Possible crash computing event regions
[WebKit-https.git] / Source / WebCore / ChangeLog
index 45096df..3cdf793 100644 (file)
+2018-01-06  Simon Fraser  <simon.fraser@apple.com>
+
+        Possible crash computing event regions
+        https://bugs.webkit.org/show_bug.cgi?id=181368
+        rdar://problem/34847081
+
+        Reviewed by Zalan Bujtas.
+
+        Don't trigger layout in Element::absoluteEventHandlerBounds(), since this can run arbirary script
+        which might delete elements or re-enter Document::absoluteRegionForEventTargets().
+
+        It's OK to not trigger layout, because if layout is dirty, the next layout will update event regions again.
+
+        Add a LayoutDisallowedScope to check that Document::absoluteRegionForEventTargets() doesn't
+        trigger layout, and move the check for LayoutDisallowedScope::isLayoutAllowed() from Document::updateLayout()
+        to LayoutContext::layout(), since some layouts don't happen via the former (e.g. the one being removed here).
+
+        The test checks that the assertion does not fire. I was not able to get a reliable test for any crash.
+
+        Test: fast/events/event-handler-regions-layout.html
+
+        * dom/Document.cpp:
+        (WebCore::Document::updateLayout):
+        (WebCore::Document::absoluteRegionForEventTargets):
+        * dom/Element.cpp:
+        (WebCore::Element::absoluteEventHandlerBounds):
+        * page/LayoutContext.cpp:
+        (WebCore::LayoutContext::layout):
+        * rendering/LayoutDisallowedScope.h: Move the #ifdefs around to avoid defining the enum twice.
+        (WebCore::LayoutDisallowedScope::LayoutDisallowedScope):
+        (WebCore::LayoutDisallowedScope::isLayoutAllowed):
+
+2018-01-06  Simon Fraser  <simon.fraser@apple.com>
+
+        Crash under RenderLayer::scrollTo() with marquee
+        https://bugs.webkit.org/show_bug.cgi?id=181349
+        rdar://problem/36190168
+
+        Reviewed by Zalan Bujtas.
+
+        Don't call updateWidgetPositions() synchonously during RenderLayer scrolling, because it
+        can run arbitrary script which may trigger destruction of this RenderLayer.
+
+        Instead, queue up updateWidgetPositions() on a zero-delay timer.
+
+        Under some circumstances this may allow a paint to occur before the widgets have been
+        updated (which could be fixed with a more invasive change), but in practice I saw no
+        painting issues with plug-ins or iframes inside overflow scroll, in WebKit or LegacyWebKit.
+
+        Test: fast/scrolling/marquee-scroll-crash.html
+
+        * page/FrameView.cpp:
+        (WebCore::FrameView::FrameView):
+        (WebCore::FrameView::updateWidgetPositions):
+        (WebCore::FrameView::scheduleUpdateWidgetPositions):
+        (WebCore::FrameView::updateWidgetPositionsTimerFired):
+        * page/FrameView.h:
+        * rendering/RenderLayer.cpp:
+        (WebCore::RenderLayer::scrollTo):
+
+2018-01-05  Dean Jackson  <dino@apple.com>
+
+        Accurately clip copyTexImage2D and copyTexSubImage2D
+        https://bugs.webkit.org/show_bug.cgi?id=181356
+        <rdar://problem/35083877>
+
+        Reviewed by Eric Carlson.
+
+        The code to make sure copyTexSubImage2D and copyTexImage2D will not try to read
+        out of bounds had a bad bug introduced here:
+        https://bugs.webkit.org/show_bug.cgi?id=51421
+
+        With appropriate parameters, it would produce a rectangle with
+        negative dimensions. Most GL drivers just ignored this, but some
+        are not happy.
+
+        Test: fast/canvas/webgl/copy-tex-image-and-sub-image-2d-bad-input.html
+
+        * html/canvas/WebGLRenderingContextBase.cpp:
+        (WebCore::clip2D): Reimplement this in a more sane manner, and use
+        checked arithmetic while here.
+        * html/canvas/WebGLRenderingContextBase.h:
+        (WebCore::clip1D): Deleted.
+        (WebCore::clip2D): Deleted.
+
+2018-01-06  Antti Koivisto  <antti@apple.com>
+
+        Use WeakPtr for RenderTreePosition::m_nextSibling
+        https://bugs.webkit.org/show_bug.cgi?id=181363
+
+        Reviewed by Zalan Bujtas.
+
+        For safety. In most cases it is null and won't cause us to instantiate WeakReferences for
+        many new objects.
+
+        * rendering/updating/RenderTreePosition.cpp:
+        (WebCore::RenderTreePosition::computeNextSibling):
+        * rendering/updating/RenderTreePosition.h:
+        (WebCore::RenderTreePosition::RenderTreePosition):
+        (WebCore::RenderTreePosition::nextSibling const):
+
+2018-01-05  David Kilzer  <ddkilzer@apple.com>
+
+        Re-enable -Wcast-qual in WebCore for Apple ports
+        <https://webkit.org/b/177895>
+        <rdar://problem/34960830>
+
+        Reviewed by Joseph Pecoraro.
+
+        * Configurations/Base.xcconfig:
+        (WARNING_CFLAGS): Remove FIXME and add -Wcast-qual back to
+        arguments.
+
+        * crypto/mac/SerializedCryptoKeyWrapMac.mm:
+        (WebCore::createAndStoreMasterKey):
+        - Use checked_cf_cast<SecACLRef>().
+
+        * editing/cocoa/DataDetection.mm:
+        (WebCore::detectItemAtPositionWithRange):
+        - Manually cast CFTypeRef to DDResultRef until
+          DDResultGetTypeID() is available as SPI.
+
+        * platform/gamepad/mac/HIDGamepad.cpp:
+        (WebCore::HIDGamepad::initElementsFromArray):
+        - Use checked_cf_cast<IOHIDElementRef>().
+
+        * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm:
+        (WebCore::MediaSampleAVFObjC::createImageSample):
+        (WebCore::CMSampleBufferIsRandomAccess):
+        (WebCore::CMSampleBufferIsNonDisplaying):
+        (WebCore::MediaSampleAVFObjC::createNonDisplayingCopy const):
+        - Use checked_cf_cast<CFMutableDictionaryRef>() and
+          checked_cf_cast<CFDictionaryRef>().
+
+        * platform/graphics/cocoa/IOSurface.h:
+        (WebCore::IOSurface::asLayerContents):
+        - Use reinterpret_cast<id>() to cast from IOSurfaceRef to id.
