The web process hangs when computing elements-based snap points for a container with...
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-24  Wenson Hsieh  <wenson_hsieh@apple.com>
2
3         The web process hangs when computing elements-based snap points for a container with large max scroll offset
4         https://bugs.webkit.org/show_bug.cgi?id=152605
5         <rdar://problem/25353661>
6
7         Reviewed by Simon Fraser.
8
9         Fixes a bug in the computation of axis snap points. The ScrollSnapPoints object, which tracks
10         snap points along a particular axis, has two flags, hasRepeat and usesElements. For elements-
11         based snapping, both flags would be turned on, since StyleBuilderConverter::convertScrollSnapPoints
12         short-circuits for elements-based snapping and does not default usesRepeat to false. To address this,
13         we make ScrollSnapPoints not repeat(100%) by default.
14
15         Test: css3/scroll-snap/scroll-snap-elements-container-larger-than-children.html
16
17         * css/StyleBuilderConverter.h:
18         (WebCore::StyleBuilderConverter::convertScrollSnapPoints): Deleted.
19         * rendering/style/StyleScrollSnapPoints.cpp:
20         (WebCore::ScrollSnapPoints::ScrollSnapPoints):
21
22 2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>
23
24         REGRESSION(r200931): Invalid cast in highestAncestorToWrapMarkup()
25         https://bugs.webkit.org/show_bug.cgi?id=160163
26
27         Reviewed by Michael Catanzaro.
28
29         Since r200931 the result of enclosingNodeOfType() in highestAncestorToWrapMarkup() is downcasted to Element, but
30         the result of enclosingNodeOfType() can be a Node that is not an Element, in this case is Text. The cast is not
31         needed at all since that node is passed to editingIgnoresContent() and selectionFromContentsOfNode() and both
32         receive a Node not an Element.
33
34         * editing/markup.cpp:
35         (WebCore::highestAncestorToWrapMarkup): Remove invalid cast.
36
37 2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>
38
39         [Coordinated Graphics] ASSERTION FAILED: m_coordinator->isFlushingLayerChanges() in fast/repaint/animation-after-layer-scroll.html
40         https://bugs.webkit.org/show_bug.cgi?id=160156
41
42         Reviewed by Michael Catanzaro.
43
44         So, we fixed an assertion in r203663, but now is hitting the next one. As explained in bug #160142, flush
45         compositing state can be triggered in tests by RenderLayerCompositor::layerTreeAsText(), without the coordinator
46         even noticing it, so the assert can be just removed.
47
48         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
49         (WebCore::CoordinatedGraphicsLayer::flushCompositingStateForThisLayerOnly): Remove incorrect assert.
50
51 2016-07-25  Zalan Bujtas  <zalan@apple.com>
52
53         EllipsisBox ctor's isVertical parameter should read isHorizontal.
54         https://bugs.webkit.org/show_bug.cgi?id=160153
55
56         Reviewed by Andreas Kling.
57
58         It indicates whether the ellipsis box is horizontal. (both the callsites
59         and the parent class use isHorizontal)
60
61         No change in functionality.
62
63         * rendering/EllipsisBox.cpp:
64         (WebCore::EllipsisBox::EllipsisBox):
65         * rendering/EllipsisBox.h:
66
67 2016-07-25  Sergio Villar Senin  <svillar@igalia.com>
68
69         [css-grid] Implement repeat(auto-fit)
70         https://bugs.webkit.org/show_bug.cgi?id=159771
71
72         Reviewed by Darin Adler.
73
74         The auto-fit keyword works exactly as the already implemented auto-fill except that all
75         empty tracks collapse (became 0px). Absolutely positioned items do not participate on the
76         layout of the grid so they are not considered (a grid with only absolutely positioned items
77         is considered an empty grid).
78
79         Whenever a track collapses the gutters on either side do also collapse. When a collapsed
80         track's gutters collapse, they coincide exactly. If one side of a collapsed track does not
81         have a gutter then collapsing its gutters results in no gutter on either "side" of the
82         collapsed track.
83
84         In practice this means that is not possible to know the gap between 2 consecutive auto
85         repeat tracks without examining some others whenever there are collapsed tracks.
86
87         Uncommented the auto-fit cases from Mozilla tests. They have to be adapted as the reftest
88         machinery requires all the content to be rendered in the original 800x600 viewport.
89
90         Tests: fast/css-grid-layout/grid-auto-fit-columns.html
91         fast/css-grid-layout/grid-auto-fit-rows.html
92         fast/css-grid-layout/mozilla/grid-repeat-auto-fill-fit-005-part-1.html
93         fast/css-grid-layout/mozilla/grid-repeat-auto-fill-fit-005-part-2.html
94
95         * css/CSSComputedStyleDeclaration.cpp:
96         (WebCore::valueForGridTrackList): Use the newly added trackSizesForComputedStyle().
97         * rendering/RenderGrid.cpp:
98         (WebCore::RenderGrid::computeTrackBasedLogicalHeight):
99         (WebCore::RenderGrid::computeTrackSizesForDirection):
100         (WebCore::RenderGrid::isEmptyAutoRepeatTrack):
101         (WebCore::RenderGrid::gridGapForDirection): Returns the gap directly from the style.
102         (WebCore::RenderGrid::guttersSize): Computes the gap between a startLine and an
103         endLine. This method may need to inspect some other surrounding tracks to compute the gap.
104         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
105         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
106         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
107         (WebCore::RenderGrid::gridTrackSize):
108         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
109         (WebCore::RenderGrid::computeAutoRepeatTracksCount):
110         (WebCore::RenderGrid::computeEmptyTracksForAutoRepeat): Returns a Vector with the auto
111         repeat tracks that are going to be collapsed because they're empty.
112         (WebCore::RenderGrid::placeItemsOnGrid):
113         (WebCore::RenderGrid::trackSizesForComputedStyle): Used by ComputedStyle logic to print the
114         size of tracks. Added in order to hide the actual contents of m_columnPositions and
115         m_rowPositions to the outter world.
116         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
117         (WebCore::RenderGrid::gridAreaBreadthForChild):
118         (WebCore::RenderGrid::populateGridPositionsForDirection): Added some extra code to compute
119         gaps as they cannot be directly added between tracks in case of having collapsed tracks.
120         (WebCore::RenderGrid::columnAxisOffsetForChild):
121         (WebCore::RenderGrid::rowAxisOffsetForChild):
122         (WebCore::RenderGrid::offsetBetweenTracks): Deleted.
123         * rendering/RenderGrid.h: Made some API private. Added new required methods/attributes.
124
125         * css/CSSComputedStyleDeclaration.cpp:
126         (WebCore::valueForGridTrackList):
127         * rendering/RenderGrid.cpp:
128         (WebCore::RenderGrid::computeTrackBasedLogicalHeight):
129         (WebCore::RenderGrid::computeTrackSizesForDirection):
130         (WebCore::RenderGrid::hasAutoRepeatEmptyTracks):
131         (WebCore::RenderGrid::isEmptyAutoRepeatTrack):
132         (WebCore::RenderGrid::gridGapForDirection):
133         (WebCore::RenderGrid::guttersSize):
134         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
135         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
136         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
137         (WebCore::RenderGrid::gridTrackSize):
138         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
139         (WebCore::RenderGrid::computeAutoRepeatTracksCount):
140         (WebCore::RenderGrid::computeEmptyTracksForAutoRepeat):
141         (WebCore::RenderGrid::placeItemsOnGrid):
142         (WebCore::RenderGrid::trackSizesForComputedStyle):
143         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
144         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):
145         (WebCore::RenderGrid::gridAreaBreadthForChild):
146         (WebCore::RenderGrid::populateGridPositionsForDirection):
147         (WebCore::RenderGrid::columnAxisOffsetForChild):
148         (WebCore::RenderGrid::rowAxisOffsetForChild):
149         (WebCore::RenderGrid::offsetBetweenTracks): Deleted.
150         * rendering/RenderGrid.h:
151
152 2016-07-24  Frederic Wang  <fwang@igalia.com>
153
154         Move parsing of display, displaystyle and mathvariant attributes into MathML element classes
155         https://bugs.webkit.org/show_bug.cgi?id=159623
156
157         Reviewed by Brent Fulgham.
158
159         No new tests, already covered by existing tests.
160
161         * mathml/MathMLElement.cpp:
162         (WebCore::MathMLElement::parseMathVariantAttribute): Move helper function to parse the
163         mathvariant attribute.
164         (WebCore::MathMLElement::getSpecifiedDisplayStyle): Helper function to set the displaystyle
165         value from the attribute specified on the MathML element.
166         (WebCore::MathMLElement::getSpecifiedMathVariant): Helper function to set the mathvariant
167         value from the attribute specified on the MathML element.
168         * mathml/MathMLElement.h: Move the enum for mathvariant values and declare new members.
169         (WebCore::MathMLElement::acceptsDisplayStyleAttribute): Indicate whether the element accepts
170         displaystyle attribute (false for most of them).
171         (WebCore::MathMLElement::acceptsMathVariantAttribute): Indicate whether the element accepts
172         mathvariant attribute (false for most of them).
173         * mathml/MathMLInlineContainerElement.cpp:
174         (WebCore::MathMLInlineContainerElement::acceptsDisplayStyleAttribute): Add mstyle and mtable
175         to the list of elements accepting the displaystyle attribute.
176         (WebCore::MathMLInlineContainerElement::acceptsMathVariantAttribute): Add mstyle to the list
177         of elements accepting the mathvariant attribute.
178         (WebCore::MathMLInlineContainerElement::parseAttribute): Mark displaystyle and mathvariant
179         dirty if necessary. Also use the new accepts*Attribute function.
180         * mathml/MathMLInlineContainerElement.h: Declare overridden accepts*Attribute members.
181         * mathml/MathMLMathElement.cpp:
182         (WebCore::MathMLMathElement::getSpecifiedDisplayStyle): Override acceptsDisplayStyleAttribute
183         so that the display attribute is also used to set the default value if the displaystyle
184         attribute is absent.
185         (WebCore::MathMLMathElement::parseAttribute): Mark displaystyle and mathvariant dirty if
186         necessary. We directly MathMLElement::parseAttribute to avoid duplicate work.
187         * mathml/MathMLMathElement.h: Add the math tag to the list of elements accepting the
188         displaystyle and mathvariant attributes. Declare overridden getSpecifiedDisplayStyle.
189         * mathml/MathMLTextElement.cpp:
190         (WebCore::MathMLTextElement::parseAttribute): Mark mathvariant as dirty.
191         * mathml/MathMLTextElement.h: Add token elements to the list of elements accepting the
192         mathvariant attribute.
193         * rendering/mathml/MathMLStyle.cpp:
194         (WebCore::MathMLStyle::updateStyleIfNeeded): Use the new MathMLElement::MathVariant enum.
195         (WebCore::MathMLStyle::resolveMathMLStyle):  We no longer parse the display value to
196         initialize the default value on the math tag, because this is handled in
197         getSpecifiedDisplayStyle. In general, we also just call getSpecifiedDisplayStyle and
198         getSpecifiedMathVariant on the MathML elements instead of parsing the displaystyle and
199         mathvariant attributes here.
200         (WebCore::MathMLStyle::parseMathVariant): Deleted. This is moved into MathMLElement.
201         * rendering/mathml/MathMLStyle.h: Use the new MathMLElement::MathVariant enum.
202         * rendering/mathml/RenderMathMLToken.cpp: Ditto.
203         (WebCore::mathVariant): Ditto.
204         (WebCore::RenderMathMLToken::updateMathVariantGlyph): Ditto.
205
206 2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>
207
208         Unreviewed. Remove unneeded header includes from CoordinatedGraphicsLayer.
209
210         Not only thjey are not needed, they are a layer violation, CoordinatedGraphicsLayer shouldn't know anything
211         about Page, Frame and FrameView.
212
213         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
214         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
215
216 2016-07-24  Youenn Fablet  <youenn@apple.com>
217
218         [Fetch API] Request should be created with any HeadersInit data
219         https://bugs.webkit.org/show_bug.cgi?id=159672
220
221         Reviewed by Sam Weinig.
222
223         Made Request use JSBuiltinConstructor.
224         This allows initializing newly created Request with a JS built-in function, initializeFetchRequest.
225         initializeFetchRequest can call @fillFetchHeaders internal built-in to handle any HeadersInit data.
226         Future effort should be made to migrate more initialization code in initializeFetchRequest.
227
228         Made window and worker fetch function as a JS built-in.
229         This becomes more handy as these new functions can construct the Request object.
230         They can then call a single private function that takes a Request object as input.
231         Updated DOMWindowFetch and WorkerGlobalScopeFetch code accordingly.
232
233         To enable this, the binding generator is updated to support runtime-enabled JS built-in functions and
234         private functions atttached to global objects.
235
236         Covered by existing and modified tests.
237         Binding generator test covered by updated binding tests.
238
239         * CMakeLists.txt: Adding DOMWindowFetch.js, FetchRequest.js and WorkerGlobalScopeFetch.js built-in files.
240         * DerivedSources.make: Ditto.
241         * Modules/fetch/DOMWindowFetch.cpp: Removed overloaded fetch and updated according new signature.
242         (WebCore::DOMWindowFetch::fetch):
243         * Modules/fetch/DOMWindowFetch.h: Ditto.
244         * Modules/fetch/DOMWindowFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
245         * Modules/fetch/DOMWindowFetch.js: Added.
246         (fetch):
247         * Modules/fetch/FetchHeaders.h:
248         (WebCore::FetchHeaders::setGuard): Used by FetchRequest when initializing headers.
249         * Modules/fetch/FetchRequest.cpp: 
250         (WebCore::buildHeaders): Removed as implemented in JS.
251         (WebCore::FetchRequest::initializeOptions): Added to handle most of the dictionary initialization.
252         (WebCore::FetchRequest::initializeWith): Method called from built-in constructor function.
253         (WebCore::FetchRequest::setBody): Corresponding to @setBody private method.
254         (WebCore::buildBody): Deleted.
255         * Modules/fetch/FetchRequest.h:
256         * Modules/fetch/FetchRequest.idl:
257         * Modules/fetch/FetchRequest.js: Added.
258         (initializeFetchRequest): Implements fetch Request(input, init) constructor.
259         * Modules/fetch/FetchResponse.cpp:
260         (WebCore::FetchResponse::fetch): Removed the construction of FetchRequest in fetch method since it is done by JS built-in code.
261         * Modules/fetch/FetchResponse.h:
262         * Modules/fetch/WorkerGlobalScopeFetch.cpp: Removed overloaded fetch and updated according new signature.
263         (WebCore::WorkerGlobalScopeFetch::fetch):
264         * Modules/fetch/WorkerGlobalScopeFetch.h: Ditto.
265         * Modules/fetch/WorkerGlobalScopeFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
266         * Modules/fetch/WorkerGlobalScopeFetch.js: Added.
267         (fetch):
268         * bindings/js/WebCoreBuiltinNames.h: Adding fetchRequest, setBody and Request private identifiers.
269         * bindings/scripts/CodeGenerator.pm:
270         (WK_lcfirst): Replacing dOM by dom.
271         * bindings/scripts/CodeGeneratorJS.pm:
272         (GenerateImplementation): Adding support for runtime-enabled built-in methods and private methods.
273         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
274         (WebCore::JSTestGlobalObject::finishCreation):
275         (WebCore::jsTestGlobalObjectInstanceFunctionTestPrivateFunction):
276         * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm:
277         (-[DOMTestGlobalObject testJSBuiltinFunction]):
278         * bindings/scripts/test/TestGlobalObject.idl: Adding tests for runtime-enabled global built-in methods and private methods.
279
280 2016-07-24  Nan Wang  <n_wang@apple.com>
281
282         AX: Video Controls: Volume cannot be adjusted using VO.
283         https://bugs.webkit.org/show_bug.cgi?id=160107
284
285         Reviewed by Dean Jackson.
286
287         The volume slider in video tag had 0.01 step which caused the screen reader adjusting it slowly.
288         Changed the step to 0.05 and added the aria-valuetext attribute to the slider, so that the value
289         is spoken in percentage. 
290
291         Test: accessibility/mac/video-volume-slider-accessibility.html
292
293         * Modules/mediacontrols/mediaControlsApple.js:
294         (Controller.prototype.createControls):
295         (Controller.prototype.handleVolumeSliderInput):
296         (Controller.prototype.updateVolume):
297
298 2016-07-24  David Kilzer  <ddkilzer@apple.com>
299
300         REGRESSION (r203106): Crash in WebCore::MathMLElement::parseMathMLLength()
301         <https://webkit.org/b/160111>
302         <rdar://problem/27506489>
303
304         Reviewed by Chris Dumez.
305
306         Test: mathml/mpadded-crash.html
307
308         * mathml/MathMLElement.cpp:
309         (WebCore::skipLeadingAndTrailingWhitespace): Change to take
310         StringView parameter instead of String to avoid creating a
311         temporary String that's released on return.
312
313 2016-07-24  Carlos Garcia Campos  <cgarcia@igalia.com>
314
315         [Coordinated Graphics] ASSERTION FAILED: !m_flushingLayers in fast/repaint/animation-after-layer-scroll.html
316         https://bugs.webkit.org/show_bug.cgi?id=160142
317
318         Reviewed by Michael Catanzaro.
319
320         This only happens in layout tests, because it happens when RenderLayerCompositor::layerTreeAsText() is
321         called. The thing is that CoordinatedGraphicsLayer::flushCompositingState() calls notifyFlushRequired() that
322         checks if the coordinator is flusing layers and if not it calls RenderLayerCompositor::notifyFlushRequired() and
323         returns early. This normally works because the coodinator is the one starting the layer flush, so that when
324         RenderLayerCompositor::flushPendingLayerChanges() is called the coordinator is always flusing layers. But
325         RenderLayerCompositor::layerTreeAsText() calls RenderLayerCompositor::flushPendingLayerChanges() directly, so at
326         that moment the coordinator is not flusing layers, what causes that
327         CoordinatedGraphicsLayer::flushCompositingState() ends up calling RenderLayerCompositor::notifyFlushRequired()
328         that schedules a new flush while flusing layers causing the
329         assertion. CoordinatedGraphicsLayer::flushCompositingState() is always called from
330         CompositingCoordinator::flushPendingLayerChanges() or RenderLayerCompositor::flushPendingLayerChanges() so we
331         never need to call RenderLayerCompositor::notifyFlushRequired() from there.
332
333         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
334         (WebCore::CoordinatedGraphicsLayer::notifyFlushRequired): This is void now since the return value is not checked anywhere.
335         (WebCore::CoordinatedGraphicsLayer::flushCompositingState): Remove the call to notifyFlushRequired().
336         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
337
338 2016-07-24  Darin Adler  <darin@apple.com>
339
340         Adding a new WebCore JavaScript built-in source file does not trigger rebuild of WebCoreJSBuiltins*
341         https://bugs.webkit.org/show_bug.cgi?id=160115
342
343         Reviewed by Youenn Fablet.
344
345         * DerivedSources.make: Added a missing dependency so the rule that builds WebCore_BUILTINS_WRAPPERS
346         kicks in when the list of WebCore_BUILTINS_SOURCES is modified. Also added another missing dependency
347         so that changes to the JavaScript built-ins Python scripts will also trigger WebCore_BUILTINS_WRAPPERS.
348
349         * make-generated-sources.sh: Removed. Was unused.
350
351 2016-07-23  Zalan Bujtas  <zalan@apple.com>
352
353         Stop isEmpty() from leaking out of SVG.
354         https://bugs.webkit.org/show_bug.cgi?id=160121
355
356         Reviewed by Simon Fraser.
357
358         It's unclear what isEmpty() actually means and it doesn't bring any value to Render* classes.
359
360         No change in functionality.
361
362         * editing/CompositeEditCommand.cpp:
363         (WebCore::CompositeEditCommand::addBlockPlaceholderIfNeeded):
364         * rendering/RenderElement.h:
365         * rendering/RenderListItem.cpp:
366         (WebCore::RenderListItem::isEmpty): Deleted.
367         * rendering/RenderListItem.h:
368         * rendering/RenderObject.h:
369         (WebCore::RenderObject::isEmpty): Deleted.
370         * rendering/RenderRubyRun.cpp:
371         (WebCore::RenderRubyRun::removeChild):
372         (WebCore::RenderRubyRun::isEmpty): Deleted.
373         * rendering/RenderRubyRun.h:
374         * rendering/mathml/RenderMathMLFenced.cpp:
375         (WebCore::RenderMathMLFenced::updateFromElement):
376         (WebCore::RenderMathMLFenced::addChild):
377         * rendering/mathml/RenderMathMLRoot.cpp:
378         (WebCore::RenderMathMLRoot::paint):
379         * rendering/svg/RenderSVGShape.h:
380
381 2016-07-23  Zalan Bujtas  <zalan@apple.com>
382
383         table*BorderAdjoiningCell and borderAdjoiningCell* should take reference instead of RenderTableCell*.
