2011-01-27 Oliver Hunt <oliver@apple.com>
[WebKit-https.git] / Source / WebCore / ChangeLog
index 660783b..a35c813 100644 (file)
+2011-01-27  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Convert markstack to a slot visitor API
+        https://bugs.webkit.org/show_bug.cgi?id=53219
+
+        Update WebCore to the new marking apis, correct bindings
+        codegen. 
+
+        * ForwardingHeaders/runtime/WriteBarrier.h: Added.
+        * WebCore.exp.in:
+        * bindings/js/DOMWrapperWorld.h:
+        (WebCore::DOMWrapperWorld::globalData):
+        * bindings/js/JSAudioConstructor.cpp:
+        (WebCore::JSAudioConstructor::JSAudioConstructor):
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::markDOMNodesForDocument):
+        (WebCore::markDOMObjectWrapper):
+        (WebCore::markDOMNodeWrapper):
+        * bindings/js/JSDOMGlobalObject.cpp:
+        (WebCore::JSDOMGlobalObject::markChildren):
+        (WebCore::JSDOMGlobalObject::setInjectedScript):
+        (WebCore::JSDOMGlobalObject::injectedScript):
+        * bindings/js/JSDOMGlobalObject.h:
+        (WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData::JSDOMGlobalObjectData):
+        (WebCore::getDOMConstructor):
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::JSDOMWindow::setLocation):
+        (WebCore::DialogHandler::dialogCreated):
+        * bindings/js/JSDOMWindowShell.cpp:
+        (WebCore::JSDOMWindowShell::JSDOMWindowShell):
+        (WebCore::JSDOMWindowShell::setWindow):
+        (WebCore::JSDOMWindowShell::markChildren):
+        (WebCore::JSDOMWindowShell::unwrappedObject):
+        * bindings/js/JSDOMWindowShell.h:
+        (WebCore::JSDOMWindowShell::window):
+        (WebCore::JSDOMWindowShell::setWindow):
+        * bindings/js/JSEventListener.cpp:
+        (WebCore::JSEventListener::JSEventListener):
+        (WebCore::JSEventListener::markJSFunction):
+        * bindings/js/JSEventListener.h:
+        (WebCore::JSEventListener::jsFunction):
+        * bindings/js/JSHTMLDocumentCustom.cpp:
+        (WebCore::JSHTMLDocument::setAll):
+        * bindings/js/JSImageConstructor.cpp:
+        (WebCore::JSImageConstructor::JSImageConstructor):
+        * bindings/js/JSImageDataCustom.cpp:
+        (WebCore::toJS):
+        * bindings/js/JSJavaScriptCallFrameCustom.cpp:
+        (WebCore::JSJavaScriptCallFrame::scopeChain):
+        (WebCore::JSJavaScriptCallFrame::scopeType):
+        * bindings/js/JSNodeFilterCondition.cpp:
+        (WebCore::JSNodeFilterCondition::markAggregate):
+        (WebCore::JSNodeFilterCondition::acceptNode):
+        * bindings/js/JSNodeFilterCondition.h:
+        * bindings/js/JSNodeFilterCustom.cpp:
+        * bindings/js/JSOptionConstructor.cpp:
+        (WebCore::JSOptionConstructor::JSOptionConstructor):
+        * bindings/js/JSSQLResultSetRowListCustom.cpp:
+        (WebCore::JSSQLResultSetRowList::item):
+        * bindings/js/ScriptCachedFrameData.cpp:
+        (WebCore::ScriptCachedFrameData::restore):
+        * bindings/js/ScriptObject.cpp:
+        (WebCore::ScriptGlobalObject::set):
+        * bindings/js/SerializedScriptValue.cpp:
+        (WebCore::CloneDeserializer::putProperty):
+        * bindings/scripts/CodeGeneratorJS.pm:
+        * dom/Document.h:
+
+2011-01-28  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Anders Carlsson.
+
+        Keyboard scrolling doesn’t work in WebKit2
+        <rdar://problem/8909672>
+
+        * platform/mac/ScrollAnimatorMac.mm:
+        (-[ScrollAnimationHelperDelegate convertSizeToBacking:]):
+        (-[ScrollAnimationHelperDelegate convertSizeFromBacking:]):
+        Add additional necessary delegate methods.
+
+2011-01-29  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        Re-land this patch with the missing null check that caused crashes in layout tests.
+
+        Changing cursor style has no effect until the mouse moves
+        https://bugs.webkit.org/show_bug.cgi?id=14344
+        rdar://problem/7563712
+
+        No tests added because we don't have infrastructure for testing actual cursor
+        changes (as opposed to cursor style computation) at this time. We might add it later.
+
+        * page/EventHandler.cpp:
+        (WebCore::EventHandler::dispatchFakeMouseMoveEventSoon): Added.
+        * page/EventHandler.h: Ditto.
+
+        * rendering/RenderObject.cpp:
+        (WebCore::areNonIdenticalCursorListsEqual): Added.
+        (WebCore::areCursorsEqual): Added.
+        (WebCore::RenderObject::styleDidChange): Call dispatchFakeMouseMoveEventSoon if
+        cursor styles changed.
+
+2011-01-28  Justin Schuh  <jschuh@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        We should hold RefPtrs to SVG font faces
+        https://bugs.webkit.org/show_bug.cgi?id=53270
+
+        Test: svg/custom/use-multiple-on-nested-disallowed-font.html
+
+        * css/CSSFontFaceSource.cpp:
+        (WebCore::CSSFontFaceSource::getFontData):
+        * css/CSSFontFaceSource.h:
+        * svg/SVGFontFaceElement.cpp:
+        (WebCore::SVGFontFaceElement::associatedFontElement):
+        * svg/SVGFontFaceElement.h:
+
+2011-01-28  Zhenyao Mo  <zmo@google.com>
+
+        Reviewed by Kenneth Russell.
+
+        uniformN*v should generate INVALID_VALUE of the array size is not a multiple of N
+        https://bugs.webkit.org/show_bug.cgi?id=53306
+
+        * html/canvas/WebGLRenderingContext.cpp:
+        (WebCore::WebGLRenderingContext::validateUniformMatrixParameters):
+
+2011-01-28  Tom Sepez  <tsepez@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        NULL pointer crash in TextIterator::handleTextBox()
+        https://bugs.webkit.org/show_bug.cgi?id=53267
+
+        Test: fast/css/rtl-nth-child-first-letter-crash.html
+
+        * editing/TextIterator.cpp:
+        (WebCore::TextIterator::handleTextBox):
+
+2011-01-28  Adrienne Walker  <enne@google.com>
+
+        Reviewed by Kenneth Russell.
+
+        [chromium] Remove a spurious diagnostic CRASH check.
+        https://bugs.webkit.org/show_bug.cgi?id=52379
+
+        * platform/graphics/chromium/LayerTilerChromium.cpp:
+        (WebCore::LayerTilerChromium::invalidateRect):
+
+2011-01-28  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        <rdar://problem/4761512> <select> can't display right-to-left (rtl) languages
+        https://bugs.webkit.org/show_bug.cgi?id=19785
+
+        Changed <select> pop-up menus on Mac OS X Snow Leopard and later to have their items aligned in the
+        direction corresponding to the writing direction of the <select> element, with the checkmarks
+        on the "start" side, and use the <option>'s writing direction rather than "natural". Made the
+        pop-up button match the menu by adding a Chrome boolean function, selectItemAlignmentFollowsMenuWritingDirection(),
+        which returns true for this pop-up behavior.
+
+        * loader/EmptyClients.h:
+        (WebCore::EmptyChromeClient::selectItemAlignmentFollowsMenuWritingDirection): Added.
+        * manual-tests/pop-up-alignment-and-direction.html: Added.
+        * page/Chrome.cpp:
+        (WebCore::Chrome::selectItemAlignmentFollowsMenuWritingDirection): Added. Calls through to the
+        client.