+
+        * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
+        (WebCore::WebCoreDecompressionSession::getFirstVideoFrame):
+        (WebCore::WebCoreDecompressionSession::automaticDequeue):
+        (WebCore::WebCoreDecompressionSession::imageForTime):
+        (WebCore::WebCoreDecompressionSession::getDecodeTime):
+        (WebCore::WebCoreDecompressionSession::getPresentationTime):
+        (WebCore::WebCoreDecompressionSession::getDuration):
+        - Use checked_cf_cast<CMSampleBufferRef>().
+
+        * platform/graphics/Font.h:
+        (WebCore::Font::m_kernedCFStringAttributes):
+        (WebCore::Font::m_nonKernedCFStringAttributes):
+        - Change type from RetainPtr<CFDictionaryRef> to
+          RetainPtr<CFMutableDictionaryRef> since that's what they are.
+        * platform/graphics/mac/SimpleFontDataCoreText.cpp:
+        (WebCore::Font::getCFStringAttributes const):
+        - Replace local `mutableAttributes` variable with
+          `attributesDictionary.get()` since it returns the correct type
+          now.
+
+        * platform/ios/wak/WAKView.mm:
+        (-[WAKView _initWithViewRef:]):
+        (_WAKCopyWrapper):
+        * platform/ios/wak/WKView.mm:
+        (_WKViewClearSuperview):
+        (WKViewFirstChild):
+        (WKViewNextSibling):
+        - Use static_cast<WKViewRef>(const_cast<void*>()) to convert
+          const void* variable to WKViewRef.
+
+        * platform/mac/PasteboardMac.mm:
+        (WebCore::flipImageSpec):
+        (WebCore::setDragImageImpl):
+        - Use const_cast<> to remove 'const' modifier from
+          unsigned char pointers.  This regressed while -Wcast-qual was
+          disabled for WebCore.
+
+        * platform/mac/SSLKeyGeneratorMac.mm:
+        (WebCore::signedPublicKeyAndChallengeString):
+        - Use checked_cf_cast<SecACLRef>().
+
+        * platform/mediastream/mac/RealtimeIncomingVideoSourceCocoa.cpp:
+        (WebCore::RealtimeIncomingVideoSourceCocoa::OnFrame):
+        - Use checked_cf_cast<CFMutableDictionaryRef>().
+
+        * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
+        (WebCore::copyCONNECTProxyResponse):
+        - Use checked_cf_cast<CFHTTPMessageRef>().
+
+        * platform/network/cocoa/ResourceResponseCocoa.mm:
+        (WebCore::ResourceResponse::platformCertificateInfo const):
+        - Use checked_cf_cast<SecTrustRef>().
+
+        * platform/network/mac/CertificateInfoMac.mm:
+        (WebCore::CertificateInfo::containsNonRootSHA1SignedCertificate const):
+        (WebCore::CertificateInfo::dump const):
+        - Use checked_cf_cast<SecCertificateRef>().
+
+        * testing/cocoa/WebArchiveDumpSupport.mm:
+        (WebCoreTestSupport::createCFURLResponseFromResponseData):
+        - Use checked_cf_cast<>() for CFMutable* types.
+
+2018-01-05  John Wilander  <wilander@apple.com>
+
+        Storage Access API: Refactor to make naming accurate and explicit, simplify access table, and prepare for access removal for page
+        https://bugs.webkit.org/show_bug.cgi?id=181357
+        <rdar://problem/36331031>
+
+        Reviewed by Alex Christensen.
+
+        No new tests. The only changed functionality that isn't covered
+        by existing tests is cross-origin iframes in the same partition
+        should be handled as already having access. This cannot be
+        tested in layout tests since they don't support subdomains.
+
+        This change does the following:
+        - Changes function and message names to reflect how this feature
+          was eventually implemented, i.e. access per frame.
+        - Makes it explicit that the UI process is only involved in
+          granting storage access and not removing storage access.
+          The latter is done directly by the web process.
+        - Simplifies the network process' entry map since only needs to
+          be able to give access to one domain in one frame at a time.
+          Access goes away on frame navigation so there can only be one
+          domain at a time per frame. Also, the map now uses pageIDs as
+          main keys to prepare for efficient access removal for all
+          frames under a page.
+        - Fixes a bug in so that a cross-origin iframe with the same
+          partition as the top frame correctly is handled as already
+          having access.
+
+        * platform/network/NetworkStorageSession.h:
+        * platform/network/cf/NetworkStorageSessionCFNet.cpp:
+        (WebCore::NetworkStorageSession::cookieStoragePartition const):
+            The only change here is the changed named of the call to
+            NetworkStorageSession::hasStorageAccessForFrame().
+        (WebCore::NetworkStorageSession::hasStorageAccessForFrame const):
+        (WebCore::NetworkStorageSession::grantStorageAccessForFrame):
+        (WebCore::NetworkStorageSession::removeStorageAccessForFrame):
+        (WebCore::NetworkStorageSession::isStorageAccessGranted const): Deleted.
+        (WebCore::NetworkStorageSession::setStorageAccessGranted): Deleted.
+        (WebCore::NetworkStorageSession::removeStorageAccess): Deleted.
+
+2018-01-05  Youenn Fablet  <youenn@apple.com>
+
+        Implement Cache API partitioning based on ClientOrigin
+        https://bugs.webkit.org/show_bug.cgi?id=181240
+
+        Reviewed by Alex Christensen.
+
+        Covered by updated tests.
+
+        Previously, cache storage was partitioned according the origin of the client, represented as a String.
+        We now partition according both client and top origins, represented as a ClientOrigin
+
+        Minor refactoring to use more makePendingActivity.
+        Added support for IPC serialization of ClientOrigin.
+        Added SecurityOriginData::toString which is used by WebKit2 Cache Storage implementation.
+
+        * Modules/cache/CacheStorageConnection.cpp:
+        (WebCore::CacheStorageConnection::open):
+        (WebCore::CacheStorageConnection::retrieveCaches):
+        * Modules/cache/CacheStorageConnection.h:
+        (WebCore::CacheStorageConnection::clearMemoryRepresentation):
+        (WebCore::CacheStorageConnection::doOpen):
+        (WebCore::CacheStorageConnection::doRetrieveCaches):
+        * Modules/cache/DOMCacheStorage.cpp:
+        (WebCore::DOMCacheStorage::origin const):
+        (WebCore::DOMCacheStorage::retrieveCaches):
+        (WebCore::DOMCacheStorage::open):
+        (WebCore::DOMCacheStorage::remove):
+        * Modules/cache/DOMCacheStorage.h:
+        * Modules/cache/WorkerCacheStorageConnection.cpp:
+        (WebCore::WorkerCacheStorageConnection::doOpen):
+        (WebCore::WorkerCacheStorageConnection::doRetrieveCaches):
+        * Modules/cache/WorkerCacheStorageConnection.h:
+        * page/ClientOrigin.h:
+        (WebCore::ClientOrigin::isolatedCopy const):
+        (WebCore::ClientOrigin::encode const):
+        (WebCore::ClientOrigin::decode):
+        * page/SecurityOriginData.cpp:
+        (WebCore::SecurityOriginData::toString const):
+        (WebCore::SecurityOriginData::debugString const): Deleted.
