Unreviewed, attempt to fix Windows build after r207787
[WebKit-https.git] / Source / WebCore / ChangeLog
index fa10597..4dff8d6 100644 (file)
+2016-10-24  Yusuke Suzuki  <utatane.tea@gmail.com>
+
+        Unreviewed, attempt to fix Windows build after r207787
+        https://bugs.webkit.org/show_bug.cgi?id=163657
+
+        According to the similar code in WebKit, I guess that
+        Visual C++ requires friend class declaration is done
+        in the private section to access private members.
+
+        And I also changed ::instance to ::shared to align to
+        the existing WebCore code.
+
+        * domjit/DOMJITAbstractHeapRepository.cpp:
+        (WebCore::DOMJIT::AbstractHeapRepository::shared):
+        (WebCore::DOMJIT::AbstractHeapRepository::instance): Deleted.
+        * domjit/DOMJITAbstractHeapRepository.h:
+        * domjit/JSNodeDOMJIT.cpp:
+        (WebCore::NodeFirstChildDOMJIT::callDOM):
+        (WebCore::NodeLastChildDOMJIT::callDOM):
+        (WebCore::NodeNextSiblingDOMJIT::callDOM):
+        (WebCore::NodePreviousSiblingDOMJIT::callDOM):
+        (WebCore::NodeParentNodeDOMJIT::callDOM):
+
+2016-10-24  Simon Fraser  <simon.fraser@apple.com>
+
+        Fix the lifetime of strings used in LOG_WITH_STREAM
+        https://bugs.webkit.org/show_bug.cgi?id=163923
+
+        Reviewed by Brent Fulgham.
+
+        Make sure the const char* passed to WTFLog() outlives the call.
+
+        Removed logFunctionResult which wasn't used anywhere else, and encourages this bad
+        pattern.
+
+        * platform/LogMacros.h:
+        * platform/Logging.cpp:
+        (WebCore::logFunctionResult): Deleted.
+
+2016-10-24  Chris Dumez  <cdumez@apple.com>
+
+        Reduce special handling for typed arrays in JSDOMConvert.h
+        https://bugs.webkit.org/show_bug.cgi?id=163907
+
+        Reviewed by Sam Weinig.
+
+        Reduce special handling for typed arrays in JSDOMConvert.h by adding a toWrapped() static
+        function on JSGenericTypedArrayView, similarly to other wrapper types.
+
+        No new tests, no web-exposed behavior change.
+
+        * bindings/js/JSDOMConvert.h:
+        (WebCore::Converter<IDLInterface<JSC::GenericTypedArrayView<Adaptor>>>::convert): Deleted.
+
+2016-10-24  Ryan Haddad  <ryanhaddad@apple.com>
+
+        Unreviewed, rolling out r207783.
+
+        This change appears to have caused fast/selectors/invalid-
+        functional-pseudo-class.html to crash on iOS and macOS
+
+        Reverted changeset:
+
+        "[CSS Parser] Fix :lang argument parsing"
+        https://bugs.webkit.org/show_bug.cgi?id=163913
+        http://trac.webkit.org/changeset/207783
+
+2016-10-24  Brady Eidson  <beidson@apple.com>
+
+        IndexedDB 2.0: Support new IDBKeyRange interfaces.
+        <rdar://problem/28806929> and https://bugs.webkit.org/show_bug.cgi?id=163910
+
+        Reviewed by Andy Estes.
+
+        No new tests (Covered by additions to existing test)
+
+        The "new IDBKeyRanges interfaces" really just means adding the instance method IDBKeyRange.contains.
+
+        * Modules/indexeddb/IDBKeyRange.cpp:
+        (WebCore::IDBKeyRange::contains):
+        * Modules/indexeddb/IDBKeyRange.h:
+        * Modules/indexeddb/IDBKeyRange.idl:
+
+2016-10-23  Yusuke Suzuki  <utatane.tea@gmail.com>
+
+        [DOMJIT] Add a way for DOMJIT::Patchpoint to express effects
+        https://bugs.webkit.org/show_bug.cgi?id=163657
+
+        Reviewed by Saam Barati.
+
+        CallDOMPatchpoint now has the way to tell its effects to DFG and FTL compilers.
+        WebCore DOMJIT::AbstractHeapRepository will construct the hierarchy of the abstract
+        heap. And then it encodes these information into the pairs of the integers.
+
+        And this patch also changes the DOMJIT::PatchpointParams' parameter order.
+        So we change them in all the DOMJIT::CallDOMPatchpoint sites.
+
+        * CMakeLists.txt:
+        * ForwardingHeaders/domjit/DOMJITAbstractHeap.h: Copied from Source/JavaScriptCore/domjit/DOMJITCallDOMPatchpoint.h.
+        * ForwardingHeaders/domjit/DOMJITEffect.h: Copied from Source/JavaScriptCore/domjit/DOMJITCallDOMPatchpoint.h.
+        * ForwardingHeaders/domjit/DOMJITHeapRange.h: Copied from Source/JavaScriptCore/domjit/DOMJITCallDOMPatchpoint.h.
+        * WebCore.xcodeproj/project.pbxproj:
+        * domjit/DOMJITAbstractHeapRepository.cpp: Copied from Source/JavaScriptCore/domjit/DOMJITCallDOMPatchpoint.h.
+        (WebCore::DOMJIT::AbstractHeapRepository::AbstractHeapRepository):
+        (WebCore::DOMJIT::AbstractHeapRepository::instance):
+        * domjit/DOMJITAbstractHeapRepository.h: Copied from Source/JavaScriptCore/domjit/DOMJITCallDOMPatchpoint.h.
+        * domjit/DOMJITHelpers.h:
+        (WebCore::DOMJITHelpers::branchIfNotWorldIsNormal): Deleted.
+        (WebCore::DOMJITHelpers::branchIfNotWeakIsLive): Deleted.
+        (WebCore::DOMJITHelpers::tryLookUpWrapperCache): Deleted.
+        (WebCore::DOMJITHelpers::toWrapper): Deleted.
+        (WebCore::DOMJITHelpers::branchIfDOMWrapper): Deleted.
+        (WebCore::DOMJITHelpers::branchIfNotDOMWrapper): Deleted.
+        (WebCore::DOMJITHelpers::branchIfNode): Deleted.
+        (WebCore::DOMJITHelpers::branchIfNotNode): Deleted.
+        (WebCore::DOMJITHelpers::branchIfElement): Deleted.
+        (WebCore::DOMJITHelpers::branchIfNotElement): Deleted.
+        (WebCore::DOMJITHelpers::branchIfDocumentWrapper): Deleted.
+        (WebCore::DOMJITHelpers::branchIfNotDocumentWrapper): Deleted.
+        * domjit/JSNodeDOMJIT.cpp:
+        (WebCore::createCallDOMForOffsetAccess):
+        (WebCore::checkNode):
+        (WebCore::NodeFirstChildDOMJIT::checkDOM):
+        (WebCore::NodeFirstChildDOMJIT::callDOM):
+        (WebCore::NodeLastChildDOMJIT::checkDOM):
+        (WebCore::NodeLastChildDOMJIT::callDOM):
+        (WebCore::NodeNextSiblingDOMJIT::checkDOM):
+        (WebCore::NodeNextSiblingDOMJIT::callDOM):
+        (WebCore::NodePreviousSiblingDOMJIT::checkDOM):
+        (WebCore::NodePreviousSiblingDOMJIT::callDOM):
+        (WebCore::NodeParentNodeDOMJIT::checkDOM):
+        (WebCore::NodeParentNodeDOMJIT::callDOM):
+        (WebCore::NodeNodeTypeDOMJIT::checkDOM):
+        (WebCore::NodeNodeTypeDOMJIT::callDOM):
+
+2016-10-24  Dave Hyatt  <hyatt@apple.com>
+
+        [CSS Parser] Fix :lang argument parsing
+        https://bugs.webkit.org/show_bug.cgi?id=163913
+
+        Reviewed by Zalan Bujtas.
+
+        * css/SelectorPseudoClassAndCompatibilityElementMap.in:
+        Modify the map to support versions of the function pseudos
+        without the left paren included.
+
+        * css/parser/CSSParserValues.cpp:
+        (WebCore::CSSParserSelector::setLangArgumentList):
+        * css/parser/CSSParserValues.h:
+        Add a helper to just directly pass an AtomicString Vector through.
+
+        * css/parser/CSSSelectorParser.cpp:
+        (WebCore::consumeLangArgumentList):
+        (WebCore::CSSSelectorParser::consumePseudo):
+        Add a new consumeLangArgumentList to collect the languages into
+        an AtomicString Vector.
+
+2016-10-24  Alex Christensen  <achristensen@webkit.org>
+
+        Fix AppleWin build after r207720.
+
+        * html/canvas/OESVertexArrayObject.cpp:
+
+2016-10-24  Alex Christensen  <achristensen@webkit.org>
+
+        Fix AppleWin build after r207720.
+
+        * bindings/js/JSWebGLRenderingContextBaseCustom.cpp:
+
+2016-10-24  Alex Christensen  <achristensen@webkit.org>
+
+        Fix Windows build after r207767 and r207769
+
+        * css/CSSAllInOne.cpp:
+        * platform/network/curl/ResourceHandleManager.cpp:
+        (WebCore::getProtectionSpace):
+
+2016-10-24  Per Arne Vollan  <pvollan@apple.com>
+
+        [Win] AVCF based media engine does not block cross-site/cross-domain loads.
+        https://bugs.webkit.org/show_bug.cgi?id=163783
+
+        Reviewed by Brent Fulgham.
+
+        Prevent cross-site/cross-domain loads by setting appropriate AVCF options.
+
+        No new tests; covered by media/video-canvas-source.html. Media tests are
+        currently skipped on Windows.
+
+        * platform/graphics/avfoundation/cf/AVFoundationCFSoftLinking.h:
+        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
+        (WebCore::MediaPlayerPrivateAVFoundationCF::resolvedURL):
+        (WebCore::MediaPlayerPrivateAVFoundationCF::hasSingleSecurityOrigin):
+        (WebCore::AVFWrapper::createAssetForURL):
+        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.h:
+
+2016-10-24  Anders Carlsson  <andersca@apple.com>
+
+        Fix build with newer versions of clang
+        https://bugs.webkit.org/show_bug.cgi?id=163908
+        rdar://problem/28852016
+
+        Reviewed by Tim Horton.
+
+        Use the macros that names the soft-linked functions in such a way that they won't conflict with actual functions.
+
+        * platform/ios/PlatformScreenIOS.mm:
+        (WebCore::screenIsMonochrome):
+        (WebCore::screenHasInvertedColors):
+        (WebCore::screenSize):
+        (WebCore::availableScreenSize):
+        (WebCore::screenScaleFactor):
+
+2016-10-24  Joseph Pecoraro  <pecoraro@apple.com>
+
+        Remove unnecessary unused variable stubs
+        https://bugs.webkit.org/show_bug.cgi?id=163688
+
+        Reviewed by Simon Fraser.
+
+        * Modules/applepay/cocoa/PaymentCocoa.mm:
+        (WebCore::toDictionary):
+        * Modules/applepay/cocoa/PaymentContactCocoa.mm:
+        (WebCore::toDictionary):
+
+2016-10-24  Alex Christensen  <achristensen@webkit.org>
+
+        Try to fix Windows build after r207767
+        https://bugs.webkit.org/show_bug.cgi?id=163891
+
+        * DerivedSources.cpp:
+
+2016-10-24  Zan Dobersek  <zdobersek@igalia.com>
+
+        [CodeGenerator] Only allow a single interface or standalone dictionary per WebIDL file
+        https://bugs.webkit.org/show_bug.cgi?id=163889
+
+        Reviewed by Chris Dumez.
+
+        Assert that there's only one interface or standalone dictionary
+        per WebIDL input file, and exit from the generator otherwise.
+
+        This avoids potential linking issues where multiple enumeration
+        and dictionary bindings code can be generated if the source
+        WebIDL for them is specified in a file that contains multiple
+        interfaces or standalone dictionaries.
+
+        Additionally, the generator now also exits if it fails to
+        generate code for any interface of standalone dictionary. This
+        should avoid processing WebIDL files that are empty in
+        substance.
+
+        TestException.idl and TestInterface.idl files have their second
+        interfaces removed. In place of those a new testing IDL file is
+        added, TestInterfaceLeadingUnderscore.idl. Like the two removed
+        interfaces, it tests that the leading underscode in the
+        identifier is removed by the generator.
+
+        * bindings/scripts/CodeGenerator.pm:
+        (ProcessDocument):
+        * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp: Added.
+        (WebCore::JSTestInterfaceLeadingUnderscorePrototype::create):
+        (WebCore::JSTestInterfaceLeadingUnderscorePrototype::createStructure):
+        (WebCore::JSTestInterfaceLeadingUnderscorePrototype::JSTestInterfaceLeadingUnderscorePrototype):
+        (WebCore::JSTestInterfaceLeadingUnderscoreConstructor::prototypeForStructure):
+        (WebCore::JSTestInterfaceLeadingUnderscoreConstructor::initializeProperties):
+        (WebCore::JSTestInterfaceLeadingUnderscorePrototype::finishCreation):
+        (WebCore::JSTestInterfaceLeadingUnderscore::JSTestInterfaceLeadingUnderscore):
+        (WebCore::JSTestInterfaceLeadingUnderscore::createPrototype):
+        (WebCore::JSTestInterfaceLeadingUnderscore::prototype):
+        (WebCore::JSTestInterfaceLeadingUnderscore::destroy):
+        (WebCore::BindingCaller<JSTestInterfaceLeadingUnderscore>::castForAttribute):
+        (WebCore::jsTestInterfaceLeadingUnderscoreReadonly):
+        (WebCore::jsTestInterfaceLeadingUnderscoreReadonlyGetter):
+        (WebCore::jsTestInterfaceLeadingUnderscoreConstructor):
+        (WebCore::setJSTestInterfaceLeadingUnderscoreConstructor):
+        (WebCore::JSTestInterfaceLeadingUnderscore::getConstructor):
+        (WebCore::JSTestInterfaceLeadingUnderscoreOwner::isReachableFromOpaqueRoots):
+        (WebCore::JSTestInterfaceLeadingUnderscoreOwner::finalize):
+        (WebCore::toJSNewlyCreated):
+        (WebCore::toJS):
+        (WebCore::JSTestInterfaceLeadingUnderscore::toWrapped):
+        * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.h: Renamed from Source/WebCore/bindings/scripts/test/JS/JSreadonly.h.
