2011-05-01 Nikolas Zimmermann <nzimmermann@rim.com>
[WebKit-https.git] / Source / WebCore / ChangeLog
index d1b5422..9402299 100644 (file)
@@ -1,3 +1,608 @@
+2011-05-01  Nikolas Zimmermann  <nzimmermann@rim.com>
+
+        Reviewed by Dirk Schulze.
+
+        LEAK: SVGElement leaks when detaching it in a pending resource state
+        https://bugs.webkit.org/show_bug.cgi?id=59072
+
+        Make the pending resources set non-refcounted again. We made it refcounted a while ago
+        to fix a security bug, as we had dangling pointers in the set in SVGDocumentExtensions.
+        Fix the underlying problem, by removing all pending resources referencing to a particular
+        SVGElement, upon its destruction or upon removing it from the document.
+
+        Example: <rect fill="url(#foo)" id="rect">
+        When we try to render the rect, the foo paint server can't be found and thus "foo" will be
+        added to the pending resource set, with "rect" as client. When "foo" appears, it would remove
+        itself from the pending resource set, and a ref count to the "rect" would be released.
+        If "foo" never appears, SVGDocumentExtensions still holds a ref to the <rect>, thus keeping
+        it and the associated document alive.
+
+        Tests: svg/custom/pending-resource-leak-2.svg
+               svg/custom/pending-resource-leak-3.svg
+               svg/custom/pending-resource-leak.svg
+
+        These tests cover several scenarios where we used to leak. Should fix several SVG*Element leaks on the bots.
+        I manually tested reloading above testcases dozens of times, before the leak count was incremented by 2 nodes on every reload, that's gone now.
+
+        * rendering/svg/RenderSVGResourceContainer.cpp:
+        (WebCore::RenderSVGResourceContainer::registerResource):
+        * rendering/svg/RenderSVGShadowTreeRootContainer.cpp:
+        (WebCore::RenderSVGShadowTreeRootContainer::updateFromElement):
+        * rendering/svg/SVGResources.cpp:
+        (WebCore::registerPendingResource):
+        * svg/SVGDocumentExtensions.cpp:
+        (WebCore::SVGDocumentExtensions::addPendingResource):
+        (WebCore::SVGDocumentExtensions::hasPendingResources):
+        (WebCore::SVGDocumentExtensions::removeElementFromPendingResources):
+        (WebCore::SVGDocumentExtensions::removePendingResource):
+        * svg/SVGDocumentExtensions.h:
+        * svg/SVGElement.cpp:
+        * svg/SVGElement.h:
+        * svg/SVGElementRareData.h:
+        (WebCore::SVGElementRareData::SVGElementRareData):
+        (WebCore::SVGElementRareData::hasPendingResources):
+        (WebCore::SVGElementRareData::setHasPendingResources):
+        * svg/SVGStyledElement.cpp:
+        (WebCore::SVGStyledElement::~SVGStyledElement):
+        (WebCore::SVGStyledElement::insertedIntoDocument):
+        (WebCore::SVGStyledElement::removedFromDocument):
+        (WebCore::SVGStyledElement::hasPendingResources):
+        (WebCore::SVGStyledElement::setHasPendingResources):
+        * svg/SVGStyledElement.h:
+        (WebCore::SVGStyledElement::needsPendingResourceHandling):
+        (WebCore::SVGStyledElement::buildPendingResource):
+        * svg/SVGUseElement.cpp:
+        (WebCore::SVGUseElement::SVGUseElement):
+        (WebCore::SVGUseElement::insertedIntoDocument):
+        (WebCore::SVGUseElement::svgAttributeChanged):
+        (WebCore::SVGUseElement::buildPendingResource):
+        * svg/SVGUseElement.h:
+
+2011-05-01  Rafael Brandao  <rafael.lobo@openbossa.org>
+
+        Reviewed by Csaba Osztrogonác.
