Crash in the hit testing code via HTMLPlugInElement::isReplacementObscured()
[WebKit-https.git] / Source / WebCore / ChangeLog
index 2e00275..06bd2d0 100644 (file)
@@ -1,3 +1,633 @@
+2019-02-15  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Crash in the hit testing code via HTMLPlugInElement::isReplacementObscured()
+        https://bugs.webkit.org/show_bug.cgi?id=194691
+
+        Reviewed by Simon Fraser.
+
+        The crash was caused by HTMLPlugInElement::isReplacementObscured updating the document
+        without updating the layout of ancestor documents (i.e. documents in which frame owner
+        elements appear) even though it hit-tests against the top-level document's RenderView.
+
+        Fixed the bug by updating the layout of the top-level document as needed.
+
+        Test: plugins/unsupported-plugin-with-replacement-in-iframe-crash.html
+
+        * html/HTMLPlugInElement.cpp:
+        (WebCore::HTMLPlugInElement::isReplacementObscured):
+
+2019-02-15  Ross Kirsling  <ross.kirsling@sony.com>
+
+        [WTF] Add environment variable helpers
+        https://bugs.webkit.org/show_bug.cgi?id=192405
+
+        Reviewed by Michael Catanzaro.
+
+        * platform/NotImplemented.h:
+        * platform/cocoa/SystemVersion.mm:
+        (WebCore::createSystemMarketingVersion):
+        * platform/graphics/gstreamer/GStreamerCommon.cpp:
+        (WebCore::initializeGStreamer):
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
+        (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
+        * platform/graphics/nicosia/NicosiaPaintingEngine.cpp:
+        (Nicosia::PaintingEngine::create):
+        * platform/graphics/texmap/TextureMapperFPSCounter.cpp:
+        (WebCore::TextureMapperFPSCounter::TextureMapperFPSCounter):
+        * platform/graphics/x11/PlatformDisplayX11.cpp:
+        (WebCore::PlatformDisplayX11::create):
+        * platform/gtk/RenderThemeWidget.cpp:
+        (WebCore::RenderThemeScrollbar::RenderThemeScrollbar):
+        * platform/gtk/ScrollbarThemeGtk.cpp:
+        (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
+        * platform/network/curl/CurlContext.cpp:
+        (WebCore::CurlContext::CurlContext):
+        (WebCore::EnvironmentVariableReader::read): Deleted.
+        (WebCore::EnvironmentVariableReader::defined): Deleted.
+        (WebCore::EnvironmentVariableReader::readAs): Deleted.
+        (WebCore::EnvironmentVariableReader::sscanTemplate): Deleted.
+        (WebCore::EnvironmentVariableReader::sscanTemplate<signed>): Deleted.
+        (WebCore::EnvironmentVariableReader::sscanTemplate<unsigned>): Deleted.
+        * platform/network/curl/NetworkStorageSessionCurl.cpp:
+        (WebCore::defaultCookieJarPath):
+        * platform/network/playstation/CurlSSLHandlePlayStation.cpp:
+        (WebCore::getCACertPathEnv):
+        * platform/network/win/CurlSSLHandleWin.cpp:
+        (WebCore::getCACertPathEnv):
+        * platform/text/hyphen/HyphenationLibHyphen.cpp:
+        (WebCore::topLevelPath):
+        (WebCore::webkitBuildDirectory):
+        * platform/unix/LoggingUnix.cpp:
+        (WebCore::logLevelString):
+        * platform/win/LoggingWin.cpp:
+        (WebCore::logLevelString):
+        Utilize WTF::Environment where possible.
+
+2019-02-15  Antoine Quint  <graouts@apple.com>
+
+        Add a method to dispatch a PointerEvent based on a PlatformTouchEvent
+        https://bugs.webkit.org/show_bug.cgi?id=194702
+        <rdar://problem/48109355>
+
+        Reviewed by Dean Jackson.