+        (WebCore::JSTestInterfaceLeadingUnderscore::create):
+        (WebCore::JSTestInterfaceLeadingUnderscore::createStructure):
+        (WebCore::JSTestInterfaceLeadingUnderscore::finishCreation):
+        (WebCore::wrapperOwner):
+        (WebCore::wrapperKey):
+        (WebCore::toJS):
+        (WebCore::toJSNewlyCreated):
+        * bindings/scripts/test/JS/JSattribute.cpp: Removed.
+        * bindings/scripts/test/JS/JSattribute.h: Removed.
+        * bindings/scripts/test/JS/JSreadonly.cpp: Removed.
+        * bindings/scripts/test/TestException.idl:
+        * bindings/scripts/test/TestInterface.idl:
+        * bindings/scripts/test/TestInterfaceLeadingUnderscore.idl: Copied from Source/WebCore/bindings/scripts/test/TestException.idl.
+
+2016-10-21  Alex Christensen  <achristensen@webkit.org>
+
+        URL::port should return Optional<uint16_t>
+        https://bugs.webkit.org/show_bug.cgi?id=163806
+
+        Reviewed by Darin Adler.
+
+        A URL without a port is different than a URL with port 0.
+        This matches the spec, Chrome, and Firefox.
+
+        Covered by newly-passing web platform tests.
+
+        * Modules/indexeddb/IDBDatabaseIdentifier.h:
+        (WebCore::IDBDatabaseIdentifier::IDBDatabaseIdentifier):
+        (WebCore::IDBDatabaseIdentifier::isHashTableDeletedValue):
+        (WebCore::IDBDatabaseIdentifier::hash):
+        (WebCore::IDBDatabaseIdentifier::isValid):
+        (WebCore::IDBDatabaseIdentifier::isEmpty):
+        * Modules/websockets/WebSocket.cpp:
+        (WebCore::WebSocket::connect):
+        * Modules/websockets/WebSocketHandshake.cpp:
+        (WebCore::hostName):
+        * contentextensions/ContentExtensionsBackend.cpp:
+        (WebCore::ContentExtensions::ContentExtensionsBackend::processContentExtensionRulesForLoad):
+        (WebCore::ContentExtensions::applyBlockedStatusToRequest):
+        * html/HTMLPlugInImageElement.cpp:
+        (WebCore::HTMLPlugInImageElement::userDidClickSnapshot):
+        (WebCore::HTMLPlugInImageElement::subframeLoaderWillCreatePlugIn):
+        * html/URLUtils.h:
+        (WebCore::URLUtils<T>::protocol):
+        (WebCore::URLUtils<T>::host):
+        (WebCore::URLUtils<T>::port):
+        * loader/CrossOriginAccessControl.cpp:
+        (WebCore::isValidCrossOriginRedirectionURL):
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::responseReceived):
+        (WebCore::isRemoteWebArchive):
+        (WebCore::DocumentLoader::maybeLoadEmpty):
+        * loader/DocumentThreadableLoader.cpp:
+        (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest):
+        * loader/ResourceLoader.cpp:
+        (WebCore::ResourceLoader::didReceiveResponse):
+        * loader/cache/CachedResource.cpp:
+        (WebCore::shouldCacheSchemeIndefinitely):
+        (WebCore::CachedResource::freshnessLifetime):
+        * page/Location.cpp:
+        (WebCore::Location::protocol):
+        (WebCore::Location::host):
+        (WebCore::Location::port):
+        * page/Page.cpp:
+        (WebCore::Page::userStyleSheetLocationChanged):
+        * page/SecurityOrigin.cpp:
+        (WebCore::shouldTreatAsUniqueOrigin):
+        (WebCore::SecurityOrigin::SecurityOrigin):
+        (WebCore::SecurityOrigin::isSecure):
+        (WebCore::SecurityOrigin::canDisplay):
+        (WebCore::SecurityOrigin::toRawString):
+        (WebCore::SecurityOrigin::create):
+        (WebCore::SecurityOrigin::databaseIdentifier):
+        * page/SecurityOrigin.h:
+        (WebCore::SecurityOrigin::port):
+        * page/SecurityOriginData.cpp:
+        (WebCore::SecurityOriginData::debugString):
+        * page/SecurityOriginData.h:
+        (): Deleted.
+        * page/SecurityOriginHash.h:
+        (WebCore::SecurityOriginHash::hash):
+        * page/csp/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::allowObjectFromSource):
+        (WebCore::ContentSecurityPolicy::allowChildFrameFromSource):
+        (WebCore::ContentSecurityPolicy::allowResourceFromSource):
+        (WebCore::ContentSecurityPolicy::allowConnectToSource):
+        (WebCore::ContentSecurityPolicy::allowBaseURI):
+        (WebCore::stripURLForUseInReport):
+        (WebCore::ContentSecurityPolicy::upgradeInsecureRequestIfNeeded):
+        * page/csp/ContentSecurityPolicySource.cpp:
+        (WebCore::ContentSecurityPolicySource::ContentSecurityPolicySource):
+        (WebCore::ContentSecurityPolicySource::portMatches):
+        * page/csp/ContentSecurityPolicySource.h:
+        * page/csp/ContentSecurityPolicySourceList.cpp:
+        (WebCore::ContentSecurityPolicySourceList::parse):
+        (WebCore::ContentSecurityPolicySourceList::parseSource):
+        (WebCore::ContentSecurityPolicySourceList::parsePort):
+        * page/csp/ContentSecurityPolicySourceList.h:
+        * platform/SchemeRegistry.h:
+        * platform/URL.cpp:
+        (WebCore::URL::protocol):
+        (WebCore::URL::port):
+        (WebCore::URL::serialize):
+        (WebCore::portAllowed):
+        (WebCore::defaultPortsMap): Deleted.
+        (WebCore::defaultPortForProtocol): Deleted.
+        (WebCore::isDefaultPortForProtocol): Deleted.
+        * platform/URL.h:
+        (WebCore::URL::hasPort): Deleted.
+        * platform/URLParser.cpp:
+        (WebCore::defaultPortForProtocol):
+        (WebCore::isDefaultPortForProtocol):
+        (WebCore::URLParser::parsePort):
+        (WebCore::isDefaultPort): Deleted.
+        * platform/network/CredentialStorage.cpp:
+        (WebCore::originStringFromURL):
+        * platform/network/ResourceHandle.cpp:
+        (WebCore::ResourceHandle::create):
+        (WebCore::ResourceHandle::loadResourceSynchronously):
+        * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
+        (WebCore::SocketStreamHandleImpl::platformClose):
+        (WebCore::SocketStreamHandleImpl::port):
+        * workers/WorkerLocation.cpp:
+        (WebCore::WorkerLocation::protocol):
+        (WebCore::WorkerLocation::host):
+        (WebCore::WorkerLocation::port):
+
+2016-10-24  Zan Dobersek  <zdobersek@igalia.com>
+
+        [CodeGeneratorJS] Support enums for standalone dictionaries
+        https://bugs.webkit.org/show_bug.cgi?id=163885
+
+        Reviewed by Youenn Fablet.
+
+        Add support for enumerations in WebIDL files that specify
+        standalone dictionaries. Implementation of this is pretty
+        straight-forward and mirrors interface and callback generators
+        by calling GenerateEnumerations{Header,Implementation}Content()
+        functions in GenerateDictionary{Header,Implementation}().
+
+        In GenerateEnumerationsImplementationContent(), the
+        NeverDestroyed.h header is added to the implementation includes
+        since that class is used to hold an array of possible enum
+        values.
+
+        A test enum is added to the TestStandaloneDictionary.idl file
+        and the baselines are updated to reflect the new capability.
+
+        * bindings/scripts/CodeGenerator.pm:
+        (ProcessDocument):
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateDictionary):
+        (GenerateEnumerationsImplementationContent):
+        (GenerateDictionaryHeader):
+        (GenerateDictionaryImplementation):
+        * bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp:
+        (WebCore::convertEnumerationToJS):
+        (WebCore::parseEnumeration<TestStandaloneDictionary::EnumInStandaloneDictionaryFile>):
+        (WebCore::convertEnumeration<TestStandaloneDictionary::EnumInStandaloneDictionaryFile>):
+        (WebCore::expectedEnumerationValues<TestStandaloneDictionary::EnumInStandaloneDictionaryFile>):
+        (WebCore::convertDictionary<DictionaryImplName>):
+        * bindings/scripts/test/JS/JSTestStandaloneDictionary.h:
+        * bindings/scripts/test/TestStandaloneDictionary.idl:
+
+2016-10-24  Dave Hyatt  <hyatt@apple.com>
+
+        Remove CSSCharsetRule from the CSS OM
+        https://bugs.webkit.org/show_bug.cgi?id=163891
+
+        Reviewed by Darin Adler.
+
+        Remove CSSCharsetRule from the CSS OM. All other browser engines have made this
+        change. This eliminates the weird overloading of isCharsetRule to match both
+        CSSCharsetRule and StyleRuleCharset (only used by the new parser).
+
+        Fix the destroy() method in StyleRuleBase to clean up StyleRuleCharsets created
+        by the new parser properly.
+
+        * CMakeLists.txt:
+        * DerivedSources.make:
+        * WebCore.xcodeproj/project.pbxproj:
+        * bindings/js/JSCSSRuleCustom.cpp:
+        (WebCore::toJSNewlyCreated):
+        * css/CSSCharsetRule.cpp: Removed.
+        * css/CSSCharsetRule.h: Removed.
+        * css/CSSCharsetRule.idl: Removed.
+        * css/CSSPropertySourceData.h:
+        * css/CSSStyleSheet.cpp:
+        (WebCore::CSSStyleSheet::item):
+        (WebCore::CSSStyleSheet::rules):
+        * css/CSSStyleSheet.h:
+        * css/StyleRule.cpp:
+        (WebCore::StyleRuleBase::destroy):
+        * inspector/InspectorStyleSheet.cpp:
+        (WebCore::asCSSRuleList):
+
+2016-10-24  Zan Dobersek  <zdobersek@igalia.com>
+
+        [CodeGeneratorJS] Standalone dictionaries have misplaced build guards
+        https://bugs.webkit.org/show_bug.cgi?id=163881
+
+        Reviewed by Chris Dumez.
+
+        Build guards that are generated from the Conditional attribute
+        on WebIDL dictionary declarations properly guard the relevant
+        convertDictionary() functions for WebIDL files that also specify
+        interfaces. But for standalone dictionaries these build guards
+        should guard the complete header and implementation files, much
+        like this is done for files that originate from interfaces or
+        callbacks.
+
+        Before this patch, guarding a standalone dictionary resulted in
+        malformed output because GenerateHeaderContentHeader() and
+        GenerateImplementationContentHeader() functions both generated
+        the #if macro that would guard the whole file, but
+        GenerateDictionary{Header,Implementation}() didn't generate the
+        closing #endif.
+
+        CodeGeneratorJS.pm now passes the conditional string, if any,
+        to GenerateDictionary{Header,Implementation}Content() functions
+        in case of a non-standalone dictionary. Otherwise, the
+        conditional string, if any, is used to guard the complete
+        header and implementation files.
+
+        Generator tests are updated to cover various build guard
+        combinations on dictionaries in TestObj.idl, and the standalone
+        dictionary WebIDL file now has a Conditional attribute to check
+        that the build guards cover complete generated header and
+        implementation files.
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateDictionaryHeaderContent):
+        (GenerateDictionariesHeaderContent):
+        (GenerateDictionaryImplementationContent):
+        (GenerateDictionariesImplementationContent):
+        (GenerateDictionaryHeader):
+        (GenerateDictionaryImplementation):
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        (WebCore::convertDictionary<TestObj::ConditionalDictionaryA>):
+        (WebCore::convertDictionary<TestObj::ConditionalDictionaryB>):
+        (WebCore::convertDictionary<TestObj::ConditionalDictionaryC>):
+        * bindings/scripts/test/JS/JSTestObj.h:
+        * bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp:
+        * bindings/scripts/test/JS/JSTestStandaloneDictionary.h:
+        * bindings/scripts/test/TestObj.idl:
+        * bindings/scripts/test/TestStandaloneDictionary.idl:
+
+2016-10-24  Eric Carlson  <eric.carlson@apple.com>
+
+        [MediaStream] Separate media capture and audio playback muting
+        https://bugs.webkit.org/show_bug.cgi?id=163855
+        <rdar://problem/28827186>
+
+        Reviewed by Darin Adler.
+
+        Test: fast/mediastream/MediaStream-page-muted.html
+
+        Change page.muted from a bool to a bitfield so audio and media capture muted are independent.
+        Fix a couple of bugs in the mock media capture device uncovered by new test case.
+        
+        * Modules/mediastream/MediaStream.cpp:
+        (WebCore::MediaStream::pageMutedStateDidChange): page.isMuted -> page.mutedState.
+
+        * Modules/webaudio/AudioContext.cpp:
+        (WebCore::AudioContext::pageMutedStateDidChange): Ditto.
+
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::updateVolume): Ditto.
+        (WebCore::HTMLMediaElement::effectiveMuted): Ditto.
+
+        * page/MediaProducer.h: Add MutedState enum.
+
+        * page/Page.cpp:
+        (WebCore::Page::Page):
+        (WebCore::Page::setMuted): Take MutedStateFlags instead of bool. m_muted -> m_mutedState.
