Speed up make process slightly by improving "list of files" idiom
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-25  Darin Adler  <darin@apple.com>
2
3         Speed up make process slightly by improving "list of files" idiom
4         https://bugs.webkit.org/show_bug.cgi?id=160164
5
6         Reviewed by Mark Lam.
7
8         * DerivedSources.make: Change rules that build lists of files to only run when
9         DerivedSources.make has been modified since the last time they were run. Since the
10         list of files are inside this file, this is safe, and this is faster than always
11         comparing and regenerating the file containing the list of files each time.
12
13 2016-07-24  Wenson Hsieh  <wenson_hsieh@apple.com>
14
15         The web process hangs when computing elements-based snap points for a container with large max scroll offset
16         https://bugs.webkit.org/show_bug.cgi?id=152605
17         <rdar://problem/25353661>
18
19         Reviewed by Simon Fraser.
20
21         Fixes a bug in the computation of axis snap points. The ScrollSnapPoints object, which tracks
22         snap points along a particular axis, has two flags, hasRepeat and usesElements. For elements-
23         based snapping, both flags would be turned on, since StyleBuilderConverter::convertScrollSnapPoints
24         short-circuits for elements-based snapping and does not default usesRepeat to false. To address this,
25         we make ScrollSnapPoints not repeat(100%) by default.
26
27         Test: css3/scroll-snap/scroll-snap-elements-container-larger-than-children.html
28
29         * css/StyleBuilderConverter.h:
30         (WebCore::StyleBuilderConverter::convertScrollSnapPoints): Deleted.
31         * rendering/style/StyleScrollSnapPoints.cpp:
32         (WebCore::ScrollSnapPoints::ScrollSnapPoints):
33
34 2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>
35
36         REGRESSION(r200931): Invalid cast in highestAncestorToWrapMarkup()
37         https://bugs.webkit.org/show_bug.cgi?id=160163
38
39         Reviewed by Michael Catanzaro.
40
41         Since r200931 the result of enclosingNodeOfType() in highestAncestorToWrapMarkup() is downcasted to Element, but
42         the result of enclosingNodeOfType() can be a Node that is not an Element, in this case is Text. The cast is not
43         needed at all since that node is passed to editingIgnoresContent() and selectionFromContentsOfNode() and both
44         receive a Node not an Element.
45
46         * editing/markup.cpp:
47         (WebCore::highestAncestorToWrapMarkup): Remove invalid cast.
48
49 2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>
50
51         [Coordinated Graphics] ASSERTION FAILED: m_coordinator->isFlushingLayerChanges() in fast/repaint/animation-after-layer-scroll.html
52         https://bugs.webkit.org/show_bug.cgi?id=160156
53
54         Reviewed by Michael Catanzaro.
55
56         So, we fixed an assertion in r203663, but now is hitting the next one. As explained in bug #160142, flush
57         compositing state can be triggered in tests by RenderLayerCompositor::layerTreeAsText(), without the coordinator
58         even noticing it, so the assert can be just removed.
59
60         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
61         (WebCore::CoordinatedGraphicsLayer::flushCompositingStateForThisLayerOnly): Remove incorrect assert.
62
63 2016-07-25  Zalan Bujtas  <zalan@apple.com>
64
65         EllipsisBox ctor's isVertical parameter should read isHorizontal.
66         https://bugs.webkit.org/show_bug.cgi?id=160153
67
68         Reviewed by Andreas Kling.
69
70         It indicates whether the ellipsis box is horizontal. (both the callsites
71         and the parent class use isHorizontal)
72
73         No change in functionality.
74
75         * rendering/EllipsisBox.cpp:
76         (WebCore::EllipsisBox::EllipsisBox):
77         * rendering/EllipsisBox.h:
78
79 2016-07-25  Sergio Villar Senin  <svillar@igalia.com>
80
81         [css-grid] Implement repeat(auto-fit)
82         https://bugs.webkit.org/show_bug.cgi?id=159771
83
84         Reviewed by Darin Adler.
85
86         The auto-fit keyword works exactly as the already implemented auto-fill except that all
87         empty tracks collapse (became 0px). Absolutely positioned items do not participate on the
88         layout of the grid so they are not considered (a grid with only absolutely positioned items
89         is considered an empty grid).
90
91         Whenever a track collapses the gutters on either side do also collapse. When a collapsed
92         track's gutters collapse, they coincide exactly. If one side of a collapsed track does not
93         have a gutter then collapsing its gutters results in no gutter on either "side" of the
94         collapsed track.
95
96         In practice this means that is not possible to know the gap between 2 consecutive auto
97         repeat tracks without examining some others whenever there are collapsed tracks.
98
99         Uncommented the auto-fit cases from Mozilla tests. They have to be adapted as the reftest
100         machinery requires all the content to be rendered in the original 800x600 viewport.
101
102         Tests: fast/css-grid-layout/grid-auto-fit-columns.html
103         fast/css-grid-layout/grid-auto-fit-rows.html
104         fast/css-grid-layout/mozilla/grid-repeat-auto-fill-fit-005-part-1.html
105         fast/css-grid-layout/mozilla/grid-repeat-auto-fill-fit-005-part-2.html
106
107         * css/CSSComputedStyleDeclaration.cpp:
108         (WebCore::valueForGridTrackList): Use the newly added trackSizesForComputedStyle().
109         * rendering/RenderGrid.cpp:
110         (WebCore::RenderGrid::computeTrackBasedLogicalHeight):
111         (WebCore::RenderGrid::computeTrackSizesForDirection):
112         (WebCore::RenderGrid::isEmptyAutoRepeatTrack):
113         (WebCore::RenderGrid::gridGapForDirection): Returns the gap directly from the style.
114         (WebCore::RenderGrid::guttersSize): Computes the gap between a startLine and an
115         endLine. This method may need to inspect some other surrounding tracks to compute the gap.
116         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
117         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
118         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
119         (WebCore::RenderGrid::gridTrackSize):
120         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
121         (WebCore::RenderGrid::computeAutoRepeatTracksCount):
122         (WebCore::RenderGrid::computeEmptyTracksForAutoRepeat): Returns a Vector with the auto
123         repeat tracks that are going to be collapsed because they're empty.
124         (WebCore::RenderGrid::placeItemsOnGrid):
125         (WebCore::RenderGrid::trackSizesForComputedStyle): Used by ComputedStyle logic to print the
126         size of tracks. Added in order to hide the actual contents of m_columnPositions and
127         m_rowPositions to the outter world.
128         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
129         (WebCore::RenderGrid::gridAreaBreadthForChild):
130         (WebCore::RenderGrid::populateGridPositionsForDirection): Added some extra code to compute
131         gaps as they cannot be directly added between tracks in case of having collapsed tracks.
132         (WebCore::RenderGrid::columnAxisOffsetForChild):
133         (WebCore::RenderGrid::rowAxisOffsetForChild):
134         (WebCore::RenderGrid::offsetBetweenTracks): Deleted.
135         * rendering/RenderGrid.h: Made some API private. Added new required methods/attributes.
136
137         * css/CSSComputedStyleDeclaration.cpp:
138         (WebCore::valueForGridTrackList):
139         * rendering/RenderGrid.cpp:
140         (WebCore::RenderGrid::computeTrackBasedLogicalHeight):
141         (WebCore::RenderGrid::computeTrackSizesForDirection):
142         (WebCore::RenderGrid::hasAutoRepeatEmptyTracks):
143         (WebCore::RenderGrid::isEmptyAutoRepeatTrack):
144         (WebCore::RenderGrid::gridGapForDirection):
145         (WebCore::RenderGrid::guttersSize):
146         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
147         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
148         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
149         (WebCore::RenderGrid::gridTrackSize):
150         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
151         (WebCore::RenderGrid::computeAutoRepeatTracksCount):
152         (WebCore::RenderGrid::computeEmptyTracksForAutoRepeat):
153         (WebCore::RenderGrid::placeItemsOnGrid):
154         (WebCore::RenderGrid::trackSizesForComputedStyle):
155         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
156         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):
157         (WebCore::RenderGrid::gridAreaBreadthForChild):
158         (WebCore::RenderGrid::populateGridPositionsForDirection):
159         (WebCore::RenderGrid::columnAxisOffsetForChild):
160         (WebCore::RenderGrid::rowAxisOffsetForChild):
161         (WebCore::RenderGrid::offsetBetweenTracks): Deleted.
162         * rendering/RenderGrid.h:
163
164 2016-07-24  Frederic Wang  <fwang@igalia.com>
165
166         Move parsing of display, displaystyle and mathvariant attributes into MathML element classes
167         https://bugs.webkit.org/show_bug.cgi?id=159623
168
169         Reviewed by Brent Fulgham.
170
171         No new tests, already covered by existing tests.
172
173         * mathml/MathMLElement.cpp:
174         (WebCore::MathMLElement::parseMathVariantAttribute): Move helper function to parse the
175         mathvariant attribute.
176         (WebCore::MathMLElement::getSpecifiedDisplayStyle): Helper function to set the displaystyle
177         value from the attribute specified on the MathML element.
178         (WebCore::MathMLElement::getSpecifiedMathVariant): Helper function to set the mathvariant
179         value from the attribute specified on the MathML element.
180         * mathml/MathMLElement.h: Move the enum for mathvariant values and declare new members.
181         (WebCore::MathMLElement::acceptsDisplayStyleAttribute): Indicate whether the element accepts
182         displaystyle attribute (false for most of them).
183         (WebCore::MathMLElement::acceptsMathVariantAttribute): Indicate whether the element accepts
184         mathvariant attribute (false for most of them).
185         * mathml/MathMLInlineContainerElement.cpp:
186         (WebCore::MathMLInlineContainerElement::acceptsDisplayStyleAttribute): Add mstyle and mtable
187         to the list of elements accepting the displaystyle attribute.
188         (WebCore::MathMLInlineContainerElement::acceptsMathVariantAttribute): Add mstyle to the list
189         of elements accepting the mathvariant attribute.
190         (WebCore::MathMLInlineContainerElement::parseAttribute): Mark displaystyle and mathvariant
191         dirty if necessary. Also use the new accepts*Attribute function.
192         * mathml/MathMLInlineContainerElement.h: Declare overridden accepts*Attribute members.
193         * mathml/MathMLMathElement.cpp:
194         (WebCore::MathMLMathElement::getSpecifiedDisplayStyle): Override acceptsDisplayStyleAttribute
195         so that the display attribute is also used to set the default value if the displaystyle
196         attribute is absent.
197         (WebCore::MathMLMathElement::parseAttribute): Mark displaystyle and mathvariant dirty if
198         necessary. We directly MathMLElement::parseAttribute to avoid duplicate work.
199         * mathml/MathMLMathElement.h: Add the math tag to the list of elements accepting the
200         displaystyle and mathvariant attributes. Declare overridden getSpecifiedDisplayStyle.
201         * mathml/MathMLTextElement.cpp:
202         (WebCore::MathMLTextElement::parseAttribute): Mark mathvariant as dirty.
203         * mathml/MathMLTextElement.h: Add token elements to the list of elements accepting the
204         mathvariant attribute.
205         * rendering/mathml/MathMLStyle.cpp:
206         (WebCore::MathMLStyle::updateStyleIfNeeded): Use the new MathMLElement::MathVariant enum.
207         (WebCore::MathMLStyle::resolveMathMLStyle):  We no longer parse the display value to
208         initialize the default value on the math tag, because this is handled in
209         getSpecifiedDisplayStyle. In general, we also just call getSpecifiedDisplayStyle and
210         getSpecifiedMathVariant on the MathML elements instead of parsing the displaystyle and
211         mathvariant attributes here.
212         (WebCore::MathMLStyle::parseMathVariant): Deleted. This is moved into MathMLElement.
213         * rendering/mathml/MathMLStyle.h: Use the new MathMLElement::MathVariant enum.
214         * rendering/mathml/RenderMathMLToken.cpp: Ditto.
215         (WebCore::mathVariant): Ditto.
216         (WebCore::RenderMathMLToken::updateMathVariantGlyph): Ditto.
217
218 2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>
219
220         Unreviewed. Remove unneeded header includes from CoordinatedGraphicsLayer.
221
222         Not only thjey are not needed, they are a layer violation, CoordinatedGraphicsLayer shouldn't know anything
223         about Page, Frame and FrameView.
224
225         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
226         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
227
228 2016-07-24  Youenn Fablet  <youenn@apple.com>
229
230         [Fetch API] Request should be created with any HeadersInit data
231         https://bugs.webkit.org/show_bug.cgi?id=159672
232
233         Reviewed by Sam Weinig.
234
235         Made Request use JSBuiltinConstructor.
236         This allows initializing newly created Request with a JS built-in function, initializeFetchRequest.
237         initializeFetchRequest can call @fillFetchHeaders internal built-in to handle any HeadersInit data.
238         Future effort should be made to migrate more initialization code in initializeFetchRequest.
239
240         Made window and worker fetch function as a JS built-in.
241         This becomes more handy as these new functions can construct the Request object.
242         They can then call a single private function that takes a Request object as input.
243         Updated DOMWindowFetch and WorkerGlobalScopeFetch code accordingly.
244
245         To enable this, the binding generator is updated to support runtime-enabled JS built-in functions and
246         private functions atttached to global objects.
247
248         Covered by existing and modified tests.
249         Binding generator test covered by updated binding tests.
250
251         * CMakeLists.txt: Adding DOMWindowFetch.js, FetchRequest.js and WorkerGlobalScopeFetch.js built-in files.
252         * DerivedSources.make: Ditto.
253         * Modules/fetch/DOMWindowFetch.cpp: Removed overloaded fetch and updated according new signature.
254         (WebCore::DOMWindowFetch::fetch):
255         * Modules/fetch/DOMWindowFetch.h: Ditto.
256         * Modules/fetch/DOMWindowFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
257         * Modules/fetch/DOMWindowFetch.js: Added.
258         (fetch):
259         * Modules/fetch/FetchHeaders.h:
260         (WebCore::FetchHeaders::setGuard): Used by FetchRequest when initializing headers.
261         * Modules/fetch/FetchRequest.cpp: 
262         (WebCore::buildHeaders): Removed as implemented in JS.
263         (WebCore::FetchRequest::initializeOptions): Added to handle most of the dictionary initialization.
264         (WebCore::FetchRequest::initializeWith): Method called from built-in constructor function.
265         (WebCore::FetchRequest::setBody): Corresponding to @setBody private method.
266         (WebCore::buildBody): Deleted.
267         * Modules/fetch/FetchRequest.h:
268         * Modules/fetch/FetchRequest.idl:
269         * Modules/fetch/FetchRequest.js: Added.
270         (initializeFetchRequest): Implements fetch Request(input, init) constructor.
271         * Modules/fetch/FetchResponse.cpp:
272         (WebCore::FetchResponse::fetch): Removed the construction of FetchRequest in fetch method since it is done by JS built-in code.
273         * Modules/fetch/FetchResponse.h:
274         * Modules/fetch/WorkerGlobalScopeFetch.cpp: Removed overloaded fetch and updated according new signature.
275         (WebCore::WorkerGlobalScopeFetch::fetch):
276         * Modules/fetch/WorkerGlobalScopeFetch.h: Ditto.
277         * Modules/fetch/WorkerGlobalScopeFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
278         * Modules/fetch/WorkerGlobalScopeFetch.js: Added.
279         (fetch):
280         * bindings/js/WebCoreBuiltinNames.h: Adding fetchRequest, setBody and Request private identifiers.
281         * bindings/scripts/CodeGenerator.pm:
282         (WK_lcfirst): Replacing dOM by dom.
283         * bindings/scripts/CodeGeneratorJS.pm:
284         (GenerateImplementation): Adding support for runtime-enabled built-in methods and private methods.
285         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
286         (WebCore::JSTestGlobalObject::finishCreation):
287         (WebCore::jsTestGlobalObjectInstanceFunctionTestPrivateFunction):
288         * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm:
289         (-[DOMTestGlobalObject testJSBuiltinFunction]):
290         * bindings/scripts/test/TestGlobalObject.idl: Adding tests for runtime-enabled global built-in methods and private methods.
291
292 2016-07-24  Nan Wang  <n_wang@apple.com>
293
294         AX: Video Controls: Volume cannot be adjusted using VO.
295         https://bugs.webkit.org/show_bug.cgi?id=160107
296
297         Reviewed by Dean Jackson.
298
299         The volume slider in video tag had 0.01 step which caused the screen reader adjusting it slowly.
300         Changed the step to 0.05 and added the aria-valuetext attribute to the slider, so that the value
301         is spoken in percentage. 
302
303         Test: accessibility/mac/video-volume-slider-accessibility.html
304
305         * Modules/mediacontrols/mediaControlsApple.js:
306         (Controller.prototype.createControls):
307         (Controller.prototype.handleVolumeSliderInput):
308         (Controller.prototype.updateVolume):
309
310 2016-07-24  David Kilzer  <ddkilzer@apple.com>
311
312         REGRESSION (r203106): Crash in WebCore::MathMLElement::parseMathMLLength()
313         <https://webkit.org/b/160111>
314         <rdar://problem/27506489>
315
316         Reviewed by Chris Dumez.
317
318         Test: mathml/mpadded-crash.html
319
320         * mathml/MathMLElement.cpp:
321         (WebCore::skipLeadingAndTrailingWhitespace): Change to take
322         StringView parameter instead of String to avoid creating a
323         temporary String that's released on return.
324
325 2016-07-24  Carlos Garcia Campos  <cgarcia@igalia.com>
326
327         [Coordinated Graphics] ASSERTION FAILED: !m_flushingLayers in fast/repaint/animation-after-layer-scroll.html
328         https://bugs.webkit.org/show_bug.cgi?id=160142
329
330         Reviewed by Michael Catanzaro.
331
332         This only happens in layout tests, because it happens when RenderLayerCompositor::layerTreeAsText() is
333         called. The thing is that CoordinatedGraphicsLayer::flushCompositingState() calls notifyFlushRequired() that
334         checks if the coordinator is flusing layers and if not it calls RenderLayerCompositor::notifyFlushRequired() and
335         returns early. This normally works because the coodinator is the one starting the layer flush, so that when
336         RenderLayerCompositor::flushPendingLayerChanges() is called the coordinator is always flusing layers. But
337         RenderLayerCompositor::layerTreeAsText() calls RenderLayerCompositor::flushPendingLayerChanges() directly, so at
338         that moment the coordinator is not flusing layers, what causes that
339         CoordinatedGraphicsLayer::flushCompositingState() ends up calling RenderLayerCompositor::notifyFlushRequired()
340         that schedules a new flush while flusing layers causing the
341         assertion. CoordinatedGraphicsLayer::flushCompositingState() is always called from
342         CompositingCoordinator::flushPendingLayerChanges() or RenderLayerCompositor::flushPendingLayerChanges() so we
343         never need to call RenderLayerCompositor::notifyFlushRequired() from there.
344
345         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
346         (WebCore::CoordinatedGraphicsLayer::notifyFlushRequired): This is void now since the return value is not checked anywhere.
347         (WebCore::CoordinatedGraphicsLayer::flushCompositingState): Remove the call to notifyFlushRequired().
348         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
349
350 2016-07-24  Darin Adler  <darin@apple.com>
351
352         Adding a new WebCore JavaScript built-in source file does not trigger rebuild of WebCoreJSBuiltins*
353         https://bugs.webkit.org/show_bug.cgi?id=160115
354
355         Reviewed by Youenn Fablet.
356
357         * DerivedSources.make: Added a missing dependency so the rule that builds WebCore_BUILTINS_WRAPPERS
358         kicks in when the list of WebCore_BUILTINS_SOURCES is modified. Also added another missing dependency
359         so that changes to the JavaScript built-ins Python scripts will also trigger WebCore_BUILTINS_WRAPPERS.
360
361         * make-generated-sources.sh: Removed. Was unused.
362
363 2016-07-23  Zalan Bujtas  <zalan@apple.com>
364
365         Stop isEmpty() from leaking out of SVG.
366         https://bugs.webkit.org/show_bug.cgi?id=160121
367
368         Reviewed by Simon Fraser.
369
370         It's unclear what isEmpty() actually means and it doesn't bring any value to Render* classes.
371
372         No change in functionality.
373
374         * editing/CompositeEditCommand.cpp:
375         (WebCore::CompositeEditCommand::addBlockPlaceholderIfNeeded):
376         * rendering/RenderElement.h:
377         * rendering/RenderListItem.cpp:
378         (WebCore::RenderListItem::isEmpty): Deleted.
379         * rendering/RenderListItem.h:
380         * rendering/RenderObject.h:
381         (WebCore::RenderObject::isEmpty): Deleted.
382         * rendering/RenderRubyRun.cpp:
383         (WebCore::RenderRubyRun::removeChild):
384         (WebCore::RenderRubyRun::isEmpty): Deleted.
385         * rendering/RenderRubyRun.h:
386         * rendering/mathml/RenderMathMLFenced.cpp:
387         (WebCore::RenderMathMLFenced::updateFromElement):
388         (WebCore::RenderMathMLFenced::addChild):
389         * rendering/mathml/RenderMathMLRoot.cpp:
390         (WebCore::RenderMathMLRoot::paint):
391         * rendering/svg/RenderSVGShape.h:
392
393 2016-07-23  Zalan Bujtas  <zalan@apple.com>
394
395         table*BorderAdjoiningCell and borderAdjoiningCell* should take reference instead of RenderTableCell*.
