Fix null handling of SVGAngle/SVGLength.valueAsString attribute
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-21  Chris Dumez  <cdumez@apple.com>
2
3         Fix null handling of SVGAngle/SVGLength.valueAsString attribute
4         https://bugs.webkit.org/show_bug.cgi?id=160025
5
6         Reviewed by Ryosuke Niwa.
7
8         Fix null handling of SVGAngle/SVGLength.valueAsString attribute
9         to match the specification:
10         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGAngle
11         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGLength
12
13         In particular, this patch drops [TreatNullAs=EmptyString] IDL
14         extended attribute from this attribute. This is not supposed
15         to change behavior given that both "" and "null" are invalid
16         numbers and the specification says to throw a SYNTAX_ERR in
17         this case.
18
19         However, WebKit currently ignores assignments to "" instead
20         of throwing. As a result, assigning to null will now throw
21         instead of being ignored. The compatibility risk should be
22         low because both Firefox and Chrome throw when assigning
23         null.
24
25         I did not change the behavior when assigning to "" because
26         it is a bit out of scope for this patch and browsers to not
27         seem to agree:
28         - Firefox throws
29         - Chrome set value to "0"
30         - WebKit ignores the assignment
31
32         The specification seems to agree with Firefox as far as I
33         can tell given that "" is not a valid number as per:
34         - https://www.w3.org/TR/css3-values/#numbers
35
36         Test: svg/dom/valueAsString-null.html
37
38         * svg/SVGAngle.idl:
39         * svg/SVGLength.idl:
40
41 2016-07-21  Chris Dumez  <cdumez@apple.com>
42
43         Fix null handling of HTMLFontElement.color
44         https://bugs.webkit.org/show_bug.cgi?id=160036
45
46         Reviewed by Ryosuke Niwa.
47
48         Fix null handling of HTMLFontElement.color to match the specification:
49         - https://html.spec.whatwg.org/#htmlfontelement
50
51         We are supposed to treat null as the empty string. Both Firefox and
52         Chrome agree with the specification.
53
54         No new tests, rebaselined existing tests.
55
56         * html/HTMLFontElement.idl:
57
58 2016-07-21  Chris Dumez  <cdumez@apple.com>
59
60         Fix null handling for several HTMLTableElement attributes
61         https://bugs.webkit.org/show_bug.cgi?id=160041
62
63         Reviewed by Ryosuke Niwa.
64
65         Fix null handling for several HTMLTableElement attributes to match the
66         specification:
67         - https://html.spec.whatwg.org/#HTMLTableElement-partial
68
69         The attributes in question are 'bicolor', 'cellSpacing' and
70         'cellPadding'. We are supposed to treat null as the empty string for
71         these attributes.
72
73         Firefox and Chrome both agree with the specification.
74
75         No new tests, rebaselined existing tests.
76
77         * html/HTMLTableElement.idl:
78
79 2016-07-21  Chris Dumez  <cdumez@apple.com>
80
81         Fix null handling for HTMLObjectElement.border
82         https://bugs.webkit.org/show_bug.cgi?id=160040
83
84         Reviewed by Ryosuke Niwa.
85
86         Fix null handling for HTMLObjectElement.border to match the specification:
87         - https://html.spec.whatwg.org/#HTMLObjectElement-partial
88
89         We are supposed to treat null as the empty string.
90
91         Both Firefox and Chrome agree with the specification.
92
93         No new tests, rebaselined existing tests.
94
95         * html/HTMLObjectElement.idl:
96
97 2016-07-21  Chris Dumez  <cdumez@apple.com>
98
99         Fix null handling for td.bgColor / tr.bgColor
100         https://bugs.webkit.org/show_bug.cgi?id=160043
101
102         Reviewed by Ryosuke Niwa.
103
104         Fix null handling for td.bgColor / tr.bgColor to match the
105         specification:
106         - https://html.spec.whatwg.org/#HTMLTableCellElement-partial
107         - https://html.spec.whatwg.org/#HTMLTableRowElement-partial
108
109         We are supposed to treat null as the empty string.
110
111         Firefox and Chrome both agree with the specification.
112
113         No new tests, rebaselined existing tests.
114
115         * html/HTMLTableCellElement.idl:
116         * html/HTMLTableRowElement.idl:
117
118 2016-07-21  Chris Dumez  <cdumez@apple.com>
119
120         Fix null handling for several HTMLBodyElement attributes
121         https://bugs.webkit.org/show_bug.cgi?id=160044
122
123         Reviewed by Ryosuke Niwa.
124
125         Fix null handling for several HTMLBodyElement attributes to match the
126         specification:
127         - https://html.spec.whatwg.org/#HTMLBodyElement-partial
128
129         The attributes in question are: 'text', 'link', 'vlink', 'alink' and
130         'bgcolor'.
131
132         We are supposed to treat null as the empty string for these attributes.
133
134         Firefox and Chrome both agree with the specification.
135
136         No new tests, rebaselined existing tests.
137
138         * html/HTMLBodyElement.idl:
139
140 2016-07-21  Chris Dumez  <cdumez@apple.com>
141
142         Fix null handling for HTMLIFrameElement.marginWidth / marginHeight
143         https://bugs.webkit.org/show_bug.cgi?id=160037
144
145         Reviewed by Ryosuke Niwa.
146
147         Fix null handling for HTMLIFrameElement.marginWidth / marginHeight to
148         match the specification:
149         - https://html.spec.whatwg.org/#HTMLIFrameElement-partial
150
151         We are supposed to treat null as the empty string. Both Firefox and
152         Chrome agree with the specification.
153
154         No new tests, rebaselined existing tests.
155
156         * html/HTMLIFrameElement.idl:
157
158 2016-07-21  Chris Dumez  <cdumez@apple.com>
159
160         Fix null handling for HTMLImageElement.border
161         https://bugs.webkit.org/show_bug.cgi?id=160039
162
163         Reviewed by Ryosuke Niwa.
164
165         Fix null handling for HTMLImageElement.border to match the specification:
166         - https://html.spec.whatwg.org/#HTMLImageElement-partial
167
168         We are supposed to treat null as the empty string.
169
170         Both Firefox and Chrome agree with the specification.
171
172         No new tests, rebaselined existing tests.
173
174         * html/HTMLImageElement.idl:
175
176 2016-07-21  Daniel Bates  <dabates@apple.com>
177
178         REGRESSION: Plugin replaced YouTube Flash videos always have the same width
179         https://bugs.webkit.org/show_bug.cgi?id=159998
180         <rdar://problem/27462285>
181
182         Reviewed by Simon Fraser.
183
184         Fixes an issue where the width of a plugin replaced YouTube video loaded via an HTML embed
185         element would always have the same width regardless of value of the width attribute.
186
187         For YouTube Flash videos the YouTube plugin replacement substitutes a shadow DOM subtree
188         for the default renderer of an HTML embed element. The root of this shadow DOM subtree
189         is an HTML div element. Currently we set inline styles on this <div> when it is instantiated.
190         In particular, we set inline display and position to "inline-block" and "relative", respectively,
191         and set an invalid height and width (we specify a font weight value instead of a CSS length value
192         - this causes an ASSERT_NOT_REACHED() assertion failure in StyleBuilderConverter::convertLengthSizing()
193         in a debug build). These styles never worked as intended and we ultimately created an inline
194         renderer (ignoring display "inline-block") that had auto width and height. Instead it is sufficient
195         to remove all these inline styles and create a RenderBlockFlow renderer for this <div> so that it
196         renders as a block, non-replaced element to achieve the intended illusion that the <embed> is a
197         single element.
198
199         * html/shadow/YouTubeEmbedShadowElement.cpp: Remove unused header HTMLEmbedElement.h and include
200         header RenderBlockFlow.h. Also update copyright in license block.
201         (WebCore::YouTubeEmbedShadowElement::YouTubeEmbedShadowElement): Remove inline styles as these
202         never worked as intended.
203         (WebCore::YouTubeEmbedShadowElement::createElementRenderer): Override; create a block-flow
204         renderer for us so that we layout as a block, non-replaced element.
205         * html/shadow/YouTubeEmbedShadowElement.h:
206
207 2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>
208
209         [iPhone] Playing a video on tudou.com plays only sound, no video
210         https://bugs.webkit.org/show_bug.cgi?id=159967
211         <rdar://problem/26964090>
212
213         Reviewed by Jon Lee, Jeremy Jones, and Anders Carlsson.
214
215         WebKit recently starting honoring the playsinline and webkit-playsinline
216         attribute on iPhones. However, because these attributes previously did
217         nothing, some sites (such as Todou) were setting them on their content
218         and expecting that they are not honored. In this specific case, the
219         video is absolutely positioned to be 1 pixel x 1 pixel.
220
221         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
222         property on their WKWebView, which would honor the webkit-playsinline
223         attribute. Safari on iPhones didn't do this.
224
225         In order to not break these existing apps, it's important that the
226         allowsInlineMediaPlayback preference still allows webkit-playsinline
227         videos to play inline in apps using WKWebView. However, in Safari, these
228         videos should play fullscreen. (Todou videos have webkit-playsinline
229         but not playsinline.)
230
231         Therefore, in Safari, videos with playsinline should be inline, but
232         videos with webkit-playsinline should be fullscreen. In apps using
233         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
234         playsinline should be inline, and videos with webkit-playsinline should
235         also be inline. Videos on iPad and Mac should all be inline by default.
236
237         We can create some truth tables for the cases which need to be covered:
238
239         All apps on Mac / iPad:
240         Presence of playsinline | Presence of webkit-playsinline | Result
241         ========================|================================|===========
242         Not present             | Not present                    | Inline
243         Present                 | Not present                    | Inline
244         Not Present             | Present                        | Inline
245         Present                 | Present                        | Inline
246
247         Safari on iPhone:
248         Presence of playsinline | Presence of webkit-playsinline | Result
249         ========================|================================|===========
250         Not present             | Not present                    | Fullscreen
251         Present                 | Not present                    | Inline
252         Not Present             | Present                        | Fullscreen
253         Present                 | Present                        | Inline
254
255         App on iPhone which sets allowsInlineMediaPlayback:
256         Presence of playsinline | Presence of webkit-playsinline | Result
257         ========================|================================|===========
258         Not present             | Not present                    | Fullscreen
259         Present                 | Not present                    | Inline
260         Not Present             | Present                        | Inline
261         Present                 | Present                        | Inline
262
263         The way to distinguish Safari from another app is to create an SPI
264         boolean preference which Safari can set. This is already how the
265         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
266         which Safari sets but other apps don't. However, this preference is
267         no longer sufficient because Safari should now be discriminating
268         between the playsinline and webkit-playsinline attributes. Therefore,
269         this preference should be extended to two boolean preferences, which
270         this patch adds:
271
272         allowsInlineMediaPlaybackWithPlaysInlineAttribute
273         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
274
275         Safari on iPhone will set
276         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
277         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
278         false. Other apps on iPhone will get their defaults values (because they
279         are SPI) which means they will both be true. On iPad and Mac, apps will
280         use the defaults values where both are false.
281
282         This patch adds support for these two preferences, but does not remove
283         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
284         I will remove the exising preference as soon as I update Safari to migrate
285         off of it.
286
287         Test: media/video-playsinline.html
288
289         * html/MediaElementSession.cpp:
290         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
291         * page/Settings.cpp:
292         * page/Settings.in:
293         * testing/InternalSettings.cpp:
294         (WebCore::InternalSettings::Backup::Backup):
295         (WebCore::InternalSettings::Backup::restoreTo):
296         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
297         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
298         * testing/InternalSettings.h:
299         * testing/InternalSettings.idl:
300
301 2016-07-21  Ryosuke Niwa  <rniwa@webkit.org>
302
303         Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply
304         https://bugs.webkit.org/show_bug.cgi?id=160011
305
306         Reviewed by Chris Dumez.
307
308         Add a null pointer check for renderer() call.
309
310         Unfortunately no new tests since we don't have a reproduction.
311
312         * editing/DeleteSelectionCommand.cpp:
313         (WebCore::DeleteSelectionCommand::doApply):
314
315 2016-07-21  Chris Dumez  <cdumez@apple.com>
316
317         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
318         https://bugs.webkit.org/show_bug.cgi?id=160030
319
320         Reviewed by Sam Weinig.
321
322         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
323         as per the specification:
324         - https://dom.spec.whatwg.org/#domimplementation
325
326         Firefox and Chrome both agree with the specification. However, those
327         parameters were marked as optional in WebKit. Calling this function
328         without parameters would create a document element whose tag is the
329         string "undefined", which does not seem helpful. This patch thus
330         aligns our behavior with the specification and other browsers.
331
332         No new tests, rebaselined existing tests.
333
334         * dom/DOMImplementation.idl:
335
336 2016-07-21  Chris Dumez  <cdumez@apple.com>
337
338         Kill legacy valueToStringWithNullCheck() utility function
339         https://bugs.webkit.org/show_bug.cgi?id=159991
340
341         Reviewed by Sam Weinig.
342
343         Kill legacy valueToStringWithNullCheck() utility function. Treating null as
344         a null string is legacy behavior so drop this function so that people are
345         not tempted to use it. We should be using either:
346         1. JSValue::toWTFString() for non-nullable DOMStrings
347         2. valueToStringWithUndefinedOrNullCheck() for nullable DOMStrings
348         3. valueToStringTreatingNullAsEmptyString() for strings with [TreatNullAs=EmptyString]
349
350         No new tests, no web-exposed behavior change.
351
352         * bindings/js/JSDOMBinding.cpp:
353         (WebCore::valueToStringWithNullCheck): Deleted.
354         * bindings/js/JSDOMBinding.h:
355         * bindings/js/JSHTMLFrameElementCustom.cpp:
356         (WebCore::JSHTMLFrameElement::setLocation):
357         * html/HTMLFrameElement.idl:
358
359 2016-07-21  Zalan Bujtas  <zalan@apple.com>
360
361         Do not keep invalid IOSurface in ImageBufferData.
362         https://bugs.webkit.org/show_bug.cgi?id=160005
363         <rdar://problem/27208636>
364
365         Reviewed by Simon Fraser.
366
367         When we fail to initialize the IOSurface for the accelerated context, we switch over to
368         the non-accelerated code path. Since ImageBufferData::surface is used to indicate whether
369         the graphics context is in accelerated mode, we need to reset it when the initialization fails.
370
371         Unable to create a test case.
372
373         * platform/graphics/cg/ImageBufferCG.cpp:
374         (WebCore::ImageBuffer::ImageBuffer):
375
376 2016-07-21  Chris Dumez  <cdumez@apple.com>
377
378         playsInline IDL attribute has the wrong casing
379         https://bugs.webkit.org/show_bug.cgi?id=160029
380         <rdar://problem/27474031>
381
382         Reviewed by Jon Lee.
383
384         Fix case from video.playsinline to video.playsInline in order to match
385         the specification:
386         - https://html.spec.whatwg.org/multipage/embedded-content.html#the-video-element:dom-video-playsinline
387
388         It still reflects the "playsinline" content attribute though, as per
389         the specification:
390         - https://html.spec.whatwg.org/multipage/embedded-content.html#dom-video-playsinline
391
392         No new tests, updated existing test.
393
394         * html/HTMLVideoElement.idl:
395
396 2016-07-21  Chris Dumez  <cdumez@apple.com>
397
398         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
399         https://bugs.webkit.org/show_bug.cgi?id=160026
400
401         Reviewed by Sam Weinig.
402
403         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
404         attribute as it does not match the specification:
405         - https://html.spec.whatwg.org/multipage/scripting.html#canvascompositing
406
407         It does not change web-exposed behavior because assigning to "" or "null"
408         gets ignored as those are not valid operations.
409
410         Test: fast/canvas/context-globalCompositeOperation-null.html
411
412         * html/canvas/CanvasRenderingContext2D.idl:
413
414 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
415
416         [GTK][Threaded Compositor] Overlay scrollbars shouldn't be a requirement of the threaded compositor
417         https://bugs.webkit.org/show_bug.cgi?id=160020
418
419         Reviewed by Michael Catanzaro.
420
421         It has been a requirement only because we didn't really know why frame scrollbars were not rendered when using
422         the threaded compositor. The reason is that RenderView doesn't use layers for FrameView scrollbars by default,
423         unless using overlay scrollbars. When using the threaded compositor we really need layers for the FrameView
424         scrollbars even when not using overlay scrollbars.
425
426         * platform/gtk/ScrollbarThemeGtk.cpp:
427         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk): Stop enforcing overlay scrollbars when threaded compositor is enabled.
428         * rendering/RenderLayerCompositor.cpp:
429         (WebCore::RenderLayerCompositor::shouldCompositeOverflowControls): Always use layers for scrollbars when
430         threaded compositor is enabled.
431
432 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
433
434         [Cairo] Fix a crash in fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
435         https://bugs.webkit.org/show_bug.cgi?id=160014
436
437         Reviewed by Michael Catanzaro.
438
439         In r202887 some null checks were added for JSArray::createUninitialized (and related) but not for the
440         ImageBuffer cairo implementation.
441
442         * platform/graphics/cairo/ImageBufferCairo.cpp:
443         (WebCore::getImageData): Return early if Uint8ClampedArray::createUninitialized() returns nullptr.
444
445 2016-07-21  Miguel Gomez  <magomez@igalia.com>
446
447         [GTK] The GSTREAMER_GL path in MediaPlayerPrivateGStreamerBase::paintToTextureMapper() is missing a mutex lock
448         https://bugs.webkit.org/show_bug.cgi?id=160018
449
450         Reviewed by Philippe Normand.
451
452         Lock the video sample mutex while accessing it.
453
454         Covered by existent tests.
455
456         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
457         (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
458
459 2016-07-21  Miguel Gomez  <magomez@igalia.com>
460
461         [Threaded Compositor] Flickering when zooming in/out in maps.google.com
462         https://bugs.webkit.org/show_bug.cgi?id=154069
463
464         Reviewed by Carlos Garcia Campos.
465
466         Add a new extra buffer to GraphicsContext3D when using the Threaded Compositor,
467         so it doesn't have to reuse the buffers that are still waiting for composition.
468
469         Covered by existing tests.
470
471         * platform/graphics/GraphicsContext3D.h:
472         Add a new texture to use for the rendering. Remove the compositor fbo we were using.
473         * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
474         (WebCore::GraphicsContext3D::GraphicsContext3D):
475         Initialize the new texture and remove the previous fbo related code.
476         (WebCore::GraphicsContext3D::~GraphicsContext3D):
477         Properly destroy the new texture and remove the previous fbo related code.
478         * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
479         (WebCore::GraphicsContext3D::reshapeFBOs):
480         Allocate the new texture and remove the previous fbo allocation.
481         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
482         (WebCore::GraphicsContext3D::prepareTexture):
483         Use a single fbo with three textures instead of two fbos with a texture each.
484         Rotate the three textures usage so:
485         - m_texture becomes m_compositorTexture to be pushed to the compositor.
486         - m_intermediateTexture becomes m_texture to receive the next rendering.
487         - m_compositorTexture becomes m_intermediateTexture.
488         And add a glFlush() to ensure that the gl commands are sent to the pipeline.
489         * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
490         (WebCore::GraphicsContext3D::reshapeFBOs):
491         Allocate the new texture.
492
493 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
494
495         [GTK][Threaded Compositor] Web view background colors don't work
496         https://bugs.webkit.org/show_bug.cgi?id=159465
497
498         Reviewed by Michael Catanzaro.
499
500         * rendering/RenderLayerBacking.cpp:
501         (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): Initialize frame view layer opacity for platforms not
502         using the tiled cache layer.
503
504 2016-07-20  Youenn Fablet  <youenn@apple.com>
505
506         [XHR] Cache response JS object in case of arraybuffer and blob response types
507         https://bugs.webkit.org/show_bug.cgi?id=128903
508
509         Reviewed by Alex Christensen.
510
511         Covered by existing and modified tests.
512
513         Making response getter a JS builtin that caches response in @response private slot.
514         Handling invalidation of cached response with @responseCacheIsValid new private method.
515         Handling creation of cached response with @retrieveResponse new private method which reuses most of
516         JSXMLHttpRequest::response previous code.
517
518         Caching of responses is activated whenever load ended without any error for blob and arraybuffer response types.
519
520         Caching of response for document is also activated in case the response getter is used but not if responseXML getter is used.
521
522         * CMakeLists.txt: Adding XMLHttpRequest.js.
523         * DerivedSources.make: Ditto.
524         * bindings/js/JSXMLHttpRequestCustom.cpp:
525         (WebCore::JSXMLHttpRequest::retrieveResponse): Implements creation of to-be-cached response.
526         (WebCore::JSXMLHttpRequest::response): Deleted.
527         * bindings/js/WebCoreBuiltinNames.h: Adding new private names.
528         * xml/XMLHttpRequest.cpp:
529         (WebCore::XMLHttpRequest::didCacheResponse): Renamed from didCacheResponseJSON as all response types are now cached.
530         (WebCore::XMLHttpRequest::didCacheResponseJSON): Deleted.
531         * xml/XMLHttpRequest.h:
532         * xml/XMLHttpRequest.idl:
533
534 2016-07-20  Youenn Fablet  <youenn@apple.com>
535
536         Remove crossOriginRequestPolicy from ThreadableLoaderOptions
537         https://bugs.webkit.org/show_bug.cgi?id=159417
538
539         Reviewed by Alex Christensen.
540
541         No observable change.
542
543         * Modules/fetch/FetchLoader.cpp:
544         (WebCore::FetchLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
545         * fileapi/FileReaderLoader.cpp:
546         (WebCore::FileReaderLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
547         * inspector/InspectorNetworkAgent.cpp:
548         (WebCore::InspectorNetworkAgent::loadResource): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
549         * loader/DocumentThreadableLoader.cpp:
550         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
551         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest): UseAccessControl -> FetchOptions::Mode::Cors.
552         (WebCore::DocumentThreadableLoader::redirectReceived): Ditto.
553         (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
554         (WebCore::DocumentThreadableLoader::loadRequest): Use NoCors as option passed to ResourceLoader. This allows
555         desactivating ResourceLoader CORS checks as they are done in DocumentThreadableLoader right now. In the future,
556         these checks should be moved to ResourceLoader and DocumentThreadableLoader should directly pass the fetch mode
557         option.