+        * page/SecurityOriginData.h:
+        (WebCore::SecurityOriginData::debugString const):
+        * testing/Internals.cpp:
+        (WebCore::Internals::clearCacheStorageMemoryRepresentation):
+
+2018-01-05  Wenson Hsieh  <wenson_hsieh@apple.com>
+
+        [Attachment Support] Add a way to write blob data to a file URL from the UI process
+        https://bugs.webkit.org/show_bug.cgi?id=181236
+
+        Reviewed by Brady Eidson.
+
+        Add support for writing a blob to a designated file path. See comments below for more detail. No new tests, as
+        there change in behavior yet. See part 2: https://bugs.webkit.org/show_bug.cgi?id=181199.
+
+        * page/DragController.cpp:
+        (WebCore::DragController::dragAttachmentElement):
+        * platform/PromisedBlobInfo.h:
+
+        Remove PromisedBlobData entirely. This was added with the premise of having the web process deliver blob data to
+        the UI process. However, the new approach I'm taking just has the UI process tell the network process to write
+        a blob to a given location, so a data structure to deliver blob data over IPC is no longer necessary.
+
+        (WebCore::PromisedBlobData::hasData const): Deleted.
+        (WebCore::PromisedBlobData::hasFile const): Deleted.
+        (WebCore::PromisedBlobData::operator bool const): Deleted.
+        (WebCore::PromisedBlobData::fulfills const): Deleted.
+        * platform/network/BlobRegistryImpl.cpp:
+        (WebCore::BlobRegistryImpl::populateBlobsForFileWriting):
+
+        Introduce a new helper to build a list of blob data for file writing.
+
+        (WebCore::writeFilePathsOrDataBuffersToFile):
+
+        Introduce a new static helper to write blob data (a list of file paths and data buffers) to a given file handle.
+        Automatically closes the given file handle upon exit.
+
+        (WebCore::BlobRegistryImpl::writeBlobsToTemporaryFiles):
+        (WebCore::BlobRegistryImpl::writeBlobToFilePath):
+
+        Pull out common logic in writeBlobsToTemporaryFiles and writeBlobToFilePath into helper methods (see above), and
+        refactor both methods to use the helpers.
+
+        * platform/network/BlobRegistryImpl.h:
+
+2018-01-05  Alex Christensen  <achristensen@webkit.org>
+
+        Forbid < and > in URL hosts
+        https://bugs.webkit.org/show_bug.cgi?id=181308
+        <rdar://problem/36012757>
+
+        Reviewed by Tim Horton.
+
+        https://url.spec.whatwg.org/#forbidden-host-code-point does not include these characters yet, but I think it should.
+        Firefox fails to parse URLs with < or > in the host.  Chrome percent encodes them.  Safari needs to do something.
+        The web platform tests are unclear on this case, and they will need to be updated with the specification.
+        They do show a change in behavior, though.
+
+        * platform/URLParser.cpp:
+        Add < and > to the list of forbidden host code points.
+
+2018-01-05  Eric Carlson  <eric.carlson@apple.com>
+
+        [MediaStream] Add Mac screen capture source
+        https://bugs.webkit.org/show_bug.cgi?id=181333
+        <rdar://problem/36323219>
+
+        Reviewed by Dean Jackson.
+
+        * SourcesCocoa.txt: Add ScreenDisplayCaptureSourceMac.mm.
+
+        * WebCore.xcodeproj/project.pbxproj: Ditto.
+
+        * platform/cocoa/CoreVideoSoftLink.cpp: Declare new constants used.
+        * platform/cocoa/CoreVideoSoftLink.h:
+
+        * platform/mediastream/mac/DisplayCaptureManagerCocoa.cpp:
+        (WebCore::displayReconfigurationCallBack): Call refreshCaptureDevices.
+        (WebCore::DisplayCaptureManagerCocoa::~DisplayCaptureManagerCocoa): Unregister for display
+        reconfiguration callbacks.
+        (WebCore::DisplayCaptureManagerCocoa::captureDevices): Register for display reconfigrations.
+        (WebCore::DisplayCaptureManagerCocoa::refreshCaptureDevices): Use CGActiveDisplayList to
+        get list of active screens.
+        (WebCore::DisplayCaptureManagerCocoa::screenCaptureDeviceWithPersistentID): Validate screen
+        ID, return CaptureDevice.
+        * platform/mediastream/mac/DisplayCaptureManagerCocoa.h:
+
+        * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
+        (WebCore::VideoCaptureSourceFactoryMac::createVideoCaptureSource): Deal with screen capture
+        on macOS.
+
+        Implement Mac screen capture with CGDisplayStream.
+        * platform/mediastream/mac/ScreenDisplayCaptureSourceMac.h: Added.
+        (WebCore::ScreenDisplayCaptureSourceMac::DisplaySurface::~DisplaySurface):
+        (WebCore::ScreenDisplayCaptureSourceMac::DisplaySurface::operator=):
+        (WebCore::ScreenDisplayCaptureSourceMac::DisplaySurface::ioSurface const):
+        * platform/mediastream/mac/ScreenDisplayCaptureSourceMac.mm: Added.
+        (WebCore::roundUpToMacroblockMultiple):
+        (WebCore::ScreenDisplayCaptureSourceMac::updateDisplayID):
+        (WebCore::ScreenDisplayCaptureSourceMac::create):
+        (WebCore::ScreenDisplayCaptureSourceMac::ScreenDisplayCaptureSourceMac):
+        (WebCore::ScreenDisplayCaptureSourceMac::~ScreenDisplayCaptureSourceMac):
+        (WebCore::ScreenDisplayCaptureSourceMac::createDisplayStream):
+        (WebCore::ScreenDisplayCaptureSourceMac::startProducingData):
+        (WebCore::ScreenDisplayCaptureSourceMac::stopProducingData):
+        (WebCore::ScreenDisplayCaptureSourceMac::sampleBufferFromPixelBuffer):
+        (WebCore::ScreenDisplayCaptureSourceMac::pixelBufferFromIOSurface):
+        (WebCore::ScreenDisplayCaptureSourceMac::generateFrame):
+        (WebCore::ScreenDisplayCaptureSourceMac::startDisplayStream):
+        (WebCore::ScreenDisplayCaptureSourceMac::applySize):
+        (WebCore::ScreenDisplayCaptureSourceMac::applyFrameRate):
+        (WebCore::ScreenDisplayCaptureSourceMac::commitConfiguration):
+        (WebCore::ScreenDisplayCaptureSourceMac::displayWasReconfigured):
+        (WebCore::ScreenDisplayCaptureSourceMac::displayReconfigurationCallBack):
+        (WebCore::ScreenDisplayCaptureSourceMac::frameAvailable):
+
+2018-01-05  Don Olmstead  <don.olmstead@sony.com>
+
+        [curl] Can't load file:// URL with a URL fragment identifier
+        https://bugs.webkit.org/show_bug.cgi?id=181170
+
+        Reviewed by Alex Christensen.