396         https://bugs.webkit.org/show_bug.cgi?id=160123
397
398         Reviewed by Simon Fraser.
399
400         No change in functionality.
401
402         * rendering/RenderTable.cpp:
403         (WebCore::RenderTable::tableStartBorderAdjoiningCell):
404         (WebCore::RenderTable::tableEndBorderAdjoiningCell):
405         * rendering/RenderTable.h:
406         * rendering/RenderTableCell.cpp:
407         (WebCore::RenderTableCell::computeCollapsedStartBorder):
408         (WebCore::RenderTableCell::computeCollapsedEndBorder):
409         * rendering/RenderTableCell.h:
410         (WebCore::RenderTableCell::borderAdjoiningCellBefore):
411         (WebCore::RenderTableCell::borderAdjoiningCellAfter):
412         * rendering/RenderTableCol.cpp:
413         (WebCore::RenderTableCol::borderAdjoiningCellStartBorder):
414         (WebCore::RenderTableCol::borderAdjoiningCellEndBorder):
415         (WebCore::RenderTableCol::borderAdjoiningCellBefore):
416         (WebCore::RenderTableCol::borderAdjoiningCellAfter):
417         * rendering/RenderTableCol.h:
418         * rendering/RenderTableRow.cpp:
419         (WebCore::RenderTableRow::borderAdjoiningStartCell):
420         (WebCore::RenderTableRow::borderAdjoiningEndCell):
421         * rendering/RenderTableRow.h:
422         * rendering/RenderTableSection.cpp:
423         (WebCore::RenderTableSection::borderAdjoiningStartCell):
424         (WebCore::RenderTableSection::borderAdjoiningEndCell):
425         * rendering/RenderTableSection.h:
426
427 2016-07-23  Zalan Bujtas  <zalan@apple.com>
428
429         Remove unused enum and stale comment from RenderObject.
430         https://bugs.webkit.org/show_bug.cgi?id=160122
431
432         Reviewed by Simon Fraser.
433
434         No change in functionality.
435
436         * rendering/RenderBox.h:
437
438 2016-07-23  Carlos Garcia Campos  <cgarcia@igalia.com>
439
440         [Coordinated Graphics] Lots of flaky tests
441         https://bugs.webkit.org/show_bug.cgi?id=160118
442
443         Reviewed by Michael Catanzaro.
444
445         Since the GTK+ ported to threaded compositor (coordinated graphics) there are a lot of flaky tests in the
446         bots. In manu of the cases the diff shows a different size in the FrameView layer.
447
448         This happens for tests run in the same WTR after fast/fixed-layout/fixed-layout.html. This is what happens:
449
450          1.- Test fast/fixed-layout/fixed-layout.html runs and sets fixed layout to true and fixed layout size to 400x400
451          2.- When it finishes TestController::resetStateToConsistentValues() is called.
452          3.- Blank URL is loaded after state has been updated
453          4.- Then Reset message is handled in the web process and Internals::resetToConsistentState() resets the fixed
454              layout state and size.
455          5.- onresize happens and the handler set in fast/fixed-layout/fixed-layout.html is invoked setting the fixed
456              layout to true and size to 400x400 again.
457          6.- about_blank is then loaded with the fixed layout enabled, as well as other tests after this one.
458
459         In addition to this, coordinated graphics uses a fixedVisibleContentRect in ScrollView that is never reset.
460
461         * platform/ScrollView.cpp:
462         (WebCore::ScrollView::unscaledVisibleContentSizeIncludingObscuredArea): Only use m_fixedVisibleContentRect when
463         fixed layout is enabled.
464         (WebCore::ScrollView::unscaledUnobscuredVisibleContentSize): Ditto.
465         (WebCore::ScrollView::visibleContentRectInternal): Ditto.
466         * testing/Internals.cpp:
467         (WebCore::Internals::resetToConsistentState): Reset also the m_fixedVisibleContentRect.
468
469 2016-07-23  Carlos Garcia Campos  <cgarcia@igalia.com>
470
471         [Coordinated Graphics] Test imported/blink/svg/custom/svg-image-layers-crash.html crashes
472         https://bugs.webkit.org/show_bug.cgi?id=160078
473
474         Reviewed by Michael Catanzaro.
475
476         This is a merge of Blink r155373.
477         https://chromiumcodereview.appspot.com/20789004
478
479         Disable accelerated compositing for SVGImage content layers. SVGImageChromeClient does not support it.
480
481         Fixes imported/blink/svg/custom/svg-image-layers-crash.html.
482
483         * svg/graphics/SVGImage.cpp:
484         (WebCore::SVGImage::dataChanged):
485
486 2016-07-23  Commit Queue  <commit-queue@webkit.org>
487
488         Unreviewed, rolling out r203641.
489         https://bugs.webkit.org/show_bug.cgi?id=160116
490
491         It broke make-based builds (Requested by youenn on #webkit).
492
493         Reverted changeset:
494
495         "[Fetch API] Request should be created with any HeadersInit
496         data"
497         https://bugs.webkit.org/show_bug.cgi?id=159672
498         http://trac.webkit.org/changeset/203641
499
500 2016-07-23  Youenn Fablet  <youenn@apple.com>
501
502         [Fetch API] Request should be created with any HeadersInit data
503         https://bugs.webkit.org/show_bug.cgi?id=159672
504
505         Reviewed by Sam Weinig.
506
507         Made Request use JSBuiltinConstructor.
508         This allows initializing newly created Request with a JS built-in function, initializeFetchRequest.
509         initializeFetchRequest can call @fillFetchHeaders internal built-in to handle any HeadersInit data.
510         Future effort should be made to migrate more initialization code in initializeFetchRequest.
511
512         Made window and worker fetch function as a JS built-in.
513         This becomes more handy as these new functions can construct the Request object.
514         They can then call a single private function that takes a Request object as input.
515         Updated DOMWindowFetch and WorkerGlobalScopeFetch code accordingly.
516
517         To enable this, the binding generator is updated to support runtime-enabled JS built-in functions and
518         private functions atttached to global objects.
519
520         Covered by existing and modified tests.
521         Binding generator test covered by updated binding tests.
522
523         * CMakeLists.txt: Adding DOMWindowFetch.js, FetchRequest.js and WorkerGlobalScopeFetch.js built-in files.
524         * DerivedSources.make: Ditto.
525         * Modules/fetch/DOMWindowFetch.cpp: Removed overloaded fetch and updated according new signature.
526         (WebCore::DOMWindowFetch::fetch):
527         * Modules/fetch/DOMWindowFetch.h: Ditto.
528         * Modules/fetch/DOMWindowFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
529         * Modules/fetch/DOMWindowFetch.js: Added.
530         (fetch):
531         * Modules/fetch/FetchHeaders.h:
532         (WebCore::FetchHeaders::setGuard): Used by FetchRequest when initializing headers.
533         * Modules/fetch/FetchRequest.cpp: 
534         (WebCore::buildHeaders): Removed as implemented in JS.
535         (WebCore::FetchRequest::initializeOptions): Added to handle most of the dictionary initialization.
536         (WebCore::FetchRequest::initializeWith): Method called from built-in constructor function.
537         (WebCore::FetchRequest::setBody): Corresponding to @setBody private method.
538         (WebCore::buildBody): Deleted.
539         * Modules/fetch/FetchRequest.h:
540         * Modules/fetch/FetchRequest.idl:
541         * Modules/fetch/FetchRequest.js: Added.
542         (initializeFetchRequest): Implements fetch Request(input, init) constructor.
543         * Modules/fetch/FetchResponse.cpp:
544         (WebCore::FetchResponse::fetch): Removed the construction of FetchRequest in fetch method since it is done by JS built-in code.
545         * Modules/fetch/FetchResponse.h:
546         * Modules/fetch/WorkerGlobalScopeFetch.cpp: Removed overloaded fetch and updated according new signature.
547         (WebCore::WorkerGlobalScopeFetch::fetch):
548         * Modules/fetch/WorkerGlobalScopeFetch.h: Ditto.
549         * Modules/fetch/WorkerGlobalScopeFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
550         * Modules/fetch/WorkerGlobalScopeFetch.js: Added.
551         (fetch):
552         * bindings/js/WebCoreBuiltinNames.h: Adding fetchRequest, setBody and Request private identifiers.
553         * bindings/scripts/CodeGenerator.pm:
554         (WK_lcfirst): Replacing dOM by dom.
555         * bindings/scripts/CodeGeneratorJS.pm:
556         (GenerateImplementation): Adding support for runtime-enabled built-in methods and private methods.
557         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
558         (WebCore::JSTestGlobalObject::finishCreation):
559         (WebCore::jsTestGlobalObjectInstanceFunctionTestPrivateFunction):
560         * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm:
561         (-[DOMTestGlobalObject testJSBuiltinFunction]):
562         * bindings/scripts/test/TestGlobalObject.idl: Adding tests for runtime-enabled global built-in methods and private methods.
563
564 2016-07-23  Frederic Wang  <fwang@igalia.com>
565
566         Reset font-style on the <math> element
567         https://bugs.webkit.org/show_bug.cgi?id=160074
568
569         Reviewed by Darin Adler.
570
571         Mathematical formulas with italic font-style render poorly (slanted operators, mathvariant
572         italic etc). We align on Gecko and make the user agent stylesheet reset the font-style to
573         'normal' by default. This addresses the concrete use case of formula inside theorem or
574         proposition statements, which are often written in italic.
575
576         Test: mathml/presentation/math-font-style.html
577
578         * css/mathml.css:
579         (math): Reset the font-style to normal.
580
581 2016-07-23  Frederic Wang  <fwang@igalia.com>
582
583         [MathML] PaintInfo state is not properly restored after applyTransform.
584         https://bugs.webkit.org/show_bug.cgi?id=160077
585
586         Reviewed by Simon Fraser.
587
588         PaintInfo::applyTransform modifies PaintInfo::rect and the original state is not properly
589         restored by GraphicsContextStateSaver. To avoid some weird rendering bugs in MathOperator
590         and RenderMathMLMenclose, we follow what is done in SVG renderers and make a copy of the
591         original PaintInfo before applying the transform.
592
593         Test: mathml/presentation/bug160077.html
594
595         * rendering/mathml/MathOperator.cpp:
596         (WebCore::MathOperator::paint):
597         * rendering/mathml/RenderMathMLMenclose.cpp:
598         (WebCore::RenderMathMLMenclose::paint):
599
600 2016-07-23  Youenn Fablet  <youenn@apple.com>
601
602         [Fetch API] Fetch response stream should enqueue Uint8Array
603         https://bugs.webkit.org/show_bug.cgi?id=160083
604
605         Reviewed by Sam Weinig.
606
607         Covered by updated tests.
608
609         Before enqueuing, ReadableStreamController::enqueue will convert ArrayBuffer as Uint8Array.
610         It also returns a boolean whether the operation is successful or not.
611
612         If returned value is false, calling code will stop loading or if everything is loaded it will refrain from closing the stream.
613         The enqueuing should be succesful except in OutOfMemory cases. This case is not yet handled in test cases.
614
615         Updated the code to remove templated enqueuing as Fetch has no use of it.
616
617         * Modules/fetch/FetchBody.cpp:
618         (WebCore::FetchBody::consumeAsStream): Do not close the stream if enqueuing failed.
619         * Modules/fetch/FetchBodyOwner.cpp:
620         (WebCore::FetchBodyOwner::blobChunk): Stop blob loading if enqueuing failed.
621         * Modules/fetch/FetchResponse.cpp:
622         (WebCore::FetchResponse::BodyLoader::didReceiveData): Stop resource loading if enqueuing failed.
623         (WebCore::FetchResponse::consumeBodyAsStream): Ditto.
624         * Modules/fetch/FetchResponseSource.h:
625         * bindings/js/ReadableStreamController.h:
626         (WebCore::ReadableStreamController::enqueue):
627         (WebCore::ReadableStreamController::enqueue<RefPtr<JSC::ArrayBuffer>>): Deleted.
628
629 2016-07-22  Youenn Fablet  <youenn@apple.com>
630
631         Use a private property to implement FetchResponse.body getter
632         https://bugs.webkit.org/show_bug.cgi?id=159808
633
634         Reviewed by Sam Weinig.
635
636         Covered by existing test sets.
637
638         Previously, body was handled as a CachedAttribute.
639         Using a private property will allow direct use of this property from JS built-ins which will allow easier
640         handling of ReadableStream cloning in Response.clone.
641         Also, this allows removing some binding custom code.
642
643         Updated redirect and error static methods to take NewObject keyword, as this removes a search into cached wrappers.
644         Ditto for createReadableStreamSource.
645
646         * CMakeLists.txt: Removing JSFetchResponseCustom.cpp.
647         * Modules/fetch/FetchResponse.idl: Adding createReadableStreamSource and isDisturbed private functions.
648         Making body getter a JSBuiltin.
649         * Modules/fetch/FetchResponse.js:
650         (body): Adding getter which will call createReadableStreamSource if needed.
651         * WebCore.xcodeproj/project.pbxproj: Removing JSFetchResponseCustom.cpp.
652         * bindings/js/JSFetchResponseCustom.cpp: Removed.
653         * bindings/js/ReadableStreamController.cpp:
654         (WebCore::createReadableStream): Deleted.
655         (WebCore::getReadableStreamReader): Deleted.
656         * bindings/js/ReadableStreamController.h: Removing unneeded ReadableStream helper routine now that they can be
657         handled within JS built-in code.
658         * bindings/js/WebCoreBuiltinNames.h: Adding @createReadableStreamSource, @isDisturbed  and @Response identifiers.
659
660 2016-07-22  Zalan Bujtas  <zalan@apple.com>
661
662         Handle cases when IOSurface initialization fails.
663         https://bugs.webkit.org/show_bug.cgi?id=160006
664         <rdar://problem/27495102>
665
666         Reviewed by Tim Horton and Simon Fraser.
667
668         This is an additional fix to r203514 to check if IOSurface initialization was successful.
669
670         Unable to test.
671
672         * platform/graphics/cg/ImageBufferCG.cpp:
673         (WebCore::ImageBuffer::ImageBuffer):
674         * platform/graphics/cocoa/IOSurface.h: Merge 2 c'tors.
675         * platform/graphics/cocoa/IOSurface.mm: Remove redundant IOSurface::create() code.  
676         (WebCore::IOSurface::create):
677         (WebCore::IOSurface::createFromImage):
678         (WebCore::IOSurface::IOSurface):
679         (WebCore::IOSurface::convertToFormat):
680
681 2016-07-22  Wenson Hsieh  <wenson_hsieh@apple.com>
682
683         Media controls should be displayed for media in media documents
684         https://bugs.webkit.org/show_bug.cgi?id=160104
685         <rdar://problem/27438936>
686
687         Reviewed by Myles C. Maxfield.
688
689         Make videos that would otherwise not have been large enough or have the right
690         aspect ratio cause media controls to appear. This is because media elements in
691         a media document are implied to be main content.
692
693         Added a new API test.
694
695         * html/MediaElementSession.cpp:
696         (WebCore::MediaElementSession::canControlControlsManager):
697
698 2016-07-22  Myles C. Maxfield  <mmaxfield@apple.com>
699
700         All dancers with bunny ears are female
701         https://bugs.webkit.org/show_bug.cgi?id=160102
702         <rdar://problem/27453479>
703
704         Reviewed by Simon Fraser.
705
706         In r203330 I added support for new emoji group candidates. I accidentally
707         missed one of the new emoji code points.
708
709         Tests: editing/deleting/delete-emoji.html:
710                fast/text/emoji-gender-2-9.html:
711                fast/text/emoji-gender-9.html:
712                fast/text/emoji-gender-fe0f-9.html:
713
714         * platform/text/CharacterProperties.h:
715         (WebCore::isEmojiGroupCandidate):
716
717 2016-07-22  Chris Dumez  <cdumez@apple.com>
718
719         Parameter to HTMLCollection.item() / namedItem() should be mandatory
720         https://bugs.webkit.org/show_bug.cgi?id=160099
721
722         Reviewed by Sam Weinig.
723
724         Parameter to HTMLCollection.item() / namedItem() should be mandatory:
725         - https://dom.spec.whatwg.org/#interface-htmlcollection
726         - https://html.spec.whatwg.org/multipage/infrastructure.html#htmlformcontrolscollection
727         - https://html.spec.whatwg.org/multipage/infrastructure.html#the-htmloptionscollection-interface
728
729         Firefox and Chrome agree with the specification.
730
731         No new tests, rebaselined existing tests.
732
733         * bindings/js/JSHTMLFormControlsCollectionCustom.cpp:
734         (WebCore::JSHTMLFormControlsCollection::namedItem):
735         * html/HTMLCollection.idl:
736         * html/HTMLFormControlsCollection.idl:
737         * html/HTMLOptionsCollection.idl:
738
739 2016-07-22  Chris Dumez  <cdumez@apple.com>
740
741         First parameter to Window.getComputedStyle() should be mandatory and non-nullable
742         https://bugs.webkit.org/show_bug.cgi?id=160097
743
744         Reviewed by Ryosuke Niwa.
745
746         First parameter to Window.getComputedStyle() should be mandatory and
747         non-nullable:
748         - https://drafts.csswg.org/cssom/#extensions-to-the-window-interface
749
750         Firefox and Chrome agree with the specification.
751
752         Test: fast/dom/Window/getComputedStyle-missing-parameter.html
753
754         * css/CSSComputedStyleDeclaration.cpp:
755         (WebCore::ComputedStyleExtractor::ComputedStyleExtractor):
756         (WebCore::CSSComputedStyleDeclaration::CSSComputedStyleDeclaration):
757         (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
758         (WebCore::CSSComputedStyleDeclaration::copyProperties):
759         (WebCore::CSSComputedStyleDeclaration::length):
760         (WebCore::CSSComputedStyleDeclaration::item):
761         (WebCore::CSSComputedStyleDeclaration::getPropertyValue):
762         * css/CSSComputedStyleDeclaration.h:
763         * dom/Document.idl:
764         * inspector/InspectorCSSAgent.cpp:
765         (WebCore::InspectorCSSAgent::getComputedStyleForNode):
766         * page/DOMWindow.cpp:
767         (WebCore::DOMWindow::getComputedStyle):
768         * page/DOMWindow.h:
769         * page/DOMWindow.idl:
770         * testing/Internals.cpp:
771         (WebCore::Internals::computedStyleIncludingVisitedInfo):
772         * testing/Internals.h:
773         * testing/Internals.idl:
774
775 2016-07-22  Brady Eidson  <beidson@apple.com>
776
777         Removing IndexedDatabases that have stored blobs doesn't remove the blob files.
778         https://bugs.webkit.org/show_bug.cgi?id=160089
779
780         Reviewed by Darin Adler.
781
782         Tested by API test IndexedDB.StoreBlobThenDelete.
783
784         Blob filenames exist in the IDB directory with the name "[0-9]+.blob".
785         
786         That is, one or more digits, followed by ".blob".
787         
788         So when we delete an IndexedDB.sqlite3 and related files, we should delete those blob files as well.
789         
790         * Modules/indexeddb/server/IDBServer.cpp:
791         (WebCore::IDBServer::removeAllDatabasesForOriginPath):
792
793 2016-07-22  Chris Dumez  <cdumez@apple.com>
794
795         Fix default parameter values for window.alert() / prompt() / confirm()
796         https://bugs.webkit.org/show_bug.cgi?id=160085
797
798         Reviewed by Ryosuke Niwa.
799
800         Fix default parameter values for window.alert() / prompt() / confirm() to
801         match the specification:
802         - https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
803
804         They should default to the empty string, not the string "undefined".
805
806         Firefox and chrome agree with the specification.
807
808         No new tests, updated existing test.
809
810         * page/DOMWindow.h:
811         * page/DOMWindow.idl:
812
813 2016-07-22  Daniel Bates  <dabates@apple.com>
814
815         CSP: object-src and plugin-types directives are not respected for plugin replacements
816         https://bugs.webkit.org/show_bug.cgi?id=159761
817         <rdar://problem/27365724>
818
819         Reviewed by Brent Fulgham.
820
821         Apply the Content Security Policy (CSP) object-src and plugin-types directives to content that will
822         load with a plugin replacement.
823
824         Tests: security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html
825                security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html
826                security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html
827                security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html
828                security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html
829                security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html
830                security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html
831                security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html
832
833         * html/HTMLPlugInImageElement.cpp:
834         (WebCore::HTMLPlugInImageElement::allowedToLoadPluginContent): Added.
835         (WebCore::HTMLPlugInImageElement::requestObject): Only request loading plugin content if we
836         are allowed to load such content.
837         * html/HTMLPlugInImageElement.h:
838         * loader/SubframeLoader.cpp:
839         (WebCore::SubframeLoader::pluginIsLoadable): Removed code to check CSP as we will check CSP
840         earlier in HTMLPlugInImageElement::requestObject().
841         (WebCore::SubframeLoader::requestPlugin): Ditto.
842         (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Deleted; moved implementation
843         to HTMLPlugInImageElement::allowedToLoadPluginContent().
844         (WebCore::SubframeLoader::requestObject): Deleted.
845         * loader/SubframeLoader.h:
846         * page/csp/ContentSecurityPolicy.cpp:
847         (WebCore::ContentSecurityPolicy::upgradeInsecureRequestIfNeeded): Changed signature from a non-const
848         function to a const function since these functions do not modify |this|.