+        * page/Chrome.h:
+        * page/ChromeClient.h:
+        * platform/PopupMenuStyle.h:
+        (WebCore::PopupMenuStyle::PopupMenuStyle): Added hasTextDirectionOverride parameter and member
+        variable initialization.
+        (WebCore::PopupMenuStyle::hasTextDirectionOverride): Added this accessor.
+        * platform/mac/PopupMenuMac.mm:
+        (WebCore::PopupMenuMac::populate): Set the pop-up's layout direction and items' text alignment
+        to match the menu's writing direction. Set items' writing direction and direction override
+        according to their styles.
+        * rendering/RenderMenuList.cpp:
+        (WebCore::RenderMenuList::RenderMenuList): Removed unncesaary initialization of a smart pointer.
+        (WebCore::RenderMenuList::adjustInnerStyle): If the alignment of items in the menu follows the
+        menu's writing direction, use that alignment for the button as well. Also in this mode, use the
+        item's writing direction and override setting.
+        (WebCore::RenderMenuList::setTextFromOption): Store the option element's style.
+        (WebCore::RenderMenuList::itemStyle): Pass the text direction override value.
+        (WebCore::RenderMenuList::menuStyle): Ditto. Also use the button's direction, not the inner text's.
+        * rendering/RenderMenuList.h:
+        * rendering/RenderTextControlSingleLine.cpp:
+        (WebCore::RenderTextControlSingleLine::menuStyle): Pass the text direction override value.
+
+2011-01-28  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Daniel Bates.
+
+        Teach XSSFilter how to filter <script> elements
+        https://bugs.webkit.org/show_bug.cgi?id=53279
+
+        This patch adds the ability for the XSSFilter to block injected
+        <script> elements.  Handling script elements is slightly subtle because
+        these elements act very differently depending on whether they have a
+        src attribute.
+        
+        In the "src case", which check whether the src attribute was present in
+        the request.  In the "non-src case", we check whether the start tag and
+        the body of the script element was included in the request.  Checking
+        for the whole start tag means we miss out on some attribute splitting
+        attacks inside of script tags, but that doesn't seem like that big a
+        deal.
+
+        This patch also introduces some amount of state into the XSSFilter
+        because inline script elements span multiple tokens.  There's a lot of
+        tuning and optimization left in these cases, some of which I've noted
+        with FIXMEs.
+
+        To test this patch, I played around with some of the existing
+        XSSAuditor tests.  Hopefully I'll be able to run the test suite more
+        systematically in the future.
+
+        * html/parser/HTMLToken.h:
+        (WebCore::HTMLToken::eraseCharacters):
+        (WebCore::HTMLToken::eraseValueOfAttribute):
+        * html/parser/XSSFilter.cpp:
+        (WebCore::HTMLNames::hasName):
+        (WebCore::HTMLNames::findAttributeWithName):
+        (WebCore::HTMLNames::isNameOfScriptCarryingAttribute):
+        (WebCore::XSSFilter::XSSFilter):
+        (WebCore::XSSFilter::filterToken):
+        (WebCore::XSSFilter::filterTokenAfterScriptStartTag):
+        (WebCore::XSSFilter::filterScriptToken):
+        (WebCore::XSSFilter::snippetForRange):
+        (WebCore::XSSFilter::snippetForAttribute):
+        * html/parser/XSSFilter.h:
+
+2011-01-28  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Daniel Bates.
+
+        Sketch out new XSS filter design (disabled by default)
+        https://bugs.webkit.org/show_bug.cgi?id=53205
+
+        This patch adds a basic sketch of the new XSS filter design.  Rather
+        than watching scripts as they execute, in this design, we watch tokens
+        emitted by the tokenizer.  We then map the tokens directly back into
+        input characters, which lets us skip all the complicated logic related
+        to HTML entities and double-decoding of JavaScript URLs.
+
+        This patch contains only the bare essentially machinery.  I'll add more
+        in future patches and eventually remove the previous code once this
+        code is up and running correctly.
+
+        * Android.mk:
+        * CMakeLists.txt:
+        * GNUmakefile.am:
+        * WebCore.gypi:
+        * WebCore.pro:
+        * WebCore.vcproj/WebCore.vcproj:
+        * WebCore.xcodeproj/project.pbxproj:
+        * html/parser/HTMLDocumentParser.cpp:
+        (WebCore::HTMLDocumentParser::HTMLDocumentParser):
+        (WebCore::HTMLDocumentParser::pumpTokenizer):
+        (WebCore::HTMLDocumentParser::sourceForToken):
+        * html/parser/HTMLDocumentParser.h:
+        * html/parser/XSSFilter.cpp: Added.
+        * html/parser/XSSFilter.h: Added.
+
+2011-01-28  Michael Saboff  <msaboff@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
+        https://bugs.webkit.org/show_bug.cgi?id=53271
+
+        Reapplying this patch with the change that the second ASSERT in 
+        RootObject::removeRuntimeObject was changed to use
+        .uncheckedGet() instead of the failing .get().  The object in question
+        could be in the process of being GC'ed.  The get() call will not return
+        such an object while the uncheckedGet() call will return the (unsafe) 
+        object.  This is the behavior we want.
+
+        Precautionary change.
+        Changed RootObject to use WeakGCMap instead of HashSet.
+        Found will looking for another issue, but can't produce a test case
+        that is problematic.  THerefore there aren't any new tests.
+
+        * bridge/runtime_root.cpp:
+        (JSC::Bindings::RootObject::invalidate):
+        (JSC::Bindings::RootObject::addRuntimeObject):
+        (JSC::Bindings::RootObject::removeRuntimeObject):
+        * bridge/runtime_root.h:
+
+2011-01-28  Adam Roben  <aroben@apple.com>
+
+        Notify CACFLayerTreeHost when the context is flushed
+
+        LegacyCACFLayerTreeHost was keeping this a secret, which meant that WebCore's animation
+        timers were never starting.
+
+        Fixes <http://webkit.org/b/53302> [Windows 7 Release Tests] changesets 76853, 76856, and
+        76858 broke ~36 animations, compositing, and transitions tests
+
+        Reviewed by Sam Weinig.
+
+        * platform/graphics/ca/win/LegacyCACFLayerTreeHost.cpp:
+        (WebCore::LegacyCACFLayerTreeHost::contextDidChange): Call up to the base class after we
+        start our render timer.
+
+2011-01-28  Antti Koivisto  <antti@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        Remove dead code that tried to map from CSS values to parser values
+        https://bugs.webkit.org/show_bug.cgi?id=53318
+
+        * css/CSSFunctionValue.cpp:
+        * css/CSSFunctionValue.h:
+        * css/CSSPrimitiveValue.cpp:
+        * css/CSSPrimitiveValue.h:
+        * css/CSSValue.h:
+        * css/CSSValueList.cpp:
+        * css/CSSValueList.h:
+
+2011-01-28  Enrica Casucci  <enrica@apple.com>
+
+        Reviewed by Adam Roben.
+
+        Some drag and drop tests fail since r76824
+        https://bugs.webkit.org/show_bug.cgi?id=53304
+
+        There were '||' instead of '&&' in the checks for valid
+        clipboard content.
+        
+        * platform/win/ClipboardWin.cpp:
+        (WebCore::ClipboardWin::getData):
+        (WebCore::ClipboardWin::types):
+        (WebCore::ClipboardWin::files):
+
+2011-01-28  Martin Robinson  <mrobinson@igalia.com>
+
+        [GTK] AudioProcessingEvent.h and JSJavaScriptAudioNode.h: No such file or directory
+        https://bugs.webkit.org/show_bug.cgi?id=52889
+
+        Build fix for WebAudio. Include WebAudio source files on the source
+        list when WebAudio is enabled.
+
+        * GNUmakefile.am: Include missing source files.
+
+2011-01-28  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Maciej Stachowiak.
+
+        Add basic rubber banding support
+        <rdar://problem/8219429>
+        https://bugs.webkit.org/show_bug.cgi?id=53277
+
+        * page/EventHandler.cpp:
+        (WebCore::EventHandler::handleGestureEvent):
+        Pass gesture events to the FrameView.
