CSS Exclusions polygon shape arguments should be comma separated

[WebKit-https.git] / Source / WebCore / ChangeLog

2012-04-05  Hans Muller  <hmuller@adobe.com>

        CSS Exclusions polygon shape arguments should be comma separated
        https://bugs.webkit.org/show_bug.cgi?id=82368

        Reviewed by Ryosuke Niwa.

        Changed the CSS Parser to accept a conventional comma separated argument list for the
        polygon exclusion shape. The syntax had used spaces to separate x,y coordinates, like:
        polygon(10px,20px 30px,40px).  Now commas separate points: polygon(10px 20px, 30px 40px).
        This change is per the draft exclusions spec, http://dev.w3.org/csswg/css3-exclusions.
        Additional relevant information about CSS argument list syntax can be found
        here: http://dev.w3.org/csswg/css3-values/#component-whitespace.

        Factored comma recognition idiom in CSSParser.cpp into isComma() utility function.

        The existing tests have been updated.

        * css/CSSParser.cpp:
        (WebCore::isComma)
        (WebCore::CSSParser::parseFillPosition)
        (WebCore::CSSParser::parseFillRepeat)
        (WebCore::CSSParser::parseFillProperty)
        (WebCore::CSSParser::parseCubicBezierTimingFunctionValue)
        (WebCore::CSSParser::parseAnimationTimingFunction)
        (WebCore::CSSParser::parseAnimationProperty)
        (WebCore::CSSParser::parseExclusionShapePolygon)
        (WebCore::CSSParser::parseDeprecatedGradient)
        (WebCore::CSSParser::parseRadialGradient)
        (WebCore::CSSParser::parseGradientColorStops)
        (WebCore::CSSParser::parseImageSet)
        (WebCore::filterInfoForName)
        (WebCore::CSSParser::parseCustomFilter)
        (WebCore::CSSParser::parseFontFeatureSettings)

        * css/CSSWrapShapes.cpp:
        (WebCore::CSSWrapShapePolygon::cssText):

2012-04-05  Joshua Bell  <jsbell@chromium.org>

        IndexedDB: Support string.length in keyPaths
        https://bugs.webkit.org/show_bug.cgi?id=83221

        Special case in the IDB spec - keyPaths can reference the |length| property
        of string values. Other instrinsic properties (|length| of Array, etc) are
        handled automagically. Relevant section of the updated spec is:
        http://dvcs.w3.org/hg/IndexedDB/raw-file/tip/Overview.html#key-path-construct

        Reviewed by Kentaro Hara.

        Test: storage/indexeddb/keypath-intrinsic-properties.html

        * bindings/v8/IDBBindingUtilities.cpp:
        (WebCore):

2012-04-05  Arvid Nilsson  <anilsson@rim.com>

        [BlackBerry] Update the InstrumentedPlatformCanvas after rebasing Skia
        https://bugs.webkit.org/show_bug.cgi?id=83314

        Reviewed by George Staikos.

        RIM PR: 143771
        One new virtual method was added to the SkCanvas, to draw a nine piece
        image. Override it and mark output as not being a solid color anymore.

        * platform/graphics/blackberry/InstrumentedPlatformCanvas.h:
        (WebCore::InstrumentedPlatformCanvas::drawBitmapNine):
        (InstrumentedPlatformCanvas):

2012-04-05  Oliver Hunt  <oliver@apple.com>

        Make WebCore use jsCast rather than static_cast for casting JSC objects
        https://bugs.webkit.org/show_bug.cgi?id=83320

        Reviewed by Stephanie Lewis.

        Mechanically replace static_cast with jsCast where ever we can.

        * WebCore.exp.in:
        * bindings/js/DOMWrapperWorld.cpp:
        (WebCore::JSStringOwner::finalize):
        * bindings/js/DOMWrapperWorld.h:
        (WebCore::currentWorld):
        * bindings/js/JSArrayBufferCustom.cpp:
        (WebCore::JSArrayBufferConstructor::constructJSArrayBuffer):
        * bindings/js/JSAudioContextCustom.cpp:
        (WebCore::JSAudioContextConstructor::constructJSAudioContext):
        * bindings/js/JSCSSRuleListCustom.cpp:
        (WebCore::JSCSSRuleListOwner::isReachableFromOpaqueRoots):
        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        (WebCore::cssPropertyGetterPixelOrPosPrefixCallback):
        (WebCore::cssPropertyGetterCallback):
        * bindings/js/JSCSSValueCustom.cpp:
        (WebCore::JSCSSValueOwner::isReachableFromOpaqueRoots):
        (WebCore::JSCSSValueOwner::finalize):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::reportException):
        * bindings/js/JSDOMBinding.h:
        (WebCore::deprecatedGlobalObjectForPrototype):
        (WebCore::getDOMPrototype):
        * bindings/js/JSDOMFormDataCustom.cpp:
        (WebCore::toHTMLFormElement):
        (WebCore::JSDOMFormDataConstructor::constructJSDOMFormData):
        * bindings/js/JSDOMMimeTypeArrayCustom.cpp:
        (WebCore::JSDOMMimeTypeArray::nameGetter):
        * bindings/js/JSDOMPluginArrayCustom.cpp:
        (WebCore::JSDOMPluginArray::nameGetter):
        * bindings/js/JSDOMPluginCustom.cpp:
        (WebCore::JSDOMPlugin::nameGetter):
        * bindings/js/JSDOMStringMapCustom.cpp:
        (WebCore::JSDOMStringMap::nameGetter):
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::toJSDOMWindow):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::childFrameGetter):
        (WebCore::indexGetter):
        (WebCore::namedItemGetter):
        (WebCore::toDOMWindow):
        * bindings/js/JSDOMWindowCustom.h:
        (WebCore::asJSDOMWindow):
        * bindings/js/JSDOMWindowShell.h:
        (WebCore::JSDOMWindowShell::window):
        * bindings/js/JSDOMWrapper.h:
        (WebCore::JSDOMWrapper::globalObject):
        * bindings/js/JSDataViewCustom.cpp:
        (WebCore::JSDataViewConstructor::constructJSDataView):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::handleEvent):
        * bindings/js/JSEventTarget.cpp:
        (WebCore):
        (WebCore::toEventTarget):
        * bindings/js/JSFloat32ArrayCustom.cpp:
        (WebCore::JSFloat32ArrayConstructor::constructJSFloat32Array):
        * bindings/js/JSFloat64ArrayCustom.cpp:
        (WebCore::JSFloat64ArrayConstructor::constructJSFloat64Array):
        * bindings/js/JSGeolocationCustom.cpp:
        (WebCore::JSGeolocation::getCurrentPosition):
        (WebCore::JSGeolocation::watchPosition):
        * bindings/js/JSHTMLAllCollectionCustom.cpp:
        (WebCore::callHTMLAllCollection):
        (WebCore::JSHTMLAllCollection::nameGetter):
        * bindings/js/JSHTMLCollectionCustom.cpp:
        (WebCore::JSHTMLCollection::nameGetter):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::nameGetter):
        * bindings/js/JSHTMLFormElementCustom.cpp:
        (WebCore::JSHTMLFormElement::nameGetter):
        * bindings/js/JSHTMLFrameSetElementCustom.cpp:
        (WebCore::JSHTMLFrameSetElement::nameGetter):
        * bindings/js/JSHTMLOptionsCollectionCustom.cpp:
        (WebCore::JSHTMLOptionsCollection::remove):
        * bindings/js/JSImageConstructor.cpp:
        (WebCore::constructImage):
        * bindings/js/JSInjectedScriptManager.cpp:
        (WebCore::InjectedScriptManager::createInjectedScript):
        (WebCore::InjectedScriptManager::discardInjectedScript):
        (WebCore::InjectedScriptManager::injectedScriptFor):
        * bindings/js/JSInt16ArrayCustom.cpp:
        (WebCore::JSInt16ArrayConstructor::constructJSInt16Array):
        * bindings/js/JSInt32ArrayCustom.cpp:
        (WebCore::JSInt32ArrayConstructor::constructJSInt32Array):
        * bindings/js/JSInt8ArrayCustom.cpp:
        (WebCore::JSInt8ArrayConstructor::constructJSInt8Array):
        * bindings/js/JSLazyEventListener.cpp:
        (WebCore::JSLazyEventListener::initializeJSFunction):
        * bindings/js/JSNamedNodeMapCustom.cpp:
        (WebCore::JSNamedNodeMap::nameGetter):
        * bindings/js/JSNodeCustom.cpp:
        (WebCore::JSNodeOwner::isReachableFromOpaqueRoots):
        (WebCore::JSNodeOwner::finalize):
        * bindings/js/JSNodeCustom.h:
        (WebCore::toJS):
        * bindings/js/JSNodeFilterCustom.cpp:
        (WebCore::toNodeFilter):
        * bindings/js/JSNodeListCustom.cpp:
        (WebCore::JSNodeListOwner::isReachableFromOpaqueRoots):
        (WebCore::JSNodeList::nameGetter):
        * bindings/js/JSPluginElementFunctions.cpp:
        (WebCore::runtimeObjectPropertyGetter):
        (WebCore::callPlugin):
        * bindings/js/JSPopStateEventCustom.cpp:
        (WebCore::JSPopStateEvent::state):
        * bindings/js/JSSQLTransactionCustom.cpp:
        (WebCore::JSSQLTransaction::executeSql):
        * bindings/js/JSSharedWorkerCustom.cpp:
        (WebCore::JSSharedWorkerConstructor::constructJSSharedWorker):
        * bindings/js/JSStorageCustom.cpp:
        (WebCore::JSStorage::nameGetter):
        * bindings/js/JSStyleSheetListCustom.cpp:
        (WebCore::JSStyleSheetList::nameGetter):
        * bindings/js/JSTextTrackCueCustom.cpp:
        (WebCore::JSTextTrackCueOwner::isReachableFromOpaqueRoots):
        * bindings/js/JSTextTrackCustom.cpp:
        (WebCore::JSTextTrackOwner::isReachableFromOpaqueRoots):
        * bindings/js/JSTextTrackListCustom.cpp:
        (WebCore::JSTextTrackListOwner::isReachableFromOpaqueRoots):
        * bindings/js/JSTrackCustom.cpp:
        (WebCore::toTrack):
        * bindings/js/JSUint16ArrayCustom.cpp:
        (WebCore::JSUint16ArrayConstructor::constructJSUint16Array):
        * bindings/js/JSUint32ArrayCustom.cpp:
        (WebCore::JSUint32ArrayConstructor::constructJSUint32Array):
        * bindings/js/JSUint8ArrayCustom.cpp:
        (WebCore::JSUint8ArrayConstructor::constructJSUint8Array):
        * bindings/js/JSUint8ClampedArrayCustom.cpp:
        (WebCore::JSUint8ClampedArrayConstructor::constructJSUint8ClampedArray):
        * bindings/js/JSWebKitMutationObserverCustom.cpp:
        (WebCore::JSWebKitMutationObserverConstructor::constructJSWebKitMutationObserver):
        * bindings/js/JSWebKitPointCustom.cpp:
        (WebCore::JSWebKitPointConstructor::constructJSWebKitPoint):
        * bindings/js/JSWebSocketCustom.cpp:
        (WebCore::JSWebSocketConstructor::constructJSWebSocket):
        * bindings/js/JSWorkerContextBase.cpp:
        (WebCore::toJSDedicatedWorkerContext):
        (WebCore::toJSSharedWorkerContext):
        * bindings/js/JSWorkerCustom.cpp:
        (WebCore::JSWorkerConstructor::constructJSWorker):
        * bindings/js/JSXSLTProcessorCustom.cpp:
        (WebCore::JSXSLTProcessor::importStylesheet):
        (WebCore::JSXSLTProcessor::transformToFragment):
        (WebCore::JSXSLTProcessor::transformToDocument):
        * bindings/js/ScriptCallStackFactory.cpp:
        (WebCore::createScriptCallStackForInspector):
        * bindings/js/ScriptControllerMac.mm:
        (WebCore::updateStyleIfNeededForBindings):
        * bindings/js/ScriptDebugServer.cpp:
        (WebCore::ScriptDebugServer::dispatchDidPause):
        * bindings/js/ScriptObject.cpp:
        (WebCore::ScriptGlobalObject::set):
        * bindings/js/ScriptState.cpp:
        (WebCore::domWindowFromScriptState):
        (WebCore::scriptExecutionContextFromScriptState):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::fillTransferMap):
        (WebCore::CloneSerializer::dumpArrayBufferView):
        (WebCore::CloneDeserializer::getJSValue):
        (WebCore::CloneDeserializer::readTerminal):
        * bindings/objc/WebScriptObject.mm:
        (-[WebScriptObject _isSafeScript]):
        (+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateGetOwnPropertySlotBody):
        (GenerateGetOwnPropertyDescriptorBody):
        (GenerateImplementation):
        (GenerateCallWith):
        (NativeToJSValue):
        (GenerateConstructorDefinition):
        * bridge/jni/jni_jsobject.h:
        * bridge/jni/jni_jsobject.mm:
        (JavaJSObject::convertJObjectToValue):
        * bridge/jni/jsc/JavaInstanceJSC.cpp:
        (JavaInstance::invokeMethod):
        * bridge/objc/objc_utility.mm:
        (JSC::Bindings::convertValueToObjcValue):
        * bridge/runtime_method.cpp:
        (JSC::callRuntimeMethod):
        * bridge/runtime_object.cpp:
        (JSC::Bindings::callRuntimeConstructor):
        * testing/js/WebCoreTestSupport.cpp:
        (WebCoreTestSupport::injectInternalsObject):
        (WebCoreTestSupport::resetInternalsObject):

2012-04-05  Martin Robinson  <mrobinson@igalia.com>

        [GTK] Scrolling some iframes that are partially out of the viewport leads to repaint errors
        https://bugs.webkit.org/show_bug.cgi?id=83309

        Reviewed by Gustavo Noronha Silva.

        Test: platform/gtk/fast/frames/scrolling-iframe-out-of-viewport.html

        The X11 backing store was not properly trimming the scroll region when it
        was only a portion of the screen. This was hidden by subsequent repaints.

        * platform/gtk/GtkWidgetBackingStoreX11.cpp:
        (WebCore::WidgetBackingStore::scroll): Fix the calculation of the scrolling region.

2012-04-05  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r113299.
        http://trac.webkit.org/changeset/113299
        https://bugs.webkit.org/show_bug.cgi?id=83297

        The patch broke 11 tests on Lion. (Requested by jonlee on
        #webkit).