849         * page/csp/ContentSecurityPolicy.h: 
850
851 2016-07-22  Chris Dumez  <cdumez@apple.com>
852
853         Parameters to Node.replaceChild() / insertBefore() should be mandatory
854         https://bugs.webkit.org/show_bug.cgi?id=160091
855
856         Reviewed by Darin Adler.
857
858         Parameters to Node.replaceChild() / insertBefore() should be mandatory:
859         - https://dom.spec.whatwg.org/#node
860
861         The compatibility risk should be low since Firefox and Chrome both agree
862         with the specification and because it does not make much sense to omit
863         parameters when using this API.
864
865         No new tests, rebaselined existing tests.
866
867         * bindings/js/JSNodeCustom.cpp:
868         (WebCore::JSNode::insertBefore):
869         (WebCore::JSNode::replaceChild):
870
871 2016-07-22  Chris Dumez  <cdumez@apple.com>
872
873         Parameter to Node.contains() should be mandatory
874         https://bugs.webkit.org/show_bug.cgi?id=160084
875
876         Reviewed by Darin Adler.
877
878         Parameter to Node.contains() should be mandatory as per the
879         specification:
880         - https://dom.spec.whatwg.org/#node
881
882         The compatibility risk should be low because both Firefox and Chrome
883         both agree with the specification. Also, it does not make much sense
884         to call this API without parameter.
885
886         No new tests, rebaselined existing tests.
887
888         * dom/Node.idl:
889
890 2016-07-22  Said Abou-Hallawa  <sabouhallawa@apple.com>
891
892         [iOS] REGRESSION(203378): PDFDocumentImage::updateCachedImageIfNeeded() uses the unscaled size when deciding whether to cache the PDF image
893         https://bugs.webkit.org/show_bug.cgi?id=159933
894
895         Reviewed by Simon Fraser.
896
897         We need to use the scaled size when deciding whether to cache the PDF image
898         or not. This is because ImageBuffer takes the display resolution into account
899         which gives higher resolution for the image when zooming.
900
901         * platform/graphics/cg/PDFDocumentImage.cpp:
902         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
903
904 2016-07-22  Chris Dumez  <cdumez@apple.com>
905
906         First parameter to getElementById() should be mandatory
907         https://bugs.webkit.org/show_bug.cgi?id=160087
908
909         Reviewed by Darin Adler.
910
911         First parameter to getElementById() should be mandatory:
912         - https://dom.spec.whatwg.org/#nonelementparentnode
913         - https://www.w3.org/TR/SVG/struct.html#InterfaceSVGSVGElement
914
915         Both Firefox and Chrome agree with the specification.
916
917         Test: svg/dom/SVGSVGElement-getElementById.html
918
919         * dom/NonElementParentNode.idl:
920         * svg/SVGSVGElement.idl:
921
922 2016-07-22  Chris Dumez  <cdumez@apple.com>
923
924         Parameter to Node.lookupPrefix() / lookupNamespaceURI() / isDefaultNamespace() should be mandatory
925         https://bugs.webkit.org/show_bug.cgi?id=160086
926
927         Reviewed by Darin Adler.
928
929         Parameter to Node.lookupPrefix() / lookupNamespaceURI() / isDefaultNamespace()
930         should be mandatory:
931         - https://dom.spec.whatwg.org/#node
932
933         Firefox and Chrome both agree with the specification.
934
935         No new tests, rebaselined existing tests.
936
937         * dom/Node.idl:
938
939 2016-07-22  Chris Dumez  <cdumez@apple.com>
940
941         Parameter to Node.compareDocumentPosition() should be mandatory and non-nullable
942         https://bugs.webkit.org/show_bug.cgi?id=160071
943
944         Reviewed by Ryosuke Niwa.
945
946         
947         Parameter to Node.compareDocumentPosition() should be mandatory and
948         non-nullable:
949         - https://dom.spec.whatwg.org/#interface-node
950
951         Firefox and Chrome agree with the specification so the compatibility
952         risk should be low. Also, it does not make much sense to call this
953         operation without parameter.
954
955         No new tests, rebaselined existing tests.
956
957         * accessibility/AccessibilityObject.cpp:
958         (WebCore::rangeClosestToRange):
959         * dom/AuthorStyleSheets.cpp:
960         (WebCore::AuthorStyleSheets::addStyleSheetCandidateNode):
961         * dom/Node.cpp:
962         (WebCore::compareDetachedElementsPosition):
963         (WebCore::Node::compareDocumentPosition):
964         * dom/Node.h:
965         * dom/Node.idl:
966         * dom/Position.h:
967         (WebCore::operator<):
968         * html/HTMLFormElement.cpp:
969         (WebCore::HTMLFormElement::formElementIndexWithFormAttribute):
970         (WebCore::HTMLFormElement::formElementIndex):
971         * rendering/RenderNamedFlowThread.cpp:
972         (WebCore::RenderNamedFlowThread::nextRendererForElement):
973         (WebCore::compareRenderNamedFlowFragments):
974         (WebCore::RenderNamedFlowThread::registerNamedFlowContentElement):
975
976 2016-07-22  Konstantin Tokarev  <annulen@yandex.ru>
977
978         [cmake] Removed obsolete plugins/win directory
979         https://bugs.webkit.org/show_bug.cgi?id=160081
980
981         Reviewed by Per Arne Vollan.
982
983         It was removed in r178219.
984
985         No new tests needed.
986
987         * PlatformWin.cmake:
988
989 2016-07-22  Youenn Fablet  <youenn@apple.com>
990
991         run-builtins-generator-tests should be able to test WebCore builtins wrapper with more than one file
992         https://bugs.webkit.org/show_bug.cgi?id=159921
993
994         Reviewed by Brian Burg.
995
996         Covered by existing and added built-ins tests.
997
998         Updating built system according ---wrappers-only new meaning.
999         builtin generator is now called for each individual built-in file plus once for WebCore wrapper files.
1000         WebCore wrapper files allow handling things like conditionally guarded features.
1001         They also remove the need to use built-ins macros outside generated code.
1002
1003         * CMakeLists.txt:
1004         * DerivedSources.make:
1005
1006 2016-07-21  Frederic Wang  <fwang@igalia.com>
1007
1008         Move parsing of accentunder and accent attributes from renderer to element classes
1009         https://bugs.webkit.org/show_bug.cgi?id=159625
1010
1011         Reviewed by Brent Fulgham.
1012
1013         We introduce a new MathMLUnderOverElement that is used for elements munder, mover and
1014         munderover in order to create RenderMathMLUnderOver and parse and expose the values of the
1015         accent and accentunder attributes. This is one more step toward moving MathML attribute
1016         parsing to the DOM (bug 156536). We also do minor clean-up for this and previous renderer
1017         classes that no longer do attribute parsing: the MathMLNames namespace is no longer necessary
1018         and constructors can take a more accurate element type.
1019
1020         No new tests, already covered by existing test.
1021
1022         * CMakeLists.txt: Add MathMLUnderOverElement files.
1023         * WebCore.xcodeproj/project.pbxproj: Ditto.
1024         * mathml/MathMLAllInOne.cpp: Ditto.
1025         * mathml/MathMLElement.cpp:
1026         (WebCore::MathMLElement::cachedBooleanAttribute): Add parsing of boolean attributes.
1027         * mathml/MathMLElement.h: New type and helper functions for boolean attributes.
1028         * mathml/MathMLInlineContainerElement.cpp:
1029         (WebCore::MathMLInlineContainerElement::createElementRenderer): Remove handling of
1030         under/over/underover elements.
1031         * mathml/MathMLScriptsElement.cpp:
1032         (WebCore::MathMLScriptsElement::MathMLScriptsElement): Remove inline keyword to avoid link
1033         errors now that MathMLUnderOverElement overrides that class.
1034         * mathml/MathMLScriptsElement.h: Allow MathMLUnderOverElement to override this class.
1035         * mathml/MathMLUnderOverElement.cpp:
1036         (WebCore::MathMLUnderOverElement::MathMLUnderOverElement):
1037         (WebCore::MathMLUnderOverElement::create):
1038         (WebCore::MathMLUnderOverElement::accent): Helper function to access the accent value.
1039         (WebCore::MathMLUnderOverElement::accentUnder): Helper function to access the accentunder value.
1040         (WebCore::MathMLUnderOverElement::parseAttribute): Make accent and accentunder dirty.
1041         (WebCore::MathMLUnderOverElement::createElementRenderer): Create RenderMathMLUnderOver
1042         * mathml/MathMLUnderOverElement.h:
1043         * mathml/mathtags.in: Map under/over/underover to MathMLUnderOverElement.
1044         * rendering/mathml/RenderMathMLFraction.cpp: Remove MathMLNames and make the constructor
1045         take a MathMLFractionElement.
1046         (WebCore::RenderMathMLFraction::RenderMathMLFraction):
1047         * rendering/mathml/RenderMathMLFraction.h:
1048         * rendering/mathml/RenderMathMLPadded.cpp: Remove MathMLNames and make the constructor
1049         take a MathMLPaddedElement.
1050         (WebCore::RenderMathMLPadded::RenderMathMLPadded):
1051         * rendering/mathml/RenderMathMLPadded.h:
1052         * rendering/mathml/RenderMathMLScripts.cpp: Remove MathMLNames and make the constructor
1053         take a MathMLScriptsElement. Also rename scriptsElement() to element().
1054         (WebCore::RenderMathMLScripts::RenderMathMLScripts):
1055         (WebCore::RenderMathMLScripts::element):
1056         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
1057         (WebCore::RenderMathMLScripts::scriptsElement): Deleted.
1058         * rendering/mathml/RenderMathMLScripts.h:
1059         * rendering/mathml/RenderMathMLUnderOver.cpp: Remove MathMLNames and make the constructor
1060         take a RenderMathMLUnderOver.
1061         (WebCore::RenderMathMLUnderOver::RenderMathMLUnderOver):
1062         (WebCore::RenderMathMLUnderOver::element):
1063         (WebCore::RenderMathMLUnderOver::hasAccent): Use the helper functions for accent and accentunder.
1064         * rendering/mathml/RenderMathMLUnderOver.h:
1065
1066 2016-07-21  Chris Dumez  <cdumez@apple.com>
1067
1068         Parameter to Node.isSameNode() / isEqualNode() should be mandatory
1069         https://bugs.webkit.org/show_bug.cgi?id=160070
1070
1071         Reviewed by Ryosuke Niwa.
1072
1073         Parameter to Node.isSameNode() / isEqualNode() should be mandatory as
1074         per the specification:
1075         - https://dom.spec.whatwg.org/#interface-node
1076
1077         Chrome and Firefox agree with the specification (although Firefox does
1078         not support isSameNode()).
1079
1080         No new tests, rebaselined existing tests.
1081
1082         * dom/Node.idl:
1083
1084 2016-07-21  Chris Dumez  <cdumez@apple.com>
1085
1086         Parameter to Document.createEvent() should be mandatory
1087         https://bugs.webkit.org/show_bug.cgi?id=160065
1088
1089         Reviewed by Darin Adler.
1090
1091         Parameter to Document.createEvent() should be mandatory as per the
1092         specification:
1093         - https://dom.spec.whatwg.org/#document
1094
1095         We already throw anyway when the parameter is omitted because we use
1096         "undefined" as event type, which is invalid. However, we throw the
1097         wrong exception.
1098
1099         Firefox and Chrome agree with the specification here.
1100
1101         No new tests, rebaselined existing tests.
1102
1103         * dom/Document.idl:
1104
1105 2016-07-21  Brian Burg  <bburg@apple.com>
1106
1107         REGRESSION(r62549): Objective-C DOM bindings sometimes fail to regenerate when CodeGenerator.pm is modified
1108         https://bugs.webkit.org/show_bug.cgi?id=160031
1109
1110         Reviewed by Darin Adler.
1111
1112         This bug was caused by a refactoring 6 years ago. Not all uses of a variable
1113         were renamed, so the ObjC bindings target pattern was not specifying any
1114         build scripts as target dependencies.
1115
1116         * DerivedSources.make: Standardize on {COMMON,JS,DOM}_BINDINGS_SCRIPTS.
1117
1118 2016-07-21  Darin Adler  <darin@apple.com>
1119
1120         Remove unneeded content attribute name "playsinline"
1121         https://bugs.webkit.org/show_bug.cgi?id=160069
1122
1123         Reviewed by Chris Dumez.
1124
1125         * html/HTMLVideoElement.idl: Removed explicit content attribute name on Reflect
1126         attribute since it is the same as the name that the code generator will generate.
1127
1128 2016-07-21  Chris Dumez  <cdumez@apple.com>
1129
1130         Make parameters to Element.getElementsBy*() operations mandatory
1131         https://bugs.webkit.org/show_bug.cgi?id=160060
1132
1133         Reviewed by Darin Adler.
1134
1135         Make parameters to Element.getElementsBy*() operations mandatory to
1136         match the specification:
1137         - https://dom.spec.whatwg.org/#interface-element
1138
1139         Firefox and Chrome agree with the specification so the compatibility
1140         risk should be low.
1141
1142         It makes very little sense to call these operations without parameter,
1143         especially considering WebKit uses the string "undefined" if the
1144         parameter is omitted.
1145
1146         No new tests, rebaselined existing tests.
1147
1148         * dom/Element.idl:
1149
1150 2016-07-21  Chris Dumez  <cdumez@apple.com>
1151
1152         Make parameters mandatory for attribute-related API on Element
1153         https://bugs.webkit.org/show_bug.cgi?id=160059
1154
1155         Reviewed by Ryosuke Niwa.
1156
1157         Make parameters mandatory for attribute-related API on Element to match
1158         the specification:
1159         - https://dom.spec.whatwg.org/#element
1160
1161         Firefox and Chrome agree with the specification. Calling this API
1162         without the parameters does not make much sense, especially considering
1163         WebKit uses the string "undefined" when the parameter is omitted.
1164
1165         No new tests, rebaselined existing tests.
1166
1167         * dom/Element.idl:
1168
1169 2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>
1170
1171         Remove support for deprecated SPI inlineMediaPlaybackRequiresPlaysInlineAttribute
1172         https://bugs.webkit.org/show_bug.cgi?id=160066
1173
1174         Reviewed by Dean Jackson.
1175
1176         r203520 deprecated inlineMediaPlaybackRequiresPlaysInlineAttribute in favor of
1177         allowsInlineMediaPlaybackWithPlaysInlineAttribute and
1178         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute. The old
1179         inlineMediaPlaybackRequiresPlaysInlineAttribute is SPI and was never released
1180         to the public. Therefore, it can be removed safely.
1181
1182         No new tests because there is no behavior change.
1183
1184         * page/Settings.cpp:
1185         * page/Settings.in:
1186         * testing/InternalSettings.cpp:
1187         (WebCore::InternalSettings::Backup::Backup): Deleted.
1188         (WebCore::InternalSettings::Backup::restoreTo): Deleted.
1189         (WebCore::InternalSettings::setInlineMediaPlaybackRequiresPlaysInlineAttribute): Deleted.
1190         * testing/InternalSettings.h:
1191         * testing/InternalSettings.idl:
1192
1193 2016-07-21  Dean Jackson  <dino@apple.com>
1194
1195         REGRESSION (r202927): The internal size of the ImageBuffer is scaled twice by the context scaleFactor
1196         https://bugs.webkit.org/show_bug.cgi?id=159981
1197         <rdar://problem/27429465>
1198
1199         Reviewed by Myles Maxfield.
1200
1201         The change to propagate color spaces through ImageBuffers created an
1202         alternate version of createCompatibleBuffer. This version accidentally
1203         attempted to take the display resolution (i.e. hidpi) into account
1204         when creating the buffer, which meant it was being applied twice.
1205
1206         The fix is simply to remove that logic. The caller of the method
1207         will take the resolution into account, the same way they did
1208         with the old createCompatibleBuffer method.
1209
1210         Test: fast/hidpi/pdf-image-scaled.html
1211
1212         * platform/graphics/cg/ImageBufferCG.cpp:
1213         (WebCore::ImageBuffer::createCompatibleBuffer): Don't calculate
1214         a resolution - just use the value of 1.0.
1215
1216 2016-07-21  John Wilander  <wilander@apple.com>
1217
1218         Block mixed content synchronous XHR
1219         https://bugs.webkit.org/show_bug.cgi?id=105462
1220         <rdar://problem/13666424>
1221
1222         Reviewed by Brent Fulgham.
1223
1224         Test: http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame.html
1225
1226         * loader/DocumentThreadableLoader.cpp:
1227         (WebCore::DocumentThreadableLoader::loadRequest):
1228
1229 2016-07-21  Chris Dumez  <cdumez@apple.com>
1230
1231         Make parameters to Document.getElementsBy*() operations mandatory
1232         https://bugs.webkit.org/show_bug.cgi?id=160050
1233
1234         Reviewed by Daniel Bates.
1235
1236         Make parameters to Document.getElementsBy*() operations mandatory to
1237         match the specification:
1238         - https://dom.spec.whatwg.org/#interface-document
1239
1240         Firefox and Chrome agree with the specification so the compatibility
1241         risk should be low.
1242
1243         It makes very little sense to call these operations without parameter,
1244         especially considering WebKit uses the string "undefined" if the
1245         parameter is omitted.
1246
1247         No new tests, rebaselined existing tests.
1248
1249         * dom/Document.idl:
1250
1251 2016-07-21  Nan Wang  <n_wang@apple.com>
1252
1253         AX: aria-label not being used correctly in accessible name calculation of heading
1254         https://bugs.webkit.org/show_bug.cgi?id=160009
1255
1256         Reviewed by Chris Fleizach.
1257
1258         Actually we are exposing the correct information for heading objects. On macOS, 
1259         VoiceOver should handle the logic that picks the right information to speak.
1260         On iOS, VoiceOver is speaking the static text child instead of the heading object.
1261         So we should set the accessibilityLabel of the static text based on the parent's 
1262         alternate label.
1263
1264         Test: accessibility/ios-simulator/heading-with-aria-label.html
1265
1266         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
1267         (-[WebAccessibilityObjectWrapper _accessibilityTraitsFromAncestors]):
1268
1269 2016-07-21  Saam Barati  <sbarati@apple.com>
1270
1271         op_add/ValueAdd should be an IC in all JIT tiers
1272         https://bugs.webkit.org/show_bug.cgi?id=159649
1273
1274         Reviewed by Benjamin Poulain.
1275
1276         * ForwardingHeaders/jit/JITMathICForwards.h: Added.
1277
1278 2016-07-21  Chris Dumez  <cdumez@apple.com>
1279
1280         Make parameters mandatory for Document.create*() operations
1281         https://bugs.webkit.org/show_bug.cgi?id=160047
1282
1283         Reviewed by Ryosuke Niwa.
1284
1285         Make parameters mandatory for Document.create*() operations:
1286         createTextNode(), createComment(), createCDataSection(),
1287         createAttribute() and createProcessingInstruction().
1288
1289         This matches the specification:
1290         - https://dom.spec.whatwg.org/#interface-document
1291
1292         Firefox and Chrome both agree with the specification so the
1293         compatibility risk should be low. Also WebKit uses the string
1294         "undefined" when the parameter is omitted, which is not very
1295         helpful.
1296
1297         No new tests, rebaselined existing tests.
1298
1299         * dom/Document.idl:
1300
1301 2016-07-21  Chris Dumez  <cdumez@apple.com>
1302
1303         Fix null handling of SVGAngle/SVGLength.valueAsString attribute
1304         https://bugs.webkit.org/show_bug.cgi?id=160025
1305
1306         Reviewed by Ryosuke Niwa.
1307
1308         Fix null handling of SVGAngle/SVGLength.valueAsString attribute
1309         to match the specification:
1310         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGAngle
1311         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGLength
1312
1313         In particular, this patch drops [TreatNullAs=EmptyString] IDL
1314         extended attribute from this attribute. This is not supposed
1315         to change behavior given that both "" and "null" are invalid
1316         numbers and the specification says to throw a SYNTAX_ERR in
1317         this case.
1318
1319         However, WebKit currently ignores assignments to "" instead
1320         of throwing. As a result, assigning to null will now throw
1321         instead of being ignored. The compatibility risk should be
1322         low because both Firefox and Chrome throw when assigning
1323         null.
1324
1325         I did not change the behavior when assigning to "" because
1326         it is a bit out of scope for this patch and browsers to not
1327         seem to agree:
1328         - Firefox throws
1329         - Chrome set value to "0"
1330         - WebKit ignores the assignment
1331
1332         The specification seems to agree with Firefox as far as I
1333         can tell given that "" is not a valid number as per:
1334         - https://www.w3.org/TR/css3-values/#numbers
1335
1336         Test: svg/dom/valueAsString-null.html
1337
1338         * svg/SVGAngle.idl:
1339         * svg/SVGLength.idl:
1340
1341 2016-07-21  Chris Dumez  <cdumez@apple.com>
1342
1343         Fix null handling of HTMLFontElement.color
1344         https://bugs.webkit.org/show_bug.cgi?id=160036
1345
1346         Reviewed by Ryosuke Niwa.
1347
1348         Fix null handling of HTMLFontElement.color to match the specification:
1349         - https://html.spec.whatwg.org/#htmlfontelement
1350
1351         We are supposed to treat null as the empty string. Both Firefox and
1352         Chrome agree with the specification.
1353
1354         No new tests, rebaselined existing tests.
1355
1356         * html/HTMLFontElement.idl:
1357
1358 2016-07-21  Chris Dumez  <cdumez@apple.com>
1359
1360         Fix null handling for several HTMLTableElement attributes
1361         https://bugs.webkit.org/show_bug.cgi?id=160041
1362
1363         Reviewed by Ryosuke Niwa.
1364
1365         Fix null handling for several HTMLTableElement attributes to match the
1366         specification:
1367         - https://html.spec.whatwg.org/#HTMLTableElement-partial
1368
1369         The attributes in question are 'bicolor', 'cellSpacing' and
1370         'cellPadding'. We are supposed to treat null as the empty string for
1371         these attributes.