558         (WebCore::DocumentThreadableLoader::isAllowedRedirect): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
559         * loader/ThreadableLoader.cpp:
560         (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing CrossOriginRequestPolicy.
561         * loader/ThreadableLoader.h: Ditto.
562         * loader/WorkerThreadableLoader.cpp:
563         (WebCore::LoaderTaskOptions::LoaderTaskOptions): Ditto.
564         * page/EventSource.cpp:
565         (WebCore::EventSource::connect): UseAccessControl -> FetchOptions::Mode::Cors.
566         * workers/Worker.cpp:
567         (WebCore::Worker::create): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
568         * workers/WorkerGlobalScope.cpp:
569         (WebCore::WorkerGlobalScope::importScripts): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
570         * workers/WorkerScriptLoader.cpp:
571         (WebCore::WorkerScriptLoader::loadSynchronously):
572         (WebCore::WorkerScriptLoader::loadAsynchronously):
573         * workers/WorkerScriptLoader.h:
574         * xml/XMLHttpRequest.cpp:
575         (WebCore::XMLHttpRequest::createRequest):
576
577 2016-07-20  Chris Dumez  <cdumez@apple.com>
578
579         Fix null handling of several Document attributes
580         https://bugs.webkit.org/show_bug.cgi?id=159997
581
582         Reviewed by Ryosuke Niwa.
583
584         Fix null handling of the following Document attributes: title, cookie
585         and domain.
586
587         In WebKit, they were all marked as [TreatNullAs=EmptyString], which
588         does not match the specification:
589         - https://html.spec.whatwg.org/multipage/dom.html#document
590
591         Details for each attribute:
592         - title: null is now treated as the string "null", thus setting the
593           document title to "null". This matches Firefox and Chrome.
594         - cookie: adds a "null" cookie instead of being a no-op. This matches
595                   both Firefox and Chrome.
596         - domain: Calls setDomain(String("null")) instead of
597                   setDomain(String()). This throws an exception because "null"
598                   is not a suffix of the effective domain name. The behavior
599                   is the same in Firefox and Chrome. Previously, we were
600                   already throwing an exception since setting the domain to
601                   the empty string throws, as per the specification.
602
603         Test: http/tests//dom/document-attributes-null-handling.html
604
605         * dom/Document.idl:
606
607 2016-07-20  Commit Queue  <commit-queue@webkit.org>
608
609         Unreviewed, rolling out r203471.
610         https://bugs.webkit.org/show_bug.cgi?id=160003
611
612         many iOS-simulator tests are failing (Requested by litherum on
613         #webkit).
614
615         Reverted changeset:
616
617         "[iPhone] Playing a video on tudou.com plays only sound, no
618         video"
619         https://bugs.webkit.org/show_bug.cgi?id=159967
620         http://trac.webkit.org/changeset/203471
621
622 2016-07-19  Ryosuke Niwa  <rniwa@webkit.org>
623
624         iOS: Cannot paste images in RTF content
625         https://bugs.webkit.org/show_bug.cgi?id=159964
626         <rdar://problem/27442806>
627
628         Reviewed by Enrica Casucci.
629
630         The bug was caused by setDefersLoading(true) not deferring image loading for the parsed fragment.
631         Worked around this bug by disabling image loading while parsing the document fragment.
632
633         * editing/ios/EditorIOS.mm:
634         (WebCore::Editor::createFragmentAndAddResources):
635
636 2016-07-20  Brady Eidson  <beidson@apple.com>
637
638         Address a small FIXME in IDB code.
639         https://bugs.webkit.org/show_bug.cgi?id=159999
640
641         Reviewed by Andy Estes.
642
643         No new tests (No behavior change).
644
645         * Modules/indexeddb/IDBRequest.cpp:
646         (WebCore::IDBRequest::IDBRequest):
647         
648         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
649         (WebCore::IDBResourceIdentifier::IDBResourceIdentifier): Deleted.
650         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
651
652 2016-07-20  Brady Eidson  <beidson@apple.com>
653
654         Remove some "modernFoo"s from IndexedDB code.
655         https://bugs.webkit.org/show_bug.cgi?id=159985
656
657         Reviewed by Andy Estes.
658
659         No new tests (No known behavior change).
660
661         * Modules/indexeddb/IDBCursor.cpp:
662         (WebCore::IDBCursor::IDBCursor):
663         (WebCore::IDBCursor::~IDBCursor):
664         (WebCore::IDBCursor::sourcesDeleted):
665         (WebCore::IDBCursor::effectiveObjectStore):
666         (WebCore::IDBCursor::transaction):
667         (WebCore::IDBCursor::direction):
668         (WebCore::IDBCursor::update):
669         (WebCore::IDBCursor::advance):
670         (WebCore::IDBCursor::continueFunction):
671         (WebCore::IDBCursor::uncheckedIterateCursor):
672         (WebCore::IDBCursor::deleteFunction):
673         (WebCore::IDBCursor::setGetResult):
674         
675         * Modules/indexeddb/IDBIndex.cpp:
676         (WebCore::IDBIndex::IDBIndex):
677         (WebCore::IDBIndex::~IDBIndex):
678         (WebCore::IDBIndex::hasPendingActivity):
679         (WebCore::IDBIndex::name):
680         (WebCore::IDBIndex::objectStore):
681         (WebCore::IDBIndex::keyPath):
682         (WebCore::IDBIndex::unique):
683         (WebCore::IDBIndex::multiEntry):
684         (WebCore::IDBIndex::openCursor):
685         (WebCore::IDBIndex::doCount):
686         (WebCore::IDBIndex::openKeyCursor):
687         (WebCore::IDBIndex::doGet):
688         (WebCore::IDBIndex::doGetKey):
689         (WebCore::IDBIndex::markAsDeleted):
690         * Modules/indexeddb/IDBIndex.h:
691         
692         * Modules/indexeddb/IDBObjectStore.cpp:
693         (WebCore::IDBObjectStore::transaction):
694         (WebCore::IDBObjectStore::deleteFunction): Deleted.
695         (WebCore::IDBObjectStore::modernDelete): Deleted.
696         * Modules/indexeddb/IDBObjectStore.h:
697         
698         * bindings/js/JSIDBIndexCustom.cpp:
699         (WebCore::JSIDBIndex::visitAdditionalChildren):
700
701 2016-07-20  Chris Dumez  <cdumez@apple.com>
702
703         Stop using valueToStringWithNullCheck() in JSCSSStyleDeclaration::putDelegate()
704         https://bugs.webkit.org/show_bug.cgi?id=159982
705
706         Reviewed by Ryosuke Niwa.
707
708         valueToStringWithNullCheck() treats null as the null String() which is
709         legacy / non standard behavior. The specification says we should treat
710         null as the empty string:
711         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
712
713         Therefore, we should be using valueToStringTreatingNullAsEmptyString() instead.
714
715         In practice, there is no web-exposed behavior change because
716         MutableStyleProperties::setProperty() removes the property wether the
717         value is the null String or the empty String.
718
719         This behavior is correct since the specification says that we should
720         remove the property if the value is the empty string:
721         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty (step 4)
722
723         I added test coverage to make sure we behave according to specification.
724         This test is passing in Firefox, Chrome and in WebKit (before and after
725         my change).
726
727         Test: fast/css/CSSStyleDeclaration-property-setter.html
728
729         * bindings/js/JSCSSStyleDeclarationCustom.cpp:
730         (WebCore::JSCSSStyleDeclaration::putDelegate):
731
732 2016-07-20  Chris Dumez  <cdumez@apple.com>
733
734         Fix null handling of HTMLFrameElement.marginWidth / marginHeight
735         https://bugs.webkit.org/show_bug.cgi?id=159987
736
737         Reviewed by Ryosuke Niwa.
738
739         Fix null handling of HTMLFrameElement.marginWidth / marginHeight:
740         - https://html.spec.whatwg.org/multipage/obsolete.html#htmlframeelement
741
742         We are supposed to treat null as the empty string but we treat it as
743         the string "null".
744
745         Firefox and Chrome both match the specification.
746
747         No new tests, updated existing tests.
748
749         * html/HTMLFrameElement.idl:
750
751 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
752
753         Pausing autoplayed media should not remove all restrictions for that media element
754         https://bugs.webkit.org/show_bug.cgi?id=159988
755
756         Reviewed by Jon Lee.
757
758         Localizes the removal of behavior restrictions introduced in r203464 upon pausing an
759         autoplaying video to just affect the hiding or showing of the media controller. This
760         prevents pages from using Javascript to start playing autoplaying videos that have
761         been paused by the user.
762
763         * html/HTMLMediaElement.cpp:
764         (WebCore::HTMLMediaElement::pause):
765
766 2016-07-20  Myles C. Maxfield  <mmaxfield@apple.com>
767
768         [iPhone] Playing a video on tudou.com plays only sound, no video
769         https://bugs.webkit.org/show_bug.cgi?id=159967
770         <rdar://problem/26964090>
771
772         Reviewed by Jon Lee.
773
774         WebKit recently starting honoring the playsinline and webkit-playsinline
775         attribute on iPhones. However, because these attributes previously did
776         nothing, some sites (such as Todou) were setting them on their content
777         and expecting that they are not honored. In this specific case, the
778         video is absolutely positioned to be 1 pixel x 1 pixel.
779
780         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
781         property on their WKWebView, which would honor the webkit-playsinline
782         attribute. Safari on iPhones didn't do this.
783
784         In order to not break these existing apps, it's important that the
785         allowsInlineMediaPlayback preference still allows webkit-playsinline
786         videos to play inline in apps using WKWebView. However, in Safari, these
787         videos should play fullscreen. (Todou videos have webkit-playsinline
788         but not playsinline.)
789
790         Therefore, in Safari, videos with playsinline should be inline, but
791         videos with webkit-playsinline should be fullscreen. In apps using
792         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
793         playsinline should be inline, and videos with webkit-playsinline should
794         also be inline. Videos on iPad and Mac should all be inline by default.
795
796         We can create some truth tables for the cases which need to be covered:
797
798         All apps on Mac / iPad:
799         Presence of playsinline | Presence of webkit-playsinline | Result
800         ========================|================================|===========
801         Not present             | Not present                    | Inline
802         Present                 | Not present                    | Inline
803         Not Present             | Present                        | Inline
804         Present                 | Present                        | Inline
805
806         Safari on iPhone:
807         Presence of playsinline | Presence of webkit-playsinline | Result
808         ========================|================================|===========
809         Not present             | Not present                    | Fullscreen
810         Present                 | Not present                    | Inline
811         Not Present             | Present                        | Fullscreen
812         Present                 | Present                        | Inline
813
814         App on iPhone which sets allowsInlineMediaPlayback:
815         Presence of playsinline | Presence of webkit-playsinline | Result
816         ========================|================================|===========
817         Not present             | Not present                    | Fullscreen
818         Present                 | Not present                    | Inline
819         Not Present             | Present                        | Inline
820         Present                 | Present                        | Inline
821
822         The way to distinguish Safari from another app is to create an SPI
823         boolean preference which Safari can set. This is already how the
824         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
825         which Safari sets but other apps don't. However, this preference is
826         no longer sufficient because Safari should now be discriminating
827         between the playsinline and webkit-playsinline attributes. Therefore,
828         this preference should be extended to two boolean preferences, which
829         this patch adds:
830
831         allowsInlineMediaPlaybackWithPlaysInlineAttribute
832         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
833
834         Safari on iPhone will set
835         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
836         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
837         false. Other apps on iPhone will get their defaults values (because they
838         are SPI) which means they will both be true. On iPad and Mac, apps will
839         use the defaults values where both are false.
840
841         This patch adds support for these two preferences, but does not remove
842         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
843         I will remove the exising preference as soon as I update Safari to migrate
844         off of it.
845
846         Test: media/video-playsinline.html
847
848         * html/MediaElementSession.cpp:
849         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
850         * page/Settings.cpp:
851         * page/Settings.in:
852         * testing/InternalSettings.cpp:
853         (WebCore::InternalSettings::Backup::Backup):
854         (WebCore::InternalSettings::Backup::restoreTo):
855         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
856         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
857         * testing/InternalSettings.h:
858         * testing/InternalSettings.idl:
859
860 2016-07-20  Chris Dumez  <cdumez@apple.com>
861
862         Get rid of custom bindings code for XMLHttpRequest.open()
863         https://bugs.webkit.org/show_bug.cgi?id=159984
864
865         Reviewed by Ryosuke Niwa.
866
867         Get rid of custom bindings code for XMLHttpRequest.open() as the
868         bindings generator is able to generate it.
869
870         Relevant specification:
871         - https://xhr.spec.whatwg.org/#xmlhttprequest
872
873         The issue is that legacy content prevents treating the 'async' argument
874         being undefined identical from it being omitted. However, this can be
875         achieved by using overloading in IDL, like in the specification.
876
877         No new tests, already covered by the following tests:
878         - http/tests/xmlhttprequest/basic-auth.html
879         - http/tests/xmlhttprequest/open-async-overload.html
880
881         * bindings/js/JSXMLHttpRequestCustom.cpp:
882         (WebCore::SendFunctor::SendFunctor): Deleted.
883         (WebCore::SendFunctor::line): Deleted.
884         (WebCore::SendFunctor::column): Deleted.
885         (WebCore::SendFunctor::url): Deleted.
886         (WebCore::SendFunctor::operator()): Deleted.
887         * xml/XMLHttpRequest.cpp:
888         (WebCore::XMLHttpRequest::open):
889         * xml/XMLHttpRequest.h:
890         * xml/XMLHttpRequest.idl:
891
892 2016-07-20  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
893
894         Mark overriden methods in WebCore/svg final classes as final
895         https://bugs.webkit.org/show_bug.cgi?id=159966
896
897         Reviewed by Michael Catanzaro.
898
899         Update WebCore/svg classes so that overriden methods in final classes are marked final.
900
901         * svg/SVGAElement.h:
902         * svg/SVGAltGlyphDefElement.h:
903         * svg/SVGAltGlyphItemElement.h:
904         * svg/SVGAnimateTransformElement.h:
905         * svg/SVGAnimatedColor.h:
906         * svg/SVGCircleElement.h:
907         * svg/SVGClipPathElement.h:
908         * svg/SVGCursorElement.h:
909         * svg/SVGDefsElement.h:
910         * svg/SVGDescElement.h:
911         * svg/SVGEllipseElement.h:
912         * svg/SVGFEMergeNodeElement.h:
913         * svg/SVGFilterElement.h:
914         * svg/SVGFontElement.h:
915         * svg/SVGFontFaceElement.h:
916         * svg/SVGFontFaceFormatElement.h:
917         * svg/SVGFontFaceNameElement.h:
918         * svg/SVGFontFaceSrcElement.h:
919         * svg/SVGFontFaceUriElement.h:
920         * svg/SVGForeignObjectElement.h:
921         * svg/SVGGElement.h:
922         * svg/SVGGlyphElement.h:
923         * svg/SVGGlyphRefElement.h:
924         * svg/SVGHKernElement.h:
925         * svg/SVGImageElement.h:
926         * svg/SVGLineElement.h:
927         * svg/SVGMPathElement.h:
928         * svg/SVGMaskElement.h:
929         * svg/SVGMetadataElement.h:
930         * svg/SVGMissingGlyphElement.h:
931         * svg/SVGPathBuilder.h:
932         * svg/SVGPathByteStreamBuilder.h:
933         * svg/SVGPathByteStreamSource.h:
934         * svg/SVGPathElement.h:
935         * svg/SVGPathSegArcAbs.h:
936         * svg/SVGPathSegArcRel.h:
937         * svg/SVGPathSegClosePath.h:
938         * svg/SVGPathSegCurvetoCubicAbs.h:
939         * svg/SVGPathSegCurvetoCubicRel.h:
940         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
941         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
942         * svg/SVGPathSegCurvetoQuadraticAbs.h:
943         * svg/SVGPathSegCurvetoQuadraticRel.h:
944         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
945         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
946         * svg/SVGPathSegLinetoAbs.h:
947         * svg/SVGPathSegLinetoHorizontalAbs.h:
948         * svg/SVGPathSegLinetoHorizontalRel.h:
949         * svg/SVGPathSegLinetoRel.h:
950         * svg/SVGPathSegLinetoVerticalAbs.h:
951         * svg/SVGPathSegLinetoVerticalRel.h:
952         * svg/SVGPathSegListBuilder.h:
953         * svg/SVGPathSegListSource.h:
954         * svg/SVGPathSegMovetoAbs.h:
955         * svg/SVGPathSegMovetoRel.h:
956         * svg/SVGPathStringSource.h:
957         * svg/SVGPathTraversalStateBuilder.h:
958         * svg/SVGPatternElement.h:
959         * svg/SVGRectElement.h:
960         * svg/SVGScriptElement.h:
961         * svg/SVGStopElement.h:
962         * svg/SVGStyleElement.h:
963         * svg/SVGSwitchElement.h:
964         * svg/SVGTRefElement.cpp:
965         * svg/SVGTitleElement.h:
966         * svg/SVGToOTFFontConversion.cpp:
967         * svg/SVGUnknownElement.h:
968         * svg/SVGVKernElement.h:
969         * svg/SVGViewElement.h:
970         * svg/SVGZoomEvent.h:
971         * svg/animation/SVGSMILElement.cpp:
972         * svg/graphics/SVGImage.h:
973         * svg/graphics/SVGImageClients.h:
974         * svg/graphics/SVGImageForContainer.h:
975         * svg/graphics/filters/SVGFEImage.h:
976         * svg/graphics/filters/SVGFilter.h:
977         * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
978         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
979         * svg/properties/SVGAnimatedPropertyTearOff.h:
980         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
981         * svg/properties/SVGMatrixTearOff.h:
982         * svg/properties/SVGPathSegListPropertyTearOff.h:
983
984 2016-07-20  Brady Eidson  <beidson@apple.com>
985
986         Transition most IDB interfaces from ScriptExecutionContext to ExecState.
987         https://bugs.webkit.org/show_bug.cgi?id=159975
988
989         Reviewed by Alex Christensen.
990
991         No new tests (No known behavior change).
992
993         * Modules/indexeddb/IDBCursor.cpp:
994         (WebCore::IDBCursor::continueFunction):
995         (WebCore::IDBCursor::deleteFunction):
996         * Modules/indexeddb/IDBCursor.h:
997         * Modules/indexeddb/IDBCursor.idl:
998
999         * Modules/indexeddb/IDBDatabase.idl:
1000
1001         * Modules/indexeddb/IDBFactory.cpp:
1002         (WebCore::IDBFactory::cmp):
1003         * Modules/indexeddb/IDBFactory.h:
1004         * Modules/indexeddb/IDBFactory.idl:
1005
1006         * Modules/indexeddb/IDBIndex.cpp:
1007         (WebCore::IDBIndex::openCursor):
1008         (WebCore::IDBIndex::count):
1009         (WebCore::IDBIndex::doCount):
1010         (WebCore::IDBIndex::openKeyCursor):
1011         (WebCore::IDBIndex::get):
1012         (WebCore::IDBIndex::doGet):
1013         (WebCore::IDBIndex::getKey):
1014         (WebCore::IDBIndex::doGetKey):
1015         * Modules/indexeddb/IDBIndex.h:
1016         * Modules/indexeddb/IDBIndex.idl:
1017
1018         * Modules/indexeddb/IDBKeyRange.cpp:
1019         (WebCore::IDBKeyRange::only): Deleted.
1020         * Modules/indexeddb/IDBKeyRange.h:
1021
1022         * Modules/indexeddb/IDBObjectStore.cpp:
1023         (WebCore::IDBObjectStore::openCursor):
1024         (WebCore::IDBObjectStore::get):
1025         (WebCore::IDBObjectStore::putOrAdd):
1026         (WebCore::IDBObjectStore::deleteFunction):
1027         (WebCore::IDBObjectStore::doDelete):
1028         (WebCore::IDBObjectStore::modernDelete):
1029         (WebCore::IDBObjectStore::clear):
1030         (WebCore::IDBObjectStore::createIndex):
1031         (WebCore::IDBObjectStore::count):
1032         (WebCore::IDBObjectStore::doCount):
1033         * Modules/indexeddb/IDBObjectStore.h:
1034         * Modules/indexeddb/IDBObjectStore.idl:
1035
1036         * Modules/indexeddb/IDBTransaction.cpp:
1037         (WebCore::IDBTransaction::requestOpenCursor):
1038         (WebCore::IDBTransaction::doRequestOpenCursor):
1039         (WebCore::IDBTransaction::requestGetRecord):
1040         (WebCore::IDBTransaction::requestGetValue):
1041         (WebCore::IDBTransaction::requestGetKey):
1042         (WebCore::IDBTransaction::requestIndexRecord):
1043         (WebCore::IDBTransaction::requestCount):
1044         (WebCore::IDBTransaction::requestDeleteRecord):
1045         (WebCore::IDBTransaction::requestClearObjectStore):
1046         (WebCore::IDBTransaction::requestPutOrAdd):
1047         * Modules/indexeddb/IDBTransaction.h:
1048
1049         * inspector/InspectorIndexedDBAgent.cpp:
1050
1051 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
1052
1053         Media controls don't appear when pausing a small autoplaying video
1054         https://bugs.webkit.org/show_bug.cgi?id=159972
1055         <rdar://problem/27180657>
1056
1057         Reviewed by Beth Dakin.
1058
1059         When pausing an autoplaying video, remove behavior restrictions for the
1060         initial user gesture and show media controls.
1061
1062         New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.
1063
1064         * html/HTMLMediaElement.cpp:
1065         (WebCore::HTMLMediaElement::pause):
1066
1067 2016-07-20  Chris Dumez  <cdumez@apple.com>
1068
1069         Fix null handling of HTMLMediaElement.mediaGroup
1070         https://bugs.webkit.org/show_bug.cgi?id=159974
1071
1072         Reviewed by Eric Carlson.
1073
1074         Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
1075         - https://www.w3.org/TR/html5/embedded-content-0.html#media-elements
1076
1077         null is supposed to be treated as the String "null". This patch aligns
1078         our behavior with the specification. I tested Firefox and Chrome but both
1079         do not have this attribute on HTMLMediaElement.
1080
1081         Also remove support for [TreatNullAs=LegacyNullString] from our bindings
1082         generator as HTMLMediaElement.mediaGroup was the last user.