+
+        [Qt] build-webkit warning Inspector.idl is missing
+        https://bugs.webkit.org/show_bug.cgi?id=59047
+        
+        Added variable_out to pipe output from one compiler to another,
+        and then forced the output to be added to the sources.
+
+        * CodeGenerators.pri:
+
+2011-05-01  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        <rdar://problem/9155067> REGRESSION (float-based line boxes): Gaps and overlaps in selection highlight
+        https://bugs.webkit.org/show_bug.cgi?id=56658
+
+        Test: fast/text/selection-rect-rounding.html
+
+        * platform/graphics/FontFastPath.cpp:
+        (WebCore::Font::selectionRectForSimpleText): Account for non-integral anchor point coordinates.
+        * platform/graphics/mac/FontComplexTextMac.cpp:
+        (WebCore::Font::selectionRectForComplexText): Ditto.
+        * rendering/InlineTextBox.cpp:
+        (WebCore::InlineTextBox::selectionRect): Floor the horizontal sides of the clip rect.
+        (WebCore::InlineTextBox::paintSelection): Pass the logical left location to Font::selectionRectForText(),
+        since it affects rounding.
+
+2011-04-30  Justin Schuh  <jschuh@chromium.org>
+
+        Reviewed by Dirk Schulze.
+
+        Make RenderSVGResourceFilter take ownership of filter data when painting
+        https://bugs.webkit.org/show_bug.cgi?id=51524
+
+        Test: svg/custom/filter-on-svgimage.svg
+
+        * rendering/svg/RenderSVGResourceFilter.cpp:
+        (WebCore::RenderSVGResourceFilter::removeClientFromCache):
+        (WebCore::RenderSVGResourceFilter::postApplyResource):
+        * rendering/svg/RenderSVGResourceFilter.h:
+        (WebCore::FilterData::FilterData):
+
+2011-04-30  Martin Robinson  <mrobinson@igalia.com>
+
+        Reviewed by Adam Barth.
+
+        Enable strict mode for OwnPtr and PassOwnPtr
+        https://bugs.webkit.org/show_bug.cgi?id=59428
+
+        Fix assignments and .set() calls with OwnPtr to use adoptPtr. Have GeolocationService
+        factory methods return a PassOwnPtr.
+
+        No new tests. This should not change functionality.
+
+        * platform/GeolocationService.cpp:
+        (WebCore::createGeolocationServiceNull):
+        (WebCore::GeolocationService::create):
+        * platform/GeolocationService.h:
+        * platform/android/GeolocationServiceAndroid.cpp:
+        (WebCore::GeolocationServiceAndroid::create):
+        * platform/android/GeolocationServiceAndroid.h:
+        * platform/efl/GeolocationServiceEfl.cpp:
+        (WebCore::GeolocationServiceEfl::create):
+        * platform/efl/GeolocationServiceEfl.h:
+        * platform/graphics/cairo/CairoUtilities.cpp:
+        (WebCore::appendPathToCairoContext):
+        * platform/graphics/cairo/GraphicsContextCairo.cpp:
+        (WebCore::drawPathShadow):
+        (WebCore::GraphicsContext::clip):
+        * platform/graphics/cairo/ImageBufferCairo.cpp:
+        (WebCore::ImageBuffer::ImageBuffer):
+        * platform/graphics/cairo/OwnPtrCairo.h:
+        * platform/graphics/cairo/PathCairo.cpp:
+        (WebCore::Path::Path):
+        (WebCore::Path::operator=):
+        (WebCore::Path::apply):
+        * platform/gtk/GeolocationServiceGtk.cpp:
+        (WebCore::GeolocationServiceGtk::create):
+        * platform/gtk/GeolocationServiceGtk.h:
+        * platform/mock/GeolocationServiceMock.cpp:
+        (WebCore::GeolocationServiceMock::create):
+        * platform/mock/GeolocationServiceMock.h:
+
+2011-04-30  Pavel Feldman  <pfeldman@chromium.org>
+
+        Not reviewed: inspector toolbar titles were 2px off.
