CrashTracer beneath JSC::MarkedBlock::specializedSweep
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-06-28  Geoffrey Garen  <ggaren@apple.com>
2
3         CrashTracer beneath JSC::MarkedBlock::specializedSweep
4         https://bugs.webkit.org/show_bug.cgi?id=159223
5
6         Reviewed by Saam Barati.
7
8         This crash is caused by a media element re-entering JS during the GC
9         sweep phase.
10
11         In theory, other CachedResourceClients in the DOM might also trigger
12         similar bugs, but our data only implicates the media elements, so this
13         fix targets them.
14
15         * html/HTMLDocument.h: Document has no reason to inherit from
16         CachedResourceClient. I found this becuase I had to search for all
17         CachedResourceClients in researching this patch.
18
19         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
20         (WebCore::WebCoreAVCFResourceLoader::invalidate): Delay our call to
21         stopLoading because it might re-enter JS, and we might have been called
22         by the GC sweep phase destroying a media element.
23
24         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
25         (WebCore::WebCoreAVFResourceLoader::invalidate): Ditto.
26
27 2016-06-28  Saam Barati  <sbarati@apple.com>
28
29         some Watchpoints' ::fireInternal method will call operations that might GC where the GC will cause the watchpoint itself to destruct
30         https://bugs.webkit.org/show_bug.cgi?id=159198
31         <rdar://problem/26302360>
32
33         Reviewed by Filip Pizlo.
34
35         * bindings/js/JSDOMWindowBase.cpp:
36         (WebCore::JSDOMWindowBase::fireFrameClearedWatchpointsForWindow):
37         * bindings/scripts/CodeGeneratorJS.pm:
38         (GenerateHeader):
39         * bindings/scripts/test/JS/JSTestEventTarget.h:
40         (WebCore::JSTestEventTarget::create):
41
42 2016-06-28  Anders Carlsson  <andersca@apple.com>
43
44         Move the user gesture requirement to the ApplePaySession constructor
45         https://bugs.webkit.org/show_bug.cgi?id=159225
46         rdar://problem/26507267
47
48         Reviewed by Tim Horton.
49
50         By doing this, clients can do pre-validation before showing the sheet, while we still maintain the user gesture requirement.
51
52         * Modules/applepay/ApplePaySession.cpp:
53         (WebCore::ApplePaySession::create):
54         (WebCore::ApplePaySession::begin): Deleted.
55
56 2016-06-28  Youenn Fablet  <youenn@apple.com>
57
58         Iterable interfaces should have their related prototype @@iterator property writable
59         https://bugs.webkit.org/show_bug.cgi?id=159211
60         <rdar://problem/26950766>
61
62         Reviewed by Chris Dumez.
63
64         Updating @@iterator property according  http://heycam.github.io/webidl/#es-iterator.
65
66         Covered by updated test.
67
68         * bindings/scripts/CodeGeneratorJS.pm:
69         (GenerateImplementation): Removing ReadOnly flag from @@iterator property of iterable interfaces.
70         * bindings/scripts/test/JS/JSTestNode.cpp:
71         (WebCore::JSTestNodePrototype::finishCreation): Rebasing expectation.
72         * bindings/scripts/test/JS/JSTestObj.cpp:
73         (WebCore::JSTestObjPrototype::finishCreation): Ditto.
74
75 2016-06-28  Anders Carlsson  <andersca@apple.com>
76
77         "Total amount is too big" error message is displaying on clicking Pay button
78         https://bugs.webkit.org/show_bug.cgi?id=159219
79         rdar://problem/26722110
80
81         Reviewed by Tim Horton.
82
83         Match the PassKit max amount.
84
85         * Modules/applepay/PaymentRequestValidator.cpp:
86         (WebCore::PaymentRequestValidator::validateTotal):
87
88 2016-06-28  Anders Carlsson  <andersca@apple.com>
89
90         PaymentMerchantSession should wrap a PKPaymentMerchantSession
91         https://bugs.webkit.org/show_bug.cgi?id=159218
92         rdar://problem/26872118
93
94         Reviewed by Tim Horton.
95
96         * Modules/applepay/ApplePaySession.cpp:
97         (WebCore::ApplePaySession::completeMerchantValidation):
98         Use PaymentMerchantSession::fromJS.
99
100         (WebCore::createMerchantSession): Deleted.
101
102         * Modules/applepay/PaymentCoordinator.h:
103         PaymentMerchantSession is now a class.
104
105         * Modules/applepay/PaymentCoordinatorClient.h:
106         PaymentMerchantSession is now a class.
107
108         * Modules/applepay/PaymentMerchantSession.h:
109         (WebCore::PaymentMerchantSession::PaymentMerchantSession):
110         (WebCore::PaymentMerchantSession::~PaymentMerchantSession):
111         (WebCore::PaymentMerchantSession::pkPaymentMerchantSession):
112         Store a PKPaymentMerchantSession in a RetainPtr inside the PaymentMerchantSession object.
113
114         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
115         (WebCore::PaymentMerchantSession::fromJS):
116         Convert the JS object to a PKPaymentMerchantSession and return a PaymentMerchantSession that wraps it.
117
118         * WebCore.xcodeproj/project.pbxproj:
119         Add new files.
120
121         * bindings/js/Dictionary.h:
122         (WebCore::Dictionary::initializerObject):
123         Add new getter.
124
125 2016-06-28  Brian Burg  <bburg@apple.com>
126
127         RunLoop::Timer should use constructor templates instead of class templates
128         https://bugs.webkit.org/show_bug.cgi?id=159153
129
130         Reviewed by Alex Christensen.
131
132         Remove the RunLoop::Timer class template argument, and pass its constructor
133         a reference to `this` instead of a pointer to `this`.
134
135         * Modules/mediasession/WebMediaSessionManager.cpp:
136         (WebCore::WebMediaSessionManager::WebMediaSessionManager):
137         * Modules/mediasession/WebMediaSessionManager.h:
138         * page/WheelEventTestTrigger.cpp:
139         (WebCore::WheelEventTestTrigger::WheelEventTestTrigger):
140         * page/WheelEventTestTrigger.h:
141         * page/mac/TextIndicatorWindow.h:
142         * page/mac/TextIndicatorWindow.mm:
143         (WebCore::TextIndicatorWindow::TextIndicatorWindow):
144         * platform/MainThreadSharedTimer.h:
145         * platform/cocoa/ScrollController.h:
146         * platform/cocoa/ScrollController.mm:
147         (WebCore::ScrollController::ScrollController):
148         * platform/glib/MainThreadSharedTimerGLib.cpp:
149         (WebCore::MainThreadSharedTimer::MainThreadSharedTimer):
150         * platform/graphics/MediaPlaybackTargetPicker.cpp:
151         (WebCore::MediaPlaybackTargetPicker::MediaPlaybackTargetPicker):
152         * platform/graphics/MediaPlaybackTargetPicker.h:
153         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
154         (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer):
155         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
156         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
157         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
158         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
159         * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
160         (VideoRenderRequestScheduler::VideoRenderRequestScheduler):
161         * platform/graphics/texmap/TextureMapperPlatformLayerProxy.cpp:
162         (WebCore::TextureMapperPlatformLayerProxy::TextureMapperPlatformLayerProxy):
163         (WebCore::TextureMapperPlatformLayerProxy::activateOnCompositingThread):
164         * platform/graphics/texmap/TextureMapperPlatformLayerProxy.h:
165         * platform/mock/MediaPlaybackTargetPickerMock.cpp:
166         (WebCore::MediaPlaybackTargetPickerMock::MediaPlaybackTargetPickerMock):
167         * platform/mock/MediaPlaybackTargetPickerMock.h:
168         * platform/mock/MockRealtimeVideoSource.cpp:
169         (WebCore::MockRealtimeVideoSource::MockRealtimeVideoSource):
170         * platform/mock/MockRealtimeVideoSource.h:
171         * platform/network/ResourceHandleInternal.h:
172         (WebCore::ResourceHandleInternal::ResourceHandleInternal):
173
174 2016-06-27  Jer Noble  <jer.noble@apple.com>
175
176         Cross-domain video loads do not prompt for authorization.
177         https://bugs.webkit.org/show_bug.cgi?id=159195
178         <rdar://problem/26234612>
179
180         Reviewed by Brent Fulgham.
181
182         Test: http/tests/media/video-auth.html (modified)
183
184         We should prompt for authorization when a cross-origin <video> is embedded
185         in a web page.
186
187         * loader/MediaResourceLoader.cpp:
188         (WebCore::MediaResourceLoader::requestResource):
189
190 2016-06-28  Ryosuke Niwa  <rniwa@webkit.org>
191
192         REGRESSION(r201471): FormClient.textFieldDidEndEditing is no longer called when a text field is removed
193         https://bugs.webkit.org/show_bug.cgi?id=159199
194         <rdar://problem/26748189>
195
196         Reviewed by Alexey Proskuryakov.
197
198         The bug was caused by HTMLInputElement's endEditing no longer getting called due to the behavior change.
199         Preserve the WebKit2 API semantics by manually calling HTMLInputElement::endEditing in setFocusedElement.
200
201         Tests: WebKit2TextFieldDidBeginAndEndEditing
202
203         * dom/Document.cpp:
204         (WebCore::Document::setFocusedElement):
205
206 2016-06-28  Frederic Wang  <fwang@igalia.com>
207
208         Phrasing content should be accepted in <mo> elements
209         https://bugs.webkit.org/show_bug.cgi?id=130245
210
211         Reviewed by Brent Fulgham.
212
213         After r202420, the RenderMathMLOperator element no longer messes with anonymous block and
214         text nodes. Hence it is now safe to allow foreign content inside <mo>.
215
216         We extend foreign-element-in-token.html to cover the mo case.
217
218         * mathml/MathMLTextElement.cpp:
219         (WebCore::MathMLTextElement::childShouldCreateRenderer): Remove the early return for <mo> so
220         that it accepts phrasing content children.
221
222 2016-06-27  Anders Carlsson  <andersca@apple.com>
223
224         WebKit::WebPaymentCoordinator leak
225         https://bugs.webkit.org/show_bug.cgi?id=159168
226         rdar://problem/26929772
227
228         Reviewed by Beth Dakin.
229
230         * Modules/applepay/PaymentCoordinator.cpp:
231         (WebCore::PaymentCoordinator::~PaymentCoordinator):
232         Call paymentCoordinatorDestroyed().
233
234         * Modules/applepay/PaymentCoordinatorClient.h:
235         Rename mainFrameDestroyed to paymentCoordinatorDestroyed().
236
237         * loader/EmptyClients.cpp:
238
239 2016-06-28  Frederic Wang  <fwang@igalia.com>
240
241         Remove anonymous in renderName for all MathML renderers but RenderMathMLOperator
242         https://bugs.webkit.org/show_bug.cgi?id=159114
243
244         Reviewed by Martin Robinson.
245
246         After r202420, the only anonymous MathML renderers are the RenderMathMLOperators created by
247         the mfenced element. Hence we remove the special case for anonymous in the renderName
248         implementation of most MathML renderers.
249
250         No new tests, behavior unchanged.
251
252         * rendering/mathml/RenderMathMLRow.h:
253         * rendering/mathml/RenderMathMLSpace.h:
254         * rendering/mathml/RenderMathMLToken.h:
255
256 2016-06-28  Adam Bergkvist  <adam.bergkvist@ericsson.com>
257
258         WebRTC: Robustify 'this' type check in RTCPeerConnection JS built-ins
259         https://bugs.webkit.org/show_bug.cgi?id=158831
260
261         Reviewed by Youenn Fablet.
262
263         Use @operations slot in RTCPeerConnection type check.
264
265         Updated results of existing test.
266
267         * Modules/mediastream/RTCPeerConnection.js:
268         (initializeRTCPeerConnection):
269         Initialize @operations slot in constructor.
270         * Modules/mediastream/RTCPeerConnectionInternals.js:
271         (isRTCPeerConnection):
272         Use @operations slot in type check.
273
274 2016-06-28  Frederic Wang  <fwang@igalia.com>
275
276         AX: Remove dead code in AccessibilityRenderObject::textUnderElement
277         https://bugs.webkit.org/show_bug.cgi?id=159205
278
279         Reviewed by Joanmarie Diggs.
280
281         RenderMathMLOperator used to destroy its descendants and to replace them with an anonymous
282         text node wrapped inside anonymous blocks. After r202420, it just behaves as any other token
283         elements. Hence we remove the code in AccessibilityRenderObject::textUnderElement that was
284         used to handle this specific render tree structure.
285
286         No new tests, already covered by accessibility/math-text.html.
287
288         * accessibility/AccessibilityRenderObject.cpp:
289         (WebCore::AccessibilityRenderObject::textUnderElement): Remove dead code for RenderText and RenderMathMLOperator.
290
291 2016-06-28  Per Arne Vollan  <pvollan@apple.com>
292
293         [Win] Custom elements tests are failing.
294         https://bugs.webkit.org/show_bug.cgi?id=159139
295
296         Reviewed by Alex Christensen.
297
298         Fix compile errors after enabling custom element API.
299
300         * bindings/js/JSHTMLElementCustom.cpp:
301         (WebCore::constructJSHTMLElement):
302         * dom/CustomElementDefinitions.cpp:
303         (WebCore::CustomElementDefinitions::addElementDefinition):
304         * dom/Document.cpp:
305         (WebCore::createHTMLElementWithNameValidation):
306         (WebCore::createFallbackHTMLElement):
307         * dom/Element.cpp:
308         (WebCore::Element::attributeChanged):
309         * dom/LifecycleCallbackQueue.cpp:
310         (WebCore::LifecycleQueueItem::LifecycleQueueItem):
311         (WebCore::LifecycleCallbackQueue::enqueueElementUpgrade):
312         (WebCore::LifecycleCallbackQueue::enqueueAttributeChangedCallback):
313         * html/parser/HTMLConstructionSite.cpp:
314         (WebCore::HTMLConstructionSite::insertHTMLElementOrFindCustomElementInterface):
315         (WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface):
316         * html/parser/HTMLDocumentParser.cpp:
317         (WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder):
318         * html/parser/HTMLTreeBuilder.cpp:
319         (WebCore::CustomElementConstructionData::CustomElementConstructionData):
320         (WebCore::HTMLTreeBuilder::insertGenericHTMLElement):
321         * html/parser/HTMLTreeBuilder.h:
322
323 2016-06-28  Philippe Normand  <pnormand@igalia.com>
324
325         [GStreamer] usec rounding is wrong during accurate seeking
326         https://bugs.webkit.org/show_bug.cgi?id=90734
327
328         Reviewed by Carlos Garcia Campos.
329
330         Use floor() to round the microseconds value, this is more robust
331         than roundf.
332
333         * platform/graphics/gstreamer/GStreamerUtilities.cpp:
334         (WebCore::toGstClockTime):
335         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
336         (WebCore::MediaPlayerPrivateGStreamer::playbackPosition):
337
338 2016-06-28  Philippe Normand  <pnormand@igalia.com>
339
340         [GStreamer] improved duration query support in the HTTP source element
341         https://bugs.webkit.org/show_bug.cgi?id=159204
342
343         Reviewed by Carlos Garcia Campos.
344
345         When we have the Content-Length value it is possible to infer the TIME
346         duration in most cases by performing a convert query in the downstream
347         elements. This is especially useful when the duration query wasn't
348         managed by the sinks and thus reached the source element.
349
350         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
351         (webKitWebSrcQueryWithParent):
352
353 2016-06-28  Youenn Fablet  <youenn@apple.com>
354
355         Binding generator should generate accessors for constructors safely accessed from JS builtin
356         https://bugs.webkit.org/show_bug.cgi?id=159087
357
358         Reviewed by Alex Christensen.
359
360         Removed constructor private slots direct additions in JSDOMGlobalObject.
361         Added support for generating the code that will do that.
362         Advantage of the implementation:
363         - Private slots will expose constructors that are also publically visible (previously workers had some private slots filled with WebRTC constructors).
364         - Private slots no longer require the creation of the constructors at window creation time.
365
366         Although PublicIdentifier and PrivateIdentifier are both added where needed, the binding generator does not
367         support the case of a constructor accessible only privately.
368
369         Covered by existing test set and adding binding test.
370
371         * Modules/mediastream/MediaStream.idl: Marked as PublicIdentifier/PrivateIdentifier.
372         * Modules/mediastream/MediaStreamTrack.idl: Ditto.
373         * Modules/mediastream/RTCIceCandidate.idl: Ditto.
374         * Modules/mediastream/RTCSessionDescription.idl: Ditto.
375         * Modules/streams/ReadableStream.idl: Ditto.
376         * bindings/js/JSDOMGlobalObject.cpp:
377         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Removed unneeded additions.
378         * bindings/scripts/CodeGeneratorJS.pm:
379         (GenerateImplementation): Added support for private slots for interface constructors marked as
380         PrivateIdentifier.
381         * bindings/scripts/preprocess-idls.pl:
382         (GenerateConstructorAttribute): Make PublicIdentifier/PrivateIdentifier copied interface attributes.
383         * bindings/scripts/test/GObject/WebKitDOMTestGlobalObject.cpp:
384         (webkit_dom_test_global_object_set_property):
385         (webkit_dom_test_global_object_get_property):
386         (webkit_dom_test_global_object_class_init):
387         (webkit_dom_test_global_object_get_public_and_private_attribute):
388         (webkit_dom_test_global_object_set_public_and_private_attribute):
389         * bindings/scripts/test/GObject/WebKitDOMTestGlobalObject.h:
390         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
391         (WebCore::JSTestGlobalObject::finishCreation):
392         (WebCore::jsTestGlobalObjectPublicAndPrivateAttribute):
393         (WebCore::setJSTestGlobalObjectPublicAndPrivateAttribute):
394         * bindings/scripts/test/ObjC/DOMTestGlobalObject.h:
395         * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm:
396         (-[DOMTestGlobalObject publicAndPrivateAttribute]):
397         (-[DOMTestGlobalObject setPublicAndPrivateAttribute:]):
398         * bindings/scripts/test/TestGlobalObject.idl:
399
400
401 2016-06-27  Jer Noble  <jer.noble@apple.com>
402
403         REGRESSION?(r202466): http/tests/security/canvas-remote-read-remote-video-redirect.html failing on Sierra
404         https://bugs.webkit.org/show_bug.cgi?id=159172
405         <rdar://problem/27030025>
406
407         Reviewed by Brent Fulgham.
408
409         Add a hasSingleSecurityOrigin property to WebCoreNSURLSession that gets updated each time one of that
410         sessions' tasks receieves a response or a redirect request. Check that property from the MediaPlayerPrivate.
411
412         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
413         (WebCore::MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin):
414         * platform/network/cocoa/WebCoreNSURLSession.h:
415         * platform/network/cocoa/WebCoreNSURLSession.mm:
416         (-[WebCoreNSURLSession updateHasSingleSecurityOrigin:]):
417         (-[WebCoreNSURLSession dataTaskWithRequest:]):
418         (-[WebCoreNSURLSession dataTaskWithURL:]):
419         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
420         (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]):
421
422 2016-06-27  Alex Christensen  <achristensen@webkit.org>
423
424         CMake build fix.
425
426         * PlatformMac.cmake:
427
428 2016-06-27  Youenn Fablet  <youenn@apple.com>
429
430         Remove didFailAccessControlCheck ThreadableLoaderClient callback
431         https://bugs.webkit.org/show_bug.cgi?id=159149
432
433         Reviewed by Daniel Bates.
434
435         Adding an AccessControl ResourceError type.
436         Replacing didFailAccessControlCheck callback by a direct call to didFail with an error of type AccessControl.
437
438         Making CrossOriginPreflightChecker always return an AccessControl error. Previously some errors created below
439         were passed directly to threadable loader clients.
440
441         When doing preflight on unauthorized web sites, WTR/DRT will trigger a cancellation error which was translating into an abort event in XMLHttpRequest.
442         This patch is changing the error type to AccessControl, which translates into an error event in XMLHttpReauest.
443
444         This change of behavior is seen in imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred.htm.
445         No other observable change of behavior should be expected.
446
447         * inspector/InspectorNetworkAgent.cpp: Computing error message in didFail according the error type.
448         * loader/CrossOriginPreflightChecker.cpp:
449         (WebCore::CrossOriginPreflightChecker::validatePreflightResponse): Setting preflightFailure error type to AccessControl.
450         (WebCore::CrossOriginPreflightChecker::notifyFinished): Ditto.
451         (WebCore::CrossOriginPreflightChecker::doPreflight): Ditto.
452         * loader/DocumentThreadableLoader.cpp:
453         (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest): Replacing didFailAccessControlCheck
454         callback by a direct call to didFail with an error of type AccessControl.
455         (WebCore::reportContentSecurityPolicyError): Ditto.
456         (WebCore::reportCrossOriginResourceSharingError): Ditto.
457         (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
458         (WebCore::DocumentThreadableLoader::preflightFailure): Calling didFail directly.