1372
1373         Firefox and Chrome both agree with the specification.
1374
1375         No new tests, rebaselined existing tests.
1376
1377         * html/HTMLTableElement.idl:
1378
1379 2016-07-21  Chris Dumez  <cdumez@apple.com>
1380
1381         Fix null handling for HTMLObjectElement.border
1382         https://bugs.webkit.org/show_bug.cgi?id=160040
1383
1384         Reviewed by Ryosuke Niwa.
1385
1386         Fix null handling for HTMLObjectElement.border to match the specification:
1387         - https://html.spec.whatwg.org/#HTMLObjectElement-partial
1388
1389         We are supposed to treat null as the empty string.
1390
1391         Both Firefox and Chrome agree with the specification.
1392
1393         No new tests, rebaselined existing tests.
1394
1395         * html/HTMLObjectElement.idl:
1396
1397 2016-07-21  Chris Dumez  <cdumez@apple.com>
1398
1399         Fix null handling for td.bgColor / tr.bgColor
1400         https://bugs.webkit.org/show_bug.cgi?id=160043
1401
1402         Reviewed by Ryosuke Niwa.
1403
1404         Fix null handling for td.bgColor / tr.bgColor to match the
1405         specification:
1406         - https://html.spec.whatwg.org/#HTMLTableCellElement-partial
1407         - https://html.spec.whatwg.org/#HTMLTableRowElement-partial
1408
1409         We are supposed to treat null as the empty string.
1410
1411         Firefox and Chrome both agree with the specification.
1412
1413         No new tests, rebaselined existing tests.
1414
1415         * html/HTMLTableCellElement.idl:
1416         * html/HTMLTableRowElement.idl:
1417
1418 2016-07-21  Chris Dumez  <cdumez@apple.com>
1419
1420         Fix null handling for several HTMLBodyElement attributes
1421         https://bugs.webkit.org/show_bug.cgi?id=160044
1422
1423         Reviewed by Ryosuke Niwa.
1424
1425         Fix null handling for several HTMLBodyElement attributes to match the
1426         specification:
1427         - https://html.spec.whatwg.org/#HTMLBodyElement-partial
1428
1429         The attributes in question are: 'text', 'link', 'vlink', 'alink' and
1430         'bgcolor'.
1431
1432         We are supposed to treat null as the empty string for these attributes.
1433
1434         Firefox and Chrome both agree with the specification.
1435
1436         No new tests, rebaselined existing tests.
1437
1438         * html/HTMLBodyElement.idl:
1439
1440 2016-07-21  Chris Dumez  <cdumez@apple.com>
1441
1442         Fix null handling for HTMLIFrameElement.marginWidth / marginHeight
1443         https://bugs.webkit.org/show_bug.cgi?id=160037
1444
1445         Reviewed by Ryosuke Niwa.
1446
1447         Fix null handling for HTMLIFrameElement.marginWidth / marginHeight to
1448         match the specification:
1449         - https://html.spec.whatwg.org/#HTMLIFrameElement-partial
1450
1451         We are supposed to treat null as the empty string. Both Firefox and
1452         Chrome agree with the specification.
1453
1454         No new tests, rebaselined existing tests.
1455
1456         * html/HTMLIFrameElement.idl:
1457
1458 2016-07-21  Chris Dumez  <cdumez@apple.com>
1459
1460         Fix null handling for HTMLImageElement.border
1461         https://bugs.webkit.org/show_bug.cgi?id=160039
1462
1463         Reviewed by Ryosuke Niwa.
1464
1465         Fix null handling for HTMLImageElement.border to match the specification:
1466         - https://html.spec.whatwg.org/#HTMLImageElement-partial
1467
1468         We are supposed to treat null as the empty string.
1469
1470         Both Firefox and Chrome agree with the specification.
1471
1472         No new tests, rebaselined existing tests.
1473
1474         * html/HTMLImageElement.idl:
1475
1476 2016-07-21  Daniel Bates  <dabates@apple.com>
1477
1478         REGRESSION: Plugin replaced YouTube Flash videos always have the same width
1479         https://bugs.webkit.org/show_bug.cgi?id=159998
1480         <rdar://problem/27462285>
1481
1482         Reviewed by Simon Fraser.
1483
1484         Fixes an issue where the width of a plugin replaced YouTube video loaded via an HTML embed
1485         element would always have the same width regardless of value of the width attribute.
1486
1487         For YouTube Flash videos the YouTube plugin replacement substitutes a shadow DOM subtree
1488         for the default renderer of an HTML embed element. The root of this shadow DOM subtree
1489         is an HTML div element. Currently we set inline styles on this <div> when it is instantiated.
1490         In particular, we set inline display and position to "inline-block" and "relative", respectively,
1491         and set an invalid height and width (we specify a font weight value instead of a CSS length value
1492         - this causes an ASSERT_NOT_REACHED() assertion failure in StyleBuilderConverter::convertLengthSizing()
1493         in a debug build). These styles never worked as intended and we ultimately created an inline
1494         renderer (ignoring display "inline-block") that had auto width and height. Instead it is sufficient
1495         to remove all these inline styles and create a RenderBlockFlow renderer for this <div> so that it
1496         renders as a block, non-replaced element to achieve the intended illusion that the <embed> is a
1497         single element.
1498
1499         * html/shadow/YouTubeEmbedShadowElement.cpp: Remove unused header HTMLEmbedElement.h and include
1500         header RenderBlockFlow.h. Also update copyright in license block.
1501         (WebCore::YouTubeEmbedShadowElement::YouTubeEmbedShadowElement): Remove inline styles as these
1502         never worked as intended.
1503         (WebCore::YouTubeEmbedShadowElement::createElementRenderer): Override; create a block-flow
1504         renderer for us so that we layout as a block, non-replaced element.
1505         * html/shadow/YouTubeEmbedShadowElement.h:
1506
1507 2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>
1508
1509         [iPhone] Playing a video on tudou.com plays only sound, no video
1510         https://bugs.webkit.org/show_bug.cgi?id=159967
1511         <rdar://problem/26964090>
1512
1513         Reviewed by Jon Lee, Jeremy Jones, and Anders Carlsson.
1514
1515         WebKit recently starting honoring the playsinline and webkit-playsinline
1516         attribute on iPhones. However, because these attributes previously did
1517         nothing, some sites (such as Todou) were setting them on their content
1518         and expecting that they are not honored. In this specific case, the
1519         video is absolutely positioned to be 1 pixel x 1 pixel.
1520
1521         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
1522         property on their WKWebView, which would honor the webkit-playsinline
1523         attribute. Safari on iPhones didn't do this.
1524
1525         In order to not break these existing apps, it's important that the
1526         allowsInlineMediaPlayback preference still allows webkit-playsinline
1527         videos to play inline in apps using WKWebView. However, in Safari, these
1528         videos should play fullscreen. (Todou videos have webkit-playsinline
1529         but not playsinline.)
1530
1531         Therefore, in Safari, videos with playsinline should be inline, but
1532         videos with webkit-playsinline should be fullscreen. In apps using
1533         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
1534         playsinline should be inline, and videos with webkit-playsinline should
1535         also be inline. Videos on iPad and Mac should all be inline by default.
1536
1537         We can create some truth tables for the cases which need to be covered:
1538
1539         All apps on Mac / iPad:
1540         Presence of playsinline | Presence of webkit-playsinline | Result
1541         ========================|================================|===========
1542         Not present             | Not present                    | Inline
1543         Present                 | Not present                    | Inline
1544         Not Present             | Present                        | Inline
1545         Present                 | Present                        | Inline
1546
1547         Safari on iPhone:
1548         Presence of playsinline | Presence of webkit-playsinline | Result
1549         ========================|================================|===========
1550         Not present             | Not present                    | Fullscreen
1551         Present                 | Not present                    | Inline
1552         Not Present             | Present                        | Fullscreen
1553         Present                 | Present                        | Inline
1554
1555         App on iPhone which sets allowsInlineMediaPlayback:
1556         Presence of playsinline | Presence of webkit-playsinline | Result
1557         ========================|================================|===========
1558         Not present             | Not present                    | Fullscreen
1559         Present                 | Not present                    | Inline
1560         Not Present             | Present                        | Inline
1561         Present                 | Present                        | Inline
1562
1563         The way to distinguish Safari from another app is to create an SPI
1564         boolean preference which Safari can set. This is already how the
1565         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
1566         which Safari sets but other apps don't. However, this preference is
1567         no longer sufficient because Safari should now be discriminating
1568         between the playsinline and webkit-playsinline attributes. Therefore,
1569         this preference should be extended to two boolean preferences, which
1570         this patch adds:
1571
1572         allowsInlineMediaPlaybackWithPlaysInlineAttribute
1573         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
1574
1575         Safari on iPhone will set
1576         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
1577         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
1578         false. Other apps on iPhone will get their defaults values (because they
1579         are SPI) which means they will both be true. On iPad and Mac, apps will
1580         use the defaults values where both are false.
1581
1582         This patch adds support for these two preferences, but does not remove
1583         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
1584         I will remove the exising preference as soon as I update Safari to migrate
1585         off of it.
1586
1587         Test: media/video-playsinline.html
1588
1589         * html/MediaElementSession.cpp:
1590         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
1591         * page/Settings.cpp:
1592         * page/Settings.in:
1593         * testing/InternalSettings.cpp:
1594         (WebCore::InternalSettings::Backup::Backup):
1595         (WebCore::InternalSettings::Backup::restoreTo):
1596         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
1597         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
1598         * testing/InternalSettings.h:
1599         * testing/InternalSettings.idl:
1600
1601 2016-07-21  Ryosuke Niwa  <rniwa@webkit.org>
1602
1603         Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply
1604         https://bugs.webkit.org/show_bug.cgi?id=160011
1605
1606         Reviewed by Chris Dumez.
1607
1608         Add a null pointer check for renderer() call.
1609
1610         Unfortunately no new tests since we don't have a reproduction.
1611
1612         * editing/DeleteSelectionCommand.cpp:
1613         (WebCore::DeleteSelectionCommand::doApply):
1614
1615 2016-07-21  Chris Dumez  <cdumez@apple.com>
1616
1617         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
1618         https://bugs.webkit.org/show_bug.cgi?id=160030
1619
1620         Reviewed by Sam Weinig.
1621
1622         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
1623         as per the specification:
1624         - https://dom.spec.whatwg.org/#domimplementation
1625
1626         Firefox and Chrome both agree with the specification. However, those
1627         parameters were marked as optional in WebKit. Calling this function
1628         without parameters would create a document element whose tag is the
1629         string "undefined", which does not seem helpful. This patch thus
1630         aligns our behavior with the specification and other browsers.
1631
1632         No new tests, rebaselined existing tests.
1633
1634         * dom/DOMImplementation.idl:
1635
1636 2016-07-21  Chris Dumez  <cdumez@apple.com>
1637
1638         Kill legacy valueToStringWithNullCheck() utility function
1639         https://bugs.webkit.org/show_bug.cgi?id=159991
1640
1641         Reviewed by Sam Weinig.
1642
1643         Kill legacy valueToStringWithNullCheck() utility function. Treating null as
1644         a null string is legacy behavior so drop this function so that people are
1645         not tempted to use it. We should be using either:
1646         1. JSValue::toWTFString() for non-nullable DOMStrings
1647         2. valueToStringWithUndefinedOrNullCheck() for nullable DOMStrings
1648         3. valueToStringTreatingNullAsEmptyString() for strings with [TreatNullAs=EmptyString]
1649
1650         No new tests, no web-exposed behavior change.
1651
1652         * bindings/js/JSDOMBinding.cpp:
1653         (WebCore::valueToStringWithNullCheck): Deleted.
1654         * bindings/js/JSDOMBinding.h:
1655         * bindings/js/JSHTMLFrameElementCustom.cpp:
1656         (WebCore::JSHTMLFrameElement::setLocation):
1657         * html/HTMLFrameElement.idl:
1658
1659 2016-07-21  Zalan Bujtas  <zalan@apple.com>
1660
1661         Do not keep invalid IOSurface in ImageBufferData.
1662         https://bugs.webkit.org/show_bug.cgi?id=160005
1663         <rdar://problem/27208636>
1664
1665         Reviewed by Simon Fraser.
1666
1667         When we fail to initialize the IOSurface for the accelerated context, we switch over to
1668         the non-accelerated code path. Since ImageBufferData::surface is used to indicate whether
1669         the graphics context is in accelerated mode, we need to reset it when the initialization fails.
1670
1671         Unable to create a test case.
1672
1673         * platform/graphics/cg/ImageBufferCG.cpp:
1674         (WebCore::ImageBuffer::ImageBuffer):
1675
1676 2016-07-21  Chris Dumez  <cdumez@apple.com>
1677
1678         playsInline IDL attribute has the wrong casing
1679         https://bugs.webkit.org/show_bug.cgi?id=160029
1680         <rdar://problem/27474031>
1681
1682         Reviewed by Jon Lee.
1683
1684         Fix case from video.playsinline to video.playsInline in order to match
1685         the specification:
1686         - https://html.spec.whatwg.org/multipage/embedded-content.html#the-video-element:dom-video-playsinline
1687
1688         It still reflects the "playsinline" content attribute though, as per
1689         the specification:
1690         - https://html.spec.whatwg.org/multipage/embedded-content.html#dom-video-playsinline
1691
1692         No new tests, updated existing test.
1693
1694         * html/HTMLVideoElement.idl:
1695
1696 2016-07-21  Chris Dumez  <cdumez@apple.com>
1697
1698         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
1699         https://bugs.webkit.org/show_bug.cgi?id=160026
1700
1701         Reviewed by Sam Weinig.
1702
1703         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
1704         attribute as it does not match the specification:
1705         - https://html.spec.whatwg.org/multipage/scripting.html#canvascompositing
1706
1707         It does not change web-exposed behavior because assigning to "" or "null"
1708         gets ignored as those are not valid operations.
1709
1710         Test: fast/canvas/context-globalCompositeOperation-null.html
1711
1712         * html/canvas/CanvasRenderingContext2D.idl:
1713
1714 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
1715
1716         [GTK][Threaded Compositor] Overlay scrollbars shouldn't be a requirement of the threaded compositor
1717         https://bugs.webkit.org/show_bug.cgi?id=160020
1718
1719         Reviewed by Michael Catanzaro.
1720
1721         It has been a requirement only because we didn't really know why frame scrollbars were not rendered when using
1722         the threaded compositor. The reason is that RenderView doesn't use layers for FrameView scrollbars by default,
1723         unless using overlay scrollbars. When using the threaded compositor we really need layers for the FrameView
1724         scrollbars even when not using overlay scrollbars.
1725
1726         * platform/gtk/ScrollbarThemeGtk.cpp:
1727         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk): Stop enforcing overlay scrollbars when threaded compositor is enabled.
1728         * rendering/RenderLayerCompositor.cpp:
1729         (WebCore::RenderLayerCompositor::shouldCompositeOverflowControls): Always use layers for scrollbars when
1730         threaded compositor is enabled.
1731
1732 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
1733
1734         [Cairo] Fix a crash in fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
1735         https://bugs.webkit.org/show_bug.cgi?id=160014
1736
1737         Reviewed by Michael Catanzaro.
1738
1739         In r202887 some null checks were added for JSArray::createUninitialized (and related) but not for the
1740         ImageBuffer cairo implementation.
1741
1742         * platform/graphics/cairo/ImageBufferCairo.cpp:
1743         (WebCore::getImageData): Return early if Uint8ClampedArray::createUninitialized() returns nullptr.
1744
1745 2016-07-21  Miguel Gomez  <magomez@igalia.com>
1746
1747         [GTK] The GSTREAMER_GL path in MediaPlayerPrivateGStreamerBase::paintToTextureMapper() is missing a mutex lock
1748         https://bugs.webkit.org/show_bug.cgi?id=160018
1749
1750         Reviewed by Philippe Normand.
1751
1752         Lock the video sample mutex while accessing it.
1753
1754         Covered by existent tests.
1755
1756         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1757         (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
1758
1759 2016-07-21  Miguel Gomez  <magomez@igalia.com>
1760
1761         [Threaded Compositor] Flickering when zooming in/out in maps.google.com
1762         https://bugs.webkit.org/show_bug.cgi?id=154069
1763
1764         Reviewed by Carlos Garcia Campos.
1765
1766         Add a new extra buffer to GraphicsContext3D when using the Threaded Compositor,
1767         so it doesn't have to reuse the buffers that are still waiting for composition.
1768
1769         Covered by existing tests.
1770
1771         * platform/graphics/GraphicsContext3D.h:
1772         Add a new texture to use for the rendering. Remove the compositor fbo we were using.
1773         * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
1774         (WebCore::GraphicsContext3D::GraphicsContext3D):
1775         Initialize the new texture and remove the previous fbo related code.
1776         (WebCore::GraphicsContext3D::~GraphicsContext3D):
1777         Properly destroy the new texture and remove the previous fbo related code.
1778         * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
1779         (WebCore::GraphicsContext3D::reshapeFBOs):
1780         Allocate the new texture and remove the previous fbo allocation.
1781         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
1782         (WebCore::GraphicsContext3D::prepareTexture):
1783         Use a single fbo with three textures instead of two fbos with a texture each.
1784         Rotate the three textures usage so:
1785         - m_texture becomes m_compositorTexture to be pushed to the compositor.
1786         - m_intermediateTexture becomes m_texture to receive the next rendering.
1787         - m_compositorTexture becomes m_intermediateTexture.
1788         And add a glFlush() to ensure that the gl commands are sent to the pipeline.
1789         * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
1790         (WebCore::GraphicsContext3D::reshapeFBOs):
1791         Allocate the new texture.
1792
1793 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
1794
1795         [GTK][Threaded Compositor] Web view background colors don't work
1796         https://bugs.webkit.org/show_bug.cgi?id=159465
1797
1798         Reviewed by Michael Catanzaro.
1799
1800         * rendering/RenderLayerBacking.cpp:
1801         (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): Initialize frame view layer opacity for platforms not
1802         using the tiled cache layer.
1803
1804 2016-07-20  Youenn Fablet  <youenn@apple.com>
1805
1806         [XHR] Cache response JS object in case of arraybuffer and blob response types
1807         https://bugs.webkit.org/show_bug.cgi?id=128903
1808
1809         Reviewed by Alex Christensen.
1810
1811         Covered by existing and modified tests.
1812
1813         Making response getter a JS builtin that caches response in @response private slot.
1814         Handling invalidation of cached response with @responseCacheIsValid new private method.
1815         Handling creation of cached response with @retrieveResponse new private method which reuses most of
1816         JSXMLHttpRequest::response previous code.
1817
1818         Caching of responses is activated whenever load ended without any error for blob and arraybuffer response types.
1819
1820         Caching of response for document is also activated in case the response getter is used but not if responseXML getter is used.
1821
1822         * CMakeLists.txt: Adding XMLHttpRequest.js.
1823         * DerivedSources.make: Ditto.
1824         * bindings/js/JSXMLHttpRequestCustom.cpp:
1825         (WebCore::JSXMLHttpRequest::retrieveResponse): Implements creation of to-be-cached response.
1826         (WebCore::JSXMLHttpRequest::response): Deleted.
1827         * bindings/js/WebCoreBuiltinNames.h: Adding new private names.
1828         * xml/XMLHttpRequest.cpp:
1829         (WebCore::XMLHttpRequest::didCacheResponse): Renamed from didCacheResponseJSON as all response types are now cached.
1830         (WebCore::XMLHttpRequest::didCacheResponseJSON): Deleted.
1831         * xml/XMLHttpRequest.h:
1832         * xml/XMLHttpRequest.idl:
1833
1834 2016-07-20  Youenn Fablet  <youenn@apple.com>
1835
1836         Remove crossOriginRequestPolicy from ThreadableLoaderOptions
1837         https://bugs.webkit.org/show_bug.cgi?id=159417
1838
1839         Reviewed by Alex Christensen.
1840
1841         No observable change.
1842
1843         * Modules/fetch/FetchLoader.cpp:
1844         (WebCore::FetchLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
1845         * fileapi/FileReaderLoader.cpp:
1846         (WebCore::FileReaderLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
1847         * inspector/InspectorNetworkAgent.cpp:
1848         (WebCore::InspectorNetworkAgent::loadResource): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
1849         * loader/DocumentThreadableLoader.cpp:
1850         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
1851         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest): UseAccessControl -> FetchOptions::Mode::Cors.
1852         (WebCore::DocumentThreadableLoader::redirectReceived): Ditto.
1853         (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
1854         (WebCore::DocumentThreadableLoader::loadRequest): Use NoCors as option passed to ResourceLoader. This allows
1855         desactivating ResourceLoader CORS checks as they are done in DocumentThreadableLoader right now. In the future,
1856         these checks should be moved to ResourceLoader and DocumentThreadableLoader should directly pass the fetch mode
1857         option.
