
1338         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
1339         (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
1340         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
1341         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
1342         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
1343         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
1344         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
1345         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
1346         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
1347         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
1348         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
1349         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
1350         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
1351         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
1352         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
1353         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
1354         * page/csp/ContentSecurityPolicy.h:
1355         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.
1356
1357 2016-07-19  Chris Dumez  <cdumez@apple.com>
1358
1359         Fix null handling of HTMLScriptElement.text attribute
1360         https://bugs.webkit.org/show_bug.cgi?id=159943
1361
1362         Reviewed by Benjamin Poulain.
1363
1364         Fix null handling of HTMLScriptElement.text attribute:
1365         - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
1366
1367         We should treat null as the "null" String but we were treating it as
1368         the empty string.
1369
1370         Firefox and Chrome match the specification.
1371
1372         No new tests, rebaselined existing test.
1373
1374         * html/HTMLScriptElement.idl:
1375
1376 2016-07-19  Chris Dumez  <cdumez@apple.com>
1377
1378         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
1379         https://bugs.webkit.org/show_bug.cgi?id=159934
1380
1381         Reviewed by Benjamin Poulain.
1382
1383         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
1384         non-standard and we want to drop support for it from the bindings generator.
1385
1386         Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
1387         given that both a missing/empty attribute result in using the default
1388         autocapitalization mode and that autocapitalize returns the empty string by
1389         default.
1390
1391         Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html
1392
1393         * html/HTMLFormElement.idl:
1394         * html/HTMLInputElement.idl:
1395         * html/HTMLTextAreaElement.idl:
1396
1397 2016-07-19  Zalan Bujtas  <zalan@apple.com>
1398
1399         REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
1400         https://bugs.webkit.org/show_bug.cgi?id=159952
1401
1402         Reviewed by Simon Fraser.
1403
1404         Update ASSERTs to reflect new functionality, that is, now we can end up in a state
1405         where the container (RenderView) of one of the dirty subtrees is dirty.
1406         See r203415.
1407  
1408         Covered by editing/pasteboard/drag-drop-input-in-svg.svg
1409
1410         * page/FrameView.cpp:
1411         (WebCore::FrameView::scheduleRelayoutOfSubtree):
1412
1413 2016-07-19  Dean Jackson  <dino@apple.com>
1414
1415         REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
1416         https://bugs.webkit.org/show_bug.cgi?id=159948
1417         <rdar://problem/27391012>
1418
1419         Reviewed by Simon Fraser.
1420
1421         There is an iOS bug (<rdar://problem/27416744>) that is causing us
1422         to not always get a color space on CGContextRefs. Investigation of this
1423         exposed some optimizations we can take when we are creating ImageBuffers.
1424         In particular, if we have a bitmap context or an IOSurfaceContext we
1425         can simply copy their color space using API. Otherwise we stick with
1426         the existing CGContextCopyDeviceColorSpace.
1427
1428         Lastly, if for some reason we are unable to copy the device color space,
1429         we should fall back to sRGB.
1430
1431         * platform/graphics/cg/ImageBufferCG.cpp:
1432         (WebCore::ImageBuffer::createCompatibleBuffer):
1433         * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.
1434
1435
1436 2016-07-19  George Ruan  <gruan@apple.com>
1437
1438         HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
1439         https://bugs.webkit.org/show_bug.cgi?id=159833
1440         <rdar://problem/27379487>
1441
1442         Reviewed by Eric Carlson.
1443
1444         Test: fast/mediastream/MediaStream-video-element-displays-buffer.html
1445
1446         * WebCore.xcodeproj/project.pbxproj:
1447         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
1448         of RefPtr<T>
1449         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
1450         MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
1451         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
1452         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
1453         observers and AVSampleBufferDisplayLayer
1454         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
1455         is available.
1456         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
1457         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
1458         for enqueuing sample buffers to the active video track.
1459         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
1460         exists.
1461         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
1462         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
1463         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
1464         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
1465         new SampleBuffer is available.
1466         (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
1467         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
1468         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
1469         MediaPlayerPrivateMediaSourceAVFObjC.mm
1470         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
1471         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
1472         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
1473         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
1474         * platform/mediastream/MediaStreamPrivate.cpp:
1475         (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
1476         * platform/mediastream/MediaStreamTrackPrivate.cpp:
1477         (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
1478         is available.
1479         * platform/mediastream/MediaStreamTrackPrivate.h:
1480         (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
1481         a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
1482         * platform/mediastream/RealtimeMediaSource.cpp:
1483         (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
1484         * platform/mediastream/RealtimeMediaSource.h:
1485         * platform/mediastream/mac/AVVideoCaptureSource.mm:
1486         (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.
1487
1488 2016-07-19  Anders Carlsson  <andersca@apple.com>
1489
1490         Get rid of a #define private public hack in WebCore
1491         https://bugs.webkit.org/show_bug.cgi?id=159953
1492
1493         Reviewed by Dan Bernstein.
1494
1495         Use @package instead.
1496
1497         * bindings/objc/DOMInternal.h:
1498         * bindings/objc/DOMObject.h:
1499
1500 2016-07-19  Andreas Kling  <akling@apple.com>
1501
1502         Fix SharedBuffer leak in MockContentFilter::replacementData().
1503         <https://webkit.org/b/159945>
1504
1505         Reviewed by Andy Estes.
1506
1507         Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
1508         Since this is in the mock filter, it only affected layout tests.
1509
1510         * testing/MockContentFilter.cpp:
1511         (WebCore::MockContentFilter::replacementData):
1512
1513 2016-07-19  Zalan Bujtas  <zalan@apple.com>
1514
1515         theguardian.co.uk crossword puzzles are sometimes not displaying text
1516         https://bugs.webkit.org/show_bug.cgi?id=159924
1517         <rdar://problem/27409483>
1518
1519         Reviewed by Simon Fraser.
1520
1521         This patch fixes the case when
1522         - 2 disjoint subtrees are dirty
1523         - RenderView is also dirty.
1524         and we end up not laying out one of the 2 subtrees.
1525
1526         In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
1527         we already have a pending full layout which means that any previous subtree layouts have already been
1528         converted to full layouts.
1529         However this assumption is incorrect. RenderView can get dirty without checking if there's
1530         already a pending subtree layout.
1531         One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
1532         so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
1533         However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
1534         The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
1535         This patch implements the second option.
1536
1537         Test: fast/misc/subtree-layouts.html
1538
1539         * page/FrameView.cpp:
1540         (WebCore::FrameView::scheduleRelayoutOfSubtree):
1541
1542 2016-07-19  Anders Carlsson  <andersca@apple.com>
1543
1544         Some payment authorization status values should keep the sheet active
1545         https://bugs.webkit.org/show_bug.cgi?id=159936
1546         rdar://problem/26756701
1547
1548         Reviewed by Tim Horton.
1549
1550         * Modules/applepay/ApplePaySession.cpp:
1551         (WebCore::ApplePaySession::completePayment):
1552         Keep the sheet active if the status isn't a final state status.
1553
1554         * Modules/applepay/PaymentAuthorizationStatus.h:
1555         (WebCore::isFinalStateStatus):
1556         Add a new helper function that returns whether a given payment authorization status is "final",
1557         meaning that once that status has been passed to completePayment, the session is finished.
1558
1559 2016-07-19  Nan Wang  <n_wang@apple.com>
1560
1561         AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
1562         https://bugs.webkit.org/show_bug.cgi?id=159910
1563
1564         Reviewed by Chris Fleizach.
1565
1566         We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
1567         option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
1568         fixed a word navigation issue based on that.
1569
1570         Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html
1571
1572         * accessibility/AXObjectCache.cpp:
1573         (WebCore::AXObjectCache::traverseToOffsetInRange):
1574         (WebCore::AXObjectCache::rangeForNodeContents):
1575         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
1576         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
1577         (WebCore::AXObjectCache::rightWordRange):
1578         (WebCore::AXObjectCache::previousBoundary):
1579         * accessibility/AXObjectCache.h:
1580         (WebCore::AXObjectCache::isNodeInUse):
1581
1582 2016-07-19  Youenn Fablet  <youenn@apple.com>
1583
1584         [Streams API] ReadableStreamController methods should throw if its stream is not readable
1585         https://bugs.webkit.org/show_bug.cgi?id=159871
1586
1587         Reviewed by Xabier Rodriguez-Calvar.
1588
1589         Spec now mandates close and enqueue to throw if ReadableStream is not readable.
1590         Covered by rebased and/or modified tests.
1591
1592         * Modules/streams/ReadableStreamController.js:
1593         (enqueue): Throwing a TypeError if controlled stream is not readable.
1594         (close): Ditto.
1595
1596 2016-07-19  Simon Fraser  <simon.fraser@apple.com>
1597
1598         Bubbles appear split for a brief moment in Messages
1599         https://bugs.webkit.org/show_bug.cgi?id=159915
1600         rdar://problem/27182267
1601
1602         Reviewed by David Hyatt.
1603
1604         RenderView::repaintRootContents() had a long-standing bug in WebView when the
1605         view is scrolled. repaint() uses visualOverflowRect() but, for the 
1606         RenderView, the visualOverflowRect() is the initial containing block
1607         which is anchored at 0,0. When the view is scrolled it's clipped out and
1608         calls to repaintRootContents() have no effect.
1609         
1610         Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
1611         will clip it to the view if necessary.
1612
1613         Test: fast/repaint/scrolled-view-full-repaint.html
1614
1615         * rendering/RenderView.cpp:
1616         (WebCore::RenderView::repaintRootContents):
1617
1618 2016-07-19  Dan Bernstein  <mitz@apple.com>
1619
1620         <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'
1621
1622         * bindings/js/JSDOMGlobalObject.cpp:
1623         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.
1624
1625 2016-07-19  Youenn Fablet  <youenn@apple.com>
1626
1627         [Streams API] Make ReadableStream properties not enumerable
1628         https://bugs.webkit.org/show_bug.cgi?id=159868
1629
1630         Reviewed by Darin Adler.
1631
1632         Covered by rebased tests.
1633
1634         Uopdating IDL definitions to mark all functions/attributes as not enumerable.
1635         Updating IDL constructor definitions to correctly compute constructor length.
1636         Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).
1637
1638         * Modules/streams/ReadableStream.idl:
1639         * Modules/streams/ReadableStream.js:
1640         * Modules/streams/ReadableStreamController.idl:
1641         * Modules/streams/ReadableStreamReader.idl:
1642
1643 2016-07-19  Chris Dumez  <cdumez@apple.com>
1644
1645         form.enctype / encoding / method should treat null as "null" string
1646         https://bugs.webkit.org/show_bug.cgi?id=159916
1647
1648         Reviewed by Ryosuke Niwa.
1649
1650         form.enctype / encoding / method should treat null as "null" string:
1651         - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
1652
1653         Previously, WebKit would treat null as the null String, which would
1654         end up removing the existing attribute.
1655
1656         Firefox and Chrome match the specification.
1657
1658         Test: fast/dom/HTMLFormElement/null-handling.html
1659
1660         * html/HTMLFormElement.h:
1661         * html/HTMLFormElement.idl:
1662
1663 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
1664
1665         All-in-one buildfix after r202439
1666         https://bugs.webkit.org/show_bug.cgi?id=159877
1667
1668         Reviewed by Chris Dumez.
1669
1670         * Modules/webaudio/AudioDestinationNode.h:
1671         (WebCore::AudioDestinationNode::resume):
1672         (WebCore::AudioDestinationNode::suspend):
1673         (WebCore::AudioDestinationNode::close):
1674
1675 2016-07-18  Frederic Wang  <fwang@igalia.com>
1676
1677         Move parsing of subscriptshift and superscriptshift from rendering to element classes
1678         https://bugs.webkit.org/show_bug.cgi?id=159622
1679
1680         Reviewed by Darin Adler.
1681
1682         We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
1683         mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
1684         subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
1685         attribute parsing to the DOM (bug 156536).
1686
1687         No new tests, rendering is unchanged.
1688
1689         * CMakeLists.txt: Add MathMLScriptsElement files.
1690         * WebCore.xcodeproj/project.pbxproj: Ditto.
1691         * mathml/MathMLAllInOne.cpp: Ditto.
1692         * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
1693         (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
1694         * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
1695         parsing for the subscriptshift and superscriptshift MathML lengths.
1696         (WebCore::MathMLScriptsElement::MathMLScriptsElement):
1697         (WebCore::MathMLScriptsElement::create):
1698         (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
1699         parsing the attribute again if necessary.
1700         (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
1701         (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
1702         (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
1703         * mathml/MathMLScriptsElement.h: Ditto.
1704         * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
1705         * rendering/mathml/RenderMathMLScripts.cpp:
1706         (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
1707         MathMLScriptsElement.
1708         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
1709         using the functions from the MathMLScriptsElement class.
1710         * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
1711
1712 2016-07-18  Frederic Wang  <fwang@igalia.com>
1713
1714         Do not store gap and shift parameters on RenderMathMLFraction
1715         https://bugs.webkit.org/show_bug.cgi?id=159876
1716
1717         Reviewed by Darin Adler.
1718
1719         After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
1720         do not need to store them on the class. We remove them and split updateLayoutParameters into
1721         three functions: one to update the linethickness and two others to retrieve the fraction and
1722         stack respectively.
1723
1724         No new tests, rendering is unchanged.
1725
1726         * rendering/mathml/RenderMathMLFraction.cpp:
1727         (WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
1728         (WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
1729         (WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
1730         (WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
1731         for fraction and stack parameters.
1732         (WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
1733         * rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
1734         for stack and fraction parameters.
1735
1736 2016-07-18  Chris Dumez  <cdumez@apple.com>
1737
1738         input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
1739         https://bugs.webkit.org/show_bug.cgi?id=159908
1740
1741         Reviewed by Alex Christensen.
1742
1743         input.formEnctype / formMethod and button.formEnctype / formMethod / type
1744         should treat null as "null" String:
1745         - https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
1746         - https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement
1747
1748         In WebKit, we would treat null as a null String which would end up
1749         removing the corresponding attribute. This does not match the
1750         specification. Firefox and Chrome match the specification here.
1751
1752         Tests:
1753         - fast/dom/HTMLButtonElement/null-handling.html
1754         - fast/dom/HTMLInputElement/null-handling.html
1755
1756         * html/HTMLButtonElement.idl:
1757         * html/HTMLInputElement.idl:
1758
1759 2016-07-18  Alex Christensen  <achristensen@webkit.org>
1760
1761         webbookmarksd needs to use the same AppCache directory as MobileSafari
1762         https://bugs.webkit.org/show_bug.cgi?id=159912
1763
1764         Reviewed by Alexey Proskuryakov.
1765
1766         No new tests.  This only changes behavior for webbookmarksd.
1767
1768         * platform/RuntimeApplicationChecks.h:
1769         * platform/RuntimeApplicationChecks.mm:
1770         (WebCore::IOSApplication::isWebBookmarksD): Added.
1771
1772 2016-07-18  Chris Dumez  <cdumez@apple.com>
1773
1774         EventTarget.dispatchEvent() parameter should not be nullable
1775         https://bugs.webkit.org/show_bug.cgi?id=159897
1776
1777         Reviewed by Benjamin Poulain.
1778
1779         EventTarget.dispatchEvent() parameter should not be nullable:
1780         - https://dom.spec.whatwg.org/#interface-eventtarget
1781
1782         Even though the parameter was marked as nullable in our IDL, our
1783         implementation does a null check and we already throw a TypeError
1784         when calling dispatchEvent(null).
1785
1786         Update our IDL so that it matches the specification and so that
1787         the null check is generated in the bindings instead.
