JavaScriptCore:

[WebKit-https.git] / WebCore / ChangeLog

2007-03-17  Timothy Hatcher  <timothy@apple.com>

        Reviewed by Mark Rowe.

        Made Version.xcconfig smarter when building for different configurations.
        Now uses the 522+ OpenSource version for Debug and Release, while using the
        full 522.4 version for Production builds. The system prefix is also computed
        based on the current system, so 4522.4 on Tiger and 5522.4 on Leopard.

        * Configurations/Version.xcconfig:
        * Configurations/WebCore.xcconfig:

2007-03-17  Antti Koivisto  <antti@apple.com>

        Reviewed by Adele.

        Fix http://bugs.webkit.org/show_bug.cgi?id=12595
        REGRESSION: Can't add item to cart at lnt.com (JS type error)
        <rdar://problem/4722863>
        
        Emulate Firefox behavior where form elements accessed by a name
        can be accessed with that name later even if the name changes or
        even if element is removed from the document.
        
        This is loosely based on Darin's earlier patch for the same problem but
        is much less expansive. It takes somewhat different approach to more closely
        mimic Firefox behavior. Includes expanded test case.

        * bindings/js/JSHTMLFormElementCustom.cpp:
        (WebCore::JSHTMLFormElement::canGetItemsForName):
            Use new the HTMLFormElement::getNamedElements() method
        (WebCore::JSHTMLFormElement::nameGetter):
            Use new the HTMLFormElement::getNamedElements() method
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::HTMLFormElement):
        (WebCore::HTMLFormElement::~HTMLFormElement):
        (WebCore::HTMLFormElement::elementForAlias):
        (WebCore::HTMLFormElement::addElementAlias):
            Maintain a map of known element aliases
        (WebCore::HTMLFormElement::getNamedElements):
            Get a list of elements matching the name, based both their
            current names and known aliases (earlier names).
            Keep the alias list in sync.
        * html/HTMLFormElement.h:

2007-03-17  Adele Peterson  <adele@apple.com>

        Reviewed by Hyatt.

        Fix for <rdar://problem/4990050> REGRESSION: onchange gets fired when clicking on a programmatically selected element in a listbox
        http://bugs.webkit.org/show_bug.cgi?id=12725

        Test: updated fast/forms/listbox-onchange.html

        Added HTMLSelectElement::saveLastSelection that is called before changing a selection that could result
        in onChange being called.  m_lastOnChangeIndex and m_lastOnChangeSelection no longer have to be up-to date all the time, 
        they just have to be up-to-date before we execute an action that may trigger onChange.

        * html/HTMLOptionElement.cpp: (WebCore::HTMLOptionElement::setSelectedState): Added.
          The HTMLSelectElement will only set an option's selected state with this method.  This ensures
          that notifyOptionSelected won't get called when the call originates from the select element.
        * html/HTMLOptionElement.h:

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::deselectItems): Calls setSelectedState.
        (WebCore::HTMLSelectElement::setSelectedIndex): ditto. Don't update the last selection variables here.  Scroll to the new selection.
         The scrolling call used to only be in notifyOptionSelected.  There's no reason we shouldn't scroll when the selection is set through
         the HTMLSelectElement.
        (WebCore::HTMLSelectElement::setValue): Call setSelectedIndex to update all options selected state.
        (WebCore::HTMLSelectElement::restoreState): Call setSelectedState.
        (WebCore::HTMLSelectElement::selectAll): Call saveLastSelection before making the selection, and calling onChange.
        (WebCore::HTMLSelectElement::recalcListItems): Call setSelectedState.  Don't need to save selection here anymore, 
         since it will get saved before we call onChange.
        (WebCore::HTMLSelectElement::reset): ditto.
        (WebCore::HTMLSelectElement::dispatchFocusEvent): Added. Call saveLastSelection for menu lists, since onChange can be fired
         on blur.
        (WebCore::HTMLSelectElement::dispatchBlurEvent): Call menuListOnChange.
        (WebCore::HTMLSelectElement::menuListDefaultEventHandler): Call saveLastSelection before showing the popup window.
        (WebCore::HTMLSelectElement::listBoxDefaultEventHandler):  Call saveLastSelection during mousedown (to prepare for an 
         onchange during mouseup, or after autoscroll).
        (WebCore::HTMLSelectElement::updateListBoxSelection): Call setSelectedState.

        (WebCore::HTMLSelectElement::menuListOnChange): Added. Compares the m_lastOnChangeIndex to the selectedIndex().
        (WebCore::HTMLSelectElement::listBoxOnChange): Move the m_lastOnChangeSelection creation to saveLastSelection.
        (WebCore::HTMLSelectElement::saveLastSelection): Added. Sets m_lastOnChangeIndex or m_lastOnChangeSelection.
        * html/HTMLSelectElement.h:
        * platform/PopupMenu.h:

2007-03-16  Oliver Hunt  <oliver@apple.com>

        Reviewed by Hyatt.

        The old canSaveAsWebArchive call was necessary as stand alone
        images used to be rendered by ImageDocument.

        Fixes rdar://problem/5061252

        * dom/Clipboard.cpp:
        * dom/Clipboard.h:
        (WebCore::Clipboard::setDragHasStarted):
        * page/DragClient.h:
        (WebCore::DragClient::declareAndWriteDragImage):
        * platform/mac/ClipboardMac.mm:
        (WebCore::ClipboardMac::declareAndWriteDragImage):

2007-03-16  Anders Carlsson  <acarlsson@apple.com>

        Reviewed by Maciej.

        <rdar://problem/4869095>
        default content type changed for XMLHttpRequest POSTs changed (breaks Flickrator 0.1 widget)
        
        * xml/xmlhttprequest.cpp:
        (WebCore::XMLHttpRequest::send):

2007-03-16  Brady Eidson  <beidson@apple.com>

        Rubberstamped by Tim Hatcher

        Update the hash table header for Window object properties

        * bindings/js/kjs_window.cpp:

2007-03-16  Brady Eidson  <beidson@apple.com>

        Reviewed by Anders

        <rdar://problem/5061826> and
        http://bugs.webkit.org/show_bug.cgi?id=12863
        Implement window.stop()

        * bindings/js/kjs_window.cpp:
        (KJS::WindowFunc::callAsFunction): Add case Window::Stop
        * bindings/js/kjs_window.h:
        (KJS::Window::): Add "Stop"

2007-03-16  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Brady Eidson.

        Fixed dir creation to account for already existing dirs and missing leading
        dirs in path.
        
        * loader/icon/IconDatabase.cpp:
        (WebCore::makeAllDirectories):

2007-03-16  David Hyatt  <hyatt@apple.com>

        Fix for 13084, assertion failure in the Cache.  Convert the client list
        to a HashCountedSet so that multiple refs and derefs are allowed.

        Fix RenderImage so that if it has the same image used as a background/border
        and as the foreground that it will repaint properly (can be tested using
        border-image and a foreground image).

        Optimize list marker so that it doesn't waste time in the base class method,
        since list markers don't support background or border images.

        Reviewed by andersca

        * ChangeLog:
        * loader/CachedResource.cpp:
        (WebCore::CachedResource::ref):
        * loader/CachedResource.h:
        * loader/CachedResourceClientWalker.cpp:
        (WebCore::CachedResourceClientWalker::CachedResourceClientWalker):
        * loader/CachedResourceClientWalker.h:
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::imageChanged):
        * rendering/RenderListMarker.cpp:
        (WebCore::RenderListMarker::imageChanged):

2007-03-16  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Anders Carlsson.
        
        Fixed <rdar://problem/5065399> REGRESSION: leaks in Frame::bindingRootObject 
        seen on buildbot

        The problem was that we were initializing the same WebScriptObject twice.
        This caused it to leak its original set of ivars.
        
        I think some refactoring could prevent this situation from arising in the
        first place, but I'm just adding a check at the call site for now, to do 
        the simplest thing.

        * bindings/objc/WebScriptObject.mm:
        (-[WebScriptObject _setImp:originRootObject:rootObject:]): Added ASSERTs
        against multiple calls.

        * bindings/objc/WebScriptObjectPrivate.h: Renamed _initializeWithObjectImp
        to setImp because "init" vs "initialize" was a too subtle indication that
        one was a Cocoa initializer and one was not.

2007-03-16  Lars Knoll <lars@trolltech.com>

        don't use #import in .cpp files.

        * editing/qt/EditorQt.cpp:

2007-03-16  Lars Knoll <lars@trolltech.com>

        Fix the Qt build once again.

        * platform/qt/PasteboardQt.cpp:
        (WebCore::Pasteboard::Pasteboard):
        (WebCore::Pasteboard::writeSelection):
        (WebCore::Pasteboard::plainText):
        (WebCore::Pasteboard::documentFragment):
        (WebCore::Pasteboard::writeURL):
        (WebCore::Pasteboard::writeImage):
        (WebCore::Pasteboard::clear):

2007-03-15  Shrikant Gangoda  <shrikant.gangoda@celunite.com>

        Gdk build fix.

        * loader/gdk/FrameLoaderClientGdk.cpp:
        (WebCore::FrameLoaderClientGdk::blockedError):
        * loader/gdk/FrameLoaderClientGdk.h:

2007-03-15  Beth Dakin  <bdakin@apple.com>

        Reviewed by Geoff.

        Fix for http://bugs.webkit.org/show_bug.cgi?id=13088 REGRESSION
        (r19761-19779): Copy image no longer includes image address 
        (rdar://5067927)

        writeURL() does not need an isImage parameter. Now that it accepts 
        the types as a parameter, we can just declare the appropriate image 
        types within writeImage and send them to writeURL(). Also, 
        declaring the types twice is what broke this.

        * platform/Pasteboard.h:
        * platform/mac/PasteboardMac.mm:
        (WebCore::Pasteboard::writeURL):
        (WebCore::Pasteboard::writeImage):

2007-03-15  Adele Peterson  <adele@apple.com>

        Reviewed by Kevin Decker.

        Fix for <rdar://problem/4926179> Text in menulist control should never update if menu is open

        * rendering/RenderMenuList.cpp: (WebCore::RenderMenuList::updateFromElement):
          Only setTextFromOption if the menu isn't visible.

2007-03-15  Brady Eidson  <beidson@apple.com>

        Reviewed by Oliver

        A few platform specific tweaks

        * platform/cf/RetainPtr.h:
        (WebCore::RetainPtr::releaseRef): Fixed releaseRef to work with CF
        
        * platform/network/ResourceHandle.h: Added a "releaseRef" style call

2007-03-15  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff and Steve.

        * config.h: Remove unneeded hack.

2007-03-15  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by john
        
        <rdar://problem/5062376> 
        REGRESSION: In Mail and Gmail, can't change alignment to text after it has been applied
        
        Bring back the remove step in applyBlockStyle.  It's 
        necessary because addBlockStyleIfNeeded assumes that 
        the properties it adds aren't already on the block that 
        it adds them to.

        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::applyBlockStyle): 
        Bring back the remove step (added a testcase).
        Don't do the add step if m_removeOnly is true (no testcase
        because there aren't any clients using removeOnly functionality
        to remove styles yet, only styled elemets).
        Moved the code for creating new blocks up one level
        to this function so that we can pass blocks to removeCSSStyle.
        When converting VisiblePositions to indices and vice versa,
        use the highest node in the shadow tree if we're in one as
        the scope (working on a testcase).
        (WebCore::ApplyStyleCommand::addBlockStyle): Moved code to
        applyBlockStyle.
        * editing/ApplyStyleCommand.h: 

2007-03-15  Brady Eidson  <beidson@apple.com>

        Reviewed by Maciej

        <rdar://problem/4429701>
        Implements a port blocking black list that matches Firefox's

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::blockedError): Call through to the client for blockedError 
        * loader/FrameLoader.h:

        * loader/FrameLoaderClient.h: Get the "port blocked" error for the current platform

        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::wasBlocked): ResourceHandleClient method to pass on the didFail(error)
        (WebCore::ResourceLoader::blockedError): Following the pattern of "CancelledError()", get the 
          error to fail with for the didFail() call
        * loader/ResourceLoader.h:

        * platform/graphics/svg/SVGImageEmptyClients.h:
        (WebCore::SVGEmptyFrameLoaderClient::blockedError): Added stub

        * platform/network/ResourceHandle.cpp:
        (WebCore::ResourceHandle::create): If the port is blocked, create the handle but schedule it for
          deferred failure on a timer
        (WebCore::ResourceHandle::scheduleBlockedFailure): Do the timer scheduling
        (WebCore::ResourceHandle::fireBlockedFailure): Fire the timer here
        (WebCore::ResourceHandle::portAllowed): Implements checking of Mozilla's
        * platform/network/ResourceHandle.h:
        * platform/network/ResourceHandleClient.h:
        (WebCore::ResourceHandleClient::wasBlocked): Virtual for clients to get the "blocked" message

2007-03-15  Beth Dakin  <bdakin@apple.com>

        Reviewed by Hyatt.

        Fix for <rdar://problem/5065396> REGRESSION: leaks in 
        RenderBlock::layoutInlineChildren seen on buildbot

        This leak appeared after http://trac.webkit.org/projects/webkit/
        changeset/20188. This change shifted line boxes around in 
        removeChild(). But since removeChild() calls 
        setNeedsLayoutAndMinMaxRecalc(), all of the line boxes will be 
        removed once we actually lay out anyway. So this patch fixes the 
        leak by deleting the line boxes instead of shifting them around. 

        * editing/IndentOutdentCommand.cpp:
        (WebCore::IndentOutdentCommand::outdentParagraph): Call into 
        updateLayout(). This fixes an assertion I got in editing/
        execCommand/4976800.html This is very similar to the line box fix I 
        made recently (http://trac.webkit.org/projects/webkit/changeset/
        20177). We need to update layout before relying on VisiblePositions 
        after removing a node.
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::deleteLinesForBlock): New helper function 
        since this functionality is needed in three places now.
        (WebCore::RenderBlock::makeChildrenNonInline): Call into new 
        deleteLinesForBlock().
        (WebCore::RenderBlock::removeChild): Same.
        * rendering/RenderBlock.h:

2007-03-15  Timothy Hatcher  <timothy@apple.com>

        Reviewed by John.

        * Factored out most of our common build settings into .xcconfig files. Anything that was common in
          each build configuration was factored out into the shared .xcconfig file.
        * Adds a Version.xcconfig file to define the current framework version, to be used in other places.
        * Use the new $(BUNDLE_VERSION) (defined in Version.xcconfig) in the preprocessed Info.plist.
        * Use the versions defined in Version.xcconfig to set $(DYLIB_CURRENT_VERSION).

        * Configurations/Base.xcconfig: Added.
        * Configurations/DebugRelease.xcconfig: Added.
        * Configurations/Version.xcconfig: Added.
        * Configurations/WebCore.xcconfig: Added.
        * Info.plist:
        * WebCore.xcodeproj/project.pbxproj:

2007-03-15  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>

        Not reviewed - gdk build fixes.

        * platform/gdk/EditorClientGdk.cpp:
        (WebCore::EditorClientGdk::handleKeypress):
        * platform/graphics/cairo/ImageSourceCairo.cpp:
        (WebCore::ImageSource::setData):
        * platform/graphics/gdk/ImageGdk.cpp:
        (WebCore::Image::loadPlatformResource):

2007-03-14  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by john
        
        ~2x speed up of 5k rich text paste:
        http://shakespeare.mit.edu/hamlet/full.html        

        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplaceSelectionCommand::doApply): Remove the top 
        level style span if its unnecessary before inserting
        into the document, its faster than doing it after.
        * editing/ReplaceSelectionCommand.h: Exposed 
        ReplacementFragment::removeNodePreservingChildren so that
        the style span can be removed using non-undoable removes,
        like the rest of the removes done on the ReplacementFragment.
        * editing/markup.cpp:
        (WebCore::createMarkup): Make the style span the top level
        element, otherwise it's useless.  This also facilitates the
        optimization mentioned above.
        When including markup for a fully selected root, include markup
        for all the nodes beneath that fully selected root, to preserve 
        the structure and appearance of the copied markup.  Did this
        by merging with the code for adding markup for descendants of
        special commonAncestorBlocks.

2007-03-15  Beth Dakin  <bdakin@apple.com>

        Rubber-stamped by Adele.

        Rolling out http://trac.webkit.org/projects/webkit/changeset/20148 
        (which is a fix for http://bugs.webkit.org/show_bug.cgi?id=12595 
        and rdar://4722863) because it causes a horrible memory-trasher. 

        * bindings/js/JSHTMLFormElementCustom.cpp:
        (WebCore::JSHTMLFormElement::canGetItemsForName):
        (WebCore::JSHTMLFormElement::nameGetter):
        * bindings/js/kjs_dom.cpp:
        (KJS::):
        (KJS::DOMNamedNodesCollection::DOMNamedNodesCollection):
        (KJS::DOMNamedNodesCollection::lengthGetter):
        (KJS::DOMNamedNodesCollection::indexGetter):
        (KJS::DOMNamedNodesCollection::getOwnPropertySlot):
        * bindings/js/kjs_dom.h:
        (KJS::DOMNamedNodesCollection::classInfo):
        * bindings/js/kjs_html.cpp:
        (KJS::JSHTMLCollection::getNamedItems):
        * dom/ChildNodeList.cpp:
        (WebCore::ChildNodeList::ChildNodeList):
        (WebCore::ChildNodeList::length):
        (WebCore::ChildNodeList::item):
        (WebCore::ChildNodeList::nodeMatches):
        * dom/ChildNodeList.h:
        * dom/NameNodeList.cpp:
        (WebCore::NameNodeList::NameNodeList):
        (WebCore::NameNodeList::item):
        (WebCore::NameNodeList::nodeMatches):
        * dom/NameNodeList.h:
        (WebCore::NameNodeList::rootNodeAttributeChanged):
        * dom/Node.cpp:
        (WebCore::TagNodeList::TagNodeList):
        (WebCore::TagNodeList::nodeMatches):
        (WebCore::Node::registerNodeList):
        (WebCore::Node::unregisterNodeList):
        * dom/Node.h:
        * dom/NodeList.cpp:
        (WebCore::NodeList::NodeList):
        (WebCore::NodeList::~NodeList):
        (WebCore::NodeList::recursiveLength):
        (WebCore::NodeList::itemForwardsFromCurrent):
        (WebCore::NodeList::itemBackwardsFromCurrent):
        (WebCore::NodeList::recursiveItem):
        (WebCore::NodeList::itemWithName):
        (WebCore::NodeList::rootNodeChildrenChanged):
        * dom/NodeList.h:
        (WebCore::NodeList::rootNodeAttributeChanged):
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::HTMLFormElement):
        (WebCore::HTMLFormElement::~HTMLFormElement):
        (WebCore::HTMLFormElement::formData):
        (WebCore::HTMLFormElement::parseMappedAttribute):
        (WebCore::HTMLFormElement::removeFormElement):
        * html/HTMLFormElement.h:
        * html/HTMLGenericFormElement.cpp:
        (WebCore::HTMLGenericFormElement::parseMappedAttribute):
        (WebCore::HTMLGenericFormElement::insertedIntoTree):
        * html/HTMLGenericFormElement.h:
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::parseMappedAttribute):

2007-03-15  Geoffrey Garen  <ggaren@apple.com>

        Added an assert to help catch a bug. Hopefully someone will hit it!
        
