2011-05-01 Nikolas Zimmermann <nzimmermann@rim.com>
[WebKit-https.git] / Source / WebCore / ChangeLog
index 267d5da..9402299 100644 (file)
@@ -1,3 +1,305 @@
+2011-05-01  Nikolas Zimmermann  <nzimmermann@rim.com>
+
+        Reviewed by Dirk Schulze.
+
+        LEAK: SVGElement leaks when detaching it in a pending resource state
+        https://bugs.webkit.org/show_bug.cgi?id=59072
+
+        Make the pending resources set non-refcounted again. We made it refcounted a while ago
+        to fix a security bug, as we had dangling pointers in the set in SVGDocumentExtensions.
+        Fix the underlying problem, by removing all pending resources referencing to a particular
+        SVGElement, upon its destruction or upon removing it from the document.
+
+        Example: <rect fill="url(#foo)" id="rect">
+        When we try to render the rect, the foo paint server can't be found and thus "foo" will be
+        added to the pending resource set, with "rect" as client. When "foo" appears, it would remove
+        itself from the pending resource set, and a ref count to the "rect" would be released.
+        If "foo" never appears, SVGDocumentExtensions still holds a ref to the <rect>, thus keeping
+        it and the associated document alive.
+
+        Tests: svg/custom/pending-resource-leak-2.svg
+               svg/custom/pending-resource-leak-3.svg
+               svg/custom/pending-resource-leak.svg
+
+        These tests cover several scenarios where we used to leak. Should fix several SVG*Element leaks on the bots.
+        I manually tested reloading above testcases dozens of times, before the leak count was incremented by 2 nodes on every reload, that's gone now.
+
+        * rendering/svg/RenderSVGResourceContainer.cpp:
+        (WebCore::RenderSVGResourceContainer::registerResource):
+        * rendering/svg/RenderSVGShadowTreeRootContainer.cpp:
+        (WebCore::RenderSVGShadowTreeRootContainer::updateFromElement):
+        * rendering/svg/SVGResources.cpp:
+        (WebCore::registerPendingResource):
+        * svg/SVGDocumentExtensions.cpp:
+        (WebCore::SVGDocumentExtensions::addPendingResource):
+        (WebCore::SVGDocumentExtensions::hasPendingResources):
+        (WebCore::SVGDocumentExtensions::removeElementFromPendingResources):
+        (WebCore::SVGDocumentExtensions::removePendingResource):
+        * svg/SVGDocumentExtensions.h:
+        * svg/SVGElement.cpp:
+        * svg/SVGElement.h:
+        * svg/SVGElementRareData.h:
+        (WebCore::SVGElementRareData::SVGElementRareData):
+        (WebCore::SVGElementRareData::hasPendingResources):
+        (WebCore::SVGElementRareData::setHasPendingResources):
+        * svg/SVGStyledElement.cpp:
+        (WebCore::SVGStyledElement::~SVGStyledElement):
+        (WebCore::SVGStyledElement::insertedIntoDocument):
+        (WebCore::SVGStyledElement::removedFromDocument):
+        (WebCore::SVGStyledElement::hasPendingResources):
+        (WebCore::SVGStyledElement::setHasPendingResources):
+        * svg/SVGStyledElement.h:
+        (WebCore::SVGStyledElement::needsPendingResourceHandling):
+        (WebCore::SVGStyledElement::buildPendingResource):
+        * svg/SVGUseElement.cpp:
+        (WebCore::SVGUseElement::SVGUseElement):
+        (WebCore::SVGUseElement::insertedIntoDocument):
+        (WebCore::SVGUseElement::svgAttributeChanged):
+        (WebCore::SVGUseElement::buildPendingResource):
+        * svg/SVGUseElement.h:
+
+2011-05-01  Rafael Brandao  <rafael.lobo@openbossa.org>
+
+        Reviewed by Csaba Osztrogon√°c.
+
+        [Qt] build-webkit warning Inspector.idl is missing
+        https://bugs.webkit.org/show_bug.cgi?id=59047
+        
+        Added variable_out to pipe output from one compiler to another,
+        and then forced the output to be added to the sources.
+
+        * CodeGenerators.pri:
+
+2011-05-01  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        <rdar://problem/9155067> REGRESSION (float-based line boxes): Gaps and overlaps in selection highlight
+        https://bugs.webkit.org/show_bug.cgi?id=56658
+
+        Test: fast/text/selection-rect-rounding.html
+
+        * platform/graphics/FontFastPath.cpp:
+        (WebCore::Font::selectionRectForSimpleText): Account for non-integral anchor point coordinates.
+        * platform/graphics/mac/FontComplexTextMac.cpp:
+        (WebCore::Font::selectionRectForComplexText): Ditto.
+        * rendering/InlineTextBox.cpp:
+        (WebCore::InlineTextBox::selectionRect): Floor the horizontal sides of the clip rect.