384         https://bugs.webkit.org/show_bug.cgi?id=160123
385
386         Reviewed by Simon Fraser.
387
388         No change in functionality.
389
390         * rendering/RenderTable.cpp:
391         (WebCore::RenderTable::tableStartBorderAdjoiningCell):
392         (WebCore::RenderTable::tableEndBorderAdjoiningCell):
393         * rendering/RenderTable.h:
394         * rendering/RenderTableCell.cpp:
395         (WebCore::RenderTableCell::computeCollapsedStartBorder):
396         (WebCore::RenderTableCell::computeCollapsedEndBorder):
397         * rendering/RenderTableCell.h:
398         (WebCore::RenderTableCell::borderAdjoiningCellBefore):
399         (WebCore::RenderTableCell::borderAdjoiningCellAfter):
400         * rendering/RenderTableCol.cpp:
401         (WebCore::RenderTableCol::borderAdjoiningCellStartBorder):
402         (WebCore::RenderTableCol::borderAdjoiningCellEndBorder):
403         (WebCore::RenderTableCol::borderAdjoiningCellBefore):
404         (WebCore::RenderTableCol::borderAdjoiningCellAfter):
405         * rendering/RenderTableCol.h:
406         * rendering/RenderTableRow.cpp:
407         (WebCore::RenderTableRow::borderAdjoiningStartCell):
408         (WebCore::RenderTableRow::borderAdjoiningEndCell):
409         * rendering/RenderTableRow.h:
410         * rendering/RenderTableSection.cpp:
411         (WebCore::RenderTableSection::borderAdjoiningStartCell):
412         (WebCore::RenderTableSection::borderAdjoiningEndCell):
413         * rendering/RenderTableSection.h:
414
415 2016-07-23  Zalan Bujtas  <zalan@apple.com>
416
417         Remove unused enum and stale comment from RenderObject.
418         https://bugs.webkit.org/show_bug.cgi?id=160122
419
420         Reviewed by Simon Fraser.
421
422         No change in functionality.
423
424         * rendering/RenderBox.h:
425
426 2016-07-23  Carlos Garcia Campos  <cgarcia@igalia.com>
427
428         [Coordinated Graphics] Lots of flaky tests
429         https://bugs.webkit.org/show_bug.cgi?id=160118
430
431         Reviewed by Michael Catanzaro.
432
433         Since the GTK+ ported to threaded compositor (coordinated graphics) there are a lot of flaky tests in the
434         bots. In manu of the cases the diff shows a different size in the FrameView layer.
435
436         This happens for tests run in the same WTR after fast/fixed-layout/fixed-layout.html. This is what happens:
437
438          1.- Test fast/fixed-layout/fixed-layout.html runs and sets fixed layout to true and fixed layout size to 400x400
439          2.- When it finishes TestController::resetStateToConsistentValues() is called.
440          3.- Blank URL is loaded after state has been updated
441          4.- Then Reset message is handled in the web process and Internals::resetToConsistentState() resets the fixed
442              layout state and size.
443          5.- onresize happens and the handler set in fast/fixed-layout/fixed-layout.html is invoked setting the fixed
444              layout to true and size to 400x400 again.
445          6.- about_blank is then loaded with the fixed layout enabled, as well as other tests after this one.
446
447         In addition to this, coordinated graphics uses a fixedVisibleContentRect in ScrollView that is never reset.
448
449         * platform/ScrollView.cpp:
450         (WebCore::ScrollView::unscaledVisibleContentSizeIncludingObscuredArea): Only use m_fixedVisibleContentRect when
451         fixed layout is enabled.
452         (WebCore::ScrollView::unscaledUnobscuredVisibleContentSize): Ditto.
453         (WebCore::ScrollView::visibleContentRectInternal): Ditto.
454         * testing/Internals.cpp:
455         (WebCore::Internals::resetToConsistentState): Reset also the m_fixedVisibleContentRect.
456
457 2016-07-23  Carlos Garcia Campos  <cgarcia@igalia.com>
458
459         [Coordinated Graphics] Test imported/blink/svg/custom/svg-image-layers-crash.html crashes
460         https://bugs.webkit.org/show_bug.cgi?id=160078
461
462         Reviewed by Michael Catanzaro.
463
464         This is a merge of Blink r155373.
465         https://chromiumcodereview.appspot.com/20789004
466
467         Disable accelerated compositing for SVGImage content layers. SVGImageChromeClient does not support it.
468
469         Fixes imported/blink/svg/custom/svg-image-layers-crash.html.
470
471         * svg/graphics/SVGImage.cpp:
472         (WebCore::SVGImage::dataChanged):
473
474 2016-07-23  Commit Queue  <commit-queue@webkit.org>
475
476         Unreviewed, rolling out r203641.
477         https://bugs.webkit.org/show_bug.cgi?id=160116
478
479         It broke make-based builds (Requested by youenn on #webkit).
480
481         Reverted changeset:
482
483         "[Fetch API] Request should be created with any HeadersInit
484         data"
485         https://bugs.webkit.org/show_bug.cgi?id=159672
486         http://trac.webkit.org/changeset/203641
487
488 2016-07-23  Youenn Fablet  <youenn@apple.com>
489
490         [Fetch API] Request should be created with any HeadersInit data
491         https://bugs.webkit.org/show_bug.cgi?id=159672
492
493         Reviewed by Sam Weinig.
494
495         Made Request use JSBuiltinConstructor.
496         This allows initializing newly created Request with a JS built-in function, initializeFetchRequest.
497         initializeFetchRequest can call @fillFetchHeaders internal built-in to handle any HeadersInit data.
498         Future effort should be made to migrate more initialization code in initializeFetchRequest.
499
500         Made window and worker fetch function as a JS built-in.
501         This becomes more handy as these new functions can construct the Request object.
502         They can then call a single private function that takes a Request object as input.
503         Updated DOMWindowFetch and WorkerGlobalScopeFetch code accordingly.
504
505         To enable this, the binding generator is updated to support runtime-enabled JS built-in functions and
506         private functions atttached to global objects.
507
508         Covered by existing and modified tests.
509         Binding generator test covered by updated binding tests.
510
511         * CMakeLists.txt: Adding DOMWindowFetch.js, FetchRequest.js and WorkerGlobalScopeFetch.js built-in files.
512         * DerivedSources.make: Ditto.
513         * Modules/fetch/DOMWindowFetch.cpp: Removed overloaded fetch and updated according new signature.
514         (WebCore::DOMWindowFetch::fetch):
515         * Modules/fetch/DOMWindowFetch.h: Ditto.
516         * Modules/fetch/DOMWindowFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
517         * Modules/fetch/DOMWindowFetch.js: Added.
518         (fetch):
519         * Modules/fetch/FetchHeaders.h:
520         (WebCore::FetchHeaders::setGuard): Used by FetchRequest when initializing headers.
521         * Modules/fetch/FetchRequest.cpp: 
522         (WebCore::buildHeaders): Removed as implemented in JS.
523         (WebCore::FetchRequest::initializeOptions): Added to handle most of the dictionary initialization.
524         (WebCore::FetchRequest::initializeWith): Method called from built-in constructor function.
525         (WebCore::FetchRequest::setBody): Corresponding to @setBody private method.
526         (WebCore::buildBody): Deleted.
527         * Modules/fetch/FetchRequest.h:
528         * Modules/fetch/FetchRequest.idl:
529         * Modules/fetch/FetchRequest.js: Added.
530         (initializeFetchRequest): Implements fetch Request(input, init) constructor.
531         * Modules/fetch/FetchResponse.cpp:
532         (WebCore::FetchResponse::fetch): Removed the construction of FetchRequest in fetch method since it is done by JS built-in code.
533         * Modules/fetch/FetchResponse.h:
534         * Modules/fetch/WorkerGlobalScopeFetch.cpp: Removed overloaded fetch and updated according new signature.
535         (WebCore::WorkerGlobalScopeFetch::fetch):
536         * Modules/fetch/WorkerGlobalScopeFetch.h: Ditto.
537         * Modules/fetch/WorkerGlobalScopeFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
538         * Modules/fetch/WorkerGlobalScopeFetch.js: Added.
539         (fetch):
540         * bindings/js/WebCoreBuiltinNames.h: Adding fetchRequest, setBody and Request private identifiers.
541         * bindings/scripts/CodeGenerator.pm:
542         (WK_lcfirst): Replacing dOM by dom.
543         * bindings/scripts/CodeGeneratorJS.pm:
544         (GenerateImplementation): Adding support for runtime-enabled built-in methods and private methods.
545         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
546         (WebCore::JSTestGlobalObject::finishCreation):
547         (WebCore::jsTestGlobalObjectInstanceFunctionTestPrivateFunction):
548         * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm:
549         (-[DOMTestGlobalObject testJSBuiltinFunction]):
550         * bindings/scripts/test/TestGlobalObject.idl: Adding tests for runtime-enabled global built-in methods and private methods.
551
552 2016-07-23  Frederic Wang  <fwang@igalia.com>
553
554         Reset font-style on the <math> element
555         https://bugs.webkit.org/show_bug.cgi?id=160074
556
557         Reviewed by Darin Adler.
558
559         Mathematical formulas with italic font-style render poorly (slanted operators, mathvariant
560         italic etc). We align on Gecko and make the user agent stylesheet reset the font-style to
561         'normal' by default. This addresses the concrete use case of formula inside theorem or
562         proposition statements, which are often written in italic.
563
564         Test: mathml/presentation/math-font-style.html
565
566         * css/mathml.css:
567         (math): Reset the font-style to normal.
568
569 2016-07-23  Frederic Wang  <fwang@igalia.com>
570
571         [MathML] PaintInfo state is not properly restored after applyTransform.
572         https://bugs.webkit.org/show_bug.cgi?id=160077
573
574         Reviewed by Simon Fraser.
575
576         PaintInfo::applyTransform modifies PaintInfo::rect and the original state is not properly
577         restored by GraphicsContextStateSaver. To avoid some weird rendering bugs in MathOperator
578         and RenderMathMLMenclose, we follow what is done in SVG renderers and make a copy of the
579         original PaintInfo before applying the transform.
580
581         Test: mathml/presentation/bug160077.html
582
583         * rendering/mathml/MathOperator.cpp:
584         (WebCore::MathOperator::paint):
585         * rendering/mathml/RenderMathMLMenclose.cpp:
586         (WebCore::RenderMathMLMenclose::paint):
587
588 2016-07-23  Youenn Fablet  <youenn@apple.com>
589
590         [Fetch API] Fetch response stream should enqueue Uint8Array
591         https://bugs.webkit.org/show_bug.cgi?id=160083
592
593         Reviewed by Sam Weinig.
594
595         Covered by updated tests.
596
597         Before enqueuing, ReadableStreamController::enqueue will convert ArrayBuffer as Uint8Array.
598         It also returns a boolean whether the operation is successful or not.
599
600         If returned value is false, calling code will stop loading or if everything is loaded it will refrain from closing the stream.
601         The enqueuing should be succesful except in OutOfMemory cases. This case is not yet handled in test cases.
602
603         Updated the code to remove templated enqueuing as Fetch has no use of it.
604
605         * Modules/fetch/FetchBody.cpp:
606         (WebCore::FetchBody::consumeAsStream): Do not close the stream if enqueuing failed.
607         * Modules/fetch/FetchBodyOwner.cpp:
608         (WebCore::FetchBodyOwner::blobChunk): Stop blob loading if enqueuing failed.
609         * Modules/fetch/FetchResponse.cpp:
610         (WebCore::FetchResponse::BodyLoader::didReceiveData): Stop resource loading if enqueuing failed.
611         (WebCore::FetchResponse::consumeBodyAsStream): Ditto.
612         * Modules/fetch/FetchResponseSource.h:
613         * bindings/js/ReadableStreamController.h:
614         (WebCore::ReadableStreamController::enqueue):
615         (WebCore::ReadableStreamController::enqueue<RefPtr<JSC::ArrayBuffer>>): Deleted.
616
617 2016-07-22  Youenn Fablet  <youenn@apple.com>
618
619         Use a private property to implement FetchResponse.body getter
620         https://bugs.webkit.org/show_bug.cgi?id=159808
621
622         Reviewed by Sam Weinig.
623
624         Covered by existing test sets.
625
626         Previously, body was handled as a CachedAttribute.
627         Using a private property will allow direct use of this property from JS built-ins which will allow easier
628         handling of ReadableStream cloning in Response.clone.
629         Also, this allows removing some binding custom code.
630
631         Updated redirect and error static methods to take NewObject keyword, as this removes a search into cached wrappers.
632         Ditto for createReadableStreamSource.
633
634         * CMakeLists.txt: Removing JSFetchResponseCustom.cpp.
635         * Modules/fetch/FetchResponse.idl: Adding createReadableStreamSource and isDisturbed private functions.
636         Making body getter a JSBuiltin.
637         * Modules/fetch/FetchResponse.js:
638         (body): Adding getter which will call createReadableStreamSource if needed.
639         * WebCore.xcodeproj/project.pbxproj: Removing JSFetchResponseCustom.cpp.
640         * bindings/js/JSFetchResponseCustom.cpp: Removed.
641         * bindings/js/ReadableStreamController.cpp:
642         (WebCore::createReadableStream): Deleted.
643         (WebCore::getReadableStreamReader): Deleted.
644         * bindings/js/ReadableStreamController.h: Removing unneeded ReadableStream helper routine now that they can be
645         handled within JS built-in code.
646         * bindings/js/WebCoreBuiltinNames.h: Adding @createReadableStreamSource, @isDisturbed  and @Response identifiers.
647
648 2016-07-22  Zalan Bujtas  <zalan@apple.com>
649
650         Handle cases when IOSurface initialization fails.
651         https://bugs.webkit.org/show_bug.cgi?id=160006
652         <rdar://problem/27495102>
653
654         Reviewed by Tim Horton and Simon Fraser.
655
656         This is an additional fix to r203514 to check if IOSurface initialization was successful.
657
658         Unable to test.
659
660         * platform/graphics/cg/ImageBufferCG.cpp:
661         (WebCore::ImageBuffer::ImageBuffer):
662         * platform/graphics/cocoa/IOSurface.h: Merge 2 c'tors.
663         * platform/graphics/cocoa/IOSurface.mm: Remove redundant IOSurface::create() code.  
664         (WebCore::IOSurface::create):
665         (WebCore::IOSurface::createFromImage):
666         (WebCore::IOSurface::IOSurface):
667         (WebCore::IOSurface::convertToFormat):
668
669 2016-07-22  Wenson Hsieh  <wenson_hsieh@apple.com>
670
671         Media controls should be displayed for media in media documents
672         https://bugs.webkit.org/show_bug.cgi?id=160104
673         <rdar://problem/27438936>
674
675         Reviewed by Myles C. Maxfield.
676
677         Make videos that would otherwise not have been large enough or have the right
678         aspect ratio cause media controls to appear. This is because media elements in
679         a media document are implied to be main content.
680
681         Added a new API test.
682
683         * html/MediaElementSession.cpp:
684         (WebCore::MediaElementSession::canControlControlsManager):
685
686 2016-07-22  Myles C. Maxfield  <mmaxfield@apple.com>
687
688         All dancers with bunny ears are female
689         https://bugs.webkit.org/show_bug.cgi?id=160102
690         <rdar://problem/27453479>
691
692         Reviewed by Simon Fraser.
693
694         In r203330 I added support for new emoji group candidates. I accidentally
695         missed one of the new emoji code points.
696
697         Tests: editing/deleting/delete-emoji.html:
698                fast/text/emoji-gender-2-9.html:
699                fast/text/emoji-gender-9.html:
700                fast/text/emoji-gender-fe0f-9.html:
701
702         * platform/text/CharacterProperties.h:
703         (WebCore::isEmojiGroupCandidate):
704
705 2016-07-22  Chris Dumez  <cdumez@apple.com>
706
707         Parameter to HTMLCollection.item() / namedItem() should be mandatory
708         https://bugs.webkit.org/show_bug.cgi?id=160099
709
710         Reviewed by Sam Weinig.
711
712         Parameter to HTMLCollection.item() / namedItem() should be mandatory:
713         - https://dom.spec.whatwg.org/#interface-htmlcollection
714         - https://html.spec.whatwg.org/multipage/infrastructure.html#htmlformcontrolscollection
715         - https://html.spec.whatwg.org/multipage/infrastructure.html#the-htmloptionscollection-interface
716
717         Firefox and Chrome agree with the specification.
718
719         No new tests, rebaselined existing tests.
720
721         * bindings/js/JSHTMLFormControlsCollectionCustom.cpp:
722         (WebCore::JSHTMLFormControlsCollection::namedItem):
723         * html/HTMLCollection.idl:
724         * html/HTMLFormControlsCollection.idl:
725         * html/HTMLOptionsCollection.idl:
726
727 2016-07-22  Chris Dumez  <cdumez@apple.com>
728
729         First parameter to Window.getComputedStyle() should be mandatory and non-nullable
730         https://bugs.webkit.org/show_bug.cgi?id=160097
731
732         Reviewed by Ryosuke Niwa.
733
734         First parameter to Window.getComputedStyle() should be mandatory and
735         non-nullable:
736         - https://drafts.csswg.org/cssom/#extensions-to-the-window-interface
737
738         Firefox and Chrome agree with the specification.
739
740         Test: fast/dom/Window/getComputedStyle-missing-parameter.html
741
742         * css/CSSComputedStyleDeclaration.cpp:
743         (WebCore::ComputedStyleExtractor::ComputedStyleExtractor):
744         (WebCore::CSSComputedStyleDeclaration::CSSComputedStyleDeclaration):
745         (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
746         (WebCore::CSSComputedStyleDeclaration::copyProperties):
747         (WebCore::CSSComputedStyleDeclaration::length):
748         (WebCore::CSSComputedStyleDeclaration::item):
749         (WebCore::CSSComputedStyleDeclaration::getPropertyValue):
750         * css/CSSComputedStyleDeclaration.h:
751         * dom/Document.idl:
752         * inspector/InspectorCSSAgent.cpp:
753         (WebCore::InspectorCSSAgent::getComputedStyleForNode):
754         * page/DOMWindow.cpp:
755         (WebCore::DOMWindow::getComputedStyle):
756         * page/DOMWindow.h:
757         * page/DOMWindow.idl:
758         * testing/Internals.cpp:
759         (WebCore::Internals::computedStyleIncludingVisitedInfo):
760         * testing/Internals.h:
761         * testing/Internals.idl:
762
763 2016-07-22  Brady Eidson  <beidson@apple.com>
764
765         Removing IndexedDatabases that have stored blobs doesn't remove the blob files.
766         https://bugs.webkit.org/show_bug.cgi?id=160089
767
768         Reviewed by Darin Adler.
769
770         Tested by API test IndexedDB.StoreBlobThenDelete.
771
772         Blob filenames exist in the IDB directory with the name "[0-9]+.blob".
773         
774         That is, one or more digits, followed by ".blob".
775         
776         So when we delete an IndexedDB.sqlite3 and related files, we should delete those blob files as well.
777         
778         * Modules/indexeddb/server/IDBServer.cpp:
779         (WebCore::IDBServer::removeAllDatabasesForOriginPath):
780
781 2016-07-22  Chris Dumez  <cdumez@apple.com>
782
783         Fix default parameter values for window.alert() / prompt() / confirm()
784         https://bugs.webkit.org/show_bug.cgi?id=160085
785
786         Reviewed by Ryosuke Niwa.
787
788         Fix default parameter values for window.alert() / prompt() / confirm() to
789         match the specification:
790         - https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
791
792         They should default to the empty string, not the string "undefined".
793
794         Firefox and chrome agree with the specification.
795
796         No new tests, updated existing test.
797
798         * page/DOMWindow.h:
799         * page/DOMWindow.idl:
800
801 2016-07-22  Daniel Bates  <dabates@apple.com>
802
803         CSP: object-src and plugin-types directives are not respected for plugin replacements
804         https://bugs.webkit.org/show_bug.cgi?id=159761
805         <rdar://problem/27365724>
806
807         Reviewed by Brent Fulgham.
808
809         Apply the Content Security Policy (CSP) object-src and plugin-types directives to content that will
810         load with a plugin replacement.
811
812         Tests: security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html
813                security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html
814                security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html
815                security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html
816                security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html
817                security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html
818                security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html
819                security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html
820
821         * html/HTMLPlugInImageElement.cpp:
822         (WebCore::HTMLPlugInImageElement::allowedToLoadPluginContent): Added.
823         (WebCore::HTMLPlugInImageElement::requestObject): Only request loading plugin content if we
824         are allowed to load such content.
825         * html/HTMLPlugInImageElement.h:
826         * loader/SubframeLoader.cpp:
827         (WebCore::SubframeLoader::pluginIsLoadable): Removed code to check CSP as we will check CSP
828         earlier in HTMLPlugInImageElement::requestObject().
829         (WebCore::SubframeLoader::requestPlugin): Ditto.
830         (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Deleted; moved implementation
831         to HTMLPlugInImageElement::allowedToLoadPluginContent().
832         (WebCore::SubframeLoader::requestObject): Deleted.
833         * loader/SubframeLoader.h:
834         * page/csp/ContentSecurityPolicy.cpp:
835         (WebCore::ContentSecurityPolicy::upgradeInsecureRequestIfNeeded): Changed signature from a non-const
836         function to a const function since these functions do not modify |this|.
837         * page/csp/ContentSecurityPolicy.h: 
838
839 2016-07-22  Chris Dumez  <cdumez@apple.com>
840
841         Parameters to Node.replaceChild() / insertBefore() should be mandatory
842         https://bugs.webkit.org/show_bug.cgi?id=160091
843
844         Reviewed by Darin Adler.
845
846         Parameters to Node.replaceChild() / insertBefore() should be mandatory:
847         - https://dom.spec.whatwg.org/#node
848
849         The compatibility risk should be low since Firefox and Chrome both agree
850         with the specification and because it does not make much sense to omit
851         parameters when using this API.