1083
1084         No new tests, rebaselined existing test.
1085
1086         * bindings/scripts/CodeGeneratorJS.pm:
1087         (JSValueToNative):
1088         * bindings/scripts/IDLAttributes.txt:
1089         * html/HTMLMediaElement.idl:
1090
1091 2016-07-20  Chris Dumez  <cdumez@apple.com>
1092
1093         CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
1094         https://bugs.webkit.org/show_bug.cgi?id=159959
1095
1096         Reviewed by Alexey Proskuryakov.
1097
1098         CSSStyleDeclaration.setProperty() should be able to unsert "important"
1099         on a property as per the latest specification:
1100         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
1101         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
1102
1103         Firefox and Chrome match the specification here but WebKit was ignoring calls
1104         to setProperty() if there is already an "important" property wit this name
1105         and if the new property does not have the "important" flag set.
1106
1107         This behavior was added a long time ago via Bug 60007. However, it does not
1108         match the latest specification or other browsers.
1109
1110         Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html
1111
1112         * css/StyleProperties.cpp:
1113         (WebCore::MutableStyleProperties::addParsedProperty):
1114         Drop code that was added via Bug 60007 as this behavior no longer matches the
1115         specification or other browsers. The layout test added in Bug 60007 fails in
1116         other browsers and was updated in this patch to match the specification.
1117
1118 2016-07-20  Commit Queue  <commit-queue@webkit.org>
1119
1120         Unreviewed, rolling out r203423.
1121         https://bugs.webkit.org/show_bug.cgi?id=159977
1122
1123         The test for this change is failing on Mac Release WK2
1124         (Requested by ryanhaddad on #webkit).
1125
1126         Reverted changeset:
1127
1128         "HTMLVideoElement frames do not update on iOS when src is a
1129         MediaStream blob"
1130         https://bugs.webkit.org/show_bug.cgi?id=159833
1131         http://trac.webkit.org/changeset/203423
1132
1133 2016-07-20  Chris Dumez  <cdumez@apple.com>
1134
1135         Fix null handling of HTMLSelectElement.value attribute
1136         https://bugs.webkit.org/show_bug.cgi?id=159925
1137
1138         Reviewed by Benjamin Poulain.
1139
1140         Fix null handling of HTMLSelectElement.value attribute:
1141         - https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement
1142
1143         We were treating null as the null String which would end up setting
1144         selectedIndex to -1. However, we should treat null as the String "null"
1145         which would set the selectedIndex to the index of the <option> element
1146         whose value is "null".
1147
1148         Firefox and Chrome match the specification.
1149
1150         Test: fast/dom/HTMLSelectElement/value-null-handling.html
1151
1152         * html/HTMLSelectElement.cpp:
1153         (WebCore::HTMLSelectElement::setValue):
1154         * html/HTMLSelectElement.idl:
1155
1156 2016-07-20  Chris Dumez  <cdumez@apple.com>
1157
1158         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
1159         https://bugs.webkit.org/show_bug.cgi?id=159962
1160         <rdar://problem/21439264>
1161
1162         Reviewed by David Kilzer.
1163
1164         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
1165         is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
1166         call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
1167         However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
1168         other. It is therefore possible for a PostResolutionCallbackDisabler object to get
1169         destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
1170         ResourceLoadSuspender object is alive.
1171
1172         This leads to hard to investigate crashes where we end up re-entering WebKit and killing
1173         the style resolver.
1174
1175         This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
1176         There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
1177         is better because it manages a resolutionNestingDepth counter internally to make sure
1178         it only calls LoaderStrategy::resumePendingRequests() once all
1179         PostResolutionCallbackDisabler instances are destroyed.
1180
1181         No new tests, there is no easy way to reproduce the crashes.
1182
1183         * dom/Document.cpp:
1184         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
1185         * loader/LoaderStrategy.cpp:
1186         (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
1187         (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
1188         * loader/LoaderStrategy.h:
1189
1190 2016-07-19  Youenn Fablet  <youenn@apple.com>
1191
1192         [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
1193         https://bugs.webkit.org/show_bug.cgi?id=159932
1194
1195         Reviewed by Alex Christensen.
1196
1197         Covered by existing tests.
1198
1199         Refactoring Headers initializeWith to use the new built-in internal that implements
1200         https://fetch.spec.whatwg.org/#concept-headers-fill.
1201
1202         Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
1203         Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.
1204
1205         * CMakeLists.txt: Adding FetchHeadersInternals.js
1206         * DerivedSources.make: Ditto.
1207         * Modules/fetch/FetchHeaders.js:
1208         (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
1209         * Modules/fetch/FetchInternals.js: Added.
1210         (fillFetchHeaders):
1211         * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
1212         that the checks are done in the order defined by the spec.
1213         (WebCore::FetchResponse::setStatus):
1214         (WebCore::FetchResponse::initializeWith):
1215         (WebCore::isNullBodyStatus): Deleted.
1216         * Modules/fetch/FetchResponse.h:
1217         * Modules/fetch/FetchResponse.idl:
1218         * Modules/fetch/FetchResponse.js:
1219         (initializeFetchResponse): New built-in internal.
1220         * WebCore.xcodeproj/project.pbxproj:
1221         * bindings/js/WebCoreBuiltinNames.h:
1222
1223 2016-07-19  Chris Dumez  <cdumez@apple.com>
1224
1225         Fix null handling of SVGScriptElement.type attribute
1226         https://bugs.webkit.org/show_bug.cgi?id=159927
1227
1228         Reviewed by Benjamin Poulain.
1229
1230         Fix null handling of SVGScriptElement.type attribute:
1231         - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement
1232
1233         We were treating null as the null String which would end up removing
1234         the 'type' content attribute. However, we should treat null as the
1235         String "null".
1236
1237         Firefox and Chrome match the specification.
1238
1239         No new tests, updated existing test.
1240
1241         * svg/SVGScriptElement.idl:
1242
1243 2016-07-19  Chris Dumez  <cdumez@apple.com>
1244
1245         Fix null handling of several HTMLDocument attributes
1246         https://bugs.webkit.org/show_bug.cgi?id=159923
1247
1248         Reviewed by Benjamin Poulain.
1249
1250         Fix null handling of several HTMLDocument attributes:
1251         - https://html.spec.whatwg.org/multipage/dom.html#document
1252         - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial
1253
1254         In particular, null handling was incorrect in WebKit for 'dir',
1255         'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.
1256
1257         Firefox and Chrome match the specification.
1258
1259         Test: fast/dom/HTMLDocument/null-handling.html
1260
1261         * html/HTMLDocument.idl:
1262
1263 2016-07-19  Chris Dumez  <cdumez@apple.com>
1264
1265         Document.createElementNS() / createAttributeNS() parameters should be mandatory
1266         https://bugs.webkit.org/show_bug.cgi?id=159938
1267
1268         Reviewed by Benjamin Poulain.
1269
1270         Document.createElementNS() / createAttributeNS() parameters should be mandatory:
1271         - https://dom.spec.whatwg.org/#document
1272
1273         They were optional in WebKit. However, Firefox and Chrome both match the
1274         specification.
1275
1276         No new tests, rebaselined existing tests.
1277
1278         * dom/Document.idl:
1279
1280 2016-07-19  Benjamin Poulain  <bpoulain@apple.com>
1281
1282         Use getElementById for attribute matching if the attribute name is html's id
1283         https://bugs.webkit.org/show_bug.cgi?id=159960
1284
1285         Reviewed by Chris Dumez.
1286
1287         Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
1288         (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).
1289
1290         If we are not in quirks mode, IdForStyleResolution has the same value
1291         as the Id attribute. We can use the same optimization for both cases.
1292
1293         Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
1294                fast/selectors/id-attribute-querySelector-used-as-id-selector.html
1295
1296         * dom/SelectorQuery.cpp:
1297         (WebCore::canBeUsedForIdFastPath):
1298         (WebCore::findIdMatchingType):
1299         (WebCore::SelectorDataList::SelectorDataList):
1300         (WebCore::selectorForIdLookup):
1301         (WebCore::filterRootById):
1302
1303 2016-07-19  Chris Dumez  <cdumez@apple.com>
1304
1305         Drop SVGElement.xmlbase attribute
1306         https://bugs.webkit.org/show_bug.cgi?id=159926
1307
1308         Reviewed by Benjamin Poulain.
1309
1310         Drop SVGElement.xmlbase attribute as it is no longer part of the
1311         specification:
1312         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
1313
1314         Both Firefox and Chrome have already dropped support for
1315         SVGElement.xmlbase.
1316
1317         Chrome's intent to remove:
1318         https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ
1319
1320         Test: svg/dom/SVGElement-xmlbase.html
1321
1322         * svg/SVGElement.cpp:
1323         (WebCore::SVGElement::removedFrom): Deleted.
1324         * svg/SVGElement.h:
1325         * svg/SVGElement.idl:
1326
1327 2016-07-19  Chris Dumez  <cdumez@apple.com>
1328
1329         Align CSSStyleDeclaration.setProperty() with the specification
1330         https://bugs.webkit.org/show_bug.cgi?id=159955
1331
1332         Reviewed by Benjamin Poulain.
1333
1334         Align CSSStyleDeclaration.setProperty() with the specification:
1335         - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface
1336
1337         In particular, the following changes were needed:
1338         1. The 'value' parameter should not be optional
1339         2. The 'priority' parameter should treat null as the empty string
1340            rather than the string "null".
1341         3. The 'priority' parameter's default value should be the empty string,
1342            not the string "undefined".
1343         4. CSSStyleDeclaration.setProperty() should return early if 'priority'
1344            is not the empty string and is not an ASCII case-insensitive match
1345            for the string "important".
1346
1347         Chrome matches the specification entirely.
1348         Firefox matches the specification with the exception that it does a
1349         case-sensitive match for "important".
1350
1351         Test: fast/css/CSSStyleDeclaration-setProperty.html
1352
1353         * css/CSSStyleDeclaration.idl:
1354         * css/PropertySetCSSStyleDeclaration.cpp:
1355         (WebCore::PropertySetCSSStyleDeclaration::setProperty):
1356
1357 2016-07-19  Daniel Bates  <dabates@apple.com>
1358
1359         CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
1360         https://bugs.webkit.org/show_bug.cgi?id=159841
1361         <rdar://problem/27381684>
1362
1363         Reviewed by Brent Fulgham.
1364
1365         Implement a first pass at sending multiple violation reports so as to more closely
1366         conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
1367         <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).
1368
1369         Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
1370                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
1371                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
1372                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1373                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1374                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
1375                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
1376                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
1377                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
1378                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1379                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1380                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
1381                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
1382                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
1383                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
1384                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1385                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1386                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
1387                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
1388                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
1389                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
1390                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
1391                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
1392                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
1393                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
1394                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html
1395
1396         * page/csp/ContentSecurityPolicy.cpp:
1397         (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
1398         is allowed by all of the policies with the specified disposition.
1399         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
1400         all of the enforced policies.
1401         (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
1402         Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
1403         so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
1404         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
1405         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
1406         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
1407         all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
1408         nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
1409         address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
1410         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
1411         (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
1412         matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
1413         report-only policies so that we only allow the resource for the former. As a side effect of this change
1414         we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
1415         for more details.
1416         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
1417         (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
1418         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
1419         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
1420         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
1421         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
1422         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
1423         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
1424         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
1425         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
1426         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
1427         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
1428         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
1429         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
1430         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
1431         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
1432         * page/csp/ContentSecurityPolicy.h:
1433         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.
1434
1435 2016-07-19  Chris Dumez  <cdumez@apple.com>
1436
1437         Fix null handling of HTMLScriptElement.text attribute
1438         https://bugs.webkit.org/show_bug.cgi?id=159943
1439
1440         Reviewed by Benjamin Poulain.
1441
1442         Fix null handling of HTMLScriptElement.text attribute:
1443         - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
1444
1445         We should treat null as the "null" String but we were treating it as
1446         the empty string.
1447
1448         Firefox and Chrome match the specification.
1449
1450         No new tests, rebaselined existing test.
1451
1452         * html/HTMLScriptElement.idl:
1453
1454 2016-07-19  Chris Dumez  <cdumez@apple.com>
1455
1456         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
1457         https://bugs.webkit.org/show_bug.cgi?id=159934
1458
1459         Reviewed by Benjamin Poulain.
1460
1461         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
1462         non-standard and we want to drop support for it from the bindings generator.
1463
1464         Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
1465         given that both a missing/empty attribute result in using the default
1466         autocapitalization mode and that autocapitalize returns the empty string by
1467         default.
1468
1469         Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html
1470
1471         * html/HTMLFormElement.idl:
1472         * html/HTMLInputElement.idl:
1473         * html/HTMLTextAreaElement.idl:
1474
1475 2016-07-19  Zalan Bujtas  <zalan@apple.com>
1476
1477         REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
1478         https://bugs.webkit.org/show_bug.cgi?id=159952
1479
1480         Reviewed by Simon Fraser.
1481
1482         Update ASSERTs to reflect new functionality, that is, now we can end up in a state
1483         where the container (RenderView) of one of the dirty subtrees is dirty.
1484         See r203415.
1485  
1486         Covered by editing/pasteboard/drag-drop-input-in-svg.svg
1487
1488         * page/FrameView.cpp:
1489         (WebCore::FrameView::scheduleRelayoutOfSubtree):
1490
1491 2016-07-19  Dean Jackson  <dino@apple.com>
1492
1493         REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
1494         https://bugs.webkit.org/show_bug.cgi?id=159948
1495         <rdar://problem/27391012>
1496
1497         Reviewed by Simon Fraser.
1498
1499         There is an iOS bug (<rdar://problem/27416744>) that is causing us
1500         to not always get a color space on CGContextRefs. Investigation of this
1501         exposed some optimizations we can take when we are creating ImageBuffers.
1502         In particular, if we have a bitmap context or an IOSurfaceContext we
1503         can simply copy their color space using API. Otherwise we stick with
1504         the existing CGContextCopyDeviceColorSpace.
1505
1506         Lastly, if for some reason we are unable to copy the device color space,
1507         we should fall back to sRGB.
1508
1509         * platform/graphics/cg/ImageBufferCG.cpp:
1510         (WebCore::ImageBuffer::createCompatibleBuffer):
1511         * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.
1512
1513
1514 2016-07-19  George Ruan  <gruan@apple.com>
1515
1516         HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
1517         https://bugs.webkit.org/show_bug.cgi?id=159833
1518         <rdar://problem/27379487>
1519
1520         Reviewed by Eric Carlson.
1521
1522         Test: fast/mediastream/MediaStream-video-element-displays-buffer.html
1523
1524         * WebCore.xcodeproj/project.pbxproj:
1525         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
1526         of RefPtr<T>
1527         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
1528         MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
1529         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
1530         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
1531         observers and AVSampleBufferDisplayLayer
1532         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
1533         is available.
1534         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
1535         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
1536         for enqueuing sample buffers to the active video track.
1537         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
1538         exists.
1539         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
1540         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
1541         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
1542         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
1543         new SampleBuffer is available.
1544         (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
1545         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
1546         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
1547         MediaPlayerPrivateMediaSourceAVFObjC.mm
1548         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
1549         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
1550         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
1551         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
1552         * platform/mediastream/MediaStreamPrivate.cpp:
1553         (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
1554         * platform/mediastream/MediaStreamTrackPrivate.cpp:
1555         (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
1556         is available.
1557         * platform/mediastream/MediaStreamTrackPrivate.h:
1558         (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
1559         a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
1560         * platform/mediastream/RealtimeMediaSource.cpp:
1561         (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
1562         * platform/mediastream/RealtimeMediaSource.h:
1563         * platform/mediastream/mac/AVVideoCaptureSource.mm:
1564         (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.
1565
1566 2016-07-19  Anders Carlsson  <andersca@apple.com>
1567
1568         Get rid of a #define private public hack in WebCore
1569         https://bugs.webkit.org/show_bug.cgi?id=159953
1570
1571         Reviewed by Dan Bernstein.
1572
1573         Use @package instead.
1574
1575         * bindings/objc/DOMInternal.h:
1576         * bindings/objc/DOMObject.h:
1577
1578 2016-07-19  Andreas Kling  <akling@apple.com>
1579
1580         Fix SharedBuffer leak in MockContentFilter::replacementData().
1581         <https://webkit.org/b/159945>
1582
1583         Reviewed by Andy Estes.
1584
1585         Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
1586         Since this is in the mock filter, it only affected layout tests.
1587
1588         * testing/MockContentFilter.cpp:
1589         (WebCore::MockContentFilter::replacementData):
1590
1591 2016-07-19  Zalan Bujtas  <zalan@apple.com>
1592
1593         theguardian.co.uk crossword puzzles are sometimes not displaying text
1594         https://bugs.webkit.org/show_bug.cgi?id=159924
1595         <rdar://problem/27409483>
1596
1597         Reviewed by Simon Fraser.
1598
1599         This patch fixes the case when
1600         - 2 disjoint subtrees are dirty
1601         - RenderView is also dirty.
1602         and we end up not laying out one of the 2 subtrees.
1603
1604         In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
1605         we already have a pending full layout which means that any previous subtree layouts have already been
1606         converted to full layouts.
1607         However this assumption is incorrect. RenderView can get dirty without checking if there's
1608         already a pending subtree layout.
1609         One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
1610         so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
1611         However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
1612         The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
1613         This patch implements the second option.
1614
1615         Test: fast/misc/subtree-layouts.html
1616
1617         * page/FrameView.cpp:
1618         (WebCore::FrameView::scheduleRelayoutOfSubtree):
1619
1620 2016-07-19  Anders Carlsson  <andersca@apple.com>
1621
1622         Some payment authorization status values should keep the sheet active
1623         https://bugs.webkit.org/show_bug.cgi?id=159936
1624         rdar://problem/26756701
1625
1626         Reviewed by Tim Horton.
1627
1628         * Modules/applepay/ApplePaySession.cpp:
1629         (WebCore::ApplePaySession::completePayment):
1630         Keep the sheet active if the status isn't a final state status.
1631
1632         * Modules/applepay/PaymentAuthorizationStatus.h:
1633         (WebCore::isFinalStateStatus):
1634         Add a new helper function that returns whether a given payment authorization status is "final",
1635         meaning that once that status has been passed to completePayment, the session is finished.
1636
1637 2016-07-19  Nan Wang  <n_wang@apple.com>
1638
1639         AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
1640         https://bugs.webkit.org/show_bug.cgi?id=159910
1641
1642         Reviewed by Chris Fleizach.
1643
1644         We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
1645         option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
1646         fixed a word navigation issue based on that.
1647
1648         Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html
1649
1650         * accessibility/AXObjectCache.cpp:
1651         (WebCore::AXObjectCache::traverseToOffsetInRange):
1652         (WebCore::AXObjectCache::rangeForNodeContents):
1653         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
1654         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
1655         (WebCore::AXObjectCache::rightWordRange):
1656         (WebCore::AXObjectCache::previousBoundary):
1657         * accessibility/AXObjectCache.h:
1658         (WebCore::AXObjectCache::isNodeInUse):
1659
1660 2016-07-19  Youenn Fablet  <youenn@apple.com>
1661
1662         [Streams API] ReadableStreamController methods should throw if its stream is not readable
1663         https://bugs.webkit.org/show_bug.cgi?id=159871
1664
1665         Reviewed by Xabier Rodriguez-Calvar.
1666
1667         Spec now mandates close and enqueue to throw if ReadableStream is not readable.
1668         Covered by rebased and/or modified tests.
1669
1670         * Modules/streams/ReadableStreamController.js:
1671         (enqueue): Throwing a TypeError if controlled stream is not readable.
1672         (close): Ditto.
1673
1674 2016-07-19  Simon Fraser  <simon.fraser@apple.com>
1675
1676         Bubbles appear split for a brief moment in Messages
1677         https://bugs.webkit.org/show_bug.cgi?id=159915
1678         rdar://problem/27182267
1679
1680         Reviewed by David Hyatt.
1681
1682         RenderView::repaintRootContents() had a long-standing bug in WebView when the
1683         view is scrolled. repaint() uses visualOverflowRect() but, for the 
1684         RenderView, the visualOverflowRect() is the initial containing block
1685         which is anchored at 0,0. When the view is scrolled it's clipped out and
1686         calls to repaintRootContents() have no effect.
1687         
1688         Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
1689         will clip it to the view if necessary.
1690
1691         Test: fast/repaint/scrolled-view-full-repaint.html
1692
1693         * rendering/RenderView.cpp:
1694         (WebCore::RenderView::repaintRootContents):
1695
1696 2016-07-19  Dan Bernstein  <mitz@apple.com>
1697
1698         <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'
1699
1700         * bindings/js/JSDOMGlobalObject.cpp:
1701         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.
1702
1703 2016-07-19  Youenn Fablet  <youenn@apple.com>
1704
1705         [Streams API] Make ReadableStream properties not enumerable
1706         https://bugs.webkit.org/show_bug.cgi?id=159868
1707
1708         Reviewed by Darin Adler.
1709
1710         Covered by rebased tests.
1711
1712         Uopdating IDL definitions to mark all functions/attributes as not enumerable.
1713         Updating IDL constructor definitions to correctly compute constructor length.
1714         Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).
1715
1716         * Modules/streams/ReadableStream.idl:
1717         * Modules/streams/ReadableStream.js:
1718         * Modules/streams/ReadableStreamController.idl:
1719         * Modules/streams/ReadableStreamReader.idl:
1720
1721 2016-07-19  Chris Dumez  <cdumez@apple.com>
1722
1723         form.enctype / encoding / method should treat null as "null" string
1724         https://bugs.webkit.org/show_bug.cgi?id=159916
1725
1726         Reviewed by Ryosuke Niwa.
1727
1728         form.enctype / encoding / method should treat null as "null" string:
1729         - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
1730
1731         Previously, WebKit would treat null as the null String, which would
1732         end up removing the existing attribute.
