Add navigator.registerProtocolHandler behind a flag.
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2011-02-03  James Kozianski  <koz@chromium.org>
2
3         Reviewed by Dimitri Glazkov.
4
5         Add navigator.registerProtocolHandler behind a flag.
6         https://bugs.webkit.org/show_bug.cgi?id=52609
7
8         This method is described in the HTML5 specification here,
9         http://dev.w3.org/html5/spec/Overview.html#dom-navigator-registerprotocolhandler
10
11         This change is largely cribbed from B. Green's 29651 patches. It is
12         behind a flag so as not to break JS feature detection.
13
14         New layout test fast/dom/registerProtocolHandler.html.
15
16         * Configurations/FeatureDefines.xcconfig:
17         * loader/EmptyClients.h:
18         (WebCore::EmptyChromeClient::registerProtocolHandler):
19         * page/Chrome.cpp:
20         (WebCore::Chrome::registerProtocolHandler):
21         * page/Chrome.h:
22         * page/ChromeClient.h:
23         * page/Navigator.cpp:
24         (WebCore::verifyCustomHandlerURL):
25         (WebCore::verifyProtocolHandlerScheme):
26         (WebCore::Navigator::registerProtocolHandler):
27         * page/Navigator.h:
28         * page/Navigator.idl:
29
30 2011-02-03  Brian Ryner  <bryner@chromium.org>
31
32         Reviewed by Darin Fisher.
33
34         Add a field to the ResourceResponse for tracking the socket address
35         of the host that the resource was fetched from.  Patch was originally
36         by Paul Marks.
37         https://bugs.webkit.org/show_bug.cgi?id=53699
38
39         * platform/network/chromium/ResourceResponse.cpp:
40         (WebCore::ResourceResponse::doPlatformCopyData):
41         (WebCore::ResourceResponse::doPlatformAdopt):
42         * platform/network/chromium/ResourceResponse.h:
43         (WebCore::ResourceResponse::socketAddress):
44         (WebCore::ResourceResponse::setSocketAddress):
45
46 2011-02-03  Adam Langley  <agl@chromium.org>
47
48         Reviewed by Adam Barth.
49
50         Plumb mixed script URL to FrameLoaderClient
51         https://bugs.webkit.org/show_bug.cgi?id=52384
52
53         Regressions covered by http/tests/security/mixedContent/*
54
55         * loader/EmptyClients.h:
56         (WebCore::EmptyFrameLoaderClient::didRunInsecureContent):
57         * loader/FrameLoader.cpp:
58         (WebCore::FrameLoader::checkIfRunInsecureContent):
59         * loader/FrameLoaderClient.h:
60
61 2011-02-03  Simon Fraser  <simon.fraser@apple.com>
62
63         Reviewed by Dan Bernstein.
64
65         REGRESSION: Artifacts on box-shadow corners in some cases
66         https://bugs.webkit.org/show_bug.cgi?id=53731
67
68         Fix overdrawing artifacts in ShadowBlur's tiling code path,
69         which show up in shadows using a color with alpha.
70         
71         Test: fast/box-shadow/shadow-tiling-artifact.html
72
73         * platform/graphics/ShadowBlur.cpp:
74         (WebCore::ShadowBlur::drawRectShadowWithTiling): Ensure
75         that the inner rect that gets filled does not overlap with any
76         of the eight tiled areas by having the corner and side dimensions
77         be the same for contiguous areas.
78
79 2011-02-03  Adam Barth  <abarth@webkit.org>
80
81         Reviewed by Alexey Proskuryakov.
82
83         XSS Auditor is spinning inside decodeURLEscapeSequences() if there are
84         percent signs in large posted data
85         https://bugs.webkit.org/show_bug.cgi?id=53405
86
87         If the input string contains many non-% characters followed by a %
88         character that is not a valid URL escape sequence, then the old
89         algorithm would only advance the initial search by one character
90         (instead of jumping to just after the % character).  That would cause
91         the algorithm to take N^2 time (in the number of characters before the
92         first % character).  This patch just advances the search past the first
93         % character so we can start looking for next % character sooner.
94
95         * platform/KURL.cpp:
96         (WebCore::decodeURLEscapeSequences):
97
98 2011-02-03  Pavel Podivilov  <podivilov@chromium.org>
99
100         Reviewed by Pavel Feldman.
101
102         Web Inspector: click on a breakpoint highlights wrong line in source frame.
103         https://bugs.webkit.org/show_bug.cgi?id=53692
104
105         * inspector/front-end/BreakpointsSidebarPane.js:
106         (WebInspector.JavaScriptBreakpointsSidebarPane.prototype._setupBreakpointElement):
107
108 2011-02-03  Anton Muhin  <antonm@chromium.org>
109
110         Reviewed by Adam Barth.
111
112         [v8] Bail out if to string conversion returned empty handle
113         https://bugs.webkit.org/show_bug.cgi?id=53687
114
115         This a temporary measure: actually one probably should never get empty handle
116         if there was no exception.  The root cause is under investigation.
117         The bailout though allows Chromium not to crash---attempt to convert an empty
118         v8 hande into WebCore string crashes with invalid memory access.
119
120         See http://code.google.com/p/chromium/issues/detail?id=71544
121
122         There is no known reduction expressible as a layout test so far.  The crash found with automated testing tools.
123
124         * bindings/v8/V8Binding.cpp:
125         (WebCore::v8NonStringValueToWebCoreString): Bail out on empty handle
126         * bindings/v8/V8Binding.h:
127         (WebCore::V8ParameterBase::prepareBase): Ditto
128
129 2011-02-03  Adam Barth  <abarth@webkit.org>
130
131         Attempt to fix Chromium build.
132
133         * html/parser/XSSFilter.cpp:
134
135 2011-02-03  Dirk Pranke  <dpranke@chromium.org>
136
137         Unreviewed, rolling out r77562.
138         http://trac.webkit.org/changeset/77562
139         https://bugs.webkit.org/show_bug.cgi?id=53630
140
141         broke chromium mac build
142
143         * WebCore.gyp/WebCore.gyp:
144         * WebCore.gyp/mac/check_objc_rename.sh: Removed.
145
146 2011-02-03  Adam Barth  <abarth@webkit.org>
147
148         Reviewed by Daniel Bates.
149
150         XSS Auditor severely affects loading performance after submitting a large form
151         https://bugs.webkit.org/show_bug.cgi?id=49845
152
153         Switch over from the XSSAuditor to the XSSFilter, improving performance
154         on this example.
155
156         * html/parser/XSSFilter.cpp:
157         (WebCore::XSSFilter::filterToken):
158         * page/XSSAuditor.cpp:
159         (WebCore::XSSAuditor::isEnabled):
160
161 2011-02-03  Dirk Pranke  <dpranke@chromium.org>
162
163         Unreviewed, rolling out r77567.
164         http://trac.webkit.org/changeset/77567
165         https://bugs.webkit.org/show_bug.cgi?id=53468
166
167         broke chromium linux svg, canvas tests, possibly win also?
168
169         * platform/graphics/skia/ImageBufferSkia.cpp:
170         (WebCore::getImageData):
171         (WebCore::ImageBuffer::getUnmultipliedImageData):
172         (WebCore::ImageBuffer::getPremultipliedImageData):
173         (WebCore::putImageData):
174         (WebCore::ImageBuffer::putUnmultipliedImageData):
175         (WebCore::ImageBuffer::putPremultipliedImageData):
176
177 2011-02-02  MORITA Hajime  <morrita@google.com>
178
179         Reviewed by Dimitri Glazkov.
180
181         Refactoring: <progress> should not use ShadowElement
182         https://bugs.webkit.org/show_bug.cgi?id=53583
183
184         - Introduced RenderIndicatorPart and RenderProgressBarValuePart
185           to be responsible for bar-part layout,
186           which adopted layout logic from ShadowBlockElement.
187         - ProgressBarValueElement is no longer a subclass of ShadowBlockElement.
188         - Remove dependency from RenderProgress to HTMLProgressElement and
189           ShadowBlockElement.
190         - The shadow tree is no longer removed on detach(). It becomes persistent.
191           This is now possible because the ShadowBlockElement dependency is gone.
192         - ::-webkit-appearance for -webkit-progress-bar-value is no longer referred.
193           That didn't make sense.
194
195         * html/HTMLProgressElement.cpp:
196         (WebCore::HTMLProgressElement::createShadowSubtreeIfNeeded):
197         * html/HTMLProgressElement.h:
198         * html/shadow/ProgressBarValueElement.h: Added.
199         (WebCore::ProgressBarValueElement::ProgressBarValueElement):
200         (WebCore::ProgressBarValueElement::shadowPseudoId):
201         (WebCore::ProgressBarValueElement::createRenderer):
202         (WebCore::ProgressBarValueElement::create):
203         * rendering/RenderIndicator.cpp:
204         (WebCore::RenderIndicatorPart::RenderIndicatorPart):
205         (WebCore::RenderIndicatorPart::~RenderIndicatorPart):
206         (WebCore::RenderIndicatorPart::layout):
207         (WebCore::RenderIndicatorPart::styleDidChange):
208         * rendering/RenderIndicator.h: Added RenderIndicatorPart class
209         (WebCore::RenderIndicatorPart::originalVisibility):
210         (WebCore::RenderIndicatorPart::requiresForcedStyleRecalcPropagation):
211         (WebCore::RenderIndicatorPart::canHaveChildren):
212         * rendering/RenderProgress.cpp:
213         (WebCore::RenderProgressBarValuePart::preferredFrameRect):
214         (WebCore::RenderProgressBarValuePart::shouldBeHidden):
215         (WebCore::RenderProgress::updateFromElement):
216         (WebCore::RenderProgress::layoutParts):
217         (WebCore::RenderProgress::shouldHaveParts):
218         * rendering/RenderProgress.h:
219         (WebCore::RenderProgressBarValuePart::RenderProgressBarValuePart):
220
221 2011-02-03  Jia Pu  <jpu@apple.com>
222
223         Reversion should not be marked as misspelled.
224         https://bugs.webkit.org/show_bug.cgi?id=53255
225
226         This patch includes fix for reported bug, and also some housekeeping changes.
227
228         To implement desired behavior, we need:
229         1. Add a new marker type, SpellCheckingExemption, since now we distingusish between text
230            that shouldn't be spellchecked and text shouldn't be autocorrected.
231         2. Make sure that there is no pending correction panel when we enter markAllMisspellingsAndBadGrammarInRanges().
232            Otherwise the spell checking code in that function may interfere with autocorrection. This
233            is achieved by explicitly applying pending correction when user types space, line break or
234            paragraph break.
235
236         Housekeeping code changes include:
237         1. Change manual-tests that were broken by relocated WebCore directory.
238         2. Use TextIterator in various DocumentMarkerController functions instead of using
239            Node::traverseNextNode() directly.
240         3. Allow passing multiple marker types into DocumentMarkerController::removeMarkers() and
241            DocumentMarkerController::hasMarkers() to improve clarity and efficiency.
242         4. Fixes of minor bugs that were exposed previously.
243
244         * WebCore.exp.in: Change signature of DocumentMarkerController::removeMarkers().
245
246         * dom/DocumentMarker.h: Added new marker type SpellCheckingExemption.
247
248         * dom/DocumentMarkerController.cpp:
249         (WebCore::DocumentMarkerController::removeMarkers): Use TextIterator to scan the range to be
250            consistent with addMarker() function. Allow passing in multiple marker types in one call.
251            Added a boolean argument to specify the behavior when removing markers that partially
252            overlap the specified range.
253         (WebCore::DocumentMarkerController::removeMarkersFromMarkerMapVectorPair): Allow passing in
254            multiple marker types in one call.
255         (WebCore::DocumentMarkerController::hasMarkers): Use TextIterator to scan the range to be
256            consistent with addMarker() function. Allow passing in multiple marker types in one call.
257
258         * dom/DocumentMarkerController.h: Allow passing in multiple marker types to removeMarkers()
259            and hasMarkers(). Added a boolean argument to removeMarkers() to specify the behavior when
260            removing markers that partially overlap the specified range.
261
262         * editing/Editor.cpp:
263         (WebCore::markerTypesForAutocorrection): Add SpellCheckingExemption marker when apply correction.
264         (WebCore::markerTypesForReplacement): Ditto.
265         (WebCore::Editor::respondToChangedSelection): Reordered call to dismissCorrectionPanel() and
266            setSelection() to make sure there is no pending correction when entering
267            markAllMisspellingsAndBadGrammarInRanges().
268         (WebCore::Editor::appliedEditing): Only remove CorrectionIndicator markers when the command
269            is a top level command to improve efficiency.
270         (WebCore::Editor::insertTextWithoutSendingTextEvent): Added code to applying pending correction.
271         (WebCore::Editor::insertLineBreak): Ditto.
272         (WebCore::Editor::insertParagraphSeparator): Ditto.
273         (WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges): Don't mark mispelling if the
274            text carries SpellCheckingExemption marker.
275         (WebCore::Editor::correctionPanelTimerFired): Reset correction panel if the returned suggestion
276            from spellchecker is an empty string.
277         (WebCore::Editor::removeSpellAndCorrectionMarkersFromWordsToBeEdited):
278            Use new DocumentMarkerController::removeMarkers() to replace custom implemenation to improve
279            efficiency and readability.
280         (WebCore::Editor::applyCorrectionPanelInfo): Remove the code that set caret position after
281            applying correction, since it's unnecessary. Also, store pre-correction string together with
282            the marker for reversion panel to use.
283         (WebCore::Editor::applyAutocorrectionBeforeTypingIfAppropriate): Apply pending correction.
284         (WebCore::Editor::changeSelectionAfterCommand): Moved marker removal code to Editor::appliedEditing()
285            where we have access to EditCommand object.
286
287         * editing/Editor.h: Added new function applyAutocorrectionAfterTypingIfAppropriate().
288
289         * manual-tests/autocorrection/autocorrection-cancelled-by-ESC.html: Change manual-tests that
290            were broken by relocated WebCore directory.
291
292         * manual-tests/autocorrection/autocorrection-cancelled-by-typing-1.html: Ditto.
293
294         * manual-tests/autocorrection/autocorrection-contraction.html: Ditto.
295
296         * manual-tests/autocorrection/continue-typing-to-dismiss-reversion.html: Ditto.
297
298         * manual-tests/autocorrection/delete-to-dismiss-reversion.html: Ditto.
299
300         * manual-tests/autocorrection/delete-to-end-of-word-to-show-reversion.html: Ditto.
301
302         * manual-tests/autocorrection/dismiss-multiple-guesses.html: Ditto.
303
304         * manual-tests/autocorrection/move-to-end-of-word-to-show-reversion.html: Ditto.
305
306         * manual-tests/autocorrection/select-from-multiple-guesses.html: Ditto.
307
308         * manual-tests/autocorrection/spell-checking-after-reversion.html: Added.
309
310         * manual-tests/autocorrection/type-whitespace-to-dismiss-reversion.html: Change manual-tests that
311            were broken by relocated WebCore directory.
312
313         * rendering/InlineTextBox.cpp:
314         (WebCore::InlineTextBox::paintDocumentMarkers): Code clean-up to be more concise.
315
316 2011-02-03  Abhishek Arya  <inferno@chromium.org>
317
318         Unreviewed, qt build fix.
319
320         * rendering/RenderBlock.cpp:
321         (WebCore::RenderBlock::removeFloatingObject):
322
323 2011-02-03  Brian Salomon  <bsalomon@google.com>
324
325         Reviewed by James Robinson.
326
327         Handle non-raster backed images in getUnmultipliedImageData()
328         https://bugs.webkit.org/show_bug.cgi?id=53468
329
330         No new tests. Existing canvas tests sufficient
331         LayoutTests/canvas/philip/...
332
333         * platform/graphics/skia/ImageBufferSkia.cpp:
334         (WebCore::getImageData):
335         (WebCore::ImageBuffer::getUnmultipliedImageData):
336         (WebCore::ImageBuffer::getPremultipliedImageData):
337         (WebCore::putImageData):
338         (WebCore::ImageBuffer::putUnmultipliedImageData):
339         (WebCore::ImageBuffer::putPremultipliedImageData):
340
341 2011-02-03  Abhishek Arya  <inferno@chromium.org>
342
343         Reviewed by James Robinson.
344
345         Enforce more limits on root inline boxes height calculations.
346         https://bugs.webkit.org/show_bug.cgi?id=53729
347
348         Test: fast/overflow/overflow-height-float-not-removed-crash.html
349
350         * rendering/RenderBlock.cpp:
351         (WebCore::RenderBlock::removeFloatingObject): prevent logicalBottom to
352         become negative when logicalTop is INT_MAX.
353         (WebCore::RenderBlock::markLinesDirtyInBlockRange): when logicalBottom
354         is INT_MAX, we should dirty everything. So, we bail out to make
355         afterLowest equal to the lastRootBox() or lowestDirstLine.
356
357 2011-02-03  David Levin  <levin@chromium.org>
358
359         Reviewed by Adam Barth and Oliver Hunt.
360
361         Worker.importScript() should clean errors for cross origin imports.
362         https://bugs.webkit.org/show_bug.cgi?id=52871
363
364         Test: http/tests/workers/worker-importScriptsOnError.html
365
366         * bindings/js/WorkerScriptController.cpp:
367         (WebCore::WorkerScriptController::evaluate): Use sanitizeScriptError
368         to determine when to create a clean exception.
369         * bindings/v8/WorkerContextExecutionProxy.cpp:
370         (WebCore::WorkerContextExecutionProxy::evaluate): Ditto.
371         * dom/ScriptExecutionContext.cpp:
372         (WebCore::ScriptExecutionContext::sanitizeScriptError): Figure out
373         if the error needs to be cleaned up.
374         (WebCore::ScriptExecutionContext::dispatchErrorEvent): Extracted
375         sanitizeScriptError for use by other places.
376         * dom/ScriptExecutionContext.h:
377         * workers/WorkerContext.cpp:
378         (WebCore::WorkerContext::importScripts): Use the reponse url when
379         telling the evaluate where the script came fro.
380         * workers/WorkerScriptLoader.cpp:
381         (WebCore::WorkerScriptLoader::responseURL): Expose the url that
382         the script was loaded from (which may be different from url() due
383         to redirects).
384         (WebCore::WorkerScriptLoader::didReceiveResponse): Capture the reponse url.
385         * workers/WorkerScriptLoader.h:
386
387 2011-02-03  Mark Mentovai  <mark@chromium.org>
388
389         Reviewed by Dimitri Glazkov.
390
391         Chromium GYP build fix.
392
393         When various settings were moved to webcore_prerequisites in r66364,
394         things that should have been direct_dependent_settings were not marked
395         as such. GYP 'defines', for example, make no sense on a 'none'-type
396         target such as webcore_prerequisites. It appears that it was intended
397         for these settings to be pushed to direct dependents, which would make
398         direct_dependent_settings correct.
399
400         Losing the ChromiumWebCoreObjC defines on the Mac, for example, caused
401         http://crbug.com/71537, which at best causes Mac console log spew, and
402         at worst may result in Chromium's copy of WebCore using system
403         definitions of certain Objective-C classes at runtime, or vice-versa.
404
405         The build now includes a postbuild step to prevent
406         http://crbug.com/71537 from regressing again. The build will fail upon
407         regression.
408
409         https://bugs.webkit.org/show_bug.cgi?id=53630
410
411         * WebCore.gyp/WebCore.gyp: Move things in webcore_prerequisites into
412           direct_dependent_settings as needed, add the check_objc_rename
413           postbuild step.
414         * WebCore.gyp/mac/check_objc_rename.sh: Added.
415
416 2011-02-03  Adam Barth  <abarth@webkit.org>
417
418         Reviewed by Eric Seidel.
419
420         Make XSSFilter go fast by adding a SuffixTree
421         https://bugs.webkit.org/show_bug.cgi?id=53665
422
423         The SuffixTree lets us quickly reject snippets if the POST data is
424         large (because we can avoid a linear scan over the POST data).
425
426         * html/parser/XSSFilter.cpp:
427         (WebCore::XSSFilter::init):
428         (WebCore::XSSFilter::isContainedInRequest):
429         * html/parser/XSSFilter.h:
430
431 2011-02-03  Mihai Parparita  <mihaip@chromium.org>
432
433         Reviewed by Alexey Proskuryakov.
434
435         REGRESSION (r77355): Page cache layout tests crash
436         https://bugs.webkit.org/show_bug.cgi?id=53648
437
438         Test: fast/events/pagehide-timeout.html
439         
440         Suspend active DOM objects after all pagehide event handlers have run,
441         otherwise it's possible for them to create more objects that weren't
442         getting suspended.
443
444         * history/CachedFrame.cpp:
445         (WebCore::CachedFrame::CachedFrame):
446
447 2011-02-03  Jeremy Orlow  <jorlow@chromium.org>
448
449         Reviewed by Nate Chapin.
450
451         SerializedScriptValue should not require v8 to create undefined and null values
452         https://bugs.webkit.org/show_bug.cgi?id=53730
453
454         Instead of creating a v8 type and passing that into the constructor, just use
455         the writer class directly. While I was at it, I cleaned up the code a bit too
456         by getting rid of the WireData/StringValue enum as I found that personally
457         confusing.
458
459         This is necessary because these methods are called by IndexedDB in the browser
460         process where v8 is not spun up.