+
+        No new tests. No change in behavior.
+
+        * platform/network/curl/CurlRequest.cpp:
+        (WebCore::CurlRequest::invokeDidReceiveResponseForFile):
+
+2018-01-05  Don Olmstead  <don.olmstead@sony.com>
+
+        TextCodec uses std::array but does not include it
+        https://bugs.webkit.org/show_bug.cgi?id=181340
+
+        Reviewed by Alex Christensen.
+
+        No new tests. No change in behavior.
+
+        * platform/text/TextCodec.h:
+
+2018-01-05  Said Abou-Hallawa  <sabouhallawa@apple.com>
+
+        SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded() should do nothing if the property is not animating
+        https://bugs.webkit.org/show_bug.cgi?id=181316
+        <rdar://problem/36147545>
+
+        Reviewed by Simon Fraser.
+
+        This is a speculative change to fix a crash which appeared after r226065.
+        The crash is very intermittent and sometimes very hard to reproduce. The
+        basic code analysis did not show how this crash can even happen.
+
+        * svg/SVGAnimatedTypeAnimator.h:
+        (WebCore::SVGAnimatedTypeAnimator::resetFromBaseValues): For SVG property
+        with two values, e.g. <SVGAngleValue, SVGMarkerOrientType>,  we need to
+        detach the wrappers of the animated property if the animated values are
+        going to change. This is similar to what we did in resetFromBaseValue().
+
+        * svg/properties/SVGAnimatedListPropertyTearOff.h:
+        (WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
+
+2018-01-05  Matt Lewis  <jlewis3@apple.com>
+
+        Unreviewed, rolling out r226401.
+
+        This caused timeouts on multiple platforms.
+
+        Reverted changeset:
+
+        "Implement Cache API partitioning based on ClientOrigin"
+        https://bugs.webkit.org/show_bug.cgi?id=181240
+        https://trac.webkit.org/changeset/226401
+
+2018-01-05  Dan Bernstein  <mitz@apple.com>
+
+        Fixed the build following AppKit API deprecations in a recent SDKs
+
+        * platform/mac/PasteboardMac.mm:
+        (WebCore::setDragImageImpl): Suppressed deprecation warnings.
+        * platform/mac/WidgetMac.mm:
+        (WebCore::Widget::paint): Ditto.
+
+2018-01-05  Joseph Pecoraro  <pecoraro@apple.com>
+
+        ServiceWorkers: Enable UserTiming / ResourceTiming
+        https://bugs.webkit.org/show_bug.cgi?id=181297
+        <rdar://problem/36307306>
+
+        Reviewed by Youenn Fablet.
+
+        Tests: http/tests/workers/service/service-worker-resource-timing.https.html
+               http/tests/workers/service/service-worker-user-timing.https.html
+
+        * loader/ResourceTiming.cpp:
+        (WebCore::ResourceTiming::ResourceTiming):
+        We used to clear extra NetworkLoadMetrics data early on. However,
+        for Workers we want to pass the complete NetworkLoadMetrics to
+        the Worker so that a Worker inspector has access to it.
+
+        * page/PerformanceResourceTiming.cpp:
+        (WebCore::PerformanceResourceTiming::PerformanceResourceTiming):
+        Instead move the clearing of extra data to here, when the NetworkLoadMetrics
+        have finally settled into being used only for a performance entry.
+
+2018-01-04  Philippe Normand  <pnormand@igalia.com>
+
+        [EME][GStreamer] Fix wrong ifdef
+        https://bugs.webkit.org/show_bug.cgi?id=181289
+
+        Reviewed by Alex Christensen.
+
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
+        (WebCore::MediaPlayerPrivateGStreamer::handleMessage): Remove the
+        ENCRYPTED_MEDIA ifdef from the VIDEO_TRACK ifdef block. Both have
+        nothing to do together.
+
+2018-01-05  Fujii Hironori  <Hironori.Fujii@sony.com>
+
+        [Cairo] Canvas: Path::clear should clear its transform
+        https://bugs.webkit.org/show_bug.cgi?id=181320
+
+        Reviewed by Carlos Garcia Campos.
+
+        Path of Cairo port has its cairo context. Path::clear() didn't
+        clear the transform matrix of the context.
+
+        Test: fast/canvas/reset-scaling-by-height-change.html
+
+        * platform/graphics/cairo/PathCairo.cpp:
+        (WebCore::Path::clear): Reset the transform matrix of Path.
+
+2018-01-04  Devin Rousso  <webkit@devinrousso.com>
+
+        Web Inspector: replace HTMLCanvasElement with CanvasRenderingContext for instrumentation logic
+        https://bugs.webkit.org/show_bug.cgi?id=180770
+
+        Reviewed by Joseph Pecoraro.
+
+        No change in functionality.
+
+        * html/HTMLCanvasElement.h:
+        * html/HTMLCanvasElement.cpp:
+        (WebCore::HTMLCanvasElement::createContext2d):
+        (WebCore::HTMLCanvasElement::createContextWebGL):
+        (WebCore::HTMLCanvasElement::createContextWebGPU):
+        (WebCore::HTMLCanvasElement::createContextBitmapRenderer):
+        (WebCore::HTMLCanvasElement::reset):
+        (WebCore::HTMLCanvasElement::paint):
+        (WebCore::HTMLCanvasElement::setImageBuffer const):
+        (WebCore::HTMLCanvasElement::addObserver): Deleted.
+        (WebCore::HTMLCanvasElement::removeObserver): Deleted.
+        (WebCore::HTMLCanvasElement::cssCanvasClients): Deleted.
+        (WebCore::HTMLCanvasElement::notifyObserversCanvasChanged): Deleted.