1733
1734         Firefox and Chrome match the specification.
1735
1736         Test: fast/dom/HTMLFormElement/null-handling.html
1737
1738         * html/HTMLFormElement.h:
1739         * html/HTMLFormElement.idl:
1740
1741 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
1742
1743         All-in-one buildfix after r202439
1744         https://bugs.webkit.org/show_bug.cgi?id=159877
1745
1746         Reviewed by Chris Dumez.
1747
1748         * Modules/webaudio/AudioDestinationNode.h:
1749         (WebCore::AudioDestinationNode::resume):
1750         (WebCore::AudioDestinationNode::suspend):
1751         (WebCore::AudioDestinationNode::close):
1752
1753 2016-07-18  Frederic Wang  <fwang@igalia.com>
1754
1755         Move parsing of subscriptshift and superscriptshift from rendering to element classes
1756         https://bugs.webkit.org/show_bug.cgi?id=159622
1757
1758         Reviewed by Darin Adler.
1759
1760         We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
1761         mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
1762         subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
1763         attribute parsing to the DOM (bug 156536).
1764
1765         No new tests, rendering is unchanged.
1766
1767         * CMakeLists.txt: Add MathMLScriptsElement files.
1768         * WebCore.xcodeproj/project.pbxproj: Ditto.
1769         * mathml/MathMLAllInOne.cpp: Ditto.
1770         * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
1771         (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
1772         * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
1773         parsing for the subscriptshift and superscriptshift MathML lengths.
1774         (WebCore::MathMLScriptsElement::MathMLScriptsElement):
1775         (WebCore::MathMLScriptsElement::create):
1776         (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
1777         parsing the attribute again if necessary.
1778         (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
1779         (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
1780         (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
1781         * mathml/MathMLScriptsElement.h: Ditto.
1782         * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
1783         * rendering/mathml/RenderMathMLScripts.cpp:
1784         (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
1785         MathMLScriptsElement.
1786         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
1787         using the functions from the MathMLScriptsElement class.
1788         * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
1789
1790 2016-07-18  Frederic Wang  <fwang@igalia.com>
1791
1792         Do not store gap and shift parameters on RenderMathMLFraction
1793         https://bugs.webkit.org/show_bug.cgi?id=159876
1794
1795         Reviewed by Darin Adler.
1796
1797         After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
1798         do not need to store them on the class. We remove them and split updateLayoutParameters into
1799         three functions: one to update the linethickness and two others to retrieve the fraction and
1800         stack respectively.
1801
1802         No new tests, rendering is unchanged.
1803
1804         * rendering/mathml/RenderMathMLFraction.cpp:
1805         (WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
1806         (WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
1807         (WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
1808         (WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
1809         for fraction and stack parameters.
1810         (WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
1811         * rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
1812         for stack and fraction parameters.
1813
1814 2016-07-18  Chris Dumez  <cdumez@apple.com>
1815
1816         input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
1817         https://bugs.webkit.org/show_bug.cgi?id=159908
1818
1819         Reviewed by Alex Christensen.
1820
1821         input.formEnctype / formMethod and button.formEnctype / formMethod / type
1822         should treat null as "null" String:
1823         - https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
1824         - https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement
1825
1826         In WebKit, we would treat null as a null String which would end up
1827         removing the corresponding attribute. This does not match the
1828         specification. Firefox and Chrome match the specification here.
1829
1830         Tests:
1831         - fast/dom/HTMLButtonElement/null-handling.html
1832         - fast/dom/HTMLInputElement/null-handling.html
1833
1834         * html/HTMLButtonElement.idl:
1835         * html/HTMLInputElement.idl:
1836
1837 2016-07-18  Alex Christensen  <achristensen@webkit.org>
1838
1839         webbookmarksd needs to use the same AppCache directory as MobileSafari
1840         https://bugs.webkit.org/show_bug.cgi?id=159912
1841
1842         Reviewed by Alexey Proskuryakov.
1843
1844         No new tests.  This only changes behavior for webbookmarksd.
1845
1846         * platform/RuntimeApplicationChecks.h:
1847         * platform/RuntimeApplicationChecks.mm:
1848         (WebCore::IOSApplication::isWebBookmarksD): Added.
1849
1850 2016-07-18  Chris Dumez  <cdumez@apple.com>
1851
1852         EventTarget.dispatchEvent() parameter should not be nullable
1853         https://bugs.webkit.org/show_bug.cgi?id=159897
1854
1855         Reviewed by Benjamin Poulain.
1856
1857         EventTarget.dispatchEvent() parameter should not be nullable:
1858         - https://dom.spec.whatwg.org/#interface-eventtarget
1859
1860         Even though the parameter was marked as nullable in our IDL, our
1861         implementation does a null check and we already throw a TypeError
1862         when calling dispatchEvent(null).
1863
1864         Update our IDL so that it matches the specification and so that
1865         the null check is generated in the bindings instead.
1866
1867         No new tests, rebaseline existing tests.
1868
1869         * dom/EventTarget.cpp:
1870         (WebCore::EventTarget::dispatchEventForBindings):
1871         * dom/EventTarget.h:
1872         * dom/EventTarget.idl:
1873
1874 2016-07-18  Chris Dumez  <cdumez@apple.com>
1875
1876         DocType's publicId / systemId should not be nullable
1877         https://bugs.webkit.org/show_bug.cgi?id=159901
1878
1879         Reviewed by Benjamin Poulain.
1880
1881         DocType's publicId / systemId should not be nullable. While they were
1882         not marked as nullable in our IDL, they could be stored as null Strings
1883         in our implementation depending on how the Node was constructed. This
1884         led to subtle bugs where String() != emptyString().
1885
1886         In particular, Node.isEqualNode() would return false when DocumentType
1887         nodes would mismatch because of their publicId / systemId being null
1888         instead of the emptyString.
1889
1890         Serialization would DocumentType nodes would also be wrong when
1891         publicId / systemId were empty Strings instead of null strings. The
1892         new behavior now matches:
1893         - https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)
1894
1895         To address these issues, we now always store publicId / systemId as
1896         non-null Strings inside the DocumentType class.
1897
1898         Test: fast/dom/DocumentType/isEqualNode.html
1899
1900         * dom/DocumentType.cpp:
1901         (WebCore::DocumentType::DocumentType):
1902         * editing/MarkupAccumulator.cpp:
1903         (WebCore::MarkupAccumulator::appendDocumentType):
1904
1905 2016-07-18  Jeremy Jones  <jeremyj@apple.com>
1906
1907         If previous media session interruptions were prevented, still allow subsequent interruptions to try.
1908         https://bugs.webkit.org/show_bug.cgi?id=157553
1909         rdar://problem/25740804
1910
1911         Reviewed by Eric Carlson.
1912
1913         Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html
1914
1915         When suspending under lock on iOS, there is first a resign active event, then a
1916         suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
1917         suspend under lock to interrupt playback.
1918
1919         Currently if there are nested interruptions only the first one is acted upon.
1920
1921         This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
1922         previous interruptions were ignored.
1923
1924         This test is for iPad only, so it must be run manually.
1925
1926         * html/HTMLMediaElement.cpp:
1927         (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
1928         * platform/audio/PlatformMediaSession.cpp:
1929         (WebCore::PlatformMediaSession::beginInterruption):
1930         * testing/Internals.cpp:
1931         (WebCore::Internals::beginMediaSessionInterruption):
1932
1933 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1934
1935         Don't associate form-associated elements with forms in other trees.
1936         https://bugs.webkit.org/show_bug.cgi?id=119451
1937         <rdar://problem/27382946>
1938
1939         Change is based on the Blink change (patch by <adamk@chromium.org>):
1940         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
1941
1942         Reviewed by Chris Dumez.
1943
1944         Prevent elements from being associated with forms that are not part of the same home subtree.
1945         This brings us in line with the WhatWG HTML specification as of September, 2013.
1946
1947         Tests: fast/forms/image-disconnected-during-parse.html
1948                fast/forms/input-disconnected-during-parse.html
1949
1950         * dom/Element.h:
1951         (WebCore::Node::rootElement): Added.
1952         * html/FormAssociatedElement.cpp:
1953         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
1954         is not part of the same tree, remove the association.
1955         * html/HTMLImageElement.cpp:
1956         (WebCore::HTMLImageElement::insertedInto): Ditto.
1957
1958 2016-07-18  Anders Carlsson  <andersca@apple.com>
1959
1960         WebKit nightly fails to build on macOS Sierra
1961         https://bugs.webkit.org/show_bug.cgi?id=159902
1962         rdar://problem/27365672
1963
1964         Reviewed by Tim Horton.
1965
1966         * Modules/applepay/cocoa/PaymentCocoa.mm:
1967         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
1968         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
1969         * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
1970         Use new PassKitSPI header.
1971
1972         * WebCore.xcodeproj/project.pbxproj:
1973         Add new PassKitSPI header.
1974
1975         * icu/unicode/ucurr.h: Added.
1976         Add ucurr.h from ICU.
1977
1978         * platform/spi/cocoa/PassKitSPI.h: Added.
1979         Add new PassKitSPI header.
1980
1981 2016-07-18  Dean Jackson  <dino@apple.com>
1982
1983         REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
1984         https://bugs.webkit.org/show_bug.cgi?id=159906
1985         <rdar://problem/27391725>
1986
1987         Reviewed by Simon Fraser.
1988
1989         The fix for webkit.org/b/157569 in r200769 broke AMP pages.
1990         The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.
1991
1992         Revert them both until we have better testing.
1993
1994         * css/CSSParser.cpp:
1995         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
1996         (WebCore::CSSParser::parseValue):
1997         (WebCore::CSSParser::parseAnimationShorthand):
1998         (WebCore::CSSParser::parseTransitionShorthand): Deleted.
1999         * css/CSSPropertyNames.in:
2000         * css/PropertySetCSSStyleDeclaration.cpp:
2001         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
2002         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
2003         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
2004         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
2005         * css/StyleProperties.cpp:
2006         (WebCore::MutableStyleProperties::removeShorthandProperty):
2007         (WebCore::MutableStyleProperties::removeProperty):
2008         (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
2009         (WebCore::MutableStyleProperties::setProperty):
2010         (WebCore::getIndexInShorthandVectorForPrefixingVariant):
2011         (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
2012         (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
2013         (WebCore::StyleProperties::asText): Deleted.
2014         * css/StyleProperties.h:
2015
2016 2016-07-18  Andreas Kling  <akling@apple.com>
2017
2018         There should be a way to simulate memory pressure in layout tests
2019         <https://webkit.org/b/159743>
2020
2021         Reviewed by Simon Fraser.
2022
2023         Add three window.internal APIs:
2024
2025             - boolean isUnderMemoryPressure (readonly attribute)
2026             - void beginSimulatedMemoryPressure()
2027             - void endSimulatedMemoryPressure()
2028
2029         These make it possible to write tests that exercise behaviors that only
2030         occur during memory pressure situations.
2031
2032         I also implemented the "org.WebKit.lowMemory" notification handler using the new API.
2033
2034         Test: memory/memory-pressure-simulation.html
2035
2036         * platform/MemoryPressureHandler.cpp:
2037         (WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
2038         (WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):
2039         * platform/MemoryPressureHandler.h:
2040         (WebCore::MemoryPressureHandler::isUnderMemoryPressure):
2041         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
2042         (WebCore::MemoryPressureHandler::platformReleaseMemory):
2043         (WebCore::MemoryPressureHandler::install):
2044         * testing/Internals.cpp:
2045         (WebCore::Internals::isUnderMemoryPressure):
2046         (WebCore::Internals::beginSimulatedMemoryPressure):
2047         (WebCore::Internals::endSimulatedMemoryPressure):
2048         * testing/Internals.h:
2049         * testing/Internals.idl:
2050
2051 2016-07-18  Said Abou-Hallawa  <sabouhallawa@apple,com>
2052
2053         [iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
2054         https://bugs.webkit.org/show_bug.cgi?id=158715
2055
2056         Reviewed by Dean Jackson.
2057
2058         Test: fast/images/displaced-non-cached-pdf.html
2059
2060         For iOS, we need to ensure the size of the cached PDF images will not
2061         exceed some limit. Also we should be caching only a sub image of the PDF
2062         if caching the whole image will exceed the memory limit.
2063
2064         * page/Settings.cpp:
2065         (WebCore::Settings::Settings):
2066         (WebCore::Settings::setCachedPDFImageEnabled):
2067         * page/Settings.h:
2068         (WebCore::Settings::isCachedPDFImageEnabled):
2069             Add an option to disable caching the PDF images.
2070
2071         * platform/graphics/cg/PDFDocumentImage.cpp:
2072         (WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
2073             Allow the caller of draw() to disable caching the PDF images.
2074         
2075         (WebCore::PDFDocumentImage::cacheParametersMatch):
2076             Match the context dirty rectangle with the cached image rectangle.
2077         
2078         (WebCore::transformContextForPainting):
2079             When preparing the context for drawing the PDF, take the location 
2080             of the destination rectangle into account. We do not need to scale
2081             the location of the source rectangle because we scale the size of
2082             the rectangle but we don't scale the whole coordinate system.
2083
2084         (WebCore::cachedImageRect):
2085             Calculate the rectangle of the cached image such that it does not
2086             exceed the limit. Start from the center of the dirty rectangle and
2087             then expand around it.
2088             
2089         (WebCore::PDFDocumentImage::decodedSizeChanged):
2090             In addition to notifying the ImageObserver, it keeps track of the size
2091             of all the cached PDF images.
2092
2093         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
2094             Ensure the size of all the cached images does not exceed the limit
2095             
2096         (WebCore::PDFDocumentImage::destroyDecodedData):
2097         * platform/graphics/cg/PDFDocumentImage.h:
2098
2099         * rendering/RenderImage.cpp:
2100         (WebCore::RenderImage::paintIntoRect):
2101             Pass the option to disable caching the PDF images to PDFDocumentImage.
2102
2103         * testing/InternalSettings.cpp:
2104         (WebCore::InternalSettings::Backup::Backup):
2105         (WebCore::InternalSettings::Backup::restoreTo):
2106         (WebCore::InternalSettings::setCachedPDFImageEnabled):
2107         * testing/InternalSettings.h:
2108         * testing/InternalSettings.idl:
2109             Add an internal option to disable caching the PDF images.
2110
2111 2016-07-18  Chris Dumez  <cdumez@apple.com>
2112
2113         The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
2114         https://bugs.webkit.org/show_bug.cgi?id=158008
2115
2116         Reviewed by Darin Adler.
2117
2118         The 2 first parameters to addEventListener() / removeEventListener() should be
2119         mandatory:
2120         - https://dom.spec.whatwg.org/#interface-eventtarget
2121
2122         Firefox 46 and Chrome 50 both match the specification and throw an exception when those
2123         parameters are omitted. However, those parameters were marked as optional in WebKit and
2124         the calls were no-ops if those parameters were omitted. This patch aligns our behavior
2125         with the specification and other browsers.
2126
2127         Test: fast/dom/eventtarget-api-parameters.html
2128
2129         * bindings/scripts/CodeGeneratorJS.pm:
2130         (GetFunctionLength): Deleted.
2131         * dom/EventTarget.idl:
2132
2133 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
2134
2135         Unreviewed, rolling out r203373.
2136
2137         Unaddressed
2138
2139         Reverted changeset:
2140
2141         "Don't associate form-associated elements with forms in other
2142         trees."
2143         https://bugs.webkit.org/show_bug.cgi?id=119451
2144         http://trac.webkit.org/changeset/203373
2145
2146 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
2147
2148         Don't associate form-associated elements with forms in other trees.
2149         https://bugs.webkit.org/show_bug.cgi?id=119451
2150         <rdar://problem/27382946>
2151
2152         Change is based on the Blink change (patch by <adamk@chromium.org>):
2153         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
2154
2155         Reviewed by Zalan Bujtas.
2156
2157         Prevent elements from being associated with forms that are not part of the same home subtree.
2158         This brings us in line with the WhatWG HTML specification as of September, 2013.
2159
2160         Tests: fast/forms/image-disconnected-during-parse.html
2161                fast/forms/input-disconnected-during-parse.html
2162
2163         * dom/NodeTraversal.h:
2164         (WebCore::NodeTraversal::highestAncestorOrSelf): Added.
2165         * html/FormAssociatedElement.cpp:
2166         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
2167         is not part of the same tree, remove the association.
2168         * html/HTMLImageElement.cpp:
2169         (WebCore::HTMLImageElement::insertedInto): Ditto.
2170
2171 2016-07-18  George Ruan  <gruan@apple.com>
2172
2173         Move MediaSampleAVFObjC into its own file
2174         https://bugs.webkit.org/show_bug.cgi?id=159796
2175         <rdar://problem/27362488>
2176
2177         In preparation for a feature that uses MediaSampleAVFObjC, but does
2178         not need SourceBufferPrivateAVFObjC, it is beneficial to move
2179         MediaSampleAVFObjC to its own file.
2180
2181         Reviewed by Eric Carlson.
2182
2183         * WebCore.xcodeproj/project.pbxproj:
2184         * platform/MediaSample.h: Allow setting trackID to associate
2185         MediaSample id with MediaStreamTrackPrivate id.
2186         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Added.
2187         * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm: Moved
2188         from MediaSampleAVFObjC
2189         (WebCore::MediaSampleAVFObjC::presentationTime):
2190         (WebCore::MediaSampleAVFObjC::decodeTime):
2191         (WebCore::MediaSampleAVFObjC::duration):
2192         (WebCore::MediaSampleAVFObjC::sizeInBytes):
2193         (WebCore::MediaSampleAVFObjC::platformSample):
2194         (WebCore::CMSampleBufferIsRandomAccess):
2195         (WebCore::MediaSampleAVFObjC::flags):
2196         (WebCore::MediaSampleAVFObjC::presentationSize):
2197         (WebCore::MediaSampleAVFObjC::dump):
2198         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy):
2199         (WebCore::MediaSampleAVFObjC::setTimestamps):
2200         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
2201         Moved MediaSampleAVFObjC to its own file.
2202         (WebCore::MediaSampleAVFObjC::platformSample): Deleted.
2203         (WebCore::CMSampleBufferIsRandomAccess): Deleted.
2204         (WebCore::MediaSampleAVFObjC::flags): Deleted.
2205         (WebCore::MediaSampleAVFObjC::presentationSize): Deleted.
2206         (WebCore::MediaSampleAVFObjC::dump): Deleted.
2207         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Deleted.
2208         (WebCore::MediaSampleAVFObjC::setTimestamps): Deleted.
2209         * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
2210
2211 2016-07-18  Eric Carlson  <eric.carlson@apple.com>
2212
2213         [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
2214         https://bugs.webkit.org/show_bug.cgi?id=159812
2215         <rdar://problem/27371624>
2216
2217         Reviewed by Jon Lee.
2218
2219         No new tests, it isn't possible to test this with our current testing infrastructure.
2220
2221         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
2222         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
2223         (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
2224         been an HDCP error.
2225         (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.
2226
2227 2016-07-18  Yoav Weiss  <yoav@yoav.ws>
2228
2229         Add preload to features.json
2230         https://bugs.webkit.org/show_bug.cgi?id=159872
2231
2232         Reviewed by Darin Adler.
2233
2234         No new tests but no functional change.
2235
2236         * features.json:
2237
2238 2016-07-18  Youenn Fablet  <youenn@apple.com>
2239
2240         [Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
2241         https://bugs.webkit.org/show_bug.cgi?id=159870
2242
2243         Reviewed by Xabier Rodriguez-Calvar.
2244
2245         Covered by rebased test.
2246
2247         * Modules/streams/StreamInternals.js:
2248         (validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.
2249
2250 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
2251
2252         Windows buildfix after r203338
2253         https://bugs.webkit.org/show_bug.cgi?id=159875
2254
2255         Unreviewed buildfix.
2256
2257         * dom/UserGestureIndicator.h:
2258         (WebCore::UserGestureToken::addDestructionObserver):
2259
2260 2016-07-18  Carlos Garcia Campos  <cgarcia@igalia.com>
2261
2262         MemoryPressureHandler doesn't work if cgroups aren't present in Linux
2263         https://bugs.webkit.org/show_bug.cgi?id=155255
2264
2265         Reviewed by Sergio Villar Senin.
2266
2267         Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
2268         available.
2269
2270         * platform/MemoryPressureHandler.h:
2271         * platform/linux/MemoryPressureHandlerLinux.cpp:
2272
2273 2016-07-17  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
2274
2275         Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
2276         https://bugs.webkit.org/show_bug.cgi?id=159701
2277
2278         Reviewed by Alex Christensen.
2279
2280         No new tests, no behavior changes.
2281
2282         * Modules/encryptedmedia/CDM.h:
2283         * Modules/encryptedmedia/MediaKeySession.h:
2284         * Modules/encryptedmedia/MediaKeys.h:
2285         * Modules/quota/DOMWindowQuota.cpp:
2286         * Modules/quota/StorageErrorCallback.cpp:
2287         (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
2288         * Modules/quota/StorageErrorCallback.h:
2289         * Modules/quota/StorageInfo.h:
2290         * Modules/quota/StorageQuota.h:
2291         * Modules/speech/DOMWindowSpeechSynthesis.cpp:
2292         * Modules/speech/SpeechSynthesis.cpp:
2293         (WebCore::SpeechSynthesis::getVoices):
2294         (WebCore::SpeechSynthesis::startSpeakingImmediately):
2295         (WebCore::SpeechSynthesis::speak):
2296         (WebCore::SpeechSynthesis::cancel):
2297         (WebCore::SpeechSynthesis::handleSpeakingCompleted):
2298         (WebCore::SpeechSynthesis::boundaryEventOccurred):
2299         (WebCore::SpeechSynthesis::didStartSpeaking):
2300         (WebCore::SpeechSynthesis::didPauseSpeaking):
2301         (WebCore::SpeechSynthesis::didResumeSpeaking):
2302         (WebCore::SpeechSynthesis::didFinishSpeaking):
2303         (WebCore::SpeechSynthesis::speakingErrorOccurred):
2304         * Modules/speech/SpeechSynthesis.h:
2305         * Modules/speech/SpeechSynthesisEvent.h:
2306         * Modules/speech/SpeechSynthesisUtterance.h:
2307         * Modules/speech/SpeechSynthesisVoice.cpp:
2308         (WebCore::SpeechSynthesisVoice::create):
2309         (WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):
2310         * Modules/speech/SpeechSynthesisVoice.h:
2311         * platform/PlatformSpeechSynthesizer.h:
2312         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
2313         (WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):
2314         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
2315         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
2316         (WebCore::PlatformSpeechSynthesizerMock::speak):
2317         (WebCore::PlatformSpeechSynthesizerMock::cancel):
2318         (WebCore::PlatformSpeechSynthesizerMock::pause):
2319         (WebCore::PlatformSpeechSynthesizerMock::resume):
2320
2321 2016-07-16  Sam Weinig  <sam@webkit.org>
2322
2323         [WebKit API] Add SPI to track multiple navigations caused by a single user gesture
2324         <rdar://problem/26554137>
2325         https://bugs.webkit.org/show_bug.cgi?id=159856
2326
2327         Reviewed by Dan Bernstein.
2328
2329         - Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
2330         - Makes UserGestureIndicator track UserGestureToken.