459         * loader/ThreadableLoaderClient.h: Removing didFailAccessControlCheck.
460         * loader/ThreadableLoaderClientWrapper.h: Ditto.
461         * loader/WorkerThreadableLoader.cpp: Ditto.
462         * loader/WorkerThreadableLoader.h: Ditto.
463         * page/EventSource.cpp:
464         (WebCore::EventSource::didFail): Removing didFailAccessControlCheck and putting handling code in didFail.
465         * page/EventSource.h:
466         * platform/network/ResourceErrorBase.cpp:
467         (WebCore::ResourceErrorBase::setType): Softening the assertion to cover the case of migration to AccessControl.
468         * platform/network/ResourceErrorBase.h: Adding AccessControl error type.
469         (WebCore::ResourceErrorBase::isAccessControl):
470
471 2016-06-27  Chris Dumez  <cdumez@apple.com>
472
473         HTMLElement / SVGElement should implement GlobalEventHandlers, not Element
474         https://bugs.webkit.org/show_bug.cgi?id=159191
475         <rdar://problem/27019299>
476
477         Reviewed by Ryosuke Niwa.
478
479         HTMLElement / SVGElement should implement GlobalEventHandlers, not Element:
480         - https://html.spec.whatwg.org/multipage/dom.html#htmlelement
481         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
482
483         Firefox and Chrome behave as per the specification.
484
485         Fixing this also fixes rendering on http://survey123.arcgis.com/.
486
487         No new tests, covered by existing tests that were rebaselined.
488
489         * dom/Element.idl:
490         * html/HTMLElement.idl:
491         * svg/SVGElement.idl:
492
493 2016-06-27  Myles C. Maxfield  <mmaxfield@apple.com>
494
495         [macOS] Test gardening: Generic font families should not map to fonts which aren't installed
496         https://bugs.webkit.org/show_bug.cgi?id=159111
497         <rdar://problem/25807529>
498
499         Unreviewed.
500
501         Osaka-Mono does not come preinstalled on macOS Sierra. However, many Japanese users
502         will have the font installed. Before setting the generic font family, we should check
503         to see if the font is present.
504
505         * page/cocoa/SettingsCocoa.mm:
506         (WebCore::osakaMonoIsInstalled):
507         (WebCore::Settings::initializeDefaultFontFamilies):
508
509 2016-06-24  Ryosuke Niwa  <rniwa@webkit.org>
510
511         Don't keep all newly created potential custom elements alive when the feature is disabled
512         https://bugs.webkit.org/show_bug.cgi?id=159113
513
514         Reviewed by Daniel Bates.
515
516         Don't keep all HTML unknown elements which has a valid custom element alive when the feature is turned off.
517
518         Ideally we want to conform to the behavior in the Custom Elements specification and only upgrade an element
519         that is inserted into the document. We'll implement that later.
520
521         * dom/Document.cpp:
522         (WebCore::createHTMLElementWithNameValidation):
523
524 2016-06-27  Simon Fraser  <simon.fraser@apple.com>
525
526         [iOS] -webkit-overflow-scrolling: touch prevents repaint with RTL
527         https://bugs.webkit.org/show_bug.cgi?id=159186
528         rdar://problem/26659341
529
530         Reviewed by Zalan Bujtas.
531         
532         There were two issues with repaints in -webkit-overflow-scrolling:touch scrolling
533         layers.
534
535         First, if the scrolled contents were inline (e.g. a <span>), then repaints were
536         broken because RenderInline didn't call shouldApplyClipAndScrollPositionForRepaint().
537         Fix by making shouldApplyClipAndScrollPositionForRepaint() a member function of RenderBox
538         and calling it from RenderBox::computeRectForRepaint() and RenderInline::clippedOverflowRectForRepaint().
539
540         Second, repaints were broken in RTL because RenderLayerBacking::setContentsNeedDisplayInRect()
541         confused scroll offset and scroll position; it needs to subtract scrollPosition.
542         
543         Finally renamed to applyCachedClipAndScrollOffsetForRepaint() to applyCachedClipAndScrollPositionForRepaint()
544         to make it clear that it uses scrollPosition, not scrollOffset.
545
546         Tests: compositing/scrolling/touch-scrolling-repaint-spans.html
547                compositing/scrolling/touch-scrolling-repaint.html
548
549         * rendering/RenderBox.cpp:
550         (WebCore::RenderBox::applyCachedClipAndScrollPositionForRepaint):
551         (WebCore::RenderBox::shouldApplyClipAndScrollPositionForRepaint):
552         (WebCore::RenderBox::computeRectForRepaint):
553         (WebCore::RenderBox::applyCachedClipAndScrollOffsetForRepaint): Deleted.
554         (WebCore::shouldApplyContainersClipAndOffset): Deleted.
555         * rendering/RenderBox.h:
556         * rendering/RenderInline.cpp:
557         (WebCore::RenderInline::clippedOverflowRectForRepaint):
558         (WebCore::RenderInline::computeRectForRepaint):
559         * rendering/RenderLayerBacking.cpp:
560         (WebCore::RenderLayerBacking::setContentsNeedDisplayInRect):
561         * rendering/RenderObject.cpp:
562         (WebCore::RenderObject::computeRectForRepaint):
563
564 2016-06-27  Commit Queue  <commit-queue@webkit.org>
565
566         Unreviewed, rolling out r202436.
567         https://bugs.webkit.org/show_bug.cgi?id=159190
568
569         We don't need to make this change. (Requested by thorton on
570         #webkit).
571
572         Reverted changeset:
573
574         "Do not use iOS specific telephone detection on macOS."
575         https://bugs.webkit.org/show_bug.cgi?id=159096
576         http://trac.webkit.org/changeset/202436
577
578 2016-06-27  Benjamin Poulain  <benjamin@webkit.org>
579
580         Adopt the iOS TouchEventHandler API for cases that must have synchronous dispatch
581         https://bugs.webkit.org/show_bug.cgi?id=159179
582         rdar://problem/27006387
583
584         Reviewed by Simon Fraser.
585
586         Tests: fast/events/touch/ios/block-without-overflow-scroll-and-passive-observer-on-block-scrolling-state.html
587                fast/events/touch/ios/block-without-overflow-scroll-and-passive-observer-on-document-scrolling-state.html
588                fast/events/touch/ios/block-without-overflow-scroll-scrolling-state.html
589                fast/events/touch/ios/drag-block-without-overflow-scroll-and-passive-observer-on-block.html
590                fast/events/touch/ios/drag-block-without-overflow-scroll-and-passive-observer-on-document.html
591                fast/events/touch/ios/drag-block-without-overflow-scroll.html
592
593         * dom/Document.cpp:
594         (WebCore::Document::prepareForDestruction):
595         (WebCore::Document::removeAllEventListeners):
596         * dom/Node.cpp:
597         (WebCore::Node::willBeDeletedFrom):
598         (WebCore::tryAddEventListener):
599         (WebCore::tryRemoveEventListener):
600         * html/shadow/SliderThumbElement.cpp:
601         (WebCore::SliderThumbElement::registerForTouchEvents):
602         (WebCore::SliderThumbElement::unregisterForTouchEvents):
603         * rendering/RenderLayer.cpp:
604         (WebCore::RenderLayer::registerAsTouchEventListenerForScrolling):
605         (WebCore::RenderLayer::unregisterAsTouchEventListenerForScrolling):
606
607 2016-06-27  Alex Christensen  <achristensen@webkit.org>
608
609         Fix Windows build.
610
611         * bindings/js/SerializedScriptValue.h:
612         WTF
613
614 2016-06-27  Commit Queue  <commit-queue@webkit.org>
615
616         Unreviewed, rolling out r202520.
617         https://bugs.webkit.org/show_bug.cgi?id=159185
618
619         This change broke the 32-bit El Capitan build (Requested by
620         ryanhaddad on #webkit).
621
622         Reverted changeset:
623
624         "REGRESSION?(r202466): http/tests/security/canvas-remote-read-
625         remote-video-redirect.html failing on Sierra"
626         https://bugs.webkit.org/show_bug.cgi?id=159172
627         http://trac.webkit.org/changeset/202520
628
629 2016-06-27  Jer Noble  <jer.noble@apple.com>
630
631         REGRESSION?(r202466): http/tests/security/canvas-remote-read-remote-video-redirect.html failing on Sierra
632         https://bugs.webkit.org/show_bug.cgi?id=159172
633         <rdar://problem/27030025>
634
635         Reviewed by Brent Fulgham.
636
637         Add a hasSingleSecurityOrigin property to WebCoreNSURLSession that gets updated each time one of that
638         sessions' tasks receieves a response or a redirect request. Check that property from the MediaPlayerPrivate.
639
640         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
641         (WebCore::MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin):
642         * platform/network/cocoa/WebCoreNSURLSession.h:
643         * platform/network/cocoa/WebCoreNSURLSession.mm:
644         (-[WebCoreNSURLSession updateHasSingleSecurityOrigin:]):
645         (-[WebCoreNSURLSession dataTaskWithRequest:]):
646         (-[WebCoreNSURLSession dataTaskWithURL:]):
647         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
648         (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]):
649
650 2016-06-27  Benjamin Poulain  <benjamin@webkit.org>
651
652         Fix style invalidation for :active when the activated node has no renderer
653         https://bugs.webkit.org/show_bug.cgi?id=159125
654
655         Reviewed by Antti Koivisto.
656
657         Same old bug: a style invalidation path was depending
658         on the style.
659
660         Here we really need both flags. An element can have
661         childrenAffectedByActive() false and renderStyle->affectedByActive() true
662         if it was subject to style sharing.
663
664         The element state "childrenAffectedByActive" should be renamed
665         "styleAffectedByActive" since it is not a parent invalidation flag.
666         That will be done separately.
667
668         Tests: fast/css/pseudo-active-on-labeled-control-without-renderer.html
669                fast/css/pseudo-active-style-sharing-1.html
670                fast/css/pseudo-active-style-sharing-2.html
671                fast/css/pseudo-active-style-sharing-3.html
672                fast/css/pseudo-active-style-sharing-4.html
673                fast/css/pseudo-active-style-sharing-5.html
674                fast/css/pseudo-active-style-sharing-6.html
675
676         * dom/Element.cpp:
677         (WebCore::Element::setActive):
678         * style/StyleRelations.cpp:
679         (WebCore::Style::commitRelationsToRenderStyle):
680
681 2016-06-27  Joanmarie Diggs  <jdiggs@igalia.com>
682
683         AX: REGRESSION (r202063): ARIA role attribute is being ignored for label element
684         https://bugs.webkit.org/show_bug.cgi?id=159162
685
686         Reviewed by Chris Fleizach.
687
688         createFromRenderer() was creating an AccessibilityLabel for any HTMLLabelElement which
689         lacked an explicitly-handled ARIA role. We should instead create an AccessibilityLabel
690         when there is no ARIA role.
691
692         Test: accessibility/aria-role-on-label.html
693
694         * accessibility/AXObjectCache.cpp:
695         (WebCore::createFromRenderer):
696
697 2016-06-27  Commit Queue  <commit-queue@webkit.org>
698
699         Unreviewed, rolling out r202505.
700         https://bugs.webkit.org/show_bug.cgi?id=159169
701
702         The test added with this change is flaky and it caused an
703         existing test to time out on El Capitan. (Requested by
704         ryanhaddad on #webkit).
705
706         Reverted changeset:
707
708         "[iOS] Media controls are too cramped with small video"
709         https://bugs.webkit.org/show_bug.cgi?id=158815
710         http://trac.webkit.org/changeset/202505
711
712 2016-06-27  Benjamin Poulain  <bpoulain@apple.com>
713
714         Add :focus-within to the status page
715
716         * features.json:
717         I forgot to update the json file when landing the feature.
718
719 2016-06-27  Eric Carlson  <eric.carlson@apple.com>
720
721         [Mac] PiP placeholder should remain visible when 'controls' attribute is removed
722         https://bugs.webkit.org/show_bug.cgi?id=159158
723         <rdar://problem/26727435>
724
725         Reviewed by Jer Noble.
726
727         No new tests, existing test updated.
728
729         * Modules/mediacontrols/mediaControlsApple.js:
730         (Controller.prototype.shouldHaveControls): Always return true when in PiP or AirPlay mode.
731
732 2016-06-27  Oliver Hunt  <oliver@apple.com>
733
734         Update ATS WebContent exception for more robust framework information
735         https://bugs.webkit.org/show_bug.cgi?id=159151
736
737         Reviewed by Alex Christensen.
738
739         We found some unexpected poor interaction with AVFoundation in the existing
740         CFNetwork SPI. This new SPI is more solid and let's us provide more useful
741         information while also being more future proof against new frameworks and
742         ATS modes.
743
744         * platform/network/mac/ResourceHandleMac.mm:
745         (WebCore::ResourceHandle::createNSURLConnection):
746
747 2016-06-27  Antoine Quint  <graouts@apple.com>
748
749         [iOS] Media controls are too cramped with small video
750         https://bugs.webkit.org/show_bug.cgi?id=158815
751         <rdar://problem/26824238>
752
753         Reviewed by Dean Jackson.
754
755         In updateLayoutForDisplayedWidth(), we try to ensure a minimum width is guaranteed
756         for the progress indicator. However, we were not accounting for the width used by
757         the current and remaining time labels on either side of it, so we would incorrectly
758         conclude that we were guaranteeing the minimum time and yield incorrect layouts since
759         we were trying to fit more buttons than we had room for.
760
761         In order to correctly compute the available width for the progress indicator, we now
762         have clones of the current and remaining time labels, hidden from video and VoiceOver,
763         that we update along with the originals. The same styles apply to both clones and
764         originals, so we may measure the clones to determine the space used by the time labels.
765         The reason we need to use clones is that if the time labels had previously been hidden
766         from view, precisely because there was not enough space to display them along with the
767         progress indicator, then trying to obtain metrics from them would yield 0 since they had
768         "display: none" styles applied. In order to avoid extra layouts and possible flashing, we
769         use the clones so that we never have to toggle the "display" property of the originals
770         just to obtain their measurements.
771
772         As a result of this change, we adjust the constant used to set the minimum required
773         width available to display the progress indicator after all other essential controls
774         and labels have been measured. That constant used to account for the width of the
775         time labels, and this is no longer correct.
776
777         Test: media/video-controls-drop-and-restore-timeline.html
778
779         * Modules/mediacontrols/mediaControlsApple.css:
780         (::-webkit-media-controls-time-remaining-display.clone):
781         * Modules/mediacontrols/mediaControlsApple.js:
782         (Controller):
783         (Controller.prototype.createTimeClones):
784         (Controller.prototype.removeTimeClass):
785         (Controller.prototype.addTimeClass):
786         (Controller.prototype.updateDuration):
787         (Controller.prototype.updateLayoutForDisplayedWidth):
788         (Controller.prototype.updateTime):
789         (Controller.prototype.updateControlsWhileScrubbing):
790         * Modules/mediacontrols/mediaControlsiOS.css:
791         (::-webkit-media-controls-time-remaining-display.clone):
792         * Modules/mediacontrols/mediaControlsiOS.js:
793
794 2016-06-27  Anders Carlsson  <andersca@apple.com>
795
796         No error message when passing an invalid API version to ApplePaySession constructor
797         https://bugs.webkit.org/show_bug.cgi?id=159154
798
799         Reviewed by Tim Horton.
800
801         Log an error message if the version is not supported. Also, check for version 0 since that is also not supported.
802
803         * Modules/applepay/ApplePaySession.cpp:
804         (WebCore::ApplePaySession::create):
805
806 2016-06-27  Joanmarie Diggs  <jdiggs@igalia.com>
807
808         AX: Anonymous RenderMathMLOperators are not exposed to the accessibility tree
809         https://bugs.webkit.org/show_bug.cgi?id=139582
810         <rdar://problem/26938849>
811
812         Reviewed by Chris Fleizach.
813
814         This is based on a patch by Frederic Wang <fwang@igalia.com>.
815
816         WebCore assigns the generic MathElementRole AccessibilityRole to elements
817         which are expected to be included in the accessibility tree. This assignment
818         is based on the AccessibilityRenderObject's node being a MathMLElement. The
819         anonymous RenderMathMLOperators fail that test.
820
821         From the perspective of accessibility support, these operators function
822         like MathMLElements. Furthermore, both WebCore and the platforms rely
823         upon MathElementRole to identify accessible MathML objects. The simplest
824         fix is to have AccessibilityRenderObject::isMathElement() treat anonymous
825         MathML operators as if they were MathMLElements.
826
827         Now that these operators are being exposed, we need to handle them in
828         AccessibilityRenderObject::textUnderElement() which assumes that anonymous
829         objects either have nodes or have children with nodes. And crashes when
830         that fails to be the case. Making RenderMathMLOperator::textContent()
831         public and then using it to get the text under anonymous operators solves
832         this problem. We also assign StaticTextRole to these operators on the Mac
833         because the default platform mapping of MathElementRole is GroupRole, which
834         made sense when we had a child RenderText object holding the operator.
835
836         Lastly, AccessibilityRenderObject::isIgnoredElementWithinMathTree() no
837         longer needs to special-case anonymous operators because they now have
838         MathElementRole.
839
840         Tests: accessibility/math-fenced.html
841                accessibility/math-foreign-content.html
842
843         * accessibility/AccessibilityObject.h:
844         (WebCore::AccessibilityObject::isAnonymousMathOperator):
845         * accessibility/AccessibilityRenderObject.cpp:
846         (WebCore::AccessibilityRenderObject::textUnderElement):
847         (WebCore::AccessibilityRenderObject::stringValue):
848         (WebCore::AccessibilityRenderObject::isMathElement):
849         (WebCore::AccessibilityRenderObject::isAnonymousMathOperator):
850         (WebCore::AccessibilityRenderObject::isIgnoredElementWithinMathTree):
851         * accessibility/AccessibilityRenderObject.h:
852         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
853         (-[WebAccessibilityObjectWrapper role]):
854         * rendering/mathml/RenderMathMLMath.h:
855         * rendering/mathml/RenderMathMLOperator.h:
856         (WebCore::RenderMathMLOperator::textContent):
857
858 2016-06-27  Adam Bergkvist  <adam.bergkvist@ericsson.com>
859
860         WebRTC: Remove unused RTCOfferAnswerOptionsPrivate.h
861         https://bugs.webkit.org/show_bug.cgi?id=159130
862
863         Reviewed by Eric Carlson.
864
865         Remove unused RTCOfferAnswerOptionsPrivate.h file.
866
867         * platform/mediastream/RTCOfferAnswerOptionsPrivate.h: Removed.
868
869 2016-06-27  Jer Noble  <jer.noble@apple.com>
870
871         Crash in layout test /media/video-buffered-range-contains-currentTime.html
872         https://bugs.webkit.org/show_bug.cgi?id=159109
873         <rdar://problem/26535750>
874
875         Reviewed by Alex Christensen.
876
877         Guard against a dealloc race condition by holding a retain on the session
878         until the task's _resource:loadFinishedWithError: completes, including
879         main thread callbacks.
880         
881         * platform/network/cocoa/WebCoreNSURLSession.mm:
882         (-[WebCoreNSURLSessionDataTask _resource:loadFinishedWithError:]):
883
884 2016-06-27  Frederic Wang  <fwang@igalia.com>
885
886         Set an upper limit for the size or number of pieces of stretchy operators
887         https://bugs.webkit.org/show_bug.cgi?id=155434
888
889         Reviewed by Brent Fulgham.
890
891         Stretchy MathML operators can currently use an arbitrary number of extension glyphs to cover
892         a target size. This may result in hangs if large stretch sizes are requested. This change
893         only allow at most the 128 first extensions to be painted by the MathOperator class, which
894         should really be enough for mathematical formulas used in practice.
895
896         No new tests, already tested by very-large-stretchy-operators.
897
898         * rendering/mathml/MathOperator.cpp: Add a new kMaximumExtensionCount constant.
899         (WebCore::MathOperator::fillWithVerticalExtensionGlyph): Limit the number of step in this loop to kMaximumExtensionCount.
900         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph): Ditto.
901
902 2016-06-27  Frederic Wang  <fred.wang@free.fr>
903
904         Small refactoring MathMLInlineContainerElement::createElementRenderer
905         https://bugs.webkit.org/show_bug.cgi?id=159131
906
907         Reviewed by Brent Fulgham.
908
909         Many of the MathML renderer classes have been merged during the MathML refactoring. We
910         simplify how instances are created in MathMLInlineContainerElement::createElementRenderer
911         by removing duplicate createRenderer calls.
912
913         No new tests, behavior unchanged.
914
915         * mathml/MathMLInlineContainerElement.cpp:
916         (WebCore::MathMLInlineContainerElement::createElementRenderer):
917
918 2016-06-27  Miguel Gomez  <magomez@igalia.com>
919
920         [GTK][EFL] Build with threaded compositor enabled is broken
921         https://bugs.webkit.org/show_bug.cgi?id=159138
922
923         Reviewed by Carlos Garcia Campos.
924
925         No need to set the device scale. The compositor buffer is only used for the accelerated
926         canvas scenario, and the device scale is always 1 there.