852
853         No new tests, rebaselined existing tests.
854
855         * bindings/js/JSNodeCustom.cpp:
856         (WebCore::JSNode::insertBefore):
857         (WebCore::JSNode::replaceChild):
858
859 2016-07-22  Chris Dumez  <cdumez@apple.com>
860
861         Parameter to Node.contains() should be mandatory
862         https://bugs.webkit.org/show_bug.cgi?id=160084
863
864         Reviewed by Darin Adler.
865
866         Parameter to Node.contains() should be mandatory as per the
867         specification:
868         - https://dom.spec.whatwg.org/#node
869
870         The compatibility risk should be low because both Firefox and Chrome
871         both agree with the specification. Also, it does not make much sense
872         to call this API without parameter.
873
874         No new tests, rebaselined existing tests.
875
876         * dom/Node.idl:
877
878 2016-07-22  Said Abou-Hallawa  <sabouhallawa@apple.com>
879
880         [iOS] REGRESSION(203378): PDFDocumentImage::updateCachedImageIfNeeded() uses the unscaled size when deciding whether to cache the PDF image
881         https://bugs.webkit.org/show_bug.cgi?id=159933
882
883         Reviewed by Simon Fraser.
884
885         We need to use the scaled size when deciding whether to cache the PDF image
886         or not. This is because ImageBuffer takes the display resolution into account
887         which gives higher resolution for the image when zooming.
888
889         * platform/graphics/cg/PDFDocumentImage.cpp:
890         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
891
892 2016-07-22  Chris Dumez  <cdumez@apple.com>
893
894         First parameter to getElementById() should be mandatory
895         https://bugs.webkit.org/show_bug.cgi?id=160087
896
897         Reviewed by Darin Adler.
898
899         First parameter to getElementById() should be mandatory:
900         - https://dom.spec.whatwg.org/#nonelementparentnode
901         - https://www.w3.org/TR/SVG/struct.html#InterfaceSVGSVGElement
902
903         Both Firefox and Chrome agree with the specification.
904
905         Test: svg/dom/SVGSVGElement-getElementById.html
906
907         * dom/NonElementParentNode.idl:
908         * svg/SVGSVGElement.idl:
909
910 2016-07-22  Chris Dumez  <cdumez@apple.com>
911
912         Parameter to Node.lookupPrefix() / lookupNamespaceURI() / isDefaultNamespace() should be mandatory
913         https://bugs.webkit.org/show_bug.cgi?id=160086
914
915         Reviewed by Darin Adler.
916
917         Parameter to Node.lookupPrefix() / lookupNamespaceURI() / isDefaultNamespace()
918         should be mandatory:
919         - https://dom.spec.whatwg.org/#node
920
921         Firefox and Chrome both agree with the specification.
922
923         No new tests, rebaselined existing tests.
924
925         * dom/Node.idl:
926
927 2016-07-22  Chris Dumez  <cdumez@apple.com>
928
929         Parameter to Node.compareDocumentPosition() should be mandatory and non-nullable
930         https://bugs.webkit.org/show_bug.cgi?id=160071
931
932         Reviewed by Ryosuke Niwa.
933
934         
935         Parameter to Node.compareDocumentPosition() should be mandatory and
936         non-nullable:
937         - https://dom.spec.whatwg.org/#interface-node
938
939         Firefox and Chrome agree with the specification so the compatibility
940         risk should be low. Also, it does not make much sense to call this
941         operation without parameter.
942
943         No new tests, rebaselined existing tests.
944
945         * accessibility/AccessibilityObject.cpp:
946         (WebCore::rangeClosestToRange):
947         * dom/AuthorStyleSheets.cpp:
948         (WebCore::AuthorStyleSheets::addStyleSheetCandidateNode):
949         * dom/Node.cpp:
950         (WebCore::compareDetachedElementsPosition):
951         (WebCore::Node::compareDocumentPosition):
952         * dom/Node.h:
953         * dom/Node.idl:
954         * dom/Position.h:
955         (WebCore::operator<):
956         * html/HTMLFormElement.cpp:
957         (WebCore::HTMLFormElement::formElementIndexWithFormAttribute):
958         (WebCore::HTMLFormElement::formElementIndex):
959         * rendering/RenderNamedFlowThread.cpp:
960         (WebCore::RenderNamedFlowThread::nextRendererForElement):
961         (WebCore::compareRenderNamedFlowFragments):
962         (WebCore::RenderNamedFlowThread::registerNamedFlowContentElement):
963
964 2016-07-22  Konstantin Tokarev  <annulen@yandex.ru>
965
966         [cmake] Removed obsolete plugins/win directory
967         https://bugs.webkit.org/show_bug.cgi?id=160081
968
969         Reviewed by Per Arne Vollan.
970
971         It was removed in r178219.
972
973         No new tests needed.
974
975         * PlatformWin.cmake:
976
977 2016-07-22  Youenn Fablet  <youenn@apple.com>
978
979         run-builtins-generator-tests should be able to test WebCore builtins wrapper with more than one file
980         https://bugs.webkit.org/show_bug.cgi?id=159921
981
982         Reviewed by Brian Burg.
983
984         Covered by existing and added built-ins tests.
985
986         Updating built system according ---wrappers-only new meaning.
987         builtin generator is now called for each individual built-in file plus once for WebCore wrapper files.
988         WebCore wrapper files allow handling things like conditionally guarded features.
989         They also remove the need to use built-ins macros outside generated code.
990
991         * CMakeLists.txt:
992         * DerivedSources.make:
993
994 2016-07-21  Frederic Wang  <fwang@igalia.com>
995
996         Move parsing of accentunder and accent attributes from renderer to element classes
997         https://bugs.webkit.org/show_bug.cgi?id=159625
998
999         Reviewed by Brent Fulgham.
1000
1001         We introduce a new MathMLUnderOverElement that is used for elements munder, mover and
1002         munderover in order to create RenderMathMLUnderOver and parse and expose the values of the
1003         accent and accentunder attributes. This is one more step toward moving MathML attribute
1004         parsing to the DOM (bug 156536). We also do minor clean-up for this and previous renderer
1005         classes that no longer do attribute parsing: the MathMLNames namespace is no longer necessary
1006         and constructors can take a more accurate element type.
1007
1008         No new tests, already covered by existing test.
1009
1010         * CMakeLists.txt: Add MathMLUnderOverElement files.
1011         * WebCore.xcodeproj/project.pbxproj: Ditto.
1012         * mathml/MathMLAllInOne.cpp: Ditto.
1013         * mathml/MathMLElement.cpp:
1014         (WebCore::MathMLElement::cachedBooleanAttribute): Add parsing of boolean attributes.
1015         * mathml/MathMLElement.h: New type and helper functions for boolean attributes.
1016         * mathml/MathMLInlineContainerElement.cpp:
1017         (WebCore::MathMLInlineContainerElement::createElementRenderer): Remove handling of
1018         under/over/underover elements.
1019         * mathml/MathMLScriptsElement.cpp:
1020         (WebCore::MathMLScriptsElement::MathMLScriptsElement): Remove inline keyword to avoid link
1021         errors now that MathMLUnderOverElement overrides that class.
1022         * mathml/MathMLScriptsElement.h: Allow MathMLUnderOverElement to override this class.
1023         * mathml/MathMLUnderOverElement.cpp:
1024         (WebCore::MathMLUnderOverElement::MathMLUnderOverElement):
1025         (WebCore::MathMLUnderOverElement::create):
1026         (WebCore::MathMLUnderOverElement::accent): Helper function to access the accent value.
1027         (WebCore::MathMLUnderOverElement::accentUnder): Helper function to access the accentunder value.
1028         (WebCore::MathMLUnderOverElement::parseAttribute): Make accent and accentunder dirty.
1029         (WebCore::MathMLUnderOverElement::createElementRenderer): Create RenderMathMLUnderOver
1030         * mathml/MathMLUnderOverElement.h:
1031         * mathml/mathtags.in: Map under/over/underover to MathMLUnderOverElement.
1032         * rendering/mathml/RenderMathMLFraction.cpp: Remove MathMLNames and make the constructor
1033         take a MathMLFractionElement.
1034         (WebCore::RenderMathMLFraction::RenderMathMLFraction):
1035         * rendering/mathml/RenderMathMLFraction.h:
1036         * rendering/mathml/RenderMathMLPadded.cpp: Remove MathMLNames and make the constructor
1037         take a MathMLPaddedElement.
1038         (WebCore::RenderMathMLPadded::RenderMathMLPadded):
1039         * rendering/mathml/RenderMathMLPadded.h:
1040         * rendering/mathml/RenderMathMLScripts.cpp: Remove MathMLNames and make the constructor
1041         take a MathMLScriptsElement. Also rename scriptsElement() to element().
1042         (WebCore::RenderMathMLScripts::RenderMathMLScripts):
1043         (WebCore::RenderMathMLScripts::element):
1044         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
1045         (WebCore::RenderMathMLScripts::scriptsElement): Deleted.
1046         * rendering/mathml/RenderMathMLScripts.h:
1047         * rendering/mathml/RenderMathMLUnderOver.cpp: Remove MathMLNames and make the constructor
1048         take a RenderMathMLUnderOver.
1049         (WebCore::RenderMathMLUnderOver::RenderMathMLUnderOver):
1050         (WebCore::RenderMathMLUnderOver::element):
1051         (WebCore::RenderMathMLUnderOver::hasAccent): Use the helper functions for accent and accentunder.
1052         * rendering/mathml/RenderMathMLUnderOver.h:
1053
1054 2016-07-21  Chris Dumez  <cdumez@apple.com>
1055
1056         Parameter to Node.isSameNode() / isEqualNode() should be mandatory
1057         https://bugs.webkit.org/show_bug.cgi?id=160070
1058
1059         Reviewed by Ryosuke Niwa.
1060
1061         Parameter to Node.isSameNode() / isEqualNode() should be mandatory as
1062         per the specification:
1063         - https://dom.spec.whatwg.org/#interface-node
1064
1065         Chrome and Firefox agree with the specification (although Firefox does
1066         not support isSameNode()).
1067
1068         No new tests, rebaselined existing tests.
1069
1070         * dom/Node.idl:
1071
1072 2016-07-21  Chris Dumez  <cdumez@apple.com>
1073
1074         Parameter to Document.createEvent() should be mandatory
1075         https://bugs.webkit.org/show_bug.cgi?id=160065
1076
1077         Reviewed by Darin Adler.
1078
1079         Parameter to Document.createEvent() should be mandatory as per the
1080         specification:
1081         - https://dom.spec.whatwg.org/#document
1082
1083         We already throw anyway when the parameter is omitted because we use
1084         "undefined" as event type, which is invalid. However, we throw the
1085         wrong exception.
1086
1087         Firefox and Chrome agree with the specification here.
1088
1089         No new tests, rebaselined existing tests.
1090
1091         * dom/Document.idl:
1092
1093 2016-07-21  Brian Burg  <bburg@apple.com>
1094
1095         REGRESSION(r62549): Objective-C DOM bindings sometimes fail to regenerate when CodeGenerator.pm is modified
1096         https://bugs.webkit.org/show_bug.cgi?id=160031
1097
1098         Reviewed by Darin Adler.
1099
1100         This bug was caused by a refactoring 6 years ago. Not all uses of a variable
1101         were renamed, so the ObjC bindings target pattern was not specifying any
1102         build scripts as target dependencies.
1103
1104         * DerivedSources.make: Standardize on {COMMON,JS,DOM}_BINDINGS_SCRIPTS.
1105
1106 2016-07-21  Darin Adler  <darin@apple.com>
1107
1108         Remove unneeded content attribute name "playsinline"
1109         https://bugs.webkit.org/show_bug.cgi?id=160069
1110
1111         Reviewed by Chris Dumez.
1112
1113         * html/HTMLVideoElement.idl: Removed explicit content attribute name on Reflect
1114         attribute since it is the same as the name that the code generator will generate.
1115
1116 2016-07-21  Chris Dumez  <cdumez@apple.com>
1117
1118         Make parameters to Element.getElementsBy*() operations mandatory
1119         https://bugs.webkit.org/show_bug.cgi?id=160060
1120
1121         Reviewed by Darin Adler.
1122
1123         Make parameters to Element.getElementsBy*() operations mandatory to
1124         match the specification:
1125         - https://dom.spec.whatwg.org/#interface-element
1126
1127         Firefox and Chrome agree with the specification so the compatibility
1128         risk should be low.
1129
1130         It makes very little sense to call these operations without parameter,
1131         especially considering WebKit uses the string "undefined" if the
1132         parameter is omitted.
1133
1134         No new tests, rebaselined existing tests.
1135
1136         * dom/Element.idl:
1137
1138 2016-07-21  Chris Dumez  <cdumez@apple.com>
1139
1140         Make parameters mandatory for attribute-related API on Element
1141         https://bugs.webkit.org/show_bug.cgi?id=160059
1142
1143         Reviewed by Ryosuke Niwa.
1144
1145         Make parameters mandatory for attribute-related API on Element to match
1146         the specification:
1147         - https://dom.spec.whatwg.org/#element
1148
1149         Firefox and Chrome agree with the specification. Calling this API
1150         without the parameters does not make much sense, especially considering
1151         WebKit uses the string "undefined" when the parameter is omitted.
1152
1153         No new tests, rebaselined existing tests.
1154
1155         * dom/Element.idl:
1156
1157 2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>
1158
1159         Remove support for deprecated SPI inlineMediaPlaybackRequiresPlaysInlineAttribute
1160         https://bugs.webkit.org/show_bug.cgi?id=160066
1161
1162         Reviewed by Dean Jackson.
1163
1164         r203520 deprecated inlineMediaPlaybackRequiresPlaysInlineAttribute in favor of
1165         allowsInlineMediaPlaybackWithPlaysInlineAttribute and
1166         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute. The old
1167         inlineMediaPlaybackRequiresPlaysInlineAttribute is SPI and was never released
1168         to the public. Therefore, it can be removed safely.
1169
1170         No new tests because there is no behavior change.
1171
1172         * page/Settings.cpp:
1173         * page/Settings.in:
1174         * testing/InternalSettings.cpp:
1175         (WebCore::InternalSettings::Backup::Backup): Deleted.
1176         (WebCore::InternalSettings::Backup::restoreTo): Deleted.
1177         (WebCore::InternalSettings::setInlineMediaPlaybackRequiresPlaysInlineAttribute): Deleted.
1178         * testing/InternalSettings.h:
1179         * testing/InternalSettings.idl:
1180
1181 2016-07-21  Dean Jackson  <dino@apple.com>
1182
1183         REGRESSION (r202927): The internal size of the ImageBuffer is scaled twice by the context scaleFactor
1184         https://bugs.webkit.org/show_bug.cgi?id=159981
1185         <rdar://problem/27429465>
1186
1187         Reviewed by Myles Maxfield.
1188
1189         The change to propagate color spaces through ImageBuffers created an
1190         alternate version of createCompatibleBuffer. This version accidentally
1191         attempted to take the display resolution (i.e. hidpi) into account
1192         when creating the buffer, which meant it was being applied twice.
1193
1194         The fix is simply to remove that logic. The caller of the method
1195         will take the resolution into account, the same way they did
1196         with the old createCompatibleBuffer method.
1197
1198         Test: fast/hidpi/pdf-image-scaled.html
1199
1200         * platform/graphics/cg/ImageBufferCG.cpp:
1201         (WebCore::ImageBuffer::createCompatibleBuffer): Don't calculate
1202         a resolution - just use the value of 1.0.
1203
1204 2016-07-21  John Wilander  <wilander@apple.com>
1205
1206         Block mixed content synchronous XHR
1207         https://bugs.webkit.org/show_bug.cgi?id=105462
1208         <rdar://problem/13666424>
1209
1210         Reviewed by Brent Fulgham.
1211
1212         Test: http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame.html
1213
1214         * loader/DocumentThreadableLoader.cpp:
1215         (WebCore::DocumentThreadableLoader::loadRequest):
1216
1217 2016-07-21  Chris Dumez  <cdumez@apple.com>
1218
1219         Make parameters to Document.getElementsBy*() operations mandatory
1220         https://bugs.webkit.org/show_bug.cgi?id=160050
1221
1222         Reviewed by Daniel Bates.
1223
1224         Make parameters to Document.getElementsBy*() operations mandatory to
1225         match the specification:
1226         - https://dom.spec.whatwg.org/#interface-document
1227
1228         Firefox and Chrome agree with the specification so the compatibility
1229         risk should be low.
1230
1231         It makes very little sense to call these operations without parameter,
1232         especially considering WebKit uses the string "undefined" if the
1233         parameter is omitted.
1234
1235         No new tests, rebaselined existing tests.
1236
1237         * dom/Document.idl:
1238
1239 2016-07-21  Nan Wang  <n_wang@apple.com>
1240
1241         AX: aria-label not being used correctly in accessible name calculation of heading
1242         https://bugs.webkit.org/show_bug.cgi?id=160009
1243
1244         Reviewed by Chris Fleizach.
1245
1246         Actually we are exposing the correct information for heading objects. On macOS, 
1247         VoiceOver should handle the logic that picks the right information to speak.
1248         On iOS, VoiceOver is speaking the static text child instead of the heading object.
1249         So we should set the accessibilityLabel of the static text based on the parent's 
1250         alternate label.
1251
1252         Test: accessibility/ios-simulator/heading-with-aria-label.html
1253
1254         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
1255         (-[WebAccessibilityObjectWrapper _accessibilityTraitsFromAncestors]):
1256
1257 2016-07-21  Saam Barati  <sbarati@apple.com>
1258
1259         op_add/ValueAdd should be an IC in all JIT tiers
1260         https://bugs.webkit.org/show_bug.cgi?id=159649
1261
1262         Reviewed by Benjamin Poulain.
1263
1264         * ForwardingHeaders/jit/JITMathICForwards.h: Added.
1265
1266 2016-07-21  Chris Dumez  <cdumez@apple.com>
1267
1268         Make parameters mandatory for Document.create*() operations
1269         https://bugs.webkit.org/show_bug.cgi?id=160047
1270
1271         Reviewed by Ryosuke Niwa.
1272
1273         Make parameters mandatory for Document.create*() operations:
1274         createTextNode(), createComment(), createCDataSection(),
1275         createAttribute() and createProcessingInstruction().
1276
1277         This matches the specification:
1278         - https://dom.spec.whatwg.org/#interface-document
1279
1280         Firefox and Chrome both agree with the specification so the
1281         compatibility risk should be low. Also WebKit uses the string
1282         "undefined" when the parameter is omitted, which is not very
1283         helpful.
1284
1285         No new tests, rebaselined existing tests.
1286
1287         * dom/Document.idl:
1288
1289 2016-07-21  Chris Dumez  <cdumez@apple.com>
1290
1291         Fix null handling of SVGAngle/SVGLength.valueAsString attribute
1292         https://bugs.webkit.org/show_bug.cgi?id=160025
1293
1294         Reviewed by Ryosuke Niwa.
1295
1296         Fix null handling of SVGAngle/SVGLength.valueAsString attribute
1297         to match the specification:
1298         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGAngle
1299         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGLength
1300
1301         In particular, this patch drops [TreatNullAs=EmptyString] IDL
1302         extended attribute from this attribute. This is not supposed
1303         to change behavior given that both "" and "null" are invalid
1304         numbers and the specification says to throw a SYNTAX_ERR in
1305         this case.
1306
1307         However, WebKit currently ignores assignments to "" instead
1308         of throwing. As a result, assigning to null will now throw
1309         instead of being ignored. The compatibility risk should be
1310         low because both Firefox and Chrome throw when assigning
1311         null.
1312
1313         I did not change the behavior when assigning to "" because
1314         it is a bit out of scope for this patch and browsers to not
1315         seem to agree:
1316         - Firefox throws
1317         - Chrome set value to "0"
1318         - WebKit ignores the assignment
1319
1320         The specification seems to agree with Firefox as far as I
1321         can tell given that "" is not a valid number as per:
1322         - https://www.w3.org/TR/css3-values/#numbers
1323
1324         Test: svg/dom/valueAsString-null.html
1325
1326         * svg/SVGAngle.idl:
1327         * svg/SVGLength.idl:
1328
1329 2016-07-21  Chris Dumez  <cdumez@apple.com>
1330
1331         Fix null handling of HTMLFontElement.color
1332         https://bugs.webkit.org/show_bug.cgi?id=160036
1333
1334         Reviewed by Ryosuke Niwa.
1335
1336         Fix null handling of HTMLFontElement.color to match the specification:
1337         - https://html.spec.whatwg.org/#htmlfontelement
1338
1339         We are supposed to treat null as the empty string. Both Firefox and
1340         Chrome agree with the specification.
1341
1342         No new tests, rebaselined existing tests.
1343
1344         * html/HTMLFontElement.idl:
1345
1346 2016-07-21  Chris Dumez  <cdumez@apple.com>
1347
1348         Fix null handling for several HTMLTableElement attributes
1349         https://bugs.webkit.org/show_bug.cgi?id=160041
1350
1351         Reviewed by Ryosuke Niwa.
1352
1353         Fix null handling for several HTMLTableElement attributes to match the
1354         specification:
1355         - https://html.spec.whatwg.org/#HTMLTableElement-partial
1356
1357         The attributes in question are 'bicolor', 'cellSpacing' and
1358         'cellPadding'. We are supposed to treat null as the empty string for
1359         these attributes.