+        * page/Page.h:
+
+        * platform/mock/MockRealtimeMediaSource.cpp:
+        (WebCore::MockRealtimeMediaSource::startProducingData): Call setMuted.
+        (WebCore::MockRealtimeMediaSource::stopProducingData): Ditto.
+        * platform/mock/MockRealtimeMediaSource.h:
+
+        * platform/mock/MockRealtimeVideoSource.cpp:
+        (WebCore::MockRealtimeVideoSource::stopProducingData): Call correct base class method.
+
+        * testing/Internals.cpp:
+        (WebCore::Internals::setPageMuted): Change parameter from a bool to a string.
+        * testing/Internals.h:
+
+        * testing/Internals.idl:
+
+2016-10-24  Darin Adler  <darin@apple.com>
+
+        Try to fix Windows build.
+
+        * bindings/js/JSWebGL2RenderingContextCustom.cpp: Rearranged includes
+        so they are inside the conditional as they should be.
+
+2016-10-24  Youenn Fablet  <youenn@apple.com>
+
+        Activate WEB_RTC compilation flags for Mac bots
+        https://bugs.webkit.org/show_bug.cgi?id=163886
+
+        Reviewed by Eric Carlson.
+
+        Covered by existing tests.
+
+        Fixing compilation errors due to missing WEBCORE_EXPORT, missing method and missing override keywords.
+
+        * Configurations/FeatureDefines.xcconfig:
+        * DerivedSources.make:
+        * Modules/mediastream/MediaEndpointPeerConnection.h:
+        * Modules/mediastream/RTCPeerConnection.h:
+        * Modules/mediastream/RTCPeerConnection.idl:
+        * Modules/mediastream/SDPProcessor.cpp:
+        (WebCore::SDPProcessor::generate):
+        (WebCore::SDPProcessor::parse):
+        * WebCore.xcodeproj/project.pbxproj:
+        * platform/mediastream/mac/MockRealtimeVideoSourceMac.mm:
+        (WebCore::MockRealtimeVideoSource::createMuted):
+
+2016-10-24  Brady Eidson  <beidson@apple.com>
+
+        IndexedDB 2.0: Support IDBIndex name assignment.
+        <rdar://problem/28806932> and https://bugs.webkit.org/show_bug.cgi?id=163805
+
+        Reviewed by Alex Christensen.
+
+        Tests: storage/indexeddb/modern/index-rename-1-private.html
+               storage/indexeddb/modern/index-rename-1.html
+
+        Touches a *lot* of code sites, but none of them are particularly interesting.
+        They are all just getting the new name spread out to all of the various objects that need it.
+
+        * Modules/indexeddb/IDBDatabase.cpp:
+        (WebCore::IDBDatabase::renameIndex):
+        * Modules/indexeddb/IDBDatabase.h:
+
+        * Modules/indexeddb/IDBIndex.cpp:
+        (WebCore::IDBIndex::IDBIndex):
+        (WebCore::IDBIndex::setName):
+        (WebCore::IDBIndex::rollbackInfoForVersionChangeAbort):
+        * Modules/indexeddb/IDBIndex.h:
+        * Modules/indexeddb/IDBIndex.idl:
+
+        * Modules/indexeddb/IDBObjectStore.cpp:
+        (WebCore::IDBObjectStore::rollbackForVersionChangeAbort):
+        (WebCore::IDBObjectStore::renameReferencedIndex):
+        (WebCore::IDBObjectStore::rollbackInfoForVersionChangeAbort): Deleted.
+        * Modules/indexeddb/IDBObjectStore.h:
+
+        * Modules/indexeddb/IDBTransaction.cpp:
+        (WebCore::IDBTransaction::internalAbort):
+        (WebCore::IDBTransaction::renameIndex):
+        (WebCore::IDBTransaction::renameIndexOnServer):
+        (WebCore::IDBTransaction::didRenameIndexOnServer):
+        * Modules/indexeddb/IDBTransaction.h:
+
+        * Modules/indexeddb/client/IDBConnectionProxy.cpp:
+        (WebCore::IDBClient::IDBConnectionProxy::renameIndex):
+        * Modules/indexeddb/client/IDBConnectionProxy.h:
+
+        * Modules/indexeddb/client/IDBConnectionToServer.cpp:
+        (WebCore::IDBClient::IDBConnectionToServer::renameIndex):
+        (WebCore::IDBClient::IDBConnectionToServer::didRenameIndex):
+        * Modules/indexeddb/client/IDBConnectionToServer.h:
+        * Modules/indexeddb/client/IDBConnectionToServerDelegate.h:
+
+        * Modules/indexeddb/client/TransactionOperation.h:
+        (WebCore::IDBClient::createTransactionOperation):
+
+        * Modules/indexeddb/server/IDBBackingStore.h:
+
+        * Modules/indexeddb/server/IDBConnectionToClient.cpp:
+        (WebCore::IDBServer::IDBConnectionToClient::didRenameIndex):
+        * Modules/indexeddb/server/IDBConnectionToClient.h:
+        * Modules/indexeddb/server/IDBConnectionToClientDelegate.h:
+
+        * Modules/indexeddb/server/IDBServer.cpp:
+        (WebCore::IDBServer::IDBServer::renameIndex):
+        * Modules/indexeddb/server/IDBServer.h:
+
+        * Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:
+        (WebCore::IDBServer::MemoryBackingStoreTransaction::indexRenamed):
+        (WebCore::IDBServer::MemoryBackingStoreTransaction::abort):
+        * Modules/indexeddb/server/MemoryBackingStoreTransaction.h:
+
+        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
+        (WebCore::IDBServer::MemoryIDBBackingStore::renameIndex):
+        * Modules/indexeddb/server/MemoryIDBBackingStore.h:
+
+        * Modules/indexeddb/server/MemoryIndex.h:
+        (WebCore::IDBServer::MemoryIndex::rename):
+
+        * Modules/indexeddb/server/MemoryObjectStore.cpp:
+        (WebCore::IDBServer::MemoryObjectStore::renameIndex):
+        * Modules/indexeddb/server/MemoryObjectStore.h:
+
+        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
+        (WebCore::IDBServer::SQLiteIDBBackingStore::renameIndex):
+        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
+
+        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
+        (WebCore::IDBServer::UniqueIDBDatabase::renameIndex):
+        (WebCore::IDBServer::UniqueIDBDatabase::performRenameIndex):
+        (WebCore::IDBServer::UniqueIDBDatabase::didPerformRenameIndex):
+        * Modules/indexeddb/server/UniqueIDBDatabase.h:
+
+        * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
+        (WebCore::IDBServer::UniqueIDBDatabaseConnection::didRenameIndex):
+        * Modules/indexeddb/server/UniqueIDBDatabaseConnection.h:
+
+        * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp:
+        (WebCore::IDBServer::UniqueIDBDatabaseTransaction::renameIndex):
+        * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h:
+
+        * Modules/indexeddb/shared/IDBIndexInfo.h:
+        (WebCore::IDBIndexInfo::rename):
+
+        * Modules/indexeddb/shared/IDBObjectStoreInfo.cpp:
+        (WebCore::IDBObjectStoreInfo::infoForExistingIndex):
+        * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
+
+        * Modules/indexeddb/shared/IDBResultData.cpp:
+        (WebCore::IDBResultData::renameIndexSuccess):
+        * Modules/indexeddb/shared/IDBResultData.h:
+
+        * Modules/indexeddb/shared/InProcessIDBServer.cpp:
+        (WebCore::InProcessIDBServer::didRenameIndex):
+        (WebCore::InProcessIDBServer::renameIndex):
+        * Modules/indexeddb/shared/InProcessIDBServer.h:
+
+2016-10-24  Dave Hyatt  <hyatt@apple.com>
+
+        [CSS Parser] Fix -webkit-box-reflect parsing
+        https://bugs.webkit.org/show_bug.cgi?id=163890
+
+        Reviewed by Zalan Bujtas.
+
+        * css/parser/CSSPropertyParser.cpp:
+        (WebCore::consumeReflect):
+        Do a WTFMove on the mask instead of a .releaseNonNull(), since mask can be a nullptr.
+        Exactly matches the old parser.
+
+        * css/parser/CSSPropertyParserHelpers.cpp:
+        (WebCore::CSSPropertyParserHelpers::CalcParser::consumeValue):
+        (WebCore::CSSPropertyParserHelpers::CalcParser::consumeNumber):
+        (WebCore::CSSPropertyParserHelpers::consumeInteger):
+        (WebCore::CSSPropertyParserHelpers::consumeNumber):
+        (WebCore::CSSPropertyParserHelpers::consumeLength):
+        (WebCore::CSSPropertyParserHelpers::consumePercent):
+        (WebCore::CSSPropertyParserHelpers::consumeAngle):
+        (WebCore::CSSPropertyParserHelpers::consumeTime):
+        (WebCore::CSSPropertyParserHelpers::consumeUrl):
+        (WebCore::CSSPropertyParserHelpers::consumeColor):
+        (WebCore::CSSPropertyParserHelpers::consumeDeprecatedGradientPoint):
+        (WebCore::CSSPropertyParserHelpers::consumeDeprecatedGradientColorStop):
+        (WebCore::CSSPropertyParserHelpers::consumeCrossFade):
+        (WebCore::CSSPropertyParserHelpers::consumeImageSet):
+        Clean up all instances of CSSPrimitiveValue::create to use the CSSValuePool.
+
+2016-10-21  Antoine Quint  <graouts@apple.com>
+
+        [Modern Media Controls] Concatenate JS and CSS files into a single JS and CSS resources
+        https://bugs.webkit.org/show_bug.cgi?id=163785
+        <rdar://problem/28890058>
+
+        Reviewed by Darin Adler.
+
+        Concatenate CSS and JS resources for modern media controls into single JS and CSS files
+        during build and load these single resources alone at runtime.
+
+        * Modules/modern-media-controls/js-files: Added.
+        * WebCore.xcodeproj/project.pbxproj:
+        * rendering/RenderThemeMac.mm:
+        (WebCore::RenderThemeMac::mediaControlsStyleSheet):
+        (WebCore::RenderThemeMac::mediaControlsScript):
+
+2016-10-24  Dave Hyatt  <hyatt@apple.com>
+
+        [CSS Parser] Unprefix -webkit-writing-mode
+        https://bugs.webkit.org/show_bug.cgi?id=163870
+
+        Reviewed by Zalan Bujtas.
+
+        * css/CSSComputedStyleDeclaration.cpp:
+        (WebCore::ComputedStyleExtractor::propertyValue):
+        Change -webkit-writing mode to writing-mode.
+
+        * css/CSSPrimitiveValueMappings.h:
+        (WebCore::CSSPrimitiveValue::operator WritingMode):
+        (WebCore::CSSPrimitiveValue::operator SVGWritingMode): Deleted.
+        Eliminate the SVGWritingMode converters. Add support for the unique SVG-specific
+        values to the WritingMode converters.
+
+        * css/CSSPropertyNames.in:
+        Alias -webkit-writing-mode to writing-mode. Move writing-mode up to be
+        high priority like -webkit-writing mode was. Alias -epub-writing-mode to writing-mode
+        instead of to -webkit-writing-mode.
+
+        * css/SVGCSSComputedStyleDeclaration.cpp:
+        (WebCore::ComputedStyleExtractor::svgPropertyValue):
+        Remove writing-mode from SVG computed style, since the base CSSComputedStyleDeclaration handles it.
+
+        * css/StyleBuilderCustom.h:
+        (WebCore::StyleBuilderCustom::applyValueWritingMode):
+        (WebCore::StyleBuilderCustom::applyValueWebkitWritingMode): Deleted.
+        Renamed applyValueWebkitWritingMode to applyValueWritingMode. Removed the SVG code, since
+        the underlying converter for WritingMode now handles those values.
+
+        * css/StyleResolver.cpp:
+        (WebCore::extractDirectionAndWritingMode):
+        Rename -webkit-writing-mode to writing-mode.
+
+        * css/parser/CSSParser.cpp:
+        (WebCore::isValidKeywordPropertyAndValue):
+        Eliminate -webkit-writing-mode and make sure writing-mode handles both the SVG values
+        and the normal values.
+
+        * css/parser/CSSParserFastPaths.cpp:
+        (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):
+        (WebCore::CSSParserFastPaths::isKeywordPropertyID):
+        Same deal here.
+
+        * html/track/TextTrackCueGeneric.cpp:
+        (WebCore::TextTrackCueGenericBoxElement::applyCSSProperties):
+        * html/track/VTTCue.cpp:
+        (WebCore::VTTCueBox::applyCSSProperties):
+        Cue stuff was setting -webkit-writing-mode, so make it set writing-mode instead now.
+
+        * rendering/RenderLineBreak.cpp:
+        (WebCore::RenderLineBreak::collectSelectionRects):
+        * rendering/RenderText.cpp:
+        (WebCore::RenderText::collectSelectionRects):
+        Switch the SVG-specific code here over to accessing the RenderStyle writing-mode and not
+        the SVG-specific one.
+
+        * rendering/style/RenderStyle.h:
+        (WebCore::RenderStyle::isVerticalWritingMode):
+        Add a helper function for asking if something is vertical writing mode.
+
+        * rendering/style/SVGRenderStyle.cpp:
+        * rendering/style/SVGRenderStyle.h:
+        * rendering/style/SVGRenderStyleDefs.h:
+        (WebCore::SVGRenderStyle::diff):
+        Remove the SVG writing mode code.
+
+        * rendering/svg/RenderSVGInlineText.cpp:
+        (WebCore::RenderSVGInlineText::computeNewScaledFontForStyle):
+        Make sure to force SVG font descriptions to be horizontal, since SVG controls
+        its own glyph orientation.