+
+        * inspector/front-end/inspector.css:
+        (#toolbar-dropdown .toolbar-label):
+
+2011-04-30  Mihai Parparita  <mihaip@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        V8Proxy.h shouldn't include SecurityOrigin.h
+        https://bugs.webkit.org/show_bug.cgi?id=59859
+
+        Remove SecurityOrigin.h #include from V8Proxy.h. Touching
+        SecurityOrigin.h now rebuilds 234 targets instead of 638 (when building
+        chromium's DumpRenderTree).
+
+        * bindings/v8/NPV8Object.cpp:
+        * bindings/v8/V8Proxy.cpp:
+        * bindings/v8/V8Proxy.h:
+        * css/CSSStyleSelector.cpp:
+        * dom/XMLDocumentParserLibxml2.cpp:
+        * html/HTMLLinkElement.cpp:
+        * loader/SubframeLoader.cpp:
+        * page/History.cpp:
+        * storage/IDBFactory.cpp:
+        * storage/StorageAreaImpl.cpp:
+
+2011-04-29  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        CSP script-src should block eval
+        https://bugs.webkit.org/show_bug.cgi?id=59850
+
+        Rather than have JavaScriptCore call back into WebCore to learn whether
+        eval is enabled, we push that bit of the policy into JavaScriptCore.
+
+        Tests: http/tests/security/contentSecurityPolicy/eval-allowed.html
+               http/tests/security/contentSecurityPolicy/eval-blocked.html
+
+        * bindings/js/ScriptController.cpp:
+        (WebCore::ScriptController::disableEval):
+        * bindings/js/ScriptController.h:
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::didReceiveHeader):
+        (WebCore::ContentSecurityPolicy::internalAllowEval):
+        (WebCore::ContentSecurityPolicy::allowEval):
+        * page/ContentSecurityPolicy.h:
+
+2011-04-29  Joseph Pecoraro  <joepeck@webkit.org>
+
+        GTK build fix. Missed moving DateComponents and
+        adding LocalizedDate files for their build file.
+
+        * GNUmakefile.list.am:
+
+2011-04-29  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        style-src should block @style
+        https://bugs.webkit.org/show_bug.cgi?id=59293
+
+        This patch blocks @style when style-src doesn't have the
+        'unsafe-inline' token.  This patch blocks the parsing of the attribute
+        itself.  That feels vaguely like too low a level to interpose the
+        policy, but there didn't seem to be anywhere else natural to enforce
+        the policy.
+
+        Tests: http/tests/security/contentSecurityPolicy/inline-style-attribute-allowed.html
+               http/tests/security/contentSecurityPolicy/inline-style-attribute-blocked.html
+               http/tests/security/contentSecurityPolicy/inline-style-on-html.html
+
+        * dom/StyledElement.cpp:
+        (WebCore::StyledElement::parseMappedAttribute):
+
+2011-04-29  Joseph Pecoraro  <joepeck@webkit.org>
+
+        Reviewed by Kent Tamura.
+
+        Allow Localized Date Strings for Date Input Fields
+        https://bugs.webkit.org/show_bug.cgi?id=59752
+
+        Test: fast/forms/date-input-visible-strings.html
+
+        * CMakeLists.txt:
+        * WebCore.gypi:
+        * WebCore.pro:
+        * WebCore.vcproj/WebCore.vcproj:
+        * WebCore.xcodeproj/project.pbxproj: update build files for
+        moving DateComponents from WebCore/html to WebCore/platform
+        and adding the LocalizedDate files.
+
+        * html/BaseDateAndTimeInputType.cpp:
+        (WebCore::BaseDateAndTimeInputType::serialize):
+        (WebCore::BaseDateAndTimeInputType::serializeWithComponents):
+        (WebCore::BaseDateAndTimeInputType::serializeWithMilliseconds):
+        InputType::serialize for a double value with date types is
+        different for the month type because it assumes the incoming
+        value is months instead of msecs (matching valueAsNumber in
+        HTML5).  So provide a more general serialization function,
+        serializeWithComponents, that will always serialize a string
+        correctly for the current type but taking in a DateComponents
+        object. The default serialize, and new serializeWithMilliseconds,
+        can fall back to this and allows an override point for
+        the month type.