1788
1789         No new tests, rebaseline existing tests.
1790
1791         * dom/EventTarget.cpp:
1792         (WebCore::EventTarget::dispatchEventForBindings):
1793         * dom/EventTarget.h:
1794         * dom/EventTarget.idl:
1795
1796 2016-07-18  Chris Dumez  <cdumez@apple.com>
1797
1798         DocType's publicId / systemId should not be nullable
1799         https://bugs.webkit.org/show_bug.cgi?id=159901
1800
1801         Reviewed by Benjamin Poulain.
1802
1803         DocType's publicId / systemId should not be nullable. While they were
1804         not marked as nullable in our IDL, they could be stored as null Strings
1805         in our implementation depending on how the Node was constructed. This
1806         led to subtle bugs where String() != emptyString().
1807
1808         In particular, Node.isEqualNode() would return false when DocumentType
1809         nodes would mismatch because of their publicId / systemId being null
1810         instead of the emptyString.
1811
1812         Serialization would DocumentType nodes would also be wrong when
1813         publicId / systemId were empty Strings instead of null strings. The
1814         new behavior now matches:
1815         - https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)
1816
1817         To address these issues, we now always store publicId / systemId as
1818         non-null Strings inside the DocumentType class.
1819
1820         Test: fast/dom/DocumentType/isEqualNode.html
1821
1822         * dom/DocumentType.cpp:
1823         (WebCore::DocumentType::DocumentType):
1824         * editing/MarkupAccumulator.cpp:
1825         (WebCore::MarkupAccumulator::appendDocumentType):
1826
1827 2016-07-18  Jeremy Jones  <jeremyj@apple.com>
1828
1829         If previous media session interruptions were prevented, still allow subsequent interruptions to try.
1830         https://bugs.webkit.org/show_bug.cgi?id=157553
1831         rdar://problem/25740804
1832
1833         Reviewed by Eric Carlson.
1834
1835         Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html
1836
1837         When suspending under lock on iOS, there is first a resign active event, then a
1838         suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
1839         suspend under lock to interrupt playback.
1840
1841         Currently if there are nested interruptions only the first one is acted upon.
1842
1843         This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
1844         previous interruptions were ignored.
1845
1846         This test is for iPad only, so it must be run manually.
1847
1848         * html/HTMLMediaElement.cpp:
1849         (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
1850         * platform/audio/PlatformMediaSession.cpp:
1851         (WebCore::PlatformMediaSession::beginInterruption):
1852         * testing/Internals.cpp:
1853         (WebCore::Internals::beginMediaSessionInterruption):
1854
1855 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1856
1857         Don't associate form-associated elements with forms in other trees.
1858         https://bugs.webkit.org/show_bug.cgi?id=119451
1859         <rdar://problem/27382946>
1860
1861         Change is based on the Blink change (patch by <adamk@chromium.org>):
1862         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
1863
1864         Reviewed by Chris Dumez.
1865
1866         Prevent elements from being associated with forms that are not part of the same home subtree.
1867         This brings us in line with the WhatWG HTML specification as of September, 2013.
1868
1869         Tests: fast/forms/image-disconnected-during-parse.html
1870                fast/forms/input-disconnected-during-parse.html
1871
1872         * dom/Element.h:
1873         (WebCore::Node::rootElement): Added.
1874         * html/FormAssociatedElement.cpp:
1875         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
1876         is not part of the same tree, remove the association.
1877         * html/HTMLImageElement.cpp:
1878         (WebCore::HTMLImageElement::insertedInto): Ditto.
1879
1880 2016-07-18  Anders Carlsson  <andersca@apple.com>
1881
1882         WebKit nightly fails to build on macOS Sierra
1883         https://bugs.webkit.org/show_bug.cgi?id=159902
1884         rdar://problem/27365672
1885
1886         Reviewed by Tim Horton.
1887
1888         * Modules/applepay/cocoa/PaymentCocoa.mm:
1889         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
1890         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
1891         * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
1892         Use new PassKitSPI header.
1893
1894         * WebCore.xcodeproj/project.pbxproj:
1895         Add new PassKitSPI header.
1896
1897         * icu/unicode/ucurr.h: Added.
1898         Add ucurr.h from ICU.
1899
1900         * platform/spi/cocoa/PassKitSPI.h: Added.
1901         Add new PassKitSPI header.
1902
1903 2016-07-18  Dean Jackson  <dino@apple.com>
1904
1905         REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
1906         https://bugs.webkit.org/show_bug.cgi?id=159906
1907         <rdar://problem/27391725>
1908
1909         Reviewed by Simon Fraser.
1910
1911         The fix for webkit.org/b/157569 in r200769 broke AMP pages.
1912         The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.
1913
1914         Revert them both until we have better testing.
1915
1916         * css/CSSParser.cpp:
1917         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
1918         (WebCore::CSSParser::parseValue):
1919         (WebCore::CSSParser::parseAnimationShorthand):
1920         (WebCore::CSSParser::parseTransitionShorthand): Deleted.
1921         * css/CSSPropertyNames.in:
1922         * css/PropertySetCSSStyleDeclaration.cpp:
1923         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
1924         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
1925         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
1926         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
1927         * css/StyleProperties.cpp:
1928         (WebCore::MutableStyleProperties::removeShorthandProperty):
1929         (WebCore::MutableStyleProperties::removeProperty):
1930         (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
1931         (WebCore::MutableStyleProperties::setProperty):
1932         (WebCore::getIndexInShorthandVectorForPrefixingVariant):
1933         (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
1934         (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
1935         (WebCore::StyleProperties::asText): Deleted.
1936         * css/StyleProperties.h:
1937
1938 2016-07-18  Andreas Kling  <akling@apple.com>
1939
1940         There should be a way to simulate memory pressure in layout tests
1941         <https://webkit.org/b/159743>
1942
1943         Reviewed by Simon Fraser.
1944
1945         Add three window.internal APIs:
1946
1947             - boolean isUnderMemoryPressure (readonly attribute)
1948             - void beginSimulatedMemoryPressure()
1949             - void endSimulatedMemoryPressure()
1950
1951         These make it possible to write tests that exercise behaviors that only
1952         occur during memory pressure situations.
1953
1954         I also implemented the "org.WebKit.lowMemory" notification handler using the new API.
1955
1956         Test: memory/memory-pressure-simulation.html
1957
1958         * platform/MemoryPressureHandler.cpp:
1959         (WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
1960         (WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):
1961         * platform/MemoryPressureHandler.h:
1962         (WebCore::MemoryPressureHandler::isUnderMemoryPressure):
1963         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1964         (WebCore::MemoryPressureHandler::platformReleaseMemory):
1965         (WebCore::MemoryPressureHandler::install):
1966         * testing/Internals.cpp:
1967         (WebCore::Internals::isUnderMemoryPressure):
1968         (WebCore::Internals::beginSimulatedMemoryPressure):
1969         (WebCore::Internals::endSimulatedMemoryPressure):
1970         * testing/Internals.h:
1971         * testing/Internals.idl:
1972
1973 2016-07-18  Said Abou-Hallawa  <sabouhallawa@apple,com>
1974
1975         [iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
1976         https://bugs.webkit.org/show_bug.cgi?id=158715
1977
1978         Reviewed by Dean Jackson.
1979
1980         Test: fast/images/displaced-non-cached-pdf.html
1981
1982         For iOS, we need to ensure the size of the cached PDF images will not
1983         exceed some limit. Also we should be caching only a sub image of the PDF
1984         if caching the whole image will exceed the memory limit.
1985
1986         * page/Settings.cpp:
1987         (WebCore::Settings::Settings):
1988         (WebCore::Settings::setCachedPDFImageEnabled):
1989         * page/Settings.h:
1990         (WebCore::Settings::isCachedPDFImageEnabled):
1991             Add an option to disable caching the PDF images.
1992
1993         * platform/graphics/cg/PDFDocumentImage.cpp:
1994         (WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
1995             Allow the caller of draw() to disable caching the PDF images.
1996         
1997         (WebCore::PDFDocumentImage::cacheParametersMatch):
1998             Match the context dirty rectangle with the cached image rectangle.
1999         
2000         (WebCore::transformContextForPainting):
2001             When preparing the context for drawing the PDF, take the location 
2002             of the destination rectangle into account. We do not need to scale
2003             the location of the source rectangle because we scale the size of
2004             the rectangle but we don't scale the whole coordinate system.
2005
2006         (WebCore::cachedImageRect):
2007             Calculate the rectangle of the cached image such that it does not
2008             exceed the limit. Start from the center of the dirty rectangle and
2009             then expand around it.
2010             
2011         (WebCore::PDFDocumentImage::decodedSizeChanged):
2012             In addition to notifying the ImageObserver, it keeps track of the size
2013             of all the cached PDF images.
2014
2015         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
2016             Ensure the size of all the cached images does not exceed the limit
2017             
2018         (WebCore::PDFDocumentImage::destroyDecodedData):
2019         * platform/graphics/cg/PDFDocumentImage.h:
2020
2021         * rendering/RenderImage.cpp:
2022         (WebCore::RenderImage::paintIntoRect):
2023             Pass the option to disable caching the PDF images to PDFDocumentImage.
2024
2025         * testing/InternalSettings.cpp:
2026         (WebCore::InternalSettings::Backup::Backup):
2027         (WebCore::InternalSettings::Backup::restoreTo):
2028         (WebCore::InternalSettings::setCachedPDFImageEnabled):
2029         * testing/InternalSettings.h:
2030         * testing/InternalSettings.idl:
2031             Add an internal option to disable caching the PDF images.
2032
2033 2016-07-18  Chris Dumez  <cdumez@apple.com>
2034
2035         The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
2036         https://bugs.webkit.org/show_bug.cgi?id=158008
2037
2038         Reviewed by Darin Adler.
2039
2040         The 2 first parameters to addEventListener() / removeEventListener() should be
2041         mandatory:
2042         - https://dom.spec.whatwg.org/#interface-eventtarget
2043
2044         Firefox 46 and Chrome 50 both match the specification and throw an exception when those
2045         parameters are omitted. However, those parameters were marked as optional in WebKit and
2046         the calls were no-ops if those parameters were omitted. This patch aligns our behavior
2047         with the specification and other browsers.
2048
2049         Test: fast/dom/eventtarget-api-parameters.html
2050
2051         * bindings/scripts/CodeGeneratorJS.pm:
2052         (GetFunctionLength): Deleted.
2053         * dom/EventTarget.idl:
2054
2055 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
2056
2057         Unreviewed, rolling out r203373.
2058
2059         Unaddressed
2060
2061         Reverted changeset:
2062
2063         "Don't associate form-associated elements with forms in other
2064         trees."
2065         https://bugs.webkit.org/show_bug.cgi?id=119451
2066         http://trac.webkit.org/changeset/203373
2067
2068 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
2069
2070         Don't associate form-associated elements with forms in other trees.
2071         https://bugs.webkit.org/show_bug.cgi?id=119451
2072         <rdar://problem/27382946>
2073
2074         Change is based on the Blink change (patch by <adamk@chromium.org>):
2075         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
2076
2077         Reviewed by Zalan Bujtas.
2078
2079         Prevent elements from being associated with forms that are not part of the same home subtree.
2080         This brings us in line with the WhatWG HTML specification as of September, 2013.
2081
2082         Tests: fast/forms/image-disconnected-during-parse.html
2083                fast/forms/input-disconnected-during-parse.html
2084
2085         * dom/NodeTraversal.h:
2086         (WebCore::NodeTraversal::highestAncestorOrSelf): Added.
2087         * html/FormAssociatedElement.cpp:
2088         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
2089         is not part of the same tree, remove the association.
2090         * html/HTMLImageElement.cpp:
2091         (WebCore::HTMLImageElement::insertedInto): Ditto.
2092
2093 2016-07-18  George Ruan  <gruan@apple.com>
2094
2095         Move MediaSampleAVFObjC into its own file
2096         https://bugs.webkit.org/show_bug.cgi?id=159796
2097         <rdar://problem/27362488>
2098
2099         In preparation for a feature that uses MediaSampleAVFObjC, but does
2100         not need SourceBufferPrivateAVFObjC, it is beneficial to move
2101         MediaSampleAVFObjC to its own file.
2102
2103         Reviewed by Eric Carlson.
2104
2105         * WebCore.xcodeproj/project.pbxproj:
2106         * platform/MediaSample.h: Allow setting trackID to associate
2107         MediaSample id with MediaStreamTrackPrivate id.
2108         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Added.
2109         * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm: Moved
2110         from MediaSampleAVFObjC
2111         (WebCore::MediaSampleAVFObjC::presentationTime):
2112         (WebCore::MediaSampleAVFObjC::decodeTime):
2113         (WebCore::MediaSampleAVFObjC::duration):
2114         (WebCore::MediaSampleAVFObjC::sizeInBytes):
2115         (WebCore::MediaSampleAVFObjC::platformSample):
2116         (WebCore::CMSampleBufferIsRandomAccess):
2117         (WebCore::MediaSampleAVFObjC::flags):
2118         (WebCore::MediaSampleAVFObjC::presentationSize):
2119         (WebCore::MediaSampleAVFObjC::dump):
2120         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy):
2121         (WebCore::MediaSampleAVFObjC::setTimestamps):
2122         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
2123         Moved MediaSampleAVFObjC to its own file.
2124         (WebCore::MediaSampleAVFObjC::platformSample): Deleted.
2125         (WebCore::CMSampleBufferIsRandomAccess): Deleted.
2126         (WebCore::MediaSampleAVFObjC::flags): Deleted.
2127         (WebCore::MediaSampleAVFObjC::presentationSize): Deleted.
2128         (WebCore::MediaSampleAVFObjC::dump): Deleted.
2129         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Deleted.
2130         (WebCore::MediaSampleAVFObjC::setTimestamps): Deleted.
2131         * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
2132
2133 2016-07-18  Eric Carlson  <eric.carlson@apple.com>
2134
2135         [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
2136         https://bugs.webkit.org/show_bug.cgi?id=159812
2137         <rdar://problem/27371624>
2138
2139         Reviewed by Jon Lee.
2140
2141         No new tests, it isn't possible to test this with our current testing infrastructure.
2142
2143         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
2144         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
2145         (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
2146         been an HDCP error.
2147         (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.
2148
2149 2016-07-18  Yoav Weiss  <yoav@yoav.ws>
2150
2151         Add preload to features.json
2152         https://bugs.webkit.org/show_bug.cgi?id=159872
2153
2154         Reviewed by Darin Adler.
2155
2156         No new tests but no functional change.
2157
2158         * features.json:
2159
2160 2016-07-18  Youenn Fablet  <youenn@apple.com>
2161
2162         [Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
2163         https://bugs.webkit.org/show_bug.cgi?id=159870
2164
2165         Reviewed by Xabier Rodriguez-Calvar.
2166
2167         Covered by rebased test.
2168
2169         * Modules/streams/StreamInternals.js:
2170         (validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.
2171
2172 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
2173
2174         Windows buildfix after r203338
2175         https://bugs.webkit.org/show_bug.cgi?id=159875
2176
2177         Unreviewed buildfix.
2178
2179         * dom/UserGestureIndicator.h:
2180         (WebCore::UserGestureToken::addDestructionObserver):
2181
2182 2016-07-18  Carlos Garcia Campos  <cgarcia@igalia.com>
2183
2184         MemoryPressureHandler doesn't work if cgroups aren't present in Linux
2185         https://bugs.webkit.org/show_bug.cgi?id=155255
2186
2187         Reviewed by Sergio Villar Senin.
2188
2189         Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
2190         available.