461
462         No functionality changed and not possible to test.
463
464         * bindings/v8/SerializedScriptValue.cpp:
465         (WebCore::SerializedScriptValue::createFromWire):
466         (WebCore::SerializedScriptValue::create):
467         (WebCore::SerializedScriptValue::nullValue):
468         (WebCore::SerializedScriptValue::undefinedValue):
469         (WebCore::SerializedScriptValue::release):
470         (WebCore::SerializedScriptValue::SerializedScriptValue):
471         * bindings/v8/SerializedScriptValue.h:
472
473 2011-02-03  Beth Dakin  <bdakin@apple.com>
474
475         Reviewed by Sam Weinig.
476
477         Fix for <rdar://problem/8944544> Ability to animate track
478         for WKPainter scrollers
479
480         Two new WebKitSystemInterface functions.
481         * WebCore.exp.in:
482         * platform/mac/WebCoreSystemInterface.h:
483         * platform/mac/WebCoreSystemInterface.mm:
484
485         Use Scrollbar::convertFromContainingView() to return the right point.
486         * platform/mac/ScrollAnimatorMac.mm:
487         (-[ScrollbarPainterControllerDelegate scrollerImpPair:convertContentPoint:toScrollerImp:]):
488         
489         ScrollKnobAnimation is now ScrollbarPartAnimation. It can
490         now be used to animate the knob or the track.
491         (-[ScrollbarPartAnimation initWithScrollbarPainter:part:WebCore::scrollAnimator:WebCore::animateAlphaTo:duration:]):
492         (-[ScrollbarPartAnimation setCurrentProgress:]):
493         (-[ScrollbarPainterDelegate setUpAnimation:scrollerPainter:part:WebCore::animateAlphaTo:duration:]):
494         (-[ScrollbarPainterDelegate scrollerImp:animateKnobAlphaTo:duration:]):
495         (-[ScrollbarPainterDelegate scrollerImp:animateTrackAlphaTo:duration:]):
496
497         Scrollbars need invalodating after the overlay state changes. 
498         (-[ScrollbarPainterDelegate scrollerImp:overlayScrollerStateChangedTo:]):
499
500 2011-02-03  Sam Weinig  <sam@webkit.org>
501
502         Reviewed by Beth Dakin.
503
504         Scroll thumb jumps to top when resizing horizontally.
505
506         * platform/ScrollView.cpp:
507         (WebCore::ScrollView::updateScrollbars): Add call to update
508         the scrollbar's offset in the case where we may have created
509         a new scrollbar but have not changed the current position.
510
511 2011-02-03  Justin Schuh  <jschuh@chromium.org>
512
513         Reviewed by Dirk Schulze.
514
515         startAnimations should use a local, RefCounted Vector.
516         https://bugs.webkit.org/show_bug.cgi?id=53458
517
518         Test: svg/custom/use-animation-in-fill.html
519
520         * svg/SVGDocumentExtensions.cpp:
521         (WebCore::SVGDocumentExtensions::startAnimations):
522
523 2011-02-03  Adam Barth  <abarth@webkit.org>
524
525         Reviewed by Daniel Bates.
526
527         XSSFilter shouldn't bother to analyze pages without "injection"
528         characters in the request
529         https://bugs.webkit.org/show_bug.cgi?id=53664
530
531         If the request lacks these "injection" characters, then it's unlikely
532         that there's a reflective XSS attack happening.  This hueristic lets us
533         avoid analyzing the vast majority of responses for XSS.  Of course, the
534         hueristic isn't perfect.  Because of this huerstic, we miss out on
535         injections into unquoted attributes.  However, it's a trade-off that's
536         worked well in the XSSAuditor.
537
538         * html/parser/XSSFilter.cpp:
539         (WebCore::HTMLNames::isRequiredForInjection):
540         (WebCore::XSSFilter::XSSFilter):
541         (WebCore::XSSFilter::init):
542         (WebCore::XSSFilter::filterToken):
543         (WebCore::XSSFilter::isContainedInRequest):
544         * html/parser/XSSFilter.h:
545
546 2011-02-03  Vangelis Kokkevis  <vangelis@chromium.org>
547
548         Reviewed by Kenneth Russell.
549
550         [chromium] Fixing a compositor crash occurring on layers
551         without an associated RenderSurface.
552         https://bugs.webkit.org/show_bug.cgi?id=53679
553         Regression was introduced by in r77425 
554
555         Test: http://webkit.org/blog/386/3d-transforms/ doesn't crash
556         anymore.
557
558         * platform/graphics/chromium/LayerRendererChromium.cpp:
559         (WebCore::LayerRendererChromium::drawLayer):
560
561 2011-02-03  Dan Bernstein  <mitz@apple.com>
562
563         Reviewed by Anders Carlsson.
564
565         <rdar://problem/8948788> Text emphasis marks have wrong orientation for vertical text
566         https://bugs.webkit.org/show_bug.cgi?id=53709
567
568         Covered by rendering of fast/text/emphasis-vertical.html
569
570         * platform/graphics/mac/SimpleFontDataMac.mm:
571         (WebCore::SimpleFontData::scaledFontData): Give the scaled font the same orientation this font
572         has.
573
574 2011-02-02  Levi Weintraub  <leviw@chromium.org>
575
576         Reviewed by Ryosuke Niwa.
577
578         Moving cursor down in table cycles at the end of a row
579         https://bugs.webkit.org/show_bug.cgi?id=50012
580
581         Avoids a caret cycling issue with certain content (e.g. tables) found at the very
582         end of a document due to a bug in nextLeafWithSameEditability.
583
584         Test: editing/selection/move-by-line-cycles-in-table.html
585
586         * editing/visible_units.cpp:
587         (WebCore::nextLeafWithSameEditability): Properly avoid descending back into the
588         original leaf node.
589
590 2011-02-03  Pavel Podivilov  <podivilov@chromium.org>
591
592         Reviewed by Pavel Feldman.
593
594         Web Inspector: remove dead code related to changes panel.
595         https://bugs.webkit.org/show_bug.cgi?id=53688
596
597         * WebCore.gypi:
598         * WebCore.vcproj/WebCore.vcproj:
599         * inspector/front-end/ChangesView.js: Removed.
600         * inspector/front-end/WebKit.qrc:
601         * inspector/front-end/inspector.css:
602         (#error-warning-count):
603         (#error-warning-count:hover):
604         (#error-count + #warning-count):
605         * inspector/front-end/inspector.html:
606         * inspector/front-end/inspector.js:
607
608 2011-02-02  Sam Weinig  <sam@webkit.org>
609
610         Reviewed by Anders Carlsson.
611
612         Add notification of the end of a rubber band.
613         <rdar://problem/8940648>
614
615         * WebCore.exp.in:
616         Add additional exprots.
617
618         * page/ChromeClient.h:
619         (WebCore::ChromeClient::didCompleteRubberBandForMainFrame):
620         * page/FrameView.cpp:
621         (WebCore::FrameView::didCompleteRubberBand):
622         * page/FrameView.h:
623         * platform/ScrollView.cpp:
624         (WebCore::ScrollView::didCompleteRubberBand):
625         * platform/ScrollView.h:
626         Add hook.
627
628         * platform/ScrollableArea.h:
629         (WebCore::ScrollableArea::inLiveResize):
630         (WebCore::ScrollableArea::maximumScrollPosition):
631         (WebCore::ScrollableArea::visibleWidth):
632         (WebCore::ScrollableArea::overhangAmount):
633         (WebCore::ScrollableArea::didCompleteRubberBand):
634         Reorganize and de-virtualize live resize notifications.
635
636         * platform/mac/ScrollAnimatorMac.mm:
637         (WebCore::ScrollAnimatorMac::snapRubberBandTimerFired):
638         Call the new hook when the rubberband ends.
639
640 2011-02-02  Evan Martin  <evan@chromium.org>
641
642         Reviewed by Tony Chang.
643
644         [chromium] complex joining characters positioned in wrong place
645         https://bugs.webkit.org/show_bug.cgi?id=53637
646
647         Provide the correct font metrics to Harfbuzz related to the font design space.
648         There are used in some fonts for GPOS positioning.
649
650         Test: platform/chromium-linux/fast/text/international/complex-joining-using-gpos.html
651
652         * platform/graphics/chromium/ComplexTextControllerLinux.cpp:
653         (WebCore::ComplexTextController::setupFontForScriptRun):
654         (WebCore::ComplexTextController::allocHarfbuzzFont):
655         * platform/graphics/chromium/FontPlatformDataLinux.cpp:
656         (WebCore::FontPlatformData::FontPlatformData):
657         (WebCore::FontPlatformData::emSizeInFontUnits):
658         (WebCore::FontPlatformData::operator=):
659         * platform/graphics/chromium/FontPlatformDataLinux.h:
660         (WebCore::FontPlatformData::FontPlatformData):
661
662 2011-02-02  Dimitri Glazkov  <dglazkov@chromium.org>
663
664         Reviewed by Kent Tamura.
665
666         REGRESSION(r76147): Slider thumb position is not updated when value attribute is changed.
667         https://bugs.webkit.org/show_bug.cgi?id=53634
668
669         Test: fast/dom/HTMLInputElement/input-slider-update.html
670
671         * html/HTMLInputElement.cpp:
672         (WebCore::HTMLInputElement::setValue): Added a call to InputType::valueChanged.
673         * html/InputType.cpp:
674         (WebCore::InputType::valueChanged): Added empty implementation.
675         * html/InputType.h: Added def.
676         * html/RangeInputType.cpp:
677         (WebCore::RangeInputType::valueChanged): Added implementation that dirties layout
678             bit on the thumb.
679         * html/RangeInputType.h: Added def.
680
681 2011-02-02  Pavel Podivilov  <podivilov@chromium.org>
682
683         Reviewed by Pavel Feldman.
684
685         Web Inspector: do not share source frames between resources panel and scripts panel.
686         https://bugs.webkit.org/show_bug.cgi?id=53584
687
688         Currently, we show error messages only for resources. This change will allow showing error
689         messages in source frame even when resource is not available (eval scripts, inlined scripts).
690
691         * inspector/front-end/ConsoleView.js:
692         (WebInspector.ConsoleView.prototype.addMessage):
693         (WebInspector.ConsoleView.prototype.clearMessages):
694         * inspector/front-end/ResourceView.js:
695         (WebInspector.ResourceView.recreateResourceView):
696         * inspector/front-end/ResourcesPanel.js:
697         (WebInspector.FrameResourceTreeElement.prototype._setBubbleText):
698         * inspector/front-end/ScriptsPanel.js:
699         (WebInspector.ScriptsPanel.prototype._scriptSourceChanged):
700         (WebInspector.ScriptsPanel.prototype.addConsoleMessage):
701         (WebInspector.ScriptsPanel.prototype.clearConsoleMessages):
702         (WebInspector.ScriptsPanel.prototype.reset):
703         (WebInspector.ScriptsPanel.prototype._sourceFrameForScriptOrResource):
704         (WebInspector.ScriptsPanel.prototype._sourceFrameForResource):
705         (WebInspector.ScriptsPanel.prototype._sourceFrameForScript):
706
707 2011-02-03  Simon Fraser  <simon.fraser@apple.com>
708
709         Fix 32-bit builds.
710
711         * platform/graphics/ShadowBlur.cpp:
712         (WebCore::ShadowBlur::blurLayerImage):
713
714 2011-02-03  Mikhail Naganov  <mnaganov@chromium.org>
715
716         Reviewed by Pavel Feldman.
717
718         Web Inspector: Add reporting of JS heap size limit to 'console.memory'.
719         https://bugs.webkit.org/show_bug.cgi?id=53592
720
721         In JSC there is no limit, thus 'undefined' value is returned.
722         For V8, the limit reported by the VM is returned.
723
724         * Android.jscbindings.mk:
725         * CMakeLists.txt:
726         * GNUmakefile.am:
727         * WebCore.gypi:
728         * WebCore.pro:
729         * WebCore.vcproj/WebCore.vcproj:
730         * WebCore.xcodeproj/project.pbxproj:
731         * bindings/js/JSBindingsAllInOne.cpp:
732         * bindings/js/JSMemoryInfoCustom.cpp: Added.
733         * bindings/js/ScriptGCEvent.cpp:
734         (WebCore::ScriptGCEvent::getHeapSize):
735         * bindings/js/ScriptGCEvent.h:
736         * bindings/v8/ScriptGCEvent.cpp:
737         (WebCore::ScriptGCEvent::getHeapSize):
738         * bindings/v8/ScriptGCEvent.h:
739         * inspector/InspectorTimelineAgent.cpp:
740         (WebCore::InspectorTimelineAgent::setHeapSizeStatistic):
741         * page/MemoryInfo.cpp:
742         (WebCore::MemoryInfo::MemoryInfo):
743         * page/MemoryInfo.h:
744         (WebCore::MemoryInfo::jsHeapSizeLimit):
745         * page/MemoryInfo.idl:
746
747 2011-01-27  Philippe Normand  <pnormand@igalia.com>
748
749         Reviewed by Martin Robinson.
750
751         [GTK] LayoutTests/media/audio-mpeg4-supported.html fails
752         https://bugs.webkit.org/show_bug.cgi?id=53125
753
754         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
755         (WebCore::mimeTypeCache): Add audio/x-m4a mimetype in the cache.
756
757 2011-02-03  Simon Fraser  <simon.fraser@apple.com>
758
759         Reviewed by Sam Weinig.
760
761         ShadowBlur radius for CSS shadows is slightly too big
762         https://bugs.webkit.org/show_bug.cgi?id=53660
763         
764         If we follow SVG gaussian blur for CSS shadows, we can end up rendering
765         shadows that extend further than the CSS "blur radius", which results
766         in the shadows being truncated.
767         
768         Fix with a small fudge factor to reduce the kernel diameter slightly
769         for CSS shadows.
770         
771         Also more closely follow the algorithm described in the SVG spec
772         for computing the kernel size for different diameters, and clean up
773         some variable naming relating to the shadow bounds.
774
775         * platform/graphics/ShadowBlur.cpp:
776         (WebCore::ShadowBlur::blurLayerImage):
777         (WebCore::ShadowBlur::drawRectShadowWithTiling):
778
779 2011-02-01  Pavel Podivilov  <podivilov@chromium.org>
780
781         Reviewed by Pavel Feldman.
782
783         Web Inspector: introduce new api for managing JavaScript breakpoints.
784         https://bugs.webkit.org/show_bug.cgi?id=53235
785
786         Single protocol breakpoint (e.g. set by url) is mapped on zero or more VM breakpoints (set by sourceID).
787         removeJavaScriptBreakpoint(breakpointId) removes breakpoint and all linked VM breakpoints.
788         Since UI uses VM breakpoint location rather then protocol breakpoint location, all resolved breakpoints locations are passed to frontend.
789
790         SourceFrame is now aware of whether breakpoint is resolved or not and may display it accordingly.
791         JavaScriptBreakpointsSidebarPane filters out breakpoints set on nonexistent scripts to avoid UI cluttering.
792
793         * bindings/js/ScriptDebugServer.cpp:
794         (WebCore::ScriptDebugServer::setBreakpoint):
795         (WebCore::ScriptDebugServer::removeBreakpoint):
796         * bindings/js/ScriptDebugServer.h:
797         * bindings/v8/DebuggerScript.js:
798         ():
799         * bindings/v8/ScriptDebugServer.cpp:
800         (WebCore::ScriptDebugServer::setBreakpoint):
801         * bindings/v8/ScriptDebugServer.h:
802         * inspector/Inspector.idl:
803         * inspector/InspectorAgent.cpp: clear breakpoints from inspector state when new frontend is created
804         (WebCore::InspectorAgent::restoreInspectorStateFromCookie):
805         (WebCore::InspectorAgent::populateScriptObjects):
806         (WebCore::InspectorAgent::restoreDebugger):
807         (WebCore::InspectorAgent::showAndEnableDebugger):
808         (WebCore::InspectorAgent::enableDebugger):
809         * inspector/InspectorAgent.h:
810         * inspector/InspectorDebuggerAgent.cpp: manage relations between protocol breakpoints and VM breakpoints
811         (WebCore::InspectorDebuggerAgent::InspectorDebuggerAgent):
812         (WebCore::InspectorDebuggerAgent::inspectedURLChanged):
813         (WebCore::InspectorDebuggerAgent::setJavaScriptBreakpoint):
814         (WebCore::InspectorDebuggerAgent::setJavaScriptBreakpointBySourceId):
815         (WebCore::InspectorDebuggerAgent::removeJavaScriptBreakpoint):
816         (WebCore::InspectorDebuggerAgent::continueToLocation):
817         (WebCore::InspectorDebuggerAgent::resolveBreakpoint):
818         (WebCore::InspectorDebuggerAgent::getScriptSource):
819         (WebCore::InspectorDebuggerAgent::didParseSource):
820         (WebCore::InspectorDebuggerAgent::didPause):
821         * inspector/InspectorDebuggerAgent.h:
822         (WebCore::InspectorDebuggerAgent::Script::Script):
823         * inspector/InspectorValues.cpp:
824         (WebCore::InspectorValue::asNumber):
825         (WebCore::InspectorBasicValue::asNumber):
826         (WebCore::InspectorObject::remove):
827         * inspector/InspectorValues.h:
828         (WebCore::InspectorObject::getNumber):
829         (WebCore::InspectorObject::find):
830         * inspector/ScriptBreakpoint.h:
831         (WebCore::ScriptBreakpoint::ScriptBreakpoint):
832         * inspector/front-end/Breakpoint.js:
833         (WebInspector.Breakpoint):
834         (WebInspector.Breakpoint.prototype.addLocation):
835         * inspector/front-end/BreakpointManager.js: remove all stuff related to JavaScript breakpoints from here
836         (WebInspector.BreakpointManager):
837         (WebInspector.BreakpointManager.prototype._projectChanged):
838         (WebInspector.BreakpointManager.prototype._saveBreakpoints):
839         (WebInspector.BreakpointManager.prototype._validateBreakpoints):
840         * inspector/front-end/BreakpointsSidebarPane.js:
841         (WebInspector.JavaScriptBreakpointsSidebarPane): filter breakpoints set on nonexistent scripts to avoid ui cluttering
842         * inspector/front-end/DebuggerModel.js:
843         (WebInspector.DebuggerModel): pull all JavaScript from localStorage and push them to fronted when debugger is enabled, save resolved breakpoints data
844         * inspector/front-end/Script.js:
845         (WebInspector.Script.prototype.sourceLine):
846         * inspector/front-end/ScriptsPanel.js:
847         (WebInspector.ScriptsPanel.prototype._toggleDebugging):
848         * inspector/front-end/Settings.js:
849         (WebInspector.Settings):
850         * inspector/front-end/SourceFrame.js: handle resolved and unresolved breakpoints differently
851         * inspector/front-end/inspector.js:
852
853 2011-02-03  Nikolas Zimmermann  <nzimmermann@rim.com>
854
855         Reviewed by Dirk Schulze.
856
857         small text which is scaled to be large renders pixelated
858         https://bugs.webkit.org/show_bug.cgi?id=12448
859
860         SVG <text> with font-size smaller or equal to 1 does not paint correctly
861         https://bugs.webkit.org/show_bug.cgi?id=14242
862
863         misplaced text in SVG
864         https://bugs.webkit.org/show_bug.cgi?id=17053
865
866         Don't render very small (but zoomed) text inside SVG
867         https://bugs.webkit.org/show_bug.cgi?id=19393
868
869         Tiny fonts scaled up end up too large in Safari
870         https://bugs.webkit.org/show_bug.cgi?id=20192
871
872         Stretched SVG Text has awful glyph spacing 
873         https://bugs.webkit.org/show_bug.cgi?id=21774
874
875         REGRESSION (r72141?): svg/batik/text/smallFonts.svg failing on Leopard
876         https://bugs.webkit.org/show_bug.cgi?id=49846
877
878         [Gtk] Text height in zoomed SVG is 1px too high
879         https://bugs.webkit.org/show_bug.cgi?id=50313
880
881         SVG text smaller than 0.5px not displayed properly
882         https://bugs.webkit.org/show_bug.cgi?id=50528
883
884         When rendering text, we're selecting a font with a size, as specified in the markup.
885         This can lead to problems, if the context, where the text is rendered upon, is scaled. If a parent
886         element of the <text> defines a transform=".." or the outermost <svg> containing a viewBox the
887         problem becomes apparent.
888
889         Consider following two snippets, which should render exactly the same:
890         <svg viewBox="0 0 100 100"><text x="25" y="50" font-size="25">test</text></svg>
891         <svg viewBox="0 0 1 1"><text x="0.25" y="0.5" font-size="0.25">test</text></svg>
892
893         When selecting a font size below 0.5, FontCacheMac would request a font with size 0,
894         which AppKit turns into 12. This lead to huge text rendering, instead of small text on Mac.
895         Other platforms have different problems (Qt simply scales the font, leading to pixelation etc.)
896
897         To fix this in a cross-platform fashion, we now always compute the final font size on screen,
898         remove any scaling from the context, draw the text using the scaled font size, then reapply
899         the context scale. This makes the example snippets above render exactly the same and fixes
900         numerous of bugs, present since years. As we're now heavily using floating-point font sizes
901         internally, depending on the scale of the document, it's very important to use the new
902         floating-point text metrics information (floatAscent/floatDescent/floatHeight) everywhere in SVG.
903
904         Fixes existing tests: css3/zoom-coords.xhtml (cross-platform inconsistencies should be gone, mac now reports floatHeight values for SVG text height)
905                               svg/hixie/text/003.html (no more pixelation)
906                               svg/batik/text/smallFonts.svg (small fonts aren't rendered huge anymore on mac)
907                               svg/hixie/viewbox/preserveAspectRatio/001.xml (bug 21774, no more awful spacing)
908                               svg/zoom/page/zoom-zoom-coords.xhtml (cross-platform inconsistencies should be gone, inspired by bug 50313)
909
910         Tests: svg/text/font-size-below-point-five-2.svg (reduction from bug 50528)
911                svg/text/font-size-below-point-five.svg (reduction from bug 50528)
912                svg/text/scaled-font.svg (reduction from bug 12448)
913                svg/text/small-fonts-2.svg (reduction from bug 14242)
914                svg/text/small-fonts-3.svg (reduction from bug 17053)
915                svg/text/small-fonts-in-html5.html (reduction from bug 19393)
916                svg/text/small-fonts.svg (reduction from bug 20192))
917
918         * rendering/svg/RenderSVGInlineText.cpp: Cache 'float scalingFactor' & 'Font scaledFont', whenever the on-screen representation changes.