+
+        * rendering/svg/SVGRenderTreeAsText.cpp:
+        (WebCore::writeSVGInlineTextBox):
+        * rendering/svg/SVGTextChunk.cpp:
+        (WebCore::SVGTextChunk::SVGTextChunk):
+        * rendering/svg/SVGTextLayoutEngine.cpp:
+        (WebCore::SVGTextLayoutEngine::layoutInlineTextBox):
+        * rendering/svg/SVGTextQuery.cpp:
+        (WebCore::SVGTextQuery::executeQuery):
+        Changed to access the RenderStyle writing mode instead of the SVG-specific one.
+
+2016-10-23  Antti Koivisto  <antti@apple.com>
+
+        Avoid unnecessary full style resolution in getComputedStyle for non-inherited properties
+        https://bugs.webkit.org/show_bug.cgi?id=163875
+
+        Reviewed by Andreas Kling.
+
+        Test: fast/css/getComputedStyle/getComputedStyle-style-resolution.html
+
+        * css/CSSComputedStyleDeclaration.cpp:
+        (WebCore::hasValidStyleForProperty):
+
+            For non-inherited properties we don't need to update style even if some ancestor style is invalid
+            as long as explicit 'inherit' is not being used.
+            We still need to update if we find out that the whole subtree we are in is invalid.
+
+        (WebCore::updateStyleIfNeededForProperty):
+
+            Pass the property.
+
+        (WebCore::ComputedStyleExtractor::customPropertyValue):
+        (WebCore::ComputedStyleExtractor::propertyValue):
+        (WebCore::CSSComputedStyleDeclaration::length):
+        (WebCore::elementOrItsAncestorNeedsStyleRecalc): Deleted.
+        (WebCore::updateStyleIfNeededForElement): Deleted.
+        * css/StyleResolver.cpp:
+        (WebCore::StyleResolver::colorFromPrimitiveValue):
+
+            Mark style as using explicit inheritance if 'currentcolor' value is used.
+
+2016-10-24  Youenn Fablet  <youenn@apple.com>
+
+        ASSERTION FAILED: canvas()->securityOrigin()->toString() == cachedImage.origin()->toString()
+        https://bugs.webkit.org/show_bug.cgi?id=163242
+
+        Reviewed by Darin Adler.
+
+        Test: http/tests/security/cross-origin-cached-images-canvas.html
+
+        We were previously on Origin HTTP header to check whether requests were made from different origins.
+        This is fine for CORS enabled requests but not for GET no CORS requests since they will not have any Origin header.
+
+        Now that CachedResource and CachedResourceRequest own their origin, it is best to use these directly.
+
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::isRequestMatchingResourceOrigin):
+        (WebCore::CachedResourceLoader::shouldUpdateCachedResourceWithCurrentRequest):
+
+2016-10-24  Youenn Fablet  <youenn@apple.com>
+
+        Remove CachedResource::passesSameOriginPolicyCheck
+        https://bugs.webkit.org/show_bug.cgi?id=163593
+
+        Reviewed by Andreas Kling.
+
+        No change of behavior.
+
+        Removing no-longer used code.
+
+        * loader/cache/CachedResource.cpp:
+        (WebCore::CachedResource::redirectReceived):
+        (WebCore::CachedResource::passesAccessControlCheck): Deleted.
+        (WebCore::CachedResource::passesSameOriginPolicyCheck): Deleted.
+        (WebCore::CachedResource::responseForSameOriginPolicyChecks): Deleted.
+        * loader/cache/CachedResource.h:
+        (WebCore::CachedResource::response):
+
+2016-10-24  Youenn Fablet  <youenn@apple.com>
+
+        Redirections should be upgraded if CSP policy says so
+        https://bugs.webkit.org/show_bug.cgi?id=163544
+
+        Reviewed by Darin Adler.
+
+        Test: http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html
+
+        Introducing CachedResourceLoader::updateRequestAfterRedirection to do the checks that CachedResourceLoader is doing
+        to the initial request, but for redirection requests.
+
+        Implemented URL upgrade according CSP policy, as specified by fetch algorithm.
+        Minor refactoring in CachedResourceRequest to share some code.
+        Fixing some constness issues.
+
+        * loader/SubresourceLoader.cpp:
+        (WebCore::SubresourceLoader::willSendRequestInternal):
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::CachedResourceLoader::allowedByContentSecurityPolicy):
+        (WebCore::CachedResourceLoader::canRequestAfterRedirection):
+        (WebCore::CachedResourceLoader::updateRequestAfterRedirection):
+        * loader/cache/CachedResourceLoader.h:
+        * loader/cache/CachedResourceRequest.cpp:
+        (WebCore::upgradeInsecureResourceRequestIfNeeded):
+        (WebCore::CachedResourceRequest::upgradeInsecureRequestIfNeeded):
+        * loader/cache/CachedResourceRequest.h:
+
+2016-10-22  Sam Weinig  <sam@webkit.org>
+
+        [WebIDL] Add IDLType based toJS conversion
+        https://bugs.webkit.org/show_bug.cgi?id=163861
+
+        Reviewed by Darin Adler.
+
+        Adds toJS<IDLType>() functions to be the new way of converting
+        from implementation types to JS types. These are implemented via
+        a similar mechanism to the convert<IDL>() functions, though specializations
+        of a JSConverter struct (rather than the Converter structs). This allows
+        us to support arbitrarily complex aggregate types easily (e.g. sequence<(Node or DOMString?)>).
+
+        * Modules/geolocation/Geoposition.idl:
+        * dom/Event.idl:
+        Add typedef for DOMTimeStamp. Eventually, our IDLParser should do this for us, but
+        for now it allows us to simplify the type system.
+
+        * bindings/js/JSDOMBinding.h:
+        (WebCore::JSValueTraits::arrayJSValue): Deleted.
+        (WebCore::JSValueTraits<String>::arrayJSValue): Deleted.
+        (WebCore::JSValueTraits<double>::arrayJSValue): Deleted.
+        (WebCore::JSValueTraits<float>::arrayJSValue): Deleted.
+        (WebCore::jsArray): Deleted.
+        (WebCore::jsFrozenArray): Deleted.
+        (WebCore::NativeValueTraits<String>::nativeValue): Deleted.
+        (WebCore::NativeValueTraits<unsigned>::nativeValue): Deleted.
+        (WebCore::NativeValueTraits<float>::nativeValue): Deleted.
+        (WebCore::NativeValueTraits<double>::nativeValue): Deleted.
+        (WebCore::toNullableJSNumber): Deleted.
+        (WebCore::toJSArray): Deleted.
+        (WebCore::toJSBoolean): Deleted.
+        (WebCore::toJSNumber): Deleted.
+        (WebCore::toJSString): Deleted.
+        Remove many now-unneeded conversion functions.
+
+        * bindings/js/JSDOMConvert.h:
+        (WebCore::toJS):
+        Add 5 primary toJS functions which take combinations of the following
+        arguments: ExecState, JSDOMGlobalObject, ThrowScope.  All take the value 
+        to be converted as well, except in the case of the throwScope ones, where
+        they take the value in an ExceptionOr<>.
+
+        To simplify the implementations of the JSConverter specializations, avoiding
+        the need for each one to implement their conversion up to 3 times (one for just
+        the value, one for the value and the ExecState, and one for the value, the ExecState
+        and the global object), each JSConverter instead specifies whether it's converter
+        needs an ExecState or global object via a static constexpr. We then use the 
+        JSConverterOverloader template, to call the correct function. This can probably be
+        improved in the future, by inferring the number of arguments needed via SFINAE, but
+        this seemed like a more straightforward first cut.
+
+        (WebCore::JSConverter<IDLNullable<T>>::convert):
+        (WebCore::JSConverter<IDLBoolean>::convert):
+        (WebCore::JSConverter<IDLInterface<T>>::convert):
+        (WebCore::JSConverter<IDLAny>::convert):
+        (WebCore::JSConverter<IDLByte>::convert):
+        (WebCore::JSConverter<IDLOctet>::convert):
+        (WebCore::JSConverter<IDLShort>::convert):
+        (WebCore::JSConverter<IDLUnsignedShort>::convert):
+        (WebCore::JSConverter<IDLLong>::convert):
+        (WebCore::JSConverter<IDLUnsignedLong>::convert):
+        (WebCore::JSConverter<IDLLongLong>::convert):
+        (WebCore::JSConverter<IDLUnsignedLongLong>::convert):
+        (WebCore::JSConverter<IDLFloat>::convert):
+        (WebCore::JSConverter<IDLUnrestrictedFloat>::convert):
+        (WebCore::JSConverter<IDLDouble>::convert):
+        (WebCore::JSConverter<IDLUnrestrictedDouble>::convert):
+        (WebCore::JSConverter<IDLDOMString>::convert):
+        (WebCore::JSConverter<IDLUSVString>::convert):
+        (WebCore::JSConverter<IDLSequence<T>>::convert):
+        (WebCore::JSConverter<IDLFrozenArray<T>>::convert):
+        (WebCore::JSConverter<IDLEnumeration<T>>::convert):
+        (WebCore::JSConverter<IDLUnion<T...>>::convert):
+        There is slightly more duplication than I would have liked, for instance we have a
+        specialization for each numeric type, even though they are all the same, but that is
+        something that can be improved going forward.
+
+        (WebCore::Converter<IDLUnion<T...>>::convert)
+        Fix the normal IDLUnion converter to work with boolean types. This was caught by the
+        test case I added via TypeConversions.idl.
+        
+        * bindings/js/JSDOMStringMapCustom.cpp:
+        (WebCore::JSDOMStringMap::getOwnPropertySlotDelegate):
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::JSDOMWindow::setTimeout):
+        (WebCore::JSDOMWindow::setInterval):
+        * bindings/js/JSDataTransferCustom.cpp:
+        (WebCore::JSDataTransfer::types):
+        * bindings/js/JSMediaStreamTrackCustom.cpp:
+        (WebCore::JSMediaStreamTrack::getCapabilities):
+        * bindings/js/JSMutationCallback.cpp:
+        (WebCore::JSMutationCallback::call):
+        * bindings/js/JSSVGLengthCustom.cpp:
+        (WebCore::JSSVGLength::value):
+        Switch to use new toJS<> functions.
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (AddStringifierOperationIfNeeded):
+        Fix stringifier function signature to contain an idlType.
+
+        (GenerateEnumerationsHeaderContent):
+        Remove now unnecessary JSValueTraits specializations.
+
+        (JSValueToNativeIsHandledByDOMConvert):
+        Renamed from IsHandledByDOMConvert, since that name is now ambiguous.
+
+        (JSValueToNative):
+        Update for new name of IsHandledByDOMConvert.
+
+        (NativeToJSValueIsHandledByDOMConvert):
+        Predicate guarding what types currently work with the new conversion system.
+
+        (NativeToJSValueDOMConvertNeedsState):
+        Predicate for determining if the ExecState is needed in the conversion function.
+
+        (NativeToJSValueDOMConvertNeedsGlobalObject):
+        Predicate for determining if the global object is needed in the conversion function.
+
+        (NativeToJSValue):
+        Move things around a little bit and start converting use the new toJS<> when possible.
+
+        * bindings/scripts/IDLParser.pm:
+        (parseAttributeOrOperationRest):
+        Fix a missing place where were not setting the idlType.
+        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
+        * bindings/scripts/test/JS/JSTestCEReactions.cpp:
+        * bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
+        * bindings/scripts/test/JS/JSTestCallback.cpp:
+        * bindings/scripts/test/JS/JSTestCallbackFunction.cpp:
+        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestException.cpp:
+        * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
+        * bindings/scripts/test/JS/JSTestInterface.cpp:
+        * bindings/scripts/test/JS/JSTestNode.cpp:
+        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        * bindings/scripts/test/JS/JSTestObj.h:
+        * bindings/scripts/test/JS/JSTestSerialization.cpp:
+        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
+        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
+        * bindings/scripts/test/JS/JSattribute.cpp:
+        Update test results.
+
+        * testing/TypeConversions.h:
+        (WebCore::TypeConversions::testUnion):
+        (WebCore::TypeConversions::setTestUnion):
+        (WebCore::TypeConversions::typeConversionsDictionarySequenceValue):
+        (WebCore::TypeConversions::typeConversionsDictionaryUnionValue):
+        * testing/TypeConversions.idl:
+        Add a testUnion attribute, now that we can return unions to JS.
+
+2016-10-23  Zalan Bujtas  <zalan@apple.com>
+
+        Unreviewed, rolling out r207727.
+
+        broke 15 selection test cases.
+
+        Reverted changeset:
+
+        "Do not update selection rect on dirty lineboxes."
+        https://bugs.webkit.org/show_bug.cgi?id=163862
+        http://trac.webkit.org/changeset/207727
+
+2016-10-23  Chris Dumez  <cdumez@apple.com>
+
+        addEventListener() / removeEventListener() should use a union for last parameter
+        https://bugs.webkit.org/show_bug.cgi?id=163863
+
+        Reviewed by Darin Adler.
+
+        addEventListener() / removeEventListener() should use a union for last parameter:
+        - https://dom.spec.whatwg.org/#eventtarget
+
+        No new tests, no Web-exposed behavior change.
+
+        * bindings/js/JSDOMConvert.h:
+        * dom/EventTarget.cpp:
+        (WebCore::EventTarget::addEventListenerForBindings):
+        (WebCore::EventTarget::removeEventListenerForBindings):
+        * dom/EventTarget.h:
+        * dom/EventTarget.idl:
+
+2016-10-23  Zalan Bujtas  <zalan@apple.com>
+
+        Do not update selection rect on dirty lineboxes.
+        https://bugs.webkit.org/show_bug.cgi?id=163862
+        <rdar://problem/28813156>
+
+        Reviewed by Simon Fraser.
+
+        In addition to checking whether the renderer needs layout, we also need to check if its preferred
+        width is clean and stop computing the selection rects, if needed (while adding a renderer to the tree,
+        there's a transition phase where the parent's preferred width dirty bit is already set, but it does
+        not yet need layout).
+
+        Tests: fast/css-generated-content/dynamic-first-letter-selection-clear-crash.html
+
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::canUpdateSelectionOnRootLineBoxes):
+
+2016-10-22  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        ASSERTION FAILED: m_fonts in &WebCore::FontCascade::primaryFont
+        https://bugs.webkit.org/show_bug.cgi?id=163459
+
+        Reviewed by Darin Adler.