+
+        * platform/ScrollAnimator.cpp:
+        (WebCore::ScrollAnimator::handleGestureEvent):
+        * platform/ScrollAnimator.h:
+        Add stubbed out implementation.
+
+        * platform/ScrollView.cpp:
+        (WebCore::ScrollView::ScrollView):
+        (WebCore::ScrollView::overhangAmount):
+        (WebCore::ScrollView::wheelEvent):
+        * platform/ScrollView.h:
+        * platform/ScrollableArea.cpp:
+        (WebCore::ScrollableArea::ScrollableArea):
+        (WebCore::ScrollableArea::handleGestureEvent):
+        * platform/ScrollableArea.h:
+        (WebCore::ScrollableArea::constrainsScrollingToContentEdge):
+        (WebCore::ScrollableArea::setConstrainsScrollingToContentEdge):
+        Move constrains scrolling bit to ScrollableArea from ScrollView.
+
+        (WebCore::ScrollableArea::contentsSize):
+        (WebCore::ScrollableArea::overhangAmount):
+        Add additional virtual functions for information needed by the animator.
+
+        * platform/mac/ScrollAnimatorMac.h:
+        * platform/mac/ScrollAnimatorMac.mm:
+        (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
+        (WebCore::ScrollAnimatorMac::immediateScrollByDeltaX):
+        (WebCore::ScrollAnimatorMac::immediateScrollByDeltaY):
+        (WebCore::elasticDeltaForTimeDelta):
+        (WebCore::elasticDeltaForReboundDelta):
+        (WebCore::reboundDeltaForElasticDelta):
+        (WebCore::scrollWheelMultiplier):
+        (WebCore::ScrollAnimatorMac::handleWheelEvent):
+        (WebCore::ScrollAnimatorMac::handleGestureEvent):
+        (WebCore::ScrollAnimatorMac::pinnedInDirection):
+        (WebCore::ScrollAnimatorMac::allowsVerticalStretching):
+        (WebCore::ScrollAnimatorMac::allowsHorizontalStretching):
+        (WebCore::ScrollAnimatorMac::smoothScrollWithEvent):
+        (WebCore::ScrollAnimatorMac::beginScrollGesture):
+        (WebCore::ScrollAnimatorMac::endScrollGesture):
+        (WebCore::ScrollAnimatorMac::snapRubberBand):
+        (WebCore::roundTowardZero):
+        (WebCore::roundToDevicePixelTowardZero):
+        (WebCore::ScrollAnimatorMac::snapRubberBandTimerFired):
+        Implement basic rubber banding.
+
+2011-01-28  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        Changing unicode-bidi doesn’t force layout
+        https://bugs.webkit.org/show_bug.cgi?id=53311
+
+        Test: fast/dynamic/unicode-bidi.html
+
+        * rendering/style/RenderStyle.cpp:
+        (WebCore::RenderStyle::diff): Return a layout difference if unicode-bidi values differ.
+
+2011-01-27  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Reviewed by Kent Tamura.
+
+        Change HTMLInputElement-derived parts of media element shadow DOM to use shadowPseudoId.
+        https://bugs.webkit.org/show_bug.cgi?id=53122
+
+        This is the first step in converting HTMLMediaElement to the new shadow DOM.
+
+        Should not regress any existing tests. No observable change in behavior.
+
+        * css/CSSSelector.cpp:
+        (WebCore::CSSSelector::pseudoId): Removed now-unnecessary hard-coded pseudo-element selectors.
+        (WebCore::nameToPseudoTypeMap): Ditto.
+        (WebCore::CSSSelector::extractPseudoType): Ditto.
+        * css/CSSSelector.h: Ditto.
+        * css/mediaControls.css: Added proper initial values, now that elements use the proper selector pipeline.
+        * rendering/MediaControlElements.cpp:
+        (WebCore::MediaControlInputElement::MediaControlInputElement): Removed the switch statement,
+            which is now replaced with virtual shadowPseudoId on each corresponding class.
+        (WebCore::MediaControlInputElement::styleForElement): Changed to use element pipeline.
+        (WebCore::MediaControlMuteButtonElement::MediaControlMuteButtonElement): Changed to set
+            display type in constructor.
+        (WebCore::MediaControlMuteButtonElement::create): Changed to not take PseudoId as
+            constructor argument.
+        (WebCore::MediaControlMuteButtonElement::shadowPseudoId): Added.
+        (WebCore::MediaControlVolumeSliderMuteButtonElement::MediaControlVolumeSliderMuteButtonElement): Added
+            to disambiguate from the MediaControlMuteButtonElement.
+        (WebCore::MediaControlVolumeSliderMuteButtonElement::create): Added.
+        (WebCore::MediaControlVolumeSliderMuteButtonElement::shadowPseudoId): Added.
+        (WebCore::MediaControlPlayButtonElement::MediaControlPlayButtonElement): Changed to not take PseudoId as
+            constructor argument.
+        (WebCore::MediaControlPlayButtonElement::shadowPseudoId): Added.
+        (WebCore::MediaControlSeekButtonElement::MediaControlSeekButtonElement): Changed to not take PseudoId as
+            constructor argument.
+        (WebCore::MediaControlSeekForwardButtonElement::MediaControlSeekForwardButtonElement): Added.
+        (WebCore::MediaControlSeekForwardButtonElement::create): Added.
+        (WebCore::MediaControlSeekForwardButtonElement::shadowPseudoId): Added.
+        (WebCore::MediaControlSeekBackButtonElement::MediaControlSeekBackButtonElement): Added.
+        (WebCore::MediaControlSeekBackButtonElement::create): Added.
+        (WebCore::MediaControlSeekBackButtonElement::shadowPseudoId): Added.
+        (WebCore::MediaControlRewindButtonElement::MediaControlRewindButtonElement): Added.
+        (WebCore::MediaControlRewindButtonElement::shadowPseudoId): Added.
+        (WebCore::MediaControlReturnToRealtimeButtonElement::MediaControlReturnToRealtimeButtonElement): Changed to not take PseudoId as
+            constructor argument.
+        (WebCore::MediaControlReturnToRealtimeButtonElement::shadowPseudoId): Added.
+        (WebCore::MediaControlToggleClosedCaptionsButtonElement::MediaControlToggleClosedCaptionsButtonElement): Changed to not take PseudoId as
+            constructor argument.
+        (WebCore::MediaControlToggleClosedCaptionsButtonElement::shadowPseudoId): Added.
+        (WebCore::MediaControlTimelineElement::MediaControlTimelineElement): Changed to not take PseudoId as
+            constructor argument.
+        (WebCore::MediaControlTimelineElement::shadowPseudoId): Added.
+        (WebCore::MediaControlVolumeSliderElement::MediaControlVolumeSliderElement): Changed to not take PseudoId as
+            constructor argument.
+        (WebCore::MediaControlVolumeSliderElement::shadowPseudoId): Added.
+        (WebCore::MediaControlFullscreenButtonElement::MediaControlFullscreenButtonElement): Changed to not take PseudoId as
+            constructor argument.
+        (WebCore::MediaControlFullscreenButtonElement::shadowPseudoId): Added.
+        * rendering/MediaControlElements.h:
+        (WebCore::MediaControlSeekForwardButtonElement::isForwardButton): Added.
+        (WebCore::MediaControlSeekBackButtonElement::isForwardButton): Added.
+        * rendering/RenderMedia.cpp:
+        (WebCore::RenderMedia::createMuteButton): Changed to use new constructor.
+        (WebCore::RenderMedia::createSeekBackButton): Ditto.
+        (WebCore::RenderMedia::createSeekForwardButton): Ditto.
+        (WebCore::RenderMedia::createVolumeSliderMuteButton): Ditto.
+        * rendering/style/RenderStyleConstants.h: Removed constants that are no longer used.
+
+2011-01-27  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Reviewed by Eric Carlson.
+
+        Split MediaControls out of RenderMedia.
+        https://bugs.webkit.org/show_bug.cgi?id=53252
+
+        Near-mechanical moving of stuff, no change in behavior, thus no new tests.
+
+        * Android.mk: Added MediaControls to build system.
+        * CMakeLists.txt: Ditto.
+        * GNUmakefile.am: Ditto.
+        * WebCore.gypi: Ditto.
+        * WebCore.pro: Ditto.
+        * WebCore.vcproj/WebCore.vcproj: Ditto.
+        * WebCore.xcodeproj/project.pbxproj: Ditto.
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::defaultEventHandler): Changed to forward events to MediaControls.
+        * html/shadow/MediaControls.cpp: Copied all controls-related methods from
+            Source/WebCore/rendering/RenderMedia.cpp, pulled them into their own class called MediaControls. 
+        * html/shadow/MediaControls.h: Ditto from Source/WebCore/rendering/RenderMedia.h.
+        * rendering/MediaControlElements.cpp:
+        (WebCore::MediaControlTimelineElement::defaultEventHandler): Changed to use MediaControls.
+        * rendering/RenderMedia.cpp:
+        (WebCore::RenderMedia::RenderMedia): Moved relevant constructor initializers out to MediaControls.
+        (WebCore::RenderMedia::destroy): Changed to use MediaControls.
+        (WebCore::RenderMedia::styleDidChange): Ditto.
+        (WebCore::RenderMedia::layout): Ditto.
+        (WebCore::RenderMedia::updateFromElement): Ditto.
+        * rendering/RenderMedia.h: Updated defs accordingly and removed player() accessor, which
+            is only used by sub-class RenderVideo.
+        (WebCore::RenderMedia::controls): Added.
+        * rendering/RenderVideo.cpp:
+        (WebCore::RenderVideo::~RenderVideo): Changed to access MediaPlayer* directly from mediaElement().
+        (WebCore::RenderVideo::calculateIntrinsicSize): Ditto.
+        (WebCore::RenderVideo::paintReplaced): Ditto.
+        (WebCore::RenderVideo::updatePlayer): Ditto.
+        (WebCore::RenderVideo::supportsAcceleratedRendering): Ditto.
+        (WebCore::RenderVideo::acceleratedRenderingStateChanged): Ditto.
+
+2011-01-28  Pavel Feldman  <pfeldman@chromium.org>
+
+        Reviewed by Yury Semikhatsky.
+
+        Web Inspector: allow remote debugging with front-end
+        served from the cloud.
+        https://bugs.webkit.org/show_bug.cgi?id=53303
+
+        * inspector/front-end/inspector.js:
+
+2011-01-28  Aparna Nandyal  <aparna.nand@wipro.com>
+
+        Reviewed by Andreas Kling.
+
+        Setting value of m_PressedPos to make scrolling smooth
+
+        Page scroll popup menu "Scroll here" option not working when cliking above scroll slider/handler.
+        https://bugs.webkit.org/show_bug.cgi?id=51349
+
+        The value of m_PressedPos was getting set before moveThumb() call
+        in all other scenarios except when "Scroll Here" option is used.
+        Hence scrolling with this option was not as expected even in cases
+        where scrolling was happening. The thumb would move in unexpected
+        direction. m_PressedPos is now set to pressed position so delta is
+        calculated.
+        Unable to write a test case as the test needs to click on "Scroll
+        Here" option of context sensitive menu and QTest is unable to do it.
+        Besides no new functionality introduced.
+
+        * platform/qt/ScrollbarQt.cpp:
+        (WebCore::Scrollbar::contextMenu):
+
+2011-01-28  Andrey Kosyakov  <caseq@chromium.org>
+
+        Reviewed by Pavel Feldman.
+
+        Web Inspector: [Extensions API] add JSON schema for extensions API
+        https://bugs.webkit.org/show_bug.cgi?id=53236
+
+        * inspector/front-end/ExtensionAPISchema.json: Added.
+
+2011-01-27  Zhenyao Mo  <zmo@google.com>
+
+        Reviewed by Kenneth Russell.
+
+        Remove _LENGTH enumerants
+        https://bugs.webkit.org/show_bug.cgi?id=53259
+
+        * html/canvas/WebGLRenderingContext.cpp: Remove queries for *LENGTH.
+        (WebCore::WebGLRenderingContext::getProgramParameter):
+        (WebCore::WebGLRenderingContext::getShaderParameter):
+        * html/canvas/WebGLRenderingContext.idl: Remove *LENGTH.
+
+2011-01-28  Alexander Pavlov  <apavlov@chromium.org>
+
+        Reviewed by Yury Semikhatsky.
+
+        Web Inspector: syntax highlight inline JS and CSS in HTML resources
+        https://bugs.webkit.org/show_bug.cgi?id=30831
+
+        * inspector/front-end/SourceHTMLTokenizer.js:
+        (WebInspector.SourceHTMLTokenizer):
+        (WebInspector.SourceHTMLTokenizer.prototype.set line):
+        (WebInspector.SourceHTMLTokenizer.prototype.nextToken):
+        * inspector/front-end/SourceHTMLTokenizer.re2js:
+
+2011-01-28  Alexander Pavlov  <apavlov@chromium.org>
+
+        Reviewed by Yury Semikhatsky.
+
+        Web Inspector: [STYLES] Up/Down-suggestion breaks an existing keyword
+        https://bugs.webkit.org/show_bug.cgi?id=53295
+
+        Select the current word suffix before switching to the next suggestion.
+
+        * inspector/front-end/StylesSidebarPane.js:
+        ():
+
+2011-01-28  Alejandro G. Castro  <alex@igalia.com>
+
+        Reviewed by Xan Lopez.
+
+        [GTK] Fix dist compilation for the release
+        https://bugs.webkit.org/show_bug.cgi?id=53290
+
+        * GNUmakefile.am: Added inspector files to the extra dist.
+
+2011-01-28  Ilya Sherman  <isherman@chromium.org>
+
+        Reviewed by Andreas Kling.
+
+        Const-correct HTMLSelectElement and WebSelectElement
+        https://bugs.webkit.org/show_bug.cgi?id=53293
+
+        * html/HTMLSelectElement.cpp:
+        (WebCore::HTMLSelectElement::value): const.
+        * html/HTMLSelectElement.h:
+
+2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
+
+        Unreviewed, rolling out r76893.
+        http://trac.webkit.org/changeset/76893
+        https://bugs.webkit.org/show_bug.cgi?id=53287
+
+        It made some tests crash on GTK and Qt debug bots (Requested
+        by Ossy on #webkit).
+
+        * bridge/runtime_root.cpp:
+        (JSC::Bindings::RootObject::invalidate):
+        (JSC::Bindings::RootObject::addRuntimeObject):
+        (JSC::Bindings::RootObject::removeRuntimeObject):
+        * bridge/runtime_root.h:
+
+2011-01-27  Greg Coletta  <greg.coletta@nokia.com>
+
+        Reviewed by Laszlo Gombos.
+
+        Get rid of prefix header dependency for WebKit2 build system
+        https://bugs.webkit.org/show_bug.cgi?id=50174
+
+        Guard EmptyProtocalDefinitions.h to make sure it's not included twice.
+
+        * platform/mac/EmptyProtocolDefinitions.h:
+
+2011-01-27  Abhishek Arya  <inferno@chromium.org>
+
+        Reviewed by Dan Bernstein.
+
+        Recalc table sections if needed before calculating the first line
+        box baseline.
+        https://bugs.webkit.org/show_bug.cgi?id=53265
+
+        When we try to calculate the baseline position of a table cell,
+        we recurse through all the child sibling boxes (when children are
+        non inline) and add their first linebox baseline values. If one of
+        the children is a table with pending section recalc, we will access
+        wrong table section values. We recalc table sections if it is needed.
+
+        Test: fast/table/recalc-section-first-body-crash-main.html
+
+        * rendering/RenderTable.cpp:
+        (WebCore::RenderTable::firstLineBoxBaseline):
+
+2011-01-27  Adrienne Walker  <enne@google.com>
+
+        Reviewed by Kenneth Russell.
+
+        [chromium] Add CRASH calls to further debug tiled compositor memcpy crash.
+        https://bugs.webkit.org/show_bug.cgi?id=52379
+
+        Test: LayoutTests/compositing (to verify these weren't triggered)
+
+        * platform/graphics/chromium/LayerTilerChromium.cpp:
+        (WebCore::LayerTilerChromium::invalidateRect):
+        (WebCore::LayerTilerChromium::update):
+
+2011-01-27  Alexander Pavlov  <apavlov@chromium.org>
+
+        Reviewed by Pavel Feldman.
+
+        Web Inspector: [STYLES] Cancelled suggestion of a property name results in a visual artifact
+        https://bugs.webkit.org/show_bug.cgi?id=53242
+
+        * inspector/front-end/StylesSidebarPane.js:
+        (WebInspector.StylePropertyTreeElement.prototype):
+
+2011-01-27  Sheriff Bot  <webkit.review.bot@gmail.com>
+
+        Unreviewed, rolling out r76891.
+        http://trac.webkit.org/changeset/76891
+        https://bugs.webkit.org/show_bug.cgi?id=53280
+
+        Makes every layout test crash (Requested by othermaciej on
+        #webkit).
+
+        * page/EventHandler.cpp:
+        * page/EventHandler.h:
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::styleDidChange):
+
+2011-01-27  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Unreviewed, rolling out r76839.
+        http://trac.webkit.org/changeset/76839
+        https://bugs.webkit.org/show_bug.cgi?id=49744
+
+        broke pixel tests
+
+        * rendering/RenderBox.cpp:
+        (WebCore::RenderBox::localCaretRect):
+
+2011-01-27  Emil A Eklund  <eae@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        contentEditable formatBlock crashes on divs with contenteditable="false"
+        https://bugs.webkit.org/show_bug.cgi?id=53263
+
+        Check if editableRootForPosition returns null for position.
+
+        Test: editing/execCommand/format-block-contenteditable-false.html
+
+        * editing/FormatBlockCommand.cpp:
+        (WebCore::FormatBlockCommand::formatRange):
+
+2011-01-27  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Remove RenderMedia members that aren't used.
+        https://bugs.webkit.org/show_bug.cgi?id=53245
+
+        Refactoring, no change in behavior, so no new tests.
+
+        * rendering/RenderMedia.h: Removed unused member variables.
+
+2011-01-27  Michael Saboff  <msaboff@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
+        https://bugs.webkit.org/show_bug.cgi?id=53271
+
+        Precautionary change.
+        Changed RootObject to use WeakGCMap instead of HashSet.
+        Found will looking for another issue, but can't produce a test case
+        that is problematic.  THerefore there aren't any new tests.
+
+        * bridge/runtime_root.cpp:
+        (JSC::Bindings::RootObject::invalidate):
+        (JSC::Bindings::RootObject::addRuntimeObject):
+        (JSC::Bindings::RootObject::removeRuntimeObject):
+        * bridge/runtime_root.h:
+
+2011-01-27  Kenneth Russell  <kbr@google.com>
+
+        Reviewed by James Robinson.
+
+        Rename Typed Array slice() to subset()
+        https://bugs.webkit.org/show_bug.cgi?id=53273
+
+        * bindings/js/JSArrayBufferViewHelper.h:
+        (WebCore::constructArrayBufferView):
+        * bindings/v8/custom/V8ArrayBufferViewCustom.h:
+        (WebCore::constructWebGLArray):
+        * html/canvas/Float32Array.cpp:
+        (WebCore::Float32Array::subset):
+        * html/canvas/Float32Array.h:
+        * html/canvas/Float32Array.idl:
+        * html/canvas/Int16Array.cpp:
+        (WebCore::Int16Array::subset):
+        * html/canvas/Int16Array.h:
+        * html/canvas/Int16Array.idl:
+        * html/canvas/Int32Array.cpp:
+        (WebCore::Int32Array::subset):
+        * html/canvas/Int32Array.h:
+        * html/canvas/Int32Array.idl:
+        * html/canvas/Int8Array.cpp:
+        (WebCore::Int8Array::subset):
+        * html/canvas/Int8Array.h:
+        * html/canvas/Int8Array.idl:
+        * html/canvas/TypedArrayBase.h:
+        (WebCore::TypedArrayBase::subsetImpl):
+        * html/canvas/Uint16Array.cpp:
+        (WebCore::Uint16Array::subset):
+        * html/canvas/Uint16Array.h:
+        * html/canvas/Uint16Array.idl:
+        * html/canvas/Uint32Array.cpp:
+        (WebCore::Uint32Array::subset):
+        * html/canvas/Uint32Array.h:
+        * html/canvas/Uint32Array.idl:
+        * html/canvas/Uint8Array.cpp:
+        (WebCore::Uint8Array::subset):
+        * html/canvas/Uint8Array.h:
+        * html/canvas/Uint8Array.idl:
+
+2011-01-27  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        Changing cursor style has no effect until the mouse moves
+        https://bugs.webkit.org/show_bug.cgi?id=14344
+        rdar://problem/7563712
+
+        No tests added because we don't have infrastructure for testing actual cursor
+        changes (as opposed to cursor style computation) at this time. We might add it later.
+
+        * page/EventHandler.cpp:
+        (WebCore::EventHandler::dispatchFakeMouseMoveEventSoon): Added.
+        * page/EventHandler.h: Ditto.
+
+        * rendering/RenderObject.cpp:
+        (WebCore::areNonIdenticalCursorListsEqual): Added.
+        (WebCore::areCursorsEqual): Added.
+        (WebCore::RenderObject::styleDidChange): Call dispatchFakeMouseMoveEventSoon if
+        cursor styles changed.
+
+2011-01-27  Leo Yang  <leo.yang@torchmobile.com.cn>
+
+        Reviewed by Dirk Schulze.
+
+        SVG Use Cycle is not detected
+        https://bugs.webkit.org/show_bug.cgi?id=52544
+
+        We should check if SVGUseElement::buildInstanceTree finds problem
+        for every child node. If it finds problem for any children we must
+        return immediately because otherwise the foundProblem variable may
+        be rewritten to false.
+
+        Test: svg/custom/recursive-use2.svg
+
+        * svg/SVGUseElement.cpp:
+        (WebCore::SVGUseElement::buildInstanceTree):
+
+2011-01-27  Zhenyao Mo  <zmo@google.com>
+
+        Reviewed by Kenneth Russell.
+
+        texSubImage2D's format/type needs to match the internalformat/type from the previous texImage2D call
+        https://bugs.webkit.org/show_bug.cgi?id=53054
+
+        Test: fast/canvas/webgl/tex-sub-image-2d-bad-args.html
+
+        * html/canvas/WebGLRenderingContext.cpp:
+        (WebCore::WebGLRenderingContext::texSubImage2DBase): Check format/type match.
+
+2011-01-27  Yi Shen  <yi.4.shen@nokia.com>, Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
+
+        Reviewed by Andreas Kling.
+
+        [Qt] Add fullscreen media control button for html video
+        https://bugs.webkit.org/show_bug.cgi?id=51543
+
+        Implement media control fullscreen button for QtWebKit html5 video.
+
+        * css/mediaControlsQt.css:
+        (video::-webkit-media-controls-fullscreen-button):
+        * platform/qt/RenderThemeQt.cpp:
+        (WebCore::RenderThemeQt::paintMediaFullscreenButton):
+
+2011-01-27  Nate Chapin  <japhet@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Remove FrameLoader::url() and update callers to use
+        Document::url().
+        https://bugs.webkit.org/show_bug.cgi?id=41165
+
+        Refactor, no new tests.