+
+        * html/MonthInputType.cpp:
+        (WebCore::MonthInputType::serializeWithMilliseconds): the month
+        type is a case where the default serialize does not take msec,
+        so provide an implementation for month which handles msec input.
+
+        * html/BaseDateAndTimeInputType.cpp:
+        (WebCore::BaseDateAndTimeInputType::setValueAsDate): switch
+        to serializeWithMilliseconds as the incoming date value is msec.
+        * html/MonthInputType.cpp:
+        (WebCore::MonthInputType::setValueAsDate): removed.
+
+        * html/BaseDateAndTimeInputType.cpp:
+        (WebCore::BaseDateAndTimeInputType::visibleValue): allow
+        localized formatting of a date value.
+        (WebCore::BaseDateAndTimeInputType::convertFromVisibleValue):
+        allow parsing for a formatted date value.
+
+        * html/BaseDateAndTimeInputType.h:
+        * platform/DateComponents.cpp: Renamed from Source/WebCore/html/DateComponents.cpp.
+        Expose the Type enum so it can be used outside of the DateComponents class.
+        * platform/text/LocalizedDate.h: Added.
+        * platform/text/LocalizedDateNone.cpp: Added.
+        (WebCore::formatLocalizedDate): Default implementation falls back to
+        existing HTML5 date input value formatting.
+
+        * html/BaseDateAndTimeInputType.h:
+        * html/DateInputType.cpp:
+        (WebCore::DateInputType::dateType):
+        * html/DateInputType.h:
+        * html/DateTimeInputType.cpp:
+        (WebCore::DateTimeInputType::dateType):
+        * html/DateTimeInputType.h:
+        * html/DateTimeLocalInputType.cpp:
+        (WebCore::DateTimeLocalInputType::dateType):
+        * html/DateTimeLocalInputType.h:
+        * html/MonthInputType.cpp:
+        (WebCore::MonthInputType::dateType):
+        * html/MonthInputType.h:
+        * html/TimeInputType.cpp:
+        (WebCore::TimeInputType::dateType):
+        * html/TimeInputType.h:
+        * html/WeekInputType.cpp:
+        (WebCore::WeekInputType::dateType):
+        * html/WeekInputType.h: Accessors for the desired date
+        type of a date input type. This allows the base class
+        to write a generic algorithm.
+
+2011-04-29  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        style-src should block inline style from <style>
+        https://bugs.webkit.org/show_bug.cgi?id=59292
+
+        The spec has been updated to allow blocking of inline styles with
+        style-src.  This will help folks defend against tricky CSS3 injections.
+
+        This patch covers the <style> case.  The next patch will cover the
+        @style case.
+
+        Tests: http/tests/security/contentSecurityPolicy/inline-style-allowed.html
+               http/tests/security/contentSecurityPolicy/inline-style-blocked.html
+
+        * dom/StyleElement.cpp:
+        (WebCore::StyleElement::createSheet):
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::allowInlineStyle):
+        * page/ContentSecurityPolicy.h:
+
+2011-04-29  Chris Evans  <cevans@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Add WebCore::Setting to block displaying and/or running insecure content on secure pages
+        https://bugs.webkit.org/show_bug.cgi?id=58378
+
+        Test: To follow in subsequent patch, including the wiring to expose the new settings to LayoutTests.
+
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::checkIfDisplayInsecureContent): Return whether or not the load should be blocked, and tweak the message upon blocking.
+        (WebCore::FrameLoader::checkIfRunInsecureContent): Return whether or not the load should be blocked, and tweak the message upon blocking.