1360
1361         Firefox and Chrome both agree with the specification.
1362
1363         No new tests, rebaselined existing tests.
1364
1365         * html/HTMLTableElement.idl:
1366
1367 2016-07-21  Chris Dumez  <cdumez@apple.com>
1368
1369         Fix null handling for HTMLObjectElement.border
1370         https://bugs.webkit.org/show_bug.cgi?id=160040
1371
1372         Reviewed by Ryosuke Niwa.
1373
1374         Fix null handling for HTMLObjectElement.border to match the specification:
1375         - https://html.spec.whatwg.org/#HTMLObjectElement-partial
1376
1377         We are supposed to treat null as the empty string.
1378
1379         Both Firefox and Chrome agree with the specification.
1380
1381         No new tests, rebaselined existing tests.
1382
1383         * html/HTMLObjectElement.idl:
1384
1385 2016-07-21  Chris Dumez  <cdumez@apple.com>
1386
1387         Fix null handling for td.bgColor / tr.bgColor
1388         https://bugs.webkit.org/show_bug.cgi?id=160043
1389
1390         Reviewed by Ryosuke Niwa.
1391
1392         Fix null handling for td.bgColor / tr.bgColor to match the
1393         specification:
1394         - https://html.spec.whatwg.org/#HTMLTableCellElement-partial
1395         - https://html.spec.whatwg.org/#HTMLTableRowElement-partial
1396
1397         We are supposed to treat null as the empty string.
1398
1399         Firefox and Chrome both agree with the specification.
1400
1401         No new tests, rebaselined existing tests.
1402
1403         * html/HTMLTableCellElement.idl:
1404         * html/HTMLTableRowElement.idl:
1405
1406 2016-07-21  Chris Dumez  <cdumez@apple.com>
1407
1408         Fix null handling for several HTMLBodyElement attributes
1409         https://bugs.webkit.org/show_bug.cgi?id=160044
1410
1411         Reviewed by Ryosuke Niwa.
1412
1413         Fix null handling for several HTMLBodyElement attributes to match the
1414         specification:
1415         - https://html.spec.whatwg.org/#HTMLBodyElement-partial
1416
1417         The attributes in question are: 'text', 'link', 'vlink', 'alink' and
1418         'bgcolor'.
1419
1420         We are supposed to treat null as the empty string for these attributes.
1421
1422         Firefox and Chrome both agree with the specification.
1423
1424         No new tests, rebaselined existing tests.
1425
1426         * html/HTMLBodyElement.idl:
1427
1428 2016-07-21  Chris Dumez  <cdumez@apple.com>
1429
1430         Fix null handling for HTMLIFrameElement.marginWidth / marginHeight
1431         https://bugs.webkit.org/show_bug.cgi?id=160037
1432
1433         Reviewed by Ryosuke Niwa.
1434
1435         Fix null handling for HTMLIFrameElement.marginWidth / marginHeight to
1436         match the specification:
1437         - https://html.spec.whatwg.org/#HTMLIFrameElement-partial
1438
1439         We are supposed to treat null as the empty string. Both Firefox and
1440         Chrome agree with the specification.
1441
1442         No new tests, rebaselined existing tests.
1443
1444         * html/HTMLIFrameElement.idl:
1445
1446 2016-07-21  Chris Dumez  <cdumez@apple.com>
1447
1448         Fix null handling for HTMLImageElement.border
1449         https://bugs.webkit.org/show_bug.cgi?id=160039
1450
1451         Reviewed by Ryosuke Niwa.
1452
1453         Fix null handling for HTMLImageElement.border to match the specification:
1454         - https://html.spec.whatwg.org/#HTMLImageElement-partial
1455
1456         We are supposed to treat null as the empty string.
1457
1458         Both Firefox and Chrome agree with the specification.
1459
1460         No new tests, rebaselined existing tests.
1461
1462         * html/HTMLImageElement.idl:
1463
1464 2016-07-21  Daniel Bates  <dabates@apple.com>
1465
1466         REGRESSION: Plugin replaced YouTube Flash videos always have the same width
1467         https://bugs.webkit.org/show_bug.cgi?id=159998
1468         <rdar://problem/27462285>
1469
1470         Reviewed by Simon Fraser.
1471
1472         Fixes an issue where the width of a plugin replaced YouTube video loaded via an HTML embed
1473         element would always have the same width regardless of value of the width attribute.
1474
1475         For YouTube Flash videos the YouTube plugin replacement substitutes a shadow DOM subtree
1476         for the default renderer of an HTML embed element. The root of this shadow DOM subtree
1477         is an HTML div element. Currently we set inline styles on this <div> when it is instantiated.
1478         In particular, we set inline display and position to "inline-block" and "relative", respectively,
1479         and set an invalid height and width (we specify a font weight value instead of a CSS length value
1480         - this causes an ASSERT_NOT_REACHED() assertion failure in StyleBuilderConverter::convertLengthSizing()
1481         in a debug build). These styles never worked as intended and we ultimately created an inline
1482         renderer (ignoring display "inline-block") that had auto width and height. Instead it is sufficient
1483         to remove all these inline styles and create a RenderBlockFlow renderer for this <div> so that it
1484         renders as a block, non-replaced element to achieve the intended illusion that the <embed> is a
1485         single element.
1486
1487         * html/shadow/YouTubeEmbedShadowElement.cpp: Remove unused header HTMLEmbedElement.h and include
1488         header RenderBlockFlow.h. Also update copyright in license block.
1489         (WebCore::YouTubeEmbedShadowElement::YouTubeEmbedShadowElement): Remove inline styles as these
1490         never worked as intended.
1491         (WebCore::YouTubeEmbedShadowElement::createElementRenderer): Override; create a block-flow
1492         renderer for us so that we layout as a block, non-replaced element.
1493         * html/shadow/YouTubeEmbedShadowElement.h:
1494
1495 2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>
1496
1497         [iPhone] Playing a video on tudou.com plays only sound, no video
1498         https://bugs.webkit.org/show_bug.cgi?id=159967
1499         <rdar://problem/26964090>
1500
1501         Reviewed by Jon Lee, Jeremy Jones, and Anders Carlsson.
1502
1503         WebKit recently starting honoring the playsinline and webkit-playsinline
1504         attribute on iPhones. However, because these attributes previously did
1505         nothing, some sites (such as Todou) were setting them on their content
1506         and expecting that they are not honored. In this specific case, the
1507         video is absolutely positioned to be 1 pixel x 1 pixel.
1508
1509         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
1510         property on their WKWebView, which would honor the webkit-playsinline
1511         attribute. Safari on iPhones didn't do this.
1512
1513         In order to not break these existing apps, it's important that the
1514         allowsInlineMediaPlayback preference still allows webkit-playsinline
1515         videos to play inline in apps using WKWebView. However, in Safari, these
1516         videos should play fullscreen. (Todou videos have webkit-playsinline
1517         but not playsinline.)
1518
1519         Therefore, in Safari, videos with playsinline should be inline, but
1520         videos with webkit-playsinline should be fullscreen. In apps using
1521         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
1522         playsinline should be inline, and videos with webkit-playsinline should
1523         also be inline. Videos on iPad and Mac should all be inline by default.
1524
1525         We can create some truth tables for the cases which need to be covered:
1526
1527         All apps on Mac / iPad:
1528         Presence of playsinline | Presence of webkit-playsinline | Result
1529         ========================|================================|===========
1530         Not present             | Not present                    | Inline
1531         Present                 | Not present                    | Inline
1532         Not Present             | Present                        | Inline
1533         Present                 | Present                        | Inline
1534
1535         Safari on iPhone:
1536         Presence of playsinline | Presence of webkit-playsinline | Result
1537         ========================|================================|===========
1538         Not present             | Not present                    | Fullscreen
1539         Present                 | Not present                    | Inline
1540         Not Present             | Present                        | Fullscreen
1541         Present                 | Present                        | Inline
1542
1543         App on iPhone which sets allowsInlineMediaPlayback:
1544         Presence of playsinline | Presence of webkit-playsinline | Result
1545         ========================|================================|===========
1546         Not present             | Not present                    | Fullscreen
1547         Present                 | Not present                    | Inline
1548         Not Present             | Present                        | Inline
1549         Present                 | Present                        | Inline
1550
1551         The way to distinguish Safari from another app is to create an SPI
1552         boolean preference which Safari can set. This is already how the
1553         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
1554         which Safari sets but other apps don't. However, this preference is
1555         no longer sufficient because Safari should now be discriminating
1556         between the playsinline and webkit-playsinline attributes. Therefore,
1557         this preference should be extended to two boolean preferences, which
1558         this patch adds:
1559
1560         allowsInlineMediaPlaybackWithPlaysInlineAttribute
1561         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
1562
1563         Safari on iPhone will set
1564         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
1565         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
1566         false. Other apps on iPhone will get their defaults values (because they
1567         are SPI) which means they will both be true. On iPad and Mac, apps will
1568         use the defaults values where both are false.
1569
1570         This patch adds support for these two preferences, but does not remove
1571         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
1572         I will remove the exising preference as soon as I update Safari to migrate
1573         off of it.
1574
1575         Test: media/video-playsinline.html
1576
1577         * html/MediaElementSession.cpp:
1578         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
1579         * page/Settings.cpp:
1580         * page/Settings.in:
1581         * testing/InternalSettings.cpp:
1582         (WebCore::InternalSettings::Backup::Backup):
1583         (WebCore::InternalSettings::Backup::restoreTo):
1584         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
1585         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
1586         * testing/InternalSettings.h:
1587         * testing/InternalSettings.idl:
1588
1589 2016-07-21  Ryosuke Niwa  <rniwa@webkit.org>
1590
1591         Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply
1592         https://bugs.webkit.org/show_bug.cgi?id=160011
1593
1594         Reviewed by Chris Dumez.
1595
1596         Add a null pointer check for renderer() call.
1597
1598         Unfortunately no new tests since we don't have a reproduction.
1599
1600         * editing/DeleteSelectionCommand.cpp:
1601         (WebCore::DeleteSelectionCommand::doApply):
1602
1603 2016-07-21  Chris Dumez  <cdumez@apple.com>
1604
1605         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
1606         https://bugs.webkit.org/show_bug.cgi?id=160030
1607
1608         Reviewed by Sam Weinig.
1609
1610         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
1611         as per the specification:
1612         - https://dom.spec.whatwg.org/#domimplementation
1613
1614         Firefox and Chrome both agree with the specification. However, those
1615         parameters were marked as optional in WebKit. Calling this function
1616         without parameters would create a document element whose tag is the
1617         string "undefined", which does not seem helpful. This patch thus
1618         aligns our behavior with the specification and other browsers.
1619
1620         No new tests, rebaselined existing tests.
1621
1622         * dom/DOMImplementation.idl:
1623
1624 2016-07-21  Chris Dumez  <cdumez@apple.com>
1625
1626         Kill legacy valueToStringWithNullCheck() utility function
1627         https://bugs.webkit.org/show_bug.cgi?id=159991
1628
1629         Reviewed by Sam Weinig.
1630
1631         Kill legacy valueToStringWithNullCheck() utility function. Treating null as
1632         a null string is legacy behavior so drop this function so that people are
1633         not tempted to use it. We should be using either:
1634         1. JSValue::toWTFString() for non-nullable DOMStrings
1635         2. valueToStringWithUndefinedOrNullCheck() for nullable DOMStrings
1636         3. valueToStringTreatingNullAsEmptyString() for strings with [TreatNullAs=EmptyString]
1637
1638         No new tests, no web-exposed behavior change.
1639
1640         * bindings/js/JSDOMBinding.cpp:
1641         (WebCore::valueToStringWithNullCheck): Deleted.
1642         * bindings/js/JSDOMBinding.h:
1643         * bindings/js/JSHTMLFrameElementCustom.cpp:
1644         (WebCore::JSHTMLFrameElement::setLocation):
1645         * html/HTMLFrameElement.idl:
1646
1647 2016-07-21  Zalan Bujtas  <zalan@apple.com>
1648
1649         Do not keep invalid IOSurface in ImageBufferData.
1650         https://bugs.webkit.org/show_bug.cgi?id=160005
1651         <rdar://problem/27208636>
1652
1653         Reviewed by Simon Fraser.
1654
1655         When we fail to initialize the IOSurface for the accelerated context, we switch over to
1656         the non-accelerated code path. Since ImageBufferData::surface is used to indicate whether
1657         the graphics context is in accelerated mode, we need to reset it when the initialization fails.
1658
1659         Unable to create a test case.
1660
1661         * platform/graphics/cg/ImageBufferCG.cpp:
1662         (WebCore::ImageBuffer::ImageBuffer):
1663
1664 2016-07-21  Chris Dumez  <cdumez@apple.com>
1665
1666         playsInline IDL attribute has the wrong casing
1667         https://bugs.webkit.org/show_bug.cgi?id=160029
1668         <rdar://problem/27474031>
1669
1670         Reviewed by Jon Lee.
1671
1672         Fix case from video.playsinline to video.playsInline in order to match
1673         the specification:
1674         - https://html.spec.whatwg.org/multipage/embedded-content.html#the-video-element:dom-video-playsinline
1675
1676         It still reflects the "playsinline" content attribute though, as per
1677         the specification:
1678         - https://html.spec.whatwg.org/multipage/embedded-content.html#dom-video-playsinline
1679
1680         No new tests, updated existing test.
1681
1682         * html/HTMLVideoElement.idl:
1683
1684 2016-07-21  Chris Dumez  <cdumez@apple.com>
1685
1686         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
1687         https://bugs.webkit.org/show_bug.cgi?id=160026
1688
1689         Reviewed by Sam Weinig.
1690
1691         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
1692         attribute as it does not match the specification:
1693         - https://html.spec.whatwg.org/multipage/scripting.html#canvascompositing
1694
1695         It does not change web-exposed behavior because assigning to "" or "null"
1696         gets ignored as those are not valid operations.
1697
1698         Test: fast/canvas/context-globalCompositeOperation-null.html
1699
1700         * html/canvas/CanvasRenderingContext2D.idl:
1701
1702 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
1703
1704         [GTK][Threaded Compositor] Overlay scrollbars shouldn't be a requirement of the threaded compositor
1705         https://bugs.webkit.org/show_bug.cgi?id=160020
1706
1707         Reviewed by Michael Catanzaro.
1708
1709         It has been a requirement only because we didn't really know why frame scrollbars were not rendered when using
1710         the threaded compositor. The reason is that RenderView doesn't use layers for FrameView scrollbars by default,
1711         unless using overlay scrollbars. When using the threaded compositor we really need layers for the FrameView
1712         scrollbars even when not using overlay scrollbars.
1713
1714         * platform/gtk/ScrollbarThemeGtk.cpp:
1715         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk): Stop enforcing overlay scrollbars when threaded compositor is enabled.
1716         * rendering/RenderLayerCompositor.cpp:
1717         (WebCore::RenderLayerCompositor::shouldCompositeOverflowControls): Always use layers for scrollbars when
1718         threaded compositor is enabled.
1719
1720 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
1721
1722         [Cairo] Fix a crash in fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
1723         https://bugs.webkit.org/show_bug.cgi?id=160014
1724
1725         Reviewed by Michael Catanzaro.
1726
1727         In r202887 some null checks were added for JSArray::createUninitialized (and related) but not for the
1728         ImageBuffer cairo implementation.
1729
1730         * platform/graphics/cairo/ImageBufferCairo.cpp:
1731         (WebCore::getImageData): Return early if Uint8ClampedArray::createUninitialized() returns nullptr.
1732
1733 2016-07-21  Miguel Gomez  <magomez@igalia.com>
1734
1735         [GTK] The GSTREAMER_GL path in MediaPlayerPrivateGStreamerBase::paintToTextureMapper() is missing a mutex lock
1736         https://bugs.webkit.org/show_bug.cgi?id=160018
1737
1738         Reviewed by Philippe Normand.
1739
1740         Lock the video sample mutex while accessing it.
1741
1742         Covered by existent tests.
1743
1744         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1745         (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
1746
1747 2016-07-21  Miguel Gomez  <magomez@igalia.com>
1748
1749         [Threaded Compositor] Flickering when zooming in/out in maps.google.com
1750         https://bugs.webkit.org/show_bug.cgi?id=154069
1751
1752         Reviewed by Carlos Garcia Campos.
1753
1754         Add a new extra buffer to GraphicsContext3D when using the Threaded Compositor,
1755         so it doesn't have to reuse the buffers that are still waiting for composition.
1756
1757         Covered by existing tests.
1758
1759         * platform/graphics/GraphicsContext3D.h:
1760         Add a new texture to use for the rendering. Remove the compositor fbo we were using.
1761         * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
1762         (WebCore::GraphicsContext3D::GraphicsContext3D):
1763         Initialize the new texture and remove the previous fbo related code.
1764         (WebCore::GraphicsContext3D::~GraphicsContext3D):
1765         Properly destroy the new texture and remove the previous fbo related code.
1766         * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
1767         (WebCore::GraphicsContext3D::reshapeFBOs):
1768         Allocate the new texture and remove the previous fbo allocation.
1769         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
1770         (WebCore::GraphicsContext3D::prepareTexture):
1771         Use a single fbo with three textures instead of two fbos with a texture each.
1772         Rotate the three textures usage so:
1773         - m_texture becomes m_compositorTexture to be pushed to the compositor.
1774         - m_intermediateTexture becomes m_texture to receive the next rendering.
1775         - m_compositorTexture becomes m_intermediateTexture.
1776         And add a glFlush() to ensure that the gl commands are sent to the pipeline.
1777         * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
1778         (WebCore::GraphicsContext3D::reshapeFBOs):
1779         Allocate the new texture.
1780
1781 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
1782
1783         [GTK][Threaded Compositor] Web view background colors don't work
1784         https://bugs.webkit.org/show_bug.cgi?id=159465
1785
1786         Reviewed by Michael Catanzaro.
1787
1788         * rendering/RenderLayerBacking.cpp:
1789         (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): Initialize frame view layer opacity for platforms not
1790         using the tiled cache layer.
1791
1792 2016-07-20  Youenn Fablet  <youenn@apple.com>
1793
1794         [XHR] Cache response JS object in case of arraybuffer and blob response types
1795         https://bugs.webkit.org/show_bug.cgi?id=128903
1796
1797         Reviewed by Alex Christensen.
1798
1799         Covered by existing and modified tests.
1800
1801         Making response getter a JS builtin that caches response in @response private slot.
1802         Handling invalidation of cached response with @responseCacheIsValid new private method.
1803         Handling creation of cached response with @retrieveResponse new private method which reuses most of
1804         JSXMLHttpRequest::response previous code.
1805
1806         Caching of responses is activated whenever load ended without any error for blob and arraybuffer response types.
1807
1808         Caching of response for document is also activated in case the response getter is used but not if responseXML getter is used.
1809
1810         * CMakeLists.txt: Adding XMLHttpRequest.js.
1811         * DerivedSources.make: Ditto.
1812         * bindings/js/JSXMLHttpRequestCustom.cpp:
1813         (WebCore::JSXMLHttpRequest::retrieveResponse): Implements creation of to-be-cached response.
1814         (WebCore::JSXMLHttpRequest::response): Deleted.
1815         * bindings/js/WebCoreBuiltinNames.h: Adding new private names.
1816         * xml/XMLHttpRequest.cpp:
1817         (WebCore::XMLHttpRequest::didCacheResponse): Renamed from didCacheResponseJSON as all response types are now cached.
1818         (WebCore::XMLHttpRequest::didCacheResponseJSON): Deleted.
1819         * xml/XMLHttpRequest.h:
1820         * xml/XMLHttpRequest.idl:
1821
1822 2016-07-20  Youenn Fablet  <youenn@apple.com>
1823
1824         Remove crossOriginRequestPolicy from ThreadableLoaderOptions
1825         https://bugs.webkit.org/show_bug.cgi?id=159417
1826
1827         Reviewed by Alex Christensen.
1828
1829         No observable change.
1830
1831         * Modules/fetch/FetchLoader.cpp:
1832         (WebCore::FetchLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
1833         * fileapi/FileReaderLoader.cpp:
1834         (WebCore::FileReaderLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
1835         * inspector/InspectorNetworkAgent.cpp:
1836         (WebCore::InspectorNetworkAgent::loadResource): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
1837         * loader/DocumentThreadableLoader.cpp:
1838         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
1839         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest): UseAccessControl -> FetchOptions::Mode::Cors.
1840         (WebCore::DocumentThreadableLoader::redirectReceived): Ditto.
1841         (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
1842         (WebCore::DocumentThreadableLoader::loadRequest): Use NoCors as option passed to ResourceLoader. This allows
1843         desactivating ResourceLoader CORS checks as they are done in DocumentThreadableLoader right now. In the future,
1844         these checks should be moved to ResourceLoader and DocumentThreadableLoader should directly pass the fetch mode
1845         option.
1846         (WebCore::DocumentThreadableLoader::isAllowedRedirect): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
1847         * loader/ThreadableLoader.cpp:
1848         (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing CrossOriginRequestPolicy.
1849         * loader/ThreadableLoader.h: Ditto.
1850         * loader/WorkerThreadableLoader.cpp:
1851         (WebCore::LoaderTaskOptions::LoaderTaskOptions): Ditto.
1852         * page/EventSource.cpp:
1853         (WebCore::EventSource::connect): UseAccessControl -> FetchOptions::Mode::Cors.