919         * rendering/svg/RenderSVGInlineText.h:
920         * rendering/svg/RenderSVGText.cpp: Update scalingFactor/scaledFont, if necessary.
921         * rendering/svg/SVGInlineTextBox.cpp: Switch to new font rendering strategy. Always use scaledFont, and remove any context scale before drawing.
922         * rendering/svg/SVGInlineTextBox.h:
923         * rendering/svg/SVGTextLayoutEngineBaseline.cpp: Use floating-point metrics everywhere.
924         * rendering/svg/SVGTextMetrics.cpp: Ditto.
925         * rendering/svg/SVGTextMetrics.h: Ditto.
926         * rendering/svg/SVGTextQuery.cpp: Ditto.
927         * svg/SVGFont.cpp: Adjust stroke thickness, when drawing SVGFonts into a normalized context (no more scale).
928         * svg/SVGTextContentElement.cpp: Make <text> elements always dependant on window size changes in combination with viewBox set.
929         * svg/SVGTextPositioningElement.cpp: Remove now unnecessary code to determine wheter relative lengths are used as text attributes.
930         * svg/SVGTextPositioningElement.h: 
931
932 2011-02-03  Pavel Feldman  <pfeldman@chromium.org>
933
934         Reviewed by Yury Semikhatsky.
935
936         Web Inspector: resources panel doesn't show frames after reload.
937         https://bugs.webkit.org/show_bug.cgi?id=53430
938
939         * inspector/front-end/ResourcesPanel.js:
940         (WebInspector.ResourcesPanel.prototype.show):
941         (WebInspector.ResourcesPanel.prototype.loadEventFired):
942         (WebInspector.ResourcesPanel.prototype._initDefaultSelection):
943         (WebInspector.ResourcesPanel.prototype.reset):
944         (WebInspector.ResourcesPanel.prototype.clear):
945         * inspector/front-end/inspector.js:
946         (WebInspector.loadEventFired):
947
948 2011-02-01  Alexander Pavlov  <apavlov@chromium.org>
949
950         Reviewed by Pavel Feldman.
951
952         Web Inspector: Remove the *2 suffix from the CSS style-related protocol methods
953         https://bugs.webkit.org/show_bug.cgi?id=53492
954
955         * inspector/Inspector.idl:
956         * inspector/InspectorCSSAgent.cpp:
957         (WebCore::InspectorCSSAgent::getStylesForNode):
958         (WebCore::InspectorCSSAgent::getInlineStyleForNode):
959         (WebCore::InspectorCSSAgent::getComputedStyleForNode):
960         (WebCore::InspectorCSSAgent::getAllStyles):
961         (WebCore::InspectorCSSAgent::getStyleSheet):
962         (WebCore::InspectorCSSAgent::getStyleSheetText):
963         (WebCore::InspectorCSSAgent::setStyleSheetText):
964         (WebCore::InspectorCSSAgent::setPropertyText):
965         (WebCore::InspectorCSSAgent::toggleProperty):
966         (WebCore::InspectorCSSAgent::setRuleSelector):
967         (WebCore::InspectorCSSAgent::addRule):
968         * inspector/InspectorCSSAgent.h:
969         * inspector/front-end/AuditRules.js:
970         (WebInspector.AuditRules.UnusedCssRule.prototype.doRun):
971         * inspector/front-end/CSSStyleModel.js:
972         (WebInspector.CSSStyleModel.prototype.getStylesAsync):
973         (WebInspector.CSSStyleModel.prototype.getComputedStyleAsync):
974         (WebInspector.CSSStyleModel.prototype.getInlineStyleAsync):
975         (WebInspector.CSSStyleModel.prototype.setRuleSelector):
976         (WebInspector.CSSStyleModel.prototype.addRule):
977         (WebInspector.CSSStyleModel.prototype._styleSheetChanged):
978         (WebInspector.CSSStyleModel.prototype._onRevert):
979         (WebInspector.CSSStyleDeclaration.prototype.insertPropertyAt):
980         (WebInspector.CSSProperty.prototype.setText):
981         (WebInspector.CSSProperty.prototype.setDisabled):
982         (WebInspector.CSSStyleSheet.createForId):
983         (WebInspector.CSSStyleSheet.prototype.setText):
984
985 2011-02-03  Adam Barth  <abarth@webkit.org>
986
987         Reviewed by Daniel Bates.
988
989         Teach XSSFilter about data URLs
990         https://bugs.webkit.org/show_bug.cgi?id=53662
991
992         The XSS filter doesn't really make sense for data URLs because
993         everything in a "response" from a data URL was part of the request.
994
995         Test: http/tests/security/xssAuditor/data-urls-work.html
996
997         * html/parser/XSSFilter.cpp:
998         (WebCore::XSSFilter::init):
999         (WebCore::XSSFilter::filterToken):
1000
1001 2011-02-02  Chris Evans  <cevans@chromium.org>
1002
1003         Reviewed by Darin Fisher.
1004
1005         window.find() can fail when switching case sensitivity
1006         https://bugs.webkit.org/show_bug.cgi?id=53654
1007
1008         Reset the pattern to a safe one when done, to avoid usearch_reset()
1009         indirectly touching the old, stale text pointer.
1010
1011         Test: fast/text/find-window.html
1012
1013         * editing/TextIterator.cpp:
1014         (WebCore::SearchBuffer::~SearchBuffer): leave a safe pattern buffer when done.
1015
1016 2011-02-02  Adam Barth  <abarth@webkit.org>
1017
1018         Reviewed by Daniel Bates.
1019
1020         Teach XSSFilter that <param> elements can contain URLs
1021         https://bugs.webkit.org/show_bug.cgi?id=53652
1022
1023         When loading plugins for the <object> tag, we're "smart" enough to
1024         reach into the <param> elements and pull out the URL in some cases.
1025         This patch teaches the XSSFilter how to block injections into those
1026         sorts of param elements.
1027
1028         Fixes:
1029             http/tests/security/xssAuditor/object-*
1030
1031         * html/HTMLParamElement.cpp:
1032         (WebCore::HTMLParamElement::isURLParameter):
1033         (WebCore::HTMLParamElement::isURLAttribute):
1034         (WebCore::HTMLParamElement::addSubresourceAttributeURLs):
1035         * html/HTMLParamElement.h:
1036             - Add a helper function so that HTMLParamElement can share the
1037               ground truth for these names with the XSSFilter.
1038         * html/parser/XSSFilter.cpp:
1039         (WebCore::XSSFilter::filterTokenInitial):
1040         (WebCore::XSSFilter::filterParamToken):
1041         * html/parser/XSSFilter.h:
1042
1043 2011-02-02  Dimitri Glazkov  <dglazkov@chromium.org>
1044
1045         Reviewed by David Levin.
1046
1047         GCC compiler on ARM issues bogus warnings and fails to compile.
1048         https://bugs.webkit.org/show_bug.cgi?id=53620
1049
1050         Despite warnings explicitly being disallowed (-Wno-uninitialized),
1051         gcc (Ubuntu 4.4.3-4ubuntu5) 4.4.3 throws up the warnings like:
1052
1053         "error: 'colorTransparent.unstatic.4909' may be used uninitialized in this function"
1054
1055         The fix is to add an extra condition, which somehow pacifies the compiler.
1056
1057         * css/CSSPrimitiveValue.cpp:
1058         (WebCore::CSSPrimitiveValue::createColor): Added workaround conditions.
1059
1060 2011-02-02  Adam Barth  <abarth@webkit.org>
1061
1062         Reviewed by Daniel Bates.
1063
1064         Teach XSSFilter about X-XSS-Protection
1065         https://bugs.webkit.org/show_bug.cgi?id=53640
1066
1067         This patch causes us to pass:
1068             http/tests/security/xssAuditor/full-block-*
1069             http/tests/security/xssAuditor/no-protection-script-tag.html
1070
1071         * html/parser/XSSFilter.cpp:
1072         (WebCore::XSSFilter::XSSFilter):
1073         (WebCore::XSSFilter::init):
1074         (WebCore::XSSFilter::filterToken):
1075         * html/parser/XSSFilter.h:
1076
1077 2011-02-02  Adam Barth  <abarth@webkit.org>
1078
1079         Reviewed by Daniel Bates.
1080
1081         When XSSFilter blocks JavaScript URLs, use a safe JavaScript URL
1082         instead of the empty string
1083         https://bugs.webkit.org/show_bug.cgi?id=53643
1084
1085         In a URL context, the empty string completes to the URL of the current
1086         page, which causes these tests to go into an infinite loop.  Instead,
1087         we should use a "safe" JavaScript URL that does nothing.
1088
1089         Fixes:
1090             http/tests/security/xssAuditor/javascript-link*
1091
1092         * html/parser/XSSFilter.cpp:
1093         (WebCore::XSSFilter::eraseDangerousAttributesIfInjected):
1094
1095 2011-02-02  Dan Bernstein  <mitz@apple.com>
1096
1097         Reviewed by Sam Weinig.
1098
1099         <rdar://problem/8380506> REGRESSION (r61921): RTL text in <b> tag doesn't display in WebKit under certain conditions
1100         https://bugs.webkit.org/show_bug.cgi?id=44942
1101
1102         Test: fast/text/bidi-embedding-pop-and-push-same-2.html
1103
1104         * platform/text/BidiResolver.h:
1105         (WebCore::::commitExplicitEmbedding): Changed to return a boolean indicating whether there was
1106         a change to embedding levels.
1107         (WebCore::::createBidiRunsForLine): If embedding levels did not change as a result of committing
1108         the explicit embedding sequence, then runs were not added, and we should continue normally.
1109
1110 2011-02-02  Sam Weinig  <sam@webkit.org>
1111
1112         Reviewed by Dan Bernstein.
1113
1114         Fix miscalculation of the overhang area used for painting. We were
1115         not correctly accounting for scrollbars resulting in an non-negative
1116         overhang even when we weren't over the edge.
1117
1118         * platform/ScrollView.cpp:
1119         (WebCore::ScrollView::calculateOverhangAreasForPainting):
1120
1121 2011-02-02  Jeremy Orlow  <jorlow@chromium.org>
1122
1123         Reviewed by Nate Chapin.
1124
1125         IDBTransaction and IDBRequest can be deleted while ScriptExecutionContext is iterating....which is bad
1126         https://bugs.webkit.org/show_bug.cgi?id=52722
1127
1128         The solution is to change ScriptExecutionContext's destructor to iterate over
1129         the list in a way that handles the mutations. This new method is destructive,
1130         but that's OK since the object is going away. I've also added a several asserts.
1131
1132         There should be no behavior change.
1133
1134         * dom/ScriptExecutionContext.cpp:
1135         (WebCore::ScriptExecutionContext::ScriptExecutionContext):
1136         (WebCore::ScriptExecutionContext::~ScriptExecutionContext):
1137         (WebCore::ScriptExecutionContext::canSuspendActiveDOMObjects):
1138         (WebCore::ScriptExecutionContext::suspendActiveDOMObjects):
1139         (WebCore::ScriptExecutionContext::resumeActiveDOMObjects):
1140         (WebCore::ScriptExecutionContext::stopActiveDOMObjects):
1141         (WebCore::ScriptExecutionContext::createdActiveDOMObject):
1142         (WebCore::ScriptExecutionContext::destroyedActiveDOMObject):
1143         * dom/ScriptExecutionContext.h:
1144         * storage/IDBTransaction.cpp:
1145         (WebCore::IDBTransaction::contextDestroyed):
1146         * storage/IDBTransaction.h:
1147
1148 2011-02-02  Mark Rowe  <mrowe@apple.com>
1149
1150         Build fix.
1151
1152         * WebCore.exp.in: Remove some bogus symbols from the .exp.in file.
1153         * platform/mac/ScrollbarThemeMac.mm:
1154         (WebCore::ScrollbarThemeMac::unregisterScrollbar): Look the object
1155         up in the HashMap rather than relying on a local variable that doesn't
1156         exist.
1157
1158 2011-02-02  Adam Barth  <abarth@webkit.org>
1159
1160         Reviewed by Daniel Bates.
1161
1162         Teach XSSFilter about JavaScript URLs
1163         https://bugs.webkit.org/show_bug.cgi?id=53635
1164
1165         This patch teaches the XSSFilter to check for JavaScript URLs in
1166         attribute values.  If this approach has too many false positives, we
1167         can restrict which attribute names we examine.
1168
1169         Fixes these tests:
1170             http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL.html
1171             http/tests/security/xssAuditor/dom-write-location-javascript-URL.html
1172             http/tests/security/xssAuditor/iframe-javascript-url*
1173
1174         * html/parser/XSSFilter.cpp:
1175         (WebCore::HTMLNames::containsJavaScriptURL):
1176         (WebCore::XSSFilter::filterTokenInitial):
1177         (WebCore::XSSFilter::eraseDangerousAttributesIfInjected):
1178         * html/parser/XSSFilter.h:
1179
1180 2011-02-02  Dan Bernstein  <mitz@apple.com>
1181
1182         Reviewed by Sam Weinig, even though this is just a...
1183
1184         ...build fix.
1185
1186         * platform/mac/ScrollAnimatorMac.mm:
1187         (WebCore::ScrollAnimatorMac::~ScrollAnimatorMac):
1188
1189 2011-02-02  Mark Rowe  <mrowe@apple.com>
1190
1191         Reviewed by Beth Dakin.
1192
1193         <rdar://problem/8952012> Crash on launch inside scrollbar code.
1194
1195         We need to ensure that we remove ourselves as the delegates of objects when we're going
1196         away as failing to do this can lead to crashes if the lifetime of the other objects
1197         is longer than ours.
1198
1199         * platform/mac/ScrollAnimatorMac.mm:
1200         (WebCore::ScrollAnimatorMac::~ScrollAnimatorMac):
1201         * platform/mac/ScrollbarThemeMac.mm:
1202         (WebCore::ScrollbarThemeMac::unregisterScrollbar):
1203
1204 2011-02-02  Beth Dakin  <bdakin@apple.com>
1205
1206         Build fix.
1207
1208         * WebCore.exp.in:
1209
1210 2011-02-02  Patrick Gansterer  <paroga@webkit.org>
1211
1212         Unreviewed WinCE build fix for r77397.
1213
1214         * page/wince/FrameWinCE.cpp:
1215         (WebCore::computePageRectsForFrame):
1216
1217 2011-02-02  Patrick Gansterer  <paroga@webkit.org>
1218
1219         Unreviewed WinCE build fix for r77398.
1220
1221         * platform/graphics/wince/PlatformPathWinCE.cpp:
1222         (WebCore::containsPoint):
1223         (WebCore::inflateRectToContainPoint):
1224         (WebCore::PlatformPath::addRect):
1225         * platform/graphics/wince/SharedBitmap.cpp:
1226         (WebCore::SharedBitmap::drawPattern):
1227         * rendering/RenderThemeWinCE.cpp:
1228         (WebCore::RenderThemeWinCE::paintMenuListButton):
1229         (WebCore::RenderThemeWinCE::paintSearchFieldCancelButton):
1230         (WebCore::RenderThemeWinCE::paintSliderTrack):
1231         (WebCore::RenderThemeWinCE::paintMediaMuteButton):
1232         (WebCore::RenderThemeWinCE::paintMediaPlayButton):
1233         (WebCore::RenderThemeWinCE::paintMediaSeekBackButton):
1234         (WebCore::RenderThemeWinCE::paintMediaSeekForwardButton):
1235
1236 2011-02-02  Jian Li  <jianli@chromium.org>
1237
1238         Reviewed by Kenneth Russell.
1239
1240         [V8] Accessing DataView with index of -1 returns 0, doesn't throw
1241         https://bugs.webkit.org/show_bug.cgi?id=53559
1242
1243         Added test cases to cover this in fast/canvas/webgl/data-view-test.html.
1244
1245         * html/canvas/DataView.h:
1246         (WebCore::DataView::beyondRange):
1247
1248 2011-02-02  Sam Weinig  <sam@webkit.org>
1249
1250         Reviewed by Beth Dakin.
1251
1252         Add ChromeClient function to paint custom overhang areas.
1253         https://bugs.webkit.org/show_bug.cgi?id=53639
1254
1255         * page/Chrome.cpp:
1256         (WebCore::ChromeClient::paintCustomOverhangArea):
1257         * page/ChromeClient.h:
1258         Add ChromeClient function.
1259
1260         * page/FrameView.cpp:
1261         (WebCore::FrameView::paintOverhangAreas):
1262         * page/FrameView.h:
1263         Call out the the ChromeClient, call ScrollView base implementation
1264         if the ChromeClient returns false.
1265
1266         * platform/ScrollView.cpp:
1267         (WebCore::ScrollView::paintOverhangAreas):
1268         * platform/ScrollView.h:
1269         Add dirty rect for use when painting overhang areas.
1270
1271 2011-02-02  Peter Kasting  <pkasting@google.com>
1272
1273         Not reviewed, build fix.
1274
1275         Fix compile after r77427.
1276         https://bugs.webkit.org/show_bug.cgi?id=53455
1277
1278         * platform/graphics/qt/ImageDecoderQt.cpp:
1279         (WebCore::ImageDecoderQt::internalHandleCurrentImage):
1280         * platform/image-decoders/ImageDecoder.cpp:
1281         (WebCore::ImageFrame::operator=):
1282         * platform/image-decoders/bmp/BMPImageReader.cpp:
1283         (WebCore::BMPImageReader::decodeBMP):
1284         * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
1285         (WebCore::JPEGImageDecoder::outputScanlines):
1286         * platform/image-decoders/png/PNGImageDecoder.cpp:
1287         (WebCore::PNGImageDecoder::rowAvailable):
1288         * platform/image-decoders/webp/WEBPImageDecoder.cpp:
1289         (WebCore::WEBPImageDecoder::decode):
1290
1291 2011-02-02  Peter Kasting  <pkasting@google.com>
1292
1293         Reviewed by David Levin.
1294
1295         Clean up ImageDecoder's comments (remove/trim/clarify).
1296         https://bugs.webkit.org/show_bug.cgi?id=53455
1297
1298         This also renames or eliminates a couple of functions for clarity, and
1299         switches a couple erroneous strncmp() calls to memcmp().
1300
1301         * platform/image-decoders/ImageDecoder.cpp:
1302         (WebCore::ImageDecoder::create):
1303         (WebCore::ImageFrame::clearPixelData):
1304         (WebCore::ImageFrame::zeroFillPixelData):
1305         (WebCore::ImageFrame::setSize):
1306         * platform/image-decoders/ImageDecoder.h:
1307         (WebCore::ImageFrame::originalFrameRect):
1308         (WebCore::ImageFrame::setOriginalFrameRect):
1309         (WebCore::ImageDecoder::ImageDecoder):
1310         (WebCore::ImageDecoder::~ImageDecoder):
1311         (WebCore::ImageDecoder::isSizeAvailable):
1312         (WebCore::ImageDecoder::size):
1313         (WebCore::ImageDecoder::setIgnoreGammaAndColorProfile):
1314         (WebCore::ImageDecoder::clearFrameBufferCache):
1315         (WebCore::ImageDecoder::isOverSize):
1316         * platform/image-decoders/bmp/BMPImageReader.cpp:
1317         (WebCore::BMPImageReader::processNonRLEData):
1318         * platform/image-decoders/cg/ImageDecoderCG.cpp:
1319         (WebCore::ImageFrame::setSize):
1320         * platform/image-decoders/gif/GIFImageDecoder.cpp:
1321         (WebCore::GIFImageDecoder::clearFrameBufferCache):
1322         (WebCore::GIFImageDecoder::frameComplete):
1323         (WebCore::GIFImageDecoder::initFrameBuffer):
1324         * platform/image-decoders/jpeg/JPEGImageDecoder.h:
1325         * platform/image-decoders/qt/ImageFrameQt.cpp:
1326         (WebCore::ImageFrame::operator=):
1327         (WebCore::ImageFrame::clearPixelData):
1328         (WebCore::ImageFrame::zeroFillPixelData):
1329         (WebCore::ImageFrame::setSize):
1330         * platform/image-decoders/skia/ImageDecoderSkia.cpp:
1331         (WebCore::ImageFrame::operator=):
1332         (WebCore::ImageFrame::clearPixelData):
1333         (WebCore::ImageFrame::zeroFillPixelData):
1334         (WebCore::ImageFrame::setSize):
1335         * platform/image-decoders/webp/WEBPImageDecoder.h:
1336
1337 2011-02-02  Vangelis Kokkevis  <vangelis@chromium.org>
1338
1339         [chromium] Adding support for reflections to the accelerated
1340         compositing path.
1341         https://bugs.webkit.org/show_bug.cgi?id=53179
1342
1343         All layout tests in compositing/reflections generate correct
1344         results with the exception of:
1345         1. nested-reflection-anchor-point.html : There appears to be
1346            some issue with the layer transform math that I haven't been
1347            able to track down yet.
1348         2. reflection-opacity.html : The current implementation applies
1349            opacity before doing the reflection which makes this test
1350            produce incorrect results.  This will affect reflected layers
1351            with opacity that overlap their original layer.  FIXME comment
1352            added in the code.