        * xml/parser/XMLDocumentParser.h:
        (XMLDocumentParser):
        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLDocumentParser::XMLDocumentParser):
        (WebCore::XMLDocumentParser::startElementNs):
        (WebCore::XMLDocumentParser::endElementNs):
        (WebCore::getEntityHandler):
        (WebCore::XMLDocumentParser::initializeParserContext):

2012-04-05  Justin Novosad  <junov@chromium.org>

        [Chromium] Correct misleading trace event names in Canvas2DLayerChromium
        https://bugs.webkit.org/show_bug.cgi?id=83310

        Reviewed by Adrienne Walker.

        * platform/graphics/chromium/Canvas2DLayerChromium.cpp:
        (WebCore::Canvas2DLayerChromium::paintContentsIfDirty):

2012-04-05  Dean Jackson  <dino@apple.com>

        [mac] requestAnimationFrame sometimes stuck when page loads in a background tab
        https://bugs.webkit.org/show_bug.cgi?id=76105

        Reviewed by Simon Fraser.

        Fix three issues with requestAnimationFrame:
        - It's possible for the call to rAF to come to the document before there
          is a page associated. Added a guard for this.
        - A page may try to suspend the scripted animations before the
          ScriptedAnimationController exists, in which case we need to
          suspend it immediately after it is created. Do this by keeping
          track of the state in Page. Otherwise rAF would be busy looping
          on hidden pages until they are brought to the front and hidden again.
        - A page created in the background (from WebKit1) does not get
          informed it is not visible. This can mean that resume() is called
          more times than suspend() and we get into a state where the number
          of suspensions becomes -1, and thus fails truthiness tests. Clamp it
          to values >= 0.

        No new tests, since this is not automatically testable. The most reliable test
        is to open a page with rAF in a background tab within Safari.

        * dom/Document.cpp:
        (WebCore::Document::webkitRequestAnimationFrame):
        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::resume):
        * page/Page.cpp:
        (WebCore::Page::Page):
        (WebCore::Page::suspendScriptedAnimations):
        (WebCore::Page::resumeScriptedAnimations):
        * page/Page.h:
        (WebCore::Page::scriptedAnimationsSuspended):
        (Page):

2012-04-05  Brady Eidson  <beidson@apple.com>

        <rdar://problem/9359029> and https://bugs.webkit.org/show_bug.cgi?id=83311
        Crashes in WebProcess at WebCore::HistoryController::recursiveSetProvisionalItem when restoring previous session

        Reviewed by Sam Weinig.

        It's possible to hit a race condition between the UIProcess and the WebProcess where the UIProcess records for a 
        page have been cleared out but the WebProcess is still trying to perform a history navigation within that page.
        
        In this situation HistoryController code that expects there to always be a current history item in the back/forward
        controller is wrong.

        No new tests. (The race conditions involved have proven making a test impractical)

        * loader/HistoryController.cpp:
        (WebCore::HistoryController::recursiveSetProvisionalItem): Don't ASSERT the fromItem. We now know there might not be one.
        (WebCore::HistoryController::recursiveGoToItem): Ditto
        (WebCore::HistoryController::itemsAreClones): Always return false if either item is null, as a null item and a non-null
          item cannot possible be clones of each other.

2012-04-05  Adam Klein  <adamk@chromium.org>

        Crash in MutationObservers due to an invalid HashSet iterator
        https://bugs.webkit.org/show_bug.cgi?id=83304

        Reviewed by Ojan Vafai.

        If the observed node has been GCed when we clear transient observers
        from it, the HashSet iterator in WebKitMutationObserver::deliver would
        be invalidated. This patch fixes that behavior by copying the relevant
        registrations into a seperate vector first and operating on the copy.

        This patch also fixes a bug: transient observers should be cleared
        after every microtask, not just when delivering.

        Tests: fast/mutation/clear-transient-without-delivery.html
               fast/mutation/transient-gc-crash.html

        * dom/MutationObserverRegistration.cpp:
        (WebCore::MutationObserverRegistration::observedSubtreeNodeWillDetach):
        Notify the observer that it has a transient registration so it can be properly cleared.
        * dom/MutationObserverRegistration.h:
        (WebCore::MutationObserverRegistration::hasTransientRegistrations):
        Add an accessor for use when deliver() creates its vector of registrations.
        * dom/WebKitMutationObserver.cpp:
        (WebCore::WebKitMutationObserver::setHasTransientRegistration): Add this to the active observer set
        to allow transient registrations to be cleared appropriately.
        (WebCore::WebKitMutationObserver::deliver): Avoid modifying m_registrations while iterating over it.
        Clear registrations before checking for a lack of records to deliver.
        * dom/WebKitMutationObserver.h:

2012-04-05  Adam Klein  <adamk@chromium.org>

        Rebaseline binding tests after r113272.

        * bindings/scripts/test/V8/V8TestInterface.cpp:
        (WebCore::V8TestInterface::constructorCallback):
        * bindings/scripts/test/V8/V8TestNamedConstructor.cpp:
        (WebCore::V8TestNamedConstructorConstructorCallback):
        * bindings/scripts/test/V8/V8TestObj.cpp:
        (WebCore::V8TestObj::constructorCallback):
        * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp:
        (WebCore::V8TestSerializedScriptValueInterface::constructorCallback):

2012-04-05  Stephen White  <senorblanco@chromium.org>

        [chromium] Drawing an accelerated canvas onto itself is slow.
        https://bugs.webkit.org/show_bug.cgi?id=83295

        Fixed by using a GPU-side deepCopy() in skia, so we don't trigger a
        readback and re-upload.

        Reviewed by James Robinson.

        Correctness is covered by existing tests. Performance is covered
        by the test case attached to the bug.

        * platform/graphics/skia/ImageSkia.cpp:
        (WebCore::BitmapImageSingleFrameSkia::create):

2012-04-05  Dana Jansens  <danakj@chromium.org>

        [chromium] Record the number of tiles paint-culled instead of the incorrect number of pixels
        https://bugs.webkit.org/show_bug.cgi?id=82423

        Reviewed by Adrienne Walker.

        We currently attempt to record the number of pixels we save from uploading,
        however the number is wrong in two ways.
        1) An early-out if everything is culled results in nothing being reported.
        2) With threaded-compositor, the number of pixels uploaded in one tile can be
        changed by culling in another tile, making the number far too difficult to
        compute to be worthwhile. If a tile was going to be partial-updated, but is
        culled, now a new tile gets to be partial-updated instead, which affects the
        numbers.

        This patch breaks up CCOverdrawMetrics to make the methods/variables less
        overloaded and more clear. This way they don't have to mirror each other
        so closely on paint/draw sides.

        Then we record the number of tiles for which we prevented upload via paint
        culling. This will still over-report (a dirty culled tile stays dirty and
        will be culled again each commit), but it seems more reasonable as it
        clearly does not try to mimic a performance metric in the way that a pixel
        count does, but still gives a rough estimation of the amount of paint
        culling going on in a page.

        Covered by existing tests, modified where needed.

        * platform/graphics/chromium/TiledLayerChromium.cpp:
        (WebCore::TiledLayerChromium::prepareToUpdateTiles):
        * platform/graphics/chromium/cc/CCOverdrawMetrics.cpp:
        (WebCore::CCOverdrawMetrics::CCOverdrawMetrics):
        (WebCore::CCOverdrawMetrics::didCullTileForUpload):
        (WebCore):
        (WebCore::CCOverdrawMetrics::didUpload):
        (WebCore::CCOverdrawMetrics::didCullForDrawing):
        (WebCore::CCOverdrawMetrics::recordMetrics):
        (WebCore::CCOverdrawMetrics::recordMetricsInternal):
        * platform/graphics/chromium/cc/CCOverdrawMetrics.h:
        (CCOverdrawMetrics):
        (WebCore::CCOverdrawMetrics::pixelsCulledForDrawing):
        (WebCore::CCOverdrawMetrics::pixelsUploadedOpaque):
        (WebCore::CCOverdrawMetrics::pixelsUploadedTranslucent):
        (WebCore::CCOverdrawMetrics::tilesCulledForUpload):
        * platform/graphics/chromium/cc/CCQuadCuller.cpp:
        (WebCore::CCQuadCuller::append):

2012-04-05  Enrica Casucci  <enrica@apple.com>

        Provide a separate editing command to cleanup of redundant markup.
        https://bugs.webkit.org/show_bug.cgi?id=83240

        Reviewed by Ryosuke Niwa.

        This patch moves the logic originally performed by the private
        method removeRedundantMarkup inside ReplaceSelectionCommand into
        a separate command. This way the markup cleanup can be exposed as
        a separate command, independent from ReplaceSelectionCommand.
        
        No new tests. No change in functionality.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * Target.pri:
        * WebCore.gypi:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        Added new file to project files.
        * editing/EditorAllInOne.cpp: Added SimplifyMarkupCommand.
        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplaceSelectionCommand::doApply): Now uses SimplifyMarkupCommand.
        * editing/ReplaceSelectionCommand.h:
        (ReplaceSelectionCommand): Removed removeRedundantMarkup.
        * editing/SimplifyMarkupCommand.cpp: Added.
        (WebCore::SimplifyMarkupCommand::SimplifyMarkupCommand):
        (WebCore::SimplifyMarkupCommand::doApply):
        * editing/SimplifyMarkupCommand.h: Added.
        (WebCore::SimplifyMarkupCommand::create):

2012-04-05  Shawn Singh  <shawnsingh@chromium.org>

        [chromium] Need to clip to homogeneous w=0 plane when applying transforms.
        https://bugs.webkit.org/show_bug.cgi?id=80806

        Reviewed by Adrienne Walker.

        Unit tests added to CCLayerTreeHostCommon. This change is also
        covered by other existing unit tests and layout tests.

        WebCore TransformationMatrix mapRect / mapQuad / projectQuad do
        not properly handle the case where a surface is oriented partially
        behind the camera, with a perspective projection. In this case,
        projected points may appear to be valid in cartesian coordinates,
        but they are indeed not valid, and this problem can only be
        detected in homogeneous coordinates after applying the transform,
        before the divide-by-w step.

        The correct solution is to clip geometry where w < 0. This patch
        makes this change local to chromium only, to fix rendering bugs
        that arise from this problem. The primary fix is to correct
        calculateVisibleLayerRect(), but other ancillary locations are
        also fixed, in particular, the antialiasing code path is simply
        skipped when this case arises.

        Eventually this math needs to be merged into TransformationMatrix,
        to fix hit-testing bugs that occur in both Chromium and Safari.

        * WebCore.gypi:
        * platform/graphics/chromium/LayerRendererChromium.cpp:
        (WebCore::findTileProgramUniforms):
        (WebCore::LayerRendererChromium::drawTileQuad):
        * platform/graphics/chromium/cc/CCLayerTreeHostCommon.cpp:
        (WebCore::CCLayerTreeHostCommon::calculateVisibleRect):
        (WebCore::isScaleOrTranslation):
        (WebCore::calculateDrawTransformsAndVisibilityInternal):
        * platform/graphics/chromium/cc/CCMathUtil.cpp: Added.
        (WebCore):
        (WebCore::HomogeneousCoordinate::HomogeneousCoordinate):
        (HomogeneousCoordinate):
        (WebCore::HomogeneousCoordinate::shouldBeClipped):
        (WebCore::HomogeneousCoordinate::cartesianPoint2d):
        (WebCore::projectPoint):
        (WebCore::mapPoint):
        (WebCore::computeClippedPointForEdge):
        (WebCore::expandBoundsToIncludePoint):
        (WebCore::computeEnclosingRectOfClippedQuad):
        (WebCore::computeEnclosingRect):
        (WebCore::CCMathUtil::mapClippedRect):
        (WebCore::CCMathUtil::projectClippedRect):
        (WebCore::CCMathUtil::mapQuad):
        (WebCore::CCMathUtil::projectQuad):
        * platform/graphics/chromium/cc/CCMathUtil.h: Added.
        (WebCore):
        (CCMathUtil):
        * platform/graphics/chromium/cc/CCOcclusionTracker.cpp:
        (WebCore::computeUnoccludedContentRect):

2012-04-05  Patrick Gansterer  <paroga@webkit.org>

        [Qt] Correct <wtf/*.h> include paths.
        https://bugs.webkit.org/show_bug.cgi?id=83270

        Reviewed by Eric Seidel.

        Modify the #include declerations so that the
        wtf types are included using the full path.

        * platform/graphics/TiledBackingStoreBackend.h:

2012-04-05  Antonio Gomes  <agomes@rim.com>

        Unreviewed bit left over from rebasing the origin patch before landing it.

        Complementary to r113329.

        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::operator=):

2012-04-05  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r113241.
        http://trac.webkit.org/changeset/113241
        https://bugs.webkit.org/show_bug.cgi?id=83293

        Requested by sievers@chromium.org (Requested by zhenyao on
        #webkit).

        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
        (WebCore::CCLayerTreeHostImpl::canDraw):
        (WebCore::CCLayerTreeHostImpl::prepareToDraw):
        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
        (CCLayerTreeHostImpl):
        * platform/graphics/chromium/cc/CCThreadProxy.cpp:
        (WebCore::CCThreadProxy::scheduledActionDrawAndSwapInternal):

2012-04-05  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r113341.
        http://trac.webkit.org/changeset/113341
        https://bugs.webkit.org/show_bug.cgi?id=83299

        bots caught some build errors (Requested by shawnsingh on
        #webkit).

        * WebCore.gypi:
        * platform/graphics/chromium/LayerRendererChromium.cpp:
        (WebCore::findTileProgramUniforms):
        (WebCore::LayerRendererChromium::drawTileQuad):
        * platform/graphics/chromium/cc/CCLayerTreeHostCommon.cpp:
        (WebCore::CCLayerTreeHostCommon::calculateVisibleRect):
        (WebCore::isScaleOrTranslation):
        (WebCore::calculateDrawTransformsAndVisibilityInternal):
        * platform/graphics/chromium/cc/CCMathUtil.cpp: Removed.
        * platform/graphics/chromium/cc/CCMathUtil.h: Removed.
        * platform/graphics/chromium/cc/CCOcclusionTracker.cpp:
        (WebCore::projectQuad):
        (WebCore):
        (WebCore::computeUnoccludedContentRect):

2012-04-05  Justin Novosad  <junov@chromium.org>

        [Chromium] With the skia port, setting LCD text filtering is causing
        texture cache invalidations of gpu canvas backing store
        https://bugs.webkit.org/show_bug.cgi?id=74183

        Reviewed by Stephen White.