        * bindings/js/kjs_proxy.cpp:
        (WebCore::KJSProxy::~KJSProxy):

2007-03-14  Oliver Hunt  <oliver@apple.com>

        Reviewed by Adele.

        Fix for rdar://problem/5061737.
        
        This was a regression from the original Objective-C -> C++ conversion
        for the drag logic.  We don't need to call Range::startNode as we just
        need the document that contains the range.   

        * page/DragController.cpp:
        (WebCore::documentFragmentFromDragData):

2007-03-14  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Hyatt.

        - http://bugs.webkit.org/show_bug.cgi?id=13071
          REGRESSION: Plain text files no longer wrap lines longer than the width of the browser window

        Test: fast/loader/text-document-wrapping.html

        * loader/TextDocument.cpp:
        (WebCore::TextTokenizer::write): Specified word-wrap:break-word for the <pre> element.

2007-03-14  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Hyatt.

        - fix http://bugs.webkit.org/show_bug.cgi?id=13072
          REGRESSION (r15617): white-space: pre-wrap breaks off the last character of a wide word

        Test: fast/text/whitespace/pre-wrap-last-char.html

        * rendering/bidi.cpp:
        (WebCore::RenderBlock::findNextLineBreak): Undid the change from r15617.

2007-03-14  David Hyatt  <hyatt@apple.com>

        Add asserts to help catch double refs and double derefs of CachedResources.

        Reviewed by mjs

        * loader/CachedResource.cpp:
        (WebCore::CachedResource::ref):
        (WebCore::CachedResource::deref):

2007-03-14  Alice Liu  <alice.liu@apple.com>

        Rubber-stamped by Hyatt.

        Adding null check to prevent the crash that happens on 2nd run of iBench HTML load test

        * loader/icon/IconDataCache.cpp:
        (WebCore::IconDataCache::writeToDatabase):

=== Safari-5522.4 ===

2007-03-14  Adele Peterson  <adele@apple.com>

        Reviewed by Adam.

        Fix for <rdar://problem/5062898> REGRESSION: autocomplete window in text fields doesn't come up

        When we moved the initialization of a bunch of variables in the HTMLFormElement constructor, m_autocomplete accidently got initialized to false.

        * html/HTMLFormElement.cpp: (WebCore::HTMLFormElement::HTMLFormElement):

2007-03-14  Steve Falkenburg  <sfalken@apple.com>

        Reviewed by Adam.

        Added missing null check in case this is called on a subframe
        that hasn't started loading.

        * page/Frame.cpp:
        (WebCore::Frame::setMarkedTextMatchesAreHighlighted): Check for a null document.

2007-03-14  Antti Koivisto  <antti@apple.com>

        Reviewed by Geoff.

        Fix http://bugs.webkit.org/show_bug.cgi?id=13060
        REGRESSION: Repro ASSERT failure in Cache::adjustSize running layout tests
        <rdar://5060208>
        
        Script evaluation may have dereffed the CachedScript object already, causing double deref and
        eventually m_liveResourcesSize underflow.

        * html/HTMLScriptElement.cpp:
        (WebCore::HTMLScriptElement::notifyFinished):

2007-03-14  Adele Peterson  <adele@apple.com>

        Reviewed by Darin.

        Added InsertTab, InsertBacktab, InsertLineBreak, and InsertNewline to the editing command table.
        Added Event parameter to execCommand, and to all of the enabled and exec functions.  Right now,
        the event is only used by the newly added commands.  But in the future, many (and possibly all) of
        these editing commands will need to consider the event so they are applied to the correct selection.

        * WebCore.exp:
        * editing/Editor.cpp:
        (WebCore::execCopy):
        (WebCore::execCut):
        (WebCore::execDelete):
        (WebCore::execBackwardDelete):
        (WebCore::execForwardDelete):
        (WebCore::execMoveBackward):
        (WebCore::execMoveBackwardAndModifySelection):
        (WebCore::execMoveUpByPageAndModifyCaret):
        (WebCore::execMoveDown):
        (WebCore::execMoveDownAndModifySelection):
        (WebCore::execMoveForward):
        (WebCore::execMoveForwardAndModifySelection):
        (WebCore::execMoveDownByPageAndModifyCaret):
        (WebCore::execMoveLeft):
        (WebCore::execMoveLeftAndModifySelection):
        (WebCore::execMoveRight):
        (WebCore::execMoveRightAndModifySelection):
        (WebCore::execMoveToBeginningOfDocument):
        (WebCore::execMoveToBeginningOfDocumentAndModifySelection):
        (WebCore::execMoveToBeginningOfSentence):
        (WebCore::execMoveToBeginningOfSentenceAndModifySelection):
        (WebCore::execMoveToBeginningOfLine):
        (WebCore::execMoveToBeginningOfLineAndModifySelection):
        (WebCore::execMoveToBeginningOfParagraph):
        (WebCore::execMoveToBeginningOfParagraphAndModifySelection):
        (WebCore::execMoveToEndOfDocument):
        (WebCore::execMoveToEndOfDocumentAndModifySelection):
        (WebCore::execMoveToEndOfSentence):
        (WebCore::execMoveToEndOfSentenceAndModifySelection):
        (WebCore::execMoveToEndOfLine):
        (WebCore::execMoveToEndOfLineAndModifySelection):
        (WebCore::execMoveToEndOfParagraph):
        (WebCore::execMoveToEndOfParagraphAndModifySelection):
        (WebCore::execMoveParagraphBackwardAndModifySelection):
        (WebCore::execMoveParagraphForwardAndModifySelection):
        (WebCore::execMoveUp):
        (WebCore::execMoveUpAndModifySelection):
        (WebCore::execMoveWordBackward):
        (WebCore::execMoveWordBackwardAndModifySelection):
        (WebCore::execMoveWordForward):
        (WebCore::execMoveWordForwardAndModifySelection):
        (WebCore::execMoveWordLeft):
        (WebCore::execMoveWordLeftAndModifySelection):
        (WebCore::execMoveWordRight):
        (WebCore::execMoveWordRightAndModifySelection):
        (WebCore::execPaste):
        (WebCore::execSelectAll):
        (WebCore::execToggleBold):
        (WebCore::execToggleItalic):
        (WebCore::execRedo):
        (WebCore::execUndo):
        (WebCore::execInsertTab):
        (WebCore::execInsertBacktab):
        (WebCore::execInsertNewline):
        (WebCore::execInsertLineBreak):
        (WebCore::enabled):
        (WebCore::canPaste):
        (WebCore::hasEditableSelection):
        (WebCore::hasEditableRangeSelection):
        (WebCore::hasRangeSelection):
        (WebCore::hasRichlyEditableSelection):
        (WebCore::canRedo):
        (WebCore::canUndo):
        (WebCore::CommandEntry::):
        (WebCore::Editor::toggleBold):

        (WebCore::Editor::execCommand): Added optional event parameter.
        (WebCore::Editor::insertText): Added.  Calls handleTextInputEvent.
        (WebCore::Editor::insertTextWithoutSendingTextEvent): Renamed from insertText.
         Performs the actual insertion without dispatching any event.
        * editing/Editor.h:
        * page/EventHandler.cpp: (WebCore::EventHandler::defaultTextInputEventHandler):
          Call insertTextWithoutSendingTextEvent.

2007-03-14  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by darin
        
        ~3x speedup pasting 5k lines of rich text:
        http://shakespeare.mit.edu/hamlet/full.html
        ~2x speedup pasting 10k lines of plain text
        
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::computedStyle): Added for convenience.
        * css/CSSComputedStyleDeclaration.h:
        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplaceSelectionCommand::removeRedundantStyles):
        The code that pushed down the top level style span had
        a bug in it that made it do unnecessary work.  Instead of
        fixing the bug I removed the code because it was used to 
        help see more redundancies in second level style spans, but 
        createMarkup now *only* creates a top level style span.
        Only remove redundant styles from style spans and only remove
        unstyled elements if they are style spans.  FF doesn't
        remove redundant styles from elements, or remove redundant 
        font tags on copy/paste.  We could offer this functionality 
        through a separate "cleanup" command.
        * editing/markup.cpp:
        (WebCore::createMarkup): Only add markup for ancestors of 
        lastClosed if we're including markup for acommonAncestorBlock 
        (we do this for commonAncestorBlocks like tables and lists),
        otherwise it's unnecessary/redundant.

2007-03-14  Anders Carlsson  <acarlsson@apple.com>

        Reviewed by Ada.

        Make sure to call ResourceLoader::didReceiveData to ensure that there's a shared buffer with the resource
        data, since SubresourceLoaderClients now make use of that buffer.
        
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::didReceiveData):

2007-03-14  Administrator  <acarlsson@apple.com>

        Get the size from the shared buffer.
        
        * platform/graphics/cg/ImageSourceCG.cpp:
        (WebCore::ImageSource::setData):
        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::dataChanged):

2007-03-14  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Hyatt, thumbs up by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=12782
          Reproducible crash in BidiContext::deref

        Test: fast/dynamic/anonymous-block-orphaned-lines.html

        * rendering/InlineBox.cpp:
        (WebCore::InlineBox::root): Added an assertion that we return a root inline box.
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::removeChild): Added code to adopt the line boxes of
        anonymous blocks being destroyed instead of leaving them orphaned, which
        is what caused this crash. The boxes will be deleted on the next layout, but
        this ensures consistency in the mean time.

2007-03-14  Lars Knoll <lars@trolltech.com>

        Reviewed by Antti.

        Fix the Qt build.
        Add a getter to SharedBuffer that returns a reference to the internal
        Vector to avoid an extra copy of the data.

        * platform/SharedBuffer.h:
        (WebCore::SharedBuffer::buffer):
        * platform/graphics/qt/ImageQt.cpp:
        (WebCore::Image::loadPlatformResource):
        * platform/graphics/qt/ImageSourceQt.cpp:
        (WebCore::detectImageFormat):
        (WebCore::createDecoder):
        (WebCore::ImageSource::setData):

2007-03-14  Antti Koivisto  <antti@apple.com>

        Reviewed by Mitz.
        
        Fix <rdar://problem/5058774>
        REGRESSION: In Mail, caret appears oversized when typing in a To Do note
        
        Horizontal and vertical were switched. Was regression from
        http://trac.webkit.org/projects/webkit/changeset/20103

        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::addHighlightOverflow):

2007-03-14  David Hyatt  <hyatt@apple.com>

        Tweak the data() functions of stylesheets and scripts to be internally consistent.

        * loader/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::data):
        * loader/CachedScript.cpp:
        (WebCore::CachedScript::data):
        * loader/CachedXSLStyleSheet.cpp:
        (WebCore::CachedXSLStyleSheet::data):

2007-03-14  David Hyatt  <hyatt@apple.com>

        Fix Radar 5050688.  

        For large animated GIFs, destroy and recreate the source for every animation frame.  This keeps
        the memory consumption down while giant images are animating.

        Reviewed by andersca

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::BitmapImage):
        (WebCore::BitmapImage::destroyDecodedData):
        (WebCore::BitmapImage::dataChanged):
        (WebCore::BitmapImage::advanceAnimation):
        * platform/graphics/BitmapImage.h:

2007-03-14  David Hyatt  <hyatt@apple.com>

        Make sure to use CFDataCreateWithBytesNoCopy where we can.

        Reviewed by andersca

        * platform/graphics/cg/ImageSourceCG.cpp:
        (WebCore::ImageSource::setData):
        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::dataChanged):

2007-03-13  David Hyatt  <hyatt@apple.com>

        Fix for bugzilla bug 13050 and also radar p1 5050645.

        This patch reworks resource loading to avoid having redundant buffers in the icon database and in cached
        images in the WebCore cache.  It also avoids overcopying in top-level image documents and in the icon
        database.

        There is now only one SharedBuffer for a resource and everybody observes that buffer now instead of ever
        making their own.  Even ImageIO uses the SharedBuffer while decoding.

        The page in 13050 dropped from 145mb down to 45mb of memory use with this change for a stunning savings
        of 100mb.

        Reviewed by olliej, mjs

        * WebCore.exp:
        * loader/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::data):
        * loader/CachedCSSStyleSheet.h:
        * loader/CachedImage.cpp:
        (WebCore::CachedImage::data):
        * loader/CachedImage.h:
        * loader/CachedResource.cpp:
        (WebCore::CachedResource::CachedResource):
        (WebCore::CachedResource::~CachedResource):
        * loader/CachedResource.h:
        (WebCore::CachedResource::data):
        * loader/CachedScript.cpp:
        (WebCore::CachedScript::data):
        * loader/CachedScript.h:
        * loader/CachedXSLStyleSheet.cpp:
        (WebCore::CachedXSLStyleSheet::data):
        * loader/CachedXSLStyleSheet.h:
        * loader/DocLoader.cpp:
        (WebCore::DocLoader::checkCacheObjectStatus):
        * loader/ImageDocument.cpp:
        (WebCore::ImageTokenizer::writeRawData):
        (WebCore::ImageTokenizer::finish):
        * loader/icon/IconDataCache.cpp:
        (WebCore::IconDataCache::setImageData):
        (WebCore::IconDataCache::writeToDatabase):
        * loader/icon/IconDataCache.h:
        * loader/icon/IconDatabase.cpp:
        (WebCore::IconDatabase::imageDataForIconURL):
        (WebCore::IconDatabase::iconForPageURL):
        (WebCore::IconDatabase::setIconDataForIconURL):
        (WebCore::IconDatabase::setHaveNoIconForIconURL):
        (WebCore::IconDatabase::imageDataForIconURLQuery):
        * loader/icon/IconDatabase.h:
        * loader/icon/IconLoader.cpp:
        (WebCore::IconLoader::startLoading):
        (WebCore::IconLoader::didReceiveResponse):
        (WebCore::IconLoader::didReceiveData):
        (WebCore::IconLoader::didFail):
        (WebCore::IconLoader::finishLoading):
        (WebCore::IconLoader::clearLoadingState):
        * loader/icon/IconLoader.h:
        * loader/icon/SQLStatement.cpp:
        (WebCore::SQLStatement::getColumnBlobAsVector):
        (WebCore::SQLStatement::isExpired):
        * loader/icon/SQLStatement.h:
        * loader/loader.cpp:
        (WebCore::Loader::didFinishLoading):
        (WebCore::Loader::didReceiveData):
        * page/mac/WebCoreFrameBridge.mm:
        (-[WebCoreFrameBridge getData:andResponse:forURL:]):
        (-[WebCoreFrameBridge getAllResourceDatas:andResponses:]):
        * platform/SharedBuffer.h:
        (WebCore::SharedBuffer::isEmpty):
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::destroyDecodedData):
        (WebCore::BitmapImage::dataChanged):
        * platform/graphics/BitmapImage.h:
        * platform/graphics/Image.cpp:
        (WebCore::Image::setData):
        * platform/graphics/Image.h:
        (WebCore::Image::dataChanged):
        (WebCore::Image::data):
        * platform/graphics/ImageSource.h:
        * platform/graphics/cg/ImageSourceCG.cpp:
        (WebCore::ImageSource::setData):
        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::dataChanged):
        * platform/graphics/cg/PDFDocumentImage.h:
        * platform/graphics/mac/ImageMac.mm:
        (WebCore::Image::loadPlatformResource):
        * platform/graphics/svg/SVGImage.cpp:
        (WebCore::SVGImage::setData):
        * platform/mac/PasteboardMac.mm:
        (WebCore::fileWrapperForImage):

2007-03-13  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by darin
        
        <rdar://problem/5046875> 
        Gmail Editor: Applying alignment to selected text in message also applies alignment to signature

        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::doApply): Don't call applyBlockStyle unless
        there is a block style to apply.
        (WebCore::ApplyStyleCommand::applyBlockStyle): Don't do the remove step.
        It was unnecessary and removed properties from blocks that could contain 
        content outside the range being operated on (added a testcase).
        (WebCore::ApplyStyleCommand::addBlockStyleIfNeeded): Used an early return
        instead of if-nesting.
        * editing/ApplyStyleCommand.h:
        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::moveParagraphContentsToNewBlockIfNecessary):
        Return the new block, if one was created.  Use moveParagraphs to move
        paragraphs into the new block, instead of moving nodes.  The old code moved
        too much (added a testcase).
        * editing/CompositeEditCommand.h:

2007-03-13  Oliver Hunt  <oliver@apple.com>

        Reviewed by Brady.

        To fix <rdar://problem/5044366> we now pass a NSString
        representation of the URL extracted with _web_originalDataAsString
        instead of relying on [NSURL absoluteString] in the bridge

        * page/mac/WebCoreFrameBridge.h:
        * page/mac/WebCoreFrameBridge.mm:
        (-[WebCoreFrameBridge getData:andResponse:forURL:]):

2007-03-13  Brady Eidson  <beidson@apple.com>

        Reviewed by Anders

        <rdar://problem/5048818> - REGRESSION: Incompletely loaded resources being saved to the object cache

        Due to a subtle change in loader behavior back in 10904, we would stop all loaders before calling 
        didFail() on them in the Cache loader.  As a result, we basically cleared all of the Subresource Loaders 
        out of the Cache loader before more properly failing them as errored out.  The result?  Partially loaded
        resources being cached.
        