1854         * workers/Worker.cpp:
1855         (WebCore::Worker::create): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
1856         * workers/WorkerGlobalScope.cpp:
1857         (WebCore::WorkerGlobalScope::importScripts): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
1858         * workers/WorkerScriptLoader.cpp:
1859         (WebCore::WorkerScriptLoader::loadSynchronously):
1860         (WebCore::WorkerScriptLoader::loadAsynchronously):
1861         * workers/WorkerScriptLoader.h:
1862         * xml/XMLHttpRequest.cpp:
1863         (WebCore::XMLHttpRequest::createRequest):
1864
1865 2016-07-20  Chris Dumez  <cdumez@apple.com>
1866
1867         Fix null handling of several Document attributes
1868         https://bugs.webkit.org/show_bug.cgi?id=159997
1869
1870         Reviewed by Ryosuke Niwa.
1871
1872         Fix null handling of the following Document attributes: title, cookie
1873         and domain.
1874
1875         In WebKit, they were all marked as [TreatNullAs=EmptyString], which
1876         does not match the specification:
1877         - https://html.spec.whatwg.org/multipage/dom.html#document
1878
1879         Details for each attribute:
1880         - title: null is now treated as the string "null", thus setting the
1881           document title to "null". This matches Firefox and Chrome.
1882         - cookie: adds a "null" cookie instead of being a no-op. This matches
1883                   both Firefox and Chrome.
1884         - domain: Calls setDomain(String("null")) instead of
1885                   setDomain(String()). This throws an exception because "null"
1886                   is not a suffix of the effective domain name. The behavior
1887                   is the same in Firefox and Chrome. Previously, we were
1888                   already throwing an exception since setting the domain to
1889                   the empty string throws, as per the specification.
1890
1891         Test: http/tests//dom/document-attributes-null-handling.html
1892
1893         * dom/Document.idl:
1894
1895 2016-07-20  Commit Queue  <commit-queue@webkit.org>
1896
1897         Unreviewed, rolling out r203471.
1898         https://bugs.webkit.org/show_bug.cgi?id=160003
1899
1900         many iOS-simulator tests are failing (Requested by litherum on
1901         #webkit).
1902
1903         Reverted changeset:
1904
1905         "[iPhone] Playing a video on tudou.com plays only sound, no
1906         video"
1907         https://bugs.webkit.org/show_bug.cgi?id=159967
1908         http://trac.webkit.org/changeset/203471
1909
1910 2016-07-19  Ryosuke Niwa  <rniwa@webkit.org>
1911
1912         iOS: Cannot paste images in RTF content
1913         https://bugs.webkit.org/show_bug.cgi?id=159964
1914         <rdar://problem/27442806>
1915
1916         Reviewed by Enrica Casucci.
1917
1918         The bug was caused by setDefersLoading(true) not deferring image loading for the parsed fragment.
1919         Worked around this bug by disabling image loading while parsing the document fragment.
1920
1921         * editing/ios/EditorIOS.mm:
1922         (WebCore::Editor::createFragmentAndAddResources):
1923
1924 2016-07-20  Brady Eidson  <beidson@apple.com>
1925
1926         Address a small FIXME in IDB code.
1927         https://bugs.webkit.org/show_bug.cgi?id=159999
1928
1929         Reviewed by Andy Estes.
1930
1931         No new tests (No behavior change).
1932
1933         * Modules/indexeddb/IDBRequest.cpp:
1934         (WebCore::IDBRequest::IDBRequest):
1935         
1936         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
1937         (WebCore::IDBResourceIdentifier::IDBResourceIdentifier): Deleted.
1938         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
1939
1940 2016-07-20  Brady Eidson  <beidson@apple.com>
1941
1942         Remove some "modernFoo"s from IndexedDB code.
1943         https://bugs.webkit.org/show_bug.cgi?id=159985
1944
1945         Reviewed by Andy Estes.
1946
1947         No new tests (No known behavior change).
1948
1949         * Modules/indexeddb/IDBCursor.cpp:
1950         (WebCore::IDBCursor::IDBCursor):
1951         (WebCore::IDBCursor::~IDBCursor):
1952         (WebCore::IDBCursor::sourcesDeleted):
1953         (WebCore::IDBCursor::effectiveObjectStore):
1954         (WebCore::IDBCursor::transaction):
1955         (WebCore::IDBCursor::direction):
1956         (WebCore::IDBCursor::update):
1957         (WebCore::IDBCursor::advance):
1958         (WebCore::IDBCursor::continueFunction):
1959         (WebCore::IDBCursor::uncheckedIterateCursor):
1960         (WebCore::IDBCursor::deleteFunction):
1961         (WebCore::IDBCursor::setGetResult):
1962         
1963         * Modules/indexeddb/IDBIndex.cpp:
1964         (WebCore::IDBIndex::IDBIndex):
1965         (WebCore::IDBIndex::~IDBIndex):
1966         (WebCore::IDBIndex::hasPendingActivity):
1967         (WebCore::IDBIndex::name):
1968         (WebCore::IDBIndex::objectStore):
1969         (WebCore::IDBIndex::keyPath):
1970         (WebCore::IDBIndex::unique):
1971         (WebCore::IDBIndex::multiEntry):
1972         (WebCore::IDBIndex::openCursor):
1973         (WebCore::IDBIndex::doCount):
1974         (WebCore::IDBIndex::openKeyCursor):
1975         (WebCore::IDBIndex::doGet):
1976         (WebCore::IDBIndex::doGetKey):
1977         (WebCore::IDBIndex::markAsDeleted):
1978         * Modules/indexeddb/IDBIndex.h:
1979         
1980         * Modules/indexeddb/IDBObjectStore.cpp:
1981         (WebCore::IDBObjectStore::transaction):
1982         (WebCore::IDBObjectStore::deleteFunction): Deleted.
1983         (WebCore::IDBObjectStore::modernDelete): Deleted.
1984         * Modules/indexeddb/IDBObjectStore.h:
1985         
1986         * bindings/js/JSIDBIndexCustom.cpp:
1987         (WebCore::JSIDBIndex::visitAdditionalChildren):
1988
1989 2016-07-20  Chris Dumez  <cdumez@apple.com>
1990
1991         Stop using valueToStringWithNullCheck() in JSCSSStyleDeclaration::putDelegate()
1992         https://bugs.webkit.org/show_bug.cgi?id=159982
1993
1994         Reviewed by Ryosuke Niwa.
1995
1996         valueToStringWithNullCheck() treats null as the null String() which is
1997         legacy / non standard behavior. The specification says we should treat
1998         null as the empty string:
1999         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
2000
2001         Therefore, we should be using valueToStringTreatingNullAsEmptyString() instead.
2002
2003         In practice, there is no web-exposed behavior change because
2004         MutableStyleProperties::setProperty() removes the property wether the
2005         value is the null String or the empty String.
2006
2007         This behavior is correct since the specification says that we should
2008         remove the property if the value is the empty string:
2009         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty (step 4)
2010
2011         I added test coverage to make sure we behave according to specification.
2012         This test is passing in Firefox, Chrome and in WebKit (before and after
2013         my change).
2014
2015         Test: fast/css/CSSStyleDeclaration-property-setter.html
2016
2017         * bindings/js/JSCSSStyleDeclarationCustom.cpp:
2018         (WebCore::JSCSSStyleDeclaration::putDelegate):
2019
2020 2016-07-20  Chris Dumez  <cdumez@apple.com>
2021
2022         Fix null handling of HTMLFrameElement.marginWidth / marginHeight
2023         https://bugs.webkit.org/show_bug.cgi?id=159987
2024
2025         Reviewed by Ryosuke Niwa.
2026
2027         Fix null handling of HTMLFrameElement.marginWidth / marginHeight:
2028         - https://html.spec.whatwg.org/multipage/obsolete.html#htmlframeelement
2029
2030         We are supposed to treat null as the empty string but we treat it as
2031         the string "null".
2032
2033         Firefox and Chrome both match the specification.
2034
2035         No new tests, updated existing tests.
2036
2037         * html/HTMLFrameElement.idl:
2038
2039 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
2040
2041         Pausing autoplayed media should not remove all restrictions for that media element
2042         https://bugs.webkit.org/show_bug.cgi?id=159988
2043
2044         Reviewed by Jon Lee.
2045
2046         Localizes the removal of behavior restrictions introduced in r203464 upon pausing an
2047         autoplaying video to just affect the hiding or showing of the media controller. This
2048         prevents pages from using Javascript to start playing autoplaying videos that have
2049         been paused by the user.
2050
2051         * html/HTMLMediaElement.cpp:
2052         (WebCore::HTMLMediaElement::pause):
2053
2054 2016-07-20  Myles C. Maxfield  <mmaxfield@apple.com>
2055
2056         [iPhone] Playing a video on tudou.com plays only sound, no video
2057         https://bugs.webkit.org/show_bug.cgi?id=159967
2058         <rdar://problem/26964090>
2059
2060         Reviewed by Jon Lee.
2061
2062         WebKit recently starting honoring the playsinline and webkit-playsinline
2063         attribute on iPhones. However, because these attributes previously did
2064         nothing, some sites (such as Todou) were setting them on their content
2065         and expecting that they are not honored. In this specific case, the
2066         video is absolutely positioned to be 1 pixel x 1 pixel.
2067
2068         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
2069         property on their WKWebView, which would honor the webkit-playsinline
2070         attribute. Safari on iPhones didn't do this.
2071
2072         In order to not break these existing apps, it's important that the
2073         allowsInlineMediaPlayback preference still allows webkit-playsinline
2074         videos to play inline in apps using WKWebView. However, in Safari, these
2075         videos should play fullscreen. (Todou videos have webkit-playsinline
2076         but not playsinline.)
2077
2078         Therefore, in Safari, videos with playsinline should be inline, but
2079         videos with webkit-playsinline should be fullscreen. In apps using
2080         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
2081         playsinline should be inline, and videos with webkit-playsinline should
2082         also be inline. Videos on iPad and Mac should all be inline by default.
2083
2084         We can create some truth tables for the cases which need to be covered:
2085
2086         All apps on Mac / iPad:
2087         Presence of playsinline | Presence of webkit-playsinline | Result
2088         ========================|================================|===========
2089         Not present             | Not present                    | Inline
2090         Present                 | Not present                    | Inline
2091         Not Present             | Present                        | Inline
2092         Present                 | Present                        | Inline
2093
2094         Safari on iPhone:
2095         Presence of playsinline | Presence of webkit-playsinline | Result
2096         ========================|================================|===========
2097         Not present             | Not present                    | Fullscreen
2098         Present                 | Not present                    | Inline
2099         Not Present             | Present                        | Fullscreen
2100         Present                 | Present                        | Inline
2101
2102         App on iPhone which sets allowsInlineMediaPlayback:
2103         Presence of playsinline | Presence of webkit-playsinline | Result
2104         ========================|================================|===========
2105         Not present             | Not present                    | Fullscreen
2106         Present                 | Not present                    | Inline
2107         Not Present             | Present                        | Inline
2108         Present                 | Present                        | Inline
2109
2110         The way to distinguish Safari from another app is to create an SPI
2111         boolean preference which Safari can set. This is already how the
2112         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
2113         which Safari sets but other apps don't. However, this preference is
2114         no longer sufficient because Safari should now be discriminating
2115         between the playsinline and webkit-playsinline attributes. Therefore,
2116         this preference should be extended to two boolean preferences, which
2117         this patch adds:
2118
2119         allowsInlineMediaPlaybackWithPlaysInlineAttribute
2120         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
2121
2122         Safari on iPhone will set
2123         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
2124         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
2125         false. Other apps on iPhone will get their defaults values (because they
2126         are SPI) which means they will both be true. On iPad and Mac, apps will
2127         use the defaults values where both are false.
2128
2129         This patch adds support for these two preferences, but does not remove
2130         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
2131         I will remove the exising preference as soon as I update Safari to migrate
2132         off of it.
2133
2134         Test: media/video-playsinline.html
2135
2136         * html/MediaElementSession.cpp:
2137         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
2138         * page/Settings.cpp:
2139         * page/Settings.in:
2140         * testing/InternalSettings.cpp:
2141         (WebCore::InternalSettings::Backup::Backup):
2142         (WebCore::InternalSettings::Backup::restoreTo):
2143         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
2144         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
2145         * testing/InternalSettings.h:
2146         * testing/InternalSettings.idl:
2147
2148 2016-07-20  Chris Dumez  <cdumez@apple.com>
2149
2150         Get rid of custom bindings code for XMLHttpRequest.open()
2151         https://bugs.webkit.org/show_bug.cgi?id=159984
2152
2153         Reviewed by Ryosuke Niwa.
2154
2155         Get rid of custom bindings code for XMLHttpRequest.open() as the
2156         bindings generator is able to generate it.
2157
2158         Relevant specification:
2159         - https://xhr.spec.whatwg.org/#xmlhttprequest
2160
2161         The issue is that legacy content prevents treating the 'async' argument
2162         being undefined identical from it being omitted. However, this can be
2163         achieved by using overloading in IDL, like in the specification.
2164
2165         No new tests, already covered by the following tests:
2166         - http/tests/xmlhttprequest/basic-auth.html
2167         - http/tests/xmlhttprequest/open-async-overload.html
2168
2169         * bindings/js/JSXMLHttpRequestCustom.cpp:
2170         (WebCore::SendFunctor::SendFunctor): Deleted.
2171         (WebCore::SendFunctor::line): Deleted.
2172         (WebCore::SendFunctor::column): Deleted.
2173         (WebCore::SendFunctor::url): Deleted.
2174         (WebCore::SendFunctor::operator()): Deleted.
2175         * xml/XMLHttpRequest.cpp:
2176         (WebCore::XMLHttpRequest::open):
2177         * xml/XMLHttpRequest.h:
2178         * xml/XMLHttpRequest.idl:
2179
2180 2016-07-20  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
2181
2182         Mark overriden methods in WebCore/svg final classes as final
2183         https://bugs.webkit.org/show_bug.cgi?id=159966
2184
2185         Reviewed by Michael Catanzaro.
2186
2187         Update WebCore/svg classes so that overriden methods in final classes are marked final.
2188
2189         * svg/SVGAElement.h:
2190         * svg/SVGAltGlyphDefElement.h:
2191         * svg/SVGAltGlyphItemElement.h:
2192         * svg/SVGAnimateTransformElement.h:
2193         * svg/SVGAnimatedColor.h:
2194         * svg/SVGCircleElement.h:
2195         * svg/SVGClipPathElement.h:
2196         * svg/SVGCursorElement.h:
2197         * svg/SVGDefsElement.h:
2198         * svg/SVGDescElement.h:
2199         * svg/SVGEllipseElement.h:
2200         * svg/SVGFEMergeNodeElement.h:
2201         * svg/SVGFilterElement.h:
2202         * svg/SVGFontElement.h:
2203         * svg/SVGFontFaceElement.h:
2204         * svg/SVGFontFaceFormatElement.h:
2205         * svg/SVGFontFaceNameElement.h:
2206         * svg/SVGFontFaceSrcElement.h:
2207         * svg/SVGFontFaceUriElement.h:
2208         * svg/SVGForeignObjectElement.h:
2209         * svg/SVGGElement.h:
2210         * svg/SVGGlyphElement.h:
2211         * svg/SVGGlyphRefElement.h:
2212         * svg/SVGHKernElement.h:
2213         * svg/SVGImageElement.h:
2214         * svg/SVGLineElement.h:
2215         * svg/SVGMPathElement.h:
2216         * svg/SVGMaskElement.h:
2217         * svg/SVGMetadataElement.h:
2218         * svg/SVGMissingGlyphElement.h:
2219         * svg/SVGPathBuilder.h:
2220         * svg/SVGPathByteStreamBuilder.h:
2221         * svg/SVGPathByteStreamSource.h:
2222         * svg/SVGPathElement.h:
2223         * svg/SVGPathSegArcAbs.h:
2224         * svg/SVGPathSegArcRel.h:
2225         * svg/SVGPathSegClosePath.h:
2226         * svg/SVGPathSegCurvetoCubicAbs.h:
2227         * svg/SVGPathSegCurvetoCubicRel.h:
2228         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
2229         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
2230         * svg/SVGPathSegCurvetoQuadraticAbs.h:
2231         * svg/SVGPathSegCurvetoQuadraticRel.h:
2232         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
2233         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
2234         * svg/SVGPathSegLinetoAbs.h:
2235         * svg/SVGPathSegLinetoHorizontalAbs.h:
2236         * svg/SVGPathSegLinetoHorizontalRel.h:
2237         * svg/SVGPathSegLinetoRel.h:
2238         * svg/SVGPathSegLinetoVerticalAbs.h:
2239         * svg/SVGPathSegLinetoVerticalRel.h:
2240         * svg/SVGPathSegListBuilder.h:
2241         * svg/SVGPathSegListSource.h:
2242         * svg/SVGPathSegMovetoAbs.h:
2243         * svg/SVGPathSegMovetoRel.h:
2244         * svg/SVGPathStringSource.h:
2245         * svg/SVGPathTraversalStateBuilder.h:
2246         * svg/SVGPatternElement.h:
2247         * svg/SVGRectElement.h:
2248         * svg/SVGScriptElement.h:
2249         * svg/SVGStopElement.h:
2250         * svg/SVGStyleElement.h:
2251         * svg/SVGSwitchElement.h:
2252         * svg/SVGTRefElement.cpp:
2253         * svg/SVGTitleElement.h:
2254         * svg/SVGToOTFFontConversion.cpp:
2255         * svg/SVGUnknownElement.h:
2256         * svg/SVGVKernElement.h:
2257         * svg/SVGViewElement.h:
2258         * svg/SVGZoomEvent.h:
2259         * svg/animation/SVGSMILElement.cpp:
2260         * svg/graphics/SVGImage.h:
2261         * svg/graphics/SVGImageClients.h:
2262         * svg/graphics/SVGImageForContainer.h:
2263         * svg/graphics/filters/SVGFEImage.h:
2264         * svg/graphics/filters/SVGFilter.h:
2265         * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
2266         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
2267         * svg/properties/SVGAnimatedPropertyTearOff.h:
2268         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
2269         * svg/properties/SVGMatrixTearOff.h:
2270         * svg/properties/SVGPathSegListPropertyTearOff.h:
2271
2272 2016-07-20  Brady Eidson  <beidson@apple.com>
2273
2274         Transition most IDB interfaces from ScriptExecutionContext to ExecState.
2275         https://bugs.webkit.org/show_bug.cgi?id=159975
2276
2277         Reviewed by Alex Christensen.
2278
2279         No new tests (No known behavior change).
2280
2281         * Modules/indexeddb/IDBCursor.cpp:
2282         (WebCore::IDBCursor::continueFunction):
2283         (WebCore::IDBCursor::deleteFunction):
2284         * Modules/indexeddb/IDBCursor.h:
2285         * Modules/indexeddb/IDBCursor.idl:
2286
2287         * Modules/indexeddb/IDBDatabase.idl:
2288
2289         * Modules/indexeddb/IDBFactory.cpp:
2290         (WebCore::IDBFactory::cmp):
2291         * Modules/indexeddb/IDBFactory.h:
2292         * Modules/indexeddb/IDBFactory.idl:
2293
2294         * Modules/indexeddb/IDBIndex.cpp:
2295         (WebCore::IDBIndex::openCursor):
2296         (WebCore::IDBIndex::count):
2297         (WebCore::IDBIndex::doCount):
2298         (WebCore::IDBIndex::openKeyCursor):
2299         (WebCore::IDBIndex::get):
2300         (WebCore::IDBIndex::doGet):
2301         (WebCore::IDBIndex::getKey):
2302         (WebCore::IDBIndex::doGetKey):
2303         * Modules/indexeddb/IDBIndex.h:
2304         * Modules/indexeddb/IDBIndex.idl:
2305
2306         * Modules/indexeddb/IDBKeyRange.cpp:
2307         (WebCore::IDBKeyRange::only): Deleted.
2308         * Modules/indexeddb/IDBKeyRange.h:
2309
2310         * Modules/indexeddb/IDBObjectStore.cpp:
2311         (WebCore::IDBObjectStore::openCursor):
2312         (WebCore::IDBObjectStore::get):
2313         (WebCore::IDBObjectStore::putOrAdd):
2314         (WebCore::IDBObjectStore::deleteFunction):
2315         (WebCore::IDBObjectStore::doDelete):
2316         (WebCore::IDBObjectStore::modernDelete):
2317         (WebCore::IDBObjectStore::clear):
2318         (WebCore::IDBObjectStore::createIndex):
2319         (WebCore::IDBObjectStore::count):
2320         (WebCore::IDBObjectStore::doCount):
2321         * Modules/indexeddb/IDBObjectStore.h:
2322         * Modules/indexeddb/IDBObjectStore.idl:
2323
2324         * Modules/indexeddb/IDBTransaction.cpp:
2325         (WebCore::IDBTransaction::requestOpenCursor):
2326         (WebCore::IDBTransaction::doRequestOpenCursor):
2327         (WebCore::IDBTransaction::requestGetRecord):
2328         (WebCore::IDBTransaction::requestGetValue):
2329         (WebCore::IDBTransaction::requestGetKey):
2330         (WebCore::IDBTransaction::requestIndexRecord):
2331         (WebCore::IDBTransaction::requestCount):
2332         (WebCore::IDBTransaction::requestDeleteRecord):
2333         (WebCore::IDBTransaction::requestClearObjectStore):
2334         (WebCore::IDBTransaction::requestPutOrAdd):
2335         * Modules/indexeddb/IDBTransaction.h:
2336
2337         * inspector/InspectorIndexedDBAgent.cpp:
2338
2339 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
2340
2341         Media controls don't appear when pausing a small autoplaying video
2342         https://bugs.webkit.org/show_bug.cgi?id=159972
2343         <rdar://problem/27180657>
2344
2345         Reviewed by Beth Dakin.
2346
2347         When pausing an autoplaying video, remove behavior restrictions for the
2348         initial user gesture and show media controls.