1858         (WebCore::DocumentThreadableLoader::isAllowedRedirect): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
1859         * loader/ThreadableLoader.cpp:
1860         (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing CrossOriginRequestPolicy.
1861         * loader/ThreadableLoader.h: Ditto.
1862         * loader/WorkerThreadableLoader.cpp:
1863         (WebCore::LoaderTaskOptions::LoaderTaskOptions): Ditto.
1864         * page/EventSource.cpp:
1865         (WebCore::EventSource::connect): UseAccessControl -> FetchOptions::Mode::Cors.
1866         * workers/Worker.cpp:
1867         (WebCore::Worker::create): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
1868         * workers/WorkerGlobalScope.cpp:
1869         (WebCore::WorkerGlobalScope::importScripts): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
1870         * workers/WorkerScriptLoader.cpp:
1871         (WebCore::WorkerScriptLoader::loadSynchronously):
1872         (WebCore::WorkerScriptLoader::loadAsynchronously):
1873         * workers/WorkerScriptLoader.h:
1874         * xml/XMLHttpRequest.cpp:
1875         (WebCore::XMLHttpRequest::createRequest):
1876
1877 2016-07-20  Chris Dumez  <cdumez@apple.com>
1878
1879         Fix null handling of several Document attributes
1880         https://bugs.webkit.org/show_bug.cgi?id=159997
1881
1882         Reviewed by Ryosuke Niwa.
1883
1884         Fix null handling of the following Document attributes: title, cookie
1885         and domain.
1886
1887         In WebKit, they were all marked as [TreatNullAs=EmptyString], which
1888         does not match the specification:
1889         - https://html.spec.whatwg.org/multipage/dom.html#document
1890
1891         Details for each attribute:
1892         - title: null is now treated as the string "null", thus setting the
1893           document title to "null". This matches Firefox and Chrome.
1894         - cookie: adds a "null" cookie instead of being a no-op. This matches
1895                   both Firefox and Chrome.
1896         - domain: Calls setDomain(String("null")) instead of
1897                   setDomain(String()). This throws an exception because "null"
1898                   is not a suffix of the effective domain name. The behavior
1899                   is the same in Firefox and Chrome. Previously, we were
1900                   already throwing an exception since setting the domain to
1901                   the empty string throws, as per the specification.
1902
1903         Test: http/tests//dom/document-attributes-null-handling.html
1904
1905         * dom/Document.idl:
1906
1907 2016-07-20  Commit Queue  <commit-queue@webkit.org>
1908
1909         Unreviewed, rolling out r203471.
1910         https://bugs.webkit.org/show_bug.cgi?id=160003
1911
1912         many iOS-simulator tests are failing (Requested by litherum on
1913         #webkit).
1914
1915         Reverted changeset:
1916
1917         "[iPhone] Playing a video on tudou.com plays only sound, no
1918         video"
1919         https://bugs.webkit.org/show_bug.cgi?id=159967
1920         http://trac.webkit.org/changeset/203471
1921
1922 2016-07-19  Ryosuke Niwa  <rniwa@webkit.org>
1923
1924         iOS: Cannot paste images in RTF content
1925         https://bugs.webkit.org/show_bug.cgi?id=159964
1926         <rdar://problem/27442806>
1927
1928         Reviewed by Enrica Casucci.
1929
1930         The bug was caused by setDefersLoading(true) not deferring image loading for the parsed fragment.
1931         Worked around this bug by disabling image loading while parsing the document fragment.
1932
1933         * editing/ios/EditorIOS.mm:
1934         (WebCore::Editor::createFragmentAndAddResources):
1935
1936 2016-07-20  Brady Eidson  <beidson@apple.com>
1937
1938         Address a small FIXME in IDB code.
1939         https://bugs.webkit.org/show_bug.cgi?id=159999
1940
1941         Reviewed by Andy Estes.
1942
1943         No new tests (No behavior change).
1944
1945         * Modules/indexeddb/IDBRequest.cpp:
1946         (WebCore::IDBRequest::IDBRequest):
1947         
1948         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
1949         (WebCore::IDBResourceIdentifier::IDBResourceIdentifier): Deleted.
1950         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
1951
1952 2016-07-20  Brady Eidson  <beidson@apple.com>
1953
1954         Remove some "modernFoo"s from IndexedDB code.
1955         https://bugs.webkit.org/show_bug.cgi?id=159985
1956
1957         Reviewed by Andy Estes.
1958
1959         No new tests (No known behavior change).
1960
1961         * Modules/indexeddb/IDBCursor.cpp:
1962         (WebCore::IDBCursor::IDBCursor):
1963         (WebCore::IDBCursor::~IDBCursor):
1964         (WebCore::IDBCursor::sourcesDeleted):
1965         (WebCore::IDBCursor::effectiveObjectStore):
1966         (WebCore::IDBCursor::transaction):
1967         (WebCore::IDBCursor::direction):
1968         (WebCore::IDBCursor::update):
1969         (WebCore::IDBCursor::advance):
1970         (WebCore::IDBCursor::continueFunction):
1971         (WebCore::IDBCursor::uncheckedIterateCursor):
1972         (WebCore::IDBCursor::deleteFunction):
1973         (WebCore::IDBCursor::setGetResult):
1974         
1975         * Modules/indexeddb/IDBIndex.cpp:
1976         (WebCore::IDBIndex::IDBIndex):
1977         (WebCore::IDBIndex::~IDBIndex):
1978         (WebCore::IDBIndex::hasPendingActivity):
1979         (WebCore::IDBIndex::name):
1980         (WebCore::IDBIndex::objectStore):
1981         (WebCore::IDBIndex::keyPath):
1982         (WebCore::IDBIndex::unique):
1983         (WebCore::IDBIndex::multiEntry):
1984         (WebCore::IDBIndex::openCursor):
1985         (WebCore::IDBIndex::doCount):
1986         (WebCore::IDBIndex::openKeyCursor):
1987         (WebCore::IDBIndex::doGet):
1988         (WebCore::IDBIndex::doGetKey):
1989         (WebCore::IDBIndex::markAsDeleted):
1990         * Modules/indexeddb/IDBIndex.h:
1991         
1992         * Modules/indexeddb/IDBObjectStore.cpp:
1993         (WebCore::IDBObjectStore::transaction):
1994         (WebCore::IDBObjectStore::deleteFunction): Deleted.
1995         (WebCore::IDBObjectStore::modernDelete): Deleted.
1996         * Modules/indexeddb/IDBObjectStore.h:
1997         
1998         * bindings/js/JSIDBIndexCustom.cpp:
1999         (WebCore::JSIDBIndex::visitAdditionalChildren):
2000
2001 2016-07-20  Chris Dumez  <cdumez@apple.com>
2002
2003         Stop using valueToStringWithNullCheck() in JSCSSStyleDeclaration::putDelegate()
2004         https://bugs.webkit.org/show_bug.cgi?id=159982
2005
2006         Reviewed by Ryosuke Niwa.
2007
2008         valueToStringWithNullCheck() treats null as the null String() which is
2009         legacy / non standard behavior. The specification says we should treat
2010         null as the empty string:
2011         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
2012
2013         Therefore, we should be using valueToStringTreatingNullAsEmptyString() instead.
2014
2015         In practice, there is no web-exposed behavior change because
2016         MutableStyleProperties::setProperty() removes the property wether the
2017         value is the null String or the empty String.
2018
2019         This behavior is correct since the specification says that we should
2020         remove the property if the value is the empty string:
2021         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty (step 4)
2022
2023         I added test coverage to make sure we behave according to specification.
2024         This test is passing in Firefox, Chrome and in WebKit (before and after
2025         my change).
2026
2027         Test: fast/css/CSSStyleDeclaration-property-setter.html
2028
2029         * bindings/js/JSCSSStyleDeclarationCustom.cpp:
2030         (WebCore::JSCSSStyleDeclaration::putDelegate):
2031
2032 2016-07-20  Chris Dumez  <cdumez@apple.com>
2033
2034         Fix null handling of HTMLFrameElement.marginWidth / marginHeight
2035         https://bugs.webkit.org/show_bug.cgi?id=159987
2036
2037         Reviewed by Ryosuke Niwa.
2038
2039         Fix null handling of HTMLFrameElement.marginWidth / marginHeight:
2040         - https://html.spec.whatwg.org/multipage/obsolete.html#htmlframeelement
2041
2042         We are supposed to treat null as the empty string but we treat it as
2043         the string "null".
2044
2045         Firefox and Chrome both match the specification.
2046
2047         No new tests, updated existing tests.
2048
2049         * html/HTMLFrameElement.idl:
2050
2051 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
2052
2053         Pausing autoplayed media should not remove all restrictions for that media element
2054         https://bugs.webkit.org/show_bug.cgi?id=159988
2055
2056         Reviewed by Jon Lee.
2057
2058         Localizes the removal of behavior restrictions introduced in r203464 upon pausing an
2059         autoplaying video to just affect the hiding or showing of the media controller. This
2060         prevents pages from using Javascript to start playing autoplaying videos that have
2061         been paused by the user.
2062
2063         * html/HTMLMediaElement.cpp:
2064         (WebCore::HTMLMediaElement::pause):
2065
2066 2016-07-20  Myles C. Maxfield  <mmaxfield@apple.com>
2067
2068         [iPhone] Playing a video on tudou.com plays only sound, no video
2069         https://bugs.webkit.org/show_bug.cgi?id=159967
2070         <rdar://problem/26964090>
2071
2072         Reviewed by Jon Lee.
2073
2074         WebKit recently starting honoring the playsinline and webkit-playsinline
2075         attribute on iPhones. However, because these attributes previously did
2076         nothing, some sites (such as Todou) were setting them on their content
2077         and expecting that they are not honored. In this specific case, the
2078         video is absolutely positioned to be 1 pixel x 1 pixel.
2079
2080         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
2081         property on their WKWebView, which would honor the webkit-playsinline
2082         attribute. Safari on iPhones didn't do this.
2083
2084         In order to not break these existing apps, it's important that the
2085         allowsInlineMediaPlayback preference still allows webkit-playsinline
2086         videos to play inline in apps using WKWebView. However, in Safari, these
2087         videos should play fullscreen. (Todou videos have webkit-playsinline
2088         but not playsinline.)
2089
2090         Therefore, in Safari, videos with playsinline should be inline, but
2091         videos with webkit-playsinline should be fullscreen. In apps using
2092         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
2093         playsinline should be inline, and videos with webkit-playsinline should
2094         also be inline. Videos on iPad and Mac should all be inline by default.
2095
2096         We can create some truth tables for the cases which need to be covered:
2097
2098         All apps on Mac / iPad:
2099         Presence of playsinline | Presence of webkit-playsinline | Result
2100         ========================|================================|===========
2101         Not present             | Not present                    | Inline
2102         Present                 | Not present                    | Inline
2103         Not Present             | Present                        | Inline
2104         Present                 | Present                        | Inline
2105
2106         Safari on iPhone:
2107         Presence of playsinline | Presence of webkit-playsinline | Result
2108         ========================|================================|===========
2109         Not present             | Not present                    | Fullscreen
2110         Present                 | Not present                    | Inline
2111         Not Present             | Present                        | Fullscreen
2112         Present                 | Present                        | Inline
2113
2114         App on iPhone which sets allowsInlineMediaPlayback:
2115         Presence of playsinline | Presence of webkit-playsinline | Result
2116         ========================|================================|===========
2117         Not present             | Not present                    | Fullscreen
2118         Present                 | Not present                    | Inline
2119         Not Present             | Present                        | Inline
2120         Present                 | Present                        | Inline
2121
2122         The way to distinguish Safari from another app is to create an SPI
2123         boolean preference which Safari can set. This is already how the
2124         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
2125         which Safari sets but other apps don't. However, this preference is
2126         no longer sufficient because Safari should now be discriminating
2127         between the playsinline and webkit-playsinline attributes. Therefore,
2128         this preference should be extended to two boolean preferences, which
2129         this patch adds:
2130
2131         allowsInlineMediaPlaybackWithPlaysInlineAttribute
2132         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
2133
2134         Safari on iPhone will set
2135         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
2136         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
2137         false. Other apps on iPhone will get their defaults values (because they
2138         are SPI) which means they will both be true. On iPad and Mac, apps will
2139         use the defaults values where both are false.
2140
2141         This patch adds support for these two preferences, but does not remove
2142         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
2143         I will remove the exising preference as soon as I update Safari to migrate
2144         off of it.
2145
2146         Test: media/video-playsinline.html
2147
2148         * html/MediaElementSession.cpp:
2149         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
2150         * page/Settings.cpp:
2151         * page/Settings.in:
2152         * testing/InternalSettings.cpp:
2153         (WebCore::InternalSettings::Backup::Backup):
2154         (WebCore::InternalSettings::Backup::restoreTo):
2155         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
2156         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
2157         * testing/InternalSettings.h:
2158         * testing/InternalSettings.idl:
2159
2160 2016-07-20  Chris Dumez  <cdumez@apple.com>
2161
2162         Get rid of custom bindings code for XMLHttpRequest.open()
2163         https://bugs.webkit.org/show_bug.cgi?id=159984
2164
2165         Reviewed by Ryosuke Niwa.
2166
2167         Get rid of custom bindings code for XMLHttpRequest.open() as the
2168         bindings generator is able to generate it.
2169
2170         Relevant specification:
2171         - https://xhr.spec.whatwg.org/#xmlhttprequest
2172
2173         The issue is that legacy content prevents treating the 'async' argument
2174         being undefined identical from it being omitted. However, this can be
2175         achieved by using overloading in IDL, like in the specification.
2176
2177         No new tests, already covered by the following tests:
2178         - http/tests/xmlhttprequest/basic-auth.html
2179         - http/tests/xmlhttprequest/open-async-overload.html
2180
2181         * bindings/js/JSXMLHttpRequestCustom.cpp:
2182         (WebCore::SendFunctor::SendFunctor): Deleted.
2183         (WebCore::SendFunctor::line): Deleted.
2184         (WebCore::SendFunctor::column): Deleted.
2185         (WebCore::SendFunctor::url): Deleted.
2186         (WebCore::SendFunctor::operator()): Deleted.
2187         * xml/XMLHttpRequest.cpp:
2188         (WebCore::XMLHttpRequest::open):
2189         * xml/XMLHttpRequest.h:
2190         * xml/XMLHttpRequest.idl:
2191
2192 2016-07-20  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
2193
2194         Mark overriden methods in WebCore/svg final classes as final
2195         https://bugs.webkit.org/show_bug.cgi?id=159966
2196
2197         Reviewed by Michael Catanzaro.
2198
2199         Update WebCore/svg classes so that overriden methods in final classes are marked final.
2200
2201         * svg/SVGAElement.h:
2202         * svg/SVGAltGlyphDefElement.h:
2203         * svg/SVGAltGlyphItemElement.h:
2204         * svg/SVGAnimateTransformElement.h:
2205         * svg/SVGAnimatedColor.h:
2206         * svg/SVGCircleElement.h:
2207         * svg/SVGClipPathElement.h:
2208         * svg/SVGCursorElement.h:
2209         * svg/SVGDefsElement.h:
2210         * svg/SVGDescElement.h:
2211         * svg/SVGEllipseElement.h:
2212         * svg/SVGFEMergeNodeElement.h:
2213         * svg/SVGFilterElement.h:
2214         * svg/SVGFontElement.h:
2215         * svg/SVGFontFaceElement.h:
2216         * svg/SVGFontFaceFormatElement.h:
2217         * svg/SVGFontFaceNameElement.h:
2218         * svg/SVGFontFaceSrcElement.h:
2219         * svg/SVGFontFaceUriElement.h:
2220         * svg/SVGForeignObjectElement.h:
2221         * svg/SVGGElement.h:
2222         * svg/SVGGlyphElement.h:
2223         * svg/SVGGlyphRefElement.h:
2224         * svg/SVGHKernElement.h:
2225         * svg/SVGImageElement.h:
2226         * svg/SVGLineElement.h:
2227         * svg/SVGMPathElement.h:
2228         * svg/SVGMaskElement.h:
2229         * svg/SVGMetadataElement.h:
2230         * svg/SVGMissingGlyphElement.h:
2231         * svg/SVGPathBuilder.h:
2232         * svg/SVGPathByteStreamBuilder.h:
2233         * svg/SVGPathByteStreamSource.h:
2234         * svg/SVGPathElement.h:
2235         * svg/SVGPathSegArcAbs.h:
2236         * svg/SVGPathSegArcRel.h:
2237         * svg/SVGPathSegClosePath.h:
2238         * svg/SVGPathSegCurvetoCubicAbs.h:
2239         * svg/SVGPathSegCurvetoCubicRel.h:
2240         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
2241         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
2242         * svg/SVGPathSegCurvetoQuadraticAbs.h:
2243         * svg/SVGPathSegCurvetoQuadraticRel.h:
2244         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
2245         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
2246         * svg/SVGPathSegLinetoAbs.h:
2247         * svg/SVGPathSegLinetoHorizontalAbs.h:
2248         * svg/SVGPathSegLinetoHorizontalRel.h:
2249         * svg/SVGPathSegLinetoRel.h:
2250         * svg/SVGPathSegLinetoVerticalAbs.h:
2251         * svg/SVGPathSegLinetoVerticalRel.h:
2252         * svg/SVGPathSegListBuilder.h:
2253         * svg/SVGPathSegListSource.h:
2254         * svg/SVGPathSegMovetoAbs.h:
2255         * svg/SVGPathSegMovetoRel.h:
2256         * svg/SVGPathStringSource.h:
2257         * svg/SVGPathTraversalStateBuilder.h:
2258         * svg/SVGPatternElement.h:
2259         * svg/SVGRectElement.h:
2260         * svg/SVGScriptElement.h:
2261         * svg/SVGStopElement.h:
2262         * svg/SVGStyleElement.h:
2263         * svg/SVGSwitchElement.h:
2264         * svg/SVGTRefElement.cpp:
2265         * svg/SVGTitleElement.h:
2266         * svg/SVGToOTFFontConversion.cpp:
2267         * svg/SVGUnknownElement.h:
2268         * svg/SVGVKernElement.h:
2269         * svg/SVGViewElement.h:
2270         * svg/SVGZoomEvent.h:
2271         * svg/animation/SVGSMILElement.cpp:
2272         * svg/graphics/SVGImage.h:
2273         * svg/graphics/SVGImageClients.h:
2274         * svg/graphics/SVGImageForContainer.h:
2275         * svg/graphics/filters/SVGFEImage.h:
2276         * svg/graphics/filters/SVGFilter.h:
2277         * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
2278         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
2279         * svg/properties/SVGAnimatedPropertyTearOff.h:
2280         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
2281         * svg/properties/SVGMatrixTearOff.h:
2282         * svg/properties/SVGPathSegListPropertyTearOff.h:
2283
2284 2016-07-20  Brady Eidson  <beidson@apple.com>
2285
2286         Transition most IDB interfaces from ScriptExecutionContext to ExecState.
2287         https://bugs.webkit.org/show_bug.cgi?id=159975
2288
2289         Reviewed by Alex Christensen.
2290
2291         No new tests (No known behavior change).
2292
2293         * Modules/indexeddb/IDBCursor.cpp:
2294         (WebCore::IDBCursor::continueFunction):
2295         (WebCore::IDBCursor::deleteFunction):
2296         * Modules/indexeddb/IDBCursor.h:
2297         * Modules/indexeddb/IDBCursor.idl:
2298
2299         * Modules/indexeddb/IDBDatabase.idl:
2300
2301         * Modules/indexeddb/IDBFactory.cpp:
2302         (WebCore::IDBFactory::cmp):
2303         * Modules/indexeddb/IDBFactory.h:
2304         * Modules/indexeddb/IDBFactory.idl:
2305
2306         * Modules/indexeddb/IDBIndex.cpp:
2307         (WebCore::IDBIndex::openCursor):
2308         (WebCore::IDBIndex::count):
2309         (WebCore::IDBIndex::doCount):
2310         (WebCore::IDBIndex::openKeyCursor):
2311         (WebCore::IDBIndex::get):
2312         (WebCore::IDBIndex::doGet):
2313         (WebCore::IDBIndex::getKey):
2314         (WebCore::IDBIndex::doGetKey):
2315         * Modules/indexeddb/IDBIndex.h:
2316         * Modules/indexeddb/IDBIndex.idl:
2317
2318         * Modules/indexeddb/IDBKeyRange.cpp:
2319         (WebCore::IDBKeyRange::only): Deleted.