2331         - Refines UserGestureIndicator's interface to use Optional and a smaller enum set
2332           to represent the different initial states.
2333         - Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, 
2334           postMessage, and ScheduledNavigation) rather than just a boolean.
2335
2336         * accessibility/AccessibilityNodeObject.cpp:
2337         (WebCore::AccessibilityNodeObject::increment):
2338         (WebCore::AccessibilityNodeObject::decrement):
2339         * accessibility/AccessibilityObject.cpp:
2340         (WebCore::AccessibilityObject::press):
2341         * bindings/js/ScriptController.cpp:
2342         (WebCore::ScriptController::executeScriptInWorld):
2343         (WebCore::ScriptController::executeScript):
2344         Update for new UserGestureIndicator interface.
2345
2346         * dom/UserGestureIndicator.cpp:
2347         (WebCore::currentToken):
2348         (WebCore::UserGestureToken::~UserGestureToken):
2349         (WebCore::UserGestureIndicator::UserGestureIndicator):
2350         (WebCore::UserGestureIndicator::~UserGestureIndicator):
2351         (WebCore::UserGestureIndicator::currentUserGesture):
2352         (WebCore::UserGestureIndicator::processingUserGesture):
2353         (WebCore::UserGestureIndicator::processingUserGestureForMedia):
2354         (WebCore::isDefinite): Deleted.
2355         * dom/UserGestureIndicator.h:
2356         (WebCore::UserGestureToken::create):
2357         (WebCore::UserGestureToken::state):
2358         (WebCore::UserGestureToken::processingUserGesture):
2359         (WebCore::UserGestureToken::processingUserGestureForMedia):
2360         (WebCore::UserGestureToken::addDestructionObserver):
2361         (WebCore::UserGestureToken::UserGestureToken):
2362         Add UserGestureToken and track the current one explicitly.
2363
2364         * html/HTMLMediaElement.cpp:
2365         (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
2366         * inspector/InspectorFrontendClientLocal.cpp:
2367         (WebCore::InspectorFrontendClientLocal::openInNewTab):
2368         * inspector/InspectorFrontendHost.cpp:
2369         * inspector/InspectorPageAgent.cpp:
2370         (WebCore::InspectorPageAgent::navigate):
2371         Update for new UserGestureIndicator interface.
2372
2373         * loader/NavigationAction.cpp:
2374         (WebCore::NavigationAction::NavigationAction):
2375         * loader/NavigationAction.h:
2376         (WebCore::NavigationAction::userGestureToken):
2377         (WebCore::NavigationAction::processingUserGesture):
2378         * loader/NavigationScheduler.cpp:
2379         (WebCore::ScheduledNavigation::ScheduledNavigation):
2380         (WebCore::ScheduledNavigation::~ScheduledNavigation):
2381         (WebCore::ScheduledNavigation::lockBackForwardList):
2382         (WebCore::ScheduledNavigation::wasDuringLoad):
2383         (WebCore::ScheduledNavigation::isLocationChange):
2384         (WebCore::ScheduledNavigation::userGestureToForward):
2385         (WebCore::ScheduledNavigation::clearUserGesture):
2386         (WebCore::NavigationScheduler::mustLockBackForwardList):
2387         (WebCore::NavigationScheduler::scheduleFormSubmission):
2388         (WebCore::ScheduledNavigation::wasUserGesture): Deleted.
2389         * page/DOMTimer.cpp:
2390         (WebCore::shouldForwardUserGesture):
2391         (WebCore::userGestureTokenToForward):
2392         (WebCore::DOMTimer::DOMTimer):
2393         (WebCore::DOMTimer::fired):
2394         * page/DOMTimer.h:
2395         * page/DOMWindow.cpp:
2396         (WebCore::PostMessageTimer::PostMessageTimer):
2397         Store the active UserGestureToken rather than just a bit.
2398
2399         * page/EventHandler.cpp:
2400         (WebCore::EventHandler::handleMousePressEvent):
2401         (WebCore::EventHandler::handleMouseDoubleClickEvent):
2402         (WebCore::EventHandler::handleMouseReleaseEvent):
2403         (WebCore::EventHandler::keyEvent):
2404         (WebCore::EventHandler::handleTouchEvent):
2405         * rendering/HitTestResult.cpp:
2406         (WebCore::HitTestResult::toggleMediaFullscreenState):
2407         (WebCore::HitTestResult::enterFullscreenForVideo):
2408         (WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
2409         Update for new UserGestureIndicator interface.
2410
2411 2016-07-17  Ryosuke Niwa  <rniwa@webkit.org>
2412
2413         Rename fastHasAttribute to hasAttributeWithoutSynchronization
2414         https://bugs.webkit.org/show_bug.cgi?id=159864
2415
2416         Reviewed by Chris Dumez.
2417
2418         Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.
2419
2420         * accessibility/AccessibilityListBoxOption.cpp:
2421         (WebCore::AccessibilityListBoxOption::isEnabled):
2422         * accessibility/AccessibilityObject.cpp:
2423         (WebCore::AccessibilityObject::hasAttribute):
2424         (WebCore::AccessibilityObject::getAttribute):
2425         * accessibility/AccessibilityRenderObject.cpp:
2426         (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
2427         * bindings/scripts/CodeGenerator.pm:
2428         (GetterExpression):
2429         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2430         * bindings/scripts/test/JS/JSTestObj.cpp:
2431         (WebCore::jsTestObjReflectedBooleanAttr):
2432         (WebCore::jsTestObjReflectedCustomBooleanAttr):
2433         * bindings/scripts/test/ObjC/DOMTestObj.mm:
2434         (-[DOMTestObj reflectedBooleanAttr]):
2435         (-[DOMTestObj setReflectedBooleanAttr:]):
2436         (-[DOMTestObj reflectedCustomBooleanAttr]):
2437         (-[DOMTestObj setReflectedCustomBooleanAttr:]):
2438         * dom/Document.cpp:
2439         (WebCore::Document::hasManifest):
2440         (WebCore::Document::doctype):
2441         * dom/Element.h:
2442         (WebCore::Node::parentElement):
2443         (WebCore::Element::hasAttributeWithoutSynchronization):
2444         (WebCore::Element::fastHasAttribute): Deleted.
2445         * editing/ApplyStyleCommand.cpp:
2446         (WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):
2447         * editing/DeleteSelectionCommand.cpp:
2448         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
2449         * editing/markup.cpp:
2450         (WebCore::createMarkupInternal):
2451         * html/ColorInputType.cpp:
2452         (WebCore::ColorInputType::shouldShowSuggestions):
2453         * html/FileInputType.cpp:
2454         (WebCore::FileInputType::handleDOMActivateEvent):
2455         (WebCore::FileInputType::receiveDroppedFiles):
2456         * html/FormAssociatedElement.cpp:
2457         (WebCore::FormAssociatedElement::didMoveToNewDocument):
2458         (WebCore::FormAssociatedElement::insertedInto):
2459         (WebCore::FormAssociatedElement::removedFrom):
2460         (WebCore::FormAssociatedElement::formAttributeChanged):
2461         * html/FormController.cpp:
2462         (WebCore::ownerFormForState):
2463         * html/GenericCachedHTMLCollection.cpp:
2464         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
2465         * html/HTMLAnchorElement.cpp:
2466         (WebCore::HTMLAnchorElement::draggable):
2467         (WebCore::HTMLAnchorElement::href):
2468         (WebCore::HTMLAnchorElement::sendPings):
2469         * html/HTMLAppletElement.cpp:
2470         (WebCore::HTMLAppletElement::rendererIsNeeded):
2471         * html/HTMLElement.cpp:
2472         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
2473         (WebCore::elementAffectsDirectionality):
2474         (WebCore::setHasDirAutoFlagRecursively):
2475         * html/HTMLEmbedElement.cpp:
2476         (WebCore::HTMLEmbedElement::rendererIsNeeded):
2477         * html/HTMLFieldSetElement.cpp:
2478         (WebCore::updateFromControlElementsAncestorDisabledStateUnder):
2479         (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
2480         (WebCore::HTMLFieldSetElement::disabledStateChanged):
2481         (WebCore::HTMLFieldSetElement::childrenChanged):
2482         * html/HTMLFormControlElement.cpp:
2483         (WebCore::HTMLFormControlElement::formNoValidate):
2484         (WebCore::HTMLFormControlElement::formAction):
2485         (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
2486         (WebCore::shouldAutofocus):
2487         * html/HTMLFormElement.cpp:
2488         (WebCore::HTMLFormElement::formElementIndex):
2489         (WebCore::HTMLFormElement::noValidate):
2490         * html/HTMLFrameElement.cpp:
2491         (WebCore::HTMLFrameElement::noResize):
2492         (WebCore::HTMLFrameElement::didAttachRenderers):
2493         * html/HTMLFrameElementBase.cpp:
2494         (WebCore::HTMLFrameElementBase::parseAttribute):
2495         (WebCore::HTMLFrameElementBase::location):
2496         * html/HTMLHRElement.cpp:
2497         (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
2498         * html/HTMLImageElement.cpp:
2499         (WebCore::HTMLImageElement::isServerMap):
2500         * html/HTMLInputElement.cpp:
2501         (WebCore::HTMLInputElement::finishParsingChildren):
2502         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
2503         (WebCore::HTMLInputElement::isActivatedSubmit):
2504         (WebCore::HTMLInputElement::reset):
2505         (WebCore::HTMLInputElement::multiple):
2506         (WebCore::HTMLInputElement::setSize):
2507         (WebCore::HTMLInputElement::shouldUseMediaCapture):
2508         * html/HTMLMarqueeElement.cpp:
2509         (WebCore::HTMLMarqueeElement::minimumDelay):
2510         * html/HTMLMediaElement.cpp:
2511         (WebCore::HTMLMediaElement::insertedInto):
2512         (WebCore::HTMLMediaElement::selectMediaResource):
2513         (WebCore::HTMLMediaElement::loadResource):
2514         (WebCore::HTMLMediaElement::autoplay):
2515         (WebCore::HTMLMediaElement::preload):
2516         (WebCore::HTMLMediaElement::loop):
2517         (WebCore::HTMLMediaElement::setLoop):
2518         (WebCore::HTMLMediaElement::controls):
2519         (WebCore::HTMLMediaElement::setControls):
2520         (WebCore::HTMLMediaElement::muted):
2521         (WebCore::HTMLMediaElement::setMuted):
2522         (WebCore::HTMLMediaElement::selectNextSourceChild):
2523         (WebCore::HTMLMediaElement::sourceWasAdded):
2524         (WebCore::HTMLMediaElement::mediaSessionTitle):
2525         * html/HTMLObjectElement.cpp:
2526         (WebCore::HTMLObjectElement::parseAttribute):
2527         * html/HTMLOptGroupElement.cpp:
2528         (WebCore::HTMLOptGroupElement::isDisabledFormControl):
2529         (WebCore::HTMLOptGroupElement::isFocusable):
2530         * html/HTMLOptionElement.cpp:
2531         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
2532         (WebCore::HTMLOptionElement::text):
2533         * html/HTMLProgressElement.cpp:
2534         (WebCore::HTMLProgressElement::isDeterminate):
2535         (WebCore::HTMLProgressElement::didElementStateChange):
2536         * html/HTMLScriptElement.cpp:
2537         (WebCore::HTMLScriptElement::async):
2538         (WebCore::HTMLScriptElement::setCrossOrigin):
2539         (WebCore::HTMLScriptElement::asyncAttributeValue):
2540         (WebCore::HTMLScriptElement::deferAttributeValue):
2541         (WebCore::HTMLScriptElement::hasSourceAttribute):
2542         (WebCore::HTMLScriptElement::dispatchLoadEvent):
2543         * html/HTMLSelectElement.cpp:
2544         (WebCore::HTMLSelectElement::reset):
2545         * html/HTMLTrackElement.cpp:
2546         (WebCore::HTMLTrackElement::isDefault):
2547         (WebCore::HTMLTrackElement::ensureTrack):
2548         (WebCore::HTMLTrackElement::loadTimerFired):
2549         * html/MediaElementSession.cpp:
2550         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
2551         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
2552         (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading):
2553         * html/SearchInputType.cpp:
2554         (WebCore::SearchInputType::searchEventsShouldBeDispatched):
2555         (WebCore::SearchInputType::didSetValueByUserEdit):
2556         * inspector/InspectorDOMAgent.cpp:
2557         (WebCore::InspectorDOMAgent::buildObjectForNode):
2558         * loader/FrameLoader.cpp:
2559         (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
2560         (WebCore::FrameLoader::findFrameForNavigation):
2561         * loader/ImageLoader.cpp:
2562         (WebCore::ImageLoader::notifyFinished):
2563         * mathml/MathMLSelectElement.cpp:
2564         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2565         * rendering/RenderTableCell.cpp:
2566         (WebCore::RenderTableCell::computePreferredLogicalWidths):
2567         * rendering/RenderThemeIOS.mm:
2568         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
2569         * rendering/SimpleLineLayout.cpp:
2570         (WebCore::SimpleLineLayout::canUseForWithReason):
2571         * rendering/svg/RenderSVGResourceClipper.cpp:
2572         (WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):
2573         * svg/SVGAnimateMotionElement.cpp:
2574         (WebCore::SVGAnimateMotionElement::updateAnimationPath):
2575         * svg/SVGAnimationElement.cpp:
2576         (WebCore::SVGAnimationElement::startedActiveInterval):
2577         (WebCore::SVGAnimationElement::updateAnimation):
2578         * svg/animation/SVGSMILElement.cpp:
2579         (WebCore::SVGSMILElement::insertedInto):
2580
2581 2016-07-17  Brady Eidson  <beidson@apple.com>
2582
2583         Exceptions logged to the JS console should use toString().
2584         https://bugs.webkit.org/show_bug.cgi?id=159855
2585
2586         Reviewed by Darin Adler.
2587
2588         No new tests (No change in behavior).
2589
2590         * bindings/js/JSDOMBinding.cpp:
2591         (WebCore::reportException):
2592
2593         * dom/DOMCoreException.h:
2594         (WebCore::DOMCoreException::DOMCoreException):
2595
2596         * dom/ExceptionBase.cpp:
2597         (WebCore::ExceptionBase::ExceptionBase):
2598         (WebCore::ExceptionBase::toString):
2599         (WebCore::ExceptionBase::consoleErrorMessage): Deleted.
2600         * dom/ExceptionBase.h:
2601         (WebCore::ExceptionBase::description): Deleted.
2602
2603         * svg/SVGException.h:
2604
2605         * xml/XPathException.h:
2606         (WebCore::XPathException::XPathException):
2607
2608 2016-07-17  Brady Eidson  <beidson@apple.com>
2609
2610         Update DOMCoreException to use the description in toString().
2611         https://bugs.webkit.org/show_bug.cgi?id=159857
2612
2613         Reviewed by Darin Adler.
2614
2615         No new tests (Covered by changes to existing tests).
2616
2617         * bindings/js/JSDOMBinding.cpp:
2618         (WebCore::createDOMException):
2619
2620         * dom/DOMCoreException.h:
2621         (WebCore::DOMCoreException::DOMCoreException):
2622         (WebCore::DOMCoreException::createWithDescriptionAsMessage): Deleted.
2623
2624 2016-07-17  Myles C. Maxfield  <mmaxfield@apple.com>
2625
2626         Support new emoji group candidates
2627         https://bugs.webkit.org/show_bug.cgi?id=159755
2628         <rdar://problem/27325521>
2629
2630         Reviewed by Dean Jackson.
2631
2632         There are a few code points which should be able to be joined (with ZWJ) to
2633         either U+2640 or U+2642 to change the gender of the emoji. These patterns
2634         should also work with an additional 0xFE0F variation selector. This patch
2635         adds these new patterns to our existing emoji group candidate infrastructure.
2636
2637         Tests: fast/text/emoji-gender-2-3.html
2638                fast/text/emoji-gender-2-4.html
2639                fast/text/emoji-gender-2-5.html
2640                fast/text/emoji-gender-2-6.html
2641                fast/text/emoji-gender-2-7.html
2642                fast/text/emoji-gender-2-8.html
2643                fast/text/emoji-gender-2-9.html
2644                fast/text/emoji-gender-2.html
2645                fast/text/emoji-gender-3.html
2646                fast/text/emoji-gender-4.html
2647                fast/text/emoji-gender-5.html
2648                fast/text/emoji-gender-6.html
2649                fast/text/emoji-gender-7.html
2650                fast/text/emoji-gender-8.html
2651                fast/text/emoji-gender-9.html
2652                fast/text/emoji-gender-fe0f-3.html
2653                fast/text/emoji-gender-fe0f-4.html
2654                fast/text/emoji-gender-fe0f-5.html
2655                fast/text/emoji-gender-fe0f-6.html
2656                fast/text/emoji-gender-fe0f-7.html
2657                fast/text/emoji-gender-fe0f-8.html
2658                fast/text/emoji-gender-fe0f-9.html
2659                fast/text/emoji-gender.html
2660                fast/text/emoji-num-glyphs.html
2661                fast/text/emoji-single-parent-family-2.html
2662                fast/text/emoji-single-parent-family.html
2663
2664         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
2665         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
2666         * platform/graphics/FontCascade.cpp:
2667         (WebCore::FontCascade::characterRangeCodePath):
2668         * platform/text/CharacterProperties.h:
2669         (WebCore::isEmojiGroupCandidate):
2670
2671 2016-07-16  Brady Eidson  <beidson@apple.com>
2672
2673         Update SVGException to use the description in toString().
2674         https://bugs.webkit.org/show_bug.cgi?id=159847
2675
2676         Reviewed by Darin Adler.
2677
2678         No new tests (Covered by changes to existing tests).
2679
2680         * bindings/js/JSDOMBinding.cpp:
2681         (WebCore::reportException): use consoleErrorMessage for now.
2682
2683         * dom/ExceptionBase.cpp:
2684         (WebCore::ExceptionBase::consoleErrorMessage):
2685         * dom/ExceptionBase.h:
2686
2687         * svg/SVGException.h:
2688
2689 2016-07-16  Chris Dumez  <cdumez@apple.com>
2690
2691         Use fastHasAttribute() when possible
2692         https://bugs.webkit.org/show_bug.cgi?id=159838
2693
2694         Reviewed by Ryosuke Niwa.
2695
2696         Use fastHasAttribute() when possible, for performance.
2697
2698         * editing/DeleteSelectionCommand.cpp:
2699         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
2700         * editing/markup.cpp:
2701         (WebCore::createMarkupInternal):
2702         * html/HTMLAnchorElement.cpp:
2703         (WebCore::HTMLAnchorElement::draggable):
2704         * html/HTMLFrameElementBase.cpp:
2705         (WebCore::HTMLFrameElementBase::parseAttribute):
2706         * mathml/MathMLSelectElement.cpp:
2707         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2708         * rendering/RenderThemeIOS.mm:
2709         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
2710
2711 2016-07-16  Ryosuke Niwa  <rniwa@webkit.org>
2712
2713         Rename fastGetAttribute to attributeWithoutSynchronization
2714         https://bugs.webkit.org/show_bug.cgi?id=159852
2715
2716         Reviewed by Darin Adler.
2717
2718         Renamed fastGetAttribute to attributeWithoutSynchronization for clarity.
2719
2720         * accessibility/AXObjectCache.cpp:
2721         (WebCore::AXObjectCache::findAriaModalNodes):
2722         (WebCore::nodeHasRole):
2723         (WebCore::AXObjectCache::handleLiveRegionCreated):
2724         (WebCore::AXObjectCache::handleMenuItemSelected):
2725         (WebCore::AXObjectCache::handleAriaModalChange):
2726         (WebCore::isNodeAriaVisible):
2727         * accessibility/AccessibilityNodeObject.cpp:
2728         (WebCore::siblingWithAriaRole):
2729         (WebCore::AccessibilityNodeObject::titleElementText):
2730         (WebCore::AccessibilityNodeObject::alternativeTextForWebArea):
2731         (WebCore::AccessibilityNodeObject::hierarchicalLevel):
2732         (WebCore::AccessibilityNodeObject::stringValue):
2733         (WebCore::accessibleNameForNode):
2734         * accessibility/AccessibilityObject.cpp:
2735         (WebCore::AccessibilityObject::contentEditableAttributeIsEnabled):
2736         (WebCore::AccessibilityObject::getAttribute):
2737         * accessibility/AccessibilityRenderObject.cpp:
2738         (WebCore::AccessibilityRenderObject::stringValue):
2739         (WebCore::AccessibilityRenderObject::exposesTitleUIElement):
2740         * accessibility/AccessibilitySVGElement.cpp:
2741         (WebCore::AccessibilitySVGElement::childElementWithMatchingLanguage):
2742         (WebCore::AccessibilitySVGElement::accessibilityDescription):
2743         * bindings/objc/DOM.mm:
2744         (-[DOMHTMLLinkElement _mediaQueryMatches]):
2745         * bindings/scripts/CodeGenerator.pm:
2746         (GetterExpression):
2747         * bindings/scripts/CodeGeneratorObjC.pm:
2748         (GenerateImplementation):
2749         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2750         * bindings/scripts/test/JS/JSTestObj.cpp:
2751         (WebCore::jsTestObjReflectedStringAttr):
2752         * dom/AuthorStyleSheets.cpp:
2753         (WebCore::AuthorStyleSheets::collectActiveStyleSheets):
2754         * dom/Document.cpp:
2755         (WebCore::Document::buildAccessKeyMap):
2756         (WebCore::Document::processBaseElement):
2757         * dom/DocumentOrderedMap.cpp:
2758         (WebCore::DocumentOrderedMap::getElementByLabelForAttribute):
2759         * dom/Element.cpp:
2760         (WebCore::Element::imageSourceURL):
2761         (WebCore::Element::rendererIsNeeded):
2762         (WebCore::Element::insertedInto):
2763         (WebCore::Element::removedFrom):
2764         (WebCore::Element::pseudo):
2765         (WebCore::Element::setPseudo):
2766         (WebCore::Element::spellcheckAttributeState):
2767         (WebCore::Element::canContainRangeEndPoint):
2768         (WebCore::Element::completeURLsInAttributeValue):
2769         * dom/Element.h:
2770         (WebCore::Element::fastHasAttribute):
2771         (WebCore::Element::attributeWithoutSynchronization):
2772         (WebCore::Element::fastGetAttribute): Deleted.