2191
2192         * platform/MemoryPressureHandler.h:
2193         * platform/linux/MemoryPressureHandlerLinux.cpp:
2194
2195 2016-07-17  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
2196
2197         Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
2198         https://bugs.webkit.org/show_bug.cgi?id=159701
2199
2200         Reviewed by Alex Christensen.
2201
2202         No new tests, no behavior changes.
2203
2204         * Modules/encryptedmedia/CDM.h:
2205         * Modules/encryptedmedia/MediaKeySession.h:
2206         * Modules/encryptedmedia/MediaKeys.h:
2207         * Modules/quota/DOMWindowQuota.cpp:
2208         * Modules/quota/StorageErrorCallback.cpp:
2209         (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
2210         * Modules/quota/StorageErrorCallback.h:
2211         * Modules/quota/StorageInfo.h:
2212         * Modules/quota/StorageQuota.h:
2213         * Modules/speech/DOMWindowSpeechSynthesis.cpp:
2214         * Modules/speech/SpeechSynthesis.cpp:
2215         (WebCore::SpeechSynthesis::getVoices):
2216         (WebCore::SpeechSynthesis::startSpeakingImmediately):
2217         (WebCore::SpeechSynthesis::speak):
2218         (WebCore::SpeechSynthesis::cancel):
2219         (WebCore::SpeechSynthesis::handleSpeakingCompleted):
2220         (WebCore::SpeechSynthesis::boundaryEventOccurred):
2221         (WebCore::SpeechSynthesis::didStartSpeaking):
2222         (WebCore::SpeechSynthesis::didPauseSpeaking):
2223         (WebCore::SpeechSynthesis::didResumeSpeaking):
2224         (WebCore::SpeechSynthesis::didFinishSpeaking):
2225         (WebCore::SpeechSynthesis::speakingErrorOccurred):
2226         * Modules/speech/SpeechSynthesis.h:
2227         * Modules/speech/SpeechSynthesisEvent.h:
2228         * Modules/speech/SpeechSynthesisUtterance.h:
2229         * Modules/speech/SpeechSynthesisVoice.cpp:
2230         (WebCore::SpeechSynthesisVoice::create):
2231         (WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):
2232         * Modules/speech/SpeechSynthesisVoice.h:
2233         * platform/PlatformSpeechSynthesizer.h:
2234         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
2235         (WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):
2236         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
2237         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
2238         (WebCore::PlatformSpeechSynthesizerMock::speak):
2239         (WebCore::PlatformSpeechSynthesizerMock::cancel):
2240         (WebCore::PlatformSpeechSynthesizerMock::pause):
2241         (WebCore::PlatformSpeechSynthesizerMock::resume):
2242
2243 2016-07-16  Sam Weinig  <sam@webkit.org>
2244
2245         [WebKit API] Add SPI to track multiple navigations caused by a single user gesture
2246         <rdar://problem/26554137>
2247         https://bugs.webkit.org/show_bug.cgi?id=159856
2248
2249         Reviewed by Dan Bernstein.
2250
2251         - Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
2252         - Makes UserGestureIndicator track UserGestureToken.
2253         - Refines UserGestureIndicator's interface to use Optional and a smaller enum set
2254           to represent the different initial states.
2255         - Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, 
2256           postMessage, and ScheduledNavigation) rather than just a boolean.
2257
2258         * accessibility/AccessibilityNodeObject.cpp:
2259         (WebCore::AccessibilityNodeObject::increment):
2260         (WebCore::AccessibilityNodeObject::decrement):
2261         * accessibility/AccessibilityObject.cpp:
2262         (WebCore::AccessibilityObject::press):
2263         * bindings/js/ScriptController.cpp:
2264         (WebCore::ScriptController::executeScriptInWorld):
2265         (WebCore::ScriptController::executeScript):
2266         Update for new UserGestureIndicator interface.
2267
2268         * dom/UserGestureIndicator.cpp:
2269         (WebCore::currentToken):
2270         (WebCore::UserGestureToken::~UserGestureToken):
2271         (WebCore::UserGestureIndicator::UserGestureIndicator):
2272         (WebCore::UserGestureIndicator::~UserGestureIndicator):
2273         (WebCore::UserGestureIndicator::currentUserGesture):
2274         (WebCore::UserGestureIndicator::processingUserGesture):
2275         (WebCore::UserGestureIndicator::processingUserGestureForMedia):
2276         (WebCore::isDefinite): Deleted.
2277         * dom/UserGestureIndicator.h:
2278         (WebCore::UserGestureToken::create):
2279         (WebCore::UserGestureToken::state):
2280         (WebCore::UserGestureToken::processingUserGesture):
2281         (WebCore::UserGestureToken::processingUserGestureForMedia):
2282         (WebCore::UserGestureToken::addDestructionObserver):
2283         (WebCore::UserGestureToken::UserGestureToken):
2284         Add UserGestureToken and track the current one explicitly.
2285
2286         * html/HTMLMediaElement.cpp:
2287         (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
2288         * inspector/InspectorFrontendClientLocal.cpp:
2289         (WebCore::InspectorFrontendClientLocal::openInNewTab):
2290         * inspector/InspectorFrontendHost.cpp:
2291         * inspector/InspectorPageAgent.cpp:
2292         (WebCore::InspectorPageAgent::navigate):
2293         Update for new UserGestureIndicator interface.
2294
2295         * loader/NavigationAction.cpp:
2296         (WebCore::NavigationAction::NavigationAction):
2297         * loader/NavigationAction.h:
2298         (WebCore::NavigationAction::userGestureToken):
2299         (WebCore::NavigationAction::processingUserGesture):
2300         * loader/NavigationScheduler.cpp:
2301         (WebCore::ScheduledNavigation::ScheduledNavigation):
2302         (WebCore::ScheduledNavigation::~ScheduledNavigation):
2303         (WebCore::ScheduledNavigation::lockBackForwardList):
2304         (WebCore::ScheduledNavigation::wasDuringLoad):
2305         (WebCore::ScheduledNavigation::isLocationChange):
2306         (WebCore::ScheduledNavigation::userGestureToForward):
2307         (WebCore::ScheduledNavigation::clearUserGesture):
2308         (WebCore::NavigationScheduler::mustLockBackForwardList):
2309         (WebCore::NavigationScheduler::scheduleFormSubmission):
2310         (WebCore::ScheduledNavigation::wasUserGesture): Deleted.
2311         * page/DOMTimer.cpp:
2312         (WebCore::shouldForwardUserGesture):
2313         (WebCore::userGestureTokenToForward):
2314         (WebCore::DOMTimer::DOMTimer):
2315         (WebCore::DOMTimer::fired):
2316         * page/DOMTimer.h:
2317         * page/DOMWindow.cpp:
2318         (WebCore::PostMessageTimer::PostMessageTimer):
2319         Store the active UserGestureToken rather than just a bit.
2320
2321         * page/EventHandler.cpp:
2322         (WebCore::EventHandler::handleMousePressEvent):
2323         (WebCore::EventHandler::handleMouseDoubleClickEvent):
2324         (WebCore::EventHandler::handleMouseReleaseEvent):
2325         (WebCore::EventHandler::keyEvent):
2326         (WebCore::EventHandler::handleTouchEvent):
2327         * rendering/HitTestResult.cpp:
2328         (WebCore::HitTestResult::toggleMediaFullscreenState):
2329         (WebCore::HitTestResult::enterFullscreenForVideo):
2330         (WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
2331         Update for new UserGestureIndicator interface.
2332
2333 2016-07-17  Ryosuke Niwa  <rniwa@webkit.org>
2334
2335         Rename fastHasAttribute to hasAttributeWithoutSynchronization
2336         https://bugs.webkit.org/show_bug.cgi?id=159864
2337
2338         Reviewed by Chris Dumez.
2339
2340         Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.
2341
2342         * accessibility/AccessibilityListBoxOption.cpp:
2343         (WebCore::AccessibilityListBoxOption::isEnabled):
2344         * accessibility/AccessibilityObject.cpp:
2345         (WebCore::AccessibilityObject::hasAttribute):
2346         (WebCore::AccessibilityObject::getAttribute):
2347         * accessibility/AccessibilityRenderObject.cpp:
2348         (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
2349         * bindings/scripts/CodeGenerator.pm:
2350         (GetterExpression):
2351         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2352         * bindings/scripts/test/JS/JSTestObj.cpp:
2353         (WebCore::jsTestObjReflectedBooleanAttr):
2354         (WebCore::jsTestObjReflectedCustomBooleanAttr):
2355         * bindings/scripts/test/ObjC/DOMTestObj.mm:
2356         (-[DOMTestObj reflectedBooleanAttr]):
2357         (-[DOMTestObj setReflectedBooleanAttr:]):
2358         (-[DOMTestObj reflectedCustomBooleanAttr]):
2359         (-[DOMTestObj setReflectedCustomBooleanAttr:]):
2360         * dom/Document.cpp:
2361         (WebCore::Document::hasManifest):
2362         (WebCore::Document::doctype):
2363         * dom/Element.h:
2364         (WebCore::Node::parentElement):
2365         (WebCore::Element::hasAttributeWithoutSynchronization):
2366         (WebCore::Element::fastHasAttribute): Deleted.
2367         * editing/ApplyStyleCommand.cpp:
2368         (WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):
2369         * editing/DeleteSelectionCommand.cpp:
2370         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
2371         * editing/markup.cpp:
2372         (WebCore::createMarkupInternal):
2373         * html/ColorInputType.cpp:
2374         (WebCore::ColorInputType::shouldShowSuggestions):
2375         * html/FileInputType.cpp:
2376         (WebCore::FileInputType::handleDOMActivateEvent):
2377         (WebCore::FileInputType::receiveDroppedFiles):
2378         * html/FormAssociatedElement.cpp:
2379         (WebCore::FormAssociatedElement::didMoveToNewDocument):
2380         (WebCore::FormAssociatedElement::insertedInto):
2381         (WebCore::FormAssociatedElement::removedFrom):
2382         (WebCore::FormAssociatedElement::formAttributeChanged):
2383         * html/FormController.cpp:
2384         (WebCore::ownerFormForState):
2385         * html/GenericCachedHTMLCollection.cpp:
2386         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
2387         * html/HTMLAnchorElement.cpp:
2388         (WebCore::HTMLAnchorElement::draggable):
2389         (WebCore::HTMLAnchorElement::href):
2390         (WebCore::HTMLAnchorElement::sendPings):
2391         * html/HTMLAppletElement.cpp:
2392         (WebCore::HTMLAppletElement::rendererIsNeeded):
2393         * html/HTMLElement.cpp:
2394         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
2395         (WebCore::elementAffectsDirectionality):
2396         (WebCore::setHasDirAutoFlagRecursively):
2397         * html/HTMLEmbedElement.cpp:
2398         (WebCore::HTMLEmbedElement::rendererIsNeeded):
2399         * html/HTMLFieldSetElement.cpp:
2400         (WebCore::updateFromControlElementsAncestorDisabledStateUnder):
2401         (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
2402         (WebCore::HTMLFieldSetElement::disabledStateChanged):
2403         (WebCore::HTMLFieldSetElement::childrenChanged):
2404         * html/HTMLFormControlElement.cpp:
2405         (WebCore::HTMLFormControlElement::formNoValidate):
2406         (WebCore::HTMLFormControlElement::formAction):
2407         (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
2408         (WebCore::shouldAutofocus):
2409         * html/HTMLFormElement.cpp:
2410         (WebCore::HTMLFormElement::formElementIndex):
2411         (WebCore::HTMLFormElement::noValidate):
2412         * html/HTMLFrameElement.cpp:
2413         (WebCore::HTMLFrameElement::noResize):
2414         (WebCore::HTMLFrameElement::didAttachRenderers):
2415         * html/HTMLFrameElementBase.cpp:
2416         (WebCore::HTMLFrameElementBase::parseAttribute):
2417         (WebCore::HTMLFrameElementBase::location):
2418         * html/HTMLHRElement.cpp:
2419         (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
2420         * html/HTMLImageElement.cpp:
2421         (WebCore::HTMLImageElement::isServerMap):
2422         * html/HTMLInputElement.cpp:
2423         (WebCore::HTMLInputElement::finishParsingChildren):
2424         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
2425         (WebCore::HTMLInputElement::isActivatedSubmit):
2426         (WebCore::HTMLInputElement::reset):
2427         (WebCore::HTMLInputElement::multiple):
2428         (WebCore::HTMLInputElement::setSize):
2429         (WebCore::HTMLInputElement::shouldUseMediaCapture):
2430         * html/HTMLMarqueeElement.cpp:
2431         (WebCore::HTMLMarqueeElement::minimumDelay):
2432         * html/HTMLMediaElement.cpp:
2433         (WebCore::HTMLMediaElement::insertedInto):
2434         (WebCore::HTMLMediaElement::selectMediaResource):
2435         (WebCore::HTMLMediaElement::loadResource):
2436         (WebCore::HTMLMediaElement::autoplay):
2437         (WebCore::HTMLMediaElement::preload):
2438         (WebCore::HTMLMediaElement::loop):
2439         (WebCore::HTMLMediaElement::setLoop):
2440         (WebCore::HTMLMediaElement::controls):
2441         (WebCore::HTMLMediaElement::setControls):
2442         (WebCore::HTMLMediaElement::muted):
2443         (WebCore::HTMLMediaElement::setMuted):
2444         (WebCore::HTMLMediaElement::selectNextSourceChild):
2445         (WebCore::HTMLMediaElement::sourceWasAdded):
2446         (WebCore::HTMLMediaElement::mediaSessionTitle):
2447         * html/HTMLObjectElement.cpp:
2448         (WebCore::HTMLObjectElement::parseAttribute):
2449         * html/HTMLOptGroupElement.cpp:
2450         (WebCore::HTMLOptGroupElement::isDisabledFormControl):
2451         (WebCore::HTMLOptGroupElement::isFocusable):
2452         * html/HTMLOptionElement.cpp:
2453         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
2454         (WebCore::HTMLOptionElement::text):
2455         * html/HTMLProgressElement.cpp:
2456         (WebCore::HTMLProgressElement::isDeterminate):
2457         (WebCore::HTMLProgressElement::didElementStateChange):
2458         * html/HTMLScriptElement.cpp:
2459         (WebCore::HTMLScriptElement::async):
2460         (WebCore::HTMLScriptElement::setCrossOrigin):
2461         (WebCore::HTMLScriptElement::asyncAttributeValue):
2462         (WebCore::HTMLScriptElement::deferAttributeValue):
2463         (WebCore::HTMLScriptElement::hasSourceAttribute):
2464         (WebCore::HTMLScriptElement::dispatchLoadEvent):
2465         * html/HTMLSelectElement.cpp:
2466         (WebCore::HTMLSelectElement::reset):
2467         * html/HTMLTrackElement.cpp:
2468         (WebCore::HTMLTrackElement::isDefault):
2469         (WebCore::HTMLTrackElement::ensureTrack):
2470         (WebCore::HTMLTrackElement::loadTimerFired):
2471         * html/MediaElementSession.cpp:
2472         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
2473         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
2474         (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading):
2475         * html/SearchInputType.cpp:
2476         (WebCore::SearchInputType::searchEventsShouldBeDispatched):
2477         (WebCore::SearchInputType::didSetValueByUserEdit):
2478         * inspector/InspectorDOMAgent.cpp:
2479         (WebCore::InspectorDOMAgent::buildObjectForNode):
2480         * loader/FrameLoader.cpp:
2481         (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
2482         (WebCore::FrameLoader::findFrameForNavigation):
2483         * loader/ImageLoader.cpp:
2484         (WebCore::ImageLoader::notifyFinished):
2485         * mathml/MathMLSelectElement.cpp:
2486         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2487         * rendering/RenderTableCell.cpp:
2488         (WebCore::RenderTableCell::computePreferredLogicalWidths):
2489         * rendering/RenderThemeIOS.mm:
2490         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
2491         * rendering/SimpleLineLayout.cpp:
2492         (WebCore::SimpleLineLayout::canUseForWithReason):
2493         * rendering/svg/RenderSVGResourceClipper.cpp:
2494         (WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):
2495         * svg/SVGAnimateMotionElement.cpp:
2496         (WebCore::SVGAnimateMotionElement::updateAnimationPath):
2497         * svg/SVGAnimationElement.cpp:
2498         (WebCore::SVGAnimationElement::startedActiveInterval):
2499         (WebCore::SVGAnimationElement::updateAnimation):
2500         * svg/animation/SVGSMILElement.cpp:
2501         (WebCore::SVGSMILElement::insertedInto):
2502
2503 2016-07-17  Brady Eidson  <beidson@apple.com>
2504
2505         Exceptions logged to the JS console should use toString().
2506         https://bugs.webkit.org/show_bug.cgi?id=159855
2507
2508         Reviewed by Darin Adler.
2509
2510         No new tests (No change in behavior).
2511
2512         * bindings/js/JSDOMBinding.cpp:
2513         (WebCore::reportException):
2514
2515         * dom/DOMCoreException.h:
2516         (WebCore::DOMCoreException::DOMCoreException):
2517
2518         * dom/ExceptionBase.cpp:
2519         (WebCore::ExceptionBase::ExceptionBase):
2520         (WebCore::ExceptionBase::toString):
2521         (WebCore::ExceptionBase::consoleErrorMessage): Deleted.