2320         * Modules/indexeddb/IDBKeyRange.h:
2321
2322         * Modules/indexeddb/IDBObjectStore.cpp:
2323         (WebCore::IDBObjectStore::openCursor):
2324         (WebCore::IDBObjectStore::get):
2325         (WebCore::IDBObjectStore::putOrAdd):
2326         (WebCore::IDBObjectStore::deleteFunction):
2327         (WebCore::IDBObjectStore::doDelete):
2328         (WebCore::IDBObjectStore::modernDelete):
2329         (WebCore::IDBObjectStore::clear):
2330         (WebCore::IDBObjectStore::createIndex):
2331         (WebCore::IDBObjectStore::count):
2332         (WebCore::IDBObjectStore::doCount):
2333         * Modules/indexeddb/IDBObjectStore.h:
2334         * Modules/indexeddb/IDBObjectStore.idl:
2335
2336         * Modules/indexeddb/IDBTransaction.cpp:
2337         (WebCore::IDBTransaction::requestOpenCursor):
2338         (WebCore::IDBTransaction::doRequestOpenCursor):
2339         (WebCore::IDBTransaction::requestGetRecord):
2340         (WebCore::IDBTransaction::requestGetValue):
2341         (WebCore::IDBTransaction::requestGetKey):
2342         (WebCore::IDBTransaction::requestIndexRecord):
2343         (WebCore::IDBTransaction::requestCount):
2344         (WebCore::IDBTransaction::requestDeleteRecord):
2345         (WebCore::IDBTransaction::requestClearObjectStore):
2346         (WebCore::IDBTransaction::requestPutOrAdd):
2347         * Modules/indexeddb/IDBTransaction.h:
2348
2349         * inspector/InspectorIndexedDBAgent.cpp:
2350
2351 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
2352
2353         Media controls don't appear when pausing a small autoplaying video
2354         https://bugs.webkit.org/show_bug.cgi?id=159972
2355         <rdar://problem/27180657>
2356
2357         Reviewed by Beth Dakin.
2358
2359         When pausing an autoplaying video, remove behavior restrictions for the
2360         initial user gesture and show media controls.
2361
2362         New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.
2363
2364         * html/HTMLMediaElement.cpp:
2365         (WebCore::HTMLMediaElement::pause):
2366
2367 2016-07-20  Chris Dumez  <cdumez@apple.com>
2368
2369         Fix null handling of HTMLMediaElement.mediaGroup
2370         https://bugs.webkit.org/show_bug.cgi?id=159974
2371
2372         Reviewed by Eric Carlson.
2373
2374         Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
2375         - https://www.w3.org/TR/html5/embedded-content-0.html#media-elements
2376
2377         null is supposed to be treated as the String "null". This patch aligns
2378         our behavior with the specification. I tested Firefox and Chrome but both
2379         do not have this attribute on HTMLMediaElement.
2380
2381         Also remove support for [TreatNullAs=LegacyNullString] from our bindings
2382         generator as HTMLMediaElement.mediaGroup was the last user.
2383
2384         No new tests, rebaselined existing test.
2385
2386         * bindings/scripts/CodeGeneratorJS.pm:
2387         (JSValueToNative):
2388         * bindings/scripts/IDLAttributes.txt:
2389         * html/HTMLMediaElement.idl:
2390
2391 2016-07-20  Chris Dumez  <cdumez@apple.com>
2392
2393         CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
2394         https://bugs.webkit.org/show_bug.cgi?id=159959
2395
2396         Reviewed by Alexey Proskuryakov.
2397
2398         CSSStyleDeclaration.setProperty() should be able to unsert "important"
2399         on a property as per the latest specification:
2400         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
2401         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
2402
2403         Firefox and Chrome match the specification here but WebKit was ignoring calls
2404         to setProperty() if there is already an "important" property wit this name
2405         and if the new property does not have the "important" flag set.
2406
2407         This behavior was added a long time ago via Bug 60007. However, it does not
2408         match the latest specification or other browsers.
2409
2410         Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html
2411
2412         * css/StyleProperties.cpp:
2413         (WebCore::MutableStyleProperties::addParsedProperty):
2414         Drop code that was added via Bug 60007 as this behavior no longer matches the
2415         specification or other browsers. The layout test added in Bug 60007 fails in
2416         other browsers and was updated in this patch to match the specification.
2417
2418 2016-07-20  Commit Queue  <commit-queue@webkit.org>
2419
2420         Unreviewed, rolling out r203423.
2421         https://bugs.webkit.org/show_bug.cgi?id=159977
2422
2423         The test for this change is failing on Mac Release WK2
2424         (Requested by ryanhaddad on #webkit).
2425
2426         Reverted changeset:
2427
2428         "HTMLVideoElement frames do not update on iOS when src is a
2429         MediaStream blob"
2430         https://bugs.webkit.org/show_bug.cgi?id=159833
2431         http://trac.webkit.org/changeset/203423
2432
2433 2016-07-20  Chris Dumez  <cdumez@apple.com>
2434
2435         Fix null handling of HTMLSelectElement.value attribute
2436         https://bugs.webkit.org/show_bug.cgi?id=159925
2437
2438         Reviewed by Benjamin Poulain.
2439
2440         Fix null handling of HTMLSelectElement.value attribute:
2441         - https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement
2442
2443         We were treating null as the null String which would end up setting
2444         selectedIndex to -1. However, we should treat null as the String "null"
2445         which would set the selectedIndex to the index of the <option> element
2446         whose value is "null".
2447
2448         Firefox and Chrome match the specification.
2449
2450         Test: fast/dom/HTMLSelectElement/value-null-handling.html
2451
2452         * html/HTMLSelectElement.cpp:
2453         (WebCore::HTMLSelectElement::setValue):
2454         * html/HTMLSelectElement.idl:
2455
2456 2016-07-20  Chris Dumez  <cdumez@apple.com>
2457
2458         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
2459         https://bugs.webkit.org/show_bug.cgi?id=159962
2460         <rdar://problem/21439264>
2461
2462         Reviewed by David Kilzer.
2463
2464         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
2465         is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
2466         call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
2467         However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
2468         other. It is therefore possible for a PostResolutionCallbackDisabler object to get
2469         destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
2470         ResourceLoadSuspender object is alive.
2471
2472         This leads to hard to investigate crashes where we end up re-entering WebKit and killing
2473         the style resolver.
2474
2475         This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
2476         There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
2477         is better because it manages a resolutionNestingDepth counter internally to make sure
2478         it only calls LoaderStrategy::resumePendingRequests() once all
2479         PostResolutionCallbackDisabler instances are destroyed.
2480
2481         No new tests, there is no easy way to reproduce the crashes.
2482
2483         * dom/Document.cpp:
2484         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
2485         * loader/LoaderStrategy.cpp:
2486         (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
2487         (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
2488         * loader/LoaderStrategy.h:
2489
2490 2016-07-19  Youenn Fablet  <youenn@apple.com>
2491
2492         [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
2493         https://bugs.webkit.org/show_bug.cgi?id=159932
2494
2495         Reviewed by Alex Christensen.
2496
2497         Covered by existing tests.
2498
2499         Refactoring Headers initializeWith to use the new built-in internal that implements
2500         https://fetch.spec.whatwg.org/#concept-headers-fill.
2501
2502         Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
2503         Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.
2504
2505         * CMakeLists.txt: Adding FetchHeadersInternals.js
2506         * DerivedSources.make: Ditto.
2507         * Modules/fetch/FetchHeaders.js:
2508         (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
2509         * Modules/fetch/FetchInternals.js: Added.
2510         (fillFetchHeaders):
2511         * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
2512         that the checks are done in the order defined by the spec.
2513         (WebCore::FetchResponse::setStatus):
2514         (WebCore::FetchResponse::initializeWith):
2515         (WebCore::isNullBodyStatus): Deleted.
2516         * Modules/fetch/FetchResponse.h:
2517         * Modules/fetch/FetchResponse.idl:
2518         * Modules/fetch/FetchResponse.js:
2519         (initializeFetchResponse): New built-in internal.
2520         * WebCore.xcodeproj/project.pbxproj:
2521         * bindings/js/WebCoreBuiltinNames.h:
2522
2523 2016-07-19  Chris Dumez  <cdumez@apple.com>
2524
2525         Fix null handling of SVGScriptElement.type attribute
2526         https://bugs.webkit.org/show_bug.cgi?id=159927
2527
2528         Reviewed by Benjamin Poulain.
2529
2530         Fix null handling of SVGScriptElement.type attribute:
2531         - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement
2532
2533         We were treating null as the null String which would end up removing
2534         the 'type' content attribute. However, we should treat null as the
2535         String "null".
2536
2537         Firefox and Chrome match the specification.
2538
2539         No new tests, updated existing test.
2540
2541         * svg/SVGScriptElement.idl:
2542
2543 2016-07-19  Chris Dumez  <cdumez@apple.com>
2544
2545         Fix null handling of several HTMLDocument attributes
2546         https://bugs.webkit.org/show_bug.cgi?id=159923
2547
2548         Reviewed by Benjamin Poulain.
2549
2550         Fix null handling of several HTMLDocument attributes:
2551         - https://html.spec.whatwg.org/multipage/dom.html#document
2552         - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial
2553
2554         In particular, null handling was incorrect in WebKit for 'dir',
2555         'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.
2556
2557         Firefox and Chrome match the specification.
2558
2559         Test: fast/dom/HTMLDocument/null-handling.html
2560
2561         * html/HTMLDocument.idl:
2562
2563 2016-07-19  Chris Dumez  <cdumez@apple.com>
2564
2565         Document.createElementNS() / createAttributeNS() parameters should be mandatory
2566         https://bugs.webkit.org/show_bug.cgi?id=159938
2567
2568         Reviewed by Benjamin Poulain.
2569
2570         Document.createElementNS() / createAttributeNS() parameters should be mandatory:
2571         - https://dom.spec.whatwg.org/#document
2572
2573         They were optional in WebKit. However, Firefox and Chrome both match the
2574         specification.
2575
2576         No new tests, rebaselined existing tests.
2577
2578         * dom/Document.idl:
2579
2580 2016-07-19  Benjamin Poulain  <bpoulain@apple.com>
2581
2582         Use getElementById for attribute matching if the attribute name is html's id
2583         https://bugs.webkit.org/show_bug.cgi?id=159960
2584
2585         Reviewed by Chris Dumez.
2586
2587         Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
2588         (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).
2589
2590         If we are not in quirks mode, IdForStyleResolution has the same value
2591         as the Id attribute. We can use the same optimization for both cases.
2592
2593         Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
2594                fast/selectors/id-attribute-querySelector-used-as-id-selector.html
2595
2596         * dom/SelectorQuery.cpp:
2597         (WebCore::canBeUsedForIdFastPath):
2598         (WebCore::findIdMatchingType):
2599         (WebCore::SelectorDataList::SelectorDataList):
2600         (WebCore::selectorForIdLookup):
2601         (WebCore::filterRootById):
2602
2603 2016-07-19  Chris Dumez  <cdumez@apple.com>
2604
2605         Drop SVGElement.xmlbase attribute
2606         https://bugs.webkit.org/show_bug.cgi?id=159926
2607
2608         Reviewed by Benjamin Poulain.
2609
2610         Drop SVGElement.xmlbase attribute as it is no longer part of the
2611         specification:
2612         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
2613
2614         Both Firefox and Chrome have already dropped support for
2615         SVGElement.xmlbase.
2616
2617         Chrome's intent to remove:
2618         https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ
2619
2620         Test: svg/dom/SVGElement-xmlbase.html
2621
2622         * svg/SVGElement.cpp:
2623         (WebCore::SVGElement::removedFrom): Deleted.
2624         * svg/SVGElement.h:
2625         * svg/SVGElement.idl:
2626
2627 2016-07-19  Chris Dumez  <cdumez@apple.com>
2628
2629         Align CSSStyleDeclaration.setProperty() with the specification
2630         https://bugs.webkit.org/show_bug.cgi?id=159955
2631
2632         Reviewed by Benjamin Poulain.
2633
2634         Align CSSStyleDeclaration.setProperty() with the specification:
2635         - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface
2636
2637         In particular, the following changes were needed:
2638         1. The 'value' parameter should not be optional
2639         2. The 'priority' parameter should treat null as the empty string
2640            rather than the string "null".
2641         3. The 'priority' parameter's default value should be the empty string,
2642            not the string "undefined".
2643         4. CSSStyleDeclaration.setProperty() should return early if 'priority'
2644            is not the empty string and is not an ASCII case-insensitive match
2645            for the string "important".
2646
2647         Chrome matches the specification entirely.
2648         Firefox matches the specification with the exception that it does a
2649         case-sensitive match for "important".
2650
2651         Test: fast/css/CSSStyleDeclaration-setProperty.html
2652
2653         * css/CSSStyleDeclaration.idl:
2654         * css/PropertySetCSSStyleDeclaration.cpp:
2655         (WebCore::PropertySetCSSStyleDeclaration::setProperty):
2656
2657 2016-07-19  Daniel Bates  <dabates@apple.com>
2658
2659         CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
2660         https://bugs.webkit.org/show_bug.cgi?id=159841
2661         <rdar://problem/27381684>
2662
2663         Reviewed by Brent Fulgham.
2664
2665         Implement a first pass at sending multiple violation reports so as to more closely
2666         conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
2667         <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).
2668
2669         Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
2670                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
2671                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
2672                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2673                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2674                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
2675                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
2676                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
2677                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
2678                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2679                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2680                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
2681                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
2682                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
2683                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
2684                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2685                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2686                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
2687                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
2688                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
2689                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
2690                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2691                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2692                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
2693                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
2694                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html
2695
2696         * page/csp/ContentSecurityPolicy.cpp:
2697         (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
2698         is allowed by all of the policies with the specified disposition.
2699         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
2700         all of the enforced policies.
2701         (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
2702         Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
2703         so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
2704         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
2705         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
2706         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
2707         all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
2708         nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
2709         address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
2710         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
2711         (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
2712         matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
2713         report-only policies so that we only allow the resource for the former. As a side effect of this change
2714         we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
2715         for more details.
2716         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
2717         (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
2718         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
2719         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
2720         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
2721         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
2722         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
2723         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
2724         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
2725         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
2726         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
2727         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
2728         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
2729         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
2730         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
2731         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
2732         * page/csp/ContentSecurityPolicy.h:
2733         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.
2734
2735 2016-07-19  Chris Dumez  <cdumez@apple.com>
2736
2737         Fix null handling of HTMLScriptElement.text attribute
2738         https://bugs.webkit.org/show_bug.cgi?id=159943
2739
2740         Reviewed by Benjamin Poulain.
2741
2742         Fix null handling of HTMLScriptElement.text attribute:
2743         - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
2744
2745         We should treat null as the "null" String but we were treating it as
2746         the empty string.
2747
2748         Firefox and Chrome match the specification.
2749
2750         No new tests, rebaselined existing test.
2751
2752         * html/HTMLScriptElement.idl:
2753
2754 2016-07-19  Chris Dumez  <cdumez@apple.com>
2755
2756         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
2757         https://bugs.webkit.org/show_bug.cgi?id=159934
2758
2759         Reviewed by Benjamin Poulain.
2760
2761         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
2762         non-standard and we want to drop support for it from the bindings generator.
2763
2764         Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
2765         given that both a missing/empty attribute result in using the default
2766         autocapitalization mode and that autocapitalize returns the empty string by
2767         default.
2768
2769         Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html
2770
2771         * html/HTMLFormElement.idl:
2772         * html/HTMLInputElement.idl:
2773         * html/HTMLTextAreaElement.idl:
2774
2775 2016-07-19  Zalan Bujtas  <zalan@apple.com>
2776
2777         REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
2778         https://bugs.webkit.org/show_bug.cgi?id=159952
2779
2780         Reviewed by Simon Fraser.
2781
2782         Update ASSERTs to reflect new functionality, that is, now we can end up in a state
2783         where the container (RenderView) of one of the dirty subtrees is dirty.
2784         See r203415.
2785  
2786         Covered by editing/pasteboard/drag-drop-input-in-svg.svg
2787
2788         * page/FrameView.cpp:
2789         (WebCore::FrameView::scheduleRelayoutOfSubtree):
2790
2791 2016-07-19  Dean Jackson  <dino@apple.com>
2792
2793         REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
2794         https://bugs.webkit.org/show_bug.cgi?id=159948
2795         <rdar://problem/27391012>
2796
2797         Reviewed by Simon Fraser.
2798
2799         There is an iOS bug (<rdar://problem/27416744>) that is causing us
2800         to not always get a color space on CGContextRefs. Investigation of this
2801         exposed some optimizations we can take when we are creating ImageBuffers.
2802         In particular, if we have a bitmap context or an IOSurfaceContext we
2803         can simply copy their color space using API. Otherwise we stick with
2804         the existing CGContextCopyDeviceColorSpace.
2805
2806         Lastly, if for some reason we are unable to copy the device color space,
2807         we should fall back to sRGB.
2808
2809         * platform/graphics/cg/ImageBufferCG.cpp:
2810         (WebCore::ImageBuffer::createCompatibleBuffer):
2811         * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.
2812
2813
2814 2016-07-19  George Ruan  <gruan@apple.com>
2815
2816         HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
2817         https://bugs.webkit.org/show_bug.cgi?id=159833
2818         <rdar://problem/27379487>
2819
2820         Reviewed by Eric Carlson.
2821
2822         Test: fast/mediastream/MediaStream-video-element-displays-buffer.html
2823
2824         * WebCore.xcodeproj/project.pbxproj:
2825         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
2826         of RefPtr<T>
2827         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
2828         MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
2829         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
2830         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
2831         observers and AVSampleBufferDisplayLayer
2832         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
2833         is available.
2834         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
2835         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
2836         for enqueuing sample buffers to the active video track.
2837         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
2838         exists.
2839         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
2840         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
2841         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
2842         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
2843         new SampleBuffer is available.
2844         (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
2845         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
2846         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
2847         MediaPlayerPrivateMediaSourceAVFObjC.mm
2848         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
2849         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
2850         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
2851         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
2852         * platform/mediastream/MediaStreamPrivate.cpp:
2853         (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
2854         * platform/mediastream/MediaStreamTrackPrivate.cpp:
2855         (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
2856         is available.
2857         * platform/mediastream/MediaStreamTrackPrivate.h:
2858         (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
2859         a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
2860         * platform/mediastream/RealtimeMediaSource.cpp:
2861         (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
2862         * platform/mediastream/RealtimeMediaSource.h:
2863         * platform/mediastream/mac/AVVideoCaptureSource.mm:
2864         (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.
2865
2866 2016-07-19  Anders Carlsson  <andersca@apple.com>
2867
2868         Get rid of a #define private public hack in WebCore
2869         https://bugs.webkit.org/show_bug.cgi?id=159953
2870
2871         Reviewed by Dan Bernstein.
2872
2873         Use @package instead.
2874
2875         * bindings/objc/DOMInternal.h:
2876         * bindings/objc/DOMObject.h:
2877
2878 2016-07-19  Andreas Kling  <akling@apple.com>
2879
2880         Fix SharedBuffer leak in MockContentFilter::replacementData().
2881         <https://webkit.org/b/159945>
2882
2883         Reviewed by Andy Estes.
2884
2885         Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
2886         Since this is in the mock filter, it only affected layout tests.
2887
2888         * testing/MockContentFilter.cpp:
2889         (WebCore::MockContentFilter::replacementData):
2890
2891 2016-07-19  Zalan Bujtas  <zalan@apple.com>
2892
2893         theguardian.co.uk crossword puzzles are sometimes not displaying text
2894         https://bugs.webkit.org/show_bug.cgi?id=159924
2895         <rdar://problem/27409483>
2896
2897         Reviewed by Simon Fraser.
2898
2899         This patch fixes the case when
2900         - 2 disjoint subtrees are dirty
2901         - RenderView is also dirty.
2902         and we end up not laying out one of the 2 subtrees.
2903
2904         In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
2905         we already have a pending full layout which means that any previous subtree layouts have already been
2906         converted to full layouts.
2907         However this assumption is incorrect. RenderView can get dirty without checking if there's
2908         already a pending subtree layout.
2909         One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
2910         so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
2911         However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
2912         The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
2913         This patch implements the second option.
2914
2915         Test: fast/misc/subtree-layouts.html
2916
2917         * page/FrameView.cpp:
2918         (WebCore::FrameView::scheduleRelayoutOfSubtree):
2919
2920 2016-07-19  Anders Carlsson  <andersca@apple.com>
2921
2922         Some payment authorization status values should keep the sheet active
2923         https://bugs.webkit.org/show_bug.cgi?id=159936
2924         rdar://problem/26756701
2925
2926         Reviewed by Tim Horton.
2927
2928         * Modules/applepay/ApplePaySession.cpp:
2929         (WebCore::ApplePaySession::completePayment):
2930         Keep the sheet active if the status isn't a final state status.
2931
2932         * Modules/applepay/PaymentAuthorizationStatus.h:
2933         (WebCore::isFinalStateStatus):
2934         Add a new helper function that returns whether a given payment authorization status is "final",
2935         meaning that once that status has been passed to completePayment, the session is finished.
2936
2937 2016-07-19  Nan Wang  <n_wang@apple.com>
2938
2939         AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
2940         https://bugs.webkit.org/show_bug.cgi?id=159910
2941
2942         Reviewed by Chris Fleizach.
2943
2944         We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
2945         option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
2946         fixed a word navigation issue based on that.
2947
2948         Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html
2949
2950         * accessibility/AXObjectCache.cpp:
2951         (WebCore::AXObjectCache::traverseToOffsetInRange):
2952         (WebCore::AXObjectCache::rangeForNodeContents):
2953         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
2954         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
2955         (WebCore::AXObjectCache::rightWordRange):
2956         (WebCore::AXObjectCache::previousBoundary):
2957         * accessibility/AXObjectCache.h:
2958         (WebCore::AXObjectCache::isNodeInUse):
2959
2960 2016-07-19  Youenn Fablet  <youenn@apple.com>
2961
2962         [Streams API] ReadableStreamController methods should throw if its stream is not readable
2963         https://bugs.webkit.org/show_bug.cgi?id=159871
2964
2965         Reviewed by Xabier Rodriguez-Calvar.
2966
2967         Spec now mandates close and enqueue to throw if ReadableStream is not readable.
2968         Covered by rebased and/or modified tests.
2969
2970         * Modules/streams/ReadableStreamController.js:
2971         (enqueue): Throwing a TypeError if controlled stream is not readable.