+        * html/OffscreenCanvas.h:
+        * html/canvas/CanvasRenderingContext.h:
+        * html/canvas/CanvasRenderingContext.cpp:
+        * html/canvas/CanvasRenderingContext2D.h:
+        * html/canvas/CanvasRenderingContext2D.cpp:
+        (WebCore::CanvasRenderingContext2D::create):
+        * html/canvas/CanvasRenderingContext2DBase.h:
+        * html/canvas/ImageBitmapRenderingContext.h:
+        * html/canvas/ImageBitmapRenderingContext.cpp:
+        (WebCore::ImageBitmapRenderingContext::create):
+        * html/canvas/WebGL2RenderingContext.h:
+        * html/canvas/WebGL2RenderingContext.cpp:
+        (WebCore::WebGL2RenderingContext::create):
+        * html/canvas/WebGLRenderingContext.h:
+        * html/canvas/WebGLRenderingContext.cpp:
+        (WebCore::WebGLRenderingContext::create):
+        * html/canvas/WebGLRenderingContextBase.h:
+        * html/canvas/WebGLRenderingContextBase.cpp:
+        (WebCore::WebGLRenderingContextBase::create):
+        * html/canvas/WebGPURenderingContext.cpp:
+        (WebCore::WebGPURenderingContext::create):
+        Instead of adding didCreateCanvasRenderingContext calls at the construction sites of each
+        context, we can make the constructors private and force the usage of static `create` functions.
+        This way, we have access to the fully constructed object and have a guaranteed path for creation.
+
+        * html/CanvasBase.h:
+        * html/CanvasBase.cpp:
+        (WebCore::CanvasBase::~CanvasBase):
+        (WebCore::CanvasBase::renderingContext const):
+        (WebCore::CanvasBase::addObserver):
+        (WebCore::CanvasBase::removeObserver):
+        (WebCore::CanvasBase::notifyObserversCanvasChanged):
+        (WebCore::CanvasBase::notifyObserversCanvasResized):
+        (WebCore::CanvasBase::notifyObserversCanvasDestroyed):
+        (WebCore::CanvasBase::cssCanvasClients const):
+        * Modules/mediastream/CanvasCaptureMediaStreamTrack.h:
+        * Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp:
+        (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasDestroyed):
+        (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasResized):
+        (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasChanged):
+        * css/CSSCanvasValue.h:
+        Move the CanvasObserver class to CanvasBase so that it can also be used for OffscreenCanvas.
+
+        * inspector/InspectorInstrumentation.h:
+        (WebCore::InspectorInstrumentation::didChangeCSSCanvasClientNodes):
+        (WebCore::InspectorInstrumentation::didCreateCanvasRenderingContext):
+        (WebCore::InspectorInstrumentation::didChangeCanvasMemory):
+        (WebCore::InspectorInstrumentation::recordCanvasAction):
+        (WebCore::InspectorInstrumentation::didFinishRecordingCanvasFrame):
+        (WebCore::InspectorInstrumentation::didEnableExtension):
+        (WebCore::InspectorInstrumentation::didCreateProgram):
+        (WebCore::InspectorInstrumentation::willDeleteProgram):
+        (WebCore::InspectorInstrumentation::isShaderProgramDisabled):
+        (WebCore::InspectorInstrumentation::consoleStartRecordingCanvas):
+        (WebCore::InspectorInstrumentation::didCreateCSSCanvas): Deleted.
+        * inspector/InspectorInstrumentation.cpp:
+        (WebCore::InspectorInstrumentation::consoleStartRecordingCanvasImpl):
+        (WebCore::InspectorInstrumentation::didChangeCSSCanvasClientNodesImpl):
+        (WebCore::InspectorInstrumentation::didCreateCanvasRenderingContextImpl):
+        (WebCore::InspectorInstrumentation::didChangeCanvasMemoryImpl):
+        (WebCore::InspectorInstrumentation::didFinishRecordingCanvasFrameImpl):
+        (WebCore::InspectorInstrumentation::didEnableExtensionImpl):
+        (WebCore::InspectorInstrumentation::didCreateProgramImpl):
+        (WebCore::InspectorInstrumentation::didCreateCSSCanvasImpl): Deleted.
+
+        * inspector/agents/InspectorCanvasAgent.h:
+        * inspector/agents/InspectorCanvasAgent.cpp:
+        (WebCore::InspectorCanvasAgent::enable):
+        (WebCore::InspectorCanvasAgent::requestNode):
+        (WebCore::InspectorCanvasAgent::requestContent):
+        (WebCore::InspectorCanvasAgent::requestCSSCanvasClientNodes):
+        (WebCore::contextAsScriptValue):
+        (WebCore::InspectorCanvasAgent::resolveCanvasContext):
+        (WebCore::InspectorCanvasAgent::startRecording):
+        (WebCore::InspectorCanvasAgent::stopRecording):
+        (WebCore::InspectorCanvasAgent::updateShader):
+        (WebCore::InspectorCanvasAgent::frameNavigated):
+        (WebCore::InspectorCanvasAgent::didChangeCSSCanvasClientNodes):
+        (WebCore::InspectorCanvasAgent::didCreateCanvasRenderingContext):
+        (WebCore::InspectorCanvasAgent::didChangeCanvasMemory):
+        (WebCore::InspectorCanvasAgent::recordCanvasAction):
+        (WebCore::InspectorCanvasAgent::canvasDestroyed):
+        (WebCore::InspectorCanvasAgent::didFinishRecordingCanvasFrame):
+        (WebCore::InspectorCanvasAgent::consoleStartRecordingCanvas):
+        (WebCore::InspectorCanvasAgent::didEnableExtension):
+        (WebCore::InspectorCanvasAgent::didCreateProgram):
+        (WebCore::InspectorCanvasAgent::canvasRecordingTimerFired):
+        (WebCore::InspectorCanvasAgent::clearCanvasData):
+        (WebCore::InspectorCanvasAgent::unbindCanvas):
+        (WebCore::InspectorCanvasAgent::findInspectorCanvas):
+        (WebCore::InspectorCanvasAgent::unbindProgram):
+        (WebCore::InspectorCanvasAgent::didCreateCSSCanvas): Deleted.
+
+        * inspector/InspectorCanvas.h:
+        * inspector/InspectorCanvas.cpp:
+        (WebCore::InspectorCanvas::create):
+        (WebCore::InspectorCanvas::InspectorCanvas):
+        (WebCore::InspectorCanvas::canvasElement):
+        (WebCore::InspectorCanvas::resetRecordingData):
+        (WebCore::InspectorCanvas::recordAction):
+        (WebCore::InspectorCanvas::buildObjectForCanvas):
+        (WebCore::InspectorCanvas::getCanvasContentAsDataURL):
+        (WebCore::InspectorCanvas::buildInitialState):
+        (WebCore::InspectorCanvas::~InspectorCanvas): Deleted.