1353
1354         Tests: Covered by existing layout tests in compositing/reflections.
1355                Please see above for exceptions.
1356
1357         * platform/graphics/chromium/GraphicsLayerChromium.cpp:
1358         (WebCore::GraphicsLayerChromium::setReplicatedByLayer):
1359         (WebCore::GraphicsLayerChromium::updateAnchorPoint):
1360         * platform/graphics/chromium/GraphicsLayerChromium.h:
1361         * platform/graphics/chromium/LayerChromium.cpp:
1362         (WebCore::LayerChromium::LayerChromium):
1363         * platform/graphics/chromium/LayerChromium.h:
1364         (WebCore::LayerChromium::setReplicaLayer):
1365         (WebCore::LayerChromium::replicaLayer):
1366         * platform/graphics/chromium/LayerRendererChromium.cpp:
1367         (WebCore::LayerRendererChromium::updateLayersRecursive):
1368         (WebCore::LayerRendererChromium::drawLayer):
1369         * platform/graphics/chromium/RenderSurfaceChromium.cpp:
1370         (WebCore::RenderSurfaceChromium::drawableContentRect):
1371         (WebCore::RenderSurfaceChromium::drawSurface):
1372         (WebCore::RenderSurfaceChromium::draw):
1373         * platform/graphics/chromium/RenderSurfaceChromium.h:
1374         (WebCore::RenderSurfaceChromium::drawTransform):
1375
1376 2011-02-02  Xiyuan Xia  <xiyuan@chromium.org>
1377
1378         Reviewed by Tony Chang.
1379
1380         [Chromium] Select popup with padding has white strip on right
1381         https://bugs.webkit.org/show_bug.cgi?id=53602
1382
1383         No new tests as this change restores old behavior.
1384
1385         * platform/chromium/PopupMenuChromium.cpp:
1386         (WebCore::PopupListBox::layout):
1387
1388 2011-02-02  Beth Dakin  <bdakin@apple.com>
1389
1390         Reviewed by Mark Rowe.
1391
1392         Fix for <rdar://problem/8950343> CrashTracer: [USER]
1393         1 crash in WebProcess at com.apple.WebCore: 
1394         WebCore::ScrollbarThemeMac::unregisterScrollbar + 22
1395
1396         It is possible for a Scrollbar's ScrollableArea to be null,
1397         so we must null check.
1398         * platform/mac/ScrollbarThemeMac.mm:
1399         (WebCore::ScrollbarThemeMac::registerScrollbar):
1400         (WebCore::ScrollbarThemeMac::unregisterScrollbar):
1401
1402 2011-02-02  Zhenyao Mo  <zmo@google.com>
1403
1404         Reviewed by Kenneth Russell.
1405
1406         bufferData and bufferSubData should generate INVALID_VALUE with negative input
1407         https://bugs.webkit.org/show_bug.cgi?id=53626
1408
1409         * html/canvas/WebGLRenderingContext.cpp:
1410         (WebCore::WebGLRenderingContext::bufferData):
1411         (WebCore::WebGLRenderingContext::bufferSubData):
1412
1413 2011-02-02  Jeff Miller  <jeffm@apple.com>
1414
1415         Reviewed by Darin Adler and Steve Falkenburg.
1416
1417         Add DerivedSources.make to some Visual Studio projects
1418         https://bugs.webkit.org/show_bug.cgi?id=53607
1419
1420         * WebCore.vcproj/WebCoreGenerated.vcproj: Add DerivedSources.make.
1421
1422 2011-02-02  Cris Neckar  <cdn@chromium.org>
1423
1424         Reviewed by James Robinson.
1425
1426         Refcount domwindows when dispatching device orientation events.
1427         https://bugs.webkit.org/show_bug.cgi?id=53623
1428
1429         Test: fast/events/device-orientation-crash.html
1430
1431         * dom/DeviceMotionController.cpp:
1432         (WebCore::DeviceMotionController::timerFired):
1433         (WebCore::DeviceMotionController::didChangeDeviceMotion):
1434         * dom/DeviceMotionController.h:
1435         * dom/DeviceOrientationController.cpp:
1436         (WebCore::DeviceOrientationController::timerFired):
1437         (WebCore::DeviceOrientationController::didChangeDeviceOrientation):
1438         * dom/DeviceOrientationController.h:
1439
1440 2011-02-02  Zhenyao Mo  <zmo@google.com>
1441
1442         Reviewed by Kenneth Russell.
1443
1444         A deleted object should never been bound again
1445         https://bugs.webkit.org/show_bug.cgi?id=53604
1446
1447         * html/canvas/WebGLRenderingContext.cpp:
1448         (WebCore::WebGLRenderingContext::checkObjectToBeBound): Helper function to bind* and useProgram.
1449         (WebCore::WebGLRenderingContext::bindBuffer): Use checkObjectToBeBound.
1450         (WebCore::WebGLRenderingContext::bindFramebuffer): Ditto.
1451         (WebCore::WebGLRenderingContext::bindRenderbuffer): Ditto.
1452         (WebCore::WebGLRenderingContext::bindTexture): Ditto, also check the target matching.
1453         (WebCore::WebGLRenderingContext::deleteObject): Helper funtion to delete*.
1454         (WebCore::WebGLRenderingContext::deleteBuffer): Use deleteObject.
1455         (WebCore::WebGLRenderingContext::deleteFramebuffer): Ditto.
1456         (WebCore::WebGLRenderingContext::deleteProgram): Ditto.
1457         (WebCore::WebGLRenderingContext::deleteRenderbuffer): Ditto.
1458         (WebCore::WebGLRenderingContext::deleteShader): Ditto.
1459         (WebCore::WebGLRenderingContext::deleteTexture): Ditto.
1460         (WebCore::WebGLRenderingContext::useProgram): Use checkObjectToBeBound.
1461         * html/canvas/WebGLRenderingContext.h:
1462         * html/canvas/WebGLTexture.h:
1463         (WebCore::WebGLTexture::getTarget): Accessor to cached target.
1464
1465 2011-02-02  Alejandro G. Castro  <alex@igalia.com>
1466
1467         Unreviewed Efl buildfix after r77399.
1468
1469         * CMakeListsEfl.txt:
1470
1471 2011-02-02  Kenneth Russell  <kbr@google.com>
1472
1473         Reviewed by James Robinson.
1474
1475         Rename Typed Array subset to subarray
1476         https://bugs.webkit.org/show_bug.cgi?id=53618
1477
1478         * html/canvas/Float32Array.cpp:
1479         (WebCore::Float32Array::subarray):
1480         * html/canvas/Float32Array.h:
1481         * html/canvas/Float32Array.idl:
1482         * html/canvas/Int16Array.cpp:
1483         (WebCore::Int16Array::subarray):
1484         * html/canvas/Int16Array.h:
1485         * html/canvas/Int16Array.idl:
1486         * html/canvas/Int32Array.cpp:
1487         (WebCore::Int32Array::subarray):
1488         * html/canvas/Int32Array.h:
1489         * html/canvas/Int32Array.idl:
1490         * html/canvas/Int8Array.cpp:
1491         (WebCore::Int8Array::subarray):
1492         * html/canvas/Int8Array.h:
1493         * html/canvas/Int8Array.idl:
1494         * html/canvas/TypedArrayBase.h:
1495         (WebCore::TypedArrayBase::subarrayImpl):
1496         * html/canvas/Uint16Array.cpp:
1497         (WebCore::Uint16Array::subarray):
1498         * html/canvas/Uint16Array.h:
1499         * html/canvas/Uint16Array.idl:
1500         * html/canvas/Uint32Array.cpp:
1501         (WebCore::Uint32Array::subarray):
1502         * html/canvas/Uint32Array.h:
1503         * html/canvas/Uint32Array.idl:
1504         * html/canvas/Uint8Array.cpp:
1505         (WebCore::Uint8Array::subarray):
1506         * html/canvas/Uint8Array.h:
1507         * html/canvas/Uint8Array.idl:
1508
1509 2011-02-02  Adam Barth  <abarth@webkit.org>
1510
1511         Reviewed by Eric Seidel.
1512
1513         Add an empty file for Content Security Policy
1514         https://bugs.webkit.org/show_bug.cgi?id=53573
1515
1516         Posting this as a separate patch because editing the build files is so
1517         painful.
1518
1519         * Android.mk:
1520         * CMakeLists.txt:
1521         * GNUmakefile.am:
1522         * WebCore.gypi:
1523         * WebCore.pro:
1524         * WebCore.vcproj/WebCore.vcproj:
1525         * WebCore.xcodeproj/project.pbxproj:
1526
1527 2011-02-02  Dan Winship  <danw@gnome.org>
1528
1529         Reviewed by Martin Robinson.
1530
1531         [GTK] remove old data: URI handler, fix the SoupRequest-based one
1532         to pass tests
1533         https://bugs.webkit.org/show_bug.cgi?id=50885
1534
1535         * platform/network/soup/ResourceHandleSoup.cpp:
1536         (WebCore::sendRequestCallback): Do content-type sniffing here for
1537         non-HTTP requests.
1538         (WebCore::startHTTPRequest): Rename to match WebKit style.
1539         (WebCore::ResourceHandle::start): Pass everything except HTTP to
1540         startNonHTTPRequest, letting the SoupRequester decide whether it's
1541         supported or not.
1542         (WebCore::startNonHTTPRequest): Remove some old pre-SoupRequester
1543         code that was a no-op for file: URIs, but would break some data:
1544         URIs.
1545
1546 2011-02-02  Dimitri Glazkov  <dglazkov@chromium.org>
1547
1548         Update even more references to right() and bottom() in Chromium. Sheesh.
1549
1550         * platform/graphics/chromium/LayerRendererChromium.cpp:
1551         (WebCore::LayerRendererChromium::getFramebufferPixels): Replaced bottom/right with maxY/maxX.
1552
1553 2011-02-02  Alejandro G. Castro  <alex@igalia.com>
1554
1555         Unreviewed Gtk3 buildfix after r77286.
1556
1557         https://bugs.webkit.org/show_bug.cgi?id=53520
1558         Remove the physical terminology from IntRect and FloatRect.
1559
1560         * platform/gtk/RenderThemeGtk3.cpp:
1561         (WebCore::RenderThemeGtk::paintMenuList):
1562
1563 2011-02-02  Anders Carlsson  <andersca@apple.com>
1564
1565         Fix build.
1566
1567         * platform/mac/ScrollAnimatorMac.mm:
1568         (WebCore::ScrollAnimatorMac::pinnedInDirection):
1569
1570 2011-02-02  David Hyatt  <hyatt@apple.com>
1571
1572         Reviewed by Dan Bernstein.
1573
1574         https://bugs.webkit.org/show_bug.cgi?id=53619
1575
1576         Floats should not use physical terminology for their rects. Replace left/top with x/y and right/bottom
1577         with maxX/maxY.  This matches IntRect.
1578
1579         * rendering/RenderBlock.cpp:
1580         (WebCore::RenderBlock::addOverflowFromFloats):
1581         (WebCore::RenderBlock::flipFloatForWritingMode):
1582         (WebCore::RenderBlock::paintFloats):
1583         (WebCore::RenderBlock::selectionGaps):
1584         (WebCore::RenderBlock::addOverhangingFloats):
1585         (WebCore::RenderBlock::addIntrudingFloats):
1586         (WebCore::RenderBlock::hitTestFloats):
1587         (WebCore::RenderBlock::adjustForBorderFit):
1588         * rendering/RenderBlock.h:
1589         (WebCore::RenderBlock::FloatingObject::x):
1590         (WebCore::RenderBlock::FloatingObject::maxX):
1591         (WebCore::RenderBlock::FloatingObject::y):
1592         (WebCore::RenderBlock::FloatingObject::maxY):
1593         (WebCore::RenderBlock::FloatingObject::setX):
1594         (WebCore::RenderBlock::FloatingObject::setY):
1595         (WebCore::RenderBlock::logicalTopForFloat):
1596         (WebCore::RenderBlock::logicalBottomForFloat):
1597         (WebCore::RenderBlock::logicalLeftForFloat):
1598         (WebCore::RenderBlock::logicalRightForFloat):
1599         (WebCore::RenderBlock::setLogicalTopForFloat):
1600         (WebCore::RenderBlock::setLogicalLeftForFloat):
1601         (WebCore::RenderBlock::xPositionForFloatIncludingMargin):
1602         (WebCore::RenderBlock::yPositionForFloatIncludingMargin):
1603
1604 2011-02-02  Dimitri Glazkov  <dglazkov@chromium.org>
1605
1606         Update more references to right() and bottom() in Chromium Win.
1607
1608         * platform/graphics/chromium/TransparencyWin.cpp:
1609         (WebCore::TransparencyWin::compositeOpaqueComposite): Replaced bottom/right with maxY/maxX.
1610         (WebCore::TransparencyWin::compositeTextComposite): Ditto.
1611         * rendering/RenderThemeChromiumWin.cpp:
1612         (WebCore::RenderThemeChromiumWin::paintMenuList): Ditto.
1613
1614 2011-02-02  Adam Roben  <aroben@apple.com>
1615
1616         Encode/decode FormData and FormDataElement objects consistently
1617
1618         Fixes <http://webkit.org/b/53615> <rdar://problem/8943346> WebKit2: Restoring session state
1619         that contains form data fails (asserts in Debug build)
1620
1621         To prevent this from interfering with WebKit2 testing, it's useful to get this into a build
1622         now, even though we don't have an automated test for it yet. Writing a test is covered by
1623         <http://webkit.org/b/53616>.
1624
1625         Reviewed by Darin Adler.
1626
1627         * history/HistoryItem.cpp: Bump the encoding version, since this patch changes how we encode
1628         FormData objects.
1629
1630         * platform/network/FormData.cpp:
1631         (WebCore::decode): Decode the type from the Decoder, rather than getting it from the
1632         default-constructed FormDataElement. Failing to do this meant that all future uses of the
1633         Decoder would be reading from an unexpected part of the buffer (i.e., the next decode would
1634         start by reading the uint32_t that we forgot to decode here, and so on). We already had code
1635         to correctly set the FormDataElement's type based on this decoded type later in the
1636         function.
1637         (WebCore::FormData::encodeForBackForward): Encode m_identifier as an int64_t, since that
1638         matches its type and how we decode it.
1639
1640 2011-02-02  Dan Winship  <danw@gnome.org>
1641
1642         Reviewed by Martin Robinson.
1643
1644         [GTK] drop soup cache stuff, which has been moved to libsoup
1645         https://bugs.webkit.org/show_bug.cgi?id=50747
1646
1647         Use libsoup-based cache/requester API and remove the WebCore version
1648         of this functionality. This has been pushed upstream fully.
1649
1650         No new tests because this should not change functionality.
1651
1652         * GNUmakefile.am: Update for removed files.
1653         * platform/network/ResourceHandleInternal.h:
1654         (WebCore::ResourceHandleInternal::ResourceHandleInternal): Update
1655         type names, drop m_requester.
1656         * platform/network/soup/ResourceHandleSoup.cpp:
1657         (WebCore::ensureSessionIsInitialized): Add a SoupRequester to the
1658         session.
1659         (WebCore::parseDataUrl):
1660         (WebCore::startHttp): Get the requester from the session rather
1661         than using m_requester.
1662         (WebCore::sendRequestCallback):
1663         (WebCore::ResourceHandle::platformSetDefersLoading):
1664         (WebCore::readCallback):
1665         (WebCore::startGio): Update type names.
1666         * platform/network/soup/cache/soup-directory-input-stream.c: Removed.
1667         * platform/network/soup/cache/soup-directory-input-stream.h: Removed.
1668         * platform/network/soup/cache/soup-http-input-stream.c: Removed.
1669         * platform/network/soup/cache/soup-http-input-stream.h: Removed.
1670         * platform/network/soup/cache/soup-request-data.c: Removed.
1671         * platform/network/soup/cache/soup-request-data.h: Removed.
1672         * platform/network/soup/cache/soup-request-file.c: Removed.
1673         * platform/network/soup/cache/soup-request-file.h: Removed.
1674         * platform/network/soup/cache/soup-request-http.c: Removed.
1675         * platform/network/soup/cache/soup-request-http.h: Removed.
1676         * platform/network/soup/cache/soup-request.c: Removed.
1677         * platform/network/soup/cache/soup-request.h: Removed.
1678         * platform/network/soup/cache/soup-requester.c: Removed.
1679         * platform/network/soup/cache/soup-requester.h: Removed.
1680         * platform/network/soup/cache/webkit/soup-cache-private.h: Removed.
1681         * platform/network/soup/cache/webkit/soup-cache.c: Removed.
1682         * platform/network/soup/cache/webkit/soup-cache.h: Removed.
1683
1684 2011-02-02  David Hyatt  <hyatt@apple.com>
1685
1686         Reviewed by Darin Adler.
1687
1688         https://bugs.webkit.org/show_bug.cgi?id=53520
1689
1690         Remove physical accessors from IntRect and FloatRect.
1691
1692         * page/FrameView.cpp:
1693         (WebCore::FrameView::adjustPageHeightDeprecated):
1694         * platform/graphics/FloatRect.h:
1695         * platform/graphics/IntRect.h:
1696
1697 2011-02-02  David Hyatt  <hyatt@apple.com>
1698
1699         Reviewed by Dan Bernstein.
1700
1701         https://bugs.webkit.org/show_bug.cgi?id=53614
1702
1703         Remove physical terminology from overflow.  Replace with minX/maxX/minY/maxY.
1704
1705         * rendering/InlineFlowBox.cpp:
1706         (WebCore::InlineFlowBox::addBoxShadowVisualOverflow):
1707         (WebCore::InlineFlowBox::addTextBoxVisualOverflow):
1708         * rendering/InlineFlowBox.h:
1709         (WebCore::InlineFlowBox::minYLayoutOverflow):
1710         (WebCore::InlineFlowBox::maxYLayoutOverflow):
1711         (WebCore::InlineFlowBox::minXLayoutOverflow):
1712         (WebCore::InlineFlowBox::maxXLayoutOverflow):
1713         (WebCore::InlineFlowBox::logicalLeftLayoutOverflow):
1714         (WebCore::InlineFlowBox::logicalRightLayoutOverflow):
1715         (WebCore::InlineFlowBox::logicalTopLayoutOverflow):
1716         (WebCore::InlineFlowBox::logicalBottomLayoutOverflow):
1717         (WebCore::InlineFlowBox::minYVisualOverflow):
1718         (WebCore::InlineFlowBox::maxYVisualOverflow):
1719         (WebCore::InlineFlowBox::minXVisualOverflow):
1720         (WebCore::InlineFlowBox::maxXVisualOverflow):
1721         (WebCore::InlineFlowBox::logicalLeftVisualOverflow):
1722         (WebCore::InlineFlowBox::logicalRightVisualOverflow):
1723         (WebCore::InlineFlowBox::logicalminYVisualOverflow):
1724         (WebCore::InlineFlowBox::logicalmaxYVisualOverflow):
1725         * rendering/RenderBlock.cpp:
1726         (WebCore::RenderBlock::adjustLinePositionForPagination):
1727         * rendering/RenderBlockLineLayout.cpp:
1728         (WebCore::RenderBlock::beforeSideVisualOverflowForLine):
1729         (WebCore::RenderBlock::afterSideVisualOverflowForLine):
1730         (WebCore::RenderBlock::beforeSideLayoutOverflowForLine):
1731         (WebCore::RenderBlock::afterSideLayoutOverflowForLine):
1732         * rendering/RenderBox.cpp:
1733         (WebCore::RenderBox::scrollWidth):
1734         (WebCore::RenderBox::scrollHeight):
1735         * rendering/RenderBox.h:
1736         (WebCore::RenderBox::minYLayoutOverflow):
1737         (WebCore::RenderBox::maxYLayoutOverflow):
1738         (WebCore::RenderBox::minXLayoutOverflow):
1739         (WebCore::RenderBox::maxXLayoutOverflow):
1740         (WebCore::RenderBox::logicalLeftLayoutOverflow):
1741         (WebCore::RenderBox::logicalRightLayoutOverflow):
1742         (WebCore::RenderBox::minYVisualOverflow):
1743         (WebCore::RenderBox::maxYVisualOverflow):
1744         (WebCore::RenderBox::minXVisualOverflow):
1745         (WebCore::RenderBox::maxXVisualOverflow):
1746         (WebCore::RenderBox::logicalLeftVisualOverflow):
1747         (WebCore::RenderBox::logicalRightVisualOverflow):
1748         * rendering/RenderInline.cpp:
1749         (WebCore::RenderInline::linesVisualOverflowBoundingBox):
1750         * rendering/RenderLayerCompositor.cpp:
1751         (WebCore::RenderLayerCompositor::ensureRootPlatformLayer):
1752         * rendering/RenderLineBoxList.cpp:
1753         (WebCore::RenderLineBoxList::anyLineIntersectsRect):
1754         (WebCore::RenderLineBoxList::lineIntersectsDirtyRect):
1755         (WebCore::RenderLineBoxList::paint):
1756         (WebCore::RenderLineBoxList::hitTest):
1757         * rendering/RenderMarquee.cpp:
1758         (WebCore::RenderMarquee::computePosition):
1759         * rendering/RenderOverflow.h:
1760         (WebCore::RenderOverflow::RenderOverflow):
1761         (WebCore::RenderOverflow::minYLayoutOverflow):
1762         (WebCore::RenderOverflow::maxYLayoutOverflow):
1763         (WebCore::RenderOverflow::minXLayoutOverflow):
1764         (WebCore::RenderOverflow::maxXLayoutOverflow):
1765         (WebCore::RenderOverflow::minYVisualOverflow):
1766         (WebCore::RenderOverflow::maxYVisualOverflow):
1767         (WebCore::RenderOverflow::minXVisualOverflow):
1768         (WebCore::RenderOverflow::maxXVisualOverflow):
1769         (WebCore::RenderOverflow::setminYVisualOverflow):
1770         (WebCore::RenderOverflow::visualOverflowRect):
1771         (WebCore::RenderOverflow::move):
1772         (WebCore::RenderOverflow::addVisualOverflow):
1773         (WebCore::RenderOverflow::setVisualOverflow):
1774         * rendering/RenderReplaced.cpp:
1775         (WebCore::RenderReplaced::shouldPaint):
1776         * rendering/RenderTable.cpp:
1777         (WebCore::RenderTable::layout):
1778         (WebCore::RenderTable::paint):
1779         * rendering/RenderTableCell.cpp:
1780         (WebCore::RenderTableCell::clippedOverflowRectForRepaint):
1781         * rendering/RenderTreeAsText.cpp:
1782         (WebCore::writeLayers):
1783         * rendering/RenderView.cpp:
1784         (WebCore::RenderView::docTop):
1785
1786 2011-02-02  Steve Lacey  <sjl@chromium.org>
1787
1788         Reviewed by Eric Carlson.
1789
1790         Implement basic media statistics on media elements.
1791         https://bugs.webkit.org/show_bug.cgi?id=53322
1792
1793         * Configurations/FeatureDefines.xcconfig:
1794         * GNUmakefile.am:
1795         * features.pri:
1796         * html/HTMLMediaElement.cpp:
1797         (WebCore::HTMLMediaElement::webkitAudioBytesDecoded):
1798         (WebCore::HTMLMediaElement::webkitVideoBytesDecoded):
1799         * html/HTMLMediaElement.h:
1800         * html/HTMLMediaElement.idl:
1801         * html/HTMLVideoElement.cpp:
1802         (WebCore::HTMLVideoElement::webkitDecodedFrames):
1803         (WebCore::HTMLVideoElement::webkitDroppedFrames):
1804         * html/HTMLVideoElement.h:
1805         * html/HTMLVideoElement.idl:
1806         * platform/graphics/MediaPlayer.cpp:
1807         (WebCore::MediaPlayer::decodedFrames):
1808         (WebCore::MediaPlayer::droppedFrames):
1809         (WebCore::MediaPlayer::audioBytesDecoded):
1810         (WebCore::MediaPlayer::videoBytesDecoded):
1811         * platform/graphics/MediaPlayer.h:
1812         * platform/graphics/MediaPlayerPrivate.h:
1813         (WebCore::MediaPlayerPrivateInterface::decodedFrames):
1814         (WebCore::MediaPlayerPrivateInterface::droppedFrames):
1815         (WebCore::MediaPlayerPrivateInterface::audioBytesDecoded):
1816         (WebCore::MediaPlayerPrivateInterface::videoBytesDecoded):
1817
1818 2011-02-02  Luiz Agostini  <luiz.agostini@openbossa.org>
1819
1820         Reviewed by David Hyatt.
1821
1822         More conversion from right()/bottom() to maxX()/maxY().
1823
1824         * page/qt/FrameQt.cpp:
1825         (WebCore::Frame::dragImageForSelection):
1826         * platform/graphics/qt/GraphicsContextQt.cpp:
1827         (WebCore::GraphicsContext::roundToDevicePixels):
1828
1829 2011-02-02  Kevin Ollivier  <kevino@theolliviers.com>
1830
1831         [wx] Build fixes for wxWebKit.