+
+        The CSS Units and Values spec states that font-relative units, when used
+        in the font-size property, are resolved against the parent element. When
+        calc() is specified, we were trying to resolve them against the current
+        element, which is impossible because of the circular dependency. Instead,
+        we should resolve against the parent style the same way as when calc() 
+        isn't specified.
+
+        Test: fast/text/font-size-calc.html
+
+        * css/StyleBuilderCustom.h:
+        (WebCore::StyleBuilderCustom::applyValueFontSize):
+
+2016-10-22  Chris Dumez  <cdumez@apple.com>
+
+        [Web IDL] Two types are distinguishable for overload resolution if at most one of the two includes a nullable type
+        https://bugs.webkit.org/show_bug.cgi?id=163791
+
+        Reviewed by Sam Weinig.
+
+        Update overload resolution in the bindings generator so that 2 nullable types
+        are no longer considered as distinguishable, as per Web IDL:
+        - https://heycam.github.io/webidl/#dfn-distinguishable
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (AreTypesDistinguishableForOverloadResolution):
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithNullableNonDistinguishingParameter1):
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithNullableNonDistinguishingParameter1Caller):
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithNullableNonDistinguishingParameter2):
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithNullableNonDistinguishingParameter2Caller):
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithNullableNonDistinguishingParameter):
+        * bindings/scripts/test/TestObj.idl:
+
+2016-10-22  Chris Dumez  <cdumez@apple.com>
+
+        WebGLRenderingContextBase.texSubImage2D() should use a union instead of overloading
+        https://bugs.webkit.org/show_bug.cgi?id=163859
+
+        Reviewed by Darin Adler.
+
+        WebGLRenderingContextBase.texSubImage2D() should use a union instead of overloading:
+        - https://www.khronos.org/registry/webgl/specs/latest/1.0/#5.14
+
+        No new tests, no Web-exposed behavior change.
+
+        * html/canvas/WebGL2RenderingContext.cpp:
+        (WebCore::WebGL2RenderingContext::texSubImage2D):
+        * html/canvas/WebGL2RenderingContext.h:
+        * html/canvas/WebGLRenderingContext.cpp:
+        (WebCore::WebGLRenderingContext::texSubImage2D):
+        * html/canvas/WebGLRenderingContext.h:
+        * html/canvas/WebGLRenderingContextBase.h:
+        * html/canvas/WebGLRenderingContextBase.idl:
+
+2016-10-22  Dan Bernstein  <mitz@apple.com>
+
+        Dynamically-added backdrop filter to clip-path'd element with 3D transform renders incorrectly (without clip)
+        https://bugs.webkit.org/show_bug.cgi?id=163497
+
+        Reviewed by Simon Fraser.
+
+        Test: css3/filters/backdrop/dynamic-with-clip-path.html
+
+        * platform/graphics/ca/GraphicsLayerCA.cpp:
+        (WebCore::GraphicsLayerCA::ensureStructuralLayer): Added MaskLayerChanged to
+          structuralLayerChangeFlags to ensure that the mask layer is updated.
+
+2016-10-22  Simon Fraser  <simon.fraser@apple.com>
+
+        Backdrop filter doesn't show if removed then re-added
+        https://bugs.webkit.org/show_bug.cgi?id=163860
+
+        Reviewed by Dan Bernstein.
+
+        When a backdrop filter is removed the re-added, updateBackdropFiltersRect() never
+        runs the second time because m_backdropFiltersRect doesn't change. However, we need
+        to run that code to size and position the newly re-created backdrop layer, so run
+        it explicitly if we just created the backdrop layer. This is similar to how
+        updateContentsImage() calls updateContentsRects().
+
+        Test: css3/filters/backdrop/add-remove-add-backdrop-filter.html
+
+        * platform/graphics/ca/GraphicsLayerCA.cpp:
+        (WebCore::GraphicsLayerCA::setBackdropFilters):
+        (WebCore::GraphicsLayerCA::updateBackdropFilters):
+
+2016-10-22  Simon Fraser  <simon.fraser@apple.com>
+
+        Fix repainting of slow repaint objects in WK1 when page scale is applied
+        https://bugs.webkit.org/show_bug.cgi?id=163854
+
+        Reviewed by Zalan Bujtas.
+        
+        RenderObject::repaintSlowRepaintObject() always set the repaint container to the RenderView
+        if it was null. This is before the call to clippedOverflowRectForRepaint(). If that function
+        is called with a null repaintContainer, it maps the rect up through the RenderView's transform
+        (which represents page scale), which is what we want here. Passing the RenderView itself
+        stops the transform from being applied, which led to the bug.
+        
+        WebKit2 doesn't suffer from this bug because containerForRepaint() always returns the
+        composited RenderView.
+
+        Test: fast/repaint/zoomed-fixed-background.html
+
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::repaintSlowRepaintObject):
+
+2016-10-22  Darin Adler  <darin@apple.com>
+
+        Move HTML canvas and tracks from ExceptionCode to Exception
+        https://bugs.webkit.org/show_bug.cgi?id=163853
+
+        Reviewed by Chris Dumez.
+
+        * WebCore.xcodeproj/project.pbxproj: Added CanvasPath.idl.
+
+        * bindings/js/JSWebGL2RenderingContextCustom.cpp: Tweaked a bit.
+
+        * bindings/js/JSWebGLRenderingContextBaseCustom.cpp:
+        (WebCore::JSWebGLRenderingContextBase::getExtension): Tweaked a bit.
+        (WebCore::JSWebGLRenderingContextBase::getFramebufferAttachmentParameter):
+        Removed unneeded exception handling.
+        (WebCore::JSWebGLRenderingContextBase::getParameter): Ditto.
+        (WebCore::JSWebGLRenderingContextBase::getProgramParameter): Ditto.
+        (WebCore::JSWebGLRenderingContextBase::getShaderParameter): Ditto.
+        (WebCore::JSWebGLRenderingContextBase::getSupportedExtensions): Use a
+        modern for loop.
+        (WebCore::JSWebGLRenderingContextBase::getUniform): Removed unneeded
+        exception handling.
+
+        * html/HTMLCanvasElement.cpp:
+        (WebCore::HTMLCanvasElement::getContext): Pass a reference.
+        (WebCore::HTMLCanvasElement::reset): Use is<CanvasRenderingContext2D>.
+        (WebCore::HTMLCanvasElement::setUsesDisplayListDrawing): Ditto.
+        (WebCore::HTMLCanvasElement::setTracksDisplayListReplay) Ditto.:
+        (WebCore::HTMLCanvasElement::displayListAsText): Ditto.
+        (WebCore::HTMLCanvasElement::replayDisplayListAsText): Ditto.
+        (WebCore::HTMLCanvasElement::clearImageBuffer): Ditto.
+
+        * html/canvas/CanvasGradient.cpp:
+        (WebCore::CanvasGradient::CanvasGradient): Streamlined.
+        (WebCore::CanvasGradient::addColorStop): Use ExceptionOr.
+        * html/canvas/CanvasGradient.h: Updated for above changes.
+        * html/canvas/CanvasGradient.idl: Use non-legacy exception.
+
+        * html/canvas/CanvasPath.cpp:
+        (WebCore::CanvasPath::arcTo): Use ExceptionOr.
+        (WebCore::CanvasPath::arc): Ditto.
+        (WebCore::CanvasPath::ellipse): Ditto.
+        * html/canvas/CanvasPath.h: Updated for above changes.
+        * html/canvas/CanvasPath.idl: Use non-legacy exceptions.
+
+        * html/canvas/CanvasPattern.cpp:
+        (WebCore::CanvasPattern::create): Use Ref&&.
+        (WebCore::CanvasPattern::CanvasPattern): Ditto.
+        (WebCore::CanvasPattern::parseRepetitionType): Return a boolean
+        instead of using an ExceptionCode.
+        * html/canvas/CanvasPattern.h: Updated for above changes.
+
+        * html/canvas/CanvasRenderingContext.cpp:
+        (CanvasRenderingContext::wouldTaintOrigin): Reordered function so
+        that it's safe to call it on an image element without a cached
+        image, or a cached image without an underlying image.
+
+        * html/canvas/CanvasRenderingContext2D.cpp:
+        (WebCore::CanvasRenderingContext2D::CanvasRenderingContext2D):
+        Take a reference.
+        (WebCore::CanvasRenderingContext2D::drawImage): Use ExceptionOr.
+        (WebCore::CanvasRenderingContext2D::drawImageFromRect): Ditto.
+        (WebCore::CanvasRenderingContext2D::createLinearGradient): Ditto.
+        (WebCore::CanvasRenderingContext2D::createRadialGradient): Ditto.
+        (WebCore::CanvasRenderingContext2D::createPattern): Ditto.
+        (WebCore::CanvasRenderingContext2D::createImageData): Ditto.
+        (WebCore::CanvasRenderingContext2D::getImageData): Ditto.
+        (WebCore::CanvasRenderingContext2D::webkitGetImageDataHD): Ditto.
+        (WebCore::CanvasRenderingContext2D::putImageData): Removed unneeded
+        ExceptionCode because this does not throw exceptions; the only one
+        was for non-finite numeric values but this is now handled by bindings.
+        (WebCore::CanvasRenderingContext2D::webkitPutImageDataHD): Ditto.
+        * html/canvas/CanvasRenderingContext2D.h: Updated for above.
+        * html/canvas/CanvasRenderingContext2D.idl: Use non-legacy exceptions
+        and removed exceptions entirely in other cases.
+
+        * html/canvas/OESVertexArrayObject.cpp:
+        (WebCore::OESVertexArrayObject::OESVertexArrayObject): Take a reference.
+        (WebCore::OESVertexArrayObject::~OESVertexArrayObject): Deleted.
+        (WebCore::OESVertexArrayObject::isVertexArrayOES): Use && instead of
+        multiple return statements.
+        (WebCore::OESVertexArrayObject::bindVertexArrayOES): Removed unneeded
+        ExceptionCode since this does not throw an exception.
+        * html/canvas/OESVertexArrayObject.h: Updated for above.
+        * html/canvas/OESVertexArrayObject.idl: Removed unneeded exception.
+
+        * html/canvas/WebGL2RenderingContext.cpp:
+        (WebCore::WebGL2RenderingContext::getFramebufferAttachmentParameter):
+        Removed unneeded ExceptionCode since this does not throw an exception.
+        (WebCore::WebGL2RenderingContext::texSubImage2DBase): Ditto.
+        (WebCore::WebGL2RenderingContext::texSubImage2DImpl): Ditto.
+        (WebCore::WebGL2RenderingContext::texSubImage2D): Removed unneeded
+        ExceptionCode for some overloads, for the others, use ExceptionOr
+        for the security exception. Moved security exception code here from
+        the validate functions.
+        (WebCore::WebGL2RenderingContext::validateTexFuncParameters): Removed
+        unneeded ExceptionCode.
+        (WebCore::WebGL2RenderingContext::getParameter): Ditto.
+        * html/canvas/WebGL2RenderingContext.h: Updated for above.
+
+        * html/canvas/WebGLRenderingContext.cpp:
+        (WebCore::WebGLRenderingContext::getExtension): Pass a reference.
+        (WebCore::WebGLRenderingContext::getFramebufferAttachmentParameter):
+        Remvoed unneeded ExceptionCode since this does not throw an exception.
+        (WebCore::WebGLRenderingContext::texSubImage2DBase): Ditto.
+        (WebCore::WebGLRenderingContext::texSubImage2DImpl): Ditto.
+        (WebCore::WebGLRenderingContext::texSubImage2D): Removed unneeded
+        ExceptionCode for some overloads, for the others, use ExceptionOr
+        for the security exception. Moved security exception code here from
+        the validate functions.
+        (WebCore::WebGLRenderingContext::getParameter): Removed unneeded
+        ExceptionCode.
+        * html/canvas/WebGLRenderingContext.h: Updated for above changes.
+
+        * html/canvas/WebGLRenderingContextBase.cpp:
+        (WebCore::WebGLRenderingContextBase::texImage2DBase):
+        Remvoed unneeded ExceptionCode since this does not throw an exception.
+        (WebCore::WebGLRenderingContextBase::texImage2DImpl): Ditto.
+        (WebCore::WebGLRenderingContextBase::texImage2D): Removed unneeded
+        ExceptionCode for some overloads, for the others, use ExceptionOr
+        for the security exception. Moved security exception code here from
+        the validate functions.
+        (WebCore::WebGLRenderingContextBase::validateHTMLImageElement):
+        Moved the security exception out of here to the call sites.
+        (WebCore::WebGLRenderingContextBase::validateHTMLCanvasElement): Ditto.
+        (WebCore::WebGLRenderingContextBase::validateHTMLVideoElement): Ditto.
+        * html/canvas/WebGLRenderingContextBase.h: Updated for above changes.
+        * html/canvas/WebGLRenderingContextBase.idl: Use non-legacy exceptions
+        in some cases and no exceptions at all in many others.
+
+        * html/shadow/MediaControlElements.cpp:
+        (WebCore::MediaControlTextTrackContainerElement::updateDisplay):
+        Use a reference instead of a pointer.
+
+        * html/track/DataCue.h: Use pragma once.
+        * html/track/DataCue.idl: Use non-legacy exception for constructor
+        attribute, even though it is custom and so it has no effect.
+
+        * html/track/InbandDataTextTrack.cpp:
+        (WebCore::InbandDataTextTrack::create): Use RefPtr&&.
+        (WebCore::InbandDataTextTrack::InbandDataTextTrack): Ditto.
+        (WebCore::InbandDataTextTrack::addDataCue): Stop using
+        ASSERT_NO_EXCEPTION.
+        (WebCore::InbandDataTextTrack::removeDataCue): Stop using
+        IGNORE_EXCEPTION.
