Add version number for default stylesheet
[WebKit-https.git] / Source / WebCore / ChangeLog
index ca9d232..94f35f7 100644 (file)
+2016-02-13  Antti Koivisto  <antti@apple.com>
+
+        Add version number for default stylesheet
+        https://bugs.webkit.org/show_bug.cgi?id=154220
+
+        Reviewed by Ryosuke Niwa.
+
+        We currently fail to update RuleFeatureSets for shadow trees when the default stylesheet grows
+        (for example when media controls stylesheet is initialized).
+
+        No test since this is not causing known bugs. It is blocking optimizations in shadow trees that
+        rely on rule features being up-to-date.
+
+        * css/CSSDefaultStyleSheets.cpp:
+        (WebCore::CSSDefaultStyleSheets::loadSimpleDefaultStyle):
+        (WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement):
+
+            Increment version number when the default stylesheet changes.
+
+        * css/CSSDefaultStyleSheets.h:
+        * css/DocumentRuleSets.cpp:
+        (WebCore::DocumentRuleSets::appendAuthorStyleSheets):
+        (WebCore::DocumentRuleSets::collectFeatures):
+
+            Store the current default stylesheet version number.
+
+        * css/DocumentRuleSets.h:
+        (WebCore::DocumentRuleSets::features):
+
+            Collect features again if the default stylesheet has changed.
+
+        * css/StyleResolver.cpp:
+        (WebCore::StyleResolver::styleForElement):
+
+2016-02-13  Konstantin Tokarev  <annulen@yandex.ru>
+
+        [cmake] Consolidate building of GStreamer and OpenWebRTC code.
+        https://bugs.webkit.org/show_bug.cgi?id=154116
+
+        Reviewed by Michael Catanzaro.
+
+        No new tests needed.
+
+        * PlatformEfl.cmake: Migrated shared code to GStreamer.cmake.
+        * PlatformGTK.cmake: Ditto.
+        * platform/GStreamer.cmake: Added.
+
+2016-02-13  Mark Lam  <mark.lam@apple.com>
+
+        Add thread violation checks to WebView public APIs.
+        https://bugs.webkit.org/show_bug.cgi?id=154183
+
+        Reviewed by Timothy Hatcher.
+
+        No new tests.  Just adding a new thread violation round.
+
+        * platform/ThreadCheck.h:
+        * platform/mac/ThreadCheck.mm:
+        - Adding WebCoreThreadViolationCheckRoundThree().
+
+2016-02-12  Nan Wang  <n_wang@apple.com>
+
+        AX: Implement paragraph related text marker functions using TextIterator
+        https://bugs.webkit.org/show_bug.cgi?id=154098
+        <rdar://problem/24269675>
+
+        Reviewed by Chris Fleizach.
+
+        Using CharacterOffset to implement paragraph related text marker calls. Reused
+        logic from VisibleUnits class. And refactored textMarkerForCharacterOffset method
+        to get better performance. Also fixed an issue where we can't navigate through a text
+        node with line breaks in it using next/previousCharacterOffset call.
+
+        Test: accessibility/mac/text-marker-paragraph-nav.html
+
+        * accessibility/AXObjectCache.cpp:
+        (WebCore::AXObjectCache::traverseToOffsetInRange):
+        (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
+        (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
+        (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
+        (WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
+        (WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
+        (WebCore::AXObjectCache::nextNode):
+        (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
+        (WebCore::AXObjectCache::nextCharacterOffset):
+        (WebCore::AXObjectCache::previousCharacterOffset):
+        (WebCore::startWordBoundary):
+        (WebCore::AXObjectCache::startCharacterOffsetOfWord):
+        (WebCore::AXObjectCache::endCharacterOffsetOfWord):
+        (WebCore::AXObjectCache::previousWordStartCharacterOffset):
+        (WebCore::AXObjectCache::previousWordBoundary):
+        (WebCore::AXObjectCache::startCharacterOffsetOfParagraph):
+        (WebCore::AXObjectCache::endCharacterOffsetOfParagraph):
+        (WebCore::AXObjectCache::paragraphForCharacterOffset):
+        (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
+        (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
+        (WebCore::AXObjectCache::rootAXEditableElement):
+        * accessibility/AXObjectCache.h:
+        (WebCore::CharacterOffset::remaining):
+        (WebCore::CharacterOffset::isNull):
+        (WebCore::CharacterOffset::isEqual):
+        (WebCore::AXObjectCache::isNodeInUse):
+        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
+        (+[WebAccessibilityTextMarker textMarkerWithCharacterOffset:cache:]):
+        (-[WebAccessibilityObjectWrapper nextMarkerForCharacterOffset:]):
+        (-[WebAccessibilityObjectWrapper previousMarkerForCharacterOffset:]):
+        (-[WebAccessibilityObjectWrapper rangeForTextMarkers:]):
+        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
+        (startOrEndTextmarkerForRange):
+        (nextTextMarkerForCharacterOffset):
+        (previousTextMarkerForCharacterOffset):
+        (-[WebAccessibilityObjectWrapper nextTextMarkerForCharacterOffset:]):
+        (-[WebAccessibilityObjectWrapper previousTextMarkerForCharacterOffset:]):
+        (-[WebAccessibilityObjectWrapper textMarkerForCharacterOffset:]):
+        (textMarkerForCharacterOffset):
+        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
+        (-[WebAccessibilityObjectWrapper nextTextMarkerForNode:offset:]): Deleted.
+        (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]): Deleted.
+        (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]): Deleted.
+        (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]): Deleted.
+        * editing/VisibleUnits.cpp:
+        (WebCore::nextSentencePosition):
+        (WebCore::findStartOfParagraph):
+        (WebCore::findEndOfParagraph):
+        (WebCore::startOfParagraph):
+        (WebCore::endOfParagraph):
+        * editing/VisibleUnits.h:
+
+2016-02-12  Ryan Haddad  <ryanhaddad@apple.com>
+
+        Reset results for bindings tests after r196520
+
+        Unreviewed test gardening.
+
+        No new tests needed.
+
+        * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.cpp:
+        (webkit_dom_test_event_target_dispatch_event):
+        * bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
+        (webkit_dom_test_node_dispatch_event):
+
+2016-02-12  Saam barati  <sbarati@apple.com>
+
+        Attempting build fix from https://bugs.webkit.org/show_bug.cgi?id=154144.
+
+        * bindings/js/JSDOMGlobalObject.cpp:
+        (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
+
+2016-02-12  Daniel Bates  <dabates@apple.com>
+
+        CSP: 'blob:' URLs should not match 'self' in CSP source expression lists.
+        https://bugs.webkit.org/show_bug.cgi?id=153158
+        <rdar://problem/24383264>
+
+        Reviewed by Brent Fulgham.
+
+        A blob URL should not match source 'self' by section Security Considerations for GUID URL schemes
+        of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/CSP2/> (21 July 2015).
+
+        Tests: http/tests/security/contentSecurityPolicy/blob-url-does-not-match-source-self.html
+               http/tests/security/contentSecurityPolicy/blob-url-matches-source-blob.html
+
+        * page/csp/ContentSecurityPolicySourceList.cpp:
+        (WebCore::ContentSecurityPolicySourceList::matches): Do not make a distinction between URLs that
+        contain a nested URL (e.g. blob://http://www.example.com/...) and URLs that do not contain a nested
+        URL. The URL of the requested resource should be matched against the source list source expressions.
+
+2016-02-12  Daniel Bates  <dabates@apple.com>
+
+        CSP: Implement child-src directive
+        https://bugs.webkit.org/show_bug.cgi?id=153562
+        <rdar://problem/24610087>
+
+        Reviewed by Brent Fulgham.
+
+        Add support for the child-src directive, <https://w3c.github.io/webappsec-csp/2/#child_src> (29 August 2015),
+        which formally replaces the deprecated frame-src directive as of the Content Security Policy 2.0 spec. The
+        child-src directive was first introduced in the Content Security Policy 1.1 spec, <https://www.w3.org/TR/2014/WD-CSP11-20140211/>.
+
+        As a side effect of this change, the script URL for a Web Worker is checked against the child-src directive
+        as opposed to the script-src directive. This is a backward incompatible change from the CSP 1.0 spec.
+
+        Tests: http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-blocked.html
+               http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-redirect-blocked.html
+               http/tests/security/contentSecurityPolicy/1.1/child-src/frame-src-takes-precedence-over-child-src.html
+               http/tests/security/contentSecurityPolicy/1.1/child-src/worker-redirect-blocked.html
+               http/tests/security/isolatedWorld/bypass-main-world-csp-worker-redirect.html
+
+        * loader/DocumentThreadableLoader.cpp:
+        (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Check child-src directive (if applicable).
+        * loader/ThreadableLoader.h: Add enum value EnforceChildSrcDirective to enum class ContentSecurityPolicyEnforcement to
+        enforce the child-src directive on redirect.
+        * page/csp/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Added.
+        * page/csp/ContentSecurityPolicy.h:
+        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
+        (WebCore::ContentSecurityPolicyDirectiveList::checkSourceAndReportViolation): Add message prefix for a child-src violation.
+        We use the same message prefix as used by Blink.
+        (WebCore::ContentSecurityPolicyDirectiveList::allowChildContextFromSource): Added.
+        (WebCore::ContentSecurityPolicyDirectiveList::allowChildFrameFromSource): Modified to check the frame-src
+        directive (if specified) before checking the child-src directive by <https://w3c.github.io/webappsec-csp/2/#directive-child-src-nested>.
+        (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Parse the child-src directive.
+        * page/csp/ContentSecurityPolicyDirectiveList.h:
+        * workers/AbstractWorker.cpp:
+        (WebCore::AbstractWorker::resolveURL): Check if the script URL for the worker is allowed by the child-src directive
+        as opposed to the script-src directive. This is a backwards incompatible change from the CSP 1.0 spec.
+        * workers/Worker.cpp:
+        (WebCore::Worker::create): Enforce the child-src directive on redirects (if applicable).
+
+2016-02-12  Saam barati  <sbarati@apple.com>
+
+        The parser doesn't properly protect against global variable references in builtins
+        https://bugs.webkit.org/show_bug.cgi?id=154144
+
+        Reviewed by Geoffrey Garen.
+
+        Change JS builtins to no longer reference global variables.
+
+        No new tests because old tests cover the issues here.
+
+        * Modules/mediastream/NavigatorUserMedia.js:
+        (webkitGetUserMedia):
+        * Modules/mediastream/RTCPeerConnection.js:
+        (addIceCandidate):
+        (getStats):
+        * Modules/mediastream/RTCPeerConnectionInternals.js:
+        (setLocalOrRemoteDescription):
+        * Modules/plugins/QuickTimePluginReplacement.js:
+        (Replacement.prototype.handleEvent):
+        * Modules/streams/ByteLengthQueuingStrategy.js:
+        (initializeByteLengthQueuingStrategy):
+        * Modules/streams/CountQueuingStrategy.js:
+        (initializeCountQueuingStrategy):
+        * Modules/streams/ReadableStreamInternals.js:
+        (teeReadableStream):
+        * bindings/js/JSDOMGlobalObject.cpp:
+        (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
+        * bindings/js/WebCoreBuiltinNames.h:
+
+2016-02-12  Jiewen Tan  <jiewen_tan@apple.com>
+
+        WebKit should expose the DOM 4 Event.isTrusted property
+        https://bugs.webkit.org/show_bug.cgi?id=76121
+        <rdar://problem/22558494>
+
+        Reviewed by Darin Adler.
+
+        Implements Event.isTrusted. The implementation here is slitely different from and better than
+        the DOM specification. Here Event.isTrusted will be initialized differently depending on the
+        callers of the constructors/create methods. If the caller is from user agent, the isTrusted
+        will be true. Otherwise, it will be false. Since a user agent dispatched event can be catched
+        and re-initialized/redispatched by the bindings, the flag will be unset at *Event::init*Event
+        and EventTarget::dispatchEventForBindings. As currently there is no way to let user agent to
+        dispatch a bindings created event, therefore we ensure that the Event.isTrusted is set for
+        events dispatched by user agent, and unset for those by bindings.
+
+        EventTarget::dispatchEvent(Event*, ExceptionCode&) is renamed to EventTarget::dispatchEventForBindings
+        in this patch as well. So that, together with the improved design of the API, developers in
+        the future will be less likely using a wrong dispatchEvent method and setting Event.isTrusted
+        incorrectly comparing to the DOM design.