1832
1833         * bindings/cpp/WebDOMHTMLDocumentCustom.cpp:
1834         (documentWrite):
1835         * bindings/scripts/CodeGeneratorCPP.pm:
1836         * page/wx/DragControllerWx.cpp:
1837         (WebCore::DragController::dragOperation):
1838         * platform/graphics/wx/FontCustomPlatformData.h:
1839         * platform/graphics/wx/FontPlatformData.h:
1840         (WebCore::FontPlatformData::widthVariant):
1841         * platform/graphics/wx/FontPlatformDataWx.cpp:
1842         (WebCore::FontPlatformData::computeHash):
1843         * platform/graphics/wx/FontWx.cpp:
1844         * platform/graphics/wx/GraphicsContextWx.cpp:
1845         (WebCore::GraphicsContext::fillPath):
1846         (WebCore::GraphicsContext::strokePath):
1847         * platform/wx/RenderThemeWx.cpp:
1848
1849 2011-02-02  David Hyatt  <hyatt@apple.com>
1850
1851         Reviewed by Darin Adler.
1852
1853         More right()/bottom() to maxX()/maxY() conversion.
1854
1855         * page/chromium/FrameChromium.cpp:
1856         (WebCore::Frame::nodeImage):
1857         (WebCore::Frame::dragImageForSelection):
1858
1859 2011-02-02  Sam Weinig  <sam@webkit.org>
1860
1861         Fix windows clean build.
1862
1863         * DerivedSources.make:
1864
1865 2011-02-02  Mikhail Naganov  <mnaganov@chromium.org>
1866
1867         Reviewed by Pavel Feldman.
1868
1869         Web Inspector: [Chromium] Landing detailed heap snapshots, part 2.
1870
1871         https://bugs.webkit.org/show_bug.cgi?id=53606
1872
1873         Display progress while taking a snapshot, and hints while loading
1874         and parsing. This is needed because taking detailed heap snapshots
1875         takes time.
1876
1877         * English.lproj/localizedStrings.js:
1878         * inspector/front-end/DetailedHeapshotView.js:
1879         (WebInspector.DetailedHeapshotProfileType.prototype.buttonClicked):
1880         * inspector/front-end/ProfilesPanel.js:
1881         (WebInspector.ProfilesPanel.prototype._reset):
1882         (WebInspector.ProfilesPanel.prototype._addProfileHeader):
1883         (WebInspector.ProfilesPanel.prototype.getProfiles):
1884         (WebInspector.ProfilesPanel.prototype.loadHeapSnapshot):
1885         (WebInspector.ProfilesPanel.prototype._finishHeapSnapshot.doParse):
1886         (WebInspector.ProfilesPanel.prototype._finishHeapSnapshot):
1887         (WebInspector.ProfilesPanel.prototype.takeHeapSnapshot):
1888         (WebInspector.ProfilesPanel.prototype._reportHeapSnapshotProgress):
1889         * inspector/front-end/SidebarTreeElement.js:
1890         (WebInspector.SidebarTreeElement.prototype.refreshTitles):
1891
1892 2011-02-02  David Hyatt  <hyatt@apple.com>
1893
1894         Reviewed by Darin Adler.
1895
1896         More conversion from right()/bottom() to maxX()/maxY().
1897
1898         * platform/win/PopupMenuWin.cpp:
1899         (WebCore::PopupMenuWin::calculatePositionAndSize):
1900         (WebCore::PopupMenuWin::paint):
1901
1902 2011-02-02  David Hyatt  <hyatt@apple.com>
1903
1904         Reviewed by Darin Adler.
1905
1906         Removal of right()/bottom().  Replace with maxX() and maxY().  Still converting.  Haven't removed yet.
1907
1908         * platform/chromium/PopupMenuChromium.cpp:
1909         (WebCore::PopupContainer::layoutAndCalculateWidgetRect):
1910         (WebCore::PopupListBox::scrollToRevealRow):
1911         (WebCore::PopupListBox::layout):
1912         * platform/graphics/FloatRect.h:
1913         * platform/graphics/IntRect.h:
1914         * platform/graphics/cairo/ImageBufferCairo.cpp:
1915         (WebCore::getImageData):
1916         (WebCore::putImageData):
1917         * platform/graphics/chromium/GLES2Canvas.cpp:
1918         (WebCore::GLES2Canvas::drawTexturedRect):
1919         * platform/graphics/chromium/LayerRendererChromium.cpp:
1920         (WebCore::LayerRendererChromium::verticalScrollbarRect):
1921         (WebCore::LayerRendererChromium::horizontalScrollbarRect):
1922         (WebCore::LayerRendererChromium::setScissorToRect):
1923         (WebCore::LayerRendererChromium::setDrawViewportRect):
1924         * platform/graphics/chromium/LayerTilerChromium.cpp:
1925         (WebCore::LayerTilerChromium::contentRectToTileIndices):
1926         (WebCore::LayerTilerChromium::growLayerToContain):
1927         * platform/graphics/gpu/TilingData.cpp:
1928         (WebCore::TilingData::tileBoundsWithBorder):
1929         (WebCore::TilingData::overlappedTileIndices):
1930         * platform/graphics/qt/ImageBufferQt.cpp:
1931         (WebCore::getImageData):
1932         (WebCore::putImageData):
1933         * platform/graphics/skia/FloatRectSkia.cpp:
1934         (WebCore::FloatRect::operator SkRect):
1935         * platform/graphics/skia/ImageBufferSkia.cpp:
1936         (WebCore::getImageData):
1937         (WebCore::putImageData):
1938         * platform/graphics/skia/IntRectSkia.cpp:
1939         (WebCore::IntRect::operator SkIRect):
1940         (WebCore::IntRect::operator SkRect):
1941         * platform/graphics/skia/PlatformContextSkia.cpp:
1942         (WebCore::PlatformContextSkia::beginLayerClippedToImage):
1943         * platform/graphics/win/GraphicsContextWin.cpp:
1944         (WebCore::GraphicsContextPlatformPrivate::clip):
1945         * platform/graphics/win/IntRectWin.cpp:
1946         (WebCore::IntRect::operator RECT):
1947         * platform/graphics/win/UniscribeController.cpp:
1948         (WebCore::UniscribeController::shapeAndPlaceItem):
1949         * platform/graphics/wince/GraphicsContextWinCE.cpp:
1950         (WebCore::roundRect):
1951         (WebCore::mapRect):
1952         (WebCore::TransparentLayerDC::TransparentLayerDC):
1953         (WebCore::GraphicsContext::drawRect):
1954         (WebCore::GraphicsContext::drawEllipse):
1955         (WebCore::GraphicsContext::strokeArc):
1956         (WebCore::GraphicsContext::clip):
1957         (WebCore::GraphicsContext::clipOut):
1958         (WebCore::GraphicsContext::strokeRect):
1959         * platform/image-decoders/gif/GIFImageDecoder.cpp:
1960         (WebCore::GIFImageDecoder::initFrameBuffer):
1961         * platform/win/PopupMenuWin.cpp:
1962         (WebCore::PopupMenuWin::calculatePositionAndSize):
1963         (WebCore::PopupMenuWin::paint):
1964         * plugins/win/PluginViewWin.cpp:
1965         (WebCore::PluginView::updatePluginWidget):
1966         (WebCore::PluginView::invalidateRect):
1967         * rendering/RenderThemeSafari.cpp:
1968         (WebCore::RenderThemeSafari::paintMenuListButtonGradients):
1969         (WebCore::RenderThemeSafari::paintMenuListButton):
1970         (WebCore::RenderThemeSafari::paintSliderTrack):
1971         * rendering/RenderThemeWin.cpp:
1972         (WebCore::RenderThemeWin::paintInnerSpinButton):
1973         (WebCore::RenderThemeWin::paintMenuListButton):
1974
1975 2011-02-02  Antti Koivisto  <antti@apple.com>
1976
1977         Reviewed by Maciej Stachowiak.
1978
1979         Use Vector instead of a linked list for rules in CSSStyleSelector
1980         https://bugs.webkit.org/show_bug.cgi?id=53581
1981         
1982         - eliminate CSSRuleDataList, replace with Vector<RuleData>
1983         - rename CSSRuleData -> RuleData and CSSRuleSet -> RuleSet 
1984           (these are selector internal classes, CSS prefix is better reserved for public ones).
1985         - constify a bit
1986         - shrink the vectors to fit after collecting the rules
1987
1988         * css/CSSStyleSelector.cpp:
1989         (WebCore::RuleData::RuleData):
1990         (WebCore::RuleData::position):
1991         (WebCore::RuleData::rule):
1992         (WebCore::RuleData::selector):
1993         (WebCore::RuleSet::disableAutoShrinkToFit):
1994         (WebCore::RuleSet::getIDRules):
1995         (WebCore::RuleSet::getClassRules):
1996         (WebCore::RuleSet::getTagRules):
1997         (WebCore::RuleSet::getPseudoRules):
1998         (WebCore::RuleSet::getUniversalRules):
1999         (WebCore::RuleSet::getPageRules):
2000         (WebCore::collectSiblingRulesInDefaultStyle):
2001         (WebCore::CSSStyleSelector::CSSStyleSelector):
2002         (WebCore::loadFullDefaultStyle):
2003         (WebCore::loadSimpleDefaultStyle):
2004         (WebCore::loadViewSourceStyle):
2005         (WebCore::CSSStyleSelector::matchRules):
2006         (WebCore::CSSStyleSelector::matchRulesForList):
2007         (WebCore::operator >):
2008         (WebCore::operator <=):
2009         (WebCore::CSSStyleSelector::sortMatchedRules):
2010         (WebCore::CSSStyleSelector::matchUARules):
2011         (WebCore::RuleSet::RuleSet):
2012         (WebCore::RuleSet::~RuleSet):
2013         (WebCore::RuleSet::addToRuleSet):
2014         (WebCore::RuleSet::addRule):
2015         (WebCore::RuleSet::addPageRule):
2016         (WebCore::RuleSet::addRulesFromSheet):
2017         (WebCore::RuleSet::addStyleRule):
2018         (WebCore::collectIdsAndSiblingRulesFromList):
2019         (WebCore::RuleSet::collectIdsAndSiblingRules):
2020         (WebCore::shrinkMapVectorsToFit):
2021         (WebCore::RuleSet::shrinkToFit):
2022         (WebCore::CSSStyleSelector::matchPageRules):
2023         (WebCore::CSSStyleSelector::matchPageRulesForList):
2024         * css/CSSStyleSelector.h:
2025         (WebCore::CSSStyleSelector::addMatchedRule):
2026
2027 2011-02-02  Andrey Adaikin  <aandrey@google.com>
2028
2029         Reviewed by Pavel Feldman.
2030
2031         Web Inspector: Use DIVs instead of TABLE in TextViewer
2032         https://bugs.webkit.org/show_bug.cgi?id=53299
2033
2034         * inspector/front-end/SourceFrame.js:
2035         (WebInspector.SourceFrame.prototype._createTextViewer):
2036         (WebInspector.SourceFrame.prototype._mouseDown):
2037         * inspector/front-end/TextViewer.js:
2038         (WebInspector.TextViewer):
2039         (WebInspector.TextViewer.prototype.set mimeType):
2040         (WebInspector.TextViewer.prototype.revealLine):
2041         (WebInspector.TextViewer.prototype.addDecoration):
2042         (WebInspector.TextViewer.prototype.removeDecoration):
2043         (WebInspector.TextViewer.prototype.markAndRevealRange):
2044         (WebInspector.TextViewer.prototype.highlightLine):
2045         (WebInspector.TextViewer.prototype.clearLineHighlight):
2046         (WebInspector.TextViewer.prototype.freeCachedElements):
2047         (WebInspector.TextViewer.prototype._handleKeyDown):
2048         (WebInspector.TextViewer.prototype.editLine.finishEditing):
2049         (WebInspector.TextViewer.prototype.editLine):
2050         (WebInspector.TextViewer.prototype.beginUpdates):
2051         (WebInspector.TextViewer.prototype.endUpdates):
2052         (WebInspector.TextViewer.prototype.resize):
2053         (WebInspector.TextViewer.prototype._textChanged):
2054         (WebInspector.TextViewer.prototype._updatePanelOffsets):
2055         (WebInspector.TextViewer.prototype._syncScroll):
2056         (WebInspector.TextViewer.prototype._syncDecorationsForLine):
2057         (WebInspector.TextEditorChunkedPanel):
2058         (WebInspector.TextEditorChunkedPanel.prototype.set syncScrollListener):
2059         (WebInspector.TextEditorChunkedPanel.prototype.get textModel):
2060         (WebInspector.TextEditorChunkedPanel.prototype.addDecoration):
2061         (WebInspector.TextEditorChunkedPanel.prototype.removeDecoration):
2062         (WebInspector.TextEditorChunkedPanel.prototype.revealLine):
2063         (WebInspector.TextEditorChunkedPanel.prototype.makeLineAChunk):
2064         (WebInspector.TextEditorChunkedPanel.prototype.textChanged):
2065         (WebInspector.TextEditorChunkedPanel.prototype.beginUpdates):
2066         (WebInspector.TextEditorChunkedPanel.prototype.endUpdates):
2067         (WebInspector.TextEditorChunkedPanel.prototype.resize):
2068         (WebInspector.TextEditorChunkedPanel.prototype._scroll):
2069         (WebInspector.TextEditorChunkedPanel.prototype._scheduleRepaintAll):
2070         (WebInspector.TextEditorChunkedPanel.prototype._buildChunks):
2071         (WebInspector.TextEditorChunkedPanel.prototype._repaintAll):
2072         (WebInspector.TextEditorChunkedPanel.prototype._chunkNumberForLine):
2073         (WebInspector.TextEditorChunkedPanel.prototype._chunkForLine):
2074         (WebInspector.TextEditorGutterPanel):
2075         (WebInspector.TextEditorGutterPanel.prototype.freeCachedElements):
2076         (WebInspector.TextEditorGutterPanel.prototype._createNewChunk):
2077         (WebInspector.TextEditorGutterPanel.prototype._expandChunks):
2078         (WebInspector.TextEditorGutterChunk):
2079         (WebInspector.TextEditorGutterChunk.prototype.get expanded):
2080         (WebInspector.TextEditorGutterChunk.prototype.set expanded):
2081         (WebInspector.TextEditorGutterChunk.prototype.get height):
2082         (WebInspector.TextEditorGutterChunk.prototype._createRow):
2083         (WebInspector.TextEditorMainPanel):
2084         (WebInspector.TextEditorMainPanel.prototype.set syncDecorationsForLine):
2085         (WebInspector.TextEditorMainPanel.prototype.set mimeType):
2086         (WebInspector.TextEditorMainPanel.prototype.markAndRevealRange):
2087         (WebInspector.TextEditorMainPanel.prototype.highlightLine):
2088         (WebInspector.TextEditorMainPanel.prototype.clearLineHighlight):
2089         (WebInspector.TextEditorMainPanel.prototype.freeCachedElements):
2090         (WebInspector.TextEditorMainPanel.prototype._buildChunks):
2091         (WebInspector.TextEditorMainPanel.prototype._createNewChunk):
2092         (WebInspector.TextEditorMainPanel.prototype._expandChunks):
2093         (WebInspector.TextEditorMainPanel.prototype._highlightDataReady):
2094         (WebInspector.TextEditorMainPanel.prototype._paintLines):
2095         (WebInspector.TextEditorMainPanel.prototype._paintLine):
2096         (WebInspector.TextEditorMainPanel.prototype._releaseLinesHighlight):
2097         (WebInspector.TextEditorMainPanel.prototype._getSelection):
2098         (WebInspector.TextEditorMainPanel.prototype._restoreSelection):
2099         (WebInspector.TextEditorMainPanel.prototype._selectionToPosition):
2100         (WebInspector.TextEditorMainPanel.prototype._positionToSelection):
2101         (WebInspector.TextEditorMainPanel.prototype._appendTextNode):
2102         (WebInspector.TextEditorMainPanel.prototype._handleDomUpdates):
2103         (WebInspector.TextEditorMainChunk):
2104         (WebInspector.TextEditorMainChunk.prototype.addDecoration):
2105         (WebInspector.TextEditorMainChunk.prototype.set expanded):
2106         (WebInspector.TextEditorMainChunk.prototype.get height):
2107         (WebInspector.TextEditorMainChunk.prototype.getExpandedLineRow):
2108         (WebInspector.TextEditorMainChunk.prototype._createRow):
2109         (WebInspector):
2110         * inspector/front-end/textViewer.css:
2111         (.text-editor-lines):
2112         (.text-editor-contents):
2113         (.text-editor-editable):
2114         (.webkit-line-decorations):
2115         (.webkit-line-number):
2116         (.webkit-execution-line.webkit-line-content):
2117         (.diff-container .webkit-added-line.webkit-line-content):
2118         (.diff-container .webkit-removed-line.webkit-line-content):
2119         (.diff-container .webkit-changed-line.webkit-line-content):
2120         (.webkit-highlighted-line.webkit-line-content):
2121
2122 2011-02-02  Hans Wennborg  <hans@chromium.org>
2123
2124         Reviewed by Jeremy Orlow.
2125
2126         IndexedDB: Implement support for cursor updates
2127         https://bugs.webkit.org/show_bug.cgi?id=53421
2128
2129         Implement support for cursor updates using the same pattern as cursor
2130         deletes: forward the calls to the IDBObjectStoreBackend::put().
2131         The put() function's signature needs to be changed to allow for a
2132         "cursor update mode". This makes the signature more clear anyway,
2133         since it replaces the boolean parameter.
2134
2135         Test: storage/indexeddb/cursor-update.html
2136
2137         * storage/IDBCursor.idl:
2138         * storage/IDBCursorBackendImpl.cpp:
2139         (WebCore::IDBCursorBackendImpl::key):
2140         (WebCore::IDBCursorBackendImpl::update):
2141         * storage/IDBCursorBackendImpl.h:
2142         * storage/IDBObjectStore.cpp:
2143         (WebCore::IDBObjectStore::add):
2144         (WebCore::IDBObjectStore::put):
2145         * storage/IDBObjectStoreBackendImpl.cpp:
2146         (WebCore::IDBObjectStoreBackendImpl::put):
2147         (WebCore::IDBObjectStoreBackendImpl::putInternal):
2148         * storage/IDBObjectStoreBackendImpl.h:
2149         * storage/IDBObjectStoreBackendInterface.h:
2150
2151 2011-02-02  Naoki Takano  <takano.naoki@gmail.com>
2152
2153         Reviewed by Kent Tamura.
2154
2155         Fix popup menu RTL bug introduced by Changeset 75982.
2156         https://bugs.webkit.org/show_bug.cgi?id=53567
2157
2158         PopupMenuChromium::layout() calculates X position according to RTL or not. So Change the X position calculation in layoutAndCalculateWidgetRect().