+
+        * inspector/InspectorShaderProgram.h:
+        * inspector/InspectorShaderProgram.cpp:
+        (WebCore::InspectorShaderProgram::context const):
+
+        * page/PageConsoleClient.cpp:
+        (WebCore::PageConsoleClient::record):
+        (WebCore::PageConsoleClient::recordEnd):
+
+        * dom/Document.h:
+        * dom/Document.cpp:
+        (WebCore::Document::getCSSCanvasElement):
+        (WebCore::Document::nameForCSSCanvasElement const):
+        We have no reason to save the CSS canvas name for each InspectorCanvas object, so instead we
+        can just query for the name based on the CanvasRenderingContext's HTMLCanvasElement (assuming
+        it is not an OffscreenCanvas) when we need it.
+
+2018-01-04  Chris Fleizach  <cfleizach@apple.com>
+
+        AX: Implement updated CSS3 Speech for 'speak' and 'speak-as' properties
+        https://bugs.webkit.org/show_bug.cgi?id=180361
+
+        Reviewed by Zalan Bujtas.
+
+        Change speak -> speakAs, and allow a combination of properties.
+
+        Tests: Updated accessibility/mac/css-speech-speak.html
+
+        * accessibility/AccessibilityObject.h:
+        (WebCore::AccessibilityObject::speakAsProperty const):
+        (WebCore::AccessibilityObject::speakProperty const): Deleted.
+        * accessibility/AccessibilityRenderObject.cpp:
+        (WebCore::AccessibilityRenderObject::speakAsProperty const):
+        (WebCore::AccessibilityRenderObject::speakProperty const): Deleted.
+        * accessibility/AccessibilityRenderObject.h:
+        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
+        (-[WebAccessibilityObjectWrapper accessibilitySpeechHint]):
+        * accessibility/mac/WebAccessibilityObjectWrapperBase.h:
+        * accessibility/mac/WebAccessibilityObjectWrapperBase.mm:
+        (-[WebAccessibilityObjectWrapperBase baseAccessibilitySpeechHint]):
+        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
+        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):
+        * css/CSSComputedStyleDeclaration.cpp:
+        (WebCore::speakAsToCSSValue):
+        (WebCore::ComputedStyleExtractor::propertyValue):
+        * css/CSSPrimitiveValueMappings.h:
+        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
+        (WebCore::CSSPrimitiveValue::operator ESpeakAs const):
+        (WebCore::CSSPrimitiveValue::operator ESpeak const): Deleted.
+        * css/CSSProperties.json:
+        * css/StyleBuilderConverter.h:
+        (WebCore::StyleBuilderConverter::convertSpeakAs):
+        * css/parser/CSSParserFastPaths.cpp:
+        (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):
+        (WebCore::CSSParserFastPaths::isKeywordPropertyID):
+        * css/parser/CSSPropertyParser.cpp:
+        (WebCore::consumeSpeakAs):
+        (WebCore::CSSPropertyParser::parseSingleValue):
+        * rendering/style/RenderStyle.h:
+        (WebCore::RenderStyle::speakAs const):
+        (WebCore::RenderStyle::setSpeakAs):
+        (WebCore::RenderStyle::initialSpeakAs):
+        (WebCore::RenderStyle::speak const): Deleted.
+        (WebCore::RenderStyle::setSpeak): Deleted.
+        (WebCore::RenderStyle::initialSpeak): Deleted.
+        * rendering/style/RenderStyleConstants.h:
+        (WebCore::operator| ):
+        (WebCore::operator|= ):
+        * rendering/style/StyleRareInheritedData.cpp:
+        (WebCore::StyleRareInheritedData::StyleRareInheritedData):
+        (WebCore::StyleRareInheritedData::operator== const):
+        * rendering/style/StyleRareInheritedData.h:
+
+2018-01-04  Brian Burg  <bburg@apple.com>
+
+        Web Inspector: Capture Element Screenshot looks fuzzy
+        https://bugs.webkit.org/show_bug.cgi?id=175734
+        <rdar://problem/33803377>
+
+        Reviewed by Joseph Pecoraro and Simon Fraser.
+
+        Screenshots taken by Web Inspector were being downscaled from the
+        internal size to the logical size, causing them to be blurry when
+        later upscaled to the internal size.
+
+        Replace ScaleBehavior { Scaled, Unscaled } with PreserveResolution { No, Yes }.
+        This is a lot less confusing to read both inside ImageBuffer and at its use sites.
+
+        Remove unused CoordinateSystem argument for ImageBuffer::toDataURL,
+        and replace it with PreserveResolution. Plumb PreserveResolution into toCFData
+        so that PreserveResolution::Yes will preserve the internal size of
+        the image buffer, just as it does in other methods that take PreserveResolution.
+
+        At the use site in InspectorPageAgent, always request PreserveResolution::Yes snapshots
+        when taking an element screenshot. For now, keep using downscaled (smaller)
+        snapshots when capturing canvas previews, as the previews are not full-size.
+
+        Test: inspector/page/hidpi-snapshot-size.html
+
+        * html/HTMLCanvasElement.cpp:
+        (WebCore::HTMLCanvasElement::makePresentationCopy):
+        (WebCore::HTMLCanvasElement::copiedImage const):
+        * html/canvas/CanvasRenderingContext2DBase.cpp:
+        (WebCore::CanvasRenderingContext2DBase::createPattern):
+        * inspector/agents/InspectorPageAgent.cpp:
+        (WebCore::InspectorPageAgent::snapshotNode):
+        (WebCore::InspectorPageAgent::snapshotRect):
+        * page/TextIndicator.cpp:
+        (WebCore::takeSnapshot):
+        * platform/DragImage.cpp:
+        (WebCore::createDragImageFromSnapshot):
+        * platform/graphics/BitmapImage.cpp:
+        (WebCore::BitmapImage::drawPattern):
+        * platform/graphics/ImageBuffer.h:
+        * platform/graphics/cairo/ImageBufferCairo.cpp:
+        (WebCore::ImageBuffer::sinkIntoImage):
+        (WebCore::ImageBuffer::copyImage const):
+        (WebCore::ImageBuffer::toDataURL const):
+        * platform/graphics/cg/ImageBufferCG.cpp:
+        (WebCore::createBitmapImageAfterScalingIfNeeded):
+        (WebCore::ImageBuffer::copyImage const):
+        (WebCore::ImageBuffer::sinkIntoImage):
+        (WebCore::ImageBuffer::toDataURL const):
+        (WebCore::ImageBuffer::toData const):
+        (WebCore::ImageBuffer::toCFData const):
+        * platform/graphics/gtk/ImageBufferGtk.cpp:
+        (WebCore::ImageBuffer::toDataURL const):
+        * platform/graphics/win/ImageBufferDirect2D.cpp:
+        (WebCore::ImageBuffer::copyImage const):
+        (WebCore::ImageBuffer::sinkIntoImage):
+        (WebCore::ImageBuffer::toDataURL const):
+        * svg/graphics/SVGImage.cpp:
+        (WebCore::SVGImage::drawPatternForContainer):
+
+2018-01-04  John Wilander  <wilander@apple.com>
+
+        Storage Access API: Turn feature on by default in Settings.yaml
+        https://bugs.webkit.org/show_bug.cgi?id=181298
+        <rdar://problem/36302506>
+
+        Reviewed by Brent Fulgham.