2522         * dom/ExceptionBase.h:
2523         (WebCore::ExceptionBase::description): Deleted.
2524
2525         * svg/SVGException.h:
2526
2527         * xml/XPathException.h:
2528         (WebCore::XPathException::XPathException):
2529
2530 2016-07-17  Brady Eidson  <beidson@apple.com>
2531
2532         Update DOMCoreException to use the description in toString().
2533         https://bugs.webkit.org/show_bug.cgi?id=159857
2534
2535         Reviewed by Darin Adler.
2536
2537         No new tests (Covered by changes to existing tests).
2538
2539         * bindings/js/JSDOMBinding.cpp:
2540         (WebCore::createDOMException):
2541
2542         * dom/DOMCoreException.h:
2543         (WebCore::DOMCoreException::DOMCoreException):
2544         (WebCore::DOMCoreException::createWithDescriptionAsMessage): Deleted.
2545
2546 2016-07-17  Myles C. Maxfield  <mmaxfield@apple.com>
2547
2548         Support new emoji group candidates
2549         https://bugs.webkit.org/show_bug.cgi?id=159755
2550         <rdar://problem/27325521>
2551
2552         Reviewed by Dean Jackson.
2553
2554         There are a few code points which should be able to be joined (with ZWJ) to
2555         either U+2640 or U+2642 to change the gender of the emoji. These patterns
2556         should also work with an additional 0xFE0F variation selector. This patch
2557         adds these new patterns to our existing emoji group candidate infrastructure.
2558
2559         Tests: fast/text/emoji-gender-2-3.html
2560                fast/text/emoji-gender-2-4.html
2561                fast/text/emoji-gender-2-5.html
2562                fast/text/emoji-gender-2-6.html
2563                fast/text/emoji-gender-2-7.html
2564                fast/text/emoji-gender-2-8.html
2565                fast/text/emoji-gender-2-9.html
2566                fast/text/emoji-gender-2.html
2567                fast/text/emoji-gender-3.html
2568                fast/text/emoji-gender-4.html
2569                fast/text/emoji-gender-5.html
2570                fast/text/emoji-gender-6.html
2571                fast/text/emoji-gender-7.html
2572                fast/text/emoji-gender-8.html
2573                fast/text/emoji-gender-9.html
2574                fast/text/emoji-gender-fe0f-3.html
2575                fast/text/emoji-gender-fe0f-4.html
2576                fast/text/emoji-gender-fe0f-5.html
2577                fast/text/emoji-gender-fe0f-6.html
2578                fast/text/emoji-gender-fe0f-7.html
2579                fast/text/emoji-gender-fe0f-8.html
2580                fast/text/emoji-gender-fe0f-9.html
2581                fast/text/emoji-gender.html
2582                fast/text/emoji-num-glyphs.html
2583                fast/text/emoji-single-parent-family-2.html
2584                fast/text/emoji-single-parent-family.html
2585
2586         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
2587         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
2588         * platform/graphics/FontCascade.cpp:
2589         (WebCore::FontCascade::characterRangeCodePath):
2590         * platform/text/CharacterProperties.h:
2591         (WebCore::isEmojiGroupCandidate):
2592
2593 2016-07-16  Brady Eidson  <beidson@apple.com>
2594
2595         Update SVGException to use the description in toString().
2596         https://bugs.webkit.org/show_bug.cgi?id=159847
2597
2598         Reviewed by Darin Adler.
2599
2600         No new tests (Covered by changes to existing tests).
2601
2602         * bindings/js/JSDOMBinding.cpp:
2603         (WebCore::reportException): use consoleErrorMessage for now.
2604
2605         * dom/ExceptionBase.cpp:
2606         (WebCore::ExceptionBase::consoleErrorMessage):
2607         * dom/ExceptionBase.h:
2608
2609         * svg/SVGException.h:
2610
2611 2016-07-16  Chris Dumez  <cdumez@apple.com>
2612
2613         Use fastHasAttribute() when possible
2614         https://bugs.webkit.org/show_bug.cgi?id=159838
2615
2616         Reviewed by Ryosuke Niwa.
2617
2618         Use fastHasAttribute() when possible, for performance.
2619
2620         * editing/DeleteSelectionCommand.cpp:
2621         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
2622         * editing/markup.cpp:
2623         (WebCore::createMarkupInternal):
2624         * html/HTMLAnchorElement.cpp:
2625         (WebCore::HTMLAnchorElement::draggable):
2626         * html/HTMLFrameElementBase.cpp:
2627         (WebCore::HTMLFrameElementBase::parseAttribute):
2628         * mathml/MathMLSelectElement.cpp:
2629         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2630         * rendering/RenderThemeIOS.mm:
2631         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
2632
2633 2016-07-16  Ryosuke Niwa  <rniwa@webkit.org>
2634
2635         Rename fastGetAttribute to attributeWithoutSynchronization
2636         https://bugs.webkit.org/show_bug.cgi?id=159852
2637
2638         Reviewed by Darin Adler.
2639
2640         Renamed fastGetAttribute to attributeWithoutSynchronization for clarity.
2641
2642         * accessibility/AXObjectCache.cpp:
2643         (WebCore::AXObjectCache::findAriaModalNodes):
2644         (WebCore::nodeHasRole):
2645         (WebCore::AXObjectCache::handleLiveRegionCreated):
2646         (WebCore::AXObjectCache::handleMenuItemSelected):
2647         (WebCore::AXObjectCache::handleAriaModalChange):
2648         (WebCore::isNodeAriaVisible):
2649         * accessibility/AccessibilityNodeObject.cpp:
2650         (WebCore::siblingWithAriaRole):
2651         (WebCore::AccessibilityNodeObject::titleElementText):
2652         (WebCore::AccessibilityNodeObject::alternativeTextForWebArea):
2653         (WebCore::AccessibilityNodeObject::hierarchicalLevel):
2654         (WebCore::AccessibilityNodeObject::stringValue):
2655         (WebCore::accessibleNameForNode):
2656         * accessibility/AccessibilityObject.cpp:
2657         (WebCore::AccessibilityObject::contentEditableAttributeIsEnabled):
2658         (WebCore::AccessibilityObject::getAttribute):
2659         * accessibility/AccessibilityRenderObject.cpp:
2660         (WebCore::AccessibilityRenderObject::stringValue):
2661         (WebCore::AccessibilityRenderObject::exposesTitleUIElement):
2662         * accessibility/AccessibilitySVGElement.cpp:
2663         (WebCore::AccessibilitySVGElement::childElementWithMatchingLanguage):
2664         (WebCore::AccessibilitySVGElement::accessibilityDescription):
2665         * bindings/objc/DOM.mm:
2666         (-[DOMHTMLLinkElement _mediaQueryMatches]):
2667         * bindings/scripts/CodeGenerator.pm:
2668         (GetterExpression):
2669         * bindings/scripts/CodeGeneratorObjC.pm:
2670         (GenerateImplementation):
2671         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2672         * bindings/scripts/test/JS/JSTestObj.cpp:
2673         (WebCore::jsTestObjReflectedStringAttr):
2674         * dom/AuthorStyleSheets.cpp:
2675         (WebCore::AuthorStyleSheets::collectActiveStyleSheets):
2676         * dom/Document.cpp:
2677         (WebCore::Document::buildAccessKeyMap):
2678         (WebCore::Document::processBaseElement):
2679         * dom/DocumentOrderedMap.cpp:
2680         (WebCore::DocumentOrderedMap::getElementByLabelForAttribute):
2681         * dom/Element.cpp:
2682         (WebCore::Element::imageSourceURL):
2683         (WebCore::Element::rendererIsNeeded):
2684         (WebCore::Element::insertedInto):
2685         (WebCore::Element::removedFrom):
2686         (WebCore::Element::pseudo):
2687         (WebCore::Element::setPseudo):
2688         (WebCore::Element::spellcheckAttributeState):
2689         (WebCore::Element::canContainRangeEndPoint):
2690         (WebCore::Element::completeURLsInAttributeValue):
2691         * dom/Element.h:
2692         (WebCore::Element::fastHasAttribute):
2693         (WebCore::Element::attributeWithoutSynchronization):
2694         (WebCore::Element::fastGetAttribute): Deleted.
2695         * dom/InlineStyleSheetOwner.cpp:
2696         (WebCore::InlineStyleSheetOwner::createSheet):
2697         * dom/ScriptElement.cpp:
2698         (WebCore::ScriptElement::requestScript):
2699         (WebCore::ScriptElement::executeScript):
2700         * dom/SlotAssignment.cpp:
2701         (WebCore::slotNameFromSlotAttribute):
2702         (WebCore::SlotAssignment::SlotAssignment):
2703         (WebCore::recursivelyFireSlotChangeEvent):
2704         (WebCore::SlotAssignment::didChangeSlot):
2705         (WebCore::SlotAssignment::hostChildElementDidChange):
2706         (WebCore::SlotAssignment::assignedNodesForSlot):
2707         (WebCore::SlotAssignment::resolveAllSlotElements):
2708         * dom/TreeScope.cpp:
2709         (WebCore::TreeScope::labelElementForId):
2710         * dom/VisitedLinkState.cpp:
2711         (WebCore::linkAttribute):
2712         * editing/ApplyStyleCommand.cpp:
2713         (WebCore::isLegacyAppleStyleSpan):
2714         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
2715         * editing/EditingStyle.cpp:
2716         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
2717         * editing/ReplaceSelectionCommand.cpp:
2718         (WebCore::isInterchangeNewlineNode):
2719         (WebCore::isInterchangeConvertedSpaceSpan):
2720         (WebCore::positionAvoidingPrecedingNodes):
2721         (WebCore::isMailPasteAsQuotationNode):
2722         (WebCore::isHeaderElement):
2723         (WebCore::isInlineNodeWithStyle):
2724         * editing/TextIterator.cpp:
2725         (WebCore::isRendererReplacedElement):
2726         * editing/cocoa/DataDetection.mm:
2727         (WebCore::DataDetection::isDataDetectorLink):
2728         (WebCore::DataDetection::requiresExtendedContext):
2729         (WebCore::DataDetection::dataDetectorIdentifier):
2730         (WebCore::DataDetection::shouldCancelDefaultAction):
2731         (WebCore::removeResultLinksFromAnchor):
2732         (WebCore::searchForLinkRemovingExistingDDLinks):
2733         * editing/gtk/EditorGtk.cpp:
2734         (WebCore::elementURL):
2735         * editing/htmlediting.cpp:
2736         (WebCore::isTabSpanNode):
2737         (WebCore::isTabSpanTextNode):
2738         (WebCore::isMailBlockquote):
2739         (WebCore::caretMinOffset):
2740         * editing/markup.cpp:
2741         (WebCore::createFragmentFromMarkup):
2742         * html/Autofill.cpp:
2743         (WebCore::AutofillData::createFromHTMLFormControlElement):
2744         * html/BaseTextInputType.cpp:
2745         (WebCore::BaseTextInputType::patternMismatch):
2746         * html/DateInputType.cpp:
2747         (WebCore::DateInputType::createStepRange):
2748         * html/DateTimeInputType.cpp:
2749         (WebCore::DateTimeInputType::createStepRange):
2750         * html/DateTimeLocalInputType.cpp:
2751         (WebCore::DateTimeLocalInputType::createStepRange):
2752         * html/FormAssociatedElement.cpp:
2753         (WebCore::FormAssociatedElement::findAssociatedForm):
2754         (WebCore::FormAssociatedElement::resetFormAttributeTargetObserver):
2755         (WebCore::FormAssociatedElement::formAttributeTargetChanged):
2756         * html/HTMLAnchorElement.cpp:
2757         (WebCore::HTMLAnchorElement::draggable):
2758         (WebCore::HTMLAnchorElement::href):
2759         (WebCore::HTMLAnchorElement::setHref):
2760         (WebCore::HTMLAnchorElement::target):
2761         (WebCore::HTMLAnchorElement::origin):
2762         (WebCore::HTMLAnchorElement::sendPings):
2763         (WebCore::HTMLAnchorElement::handleClick):
2764         * html/HTMLAnchorElement.h:
2765         (WebCore::HTMLAnchorElement::visitedLinkHash):
2766         * html/HTMLAppletElement.cpp:
2767         (WebCore::HTMLAppletElement::updateWidget):
2768         * html/HTMLAreaElement.cpp:
2769         (WebCore::HTMLAreaElement::target):
2770         * html/HTMLAttachmentElement.cpp:
2771         (WebCore::HTMLAttachmentElement::attachmentTitle):
2772         (WebCore::HTMLAttachmentElement::attachmentType):
2773         * html/HTMLBaseElement.cpp:
2774         (WebCore::HTMLBaseElement::target):
2775         (WebCore::HTMLBaseElement::href):
2776         * html/HTMLBodyElement.cpp:
2777         (WebCore::HTMLBodyElement::addSubresourceAttributeURLs):
2778         * html/HTMLButtonElement.cpp:
2779         (WebCore::HTMLButtonElement::value):
2780         (WebCore::HTMLButtonElement::computeWillValidate):
2781         * html/HTMLCanvasElement.cpp:
2782         (WebCore::HTMLCanvasElement::reset):
2783         * html/HTMLDocument.cpp:
2784         (WebCore::HTMLDocument::bgColor):
2785         (WebCore::HTMLDocument::setBgColor):
2786         (WebCore::HTMLDocument::fgColor):
2787         (WebCore::HTMLDocument::setFgColor):
2788         (WebCore::HTMLDocument::alinkColor):
2789         (WebCore::HTMLDocument::setAlinkColor):
2790         (WebCore::HTMLDocument::linkColor):
2791         (WebCore::HTMLDocument::setLinkColor):
2792         (WebCore::HTMLDocument::vlinkColor):
2793         (WebCore::HTMLDocument::setVlinkColor):
2794         * html/HTMLElement.cpp:
2795         (WebCore::contentEditableType):
2796         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
2797         (WebCore::HTMLElement::dir):
2798         (WebCore::HTMLElement::setDir):
2799         (WebCore::HTMLElement::draggable):
2800         (WebCore::HTMLElement::setDraggable):
2801         (WebCore::HTMLElement::title):
2802         (WebCore::HTMLElement::tabIndex):
2803         (WebCore::HTMLElement::translateAttributeMode):
2804         (WebCore::HTMLElement::hasDirectionAuto):
2805         (WebCore::HTMLElement::directionality):
2806         * html/HTMLEmbedElement.cpp:
2807         (WebCore::HTMLEmbedElement::imageSourceURL):
2808         (WebCore::HTMLEmbedElement::addSubresourceAttributeURLs):
2809         * html/HTMLFormControlElement.cpp:
2810         (WebCore::HTMLFormControlElement::formEnctype):
2811         (WebCore::HTMLFormControlElement::formMethod):
2812         (WebCore::HTMLFormControlElement::formAction):
2813         (WebCore::HTMLFormControlElement::autocorrect):
2814         (WebCore::HTMLFormControlElement::autocapitalizeType):
2815         * html/HTMLFormElement.cpp:
2816         (WebCore::HTMLFormElement::autocorrect):
2817         (WebCore::HTMLFormElement::autocapitalizeType):
2818         (WebCore::HTMLFormElement::autocapitalize):
2819         (WebCore::HTMLFormElement::action):
2820         (WebCore::HTMLFormElement::setAction):
2821         (WebCore::HTMLFormElement::target):
2822         (WebCore::HTMLFormElement::wasUserSubmitted):
2823         (WebCore::HTMLFormElement::shouldAutocomplete):
2824         (WebCore::HTMLFormElement::finishParsingChildren):
2825         (WebCore::HTMLFormElement::autocomplete):
2826         * html/HTMLFrameElementBase.cpp:
2827         (WebCore::HTMLFrameElementBase::location):
2828         (WebCore::HTMLFrameElementBase::setLocation):
2829         * html/HTMLHtmlElement.cpp:
2830         (WebCore::HTMLHtmlElement::insertedByParser):
2831         * html/HTMLImageElement.cpp:
2832         (WebCore::HTMLImageElement::imageSourceURL):
2833         (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
2834         (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
2835         (WebCore::HTMLImageElement::selectImageSource):
2836         (WebCore::HTMLImageElement::altText):
2837         (WebCore::HTMLImageElement::createElementRenderer):
2838         (WebCore::HTMLImageElement::width):
2839         (WebCore::HTMLImageElement::height):
2840         (WebCore::HTMLImageElement::alt):
2841         (WebCore::HTMLImageElement::draggable):
2842         (WebCore::HTMLImageElement::setHeight):
2843         (WebCore::HTMLImageElement::src):
2844         (WebCore::HTMLImageElement::setSrc):
2845         (WebCore::HTMLImageElement::addSubresourceAttributeURLs):
2846         (WebCore::HTMLImageElement::didMoveToNewDocument):
2847         (WebCore::HTMLImageElement::isServerMap):
2848         (WebCore::HTMLImageElement::crossOrigin):