2773         * dom/InlineStyleSheetOwner.cpp:
2774         (WebCore::InlineStyleSheetOwner::createSheet):
2775         * dom/ScriptElement.cpp:
2776         (WebCore::ScriptElement::requestScript):
2777         (WebCore::ScriptElement::executeScript):
2778         * dom/SlotAssignment.cpp:
2779         (WebCore::slotNameFromSlotAttribute):
2780         (WebCore::SlotAssignment::SlotAssignment):
2781         (WebCore::recursivelyFireSlotChangeEvent):
2782         (WebCore::SlotAssignment::didChangeSlot):
2783         (WebCore::SlotAssignment::hostChildElementDidChange):
2784         (WebCore::SlotAssignment::assignedNodesForSlot):
2785         (WebCore::SlotAssignment::resolveAllSlotElements):
2786         * dom/TreeScope.cpp:
2787         (WebCore::TreeScope::labelElementForId):
2788         * dom/VisitedLinkState.cpp:
2789         (WebCore::linkAttribute):
2790         * editing/ApplyStyleCommand.cpp:
2791         (WebCore::isLegacyAppleStyleSpan):
2792         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
2793         * editing/EditingStyle.cpp:
2794         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
2795         * editing/ReplaceSelectionCommand.cpp:
2796         (WebCore::isInterchangeNewlineNode):
2797         (WebCore::isInterchangeConvertedSpaceSpan):
2798         (WebCore::positionAvoidingPrecedingNodes):
2799         (WebCore::isMailPasteAsQuotationNode):
2800         (WebCore::isHeaderElement):
2801         (WebCore::isInlineNodeWithStyle):
2802         * editing/TextIterator.cpp:
2803         (WebCore::isRendererReplacedElement):
2804         * editing/cocoa/DataDetection.mm:
2805         (WebCore::DataDetection::isDataDetectorLink):
2806         (WebCore::DataDetection::requiresExtendedContext):
2807         (WebCore::DataDetection::dataDetectorIdentifier):
2808         (WebCore::DataDetection::shouldCancelDefaultAction):
2809         (WebCore::removeResultLinksFromAnchor):
2810         (WebCore::searchForLinkRemovingExistingDDLinks):
2811         * editing/gtk/EditorGtk.cpp:
2812         (WebCore::elementURL):
2813         * editing/htmlediting.cpp:
2814         (WebCore::isTabSpanNode):
2815         (WebCore::isTabSpanTextNode):
2816         (WebCore::isMailBlockquote):
2817         (WebCore::caretMinOffset):
2818         * editing/markup.cpp:
2819         (WebCore::createFragmentFromMarkup):
2820         * html/Autofill.cpp:
2821         (WebCore::AutofillData::createFromHTMLFormControlElement):
2822         * html/BaseTextInputType.cpp:
2823         (WebCore::BaseTextInputType::patternMismatch):
2824         * html/DateInputType.cpp:
2825         (WebCore::DateInputType::createStepRange):
2826         * html/DateTimeInputType.cpp:
2827         (WebCore::DateTimeInputType::createStepRange):
2828         * html/DateTimeLocalInputType.cpp:
2829         (WebCore::DateTimeLocalInputType::createStepRange):
2830         * html/FormAssociatedElement.cpp:
2831         (WebCore::FormAssociatedElement::findAssociatedForm):
2832         (WebCore::FormAssociatedElement::resetFormAttributeTargetObserver):
2833         (WebCore::FormAssociatedElement::formAttributeTargetChanged):
2834         * html/HTMLAnchorElement.cpp:
2835         (WebCore::HTMLAnchorElement::draggable):
2836         (WebCore::HTMLAnchorElement::href):
2837         (WebCore::HTMLAnchorElement::setHref):
2838         (WebCore::HTMLAnchorElement::target):
2839         (WebCore::HTMLAnchorElement::origin):
2840         (WebCore::HTMLAnchorElement::sendPings):
2841         (WebCore::HTMLAnchorElement::handleClick):
2842         * html/HTMLAnchorElement.h:
2843         (WebCore::HTMLAnchorElement::visitedLinkHash):
2844         * html/HTMLAppletElement.cpp:
2845         (WebCore::HTMLAppletElement::updateWidget):
2846         * html/HTMLAreaElement.cpp:
2847         (WebCore::HTMLAreaElement::target):
2848         * html/HTMLAttachmentElement.cpp:
2849         (WebCore::HTMLAttachmentElement::attachmentTitle):
2850         (WebCore::HTMLAttachmentElement::attachmentType):
2851         * html/HTMLBaseElement.cpp:
2852         (WebCore::HTMLBaseElement::target):
2853         (WebCore::HTMLBaseElement::href):
2854         * html/HTMLBodyElement.cpp:
2855         (WebCore::HTMLBodyElement::addSubresourceAttributeURLs):
2856         * html/HTMLButtonElement.cpp:
2857         (WebCore::HTMLButtonElement::value):
2858         (WebCore::HTMLButtonElement::computeWillValidate):
2859         * html/HTMLCanvasElement.cpp:
2860         (WebCore::HTMLCanvasElement::reset):
2861         * html/HTMLDocument.cpp:
2862         (WebCore::HTMLDocument::bgColor):
2863         (WebCore::HTMLDocument::setBgColor):
2864         (WebCore::HTMLDocument::fgColor):
2865         (WebCore::HTMLDocument::setFgColor):
2866         (WebCore::HTMLDocument::alinkColor):
2867         (WebCore::HTMLDocument::setAlinkColor):
2868         (WebCore::HTMLDocument::linkColor):
2869         (WebCore::HTMLDocument::setLinkColor):
2870         (WebCore::HTMLDocument::vlinkColor):
2871         (WebCore::HTMLDocument::setVlinkColor):
2872         * html/HTMLElement.cpp:
2873         (WebCore::contentEditableType):
2874         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
2875         (WebCore::HTMLElement::dir):
2876         (WebCore::HTMLElement::setDir):
2877         (WebCore::HTMLElement::draggable):
2878         (WebCore::HTMLElement::setDraggable):
2879         (WebCore::HTMLElement::title):
2880         (WebCore::HTMLElement::tabIndex):
2881         (WebCore::HTMLElement::translateAttributeMode):
2882         (WebCore::HTMLElement::hasDirectionAuto):
2883         (WebCore::HTMLElement::directionality):
2884         * html/HTMLEmbedElement.cpp:
2885         (WebCore::HTMLEmbedElement::imageSourceURL):
2886         (WebCore::HTMLEmbedElement::addSubresourceAttributeURLs):
2887         * html/HTMLFormControlElement.cpp:
2888         (WebCore::HTMLFormControlElement::formEnctype):
2889         (WebCore::HTMLFormControlElement::formMethod):
2890         (WebCore::HTMLFormControlElement::formAction):
2891         (WebCore::HTMLFormControlElement::autocorrect):
2892         (WebCore::HTMLFormControlElement::autocapitalizeType):
2893         * html/HTMLFormElement.cpp:
2894         (WebCore::HTMLFormElement::autocorrect):
2895         (WebCore::HTMLFormElement::autocapitalizeType):
2896         (WebCore::HTMLFormElement::autocapitalize):
2897         (WebCore::HTMLFormElement::action):
2898         (WebCore::HTMLFormElement::setAction):
2899         (WebCore::HTMLFormElement::target):
2900         (WebCore::HTMLFormElement::wasUserSubmitted):
2901         (WebCore::HTMLFormElement::shouldAutocomplete):
2902         (WebCore::HTMLFormElement::finishParsingChildren):
2903         (WebCore::HTMLFormElement::autocomplete):
2904         * html/HTMLFrameElementBase.cpp:
2905         (WebCore::HTMLFrameElementBase::location):
2906         (WebCore::HTMLFrameElementBase::setLocation):
2907         * html/HTMLHtmlElement.cpp:
2908         (WebCore::HTMLHtmlElement::insertedByParser):
2909         * html/HTMLImageElement.cpp:
2910         (WebCore::HTMLImageElement::imageSourceURL):
2911         (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
2912         (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
2913         (WebCore::HTMLImageElement::selectImageSource):
2914         (WebCore::HTMLImageElement::altText):
2915         (WebCore::HTMLImageElement::createElementRenderer):
2916         (WebCore::HTMLImageElement::width):
2917         (WebCore::HTMLImageElement::height):
2918         (WebCore::HTMLImageElement::alt):
2919         (WebCore::HTMLImageElement::draggable):
2920         (WebCore::HTMLImageElement::setHeight):
2921         (WebCore::HTMLImageElement::src):
2922         (WebCore::HTMLImageElement::setSrc):
2923         (WebCore::HTMLImageElement::addSubresourceAttributeURLs):
2924         (WebCore::HTMLImageElement::didMoveToNewDocument):
2925         (WebCore::HTMLImageElement::isServerMap):
2926         (WebCore::HTMLImageElement::crossOrigin):
2927         * html/HTMLInputElement.cpp:
2928         (WebCore::HTMLInputElement::updateType):
2929         (WebCore::HTMLInputElement::initializeInputType):
2930         (WebCore::HTMLInputElement::altText):
2931         (WebCore::HTMLInputElement::value):
2932         (WebCore::HTMLInputElement::defaultValue):
2933         (WebCore::HTMLInputElement::setDefaultValue):
2934         (WebCore::HTMLInputElement::acceptMIMETypes):
2935         (WebCore::HTMLInputElement::acceptFileExtensions):
2936         (WebCore::HTMLInputElement::accept):
2937         (WebCore::HTMLInputElement::alt):
2938         (WebCore::HTMLInputElement::effectiveMaxLength):
2939         (WebCore::HTMLInputElement::src):
2940         (WebCore::HTMLInputElement::setAutoFilled):
2941         (WebCore::HTMLInputElement::dataList):
2942         (WebCore::HTMLInputElement::resetListAttributeTargetObserver):
2943         * html/HTMLKeygenElement.cpp:
2944         (WebCore::HTMLKeygenElement::isKeytypeRSA):
2945         (WebCore::HTMLKeygenElement::appendFormData):
2946         * html/HTMLLIElement.cpp:
2947         (WebCore::HTMLLIElement::didAttachRenderers):
2948         (WebCore::HTMLLIElement::parseValue):
2949         * html/HTMLLabelElement.cpp:
2950         (WebCore::HTMLLabelElement::control):
2951         * html/HTMLLinkElement.cpp:
2952         (WebCore::HTMLLinkElement::crossOrigin):
2953         (WebCore::HTMLLinkElement::process):
2954         (WebCore::HTMLLinkElement::href):
2955         (WebCore::HTMLLinkElement::rel):
2956         (WebCore::HTMLLinkElement::target):
2957         (WebCore::HTMLLinkElement::type):
2958         (WebCore::HTMLLinkElement::iconType):
2959         * html/HTMLMarqueeElement.cpp:
2960         (WebCore::HTMLMarqueeElement::scrollAmount):
2961         (WebCore::HTMLMarqueeElement::setScrollAmount):
2962         (WebCore::HTMLMarqueeElement::scrollDelay):
2963         (WebCore::HTMLMarqueeElement::setScrollDelay):
2964         (WebCore::HTMLMarqueeElement::loop):
2965         * html/HTMLMediaElement.cpp:
2966         (WebCore::HTMLMediaElement::insertedInto):
2967         (WebCore::HTMLMediaElement::crossOrigin):
2968         (WebCore::HTMLMediaElement::networkState):
2969         (WebCore::HTMLMediaElement::mediaSessionTitle):
2970         (WebCore::HTMLMediaElement::doesHaveAttribute):
2971         * html/HTMLMetaElement.cpp:
2972         (WebCore::HTMLMetaElement::process):
2973         (WebCore::HTMLMetaElement::content):
2974         (WebCore::HTMLMetaElement::httpEquiv):
2975         (WebCore::HTMLMetaElement::name):
2976         * html/HTMLMeterElement.cpp:
2977         (WebCore::HTMLMeterElement::min):
2978         (WebCore::HTMLMeterElement::setMin):
2979         (WebCore::HTMLMeterElement::max):
2980         (WebCore::HTMLMeterElement::setMax):
2981         (WebCore::HTMLMeterElement::value):
2982         (WebCore::HTMLMeterElement::low):
2983         (WebCore::HTMLMeterElement::high):
2984         (WebCore::HTMLMeterElement::optimum):
2985         * html/HTMLObjectElement.cpp:
2986         (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk):
2987         (WebCore::HTMLObjectElement::hasValidClassId):
2988         (WebCore::HTMLObjectElement::imageSourceURL):
2989         (WebCore::HTMLObjectElement::renderFallbackContent):
2990         (WebCore::HTMLObjectElement::containsJavaApplet):
2991         (WebCore::HTMLObjectElement::addSubresourceAttributeURLs):
2992         * html/HTMLOptGroupElement.cpp:
2993         (WebCore::HTMLOptGroupElement::groupLabelText):
2994         * html/HTMLOptionElement.cpp:
2995         (WebCore::HTMLOptionElement::value):
2996         (WebCore::HTMLOptionElement::label):
2997         * html/HTMLParamElement.cpp:
2998         (WebCore::HTMLParamElement::value):
2999         (WebCore::HTMLParamElement::isURLParameter):
3000         * html/HTMLProgressElement.cpp:
3001         (WebCore::HTMLProgressElement::value):
3002         (WebCore::HTMLProgressElement::max):
3003         * html/HTMLScriptElement.cpp:
3004         (WebCore::HTMLScriptElement::crossOrigin):
3005         (WebCore::HTMLScriptElement::src):
3006         (WebCore::HTMLScriptElement::sourceAttributeValue):
3007         (WebCore::HTMLScriptElement::charsetAttributeValue):
3008         (WebCore::HTMLScriptElement::typeAttributeValue):
3009         (WebCore::HTMLScriptElement::languageAttributeValue):
3010         (WebCore::HTMLScriptElement::forAttributeValue):
3011         (WebCore::HTMLScriptElement::eventAttributeValue):
3012         (WebCore::HTMLScriptElement::asyncAttributeValue):
3013         * html/HTMLSlotElement.cpp:
3014         (WebCore::HTMLSlotElement::insertedInto):
3015         (WebCore::HTMLSlotElement::removedFrom):
3016         * html/HTMLSourceElement.cpp:
3017         (WebCore::HTMLSourceElement::media):
3018         (WebCore::HTMLSourceElement::setMedia):
3019         (WebCore::HTMLSourceElement::type):
3020         (WebCore::HTMLSourceElement::setType):
3021         * html/HTMLTableCellElement.cpp:
3022         (WebCore::HTMLTableCellElement::colSpanForBindings):
3023         (WebCore::HTMLTableCellElement::rowSpan):
3024         (WebCore::HTMLTableCellElement::rowSpanForBindings):
3025         (WebCore::HTMLTableCellElement::cellIndex):
3026         (WebCore::HTMLTableCellElement::abbr):
3027         (WebCore::HTMLTableCellElement::axis):
3028         (WebCore::HTMLTableCellElement::setColSpanForBindings):
3029         (WebCore::HTMLTableCellElement::headers):
3030         (WebCore::HTMLTableCellElement::setRowSpanForBindings):
3031         (WebCore::HTMLTableCellElement::scope):
3032         (WebCore::HTMLTableCellElement::addSubresourceAttributeURLs):
3033         (WebCore::HTMLTableCellElement::cellAbove):
3034         * html/HTMLTableColElement.cpp:
3035         (WebCore::HTMLTableColElement::width):
3036         * html/HTMLTableElement.cpp:
3037         (WebCore::HTMLTableElement::rules):
3038         (WebCore::HTMLTableElement::summary):
3039         (WebCore::HTMLTableElement::addSubresourceAttributeURLs):
3040         * html/HTMLTableSectionElement.cpp:
3041         (WebCore::HTMLTableSectionElement::align):
3042         (WebCore::HTMLTableSectionElement::setAlign):
3043         (WebCore::HTMLTableSectionElement::ch):
3044         (WebCore::HTMLTableSectionElement::setCh):
3045         (WebCore::HTMLTableSectionElement::chOff):
3046         (WebCore::HTMLTableSectionElement::setChOff):
3047         (WebCore::HTMLTableSectionElement::vAlign):
3048         (WebCore::HTMLTableSectionElement::setVAlign):
3049         * html/HTMLTextAreaElement.cpp:
3050         (WebCore::HTMLTextAreaElement::appendFormData):
3051         * html/HTMLTextFormControlElement.cpp:
3052         (WebCore::HTMLTextFormControlElement::strippedPlaceholder):
3053         (WebCore::HTMLTextFormControlElement::isPlaceholderEmpty):
3054         (WebCore::HTMLTextFormControlElement::directionForFormData):
3055         * html/HTMLTrackElement.cpp:
3056         (WebCore::HTMLTrackElement::srclang):
3057         (WebCore::HTMLTrackElement::label):
3058         (WebCore::HTMLTrackElement::isDefault):
3059         (WebCore::HTMLTrackElement::ensureTrack):
3060         (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
3061         * html/HTMLVideoElement.cpp:
3062         (WebCore::HTMLVideoElement::parseAttribute):
3063         (WebCore::HTMLVideoElement::imageSourceURL):
3064         * html/ImageInputType.cpp:
3065         (WebCore::ImageInputType::height):
3066         (WebCore::ImageInputType::width):
3067         * html/InputType.cpp:
3068         (WebCore::InputType::applyStep):
3069         * html/MediaElementSession.cpp:
3070         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
3071         * html/MonthInputType.cpp:
3072         (WebCore::MonthInputType::createStepRange):
3073         * html/NumberInputType.cpp:
3074         (WebCore::NumberInputType::createStepRange):
3075         (WebCore::NumberInputType::sizeShouldIncludeDecoration):
3076         * html/RangeInputType.cpp:
3077         (WebCore::RangeInputType::createStepRange):
3078         (WebCore::RangeInputType::handleKeydownEvent):
3079         * html/TextFieldInputType.cpp:
3080         (WebCore::TextFieldInputType::appendFormData):
3081         (WebCore::TextFieldInputType::updateAutoFillButton):
3082         * html/TimeInputType.cpp:
3083         (WebCore::TimeInputType::createStepRange):
3084         * html/ValidationMessage.cpp:
3085         (WebCore::ValidationMessage::updateValidationMessage):
3086         * html/WeekInputType.cpp:
3087         (WebCore::WeekInputType::createStepRange):
3088         * html/track/WebVTTElement.cpp:
3089         (WebCore::WebVTTElement::createEquivalentHTMLElement):
3090         * inspector/InspectorPageAgent.cpp:
3091         (WebCore::InspectorPageAgent::buildObjectForFrame):
3092         * loader/FormSubmission.cpp:
3093         (WebCore::FormSubmission::create):
3094         * loader/FrameLoader.cpp:
3095         (WebCore::FrameLoader::defaultSubstituteDataForURL):
3096         * loader/ImageLoader.cpp:
3097         (WebCore::ImageLoader::updateFromElement):
3098         * loader/SubframeLoader.cpp:
3099         (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy):
3100         * mathml/MathMLElement.cpp:
3101         (WebCore::MathMLElement::colSpan):
3102         (WebCore::MathMLElement::rowSpan):
3103         (WebCore::MathMLElement::childShouldCreateRenderer):
3104         (WebCore::MathMLElement::defaultEventHandler):
3105         (WebCore::MathMLElement::cachedMathMLLength):
3106         * mathml/MathMLFractionElement.cpp:
3107         (WebCore::MathMLFractionElement::lineThickness):
3108         (WebCore::MathMLFractionElement::cachedFractionAlignment):
3109         * mathml/MathMLSelectElement.cpp:
3110         (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
3111         (WebCore::MathMLSelectElement::getSelectedActionChild):
3112         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
3113         (WebCore::MathMLSelectElement::defaultEventHandler):
3114         (WebCore::MathMLSelectElement::willRespondToMouseClickEvents):
3115         (WebCore::MathMLSelectElement::toggle):
3116         * page/EventHandler.cpp:
3117         (WebCore::findDropZone):
3118         * page/Frame.cpp:
3119         (WebCore::Frame::matchLabelsAgainstElement):
3120         * page/PageSerializer.cpp:
3121         (WebCore::PageSerializer::serializeFrame):
3122         * platform/win/PasteboardWin.cpp:
3123         (WebCore::Pasteboard::writeImageToDataObject):
3124         * rendering/HitTestResult.cpp:
3125         (WebCore::HitTestResult::altDisplayString):
3126         * rendering/RenderDetailsMarker.cpp:
3127         (WebCore::RenderDetailsMarker::isOpen):
3128         * rendering/RenderImage.cpp:
3129         (WebCore::RenderImage::imageMap):
3130         (WebCore::RenderImage::nodeAtPoint):
3131         * rendering/RenderMenuList.cpp:
3132         (RenderMenuList::itemAccessibilityText):
3133         (RenderMenuList::itemToolTip):
3134         * rendering/RenderSearchField.cpp:
3135         (WebCore::RenderSearchField::autosaveName):
3136         * rendering/RenderThemeIOS.mm:
3137         (WebCore::getAttachmentProgress):
3138         (WebCore::AttachmentInfo::AttachmentInfo):
3139         * rendering/RenderThemeMac.mm:
3140         (WebCore::AttachmentLayout::layOutSubtitle):
3141         (WebCore::RenderThemeMac::paintAttachment):
3142         * rendering/mathml/MathMLStyle.cpp:
3143         (WebCore::MathMLStyle::resolveMathMLStyle):
3144         * rendering/mathml/RenderMathMLFenced.cpp:
3145         (WebCore::RenderMathMLFenced::updateFromElement):
3146         * rendering/mathml/RenderMathMLOperator.cpp:
3147         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
3148         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttributeValue):
3149         (WebCore::RenderMathMLOperator::setOperatorProperties):
3150         * rendering/mathml/RenderMathMLScripts.cpp:
3151         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
3152         * rendering/mathml/RenderMathMLUnderOver.cpp:
3153         (WebCore::RenderMathMLUnderOver::hasAccent):
3154         * style/StyleSharingResolver.cpp:
3155         (WebCore::Style::SharingResolver::canShareStyleWithElement):
3156         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
3157         * svg/SVGAElement.cpp:
3158         (WebCore::SVGAElement::title):
3159         (WebCore::SVGAElement::defaultEventHandler):
3160         * svg/SVGAltGlyphElement.cpp:
3161         (WebCore::SVGAltGlyphElement::glyphRef):
3162         (WebCore::SVGAltGlyphElement::setFormat):
3163         (WebCore::SVGAltGlyphElement::format):
3164         (WebCore::SVGAltGlyphElement::childShouldCreateRenderer):
3165         * svg/SVGAnimationElement.cpp:
3166         (WebCore::SVGAnimationElement::toValue):
3167         (WebCore::SVGAnimationElement::byValue):
3168         (WebCore::SVGAnimationElement::fromValue):
3169         (WebCore::SVGAnimationElement::isAdditive):
3170         (WebCore::SVGAnimationElement::isAccumulated):
3171         * svg/SVGElement.cpp:
3172         (WebCore::SVGElement::xmlbase):
3173         (WebCore::SVGElement::setXmlbase):
3174         * svg/SVGFontFaceElement.cpp:
3175         (WebCore::SVGFontFaceElement::unitsPerEm):
3176         (WebCore::SVGFontFaceElement::xHeight):
3177         (WebCore::SVGFontFaceElement::capHeight):
3178         (WebCore::SVGFontFaceElement::horizontalOriginX):
3179         (WebCore::SVGFontFaceElement::horizontalOriginY):
3180         (WebCore::SVGFontFaceElement::horizontalAdvanceX):
3181         (WebCore::SVGFontFaceElement::verticalOriginX):
3182         (WebCore::SVGFontFaceElement::verticalOriginY):
3183         (WebCore::SVGFontFaceElement::verticalAdvanceY):
3184         (WebCore::SVGFontFaceElement::ascent):
3185         (WebCore::SVGFontFaceElement::descent):
3186         * svg/SVGFontFaceNameElement.cpp:
3187         (WebCore::SVGFontFaceNameElement::srcValue):
3188         * svg/SVGFontFaceUriElement.cpp:
3189         (WebCore::SVGFontFaceUriElement::srcValue):
3190         * svg/SVGGlyphRefElement.cpp:
3191         (WebCore::SVGGlyphRefElement::glyphRef):
3192         (WebCore::SVGGlyphRefElement::setGlyphRef):
3193         * svg/SVGHKernElement.cpp:
3194         (WebCore::SVGHKernElement::buildHorizontalKerningPair):
3195         * svg/SVGSVGElement.cpp:
3196         (WebCore::SVGSVGElement::contentScriptType):
3197         (WebCore::SVGSVGElement::contentStyleType):
3198         * svg/SVGStyleElement.cpp:
3199         (WebCore::SVGStyleElement::media):
3200         (WebCore::SVGStyleElement::title):
3201         (WebCore::SVGStyleElement::setTitle):
3202         * svg/SVGToOTFFontConversion.cpp:
3203         (WebCore::SVGToOTFFontConverter::appendOS2Table):
3204         (WebCore::SVGToOTFFontConverter::appendCFFTable):
3205         (WebCore::SVGToOTFFontConverter::appendArabicReplacementSubtable):
3206         (WebCore::SVGToOTFFontConverter::appendVORGTable):
3207         (WebCore::SVGToOTFFontConverter::transcodeGlyphPaths):
3208         (WebCore::SVGToOTFFontConverter::processGlyphElement):
3209         (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically):
3210         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
3211         * svg/SVGVKernElement.cpp:
3212         (WebCore::SVGVKernElement::buildVerticalKerningPair):
3213         * svg/animation/SVGSMILElement.cpp:
3214         (WebCore::SVGSMILElement::insertedInto):
3215         (WebCore::SVGSMILElement::parseAttribute):
3216         (WebCore::SVGSMILElement::svgAttributeChanged):
3217         (WebCore::SVGSMILElement::restart):
3218         (WebCore::SVGSMILElement::fill):
3219         (WebCore::SVGSMILElement::dur):
3220         (WebCore::SVGSMILElement::repeatDur):
3221         (WebCore::SVGSMILElement::repeatCount):
3222         (WebCore::SVGSMILElement::maxValue):
3223         (WebCore::SVGSMILElement::minValue):