        Replacing unnecessary usage of SkCanvas::LayerIter with calls to
        SkCanvas::isDrawingToLayer(). Same results, lower overhead, and no
        GPU texture invalidation.

        * platform/graphics/chromium/FontChromiumWin.cpp:
        (WebCore):
        (WebCore::TransparencyAwareFontPainter::initializeForGDI):
        * platform/graphics/harfbuzz/FontHarfBuzz.cpp:
        (WebCore):
        (WebCore::adjustTextRenderMode):
        * platform/graphics/skia/FontSkia.cpp:
        (WebCore):
        (WebCore::adjustTextRenderMode):
        * platform/graphics/skia/SkiaFontWin.cpp:
        (WebCore):
        (WebCore::disableTextLCD):
        * rendering/RenderThemeChromiumWin.cpp:
        (WebCore):

2012-04-05  Zan Dobersek  <zandobersek@gmail.com>

        media/track/track-webvtt-tc004-magic-header.html flakily times out
        https://bugs.webkit.org/show_bug.cgi?id=72279

        Reviewed by Eric Carlson.

        Move all the checking for the WebVTT file identifier from TextTrackLoader
        to WebVTTParser, notifying the parser clients of parsing failures through
        a new method. Remove the WebVTTParser::fileIdentifierMaximumLength method
        and make WebVTTParser::hasRequiredFileIdentifier private. The latter now
        operates on a vector holding the identifier data to which data is added
        until there's enough of it to possibly hold the optional BOM character
        and the required WEBVTT character sequence.

        No new tests. Fixes an existing test.

        * html/track/WebVTTParser.cpp: Fix a typo throughout the file:
        fileIdentiferLength -> fileIdentifierLength
        (WebCore):
        (WebCore::WebVTTParser::parseBytes): Only continue with searcing for
        the WEBVTT identifier if there's enough data to possibly contain the
        identifier. Report that the file failed to parse if the identifier
        was then not found.
        (WebCore::WebVTTParser::hasRequiredFileIdentifier): Refactor to operate
        on the vector containing identifier data and merge with the
        hasLongWebVTTIdentifier function.
        * html/track/WebVTTParser.h:
        (WebVTTParserClient): Add a new method.
        (WebVTTParser):
        * loader/TextTrackLoader.cpp:
        (WebCore::TextTrackLoader::processNewCueData): Parser is now created
        immediately regardless of the mime type the response holds.
        (WebCore::TextTrackLoader::fileFailedToParse): Log the error, set the
        state to failed, start the cue load timer and cancel the load if the file
        was not parsed successfully.
        (WebCore):
        * loader/TextTrackLoader.h:
        (TextTrackLoader):

2012-04-05  Shawn Singh  <shawnsingh@chromium.org>

        [chromium] Need to clip to homogeneous w=0 plane when applying transforms.
        https://bugs.webkit.org/show_bug.cgi?id=80806

        Reviewed by Adrienne Walker.

        Unit tests added to CCLayerTreeHostCommon. This change is also
        covered by other existing unit tests and layout tests.

        WebCore TransformationMatrix mapRect / mapQuad / projectQuad do
        not properly handle the case where a surface is oriented partially
        behind the camera, with a perspective projection. In this case,
        projected points may appear to be valid in cartesian coordinates,
        but they are indeed not valid, and this problem can only be
        detected in homogeneous coordinates after applying the transform,
        before the divide-by-w step.

        The correct solution is to clip geometry where w < 0. This patch
        makes this change local to chromium only, to fix rendering bugs
        that arise from this problem. The primary fix is to correct
        calculateVisibleLayerRect(), but other ancillary locations are
        also fixed, in particular, the antialiasing code path is simply
        skipped when this case arises.

        Eventually this math needs to be merged into TransformationMatrix,
        to fix hit-testing bugs that occur in both Chromium and Safari.

        * WebCore.gypi:
        * platform/graphics/chromium/LayerRendererChromium.cpp:
        (WebCore::findTileProgramUniforms):
        (WebCore::LayerRendererChromium::drawTileQuad):
        * platform/graphics/chromium/cc/CCLayerTreeHostCommon.cpp:
        (WebCore::CCLayerTreeHostCommon::calculateVisibleRect):
        (WebCore::isScaleOrTranslation):
        (WebCore::calculateDrawTransformsAndVisibilityInternal):
        * platform/graphics/chromium/cc/CCMathUtil.cpp: Added.
        (WebCore):
        (WebCore::HomogeneousCoordinate::HomogeneousCoordinate):
        (HomogeneousCoordinate):
        (WebCore::HomogeneousCoordinate::shouldBeClipped):
        (WebCore::HomogeneousCoordinate::cartesianPoint2d):
        (WebCore::projectPoint):
        (WebCore::mapPoint):
        (WebCore::computeClippedPointForEdge):
        (WebCore::expandBoundsToIncludePoint):
        (WebCore::computeEnclosingRectOfClippedQuad):
        (WebCore::computeEnclosingRect):
        (WebCore::CCMathUtil::mapClippedRect):
        (WebCore::CCMathUtil::projectClippedRect):
        (WebCore::CCMathUtil::mapQuad):
        (WebCore::CCMathUtil::projectQuad):
        * platform/graphics/chromium/cc/CCMathUtil.h: Added.
        (WebCore):
        (CCMathUtil):
        * platform/graphics/chromium/cc/CCOcclusionTracker.cpp:
        (WebCore::computeUnoccludedContentRect):

2012-04-05  Jia Pu  <jpu@apple.com>

        Move correction panel related functions from EditorClient into separated AlternativeTextClient class.
        https://bugs.webkit.org/show_bug.cgi?id=82970

        Reviewed by Enrica Casucci.

        No new tests, since there's no change of functionality.

        The existing correction panel related functions in EditorClient are currently used only by OS X.
        We'd like to move them into separate AlternativeTextClient class to avoid using #ifdef's. This
        new client class will also hold dictation alternative related interface that we will add soon for
        bug 82503.

        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * editing/AlternativeTextController.cpp: Changes in this file are all for calling functions in
          AlternativeTextClient instead of those in EditoClient.
        (WebCore::AlternativeTextController::show):
        (WebCore::AlternativeTextController::dismiss):
        (WebCore::AlternativeTextController::dismissSoon):
        (WebCore::AlternativeTextController::respondToUnappliedSpellCorrection):
        (WebCore::AlternativeTextController::timerFired):
        (WebCore::AlternativeTextController::isAutomaticSpellingCorrectionEnabled):
        (WebCore::AlternativeTextController::alternativeTextClient):
        (WebCore):
        (WebCore::AlternativeTextController::editorClient):
        (WebCore::AlternativeTextController::textChecker):
        (WebCore::AlternativeTextController::recordAutocorrectionResponseReversed):
        (WebCore::AlternativeTextController::recordSpellcheckerResponseForModifiedCorrection):
        * editing/AlternativeTextController.h:
        (WebCore):
        (AlternativeTextController):
        * editing/TextCheckingHelper.h:
        (WebCore):
        * loader/EmptyClients.h:
        (EmptyEditorClient):
        * page/AlternativeTextClient.h: Added.
        (WebCore):
        (AlternativeTextClient):
        (WebCore::AlternativeTextClient::~AlternativeTextClient):
        * page/EditorClient.h:
        (EditorClient):
        * page/Page.cpp:
        (WebCore::Page::Page):
        (WebCore::Page::PageClients::PageClients):
        * page/Page.h:
        (WebCore):
        (PageClients):
        (Page):
        (WebCore::Page::alternativeTextClient):

2012-04-05  Min Qin  <qinmin@google.com>

        Fix fullscreen video button for android
        https://bugs.webkit.org/show_bug.cgi?id=83087

        Reviewed by Dimitri Glazkov.

        https://bugs.webkit.org/show_bug.cgi?id=70437 changed css keyword for fullscreen video button.
        It is changed from media-fullscreen-button to media-enter-fullscreen-button.
        However, it does not change the value in mediaControlChromiumAndroid.css.
        No behavior change.

        * css/mediaControlsChromiumAndroid.css:
        (video::-webkit-media-controls-fullscreen-button):

2012-04-05  Pavel Feldman  <pfeldman@chromium.org>

        Web Inspector: CSS file revisions are not restored upon front-end reopen.
        https://bugs.webkit.org/show_bug.cgi?id=83292

        Reviewed by Yury Semikhatsky.

        Populating suggestions before the panel creation now.

        * inspector/front-end/inspector.js:
        (WebInspector._doLoadedDoneWithCapabilities.get if):

2012-04-04  Simon Fraser  <simon.fraser@apple.com>

        Add assertions to check for mutation of RenderLayer z-order lists during enumeration
        https://bugs.webkit.org/show_bug.cgi?id=83242

        Reviewed by James Robinson.

        Add debug-only code that detects whether RenderLayer's z-order and
        normal flow lists are being cleared or otherwise mutated while we're
        enumerating over them.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        (WebCore::RenderLayer::paintList):
        (WebCore::RenderLayer::calculateLayerBounds):
        (WebCore::RenderLayer::dirtyZOrderLists):
        (WebCore::RenderLayer::dirtyNormalFlowList):
        (WebCore::RenderLayer::updateZOrderListsSlowCase):
        (WebCore::RenderLayer::updateNormalFlowList):
        * rendering/RenderLayer.h:
        (RenderLayer):
        (WebCore::RenderLayer::layerListMutationAllowed):
        (WebCore::RenderLayer::setLayerListMutationAllowed):
        (WebCore):
        (LayerListMutationDetector):
        (WebCore::LayerListMutationDetector::LayerListMutationDetector):
        (WebCore::LayerListMutationDetector::~LayerListMutationDetector):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::hasVisibleNonCompositingDescendantLayers):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::addToOverlapMapRecursive):
        (WebCore::RenderLayerCompositor::computeCompositingRequirements):
        (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
        (WebCore::RenderLayerCompositor::updateLayerTreeGeometry):
        (WebCore::RenderLayerCompositor::updateCompositingDescendantGeometry):
        (WebCore::RenderLayerCompositor::recursiveRepaintLayerRect):
        (WebCore::RenderLayerCompositor::layerHas3DContent):

2012-04-05  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r113254.
        http://trac.webkit.org/changeset/113254
        https://bugs.webkit.org/show_bug.cgi?id=83291

        Requested by sievers@chromium.org (Requested by zhenyao on
        #webkit).

        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
        (WebCore::CCLayerTreeHostImpl::canDraw):

2012-04-05  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r113307.
        http://trac.webkit.org/changeset/113307
        https://bugs.webkit.org/show_bug.cgi?id=83288

        Requested by sievers@chromium.org (Requested by zhenyao on
        #webkit).

        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
        (WebCore::CCLayerTreeHostImpl::canDraw):

2012-03-14  Antonio Gomes  <agomes@rim.com>

        Extend HitTestResult to support not "discarding" shadow content in favor of its DOM ancestor
        https://bugs.webkit.org/show_bug.cgi?id=80847

        Reviewed by David Hyatt.

        In order to improve touch precision on shadow tree content, patch
        extends the rect-hittest'ing system to allow shadow content
        to be stored as the rect-hittest result node list.

        Primary use cases are for this extension is making it easier to
        improve the clickability of default controls of <video> and <audio>
        elements.

        For the callee site, the use is simple: if shadow content in the rect-hittest
        result is desired, just add an extra 'AllowShadowContent' parameter at the creation
        of the HitTestResult object.

        Test: fast/dom/nodesFromRect-shadowContent.html

        * dom/Document.cpp:
        (WebCore::Document::nodesFromRect):
        * dom/Document.h:
        (Document):
        * page/EventHandler.cpp:
        (WebCore::EventHandler::hitTestResultAtPoint):
        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::HitTestResult):
        (WebCore::HitTestResult::addNodeToRectBasedTestResult):
        * rendering/HitTestResult.h:
        (HitTestResult):
        (WebCore::HitTestResult::shadowContentFilterPolicy):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::nodeAtPoint):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::hitTestLayer):
        (WebCore::RenderLayer::hitTestList):
        * testing/Internals.cpp:
        (WebCore::Internals::nodesFromRect):
        * testing/Internals.h:
        (Internals):
        * testing/Internals.idl:

2012-04-05  Hans Muller  <hmuller@adobe.com>

        Rename CSS Exclusions "rect" value to "rectangle"
        https://bugs.webkit.org/show_bug.cgi?id=82367

        Reviewed by Ryosuke Niwa.

        Changed the CSS exclusion shape called "rect" to "rectangle" to match
        the current draft spec - http://dev.w3.org/csswg/css3-exclusions.

        The meeting minutes where the decision to rename the exclusion "rect" function
        to "rectangle" are: http://lists.w3.org/Archives/Public/www-style/2012Feb/0325.html

        No new tests were created; just updated the existing ones.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseWrapShapeRectangle):
        (WebCore::CSSParser::parseWrapShape):
        * css/CSSParser.h:
        * css/CSSWrapShapes.cpp:
        (WebCore::CSSWrapShapeRectangle::cssText):
        * css/CSSWrapShapes.h:
        (WebCore::CSSWrapShapeRectangle::create):
        (WebCore::CSSWrapShapeRectangle::type):
        (WebCore::CSSWrapShapeRectangle::CSSWrapShapeRectangle):

2012-04-05  Arvid Nilsson  <anilsson@rim.com>

        [BlackBerry] Disable paintingGoesToWindow() for the root layer when forced compositing mode is active
        https://bugs.webkit.org/show_bug.cgi?id=83127

        Reviewed by Rob Buis.

        RIM PR: 136381
        The BlackBerry port will use accelerated compositing code path to
        render the root layer in some situations.

        The plan is to do this by activating the "force compositing mode"
        setting, but that in itself doesn't get us all the way, since painting
        will still go to window for the root layer.

        Fixed by adding a special clause in
        RenderLayerBacking::paintingGoesToWindow() for PLATFORM(BLACKBERRY).

        No new tests, this is currently not testable with the BlackBerry WebKit
        testing infrastructure.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::paintingGoesToWindow):
        * rendering/RenderLayerCompositor.h:
        (RenderLayerCompositor):
        (WebCore::RenderLayerCompositor::inForcedCompositingMode): Added.

2012-04-05  Stephen Chenney  <schenney@chromium.org>

        REGRESSION(99539): Infinite repaint loop with SVGImage and deferred repaint timers
        https://bugs.webkit.org/show_bug.cgi?id=78315

        Reviewed by Dimitri Glazkov.

        The existing fix for this issue was failing to check if the frameView object
        was currently _in_ layout, in addition to whether it needs layout. Calling the
        redraw method while in layout leads to a debug assertion and potential infinite
        layout loops. Now we check whether we need layout or are in layout. We also add
        a check when the repaint timer fires to ensure we do not call redraw during layout
        at that point.

        This patch was tested with tens of thousands of runs on layout test cases that
        previously crashed at a rate of about 1 in 25. Now we see no crashes and no test
        failures.

        No new tests, as this exists to fix flaky existing tests.

        * svg/graphics/SVGImageCache.cpp:
        (WebCore::SVGImageCache::imageContentChanged):
        (WebCore::SVGImageCache::redrawTimerFired):

2012-04-05  Keishi Hattori  <keishi@webkit.org>

        Hide datalist element
        https://bugs.webkit.org/show_bug.cgi?id=82874

        The datalist element should be hidden when ENABLE_DATALIST is on.

        Reviewed by Kent Tamura.

        Tests: fast/forms/datalist/datalist-fallback-content-expected.html
               fast/forms/datalist/datalist-fallback-content.html

        * css/html.css:
        (datalist): Added display:none.

2012-04-05  W. James MacLean  <wjmaclean@chromium.org>

        Adjust max bisection search iterations for TouchpadFlingGestureCurve.
        https://bugs.webkit.org/show_bug.cgi?id=83166

        Reviewed by James Robinson.

        Covered by existing tests.

        * platform/TouchpadFlingPlatformGestureCurve.cpp:
        (WebCore):

2012-04-05  Peter Rybin  <peter.rybin@gmail.com>

        Web Inspector: CodeGeneratorInspector.py: switch FileSystem, Profiler and Worker domains to typed API
        https://bugs.webkit.org/show_bug.cgi?id=83069

        Reviewed by Yury Semikhatsky.

        Domains are switched to 'strict' mode. However, hardly any changes were needed in C++ code because
        only basic types are currently used in Inspector.json.

        * inspector/CodeGeneratorInspector.py:
        * inspector/InspectorProfilerAgent.cpp:
        (WebCore::InspectorProfilerAgent::getProfileHeaders):
        (WebCore):
        (WebCore::InspectorProfilerAgent::getObjectByHeapObjectId):
        * inspector/InspectorProfilerAgent.h:
        (InspectorProfilerAgent):

2012-04-05  Levi Weintraub  <leviw@chromium.org>

        DOM measurement APIs should operate on pixel snapped values.
        https://bugs.webkit.org/show_bug.cgi?id=83138

        Reviewed by Julien Chaffraix.

        DOM measurement APIs return unscaled integers. In an effort to return the best possible values (and
        most consistent with current behavior) when we use sub-pixel values for Layout, we want to adjust
        the actual on-screen position and size values for scaling, not the sub-pixel values.

        No new tests. No change in behavior.

        * dom/Element.cpp:
        (WebCore::adjustForLocalZoom): Needs to return an integer, since this is what the DOM API calls for.
        (WebCore::Element::offsetWidth): Using pixel snapped values for all the following functions.
        (WebCore::Element::offsetHeight):
        (WebCore::Element::clientLeft):
        (WebCore::Element::clientTop):
        (WebCore::Element::clientWidth):
        (WebCore::Element::clientHeight):
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::width):
        (WebCore::HTMLImageElement::height):

2012-04-05  Pavel Feldman  <pfeldman@chromium.org>

        Web Inspector: add ability to copy resource URL from web inspector's resources page.
        https://bugs.webkit.org/show_bug.cgi?id=83175

        Reviewed by Yury Semikhatsky.

        Added requested context menu item.

        * inspector/front-end/ResourcesPanel.js:
        (WebInspector.FrameResourceTreeElement.prototype._handleContextMenuEvent):

2012-04-04  Andrey Kosyakov  <caseq@chromium.org>

        Web Inspector: display frame duration instead of time ruler in Timeline panel's frame mode
        https://bugs.webkit.org/show_bug.cgi?id=83184

        Reviewed by Pavel Feldman.

        * inspector/front-end/TimelineFrameController.js:
        (WebInspector.TimelineFrameController): Maintain reference to TimelinePresentationModel
        (WebInspector.TimelineFrameController.prototype._flushFrame): Report frames to TimelinePresentationModel (only real ones)
        * inspector/front-end/TimelineGrid.js:
        (WebInspector.TimelineGrid.prototype.removeDividers): remove time marks/labels from upper time ruler
        * inspector/front-end/TimelineOverviewPane.js:
        (WebInspector.TimelineOverviewPane.prototype._updateEventDividers): Updated call site of createEventDivider
        * inspector/front-end/TimelinePanel.js:
        (WebInspector.TimelinePanel.prototype._updateEventDividers):
        (WebInspector.TimelinePanel.prototype._shouldShowFrames):
        (WebInspector.TimelinePanel.prototype._updateFrames): Frame bars rendering logic.
        (WebInspector.TimelinePanel.prototype._innerAddRecordToTimeline.addTimestampRecords): Do not keep frames in the panel any more.
        (WebInspector.TimelinePanel.prototype._innerAddRecordToTimeline):
        (WebInspector.TimelinePanel.prototype._refresh): Moved updateDividers() call here...
        (WebInspector.TimelinePanel.prototype._refreshRecords):  ... from here.
        * inspector/front-end/TimelinePresentationModel.js:
        (WebInspector.TimelinePresentationModel.createEventDivider): Use type & title, not entire record.
        (WebInspector.TimelinePresentationModel.prototype.frames): Maintain frames in the TimelinePresentationModel.
        (WebInspector.TimelinePresentationModel.prototype.reset): ditto.
        (WebInspector.TimelinePresentationModel.prototype.addFrame): ditto.
        (WebInspector.TimelinePresentationModel.Record): Fix title for timestamp events (drive by).
        * inspector/front-end/timelinePanel.css:
        (.timeline-frame-strip):

2012-04-05  MORITA Hajime  <morrita@google.com>

        IsCommentNode flags is a waste.
        https://bugs.webkit.org/show_bug.cgi?id=83251

        Reviewed by Ryosuke Niwa.

        Effectively nobody uses it. To save a precious NodeFlags bit, this
        change removes NodeFlags::IsCommentFlag and its companion mehtod
        Node::isCommentNode().

        No new tests. No behaviour change.

        * dom/CharacterData.h:
        (WebCore::CharacterData::CharacterData):
        * dom/Comment.cpp:
        (WebCore::Comment::Comment):
        * dom/Node.h:
        * rendering/RenderTreeAsText.cpp:
        (WebCore::getTagName):
        This was the only client of Node::isCommentNode(). Replaced it with nodeType() call.

2012-04-05  Hans Wennborg  <hans@chromium.org>

        webkit_unit_tests build fix.
        https://bugs.webkit.org/show_bug.cgi?id=83261

        Unreviewed, webkit_unit_tests buildfix.

        The CCLayerTreeHostTestEmptyContentsShouldNotDraw.runMultiThread test
        stopped working after r113254.

        Disable it for now.

        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
        (WebCore::CCLayerTreeHostImpl::canDraw):

2012-04-05  Sudarsana Nagineni  <sudarsana.nagineni@linux.intel.com>

        [EFL] keycode translation is wrong for function keys
        https://bugs.webkit.org/show_bug.cgi?id=82738

        This patch fixes keycode translation for function keys.

        Reviewed by Philippe Normand.

        Test: fast/events/keydown-function-keys.html

        * platform/efl/EflKeyboardUtilities.cpp:
        (WebCore::createWindowsKeyMap):

2012-04-01  Nikolas Zimmermann  <nzimmermann@rim.com>

        Work around an entity parsing bug in libxml2 2.7.3 (supplied with Lion) and unskip tests
        https://bugs.webkit.org/show_bug.cgi?id=82577

        Reviewed by Filip Pizlo.

        Work-around entity expansion bug that affects several SVG tests on Lion.

        Sample test document which is currently broken:
        <?xml version="1.0" encoding="UTF-8"?>
        <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1 Basic//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11-basic.dtd" [
        <!ENTITY Smile "<rect x='.5' y='.5' width='29' height='39' fill='black' stroke='red'/>">
        ]>

        <svg xmlns="http://www.w3.org/2000/svg">&Smile;</svg>

        The expanded rect carries no namespace, thus an Element will be created for it, instead of a SVGRectElement.
        libxml2 2.7.4 fixed this bug (https://bugzilla.gnome.org/show_bug.cgi?id=502960) in 2009 already, but Lion
        still ships with 2.7.3, so we need to find a work-around for the problem. It works like this:
        - When an entity is requested (getEntityHandler) determine whether the entity is being declared (while the <!ENTITY.. parses)
          or wheter its references (when the &Smile; is parsed). If its referenced, record the current depth of the libxml2 parser.
        - When startElementNs is called while we're expanding entities, be sure to transfer the namespace of the parent node
          to the new node, but only do this if the current depth() is greater than the depth() at the time where entity expansion started.
          This way we only apply our workaround for elements inside entities, that get expanded at the insertion point.
        - When endElementNs is called, and our current depth() is less than our equal to the depth() where entity expansion started,
          clear the recorded detph(), and stop executing the workaround.

        It requires storing an extra integer & boolean in XMLDocumentParser, which is only used for this work-around.

        * xml/parser/XMLDocumentParser.h:
        (XMLDocumentParser):
        (WebCore::XMLDocumentParser::isParsingEntityDeclaration):
        (WebCore::XMLDocumentParser::setIsParsingEntityDeclaration):
        (WebCore::XMLDocumentParser::depthTriggeringEntityExpansion):
        (WebCore::XMLDocumentParser::setDepthTriggeringEntityExpansion):
        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLDocumentParser::XMLDocumentParser):
        (WebCore::hackAroundLibXMLEntityParsingBug):
        (WebCore::XMLDocumentParser::startElementNs):
        (WebCore::XMLDocumentParser::endElementNs):
        (WebCore::entityDeclarationHandler):
        (WebCore::getEntityHandler):
        (WebCore::XMLDocumentParser::initializeParserContext):

2012-04-04  Kent Tamura  <tkent@chromium.org>

        Add JavaScript and CSS code for the calendar picker implementation
        https://bugs.webkit.org/show_bug.cgi?id=83011

        Reviewed by Hajime Morita.

        Add calendarPicker.js and calendarPicker.css, and add a build rule to
        generate a C++ file. This change doesn't make any behavior change
        because the code is wrapped by ENABLE(CALENDAR_PICKER).

        Tests: ManualTests/forms/calendar-picker.html

        * Resources/calendarPicker.css: Added.
        * Resources/calendarPicker.js: Added.
        * WebCore.gyp/WebCore.gyp: Generate CalendarPicker.{cpp,h} from calendarPicker.{css,js}.

2012-04-05  Kinuko Yasuda  <kinuko@chromium.org>

        Expose DataTransferItem.getAsEntry() to allow users access dropped files as FileEntry
        https://bugs.webkit.org/show_bug.cgi?id=82592

        Reviewed by David Levin.

        For now the method is prefixed thus it is to be exposed as 'webkitGetAsEntry'.

        The API is proposed and discussed in the following whatwg thread:
        http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2011-November/033814.html

        Add DataTransferItemFilesystem under Modules/filesystem and implemented the bridging part for chromium.

        Test: editing/pasteboard/data-transfer-items-drag-drop-entry.html

        * Modules/filesystem/DataTransferItemFileSystem.h: Added.
        (DataTransferItemFileSystem):
        * Modules/filesystem/DataTransferItemFileSystem.idl: Added for DataTransferItem.getAsEntry which is only exposed if filesystem is enabled.
        * Modules/filesystem/chromium/DataTransferItemFileSystemChromium.cpp: Added for chromium implementation.
        * Modules/filesystem/chromium/DataTransferItemFileSystemChromium.h: Added.
        * Modules/filesystem/chromium/DraggedIsolatedFileSystem.cpp: Added.
        * Modules/filesystem/chromium/DraggedIsolatedFileSystem.h: Added.
        * WebCore.gypi:
        * platform/chromium/ChromiumDataObject.cpp:
        * platform/chromium/ChromiumDataObject.h:
        (WebCore::ChromiumDataObject::filesystemId): Added.
        (WebCore::ChromiumDataObject::setFilesystemId): Added.
        * platform/chromium/ClipboardChromium.cpp:

2012-04-04  Patrick Gansterer  <paroga@webkit.org>

        Add WTF::getCurrentLocalTime()
        https://bugs.webkit.org/show_bug.cgi?id=83164

        Reviewed by Alexey Proskuryakov.

        Replace the calls to WTF::getLocalTime() with time(0) with the new function.
        This allows us to use Win32 API on windows to get the same result in a next step.

        * html/FTPDirectoryDocument.cpp:
        (WebCore::processFileDateString):
        * loader/archive/mhtml/MHTMLArchive.cpp:
        (WebCore::MHTMLArchive::generateMHTMLData):

2012-04-04  Hayato Ito  <hayato@chromium.org>

        Remove ReifiedTreeTraversal.
        https://bugs.webkit.org/show_bug.cgi?id=83110

        Reviewed by Dimitri Glazkov.

        We can now remove ReifiedTreeTraversal. All clients have switched to use ComposedShadowTreeWalker.

        No new tests. No change in functionality.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * Target.pri:
        * WebCore.exp.in:
        * WebCore.gypi:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/ReifiedTreeTraversal.cpp: Removed.
        * dom/ReifiedTreeTraversal.h: Removed.
        * testing/Internals.cpp:
        * testing/Internals.h:
        (Internals):
        * testing/Internals.idl:

2012-04-04  Dmitry Lomov  <dslomov@google.com>

        WorkerEventQueue::close might access deleted WorkerEventQueue::EventDispatcherTask.
        https://bugs.webkit.org/show_bug.cgi?id=83202

        On closing the event queue, WorkerEventQueue cancels all the tasks associated with events.
        The tasks in their turn delete themselves from the map whenever task gets executed.
        However if shutdown occurs when task is in queue but before task gets executed, the task will be deleted without execution.
        This patch makes sure that no deleted tasks stay in WorkerEventQueue, by task removing itself in destructor.

        Reviewed by David Levin.

        Covered by existing tests.

        * workers/WorkerEventQueue.cpp:
        (WebCore::WorkerEventQueue::EventDispatcherTask::~EventDispatcherTask):
        (WorkerEventQueue::EventDispatcherTask):
        (WebCore::WorkerEventQueue::EventDispatcherTask::performTask):

2012-04-04  Julien Chaffraix  <jchaffraix@webkit.org>

        RenderLayer scrollbars' updates should be split between layout induced and style change induced
        https://bugs.webkit.org/show_bug.cgi?id=83213

        Reviewed by Simon Fraser.

        Refactoring only, no change in behavior.

        This patches splits up the 2 reasons for modifying the scrollbars:
        - style updates, handled in updateScrollbarsAfterStyleChange.
        - layout time, handled in updateScrollbarsAfterLayout.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::contentsSize):
        Removed now unneeded const-casts.

        (WebCore::RenderLayer::setHasHorizontalScrollbar):
        (WebCore::RenderLayer::setHasVerticalScrollbar):
        Updated to use hasHorizontalScrollbar / hasVerticalScrollbar.

        (WebCore::RenderLayer::scrollWidth):
        (WebCore::RenderLayer::scrollHeight):
        Made those functions |const|.

        (WebCore::RenderLayer::computeScrollDimensions):
        Removed the unneeded booleans and move the do-we-have-overflow-logic
        into hasHorizontalOverflow and hasVerticalOverflow.

        (WebCore::RenderLayer::hasHorizontalOverflow):
        (WebCore::RenderLayer::hasVerticalOverflow):
        Added those new helper functions.

        (WebCore::RenderLayer::updateScrollbarsAfterLayout):
        (WebCore::RenderLayer::updateScrollInfoAfterLayout):
        Updated the latter to call the former.

        (WebCore::RenderLayer::updateScrollbarsAfterStyleChange):
        (WebCore::RenderLayer::styleChanged):
        Ditto.

        (WebCore::overflowCanHaveAScrollbar):
        Add this helper function for updateScrollbarsAfterStyleChange.

        * rendering/RenderLayer.h:
        (WebCore::RenderLayer::hasHorizontalScrollbar):
        (WebCore::RenderLayer::hasVerticalScrollbar):
        Added those 2 new helper functions.

2012-04-04  Andrei Burago  <aburago@chromium.org>

        Auto-size may not work on first load
        https://bugs.webkit.org/show_bug.cgi?id=82989

        Reviewed by David Levin.

        No new tests. The only known repro scenario involves using chrome with a third-party extension,
        which makes making a test out of it problematic.

        * dom/Document.cpp:
        (WebCore::Document::implicitClose):
        * page/FrameView.cpp:
        (WebCore::FrameView::autoSizeIfEnabled):

2012-04-04  Adam Barth  <abarth@webkit.org>

        XSSAuditor doesn't catch injected srcdoc attributes
        https://bugs.webkit.org/show_bug.cgi?id=83238

        Reviewed by Daniel Bates.

        <iframe srcdoc> is an XSS injection vector because the srcdoc inherits
        the security origin of the parent page.  This patch updates the XSS
        auditor to check whether the attribute is injected using the same
        hueristics we use for inline event handlers.

        Test: http/tests/security/xssAuditor/iframe-srcdoc.html

        * html/parser/XSSAuditor.cpp:
        (WebCore::XSSAuditor::filterIframeToken):
        (WebCore::XSSAuditor::eraseDangerousAttributesIfInjected):
        (WebCore::XSSAuditor::eraseAttributeIfInjected):
        (WebCore::XSSAuditor::decodedSnippetForAttribute):
        * html/parser/XSSAuditor.h:

2012-04-04  Leo Yang  <leo.yang@torchmobile.com.cn>

        [BlackBerry] Add local: protocol support in KURL for blackberry
        https://bugs.webkit.org/show_bug.cgi?id=82695

        Reviewed by Rob Buis.

        BlackBerry porting is using local: protocol just as file: protocol
        with the exception that it sandboxes the path to the application private space.

        * platform/KURL.cpp:
        (WebCore::KURL::parse):
        (WebCore::portAllowed):

2012-04-04  Simon Fraser  <simon.fraser@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=82994

        Reviewed by James Robinson.
        
        Fix an issue when removing elements with reflections from the document.

        Test: compositing/reflections/remove-reflection.html

        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::willBeDestroyed):

2012-04-04  Charles Wei  <charles.wei@torchmobile.com.cn>

        Need using namespace std for system calls in MIMESniffing.cpp
        https://bugs.webkit.org/show_bug.cgi?id=82706

        Reviewed by Antonio Gomes.

        No new tests, just fix the compile error for BlackBerry porting.

        * platform/network/MIMESniffing.cpp:

2012-04-04  Greg Billock  <gbillock@google.com>

        Switch web intents API to be vendor-prefixed
        https://bugs.webkit.org/show_bug.cgi?id=83172

        Reviewed by Adam Barth.

        * Modules/intents/DOMWindowIntents.idl:
        * Modules/intents/NavigatorIntents.cpp:
        (WebCore::NavigatorIntents::webkitStartActivity):
        * Modules/intents/NavigatorIntents.h:
        (NavigatorIntents):
        * Modules/intents/NavigatorIntents.idl:

2012-04-04  Alexis Menard  <alexis.menard@openbossa.org>

        [Part 4] We should use CSSPropertyID rather than integers when manipulating CSS property ids.
        https://bugs.webkit.org/show_bug.cgi?id=83224

        Reviewed by Tony Chang.

        CSSPropertyID enum holds all the CSS property ids but many parts of WebKit treat the ids
        as integers. While it's not incorrect it is nicer to use the enum as a parameter of
        functions manipulating property ids, as we ensure that the value passed will be an
        existing value. This patch clean up some remaining part of code.

        No new tests : There should be no behavior change in this patch.

        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::collectMatchingRulesForList):
        * page/animation/AnimationBase.h:
        (WebCore::AnimationBase::affectsProperty):
        (WebCore::AnimationBase::isAnimatingProperty):
        * page/animation/CompositeAnimation.cpp:
        (WebCore::CompositeAnimation::getAnimationForProperty):
        (WebCore::CompositeAnimation::overrideImplicitAnimations):
        (WebCore::CompositeAnimation::resumeOverriddenImplicitAnimations):
        (WebCore::CompositeAnimation::isAnimatingProperty):
        * page/animation/CompositeAnimation.h:
        (CompositeAnimation):
        * page/animation/ImplicitAnimation.cpp:
        (WebCore::ImplicitAnimation::affectsProperty):
        * page/animation/ImplicitAnimation.h:
        (WebCore::ImplicitAnimation::transitionProperty):
        (WebCore::ImplicitAnimation::animatingProperty):
        (ImplicitAnimation):
        * page/animation/KeyframeAnimation.cpp:
        (WebCore::KeyframeAnimation::fetchIntervalEndpointsForProperty):
        (WebCore::KeyframeAnimation::hasAnimationForProperty):
        (WebCore::KeyframeAnimation::overrideAnimations):
        (WebCore::KeyframeAnimation::resumeOverriddenAnimations):
        (WebCore::KeyframeAnimation::affectsProperty):
        * page/animation/KeyframeAnimation.h:
        (KeyframeAnimation):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::transitionPaused):
        (WebCore::RenderLayerBacking::transitionFinished):
        (WebCore::RenderLayerBacking::graphicsLayerToCSSProperty):
        (WebCore::RenderLayerBacking::cssToGraphicsLayerProperty):
        * rendering/RenderLayerBacking.h:
        (RenderLayerBacking):

2012-04-04  Rafael Weinstein  <rafaelw@chromium.org>

        [MutationObservers] implement takeRecords()
        https://bugs.webkit.org/show_bug.cgi?id=83218

        Reviewed by Ojan Vafai.

        This patch implements MutationObserver.takeRecords per the DOM4 spec.
        takeRecords retrieves and clears any pending mutation records for
        the observer.

        Test: fast/mutation/takeRecords.html

        * dom/WebKitMutationObserver.cpp:
        (WebCore::WebKitMutationObserver::takeRecords):
        (WebCore):
        (WebCore::WebKitMutationObserver::deliver):
        * dom/WebKitMutationObserver.h:
        * dom/WebKitMutationObserver.idl:

2012-04-04  Shinya Kawanaka  <shinyak@chromium.org>

        Shadow DOM is exposed in JS.
        https://bugs.webkit.org/show_bug.cgi?id=82607

        Reviewed by Hajime Morita.

        DOMSelection didn't consider nested shadow trees. This patch makes DOMSelection
        take nested shadow trees into account.

        To test that the element is not in a shadow tree, Internals has a treeScopeRootNode method
        which returns the root node of the belonging tree scope.

        Test: fast/dom/shadow/selection-shouldnt-expose-shadow-dom.html

        * WebCore.exp.in:
        * page/DOMSelection.cpp:
        (WebCore::selectionShadowAncestor):
        (WebCore):
        * testing/Internals.cpp:
        (WebCore::Internals::treeScopeRootNode):
        (WebCore):
        * testing/Internals.h:
        (Internals):
        * testing/Internals.idl:

2012-04-04  Luke Macpherson  <macpherson@chromium.org>

        Replace further usage of int with CSSPropertyID.
        https://bugs.webkit.org/show_bug.cgi?id=83119

        Reviewed by Simon Fraser.

        No new tests / no functionality changed.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::logUnimplementedPropertyID):
        (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
        * css/CSSGrammar.y:
        * css/CSSParser.cpp:
        (WebCore::CSSParser::CSSParser):
        * css/CSSParser.h:
        (CSSParser):
        (WebCore::ShorthandScope::~ShorthandScope):
        * css/CSSProperty.h:
        (WebCore::CSSProperty::CSSProperty):
        * css/SVGCSSComputedStyleDeclaration.cpp:
        (WebCore::CSSComputedStyleDeclaration::getSVGPropertyCSSValue):
        * css/StylePropertySet.h:
        (StylePropertySet):
        * css/makeprop.pl:
        * dom/StyledElement.h:
        (StyledElement):
        * editing/EditingStyle.h:
        (EditingStyle):
        * html/HTMLElement.h:
        (HTMLElement):

2012-04-04  Adam Klein  <adamk@chromium.org>

        Use PassRefPtr in V8DOMWrapper interface to avoid explicit ref() calls
        https://bugs.webkit.org/show_bug.cgi?id=82238

        Reviewed by Adam Barth.

        Relanding r112163 without modification, as it still seems valid.
        Will watch Chrome Canaries closely for any memory issues.

        The setJSWrapper* methods previously featured a comment that asked
        callers to ref the objects before passing them in. This change makes
        that contract explicit (and allows the removal of the comment).

        In addition, for ConstructorCallbacks, this change slightly reduces
        refcount churn by passing on the initial ref via RefPtr::release().

        No new tests, no change in behavior.

        * bindings/scripts/CodeGeneratorV8.pm:
        (GenerateConstructorCallback): Use RefPtr::release() to avoid refcount churn and remove explicit ref() call.
        (GenerateNamedConstructorCallback): ditto.
        * bindings/v8/V8DOMWindowShell.cpp:
        (WebCore::V8DOMWindowShell::installDOMWindow): Cast to a PassRefPtr and remove explicit ref call.
        * bindings/v8/V8DOMWrapper.cpp:
        (WebCore::V8DOMWrapper::setJSWrapperForDOMNode): Pass leaked refs into the DOMNodeMaps.
        * bindings/v8/V8DOMWrapper.h:
        (V8DOMWrapper): Make the setJSWrapperFor* methods take PassRefPtr<T>.
        (WebCore::V8DOMWrapper::setJSWrapperForDOMObject): Pass leaked ref into the DOMObjectMap.
        (WebCore::V8DOMWrapper::setJSWrapperForActiveDOMObject): Pass leaked ref into the ActiveDOMObjectMap.
        * bindings/v8/V8Proxy.h:
        (WebCore::toV8): Remove explicit ref.
        * bindings/v8/WorkerContextExecutionProxy.cpp:
        (WebCore::WorkerContextExecutionProxy::initContextIfNeeded): Cast to a PassRefPTr and remove explicit ref call.
        * bindings/v8/custom/V8HTMLImageElementConstructor.cpp:
        (WebCore::v8HTMLImageElementConstructorCallback): Use RefPtr::release() to avoid refcount churn and remove explicit ref.
        * bindings/v8/custom/V8WebKitMutationObserverCustom.cpp:
        (WebCore::V8WebKitMutationObserver::constructorCallback): ditto.
        * bindings/v8/custom/V8WebSocketCustom.cpp:
        (WebCore::V8WebSocket::constructorCallback): ditto.
        * bindings/v8/custom/V8XMLHttpRequestConstructor.cpp:
        (WebCore::V8XMLHttpRequest::constructorCallback): ditto.

2012-04-04  Chris Rogers  <crogers@google.com>

        WaveTable::waveDataForFundamentalFrequency() should properly interpret negative frequency
        https://bugs.webkit.org/show_bug.cgi?id=83228

        Reviewed by Kenneth Russell.

        * Modules/webaudio/WaveTable.cpp:
        (WebCore::WaveTable::waveDataForFundamentalFrequency):

2012-04-04  Adam Klein  <adamk@chromium.org>

        Delay post-insertion notifications until new DOM tree is complete
        https://bugs.webkit.org/show_bug.cgi?id=82631

        Reviewed by Ojan Vafai.

        When inserting a DocumentFragment, WebKit previously would update both
        internal WebCore state and mutation event listeners after each node
        was inserted. This is inconsistent not only with DOM4, but also
        with (at least) Firefox and IE. Given the many bugs over the years in
        WebKit due to this behavior, it seems better to delay notification
        until the fragment is completely inserted.

        The changes to the three core mutation methods below are similar:
        the only logic remaining in the loop is checking that insertion is
        possible and taking care of that insertion. The entire loop is then
        wrapped in forbidEventDispatch/allowEventDispatch, effectively
        asserting that none of the code inside will have side effects.

        The one bit of logic added to the loop is resizing the targets
        vector down to the set of nodes actually inserted as part of the
        loop. This makes it possible to simply pass the vector on to
        notifyChildrenInserted without having to also pass along a count of
        actually-inserted nodes.

        As for the code that used to live inside the loop that could have
        side-effects, or depended on those side-effects, it has been moved
        out, either above (the check that the refChild is still valid in
        insertBefore) or after (the calls to notifyChildrenInserted).

        Finally, it was necessary to retrofit ChildListMutationScope to take a
        vector of added nodes instead of a single node at a time, due to the
        assertions in isAddedNodeInOrder (now renamed to be plural). Note that
        there is now a single call to ChildListMutationScope::childrenAdded,
        inside notifyChildrenInserted.

        Test: fast/events/domnodeinserted-entire-fragment.html

        * dom/ChildListMutationScope.cpp:
        (ChildListMutationScope::MutationAccumulator): Renamed method to be plural.
        (WebCore::ChildListMutationScope::MutationAccumulator::areAddedNodesInOrder): Handle a NodeVector instead of a Node.
        (WebCore::ChildListMutationScope::MutationAccumulator::childrenAdded): Handle adding a NodeVector instead of a Node.
        (WebCore::ChildListMutationScope::MutationAccumulationRouter::childrenAdded): Renamed to be plural, pass NodeVector through.
        * dom/ChildListMutationScope.h:
        (WebCore::ChildListMutationScope::childrenAdded): ditto.
        (MutationAccumulationRouter):
        * dom/ContainerNode.cpp:
        (WebCore): Renamed updateTreeAfterInsertion to notifyChildrenInserted.
        (WebCore::ContainerNode::insertBefore): See main ChangeLog explanation.
        (WebCore::ContainerNode::replaceChild): ditto.
        (WebCore::ContainerNode::appendChild): ditto.
        (WebCore::dispatchChildInsertionEvents): Remove MutationObserver handling.
        (WebCore::notifyChildrenInserted): Handle a NodeVector of all inserted children,
        and take on responsiblity for MutationObserver handling as well as dispatchSubtreeModifiedEvent.

2012-04-04  Chris Rogers  <crogers@google.com>

        RealtimeAnalyserNode should support smaller analysis sizes
        https://bugs.webkit.org/show_bug.cgi?id=83215

        Reviewed by Kenneth Russell.
        
        RealtimeAnalyserNode analysis size currently goes no lower than 128.
        It is useful to support lower power-of-two sizes.
        Decrease this limit to 32.

        Updated webaudio/realtimeanalyser-fft-sizing-expected.txt

        * Modules/webaudio/RealtimeAnalyser.cpp:
        (WebCore):

2012-04-04  Tony Chang  <tony@chromium.org>

        CSS transitions should work on the flex property
        https://bugs.webkit.org/show_bug.cgi?id=75915

        Reviewed by Dean Jackson.

        Test: transitions/flex-transitions.html

        * page/animation/AnimationBase.cpp:
        (WebCore::PropertyWrapperGetter::equals): Fix indention.
        (PropertyWrapperFlex): Add a wrapper for -webkit-flex which has 3 values (two floats and
        a length), but is not a shorthand.
        (WebCore::PropertyWrapperFlex::PropertyWrapperFlex):
        (WebCore::PropertyWrapperFlex::equals):
        (WebCore::PropertyWrapperFlex::blend):
        (WebCore):
        (WebCore::AnimationBase::ensurePropertyMap):

2012-04-04  Tom Sepez  <tsepez@chromium.org>

        XSSAuditor bypass through HTTP Parameter Pollution.
        https://bugs.webkit.org/show_bug.cgi?id=81283

        Reviewed by Adam Barth.

        Deal with concatenation of multiple parameters via comma-splicing that 
        is common to some webservers. We can no longer trust that all of the 
        attributes of a reflected script tag, nor the reflected script itself,
        came from the same single URL parameter. The fix is to take commas into
        account when trucating the snippet used for matching.
        
        Test: http/tests/security/xssAuditor/script-tag-with-comma.html

        * html/parser/XSSAuditor.cpp:
        (WebCore::XSSAuditor::filterScriptToken):
        (WebCore):
        (WebCore::XSSAuditor::decodedSnippetForName):
        (WebCore::XSSAuditor::decodedSnippetForJavaScript):

2012-04-04  Dan Bernstein  <mitz@apple.com>

        Paginated webviews render nothing in their gutters
        https://bugs.webkit.org/show_bug.cgi?id=83231

        Reviewed by Adele Peterson.

        When the RenderView has columns, nothing draws in the gutters.

        * page/FrameView.cpp:
        (WebCore::FrameView::paintContents): Paint the background color behind everything when
        paginated.

2012-04-04  Mark Pilgrim  <pilgrim@chromium.org>

        Call histogramEnumeration directly
        https://bugs.webkit.org/show_bug.cgi?id=83106

        Reviewed by Adam Barth.

        Part of a refactoring project to remove the PlatformSupport
        abstraction from some functions. See bug 82948.

        * bindings/v8/custom/V8InspectorFrontendHostCustom.cpp:
        (WebCore::histogramEnumeration):
        * platform/chromium/HistogramSupportChromium.cpp:
        (WebCore::HistogramSupport::histogramEnumeration):
        * platform/chromium/PlatformSupport.h:
        (PlatformSupport):

2012-04-04  Zhenyao Mo  <zmo@google.com>

        Unreviewed, GPU bots build fix.

        Commited on behalf of sievers@chromium.org.

        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
        (WebCore::CCLayerTreeHostImpl::canDraw):

2012-04-04  Abhishek Arya  <inferno@chromium.org>

        Add helpers to create anonymous table parts.
        https://bugs.webkit.org/show_bug.cgi?id=83116

        Reviewed by Julien Chaffraix.

        The patch introduces helpers to create anonymous table parts by
        introducing a new static function createAnonymousWithParentRenderer.
        The function builds a new anonymous wrapper of the same type as the class,
        inheriting style properties from parent and sets a display based on
        argument/default values. Also we streamline the RenderBlock functions
        to match this naming convention.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::createAnonymousBlockWithSameTypeAs):
        (WebCore::RenderBlock::createAnonymousWithParentRendererAndDisplay):
        (WebCore):
        (WebCore::RenderBlock::createAnonymousColumnsWithParentRendererAndDisplay):
        (WebCore::RenderBlock::createAnonymousColumnSpanWithParentRendererAndDisplay):
        * rendering/RenderBlock.h:
        (RenderBlock):
        (WebCore::RenderBlock::createAnonymousBlock):
        (WebCore::RenderBlock::createAnonymousColumnsBlock):
        (WebCore::RenderBlock::createAnonymousColumnSpanBlock):
        * rendering/RenderButton.cpp:
        (WebCore::RenderButton::addChild):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::addChild):
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::addChild):
        (WebCore::RenderTable::createAnonymousWithParentRendererAndDisplay):
        (WebCore):
        * rendering/RenderTable.h:
        (RenderTable):
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::createAnonymousWithParentRendererAndDisplay):
        (WebCore):
        * rendering/RenderTableCell.h:
        (RenderTableCell):
        * rendering/RenderTableRow.cpp:
        (WebCore::RenderTableRow::addChild):
        (WebCore::RenderTableRow::createAnonymousWithParentRendererAndDisplay):
        (WebCore):
        * rendering/RenderTableRow.h:
        (RenderTableRow):
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::addChild):
        (WebCore::RenderTableSection::createAnonymousWithParentRendererAndDisplay):
        (WebCore):
        * rendering/RenderTableSection.h:
        (RenderTableSection):

2012-04-04  Erik Arvidsson  <arv@chromium.org>

        [V8] Add a per context data store and use that for caching boiler plates as well as constructor functions
        https://bugs.webkit.org/show_bug.cgi?id=83093

        Reviewed by Adam Barth.

        This introduces a V8BindingPerContextData class. After creating a new v8::Context we also create a new
        per context data instance. This instance maintains the boiler plate and constructor caches. V8DOMWrapper
        now delegates the caching to this new class. Previously the caching was only done in V8DOMWindowShell which
        made workers and isolated worlds behave slightly different.

        Tests: fast/dom/constructor-proto.html
               fast/workers/constructor-proto.html

        * WebCore.gypi:
        * bindings/scripts/CodeGeneratorV8.pm:
        (GenerateConstructorGetter): Renamed getConstructor to constructorForType.
        * bindings/v8/V8BindingPerContextData.cpp: Added.
        (WebCore):
        (WebCore::V8BindingPerContextData::dispose): This clears the persistent handles stored in the maps.
        (WebCore::V8BindingPerContextData::init): This installs the hidden prototype which is used as the
        [[Prototype]] for the constructor functions (for HotMail compat).
        (WebCore::V8BindingPerContextData::createWrapperFromCacheSlowCase): Instantiates a new object and
        stores it in the boilerplate map, and returns a clone.
        (WebCore::V8BindingPerContextData::constructorForTypeSlowCase): Creates the function for the constructor
        and stores it in the constructor map.
        * bindings/v8/V8BindingPerContextData.h: Added.
        (WebCore):
        (V8BindingPerContextData):
        (WebCore::V8BindingPerContextData::create):
        (WebCore::V8BindingPerContextData::~V8BindingPerContextData):
        (WebCore::V8BindingPerContextData::createWrapperFromCache): Checks the cache and clones the wrapper in
        the cache. If no boiler plate exists one is created and cached.
        (WebCore::V8BindingPerContextData::constructorForType): If the constructor already exists the cached
        constructor function is returned, otherwise a new constructor function is created and cached.
        (WebCore::V8BindingPerContextData::V8BindingPerContextData):
        * bindings/v8/V8DOMWindowShell.cpp:
        (WebCore::V8DOMWindowShell::disposeContextHandles): Clear the per context data when disposing the handles.
        (WebCore::V8DOMWindowShell::initContextIfNeeded): Create and initialize the per context data.
        (WebCore::V8DOMWindowShell::installDOMWindow):
        * bindings/v8/V8DOMWindowShell.h:
        (V8DOMWindowShell):
        (WebCore::V8DOMWindowShell::perContextData):
        * bindings/v8/V8DOMWrapper.cpp:
        (WebCore::V8DOMWrapper::constructorForType): Static method to get the constructor. The per context data
        is determined based on the type of the parameters.
        (WebCore):
        (WebCore::V8DOMWrapper::perContextData):
        (WebCore::V8DOMWrapper::instantiateV8Object): Use the per context data to unify the code paths.
        * bindings/v8/V8DOMWrapper.h:
        (WebCore):
        (V8DOMWrapper):
        * bindings/v8/V8IsolatedContext.cpp:
        (WebCore::V8IsolatedContext::V8IsolatedContext): Create and initialize the per context data.
        (WebCore::V8IsolatedContext::destroy): Clear the per context data.
        * bindings/v8/V8IsolatedContext.h:
        (WebCore):
        (WebCore::V8IsolatedContext::perContextData):
        (V8IsolatedContext):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::retrievePerContextData):
        (WebCore):
        * bindings/v8/V8Proxy.h:
        (WebCore):
        (V8Proxy):
        * bindings/v8/WorkerContextExecutionProxy.cpp:
        (WebCore::WorkerContextExecutionProxy::dispose): Clear the per context data
        (WebCore::WorkerContextExecutionProxy::initContextIfNeeded): Create and initialize the per context data.
        * bindings/v8/WorkerContextExecutionProxy.h:
        (WebCore):
        (WebCore::WorkerContextExecutionProxy::perContextData):
        (WorkerContextExecutionProxy):

2012-04-04  Shawn Singh  <shawnsingh@chromium.org>

        [chromium] Move recursive renderSurface clearing to CCLayerTreeHostImpl
        https://bugs.webkit.org/show_bug.cgi?id=82091

        Reviewed by James Robinson.

        No new tests needed, minor refactoring covered by existing tests.

        This patch is just a minor cleanup, moving clearRenderSurfacesOnCCLayerImplRecursive()
        from LayerRendererChromium to CCLayerTreeHostImpl. It makes more sense to place the code
        there, so that LayerRendererChromium is more like a blind utility for drawing things
        while CCLayerTreeHostImpl actually manages the state of the resources.

        * platform/graphics/chromium/LayerRendererChromium.cpp:
        (WebCore::LayerRendererChromium::beginDrawingFrame):
        * platform/graphics/chromium/LayerRendererChromium.h:
        (LayerRendererChromium):
        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
        (WebCore::CCLayerTreeHostImpl::~CCLayerTreeHostImpl):
        (WebCore::CCLayerTreeHostImpl::initializeLayerRenderer):
        (WebCore::CCLayerTreeHostImpl::sendDidLoseContextRecursive):
        (WebCore::CCLayerTreeHostImpl::clearRenderSurfacesOnCCLayerImplRecursive):
        (WebCore):
        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
        (WebCore::CCLayerTreeHostImpl::rootLayer):
        (CCLayerTreeHostImpl):

2012-04-04  Chris Rogers  <crogers@google.com>

        Web Audio should use MutexTryLocker class
        https://bugs.webkit.org/show_bug.cgi?id=83194

        Reviewed by Kenneth Russell.

        Switch existing Web Audio code from directly calling tryLock() on a Mutex to use a MutexTryLocker.
        No new tests since it is a low-level threading primitive and is difficult to test.
        Existing Web Audio tests continue to test the process() methods affected.

        * Modules/webaudio/AudioBufferSourceNode.cpp:
        (WebCore::AudioBufferSourceNode::process):
        * Modules/webaudio/AudioParamTimeline.cpp:
        (WebCore::AudioParamTimeline::valuesForTimeRange):
        * Modules/webaudio/ConvolverNode.cpp:
        (WebCore::ConvolverNode::process):
        * Modules/webaudio/MediaElementAudioSourceNode.cpp:
        (WebCore::MediaElementAudioSourceNode::process):
        * Modules/webaudio/Oscillator.cpp:
        (WebCore::Oscillator::process):
        * Modules/webaudio/WaveShaperProcessor.cpp:
        (WebCore::WaveShaperProcessor::process):

2012-04-04  Raphael Kubo da Costa  <rakuco@webkit.org>

        [CSS] Make makevalues.pl and makeprop.pl ignore '#'s.
        https://bugs.webkit.org/show_bug.cgi?id=83212

        Reviewed by Tony Chang.

        This patch is a side-effect of my intentions to make the
        CMake-based ports work with GCC 4.7 without changing the
        parameters currently passed to the preprocessor. "-P" is always
        being passed to the preprocessor, but this breaks
        dom/make_names.pl due to GCC not outputting empty lines with "-P"
        anymore; if I switch to never passing "-P" (my aim), the CSS
        scripts currently break because of the additional lines output by
        the preprocessor. InFilesParser.pm and make-css-file-array.pl
        already skip lines which start with '#', for example.

        No new tests, tools plumbing.

        * css/makeprop.pl:
        * css/makevalues.pl:

2012-04-04  Min Qin  <qinmin@google.com>

        Disable fancy upsampling and dithering for decoding jpeg on android
        https://bugs.webkit.org/show_bug.cgi?id=83196

        Reviewed by Kenneth Russell.

        Dithering and fancy upsampling are currently disabled for chrome on android.
        This gives us about 20% performance improvement.
        Since the screen of mobile devices is small, impact on image quality is limited.
        This change does not introduce any changes on other platforms.

        * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
        (ditherMode):
        (doFancyUpsampling):
        (WebCore::JPEGImageReader::decode):

2012-04-04  Daniel Sievers  <sievers@chromium.org>

        [Chromium] Always skip draw and readback if there is nothing
        to draw.
        https://bugs.webkit.org/show_bug.cgi?id=82680

        This avoids corruption from pushing frames that have no valid
        content drawn into them.
        Also in addition to checking for non-existing root layers, check
        for root layers with no content bounds. It's possible to see those
        with kForceCompositing mode for empty documents.

        Reviewed by James Robinson.

        Added CCLayerTreeHostTestEmptyContentsShouldNotDraw.

        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
        (WebCore::CCLayerTreeHostImpl::canDraw):
        (WebCore::CCLayerTreeHostImpl::prepareToDraw):
        * platform/graphics/chromium/cc/CCThreadProxy.cpp:
        (WebCore::CCThreadProxy::scheduledActionDrawAndSwapInternal):

2012-03-15  Jer Noble  <jer.noble@apple.com>

        Full Screen mode should cancel before navigation.
        https://bugs.webkit.org/show_bug.cgi?id=81295

        Reviewed by Anders Carlsson.

        No new tests; protect against speculative crasher when a bad client calls the below
        functions at inopportune times.

        Check that the document is not either detached or in the page cache, and if so, bail out
        early:
        * dom/Document.cpp:
        (WebCore::Document::webkitWillEnterFullScreenForElement):
        (WebCore::Document::webkitDidEnterFullScreenForElement):
        (WebCore::Document::webkitWillExitFullScreenForElement):
        (WebCore::Document::webkitDidExitFullScreenForElement):

2012-04-04  Emil A Eklund  <eae@chromium.org>

        Fix getFilterOutsets parameter types in RenderLayer
        https://bugs.webkit.org/show_bug.cgi?id=83041

        Reviewed by Julien Chaffraix.

        The getFilterOutsets method was changed to take integers in r112475, update
        RenderLayer to use the right data type for the outset arguments.

        No new tests, no change in functionality.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::setFilterBackendNeedsRepaintingInRect):
        (WebCore::RenderLayer::calculateLayerBounds):

2012-04-04  Erik Arvidsson  <arv@chromium.org>

        Rebaseline binding tests.

        Unreviewed.

        * bindings/scripts/test/V8/V8TestInterface.cpp:
        (WebCore::V8TestInterface::constructorCallback):
        * bindings/scripts/test/V8/V8TestNamedConstructor.cpp:
        (WebCore::V8TestNamedConstructorConstructorCallback):
        * bindings/scripts/test/V8/V8TestObj.cpp:
        (WebCore::V8TestObj::constructorCallback):
        * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp:
        (WebCore::V8TestSerializedScriptValueInterface::constructorCallback):

2012-04-04  Dmitry Lomov  <dslomov@google.com>

        [JSC] ArrayBufferView and its ArrayBuffer are appended to object pool in wrong order
        https://bugs.webkit.org/show_bug.cgi?id=82090
        The implementation of structured cloning algorithm (http://www.w3.org/TR/html5/common-dom-interfaces.html#internal-structured-cloning-algorithm)
        in SerializedScriptValue.cpp assigns numerical identifiers to encontered objects as it traverses
        the cloned object during serialization.
        When the cloning encounters an already seen object, it transfers the assigned numerical id
        instead of cloning the object again. Deserialization process then repeats the process in 
        the mirror fashion, i.e. on deserializing the object it assigns deserialized object a numeric id and if it
        deserializes the id it substitutes the perviously deserialized objects. It is critical that serialization and deserialization
        assigns numeric ids in the same order.

        The bug (discovered by Yong Li) is that when serializing ArrayBufferView, the ids were assigned first to 
        the ArrayBufferView and then to underlying ArrayBuffer; however on deserialization the ids were assigned another way round.

        This patch fixes that by assigning the id first to ArrayBuffer and then to ArrayBufferView, and adds corresponding test cases.

        Reviewed by Kenneth Russell.

        New test cases added to fast/canvas/web-gl/array-message-passing.html.

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::checkForDuplicate):
        (CloneSerializer):
        (WebCore::CloneSerializer::recordObject):
        (WebCore::CloneSerializer::startObjectInternal):
        (WebCore::CloneSerializer::dumpIfTerminal):

2012-04-04  Ian Vollick  <vollick@chromium.org>

        [chromium] When setting animation started events, should check the root layer
        https://bugs.webkit.org/show_bug.cgi?id=83060

        Reviewed by Adrienne Walker.

        No new tests.

        * platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
        (WebCore::CCLayerTreeHost::animateLayers):
        (WebCore::CCLayerTreeHost::animateLayersRecursive):
        (WebCore::CCLayerTreeHost::setAnimationEventsRecursive):

2012-04-04  Adam Klein  <adamk@chromium.org>

        Web Inspector: break on DOM node insertion only once per operation, not once per inserted node
        https://bugs.webkit.org/show_bug.cgi?id=82967

        Reviewed by Ojan Vafai.

        This change affects the case where a DocumentFragment is inserted,
        rather than a single node. This is most common when using innerHTML:
        the effect of the change is that inserting, e.g., '<input><input>',
        the SubtreeModified breakpoint will be hit once, rather than twice
        (once for each input element). Given that the particular node being
        inserted wasn't exposed as part of the breakpoint, this seems strictly
        better.

        Now that the call to willInsertDOMNode is outside the loop, there's
        not an obvious node to pass in as the new child. Luckily, InspectorDOMDebuggerAgent
        already ignored that argument, so it's simply been removed from the signature.

        This changes paves the way to do only tree-modification work, and no
        external notifications, inside the loops in appendChild/insertBefore/replaceChild.

        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::insertBefore): Hoisted call to willInsertDOMNode out of loop.
        (WebCore::ContainerNode::replaceChild): ditto.
        (WebCore::ContainerNode::appendChild): ditto.
        * inspector/InspectorDOMDebuggerAgent.cpp:
        (WebCore::InspectorDOMDebuggerAgent::willInsertDOMNode): Removed first argument (now takes only the parent).
        * inspector/InspectorDOMDebuggerAgent.h:
        (InspectorDOMDebuggerAgent):
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::willInsertDOMNodeImpl): Removed second argument.
        * inspector/InspectorInstrumentation.h:
        (InspectorInstrumentation):
        (WebCore::InspectorInstrumentation::willInsertDOMNode): Removed second argument.

2012-04-04  Jeffrey Pfau  <jpfau@apple.com>

        Move pending sheet removal from ~HTMLLinkElement to removal from document.
        https://bugs.webkit.org/show_bug.cgi?id=69184

        Reviewed by Adam Barth.

        Test: fast/html/pending-stylesheet-crash.html

        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::~HTMLLinkElement):
        (WebCore::HTMLLinkElement::removedFromDocument):

2012-04-04  Mark Pilgrim  <pilgrim@chromium.org>

        Call histogramCustomCounts directly
        https://bugs.webkit.org/show_bug.cgi?id=83112

        Reviewed by Adam Barth.

        * platform/chromium/PlatformSupport.h:
        (PlatformSupport):
        * platform/graphics/chromium/ContentLayerChromium.cpp:
        (WebCore::ContentLayerPainter::paint):
        * platform/graphics/chromium/cc/CCOverdrawMetrics.cpp:
        (WebCore::CCOverdrawMetrics::recordMetricsInternal):

2012-04-04  Alexis Menard  <alexis.menard@openbossa.org>

        Animation related classes should use CSSPropertyID rather than integers when manipulating CSS property ids.
        https://bugs.webkit.org/show_bug.cgi?id=83050

        Reviewed by Simon Fraser.

        Split the concept of animate none and animate all into a separate function rather than using the property member
        with some magic value set on it. Make also sure that we use CSSPropertyID all over the place rather than integers.
        We still have some place where convert from int to CSSPropertyID (mostly due to the fact that we need to make Hash*
        related classes to handle CSSPropertyID). While refactoring I also removed some dead code.

        No new tests : not behaviour changes intented.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
        * css/CSSStyleApplyProperty.cpp:
        (WebCore::ApplyPropertyAnimation::applyInheritValue):
        (WebCore::CSSStyleApplyProperty::CSSStyleApplyProperty):
        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::collectMatchingRulesForList):
        * page/animation/AnimationBase.cpp:
        (WebCore):
        (WebCore::PropertyWrapperBase::PropertyWrapperBase):
        (WebCore::PropertyWrapperBase::property):
        (PropertyWrapperBase):
        (WebCore::PropertyWrapperGetter::PropertyWrapperGetter):
        (WebCore::PropertyWrapper::PropertyWrapper):
        (WebCore::RefCountedPropertyWrapper::RefCountedPropertyWrapper):
        (WebCore::StyleImagePropertyWrapper::StyleImagePropertyWrapper):
        (WebCore::PropertyWrapperColor::PropertyWrapperColor):
        (WebCore::PropertyWrapperShadow::PropertyWrapperShadow):
        (WebCore::PropertyWrapperMaybeInvalidColor::PropertyWrapperMaybeInvalidColor):
        (WebCore::PropertyWrapperVisitedAffectedColor::PropertyWrapperVisitedAffectedColor):
        (WebCore::FillLayersPropertyWrapper::FillLayersPropertyWrapper):
        (WebCore::ShorthandPropertyWrapper::ShorthandPropertyWrapper):
        (WebCore::PropertyWrapperSVGPaint::PropertyWrapperSVGPaint):
        (WebCore::wrapperForProperty):
        (WebCore::AnimationBase::propertiesEqual):
        The code removed here could never be reached. propertiesEqual is used only in CompositeAnimation::updateTransitions and through
        ImplicitAnimation::isTargetPropertyEqual which is also called in CompositeAnimation. Both calls are protected by an ASSERT in
        CompositeAnimation:116 where we make sure the property id we're dealing with is a valid property id, therefore prop can't be equal to
        the old value cAnimateAll or even the new mode concept introduced in that patch can't be AnimateAll.
        (WebCore::AnimationBase::getPropertyAtIndex):
        (WebCore::AnimationBase::blendProperties):
        (WebCore::AnimationBase::animationOfPropertyIsAccelerated):
        (WebCore::gatherEnclosingShorthandProperties):
        (WebCore::AnimationBase::animatableShorthandsAffectingProperty):
        * page/animation/AnimationBase.h:
        (AnimationBase):
        * page/animation/CompositeAnimation.cpp:
        (WebCore::CompositeAnimation::updateTransitions):
        (WebCore::CompositeAnimation::pauseTransitionAtTime):
        * page/animation/CompositeAnimation.h:
        (CompositeAnimation):
        * page/animation/ImplicitAnimation.cpp:
        (WebCore::ImplicitAnimation::ImplicitAnimation):
        (WebCore::ImplicitAnimation::sendTransitionEvent):
        The check removed is useless as ImplicitAnimation constructor ensure via an ASSERT that the animatingProperty value is a correct and valid
        property id. Even the old code was ensuring the value of animatingProperty was different from cAnimateAll at construction time. As stated also
        in CompositeAnimation::updateTransitions and cover by the same ASSERT explained earlier, ImplicitAnimation are constructed for valid property ids.
        (WebCore::ImplicitAnimation::isTargetPropertyEqual):
        (WebCore::ImplicitAnimation::blendPropertyValueInStyle):
        * page/animation/ImplicitAnimation.h:
        (WebCore::ImplicitAnimation::create):
        (ImplicitAnimation):
        * page/animation/KeyframeAnimation.cpp:
        (WebCore::KeyframeAnimation::animate):
        (WebCore::KeyframeAnimation::getAnimatedStyle):
        (WebCore::KeyframeAnimation::timeToNextService):
        * platform/animation/Animation.cpp:
        (WebCore::Animation::Animation):
        (WebCore::Animation::operator=):
        (WebCore::Animation::animationsMatch):
        * platform/animation/Animation.h:
        (WebCore::Animation::property):
        (WebCore::Animation::animationMode):
        (WebCore::Animation::setProperty):
        (WebCore::Animation::setAnimationMode):
        (Animation):
        (WebCore::Animation::initialAnimationProperty):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::startTransition):
        * rendering/RenderLayerBacking.h:
        (RenderLayerBacking):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::transitionForProperty):
        * rendering/style/RenderStyle.h:

2012-04-04  Emil A Eklund  <eae@chromium.org>

        Fix usage of LayoutUnits and snapping for scrolling in RenderBox
        https://bugs.webkit.org/show_bug.cgi?id=83073

        Reviewed by Eric Seidel.

        Fix usage of LayoutUnits and snapping/rounding logic in RenderBox.

        No new tests, no change in functionality.

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::scrollWidth):
        Change scrollWidth to properly pixel snap values.
        
        (WebCore::RenderBox::scrollHeight):
        Change scrollHeight to properly pixel snap values.
        
        (WebCore::RenderBox::scrolledContentOffset):
        Change to return IntSize to match function definition.
        
        (WebCore::RenderBox::cachedSizeForOverflowClip):
        Changed cachedSizeForOverflowClip to LayoutSize as the overflow and clip
        rects all have subpixel precision.

        * rendering/RenderBox.h:
        (WebCore::RenderBox::pixelSnappedWidth):
        (WebCore::RenderBox::pixelSnappedHeight):
        Removed FIXME comment as the implementation 
        
        (WebCore::RenderBox::minYLayoutOverflow):
        (WebCore::RenderBox::maxYLayoutOverflow):
        (WebCore::RenderBox::minXLayoutOverflow):
        (WebCore::RenderBox::maxXLayoutOverflow):
        Added static_cast for border values.
        
        (WebCore::RenderBox::hasVisualOverflow):
        Changed to compare two pixel snapped values as we don't want to indicate
        overflow in cases where the the size is rounded down resulting in no
        visual overflow.

2012-04-04  Emil A Eklund  <eae@chromium.org>

        Fix types for location, size and rect calculations for render objects
        https://bugs.webkit.org/show_bug.cgi?id=83089

        Reviewed by Eric Seidel.

        Fix usage of LayoutUnits and rounding for a couple of different render
        object classes.