2849         * html/HTMLInputElement.cpp:
2850         (WebCore::HTMLInputElement::updateType):
2851         (WebCore::HTMLInputElement::initializeInputType):
2852         (WebCore::HTMLInputElement::altText):
2853         (WebCore::HTMLInputElement::value):
2854         (WebCore::HTMLInputElement::defaultValue):
2855         (WebCore::HTMLInputElement::setDefaultValue):
2856         (WebCore::HTMLInputElement::acceptMIMETypes):
2857         (WebCore::HTMLInputElement::acceptFileExtensions):
2858         (WebCore::HTMLInputElement::accept):
2859         (WebCore::HTMLInputElement::alt):
2860         (WebCore::HTMLInputElement::effectiveMaxLength):
2861         (WebCore::HTMLInputElement::src):
2862         (WebCore::HTMLInputElement::setAutoFilled):
2863         (WebCore::HTMLInputElement::dataList):
2864         (WebCore::HTMLInputElement::resetListAttributeTargetObserver):
2865         * html/HTMLKeygenElement.cpp:
2866         (WebCore::HTMLKeygenElement::isKeytypeRSA):
2867         (WebCore::HTMLKeygenElement::appendFormData):
2868         * html/HTMLLIElement.cpp:
2869         (WebCore::HTMLLIElement::didAttachRenderers):
2870         (WebCore::HTMLLIElement::parseValue):
2871         * html/HTMLLabelElement.cpp:
2872         (WebCore::HTMLLabelElement::control):
2873         * html/HTMLLinkElement.cpp:
2874         (WebCore::HTMLLinkElement::crossOrigin):
2875         (WebCore::HTMLLinkElement::process):
2876         (WebCore::HTMLLinkElement::href):
2877         (WebCore::HTMLLinkElement::rel):
2878         (WebCore::HTMLLinkElement::target):
2879         (WebCore::HTMLLinkElement::type):
2880         (WebCore::HTMLLinkElement::iconType):
2881         * html/HTMLMarqueeElement.cpp:
2882         (WebCore::HTMLMarqueeElement::scrollAmount):
2883         (WebCore::HTMLMarqueeElement::setScrollAmount):
2884         (WebCore::HTMLMarqueeElement::scrollDelay):
2885         (WebCore::HTMLMarqueeElement::setScrollDelay):
2886         (WebCore::HTMLMarqueeElement::loop):
2887         * html/HTMLMediaElement.cpp:
2888         (WebCore::HTMLMediaElement::insertedInto):
2889         (WebCore::HTMLMediaElement::crossOrigin):
2890         (WebCore::HTMLMediaElement::networkState):
2891         (WebCore::HTMLMediaElement::mediaSessionTitle):
2892         (WebCore::HTMLMediaElement::doesHaveAttribute):
2893         * html/HTMLMetaElement.cpp:
2894         (WebCore::HTMLMetaElement::process):
2895         (WebCore::HTMLMetaElement::content):
2896         (WebCore::HTMLMetaElement::httpEquiv):
2897         (WebCore::HTMLMetaElement::name):
2898         * html/HTMLMeterElement.cpp:
2899         (WebCore::HTMLMeterElement::min):
2900         (WebCore::HTMLMeterElement::setMin):
2901         (WebCore::HTMLMeterElement::max):
2902         (WebCore::HTMLMeterElement::setMax):
2903         (WebCore::HTMLMeterElement::value):
2904         (WebCore::HTMLMeterElement::low):
2905         (WebCore::HTMLMeterElement::high):
2906         (WebCore::HTMLMeterElement::optimum):
2907         * html/HTMLObjectElement.cpp:
2908         (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk):
2909         (WebCore::HTMLObjectElement::hasValidClassId):
2910         (WebCore::HTMLObjectElement::imageSourceURL):
2911         (WebCore::HTMLObjectElement::renderFallbackContent):
2912         (WebCore::HTMLObjectElement::containsJavaApplet):
2913         (WebCore::HTMLObjectElement::addSubresourceAttributeURLs):
2914         * html/HTMLOptGroupElement.cpp:
2915         (WebCore::HTMLOptGroupElement::groupLabelText):
2916         * html/HTMLOptionElement.cpp:
2917         (WebCore::HTMLOptionElement::value):
2918         (WebCore::HTMLOptionElement::label):
2919         * html/HTMLParamElement.cpp:
2920         (WebCore::HTMLParamElement::value):
2921         (WebCore::HTMLParamElement::isURLParameter):
2922         * html/HTMLProgressElement.cpp:
2923         (WebCore::HTMLProgressElement::value):
2924         (WebCore::HTMLProgressElement::max):
2925         * html/HTMLScriptElement.cpp:
2926         (WebCore::HTMLScriptElement::crossOrigin):
2927         (WebCore::HTMLScriptElement::src):
2928         (WebCore::HTMLScriptElement::sourceAttributeValue):
2929         (WebCore::HTMLScriptElement::charsetAttributeValue):
2930         (WebCore::HTMLScriptElement::typeAttributeValue):
2931         (WebCore::HTMLScriptElement::languageAttributeValue):
2932         (WebCore::HTMLScriptElement::forAttributeValue):
2933         (WebCore::HTMLScriptElement::eventAttributeValue):
2934         (WebCore::HTMLScriptElement::asyncAttributeValue):
2935         * html/HTMLSlotElement.cpp:
2936         (WebCore::HTMLSlotElement::insertedInto):
2937         (WebCore::HTMLSlotElement::removedFrom):
2938         * html/HTMLSourceElement.cpp:
2939         (WebCore::HTMLSourceElement::media):
2940         (WebCore::HTMLSourceElement::setMedia):
2941         (WebCore::HTMLSourceElement::type):
2942         (WebCore::HTMLSourceElement::setType):
2943         * html/HTMLTableCellElement.cpp:
2944         (WebCore::HTMLTableCellElement::colSpanForBindings):
2945         (WebCore::HTMLTableCellElement::rowSpan):
2946         (WebCore::HTMLTableCellElement::rowSpanForBindings):
2947         (WebCore::HTMLTableCellElement::cellIndex):
2948         (WebCore::HTMLTableCellElement::abbr):
2949         (WebCore::HTMLTableCellElement::axis):
2950         (WebCore::HTMLTableCellElement::setColSpanForBindings):
2951         (WebCore::HTMLTableCellElement::headers):
2952         (WebCore::HTMLTableCellElement::setRowSpanForBindings):
2953         (WebCore::HTMLTableCellElement::scope):
2954         (WebCore::HTMLTableCellElement::addSubresourceAttributeURLs):
2955         (WebCore::HTMLTableCellElement::cellAbove):
2956         * html/HTMLTableColElement.cpp:
2957         (WebCore::HTMLTableColElement::width):
2958         * html/HTMLTableElement.cpp:
2959         (WebCore::HTMLTableElement::rules):
2960         (WebCore::HTMLTableElement::summary):
2961         (WebCore::HTMLTableElement::addSubresourceAttributeURLs):
2962         * html/HTMLTableSectionElement.cpp:
2963         (WebCore::HTMLTableSectionElement::align):
2964         (WebCore::HTMLTableSectionElement::setAlign):
2965         (WebCore::HTMLTableSectionElement::ch):
2966         (WebCore::HTMLTableSectionElement::setCh):
2967         (WebCore::HTMLTableSectionElement::chOff):
2968         (WebCore::HTMLTableSectionElement::setChOff):
2969         (WebCore::HTMLTableSectionElement::vAlign):
2970         (WebCore::HTMLTableSectionElement::setVAlign):
2971         * html/HTMLTextAreaElement.cpp:
2972         (WebCore::HTMLTextAreaElement::appendFormData):
2973         * html/HTMLTextFormControlElement.cpp:
2974         (WebCore::HTMLTextFormControlElement::strippedPlaceholder):
2975         (WebCore::HTMLTextFormControlElement::isPlaceholderEmpty):
2976         (WebCore::HTMLTextFormControlElement::directionForFormData):
2977         * html/HTMLTrackElement.cpp:
2978         (WebCore::HTMLTrackElement::srclang):
2979         (WebCore::HTMLTrackElement::label):
2980         (WebCore::HTMLTrackElement::isDefault):
2981         (WebCore::HTMLTrackElement::ensureTrack):
2982         (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
2983         * html/HTMLVideoElement.cpp:
2984         (WebCore::HTMLVideoElement::parseAttribute):
2985         (WebCore::HTMLVideoElement::imageSourceURL):
2986         * html/ImageInputType.cpp:
2987         (WebCore::ImageInputType::height):
2988         (WebCore::ImageInputType::width):
2989         * html/InputType.cpp:
2990         (WebCore::InputType::applyStep):
2991         * html/MediaElementSession.cpp:
2992         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
2993         * html/MonthInputType.cpp:
2994         (WebCore::MonthInputType::createStepRange):
2995         * html/NumberInputType.cpp:
2996         (WebCore::NumberInputType::createStepRange):
2997         (WebCore::NumberInputType::sizeShouldIncludeDecoration):
2998         * html/RangeInputType.cpp:
2999         (WebCore::RangeInputType::createStepRange):
3000         (WebCore::RangeInputType::handleKeydownEvent):
3001         * html/TextFieldInputType.cpp:
3002         (WebCore::TextFieldInputType::appendFormData):
3003         (WebCore::TextFieldInputType::updateAutoFillButton):
3004         * html/TimeInputType.cpp:
3005         (WebCore::TimeInputType::createStepRange):
3006         * html/ValidationMessage.cpp:
3007         (WebCore::ValidationMessage::updateValidationMessage):
3008         * html/WeekInputType.cpp:
3009         (WebCore::WeekInputType::createStepRange):
3010         * html/track/WebVTTElement.cpp:
3011         (WebCore::WebVTTElement::createEquivalentHTMLElement):
3012         * inspector/InspectorPageAgent.cpp:
3013         (WebCore::InspectorPageAgent::buildObjectForFrame):
3014         * loader/FormSubmission.cpp:
3015         (WebCore::FormSubmission::create):
3016         * loader/FrameLoader.cpp:
3017         (WebCore::FrameLoader::defaultSubstituteDataForURL):
3018         * loader/ImageLoader.cpp:
3019         (WebCore::ImageLoader::updateFromElement):
3020         * loader/SubframeLoader.cpp:
3021         (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy):
3022         * mathml/MathMLElement.cpp:
3023         (WebCore::MathMLElement::colSpan):
3024         (WebCore::MathMLElement::rowSpan):
3025         (WebCore::MathMLElement::childShouldCreateRenderer):
3026         (WebCore::MathMLElement::defaultEventHandler):
3027         (WebCore::MathMLElement::cachedMathMLLength):
3028         * mathml/MathMLFractionElement.cpp:
3029         (WebCore::MathMLFractionElement::lineThickness):
3030         (WebCore::MathMLFractionElement::cachedFractionAlignment):
3031         * mathml/MathMLSelectElement.cpp:
3032         (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
3033         (WebCore::MathMLSelectElement::getSelectedActionChild):
3034         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
3035         (WebCore::MathMLSelectElement::defaultEventHandler):
3036         (WebCore::MathMLSelectElement::willRespondToMouseClickEvents):
3037         (WebCore::MathMLSelectElement::toggle):
3038         * page/EventHandler.cpp:
3039         (WebCore::findDropZone):
3040         * page/Frame.cpp:
3041         (WebCore::Frame::matchLabelsAgainstElement):
3042         * page/PageSerializer.cpp:
3043         (WebCore::PageSerializer::serializeFrame):
3044         * platform/win/PasteboardWin.cpp:
3045         (WebCore::Pasteboard::writeImageToDataObject):
3046         * rendering/HitTestResult.cpp:
3047         (WebCore::HitTestResult::altDisplayString):
3048         * rendering/RenderDetailsMarker.cpp:
3049         (WebCore::RenderDetailsMarker::isOpen):
3050         * rendering/RenderImage.cpp:
3051         (WebCore::RenderImage::imageMap):
3052         (WebCore::RenderImage::nodeAtPoint):
3053         * rendering/RenderMenuList.cpp:
3054         (RenderMenuList::itemAccessibilityText):
3055         (RenderMenuList::itemToolTip):
3056         * rendering/RenderSearchField.cpp:
3057         (WebCore::RenderSearchField::autosaveName):
3058         * rendering/RenderThemeIOS.mm:
3059         (WebCore::getAttachmentProgress):
3060         (WebCore::AttachmentInfo::AttachmentInfo):
3061         * rendering/RenderThemeMac.mm:
3062         (WebCore::AttachmentLayout::layOutSubtitle):
3063         (WebCore::RenderThemeMac::paintAttachment):
3064         * rendering/mathml/MathMLStyle.cpp:
3065         (WebCore::MathMLStyle::resolveMathMLStyle):
3066         * rendering/mathml/RenderMathMLFenced.cpp:
3067         (WebCore::RenderMathMLFenced::updateFromElement):
3068         * rendering/mathml/RenderMathMLOperator.cpp:
3069         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
3070         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttributeValue):
3071         (WebCore::RenderMathMLOperator::setOperatorProperties):
3072         * rendering/mathml/RenderMathMLScripts.cpp:
3073         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
3074         * rendering/mathml/RenderMathMLUnderOver.cpp:
3075         (WebCore::RenderMathMLUnderOver::hasAccent):
3076         * style/StyleSharingResolver.cpp:
3077         (WebCore::Style::SharingResolver::canShareStyleWithElement):
3078         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
3079         * svg/SVGAElement.cpp:
3080         (WebCore::SVGAElement::title):
3081         (WebCore::SVGAElement::defaultEventHandler):
3082         * svg/SVGAltGlyphElement.cpp:
3083         (WebCore::SVGAltGlyphElement::glyphRef):
3084         (WebCore::SVGAltGlyphElement::setFormat):
3085         (WebCore::SVGAltGlyphElement::format):
3086         (WebCore::SVGAltGlyphElement::childShouldCreateRenderer):
3087         * svg/SVGAnimationElement.cpp:
3088         (WebCore::SVGAnimationElement::toValue):
3089         (WebCore::SVGAnimationElement::byValue):
3090         (WebCore::SVGAnimationElement::fromValue):
3091         (WebCore::SVGAnimationElement::isAdditive):
3092         (WebCore::SVGAnimationElement::isAccumulated):
3093         * svg/SVGElement.cpp:
3094         (WebCore::SVGElement::xmlbase):
3095         (WebCore::SVGElement::setXmlbase):
3096         * svg/SVGFontFaceElement.cpp:
3097         (WebCore::SVGFontFaceElement::unitsPerEm):
3098         (WebCore::SVGFontFaceElement::xHeight):
3099         (WebCore::SVGFontFaceElement::capHeight):
3100         (WebCore::SVGFontFaceElement::horizontalOriginX):
3101         (WebCore::SVGFontFaceElement::horizontalOriginY):
3102         (WebCore::SVGFontFaceElement::horizontalAdvanceX):
3103         (WebCore::SVGFontFaceElement::verticalOriginX):
3104         (WebCore::SVGFontFaceElement::verticalOriginY):
3105         (WebCore::SVGFontFaceElement::verticalAdvanceY):
3106         (WebCore::SVGFontFaceElement::ascent):
3107         (WebCore::SVGFontFaceElement::descent):
3108         * svg/SVGFontFaceNameElement.cpp:
3109         (WebCore::SVGFontFaceNameElement::srcValue):
3110         * svg/SVGFontFaceUriElement.cpp:
3111         (WebCore::SVGFontFaceUriElement::srcValue):
3112         * svg/SVGGlyphRefElement.cpp:
3113         (WebCore::SVGGlyphRefElement::glyphRef):
3114         (WebCore::SVGGlyphRefElement::setGlyphRef):
3115         * svg/SVGHKernElement.cpp:
3116         (WebCore::SVGHKernElement::buildHorizontalKerningPair):
3117         * svg/SVGSVGElement.cpp:
3118         (WebCore::SVGSVGElement::contentScriptType):
3119         (WebCore::SVGSVGElement::contentStyleType):
3120         * svg/SVGStyleElement.cpp:
3121         (WebCore::SVGStyleElement::media):
3122         (WebCore::SVGStyleElement::title):
3123         (WebCore::SVGStyleElement::setTitle):
3124         * svg/SVGToOTFFontConversion.cpp:
3125         (WebCore::SVGToOTFFontConverter::appendOS2Table):
3126         (WebCore::SVGToOTFFontConverter::appendCFFTable):
3127         (WebCore::SVGToOTFFontConverter::appendArabicReplacementSubtable):
3128         (WebCore::SVGToOTFFontConverter::appendVORGTable):
3129         (WebCore::SVGToOTFFontConverter::transcodeGlyphPaths):
3130         (WebCore::SVGToOTFFontConverter::processGlyphElement):
3131         (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically):
3132         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
3133         * svg/SVGVKernElement.cpp:
3134         (WebCore::SVGVKernElement::buildVerticalKerningPair):
3135         * svg/animation/SVGSMILElement.cpp:
3136         (WebCore::SVGSMILElement::insertedInto):
3137         (WebCore::SVGSMILElement::parseAttribute):
3138         (WebCore::SVGSMILElement::svgAttributeChanged):
3139         (WebCore::SVGSMILElement::restart):
3140         (WebCore::SVGSMILElement::fill):
3141         (WebCore::SVGSMILElement::dur):
3142         (WebCore::SVGSMILElement::repeatDur):
3143         (WebCore::SVGSMILElement::repeatCount):
3144         (WebCore::SVGSMILElement::maxValue):
3145         (WebCore::SVGSMILElement::minValue):