+
+        * page/EventHandler.cpp:
+        (WebCore::EventHandler::dispatchPointerEventForTouchAtIndex):
+        * page/EventHandler.h:
+
+2019-02-15  Per Arne Vollan  <pvollan@apple.com>
+
+        [WebVTT] Inline WebVTT styles should start with '::cue'
+        https://bugs.webkit.org/show_bug.cgi?id=194227
+
+        Reviewed by Eric Carlson.
+
+        The original fix in r241203 is not sufficient, since it only checks if the CSS string starts
+        with '::cue'. Before accepting a CSS string from a WebVTT file, it should be checked that
+        all selectors starts with '::cue'.
+
+        Test: media/track/track-cue-css.html
+
+        * html/track/WebVTTParser.cpp:
+        (WebCore::WebVTTParser::checkAndStoreStyleSheet):
+
+2019-02-15  Youenn Fablet  <youenn@apple.com>
+
+        Add binding tests for ContextAllowsMediaDevices and ContextHasServiceWorkerScheme
+        https://bugs.webkit.org/show_bug.cgi?id=194713
+
+        Reviewed by Eric Carlson.
+
+        Binding tests covering mediaDevices and serviceWorker attributes.
+
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        (WebCore::JSTestObjPrototype::finishCreation):
+        (WebCore::jsTestObjMediaDevices1Getter):
+        (WebCore::jsTestObjMediaDevices1):
+        (WebCore::jsTestObjMediaDevices2Getter):
+        (WebCore::jsTestObjMediaDevices2):
+        (WebCore::jsTestObjServiceWorkers1Getter):
+        (WebCore::jsTestObjServiceWorkers1):
+        (WebCore::jsTestObjServiceWorkers2Getter):
+        (WebCore::jsTestObjServiceWorkers2):
+        * bindings/scripts/test/TestObj.idl:
+
+2019-02-15  Beth Dakin  <bdakin@apple.com>
+
+        Build fix.
+
+        * rendering/RenderThemeIOS.mm:
+        (WebCore::iconForAttachment):
+
+2019-02-15  Youenn Fablet  <youenn@apple.com>
+
+        Make ServiceWorkerClientFetch closer to WebResourceLoader
+        https://bugs.webkit.org/show_bug.cgi?id=194651
+
+        Reviewed by Alex Christensen.
+
+        Check for redirection response and if so call a specific client API.
+        Ensure ServiceWorkerFetch::Client gets called in the service worker thread proxy
+        so that its m_connection is only accessed on that thread.
+
+        Covered by existing tests.
+
+        * platform/network/FormData.h:
+        * platform/network/ResourceErrorBase.h:
+        * workers/service/context/ServiceWorkerFetch.cpp:
+        (WebCore::ServiceWorkerFetch::processResponse):
+        * workers/service/context/ServiceWorkerFetch.h:
+        * workers/service/context/ServiceWorkerThreadProxy.cpp:
+        (WebCore::ServiceWorkerThreadProxy::cancelFetch):
+        (WebCore::ServiceWorkerThreadProxy::continueDidReceiveFetchResponse):
+        * workers/service/context/ServiceWorkerThreadProxy.h:
+
+2019-02-15  Youenn Fablet  <youenn@apple.com>
+
+        Make navigator.mediaDevices SecureContext
+        https://bugs.webkit.org/show_bug.cgi?id=194666
+
+        Reviewed by Eric Carlson.
+
+        Make navigator.mediaDevices SecureContext.
+        This can still be enabled for unsecure context using the existing page settings.
+        To cover that case, introduce ContextHasMediaDevices custom IDL keyword.
+
+        Covered by API test.