+        (WebCore::InbandDataTextTrack::removeCue): Use ExceptionOr.
+        Also use remove instead of find/remove.
+        * html/track/InbandDataTextTrack.h: Updated for above changes.
+
+        * html/track/InbandGenericTextTrack.cpp:
+        (WebCore::GenericTextTrackCueMap::GenericTextTrackCueMap): Deleted.
+        (WebCore::GenericTextTrackCueMap::~GenericTextTrackCueMap): Deleted.
+        (WebCore::GenericTextTrackCueMap::add): Take references intead of
+        pointers.
+        (WebCore::GenericTextTrackCueMap::find): Ditto. Also use get
+        instead of find.
+        (WebCore::GenericTextTrackCueMap::remove): Ditto. Also use take
+        instead of double hashing to both find and remove.
+        (WebCore::InbandGenericTextTrack::updateCueFromCueData): Stop using
+        IGNORE_EXCEPTION. Also got rid of code that is converting a double
+        to a long and then back to a double by using lround. Instead just
+        use std::round, which keeps it a double. But also, why does this need
+        to round?!
+        (WebCore::InbandGenericTextTrack::addGenericCue): Updated to use
+        reference to work with m_cueMap.
+        (WebCore::InbandGenericTextTrack::updateGenericCue): Ditto.
+        (WebCore::InbandGenericTextTrack::removeGenericCue): Ditto.
+        (WebCore::InbandGenericTextTrack::removeCue): Use ExceptionOr.
+        (WebCore::InbandGenericTextTrack::newCuesParsed): Removed
+        ASSERT_NO_EXCEPTION.
+        * html/track/InbandGenericTextTrack.h: Updated for above changes.
+
+        * html/track/InbandWebVTTTextTrack.cpp:
+        (WebCore::InbandWebVTTTextTrack::newCuesParsed): Removed
+        ASSERT_NO_EXCEPTION.
+
+        * html/track/TextTrack.cpp:
+        (WebCore::TextTrack::addCue): Use ExcepctionOr.
+        (WebCore::TextTrack::removeCue): Ditto.
+        (WebCore::TextTrack::addRegion): Ditto.
+        (WebCore::TextTrack::removeRegion): Ditto.
+        * html/track/TextTrack.h: Updated for above changes.
+        * html/track/TextTrack.idl: Ditto.
+
+        * html/track/TextTrackCue.cpp:
+        (WebCore::TextTrackCue::cueShadowPseudoId): Moved this here
+        since it does not need to be inlined in the header.
+        (WebCore::TextTrackCue::~TextTrackCue): Deleted.
+        (WebCore::TextTrackCue::setStartTime): Removed ExceptionCode&
+        since the exceptions were for non-finite values, but this is
+        now handled by the bindings.
+        (WebCore::TextTrackCue::setEndTime): Ditto.
+        * html/track/TextTrackCue.h: Updated for the above.
+        * html/track/TextTrackCue.idl: Removed SetterMayThrowLegacyException
+        and made startTime and endTime be double rather than unrestricted double.
+
+        * html/track/TextTrackCueGeneric.cpp:
+        (WebCore::TextTrackCueGenericBoxElement::applyCSSProperties):
+        Use a reference instead of a pointer.
+        (WebCore::TextTrackCueGeneric::TextTrackCueGeneric): Initialize
+        m_defaultPosition in the class definition instead of here.
+        (WebCore::TextTrackCueGeneric::createDisplayTree): Return a Ref.
+        (WebCore::TextTrackCueGeneric::setLine): Use ExceptionOr.
+        (WebCore::TextTrackCueGeneric::setPosition): Ditto.
+        (WebCore::TextTrackCueGeneric::setFontSize): Updated since
+        displayTreeInternal() now returns a reference.
+        * html/track/TextTrackCueGeneric.h: Updated for above changes.
+        Also fixed some arguument types and made some more things private.
+
+        * html/track/VTTCue.cpp:
+        (WebCore::VTTCue::createDisplayTree): Return a Ref.
+        (WebCore::VTTCue::displayTreeInternal): Return a reference.
+        (WebCore::VTTCue::setVertical): Use ExceptionOr.
+        (WebCore::VTTCue::setLine): Ditto.
+        (WebCore::VTTCue::setPosition): Ditto.
+        (WebCore::VTTCue::setSize): Ditto.
+        (WebCore::VTTCue::setAlign): Ditto.
+        (WebCore::VTTCue::getDisplayTree): Return a reference.
+        (WebCore::VTTCue::removeDisplayTree): Updated since
+        displayTreeInternal returns a reference.
+        (WebCore::VTTCue::setFontSize): Ditto.
+        * html/track/VTTCue.h: Updated for the above.
+        * html/track/VTTCue.idl: Use non-legacy exceptions and also
+        restricted doubles.
+
+        * html/track/VTTRegion.cpp:
+        (WebCore::VTTRegion::VTTRegion): Moved default values all into
+        the class definition.
+        (WebCore::VTTRegion::setWidth): Removed the check for non-finite
+        since the bindings now handle that. Use ExcpetionOr.
+        (WebCore::VTTRegion::setHeight): Ditto.
+        (WebCore::VTTRegion::setRegionAnchorX): Ditto.
+        (WebCore::VTTRegion::setRegionAnchorY): Ditto.
+        (WebCore::VTTRegion::setViewportAnchorX): Ditto.
+        (WebCore::VTTRegion::setViewportAnchorY): Ditto.
+        (WebCore::upKeyword): Added. Shared by the code below.
+        (WebCore::VTTRegion::scroll): Rewrote to be simpler.
+        (WebCore::VTTRegion::setScroll): Rewrote to be simpler.
+        (WebCore::VTTRegion::updateParametersFromRegion): Read and
+        write data members directly to avoid awkward code that is otherwise
+        required just to copy from one object to the other. Also take a
+        const& instead of a pointer for the thing to update from.
+        (WebCore::VTTRegion::parseSettingValue): Use upKeyword.
+        (WebCore::VTTRegion::appendTextTrackCueBox): Take a Ref&&.
+        (WebCore::VTTRegion::getDisplayTree): Do the downcast to Document
+        here instead of using the helper function.
+        (WebCore::VTTRegion::prepareRegionDisplayTree): Ditto.
+        * html/track/VTTRegion.h: Updated for the above.
+        * html/track/VTTRegion.idl: Use non-legacy exceptions and also
+        use restricted dobules, not unrestricted.
+
+2016-10-22  Chris Dumez  <cdumez@apple.com>
+
+        WebGLRenderingContextBase.texImage2D() should use a union instead of overloading
+        https://bugs.webkit.org/show_bug.cgi?id=163856
+
+        Reviewed by Darin Adler.
+
+        WebGLRenderingContextBase.texImage2D() should use a union instead of overloading:
+        - https://www.khronos.org/registry/webgl/specs/latest/1.0/#5.14
+
+        * html/canvas/WebGLRenderingContextBase.cpp:
+        (WebCore::WebGLRenderingContextBase::texImage2D):
+        * html/canvas/WebGLRenderingContextBase.h:
+        * html/canvas/WebGLRenderingContextBase.idl:
+
+2016-10-22  Antti Koivisto  <antti@apple.com>
+
+        REGRESSION(r207669): Dromaeo/jslib-style-jquery.html regressed >20%
+        https://bugs.webkit.org/show_bug.cgi?id=163851
+
+        Reviewed by Darin Adler.
+
+        The test calls Scope::flushPendingUpdate a lot and nothing ever happens there.
+
+        Add a separate invalidity bit for descendant scopes and inline the fast path.
+
+        * style/StyleScope.cpp:
+        (WebCore::Style::Scope::flushPendingSelfUpdate):
+        (WebCore::Style::Scope::flushPendingDescendantUpdates):
+        (WebCore::Style::Scope::scheduleUpdate):
+        (WebCore::Style::Scope::flushPendingUpdate): Deleted.
+        * style/StyleScope.h:
+        (WebCore::Style::Scope::hasPendingUpdate):
+        (WebCore::Style::Scope::flushPendingUpdate):
+
+2016-10-22  Darin Adler  <darin@apple.com>
+
+        Move SVG from ExceptionCode to Exception
+        https://bugs.webkit.org/show_bug.cgi?id=163837
+
+        Reviewed by Chris Dumez.
+
+        * WebCore.xcodeproj/project.pbxproj: Added SVGGraphicsElement.idl.
+
+        * bindings/js/JSSVGLengthCustom.cpp:
+        (WebCore::JSSVGLength::value): Use toJSNumber.
+        (WebCore::JSSVGLength::setValue): Use propagateException.
+        (WebCore::JSSVGLength::convertToSpecifiedUnits): Ditto.
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateImplementation): Properly handle SetterMayThrowException
+        in the special case for SVG setters.
+
+        * rendering/style/SVGRenderStyle.h:
+        (WebCore::SVGRenderStyle::initialBaselineShiftValue): Removed
+        ASSERT_NO_EXCEPTION, no longer needed.
+        (WebCore::SVGRenderStyle::initialKerning): Ditto.
+
+        * svg/SVGAltGlyphElement.cpp:
+        (WebCore::SVGAltGlyphElement::setGlyphRef): Use ExceptionOr.
+        (WebCore::SVGAltGlyphElement::setFormat): Ditto.
+        (WebCore::SVGAltGlyphElement::hasValidGlyphElements): Tweaked a bit.
+        * svg/SVGAltGlyphElement.h: Updated for above changes.
+        * svg/SVGAltGlyphElement.idl: Use non-legacy exceptions.
+
+        * svg/SVGAngle.cpp:
+        (WebCore::SVGAngle::valueAsString): Removed unneeded String globals.
+        (WebCore::parseAngleType): Rewrote to be simpler and more direct.
+        (WebCore::SVGAngle::setValueAsString): Use ExceptionOr.
+        (WebCore::SVGAngle::newValueSpecifiedUnits): Ditto.
+        (WebCore::SVGAngle::convertToSpecifiedUnits): Ditto.
+        * svg/SVGAngle.h: Updated for above changes. Initialized data members
+        here in the class definite and removed constructor; default now works.
+        * svg/SVGAngle.idl: Use non-legacy exceptions.
+
+        * svg/SVGAnimateElementBase.cpp:
+        (WebCore::SVGAnimateElementBase::calculateAnimatedValue): Update since
+        CalcMode is now an enum class.
+        * svg/SVGAnimateMotionElement.cpp:
+        (WebCore::SVGAnimateMotionElement::SVGAnimateMotionElement): Ditto.
+
+        * svg/SVGAnimateTransformElement.cpp:
+        (WebCore::SVGAnimateTransformElement::hasValidAttributeType): Update
+        since AttributeType is now an enum class.
+
+        * svg/SVGAnimatedAngle.cpp:
+        (WebCore::SVGAnimatedAngleAnimator::calculateDistance): Removed
+        ASSERT_NO_EXCEPTION, no longer needed.
+
+        * svg/SVGAnimatedBoolean.idl: Use non-legacy exception.
+        * svg/SVGAnimatedEnumeration.idl: Ditto.
+        * svg/SVGAnimatedInteger.idl: Ditto.
+
+        * svg/SVGAnimatedLength.cpp:
+        (WebCore::sharedSVGLength): Deleted.
+        (WebCore::SVGAnimatedLengthAnimator::addAnimatedTypes): Removed
+        ASSERT_NO_EXCEPTION, no longer needed.
+        (WebCore::parseLengthFromString): Ditto. Also rewrote to not use
+        a shared SVGLength; no benefit to doing that.
+        (WebCore::SVGAnimatedLengthAnimator::calculateAnimatedValue): Ditto.
+        * svg/SVGAnimatedLengthList.cpp:
+        (WebCore::SVGAnimatedLengthListAnimator::addAnimatedTypes): Ditto.
+        (WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue): Ditto.
+
+        * svg/SVGAnimatedNumber.idl: Use non-legacy exception.
+        * svg/SVGAnimatedString.idl: Ditto.
+
+        * svg/SVGAnimatedType.cpp:
+        (WebCore::SVGAnimatedType::setValueAsString): Updated since
+        setValueAsString now uses ExceptionOr.
+
+        * svg/SVGAnimationElement.cpp:
+        (WebCore::SVGAnimationElement::SVGAnimationElement): Initialized scalars
+        in the class definition instead of here.
+        (WebCore::SVGAnimationElement::getSimpleDuration): Removed uneeded ExceptionCode&.
+        (WebCore::SVGAnimationElement::setCalcMode): Updated since CalcMode is now an enum class.
+        (WebCore::SVGAnimationElement::setAttributeType): Updated since AttributeType
+        is now an enum class.
+        (WebCore::SVGAnimationElement::shouldApplyAnimation): Ditto.
+        (WebCore::SVGAnimationElement::calculateKeyTimesForCalcModePaced): Ditto.
+        (WebCore::SVGAnimationElement::calculatePercentForSpline): Ditto.
+        (WebCore::SVGAnimationElement::calculatePercentFromKeyPoints): Ditto.
+        (WebCore::SVGAnimationElement::calculatePercentForFromTo): Ditto.
+        (WebCore::SVGAnimationElement::currentValuesFromKeyPoints): Ditto.
+        (WebCore::SVGAnimationElement::currentValuesForValuesAnimation): Ditto.
+        (WebCore::SVGAnimationElement::startedActiveInterval): Ditto.
+        (WebCore::SVGAnimationElement::updateAnimation): Ditto.
+        (WebCore::SVGAnimationElement::checkInvalidCSSAttributeType): Ditto.
+
+        * svg/SVGAnimationElement.h: Changed CalcMode into an enum class.
+        Updated for above changes.
+
+        * svg/SVGAnimationElement.idl: Removed MayThrowLegacyException from
+        getSimpleDuration.
+
+        * svg/SVGColor.cpp:
+        (WebCore::SVGColor::SVGColor): Updated to take scalar in the straightforward
+        manner instead of constt SVGColorType&.
+        (WebCore::SVGColor::setRGBColor): Use ExceptionOr.