        Since Loader::didFail() both calls error() on the object *and* removes the loader, the solution is to call 
        didFail() for all cancelled loaders instead of *only* removing them from the set of active loaders.
        
        In addition, pages that didn't completely load were being saved to the back/forward cache.  To fix that,
        I added a null check on the DocumentLoader's error to see if the page ended in an error, or did indeed 
        completely load.

        Note that the layout test for this - if possible - will require other enhancements including possibly adding
        support for window.stop().  That task is documented in <rdar://problem/5061826>

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::provisionalLoadStarted): Fixed a few bugs relating to my original BFCache rewrite to
          more perfectly restore the original behavior - including only caching HTML documents via the 
          m_client->canCachePage() call
        (WebCore::FrameLoader::canCachePage): Don't make the call to m_client->canCachePage() as that serves a different
          purpose
          - Check the mainDocumentError to see if the load ended in error as a further criteria in determining the 
          cachability of a page

        * loader/loader.cpp:
        (WebCore::Loader::cancelRequests): Call didFail(cancelledError()) instead of just removing the loaders from the 
          loaders-in-progress set.  This adds the effect of properly cleaning up the cached object.

2007-03-13  Beth Dakin  <bdakin@apple.com>

        Rendering part reviewed by Hyatt. Editing part consulted with and 
        rubber stamped by Justin and Harrison.

        Fix for <rdar://problem/5025925> A hang occurs in Safari when 
        attempting to print page at http://www.pcadvisor.co.uk

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::makeChildrenNonInline): 
        RenderBlock::makeChildrenNonInline() takes a block's inline 
        children and turns them into block children. If the children had 
        line boxes, those boxes were being leaked. In the layout test I 
        added with the change (and at pcadvisor.co.uk during printing) 
        children were being made non-inline, and then they were being made 
        inline again. This meant that some of the children ended up 
        pointing to totally stale line boxes that are normally just leaked. 
        This caused an infinite loop in RenderFlow::destroy(). This patch 
        simply deletes everyone's line boxes in 
        RenderBlock::makeChildrenNonInline()

        * editing/InsertParagraphSeparatorCommand.cpp:
        (WebCore::InsertParagraphSeparatorCommand::doApply): The other part 
        of this fix is that I added a call to updateLayout in 
        InsertParagraphSeparatorCommand::doApply(). One layout test 
        (editing/spelling/spelling.html) was changed by my patch to 
        RenderBlock. doApply() inserts a node into the render tree. In at 
        least one case in spelling.html, that caused some line boxes to be 
        deleted. Back in doApply() this meant that the RenderTree was out-
        of-date, and we mistakenly thought we were at the end of the 
        paragraph. This caused us to insert a RenderBR() at the end of the 
        tree instead of an empty RenderText(). No one seems to know exactly 
        why we insert either, or if the change is necessarily a problem. It 
        is clear, though, that the RenderTree in doApply() is out-of-date 
        after inserting the node and deleting some line boxes, so it seems 
        prudent to call into updateLayout().

2007-03-13  Adam Roben  <aroben@apple.com>

        Reviewed by Anders.

        * platform/FontData.h: Added m_isSystemFont parameter to match NSFont.

2007-03-13  Beth Dakin  <bdakin@apple.com>

        Reviewed by Maciej.

        Export DocumentLoader::setFrame(). Part of fix for <rdar://
        problem/4277074> 8F32: Help Viewer crashed on clicking link - 
        KHTMLView::viewportMouseReleaseEvent (12647)

        * WebCore.exp:

2007-03-13  Darin Adler  <darin@apple.com>

        Reviewed by Maciej.

        - fix http://bugs.webkit.org/show_bug.cgi?id=12794
          <rdar://problem/5028154> REGRESSION: TripTik planner at aaa.com never
          finishes loading due to unclosed canvas tag (12794)

        Change <canvas> elements so that their contents are parsed normally,
        but not rendered. This change fixes the bug, because normal parsing
        rules close the <canvas> element in that case. The special parser
        stuff was just getting in the way.

        Also do some basic cleanup to the HTML parser. This was motivated by
        an earlier version of this patch that made even more changes to the
        parser, but the cleanup is still worth landing.

        Test: fast/canvas/canvas-hides-fallback.html
        Test: fast/canvas/script-inside-canvas-fallback.html
        Test: fast/canvas/unclosed-canvas-1.html
        Test: fast/canvas/unclosed-canvas-2.html
        Test: fast/canvas/unclosed-canvas-3.html
        Test: fast/canvas/unclosed-canvas-4.html

        * html/HTMLCanvasElement.h: Added a data member to keep track of whether the
        renderer is a RenderHTMLCanvas or not.
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::createRenderer): If JavaScript is enabled, create
        a RenderHTMLCanvas. If it's not, let the default code create the default type
        of renderer, which will result in fallback content being visible. The
        RenderHTMLCanvas class already hides all of its children. Set the m_rendererIsCanvas
        boolean accordingly. Since the actual storage for the canvas is allocated lazily
        when you actually get a drawing context, we don't need to do anything special
        to prevent it when JavaScript is disabled; the relevant functions won't be called.
        (WebCore::HTMLCanvasElement::reset): Protect the code that manipulates the
        RenderHTMLCanvas with a check of m_rendererIsCanvas. This is the only code inside
        the DOM element that relies on the renderer type.

        * html/HTMLParser.h: Removed unneeded includes. Marked HTMLParser as
        Noncopyable. Changed the Document parameter to the constructor to instead
        be HTMLDocument. Renamed discard_until to m_skipModeTag for clarity.
        Removed unused noSpaces function and unneeded public doc() function.
        Moved data members all down to the end so you can see them together in order.
        Renamed map to m_currentMapElement and isindex to m_isindexElement.
        Removed unused end and headLoaded data members.  Renamed m_fragment to
        m_isParsingFragment to make it clearer that it's a boolean, not a fragment.

        * html/HTMLParser.cpp:
        (WebCore::HTMLParser::HTMLParser): Changed to use member construction
        syntax instead of calling reset(). This is especially helpful in the
        fragment case, where calling reset() later on is illegal, so not using
        it in the constructor lets us assert.
        (WebCore::HTMLParser::~HTMLParser): Did an explicit deref instead of
        calling setCurrent for its side effect.
        (WebCore::HTMLParser::reset): Updated for member name changes and removal
        and to use document instead of doc().
        (WebCore::HTMLParser::setCurrent): Use document instead of doc().
        (WebCore::HTMLParser::setSkipMode): Added. No longer inline. Now sets the
        m_inCanvasBeforeFirstOpenTag data member to false.
        (WebCore::HTMLParser::parseToken): Tightened up the skip mode logic at the
        top of the function, and added a FIXME about the strange case there where
        we don't skip yet stay in skip mode. Updated for renaming and doc().
        (WebCore::HTMLParser::insertNode): Updated for renaming and doc().
        (WebCore::HTMLParser::handleError): Ditto.
        (WebCore::HTMLParser::framesetCreateErrorCheck): Ditto.
        (WebCore::HTMLParser::isindexCreateErrorCheck): Changed to use RefPtr.
        (WebCore::HTMLParser::noscriptCreateErrorCheck): Updated for renaming and doc().
        (WebCore::HTMLParser::mapCreateErrorCheck): Ditto.
        (WebCore::HTMLParser::getNode): Removed the special case for canvas here.
        Canvas fallback is now handled in the DOM, not the parser. Updated for
        renaming and doc().
        (WebCore::HTMLParser::allowNestedRedundantTag): Changed a #define into a C++
        constant.
        (WebCore::HTMLParser::processCloseTag): Updated for renaming and doc().
        (WebCore::HTMLParser::isInline): Ditto.
        (WebCore::HTMLParser::tagIsOnStack): Added. Used by new canvas logic.
        (WebCore::HTMLParser::popBlock): Updated for renaming and doc(). Also renamed
        the local variable Elem to elem.
        (WebCore::HTMLParser::createHead): Ditto.
        (WebCore::HTMLParser::handleIsindex): Changed to use RefPtr.
        (WebCore::HTMLParser::startBody): Updated for renaming and doc().
        (WebCore::HTMLParser::finished): Ditto.

2007-03-13  David Hyatt  <hyatt@apple.com>

        Two more cleanup fixes to the cache.  Don't call destroyDecodedData in the BitmapImage destructor, since
        clearing the image source and calling setData on it again causes it to do an extra copy of the encoded
        data.  Since we're about to be destroyed this is just wasteful.

        When the cache prunes, don't allow it to destroy the decoded data of an image that is still actively loading,
        since we've established that ImageIO can actually crash if you yank the rug out from under it like that.

        Reviewed by ggaren

        * loader/Cache.cpp:
        (WebCore::Cache::prune):
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::~BitmapImage):

2007-03-13  Anders Carlsson  <acarlsson@apple.com>

        Try fixing the Qt build.
        
        * editing/Editor.h:
        (WebCore::Editor::setStartNewKillRingSequence):

2007-03-13  David Harrison  <harrison@apple.com>

        Reviewed by Justin.

        <rdar://problem/5031181> cntl-k at end of paragraph adds nothing to the kill ring
        <rdar://problem/5031189> REGRESSION: cntl-y yanks only the most recently killed content

        For rdar://5031181, properly extend the selection before the killring handling, and
        make sure plainText of that selection returns a linefeed.
        
        For rdar://5031189, restore Editor::deleteRange() code that continued current killring,
        even though the range deletion implicitly stopped it via changing the selection.
        
        A byproduct of this change is the elimination of RUNDFINDER vs CONTENT TextIterator. The
        only difference between the two was whether to emit a newline when the range started
        with a blockflow element. No callers actually need that any more.

        Tests added:
        * editing/pasteboard/emacs-ctrl-k-y-001-expected.checksum: Added.
        * editing/pasteboard/emacs-ctrl-k-y-001-expected.png: Added.
        * editing/pasteboard/emacs-ctrl-k-y-001-expected.txt: Added.
        * editing/pasteboard/emacs-ctrl-k-y-001.html: Added.

        * editing/Editor.cpp:
        (WebCore::Editor::deleteRange):
        Clear the "start new kill ring sequence" setting, because it was set to true
        when the selection was updated by deleting the range.
        
        (WebCore::Editor::deleteWithDirection):
        If extending the selection to the end of paragraph resulted in a caret selection,
        extend by character, to handle the case when the selection started as a caret at
        the end of paragraph.
        
        * editing/TextIterator.cpp:
        (WebCore::TextIterator::TextIterator):
        Initialize new member variables for tracking handling of the beginning of the range.
        
        (WebCore::TextIterator::advance):
        Call representNodeOffsetZero on the m_endContainer.
        Move visibility checks into handleTextNode and handleReplacedElement.
        
        (WebCore::TextIterator::handleTextNode):
        (WebCore::TextIterator::handleTextBox):
        Call emitText.
        
        (WebCore::TextIterator::handleReplacedElement):
        Moved visibility check into here.
        
        (WebCore::shouldEmitNewlinesBeforeAndAfterNode):
        
        (WebCore::TextIterator::shouldRepresentNodeOffsetZero):
        (WebCore::TextIterator::representNodeOffsetZero):
        New. Emits proper sequence when encountering offset 0 of a node, including the
        m_endContainer. Started with code from handleNonTextNode.
        
        (WebCore::TextIterator::handleNonTextNode):
        Call representNodeOffsetZero.
        
        (WebCore::TextIterator::exitNode):
        Similar to shouldRepresentNodeOffsetZero, do not emit the newline if the node
        was collapsed, and before any other emitted content.
        
        (WebCore::TextIterator::emitCharacter):
        
        (WebCore::TextIterator::emitText):
        New. Consolidates code used by handleText and handleTextBox.
        
        (WebCore::CharacterIterator::CharacterIterator):
        Removed RUNFINDER.

        (WebCore::WordAwareIterator::WordAwareIterator):
        Removed RUNFINDER.
        
        (WebCore::WordAwareIterator::advance):
        Formatting.

        (WebCore::TextIterator::rangeLength):
        Formatting.
        
        * editing/TextIterator.h:
        Added member variables for tracking handling of the beginning of the range.
        Eliminated concept of RUNDFINDER vs CONTENT TextIterator.
        
        * editing/visible_units.cpp:
        (WebCore::nextBoundary):
        Eliminated concept of RUNDFINDER vs CONTENT TextIterator.

2007-03-13  David Hyatt  <hyatt@apple.com>

        Clean up the null image case in CachedImage::data to make sure the size totals will stay accurate.
        I'm not convinced this case can even be hit, but I'm cleaning it up just in case.

        * loader/CachedImage.cpp:
        (WebCore::CachedImage::data):

2007-03-13  David Hyatt  <hyatt@apple.com>

        Reorder the call to allReferencesRemoved, since otherwise the live object size will become
        incorrect.

        * loader/CachedResource.cpp:
        (WebCore::CachedResource::deref):

2007-03-13  Antti Koivisto  <antti@apple.com>

        Reviewed by Darin.
        
        Fix http://bugs.webkit.org/show_bug.cgi?id=11083
        REGRESSION: Typing tab key fails to insert a tab character in Google Docs editable area
        <rdar://problem/4757650>
        
        Allow inserting tabs in designMode. Backtab behaves like before (matches FF).

        * page/EventHandler.cpp:
        (WebCore::EventHandler::defaultTabEventHandler):

2007-03-13  David Hyatt  <hyatt@apple.com>

        Fix two counting errors in the decoded size of objects in the WebCore cache.  We need to explicitly
        destroy decoded data when clearing out a partially loaded image that had an error, since the destructor
        (although it does destroy the data) disconnects the observer so that the notification doesn't happen.

        Some CachedImages aren't in the cache (like image documents).  When the decoded size of such an image
        changes we should not notify the cache, since - newsflash - we aren't actually in it.

        Reviewed by ggaren

        * loader/CachedImage.cpp:
        (WebCore::CachedImage::clear):
        (WebCore::CachedImage::decodedSizeChanged):

2007-03-13  Darin Adler  <darin@apple.com>

        Reviewed by Tim Hatcher and John Sullivan.

        - fix <rdar://problem/4915303> CrashTracer: 36 crashes in Safari at
          com.apple.AppKit: -[NSView getRectsBeingDrawn:count:] + 502

        * page/mac/FrameMac.mm: (WebCore::Frame::imageFromRect):
        This was calling drawRect: directly, but NSView's getRectsBeingDrawn:count:
        method was never really safe to call unless it was AppKit that called your
        drawRect: method. Changed it to call drawSingleRect: instead. A little ugly,
        but seems to work and will almost certainly fix the bug.

2007-03-13  Nikolas Zimmermann  <zimmermann@kde.org>

        Reviewed by Maciej.

        Fixes: http://bugs.webkit.org/show_bug.cgi?id=12974

        Call forgetGenericContext in JSSVGPathSeg destructor, otherwhise
        we'll hit an ASSERT in a debug build, when running svg/custom/js-update-path-changes.svg
        a few dozen times in a single WebKit instance. The ASSERT is good and just warns that
        there was already a generic context pointer registered, and the new "to be registered"
        object already exists, but pointing to a different object. That's because garbage collection
        calls the JSSVGPathSeg destructor, but that didn't cleanup the generic context map.

        Only JSSVGPathSeg is hit by this problem, as it's the only non SVGAnimated* type
        using the generic context system while using a custom JSSVGPathSegList implementation.

        Also cleanup JSSVGPathSegListCustom code to call the static forgetGenericContext
        method instead of doing the same using custom code.

        * bindings/js/JSSVGPathSegListCustom.cpp:
        (WebCore::removeFromPathSegContextMap):
        (WebCore::JSSVGPathSegList::clear):
        (WebCore::JSSVGPathSegList::removeItem):
        * bindings/scripts/CodeGeneratorJS.pm:

2007-03-13  Darin Adler  <darin@apple.com>

        Reviewed by Adele.

        - fix http://bugs.webkit.org/show_bug.cgi?id=12595
          <rdar://problem/4722863> REGRESSION: Can't add item to cart at lnt.com
          (JS type error) (12595)

        Test: fast/forms/old-names.html

        * bindings/js/JSHTMLFormElementCustom.cpp:
        (WebCore::JSHTMLFormElement::canGetItemsForName): If the form collection has
        nothing for a given name, try the form's oldNamedElement function.
        (WebCore::JSHTMLFormElement::nameGetter): Ditto.

        * bindings/js/kjs_dom.h: Removed the DOMNamedNodesCollection. Instead we will use
        a class derived from NodeList.
        * bindings/js/kjs_dom.cpp: Ditto.

        * bindings/js/kjs_html.cpp:
        (KJS::VectorNodeList::VectorNodeList): Added. Constructor for a new class derived
        from NodeList to be used for the named items result from a collection -- uses a
        vector of node pointers.
        (KJS::VectorNodeList::length): Added.
        (KJS::VectorNodeList::item): Added.
        (KJS::JSHTMLCollection::getNamedItems): Use VectorNodeList and the existing wrapper
        for NodeList rather than a custom JavaScript class, DOMNamedNodesCollection.

        * dom/ChildNodeList.h:
        * dom/ChildNodeList.cpp:
        (WebCore::ChildNodeList::ChildNodeList): Updated to derive from TreeNodeList,
        since NodeList is now a simpler class.
        (WebCore::ChildNodeList::elementMatches): Updated for name and parameter change.

        * dom/NameNodeList.h:
        * dom/NameNodeList.cpp:
        (WebCore::NameNodeList::NameNodeList): Updated to derive from TreeNodeList,
        since NodeList is now a simpler class.
        (WebCore::NameNodeList::rootNodeAttributeChanged): Updated for name and
        parameter change.