+
+        * Modules/mediastream/NavigatorMediaDevices.idl:
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateRuntimeEnableConditionalString):
+        * bindings/scripts/IDLAttributes.json:
+        * dom/ScriptExecutionContext.cpp:
+        (WebCore::ScriptExecutionContext::hasMediaDevices const):
+        (WebCore::ScriptExecutionContext::hasServiceWorkerScheme const):
+        * dom/ScriptExecutionContext.h:
+
+2019-02-15  Youenn Fablet  <youenn@apple.com>
+
+        WebSocket should not fire events after being stopped
+        https://bugs.webkit.org/show_bug.cgi?id=194690
+
+        Reviewed by Geoffrey Garen.
+
+        dispatchOrQueueErrorEvent is scheduled using RunLoop::main().dispatch or dispatch_async.
+        This makes it possible to dispatch an event while WebSocket is already stopped.
+        Instead, use Document::postTask so that the task is only executed if WebSocket is not stopped.
+
+        As a refactoring, make use of PendingActivity to keep track of setPendingActivity/unsetPendingActivity more easily.
+
+        * Modules/websockets/WebSocket.cpp:
+        (WebCore::WebSocket::stop):
+        (WebCore::WebSocket::connect):
+        * Modules/websockets/WebSocket.h:
+
+2019-02-15  Youenn Fablet  <youenn@apple.com>
+
+        Performance should not fire events when its context is stopped
+        https://bugs.webkit.org/show_bug.cgi?id=194689
+
+        Reviewed by Alex Christensen.
+
+        Stop the timer when its context is destroyed.
+        Add an assertion to ensure the timer does not fire after context is destroyed.
+
+        * page/Performance.cpp:
+        (WebCore::Performance::stop):
+
+2019-02-15  Alex Christensen  <achristensen@webkit.org>
+
+        REGRESSION: ( r240978-r240985 ) [ iOS Release ] Layout Test imported/w3c/web-platform-tests/xhr/send-redirect-post-upload.htm is crashing
+        https://bugs.webkit.org/show_bug.cgi?id=194523
+
+        Reviewed by Geoffrey Garen.
+
+        The scope of the FormCreationContext was limited to the scope of createHTTPBodyCFReadStream,
+        so when it was used in formCreate it was lucky to get the same context if the stack hadn't been overwritten
+        and if the FormData hadn't been freed.  Instead, keep it alive with new/delete like we do the FormStreamFields.
+        A younger me should've noticed this when reviewing r218517.
+
+        * platform/network/cf/FormDataStreamCFNet.cpp:
+        (WebCore::formCreate):
+        (WebCore::createHTTPBodyCFReadStream):
+
+2019-02-15  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r241559 and r241566.
+        https://bugs.webkit.org/show_bug.cgi?id=194710
+
+        Causes layout test crashes under GuardMalloc (Requested by
+        ryanhaddad on #webkit).
+
+        Reverted changesets:
+
+        "[WTF] Add environment variable helpers"
+        https://bugs.webkit.org/show_bug.cgi?id=192405
+        https://trac.webkit.org/changeset/241559
+
+        "Unreviewed build fix for WinCairo Debug after r241559."
+        https://trac.webkit.org/changeset/241566
+
+2019-02-15  Youenn Fablet  <youenn@apple.com>
+
+        Stop the endpoint synchronously in RTCPeerConnection::close
+        https://bugs.webkit.org/show_bug.cgi?id=194688
+
+        Reviewed by Eric Carlson.
+
+        In the case where the peer connection is being closed, it was asynchronously stopping the endpoint.
+        But the endpoint, before being stopped, could try to fire an event.
+        If the context is gone in between, we end up with a null pointer dereference.
+
+        * Modules/mediastream/RTCPeerConnection.cpp:
+        (WebCore::RTCPeerConnection::close):
+
+2019-02-15  Zalan Bujtas  <zalan@apple.com>
+
+        [LFC] Out-of-flow box is never a float box
+        https://bugs.webkit.org/show_bug.cgi?id=194704
+
+        Reviewed by Antti Koivisto.
+
+        We can't have it both ways. Absolute positioning wins.