+        (WebCore::SVGColor::setRGBColorICCColor): Ditto.
+        (WebCore::SVGColor::setColor): Ditto.
+        * svg/SVGColor.h: Updated for above changes. Removed unneeded destructor.
+        * svg/SVGColor.idl: Use non-legacy exceptions.
+
+        * svg/SVGGlyphRefElement.cpp:
+        (WebCore::SVGGlyphRefElement::SVGGlyphRefElement): Initialize data members
+        in class definition, not here.
+        (WebCore::parseFloat): Added helper. Used in parseAttribute.
+        (WebCore::SVGGlyphRefElement::parseAttribute): Updated to use parseFloat helper.
+        (WebCore::SVGGlyphRefElement::glyphRef): Deleted.
+        (WebCore::SVGGlyphRefElement::setGlyphRef): Deleted.
+        (WebCore::SVGGlyphRefElement::setX): Removed unused Exception& argument.
+        (WebCore::SVGGlyphRefElement::setY): Ditto.
+        (WebCore::SVGGlyphRefElement::setDx): Ditto.
+        (WebCore::SVGGlyphRefElement::setDy): Ditto.
+        * svg/SVGGlyphRefElement.h: Updated for above changes.
+        * svg/SVGGlyphRefElement.idl: Use Reflect on glyphRef. Removed incorrect
+        SetterMayThrowLegacyException attributes for x, y, dx, and dy. Longer term
+        it might be nice to use [Reflect] on these too.
+
+        * svg/SVGGraphicsElement.idl: Use non-legacy exception.
+
+        * svg/SVGLength.cpp:
+        (WebCore::parseLengthType): Changed argument type since caller does not
+        need to know how many characters are consumed.
+        (WebCore::SVGLength::SVGLength): Removed IGNORE_EXCEPTION and ASSERT_NO_EXCEPTION.
+        Also removed the copy constructor, letting the compiler generate the default.
+        (WebCore::SVGLength::setValueAsString): Use ExceptionOr.
+        (WebCore::SVGLength::construct): Updated since setValueAsString uses ExceptionOr.
+        (WebCore::SVGLength::value): Ditto.
+        (WebCore::SVGLength::valueForBindings): Use ExceptionOr. Also renamed to
+        disambiguate with the version used outside of bindings.
+        (WebCore::SVGLength::setValue): Use ExceptionOr.
+        (WebCore::SVGLength::newValueSpecifiedUnits): Ditto.
+        (WebCore::SVGLength::convertToSpecifiedUnits): Ditto.
+        (WebCore::SVGLength::fromCSSPrimitiveValue): Updated since newValueSpecifiedUnits
+        uses ExceptionOr.
+        (WebCore::SVGLength::lengthModeForAnimatedLengthAttribute): Rewrote map generation
+        code to be more efficient and not unrolled. Only do one hash table lookup.
+        * svg/SVGLength.h: Updated for above changes.
+        * svg/SVGLength.idl: Use non-legacy exceptions.
+
+        * svg/SVGLengthContext.cpp:
+        (WebCore::SVGLengthContext::valueForLength): Update since function
+        uses ExceptionOr.
+        (WebCore::SVGLengthContext::convertValueToUserUnits): Use ExceptionOr.
+        (WebCore::SVGLengthContext::convertValueFromUserUnits): Ditto.
+        (WebCore::SVGLengthContext::convertValueFromUserUnitsToPercentage): Ditto.
+        (WebCore::SVGLengthContext::convertValueFromPercentageToUserUnits): Ditto.
+        (WebCore::SVGLengthContext::convertValueFromUserUnitsToEMS): Ditto.
+        (WebCore::SVGLengthContext::convertValueFromEMSToUserUnits): Ditto.
+        (WebCore::SVGLengthContext::convertValueFromUserUnitsToEXS): Ditto.
+        (WebCore::SVGLengthContext::convertValueFromEXSToUserUnits): Ditto.
+        * svg/SVGLengthContext.h: Updatedfor above changes.
+
+        * svg/SVGLengthList.cpp:
+        (WebCore::SVGLengthList::parse): Updated since setValueAsString uses
+        ExceptionOr now.
+        * svg/SVGLengthList.h: Removed unneeded constructor.
+        * svg/SVGLengthList.idl: Use non-legacy exceptions.
+
+        * svg/SVGLocatable.cpp:
+        (WebCore::SVGLocatable::getTransformToElement): Use ExceptionOr.
+        * svg/SVGLocatable.h: Updated for above change.
+
+        * svg/SVGMarkerElement.h:
+        (WebCore::SVGPropertyTraits<SVGMarkerOrientType>::fromString):
+        Updated since setValueAsString uses ExceptionOr now.
+
+        * svg/SVGMatrix.h: Use ExceptionOr.
+        * svg/SVGMatrix.idl: Use non-legacy exceptions.
+
+        * svg/SVGNumberList.h: Removed unneeded constructor.
+        * svg/SVGNumberList.idl: Use non-legacy exceptions.
+
+        * svg/SVGPaint.cpp:
+        (WebCore::SVGPaint::setPaint): Use ExceptionOr.
+        * svg/SVGPaint.h: Updated for above chagne.
+        * svg/SVGPaint.idl: Use non-legacy exception.
+
+        * svg/SVGPathSegList.h: Tweaked a bit.
+        * svg/SVGPathSegList.idl: Use non-legacy exceptions.
+
+        * svg/SVGPointList.h: Removed unneeded constructor.
+        * svg/SVGPointList.idl: Use non-legacy exceptions.
+
+        * svg/SVGPreserveAspectRatio.cpp:
+        (WebCore::SVGPreserveAspectRatio::setAlign): Use ExceptionOr.
+        (WebCore::SVGPreserveAspectRatio::setMeetOrSlice): Ditto.
+        * svg/SVGPreserveAspectRatio.h: Updated for above changes.
+        * svg/SVGPreserveAspectRatio.idl: Use non-legacy exceptions.
+
+        * svg/SVGSVGElement.cpp:
+        (WebCore::SVGSVGElement::currentView): Pass a reference.
+
+        * svg/SVGStringList.h: Tweaked a bit.
+        * svg/SVGStringList.idl: Use non-legacy exceptions.
+
+        * svg/SVGStyleElement.cpp:
+        (WebCore::SVGStyleElement::setType): Removed unneeded ExceptionCode&.
+        (WebCore::SVGStyleElement::setMedia): Ditto.
+        (WebCore::SVGStyleElement::setTitle): Deleted.
+        * svg/SVGStyleElement.h: Updated for above changes, and made the title
+        function override be private.
+        * svg/SVGStyleElement.idl: Use Reflect for title. Removed unneeded
+        SetterMayThrowLegacyException on all attributes.
+
+        * svg/SVGTextContentElement.cpp:
+        (WebCore::SVGTextContentElement::textLengthAnimated): Removed
+        ASSERT_NO_EXCEPTION, won't work any more.
+        (WebCore::SVGTextContentElement::getSubStringLength): Use ExceptionOr.
+        Also remove redundant call to updateLayoutIgnorePendingStylesheets,
+        called by getNumberOfChars.
+        (WebCore::SVGTextContentElement::getStartPositionOfChar): Ditto.
+        (WebCore::SVGTextContentElement::getEndPositionOfChar): Ditto.
+        (WebCore::SVGTextContentElement::getExtentOfChar): Ditto.
+        (WebCore::SVGTextContentElement::getRotationOfChar): Ditto.
+        (WebCore::SVGTextContentElement::selectSubString): Ditto.
+        * svg/SVGTextContentElement.h: Updated for above changes.
+        * svg/SVGTextContentElement.idl: Use non-legacy exceptions.
+
+        * svg/SVGTransformList.h: Removed unneeded constructor.
+        * svg/SVGTransformList.idl: Use non-legacy exceptions.
+
+        * svg/SVGViewSpec.cpp:
+        (WebCore::SVGViewSpec::SVGViewSpec): Updated to take a reference.
+        (WebCore::SVGViewSpec::setZoomAndPan): Use ExceptionOr.
+        (WebCore::SVGViewSpec::setTransformString): Deleted.
+        (WebCore::SVGViewSpec::viewBoxString): Use m_viewBox directly.
+        (WebCore::SVGViewSpec::preserveAspectRatioString): Use
+        m_preserveAspectRatio directly.
+        (WebCore::SVGViewSpec::viewTarget): Use is<SVGElement>.
+        (WebCore::SVGViewSpec::lookupOrCreateViewBoxWrapper): Use
+        m_contextElement directly.
+        (WebCore::SVGViewSpec::lookupOrCreatePreserveAspectRatioWrapper):
+        Ditto.
+        (WebCore::SVGViewSpec::lookupOrCreateTransformWrapper): Ditto.
+        (WebCore::SVGViewSpec::parseViewSpec): Set m_viewTargetString directly.
+        * svg/SVGViewSpec.h: Updated for above changes. Removed unneeded virtual
+        destructor, unneeded using for ref/deref, unused functions including
+        setTransformString, setViewTargetString, non-exception setZoomAndPan,
+        contextElement, viewBoxBaseValue, and preserveAspectRatioBaseValue.
+        * svg/SVGViewSpec.idl: Use non-legacy exceptions. Also specify
+        ImplementationLacksVTable.
+
+        * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
+        Use ExceptionOr.
+        * svg/properties/SVGAnimatedStaticPropertyTearOff.h: Ditto.
+        * svg/properties/SVGListProperty.h: Ditto.
+        * svg/properties/SVGListPropertyTearOff.h: Ditto.
+         * svg/properties/SVGPathSegListPropertyTearOff.cpp:
+        (WebCore::SVGPathSegListPropertyTearOff::clear): Ditto.
+        (WebCore::SVGPathSegListPropertyTearOff::getItem): Ditto.
+        (WebCore::SVGPathSegListPropertyTearOff::replaceItem): Ditto.
+        (WebCore::SVGPathSegListPropertyTearOff::removeItem): Ditto.
+        * svg/properties/SVGPathSegListPropertyTearOff.h: Ditto.
+        * svg/properties/SVGPropertyTearOff.h: Ditto. Also added an overload
+        of create that knows how to deal with exceptions.
+        * svg/properties/SVGStaticListPropertyTearOff.h: Ditto.
+        * svg/properties/SVGTransformListPropertyTearOff.h: Ditto.
+
+2016-10-22  Chris Dumez  <cdumez@apple.com>
+
+        WebGLRenderingContextBase.bufferData() should use a union instead of overloading
+        https://bugs.webkit.org/show_bug.cgi?id=163795
+
+        Reviewed by Darin Adler.
+
+        WebGLRenderingContextBase.bufferData() / bufferSubData() should use a union
+        instead of overloading:
+        - https://www.khronos.org/registry/webgl/specs/latest/1.0/#5.14
+
+        No new tests, no web-exposed behavior change.
+
+        * bindings/js/JSDOMConvert.h:
+        (WebCore::Converter<IDLInterface<T>>::convert):
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateHeader):
+        * bindings/scripts/test/JS/JSInterfaceName.h:
+        * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
+        * bindings/scripts/test/JS/JSTestCEReactions.h:
+        * bindings/scripts/test/JS/JSTestCEReactionsStringifier.h:
+        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
+        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
+        * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
+        * bindings/scripts/test/JS/JSTestEventConstructor.h:
+        * bindings/scripts/test/JS/JSTestEventTarget.h:
+        * bindings/scripts/test/JS/JSTestException.h:
+        * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
+        * bindings/scripts/test/JS/JSTestGlobalObject.h:
+        * bindings/scripts/test/JS/JSTestInterface.h:
+        * bindings/scripts/test/JS/JSTestIterable.h:
+        * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
+        * bindings/scripts/test/JS/JSTestNamedConstructor.h:
+        * bindings/scripts/test/JS/JSTestNode.h:
+        * bindings/scripts/test/JS/JSTestNondeterministic.h:
+        * bindings/scripts/test/JS/JSTestObj.h:
+        * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
+        * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.h:
+        * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
+        * bindings/scripts/test/JS/JSTestSerialization.h:
+        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
+        * bindings/scripts/test/JS/JSTestTypedefs.h:
+        * bindings/scripts/test/JS/JSattribute.h:
+        * bindings/scripts/test/JS/JSreadonly.h:
+        * html/canvas/WebGL2RenderingContext.cpp:
+        (WebCore::WebGL2RenderingContext::bufferData):
+        (WebCore::WebGL2RenderingContext::bufferSubData):
+        * html/canvas/WebGLRenderingContextBase.cpp:
+        (WebCore::WebGLRenderingContextBase::bufferData):
+        (WebCore::WebGLRenderingContextBase::bufferSubData):
+        * html/canvas/WebGLRenderingContextBase.h:
+        * html/canvas/WebGLRenderingContextBase.idl:
+
+2016-10-22  Darin Adler  <darin@apple.com>
+
+        [Cocoa] REGRESSION (r204508): Crash in init_WebCreateFragment when pasting (seen in multiple apps using legacy WebKit)
+        https://bugs.webkit.org/show_bug.cgi?id=163839
+
+        Reviewed by Dan Bernstein.
+
+        * editing/cocoa/EditorCocoa.mm: Use the appropriate SOFT_LINK macros to find
+        the WebKitLegacy platform in the correct location for iOS and macOS.
+
+2016-10-22  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
+
+        Bindings error message for missing required dictionary member should be more explicit
+        https://bugs.webkit.org/show_bug.cgi?id=163665
+
+        Reviewed by Darin Adler.
+
+        Add throwRequiredMemberTypeError function to throw a TypeError exception with an error
+        message indicating the missing required member.
+
+        No new test required, rebase existing tests.
+
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::throwRequiredMemberTypeError):
+        * bindings/js/JSDOMBinding.h:
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateDictionaryImplementationContent):
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        (WebCore::convertDictionary<TestObj::DictionaryThatShouldNotTolerateNull>):
+
+2016-10-22  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Upgrading custom element should enqueue attributeChanged and connected callbacks
+        https://bugs.webkit.org/show_bug.cgi?id=163840
+
+        Reviewed by Darin Adler.