        * dom/Node.h: Change register/unregister functions to take TreeNodeList.
        * dom/Node.cpp:
        (WebCore::TagNodeList::TagNodeList): Updated to derive from TreeNodeList,
        since NodeList is now a simpler abstract class.
        (WebCore::TagNodeList::elementMatches): Updated for name and parameter change.
        (WebCore::Node::registerNodeList): Changed type from NodeList to TreeNodeList.
        (WebCore::Node::unregisterNodeList): Ditto.

        * dom/NodeList.h: Broke NodeList into a simpler base class and a derived class
        with the machinery for iterating a tree, called TreeNodeList.
        * dom/NodeList.cpp:
        (WebCore::NodeList::~NodeList): Added.
        (WebCore::NodeList::itemWithName): Factored out of the old itemWithName.
        (WebCore::TreeNodeList::TreeNodeList): Renamed from NodeList.
        (WebCore::TreeNodeList::~TreeNodeList): Ditto.
        (WebCore::TreeNodeList::recursiveLength): Ditto.
        (WebCore::TreeNodeList::itemForwardsFromCurrent): Ditto.
        (WebCore::TreeNodeList::itemBackwardsFromCurrent): Ditto.
        (WebCore::TreeNodeList::recursiveItem): Ditto.
        (WebCore::TreeNodeList::itemWithName): Factored half of this into this function,
        the other half in NodeList::itemWithName.
        (WebCore::TreeNodeList::rootNodeAttributeChanged): Added. No longer inline.
        (WebCore::TreeNodeList::rootNodeChildrenChanged): Renamed from NodeList.

        * html/HTMLFormElement.h: Added formElementNameChanged and oldNamedElement
        fucntions, and a map called m_oldNames. Also removed m_boundary, which I
        thought I had already done.
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::HTMLFormElement): Initialize m_oldNames to 0.
        Switched the rest of the members to initialization syntax.
        (WebCore::HTMLFormElement::~HTMLFormElement): Delete m_oldNames.
        (WebCore::HTMLFormElement::formElementNameChanged): Added. Stores a reference
        to one element under each of its old names.
        (WebCore::HTMLFormElement::oldNamedElement): Added. Returns the old element
        that once had a given name.

        * html/HTMLGenericFormElement.h:
        * html/HTMLGenericFormElement.cpp:
        (WebCore::HTMLGenericFormElement::parseMappedAttribute): When the name
        attribute changes, tell the form about the old name.
        (WebCore::HTMLGenericFormElement::insertedIntoTree): When telling a form
        about an element, also store away the old name so that we can use it
        when the name changes later.

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::parseMappedAttribute): Added a call to the
        base class in the nameAttr case, so the code in HTMLGenericFormElement
        above will get called in the input element case.

2007-03-13  Antti Koivisto  <antti@apple.com>

        Reviewed by Alexey.

        Alexey spotted a DOS by using string of 64k unbreakable character in
        fix for http://bugs.webkit.org/show_bug.cgi?id=12833

        * dom/Text.cpp:
        (WebCore::Text::createWithLengthLimit):

2007-03-13  Lars Knoll <lars@trolltech.com>

        Fix the Qt build

        * WebCore.pro:

2007-03-13  Rob Buis  <buis@kde.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=12576
        WebKit does not support xlink:show attributes

        Make an exception for non-empty targets, these should be opened
        in a new window, unless the value is _self.

        * ksvg2/svg/SVGAElement.cpp:
        (WebCore::SVGAElement::defaultEventHandler):

2007-03-13  David Hyatt  <hyatt@apple.com>

        - fix cache issues seen in http://bugs.webkit.org/show_bug.cgi?id=13050
          6 objects and ~200MB leaked after opening then closing tab
          <rdar://problem/5058714>

        Double the encoded size of images for now.  We do this to account for a bug in ImageIO where they hold
        a separate copy of image data.  See <rdar://problem/5050645>.

        Reviewed by aroben.

        * loader/CachedImage.cpp:
        (WebCore::CachedImage::data):

2007-03-12  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>

        Not reviewed - gdk build fix.

        * platform/gdk/TemporaryLinkStubs.cpp:
        (SearchPopupMenu::enabled): add missing stub.

2007-03-12  David Kilzer  <ddkilzer@kilzer.net>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=13045
          REGRESSION: Blackboard CourseWare Error with Nightlies after Mar 8

        * html/HTMLFormElement.cpp:
        (WebCore::getUniqueBoundaryString): Speculative fix: remove dashes from
        the boundary prefix that appear after non-dash characters.

2007-03-12  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Anders.

        - fix http://bugs.webkit.org/show_bug.cgi?id=13015
          REGRESSION (r17233-r17241): Repro crash when leaving a page whose unload handler submits a form

        Test: fast/loader/onunload-form-submit-crash-2.html

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::finishedLoading): Added null check.

2007-03-12  Anders Carlsson  <acarlsson@apple.com>

        Reviewed by Darin.

        <rdar://problem/4900071>
        http://bugs.webkit.org/show_bug.cgi?id=6454
        ASSERTION: Navigating 'back' in frameset: !_private->previousItem (6454)

        Change back the behavior of checkLoadComplete to traverse the entire frame tree instead of
        just the parent frames of the current frame. This is needed in order to reset the previous history item
        for all frames when doing a frame navigation. (This was changed in revision 11819)
        
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::recursiveCheckLoadComplete):
        (WebCore::FrameLoader::checkLoadComplete):
        * loader/FrameLoader.h:

2007-03-12  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by darin
        
        <rdar://problem/5056619> 
        REGRESSION: Gmail Editor: Dragging text into Reply (textarea) field results in a crash at WebCore::InsertNodeBeforeCommand::doApply()
        
        * editing/SelectionController.cpp:
        (WebCore::removingNodeRemovesPosition): Added.
        (WebCore::SelectionController::nodeWillBeRemoved): Clear the
        selection if it's inside a shadow tree.
        * page/DragController.cpp:
        (WebCore::setSelectionToDragCaret): Return false to signal to
        clients that a drop shouldn't be performed if the second attempt
        to set a selection ends up in non-editable content.

2007-03-12  Darin Adler  <darin@apple.com>

        Reviewed by Tim Hatcher.

        - fixed JavaScript wrapper classes to be correct for a variety of cases
          that a new test uncovered: was broken for at least 5 classes

        - fixed Objective-C wrapper classes to be correct for a variety of cases
          that a test case uncovered: was broken for ast least 50 classes

        - added missing DOM API for creating OverflowEvent and WheelEvent instances

        Test: fast/dom/wrapper-classes.html

        * DerivedSources.make: Added missing bindings: HTMLCanvasElement for ObjC,
        CDATASection, Comment, and EntityReference for JavaScript.
        * WebCore.xcodeproj/project.pbxproj: Added those new generated files.

        * bindings/js/JSHTMLElementWrapperFactory.cpp:
        (WebCore::createJSHTMLWrapper): Corrected the wrapper classes for <keygen>,
        which needs an HTMLSelectElement wrapper, and <xmp>, which needs an
        HTMLPreElement wrapper.

        * bindings/objc/DOMInternal.h: Updated for new naming scheme.
        Also moved createDOMWrapper from the KJS namespace to the WebCore namespace.
        * bindings/objc/DOMUtility.mm:
        (KJS::createDOMWrapper): Broke the core function into a separate one, and
        left it in the KJS namespace because Objective-C++ rules make it impossible
        for it to work in the WebCore namespace. Used a macro-based implementation
        to cut down on repeated code, and added missing cases for Counter,
        HTMLOptionsCollection, Range, XPathExpression, XPathResult, Event, RGBColor,
        Rect, Window, DOMImplementation, NodeIterator, TreeWalker, and HTMLCollection.
        (WebCore::createDOMWrapper): The other half of the function.

        * bindings/objc/DOM.mm:
        (WebCore::createElementClassMap): Corrected the wrapper classes for
        <canvas>, which needs a DOMHTMLCanvasElement wrapper, <del>, which needs
        a DOMHTMLModElement wrapper, <embed>, which needs a DOMHTMLEmbedElement
        wrapper, <ins>, which needs a DOMHTMLModElement wrapper, <th>, which needs
        a DOMHTMLTableCellElement wrapper, and <xmp>, which needs an
        DOMHTMLPreElement wrapper.
        (+[DOMNode _wrapNode:]): Updated for new naming scheme.
        (+[DOMNode _wrapEventTarget:]): Ditto.
        (+[DOMNodeFilter _wrapNodeFilter:]): Ditto.
        (ObjCNodeFilterCondition::acceptNode): Ditto.
        (-[DOMDocument createNodeIterator:whatToShow:filter:expandEntityReferences:]): Ditto.
        (-[DOMDocument createTreeWalker:whatToShow:filter:expandEntityReferences:]): Ditto.
        (WebCore::ObjCEventListener::handleEvent): Ditto.

        * dom/Document.cpp: (WebCore::Document::createEvent):
        Added cases for OverflowEvent and WheelEvent.

        * dom/OverflowEvent.h: Added empty constructor and initOverflowEvent.
        * dom/OverflowEvent.cpp:
        (WebCore::OverflowEvent::OverflowEvent): Added.
        (WebCore::OverflowEvent::initOverflowEvent): Added.
        * dom/OverflowEvent.idl: Added initOverflowEvent.

        * bindings/objc/PublicDOMInterfaces.h: Added initOverflowEvent.

        * bindings/objc/DOMCSS.mm:
        (+[DOMStyleSheet _wrapStyleSheet:]): Updated for new naming scheme.
        (+[DOMCSSRule _wrapCSSRule:]): Corrected wrapper for CSSUnknownRule.
        (+[DOMCSSValue _wrapCSSValue:]): Updated for new naming scheme.

        * bindings/js/kjs_css.h:
        (KJS::DOMRGBColor::impl): Added. Used when making an ObjC wrapper.
        (KJS::DOMRect::impl): Ditto.

        * bindings/js/kjs_dom.cpp: (KJS::toJS): Corrected the wrapper classes for
        CDATASection, Comment, and EntityReference.

        * bindings/js/kjs_html.cpp: Corrected the class name for HTMLElement
        (was "DOMHTMLElement") and HTMLCollection (was "Collection").

        * bindings/objc/DOMImplementationFront.h:
        * bindings/objc/DOMImplementationFront.cpp:
        (WebCore::implementationFront): Added new overload that returns a front given
        a JavaScript wrapper. Needed by the code that makes the Objective-C wrapper.

        * bindings/objc/WebScriptObject.mm:
        (+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):
        Updated since createDOMWrapper is now in the WebCore namespace.

        * bindings/scripts/CodeGeneratorObjC.pm: Update the naming scheme for the
        wrapper creation functions to use _wrapElement: rather then _elementWith:
        style. Removed now-unneeded special cases for things that needed to stay
        upper-case, since we don't have to do the whole lcfirst thing.

        * html/HTMLCanvasElement.idl: Added #if so we can successfully generate the
        Objective-C wrapper for this class, even though we can't yet handle the
        DOMObject return type.

        * html/HTMLOptionsCollection.idl: Added GenerateNativeConverter so we get
        an appropriate toJS function.

        * bindings/objc/DOMEvents.mm:
        (+[DOMEvent _wrapEvent:]):
        * bindings/objc/DOMHTML.mm:
        (-[DOMHTMLDocument createDocumentFragmentWithMarkupString:baseURL:]):
        (-[DOMHTMLDocument createDocumentFragmentWithText:]):
        * bindings/objc/DOMObject.mm:
        (-[DOMObject sheet]):
        * bindings/objc/DOMRGBColor.mm:
        (-[DOMRGBColor red]):
        (-[DOMRGBColor green]):
        (-[DOMRGBColor blue]):
        (-[DOMRGBColor alpha]):
        (+[DOMRGBColor _wrapRGBColor:]):
        * bindings/objc/DOMSVGPathSegInternal.mm:
        (+[DOMSVGPathSeg _wrapSVGPathSeg:]):
        * bindings/objc/DOMXPath.mm:
        (+[DOMNativeXPathNSResolver _wrapXPathNSResolver:]):
        * page/mac/WebCoreFrameBridge.mm:
        (-[WebCoreFrameBridge nodesFromList:]):
        (-[WebCoreFrameBridge elementWithName:inForm:]):
        (-[WebCoreFrameBridge formForElement:]):
        (-[WebCoreFrameBridge currentForm]):
        (-[WebCoreFrameBridge controlsInForm:]):
        (-[WebCoreFrameBridge rangeByAlteringCurrentSelection:SelectionController::direction:SelectionController::granularity:]):
        (-[WebCoreFrameBridge convertNSRangeToDOMRange:]):
        (-[WebCoreFrameBridge markDOMRange]):
        (-[WebCoreFrameBridge markedTextDOMRange]):
        (-[WebCoreFrameBridge smartDeleteRangeForProposedRange:]):
        (-[WebCoreFrameBridge documentFragmentWithMarkupString:baseURLString:]):
        (-[WebCoreFrameBridge documentFragmentWithText:inContext:]):
        (-[WebCoreFrameBridge documentFragmentWithNodesAsParagraphs:]):
        (-[WebCoreFrameBridge replaceSelectionWithNode:selectReplacement:smartReplace:matchStyle:]):
        (-[WebCoreFrameBridge replaceSelectionWithText:selectReplacement:smartReplace:]):
        (-[WebCoreFrameBridge increaseSelectionListLevel]):
        (-[WebCoreFrameBridge increaseSelectionListLevelOrdered]):
        (-[WebCoreFrameBridge increaseSelectionListLevelUnordered]):
        (-[WebCoreFrameBridge dragCaretDOMRange]):
        (-[WebCoreFrameBridge editableDOMRangeForPoint:]):
        (-[WebCoreFrameBridge characterRangeAtPoint:]):
        (-[WebCoreFrameBridge typingStyle]):
        (-[WebCoreFrameBridge rangeOfCharactersAroundCaret]):
        * platform/mac/ClipboardMac.mm:
        (WebCore::ClipboardMac::declareAndWriteDragImage):
        * platform/mac/PasteboardMac.mm:
        (WebCore::Pasteboard::writeSelection):
        Updated for new naming scheme.

2007-03-12  Timothy Hatcher  <timothy@apple.com>

        Reviewed by Darin.

        <rdar://problem/4990691> REGRESSION: Selecting text in Adium's Messages field causes horizontal shift

        Corrected the recursive point conversion and scrolling done in scrollPointRecursively to use the
        document view of each NSClipView.

        * platform/mac/ScrollViewMac.mm:
        (WebCore::ScrollView::scrollPointRecursively): Call convertPoint:fromView: on the document views,
        not the clip views as we encounter them. Then call constrainScrollPoint: on the converted point to
        constrain to the document view bounds. And finally call scrollPoint: on the document view, not the clip view.

2007-03-12  Antti Koivisto  <antti@apple.com>

        Reviewed by Alexey.

        Fix http://bugs.webkit.org/show_bug.cgi?id=12833
        REGRESSION: Selecting text in 6.6MB txt file is sluggish as of the Feb 19th nightly
        <rdar://problem/5028159>
        
        Divide large text blocks (>64kB) over multiple text nodes. This limits linebox searches to
        a manageable subset.
        
        * dom/Text.cpp:
        (WebCore::Text::createWithLengthLimit):
        * dom/Text.h:
        * html/HTMLParser.cpp:
        (WebCore::HTMLParser::parseToken):
        * loader/TextDocument.cpp:
        (WebCore::TextTokenizer::write):

2007-03-12  David Hyatt  <hyatt@apple.com>

        Fix a regression in printing.  Printer fonts need to be part of the
        font cache key, since printer fonts have different glyph widths.
        (Integer antialiasing is used for screen fonts but not for printer fonts.)

        Reviewed by aroben

        * platform/FontCache.cpp:
        (WebCore::FontPlatformDataCacheKey::FontPlatformDataCacheKey):
        (WebCore::FontPlatformDataCacheKey::operator==):
        (WebCore::computeHash):
        (WebCore::FontCache::getCachedFontPlatformData):

2007-03-12  Lars Knoll <lars@trolltech.com>

        add missing symbol to fix the Qt build again.

        * platform/qt/SearchPopupMenuQt.cpp:
        (WebCore::SearchPopupMenu::enabled):

2007-03-12  Adele Peterson  <adele@apple.com>

        Reviewed by Oliver.

        Adding the ability to enable or disable a SearchPopupMenu.

        * platform/SearchPopupMenu.h:
        * platform/mac/SearchPopupMenuMac.mm: (WebCore::SearchPopupMenu::enabled):
        * rendering/RenderTextControl.cpp: (WebCore::RenderTextControl::showPopup):

2007-03-12  Rob Buis  <buis@kde.org>

        Reviewed by Nikolas Zimmermann.

        http://bugs.webkit.org/show_bug.cgi?id=12500
        SVG fails to correctly handle all link style selectors
        http://bugs.webkit.org/show_bug.cgi?id=12567
        <text> elements ignore <a> children

        Allow <a> inside svg text and handle xlink:show.

        * ksvg2/svg/SVGAElement.cpp:
        (WebCore::SVGAElement::createRenderer):
        (WebCore::SVGAElement::defaultEventHandler):
        (WebCore::SVGAElement::childShouldCreateRenderer):
        * ksvg2/svg/SVGAElement.h:
        * ksvg2/svg/SVGElement.h:
        (WebCore::SVGElement::isTextContent):
        * ksvg2/svg/SVGTextContentElement.h:
        (WebCore::SVGTextContentElement::isTextContent):
        * ksvg2/svg/SVGTextElement.cpp:
        (WebCore::SVGTextElement::childShouldCreateRenderer):
        * rendering/SVGInlineFlowBox.cpp:
        (WebCore::translateBox):
        (WebCore::placePositionedBoxesHorizontally):
        (WebCore::placeBoxesVerticallyWithAbsBaseline):

2007-03-12  Adele Peterson  <adele@apple.com>

        Reviewed by Oliver.

        Add a missing parameter to the constructor.