2159
2160         No new tests. However we can check manually with select_dropdown_box_alignment.html, autofill_alignment.html, select_alignment.html, select_dropdown_box_alignment.html, autofill-popup-width-and-item-direction.html
2161
2162         * platform/chromium/PopupMenuChromium.cpp:
2163         (WebCore::PopupContainer::layoutAndCalculateWidgetRect): Fix calculation of x position, because layout() considers RTL. And change the parameter from both X and Y positions to only Y position.
2164         (WebCore::PopupContainer::showPopup): Change the passing parameter.
2165         (WebCore::PopupContainer::refresh): Change the passing parameter.
2166         * platform/chromium/PopupMenuChromium.h: Change the parameter declaration.
2167
2168 2011-02-02  Alejandro G. Castro  <alex@igalia.com>
2169
2170         Reviewed by Martin Robinson.
2171
2172         [GTK] Fix dist compilation
2173         https://bugs.webkit.org/show_bug.cgi?id=53579
2174
2175         * GNUmakefile.am: Added FontWidthVariant.h to the sources, it was
2176         added in r77153.
2177
2178 2011-02-02  Dai Mikurube  <dmikurube@google.com>
2179
2180         Reviewed by David Levin.
2181
2182         Make mime type lookup in File::create(path) thread-safe
2183         https://bugs.webkit.org/show_bug.cgi?id=47700
2184
2185         This patch introduces a new function MIMETypeRegistry::getMIMETypeForExtensionThreadSafe().
2186         The function is to be called as a thread-safe version of getMIMETypeForExtension() when
2187         both FILE_SYSTEM and WORKERS are enabled.
2188
2189         No tests for this patch. This patch itself doesn't change the behaviors.
2190         For Chromium, it runs in the same way with getMIMETypeForExtensionThreadSafe().
2191         For the other platforms, it causes compilation error in case of enabled FILE_SYSTEM and WORKERS.
2192         The compilation error would be a signal to implement getMIMETypeForExtensionThreadSafe() in these
2193         platforms. Currently it doesn't happen since FILE_SYSTEM is not available in the other platforms.
2194
2195         * platform/MIMETypeRegistry.cpp: Defined generic getMIMETypeForExtension() calling getMIMETypeForExtensionThreadSafe() for enabled FILE_SYSTEM and WORKERS.
2196         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
2197         * platform/MIMETypeRegistry.h: Declared getMIMETypeForExtensionThreadSafe() which should be implemented for each platform.
2198         * platform/android/TemporaryLinkStubs.cpp:
2199         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
2200         * platform/brew/MIMETypeRegistryBrew.cpp:
2201         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
2202         * platform/chromium/MIMETypeRegistryChromium.cpp: Defined getMIMETypeForExtensionThreadSafe() for the case when FILE_SYSTEM and WORKERS are enabled.
2203         (WebCore::MIMETypeRegistry::getMIMETypeForExtensionThreadSafe):
2204         * platform/efl/MIMETypeRegistryEfl.cpp:
2205         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
2206         * platform/gtk/MIMETypeRegistryGtk.cpp:
2207         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
2208         * platform/haiku/MIMETypeRegistryHaiku.cpp:
2209         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
2210         * platform/mac/MIMETypeRegistryMac.mm:
2211         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
2212         * platform/qt/MIMETypeRegistryQt.cpp:
2213         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
2214         * platform/win/MIMETypeRegistryWin.cpp:
2215         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
2216         * platform/wince/MIMETypeRegistryWinCE.cpp:
2217         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
2218         * platform/wx/MimeTypeRegistryWx.cpp:
2219         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
2220
2221 2011-02-01  Adam Barth  <abarth@webkit.org>
2222
2223         Reviewed by Alexey Proskuryakov.
2224
2225         Improve readability of updateWidget by converting bool parameter to an enum
2226         https://bugs.webkit.org/show_bug.cgi?id=53576
2227
2228         As requested on webkit-dev.
2229
2230         * html/HTMLEmbedElement.cpp:
2231         (WebCore::HTMLEmbedElement::updateWidget):
2232         * html/HTMLEmbedElement.h:
2233         * html/HTMLMediaElement.cpp:
2234         (WebCore::HTMLMediaElement::updateWidget):
2235         * html/HTMLMediaElement.h:
2236         * html/HTMLObjectElement.cpp:
2237         (WebCore::HTMLObjectElement::updateWidget):
2238         * html/HTMLObjectElement.h:
2239         * html/HTMLPlugInImageElement.cpp:
2240         (WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary):
2241         * html/HTMLPlugInImageElement.h:
2242         * page/FrameView.cpp:
2243         (WebCore::FrameView::updateWidget):
2244
2245 2011-02-01  James Robinson  <jamesr@chromium.org>
2246
2247         Reviewed by Adam Barth.
2248
2249         [v8] Increase V8 native->js recursion limit to match document.write() recursion limit
2250         https://bugs.webkit.org/show_bug.cgi?id=53566
2251
2252         A recursion limit of 22 is necessary to pass fast/dom/Document/document-write-recursion.html.
2253         Other than being large enough for this one test case, this limit is arbitrary.
2254
2255         * bindings/v8/V8Proxy.h:
2256
2257 2011-02-01  Adam Barth  <abarth@webkit.org>
2258
2259         Reviewed by Andreas Kling.
2260
2261         Remove useless comment
2262         https://bugs.webkit.org/show_bug.cgi?id=53549
2263
2264         The reason for this parameter is captured in
2265         plugins/netscape-plugin-setwindow-size.html, which is a better place to
2266         capture it than in this comment (which otherwise just re-iterates the
2267         name of the parameter).
2268
2269         * html/HTMLPlugInImageElement.cpp:
2270         (WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary):
2271
2272 2011-02-01  James Simonsen  <simonjam@chromium.org>
2273
2274         Reviewed by Tony Gentilcore.
2275
2276         [WebTiming] Remove asserts that verify timestamp order
2277         https://bugs.webkit.org/show_bug.cgi?id=53548
2278
2279         Covered by existing tests.
2280
2281         * loader/FrameLoader.cpp:
2282         (WebCore::FrameLoader::stopLoading): Remove assert.
2283         * page/DOMWindow.cpp:
2284         (WebCore::DOMWindow::dispatchTimedEvent): Ditto.
2285
2286 2011-02-01  Dimitri Glazkov  <dglazkov@chromium.org>
2287
2288         Add the 'default_targets' enclosure to the flags.
2289
2290         * WebCore.gyp/WebCore.gyp: Did it.
2291
2292 2011-02-01  Mihai Parparita  <mihaip@chromium.org>
2293
2294         Reviewed by James Robinson.
2295
2296         Async event handlers should not fire within a modal dialog
2297         https://bugs.webkit.org/show_bug.cgi?id=53202
2298
2299         Asychronous events that use EventQueue would currently fire while a
2300         modal dialog (e.g. window.alert()) was up. Change EventQueue to use a
2301         SuspendableTimer (which automatically gets suspended while dialogs are
2302         up and in other cases where JS execution is not allowed).
2303         
2304         Test: fast/events/scroll-event-during-modal-dialog.html
2305
2306         * dom/Document.cpp:
2307         (WebCore::Document::Document):
2308         * dom/EventQueue.cpp:
2309         (WebCore::EventQueueTimer::EventQueueTimer):
2310         (WebCore::EventQueueTimer::fired):
2311         (WebCore::EventQueue::EventQueue):
2312         (WebCore::EventQueue::enqueueEvent):
2313         (WebCore::EventQueue::pendingEventTimerFired):
2314         * dom/EventQueue.h:
2315         (WebCore::EventQueue::create):
2316         * page/SuspendableTimer.cpp:
2317         (WebCore::SuspendableTimer::SuspendableTimer):
2318         (WebCore::SuspendableTimer::suspend):
2319         (WebCore::SuspendableTimer::resume):
2320         * page/SuspendableTimer.h:
2321
2322 2011-02-01  Patrick Gansterer  <paroga@webkit.org>
2323
2324         Reviewed by Andreas Kling.
2325
2326         Change wrong PLATFORM(WIN) to USE(WININET)
2327         https://bugs.webkit.org/show_bug.cgi?id=53547
2328
2329         * platform/network/ResourceHandle.h:
2330
2331 2011-02-01  Beth Dakin  <bdakin@apple.com>
2332
2333         32-bit build fix.
2334
2335         * platform/mac/ScrollAnimatorMac.mm:
2336         (-[ScrollbarPainterControllerDelegate contentAreaRectForScrollerImpPair:]):
2337
2338 2011-01-25  Martin Robinson  <mrobinson@igalia.com>
2339
2340         Reviewed by Gustavo Noronha Silva.
2341
2342         [GTK] Two tests crash after r76555
2343         https://bugs.webkit.org/show_bug.cgi?id=53057
2344
2345         Instead of creating synchronous ResourceHandles manually, use the ::create factory.
2346         This ensures that ::start() is not called when there is a scheduled failure and also
2347         reduces code duplication.
2348
2349         * platform/network/soup/ResourceHandleSoup.cpp:
2350         (WebCore::ResourceHandle::loadResourceSynchronously): Use the ::create factory method.
2351
2352 2011-02-01  Martin Robinson  <mrobinson@igalia.com>
2353
2354         Reviewed by Eric Seidel.
2355
2356         [GTK] GObject DOM bindings do no support the CallWith attribute
2357         https://bugs.webkit.org/show_bug.cgi?id=53331
2358
2359         Disable building GObject DOM bindings for IndexedDB because we do not support
2360         the CallWith attribute at this time.
2361
2362         * bindings/gobject/GNUmakefile.am: Disable building bindings for the IndexedDB API.
2363
2364 2011-02-01  Darin Adler  <darin@apple.com>
2365
2366         Reviewed by Brady Eidson.
2367
2368         Fix a couple loose ends from the back/forward tree encode/decode work
2369         https://bugs.webkit.org/show_bug.cgi?id=53537
2370
2371         * history/HistoryItem.cpp:
2372         (WebCore::HistoryItem::encodeBackForwardTreeNode): Remove extra copy of
2373         original URL string; no need to encode it twice.
2374         (WebCore::HistoryItem::decodeBackForwardTree): Ditto.
2375         * history/HistoryItem.h: Removed declaration for function that is no
2376         longer defined nor used.
2377
2378 2011-02-01  Tony Chang  <tony@chromium.org>
2379
2380         Reviewed by Kent Tamura.
2381
2382         [chromium] disable arm uninitialized variable warnings
2383         https://bugs.webkit.org/show_bug.cgi?id=53553
2384
2385         We just got another error:
2386         third_party/WebKit/Source/WebCore/css/CSSPrimitiveValue.cpp:123:error:
2387         'colorTransparent.unstatic.4879' may be used uninitialized in this
2388         function
2389
2390         * WebCore.gyp/WebCore.gyp:
2391
2392 2011-02-01  chris reiss  <christopher.reiss@nokia.com>
2393
2394         Reviewed by Adam Barth.
2395
2396         Self-replicating code makes Safari hang and eventually crash
2397         https://bugs.webkit.org/show_bug.cgi?id=15123
2398
2399        
2400         Here we are replicating the Firefox safeguard against
2401         recursive document.write( ) 's.
2402
2403         See  https://bug197052.bugzilla.mozilla.org/attachment.cgi?id=293907 in bug 
2404         https://bugzilla.mozilla.org/show_bug.cgi?id=197052 .   Firefox does two things - 
2405             a) imposes a recursion limit of 20 on document.write( ) and
2406             b) once that limit is passed, panics all the way the call stack (rather than just returning one level.)
2407         To see why this is necessary, consider the script : 
2408
2409         <script>
2410            var t = document.body.innerHTML;
2411            document.write(t);
2412         </script> 
2413
2414         This will create a tree both broad and deep as the script keeps appending itself to the text.   If
2415         we just return one level after the recursion limit is reached, we still allow millions of copies to 
2416         duplicate (and execute).   
2417
2418         The recursion is fortunately depth-first, so as soon as we cross this limit, we panic up the callstack
2419         to prevent this situation.    (IE apparently does the same thing, with a lower recursion limit.) 
2420
2421         Test: fast/dom/Document/document-write-recursion.html        
2422         Test: fast/dom/Document/document-close-iframe-load.html
2423         Test: fast/dom/Document/document-close-nested-iframe-load.html
2424
2425
2426         * dom/Document.cpp:
2427         (WebCore::Document::Document):
2428         (WebCore::Document::write):
2429         * dom/Document.h:
2430
2431 2011-02-01  Johnny Ding  <jnd@chromium.org>
2432
2433         Reviewed by Darin Adler.
2434
2435         Don't set user gesture in HTMLAnchorElement's click handler because the click handler can be triggered by untrusted event.
2436         https://bugs.webkit.org/show_bug.cgi?id=53424
2437
2438         Test: fast/events/popup-blocked-from-untrusted-click-event-on-anchor.html
2439
2440         * html/HTMLAnchorElement.cpp:
2441         (WebCore::handleLinkClick):
2442
2443 2011-02-01  Csaba Osztrogon√°c  <ossy@webkit.org>
2444
2445         Unreviewed Qt buildfix after r77286.
2446
2447         https://bugs.webkit.org/show_bug.cgi?id=53520 
2448         Remove the physical terminology from IntRect and FloatRect.
2449
2450         * platform/graphics/TiledBackingStore.cpp:
2451         (WebCore::TiledBackingStore::createTiles):
2452
2453 2011-02-01  Sam Weinig  <sam@webkit.org>
2454
2455         Fix Mac production builds.
2456
2457         * DerivedSources.make:
2458         * WebCore.xcodeproj/project.pbxproj:
2459         * platform/mac/ScrollAnimatorMac.h:
2460         * platform/mac/ScrollbarThemeMac.h:
2461
2462 2011-02-01  Darin Adler  <darin@apple.com>
2463
2464         Reviewed by Chris Fleizach.
2465
2466         REGRESSION: Removing focus from area element causes unwanted scrolling
2467         https://bugs.webkit.org/show_bug.cgi?id=50169
2468
2469         Test: fast/images/imagemap-scroll.html
2470
2471         * html/HTMLAreaElement.cpp:
2472         (WebCore::HTMLAreaElement::setFocus): Added override. Calls the new
2473         RenderImage::areaElementFocusChanged function.
2474         (WebCore::HTMLAreaElement::updateFocusAppearance): Removed the code
2475         here that calls setNeedsLayout on the image's renderer. This was an
2476         attempt to cause repaint of the renderer, but this function does not
2477         need to do that. Also changed this to use the imageElement function
2478         to avoid repeating code.
2479
2480         * html/HTMLAreaElement.h: Updated for above changes.
2481
2482         * rendering/RenderImage.cpp:
2483         (WebCore::RenderImage::paint): Updated for name change.
2484         (WebCore::RenderImage::paintAreaElementFocusRing): Renamed this from
2485         paintFocusRing, because it only paints area focus rings, and should
2486         not be confused with paintFocusRing functions in other classes. Also
2487         removed the unused style argument. Removed the code that used an
2488         HTMLCollection to see if the focused area element is for this image
2489         and instead just call imageElement on the area element.
2490         (WebCore::RenderImage::areaElementFocusChanged): Added. Calls repaint.
2491
2492         * rendering/RenderImage.h: Added a public areaElementFocusChanged
2493         function for HTMLAreaElement to call. Made the paintFocusRing function
2494         private, renamed it to paintAreaElementFocusRing, and removed its
2495         unused style argument.
2496
2497 2011-02-01  Patrick Gansterer  <paroga@webkit.org>
2498
2499         Unreviewed WinCE build fix for r77286.
2500
2501         * platform/graphics/wince/GraphicsContextWinCE.cpp:
2502         (WebCore::TransparentLayerDC::TransparentLayerDC):
2503
2504 2011-02-01  Chris Fleizach  <cfleizach@apple.com>
2505
2506         Reviewed by Darin Adler.
2507
2508         AX: AXPosition of AXScrollArea is wrong
2509         https://bugs.webkit.org/show_bug.cgi?id=53511
2510
2511         AccessibilityScrollView needed to return a valid documentFrameView() object.
2512         At the same time, the code from document() should be consolidated in 
2513         AccessibilityObject, so all objects can use it.
2514
2515         Test: platform/mac/accessibility/webkit-scrollarea-position.html
2516
2517         * accessibility/AccessibilityObject.cpp:
2518         (WebCore::AccessibilityObject::document):
2519         * accessibility/AccessibilityObject.h:
2520         * accessibility/AccessibilityScrollView.cpp:
2521         (WebCore::AccessibilityScrollView::accessibilityHitTest):
2522         (WebCore::AccessibilityScrollView::documentFrameView):
2523         * accessibility/AccessibilityScrollView.h:
2524
2525 2011-02-01  Zhenyao Mo  <zmo@google.com>
2526
2527         Reviewed by Kenneth Russell.
2528
2529         getUniform should support SAMPLER_2D or SAMPLER_CUBE
2530         https://bugs.webkit.org/show_bug.cgi?id=52190
2531
2532         * html/canvas/WebGLRenderingContext.cpp:
2533         (WebCore::WebGLRenderingContext::getUniform):
2534
2535 2011-02-01  Zhenyao Mo  <zmo@google.com>
2536
2537         Reviewed by Darin Adler.
2538
2539         Fix the incorrect usage of RetainPtr cases in GraphicsContext3DCG.cpp
2540         https://bugs.webkit.org/show_bug.cgi?id=53531
2541
2542         With this fix, running WebGL conformance tests should no longer crash randomly.
2543
2544         * platform/graphics/cg/GraphicsContext3DCG.cpp:
2545         (WebCore::GraphicsContext3D::getImageData):
2546
2547 2011-02-01  Dimitri Glazkov  <dglazkov@chromium.org>
2548
2549         One more Chromium build fix after r77286.
2550
2551         * platform/chromium/ScrollbarThemeChromiumMac.mm:
2552         (WebCore::ScrollbarThemeChromiumMac::paint): Changed to not use topLeft().
2553
2554 2011-02-01  Sam Weinig  <sam@webkit.org>
2555
2556         Fix the build for Beth.
2557
2558         * platform/mac/ScrollAnimatorMac.mm:
2559         (-[ScrollbarPainterControllerDelegate inLiveResizeForScrollerImpPair:]):
2560
2561 2011-02-01  Sam Weinig  <sam@webkit.org>
2562
2563         Reviewed by Beth Dakin.
2564
2565         Part 2 for <rdar://problem/8492788>
2566         Adopt WKScrollbarPainterController
2567
2568         Use header detection to define scrollbar painting controller #define.
2569
2570         * WebCore.exp.in:
2571         * platform/mac/ScrollAnimatorMac.h:
2572         * platform/mac/ScrollbarThemeMac.h:
2573         * platform/mac/WebCoreSystemInterface.h:
2574         * platform/mac/WebCoreSystemInterface.mm:
2575
2576 2011-02-01  David Hyatt  <hyatt@apple.com>
2577
2578         Reviewed by Oliver Hunt.
2579
2580         https://bugs.webkit.org/show_bug.cgi?id=53520
2581         
2582         Remove the physical terminology from IntRect and FloatRect.
2583         
2584         Now that we have flipped RenderBlocks for vertical-rl and horizontal-bt writing modes,
2585         we need to update our terminology to be more accurate.
2586
2587         I'm borrowing a page from AppKit here (which also supports flipped NSViews) and
2588         renaming right() and bottom() to maxX() and maxY().  These terms remain accurate
2589         even for flipped rectangles.