+
+        No new tests. This is just a feature settings change.
+
+        * page/Settings.yaml:
+
+2018-01-04  Zalan Bujtas  <zalan@apple.com>
+
+        WebContent process crashes while loading https://www.classicspecs.com
+        https://bugs.webkit.org/show_bug.cgi?id=181290
+        <rdar://problem/36225906>
+
+        Reviewed by Simon Fraser.
+
+        Floats can overhang multiple blocks (they are called intruding floats).
+        Each block keeps track of such intruding floats. When an overhanging float box is destroyed,
+        we need to deregister it from all those blocks. We do it by walking up the ancestor block chain
+        and check if the parent (grandparent etc) block still contains this float. Once we find the topmost block, 
+        we start deregistering it by traversing back on the descendant blocks.
+        Normally we do it in RenderElement::takeChildInternal right before the box is getting detached.
+        However in certain cases (like when the float's parent happens to be an anonymous wrapper)
+        by the time we get to ::takeChildInternal the subtree is already detached and we can't access all the
+        ancestors.
+        This patch ensure that the floating box is still attached during de-registration. 
+
+        Test: fast/block/float/crash-when-intruding-float-has-anonymous-parent-and-detach.html
+
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::removeFromParentAndDestroyCleaningUpAnonymousWrappers):
+
+2018-01-04  Eric Carlson  <eric.carlson@apple.com>
+
+        [MediaStream] Add Mock screen capture source
+        https://bugs.webkit.org/show_bug.cgi?id=181291
+        <rdar://problem/36298164>
+
+        Reviewed by Dean Jackson.
+
+        Tests:  http/tests/media/media-stream/get-display-media-prompt.html
+                GetDisplayMediaTest.BasicPrompt
+                GetDisplayMediaTest.Constraints
+
+        * Modules/mediastream/MediaDevices.cpp:
+        (WebCore::MediaDevices::MediaDevices): Add static_assert to ensure MediaDevices::DisplayCaptureSurfaceType
+        and RealtimeMediaSourceSettings::DisplaySurfaceType values are equivalent.
+        (WebCore::MediaDevices::getSupportedConstraints): Remove bogus code.
+        * Modules/mediastream/MediaDevices.h: Add DisplayCaptureSurfaceType.
+        * Modules/mediastream/MediaDevices.idl: Ditto.
+
+        * Modules/mediastream/MediaStreamTrack.cpp:
+        (WebCore::MediaStreamTrack::getSettings const): Add a FIXME.
+        * Modules/mediastream/MediaStreamTrack.h: Add displaySurface and logicalSurface.
+
+        * Modules/mediastream/MediaTrackSupportedConstraints.h: Remove displaySurface and logicalSurface.
+        * Modules/mediastream/MediaTrackSupportedConstraints.idl:
+
+        * SourcesCocoa.txt: Add DisplayCaptureManagerCocoa.cpp and DisplayCaptureSourceCocoa.cpp.
+
+        * WebCore.xcodeproj/project.pbxproj: Ditto.
+
+        * platform/mediastream/CaptureDevice.h:
+        (WebCore::CaptureDevice::encode const): Add.
+        (WebCore::CaptureDevice::decode):
+
+        * platform/mediastream/RealtimeMediaSourceCenter.cpp:
+        (WebCore::RealtimeMediaSourceCenter::getMediaStreamDevices): Include display capture "devices".
+        (WebCore::RealtimeMediaSourceCenter::validateRequestConstraints): Deal with display capture devices.
+        (WebCore::RealtimeMediaSourceCenter::captureDeviceWithPersistentID): Ditto.
+        * platform/mediastream/RealtimeMediaSourceCenter.h:
+
+        * platform/mediastream/RealtimeMediaSourceSettings.h:
+        (WebCore::RealtimeMediaSourceSettings::displaySurface const): Return a DisplaySurfaceType.
+        (WebCore::RealtimeMediaSourceSettings::setDisplaySurface): Take a DisplaySurfaceType.
+
+        * platform/mediastream/mac/DisplayCaptureManagerCocoa.cpp:
+        (WebCore::DisplayCaptureManagerCocoa::singleton):
+        (WebCore::DisplayCaptureManagerCocoa::~DisplayCaptureManagerCocoa):
+        (WebCore::DisplayCaptureManagerCocoa::captureDevices):
+        (WebCore::DisplayCaptureManagerCocoa::screenCaptureDeviceWithPersistentID):
+        (WebCore::DisplayCaptureManagerCocoa::captureDeviceWithPersistentID):
+        * platform/mediastream/mac/DisplayCaptureManagerCocoa.h:
+
+        * platform/mediastream/mac/DisplayCaptureSourceCocoa.cpp: Added.
+        (WebCore::DisplayCaptureSourceCocoa::DisplayCaptureSourceCocoa):
+        (WebCore::DisplayCaptureSourceCocoa::~DisplayCaptureSourceCocoa):
+        (WebCore::DisplayCaptureSourceCocoa::capabilities const):
+        (WebCore::DisplayCaptureSourceCocoa::settings const):
+        (WebCore::DisplayCaptureSourceCocoa::settingsDidChange):
+        (WebCore::DisplayCaptureSourceCocoa::startProducingData):
+        (WebCore::DisplayCaptureSourceCocoa::stopProducingData):
+        (WebCore::DisplayCaptureSourceCocoa::elapsedTime):
+        (WebCore::DisplayCaptureSourceCocoa::applyFrameRate):
+        (WebCore::DisplayCaptureSourceCocoa::emitFrame):
+        * platform/mediastream/mac/DisplayCaptureSourceCocoa.h:
+
+        * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
+        (WebCore::RealtimeMediaSourceCenterMac::displayCaptureDeviceManager): New.
+        * platform/mediastream/mac/RealtimeMediaSourceCenterMac.h:
+
+        * platform/mock/MockRealtimeMediaSource.cpp:
+        (WebCore::deviceMap): Add screen capture "devices".
+        (WebCore::MockRealtimeMediaSource::displayDevices): New.
+        * platform/mock/MockRealtimeMediaSource.h:
+
+        * platform/mock/MockRealtimeMediaSourceCenter.cpp: Clean up includes.