+
+        After this patch, all events that are created by user agent should be dispatched by
+        EventTarget::dispatchEvent, and those are created by bindings should be dispatched by
+        EventTarget::dispatchEventForBindings.
+
+        Some of the changes in this patch referred Blink r198996:
+        https://codereview.chromium.org/1241613004
+
+        Test: imported/blink/fast/events/event-trusted.html
+
+        * bindings/scripts/CodeGeneratorGObject.pm:
+        (GenerateEventTargetIface):
+        * dom/Event.cpp:
+        (WebCore::Event::Event):
+        (WebCore::Event::initEvent):
+        * dom/Event.h:
+        (WebCore::Event::isTrusted):
+        (WebCore::Event::setUntrusted):
+        * dom/Event.idl:
+        * dom/EventTarget.cpp:
+        (WebCore::EventTarget::dispatchEventForBindings):
+        (WebCore::EventTarget::dispatchEvent): Deleted.
+        * dom/EventTarget.h:
+        * dom/EventTarget.idl:
+        * page/DOMWindow.idl:
+        * page/EventHandler.cpp:
+        (WebCore::EventHandler::dispatchDragEvent):
+        * workers/WorkerGlobalScope.idl:
+
+2016-02-12  Brady Eidson  <beidson@apple.com>
+
+        Modern IDB: IDBObjectStore and IDBIndex need to be ActiveDOMObjects.
+        https://bugs.webkit.org/show_bug.cgi?id=154153
+
+        Reviewed by Alex Christensen.
+
+        No new tests (No testable change in behavior).
+
+        This is needed so that IDBObjectStore and IDBIndex JS wrappers are not garbage collected
+        while their IDBTransaction is still in progress.
+
+        * Modules/indexeddb/client/IDBIndexImpl.cpp:
+        (WebCore::IDBClient::IDBIndex::IDBIndex):
+        (WebCore::IDBClient::IDBIndex::activeDOMObjectName):
+        (WebCore::IDBClient::IDBIndex::canSuspendForDocumentSuspension):
+        (WebCore::IDBClient::IDBIndex::hasPendingActivity):
+        * Modules/indexeddb/client/IDBIndexImpl.h:
+        
+        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
+        (WebCore::IDBClient::IDBObjectStore::create):
+        (WebCore::IDBClient::IDBObjectStore::IDBObjectStore):
+        (WebCore::IDBClient::IDBObjectStore::activeDOMObjectName):
+        (WebCore::IDBClient::IDBObjectStore::canSuspendForDocumentSuspension):
+        (WebCore::IDBClient::IDBObjectStore::hasPendingActivity):
+        (WebCore::IDBClient::IDBObjectStore::index):
+        * Modules/indexeddb/client/IDBObjectStoreImpl.h:
+        
+        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
+        (WebCore::IDBClient::IDBTransaction::objectStore):
+        (WebCore::IDBClient::IDBTransaction::createObjectStore):
+        (WebCore::IDBClient::IDBTransaction::createIndex):
+
+2016-02-12  Brady Eidson  <beidson@apple.com>
+
+        Modern IDB: Simplify the relationship between IDBObjectStore and IDBIndex.
+        https://bugs.webkit.org/show_bug.cgi?id=154187
+
+        Reviewed by Alex Christensen.
+
+        Tests: storage/indexeddb/modern/deleteindex-3-private.html
+               storage/indexeddb/modern/deleteindex-3.html
+
+        Instead of allowing IDBIndex to have two different lifecycle modes, it is now always
+        owned by an IDBObjectStore.
+        
+        To support the case where an IDBIndex is deleted from its IDBObjectStore, the object
+        store simply hangs on to deleted indexes until it is destroyed itself.
+        
+        * Modules/indexeddb/client/IDBIndexImpl.cpp:
+        (WebCore::IDBClient::IDBIndex::markAsDeleted):
+        (WebCore::IDBClient::IDBIndex::ref):
+        (WebCore::IDBClient::IDBIndex::deref):
+        * Modules/indexeddb/client/IDBIndexImpl.h:
+        
+        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
+        (WebCore::IDBClient::IDBObjectStore::deleteIndex):
+        * Modules/indexeddb/client/IDBObjectStoreImpl.h:
+
+2016-02-12  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        [CSS Font Loading] Implement CSSFontFace Boilerplate
+        https://bugs.webkit.org/show_bug.cgi?id=154145
+
+        Reviewed by Dean Jackson.
+
+        The CSS Font Loading spec[1] dictates that the FontFace object needs to have string
+        accessors and mutators for a bunch of properties. Our CSSFontFace object currently
+        contains this parsed information, but it isn't accessible via string-based methods.
+        This patch adds the necessary accessors and mutators, and migrates CSSFontSelector
+        to use these mutators where necessary.
+
+        There is more work to come on CSSFontFace; the next step is to create an .idl file
+        and hook it up to our CSSFontFace object. In this patch I have left some
+        unimplemented pieces (for example: where the spec dictates that some operation should
+        throw a JavaScript exception) which will be implemented in a follow-up patch. This
+        patch does not have any visible behavior change; I'm separating out the boilerplate
+        into this patch in order to ease reviewing burden.
+
+        This patch separates the externally-facing JavaScript API into a new class, FontFace.
+        This class owns a CSSFontFace, which provides the backing implementation. There will
+        be a system of shared ownership of these objects once FontFaceSet is implemented.
+
+        No new tests because there is no behavior change.
+
+        * CMakeLists.txt: Add new files to CMake builds.
+        * WebCore.vcxproj/WebCore.vcxproj: Ditto for Windows.
+        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
+        * WebCore.xcodeproj/project.pbxproj: Ditto for Cocoa.
+        * css/CSSAllInOne.cpp: Ditto for All-In-One builds.
+        * css/CSSFontFace.cpp: Move shared code from CSSFontSelector into CSSFontFace.
+        (WebCore::CSSFontFace::CSSFontFace):
+        (WebCore::CSSFontFace::~CSSFontFace):
+        (WebCore::CSSFontFace::setFamilies):
+        (WebCore::CSSFontFace::setStyle):
+        (WebCore::CSSFontFace::setWeight):
+        (WebCore::CSSFontFace::setUnicodeRange):
+        (WebCore::CSSFontFace::setVariantLigatures):
+        (WebCore::CSSFontFace::setVariantPosition):
+        (WebCore::CSSFontFace::setVariantCaps):
+        (WebCore::CSSFontFace::setVariantNumeric):
+        (WebCore::CSSFontFace::setVariantAlternates):
+        (WebCore::CSSFontFace::setVariantEastAsian):
+        (WebCore::CSSFontFace::setFeatureSettings):
+        * css/CSSFontFace.h: Clean up.
+        (WebCore::CSSFontFace::create):
+        (WebCore::CSSFontFace::families):
+        (WebCore::CSSFontFace::traitsMask):
+        (WebCore::CSSFontFace::featureSettings):
+        (WebCore::CSSFontFace::variantSettings):
+        (WebCore::CSSFontFace::setVariantSettings):
+        (WebCore::CSSFontFace::setTraitsMask):
+        (WebCore::CSSFontFace::isLocalFallback):
+        (WebCore::CSSFontFace::addRange): Deleted.
+        (WebCore::CSSFontFace::insertFeature): Deleted.
+        (WebCore::CSSFontFace::setVariantCommonLigatures): Deleted.
+        (WebCore::CSSFontFace::setVariantDiscretionaryLigatures): Deleted.
+        (WebCore::CSSFontFace::setVariantHistoricalLigatures): Deleted.
+        (WebCore::CSSFontFace::setVariantContextualAlternates): Deleted.
+        (WebCore::CSSFontFace::setVariantPosition): Deleted.
+        (WebCore::CSSFontFace::setVariantCaps): Deleted.
+        (WebCore::CSSFontFace::setVariantNumericFigure): Deleted.
+        (WebCore::CSSFontFace::setVariantNumericSpacing): Deleted.
+        (WebCore::CSSFontFace::setVariantNumericFraction): Deleted.
+        (WebCore::CSSFontFace::setVariantNumericOrdinal): Deleted.
+        (WebCore::CSSFontFace::setVariantNumericSlashedZero): Deleted.
+        (WebCore::CSSFontFace::setVariantAlternates): Deleted.
+        (WebCore::CSSFontFace::setVariantEastAsianVariant): Deleted.
+        (WebCore::CSSFontFace::setVariantEastAsianWidth): Deleted.
+        (WebCore::CSSFontFace::setVariantEastAsianRuby): Deleted.
+        (WebCore::CSSFontFace::CSSFontFace): Deleted.
+        * css/CSSFontSelector.cpp: Migrate shared code into CSSFontFace, and udpate
+        to use the new API.
+        (WebCore::appendSources):
+        (WebCore::registerLocalFontFacesForFamily):
+        (WebCore::CSSFontSelector::addFontFaceRule):
+        (WebCore::computeTraitsMask): Deleted.
+        (WebCore::createFontFace): Deleted.
+        * css/FontFace.cpp: Added. External JavaScript API. Owns a CSSFontFace.
+        (WebCore::FontFace::FontFace):
+        (WebCore::FontFace::~FontFace):
+        (WebCore::parseString):
+        (WebCore::FontFace::setFamily):
+        (WebCore::FontFace::setStyle):
+        (WebCore::FontFace::setWeight):
+        (WebCore::FontFace::setStretch):
+        (WebCore::FontFace::setUnicodeRange):
+        (WebCore::FontFace::setVariant):
+        (WebCore::FontFace::setFeatureSettings):
+        (WebCore::FontFace::family):
+        (WebCore::FontFace::style):
+        (WebCore::FontFace::weight):
+        (WebCore::FontFace::stretch):
+        (WebCore::FontFace::unicodeRange):
+        (WebCore::FontFace::variant):
+        (WebCore::FontFace::featureSettings):
+        * css/FontFace.h: Added. Ditto.
+        (WebCore::FontFace::create):
+        * css/FontVariantBuilder.cpp: Added. Moved code here from FontVariantBuilder.h.
+        Refactored to support a new client (CSSFontFace).
+        (WebCore::extractFontVariantLigatures):
+        (WebCore::extractFontVariantNumeric):
+        (WebCore::extractFontVariantEastAsian):
+        (WebCore::computeFontVariant):
+        * css/FontVariantBuilder.h: Moved code from here into FontVariantBuilder.cpp.
+        (WebCore::applyValueFontVariantLigatures): Deleted.
+        (WebCore::applyValueFontVariantNumeric): Deleted.
+        (WebCore::applyValueFontVariantEastAsian): Deleted.
+        * css/StyleBuilderCustom.h: Update for new FontVariantBuilder API.
+        (WebCore::StyleBuilderCustom::applyValueFontVariantLigatures):
+        (WebCore::StyleBuilderCustom::applyValueFontVariantNumeric):
+        (WebCore::StyleBuilderCustom::applyValueFontVariantEastAsian):
+        * platform/text/TextFlags.h: Provide convenience classes.
+        (WebCore::FontVariantLigaturesValues::FontVariantLigaturesValues):
+        (WebCore::FontVariantNumericValues::FontVariantNumericValues):
+        (WebCore::FontVariantEastAsianValues::FontVariantEastAsianValues):
+
+2016-02-12  Jer Noble  <jer.noble@apple.com>
+
+        Build fix after r196506; publish MediaResourceLoader.h as a private header so it can be used by
+        TestWebKitAPI.
+
+        * WebCore.xcodeproj/project.pbxproj:
+
+2016-02-11  Jer Noble  <jer.noble@apple.com>
+
+        [Mac] Adopt MediaResourceLoader (instead of CachedResourceLoader) in WebCoreNSURLSession.
+        https://bugs.webkit.org/show_bug.cgi?id=154136
+
+        Reviewed by Alex Christensen.
+
+        MediaResourceLoader already supports using CORS attribute to verify CORS access requirements
+        when loading media resources, so use it, rather than CachedResourceLoader, as the backing for
+        WebCoreNSURLSession.
+
+        * platform/network/cocoa/WebCoreNSURLSession.h:
+        * platform/network/cocoa/WebCoreNSURLSession.mm:
+        (-[WebCoreNSURLSession delegateQueue]):
+        (-[WebCoreNSURLSession streamTaskWithNetService:]):
+        (-[WebCoreNSURLSession isKindOfClass:]):
+        (-[WebCoreNSURLSessionDataTask initWithSession:identifier:request:]):
+        (-[WebCoreNSURLSessionDataTask _restart]):
+        (-[WebCoreNSURLSessionDataTask _cancel]):
+        (-[WebCoreNSURLSessionDataTask resume]):
+        (-[WebCoreNSURLSessionDataTask _timingData]):
+        (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
+        (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
+        (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Deleted.
+        (-[WebCoreNSURLSession loader]): Deleted.
+        (WebCore::WebCoreNSURLSessionDataTaskClient::dataSent): Deleted.
+        (WebCore::WebCoreNSURLSessionDataTaskClient::responseReceived): Deleted.
+        (WebCore::WebCoreNSURLSessionDataTaskClient::dataReceived): Deleted.
+        (WebCore::WebCoreNSURLSessionDataTaskClient::redirectReceived): Deleted.
+        (WebCore::WebCoreNSURLSessionDataTaskClient::notifyFinished): Deleted.
+        (-[WebCoreNSURLSessionDataTask initWithSession:identifier:URL:]): Deleted.
+        (-[WebCoreNSURLSessionDataTask _finish]): Deleted.
+        (-[WebCoreNSURLSessionDataTask _setDefersLoading:]): Deleted.
+        (-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]): Deleted.
+        (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]): Deleted.
+        (-[WebCoreNSURLSessionDataTask resourceFinished:]): Deleted.
+        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
+        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
+
+2016-02-12  Alex Christensen  <achristensen@webkit.org>
+
+        Fix non-internal builds when using NetworkSession
+        https://bugs.webkit.org/show_bug.cgi?id=152285
+
+        * platform/spi/cf/CFNetworkSPI.h:
+        Add SPI declaration used in r194156.
+
+2016-02-12  Andreas Kling  <akling@apple.com>
+
+        Throw out all live resource decoded data on memory pressure / suspension.
+        <https://webkit.org/b/154176>
+
+        Reviewed by Antti Koivisto.
+
+        When pruning live resource decoded data from the memory cache,
+        we normally avoid pruning anything that's been painted in the last second.
+        This is an optimization to avoid getting into image decoding loops.
+
+        For memory pressure / process suspension scenarios this doesn't really
+        make sense though:
+
+            - In the pressure case, if we have to render again soon it'll likely
+              be a new GIF frame which we have to decode anyway.
+
+            - In the process suspension case, we might *never* render again,
+              so we should be good citizens and drop all the decoded data we can.
+
+        This patch makes us drop all the decoded data, recently painted or not.
+
+        * platform/MemoryPressureHandler.cpp:
+        (WebCore::MemoryPressureHandler::releaseCriticalMemory):
+
+2016-02-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Separate out !allowsAccess path in JSDOMWindowCustom getOwnPropertySlot
+        https://bugs.webkit.org/show_bug.cgi?id=154156
+
+        Reviewed by Chris Dumez.
+
+        JSDOMWindowCustom getOwnPropertySlot currently allows cross-origin access to all
+        static properties, relying on the property to perform the access check. This is
+        a little insecure, since it is error prone - someone could easily add a property
+        to the static table without realizing it would be automatcially exposed.
+
+        Instead, add a hard-coded filter to restrict access. As a future implementation
+        we might consider autogenerating this (the properties are already tagged in IDL,
+        we might be able to track this in a flag on the static table).
+
+        By separating out the handling of the same- and cross-origin access we can
+        simplify & make the policy being enforced much clearer.
+
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::objectToStringFunctionGetter): Deleted.
+            - removed objectToStringFunctionGetter - this duplicated functionality of
+              nonCachingStaticFunctionGetter.
+        * bindings/js/JSDOMBinding.h:
+        (WebCore::objectToStringFunctionGetter): Deleted.
+            - removed objectToStringFunctionGetter - this duplicated functionality of
+              nonCachingStaticFunctionGetter.
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::jsDOMWindowGetOwnPropertySlotDisallowAccess):
+            - explicitly handle providing access to only the things we do want to allow cross-origin.
+        (WebCore::JSDOMWindow::getOwnPropertySlot):
+        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
+            - push all !allowsAccess handling to jsDOMWindowGetOwnPropertySlotDisallowAccess
+        (WebCore::childFrameGetter): Deleted.
+            - this was just a deoptimiztion - moving access into a callback saved very
+              little & caused more work to be duplicated.
+
+2016-02-12  Sukolsak Sakshuwong  <sukolsak@gmail.com>
+
+        Update ICU header files to version 52
+        https://bugs.webkit.org/show_bug.cgi?id=154160
+
+        Reviewed by Alex Christensen.
+
+        Update ICU header files to version 52 to allow the use of newer APIs.
+
+        No new tests because there is no behavior change.
+
+        * icu/unicode/bytestream.h:
+        * icu/unicode/chariter.h:
+        * icu/unicode/localpointer.h:
+        * icu/unicode/platform.h:
+        * icu/unicode/ptypes.h:
+        * icu/unicode/putil.h:
+        * icu/unicode/rep.h:
+        (Replaceable::Replaceable):
+        * icu/unicode/std_string.h:
+        * icu/unicode/strenum.h:
+        * icu/unicode/stringpiece.h:
+        * icu/unicode/ubrk.h:
+        * icu/unicode/uchar.h:
+        * icu/unicode/ucnv.h:
+        * icu/unicode/ucol.h:
+        * icu/unicode/ucoleitr.h:
+        * icu/unicode/uconfig.h:
+        * icu/unicode/ucsdet.h:
+        * icu/unicode/uenum.h:
+        * icu/unicode/uidna.h:
+        * icu/unicode/uiter.h:
+        * icu/unicode/uloc.h:
+        * icu/unicode/umachine.h:
+        * icu/unicode/unistr.h:
+        (UnicodeString::UnicodeString):
+        (UnicodeString::operator== ):
+        (UnicodeString::startsWith):
+        (UnicodeString::setTo):
+        (UnicodeString::remove):
+        (UnicodeString::replace): Deleted.
+        (UnicodeString::extract): Deleted.
+        (UnicodeString::char32At): Deleted.
+        (UnicodeString::getChar32Start): Deleted.
+        (UnicodeString::getChar32Limit): Deleted.
+        (UnicodeString::getTerminatedBuffer): Deleted.
+        (UnicodeString::append): Deleted.
+        (UnicodeString::truncate): Deleted.
+        * icu/unicode/unorm2.h:
+        * icu/unicode/uobject.h:
+        * icu/unicode/urename.h:
+        * icu/unicode/uscript.h:
+        * icu/unicode/usearch.h:
+        * icu/unicode/uset.h:
+        * icu/unicode/ushape.h:
+        * icu/unicode/ustring.h:
+        * icu/unicode/utext.h:
+        * icu/unicode/utf.h:
+        * icu/unicode/utf16.h:
+        * icu/unicode/utf8.h:
+        * icu/unicode/utf_old.h:
+        * icu/unicode/utypes.h:
+        * icu/unicode/uvernum.h:
+        * icu/unicode/uversion.h:
+
+2016-02-12  Andreas Kling  <akling@apple.com>
+
+        [Mac] BitmapImage::decodedDataIsPurgeable() is telling lies and causing massive memory usage.
+        <https://webkit.org/b/154172>
+
+        Reviewed by Antti Koivisto.
+
+        The underlying mechanism in CoreAnimation that made this work is no longer in place.
+
+        Instead of keeping purgeable frames and juggling volatility bits, we were simply caching
+        every single frame of large GIF animations, sometimes leading to monstrous memory usage.
+
+        Remove the code from WebCore since it's not doing at all what it means to.
+
+        Now iOS and Mac will behave the same again, and frame caching decisions will be
+        made by WebKit, based on total pixel byte size.
+
+        * loader/cache/CachedImage.h:
+        * loader/cache/CachedResource.h:
+        (WebCore::CachedResource::decodedDataIsPurgeable): Deleted.
+        * loader/cache/MemoryCache.cpp:
+        (WebCore::MemoryCache::pruneLiveResourcesToSize): Deleted.
+        * platform/graphics/BitmapImage.cpp:
+        (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
+        (WebCore::BitmapImage::destroyDecodedDataIfNecessary): Deleted.
+        * platform/graphics/BitmapImage.h:
+        * platform/graphics/Image.h:
+        (WebCore::Image::decodedDataIsPurgeable): Deleted.
+        * platform/graphics/cg/BitmapImageCG.cpp:
+        (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
+        * platform/graphics/cg/ImageSourceCG.cpp:
+        (WebCore::ImageSource::createFrameAtIndex): Deleted.
+
+2016-02-12  Brady Eidson  <beidson@apple.com>
+
+        Modern IDB: Ref cycle between IDBObjectStore and IDBIndex.
+        https://bugs.webkit.org/show_bug.cgi?id=154110
+
+        Reviewed by Darin Adler.
+
+        No new tests (Currently untestable).
+
+        The lifetime of IDBObjectStore and IDBIndex are closely intertwined, but we have to break the ref cycle.
+        
+        This patch does a few semi-gnarly things:
+        1 - Makes both IDBIndex and IDBObjectStore have a custom marking function so they can add each other as 
+            opaque roots.
+        2 - Adds a lock to protect IDBObjectStore's collection of referenced indexes to support #1, as GC marking
+            can happen on any thread.
+        3 - Makes IDBIndex not be traditionally RefCounted; Instead, IDBIndex::ref()/deref() simply ref()/deref()
+            the owning IDBObjectStore.
+        4 - ...Except when somebody deletes an IDBIndex from its IDBObjectStore. Once that happens, the object
+            store no longer has a reference back to the index, but the index still needs a reference back to the
+            object store. To support this, the IDBIndex becomes "traditionally RefCounted" while holding a ref to
+            its IDBObjectStore.
+
+        * CMakeLists.txt:
+        * WebCore.xcodeproj/project.pbxproj:
+
+        * Modules/indexeddb/IDBIndex.h:
+        (WebCore::IDBIndex::isModern):
+        * Modules/indexeddb/IDBIndex.idl:
+        
+        * Modules/indexeddb/IDBObjectStore.h:
+        (WebCore::IDBObjectStore::isModern):
+        * Modules/indexeddb/IDBObjectStore.idl:
+        
+        * Modules/indexeddb/client/IDBIndexImpl.cpp:
+        (WebCore::IDBClient::IDBIndex::objectStore):
+        (WebCore::IDBClient::IDBIndex::openCursor):
+        (WebCore::IDBClient::IDBIndex::doCount):
+        (WebCore::IDBClient::IDBIndex::openKeyCursor):
+        (WebCore::IDBClient::IDBIndex::doGet):
+        (WebCore::IDBClient::IDBIndex::doGetKey):
+        (WebCore::IDBClient::IDBIndex::markAsDeleted):
+        (WebCore::IDBClient::IDBIndex::ref):
+        (WebCore::IDBClient::IDBIndex::deref):
+        (WebCore::IDBClient::IDBIndex::create): Deleted.
+        * Modules/indexeddb/client/IDBIndexImpl.h:
+        (WebCore::IDBClient::IDBIndex::modernObjectStore):
+        
+        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
+        (WebCore::IDBClient::IDBObjectStore::createIndex):
+        (WebCore::IDBClient::IDBObjectStore::index):
+        (WebCore::IDBClient::IDBObjectStore::deleteIndex):
+        (WebCore::IDBClient::IDBObjectStore::visitReferencedIndexes):
+        * Modules/indexeddb/client/IDBObjectStoreImpl.h:
+        
+        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
+        (WebCore::IDBClient::IDBTransaction::createIndex):
+        * Modules/indexeddb/client/IDBTransactionImpl.h:
+        
+        * Modules/indexeddb/legacy/LegacyIndex.cpp:
+        (WebCore::LegacyIndex::ref):
+        (WebCore::LegacyIndex::deref):
+        * Modules/indexeddb/legacy/LegacyIndex.h:
+        
+        * bindings/js/JSIDBIndexCustom.cpp: Added.
+        (WebCore::JSIDBIndex::visitAdditionalChildren):
+        
+        * bindings/js/JSIDBObjectStoreCustom.cpp:
+        (WebCore::JSIDBObjectStore::visitAdditionalChildren):
+
+2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>
+
+        [EFL][GTK] Fix ENABLE(SVG_OTF_CONVERTER) build
+        https://bugs.webkit.org/show_bug.cgi?id=154165
+
+        Reviewed by Alex Christensen.
+
+        * CMakeLists.txt:
+        * css/CSSFontFaceSource.cpp:
+        (WebCore::CSSFontFaceSource::font):
+        * svg/SVGToOTFFontConversion.cpp:
+        * svg/SVGToOTFFontConversion.h:
+
+2016-02-12  Chris Dumez  <cdumez@apple.com>
+
+        Unreviewed nit fixes after r196466.
+
+        * Modules/speech/SpeechSynthesisUtterance.idl: Fix curly bracket
+          placement.
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateHeader): Use wrappableObject instead of domObject.
+        * bindings/scripts/test/*: Rebaseline.
+        * dom/WebKitNamedFlow.idl: Drop unnecessary #if case.
+
+2016-02-12  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK] Properly handle classes inheriting from EventTarget
+        https://bugs.webkit.org/show_bug.cgi?id=154158
+
+        Reviewed by Michael Catanzaro.
+
+        Instead of removing its parent we now handle the case of classes
+        having EventTarget as parent to make them implement the interface
+        instead.
+
+        * bindings/scripts/CodeGeneratorGObject.pm:
+        (ShouldBeExposedAsInterface): Whether the parent given class
+        should be exposed as an interface instead of a parent class.
+        (GetParentClassName): Return Object as parent for classes having
+        a parent that should be exposed as an interface.
+        (GetParentImplClassName): Ditto.
+        (GetBaseClass): Ditto.
+        (GetParentGObjType): Ditto.
+        (SkipFunction): Add FIXME comment.
+        (ImplementsInterface): Helper function to check if a class
+        implements the given interface.
+        (GenerateCFile): Check whether the class implements EventTarget to
+        generate the interface implementation.
+        (GenerateInterface): Do not remove the parent class when it's EventTarget.
+
+2016-02-12  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r196470.
+        https://bugs.webkit.org/show_bug.cgi?id=154167
+
+        Broke some tests (Requested by anttik on #webkit).
+
+        Reverted changeset:
+
+        "Factor class change style invalidation code into a class"
+        https://bugs.webkit.org/show_bug.cgi?id=154163
+        http://trac.webkit.org/changeset/196470
+
+2016-02-12  Antti Koivisto  <antti@apple.com>
+
+        Factor class change style invalidation code into a class
+        https://bugs.webkit.org/show_bug.cgi?id=154163
+
+        Reviewed by Andreas Kling.
+
+        Factor this piece of functionality out of Element and into ClassChangeInvalidation class.
+
+        * CMakeLists.txt:
+        * WebCore.vcxproj/WebCore.vcxproj:
+        * WebCore.xcodeproj/project.pbxproj:
+        * dom/Element.cpp:
+        (WebCore::classStringHasClassName):
+        (WebCore::Element::classAttributeChanged):
+        (WebCore::collectClasses): Deleted.
+        (WebCore::computeClassChange): Deleted.
+        (WebCore::invalidateStyleForClassChange): Deleted.
+        * style/ClassChangeInvalidation.cpp: Added.
+        (WebCore::Style::ClassChangeInvalidation::computeClassChange):
+        (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
+        * style/ClassChangeInvalidation.h: Added.
+        (WebCore::Style::ClassChangeInvalidation::needsInvalidation):
+        (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
+        (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):
+
+2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>
+
+        GCC buildfix in Source/WebCore/svg/SVGToOTFFontConversion.cpp
+        https://bugs.webkit.org/show_bug.cgi?id=154162
+
+        Reviewed by Andreas Kling.
+
+        * svg/SVGToOTFFontConversion.cpp:
+        (WebCore::SVGToOTFFontConverter::finishAppendingKERNSubtable):
+
+2016-02-12  Andreas Kling  <akling@apple.com>
+
+        Don't invalidate the FontCache on memory pressure.
+        <https://webkit.org/b/154161>
+
+        Reviewed by Antti Koivisto.
+
+        Invalidating the FontCache does more harm than good:
+
+            - Anything that's still in the cache at this point is also
+              referenced outside the cache, thus will not actually get deleted.
+
+            - Future deduplication will fail, leading to more objects.
+
+            - The global FontCache generation gets bumped, causing future style
+              recalcs to be less efficient and breaking style sharing.
+
+            - All FontSelector invalidation callbacks will fire, potentially
+              causing forced full-document style recalcs.
+
+        In fact, the only win from invalidating the FontCache comes from some
+        minor shrinkage in the containers that make up the cache itself.
+
+        * platform/MemoryPressureHandler.cpp:
+        (WebCore::MemoryPressureHandler::releaseCriticalMemory): Deleted.
+
+2016-02-11  Chris Dumez  <cdumez@apple.com>
+
+        [Web IDL] interfaces should inherit EventTarget instead of duplicating the EventTarget API
+        https://bugs.webkit.org/show_bug.cgi?id=154121
+        <rdar://problem/24613234>
+
+        Reviewed by Gavin Barraclough.
+
+        Interfaces should inherit EventTarget instead of duplicating the
+        EventTarget API in their IDL. Not only the duplication is ugly and
+        error-prone, but this also does not match the specifications and
+        have subtle web-exposed differences.
+
+        This patch takes care of all interfaces except for DOMWindow and
+        WorkerGlobalScope. Those will be updated in the follow-up patch
+        as they will require a little bit more work and testing.
+
+        We should also be able to get rid of the [EventTarget] WebKit IDL
+        attribute in a follow-up.
+
+        No new tests, already covered by existing tests.
+
+        * Modules/battery/BatteryManager.idl:
+        * Modules/encryptedmedia/MediaKeySession.idl:
+        * Modules/indexeddb/IDBDatabase.h:
+        * Modules/indexeddb/IDBDatabase.idl:
+        * Modules/indexeddb/IDBRequest.h:
+        * Modules/indexeddb/IDBRequest.idl:
+        * Modules/indexeddb/IDBTransaction.h:
+        * Modules/indexeddb/IDBTransaction.idl:
+        * Modules/mediasession/MediaRemoteControls.idl:
+        * Modules/mediasource/MediaSource.h:
+        * Modules/mediasource/MediaSource.idl:
+        * Modules/mediasource/SourceBuffer.h:
+        * Modules/mediasource/SourceBuffer.idl:
+        * Modules/mediasource/SourceBufferList.h:
+        * Modules/mediasource/SourceBufferList.idl:
+        * Modules/mediastream/MediaStream.h:
+        * Modules/mediastream/MediaStream.idl:
+        * Modules/mediastream/MediaStreamTrack.h:
+        * Modules/mediastream/MediaStreamTrack.idl:
+        * Modules/mediastream/RTCDTMFSender.h:
+        * Modules/mediastream/RTCDTMFSender.idl:
+        * Modules/mediastream/RTCDataChannel.h:
+        * Modules/mediastream/RTCDataChannel.idl:
+        * Modules/mediastream/RTCPeerConnection.h:
+        * Modules/mediastream/RTCPeerConnection.idl:
+        * Modules/notifications/Notification.idl:
+        * Modules/speech/SpeechSynthesisUtterance.idl:
+        * Modules/webaudio/AudioContext.idl:
+        * Modules/webaudio/AudioNode.idl:
+        * Modules/websockets/WebSocket.idl:
+        * css/FontLoader.idl:
+        * dom/EventTarget.h:
+        * dom/MessagePort.idl:
+        * dom/Node.h:
+        * dom/Node.idl:
+        * dom/WebKitNamedFlow.idl:
+        * fileapi/FileReader.idl:
+        * html/MediaController.idl:
+        * html/track/AudioTrackList.idl:
+        * html/track/TextTrack.idl:
+        * html/track/TextTrackCue.idl:
+        * html/track/TextTrackList.idl:
+        * html/track/VideoTrackList.idl:
+        * loader/appcache/DOMApplicationCache.h:
+        * loader/appcache/DOMApplicationCache.idl:
+        * page/EventSource.idl:
+        * page/Performance.h:
+        * page/Performance.idl:
+        * workers/Worker.idl:
+        * xml/XMLHttpRequest.h:
+        * xml/XMLHttpRequest.idl:
+        * xml/XMLHttpRequestUpload.idl:
+        - Drop hardcoded EventTarget operations and inherit EventTarget instead.
+        - Drop JSGenerateToNativeObject / JSGenerateToJSObject IDL extended
+          attributes for interfaces inheriting the EventTarget interface as
+          the bindings generator now does this automatically for us.
+        - On native side, have EventTarget subclass ScriptWrappable instead of
+          each of its subclasses doing so. The issue was that
+          EventTargetOwner::finalize() was calling uncacheWrapper() with an
+          EventTarget*, which would not clear inlined cached wrapped (see
+          clearInlineCachedWrapper()) because EventTarget did not subclass
+          ScriptWrappable. However, cacheWrapper() is called is a specific
+          subtype pointer (e.g. Node*) and we would decide to create an
+          inline cached wrapper because Node subclassed ScriptWrappable
+          (as well as EventTarget).
+
+        * WebCore.xcodeproj/project.pbxproj:
+        Export JSEventTarget.h as private header to fix the build.
+
+        * bindings/js/JSDOMBinding.h:
+        (WebCore::wrapperKey):
+        (WebCore::getCachedWrapper):
+        (WebCore::cacheWrapper):
+        (WebCore::uncacheWrapper):
+        Use new wrapperKey() function that is generated for each bindings
+        class that also has wrapperOwner(). This is used instead of the
+        C cast to void* in order to cast to the base wrapped type to fix
+        issues with multiple inheritance. The issue was that cacheWrapper()
+        was getting called with a DOM object subtype pointer (e.g.
+        AudioContext*) but uncacheWrapper() was getting called with a base
+        wrapped type pointer (e.g. EventTarget*). Most of our DOM classes
+        use multiple inheritance and thus the pointer values (used as keys
+        in the weak map) may differ.
+
+        * bindings/js/JSTrackCustom.cpp:
+        (WebCore::toJS):
+        Call CREATE_DOM_WRAPPER() with an actual wrapped type (e.g. AudioTrack)
+        instead of TrackBase type. TrackBase does not have corresponding
+        generated bindings and therefore does not have a wrapperKey()
+        function.
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (ShouldGenerateToWrapped):
+        (ShouldGenerateToJSDeclaration):
+        (GenerateHeader):
+        - Generate a wrapperKey() utility function along-side wrapperOwner()
+          to help cast to the base wrapped type.
+        - Generate toWrapped() / toJS() utility functions for interfaces
+          that inherit EventTarget as those are required by our
+          implementation and this avoids having to explicitly have them in
+          the IDL.
+
+        * bindings/scripts/test/*:
+        Rebaseline bindings tests.
+
+2016-02-11  Brent Fulgham  <bfulgham@apple.com>
+
+        Optimize texture-complete checks
+        https://bugs.webkit.org/show_bug.cgi?id=98308
+
+        Reviewed by Dean Jackson.
+
+        No new tests: No change in behavior.
+
+        * html/canvas/WebGLRenderingContextBase.cpp:
+        (WebCore::WebGLRenderingContextBase::initializeNewContext): Initially consider all
+        textures as suspect.
+        (WebCore::WebGLRenderingContextBase::extensions): New helper function.
+        (WebCore::WebGLRenderingContextBase::reshape): Mark textures as invalid when appropriate.
+        (WebCore::WebGLRenderingContextBase::bindTexture): Identify invalid textures and mark
+        them for later fix-up. Likewise, remove 'known good' textures from the fix-up pass.
+        (WebCore::WebGLRenderingContextBase::deleteTexture): Remove instances of the deleted texture
+        from our set of invalid textures.
+        (WebCore::WebGLRenderingContextBase::checkTextureCompleteness): Only iterate through
+        the 'bad' textures, rather than checking every single texture.
+        * html/canvas/WebGLRenderingContextBase.h:
+
+2016-02-11  Alex Christensen  <achristensen@webkit.org>
+
+        Assert that IDBTransaction::transitionedToFinishing transitions to finishing.
+        https://bugs.webkit.org/show_bug.cgi?id=154061
+
+        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
+        (WebCore::IDBClient::IDBTransaction::transitionedToFinishing):
+        Added assertion that we are transitioning to a finished or finishing state, based on Darin's feedback.
+
+2016-02-11  Enrica Casucci  <enrica@apple.com>
+
+        WebContent process crashes when performing data detection on content with existing data detector links.
+        https://bugs.webkit.org/show_bug.cgi?id=154118
+        rdar://problem/24511860
+
+        Reviewed by Tim Horton.
+
+        The DOM mutation caused by removing the existing links, can shift the range endpoints.
+        We now save the range enpoints as positions so that we can recreate the ranges,
+        if a DOM mutation occurred.
+
+        * editing/cocoa/DataDetection.mm:
+        (WebCore::removeResultLinksFromAnchor):
+        (WebCore::searchForLinkRemovingExistingDDLinks):
+        (WebCore::DataDetection::detectContentInRange):
+
+2016-02-11  Jer Noble  <jer.noble@apple.com>
+
+        Make MediaResourceLoader behave more like a CachedResourceLoader.
+        https://bugs.webkit.org/show_bug.cgi?id=154117
+
+        Reviewed by Alex Christensen.
+
+        MediaResourceLoader currently can only handle a single request at a time. Split the class
+        into two, MediaResourceLoader and MediaResource, effectively wrapping CachedResourceLoader
+        and CachedRawResource respectively. With this devision, the same loader can be used to issue
+        multiple simultaneous resource requests.
+
+        This necessecitates splitting PlatformMediaResource into two classes as well.  To simplify
+        the HTMLMediaElement, MediaPlayer, and MediaPlayerClient APIs, do not require a client
+        object when creating the loader; instead, the client is required to create the resource.
+        This also matches the CachedRawResource API.
+
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::mediaPlayerCreateResourceLoader): Remove the client parameter.
+        * html/HTMLMediaElement.h:
+        * loader/MediaResourceLoader.cpp:
+        (WebCore::MediaResourceLoader::MediaResourceLoader):
+        (WebCore::MediaResourceLoader::~MediaResourceLoader):
+        (WebCore::MediaResourceLoader::requestResource): Renamed from start().
+        (WebCore::MediaResourceLoader::removeResource): Remove resource from live resource list.
+        (WebCore::MediaResource::create): Utility factory.
+        (WebCore::MediaResource::MediaResource):
+        (WebCore::MediaResource::~MediaResource):
+        (WebCore::MediaResource::stop): Moved from MediaResourceLoader.
+        (WebCore::MediaResource::setDefersLoading): Ditto.
+        (WebCore::MediaResource::responseReceived): Ditto.
+        (WebCore::MediaResource::redirectReceived): Ditto.
+        (WebCore::MediaResource::dataSent): Ditto.
+        (WebCore::MediaResource::dataReceived): Ditto.
+        (WebCore::MediaResource::notifyFinished): Ditto.
+        (WebCore::MediaResource::getOrCreateReadBuffer): Ditto.
+        * loader/MediaResourceLoader.h:
+        * platform/graphics/MediaPlayer.cpp:
+        (WebCore::MediaPlayer::createResourceLoader):
+        * platform/graphics/MediaPlayer.h:
+        (WebCore::MediaPlayerClient::mediaPlayerCreateResourceLoader):
+        * platform/graphics/PlatformMediaResourceLoader.h:
+        (WebCore::PlatformMediaResourceClient::~PlatformMediaResourceClient): Renamed from PlatformMediaResourceLoaderClient.
+        (WebCore::PlatformMediaResourceClient::responseReceived): Client methods now take a reference to the resource.
+        (WebCore::PlatformMediaResourceClient::redirectReceived): Ditto.
+        (WebCore::PlatformMediaResourceClient::dataSent): Ditto. 
+        (WebCore::PlatformMediaResourceClient::dataReceived): Ditto.
+        (WebCore::PlatformMediaResourceClient::accessControlCheckFailed): Ditto.
+        (WebCore::PlatformMediaResourceClient::loadFailed): Ditto.
+        (WebCore::PlatformMediaResourceClient::loadFinished): Ditto.
+        (WebCore::PlatformMediaResourceClient::getOrCreateReadBuffer): Ditto.
+        (WebCore::PlatformMediaResourceLoader::PlatformMediaResourceLoader): Ditto.
+        (WebCore::PlatformMediaResource::PlatformMediaResource): 
+        (WebCore::PlatformMediaResource::~PlatformMediaResource): 
+        (WebCore::PlatformMediaResource::setClient):
+        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
+        (webKitWebSrcStart):
+        (webKitWebSrcNeedData):
+        (webKitWebSrcEnoughData):
+        (CachedResourceStreamingClient::getOrCreateReadBuffer):
+        (CachedResourceStreamingClient::responseReceived):
+        (CachedResourceStreamingClient::dataReceived):
+        (CachedResourceStreamingClient::accessControlCheckFailed):
+        (CachedResourceStreamingClient::loadFailed):
+        (CachedResourceStreamingClient::loadFinished):
+
+2016-02-11  Zalan Bujtas  <zalan@apple.com>
+
+        Subpixel rendering: Make focusring painting subpixel aware.
+        https://bugs.webkit.org/show_bug.cgi?id=154111
+
+        Reviewed by David Hyatt.
+
+        Do not integral snap focusring rects while collecting them (use device pixel snapping instead
+        right before passing them to GraphicsContext::drawFocusRing).
+
+        Unable to test.
+
+        * platform/graphics/GraphicsContext.h:
+        * platform/graphics/displaylists/DisplayListItems.h:
+        (WebCore::DisplayList::DrawFocusRingRects::create):
+        (WebCore::DisplayList::DrawFocusRingRects::rects):
+        (WebCore::DisplayList::DrawFocusRingRects::DrawFocusRingRects):
+        * platform/graphics/displaylists/DisplayListRecorder.cpp:
+        (WebCore::DisplayList::Recorder::drawFocusRing):
+        * platform/graphics/displaylists/DisplayListRecorder.h:
+        * platform/graphics/mac/GraphicsContextMac.mm:
+        (WebCore::GraphicsContext::drawFocusRing):
+        * rendering/RenderBlock.cpp:
+        (WebCore::RenderBlock::addFocusRingRectsForInlineChildren):
+        (WebCore::RenderBlock::addFocusRingRects):
+        * rendering/RenderBlock.h:
+        * rendering/RenderBlockFlow.cpp:
+        (WebCore::RenderBlockFlow::addFocusRingRectsForInlineChildren):
+        * rendering/RenderBlockFlow.h:
+        * rendering/RenderBox.cpp:
+        (WebCore::RenderBox::addFocusRingRects):
+        * rendering/RenderBox.h:
+        * rendering/RenderElement.cpp:
+        (WebCore::RenderElement::paintFocusRing):
+        (WebCore::RenderElement::issueRepaintForOutlineAuto):
+        * rendering/RenderInline.cpp:
+        (WebCore::RenderInline::absoluteRects):
+        (WebCore::RenderInline::addFocusRingRects):
+        * rendering/RenderInline.h:
+        * rendering/RenderListBox.cpp:
+        (WebCore::RenderListBox::addFocusRingRects):
+        * rendering/RenderListBox.h:
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::addPDFURLRect):
+        (WebCore::RenderObject::absoluteFocusRingQuads):
+        * rendering/RenderObject.h:
+        (WebCore::RenderObject::addFocusRingRects):
+        * rendering/RenderTextControl.cpp:
+        (WebCore::RenderTextControl::addFocusRingRects):
+        * rendering/RenderTextControl.h:
+        * rendering/svg/RenderSVGContainer.cpp:
+        (WebCore::RenderSVGContainer::addFocusRingRects):
+        * rendering/svg/RenderSVGContainer.h:
+        * rendering/svg/RenderSVGImage.cpp:
+        (WebCore::RenderSVGImage::addFocusRingRects):
+        * rendering/svg/RenderSVGImage.h:
+        * rendering/svg/RenderSVGShape.cpp:
+        (WebCore::RenderSVGShape::addFocusRingRects):
+        * rendering/svg/RenderSVGShape.h:
+
+2016-02-11  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        Addressing post-review comments after r196393
+
+        Unreviewed.
+
+        * css/CSSFontSelector.cpp:
+        (WebCore::CSSFontSelector::getFontFace):
+        * css/CSSSegmentedFontFace.h:
+
+2016-02-11  Antti Koivisto  <antti@apple.com>
+
+        Rename Element::style() to Element::cssomStyle()
+        https://bugs.webkit.org/show_bug.cgi?id=154107
+
+        Reviewed by Alex Christensen.
+
+        It implements the IDL "style" attribute that returns a CSSOM object.
+        Inside WebCore "style" generally refers to a RenderStyle.
+
+        * dom/Element.cpp:
+        (WebCore::Element::hasAttributeNS):
+        (WebCore::Element::cssomStyle):
+        (WebCore::Element::focus):
+        (WebCore::Element::style): Deleted.
+        * dom/Element.h:
+        (WebCore::Element::tagQName):
+        * dom/Element.idl:
+        * dom/StyledElement.cpp:
+        (WebCore::StyledElement::~StyledElement):
+        (WebCore::StyledElement::cssomStyle):
+        (WebCore::StyledElement::style): Deleted.
+        * dom/StyledElement.h:
+        (WebCore::StyledElement::synchronizeStyleAttributeInternal):
+        (WebCore::StyledElement::collectStyleForPresentationAttribute):
+        * editing/Editor.cpp:
+        (WebCore::Editor::applyEditingStyleToElement):
+        * inspector/InspectorCSSAgent.cpp:
+        (WebCore::InspectorCSSAgent::getMatchedStylesForNode):
+        (WebCore::InspectorCSSAgent::getInlineStylesForNode):
+        (WebCore::InspectorCSSAgent::asInspectorStyleSheet):
+        * inspector/InspectorStyleSheet.cpp:
+        (WebCore::InspectorStyleSheetForInlineStyle::didModifyElementAttribute):
+        (WebCore::InspectorStyleSheetForInlineStyle::inlineStyle):
+        (WebCore::InspectorStyleSheetForInlineStyle::elementStyleText):
+        * svg/SVGElement.idl:
+
+2016-02-11  Konstantin Tokarev  <annulen@yandex.ru>
+
+        [cmake] Consolidate TextureMapper file and include dir lists.
+        https://bugs.webkit.org/show_bug.cgi?id=154106
+
+        Reviewed by Michael Catanzaro.
+
+        No new tests needed.
+
+        * CMakeLists.txt: Moved texmap include dir and source list to
+        TextureMapper.cmake, removed non-existent include dir "filters/texmap".
+        * PlatformEfl.cmake: Moved texmap and coordinatedgraphics include
+        dirs and source list to TextureMapper.cmake.
+        * PlatformGTK.cmake: Ditto, also removed non-existent include dir
+        "texmap/threadedcompositor"
+        * PlatformWinCairo.cmake: Moved texmap files to TextureMapper.cmake.
+        * platform/TextureMapper.cmake: Added.
+
+2016-02-11  Chris Dumez  <cdumez@apple.com>
+
+        Move 'length' property to the prototype
+        https://bugs.webkit.org/show_bug.cgi?id=154051
+        <rdar://problem/24577385>
+
+        Reviewed by Darin Adler.
+
+        Move 'length' property to the prototype, where it should be. We used to
+        keep it on the instance because our implementation of
+        getOwnPropertySlot() was wrong for interfaces with a named property
+        getter. However, our implementation of getOwnPropertySlot() is now
+        spec-compliant so this should be OK.
+
+        Moving 'length' to the prototype is also a little bit risky in terms of
+        performance, especially for HTMLCollection / NodeList. However, I did
+        not see an impact on realistic benchmarks like Speedometer and only saw
+        a small impact (< 5%) on micro-benchmarks. I propose we make our behavior
+        correct and monitor performance. If we see any benchmark we care about
+        regress then we should try and optimize while keeping the attribute on
+        the prototype.
+
+        No new tests, already covered by existing tests.
+
+        * bindings/js/JSDOMBinding.h:
+        (WebCore::getStaticValueSlotEntryWithoutCaching):
+        * bindings/js/JSHTMLDocumentCustom.cpp:
+        (WebCore::JSHTMLDocument::getOwnPropertySlot):
+        (WebCore::JSHTMLDocument::nameGetter): Deleted.
+        * bindings/js/JSLocationCustom.cpp:
+        (WebCore::JSLocation::putDelegate):
+        * bindings/js/JSPluginElementFunctions.h:
+        (WebCore::pluginElementCustomGetOwnPropertySlot):
+        * bindings/js/JSStorageCustom.cpp:
+        (WebCore::JSStorage::deleteProperty):
+        (WebCore::JSStorage::deletePropertyByIndex):
+        (WebCore::JSStorage::putDelegate):
+        Leverage the new hasStaticPropertyTable static property in the
+        generated bindings for performance.
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateHeader):
+        Generate a "hasStaticPropertyTable" static const boolean property
+        for each bindings class so we can check at build time if
+        ClassInfo::staticPropHashTable is null.
+
+        (AttributeShouldBeOnInstance):
+        Move "length" to the prototype.
+
+        * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
+        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
+        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
+        * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
+        * bindings/scripts/test/JS/JSTestEventConstructor.h:
+        * bindings/scripts/test/JS/JSTestEventTarget.h:
+        * bindings/scripts/test/JS/JSTestException.h:
+        * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
+        * bindings/scripts/test/JS/JSTestInterface.h:
+        * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h:
+        * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
+        * bindings/scripts/test/JS/JSTestNamedConstructor.h:
+        * bindings/scripts/test/JS/JSTestNode.h:
+        * bindings/scripts/test/JS/JSTestNondeterministic.h:
+        * bindings/scripts/test/JS/JSTestObj.h:
+        * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
+        * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
+        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
+        * bindings/scripts/test/JS/JSTestTypedefs.h:
+        * bindings/scripts/test/JS/JSattribute.h:
+        * bindings/scripts/test/JS/JSreadonly.h:
+        Rebaseline bindings tests.
+
+
+2016-02-11  Csaba Osztrogonác  <ossy@webkit.org>
+
+        Fix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
+        https://bugs.webkit.org/show_bug.cgi?id=154035
+
+        Reviewed by Antti Koivisto.
+
+        Follow-up fix after r196365. Removed guards around slotNodeIndex.
+
+        * dom/ComposedTreeIterator.h:
+        (WebCore::ComposedTreeIterator::Context::Context):
+
+2016-02-10  Ryan Haddad  <ryanhaddad@apple.com>
+
+        Updating bindings test reference file for JSTestEventConstructor.cpp after r196400
+
+        Unreviewed test gardening.
+
+        No new tests needed.
+
+        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
+        (WebCore::JSTestEventConstructorConstructor::construct):
+
+2016-02-10  Eric Carlson  <eric.carlson@apple.com>
+
+        Update "manual" caption track logic
+        https://bugs.webkit.org/show_bug.cgi?id=154084
+        <rdar://problem/24530516>
+
+        Reviewed by Dean Jackson.
+
+        No new tests, media/track/track-manual-mode.html was updated.
+
+        * English.lproj/Localizable.strings: Add new string.
+
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::addTextTrack): track.setManualSelectionMode is no more.
+        (WebCore::HTMLMediaElement::configureTextTrackGroup): Never enable a track automatically when
+          in manual selection mode.
+        (WebCore::HTMLMediaElement::captionPreferencesChanged):  track.setManualSelectionMode is no more.
+
+        * html/track/TextTrack.cpp:
+        (WebCore::TextTrack::containsOnlyForcedSubtitles): Return true for forced tracks.
+        (WebCore::TextTrack::kind): Deleted.
+        * html/track/TextTrack.h:
+
+        * html/track/TrackBase.h:
+        (WebCore::TrackBase::kind): De-virtualize, nobody overrides it.
+
+        * page/CaptionUserPreferencesMediaAF.cpp:
+        (WebCore::trackDisplayName): Include "forced" in the name of forced tracks.
+
+        * platform/LocalizedStrings.cpp:
+        (WebCore::forcedTrackMenuItemText): New.
+        * platform/LocalizedStrings.h:
+
+2016-02-10  Jiewen Tan  <jiewen_tan@apple.com>
+
+        Rename *Event::create* which creates events for bindings to *Event::createForBindings* and cleanup corresponding paths
+        https://bugs.webkit.org/show_bug.cgi?id=153903
+        <rdar://problem/24518146>
+
+        Reviewed by Darin Adler.
+
+        Rename Event::create(const AtomicString&, const EventInit&) to Event::createForBindings
+        (const AtomicString&, const EventInit&) and for all the subclasses as well in order to
+        support Event.isTrusted. Besides, some of the subclasses use the create method for bindings
+        to create events not for bindings and vice versa. Therefore, this patch also cleanup
+        corresponding paths to ensure no misuse of the create mehtod. The same for Event::create()
+        as it is combined with Event::initEvent to create an event for bindings for legacy content.
+
+        After this patch, all call sites of *Event::create* are supposed to use *Event::create
+        to create events for user agent and *Event::createForBindings for bindings.
+
+        No change in behavior.
+
+        * Modules/airplay/WebKitPlaybackTargetAvailabilityEvent.h:
+        (WebCore::WebKitPlaybackTargetAvailabilityEvent::create):
+        (WebCore::WebKitPlaybackTargetAvailabilityEvent::createForBindings):
+        (WebCore::WebKitPlaybackTargetAvailabilityEventInit::WebKitPlaybackTargetAvailabilityEventInit): Deleted.
+        * Modules/encryptedmedia/MediaKeyMessageEvent.cpp:
+        (WebCore::MediaKeyMessageEvent::MediaKeyMessageEvent):
+        (WebCore::MediaKeyMessageEventInit::MediaKeyMessageEventInit): Deleted.
+        * Modules/encryptedmedia/MediaKeyMessageEvent.h:
+        (WebCore::MediaKeyMessageEvent::create):
+        (WebCore::MediaKeyMessageEvent::createForBindings):
+        * Modules/encryptedmedia/MediaKeyNeededEvent.cpp:
+        (WebCore::MediaKeyNeededEvent::MediaKeyNeededEvent):
+        (WebCore::MediaKeyNeededEventInit::MediaKeyNeededEventInit): Deleted.
+        * Modules/encryptedmedia/MediaKeyNeededEvent.h:
+        (WebCore::MediaKeyNeededEvent::create):
+        (WebCore::MediaKeyNeededEvent::createForBindings):
+        * Modules/encryptedmedia/MediaKeySession.cpp:
+        (WebCore::MediaKeySession::sendMessage):
+        * Modules/gamepad/GamepadEvent.h:
+        (WebCore::GamepadEvent::create):
+        (WebCore::GamepadEvent::createForBindings):
+        (WebCore::GamepadEventInit::GamepadEventInit): Deleted.
+        * Modules/indieui/UIRequestEvent.cpp:
+        (WebCore::UIRequestEvent::createForBindings):
+        (WebCore::UIRequestEvent::UIRequestEvent):
+        (WebCore::UIRequestEventInit::UIRequestEventInit): Deleted.
+        (WebCore::UIRequestEvent::create): Deleted.
+        * Modules/indieui/UIRequestEvent.h:
+        * Modules/mediastream/MediaStreamEvent.cpp:
+        (WebCore::MediaStreamEvent::createForBindings):
+        (WebCore::MediaStreamEventInit::MediaStreamEventInit): Deleted.
+        (WebCore::MediaStreamEvent::create): Deleted.
+        * Modules/mediastream/MediaStreamEvent.h:
+        * Modules/mediastream/MediaStreamTrackEvent.cpp:
+        (WebCore::MediaStreamTrackEvent::createForBindings):
+        (WebCore::MediaStreamTrackEventInit::MediaStreamTrackEventInit): Deleted.
+        (WebCore::MediaStreamTrackEvent::create): Deleted.
+        * Modules/mediastream/MediaStreamTrackEvent.h:
+        * Modules/mediastream/RTCDTMFToneChangeEvent.cpp:
+        (WebCore::RTCDTMFToneChangeEvent::createForBindings):
+        (WebCore::RTCDTMFToneChangeEvent::create): Deleted.
+        * Modules/mediastream/RTCDTMFToneChangeEvent.h:
+        * Modules/mediastream/RTCDataChannelEvent.cpp:
+        (WebCore::RTCDataChannelEvent::createForBindings):
+        (WebCore::RTCDataChannelEvent::create): Deleted.
+        * Modules/mediastream/RTCDataChannelEvent.h:
+        * Modules/mediastream/RTCIceCandidateEvent.cpp:
+        (WebCore::RTCIceCandidateEvent::createForBindings):
+        (WebCore::RTCIceCandidateEvent::create): Deleted.
+        * Modules/mediastream/RTCIceCandidateEvent.h:
+        * Modules/mediastream/RTCTrackEvent.cpp:
+        (WebCore::RTCTrackEvent::createForBindings):
+        (WebCore::RTCTrackEventInit::RTCTrackEventInit): Deleted.
+        (WebCore::RTCTrackEvent::create): Deleted.
+        * Modules/mediastream/RTCTrackEvent.h:
+        * Modules/speech/SpeechSynthesisEvent.cpp:
+        (WebCore::SpeechSynthesisEvent::createForBindings):
+        (WebCore::SpeechSynthesisEvent::create):
+        (WebCore::SpeechSynthesisEvent::SpeechSynthesisEvent):
+        * Modules/speech/SpeechSynthesisEvent.h:
+        * Modules/webaudio/AudioProcessingEvent.cpp:
+        (WebCore::AudioProcessingEvent::create): Deleted.
+        * Modules/webaudio/AudioProcessingEvent.h:
+        (WebCore::AudioProcessingEvent::create):
+        (WebCore::AudioProcessingEvent::createForBindings):
+        * Modules/webaudio/OfflineAudioCompletionEvent.cpp:
+        (WebCore::OfflineAudioCompletionEvent::createForBindings):
+        (WebCore::OfflineAudioCompletionEvent::create): Deleted.
+        * Modules/webaudio/OfflineAudioCompletionEvent.h:
+        * Modules/websockets/CloseEvent.h:
+        (WebCore::CloseEvent::create):
+        (WebCore::CloseEvent::createForBindings):
+        (WebCore::CloseEvent::CloseEvent):
+        (WebCore::CloseEventInit::CloseEventInit): Deleted.
+        * bindings/objc/DOM.mm:
+        (-[DOMNode nextFocusNode]):
+        (-[DOMNode previousFocusNode]):
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateConstructorDefinition):
+        * dom/AnimationEvent.cpp:
+        (WebCore::AnimationEventInit::AnimationEventInit): Deleted.
+        * dom/AnimationEvent.h:
+        * dom/BeforeLoadEvent.h:
+        (WebCore::BeforeLoadEventInit::BeforeLoadEventInit): Deleted.
+        * dom/ClipboardEvent.h:
+        * dom/CompositionEvent.cpp:
+        (WebCore::CompositionEventInit::CompositionEventInit): Deleted.
+        * dom/CompositionEvent.h:
+        * dom/CustomEvent.cpp:
+        (WebCore::CustomEventInit::CustomEventInit): Deleted.
+        * dom/CustomEvent.h:
+        * dom/DeviceMotionEvent.h:
+        * dom/DeviceOrientationEvent.h:
+        * dom/Document.cpp:
+        (WebCore::Document::createEvent):
+        * dom/Element.cpp:
+        (WebCore::Element::dispatchMouseEvent):
+        * dom/ErrorEvent.cpp:
+        (WebCore::ErrorEventInit::ErrorEventInit): Deleted.
+        * dom/ErrorEvent.h:
+        * dom/Event.cpp:
+        (WebCore::EventInit::EventInit): Deleted.
+        * dom/Event.h:
+        (WebCore::Event::createForBindings):
+        (WebCore::Event::create): Deleted.
+        * dom/FocusEvent.cpp:
+        (WebCore::FocusEventInit::FocusEventInit): Deleted.
+        * dom/FocusEvent.h:
+        * dom/HashChangeEvent.h:
+        (WebCore::HashChangeEventInit::HashChangeEventInit): Deleted.
+        * dom/KeyboardEvent.cpp:
+        (WebCore::KeyboardEvent::KeyboardEvent):
+        (WebCore::KeyboardEventInit::KeyboardEventInit): Deleted.
+        * dom/KeyboardEvent.h:
+        * dom/MessageEvent.cpp:
+        (WebCore::MessageEvent::MessageEvent):
+        (WebCore::MessageEventInit::MessageEventInit): Deleted.
+        * dom/MessageEvent.h:
+        * dom/MouseEvent.cpp:
+        (WebCore::MouseEvent::createForBindings):
+        (WebCore::MouseEvent::create):
+        (WebCore::MouseEvent::MouseEvent):
+        (WebCore::MouseEvent::cloneFor):
+        (WebCore::MouseEventInit::MouseEventInit): Deleted.
+        * dom/MouseEvent.h:
+        (WebCore::MouseEvent::createForBindings):
+        (WebCore::MouseEvent::create): Deleted.
+        * dom/MouseRelatedEvent.cpp:
+        (WebCore::MouseRelatedEvent::MouseRelatedEvent):
+        (WebCore::MouseRelatedEvent::init):
+        * dom/MouseRelatedEvent.h:
+        (WebCore::MouseRelatedEvent::screenX):
+        (WebCore::MouseRelatedEvent::screenY):
+        (WebCore::MouseRelatedEvent::screenLocation):
+        (WebCore::MouseRelatedEvent::clientX):
+        (WebCore::MouseRelatedEvent::clientY):
+        (WebCore::MouseRelatedEvent::movementX):
+        (WebCore::MouseRelatedEvent::movementY):
+        (WebCore::MouseRelatedEvent::clientLocation):
+        (WebCore::MouseRelatedEvent::isSimulated):
+        (WebCore::MouseRelatedEvent::absoluteLocation):
+        (WebCore::MouseRelatedEvent::setAbsoluteLocation):
+        * dom/MutationEvent.h:
+        * dom/OverflowEvent.cpp:
+        (WebCore::OverflowEvent::OverflowEvent):
+        (WebCore::OverflowEvent::initOverflowEvent):
+        (WebCore::OverflowEventInit::OverflowEventInit): Deleted.
+        * dom/OverflowEvent.h:
+        * dom/PageTransitionEvent.cpp:
+        (WebCore::PageTransitionEventInit::PageTransitionEventInit): Deleted.
+        * dom/PageTransitionEvent.h:
+        * dom/PopStateEvent.cpp:
+        (WebCore::PopStateEvent::createForBindings):
+        (WebCore::PopStateEventInit::PopStateEventInit): Deleted.
+        (WebCore::PopStateEvent::PopStateEvent): Deleted.
+        (WebCore::PopStateEvent::create): Deleted.
+        * dom/PopStateEvent.h:
+        * dom/ProgressEvent.cpp:
+        (WebCore::ProgressEventInit::ProgressEventInit): Deleted.
+        * dom/ProgressEvent.h:
+        (WebCore::ProgressEvent::createForBindings):
+        (WebCore::ProgressEvent::create): Deleted.
+        * dom/SecurityPolicyViolationEvent.h:
+        (WebCore::SecurityPolicyViolationEventInit::SecurityPolicyViolationEventInit): Deleted.
+        * dom/TextEvent.cpp:
+        (WebCore::TextEvent::createForBindings):
+        (WebCore::TextEvent::create): Deleted.
+        * dom/TextEvent.h:
+        * dom/TouchEvent.h:
+        * dom/TransitionEvent.cpp:
+        (WebCore::TransitionEventInit::TransitionEventInit): Deleted.
+        * dom/TransitionEvent.h:
+        * dom/UIEvent.cpp:
+        (WebCore::UIEventInit::UIEventInit): Deleted.
+        * dom/UIEvent.h:
+        (WebCore::UIEvent::createForBindings):
+        (WebCore::UIEvent::create): Deleted.
+        * dom/UIEventWithKeyState.h:
+        (WebCore::UIEventWithKeyState::ctrlKey):
+        (WebCore::UIEventWithKeyState::shiftKey):
+        (WebCore::UIEventWithKeyState::altKey):
+        (WebCore::UIEventWithKeyState::metaKey):
+        (WebCore::UIEventWithKeyState::UIEventWithKeyState):
+        * dom/WebKitAnimationEvent.cpp:
+        (WebCore::WebKitAnimationEventInit::WebKitAnimationEventInit): Deleted.
+        * dom/WebKitAnimationEvent.h:
+        * dom/WebKitTransitionEvent.cpp:
+        (WebCore::WebKitTransitionEventInit::WebKitTransitionEventInit): Deleted.
+        * dom/WebKitTransitionEvent.h:
+        * dom/WheelEvent.h:
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::mediaPlayerKeyAdded):
+        (WebCore::HTMLMediaElement::mediaPlayerKeyError):
+        (WebCore::HTMLMediaElement::mediaPlayerKeyMessage):
+        (WebCore::HTMLMediaElement::mediaPlayerKeyNeeded):
+        * html/MediaKeyEvent.cpp:
+        (WebCore::MediaKeyEvent::MediaKeyEvent):
+        (WebCore::MediaKeyEventInit::MediaKeyEventInit): Deleted.
+        * html/MediaKeyEvent.h:
+        * html/canvas/WebGLContextEvent.cpp:
+        (WebCore::WebGLContextEventInit::WebGLContextEventInit): Deleted.
+        * html/canvas/WebGLContextEvent.h:
+        * html/track/TrackEvent.cpp:
+        (WebCore::TrackEvent::TrackEvent):
+        (WebCore::TrackEventInit::TrackEventInit): Deleted.
+        * html/track/TrackEvent.h:
+        * html/track/TrackListBase.cpp:
+        (TrackListBase::scheduleTrackEvent):
+        (TrackListBase::scheduleChangeEvent):
+        * page/EventSource.cpp:
+        (WebCore::EventSource::createMessageEvent):
+        * page/csp/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::reportViolation):
+        (WebCore::gatherSecurityPolicyViolationEventData): Deleted.
+        * storage/StorageEvent.cpp:
+        (WebCore::StorageEvent::createForBindings):
+        (WebCore::StorageEventInit::StorageEventInit): Deleted.
+        (WebCore::StorageEvent::create): Deleted.
+        * storage/StorageEvent.h:
+        * svg/SVGZoomEvent.h:
+        (WebCore::SVGZoomEvent::createForBindings):
+        (WebCore::SVGZoomEvent::create): Deleted.
+        * xml/XMLHttpRequestProgressEvent.h:
+        (WebCore::XMLHttpRequestProgressEvent::createForBindings):
+        (WebCore::XMLHttpRequestProgressEvent::create): Deleted.
+
+2016-02-10  Ryan Haddad  <ryanhaddad@apple.com>
+
+        Rebaselining bindings tests
+
+        Unreviewed test gardening.
+
+        No new tests needed.
+
+        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
+        * bindings/scripts/test/JS/JSTestCallback.cpp:
+        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
+        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
+        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
+        * bindings/scripts/test/JS/JSTestException.cpp:
+        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
+        * bindings/scripts/test/JS/JSTestInterface.cpp:
+        * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
+        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
+        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
+        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
+        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
+        * bindings/scripts/test/JS/JSattribute.cpp:
+        * bindings/scripts/test/JS/JSreadonly.cpp:
+
+2016-02-10  Konstantin Tokarev  <annulen@yandex.ru>
+
+        [cmake] Consolidate CMake code related to image decoders.
+        https://bugs.webkit.org/show_bug.cgi?id=154074
+
+        Reviewed by Alex Christensen.
+
+        Common image decoder sources, includes and libs are moved to
+        platform/ImageDecoders.cmake.
+
+        Also, added include directories of libjpeg and libpng to
+        WebCore_SYSTEM_INCLUDE_DIRECTORIES.
+
+        No new tests needed.
+
+        * CMakeLists.txt: Moved common include paths to ImageDecoders.cmake.
+        * PlatformEfl.cmake: Moved common sources and libs to ImageDecoders.cmake.
+        * PlatformGTK.cmake: Ditto.
+        * PlatformWinCairo.cmake: Moved common sources to ImageDecoders.cmake.
+        * platform/ImageDecoders.cmake: Added.
+
+2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        CSSSegmentedFontFace does not need to be reference counted
+        https://bugs.webkit.org/show_bug.cgi?id=154083
+
+        Reviewed by Antti Koivisto.
+
+        ...There is only ever a single reference to one.
+
+        No new tests because there is no behavior change.
+
+        * css/CSSFontSelector.cpp:
+        (WebCore::CSSFontSelector::getFontFace):
+        * css/CSSFontSelector.h:
+        * css/CSSSegmentedFontFace.h:
+        (WebCore::CSSSegmentedFontFace::create): Deleted.
+
+2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        FontCache's clients should use references instead of pointers
+        https://bugs.webkit.org/show_bug.cgi?id=154085
+
+        Reviewed by Antti Koivisto.
+
+        They are never null.
+
+        No new tests because there is no behavior change.
+
+        * css/CSSFontSelector.cpp:
+        (WebCore::CSSFontSelector::CSSFontSelector):
+        (WebCore::CSSFontSelector::~CSSFontSelector):
+        * platform/graphics/FontCache.cpp:
+        (WebCore::FontCache::addClient):
+        (WebCore::FontCache::removeClient):
+        * platform/graphics/FontCache.h:
+
+2016-02-10  Chris Dumez  <cdumez@apple.com>
+
+        [Web IDL] interface objects should be Function objects
+        https://bugs.webkit.org/show_bug.cgi?id=154038
+        <rdar://problem/24569358>
+
+        Reviewed by Geoffrey Garen.
+
+        interface objects should be Function objects as per Web IDL:
+        - http://heycam.github.io/webidl/#interface-object
+        - http://heycam.github.io/webidl/#es-interfaces
+
+        So window.Event should be a Function object for e.g. but in WebKit it
+        is a regular EventConstructor JSObject.
+        Firefox and Chrome match the specification.
+
+        Test: js/interface-objects.html
+
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::callThrowTypeError):
+        (WebCore::DOMConstructorObject::getCallData):
+        When calling the interface object as a function, we throw a TypeError
+        with a message asking to use the 'new' operator to match the behavior
+        of Firefox and Chrome.
+
+        * bindings/js/JSDOMBinding.h:
+        Add JSC::TypeOfShouldCallGetCallData structure flag and implement
+        getCallData() so that typeof returns "function", as per the
+        specification and the behavior of other browsers.
+
+        (WebCore::DOMConstructorObject::className):
+        Implement className() and return "Function" to match the specification and
+        other browsers. Otherwise, it would fall back to using ClassInfo::className
+        which os the function name and interface name (e.g. "Event").
+
+        * bindings/js/JSDOMConstructor.h:
+        (WebCore::JSDOMConstructorNotConstructable::callThrowTypeError):
+        (WebCore::JSDOMConstructorNotConstructable::getCallData):
+        As per the specification, interfaces that do not have a [Constructor]
+        should throw a TypeError when called as a function. Use the "Illegal
+        constructor" error message to match Firefox and Chrome.
+
+        * bindings/js/JSDOMGlobalObject.h:
+        (WebCore::getDOMConstructor):
+        Instead of using objectPrototype as prototype for all DOM constructors,
+        we now call the prototypeForStructure() static function that is
+        generated for each bindings class. As per the Web IDL specification,
+        The [[Prototype]] internal property of an interface object for a
+        non-callback interface is determined as follows:
+        1. If the interface inherits from some other interface, the value of
+           [[Prototype]] is the interface object for that other interface.
+        2. If the interface doesn't inherit from any other interface, the value
+           of [[Prototype]] is %FunctionPrototype% ([ECMA-262], section 6.1.7.4).
+
+        * bindings/js/JSImageConstructor.cpp:
+        (WebCore::JSImageConstructor::prototypeForStructure):
+        Have the Image's interface object use HTMLElement's interface object
+        as prototype as HTMLImageElement inherits HTMLElement.
+
+        * bindings/scripts/CodeGenerator.pm:
+        (getInterfaceExtendedAttributesFromName):
+        Add a utility function to cheaply retrieve an interface's IDL extended
+        attributes without actually parsing the IDL. This is used to check if
+        an interface's parent is marked as [NoInterfaceObject] currently.
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateHeader):
+        (GenerateImplementation):
+        (GenerateCallbackHeader):
+        (GenerateCallbackImplementation):
+        Mark JSGlobalObject* parameter as const as the implementation does not
+        alter the globalObject.
+
+        (GenerateConstructorHelperMethods):
+        - Generate prototypeForStructure() function for each bindings class that
+          is not marked as [NoInterfaceObject] so getDOMConstructor() knows which
+          prototype to use for the interface object / constructor when constructing
+          it.