+        * loader/FrameLoader.h:
+        * loader/MainResourceLoader.cpp:
+        (WebCore::MainResourceLoader::willSendRequest): Check if the frame load is blocked due to mixed content and cancel it if so. The check was moved up so that it occurs before firing the load callbacks, to avoid any outgoing network hits or accounting. Redirects are handled because willSendRequest is called for each one in the chain.
+        * loader/SubframeLoader.cpp:
+        (WebCore::SubframeLoader::loadMediaPlayerProxyPlugin): Handle the blocking of mixed-content plug-in loads.
+        (WebCore::SubframeLoader::loadPlugin): Handle the blocking of mixed-content plug-in loads.
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::CachedResourceLoader::canRequest): Handle the blocking of various loads due to mixed content conditions.
+        * page/Settings.cpp:
+        (WebCore::Settings::Settings): Permit mixed-content loads by default to avoid a change in behavior by default.
+        * page/Settings.h: Add two new booleans to control blocking of mixed content (displaying and running thereof).
+        (WebCore::Settings::setAllowDisplayOfInsecureContent):
+        (WebCore::Settings::allowDisplayOfInsecureContent):
+        (WebCore::Settings::setAllowRunningOfInsecureContent):
+        (WebCore::Settings::allowRunningOfInsecureContent):
+
+2011-04-29  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Extract a function to obtain VisiblePosition from RenderText::positionForPoint
+        https://bugs.webkit.org/show_bug.cgi?id=59811
+
+        Extracted lineDirectionPointFitsInBox from positionForPoint.
+
+        * rendering/RenderText.cpp:
+        (WebCore::lineDirectionPointFitsInBox):
+        (WebCore::RenderText::positionForPoint):
+
+2011-04-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        REGRESSION: r83938 abandons GC memory
+        https://bugs.webkit.org/show_bug.cgi?id=59604
+
+        This bug was caused by script and image elements waiting indefinitely
+        for their loads to finish.
+
+        * bindings/js/JSNodeCustom.cpp:
+        (WebCore::isReachableFromDOM): Don't test for the load event firing,
+        since the load event doesn't fire in cases of canceled or errored loads.
+        Instead, test hasPendingActivity().
+        
+        Don't do this test at all for script elements because script elements
+        can't load while outside the document. (fast/dom/script-element-gc.html
+        verifies that this is correct.)
+
+        * html/HTMLImageElement.cpp:
+        (WebCore::HTMLImageElement::hasPendingActivity):
+        * html/HTMLImageElement.h:
+        * loader/ImageLoader.cpp:
+        (WebCore::ImageEventSender::hasPendingEvents):
+        (WebCore::ImageLoader::hasPendingLoadEvent):
+        * loader/ImageLoader.h: Added API for finding out if an image element
+        has pending activity.
+
+        * loader/cache/CachedResource.cpp:
+        (WebCore::CachedResource::setRequest): All loads are supposed to end in
+        data(allDataReceived = true) or error(), but in the edge case of a
+        canceled load, all we get is a call to setRequest(0). Be sure to
+        record that we're no longer loading in that case, otherwise our element
+        will leak forever, waiting for its load to complete.
+
+2011-04-29  Emil Eklund  <eae@chromium.org>
+
+        Reviewed by Tony Chang.
+
+        Setting outerHTML should merge text nodes
+        https://bugs.webkit.org/show_bug.cgi?id=52686
+
+        When setting outerHTML adjacent text nodes should be merged. This matches
+        the behavior of outerText and the IE implementation of outerHTML.       
+
+        Test: fast/dom/set-outer-html.html
+
+        * html/HTMLElement.cpp:
+        (WebCore::mergeWithNextTextNode): Move function to before setOuterHTML.
+        (WebCore::HTMLElement::setOuterHTML): Merge adjacent text nodes after replacing the element.