+
+        Test: fast/block/block-only/out-of-flow-is-never-float-box.html
+
+        * layout/layouttree/LayoutBox.cpp:
+        (WebCore::Layout::Box::isFloatingPositioned const):
+        (WebCore::Layout::Box::isLeftFloatingPositioned const):
+        (WebCore::Layout::Box::isRightFloatingPositioned const):
+
+2019-02-15  Philippe Normand  <pnormand@igalia.com>
+
+        [GStreamer] Simplify GObject class name check
+        https://bugs.webkit.org/show_bug.cgi?id=194537
+
+        Reviewed by Michael Catanzaro.
+
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
+        (WebCore::MediaPlayerPrivateGStreamer::uriDecodeBinElementAddedCallback):
+        Use G_OBJECT_TYPE_NAME() to filter out uridecodebin child
+        elements.
+
+2019-02-15  Wenson Hsieh  <wenson_hsieh@apple.com>
+
+        Refactor EditingStyle::textDirection to return an Optional<WritingDirection> instead of a bool
+        https://bugs.webkit.org/show_bug.cgi?id=194686
+
+        Reviewed by Ryosuke Niwa.
+
+        Changes EditingStyle::textDirection to return an Optional<WritingDirection>, instead of taking a reference to
+        the resulting WritingDirection. No change in behavior.
+
+        * editing/ApplyStyleCommand.cpp:
+        (WebCore::ApplyStyleCommand::splitAncestorsWithUnicodeBidi):
+        (WebCore::ApplyStyleCommand::applyInlineStyle):
+        * editing/EditingStyle.cpp:
+        (WebCore::EditingStyle::textDirection const):
+        (WebCore::EditingStyle::textDirectionForSelection):
+        * editing/EditingStyle.h:
+
+2019-02-10  Darin Adler  <darin@apple.com>
+
+        Replace more uses of String::format with StringConcatenate (mostly non-Apple platform-specific cases)
+        https://bugs.webkit.org/show_bug.cgi?id=194487
+
+        Reviewed by Daniel Bates.
+
+        * accessibility/win/AccessibilityObjectWrapperWin.cpp:
+        (WebCore::AccessibilityObjectWrapper::accessibilityAttributeValue): Use makeString
+        instead of String::format.
+
+        * page/linux/ResourceUsageOverlayLinux.cpp:
+        (WebCore::formatByteNumber): Use String::number instead of String::format.
+
+        * platform/audio/gstreamer/AudioSourceProviderGStreamer.cpp:
+        (WebCore::AudioSourceProviderGStreamer::AudioSourceProviderGStreamer):
+        Use makeString instead of String::format.
+        * platform/glib/UserAgentGLib.cpp:
+        (WebCore::platformVersionForUAString): Ditto.
+        * platform/graphics/gstreamer/GStreamerCommon.cpp:
+        (WebCore::simpleBusMessageCallback): Ditto.
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
+        (WebCore::MediaPlayerPrivateGStreamer::handleMessage): Ditto.
+        * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
+        (WebCore::AppendPipeline::AppendPipeline): Ditto.
+        (WebCore::AppendPipeline::handleStateChangeMessage): Ditto.
+        (WebCore::AppendPipeline::resetParserState): Ditto.
+        * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
+        (WebCore::MediaPlayerPrivateGStreamerMSE::load): Ditto.
+        (WebCore::MediaPlayerPrivateGStreamerMSE::doSeek): Ditto.
+
+        * platform/graphics/gtk/ImageBufferGtk.cpp:
+        (WebCore::encodeImage): Use String::number instead of String::format.
+
+        * platform/mediastream/gstreamer/GStreamerAudioCaptureSource.cpp:
+        (WebCore::GStreamerAudioCaptureSource::create): Use makeString instead of
+        String::format.
+        * platform/mediastream/gstreamer/GStreamerCaptureDeviceManager.cpp:
+        (WebCore::GStreamerCaptureDeviceManager::addDevice): Ditto.