2349
2350         New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.
2351
2352         * html/HTMLMediaElement.cpp:
2353         (WebCore::HTMLMediaElement::pause):
2354
2355 2016-07-20  Chris Dumez  <cdumez@apple.com>
2356
2357         Fix null handling of HTMLMediaElement.mediaGroup
2358         https://bugs.webkit.org/show_bug.cgi?id=159974
2359
2360         Reviewed by Eric Carlson.
2361
2362         Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
2363         - https://www.w3.org/TR/html5/embedded-content-0.html#media-elements
2364
2365         null is supposed to be treated as the String "null". This patch aligns
2366         our behavior with the specification. I tested Firefox and Chrome but both
2367         do not have this attribute on HTMLMediaElement.
2368
2369         Also remove support for [TreatNullAs=LegacyNullString] from our bindings
2370         generator as HTMLMediaElement.mediaGroup was the last user.
2371
2372         No new tests, rebaselined existing test.
2373
2374         * bindings/scripts/CodeGeneratorJS.pm:
2375         (JSValueToNative):
2376         * bindings/scripts/IDLAttributes.txt:
2377         * html/HTMLMediaElement.idl:
2378
2379 2016-07-20  Chris Dumez  <cdumez@apple.com>
2380
2381         CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
2382         https://bugs.webkit.org/show_bug.cgi?id=159959
2383
2384         Reviewed by Alexey Proskuryakov.
2385
2386         CSSStyleDeclaration.setProperty() should be able to unsert "important"
2387         on a property as per the latest specification:
2388         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
2389         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
2390
2391         Firefox and Chrome match the specification here but WebKit was ignoring calls
2392         to setProperty() if there is already an "important" property wit this name
2393         and if the new property does not have the "important" flag set.
2394
2395         This behavior was added a long time ago via Bug 60007. However, it does not
2396         match the latest specification or other browsers.
2397
2398         Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html
2399
2400         * css/StyleProperties.cpp:
2401         (WebCore::MutableStyleProperties::addParsedProperty):
2402         Drop code that was added via Bug 60007 as this behavior no longer matches the
2403         specification or other browsers. The layout test added in Bug 60007 fails in
2404         other browsers and was updated in this patch to match the specification.
2405
2406 2016-07-20  Commit Queue  <commit-queue@webkit.org>
2407
2408         Unreviewed, rolling out r203423.
2409         https://bugs.webkit.org/show_bug.cgi?id=159977
2410
2411         The test for this change is failing on Mac Release WK2
2412         (Requested by ryanhaddad on #webkit).
2413
2414         Reverted changeset:
2415
2416         "HTMLVideoElement frames do not update on iOS when src is a
2417         MediaStream blob"
2418         https://bugs.webkit.org/show_bug.cgi?id=159833
2419         http://trac.webkit.org/changeset/203423
2420
2421 2016-07-20  Chris Dumez  <cdumez@apple.com>
2422
2423         Fix null handling of HTMLSelectElement.value attribute
2424         https://bugs.webkit.org/show_bug.cgi?id=159925
2425
2426         Reviewed by Benjamin Poulain.
2427
2428         Fix null handling of HTMLSelectElement.value attribute:
2429         - https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement
2430
2431         We were treating null as the null String which would end up setting
2432         selectedIndex to -1. However, we should treat null as the String "null"
2433         which would set the selectedIndex to the index of the <option> element
2434         whose value is "null".
2435
2436         Firefox and Chrome match the specification.
2437
2438         Test: fast/dom/HTMLSelectElement/value-null-handling.html
2439
2440         * html/HTMLSelectElement.cpp:
2441         (WebCore::HTMLSelectElement::setValue):
2442         * html/HTMLSelectElement.idl:
2443
2444 2016-07-20  Chris Dumez  <cdumez@apple.com>
2445
2446         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
2447         https://bugs.webkit.org/show_bug.cgi?id=159962
2448         <rdar://problem/21439264>
2449
2450         Reviewed by David Kilzer.
2451
2452         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
2453         is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
2454         call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
2455         However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
2456         other. It is therefore possible for a PostResolutionCallbackDisabler object to get
2457         destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
2458         ResourceLoadSuspender object is alive.
2459
2460         This leads to hard to investigate crashes where we end up re-entering WebKit and killing
2461         the style resolver.
2462
2463         This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
2464         There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
2465         is better because it manages a resolutionNestingDepth counter internally to make sure
2466         it only calls LoaderStrategy::resumePendingRequests() once all
2467         PostResolutionCallbackDisabler instances are destroyed.
2468
2469         No new tests, there is no easy way to reproduce the crashes.
2470
2471         * dom/Document.cpp:
2472         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
2473         * loader/LoaderStrategy.cpp:
2474         (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
2475         (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
2476         * loader/LoaderStrategy.h:
2477
2478 2016-07-19  Youenn Fablet  <youenn@apple.com>
2479
2480         [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
2481         https://bugs.webkit.org/show_bug.cgi?id=159932
2482
2483         Reviewed by Alex Christensen.
2484
2485         Covered by existing tests.
2486
2487         Refactoring Headers initializeWith to use the new built-in internal that implements
2488         https://fetch.spec.whatwg.org/#concept-headers-fill.
2489
2490         Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
2491         Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.
2492
2493         * CMakeLists.txt: Adding FetchHeadersInternals.js
2494         * DerivedSources.make: Ditto.
2495         * Modules/fetch/FetchHeaders.js:
2496         (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
2497         * Modules/fetch/FetchInternals.js: Added.
2498         (fillFetchHeaders):
2499         * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
2500         that the checks are done in the order defined by the spec.
2501         (WebCore::FetchResponse::setStatus):
2502         (WebCore::FetchResponse::initializeWith):
2503         (WebCore::isNullBodyStatus): Deleted.
2504         * Modules/fetch/FetchResponse.h:
2505         * Modules/fetch/FetchResponse.idl:
2506         * Modules/fetch/FetchResponse.js:
2507         (initializeFetchResponse): New built-in internal.
2508         * WebCore.xcodeproj/project.pbxproj:
2509         * bindings/js/WebCoreBuiltinNames.h:
2510
2511 2016-07-19  Chris Dumez  <cdumez@apple.com>
2512
2513         Fix null handling of SVGScriptElement.type attribute
2514         https://bugs.webkit.org/show_bug.cgi?id=159927
2515
2516         Reviewed by Benjamin Poulain.
2517
2518         Fix null handling of SVGScriptElement.type attribute:
2519         - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement
2520
2521         We were treating null as the null String which would end up removing
2522         the 'type' content attribute. However, we should treat null as the
2523         String "null".
2524
2525         Firefox and Chrome match the specification.
2526
2527         No new tests, updated existing test.
2528
2529         * svg/SVGScriptElement.idl:
2530
2531 2016-07-19  Chris Dumez  <cdumez@apple.com>
2532
2533         Fix null handling of several HTMLDocument attributes
2534         https://bugs.webkit.org/show_bug.cgi?id=159923
2535
2536         Reviewed by Benjamin Poulain.
2537
2538         Fix null handling of several HTMLDocument attributes:
2539         - https://html.spec.whatwg.org/multipage/dom.html#document
2540         - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial
2541
2542         In particular, null handling was incorrect in WebKit for 'dir',
2543         'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.
2544
2545         Firefox and Chrome match the specification.
2546
2547         Test: fast/dom/HTMLDocument/null-handling.html
2548
2549         * html/HTMLDocument.idl:
2550
2551 2016-07-19  Chris Dumez  <cdumez@apple.com>
2552
2553         Document.createElementNS() / createAttributeNS() parameters should be mandatory
2554         https://bugs.webkit.org/show_bug.cgi?id=159938
2555
2556         Reviewed by Benjamin Poulain.
2557
2558         Document.createElementNS() / createAttributeNS() parameters should be mandatory:
2559         - https://dom.spec.whatwg.org/#document
2560
2561         They were optional in WebKit. However, Firefox and Chrome both match the
2562         specification.
2563
2564         No new tests, rebaselined existing tests.
2565
2566         * dom/Document.idl:
2567
2568 2016-07-19  Benjamin Poulain  <bpoulain@apple.com>
2569
2570         Use getElementById for attribute matching if the attribute name is html's id
2571         https://bugs.webkit.org/show_bug.cgi?id=159960
2572
2573         Reviewed by Chris Dumez.
2574
2575         Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
2576         (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).
2577
2578         If we are not in quirks mode, IdForStyleResolution has the same value
2579         as the Id attribute. We can use the same optimization for both cases.
2580
2581         Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
2582                fast/selectors/id-attribute-querySelector-used-as-id-selector.html
2583
2584         * dom/SelectorQuery.cpp:
2585         (WebCore::canBeUsedForIdFastPath):
2586         (WebCore::findIdMatchingType):
2587         (WebCore::SelectorDataList::SelectorDataList):
2588         (WebCore::selectorForIdLookup):
2589         (WebCore::filterRootById):
2590
2591 2016-07-19  Chris Dumez  <cdumez@apple.com>
2592
2593         Drop SVGElement.xmlbase attribute
2594         https://bugs.webkit.org/show_bug.cgi?id=159926
2595
2596         Reviewed by Benjamin Poulain.
2597
2598         Drop SVGElement.xmlbase attribute as it is no longer part of the
2599         specification:
2600         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
2601
2602         Both Firefox and Chrome have already dropped support for
2603         SVGElement.xmlbase.
2604
2605         Chrome's intent to remove:
2606         https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ
2607
2608         Test: svg/dom/SVGElement-xmlbase.html
2609
2610         * svg/SVGElement.cpp:
2611         (WebCore::SVGElement::removedFrom): Deleted.
2612         * svg/SVGElement.h:
2613         * svg/SVGElement.idl:
2614
2615 2016-07-19  Chris Dumez  <cdumez@apple.com>
2616
2617         Align CSSStyleDeclaration.setProperty() with the specification
2618         https://bugs.webkit.org/show_bug.cgi?id=159955
2619
2620         Reviewed by Benjamin Poulain.
2621
2622         Align CSSStyleDeclaration.setProperty() with the specification:
2623         - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface
2624
2625         In particular, the following changes were needed:
2626         1. The 'value' parameter should not be optional
2627         2. The 'priority' parameter should treat null as the empty string
2628            rather than the string "null".
2629         3. The 'priority' parameter's default value should be the empty string,
2630            not the string "undefined".
2631         4. CSSStyleDeclaration.setProperty() should return early if 'priority'
2632            is not the empty string and is not an ASCII case-insensitive match
2633            for the string "important".
2634
2635         Chrome matches the specification entirely.
2636         Firefox matches the specification with the exception that it does a
2637         case-sensitive match for "important".
2638
2639         Test: fast/css/CSSStyleDeclaration-setProperty.html
2640
2641         * css/CSSStyleDeclaration.idl:
2642         * css/PropertySetCSSStyleDeclaration.cpp:
2643         (WebCore::PropertySetCSSStyleDeclaration::setProperty):
2644
2645 2016-07-19  Daniel Bates  <dabates@apple.com>
2646
2647         CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
2648         https://bugs.webkit.org/show_bug.cgi?id=159841
2649         <rdar://problem/27381684>
2650
2651         Reviewed by Brent Fulgham.
2652
2653         Implement a first pass at sending multiple violation reports so as to more closely
2654         conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
2655         <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).
2656
2657         Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
2658                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
2659                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
2660                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2661                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2662                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
2663                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
2664                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
2665                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
2666                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2667                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2668                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
2669                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
2670                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
2671                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
2672                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2673                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2674                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
2675                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
2676                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
2677                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
2678                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2679                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2680                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
2681                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
2682                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html
2683
2684         * page/csp/ContentSecurityPolicy.cpp:
2685         (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
2686         is allowed by all of the policies with the specified disposition.
2687         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
2688         all of the enforced policies.
2689         (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
2690         Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
2691         so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
2692         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
2693         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
2694         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
2695         all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
2696         nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
2697         address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
2698         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
2699         (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
2700         matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
2701         report-only policies so that we only allow the resource for the former. As a side effect of this change
2702         we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
2703         for more details.
2704         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
2705         (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
2706         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
2707         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
2708         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
2709         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
2710         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
2711         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
2712         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
2713         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
2714         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
2715         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
2716         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
2717         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
2718         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
2719         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
2720         * page/csp/ContentSecurityPolicy.h:
2721         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.
2722
2723 2016-07-19  Chris Dumez  <cdumez@apple.com>
2724
2725         Fix null handling of HTMLScriptElement.text attribute
2726         https://bugs.webkit.org/show_bug.cgi?id=159943
2727
2728         Reviewed by Benjamin Poulain.
2729
2730         Fix null handling of HTMLScriptElement.text attribute:
2731         - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
2732
2733         We should treat null as the "null" String but we were treating it as
2734         the empty string.
2735
2736         Firefox and Chrome match the specification.
2737
2738         No new tests, rebaselined existing test.
2739
2740         * html/HTMLScriptElement.idl:
2741
2742 2016-07-19  Chris Dumez  <cdumez@apple.com>
2743
2744         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
2745         https://bugs.webkit.org/show_bug.cgi?id=159934
2746
2747         Reviewed by Benjamin Poulain.
2748
2749         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
2750         non-standard and we want to drop support for it from the bindings generator.
2751
2752         Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
2753         given that both a missing/empty attribute result in using the default
2754         autocapitalization mode and that autocapitalize returns the empty string by
2755         default.
2756
2757         Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html
2758
2759         * html/HTMLFormElement.idl:
2760         * html/HTMLInputElement.idl:
2761         * html/HTMLTextAreaElement.idl:
2762
2763 2016-07-19  Zalan Bujtas  <zalan@apple.com>
2764
2765         REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
2766         https://bugs.webkit.org/show_bug.cgi?id=159952
2767
2768         Reviewed by Simon Fraser.
2769
2770         Update ASSERTs to reflect new functionality, that is, now we can end up in a state
2771         where the container (RenderView) of one of the dirty subtrees is dirty.
2772         See r203415.
2773  
2774         Covered by editing/pasteboard/drag-drop-input-in-svg.svg
2775
2776         * page/FrameView.cpp:
2777         (WebCore::FrameView::scheduleRelayoutOfSubtree):
2778
2779 2016-07-19  Dean Jackson  <dino@apple.com>
2780
2781         REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
2782         https://bugs.webkit.org/show_bug.cgi?id=159948
2783         <rdar://problem/27391012>
2784
2785         Reviewed by Simon Fraser.
2786
2787         There is an iOS bug (<rdar://problem/27416744>) that is causing us
2788         to not always get a color space on CGContextRefs. Investigation of this
2789         exposed some optimizations we can take when we are creating ImageBuffers.
2790         In particular, if we have a bitmap context or an IOSurfaceContext we
2791         can simply copy their color space using API. Otherwise we stick with
2792         the existing CGContextCopyDeviceColorSpace.
2793
2794         Lastly, if for some reason we are unable to copy the device color space,
2795         we should fall back to sRGB.
2796
2797         * platform/graphics/cg/ImageBufferCG.cpp:
2798         (WebCore::ImageBuffer::createCompatibleBuffer):
2799         * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.
2800
2801
2802 2016-07-19  George Ruan  <gruan@apple.com>
2803
2804         HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
2805         https://bugs.webkit.org/show_bug.cgi?id=159833
2806         <rdar://problem/27379487>
2807
2808         Reviewed by Eric Carlson.
2809
2810         Test: fast/mediastream/MediaStream-video-element-displays-buffer.html
2811
2812         * WebCore.xcodeproj/project.pbxproj:
2813         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
2814         of RefPtr<T>
2815         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
2816         MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
2817         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
2818         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
2819         observers and AVSampleBufferDisplayLayer
2820         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
2821         is available.
2822         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
2823         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
2824         for enqueuing sample buffers to the active video track.
2825         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
2826         exists.
2827         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
2828         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
2829         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
2830         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
2831         new SampleBuffer is available.
2832         (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
2833         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
2834         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
2835         MediaPlayerPrivateMediaSourceAVFObjC.mm
2836         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
2837         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
2838         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
2839         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
2840         * platform/mediastream/MediaStreamPrivate.cpp:
2841         (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
2842         * platform/mediastream/MediaStreamTrackPrivate.cpp:
2843         (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
2844         is available.
2845         * platform/mediastream/MediaStreamTrackPrivate.h:
2846         (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
2847         a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
2848         * platform/mediastream/RealtimeMediaSource.cpp:
2849         (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
2850         * platform/mediastream/RealtimeMediaSource.h:
2851         * platform/mediastream/mac/AVVideoCaptureSource.mm:
2852         (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.
2853
2854 2016-07-19  Anders Carlsson  <andersca@apple.com>
2855
2856         Get rid of a #define private public hack in WebCore
2857         https://bugs.webkit.org/show_bug.cgi?id=159953
2858
2859         Reviewed by Dan Bernstein.
2860
2861         Use @package instead.
2862
2863         * bindings/objc/DOMInternal.h:
2864         * bindings/objc/DOMObject.h:
2865
2866 2016-07-19  Andreas Kling  <akling@apple.com>
2867
2868         Fix SharedBuffer leak in MockContentFilter::replacementData().
2869         <https://webkit.org/b/159945>
2870
2871         Reviewed by Andy Estes.
2872
2873         Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
2874         Since this is in the mock filter, it only affected layout tests.
2875
2876         * testing/MockContentFilter.cpp:
2877         (WebCore::MockContentFilter::replacementData):
2878
2879 2016-07-19  Zalan Bujtas  <zalan@apple.com>
2880
2881         theguardian.co.uk crossword puzzles are sometimes not displaying text
2882         https://bugs.webkit.org/show_bug.cgi?id=159924
2883         <rdar://problem/27409483>
2884
2885         Reviewed by Simon Fraser.
2886
2887         This patch fixes the case when
2888         - 2 disjoint subtrees are dirty
2889         - RenderView is also dirty.
2890         and we end up not laying out one of the 2 subtrees.
2891
2892         In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
2893         we already have a pending full layout which means that any previous subtree layouts have already been
2894         converted to full layouts.
2895         However this assumption is incorrect. RenderView can get dirty without checking if there's
2896         already a pending subtree layout.
2897         One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
2898         so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
2899         However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
2900         The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
2901         This patch implements the second option.
2902
2903         Test: fast/misc/subtree-layouts.html
2904
2905         * page/FrameView.cpp:
2906         (WebCore::FrameView::scheduleRelayoutOfSubtree):
2907
2908 2016-07-19  Anders Carlsson  <andersca@apple.com>
2909
2910         Some payment authorization status values should keep the sheet active
2911         https://bugs.webkit.org/show_bug.cgi?id=159936
2912         rdar://problem/26756701
2913
2914         Reviewed by Tim Horton.
2915
2916         * Modules/applepay/ApplePaySession.cpp:
2917         (WebCore::ApplePaySession::completePayment):
2918         Keep the sheet active if the status isn't a final state status.
2919
2920         * Modules/applepay/PaymentAuthorizationStatus.h:
2921         (WebCore::isFinalStateStatus):
2922         Add a new helper function that returns whether a given payment authorization status is "final",
2923         meaning that once that status has been passed to completePayment, the session is finished.
2924
2925 2016-07-19  Nan Wang  <n_wang@apple.com>
2926
2927         AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
2928         https://bugs.webkit.org/show_bug.cgi?id=159910
2929
2930         Reviewed by Chris Fleizach.
2931
2932         We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
2933         option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
2934         fixed a word navigation issue based on that.
2935
2936         Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html
2937
2938         * accessibility/AXObjectCache.cpp:
2939         (WebCore::AXObjectCache::traverseToOffsetInRange):
2940         (WebCore::AXObjectCache::rangeForNodeContents):
2941         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
2942         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
2943         (WebCore::AXObjectCache::rightWordRange):
2944         (WebCore::AXObjectCache::previousBoundary):
2945         * accessibility/AXObjectCache.h:
2946         (WebCore::AXObjectCache::isNodeInUse):
2947
2948 2016-07-19  Youenn Fablet  <youenn@apple.com>
2949
2950         [Streams API] ReadableStreamController methods should throw if its stream is not readable
2951         https://bugs.webkit.org/show_bug.cgi?id=159871
2952
2953         Reviewed by Xabier Rodriguez-Calvar.
2954
2955         Spec now mandates close and enqueue to throw if ReadableStream is not readable.
2956         Covered by rebased and/or modified tests.
2957
2958         * Modules/streams/ReadableStreamController.js:
2959         (enqueue): Throwing a TypeError if controlled stream is not readable.
2960         (close): Ditto.
2961
2962 2016-07-19  Simon Fraser  <simon.fraser@apple.com>
2963
2964         Bubbles appear split for a brief moment in Messages
2965         https://bugs.webkit.org/show_bug.cgi?id=159915
2966         rdar://problem/27182267
2967
2968         Reviewed by David Hyatt.
2969
2970         RenderView::repaintRootContents() had a long-standing bug in WebView when the
2971         view is scrolled. repaint() uses visualOverflowRect() but, for the 
2972         RenderView, the visualOverflowRect() is the initial containing block
2973         which is anchored at 0,0. When the view is scrolled it's clipped out and
2974         calls to repaintRootContents() have no effect.