927         This change was introduced in r202421.
928
929         Covered by existing tests.
930
931         * platform/graphics/cairo/ImageBufferCairo.cpp:
932         (WebCore::ImageBufferData::createCompositorBuffer):
933
934 2016-06-27  Philippe Normand  <philn@igalia.com>
935
936         [GStreamer] top/bottom black bars added needlessly in fullscreen
937         https://bugs.webkit.org/show_bug.cgi?id=158980
938
939         Reviewed by Carlos Garcia Campos.
940
941         The natural video size calculation depends on the validity of the
942         current sample, so whenever the first sample reached the sink it's a
943         good idea to reflect this on the player which will update its natural
944         size accordingly.
945
946         Fixes an issue where black borders were added on top and bottom of
947         fullscreen video.
948
949         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
950         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
951
952 2016-06-27  Youenn Fablet  <youenn@apple.com>
953
954         Remove didFailRedirectCheck ThreadableLoaderClient callback
955         https://bugs.webkit.org/show_bug.cgi?id=159085
956
957         Reviewed by Daniel Bates.
958
959         Removing didFailRedirectCheck and using didFailAccessControlCheck instead.
960         The change in behavior is that additional error messages are outputted in the console.
961         These messages give additional debugging information.
962
963         Covered by rebased tests.
964
965         * Modules/fetch/FetchLoader.cpp: Removing didFailRedirectCheck.
966         * Modules/fetch/FetchLoader.h: Ditto.
967         * inspector/InspectorNetworkAgent.cpp: Ditto.
968         * loader/DocumentThreadableLoader.cpp:
969         (WebCore::DocumentThreadableLoader::redirectReceived): Calling didFailAccessControlCheck with information on failing
970         URL.
971         (WebCore::DocumentThreadableLoader::loadRequest): Ditto.
972         * loader/ThreadableLoaderClient.h: Removing didFailRedirectCheck.
973         * loader/ThreadableLoaderClientWrapper.h: Ditto.
974         * loader/WorkerThreadableLoader.cpp: Ditto.
975         * loader/WorkerThreadableLoader.h: Ditto.
976         * page/EventSource.cpp: Ditto.
977         * page/EventSource.h: Ditto.
978         * workers/WorkerScriptLoader.cpp: Ditto.
979         * workers/WorkerScriptLoader.h: Ditto.
980         * xml/XMLHttpRequest.cpp: Ditto.
981         * xml/XMLHttpRequest.h: Ditto.
982
983 2016-06-26  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
984
985         [EFL] Fix build warning when using geoclue2
986         https://bugs.webkit.org/show_bug.cgi?id=159128
987
988         Reviewed by Antonio Gomes.
989
990         EFL port has handled build warning as error. So EFL port
991         hasn't been built when we use geoclue2 library because a generated geoclue2 file
992         has unused-parameter build warning. To fix it this patch set to ignore the build warning
993         in the generated geoclue2 file.
994
995         * PlatformEfl.cmake:
996
997 2016-06-26  Chris Dumez  <cdumez@apple.com>
998
999         Regression: HTMLOptionsCollection's named properties have precedence over indexed properties
1000         https://bugs.webkit.org/show_bug.cgi?id=159058
1001         <rdar://problem/26988542>
1002
1003         Reviewed by Ryosuke Niwa.
1004
1005         HTMLOptionsCollection's named properties had precedence over indexed properties,
1006         which is wrong as per:
1007         http://heycam.github.io/webidl/#getownproperty-guts
1008
1009         The reason is that there was a named property getter defined on HTMLOptionsCollection
1010         but no indexed property getter. As a result, HTMLOptionsCollection would fall back to
1011         using HTMLCollection's indexed property getter but HTMLOptionsCollection's named getter
1012         would take precedence. This patch defines an indexed property getter on
1013         HTMLOptionsCollection to fix the problem.
1014
1015         Ideally, HTMLOptionsCollection would have no indexed / named property getters and would
1016         entirely rely on the ones from HTMLCollection. However, our bindings generator currently
1017         has trouble with this and requires HTMLOptionsCollection to have a named getter.
1018
1019         Test: fast/dom/HTMLSelectElement/options-indexed-getter-precedence.html
1020
1021         * html/HTMLOptionsCollection.idl:
1022
1023 2016-06-26  Chris Dumez  <cdumez@apple.com>
1024
1025         Regression(r202262): Infinite loop under searchForLinkRemovingExistingDDLinks()
1026         https://bugs.webkit.org/show_bug.cgi?id=159122
1027         <rdar://problem/27014649>
1028
1029         Reviewed by Ryosuke Niwa.
1030
1031         Infinite loop under searchForLinkRemovingExistingDDLinks() because the
1032         value returned by NodeTraversal::next() was ignored and the node iterator
1033         was never updated.
1034
1035         * editing/cocoa/DataDetection.mm:
1036         (WebCore::searchForLinkRemovingExistingDDLinks):
1037
1038 2016-06-25  Benjamin Poulain  <bpoulain@apple.com>
1039
1040         The active state of elements can break when focus changes
1041         https://bugs.webkit.org/show_bug.cgi?id=159112
1042
1043         Reviewed by Antti Koivisto.
1044
1045         The pseudo class :active was behaving weirdly when used
1046         with label elements with an associated form element.
1047         The form element would get the :active state on the first click
1048         then no longer get the state until the focus changes.
1049
1050         What was happenning is setFocusedElement() was clearing active
1051         for some unknown reason. When you really do that on an active element,
1052         you end up in an inconsistent state where no invalidation works.
1053
1054         The two tests illustrates 2 ways this breaks.
1055
1056         The test "pseudo-active-on-labeled-element-not-canceled-by-focus" clicks
1057         several time on a lable element. The first time, the input element gets
1058         the focus. The second time, it already has the focus, setFocusedElement()
1059         clears :active before finding the focusable element and end up clearing
1060         the active state on a target in the active chain.
1061
1062         The test "pseudo-active-with-programmatic-focus.html" shows how to invalidate
1063         arbitrary elements using JavaScript. This can cause severely broken active
1064         chains where invalidation never cleans some ancestors.
1065
1066         Tests: fast/css/pseudo-active-on-labeled-element-not-canceled-by-focus.html
1067                fast/css/pseudo-active-with-programmatic-focus.html
1068
1069         * dom/Document.cpp:
1070         (WebCore::Document::setFocusedElement): Deleted.
1071
1072         * page/EventHandler.cpp:
1073         (WebCore::EventHandler::handleMouseDoubleClickEvent):
1074         This is WebKit1 specific. The double click event was dispatching
1075         the mouseUp and Click with after doing an Active hit test.
1076         This causes us to have :active state in and after mouseUp in WebKit1.
1077
1078 2016-06-24  Jer Noble  <jer.noble@apple.com>
1079
1080         Consider exposing or hiding knowledge of a redirect from clients of WebCoreNSURLSession
1081         https://bugs.webkit.org/show_bug.cgi?id=156722
1082         <rdar://problem/25780035>
1083
1084         Reviewed by Alex Christensen.
1085
1086         Fixes tests: http/tests/security/contentSecurityPolicy/audio-redirect-allowed2.html
1087                      http/tests/security/contentSecurityPolicy/video-redirect-allowed2.html
1088
1089         When receieving a NSURLResponse containing a redirected URL, AVFoundadtion will use the
1090         URL in the response for subsequent requests. This violates the HTTP specification if the
1091         redirect was temporary, and it also breaks two CSP tests by bypassing the redirect step
1092         for subsequent requests.
1093
1094         Work around this behavior in AVFoundation by recreating the NSURLResponse with the original
1095         request URL in the case of a temporary redirect.
1096
1097         * platform/network/cocoa/WebCoreNSURLSession.mm:
1098         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
1099         (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]):
1100
1101 2016-06-24  Jer Noble  <jer.noble@apple.com>
1102
1103         MSE gets confused by in-band text tracks
1104         https://bugs.webkit.org/show_bug.cgi?id=159107
1105         <rdar://problem/26871330>
1106
1107         Reviewed by Eric Carlson.
1108
1109         We can't currently handle text track samples in SourceBufferPrivateAVFObjC,
1110         so don't pass them up to SourceBuffer.
1111
1112         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1113         (WebCore::SourceBufferPrivateAVFObjC::didParseStreamDataAsAsset):
1114         (WebCore::SourceBufferPrivateAVFObjC::processCodedFrame):
1115
1116 2016-06-24  Mark Lam  <mark.lam@apple.com>
1117
1118         [JSC] Error prototypes are called on remote scripts.
1119         https://bugs.webkit.org/show_bug.cgi?id=52192
1120
1121         Reviewed by Keith Miller.
1122
1123         Test: http/tests/security/regress-52192.html
1124
1125         Parsing errors are reported to the main script's window.onerror function.  AFAIK,
1126         both Chrome and Firefox have the error reporting mechanism use an internal
1127         sanitized version of Error.prototype.toString() that will not invoke any getters
1128         or proxies instead.
1129
1130         This patch fixes this issue by matching Chrome and Firefox's behavior.
1131
1132         Note: we did not choose to make error objects and prototypes read-only because
1133         that was observed to have broken the web.
1134         See https://bugs.chromium.org/p/chromium/issues/detail?id=69187#c73
1135
1136         Credit for reporting this issue goes to Daniel Divricean (http://divricean.ro).
1137
1138         * bindings/js/JSDOMBinding.cpp:
1139         (WebCore::reportException):
1140         * ForwardingHeaders/runtime/ErrorInstance.h: Added.
1141
1142 2016-06-24  Jer Noble  <jer.noble@apple.com>
1143
1144         Media elements should not lose playback controls when muted by a user gesture
1145         https://bugs.webkit.org/show_bug.cgi?id=159078
1146         <rdar://problem/26925904>
1147
1148         Reviewed by Beth Dakin.
1149
1150         Rearrange canControlControlsManager() so that the muted check only occurs if
1151         a user gesture is required.
1152
1153         * html/MediaElementSession.cpp:
1154         (WebCore::MediaElementSession::canControlControlsManager):
1155
1156 2016-06-24  Beth Dakin  <bdakin@apple.com>
1157
1158         Include enclosingListType in EditorState
1159         https://bugs.webkit.org/show_bug.cgi?id=159102
1160         -and corresponding-
1161         rdar://problem/26932490
1162
1163         Reviewed by Enrica Casucci.
1164
1165         Make HTMLOListElement.h and HTMLUListElement.h Private instead of Project.
1166         * WebCore.xcodeproj/project.pbxproj:
1167
1168         Export enclosingList(Node*)
1169         * editing/htmlediting.h:
1170
1171 2016-06-24  Anders Carlsson  <andersca@apple.com>
1172
1173         Another Windows build fix.
1174
1175         * platform/network/BlobRegistry.h:
1176
1177 2016-06-24  Anders Carlsson  <andersca@apple.com>
1178
1179         Yet another Windows build fix.
1180
1181         * dom/ActiveDOMCallbackMicrotask.h:
1182
1183 2016-06-24  Anders Carlsson  <andersca@apple.com>
1184
1185         Another Windows build fix.
1186
1187         * page/FrameView.h:
1188
1189 2016-06-24  Anders Carlsson  <andersca@apple.com>
1190
1191         Inline more of the Apple Pay source code
1192         https://bugs.webkit.org/show_bug.cgi?id=159099
1193
1194         Reviewed by Andreas Kling.
1195
1196         * page/Settings.h:
1197         (WebCore::Settings::applePayEnabled):
1198         (WebCore::Settings::setApplePayEnabled):
1199         (WebCore::Settings::applePayCapabilityDisclosureAllowed):
1200         (WebCore::Settings::setApplePayCapabilityDisclosureAllowed):
1201
1202 2016-06-24  Anders Carlsson  <andersca@apple.com>
1203
1204         Windows build fix.
1205
1206         * platform/GenericTaskQueue.h:
1207         (WebCore::TaskDispatcher::postTask):
1208
1209 2016-06-24  Frederic Wang  <fwang@igalia.com>
1210
1211         Use auto* for MathML elements and renderers when possible
1212         https://bugs.webkit.org/show_bug.cgi?id=159090
1213
1214         Reviewed by Alex Christensen.
1215
1216         No new tests, behavior is unchanged.
1217
1218         * mathml/MathMLElement.cpp:
1219         (WebCore::MathMLElement::attributeChanged):
1220         * mathml/MathMLSelectElement.cpp:
1221         (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
1222         (WebCore::MathMLSelectElement::getSelectedActionChild):
1223         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
1224         (WebCore::MathMLSelectElement::updateSelectedChild):
1225         * rendering/mathml/RenderMathMLFraction.cpp:
1226         (WebCore::RenderMathMLFraction::isValid):
1227         * rendering/mathml/RenderMathMLMenclose.cpp:
1228         (WebCore::RenderMathMLMenclose::layoutBlock):
1229         * rendering/mathml/RenderMathMLRoot.cpp:
1230         (WebCore::RenderMathMLRoot::isValid):
1231         * rendering/mathml/RenderMathMLRow.cpp:
1232         (WebCore::RenderMathMLRow::firstLineBaseline):
1233         (WebCore::RenderMathMLRow::computeLineVerticalStretch):
1234         (WebCore::RenderMathMLRow::computePreferredLogicalWidths):
1235         (WebCore::RenderMathMLRow::layoutRowItems):
1236         * rendering/mathml/RenderMathMLScripts.cpp:
1237         (WebCore::RenderMathMLScripts::unembellishedOperator):
1238         (WebCore::RenderMathMLScripts::getBaseAndScripts):
1239         (WebCore::RenderMathMLScripts::computePreferredLogicalWidths):
1240         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
1241         (WebCore::RenderMathMLScripts::layoutBlock):
1242         (WebCore::RenderMathMLScripts::firstLineBaseline):
1243         * rendering/mathml/RenderMathMLUnderOver.cpp:
1244         (WebCore::RenderMathMLUnderOver::firstLineBaseline):
1245         (WebCore::RenderMathMLUnderOver::isValid):
1246         (WebCore::RenderMathMLUnderOver::over):
1247
1248 2016-06-24  Joseph Pecoraro  <pecoraro@apple.com>
1249
1250         Remove unused and static return value from InspectorStyle::populateAllProperties
1251         https://bugs.webkit.org/show_bug.cgi?id=159069
1252
1253         Reviewed by Andreas Kling.
1254
1255         * inspector/InspectorStyleSheet.cpp:
1256         (WebCore::InspectorStyle::populateAllProperties):
1257         * inspector/InspectorStyleSheet.h:
1258
1259 2016-06-21  Anders Carlsson  <andersca@apple.com>
1260
1261         Rename NoncopyableFunction to Function
1262         https://bugs.webkit.org/show_bug.cgi?id=158354
1263
1264         Reviewed by Chris Dumez.
1265
1266         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
1267         (WebCore::MediaEndpointPeerConnection::runTask):
1268         * Modules/mediastream/MediaEndpointPeerConnection.h:
1269         * Modules/webaudio/AudioDestinationNode.h:
1270         (WebCore::AudioDestinationNode::resume):
1271         (WebCore::AudioDestinationNode::suspend):
1272         (WebCore::AudioDestinationNode::close):
1273         * Modules/webaudio/DefaultAudioDestinationNode.cpp:
1274         (WebCore::DefaultAudioDestinationNode::resume):
1275         (WebCore::DefaultAudioDestinationNode::suspend):
1276         (WebCore::DefaultAudioDestinationNode::close):
1277         * Modules/webaudio/DefaultAudioDestinationNode.h:
1278         * dom/ActiveDOMCallbackMicrotask.cpp:
1279         (WebCore::ActiveDOMCallbackMicrotask::ActiveDOMCallbackMicrotask):
1280         * dom/ActiveDOMCallbackMicrotask.h:
1281         * dom/ScriptExecutionContext.h:
1282         (WebCore::ScriptExecutionContext::Task::Task):
1283         * fileapi/AsyncFileStream.cpp:
1284         (WebCore::callOnFileThread):
1285         (WebCore::AsyncFileStream::perform):
1286         * fileapi/AsyncFileStream.h:
1287         * page/FrameView.cpp:
1288         (WebCore::FrameView::queuePostLayoutCallback):
1289         (WebCore::FrameView::flushPostLayoutTasksQueue):
1290         * page/FrameView.h:
1291         * page/scrolling/ScrollingThread.cpp:
1292         (WebCore::ScrollingThread::dispatch):
1293         (WebCore::ScrollingThread::dispatchBarrier):
1294         (WebCore::ScrollingThread::dispatchFunctionsFromScrollingThread):
1295         * page/scrolling/ScrollingThread.h:
1296         * platform/GenericTaskQueue.cpp:
1297         (WebCore::TaskDispatcher<Timer>::postTask):
1298         * platform/GenericTaskQueue.h:
1299         (WebCore::TaskDispatcher::postTask):
1300         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
1301         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
1302         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::scheduleDeferredTask):
1303         * platform/mediastream/MediaStreamPrivate.cpp:
1304         (WebCore::MediaStreamPrivate::scheduleDeferredTask):
1305         * platform/mediastream/MediaStreamPrivate.h:
1306         * platform/mediastream/mac/AVMediaCaptureSource.h:
1307         * platform/mediastream/mac/AVMediaCaptureSource.mm:
1308         (WebCore::AVMediaCaptureSource::scheduleDeferredTask):
1309         * style/StyleTreeResolver.cpp:
1310         (WebCore::Style::postResolutionCallbackQueue):
1311         (WebCore::Style::queuePostResolutionCallback):
1312         * style/StyleTreeResolver.h:
1313
1314 2016-06-24  Amir Alavi  <aalavi@apple.com>
1315
1316         Use _CFHTTPCookieStorageGetDefault directly instead of NSHTTPCookieStorage to get default cookie storage
1317         https://bugs.webkit.org/show_bug.cgi?id=159095
1318         rdar://problem/26630073
1319
1320         Reviewed by Brent Fulgham.
1321
1322         No new tests, it isn't possible to test this in a LayoutTest.
1323
1324         * platform/network/mac/CookieJarMac.mm:
1325         (WebCore::httpCookiesForURL): Get a CFHTTPCookieStorageRef when no cookie storage is provided to match the case when cookie storage is provided.
1326
1327 2016-06-24  Enrica Casucci  <enrica@apple.com>
1328
1329         Do not use iOS specific telephone detection on macOS.
1330         https://bugs.webkit.org/show_bug.cgi?id=159096
1331         rdar://problem/25870571
1332
1333         Reviewed by Anders Carlsson.
1334
1335         Adding platform guard.
1336
1337         * platform/cocoa/TelephoneNumberDetectorCocoa.cpp:
1338         (WebCore::TelephoneNumberDetector::phoneNumbersScanner):
1339
1340 2016-06-24  Jer Noble  <jer.noble@apple.com>
1341
1342         Unreviewed build fix after r202429; AVStreamDataParser does not exist on iOS.
1343
1344         * platform/spi/mac/AVFoundationSPI.h:
1345
1346 2016-06-24  Jer Noble  <jer.noble@apple.com>
1347
1348         Unreviewed build fix after r202429; Fix the type of the delegate property on AVStreamDataParser.
1349
1350         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1351         * platform/spi/mac/AVFoundationSPI.h:
1352
1353 2016-06-02  Jer Noble  <jer.noble@apple.com>
1354
1355         [MSE] Adopt +[AVStreamDataParser outputMIMECodecParameterForInputMIMECodecParameter:]
1356         https://bugs.webkit.org/show_bug.cgi?id=158312
1357
1358         Reviewed by Eric Carlson.
1359
1360         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
1361         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::supportsType):
1362
1363         Move the declaration of AVStreamDataParser into AVFoundationSPI.h:
1364
1365         * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm:
1366         (WebCore::CDMSessionAVStreamSession::update):
1367         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
1368         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1369         (-[WebAVStreamDataParserListener streamDataParser:didProvideMediaData:forTrackID:mediaType:flags:]):
1370         * platform/spi/mac/AVFoundationSPI.h:
1371
1372 2016-06-24  Eric Carlson  <eric.carlson@apple.com>
1373
1374         [iOS, Mac] Assume a media file has audio during AirPlay
1375         https://bugs.webkit.org/show_bug.cgi?id=159088
1376         <rdar://problem/24616592>
1377
1378         Reviewed by Jer Noble.
1379
1380         No new tests, it isn't possible to test this in a LayoutTest.
1381
1382         * html/HTMLMediaElement.cpp:
1383         (WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged): Call 
1384           mediaSession->setCanProduceAudio(true) when AirPlay becomes active.
1385
1386 2016-06-24  Jer Noble  <jer.noble@apple.com>
1387
1388         Playback controls refer to wrong element when playing multiple items in a page.
1389         https://bugs.webkit.org/show_bug.cgi?id=159076
1390         <rdar://problem/26953532>
1391
1392         Reviewed by Beth Dakin.
1393
1394         Use a new method PlatformMediaSessionManager::currentSessionMatching() to get
1395         the most recently active media element which qualifies for playback controls.
1396
1397         * html/HTMLMediaElement.cpp:
1398         (WebCore::HTMLMediaElement::updatePlaybackControlsManager): Get the most recently active session.
1399         * html/MediaElementSession.cpp:
1400         (WebCore::MediaElementSession::canControlControlsManager): Make virtual; no longer takes an element.
1401         * html/MediaElementSession.h:
1402         (isType): Allow downcasting from PlatformMediaSession -> MediaElementSession.
1403         * page/ChromeClient.h:
1404         * platform/audio/PlatformMediaSession.h:
1405         (WebCore::PlatformMediaSession::canControlControlsManager): Defaults to false;
1406         * platform/audio/PlatformMediaSessionManager.cpp:
1407         (WebCore::PlatformMediaSessionManager::currentSessionMatching): Added.
1408         * platform/audio/PlatformMediaSessionManager.h:
1409
1410 2016-06-24  Dan Bernstein  <mitz@apple.com>
1411
1412         Fixed the macOS build.
1413
1414         * platform/spi/cocoa/DataDetectorsCoreSPI.h:
1415
1416 2016-06-24  Dan Bernstein  <mitz@apple.com>
1417
1418         [iOS] Inline DataDetectorsAdditions.h
1419         https://bugs.webkit.org/show_bug.cgi?id=159093
1420
1421         Reviewed by Anders Carlsson.
1422
1423         * editing/cocoa/DataDetection.mm:
1424         (WebCore::constructURLStringForResult): Use soft-linked constant directly.
1425
1426         * platform/cocoa/DataDetectorsCoreSoftLink.h: Declare soft-linked constant.
1427         * platform/cocoa/DataDetectorsCoreSoftLink.mm: Define soft-linked constant.
1428         * platform/spi/cocoa/DataDetectorsCoreSPI.h: Declare constant.
1429
1430 2016-06-24  Yusuke Suzuki  <utatane.tea@gmail.com>
1431
1432         [GTK][EFL] ImageBufferCairo should accept resolution factor
1433         https://bugs.webkit.org/show_bug.cgi?id=157848
1434
1435         Reviewed by Martin Robinson.
1436
1437         ImageBufferCairo ignored the resolution factor passed in its constructor.
1438         This resolution factor is originally introduced for HiDPI Canvas,
1439         and since HiDPI canvas is not enabled in the ports using Cairo,
1440         the lack of this implementation does not cause any problems.
1441         And now, HiDPI Canvas is removed from the tree.
1442
1443         However, WebKit CSS filter uses this path.
1444         The missing implementation is required under the HiDPI environment.
1445
1446         Since Cairo surface can have the device scale factor transparently,
1447         the operations onto the surface is correctly done in the logical coordinate system.
1448         So all we need to handle carefully is the direct surface modification done
1449         in filter effects.
1450
1451         In this patch, we extend the image buffer size according to the resolution factor,
1452         as the same to the CoreGraphics' implementation (ImageBufferCG). And by setting the
1453         device scale factor of the surface correctly, we ensure that the rest of the Cairo
1454         painting stack works with the existing logical coordinate system. And in ImageBufferCairo,
1455         we carefully handle the logical and backing store coordinate system.
1456
1457         The attached test applies the CSS filter onto the svg image. And we resize the image size,
1458         and perform scrolling. It incurs the paint, and filter effect recalcuation.
1459         In that path, the filter effect side assumes that the image buffer size is scaled with the
1460         resolution factor. So without this patch, it incurs buffer overflow and leads WebProcess crash.
1461
1462         * platform/graphics/IntPoint.h:
1463         (WebCore::IntPoint::scale):
1464         * platform/graphics/cairo/ImageBufferCairo.cpp:
1465         (WebCore::ImageBufferData::createCompositorBuffer):
1466         (WebCore::ImageBuffer::ImageBuffer):
1467         (WebCore::ImageBuffer::copyImage):
1468         (WebCore::ImageBuffer::platformTransformColorSpace):
1469         (WebCore::getImageData):
1470         (WebCore::logicalUnit):
1471         (WebCore::backingStoreUnit):
1472         (WebCore::ImageBuffer::getUnmultipliedImageData):
1473         (WebCore::ImageBuffer::getPremultipliedImageData):
1474         (WebCore::ImageBuffer::putByteArray):
1475         (WebCore::ImageBuffer::copyToPlatformTexture):
1476
1477 2016-06-24  Frederic Wang  <fwang@igalia.com>
1478
1479         Refactor RenderMathMLOperator and RenderMathMLToken to avoid using anonymous renderers.
1480         https://bugs.webkit.org/show_bug.cgi?id=155018
1481
1482         Reviewed by Martin Robinson.
1483
1484         No new tests, already covered by existing tests.
1485
1486         We use MathOperator for RenderMathMLOperator to avoid creating anonymous text nodes again
1487         and again. We reimplement implicit mathvariant="italic" on single-char mi in a way that does
1488         not rely on creating anonymous text nodes. Finally, we improve the determination/update of
1489         when mathvariant is italic to avoid breaking foreign-mi-dynamic test.
1490         The change in the render tree structure breaks mfenced accessibility support but that will
1491         be fixed in follow-up patches. The simplifications made here will also allow to simplify the
1492         accessibility code.
1493
1494         * css/mathml.css:
1495         (mo): Deleted. This flexbox rule is no longer needed.
1496         * rendering/mathml/RenderMathMLBlock.cpp:
1497         (WebCore::RenderMathMLBlock::createAnonymousMathMLBlock): Deleted. We no longer need to
1498         create anonymous renderer with this function.
1499         * rendering/mathml/RenderMathMLBlock.h: Delete createAnonymousMathMLBlock.
1500         * rendering/mathml/RenderMathMLOperator.cpp: Implement layout functions without relying on
1501         flexbox or anonymous.
1502         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Handle the case of !useMathOperator()
1503         for which we need to add extra operator spacing after the RenderMathMLToken layout.
1504         (WebCore::RenderMathMLOperator::layoutBlock): Ditto.
1505         (WebCore::RenderMathMLOperator::isChildAllowed): Deleted. We allow the non-anonymous text.
1506         (WebCore::RenderMathMLOperator::rebuildTokenContent): No longer destroy and rebuild
1507         anonymous wrapper. Remove updateStyle call.
1508         (WebCore::RenderMathMLOperator::updateStyle): Deleted. We no longer need anonymous style for the spacing.
1509         * rendering/mathml/RenderMathMLOperator.h: Remove updateStyle() and isChildAllowed().
1510         Make textContent() public so that it can be accessed from the accessibility code.
1511         * rendering/mathml/RenderMathMLToken.cpp: Reimplement implicit mathvariant="italic" by
1512         painting MATHEMATICAL ITALIC characters instead of styling an anonymous wrapper.
1513         (WebCore::RenderMathMLToken::RenderMathMLToken): Init m_mathVariantGlyph and m_mathVariantGlyphDirty
1514         (WebCore::RenderMathMLToken::updateTokenContent): Set mathvariant glyph dirty when the content changes.
1515         (WebCore::transformToItalic): Helper function to map latin and greek alphabets to their
1516         MATHEMATICAL ITALIC counterpart.
1517         (WebCore::RenderMathMLToken::computePreferredLogicalWidths): Implement this function to
1518         handle the case where the mathvariant glyph is used.
1519         (WebCore::RenderMathMLToken::updateMathVariantGlyph): Helper function to update the mathvariant glyph.
1520         For now, we try and keep with the old (and limited) implementation: a mathvariant glyph may
1521         only used for single-char <mi> without mathvariant attribute attached to it.
1522         (WebCore::RenderMathMLToken::styleDidChange): Set the mathvariant glyph dirty when the style
1523         changes.
1524         (WebCore::RenderMathMLToken::updateFromElement): Remove updateStyle call and set mathvariant
1525         glyph dirty.
1526         (WebCore::RenderMathMLToken::firstLineBaseline): Implement this function to handle the case
1527          where the mathvariant glyph is used.
1528         (WebCore::RenderMathMLToken::layoutBlock): Ditto.
1529         (WebCore::RenderMathMLToken::paint): Ditto.
1530         (WebCore::RenderMathMLToken::paintChildren): Ditto.
1531         (WebCore::RenderMathMLToken::addChild): Deleted. No need to bother with anonymous renderer
1532         or style.
1533         (WebCore::RenderMathMLToken::createWrapperIfNeeded): Deleted. Ditto.
1534         (WebCore::RenderMathMLToken::updateStyle): Deleted. Ditto.
1535         * rendering/mathml/RenderMathMLToken.h: Update declarations of functions.
1536         (WebCore::RenderMathMLToken::setMathVariantGlyphDirty): Helper function to indicate that the
1537         mathvariant glyph will need to be updated.
1538
1539 2016-06-24  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1540
1541         Unreviewed EFL build fix.
1542
1543         There is forward declaration build error on EFL port.
1544
1545         * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp: Include DOMWindow.h and Document.h.
1546
1547 2016-06-23  Brady Eidson  <beidson@apple.com>
1548
1549         Retrieving Blobs from IndexedDB using cursors fails in WK2 (Sandboxing)
1550         https://bugs.webkit.org/show_bug.cgi?id=158991
1551
1552         Reviewed by Alex Christensen.
1553
1554         Test: storage/indexeddb/modern/blob-cursor.html
1555
1556         * platform/network/BlobDataFileReference.cpp:
1557         (WebCore::BlobDataFileReference::startTrackingModifications): Deleted.
1558
1559 2016-06-23  Alex Christensen  <achristensen@webkit.org>
1560
1561         Remove unused didCancelAuthenticationChallenge
1562         https://bugs.webkit.org/show_bug.cgi?id=158819
1563
1564         Reviewed by David Kilzer.
1565
1566         No change in behavior.  This callback was deprecated in Yosemite.  It is never called.
1567
1568         * loader/EmptyClients.h:
1569         * loader/FrameLoaderClient.h:
1570         * loader/ResourceLoadNotifier.cpp:
1571         (WebCore::ResourceLoadNotifier::didCancelAuthenticationChallenge): Deleted.
1572         * loader/ResourceLoadNotifier.h:
1573         * loader/ResourceLoader.cpp:
1574         (WebCore::ResourceLoader::didCancelAuthenticationChallenge): Deleted.
1575         * loader/ResourceLoader.h:
1576         * platform/network/ResourceHandle.h:
1577         * platform/network/ResourceHandleClient.h:
1578         (WebCore::ResourceHandleClient::didCancelAuthenticationChallenge): Deleted.
1579         * platform/network/mac/ResourceHandleMac.mm:
1580         (WebCore::ResourceHandle::didCancelAuthenticationChallenge): Deleted.
1581         * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
1582         (-[WebCoreResourceHandleAsDelegate connection:didCancelAuthenticationChallenge:]): Deleted.
1583         * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
1584         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didCancelAuthenticationChallenge:]): Deleted.
1585         * platform/spi/cocoa/NSURLDownloadSPI.h:
1586
1587 2016-06-23  Anders Carlsson  <andersca@apple.com>
1588
1589         Add "shippingType" to the list of valid payment request properties
1590         https://bugs.webkit.org/show_bug.cgi?id=159079
1591         <rdar://problem/26988429>
1592
1593         Reviewed by Dean Jackson.
1594
1595         * Modules/applepay/ApplePaySession.cpp:
1596         (WebCore::isValidPaymentRequestPropertyName):
1597
1598 2016-06-23  Benjamin Poulain  <benjamin@webkit.org>
1599
1600         Specialize synchronous event tracking per event type
1601         https://bugs.webkit.org/show_bug.cgi?id=158826
1602
1603         Reviewed by Simon Fraser.
1604
1605         First, kudos to Rick Byers for all his helps on passive event dispatch.
1606         The specs are pretty damn good and his help reviewing patches is very useful.
1607
1608         This patch change synchronous event dispatch to happen per event
1609         instead of per sequence touchstart->touchend.
1610
1611         The big advantage of this is we can dispatch more events asynchronously.
1612         For example, to handle a tap programmatically, you can limit the active listener
1613         to the touchend event. The touchstart and touchmove are now dispatched asynchronously.
1614
1615         The implementation is a simple extension to EventTrackingRegions.
1616         Instead of a single synchronous region, we have one region per event type.
1617         When processing the events, we only need to send the events synchronously
1618         if that particular event type has a synchronous region.
1619
1620         Note that EventDispatcher's touch event support already supports
1621         mixing synchronous and asynchronous events. The events are always processed
1622         in order even if asynchronous events are pending when a synchronous dispatch
1623         happens.
1624
1625         Tests: fast/events/touch/ios/tap-with-active-listener-inside-document-with-passive-listener.html
1626                fast/events/touch/ios/tap-with-active-listener-inside-window-with-passive-listener.html
1627                fast/events/touch/ios/tap-with-active-touch-end-listener.html
1628                fast/events/touch/ios/tap-with-passive-listener-inside-active-listener.html
1629                fast/events/touch/ios/tap-with-passive-touch-end-listener.html
1630                fast/events/touch/ios/tap-with-passive-touch-start-active-touch-end-listeners-on-elements.html
1631                fast/events/touch/ios/tap-with-passive-touch-start-active-touch-move-listeners-on-elements.html
1632
1633         * CMakeLists.txt:
1634         * WebCore.xcodeproj/project.pbxproj:
1635         * dom/EventTarget.cpp:
1636         (WebCore::EventTarget::hasActiveTouchEventListeners): Deleted.
1637         * dom/EventTarget.h:
1638         * page/DebugPageOverlays.cpp:
1639         (WebCore::NonFastScrollableRegionOverlay::updateRegion):
1640         * page/Page.cpp:
1641         (WebCore::Page::nonFastScrollableRects):
1642         * page/scrolling/ScrollingCoordinator.cpp:
1643         (WebCore::ScrollingCoordinator::absoluteEventTrackingRegionsForFrame):
1644         * page/scrolling/ScrollingStateFrameScrollingNode.cpp:
1645         (WebCore::ScrollingStateFrameScrollingNode::dumpProperties):
1646         * page/scrolling/ScrollingTree.cpp:
1647         (WebCore::ScrollingTree::shouldHandleWheelEventSynchronously):
1648         (WebCore::ScrollingTree::eventTrackingTypeForPoint):
1649         * page/scrolling/ScrollingTree.h:
1650         * platform/EventTrackingRegions.cpp: Added.
1651         (WebCore::EventTrackingRegions::trackingTypeForPoint):
1652         (WebCore::EventTrackingRegions::isEmpty):
1653         (WebCore::EventTrackingRegions::translate):
1654         (WebCore::EventTrackingRegions::uniteSynchronousRegion):
1655         (WebCore::EventTrackingRegions::unite):
1656         (WebCore::operator==):
1657         * platform/EventTrackingRegions.h:
1658         (WebCore::EventTrackingRegions::isEmpty): Deleted.
1659         (WebCore::EventTrackingRegions::trackingTypeForPoint): Deleted.
1660         (WebCore::operator==): Deleted.
1661
1662 2016-06-23  Simon Fraser  <simon.fraser@apple.com>
1663
1664         More attempting to fix external iOS builds.
1665
1666         * platform/spi/cocoa/QuartzCoreSPI.h:
1667
1668 2016-06-23  Simon Fraser  <simon.fraser@apple.com>
1669
1670         Try to fix the non-internal builds by defining CARenderServerBufferRef.
1671
1672         * platform/spi/cocoa/QuartzCoreSPI.h:
1673
1674 2016-06-23  Simon Fraser  <simon.fraser@apple.com>
1675
1676         [iOS] Make DumpRenderTree and WebKitTestRunner in the simulator use render server snapshotting
1677         https://bugs.webkit.org/show_bug.cgi?id=159077
1678
1679         Reviewed by Tim Horton.
1680
1681         Add CARenderServer SPIs.
1682
1683         Test: fast/harness/snapshot-captures-compositing.html
1684
1685         * platform/spi/cocoa/QuartzCoreSPI.h:
1686
1687 2016-06-23  Brian Burg  <bburg@apple.com>
1688
1689         Web Inspector: add assertions to catch dangling frontends that persist between tests
1690         https://bugs.webkit.org/show_bug.cgi?id=159073
1691
1692         Reviewed by Joseph Pecoraro.
1693
1694         Based on the analysis in https://webkit.org/b/159070, we suspect that some test
1695         flakiness might be caused by dangling frontends from previous test cases. Add an
1696         assertion that should catch any frontends that are attached to the inspected page's
1697         backend. There should never be any frontends connected when a test first starts.
1698
1699         * inspector/InspectorController.cpp:
1700         (WebCore::InspectorController::setIsUnderTest):
1701         * inspector/InspectorController.h:
1702
1703 2016-06-23  Said Abou-Hallawa  <sabouhallawa@apple.com>
1704
1705         requestFrameAnimation() callback timestamp should be very close to Performance.now() 
1706         https://bugs.webkit.org/show_bug.cgi?id=159038
1707
1708         Reviewed by Simon Fraser.
1709
1710         Pass the Performance.now() to requestFrameAnimation() callback. Do not add
1711         the timeUntilOutput which is the difference between outputTime and now since
1712         this addition makes us report a timestamp ahead in the future by almost 33ms.
1713
1714         A new function named "nowTimestamp()" is added to the DOMWindow class. It
1715         calls Performance.now() if WEB_TIMING is enabled, otherwise it calls
1716         monotonicallyIncreasingTime(). The returned timestamp is seconds and it is
1717         relative to the document loading time.
1718
1719         The timestamp passing will be removed all the down till the callers of
1720         ScriptedAnimationController::serviceScriptedAnimations(). The callers will
1721         getting the now timestamp by calling DOMWindow::nowTimestamp().
1722
1723         Tests: animations/animation-callback-timestamp.html
1724                animations/animation-multiple-callbacks-timestamp.html
1725
1726         * dom/Document.cpp:
1727         (WebCore::Document::monotonicTimestamp):
1728         (WebCore::Document::serviceScriptedAnimations):
1729         * dom/Document.h:
1730         * dom/ScriptedAnimationController.cpp:
1731         (WebCore::ScriptedAnimationController::serviceScriptedAnimations):
1732         (WebCore::ScriptedAnimationController::animationTimerFired):
1733         (WebCore::ScriptedAnimationController::displayRefreshFired):
1734         * dom/ScriptedAnimationController.h:
1735         * html/HTMLMediaElement.cpp:
1736         (WebCore::HTMLMediaElement::getVideoPlaybackQuality):
1737         * loader/DocumentLoadTiming.h:
1738         (WebCore::DocumentLoadTiming::referenceWallTime):
1739         * page/DOMWindow.cpp:
1740         (WebCore::DOMWindow::nowTimestamp):
1741         * page/DOMWindow.h:
1742         * page/FrameView.cpp:
1743         (WebCore::FrameView::serviceScriptedAnimations):
1744         * page/FrameView.h:
1745         * platform/graphics/DisplayRefreshMonitor.cpp:
1746         (WebCore::DisplayRefreshMonitor::DisplayRefreshMonitor):
1747         (WebCore::DisplayRefreshMonitor::displayDidRefresh):
1748         * platform/graphics/DisplayRefreshMonitor.h:
1749         (WebCore::DisplayRefreshMonitor::setMonotonicAnimationStartTime): Deleted.
1750         * platform/graphics/DisplayRefreshMonitorClient.cpp:
1751         (WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded):
1752         * platform/graphics/DisplayRefreshMonitorClient.h:
1753         * platform/graphics/GraphicsLayerUpdater.cpp:
1754         (WebCore::GraphicsLayerUpdater::displayRefreshFired):
1755         * platform/graphics/GraphicsLayerUpdater.h:
1756         * platform/graphics/ios/DisplayRefreshMonitorIOS.h:
1757         * platform/graphics/ios/DisplayRefreshMonitorIOS.mm:
1758         (-[WebDisplayLinkHandler handleDisplayLink:]):
1759         (WebCore::DisplayRefreshMonitorIOS::displayLinkFired):
1760         (WebCore::mediaTimeToCurrentTime): Deleted.
1761         * platform/graphics/mac/DisplayRefreshMonitorMac.cpp:
1762         (WebCore::displayLinkCallback):
1763         (WebCore::DisplayRefreshMonitorMac::displayLinkFired):
1764         * platform/graphics/mac/DisplayRefreshMonitorMac.h:
1765         * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
1766         (WebCore::CompositingCoordinator::syncDisplayState):
1767         (WebCore::CompositingCoordinator::nextAnimationServiceTime):
1768
1769 2016-06-23  David Kilzer  <ddkilzer@apple.com>
1770
1771         Remove unused HarfBuzzFaceCoreText.cpp
1772         <https://webkit.org/b/159065>
1773
1774         Reviewed by Myles C. Maxfield.
1775
1776         * platform/graphics/harfbuzz/HarfBuzzFaceCoreText.cpp: Removed.
1777
1778 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
1779
1780         Web Inspector: Memory Timeline sometimes shows impossible value for bmalloc size (underflowed)
1781         https://bugs.webkit.org/show_bug.cgi?id=158110
1782         <rdar://problem/26498584>
1783
1784         Reviewed by Andreas Kling.
1785
1786         IOSurface memory backing Canvas element buffers should be classified as "GC Owned",
1787         but should not be considered a part of bmalloc. In fact, the actual memory cost is
1788         external to the Web Content Process. The majority of extra memory reporters tend
1789         to report extra memory that is also allocated in bmalloc. However, some report
1790         non-bmalloc memory, such as the IOSurfaces here.
1791         
1792         Continue to report the memory cost without changes to inform the Heap for garbage
1793         collection. However, also keep better accounting of GCOwned memory that is external
1794         to the process for better accounting for the Resource Usage overlay and Web Inspector
1795         Memory timeline.
1796         
1797         This is a bit of a game where we want to display the best possible number for
1798         "GCOwned memory" in the tools, but some of that memory shows up in the other
1799         regions (bmalloc, system malloc, etc). Already many sizes are estimates
1800         (ReportExtraMemory, reportExtraMemory ignores small allocations), so we just focus
1801         on getting the largest sources of allocations, such as Canvas IOSurfaces here,
1802         into the right bucket. ResourceUsageThreadCocoa continues to subtract the "extra"
1803         memory from bmalloc. So, we should address other large sources of "extra memory"
1804         not in bmalloc. A likely candidate is HTMLMediaElement which uses the deprecated
1805         reporting right now.
1806
1807         * bindings/scripts/CodeGeneratorJS.pm:
1808         (GenerateImplementation):
1809         * bindings/scripts/IDLAttributes.txt:
1810         Add a way to report External memory, dependent on reporting Extra memory.
1811
1812         * html/HTMLCanvasElement.cpp:
1813         (WebCore::HTMLCanvasElement::externalMemoryCost):
1814         * html/HTMLCanvasElement.h:
1815         * html/HTMLCanvasElement.idl:
1816         Report external memory cost just like extra memory.
1817
1818         * page/ResourceUsageData.cpp:
1819         (WebCore::ResourceUsageData::ResourceUsageData):
1820         * page/ResourceUsageData.h:
1821         (WebCore::MemoryCategoryInfo::totalSize):
1822         * page/cocoa/ResourceUsageOverlayCocoa.mm:
1823         (WebCore::RingBuffer::at):
1824         (WebCore::appendDataToHistory):
1825         (WebCore::ResourceUsageOverlay::platformDraw):
1826         * page/cocoa/ResourceUsageThreadCocoa.mm:
1827         (WebCore::categoryForVMTag):
1828         (WebCore::ResourceUsageThread::platformThreadBody):
1829         Do not count the GCOwned External memory as dirty memory.
1830         Include External memory output in the overlay.
1831
1832         * inspector/InspectorMemoryAgent.cpp:
1833         (WebCore::InspectorMemoryAgent::collectSample):
1834         When sizing the JavaScript portion, include both the GC Owned
1835         category's dirty and external memory. Ultimately we will
1836         want this everywhere in case things change.
1837
1838         * platform/graphics/ImageBuffer.cpp:
1839         (WebCore::memoryCost):
1840         (WebCore::externalMemoryCost):
1841         * platform/graphics/ImageBuffer.h:
1842         * platform/graphics/cg/ImageBufferCG.cpp:
1843         (WebCore::ImageBuffer::memoryCost):
1844         (WebCore::ImageBuffer::externalMemoryCost):
1845         Report IOSurface total bytes as extra memory and external memory
1846         so that it can be tracked as GC Owned memory that is separate from
1847         regular (bmalloc/other) in process memory.
1848
1849 2016-06-23  Alexey Proskuryakov  <ap@apple.com>
1850
1851         Handle (0, 0) ranges from Lookup
1852         https://bugs.webkit.org/show_bug.cgi?id=159062
1853         rdar://problem/26960385
1854
1855         Reviewed by Tim Horton.
1856
1857         * editing/mac/DictionaryLookup.mm: (WebCore::DictionaryLookup::rangeAtHitTestResult):
1858         Paper over <https://bugs.webkit.org/show_bug.cgi?id=159063>, which seems too involved
1859         to fix now.
1860
1861 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
1862
1863         Web Inspector: first heap snapshot taken when a page is reloaded happens before the reload navigation
1864         https://bugs.webkit.org/show_bug.cgi?id=158995
1865         <rdar://problem/26923778>
1866
1867         Reviewed by Brian Burg.
1868
1869         When the "Heap" instrument is included in the Timeline list
1870         of instruments, defer starting it in an auto-capture scenario
1871         until after the page does its first navigation.
1872
1873         AutoCapture on the backend happens when it is enabled at
1874         the main resource starts loading. In that case it proceeds
1875         through the following phases:
1876
1877             No Auto Capture:
1878                 None
1879
1880             Auto Capture:
1881                 BeforeLoad -> FirstNavigation -> AfterFirstNavigation
1882
1883         When toggling instruments for backend initiated capture
1884         most instruments do not care and will just start/stop.
1885
1886         * inspector/InspectorInstrumentation.cpp:
1887         (WebCore::InspectorInstrumentation::didCommitLoadImpl):
1888         Inform the TimelineAgent that the main frame navigated.
1889         Do this after informing the HeapAgent (so any potential
1890         snapshot does not get cleared) and PageAgent (so the
1891         frontend knows the page navigated before the agent starts).
1892
1893         * inspector/InspectorTimelineAgent.h:
1894         * inspector/InspectorTimelineAgent.cpp:
1895         (WebCore::InspectorTimelineAgent::internalStop):
1896         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
1897         (WebCore::InspectorTimelineAgent::mainFrameNavigated):
1898         Update the auto capture phase transitions.
1899
1900         (WebCore::InspectorTimelineAgent::toggleHeapInstrument):
1901         Only start the heap agent during the None phase (console.profile)
1902         or with the first navigation (auto capture page navigation).
1903
1904 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
1905
1906         Web Inspector: Snapshots should be cleared at some point
1907         https://bugs.webkit.org/show_bug.cgi?id=157907
1908         <rdar://problem/26373610>
1909
1910         Reviewed by Timothy Hatcher.
1911
1912         * CMakeLists.txt:
1913         * WebCore.xcodeproj/project.pbxproj:
1914         * inspector/InspectorAllInOne.cpp:
1915         New specialized agent.
1916
1917         * inspector/InspectorController.cpp:
1918         (WebCore::InspectorController::InspectorController):
1919         Construct a specialized HeapAgent.
1920
1921         * inspector/PageHeapAgent.h:
1922         * inspector/PageHeapAgent.cpp:
1923         (WebCore::PageHeapAgent::PageHeapAgent):
1924         (WebCore::PageHeapAgent::enable):
1925         (WebCore::PageHeapAgent::disable):
1926         (WebCore::PageHeapAgent::mainFrameNavigated):
1927         Clear backend snapshots on page navigations.
1928         Set the PageHeapAgent instrumenting agent on enable/disable.
1929
1930         * inspector/InstrumentingAgents.cpp:
1931         (WebCore::InstrumentingAgents::reset):
1932         * inspector/InstrumentingAgents.h:
1933         (WebCore::InstrumentingAgents::pageHeapAgent):
1934         (WebCore::InstrumentingAgents::setPageHeapAgent):
1935         Active PageHeapAgent.
1936
1937         * inspector/InspectorInstrumentation.cpp:
1938         (WebCore::InspectorInstrumentation::didCommitLoadImpl):
1939         Inform the PageHeapAgent when the mainframe navigates.
1940
1941 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
1942
1943         CSSComputedStyleDeclaration::length should recalculate styles if needed to provide the correct value
1944         https://bugs.webkit.org/show_bug.cgi?id=159053
1945         <rdar://problem/26638119>
1946
1947         Reviewed by Simon Fraser.
1948
1949         Test: fast/css/variables/custom-property-computed-style-length-update.html
1950
1951         * css/CSSComputedStyleDeclaration.cpp:
1952         (WebCore::CSSComputedStyleDeclaration::length):
1953
1954 2016-06-23  John Wilander  <wilander@apple.com>
1955
1956         Enable window.open() for existing versions of Secret Society
1957         https://bugs.webkit.org/show_bug.cgi?id=159049
1958         <rdar://problem/26528349>
1959
1960         Reviewed by Andy Estes.
1961
1962         The Secret Society Hidden Mystery app has a broken version check treating iOS 10
1963         as iOS 1 on iPads. Therefore it believes it can use window.open() in a tap
1964         handler. We should allow the existing versions of the app to do this to not break
1965         them.
1966
1967         No new tests. Tested manually in the app.
1968
1969         * page/DOMWindow.cpp:
1970         (WebCore::DOMWindow::allowPopUp):
1971             Now checks with Settings whether it should allow a popup even though it is
1972             not processing a user gesture.
1973         * page/Settings.in:
1974             Added setting allowWindowOpenWithoutUserGesture.
1975         * platform/RuntimeApplicationChecks.h:
1976         * platform/RuntimeApplicationChecks.mm:
1977         (WebCore::IOSApplication::isTheSecretSocietyHiddenMystery):
1978             Added.
1979
1980 2016-06-23  Chris Dumez  <cdumez@apple.com>
1981
1982         Only call sqlite3_initialize() when a SQLite database is actually being opened
1983         https://bugs.webkit.org/show_bug.cgi?id=159033
1984
1985         Reviewed by Brady Eidson.
1986
1987         Only call sqlite3_initialize() when a SQLite database is actually being opened
1988         instead of doing it unconditionally. sqlite3_initialize() was previously called
1989         in the SQLiteDatabase constructor which gets called on WebContent process
1990         initialization because a DatabaseTracker is constructed on initialization and
1991         DatabaseTracker has a SQLiteDatabase data member.
1992
1993         * platform/sql/SQLiteDatabase.cpp:
1994         (WebCore::initializeSQLiteIfNecessary):
1995         (WebCore::SQLiteDatabase::open):
1996         (WebCore::SQLiteDatabase::SQLiteDatabase): Deleted.
1997         * platform/sql/SQLiteDatabase.h:
1998
1999 2016-06-23  Adam Bergkvist  <adam.bergkvist@ericsson.com>
2000
2001         WebRTC: Align 'update ICE connection/gathering state' steps with the WebRTC 1.0 specification
2002         https://bugs.webkit.org/show_bug.cgi?id=159054
2003
2004         Reviewed by Eric Carlson.
2005
2006         Add checks for same state and closed RTCPeerConnection in the 'update ICE connection state'
2007         and 'update ICE gathering state' routines as described in [1].
2008
2009         [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#update-ice-gathering-state
2010
2011         No change in current behavior.
2012
2013         * Modules/mediastream/RTCPeerConnection.cpp:
2014         (WebCore::RTCPeerConnection::updateIceGatheringState):
2015         (WebCore::RTCPeerConnection::updateIceConnectionState):
2016
2017 2016-06-23  Adam Bergkvist  <adam.bergkvist@ericsson.com>
2018
2019         WebRTC: Add support for RTCPeerConnection legacy MediaStream-based API
2020         https://bugs.webkit.org/show_bug.cgi?id=158940
2021
2022         Reviewed by Eric Carlson.
2023
2024         Implement the legacy MediaStream-based RTCPeerConnection API as JS built-ins. The
2025         getRemoteStreams() function and the 'addstream' event are partly implemented with native
2026         code.
2027
2028         Test: fast/mediastream/RTCPeerConnection-legacy-stream-based-api.html
2029
2030         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
2031         (WebCore::MediaEndpointPeerConnection::setRemoteDescriptionTask):
2032         (WebCore::MediaEndpointPeerConnection::getRemoteStreams):
2033         The getRemoteStreams() function and the 'addstream' event is backed up by native code.
2034         * Modules/mediastream/MediaEndpointPeerConnection.h:
2035         * Modules/mediastream/MediaStream.idl:
2036         * Modules/mediastream/PeerConnectionBackend.h:
2037         * Modules/mediastream/RTCPeerConnection.h:
2038         * Modules/mediastream/RTCPeerConnection.idl:
2039         * Modules/mediastream/RTCPeerConnection.js:
2040         (initializeRTCPeerConnection):
2041         (getLocalStreams):
2042         (getRemoteStreams):
2043         (getStreamById):
2044         (addStream):
2045         (removeStream):
2046         Legacy API implemented as JS built-ins.
2047         * bindings/js/JSDOMGlobalObject.cpp:
2048         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
2049         * bindings/js/WebCoreBuiltinNames.h:
2050
2051 2016-06-23  Carlos Garcia Campos  <cgarcia@igalia.com>
2052
2053         Unreviewed. Fix the build with CSS Shapes disabled.
2054
2055         * css/StyleBuilderConverter.h:
2056
2057 2016-06-23  Carlos Garcia Campos  <cgarcia@igalia.com>
2058
2059         [Soup] Clean up SocketStreamHandle soup implementation
2060         https://bugs.webkit.org/show_bug.cgi?id=159024
2061
2062         Reviewed by Žan Doberšek.
2063
2064         Stop using a global HashMap to "acivate"/"deactivate" handles, and just take a reference of the handle and
2065         pass the ownership to the callbacks, using a GCancellable to cancel all async operations.
2066
2067         * platform/network/soup/SocketStreamHandle.h:
2068         (WebCore::SocketStreamHandle::create):
2069         (WebCore::SocketStreamHandle::id): Deleted.
2070         * platform/network/soup/SocketStreamHandleSoup.cpp:
2071         (WebCore::SocketStreamHandle::SocketStreamHandle):
2072         (WebCore::SocketStreamHandle::connected):
2073         (WebCore::SocketStreamHandle::connectedCallback):
2074         (WebCore::SocketStreamHandle::readBytes):
2075         (WebCore::SocketStreamHandle::readReadyCallback):
2076         (WebCore::SocketStreamHandle::didFail):
2077         (WebCore::SocketStreamHandle::platformSend):
2078         (WebCore::SocketStreamHandle::platformClose):
2079         (WebCore::SocketStreamHandle::beginWaitingForSocketWritability):
2080         (WebCore::SocketStreamHandle::writeReadyCallback):
2081         (WebCore::getHandleFromId): Deleted.
2082         (WebCore::deactivateHandle): Deleted.
2083         (WebCore::activateHandle): Deleted.
2084         (WebCore::SocketStreamHandle::~SocketStreamHandle): Deleted.
2085         (WebCore::connectedCallback): Deleted.
2086         (WebCore::readReadyCallback): Deleted.
2087         (WebCore::writeReadyCallback): Deleted.
2088
2089 2016-06-22  Brady Eidson  <beidson@apple.com>
2090
2091         DatabaseProcess doesn't handle WebProcesses going away uncleanly.
2092         https://bugs.webkit.org/show_bug.cgi?id=158894
2093
2094         Reviewed by Alex Christensen.
2095
2096         No new tests (Covered by additions to existing API test).
2097
2098         * Modules/indexeddb/server/IDBConnectionToClient.cpp:
2099         (WebCore::IDBServer::IDBConnectionToClient::registerDatabaseConnection):
2100         (WebCore::IDBServer::IDBConnectionToClient::unregisterDatabaseConnection):
2101         (WebCore::IDBServer::IDBConnectionToClient::connectionToClientClosed):
2102         * Modules/indexeddb/server/IDBConnectionToClient.h:
2103         
2104         * Modules/indexeddb/server/IDBServer.cpp:
2105         (WebCore::IDBServer::IDBServer::unregisterConnection): Call connectionToClientClosed() on
2106           the connection, which cleans up after it in the server.
2107         
2108         * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
2109         (WebCore::IDBServer::UniqueIDBDatabaseConnection::UniqueIDBDatabaseConnection):
2110         (WebCore::IDBServer::UniqueIDBDatabaseConnection::~UniqueIDBDatabaseConnection):
2111
2112 2016-06-22  Benjamin Poulain  <bpoulain@apple.com>
2113
2114         AX: Add support for CSS4 :focus-within pseudo
2115         https://bugs.webkit.org/show_bug.cgi?id=140144
2116
2117         Reviewed by Antti Koivisto.
2118
2119         Tests: fast/css/pseudo-focus-within-basics.html
2120                fast/css/pseudo-focus-within-inside-shadow-dom.html
2121                fast/css/pseudo-focus-within-style-sharing-1.html
2122                fast/css/pseudo-focus-within-style-sharing-2.html
2123                fast/selectors/focus-within-style-update.html
2124
2125         * css/CSSSelector.cpp:
2126         (WebCore::CSSSelector::selectorText):
2127         * css/CSSSelector.h:
2128         * css/SelectorChecker.cpp:
2129         (WebCore::SelectorChecker::checkOne):
2130         * css/SelectorPseudoClassAndCompatibilityElementMap.in:
2131         * cssjit/SelectorCompiler.cpp:
2132         (WebCore::SelectorCompiler::addPseudoClassType):
2133         (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
2134         (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasFocusWithin):
2135         * dom/ContainerNode.cpp:
2136         (WebCore::destroyRenderTreeIfNeeded):
2137         * dom/Element.cpp:
2138         (WebCore::Element::~Element):
2139         (WebCore::Element::setFocus):
2140         (WebCore::Element::unregisterNamedFlowContentElement):
2141         (WebCore::Element::setIsNamedFlowContentElement):
2142         (WebCore::Element::clearIsNamedFlowContentElement):
2143         (WebCore::Element::setStyleAffectedByFocusWithin):
2144         (WebCore::Element::rareDataStyleAffectedByFocusWithin):
2145         (WebCore::Element::rareDataIsNamedFlowContentElement):
2146         * dom/Element.h:
2147         (WebCore::Element::hasFocusWithin):
2148         (WebCore::Element::styleAffectedByFocusWithin):
2149         (WebCore::Element::isNamedFlowContentElement):
2150         (WebCore::Element::setHasFocusWithin):
2151         * dom/ElementRareData.h:
2152         (WebCore::ElementRareData::styleAffectedByFocusWithin):
2153         (WebCore::ElementRareData::setStyleAffectedByFocusWithin):
2154         (WebCore::ElementRareData::isNamedFlowContentElement):
2155         (WebCore::ElementRareData::setIsNamedFlowContentElement):
2156         (WebCore::ElementRareData::ElementRareData):
2157         (WebCore::ElementRareData::resetComputedStyle):
2158         * dom/Node.h:
2159         (WebCore::Node::flagHasFocusWithin):
2160         (WebCore::Node::isNamedFlowContentNode): Deleted.
2161         (WebCore::Node::setIsNamedFlowContentNode): Deleted.
2162         (WebCore::Node::clearIsNamedFlowContentNode): Deleted.
2163         * rendering/RenderNamedFlowThread.cpp:
2164         (WebCore::RenderNamedFlowThread::clearContentElements):
2165         (WebCore::RenderNamedFlowThread::registerNamedFlowContentElement):
2166         (WebCore::RenderNamedFlowThread::unregisterNamedFlowContentElement):
2167         (WebCore::nextNodeInsideContentElement):
2168         * style/RenderTreeUpdater.cpp:
2169         (WebCore::RenderTreeUpdater::updateElementRenderer):
2170         * style/StyleRelations.cpp:
2171         (WebCore::Style::commitRelationsToRenderStyle):
2172         (WebCore::Style::commitRelations):
2173         * style/StyleRelations.h:
2174         * style/StyleSharingResolver.cpp:
2175         (WebCore::Style::SharingResolver::canShareStyleWithElement):
2176
2177 2016-06-22  Oliver Hunt  <oliver@apple.com>
2178
2179         Integrate WebKit's CFURLConnection with App Transport Security
2180         https://bugs.webkit.org/show_bug.cgi?id=159039
2181         <rdar://problem/26953685>
2182
2183         Reviewed by Alex Christensen.
2184
2185         Pass additional options to NSURLConnect initialiser to identify that
2186         this connection is for WebKit content loading.
2187
2188         * platform/network/mac/ResourceHandleMac.mm:
2189         (WebCore::ResourceHandle::createNSURLConnection):
2190
2191 2016-06-20  Jeremy Jones  <jeremyj@apple.com>
2192
2193         Adopt commitPriority to get rid of the 2 AVPL solution for PiP
2194         https://bugs.webkit.org/show_bug.cgi?id=158949
2195         rdar://problem/26867866
2196
2197         Reviewed by Simon Fraser.
2198
2199         No new tests because there is no behavior change. This reverts changes from 
2200         https://bugs.webkit.org/show_bug.cgi?id=158148 and instead uses -[CAContext commitPriority:]
2201         to prevent flicker when moving a layer between contexts. 
2202         commitPriority allows the layer to be added to the destination context before it is 
2203         removed from the source context.
2204
2205         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: remove m_secondaryVideoLayer.
2206         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: ditto
2207         (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenGravity): ditto.
2208         (WebCore::MediaPlayerPrivateAVFoundationObjC::syncTextTrackBounds): ditto.
2209         (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer): ditto.
2210         (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoLayerGravity): ditto.
2211         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: ditto
2212         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): ditto
2213         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: ditto
2214         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers):ditto
2215         * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h: ditto
2216         * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm: ditto
2217         (WebCore::VideoFullscreenLayerManager::setVideoLayer): ditto
2218         (WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer): ditto and adopt commitPriority.
2219         (WebCore::VideoFullscreenLayerManager::setVideoFullscreenFrame): ditto
2220         (WebCore::VideoFullscreenLayerManager::setVideoLayers): Deleted. 
2221         (WebCore::VideoFullscreenLayerManager::didDestroyVideoLayer): remove m_secondaryVideoLayer.
2222         * platform/spi/cocoa/QuartzCoreSPI.h: Add commitPriority.
2223
2224 2016-06-22  Simon Fraser  <simon.fraser@apple.com>
2225
2226         REGRESSION (r201629): Weird button glitching on github.com
2227         https://bugs.webkit.org/show_bug.cgi?id=159031
2228         rdar://problem/26880332
2229
2230         Reviewed by Tim Horton.
2231
2232         r201629 changed the logic slightly when creating an image buffer for a scaled context;
2233         it set the buffer context's scale to the scale in the source context, but this failed
2234         to take into account the rounding up of the buffer size, which the old code did.
2235
2236         Fix by reverting to the old behavior.
2237
2238         Since buffer sizes can only be integral, changed compatibleBufferSize() to return
2239         an IntSize.
2240
2241         Test: fast/backgrounds/scaled-gradient-background.html
2242
2243         * platform/graphics/ImageBuffer.cpp:
2244         (WebCore::ImageBuffer::createCompatibleBuffer):
2245         (WebCore::ImageBuffer::compatibleBufferSize):
2246         * platform/graphics/ImageBuffer.h:
2247         * platform/graphics/IntRect.h:
2248         (WebCore::IntRect::area):
2249         * platform/graphics/IntSize.h:
2250         (WebCore::IntSize::area): Make this return an unsigned.
2251
2252 2016-06-22  Anders Carlsson  <andersca@apple.com>
2253
2254         Inline the last of the Apple Pay WebCore code
2255         https://bugs.webkit.org/show_bug.cgi?id=159032
2256
2257         Reviewed by Tim Horton.
2258
2259         * loader/EmptyClients.cpp:
2260         (WebCore::fillWithEmptyClients):
2261         * page/MainFrame.cpp:
2262         (WebCore::MainFrame::MainFrame):
2263         * page/MainFrame.h:
2264         * page/PageConfiguration.h:
2265         * platform/cocoa/ThemeCocoa.mm:
2266         (WebCore::passKitBundle):
2267         (WebCore::loadPassKitPDFPage):
2268         (WebCore::applePayButtonLogoBlack):
2269         (WebCore::applePayButtonLogoWhite):
2270         (WebCore::drawApplePayButton):
2271         (WebCore::ThemeCocoa::drawNamedImage):
2272
2273 2016-06-22  Anders Carlsson  <andersca@apple.com>
2274
2275         Exception is not thrown when shipping method is an invalid amount
2276         https://bugs.webkit.org/show_bug.cgi?id=159030
2277         rdar://problem/26700413
2278
2279         Reviewed by Tim Horton.
2280
2281         * Modules/applepay/ApplePaySession.cpp:
2282         (WebCore::createShippingMethods):
2283         Bail if createShippingMethod returns Nullopt.
2284
2285         (WebCore::createPaymentRequest):
2286         Bail if createShippingMethods returns Nullopt.
2287
2288 2016-06-22  Anders Carlsson  <andersca@apple.com>
2289
2290         Exception is not thrown when shipping method is an invalid amount
2291         https://bugs.webkit.org/show_bug.cgi?id=159029
2292         rdar://problem/26700413
2293
2294         Reviewed by Tim Horton.
2295
2296         * Modules/applepay/PaymentRequest.h:
2297         Change ShippingMethod::amount to be a signed 64-bit integer.
2298
2299         * Modules/applepay/PaymentRequestValidator.cpp:
2300         (WebCore::PaymentRequestValidator::validate):
2301         Call validateShippingMethods.
2302
2303         (WebCore::PaymentRequestValidator::validateShippingMethods):
2304         Validate all the shipping methods.
2305
2306         (WebCore::PaymentRequestValidator::validateShippingMethod):
2307         Check that the amount is >= 0.
2308
2309         * Modules/applepay/PaymentRequestValidator.h:
2310         Add new members.
2311
2312 2016-06-22  Adam Bergkvist  <adam.bergkvist@ericsson.com>
2313
2314         WebRTC: Add support for the negotiationneeded event in MediaEndpointPeerConnection
2315         https://bugs.webkit.org/show_bug.cgi?id=158985
2316
2317         Reviewed by Eric Carlson.
2318
2319         Implement MediaEndpointPeerConnection's isNegotiationNeeded, markAsNeedingNegotiation and
2320         clearNegotiationNeededState functions. The calls to these functions are already up-to-date.
2321
2322         Test: fast/mediastream/RTCPeerConnection-more-media-to-negotiate.html
2323
2324         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
2325         (WebCore::MediaEndpointPeerConnection::markAsNeedingNegotiation):
2326         * Modules/mediastream/MediaEndpointPeerConnection.h:
2327         * Modules/mediastream/RTCPeerConnection.cpp:
2328         (WebCore::RTCPeerConnection::scheduleNegotiationNeededEvent):
2329
2330 2016-06-22  Adam Bergkvist  <adam.bergkvist@ericsson.com>
2331
2332         WebRTC: Replace RTCPeerConnection custom constructor with a JS built-in constructor
2333         https://bugs.webkit.org/show_bug.cgi?id=158832
2334
2335         Reviewed by Eric Carlson and Youenn Fablet.
2336
2337         Use a JS built-in constructor instead of a custom constructor. This makes it easier to
2338         initialize private fields for functions implemented as JS built-ins. The constructor
2339         behavior is in need of updating, but that is left to a follow-up change [1].
2340
2341         [1] http://webkit.org/b/158936
2342         No change in behavior.
2343
2344         * CMakeLists.txt:
2345         * Modules/mediastream/RTCPeerConnection.cpp:
2346         (WebCore::RTCPeerConnection::create):
2347         (WebCore::RTCPeerConnection::RTCPeerConnection):
2348         (WebCore::RTCPeerConnection::~RTCPeerConnection):
2349         (WebCore::RTCPeerConnection::initializeWith):
2350         * Modules/mediastream/RTCPeerConnection.h:
2351         * Modules/mediastream/RTCPeerConnection.idl:
2352         * Modules/mediastream/RTCPeerConnection.js:
2353         (initializeRTCPeerConnection):
2354         Add JS built-in constructor function.
2355         * WebCore.xcodeproj/project.pbxproj:
2356         * bindings/js/JSRTCPeerConnectionCustom.cpp: Removed.
2357         (WebCore::constructJSRTCPeerConnection): Deleted.
2358
2359 2016-06-22  Youenn Fablet  <youenn@apple.com>
2360
2361         CrossOriginPreflightChecker should call DocumentThreadableLoader preflightFailure instead of didFailLoading
2362         https://bugs.webkit.org/show_bug.cgi?id=158984
2363
2364         Reviewed by Darin Adler.
2365
2366         No change of behavior.
2367
2368         Calling DocumentThreadableLoader preflightFailure instead of didFailLoading for any preflight error case.
2369
2370         * loader/CrossOriginPreflightChecker.cpp:
2371         (WebCore::CrossOriginPreflightChecker::notifyFinished): Directly calling preflightFailure callback.
2372         (WebCore::CrossOriginPreflightChecker::doPreflight): Ditto.
2373         (WebCore::CrossOriginPreflightChecker::handleLoadingFailure): Deleted.
2374         (WebCore::CrossOriginPreflightChecker::redirectReceived): Deleted (should have been removed as part of
2375         https://bugs.webkit.org/show_bug.cgi?id=111008).
2376         * loader/CrossOriginPreflightChecker.h:
2377
2378 2016-06-22  Youenn Fablet  <youennf@gmail.com>
2379
2380         JSDOMIterator forEach should support second optional parameter
2381         https://bugs.webkit.org/show_bug.cgi?id=159020
2382
2383         Reviewed by Chris Dumez.
2384
2385         Covered by beefed up test.
2386
2387         * bindings/js/JSDOMIterator.h:
2388         (WebCore::iteratorForEach): Setting callback thisValue to the second argument passed to forEach.
2389
2390 2016-06-22  Jer Noble  <jer.noble@apple.com>
2391
2392         Media controls stop working after exiting PiP
2393         https://bugs.webkit.org/show_bug.cgi?id=159026
2394         <rdar://problem/26753579>
2395
2396         Reviewed by Eric Carlson.
2397
2398         Do not slave setting WebVideoFullscreenModelVideoElement::setVideoElement() to
2399         WebPlaybackSessionModelVideoElement::setMediaElement(). After all, someone else
2400         (i.e., the media controls) may still be using it.
2401
2402         * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
2403         (WebVideoFullscreenModelVideoElement::setVideoElement): Deleted.
2404         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
2405         (WebVideoFullscreenControllerContext::didCleanupFullscreen):
2406         (WebVideoFullscreenControllerContext::setUpFullscreen):
2407
2408 2016-06-22  Jer Noble  <jer.noble@apple.com>
2409
2410         Update document's isPlayingMedia() state whenever media element's media state changes
2411         https://bugs.webkit.org/show_bug.cgi?id=159018
2412         <rdar://problem/26586630>
2413
2414         Reviewed by Beth Dakin.
2415
2416         The Document can end up with a stale m_mediaState if its own value isn't updated when
2417         its constituent HTMLMediaElement's m_mediaStates change.
2418
2419         * html/HTMLMediaElement.cpp:
2420         (WebCore::HTMLMediaElement::updateMediaState):
2421
2422 2016-06-22  Simon Fraser  <simon.fraser@apple.com>
2423
2424         Crash under GraphicsLayerCA::recursiveCommitChanges() with deep layer trees
2425         https://bugs.webkit.org/show_bug.cgi?id=159023
2426         rdar://problem/25377842
2427
2428         Reviewed by Tim Horton.
2429
2430         Having an on-stack DisplayList::Recorder increased the stack frame size significantly,
2431         causing stack exhaustion with deep layer trees, despite the existing depth check.
2432
2433         Make the Recorder heap-allocated to fix this.
2434
2435         Tested by LayoutTests/compositing//layer-creation/deep-tree.html.
2436
2437         * platform/graphics/ca/GraphicsLayerCA.cpp:
2438         (WebCore::GraphicsLayerCA::recursiveCommitChanges):
2439
2440 2016-06-22  Carlos Garcia Campos  <cgarcia@igalia.com>
2441
2442         [GTK] Add support for variadic parameters to GObject DOM bindings
2443         https://bugs.webkit.org/show_bug.cgi?id=158942
2444
2445         Reviewed by Michael Catanzaro.
2446
2447         Generate code for functions having variadic parameters.
2448
2449         * bindings/scripts/CodeGeneratorGObject.pm:
2450         (GenerateFunction):
2451         (SkipFunction):
2452         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2453         (webkit_dom_test_obj_variadic_string_method):
2454         * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
2455
2456 2016-06-21  Benjamin Poulain  <bpoulain@apple.com>
2457
2458         :hover CSS pseudo-class sometimes keeps matching ever after mouse has left the element
2459         https://bugs.webkit.org/show_bug.cgi?id=158340
2460
2461         Reviewed by Simon Fraser.
2462
2463         When removing a hovered subtree from the document, we were getting
2464         into an inconsistent state where m_hoveredElement is in the detached
2465         subtree and we have no way of clearing the existing IsHovered flags.
2466
2467         What happens is:
2468         -The root "a" has an child "b" that is hovered.
2469         -"a" starts being removed from the tree, its renderer is destroyed.
2470         -RenderTreeUpdater::tearDownRenderers() pushes "a" on the teardownStack
2471          and calls hoveredElementDidDetach().
2472         -hoveredElementDidDetach() is called with "a". "a" is not the hovered
2473          element, the function does nothing.
2474         -RenderTreeUpdater::tearDownRenderers() pushes "b" on the teardownStack
2475          and calls hoveredElementDidDetach().
2476         -hoveredElementDidDetach() is called with "b". The next parent with a renderer
2477          is "a", m_hoveredElement is set to "a".
2478         -"a"'s parent is set to nullptr.
2479
2480         -> We have a m_hoveredElement on the root of a detached tree, making
2481            it impossible to clear the real dirty tree.
2482
2483         This patch changes the order in which we clear the flags.
2484         It is done in the order in which we clear the renderers to ensure
2485         the last element with a dead renderer is the last to update m_hoveredElement.
2486
2487         Tests: fast/css/ancestor-of-hovered-element-detached.html
2488                fast/css/ancestor-of-hovered-element-removed.html
2489
2490         * Source/WebCore/style/RenderTreeUpdater.cpp:
2491
2492 2016-06-21  Youenn Fablet  <youennf@gmail.com>
2493
2494         [Fetch API] Rename 'origin-only' referrer policy to 'origin'
2495         https://bugs.webkit.org/show_bug.cgi?id=158982
2496
2497         Reviewed by Alex Christensen.
2498
2499         Covered by updated tests.
2500
2501         * Modules/fetch/FetchRequest.cpp:
2502         (WebCore::setReferrerPolicy): Renaming origin-only to origin.
2503         * Modules/fetch/FetchRequest.idl: Ditto.
2504         * loader/FetchOptions.h: Ditto.
2505
2506 2016-06-21  Chris Dumez  <cdumez@apple.com>
2507
2508         Let the compiler generate the move constructor and assignment operator for ScriptExecutionContext::Task
2509         https://bugs.webkit.org/show_bug.cgi?id=159013
2510
2511         Reviewed by Brady Eidson.
2512
2513         Let the compiler generate the move constructor and assignment operator for
2514         ScriptExecutionContext::Task. We previously manually defined the move
2515         constructor but there is no need as it doesn't do anything special.
2516
2517         * dom/ScriptExecutionContext.h:
2518
2519 2016-06-21  Dean Jackson  <dino@apple.com>
2520
2521         DumpRenderTree crashed in com.apple.WebCore: WebCore::HTMLSelectElement::updateSelectedState
2522         https://bugs.webkit.org/show_bug.cgi?id=159009
2523         <rdar://problem/23454623>
2524
2525         Reviewed by Jon Lee.
2526
2527         It seems we can get bogus indices from UIKit's implementation
2528         of UIWebSelectMultiplePicker. Guard against this situation.
2529
2530         Covered by running the existing tests in WebKit1 with Guard Malloc,
2531         such as fast/spatial-navigation/snav-multiple-select-optgroup.html
2532
2533         * html/HTMLSelectElement.cpp:
2534         (WebCore::HTMLSelectElement::updateSelectedState): Early return
2535         if we get an index out of range.
2536
2537 2016-06-21  Chris Dumez  <cdumez@apple.com>
2538
2539         Pass ScriptExecutionContext::Task as rvalue reference
2540         https://bugs.webkit.org/show_bug.cgi?id=159007
2541
2542         Reviewed by Anders Carlsson.
2543
2544         Pass ScriptExecutionContext::Task as rvalue reference since its non-copyable
2545         and has to be moved in.
2546
2547         * workers/WorkerLoaderProxy.h:
2548         * workers/WorkerMessagingProxy.cpp:
2549         (WebCore::WorkerMessagingProxy::postTaskToLoader):
2550         (WebCore::WorkerMessagingProxy::postTaskForModeToWorkerGlobalScope):
2551         * workers/WorkerMessagingProxy.h:
2552         * workers/WorkerRunLoop.cpp:
2553         (WebCore::WorkerRunLoop::postTask):
2554         (WebCore::WorkerRunLoop::postTaskAndTerminate):
2555         (WebCore::WorkerRunLoop::postTaskForMode):
2556         (WebCore::WorkerRunLoop::Task::Task):
2557         * workers/WorkerRunLoop.h:
2558
2559 2016-06-21  Anders Carlsson  <andersca@apple.com>
2560
2561         Include IdentifierInlines.h.
2562
2563         * bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp:
2564
2565 2016-06-21  Anders Carlsson  <andersca@apple.com>
2566
2567         Add PaymentHeaders.h file.
2568
2569         * Modules/applepay/PaymentHeaders.h: Added.
2570         * WebCore.xcodeproj/project.pbxproj:
2571
2572 2016-06-21  Anders Carlsson  <andersca@apple.com>
2573
2574         Make a bunch of Apple Pay headers private instead of project.
2575
2576         * WebCore.xcodeproj/project.pbxproj:
2577
2578 2016-06-21  Anders Carlsson  <andersca@apple.com>
2579
2580         Move the last Apple Pay WebCore files to the open source repository
2581         https://bugs.webkit.org/show_bug.cgi?id=159005
2582
2583         Reviewed by Tim Horton.
2584
2585         * DerivedSources.make:
2586         * Modules/applepay/ApplePayPaymentAuthorizedEvent.cpp: Added.
2587         * Modules/applepay/ApplePayPaymentAuthorizedEvent.h: Added.
2588         * Modules/applepay/ApplePayPaymentAuthorizedEvent.idl: Added.
2589         * Modules/applepay/ApplePayPaymentMethodSelectedEvent.cpp: Added.
2590         * Modules/applepay/ApplePayPaymentMethodSelectedEvent.h: Added.
2591         * Modules/applepay/ApplePayPaymentMethodSelectedEvent.idl: Added.
2592         * Modules/applepay/ApplePaySession.cpp: Added.
2593         * Modules/applepay/ApplePaySession.h: Added.
2594         * Modules/applepay/ApplePaySession.idl: Added.
2595         * Modules/applepay/ApplePayShippingContactSelectedEvent.cpp: Added.
2596         * Modules/applepay/ApplePayShippingContactSelectedEvent.h: Added.
2597         * Modules/applepay/ApplePayShippingContactSelectedEvent.idl: Added.
2598         * Modules/applepay/ApplePayShippingMethodSelectedEvent.cpp: Added.
2599         * Modules/applepay/ApplePayShippingMethodSelectedEvent.h: Added.
2600         * Modules/applepay/ApplePayShippingMethodSelectedEvent.idl: Added.
2601         * Modules/applepay/ApplePayValidateMerchantEvent.cpp: Added.
2602         * Modules/applepay/ApplePayValidateMerchantEvent.h: Added.
2603         * Modules/applepay/ApplePayValidateMerchantEvent.idl: Added.
2604         * Modules/applepay/Payment.h: Added.
2605         * Modules/applepay/PaymentAuthorizationStatus.h: Added.
2606         * Modules/applepay/PaymentContact.h: Added.
2607         * Modules/applepay/PaymentMerchantSession.h: Added.
2608         * Modules/applepay/PaymentMethod.h: Added.
2609         * Modules/applepay/PaymentRequestValidator.cpp: Added.
2610         * Modules/applepay/PaymentRequestValidator.h: Added.
2611         * Modules/applepay/cocoa/PaymentContactCocoa.mm: Added.
2612         * Modules/applepay/cocoa/PaymentMethodCocoa.mm: Added.
2613         * WebCore.xcodeproj/project.pbxproj:
2614         * bindings/js/JSApplePayPaymentAuthorizedEventCustom.cpp: Added.
2615         * bindings/js/JSApplePayPaymentMethodSelectedEventCustom.cpp: Added.
2616         * bindings/js/JSApplePaySessionCustom.cpp: Added.
2617         * bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp: Added.
2618         * bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp: Added.
2619         * dom/EventNames.in:
2620         * dom/EventTargetFactory.in:
2621
2622 2016-06-21  Anders Carlsson  <andersca@apple.com>
2623
2624         Fix build.
2625
2626         * Configurations/FeatureDefines.xcconfig:
2627
2628 2016-06-21  Jiewen Tan  <jiewen_tan@apple.com>
2629
2630         Unreviewed, rolling out r202302, r202303, r202305, and
2631         r202306.
2632
2633         Roll out the rollouts because of breaking the build.
2634
2635         Reverted changesets:
2636
2637         "Unreviewed, rolling out r200678."
2638         https://bugs.webkit.org/show_bug.cgi?id=157453
2639         http://trac.webkit.org/changeset/202302
2640
2641         "Unreviewed, rolling out r200619."
2642         https://bugs.webkit.org/show_bug.cgi?id=131443
2643         http://trac.webkit.org/changeset/202303
2644
2645         "Unreviewed, attempt to fix the build after r202303."
2646         http://trac.webkit.org/changeset/202305
2647
2648         "Unreviewed, attempt to fix the build after r202303."
2649         http://trac.webkit.org/changeset/202306
2650
2651 2016-06-21  Chris Dumez  <cdumez@apple.com>
2652
2653         Unreviewed, attempt to fix the build after r202303.
2654
2655         * bindings/js/JSDOMIterator.h:
2656         (WebCore::IteratorInspector::decltype):
2657         (WebCore::IteratorInspector::test):
2658
2659 2016-06-21  Chris Dumez  <cdumez@apple.com>
2660
2661         Unreviewed, attempt to fix the build after r202303.
2662
2663         * bindings/js/JSDOMIterator.h:
2664         (WebCore::toJS):
2665
2666 2016-06-21  Jiewen Tan  <jiewen_tan@apple.com>
2667
2668         Unreviewed, rolling out r200619.
2669
2670         This incompleted feature broke http://m.yahoo.co.jp. Roll it
2671         out together with r200678.
2672
2673         Reverted changeset:
2674
2675         "NodeList should be iterable"
2676         https://bugs.webkit.org/show_bug.cgi?id=131443
2677         http://trac.webkit.org/changeset/200619
2678
2679 2016-06-21  Jiewen Tan  <jiewen_tan@apple.com>
2680
2681         Unreviewed, rolling out r200678.
2682
2683         This incompleted feature broke http://m.yahoo.co.jp. Roll it
2684         out together with r200619.
2685
2686         Reverted changeset:
2687
2688         "Ensure DOM iterators remain done"
2689         https://bugs.webkit.org/show_bug.cgi?id=157453
2690         http://trac.webkit.org/changeset/200678
2691
2692 2016-06-21  Anders Carlsson  <andersca@apple.com>
2693
2694         Begin moving the Apple Pay code to the open source repository
2695         https://bugs.webkit.org/show_bug.cgi?id=158998
2696
2697         Reviewed by Tim Horton.
2698
2699         * Configurations/FeatureDefines.xcconfig:
2700         Add ENABLE_APPLE_PAY.
2701
2702         * Modules/applepay/PaymentCoordinator.cpp: Added.
2703         * Modules/applepay/PaymentCoordinator.h: Added.
2704         * Modules/applepay/PaymentCoordinatorClient.h: Added.
2705         * Modules/applepay/PaymentRequest.cpp: Added.
2706         * Modules/applepay/PaymentRequest.h: Added.
2707         * Modules/applepay/cocoa/PaymentCocoa.mm: Added.
2708         * WebCore.xcodeproj/project.pbxproj:
2709         Add new files.
2710
2711         * dom/EventNames.h:
2712         Add new event names.
2713
2714         * page/MainFrame.h:
2715         Use a forward declaration.
2716
2717 2016-06-21  Said Abou-Hallawa  <sabouhallawa@apple,com>
2718
2719         Add system tracing points for requestAnimationFrame() workflow
2720         https://bugs.webkit.org/show_bug.cgi?id=158723
2721
2722         Reviewed by Simon Fraser.
2723
2724         Add trace points for requestAnimationFrame().
2725
2726         * dom/ScriptedAnimationController.cpp:
2727         (WebCore::ScriptedAnimationController::requestAnimationFrameEnabled):
2728         (WebCore::ScriptedAnimationController::serviceScriptedAnimations):
2729         (WebCore::ScriptedAnimationController::windowScreenDidChange):
2730         (WebCore::ScriptedAnimationController::scheduleAnimation):
2731         * dom/ScriptedAnimationController.h:
2732         * platform/graphics/ios/DisplayRefreshMonitorIOS.mm:
2733         (WebCore::DisplayRefreshMonitorIOS::requestRefreshCallback):
2734         (WebCore::DisplayRefreshMonitorIOS::displayLinkFired):
2735
2736 2016-06-20  Simon Fraser  <simon.fraser@apple.com>
2737
2738         [iOS] Typing text into a text field or text area causes screen to scroll down (hiding text entry)
2739         https://bugs.webkit.org/show_bug.cgi?id=158970
2740
2741         Reviewed by Ryosuke Niwa.
2742
2743         insertTextWithoutSendingTextEvent() should only reveal the selection up to the main frame on iOS,
2744         since the UI process can zoom and scroll the view to the text input.
2745
2746         Test: fast/forms/ios/typing-in-input-in-iframe.html
2747
2748         * editing/Editor.cpp:
2749         (WebCore::Editor::insertTextWithoutSendingTextEvent):
2750
2751 2016-06-21  Adam Bergkvist  <adam.bergkvist@ericsson.com>
2752
2753         WebRTC: Remove unused MediaEndpointClient::gotRemoteSource function
2754         https://bugs.webkit.org/show_bug.cgi?id=158986
2755
2756         Reviewed by Eric Carlson.
2757
2758         Remote sources are explicitly created with MediaEndpoint::createMutedRemoteSource so the
2759         MediaEndpointClient::gotRemoteSource can be removed.
2760
2761         No change in behavior.
2762
2763         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
2764         (WebCore::MediaEndpointPeerConnection::gotRemoteSource): Deleted.
2765         * Modules/mediastream/MediaEndpointPeerConnection.h:
2766         * platform/mediastream/MediaEndpoint.h:
2767
2768 2016-06-20  Simon Fraser  <simon.fraser@apple.com>
2769
2770         Focus event dispatched in iframe causes parent document to scroll incorrectly
2771         https://bugs.webkit.org/show_bug.cgi?id=158629
2772         rdar://problem/26521616
2773
2774         Reviewed by Tim Horton.
2775
2776         When focussing elements in iframes, the page could scroll to an incorrect location.
2777         This happened because code in Element::focus() tried to disable scrolling on focus,
2778         but did so only for the current frame, so ancestor frames got programmatically scrolled.
2779         On iOS we handle the scrolling in the UI process, so never want the web process to
2780         do programmatic scrolling.
2781
2782         Fix by changing the focus and cache restore code to use SelectionRevealMode::DoNotReveal,
2783         rather than manually prohibiting frame scrolling. Pass SelectionRevealMode through various callers,
2784         and use RevealUpToMainFrame for iOS, allowing the UI process to do the zoomToRect: for the main frame.
2785
2786         Tests: fast/forms/ios/focus-input-in-iframe.html
2787                fast/forms/ios/programmatic-focus-input-in-iframe.html
2788
2789         * dom/Document.h:
2790         * dom/Element.cpp:
2791         (WebCore::Element::scrollIntoView):
2792         (WebCore::Element::scrollIntoViewIfNeeded):
2793         (WebCore::Element::scrollIntoViewIfNotVisible):
2794         (WebCore::Element::focus):
2795         (WebCore::Element::updateFocusAppearance):
2796         * dom/Element.h:
2797         * editing/Editor.cpp:
2798         (WebCore::Editor::insertTextWithoutSendingTextEvent):
2799         (WebCore::Editor::revealSelectionAfterEditingOperation):
2800         (WebCore::Editor::findStringAndScrollToVisible):
2801         * editing/FrameSelection.cpp:
2802         (WebCore::FrameSelection::updateAndRevealSelection):
2803         (WebCore::FrameSelection::revealSelection):
2804         (WebCore::FrameSelection::FrameSelection): Deleted.
2805         * editing/FrameSelection.h:
2806         * html/HTMLInputElement.cpp:
2807         (WebCore::HTMLInputElement::updateFocusAppearance):
2808         * html/HTMLTextAreaElement.cpp:
2809         (WebCore::HTMLTextAreaElement::updateFocusAppearance):
2810         * page/ContextMenuController.cpp:
2811         (WebCore::ContextMenuController::contextMenuItemSelected):
2812         * page/FrameView.cpp:
2813         (WebCore::FrameView::scrollToAnchor):
2814         * rendering/RenderLayer.cpp:
2815         (WebCore::RenderLayer::scrollRectToVisible):
2816         (WebCore::RenderLayer::autoscroll):
2817         * rendering/RenderLayer.h:
2818         * rendering/RenderObject.cpp:
2819         (WebCore::RenderObject::scrollRectToVisible):
2820         * rendering/RenderObject.h:
2821
2822 2016-06-21  Frederic Wang  <fwang@igalia.com>
2823
2824         Implement RenderMathMLOperator::layoutBlock
2825         https://bugs.webkit.org/show_bug.cgi?id=157521
2826
2827         Reviewed by Brent Fulgham.
2828
2829         No new tests, already covered by existing tests.
2830
2831         Add an initial implementation of RenderMathMLOperator::layoutBlock, which will perform
2832         special layout when the MathOperator is used. We also improved how the logical height is
2833         calculated and avoid updating the style when stretchTo is called.
2834
2835         * rendering/mathml/RenderMathMLOperator.cpp:
2836         (WebCore::RenderMathMLOperator::stretchTo):
2837         (WebCore::RenderMathMLOperator::layoutBlock):
2838         (WebCore::RenderMathMLOperator::computeLogicalHeight): Deleted.
2839         * rendering/mathml/RenderMathMLOperator.h:
2840
2841 2016-06-21  Chris Dumez  <cdumez@apple.com>
2842
2843         Unreviewed, roll out r202268 as it looks like it was a ~50% regression on Dromaeo DOM Core
2844
2845         * bindings/scripts/CodeGeneratorJS.pm:
2846         (GenerateImplementation):
2847         (GeneratePrototypeDeclaration):
2848         * bindings/scripts/test/JS/JSInterfaceName.cpp:
2849         (WebCore::JSInterfaceNamePrototype::finishCreation):
2850         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
2851         (WebCore::JSTestActiveDOMObjectPrototype::finishCreation):
2852         (WebCore::JSTestActiveDOMObject::createPrototype): Deleted.
2853         (WebCore::JSTestActiveDOMObject::prototype): Deleted.
2854         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
2855         (WebCore::JSTestClassWithJSBuiltinConstructorPrototype::finishCreation):
2856         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
2857         (WebCore::JSTestCustomConstructorWithNoInterfaceObjectPrototype::finishCreation):
2858         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
2859         (WebCore::JSTestCustomNamedGetterPrototype::finishCreation):
2860         (WebCore::JSTestCustomNamedGetter::JSTestCustomNamedGetter): Deleted.
2861         (WebCore::JSTestCustomNamedGetter::createPrototype): Deleted.
2862         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
2863         (WebCore::JSTestEventConstructorPrototype::finishCreation):
2864         (WebCore::JSTestEventConstructor::createPrototype): Deleted.
2865         (WebCore::JSTestEventConstructor::prototype): Deleted.
2866         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
2867         (WebCore::JSTestEventTargetPrototype::finishCreation):
2868         (WebCore::JSTestEventTarget::JSTestEventTarget): Deleted.
2869         (WebCore::JSTestEventTarget::createPrototype): Deleted.
2870         * bindings/scripts/test/JS/JSTestException.cpp:
2871         (WebCore::JSTestExceptionPrototype::finishCreation):
2872         * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
2873         (WebCore::JSTestGenerateIsReachablePrototype::finishCreation):
2874         * bindings/scripts/test/JS/JSTestInterface.cpp:
2875         (WebCore::JSTestInterfacePrototype::finishCreation):
2876         (WebCore::jsTestInterfaceImplementsStr2): Deleted.
2877         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
2878         (WebCore::JSTestJSBuiltinConstructorPrototype::finishCreation):
2879         (WebCore::JSTestJSBuiltinConstructor::JSTestJSBuiltinConstructor): Deleted.
2880         (WebCore::JSTestJSBuiltinConstructor::createPrototype): Deleted.
2881         (WebCore::JSTestJSBuiltinConstructor::destroy): Deleted.
2882         (WebCore::jsTestJSBuiltinConstructorTestAttributeCustom): Deleted.
2883         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
2884         (WebCore::JSTestMediaQueryListListenerPrototype::finishCreation):
2885         (WebCore::JSTestMediaQueryListListener::JSTestMediaQueryListListener): Deleted.
2886         (WebCore::JSTestMediaQueryListListener::createPrototype): Deleted.
2887         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
2888         (WebCore::JSTestNamedConstructorPrototype::finishCreation):
2889         * bindings/scripts/test/JS/JSTestNode.cpp:
2890         (WebCore::JSTestNodePrototype::finishCreation):
2891         (WebCore::JSTestNode::JSTestNode): Deleted.
2892         (WebCore::JSTestNode::prototype): Deleted.
2893         (WebCore::jsTestNodeName): Deleted.
2894         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
2895         (WebCore::JSTestNondeterministicPrototype::finishCreation):
2896         (WebCore::JSTestNondeterministic::JSTestNondeterministic): Deleted.
2897         (WebCore::JSTestNondeterministic::prototype): Deleted.
2898         (WebCore::JSTestNondeterministic::destroy): Deleted.
2899         * bindings/scripts/test/JS/JSTestObj.cpp:
2900         (WebCore::JSTestObjPrototype::finishCreation):
2901         (WebCore::JSTestObj::JSTestObj): Deleted.
2902         (WebCore::JSTestObj::createPrototype): Deleted.
2903         (WebCore::JSTestObj::prototype): Deleted.
2904         (WebCore::JSTestObj::destroy): Deleted.
2905         (WebCore::JSTestObj::getOwnPropertySlot): Deleted.
2906         (WebCore::JSTestObj::getOwnPropertySlotByIndex): Deleted.
2907         (WebCore::jsTestObjReadOnlyLongAttr): Deleted.
2908         (WebCore::jsTestObjReadOnlyStringAttr): Deleted.
2909         (WebCore::jsTestObjReadOnlyTestObjAttr): Deleted.
2910         (WebCore::jsTestObjConstructorStaticReadOnlyLongAttr): Deleted.
2911         (WebCore::jsTestObjConstructorStaticStringAttr): Deleted.
2912         (WebCore::jsTestObjConstructorTestSubObj): Deleted.
2913         (WebCore::jsTestObjTestSubObjEnabledBySettingConstructor): Deleted.
2914         (WebCore::jsTestObjEnumAttr): Deleted.
2915         (WebCore::jsTestObjByteAttr): Deleted.
2916         (WebCore::jsTestObjOctetAttr): Deleted.
2917         (WebCore::jsTestObjShortAttr): Deleted.
2918         (WebCore::jsTestObjClampedShortAttr): Deleted.
2919         (WebCore::jsTestObjEnforceRangeShortAttr): Deleted.
2920         (WebCore::jsTestObjUnsignedShortAttr): Deleted.
2921         (WebCore::jsTestObjLongAttr): Deleted.
2922         (WebCore::jsTestObjLongLongAttr): Deleted.
2923         (WebCore::jsTestObjReflectedCustomBooleanAttr): Deleted.
2924         (WebCore::jsTestObjReflectedCustomURLAttr): Deleted.
2925         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
2926         (WebCore::JSTestOverloadedConstructorsPrototype::finishCreation):
2927         * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
2928         (WebCore::JSTestOverrideBuiltinsPrototype::finishCreation):
2929         (WebCore::JSTestOverrideBuiltins::JSTestOverrideBuiltins): Deleted.
2930         (WebCore::JSTestOverrideBuiltins::createPrototype): Deleted.
2931         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
2932         (WebCore::JSTestSerializedScriptValueInterfacePrototype::finishCreation):
2933         (WebCore::JSTestSerializedScriptValueInterface::JSTestSerializedScriptValueInterface): Deleted.
2934         (WebCore::JSTestSerializedScriptValueInterface::prototype): Deleted.
2935         (WebCore::JSTestSerializedScriptValueInterface::destroy): Deleted.
2936         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
2937         (WebCore::JSTestTypedefsPrototype::finishCreation):
2938         (WebCore::JSTestTypedefs::JSTestTypedefs): Deleted.
2939         (WebCore::JSTestTypedefs::createPrototype): Deleted.
2940         (WebCore::JSTestTypedefs::prototype): Deleted.
2941         (WebCore::JSTestTypedefs::destroy): Deleted.
2942         (WebCore::jsTestTypedefsUnsignedLongLongAttr): Deleted.
2943         (WebCore::jsTestTypedefsImmutableSerializedScriptValue): Deleted.
2944         (WebCore::jsTestTypedefsAttrWithGetterException): Deleted.
2945         * bindings/scripts/test/JS/JSattribute.cpp:
2946         (WebCore::JSattributePrototype::finishCreation):
2947         * bindings/scripts/test/JS/JSreadonly.cpp:
2948         (WebCore::JSreadonlyPrototype::finishCreation):
2949
2950 2016-06-21  Keith Miller  <keith_miller@apple.com>
2951
2952         It should be easy to add a private global helper function for builtins
2953         https://bugs.webkit.org/show_bug.cgi?id=158893
2954
2955         Reviewed by Mark Lam.
2956
2957         Add JSCJSValueInlines.h to fix build issues.
2958
2959         * platform/mock/mediasource/MockBox.cpp:
2960
2961 2016-06-21  Amir Alavi  <aalavi@apple.com>
2962
2963         Upstream WKHTTPCookiesForURL from WebKitSystemInterface to OpenSource
2964         https://bugs.webkit.org/show_bug.cgi?id=158967
2965
2966         Reviewed by Brent Fulgham.
2967
2968         * platform/ios/WebCoreSystemInterfaceIOS.mm:
2969         * platform/mac/WebCoreSystemInterface.h:
2970         * platform/mac/WebCoreSystemInterface.mm:
2971         * platform/network/mac/CookieJarMac.mm:
2972         (WebCore::httpCookiesForURL): Upstreamed from WebKitSystemInterface.
2973         (WebCore::cookiesForURL): Changed to call httpCookiesForURL.
2974         (WebCore::deleteCookie): Ditto.
2975         * platform/spi/cf/CFNetworkSPI.h:
2976
2977 2016-06-21  Chris Dumez  <cdumez@apple.com>
2978
2979         Unreviewed, rolling out r202231.
2980
2981         Seems to have regressed PLT on both iOS and Mac (very obvious
2982         on iOS Warm PLT)
2983
2984         Reverted changeset:
2985
2986         "When navigating, discard decoded image data that is only live
2987         due to page cache."
2988         https://bugs.webkit.org/show_bug.cgi?id=158941
2989         http://trac.webkit.org/changeset/202231
2990
2991 2016-06-21  Youenn Fablet  <youennf@gmail.com>
2992
2993         Add bindings generator support to add a native JS function to both a 'name' and a private '@name' slot
2994         https://bugs.webkit.org/show_bug.cgi?id=158777
2995
2996         Reviewed by Eric Carlson.
2997
2998         Adding a new PublicIdentifier keyword to cover the case of the same function exposed publicly and privately.
2999         Renaming Private keyword to PrivateIdentifier.
3000         Functions exposed both publicly and privately should set both keywords.
3001         By default, functions are publically exposed.
3002
3003         Updated binding generator to generate public exposure except if PrivateIdentifer is set and PublicIdentifier is
3004         not set.
3005
3006         Keeping skipping of ObjC/GObject binding for PrivateIdentifier-only functions.
3007
3008         Covered by rebased binding tests.
3009
3010         * Modules/fetch/FetchHeaders.idl:
3011         * Modules/fetch/FetchResponse.idl:
3012         * Modules/mediastream/MediaDevices.idl:
3013         * Modules/mediastream/RTCPeerConnection.idl:
3014         * bindings/scripts/CodeGeneratorGObject.pm:
3015         (SkipFunction):
3016         * bindings/scripts/CodeGeneratorJS.pm:
3017         (GeneratePropertiesHashTable):
3018         (GenerateImplementation):
3019         * bindings/scripts/CodeGeneratorObjC.pm:
3020         (SkipFunction):
3021         * bindings/scripts/IDLAttributes.txt:
3022         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
3023         (webkit_dom_test_obj_private_also_method):
3024         * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
3025         * bindings/scripts/test/JS/JSTestObj.cpp:
3026         (WebCore::JSTestObjPrototype::finishCreation):
3027         (WebCore::jsTestObjPrototypeFunctionPrivateMethod):
3028         (WebCore::jsTestObjPrototypeFunctionPrivateAlsoMethod):
3029         * bindings/scripts/test/ObjC/DOMTestObj.h:
3030         * bindings/scripts/test/ObjC/DOMTestObj.mm:
3031         (-[DOMTestObj privateAlsoMethod:]):
3032         * bindings/scripts/test/TestObj.idl:
3033
3034 2016-06-21  Dan Bernstein  <mitz@apple.com>
3035
3036         Inlined some picture-in-picture code.
3037         https://bugs.webkit.org/show_bug.cgi?id=158977
3038
3039         Reviewed by Eric Carlsson.
3040
3041         This code was written primarily by Ada Chan, and originally reviewed by Alex Christensen,
3042         Anders Carlsson, Conrad Shultz, Dan Bernstein, Eric Carlson, Jer Noble, Jeremy Jones,
3043         Jon Lee, Remy Demarest, and Zach Li.
3044
3045         * English.lproj/Localizable.strings:
3046           Updated using update-webkit-localizable-strings.
3047
3048         * Modules/mediacontrols/mediaControlsApple.css:
3049         (video:-webkit-full-screen::-webkit-media-controls-panel .picture-in-picture-button):
3050
3051         * Modules/mediacontrols/mediaControlsApple.js:
3052         (Controller.prototype.configureFullScreenControls):
3053
3054         * WebCore.xcodeproj/project.pbxproj: Added PIPSPI.h.
3055
3056         * html/HTMLMediaElement.cpp: Inlined code from HTMLMediaElementAdditions.cpp.
3057
3058         * html/HTMLVideoElement.cpp: Inlined code from HTMLVideoElementSupportsFullscreenAdditions.cpp.
3059
3060         * platform/LocalizedStrings.cpp:
3061         (WebCore::contextMenuItemTagEnterVideoEnhancedFullscreen): Brought in from ContextMenuLocalizedStringsAdditions.cpp.
3062         (WebCore::contextMenuItemTagExitVideoEnhancedFullscreen): Ditto.
3063         (WebCore::AXARIAContentGroupText): Made updates that should have been part of r198543.
3064
3065         * platform/mac/WebVideoFullscreenInterfaceMac.h: Removed USE(APPLE_INTERNAL_SDK) guards.
3066         * platform/mac/WebVideoFullscreenInterfaceMac.mm: Inlined WebVideoFullscreenInterfaceMacAdditions.mm.
3067
3068         * platform/spi/mac/PIPSPI.h: Added.
3069
3070         * rendering/HitTestResult.cpp: Inlined HitTestResultAdditions.cpp.
3071
3072         * rendering/RenderThemeMac.mm:
3073         (WebCore::RenderThemeMac::mediaControlsStyleSheet): Removed include of
3074           RenderThemeMacMediaControlsStyleSheetAdditions.mm now that the content is in
3075           mediaControlsApple.css.
3076         (WebCore::RenderThemeMac::mediaControlsScript): Removed include of
3077           RenderThemeMacMediaControlsScriptAdditions.mm now that the content is in mediaControlsApple.js.
3078
3079 2016-06-21  Miguel Gomez  <magomez@igalia.com>
3080
3081         [GStreamer] video orientation support
3082         https://bugs.webkit.org/show_bug.cgi?id=148524
3083
3084         Reviewed by Philippe Normand.
3085
3086         Rotate video frames to follow the orientation metadata in the video file.
3087         When accelerated compositing is disabled, the rotation is performed by a videoflip element added
3088         to the playbin.
3089         When accelerated compositing is enabled, the rotation is peformed by the TextureMapper in response
3090         to a rotation flag set on the frame buffers.
3091
3092         Test: media/video-orientation.html
3093
3094         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
3095         (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
3096         Handle the GST_MESSAGE_TAG message from the bin.
3097         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
3098         Add the videflip element to the bin when accelerated compositing is disabled.
3099         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
3100         (WebCore::GstVideoFrameHolder::GstVideoFrameHolder):
3101         Receive and use extra flags for the TextureMapper.
3102         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
3103         (WebCore::MediaPlayerPrivateGStreamerBase::naturalSize):
3104         When using accelerated compositing, transpose the video size if the rotation is 90 or 270 degrees.
3105         (WebCore::MediaPlayerPrivateGStreamerBase::pushTextureToCompositor):
3106         Add rotation flag to frame holder and layer buffer.
3107         (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
3108         Use rotation flag when requesting the TextureMapper to draw.
3109         (WebCore::MediaPlayerPrivateGStreamerBase::setVideoSourceRotation):
3110         Function to store the video rotation.
3111         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
3112         Add bits to store the video rotation.
3113         * platform/graphics/texmap/TextureMapperGL.cpp:
3114         (WebCore::TextureMapperGL::drawTexturedQuadWithProgram):
3115         Modify the patternTransform according to the rotation flag passed.
3116         * platform/graphics/texmap/TextureMapperGL.h:
3117         Add new flags to handle the video souce rotation.
3118         * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.cpp:
3119         (WebCore::TextureMapperPlatformLayerBuffer::paintToTextureMapper):
3120         Change the drawTexture method used so custom flags can be passed.
3121         * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h:
3122         (WebCore::TextureMapperPlatformLayerBuffer::setExtraFlags):
3123         New method to set TextureMapper flags.
3124
3125 2016-06-20  Frederic Wang  <fwang@igalia.com>
3126
3127         Use the MathOperator to handle some non-stretchy operators
3128         https://bugs.webkit.org/show_bug.cgi?id=157519
3129
3130         Reviewed by Brent Fulgham.
3131
3132         To prepare for the removal of anonymous text node from the render classes of token elements
3133         we use MathOperator to handle two cases where the actual text to display may not be
3134         available in the DOM: mfenced and minus operators. This change removes support for the
3135         case of mfenced operators with multiple characters since that it is not supported by
3136         MathOperator. It is a edge case that is not used in practice since fences and separators are
3137         only made of a single character. However, it would still be possible to duplicate some
3138         code/logic to add it back if that turns out to be necessary.
3139
3140         No new tests, already covered by existing tests.
3141
3142         * rendering/mathml/MathOperator.cpp:
3143         (WebCore::MathOperator::MathOperator): Rename UndefinedOperator.
3144         (WebCore::RenderMathMLOperator::firstLineBaseline): Improve rounding of ascent so that mfenced operators are correctly aligned.
3145         * rendering/mathml/MathOperator.h: Rename UndefinedOperator, since it can now be used to draw non-stretchy operators.
3146         (WebCore::MathOperator::isStretched): Deleted. This function is no longer used by RenderMathMLOperator.
3147         (WebCore::MathOperator::unstretch): Deleted. This function is no longer used by RenderMathMLOperator.
3148         * rendering/mathml/RenderMathMLOperator.cpp:
3149         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Use useMathOperator.
3150         (WebCore::RenderMathMLOperator::rebuildTokenContent): Set the MathOperator when useMathOperator() is true.
3151         When the operator is not likely to stretch we just leave its type as NormalOperator.
3152         (WebCore::RenderMathMLOperator::useMathOperator): Helper function to determine when MathOperator should be used.
3153         (WebCore::RenderMathMLOperator::firstLineBaseline): Use useMathOperator.
3154         (WebCore::RenderMathMLOperator::computeLogicalHeight): Ditto.
3155         (WebCore::RenderMathMLOperator::paint): Ditto.
3156         (WebCore::RenderMathMLOperator::paintChildren): Ditto.
3157         * rendering/mathml/RenderMathMLOperator.h: Declare useMathOperator.
3158
3159 2016-06-19  Gavin & Ellie Barraclough  <barraclough@apple.com>
3160
3161         Don't eagerly reify DOM Prototype properties
3162         https://bugs.webkit.org/show_bug.cgi?id=158557
3163
3164         Reviewed by Andreas Kling.
3165
3166         We were eagerly reifying these properties to avoid virtualizing getOwnPropertySlot,
3167         but since bug #158059 this does not require a method table call in any case.
3168         Eagerly reifying these values likely has some CPU and memory cost on page load.
3169
3170         * bindings/scripts/CodeGeneratorJS.pm:
3171         (GenerateImplementation):
3172             - should generate compressed index for hashtable,
3173               prototype object ClassInfo should contain static table,
3174               don't reifyStaticProperties for prototype objects.
3175         (GeneratePrototypeDeclaration):
3176             - Set HasStaticPropertyTable for DOM prototype objects.
3177         * bindings/scripts/test/JS/JSInterfaceName.cpp:
3178         (WebCore::JSInterfaceNamePrototype::JSInterfaceNamePrototype):
3179         (WebCore::JSInterfaceNamePrototype::finishCreation):
3180         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
3181         (WebCore::JSTestActiveDOMObjectPrototype::JSTestActiveDOMObjectPrototype):
3182         (WebCore::JSTestActiveDOMObjectPrototype::finishCreation):
3183         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
3184         (WebCore::JSTestClassWithJSBuiltinConstructorPrototype::JSTestClassWithJSBuiltinConstructorPrototype):
3185         (WebCore::JSTestClassWithJSBuiltinConstructorPrototype::finishCreation):
3186         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
3187         (WebCore::JSTestCustomConstructorWithNoInterfaceObjectPrototype::JSTestCustomConstructorWithNoInterfaceObjectPrototype):
3188         (WebCore::JSTestCustomConstructorWithNoInterfaceObjectPrototype::finishCreation):
3189         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
3190         (WebCore::JSTestCustomNamedGetterPrototype::JSTestCustomNamedGetterPrototype):
3191         (WebCore::JSTestCustomNamedGetterPrototype::finishCreation):
3192         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
3193         (WebCore::JSTestEventConstructorPrototype::JSTestEventConstructorPrototype):
3194         (WebCore::JSTestEventConstructorPrototype::finishCreation):
3195         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
3196         (WebCore::JSTestEventTargetPrototype::JSTestEventTargetPrototype):
3197         (WebCore::JSTestEventTargetPrototype::finishCreation):
3198         * bindings/scripts/test/JS/JSTestException.cpp:
3199         (WebCore::JSTestExceptionPrototype::JSTestExceptionPrototype):
3200         (WebCore::JSTestExceptionPrototype::finishCreation):
3201         * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
3202         (WebCore::JSTestGenerateIsReachablePrototype::JSTestGenerateIsReachablePrototype):
3203         (WebCore::JSTestGenerateIsReachablePrototype::finishCreation):
3204         * bindings/scripts/test/JS/JSTestInterface.cpp:
3205         (WebCore::JSTestInterfacePrototype::JSTestInterfacePrototype):
3206         (WebCore::JSTestInterfacePrototype::finishCreation):
3207         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
3208         (WebCore::JSTestJSBuiltinConstructorPrototype::JSTestJSBuiltinConstructorPrototype):
3209         (WebCore::JSTestJSBuiltinConstructorPrototype::finishCreation):
3210         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
3211         (WebCore::JSTestMediaQueryListListenerPrototype::JSTestMediaQueryListListenerPrototype):
3212         (WebCore::JSTestMediaQueryListListenerPrototype::finishCreation):
3213         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
3214         (WebCore::JSTestNamedConstructorPrototype::JSTestNamedConstructorPrototype):
3215         (WebCore::JSTestNamedConstructorPrototype::finishCreation):
3216         * bindings/scripts/test/JS/JSTestNode.cpp:
3217         (WebCore::JSTestNodePrototype::JSTestNodePrototype):
3218         (WebCore::JSTestNodePrototype::finishCreation):
3219         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
3220         (WebCore::JSTestNondeterministicPrototype::JSTestNondeterministicPrototype):
3221         (WebCore::JSTestNondeterministicPrototype::finishCreation):
3222         * bindings/scripts/test/JS/JSTestObj.cpp:
3223         (WebCore::JSTestObjPrototype::JSTestObjPrototype):
3224         (WebCore::JSTestObjPrototype::finishCreation):
3225         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
3226         (WebCore::JSTestOverloadedConstructorsPrototype::JSTestOverloadedConstructorsPrototype):
3227         (WebCore::JSTestOverloadedConstructorsPrototype::finishCreation):
3228         * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
3229         (WebCore::JSTestOverrideBuiltinsPrototype::JSTestOverrideBuiltinsPrototype):
3230         (WebCore::JSTestOverrideBuiltinsPrototype::finishCreation):
3231         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
3232         (WebCore::JSTestSerializedScriptValueInterfacePrototype::JSTestSerializedScriptValueInterfacePrototype):
3233         (WebCore::JSTestSerializedScriptValueInterfacePrototype::finishCreation):
3234         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
3235         (WebCore::JSTestTypedefsPrototype::JSTestTypedefsPrototype):
3236         (WebCore::JSTestTypedefsPrototype::finishCreation):
3237         * bindings/scripts/test/JS/JSattribute.cpp:
3238         (WebCore::JSattributePrototype::JSattributePrototype):
3239         (WebCore::JSattributePrototype::finishCreation):
3240         * bindings/scripts/test/JS/JSreadonly.cpp:
3241         (WebCore::JSreadonlyPrototype::JSreadonlyPrototype):
3242         (WebCore::JSreadonlyPrototype::finishCreation):
3243
3244 2016-06-20  Adam Bergkvist  <adam.bergkvist@ericsson.com>
3245
3246         WebRTC: RTCIceCandidate init dictionary don't handle explicit null or undefined values correctly
3247         https://bugs.webkit.org/show_bug.cgi?id=158873
3248
3249         Reviewed by Alejandro G. Castro.
3250
3251         Prevent explicit null and undefined values from being converted to "null" and "undefined"
3252         strings.
3253
3254         Test: Extended fast/mediastream/RTCIceCandidate.html
3255
3256         * Modules/mediastream/RTCIceCandidate.cpp:
3257         (WebCore::RTCIceCandidate::create):
3258
3259 2016-06-20  Commit Queue  <commit-queue@webkit.org>
3260
3261         Unreviewed, rolling out r202252.
3262         https://bugs.webkit.org/show_bug.cgi?id=158974
3263
3264         See rdar://problem/26867866 for details (Requested by ap on
3265         #webkit).
3266
3267         Reverted changeset:
3268
3269         "Adopt commitPriority to get rid of the 2 AVPL solution for
3270         PiP"
3271         https://bugs.webkit.org/show_bug.cgi?id=158949
3272         http://trac.webkit.org/changeset/202252
3273
3274 2016-06-20  Commit Queue  <commit-queue@webkit.org>
3275
3276         Unreviewed, rolling out r202243.
3277         https://bugs.webkit.org/show_bug.cgi?id=158972
3278
3279         Broke Windows build and iOS tests (Requested by ap on
3280         #webkit).
3281
3282         Reverted changeset:
3283
3284         "Focus event dispatched in iframe causes parent document to
3285         scroll incorrectly"
3286         https://bugs.webkit.org/show_bug.cgi?id=158629
3287         http://trac.webkit.org/changeset/202243
3288
3289 2016-06-20  Chris Dumez  <cdumez@apple.com>
3290
3291         Simplify / Optimize DataDetector's searchForLinkRemovingExistingDDLinks()
3292         https://bugs.webkit.org/show_bug.cgi?id=158968
3293
3294         Reviewed by Ryosuke Niwa.
3295
3296         Simplify / Optimize DataDetector's searchForLinkRemovingExistingDDLinks():
3297         - Use modern ancestorsOfType<HTMLAnchorElement>() to traverse anchor ancestors
3298           instead of traversing by hand.
3299         - Use NodeTraversal::next() to traverse the tree until we find endNode and
3300           use a for loop instead of a while loop. Previously, the logic the determine
3301           the next node was at the end of the loop and was identical behavior-wise
3302           to NodeTraversal::next(). However, the previous code for a lot less efficient
3303           because it was calling Node::childNodes() to get a NodeList of the children,
3304           then calling length() on it to check if we had children and finally use
3305           the first item in the list as next node. This was very inefficient because
3306           NodeList::length() would need to traverse all children to figure out the
3307           length and would cache all the children in a Vector in CollectionIndexCache.
3308
3309         * dom/ElementAncestorIterator.h:
3310         (WebCore::ancestorsOfType):
3311         * dom/ElementIterator.h:
3312         (WebCore::findElementAncestorOfType):
3313         (WebCore::findElementAncestorOfType<Element>):
3314         Update ancestorsOfType() to take a Node instead of an Element. There are no
3315         performance benefits to taking an Element here and it is a valid use case to
3316         want an Element ancestor of a non-Element node.
3317
3318         * editing/cocoa/DataDetection.mm:
3319         (WebCore::searchForLinkRemovingExistingDDLinks):
3320         (WebCore::dataDetectorTypeForCategory): Deleted.
3321
3322 2016-06-20  Commit Queue  <commit-queue@webkit.org>
3323
3324         Unreviewed, rolling out r202248.
3325         https://bugs.webkit.org/show_bug.cgi?id=158960
3326
3327         breaks builds on the simulator (Requested by keith_mi_ on
3328         #webkit).
3329
3330         Reverted changeset:
3331
3332         "It should be easy to add a private global helper function for
3333         builtins"
3334         https://bugs.webkit.org/show_bug.cgi?id=158893
3335         http://trac.webkit.org/changeset/202248
3336
3337 2016-06-20  Jeremy Jones  <jeremyj@apple.com>
3338
3339         Adopt commitPriority to get rid of the 2 AVPL solution for PiP
3340         https://bugs.webkit.org/show_bug.cgi?id=158949
3341         rdar://problem/26867866
3342
3343         Reviewed by Simon Fraser.
3344
3345         No new tests because there is no behavior change. This reverts changes from 
3346         https://bugs.webkit.org/show_bug.cgi?id=158148 and instead uses -[CAContext commitPriority:]
3347         to prevent flicker when moving a layer between contexts. 
3348         commitPriority allows the layer to be added to the destination context before it is 
3349         removed from the source context.
3350
3351         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: remove m_secondaryVideoLayer.
3352         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: ditto
3353         (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenGravity): ditto.
3354         (WebCore::MediaPlayerPrivateAVFoundationObjC::syncTextTrackBounds): ditto.
3355         (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer): ditto.
3356         (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoLayerGravity): ditto.
3357         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: ditto
3358         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): ditto
3359         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: ditto
3360         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers):ditto
3361         * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h: ditto
3362         * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm: ditto
3363         (WebCore::VideoFullscreenLayerManager::setVideoLayer): ditto
3364         (WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer): ditto and adopt commitPriority.
3365         (WebCore::VideoFullscreenLayerManager::setVideoFullscreenFrame): ditto
3366         (WebCore::VideoFullscreenLayerManager::setVideoLayers): Deleted. 
3367         (WebCore::VideoFullscreenLayerManager::didDestroyVideoLayer): remove m_secondaryVideoLayer.
3368         * platform/spi/cocoa/QuartzCoreSPI.h: Add commitPriority.
3369
3370 2016-06-20  Zalan Bujtas  <zalan@apple.com>
3371
3372         Set the end position on the placeholder BidiRun properly.
3373         https://bugs.webkit.org/show_bug.cgi?id=158958
3374
3375         Reviewed by Myles C. Maxfield.
3376         rdar://problem/26609266
3377
3378         The second paramenter for BidiRun indicates the end position and not the length of the run.
3379         This was regressed at r102875 where only the start position was changed from 0 to pos.
3380
3381         Test: fast/text/international/bidi-style-in-isolate-crash.html
3382
3383         * rendering/InlineIterator.h:
3384         (WebCore::addPlaceholderRunForIsolatedInline):
3385
3386 2016-06-20  Fujii Hironori  <Hironori.Fujii@sony.com>
3387
3388         A composition underline is placed to wrong position in RTL
3389         https://bugs.webkit.org/show_bug.cgi?id=158602
3390
3391         Reviewed by Myles C. Maxfield.
3392
3393         InlineTextBox::paintCompositionUnderline does not take RTL into
3394         account.  The position of composition underline should be
3395         mirrored in RTL.
3396
3397         Test: editing/input/composition-underline-rtl.html
3398
3399         * rendering/InlineTextBox.cpp:
3400         (WebCore::mirrorRTLSegment): New helper function to convert RTL start position to LTR.
3401         (WebCore::InlineTextBox::paintDecoration): Use mirrorRTLSegment.
3402         (WebCore::InlineTextBox::paintCompositionUnderline): Ditto.
3403
3404 2016-06-20  Keith Miller  <keith_miller@apple.com>
3405
3406         It should be easy to add a private global helper function for builtins
3407         https://bugs.webkit.org/show_bug.cgi?id=158893
3408
3409         Reviewed by Mark Lam.
3410
3411         Add JSCJSValueInlines.h to fix build issues.
3412
3413         * platform/mock/mediasource/MockBox.cpp:
3414
3415 2016-06-20  Benjamin Poulain  <benjamin@webkit.org>
3416
3417         :default CSS pseudo-class should match checkboxes+radios with a `checked` attribute
3418         https://bugs.webkit.org/show_bug.cgi?id=156230
3419
3420         Reviewed by Alex Christensen.
3421
3422         This patch update the :default pseudo class matching to be closer to the spec:
3423         https://html.spec.whatwg.org/multipage/scripting.html#selector-default
3424
3425         The main remaining difference with the spec is the definition of "default button".
3426         This is an unrelated problem that should be addressed separately.
3427
3428         The implementation was missing support for:
3429         -input elements of type "checkbox" or "radio" with the "checked" attribute defined.
3430         -option elements with the "selected" attribute defined.
3431
3432         The existing support for default button was pretty bad, I fixed that too.
3433         The owner form now has a resetDefaultButton() API. When a Form Associated Element
3434         becomes a submit button or loses that property, the element calls its form
3435         to update the style as needed.
3436
3437         Whenever the submit button changes, 2 elements needs to have their style invalidated:
3438         -The former default button.
3439         -The new default button.
3440         To invalidate the former button, FormElement now caches the computed
3441         default button. When the default button changes, the cached value is invalidated
3442         in addition to the new value.
3443
3444         Computing the new default button takes linear time in the number of form associated element.
3445         To mitigate that, resetDefaultButton() is only called when changes are related
3446         to submit buttons. Since those changes are