2972         (close): Ditto.
2973
2974 2016-07-19  Simon Fraser  <simon.fraser@apple.com>
2975
2976         Bubbles appear split for a brief moment in Messages
2977         https://bugs.webkit.org/show_bug.cgi?id=159915
2978         rdar://problem/27182267
2979
2980         Reviewed by David Hyatt.
2981
2982         RenderView::repaintRootContents() had a long-standing bug in WebView when the
2983         view is scrolled. repaint() uses visualOverflowRect() but, for the 
2984         RenderView, the visualOverflowRect() is the initial containing block
2985         which is anchored at 0,0. When the view is scrolled it's clipped out and
2986         calls to repaintRootContents() have no effect.
2987         
2988         Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
2989         will clip it to the view if necessary.
2990
2991         Test: fast/repaint/scrolled-view-full-repaint.html
2992
2993         * rendering/RenderView.cpp:
2994         (WebCore::RenderView::repaintRootContents):
2995
2996 2016-07-19  Dan Bernstein  <mitz@apple.com>
2997
2998         <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'
2999
3000         * bindings/js/JSDOMGlobalObject.cpp:
3001         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.
3002
3003 2016-07-19  Youenn Fablet  <youenn@apple.com>
3004
3005         [Streams API] Make ReadableStream properties not enumerable
3006         https://bugs.webkit.org/show_bug.cgi?id=159868
3007
3008         Reviewed by Darin Adler.
3009
3010         Covered by rebased tests.
3011
3012         Uopdating IDL definitions to mark all functions/attributes as not enumerable.
3013         Updating IDL constructor definitions to correctly compute constructor length.
3014         Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).
3015
3016         * Modules/streams/ReadableStream.idl:
3017         * Modules/streams/ReadableStream.js:
3018         * Modules/streams/ReadableStreamController.idl:
3019         * Modules/streams/ReadableStreamReader.idl:
3020
3021 2016-07-19  Chris Dumez  <cdumez@apple.com>
3022
3023         form.enctype / encoding / method should treat null as "null" string
3024         https://bugs.webkit.org/show_bug.cgi?id=159916
3025
3026         Reviewed by Ryosuke Niwa.
3027
3028         form.enctype / encoding / method should treat null as "null" string:
3029         - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
3030
3031         Previously, WebKit would treat null as the null String, which would
3032         end up removing the existing attribute.
3033
3034         Firefox and Chrome match the specification.
3035
3036         Test: fast/dom/HTMLFormElement/null-handling.html
3037
3038         * html/HTMLFormElement.h:
3039         * html/HTMLFormElement.idl:
3040
3041 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
3042
3043         All-in-one buildfix after r202439
3044         https://bugs.webkit.org/show_bug.cgi?id=159877
3045
3046         Reviewed by Chris Dumez.
3047
3048         * Modules/webaudio/AudioDestinationNode.h:
3049         (WebCore::AudioDestinationNode::resume):
3050         (WebCore::AudioDestinationNode::suspend):
3051         (WebCore::AudioDestinationNode::close):
3052
3053 2016-07-18  Frederic Wang  <fwang@igalia.com>
3054
3055         Move parsing of subscriptshift and superscriptshift from rendering to element classes
3056         https://bugs.webkit.org/show_bug.cgi?id=159622
3057
3058         Reviewed by Darin Adler.
3059
3060         We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
3061         mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
3062         subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
3063         attribute parsing to the DOM (bug 156536).
3064
3065         No new tests, rendering is unchanged.
3066
3067         * CMakeLists.txt: Add MathMLScriptsElement files.
3068         * WebCore.xcodeproj/project.pbxproj: Ditto.
3069         * mathml/MathMLAllInOne.cpp: Ditto.
3070         * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
3071         (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
3072         * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
3073         parsing for the subscriptshift and superscriptshift MathML lengths.
3074         (WebCore::MathMLScriptsElement::MathMLScriptsElement):
3075         (WebCore::MathMLScriptsElement::create):
3076         (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
3077         parsing the attribute again if necessary.
3078         (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
3079         (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
3080         (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
3081         * mathml/MathMLScriptsElement.h: Ditto.
3082         * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
3083         * rendering/mathml/RenderMathMLScripts.cpp:
3084         (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
3085         MathMLScriptsElement.
3086         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
3087         using the functions from the MathMLScriptsElement class.
3088         * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
3089
3090 2016-07-18  Frederic Wang  <fwang@igalia.com>
3091
3092         Do not store gap and shift parameters on RenderMathMLFraction
3093         https://bugs.webkit.org/show_bug.cgi?id=159876
3094
3095         Reviewed by Darin Adler.
3096
3097         After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
3098         do not need to store them on the class. We remove them and split updateLayoutParameters into
3099         three functions: one to update the linethickness and two others to retrieve the fraction and
3100         stack respectively.
3101
3102         No new tests, rendering is unchanged.
3103
3104         * rendering/mathml/RenderMathMLFraction.cpp:
3105         (WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
3106         (WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
3107         (WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
3108         (WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
3109         for fraction and stack parameters.
3110         (WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
3111         * rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
3112         for stack and fraction parameters.
3113
3114 2016-07-18  Chris Dumez  <cdumez@apple.com>
3115
3116         input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
3117         https://bugs.webkit.org/show_bug.cgi?id=159908
3118
3119         Reviewed by Alex Christensen.
3120
3121         input.formEnctype / formMethod and button.formEnctype / formMethod / type
3122         should treat null as "null" String:
3123         - https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
3124         - https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement
3125
3126         In WebKit, we would treat null as a null String which would end up
3127         removing the corresponding attribute. This does not match the
3128         specification. Firefox and Chrome match the specification here.
3129
3130         Tests:
3131         - fast/dom/HTMLButtonElement/null-handling.html
3132         - fast/dom/HTMLInputElement/null-handling.html
3133
3134         * html/HTMLButtonElement.idl:
3135         * html/HTMLInputElement.idl:
3136
3137 2016-07-18  Alex Christensen  <achristensen@webkit.org>
3138
3139         webbookmarksd needs to use the same AppCache directory as MobileSafari
3140         https://bugs.webkit.org/show_bug.cgi?id=159912
3141
3142         Reviewed by Alexey Proskuryakov.
3143
3144         No new tests.  This only changes behavior for webbookmarksd.
3145
3146         * platform/RuntimeApplicationChecks.h:
3147         * platform/RuntimeApplicationChecks.mm:
3148         (WebCore::IOSApplication::isWebBookmarksD): Added.
3149
3150 2016-07-18  Chris Dumez  <cdumez@apple.com>
3151
3152         EventTarget.dispatchEvent() parameter should not be nullable
3153         https://bugs.webkit.org/show_bug.cgi?id=159897
3154
3155         Reviewed by Benjamin Poulain.
3156
3157         EventTarget.dispatchEvent() parameter should not be nullable:
3158         - https://dom.spec.whatwg.org/#interface-eventtarget
3159
3160         Even though the parameter was marked as nullable in our IDL, our
3161         implementation does a null check and we already throw a TypeError
3162         when calling dispatchEvent(null).
3163
3164         Update our IDL so that it matches the specification and so that
3165         the null check is generated in the bindings instead.
3166
3167         No new tests, rebaseline existing tests.
3168
3169         * dom/EventTarget.cpp:
3170         (WebCore::EventTarget::dispatchEventForBindings):
3171         * dom/EventTarget.h:
3172         * dom/EventTarget.idl:
3173
3174 2016-07-18  Chris Dumez  <cdumez@apple.com>
3175
3176         DocType's publicId / systemId should not be nullable
3177         https://bugs.webkit.org/show_bug.cgi?id=159901
3178
3179         Reviewed by Benjamin Poulain.
3180
3181         DocType's publicId / systemId should not be nullable. While they were
3182         not marked as nullable in our IDL, they could be stored as null Strings
3183         in our implementation depending on how the Node was constructed. This
3184         led to subtle bugs where String() != emptyString().
3185
3186         In particular, Node.isEqualNode() would return false when DocumentType
3187         nodes would mismatch because of their publicId / systemId being null
3188         instead of the emptyString.
3189
3190         Serialization would DocumentType nodes would also be wrong when
3191         publicId / systemId were empty Strings instead of null strings. The
3192         new behavior now matches:
3193         - https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)
3194
3195         To address these issues, we now always store publicId / systemId as
3196         non-null Strings inside the DocumentType class.
3197
3198         Test: fast/dom/DocumentType/isEqualNode.html
3199
3200         * dom/DocumentType.cpp:
3201         (WebCore::DocumentType::DocumentType):
3202         * editing/MarkupAccumulator.cpp:
3203         (WebCore::MarkupAccumulator::appendDocumentType):
3204
3205 2016-07-18  Jeremy Jones  <jeremyj@apple.com>
3206
3207         If previous media session interruptions were prevented, still allow subsequent interruptions to try.
3208         https://bugs.webkit.org/show_bug.cgi?id=157553
3209         rdar://problem/25740804
3210
3211         Reviewed by Eric Carlson.
3212
3213         Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html
3214
3215         When suspending under lock on iOS, there is first a resign active event, then a
3216         suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
3217         suspend under lock to interrupt playback.
3218
3219         Currently if there are nested interruptions only the first one is acted upon.
3220
3221         This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
3222         previous interruptions were ignored.
3223
3224         This test is for iPad only, so it must be run manually.
3225
3226         * html/HTMLMediaElement.cpp:
3227         (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
3228         * platform/audio/PlatformMediaSession.cpp:
3229         (WebCore::PlatformMediaSession::beginInterruption):
3230         * testing/Internals.cpp:
3231         (WebCore::Internals::beginMediaSessionInterruption):
3232
3233 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
3234
3235         Don't associate form-associated elements with forms in other trees.
3236         https://bugs.webkit.org/show_bug.cgi?id=119451
3237         <rdar://problem/27382946>
3238
3239         Change is based on the Blink change (patch by <adamk@chromium.org>):
3240         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
3241
3242         Reviewed by Chris Dumez.
3243
3244         Prevent elements from being associated with forms that are not part of the same home subtree.
3245         This brings us in line with the WhatWG HTML specification as of September, 2013.
3246
3247         Tests: fast/forms/image-disconnected-during-parse.html
3248                fast/forms/input-disconnected-during-parse.html
3249
3250         * dom/Element.h:
3251         (WebCore::Node::rootElement): Added.
3252         * html/FormAssociatedElement.cpp:
3253         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
3254         is not part of the same tree, remove the association.
3255         * html/HTMLImageElement.cpp:
3256         (WebCore::HTMLImageElement::insertedInto): Ditto.
3257
3258 2016-07-18  Anders Carlsson  <andersca@apple.com>
3259
3260         WebKit nightly fails to build on macOS Sierra
3261         https://bugs.webkit.org/show_bug.cgi?id=159902
3262         rdar://problem/27365672
3263
3264         Reviewed by Tim Horton.
3265
3266         * Modules/applepay/cocoa/PaymentCocoa.mm:
3267         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
3268         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
3269         * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
3270         Use new PassKitSPI header.
3271
3272         * WebCore.xcodeproj/project.pbxproj:
3273         Add new PassKitSPI header.
3274
3275         * icu/unicode/ucurr.h: Added.
3276         Add ucurr.h from ICU.
3277
3278         * platform/spi/cocoa/PassKitSPI.h: Added.
3279         Add new PassKitSPI header.
3280
3281 2016-07-18  Dean Jackson  <dino@apple.com>
3282
3283         REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
3284         https://bugs.webkit.org/show_bug.cgi?id=159906
3285         <rdar://problem/27391725>
3286
3287         Reviewed by Simon Fraser.
3288
3289         The fix for webkit.org/b/157569 in r200769 broke AMP pages.
3290         The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.
3291
3292         Revert them both until we have better testing.
3293
3294         * css/CSSParser.cpp:
3295         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
3296         (WebCore::CSSParser::parseValue):
3297         (WebCore::CSSParser::parseAnimationShorthand):
3298         (WebCore::CSSParser::parseTransitionShorthand): Deleted.
3299         * css/CSSPropertyNames.in:
3300         * css/PropertySetCSSStyleDeclaration.cpp:
3301         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
3302         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
3303         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
3304         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
3305         * css/StyleProperties.cpp:
3306         (WebCore::MutableStyleProperties::removeShorthandProperty):
3307         (WebCore::MutableStyleProperties::removeProperty):
3308         (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
3309         (WebCore::MutableStyleProperties::setProperty):
3310         (WebCore::getIndexInShorthandVectorForPrefixingVariant):
3311         (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
3312         (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
3313         (WebCore::StyleProperties::asText): Deleted.
3314         * css/StyleProperties.h:
3315
3316 2016-07-18  Andreas Kling  <akling@apple.com>
3317
3318         There should be a way to simulate memory pressure in layout tests
3319         <https://webkit.org/b/159743>
3320
3321         Reviewed by Simon Fraser.
3322
3323         Add three window.internal APIs:
3324
3325             - boolean isUnderMemoryPressure (readonly attribute)
3326             - void beginSimulatedMemoryPressure()
3327             - void endSimulatedMemoryPressure()
3328
3329         These make it possible to write tests that exercise behaviors that only
3330         occur during memory pressure situations.
3331
3332         I also implemented the "org.WebKit.lowMemory" notification handler using the new API.
3333
3334         Test: memory/memory-pressure-simulation.html
3335
3336         * platform/MemoryPressureHandler.cpp:
3337         (WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
3338         (WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):
3339         * platform/MemoryPressureHandler.h:
3340         (WebCore::MemoryPressureHandler::isUnderMemoryPressure):
3341         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
3342         (WebCore::MemoryPressureHandler::platformReleaseMemory):
3343         (WebCore::MemoryPressureHandler::install):
3344         * testing/Internals.cpp:
3345         (WebCore::Internals::isUnderMemoryPressure):
3346         (WebCore::Internals::beginSimulatedMemoryPressure):
3347         (WebCore::Internals::endSimulatedMemoryPressure):
3348         * testing/Internals.h:
3349         * testing/Internals.idl:
3350
3351 2016-07-18  Said Abou-Hallawa  <sabouhallawa@apple,com>
3352
3353         [iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
3354         https://bugs.webkit.org/show_bug.cgi?id=158715
3355
3356         Reviewed by Dean Jackson.
3357
3358         Test: fast/images/displaced-non-cached-pdf.html
3359
3360         For iOS, we need to ensure the size of the cached PDF images will not
3361         exceed some limit. Also we should be caching only a sub image of the PDF
3362         if caching the whole image will exceed the memory limit.
3363
3364         * page/Settings.cpp:
3365         (WebCore::Settings::Settings):
3366         (WebCore::Settings::setCachedPDFImageEnabled):
3367         * page/Settings.h:
3368         (WebCore::Settings::isCachedPDFImageEnabled):
3369             Add an option to disable caching the PDF images.
3370
3371         * platform/graphics/cg/PDFDocumentImage.cpp:
3372         (WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
3373             Allow the caller of draw() to disable caching the PDF images.
3374         
3375         (WebCore::PDFDocumentImage::cacheParametersMatch):
3376             Match the context dirty rectangle with the cached image rectangle.
3377         
3378         (WebCore::transformContextForPainting):
3379             When preparing the context for drawing the PDF, take the location 
3380             of the destination rectangle into account. We do not need to scale
3381             the location of the source rectangle because we scale the size of
3382             the rectangle but we don't scale the whole coordinate system.
3383
3384         (WebCore::cachedImageRect):
3385             Calculate the rectangle of the cached image such that it does not
3386             exceed the limit. Start from the center of the dirty rectangle and
3387             then expand around it.
3388             
3389         (WebCore::PDFDocumentImage::decodedSizeChanged):
3390             In addition to notifying the ImageObserver, it keeps track of the size
3391             of all the cached PDF images.
3392
3393         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
3394             Ensure the size of all the cached images does not exceed the limit
3395             
3396         (WebCore::PDFDocumentImage::destroyDecodedData):
3397         * platform/graphics/cg/PDFDocumentImage.h:
3398
3399         * rendering/RenderImage.cpp:
3400         (WebCore::RenderImage::paintIntoRect):
3401             Pass the option to disable caching the PDF images to PDFDocumentImage.
3402
3403         * testing/InternalSettings.cpp:
3404         (WebCore::InternalSettings::Backup::Backup):
3405         (WebCore::InternalSettings::Backup::restoreTo):
3406         (WebCore::InternalSettings::setCachedPDFImageEnabled):
3407         * testing/InternalSettings.h:
3408         * testing/InternalSettings.idl:
3409             Add an internal option to disable caching the PDF images.
3410
3411 2016-07-18  Chris Dumez  <cdumez@apple.com>
3412
3413         The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
3414         https://bugs.webkit.org/show_bug.cgi?id=158008
3415
3416         Reviewed by Darin Adler.
3417
3418         The 2 first parameters to addEventListener() / removeEventListener() should be
3419         mandatory:
3420         - https://dom.spec.whatwg.org/#interface-eventtarget
3421
3422         Firefox 46 and Chrome 50 both match the specification and throw an exception when those
3423         parameters are omitted. However, those parameters were marked as optional in WebKit and
3424         the calls were no-ops if those parameters were omitted. This patch aligns our behavior
3425         with the specification and other browsers.
3426
3427         Test: fast/dom/eventtarget-api-parameters.html
3428
3429         * bindings/scripts/CodeGeneratorJS.pm:
3430         (GetFunctionLength): Deleted.
3431         * dom/EventTarget.idl:
3432
3433 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
3434
3435         Unreviewed, rolling out r203373.
3436
3437         Unaddressed
3438
3439         Reverted changeset:
3440
3441         "Don't associate form-associated elements with forms in other
3442         trees."
3443         https://bugs.webkit.org/show_bug.cgi?id=119451
3444         http://trac.webkit.org/changeset/203373
3445
3446 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
3447
3448         Don't associate form-associated elements with forms in other trees.
3449         https://bugs.webkit.org/show_bug.cgi?id=119451
3450         <rdar://problem/27382946>
3451
3452         Change is based on the Blink change (patch by <adamk@chromium.org>):
3453         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
3454
3455         Reviewed by Zalan Bujtas.
3456
3457         Prevent elements from being associated with forms that are not part of the same home subtree.
3458         This brings us in line with the WhatWG HTML specification as of September, 2013.
3459
3460         Tests: fast/forms/image-disconnected-during-parse.html
3461                fast/forms/input-disconnected-during-parse.html
3462
3463         * dom/NodeTraversal.h:
3464         (WebCore::NodeTraversal::highestAncestorOrSelf): Added.
3465         * html/FormAssociatedElement.cpp:
3466         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
3467         is not part of the same tree, remove the association.
3468         * html/HTMLImageElement.cpp:
3469         (WebCore::HTMLImageElement::insertedInto): Ditto.
3470
3471 2016-07-18  George Ruan  <gruan@apple.com>
3472
3473         Move MediaSampleAVFObjC into its own file
3474         https://bugs.webkit.org/show_bug.cgi?id=159796
3475         <rdar://problem/27362488>
3476
3477         In preparation for a feature that uses MediaSampleAVFObjC, but does
3478         not need SourceBufferPrivateAVFObjC, it is beneficial to move
3479         MediaSampleAVFObjC to its own file.
3480
3481         Reviewed by Eric Carlson.
3482
3483         * WebCore.xcodeproj/project.pbxproj:
3484         * platform/MediaSample.h: Allow setting trackID to associate
3485         MediaSample id with MediaStreamTrackPrivate id.
3486         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Added.
3487         * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm: Moved
3488         from MediaSampleAVFObjC
3489         (WebCore::MediaSampleAVFObjC::presentationTime):
3490         (WebCore::MediaSampleAVFObjC::decodeTime):
3491         (WebCore::MediaSampleAVFObjC::duration):
3492         (WebCore::MediaSampleAVFObjC::sizeInBytes):
3493         (WebCore::MediaSampleAVFObjC::platformSample):
3494         (WebCore::CMSampleBufferIsRandomAccess):
3495         (WebCore::MediaSampleAVFObjC::flags):
3496         (WebCore::MediaSampleAVFObjC::presentationSize):
3497         (WebCore::MediaSampleAVFObjC::dump):
3498         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy):
3499         (WebCore::MediaSampleAVFObjC::setTimestamps):
3500         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
3501         Moved MediaSampleAVFObjC to its own file.
3502         (WebCore::MediaSampleAVFObjC::platformSample): Deleted.
3503         (WebCore::CMSampleBufferIsRandomAccess): Deleted.
3504         (WebCore::MediaSampleAVFObjC::flags): Deleted.
3505         (WebCore::MediaSampleAVFObjC::presentationSize): Deleted.
3506         (WebCore::MediaSampleAVFObjC::dump): Deleted.
3507         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Deleted.
3508         (WebCore::MediaSampleAVFObjC::setTimestamps): Deleted.
3509         * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
3510
3511 2016-07-18  Eric Carlson  <eric.carlson@apple.com>
3512
3513         [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
3514         https://bugs.webkit.org/show_bug.cgi?id=159812
3515         <rdar://problem/27371624>
3516
3517         Reviewed by Jon Lee.
3518
3519         No new tests, it isn't possible to test this with our current testing infrastructure.
3520
3521         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
3522         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
3523         (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
3524         been an HDCP error.
3525         (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.