+        (WebCore::InlineTextBox::paintSelection): Pass the logical left location to Font::selectionRectForText(),
+        since it affects rounding.
+
+2011-04-30  Justin Schuh  <jschuh@chromium.org>
+
+        Reviewed by Dirk Schulze.
+
+        Make RenderSVGResourceFilter take ownership of filter data when painting
+        https://bugs.webkit.org/show_bug.cgi?id=51524
+
+        Test: svg/custom/filter-on-svgimage.svg
+
+        * rendering/svg/RenderSVGResourceFilter.cpp:
+        (WebCore::RenderSVGResourceFilter::removeClientFromCache):
+        (WebCore::RenderSVGResourceFilter::postApplyResource):
+        * rendering/svg/RenderSVGResourceFilter.h:
+        (WebCore::FilterData::FilterData):
+
+2011-04-30  Martin Robinson  <mrobinson@igalia.com>
+
+        Reviewed by Adam Barth.
+
+        Enable strict mode for OwnPtr and PassOwnPtr
+        https://bugs.webkit.org/show_bug.cgi?id=59428
+
+        Fix assignments and .set() calls with OwnPtr to use adoptPtr. Have GeolocationService
+        factory methods return a PassOwnPtr.
+
+        No new tests. This should not change functionality.
+
+        * platform/GeolocationService.cpp:
+        (WebCore::createGeolocationServiceNull):
+        (WebCore::GeolocationService::create):
+        * platform/GeolocationService.h:
+        * platform/android/GeolocationServiceAndroid.cpp:
+        (WebCore::GeolocationServiceAndroid::create):
+        * platform/android/GeolocationServiceAndroid.h:
+        * platform/efl/GeolocationServiceEfl.cpp:
+        (WebCore::GeolocationServiceEfl::create):
+        * platform/efl/GeolocationServiceEfl.h:
+        * platform/graphics/cairo/CairoUtilities.cpp:
+        (WebCore::appendPathToCairoContext):
+        * platform/graphics/cairo/GraphicsContextCairo.cpp:
+        (WebCore::drawPathShadow):
+        (WebCore::GraphicsContext::clip):
+        * platform/graphics/cairo/ImageBufferCairo.cpp:
+        (WebCore::ImageBuffer::ImageBuffer):
+        * platform/graphics/cairo/OwnPtrCairo.h:
+        * platform/graphics/cairo/PathCairo.cpp:
+        (WebCore::Path::Path):
+        (WebCore::Path::operator=):
+        (WebCore::Path::apply):
+        * platform/gtk/GeolocationServiceGtk.cpp:
+        (WebCore::GeolocationServiceGtk::create):
+        * platform/gtk/GeolocationServiceGtk.h:
+        * platform/mock/GeolocationServiceMock.cpp:
+        (WebCore::GeolocationServiceMock::create):
+        * platform/mock/GeolocationServiceMock.h:
+
+2011-04-30  Pavel Feldman  <pfeldman@chromium.org>
+
+        Not reviewed: inspector toolbar titles were 2px off.
+
+        * inspector/front-end/inspector.css:
+        (#toolbar-dropdown .toolbar-label):
+
+2011-04-30  Mihai Parparita  <mihaip@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        V8Proxy.h shouldn't include SecurityOrigin.h
+        https://bugs.webkit.org/show_bug.cgi?id=59859
+
+        Remove SecurityOrigin.h #include from V8Proxy.h. Touching
+        SecurityOrigin.h now rebuilds 234 targets instead of 638 (when building
+        chromium's DumpRenderTree).
+
+        * bindings/v8/NPV8Object.cpp:
+        * bindings/v8/V8Proxy.cpp:
+        * bindings/v8/V8Proxy.h:
+        * css/CSSStyleSelector.cpp:
+        * dom/XMLDocumentParserLibxml2.cpp:
+        * html/HTMLLinkElement.cpp:
+        * loader/SubframeLoader.cpp:
+        * page/History.cpp:
+        * storage/IDBFactory.cpp:
+        * storage/StorageAreaImpl.cpp:
+
+2011-04-29  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        CSP script-src should block eval
+        https://bugs.webkit.org/show_bug.cgi?id=59850
+
+        Rather than have JavaScriptCore call back into WebCore to learn whether
+        eval is enabled, we push that bit of the policy into JavaScriptCore.
+
+        Tests: http/tests/security/contentSecurityPolicy/eval-allowed.html
+               http/tests/security/contentSecurityPolicy/eval-blocked.html
+
+        * bindings/js/ScriptController.cpp:
+        (WebCore::ScriptController::disableEval):
+        * bindings/js/ScriptController.h:
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::didReceiveHeader):
+        (WebCore::ContentSecurityPolicy::internalAllowEval):
+        (WebCore::ContentSecurityPolicy::allowEval):
+        * page/ContentSecurityPolicy.h:
+
+2011-04-29  Joseph Pecoraro  <joepeck@webkit.org>
+
+        GTK build fix. Missed moving DateComponents and
+        adding LocalizedDate files for their build file.