3224
3225 2016-07-16  Carlos Garcia Campos  <cgarcia@igalia.com>
3226
3227         ASSERTION FAILED: isMainThread() in ~UniqueIDBDatabase() since r201997
3228         https://bugs.webkit.org/show_bug.cgi?id=159809
3229
3230         Reviewed by Brady Eidson.
3231
3232         In r201997 the UniqueIDBDatabase was protected in executeNextDatabaseTask() because the last reference could be
3233         removed while the task is performed. However UniqueIDBDatabase is expected to be deleted in the main thread, and
3234         the destructor asserts when not called in the main thread, but executeNextDatabaseTask() is always called on a
3235         secondary thread. So, if the protector contains the last reference, the object is deleted in the secondary thread.
3236
3237         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
3238         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask): Use callOnMainThread to ensure the object is
3239         deleted in the main thread in case the protector contains the last reference.
3240
3241 2016-07-15  Chris Dumez  <cdumez@apple.com>
3242
3243         Use emptyString() / nullAtom when possible
3244         https://bugs.webkit.org/show_bug.cgi?id=159850
3245
3246         Reviewed by Ryosuke Niwa.
3247
3248         Use emptyString() / nullAtom when possible, for performance.
3249
3250         * Modules/webaudio/AudioNode.cpp:
3251         (WebCore::AudioNode::channelCountMode):
3252         (WebCore::AudioNode::channelInterpretation):
3253         * Modules/webdatabase/DatabaseTracker.cpp:
3254         (WebCore::DatabaseTracker::tracker):
3255         * Modules/websockets/WebSocket.cpp:
3256         (WebCore::WebSocket::WebSocket):
3257         (WebCore::WebSocket::didConnect):
3258         * Modules/websockets/WebSocketChannel.cpp:
3259         (WebCore::WebSocketChannel::subprotocol):
3260         (WebCore::WebSocketChannel::extensions):
3261         * accessibility/AccessibilityObject.cpp:
3262         (WebCore::AccessibilityObject::supportsPressAction):
3263         * accessibility/mac/AXObjectCacheMac.mm:
3264         (WebCore::AXObjectCache::postTextStateChangePlatformNotification):
3265         * css/CSSPropertySourceData.cpp:
3266         (WebCore::CSSPropertySourceData::CSSPropertySourceData):
3267         * css/PageRuleCollector.cpp:
3268         (WebCore::PageRuleCollector::pageName):
3269         * css/PropertySetCSSStyleDeclaration.cpp:
3270         (WebCore::PropertySetCSSStyleDeclaration::getPropertyPriority):
3271         * dom/DocumentMarkerController.cpp:
3272         (WebCore::DocumentMarkerController::addDictationPhraseWithAlternativesMarker):
3273         * dom/Element.cpp:
3274         (WebCore::Element::setPrefix):
3275         * editing/AlternativeTextController.cpp:
3276         (WebCore::AlternativeTextController::respondToMarkerAtEndOfWord):
3277         (WebCore::AlternativeTextController::markerDescriptionForAppliedAlternativeText):
3278         * editing/CompositeEditCommand.cpp:
3279         (WebCore::CompositeEditCommand::removeNodeAttribute):
3280         (WebCore::CompositeEditCommand::moveParagraphs):
3281         * editing/InsertTextCommand.cpp:
3282         (WebCore::InsertTextCommand::positionInsideTextNode):
3283         * editing/TextCheckingHelper.cpp:
3284         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
3285         * editing/TypingCommand.cpp:
3286         (WebCore::TypingCommand::deleteSelection):
3287         (WebCore::TypingCommand::deleteKeyPressed):
3288         (WebCore::TypingCommand::forwardDeleteKeyPressed):
3289         (WebCore::TypingCommand::insertLineBreak):
3290         (WebCore::TypingCommand::insertParagraphSeparator):
3291         * editing/cocoa/EditorCocoa.mm:
3292         (WebCore::Editor::styleForSelectionStart):
3293         * editing/mac/EditorMac.mm:
3294         (WebCore::Editor::stringSelectionForPasteboard):
3295         (WebCore::Editor::stringSelectionForPasteboardWithImageAltText):
3296         * fileapi/FileReaderLoader.cpp:
3297         (WebCore::FileReaderLoader::FileReaderLoader):
3298         * html/FileInputType.cpp:
3299         (WebCore::FileInputType::appendFormData):
3300         * html/HTMLMediaElement.cpp:
3301         (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
3302         * html/HTMLOutputElement.cpp:
3303         (WebCore::HTMLOutputElement::HTMLOutputElement):
3304         * html/SearchInputType.cpp:
3305         (WebCore::SearchInputType::handleKeydownEvent):
3306         * html/TextFieldInputType.cpp:
3307         (WebCore::autoFillButtonTypeToAccessibilityLabel):
3308         * html/canvas/WebGLDebugShaders.cpp:
3309         (WebCore::WebGLDebugShaders::getTranslatedShaderSource):
3310         * html/canvas/WebGLRenderingContextBase.cpp:
3311         (WebCore::WebGLRenderingContextBase::dispatchContextLostEvent):
3312         (WebCore::WebGLRenderingContextBase::maybeRestoreContext):
3313         * html/canvas/WebGLShader.cpp:
3314         (WebCore::WebGLShader::WebGLShader):
3315         * html/shadow/MediaControlElements.cpp:
3316         (WebCore::MediaControlStatusDisplayElement::update):
3317         * html/track/TextTrack.cpp:
3318         (WebCore::TextTrack::captionMenuOffItem):
3319         (WebCore::TextTrack::captionMenuAutomaticItem):
3320         * html/track/VTTRegion.cpp:
3321         (WebCore::VTTRegion::scroll):
3322         * html/track/VTTRegion.h:
3323         * inspector/InspectorDOMAgent.cpp:
3324         (WebCore::InspectorDOMAgent::toErrorString):
3325         (WebCore::InspectorDOMAgent::resolveNode):
3326         (WebCore::InspectorDOMAgent::documentURLString):
3327         (WebCore::documentBaseURLString):
3328         * inspector/InspectorDOMDebuggerAgent.cpp:
3329         (WebCore::domTypeName):
3330         * inspector/InspectorFrontendHost.cpp:
3331         (WebCore::InspectorFrontendHost::localizedStringsURL):
3332         * inspector/InspectorHistory.cpp:
3333         (WebCore::InspectorHistory::Action::mergeId):
3334         * inspector/InspectorPageAgent.cpp:
3335         (WebCore::InspectorPageAgent::reload):
3336         (WebCore::InspectorPageAgent::frameId):
3337         (WebCore::InspectorPageAgent::loaderId):
3338         * inspector/InspectorStyleSheet.cpp:
3339         (WebCore::InspectorStyleSheet::ruleSelector):
3340         * loader/EmptyClients.h:
3341         * loader/FrameLoader.cpp:
3342         (WebCore::FrameLoader::referrer):
3343         * loader/ImageLoader.cpp:
3344         (WebCore::ImageLoader::clearFailedLoadURL):
3345         * loader/ResourceLoader.cpp:
3346         (WebCore::ResourceLoader::didReceiveResponse):
3347         * page/ContextMenuController.cpp:
3348         (WebCore::ContextMenuController::contextMenuItemSelected):
3349         * page/FrameTree.cpp:
3350         (WebCore::FrameTree::setName):
3351         (WebCore::FrameTree::clearName):
3352         * page/Location.cpp:
3353         (WebCore::Location::port):
3354         * platform/network/ProtectionSpaceBase.cpp:
3355         (WebCore::ProtectionSpaceBase::ProtectionSpaceBase):
3356         * xml/parser/XMLDocumentParserLibxml2.cpp:
3357         (WebCore::handleElementAttributes):
3358
3359 2016-07-15  Simon Fraser  <simon.fraser@apple.com>
3360
3361         Repaints rects drawn incorrectly when inspecting a WebView on a Retina display
3362         https://bugs.webkit.org/show_bug.cgi?id=159824
3363         rdar://problem/27376305
3364
3365         Reviewed by Brian Burg.
3366
3367         InspectorOverlayPage.js set up the canvases with a deviceScaleFactor passed into
3368         reset(), which comes from the overlay's m_page.deviceScaleFactor(). However, updatePaintRects()
3369         used window.devicePixelRatio which was always 1.
3370
3371         Fix by setting the deviceScaleFactor on the m_overlayPage.
3372
3373         * inspector/InspectorOverlay.cpp:
3374         (WebCore::InspectorOverlay::overlayPage):
3375
3376 2016-07-15  Myles C. Maxfield  <mmaxfield@apple.com>
3377
3378         [macOS] Work around crash in [NSAttributedString nextWordFromIndex:forward:]
3379         https://bugs.webkit.org/show_bug.cgi?id=159842
3380
3381         Reviewed by Jon Lee.
3382
3383         <rdar://problem/27380532> describes a crash inside [NSAttributedString nextWordFromIndex:forward:].
3384         This must be worked around for https://bugs.webkit.org/show_bug.cgi?id=159755 and
3385         <rdar://problem/27325521>.
3386
3387         * platform/text/mac/TextBoundaries.mm:
3388         (WebCore::findNextWordFromIndex):
3389
3390 2016-07-15  Brady Eidson  <beidson@apple.com>
3391
3392         Update XPathException to use the description in toString().
3393         https://bugs.webkit.org/show_bug.cgi?id=159848
3394
3395         Reviewed by Alex Christensen.
3396
3397         No new tests (Covered by changes to existing tests).
3398
3399         * bindings/js/JSDOMBinding.cpp:
3400         (WebCore::createDOMException):
3401         * xml/XPathException.h:
3402         (WebCore::XPathException::XPathException):
3403
3404 2016-07-15  Brady Eidson  <beidson@apple.com>
3405
3406         Change toString() behavior for exceptions constructed with "createWithDescriptionAsMessage".
3407         https://bugs.webkit.org/show_bug.cgi?id=159839
3408
3409         Reviewed by Alex Christensen.
3410
3411         No new tests (Covered by changes to existing tests).
3412
3413         This is the first step towards extended exception messages for all exception types.
3414
3415         * dom/ExceptionBase.cpp:
3416         (WebCore::ExceptionBase::ExceptionBase):
3417         (WebCore::ExceptionBase::toString):
3418         * dom/ExceptionBase.h:
3419
3420 2016-07-15  Geoffrey Garen  <ggaren@apple.com>
3421
3422         Added a makeRef<T> helper
3423         https://bugs.webkit.org/show_bug.cgi?id=159835
3424
3425         Reviewed by Andreas Kling.
3426
3427         Anders told me to!
3428
3429         * Modules/indexeddb/IDBTransaction.cpp:
3430         (WebCore::IDBTransaction::putOrAddOnServer):
3431         * Modules/indexeddb/shared/InProcessIDBServer.cpp:
3432         (WebCore::InProcessIDBServer::deleteDatabase):
3433         (WebCore::InProcessIDBServer::didDeleteDatabase):
3434         (WebCore::InProcessIDBServer::openDatabase):
3435         (WebCore::InProcessIDBServer::didOpenDatabase):
3436         (WebCore::InProcessIDBServer::didAbortTransaction):
3437         (WebCore::InProcessIDBServer::didCommitTransaction):
3438         (WebCore::InProcessIDBServer::didCreateObjectStore):
3439         (WebCore::InProcessIDBServer::didDeleteObjectStore):
3440         (WebCore::InProcessIDBServer::didClearObjectStore):
3441         (WebCore::InProcessIDBServer::didCreateIndex):
3442         (WebCore::InProcessIDBServer::didDeleteIndex):
3443         (WebCore::InProcessIDBServer::didPutOrAdd):
3444         (WebCore::InProcessIDBServer::didGetRecord):
3445         (WebCore::InProcessIDBServer::didGetCount):
3446         (WebCore::InProcessIDBServer::didDeleteRecord):
3447         (WebCore::InProcessIDBServer::didOpenCursor):
3448         (WebCore::InProcessIDBServer::didIterateCursor):
3449         (WebCore::InProcessIDBServer::abortTransaction):
3450         (WebCore::InProcessIDBServer::commitTransaction):
3451         (WebCore::InProcessIDBServer::didFinishHandlingVersionChangeTransaction):
3452         (WebCore::InProcessIDBServer::createObjectStore):
3453         (WebCore::InProcessIDBServer::deleteObjectStore):
3454         (WebCore::InProcessIDBServer::clearObjectStore):
3455         (WebCore::InProcessIDBServer::createIndex):
3456         (WebCore::InProcessIDBServer::deleteIndex):
3457         (WebCore::InProcessIDBServer::putOrAdd):
3458         (WebCore::InProcessIDBServer::getRecord):
3459         (WebCore::InProcessIDBServer::getCount):
3460         (WebCore::InProcessIDBServer::deleteRecord):
3461         (WebCore::InProcessIDBServer::openCursor):
3462         (WebCore::InProcessIDBServer::iterateCursor):
3463         (WebCore::InProcessIDBServer::establishTransaction):
3464         (WebCore::InProcessIDBServer::fireVersionChangeEvent):
3465         (WebCore::InProcessIDBServer::didStartTransaction):
3466         (WebCore::InProcessIDBServer::didCloseFromServer):
3467         (WebCore::InProcessIDBServer::notifyOpenDBRequestBlocked):
3468         (WebCore::InProcessIDBServer::databaseConnectionClosed):
3469         (WebCore::InProcessIDBServer::abortOpenAndUpgradeNeeded):
3470         (WebCore::InProcessIDBServer::didFireVersionChangeEvent):
3471         (WebCore::InProcessIDBServer::openDBRequestCancelled):
3472         (WebCore::InProcessIDBServer::confirmDidCloseFromServer):
3473         (WebCore::InProcessIDBServer::getAllDatabaseNames):
3474         (WebCore::InProcessIDBServer::didGetAllDatabaseNames):
3475         * Modules/mediastream/MediaDevicesRequest.cpp:
3476         (WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest):
3477         * Modules/mediastream/UserMediaRequest.cpp:
3478         (WebCore::UserMediaRequest::constraintsValidated):
3479         (WebCore::UserMediaRequest::userMediaAccessGranted):
3480         * Modules/webaudio/AudioContext.cpp:
3481         (WebCore::AudioContext::scheduleNodeDeletion):
3482         (WebCore::AudioContext::isPlayingAudioDidChange):
3483         (WebCore::AudioContext::suspend):
3484         (WebCore::AudioContext::resume):
3485         (WebCore::AudioContext::close):
3486         (WebCore::AudioContext::suspendPlayback):
3487         (WebCore::AudioContext::mayResumePlayback):
3488         * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
3489         (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
3490         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
3491         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
3492         (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
3493         (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
3494         (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
3495         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
3496         (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
3497         * Modules/websockets/WebSocket.cpp:
3498         (WebCore::WebSocket::connect):
3499         * bindings/js/JSEventListener.h:
3500         (WebCore::JSEventListener::jsFunction):
3501         * dom/Node.cpp:
3502         (WebCore::Node::setTextContent):
3503         * html/HTMLMediaElement.cpp:
3504         (WebCore::HTMLMediaElement::layoutSizeChanged):
3505         * inspector/CommandLineAPIHost.cpp:
3506         (WebCore::CommandLineAPIHost::wrapper):
3507         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
3508         (WebCore::AudioSourceProviderAVFObjC::prepare):
3509         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
3510         (WebCore::WebCoreAVCFResourceLoader::invalidate):
3511         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
3512         (WebCore::WebCoreAVFResourceLoader::invalidate):
3513         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
3514         (WebVideoFullscreenControllerContext::setExternalPlayback):
3515         * platform/network/BlobResourceHandle.cpp:
3516         (WebCore::BlobResourceHandle::start):
3517         (WebCore::BlobResourceHandle::notifyFinish):
3518         * platform/network/SocketStreamHandleBase.cpp:
3519         (WebCore::SocketStreamHandleBase::disconnect):
3520         * platform/network/curl/CurlDownload.cpp:
3521         (WebCore::CurlDownload::didReceiveHeader):
3522
3523 2016-07-15  Chris Dumez  <cdumez@apple.com>
3524
3525         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible
3526         https://bugs.webkit.org/show_bug.cgi?id=159793
3527
3528         Reviewed by Ryosuke Niwa.
3529
3530         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible, for performance.