+
+        When upgrading a custom element, enqueue attributeChanged and connectedCallbacks as needed as specified
+        in step 3 and 4 of: https://html.spec.whatwg.org/multipage/scripting.html#concept-upgrade-an-element
+
+        Test: fast/custom-elements/upgrading-enqueue-reactions.html
+
+        * bindings/js/JSCustomElementInterface.cpp:
+        (WebCore::JSCustomElementInterface::upgradeElement): Enqueue 
+        * dom/CustomElementReactionQueue.cpp:
+        (WebCore::CustomElementReactionQueueItem::invoke): Don't invoke callbacks when the custom element had
+        failed to upgrade.
+        (WebCore::CustomElementReactionQueue::enqueuePostUpgradeReactions): Added.
+        (WebCore::CustomElementReactionQueue::invokeAll): Upgrading a custom element may enqueue more reactions.
+        Keep invoking reactions until the queue becomes empty.
+        * dom/CustomElementReactionQueue.h:
+        * dom/Range.idl: Added a forgotten CEReactions here.
+
+2016-10-21  David Kilzer  <ddkilzer@apple.com>
+
+        Bug 163762: IntSize::area() should used checked arithmetic
+        <https://webkit.org/b/163762>
+
+        Reviewed by Darin Adler.
+
+        No new tests since no change in nominal behavior.
+
+        * platform/graphics/IntSize.h:
+        (WebCore::IntSize::area): Change to return a
+        Checked<unsigned, T> value. Use WTF:: namespace to avoid
+        including another header.
+
+        * platform/graphics/IntRect.h:
+        (WebCore::IntRect::area): Ditto.
+
+        The remaining changes are to use the Checked<unsigned> return
+        value of IntSize::area() and IntRect::area() correctly in
+        context, in addition to items noted below.
+
+        * html/HTMLPlugInImageElement.cpp:
+        (WebCore::HTMLPlugInImageElement::isTopLevelFullPagePlugin):
+        Declare contentWidth and contentHeight as float values to
+        prevent overflow when computing the area, and to make the
+        inequality comparison in the return statement uses the same type
+        for both sides.
+        * html/ImageData.cpp:
+        (WebCore::ImageData::ImageData):
+        * html/MediaElementSession.cpp:
+        (WebCore::isElementRectMostlyInMainFrame):
+        * platform/graphics/ImageBackingStore.h:
+        (WebCore::ImageBackingStore::setSize): Restructure logic to
+        compute area only once.
+        (WebCore::ImageBackingStore::clear):
+        * platform/graphics/ImageFrame.h:
+        (WebCore::ImageFrame::frameBytes):
+        * platform/graphics/ImageSource.cpp:
+        (WebCore::ImageSource::maximumSubsamplingLevel):
+        * platform/graphics/ca/LayerPool.cpp:
+        (WebCore::LayerPool::backingStoreBytesForSize):
+        * platform/graphics/cg/ImageDecoderCG.cpp:
+        (WebCore::ImageDecoder::frameBytesAtIndex):
+        * platform/graphics/filters/FEGaussianBlur.cpp:
+        (WebCore::FEGaussianBlur::platformApplySoftware):
+        * platform/graphics/filters/FilterEffect.cpp:
+        (WebCore::FilterEffect::asUnmultipliedImage):
+        (WebCore::FilterEffect::asPremultipliedImage):
+        (WebCore::FilterEffect::copyUnmultipliedImage):
+        (WebCore::FilterEffect::copyPremultipliedImage):
+        (WebCore::FilterEffect::createUnmultipliedImageResult):
+        (WebCore::FilterEffect::createPremultipliedImageResult):
+        * platform/graphics/win/ImageBufferDataDirect2D.cpp:
+        (WebCore::ImageBufferData::getData): Update overflow check,
+        rename local variable to numBytes, and compute numBytes once.
+        * platform/graphics/win/ImageDecoderDirect2D.cpp:
+        (WebCore::ImageDecoder::frameBytesAtIndex):
+        * platform/image-decoders/ImageDecoder.cpp:
+        (WebCore::ImageDecoder::frameBytesAtIndex):
+        * platform/ios/LegacyTileLayerPool.mm:
+        (WebCore::LegacyTileLayerPool::bytesBackingLayerWithPixelSize):
+        * rendering/RenderLayerCompositor.cpp:
+        (WebCore::RenderLayerCompositor::requiresCompositingForCanvas):
+        * rendering/shapes/Shape.cpp:
+        (WebCore::Shape::createRasterShape):
+
+2016-10-21  Gavin Barraclough  <barraclough@apple.com>
+
+        WebPageProxy should not need PageActivityState
+        https://bugs.webkit.org/show_bug.cgi?id=163821
+
+        Reviewed by Geoff Garen.
+
+        The PageActivityState is currently plumbed back from WebCore up to the UI process, to
+        determine whether to enabled process suppression. However the information it contains
+        (whether a page load is ongoing, whether audio is playing) is already available via
+        other means. Remove this use of PageActivityState.
+
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::mediaState):
+            - Fix a bug in how we compute IsPlayingAudio - if the volume of the MediaElement is
+              set to zero, then audio is not playing (we were already checking muted).
+        * page/ChromeClient.h:
+            - removed setPageActivityState
+        * page/Page.cpp:
+        (WebCore::Page::setPageActivityState): Deleted.
+            - setPageActivityState -> pageActivityStateChanged, remove call to ChromeClient
+        * page/Page.h:
+        (WebCore::Page::pageActivityStateChanged):
+            - setPageActivityState -> pageActivityStateChanged
+        * page/PageThrottler.cpp:
+        (WebCore::PageThrottler::setActivityFlag):
+            - setPageActivityState -> pageActivityStateChanged
+
+2016-10-21  Chris Dumez  <cdumez@apple.com>
+
+        [Web ID] Overload resolution is wrong if one of the types is a nullable union
+        https://bugs.webkit.org/show_bug.cgi?id=163816
+
+        Reviewed by Alex Christensen.
+
+        Overload resolution was wrong if one of the types was a nullable union. This
+        is because we never considered the union type itself, only its subtypes.
+        Therefore, we checked if any of the union's subtypes were nullable but we
+        failed to check if the union itself was nullable.
+
+        See:
+        - https://heycam.github.io/webidl/#es-overloads (Step 11.3.)
+
+        No new tests, extended bindings tests.
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GetOverloadThatMatchesIgnoringUnionSubtypes):
+        (GenerateOverloadedFunctionOrConstructor):
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithNullableUnion1):
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithNullableUnion1Caller):
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithNullableUnion2):
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithNullableUnion2Caller):
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithNullableUnion):
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithOptionalUnion1):
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithOptionalUnion1Caller):
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithOptionalUnion2):
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithOptionalUnion2Caller):
+        (WebCore::jsTestObjPrototypeFunctionOverloadWithOptionalUnion):
+        * bindings/scripts/test/TestObj.idl:
+
+2016-10-21  Eric Carlson  <eric.carlson@apple.com>
+
+        [MediaStream] Dynamically generate media capture sandbox extensions
+        https://bugs.webkit.org/show_bug.cgi?id=154861
+        <rdar://problem/24909411>
+
+        Reviewed by Tim Horton.
+
+        No new tests, some of these changes are covered by existing tests and some can only be tested
+        with physical capture devices.
+
+        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: AVSampleBufferAudioRenderer
+          and AVSampleBufferRenderSynchronizer are now declared in AVFoundationSPI.h.
+
+        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
+        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC): Initialize 
+          AVSampleBufferRenderSynchronizer.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Fail if AVSampleBufferRenderSynchronizer
+          isn't available.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Take a MediaSample&
+          instead of a PlatformSample&.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Ditto.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Add the sample buffer display 
+          later to the synchronizer.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Remove the sample buffer display 
+          later from the synchronizer.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::play): Start the synchronizer.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::pause): Stash the current clock time in 
+          m_pausedTime, but leave the clock running. Pause the synchronizer.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentMediaTime): Return the clock time
+          when playing, m_pausedTime time when paused because we leave the clock running forever.
+        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated):
+
+        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: AVSampleBufferAudioRenderer
+          is now declared in AVFoundationSPI.h.
+
+        * platform/spi/mac/AVFoundationSPI.h: Add AVSampleBufferAudioRenderer and AVSampleBufferRenderSynchronizer.
+
+2016-10-21  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r207582.
+        https://bugs.webkit.org/show_bug.cgi?id=163819
+
+        Not quite ready rdar://problem/28897179 (Requested by
+        alexchristensen on #webkit).
+
+        Reverted changeset:
+
+        "Re-enable URLParser for non-Safari Cocoa apps after r207321"
+        https://bugs.webkit.org/show_bug.cgi?id=163690
+        http://trac.webkit.org/changeset/207582
+
+2016-10-21  Gavin Barraclough  <barraclough@apple.com>
+
+        WebPage should take UserActivity directly for user input
+        https://bugs.webkit.org/show_bug.cgi?id=163813
+
+        Reviewed by Anders Carlsson.
+
+        When we receive mouse/keyboard events in a page, we want to prevent AppNap. We currently do so
+        via the PageThrottler. This patch is to just make the WebPage drive the UserActivity directly.
+
+        Two reasons to do so: (1) to cleanup & simplify for further refactoring. (2) The current code
+        isn't really achieving the desired effect. The page setting the flag in the throttler to get
+        the activity to be set is now a less effective way of achieving this goal, since the
+        PageActivityState bounces back across to the UI process & then messages back to the WebContent
+        process to take the UserActivity. These extra hops defeat the purpose of making sure the boost
+        from the initial message isn't lost.
+
+        * page/PageThrottler.cpp:
+        (WebCore::PageThrottler::PageThrottler):
+        (WebCore::m_userInputHysteresis): Deleted.
+        * page/PageThrottler.h:
+        (WebCore::PageThrottler::didReceiveUserInput): Deleted.
+            - removed PageActivityState::UserInputActivity, didReceiveUserInput, m_userInputHysteresis.
+
+2016-10-21  Wenson Hsieh  <wenson_hsieh@apple.com>
+
+        Support (insertFrom|deleteBy)Composition and (insert|delete)CompositionText inputTypes for InputEvents
+        https://bugs.webkit.org/show_bug.cgi?id=163460
+        <rdar://problem/28784142>
+
+        Reviewed by Darin Adler.
+
+        Adds basic support for the composition inputTypes in the InputEvent spec. See w3.org/TR/input-events,
+        github.com/w3c/input-events/issues/41 and github.com/w3c/input-events/issues/42 for more details. While input
+        events are fired in the correct order with respect to each other, additional work will be required to ensure
+        that input events are fired in the correct order with respect to composition(start|update|end) events and
+        textInput events. This is held off until the expected ordering of events is officially defined in the spec.
+
+        Tests: fast/events/before-input-events-prevent-insert-composition.html
+               fast/events/before-input-events-prevent-recomposition.html
+               fast/events/input-events-ime-composition.html
+               fast/events/input-events-ime-recomposition.html
+
+        * editing/CompositeEditCommand.cpp:
+        (WebCore::CompositeEditCommand::apply):
+        * editing/CompositeEditCommand.h:
+        (WebCore::CompositeEditCommand::isBeforeInputEventCancelable):
+
+        Adds a new virtual method hook for subclasses to mark their `beforeinput` events as non-cancelable (see
+        TypingCommand::isBeforeInputEventCancelable). By default, `beforeinput` events are cancelable.
+
+        * editing/EditAction.h:
+
+        Adds 4 new EditActions corresponding to the 4 composition-related inputTypes. These are:
+        EditActionTypingDeletePendingComposition    => "deleteCompositionText"
+        EditActionTypingDeleteFinalComposition      => "deleteByComposition"
+        EditActionTypingInsertPendingComposition    => "insertCompositionText"
+        EditActionTypingInsertFinalComposition      => "insertFromComposition"
+
+        * editing/EditCommand.cpp:
+        (WebCore::inputTypeNameForEditingAction):
+        * editing/Editor.cpp:
+        (WebCore::dispatchBeforeInputEvent):
+        (WebCore::dispatchBeforeInputEvents):
+        (WebCore::Editor::willApplyEditing):
+        (WebCore::Editor::insertTextWithoutSendingTextEvent):
+        (WebCore::Editor::setComposition):
+
+        In setComposition(text, mode), tweak the logic for committing a composition to always delete the selection
+        before inserting the final composition text. In setComposition(text, underlines, start, end), catch the case
+        where we're beginning to recompose an existing range in the DOM and delete the recomposed text first.
+
+        * editing/TypingCommand.cpp:
+        (WebCore::editActionForTypingCommand):
+        (WebCore::TypingCommand::TypingCommand):
+        (WebCore::TypingCommand::deleteSelection):
+
+        Adds a TextCompositionType parameter so that call sites (see Editor::setComposition) can indicate what state the
+        edited composition is in. This allows us to differentiate between deletion of finalized composition text in
+        preparation of recomposing a range in the DOM, and deletion of composition text that has not yet been committed
+        in preparation for inserting a finalized composition into the DOM.
+
+        (WebCore::TypingCommand::deleteKeyPressed):
+        (WebCore::TypingCommand::forwardDeleteKeyPressed):
+        (WebCore::TypingCommand::insertText):
+        (WebCore::TypingCommand::insertLineBreak):
+        (WebCore::TypingCommand::insertParagraphSeparatorInQuotedContent):
+        (WebCore::TypingCommand::insertParagraphSeparator):
+        (WebCore::TypingCommand::isBeforeInputEventCancelable):
+        (WebCore::TypingCommand::inputEventData):
+        (WebCore::TypingCommand::willAddTypingToOpenCommand):
+        * editing/TypingCommand.h:
+
 2016-10-21  Dave Hyatt  <hyatt@apple.com>
 
         [CSS Parser] Make sure shadow user agent sheets parse in UASheetMode