3526
3527 2016-07-18  Yoav Weiss  <yoav@yoav.ws>
3528
3529         Add preload to features.json
3530         https://bugs.webkit.org/show_bug.cgi?id=159872
3531
3532         Reviewed by Darin Adler.
3533
3534         No new tests but no functional change.
3535
3536         * features.json:
3537
3538 2016-07-18  Youenn Fablet  <youenn@apple.com>
3539
3540         [Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
3541         https://bugs.webkit.org/show_bug.cgi?id=159870
3542
3543         Reviewed by Xabier Rodriguez-Calvar.
3544
3545         Covered by rebased test.
3546
3547         * Modules/streams/StreamInternals.js:
3548         (validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.
3549
3550 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
3551
3552         Windows buildfix after r203338
3553         https://bugs.webkit.org/show_bug.cgi?id=159875
3554
3555         Unreviewed buildfix.
3556
3557         * dom/UserGestureIndicator.h:
3558         (WebCore::UserGestureToken::addDestructionObserver):
3559
3560 2016-07-18  Carlos Garcia Campos  <cgarcia@igalia.com>
3561
3562         MemoryPressureHandler doesn't work if cgroups aren't present in Linux
3563         https://bugs.webkit.org/show_bug.cgi?id=155255
3564
3565         Reviewed by Sergio Villar Senin.
3566
3567         Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
3568         available.
3569
3570         * platform/MemoryPressureHandler.h:
3571         * platform/linux/MemoryPressureHandlerLinux.cpp:
3572
3573 2016-07-17  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
3574
3575         Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
3576         https://bugs.webkit.org/show_bug.cgi?id=159701
3577
3578         Reviewed by Alex Christensen.
3579
3580         No new tests, no behavior changes.
3581
3582         * Modules/encryptedmedia/CDM.h:
3583         * Modules/encryptedmedia/MediaKeySession.h:
3584         * Modules/encryptedmedia/MediaKeys.h:
3585         * Modules/quota/DOMWindowQuota.cpp:
3586         * Modules/quota/StorageErrorCallback.cpp:
3587         (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
3588         * Modules/quota/StorageErrorCallback.h:
3589         * Modules/quota/StorageInfo.h:
3590         * Modules/quota/StorageQuota.h:
3591         * Modules/speech/DOMWindowSpeechSynthesis.cpp:
3592         * Modules/speech/SpeechSynthesis.cpp:
3593         (WebCore::SpeechSynthesis::getVoices):
3594         (WebCore::SpeechSynthesis::startSpeakingImmediately):
3595         (WebCore::SpeechSynthesis::speak):
3596         (WebCore::SpeechSynthesis::cancel):
3597         (WebCore::SpeechSynthesis::handleSpeakingCompleted):
3598         (WebCore::SpeechSynthesis::boundaryEventOccurred):
3599         (WebCore::SpeechSynthesis::didStartSpeaking):
3600         (WebCore::SpeechSynthesis::didPauseSpeaking):
3601         (WebCore::SpeechSynthesis::didResumeSpeaking):
3602         (WebCore::SpeechSynthesis::didFinishSpeaking):
3603         (WebCore::SpeechSynthesis::speakingErrorOccurred):
3604         * Modules/speech/SpeechSynthesis.h:
3605         * Modules/speech/SpeechSynthesisEvent.h:
3606         * Modules/speech/SpeechSynthesisUtterance.h:
3607         * Modules/speech/SpeechSynthesisVoice.cpp:
3608         (WebCore::SpeechSynthesisVoice::create):
3609         (WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):
3610         * Modules/speech/SpeechSynthesisVoice.h:
3611         * platform/PlatformSpeechSynthesizer.h:
3612         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
3613         (WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):
3614         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
3615         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
3616         (WebCore::PlatformSpeechSynthesizerMock::speak):
3617         (WebCore::PlatformSpeechSynthesizerMock::cancel):
3618         (WebCore::PlatformSpeechSynthesizerMock::pause):
3619         (WebCore::PlatformSpeechSynthesizerMock::resume):
3620
3621 2016-07-16  Sam Weinig  <sam@webkit.org>
3622
3623         [WebKit API] Add SPI to track multiple navigations caused by a single user gesture
3624         <rdar://problem/26554137>
3625         https://bugs.webkit.org/show_bug.cgi?id=159856
3626
3627         Reviewed by Dan Bernstein.
3628
3629         - Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
3630         - Makes UserGestureIndicator track UserGestureToken.
3631         - Refines UserGestureIndicator's interface to use Optional and a smaller enum set
3632           to represent the different initial states.
3633         - Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, 
3634           postMessage, and ScheduledNavigation) rather than just a boolean.
3635
3636         * accessibility/AccessibilityNodeObject.cpp:
3637         (WebCore::AccessibilityNodeObject::increment):
3638         (WebCore::AccessibilityNodeObject::decrement):
3639         * accessibility/AccessibilityObject.cpp:
3640         (WebCore::AccessibilityObject::press):
3641         * bindings/js/ScriptController.cpp:
3642         (WebCore::ScriptController::executeScriptInWorld):
3643         (WebCore::ScriptController::executeScript):
3644         Update for new UserGestureIndicator interface.
3645
3646         * dom/UserGestureIndicator.cpp:
3647         (WebCore::currentToken):
3648         (WebCore::UserGestureToken::~UserGestureToken):
3649         (WebCore::UserGestureIndicator::UserGestureIndicator):
3650         (WebCore::UserGestureIndicator::~UserGestureIndicator):
3651         (WebCore::UserGestureIndicator::currentUserGesture):
3652         (WebCore::UserGestureIndicator::processingUserGesture):
3653         (WebCore::UserGestureIndicator::processingUserGestureForMedia):
3654         (WebCore::isDefinite): Deleted.
3655         * dom/UserGestureIndicator.h:
3656         (WebCore::UserGestureToken::create):
3657         (WebCore::UserGestureToken::state):
3658         (WebCore::UserGestureToken::processingUserGesture):
3659         (WebCore::UserGestureToken::processingUserGestureForMedia):
3660         (WebCore::UserGestureToken::addDestructionObserver):
3661         (WebCore::UserGestureToken::UserGestureToken):
3662         Add UserGestureToken and track the current one explicitly.
3663
3664         * html/HTMLMediaElement.cpp:
3665         (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
3666         * inspector/InspectorFrontendClientLocal.cpp:
3667         (WebCore::InspectorFrontendClientLocal::openInNewTab):
3668         * inspector/InspectorFrontendHost.cpp:
3669         * inspector/InspectorPageAgent.cpp:
3670         (WebCore::InspectorPageAgent::navigate):
3671         Update for new UserGestureIndicator interface.
3672
3673         * loader/NavigationAction.cpp:
3674         (WebCore::NavigationAction::NavigationAction):
3675         * loader/NavigationAction.h:
3676         (WebCore::NavigationAction::userGestureToken):
3677         (WebCore::NavigationAction::processingUserGesture):
3678         * loader/NavigationScheduler.cpp:
3679         (WebCore::ScheduledNavigation::ScheduledNavigation):
3680         (WebCore::ScheduledNavigation::~ScheduledNavigation):
3681         (WebCore::ScheduledNavigation::lockBackForwardList):
3682         (WebCore::ScheduledNavigation::wasDuringLoad):
3683         (WebCore::ScheduledNavigation::isLocationChange):
3684         (WebCore::ScheduledNavigation::userGestureToForward):
3685         (WebCore::ScheduledNavigation::clearUserGesture):
3686         (WebCore::NavigationScheduler::mustLockBackForwardList):
3687         (WebCore::NavigationScheduler::scheduleFormSubmission):
3688         (WebCore::ScheduledNavigation::wasUserGesture): Deleted.
3689         * page/DOMTimer.cpp:
3690         (WebCore::shouldForwardUserGesture):
3691         (WebCore::userGestureTokenToForward):
3692         (WebCore::DOMTimer::DOMTimer):
3693         (WebCore::DOMTimer::fired):
3694         * page/DOMTimer.h:
3695         * page/DOMWindow.cpp:
3696         (WebCore::PostMessageTimer::PostMessageTimer):
3697         Store the active UserGestureToken rather than just a bit.
3698
3699         * page/EventHandler.cpp:
3700         (WebCore::EventHandler::handleMousePressEvent):
3701         (WebCore::EventHandler::handleMouseDoubleClickEvent):
3702         (WebCore::EventHandler::handleMouseReleaseEvent):
3703         (WebCore::EventHandler::keyEvent):
3704         (WebCore::EventHandler::handleTouchEvent):
3705         * rendering/HitTestResult.cpp:
3706         (WebCore::HitTestResult::toggleMediaFullscreenState):
3707         (WebCore::HitTestResult::enterFullscreenForVideo):
3708         (WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
3709         Update for new UserGestureIndicator interface.
3710
3711 2016-07-17  Ryosuke Niwa  <rniwa@webkit.org>
3712
3713         Rename fastHasAttribute to hasAttributeWithoutSynchronization
3714         https://bugs.webkit.org/show_bug.cgi?id=159864
3715
3716         Reviewed by Chris Dumez.
3717
3718         Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.
3719
3720         * accessibility/AccessibilityListBoxOption.cpp:
3721         (WebCore::AccessibilityListBoxOption::isEnabled):
3722         * accessibility/AccessibilityObject.cpp:
3723         (WebCore::AccessibilityObject::hasAttribute):
3724         (WebCore::AccessibilityObject::getAttribute):
3725         * accessibility/AccessibilityRenderObject.cpp:
3726         (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
3727         * bindings/scripts/CodeGenerator.pm:
3728         (GetterExpression):
3729         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
3730         * bindings/scripts/test/JS/JSTestObj.cpp:
3731         (WebCore::jsTestObjReflectedBooleanAttr):
3732         (WebCore::jsTestObjReflectedCustomBooleanAttr):
3733         * bindings/scripts/test/ObjC/DOMTestObj.mm:
3734         (-[DOMTestObj reflectedBooleanAttr]):
3735         (-[DOMTestObj setReflectedBooleanAttr:]):
3736         (-[DOMTestObj reflectedCustomBooleanAttr]):
3737         (-[DOMTestObj setReflectedCustomBooleanAttr:]):
3738         * dom/Document.cpp:
3739         (WebCore::Document::hasManifest):
3740         (WebCore::Document::doctype):
3741         * dom/Element.h:
3742         (WebCore::Node::parentElement):
3743         (WebCore::Element::hasAttributeWithoutSynchronization):
3744         (WebCore::Element::fastHasAttribute): Deleted.
3745         * editing/ApplyStyleCommand.cpp:
3746         (WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):
3747         * editing/DeleteSelectionCommand.cpp:
3748         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
3749         * editing/markup.cpp:
3750         (WebCore::createMarkupInternal):
3751         * html/ColorInputType.cpp:
3752         (WebCore::ColorInputType::shouldShowSuggestions):
3753         * html/FileInputType.cpp:
3754         (WebCore::FileInputType::handleDOMActivateEvent):
3755         (WebCore::FileInputType::receiveDroppedFiles):
3756         * html/FormAssociatedElement.cpp:
3757         (WebCore::FormAssociatedElement::didMoveToNewDocument):
3758         (WebCore::FormAssociatedElement::insertedInto):
3759         (WebCore::FormAssociatedElement::removedFrom):
3760         (WebCore::FormAssociatedElement::formAttributeChanged):
3761         * html/FormController.cpp:
3762         (WebCore::ownerFormForState):
3763         * html/GenericCachedHTMLCollection.cpp:
3764         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
3765         * html/HTMLAnchorElement.cpp:
3766         (WebCore::HTMLAnchorElement::draggable):
3767         (WebCore::HTMLAnchorElement::href):
3768         (WebCore::HTMLAnchorElement::sendPings):
3769         * html/HTMLAppletElement.cpp:
3770         (WebCore::HTMLAppletElement::rendererIsNeeded):
3771         * html/HTMLElement.cpp:
3772         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
3773         (WebCore::elementAffectsDirectionality):
3774         (WebCore::setHasDirAutoFlagRecursively):
3775         * html/HTMLEmbedElement.cpp:
3776         (WebCore::HTMLEmbedElement::rendererIsNeeded):
3777         * html/HTMLFieldSetElement.cpp:
3778         (WebCore::updateFromControlElementsAncestorDisabledStateUnder):
3779         (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
3780         (WebCore::HTMLFieldSetElement::disabledStateChanged):
3781         (WebCore::HTMLFieldSetElement::childrenChanged):
3782         * html/HTMLFormControlElement.cpp:
3783         (WebCore::HTMLFormControlElement::formNoValidate):
3784         (WebCore::HTMLFormControlElement::formAction):
3785         (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
3786         (WebCore::shouldAutofocus):
3787         * html/HTMLFormElement.cpp:
3788         (WebCore::HTMLFormElement::formElementIndex):
3789         (WebCore::HTMLFormElement::noValidate):
3790         * html/HTMLFrameElement.cpp:
3791         (WebCore::HTMLFrameElement::noResize):
3792         (WebCore::HTMLFrameElement::didAttachRenderers):
3793         * html/HTMLFrameElementBase.cpp:
3794         (WebCore::HTMLFrameElementBase::parseAttribute):
3795         (WebCore::HTMLFrameElementBase::location):
3796         * html/HTMLHRElement.cpp:
3797         (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
3798         * html/HTMLImageElement.cpp:
3799         (WebCore::HTMLImageElement::isServerMap):
3800         * html/HTMLInputElement.cpp:
3801         (WebCore::HTMLInputElement::finishParsingChildren):
3802         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
3803         (WebCore::HTMLInputElement::isActivatedSubmit):
3804         (WebCore::HTMLInputElement::reset):
3805         (WebCore::HTMLInputElement::multiple):
3806         (WebCore::HTMLInputElement::setSize):
3807         (WebCore::HTMLInputElement::shouldUseMediaCapture):
3808         * html/HTMLMarqueeElement.cpp:
3809         (WebCore::HTMLMarqueeElement::minimumDelay):
3810         * html/HTMLMediaElement.cpp:
3811         (WebCore::HTMLMediaElement::insertedInto):
3812         (WebCore::HTMLMediaElement::selectMediaResource):
3813         (WebCore::HTMLMediaElement::loadResource):
3814         (WebCore::HTMLMediaElement::autoplay):
3815         (WebCore::HTMLMediaElement::preload):
3816         (WebCore::HTMLMediaElement::loop):
3817         (WebCore::HTMLMediaElement::setLoop):
3818         (WebCore::HTMLMediaElement::controls):
3819         (WebCore::HTMLMediaElement::setControls):
3820         (WebCore::HTMLMediaElement::muted):
3821         (WebCore::HTMLMediaElement::setMuted):
3822         (WebCore::HTMLMediaElement::selectNextSourceChild):
3823         (WebCore::HTMLMediaElement::sourceWasAdded):
3824         (WebCore::HTMLMediaElement::mediaSessionTitle):
3825         * html/HTMLObjectElement.cpp:
3826         (WebCore::HTMLObjectElement::parseAttribute):
3827         * html/HTMLOptGroupElement.cpp:
3828         (WebCore::HTMLOptGroupElement::isDisabledFormControl):
3829         (WebCore::HTMLOptGroupElement::isFocusable):
3830         * html/HTMLOptionElement.cpp:
3831         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
3832         (WebCore::HTMLOptionElement::text):
3833         * html/HTMLProgressElement.cpp:
3834         (WebCore::HTMLProgressElement::isDeterminate):
3835         (WebCore::HTMLProgressElement::didElementStateChange):
3836         * html/HTMLScriptElement.cpp:
3837         (WebCore::HTMLScriptElement::async):
3838         (WebCore::HTMLScriptElement::setCrossOrigin):
3839         (WebCore::HTMLScriptElement::asyncAttributeValue):
3840         (WebCore::HTMLScriptElement::deferAttributeValue):
3841         (WebCore::HTMLScriptElement::hasSourceAttribute):
3842         (WebCore::HTMLScriptElement::dispatchLoadEvent):
3843         * html/HTMLSelectElement.cpp:
3844         (WebCore::HTMLSelectElement::reset):
3845         * html/HTMLTrackElement.cpp:
3846         (WebCore::HTMLTrackElement::isDefault):
3847         (WebCore::HTMLTrackElement::ensureTrack):
3848         (WebCore::HTMLTrackElement::loadTimerFired):
3849         * html/MediaElementSession.cpp:
3850         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
3851         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
3852         (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading):
3853         * html/SearchInputType.cpp:
3854         (WebCore::SearchInputType::searchEventsShouldBeDispatched):
3855         (WebCore::SearchInputType::didSetValueByUserEdit):
3856         * inspector/InspectorDOMAgent.cpp:
3857         (WebCore::InspectorDOMAgent::buildObjectForNode):
3858         * loader/FrameLoader.cpp:
3859         (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
3860         (WebCore::FrameLoader::findFrameForNavigation):
3861         * loader/ImageLoader.cpp:
3862         (WebCore::ImageLoader::notifyFinished):
3863         * mathml/MathMLSelectElement.cpp:
3864         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
3865         * rendering/RenderTableCell.cpp:
3866         (WebCore::RenderTableCell::computePreferredLogicalWidths):
3867         * rendering/RenderThemeIOS.mm:
3868         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
3869         * rendering/SimpleLineLayout.cpp:
3870         (WebCore::SimpleLineLayout::canUseForWithReason):
3871         * rendering/svg/RenderSVGResourceClipper.cpp:
3872         (WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):
3873         * svg/SVGAnimateMotionElement.cpp:
3874         (WebCore::SVGAnimateMotionElement::updateAnimationPath):
3875         * svg/SVGAnimationElement.cpp:
3876         (WebCore::SVGAnimationElement::startedActiveInterval):
3877         (WebCore::SVGAnimationElement::updateAnimation):
3878         * svg/animation/SVGSMILElement.cpp:
3879         (WebCore::SVGSMILElement::insertedInto):
3880
3881 2016-07-17  Brady Eidson  <beidson@apple.com>
3882
3883         Exceptions logged to the JS console should use toString().
3884         https://bugs.webkit.org/show_bug.cgi?id=159855
3885
3886         Reviewed by Darin Adler.
3887
3888         No new tests (No change in behavior).
3889
3890         * bindings/js/JSDOMBinding.cpp:
3891         (WebCore::reportException):
3892
3893         * dom/DOMCoreException.h:
3894         (WebCore::DOMCoreException::DOMCoreException):
3895
3896         * dom/ExceptionBase.cpp:
3897         (WebCore::ExceptionBase::ExceptionBase):
3898         (WebCore::ExceptionBase::toString):
3899         (WebCore::ExceptionBase::consoleErrorMessage): Deleted.
3900         * dom/ExceptionBase.h:
3901         (WebCore::ExceptionBase::description): Deleted.
3902
3903         * svg/SVGException.h:
3904
3905         * xml/XPathException.h:
3906         (WebCore::XPathException::XPathException):
3907
3908 2016-07-17  Brady Eidson  <beidson@apple.com>
3909
3910         Update DOMCoreException to use the description in toString().
3911         https://bugs.webkit.org/show_bug.cgi?id=159857
3912
3913         Reviewed by Darin Adler.
3914
3915         No new tests (Covered by changes to existing tests).
3916
3917         * bindings/js/JSDOMBinding.cpp:
3918         (WebCore::createDOMException):
3919
3920         * dom/DOMCoreException.h:
3921         (WebCore::DOMCoreException::DOMCoreException):
3922         (WebCore::DOMCoreException::createWithDescriptionAsMessage): Deleted.
3923
3924 2016-07-17  Myles C. Maxfield  <mmaxfield@apple.com>
3925
3926         Support new emoji group candidates
3927         https://bugs.webkit.org/show_bug.cgi?id=159755
3928         <rdar://problem/27325521>
3929
3930         Reviewed by Dean Jackson.
3931
3932         There are a few code points which should be able to be joined (with ZWJ) to
3933         either U+2640 or U+2642 to change the gender of the emoji. These patterns
3934         should also work with an additional 0xFE0F variation selector. This patch
3935         adds these new patterns to our existing emoji group candidate infrastructure.
3936
3937         Tests: fast/text/emoji-gender-2-3.html
3938                fast/text/emoji-gender-2-4.html
3939                fast/text/emoji-gender-2-5.html
3940                fast/text/emoji-gender-2-6.html
3941                fast/text/emoji-gender-2-7.html
3942                fast/text/emoji-gender-2-8.html
3943                fast/text/emoji-gender-2-9.html
3944                fast/text/emoji-gender-2.html
3945                fast/text/emoji-gender-3.html
3946                fast/text/emoji-gender-4.html
3947                fast/text/emoji-gender-5.html
3948                fast/text/emoji-gender-6.html
3949                fast/text/emoji-gender-7.html
3950                fast/text/emoji-gender-8.html
3951                fast/text/emoji-gender-9.html
3952                fast/text/emoji-gender-fe0f-3.html
3953                fast/text/emoji-gender-fe0f-4.html
3954                fast/text/emoji-gender-fe0f-5.html
3955                fast/text/emoji-gender-fe0f-6.html
3956                fast/text/emoji-gender-fe0f-7.html
3957                fast/text/emoji-gender-fe0f-8.html
3958                fast/text/emoji-gender-fe0f-9.html
3959                fast/text/emoji-gender.html
3960                fast/text/emoji-num-glyphs.html
3961                fast/text/emoji-single-parent-family-2.html
3962                fast/text/emoji-single-parent-family.html
3963
3964         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
3965         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.