+
+2011-04-29  Emil A Eklund  <eae@chromium.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        Onchange on text fields has an incoherent behavior
+        https://bugs.webkit.org/show_bug.cgi?id=57330
+
+        * html/HTMLFormControlElement.cpp:
+        (WebCore::HTMLTextFormControlElement::insertedIntoDocument):
+        Initialize m_textAsOfLastFormControlChangeEvent to empty string rather
+        than null for empty fields.
+
+2011-04-29  Csaba Osztrogonác  <ossy@webkit.org>
+
+        [Qt] Unreviewed buildfix after r85343.
+
+        Enable strict OwnPtr for Qt
+        https://bugs.webkit.org/show_bug.cgi?id=59667
+
+        * plugins/mac/PluginViewMac.mm:
+        (WebCore::PluginView::platformStart):
+
+2011-04-29  Jon Lee  <jonlee@apple.com>
+
+        Reviewed by mitzpettel.
+
+        REGRESSION (WebKit2): (Mac) Selection is gone after switching tabs (59721)
+        <rdar://problem/9327332>
+        https://bugs.webkit.org/show_bug.cgi?id=59721
+
+        Removing shouldClearSelectionWhenLosingWebPageFocus().  Reverting changelist 83814.
+
+        * WebCore.exp.in:
+        * editing/EditingBehavior.h:
+
+2011-04-29  Abhishek Arya  <inferno@chromium.org>
+
+        Reviewed by Dave Hyatt.
+
+        Allow only first table caption and destroy the remaining ones.
+        https://bugs.webkit.org/show_bug.cgi?id=58249
+
+        Previously, we were only laying out the first table caption.
+        However Table::layout didn't mark the other ones as not needing
+        layout. So after table layout completes, table is marked as not
+        needing layout with its other table caption still needing layout.
+        This causes incorrect layout root calculations and set it to a
+        node which is already getting deleted.
+
+        Tests: fast/table/dynamic-caption-add-before-child.xhtml
+               fast/table/dynamic-caption-add-remove-before-child.xhtml
+               fast/table/multiple-captions-crash.xhtml
+               fast/table/multiple-captions-crash2.xhtml
+               fast/table/multiple-captions-display.xhtml
+
+        * rendering/RenderTable.cpp:
+        (WebCore::RenderTable::addChild): when new caption or a before
+        child caption is added, we need to explicitly trigger section
+        recalc or otherwise layout won't catch it.
+        (WebCore::RenderTable::removeChild): when child to be removed is
+        m_caption, make sure to trigger style recalc on the table.
+        (WebCore::RenderTable::recalcCaption): code to destroy captions
+        other than the first one.
+        (WebCore::RenderTable::recalcSections): call recalcCaption
+        helper. Store the next sibling early since child can get destroyed
+        in recalcCaption.
+        * rendering/RenderTable.h:
+
+2011-04-29  David Kilzer  <ddkilzer@apple.com>
+
+        Remove WML
+        https://bugs.webkit.org/show_bug.cgi?id=59678
+
+        * DerivedSources.make: Removed $(WebCore)/wml path in VPATH.
+
+2011-04-29  James Robinson  <jamesr@chromium.org>
+
+        Unreviewed, rolling out r85330.
+        http://trac.webkit.org/changeset/85330
+        https://bugs.webkit.org/show_bug.cgi?id=41311
+
+        Caused unexpected border rendering change on 500 tests on chromium linux.
+
+        * platform/graphics/skia/GraphicsContextSkia.cpp:
+        (WebCore::GraphicsContext::drawConvexPolygon):
+        (WebCore::GraphicsContext::clipConvexPolygon):
+
+2011-04-29  Csaba Osztrogonác  <ossy@webkit.org>
+
+        [Qt] Unreviewed buildfix after r85343.
+
+        Enable strict OwnPtr for Qt
+        https://bugs.webkit.org/show_bug.cgi?id=59667
+
+        * plugins/win/PluginViewWin.cpp:
+        (WebCore::PluginView::wndProc):
+        (WebCore::PluginView::snapshot):
+
+2011-04-29  Csaba Osztrogonác  <ossy@webkit.org>
+
+        Reviewed by Adam Barth.