2975         
2976         Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
2977         will clip it to the view if necessary.
2978
2979         Test: fast/repaint/scrolled-view-full-repaint.html
2980
2981         * rendering/RenderView.cpp:
2982         (WebCore::RenderView::repaintRootContents):
2983
2984 2016-07-19  Dan Bernstein  <mitz@apple.com>
2985
2986         <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'
2987
2988         * bindings/js/JSDOMGlobalObject.cpp:
2989         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.
2990
2991 2016-07-19  Youenn Fablet  <youenn@apple.com>
2992
2993         [Streams API] Make ReadableStream properties not enumerable
2994         https://bugs.webkit.org/show_bug.cgi?id=159868
2995
2996         Reviewed by Darin Adler.
2997
2998         Covered by rebased tests.
2999
3000         Uopdating IDL definitions to mark all functions/attributes as not enumerable.
3001         Updating IDL constructor definitions to correctly compute constructor length.
3002         Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).
3003
3004         * Modules/streams/ReadableStream.idl:
3005         * Modules/streams/ReadableStream.js:
3006         * Modules/streams/ReadableStreamController.idl:
3007         * Modules/streams/ReadableStreamReader.idl:
3008
3009 2016-07-19  Chris Dumez  <cdumez@apple.com>
3010
3011         form.enctype / encoding / method should treat null as "null" string
3012         https://bugs.webkit.org/show_bug.cgi?id=159916
3013
3014         Reviewed by Ryosuke Niwa.
3015
3016         form.enctype / encoding / method should treat null as "null" string:
3017         - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
3018
3019         Previously, WebKit would treat null as the null String, which would
3020         end up removing the existing attribute.
3021
3022         Firefox and Chrome match the specification.
3023
3024         Test: fast/dom/HTMLFormElement/null-handling.html
3025
3026         * html/HTMLFormElement.h:
3027         * html/HTMLFormElement.idl:
3028
3029 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
3030
3031         All-in-one buildfix after r202439
3032         https://bugs.webkit.org/show_bug.cgi?id=159877
3033
3034         Reviewed by Chris Dumez.
3035
3036         * Modules/webaudio/AudioDestinationNode.h:
3037         (WebCore::AudioDestinationNode::resume):
3038         (WebCore::AudioDestinationNode::suspend):
3039         (WebCore::AudioDestinationNode::close):
3040
3041 2016-07-18  Frederic Wang  <fwang@igalia.com>
3042
3043         Move parsing of subscriptshift and superscriptshift from rendering to element classes
3044         https://bugs.webkit.org/show_bug.cgi?id=159622
3045
3046         Reviewed by Darin Adler.
3047
3048         We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
3049         mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
3050         subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
3051         attribute parsing to the DOM (bug 156536).
3052
3053         No new tests, rendering is unchanged.
3054
3055         * CMakeLists.txt: Add MathMLScriptsElement files.
3056         * WebCore.xcodeproj/project.pbxproj: Ditto.
3057         * mathml/MathMLAllInOne.cpp: Ditto.
3058         * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
3059         (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
3060         * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
3061         parsing for the subscriptshift and superscriptshift MathML lengths.
3062         (WebCore::MathMLScriptsElement::MathMLScriptsElement):
3063         (WebCore::MathMLScriptsElement::create):
3064         (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
3065         parsing the attribute again if necessary.
3066         (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
3067         (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
3068         (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
3069         * mathml/MathMLScriptsElement.h: Ditto.
3070         * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
3071         * rendering/mathml/RenderMathMLScripts.cpp:
3072         (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
3073         MathMLScriptsElement.
3074         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
3075         using the functions from the MathMLScriptsElement class.
3076         * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
3077
3078 2016-07-18  Frederic Wang  <fwang@igalia.com>
3079
3080         Do not store gap and shift parameters on RenderMathMLFraction
3081         https://bugs.webkit.org/show_bug.cgi?id=159876
3082
3083         Reviewed by Darin Adler.
3084
3085         After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
3086         do not need to store them on the class. We remove them and split updateLayoutParameters into
3087         three functions: one to update the linethickness and two others to retrieve the fraction and
3088         stack respectively.
3089
3090         No new tests, rendering is unchanged.
3091
3092         * rendering/mathml/RenderMathMLFraction.cpp:
3093         (WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
3094         (WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
3095         (WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
3096         (WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
3097         for fraction and stack parameters.
3098         (WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
3099         * rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
3100         for stack and fraction parameters.
3101
3102 2016-07-18  Chris Dumez  <cdumez@apple.com>
3103
3104         input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
3105         https://bugs.webkit.org/show_bug.cgi?id=159908
3106
3107         Reviewed by Alex Christensen.
3108
3109         input.formEnctype / formMethod and button.formEnctype / formMethod / type
3110         should treat null as "null" String:
3111         - https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
3112         - https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement
3113
3114         In WebKit, we would treat null as a null String which would end up
3115         removing the corresponding attribute. This does not match the
3116         specification. Firefox and Chrome match the specification here.
3117
3118         Tests:
3119         - fast/dom/HTMLButtonElement/null-handling.html
3120         - fast/dom/HTMLInputElement/null-handling.html
3121
3122         * html/HTMLButtonElement.idl:
3123         * html/HTMLInputElement.idl:
3124
3125 2016-07-18  Alex Christensen  <achristensen@webkit.org>
3126
3127         webbookmarksd needs to use the same AppCache directory as MobileSafari
3128         https://bugs.webkit.org/show_bug.cgi?id=159912
3129
3130         Reviewed by Alexey Proskuryakov.
3131
3132         No new tests.  This only changes behavior for webbookmarksd.
3133
3134         * platform/RuntimeApplicationChecks.h:
3135         * platform/RuntimeApplicationChecks.mm:
3136         (WebCore::IOSApplication::isWebBookmarksD): Added.
3137
3138 2016-07-18  Chris Dumez  <cdumez@apple.com>
3139
3140         EventTarget.dispatchEvent() parameter should not be nullable
3141         https://bugs.webkit.org/show_bug.cgi?id=159897
3142
3143         Reviewed by Benjamin Poulain.
3144
3145         EventTarget.dispatchEvent() parameter should not be nullable:
3146         - https://dom.spec.whatwg.org/#interface-eventtarget
3147
3148         Even though the parameter was marked as nullable in our IDL, our
3149         implementation does a null check and we already throw a TypeError
3150         when calling dispatchEvent(null).
3151
3152         Update our IDL so that it matches the specification and so that
3153         the null check is generated in the bindings instead.
3154
3155         No new tests, rebaseline existing tests.
3156
3157         * dom/EventTarget.cpp:
3158         (WebCore::EventTarget::dispatchEventForBindings):
3159         * dom/EventTarget.h:
3160         * dom/EventTarget.idl:
3161
3162 2016-07-18  Chris Dumez  <cdumez@apple.com>
3163
3164         DocType's publicId / systemId should not be nullable
3165         https://bugs.webkit.org/show_bug.cgi?id=159901
3166
3167         Reviewed by Benjamin Poulain.
3168
3169         DocType's publicId / systemId should not be nullable. While they were
3170         not marked as nullable in our IDL, they could be stored as null Strings
3171         in our implementation depending on how the Node was constructed. This
3172         led to subtle bugs where String() != emptyString().
3173
3174         In particular, Node.isEqualNode() would return false when DocumentType
3175         nodes would mismatch because of their publicId / systemId being null
3176         instead of the emptyString.
3177
3178         Serialization would DocumentType nodes would also be wrong when
3179         publicId / systemId were empty Strings instead of null strings. The
3180         new behavior now matches:
3181         - https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)
3182
3183         To address these issues, we now always store publicId / systemId as
3184         non-null Strings inside the DocumentType class.
3185
3186         Test: fast/dom/DocumentType/isEqualNode.html
3187
3188         * dom/DocumentType.cpp:
3189         (WebCore::DocumentType::DocumentType):
3190         * editing/MarkupAccumulator.cpp:
3191         (WebCore::MarkupAccumulator::appendDocumentType):
3192
3193 2016-07-18  Jeremy Jones  <jeremyj@apple.com>
3194
3195         If previous media session interruptions were prevented, still allow subsequent interruptions to try.
3196         https://bugs.webkit.org/show_bug.cgi?id=157553
3197         rdar://problem/25740804
3198
3199         Reviewed by Eric Carlson.
3200
3201         Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html
3202
3203         When suspending under lock on iOS, there is first a resign active event, then a
3204         suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
3205         suspend under lock to interrupt playback.
3206
3207         Currently if there are nested interruptions only the first one is acted upon.
3208
3209         This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
3210         previous interruptions were ignored.
3211
3212         This test is for iPad only, so it must be run manually.
3213
3214         * html/HTMLMediaElement.cpp:
3215         (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
3216         * platform/audio/PlatformMediaSession.cpp:
3217         (WebCore::PlatformMediaSession::beginInterruption):
3218         * testing/Internals.cpp:
3219         (WebCore::Internals::beginMediaSessionInterruption):
3220
3221 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
3222
3223         Don't associate form-associated elements with forms in other trees.
3224         https://bugs.webkit.org/show_bug.cgi?id=119451
3225         <rdar://problem/27382946>
3226
3227         Change is based on the Blink change (patch by <adamk@chromium.org>):
3228         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
3229
3230         Reviewed by Chris Dumez.
3231
3232         Prevent elements from being associated with forms that are not part of the same home subtree.
3233         This brings us in line with the WhatWG HTML specification as of September, 2013.
3234
3235         Tests: fast/forms/image-disconnected-during-parse.html
3236                fast/forms/input-disconnected-during-parse.html
3237
3238         * dom/Element.h:
3239         (WebCore::Node::rootElement): Added.
3240         * html/FormAssociatedElement.cpp:
3241         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
3242         is not part of the same tree, remove the association.
3243         * html/HTMLImageElement.cpp:
3244         (WebCore::HTMLImageElement::insertedInto): Ditto.
3245
3246 2016-07-18  Anders Carlsson  <andersca@apple.com>
3247
3248         WebKit nightly fails to build on macOS Sierra
3249         https://bugs.webkit.org/show_bug.cgi?id=159902
3250         rdar://problem/27365672
3251
3252         Reviewed by Tim Horton.
3253
3254         * Modules/applepay/cocoa/PaymentCocoa.mm:
3255         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
3256         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
3257         * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
3258         Use new PassKitSPI header.
3259
3260         * WebCore.xcodeproj/project.pbxproj:
3261         Add new PassKitSPI header.
3262
3263         * icu/unicode/ucurr.h: Added.
3264         Add ucurr.h from ICU.
3265
3266         * platform/spi/cocoa/PassKitSPI.h: Added.
3267         Add new PassKitSPI header.
3268
3269 2016-07-18  Dean Jackson  <dino@apple.com>
3270
3271         REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
3272         https://bugs.webkit.org/show_bug.cgi?id=159906
3273         <rdar://problem/27391725>
3274
3275         Reviewed by Simon Fraser.
3276
3277         The fix for webkit.org/b/157569 in r200769 broke AMP pages.
3278         The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.
3279
3280         Revert them both until we have better testing.
3281
3282         * css/CSSParser.cpp:
3283         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
3284         (WebCore::CSSParser::parseValue):
3285         (WebCore::CSSParser::parseAnimationShorthand):
3286         (WebCore::CSSParser::parseTransitionShorthand): Deleted.
3287         * css/CSSPropertyNames.in:
3288         * css/PropertySetCSSStyleDeclaration.cpp:
3289         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
3290         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
3291         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
3292         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
3293         * css/StyleProperties.cpp:
3294         (WebCore::MutableStyleProperties::removeShorthandProperty):
3295         (WebCore::MutableStyleProperties::removeProperty):
3296         (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
3297         (WebCore::MutableStyleProperties::setProperty):
3298         (WebCore::getIndexInShorthandVectorForPrefixingVariant):
3299         (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
3300         (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
3301         (WebCore::StyleProperties::asText): Deleted.
3302         * css/StyleProperties.h:
3303
3304 2016-07-18  Andreas Kling  <akling@apple.com>
3305
3306         There should be a way to simulate memory pressure in layout tests
3307         <https://webkit.org/b/159743>
3308
3309         Reviewed by Simon Fraser.
3310
3311         Add three window.internal APIs:
3312
3313             - boolean isUnderMemoryPressure (readonly attribute)
3314             - void beginSimulatedMemoryPressure()
3315             - void endSimulatedMemoryPressure()
3316
3317         These make it possible to write tests that exercise behaviors that only
3318         occur during memory pressure situations.
3319
3320         I also implemented the "org.WebKit.lowMemory" notification handler using the new API.
3321
3322         Test: memory/memory-pressure-simulation.html
3323
3324         * platform/MemoryPressureHandler.cpp:
3325         (WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
3326         (WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):
3327         * platform/MemoryPressureHandler.h:
3328         (WebCore::MemoryPressureHandler::isUnderMemoryPressure):
3329         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
3330         (WebCore::MemoryPressureHandler::platformReleaseMemory):
3331         (WebCore::MemoryPressureHandler::install):
3332         * testing/Internals.cpp:
3333         (WebCore::Internals::isUnderMemoryPressure):
3334         (WebCore::Internals::beginSimulatedMemoryPressure):
3335         (WebCore::Internals::endSimulatedMemoryPressure):
3336         * testing/Internals.h:
3337         * testing/Internals.idl:
3338
3339 2016-07-18  Said Abou-Hallawa  <sabouhallawa@apple,com>
3340
3341         [iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
3342         https://bugs.webkit.org/show_bug.cgi?id=158715
3343
3344         Reviewed by Dean Jackson.
3345
3346         Test: fast/images/displaced-non-cached-pdf.html
3347
3348         For iOS, we need to ensure the size of the cached PDF images will not
3349         exceed some limit. Also we should be caching only a sub image of the PDF
3350         if caching the whole image will exceed the memory limit.
3351
3352         * page/Settings.cpp:
3353         (WebCore::Settings::Settings):
3354         (WebCore::Settings::setCachedPDFImageEnabled):
3355         * page/Settings.h:
3356         (WebCore::Settings::isCachedPDFImageEnabled):
3357             Add an option to disable caching the PDF images.
3358
3359         * platform/graphics/cg/PDFDocumentImage.cpp:
3360         (WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
3361             Allow the caller of draw() to disable caching the PDF images.
3362         
3363         (WebCore::PDFDocumentImage::cacheParametersMatch):
3364             Match the context dirty rectangle with the cached image rectangle.
3365         
3366         (WebCore::transformContextForPainting):
3367             When preparing the context for drawing the PDF, take the location 
3368             of the destination rectangle into account. We do not need to scale
3369             the location of the source rectangle because we scale the size of
3370             the rectangle but we don't scale the whole coordinate system.
3371
3372         (WebCore::cachedImageRect):
3373             Calculate the rectangle of the cached image such that it does not
3374             exceed the limit. Start from the center of the dirty rectangle and
3375             then expand around it.
3376             
3377         (WebCore::PDFDocumentImage::decodedSizeChanged):
3378             In addition to notifying the ImageObserver, it keeps track of the size
3379             of all the cached PDF images.
3380
3381         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
3382             Ensure the size of all the cached images does not exceed the limit
3383             
3384         (WebCore::PDFDocumentImage::destroyDecodedData):
3385         * platform/graphics/cg/PDFDocumentImage.h:
3386
3387         * rendering/RenderImage.cpp:
3388         (WebCore::RenderImage::paintIntoRect):
3389             Pass the option to disable caching the PDF images to PDFDocumentImage.
3390
3391         * testing/InternalSettings.cpp:
3392         (WebCore::InternalSettings::Backup::Backup):
3393         (WebCore::InternalSettings::Backup::restoreTo):
3394         (WebCore::InternalSettings::setCachedPDFImageEnabled):
3395         * testing/InternalSettings.h:
3396         * testing/InternalSettings.idl:
3397             Add an internal option to disable caching the PDF images.
3398
3399 2016-07-18  Chris Dumez  <cdumez@apple.com>
3400
3401         The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
3402         https://bugs.webkit.org/show_bug.cgi?id=158008
3403
3404         Reviewed by Darin Adler.
3405
3406         The 2 first parameters to addEventListener() / removeEventListener() should be
3407         mandatory:
3408         - https://dom.spec.whatwg.org/#interface-eventtarget
3409
3410         Firefox 46 and Chrome 50 both match the specification and throw an exception when those
3411         parameters are omitted. However, those parameters were marked as optional in WebKit and
3412         the calls were no-ops if those parameters were omitted. This patch aligns our behavior
3413         with the specification and other browsers.
3414
3415         Test: fast/dom/eventtarget-api-parameters.html
3416
3417         * bindings/scripts/CodeGeneratorJS.pm:
3418         (GetFunctionLength): Deleted.
3419         * dom/EventTarget.idl:
3420
3421 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
3422
3423         Unreviewed, rolling out r203373.
3424
3425         Unaddressed
3426
3427         Reverted changeset:
3428
3429         "Don't associate form-associated elements with forms in other
3430         trees."
3431         https://bugs.webkit.org/show_bug.cgi?id=119451
3432         http://trac.webkit.org/changeset/203373
3433
3434 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
3435
3436         Don't associate form-associated elements with forms in other trees.
3437         https://bugs.webkit.org/show_bug.cgi?id=119451
3438         <rdar://problem/27382946>
3439
3440         Change is based on the Blink change (patch by <adamk@chromium.org>):
3441         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
3442
3443         Reviewed by Zalan Bujtas.
3444
3445         Prevent elements from being associated with forms that are not part of the same home subtree.
3446         This brings us in line with the WhatWG HTML specification as of September, 2013.
3447
3448         Tests: fast/forms/image-disconnected-during-parse.html
3449                fast/forms/input-disconnected-during-parse.html
3450
3451         * dom/NodeTraversal.h:
3452         (WebCore::NodeTraversal::highestAncestorOrSelf): Added.
3453         * html/FormAssociatedElement.cpp:
3454         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
3455         is not part of the same tree, remove the association.
3456         * html/HTMLImageElement.cpp:
3457         (WebCore::HTMLImageElement::insertedInto): Ditto.
3458
3459 2016-07-18  George Ruan  <gruan@apple.com>
3460
3461         Move MediaSampleAVFObjC into its own file
3462         https://bugs.webkit.org/show_bug.cgi?id=159796
3463         <rdar://problem/27362488>
3464
3465         In preparation for a feature that uses MediaSampleAVFObjC, but does
3466         not need SourceBufferPrivateAVFObjC, it is beneficial to move
3467         MediaSampleAVFObjC to its own file.
3468
3469         Reviewed by Eric Carlson.
3470
3471         * WebCore.xcodeproj/project.pbxproj:
3472         * platform/MediaSample.h: Allow setting trackID to associate
3473         MediaSample id with MediaStreamTrackPrivate id.
3474         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Added.
3475         * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm: Moved
3476         from MediaSampleAVFObjC
3477         (WebCore::MediaSampleAVFObjC::presentationTime):
3478         (WebCore::MediaSampleAVFObjC::decodeTime):
3479         (WebCore::MediaSampleAVFObjC::duration):
3480         (WebCore::MediaSampleAVFObjC::sizeInBytes):
3481         (WebCore::MediaSampleAVFObjC::platformSample):
3482         (WebCore::CMSampleBufferIsRandomAccess):
3483         (WebCore::MediaSampleAVFObjC::flags):
3484         (WebCore::MediaSampleAVFObjC::presentationSize):
3485         (WebCore::MediaSampleAVFObjC::dump):
3486         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy):
3487         (WebCore::MediaSampleAVFObjC::setTimestamps):
3488         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
3489         Moved MediaSampleAVFObjC to its own file.
3490         (WebCore::MediaSampleAVFObjC::platformSample): Deleted.
3491         (WebCore::CMSampleBufferIsRandomAccess): Deleted.
3492         (WebCore::MediaSampleAVFObjC::flags): Deleted.
3493         (WebCore::MediaSampleAVFObjC::presentationSize): Deleted.
3494         (WebCore::MediaSampleAVFObjC::dump): Deleted.
3495         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Deleted.
3496         (WebCore::MediaSampleAVFObjC::setTimestamps): Deleted.
3497         * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
3498
3499 2016-07-18  Eric Carlson  <eric.carlson@apple.com>
3500
3501         [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
3502         https://bugs.webkit.org/show_bug.cgi?id=159812
3503         <rdar://problem/27371624>
3504
3505         Reviewed by Jon Lee.
3506
3507         No new tests, it isn't possible to test this with our current testing infrastructure.
3508
3509         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
3510         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
3511         (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
3512         been an HDCP error.
3513         (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.
3514
3515 2016-07-18  Yoav Weiss  <yoav@yoav.ws>
3516
3517         Add preload to features.json
3518         https://bugs.webkit.org/show_bug.cgi?id=159872
3519
3520         Reviewed by Darin Adler.
3521
3522         No new tests but no functional change.
3523
3524         * features.json:
3525
3526 2016-07-18  Youenn Fablet  <youenn@apple.com>
3527
3528         [Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
3529         https://bugs.webkit.org/show_bug.cgi?id=159870
3530
3531         Reviewed by Xabier Rodriguez-Calvar.
3532
3533         Covered by rebased test.
3534
3535         * Modules/streams/StreamInternals.js:
3536         (validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.