3531
3532         * Modules/plugins/YouTubePluginReplacement.cpp:
3533         (WebCore::YouTubePluginReplacement::installReplacement):
3534         * dom/Element.h:
3535         (WebCore::Element::setIdAttribute):
3536         * editing/ApplyStyleCommand.cpp:
3537         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
3538         (WebCore::createFontElement):
3539         (WebCore::ApplyStyleCommand::applyInlineStyleChange):
3540         * editing/EditingStyle.cpp:
3541         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
3542         * editing/Editor.cpp:
3543         (WebCore::Editor::setBaseWritingDirection):
3544         * editing/ReplaceSelectionCommand.cpp:
3545         (WebCore::isMailPasteAsQuotationNode):
3546         (WebCore::isInlineNodeWithStyle):
3547         * editing/cocoa/DataDetection.mm:
3548         (WebCore::DataDetection::detectContentInRange):
3549         * editing/htmlediting.cpp:
3550         (WebCore::createTabSpanElement):
3551         * editing/ios/EditorIOS.mm:
3552         (WebCore::Editor::setTextAlignmentForChangedBaseWritingDirection):
3553         (WebCore::Editor::WebContentReader::readURL):
3554         * editing/mac/EditorMac.mm:
3555         (WebCore::Editor::WebContentReader::readURL):
3556         * editing/markup.cpp:
3557         (WebCore::createFragmentFromText):
3558         * html/BaseButtonInputType.cpp:
3559         (WebCore::BaseButtonInputType::setValue):
3560         * html/BaseCheckableInputType.cpp:
3561         (WebCore::BaseCheckableInputType::setValue):
3562         * html/FTPDirectoryDocument.cpp:
3563         (WebCore::FTPDirectoryDocumentParser::appendEntry):
3564         (WebCore::FTPDirectoryDocumentParser::createTDForFilename):
3565         (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
3566         (WebCore::FTPDirectoryDocumentParser::createBasicDocument):
3567         * html/HTMLAnchorElement.cpp:
3568         (WebCore::HTMLAnchorElement::href):
3569         (WebCore::HTMLAnchorElement::setHref):
3570         (WebCore::HTMLAnchorElement::target):
3571         * html/HTMLAreaElement.cpp:
3572         (WebCore::HTMLAreaElement::target):
3573         * html/HTMLBaseElement.cpp:
3574         (WebCore::HTMLBaseElement::setHref):
3575         * html/HTMLButtonElement.cpp:
3576         (WebCore::HTMLButtonElement::setType):
3577         * html/HTMLDetailsElement.cpp:
3578         (WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot):
3579         (WebCore::HTMLDetailsElement::toggleOpen):
3580         * html/HTMLDocument.cpp:
3581         (WebCore::HTMLDocument::setBgColor):
3582         (WebCore::HTMLDocument::setFgColor):
3583         (WebCore::HTMLDocument::setAlinkColor):
3584         (WebCore::HTMLDocument::setLinkColor):
3585         (WebCore::HTMLDocument::setVlinkColor):
3586         * html/HTMLElement.cpp:
3587         (WebCore::HTMLElement::setDir):
3588         (WebCore::HTMLElement::setContentEditable):
3589         (WebCore::HTMLElement::setDraggable):
3590         (WebCore::HTMLElement::setSpellcheck):
3591         (WebCore::HTMLElement::setTranslate):
3592         * html/HTMLFormControlElement.cpp:
3593         (WebCore::HTMLFormControlElement::setFormEnctype):
3594         (WebCore::HTMLFormControlElement::setFormMethod):
3595         (WebCore::HTMLFormControlElement::setAutocorrect):
3596         (WebCore::HTMLFormControlElement::setAutocapitalize):
3597         (WebCore::HTMLFormControlElement::setAutocomplete):
3598         * html/HTMLFormElement.cpp:
3599         (WebCore::HTMLFormElement::setAutocorrect):
3600         (WebCore::HTMLFormElement::setAutocapitalize):
3601         (WebCore::HTMLFormElement::setAction):
3602         (WebCore::HTMLFormElement::setEnctype):
3603         (WebCore::HTMLFormElement::setMethod):
3604         (WebCore::HTMLFormElement::target):
3605         * html/HTMLImageElement.cpp:
3606         (WebCore::HTMLImageElement::width):
3607         (WebCore::HTMLImageElement::height):
3608         (WebCore::HTMLImageElement::setSrc):
3609         * html/HTMLInputElement.cpp:
3610         (WebCore::HTMLInputElement::setType):
3611         (WebCore::HTMLInputElement::updateType):
3612         (WebCore::HTMLInputElement::altText):
3613         (WebCore::HTMLInputElement::setDefaultValue):
3614         * html/HTMLLinkElement.cpp:
3615         (WebCore::HTMLLinkElement::href):
3616         (WebCore::HTMLLinkElement::target):
3617         (WebCore::HTMLLinkElement::type):
3618         * html/HTMLMediaElement.cpp:
3619         (WebCore::HTMLMediaElement::setSrc):
3620         (WebCore::HTMLMediaElement::setPreload):
3621         * html/HTMLMeterElement.cpp:
3622         (WebCore::HTMLMeterElement::min):
3623         (WebCore::HTMLMeterElement::setMin):
3624         (WebCore::HTMLMeterElement::max):
3625         (WebCore::HTMLMeterElement::setMax):
3626         (WebCore::HTMLMeterElement::value):
3627         (WebCore::HTMLMeterElement::setValue):
3628         (WebCore::HTMLMeterElement::low):
3629         (WebCore::HTMLMeterElement::setLow):
3630         (WebCore::HTMLMeterElement::high):
3631         (WebCore::HTMLMeterElement::setHigh):
3632         (WebCore::HTMLMeterElement::optimum):
3633         (WebCore::HTMLMeterElement::setOptimum):
3634         * html/HTMLObjectElement.cpp:
3635         (WebCore::HTMLObjectElement::containsJavaApplet):
3636         * html/HTMLOptionElement.cpp:
3637         (WebCore::HTMLOptionElement::createForJSConstructor):
3638         (WebCore::HTMLOptionElement::setValue):
3639         (WebCore::HTMLOptionElement::setLabel):
3640         * html/HTMLProgressElement.cpp:
3641         (WebCore::HTMLProgressElement::setValue):
3642         (WebCore::HTMLProgressElement::setMax):
3643         * html/HTMLScriptElement.cpp:
3644         (WebCore::HTMLScriptElement::typeAttributeValue):
3645         * html/HTMLSelectElement.cpp:
3646         (WebCore::HTMLSelectElement::setMultiple):
3647         * html/HTMLSourceElement.cpp:
3648         (WebCore::HTMLSourceElement::setSrc):
3649         (WebCore::HTMLSourceElement::media):
3650         (WebCore::HTMLSourceElement::setMedia):
3651         (WebCore::HTMLSourceElement::type):
3652         (WebCore::HTMLSourceElement::setType):
3653         * html/HTMLTableSectionElement.cpp:
3654         (WebCore::HTMLTableSectionElement::setAlign):
3655         (WebCore::HTMLTableSectionElement::setCh):
3656         (WebCore::HTMLTableSectionElement::chOff):
3657         (WebCore::HTMLTableSectionElement::setChOff):
3658         (WebCore::HTMLTableSectionElement::setVAlign):
3659         * html/HTMLTextFormControlElement.cpp:
3660         (WebCore::HTMLTextFormControlElement::updateInnerTextElementEditability):
3661         * html/HTMLVideoElement.cpp:
3662         (WebCore::HTMLVideoElement::imageSourceURL):
3663         * html/HiddenInputType.cpp:
3664         (WebCore::HiddenInputType::restoreFormControlState):
3665         (WebCore::HiddenInputType::setValue):
3666         * html/MediaDocument.cpp:
3667         (WebCore::MediaDocumentParser::createDocumentStructure):
3668         (WebCore::MediaDocument::replaceMediaElementTimerFired):
3669         * html/PluginDocument.cpp:
3670         (WebCore::PluginDocumentParser::createDocumentStructure):
3671         * html/TextFieldInputType.cpp:
3672         (WebCore::TextFieldInputType::createAutoFillButton):
3673         (WebCore::TextFieldInputType::updateAutoFillButton):
3674         * html/parser/HTMLTreeBuilder.cpp:
3675         (WebCore::HTMLTreeBuilder::processIsindexStartTagForInBody):
3676         * html/shadow/MediaControlElements.cpp:
3677         (WebCore::MediaControlClosedCaptionsContainerElement::create):
3678         (WebCore::MediaControlTimelineElement::create):
3679         (WebCore::MediaControlPanelVolumeSliderElement::create):
3680         (WebCore::MediaControlFullscreenVolumeSliderElement::create):
3681         * html/shadow/TextControlInnerElements.cpp:
3682         (WebCore::SearchFieldCancelButtonElement::SearchFieldCancelButtonElement):
3683         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
3684         (WebCore::ImageControlsButtonElementMac::tryCreate):
3685         * html/shadow/mac/ImageControlsRootElementMac.cpp:
3686         (WebCore::ImageControlsRootElement::tryCreate):
3687         * html/track/WebVTTElement.cpp:
3688         (WebCore::WebVTTElement::createEquivalentHTMLElement):
3689         * html/track/WebVTTParser.cpp:
3690         (WebCore::WebVTTTreeBuilder::constructTreeFromToken):
3691         * inspector/InspectorCSSAgent.cpp:
3692         (WebCore::InspectorCSSAgent::createInspectorStyleSheetForDocument):
3693         * inspector/InspectorPageAgent.cpp:
3694         (WebCore::InspectorPageAgent::buildObjectForFrame):
3695         * mathml/MathMLSelectElement.cpp:
3696         (WebCore::MathMLSelectElement::toggle):
3697         * page/PageSerializer.cpp:
3698         (WebCore::PageSerializer::serializeFrame):
3699         * rendering/RenderDetailsMarker.cpp:
3700         (WebCore::RenderDetailsMarker::isOpen):
3701         * rendering/mathml/RenderMathMLFraction.cpp:
3702         (WebCore::RenderMathMLFraction::updateFromElement):
3703         * svg/SVGElement.cpp:
3704         (WebCore::SVGElement::setXmlbase):
3705         * svg/SVGSVGElement.cpp:
3706         (WebCore::SVGSVGElement::setContentScriptType):
3707         (WebCore::SVGSVGElement::setContentStyleType):
3708         * svg/SVGStyleElement.cpp:
3709         (WebCore::SVGStyleElement::setMedia):
3710         (WebCore::SVGStyleElement::setTitle):
3711
3712 2016-07-15  Chris Dumez  <cdumez@apple.com>
3713
3714         Modernize StaticNodeList / StaticElementList
3715         https://bugs.webkit.org/show_bug.cgi?id=159831
3716
3717         Reviewed by Ryosuke Niwa.
3718
3719         Modernize StaticNodeList / StaticElementList. Pass vector to adopt
3720         as an rvalue reference instead of a non-const reference.
3721
3722         * bindings/js/JSHTMLAllCollectionCustom.cpp:
3723         (WebCore::namedItems):
3724         * dom/ChildListMutationScope.cpp:
3725         (WebCore::ChildListMutationAccumulator::enqueueMutationRecord):
3726         * dom/MutationRecord.cpp:
3727         * dom/SelectorQuery.cpp:
3728         (WebCore::SelectorDataList::queryAll):
3729         * dom/StaticNodeList.h:
3730         * dom/WebKitNamedFlow.cpp:
3731         (WebCore::WebKitNamedFlow::getRegionsByContent):
3732         (WebCore::WebKitNamedFlow::getRegions):
3733         (WebCore::WebKitNamedFlow::getContent):
3734         * svg/SVGSVGElement.cpp:
3735         (WebCore::SVGSVGElement::collectIntersectionOrEnclosureList):
3736         * testing/Internals.cpp:
3737         (WebCore::Internals::nodesFromRect):
3738
3739 2016-07-15  Brent Fulgham  <bfulgham@apple.com>
3740
3741         Block insecure script running in a data: frame when the top-level page is HTTPS
3742         https://bugs.webkit.org/show_bug.cgi?id=125806
3743         <rdar://problem/27331825>
3744
3745         Reviewed by Brady Eidson.
3746
3747         Fix based on a Blink change (patch by <tsepez@chromium.org>):
3748         <https://chromium.googlesource.com/chromium/blink/+/33e553bd96e040151c1472289a0d80803bfca3a5>
3749
3750         Test: http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html
3751
3752         * loader/cache/CachedResourceLoader.cpp:
3753         (WebCore::CachedResourceLoader::checkInsecureContent): Check the top-level frame's security state
3754         before allowing insecure scripts to be used.        
3755
3756 2016-07-15  Chris Dumez  <cdumez@apple.com>
3757
3758         Let the compiler generate QualifiedName copy constructor and assignment operator
3759         https://bugs.webkit.org/show_bug.cgi?id=159826
3760
3761         Reviewed by Alex Christensen.
3762
3763         Let the compiler generate QualifiedName copy constructor and assignment operator
3764         as our custom implementation does nothing special. This also makes QualifiedName
3765         movable as the compiler is now able to generate the move constructor / assignment
3766         operator as well.
3767
3768         * dom/QualifiedName.h:
3769         (WebCore::QualifiedName::QualifiedName): Deleted.
3770         (WebCore::QualifiedName::operator=): Deleted.
3771
3772 2016-07-15  Antonio Gomes  <tonikitoo@igalia.com>
3773
3774         ScrollView::setHasHorizontalScrollbar / setHasVerticalScrollbar duplicate their logic
3775         https://bugs.webkit.org/show_bug.cgi?id=159825
3776
3777         Patch introduces a (private) method to ScrollView
3778         to share the code/logic of setHas{Horizontal,Vertical}Scrollbar.
3779
3780         Reviewed by Simon Fraser.
3781
3782         No new tests needed.
3783
3784         * platform/ScrollView.cpp:
3785         (WebCore::ScrollView::setHasScrollbarInternal):
3786         (WebCore::ScrollView::setHasHorizontalScrollbar):
3787         (WebCore::ScrollView::setHasVerticalScrollbar):
3788         * platform/ScrollView.h:
3789
3790 2016-07-15  Frederic Wang  <fwang@igalia.com>
3791
3792         MathOperator: Improve alignment for vertical size variant
3793         https://bugs.webkit.org/show_bug.cgi?id=158866
3794
3795         Reviewed by Brent Fulgham.
3796
3797         The MathOperator class may stretch operators with either a large glyph or a glyph assembly.
3798         In the latter case, the assembly is adjusted to match the stretch ascent and descent
3799         requested by the callers. But in the former case the glyph ascent and descent are used
3800         instead. We solve this by making MathOperator::stretchTo only take a targetSize and let
3801         callers do the vertical alignment they want. This improves the rendering of fences with some
3802         math fonts (e.g. XITS) and allows to pass the two cases of mo-axis-height-1.html.
3803
3804         Test: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
3805
3806         * rendering/mathml/MathOperator.cpp:
3807         (WebCore::MathOperator::stretchTo): Merge vertical and horizontal stretching into the same
3808         function with only the targetSize as a parameter.
3809         * rendering/mathml/RenderMathMLOperator.cpp:
3810         (WebCore::RenderMathMLOperator::stretchTo): Updated to use the new signature.
3811         (WebCore::RenderMathMLOperator::verticalStretchedOperatorShift): Helper function to calculate
3812         the shift necessary to align the baseline of the MathOperator instance with the one of the
3813         RenderMathMLOperator.
3814         (WebCore::RenderMathMLOperator::firstLineBaseline): Adjust the baseline.
3815         * rendering/mathml/RenderMathMLOperator.h: Declare verticalStretchedOperatorShift.
3816         * rendering/mathml/RenderMathMLRoot.cpp:
3817         (WebCore::RenderMathMLRoot::layoutBlock): Use the new signature. This function aligns the top
3818         of the radical with the overbar so we do not need to adjust baseline alignment here.
3819
3820 2016-07-15  Brady Eidson  <beidson@apple.com>
3821
3822         WebKit should prevent push/replace state with username in URL.
3823         <rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818
3824
3825         Reviewed by Brent Fulgham.
3826
3827         Test: http/tests/security/history-username-password.html
3828
3829         * page/History.cpp:
3830         (WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.
3831
3832 2016-07-15  Ryan Haddad  <ryanhaddad@apple.com>
3833
3834         Unreviewed, rolling out r203266.
3835
3836         This change caused editing/deleting/delete-emoji.html to time
3837         out on El Capitan, crash under GuardMalloc
3838
3839         Reverted changeset:
3840
3841         "Support new emoji group candidates"
3842         https://bugs.webkit.org/show_bug.cgi?id=159755
3843         http://trac.webkit.org/changeset/203266
3844
3845 2016-07-15  Frederic Wang  <fwang@igalia.com>
3846
3847         Move parsing of mfrac attributes into a MathMLFractionElement class
3848         https://bugs.webkit.org/show_bug.cgi?id=159624
3849
3850         Reviewed by Brent Fulgham.
3851
3852         We move the parsing of mfrac attributes to a MathMLFractionElement class. This allows to
3853         minimize the updates in RenderMathMLFraction and to remove the alignment members. Many of
3854         the members in updateLayoutParameters are actually only used in layoutBlock and could be
3855         removed in a follow-up patch. We also improve the resolution of negative line thickness value
3856         since the MathML recommendation says it should be rounded up to the nearest valid
3857         value (which is zero) instead of ignoring the attribute and using the line thickness.
3858
3859         No new tests, already covered by existing tests.
3860
3861         * CMakeLists.txt: Add MathMLFractionElement.
3862         * WebCore.xcodeproj/project.pbxproj: Ditto.
3863         * mathml/MathMLAllInOne.cpp: Ditto.
3864         * mathml/MathMLFractionElement.cpp: Added.
3865         (WebCore::MathMLFractionElement::MathMLFractionElement):
3866         (WebCore::MathMLFractionElement::create):
3867         (WebCore::MathMLFractionElement::lineThickness): Return the cached linethickness length,
3868         parsing it again if it is dirty. This handles the special values "thin", "medium" and "thick"
3869         or fallback to the general parseMathMLLength for MathML lengths.
3870         (WebCore::MathMLFractionElement::cachedFractionAlignment): Return the cached alignment value,
3871         parsing it again if it is dirty.
3872         (WebCore::MathMLFractionElement::numeratorAlignment): Return the cached alignment.
3873         (WebCore::MathMLFractionElement::denominatorAlignment): Ditto.
3874         (WebCore::MathMLFractionElement::parseAttribute): Make attributes dirty.
3875         (WebCore::MathMLFractionElement::createElementRenderer): Create a RenderMathMLFraction.
3876         * mathml/MathMLFractionElement.h: Added.
3877         * mathml/MathMLInlineContainerElement.cpp: We no longer need to handle fraction here.
3878         (WebCore::MathMLInlineContainerElement::createElementRenderer):
3879         * mathml/mathtags.in: Use MathMLFractionElement for mfrac.
3880         * rendering/mathml/RenderMathMLFraction.cpp:
3881         (WebCore::RenderMathMLFraction::updateLayoutParameters): New helper function to set the
3882         layout parameters, replacing updateFromElement. We no longer parse and store the alignment
3883         values here. We also change the resolution of negative values.
3884         (WebCore::RenderMathMLFraction::horizontalOffset): Use the enum from MathMLFractionElement.
3885         (WebCore::RenderMathMLFraction::layoutBlock): We call updateLayoutParameters instead of
3886         updateFromElement. The numerator and denominator alignments are resolved here.
3887         (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Deleted. Parsing of alignment
3888         attribute is now handled in MathMLFractionElement.
3889         (WebCore::RenderMathMLFraction::updateFromElement): Deleted. Attribute changes are now
3890         handled in MathMLFractionElement.
3891         (WebCore::RenderMathMLFraction::styleDidChange): Deleted. Font changes are properly handled.
3892         * rendering/mathml/RenderMathMLFraction.h: Update declarations.
3893
3894 2016-07-15  Frederic Wang  <fwang@igalia.com>
3895
3896         Check whether font is nonnull for GlyphData instead of calling GlyphData::isValid()
3897         https://bugs.webkit.org/show_bug.cgi?id=159783
3898
3899         Reviewed by Brent Fulgham.
3900
3901         GlyphData::isValid() returns true for GlyphData with null 'font' pointer when the 'glyph'
3902         index is nonzero. This behavior is not expected by the MathML code and we have had crashes
3903         in our test suite in the past on Windows (e.g. bug 140653). We thus replace the call to
3904         GlyphData::isValid() with a stronger verification: Whether the 'font' pointer is nonzero.
3905
3906         No new tests, this only makes null pointer checks stronger.
3907
3908         * rendering/mathml/MathOperator.cpp:
3909         (WebCore::boundsForGlyph):
3910         (WebCore::advanceWidthForGlyph):
3911         (WebCore::MathOperator::getBaseGlyph):
3912         (WebCore::MathOperator::setSizeVariant):
3913         (WebCore::MathOperator::fillWithVerticalExtensionGlyph):
3914         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph):
3915         (WebCore::MathOperator::paintVerticalGlyphAssembly):
3916         (WebCore::MathOperator::paintHorizontalGlyphAssembly):
3917         (WebCore::MathOperator::paint):
3918         * rendering/mathml/RenderMathMLOperator.cpp:
3919         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
3920         * rendering/mathml/RenderMathMLToken.cpp:
3921         (WebCore::RenderMathMLToken::computePreferredLogicalWidths):
3922         (WebCore::RenderMathMLToken::firstLineBaseline):
3923         (WebCore::RenderMathMLToken::layoutBlock):
3924         (WebCore::RenderMathMLToken::paint):
3925         (WebCore::RenderMathMLToken::paintChildren):
3926
3927 2016-07-15  Frederic Wang  <fwang@igalia.com>
3928
3929         Add DejaVu Math TeX Gyre to the list of math fonts.
3930         https://bugs.webkit.org/show_bug.cgi?id=159805
3931
3932         Reviewed by Brent Fulgham.
3933
3934         DejaVu 2.36 has a new math font that can be used for MathML rendering. Because this font is
3935         likely to be installed on many systems (Linux, LibreOffice, etc) we include it in the default
3936         list of font-families in mathml.css in order to increase the chance to find a math font.
3937
3938         No new tests, it only affects rendering when DejaVu Math TeX Gyre is installed on the system.
3939
3940         * css/mathml.css:
3941         (math):
3942
3943 2016-07-15  Eric Carlson  <eric.carlson@apple.com>
3944
3945         [MSE] Increase the SourceBuffer "fudge factor"
3946         https://bugs.webkit.org/show_bug.cgi?id=159813
3947         <rdar://problem/27372033>
3948
3949         Reviewed by Jon Lee.
3950         
3951         Some media encoding/conversion pipelines are sloppy when doing sample time/timescale
3952         math, and the error accumulation results in small gaps in the media timeline. r202641
3953         increased the maximum allowable gap from 0.01 second to one 24fps frame, but it turns
3954         out that at least one large provider has a significant amount of content encoded with
3955         up to two 24fps frames.
3956
3957         No new tests, updated media/media-source/media-source-small-gap.html.
3958
3959         * Modules/mediasource/SourceBuffer.cpp:
3960         (WebCore::currentTimeFudgeFactor): Increase maximum gap to 2002 / 24000 frames.
3961
3962 2016-07-15  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
3963
3964         Add final keyword to WebCore/svg classes
3965         https://bugs.webkit.org/show_bug.cgi?id=159802
3966
3967         Reviewed by Youenn Fablet.
3968
3969         Updated classes in the WebCore/svg directory to be marked as final where appropriate.
3970
3971         * svg/SVGException.h:
3972         * svg/SVGLengthList.h:
3973         * svg/SVGMatrix.h:
3974         * svg/SVGNumberList.h:
3975         * svg/SVGPaint.h:
3976       &nb