        * platform/PlatformKeyboardEvent.h:
        * platform/win/KeyEventWin.cpp: (WebCore::PlatformKeyboardEvent::PlatformKeyboardEvent):

2007-03-12  Lars Knoll <lars@trolltech.com>

        Fix the Qt build. I still get crashes though :/

        * platform/graphics/qt/ImageDecoderQt.cpp:
        (WebCore::ImageDecoderQt::clearFrame):
        * platform/graphics/qt/ImageDecoderQt.h:
        * platform/graphics/qt/ImageSourceQt.cpp:
        (WebCore::ImageSource::setData):
        (WebCore::ImageSource::frameIsCompleteAtIndex):
        (WebCore::ImageSource::clear):
        (WebCore::ImageSource::destroyFrameAtIndex):
        * platform/qt/ClipboardQt.cpp:
        (WebCore::ClipboardQt::ClipboardQt):
        * platform/qt/ClipboardQt.h:
        * platform/qt/DragDataQt.cpp:
        (WebCore::DragData::createClipboard):

2007-03-11  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>

        Not reviewed - gdk build fixes.

        * platform/gdk/EditorClientGdk.cpp:
        (WebCore::EditorClientGdk::respondToChangedSelection): add stub
        * platform/gdk/EditorClientGdk.h:
        * platform/gdk/FrameGdk.cpp:
        * platform/gdk/TemporaryLinkStubs.cpp:
        (Editor::markMisspellings): add stub

2007-03-11  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Adele.

        http://bugs.webkit.org/show_bug.cgi?id=12560
        W3C XPath test Text_Nodes.svg fails

        * xml/XPathStep.cpp:
        (WebCore::XPath::Step::nodeTestMatches): Revert the fix, as the behavior doesn't appear 
        all that desirable as it did at first glance.

2007-03-11  Oliver Hunt  <oliver@apple.com>

        Reviewed by hyatt.

        Fix for <rdar://problem/5055690> ASSERTION failure on drop into 
        editable element with content changed on drop 

        After setting the selection for a drop into an editable region 
        we make sure the we succeeded.  If we didn't we assume a focus handler
        or similar altered the element contents and try again, if the second
        attempt fails we bail out.

        * page/DragController.cpp:
        (WebCore::setSelectionToDragCaret):
        (WebCore::DragController::concludeDrag):

2007-03-11  Oliver Hunt  <oliver@apple.com>

        Reviewed by Adele.

        Moving Frame{Mac}::respondToChangedSelection to Frame.cpp
        Added new EditorClient method to handle old bridge function
        
        * bridge/EditorClient.h:
           Added respondToChangedSelection to replace old bridge function
        * editing/Editor.cpp:
        (WebCore::Editor::respondToChangedSelection):
           Add client call to replace old bridge call from Frame::respondToChangedSelection
        * editing/SelectionController.cpp:
        (WebCore::SelectionController::setSelection):
           No longer directly call Editor as Frame::respondToChangedSelection
           makes the call
        * page/Frame.cpp:
        (WebCore::Frame::respondToChangedSelection):
           Moved from FrameMac, replaced bridge call with call to Editor
        * page/mac/FrameMac.mm:
           Moved respondToChangedSelection to Frame.cpp
        * page/mac/WebCoreFrameBridge.h:
           Removed respondToChangedSelection from bridge
        * page/qt/FrameQt.cpp:
           Remove stub method for respondToChangedSelection

2007-03-11  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>

        Reviewed by Brady Eidson.

        Linux/gdk fix.

        * loader/gdk/FrameLoaderClientGdk.cpp:
        (WebCore::FrameLoaderClientGdk::shouldGoToHistoryItem): return true so
        that FrameLoader:goBackOrForwards() works.

2007-03-10  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.

        Fixed <rdar://problem/4587763> PAC file: lock inversion between QT and 
        JSCore causes a hang @ www.panoramas.dk
        
        See JavaScriptCore ChangeLog for details.
        
        * bindings/objc/WebScriptObject.mm:
        (_didExecute): Added helpful ASSERT.
        (+[WebScriptObject throwException:]): Added missing JSLock.

2007-03-11  Antti Koivisto  <antti@apple.com>

        Reviewed by Hyatt.

        Optimize linebox memory consumption:
        - move all bitfields to baseclass compacting them
        - make InlineTextBox::m_truncation unsigned short and make it relative to m_start
        - remove extremely rarely used EllipsisBox pointer from RootInlineBox and instead
          use a global hashmap to store it if needed
        - use minimum required number of bits to store BidiStatus enum variables in RootInlineBox
        - move overflow variables in RootInlineBox to a separate struct that is instantiated
          only if any of the variables is set to a value that can't trivially be derived from 
          box x, y, width and height
          
        As a result line box objects shrink:
            InlineBox: 44 -> 44 bytes
            InlineTextBox: 68 -> 60 bytes
            InlineFlowBox: 68 -> 64 bytes
            RootInlineBox: 128 -> 88 bytes
            
        The optimizations possiblity was noticed when debugging http://bugs.webkit.org/show_bug.cgi?id=12833
        Bug 12833: REGRESSION: Selecting text in 6.6MB txt file is sluggish as of the Feb 19th nightly
        <rdar://problem/5028159>
        
        On that page the patch saves 11.5MB or some 21% of linebox memory consumption. It also
        actually improves selection performance somewhat by improving memory locality.

        * rendering/InlineBox.h:
        (WebCore::InlineBox::InlineBox):
        * rendering/InlineFlowBox.h:
        (WebCore::InlineFlowBox::InlineFlowBox):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::placeEllipsisBox):
        (WebCore::InlineTextBox::nodeAtPoint):
        (WebCore::InlineTextBox::paint):
        (WebCore::InlineTextBox::paintDecoration):
        (WebCore::InlineTextBox::paintSpellingOrGrammarMarker):
        (WebCore::InlineTextBox::paintMarkedTextUnderline):
        * rendering/InlineTextBox.h:
        (WebCore::InlineTextBox::InlineTextBox):
        * rendering/RootInlineBox.cpp:
        (WebCore::throw):
        (WebCore::RootInlineBox::Overflow::operator delete):
        (WebCore::RootInlineBox::Overflow::destroy):
        (WebCore::RootInlineBox::destroy):
        (WebCore::RootInlineBox::detachEllipsisBox):
        (WebCore::RootInlineBox::clearTruncation):
        (WebCore::RootInlineBox::placeEllipsis):
        (WebCore::RootInlineBox::paintEllipsisBox):
        (WebCore::RootInlineBox::addHighlightOverflow):
        (WebCore::RootInlineBox::nodeAtPoint):
        (WebCore::RootInlineBox::adjustPosition):
        (WebCore::RootInlineBox::selectionTop):
        (WebCore::RootInlineBox::setLineBreakInfo):
        (WebCore::RootInlineBox::ellipsisBox):
        (WebCore::RootInlineBox::setVerticalOverflowPositions):
        (WebCore::RootInlineBox::setHorizontalOverflowPositions):
        (WebCore::RootInlineBox::setVerticalSelectionPositions):
        * rendering/RootInlineBox.h:
        (WebCore::RootInlineBox::RootInlineBox):
        (WebCore::RootInlineBox::topOverflow):
        (WebCore::RootInlineBox::bottomOverflow):
        (WebCore::RootInlineBox::leftOverflow):
        (WebCore::RootInlineBox::rightOverflow):
        (WebCore::RootInlineBox::lineBreakBidiStatus):
        (WebCore::RootInlineBox::selectionBottom):
        (WebCore::RootInlineBox::Overflow::Overflow):

2007-03-11  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin.

        A partial fix for http://bugs.webkit.org/show_bug.cgi?id=13021
        XPath can be very slow

        * xml/XPathExpression.cpp:
        (WebCore::XPathExpression::evaluate): Cache evaluationContext in a local variable.

        * xml/XPathExpressionNode.cpp:
        (WebCore::XPath::Expression::evaluationContext):
        * xml/XPathExpressionNode.h:
        (WebCore::XPath::Expression::addSubExpression):
        (WebCore::XPath::Expression::subExprCount):
        (WebCore::XPath::Expression::subExpr):
        * xml/XPathFunctions.cpp:
        * xml/XPathFunctions.h:
        (WebCore::XPath::Function::setName):
        (WebCore::XPath::Function::arg):
        (WebCore::XPath::Function::argCount):
        (WebCore::XPath::Function::name):
        Made one-liners critical for performance inline.

        * xml/XPathGrammar.y: Fully parse NodeTests, so that strings are no longer passed for what is
        essentially an enum. Use LocationPath accessors to add steps, instead of directly manipulating
        internal data members.

        * xml/XPathParser.cpp:
        (WebCore::XPath::Parser::parseStatement):
        (WebCore::XPath::Parser::registerNodeTest):
        (WebCore::XPath::Parser::deleteNodeTest):
        * xml/XPathParser.h:
        Added support methods for changes in XPathGrammar.y.

        * xml/XPathPath.cpp:
        (WebCore::XPath::Filter::evaluate): Cache evaluationContext in a local variable. Use swap() to avoid
        performing vector assignments.
        (WebCore::XPath::LocationPath::evaluate): Use swap() to avoid performing vector assignments.
        (WebCore::XPath::LocationPath::optimizeStepPair): This new method is called during LocationPath construction, 
        to simplify the path as it's being built. Currently, the only optimized case is "//*" - it is a basis for
        important operations that cannot be efficiently written in XPath 1.0, but can be optimized with a little bit
        of XPath 2.0.
        (WebCore::XPath::LocationPath::appendStep): A new accessor that modifies m_steps and calls optimizeStepPair().
        (WebCore::XPath::LocationPath::insertFirstStep): Ditto.
        * xml/XPathPath.h:
        (WebCore::XPath::LocationPath::setAbsolute): A new accessor.

        * xml/XPathStep.h:
        (WebCore::XPath::Step::NodeTest::):
        (WebCore::XPath::Step::NodeTest::NodeTest):
        (WebCore::XPath::Step::NodeTest::kind):
        (WebCore::XPath::Step::NodeTest::data):
        Step::NodeTest is a new sub-class that represents a fully parsed NodeTest.
        (WebCore::XPath::Step::axis):
        (WebCore::XPath::Step::nodeTest):
        (WebCore::XPath::Step::nodeTestData):
        (WebCore::XPath::Step::namespaceURI):
        (WebCore::XPath::Step::predicates):
        (WebCore::XPath::Step::setAxis):
        (WebCore::XPath::Step::setNodeTest):
        (WebCore::XPath::Step::setNodeTestData):
        (WebCore::XPath::Step::setNamespaceURI):
        (WebCore::XPath::Step::setPredicates):
        New accessors that let optimizeStepPair() manipulate Step data.

        * xml/XPathStep.cpp:
        (WebCore::XPath::Step::Step): Use the new NodeTest class.
        (WebCore::XPath::Step::evaluate): Cache evaluationContext in a local variable. Use swap() to avoid
        performing unneeded vector assignments.
        (WebCore::XPath::Step::nodesInAxis): Cosmetic changes.
        (WebCore::XPath::Step::nodeTestMatches): Use NodeTest instead of parsing the test from string each time.
        Added a partial implementation of XPath 2.0 element() node test.

2007-03-10  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=12249
        FCKeditor: <hr>, <ul> and <ol> have id="undefined"

        This fixes the attached reduction, but not the original issue.

        Test: editing/execCommand/default-parameters.html

        * dom/Document.h:
        * dom/Document.idl:
        Make second and third execCommand() parameters optional.

2007-03-10  Adele Peterson  <adele@apple.com>

        Reviewed by Maciej.

        Fix for http://bugs.webkit.org/show_bug.cgi?id=13028
        REGRESSION: textField:doCommandBySelector:inFrame: not being called properly

        * html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::defaultEventHandler):
          Before calling the base class defaultEventHandler, which will call handleKeypress, call doTextFieldCommandFromEvent.        

2007-03-10  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=13013
          REGRESSION: Selection box does not scroll to where the focus jumps when pressing an alphanumeric key

        Test: fast/forms/listbox-typeahead-scroll.html

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::setSelectedIndex): Reordered to set the active selection's
        anchor and end before selecting the option, since the active selection is used to
        decide where to scroll when the selection is made.
        (WebCore::HTMLSelectElement::defaultEventHandler): Removed redundant check.

2007-03-10  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=12973
          REGRESSION: Reproducible assert while loading this test file if css is already in the cache

        Test: fast/dom/css-cached-import-rule.html

        Replaced some direct calls to document->stylesheetLoaded() with calls to
        the sheet's checkLoaded(). The latter calls back to the element's sheetLoaded() --
        which notifies the document of the load -- and then updates the sheet's
        loadCompleted() flag, ensuring that it stays in sync with whether the stylesheet
        is still considered pending by the document.

        * dom/ProcessingInstruction.cpp:
        (WebCore::ProcessingInstruction::parseStyleSheet):
        * dom/StyleElement.cpp:
        (WebCore::StyleElement::childrenChanged):
        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::process):
        (WebCore::HTMLLinkElement::setCSSStyleSheet):
        * ksvg2/svg/SVGStyleElement.cpp:
        (WebCore::SVGStyleElement::sheetLoaded):
        * ksvg2/svg/SVGStyleElement.h:

2007-03-10  David Kilzer  <ddkilzer@webkit.org>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=9609
          REGRESSION: Missing image icon needs to be moved back to WebKit

        * WebCore.exp: Export WebCore::Image::loadPlatformResource(const char*) for use in
        [WebHTMLView _startDraggingImage:at:operation:event:sourceIsDHTML:DHTMLWroteData:].

2007-03-09  Darin Adler  <darin@apple.com>

        Reviewed by Justin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=8928
          <rdar://problem/5045708> REPRODUCIBLE ASSERT: Cannot paste HTML into a
          contenteditable region in an XHTML document (8928)

        Test: editing/pasteboard/paste-xml.xhtml

        * editing/markup.cpp: (WebCore::createFragmentFromMarkup): Added a check for 0
        here, since createContextualFragment can return 0 for XML documents that fail
        to parse. In my testing, callers all seem equipped to handle 0.

2007-03-09  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=9929
          REGRESSION: crash on logging in on mijnpostbank.nl

        Test: http/tests/misc/onload-remove-iframe-crash-2.html

        The resulted from an iframe's load event handler removing the iframe
        from the document.

        * dom/Document.cpp:
        (WebCore::Document::implicitClose): Bail out early if an event handler
        removed the frame.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::FrameLoader):
        (WebCore::FrameLoader::clear):
        (WebCore::FrameLoader::checkCompleted): Protect the frame from deletion
        by event handlers.
        (WebCore::FrameLoader::checkCompletedTimerFired):
        (WebCore::FrameLoader::scheduleCheckCompleted):
        (WebCore::FrameLoader::detachFromParent): Schedule a completion check
        on the parent (in case the child is what has been keeping it from completing).
        * loader/FrameLoader.h:

2007-03-08  David Kilzer  <ddkilzer@webkit.org>

        Reviewed by Beth.

        - fix http://bugs.webkit.org/show_bug.cgi?id=13019
          REGRESSION (r20074): Forms don't submit on a variety of websites

        No tests added since LayoutTests/fast/forms/document-write.html was timing out
        and causing a layout test failure.

        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::submit): Removed stray code.

2007-03-08  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>

        Not reviewed - gdk build fix.

        * platform/graphics/cairo/ImageSourceCairo.cpp:
        (WebCore::ImageSource::frameIsCompleteAtIndex): add empty stub

2007-03-08  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by harrison
        
        <rdar://problem/4903193> 
        On particular page, Copy is so slow it seems like a hang
        
        ~2x speedup copying:
        http://shakespeare.mit.edu/henryviii/full.html 
        Also produces less bloated markup.

        * editing/markup.cpp:
        (WebCore::startMarkup): Don't wrap text nodes in style spans.
        For Elements, don't inline styles inherited from ancestors.
        (WebCore::createMarkup): No longer necessary to find 
        the root's default style and pass it to startMarkup.
        Add a wrapper span around the markup with the styles
        that all nodes in the markup inherit (the inheritable 
        styles from the common ancestor container's computed style).
        Added a FIXME about unecessary markup for inline ancestors 
        up to the commonAncestorBlock.

2007-03-08  Darin Adler  <darin@apple.com>

        Reviewed by Adele.

        - <rdar://problem/4470381> multipart/form-data boundary security vulnerability

        By making the form data boundary a string with some random data in it, we reduce
        the possibility that anyone could take advantage of it by creating a file that
        intentionally has the boundary string in it.

        * html/HTMLFormElement.h: Removed boundary(), setBoundary(), and m_boundary.
        Marked a lot more stuff private.
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::HTMLFormElement): Removed code to initialize
        m_boundary.
        (WebCore::randomNumber): Added. Function that returns a random number, including
        seeding the random number generator the first time it's called. For now, usees the more
        random function random() on Mac OS X and the more-standard rand() on other platforms.
        (WebCore::HTMLFormElement::formData): Take a parameter with the form boundary string,
        and use that instead of m_boundary.
        (WebCore::getUniqueBoundaryString): Added. Makes a boundary string using random numbers
        and base 64 encoding.
        (WebCore::HTMLFormElement::submit): Call getUniqueBoundaryString and pass the boundary
        string into formData for multipart form posts.

2007-03-08  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Adele.
        
        <rdar://problem/4646563> REGRESSION: Unable to send text message from Verizon text message website: vtext.com (12588)
        http://bugs.webkit.org/show_bug.cgi?id=12588

        Carefully revised which focus operations restore previous selection, which clear it, and which
        select the whole control contents.
        
        Tests:
        fast/forms/focus-selection-input.html
        fast/forms/focus-selection-textarea.html
        
        * dom/Element.cpp:
        (WebCore::Element::focus):
        * dom/Element.h:
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::focus):
        (WebCore::HTMLInputElement::accessKeyAction):
        * html/HTMLInputElement.h:
        * html/HTMLLabelElement.cpp:
        (WebCore::HTMLLabelElement::focus):
        (WebCore::HTMLLabelElement::accessKeyAction):
        * html/HTMLLabelElement.h:
        * html/HTMLLegendElement.cpp:
        (WebCore::HTMLLegendElement::focus):
        * html/HTMLLegendElement.h:
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::focus):
        * html/HTMLTextAreaElement.h:
        * page/FocusController.cpp:
        (WebCore::FocusController::advanceFocus):

2007-03-08  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by harrison

        <http://bugs.webkit.org/show_bug.cgi?id=12244>
        FCKeditor: Find dialog doesn't work

        * bindings/js/kjs_window.cpp:
        (KJS::Window::find): Added.  This function doesn't yet 
        support whole word searches, searching in subframes, or
        opening the find dialog.
        (KJS::WindowFunc::callAsFunction):
        * bindings/js/kjs_window.h:
        (KJS::Window::):

2007-03-08  David Hyatt  <hyatt@apple.com>

        Fix regression from throwing away frames of large animated images.  Alter
        animated images so that they refuse to advance the animation until the
        current displayed frame has been fully decoded.

        Reviewed by ggaren

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::startAnimation):
        (WebCore::BitmapImage::advanceAnimation):
        * platform/graphics/ImageSource.h:
        * platform/graphics/cg/ImageSourceCG.cpp:
        (WebCore::ImageSource::frameIsCompleteAtIndex):

2007-03-08  David Hyatt  <hyatt@apple.com>

        Fix 2% performance regression on the PLT.  Increase the large animated
        image cutoff from 1MB to 5MB.

        In addition when pruning we will aggressively discard image sources.

        Reviewed by ggaren

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::destroyDecodedData):

2007-03-08  Timothy Hatcher  <timothy@apple.com>

        Reviewed by John.

        <rdar://problem/4664697> highlighter SPI needs a node parameter to give more context

        Pass the RenderObject's node to customHighlightLineRect and paintCustomHighlight.

        * page/Frame.h:
        * page/mac/FrameMac.mm:
        (WebCore::Frame::customHighlightLineRect):
        (WebCore::Frame::paintCustomHighlight):
        * page/mac/WebCoreFrameBridge.h:
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paintCustomHighlight):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::paintCustomHighlight):
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::addHighlightOverflow):
        (WebCore::RootInlineBox::paintCustomHighlight):

2007-03-08  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by harrison
        
        <http://bugs.webkit.org/show_bug.cgi?id=13000>
        Range.createContextualFragment is not supported

        * dom/Range.cpp:
        (WebCore::Range::createContextualFragment): The
        "startContainer" may not be a container, if the
        range starts inside text.  In that case, look
        to the parent of the start node for an HTMLElement.

2007-03-08  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by harrison
        
        <rdar://problem/5049671>
        Gmail Editor: With linked text, Remove Formatting doesn't always remove underline

        * editing/Editor.cpp:
        (WebCore::Editor::removeFormattingAndStyle): Clear removed
        anchors after the deletion.

2007-03-08  David Kilzer  <ddkilzer@webkit.org>

        Reviewed by NOBODY (build fix).

        Added missing file for r20059:
        <rdar://problem/4708689> -- REGRESSION: Some symbols with 2-byte display as garbage in Hotmail.

        File was taken from this svn repository which contained versions of ucnv.h and ucnv_err.h
        that were identical to ours:
        http://source.icu-project.org/repos/icu/icu/tags/release-3-2/source/common/unicode/ucnv_cb.h

        * icu/unicode/ucnv_cb.h: Added.

2007-03-08  Shrikant Gangoda  <shrikant.gangoda@celunite.com>

        Gdk build fix.

        * platform/graphics/cairo/ImageSourceCairo.cpp:
        (WebCore::ImageSource::~ImageSource):
        (WebCore::ImageSource::clear):

2007-03-08  Oliver Hunt  <oliver@apple.com>

        Reviewed by Adam.

        To match old TEC behaviour when using ICU we need to use 
        a few manual fallback encodings for the GBK/EUC-CN charsets

        <rdar://problem/4708689> -- REGRESSION: Some symbols with 2-byte display as garbage in Hotmail.

        * platform/TextCodecICU.cpp:
        (WebCore::TextCodecICU::TextCodecICU):
        (WebCore::TextCodecICU::createICUConverter):
        (WebCore::gbkEscapes):
        (WebCore::gbkCallbackEscape):
        (WebCore::gbkCallbackSubstitute):
        (WebCore::TextCodecICU::encode):
        * platform/TextCodecICU.h:
        (WebCore::TextCodecICU::needsGBKFallbacks):
        (WebCore::TextCodecICU::setNeedsGBKFallbacks):

2007-03-08  Alexey Proskuryakov  <ap@webkit.org>

        Build fix.

        * xml/XPathUtil.cpp:
        (WebCore::XPath::stringValue):

2007-03-08  David Hyatt  <hyatt@apple.com>

        This patch dramatically reduces the memory consumed by animated images.  For large animated GIFs (defined for
        now as >1mb in terms of decoded frame buffer size), we will now aggressively flush previous frames of the
        animated GIF and just re-decode them on the fly if the animation loops.

        Whenever a large animated GIF has its animation reset, we will also just throw out everything and start
        the animation over (in order to get rid of any cached detritus held in the ImageSource).

        With this patch and the sample GIF used to test, WebKit's memory consumption went from 160MB down to 16MB.

        Reviewed by mjs

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::destroyDecodedData):
        (WebCore::BitmapImage::resetAnimation):
        (WebCore::BitmapImage::advanceAnimation):
        * platform/graphics/ImageSource.h:
        * platform/graphics/cg/ImageSourceCG.cpp:
        (WebCore::ImageSource::~ImageSource):
        (WebCore::ImageSource::clear):

2007-03-08  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=13006
        XPath string-value is broken for some node types

        Test: fast/xpath/string-value.html

        * xml/XPathUtil.cpp:
        (WebCore::XPath::stringValue): Fix it :-)

2007-03-07  Anders Carlsson  <acarlsson@apple.com>

        Reviewed by Adam.

        <rdar://problem/4981000> 
        http://bugs.webkit.org/show_bug.cgi?id=12634
        REGRESSION: crash loading web archive (12634)
        
        The reason this bug wasn't always reproducible is that it involved sending an event to a plugin while 
        the page was loading. Before we send the event to the plugin we defer loads. The problem was that
        MainResourceLoader::setDefersLoad would not work with data loads.
        
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::setRequest):
        Only set m_committed to false if we also have a valid unreachable URL.
        
        * loader/MainResourceLoader.cpp:
        (WebCore::MainResourceLoader::setDefersLoading):
        Make sure to stop and start data loads.

2007-03-07  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>

        Not reviewed.

        Gdk build fixes.

        * platform/gdk/EditorClientGdk.cpp:
        (WebCore::EditorClientGdk::handleKeypress): renamed
        (WebCore::EditorClientGdk::handleInputMethodKeypress): add a stub
        * platform/gdk/EditorClientGdk.h:
        * platform/graphics/cairo/ImageSourceCairo.cpp:
        (WebCore::ImageSource::destroyFrameAtIndex): add a stub

2007-03-07  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=13004
        Repeatedly calling XPathExpression.evaluate() causes crashes or memory leaks

        Removed XPath::Expression::optimize() and related methods, since they were buggy and almost useless.
        Merged doEvaluate() into evaluate(), since this was all evaluate() was doing after the above changes.

        Test: fast/xpath/evaluate-twice.html

        * xml/XPathExpression.cpp:
        (WebCore::XPathExpression::evaluate):
        * xml/XPathExpressionNode.cpp:
        (WebCore::XPath::Expression::Expression):
        (WebCore::XPath::Expression::~Expression):
        * xml/XPathExpressionNode.h:
        * xml/XPathFunctions.cpp:
        (WebCore::XPath::FunLast::evaluate):
        (WebCore::XPath::FunPosition::evaluate):
        (WebCore::XPath::FunId::evaluate):
        (WebCore::XPath::FunLocalName::evaluate):
        (WebCore::XPath::FunNamespaceURI::evaluate):
        (WebCore::XPath::FunName::evaluate):
        (WebCore::XPath::FunCount::evaluate):
        (WebCore::XPath::FunString::evaluate):
        (WebCore::XPath::FunConcat::evaluate):
        (WebCore::XPath::FunStartsWith::evaluate):
        (WebCore::XPath::FunContains::evaluate):
        (WebCore::XPath::FunSubstringBefore::evaluate):
        (WebCore::XPath::FunSubstringAfter::evaluate):
        (WebCore::XPath::FunSubstring::evaluate):
        (WebCore::XPath::FunStringLength::evaluate):
        (WebCore::XPath::FunNormalizeSpace::evaluate):
        (WebCore::XPath::FunTranslate::evaluate):
        (WebCore::XPath::FunBoolean::evaluate):
        (WebCore::XPath::FunNot::evaluate):
        (WebCore::XPath::FunTrue::evaluate):
        (WebCore::XPath::FunLang::evaluate):
        (WebCore::XPath::FunFalse::evaluate):
        (WebCore::XPath::FunNumber::evaluate):
        (WebCore::XPath::FunSum::evaluate):
        (WebCore::XPath::FunFloor::evaluate):
        (WebCore::XPath::FunCeiling::evaluate):
        (WebCore::XPath::FunRound::evaluate):
        * xml/XPathPath.cpp:
        (WebCore::XPath::Filter::evaluate):
        (WebCore::XPath::LocationPath::evaluate):
        (WebCore::XPath::Path::evaluate):
        * xml/XPathPath.h:
        * xml/XPathPredicate.cpp:
        (WebCore::XPath::Number::evaluate):
        (WebCore::XPath::StringExpression::evaluate):
        (WebCore::XPath::Negative::evaluate):
        (WebCore::XPath::NumericOp::evaluate):
        (WebCore::XPath::EqTestOp::evaluate):
        (WebCore::XPath::LogicalOp::evaluate):
        (WebCore::XPath::Union::evaluate):
        * xml/XPathPredicate.h:
        * xml/XPathStep.cpp:
        * xml/XPathStep.h:
        * xml/XPathVariableReference.cpp:
        (WebCore::XPath::VariableReference::evaluate):
        * xml/XPathVariableReference.h:

2007-03-07  Sam Weinig  <sam@webkit.org>

        Reviewed by Tim H.

        Remove unused #import from Objective-C bindings and cleanup the order of #imports.

        * bindings/scripts/CodeGeneratorObjC.pm:

2007-03-07  Sam Weinig  <sam@webkit.org>

        Reviewed by Tim H.

        Make sure the baseURI attribute generates for private Objective-C bindings.

        * dom/Node.idl:

2007-03-07  Anders Carlsson  <acarlsson@apple.com>

        Reviewed by Maciej.

        <rdar://problem/4874059>
        REGRESSION: Painter IX:register - Crash in WebCore:: ResourceLoader::willSendRequest()

        If a load is done from inside of an error delegate method that is called because we cancel another load, 
        the first load should be ignored since this is what shipping WebKit does. 
        
        (Actually, it does load the page in the data source but doesn't do anything with it since the data source
        won't have a web frame).
        
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::load):
        Just bail out if m_isStoppingLoad is true.

2007-03-07  David Hyatt  <hyatt@apple.com>

        Use CGImageRelease instead of CFRelease.

        Reviewed by aroben

        * platform/graphics/cg/ImageCG.cpp:
        (WebCore::FrameData::clear):
        * platform/graphics/cg/ImageSourceCG.cpp:
        (WebCore::ImageSource::destroyFrameAtIndex):

2007-03-07  David Hyatt  <hyatt@apple.com>

        Fix a regression where the cache size overflows because of a double
        subtraction per resource when they got removed from the cache.  Add an
        assert to adjustSize to detect this case in the future.

        Fix ImageSourceCG so that when we flush decoded data from our cache that
        we also flush it from the ImageSource.

        Reviewed by mjs

        * loader/Cache.cpp:
        (WebCore::Cache::adjustSize):
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::~BitmapImage):
        (WebCore::BitmapImage::destroyDecodedData):
        * platform/graphics/Image.h:
        * platform/graphics/ImageSource.h:
        * platform/graphics/cg/ImageSourceCG.cpp:
        (WebCore::ImageSource::setData):
        (WebCore::ImageSource::destroyFrameAtIndex):

2007-03-07  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=13002
          Incomplete repaint of inset outlines

        Test: fast/repaint/outline-inset.html

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::repaintAfterLayoutIfNeeded):

2007-03-07  Oliver Hunt  <oliver@apple.com>

        Reviewed by Antti.

        Reset mouse down/drag state variables on mouse button release
        
        Fixes <rdar://problem/5044654>: Drag out of some QuickTime plug-ins converting into image drag

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleMouseReleaseEvent):

2007-03-07  Adele Peterson  <adele@apple.com>

        Reviewed by Darin.

        WebCore part of fix for:
        http://bugs.webkit.org/show_bug.cgi?id=10871
        http://bugs.webkit.org/show_bug.cgi?id=12677
        <rdar://problem/4823129> REGRESSION: IME key events different in nightly
        <rdar://problem/4759563> REGRESSION: Return key is always sent when you confirm a clause in kotoeri

        * page/EventHandler.cpp: (WebCore::EventHandler::defaultKeyboardEventHandler): Call handleInputMethodKeypress before actually dispatching the keypress event
          so that input methods have a chance to handle the event.  
          If the input method handles the event (by marking or unmarking text), then we don't need to send the keypress event.
          If an input method doesn't handle the event, then we'll save the data we need to perform the correct action (like what text to insert or what selector to use) 
          when we dispatch the keypress event.

        * dom/KeyboardEvent.h: Added Mac-specific KeypressCommand struct, so we can store command info during handleInputMethodKeypress, and use it during handleKeypress.
        (WebCore::KeyboardEvent::keypressCommand):
        (WebCore::KeyboardEvent::setKeypressCommand):

        * bridge/EditorClient.h:
        * editing/Editor.cpp:
        (WebCore::Editor::handleKeypress): Changed handleKeyPress to handleKeypress.
        (WebCore::Editor::handleInputMethodKeypress): Added.
        * editing/Editor.h:

        * platform/graphics/svg/SVGImageEmptyClients.h:
        (WebCore::SVGEmptyEditorClient::handleKeypress): Changed handleKeyPress to handleKeypress.
        (WebCore::SVGEmptyEditorClient::handleInputMethodKeypress): Added.

2007-03-07  Rob Buis  <buis@kde.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=12579
        WebKit fails SVG xml:base test

        Implement DOM3 properties baseURI and documentURI to fix
        the testcase in bug 12579.

        * bindings/js/kjs_dom.cpp:
        (KJS::DOMNode::getValueProperty):
        * bindings/js/kjs_domnode.h:
        (KJS::DOMNode::):
        * dom/Document.cpp:
        (WebCore::Document::documentURI):
        (WebCore::Document::setDocumentURI):
        (WebCore::Document::baseURI):
        * dom/Document.h:
        * dom/Document.idl:
        * dom/DocumentType.cpp:
        (WebCore::DocumentType::baseURI):
        * dom/DocumentType.h:
        * dom/Element.cpp:
        (WebCore::Element::baseURI):
        * dom/Element.h:
        * dom/Node.cpp:
        (WebCore::Node::baseURI):
        * dom/Node.h:
        * ksvg2/misc/SVGImageLoader.cpp:
        (WebCore::SVGImageLoader::updateFromElement):
        * ksvg2/svg/SVGImageElement.cpp:
        (WebCore::SVGImageElement::parseMappedAttribute):
        (WebCore::SVGImageElement::attach):

2007-03-07  Anders Carlsson  <acarlsson@apple.com>

        Reviewed by Brady.

        Remove some methods in FrameLoader that just calls down to the active document loader. Since each
        resource loader now has a pointer to its document loader, we can just call directly to the
        document loader.

        * WebCore.exp:
        * loader/FrameLoader.cpp:
        * loader/FrameLoader.h:
        * loader/MainResourceLoader.cpp:
        (WebCore::MainResourceLoader::willSendRequest):
        (WebCore::MainResourceLoader::didReceiveResponse):
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::SubresourceLoader):
        (WebCore::SubresourceLoader::didFinishLoading):
        (WebCore::SubresourceLoader::didFail):
        (WebCore::SubresourceLoader::didCancel):
        * loader/mac/NetscapePlugInStreamLoaderMac.mm:
        (WebCore::NetscapePlugInStreamLoader::didFinishLoading):
        (WebCore::NetscapePlugInStreamLoader::didFail):
        (WebCore::NetscapePlugInStreamLoader::didCancel):

2007-03-06  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Fixed <rdar://problem/4576242> | http://bugs.webkit.org/show_bug.cgi?id=12586
        PAC file: malloc deadlock sometimes causes a hang @ www.apple.com/pro/profiles/ (12586)
        
        No test because this is very difficult to repro, and the new ASSERTs in 
        JavaScriptCore catch the underlying cause while running normal layout tests.
        
        This is a modified version of r14752 on the branch.
        
        The fix is to use a bit inside each node, instead of a hash table, to track 
        which node subtrees are in the process of being marked. This avoids a call 
        to malloc inside mark().
        
        * bindings/js/kjs_binding.cpp:
        (KJS::domObjects):
        (KJS::domNodesPerDocument):
        * bindings/js/kjs_dom.cpp:
        (KJS::DOMNode::mark):
        * dom/Node.cpp:
        (WebCore::Node::Node):
        * dom/Node.h:

2007-03-06  David Hyatt  <hyatt@apple.com>

        This patch reworks the WebCore memory cache to significantly reduce the amount of memory consumed by
        images in the cache and to enhance the accuracy of the cache size as an absolute bound for the objects
        contained within it.  WebCore's memory use over time should significantly improve as a result of these
        changes.

        Cached resources now have both an encoded size (the original data stream) and a decoded size (an estimate of
        the amount of memory consumed by an expanded version of that resource, e.g., the decoded frames of an image).
        Both sizes now count towards the total size of the object and towards the allowed memory cache total.

        By including both totals the reported size of resources will now be larger, and the cache will therefore become
        much more aggressive about flushing.

        Objects are stored in size-adjusted and popularity-aware LRU lists as before, but encoded size is now always
        used when determining the correct LRU list.

        The flush algorithm for the memory cache has been rewritten to first destroy decoded data before evicting
        resources.  By being able to compact its resources without evicting them, the memory cache can now hold many more
        unique resources (encoded) in the same amount of space.  Depending on how much of a hit we want to take from
        re-decoding images, the memory cache could in theory have its size significantly reduced now while still holding
        more resources than it did at the larger size!