3537
3538 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
3539
3540         Windows buildfix after r203338
3541         https://bugs.webkit.org/show_bug.cgi?id=159875
3542
3543         Unreviewed buildfix.
3544
3545         * dom/UserGestureIndicator.h:
3546         (WebCore::UserGestureToken::addDestructionObserver):
3547
3548 2016-07-18  Carlos Garcia Campos  <cgarcia@igalia.com>
3549
3550         MemoryPressureHandler doesn't work if cgroups aren't present in Linux
3551         https://bugs.webkit.org/show_bug.cgi?id=155255
3552
3553         Reviewed by Sergio Villar Senin.
3554
3555         Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
3556         available.
3557
3558         * platform/MemoryPressureHandler.h:
3559         * platform/linux/MemoryPressureHandlerLinux.cpp:
3560
3561 2016-07-17  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
3562
3563         Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
3564         https://bugs.webkit.org/show_bug.cgi?id=159701
3565
3566         Reviewed by Alex Christensen.
3567
3568         No new tests, no behavior changes.
3569
3570         * Modules/encryptedmedia/CDM.h:
3571         * Modules/encryptedmedia/MediaKeySession.h:
3572         * Modules/encryptedmedia/MediaKeys.h:
3573         * Modules/quota/DOMWindowQuota.cpp:
3574         * Modules/quota/StorageErrorCallback.cpp:
3575         (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
3576         * Modules/quota/StorageErrorCallback.h:
3577         * Modules/quota/StorageInfo.h:
3578         * Modules/quota/StorageQuota.h:
3579         * Modules/speech/DOMWindowSpeechSynthesis.cpp:
3580         * Modules/speech/SpeechSynthesis.cpp:
3581         (WebCore::SpeechSynthesis::getVoices):
3582         (WebCore::SpeechSynthesis::startSpeakingImmediately):
3583         (WebCore::SpeechSynthesis::speak):
3584         (WebCore::SpeechSynthesis::cancel):
3585         (WebCore::SpeechSynthesis::handleSpeakingCompleted):
3586         (WebCore::SpeechSynthesis::boundaryEventOccurred):
3587         (WebCore::SpeechSynthesis::didStartSpeaking):
3588         (WebCore::SpeechSynthesis::didPauseSpeaking):
3589         (WebCore::SpeechSynthesis::didResumeSpeaking):
3590         (WebCore::SpeechSynthesis::didFinishSpeaking):
3591         (WebCore::SpeechSynthesis::speakingErrorOccurred):
3592         * Modules/speech/SpeechSynthesis.h:
3593         * Modules/speech/SpeechSynthesisEvent.h:
3594         * Modules/speech/SpeechSynthesisUtterance.h:
3595         * Modules/speech/SpeechSynthesisVoice.cpp:
3596         (WebCore::SpeechSynthesisVoice::create):
3597         (WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):
3598         * Modules/speech/SpeechSynthesisVoice.h:
3599         * platform/PlatformSpeechSynthesizer.h:
3600         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
3601         (WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):
3602         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
3603         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
3604         (WebCore::PlatformSpeechSynthesizerMock::speak):
3605         (WebCore::PlatformSpeechSynthesizerMock::cancel):
3606         (WebCore::PlatformSpeechSynthesizerMock::pause):
3607         (WebCore::PlatformSpeechSynthesizerMock::resume):
3608
3609 2016-07-16  Sam Weinig  <sam@webkit.org>
3610
3611         [WebKit API] Add SPI to track multiple navigations caused by a single user gesture
3612         <rdar://problem/26554137>
3613         https://bugs.webkit.org/show_bug.cgi?id=159856
3614
3615         Reviewed by Dan Bernstein.
3616
3617         - Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
3618         - Makes UserGestureIndicator track UserGestureToken.
3619         - Refines UserGestureIndicator's interface to use Optional and a smaller enum set
3620           to represent the different initial states.
3621         - Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, 
3622           postMessage, and ScheduledNavigation) rather than just a boolean.
3623
3624         * accessibility/AccessibilityNodeObject.cpp:
3625         (WebCore::AccessibilityNodeObject::increment):
3626         (WebCore::AccessibilityNodeObject::decrement):
3627         * accessibility/AccessibilityObject.cpp:
3628         (WebCore::AccessibilityObject::press):
3629         * bindings/js/ScriptController.cpp:
3630         (WebCore::ScriptController::executeScriptInWorld):
3631         (WebCore::ScriptController::executeScript):
3632         Update for new UserGestureIndicator interface.
3633
3634         * dom/UserGestureIndicator.cpp:
3635         (WebCore::currentToken):
3636         (WebCore::UserGestureToken::~UserGestureToken):
3637         (WebCore::UserGestureIndicator::UserGestureIndicator):
3638         (WebCore::UserGestureIndicator::~UserGestureIndicator):
3639         (WebCore::UserGestureIndicator::currentUserGesture):
3640         (WebCore::UserGestureIndicator::processingUserGesture):
3641         (WebCore::UserGestureIndicator::processingUserGestureForMedia):
3642         (WebCore::isDefinite): Deleted.
3643         * dom/UserGestureIndicator.h:
3644         (WebCore::UserGestureToken::create):
3645         (WebCore::UserGestureToken::state):
3646         (WebCore::UserGestureToken::processingUserGesture):
3647         (WebCore::UserGestureToken::processingUserGestureForMedia):
3648         (WebCore::UserGestureToken::addDestructionObserver):
3649         (WebCore::UserGestureToken::UserGestureToken):
3650         Add UserGestureToken and track the current one explicitly.
3651
3652         * html/HTMLMediaElement.cpp:
3653         (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
3654         * inspector/InspectorFrontendClientLocal.cpp:
3655         (WebCore::InspectorFrontendClientLocal::openInNewTab):
3656         * inspector/InspectorFrontendHost.cpp:
3657         * inspector/InspectorPageAgent.cpp:
3658         (WebCore::InspectorPageAgent::navigate):
3659         Update for new UserGestureIndicator interface.
3660
3661         * loader/NavigationAction.cpp:
3662         (WebCore::NavigationAction::NavigationAction):
3663         * loader/NavigationAction.h:
3664         (WebCore::NavigationAction::userGestureToken):
3665         (WebCore::NavigationAction::processingUserGesture):
3666         * loader/NavigationScheduler.cpp:
3667         (WebCore::ScheduledNavigation::ScheduledNavigation):
3668         (WebCore::ScheduledNavigation::~ScheduledNavigation):
3669         (WebCore::ScheduledNavigation::lockBackForwardList):
3670         (WebCore::ScheduledNavigation::wasDuringLoad):
3671         (WebCore::ScheduledNavigation::isLocationChange):
3672         (WebCore::ScheduledNavigation::userGestureToForward):
3673         (WebCore::ScheduledNavigation::clearUserGesture):
3674         (WebCore::NavigationScheduler::mustLockBackForwardList):
3675         (WebCore::NavigationScheduler::scheduleFormSubmission):
3676         (WebCore::ScheduledNavigation::wasUserGesture): Deleted.
3677         * page/DOMTimer.cpp:
3678         (WebCore::shouldForwardUserGesture):
3679         (WebCore::userGestureTokenToForward):
3680         (WebCore::DOMTimer::DOMTimer):
3681         (WebCore::DOMTimer::fired):
3682         * page/DOMTimer.h:
3683         * page/DOMWindow.cpp:
3684         (WebCore::PostMessageTimer::PostMessageTimer):
3685         Store the active UserGestureToken rather than just a bit.
3686
3687         * page/EventHandler.cpp:
3688         (WebCore::EventHandler::handleMousePressEvent):
3689         (WebCore::EventHandler::handleMouseDoubleClickEvent):
3690         (WebCore::EventHandler::handleMouseReleaseEvent):
3691         (WebCore::EventHandler::keyEvent):
3692         (WebCore::EventHandler::handleTouchEvent):
3693         * rendering/HitTestResult.cpp:
3694         (WebCore::HitTestResult::toggleMediaFullscreenState):
3695         (WebCore::HitTestResult::enterFullscreenForVideo):
3696         (WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
3697         Update for new UserGestureIndicator interface.
3698
3699 2016-07-17  Ryosuke Niwa  <rniwa@webkit.org>
3700
3701         Rename fastHasAttribute to hasAttributeWithoutSynchronization
3702         https://bugs.webkit.org/show_bug.cgi?id=159864
3703
3704         Reviewed by Chris Dumez.
3705
3706         Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.
3707
3708         * accessibility/AccessibilityListBoxOption.cpp:
3709         (WebCore::AccessibilityListBoxOption::isEnabled):
3710         * accessibility/AccessibilityObject.cpp:
3711         (WebCore::AccessibilityObject::hasAttribute):
3712         (WebCore::AccessibilityObject::getAttribute):
3713         * accessibility/AccessibilityRenderObject.cpp:
3714         (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
3715         * bindings/scripts/CodeGenerator.pm:
3716         (GetterExpression):
3717         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
3718         * bindings/scripts/test/JS/JSTestObj.cpp:
3719         (WebCore::jsTestObjReflectedBooleanAttr):
3720         (WebCore::jsTestObjReflectedCustomBooleanAttr):
3721         * bindings/scripts/test/ObjC/DOMTestObj.mm:
3722         (-[DOMTestObj reflectedBooleanAttr]):
3723         (-[DOMTestObj setReflectedBooleanAttr:]):
3724         (-[DOMTestObj reflectedCustomBooleanAttr]):
3725         (-[DOMTestObj setReflectedCustomBooleanAttr:]):
3726         * dom/Document.cpp:
3727         (WebCore::Document::hasManifest):
3728         (WebCore::Document::doctype):
3729         * dom/Element.h:
3730         (WebCore::Node::parentElement):
3731         (WebCore::Element::hasAttributeWithoutSynchronization):
3732         (WebCore::Element::fastHasAttribute): Deleted.
3733         * editing/ApplyStyleCommand.cpp:
3734         (WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):
3735         * editing/DeleteSelectionCommand.cpp:
3736         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
3737         * editing/markup.cpp:
3738         (WebCore::createMarkupInternal):
3739         * html/ColorInputType.cpp:
3740         (WebCore::ColorInputType::shouldShowSuggestions):
3741         * html/FileInputType.cpp:
3742         (WebCore::FileInputType::handleDOMActivateEvent):
3743         (WebCore::FileInputType::receiveDroppedFiles):
3744         * html/FormAssociatedElement.cpp:
3745         (WebCore::FormAssociatedElement::didMoveToNewDocument):
3746         (WebCore::FormAssociatedElement::insertedInto):
3747         (WebCore::FormAssociatedElement::removedFrom):
3748         (WebCore::FormAssociatedElement::formAttributeChanged):
3749         * html/FormController.cpp:
3750         (WebCore::ownerFormForState):
3751         * html/GenericCachedHTMLCollection.cpp:
3752         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
3753         * html/HTMLAnchorElement.cpp:
3754         (WebCore::HTMLAnchorElement::draggable):
3755         (WebCore::HTMLAnchorElement::href):
3756         (WebCore::HTMLAnchorElement::sendPings):
3757         * html/HTMLAppletElement.cpp:
3758         (WebCore::HTMLAppletElement::rendererIsNeeded):
3759         * html/HTMLElement.cpp:
3760         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
3761         (WebCore::elementAffectsDirectionality):
3762         (WebCore::setHasDirAutoFlagRecursively):
3763         * html/HTMLEmbedElement.cpp:
3764         (WebCore::HTMLEmbedElement::rendererIsNeeded):
3765         * html/HTMLFieldSetElement.cpp:
3766         (WebCore::updateFromControlElementsAncestorDisabledStateUnder):
3767         (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
3768         (WebCore::HTMLFieldSetElement::disabledStateChanged):
3769         (WebCore::HTMLFieldSetElement::childrenChanged):
3770         * html/HTMLFormControlElement.cpp:
3771         (WebCore::HTMLFormControlElement::formNoValidate):
3772         (WebCore::HTMLFormControlElement::formAction):
3773         (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
3774         (WebCore::shouldAutofocus):
3775         * html/HTMLFormElement.cpp:
3776         (WebCore::HTMLFormElement::formElementIndex):
3777         (WebCore::HTMLFormElement::noValidate):
3778         * html/HTMLFrameElement.cpp:
3779         (WebCore::HTMLFrameElement::noResize):
3780         (WebCore::HTMLFrameElement::didAttachRenderers):
3781         * html/HTMLFrameElementBase.cpp:
3782         (WebCore::HTMLFrameElementBase::parseAttribute):
3783         (WebCore::HTMLFrameElementBase::location):
3784         * html/HTMLHRElement.cpp:
3785         (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
3786         * html/HTMLImageElement.cpp:
3787         (WebCore::HTMLImageElement::isServerMap):
3788         * html/HTMLInputElement.cpp:
3789         (WebCore::HTMLInputElement::finishParsingChildren):
3790         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
3791         (WebCore::HTMLInputElement::isActivatedSubmit):
3792         (WebCore::HTMLInputElement::reset):
3793         (WebCore::HTMLInputElement::multiple):
3794         (WebCore::HTMLInputElement::setSize):
3795         (WebCore::HTMLInputElement::shouldUseMediaCapture):
3796         * html/HTMLMarqueeElement.cpp:
3797         (WebCore::HTMLMarqueeElement::minimumDelay):
3798         * html/HTMLMediaElement.cpp:
3799         (WebCore::HTMLMediaElement::insertedInto):
3800         (WebCore::HTMLMediaElement::selectMediaResource):
3801         (WebCore::HTMLMediaElement::loadResource):
3802         (WebCore::HTMLMediaElement::autoplay):
3803         (WebCore::HTMLMediaElement::preload):
3804         (WebCore::HTMLMediaElement::loop):
3805         (WebCore::HTMLMediaElement::setLoop):
3806         (WebCore::HTMLMediaElement::controls):
3807         (WebCore::HTMLMediaElement::setControls):
3808         (WebCore::HTMLMediaElement::muted):
3809         (WebCore::HTMLMediaElement::setMuted):
3810         (WebCore::HTMLMediaElement::selectNextSourceChild):
3811         (WebCore::HTMLMediaElement::sourceWasAdded):
3812         (WebCore::HTMLMediaElement::mediaSessionTitle):
3813         * html/HTMLObjectElement.cpp:
3814         (WebCore::HTMLObjectElement::parseAttribute):
3815         * html/HTMLOptGroupElement.cpp:
3816         (WebCore::HTMLOptGroupElement::isDisabledFormControl):
3817         (WebCore::HTMLOptGroupElement::isFocusable):
3818         * html/HTMLOptionElement.cpp:
3819         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
3820         (WebCore::HTMLOptionElement::text):
3821         * html/HTMLProgressElement.cpp:
3822         (WebCore::HTMLProgressElement::isDeterminate):
3823         (WebCore::HTMLProgressElement::didElementStateChange):
3824         * html/HTMLScriptElement.cpp:
3825         (WebCore::HTMLScriptElement::async):
3826         (WebCore::HTMLScriptElement::setCrossOrigin):
3827         (WebCore::HTMLScriptElement::asyncAttributeValue):
3828         (WebCore::HTMLScriptElement::deferAttributeValue):
3829         (WebCore::HTMLScriptElement::hasSourceAttribute):
3830         (WebCore::HTMLScriptElement::dispatchLoadEvent):
3831         * html/HTMLSelectElement.cpp:
3832         (WebCore::HTMLSelectElement::reset):
3833         * html/HTMLTrackElement.cpp:
3834         (WebCore::HTMLTrackElement::isDefault):
3835         (WebCore::HTMLTrackElement::ensureTrack):
3836         (WebCore::HTMLTrackElement::loadTimerFired):
3837         * html/MediaElementSession.cpp:
3838         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
3839         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
3840         (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading):
3841         * html/SearchInputType.cpp:
3842         (WebCore::SearchInputType::searchEventsShouldBeDispatched):
3843         (WebCore::SearchInputType::didSetValueByUserEdit):
3844         * inspector/InspectorDOMAgent.cpp:
3845         (WebCore::InspectorDOMAgent::buildObjectForNode):
3846         * loader/FrameLoader.cpp:
3847         (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
3848         (WebCore::FrameLoader::findFrameForNavigation):
3849         * loader/ImageLoader.cpp:
3850         (WebCore::ImageLoader::notifyFinished):
3851         * mathml/MathMLSelectElement.cpp:
3852         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
3853         * rendering/RenderTableCell.cpp:
3854         (WebCore::RenderTableCell::computePreferredLogicalWidths):
3855         * rendering/RenderThemeIOS.mm:
3856         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
3857         * rendering/SimpleLineLayout.cpp:
3858         (WebCore::SimpleLineLayout::canUseForWithReason):
3859         * rendering/svg/RenderSVGResourceClipper.cpp:
3860         (WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):
3861         * svg/SVGAnimateMotionElement.cpp:
3862         (WebCore::SVGAnimateMotionElement::updateAnimationPath):
3863         * svg/SVGAnimationElement.cpp:
3864         (WebCore::SVGAnimationElement::startedActiveInterval):
3865         (WebCore::SVGAnimationElement::updateAnimation):
3866         * svg/animation/SVGSMILElement.cpp:
3867         (WebCore::SVGSMILElement::insertedInto):
3868
3869 2016-07-17  Brady Eidson  <beidson@apple.com>
3870
3871         Exceptions logged to the JS console should use toString().
3872         https://bugs.webkit.org/show_bug.cgi?id=159855
3873
3874         Reviewed by Darin Adler.
3875
3876         No new tests (No change in behavior).
3877
3878         * bindings/js/JSDOMBinding.cpp:
3879         (WebCore::reportException):
3880
3881         * dom/DOMCoreException.h:
3882         (WebCore::DOMCoreException::DOMCoreException):
3883
3884         * dom/ExceptionBase.cpp:
3885         (WebCore::ExceptionBase::ExceptionBase):
3886         (WebCore::ExceptionBase::toString):
3887         (WebCore::ExceptionBase::consoleErrorMessage): Deleted.
3888         * dom/ExceptionBase.h:
3889         (WebCore::ExceptionBase::description): Deleted.
3890
3891         * svg/SVGException.h:
3892
3893         * xml/XPathException.h:
3894         (WebCore::XPathException::XPathException):
3895
3896 2016-07-17  Brady Eidson  <beidson@apple.com>
3897
3898         Update DOMCoreException to use the description in toString().
3899         https://bugs.webkit.org/show_bug.cgi?id=159857
3900
3901         Reviewed by Darin Adler.
3902
3903         No new tests (Covered by changes to existing tests).
3904
3905         * bindings/js/JSDOMBinding.cpp:
3906         (WebCore::createDOMException):
3907
3908         * dom/DOMCoreException.h:
3909         (WebCore::DOMCoreException::DOMCoreException):
3910         (WebCore::DOMCoreException::createWithDescriptionAsMessage): Deleted.
3911
3912 2016-07-17  Myles C. Maxfield  <mmaxfield@apple.com>
3913
3914         Support new emoji group candidates
3915         https://bugs.webkit.org/show_bug.cgi?id=159755
3916         <rdar://problem/27325521>
3917
3918         Reviewed by Dean Jackson.
3919
3920         There are a few code points which should be able to be joined (with ZWJ) to
3921         either U+2640 or U+2642 to change the gender of the emoji. These patterns
3922         should also work with an additional 0xFE0F variation selector. This patch
3923         adds these new patterns to our existing emoji group candidate infrastructure.
3924
3925         Tests: fast/text/emoji-gender-2-3.html
3926                fast/text/emoji-gender-2-4.html
3927                fast/text/emoji-gender-2-5.html
3928                fast/text/emoji-gender-2-6.html
3929                fast/text/emoji-gender-2-7.html
3930                fast/text/emoji-gender-2-8.html
3931                fast/text/emoji-gender-2-9.html
3932                fast/text/emoji-gender-2.html
3933                fast/text/emoji-gender-3.html
3934                fast/text/emoji-gender-4.html
3935                fast/text/emoji-gender-5.html
3936                fast/text/emoji-gender-6.html
3937                fast/text/emoji-gender-7.html
3938                fast/text/emoji-gender-8.html
3939                fast/text/emoji-gender-9.html
3940                fast/text/emoji-gender-fe0f-3.html
3941                fast/text/emoji-gender-fe0f-4.html
3942                fast/text/emoji-gender-fe0f-5.html
3943                fast/text/emoji-gender-fe0f-6.html
3944                fast/text/emoji-gender-fe0f-7.html
3945                fast/text/emoji-gender-fe0f-8.html
3946                fast/text/emoji-gender-fe0f-9.html
3947                fast/text/emoji-gender.html
3948                fast/text/emoji-num-glyphs.html
3949                fast/text/emoji-single-parent-family-2.html
3950                fast/text/emoji-single-parent-family.html
3951
3952         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
3953         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
3954         * platform/graphics/FontCascade.cpp:
3955         (WebCore::FontCascade::characterRangeCodePath):
3956         * platform/text/CharacterProperties.h:
3957         (WebCore::isEmojiGroupCandidate):
3958
3959 2016-07-16  Brady Eidson  <beidson@apple.com>
3960
3961         Update SVGException to use the description in toString().
3962         https://bugs.webkit.org/show_bug.cgi?id=159847
3963
3964         Reviewed by Darin Adler.
3965
3966         No new tests (Covered by changes to existing tests).