+
+        Enable strict OwnPtr for Qt
+        https://bugs.webkit.org/show_bug.cgi?id=59667
+
+        * platform/graphics/qt/ImageBufferQt.cpp:
+        (WebCore::ImageBufferData::ImageBufferData):
+        (WebCore::ImageBuffer::ImageBuffer):
+        * platform/graphics/qt/ImageDecoderQt.cpp:
+        (WebCore::ImageDecoderQt::setData):
+        * platform/graphics/qt/ImageDecoderQt.h:
+        * platform/network/qt/QNetworkReplyHandler.cpp:
+        (WebCore::QNetworkReplyWrapper::QNetworkReplyWrapper):
+        (WebCore::QNetworkReplyHandler::QNetworkReplyHandler):
+
+2011-04-29  Dean Jackson  <dino@apple.com>
+
+        Reviewed by Simon Fraser.
+
+        Add ENABLE macro for WebKitAnimation
+        https://bugs.webkit.org/show_bug.cgi?id=59729
+
+        Add new feature to toggle WebKit Animation API.
+
+        * Configurations/FeatureDefines.xcconfig:
+        * GNUmakefile.am:
+        * dom/Element.idl:
+        * features.pri:
+        * page/DOMWindow.idl:
+
+2011-04-29  Dean Jackson  <dino@apple.com>
+
+        Reviewed by Simon Fraser.
+
+        https://bugs.webkit.org/show_bug.cgi?id=59149
+        (Regression) Existing animations are not replaced when filling.
+
+        Hardware animations that fill forwards were not being correctly
+        replaced when the animation was removed. The actual animation
+        logic was working correctly, but it wasn't deleting the
+        CoreAnimation animation from the PlatformLayer. The fix was
+        to explicitly call endAnimation when disconnecting the animation
+        from its RenderObject.
+
+        Test: animations/3d/replace-filling-transform.html
+
+        * page/animation/AnimationBase.h:
+        (WebCore::AnimationBase::clear): call endAnimation as the animation is cleared
+
+2011-04-29  Abhishek Arya  <inferno@chromium.org>
+
+        Reviewed by Nikolas Zimmermann.
+
+        When svg inline text is getting destroyed, make sure to mark
+        its svg text ancestor as needing a positioning values update.
+        This helps to recalculate layout attributes and makes sure
+        that svg inline text is not used again.
+        https://bugs.webkit.org/show_bug.cgi?id=59161
+
+        Test: svg/text/inline-text-destroy-attributes-crash.xhtml
+
+        * rendering/svg/RenderSVGInlineText.cpp:
+        (WebCore::RenderSVGInlineText::destroy):
+        * rendering/svg/RenderSVGInlineText.h:
+
+2011-04-29  Kevin Ollivier  <kevino@theolliviers.com>
+
+        [wx] Unreviewed build fix. Fix wxMSW trunk builds by adding include.
+
+        * platform/graphics/wx/GraphicsContextWx.cpp:
+
+2011-04-29  Mike Reed  <reed@google.com>
+
+        Reviewed by Ojan Vafai.
+
+        Skia: Need to implement GraphicsContext::clipConvexPolygon()
+        https://bugs.webkit.org/show_bug.cgi?id=41311
+
+        This does not (yet) enable HAVE_PATH_BASED_BORDER_RADIUS_DRAWING
+        as that shows other issues/question unrelated to clipping.
+        https://bugs.webkit.org/show_bug.cgi?id=41311
+
+        No new tests. covered by existing layout tests
+
+        * platform/graphics/skia/GraphicsContextSkia.cpp:
+        (WebCore::setPathFromConvexPoints):
+        (WebCore::GraphicsContext::drawConvexPolygon):
+        (WebCore::GraphicsContext::clipConvexPolygon):
+
 2011-04-29  Mike Lawther  <mikelawther@chromium.org>
 
         Reviewed by Ojan Vafai.