+
+        * GNUmakefile.list.am:
+
+2011-04-29  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        style-src should block @style
+        https://bugs.webkit.org/show_bug.cgi?id=59293
+
+        This patch blocks @style when style-src doesn't have the
+        'unsafe-inline' token.  This patch blocks the parsing of the attribute
+        itself.  That feels vaguely like too low a level to interpose the
+        policy, but there didn't seem to be anywhere else natural to enforce
+        the policy.
+
+        Tests: http/tests/security/contentSecurityPolicy/inline-style-attribute-allowed.html
+               http/tests/security/contentSecurityPolicy/inline-style-attribute-blocked.html
+               http/tests/security/contentSecurityPolicy/inline-style-on-html.html
+
+        * dom/StyledElement.cpp:
+        (WebCore::StyledElement::parseMappedAttribute):
+
+2011-04-29  Joseph Pecoraro  <joepeck@webkit.org>
+
+        Reviewed by Kent Tamura.
+
+        Allow Localized Date Strings for Date Input Fields
+        https://bugs.webkit.org/show_bug.cgi?id=59752
+
+        Test: fast/forms/date-input-visible-strings.html
+
+        * CMakeLists.txt:
+        * WebCore.gypi:
+        * WebCore.pro:
+        * WebCore.vcproj/WebCore.vcproj:
+        * WebCore.xcodeproj/project.pbxproj: update build files for
+        moving DateComponents from WebCore/html to WebCore/platform
+        and adding the LocalizedDate files.
+
+        * html/BaseDateAndTimeInputType.cpp:
+        (WebCore::BaseDateAndTimeInputType::serialize):
+        (WebCore::BaseDateAndTimeInputType::serializeWithComponents):
+        (WebCore::BaseDateAndTimeInputType::serializeWithMilliseconds):
+        InputType::serialize for a double value with date types is
+        different for the month type because it assumes the incoming
+        value is months instead of msecs (matching valueAsNumber in
+        HTML5).  So provide a more general serialization function,
+        serializeWithComponents, that will always serialize a string
+        correctly for the current type but taking in a DateComponents
+        object. The default serialize, and new serializeWithMilliseconds,
+        can fall back to this and allows an override point for
+        the month type.
+
+        * html/MonthInputType.cpp:
+        (WebCore::MonthInputType::serializeWithMilliseconds): the month
+        type is a case where the default serialize does not take msec,
+        so provide an implementation for month which handles msec input.
+
+        * html/BaseDateAndTimeInputType.cpp:
+        (WebCore::BaseDateAndTimeInputType::setValueAsDate): switch
+        to serializeWithMilliseconds as the incoming date value is msec.
+        * html/MonthInputType.cpp:
+        (WebCore::MonthInputType::setValueAsDate): removed.
+
+        * html/BaseDateAndTimeInputType.cpp:
+        (WebCore::BaseDateAndTimeInputType::visibleValue): allow
+        localized formatting of a date value.
+        (WebCore::BaseDateAndTimeInputType::convertFromVisibleValue):
+        allow parsing for a formatted date value.
+
+        * html/BaseDateAndTimeInputType.h:
+        * platform/DateComponents.cpp: Renamed from Source/WebCore/html/DateComponents.cpp.
+        Expose the Type enum so it can be used outside of the DateComponents class.
+        * platform/text/LocalizedDate.h: Added.
+        * platform/text/LocalizedDateNone.cpp: Added.
+        (WebCore::formatLocalizedDate): Default implementation falls back to
+        existing HTML5 date input value formatting.
+
+        * html/BaseDateAndTimeInputType.h:
+        * html/DateInputType.cpp:
+        (WebCore::DateInputType::dateType):
+        * html/DateInputType.h:
+        * html/DateTimeInputType.cpp:
+        (WebCore::DateTimeInputType::dateType):
+        * html/DateTimeInputType.h:
+        * html/DateTimeLocalInputType.cpp:
+        (WebCore::DateTimeLocalInputType::dateType):
+        * html/DateTimeLocalInputType.h:
+        * html/MonthInputType.cpp:
+        (WebCore::MonthInputType::dateType):
+        * html/MonthInputType.h:
+        * html/TimeInputType.cpp:
+        (WebCore::TimeInputType::dateType):
+        * html/TimeInputType.h:
+        * html/WeekInputType.cpp:
+        (WebCore::WeekInputType::dateType):
+        * html/WeekInputType.h: Accessors for the desired date
+        type of a date input type. This allows the base class
+        to write a generic algorithm.
+
 2011-04-29  Adam Barth  <abarth@webkit.org>
 
         Reviewed by Eric Seidel.