+        * platform/mediastream/gstreamer/GStreamerMediaStreamSource.cpp:
+        (WebCore::webkitMediaStreamSrcAddPad): Ditto.
+        * platform/mediastream/gstreamer/GStreamerVideoCaptureSource.cpp:
+        (WebCore::GStreamerVideoCaptureSource::create): Ditto.
+        * platform/network/curl/CookieJarDB.cpp:
+        (WebCore::CookieJarDB::verifySchemaVersion): Ditto.
+        * platform/win/SearchPopupMenuDB.cpp:
+        (WebCore::SearchPopupMenuDB::verifySchemaVersion): Ditto.
+
+2019-02-15  Philippe Normand  <pnormand@igalia.com>
+
+        [GStreamer] Decoding media-capabilities configuration initial support
+        https://bugs.webkit.org/show_bug.cgi?id=191191
+
+        Reviewed by Xabier Rodriguez-Calvar.
+
+        This patch enables basic platform probing for GStreamer decoders,
+        optionally using Hardware decoding capabilities. The previous code
+        for decoders/demuxers probing partially duplicated between the MSE
+        player and its parent class was moved to a new module called
+        GStreamerRegistryScanner. There is one instance of it for the MSE player
+        and one for the parent class.
+
+        The scanner can check for the presence of the GstElement Hardware
+        metadata classifier in decoders and thus advise the
+        MediaEngineConfigurationFactoryGStreamer that hardware decoding is
+        supported or not. This is only a first step though. The scanner
+        should also probably attempt a NULL->READY transition on decoders
+        to validate specific input caps are supported. As this might
+        require changes in GStreamer, this part of the patch wasn't
+        included.
+
+        This patch is covered by the existing media tests.
+
+        * platform/GStreamer.cmake: New files.
+        * platform/graphics/MediaPlayer.cpp: Add support for converting
+        SupportsType enum to string.
+        (WebCore::convertEnumerationToString):
+        * platform/graphics/MediaPlayer.h: Ditto.
+        * platform/graphics/MediaPlayerEnums.h: Ditto.
+        * platform/graphics/gstreamer/GStreamerCommon.cpp: Move
+        gstRegistryHasElementForMediaType to GStreamerRegistryScanner.
+        * platform/graphics/gstreamer/GStreamerCommon.h: Ditto.
+        * platform/graphics/gstreamer/GStreamerRegistryScanner.cpp: Added.
+        (WebCore::GStreamerRegistryScanner::singleton):
+        (WebCore::GStreamerRegistryScanner::GStreamerRegistryScanner): Initialize
+        supported mime-types and codecs from the GStreamer registry.
+        (WebCore::GStreamerRegistryScanner::~GStreamerRegistryScanner): Free the element factories.
+        (WebCore::GStreamerRegistryScanner::gstRegistryHasElementForMediaType):
+        Check the input caps are supported, optionally using hardware
+        device.
+        (WebCore::GStreamerRegistryScanner::fillMimeTypeSetFromCapsMapping):
+        Moved from MediaPlayerPrivateGStreamer{,MSE}.
+        (WebCore::GStreamerRegistryScanner::initialize): Ditto.
+        (WebCore::GStreamerRegistryScanner::supportsCodec const): Ditto.
+        (WebCore::GStreamerRegistryScanner::supportsAllCodecs const): Ditto.
+        (WebCore::GStreamerRegistryScanner::isDecodingSupported const): Check
+        the given configuration is supported. For now hardware support is
+        checked for video configurations only as it is quite uncommon
+        anyway to have hardware-enabled audio decoders.
+        * platform/graphics/gstreamer/GStreamerRegistryScanner.h: Added.
+        (WebCore::GStreamerRegistryScanner::mimeTypeSet):
+        (WebCore::GStreamerRegistryScanner::supportsContainerType const):
+        (WebCore::GStreamerRegistryScanner::RegistryLookupResult::operator bool const):
+        * platform/graphics/gstreamer/MediaEngineConfigurationFactoryGStreamer.cpp: Added.
+        (WebCore::createMediaPlayerDecodingConfigurationGStreamer):
+        * platform/graphics/gstreamer/MediaEngineConfigurationFactoryGStreamer.h: Added.
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
+        Rely on new GStreamerRegistryScanner and add some debugging macros.
+        (WebCore::MediaPlayerPrivateGStreamer::getSupportedTypes):
+        (WebCore::MediaPlayerPrivateGStreamer::supportsType):
+        * platform/graphics/gstreamer/mse/AppendPipeline.cpp: Ditto. Also
+        plug qtdemux for AAC containers, this is an explicit consequence
+        of finer-grained codecs probing.
+        (WebCore::AppendPipeline::AppendPipeline):
+        (WebCore::AppendPipeline::parseDemuxerSrcPadCaps):
+        * platform/graphics/gstreamer/mse/GStreamerRegistryScannerMSE.cpp: Added.
+        (WebCore::GStreamerRegistryScannerMSE::singleton):
+        (WebCore::GStreamerRegistryScannerMSE::GStreamerRegistryScannerMSE):
+        * platform/graphics/gstreamer/mse/GStreamerRegistryScannerMSE.h: Added.
+        * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
+        Rely on new GStreamerRegistryScanner and add some debugging macros.
+        (WebCore::MediaPlayerPrivateGStreamerMSE::getSupportedTypes):
+        (WebCore::MediaPlayerPrivateGStreamerMSE::supportsType):
+        * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.h:
+        * platform/mediacapabilities/MediaEngineConfigurationFactory.cpp:
+        (WebCore::factories): GStreamer support.
+
+2019-02-14  Joseph Pecoraro  <pecoraro@apple.com>
+
+        Web Inspector: Occasional crash under WebCore::CSSStyleSheet::item called from Inspector
+        https://bugs.webkit.org/show_bug.cgi?id=194671
+        <rdar://problem/47628191>
+
+        Reviewed by Devin Rousso.
+
+        * css/CSSStyleSheet.cpp:
+        (WebCore::CSSStyleSheet::item):
+        A crash may happen if the m_childRuleCSSOMWrappers Vector gets out of
+        sync with the m_contents list of rules. In particular if the wrappers
+        vector is shorter than the rule list. We tried exercising code paths
+        that modify these lists but were not able to reproduce the crash.
+        To avoid a crash we can make this access safer and avoid the original
+        overflow. At the same time we will keep and promote the assertion that
+        would catch the lists getting out of sync in debug builds.
+
+2019-02-14  Ross Kirsling  <ross.kirsling@sony.com>
+
+        Unreviewed build fix for WinCairo Debug after r241559.
+
+        * platform/network/curl/CurlContext.cpp:
+        (WebCore::CurlContext::CurlContext):
+
+2019-02-14  Ross Kirsling  <ross.kirsling@sony.com>
+
+        [WTF] Add environment variable helpers
+        https://bugs.webkit.org/show_bug.cgi?id=192405
+
+        Reviewed by Michael Catanzaro.
+
+        * platform/NotImplemented.h:
+        * platform/cocoa/SystemVersion.mm:
+        (WebCore::createSystemMarketingVersion):
+        * platform/graphics/gstreamer/GStreamerCommon.cpp:
+        (WebCore::initializeGStreamer):
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
+        (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
+        * platform/graphics/nicosia/NicosiaPaintingEngine.cpp:
+        (Nicosia::PaintingEngine::create):
+        * platform/graphics/texmap/TextureMapperFPSCounter.cpp:
+        (WebCore::TextureMapperFPSCounter::TextureMapperFPSCounter):
+        * platform/graphics/x11/PlatformDisplayX11.cpp:
+        (WebCore::PlatformDisplayX11::create):
+        * platform/gtk/RenderThemeWidget.cpp:
+        (WebCore::RenderThemeScrollbar::RenderThemeScrollbar):
+        * platform/gtk/ScrollbarThemeGtk.cpp:
+        (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
+        * platform/network/curl/CurlContext.cpp:
+        (WebCore::CurlContext::CurlContext):
+        (WebCore::EnvironmentVariableReader::read): Deleted.