2590
2591         * accessibility/AccessibilityRenderObject.cpp:
2592         (WebCore::AccessibilityRenderObject::boundsForVisiblePositionRange):
2593         * accessibility/mac/AccessibilityObjectWrapper.mm:
2594         (-[AccessibilityObjectWrapper position]):
2595         * dom/ClientRect.h:
2596         (WebCore::ClientRect::right):
2597         (WebCore::ClientRect::bottom):
2598         * html/HTMLCanvasElement.cpp:
2599         (WebCore::HTMLCanvasElement::convertLogicalToDevice):
2600         * html/canvas/CanvasRenderingContext2D.cpp:
2601         (WebCore::normalizeRect):
2602         * inspector/InspectorAgent.cpp:
2603         (WebCore::InspectorAgent::drawElementTitle):
2604         * page/DOMWindow.cpp:
2605         (WebCore::DOMWindow::adjustWindowRect):
2606         * page/DragController.cpp:
2607         (WebCore::dragLocForSelectionDrag):
2608         * page/EventHandler.cpp:
2609         (WebCore::EventHandler::sendContextMenuEventForKey):
2610         * page/PrintContext.cpp:
2611         (WebCore::PrintContext::computePageRectsWithPageSizeInternal):
2612         (WebCore::PrintContext::pageNumberForElement):
2613         * page/SpatialNavigation.cpp:
2614         (WebCore::end):
2615         (WebCore::areRectsFullyAligned):
2616         (WebCore::areRectsMoreThanFullScreenApart):
2617         (WebCore::below):
2618         (WebCore::rightOf):
2619         (WebCore::isRectInDirection):
2620         (WebCore::entryAndExitPointsForDirection):
2621         (WebCore::virtualRectForDirection):
2622         * page/WindowFeatures.cpp:
2623         (WebCore::WindowFeatures::WindowFeatures):
2624         * platform/ScrollView.cpp:
2625         (WebCore::ScrollView::wheelEvent):
2626         * platform/Scrollbar.cpp:
2627         (WebCore::Scrollbar::setFrameRect):
2628         * platform/ScrollbarThemeComposite.cpp:
2629         (WebCore::ScrollbarThemeComposite::splitTrack):
2630         * platform/chromium/ScrollbarThemeChromium.cpp:
2631         (WebCore::ScrollbarThemeChromium::paintTickmarks):
2632         * platform/graphics/FloatQuad.h:
2633         (WebCore::FloatQuad::FloatQuad):
2634         * platform/graphics/FloatRect.cpp:
2635         (WebCore::FloatRect::intersects):
2636         (WebCore::FloatRect::contains):
2637         (WebCore::FloatRect::intersect):
2638         (WebCore::FloatRect::unite):
2639         (WebCore::enclosingIntRect):
2640         * platform/graphics/FloatRect.h:
2641         (WebCore::FloatRect::maxX):
2642         (WebCore::FloatRect::maxY):
2643         (WebCore::FloatRect::contains):
2644         * platform/graphics/IntRect.cpp:
2645         (WebCore::IntRect::intersects):
2646         (WebCore::IntRect::contains):
2647         (WebCore::IntRect::intersect):
2648         (WebCore::IntRect::unite):
2649         * platform/graphics/IntRect.h:
2650         (WebCore::IntRect::maxX):
2651         (WebCore::IntRect::maxY):
2652         (WebCore::IntRect::shiftXEdgeTo):
2653         (WebCore::IntRect::shiftMaxXEdgeTo):
2654         (WebCore::IntRect::shiftYEdgeTo):
2655         (WebCore::IntRect::shiftMaxYEdgeTo):
2656         (WebCore::IntRect::contains):
2657         * platform/graphics/WidthIterator.cpp:
2658         (WebCore::WidthIterator::advance):
2659         * platform/graphics/cg/GraphicsContextCG.cpp:
2660         (WebCore::GraphicsContext::drawRect):
2661         (WebCore::GraphicsContext::fillPath):
2662         (WebCore::GraphicsContext::fillRect):
2663         * platform/graphics/cg/ImageBufferCG.cpp:
2664         (WebCore::getImageData):
2665         (WebCore::putImageData):
2666         * platform/graphics/cg/ImageCG.cpp:
2667         (WebCore::BitmapImage::draw):
2668         * platform/graphics/filters/FilterEffect.cpp:
2669         (WebCore::FilterEffect::copyImageBytes):
2670         * platform/graphics/mac/ComplexTextController.cpp:
2671         (WebCore::ComplexTextController::adjustGlyphsAndAdvances):
2672         * platform/graphics/mac/SimpleFontDataMac.mm:
2673         (WebCore::SimpleFontData::platformBoundsForGlyph):
2674         * platform/graphics/transforms/AffineTransform.cpp:
2675         (WebCore::AffineTransform::mapRect):
2676         * platform/graphics/win/FontCGWin.cpp:
2677         (WebCore::drawGDIGlyphs):
2678         * platform/graphics/win/MediaPlayerPrivateQuickTimeWin.cpp:
2679         (WebCore::MediaPlayerPrivate::paint):
2680         * platform/gtk/RenderThemeGtk.cpp:
2681         (WebCore::centerRectVerticallyInParentInputElement):
2682         * platform/mac/WidgetMac.mm:
2683         (WebCore::Widget::paint):
2684         * rendering/InlineFlowBox.cpp:
2685         (WebCore::InlineFlowBox::addBoxShadowVisualOverflow):
2686         (WebCore::InlineFlowBox::addTextBoxVisualOverflow):
2687         * rendering/InlineTextBox.cpp:
2688         (WebCore::InlineTextBox::selectionRect):
2689         (WebCore::InlineTextBox::paint):
2690         (WebCore::InlineTextBox::positionForOffset):
2691         * rendering/RenderBlock.cpp:
2692         (WebCore::RenderBlock::addOverflowFromChildren):
2693         (WebCore::RenderBlock::paintChildren):
2694         (WebCore::RenderBlock::paintEllipsisBoxes):
2695         (WebCore::RenderBlock::inlineSelectionGaps):
2696         (WebCore::RenderBlock::adjustPointToColumnContents):
2697         (WebCore::RenderBlock::flipForWritingModeIncludingColumns):
2698         (WebCore::RenderBlock::adjustForColumns):
2699         * rendering/RenderBlock.h:
2700         (WebCore::RenderBlock::FloatingObject::right):
2701         (WebCore::RenderBlock::FloatingObject::bottom):
2702         * rendering/RenderBox.cpp:
2703         (WebCore::RenderBox::reflectedRect):
2704         (WebCore::RenderBox::localCaretRect):
2705         (WebCore::RenderBox::addShadowOverflow):
2706         (WebCore::RenderBox::addLayoutOverflow):
2707         (WebCore::RenderBox::visualOverflowRectForPropagation):
2708         (WebCore::RenderBox::layoutOverflowRectForPropagation):
2709         (WebCore::RenderBox::flipForWritingMode):
2710         * rendering/RenderFrameSet.cpp:
2711         (WebCore::RenderFrameSet::paintColumnBorder):
2712         (WebCore::RenderFrameSet::paintRowBorder):
2713         * rendering/RenderInline.cpp:
2714         (WebCore::RenderInline::paintOutlineForLine):
2715         * rendering/RenderLayer.cpp:
2716         (WebCore::RenderLayer::getRectToExpose):
2717         (WebCore::cornerRect):
2718         (WebCore::RenderLayer::positionOverflowControls):
2719         (WebCore::RenderLayer::overflowBottom):
2720         (WebCore::RenderLayer::overflowRight):
2721         (WebCore::RenderLayer::paintResizer):
2722         * rendering/RenderLineBoxList.cpp:
2723         (WebCore::RenderLineBoxList::rangeIntersectsRect):
2724         (WebCore::RenderLineBoxList::paint):
2725         * rendering/RenderListItem.cpp:
2726         (WebCore::RenderListItem::positionListMarker):
2727         * rendering/RenderListMarker.cpp:
2728         (WebCore::RenderListMarker::paint):
2729         * rendering/RenderObject.cpp:
2730         (WebCore::RenderObject::repaintAfterLayoutIfNeeded):
2731         * rendering/RenderOverflow.h:
2732         (WebCore::RenderOverflow::RenderOverflow):
2733         (WebCore::RenderOverflow::addLayoutOverflow):
2734         (WebCore::RenderOverflow::addVisualOverflow):
2735         (WebCore::RenderOverflow::setLayoutOverflow):
2736         (WebCore::RenderOverflow::setVisualOverflow):
2737         (WebCore::RenderOverflow::resetLayoutOverflow):
2738         * rendering/RenderReplaced.cpp:
2739         (WebCore::RenderReplaced::shouldPaint):
2740         * rendering/RenderScrollbarTheme.cpp:
2741         (WebCore::RenderScrollbarTheme::constrainTrackRectToTrackPieces):
2742         * rendering/RenderTable.cpp:
2743         (WebCore::RenderTable::paint):
2744         * rendering/RenderTableCell.cpp:
2745         (WebCore::RenderTableCell::paint):
2746         * rendering/RenderTableSection.cpp:
2747         (WebCore::RenderTableSection::paintObject):
2748         * rendering/RenderText.cpp:
2749         (WebCore::RenderText::absoluteQuads):
2750         * rendering/RenderTextControlSingleLine.cpp:
2751         (WebCore::RenderTextControlSingleLine::forwardEvent):
2752         * rendering/RenderThemeMac.mm:
2753         (WebCore::RenderThemeMac::paintMenuListButtonGradients):
2754         (WebCore::RenderThemeMac::paintMenuListButton):
2755         (WebCore::RenderThemeMac::paintSliderTrack):
2756         * rendering/RenderView.cpp:
2757         (WebCore::RenderView::computeRectForRepaint):
2758         (WebCore::RenderView::docBottom):
2759         (WebCore::RenderView::docRight):
2760         * rendering/RootInlineBox.cpp:
2761         (WebCore::RootInlineBox::paddedLayoutOverflowRect):
2762         * rendering/svg/RenderSVGInlineText.cpp:
2763         (WebCore::RenderSVGInlineText::localCaretRect):
2764
2765 2011-02-01  Beth Dakin  <bdakin@apple.com>
2766
2767         Reviewed by Sam Weinig.
2768
2769         Fix for <rdar://problem/8492788> Adopt WKScrollbarPainterController
2770
2771         Lots of new WebCoreSystemInterface functions to export.
2772         * WebCore.exp.in:
2773         * platform/mac/WebCoreSystemInterface.h:
2774         * platform/mac/WebCoreSystemInterface.mm:
2775
2776         Let the scrollAnimator know when the mouse has
2777         moved anywhere inside the page, and when the mouse 
2778         has moved in or out of the window. 
2779         * page/EventHandler.cpp:
2780         (WebCore::EventHandler::mouseMoved):
2781         (WebCore::EventHandler::updateMouseEventTargetNode):
2782
2783         Let the scrollAnimator know when the window has become
2784         active or inactive.
2785         * page/FocusController.cpp:
2786         (WebCore::FocusController::setActive):
2787         
2788         Let the scrollAnimator know when all of these things
2789         are happening.
2790         * page/FrameView.cpp:
2791         (WebCore::FrameView::setContentsSize):
2792         (WebCore::FrameView::didMoveOnscreen):
2793         (WebCore::FrameView::willMoveOffscreen):
2794         (WebCore::FrameView::currentMousePosition):
2795         (WebCore::FrameView::contentsResized):
2796         
2797         New functions called through WebKit2 that allow the
2798         scrollAnimator to know when a live resize starts and ends.
2799         (WebCore::FrameView::willStartLiveResize):
2800         (WebCore::FrameView::willEndLiveResize):
2801         * page/FrameView.h:
2802         
2803         New functions on ScrollAnimator that pass information
2804         to the WKPainterController when we're using one.
2805         * platform/ScrollAnimator.h:
2806         (WebCore::ScrollAnimator::scrollableArea):
2807         (WebCore::ScrollAnimator::contentAreaWillPaint):
2808         (WebCore::ScrollAnimator::mouseEnteredContentArea):
2809         (WebCore::ScrollAnimator::mouseExitedContentArea):
2810         (WebCore::ScrollAnimator::mouseMovedInContentArea):
2811         (WebCore::ScrollAnimator::willStartLiveResize):
2812         (WebCore::ScrollAnimator::contentsResized):
2813         (WebCore::ScrollAnimator::willEndLiveResize):
2814         (WebCore::ScrollAnimator::contentAreaDidShow):
2815         (WebCore::ScrollAnimator::contentAreaDidHide):
2816         (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
2817         (WebCore::ScrollAnimatorMac::scrollbarPainterDelegate):
2818         (WebCore::ScrollAnimatorMac::setPainterForPainterController):
2819         (WebCore::ScrollAnimatorMac::removePainterFromPainterController):
2820         (WebCore::ScrollAnimatorMac::notityPositionChanged):
2821         (WebCore::ScrollAnimatorMac::contentAreaWillPaint):
2822         (WebCore::ScrollAnimatorMac::mouseEnteredContentArea):
2823         (WebCore::ScrollAnimatorMac::mouseExitedContentArea):
2824         (WebCore::ScrollAnimatorMac::mouseMovedInContentArea):
2825         (WebCore::ScrollAnimatorMac::willStartLiveResize):
2826         (WebCore::ScrollAnimatorMac::contentsResized):
2827         (WebCore::ScrollAnimatorMac::willEndLiveResize):
2828         (WebCore::ScrollAnimatorMac::contentAreaDidShow):
2829         (WebCore::ScrollAnimatorMac::contentAreaDidHide):
2830         
2831         Let the scrollAnimator know when this is happening.
2832         * platform/ScrollView.cpp:
2833         (WebCore::ScrollView::paint):
2834         
2835         New function lets the scrollAnimator get the current 
2836         mouse position.
2837         * platform/ScrollView.h:
2838         (WebCore::ScrollView::currentMousePosition):
2839         
2840         New function that returns the scrollAnimator when needed.
2841         * platform/ScrollableArea.h:
2842         (WebCore::ScrollableArea::scrollAnimator):
2843         
2844         Keep track of if we're in a live resize using a new memeber
2845         variable.
2846         * platform/mac/ScrollAnimatorMac.h:
2847         (WebCore::ScrollAnimatorMac::inLiveResize):
2848         * platform/mac/ScrollAnimatorMac.mm:
2849         (WebCore::view):
2850         
2851         New delegates for the WKPainter and WKPainterController
2852         (-[ScrollbarPainterControllerDelegate initWithScrollAnimator:WebCore::]):
2853         (-[ScrollbarPainterControllerDelegate contentAreaRectForScrollerImpPair:]):
2854         (-[ScrollbarPainterControllerDelegate inLiveResizeForScrollerImpPair:]):
2855         (-[ScrollbarPainterControllerDelegate mouseLocationInContentAreaForScrollerImpPair:]):
2856         (-[ScrollbarPainterControllerDelegate scrollerImpPair:convertContentPoint:toScrollerImp:]):
2857         (-[ScrollbarPainterControllerDelegate scrollerImpPair:setContentAreaNeedsDisplayInRect:]):
2858         (-[ScrollbarPainterControllerDelegate scrollerImpPair:updateScrollerStyleForNewRecommendedScrollerStyle:]):
2859         (-[ScrollKnobAnimation initWithScrollbarPainter:forScrollAnimator:WebCore::animateKnobAlphaTo:duration:]):
2860         (-[ScrollKnobAnimation setCurrentProgress:]):
2861         (-[ScrollbarPainterDelegate initWithScrollAnimator:WebCore::]):
2862         (-[ScrollbarPainterDelegate convertRectToBacking:]):
2863         (-[ScrollbarPainterDelegate convertRectFromBacking:]):
2864         (-[ScrollbarPainterDelegate layer]):
2865         (-[ScrollbarPainterDelegate setUpAnimation:scrollerPainter:animateKnobAlphaTo:duration:]):
2866         (-[ScrollbarPainterDelegate scrollerImp:animateKnobAlphaTo:duration:]):
2867         (-[ScrollbarPainterDelegate scrollerImp:animateTrackAlphaTo:duration:]):
2868         (-[ScrollbarPainterDelegate scrollerImp:overlayScrollerStateChangedTo:]):
2869
2870         Get the WKScrollbarPainterRefs to synch up with the 
2871         WKScrollbarPainterControllerRefs when appropriate
2872         * platform/mac/ScrollbarThemeMac.h:
2873         * platform/mac/ScrollbarThemeMac.mm:
2874         (WebCore::ScrollbarThemeMac::registerScrollbar):
2875         (WebCore::ScrollbarThemeMac::unregisterScrollbar):
2876         (WebCore::ScrollbarThemeMac::setNewPainterForScrollbar):
2877         (WebCore::ScrollbarThemeMac::usesOverlayScrollbars):
2878
2879         Implement ScrollableArea's virtual function contentsSize() for access
2880         through the scrollAnimator.
2881         * rendering/RenderLayer.h:
2882         (WebCore::RenderLayer::contentsSize):
2883
2884 2011-02-01  Carol Szabo  <carol.szabo@nokia.com>
2885
2886         Reviewed by David Hyatt.
2887
2888         layoutTestController.counterValueForElementById does not return the correct value
2889         https://bugs.webkit.org/show_bug.cgi?id=53037
2890
2891         Test: fast/css/counters/deep-before.html
2892
2893         * rendering/RenderTreeAsText.cpp:
2894         (WebCore::counterValueForElement):
2895         Modified to use the newly available RenderObject::beforePseudoElement()
2896         and RenderObject::afterPseudoElement() instead of the old imperfect
2897         algorithm to find the before and after pseudo elements.
2898
2899 2011-02-01  Anton Muhin  <antonm@chromium.org>
2900
2901         Reviewed by Adam Barth.
2902
2903         Allow access for security origin same as this.
2904         https://bugs.webkit.org/show_bug.cgi?id=53440
2905
2906         Hard to test as newly added path currently is never hit.
2907
2908         * page/SecurityOrigin.cpp:
2909         (WebCore::SecurityOrigin::canAccess): allow access if this == other
2910
2911 2011-01-31  Oliver Hunt  <oliver@apple.com>
2912
2913         Reviewed by Geoffrey Garen.
2914
2915         Update JSObject storage for new marking API
2916         https://bugs.webkit.org/show_bug.cgi?id=53467
2917
2918         Update WebCore to handle new anonymous slot behaviour.
2919
2920         * bindings/js/JSDOMWindowShell.cpp:
2921         (WebCore::JSDOMWindowShell::setWindow):
2922         * bindings/js/WorkerScriptController.cpp:
2923         (WebCore::WorkerScriptController::initScript):
2924         * bindings/scripts/CodeGeneratorJS.pm:
2925
2926 2011-02-01  Xiaomei Ji  <xji@chromium.org>
2927
2928         Reviewed by David Hyatt.
2929
2930         Fix a text rendering problem when enclosing block is RTL and text runs
2931         are in different directionality.
2932         https://bugs.webkit.org/show_bug.cgi?id=34176
2933
2934         The problem happens in the following example scenario (ABC represents 
2935         Hebrew characters):
2936         <div dir=rtl>this is a <span><span>test <span>ABC</span></span></span></div>
2937
2938         The line consists of 3 text runs -- TextRun1 TextRun2 TextRun3. In which
2939         TextRun1 and TextRun2's bidi level are 2, and TextRun3's bidi level is 1.
2940         TextRun2 and TextRun3's least common ancestor is not a sibling of TextRun1.
2941
2942         The visual bidi run order of the text runs is TextRun3 TextRun1 TextRun2.
2943
2944         Inside RenderBlock::constructLine(), when RenderBlock::createLineBoxes()
2945         creates InlineFlowBox for TextRun2, it should check an InlineFlowBox for
2946         the run's render object's ancestor (not only its parent) has already 
2947         been constructed or has something following it on the line, in which 
2948         case, create a new box for TextRun2 instead of sharing the same box with
2949         TextRun3.
2950
2951         In other words, the following 2 div should render the same results
2952         (ABC represents Hebrew characters).
2953         <div dir=rtl>this is a <span><span>test <span>ABC</span></span></span></div>
2954         <div dir=rtl>this is a <span>Test <span>ABC</span></span></div>
2955
2956         Test: fast/dom/34176.html
2957
2958         * rendering/RenderBlockLineLayout.cpp:
2959         (WebCore::parentIsConstructedOrHaveNext):
2960         (WebCore::RenderBlock::createLineBoxes):
2961
2962 2011-02-01  Abhishek Arya  <inferno@chromium.org>
2963
2964         Reviewed by Dan Bernstein.
2965
2966         Do not add a node in the document's stylesheet candidate node list if the
2967         node is already removed from document.
2968         https://bugs.webkit.org/show_bug.cgi?id=53441
2969
2970         Test: fast/css/stylesheet-candidate-nodes-crash.xhtml
2971
2972         * dom/Document.cpp:
2973         (WebCore::Document::addStyleSheetCandidateNode):
2974
2975 2011-02-01  Dave Hyatt  <hyatt@apple.com>
2976
2977         Reviewed by Darin Adler.
2978
2979         https://bugs.webkit.org/show_bug.cgi?id=46422, make printing and pagination work
2980         with vertical text.
2981
2982         Change printing functions to check writing-mode and properly swap width and height
2983         as needed.
2984         
2985         Fix the setScrollOrigin function so that the origin doesn't cause
2986         scroll spasming during printing (this is only partially successful, but it's better
2987         than it was).
2988
2989         Rewrite computePageRects to handle both RTL documents properly as well as vertical
2990         text documents properly.
2991
2992         * WebCore.exp.in:
2993         * page/FrameView.cpp:
2994         (WebCore::FrameView::adjustViewSize):
2995         (WebCore::FrameView::forceLayoutForPagination):
2996         * page/PrintContext.cpp:
2997         (WebCore::PrintContext::computePageRects):
2998         (WebCore::PrintContext::computePageRectsWithPageSizeInternal):
2999         (WebCore::PrintContext::computeAutomaticScaleFactor):
3000         (WebCore::PrintContext::spoolPage):
3001         (WebCore::PrintContext::spoolRect):
3002         * page/PrintContext.h:
3003         * page/mac/WebCoreFrameView.h:
3004         * platform/ScrollView.cpp:
3005         (WebCore::ScrollView::wheelEvent):
3006         * platform/ScrollView.h:
3007         * platform/mac/ScrollViewMac.mm:
3008         (WebCore::ScrollView::platformSetScrollOrigin):
3009         * rendering/RenderView.cpp:
3010         (WebCore::RenderView::layout):
3011
3012 2011-02-01  Mikhail Naganov  <mnaganov@chromium.org>
3013
3014         Reviewed by Pavel Feldman.
3015
3016         Web Inspector: Fix profiles reset to avoid clearing heap profiles in Chromium.
3017
3018         https://bugs.webkit.org/show_bug.cgi?id=53500
3019
3020         * inspector/InspectorProfilerAgent.cpp:
3021         (WebCore::InspectorProfilerAgent::resetFrontendProfiles):
3022
3023 2011-02-01  Mikhail Naganov  <mnaganov@chromium.org>
3024
3025         Reviewed by Pavel Feldman.
3026
3027         Web Inspector: [Chromium] Landing detailed heap snapshots, part 1.
3028
3029         https://bugs.webkit.org/show_bug.cgi?id=53173
3030
3031         Adding code for accessing heap snapshot data and
3032         performing graph calculations.
3033
3034         * English.lproj/localizedStrings.js:
3035         * inspector/front-end/HeapSnapshot.js:
3036         (WebInspector.HeapSnapshotArraySlice): Helper class to avoid array contents copying.
3037         (WebInspector.HeapSnapshotEdge): Wrapper for accessing graph edge properties.
3038         (WebInspector.HeapSnapshotEdgeIterator):
3039         (WebInspector.HeapSnapshotNode): Wrapper for accessing graph node properties.
3040         (WebInspector.HeapSnapshotNodeIterator):
3041         (WebInspector.HeapSnapshot): Wrapper for the heap snapshot.
3042         (WebInspector.HeapSnapshotFilteredOrderedIterator):
3043         (WebInspector.HeapSnapshotEdgesProvider):
3044         (WebInspector.HeapSnapshotNodesProvider):
3045         (WebInspector.HeapSnapshotPathFinder):
3046         * inspector/front-end/HeapSnapshotView.js:
3047         (WebInspector.HeapSnapshotView.prototype._convertSnapshot):
3048
3049 2011-02-01  Adam Roben  <aroben@apple.com>
3050
3051         Fix linker warnings in Release_LTCG builds
3052
3053         * WebCore.vcproj/WebCore.vcproj: Exclude EventNames.cpp and EventTarget.cpp from all
3054         configurations, since they get pulled in via DOMAllInOne.cpp.
3055
3056 2011-02-01  Alexander Pavlov  <apavlov@chromium.org>
3057
3058         Reviewed by Yury Semikhatsky.
3059
3060         Web Inspector: [Chromium] Wrongly labelled context-menu item for links in Web Inspector's side-pane
3061         https://bugs.webkit.org/show_bug.cgi?id=53482
3062
3063         * English.lproj/localizedStrings.js:
3064         * inspector/front-end/ElementsPanel.js:
3065         (WebInspector.ElementsPanel.prototype.populateHrefContextMenu):
3066         * inspector/front-end/inspector.js:
3067         (WebInspector.resourceForURL):
3068         (WebInspector.openLinkExternallyLabel):
3069
3070 2011-02-01  Anton Muhin  <antonm@chromium.org>
3071
3072         Reviewed by Adam Barth.
3073
3074         Propagate parent document security origin to newly create Document XML response
3075         https://bugs.webkit.org/show_bug.cgi?id=53444
3076
3077         Covered by the existing tests.
3078
3079         * xml/XMLHttpRequest.cpp:
3080         (WebCore::XMLHttpRequest::responseXML):
3081
3082 2011-02-01  Yury Semikhatsky  <yurys@chromium.org>
3083
3084         Unreviewed. Rollout r77230 which caused many layout tests
3085         crashes on Chromium Debug bots.
3086
3087         Async event handlers should not fire within a modal dialog
3088         https://bugs.webkit.org/show_bug.cgi?id=53202
3089
3090         * dom/Document.cpp:
3091         (WebCore::Document::Document):
3092         * dom/EventQueue.cpp:
3093         (WebCore::EventQueue::EventQueue):
3094         (WebCore::EventQueue::enqueueEvent):
3095         (WebCore::EventQueue::pendingEventTimerFired):
3096         * dom/EventQueue.h:
3097
3098 2011-02-01  Zoltan Herczeg  <zherczeg@webkit.org>
3099
3100         Reviewed by Dirk Schulze.
3101
3102         LightElement changes does not require relayout.
3103         https://bugs.webkit.org/show_bug.cgi?id=53232
3104
3105         When an attribute of a LightElement changes, it
3106         send an update message to the lighting filters
3107         to update its corresponding LightSource objects,
3108         and repaint the filters.
3109
3110         Duplicated 'id' attributes removed from svg-filter-animation.svg.
3111
3112         Existing dynamic-update tests covers this feature.
3113
3114         5x speedup on manual-tests/svg-filter-animation.svg
3115
3116         * manual-tests/svg-filter-animation.svg:
3117         * platform/graphics/filters/DistantLightSource.h:
3118         * platform/graphics/filters/FEDiffuseLighting.cpp:
3119         (WebCore::FEDiffuseLighting::setLightingColor):
3120         (WebCore::FEDiffuseLighting::setSurfaceScale):
3121         (WebCore::FEDiffuseLighting::setDiffuseConstant):
3122         (WebCore::FEDiffuseLighting::setKernelUnitLengthX):
3123         (WebCore::FEDiffuseLighting::setKernelUnitLengthY):
3124         * platform/graphics/filters/FEDiffuseLighting.h:
3125         * platform/graphics/filters/LightSource.cpp:
3126         (WebCore::PointLightSource::setX):
3127         (WebCore::PointLightSource::setY):
3128         (WebCore::PointLightSource::setZ):
3129         (WebCore::SpotLightSource::setX):
3130         (WebCore::SpotLightSource::setY):
3131         (WebCore::SpotLightSource::setZ):
3132         (WebCore::SpotLightSource::setPointsAtX):
3133         (WebCore::SpotLightSource::setPointsAtY):
3134         (WebCore::SpotLightSource::setPointsAtZ):
3135         (WebCore::SpotLightSource::setSpecularExponent):
3136         (WebCore::SpotLightSource::setLimitingConeAngle):
3137         (WebCore::DistantLightSource::setAzimuth):
3138         (WebCore::DistantLightSource::setElevation):
3139         (WebCore::LightSource::setAzimuth):
3140         (WebCore::LightSource::setElevation):
3141         (WebCore::LightSource::setX):
3142         (WebCore::LightSource::setY):
3143         (WebCore::LightSource::setZ):
3144         (WebCore::LightSource::setPointsAtX):
3145         (WebCore::LightSource::setPointsAtY):
3146         (WebCore::LightSource::setPointsAtZ):
3147         (WebCore::LightSource::setSpecularExponent):
3148         (WebCore::LightSource::setLimitingConeAngle):
3149         * platform/graphics/filters/LightSource.h:
3150         * platform/graphics/filters/PointLightSource.h:
3151         * platform/graphics/filters/SpotLightSource.h:
3152         * rendering/svg/RenderSVGResourceFilter.cpp:
3153         (WebCore::RenderSVGResourceFilter::primitiveAttributeChanged):
3154         * svg/SVGFEDiffuseLightingElement.cpp:
3155         (WebCore::SVGFEDiffuseLightingElement::setFilterEffectAttribute):
3156         (WebCore::SVGFEDiffuseLightingElement::lightElementAttributeChanged):
3157         (WebCore::SVGFEDiffuseLightingElement::build):
3158         (WebCore::SVGFEDiffuseLightingElement::findLightElement):
3159         (WebCore::SVGFEDiffuseLightingElement::findLight):
3160         * svg/SVGFEDiffuseLightingElement.h:
3161         * svg/SVGFELightElement.cpp:
3162         (WebCore::SVGFELightElement::svgAttributeChanged):
3163         * svg/SVGFilterPrimitiveStandardAttributes.cpp:
3164         (WebCore::SVGFilterPrimitiveStandardAttributes::setFilterEffectAttribute):
3165         * svg/SVGFilterPrimitiveStandardAttributes.h:
3166
3167 2011-02-01  Roland Steiner  <rolandsteiner@chromium.org>
3168
3169         Reviewed by Dimitri Glazkov.
3170
3171         Bug 53289 - DOM: Move DocumentOrderedMap from Document into separate files
3172         https://bugs.webkit.org/show_bug.cgi?id=53289
3173
3174         Moving the nested class DocumentOrderedMap from Document into separate files,
3175         updating code where necessary.
3176
3177         No new tests. (refactoring)
3178
3179         * Android.mk:
3180         * CMakeLists.txt:
3181         * GNUMakefile.am:
3182         * WebCore.gypi:
3183         * WebCore.pro:
3184         * WebCore.vcproj/WebCore.vcproj:
3185         * WebCore.xcodeproj/project.pbxproj:
3186         * dom/Document.cpp:
3187         (WebCore::Document::getElementById):
3188         (WebCore::Document::getImageMap):
3189         * dom/Document.h:
3190         * dom/DocumentOrderedMap.cpp: Added.
3191         (WebCore::keyMatchesId):
3192         (WebCore::keyMatchesMapName):
3193         (WebCore::keyMatchesLowercasedMapName):
3194         (WebCore::DocumentOrderedMap::clear):
3195         (WebCore::DocumentOrderedMap::add):
3196         (WebCore::DocumentOrderedMap::remove):
3197         (WebCore::DocumentOrderedMap::get):
3198         (WebCore::DocumentOrderedMap::getElementById):
3199         (WebCore::DocumentOrderedMap::getElementByMapName):
3200         (WebCore::DocumentOrderedMap::getElementByLowercasedMapName):
3201         * dom/DocumentOrderedMap.h: Added.
3202         (WebCore::DocumentOrderedMap::contains):
3203         (WebCore::DocumentOrderedMap::containsMultiple):
3204         * dom/DOMAllInOne.cpp:
3205
3206 2011-02-01  Mario Sanchez Prada  <msanchez@igalia.com>
3207
3208         Reviewed by Martin Robinson.
3209
3210         [Gtk] atk_text_set_caret_offset fails for list items
3211         https://bugs.webkit.org/show_bug.cgi?id=53388
3212
3213         Allow using text ranges across list items.
3214
3215         * accessibility/gtk/AccessibilityObjectAtk.cpp:
3216         (WebCore::AccessibilityObject::allowsTextRanges): Add list items
3217         to the list of accessibility objects supporting text ranges.
3218
3219 2011-02-01  Mario Sanchez Prada  <msanchez@igalia.com>
3220
3221         Reviewed by Martin Robinson.
3222
3223         [GTK] character range extents is off when the end of a wrapped line is included
3224         https://bugs.webkit.org/show_bug.cgi?id=53323
3225
3226         Fixed wrong calculation getting the range extents.
3227
3228         * accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:
3229         (webkit_accessible_text_get_range_extents): Removed '+1' since the
3230         requested interval shouldn't include the last character.
3231
3232 2011-02-01  Mario Sanchez Prada  <msanchez@igalia.com>
3233
3234         Reviewed by Martin Robinson.
3235
3236         [GTK] Caret Offset is one off at the end of wrapped lines
3237         https://bugs.webkit.org/show_bug.cgi?id=53300
3238
3239         Consider linebreaks as special cases.
3240
3241         * accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:
3242         (objectAndOffsetUnignored): In order to avoid getting wrong values
3243         when around linebreaks, we need to workaround this by explicitly
3244         avoiding those '\n' text nodes from affecting the result of
3245         calling to TextIterator:rangeLength().
3246
3247 2011-02-01  Roland Steiner  <rolandsteiner@chromium.org>
3248
3249         Unreviewed, rolling out r77229.
3250         http://trac.webkit.org/changeset/77229
3251         https://bugs.webkit.org/show_bug.cgi?id=53289
3252
3253         revert mysterious build breakage
3254
3255         * Android.mk:
3256         * CMakeLists.txt:
3257         * GNUmakefile.am:
3258         * WebCore.gypi:
3259         * WebCore.pro:
3260         * WebCore.vcproj/WebCore.vcproj:
3261         * WebCore.xcodeproj/project.pbxproj:
3262         * dom/DOMAllInOne.cpp:
3263         * dom/Document.cpp:
3264         (WebCore::Document::DocumentOrderedMap::clear):
3265         (WebCore::Document::DocumentOrderedMap::add):
3266         (WebCore::Document::DocumentOrderedMap::remove):
3267         (WebCore::Document::DocumentOrderedMap::get):
3268         (WebCore::keyMatchesId):
3269         (WebCore::Document::getElementById):
3270         (WebCore::keyMatchesMapName):
3271         (WebCore::keyMatchesLowercasedMapName):
3272         (WebCore::Document::getImageMap):
3273         * dom/Document.h:
3274         (WebCore::Document::DocumentOrderedMap::contains):
3275         (WebCore::Document::DocumentOrderedMap::containsMultiple):
3276         * dom/DocumentOrderedMap.cpp: Removed.
3277         * dom/DocumentOrderedMap.h: Removed.
3278
3279 2011-02-01  Mihai Parparita  <mihaip@chromium.org>
3280
3281         Reviewed by James Robinson.
3282
3283         Async event handlers should not fire within a modal dialog
3284         https://bugs.webkit.org/show_bug.cgi?id=53202
3285
3286         Asychronous events that use EventQueue would currently fire while a
3287         modal dialog (e.g. window.alert()) was up. Change EventQueue to use a
3288         SuspendableTimer (which automatically gets suspended while dialogs are
3289         up and in other cases where JS execution is not allowed).
3290         
3291         Test: fast/events/scroll-event-during-modal-dialog.html
3292
3293         * dom/Document.cpp:
3294         (WebCore::Document::Document):
3295         * dom/EventQueue.cpp:
3296         (WebCore::EventQueueTimer::EventQueueTimer):
3297         (WebCore::EventQueueTimer::fired):
3298         (WebCore::EventQueue::EventQueue):
3299         (WebCore::EventQueue::enqueueEvent):
3300         (WebCore::EventQueue::pendingEventTimerFired):
3301         * dom/EventQueue.h:
3302         (WebCore::EventQueue::create):
3303
3304 2011-02-01  Roland Steiner  <rolandsteiner@chromium.org>
3305
3306         Reviewed by Dimitri Glazkov.
3307
3308         Bug 53289 - DOM: Move DocumentOrderedMap from Document into separate files
3309         https://bugs.webkit.org/show_bug.cgi?id=53289
3310
3311         Moving the nested class DocumentOrderedMap from Document into separate files,
3312         updating code where necessary.
3313
3314         No new tests. (refactoring)
3315
3316         * Android.mk:
3317         * CMakeLists.txt:
3318         * GNUMakefile.am:
3319         * WebCore.gypi:
3320         * WebCore.pro:
3321         * WebCore.vcproj/WebCore.vcproj:
3322         * WebCore.xcodeproj/project.pbxproj:
3323         * dom/Document.cpp:
3324         (WebCore::Document::getElementById):
3325         (WebCore::Document::getImageMap):
3326         * dom/Document.h:
3327         * dom/DocumentOrderedMap.cpp: Added.
3328         (WebCore::keyMatchesId):
3329         (WebCore::keyMatchesMapName):
3330         (WebCore::keyMatchesLowercasedMapName):
3331         (WebCore::DocumentOrderedMap::clear):
3332         (WebCore::DocumentOrderedMap::add):
3333         (WebCore::DocumentOrderedMap::remove):
3334         (WebCore::DocumentOrderedMap::get):
3335         (WebCore::DocumentOrderedMap::getElementById):
3336         (WebCore::DocumentOrderedMap::getElementByMapName):
3337         (WebCore::DocumentOrderedMap::getElementByLowercasedMapName):
3338         * dom/DocumentOrderedMap.h: Added.
3339         (WebCore::DocumentOrderedMap::contains):
3340         (WebCore::DocumentOrderedMap::containsMultiple):
3341         * dom/DOMAllInOne.cpp:
3342
3343 2011-02-01  Naoki Takano  <takano.naoki@gmail.com>
3344
3345         Reviewed by Darin Fisher.
3346
3347         [Chromium] Autofill should work with HTML5 form elements
3348         https://bugs.webkit.org/show_bug.cgi?id=51809
3349         http://crbug.com/65654
3350
3351         No new tests, because this fix is for Chromium project and hard to test only in WebKit project.
3352
3353         * html/InputType.h: Insert comment for canSetSuggestedValue().
3354         * html/TextFieldInputType.cpp:
3355         (WebCore::TextFieldInputType::canSetSuggestedValue): Implemented to return always true for that all text filed inputs can be completed.
3356         * html/TextFieldInputType.h: Declare canSetSuggestedValue().
3357         * html/TextInputType.cpp: Delete canSetSuggestedValue() not to return true anymore.
3358         * html/TextInputType.h: Delete canSetSuggestedValue() not to return true anymore.
3359
3360 2011-02-01  Kent Tamura  <tkent@chromium.org>
3361
3362         Reviewed by Dan Bernstein.
3363
3364         REGRESSION (r65062): Safari loops forever under WebCore::plainTextToMallocAllocatedBuffer()
3365         https://bugs.webkit.org/show_bug.cgi?id=53272
3366
3367         * editing/TextIterator.cpp:
3368         (WebCore::TextIterator::handleTextBox): Pass the appropriate renderer to emitText().
3369
3370 2011-01-31  Alexey Proskuryakov  <ap@apple.com>
3371
3372         Reviewed by Maciej Stachowiak.
3373
3374         https://bugs.webkit.org/show_bug.cgi?id=53466
3375         Move WebKit2 to printing via API methods
3376
3377         * WebCore.exp.in: Export IntRect::scale().
3378
3379 2011-01-31  Patrick Gansterer  <paroga@webkit.org>
3380
3381         Reviewed by Adam Barth.
3382
3383         Remove obsolete comment after r41871
3384         https://bugs.webkit.org/show_bug.cgi?id=53406
3385
3386         * dom/Document.h:
3387
3388 2011-01-31  Simon Fraser  <simon.fraser@apple.com>
3389
3390         Fix according to reviewer comments: can just use Color::black now.
3391
3392         * platform/graphics/ShadowBlur.cpp:
3393         (WebCore::ShadowBlur::drawInsetShadow):
3394         (WebCore::ShadowBlur::drawRectShadowWithoutTiling):
3395
3396 2011-01-31  Simon Fraser  <simon.fraser@apple.com>
3397
3398         Reviewed by Sam Weinig.
3399
3400         Clean up ShadowBlur
3401         https://bugs.webkit.org/show_bug.cgi?id=53472
3402
3403         Some minor ShadowBlur cleanup.
3404
3405         * platform/graphics/ShadowBlur.h:
3406         * platform/graphics/ShadowBlur.cpp:
3407         (WebCore::ShadowBlur::ShadowBlur): Use m_blurRadius rather than the radius
3408         paramter.
3409         (WebCore::ShadowBlur::adjustBlurRadius): Renamed from adjustBlurDistance.
3410         (WebCore::ShadowBlur::calculateLayerBoundingRect): Rename layerFloatRect to
3411         layerRect. Make frameSize a float.
3412         (WebCore::ShadowBlur::beginShadowLayer): This now takes a precomputed
3413         layerRect rather than calling calculateLayerBoundingRect() to compute
3414         it itself, since we were calling calculateLayerBoundingRect() twice.
3415         (WebCore::ShadowBlur::drawRectShadow): Optimize to call calculateLayerBoundingRect()
3416         only once. The shadowRect variable was unused, so two return paths could be
3417         collapsed into one.
3418         (WebCore::ShadowBlur::drawInsetShadow): Call calculateLayerBoundingRect() before
3419         beginShadowLayer() now.
3420         (WebCore::ShadowBlur::drawRectShadowWithoutTiling): The layerRect gets passed in.
3421         We always used alpha=1, so no need to pass that in.
3422         (WebCore::ShadowBlur::drawRectShadowWithTiling): We always used alpha=1, so no need to
3423         pass that in. Move shadowRect down to first use.
3424         ShadowBlur::clipBounds() was unused.
3425
3426 2011-01-31  No'am Rosenthal  <noam.rosenthal@nokia.com>
3427
3428         Reviewed by Kenneth Rohde Christiansen.
3429
3430         [Qt] QWebElements example from QtWebKit Bridge documentation does not work at all
3431         https://bugs.webkit.org/show_bug.cgi?id=46748
3432
3433         This problem disappears when we register QWebElement using qRegisterMetaType, which we now do in QtInstance.
3434         Added a regression test to tst_QWebFrame.
3435
3436         * bridge/qt/qt_instance.cpp:
3437         (JSC::Bindings::QtInstance::QtInstance):
3438
3439 2011-01-27  MORITA Hajime  <morrita@google.com>
3440
3441         Reviewed by Dimitri Glazkov.
3442         
3443         Convert <progress> shadow DOM to a DOM-based shadow.
3444         https://bugs.webkit.org/show_bug.cgi?id=50660
3445
3446         * Removed RenderProgress::m_valuePart, moved the shadow node
3447           to the shadow root of HTMLProgressElement.
3448         * Removed hard-coded pseudo ID for -webkit-progress-bar-value.
3449           ProgressBarValueElement is defined only for overriding
3450           shadowPseudoId().
3451         
3452         No new tests. No behavioral change.
3453
3454         * css/CSSSelector.cpp:
3455         (WebCore::CSSSelector::pseudoId):
3456         (WebCore::nameToPseudoTypeMap):
3457         (WebCore::CSSSelector::extractPseudoType):
3458         * css/CSSSelector.h:
3459         * html/HTMLProgressElement.cpp:
3460         (WebCore::ProgressBarValueElement::ProgressBarValueElement):
3461         (WebCore::ProgressBarValueElement::shadowPseudoId):
3462         (WebCore::ProgressBarValueElement::create):
3463         (WebCore::ProgressBarValueElement::detach):
3464         (WebCore::HTMLProgressElement::parseMappedAttribute):
3465         (WebCore::HTMLProgressElement::attach):
3466         (WebCore::HTMLProgressElement::valuePart):
3467         (WebCore::HTMLProgressElement::didElementStateChange):
3468         (WebCore::HTMLProgressElement::createShadowSubtreeIfNeeded):
3469         * html/HTMLProgressElement.h:
3470         * rendering/RenderProgress.cpp:
3471         (WebCore::RenderProgress::~RenderProgress):
3472         (WebCore::RenderProgress::updateFromElement):
3473         (WebCore::RenderProgress::layoutParts):
3474         (WebCore::RenderProgress::shouldHaveParts):
3475         (WebCore::RenderProgress::valuePart):
3476         * rendering/RenderProgress.h:
3477         * rendering/style/RenderStyleConstants.h:
3478
3479 2011-01-31  Charlie Reis  <creis@chromium.org>
3480
3481         Reviewed by Mihai Parparita.
3482
3483         Add sanity check to help diagnose bug 52819
3484         https://bugs.webkit.org/show_bug.cgi?id=53402
3485
3486         Crash early if the children of fromItem look invalid.
3487
3488         * loader/HistoryController.cpp: