Add version number for default stylesheet
[WebKit-https.git] / Source / WebCore / ChangeLog
index cccf698..94f35f7 100644 (file)
+2016-02-13  Antti Koivisto  <antti@apple.com>
+
+        Add version number for default stylesheet
+        https://bugs.webkit.org/show_bug.cgi?id=154220
+
+        Reviewed by Ryosuke Niwa.
+
+        We currently fail to update RuleFeatureSets for shadow trees when the default stylesheet grows
+        (for example when media controls stylesheet is initialized).
+
+        No test since this is not causing known bugs. It is blocking optimizations in shadow trees that
+        rely on rule features being up-to-date.
+
+        * css/CSSDefaultStyleSheets.cpp:
+        (WebCore::CSSDefaultStyleSheets::loadSimpleDefaultStyle):
+        (WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement):
+
+            Increment version number when the default stylesheet changes.
+
+        * css/CSSDefaultStyleSheets.h:
+        * css/DocumentRuleSets.cpp:
+        (WebCore::DocumentRuleSets::appendAuthorStyleSheets):
+        (WebCore::DocumentRuleSets::collectFeatures):
+
+            Store the current default stylesheet version number.
+
+        * css/DocumentRuleSets.h:
+        (WebCore::DocumentRuleSets::features):
+
+            Collect features again if the default stylesheet has changed.
+
+        * css/StyleResolver.cpp:
+        (WebCore::StyleResolver::styleForElement):
+
+2016-02-13  Konstantin Tokarev  <annulen@yandex.ru>
+
+        [cmake] Consolidate building of GStreamer and OpenWebRTC code.
+        https://bugs.webkit.org/show_bug.cgi?id=154116
+
+        Reviewed by Michael Catanzaro.
+
+        No new tests needed.
+
+        * PlatformEfl.cmake: Migrated shared code to GStreamer.cmake.
+        * PlatformGTK.cmake: Ditto.
+        * platform/GStreamer.cmake: Added.
+
+2016-02-13  Mark Lam  <mark.lam@apple.com>
+
+        Add thread violation checks to WebView public APIs.
+        https://bugs.webkit.org/show_bug.cgi?id=154183
+
+        Reviewed by Timothy Hatcher.
+
+        No new tests.  Just adding a new thread violation round.
+
+        * platform/ThreadCheck.h:
+        * platform/mac/ThreadCheck.mm:
+        - Adding WebCoreThreadViolationCheckRoundThree().
+
+2016-02-12  Nan Wang  <n_wang@apple.com>
+
+        AX: Implement paragraph related text marker functions using TextIterator
+        https://bugs.webkit.org/show_bug.cgi?id=154098
+        <rdar://problem/24269675>
+
+        Reviewed by Chris Fleizach.
+
+        Using CharacterOffset to implement paragraph related text marker calls. Reused
+        logic from VisibleUnits class. And refactored textMarkerForCharacterOffset method
+        to get better performance. Also fixed an issue where we can't navigate through a text
+        node with line breaks in it using next/previousCharacterOffset call.
+
+        Test: accessibility/mac/text-marker-paragraph-nav.html
+
+        * accessibility/AXObjectCache.cpp:
+        (WebCore::AXObjectCache::traverseToOffsetInRange):
+        (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
+        (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
+        (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
+        (WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
+        (WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
+        (WebCore::AXObjectCache::nextNode):
+        (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
+        (WebCore::AXObjectCache::nextCharacterOffset):
+        (WebCore::AXObjectCache::previousCharacterOffset):
+        (WebCore::startWordBoundary):
+        (WebCore::AXObjectCache::startCharacterOffsetOfWord):
+        (WebCore::AXObjectCache::endCharacterOffsetOfWord):
+        (WebCore::AXObjectCache::previousWordStartCharacterOffset):
+        (WebCore::AXObjectCache::previousWordBoundary):
+        (WebCore::AXObjectCache::startCharacterOffsetOfParagraph):
+        (WebCore::AXObjectCache::endCharacterOffsetOfParagraph):
+        (WebCore::AXObjectCache::paragraphForCharacterOffset):
+        (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
+        (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
+        (WebCore::AXObjectCache::rootAXEditableElement):
+        * accessibility/AXObjectCache.h:
+        (WebCore::CharacterOffset::remaining):
+        (WebCore::CharacterOffset::isNull):
+        (WebCore::CharacterOffset::isEqual):
+        (WebCore::AXObjectCache::isNodeInUse):
+        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
+        (+[WebAccessibilityTextMarker textMarkerWithCharacterOffset:cache:]):
+        (-[WebAccessibilityObjectWrapper nextMarkerForCharacterOffset:]):
+        (-[WebAccessibilityObjectWrapper previousMarkerForCharacterOffset:]):
+        (-[WebAccessibilityObjectWrapper rangeForTextMarkers:]):
+        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
+        (startOrEndTextmarkerForRange):
+        (nextTextMarkerForCharacterOffset):
+        (previousTextMarkerForCharacterOffset):
+        (-[WebAccessibilityObjectWrapper nextTextMarkerForCharacterOffset:]):
+        (-[WebAccessibilityObjectWrapper previousTextMarkerForCharacterOffset:]):
+        (-[WebAccessibilityObjectWrapper textMarkerForCharacterOffset:]):
+        (textMarkerForCharacterOffset):
+        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
+        (-[WebAccessibilityObjectWrapper nextTextMarkerForNode:offset:]): Deleted.
+        (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]): Deleted.
+        (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]): Deleted.
+        (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]): Deleted.
+        * editing/VisibleUnits.cpp:
+        (WebCore::nextSentencePosition):
+        (WebCore::findStartOfParagraph):
+        (WebCore::findEndOfParagraph):
+        (WebCore::startOfParagraph):
+        (WebCore::endOfParagraph):
+        * editing/VisibleUnits.h:
+
+2016-02-12  Ryan Haddad  <ryanhaddad@apple.com>
+
+        Reset results for bindings tests after r196520
+
+        Unreviewed test gardening.
+
+        No new tests needed.
+
+        * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.cpp:
+        (webkit_dom_test_event_target_dispatch_event):
+        * bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
+        (webkit_dom_test_node_dispatch_event):
+
+2016-02-12  Saam barati  <sbarati@apple.com>
+
+        Attempting build fix from https://bugs.webkit.org/show_bug.cgi?id=154144.
+
+        * bindings/js/JSDOMGlobalObject.cpp:
+        (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
+
+2016-02-12  Daniel Bates  <dabates@apple.com>
+
+        CSP: 'blob:' URLs should not match 'self' in CSP source expression lists.
+        https://bugs.webkit.org/show_bug.cgi?id=153158
+        <rdar://problem/24383264>
+
+        Reviewed by Brent Fulgham.
+
+        A blob URL should not match source 'self' by section Security Considerations for GUID URL schemes
+        of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/CSP2/> (21 July 2015).
+
+        Tests: http/tests/security/contentSecurityPolicy/blob-url-does-not-match-source-self.html
+               http/tests/security/contentSecurityPolicy/blob-url-matches-source-blob.html
+
+        * page/csp/ContentSecurityPolicySourceList.cpp:
+        (WebCore::ContentSecurityPolicySourceList::matches): Do not make a distinction between URLs that
+        contain a nested URL (e.g. blob://http://www.example.com/...) and URLs that do not contain a nested
+        URL. The URL of the requested resource should be matched against the source list source expressions.
+
+2016-02-12  Daniel Bates  <dabates@apple.com>
+
+        CSP: Implement child-src directive
+        https://bugs.webkit.org/show_bug.cgi?id=153562
+        <rdar://problem/24610087>
+
+        Reviewed by Brent Fulgham.
+
+        Add support for the child-src directive, <https://w3c.github.io/webappsec-csp/2/#child_src> (29 August 2015),
+        which formally replaces the deprecated frame-src directive as of the Content Security Policy 2.0 spec. The
+        child-src directive was first introduced in the Content Security Policy 1.1 spec, <https://www.w3.org/TR/2014/WD-CSP11-20140211/>.
+
+        As a side effect of this change, the script URL for a Web Worker is checked against the child-src directive
+        as opposed to the script-src directive. This is a backward incompatible change from the CSP 1.0 spec.
+
+        Tests: http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-blocked.html
+               http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-redirect-blocked.html
+               http/tests/security/contentSecurityPolicy/1.1/child-src/frame-src-takes-precedence-over-child-src.html
+               http/tests/security/contentSecurityPolicy/1.1/child-src/worker-redirect-blocked.html
+               http/tests/security/isolatedWorld/bypass-main-world-csp-worker-redirect.html
+
+        * loader/DocumentThreadableLoader.cpp:
+        (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Check child-src directive (if applicable).
+        * loader/ThreadableLoader.h: Add enum value EnforceChildSrcDirective to enum class ContentSecurityPolicyEnforcement to
+        enforce the child-src directive on redirect.
+        * page/csp/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Added.
+        * page/csp/ContentSecurityPolicy.h:
+        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
+        (WebCore::ContentSecurityPolicyDirectiveList::checkSourceAndReportViolation): Add message prefix for a child-src violation.
+        We use the same message prefix as used by Blink.
+        (WebCore::ContentSecurityPolicyDirectiveList::allowChildContextFromSource): Added.
+        (WebCore::ContentSecurityPolicyDirectiveList::allowChildFrameFromSource): Modified to check the frame-src
+        directive (if specified) before checking the child-src directive by <https://w3c.github.io/webappsec-csp/2/#directive-child-src-nested>.
+        (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Parse the child-src directive.
+        * page/csp/ContentSecurityPolicyDirectiveList.h:
+        * workers/AbstractWorker.cpp:
+        (WebCore::AbstractWorker::resolveURL): Check if the script URL for the worker is allowed by the child-src directive
+        as opposed to the script-src directive. This is a backwards incompatible change from the CSP 1.0 spec.
+        * workers/Worker.cpp:
+        (WebCore::Worker::create): Enforce the child-src directive on redirects (if applicable).
+
+2016-02-12  Saam barati  <sbarati@apple.com>
+
+        The parser doesn't properly protect against global variable references in builtins
+        https://bugs.webkit.org/show_bug.cgi?id=154144
+
+        Reviewed by Geoffrey Garen.
+
+        Change JS builtins to no longer reference global variables.
+
+        No new tests because old tests cover the issues here.
+
+        * Modules/mediastream/NavigatorUserMedia.js:
+        (webkitGetUserMedia):
+        * Modules/mediastream/RTCPeerConnection.js:
+        (addIceCandidate):
+        (getStats):
+        * Modules/mediastream/RTCPeerConnectionInternals.js:
+        (setLocalOrRemoteDescription):
+        * Modules/plugins/QuickTimePluginReplacement.js:
+        (Replacement.prototype.handleEvent):
+        * Modules/streams/ByteLengthQueuingStrategy.js:
+        (initializeByteLengthQueuingStrategy):
+        * Modules/streams/CountQueuingStrategy.js:
+        (initializeCountQueuingStrategy):
+        * Modules/streams/ReadableStreamInternals.js:
+        (teeReadableStream):
+        * bindings/js/JSDOMGlobalObject.cpp:
+        (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
+        * bindings/js/WebCoreBuiltinNames.h:
+
+2016-02-12  Jiewen Tan  <jiewen_tan@apple.com>
+
+        WebKit should expose the DOM 4 Event.isTrusted property
+        https://bugs.webkit.org/show_bug.cgi?id=76121
+        <rdar://problem/22558494>
+
+        Reviewed by Darin Adler.
+
+        Implements Event.isTrusted. The implementation here is slitely different from and better than
+        the DOM specification. Here Event.isTrusted will be initialized differently depending on the
+        callers of the constructors/create methods. If the caller is from user agent, the isTrusted
+        will be true. Otherwise, it will be false. Since a user agent dispatched event can be catched
+        and re-initialized/redispatched by the bindings, the flag will be unset at *Event::init*Event
+        and EventTarget::dispatchEventForBindings. As currently there is no way to let user agent to
+        dispatch a bindings created event, therefore we ensure that the Event.isTrusted is set for
+        events dispatched by user agent, and unset for those by bindings.
+
+        EventTarget::dispatchEvent(Event*, ExceptionCode&) is renamed to EventTarget::dispatchEventForBindings
+        in this patch as well. So that, together with the improved design of the API, developers in
+        the future will be less likely using a wrong dispatchEvent method and setting Event.isTrusted
+        incorrectly comparing to the DOM design.
+
+        After this patch, all events that are created by user agent should be dispatched by
+        EventTarget::dispatchEvent, and those are created by bindings should be dispatched by
+        EventTarget::dispatchEventForBindings.
+
+        Some of the changes in this patch referred Blink r198996:
+        https://codereview.chromium.org/1241613004
+
+        Test: imported/blink/fast/events/event-trusted.html
+
+        * bindings/scripts/CodeGeneratorGObject.pm:
+        (GenerateEventTargetIface):
+        * dom/Event.cpp:
+        (WebCore::Event::Event):
+        (WebCore::Event::initEvent):
+        * dom/Event.h:
+        (WebCore::Event::isTrusted):
+        (WebCore::Event::setUntrusted):
+        * dom/Event.idl:
+        * dom/EventTarget.cpp:
+        (WebCore::EventTarget::dispatchEventForBindings):
+        (WebCore::EventTarget::dispatchEvent): Deleted.
+        * dom/EventTarget.h:
+        * dom/EventTarget.idl:
+        * page/DOMWindow.idl:
+        * page/EventHandler.cpp:
+        (WebCore::EventHandler::dispatchDragEvent):
+        * workers/WorkerGlobalScope.idl:
+
+2016-02-12  Brady Eidson  <beidson@apple.com>
+
+        Modern IDB: IDBObjectStore and IDBIndex need to be ActiveDOMObjects.
+        https://bugs.webkit.org/show_bug.cgi?id=154153
+
+        Reviewed by Alex Christensen.
+
+        No new tests (No testable change in behavior).
+
+        This is needed so that IDBObjectStore and IDBIndex JS wrappers are not garbage collected
+        while their IDBTransaction is still in progress.
+
+        * Modules/indexeddb/client/IDBIndexImpl.cpp:
+        (WebCore::IDBClient::IDBIndex::IDBIndex):
+        (WebCore::IDBClient::IDBIndex::activeDOMObjectName):
+        (WebCore::IDBClient::IDBIndex::canSuspendForDocumentSuspension):
+        (WebCore::IDBClient::IDBIndex::hasPendingActivity):
+        * Modules/indexeddb/client/IDBIndexImpl.h:
+        
+        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
+        (WebCore::IDBClient::IDBObjectStore::create):
+        (WebCore::IDBClient::IDBObjectStore::IDBObjectStore):
+        (WebCore::IDBClient::IDBObjectStore::activeDOMObjectName):
+        (WebCore::IDBClient::IDBObjectStore::canSuspendForDocumentSuspension):
+        (WebCore::IDBClient::IDBObjectStore::hasPendingActivity):
+        (WebCore::IDBClient::IDBObjectStore::index):
+        * Modules/indexeddb/client/IDBObjectStoreImpl.h:
+        
+        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
+        (WebCore::IDBClient::IDBTransaction::objectStore):
+        (WebCore::IDBClient::IDBTransaction::createObjectStore):
+        (WebCore::IDBClient::IDBTransaction::createIndex):
+
+2016-02-12  Brady Eidson  <beidson@apple.com>
+
+        Modern IDB: Simplify the relationship between IDBObjectStore and IDBIndex.
+        https://bugs.webkit.org/show_bug.cgi?id=154187
+
+        Reviewed by Alex Christensen.
+
+        Tests: storage/indexeddb/modern/deleteindex-3-private.html
+               storage/indexeddb/modern/deleteindex-3.html
+
+        Instead of allowing IDBIndex to have two different lifecycle modes, it is now always
+        owned by an IDBObjectStore.
+        
+        To support the case where an IDBIndex is deleted from its IDBObjectStore, the object
+        store simply hangs on to deleted indexes until it is destroyed itself.
+        
+        * Modules/indexeddb/client/IDBIndexImpl.cpp:
+        (WebCore::IDBClient::IDBIndex::markAsDeleted):
+        (WebCore::IDBClient::IDBIndex::ref):
+        (WebCore::IDBClient::IDBIndex::deref):
+        * Modules/indexeddb/client/IDBIndexImpl.h:
+        
+        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
+        (WebCore::IDBClient::IDBObjectStore::deleteIndex):
+        * Modules/indexeddb/client/IDBObjectStoreImpl.h:
+
+2016-02-12  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        [CSS Font Loading] Implement CSSFontFace Boilerplate
+        https://bugs.webkit.org/show_bug.cgi?id=154145
+
+        Reviewed by Dean Jackson.
+
+        The CSS Font Loading spec[1] dictates that the FontFace object needs to have string
+        accessors and mutators for a bunch of properties. Our CSSFontFace object currently
+        contains this parsed information, but it isn't accessible via string-based methods.
+        This patch adds the necessary accessors and mutators, and migrates CSSFontSelector
+        to use these mutators where necessary.
+
+        There is more work to come on CSSFontFace; the next step is to create an .idl file
+        and hook it up to our CSSFontFace object. In this patch I have left some
+        unimplemented pieces (for example: where the spec dictates that some operation should
+        throw a JavaScript exception) which will be implemented in a follow-up patch. This
+        patch does not have any visible behavior change; I'm separating out the boilerplate
+        into this patch in order to ease reviewing burden.
+
+        This patch separates the externally-facing JavaScript API into a new class, FontFace.
+        This class owns a CSSFontFace, which provides the backing implementation. There will
+        be a system of shared ownership of these objects once FontFaceSet is implemented.
+
+        No new tests because there is no behavior change.
+
+        * CMakeLists.txt: Add new files to CMake builds.
+        * WebCore.vcxproj/WebCore.vcxproj: Ditto for Windows.
+        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
+        * WebCore.xcodeproj/project.pbxproj: Ditto for Cocoa.
+        * css/CSSAllInOne.cpp: Ditto for All-In-One builds.
+        * css/CSSFontFace.cpp: Move shared code from CSSFontSelector into CSSFontFace.
+        (WebCore::CSSFontFace::CSSFontFace):
+        (WebCore::CSSFontFace::~CSSFontFace):
+        (WebCore::CSSFontFace::setFamilies):
+        (WebCore::CSSFontFace::setStyle):
+        (WebCore::CSSFontFace::setWeight):
+        (WebCore::CSSFontFace::setUnicodeRange):
+        (WebCore::CSSFontFace::setVariantLigatures):
+        (WebCore::CSSFontFace::setVariantPosition):
+        (WebCore::CSSFontFace::setVariantCaps):
+        (WebCore::CSSFontFace::setVariantNumeric):
+        (WebCore::CSSFontFace::setVariantAlternates):
+        (WebCore::CSSFontFace::setVariantEastAsian):
+        (WebCore::CSSFontFace::setFeatureSettings):
+        * css/CSSFontFace.h: Clean up.
+        (WebCore::CSSFontFace::create):
+        (WebCore::CSSFontFace::families):
+        (WebCore::CSSFontFace::traitsMask):
+        (WebCore::CSSFontFace::featureSettings):
+        (WebCore::CSSFontFace::variantSettings):
+        (WebCore::CSSFontFace::setVariantSettings):
+        (WebCore::CSSFontFace::setTraitsMask):
+        (WebCore::CSSFontFace::isLocalFallback):
+        (WebCore::CSSFontFace::addRange): Deleted.
+        (WebCore::CSSFontFace::insertFeature): Deleted.
+        (WebCore::CSSFontFace::setVariantCommonLigatures): Deleted.
+        (WebCore::CSSFontFace::setVariantDiscretionaryLigatures): Deleted.
+        (WebCore::CSSFontFace::setVariantHistoricalLigatures): Deleted.
+        (WebCore::CSSFontFace::setVariantContextualAlternates): Deleted.
+        (WebCore::CSSFontFace::setVariantPosition): Deleted.
+        (WebCore::CSSFontFace::setVariantCaps): Deleted.
+        (WebCore::CSSFontFace::setVariantNumericFigure): Deleted.
+        (WebCore::CSSFontFace::setVariantNumericSpacing): Deleted.
+        (WebCore::CSSFontFace::setVariantNumericFraction): Deleted.
+        (WebCore::CSSFontFace::setVariantNumericOrdinal): Deleted.
+        (WebCore::CSSFontFace::setVariantNumericSlashedZero): Deleted.
+        (WebCore::CSSFontFace::setVariantAlternates): Deleted.
+        (WebCore::CSSFontFace::setVariantEastAsianVariant): Deleted.
+        (WebCore::CSSFontFace::setVariantEastAsianWidth): Deleted.
+        (WebCore::CSSFontFace::setVariantEastAsianRuby): Deleted.
+        (WebCore::CSSFontFace::CSSFontFace): Deleted.
+        * css/CSSFontSelector.cpp: Migrate shared code into CSSFontFace, and udpate
+        to use the new API.
+        (WebCore::appendSources):
+        (WebCore::registerLocalFontFacesForFamily):
+        (WebCore::CSSFontSelector::addFontFaceRule):
+        (WebCore::computeTraitsMask): Deleted.
+        (WebCore::createFontFace): Deleted.
+        * css/FontFace.cpp: Added. External JavaScript API. Owns a CSSFontFace.
+        (WebCore::FontFace::FontFace):
+        (WebCore::FontFace::~FontFace):
+        (WebCore::parseString):
+        (WebCore::FontFace::setFamily):
+        (WebCore::FontFace::setStyle):
+        (WebCore::FontFace::setWeight):
+        (WebCore::FontFace::setStretch):
+        (WebCore::FontFace::setUnicodeRange):
+        (WebCore::FontFace::setVariant):
+        (WebCore::FontFace::setFeatureSettings):
+        (WebCore::FontFace::family):
+        (WebCore::FontFace::style):
+        (WebCore::FontFace::weight):
+        (WebCore::FontFace::stretch):
+        (WebCore::FontFace::unicodeRange):
+        (WebCore::FontFace::variant):
+        (WebCore::FontFace::featureSettings):
+        * css/FontFace.h: Added. Ditto.
+        (WebCore::FontFace::create):
+        * css/FontVariantBuilder.cpp: Added. Moved code here from FontVariantBuilder.h.
+        Refactored to support a new client (CSSFontFace).
+        (WebCore::extractFontVariantLigatures):
+        (WebCore::extractFontVariantNumeric):
+        (WebCore::extractFontVariantEastAsian):
+        (WebCore::computeFontVariant):
+        * css/FontVariantBuilder.h: Moved code from here into FontVariantBuilder.cpp.
+        (WebCore::applyValueFontVariantLigatures): Deleted.
+        (WebCore::applyValueFontVariantNumeric): Deleted.
+        (WebCore::applyValueFontVariantEastAsian): Deleted.
+        * css/StyleBuilderCustom.h: Update for new FontVariantBuilder API.
+        (WebCore::StyleBuilderCustom::applyValueFontVariantLigatures):
+        (WebCore::StyleBuilderCustom::applyValueFontVariantNumeric):
+        (WebCore::StyleBuilderCustom::applyValueFontVariantEastAsian):
+        * platform/text/TextFlags.h: Provide convenience classes.
+        (WebCore::FontVariantLigaturesValues::FontVariantLigaturesValues):
+        (WebCore::FontVariantNumericValues::FontVariantNumericValues):
+        (WebCore::FontVariantEastAsianValues::FontVariantEastAsianValues):
+
+2016-02-12  Jer Noble  <jer.noble@apple.com>
+
+        Build fix after r196506; publish MediaResourceLoader.h as a private header so it can be used by
+        TestWebKitAPI.
+
+        * WebCore.xcodeproj/project.pbxproj:
+
+2016-02-11  Jer Noble  <jer.noble@apple.com>
+
+        [Mac] Adopt MediaResourceLoader (instead of CachedResourceLoader) in WebCoreNSURLSession.
+        https://bugs.webkit.org/show_bug.cgi?id=154136
+
+        Reviewed by Alex Christensen.
+
+        MediaResourceLoader already supports using CORS attribute to verify CORS access requirements
+        when loading media resources, so use it, rather than CachedResourceLoader, as the backing for
+        WebCoreNSURLSession.
+
+        * platform/network/cocoa/WebCoreNSURLSession.h:
+        * platform/network/cocoa/WebCoreNSURLSession.mm:
+        (-[WebCoreNSURLSession delegateQueue]):
+        (-[WebCoreNSURLSession streamTaskWithNetService:]):
+        (-[WebCoreNSURLSession isKindOfClass:]):
+        (-[WebCoreNSURLSessionDataTask initWithSession:identifier:request:]):
+        (-[WebCoreNSURLSessionDataTask _restart]):
+        (-[WebCoreNSURLSessionDataTask _cancel]):
+        (-[WebCoreNSURLSessionDataTask resume]):
+        (-[WebCoreNSURLSessionDataTask _timingData]):
+        (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
+        (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
+        (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Deleted.
+        (-[WebCoreNSURLSession loader]): Deleted.
+        (WebCore::WebCoreNSURLSessionDataTaskClient::dataSent): Deleted.
+        (WebCore::WebCoreNSURLSessionDataTaskClient::responseReceived): Deleted.
+        (WebCore::WebCoreNSURLSessionDataTaskClient::dataReceived): Deleted.
+        (WebCore::WebCoreNSURLSessionDataTaskClient::redirectReceived): Deleted.
+        (WebCore::WebCoreNSURLSessionDataTaskClient::notifyFinished): Deleted.
+        (-[WebCoreNSURLSessionDataTask initWithSession:identifier:URL:]): Deleted.
+        (-[WebCoreNSURLSessionDataTask _finish]): Deleted.
+        (-[WebCoreNSURLSessionDataTask _setDefersLoading:]): Deleted.
+        (-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]): Deleted.
+        (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]): Deleted.
+        (-[WebCoreNSURLSessionDataTask resourceFinished:]): Deleted.
+        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
+        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
+
+2016-02-12  Alex Christensen  <achristensen@webkit.org>
+
+        Fix non-internal builds when using NetworkSession
+        https://bugs.webkit.org/show_bug.cgi?id=152285
+
+        * platform/spi/cf/CFNetworkSPI.h:
+        Add SPI declaration used in r194156.
+
+2016-02-12  Andreas Kling  <akling@apple.com>
+
+        Throw out all live resource decoded data on memory pressure / suspension.
+        <https://webkit.org/b/154176>
+
+        Reviewed by Antti Koivisto.
+
+        When pruning live resource decoded data from the memory cache,
+        we normally avoid pruning anything that's been painted in the last second.
+        This is an optimization to avoid getting into image decoding loops.
+
+        For memory pressure / process suspension scenarios this doesn't really
+        make sense though:
+
+            - In the pressure case, if we have to render again soon it'll likely
+              be a new GIF frame which we have to decode anyway.
+
+            - In the process suspension case, we might *never* render again,
+              so we should be good citizens and drop all the decoded data we can.
+
+        This patch makes us drop all the decoded data, recently painted or not.
+
+        * platform/MemoryPressureHandler.cpp:
+        (WebCore::MemoryPressureHandler::releaseCriticalMemory):
+
+2016-02-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Separate out !allowsAccess path in JSDOMWindowCustom getOwnPropertySlot
+        https://bugs.webkit.org/show_bug.cgi?id=154156
+
+        Reviewed by Chris Dumez.
+
+        JSDOMWindowCustom getOwnPropertySlot currently allows cross-origin access to all
+        static properties, relying on the property to perform the access check. This is
+        a little insecure, since it is error prone - someone could easily add a property
+        to the static table without realizing it would be automatcially exposed.
+
+        Instead, add a hard-coded filter to restrict access. As a future implementation
+        we might consider autogenerating this (the properties are already tagged in IDL,
+        we might be able to track this in a flag on the static table).
+
+        By separating out the handling of the same- and cross-origin access we can
+        simplify & make the policy being enforced much clearer.
+
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::objectToStringFunctionGetter): Deleted.
+            - removed objectToStringFunctionGetter - this duplicated functionality of
+              nonCachingStaticFunctionGetter.
+        * bindings/js/JSDOMBinding.h:
+        (WebCore::objectToStringFunctionGetter): Deleted.
+            - removed objectToStringFunctionGetter - this duplicated functionality of
+              nonCachingStaticFunctionGetter.
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::jsDOMWindowGetOwnPropertySlotDisallowAccess):
+            - explicitly handle providing access to only the things we do want to allow cross-origin.
+        (WebCore::JSDOMWindow::getOwnPropertySlot):
+        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
+            - push all !allowsAccess handling to jsDOMWindowGetOwnPropertySlotDisallowAccess
+        (WebCore::childFrameGetter): Deleted.
+            - this was just a deoptimiztion - moving access into a callback saved very
+              little & caused more work to be duplicated.
+
+2016-02-12  Sukolsak Sakshuwong  <sukolsak@gmail.com>
+
+        Update ICU header files to version 52
+        https://bugs.webkit.org/show_bug.cgi?id=154160
+
+        Reviewed by Alex Christensen.
+
+        Update ICU header files to version 52 to allow the use of newer APIs.
+
+        No new tests because there is no behavior change.
+
+        * icu/unicode/bytestream.h:
+        * icu/unicode/chariter.h:
+        * icu/unicode/localpointer.h:
+        * icu/unicode/platform.h:
+        * icu/unicode/ptypes.h:
+        * icu/unicode/putil.h:
+        * icu/unicode/rep.h:
+        (Replaceable::Replaceable):
+        * icu/unicode/std_string.h:
+        * icu/unicode/strenum.h:
+        * icu/unicode/stringpiece.h:
+        * icu/unicode/ubrk.h:
+        * icu/unicode/uchar.h:
+        * icu/unicode/ucnv.h:
+        * icu/unicode/ucol.h:
+        * icu/unicode/ucoleitr.h:
+        * icu/unicode/uconfig.h:
+        * icu/unicode/ucsdet.h:
+        * icu/unicode/uenum.h:
+        * icu/unicode/uidna.h:
+        * icu/unicode/uiter.h:
+        * icu/unicode/uloc.h:
+        * icu/unicode/umachine.h:
+        * icu/unicode/unistr.h:
+        (UnicodeString::UnicodeString):
+        (UnicodeString::operator== ):
+        (UnicodeString::startsWith):
+        (UnicodeString::setTo):
+        (UnicodeString::remove):
+        (UnicodeString::replace): Deleted.
+        (UnicodeString::extract): Deleted.
+        (UnicodeString::char32At): Deleted.
+        (UnicodeString::getChar32Start): Deleted.
+        (UnicodeString::getChar32Limit): Deleted.
+        (UnicodeString::getTerminatedBuffer): Deleted.
+        (UnicodeString::append): Deleted.
+        (UnicodeString::truncate): Deleted.
+        * icu/unicode/unorm2.h:
+        * icu/unicode/uobject.h:
+        * icu/unicode/urename.h:
+        * icu/unicode/uscript.h:
+        * icu/unicode/usearch.h:
+        * icu/unicode/uset.h:
+        * icu/unicode/ushape.h:
+        * icu/unicode/ustring.h:
+        * icu/unicode/utext.h:
+        * icu/unicode/utf.h:
+        * icu/unicode/utf16.h:
+        * icu/unicode/utf8.h:
+        * icu/unicode/utf_old.h:
+        * icu/unicode/utypes.h:
+        * icu/unicode/uvernum.h:
+        * icu/unicode/uversion.h:
+
+2016-02-12  Andreas Kling  <akling@apple.com>
+
+        [Mac] BitmapImage::decodedDataIsPurgeable() is telling lies and causing massive memory usage.
+        <https://webkit.org/b/154172>
+
+        Reviewed by Antti Koivisto.
+
+        The underlying mechanism in CoreAnimation that made this work is no longer in place.
+
+        Instead of keeping purgeable frames and juggling volatility bits, we were simply caching
+        every single frame of large GIF animations, sometimes leading to monstrous memory usage.
+
+        Remove the code from WebCore since it's not doing at all what it means to.
+
+        Now iOS and Mac will behave the same again, and frame caching decisions will be
+        made by WebKit, based on total pixel byte size.
+
+        * loader/cache/CachedImage.h:
+        * loader/cache/CachedResource.h:
+        (WebCore::CachedResource::decodedDataIsPurgeable): Deleted.
+        * loader/cache/MemoryCache.cpp:
+        (WebCore::MemoryCache::pruneLiveResourcesToSize): Deleted.
+        * platform/graphics/BitmapImage.cpp:
+        (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
+        (WebCore::BitmapImage::destroyDecodedDataIfNecessary): Deleted.
+        * platform/graphics/BitmapImage.h:
+        * platform/graphics/Image.h:
+        (WebCore::Image::decodedDataIsPurgeable): Deleted.
+        * platform/graphics/cg/BitmapImageCG.cpp:
+        (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
+        * platform/graphics/cg/ImageSourceCG.cpp:
+        (WebCore::ImageSource::createFrameAtIndex): Deleted.
+
+2016-02-12  Brady Eidson  <beidson@apple.com>
+
+        Modern IDB: Ref cycle between IDBObjectStore and IDBIndex.
+        https://bugs.webkit.org/show_bug.cgi?id=154110
+
+        Reviewed by Darin Adler.
+
+        No new tests (Currently untestable).
+
+        The lifetime of IDBObjectStore and IDBIndex are closely intertwined, but we have to break the ref cycle.
+        
+        This patch does a few semi-gnarly things:
+        1 - Makes both IDBIndex and IDBObjectStore have a custom marking function so they can add each other as 
+            opaque roots.
+        2 - Adds a lock to protect IDBObjectStore's collection of referenced indexes to support #1, as GC marking
+            can happen on any thread.
+        3 - Makes IDBIndex not be traditionally RefCounted; Instead, IDBIndex::ref()/deref() simply ref()/deref()
+            the owning IDBObjectStore.
+        4 - ...Except when somebody deletes an IDBIndex from its IDBObjectStore. Once that happens, the object
+            store no longer has a reference back to the index, but the index still needs a reference back to the
+            object store. To support this, the IDBIndex becomes "traditionally RefCounted" while holding a ref to
+            its IDBObjectStore.
+
+        * CMakeLists.txt:
+        * WebCore.xcodeproj/project.pbxproj:
+
+        * Modules/indexeddb/IDBIndex.h:
+        (WebCore::IDBIndex::isModern):
+        * Modules/indexeddb/IDBIndex.idl:
+        
+        * Modules/indexeddb/IDBObjectStore.h:
+        (WebCore::IDBObjectStore::isModern):
+        * Modules/indexeddb/IDBObjectStore.idl:
+        
+        * Modules/indexeddb/client/IDBIndexImpl.cpp:
+        (WebCore::IDBClient::IDBIndex::objectStore):
+        (WebCore::IDBClient::IDBIndex::openCursor):
+        (WebCore::IDBClient::IDBIndex::doCount):
+        (WebCore::IDBClient::IDBIndex::openKeyCursor):
+        (WebCore::IDBClient::IDBIndex::doGet):
+        (WebCore::IDBClient::IDBIndex::doGetKey):
+        (WebCore::IDBClient::IDBIndex::markAsDeleted):
+        (WebCore::IDBClient::IDBIndex::ref):
+        (WebCore::IDBClient::IDBIndex::deref):
+        (WebCore::IDBClient::IDBIndex::create): Deleted.
+        * Modules/indexeddb/client/IDBIndexImpl.h:
+        (WebCore::IDBClient::IDBIndex::modernObjectStore):
+        
+        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
+        (WebCore::IDBClient::IDBObjectStore::createIndex):
+        (WebCore::IDBClient::IDBObjectStore::index):
+        (WebCore::IDBClient::IDBObjectStore::deleteIndex):
+        (WebCore::IDBClient::IDBObjectStore::visitReferencedIndexes):
+        * Modules/indexeddb/client/IDBObjectStoreImpl.h:
+        
+        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
+        (WebCore::IDBClient::IDBTransaction::createIndex):
+        * Modules/indexeddb/client/IDBTransactionImpl.h:
+        
+        * Modules/indexeddb/legacy/LegacyIndex.cpp:
+        (WebCore::LegacyIndex::ref):
+        (WebCore::LegacyIndex::deref):
+        * Modules/indexeddb/legacy/LegacyIndex.h:
+        
+        * bindings/js/JSIDBIndexCustom.cpp: Added.
+        (WebCore::JSIDBIndex::visitAdditionalChildren):
+        
+        * bindings/js/JSIDBObjectStoreCustom.cpp:
+        (WebCore::JSIDBObjectStore::visitAdditionalChildren):
+
+2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>
+
+        [EFL][GTK] Fix ENABLE(SVG_OTF_CONVERTER) build
+        https://bugs.webkit.org/show_bug.cgi?id=154165
+
+        Reviewed by Alex Christensen.
+
+        * CMakeLists.txt:
+        * css/CSSFontFaceSource.cpp:
+        (WebCore::CSSFontFaceSource::font):
+        * svg/SVGToOTFFontConversion.cpp:
+        * svg/SVGToOTFFontConversion.h:
+
+2016-02-12  Chris Dumez  <cdumez@apple.com>
+
+        Unreviewed nit fixes after r196466.
+
+        * Modules/speech/SpeechSynthesisUtterance.idl: Fix curly bracket
+          placement.
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateHeader): Use wrappableObject instead of domObject.
+        * bindings/scripts/test/*: Rebaseline.
+        * dom/WebKitNamedFlow.idl: Drop unnecessary #if case.
+
+2016-02-12  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK] Properly handle classes inheriting from EventTarget
+        https://bugs.webkit.org/show_bug.cgi?id=154158
+
+        Reviewed by Michael Catanzaro.
+
+        Instead of removing its parent we now handle the case of classes
+        having EventTarget as parent to make them implement the interface
+        instead.
+
+        * bindings/scripts/CodeGeneratorGObject.pm:
+        (ShouldBeExposedAsInterface): Whether the parent given class
+        should be exposed as an interface instead of a parent class.
+        (GetParentClassName): Return Object as parent for classes having
+        a parent that should be exposed as an interface.
+        (GetParentImplClassName): Ditto.
+        (GetBaseClass): Ditto.
+        (GetParentGObjType): Ditto.
+        (SkipFunction): Add FIXME comment.
+        (ImplementsInterface): Helper function to check if a class
+        implements the given interface.
+        (GenerateCFile): Check whether the class implements EventTarget to
+        generate the interface implementation.
+        (GenerateInterface): Do not remove the parent class when it's EventTarget.
+
+2016-02-12  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r196470.
+        https://bugs.webkit.org/show_bug.cgi?id=154167
+
+        Broke some tests (Requested by anttik on #webkit).
+
+        Reverted changeset:
+
+        "Factor class change style invalidation code into a class"
+        https://bugs.webkit.org/show_bug.cgi?id=154163
+        http://trac.webkit.org/changeset/196470
+
+2016-02-12  Antti Koivisto  <antti@apple.com>
+
+        Factor class change style invalidation code into a class
+        https://bugs.webkit.org/show_bug.cgi?id=154163
+
+        Reviewed by Andreas Kling.
+
+        Factor this piece of functionality out of Element and into ClassChangeInvalidation class.
+
+        * CMakeLists.txt:
+        * WebCore.vcxproj/WebCore.vcxproj:
+        * WebCore.xcodeproj/project.pbxproj:
+        * dom/Element.cpp:
+        (WebCore::classStringHasClassName):
+        (WebCore::Element::classAttributeChanged):
+        (WebCore::collectClasses): Deleted.
+        (WebCore::computeClassChange): Deleted.
+        (WebCore::invalidateStyleForClassChange): Deleted.
+        * style/ClassChangeInvalidation.cpp: Added.
+        (WebCore::Style::ClassChangeInvalidation::computeClassChange):
+        (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
+        * style/ClassChangeInvalidation.h: Added.
+        (WebCore::Style::ClassChangeInvalidation::needsInvalidation):
+        (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
+        (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):
+
+2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>
+
+        GCC buildfix in Source/WebCore/svg/SVGToOTFFontConversion.cpp
+        https://bugs.webkit.org/show_bug.cgi?id=154162
+
+        Reviewed by Andreas Kling.
+
+        * svg/SVGToOTFFontConversion.cpp:
+        (WebCore::SVGToOTFFontConverter::finishAppendingKERNSubtable):
+
+2016-02-12  Andreas Kling  <akling@apple.com>
+
+        Don't invalidate the FontCache on memory pressure.
+        <https://webkit.org/b/154161>
+
+        Reviewed by Antti Koivisto.
+
+        Invalidating the FontCache does more harm than good:
+
+            - Anything that's still in the cache at this point is also
+              referenced outside the cache, thus will not actually get deleted.
+
+            - Future deduplication will fail, leading to more objects.
+
+            - The global FontCache generation gets bumped, causing future style
+              recalcs to be less efficient and breaking style sharing.
+
+            - All FontSelector invalidation callbacks will fire, potentially
+              causing forced full-document style recalcs.
+
+        In fact, the only win from invalidating the FontCache comes from some
+        minor shrinkage in the containers that make up the cache itself.
+
+        * platform/MemoryPressureHandler.cpp:
+        (WebCore::MemoryPressureHandler::releaseCriticalMemory): Deleted.
+
+2016-02-11  Chris Dumez  <cdumez@apple.com>
+
+        [Web IDL] interfaces should inherit EventTarget instead of duplicating the EventTarget API
+        https://bugs.webkit.org/show_bug.cgi?id=154121
+        <rdar://problem/24613234>
+
+        Reviewed by Gavin Barraclough.
+
+        Interfaces should inherit EventTarget instead of duplicating the
+        EventTarget API in their IDL. Not only the duplication is ugly and
+        error-prone, but this also does not match the specifications and
+        have subtle web-exposed differences.
+
+        This patch takes care of all interfaces except for DOMWindow and
+        WorkerGlobalScope. Those will be updated in the follow-up patch
+        as they will require a little bit more work and testing.
+
+        We should also be able to get rid of the [EventTarget] WebKit IDL
+        attribute in a follow-up.
+
+        No new tests, already covered by existing tests.
+
+        * Modules/battery/BatteryManager.idl:
+        * Modules/encryptedmedia/MediaKeySession.idl:
+        * Modules/indexeddb/IDBDatabase.h:
+        * Modules/indexeddb/IDBDatabase.idl:
+        * Modules/indexeddb/IDBRequest.h:
+        * Modules/indexeddb/IDBRequest.idl:
+        * Modules/indexeddb/IDBTransaction.h:
+        * Modules/indexeddb/IDBTransaction.idl:
+        * Modules/mediasession/MediaRemoteControls.idl:
+        * Modules/mediasource/MediaSource.h:
+        * Modules/mediasource/MediaSource.idl:
+        * Modules/mediasource/SourceBuffer.h:
+        * Modules/mediasource/SourceBuffer.idl:
+        * Modules/mediasource/SourceBufferList.h:
+        * Modules/mediasource/SourceBufferList.idl:
+        * Modules/mediastream/MediaStream.h:
+        * Modules/mediastream/MediaStream.idl:
+        * Modules/mediastream/MediaStreamTrack.h:
+        * Modules/mediastream/MediaStreamTrack.idl:
+        * Modules/mediastream/RTCDTMFSender.h:
+        * Modules/mediastream/RTCDTMFSender.idl:
+        * Modules/mediastream/RTCDataChannel.h:
+        * Modules/mediastream/RTCDataChannel.idl:
+        * Modules/mediastream/RTCPeerConnection.h:
+        * Modules/mediastream/RTCPeerConnection.idl:
+        * Modules/notifications/Notification.idl:
+        * Modules/speech/SpeechSynthesisUtterance.idl:
+        * Modules/webaudio/AudioContext.idl:
+        * Modules/webaudio/AudioNode.idl:
+        * Modules/websockets/WebSocket.idl:
+        * css/FontLoader.idl:
+        * dom/EventTarget.h:
+        * dom/MessagePort.idl:
+        * dom/Node.h:
+        * dom/Node.idl:
+        * dom/WebKitNamedFlow.idl:
+        * fileapi/FileReader.idl:
+        * html/MediaController.idl:
+        * html/track/AudioTrackList.idl:
+        * html/track/TextTrack.idl:
+        * html/track/TextTrackCue.idl:
+        * html/track/TextTrackList.idl:
+        * html/track/VideoTrackList.idl:
+        * loader/appcache/DOMApplicationCache.h:
+        * loader/appcache/DOMApplicationCache.idl:
+        * page/EventSource.idl:
+        * page/Performance.h:
+        * page/Performance.idl:
+        * workers/Worker.idl:
+        * xml/XMLHttpRequest.h:
+        * xml/XMLHttpRequest.idl:
+        * xml/XMLHttpRequestUpload.idl:
+        - Drop hardcoded EventTarget operations and inherit EventTarget instead.
+        - Drop JSGenerateToNativeObject / JSGenerateToJSObject IDL extended
+          attributes for interfaces inheriting the EventTarget interface as
+          the bindings generator now does this automatically for us.
+        - On native side, have EventTarget subclass ScriptWrappable instead of
+          each of its subclasses doing so. The issue was that
+          EventTargetOwner::finalize() was calling uncacheWrapper() with an
+          EventTarget*, which would not clear inlined cached wrapped (see
+          clearInlineCachedWrapper()) because EventTarget did not subclass
+          ScriptWrappable. However, cacheWrapper() is called is a specific
+          subtype pointer (e.g. Node*) and we would decide to create an
+          inline cached wrapper because Node subclassed ScriptWrappable
+          (as well as EventTarget).
+
+        * WebCore.xcodeproj/project.pbxproj:
+        Export JSEventTarget.h as private header to fix the build.
+
+        * bindings/js/JSDOMBinding.h:
+        (WebCore::wrapperKey):
+        (WebCore::getCachedWrapper):
+        (WebCore::cacheWrapper):
+        (WebCore::uncacheWrapper):
+        Use new wrapperKey() function that is generated for each bindings
+        class that also has wrapperOwner(). This is used instead of the
+        C cast to void* in order to cast to the base wrapped type to fix
+        issues with multiple inheritance. The issue was that cacheWrapper()
+        was getting called with a DOM object subtype pointer (e.g.
+        AudioContext*) but uncacheWrapper() was getting called with a base
+        wrapped type pointer (e.g. EventTarget*). Most of our DOM classes
+        use multiple inheritance and thus the pointer values (used as keys
+        in the weak map) may differ.
+
+        * bindings/js/JSTrackCustom.cpp:
+        (WebCore::toJS):
+        Call CREATE_DOM_WRAPPER() with an actual wrapped type (e.g. AudioTrack)
+        instead of TrackBase type. TrackBase does not have corresponding
+        generated bindings and therefore does not have a wrapperKey()
+        function.
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (ShouldGenerateToWrapped):
+        (ShouldGenerateToJSDeclaration):
+        (GenerateHeader):
+        - Generate a wrapperKey() utility function along-side wrapperOwner()
+          to help cast to the base wrapped type.
+        - Generate toWrapped() / toJS() utility functions for interfaces
+          that inherit EventTarget as those are required by our
+          implementation and this avoids having to explicitly have them in
+          the IDL.
+
+        * bindings/scripts/test/*:
+        Rebaseline bindings tests.
+
+2016-02-11  Brent Fulgham  <bfulgham@apple.com>
+
+        Optimize texture-complete checks
+        https://bugs.webkit.org/show_bug.cgi?id=98308
+
+        Reviewed by Dean Jackson.
+
+        No new tests: No change in behavior.
+
+        * html/canvas/WebGLRenderingContextBase.cpp:
+        (WebCore::WebGLRenderingContextBase::initializeNewContext): Initially consider all
+        textures as suspect.
+        (WebCore::WebGLRenderingContextBase::extensions): New helper function.
+        (WebCore::WebGLRenderingContextBase::reshape): Mark textures as invalid when appropriate.
+        (WebCore::WebGLRenderingContextBase::bindTexture): Identify invalid textures and mark
+        them for later fix-up. Likewise, remove 'known good' textures from the fix-up pass.
+        (WebCore::WebGLRenderingContextBase::deleteTexture): Remove instances of the deleted texture
+        from our set of invalid textures.
+        (WebCore::WebGLRenderingContextBase::checkTextureCompleteness): Only iterate through
+        the 'bad' textures, rather than checking every single texture.
+        * html/canvas/WebGLRenderingContextBase.h:
+
+2016-02-11  Alex Christensen  <achristensen@webkit.org>
+
+        Assert that IDBTransaction::transitionedToFinishing transitions to finishing.
+        https://bugs.webkit.org/show_bug.cgi?id=154061
+
+        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
+        (WebCore::IDBClient::IDBTransaction::transitionedToFinishing):
+        Added assertion that we are transitioning to a finished or finishing state, based on Darin's feedback.
+
+2016-02-11  Enrica Casucci  <enrica@apple.com>
+
+        WebContent process crashes when performing data detection on content with existing data detector links.
+        https://bugs.webkit.org/show_bug.cgi?id=154118
+        rdar://problem/24511860
+
+        Reviewed by Tim Horton.
+
+        The DOM mutation caused by removing the existing links, can shift the range endpoints.
+        We now save the range enpoints as positions so that we can recreate the ranges,
+        if a DOM mutation occurred.
+
+        * editing/cocoa/DataDetection.mm:
+        (WebCore::removeResultLinksFromAnchor):
+        (WebCore::searchForLinkRemovingExistingDDLinks):
+        (WebCore::DataDetection::detectContentInRange):
+
+2016-02-11  Jer Noble  <jer.noble@apple.com>
+
+        Make MediaResourceLoader behave more like a CachedResourceLoader.
+        https://bugs.webkit.org/show_bug.cgi?id=154117
+
+        Reviewed by Alex Christensen.
+
+        MediaResourceLoader currently can only handle a single request at a time. Split the class
+        into two, MediaResourceLoader and MediaResource, effectively wrapping CachedResourceLoader
+        and CachedRawResource respectively. With this devision, the same loader can be used to issue
+        multiple simultaneous resource requests.
+
+        This necessecitates splitting PlatformMediaResource into two classes as well.  To simplify
+        the HTMLMediaElement, MediaPlayer, and MediaPlayerClient APIs, do not require a client
+        object when creating the loader; instead, the client is required to create the resource.
+        This also matches the CachedRawResource API.
+
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::mediaPlayerCreateResourceLoader): Remove the client parameter.
+        * html/HTMLMediaElement.h:
+        * loader/MediaResourceLoader.cpp:
+        (WebCore::MediaResourceLoader::MediaResourceLoader):
+        (WebCore::MediaResourceLoader::~MediaResourceLoader):
+        (WebCore::MediaResourceLoader::requestResource): Renamed from start().
+        (WebCore::MediaResourceLoader::removeResource): Remove resource from live resource list.
+        (WebCore::MediaResource::create): Utility factory.
+        (WebCore::MediaResource::MediaResource):
+        (WebCore::MediaResource::~MediaResource):
+        (WebCore::MediaResource::stop): Moved from MediaResourceLoader.
+        (WebCore::MediaResource::setDefersLoading): Ditto.
+        (WebCore::MediaResource::responseReceived): Ditto.
+        (WebCore::MediaResource::redirectReceived): Ditto.
+        (WebCore::MediaResource::dataSent): Ditto.
+        (WebCore::MediaResource::dataReceived): Ditto.
+        (WebCore::MediaResource::notifyFinished): Ditto.
+        (WebCore::MediaResource::getOrCreateReadBuffer): Ditto.
+        * loader/MediaResourceLoader.h:
+        * platform/graphics/MediaPlayer.cpp:
+        (WebCore::MediaPlayer::createResourceLoader):
+        * platform/graphics/MediaPlayer.h:
+        (WebCore::MediaPlayerClient::mediaPlayerCreateResourceLoader):
+        * platform/graphics/PlatformMediaResourceLoader.h:
+        (WebCore::PlatformMediaResourceClient::~PlatformMediaResourceClient): Renamed from PlatformMediaResourceLoaderClient.
+        (WebCore::PlatformMediaResourceClient::responseReceived): Client methods now take a reference to the resource.
+        (WebCore::PlatformMediaResourceClient::redirectReceived): Ditto.
+        (WebCore::PlatformMediaResourceClient::dataSent): Ditto. 
+        (WebCore::PlatformMediaResourceClient::dataReceived): Ditto.
+        (WebCore::PlatformMediaResourceClient::accessControlCheckFailed): Ditto.
+        (WebCore::PlatformMediaResourceClient::loadFailed): Ditto.
+        (WebCore::PlatformMediaResourceClient::loadFinished): Ditto.
+        (WebCore::PlatformMediaResourceClient::getOrCreateReadBuffer): Ditto.
+        (WebCore::PlatformMediaResourceLoader::PlatformMediaResourceLoader): Ditto.
+        (WebCore::PlatformMediaResource::PlatformMediaResource): 
+        (WebCore::PlatformMediaResource::~PlatformMediaResource): 
+        (WebCore::PlatformMediaResource::setClient):
+        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
+        (webKitWebSrcStart):
+        (webKitWebSrcNeedData):
+        (webKitWebSrcEnoughData):
+        (CachedResourceStreamingClient::getOrCreateReadBuffer):
+        (CachedResourceStreamingClient::responseReceived):
+        (CachedResourceStreamingClient::dataReceived):
+        (CachedResourceStreamingClient::accessControlCheckFailed):
+        (CachedResourceStreamingClient::loadFailed):
+        (CachedResourceStreamingClient::loadFinished):
+
+2016-02-11  Zalan Bujtas  <zalan@apple.com>
+
+        Subpixel rendering: Make focusring painting subpixel aware.
+        https://bugs.webkit.org/show_bug.cgi?id=154111
+
+        Reviewed by David Hyatt.
+
+        Do not integral snap focusring rects while collecting them (use device pixel snapping instead
+        right before passing them to GraphicsContext::drawFocusRing).
+
+        Unable to test.
+
+        * platform/graphics/GraphicsContext.h:
+        * platform/graphics/displaylists/DisplayListItems.h:
+        (WebCore::DisplayList::DrawFocusRingRects::create):
+        (WebCore::DisplayList::DrawFocusRingRects::rects):
+        (WebCore::DisplayList::DrawFocusRingRects::DrawFocusRingRects):
+        * platform/graphics/displaylists/DisplayListRecorder.cpp:
+        (WebCore::DisplayList::Recorder::drawFocusRing):
+        * platform/graphics/displaylists/DisplayListRecorder.h:
+        * platform/graphics/mac/GraphicsContextMac.mm:
+        (WebCore::GraphicsContext::drawFocusRing):
+        * rendering/RenderBlock.cpp:
+        (WebCore::RenderBlock::addFocusRingRectsForInlineChildren):
+        (WebCore::RenderBlock::addFocusRingRects):
+        * rendering/RenderBlock.h:
+        * rendering/RenderBlockFlow.cpp:
+        (WebCore::RenderBlockFlow::addFocusRingRectsForInlineChildren):
+        * rendering/RenderBlockFlow.h:
+        * rendering/RenderBox.cpp:
+        (WebCore::RenderBox::addFocusRingRects):
+        * rendering/RenderBox.h:
+        * rendering/RenderElement.cpp:
+        (WebCore::RenderElement::paintFocusRing):
+        (WebCore::RenderElement::issueRepaintForOutlineAuto):
+        * rendering/RenderInline.cpp:
+        (WebCore::RenderInline::absoluteRects):
+        (WebCore::RenderInline::addFocusRingRects):
+        * rendering/RenderInline.h:
+        * rendering/RenderListBox.cpp:
+        (WebCore::RenderListBox::addFocusRingRects):
+        * rendering/RenderListBox.h:
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::addPDFURLRect):
+        (WebCore::RenderObject::absoluteFocusRingQuads):
+        * rendering/RenderObject.h:
+        (WebCore::RenderObject::addFocusRingRects):
+        * rendering/RenderTextControl.cpp:
+        (WebCore::RenderTextControl::addFocusRingRects):
+        * rendering/RenderTextControl.h:
+        * rendering/svg/RenderSVGContainer.cpp:
+        (WebCore::RenderSVGContainer::addFocusRingRects):
+        * rendering/svg/RenderSVGContainer.h:
+        * rendering/svg/RenderSVGImage.cpp:
+        (WebCore::RenderSVGImage::addFocusRingRects):
+        * rendering/svg/RenderSVGImage.h:
+        * rendering/svg/RenderSVGShape.cpp:
+        (WebCore::RenderSVGShape::addFocusRingRects):
+        * rendering/svg/RenderSVGShape.h:
+
+2016-02-11  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        Addressing post-review comments after r196393
+
+        Unreviewed.
+
+        * css/CSSFontSelector.cpp:
+        (WebCore::CSSFontSelector::getFontFace):
+        * css/CSSSegmentedFontFace.h:
+
+2016-02-11  Antti Koivisto  <antti@apple.com>
+
+        Rename Element::style() to Element::cssomStyle()
+        https://bugs.webkit.org/show_bug.cgi?id=154107
+
+        Reviewed by Alex Christensen.
+
+        It implements the IDL "style" attribute that returns a CSSOM object.
+        Inside WebCore "style" generally refers to a RenderStyle.
+
+        * dom/Element.cpp:
+        (WebCore::Element::hasAttributeNS):
+        (WebCore::Element::cssomStyle):
+        (WebCore::Element::focus):
+        (WebCore::Element::style): Deleted.
+        * dom/Element.h:
+        (WebCore::Element::tagQName):
+        * dom/Element.idl:
+        * dom/StyledElement.cpp:
+        (WebCore::StyledElement::~StyledElement):
+        (WebCore::StyledElement::cssomStyle):
+        (WebCore::StyledElement::style): Deleted.
+        * dom/StyledElement.h:
+        (WebCore::StyledElement::synchronizeStyleAttributeInternal):
+        (WebCore::StyledElement::collectStyleForPresentationAttribute):
+        * editing/Editor.cpp:
+        (WebCore::Editor::applyEditingStyleToElement):
+        * inspector/InspectorCSSAgent.cpp:
+        (WebCore::InspectorCSSAgent::getMatchedStylesForNode):
+        (WebCore::InspectorCSSAgent::getInlineStylesForNode):
+        (WebCore::InspectorCSSAgent::asInspectorStyleSheet):
+        * inspector/InspectorStyleSheet.cpp:
+        (WebCore::InspectorStyleSheetForInlineStyle::didModifyElementAttribute):
+        (WebCore::InspectorStyleSheetForInlineStyle::inlineStyle):
+        (WebCore::InspectorStyleSheetForInlineStyle::elementStyleText):
+        * svg/SVGElement.idl:
+
+2016-02-11  Konstantin Tokarev  <annulen@yandex.ru>
+
+        [cmake] Consolidate TextureMapper file and include dir lists.
+        https://bugs.webkit.org/show_bug.cgi?id=154106
+
+        Reviewed by Michael Catanzaro.
+
+        No new tests needed.
+
+        * CMakeLists.txt: Moved texmap include dir and source list to
+        TextureMapper.cmake, removed non-existent include dir "filters/texmap".
+        * PlatformEfl.cmake: Moved texmap and coordinatedgraphics include
+        dirs and source list to TextureMapper.cmake.
+        * PlatformGTK.cmake: Ditto, also removed non-existent include dir
+        "texmap/threadedcompositor"
+        * PlatformWinCairo.cmake: Moved texmap files to TextureMapper.cmake.
+        * platform/TextureMapper.cmake: Added.
+
+2016-02-11  Chris Dumez  <cdumez@apple.com>
+
+        Move 'length' property to the prototype
+        https://bugs.webkit.org/show_bug.cgi?id=154051
+        <rdar://problem/24577385>
+
+        Reviewed by Darin Adler.
+
+        Move 'length' property to the prototype, where it should be. We used to
+        keep it on the instance because our implementation of
+        getOwnPropertySlot() was wrong for interfaces with a named property
+        getter. However, our implementation of getOwnPropertySlot() is now
+        spec-compliant so this should be OK.
+
+        Moving 'length' to the prototype is also a little bit risky in terms of
+        performance, especially for HTMLCollection / NodeList. However, I did
+        not see an impact on realistic benchmarks like Speedometer and only saw
+        a small impact (< 5%) on micro-benchmarks. I propose we make our behavior
+        correct and monitor performance. If we see any benchmark we care about
+        regress then we should try and optimize while keeping the attribute on
+        the prototype.
+
+        No new tests, already covered by existing tests.
+
+        * bindings/js/JSDOMBinding.h:
+        (WebCore::getStaticValueSlotEntryWithoutCaching):
+        * bindings/js/JSHTMLDocumentCustom.cpp:
+        (WebCore::JSHTMLDocument::getOwnPropertySlot):
+        (WebCore::JSHTMLDocument::nameGetter): Deleted.
+        * bindings/js/JSLocationCustom.cpp:
+        (WebCore::JSLocation::putDelegate):
+        * bindings/js/JSPluginElementFunctions.h:
+        (WebCore::pluginElementCustomGetOwnPropertySlot):
+        * bindings/js/JSStorageCustom.cpp:
+        (WebCore::JSStorage::deleteProperty):
+        (WebCore::JSStorage::deletePropertyByIndex):
+        (WebCore::JSStorage::putDelegate):
+        Leverage the new hasStaticPropertyTable static property in the
+        generated bindings for performance.
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateHeader):
+        Generate a "hasStaticPropertyTable" static const boolean property
+        for each bindings class so we can check at build time if
+        ClassInfo::staticPropHashTable is null.
+
+        (AttributeShouldBeOnInstance):
+        Move "length" to the prototype.
+
+        * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
+        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
+        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
+        * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
+        * bindings/scripts/test/JS/JSTestEventConstructor.h:
+        * bindings/scripts/test/JS/JSTestEventTarget.h:
+        * bindings/scripts/test/JS/JSTestException.h:
+        * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
+        * bindings/scripts/test/JS/JSTestInterface.h:
+        * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h:
+        * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
+        * bindings/scripts/test/JS/JSTestNamedConstructor.h:
+        * bindings/scripts/test/JS/JSTestNode.h:
+        * bindings/scripts/test/JS/JSTestNondeterministic.h:
+        * bindings/scripts/test/JS/JSTestObj.h:
+        * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
+        * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
+        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
+        * bindings/scripts/test/JS/JSTestTypedefs.h:
+        * bindings/scripts/test/JS/JSattribute.h:
+        * bindings/scripts/test/JS/JSreadonly.h:
+        Rebaseline bindings tests.
+
+
+2016-02-11  Csaba Osztrogonác  <ossy@webkit.org>
+
+        Fix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
+        https://bugs.webkit.org/show_bug.cgi?id=154035
+
+        Reviewed by Antti Koivisto.
+
+        Follow-up fix after r196365. Removed guards around slotNodeIndex.
+
+        * dom/ComposedTreeIterator.h:
+        (WebCore::ComposedTreeIterator::Context::Context):
+
+2016-02-10  Ryan Haddad  <ryanhaddad@apple.com>
+
+        Updating bindings test reference file for JSTestEventConstructor.cpp after r196400
+
+        Unreviewed test gardening.
+
+        No new tests needed.
+
+        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
+        (WebCore::JSTestEventConstructorConstructor::construct):
+
+2016-02-10  Eric Carlson  <eric.carlson@apple.com>
+
+        Update "manual" caption track logic
+        https://bugs.webkit.org/show_bug.cgi?id=154084
+        <rdar://problem/24530516>
+
+        Reviewed by Dean Jackson.
+
+        No new tests, media/track/track-manual-mode.html was updated.
+
+        * English.lproj/Localizable.strings: Add new string.
+
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::addTextTrack): track.setManualSelectionMode is no more.
+        (WebCore::HTMLMediaElement::configureTextTrackGroup): Never enable a track automatically when
+          in manual selection mode.
+        (WebCore::HTMLMediaElement::captionPreferencesChanged):  track.setManualSelectionMode is no more.
+
+        * html/track/TextTrack.cpp:
+        (WebCore::TextTrack::containsOnlyForcedSubtitles): Return true for forced tracks.
+        (WebCore::TextTrack::kind): Deleted.
+        * html/track/TextTrack.h:
+
+        * html/track/TrackBase.h:
+        (WebCore::TrackBase::kind): De-virtualize, nobody overrides it.
+
+        * page/CaptionUserPreferencesMediaAF.cpp:
+        (WebCore::trackDisplayName): Include "forced" in the name of forced tracks.
+
+        * platform/LocalizedStrings.cpp:
+        (WebCore::forcedTrackMenuItemText): New.
+        * platform/LocalizedStrings.h:
+
+2016-02-10  Jiewen Tan  <jiewen_tan@apple.com>
+
+        Rename *Event::create* which creates events for bindings to *Event::createForBindings* and cleanup corresponding paths
+        https://bugs.webkit.org/show_bug.cgi?id=153903
+        <rdar://problem/24518146>
+
+        Reviewed by Darin Adler.
+
+        Rename Event::create(const AtomicString&, const EventInit&) to Event::createForBindings
+        (const AtomicString&, const EventInit&) and for all the subclasses as well in order to
+        support Event.isTrusted. Besides, some of the subclasses use the create method for bindings
+        to create events not for bindings and vice versa. Therefore, this patch also cleanup
+        corresponding paths to ensure no misuse of the create mehtod. The same for Event::create()
+        as it is combined with Event::initEvent to create an event for bindings for legacy content.
+
+        After this patch, all call sites of *Event::create* are supposed to use *Event::create
+        to create events for user agent and *Event::createForBindings for bindings.
+
+        No change in behavior.
+
+        * Modules/airplay/WebKitPlaybackTargetAvailabilityEvent.h:
+        (WebCore::WebKitPlaybackTargetAvailabilityEvent::create):
+        (WebCore::WebKitPlaybackTargetAvailabilityEvent::createForBindings):
+        (WebCore::WebKitPlaybackTargetAvailabilityEventInit::WebKitPlaybackTargetAvailabilityEventInit): Deleted.
+        * Modules/encryptedmedia/MediaKeyMessageEvent.cpp:
+        (WebCore::MediaKeyMessageEvent::MediaKeyMessageEvent):
+        (WebCore::MediaKeyMessageEventInit::MediaKeyMessageEventInit): Deleted.
+        * Modules/encryptedmedia/MediaKeyMessageEvent.h:
+        (WebCore::MediaKeyMessageEvent::create):
+        (WebCore::MediaKeyMessageEvent::createForBindings):
+        * Modules/encryptedmedia/MediaKeyNeededEvent.cpp:
+        (WebCore::MediaKeyNeededEvent::MediaKeyNeededEvent):
+        (WebCore::MediaKeyNeededEventInit::MediaKeyNeededEventInit): Deleted.
+        * Modules/encryptedmedia/MediaKeyNeededEvent.h:
+        (WebCore::MediaKeyNeededEvent::create):
+        (WebCore::MediaKeyNeededEvent::createForBindings):
+        * Modules/encryptedmedia/MediaKeySession.cpp:
+        (WebCore::MediaKeySession::sendMessage):
+        * Modules/gamepad/GamepadEvent.h:
+        (WebCore::GamepadEvent::create):
+        (WebCore::GamepadEvent::createForBindings):
+        (WebCore::GamepadEventInit::GamepadEventInit): Deleted.
+        * Modules/indieui/UIRequestEvent.cpp:
+        (WebCore::UIRequestEvent::createForBindings):
+        (WebCore::UIRequestEvent::UIRequestEvent):
+        (WebCore::UIRequestEventInit::UIRequestEventInit): Deleted.
+        (WebCore::UIRequestEvent::create): Deleted.
+        * Modules/indieui/UIRequestEvent.h:
+        * Modules/mediastream/MediaStreamEvent.cpp:
+        (WebCore::MediaStreamEvent::createForBindings):
+        (WebCore::MediaStreamEventInit::MediaStreamEventInit): Deleted.
+        (WebCore::MediaStreamEvent::create): Deleted.
+        * Modules/mediastream/MediaStreamEvent.h:
+        * Modules/mediastream/MediaStreamTrackEvent.cpp:
+        (WebCore::MediaStreamTrackEvent::createForBindings):
+        (WebCore::MediaStreamTrackEventInit::MediaStreamTrackEventInit): Deleted.
+        (WebCore::MediaStreamTrackEvent::create): Deleted.
+        * Modules/mediastream/MediaStreamTrackEvent.h:
+        * Modules/mediastream/RTCDTMFToneChangeEvent.cpp:
+        (WebCore::RTCDTMFToneChangeEvent::createForBindings):
+        (WebCore::RTCDTMFToneChangeEvent::create): Deleted.
+        * Modules/mediastream/RTCDTMFToneChangeEvent.h:
+        * Modules/mediastream/RTCDataChannelEvent.cpp:
+        (WebCore::RTCDataChannelEvent::createForBindings):
+        (WebCore::RTCDataChannelEvent::create): Deleted.
+        * Modules/mediastream/RTCDataChannelEvent.h:
+        * Modules/mediastream/RTCIceCandidateEvent.cpp:
+        (WebCore::RTCIceCandidateEvent::createForBindings):
+        (WebCore::RTCIceCandidateEvent::create): Deleted.
+        * Modules/mediastream/RTCIceCandidateEvent.h:
+        * Modules/mediastream/RTCTrackEvent.cpp:
+        (WebCore::RTCTrackEvent::createForBindings):
+        (WebCore::RTCTrackEventInit::RTCTrackEventInit): Deleted.
+        (WebCore::RTCTrackEvent::create): Deleted.
+        * Modules/mediastream/RTCTrackEvent.h:
+        * Modules/speech/SpeechSynthesisEvent.cpp:
+        (WebCore::SpeechSynthesisEvent::createForBindings):
+        (WebCore::SpeechSynthesisEvent::create):
+        (WebCore::SpeechSynthesisEvent::SpeechSynthesisEvent):
+        * Modules/speech/SpeechSynthesisEvent.h:
+        * Modules/webaudio/AudioProcessingEvent.cpp:
+        (WebCore::AudioProcessingEvent::create): Deleted.
+        * Modules/webaudio/AudioProcessingEvent.h:
+        (WebCore::AudioProcessingEvent::create):
+        (WebCore::AudioProcessingEvent::createForBindings):
+        * Modules/webaudio/OfflineAudioCompletionEvent.cpp:
+        (WebCore::OfflineAudioCompletionEvent::createForBindings):
+        (WebCore::OfflineAudioCompletionEvent::create): Deleted.
+        * Modules/webaudio/OfflineAudioCompletionEvent.h:
+        * Modules/websockets/CloseEvent.h:
+        (WebCore::CloseEvent::create):
+        (WebCore::CloseEvent::createForBindings):
+        (WebCore::CloseEvent::CloseEvent):
+        (WebCore::CloseEventInit::CloseEventInit): Deleted.
+        * bindings/objc/DOM.mm:
+        (-[DOMNode nextFocusNode]):
+        (-[DOMNode previousFocusNode]):
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateConstructorDefinition):
+        * dom/AnimationEvent.cpp:
+        (WebCore::AnimationEventInit::AnimationEventInit): Deleted.
+        * dom/AnimationEvent.h:
+        * dom/BeforeLoadEvent.h:
+        (WebCore::BeforeLoadEventInit::BeforeLoadEventInit): Deleted.
+        * dom/ClipboardEvent.h:
+        * dom/CompositionEvent.cpp:
+        (WebCore::CompositionEventInit::CompositionEventInit): Deleted.
+        * dom/CompositionEvent.h:
+        * dom/CustomEvent.cpp:
+        (WebCore::CustomEventInit::CustomEventInit): Deleted.
+        * dom/CustomEvent.h:
+        * dom/DeviceMotionEvent.h:
+        * dom/DeviceOrientationEvent.h:
+        * dom/Document.cpp:
+        (WebCore::Document::createEvent):
+        * dom/Element.cpp:
+        (WebCore::Element::dispatchMouseEvent):
+        * dom/ErrorEvent.cpp:
+        (WebCore::ErrorEventInit::ErrorEventInit): Deleted.
+        * dom/ErrorEvent.h:
+        * dom/Event.cpp:
+        (WebCore::EventInit::EventInit): Deleted.
+        * dom/Event.h:
+        (WebCore::Event::createForBindings):
+        (WebCore::Event::create): Deleted.
+        * dom/FocusEvent.cpp:
+        (WebCore::FocusEventInit::FocusEventInit): Deleted.
+        * dom/FocusEvent.h:
+        * dom/HashChangeEvent.h:
+        (WebCore::HashChangeEventInit::HashChangeEventInit): Deleted.
+        * dom/KeyboardEvent.cpp:
+        (WebCore::KeyboardEvent::KeyboardEvent):
+        (WebCore::KeyboardEventInit::KeyboardEventInit): Deleted.
+        * dom/KeyboardEvent.h:
+        * dom/MessageEvent.cpp:
+        (WebCore::MessageEvent::MessageEvent):
+        (WebCore::MessageEventInit::MessageEventInit): Deleted.
+        * dom/MessageEvent.h:
+        * dom/MouseEvent.cpp:
+        (WebCore::MouseEvent::createForBindings):
+        (WebCore::MouseEvent::create):
+        (WebCore::MouseEvent::MouseEvent):
+        (WebCore::MouseEvent::cloneFor):
+        (WebCore::MouseEventInit::MouseEventInit): Deleted.
+        * dom/MouseEvent.h:
+        (WebCore::MouseEvent::createForBindings):
+        (WebCore::MouseEvent::create): Deleted.
+        * dom/MouseRelatedEvent.cpp:
+        (WebCore::MouseRelatedEvent::MouseRelatedEvent):
+        (WebCore::MouseRelatedEvent::init):
+        * dom/MouseRelatedEvent.h:
+        (WebCore::MouseRelatedEvent::screenX):
+        (WebCore::MouseRelatedEvent::screenY):
+        (WebCore::MouseRelatedEvent::screenLocation):
+        (WebCore::MouseRelatedEvent::clientX):
+        (WebCore::MouseRelatedEvent::clientY):
+        (WebCore::MouseRelatedEvent::movementX):
+        (WebCore::MouseRelatedEvent::movementY):
+        (WebCore::MouseRelatedEvent::clientLocation):
+        (WebCore::MouseRelatedEvent::isSimulated):
+        (WebCore::MouseRelatedEvent::absoluteLocation):
+        (WebCore::MouseRelatedEvent::setAbsoluteLocation):
+        * dom/MutationEvent.h:
+        * dom/OverflowEvent.cpp:
+        (WebCore::OverflowEvent::OverflowEvent):
+        (WebCore::OverflowEvent::initOverflowEvent):
+        (WebCore::OverflowEventInit::OverflowEventInit): Deleted.
+        * dom/OverflowEvent.h:
+        * dom/PageTransitionEvent.cpp:
+        (WebCore::PageTransitionEventInit::PageTransitionEventInit): Deleted.
+        * dom/PageTransitionEvent.h:
+        * dom/PopStateEvent.cpp:
+        (WebCore::PopStateEvent::createForBindings):
+        (WebCore::PopStateEventInit::PopStateEventInit): Deleted.
+        (WebCore::PopStateEvent::PopStateEvent): Deleted.
+        (WebCore::PopStateEvent::create): Deleted.
+        * dom/PopStateEvent.h:
+        * dom/ProgressEvent.cpp:
+        (WebCore::ProgressEventInit::ProgressEventInit): Deleted.
+        * dom/ProgressEvent.h:
+        (WebCore::ProgressEvent::createForBindings):
+        (WebCore::ProgressEvent::create): Deleted.
+        * dom/SecurityPolicyViolationEvent.h:
+        (WebCore::SecurityPolicyViolationEventInit::SecurityPolicyViolationEventInit): Deleted.
+        * dom/TextEvent.cpp:
+        (WebCore::TextEvent::createForBindings):
+        (WebCore::TextEvent::create): Deleted.
+        * dom/TextEvent.h:
+        * dom/TouchEvent.h:
+        * dom/TransitionEvent.cpp:
+        (WebCore::TransitionEventInit::TransitionEventInit): Deleted.
+        * dom/TransitionEvent.h:
+        * dom/UIEvent.cpp:
+        (WebCore::UIEventInit::UIEventInit): Deleted.
+        * dom/UIEvent.h:
+        (WebCore::UIEvent::createForBindings):
+        (WebCore::UIEvent::create): Deleted.
+        * dom/UIEventWithKeyState.h:
+        (WebCore::UIEventWithKeyState::ctrlKey):
+        (WebCore::UIEventWithKeyState::shiftKey):
+        (WebCore::UIEventWithKeyState::altKey):
+        (WebCore::UIEventWithKeyState::metaKey):
+        (WebCore::UIEventWithKeyState::UIEventWithKeyState):
+        * dom/WebKitAnimationEvent.cpp:
+        (WebCore::WebKitAnimationEventInit::WebKitAnimationEventInit): Deleted.
+        * dom/WebKitAnimationEvent.h:
+        * dom/WebKitTransitionEvent.cpp:
+        (WebCore::WebKitTransitionEventInit::WebKitTransitionEventInit): Deleted.
+        * dom/WebKitTransitionEvent.h:
+        * dom/WheelEvent.h:
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::mediaPlayerKeyAdded):
+        (WebCore::HTMLMediaElement::mediaPlayerKeyError):
+        (WebCore::HTMLMediaElement::mediaPlayerKeyMessage):
+        (WebCore::HTMLMediaElement::mediaPlayerKeyNeeded):
+        * html/MediaKeyEvent.cpp:
+        (WebCore::MediaKeyEvent::MediaKeyEvent):
+        (WebCore::MediaKeyEventInit::MediaKeyEventInit): Deleted.
+        * html/MediaKeyEvent.h:
+        * html/canvas/WebGLContextEvent.cpp:
+        (WebCore::WebGLContextEventInit::WebGLContextEventInit): Deleted.
+        * html/canvas/WebGLContextEvent.h:
+        * html/track/TrackEvent.cpp:
+        (WebCore::TrackEvent::TrackEvent):
+        (WebCore::TrackEventInit::TrackEventInit): Deleted.
+        * html/track/TrackEvent.h:
+        * html/track/TrackListBase.cpp:
+        (TrackListBase::scheduleTrackEvent):
+        (TrackListBase::scheduleChangeEvent):
+        * page/EventSource.cpp:
+        (WebCore::EventSource::createMessageEvent):
+        * page/csp/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::reportViolation):
+        (WebCore::gatherSecurityPolicyViolationEventData): Deleted.
+        * storage/StorageEvent.cpp:
+        (WebCore::StorageEvent::createForBindings):
+        (WebCore::StorageEventInit::StorageEventInit): Deleted.
+        (WebCore::StorageEvent::create): Deleted.
+        * storage/StorageEvent.h:
+        * svg/SVGZoomEvent.h:
+        (WebCore::SVGZoomEvent::createForBindings):
+        (WebCore::SVGZoomEvent::create): Deleted.
+        * xml/XMLHttpRequestProgressEvent.h:
+        (WebCore::XMLHttpRequestProgressEvent::createForBindings):
+        (WebCore::XMLHttpRequestProgressEvent::create): Deleted.
+
+2016-02-10  Ryan Haddad  <ryanhaddad@apple.com>
+
+        Rebaselining bindings tests
+
+        Unreviewed test gardening.
+
+        No new tests needed.
+
+        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
+        * bindings/scripts/test/JS/JSTestCallback.cpp:
+        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
+        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
+        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
+        * bindings/scripts/test/JS/JSTestException.cpp:
+        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
+        * bindings/scripts/test/JS/JSTestInterface.cpp:
+        * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
+        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
+        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
+        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
+        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
+        * bindings/scripts/test/JS/JSattribute.cpp:
+        * bindings/scripts/test/JS/JSreadonly.cpp:
+
+2016-02-10  Konstantin Tokarev  <annulen@yandex.ru>
+
+        [cmake] Consolidate CMake code related to image decoders.
+        https://bugs.webkit.org/show_bug.cgi?id=154074
+
+        Reviewed by Alex Christensen.
+
+        Common image decoder sources, includes and libs are moved to
+        platform/ImageDecoders.cmake.
+
+        Also, added include directories of libjpeg and libpng to
+        WebCore_SYSTEM_INCLUDE_DIRECTORIES.
+
+        No new tests needed.
+
+        * CMakeLists.txt: Moved common include paths to ImageDecoders.cmake.
+        * PlatformEfl.cmake: Moved common sources and libs to ImageDecoders.cmake.
+        * PlatformGTK.cmake: Ditto.
+        * PlatformWinCairo.cmake: Moved common sources to ImageDecoders.cmake.
+        * platform/ImageDecoders.cmake: Added.
+
+2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        CSSSegmentedFontFace does not need to be reference counted
+        https://bugs.webkit.org/show_bug.cgi?id=154083
+
+        Reviewed by Antti Koivisto.
+
+        ...There is only ever a single reference to one.
+
+        No new tests because there is no behavior change.
+
+        * css/CSSFontSelector.cpp:
+        (WebCore::CSSFontSelector::getFontFace):
+        * css/CSSFontSelector.h:
+        * css/CSSSegmentedFontFace.h:
+        (WebCore::CSSSegmentedFontFace::create): Deleted.
+
+2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        FontCache's clients should use references instead of pointers
+        https://bugs.webkit.org/show_bug.cgi?id=154085
+
+        Reviewed by Antti Koivisto.
+
+        They are never null.
+
+        No new tests because there is no behavior change.
+
+        * css/CSSFontSelector.cpp:
+        (WebCore::CSSFontSelector::CSSFontSelector):
+        (WebCore::CSSFontSelector::~CSSFontSelector):
+        * platform/graphics/FontCache.cpp:
+        (WebCore::FontCache::addClient):
+        (WebCore::FontCache::removeClient):
+        * platform/graphics/FontCache.h:
+
+2016-02-10  Chris Dumez  <cdumez@apple.com>
+
+        [Web IDL] interface objects should be Function objects
+        https://bugs.webkit.org/show_bug.cgi?id=154038
+        <rdar://problem/24569358>
+
+        Reviewed by Geoffrey Garen.
+
+        interface objects should be Function objects as per Web IDL:
+        - http://heycam.github.io/webidl/#interface-object
+        - http://heycam.github.io/webidl/#es-interfaces
+
+        So window.Event should be a Function object for e.g. but in WebKit it
+        is a regular EventConstructor JSObject.
+        Firefox and Chrome match the specification.
+
+        Test: js/interface-objects.html
+
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::callThrowTypeError):
+        (WebCore::DOMConstructorObject::getCallData):
+        When calling the interface object as a function, we throw a TypeError
+        with a message asking to use the 'new' operator to match the behavior
+        of Firefox and Chrome.
+
+        * bindings/js/JSDOMBinding.h:
+        Add JSC::TypeOfShouldCallGetCallData structure flag and implement
+        getCallData() so that typeof returns "function", as per the
+        specification and the behavior of other browsers.
+
+        (WebCore::DOMConstructorObject::className):
+        Implement className() and return "Function" to match the specification and
+        other browsers. Otherwise, it would fall back to using ClassInfo::className
+        which os the function name and interface name (e.g. "Event").
+
+        * bindings/js/JSDOMConstructor.h:
+        (WebCore::JSDOMConstructorNotConstructable::callThrowTypeError):
+        (WebCore::JSDOMConstructorNotConstructable::getCallData):
+        As per the specification, interfaces that do not have a [Constructor]
+        should throw a TypeError when called as a function. Use the "Illegal
+        constructor" error message to match Firefox and Chrome.
+
+        * bindings/js/JSDOMGlobalObject.h:
+        (WebCore::getDOMConstructor):
+        Instead of using objectPrototype as prototype for all DOM constructors,
+        we now call the prototypeForStructure() static function that is
+        generated for each bindings class. As per the Web IDL specification,
+        The [[Prototype]] internal property of an interface object for a
+        non-callback interface is determined as follows:
+        1. If the interface inherits from some other interface, the value of
+           [[Prototype]] is the interface object for that other interface.
+        2. If the interface doesn't inherit from any other interface, the value
+           of [[Prototype]] is %FunctionPrototype% ([ECMA-262], section 6.1.7.4).
+
+        * bindings/js/JSImageConstructor.cpp:
+        (WebCore::JSImageConstructor::prototypeForStructure):
+        Have the Image's interface object use HTMLElement's interface object
+        as prototype as HTMLImageElement inherits HTMLElement.
+
+        * bindings/scripts/CodeGenerator.pm:
+        (getInterfaceExtendedAttributesFromName):
+        Add a utility function to cheaply retrieve an interface's IDL extended
+        attributes without actually parsing the IDL. This is used to check if
+        an interface's parent is marked as [NoInterfaceObject] currently.
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateHeader):
+        (GenerateImplementation):
+        (GenerateCallbackHeader):
+        (GenerateCallbackImplementation):
+        Mark JSGlobalObject* parameter as const as the implementation does not
+        alter the globalObject.
+
+        (GenerateConstructorHelperMethods):
+        - Generate prototypeForStructure() function for each bindings class that
+          is not marked as [NoInterfaceObject] so getDOMConstructor() knows which
+          prototype to use for the interface object / constructor when constructing
+          it.
+        - Use the interface name for the interface object, without the "Constructor"
+          suffix, to match the behavior of Firefox and Chrome.
+
+        * bindings/scripts/test/*:
+        Rebaseline bindings tests.
+
+2016-02-10  Jer Noble  <jer.noble@apple.com>
+
+        [Mac] Graphical corruption in videos when enabling custom loading path
+        https://bugs.webkit.org/show_bug.cgi?id=154044
+
+        Reviewed by Alex Christensen.
+
+        Revert the "Drive-by fix" in r196345 as it breaks the WebCoreNSURLSessionTests.BasicOperation API test.
+
+        * platform/network/cocoa/WebCoreNSURLSession.mm:
+        (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
+
+2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        CSSSegmentedFontFace does not need to be reference counted
+        https://bugs.webkit.org/show_bug.cgi?id=154083
+
+        Reviewed by Antti Koivisto.
+
+        ...There is only ever a single reference to one.
+
+        No new tests because there is no behavior change.
+
+        * css/CSSFontSelector.cpp:
+        (WebCore::CSSFontSelector::getFontFace):
+        * css/CSSFontSelector.h:
+        * css/CSSSegmentedFontFace.h:
+        (WebCore::CSSSegmentedFontFace::create): Deleted.
+
+2016-02-10  Antti Koivisto  <antti@apple.com>
+
+        Optimize style invalidation after class attribute change
+        https://bugs.webkit.org/show_bug.cgi?id=154075
+        rdar://problem/12526450
+
+        Reviewed by Andreas Kling.
+
+        Currently a class attribute change invalidates style for the entire element subtree for any class found in the
+        active stylesheet set.
+
+        This patch optimizes class changes by building a new optimization structure called ancestorClassRules. It contains
+        rules that have class selectors in the portion of the complex selector that matches ancestor elements. The sets
+        of rules are hashes by the class name.
+
+        On class attribute change the existing StyleInvalidationAnalysis mechanism is used with ancestorClassRules to invalidate
+        exactly those descendants that are affected by the addition or removal of the class name. This is fast because the CSS JIT
+        makes selector matching cheap and the number of relevant rules is typically small.
+
+        This optimization is very effective on many dynamic pages. For example when focusing and unfocusing the web inspector it
+        cuts down the number of resolved elements from ~1000 to ~50. Even in PLT it reduces the number of resolved elements by ~11%.
+
+        * css/DocumentRuleSets.cpp:
+        (WebCore::DocumentRuleSets::collectFeatures):
+        (WebCore::DocumentRuleSets::ancestorClassRules):
+
+            Create optimization RuleSets on-demand when there is an actual dynamic class change.
+
+        * css/DocumentRuleSets.h:
+        (WebCore::DocumentRuleSets::features):
+        (WebCore::DocumentRuleSets::sibling):
+        (WebCore::DocumentRuleSets::uncommonAttribute):
+        * css/ElementRuleCollector.cpp:
+        (WebCore::ElementRuleCollector::ElementRuleCollector):
+
+            Add a new constructor that doesn't requires DocumentRuleSets. Only the user and author style is required.
+
+        (WebCore::ElementRuleCollector::matchAuthorRules):
+        (WebCore::ElementRuleCollector::matchUserRules):
+        * css/ElementRuleCollector.h:
+        * css/RuleFeature.cpp:
+        (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
+
+            Collect class names that show up in the ancestor portion of the selector.
+            Make this a member.
+
+        (WebCore::RuleFeatureSet::collectFeatures):
+
+            Move this code from RuleData.
+            Add the rule to ancestorClassRules if needed.
+
+        (WebCore::RuleFeatureSet::add):
+        (WebCore::RuleFeatureSet::clear):
+        (WebCore::RuleFeatureSet::shrinkToFit):
+        (WebCore::recursivelyCollectFeaturesFromSelector): Deleted.
+        (WebCore::RuleFeatureSet::collectFeaturesFromSelector): Deleted.
+        * css/RuleFeature.h:
+        (WebCore::RuleFeature::RuleFeature):
+        (WebCore::RuleFeatureSet::RuleFeatureSet): Deleted.
+        * css/RuleSet.cpp:
+        (WebCore::RuleData::RuleData):
+        (WebCore::RuleSet::RuleSet):
+        (WebCore::RuleSet::~RuleSet):
+        (WebCore::RuleSet::addToRuleSet):
+        (WebCore::RuleSet::addRule):
+        (WebCore::RuleSet::addRulesFromSheet):
+        (WebCore::collectFeaturesFromRuleData): Deleted.
+        * css/RuleSet.h:
+        (WebCore::RuleSet::tagRules):
+        (WebCore::RuleSet::RuleSet): Deleted.
+        * css/StyleInvalidationAnalysis.cpp:
+        (WebCore::shouldDirtyAllStyle):
+        (WebCore::StyleInvalidationAnalysis::StyleInvalidationAnalysis):
+
+            Add a new constructor that takes a ready made RuleSet instead of a stylesheet.
+
+        (WebCore::StyleInvalidationAnalysis::invalidateIfNeeded):
+        (WebCore::StyleInvalidationAnalysis::invalidateStyleForTree):
+        (WebCore::StyleInvalidationAnalysis::invalidateStyle):
+        (WebCore::StyleInvalidationAnalysis::invalidateStyle):
+
+            New function for invalidating a subtree instead of the whole document.
+
+        * css/StyleInvalidationAnalysis.h:
+        (WebCore::StyleInvalidationAnalysis::dirtiesAllStyle):
+        (WebCore::StyleInvalidationAnalysis::hasShadowPseudoElementRulesInAuthorSheet):
+        * dom/Element.cpp:
+        (WebCore::classStringHasClassName):
+        (WebCore::collectClasses):
+        (WebCore::computeClassChange):
+
+            Factor to return the changed classes.
+
+        (WebCore::invalidateStyleForClassChange):
+
+            First filter out classes that don't show up in stylesheets. If something remains invalidate the current
+            element for inline style change (that is a style change that doesn't affect descendants).
+
+            Next check if there are any ancestorClassRules for the changed class. If so use the StyleInvalidationAnalysis
+            to find any affected descendants and invalidate them with inline style change as well.
+
+        (WebCore::Element::classAttributeChanged):
+
+            Invalidate for removed classes before setting new attribute value, invalidate for added classes afterwards.
+
+        (WebCore::Element::absoluteLinkURL):
+        (WebCore::checkSelectorForClassChange): Deleted.
+        * dom/ElementData.h:
+        (WebCore::ElementData::setClassNames):
+        (WebCore::ElementData::classNames):
+        (WebCore::ElementData::classNamesMemoryOffset):
+        (WebCore::ElementData::clearClass): Deleted.
+        (WebCore::ElementData::setClass): Deleted.
+
+2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        Addressing post-review comments after r196322
+
+        Unreviwed.
+
+        * css/CSSFontFaceSource.cpp:
+        (WebCore::CSSFontFaceSource::font):
+        * css/CSSFontFaceSource.h:
+
+2016-02-10  Chris Dumez  <cdumez@apple.com>
+
+        Attributes on the Window instance should be configurable unless [Unforgeable]
+        https://bugs.webkit.org/show_bug.cgi?id=153920
+        <rdar://problem/24563211>
+
+        Reviewed by Darin Adler.
+
+        Attributes on the Window instance should be configurable unless [Unforgeable]:
+        1. 'constructor' property:
+           - http://www.w3.org/TR/WebIDL/#interface-prototype-object
+        2. Constructor properties (e.g. window.Node):
+           - http://www.w3.org/TR/WebIDL/#es-interfaces
+        3. IDL attributes:
+           - http://heycam.github.io/webidl/#es-attributes (configurable unless
+             [Unforgeable], e.g. window.location)
+
+        Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.
+
+        Test: fast/dom/Window/window-properties-configurable.html
+
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::JSDOMWindow::getOwnPropertySlot):
+        For known Window properties (i.e. properties in the static property table),
+        if we have reified and this is same-origin access, then call
+        Base::getOwnPropertySlot() to get the property from the local property
+        storage. If we have not reified yet, or this is cross-origin access, query
+        the static property table. This is to match the behavior of Firefox and
+        Chrome which seem to keep returning the original properties upon cross
+        origin access, even if those were deleted or redefined.
+
+        (WebCore::JSDOMWindow::put):
+        The previous code used to call the static property setter for properties in
+        the static table. However, this does not do the right thing if properties
+        were reified. For example, deleting window.name and then trying to set it
+        again would not work. Therefore, update this code to only do this if the
+        properties have not been reified, similarly to what is done in
+        JSObject::putInlineSlow().
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (ConstructorShouldBeOnInstance):
+        Add a FIXME comment indicating that window.constructor should be on
+        the prototype as per the Web IDL specification.
+
+        (GenerateAttributesHashTable):
+        - Mark 'constructor' property as configurable for Window, as per the
+          specification and consistently with other 'constructor' properties:
+          http://www.w3.org/TR/WebIDL/#interface-prototype-object
+        - Mark properties as configurable even though they are on the instance.
+          Window has its properties on the instance as per the specification:
+          1. http://heycam.github.io/webidl/#es-attributes
+          2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
+          However, these properties should be configurable as long as they are
+          not marked as [Unforgeable], as per 1.
+
+        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
+        * bindings/scripts/test/JS/JSTestException.cpp:
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        Rebaseline bindings tests.
+
+2016-02-10  Brady Eidson  <beidson@apple.com>
+
+        Modern IDB: Ref cycle between IDBObjectStore and IDBTransaction.
+        https://bugs.webkit.org/show_bug.cgi?id=154061
+
+        Reviewed by Alex Christensen.
+
+        No new tests (Currently untestable).
+
+        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
+        (WebCore::IDBClient::IDBTransaction::transitionedToFinishing): Make sure the new state makes sense,
+          set the new state, and then clear the set of referenced object stores which is no longer needed.
+        (WebCore::IDBClient::IDBTransaction::abort):
+        (WebCore::IDBClient::IDBTransaction::commit):
+        * Modules/indexeddb/client/IDBTransactionImpl.h:
+
+2016-02-10  Jer Noble  <jer.noble@apple.com>
+
+        REGRESSION(r195770): Use-after-free in ResourceLoaderOptions::cachingPolicy
+        https://bugs.webkit.org/show_bug.cgi?id=153727
+        <rdar://problem/24429886>
+
+        Reviewed by Darin Adler.
+
+        Follow-up after r195965. Only protect those parts of CachedResource::removeClient() which
+        affect the MemoryCache when allowsCaching() is false.
+
+        * loader/cache/CachedResource.cpp:
+        (WebCore::CachedResource::removeClient):
+
+2016-02-10  Csaba Osztrogonác  <ossy@webkit.org>
+
+        Fix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
+        https://bugs.webkit.org/show_bug.cgi?id=154035
+
+        Reviewed by Antti Koivisto.
+
+        * dom/ComposedTreeIterator.h:
+        (WebCore::ComposedTreeIterator::Context::Context):
+
+2016-02-09  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK] Toggle buttons are blurry with GTK+ 3.19
+        https://bugs.webkit.org/show_bug.cgi?id=154007
+
+        Reviewed by Michael Catanzaro.
+
+        Use min-width/min-height style properties when GTK+ >= 3.19.7 to
+        get the size of toggle buttons.
+
+        * rendering/RenderThemeGtk.cpp:
+        (WebCore::setToggleSize):
+        (WebCore::paintToggle):
+
+2016-02-09  Aakash Jain  <aakash_jain@apple.com>
+
+        Headers that use WEBCORE_EXPORT should include PlatformExportMacros.h
+        https://bugs.webkit.org/show_bug.cgi?id=146984
+
+        Reviewed by Alexey Proskuryakov.
+
+        * Modules/speech/SpeechSynthesis.h:
+        * contentextensions/ContentExtensionError.h:
+        * dom/DeviceOrientationClient.h:
+        * platform/graphics/Color.h:
+        * platform/ios/wak/WebCoreThread.h:
+        * platform/network/CacheValidation.h:
+        * platform/network/cf/CertificateInfo.h:
+
+2016-02-09  Nan Wang  <n_wang@apple.com>
+
+        AX: Implement word related text marker functions using TextIterator
+        https://bugs.webkit.org/show_bug.cgi?id=153939
+        <rdar://problem/24269605>
+
+        Reviewed by Chris Fleizach.
+
+        Using CharacterOffset to implement word related text marker calls. Reused
+        logic from previousBoundary and nextBoundary in VisibleUnits class.
+
+        Test: accessibility/mac/text-marker-word-nav.html
+
+        * accessibility/AXObjectCache.cpp:
+        (WebCore::AXObjectCache::traverseToOffsetInRange):
+        (WebCore::AXObjectCache::rangeForNodeContents):
+        (WebCore::isReplacedNodeOrBR):
+        (WebCore::characterOffsetsInOrder):
+        (WebCore::resetNodeAndOffsetForReplacedNode):
+        (WebCore::setRangeStartOrEndWithCharacterOffset):
+        (WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets):
+        (WebCore::AXObjectCache::setTextMarkerDataWithCharacterOffset):
+        (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
+        (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
+        (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
+        (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
+        (WebCore::AXObjectCache::previousNode):
+        (WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
+        (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
+        (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
+        (WebCore::AXObjectCache::nextCharacterOffset):
+        (WebCore::AXObjectCache::previousCharacterOffset):
+        (WebCore::startWordBoundary):
+        (WebCore::endWordBoundary):
+        (WebCore::AXObjectCache::startCharacterOffsetOfWord):
+        (WebCore::AXObjectCache::endCharacterOffsetOfWord):
+        (WebCore::AXObjectCache::previousWordStartCharacterOffset):
+        (WebCore::AXObjectCache::nextWordEndCharacterOffset):
+        (WebCore::AXObjectCache::leftWordRange):
+        (WebCore::AXObjectCache::rightWordRange):
+        (WebCore::characterForCharacterOffset):
+        (WebCore::AXObjectCache::characterAfter):
+        (WebCore::AXObjectCache::characterBefore):
+        (WebCore::parentEditingBoundary):
+        (WebCore::AXObjectCache::nextWordBoundary):
+        (WebCore::AXObjectCache::previousWordBoundary):
+        (WebCore::AXObjectCache::rootAXEditableElement):
+        * accessibility/AXObjectCache.h:
+        (WebCore::AXObjectCache::removeNodeForUse):
+        (WebCore::AXObjectCache::isNodeInUse):
+        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
+        (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]):
+        (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]):
+        (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]):
+        (textMarkerForCharacterOffset):
+        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
+        * editing/VisibleUnits.cpp:
+        (WebCore::rightWordPosition):
+        (WebCore::prepend):
+        (WebCore::appendRepeatedCharacter):
+        (WebCore::suffixLengthForRange):
+        (WebCore::prefixLengthForRange):
+        (WebCore::backwardSearchForBoundaryWithTextIterator):
+        (WebCore::forwardSearchForBoundaryWithTextIterator):
+        (WebCore::previousBoundary):
+        (WebCore::nextBoundary):
+        * editing/VisibleUnits.h:
+
+2016-02-09  Daniel Bates  <dabates@apple.com>
+
+        CSP: Extract helper classes into their own files
+        https://bugs.webkit.org/show_bug.cgi?id=154040
+        <rdar://problem/24571189>
+
+        Reviewed by Brent Fulgham.
+
+        No functionality was changed. So, no new tests.
+
+        * CMakeLists.txt: Add files ContentSecurityPolicy{DirectiveList, MediaListDirective, Source, SourceList, SourceListDirective}.cpp.
+        * WebCore.xcodeproj/project.pbxproj: Ditto.
+        * page/csp/ContentSecurityPolicy.cpp: Clean up #includes. Include header ParsingUtilities.h so that we can remove our own
+        variants of skip{Exactly, Until, While}(). Update code as necessary for class renames.
+        (WebCore::skipExactly): Deleted; instead use the analogous function in ParsingUtilities.h.
+        (WebCore::skipUntil): Deleted; instead use the analogous function in ParsingUtilities.h.
+        (WebCore::skipWhile): Deleted; instead use the analogous function in ParsingUtilities.h.
+        (WebCore::isSourceListNone): Moved to file ContentSecurityPolicySourceList.cpp.
+        (WebCore::CSPSource): Deleted; moved implementation to files ContentSecurityPolicySource.{cpp, h}.
+        (WebCore::CSPSourceList): Deleted; moved implementation to files ContentSecurityPolicySourceList.{cpp, h}.
+        (WebCore::CSPDirective): Deleted; moved implementation to file ContentSecurityPolicyDirective.h.
+        (WebCore::MediaListDirective): Deleted; moved implementation to files ContentSecurityPolicyMediaListDirective.{cpp, h}.
+        (WebCore::SourceListDirective): Deleted; moved implementation to files ContentSecurityPolicySourceListDirective.{cpp, h}.
+        (WebCore::CSPDirectiveList): Deleted; moved implementation to files ContentSecurityPolicyDirectiveList.{cpp, h}.
+        * page/csp/ContentSecurityPolicy.h:
+        * page/csp/ContentSecurityPolicyDirective.h: Added.
+        * page/csp/ContentSecurityPolicyDirectiveList.cpp: Added; removed use of ternary operator where it made the code less readable.
+        Updated code to make use of the functions defined in ParsingUtilities.h.
+        (WebCore::isExperimentalDirectiveName): Moved from file ContentSecurityPolicy.cpp.
+        (WebCore::isCSPDirectiveName): Ditto.
+        (WebCore::isDirectiveNameCharacter): Ditto.
+        (WebCore::isDirectiveValueCharacter): Ditto.
+        (WebCore::isNotASCIISpace): Ditto.
+        * page/csp/ContentSecurityPolicyDirectiveList.h: Added.
+        * page/csp/ContentSecurityPolicyMediaListDirective.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.
+        (WebCore::isMediaTypeCharacter): Moved from file ContentSecurityPolicy.cpp.
+        (WebCore::isNotASCIISpace): Ditto.
+        * page/csp/ContentSecurityPolicyMediaListDirective.h: Added.
+        * page/csp/ContentSecurityPolicySource.cpp: Added.
+        * page/csp/ContentSecurityPolicySource.h: Added.
+        * page/csp/ContentSecurityPolicySourceList.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.
+        (WebCore::isSourceCharacter): Moved from file ContentSecurityPolicy.cpp.
+        (WebCore::isHostCharacter): Ditto.
+        (WebCore::isPathComponentCharacter): Ditto.
+        (WebCore::isSchemeContinuationCharacter): Ditto.
+        (WebCore::isNotColonOrSlash): Ditto.
+        (WebCore::isSourceListNone): Ditto.
+        * page/csp/ContentSecurityPolicySourceList.h: Added.
+        * page/csp/ContentSecurityPolicySourceListDirective.cpp: Added.
+        * page/csp/ContentSecurityPolicySourceListDirective.h: Added.
+
+2016-02-09  Brady Eidson  <beidson@apple.com>
+
+        Modern IDB: TransactionOperation objects leak.
+        https://bugs.webkit.org/show_bug.cgi?id=154054
+
+        Reviewed by Alex Christensen.
+
+        No new tests (Currently untestable).
+
+        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
+        (WebCore::IDBClient::IDBTransaction::abortOnServerAndCancelRequests): Remove the TransactionOperation from
+          the map, as this operation doesn't complete "normally" like most others.
+        (WebCore::IDBClient::IDBTransaction::commitOnServer): Ditto.
+        
+        * Modules/indexeddb/client/TransactionOperation.h:
+        (WebCore::IDBClient::TransactionOperation::perform): Clear the m_performFunction after use,
+          as it holds a lambda that holds a RefPtr to the IDBTransaction, as well as a self-ref.
+        (WebCore::IDBClient::TransactionOperation::completed): Clear m_completeFunction for the same reasons.
+
+2016-02-09  Jer Noble  <jer.noble@apple.com>
+
+        [Mac] Graphical corruption in videos when enabling custom loading path
+        https://bugs.webkit.org/show_bug.cgi?id=154044
+
+        Reviewed by Alex Christensen.
+
+        The NSOperationQueue provided by AVFoundation from the AVAssetResourceLoader queue is not
+        set to be a serial queue. So when adding dataReceived operations to that queue, there exists
+        the possibility that some operations are handled before others, and the client will receieve
+        data out of order.
+
+        A real NSURLSession object will only issue another operation when the first operation
+        completes, so emulate this behavior in WebCoreNSURLSession by using a serial dispatch queue.
+        The internal queue will enqueue an operation to the resource loader's queue, and block until
+        that operation completes, thus ensuring ordering of the data (and other) operations.
+
+        * platform/network/cocoa/WebCoreNSURLSession.h:
+        * platform/network/cocoa/WebCoreNSURLSession.mm:
+        (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Initialize _internalQueue
+        (-[WebCoreNSURLSession addDelegateOperation:]): Added utility method.
+        (-[WebCoreNSURLSession taskCompleted:]): Call -addDelegateOperation:
+        (-[WebCoreNSURLSession finishTasksAndInvalidate]): Ditto.
+        (-[WebCoreNSURLSession resetWithCompletionHandler:]): Ditto.
+        (-[WebCoreNSURLSession flushWithCompletionHandler:]): Ditto.
+        (-[WebCoreNSURLSession getTasksWithCompletionHandler:]): Ditto.
+        (-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]): Ditto.
+        (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Ditto.
+        (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Ditto.
+        (-[WebCoreNSURLSessionDataTask resourceFinished:]): Ditto.
+
+        Drive-by fix:
+        (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Set countOfBytesReceived outside the operation,
+            queue, matching NSURLSessionDataTask's behavior.
+
+2016-02-09  Nan Wang  <n_wang@apple.com>
+
+        [iOS Simulator] accessibility/text-marker/text-marker-range-stale-node-crash.html crashing
+        https://bugs.webkit.org/show_bug.cgi?id=154039
+
+        Reviewed by Chris Fleizach.
+
+        We are accessing the derefed node in the CharacterOffset object, we should create an empty
+        CharacterOffset object if the node is not in use.
+
+        It's covered by the test accessibility/text-marker/text-marker-range-stale-node-crash.html.
+
+        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
+        (-[WebAccessibilityTextMarker characterOffset]):
+        (-[WebAccessibilityTextMarker isIgnored]):
+
+2016-02-09  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        Unreviewed build fix after r196322
+
+        Unreviewed.
+
+        * css/CSSFontFace.cpp:
+        (WebCore::CSSFontFace::font):
+
+2016-02-09  Zalan Bujtas  <zalan@apple.com>
+
+        Outline corners do not align properly for multiline inlines.
+        https://bugs.webkit.org/show_bug.cgi?id=154025
+
+        Reviewed by David Hyatt.
+
+        Adjust border position when outline-offset > 0. This patch also
+        removes integral pixelsnapping (drawLineForBoxSide takes care of
+        device pixelsnapping). 
+
+        Test: fast/inline/outline-corners-with-offset.html
+
+        * rendering/RenderInline.cpp:
+        (WebCore::RenderInline::paintOutlineForLine):
+
+2016-02-09  Jer Noble  <jer.noble@apple.com>
+
+        [Mac] Adopt NSURLSession properties in AVAssetResourceLoader
+
+        Rubber-stamped by Eric Carlson;
+
+        Set the correct global variable from setAVFoundationNSURLSessionEnabled().
+
+        * page/Settings.cpp:
+        (WebCore::Settings::setAVFoundationNSURLSessionEnabled):
+
+2016-02-07  Gavin Barraclough  <barraclough@apple.com>
+
+        GetValueFunc/PutValueFunc should not take both slotBase and thisValue
+        https://bugs.webkit.org/show_bug.cgi?id=154009
+
+        Reviewed by Geoff Garen.
+
+        In JavaScript there are two types of properties - regular value properties, and accessor properties.
+        One difference between these is how they are reflected by getOwnPropertyDescriptor, and another is
+        what object they operate on in the case of a prototype access. If you access a value property of a
+        prototype object it return a value pertinent to the prototype, but in the case of a prototype object
+        returning an accessor, then the accessor function is applied to the base object of the access.
+
+        JSC supports special 'custom' properties implemented as a c++ callback, and these custom properties
+        can be used to implement either value- or accessor-like behavior. getOwnPropertyDescriptor behavior
+        is selected via the CustomAccessor attribute. Value- or accessor-like object selection is current
+        supported by passing both the slotBase and the thisValue to the callback,and hoping it uses the
+        right one. This is probably inefficient, bug-prone, and leads to crazy like JSBoundSlotBaseFunction.
+
+        Instead, just pass one thisValue to the callback functions, consistent with CustomAccessor.
+
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::printErrorMessageForFrame):
+        (WebCore::objectToStringFunctionGetter):
+        * bindings/js/JSDOMBinding.h:
+        (WebCore::propertyNameToString):
+        (WebCore::getStaticValueSlotEntryWithoutCaching<JSDOMObject>):
+        (WebCore::nonCachingStaticFunctionGetter):
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::JSDOMWindow::visitAdditionalChildren):
+        (WebCore::childFrameGetter):
+        (WebCore::namedItemGetter):
+        (WebCore::jsDOMWindowWebKit):
+        (WebCore::jsDOMWindowIndexedDB):
+            - add missing null check, in case indexDB acessor is applied to non-window object.
+        * bindings/js/JSPluginElementFunctions.cpp:
+        (WebCore::pluginScriptObject):
+        (WebCore::pluginElementPropertyGetter):
+        * bindings/js/JSPluginElementFunctions.h:
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateHeader):
+        (GenerateImplementation):
+        * bridge/runtime_array.cpp:
+        (JSC::RuntimeArray::destroy):
+        (JSC::RuntimeArray::lengthGetter):
+        * bridge/runtime_array.h:
+        * bridge/runtime_method.cpp:
+        (JSC::RuntimeMethod::finishCreation):
+        (JSC::RuntimeMethod::lengthGetter):
+        * bridge/runtime_method.h:
+        * bridge/runtime_object.cpp:
+        (JSC::Bindings::RuntimeObject::invalidate):
+        (JSC::Bindings::RuntimeObject::fallbackObjectGetter):
+        (JSC::Bindings::RuntimeObject::fieldGetter):
+        (JSC::Bindings::RuntimeObject::methodGetter):
+        * bridge/runtime_object.h:
+            - Merged slotBase & thisValue to custom property callbacks.
+
+2016-02-09  Jer Noble  <jer.noble@apple.com>
+
+        Build-fix; add Nullibility macros around previously un-macro'd class definitions.
+
+        * platform/spi/mac/AVFoundationSPI.h:
+
+2016-02-04  Jer Noble  <jer.noble@apple.com>
+
+        [Mac] Adopt NSURLSession properties in AVAssetResourceLoader
+        https://bugs.webkit.org/show_bug.cgi?id=153873
+
+        Reviewed by Eric Carlson.
+
+        Adopt a new AVAssetResourceLoader API allowing clients to specify a NSURLSession object to
+        use for media loading, and control the use of this property with a new Setting.
+
+        * page/Settings.cpp:
+        (WebCore::Settings::setAVFoundationNSURLSessionEnabled):
+        * page/Settings.h:
+        (WebCore::Settings::isAVFoundationNSURLSessionEnabled):
+        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
+        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
+        * platform/spi/mac/AVFoundationSPI.h:
+
+2016-02-09  Myles C. Maxfield  <mmaxfield@apple.com>
+
+        Decouple font creation from font loading
+        https://bugs.webkit.org/show_bug.cgi?id=153414
+
+        Reviewed by Darin Adler.
+
+        Previously, CSSFontFaceSource never triggered a font download until that font was actually used. This means
+        that the function which triggers the download also has the goal of returning a font to use. However,
+        the CSS Font Loading JavaScript API requires being able to trigger a font download without this extra font
+        creation overhead.
+
+        In addition, this patch adds an explicit (and enforced) state transition diagram. The diagram looks like
+        this:
+                            => Success
+                          //
+        Pending => Loading
+                          \\
+                            => Failure
+
+        Therefore, the API for CSSFontFaceSource has changed to expose the concept of these new states. This means
+        that its user (CSSSegmentedFontFaceSource) has been updated to handle each possible state that its constituent
+        CSSFontFaceSources may be in.
+
+        No new tests because there is no behavior change.
+
+        * css/CSSFontFace.cpp:
+        (WebCore::CSSFontFace::allSourcesFailed): Renamed to make the name clearer.
+        (WebCore::CSSFontFace::addedToSegmentedFontFace): Use references instead of pointers.
+        (WebCore::CSSFontFace::removedFromSegmentedFontFace): Ditto.
+        (WebCore::CSSFontFace::adoptSource): Renamed to make the name clearer.
+        (WebCore::CSSFontFace::fontLoaded): Use references instead of pointers. Also, remove old dead code.
+        (WebCore::CSSFontFace::font): Adapt to the new API of CSSFontFaceSource.
+        (WebCore::CSSFontFace::isValid): Deleted.
+        (WebCore::CSSFontFace::addSource): Deleted.
+        (WebCore::CSSFontFace::notifyFontLoader): Deleted. Old dead code.
+        (WebCore::CSSFontFace::notifyLoadingDone): Deleted. Old dead code.
+        * css/CSSFontFace.h:
+        (WebCore::CSSFontFace::create): Remove old dead code.
+        (WebCore::CSSFontFace::CSSFontFace): Use references instead of pointers.
+        (WebCore::CSSFontFace::loadState): Deleted. Remove old dead code.
+        * css/CSSFontFaceSource.cpp:
+        (WebCore::CSSFontFaceSource::setStatus): Enforce state transitions.
+        (WebCore::CSSFontFaceSource::CSSFontFaceSource): Explicitly handle new state transitions.
+        (WebCore::CSSFontFaceSource::fontLoaded): Update for new states.
+        (WebCore::CSSFontFaceSource::load): Pulled out code from font().
+        (WebCore::CSSFontFaceSource::font): Moved code into load().
+        (WebCore::CSSFontFaceSource::isValid): Deleted.
+        (WebCore::CSSFontFaceSource::isDecodeError): Deleted.
+        (WebCore::CSSFontFaceSource::ensureFontData): Deleted.
+        * css/CSSFontFaceSource.h: Much cleaner API.
+        * css/CSSFontSelector.cpp:
+        (WebCore::createFontFace): Migrate to references instead of pointers. This requires a little
+        reorganization.
+        (WebCore::registerLocalFontFacesForFamily): Update to new CSSFontFaceSource API.
+        (WebCore::CSSFontSelector::addFontFaceRule): Ditto.
+        (WebCore::CSSFontSelector::getFontFace): Ditto.
+        * css/CSSSegmentedFontFace.cpp:
+        (WebCore::CSSSegmentedFontFace::CSSSegmentedFontFace): Migrate to references instead of pointers.
+        (WebCore::CSSSegmentedFontFace::~CSSSegmentedFontFace): Ditto.
+        (WebCore::CSSSegmentedFontFace::fontLoaded): Remove old dead code.
+        (WebCore::CSSSegmentedFontFace::appendFontFace): Cleanup.
+        (WebCore::CSSSegmentedFontFace::fontRanges): Adopt to new API.
+        (WebCore::CSSSegmentedFontFace::pruneTable): Deleted.
+        (WebCore::CSSSegmentedFontFace::isLoading): Deleted. Old dead code.
+        (WebCore::CSSSegmentedFontFace::checkFont): Deleted. Ditto.
+        (WebCore::CSSSegmentedFontFace::loadFont): Deleted. Ditto.
+        * css/CSSSegmentedFontFace.h:
+        (WebCore::CSSSegmentedFontFace::create): Migrate to references instead of pointers.
+        (WebCore::CSSSegmentedFontFace::fontSelector): Ditto.
+        (WebCore::CSSSegmentedFontFace::LoadFontCallback::~LoadFontCallback): Deleted.
+        * loader/cache/CachedFont.cpp:
+        (WebCore::CachedFont::didAddClient): Migrate to references instead of pointers.
+        (WebCore::CachedFont::checkNotify): Ditto.
+        * loader/cache/CachedFontClient.h:
+        (WebCore::CachedFontClient::fontLoaded): Ditto.
+
+2016-02-09  Brady Eidson  <beidson@apple.com>
+
+        Modern IDB: IDBOpenDBRequests leak.
+        https://bugs.webkit.org/show_bug.cgi?id=154032
+
+        Reviewed by Alex Christensen.
+
+        No new tests (Currently untestable).
+
+        * CMakeLists.txt:
+        * WebCore.xcodeproj/project.pbxproj:
+
+        Add a simple Event subclass that holds a ref to an IDBRequest, to make sure that we
+        drop the last ref to the request after its last event fires or is otherwise destroyed:
+        * Modules/indexeddb/IDBRequestCompletionEvent.cpp: Added.
+        (WebCore::IDBRequestCompletionEvent::IDBRequestCompletionEvent):
+        * Modules/indexeddb/IDBRequestCompletionEvent.h: Added.
+        (WebCore::IDBRequestCompletionEvent::create):
+
+        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
+        (WebCore::IDBClient::IDBOpenDBRequest::onError): IDBRequestCompletionEvent instead of Event.
+        (WebCore::IDBClient::IDBOpenDBRequest::fireSuccessAfterVersionChangeCommit): Ditto.
+        (WebCore::IDBClient::IDBOpenDBRequest::fireErrorAfterVersionChangeCompletion): Ditto.
+        (WebCore::IDBClient::IDBOpenDBRequest::onSuccess): Ditto.
+
+        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
+        (WebCore::IDBClient::IDBTransaction::dispatchEvent): After setting up the request's 
+          completion event to fire, clear the back-ref to the request.
+
+2016-02-09  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r196286.
+        https://bugs.webkit.org/show_bug.cgi?id=154026
+
+        Looks like 5% iOS PLT regression (Requested by kling on
+        #webkit).
+
+        Reverted changeset:
+
+        "[iOS] Throw away some unlinked code when navigating to a new
+        page."
+        https://bugs.webkit.org/show_bug.cgi?id=154014
+        http://trac.webkit.org/changeset/196286
+
+2016-02-08  Chris Dumez  <cdumez@apple.com>
+
+        Attribute getters should not require an explicit 'this' value for Window properties
+        https://bugs.webkit.org/show_bug.cgi?id=153968
+
+        Reviewed by Darin Adler.
+
+        Attribute getters should not require an explicit 'this' value for
+        Window properties. This is because the Window interface is marked
+        as [ImplicitThis]:
+        - http://heycam.github.io/webidl/#ImplicitThis
+        - https://www.w3.org/Bugs/Public/show_bug.cgi?id=29421
+
+        This matches the behavior of Firefox and the expectations of the W3C
+        web-platform-tests.
+
+        No new tests, already covered by existing tests.
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        In attribute getters of an interface marked as [ImplicitThis],
+        if 'thisValue' is undefined or null, fall back to using the
+        global object as 'thisValue'.
+
+        * bindings/scripts/IDLAttributes.txt:
+        Add support for [ImplicitThis]:
+        http://heycam.github.io/webidl/#ImplicitThis
+
+        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestException.cpp:
+        * bindings/scripts/test/JS/JSTestInterface.cpp:
+        * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestNode.cpp:
+        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
+        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
+        * bindings/scripts/test/JS/JSattribute.cpp:
+        Rebaseline bindings tests.
+
+        * page/DOMWindow.idl:
+        Mark Window as [ImplicitThis]:
+        http://heycam.github.io/webidl/#ImplicitThis
+
+2016-02-08  Nan Wang  <n_wang@apple.com>
+
+        AX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&)
+        https://bugs.webkit.org/show_bug.cgi?id=154018
+
+        Reviewed by Chris Fleizach.
+
+        Sometimes rangeForUnorderedCharacterOffsets call is accessing derefed node objects
+        and leading to a crash. Fixed it by checking isNodeInUse before creating the CharacterOffset
+        object.
+
+        Test: accessibility/text-marker/text-marker-range-stale-node-crash.html
+
+        * accessibility/AXObjectCache.cpp:
+        (WebCore::AXObjectCache::visiblePositionForTextMarkerData):
+        (WebCore::AXObjectCache::characterOffsetForTextMarkerData):
+        (WebCore::AXObjectCache::traverseToOffsetInRange):
+        * accessibility/AXObjectCache.h:
+        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
+        (-[WebAccessibilityObjectWrapper rangeForTextMarkerRange:]):
+        (characterOffsetForTextMarker):
+        (-[WebAccessibilityObjectWrapper characterOffsetForTextMarker:]):
+        (textMarkerForVisiblePosition):
+
+2016-02-08  Andreas Kling  <akling@apple.com>
+
+        [iOS] Throw away some unlinked code when navigating to a new page.
+        <https://webkit.org/b/154014>
+
+        Reviewed by Gavin Barraclough.
+
+        Extended the mechanism introduced earlier to also throw away unlinked code
+        that's only relevant to the page that we're navigating away from.
+
+        The new JSC::VM API is deleteAllCodeExceptCaches() and it does what it sounds
+        like, deleting unlinked and linked code but leaving code caches alone.
+
+        This means that if the page we're navigating to wants to parse some of the
+        same JS that the page we're leaving had on it, it might still be found in the
+        JSC::CodeCache.
+
+        Doing a back navigation to a PageCache'd page may now incur some reparsing,
+        just like leaving the app or tab would.
+
+        * bindings/js/GCController.cpp:
+        (WebCore::GCController::deleteAllCodeExceptCaches):
+        (WebCore::GCController::deleteAllLinkedCode): Deleted.
+        * bindings/js/GCController.h:
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::commitProvisionalLoad):
+
+2016-02-08  Daniel Bates  <dabates@apple.com>
+
+        CSP connect-src directive should block redirects
+        https://bugs.webkit.org/show_bug.cgi?id=69359
+        <rdar://problem/24383025>
+
+        Reviewed by Brent Fulgham.
+
+        Inspired by Blink patch:
+        <https://src.chromium.org/viewvc/blink?revision=150246&view=revision>
+
+        Apply the connect-src directive of the Content Security Policy for the document or worker to the redirect URL
+        of an XMLHttpRequest and EventSource load so as to conform to section Paths and Redirects of the CSP 2.0 spec.,
+        <https://w3c.github.io/webappsec-csp/2/#source-list-paths-and-redirects> (29 August 2015).
+
+        Additionally, check that each requested script URL passed to WorkerGlobalScope.importScripts() is allowed by
+        the CSP of the worker before initiating a load for it. If some URL i is blocked by the CSP policy
+        then we do not try to load URLs j >= i.
+
+        Tests: http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html
+               http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html
+               http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html
+               http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html
+               http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html
+               http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html
+               http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html
+               http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html
+               http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html
+               http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html
+               http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html
+
+        * fileapi/FileReaderLoader.cpp:
+        (WebCore::FileReaderLoader::start): Do not enforce a CSP directive as CSP is not applicable to File API.
+        * inspector/InspectorNetworkAgent.cpp:
+        (WebCore::InspectorNetworkAgent::loadResource): Do not enforce a CSP directive as CSP should not interfere
+        with the Web Inspector.
+        * loader/DocumentThreadableLoader.cpp:
+        (WebCore::DocumentThreadableLoader::loadResourceSynchronously): Modified to take an optional ContentSecurityPolicy
+        and pass it through to DocumentThreadableLoader::create().
+        (WebCore::DocumentThreadableLoader::create): Modified to take an optional ContentSecurityPolicy and pass it through
+        to DocumentThreadableLoader::DocumentThreadableLoader().
+        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Modified to take an optional ContentSecurityPolicy.
+        Asserts that the CSP allows the load of the request URL so as to catch when a caller creates a loader for a request
+        that is not allowed by the CSP. The caller should not create a loader for such a request.
+        (WebCore::DocumentThreadableLoader::redirectReceived): Check if the CSP allows the redirect URL. If it does not
+        then notify the client that the redirect check failed.
+        (WebCore::DocumentThreadableLoader::loadRequest): Ditto.
+        (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Checks that the specified URL is allowed
+        by the enforced CSP directive.
+        (WebCore::DocumentThreadableLoader::contentSecurityPolicy): Returns the ContentSecurityPolicy object passed to
+        DocumentThreadableLoader on instantiation or the ContentSecurityPolicy object of the associated document.
+        * loader/DocumentThreadableLoader.h: Add overloaded variants of DocumentThreadableLoader::{create, loadResourceSynchronously}()
+        that take a std::unique_ptr<ContentSecurityPolicy>&&. Remove some unnecessary headers.
+        * loader/ThreadableLoader.cpp:
+        (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Take the CSP directive to enforce and store it.
+        (WebCore::ThreadableLoaderOptions::isolatedCopy): Copy the CSP directive to enforce.
+        * loader/ThreadableLoader.h: Added member field to store the CSP directive to enforce (defaults to enforce the
+        directive connect-src - the most appropriate directive in most circumstances). As of the time of writing,
+        only WorkerGlobalScope.importScripts() enforces a different directive: script-src.
+        * loader/WorkerThreadableLoader.cpp:
+        (WebCore::WorkerThreadableLoader::WorkerThreadableLoader): Pass the SecurityOrigin and ContentSecurityPolicy associated
+        with the WorkerGlobalScope to WorkerThreadableLoader::MainThreadBridge::MainThreadBridge().
+        (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass a copy of the worker's ContentSecurityPolicy
+        to the DocumentThreadableLoader.
+        * loader/WorkerThreadableLoader.h:
+        * page/EventSource.cpp:
+        (WebCore::EventSource::connect): Enforce the CSP directive connect-src on redirects unless we are running in an isolated world.
+        * workers/AbstractWorker.cpp:
+        (WebCore::AbstractWorker::resolveURL): Modified to take a boolean whether to bypass the main world Content Security Policy
+        instead of querying for it directly.
+        * workers/AbstractWorker.h:
+        * workers/Worker.cpp:
+        (WebCore::Worker::create): Added FIXME to enforce child-src directive of the document's CSP to the worker's script URL
+        on redirect once we fix <https://bugs.webkit.org/show_bug.cgi?id=153562>. For now, do not enforce a CSP policy on redirect
+        of the worker's script URL.
+        * workers/WorkerGlobalScope.cpp:
+        (WebCore::WorkerGlobalScope::importScripts): Check that the requested URL is allowed by the CSP of the worker (if applicable).
+        Enforce the CSP directive script-src on redirects unless we are running in an isolated world.
+        * workers/WorkerScriptLoader.cpp:
+        (WebCore::WorkerScriptLoader::loadSynchronously): Pass SecurityOrigin and ContentSecurityPolicyEnforcement to WorkerThreadableLoader.
+        (WebCore::WorkerScriptLoader::loadAsynchronously): Ditto.
+        * workers/WorkerScriptLoader.h:
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::XMLHttpRequest::createRequest): Enforce the CSP directive connect-src on redirects unless we are running in
+        an isolated world.
+
+2016-02-08  Antti Koivisto  <antti@apple.com>
+
+        Try to fix Yosemite build.
+
+        * dom/ComposedTreeIterator.h:
+        (WebCore::ComposedTreeIterator::ComposedTreeIterator):
+        (WebCore::ComposedTreeIterator::traverseNext):
+
+2016-02-08  Antti Koivisto  <antti@apple.com>
+
+        Implement ComposedTreeIterator in terms of ElementAndTextDescendantIterator
+        https://bugs.webkit.org/show_bug.cgi?id=154003
+
+        Reviewed by Darin Adler.
+
+        Currently ComposedTreeIterator implements tree traversal using NodeTraversal. This makes it overly complicated.
+        It can also return nodes other than Element and Text which should not be part of the composed tree.
+
+        This patch adds a new iterator type, ElementAndTextDescendantIterator, similar to the existing ElementDescendantIterator.
+        ComposedTreeIterator is then implemented using this new iterator.
+
+        When entering a shadow tree or a slot the local iterator is pushed along with the context stack and a new local
+        iterator is initialized for the new context. When leaving a shadow tree the context stack is popped and the previous
+        local iterator becomes active.
+
+        * WebCore.xcodeproj/project.pbxproj:
+        * dom/ComposedTreeIterator.cpp:
+        (WebCore::ComposedTreeIterator::ComposedTreeIterator):
+        (WebCore::ComposedTreeIterator::initializeContextStack):
+        (WebCore::ComposedTreeIterator::pushContext):
+        (WebCore::ComposedTreeIterator::traverseNextInShadowTree):
+        (WebCore::ComposedTreeIterator::traverseNextLeavingContext):
+        (WebCore::ComposedTreeIterator::advanceInSlot):
+        (WebCore::ComposedTreeIterator::traverseSiblingInSlot):
+        (WebCore::ComposedTreeIterator::initializeShadowStack): Deleted.
+        (WebCore::ComposedTreeIterator::traverseParentInShadowTree): Deleted.
+        (WebCore::ComposedTreeIterator::traverseNextSiblingSlot): Deleted.
+        (WebCore::ComposedTreeIterator::traversePreviousSiblingSlot): Deleted.
+        * dom/ComposedTreeIterator.h:
+        (WebCore::ComposedTreeIterator::operator*):
+        (WebCore::ComposedTreeIterator::operator->):
+        (WebCore::ComposedTreeIterator::operator==):
+        (WebCore::ComposedTreeIterator::operator!=):
+        (WebCore::ComposedTreeIterator::operator++):
+        (WebCore::ComposedTreeIterator::Context::Context):
+        (WebCore::ComposedTreeIterator::context):
+        (WebCore::ComposedTreeIterator::current):
+        (WebCore::ComposedTreeIterator::ComposedTreeIterator):
+        (WebCore::ComposedTreeIterator::traverseNext):
+        (WebCore::ComposedTreeIterator::traverseNextSkippingChildren):
+        (WebCore::ComposedTreeIterator::traverseNextSibling):
+        (WebCore::ComposedTreeIterator::traversePreviousSibling):
+        (WebCore::ComposedTreeDescendantAdapter::ComposedTreeDescendantAdapter):
+        (WebCore::ComposedTreeDescendantAdapter::begin):
+        (WebCore::ComposedTreeDescendantAdapter::end):
+        (WebCore::ComposedTreeDescendantAdapter::at):
+        (WebCore::ComposedTreeChildAdapter::Iterator::Iterator):
+        (WebCore::ComposedTreeChildAdapter::ComposedTreeChildAdapter):
+        (WebCore::ComposedTreeChildAdapter::begin):
+        (WebCore::ComposedTreeChildAdapter::end):
+        (WebCore::ComposedTreeChildAdapter::at):
+        (WebCore::ComposedTreeIterator::ShadowContext::ShadowContext): Deleted.
+        (WebCore::ComposedTreeIterator::traverseParent): Deleted.
+        * dom/ElementAndTextDescendantIterator.h: Added.
+
+            New iterator type that traverses Element and Text nodes (that is renderable nodes only).
+            It also tracks depth for future use.
+
+2016-02-08  Joseph Pecoraro  <pecoraro@apple.com>
+
+        Web Inspector: copy({x:1}) should copy "{x:1}", not "[object Object]"
+        https://bugs.webkit.org/show_bug.cgi?id=148605
+
+        Reviewed by Brian Burg.
+
+        Test: inspector/console/command-line-api-copy.html
+
+        * inspector/CommandLineAPIModuleSource.js:
+        (CommandLineAPIImpl.prototype.copy):
+        Support copying different types. This is meant to be more
+        convenient then just JSON.stringify, so it handles types
+        like Node, Symbol, RegExp, and Function a bit better.
+
+2016-02-08  Said Abou-Hallawa  <sabouhallawa@apple.com>
+
+        REGRESSION(r181345): SVG polyline and polygon leak page
+        https://bugs.webkit.org/show_bug.cgi?id=152759
+
+        Reviewed by Darin Adler.
+
+        The leak happens because of cyclic reference between SVGListPropertyTearOff 
+        and SVGAnimatedListPropertyTearOff which is derived from SVGAnimatedProperty.
+        There is also cyclic reference between SVGAnimatedProperty and SVGElement
+        and this causes the whole document to be leaked. So if the JS requests, for
+        example, an instance of SVGPolylineElement.points, the whole document will be
+        leaked.
+
+        The fix depends on having the cyclic reference as is since the owning and the
+        owned classes have to live together if any of them is referenced. But the owning
+        class caches a raw 'ref-counted' pointer of the owned class. If it is requested
+        for an instance of the owned class it returned a RefPtr<> of it. Once the owned
+        class is not used, it can delete itself. The only thing needed here is to notify
+        the owner class of the deletion so it cleans its caches and be able to create a
+        new pointer if it is requested for an instance of the owned class later.
+
+        Revert the change of r181345 in SVGAnimatedProperty::lookupOrCreateWrapper()
+        to break the cyclic reference between SVGElement and SVGAnimatedProperty.
+        
+        Also apply the same approach in SVGAnimatedListPropertyTearOff::baseVal() and
+        animVal() to break cyclic reference between SVGListPropertyTearOff and
+        SVGAnimatedListPropertyTearOff.
+
+        Test: svg/animations/smil-leak-list-property-instances.svg
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (NativeToJSValue): The SVG non-string list tear-off properties became of
+        type RefPtr<>. So we need to use get() with the casting expressions.
+        
+        * svg/SVGMarkerElement.cpp:
+        (WebCore::SVGMarkerElement::orientType):
+        Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().
+
+        * svg/SVGPathElement.cpp:
+        (WebCore::SVGPathElement::pathByteStream):
+        (WebCore::SVGPathElement::lookupOrCreateDWrapper):
+        Since SVGAnimatedProperty::lookupWrappe() returns a RefPtr<> we need to 
+        use get() for the casting expressions.
+        
+        (WebCore::SVGPathElement::pathSegList):
+        (WebCore::SVGPathElement::normalizedPathSegList):
+        (WebCore::SVGPathElement::animatedPathSegList):
+        (WebCore::SVGPathElement::animatedNormalizedPathSegList):
+        * svg/SVGPathElement.h:
+        Change the return value from raw pointer to RefPtr<>.
+
+        * svg/SVGPathSegWithContext.h:
+        (WebCore::SVGPathSegWithContext::animatedProperty):
+        Change the return type to be RefPtr<> to preserve the value from being deleted.
+        
+        * svg/SVGPolyElement.cpp:
+        (WebCore::SVGPolyElement::parseAttribute):
+        Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to 
+        use get() for the casting expressions.
+        
+        (WebCore::SVGPolyElement::points):
+        (WebCore::SVGPolyElement::animatedPoints):
+        * svg/SVGPolyElement.h:
+        Change the return value from raw pointer to RefPtr<>.
+        
+        * svg/SVGViewSpec.cpp:
+        (WebCore::SVGViewSpec::setTransformString):
+        Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to 
+        use get() for the casting expressions.
+
+        (WebCore::SVGViewSpec::transform):
+        * svg/SVGViewSpec.h:
+        Change the return value from raw pointer to RefPtr<>.
+        
+        * svg/properties/SVGAnimatedListPropertyTearOff.h:
+        (WebCore::SVGAnimatedListPropertyTearOff::baseVal):
+        (WebCore::SVGAnimatedListPropertyTearOff::animVal):
+        Change the return value from raw pointer to RefPtr<> and change the cached
+        value from RefPtr<> to raw pointer. If the property is null, it will be
+        created, its raw pointer will be cached and the only ref-counted RefPtr<>
+        will be returned. This will guarantee, the RefPtr<> will be deleted once
+        it is not used anymore. 
+        
+        (WebCore::SVGAnimatedListPropertyTearOff::propertyWillBeDeleted):
+        Clean the raw pointer caches m_baseVal and m_animVal upon deleting the
+        actual pointer. This function will be called from the destructor of
+        SVGListPropertyTearOff.
+        
+        (WebCore::SVGAnimatedListPropertyTearOff::findItem):
+        (WebCore::SVGAnimatedListPropertyTearOff::removeItemFromList):
+        We have to ensure the baseVal() is created before using it.
+        
+        (WebCore::SVGAnimatedListPropertyTearOff::detachListWrappers):
+        (WebCore::SVGAnimatedListPropertyTearOff::currentAnimatedValue):
+        (WebCore::SVGAnimatedListPropertyTearOff::animationStarted):
+        (WebCore::SVGAnimatedListPropertyTearOff::animationEnded):
+        (WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
+        (WebCore::SVGAnimatedListPropertyTearOff::animValWillChange):
+        (WebCore::SVGAnimatedListPropertyTearOff::animValDidChange):
+        For animation, a separate RefPtr<> 'm_animatingAnimVal' will be assigned
+        to the animVal(). This will prevent deleting m_animVal while animation.
+        
+        * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
+        (WebCore::SVGAnimatedPathSegListPropertyTearOff::baseVal):
+        (WebCore::SVGAnimatedPathSegListPropertyTearOff::animVal):
+        Same as what is done in SVGAnimatedListPropertyTearOff.
+        
+        (WebCore::SVGAnimatedPathSegListPropertyTearOff::findItem):
+        (WebCore::SVGAnimatedPathSegListPropertyTearOff::removeItemFromList):
+        Same as what is done in SVGAnimatedListPropertyTearOff.
+        
+        * svg/properties/SVGAnimatedProperty.h:
+        (WebCore::SVGAnimatedProperty::lookupOrCreateWrapper):
+        Change the return value from raw reference to Ref<> and change the
+        cached value from Ref<> to raw pointer. This reverts the change of
+        r181345 in this function.
+        
+        (WebCore::SVGAnimatedProperty::lookupWrapper):
+        Change the return value from raw pointer to RefPtr<>.
+        
+        * svg/properties/SVGAnimatedPropertyMacros.h:
+        Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().
+        
+        * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
+        (WebCore::SVGAnimatedTransformListPropertyTearOff::baseVal):
+        (WebCore::SVGAnimatedTransformListPropertyTearOff::animVal):
+        Same as what is done in SVGAnimatedListPropertyTearOff.
+
+        * svg/properties/SVGListPropertyTearOff.h:
+        (WebCore::SVGListPropertyTearOff::~SVGListPropertyTearOff):
+        Call the SVGAnimatedListPropertyTearOff::propertyWillBeDeleted() to clean
+        its raw pointers when the RefPtr<> deletes itself.
+
+2016-02-08  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK] WebKitWebView should send crossing events to the WebProcess
+        https://bugs.webkit.org/show_bug.cgi?id=153740
+
+        Reviewed by Michael Catanzaro.
+
+        Update the target element under the mouse also when only updating
+        scrollbars, so that if the mouse enters the page when the window
+        is not active, the scroll animator is notified that the mouse
+        entered the scrollable area.
+
+        * page/EventHandler.cpp:
+        (WebCore::EventHandler::handleMouseMoveEvent): Call
+        updateMouseEventTargetNode() before early returning in case of
+        only updating scrollbars.
+
+2016-02-08  Jeremy Jones  <jeremyj@apple.com>
+
+        PiP and external playback are mutually exclusive.
+        https://bugs.webkit.org/show_bug.cgi?id=153988
+        rdar://problem/24108661
+
+        Reviewed by Eric Carlson.
+
+        Adding isPlayingOnSecondScreen to isPlayingOnExternalScreen allows AVKit to disable PiP
+        when appropriate. Testing video fullscreen mode in updateDisableExternalPlayback allows us to 
+        turn-off external playback when entering picture-in-picture.
+
+        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
+        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenMode):
+        (WebCore::MediaPlayerPrivateAVFoundationObjC::updateDisableExternalPlayback):
+        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
+        (-[WebAVPlayerController isPlayingOnExternalScreen]):
+        (+[WebAVPlayerController keyPathsForValuesAffectingPlayingOnExternalScreen]):
+
+2016-02-08  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r196253.
+        https://bugs.webkit.org/show_bug.cgi?id=153990
+
+        Caused several crashes in GTK+ bots (Requested by KaL on
+        #webkit).
+
+        Reverted changeset:
+
+        "[GTK] WebKitWebView should send crossing events to the
+        WebProcess"
+        https://bugs.webkit.org/show_bug.cgi?id=153740
+        http://trac.webkit.org/changeset/196253
+
+2016-02-08  Jeremy Jones  <jeremyj@apple.com>
+
+        WebAVPlayerController should implement currentTimeWithinEndTimes.
+        https://bugs.webkit.org/show_bug.cgi?id=153983
+        rdar://problem/22864621
+
+        Reviewed by Eric Carlson.
+
+        Implement currentTimeWithinEndTimes in terms of seekToTime and AVTiming. This is a trivial
+        implementation becuase AVPlayer start and end times aren't used.
+
+        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
+        (-[WebAVPlayerController currentTimeWithinEndTimes]):
+        (-[WebAVPlayerController setCurrentTimeWithinEndTimes:]):
+        (+[WebAVPlayerController keyPathsForValuesAffectingCurrentTimeWithinEndTimes]):
+
+2016-02-08  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK] WebKitWebView should send crossing events to the WebProcess
+        https://bugs.webkit.org/show_bug.cgi?id=153740
+
+        Reviewed by Michael Catanzaro.
+
+        Update the target element under the mouse also when only updating
+        scrollbars, so that if the mouse enters the page when the window
+        is not active, the scroll animator is notified that the mouse
+        entered the scrollable area.
+
+        * page/EventHandler.cpp:
+        (WebCore::EventHandler::handleMouseMoveEvent): Call
+        updateMouseEventTargetNode() before early returning in case of
+        only updating scrollbars.
+
+2016-02-08  Jeremy Jones  <jeremyj@apple.com>
+
+        WebVideoFullscreenInterface should handle video resizing.
+        https://bugs.webkit.org/show_bug.cgi?id=153982
+        rdar://problem/22031249
+
+        Reviewed by Eric Carlson.
+
+        Video fullscreen can be initiated before video dimension are available.
+        Protect against an initial width or height of zero and observe resize events 
+        to update once video dimensions become available or change.
+
+        * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
+        (WebVideoFullscreenModelVideoElement::updateForEventName):
+        (WebVideoFullscreenModelVideoElement::observedEventNames):
+        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
+        (-[WebAVPlayerLayer layoutSublayers]):
+        (-[WebAVPlayerLayer videoRect]):
+        (WebVideoFullscreenInterfaceAVKit::setVideoDimensions):
+
+2016-02-08  Adrien Plazas  <aplazas@igalia.com>
+
+        Indent inline box test fails due to assertion in VisibleSelection::selectionFromContentsOfNode()
+        https://bugs.webkit.org/show_bug.cgi?id=153824
+
+        Reviewed by Michael Catanzaro.
+
+        * editing/markup.cpp:
+        (WebCore::highestAncestorToWrapMarkup):
+
+2016-02-07  Sam Weinig  <sam@webkit.org>
+
+        Remove unused enum ScrollbarOverlayState.
+
+        Rubber-stamped by Dan Bernstein.
+
+        * platform/ScrollTypes.h:
+
+2016-02-07  Sam Weinig  <sam@webkit.org>
+
+        Remove unnecessary respondsToSelector checks for methods that exist on all supported platforms
+        https://bugs.webkit.org/show_bug.cgi?id=153970
+
+        Reviewed by Dan Bernstein.
+
+        -[NSScrollerImp mouseEnteredScroller], -[NSScrollerImp expansionTransitionProgress],
+        -[NSScrollerImpPair contentAreaScrolledInDirection:], and -[NSScrollerImp setExpanded:]
+        are now available on all supported OS's. No need to check for them.
+
+        * platform/mac/ScrollAnimatorMac.mm:
+        (macScrollbarTheme):
+        (-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):
+        (-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
+        (WebCore::ScrollAnimatorMac::mouseEnteredScrollbar):
+        (WebCore::ScrollAnimatorMac::mouseExitedScrollbar):
+        (WebCore::ScrollAnimatorMac::sendContentAreaScrolled):
+        (WebCore::ScrollAnimatorMac::sendContentAreaScrolledTimerFired):
+        (supportsUIStateTransitionProgress): Deleted.
+        (supportsExpansionTransitionProgress): Deleted.
+        (supportsContentAreaScrolledInDirection): Deleted.
+        * platform/mac/ScrollbarThemeMac.mm:
+        (+[WebScrollbarPrefsObserver appearancePrefsChanged:]):
+        (+[WebScrollbarPrefsObserver behaviorPrefsChanged:]):
+        (WebCore::ScrollbarThemeMac::scrollbarThickness):
+
+2016-02-07  Sam Weinig  <sam@webkit.org>
+
+        Use modern SPI header idiom for NSScrollerImp and NSScrollerImpPair
+        https://bugs.webkit.org/show_bug.cgi?id=153969
+
+        Reviewed by Dan Bernstein.
+
+        * WebCore.xcodeproj/project.pbxproj:
+        Add new file NSScrollerImpSPI.h
+
+        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
+        Use new include of NSScrollerImpSPI.h.
+
+        * platform/ScrollbarThemeComposite.h:
+        Define ScrollbarPainter more precisely as NSScrollerImp * now that the type is available to us.
+
+        * platform/mac/NSScrollerImpDetails.h:
+        Remove NSObject category based SPI usage with the modern one NSScrollerImpSPI.h
+
+        * platform/mac/NSScrollerImpDetails.mm:
+        (WebCore::recommendedScrollerStyle):
+        Simplify recommendedScrollerStyle() now that all OS's we ship on have +[NSScroller preferredScrollerStyle].
+
+        * platform/mac/ScrollAnimatorMac.mm:
+        (supportsUIStateTransitionProgress):
+        (supportsExpansionTransitionProgress):
+        (supportsContentAreaScrolledInDirection):
+        Stop using NSClassFromString now that we can reference the classes explicitly.
+
+        (-[WebScrollbarPainterControllerDelegate invalidate]):
+        (-[WebScrollbarPainterControllerDelegate contentAreaRectForScrollerImpPair:]):
+        (-[WebScrollbarPainterControllerDelegate inLiveResizeForScrollerImpPair:]):
+        (-[WebScrollbarPainterControllerDelegate mouseLocationInContentAreaForScrollerImpPair:]):
+        (-[WebScrollbarPainterControllerDelegate scrollerImpPair:convertContentPoint:toScrollerImp:]):
+        (-[WebScrollbarPainterControllerDelegate scrollerImpPair:setContentAreaNeedsDisplayInRect:]):
+        (-[WebScrollbarPainterControllerDelegate scrollerImpPair:updateScrollerStyleForNewRecommendedScrollerStyle:]):
+        (-[WebScrollbarPainterDelegate layer]):
+        (-[WebScrollbarPainterDelegate mouseLocationInScrollerForScrollerImp:]):
+        (-[WebScrollbarPainterDelegate convertRectToLayer:]):
+        (-[WebScrollbarPainterDelegate shouldUseLayerPerPartForScrollerImp:]):
+        (-[WebScrollbarPainterDelegate setUpAlphaAnimation:scrollerPainter:part:animateAlphaTo:duration:]):
+        (-[WebScrollbarPainterDelegate scrollerImp:animateKnobAlphaTo:duration:]):
+        (-[WebScrollbarPainterDelegate scrollerImp:animateTrackAlphaTo:duration:]):
+        (-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):
+        (-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
+        (-[WebScrollbarPainterDelegate scrollerImp:overlayScrollerStateChangedTo:]):
+        (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
+        (WebCore::ScrollAnimatorMac::lockOverlayScrollbarStateToHidden):
+        (WebCore::ScrollAnimatorMac::didAddVerticalScrollbar):
+        (WebCore::ScrollAnimatorMac::didAddHorizontalScrollbar):
+        (WebCore::ScrollAnimatorMac::updateScrollerStyle):
+        Add proper conforming to protocols and replace ids with proper types.
+
+        * platform/mac/ScrollbarThemeMac.mm:
+        (WebCore::supportsExpandedScrollbars):
+        (WebCore::ScrollbarThemeMac::registerScrollbar):
+        (WebCore::ScrollbarThemeMac::scrollbarThickness):
+        (WebCore::ScrollbarThemeMac::setUpContentShadowLayer):
+        Stop using NSClassFromString now that we can reference the classes explicitly.
+
+        * platform/spi/mac/NSScrollerImpSPI.h: Added.
+
+2016-02-07  Zalan Bujtas  <zalan@apple.com>
+
+        Outline does not clip when ancestor has overflow: hidden and requires layer.
+        https://bugs.webkit.org/show_bug.cgi?id=153901
+
+        Now that outline is part of visual overflow, we no longer need the special outline cliprect.
+        PaintPhaseChildOutlines drawing will switch to foreground cliprect. It ensures proper overflow clipping
+        at parent level. PaintPhaseSelfOutline drawing will start using the visual overflow inflated background cliprect.
+        With this change, outline will be using the same cliprects as the other visual overflow properties (box-shadow etc). 
+
+        Reviewed by David Hyatt.
+
+        Test: fast/repaint/outline-with-overflow-hidden-ancestor.html
+
+        * rendering/LayerFragment.h:
+        (WebCore::LayerFragment::setRects):
+        (WebCore::LayerFragment::moveBy): Deleted.
+        (WebCore::LayerFragment::intersect): Deleted.
+        * rendering/RenderLayer.cpp:
+        (WebCore::RenderLayer::collectFragments):
+        (WebCore::RenderLayer::paintOutlineForFragments):
+        (WebCore::RenderLayer::calculateClipRects):
+        (WebCore::RenderLayer::paintForegroundForFragments): Deleted.
+        * rendering/RenderLayer.h:
+        * rendering/RenderTreeAsText.cpp:
+        (WebCore::write):
+        (WebCore::writeLayers):
+
+2016-02-07  Daniel Bates  <dabates@apple.com>
+
+        CSP: Allow Web Workers initiated from an isolated world to bypass the main world Content Security Policy
+        https://bugs.webkit.org/show_bug.cgi?id=153622
+        <rdar://problem/24400023>
+
+        Reviewed by Gavin Barraclough.
+
+        Fixes an issue where Web Workers initiated from an isolated world (say, a Safari Content Script Extension)
+        would be subject to the Content Security Policy of the page.
+
+        Currently code in an isolated world that does not execute in a Web Worker is exempt from the CSP of
+        the page. However, code that runs inside a Web Worker that was initiated from an isolated world is
+        subject to the CSP of the page. Instead, such Web Worker code should also be exempt from the CSP of
+        the page.
+
+        Tests: http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval.html
+               http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr.html
+               http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html
+
+        * Modules/websockets/WebSocket.cpp:
+        (WebCore::WebSocket::connect): Modified to ask the script execution context whether to bypass the
+        main world Content Security Policy now that script execution context knows this information.
+        * bindings/js/ScriptController.cpp:
+        (WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy): Deleted; moved logic from here...
+        * bindings/js/ScriptController.h:
+        * dom/Document.cpp:
+        (WebCore::Document::shouldBypassMainWorldContentSecurityPolicy): ...to here.
+        * dom/Document.h:
+        * dom/ScriptExecutionContext.h:
+        (WebCore::ScriptExecutionContext::shouldBypassMainWorldContentSecurityPolicy): Added; defaults to false -
+        do not bypass the main world Content Security Policy.
+        * page/EventSource.cpp:
+        (WebCore::EventSource::create): Modified to ask the script execution context whether to bypass the
+        main world Content Security Policy now that script execution context knows this information.
+        * page/csp/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::shouldBypassMainWorldContentSecurityPolicy): Deleted.
+        * page/csp/ContentSecurityPolicy.h:
+        * workers/AbstractWorker.cpp:
+        (WebCore::AbstractWorker::resolveURL): Bypass the main world Content Security Policy if applicable.
+        Added FIXME comment to enforce the child-src directive of the document's CSP (as opposed to the script-src
+        directive) on the worker's script URL. Also, scriptExecutionContext()->contentSecurityPolicy() should
+        always be non-null just as we expect scriptExecutionContext()->securityOrigin() to be non-null. Assert
+        this invariant to catch cases where a ScriptExecutionContext is not properly initialized.
+        * workers/DedicatedWorkerGlobalScope.cpp:
+        (WebCore::DedicatedWorkerGlobalScope::create): Modified to take boolean argument shouldBypassMainWorldContentSecurityPolicy
+        as to whether to bypass the main world Content Security Policy and only apply the Content Security
+        Policy headers when shouldBypassMainWorldContentSecurityPolicy is false.
+        (WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
+        as to whether to bypass the main world Content Security Policy.
+        * workers/DedicatedWorkerGlobalScope.h:
+        * workers/DedicatedWorkerThread.cpp:
+        (WebCore::DedicatedWorkerThread::DedicatedWorkerThread): Ditto.
+        (WebCore::DedicatedWorkerThread::createWorkerGlobalScope): Ditto.
+        * workers/DedicatedWorkerThread.h:
+        * workers/Worker.cpp:
+        (WebCore::Worker::create): Store whether we should bypass the main world Content Security Policy so
+        that we can pass it to WorkerMessagingProxy::startWorkerGlobalScope() in Worker::notifyFinished().
+        We need to store this decision here as opposed to determining it at any later time (say, in Worker::notifyFinished())
+        because it is dependent on the current JavaScript program stack at the time this function is invoked.
+        (WebCore::Worker::notifyFinished): Pass whether to bypass the main world Content Security Policy.
+        * workers/Worker.h:
+        * workers/WorkerGlobalScope.cpp:
+        (WebCore::WorkerGlobalScope::WorkerGlobalScope): Modified to take a boolean as to whether to bypass the
+        main world Content Security Policy and store it in a member field. Also, always instantiate a Content
+        Security Policy object as our current code assumes that one is always created.
+        * workers/WorkerGlobalScope.h:
+        * workers/WorkerGlobalScopeProxy.h:
+        * workers/WorkerMessagingProxy.cpp:
+        (WebCore::WorkerMessagingProxy::startWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
+        as to whether to bypass the main world Content Security Policy.
+        * workers/WorkerMessagingProxy.h:
+        * workers/WorkerThread.cpp:
+        (WebCore::WorkerThreadStartupData::WorkerThreadStartupData): Modified to take a boolean argument as to
+        whether to bypass the main world Content Security Policy and store it in a member field.
+        (WebCore::WorkerThread::WorkerThread): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
+        as to whether to bypass the main world Content Security Policy.
+        (WebCore::WorkerThread::workerThread): Ditto.
+        * workers/WorkerThread.h:
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::XMLHttpRequest::open): Modified to ask the script execution context whether to bypass the
+        main world Content Security Policy now that script execution context knows this information.
+
+2016-02-07  Dan Bernstein  <mitz@apple.com>
+
+        [Cocoa] Replace __has_include guards around inclusion of Apple-internal-SDK headers with USE(APPLE_INTERNAL_SDK)
+        https://bugs.webkit.org/show_bug.cgi?id=153963
+
+        Reviewed by Sam Weinig.
+
+        * accessibility/mac/AXObjectCacheMac.mm:
+        * crypto/CommonCryptoUtilities.cpp:
+        * crypto/CommonCryptoUtilities.h:
+        * editing/mac/TextUndoInsertionMarkupMac.h:
+        * editing/mac/TextUndoInsertionMarkupMac.mm:
+        * platform/cocoa/TelephoneNumberDetectorCocoa.cpp:
+        * platform/graphics/cg/ImageSourceCG.cpp:
+        * platform/graphics/mac/PDFDocumentImageMac.mm:
+        * platform/network/ios/NetworkStateNotifierIOS.mm:
+        * platform/network/mac/BlobDataFileReferenceMac.mm:
+        * platform/network/mac/ResourceHandleMac.mm:
+        * rendering/RenderThemeMac.mm:
+
+2016-02-07  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        REGRESSION(r195661): [GTK] Scrollbar tests crashing after overlay scrollbar groundwork
+        https://bugs.webkit.org/show_bug.cgi?id=153695
+
+        Reviewed by Michael Catanzaro.
+
+        The problem is that ScrollAnimation objects are not destroyed by
+        the ScrollAnimator destructor, because I forgot to add a virtual
+        destructor for ScrollAnimation in r195661.
+
+        * platform/ScrollAnimation.h:
+        (WebCore::ScrollAnimation::~ScrollAnimation):
+
+2016-02-06  Chris Dumez  <cdumez@apple.com>
+
+        Prevent cross-origin access to window.history
+        https://bugs.webkit.org/show_bug.cgi?id=153931
+
+        Reviewed by Darin Adler.
+
+        Prevent cross-origin access to window.history to match the specification [1]
+        and the behavior of other browsers (tested Firefox and Chrome).
+
+        [1] https://html.spec.whatwg.org/multipage/browsers.html#security-window
+
+        No new tests, already covered by existing tests that
+        were updated in this patch.
+
+        * bindings/js/JSHistoryCustom.cpp:
+        (WebCore::JSHistory::pushState):
+        (WebCore::JSHistory::replaceState):
+        (WebCore::JSHistory::state): Deleted.
+        * page/DOMWindow.idl:
+        * page/History.idl:
+
+2016-02-06  Beth Dakin  <bdakin@apple.com>
+
+        ScrollbarPainters needs to be deallocated on the main thread
+        https://bugs.webkit.org/show_bug.cgi?id=153932
+        -and corresponding-
+        rdar://problem/24015483
+
+        Reviewed by Dan Bernstein.
+
+        Darin pointed out that this was still race-y. There was still a race 
+        condition between the destruction of the two local variables and the
+        destruction of the lambda on the main thread. This should fix that. 
+        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
+        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
+        (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
+        (WebCore::ScrollingTreeFrameScrollingNodeMac::releaseReferencesToScrollbarPaintersOnTheMainThread):
+        (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):
+
+2016-02-06  Darin Adler  <darin@apple.com>
+
+        Finish auditing call sites of upper() and lower(), eliminate many, and rename the functions
+        https://bugs.webkit.org/show_bug.cgi?id=153905
+
+        Reviewed by Sam Weinig.
+
+        * Modules/mediasource/MediaSource.cpp:
+        (WebCore::MediaSource::isTypeSupported): Use convertToASCIILowercase on MIME type.
+
+        * accessibility/AccessibilityObject.cpp:
+        (WebCore::AccessibilityObject::selectText): Use new names for lower and upper. Also
+        tweaked style a tiny bit and used u_toupper rather than converting an entire
+        string to uppercase.
+
+        * dom/Document.cpp:
+        (WebCore::Document::addImageElementByCaseFoldedUsemap): Renamed to reflect the use
+        of case folding rather than lowercasing.
+        (WebCore::Document::removeImageElementByCaseFoldedUsemap): Ditto.
+        (WebCore::Document::imageElementByCaseFoldedUsemap): Ditto.
+        * dom/Document.h: Ditto.
+        * dom/DocumentOrderedMap.cpp:
+        (WebCore::DocumentOrderedMap::getElementByCaseFoldedMapName): Ditto.
+        (WebCore::DocumentOrderedMap::getElementByCaseFoldedUsemap): Ditto.
+        * dom/DocumentOrderedMap.h: Ditto.
+
+        * dom/TreeScope.cpp:
+        (WebCore::TreeScope::getImageMap): Removed unneeded special case for null string.
+        Simplified logic for cases where the URL does not have a "#" character in it.
+        Use case folding instead of lowercase.
+
+        * editing/cocoa/HTMLConverter.mm:
+        (HTMLConverter::_processText): Removed unneded special case for the empty string.
+        Use makCapitalized instead of Cocoa function for "capitalize". Use upper and lower
+        functions by their new names.
+
+        * html/HTMLImageElement.cpp:
+        (WebCore::HTMLImageElement::parseAttribute): Use case folding instead of
+        lowerasing for the usemap attribute.
+        (WebCore::HTMLImageElement::insertedInto): Ditto.
+        (WebCore::HTMLImageElement::removedFrom): Ditto.
+        (WebCore::HTMLImageElement::matchesCaseFoldedUsemap): Ditto.
+        * html/HTMLImageElement.h: Rename since usemap is case folded now, not lowercased.
+
+        * html/HTMLMapElement.cpp:
+        (WebCore::HTMLMapElement::imageElement): Use case folding instead of lowercasing
+        for usemap.
+        (WebCore::HTMLMapElement::parseAttribute): Ditto.
+
+        * platform/Language.cpp:
+        (WebCore::canonicalLanguageIdentifier): Use convertToASCIILowercase for language code.
+        (WebCore::indexOfBestMatchingLanguageInList): Ditto.
+
+        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
+        (WebCore::HarfBuzzShaper::shapeHarfBuzzRuns): Use new name for the upper function.
+
+        * platform/network/HTTPParsers.cpp:
+        (WebCore::parseContentTypeOptionsHeader): Use equalLettersIgnoringASCIICase instead
+        of lowercasing to check for a specific header value.
+
+        * platform/network/MIMEHeader.cpp:
+        (WebCore::retrieveKeyValuePairs): Use convertToASCIILowercase for MIME header name.
+        (WebCore::MIMEHeader::parseContentTransferEncoding): Use equalLettersIgnoringASCIICase
+        instead of lowercasing.
+
+        * platform/network/cf/ResourceHandleCFNet.cpp:
+        (WebCore::allowsAnyHTTPSCertificateHosts): Make this hash ASCII case-insensitive.
+        (WebCore::clientCertificates): Ditto.
+        (WebCore::ResourceHandle::createCFURLConnection): Remove call to lower since the
+        set is now ASCII case-insensitive.
+        (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Ditto.
+        (WebCore::ResourceHandle::setClientCertificate): Ditto.
+
+        * platform/network/curl/CookieJarCurl.cpp:
+        (WebCore::getNetscapeCookieFormat): Use equalLettersIgnoringASCIICase instead of
+        lowercasing.
+
+        * platform/network/curl/MultipartHandle.cpp:
+        (WebCore::MultipartHandle::didReceiveResponse): Use convertToASCIILowercase to
+        make a MIME type lowercase.
+
+        * platform/network/curl/ResourceHandleCurl.cpp:
+        (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Removed unneeded
+        conversion to lowercase now that the set is ASCII case-insensitive.
+        (WebCore::ResourceHandle::setClientCertificate): Removed code that populates a map
+        that is then never used for anything.
+
+        * platform/network/curl/ResourceHandleManager.cpp:
+        (WebCore::headerCallback): Use convertToASCIILowercase for MIME type.
+
+        * platform/network/curl/SSLHandle.cpp: Made hash maps keyed by host names
+        ASCII case-insensitive.
+        (WebCore::addAllowedClientCertificate): Removed lowercasing since the map itself
+        is now ASCII case insensitve.
+        (WebCore::setSSLClientCertificate): Ditto. Also use auto for iterator type so we
+        don't have to write out the map type.
+        (WebCore::sslIgnoreHTTPSCertificate): Ditto.
+        (WebCore::certVerifyCallback): Ditto.
+
+        * platform/network/soup/ResourceHandleSoup.cpp: Made hash maps keyed by host names
+        ASCII case-insensitive.
+        (WebCore::allowsAnyHTTPSCertificateHosts): Ditto.
+        (WebCore::handleUnignoredTLSErrors): Ditto.
+        (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Ditto.
+        (WebCore::ResourceHandle::setClientCertificate): Ditto.
+
+        * platform/text/LocaleToScriptMappingDefault.cpp: Made hash maps keyed by script
+        names ASCII case-insensitive. USE WTF_ARRAY_LENGTH as appropriate.
+        (WebCore::scriptNameToCode): Use modern style to initialize the map. Removed
+        unnecessary lowercasing of the script name before looking at the map.
+        (WebCore::localeToScriptCodeForFontSelection): Ditto.
+
+        * platform/text/win/LocaleWin.cpp:
+        (WebCore::convertLocaleNameToLCID): Made map ASCII case-insensitive and removed
+        unneeded lowercasing.
+
+        * platform/win/PasteboardWin.cpp:
+        (WebCore::clipboardTypeFromMIMEType): Use equalLettersIgnoringASCIICase instead
+        of lowercasing.
+
+        * rendering/RenderText.cpp:
+        (WebCore::applyTextTransform): Use new names for the upper and lower functions.
+
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::XMLHttpRequest::responseIsXML): Remove unneeded lowercasing, since
+        DOMImplementation now has ASCII case-insensitive handling of MIME types.
+
+2016-02-06  Zalan Bujtas  <zalan@apple.com>
+
+        Outline should contribute to visual overflow.
+        https://bugs.webkit.org/show_bug.cgi?id=153299
+
+        This patch eliminates the special outline handling (RenderView::setMaximalOutlineSize).
+        Now that outline is part of visual overflow, we don't have to inflate the layers to accomodate
+        outline borders.
+        This patch fixes several focusring related repaint issues. However when both the outline: auto
+        and the descendant renderer are composited, we still don't paint properly in certain cases. -not a regression.
+        (Also when parent renderer has overflow: hidden repaint does not take outline into account. -regression.)
+        It changes column behavior (see TestExpectations) since outline behaves now like any other visual overflow properties.
+
+        Reviewed by David Hyatt.
+
+        Test: fast/repaint/focus-ring-repaint.html
+              fast/repaint/focus-ring-repaint-with-negative-offset.html
+
+        * css/html.css: resetting to old behavior.
+        (:focus):
+        (input:focus, textarea:focus, isindex:focus, keygen:focus, select:focus):
+        * rendering/InlineFlowBox.cpp:
+        (WebCore::InlineFlowBox::addToLine):
+        (WebCore::InlineFlowBox::addOutlineVisualOverflow):
+        (WebCore::InlineFlowBox::computeOverflow):
+        (WebCore::InlineFlowBox::paint): Deleted.
+        * rendering/InlineFlowBox.h:
+        * rendering/RenderBlock.cpp:
+        (WebCore::RenderBlock::computeOverflow):
+        (WebCore::RenderBlock::outlineStyleForRepaint):
+        (WebCore::RenderBlock::paint): Deleted.
+        * rendering/RenderBlockFlow.cpp:
+        (WebCore::RenderBlockFlow::layoutBlock): Deleted.
+        (WebCore::RenderBlockFlow::addFocusRingRectsForInlineChildren): Deleted.
+        * rendering/RenderBlockLineLayout.cpp:
+        (WebCore::RenderBlockFlow::addOverflowFromInlineChildren):
+        * rendering/RenderBox.cpp:
+        (WebCore::RenderBox::addVisualEffectOverflow):
+        (WebCore::RenderBox::applyVisualEffectOverflow):
+        (WebCore::RenderBox::clippedOverflowRectForRepaint): Deleted.
+        * rendering/RenderBoxModelObject.h:
+        * rendering/RenderDetailsMarker.cpp:
+        (WebCore::RenderDetailsMarker::paint): Deleted.
+        * rendering/RenderElement.cpp:
+        (WebCore::RenderElement::insertChildInternal):
+        (WebCore::RenderElement::styleDidChange):
+        (WebCore::RenderElement::repaintAfterLayoutIfNeeded):
+        (WebCore::RenderElement::issueRepaintForOutlineAuto):
+        (WebCore::RenderElement::updateOutlineAutoAncestor):
+        (WebCore::RenderElement::computeMaxOutlineSize): Deleted.
+        (WebCore::RenderElement::styleWillChange): Deleted.
+        * rendering/RenderElement.h:
+        (WebCore::RenderElement::hasContinuation):
+        * rendering/RenderInline.cpp:
+        (WebCore::RenderInline::paintOutlineForLine): Deleted.
+        * rendering/RenderLayer.cpp:
+        (WebCore::RenderLayer::calculateClipRects):
+        * rendering/RenderLineBoxList.cpp:
+        (WebCore::RenderLineBoxList::anyLineIntersectsRect):
+        (WebCore::RenderLineBoxList::lineIntersectsDirtyRect):
+        (WebCore::RenderLineBoxList::paint):
+        (WebCore::isOutlinePhase): Deleted.
+        * rendering/RenderLineBoxList.h:
+        * rendering/RenderListBox.cpp:
+        (WebCore::RenderListBox::computePreferredLogicalWidths):
+        * rendering/RenderListMarker.cpp:
+        (WebCore::RenderListMarker::paint): Deleted.
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded): The renderer with outline: auto is responsible for
+        painting focusring around the descendants. If we issued repaint only on the descendant when it changes,
+        the focusring would not refresh properly. We have to find the ancestor with outline: auto, inflate the repaint rect and
+        issue the repaint on the ancestor if we crossed repaint container.
+        (WebCore::RenderObject::repaintUsingContainer):
+        (WebCore::RenderObject::adjustRectForOutlineAndShadow):
+        (WebCore::RenderObject::setHasOutlineAutoAncestor):
+        (WebCore::RenderObject::adjustRectWithMaximumOutline): Deleted.
+        
+        * rendering/RenderObject.h: We mark the descendants of outline: auto so that
+        when a child renderer changes we can propagate the repaint to the ancestor with outline.
+
+        (WebCore::RenderObject::hasOutlineAutoAncestor):
+        (WebCore::RenderObject::RenderObjectRareData::RenderObjectRareData):
+        * rendering/RenderRegion.cpp:
+        (WebCore::RenderRegion::overflowRectForFlowThreadPortion):
+        * rendering/RenderReplaced.cpp:
+        (WebCore::RenderReplaced::shouldPaint): Deleted.
+        (WebCore::RenderReplaced::clippedOverflowRectForRepaint): Deleted.
+        * rendering/RenderTable.cpp:
+        (WebCore::RenderTable::paint): Deleted.
+        * rendering/RenderTableCell.cpp:
+        (WebCore::RenderTableCell::clippedOverflowRectForRepaint): Deleted.
+        (WebCore::RenderTableCell::paintCollapsedBorders): Deleted.
+        * rendering/RenderTableRow.cpp:
+        (WebCore::RenderTableRow::layout):
+        (WebCore::RenderTableRow::clippedOverflowRectForRepaint): Deleted.
+        * rendering/RenderTableSection.cpp:
+        (WebCore::RenderTableSection::layoutRows):
+        (WebCore::RenderTableSection::computeOverflowFromCells): Deleted.
+        (WebCore::RenderTableSection::paintObject): Deleted.
+        * rendering/RenderTheme.h:
+        (WebCore::RenderTheme::platformFocusRingWidth):
+        * rendering/RenderView.cpp:
+        (WebCore::RenderView::setMaximalOutlineSize): Deleted.
+        * rendering/RenderView.h:
+        * rendering/style/RenderStyle.cpp:
+        (WebCore::RenderStyle::changeAffectsVisualOverflow):
+        (WebCore::RenderStyle::outlineWidth):
+        * rendering/style/RenderStyle.h:
+
+2016-02-06  Andreas Kling  <akling@apple.com>
+
+        [iOS] Throw away linked code when navigating to a new page.
+        <https://webkit.org/b/153851>
+
+        Reviewed by Gavin Barraclough.
+
+        When navigating to a new page, tell JSC to throw out any linked code it has lying around.
+        Linked code is tied to a specific global object, and as we're creating a new one for the
+        new page, none of it is useful to us here.
+
+        In the event that the user navigates back, the cost of relinking some code will be far
+        lower than the memory cost of keeping all of it around.
+
+        This landed previously but was rolled out due to a Speedometer regression. I've made one
+        minor but important change here: only throw away code if we're navigating away from an
+        existing history item. Or in other words, don't throw away code for "force peeks" or any
+        other navigations that are not traditional top-level main frame navigations.
+
+        * bindings/js/GCController.cpp:
+        (WebCore::GCController::deleteAllLinkedCode):
+        * bindings/js/GCController.h:
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::commitProvisionalLoad):
+
+2016-02-06  Konstantin Tokarev  <annulen@yandex.ru>
+
+        Added implementations of AXObjectCache methods for !HAVE(ACCESSIBILITY).
+        https://bugs.webkit.org/show_bug.cgi?id=153924
+
+        Reviewed by Andreas Kling.
+
+        No new tests needed.
+
+        * accessibility/AXObjectCache.h:
+        (WebCore::AXObjectCache::ariaModalNode): Added stub implementation.
+        (WebCore::AXObjectCache::postLiveRegionChangeNotification): Ditto.
+        (WebCore::AXObjectCache::rangeForNodeContents): Ditto.
+        (WebCore::AXObjectCache::setIsSynchronizingSelection): Ditto.
+        (WebCore::AXObjectCache::setTextSelectionIntent): Ditto.
+        (WebCore::AXAttributeCacheEnabler::AXAttributeCacheEnabler): Ditto.
+        (WebCore::AXAttributeCacheEnabler::~AXAttributeCacheEnabler): Ditto.
+
+2016-02-04  Antti Koivisto  <antti@apple.com>
+
+        Use scope stack instead of nested TreeResolvers for shadow trees
+        https://bugs.webkit.org/show_bug.cgi?id=153893
+
+        Reviewed by Andreas Kling.
+
+        Make TreeResolver per-document. This is a step towards iterative style resolve.
+
+        This is done replacing use of nested TreeResolvers with a scope stack that maintains
+        the style resolver and the selector filter for the current tree scope.
+
+        * style/StyleTreeResolver.cpp:
+        (WebCore::Style::ensurePlaceholderStyle):
+        (WebCore::Style::TreeResolver::Scope::Scope):
+        (WebCore::Style::TreeResolver::TreeResolver):
+        (WebCore::Style::shouldCreateRenderer):
+        (WebCore::Style::TreeResolver::styleForElement):
+        (WebCore::Style::TreeResolver::createRenderTreeForShadowRoot):
+        (WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
+        (WebCore::Style::TreeResolver::createRenderTreeRecursively):
+        (WebCore::Style::TreeResolver::resolveLocally):
+        (WebCore::Style::TreeResolver::resolveShadowTree):
+        (WebCore::Style::TreeResolver::resolveBeforeOrAfterPseudoElement):
+        (WebCore::Style::TreeResolver::resolveChildren):
+        (WebCore::Style::TreeResolver::resolveSlotAssignees):
+        (WebCore::Style::TreeResolver::resolveRecursively):
+        (WebCore::Style::TreeResolver::resolve):
+        (WebCore::Style::detachRenderTree):
+        * style/StyleTreeResolver.h:
+        (WebCore::Style::TreeResolver::scope):
+        (WebCore::Style::TreeResolver::pushScope):
+        (WebCore::Style::TreeResolver::pushEnclosingScope):
+        (WebCore::Style::TreeResolver::popScope):
+
 2016-02-06  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, rolling out r196104.