+
+        * WebCore.exp.in:
+        * dom/Document.cpp:
+        (WebCore::Document::processHttpEquiv):
+        (WebCore::Document::removePendingSheet):
+        * history/CachedFrame.cpp:
+        (WebCore::CachedFrameBase::CachedFrameBase):
+        * history/PageCache.cpp:
+        (WebCore::logCanCacheFrameDecision):
+        (WebCore::PageCache::canCachePageContainingThisFrame):
+        * html/HTMLFrameElementBase.cpp:
+        (WebCore::HTMLFrameElementBase::isURLAllowed):
+        * html/HTMLPlugInImageElement.cpp:
+        (WebCore::HTMLPlugInImageElement::allowedToLoadFrameURL):
+        * inspector/InspectorAgent.cpp:
+        (WebCore::InspectorAgent::inspectedURL):
+        * inspector/InspectorResourceAgent.cpp:
+        (WebCore::buildObjectForFrame):
+        * loader/DocumentWriter.cpp:
+        (WebCore::DocumentWriter::replaceDocument):
+        (WebCore::DocumentWriter::deprecatedFrameEncoding):
+        * loader/FrameLoader.cpp:
+        * loader/FrameLoader.h:
+        * loader/HistoryController.cpp:
+        (WebCore::HistoryController::updateForStandardLoad):
+        (WebCore::HistoryController::updateForRedirectWithLockedBackForwardList):
+        (WebCore::HistoryController::updateForSameDocumentNavigation):
+        * loader/NavigationScheduler.cpp:
+        (WebCore::ScheduledHistoryNavigation::fire):
+        (WebCore::NavigationScheduler::scheduleLocationChange):
+        (WebCore::NavigationScheduler::scheduleRefresh):
+        * page/FrameView.cpp:
+        (WebCore::FrameView::updateControlTints):
+        * page/Location.cpp:
+        (WebCore::Location::url):
+        (WebCore::Location::setProtocol):
+        (WebCore::Location::setHost):
+        (WebCore::Location::setHostname):
+        (WebCore::Location::setPort):
+        (WebCore::Location::setPathname):
+        (WebCore::Location::setSearch):
+        (WebCore::Location::setHash):
+        (WebCore::Location::reload):
+        * page/Page.cpp:
+        (WebCore::Page::goToItem):
+
+2011-01-27  Stephen White  <senorblanco@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Fix performance regression in ImageQualityController::objectDestroyed().
+        https://bugs.webkit.org/show_bug.cgi?id=52645
+
+        In r72282, I inadvertently introduced this regression by using a
+        linear search through the hash map on object destruction.  This was
+        because the hash key consisted of both object pointer and layer id,
+        but on object destruction we only know the object pointer, requiring
+        a search to find all the layers. 
+        By replacing the hash map with two nested hash maps, where the outer key
+        is the object and the inner key is the layer, we can find all the
+        relevant data for an object in one hash lookup.
+
+        * rendering/RenderBoxModelObject.cpp:
+        Replace the (object,layer)->size HashMap with object->layer and
+        layer->size HashMaps.
+        (WebCore::ImageQualityController::isEmpty):
+        Implement isEmpty() for the outer HashMap.
+        (WebCore::ImageQualityController::removeLayer):
+        When a layer is removed, remove it from the inner hash map.
+        (WebCore::ImageQualityController::set):
+        Implement set():  if the inner map exists, set the layer->size tuple
+        directly.  If not, create a new inner map, set the tuple, and insert
+        it in the outer map.
+        (WebCore::ImageQualityController::objectDestroyed):
+        Look up the object in the outer map only.
+        (WebCore::ImageQualityController::highQualityRepaintTimerFired):
+        Cosmetic changes for the renamed now-outer hash map.
+        (WebCore::ImageQualityController::shouldPaintAtLowQuality):
+        Do both outer and inner hash map lookups.  Call set() to add/update
+        entries to the hash maps.  keyDestroyed() is now removeLayer().
+        (WebCore::imageQualityController):
+        Make the ImageQualityController a file-static global, so it can be
+        created and destroyed on the fly.
+        (WebCore::RenderBoxModelObject::~RenderBoxModelObject):
+        If there is no ImageQualityController, don't call objectDestroyed().
+        If it's empty, delete it.
+        * rendering/RenderImage.cpp:
+        (WebCore::RenderImage::paintIntoRect):
+        Also pass the Image* as the (void*) layer, since 0 is not a valid
+        HashMap key.
+
+2011-01-27  Adrienne Walker  <enne@google.com>
+
+        Reviewed by James Robinson.
+
+        [chromium] Tiled compositor crashes if compositing turned off mid-paint
+        https://bugs.webkit.org/show_bug.cgi?id=53198
+
+        * platform/graphics/chromium/LayerRendererChromium.cpp:
+        (WebCore::LayerRendererChromium::drawLayers):
+        * platform/graphics/chromium/LayerTilerChromium.cpp:
+        (WebCore::LayerTilerChromium::update):
+        (WebCore::LayerTilerChromium::draw):
+
+2011-01-27  Carol Szabo <carol.szabo@nokia.com>
+
+        Reviewed by David Hyatt.
+
+        A corrupted counter tree is created when renderers are added to the
+        tree bypassing RenderObject::addChild
+        https://bugs.webkit.org/show_bug.cgi?id=51270
+
+        No new tests. This patch reimplements the fix for bugs 43812 and
+        51637 and hence all tests are already there as part of the original
+        fixes for those bugs.
+
+        * rendering/RenderCounter.cpp:
+        (WebCore::findPlaceForCounter):
+        Removed old workaround as this patch hopefully fixes the real
+        problem.
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::addChild):
+        Removed call to counter updater as it was moved to a lower level.
+        (WebCore::RenderObject::destroy):
+        Moved attached counter nodes destruction to after the node is
+        removed from the tree.
+        * rendering/RenderObjectChildList.cpp:
+        (WebCore::RenderObjectChildList::removeChildNode):
+        (WebCore::RenderObjectChildList::appendChildNode):
+        (WebCore::RenderObjectChildList::insertChildNode):
+        Added notifications to the Counter system such that the
+        CounterForest reflects the changes to the RendererTree.
+        * rendering/RenderWidget.cpp:
+        (WebCore::RenderWidget::destroy):
+        Applied the same changes as for RenderObject::destroy()
+        since RenderObject::destroy() is not called from here.
+
+2011-01-27  Adam Roben  <aroben@apple.com>
+
+        Add WKCACFViewLayerTreeHost
+
+        This is a class that derives from CACFLayerTreeHost and uses a WKCACFView to render.
+
+        Fixes <http://webkit.org/b/53251> <rdar://problem/8925496> CACFLayerTreeHost should use
+        WKCACFView for rendering
+
+        * WebCore.vcproj/WebCore.vcproj: Added WKCACFViewLayerTreeHost.{cpp,h}.
+
+        * platform/graphics/ca/win/CACFLayerTreeHost.cpp:
+        (WebCore::CACFLayerTreeHost::acceleratedCompositingAvailable): Make the test window have a
+        non-zero size. WKCACFView will always say it can't render if you pass it a 0-sized window,
+        so we need a non-empty window to perform a valid test.
+        (WebCore::CACFLayerTreeHost::create): First try to create a WKCACFViewLayerTreeHost, then
+        fall back to a LegacyCACFLayerTreeHost.
+        (WebCore::CACFLayerTreeHost::flushPendingLayerChangesNow): Moved code to react to the
+        context flush from here...
+        (WebCore::CACFLayerTreeHost::contextDidChange): ...to here. Derived classes are required to
+        call this function whenever changes are flushed to the context.
+
+        * platform/graphics/ca/win/CACFLayerTreeHost.h: Added contextDidChange.
+
+        * platform/graphics/ca/win/LegacyCACFLayerTreeHost.cpp:
+        (WebCore::LegacyCACFLayerTreeHost::createRenderer):
+        (WebCore::LegacyCACFLayerTreeHost::resize):
+        Changed to use flushContext instead of flushing the context manually so that we will always
+        notify the base class when the context gets flushed.
+
+        (WebCore::LegacyCACFLayerTreeHost::flushContext): Added a call to contextDidChange so the
+        base class will know what happened. Moved code to schedule a render from here...
+        (WebCore::LegacyCACFLayerTreeHost::contextDidChange): ...to here.
+
+        * platform/graphics/ca/win/LegacyCACFLayerTreeHost.h: Added contextDidChange.
+
+        * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp: Added.
+        (WebCore::WKCACFViewLayerTreeHost::create): If WebKitQuartzCoreAdditions, which provides
+        WKCACFView, isn't present, bail. Otherwise allocate and return a new host.
+        (WebCore::WKCACFViewLayerTreeHost::WKCACFViewLayerTreeHost): Initialize members.
+        (WebCore::WKCACFViewLayerTreeHost::updateViewIfNeeded): Update the view if we previously
+        marked that we needed to do so, and flush the context if our layer's bounds have changed.
+        (WebCore::WKCACFViewLayerTreeHost::contextDidChangeCallback): Call through to
+        contextDidChange.
+        (WebCore::WKCACFViewLayerTreeHost::contextDidChange): Tell the WKCACFView to start rendering
+        (if we didn't already), then call up to the base class.
+        (WebCore::WKCACFViewLayerTreeHost::initializeContext): Set the context's user data, the
+        view's layer, and hook up our "context did change" callback.
+        (WebCore::WKCACFViewLayerTreeHost::resize): Mark that the view needs to be updated the next
+        time we paint.
+        (WebCore::WKCACFViewLayerTreeHost::createRenderer): Update our view and return whether it is
+        able to render or not.
+        (WebCore::WKCACFViewLayerTreeHost::destroyRenderer): Clear out all the info we passed down
+        to the view.
+        (WebCore::WKCACFViewLayerTreeHost::lastCommitTime): Call through to the view.
+        (WebCore::WKCACFViewLayerTreeHost::flushContext): Ditto.
+        (WebCore::WKCACFViewLayerTreeHost::paint): Update the view so it will draw at the right
+        size, then call up to the base class.
+        (WebCore::WKCACFViewLayerTreeHost::render): Invalidate the view using the passed-in dirty
+        rects, then ask it to draw.
+
+        * platform/graphics/ca/win/WKCACFViewLayerTreeHost.h: Copied from Source/WebCore/platform/graphics/ca/win/LegacyCACFLayerTreeHost.h.
+
+2011-01-27  Adam Roben  <aroben@apple.com>
+
+        Move LegacyCACFLayerTreeHost into its own files
+
+        More preparation for <http://webkit.org/b/53251> <rdar://problem/8925496> CACFLayerTreeHost
+        should use WKCACFView for rendering
+
+        Reviewed by Simon Fraser.
+
+        * WebCore.vcproj/WebCore.vcproj: Added LegacyCACFLayerTreeHost.{cpp,h}.
+
+        * platform/graphics/ca/win/CACFLayerTreeHost.cpp: Moved code from here to new files.
+
+        * platform/graphics/ca/win/LegacyCACFLayerTreeHost.cpp: Added.
+        * platform/graphics/ca/win/LegacyCACFLayerTreeHost.h: Added.
+
+2011-01-27  Patrick Gansterer  <paroga@webkit.org>
+
+        Unreviewed WinCE build fix for r76824.
+
+        * platform/wince/DragDataWinCE.cpp:
+        (WebCore::DragData::dragDataMap):
+
+2011-01-27  Adam Roben  <aroben@apple.com>
+
+        Split CACFLayerTreeHost into base and derived classes
+
+        The derived class, LegacyCACFLayerTreeHost, contains all the D3D-related code. A later patch
+        will add a new derived class that replaces the D3D code with a different rendering API.
+
+        For now, LegacyCACFLayerTreeHost lives in CACFLayerTreeHost.cpp. This keeps the diff a
+        little smaller. A later patch will move it to its own source files.
+
+        Preparation for <http://webkit.org/b/53251> <rdar://problem/8925496> CACFLayerTreeHost
+        should use WKCACFView for rendering
+
+        Reviewed by Simon Fraser.
+
+        * platform/graphics/ca/win/CACFLayerTreeHost.cpp:
+        (WebCore::CACFLayerTreeHost::acceleratedCompositingAvailable): Clear the window before
+        destroying the host, as that is now the API contract that clients must fulfill.
+        (WebCore::LegacyCACFLayerTreeHost::create): Added. Simple creator.
+        (WebCore::CACFLayerTreeHost::create): Now instantiates a LegacyCACFLayerTreeHost. Calls the
+        new initialize function to perform initialization that has to happen after the vtable has
+        been set up.
+
+        (WebCore::LegacyCACFLayerTreeHost::LegacyCACFLayerTreeHost):
+        (WebCore::CACFLayerTreeHost::CACFLayerTreeHost):
+        (WebCore::LegacyCACFLayerTreeHost::initializeContext):
+        (WebCore::CACFLayerTreeHost::initialize):
+        Moved some initialization code from the CACFLayerTreeHost constructor into these new
+        functions.
+
+        (WebCore::LegacyCACFLayerTreeHost::~LegacyCACFLayerTreeHost): Added. Moved code here from
+        ~CACFLayerTreeHost.
+        (WebCore::CACFLayerTreeHost::~CACFLayerTreeHost): Rather than clearing the window at this
+        point (which would be too late, since we won't be able to call into the derived class's
+        virtual functions), just assert that it has already been cleared (or was never set in the
+        first place).
+        (WebCore::LegacyCACFLayerTreeHost::createRenderer): Renamed from
+        CACFLayerTreeHost::createRenderer, and changed to use getters instead of accessing
+        CACFLayerTreeHost's data members directly.
+
+        (WebCore::LegacyCACFLayerTreeHost::destroyRenderer):
+        (WebCore::CACFLayerTreeHost::destroyRenderer):
+        Moved some code to the new LegacyCACFLayerTreeHost function.
+
+        (WebCore::LegacyCACFLayerTreeHost::resize):
+        (WebCore::LegacyCACFLayerTreeHost::renderTimerFired):
+        Moved these functions to LegacyCACFLayerTreeHost.
+
+        (WebCore::LegacyCACFLayerTreeHost::paint):
+        (WebCore::CACFLayerTreeHost::paint):
+        Moved some code to the new LegacyCACFLayerTreeHost function.
+
+        (WebCore::LegacyCACFLayerTreeHost::render):
+        (WebCore::LegacyCACFLayerTreeHost::renderSoon):
+        Moved these functions to LegacyCACFLayerTreeHost.
+
+        (WebCore::CACFLayerTreeHost::flushPendingLayerChangesNow): Moved code to flush the context
+        from here...
+        (WebCore::LegacyCACFLayerTreeHost::flushContext): ...to this new function.
+
+        (WebCore::LegacyCACFLayerTreeHost::lastCommitTime): Moved code to get the last commit time
+        to this new function...
+        (WebCore::CACFLayerTreeHost::notifyAnimationsStarted): ...from here.
+
+        (WebCore::LegacyCACFLayerTreeHost::initD3DGeometry):
+        (WebCore::LegacyCACFLayerTreeHost::resetDevice):
+        Moved these functions to LegacyCACFLayerTreeHost.
+
+        * platform/graphics/ca/win/CACFLayerTreeHost.h: Made some functions virtual, removed some
+        members that have moved to LegacyCACFLayerTreeHost, grouped remaining members more
+        logically, and added some getters used by LegacyCACFLayerTreeHost.
+
+2011-01-27  Adam Roben  <aroben@apple.com>
+
+        Move CACFLayerTreeHostClient to its own header file
+
+        Rubber-stamped by Steve Falkenburg.
+
+        * WebCore.vcproj/WebCore.vcproj: Added CACFLayerTreeHostClient.h. Also let VS have its way
+        with the file.
+
+        * platform/graphics/ca/win/CACFLayerTreeHost.cpp: Added new #include.
+
+        * platform/graphics/ca/win/CACFLayerTreeHost.h: Removed CACFLayerTreeHostClient.
+
+        * platform/graphics/ca/win/CACFLayerTreeHostClient.h: Added.
+
+        * platform/graphics/win/MediaPlayerPrivateFullscreenWindow.cpp: Moved some #includes here
+        from the header file.
+
+        * platform/graphics/win/MediaPlayerPrivateFullscreenWindow.h: Replaced broader #includes
+        with more specific ones, plus a forward-declaration.
+
+2011-01-27  James Simonsen  <simonjam@chromium.org>
+
+        Reviewed by Tony Chang.
+
+        [Chromium] Simplify small caps logic in complex text on linux
+        https://bugs.webkit.org/show_bug.cgi?id=53207
+
+        Test: fast/text/atsui-multiple-renderers.html
+              fast/text/atsui-small-caps-punctuation-size.html
+
+        * platform/graphics/chromium/ComplexTextControllerLinux.cpp:
+        (WebCore::ComplexTextController::nextScriptRun): Remove redundant logic. Case changes in a text run imply FontData changes.
+        (WebCore::ComplexTextController::setupFontForScriptRun): Update comment to reflect above.
+
+2011-01-27  Adam Barth  <abarth@webkit.org>
+
+        In which I attempt to fix the EFL build.
+
+        * CMakeLists.txt:
+
+2011-01-25  Levi Weintraub  <leviw@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Adding border and padding to the calculation of the local caret rect for RenderBoxes.
+        Corrected for mistake in r76625
+
+        Undo moves caret to invalid position
+        https://bugs.webkit.org/show_bug.cgi?id=49744
+
+        Tests: editing/selection/caret-painting-after-paste-undo-rtl.html
+               editing/selection/caret-painting-after-paste-undo.html
+
+        * rendering/RenderBox.cpp:
+        (WebCore::RenderBox::localCaretRect):
+
+2011-01-27  Sheriff Bot  <webkit.review.bot@gmail.com>
+
+        Unreviewed, rolling out r76825.
+        http://trac.webkit.org/changeset/76825
+        https://bugs.webkit.org/show_bug.cgi?id=53256
+
+        "caused crashes on GTK and chromium" (Requested by rniwa on
+        #webkit).
+
+        * rendering/RenderBoxModelObject.cpp:
+        (WebCore::ImageQualityController::keyDestroyed):
+        (WebCore::ImageQualityController::objectDestroyed):
+        (WebCore::ImageQualityController::highQualityRepaintTimerFired):
+        (WebCore::ImageQualityController::shouldPaintAtLowQuality):
+        (WebCore::imageQualityController):
+        (WebCore::RenderBoxModelObject::~RenderBoxModelObject):
+
+2011-01-27  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Generalize the mechanism view-source uses to remember the source for an HTMLToken
+        https://bugs.webkit.org/show_bug.cgi?id=53200
+
+        Currently view-source tracks the source associated with each HTMLToken.
+        We want to re-use this mechanism for the new XSS auditor.  This patch
+        moves this code into its own class so it can be shared between the
+        view-source parser and the general HTML parser.  This patch also add
+        support for tracking the source of tokens that span document.write
+        boundaries.
+
+        No functional change.  This code change is somewhat tested by our
+        view-source layout tests.
+
+        * Android.mk:
+        * GNUmakefile.am:
+        * WebCore.gypi:
+        * WebCore.pro:
+        * WebCore.vcproj/WebCore.vcproj:
+        * WebCore.xcodeproj/project.pbxproj:
+            - Fun with updating build files.
+        * html/parser/HTMLDocumentParser.cpp:
+        (WebCore::HTMLDocumentParser::pumpTokenizer):
+            - Teach HTMLDocumentParser to track the source for HTMLTokens.
+              Currently, this information isn't used, but it will be shortly.
+              I ran the HTML parser benchmark and this change didn't have a
+              measurable effect.
+        * html/parser/HTMLDocumentParser.h:
+            - Composite in the HTMLSourceTracker.
+        * html/parser/HTMLSourceTracker.cpp: Added.
+        (WebCore::HTMLSourceTracker::HTMLSourceTracker):
+        (WebCore::HTMLSourceTracker::start):
+        (WebCore::HTMLSourceTracker::end):
+            - This function should eventualy be folded into HTMLTokenizer.
+        (WebCore::HTMLSourceTracker::sourceForToken):
+        * html/parser/HTMLSourceTracker.h: Added.
+        * html/parser/HTMLToken.h:
+            - Now HTMLTokens always have a start index of zero.  To do the job
+              of the old start index, this patch introduces the notion of a
+              baseOffset.  Unlike the start index (which was used as the base
+              offset for all the other indicies), the baseOffset can change
+              over the lifetime of the token.  We need the flexibility to
+              change the offset for tokens that span document.write boundaries.
+              Values are now normalized to zero-offset when stored.
+        (WebCore::HTMLToken::clear):
+        (WebCore::HTMLToken::setBaseOffset):
+        (WebCore::HTMLToken::end):
+        (WebCore::HTMLToken::beginAttributeName):
+        (WebCore::HTMLToken::endAttributeName):
+        (WebCore::HTMLToken::beginAttributeValue):
+        (WebCore::HTMLToken::endAttributeValue):
+        * html/parser/HTMLViewSourceParser.cpp:
+            - Updates the HTMLViewSourceParser to use the new
+              HTMLSourceTracker.
+        (WebCore::HTMLViewSourceParser::pumpTokenizer):
+        (WebCore::HTMLViewSourceParser::append):
+        (WebCore::HTMLViewSourceParser::sourceForToken):
+            - This function now just calls through to HTMLSourceTracker.
+        * html/parser/HTMLViewSourceParser.h:
+        * platform/text/SegmentedString.cpp:
+        (WebCore::SegmentedString::currentColumn):
+        (WebCore::SegmentedString::setCurrentPosition):
+        * platform/text/SegmentedString.h:
+        (WebCore::SegmentedString::numberOfCharactersConsumed):
+            - We need to handle the general case now.  The "slow" version
+              doesn't turn out to be any slower in practice anyway.
+
+2011-01-27  Sam Weinig  <sam@webkit.org>
+
+        Fix all the builds.
+
+        * platform/ScrollView.cpp:
+        (WebCore::ScrollView::paintOverhangAreas): Add parameters.
+
+2011-01-27  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Dave Hyatt.
+
+        Add ability to do an unconstrained scroll on a ScrollView
+        https://bugs.webkit.org/show_bug.cgi?id=53249
+
+        * platform/ScrollView.cpp:
+        (WebCore::ScrollView::ScrollView):
+        Initialize m_constrainsScrollingToContentEdge to true.
+
+        (WebCore::ScrollView::setScrollOffset):
+        Only constrain the offset if the m_constrainsScrollingToContentEdge is set.
+
+        (WebCore::ScrollView::updateScrollbars):
+        Simplify expression converting an IntSize to an IntPoint.
+        
+        (WebCore::ScrollView::paint):
+        Paint the overhang if there is any.
+        
+        (WebCore::ScrollView::calculateOverhangAreasForPainting):
+        Calculate the overhang in viewport coordinates for painting.
+
+        * platform/ScrollView.h:
+        (WebCore::ScrollView::constrainsScrollingToContentEdge):
+        (WebCore::ScrollView::setConstrainsScrollingToContentEdge):
+        Add bit to control whether the scroll position should be constrained
+        to the content edge when set.
+
+        * platform/ScrollbarThemeComposite.cpp:
+        (WebCore::usedTotalSize):
+        (WebCore::ScrollbarThemeComposite::thumbPosition):
+        (WebCore::ScrollbarThemeComposite::thumbLength):
+        * platform/mac/ScrollbarThemeMac.mm:
+        (WebCore::ScrollbarThemeMac::paint):
+        Improve calculations of thumb size and position to take overhang into account.
+
 2011-01-27  Dirk Schulze  <krit@webkit.org>
 
         Reviewed by Nikolas Zimmermann.