3146
3147 2016-07-16  Carlos Garcia Campos  <cgarcia@igalia.com>
3148
3149         ASSERTION FAILED: isMainThread() in ~UniqueIDBDatabase() since r201997
3150         https://bugs.webkit.org/show_bug.cgi?id=159809
3151
3152         Reviewed by Brady Eidson.
3153
3154         In r201997 the UniqueIDBDatabase was protected in executeNextDatabaseTask() because the last reference could be
3155         removed while the task is performed. However UniqueIDBDatabase is expected to be deleted in the main thread, and
3156         the destructor asserts when not called in the main thread, but executeNextDatabaseTask() is always called on a
3157         secondary thread. So, if the protector contains the last reference, the object is deleted in the secondary thread.
3158
3159         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
3160         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask): Use callOnMainThread to ensure the object is
3161         deleted in the main thread in case the protector contains the last reference.
3162
3163 2016-07-15  Chris Dumez  <cdumez@apple.com>
3164
3165         Use emptyString() / nullAtom when possible
3166         https://bugs.webkit.org/show_bug.cgi?id=159850
3167
3168         Reviewed by Ryosuke Niwa.
3169
3170         Use emptyString() / nullAtom when possible, for performance.
3171
3172         * Modules/webaudio/AudioNode.cpp:
3173         (WebCore::AudioNode::channelCountMode):
3174         (WebCore::AudioNode::channelInterpretation):
3175         * Modules/webdatabase/DatabaseTracker.cpp:
3176         (WebCore::DatabaseTracker::tracker):
3177         * Modules/websockets/WebSocket.cpp:
3178         (WebCore::WebSocket::WebSocket):
3179         (WebCore::WebSocket::didConnect):
3180         * Modules/websockets/WebSocketChannel.cpp:
3181         (WebCore::WebSocketChannel::subprotocol):
3182         (WebCore::WebSocketChannel::extensions):
3183         * accessibility/AccessibilityObject.cpp:
3184         (WebCore::AccessibilityObject::supportsPressAction):
3185         * accessibility/mac/AXObjectCacheMac.mm:
3186         (WebCore::AXObjectCache::postTextStateChangePlatformNotification):
3187         * css/CSSPropertySourceData.cpp:
3188         (WebCore::CSSPropertySourceData::CSSPropertySourceData):
3189         * css/PageRuleCollector.cpp:
3190         (WebCore::PageRuleCollector::pageName):
3191         * css/PropertySetCSSStyleDeclaration.cpp:
3192         (WebCore::PropertySetCSSStyleDeclaration::getPropertyPriority):
3193         * dom/DocumentMarkerController.cpp:
3194         (WebCore::DocumentMarkerController::addDictationPhraseWithAlternativesMarker):
3195         * dom/Element.cpp:
3196         (WebCore::Element::setPrefix):
3197         * editing/AlternativeTextController.cpp:
3198         (WebCore::AlternativeTextController::respondToMarkerAtEndOfWord):
3199         (WebCore::AlternativeTextController::markerDescriptionForAppliedAlternativeText):
3200         * editing/CompositeEditCommand.cpp:
3201         (WebCore::CompositeEditCommand::removeNodeAttribute):
3202         (WebCore::CompositeEditCommand::moveParagraphs):
3203         * editing/InsertTextCommand.cpp:
3204         (WebCore::InsertTextCommand::positionInsideTextNode):
3205         * editing/TextCheckingHelper.cpp:
3206         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
3207         * editing/TypingCommand.cpp:
3208         (WebCore::TypingCommand::deleteSelection):
3209         (WebCore::TypingCommand::deleteKeyPressed):
3210         (WebCore::TypingCommand::forwardDeleteKeyPressed):
3211         (WebCore::TypingCommand::insertLineBreak):
3212         (WebCore::TypingCommand::insertParagraphSeparator):
3213         * editing/cocoa/EditorCocoa.mm:
3214         (WebCore::Editor::styleForSelectionStart):
3215         * editing/mac/EditorMac.mm:
3216         (WebCore::Editor::stringSelectionForPasteboard):
3217         (WebCore::Editor::stringSelectionForPasteboardWithImageAltText):
3218         * fileapi/FileReaderLoader.cpp:
3219         (WebCore::FileReaderLoader::FileReaderLoader):
3220         * html/FileInputType.cpp:
3221         (WebCore::FileInputType::appendFormData):
3222         * html/HTMLMediaElement.cpp:
3223         (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
3224         * html/HTMLOutputElement.cpp:
3225         (WebCore::HTMLOutputElement::HTMLOutputElement):
3226         * html/SearchInputType.cpp:
3227         (WebCore::SearchInputType::handleKeydownEvent):
3228         * html/TextFieldInputType.cpp:
3229         (WebCore::autoFillButtonTypeToAccessibilityLabel):
3230         * html/canvas/WebGLDebugShaders.cpp:
3231         (WebCore::WebGLDebugShaders::getTranslatedShaderSource):
3232         * html/canvas/WebGLRenderingContextBase.cpp:
3233         (WebCore::WebGLRenderingContextBase::dispatchContextLostEvent):
3234         (WebCore::WebGLRenderingContextBase::maybeRestoreContext):
3235         * html/canvas/WebGLShader.cpp:
3236         (WebCore::WebGLShader::WebGLShader):
3237         * html/shadow/MediaControlElements.cpp:
3238         (WebCore::MediaControlStatusDisplayElement::update):
3239         * html/track/TextTrack.cpp:
3240         (WebCore::TextTrack::captionMenuOffItem):
3241         (WebCore::TextTrack::captionMenuAutomaticItem):
3242         * html/track/VTTRegion.cpp:
3243         (WebCore::VTTRegion::scroll):
3244         * html/track/VTTRegion.h:
3245         * inspector/InspectorDOMAgent.cpp:
3246         (WebCore::InspectorDOMAgent::toErrorString):
3247         (WebCore::InspectorDOMAgent::resolveNode):
3248         (WebCore::InspectorDOMAgent::documentURLString):
3249         (WebCore::documentBaseURLString):
3250         * inspector/InspectorDOMDebuggerAgent.cpp:
3251         (WebCore::domTypeName):
3252         * inspector/InspectorFrontendHost.cpp:
3253         (WebCore::InspectorFrontendHost::localizedStringsURL):
3254         * inspector/InspectorHistory.cpp:
3255         (WebCore::InspectorHistory::Action::mergeId):
3256         * inspector/InspectorPageAgent.cpp:
3257         (WebCore::InspectorPageAgent::reload):
3258         (WebCore::InspectorPageAgent::frameId):
3259         (WebCore::InspectorPageAgent::loaderId):
3260         * inspector/InspectorStyleSheet.cpp:
3261         (WebCore::InspectorStyleSheet::ruleSelector):
3262         * loader/EmptyClients.h:
3263         * loader/FrameLoader.cpp:
3264         (WebCore::FrameLoader::referrer):
3265         * loader/ImageLoader.cpp:
3266         (WebCore::ImageLoader::clearFailedLoadURL):
3267         * loader/ResourceLoader.cpp:
3268         (WebCore::ResourceLoader::didReceiveResponse):
3269         * page/ContextMenuController.cpp:
3270         (WebCore::ContextMenuController::contextMenuItemSelected):
3271         * page/FrameTree.cpp:
3272         (WebCore::FrameTree::setName):
3273         (WebCore::FrameTree::clearName):
3274         * page/Location.cpp:
3275         (WebCore::Location::port):
3276         * platform/network/ProtectionSpaceBase.cpp:
3277         (WebCore::ProtectionSpaceBase::ProtectionSpaceBase):
3278         * xml/parser/XMLDocumentParserLibxml2.cpp:
3279         (WebCore::handleElementAttributes):
3280
3281 2016-07-15  Simon Fraser  <simon.fraser@apple.com>
3282
3283         Repaints rects drawn incorrectly when inspecting a WebView on a Retina display
3284         https://bugs.webkit.org/show_bug.cgi?id=159824
3285         rdar://problem/27376305
3286
3287         Reviewed by Brian Burg.
3288
3289         InspectorOverlayPage.js set up the canvases with a deviceScaleFactor passed into
3290         reset(), which comes from the overlay's m_page.deviceScaleFactor(). However, updatePaintRects()
3291         used window.devicePixelRatio which was always 1.
3292
3293         Fix by setting the deviceScaleFactor on the m_overlayPage.
3294
3295         * inspector/InspectorOverlay.cpp:
3296         (WebCore::InspectorOverlay::overlayPage):
3297
3298 2016-07-15  Myles C. Maxfield  <mmaxfield@apple.com>
3299
3300         [macOS] Work around crash in [NSAttributedString nextWordFromIndex:forward:]
3301         https://bugs.webkit.org/show_bug.cgi?id=159842
3302
3303         Reviewed by Jon Lee.
3304
3305         <rdar://problem/27380532> describes a crash inside [NSAttributedString nextWordFromIndex:forward:].
3306         This must be worked around for https://bugs.webkit.org/show_bug.cgi?id=159755 and
3307         <rdar://problem/27325521>.
3308
3309         * platform/text/mac/TextBoundaries.mm:
3310         (WebCore::findNextWordFromIndex):
3311
3312 2016-07-15  Brady Eidson  <beidson@apple.com>
3313
3314         Update XPathException to use the description in toString().
3315         https://bugs.webkit.org/show_bug.cgi?id=159848
3316
3317         Reviewed by Alex Christensen.
3318
3319         No new tests (Covered by changes to existing tests).
3320
3321         * bindings/js/JSDOMBinding.cpp:
3322         (WebCore::createDOMException):
3323         * xml/XPathException.h:
3324         (WebCore::XPathException::XPathException):
3325
3326 2016-07-15  Brady Eidson  <beidson@apple.com>
3327
3328         Change toString() behavior for exceptions constructed with "createWithDescriptionAsMessage".
3329         https://bugs.webkit.org/show_bug.cgi?id=159839
3330
3331         Reviewed by Alex Christensen.
3332
3333         No new tests (Covered by changes to existing tests).
3334
3335         This is the first step towards extended exception messages for all exception types.
3336
3337         * dom/ExceptionBase.cpp:
3338         (WebCore::ExceptionBase::ExceptionBase):
3339         (WebCore::ExceptionBase::toString):
3340         * dom/ExceptionBase.h:
3341
3342 2016-07-15  Geoffrey Garen  <ggaren@apple.com>
3343
3344         Added a makeRef<T> helper
3345         https://bugs.webkit.org/show_bug.cgi?id=159835
3346
3347         Reviewed by Andreas Kling.
3348
3349         Anders told me to!
3350
3351         * Modules/indexeddb/IDBTransaction.cpp:
3352         (WebCore::IDBTransaction::putOrAddOnServer):
3353         * Modules/indexeddb/shared/InProcessIDBServer.cpp:
3354         (WebCore::InProcessIDBServer::deleteDatabase):
3355         (WebCore::InProcessIDBServer::didDeleteDatabase):
3356         (WebCore::InProcessIDBServer::openDatabase):
3357         (WebCore::InProcessIDBServer::didOpenDatabase):
3358         (WebCore::InProcessIDBServer::didAbortTransaction):
3359         (WebCore::InProcessIDBServer::didCommitTransaction):
3360         (WebCore::InProcessIDBServer::didCreateObjectStore):
3361         (WebCore::InProcessIDBServer::didDeleteObjectStore):
3362         (WebCore::InProcessIDBServer::didClearObjectStore):
3363         (WebCore::InProcessIDBServer::didCreateIndex):
3364         (WebCore::InProcessIDBServer::didDeleteIndex):
3365         (WebCore::InProcessIDBServer::didPutOrAdd):
3366         (WebCore::InProcessIDBServer::didGetRecord):
3367         (WebCore::InProcessIDBServer::didGetCount):
3368         (WebCore::InProcessIDBServer::didDeleteRecord):
3369         (WebCore::InProcessIDBServer::didOpenCursor):
3370         (WebCore::InProcessIDBServer::didIterateCursor):
3371         (WebCore::InProcessIDBServer::abortTransaction):
3372         (WebCore::InProcessIDBServer::commitTransaction):
3373         (WebCore::InProcessIDBServer::didFinishHandlingVersionChangeTransaction):
3374         (WebCore::InProcessIDBServer::createObjectStore):
3375         (WebCore::InProcessIDBServer::deleteObjectStore):
3376         (WebCore::InProcessIDBServer::clearObjectStore):
3377         (WebCore::InProcessIDBServer::createIndex):
3378         (WebCore::InProcessIDBServer::deleteIndex):
3379         (WebCore::InProcessIDBServer::putOrAdd):
3380         (WebCore::InProcessIDBServer::getRecord):
3381         (WebCore::InProcessIDBServer::getCount):
3382         (WebCore::InProcessIDBServer::deleteRecord):
3383         (WebCore::InProcessIDBServer::openCursor):
3384         (WebCore::InProcessIDBServer::iterateCursor):
3385         (WebCore::InProcessIDBServer::establishTransaction):
3386         (WebCore::InProcessIDBServer::fireVersionChangeEvent):
3387         (WebCore::InProcessIDBServer::didStartTransaction):
3388         (WebCore::InProcessIDBServer::didCloseFromServer):
3389         (WebCore::InProcessIDBServer::notifyOpenDBRequestBlocked):
3390         (WebCore::InProcessIDBServer::databaseConnectionClosed):
3391         (WebCore::InProcessIDBServer::abortOpenAndUpgradeNeeded):
3392         (WebCore::InProcessIDBServer::didFireVersionChangeEvent):
3393         (WebCore::InProcessIDBServer::openDBRequestCancelled):
3394         (WebCore::InProcessIDBServer::confirmDidCloseFromServer):
3395         (WebCore::InProcessIDBServer::getAllDatabaseNames):
3396         (WebCore::InProcessIDBServer::didGetAllDatabaseNames):
3397         * Modules/mediastream/MediaDevicesRequest.cpp:
3398         (WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest):
3399         * Modules/mediastream/UserMediaRequest.cpp:
3400         (WebCore::UserMediaRequest::constraintsValidated):
3401         (WebCore::UserMediaRequest::userMediaAccessGranted):
3402         * Modules/webaudio/AudioContext.cpp:
3403         (WebCore::AudioContext::scheduleNodeDeletion):
3404         (WebCore::AudioContext::isPlayingAudioDidChange):
3405         (WebCore::AudioContext::suspend):
3406         (WebCore::AudioContext::resume):
3407         (WebCore::AudioContext::close):
3408         (WebCore::AudioContext::suspendPlayback):
3409         (WebCore::AudioContext::mayResumePlayback):
3410         * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
3411         (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
3412         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
3413         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
3414         (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
3415         (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
3416         (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
3417         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
3418         (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
3419         * Modules/websockets/WebSocket.cpp:
3420         (WebCore::WebSocket::connect):
3421         * bindings/js/JSEventListener.h:
3422         (WebCore::JSEventListener::jsFunction):
3423         * dom/Node.cpp:
3424         (WebCore::Node::setTextContent):
3425         * html/HTMLMediaElement.cpp:
3426         (WebCore::HTMLMediaElement::layoutSizeChanged):
3427         * inspector/CommandLineAPIHost.cpp:
3428         (WebCore::CommandLineAPIHost::wrapper):
3429         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
3430         (WebCore::AudioSourceProviderAVFObjC::prepare):
3431         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
3432         (WebCore::WebCoreAVCFResourceLoader::invalidate):
3433         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
3434         (WebCore::WebCoreAVFResourceLoader::invalidate):
3435         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
3436         (WebVideoFullscreenControllerContext::setExternalPlayback):
3437         * platform/network/BlobResourceHandle.cpp:
3438         (WebCore::BlobResourceHandle::start):
3439         (WebCore::BlobResourceHandle::notifyFinish):
3440         * platform/network/SocketStreamHandleBase.cpp:
3441         (WebCore::SocketStreamHandleBase::disconnect):
3442         * platform/network/curl/CurlDownload.cpp:
3443         (WebCore::CurlDownload::didReceiveHeader):
3444
3445 2016-07-15  Chris Dumez  <cdumez@apple.com>
3446
3447         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible
3448         https://bugs.webkit.org/show_bug.cgi?id=159793
3449
3450         Reviewed by Ryosuke Niwa.
3451
3452         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible, for performance.
3453
3454         * Modules/plugins/YouTubePluginReplacement.cpp:
3455         (WebCore::YouTubePluginReplacement::installReplacement):
3456         * dom/Element.h:
3457         (WebCore::Element::setIdAttribute):
3458         * editing/ApplyStyleCommand.cpp:
3459         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
3460         (WebCore::createFontElement):
3461         (WebCore::ApplyStyleCommand::applyInlineStyleChange):
3462         * editing/EditingStyle.cpp:
3463         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
3464         * editing/Editor.cpp:
3465         (WebCore::Editor::setBaseWritingDirection):
3466         * editing/ReplaceSelectionCommand.cpp:
3467         (WebCore::isMailPasteAsQuotationNode):
3468         (WebCore::isInlineNodeWithStyle):
3469         * editing/cocoa/DataDetection.mm:
3470         (WebCore::DataDetection::detectContentInRange):
3471         * editing/htmlediting.cpp:
3472         (WebCore::createTabSpanElement):
3473         * editing/ios/EditorIOS.mm:
3474         (WebCore::Editor::setTextAlignmentForChangedBaseWritingDirection):
3475         (WebCore::Editor::WebContentReader::readURL):
3476         * editing/mac/EditorMac.mm:
3477         (WebCore::Editor::WebContentReader::readURL):
3478         * editing/markup.cpp:
3479         (WebCore::createFragmentFromText):
3480         * html/BaseButtonInputType.cpp:
3481         (WebCore::BaseButtonInputType::setValue):
3482         * html/BaseCheckableInputType.cpp:
3483         (WebCore::BaseCheckableInputType::setValue):
3484         * html/FTPDirectoryDocument.cpp:
3485         (WebCore::FTPDirectoryDocumentParser::appendEntry):
3486         (WebCore::FTPDirectoryDocumentParser::createTDForFilename):
3487         (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
3488         (WebCore::FTPDirectoryDocumentParser::createBasicDocument):
3489         * html/HTMLAnchorElement.cpp:
3490         (WebCore::HTMLAnchorElement::href):
3491         (WebCore::HTMLAnchorElement::setHref):
3492         (WebCore::HTMLAnchorElement::target):
3493         * html/HTMLAreaElement.cpp:
3494         (WebCore::HTMLAreaElement::target):
3495         * html/HTMLBaseElement.cpp:
3496         (WebCore::HTMLBaseElement::setHref):
3497         * html/HTMLButtonElement.cpp:
3498         (WebCore::HTMLButtonElement::setType):
3499         * html/HTMLDetailsElement.cpp:
3500         (WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot):
3501         (WebCore::HTMLDetailsElement::toggleOpen):
3502         * html/HTMLDocument.cpp:
3503         (WebCore::HTMLDocument::setBgColor):
3504         (WebCore::HTMLDocument::setFgColor):
3505         (WebCore::HTMLDocument::setAlinkColor):
3506         (WebCore::HTMLDocument::setLinkColor):
3507         (WebCore::HTMLDocument::setVlinkColor):
3508         * html/HTMLElement.cpp:
3509         (WebCore::HTMLElement::setDir):
3510         (WebCore::HTMLElement::setContentEditable):
3511         (WebCore::HTMLElement::setDraggable):
3512         (WebCore::HTMLElement::setSpellcheck):
3513         (WebCore::HTMLElement::setTranslate):
3514         * html/HTMLFormControlElement.cpp:
3515         (WebCore::HTMLFormControlElement::setFormEnctype):
3516         (WebCore::HTMLFormControlElement::setFormMethod):
3517         (WebCore::HTMLFormControlElement::setAutocorrect):
3518         (WebCore::HTMLFormControlElement::setAutocapitalize):
3519         (WebCore::HTMLFormControlElement::setAutocomplete):
3520         * html/HTMLFormElement.cpp:
3521         (WebCore::HTMLFormElement::setAutocorrect):
3522         (WebCore::HTMLFormElement::setAutocapitalize):
3523         (WebCore::HTMLFormElement::setAction):
3524         (WebCore::HTMLFormElement::setEnctype):
3525         (WebCore::HTMLFormElement::setMethod):
3526         (WebCore::HTMLFormElement::target):
3527         * html/HTMLImageElement.cpp:
3528         (WebCore::HTMLImageElement::width):
3529         (WebCore::HTMLImageElement::height):
3530         (WebCore::HTMLImageElement::setSrc):
3531         * html/HTMLInputElement.cpp:
3532         (WebCore::HTMLInputElement::setType):
3533         (WebCore::HTMLInputElement::updateType):
3534         (WebCore::HTMLInputElement::altText):
3535         (WebCore::HTMLInputElement::setDefaultValue):
3536         * html/HTMLLinkElement.cpp:
3537         (WebCore::HTMLLinkElement::href):
3538         (WebCore::HTMLLinkElement::target):
3539         (WebCore::HTMLLinkElement::type):
3540         * html/HTMLMediaElement.cpp:
3541         (WebCore::HTMLMediaElement::setSrc):
3542         (WebCore::HTMLMediaElement::setPreload):
3543         * html/HTMLMeterElement.cpp:
3544         (WebCore::HTMLMeterElement::min):
3545         (WebCore::HTMLMeterElement::setMin):
3546         (WebCore::HTMLMeterElement::max):
3547         (WebCore::HTMLMeterElement::setMax):
3548         (WebCore::HTMLMeterElement::value):
3549         (WebCore::HTMLMeterElement::setValue):
3550         (WebCore::HTMLMeterElement::low):
3551         (WebCore::HTMLMeterElement::setLow):
3552         (WebCore::HTMLMeterElement::high):
3553         (WebCore::HTMLMeterElement::setHigh):
3554         (WebCore::HTMLMeterElement::optimum):
3555         (WebCore::HTMLMeterElement::setOptimum):
3556         * html/HTMLObjectElement.cpp:
3557         (WebCore::HTMLObjectElement::containsJavaApplet):
3558         * html/HTMLOptionElement.cpp:
3559         (WebCore::HTMLOptionElement::createForJSConstructor):
3560         (WebCore::HTMLOptionElement::setValue):
3561         (WebCore::HTMLOptionElement::setLabel):
3562         * html/HTMLProgressElement.cpp:
3563         (WebCore::HTMLProgressElement::setValue):
3564         (WebCore::HTMLProgressElement::setMax):
3565         * html/HTMLScriptElement.cpp:
3566         (WebCore::HTMLScriptElement::typeAttributeValue):
3567         * html/HTMLSelectElement.cpp:
3568         (WebCore::HTMLSelectElement::setMultiple):
3569         * html/HTMLSourceElement.cpp:
3570         (WebCore::HTMLSourceElement::setSrc):
3571         (WebCore::HTMLSourceElement::media):
3572         (WebCore::HTMLSourceElement::setMedia):
3573         (WebCore::HTMLSourceElement::type):
3574         (WebCore::HTMLSourceElement::setType):
3575         * html/HTMLTableSectionElement.cpp:
3576         (WebCore::HTMLTableSectionElement::setAlign):
3577         (WebCore::HTMLTableSectionElement::setCh):
3578         (WebCore::HTMLTableSectionElement::chOff):
3579         (WebCore::HTMLTableSectionElement::setChOff):
3580         (WebCore::HTMLTableSectionElement::setVAlign):
3581         * html/HTMLTextFormControlElement.cpp:
3582         (WebCore::HTMLTextFormControlElement::updateInnerTextElementEditability):
3583         * html/HTMLVideoElement.cpp:
3584         (WebCore::HTMLVideoElement::imageSourceURL):
3585         * html/HiddenInputType.cpp:
3586         (WebCore::HiddenInputType::restoreFormControlState):
3587         (WebCore::HiddenInputType::setValue):
3588         * html/MediaDocument.cpp:
3589         (WebCore::MediaDocumentParser::createDocumentStructure):
3590         (WebCore::MediaDocument::replaceMediaElementTimerFired):
3591         * html/PluginDocument.cpp:
3592         (WebCore::PluginDocumentParser::createDocumentStructure):
3593         * html/TextFieldInputType.cpp:
3594         (WebCore::TextFieldInputType::createAutoFillButton):
3595         (WebCore::TextFieldInputType::updateAutoFillButton):
3596         * html/parser/HTMLTreeBuilder.cpp:
3597         (WebCore::HTMLTreeBuilder::processIsindexStartTagForInBody):
3598         * html/shadow/MediaControlElements.cpp:
3599         (WebCore::MediaControlClosedCaptionsContainerElement::create):
3600         (WebCore::MediaControlTimelineElement::create):
3601         (WebCore::MediaControlPanelVolumeSliderElement::create):
3602         (WebCore::MediaControlFullscreenVolumeSliderElement::create):
3603         * html/shadow/TextControlInnerElements.cpp:
3604         (WebCore::SearchFieldCancelButtonElement::SearchFieldCancelButtonElement):
3605         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
3606         (WebCore::ImageControlsButtonElementMac::tryCreate):
3607         * html/shadow/mac/ImageControlsRootElementMac.cpp:
3608         (WebCore::ImageControlsRootElement::tryCreate):
3609         * html/track/WebVTTElement.cpp:
3610         (WebCore::WebVTTElement::createEquivalentHTMLElement):
3611         * html/track/WebVTTParser.cpp:
3612         (WebCore::WebVTTTreeBuilder::constructTreeFromToken):
3613         * inspector/InspectorCSSAgent.cpp:
3614         (WebCore::InspectorCSSAgent::createInspectorStyleSheetForDocument):
3615         * inspector/InspectorPageAgent.cpp:
3616         (WebCore::InspectorPageAgent::buildObjectForFrame):
3617         * mathml/MathMLSelectElement.cpp:
3618         (WebCore::MathMLSelectElement::toggle):
3619         * page/PageSerializer.cpp:
3620         (WebCore::PageSerializer::serializeFrame):
3621         * rendering/RenderDetailsMarker.cpp:
3622         (WebCore::RenderDetailsMarker::isOpen):
3623         * rendering/mathml/RenderMathMLFraction.cpp:
3624         (WebCore::RenderMathMLFraction::updateFromElement):
3625         * svg/SVGElement.cpp:
3626         (WebCore::SVGElement::setXmlbase):
3627         * svg/SVGSVGElement.cpp:
3628         (WebCore::SVGSVGElement::setContentScriptType):
3629         (WebCore::SVGSVGElement::setContentStyleType):
3630         * svg/SVGStyleElement.cpp:
3631         (WebCore::SVGStyleElement::setMedia):
3632         (WebCore::SVGStyleElement::setTitle):
3633
3634 2016-07-15  Chris Dumez  <cdumez@apple.com>
3635
3636         Modernize StaticNodeList / StaticElementList
3637         https://bugs.webkit.org/show_bug.cgi?id=159831
3638
3639         Reviewed by Ryosuke Niwa.
3640
3641         Modernize StaticNodeList / StaticElementList. Pass vector to adopt
3642         as an rvalue reference instead of a non-const reference.
3643
3644         * bindings/js/JSHTMLAllCollectionCustom.cpp:
3645         (WebCore::namedItems):
3646         * dom/ChildListMutationScope.cpp:
3647         (WebCore::ChildListMutationAccumulator::enqueueMutationRecord):
3648         * dom/MutationRecord.cpp:
3649         * dom/SelectorQuery.cpp:
3650         (WebCore::SelectorDataList::queryAll):
3651         * dom/StaticNodeList.h:
3652         * dom/WebKitNamedFlow.cpp:
3653         (WebCore::WebKitNamedFlow::getRegionsByContent):
3654         (WebCore::WebKitNamedFlow::getRegions):
3655         (WebCore::WebKitNamedFlow::getContent):
3656         * svg/SVGSVGElement.cpp:
3657         (WebCore::SVGSVGElement::collectIntersectionOrEnclosureList):
3658         * testing/Internals.cpp:
3659         (WebCore::Internals::nodesFromRect):
3660
3661 2016-07-15  Brent Fulgham  <bfulgham@apple.com>
3662
3663         Block insecure script running in a data: frame when the top-level page is HTTPS
3664         https://bugs.webkit.org/show_bug.cgi?id=125806
3665         <rdar://problem/27331825>
3666
3667         Reviewed by Brady Eidson.
3668
3669         Fix based on a Blink change (patch by <tsepez@chromium.org>):
3670         <https://chromium.googlesource.com/chromium/blink/+/33e553bd96e040151c1472289a0d80803bfca3a5>
3671
3672         Test: http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html
3673
3674         * loader/cache/CachedResourceLoader.cpp:
3675         (WebCore::CachedResourceLoader::checkInsecureContent): Check the top-level frame's security state
3676         before allowing insecure scripts to be used.        
3677
3678 2016-07-15  Chris Dumez  <cdumez@apple.com>
3679
3680         Let the compiler generate QualifiedName copy constructor and assignment operator
3681         https://bugs.webkit.org/show_bug.cgi?id=159826
3682
3683         Reviewed by Alex Christensen.
3684
3685         Let the compiler generate QualifiedName copy constructor and assignment operator
3686         as our custom implementation does nothing special. This also makes QualifiedName
3687         movable as the compiler is now able to generate the move constructor / assignment
3688         operator as well.
3689
3690         * dom/QualifiedName.h:
3691         (WebCore::QualifiedName::QualifiedName): Deleted.
3692         (WebCore::QualifiedName::operator=): Deleted.
3693
3694 2016-07-15  Antonio Gomes  <tonikitoo@igalia.com>
3695
3696         ScrollView::setHasHorizontalScrollbar / setHasVerticalScrollbar duplicate their logic
3697         https://bugs.webkit.org/show_bug.cgi?id=159825
3698
3699         Patch introduces a (private) method to ScrollView
3700         to share the code/logic of setHas{Horizontal,Vertical}Scrollbar.
3701
3702         Reviewed by Simon Fraser.
3703
3704         No new tests needed.
3705
3706         * platform/ScrollView.cpp:
3707         (WebCore::ScrollView::setHasScrollbarInternal):
3708         (WebCore::ScrollView::setHasHorizontalScrollbar):
3709         (WebCore::ScrollView::setHasVerticalScrollbar):
3710         * platform/ScrollView.h:
3711
3712 2016-07-15  Frederic Wang  <fwang@igalia.com>
3713
3714         MathOperator: Improve alignment for vertical size variant
3715         https://bugs.webkit.org/show_bug.cgi?id=158866
3716
3717         Reviewed by Brent Fulgham.
3718
3719         The MathOperator class may stretch operators with either a large glyph or a glyph assembly.
3720         In the latter case, the assembly is adjusted to match the stretch ascent and descent
3721         requested by the callers. But in the former case the glyph ascent and descent are used
3722         instead. We solve this by making MathOperator::stretchTo only take a targetSize and let
3723         callers do the vertical alignment they want. This improves the rendering of fences with some
3724         math fonts (e.g. XITS) and allows to pass the two cases of mo-axis-height-1.html.
3725
3726         Test: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
3727
3728         * rendering/mathml/MathOperator.cpp:
3729         (WebCore::MathOperator::stretchTo): Merge vertical and horizontal stretching into the same
3730         function with only the targetSize as a parameter.
3731         * rendering/mathml/RenderMathMLOperator.cpp:
3732         (WebCore::RenderMathMLOperator::stretchTo): Updated to use the new signature.
3733         (WebCore::RenderMathMLOperator::verticalStretchedOperatorShift): Helper function to calculate
3734         the shift necessary to align the baseline of the MathOperator instance with the one of the
3735         RenderMathMLOperator.
3736         (WebCore::RenderMathMLOperator::firstLineBaseline): Adjust the baseline.
3737         * rendering/mathml/RenderMathMLOperator.h: Declare verticalStretchedOperatorShift.
3738         * rendering/mathml/RenderMathMLRoot.cpp:
3739         (WebCore::RenderMathMLRoot::layoutBlock): Use the new signature. This function aligns the top
3740         of the radical with the overbar so we do not need to adjust baseline alignment here.
3741
3742 2016-07-15  Brady Eidson  <beidson@apple.com>
3743
3744         WebKit should prevent push/replace state with username in URL.
3745         <rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818
3746
3747         Reviewed by Brent Fulgham.
3748
3749         Test: http/tests/security/history-username-password.html
3750
3751         * page/History.cpp:
3752         (WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.
3753
3754 2016-07-15  Ryan Haddad  <ryanhaddad@apple.com>
3755
3756         Unreviewed, rolling out r203266.
3757
3758         This change caused editing/deleting/delete-emoji.html to time
3759         out on El Capitan, crash under GuardMalloc
3760
3761         Reverted changeset:
3762
3763         "Support new emoji group candidates"
3764         https://bugs.webkit.org/show_bug.cgi?id=159755
3765         http://trac.webkit.org/changeset/203266
3766
3767 2016-07-15  Frederic Wang  <fwang@igalia.com>
3768
3769         Move parsing of mfrac attributes into a MathMLFractionElement class
3770         https://bugs.webkit.org/show_bug.cgi?id=159624
3771
3772         Reviewed by Brent Fulgham.
3773
3774         We move the parsing of mfrac attributes to a MathMLFractionElement class. This allows to
3775         minimize the updates in RenderMathMLFraction and to remove the alignment members. Many of
3776         the members in updateLayoutParameters are actually only used in layoutBlock and could be
3777         removed in a follow-up patch. We also improve the resolution of negative line thickness value
3778         since the MathML recommendation says it should be rounded up to the nearest valid
3779         value (which is zero) instead of ignoring the attribute and using the line thickness.
3780
3781         No new tests, already covered by existing tests.
3782
3783         * CMakeLists.txt: Add MathMLFractionElement.
3784         * WebCore.xcodeproj/project.pbxproj: Ditto.
3785         * mathml/MathMLAllInOne.cpp: Ditto.
3786         * mathml/MathMLFractionElement.cpp: Added.
3787         (WebCore::MathMLFractionElement::MathMLFractionElement):
3788         (WebCore::MathMLFractionElement::create):
3789         (WebCore::MathMLFractionElement::lineThickness): Return the cached linethickness length,
3790         parsing it again if it is dirty. This handles the special values "thin", "medium" and "thick"
3791         or fallback to the general parseMathMLLength for MathML lengths.
3792         (WebCore::MathMLFractionElement::cachedFractionAlignment): Return the cached alignment value,
3793         parsing it again if it is dirty.
3794         (WebCore::MathMLFractionElement::numeratorAlignment): Return the cached alignment.
3795         (WebCore::MathMLFractionElement::denominatorAlignment): Ditto.
3796         (WebCore::MathMLFractionElement::parseAttribute): Make attributes dirty.
3797         (WebCore::MathMLFractionElement::createElementRenderer): Create a RenderMathMLFraction.
3798         * mathml/MathMLFractionElement.h: Added.
3799         * mathml/MathMLInlineContainerElement.cpp: We no longer need to handle fraction here.
3800         (WebCore::MathMLInlineContainerElement::createElementRenderer):
3801         * mathml/mathtags.in: Use MathMLFractionElement for mfrac.
3802         * rendering/mathml/RenderMathMLFraction.cpp:
3803         (WebCore::RenderMathMLFraction::updateLayoutParameters): New helper function to set the
3804         layout parameters, replacing updateFromElement. We no longer parse and store the alignment
3805         values here. We also change the resolution of negative values.
3806         (WebCore::RenderMathMLFraction::horizontalOffset): Use the enum from MathMLFractionElement.
3807         (WebCore::RenderMathMLFraction::layoutBlock): We call updateLayoutParameters instead of
3808         updateFromElement. The numerator and denominator alignments are resolved here.
3809         (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Deleted. Parsing of alignment
3810         attribute is now handled in MathMLFractionElement.
3811         (WebCore::RenderMathMLFraction::updateFromElement): Deleted. Attribute changes are now
3812         handled in MathMLFractionElement.
3813         (WebCore::RenderMathMLFraction::styleDidChange): Deleted. Font changes are properly handled.
3814         * rendering/mathml/RenderMathMLFraction.h: Update declarations.
3815
3816 2016-07-15  Frederic Wang  <fwang@igalia.com>
3817
3818         Check whether font is nonnull for GlyphData instead of calling GlyphData::isValid()
3819         https://bugs.webkit.org/show_bug.cgi?id=159783
3820
3821         Reviewed by Brent Fulgham.
3822
3823         GlyphData::isValid() returns true for GlyphData with null 'font' pointer when the 'glyph'
3824         index is nonzero. This behavior is not expected by the MathML code and we have had crashes
3825         in our test suite in the past on Windows (e.g. bug 140653). We thus replace the call to
3826         GlyphData::isValid() with a stronger verification: Whether the 'font' pointer is nonzero.
3827
3828         No new tests, this only makes null pointer checks stronger.
3829
3830         * rendering/mathml/MathOperator.cpp:
3831         (WebCore::boundsForGlyph):
3832         (WebCore::advanceWidthForGlyph):
3833         (WebCore::MathOperator::getBaseGlyph):
3834         (WebCore::MathOperator::setSizeVariant):
3835         (WebCore::MathOperator::fillWithVerticalExtensionGlyph):
3836         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph):
3837         (WebCore::MathOperator::paintVerticalGlyphAssembly):
3838         (WebCore::MathOperator::paintHorizontalGlyphAssembly):
3839         (WebCore::MathOperator::paint):
3840         * rendering/mathml/RenderMathMLOperator.cpp:
3841         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
3842         * rendering/mathml/RenderMathMLToken.cpp:
3843         (WebCore::RenderMathMLToken::computePreferredLogicalWidths):
3844         (WebCore::RenderMathMLToken::firstLineBaseline):
3845         (WebCore::RenderMathMLToken::layoutBlock):
3846         (WebCore::RenderMathMLToken::paint):
3847         (WebCore::RenderMathMLToken::paintChildren):
3848
3849 2016-07-15  Frederic Wang  <fwang@igalia.com>
3850
3851         Add DejaVu Math TeX Gyre to the list of math fonts.
3852         https://bugs.webkit.org/show_bug.cgi?id=159805
3853
3854         Reviewed by Brent Fulgham.
3855
3856         DejaVu 2.36 has a new math font that can be used for MathML rendering. Because this font is
3857         likely to be installed on many systems (Linux, LibreOffice, etc) we include it in the default
3858         list of font-families in mathml.css in order to increase the chance to find a math font.
3859
3860         No new tests, it only affects rendering when DejaVu Math TeX Gyre is installed on the system.
3861
3862         * css/mathml.css:
3863         (math):
3864
3865 2016-07-15  Eric Carlson  <eric.carlson@apple.com>
3866
3867         [MSE] Increase the SourceBuffer "fudge factor"
3868         https://bugs.webkit.org/show_bug.cgi?id=159813
3869         <rdar://problem/27372033>
3870
3871         Reviewed by Jon Lee.
3872         
3873         Some media encoding/conversion pipelines are sloppy when doing sample time/timescale
3874         math, and the error accumulation results in small gaps in the media timeline. r202641
3875         increased the maximum allowable gap from 0.01 second to one 24fps frame, but it turns
3876         out that at least one large provider has a significant amount of content encoded with
3877         up to two 24fps frames.
3878
3879         No new tests, updated media/media-source/media-source-small-gap.html.
3880
3881         * Modules/mediasource/SourceBuffer.cpp:
3882         (WebCore::currentTimeFudgeFactor): Increase maximum gap to 2002 / 24000 frames.
3883
3884 2016-07-15  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
3885
3886         Add final keyword to WebCore/svg classes
3887         https://bugs.webkit.org/show_bug.cgi?id=159802
3888
3889         Reviewed by Youenn Fablet.
3890
3891         Updated classes in the WebCore/svg directory to be marked as final where appropriate.
3892
3893         * svg/SVGException.h:
3894         * svg/SVGLengthList.h:
3895         * svg/SVGMatrix.h:
3896         * svg/SVGNumberList.h:
3897         * svg/SVGPaint.h:
3898         * svg/SVGPathBuilder.h:
3899         * svg/SVGPathByteStreamBuilder.h:
3900         * svg/SVGPathByteStreamSource.h:
3901         * svg/SVGPathSegArcAbs.h:
3902         * svg/SVGPathSegArcRel.h:
3903         * svg/SVGPathSegClosePath.h:
3904         * svg/SVGPathSegCurvetoCubicAbs.h:
3905         * svg/SVGPathSegCurvetoCubicRel.h:
3906         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
3907         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
3908         * svg/SVGPathSegCurvetoQuadraticAbs.h:
3909         * svg/SVGPathSegCurvetoQuadraticRel.h:
3910         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
3911         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
3912         * svg/SVGPathSegLinetoAbs.h:
3913         * svg/SVGPathSegLinetoHorizontalAbs.h:
3914         * svg/SVGPathSegLinetoHorizontalRel.h:
3915         * svg/SVGPathSegLinetoRel.h:
3916         * svg/SVGPathSegLinetoVerticalAbs.h:
3917         * svg/SVGPathSegLinetoVerticalRel.h:
3918         * svg/SVGPathSegListBuilder.h:
3919         * svg/SVGPathSegListSource.h:
3920         * svg/SVGPathSegMovetoAbs.h:
3921         * svg/SVGPathSegMovetoRel.h:
3922         * svg/SVGPathStringSource.h:
3923         * svg/SVGPathTraversalStateBuilder.h:
3924         * svg/SVGPointList.h:
3925         * svg/SVGRenderingIntent.h:
3926         * svg/SVGStringList.h:
3927         * svg/SVGTRefElement.cpp:
3928         * svg/SVGToOTFFontConversion.cpp:
3929         * svg/SVGTransformList.h:
3930         * svg/SVGUnitTypes.h:
3931         * svg/SVGViewSpec.h:
3932         * svg/SVGZoomEvent.h:
3933         * svg/animation/SMILTimeContainer.h:
3934         * svg/animation/SVGSMILElement.cpp:
3935         * svg/graphics/filters/SVGFEImage.h:
3936         * svg/graphics/filters/SVGFilter.h:
3937         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
3938         * svg/properties/SVGAnimatedPropertyTearOff.h:
3939         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
3940         * svg/properties/SVGMatrixTearOff.h:
3941         * svg/properties/SVGPathSegListPropertyTearOff.h:
3942         * svg/properties/SVGStaticListPropertyTearOff.h:
3943         * svg/properties/SVGStaticPropertyTearOff.h:
3944         * svg/properties/SVGTransformListPropertyTearOff.h:
3945
3946 2016-07-15  Per Arne Vollan  <pvollan@apple.com>
3947
3948         Uninitialized variable in DIBPixelData can cause a dangerous memory write
3949         https://bugs.webkit.org/show_bug.cgi?id=159414
3950
3951         Reviewed by Brent Fulgham.
3952
3953         Initialize local BITMAP variable, in case the ::GetObject function that should initialize it
3954         fails to do so, because the bitmap handle is invalid.
3955
3956         Tests: Tools/TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp
3957
3958         * platform/graphics/win/DIBPixelData.cpp:
3959         (WebCore::DIBPixelData::initialize): Initialize local variable.
3960         (WebCore::DIBPixelData::setRGBABitmapAlpha): Return early if we have no bitmap.
3961         * platform/graphics/win/DIBPixelData.h: Link fix.
3962
3963 2016-07-14  Yoav Weiss  <yoav@yoav.ws>
3964
3965         Change CSSParser::sourceSize returning Optional<CSSParser::SourceSize>
3966         https://bugs.webkit.org/show_bug.cgi?id=159666
3967
3968         Reviewed by Michael Catanzaro.
3969
3970         Tests:
3971             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
3972
3973         * css/CSSGrammar.y.in: Avoid adding SourceSize to source_size_list when the value is a Nullopt.
3974         * css/CSSParser.cpp: