9978f968a09a6e95f12bfc811c4711f7d5951d57
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2018-05-07  Zalan Bujtas  <zalan@apple.com>
2
3         [LFC] Add FormattingContext::layoutOutOfFlowDescendants implementation
4         https://bugs.webkit.org/show_bug.cgi?id=185377
5
6         Reviewed by Antti Koivisto.
7
8         Also, remove FormattingContext's m_layoutContext member and pass it in to ::layout() instead.
9         In theory LayoutContext is needed only during ::layout() call. 
10
11         * layout/FormattingContext.cpp:
12         (WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):
13         * layout/FormattingContext.h:
14         (WebCore::Layout::FormattingContext::layoutContext const):
15         * layout/LayoutContext.cpp:
16         (WebCore::Layout::LayoutContext::updateLayout):
17         * layout/blockformatting/BlockFormattingContext.cpp:
18         (WebCore::Layout::BlockFormattingContext::layout const):
19         * layout/blockformatting/BlockFormattingContext.h:
20         * layout/inlineformatting/InlineFormattingContext.cpp:
21         (WebCore::Layout::InlineFormattingContext::layout const):
22         * layout/inlineformatting/InlineFormattingContext.h:
23
24 2018-05-07  Daniel Bates  <dabates@apple.com>
25
26         Check X-Frame-Options and CSP frame-ancestors in network process
27         https://bugs.webkit.org/show_bug.cgi?id=185410
28         <rdar://problem/37733934>
29
30         Reviewed by Ryosuke Niwa.
31
32         * WebCore.xcodeproj/project.pbxproj: Make PingLoader.h a private header so that we can include it in WebKit.
33         * loader/DocumentLoader.cpp:
34         (WebCore::DocumentLoader::responseReceived): Only check CSP frame-ancestors and X-Frame-Options here if
35         we are not checking them in the NetworkProcess and HTTP response access is restricted. I code is otherwise kept
36         unchanged. There may be opportunities to clean this code up more and share more of it. We should look into this
37         in subsequent bugs.
38         * loader/DocumentLoader.h: Change visibility of stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() from
39         private to public and export it so that we can call it from the WebKit.
40         * loader/PingLoader.h:
41         * page/Settings.yaml: Add a new setting called networkProcessCSPFrameAncestorsCheckingEnabled (defaults: false)
42         and is hardcoded in WebPage.cpp to be enabled. This setting is used to determine if we will be using the NetworkProcess.
43         Ideally we wouldn't have this setting and just key off RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess().
44         However RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() is always enabled in WebKit Legacy
45         at the time of writing (why?). And, strangely, RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()
46         is conditionally enabled in WebKit. For now, we add a new setting, networkProcessCSPFrameAncestorsCheckingEnabled,
47         to determine if CSP checking should be performed in NetworkProcess. For checking to actually happen in NetworkProcess
48         and not in DocumentLoader::responseReceived() RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()
49         will also need to be enabled.
50         * page/csp/ContentSecurityPolicy.cpp:
51         (WebCore::ContentSecurityPolicy::allowFrameAncestors const): Added a variant that takes a vector of ancestor origins.
52         * page/csp/ContentSecurityPolicy.h:
53         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
54         (WebCore::checkFrameAncestors): Ditto.
55         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForFrameAncestorOrigins const): Ditto.
56         * page/csp/ContentSecurityPolicyDirectiveList.h: Export constructor so that we can invoke it from NetworkResourceLoader::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions().
57         * page/csp/ContentSecurityPolicyResponseHeaders.h:
58         * platform/network/HTTPParsers.h: Export XFrameOptionsDisposition() so that we can use in WebKit.
59
60 2018-05-07  Daniel Bates  <dabates@apple.com>
61
62         Abstract logic to log console messages and send CSP violation reports into a client
63         https://bugs.webkit.org/show_bug.cgi?id=185393
64         <rdar://problem/40036053>
65
66         Reviewed by Brent Fulgham.
67
68         First pass at adding infrastructure to supporting CSP reporting from NetworkProcess and workers.
69         Replaces the existing ContentSecurityPolicy constructor that takes a Frame with one that
70         takes a ContentSecurityPolicyClient to delegate to for logging and sending reports. We will look
71         to remove ContentSecurityPolicy constructor that takes a ScriptExecutionContext in a follow up.
72
73         Standardize on instantiating a ContentSecurityPolicy with the full URL to resource that it protects
74         instead of taking only the SecurityOrigin of this URL. By taking the full URL the ContentSecurityPolicy
75         object is now capable of resolving a relative report URL without needing a Document/ScriptExecutionContext.
76
77         We are underutilizing the CSPInfo struct and ContentSecurityPolicyClient::willSendCSPViolationReport()
78         delegate callback in this patch. We will make use of this functionality in a subsequent patch to
79         support collecting script state (e.g. source line number) when reporting CSP violations in worker
80         threads. We also no longer go through the unnecessary motions to try to collect script state for a
81         frame-ancestors violation (since DocumentLoader extends ContentSecurityPolicyClient and does not
82         implement ContentSecurityPolicyClient::willSendCSPViolationReport()). The frame-ancestors directive
83         is checked before a document is parsed and executes script; => there will never be any script state
84         to collect; => it is not necessary to try to collect it as we currently do.
85
86         * Sources.txt: Add file ContentSecurityPolicyClient.cpp. See the remarks for ContentSecurityPolicyClient.cpp
87         below on why we have this file.
88         * WebCore.xcodeproj/project.pbxproj: Add files ContentSecurityPolicyClient.{h, cpp}.
89         * dom/Document.cpp:
90         (WebCore::Document::initSecurityContext): Pass the URL of the protected document.
91         * loader/DocumentLoader.cpp:
92         (WebCore::DocumentLoader::responseReceived): Ditto.
93         (WebCore::DocumentLoader::addConsoleMessage): Added.
94         (WebCore::DocumentLoader::sendCSPViolationReport): Added.
95         (WebCore::DocumentLoader::dispatchSecurityPolicyViolationEvent): Added.
96         * loader/DocumentLoader.h:
97         * loader/FrameLoaderClient.h: Fix typo in comment.
98         * loader/WorkerThreadableLoader.cpp:
99         (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass the URL of the worker script.
100         * page/csp/ContentSecurityPolicy.cpp:
101         (WebCore::ContentSecurityPolicy::ContentSecurityPolicy): Added overload that takes a URL&& and an optional
102         ContentSecurityPolicyClient*.
103         (WebCore::ContentSecurityPolicy::deprecatedURLForReporting const): Extracted and simplified stripURLForUseInReport()
104         into this member function.
105         (WebCore::ContentSecurityPolicy::reportViolation const): Modified to make use of the client, if we have
106         one and removed code for handling a ContentSecurityPolicy that was instantiated with a Frame.
107         (WebCore::ContentSecurityPolicy::logToConsole const): Ditto.
108         (WebCore::stripURLForUseInReport): Deleted; incorporated into ContentSecurityPolicy::deprecatedURLForReporting().
109         * page/csp/ContentSecurityPolicy.h:
110         * page/csp/ContentSecurityPolicyClient.cpp: Added. This file exists so that we can define the virtual
111         destructor out-of-line and export this abstract class so as to avoid the need for the vtable to be
112         defined in the translation unit of each derived class.
113         * page/csp/ContentSecurityPolicyClient.h: Added.
114         * page/csp/ContentSecurityPolicySource.cpp:
115         (WebCore::ContentSecurityPolicySource::operator SecurityOriginData const): Added.
116         * page/csp/ContentSecurityPolicySource.h:
117         * workers/WorkerGlobalScope.cpp:
118         (WebCore::WorkerGlobalScope::WorkerGlobalScope): Instantiate the ContentSecurityPolicy object with the
119         URL of the worker script.
120
121 2018-05-07  Simon Fraser  <simon.fraser@apple.com>
122
123         CSS filters which reference SVG filters fail to respect the "color-interpolation-filters" of the filter
124         https://bugs.webkit.org/show_bug.cgi?id=185343
125
126         Reviewed by Dean Jackson.
127
128         Test: css3/filters/color-interpolation-filters.html
129         
130         When applying CSS reference filters, apply the value of "color-interpolation-filters" for the
131         referenced filter effect element, just as we do for SVG filters.
132
133         * rendering/FilterEffectRenderer.cpp:
134         (WebCore::FilterEffectRenderer::buildReferenceFilter):
135
136 2018-05-07  Daniel Bates  <dabates@apple.com>
137
138         CSP status-code incorrect for document blocked due to violation of its frame-ancestors directive
139         https://bugs.webkit.org/show_bug.cgi?id=185366
140         <rdar://problem/40035116>
141
142         Reviewed by Brent Fulgham.
143
144         Fixes an issue where the status-code in the sent CSP report for an HTTP document blocked because
145         its frame-ancestors directive was violated would be the status code of the previously loaded
146         document in the frame. If the previously loaded document was about:blank then this would be 0.
147
148         Currently whenever we send a CSP report we ask the document's loader (Document::loader()) for the
149         HTTP status code for the last response. Document::loader() returns the loader for the last committed
150         document its frame. For a frame-ancestors violation, a CSP report is sent before the document
151         that had the frame-ancestors directive has been committed and after it has been associate with a frame.
152         As a result we are in are in a transient transition state for the frame and hence the last response
153         for new document's loader (Document::loader()) is actually the last response of the previously loaded
154         document in the frame. Instead we need to take care to tell CSP about the HTTP status code for the
155         response associated with the document the CSP came from.
156
157         * dom/Document.cpp:
158         (WebCore::Document::processHttpEquiv):
159         (WebCore::Document::initSecurityContext):
160         Pass the HTTP status code to CSP.
161
162         * page/csp/ContentSecurityPolicy.cpp:
163         (WebCore::ContentSecurityPolicy::copyStateFrom):
164         (WebCore::ContentSecurityPolicy::responseHeaders const):
165         (WebCore::ContentSecurityPolicy::didReceiveHeaders):
166         (WebCore::ContentSecurityPolicy::didReceiveHeader):
167         (WebCore::ContentSecurityPolicy::reportViolation const):
168         * page/csp/ContentSecurityPolicy.h:
169         Modify existing functions to take the HTTP status code, store it in a instance variable,
170         and reference this variable when reporting a violation.
171
172         * page/csp/ContentSecurityPolicyResponseHeaders.cpp:
173         (WebCore::ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders):
174         (WebCore::ContentSecurityPolicyResponseHeaders::isolatedCopy const):
175         * page/csp/ContentSecurityPolicyResponseHeaders.h:
176         (WebCore::ContentSecurityPolicyResponseHeaders::encode const):
177         (WebCore::ContentSecurityPolicyResponseHeaders::decode):
178         Store the HTTP status code along with the response headers.
179
180 2018-05-07  Daniel Bates  <dabates@apple.com>
181
182         CSP referrer incorrect for document blocked due to violation of its frame-ancestors directive
183         https://bugs.webkit.org/show_bug.cgi?id=185380
184
185         Reviewed by Brent Fulgham.
186
187         Similar to <https://bugs.webkit.org/show_bug.cgi?id=185366>, fixes an issue where the referrer
188         in the sent CSP report for an HTTP document blocked because its frame-ancestors directive was
189         violated would be the referrer of the previously loaded document in the frame.
190
191         Currently whenever we send a CSP report we ask the document's loader (Document::loader()) for
192         the referrer for the last request. Document::loader() returns the loader for the last committed
193         document in its frame. For a frame-ancestors violation, a CSP report is sent before the document
194         that had the frame-ancestors directive has been committed and after it has been associate with a
195         frame. As a result we are in a transient transition state for the frame and hence the last request
196         for the new document's loader (Document::loader()) is actually the last request of the previously
197         loaded document in the frame. Instead we need to take care to tell CSP about the referrer for the
198         request associated with the document the CSP came from.
199
200         * loader/DocumentLoader.cpp:
201         (WebCore::DocumentLoader::responseReceived):
202
203 2018-05-07  Brent Fulgham  <bfulgham@apple.com>
204
205         Add experimental feature to prompt for Storage Access API use
206         https://bugs.webkit.org/show_bug.cgi?id=185335
207         <rdar://problem/39994649>
208
209         Reviewed by Alex Christensen and Youenn Fablet.
210
211         Create a new experimental feature that gates the ability of WebKit clients to prompt the user when
212         Storage Access API is invoked.
213
214         Currently this feature doesn't have any user-visible impact.
215
216         * page/RuntimeEnabledFeatures.h:
217         (WebCore::RuntimeEnabledFeatures::setStorageAccessPromptsEnabled):
218         (WebCore::RuntimeEnabledFeatures::storageAccessPromptsEnabled const):
219         * testing/InternalSettings.cpp:
220         (WebCore::InternalSettings::Backup::Backup):
221         (WebCore::InternalSettings::Backup::restoreTo):
222         (WebCore::InternalSettings::setStorageAccessPromptsEnabled):
223         * testing/InternalSettings.h:
224         * testing/InternalSettings.idl:
225
226 2018-05-07  Chris Dumez  <cdumez@apple.com>
227
228         Stop using an iframe's id as fallback if its name attribute is not set
229         https://bugs.webkit.org/show_bug.cgi?id=11388
230
231         Reviewed by Geoff Garen.
232
233         WebKit had logic to use an iframe's id as fallback name when its name
234         content attribute is not set. This behavior was not standard and did not
235         match other browsers:
236         - https://html.spec.whatwg.org/#attr-iframe-name
237
238         Gecko / Trident never behaved this way. Blink was aligned with us until
239         they started to match the specification in:
240         - https://bugs.chromium.org/p/chromium/issues/detail?id=347169
241
242         This WebKit quirk was causing some Web-compatibility issues because it
243         would affect the behavior of Window's name property getter when trying
244         to look up an iframe by id. Because of Window's named property getter
245         behavior [1], we would return the frame's contentWindow instead of the
246         iframe element itself.
247
248         [1] https://html.spec.whatwg.org/multipage/window-object.html#named-access-on-the-window-object
249
250         Test: fast/dom/Window/named-getter-frame-id.html
251
252         * html/HTMLFrameElementBase.cpp:
253         (WebCore::HTMLFrameElementBase::openURL):
254         (WebCore::HTMLFrameElementBase::parseAttribute):
255         (WebCore::HTMLFrameElementBase::didFinishInsertingNode):
256         * html/HTMLFrameElementBase.h:
257
258 2018-05-07  Chris Dumez  <cdumez@apple.com>
259
260         ASSERT(!childItemWithTarget(child->target())) is hit in HistoryItem::addChildItem()
261         https://bugs.webkit.org/show_bug.cgi?id=185322
262
263         Reviewed by Geoff Garen.
264
265         We generate unique names for Frame to be used in HistoryItem. Those names not only
266         need to be unique, they also need to be repeatable to avoid layout tests flakiness
267         and for things like restoring form state from a HistoryItem.
268
269         The previously generated frame names were relying on the Frame's index among a
270         parent Frame's children. The issue was that we could end up with duplicate names
271         because one could insert a Frame *before* an existing one. This is because the code
272         would not take care of updating existing Frames' unique name on frame tree mutation.
273
274         Updating frame tree names on mutation would be inefficient and is also not necessary.
275         The approach chosen in this patch is to stop using the Frame's index and instead rely
276         on an increasing counter stored on the top-frame's FrameTree. To make the names
277         repeatable, we reset the counter on page navigation.
278
279         * page/Frame.cpp:
280         (WebCore::Frame::setDocument):
281         * page/FrameTree.cpp:
282         (WebCore::FrameTree::uniqueChildName const):
283         (WebCore::FrameTree::generateUniqueName const):
284         * page/FrameTree.h:
285         (WebCore::FrameTree::resetFrameIdentifiers):
286
287 2018-05-07  Yacine Bandou  <yacine.bandou_ext@softathome.com>
288
289         [EME][GStreamer] Fix wrong subsample parsing on r227067
290         https://bugs.webkit.org/show_bug.cgi?id=185382
291
292         Reviewed by Philippe Normand.
293
294         The initialization of sampleIndex should be moved outside of the loop.
295         Without this patch we will have a bad log and the check of the subsample
296         count will be useless.
297
298         * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
299         (webKitMediaClearKeyDecryptorDecrypt):
300
301 2018-05-07  Daniel Bates  <dabates@apple.com>
302
303         CSP should be passed the referrer
304         https://bugs.webkit.org/show_bug.cgi?id=185367
305
306         Reviewed by Per Arne Vollan.
307
308         As a step towards formalizing a CSP delegate object and removing the dependencies
309         on ScriptExecutionContext and Frame, we should pass the document's referrer directly
310         instead of indirectly obtaining it from the ScriptExecutionContext or Frame used
311         to instantiate the ContentSecurityPolicy object.
312
313         * dom/Document.cpp:
314         (WebCore::Document::processHttpEquiv): Pass the document's referrer.
315         (WebCore::Document::initSecurityContext): Ditto.
316         (WebCore::Document::applyQuickLookSandbox): Ditto.
317         * loader/DocumentLoader.cpp:
318         (WebCore::DocumentLoader::responseReceived): Ditto.
319         * loader/FrameLoader.cpp:
320         (WebCore::FrameLoader::didBeginDocument): Ditto.
321         * page/csp/ContentSecurityPolicy.cpp:
322         (WebCore::ContentSecurityPolicy::copyStateFrom): We pass a null string for the referrer
323         to didReceiveHeader() as a placeholder since it requires the referrer be given to it. We
324         fix up the referrer (m_referrer) after copying all the policy headers.
325         (WebCore::ContentSecurityPolicy::didReceiveHeaders): Ditto.
326         (WebCore::ContentSecurityPolicy::didReceiveHeader): Modified to take a referrer and WTFMove()s
327         it into an instance variable (m_referrer).
328         (WebCore::ContentSecurityPolicy::reportViolation const): Modified to use the stored referrer.
329         * page/csp/ContentSecurityPolicy.h:
330         * workers/WorkerGlobalScope.cpp:
331         (WebCore::WorkerGlobalScope::applyContentSecurityPolicyResponseHeaders): Pass a null string
332         for the referrer as a worker does not have a referrer.
333
334 2018-05-07  Daniel Bates  <dabates@apple.com>
335
336         CSP should only notify Inspector to pause the debugger on the first policy to violate a directive
337         https://bugs.webkit.org/show_bug.cgi?id=185364
338
339         Reviewed by Brent Fulgham.
340
341         Notify Web Inspector that a script was blocked on the first enforced CSP policy that it
342         violates.
343
344         A page can have more than one enforced Content Security Policy. Currently for inline
345         scripts, inline event handlers, JavaScript URLs, and eval() that are blocked by CSP
346         we notify Web Inspector that it was blocked for each CSP policy that blocked it. When
347         Web Inspector is notified it pauses script execution. It does not seem very meaningful
348         to pause script execution on the same script for each CSP policy that blocked it.
349         Therefore, only tell Web Inspector that a script was blocked for the first enforced CSP
350         policy that blocked it.
351
352         * page/csp/ContentSecurityPolicy.cpp:
353         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs const):
354         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers const):
355         (WebCore::ContentSecurityPolicy::allowInlineScript const):
356         (WebCore::ContentSecurityPolicy::allowEval const):
357
358 2018-05-07  Daniel Bates  <dabates@apple.com>
359
360         Substitute CrossOriginPreflightResultCache::clear() for CrossOriginPreflightResultCache::empty()
361         https://bugs.webkit.org/show_bug.cgi?id=185170
362
363         Reviewed by Per Arne Vollan.
364
365         Rename CrossOriginPreflightResultCache::empty() to CrossOriginPreflightResultCache::clear() make
366         it consistent with the terminology we use in WebKit to signify a function that clears a collection.
367         A member function named "empty" is expected to return an instance of a class in its "empty state".
368         For example, StringImpl::empty() returns a StringImpl instance that represents the empty string.
369         However CrossOriginPreflightResultCache::empty() clears out the cache in-place. We should rename
370         this function to better describe its purpose.
371
372         * loader/CrossOriginPreflightResultCache.cpp:
373         (WebCore::CrossOriginPreflightResultCache::clear):
374         (WebCore::CrossOriginPreflightResultCache::empty): Deleted.
375         * loader/CrossOriginPreflightResultCache.h:
376
377 2018-05-06  Dean Jackson  <dino@apple.com>
378
379         WebGL: Reset simulated values after validation fails
380         https://bugs.webkit.org/show_bug.cgi?id=185363
381         <rdar://problem/39733417>
382
383         Reviewed by Anders Carlsson.
384
385         While fixing a previous bug, I forgot to reset some values
386         when validation fails. This caused a bug where a subsequent
387         invalid call might use those values and escape detection.
388
389         Test: fast/canvas/webgl/index-validation-with-subsequent-draws.html
390
391         * html/canvas/WebGLRenderingContextBase.cpp:
392         (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): Reset the
393         sizes when validation fails.
394         * html/canvas/WebGLRenderingContextBase.h:
395
396 2018-05-07  Ms2ger  <Ms2ger@igalia.com>
397
398         Support negative sw/sh values in createImageBitmap().
399         https://bugs.webkit.org/show_bug.cgi?id=184449
400
401         Reviewed by Dean Jackson.
402
403         Tests: LayoutTests/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage.html
404                LayoutTests/http/wpt/2dcontext/imagebitmap/createImageBitmap.html
405
406         * html/ImageBitmap.cpp:
407         (WebCore::ImageBitmap::createPromise): handle negative values per spec.
408
409 2018-05-07  Brian Burg  <bburg@apple.com>
410
411         Web Inspector: opt out of process swap on navigation if a Web Inspector frontend is connected
412         https://bugs.webkit.org/show_bug.cgi?id=184861
413         <rdar://problem/39153768>
414
415         Reviewed by Timothy Hatcher.
416
417         Notify the client of the current connection count whenever a frontend connects or disconnects.
418
419         Covered by new API test.
420
421         * inspector/InspectorClient.h:
422         (WebCore::InspectorClient::frontendCountChanged):
423         * inspector/InspectorController.cpp:
424         (WebCore::InspectorController::connectFrontend):
425         (WebCore::InspectorController::disconnectFrontend):
426         (WebCore::InspectorController::disconnectAllFrontends):
427         * inspector/InspectorController.h:
428
429 2018-05-07  Eric Carlson  <eric.carlson@apple.com>
430
431         Text track cue logging should include cue text
432         https://bugs.webkit.org/show_bug.cgi?id=185353
433         <rdar://problem/40003565>
434
435         Reviewed by Youenn Fablet.
436
437         No new tests, tested manually.
438
439         * html/track/VTTCue.cpp:
440         (WebCore::VTTCue::toJSONString const): Use toJSON.
441         (WebCore::VTTCue::toJSON const): New.
442         * html/track/VTTCue.h:
443
444         * platform/graphics/InbandTextTrackPrivateClient.h:
445         (WebCore::GenericCueData::toJSONString const): Log m_content.
446
447         * platform/graphics/iso/ISOVTTCue.cpp:
448         (WebCore::ISOWebVTTCue::toJSONString const): Log m_cueText.
449
450 2018-05-06  Zalan Bujtas  <zalan@apple.com>
451
452         [LFC] Add assertions for stale Display::Box geometry
453         https://bugs.webkit.org/show_bug.cgi?id=185357
454
455         Reviewed by Antti Koivisto.
456
457         Ensure that we don't access stale geometry of other boxes during layout.
458         For example, in order to layout a block child we need the containing block's content box top/left and width (but not the height)
459
460         * layout/displaytree/DisplayBox.h:
461         (WebCore::Display::Box::invalidateTop):
462         (WebCore::Display::Box::invalidateLeft):
463         (WebCore::Display::Box::invalidateWidth):
464         (WebCore::Display::Box::invalidateHeight):
465         (WebCore::Display::Box::hasValidPosition const):
466         (WebCore::Display::Box::hasValidSize const):
467         (WebCore::Display::Box::hasValidGeometry const):
468         (WebCore::Display::Box::invalidatePosition):
469         (WebCore::Display::Box::invalidateSize):
470         (WebCore::Display::Box::setHasValidPosition):
471         (WebCore::Display::Box::setHasValidSize):
472         (WebCore::Display::Box::setHasValidGeometry):
473         (WebCore::Display::Box::rect const):
474         (WebCore::Display::Box::top const):
475         (WebCore::Display::Box::left const):
476         (WebCore::Display::Box::bottom const):
477         (WebCore::Display::Box::right const):
478         (WebCore::Display::Box::topLeft const):
479         (WebCore::Display::Box::bottomRight const):
480         (WebCore::Display::Box::size const):
481         (WebCore::Display::Box::width const):
482         (WebCore::Display::Box::height const):
483         (WebCore::Display::Box::setRect):
484         (WebCore::Display::Box::setTopLeft):
485         (WebCore::Display::Box::setTop):
486         (WebCore::Display::Box::setLeft):
487         (WebCore::Display::Box::setSize):
488         (WebCore::Display::Box::setWidth):
489         (WebCore::Display::Box::setHeight):
490
491 2018-05-06  Zalan Bujtas  <zalan@apple.com>
492
493         [LFC] Add BlockFormattingContext::computeStaticPosition
494         https://bugs.webkit.org/show_bug.cgi?id=185352
495
496         Reviewed by Antti Koivisto.
497
498         This is the core logic for positioning inflow boxes in a block formatting context (very naive though).
499
500         * layout/blockformatting/BlockFormattingContext.cpp:
501         (WebCore::Layout::BlockFormattingContext::computeStaticPosition const):
502         * layout/displaytree/DisplayBox.h:
503
504 2018-05-05  Sam Weinig  <sam@webkit.org>
505
506         Cleanup XMLHttpRequestUpload a little
507         https://bugs.webkit.org/show_bug.cgi?id=185344
508
509         Reviewed by Yusuke Suzuki.
510
511         * bindings/js/JSXMLHttpRequestCustom.cpp:
512         (WebCore::JSXMLHttpRequest::visitAdditionalChildren):
513         Use auto to reduce redundancy.
514
515         * xml/XMLHttpRequest.cpp:
516         (WebCore::XMLHttpRequest::upload):
517         * xml/XMLHttpRequest.h:
518         Switch upload() to return a reference.
519         
520         * xml/XMLHttpRequestUpload.cpp:
521         (WebCore::XMLHttpRequestUpload::XMLHttpRequestUpload):
522         (WebCore::XMLHttpRequestUpload::dispatchProgressEvent):
523         * xml/XMLHttpRequestUpload.h:
524         Cleanup formatting, modernize and switch XMLHttpRequest member from a pointer
525         to a reference.
526
527 2018-05-05  Dean Jackson  <dino@apple.com>
528
529         Draw a drop-shadow behind the system preview badge
530         https://bugs.webkit.org/show_bug.cgi?id=185356
531         <rdar://problem/40004936>
532
533         Reviewed by Wenson Hsieh.
534
535         Draw a very subtle drop-shadow under the system
536         preview badge so that it is more visible on a pure
537         white background.
538
539         I also moved some code around to make it more clear
540         and improved comments.
541
542         * rendering/RenderThemeIOS.mm:
543         (WebCore::RenderThemeIOS::paintSystemPreviewBadge):
544
545 2018-05-04  Wenson Hsieh  <wenson_hsieh@apple.com>
546
547         [iOS] Multiple links in Mail are dropped in a single line, and are difficult to tell apart
548         https://bugs.webkit.org/show_bug.cgi?id=185289
549         <rdar://problem/35756912>
550
551         Reviewed by Tim Horton and Darin Adler.
552
553         When inserting multiple URLs as individual items in a single drop, we currently separate each item with a space
554         (see r217284). However, it still seems difficult to tell dropped links apart. This patch makes some slight
555         tweaks to WebContentReader::readURL so that it inserts line breaks before dropped URLs, if the dropped URL isn't
556         the first item to be inserted in the resulting document fragment.
557
558         Augments existing API tests in DataInteractionTests.
559
560         * editing/ios/WebContentReaderIOS.mm:
561
562         Additionally remove some extraneous header imports from this implementation file.
563
564         (WebCore::WebContentReader::readURL):
565
566 2018-05-02  Dean Jackson  <dino@apple.com>
567
568         Use IOSurfaces for CoreImage operations where possible
569         https://bugs.webkit.org/show_bug.cgi?id=185230
570         <rdar://problem/39926929>
571
572         Reviewed by Jon Lee.
573
574         On iOS hardware, we can use IOSurfaces as a rendering destination
575         for CoreImage, which means we're keeping data on the GPU
576         for rendering.
577
578         As a drive-by fix, I used a convenience method for Gaussian blurs.
579
580         * rendering/RenderThemeIOS.mm:
581         (WebCore::RenderThemeIOS::paintSystemPreviewBadge):
582
583 2018-05-04  Tim Horton  <timothy_horton@apple.com>
584
585         Shift to a lower-level framework for simplifying URLs
586         https://bugs.webkit.org/show_bug.cgi?id=185334
587
588         Reviewed by Dan Bernstein.
589
590         * Configurations/WebCore.xcconfig:
591         * platform/mac/DragImageMac.mm:
592         (WebCore::LinkImageLayout::LinkImageLayout):
593
594 2018-05-03  Ryosuke Niwa  <rniwa@webkit.org>
595
596         Release assert in ScriptController::canExecuteScripts via HTMLMediaElement::~HTMLMediaElement()
597         https://bugs.webkit.org/show_bug.cgi?id=185288
598
599         Reviewed by Jer Noble.
600
601         The crash is caused by HTMLMediaElement::~HTMLMediaElement canceling the resource load via CachedResource
602         which ends up calling FrameLoader::checkCompleted() and fire load event on the document synchronously.
603         Speculatively fix the crash by scheduling the check instead.
604
605         In long term, ResourceLoader::cancel should never fire load event synchronously: webkit.org/b/185284.
606
607         Unfortunately, no new tests since I can't get MediaResource to get destructed at the right time.
608
609         * html/HTMLMediaElement.cpp:
610         (WebCore::HTMLMediaElement::isRunningDestructor): Added to detect this specific case.
611         (WebCore::HTMLMediaElementDestructorScope): Added.
612         (WebCore::HTMLMediaElementDestructorScope::HTMLMediaElementDestructorScope): Added.
613         (WebCore::HTMLMediaElementDestructorScope::~HTMLMediaElementDestructorScope): Added.
614         (WebCore::HTMLMediaElement::~HTMLMediaElement): Instantiate HTMLMediaElement.
615         * html/HTMLMediaElement.h:
616         * loader/FrameLoader.cpp:
617         (WebCore::FrameLoader::checkCompleted): Call scheduleCheckCompleted instead of synchronously calling
618         checkCompleted if we're in the middle of destructing a HTMLMediaElement.
619
620 2018-05-04  Ryosuke Niwa  <rniwa@webkit.org>
621
622         Rename DocumentOrderedMap to TreeScopeOrderedMap
623         https://bugs.webkit.org/show_bug.cgi?id=185290
624
625         Reviewed by Zalan Bujtas.
626
627         Renamed the class since it's almost always a mistake to use this class as a member variable of Document.
628
629         * Sources.txt:
630         * WebCore.xcodeproj/project.pbxproj:
631         * dom/MouseRelatedEvent.cpp: Include the forgotten DOMWindow.h. Unified build files bit us here.
632         * dom/TreeScope.cpp:
633         (WebCore::TreeScope::addElementById):
634         (WebCore::TreeScope::addElementByName):
635         (WebCore::TreeScope::addImageMap):
636         (WebCore::TreeScope::addImageElementByUsemap):
637         (WebCore::TreeScope::labelElementForId):
638         * dom/TreeScope.h:
639         * dom/TreeScopeOrderedMap.cpp: Renamed from DocumentOrderedMap.cpp
640         * dom/TreeScopeOrderedMap.h: Renamed from DocumentOrderedMap.h
641         * html/HTMLDocument.h:
642
643 2018-05-04  Don Olmstead  <don.olmstead@sony.com>
644
645         [Win][WebKit] Fix forwarding headers for Windows build
646         https://bugs.webkit.org/show_bug.cgi?id=184412
647
648         Reviewed by Alex Christensen.
649
650         No new tests. No change in behavior.
651
652         * PlatformWin.cmake:
653
654 2018-05-04  Zalan Bujtas  <zalan@apple.com>
655
656         [Simple line layout] Add support for line layout box generation with multiple text renderers.
657         https://bugs.webkit.org/show_bug.cgi?id=185276
658
659         Reviewed by Antti Koivisto.
660
661         Covered by existing tests.
662
663         * rendering/SimpleLineLayoutFunctions.cpp:
664         (WebCore::SimpleLineLayout::canUseForLineBoxTree):
665         (WebCore::SimpleLineLayout::generateLineBoxTree):
666         * rendering/SimpleLineLayoutResolver.cpp:
667         (WebCore::SimpleLineLayout::RunResolver::Run::renderer const):
668         (WebCore::SimpleLineLayout::RunResolver::Run::localStart const):
669         (WebCore::SimpleLineLayout::RunResolver::Run::localEnd const):
670         * rendering/SimpleLineLayoutResolver.h:
671
672 2018-05-04  Timothy Hatcher  <timothy@apple.com>
673
674         Deprecate legacy WebView and friends
675         https://bugs.webkit.org/show_bug.cgi?id=185279
676         rdar://problem/33268700
677
678         Reviewed by Tim Horton.
679
680         * Configurations/WebCore.xcconfig:
681         Added BUILDING_WEBKIT define to disable the deprecation macros.
682         * bridge/objc/WebScriptObject.h:
683         Added deprecation macros to WebScriptObject and WebUndefined.
684         * platform/cocoa/WebKitAvailability.h:
685         Added more macros and a way to disable deprecation warnings for
686         WebKit build and in clients like Safari.
687
688 2018-05-04  Eric Carlson  <eric.carlson@apple.com>
689
690         Log media time range as JSON
691         https://bugs.webkit.org/show_bug.cgi?id=185321
692         <rdar://problem/39986746>
693
694         Reviewed by Youenn Fablet.
695
696         No new tests, tested manually.
697
698         * html/HTMLMediaElement.cpp:
699         (WebCore::HTMLMediaElement::addPlayedRange): Log as time range.
700         (WebCore::HTMLMediaElement::visibilityStateChanged): Cleanup.
701
702         * platform/graphics/MediaPlayer.h:
703         (WTF::LogArgument<MediaTime>::toString):
704         (WTF::LogArgument<MediaTimeRange>::toString):
705
706         * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
707         (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings): Log error as time range.
708
709 2018-05-04  Zalan Bujtas  <zalan@apple.com>
710
711         Use the containing block to compute the pagination gap when the container is inline.
712         https://bugs.webkit.org/show_bug.cgi?id=184724
713         <rdar://problem/39521800>
714
715         Reviewed by Simon Fraser.
716
717         Test: fast/overflow/page-overflow-with-inline-body-crash.html
718
719         * page/FrameView.cpp:
720         (WebCore::FrameView::applyPaginationToViewport):
721
722 2018-05-04  Tim Horton  <timothy_horton@apple.com>
723
724         Don't use GSFont* in minimal simulator mode
725         https://bugs.webkit.org/show_bug.cgi?id=185320
726         <rdar://problem/39734478>
727
728         Reviewed by Beth Dakin.
729
730         * page/cocoa/MemoryReleaseCocoa.mm:
731         (WebCore::platformReleaseMemory):
732
733 2018-05-04  Chris Dumez  <cdumez@apple.com>
734
735         Unreviewed, rolling out r231331.
736
737         Caused a few tests to assert
738
739         Reverted changeset:
740
741         "Stop using an iframe's id as fallback if its name attribute
742         is not set"
743         https://bugs.webkit.org/show_bug.cgi?id=11388
744         https://trac.webkit.org/changeset/231331
745
746 2018-05-04  Youenn Fablet  <youenn@apple.com>
747
748         Use more references in updateTracksOfType
749         https://bugs.webkit.org/show_bug.cgi?id=185305
750
751         Reviewed by Eric Carlson.
752
753         No change of behavior.
754
755         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
756         (WebCore::updateTracksOfType):
757         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks):
758
759 2018-05-04  Myles C. Maxfield  <mmaxfield@apple.com>
760
761         Text shaping in the simple path is flipped in the y direction
762         https://bugs.webkit.org/show_bug.cgi?id=185062
763         <rdar://problem/39778678>
764
765         Reviewed by Simon Fraser.
766
767         Shaping in our simple codepath occurs in an "increasing-y-goes-up" coordinate system, but our painting
768         code uses an "increasing-y-goes-down" coordinate system. We weren't fixing up the coordinate systems
769         because we never noticed. This is because the simple codepath is only designed for kerning and ligatures,
770         neither of which move glyphs vertically in the common case.
771
772         Test: fast/text/vertical-displacement-simple-codepath.html
773
774         * platform/graphics/Font.cpp:
775         (WebCore::Font::applyTransforms const):
776         * platform/graphics/WidthIterator.cpp:
777         (WebCore::WidthIterator::applyFontTransforms):
778
779 2018-05-04  Chris Nardi  <cnardi@chromium.org>
780
781         Serialize all URLs with double-quotes per CSSOM spec
782         https://bugs.webkit.org/show_bug.cgi?id=184935
783
784         Reviewed by Antti Koivisto.
785
786         According to https://drafts.csswg.org/cssom/#serialize-a-url, all URLs should be serialized as strings,
787         which means they should have double quotes around the text of the URL. Update our implementation to match
788         this (and Firefox/Chrome). Also remove isCSSTokenizerURL() as this method is no longer needed.
789
790         Tests: Many LayoutTests updated to use double quotes.
791
792         * css/CSSMarkup.cpp:
793         (WebCore::serializeString): Remove FIXME as this was already fixed in a previous patch.
794         (WebCore::serializeURL): Remove FIXME and update implementation.
795
796 2018-05-04  Youenn Fablet  <youenn@apple.com>
797
798         LayoutTests/fast/mediastream/change-tracks-media-stream-being-played.html is crashing after r231304
799         https://bugs.webkit.org/show_bug.cgi?id=185303
800
801         Reviewed by Eric Carlson.
802
803         We need to stop observing the audio track like we do for video track once we are no longer interested in it.
804         Covered by test no longer crashing.
805
806         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
807         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks):
808
809 2018-05-04  Zalan Bujtas  <zalan@apple.com>
810
811         [LFC] Set the invalidation root as the result of style change.
812         https://bugs.webkit.org/show_bug.cgi?id=185301
813
814         Reviewed by Antti Koivisto.
815
816         Compute/propagate the update type on the ancestor chain and return the invalidation root
817         so that LayoutContext could use it as the entry point for the next layout frame.
818
819         * layout/LayoutContext.cpp:
820         (WebCore::Layout::LayoutContext::updateLayout):
821         (WebCore::Layout::LayoutContext::styleChanged):
822         * layout/LayoutContext.h: order is not important.
823         * layout/blockformatting/BlockInvalidation.cpp:
824         (WebCore::Layout::invalidationStopsAtFormattingContextBoundary):
825         (WebCore::Layout::computeUpdateType):
826         (WebCore::Layout::computeUpdateTypeForAncestor):
827         (WebCore::Layout::BlockInvalidation::invalidate):
828         * layout/blockformatting/BlockInvalidation.h:
829         * layout/inlineformatting/InlineInvalidation.cpp:
830         (WebCore::Layout::InlineInvalidation::invalidate):
831         * layout/inlineformatting/InlineInvalidation.h:
832
833 2018-05-04  Youenn Fablet  <youenn@apple.com>
834
835         PeerConnection should have its connectionState closed even if doing gathering
836         https://bugs.webkit.org/show_bug.cgi?id=185267
837
838         Reviewed by Darin Adler.
839
840         Test: webrtc/addICECandidate-closed.html
841
842         In case m_iceConnectionState is closed, m_connectionState should also be set to closed
843         and RTCPeerConnection should be closed so as to reject any other call.
844
845         * Modules/mediastream/RTCPeerConnection.cpp:
846         (WebCore::RTCPeerConnection::close):
847         (WebCore::RTCPeerConnection::updateConnectionState):
848
849 2018-05-04  Yacine Bandou  <yacine.bandou_ext@softathome.com>
850
851         [MSE][GStreamer] Delete properly the stream from the WebKitMediaSource
852         https://bugs.webkit.org/show_bug.cgi?id=185242
853
854         Reviewed by Xabier Rodriguez-Calvar.
855
856         When the sourceBuffer is removed from mediasource, the appropriate stream is not
857         properly deleted from WebKitMediaSource, because the appsrc and parser elements
858         of the stream are not removed from the WebKitMediaSource bin.
859
860         This patch avoids the regression of r231089, see https://bugs.webkit.org/show_bug.cgi?id=185071
861
862         * platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp:
863         (webKitMediaSrcFreeStream):
864
865 2018-05-04  Carlos Garcia Campos  <cgarcia@igalia.com>
866
867         [GTK] Epiphany (GNOME Web) says "Error downloading: Service Unavailable." when trying to download an image from discogs.com
868         https://bugs.webkit.org/show_bug.cgi?id=174730
869
870         Reviewed by Michael Catanzaro.
871
872         Export ResourceRequestBase::hasHTTPHeaderField().
873
874         * platform/network/ResourceRequestBase.h:
875
876 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
877
878         Use subprocess.call instead of os.system to handle path with spaces
879         https://bugs.webkit.org/show_bug.cgi?id=185291
880
881         Reviewed by Darin Adler.
882
883         If gperf path includes spaces, these python scripts fail to execute gperf.
884         We use subprocess module instead of os.system to invoke gperf.
885
886         * css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
887         * css/makeSelectorPseudoElementsMap.py:
888         * platform/network/create-http-header-name-table:
889
890 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
891
892         Unreviewed, attempt to fix WinCairo build failure
893         https://bugs.webkit.org/show_bug.cgi?id=185218
894
895         * platform/text/win/LocaleWin.cpp:
896         (WebCore::LocaleWin::getLocaleInfoString):
897
898 2018-05-03  Filip Pizlo  <fpizlo@apple.com>
899
900         Strings should not be allocated in a gigacage
901         https://bugs.webkit.org/show_bug.cgi?id=185218
902
903         Reviewed by Saam Barati.
904
905         No new tests because no new behavior.
906
907         * Modules/indexeddb/server/IDBSerialization.cpp:
908         (WebCore::decodeKey):
909         * bindings/js/SerializedScriptValue.cpp:
910         (WebCore::CloneDeserializer::readString):
911         * html/canvas/CanvasRenderingContext2D.cpp:
912         (WebCore::normalizeSpaces):
913         * html/parser/HTMLTreeBuilder.cpp:
914         (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::takeRemainingWhitespace):
915         * platform/URLParser.cpp:
916         (WebCore::percentEncodeByte):
917         (WebCore::serializeURLEncodedForm):
918         (WebCore::URLParser::serialize):
919         * platform/URLParser.h:
920         * platform/graphics/FourCC.cpp:
921         (WebCore::FourCC::toString const):
922         * platform/graphics/ca/GraphicsLayerCA.cpp:
923         (WebCore::GraphicsLayerCA::ReplicaState::cloneID const):
924         * platform/text/LocaleICU.cpp:
925         (WebCore::LocaleICU::decimalSymbol):
926         (WebCore::LocaleICU::decimalTextAttribute):
927         (WebCore::getDateFormatPattern):
928         (WebCore::LocaleICU::createLabelVector):
929         (WebCore::getFormatForSkeleton):
930         * platform/win/FileSystemWin.cpp:
931         (WebCore::FileSystem::getFinalPathName):
932         (WebCore::FileSystem::pathByAppendingComponent):
933         (WebCore::FileSystem::storageDirectory):
934
935 2018-05-02  Brent Fulgham  <bfulgham@apple.com>
936
937         Widgets should hold a WeakPtr to their parents
938         https://bugs.webkit.org/show_bug.cgi?id=185239
939         <rdar://problem/39741250>
940
941         Reviewed by Zalan Bujtas.
942
943         * platform/ScrollView.h:
944         (WebCore::ScrollView::weakPtrFactory): Added.
945         * platform/Widget.cpp:
946         (WebCore::Widget::init): Don't perform an unnecessary assignment.
947         (WebCore::Widget::setParent): Grab a WeakPtr to the parent ScrollView.
948         * platform/Widget.h:
949         (WebCore::Widget::parent const): Change type to a WeakPtr.
950
951 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
952
953         Use pointer instead of std::optional<T&>
954         https://bugs.webkit.org/show_bug.cgi?id=185186
955
956         Reviewed by Alex Christensen.
957
958         std::optional<T&> is not accepted in C++17 spec.
959         In this patch, we replace it with T*, which is well-aligned to
960         WebKit's convention.
961
962         * Modules/mediastream/RTCPeerConnection.cpp:
963         (WebCore::iceServersFromConfiguration):
964         (WebCore::RTCPeerConnection::initializeConfiguration):
965         (WebCore::RTCPeerConnection::setConfiguration):
966         * css/parser/CSSParser.cpp:
967         (WebCore::CSSParser::parseSystemColor):
968         * css/parser/CSSParser.h:
969         * dom/DatasetDOMStringMap.cpp:
970         (WebCore::DatasetDOMStringMap::item const):
971         (WebCore::DatasetDOMStringMap::namedItem const):
972         (WebCore:: const): Deleted.
973         * dom/DatasetDOMStringMap.h:
974         * dom/Element.cpp:
975         (WebCore::Element::insertAdjacentHTML):
976         * dom/Element.h:
977         * html/canvas/CanvasStyle.cpp:
978         (WebCore::parseColor):
979         * inspector/DOMEditor.cpp:
980         * platform/network/curl/CurlFormDataStream.cpp:
981         (WebCore::CurlFormDataStream::getPostData):
982         (): Deleted.
983         * platform/network/curl/CurlFormDataStream.h:
984         * platform/network/curl/CurlRequest.cpp:
985         (WebCore::CurlRequest::setupPOST):
986         * testing/MockCDMFactory.cpp:
987         (WebCore::MockCDMFactory::keysForSessionWithID const):
988         (WebCore::MockCDMInstance::updateLicense):
989         (WebCore:: const): Deleted.
990         * testing/MockCDMFactory.h:
991
992 2018-05-03  Chris Dumez  <cdumez@apple.com>
993
994         Stop using an iframe's id as fallback if its name attribute is not set
995         https://bugs.webkit.org/show_bug.cgi?id=11388
996
997         Reviewed by Geoff Garen.
998
999         WebKit had logic to use an iframe's id as fallback name when its name
1000         content attribute is not set. This behavior was not standard and did not
1001         match other browsers:
1002         - https://html.spec.whatwg.org/#attr-iframe-name
1003
1004         Gecko / Trident never behaved this way. Blink was aligned with us until
1005         they started to match the specification in:
1006         - https://bugs.chromium.org/p/chromium/issues/detail?id=347169
1007
1008         This WebKit quirk was causing some Web-compatibility issues because it
1009         would affect the behavior of Window's name property getter when trying
1010         to look up an iframe by id. Because of Window's named property getter
1011         behavior [1], we would return the frame's contentWindow instead of the
1012         iframe element itself.
1013
1014         [1] https://html.spec.whatwg.org/multipage/window-object.html#named-access-on-the-window-object
1015
1016         Test: fast/dom/Window/named-getter-frame-id.html
1017
1018         * html/HTMLFrameElementBase.cpp:
1019         (WebCore::HTMLFrameElementBase::openURL):
1020         (WebCore::HTMLFrameElementBase::parseAttribute):
1021         (WebCore::HTMLFrameElementBase::didFinishInsertingNode):
1022         * html/HTMLFrameElementBase.h:
1023
1024 2018-05-03  Eric Carlson  <eric.carlson@apple.com>
1025
1026         [iOS] Internal text and audio tracks not in fullscreen menu
1027         https://bugs.webkit.org/show_bug.cgi?id=185268
1028         <rdar://problem/38673440>
1029
1030         Reviewed by Jer Noble.
1031
1032         * platform/cocoa/PlaybackSessionModelMediaElement.mm:
1033         (WebCore::PlaybackSessionModelMediaElement::setMediaElement): 'addtrack' and 'removetrack'
1034         events are fired at the track lists, not the media element.
1035
1036 2018-05-03  Ryosuke Niwa  <rniwa@webkit.org>
1037
1038         Using image map inside a shadow tree results hits a release assert in DocumentOrderedMap::add
1039         https://bugs.webkit.org/show_bug.cgi?id=185238
1040
1041         Reviewed by Antti Koivisto.
1042
1043         The bug was caused by DocumentOrderedMap for the image elements with usemap being stored in Document
1044         even if those image elements were in a shadow tree. Fixed the bug by moving the map to TreeScope.
1045
1046         Test: fast/images/imagemap-in-nested-shadow-tree.html
1047               fast/images/imagemap-in-shadow-tree.html
1048
1049         * dom/Document.cpp:
1050         (WebCore::Document::addImageElementByUsemap): Moved to TreeScope.
1051         (WebCore::Document::removeImageElementByUsemap): Ditto.
1052         (WebCore::Document::imageElementByUsemap const): Ditto.
1053         * dom/Document.h:
1054         * dom/TreeScope.cpp:
1055         (WebCore::TreeScope::destroyTreeScopeData): Clear m_imagesByUsemap as well as m_elementsByName.
1056         (WebCore::TreeScope::getImageMap const): Removed the code to parse usemap. RenderImage::imageMap()
1057         which used to call this function with the raw value of the usemap content attribute now calls it
1058         via HTMLImageElement::associatedMapElement(), which uses the parsed usemap.
1059         (WebCore::TreeScope::addImageElementByUsemap): Moved from Document.
1060         (WebCore::TreeScope::removeImageElementByUsemap): Ditto.
1061         (WebCore::TreeScope::imageElementByUsemap const): Ditto.
1062         * dom/TreeScope.h:
1063         * html/HTMLImageElement.cpp:
1064         (WebCore::HTMLImageElement::parseAttribute):
1065         (WebCore::HTMLImageElement::insertedIntoAncestor): This image element can be associated with a map element
1066         if it's connected to a document.
1067         (WebCore::HTMLImageElement::removedFromAncestor):
1068         (WebCore::HTMLImageElement::associatedMapElement const):
1069         * html/HTMLImageElement.h:
1070         * html/HTMLMapElement.cpp:
1071         (WebCore::HTMLMapElement::imageElement):
1072         * rendering/RenderImage.cpp:
1073         (WebCore::RenderImage::imageMap const):
1074
1075 2018-05-03  Justin Fan  <justin_fan@apple.com>
1076
1077         [WebGL] Add runtime flag for enabling ASTC support in WebGL
1078         https://bugs.webkit.org/show_bug.cgi?id=184840
1079
1080         Reviewed by Myles C. Maxfield.
1081
1082         Added runtime flag for ASTC support in WebGL, to turn on/off when extension is implemented.
1083
1084         * page/RuntimeEnabledFeatures.h:
1085         (WebCore::RuntimeEnabledFeatures::setWebGLCompressedTextureASTCSupportEnabled):
1086         (WebCore::RuntimeEnabledFeatures::webGLCompressedTextureASTCSupportEnabled const):
1087
1088 2018-05-03  Chris Nardi  <cnardi@chromium.org>
1089
1090         Remove [NoInterfaceObject] from DOMRectList
1091         https://bugs.webkit.org/show_bug.cgi?id=185255
1092
1093         Reviewed by Chris Dumez.
1094
1095         In https://github.com/w3c/fxtf-drafts/issues/233, [NoInterfaceObject] was removed
1096         from DOMRectList. Remove it from our implementation to match the spec, as well as
1097         Chrome and Firefox.
1098
1099         Updated web platform tests IDL test for the Geometry spec.
1100
1101         * dom/DOMRectList.idl:
1102
1103 2018-05-03  Chris Dumez  <cdumez@apple.com>
1104
1105         REGRESSION(iOS 11.3): Crashes in TimerBase::~TimerBase() in Tencent x5gamehelper
1106         https://bugs.webkit.org/show_bug.cgi?id=185073
1107         <rdar://problem/39821223>
1108
1109         Reviewed by Alexey Proskuryakov.
1110
1111         The following changes were made:
1112         - Make sure SocketStream callbacks are always scheduled on the right runloop:
1113           WebThreadRunLoop() on WebKitLegacy iOS, loaderRunLoop() on Windows and
1114           main runloop otherwise.
1115         - When the SocketStream callbacks are called, unconditionally call callOnMainThreadAndWait()
1116           before calling methods on the SocketStream client. Previously, this code path
1117           was specific to Windows but there is no reason to have platform-specific code here.
1118           callOnMainThreadAndWait() calls the function right away if we're already on the main
1119           thread, which will be the case on other platform than Windows.
1120
1121         * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
1122         (WebCore::callbacksRunLoop):
1123         (WebCore::callbacksRunLoopMode):
1124         (WebCore::SocketStreamHandleImpl::scheduleStreams):
1125         (WebCore::SocketStreamHandleImpl::pacExecutionCallback):
1126         (WebCore::SocketStreamHandleImpl::executePACFileURL):
1127         (WebCore::SocketStreamHandleImpl::removePACRunLoopSource):
1128         (WebCore::SocketStreamHandleImpl::readStreamCallback):
1129         (WebCore::SocketStreamHandleImpl::writeStreamCallback):
1130         (WebCore::SocketStreamHandleImpl::platformClose):
1131
1132 2018-05-03  Zalan Bujtas  <zalan@apple.com>
1133
1134         [LFC] Enable multiple layout roots for incremental layout.
1135         https://bugs.webkit.org/show_bug.cgi?id=185185
1136
1137         Reviewed by Antti Koivisto.
1138
1139         With certain type of style changes, we can stop the box invalidation at the formatting context boundary.
1140         When multiple boxes need updating in different formatting contexts, instead of marking the parent containing block chain all
1141         the way up to a common ancestor, we could just work with a list of layout entry points per layout frame.
1142
1143         * layout/FormattingState.h:
1144         * layout/LayoutContext.cpp:
1145         (WebCore::Layout::LayoutContext::updateLayout):
1146         (WebCore::Layout::LayoutContext::addLayoutEntryPoint):
1147         * layout/LayoutContext.h:
1148
1149 2018-05-03  Zalan Bujtas  <zalan@apple.com>
1150
1151         [LFC] Box invalidation logic should go to dedicated classes.
1152         https://bugs.webkit.org/show_bug.cgi?id=185249
1153
1154         Reviewed by Antti Koivisto.
1155
1156         Each formatting context can initiate a different type of invalidation when
1157         style attribute changes in a box.
1158
1159         * Sources.txt:
1160         * WebCore.xcodeproj/project.pbxproj:
1161         * layout/FormattingState.cpp:
1162         (WebCore::Layout::FormattingState::FormattingState):
1163         * layout/FormattingState.h:
1164         (WebCore::Layout::FormattingState::isBlockFormattingState const):
1165         (WebCore::Layout::FormattingState::isInlineFormattingState const):
1166         * layout/LayoutContext.cpp:
1167         (WebCore::Layout::LayoutContext::styleChanged):
1168         (WebCore::Layout::LayoutContext::markNeedsUpdate):
1169         * layout/LayoutContext.h:
1170         * layout/blockformatting/BlockFormattingState.cpp:
1171         (WebCore::Layout::BlockFormattingState::BlockFormattingState):
1172         * layout/blockformatting/BlockFormattingState.h:
1173         * layout/blockformatting/BlockInvalidation.cpp: Copied from Source/WebCore/layout/blockformatting/BlockFormattingState.cpp.
1174         (WebCore::Layout::BlockInvalidation::invalidate):
1175         * layout/blockformatting/BlockInvalidation.h: Copied from Source/WebCore/layout/inlineformatting/InlineFormattingState.h.
1176         * layout/inlineformatting/InlineFormattingState.cpp:
1177         (WebCore::Layout::InlineFormattingState::InlineFormattingState):
1178         * layout/inlineformatting/InlineFormattingState.h:
1179         * layout/inlineformatting/InlineInvalidation.cpp: Copied from Source/WebCore/layout/inlineformatting/InlineFormattingState.cpp.
1180         (WebCore::Layout::InlineInvalidation::invalidate):
1181         * layout/inlineformatting/InlineInvalidation.h: Copied from Source/WebCore/layout/blockformatting/BlockFormattingState.h.
1182
1183 2018-05-03  Michael Catanzaro  <mcatanzaro@igalia.com>
1184
1185         WebKit should send fake macOS user agent to docs.google.com
1186         https://bugs.webkit.org/show_bug.cgi?id=185165
1187
1188         Reviewed by Carlos Garcia Campos.
1189
1190         * platform/UserAgentQuirks.cpp:
1191         (WebCore::urlRequiresMacintoshPlatform):
1192         (WebCore::urlRequiresLinuxDesktopPlatform):
1193
1194 2018-05-03  Commit Queue  <commit-queue@webkit.org>
1195
1196         Unreviewed, rolling out r231223 and r231288.
1197         https://bugs.webkit.org/show_bug.cgi?id=185256
1198
1199         The change in r231223 breaks internal builds, and r231288 is a
1200         dependent change. (Requested by ryanhaddad on #webkit).
1201
1202         Reverted changesets:
1203
1204         "Use default std::optional if it is provided"
1205         https://bugs.webkit.org/show_bug.cgi?id=185159
1206         https://trac.webkit.org/changeset/231223
1207
1208         "Use pointer instead of
1209         std::optional<std::reference_wrapper<>>"
1210         https://bugs.webkit.org/show_bug.cgi?id=185186
1211         https://trac.webkit.org/changeset/231288
1212
1213 2018-05-03  Ryan Haddad  <ryanhaddad@apple.com>
1214
1215         Unreviewed, rolling out r231253.
1216
1217         The API test added with this change is crashing on the bots.
1218
1219         Reverted changeset:
1220
1221         "Web Inspector: opt out of process swap on navigation if a Web
1222         Inspector frontend is connected"
1223         https://bugs.webkit.org/show_bug.cgi?id=184861
1224         https://trac.webkit.org/changeset/231253
1225
1226 2018-05-03  Youenn Fablet  <youenn@apple.com>
1227
1228         A MediaStream being played should allow removing some of its tracks
1229         https://bugs.webkit.org/show_bug.cgi?id=185233
1230
1231         Reviewed by Eric Carlson.
1232
1233         Update the tracks out of the for loop.
1234         Test: fast/mediastream/change-tracks-media-stream-being-played.html
1235
1236         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
1237         (WebCore::updateTracksOfType):
1238
1239 2018-05-03  Miguel Gomez  <magomez@igalia.com>
1240
1241         WebCore::TextureMapperLayer object used after freed
1242         https://bugs.webkit.org/show_bug.cgi?id=184729
1243
1244         Reviewed by Michael Catanzaro.
1245
1246         Replace the raw pointers with WeakPtr for effectTarget, maskLayer and replicaLayer
1247         inside TextureMapperLayer.
1248
1249         * platform/graphics/texmap/TextureMapperLayer.cpp:
1250         (WebCore::TextureMapperLayer::~TextureMapperLayer):
1251         (WebCore::TextureMapperLayer::setMaskLayer):
1252         (WebCore::TextureMapperLayer::setReplicaLayer):
1253         * platform/graphics/texmap/TextureMapperLayer.h:
1254
1255 2018-05-03  Basuke Suzuki  <Basuke.Suzuki@sony.com>
1256
1257         [Curl] Add OpenSSL/LibreSSL multi-threading support
1258         https://bugs.webkit.org/show_bug.cgi?id=185138
1259
1260         The older OpenSSL manual says the locking_function and threadid_function should
1261         be set when use it in multi-threading environment. This applies to LibreSSL also.
1262         https://www.openssl.org/docs/man1.0.2/crypto/threads.html
1263
1264         For unix and other similar os, the default threadId_function implementation is
1265         good enough. We'll set custom callback only for Windows OS.
1266
1267         Note it's not required for OpenSSL 1.1.0 and after.
1268         https://www.openssl.org/blog/blog/2017/02/21/threads/
1269
1270         Reviewed by Per Arne Vollan.
1271
1272         * platform/network/curl/CurlSSLHandle.cpp:
1273         (WebCore::CurlSSLHandle::CurlSSLHandle):
1274         (WebCore::CurlSSLHandle::ThreadSupport::ThreadSupport):
1275         (WebCore::CurlSSLHandle::ThreadSupport::lockingCallback):
1276         (WebCore::CurlSSLHandle::ThreadSupport::threadIdCallback):
1277         * platform/network/curl/CurlSSLHandle.h:
1278         (WebCore::CurlSSLHandle::ThreadSupport::setup):
1279         (WebCore::CurlSSLHandle::ThreadSupport::singleton):
1280         (WebCore::CurlSSLHandle::ThreadSupport::lock):
1281         (WebCore::CurlSSLHandle::ThreadSupport::unlock):
1282
1283 2018-05-02  Ryosuke Niwa  <rniwa@webkit.org>
1284
1285         Remove superfluous check for a null attribute value check in Element::removeAttributeInternal
1286         https://bugs.webkit.org/show_bug.cgi?id=185227
1287
1288         Reviewed by Chris Dumez.
1289
1290         Removed the check. The attribute value string can never be null.
1291
1292         * dom/Element.cpp:
1293         (WebCore::Element::removeAttributeInternal):
1294
1295 2018-05-02  Zalan Bujtas  <zalan@apple.com>
1296
1297         [LFC] Implement LayoutContext::createDisplayBox
1298         https://bugs.webkit.org/show_bug.cgi?id=185158
1299
1300         Reviewed by Antti Koivisto.
1301
1302         Now compute*() functions take both the const layout and the corresponding non-const display boxes.
1303         Display boxes are owned by the LayoutContext and they don't form a tree structure (only implicitly through the layout tree).
1304         (This might need to change in the future if we decide to arrange them in some sort of painting order)
1305
1306         * layout/FloatingContext.cpp:
1307         (WebCore::Layout::FloatingContext::computePosition):
1308         * layout/FloatingContext.h:
1309         * layout/FormattingContext.cpp:
1310         (WebCore::Layout::FormattingContext::computeStaticPosition const):
1311         (WebCore::Layout::FormattingContext::computeInFlowPositionedPosition const):
1312         (WebCore::Layout::FormattingContext::computeOutOfFlowPosition const):
1313         (WebCore::Layout::FormattingContext::computeWidth const):
1314         (WebCore::Layout::FormattingContext::computeHeight const):
1315         (WebCore::Layout::FormattingContext::computeOutOfFlowWidth const):
1316         (WebCore::Layout::FormattingContext::computeFloatingWidth const):
1317         (WebCore::Layout::FormattingContext::computeOutOfFlowHeight const):
1318         (WebCore::Layout::FormattingContext::computeFloatingHeight const):
1319         * layout/FormattingContext.h:
1320         * layout/LayoutContext.cpp:
1321         (WebCore::Layout::LayoutContext::createDisplayBox):
1322         * layout/LayoutContext.h:
1323         (WebCore::Layout::LayoutContext::displayBoxForLayoutBox const):
1324         * layout/blockformatting/BlockFormattingContext.cpp:
1325         (WebCore::Layout::BlockFormattingContext::layout const):
1326         (WebCore::Layout::BlockFormattingContext::computeStaticPosition const):
1327         (WebCore::Layout::BlockFormattingContext::computeInFlowWidth const):
1328         (WebCore::Layout::BlockFormattingContext::computeInFlowHeight const):
1329         * layout/blockformatting/BlockFormattingContext.h:
1330         * layout/displaytree/DisplayBox.h:
1331         (WebCore::Display::Box::parent const): Deleted.
1332         (WebCore::Display::Box::nextSibling const): Deleted.
1333         (WebCore::Display::Box::previousSibling const): Deleted.
1334         (WebCore::Display::Box::firstChild const): Deleted.
1335         (WebCore::Display::Box::lastChild const): Deleted.
1336         (WebCore::Display::Box::setParent): Deleted.
1337         (WebCore::Display::Box::setNextSibling): Deleted.
1338         (WebCore::Display::Box::setPreviousSibling): Deleted.
1339         (WebCore::Display::Box::setFirstChild): Deleted.
1340         (WebCore::Display::Box::setLastChild): Deleted.
1341         (): Deleted.
1342         * layout/inlineformatting/InlineFormattingContext.cpp:
1343         (WebCore::Layout::InlineFormattingContext::computeInFlowWidth const):
1344         (WebCore::Layout::InlineFormattingContext::computeInFlowHeight const):
1345         * layout/inlineformatting/InlineFormattingContext.h:
1346
1347 2018-05-02  Said Abou-Hallawa  <sabouhallawa@apple.com>
1348
1349         Hiding then showing an <object> of type image makes the underlaying image disappear
1350         https://bugs.webkit.org/show_bug.cgi?id=185216
1351         <rdar://problem/39055630>
1352
1353         Reviewed by Youenn Fablet.
1354
1355         Ensure the HTMLPlugInImageElement updates the RenderImageResource of its
1356         RenderImage with the CachedImage of its ImageLoader when the RenderImage
1357         is recreated.
1358
1359         Test: fast/images/object-image-hide-show.html
1360
1361         * html/HTMLPlugInImageElement.cpp:
1362         (WebCore::HTMLPlugInImageElement::didAttachRenderers):
1363         This is very similar to what we do in HTMLImageElement::didAttachRenderers().
1364
1365
1366 2018-05-02  Brent Fulgham  <bfulgham@apple.com>
1367
1368         Use RetainPtr for form input type
1369         https://bugs.webkit.org/show_bug.cgi?id=185210
1370         <rdar://problem/39734040>
1371
1372         Reviewed by Ryosuke Niwa.
1373
1374         Refactor our HTMLInputElement class to store its InputType member as a RefPtr.
1375
1376         Test: fast/forms/access-key-mutation-2.html.
1377
1378         * html/HTMLInputElement.cpp:
1379         (WebCore::HTMLInputElement::HTMLInputElement):
1380         (WebCore::HTMLInputElement::didAddUserAgentShadowRoot):
1381         (WebCore::HTMLInputElement::accessKeyAction):
1382         (WebCore::HTMLInputElement::parseAttribute):
1383         (WebCore::HTMLInputElement::appendFormData):
1384         * html/HTMLInputElement.h:
1385         * html/InputType.cpp:
1386         (WebCore::createInputType):
1387         (WebCore::InputType::create):
1388         (WebCore::InputType::createText):
1389         * html/InputType.h:
1390
1391 2018-05-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1392
1393         Use pointer instead of std::optional<std::reference_wrapper<>>
1394         https://bugs.webkit.org/show_bug.cgi?id=185186
1395
1396         Reviewed by Alex Christensen.
1397
1398         std::optional<T&> is not accepted in C++17 spec. So we replaced it
1399         with std::optional<std::reference_wrapper<T>>.
1400
1401         In this patch, we replace it with T*, which is well-aligned to
1402         WebKit's convention.
1403
1404         * Modules/mediastream/RTCPeerConnection.cpp:
1405         (WebCore::iceServersFromConfiguration):
1406         (WebCore::RTCPeerConnection::initializeConfiguration):
1407         (WebCore::RTCPeerConnection::setConfiguration):
1408         * css/parser/CSSParser.cpp:
1409         (WebCore::CSSParser::parseSystemColor):
1410         * css/parser/CSSParser.h:
1411         * dom/DatasetDOMStringMap.cpp:
1412         (WebCore::DatasetDOMStringMap::item const):
1413         (WebCore::DatasetDOMStringMap::namedItem const):
1414         * dom/DatasetDOMStringMap.h:
1415         * dom/Element.cpp:
1416         (WebCore::Element::insertAdjacentHTML):
1417         * dom/Element.h:
1418         * html/canvas/CanvasStyle.cpp:
1419         (WebCore::parseColor):
1420         * inspector/DOMEditor.cpp:
1421         * platform/network/curl/CurlFormDataStream.cpp:
1422         (WebCore::CurlFormDataStream::getPostData):
1423         * platform/network/curl/CurlFormDataStream.h:
1424         * platform/network/curl/CurlRequest.cpp:
1425         (WebCore::CurlRequest::setupPOST):
1426         * testing/MockCDMFactory.cpp:
1427         (WebCore::MockCDMFactory::keysForSessionWithID const):
1428         (WebCore::MockCDMInstance::updateLicense):
1429         * testing/MockCDMFactory.h:
1430
1431 2018-05-02  Keith Rollin  <krollin@apple.com>
1432
1433         Add facility for tracking times and results of page and resource loading
1434         https://bugs.webkit.org/show_bug.cgi?id=184838
1435         <rdar://problem/36548974>
1436
1437         Reviewed by Brent Fulgham.
1438
1439         Update FrameProgressTracker to send the necessary page load start/stop
1440         signals so that we can track the entire page load at a network level.
1441         Add an empty override of the pure virtual
1442         LoaderStrategy::pageLoadCompleted method.
1443
1444         No new tests. There is no testable effect from these changes. On
1445         Cocoa, measurable changes take place in another (non-WebKit) process.
1446         On non-Cocoa systems, this facility is currently disabled.
1447
1448         * loader/FrameLoader.cpp:
1449         (WebCore::FrameLoader::FrameProgressTracker::progressCompleted):
1450         * loader/LoaderStrategy.h:
1451
1452 2018-05-02  Aditya Keerthi  <akeerthi@apple.com>
1453
1454         Can't copy and paste URLs that have no title into Mail (macOS)
1455         https://bugs.webkit.org/show_bug.cgi?id=185205
1456         <rdar://problem/36352406>
1457
1458         Reviewed by Tim Horton.
1459
1460         The pasteboardURL generated has an empty title for URLs without titles. Currently, the pasteboardURL.title is being saved to the pasteboard.
1461
1462         To fix the error, we check whether the title is empty and instead save the lastPathComponent to the pasteboard. This matches current behavior as the fallback title.
1463
1464         Augmented WebKitLegacy.ContextMenuCanCopyURL test
1465
1466         * platform/mac/PasteboardMac.mm:
1467         (WebCore::writeURLForTypes):
1468
1469 2018-05-01  Ryosuke Niwa  <rniwa@webkit.org>
1470
1471         REGRESSION(r225868): Release assert when removing an SVGUseElement from Document::m_svgUseElements
1472         https://bugs.webkit.org/show_bug.cgi?id=182188
1473         <rdar://problem/36689240>
1474
1475         Reviewed by Antti Koivisto.
1476
1477         Fixed the crash by removing up the release assert.
1478
1479         The crash is likely caused by re-entrancy to Document::resolveStyle during SVGUseElement::updateShadowTree.
1480         Because Document::resolveStyle invokes updateShadowTree on SVG use elements in Document::m_svgUseElements
1481         without clearing the map, the nested call to resolveStyle ends up calling updateShadowTree() for all elements
1482         in m_svgUseElements and removing them all from the map. When the stack frame eventually comes back to the outer
1483         invocation of Document::resolveStyle, updateShadowTree gets invoked for the second time on SVG use elements
1484         whose shadow tree had already been updated within the inner invocation to updateShadowTree, and release-asserts.
1485
1486         There is an alternative fix: avoid calling updateShadowTree on a svg element when shadowTreeNeedsUpdate returns
1487         true on the element in resolveStyle. However, removing the release assert is a sure way to fix the crash so
1488         this patch opts for that fix instead especially since we don't have any reproducible test case for this crash.
1489
1490         This release assertion was added in r225868 as a cautious measure to catch any use-after-frees of SVGUseElement's
1491         since m_svgUseElements stored raw pointes to SVG use elements but this crash is not an indicative of any UAF,
1492         and there is no evidence that r225868 has led to new UAFs even after five months.
1493
1494         No new tests. I couldn't find a way to trigger a nested style update inside SVGUseElement::updateShadowTree.
1495
1496         * dom/Document.cpp:
1497         (WebCore::Document::removeSVGUseElement):
1498
1499 2018-05-02  Dirk Schulze  <dschulze@chromium.org>
1500
1501         getCharNumAtPosition should take DOMPointInit as argument
1502         https://bugs.webkit.org/show_bug.cgi?id=184695
1503
1504         Reviewed by Antti Koivisto.
1505
1506         Extend existing tests for getCharNumAtPosition.
1507
1508         * svg/SVGTextContentElement.cpp:
1509         (WebCore::SVGTextContentElement::getCharNumAtPosition):
1510         * svg/SVGTextContentElement.h:
1511         * svg/SVGTextContentElement.idl: Use DOMPointInit argument.
1512
1513 2018-05-02  Youenn Fablet  <youenn@apple.com>
1514
1515         Use NetworkLoadChecker for navigation loads
1516         https://bugs.webkit.org/show_bug.cgi?id=184892
1517         <rdar://problem/39652686>
1518
1519         Reviewed by Chris Dumez.
1520
1521         Sanitize headers according response tainting.
1522         If tainting is basic, it means same origin load in which case we only filter Cookie related headers.
1523         If tainting is Opaque, we filter all uncommon headers.
1524         If tainting is CORS, we filter all uncommon headers except the one explicitely allowed by CORS headers.
1525         Covered by updated test.
1526
1527         * platform/network/ResourceResponseBase.cpp:
1528         (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting):
1529         (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFields):
1530         * platform/network/ResourceResponseBase.h:
1531
1532 2018-05-02  Myles C. Maxfield  <mmaxfield@apple.com>
1533
1534         Collection fragment identifiers don't use PostScript names
1535         https://bugs.webkit.org/show_bug.cgi?id=184624
1536         <rdar://problem/39432089>
1537
1538         Reviewed by Simon Fraser.
1539
1540         In a previous version of the CSS Fonts spec, there was text saying that items in font collections
1541         should be 1-indexed (so the first item would be MyFonts.ttc#1). However, this is unfortunate because
1542         inserting an item into the middle of a collection would throw off all content that uses the file.
1543         Instead, the spec has since changed to use PostScript names (so the content instead would say
1544         MyFonts.ttc#MyFont-Regular).
1545
1546         Test: fast/text/font-collection.html
1547
1548         * css/CSSFontFaceSource.cpp:
1549         (WebCore::CSSFontFaceSource::load):
1550         * loader/cache/CachedFont.cpp:
1551         (WebCore::CachedFont::calculateItemInCollection const):
1552         (WebCore::CachedFont::ensureCustomFontData):
1553         (WebCore::CachedFont::createCustomFontData):
1554         (WebCore::CachedFont::calculateIndex const): Deleted.
1555         * loader/cache/CachedFont.h:
1556         * platform/graphics/mac/FontCustomPlatformData.cpp:
1557         (WebCore::createFontCustomPlatformData):
1558         * platform/graphics/mac/FontCustomPlatformData.h:
1559
1560 2018-05-02  Brian Burg  <bburg@apple.com>
1561
1562         Web Inspector: opt out of process swap on navigation if a Web Inspector frontend is connected
1563         https://bugs.webkit.org/show_bug.cgi?id=184861
1564         <rdar://problem/39153768>
1565
1566         Reviewed by Ryosuke Niwa.
1567
1568         Notify the client of the current connection count whenever a frontend connects or disconnects.
1569
1570         Covered by new API test.
1571
1572         * inspector/InspectorClient.h:
1573         (WebCore::InspectorClient::frontendCountChanged):
1574         * inspector/InspectorController.cpp:
1575         (WebCore::InspectorController::connectFrontend):
1576         (WebCore::InspectorController::disconnectFrontend):
1577         (WebCore::InspectorController::disconnectAllFrontends):
1578         * inspector/InspectorController.h:
1579
1580 2018-05-02  Carlos Alberto Lopez Perez  <clopez@igalia.com>
1581
1582         [GStreamer] Remove unneeded include of gstgldisplay_wayland.h after r228866 and r229022
1583         https://bugs.webkit.org/show_bug.cgi?id=185207
1584
1585         Reviewed by Michael Catanzaro.
1586
1587         Remove unneeded include of gstgldisplay_wayland.h
1588
1589         No new tests, no change in behaviour.
1590
1591         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1592
1593 2018-05-02  Chris Dumez  <cdumez@apple.com>
1594
1595         document.open() event listener removal is not immediate
1596         https://bugs.webkit.org/show_bug.cgi?id=185191
1597
1598         Reviewed by Darin Adler.
1599
1600         We need to make sure we set the 'wasremoved' flag on RegisteredEventListeners
1601         whenever they get removed from the EventListenerMap. We were doing so correctly
1602         in EventListenerMap:remove() but not EventListenerMap::clear(). This patch
1603         updates clear() accordingly.
1604
1605         The reason we need to set this flag is that RegisteredEventListeners is RefCounted
1606         and EventTarget::fireEventListeners() may be currently running and calling
1607         each listener one by one, holding a reference to all listener of a given event.
1608
1609         Test: fast/dom/Document/document-open-removes-all-listeners.html
1610
1611         * dom/EventListenerMap.cpp:
1612         (WebCore::EventListenerMap::clear):
1613
1614 2018-05-02  Zalan Bujtas <zalan@apple.com>
1615
1616         Use WeakPtr in GridCell
1617         https://bugs.webkit.org/show_bug.cgi?id=185180
1618         <rdar://problem/39432165>
1619
1620         Reviewed by Antti Koivisto.
1621
1622         Since GridCell does not own the renderers, it should
1623         construct weak pointers.
1624
1625         Unable to create a reliably reproducible test case.
1626
1627         * rendering/Grid.cpp:
1628         (WebCore::Grid::insert):
1629         (WebCore::GridIterator::nextGridItem):
1630         * rendering/Grid.h:
1631         * rendering/RenderGrid.cpp:
1632         (WebCore::RenderGrid::firstLineBaseline const):
1633
1634 2018-05-02  Eric Carlson  <eric.carlson@apple.com>
1635
1636         [iOS] Provide audio route information when invoking AirPlay picker
1637         https://bugs.webkit.org/show_bug.cgi?id=185199
1638         <rdar://problem/39853103>
1639
1640         Reviewed by Jer Noble.
1641
1642         No new tests, this requires a specific hardware setup.
1643
1644         * dom/Document.cpp:
1645         (WebCore::Document::showPlaybackTargetPicker): Pass route sharing policy and routing context UID.
1646         * dom/Document.h:
1647
1648         * html/MediaElementSession.cpp:
1649         (WebCore::MediaElementSession::showPlaybackTargetPicker): Ditto.
1650
1651         * loader/EmptyClients.h:
1652         * page/ChromeClient.h:
1653
1654         * page/Page.cpp:
1655         (WebCore::Page::showPlaybackTargetPicker): Ditto.
1656         * page/Page.h:
1657
1658         * platform/audio/AudioSession.cpp:
1659         (WebCore::AudioSession::routeSharingPolicy const): Empty implementation for non-iOS ports.
1660         (WebCore::routingContextUID const): Ditto.
1661         * platform/audio/AudioSession.h:
1662
1663         * platform/audio/ios/AudioSessionIOS.mm:
1664         (WebCore::AudioSession::routeSharingPolicy const): Return the route sharing policy.
1665         (WebCore::AudioSession::routingContextUID const): Return the route context UID.
1666
1667 2018-05-02  Dean Jackson  <dino@apple.com>
1668
1669         Draw SystemPreview badge to specification on iOS
1670         https://bugs.webkit.org/show_bug.cgi?id=185203
1671         <rdar://problem/39908855>
1672
1673         Reviewed by Tim Horton.
1674
1675         Use CoreImage to render a badge with a blurred background,
1676         at particular sizes.
1677
1678         This will be tested internally while we're getting artwork
1679         from WebKitAdditions.
1680
1681         * Configurations/WebCore.xcconfig: Link against CoreImage.
1682         * rendering/RenderThemeIOS.h:
1683         * rendering/RenderThemeIOS.mm:
1684         (WebCore::RenderThemeIOS::paintSystemPreviewBadge): New function
1685         in the iOS platform RenderTheme that draws the system preview.
1686
1687 2018-05-01  Brent Fulgham  <bfulgham@apple.com>
1688
1689         Prevent Debug ASSERT when changing forms
1690         https://bugs.webkit.org/show_bug.cgi?id=185173
1691         <rdar://problem/39738669>
1692
1693         Reviewed by Ryosuke Niwa.
1694
1695         Form submission could trigger a debug assertion during validation when
1696         a form is changed during an input submission. Fix this by cleaning up
1697         the event handling logic and make it more consistent with modern WebKit
1698         coding style.
1699
1700         Test: fast/forms/form-submission-crash-3.html
1701
1702         * html/HTMLButtonElement.cpp:
1703         (WebCore::HTMLButtonElement::defaultEventHandler): Make sure layout runs before
1704         attempting to perform event handling.
1705         * html/HTMLFormElement.cpp:
1706         (WebCore::HTMLFormElement::reportValidity): Ditto.
1707         (WebCore::HTMLFormElement::validateInteractively): Remove call to perform layout here,
1708         since we expect this to happen earlier in the layout pass. Add an assertion that the
1709         tree is not dirty.
1710         * html/ImageInputType.cpp:
1711         (WebCore::ImageInputType::handleDOMActivateEvent): Make sure layout runs before
1712         attempting to perform event handling.
1713         * html/SubmitInputType.cpp:
1714         (WebCore::SubmitInputType::handleDOMActivateEvent): Ditto.
1715
1716 2018-05-02  Jer Noble  <jer.noble@apple.com>
1717
1718         Unreviewed; address review comments made before landing r231231.
1719
1720         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
1721         (VideoFullscreenControllerContext::volume const):
1722
1723 2018-05-02  Jer Noble  <jer.noble@apple.com>
1724
1725         Pipe volume through PlaybackSessionManager/Proxy.
1726         https://bugs.webkit.org/show_bug.cgi?id=185182
1727
1728         Reviewed by Eric Carlson.
1729
1730         Add support for the volume property to PlaybackSessionModel, and all its clients.
1731
1732         * platform/cocoa/PlaybackSessionModel.h:
1733         (WebCore::PlaybackSessionModelClient::volumeChanged):
1734         * platform/cocoa/PlaybackSessionModelMediaElement.h:
1735         * platform/cocoa/PlaybackSessionModelMediaElement.mm:
1736         (WebCore::PlaybackSessionModelMediaElement::updateForEventName):
1737         (WebCore::PlaybackSessionModelMediaElement::setVolume):
1738         (WebCore::PlaybackSessionModelMediaElement::volume const):
1739         * platform/ios/PlaybackSessionInterfaceAVKit.h:
1740         * platform/ios/PlaybackSessionInterfaceAVKit.mm:
1741         (WebCore::PlaybackSessionInterfaceAVKit::volumeChanged):
1742         * platform/ios/WebAVPlayerController.h:
1743         * platform/ios/WebAVPlayerController.mm:
1744         (-[WebAVPlayerController volume]):
1745         (-[WebAVPlayerController setVolume:]):
1746         (-[WebAVPlayerController volumeChanged:]):
1747         (-[WebAVPlayerController resetMediaState]):
1748         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
1749         (VideoFullscreenControllerContext::volumeChanged):
1750         (VideoFullscreenControllerContext::volume const):
1751         (VideoFullscreenControllerContext::setVolume):
1752
1753 2018-05-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1754
1755         Unreviewed, fix build in WinCairo
1756         https://bugs.webkit.org/show_bug.cgi?id=185169
1757
1758         * bindings/js/JSDOMWindowBase.cpp:
1759         (WebCore::JSDOMWindowBase::instantiateStreaming):
1760         * bindings/js/JSDOMWindowBase.h:
1761
1762 2018-05-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1763
1764         Use default std::optional if it is provided
1765         https://bugs.webkit.org/show_bug.cgi?id=185159
1766
1767         Reviewed by JF Bastien.
1768
1769         * Modules/mediastream/RTCPeerConnection.cpp:
1770         (WebCore::iceServersFromConfiguration):
1771         (WebCore::RTCPeerConnection::setConfiguration):
1772         * css/parser/CSSParser.cpp:
1773         (WebCore::CSSParser::parseSystemColor):
1774         * css/parser/CSSParser.h:
1775         * dom/DatasetDOMStringMap.cpp:
1776         (WebCore::DatasetDOMStringMap::item const):
1777         (WebCore::DatasetDOMStringMap::namedItem const):
1778         (WebCore:: const): Deleted.
1779         * dom/DatasetDOMStringMap.h:
1780         * dom/Element.cpp:
1781         (WebCore::Element::insertAdjacentHTML):
1782         * dom/Element.h:
1783         * inspector/DOMEditor.cpp:
1784         * platform/network/curl/CurlFormDataStream.cpp:
1785         (WebCore::CurlFormDataStream::getPostData):
1786         (): Deleted.
1787         * platform/network/curl/CurlFormDataStream.h:
1788         * testing/MockCDMFactory.cpp:
1789         (WebCore::MockCDMFactory::keysForSessionWithID const):
1790         (WebCore::MockCDMInstance::updateLicense):
1791         (WebCore:: const): Deleted.
1792         * testing/MockCDMFactory.h:
1793
1794 2018-05-01  Chris Dumez  <cdumez@apple.com>
1795
1796         Add release assertions in CFNetwork's SocketStreamHandleImpl to help debug a threading issue
1797         https://bugs.webkit.org/show_bug.cgi?id=185181
1798
1799         Reviewed by Geoffrey Garen.
1800
1801         Add release assertions in CFNetwork's SocketStreamHandleImpl to help debug a threading issue
1802         on iOS WebKitLegacy (Bug 185073). It appears readStreamCallback() can get called on the UIThread,
1803         which should not be possible if scheduleStreams() was called on the WebThread, as it is supposed
1804         to. The new release assertion in scheduleStreams() should tell us if somebody is calling it from
1805         the UIthread instead of the WebThread on iOS WebKitLegacy.
1806
1807         * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
1808         (WebCore::SocketStreamHandleImpl::scheduleStreams):
1809         (WebCore::SocketStreamHandleImpl::readStreamCallback):
1810
1811 2018-05-01  Wenson Hsieh  <wenson_hsieh@apple.com>
1812
1813         Unreviewed, remove an unused variable in RuntimeEnabledFeatures.h
1814
1815         * page/RuntimeEnabledFeatures.h:
1816
1817 2018-05-01  Oleksandr Skachkov  <gskachkov@gmail.com>
1818
1819         Fix build error after r231194
1820         https://bugs.webkit.org/show_bug.cgi?id=185169
1821
1822         Reviewed by JF Bastien.
1823
1824         Prevent compile error in iOS Simulator debug build
1825         by tagging function
1826
1827         * bindings/js/JSDOMWindowBase.cpp:
1828         (WebCore::JSDOMWindowBase::compileStreaming):
1829         (WebCore::JSDOMWindowBase::instantiateStreaming):
1830
1831 2018-05-01  Oleksandr Skachkov  <gskachkov@gmail.com>
1832
1833         WebAssembly: add support for stream APIs - JavaScript API
1834         https://bugs.webkit.org/show_bug.cgi?id=183442
1835
1836         Reviewed by Yusuke Suzuki and JF Bastien.
1837
1838         Add WebAssembly streaming API to WebCore.
1839
1840         * Configurations/FeatureDefines.xcconfig:
1841         * bindings/js/JSDOMWindowBase.cpp:
1842         (WebCore::tryAllocate):
1843         (WebCore::isResponseCorrect):
1844         (WebCore::handleResponseOnStreamingAction):
1845         (WebCore::JSDOMWindowBase::compileStreaming):
1846         (WebCore::JSDOMWindowBase::instantiateStreaming):
1847         * bindings/js/JSDOMWindowBase.h:
1848         * bindings/js/JSRemoteDOMWindowBase.cpp:
1849         * bindings/js/JSWorkerGlobalScopeBase.cpp:
1850
1851 2018-04-30  Myles C. Maxfield  <mmaxfield@apple.com>
1852
1853         Improve the performance of FontCascadeDescription's effectiveFamilies
1854         https://bugs.webkit.org/show_bug.cgi?id=184720
1855         <rdar://problem/38970927>
1856
1857         Reviewed by Simon Fraser.
1858
1859         The page that had the performance problem renders many different Chinese characters in system-ui
1860         with only a small number of individual fonts. It turns out we were calling into the system-ui
1861         machinery for each character in order to opportunistically start loading data URLs (see also:
1862         https://bugs.webkit.org/show_bug.cgi?id=175845). These data URLS will never represent the system
1863         font, so we don't need to invoke the system-ui machinery at all.
1864
1865         This patch makes a 92x performance improvement on the associated performance test. This test is
1866         designed to test Chinese text rendered with system-ui.
1867
1868         Performance test: Layout/system-ui.html
1869
1870         * platform/graphics/FontCascadeFonts.cpp:
1871         (WebCore::opportunisticallyStartFontDataURLLoading):
1872
1873 2018-04-30  Jer Noble  <jer.noble@apple.com>
1874
1875         <img src=mp4> does not display on ios despite Accept: video/* advertisement
1876         https://bugs.webkit.org/show_bug.cgi?id=185029
1877         <rdar://problem/39771989>
1878
1879         Reviewed by Eric Carlson.
1880
1881         Returning "NO" from resourceLoader:shouldWaitForLoadingOfResource: signals that the load failed,
1882         even if the resource request is successfully fulfilled prior to the return. Always return YES in
1883         the case that loading succeeded.
1884
1885         * platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.mm:
1886         (-[WebCoreSharedBufferResourceLoaderDelegate resourceLoader:shouldWaitForLoadingOfRequestedResource:]):
1887
1888 2018-04-30  Zalan Bujtas  <zalan@apple.com>
1889
1890         REGRESSION(r230914) Selecting text on this apple.com page makes it vanish
1891         https://bugs.webkit.org/show_bug.cgi?id=185142
1892         <rdar://problem/39821446>
1893
1894         Reviewed by Simon Fraser.
1895
1896         Set the overflow rect on the inline textbox when needed.
1897
1898         Test: fast/text/simple-line-layout-selection-with-overflow.html
1899
1900         * rendering/SimpleLineLayoutFunctions.cpp:
1901         (WebCore::SimpleLineLayout::initializeInlineTextBox):
1902         (WebCore::SimpleLineLayout::generateLineBoxTree):
1903         (WebCore::SimpleLineLayout::initializeInlineBox): Deleted.
1904
1905 2018-04-30  JF Bastien  <jfbastien@apple.com>
1906
1907         Use some C++17 features
1908         https://bugs.webkit.org/show_bug.cgi?id=185135
1909
1910         Reviewed by Alex Christensen.
1911
1912         As discussed here [0] let's move WebKit to a subset of C++17. We
1913         now require GCC 6 [1] which means that, according to [2] we can
1914         use the following C++17 language features (I removed some
1915         uninteresting ones):
1916
1917          - New auto rules for direct-list-initialization
1918          - static_assert with no message
1919          - typename in a template template parameter
1920          - Nested namespace definition
1921          - Attributes for namespaces and enumerators
1922          - u8 character literals
1923          - Allow constant evaluation for all non-type template arguments
1924          - Fold Expressions
1925          - Unary fold expressions and empty parameter packs
1926          - __has_include in preprocessor conditional
1927          - Differing begin and end types in range-based for
1928          - Improving std::pair and std::tuple
1929
1930         Consult the Tony Tables [3] to see before / after examples.
1931
1932         Of course we can use any library feature if we're willing to
1933         import them to WTF (and they don't require language support).
1934
1935
1936           [0]: https://lists.webkit.org/pipermail/webkit-dev/2018-March/029922.html
1937           [1]: https://trac.webkit.org/changeset/231152/webkit
1938           [2]: https://en.cppreference.com/w/cpp/compiler_support
1939           [3]: https://github.com/tvaneerd/cpp17_in_TTs/blob/master/ALL_IN_ONE.md
1940
1941         * DerivedSources.make:
1942         * platform/URLParser.cpp: work around an odd GCC 6 bug with class
1943           static value as a template parameter.
1944         (WebCore::URLParser::percentDecode):
1945         (WebCore::URLParser::domainToASCII):
1946         (WebCore::URLParser::hasForbiddenHostCodePoint):
1947         (WebCore::URLParser::parseHostAndPort):
1948         * platform/URLParser.h:
1949
1950 2018-04-30  Wenson Hsieh  <wenson_hsieh@apple.com>
1951
1952         [Extra zoom mode] Respect the existing shrink-to-fit attribute instead of using min-device-width
1953         https://bugs.webkit.org/show_bug.cgi?id=185132
1954         <rdar://problem/39834562>
1955
1956         Reviewed by Tim Horton.
1957
1958         Removes the `min-device-width` attribute added in r231095. Instead, we key this behavior off of the
1959         `shrink-to-fit` attribute introduced for multitasking on iPad, such that `shrink-to-fit=no` achieves the same
1960         behavior as `min-device-width=0` in extra zoom mode. See comments below for more detail.
1961
1962         Adjusted an existing layout test: fast/viewport/extrazoom/viewport-change-min-device-width.html.
1963
1964         * dom/ViewportArguments.cpp:
1965         (WebCore::setViewportFeature):
1966         (WebCore::operator<<):
1967         * dom/ViewportArguments.h:
1968
1969         Removes the `minDeviceWidth` viewport argument.
1970
1971         * page/RuntimeEnabledFeatures.h:
1972         (WebCore::RuntimeEnabledFeatures::setMinDeviceWidthEnabled): Deleted.
1973         (WebCore::RuntimeEnabledFeatures::minDeviceWidthEnabled const): Deleted.
1974
1975         Removes the runtime switch for `min-device-width`.
1976
1977         * page/ViewportConfiguration.cpp:
1978         (WebCore::platformDeviceWidthOverride):
1979
1980         Hard-code the override device width in extra zoom mode.
1981
1982         (WebCore::ViewportConfiguration::shouldOverrideDeviceWidthAndShrinkToFit const):
1983
1984         In extra zoom mode, override the device width only if shrink-to-fit has not been expliticly disabled, and the
1985         device width is less than the override device width.
1986
1987         (WebCore::ViewportConfiguration::shouldIgnoreHorizontalScalingConstraints const):
1988         (WebCore::ViewportConfiguration::shouldIgnoreScalingConstraintsRegardlessOfContentSize const):
1989         (WebCore::ViewportConfiguration::updateConfiguration):
1990         (WebCore::ViewportConfiguration::updateMinimumLayoutSize):
1991
1992         Do not override the minimum layout size if `shrink-to-fit` has been explicitly explicitly disabled, or if the
1993         device width is greater than the override device width.
1994
1995         (WebCore::computedMinDeviceWidth): Deleted.
1996         (WebCore::ViewportConfiguration::shouldOverrideDeviceWidthWithMinDeviceWidth const): Deleted.
1997         * page/ViewportConfiguration.h:
1998
1999 2018-04-30  Chris Nardi  <cnardi@chromium.org>
2000
2001         Serialize font-variation-settings with double-quotes per spec
2002         https://bugs.webkit.org/show_bug.cgi?id=182542
2003
2004         Reviewed by Myles C. Maxfield.
2005
2006         According to the CSSOM spec [1], all strings should be serialized with double-quotes.
2007         The axis name in font-variation-settings was previously serialized with single-quotes;
2008         change this to double-quotes to match the spec and non-WebKit browsers.
2009
2010         [1]: https://drafts.csswg.org/cssom/#common-serializing-idioms
2011
2012         Updated fast/text/variations/getComputedStyle.html to test the change.
2013
2014         * css/CSSFontVariationValue.cpp:
2015         (WebCore::CSSFontVariationValue::customCSSText const):
2016
2017 2018-04-30  Chris Dumez  <cdumez@apple.com>
2018
2019         Fix bad use of RunLoop::main().dispatch() in MessagePort::dispatchMessages()
2020         https://bugs.webkit.org/show_bug.cgi?id=185134
2021
2022         Reviewed by Geoffrey Garen.
2023
2024         Fix bad use of RunLoop::main().dispatch() in MessagePort::dispatchMessages(). This code runs on iOS WebKitLegacy
2025         and it is therefore unsafe to use RunLoop::main() here. We want to use callOnMainThread() instead to run code on
2026         the WebThread.
2027
2028         * dom/MessagePort.cpp:
2029         (WebCore::MessagePort::dispatchMessages):
2030
2031 2018-04-30  Simon Fraser  <simon.fraser@apple.com>
2032
2033         Make color-filter affect caret-color
2034         https://bugs.webkit.org/show_bug.cgi?id=185129
2035         rdar://problem/39829066
2036
2037         Reviewed by Tim Horton.
2038         
2039         Transform the colors used to compare the caret color with the background through
2040         color-filter (since we want contrasting colors after filters are applied), and
2041         transform caret-color itself.
2042
2043         Test: css3/color-filters/color-filter-caret-color.html
2044
2045         * editing/FrameSelection.cpp:
2046         (WebCore::CaretBase::paintCaret const):
2047
2048 2018-04-30  Michael Catanzaro  <mcatanzaro@igalia.com>
2049
2050         [GTK] Webkit should spoof as Safari on a Mac when on Chase.com
2051         https://bugs.webkit.org/show_bug.cgi?id=185103
2052
2053         Reviewed by Carlos Garcia Campos.
2054
2055         Send a fake user agent to chase.com to make it work.
2056
2057         * platform/UserAgentQuirks.cpp:
2058         (WebCore::urlRequiresMacintoshPlatform):
2059         (WebCore::UserAgentQuirks::stringForQuirk): Also, remove this stale comment.
2060
2061 2018-04-29  Simon Fraser  <simon.fraser@apple.com>
2062
2063         Make color-filter affect <attachment>
2064         https://bugs.webkit.org/show_bug.cgi?id=185122
2065         rdar://problem/39818763
2066
2067         Reviewed by Tim Horton.
2068         
2069         Convert the colors used to render <attachment> through color-filter, except
2070         for those parts that render over the icon (like the progress bar).
2071
2072         Not easily testable.
2073
2074         * rendering/RenderThemeMac.mm:
2075         (WebCore::titleTextColorForAttachment):
2076         (WebCore::AttachmentLayout::layOutTitle):
2077         (WebCore::AttachmentLayout::layOutSubtitle):
2078         (WebCore::paintAttachmentIconBackground):
2079         (WebCore::paintAttachmentTitleBackground):
2080         (WebCore::paintAttachmentPlaceholderBorder):
2081
2082 2018-04-28  Simon Fraser  <simon.fraser@apple.com>
2083
2084         Fix color-filter to apply to SVG colors
2085         https://bugs.webkit.org/show_bug.cgi?id=185113
2086         rdar://problem/39665082
2087
2088         Reviewed by Dean Jackson.
2089         
2090         Convert SVG colors through color-filter operations for the places in SVG
2091         that use color, namely fill and stroke, gradients, lighting colors and
2092         drop-shadow.
2093
2094         Test: css3/color-filters/svg/color-filter-inline-svg.html
2095
2096         * rendering/svg/RenderSVGResourceGradient.cpp:
2097         (WebCore::RenderSVGResourceGradient::applyResource):
2098         * rendering/svg/RenderSVGResourceGradient.h:
2099         * rendering/svg/RenderSVGResourceLinearGradient.cpp:
2100         (WebCore::RenderSVGResourceLinearGradient::buildGradient const):
2101         * rendering/svg/RenderSVGResourceLinearGradient.h:
2102         * rendering/svg/RenderSVGResourceRadialGradient.cpp:
2103         (WebCore::RenderSVGResourceRadialGradient::buildGradient const):
2104         * rendering/svg/RenderSVGResourceRadialGradient.h:
2105         * rendering/svg/RenderSVGResourceSolidColor.cpp:
2106         (WebCore::RenderSVGResourceSolidColor::applyResource):
2107         * svg/SVGFEDiffuseLightingElement.cpp:
2108         (WebCore::SVGFEDiffuseLightingElement::setFilterEffectAttribute):
2109         (WebCore::SVGFEDiffuseLightingElement::build):
2110         * svg/SVGFEDropShadowElement.cpp:
2111         (WebCore::SVGFEDropShadowElement::build):
2112         * svg/SVGFEFloodElement.cpp:
2113         (WebCore::SVGFEFloodElement::build):
2114         * svg/SVGFESpecularLightingElement.cpp:
2115         (WebCore::SVGFESpecularLightingElement::setFilterEffectAttribute):
2116         (WebCore::SVGFESpecularLightingElement::build):
2117
2118 2018-04-29  Michael Catanzaro  <mcatanzaro@igalia.com>
2119
2120         [CMake] Require GCC 6
2121         https://bugs.webkit.org/show_bug.cgi?id=184985
2122
2123         Reviewed by Alex Christensen.
2124
2125         Remove a GCC 5 fallback path. This seems to be the only such fallback path in WebKit.
2126
2127         * platform/graphics/FourCC.h:
2128         (WebCore::FourCC::FourCC):
2129
2130 2018-04-29  Zalan Bujtas  <zalan@apple.com>
2131
2132         [LFC] Implement Display::Box functions
2133         https://bugs.webkit.org/show_bug.cgi?id=185116
2134
2135         Reviewed by Antti Koivisto.
2136
2137         * layout/displaytree/DisplayBox.cpp:
2138         (WebCore::Display::Box::Box):
2139         (WebCore::Display::Box::~Box):
2140         (WebCore::Display::Box::marginBox const):
2141         (WebCore::Display::Box::borderBox const):
2142         (WebCore::Display::Box::paddingBox const):
2143         (WebCore::Display::Box::contentBox const):
2144         * layout/displaytree/DisplayBox.h:
2145         (WebCore::Display::Box::rect const):
2146         (WebCore::Display::Box::top const):
2147         (WebCore::Display::Box::left const):
2148         (WebCore::Display::Box::bottom const):
2149         (WebCore::Display::Box::right const):
2150         (WebCore::Display::Box::topLeft const):
2151         (WebCore::Display::Box::bottomRight const):
2152         (WebCore::Display::Box::size const):
2153         (WebCore::Display::Box::width const):
2154         (WebCore::Display::Box::height const):
2155         (WebCore::Display::Box::marginTop const):
2156         (WebCore::Display::Box::marginLeft const):
2157         (WebCore::Display::Box::marginBottom const):
2158         (WebCore::Display::Box::marginRight const):
2159         (WebCore::Display::Box::parent const):
2160         (WebCore::Display::Box::nextSibling const):
2161         (WebCore::Display::Box::previousSibling const):
2162         (WebCore::Display::Box::firstChild const):
2163         (WebCore::Display::Box::lastChild const):
2164         (WebCore::Display::Box::setRect):
2165         (WebCore::Display::Box::setTopLeft):
2166         (WebCore::Display::Box::setTop):
2167         (WebCore::Display::Box::setLeft):
2168         (WebCore::Display::Box::setSize):
2169         (WebCore::Display::Box::setWidth):
2170         (WebCore::Display::Box::setHeight):
2171         (WebCore::Display::Box::setMarginTop):
2172         (WebCore::Display::Box::setMarginLeft):
2173         (WebCore::Display::Box::setMarginBottom):
2174         (WebCore::Display::Box::setMarginRight):
2175         (WebCore::Display::Box::setBorderTop):
2176         (WebCore::Display::Box::setBorderLeft):
2177         (WebCore::Display::Box::setBorderBottom):
2178         (WebCore::Display::Box::setBorderRight):
2179         (WebCore::Display::Box::setPaddingTop):
2180         (WebCore::Display::Box::setPaddingLeft):
2181         (WebCore::Display::Box::setPaddingBottom):
2182         (WebCore::Display::Box::setPaddingRight):
2183         (WebCore::Display::Box::setParent):
2184         (WebCore::Display::Box::setNextSibling):
2185         (WebCore::Display::Box::setPreviousSibling):
2186         (WebCore::Display::Box::setFirstChild):
2187         (WebCore::Display::Box::setLastChild):
2188
2189 2018-04-29  Youenn Fablet  <youenn@apple.com>
2190
2191         Make RestrictedHTTPResponseAccess flag true by default
2192         https://bugs.webkit.org/show_bug.cgi?id=185089
2193
2194         Reviewed by Geoffrey Garen.
2195
2196         * page/RuntimeEnabledFeatures.h:
2197
2198 2018-04-28  Sihui Liu  <sihui_liu@apple.com>
2199
2200         [Cocoa] Set HTTPOnly flag when converting Cookie to NSHTTPCookie
2201         https://bugs.webkit.org/show_bug.cgi?id=185052
2202
2203         Reviewed by Geoffrey Garen.
2204
2205         Set HTTPOnly for NSHTTPCookie when it's converted from Cookie, so the WebKit APIs could 
2206         create NSHTTPCookie with correct HTTPOnly flag. Also, reverted the change made to operator
2207         function because we want the Cookie class to act as a wrapper for NSHTTPCookie and leverage
2208         its equal function. 
2209
2210         Modified API test: WebKit.WKHTTPCookieStoreHttpOnly
2211
2212         * platform/network/cocoa/CookieCocoa.mm:
2213         (WebCore::Cookie::operator NSHTTPCookie * const):
2214         (WebCore::Cookie::operator== const):
2215         * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
2216         (WebCore::NetworkStorageSession::deleteCookie):
2217
2218 2018-04-28  Zalan Bujtas  <zalan@apple.com>
2219
2220         [LFC] Add LayoutTreeBuilder class to generate the layout tree
2221         https://bugs.webkit.org/show_bug.cgi?id=185108
2222
2223         Reviewed by Antti Koivisto.
2224
2225         This is for testing purposes.
2226
2227         * WebCore.xcodeproj/project.pbxproj:
2228         * layout/FormattingState.cpp:
2229         (WebCore::Layout::FormattingState::~FormattingState):
2230         * layout/FormattingState.h:
2231         * layout/LayoutContext.h:
2232         * layout/blockformatting/BlockFormattingState.cpp:
2233         (WebCore::Layout::BlockFormattingState::~BlockFormattingState):
2234         * layout/blockformatting/BlockFormattingState.h:
2235         * layout/inlineformatting/InlineFormattingState.cpp:
2236         (WebCore::Layout::InlineFormattingState::~InlineFormattingState):
2237         * layout/inlineformatting/InlineFormattingState.h:
2238         * layout/layouttree/LayoutBlockContainer.h:
2239         * layout/layouttree/LayoutBox.h:
2240         * layout/layouttree/LayoutContainer.h:
2241         * layout/layouttree/LayoutInlineContainer.h:
2242         * layout/layouttree/LayoutTreeBuilder.cpp: Added.
2243         (WebCore::Layout::TreeBuilder::createLayoutTree):
2244         (WebCore::Layout::TreeBuilder::createSubTree):
2245         (WebCore::Layout::outputLayoutBox):
2246         (WebCore::Layout::outputLayoutTree):
2247         (WebCore::Layout::TreeBuilder::showLayoutTree):
2248         (WebCore::Layout::printLayoutTreeForLiveDocuments):
2249         * layout/layouttree/LayoutTreeBuilder.h: Copied from Source/WebCore/layout/layouttree/LayoutBlockContainer.h.
2250         * page/mac/PageMac.mm:
2251         (WebCore::Page::platformInitialize):
2252
2253 2018-04-28  Zalan Bujtas  <zalan@apple.com>
2254
2255         [LFC] Implement BlockMarginCollapse functions.
2256         https://bugs.webkit.org/show_bug.cgi?id=185036
2257
2258         Reviewed by Antti Koivisto.
2259
2260         * layout/blockformatting/BlockMarginCollapse.cpp:
2261         (WebCore::Layout::marginValue):
2262         (WebCore::Layout::BlockMarginCollapse::BlockMarginCollapse):
2263         (WebCore::Layout::BlockMarginCollapse::marginTop const):
2264         (WebCore::Layout::BlockMarginCollapse::marginBottom const):
2265         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithSibling const):
2266         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithSibling const):
2267         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithParent const):
2268         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithParent const):
2269         (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginTop const):
2270         (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginBottom const):
2271         (WebCore::Layout::BlockMarginCollapse::collapsedMarginTopFromFirstChild const):
2272         (WebCore::Layout::BlockMarginCollapse::collapsedMarginBottomFromLastChild const):
2273         (WebCore::Layout::BlockMarginCollapse::hasAdjoiningMarginTopAndBottom const):
2274         * layout/blockformatting/BlockMarginCollapse.h:
2275         * layout/layouttree/LayoutBox.h:
2276         (WebCore::Layout::Box::style const):
2277
2278 2018-04-27  David Kilzer  <ddkilzer@apple.com>
2279
2280         Add logging when SpringBoard enables WebThread
2281         <https://webkit.org/b/185100>
2282         <rdar://problem/39746542>
2283
2284         Reviewed by Daniel Bates.
2285
2286         * platform/RuntimeApplicationChecks.h:
2287         (WebCore::IOSApplication::isSpringBoard): Add declaration.
2288         * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
2289         (WebCore::IOSApplication::isSpringBoard): Add implementation.
2290         * platform/ios/wak/WebCoreThread.mm:
2291         (WebThreadEnable): Call RELEASE_LOG_FAULT() if this is called by
2292         SpringBoard.
2293
2294 2018-04-27  Keith Rollin  <krollin@apple.com>
2295
2296         Fix crash in DocumentLoader::startLoadingMainResource
2297         https://bugs.webkit.org/show_bug.cgi?id=185088
2298         rdar://problem/39689263
2299
2300         Reviewed by Chris Dumez.
2301
2302         Add a "protectedThis" to address a case where a deleted "this" was
2303         accessed in a RELEASE_LOG statement.
2304
2305         No new tests -- covered by existing tests, which now pass.
2306
2307         * loader/DocumentLoader.cpp:
2308         (WebCore::DocumentLoader::startLoadingMainResource):
2309
2310 2018-04-27  Simon Fraser  <simon.fraser@apple.com>
2311
2312         Implement color-filter for text stroke
2313         https://bugs.webkit.org/show_bug.cgi?id=185098
2314
2315         Reviewed by Alan Bujtas.
2316         
2317         Transform the text stroke color through color-filter.
2318
2319         Test: css3/color-filters/color-filter-text-stroke.html
2320
2321         * rendering/TextPaintStyle.cpp:
2322         (WebCore::computeTextPaintStyle):
2323
2324 2018-04-27  Simon Fraser  <simon.fraser@apple.com>
2325
2326         Implement animation for color-filter
2327         https://bugs.webkit.org/show_bug.cgi?id=185092
2328         rdar://problem/39773810
2329
2330         Reviewed by Tim Horton.
2331         
2332         Implement animation of color-filter.
2333         
2334         This requires tracking whether the color-filter function lists match for both old and new
2335         animation code paths.
2336         
2337         The filter-related ProperyWappers in CSSPropertyAnimation are cleaned up to use a single wrapper,
2338         which has to pass the propertyID to the blend function so we know which "lists match" to check.
2339         This wrapper reports that its accelerated for filter and backdrop-filter, but not color-filter.
2340
2341         Test: css3/color-filters/color-filter-animation.html
2342
2343         * animation/CSSPropertyBlendingClient.h:
2344         * animation/KeyframeEffectReadOnly.cpp:
2345         (WebCore::KeyframeEffectReadOnly::setBlendingKeyframes):
2346         (WebCore::KeyframeEffectReadOnly::checkForMatchingColorFilterFunctionLists):
2347         * animation/KeyframeEffectReadOnly.h:
2348         * page/animation/AnimationBase.h:
2349         * page/animation/CSSPropertyAnimation.cpp:
2350         (WebCore::blendFunc):
2351         (WebCore::PropertyWrapperFilter::PropertyWrapperFilter):
2352         (WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):
2353         (WebCore::PropertyWrapperAcceleratedFilter::PropertyWrapperAcceleratedFilter): Deleted.
2354         (WebCore::PropertyWrapperAcceleratedBackdropFilter::PropertyWrapperAcceleratedBackdropFilter): Deleted.
2355         (WebCore::PropertyWrapperAcceleratedBackdropFilter::animationIsAccelerated const): Deleted.
2356         (WebCore::PropertyWrapperAcceleratedBackdropFilter::blend const): Deleted.
2357         * page/animation/ImplicitAnimation.cpp:
2358         (WebCore::ImplicitAnimation::reset):
2359         (WebCore::ImplicitAnimation::checkForMatchingColorFilterFunctionLists):
2360         * page/animation/ImplicitAnimation.h:
2361         * page/animation/KeyframeAnimation.cpp:
2362         (WebCore::KeyframeAnimation::KeyframeAnimation):
2363         (WebCore::KeyframeAnimation::checkForMatchingColorFilterFunctionLists):
2364         * page/animation/KeyframeAnimation.h:
2365
2366 2018-04-27  Zalan Bujtas  <zalan@apple.com>
2367
2368         [LFC] Add FormattingContext::computeWidth/computeHeight logic.
2369         https://bugs.webkit.org/show_bug.cgi?id=185091
2370
2371         Reviewed by Antti Koivisto.
2372
2373         Inflow width and height can't really be computed without knowing the exact context. 
2374
2375         * layout/FormattingContext.cpp:
2376         (WebCore::Layout::FormattingContext::computeWidth const):
2377         (WebCore::Layout::FormattingContext::computeHeight const):
2378         (WebCore::Layout::FormattingContext::computeOutOfFlowWidth const):
2379         (WebCore::Layout::FormattingContext::computeFloatingWidth const):
2380         (WebCore::Layout::FormattingContext::computeOutOfFlowHeight const):
2381         (WebCore::Layout::FormattingContext::computeFloatingHeight const):
2382         * layout/FormattingContext.h:
2383         * layout/blockformatting/BlockFormattingContext.cpp:
2384         (WebCore::Layout::BlockFormattingContext::computeInFlowWidth const):
2385         (WebCore::Layout::BlockFormattingContext::computeInFlowHeight const):
2386         (WebCore::Layout::BlockFormattingContext::computeWidth const): Deleted.
2387         (WebCore::Layout::BlockFormattingContext::computeHeight const): Deleted.
2388         * layout/blockformatting/BlockFormattingContext.h:
2389         * layout/inlineformatting/InlineFormattingContext.cpp:
2390         (WebCore::Layout::InlineFormattingContext::computeInFlowWidth const):
2391         (WebCore::Layout::InlineFormattingContext::computeInFlowHeight const):
2392         * layout/inlineformatting/InlineFormattingContext.h:
2393
2394 2018-04-27  Chris Dumez  <cdumez@apple.com>
2395
2396         Use WindowProxy instead of DOMWindow in our IDL
2397         https://bugs.webkit.org/show_bug.cgi?id=185022
2398
2399         Reviewed by Sam Weinig.
2400
2401         Stop using DOMWindow in all of our IDL files and use WindowProxy as
2402         per their respective specifications. As a result, the implementation
2403         as also updated to use WindowProxy type instead of DOMWindow.
2404
2405         * WebCore.xcodeproj/project.pbxproj:
2406         * bindings/js/JSDOMConvertWindowProxy.h: Removed.
2407         * bindings/js/JSWindowProxy.cpp:
2408         (WebCore::JSWindowProxy::windowProxy const):
2409         (WebCore::JSWindowProxy::toWrapped):
2410         * bindings/js/JSWindowProxy.h:
2411         (WebCore::window):
2412         Use static_cast<>() instead of jsCast<>() because jsCast<>()
2413         relies on classInfo() which is not allowed to be called during
2414         JS sweep due to an assertion inside classInfo(). The JSWindowProxy
2415         objects are held strongly by the WindowProxy so we know the JSWindowProxy
2416         object is not getting destroyed here.
2417
2418         (WebCore::toJS):
2419         * bindings/js/WindowProxy.cpp:
2420         (WebCore::WindowProxy::globalObject):
2421         * bindings/js/WindowProxy.h:
2422         (WebCore::WindowProxy::frame const):
2423         * bindings/scripts/CodeGenerator.pm:
2424         (IsBuiltinType):
2425         (ComputeIsCallbackInterface):
2426         (ComputeIsCallbackFunction):
2427         * bindings/scripts/CodeGeneratorJS.pm:
2428         (AddToIncludesForIDLType):
2429         (GetBaseIDLType):
2430         (NativeToJSValueDOMConvertNeedsState):
2431         * bindings/scripts/test/JS/JSTestObj.cpp:
2432         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod9Body):
2433         (WebCore::jsTestObjPrototypeFunctionOverloadedMethodOverloadDispatcher):
2434         * bindings/scripts/test/TestObj.idl:
2435         * dom/CompositionEvent.cpp:
2436         (WebCore::CompositionEvent::CompositionEvent):
2437         (WebCore::CompositionEvent::initCompositionEvent):
2438         * dom/CompositionEvent.h:
2439         * dom/CompositionEvent.idl:
2440         * dom/Document.cpp:
2441         (WebCore::Document::defaultView const):
2442         * dom/Document.h:
2443         * dom/Document.idl:
2444         * dom/DocumentTouch.cpp:
2445         (WebCore::DocumentTouch::createTouch):
2446         * dom/DocumentTouch.h:
2447         * dom/DocumentTouch.idl:
2448         * dom/FocusEvent.cpp:
2449         (WebCore::FocusEvent::FocusEvent):
2450         * dom/FocusEvent.h:
2451         * dom/InputEvent.cpp:
2452         (WebCore::InputEvent::create):
2453         (WebCore::InputEvent::InputEvent):
2454         * dom/InputEvent.h:
2455         * dom/KeyboardEvent.cpp:
2456         (WebCore::KeyboardEvent::KeyboardEvent):
2457         (WebCore::KeyboardEvent::create):
2458         (WebCore::KeyboardEvent::initKeyboardEvent):
2459         (WebCore::KeyboardEvent::charCode const):
2460         * dom/KeyboardEvent.h:
2461         * dom/KeyboardEvent.idl:
2462         * dom/MessageEvent.h:
2463         * dom/MessageEvent.idl:
2464         * dom/MouseEvent.cpp:
2465         (WebCore::MouseEvent::create):
2466         (WebCore::MouseEvent::MouseEvent):
2467         (WebCore::MouseEvent::initMouseEvent):
2468         (WebCore::MouseEvent::initMouseEventQuirk):
2469         * dom/MouseEvent.h:
2470         * dom/MouseEvent.idl:
2471         * dom/MouseRelatedEvent.cpp:
2472         (WebCore::MouseRelatedEvent::MouseRelatedEvent):
2473         (WebCore::MouseRelatedEvent::init):
2474         (WebCore::MouseRelatedEvent::frameViewFromWindowProxy):
2475         (WebCore::MouseRelatedEvent::initCoordinates):
2476         (WebCore::MouseRelatedEvent::documentToAbsoluteScaleFactor const):
2477         (WebCore::MouseRelatedEvent::computePageLocation):
2478         (WebCore::MouseRelatedEvent::locationInRootViewCoordinates const):
2479         * dom/MouseRelatedEvent.h:
2480         * dom/Node.cpp:
2481         * dom/SimulatedClick.cpp:
2482         * dom/TextEvent.cpp:
2483         (WebCore::TextEvent::create):
2484         (WebCore::TextEvent::createForPlainTextPaste):
2485         (WebCore::TextEvent::createForFragmentPaste):
2486         (WebCore::TextEvent::createForDrop):
2487         (WebCore::TextEvent::createForDictation):
2488         (WebCore::TextEvent::TextEvent):
2489         (WebCore::TextEvent::initTextEvent):
2490         * dom/TextEvent.h:
2491         * dom/TextEvent.idl:
2492         * dom/TouchEvent.idl:
2493         * dom/UIEvent.cpp:
2494         (WebCore::UIEvent::UIEvent):
2495         (WebCore::UIEvent::initUIEvent):
2496         * dom/UIEvent.h:
2497         (WebCore::UIEvent::create):
2498         (WebCore::UIEvent::view const):
2499         * dom/UIEvent.idl:
2500         * dom/UIEventInit.h:
2501         * dom/UIEventInit.idl:
2502         * dom/UIEventWithKeyState.h:
2503         (WebCore::UIEventWithKeyState::UIEventWithKeyState):
2504         * dom/WheelEvent.cpp:
2505         (WebCore::WheelEvent::WheelEvent):
2506         (WebCore::WheelEvent::create):
2507         (WebCore::WheelEvent::initWebKitWheelEvent):
2508         * dom/WheelEvent.h:
2509         * dom/WheelEvent.idl:
2510         * editing/AlternativeTextController.cpp:
2511         (WebCore::AlternativeTextController::insertDictatedText):
2512         * editing/Editor.cpp:
2513         (WebCore::Editor::pasteAsPlainText):
2514         (WebCore::Editor::pasteAsFragment):
2515         (WebCore::Editor::setComposition):
2516         * html/HTMLDocument.cpp:
2517         (WebCore::HTMLDocument::namedItem):
2518         * html/HTMLDocument.h:
2519         * html/HTMLDocument.idl:
2520         * html/HTMLFrameElement.idl:
2521         * html/HTMLFrameOwnerElement.cpp:
2522         (WebCore::HTMLFrameOwnerElement::contentWindow const):
2523         * html/HTMLFrameOwnerElement.h:
2524         * html/HTMLFrameSetElement.cpp:
2525         (WebCore::HTMLFrameSetElement::namedItem):
2526         * html/HTMLFrameSetElement.h:
2527         * html/HTMLFrameSetElement.idl:
2528         * html/HTMLIFrameElement.idl:
2529         * html/ImageDocument.cpp:
2530         * page/DOMWindow.cpp:
2531         (WebCore::PostMessageTimer::PostMessageTimer):
2532         (WebCore::PostMessageTimer::event):
2533         (WebCore::DOMWindow::postMessage):
2534         * page/DragController.cpp:
2535         (WebCore::DragController::dispatchTextInputEventFor):
2536         * page/EventHandler.cpp:
2537         (WebCore::EventHandler::handleTextInputEvent):
2538
2539 2018-04-27  Nan Wang  <n_wang@apple.com>
2540
2541         AX: Accessibility needs to know which part of the content view is visible on iOS
2542         https://bugs.webkit.org/show_bug.cgi?id=185085
2543         <rdar://problem/39801363>
2544
2545         Reviewed by Chris Fleizach.
2546
2547         Exposed unobscuredContentRect() to iOS accessibility object wrapper.
2548
2549         Test: accessibility/ios-simulator/unobscured-content-rect.html
2550
2551         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
2552         (-[WebAccessibilityObjectWrapper accessibilityVisibleContentRect]):
2553
2554 2018-04-27  Simon Fraser  <simon.fraser@apple.com>
2555
2556         Refactor filter list checking code
2557         https://bugs.webkit.org/show_bug.cgi?id=185087
2558
2559         Reviewed by Alan Bujtas.
2560
2561         Deduplicate code between filter and backdrop-filter for checking whether function lists
2562         match, by making a shared function that takes a std::function.
2563         
2564         The call sites have to declare the return type (-> const FilterOperations&) to avoid std::function
2565         converting the return type into a value.
2566
2567         * animation/KeyframeEffectReadOnly.cpp:
2568         (WebCore::KeyframeEffectReadOnly::checkForMatchingFilterFunctionLists const):
2569         (WebCore::KeyframeEffectReadOnly::checkForMatchingFilterFunctionLists):
2570         (WebCore::KeyframeEffectReadOnly::checkForMatchingBackdropFilterFunctionLists):
2571         * animation/KeyframeEffectReadOnly.h:
2572         * page/animation/KeyframeAnimation.cpp:
2573         (WebCore::KeyframeAnimation::checkForMatchingFilterFunctionLists const):
2574         (WebCore::KeyframeAnimation::checkForMatchingFilterFunctionLists):
2575         (WebCore::KeyframeAnimation::checkForMatchingBackdropFilterFunctionLists):
2576         * page/animation/KeyframeAnimation.h:
2577
2578 2018-04-27  Chris Dumez  <cdumez@apple.com>
2579
2580         Regression(r222392?): Events can have a negative timestamp which causes app breakage
2581         https://bugs.webkit.org/show_bug.cgi?id=185040
2582         <rdar://problem/39638051>
2583
2584         Reviewed by Wenson Hsieh.
2585
2586         The real fix is in UIKit when generating the touch timestamps. However, this patch
2587         does some hardening to make sure that Event.timestamp can never return a negative
2588         value even if something goes wrong.
2589
2590         * dom/Event.cpp:
2591         (WebCore::Event::timeStampForBindings const):
2592
2593 2018-04-27  Christopher Reid  <chris.reid@sony.com>
2594
2595         URL::appendEncodedHostName is using the deprecated uidna_IDNToASCII function
2596         https://bugs.webkit.org/show_bug.cgi?id=184836
2597
2598         Reviewed by Alex Christensen.
2599
2600         Update URL::appendEncodedHostName to use uidna_nameToASCII as done in r208902.
2601
2602         Test: LayoutTests\fast\url\url-hostname-encoding.html
2603
2604         * platform/URL.cpp:
2605
2606 2018-04-27  Youenn Fablet  <youenn@apple.com>
2607
2608         CachedRawResource is not handling incremental data computation correctly
2609         https://bugs.webkit.org/show_bug.cgi?id=184936
2610         <rdar://problem/38798141>
2611
2612         Reviewed by Darin Adler.
2613
2614         * loader/cache/CachedRawResource.cpp:
2615         (WebCore::CachedRawResource::updateBuffer): Fixing style.
2616
2617 2018-04-27  Zalan Bujtas  <zalan@apple.com>
2618
2619         [LFC] Implement BlockFormattingContext::layout logic and its dependencies
2620         https://bugs.webkit.org/show_bug.cgi?id=185024
2621
2622         Reviewed by Antti Koivisto.
2623
2624         This patch implements the logic for block formatting context according to
2625         https://www.w3.org/TR/CSS22/visuren.html#block-formatting
2626
2627         1. Traverse the tree iteratively (in post-order fashion) and compute the width/static position for the containers as
2628         we visit the descendant nodes until we hit a leaf node.
2629         2. Compute the position/geometry of the leaf node and move over to its sibling(s).
2630         3. Finalize the container's height/final position as we climb back on the tree.
2631         4. Run layout on the out-of-flow descendants.  
2632
2633         Note that subtrees with a formatting context root need to be laid out completely before moving on to the next box.
2634         The formatting root box is laid out in the formatting context it lives in, however its descendants get laid out
2635         in a separate formatting context (excluding out-of-flow boxes that don't belong to the root). 
2636
2637         * layout/FloatingContext.cpp:
2638         (WebCore::Layout::FloatingContext::FloatingContext):
2639         (WebCore::Layout::FloatingContext::computePosition):
2640         * layout/FormattingContext.cpp:
2641         (WebCore::Layout::FormattingContext::placeInFlowPositionedChildren const):
2642         (WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):
2643         * layout/FormattingContext.h:
2644         * layout/LayoutContext.cpp:
2645         (WebCore::Layout::LayoutContext::updateLayout):
2646         (WebCore::Layout::LayoutContext::establishedFormattingState):
2647         * layout/LayoutContext.h:
2648         * layout/blockformatting/BlockFormattingContext.cpp:
2649         (WebCore::Layout::BlockFormattingContext::layout const):
2650         (WebCore::Layout::BlockFormattingContext::layout): Deleted.
2651         * layout/blockformatting/BlockFormattingContext.h:
2652         * layout/inlineformatting/InlineFormattingContext.cpp:
2653         (WebCore::Layout::InlineFormattingContext::layout const):
2654         (WebCore::Layout::InlineFormattingContext::layout): Deleted.
2655         * layout/inlineformatting/InlineFormattingContext.h:
2656
2657 2018-04-27  Youenn Fablet  <youenn@apple.com>
2658
2659         Use NetworkLoadChecker for XHR/fetch loads
2660         https://bugs.webkit.org/show_bug.cgi?id=184741
2661
2662         Reviewed by Chris Dumez.
2663
2664         Covered by existing tests.
2665
2666         * loader/DocumentThreadableLoader.cpp:
2667         (WebCore::DocumentThreadableLoader::shouldSetHTTPHeadersToKeep const):
2668         We need to set this option for CORS done in NetworkProcess.
2669         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
2670         Set httpHeadersTokeep when needed (service worker or CORS loads).
2671         Remove the synchronous disabling of preflight since this is now also done for asynchronous loads.
2672         (WebCore::DocumentThreadableLoader::checkURLSchemeAsCORSEnabled):
2673         Helper routine to make the same check for both simple and preflight case.
2674         This allows more consistent error logging between WK1 and WK2.
2675         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
2676         Skip preflight in case this is done in NetworkProcess.
2677         (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest):
2678         (WebCore::isResponseComingFromNetworkProcess):
2679         (WebCore::DocumentThreadableLoader::redirectReceived):
2680         Bypass security checks when they are already done in NetworkProcess.
2681         (WebCore::DocumentThreadableLoader::didFail):
2682         In case of AccessControl error, it might be due to a CSP check done in NetworkProcess.
2683         Check it again to enable specific CSP console logging and error reporting.
2684         (WebCore::DocumentThreadableLoader::loadRequest):
2685         Recreating the error in case of synchronous loads to be able to log it adequately.
2686         (WebCore::DocumentThreadableLoader::isDoingSecurityChecksInNetworkProcess const):
2687         * loader/DocumentThreadableLoader.h:
2688         * loader/SubresourceLoader.cpp:
2689         (WebCore::SubresourceLoader::checkResponseCrossOriginAccessControl):
2690         Specific handling of SameOrigin credential mode for which cross-origin load will not use any credential.
2691         (WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl):
2692         We keep the application headers so that DocumentThreadableLoader does not have to restart a brand new load.
2693         * loader/cache/CachedResourceLoader.cpp:
2694         (WebCore::CachedResourceLoader::requestResource):
2695         DocumentThreadableLoader is setting referrer and origin directly. Until we fix that, we remove them from the original requests
2696         as applications are not supposed to set these headers.
2697
2698 2018-04-27  Wenson Hsieh  <wenson_hsieh@apple.com>
2699
2700         Add an experimental feature flag for viewport "min-device-width"
2701         https://bugs.webkit.org/show_bug.cgi?id=185050
2702         <rdar://problem/39624038>
2703
2704         Reviewed by Tim Horton.
2705
2706         Add MinDeviceWidthEnabled as a new runtime-enabled feature.
2707
2708         * dom/ViewportArguments.cpp:
2709         (WebCore::setViewportFeature):
2710
2711         Gate the parsing of "min-device-width" on the runtime-enabled feature being flipped on.
2712
2713         * page/RuntimeEnabledFeatures.h:
2714         (WebCore::RuntimeEnabledFeatures::setMinDeviceWidthEnabled):
2715         (WebCore::RuntimeEnabledFeatures::minDeviceWidthEnabled const):
2716
2717 2018-04-27  Simon Fraser  <simon.fraser@apple.com>
2718
2719         Make color-filter transform gradient colors
2720         https://bugs.webkit.org/show_bug.cgi?id=185080
2721
2722         Reviewed by Zalan Bujtas.
2723         
2724         In CSSGradientValue::computeStops(), transform the color of each gradient color
2725         stop through the color filter. Having a color filter makes the gradient uncacheable.
2726         
2727         Color filters can add alpha, so we also have to fix up CSSGradientValue::knownToBeOpaque()
2728         to take a RenderStyle and convert the colors before testing opaqueness. Clean up some related
2729         functions to take const RenderStyle&.
2730
2731         Test: css3/color-filters/color-filter-gradients.html
2732
2733         * css/CSSCrossfadeValue.cpp:
2734         (WebCore::subimageKnownToBeOpaque):
2735         * css/CSSFilterImageValue.cpp:
2736         (WebCore::CSSFilterImageValue::knownToBeOpaque const):
2737         * css/CSSFilterImageValue.h:
2738         * css/CSSGradientValue.cpp:
2739         (WebCore::CSSGradientValue::image):
2740         (WebCore::CSSGradientValue::computeStops):
2741         (WebCore::CSSGradientValue::knownToBeOpaque const):
2742         (WebCore::CSSLinearGradientValue::createGradient):
2743         (WebCore::CSSRadialGradientValue::createGradient):
2744         * css/CSSGradientValue.h:
2745         * css/CSSImageGeneratorValue.cpp:
2746         (WebCore::CSSImageGeneratorValue::knownToBeOpaque const):
2747         * css/CSSImageValue.cpp:
2748         (WebCore::CSSImageValue::knownToBeOpaque const):
2749         * css/CSSImageValue.h:
2750
2751 2018-04-26  Simon Fraser  <simon.fraser@apple.com>
2752
2753         Fix color-filter to apply to text decorations
2754         https://bugs.webkit.org/show_bug.cgi?id=185068
2755         <rdar://problem/39782136>
2756
2757         Reviewed by Alan Bujtas.
2758         
2759         Transform the colors of text shadows, and the shadows of text-decorations through
2760         the color-filter.
2761         
2762         Rather than clone the ShadowData stored on TextPainter and TextDecorationPainter
2763         (which would have awkward ownership implications) we pass the color filters through
2764         and just map the color through it before painting.
2765         
2766         Re-order the members of TextPainter a little to optimize padding.
2767         
2768         Also fix a bug where FilterOperations::transformColor() could transform an invalid
2769         color to a valid one; we never want this.
2770
2771         Tests: css3/color-filters/color-filter-text-decoration-shadow.html
2772                css3/color-filters/color-filter-text-shadow.html
2773
2774         * platform/graphics/filters/FilterOperations.cpp:
2775         (WebCore::FilterOperations::transformColor const):
2776         * rendering/InlineTextBox.cpp:
2777         (WebCore::InlineTextBox::paintMarkedTextForeground):
2778         (WebCore::InlineTextBox::paintMarkedTextDecoration):
2779         * rendering/TextDecorationPainter.cpp:
2780         (WebCore::TextDecorationPainter::paintTextDecoration):
2781         * rendering/TextDecorationPainter.h:
2782         (WebCore::TextDecorationPainter::setTextShadow):
2783         (WebCore::TextDecorationPainter::setShadowColorFilter):
2784         (WebCore::TextDecorationPainter::addTextShadow): Deleted.
2785         * rendering/TextPainter.cpp:
2786         (WebCore::ShadowApplier::ShadowApplier):
2787         (WebCore::TextPainter::paintTextWithShadows):
2788         (WebCore::TextPainter::paintTextAndEmphasisMarksIfNeeded): Simplify the logic that only paints the shadow
2789         on the first iteration.
2790         (WebCore::TextPainter::paintRange):
2791         * rendering/TextPainter.h:
2792         (WebCore::TextPainter::setShadowColorFilter):
2793         * rendering/svg/SVGInlineTextBox.cpp:
2794         (WebCore::SVGInlineTextBox::paintTextWithShadows):
2795
2796 2018-04-27  Wenson Hsieh  <wenson_hsieh@apple.com>
2797
2798         Rename minimumLayoutSize to viewLayoutSize
2799         https://bugs.webkit.org/show_bug.cgi?id=185050
2800         <rdar://problem/39624038>
2801
2802         Reviewed by Tim Horton.
2803
2804         See WebKit/ChangeLog for more information. No change in behavior.
2805
2806         * page/ViewportConfiguration.cpp:
2807         (WebCore::ViewportConfiguration::ViewportConfiguration):
2808         (WebCore::ViewportConfiguration::setViewLayoutSize):
2809
2810         Remove a FIXME comment that is addressed by this refactoring.
2811
2812         (WebCore::ViewportConfiguration::shouldOverrideDeviceWidthWithMinDeviceWidth const):
2813         (WebCore::ViewportConfiguration::initialScaleFromSize const):
2814         (WebCore::ViewportConfiguration::minimumScale const):
2815         (WebCore::ViewportConfiguration::updateMinimumLayoutSize):
2816         (WebCore::ViewportConfiguration::setMinimumLayoutSize): Deleted.
2817         * page/ViewportConfiguration.h:
2818         (WebCore::ViewportConfiguration::viewLayoutSize const):
2819         (WebCore::ViewportConfiguration::viewSize const): Deleted.
2820
2821 2018-04-27  Zalan Bujtas  <zalan@apple.com>
2822
2823         [LFC] Formatting contexts should create floating states.
2824         https://bugs.webkit.org/show_bug.cgi?id=185032
2825
2826         Reviewed by Antti Koivisto.
2827
2828         This patch implements the logic for sharing floating states across multiple formatting contexts.
2829         At this point this is mostly about inline formatting contexts. They either create a new floating state
2830         or inherit it from the parent formatting context.
2831
2832         * layout/FloatingState.cpp:
2833         (WebCore::Layout::FloatingState::FloatingState):
2834         * layout/FloatingState.h:
2835         (WebCore::Layout::FloatingState::create):
2836         * layout/FormattingContext.cpp:
2837         (WebCore::Layout::FormattingContext::FormattingContext):
2838         * layout/FormattingContext.h:
2839         (WebCore::Layout::FormattingContext::layoutContext const):
2840         * layout/FormattingState.cpp:
2841         (WebCore::Layout::FormattingState::FormattingState):
2842         * layout/FormattingState.h:
2843         (WebCore::Layout::FormattingState::floatingState const):
2844         * layout/LayoutContext.cpp:
2845         (WebCore::Layout::LayoutContext::updateLayout):
2846         (WebCore::Layout::LayoutContext::formattingStateForBox const):
2847         (WebCore::Layout::LayoutContext::establishedFormattingState):
2848         (WebCore::Layout::LayoutContext::formattingContext):
2849         (WebCore::Layout::LayoutContext::formattingState): Deleted.
2850         * layout/LayoutContext.h:
2851         * layout/blockformatting/BlockFormattingContext.cpp:
2852         (WebCore::Layout::BlockFormattingContext::BlockFormattingContext):
2853         (WebCore::Layout::BlockFormattingContext::createFormattingState const):
2854         (WebCore::Layout::BlockFormattingContext::createOrFindFloatingState const):
2855         (WebCore::Layout::BlockFormattingContext::formattingState const): Deleted.
2856         * layout/blockformatting/BlockFormattingContext.h:
2857         * layout/blockformatting/BlockFormattingState.cpp:
2858         (WebCore::Layout::BlockFormattingState::BlockFormattingState):
2859         * layout/blockformatting/BlockFormattingState.h:
2860         * layout/inlineformatting/InlineFormattingContext.cpp:
2861         (WebCore::Layout::InlineFormattingContext::InlineFormattingContext):
2862         (WebCore::Layout::InlineFormattingContext::createFormattingState const):
2863         (WebCore::Layout::InlineFormattingContext::createOrFindFloatingState const):
2864         (WebCore::Layout::InlineFormattingContext::formattingState const): Deleted.
2865         * layout/inlineformatting/InlineFormattingContext.h:
2866         * layout/inlineformatting/InlineFormattingState.cpp:
2867         (WebCore::Layout::InlineFormattingState::InlineFormattingState):
2868         * layout/inlineformatting/InlineFormattingState.h:
2869         * layout/layouttree/LayoutBox.cpp:
2870         (WebCore::Layout::Box::formattingContextRoot const):
2871         * layout/layouttree/LayoutBox.h:
2872
2873 2018-04-27  Wenson Hsieh  <wenson_hsieh@apple.com>
2874
2875         [Extra zoom mode] Add a mechanism to override default viewport behaviors in extra zoom mode
2876         https://bugs.webkit.org/show_bug.cgi?id=185050
2877         <rdar://problem/39624038>
2878
2879         Reviewed by Tim Horton.
2880
2881         Currently, in extra zoom mode, there's no way for web pages to opt out of the default viewport behaviors
2882         (namely, laying out at a larger width and shrinking to fit) when the web view is very tall and narrow. This
2883         patch adds a new experimental viewport attribute, "min-device-width", that can be used to prevent WebKit from
2884         automatically clamping the web view width to a greater value for the device width in this scenario.
2885
2886         Note that after this patch, logic that plumbs a minimumLayoutSize from WKWebView to the viewport configuration
2887         will need to be renamed to reflect that this size is no longer the minimum layout size, but rather, the view
2888         size that is used for viewport device dimensions by default. This refactoring will be done in a followup part.
2889
2890         See per-method comments below for more detail.
2891
2892         Test: fast/viewport/extrazoom/viewport-change-min-device-width.html
2893
2894         * dom/ViewportArguments.cpp:
2895         (WebCore::setViewportFeature):
2896         (WebCore::operator<<):
2897         * dom/ViewportArguments.h:
2898
2899         Removes `m_forceHorizontalShrinkToFit` (more detail below).
2900
2901         * page/ViewportConfiguration.cpp:
2902         (WebCore::computedMinDeviceWidth):
2903         (WebCore::ViewportConfiguration::ViewportConfiguration):
2904         (WebCore::ViewportConfiguration::setMinimumLayoutSize):
2905
2906         Instead of directly setting the minimum layout size, setMinimumLayoutSize now first sets the view size (i.e. the
2907         size we use for `device-width` in the viewport meta tag), and then updates the minimum layout size.
2908
2909         (WebCore::ViewportConfiguration::shouldOverrideDeviceWidthWithMinDeviceWidth const):
2910
2911         Replaces `m_forceHorizontalShrinkToFit`. Whether or not we shrink to fit is now determined by whether the
2912         min-device-width attribute is actively clamping the width of the view.
2913
2914         (WebCore::ViewportConfiguration::shouldIgnoreHorizontalScalingConstraints const):
2915         (WebCore::ViewportConfiguration::shouldIgnoreScalingConstraintsRegardlessOfContentSize const):
2916         (WebCore::ViewportConfiguration::updateMinimumLayoutSize):
2917
2918         Computes and sets the minimum layout size using the view size, taking the minimum device width into account if
2919         needed.
2920
2921         (WebCore::ViewportConfiguration::description const):
2922         (WebCore::ViewportConfiguration::setForceHorizontalShrinkToFit): Deleted.
2923         * page/ViewportConfiguration.h:
2924
2925 2018-04-27  Zalan Bujtas  <zalan@apple.com>
2926
2927         [LFC] Formatting contexts should take const Box&
2928         https://bugs.webkit.org/show_bug.cgi?id=185031
2929
2930         Reviewed by Sam Weinig.
2931
2932         The formatting root boxes are supposed to be all const. The only reason why
2933         they are not is because WeakPtr<> does not support const objects yet.
2934         Use const_cast instead (remove it when WeakPtr<> gains const support).
2935
2936         * layout/FormattingContext.cpp:
2937         (WebCore::Layout::FormattingContext::FormattingContext):
2938         * layout/FormattingContext.h:
2939         * layout/LayoutContext.cpp:
2940         (WebCore::Layout::LayoutContext::LayoutContext):
2941         (WebCore::Layout::LayoutContext::formattingContext):
2942         * layout/LayoutContext.h:
2943         * layout/blockformatting/BlockFormattingContext.cpp:
2944         (WebCore::Layout::BlockFormattingContext::BlockFormattingContext):
2945         * layout/blockformatting/BlockFormattingContext.h:
2946         * layout/inlineformatting/InlineFormattingContext.cpp:
2947         (WebCore::Layout::InlineFormattingContext::InlineFormattingContext):
2948         * layout/inlineformatting/InlineFormattingContext.h:
2949
2950 2018-04-27  Zalan Bujtas  <zalan@apple.com>
2951
2952         [LFC] Add layout tree iterators.
2953         https://bugs.webkit.org/show_bug.cgi?id=185058
2954
2955         Reviewed by Antti Koivisto.
2956
2957         They work exactly like the renderer tree iterators.
2958
2959         * WebCore.xcodeproj/project.pbxproj:
2960         * layout/layouttree/LayoutAncestorIterator.h: Added.
2961         (WebCore::Layout::LayoutAncestorIterator<T>::LayoutAncestorIterator):
2962         (WebCore::Layout::LayoutAncestorIterator<T>::operator):
2963         (WebCore::Layout::LayoutAncestorIteratorAdapter<T>::LayoutAncestorIteratorAdapter):
2964         (WebCore::Layout::LayoutAncestorIteratorAdapter<T>::begin const):
2965         (WebCore::Layout::LayoutAncestorIteratorAdapter<T>::end const):
2966         (WebCore::Layout::LayoutAncestorIteratorAdapter<T>::first const):
2967         (WebCore::Layout::ancestorsOfType):
2968         (WebCore::Layout::lineageOfType):
2969         * layout/layouttree/LayoutBox.cpp:
2970         * layout/layouttree/LayoutChildIterator.h: Added.
2971         (WebCore::Layout::LayoutChildtIterator<T>::LayoutChildtIterator):
2972         (WebCore::Layout::LayoutChildtIterator<T>::operator):
2973         (WebCore::Layout::LayoutChildtIteratorAdapter<T>::LayoutChildtIteratorAdapter):
2974         (WebCore::Layout::LayoutChildtIteratorAdapter<T>::begin const):
2975         (WebCore::Layout::LayoutChildtIteratorAdapter<T>::end const):
2976         (WebCore::Layout::LayoutChildtIteratorAdapter<T>::first const):
2977         (WebCore::Layout::LayoutChildtIteratorAdapter<T>::last const):
2978         (WebCore::Layout::childrenOfType):
2979         * layout/layouttree/LayoutIterator.h: Added.
2980         (WebCore::Layout::isLayoutBoxOfType):
2981         (WebCore::Layout::Traversal::firstChild):
2982         (WebCore::Layout::Traversal::lastChild):
2983         (WebCore::Layout::Traversal::nextSibling):
2984         (WebCore::Layout::Traversal::previousSibling):
2985         (WebCore::Layout::Traversal::findAncestorOfType):
2986         (WebCore::Layout::Traversal::nextAncestorSibling):
2987         (WebCore::Layout::Traversal::nextWithin):
2988         (WebCore::Layout::Traversal::firstWithin):
2989         (WebCore::Layout::Traversal::next):
2990         (WebCore::Layout::LayoutIterator<T>::LayoutIterator):
2991         (WebCore::Layout::LayoutIterator<T>::traverseNextSibling):
2992         (WebCore::Layout::LayoutIterator<T>::traverseNext):
2993         (WebCore::Layout::LayoutIterator<T>::traversePreviousSibling):
2994         (WebCore::Layout::LayoutIterator<T>::traverseAncestor):
2995         (WebCore::Layout::LayoutIterator<T>::operator const):
2996         (WebCore::Layout:: const):
2997         (WebCore::Layout::= const):
2998
2999 2018-04-27  Commit Queue  <commit-queue@webkit.org>
3000
3001         Unreviewed, rolling out r231089.
3002         https://bugs.webkit.org/show_bug.cgi?id=185071
3003
3004         Broke and made crash some WPE EME tests (Requested by calvaris
3005         on #webkit).
3006
3007         Reverted changeset:
3008
3009         "[EME][GStreamer] Move the decryptor from AppendPipeline to
3010         PlaybackPipeline."
3011         https://bugs.webkit.org/show_bug.cgi?id=181855
3012         https://trac.webkit.org/changeset/231089
3013
3014 2018-04-27  Yacine Bandou  <yacine.bandou_ext@softathome.com>
3015
3016         [EME][GStreamer] Move the decryptor from AppendPipeline to PlaybackPipeline.
3017         https://bugs.webkit.org/show_bug.cgi?id=181855
3018
3019         Reviewed by Xabier Rodriguez-Calvar.
3020
3021         The goal of this move is to handle the limitation of SVP (Secure Video Path) memory size.
3022
3023         When the decryptor is in the AppendPipeline and we use SVP, we buffer in MediaSource queue
3024         the decrypted GstBuffers that are in SVP memory.
3025         This behavior cause an out-of-memory error, because we are limited in SVP memory size.
3026
3027         By moving the decryptor in PlaybackPipeline, we avoid to buffer the decrypted GstBuffers
3028         which use the SVP memory and we buffer the encrypted GstBuffers that are in system memory.
3029
3030         This new architecture also allows to start the buffering before obtaining the DRM license
3031         and it makes easier to manage dynamic change of the license or Key.
3032
3033         The decryptor is auto plugged by GStreamer playbin in PlaybackPipeline.
3034
3035         SVP: Secure Video Path also named trusted or protected video path, it is a memory which is
3036         protected by a hardware access control engine, it is not accessible to other unauthorised
3037         software or hardware components.
3038
3039         Tests:
3040             media/encrypted-media/clearKey/clearKey-cenc-audio-playback-mse.html
3041             media/encrypted-media/clearKey/clearKey-cenc-video-playback-mse.html
3042
3043         * platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:
3044         (webkitMediaCommonEncryptionDecryptSinkEventHandler):
3045         * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
3046         (WebCore::dumpAppendState):
3047         (WebCore::AppendPipeline::AppendPipeline):
3048         (WebCore::AppendPipeline::handleNeedContextSyncMessage):
3049         (WebCore::AppendPipeline::handleAppsrcNeedDataReceived):
3050         (WebCore::AppendPipeline::setAppendState):
3051         (WebCore::AppendPipeline::parseDemuxerSrcPadCaps):
3052         (WebCore::AppendPipeline::appsinkNewSample):
3053         (WebCore::AppendPipeline::connectDemuxerSrcPadToAppsinkFromAnyThread):
3054         (WebCore::AppendPipeline::disconnectDemuxerSrcPadFromAppsinkFromAnyThread):
3055         (WebCore::appendPipelineElementMessageCallback): Deleted.
3056         (WebCore::AppendPipeline::handleElementMessage): Deleted.
3057         (WebCore::AppendPipeline::dispatchPendingDecryptionStructure): Deleted.
3058         (WebCore::AppendPipeline::dispatchDecryptionStructure): Deleted.
3059         * platform/graphics/gstreamer/mse/AppendPipeline.h:
3060         * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
3061         (WebCore::MediaPlayerPrivateGStreamerMSE::attemptToDecryptWithInstance):
3062         * platform/graphics/gstreamer/mse/PlaybackPipeline.cpp:
3063
3064 2018-04-27  Yacine Bandou  <yacine.bandou_ext@softathome.com>
3065
3066         [EME][GStreamer] Add a new message "decrypt-key-needed" send from the decryptor to the application.
3067         https://bugs.webkit.org/show_bug.cgi?id=181858
3068
3069         Reviewed by Xabier Rodriguez-Calvar.
3070
3071         Add a new message "decrypt-key-needed" that the decryptor can send when it doesn't have an available key.
3072         This message should be handled by the application in order to dispatch or send the key to the decryptor.
3073         This patch is a preparation for the patch 181855.
3074         With the patch 181855, the decryptor will be in the PlaybackPipeline instead of AppendPipeline, thus we can
3075         get the DRM license or key before to instantiate or load the decryptor plugin in PlaybackPipeline.
3076         When the decryptor plugin is instantiated or loaded, it should able to ask the application to resend
3077         the DRM license or key by using this new message "decrypt-key-needed".
3078
3079
3080         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
3081         (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
3082         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
3083         (WebCore::MediaPlayerPrivateGStreamerBase::dispatchCDMInstance):
3084         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
3085         * platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:
3086         (webkitMediaCommonEncryptionDecryptTransformInPlace):
3087
3088 2018-04-26  Justin Fan  <justin_fan@apple.com>
3089
3090         tex[Sub]Image2D slow when passing in a <canvas>, faster with ImageData.
3091         https://bugs.webkit.org/show_bug.cgi?id=184843
3092         <rdar://problem/34898868>
3093
3094         Reviewed by Simon Fraser.
3095
3096         On certain test pages passing 2d canvas objects to gl.texSubImage2D, we spend significant time doing an alpha unpremultiplication in FormatConverter::convert on a single thread. 
3097         For now, I am introducing use of the Accelerate framework to do canvas alpha unpremultiplication, specifically for RGBA8 > RGBA8.
3098         This improves this rendering path by a factor of ~4. The rest of FormatConverter could use similar improvements; filed https://bugs.webkit.org/show_bug.cgi?id=185064 for these. 
3099
3100         * platform/graphics/FormatConverter.cpp:
3101         (WebCore::FormatConverter::convert):
3102
3103 2018-04-26  Simon Fraser  <simon.fraser@apple.com>
3104
3105         Implement rendering support for the color-filter CSS property
3106         https://bugs.webkit.org/show_bug.cgi?id=185047
3107         rdar://problem/39664967
3108
3109         Reviewed by Tim Horton.
3110         
3111         The color-filter property transforms CSS colors just before painting. To support this,
3112         add to RenderStyle colorByApplyingColorFilter() and visitedDependentColorWithColorFilter().
3113         At most calls sites that transform colors for rendering, replace calls to
3114         visitedDependentColor() with visitedDependentColorWithColorFilter(). The few locations
3115         that don't use visitedDependentColor() (e.g. for shadows) call colorByApplyingColorFilter().
3116         
3117         Color transformation is implemented via a new virtual function on FilterOperation;
3118         BasicColorMatrixFilterOperation overrides this to use a new ColorMatrix class to
3119         do color math, and BasicComponentTransferFilterOperation to do the equivalent of component
3120         transfer operations. The math in both cases matches that for SVG filters, with the exception
3121         that color components are stored as floats through multiple filters and then mapped to
3122         normal 0-255 color components at the end.
3123
3124         Tests: css3/color-filters/color-filter-backgrounds-borders.html
3125                css3/color-filters/color-filter-box-shadow.html
3126                css3/color-filters/color-filter-brightness.html
3127                css3/color-filters/color-filter-color-property-list-item.html
3128                css3/color-filters/color-filter-color-property.html
3129                css3/color-filters/color-filter-color-text-decorations.html
3130                css3/color-filters/color-filter-column-rule.html
3131                css3/color-filters/color-filter-contrast.html
3132                css3/color-filters/color-filter-current-color.html
3133                css3/color-filters/color-filter-filter-list.html
3134                css3/color-filters/color-filter-grayscale.html
3135                css3/color-filters/color-filter-hue-rotate.html
3136                css3/color-filters/color-filter-inherits.html
3137                css3/color-filters/color-filter-invert.html
3138                css3/color-filters/color-filter-opacity.html
3139                css3/color-filters/color-filter-outline.html
3140                css3/color-filters/color-filter-saturate.html
3141                css3/color-filters/color-filter-sepia.html
3142                css3/color-filters/color-filter-text-emphasis.html
3143
3144         * html/HTMLTextFormControlElement.cpp:
3145         (WebCore::HTMLTextFormControlElement::adjustInnerTextStyle const):
3146         * page/FrameView.cpp:
3147         (WebCore::FrameView::documentBackgroundColor const):
3148         * platform/graphics/ColorUtilities.cpp:
3149         (WebCore::ColorMatrix::ColorMatrix):
3150         (WebCore::ColorMatrix::makeIdentity):
3151         (WebCore::ColorMatrix::grayscaleMatrix):
3152         (WebCore::ColorMatrix::saturationMatrix):
3153         (WebCore::ColorMatrix::hueRotateMatrix):
3154         (WebCore::ColorMatrix::sepiaMatrix):
3155         (WebCore::ColorMatrix::transformColorComponents const):
3156         * platform/graphics/ColorUtilities.h:
3157         * platform/graphics/filters/FilterOperation.cpp:
3158         (WebCore::BasicColorMatrixFilterOperation::transformColor const):
3159         (WebCore::BasicComponentTransferFilterOperation::transformColor const):
3160         * platform/graphics/filters/FilterOperation.h:
3161         (WebCore::FilterOperation::transformColor const):
3162         * platform/graphics/filters/FilterOperations.cpp:
3163         (WebCore::FilterOperations::transformColor const):
3164         * platform/graphics/filters/FilterOperations.h:
3165         * rendering/BorderEdge.cpp:
3166         (WebCore::BorderEdge::getBorderEdgeInfo):
3167         * rendering/EllipsisBox.cpp:
3168         (WebCore::EllipsisBox::paint):
3169         (WebCore::EllipsisBox::paintSelection):
3170         * rendering/InlineFlowBox.cpp:
3171         (WebCore::InlineFlowBox::paintBoxDecorations):
3172         * rendering/InlineTextBox.cpp:
3173         (WebCore::InlineTextBox::paintMarkedTextForeground):
3174         (WebCore::InlineTextBox::paintMarkedTextDecoration):
3175         (WebCore::InlineTextBox::paintCompositionUnderline const):
3176         * rendering/RenderBox.cpp:
3177         (WebCore::RenderBox::paintRootBoxFillLayers):
3178         (WebCore::RenderBox::paintBackground):
3179         (WebCore::RenderBox::getBackgroundPaintedExtent const):
3180         (WebCore::RenderBox::backgroundIsKnownToBeOpaqueInRect const):
3181         (WebCore::RenderBox::backgroundHasOpaqueTopLayer const):
3182         * rendering/RenderBoxModelObject.cpp:
3183         (WebCore::applyBoxShadowForBackground):
3184         (WebCore::RenderBoxModelObject::paintFillLayerExtended):
3185         (WebCore::RenderBoxModelObject::boxShadowShouldBeAppliedToBackground const):
3186         (WebCore::RenderBoxModelObject::paintBoxShadow):
3187         * rendering/RenderDetailsMarker.cpp:
3188         (WebCore::RenderDetailsMarker::paint):
3189         * rendering/RenderElement.cpp:
3190         (WebCore::RenderElement::selectionColor const):
3191         (WebCore::RenderElement::selectionBackgroundColor const):
3192         (WebCore::RenderElement::paintFocusRing):
3193         (WebCore::RenderElement::paintOutline):
3194         * rendering/RenderFileUploadControl.cpp:
3195         (WebCore::RenderFileUploadControl::paintObject):
3196         * rendering/RenderFrameSet.cpp:
3197         (WebCore::RenderFrameSet::paintColumnBorder):
3198         (WebCore::RenderFrameSet::paintRowBorder):
3199         * rendering/RenderImage.cpp:
3200         (WebCore::RenderImage::paintReplaced):
3201         (WebCore::RenderImage::paintAreaElementFocusRing):
3202         * rendering/RenderInline.cpp:
3203         (WebCore::RenderInline::paintOutline):
3204         * rendering/RenderLayerBacking.cpp:
3205         (WebCore::canDirectlyCompositeBackgroundBackgroundImage):
3206         (WebCore::RenderLayerBacking::rendererBackgroundColor const):
3207         * rendering/RenderLayerCompositor.cpp:
3208         (WebCore::RenderLayerCompositor::rootOrBodyStyleChanged):
3209         * rendering/RenderListBox.cpp:
3210         (WebCore::RenderListBox::paintItemForeground):
3211         (WebCore::RenderListBox::paintItemBackground):
3212         * rendering/RenderListMarker.cpp:
3213         (WebCore::RenderListMarker::paint):
3214         * rendering/RenderMenuList.cpp:
3215         (RenderMenuList::itemStyle const):
3216         (RenderMenuList::getItemBackgroundColor const):
3217         (RenderMenuList::menuStyle const):
3218         * rendering/RenderMultiColumnSet.cpp:
3219         (WebCore::RenderMultiColumnSet::paintColumnRules):
3220         * rendering/RenderSearchField.cpp:
3221         (WebCore::RenderSearchField::menuStyle const):
3222         * rendering/RenderTable.h:
3223         (WebCore::RenderTable::bgColor const):
3224         * rendering/RenderTableCell.cpp:
3225         (WebCore::RenderTableCell::computeCollapsedStartBorder const):
3226         (WebCore::RenderTableCell::computeCollapsedEndBorder const):
3227         (WebCore::RenderTableCell::computeCollapsedBeforeBorder const):
3228         (WebCore::RenderTableCell::computeCollapsedAfterBorder const):
3229         (WebCore::RenderTableCell::paintBackgroundsBehindCell):
3230         * rendering/RenderTableSection.cpp:
3231         (WebCore::RenderTableSection::paintRowGroupBorder):
3232         * rendering/RenderTheme.cpp:
3233         (WebCore::RenderTheme::paintSliderTicks):
3234         * rendering/TextDecorationPainter.cpp:
3235         (WebCore::decorationColor):
3236         * rendering/TextPaintStyle.cpp:
3237         (WebCore::computeTextPaintStyle):
3238         * rendering/mathml/MathOperator.cpp:
3239         (WebCore::MathOperator::paint):
3240         * rendering/mathml/RenderMathMLFraction.cpp:
3241         (WebCore::RenderMathMLFraction::paint):
3242         * rendering/mathml/RenderMathMLMenclose.cpp:
3243         (WebCore::RenderMathMLMenclose::paint):
3244         * rendering/mathml/RenderMathMLRoot.cpp:
3245         (WebCore::RenderMathMLRoot::paint):
3246         * rendering/mathml/RenderMathMLToken.cpp:
3247         (WebCore::RenderMathMLToken::paint):
3248         * rendering/style/RenderStyle.cpp:
3249         (WebCore::RenderStyle::visitedDependentColorWithColorFilter const):
3250         (WebCore::RenderStyle::colorByApplyingColorFilter const):
3251         * rendering/style/RenderStyle.h:
3252
3253 2018-04-26  Mark Lam  <mark.lam@apple.com>
3254
3255         Gardening: Speculative build fix for Windows.
3256         https://bugs.webkit.org/show_bug.cgi?id=184976
3257         <rdar://problem/39723901>
3258
3259         Not reviewed.
3260
3261         * cssjit/CSSPtrTag.h:
3262
3263 2018-04-26  Brent Fulgham  <bfulgham@apple.com>
3264
3265         Show punycode if URL contains Latin small letter o with dot below character
3266         https://bugs.webkit.org/show_bug.cgi?id=185051
3267         <rdar://problem/39459297>
3268
3269         Reviewed by David Kilzer.
3270
3271         Revise our "lookalike character" logic to include the small Latin o
3272         with dot below character.
3273
3274         Test: fast/url/host.html
3275
3276         * platform/mac/WebCoreNSURLExtras.mm:
3277         (WebCore::isLookalikeCharacter):
3278
3279 2018-04-26  Daniel Bates  <dabates@apple.com>
3280
3281         Fix the build following r231068
3282         (https://bugs.webkit.org/show_bug.cgi?id=185002)
3283
3284         Substitute mainResourceRequest.resourceRequest().url() for mainResourceRequest.url() as the
3285         latter does not exist.
3286
3287         * loader/DocumentLoader.cpp:
3288         (WebCore::DocumentLoader::loadMainResource):
3289
3290 2018-04-26  Daniel Bates  <dabates@apple.com>
3291
3292         DocumentLoader::loadMainResource() should WTFMove() the passed ResourceRequest
3293         https://bugs.webkit.org/show_bug.cgi?id=185002
3294
3295         Reviewed by Youenn Fablet and Alex Christensen.
3296
3297         In r224852 we extracted logic from DocumentLoader::startLoadingMainResource() into a new
3298         function DocumentLoader::loadMainResource() that could be shared by both DocumentLoader::startLoadingMainResource()
3299         and the service worker code. As part of this extraction, DocumentLoader::loadMainResource()
3300         takes a ResourceRequest by rvalue reference, but it never actually takes ownership of this
3301         ResourceRequest and subsequently makes a copy of it when instantiating a CachedResourceRequest.
3302         Instead we should WTFMove() the passed request into the CachedResourceRequest.
3303
3304         * loader/DocumentLoader.cpp:
3305         (WebCore::DocumentLoader::loadMainResource):
3306
3307 2018-04-26  Sihui Liu  <sihui_liu@apple.com>
3308
3309         -[WKHTTPCookieStore deleteCookie:completionHandler:] doesn't delete cookies
3310         https://bugs.webkit.org/show_bug.cgi?id=184938
3311         <rdar://problem/34737395>
3312
3313         Reviewed by Geoffrey Garen.
3314
3315         When a Cookie object was converted to NSHTTPCookie object, the HTTPOnly property information
3316         was lost so the delete function cannot find the proper cookie to delete.
3317         This patch implements a workaround that compares Cookie object instead of NSHTTPCookie 
3318         object. We might want to add the ability to set HTTPOnly header during conversion if there
3319         is an easy way to do it later.
3320         
3321         New API test: WebKit.WKHTTPCookieStoreHttpOnly
3322
3323         * platform/network/cocoa/CookieCocoa.mm:
3324         (WebCore::Cookie::operator== const):
3325         * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
3326         (WebCore::NetworkStorageSession::deleteCookie):
3327
3328 2018-04-26  Commit Queue  <commit-queue@webkit.org>
3329
3330         Unreviewed, rolling out r231052.
3331         https://bugs.webkit.org/show_bug.cgi?id=185044
3332
3333         Broke test http/tests/security/credentials-main-resource.html
3334         (Requested by dydz on #webkit).
3335
3336         Reverted changeset:
3337
3338         "DocumentLoader::loadMainResource() should WTFMove() the
3339         passed ResourceRequest"
3340         https://bugs.webkit.org/show_bug.cgi?id=185002
3341         https://trac.webkit.org/changeset/231052
3342
3343 2018-04-26  Jer Noble  <jer.noble@apple.com>
3344
3345         WK_COCOA_TOUCH all the things.
3346         https://bugs.webkit.org/show_bug.cgi?id=185006
3347
3348         Reviewed by Tim Horton.
3349
3350         * Configurations/WebCore.xcconfig:
3351
3352 2018-04-26  David Kilzer  <ddkilzer@apple.com>
3353
3354         Make WAKScrollView delegate a weak property
3355         <https://webkit.org/b/184799>
3356         <rdar://problem/39469669>
3357
3358         Reviewed by Simon Fraser.
3359
3360         * platform/ios/wak/WAKScrollView.h:
3361         - Remove `delegate` instance variable declaration.
3362         - Declare `delegate` property as weak.
3363         (-[WAKScrollView setDelegate:]): Delete declaration.
3364         (-[WAKScrollView delegate]): Ditto.
3365         * platform/ios/wak/WAKScrollView.mm:
3366         - Synthesize getter/setter methods for `delegate` property.
3367         (-[WAKScrollView setDelegate:]): Delete implementation.
3368         (-[WAKScrollView delegate]): Ditto.
3369
3370 2018-04-26  Youenn Fablet  <youenn@apple.com>
3371
3372         CORS preflight checker should add a console message when preflight load is blocked
3373         https://bugs.webkit.org/show_bug.cgi?id=185021
3374
3375         Reviewed by Chris Dumez.
3376
3377         No change of behavior, adding a JS console message when preflight load is blocked.
3378         This mirrors what is being done in preflighting done from NetworkProcess.
3379         Covered by existing tests.
3380
3381         * loader/CrossOriginPreflightChecker.cpp:
3382         (WebCore::CrossOriginPreflightChecker::notifyFinished):
3383         (WebCore::CrossOriginPreflightChecker::doPreflight):
3384
3385 2018-04-26  Daniel Bates  <dabates@apple.com>
3386
3387         DocumentLoader::loadMainResource() should WTFMove() the passed ResourceRequest
3388         https://bugs.webkit.org/show_bug.cgi?id=185002
3389
3390         Reviewed by Youenn Fablet and Alex Christensen.
3391
3392         In r224852 we extracted logic from DocumentLoader::startLoadingMainResource() into a new
3393         function DocumentLoader::loadMainResource() that could be shared by both DocumentLoader::startLoadingMainResource()
3394         and the service worker code. As part of this extraction, DocumentLoader::loadMainResource()
3395         takes a ResourceRequest by rvalue reference, but it never actually takes ownership of this
3396         ResourceRequest and subsequently makes a copy of it when instantiating a CachedResourceRequest.
3397         Instead we should WTFMove() the passed request into the CachedResourceRequest.
3398
3399         * loader/DocumentLoader.cpp:
3400         (WebCore::DocumentLoader::loadMainResource):
3401
3402 2018-04-26  Per Arne Vollan  <pvollan@apple.com>
3403
3404         Disable content filtering in minimal simulator mode
3405         https://bugs.webkit.org/show_bug.cgi?id=185027
3406         <rdar://problem/39736091>
3407
3408         Reviewed by Jer Noble.
3409
3410         * Configurations/FeatureDefines.xcconfig:
3411
3412 2018-04-25  Brent Fulgham  <bfulgham@apple.com>
3413
3414         Add port 548 (afpovertcp) to port blacklist
3415         https://bugs.webkit.org/show_bug.cgi?id=185000
3416         <rdar://problem/39540481>
3417
3418         Reviewed by David Kilzer.
3419
3420         Tested by security/block-test.html.
3421
3422         * platform/URL.cpp:
3423         (WebCore::portAllowed):Also block port 548.
3424
3425 2018-04-26  Andy VanWagoner  <thetalecrafter@gmail.com>
3426
3427         [INTL] Implement Intl.PluralRules
3428         https://bugs.webkit.org/show_bug.cgi?id=184312
3429
3430         Reviewed by JF Bastien.
3431
3432         Added Intl.PluralRules feature flag.
3433
3434         Test: js/intl-pluralrules.html
3435
3436         * Configurations/FeatureDefines.xcconfig:
3437
3438 2018-04-15  Darin Adler  <darin@apple.com>
3439
3440         [Cocoa] Adopt CCRSAGetCRTComponents and stop using CCBigNum
3441         https://bugs.webkit.org/show_bug.cgi?id=184637
3442
3443         Reviewed by Alexey Proskuryakov.
3444
3445         * crypto/CommonCryptoUtilities.cpp: Compile out WebCore::CCBigNum class if