+        - Use the interface name for the interface object, without the "Constructor"
+          suffix, to match the behavior of Firefox and Chrome.
+
+        * bindings/scripts/test/*:
+        Rebaseline bindings tests.
+
+2016-02-10  Jer Noble  <jer.noble@apple.com>
+
+        [Mac] Graphical corruption in videos when enabling custom loading path
+        https://bugs.webkit.org/show_bug.cgi?id=154044
+
+        Reviewed by Alex Christensen.
+
+        Revert the "Drive-by fix" in r196345 as it breaks the WebCoreNSURLSessionTests.BasicOperation API test.
+
+        * platform/network/cocoa/WebCoreNSURLSession.mm:
+        (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
+
+2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        CSSSegmentedFontFace does not need to be reference counted
+        https://bugs.webkit.org/show_bug.cgi?id=154083
+
+        Reviewed by Antti Koivisto.
+
+        ...There is only ever a single reference to one.
+
+        No new tests because there is no behavior change.
+
+        * css/CSSFontSelector.cpp:
+        (WebCore::CSSFontSelector::getFontFace):
+        * css/CSSFontSelector.h:
+        * css/CSSSegmentedFontFace.h:
+        (WebCore::CSSSegmentedFontFace::create): Deleted.
+
+2016-02-10  Antti Koivisto  <antti@apple.com>
+
+        Optimize style invalidation after class attribute change
+        https://bugs.webkit.org/show_bug.cgi?id=154075
+        rdar://problem/12526450
+
+        Reviewed by Andreas Kling.
+
+        Currently a class attribute change invalidates style for the entire element subtree for any class found in the
+        active stylesheet set.
+
+        This patch optimizes class changes by building a new optimization structure called ancestorClassRules. It contains
+        rules that have class selectors in the portion of the complex selector that matches ancestor elements. The sets
+        of rules are hashes by the class name.
+
+        On class attribute change the existing StyleInvalidationAnalysis mechanism is used with ancestorClassRules to invalidate
+        exactly those descendants that are affected by the addition or removal of the class name. This is fast because the CSS JIT
+        makes selector matching cheap and the number of relevant rules is typically small.
+
+        This optimization is very effective on many dynamic pages. For example when focusing and unfocusing the web inspector it
+        cuts down the number of resolved elements from ~1000 to ~50. Even in PLT it reduces the number of resolved elements by ~11%.
+
+        * css/DocumentRuleSets.cpp:
+        (WebCore::DocumentRuleSets::collectFeatures):
+        (WebCore::DocumentRuleSets::ancestorClassRules):
+
+            Create optimization RuleSets on-demand when there is an actual dynamic class change.
+
+        * css/DocumentRuleSets.h:
+        (WebCore::DocumentRuleSets::features):
+        (WebCore::DocumentRuleSets::sibling):
+        (WebCore::DocumentRuleSets::uncommonAttribute):
+        * css/ElementRuleCollector.cpp:
+        (WebCore::ElementRuleCollector::ElementRuleCollector):
+
+            Add a new constructor that doesn't requires DocumentRuleSets. Only the user and author style is required.
+
+        (WebCore::ElementRuleCollector::matchAuthorRules):
+        (WebCore::ElementRuleCollector::matchUserRules):
+        * css/ElementRuleCollector.h:
+        * css/RuleFeature.cpp:
+        (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
+
+            Collect class names that show up in the ancestor portion of the selector.
+            Make this a member.
+
+        (WebCore::RuleFeatureSet::collectFeatures):
+
+            Move this code from RuleData.
+            Add the rule to ancestorClassRules if needed.
+
+        (WebCore::RuleFeatureSet::add):
+        (WebCore::RuleFeatureSet::clear):
+        (WebCore::RuleFeatureSet::shrinkToFit):
+        (WebCore::recursivelyCollectFeaturesFromSelector): Deleted.
+        (WebCore::RuleFeatureSet::collectFeaturesFromSelector): Deleted.
+        * css/RuleFeature.h:
+        (WebCore::RuleFeature::RuleFeature):
+        (WebCore::RuleFeatureSet::RuleFeatureSet): Deleted.
+        * css/RuleSet.cpp:
+        (WebCore::RuleData::RuleData):
+        (WebCore::RuleSet::RuleSet):
+        (WebCore::RuleSet::~RuleSet):
+        (WebCore::RuleSet::addToRuleSet):
+        (WebCore::RuleSet::addRule):
+        (WebCore::RuleSet::addRulesFromSheet):
+        (WebCore::collectFeaturesFromRuleData): Deleted.
+        * css/RuleSet.h:
+        (WebCore::RuleSet::tagRules):
+        (WebCore::RuleSet::RuleSet): Deleted.
+        * css/StyleInvalidationAnalysis.cpp:
+        (WebCore::shouldDirtyAllStyle):
+        (WebCore::StyleInvalidationAnalysis::StyleInvalidationAnalysis):
+
+            Add a new constructor that takes a ready made RuleSet instead of a stylesheet.
+
+        (WebCore::StyleInvalidationAnalysis::invalidateIfNeeded):
+        (WebCore::StyleInvalidationAnalysis::invalidateStyleForTree):
+        (WebCore::StyleInvalidationAnalysis::invalidateStyle):
+        (WebCore::StyleInvalidationAnalysis::invalidateStyle):
+
+            New function for invalidating a subtree instead of the whole document.
+
+        * css/StyleInvalidationAnalysis.h:
+        (WebCore::StyleInvalidationAnalysis::dirtiesAllStyle):
+        (WebCore::StyleInvalidationAnalysis::hasShadowPseudoElementRulesInAuthorSheet):
+        * dom/Element.cpp:
+        (WebCore::classStringHasClassName):
+        (WebCore::collectClasses):
+        (WebCore::computeClassChange):
+
+            Factor to return the changed classes.
+
+        (WebCore::invalidateStyleForClassChange):
+
+            First filter out classes that don't show up in stylesheets. If something remains invalidate the current
+            element for inline style change (that is a style change that doesn't affect descendants).
+
+            Next check if there are any ancestorClassRules for the changed class. If so use the StyleInvalidationAnalysis
+            to find any affected descendants and invalidate them with inline style change as well.
+
+        (WebCore::Element::classAttributeChanged):
+
+            Invalidate for removed classes before setting new attribute value, invalidate for added classes afterwards.
+
+        (WebCore::Element::absoluteLinkURL):
+        (WebCore::checkSelectorForClassChange): Deleted.
+        * dom/ElementData.h:
+        (WebCore::ElementData::setClassNames):
+        (WebCore::ElementData::classNames):
+        (WebCore::ElementData::classNamesMemoryOffset):
+        (WebCore::ElementData::clearClass): Deleted.
+        (WebCore::ElementData::setClass): Deleted.
+
+2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        Addressing post-review comments after r196322
+
+        Unreviwed.
+
+        * css/CSSFontFaceSource.cpp:
+        (WebCore::CSSFontFaceSource::font):
+        * css/CSSFontFaceSource.h:
+
+2016-02-10  Chris Dumez  <cdumez@apple.com>
+
+        Attributes on the Window instance should be configurable unless [Unforgeable]
+        https://bugs.webkit.org/show_bug.cgi?id=153920
+        <rdar://problem/24563211>
+
+        Reviewed by Darin Adler.
+
+        Attributes on the Window instance should be configurable unless [Unforgeable]:
+        1. 'constructor' property:
+           - http://www.w3.org/TR/WebIDL/#interface-prototype-object
+        2. Constructor properties (e.g. window.Node):
+           - http://www.w3.org/TR/WebIDL/#es-interfaces
+        3. IDL attributes:
+           - http://heycam.github.io/webidl/#es-attributes (configurable unless
+             [Unforgeable], e.g. window.location)
+
+        Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.
+
+        Test: fast/dom/Window/window-properties-configurable.html
+
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::JSDOMWindow::getOwnPropertySlot):
+        For known Window properties (i.e. properties in the static property table),
+        if we have reified and this is same-origin access, then call
+        Base::getOwnPropertySlot() to get the property from the local property
+        storage. If we have not reified yet, or this is cross-origin access, query
+        the static property table. This is to match the behavior of Firefox and
+        Chrome which seem to keep returning the original properties upon cross
+        origin access, even if those were deleted or redefined.
+
+        (WebCore::JSDOMWindow::put):
+        The previous code used to call the static property setter for properties in
+        the static table. However, this does not do the right thing if properties
+        were reified. For example, deleting window.name and then trying to set it
+        again would not work. Therefore, update this code to only do this if the
+        properties have not been reified, similarly to what is done in
+        JSObject::putInlineSlow().
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (ConstructorShouldBeOnInstance):
+        Add a FIXME comment indicating that window.constructor should be on
+        the prototype as per the Web IDL specification.
+
+        (GenerateAttributesHashTable):
+        - Mark 'constructor' property as configurable for Window, as per the
+          specification and consistently with other 'constructor' properties:
+          http://www.w3.org/TR/WebIDL/#interface-prototype-object
+        - Mark properties as configurable even though they are on the instance.
+          Window has its properties on the instance as per the specification:
+          1. http://heycam.github.io/webidl/#es-attributes
+          2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
+          However, these properties should be configurable as long as they are
+          not marked as [Unforgeable], as per 1.
+
+        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
+        * bindings/scripts/test/JS/JSTestException.cpp:
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        Rebaseline bindings tests.
+
+2016-02-10  Brady Eidson  <beidson@apple.com>
+
+        Modern IDB: Ref cycle between IDBObjectStore and IDBTransaction.
+        https://bugs.webkit.org/show_bug.cgi?id=154061
+
+        Reviewed by Alex Christensen.
+
+        No new tests (Currently untestable).
+
+        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
+        (WebCore::IDBClient::IDBTransaction::transitionedToFinishing): Make sure the new state makes sense,
+          set the new state, and then clear the set of referenced object stores which is no longer needed.
+        (WebCore::IDBClient::IDBTransaction::abort):
+        (WebCore::IDBClient::IDBTransaction::commit):
+        * Modules/indexeddb/client/IDBTransactionImpl.h:
+
+2016-02-10  Jer Noble  <jer.noble@apple.com>
+
+        REGRESSION(r195770): Use-after-free in ResourceLoaderOptions::cachingPolicy
+        https://bugs.webkit.org/show_bug.cgi?id=153727
+        <rdar://problem/24429886>
+
+        Reviewed by Darin Adler.
+
+        Follow-up after r195965. Only protect those parts of CachedResource::removeClient() which
+        affect the MemoryCache when allowsCaching() is false.
+
+        * loader/cache/CachedResource.cpp:
+        (WebCore::CachedResource::removeClient):
+
+2016-02-10  Csaba Osztrogonác  <ossy@webkit.org>
+
+        Fix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
+        https://bugs.webkit.org/show_bug.cgi?id=154035
+
+        Reviewed by Antti Koivisto.
+
+        * dom/ComposedTreeIterator.h:
+        (WebCore::ComposedTreeIterator::Context::Context):
+
+2016-02-09  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK] Toggle buttons are blurry with GTK+ 3.19
+        https://bugs.webkit.org/show_bug.cgi?id=154007
+
+        Reviewed by Michael Catanzaro.
+
+        Use min-width/min-height style properties when GTK+ >= 3.19.7 to
+        get the size of toggle buttons.
+
+        * rendering/RenderThemeGtk.cpp:
+        (WebCore::setToggleSize):
+        (WebCore::paintToggle):
+
+2016-02-09  Aakash Jain  <aakash_jain@apple.com>
+
+        Headers that use WEBCORE_EXPORT should include PlatformExportMacros.h
+        https://bugs.webkit.org/show_bug.cgi?id=146984
+
+        Reviewed by Alexey Proskuryakov.
+
+        * Modules/speech/SpeechSynthesis.h:
+        * contentextensions/ContentExtensionError.h:
+        * dom/DeviceOrientationClient.h:
+        * platform/graphics/Color.h:
+        * platform/ios/wak/WebCoreThread.h:
+        * platform/network/CacheValidation.h:
+        * platform/network/cf/CertificateInfo.h:
+
 2016-02-09  Nan Wang  <n_wang@apple.com>
 
         AX: Implement word related text marker functions using TextIterator