+        * platform/mock/MockRealtimeMediaSourceCenter.h:
+
+        * platform/mock/MockRealtimeVideoSource.cpp:
+        (WebCore::MockRealtimeVideoSource::MockRealtimeVideoSource): Mock two screen devices.
+        (WebCore::MockRealtimeVideoSource::updateSettings): Deal with mock screens.
+        (WebCore::MockRealtimeVideoSource::initializeCapabilities): Ditto.
+        (WebCore::MockRealtimeVideoSource::initializeSupportedConstraints): Ditto.
+        (WebCore::MockRealtimeVideoSource::drawText): Ditto.
+        (WebCore::MockRealtimeVideoSource::generateFrame): Ditto.
+        * platform/mock/MockRealtimeVideoSource.h:
+        (WebCore::MockRealtimeVideoSource::mockCamera const):
+        (WebCore::MockRealtimeVideoSource::mockScreen const):
+
+2018-01-04  Youenn Fablet  <youenn@apple.com>
+
+        FetchResponse should set its internal response text encoding name
+        https://bugs.webkit.org/show_bug.cgi?id=181284
+
+        Reviewed by Alex Christensen.
+
+        Covered by rebased test.
+
+        * Modules/fetch/FetchResponse.cpp:
+        (WebCore::FetchResponse::create): Set response text encoding based on content type charset.
+
+2018-01-04  John Wilander  <wilander@apple.com>
+
+        Storage Access API: Remove JavaScript confirm() prompt from Document::requestStorageAccess()
+        https://bugs.webkit.org/show_bug.cgi?id=181276
+        <rdar://problem/36290463>
+
+        Reviewed by Alex Christensen.
+
+        No new tests. Existing test expectations updated.
+
+        * dom/Document.cpp:
+        (WebCore::Document::requestStorageAccess):
+
+2018-01-04  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK] Issues with Ahem's ex / x-height
+        https://bugs.webkit.org/show_bug.cgi?id=180581
+
+        Reviewed by Michael Catanzaro.
+
+        Get the x-height value from the TT_OS2 table if available.
+
+        Fixes: fast/text/break-word-pre-wrap.html
+               imported/w3c/web-platform-tests/css/css-shapes-1/shape-outside/values/shape-outside-shape-arguments-000.html
+
+        * platform/graphics/freetype/SimpleFontDataFreeType.cpp:
+        (WebCore::Font::platformInit):
+
+2018-01-04  Philippe Normand  <pnormand@igalia.com>
+
+        Unreviewed, GTK build fix attempt after r226357
+
+        * platform/graphics/gstreamer/GStreamerUtilities.h: The
+        GST_BUFFER_DTS_OR_PTS macro was added in GStreamer 1.8 but old
+        versions of Debian might not have this release yet.
+
+2018-01-04  Youenn Fablet  <youenn@apple.com>
+
+        Implement Cache API partitioning based on ClientOrigin
+        https://bugs.webkit.org/show_bug.cgi?id=181240
+
+        Reviewed by Alex Christensen.
+
+        Covered by updated tests.
+
+        Previously, cache storage was partitioned according the origin of the client, represented as a String.
+        We now partition according both client and top origins, represented as a ClientOrigin
+
+        Minor refactoring to use more makePendingActivity.
+        Added support for IPC serialization of ClientOrigin.
+        Added SecurityOriginData::toString which is used by WebKit2 Cache Storage implementation.
+
+        * Modules/cache/CacheStorageConnection.cpp:
+        (WebCore::CacheStorageConnection::open):
+        (WebCore::CacheStorageConnection::retrieveCaches):
+        * Modules/cache/CacheStorageConnection.h:
+        (WebCore::CacheStorageConnection::clearMemoryRepresentation):
+        (WebCore::CacheStorageConnection::doOpen):
+        (WebCore::CacheStorageConnection::doRetrieveCaches):
+        * Modules/cache/DOMCacheStorage.cpp:
+        (WebCore::DOMCacheStorage::origin const):
+        (WebCore::DOMCacheStorage::retrieveCaches):
+        (WebCore::DOMCacheStorage::open):
+        (WebCore::DOMCacheStorage::remove):
+        * Modules/cache/DOMCacheStorage.h:
+        * Modules/cache/WorkerCacheStorageConnection.cpp:
+        (WebCore::WorkerCacheStorageConnection::doOpen):
+        (WebCore::WorkerCacheStorageConnection::doRetrieveCaches):
+        * Modules/cache/WorkerCacheStorageConnection.h:
+        * page/ClientOrigin.h:
+        (WebCore::ClientOrigin::isolatedCopy const):
+        (WebCore::ClientOrigin::encode const):
+        (WebCore::ClientOrigin::decode):
+        * page/SecurityOriginData.cpp:
+        (WebCore::SecurityOriginData::toString const):
+        (WebCore::SecurityOriginData::debugString const): Deleted.
+        * page/SecurityOriginData.h:
+        (WebCore::SecurityOriginData::debugString const):
+        * testing/Internals.cpp:
+        (WebCore::Internals::clearCacheStorageMemoryRepresentation):
+
+2018-01-04  Youenn Fablet  <youenn@apple.com>
+
+        Service Worker should expose redirect mode for navigation loads as manual
+        https://bugs.webkit.org/show_bug.cgi?id=181067
+
+        Reviewed by Alex Christensen.
+
+        Covered by rebased tests.
+
+        * loader/CrossOriginAccessControl.cpp: Removing ContentType header only if affecting CORS checks.
+        This allows extending header filtering in service worker to all modes, including Navigate.
+        * workers/service/context/ServiceWorkerFetch.cpp:
+        (WebCore::ServiceWorkerFetch::dispatchFetchEvent): Ideally, document loading code should set redirect to manual.
+        Since it is not the case yet and that would require changes to various places, manual is set before exposing the corresponding fetch event.
+
+2018-01-04  Youenn Fablet  <youenn@apple.com>
+
+        ServiceWorkerThreadProxy::postTaskForModeToWorkerGlobalScope should be a no-op if worker is being terminated
+        https://bugs.webkit.org/show_bug.cgi?id=181245
+
+        Reviewed by Alex Christensen.
+
+        Stop appending tasks to a terminating worker and returning false in that case.
+        This mirrors what is done for regular workers.
+
+        * workers/service/context/SWContextManager.cpp:
+        (WebCore::SWContextManager::terminateWorker):
+        * workers/service/context/ServiceWorkerThreadProxy.cpp:
+        (WebCore::ServiceWorkerThreadProxy::postTaskForModeToWorkerGlobalScope):
+        * workers/service/context/ServiceWorkerThreadProxy.h:
+
 2018-01-04  Youenn Fablet  <youenn@apple.com>
 
         Cancel pending script loads when service worker is being terminated