+        (WebCore::EnvironmentVariableReader::defined): Deleted.
+        (WebCore::EnvironmentVariableReader::readAs): Deleted.
+        (WebCore::EnvironmentVariableReader::sscanTemplate): Deleted.
+        (WebCore::EnvironmentVariableReader::sscanTemplate<signed>): Deleted.
+        (WebCore::EnvironmentVariableReader::sscanTemplate<unsigned>): Deleted.
+        * platform/network/curl/NetworkStorageSessionCurl.cpp:
+        (WebCore::defaultCookieJarPath):
+        * platform/network/playstation/CurlSSLHandlePlayStation.cpp:
+        (WebCore::getCACertPathEnv):
+        * platform/network/win/CurlSSLHandleWin.cpp:
+        (WebCore::getCACertPathEnv):
+        * platform/text/hyphen/HyphenationLibHyphen.cpp:
+        (WebCore::topLevelPath):
+        (WebCore::webkitBuildDirectory):
+        * platform/unix/LoggingUnix.cpp:
+        (WebCore::logLevelString):
+        * platform/win/LoggingWin.cpp:
+        (WebCore::logLevelString):
+        Utilize WTF::Environment where possible.
+
+2019-02-14  Chris Dumez  <cdumez@apple.com>
+
+        [PSON] Introduce a WebContent Process cache
+        https://bugs.webkit.org/show_bug.cgi?id=194594
+        <rdar://problem/46793397>
+
+        Reviewed by Geoff Garen.
+
+        Update localizable strings.
+
+        * en.lproj/Localizable.strings:
+
+2019-02-14  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r241486.
+        https://bugs.webkit.org/show_bug.cgi?id=194655
+
+        causing API failures in builds (Requested by ShawnRoberts on
+        #webkit).
+
+        Reverted changeset:
+
+        "[Cocoa] Media elements will restart network buffering just
+        before suspending"
+        https://bugs.webkit.org/show_bug.cgi?id=193691
+        https://trac.webkit.org/changeset/241486
+
+2019-02-13  Brian Burg  <bburg@apple.com>
+
+        Web Inspector: don't include accessibility role in DOM.Node object payloads
+        https://bugs.webkit.org/show_bug.cgi?id=194623
+        <rdar://problem/36384037>
+
+        Reviewed by Devin Rousso.
+
+        Accessibility properties are complicated to fetch at all the points where we want to build and push nodes immediately.
+        Turning on AX often indirectly causes style recalc and layout. This is bad because we are often building nodes in the
+        first place due to a DOM node tree update (i.e., NodeInserted).
+
+        It turns out that DOM.getAccessibilityPropertiesForNode is called every time we display
+        the computed role in the Elements Tab > Nodes Sidebar > Accessibility Section. So it is not
+        necessary to collect this information in a problematic way when initially pushing the node, as
+        it will be updated anyway.
+
+        No new tests, no change in behavior.
+
+        * inspector/agents/InspectorDOMAgent.cpp:
+        (WebCore::InspectorDOMAgent::buildObjectForNode):
+
+2019-02-14  Zalan Bujtas  <zalan@apple.com>
+
+        [LFC][BFC][MarginCollapse] Replaced boxes don't collapse through their margins
+        https://bugs.webkit.org/show_bug.cgi?id=194622
+
+        Reviewed by Antti Koivisto.
+
+        Ensure that block replaced boxes don't collapse through their vertical margins. 