        Reviewed by mjs

        * WebCore.xcodeproj/project.pbxproj:
        * loader/Cache.cpp:
        (WebCore::Cache::requestResource):
        (WebCore::Cache::prune):
        (WebCore::Cache::remove):
        (WebCore::Cache::lruListFor):
        (WebCore::Cache::adjustSize):
        * loader/Cache.h:
        * loader/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::data):
        * loader/CachedImage.cpp:
        (WebCore::CachedImage::CachedImage):
        (WebCore::CachedImage::allReferencesRemoved):
        (WebCore::CachedImage::clear):
        (WebCore::CachedImage::data):
        (WebCore::CachedImage::destroyDecodedData):
        (WebCore::CachedImage::decodedSize):
        (WebCore::CachedImage::decodedSizeChanged):
        (WebCore::CachedImage::shouldPauseAnimation):
        * loader/CachedImage.h:
        * loader/CachedResource.cpp:
        (WebCore::CachedResource::CachedResource):
        (WebCore::CachedResource::deref):
        (WebCore::CachedResource::setEncodedSize):
        * loader/CachedResource.h:
        (WebCore::CachedResource::allReferencesRemoved):
        (WebCore::CachedResource::size):
        (WebCore::CachedResource::encodedSize):
        (WebCore::CachedResource::decodedSize):
        (WebCore::CachedResource::destroyDecodedData):
        * loader/CachedScript.cpp:
        (WebCore::CachedScript::data):
        * loader/CachedXSLStyleSheet.cpp:
        (WebCore::CachedXSLStyleSheet::data):
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::BitmapImage):
        (WebCore::BitmapImage::~BitmapImage):
        (WebCore::BitmapImage::destroyDecodedData):
        (WebCore::BitmapImage::pruneDecodedDataIfNeeded):
        (WebCore::BitmapImage::cacheFrame):
        (WebCore::BitmapImage::setNativeData):
        (WebCore::BitmapImage::shouldAnimate):
        (WebCore::BitmapImage::advanceAnimation):
        * platform/graphics/BitmapImage.h:
        (WebCore::BitmapImage::decodedSize):
        * platform/graphics/Image.cpp:
        (WebCore::Image::Image):
        * platform/graphics/Image.h:
        (WebCore::Image::destroyDecodedData):
        (WebCore::Image::decodedSize):
        (WebCore::Image::imageObserver):
        * platform/graphics/ImageAnimationObserver.h: Removed.
        * platform/graphics/ImageObserver.h: Added.
        (WebCore::ImageObserver::~ImageObserver):
        * platform/graphics/svg/SVGImage.cpp:
        (WebCore::SVGImage::SVGImage):
        * platform/graphics/svg/SVGImage.h:

2007-03-06  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Sam Weinig.

        http://bugs.webkit.org/show_bug.cgi?id=12987
        Fix and import 4XPath test_numeric_expr.html

        * xml/XPathPredicate.cpp:
        (WebCore::XPath::Negative::doEvaluate): Convert the argument to number.
        (WebCore::XPath::NumericOp::doEvaluate): Convert the arguments to numbers. Use a correct operation for mod.
        * xml/XPathStep.cpp:
        (WebCore::XPath::Step::nodesInAxis): Do not append parent node if there is none.
        * xml/XPathValue.cpp:
        (WebCore::XPath::Value::toNumber): Do not convert to DeprecatedString just to trim whitespace and to convert to double.
        * platform/DeprecatedString.cpp:
        (WebCore::DeprecatedStringData::makeAscii): Added a FIXME about unreliable makeAscii() behavior.

2007-03-06  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Adele.

        <rdar://problem/4619663> REGRESSION (NativePopup): Popup menu doesn't draw at the correct vertical position (9816)
        
        * platform/mac/PopupMenuMac.mm:
        (WebCore::PopupMenu::show): Make a temporary dummy view with the
        passed in rect, since AppKit will use the view bounds to determine
        what area to exclude when popping up a menu moved to the top of
        the screen.

2007-03-06  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        Fixed all known crashers exposed by run-webkit-tests --threaded [*]. See 
        JavaScriptCore ChangeLog for more details.

        * bindings/js/kjs_binding.cpp:
        (KJS::domNodesPerDocument): Added thread safety ASSERT.
        (KJS::ScriptInterpreter::mark): Removed obsolete logic for marking unsafe
        objects when collecting on a secondary thread. The Collector takes care
        of this now.

        * bindings/js/kjs_binding.h:
        (KJS::DOMObject::DOMObject): Used new API for specifying that WebCore
        objects should be garbage collected on the main thread only.

        * bindings/js/kjs_window.cpp:
        (KJS::ScheduledAction::execute): Moved JSLock to cover implementedsCall() call,
        which, for some subclasses, ends up allocating garbage collected objects.
        (This fix was speculative. I didn't actually see a crash from this.)
        (KJS::Window::timerFired): Added JSLock around ScheduleAction destruction,
        since it destroys a KJS::List.

        * bindings/objc/WebScriptObject.mm:
        (-[WebScriptObject setException:]): Added JSLock. (This fix was speculative. 
        I didn't actually see a crash from this.)

        * bridge/mac/WebCoreScriptDebugger.mm:
        (-[WebCoreScriptCallFrame evaluateWebScript:]): Added JSLock. (This fix 
        was speculative. I didn't actually see a crash from this.)

        * dom/Document.cpp:
        (WebCore::Document::~Document): Added JSLock around modification to 
        domNodesPerDocument(), which can be accessed concurrently during garbage 
        collection.
        * dom/Node.cpp:
        (WebCore::Node::setDocument): ditto.
        
        [*] fast/js/toString-stack-overflow.html is an exception. --threaded mode
        crashes this test because it causes the garbage collector to run frequently,
        and this test crashes if you happen to garbage collect while it's running.
        This is a known issue with stack overflow during the mark phase. It's
        not related to threading.

2007-03-06  Mark Rowe  <mrowe@apple.com>

        Reviewed by Sam Weinig.

        Fix http://bugs.webkit.org/show_bug.cgi?id=12942
        Bug 12942: ASSERTION FAILURE: qantas.com.au changing selected item in <select> via JS

        Test: fast/dom/select-selectedIndex-bug-12942.html.

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::recalcListItems): Reset m_lastOnChangeIndex when recalculating list items.
        * html/HTMLSelectElement.h:

2007-03-06  Brady Eidson  <beidson@apple.com>

        Rubberstamped by Kevin Decker

        20,000!

        * ChangeLog: Point out revision 20,000

2007-03-06  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>

        Not reviewed.

        Gdk build fix.

        * loader/gdk/FrameLoaderClientGdk.cpp: update userAgent() signature.
        (WebCore::FrameLoaderClientGdk::userAgent):
        * loader/gdk/FrameLoaderClientGdk.h: ditto.

2007-03-06  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Adele.

        - fix http://bugs.webkit.org/show_bug.cgi?id=12986
          REGRESSION(NativeListBox): Listboxes not updated when resized dynamically

        Test: fast/forms/select-change-listbox-size.html

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::parseMappedAttribute): Reattach on list box size change.

2007-03-06  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Dave Hyatt.

        - fix http://bugs.webkit.org/show_bug.cgi?id=12885
          REGRESSION (r19696): Incomplete background repaint

        Tests: fast/repaint/content-into-overflow.html
               fast/repaint/overflow-into-content.html

        Changed repaintAfterLayoutIfNeeded() to take, in addition to the clipped overflow
        rect, the unclipped border box plus outline, and to repaint any areas that
        were added or removed from that box, in addition to any areas added or removed
        from the clipped overflow rect.

        * platform/graphics/svg/SVGResourceMarker.cpp:
        (WebCore::SVGResourceMarker::draw):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::layoutBlock):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::absoluteClippedOverflowRect): Renamed getAbsoluteRepaintRect() to
        this.
        * rendering/RenderBox.h:
        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::layoutBlock):
        * rendering/RenderFlow.cpp:
        (WebCore::RenderFlow::absoluteClippedOverflowRect):
        * rendering/RenderFlow.h:
        * rendering/RenderForeignObject.cpp:
        (WebCore::RenderForeignObject::layout):
        * rendering/RenderHTMLCanvas.cpp:
        (WebCore::RenderHTMLCanvas::layout):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::layout):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        (WebCore::RenderLayer::checkForRepaintOnResize):
        (WebCore::RenderLayer::updateLayerPositions):
        * rendering/RenderLayer.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::repaint):
        (WebCore::RenderObject::repaintAfterLayoutIfNeeded):
        (WebCore::RenderObject::getAbsoluteRepaintRectWithOutline):
        (WebCore::RenderObject::absoluteClippedOverflowRect):
        (WebCore::RenderObject::absoluteOutlineBox):
        * rendering/RenderObject.h:
        * rendering/RenderPath.cpp:
        (WebCore::RenderPath::layout):
        (WebCore::RenderPath::absoluteClippedOverflowRect):
        (WebCore::RenderPath::absoluteRects):
        (WebCore::RenderPath::drawMarkersIfNeeded):
        * rendering/RenderPath.h:
        * rendering/RenderSVGContainer.cpp:
        (WebCore::RenderSVGContainer::layout):
        (WebCore::RenderSVGContainer::absoluteClippedOverflowRect):
        (WebCore::RenderSVGContainer::absoluteRects):
        * rendering/RenderSVGContainer.h:
        * rendering/RenderSVGHiddenContainer.cpp:
        (WebCore::RenderSVGHiddenContainer::absoluteClippedOverflowRect):
        * rendering/RenderSVGHiddenContainer.h:
        * rendering/RenderSVGImage.cpp:
        (WebCore::RenderSVGImage::imageChanged):
        (WebCore::RenderSVGImage::absoluteClippedOverflowRect):
        (WebCore::RenderSVGImage::absoluteRects):
        * rendering/RenderSVGImage.h:
        * rendering/RenderSVGText.cpp:
        (WebCore::RenderSVGText::absoluteClippedOverflowRect):
        (WebCore::RenderSVGText::layout):
        (WebCore::RenderSVGText::absoluteRects):
        * rendering/RenderSVGText.h:
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::layout):
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::absoluteClippedOverflowRect):
        * rendering/RenderTableCell.h:
        * rendering/RenderTableCol.cpp:
        (WebCore::RenderTableCol::absoluteClippedOverflowRect):
        * rendering/RenderTableCol.h:
        * rendering/RenderTableRow.cpp:
        (WebCore::RenderTableRow::absoluteClippedOverflowRect):
        * rendering/RenderTableRow.h:
        * rendering/RenderText.cpp:
        (WebCore::RenderText::absoluteClippedOverflowRect):
        * rendering/RenderText.h:

2007-03-06  Ian Eng <ian.eng.webkit@gmail.com>

        Reviewed by Maciej.

        - fixed http://bugs.webkit.org/show_bug.cgi?id=12720
        Bug 12720: Re-defining window.location.toString function keeps re-loading forever

        * bindings/js/kjs_window.cpp:
        Disallow replacing functions in LocationTable, and return early without updating URL.

2007-03-06  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Darin.

        <http://bugs.webkit.org/show_bug.cgi?id=12686>
        REGRESSION: Bloglines.com Feeds tab cannot expand folders in TOT
        - Now all class constructors implement implementsHasInstance.

        * bindings/scripts/CodeGeneratorJS.pm:

2007-03-07  Nikolas Zimmermann  <zimmermann@kde.org>

        Reviewed by Rob & Oliver.

        Preparations for the new SVG text engine.

        Handle baseline-shift / kerning css values correctly.
        Recognize missing svg presentation attribute "font-size-adjust".
        Add all missing svg<->css property mappings in mapToEntry().

        Doesn't affect any layout test (as these properties are not used w/o my text patch).
        While I'm at it, unify the macro names (RS_ -> SVG_RS_) & cleanup style a bit.

        * ksvg2/css/CSSPropertyNames.in:
        * ksvg2/css/SVGCSSParser.cpp:
        (WebCore::CSSParser::parseSVGValue):
        * ksvg2/css/SVGCSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::applySVGProperty):
        * ksvg2/css/SVGRenderStyle.cpp:
        (WebCore::SVGRenderStyle::SVGRenderStyle):
        (WebCore::SVGRenderStyle::operator==):
        (WebCore::SVGRenderStyle::inheritedNotEqual):
        (WebCore::SVGRenderStyle::inheritFrom):
        * ksvg2/css/SVGRenderStyle.h:
        (WebCore::SVGRenderStyle::NonInheritedFlags::):
        (WebCore::SVGRenderStyle::setBitDefaults):
        * ksvg2/css/SVGRenderStyleDefs.cpp:
        (StyleTextData::StyleTextData):
        (StyleTextData::operator==):
        (StyleMiscData::StyleMiscData):
        (StyleMiscData::operator==):
        * ksvg2/css/SVGRenderStyleDefs.h:
        (WebCore::):
        (WebCore::StyleTextData::operator!=):
        * ksvg2/svg/SVGStyledElement.cpp:
        (WebCore::SVGStyledElement::cssPropertyIdForSVGAttributeName):

2007-03-06  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by kevin
        
        <http://bugs.webkit.org/show_bug.cgi?id=12245>
        FCKeditor: Remove Format sometimes doesn't work
        <rdar://problem/4786404>
        Underline style is not removed from selection after performing Remove Format

        * editing/Editor.cpp:
        (WebCore::Editor::removeFormattingAndStyle): Re-wrote this.

2007-03-07  Nikolas Zimmermann  <zimmermann@kde.org>

        Reviewed by Oliver.

        Fixes: http://bugs.webkit.org/show_bug.cgi?id=12979
        Fixes: http://bugs.webkit.org/show_bug.cgi?id=12981

        Guard against registering pending resources with empty id.
        Be careful with calling recalcStyle() in SVGUseElement, when change is "Detach" we
        have to use special code, as calling attach() on the shadow tree root element will crash,
        because it has no (direct) parent node, only a shadow parent node element.

        * ksvg2/misc/SVGDocumentExtensions.cpp:
        (WebCore::SVGDocumentExtensions::addPendingResource):
        * ksvg2/svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::recalcStyle):

2007-03-06  Kevin Decker  <kdecker@apple.com>

        Reviewed by Adele.

        Fixed: <rdar://problem/5041660> REGRESSION: <keygen> element broken, prevents users from signing up for Thawte email certs
        
        * bindings/objc/DOM.mm:
        (WebCore::createElementClassMap): Added <keygen> to the DOM bindings so it can be accessed from Objective-C.
        * css/html4.css: Apply the look of the <select> element to <keygen>.
        * html/HTMLElementFactory.cpp:
        (WebCore::keygenConstructor): Added. 
        (WebCore::createFunctionMap): Added keygen.
        * html/HTMLSelectElement.cpp: Made const typeAheadTimeout variable static const. 
        (WebCore::HTMLSelectElement::HTMLSelectElement):  Fix both HTMLSelectElement constructors to initialize the
         same number of member variables. The fact that some fields were not initialized could (and would) crash the
         keygen element when selecting different items. Also removed m_typedString(String()) from the constructor
         initialization because this is not needed.

2007-03-06  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Darin.

        - Rename a function to clarify its purpose.

        * WebCore.exp:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::registerURLSchemeAsLocal):
        * loader/FrameLoader.h:

2007-03-06  Adam Roben  <aroben@apple.com>

        Build fix.

        * WebCore.exp: Updated symbols.

2007-03-06  Adam Roben  <aroben@apple.com>

        Reviewed by Anders.

        Added a parameter to all StringTruncator methods to specify whether
        rounding hacks should be on or off.

        No layout test possible.

        * platform/StringTruncator.cpp:
        (WebCore::stringWidth): Added disableRoundingHacks parameter.
        (WebCore::truncateString): Ditto.
        (WebCore::StringTruncator::centerTruncate): Ditto.
        (WebCore::StringTruncator::rightTruncate): Ditto.
        (WebCore::StringTruncator::width): Ditto.
        * platform/StringTruncator.h: Ditto.
        * platform/mac/FileChooserMac.mm:
        (WebCore::FileChooser::basenameForWidth): Pass in false to
        centerTruncate so that the truncation matches the way the text will be
        rendered.

2007-03-06  Anders Carlsson  <acarlsson@apple.com>

        Reviewed by Maciej.

        <rdar://problem/5035045>
        REGRESSION: WebKit browser doesn't display image at http://www.metoffice.gov.uk/weather/satellite/index.html
        
        It turns out WinIE does allow you to access images by their id as special document properties. However, this is only
        allowed when the element also has a name attribute. The value of the name attribute is ignored and can even be empty!
        
        * bindings/js/kjs_html.cpp:
        (KJS::JSHTMLDocument::namedItemGetter):
        Return jsUndefined() if the collection is empty.
        
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::parseMappedAttribute):
        (WebCore::HTMLImageElement::insertedIntoDocument):
        (WebCore::HTMLImageElement::removedFromDocument):
        * html/HTMLImageElement.h:
        Add the id attribute value to the extra named item map.
        
        * html/HTMLNameCollection.cpp:
        (WebCore::HTMLNameCollection::traverseNextItem):
        Check for images with name attributes that match, as well as elements with id attributes that match where
        the element also has a name attribute.

2007-03-06  Anders Carlsson  <acarlsson@apple.com>

        Reviewed by Adam.

        WebCore part of patch to make it possible to have different user agents for different URLs.

        * bindings/js/kjs_navigator.cpp:
        (KJS::Navigator::getValueProperty):
        * bindings/js/kjs_proxy.cpp:
        (WebCore::KJSProxy::initScriptIfNeeded):
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::setLoading):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::userAgent):
        (WebCore::FrameLoader::loadResourceSynchronously):
        (WebCore::FrameLoader::applyUserAgent):
        * loader/FrameLoader.h:
        * loader/FrameLoaderClient.h:
        * platform/graphics/svg/SVGImageEmptyClients.h:
        (WebCore::SVGEmptyFrameLoaderClient::userAgent):

2007-03-05  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Mark and Dave H.

        - rdar://problem/5038491
        An oversight of the security fix that prevented remote from loading local is that it
        prevents user style sheets when the site is remote.  This fixes that.