+
+        Test: fast/block/block-only/block-replaced-with-vertical-margins.html
+
+        * layout/blockformatting/BlockMarginCollapse.cpp:
+        (WebCore::Layout::BlockFormattingContext::MarginCollapse::marginsCollapseThrough):
+        * page/FrameViewLayoutContext.cpp:
+        (WebCore::layoutUsingFormattingContext):
+
+2019-02-14  Zalan Bujtas  <zalan@apple.com>
+
+        [LFC] Shrink-to-fit-width should be constrained by min/max width
+        https://bugs.webkit.org/show_bug.cgi?id=194653
+
+        Reviewed by Antti Koivisto.
+
+        Use the fixed value of min-width/max-width to constrain the computed preferred width.
+
+        * layout/FormattingContext.h:
+        * layout/FormattingContextGeometry.cpp:
+        (WebCore::Layout::FormattingContext::Geometry::constrainByMinMaxWidth):
+        * layout/blockformatting/BlockFormattingContextGeometry.cpp:
+        (WebCore::Layout::BlockFormattingContext::Geometry::intrinsicWidthConstraints):
+        * layout/inlineformatting/InlineFormattingContext.cpp:
+        (WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthConstraints const):
+
+2019-02-13  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Crash in DOMTimer::fired
+        https://bugs.webkit.org/show_bug.cgi?id=194638
+
+        Reviewed by Brent Fulgham.
+
+        This patch continues the saga of hunting down timer related crashes after r239814, r225985, r227934.
+
+        The crash was caused by the bug that we don't remove a DOMTimer from NestedTimersMap if a DOMTimer
+        is created & installed inside another DOMTimer's callback (via execute call in DOMTimer::fired).
+
+        Fixed the crash by using a Ref in NestedTimersMap. This will keep the timer alive until we exit
+        from DOMTimer::fired. Because DOMTimer::fired always calls stopTracking() which clears the map
+        we would not leak these DOM timers.
+
+        We could, alternatively, use WeakPtr in NestedTimersMap but that would unnecessarily increase the
+        size of DOMTimer for a very marginal benefit of DOMTimer objcets being deleted slightly earlier.
+        Deleting itself in DOMTimer's destructor involves more logic & house keeping in the timer code,
+        and is no longer the preferred approach when dealing with these classes of bugs in WebKit.
+
+        Test: fast/dom/timer-destruction-during-firing.html
+
+        * page/DOMTimer.cpp:
+        (WebCore::NestedTimersMap::add):
+        (WebCore::DOMTimer::install):
+        (WebCore::DOMTimer::fired):
+
+2019-02-13  Joseph Pecoraro  <pecoraro@apple.com>
+
+        Web Inspector: Crash when inspecting an element that constantly changes visibility
+        https://bugs.webkit.org/show_bug.cgi?id=194632
+        <rdar://problem/48060258>
+
+        Reviewed by Matt Baker and Devin Rousso.
+
+        * inspector/agents/InspectorDOMAgent.h:
+        * inspector/agents/InspectorDOMAgent.cpp:
+        (WebCore::InspectorDOMAgent::processAccessibilityChildren):
+        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
+        Don't use rvalue-references as that was taking ownership and deleting
+        the object we want to keep around. Instead simplify this to just use
+        references so no ref counting changes happen.
+
+2019-02-13  Chris Fleizach  <cfleizach@apple.com>
+
+        AX: Crash in handleMenuOpen
+        https://bugs.webkit.org/show_bug.cgi?id=194627
+
+        Reviewed by Zalan Bujtas.
+
+        Tests run under libGuardMalloc will cause crashes.
+
+        This list of objects is a Node list, not an Element list, so we were
+        not removing some nodes when they were being deallocated.
+
+        * accessibility/AXObjectCache.cpp:
+        (WebCore::AXObjectCache::remove):
+
 2019-02-13  Jer Noble  <jer.noble@apple.com>
 
         [Mac] PiP window can get "stuck" if PiP is closed while Safari window is minimized.