        * loader/Cache.cpp: Propogate and check user style sheet flag.
        (WebCore::createResource):
        (WebCore::Cache::requestResource):
        * loader/Cache.h: Propogate user style sheet flag.
        * loader/CachedCSSStyleSheet.cpp: Propogate user style sheet flag.
        (WebCore::CachedCSSStyleSheet::CachedCSSStyleSheet):
        * loader/CachedCSSStyleSheet.h: Propogate user style sheet flag.
        * loader/DocLoader.cpp: Propogate user style sheet flag.
        (WebCore::DocLoader::requestResource):
        * loader/SubresourceLoader.cpp: Propogate and check user style sheet flag.
        (WebCore::SubresourceLoader::create):
        * loader/SubresourceLoader.h: Add check for user style sheet flag.
        * loader/loader.cpp: Propogate user style sheet flag.
        (WebCore::Loader::load):
        (WebCore::Loader::servePendingRequests):
        * loader/loader.h: Propogate user style sheet flag.

2007-03-06  Nikolas Zimmermann  <zimmermann@kde.org>

        Reviewed by Darin.

        Fixes: http://bugs.webkit.org/show_bug.cgi?id=12936 (Master bug used to track all current use problems.)

        Fixes: http://bugs.webkit.org/show_bug.cgi?id=12926 (transform attribute not respected in nested <use> elements)
        Fixes: http://bugs.webkit.org/show_bug.cgi?id=12267 (getElementById broken for <use>)
        Fixes: http://bugs.webkit.org/show_bug.cgi?id=12916 (use instance in symbol definition does not work)
        Fixes: http://bugs.webkit.org/show_bug.cgi?id=12917 (mouseout event does not occur after scaling use instance)
        Fixes: http://bugs.webkit.org/show_bug.cgi?id=12838 (SVG <use> DOM broken for script)

        Added test: svg/custom/use-nested-transform.svg
        Added test: svg/custom/struct-use-09-b.svg (not yet official W3C-SVG-1.1 testcase)
        Fixes test: svg/custom/use-elementInstance-event-target.svg (rectangle now turns green on first click)

        Fix all (except one) known <use> bug. The remaining bug (12630) is not crucical at all.
        Enable <use> again as default SVG feature, as discussed on webkit-dev.

        dom/Element.cpp needed following tweak: set hasParentStyle to true, if there is no parentNode
        available - which happens for <use> nodes, as it's a shadow node. This fixes recalcStyle behaviour.
        Override recalcStyle() in SVGUseElement, and properly forward the call to the shadow tree root element.
        The shadow tree now receives proper style updates (without having to recreate the whole tree!).

        Override attributeChanged() in SVGUseElement and only call notifyAttributeChange if one of x/y/width/height/xlink:href
        attribute changed - otherwhise we'll end up recreating the tree for every transform/style/(non-existing-attribute) change.

        Do not override transform in nested use situations, but correctly append (right-sided) the translation of the <use> element.
        Some cosmetic fixes: don't add transform="translate(0 0)" attributes if both x/y values are null in the shadow tree.

        Factor out logic for replacing symbol/svg tags in the shadow tree, and also invoke it during expandUseElementsInShadowTree -
        otherwhise <symbol><use xlink:href="#someOtherSymbol"></symbol> the <use> gets expanded to a <symbol>. Though no one expands
        the <symbol> element - and we're end up in hitting an assertion. Avoid that.

        * bindings/js/JSSVGElementWrapperFactory.cpp:
        * bindings/js/kjs_dom.cpp:
        (KJS::toJS):
        * bindings/objc/DOM.mm:
        (WebCore::createElementClassMap):
        * dom/Element.cpp:
        (WebCore::Element::recalcStyle):
        * ksvg2/svg/SVGElement.cpp:
        (WebCore::shadowTreeParentElementForShadowTreeElement):
        (WebCore::SVGElement::dispatchEvent):
        * ksvg2/svg/SVGElementInstance.cpp:
        * ksvg2/svg/SVGElementInstance.h:
        * ksvg2/svg/SVGElementInstance.idl:
        * ksvg2/svg/SVGElementInstanceList.cpp:
        * ksvg2/svg/SVGElementInstanceList.h:
        * ksvg2/svg/SVGElementInstanceList.idl:
        * ksvg2/svg/SVGStyledElement.cpp:
        (WebCore::SVGStyledElement::notifyAttributeChange):
        (WebCore::SVGStyledElement::updateElementInstance):
        * ksvg2/svg/SVGStyledElement.h:
        * ksvg2/svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::attributeChanged):
        (WebCore::SVGUseElement::notifyAttributeChange):
        (WebCore::SVGUseElement::recalcStyle):
        (WebCore::SVGUseElement::buildPendingResource):
        (WebCore::SVGUseElement::buildShadowTreeForSymbolTag):
        (WebCore::SVGUseElement::alterShadowTreeForSVGTag):
        (WebCore::SVGUseElement::buildShadowTree):
        (WebCore::SVGUseElement::expandUseElementsInShadowTree):
        (WebCore::SVGUseElement::attachShadowTree):
        * ksvg2/svg/SVGUseElement.h:
        * ksvg2/svg/SVGUseElement.idl:
        * ksvg2/svg/svgtags.in:

2007-03-05  Brady Eidson  <beidson@apple.com>

        Reviewed by John

        Fixes <rdar://problem/4974258>
        Adds some key null checking

        * bindings/js/kjs_html.cpp:
        (KJS::JSHTMLElement::implementsCall): Null check doc/frame
        * bindings/objc/DOMInternal.mm:
        (-[WebScriptObject _initializeScriptDOMNodeImp]): Null check doc/frame

2007-03-06  Nikolas Zimmermann  <zimmermann@kde.org>

        Reviewed by Darin.

        Path::normalAngleAtLength() / Path::pointAtLength() don't work correctly.
        pointAtLength() was not implemented, basically and normalAngleAtLength()
        had a bug in the tangent slope calculation.

        The normalAngleAtLength() stuff can only be tested with my local textPath support.
        New LayoutTest: svg/custom/path-textPath-simulation.svg

        * platform/graphics/Path.cpp:
        (WebCore::pathLengthApplierFunction):
        * platform/graphics/PathTraversalState.cpp:
        (WebCore::PathTraversalState::quadraticBezierTo):
        (WebCore::PathTraversalState::cubicBezierTo):
        * platform/graphics/PathTraversalState.h:
        (WebCore::PathTraversalState::):

2007-03-05  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=12970
        Fix and import 4XPath test_core_functions.html test

        * xml/XPathExpression.cpp:
        (WebCore::XPathExpression::evaluate): Fully initialize the evaluation context.

        * xml/XPathFunctions.cpp:
        (WebCore::XPath::FunSubstring::doEvaluate): Fixed handling of edge cases.
        (WebCore::XPath::FunRound::round): Reimplemented to match the spec; exposed FunRound::round() to be used in
        other functions.

2007-03-05  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=12954
        XPath relative operations are implemented incorrectly

        * xml/XPathPredicate.cpp:
        (WebCore::XPath::NumericOp::doEvaluate):
        (WebCore::XPath::EqTestOp::compare):
        (WebCore::XPath::EqTestOp::doEvaluate):
        Reimplemented relative equality operations to match the spec.

        * xml/XPathPredicate.h:
        (WebCore::XPath::NumericOp::):
        (WebCore::XPath::EqTestOp::):
        Moved relative operations to EqTestOp.

        * xml/XPathGrammar.y:
        * xml/XPathParser.cpp:
        (WebCore::XPath::Parser::nextTokenInternal):
        (WebCore::XPath::Parser::lex):
        Adapted for the above changes.

2007-03-05  Mark Rowe  <mrowe@apple.com>

        Reviewed by Lars.

        Fix http://bugs.webkit.org/show_bug.cgi?id=12947
        Bug 12947: REGRESSION: ASSERTION FAILED: maxWidth >= 0 in StringTruncator.cpp:109 in WebCore::truncateString()

        Handle nil window correctly in toUserSpace and toDeviceSpace.  On Intel Macs a message to nil that returns a
        float will return 0.0.  We use this as the divisor in calculating a scale factor, which results in NaN being
        introduced into our rect.

        * platform/mac/ScreenMac.mm:
        (WebCore::toUserSpace):
        (WebCore::toDeviceSpace):

2007-03-05  Rob Buis  <buis@kde.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=12868
        parts of the CSS classes in this simple SVG example are not applied

        Make sure the xml stylesheets are parsed in strict mode.

        * dom/ProcessingInstruction.cpp:
        (WebCore::ProcessingInstruction::parseStyleSheet):

2007-03-04  Adele Peterson  <adele@apple.com>

        Reviewed by Darin.

        Change to dispatch the keypress event during the defaultEventHandler for keydown events.  This matches IE behavior.
        This is preparation for fixing event dispatch with input methods (http://bugs.webkit.org/show_bug.cgi?id=10871)

        Test: fast/events/keydown-keypress-preventDefault.html

        * dom/EventTargetNode.cpp: (WebCore::EventTargetNode::defaultEventHandler): Call the defaultKeyboardEventHandler for keydown events.
        * page/EventHandler.cpp:
        (WebCore::eventTargetNodeForDocument): Return 0 instead of false since the return type in EventTargetNode.
        (WebCore::EventHandler::keyEvent): Removed dispatch of keypress event, since this is now done in the default event handler.
        (WebCore::EventHandler::defaultKeyboardEventHandler): For keydown events, create and dispatch a keypress event.

2007-03-04  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Nikolas Zimmermann (yay!).

        http://bugs.webkit.org/show_bug.cgi?id=12962
        4XPath tests crash on lang() function

        Covered by 4XPath tests, to be landed later.

        * platform/StringImpl.cpp:
        (WebCore::StringImpl::reverseFind): Do not crash with empty strings.
        * xml/XPathFunctions.cpp:
        (WebCore::XPath::FunLang::doEvaluate): Do not crash when an element has no
        attributes. Use a proper namespace for xml:lang (not sure where "xms" came from).
        Rewrote the algorithm for suffix removing to match the spec.

2007-03-02  Anders Carlsson  <acarlsson@apple.com>

        Reviewed by Darin.

        <rdar://problem/5028165> 
        http://bugs.webkit.org/show_bug.cgi?id=12915
        REGRESSION: XMLHttpRequest.abort() does not stop loading (12915)
        
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::stopLoading):
        Save the value of m_loading since calling FrameLoader::stopLoading could set it to false.
        
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::didCancel):
        * loader/SubresourceLoader.h:
        Get rid of didCancel now, it's not needed anymore.
        
        * xml/xmlhttprequest.cpp:
        (WebCore::XMLHttpRequest::abort):
        Call cancel() instead of stopLoading(). Also, set m_aborted to true so the XMLHttpRequest object
        won't be dereferenced in didFail when aborting.

2007-03-04  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>

        Reviewed by Nikolas Zimmermann.

        Move ScrollView stubs to ScrollViewGdk.cpp

        * platform/gdk/FrameGdk.h: remove comment that no longer makes sense
        * platform/gdk/ScrollViewGdk.cpp:
        (WebCore::ScrollView::addChild):
        (WebCore::ScrollView::removeChild):
        (WebCore::ScrollView::scrollPointRecursively):
        (WebCore::ScrollView::inWindow):
        (WebCore::ScrollView::wheelEvent):
        (WebCore::ScrollView::updateScrollbars):
        (WebCore::ScrollView::updateScrollInfo):
        (WebCore::ScrollView::windowToContents):
        (WebCore::ScrollView::contentsToWindow):
        (WebCore::ScrollView::scrollbarUnderMouse):
        * platform/gdk/TemporaryLinkStubs.cpp:

2007-03-02  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Geoff.

        - rdar://problem/4922454
        - This fixes a security issue by making remote referrers not able to access local
        resources, unless they register their schemes to be treated as local. The result is
        that those schemes can access local resources and cannot be accessed by remote
        referrers.
        Because this behavior is new a link-on-or-after check is made to determine if the
        app should use the older, less safe, behavior.

        * WebCore.exp: added exported functions
        * bindings/objc/DOM.mm: consolodated function to base class
        (-[DOMElement image]):
        (-[DOMElement _imageTIFFRepresentation]):
        * dom/Document.cpp: Cache the document's ability to load local resources.
        (WebCore::Document::Document):
        (WebCore::Document::setURL):
        (WebCore::Document::shouldBeAllowedToLoadLocalResources):
        (WebCore::Document::stylesheetLoaded):
        * dom/Document.h: Cache the docuent's ability to load local resources.
        (WebCore::Document::getPendingSheet):
        (WebCore::Document::isAllowedToLoadLocalResources):
        * html/HTMLImageLoader.cpp: Moved functionality into base class.
        (WebCore::HTMLImageLoader::updateFromElement):
        (WebCore::HTMLImageLoader::dispatchLoadEvent):
        * html/HTMLLinkElement.cpp: Handles null returns correctly now.
        * html/HTMLTokenizer.cpp: Moved functionality into base class.
        (WebCore::HTMLTokenizer::notifyFinished):
        * ksvg2/misc/SVGImageLoader.cpp: Moved functionality into base class.
        (WebCore::SVGImageLoader::dispatchLoadEvent):
        * loader/Cache.cpp: Checks if the cached resource can be loaded.
        (WebCore::Cache::requestResource):
        * loader/CachedCSSStyleSheet.cpp: Moved functionality into base class.
        (WebCore::CachedCSSStyleSheet::ref):
        (WebCore::CachedCSSStyleSheet::error):
        * loader/CachedImage.cpp: Moved functionality into base class.
        (WebCore::CachedImage::CachedImage):
        * loader/CachedImage.h: Moved functionality into base class.
        (WebCore::CachedImage::canRender):
        * loader/CachedResource.cpp: Cache if the CachedResource should be treated as local
        (WebCore::CachedResource::CachedResource):
        * loader/CachedResource.h: Moved functionality into base class.
        (WebCore::CachedResource::errorOccurred):
        (WebCore::CachedResource::shouldTreatAsLocal):
        * loader/CachedScript.cpp: Moved functionality into base class.
        (WebCore::CachedScript::CachedScript):
        * loader/CachedScript.h: Moved functionality into base class.
        (WebCore::CachedScript::schedule):
        * loader/CachedXBLDocument.cpp: Moved functionality into base class.
        (WebCore::CachedXBLDocument::error):
        * loader/CachedXSLStyleSheet.cpp: Moved functionality into base class.
        (WebCore::CachedXSLStyleSheet::error):
        * loader/FrameLoader.cpp: See comments for each function below.
        (WebCore::FrameLoader::loadSubframe): Use new canLoad.
        (WebCore::FrameLoader::restrictAccessToLocal): return value of linked-on-or-after check.
        (WebCore::FrameLoader::setRestrictAccessToLocal): set value for linked-on-or-after check.
        (WebCore::localSchemes): Return set of schemes that are to be treated as local.
        (WebCore::FrameLoader::loadPlugin): Use new canLoad.
        (WebCore::FrameLoader::canLoad): Now multiple functions that each do the same work but some can take advantage of the cached values, if they were computed previously.
        (WebCore::FrameLoader::shouldHideReferrer): Extracted out the logic to determine if the referrer should be hidden so it is only calculated when needed.
        (WebCore::FrameLoader::loadResourceSynchronously): No longer calls canLoad to get hideReferrer info.
        (WebCore::FrameLoader::registerSchemeAsLocal): Functionality to register a scheme to be treated as local.
        (WebCore::FrameLoader::treatURLAsLocal): Given a URL this function determines if it should be treated as local.
        * loader/FrameLoader.h: Declared functions for this security fix.  See above.
        * loader/MainResourceLoader.cpp: Optized order of bools to regain performance.
        (WebCore::MainResourceLoader::continueAfterContentPolicy):
        * loader/SubresourceLoader.cpp: Now restricts remote from loading local resources.
        (WebCore::SubresourceLoader::create):
        * page/EventHandler.cpp: Moved functionality into base class.
        (WebCore::selectCursor):
        * platform/KURL.cpp: KURLs need to check all the registered schemes now.
        (WebCore::KURL::isLocalFile):
        * rendering/HitTestResult.cpp: Moved functionality into base class.
        (WebCore::HitTestResult::image):
        * rendering/RenderImage.cpp: Moved functionality into base class.
        (WebCore::RenderImage::setCachedImage):
        (WebCore::RenderImage::imageChanged):
        (WebCore::RenderImage::paint):
        (WebCore::RenderImage::layout):
        (WebCore::RenderImage::calcAspectRatioWidth):
        (WebCore::RenderImage::calcAspectRatioHeight):
        * rendering/RenderImage.h: Moved functionality into base class.
        (WebCore::RenderImage::errorOccurred):
        * rendering/RenderListItem.cpp: Moved functionality into base class.
        (WebCore::RenderListItem::setStyle):
        * rendering/RenderListMarker.cpp: Moved functionality into base class.
        (WebCore::RenderListMarker::isImage):
        * xml/xmlhttprequest.cpp: Check doc's cached value instead of determining independently.
        (WebCore::XMLHttpRequest::urlMatchesDocumentDomain):

2007-03-02  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by kevin
        
        <rdar://problem/5028447>
        REGRESSION: Gmail Editor: Copied message text pastes at the wrong font size

        * editing/markup.cpp:
        (WebCore::createMarkup): The style of the div that holds
        a fully selected body's styles didn't include styles inherited
        from the body's ancestors.
        
2007-03-02  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by harrison

        <rdar://problem/4545040>
        innerHTML does not HTML-escape text nodes inside PRE elements
        <rdar://problem/5027857>
        Pasting into Mail from Safari's view-source window renders the HTML

        * editing/HTMLInterchange.cpp:
        (WebCore::convertHTMLTextToInterchangeFormat): Send this function
        the node that the text comes from as a parameter.  It shouldn't convert
        '\n's to spaces/nbsps if the text is coming from text where newlines are
        preserved.
        * editing/HTMLInterchange.h:
        * editing/markup.cpp:
        (WebCore::startMarkup): Escape text inside the children of PREs.

2007-03-02  Sam Weinig  <sam@webkit.org>

        Reviewed by Anders.