        No new tests, no change in functionality.

        * rendering/RenderDetailsMarker.cpp:
        (WebCore::RenderDetailsMarker::getPath):
        Change getPath to take a LayoutPoint as the transform has subpixel
        precision already.
        
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::computeLogicalHeight):
        Change logicalHeight to LayoutUnit as it is computed from subpixel
        values.
        
        * rendering/RenderInputSpeech.cpp:
        (WebCore::RenderInputSpeech::paintInputFieldSpeechButton):
        Change button rect computation to LayoutRect and pixel snap just before
        painting to preserve precision.
        
        * rendering/RenderLineBoxList.cpp:
        (WebCore::RenderLineBoxList::rangeIntersectsRect):
        (WebCore::RenderLineBoxList::lineIntersectsDirtyRect):
        (WebCore::RenderLineBoxList::paint):
        Change range calculations to LayoutUnits to preserve precision.
        
        * rendering/RenderMarquee.cpp:
        (WebCore::RenderMarquee::computePosition):
        Change width calculations to LayoutUnits to preserve precision.
        
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::layoutCaption):
        Change table captions to LayoutUnits as the values are computed from
        subpixel componenets.
        
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::getRoundedBorderFor):
        Snap border rect as RoundedRects use ints for crisp rendering.
        
        * rendering/style/ShadowData.cpp:
        (WebCore::ShadowData::adjustRectForShadow):
        Change adjustRectForShadow to take a LayoutRect as it already uses
        LayoutUnits.
        
2012-04-04  Emil A Eklund  <eae@chromium.org>

        Convert RootInlineBox to LayoutUnits in preparation for turning on subpixel layout
        https://bugs.webkit.org/show_bug.cgi?id=83054

        Reviewed by Eric Seidel.

        Convert RootInlineBox over to LayoutUnits, this mostly involves updating
        the alignment and adjustment code to be subpixel aware. 

        No new tests, no change in functionality.

        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::alignBoxesInBlockDirection):
        Change beforeAnnotationsAdjustment to LayoutUnit.
        
        (WebCore::RootInlineBox::beforeAnnotationsAdjustment):
        Change method to return LayoutUnit as it is computed from values with
        subpixel precision.
        
        (WebCore::RootInlineBox::lineSnapAdjustment):
        Round values before computing remainder.

        (WebCore::RootInlineBox::ascentAndDescentForBox):
        Change ascent and decent calculation to use LayoutUnits as they are
        computed from values with subpixel precision.
        
        (WebCore::RootInlineBox::verticalPositionForBox):
        Change verticalPosition to LayoutUnit.
        
        * rendering/RootInlineBox.h:
        (RootInlineBox):

2012-04-05  Joseph Pecoraro  <pecoraro@apple.com>

        <http://webkit.org/b/83108> Web Inspector: JSC Crash inspecting node with object event listener

        Reviewed by Geoff Garen.

        * bindings/js/ScriptEventListener.cpp:
        (WebCore::eventListenerHandlerLocation):
        Use jsDynamicCast to bail when the JSObject is not a JSFunction.

2012-04-04  Mark Pilgrim  <pilgrim@chromium.org>

        Call suddenTerminationChanged directly
        https://bugs.webkit.org/show_bug.cgi?id=83114

        Reviewed by Adam Barth.

        * platform/chromium/PlatformSupport.h:
        (PlatformSupport):
        * platform/chromium/SuddenTerminationChromium.cpp:
        (WebCore::disableSuddenTermination):
        (WebCore::enableSuddenTermination):

2012-04-04  Adam Barth  <abarth@webkit.org>

        figure out how to export webcore symbols from webkit.dll properly
        https://bugs.webkit.org/show_bug.cgi?id=83105

        Reviewed by Dimitri Glazkov.

        * WebCore.gypi:
            - Separate the platform support files into a new GYP variable so
              that they can be build as part of webkit.dll rather than in
              webcore_platform.lib. Building them as part of webkit.dll ensure
              that the symbols marked for export will actually be in webkit.dll
              (and hence exported), even if nothing else in webkit.dll
              references the obj file that contains the symbol.
        * platform/chromium/support/WebMediaStreamSourcesRequest.cpp:
            - Unwind our ugly, ugly hack to make the Windows component build
              work.

2012-04-04  Mark Pilgrim  <pilgrim@chromium.org>

        Call sandboxEnabled directly
        https://bugs.webkit.org/show_bug.cgi?id=83113

        Reviewed by Adam Barth.

        * platform/chromium/PlatformSupport.h:
        (PlatformSupport):

2012-04-04  Peter Rybin  <peter.rybin@gmail.com>

        Web Inspector: CodeGeneratorInspector.py: switch IndexedDB, DOMStorage, ApplicationCache domains to typed API
        https://bugs.webkit.org/show_bug.cgi?id=83039

        Reviewed by Pavel Feldman.

        Client code is switched to typed API (all InspectorObject and InspectorArray types are
        replaced with generated types from TypeBuilder according to Inspector.json).

        Missing array of array specialization is added. Inspector.json is fixed to comform
        with actual behavior of InspectorDOMStorageAgent.

        Output parameter initialization is assured.

        * inspector/CodeGeneratorInspector.py:
        * inspector/Inspector.json:
        * inspector/InspectorApplicationCacheAgent.cpp:
        (WebCore::InspectorApplicationCacheAgent::getFramesWithManifests):
        (WebCore::InspectorApplicationCacheAgent::getApplicationCacheForFrame):
        (WebCore::InspectorApplicationCacheAgent::buildObjectForApplicationCache):
        * inspector/InspectorApplicationCacheAgent.h:
        (InspectorApplicationCacheAgent):
        * inspector/InspectorDOMStorageAgent.cpp:
        (WebCore::InspectorDOMStorageAgent::getDOMStorageEntries):
        (WebCore::InspectorDOMStorageAgent::setDOMStorageItem):
        (WebCore::InspectorDOMStorageAgent::removeDOMStorageItem):
        * inspector/InspectorDOMStorageAgent.h:
        (InspectorDOMStorageAgent):
        * inspector/InspectorDOMStorageResource.cpp:
        (WebCore::InspectorDOMStorageResource::bind):

2012-04-04  Tony Chang  <tony@chromium.org>

        Remove flex function css parsing
        https://bugs.webkit.org/show_bug.cgi?id=83083

        Reviewed by Ojan Vafai.

        The flexbox spec switched from using a flex() function on the width
        and height to a css property. Now that the -webkit-flex: has been
        implemented, we can remove the flex() function code.

        No new tests. Removing an old test that used to test the flex() function.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * Target.pri:
        * WebCore.gypi:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSAllInOne.cpp:
        * css/CSSFlexValue.cpp: Removed.
        * css/CSSFlexValue.h: Removed.
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseFlex):
        * css/CSSParser.h:
        (WebCore):
        * css/CSSStyleApplyProperty.cpp:
        (WebCore::ApplyPropertyLength::applyValue):
        (WebCore::CSSStyleApplyProperty::CSSStyleApplyProperty):
        * css/CSSValue.cpp:
        (WebCore::CSSValue::cssText):
        (WebCore::CSSValue::destroy):
        * css/CSSValue.h:
        * rendering/style/RenderStyle.h:
        * rendering/style/StyleFlexibleBoxData.cpp:
        (WebCore::StyleFlexibleBoxData::StyleFlexibleBoxData):
        (WebCore::StyleFlexibleBoxData::operator==):
        * rendering/style/StyleFlexibleBoxData.h:

2012-04-04  Kausalya Madhusudhanan  <kmadhusu@chromium.org>

        [Coverity] Address some uninit constructor values.
        https://bugs.webkit.org/show_bug.cgi?id=82424

        Reviewed by Stephen White.

        New tests are not required since I did not modify any code behavior. I just initialized the class member variables in the constructor.

        * Modules/gamepad/Gamepad.cpp:
        (WebCore::Gamepad::Gamepad):
        * accessibility/AccessibilitySpinButton.cpp:
        (WebCore::AccessibilitySpinButtonPart::AccessibilitySpinButtonPart):
        * dom/WheelEvent.cpp:
        (WebCore::WheelEvent::WheelEvent):
        * html/canvas/WebGLContextObject.h:
        (WebGLContextObject):
        * platform/PlatformTouchPoint.h:
        (WebCore::PlatformTouchPoint::PlatformTouchPoint):
        * platform/graphics/chromium/cc/CCPageScaleAnimation.cpp:
        (WebCore::CCPageScaleAnimation::CCPageScaleAnimation):
        * platform/graphics/chromium/cc/CCRenderSurface.cpp:
        (WebCore::CCRenderSurface::CCRenderSurface):
        * xml/parser/MarkupTokenBase.h:
        (WebCore::AtomicMarkupTokenBase::AtomicMarkupTokenBase):

2012-04-04  Pavel Feldman  <pfeldman@chromium.org>

        Web Inspector: expose savedURL, setToolbarColors and toggleSearchingForNode in InspectorFrontendAPI
        https://bugs.webkit.org/show_bug.cgi?id=83170

        Reviewed by Yury Semikhatsky.

        Chromium port is calling these from the embedder layer and they all are perfect candidates
        for the InspectorFrontendAPI. Adding them there.

        * inspector/front-end/InspectorFrontendAPI.js:
        (InspectorFrontendAPI.enterInspectElementMode):
        (InspectorFrontendAPI.savedURL):
        (InspectorFrontendAPI.setToolbarColors):

2012-04-04  Ilya Tikhonovsky  <loislo@chromium.org>

        Web Inspector: linearise aggregate's retaining size calculation.
        https://bugs.webkit.org/show_bug.cgi?id=83125

        This version is twice as fast as the original and it is non-recursive.

        Reviewed by Yury Semikhatsky.

        * inspector/front-end/HeapSnapshot.js:
        (WebInspector.HeapSnapshot.prototype._getDominatedIndex): was moved closer to it's usage
        (WebInspector.HeapSnapshot.prototype._calculateClassesRetainedSize): it was _buildAggregates' inner function forDominatedNodes.
        it was:
        a) extracted from _buildAggregates;
        b) made non-recursive;
        c) many getters were inlined;
        d) subarray of dominating nodes were inlined too.
        (WebInspector.HeapSnapshot.prototype._buildAggregates): many getters were inlined.
        (WebInspector.HeapSnapshot.prototype.aggregates):

2012-04-04  Allan Sandfeld Jensen  <allan.jensen@nokia.com>

        Best clickable node might return non "clickable" node. 
        https://bugs.webkit.org/show_bug.cgi?id=83153

        Reviewed by Kenneth Rohde Christiansen.

        Do not return non-clickable nodes as a best clickable node.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::bestClickableNodeForTouchPoint):

2012-04-04  Pavel Feldman  <pfeldman@chromium.org>

        Web Inspector: migrate from InspectorFrontendHost.saveAs to InspectorFrontendHost.save.
        https://bugs.webkit.org/show_bug.cgi?id=83162

        Reviewed by Yury Semikhatsky.

        This change adds Save item into the context menus for inspector. It also makes
        saveAs parameter optional in the InspectorFrontendHost.save so that we could
        skip the dialog for the paths that were already saved. Embedder tells the front-end
        what urls were successfully saved so that front-end could issue subsequent save commands
        for those files.

        * English.lproj/localizedStrings.js:
        * inspector/InspectorFrontendClient.h:
        (InspectorFrontendClient):
        * inspector/InspectorFrontendClientLocal.h:
        (WebCore::InspectorFrontendClientLocal::canSave):
        (WebCore::InspectorFrontendClientLocal::save):
        * inspector/InspectorFrontendHost.cpp:
        (WebCore::InspectorFrontendHost::canSave):
        (WebCore::InspectorFrontendHost::save):
        * inspector/InspectorFrontendHost.h:
        (InspectorFrontendHost):
        * inspector/InspectorFrontendHost.idl:
        * inspector/front-end/InspectorFrontendHostStub.js:
        (.WebInspector.InspectorFrontendHostStub.prototype.canSave):
        * inspector/front-end/JavaScriptSourceFrame.js:
        * inspector/front-end/NetworkPanel.js:
        (WebInspector.NetworkLogView.prototype._contextMenu):
        (WebInspector.NetworkLogView.prototype._exportAll):
        (WebInspector.NetworkLogView.prototype._exportResource):
        * inspector/front-end/ResourceView.js:
        * inspector/front-end/ResourcesPanel.js:
        (WebInspector.FrameResourceTreeElement.prototype._appendSaveAsAction.doSave):
        (WebInspector.FrameResourceTreeElement.prototype._appendSaveAsAction.save):
        (WebInspector.FrameResourceTreeElement.prototype._appendSaveAsAction):
        (WebInspector.ResourceRevisionTreeElement.prototype._handleContextMenuEvent.doSave):
        (WebInspector.ResourceRevisionTreeElement.prototype._handleContextMenuEvent.save):
        (WebInspector.ResourceRevisionTreeElement.prototype._handleContextMenuEvent):
        * inspector/front-end/Settings.js:
        * inspector/front-end/SourceFrame.js:
        (WebInspector.TextViewerDelegateForSourceFrame.prototype.populateTextAreaContextMenu):
        * inspector/front-end/TextViewer.js:
        (WebInspector.TextViewer.prototype._contextMenu):
        (WebInspector.TextViewer.prototype._commitEditing):
        (WebInspector.TextViewerDelegate.prototype.populateTextAreaContextMenu):
        * inspector/front-end/TimelineModel.js:
        (WebInspector.TimelineModel.prototype.saveToFile):
        * inspector/front-end/TimelinePanel.js:
        (WebInspector.TimelinePanel.prototype._registerShortcuts):
        (WebInspector.TimelinePanel.prototype._contextMenu):
        * inspector/front-end/inspector.js:

2012-04-04  Andrey Kosyakov  <caseq@chromium.org>

        Web Inspector: time dividers are incorrectly rendered on empty timeline grid
        https://bugs.webkit.org/show_bug.cgi?id=83165

        Reviewed by Pavel Feldman.

        * inspector/front-end/NetworkPanel.js:
        (WebInspector.NetworkBaseCalculator.prototype.setDisplayWindow):
        * inspector/front-end/TimelineGrid.js:
        (WebInspector.TimelineGrid.prototype.updateDividers):

2012-04-04  Sergio Villar Senin  <svillar@igalia.com>

        [GTK] ASSERT in SocketStreamHandleSoup.cpp
        https://bugs.webkit.org/show_bug.cgi?id=83123

        Reviewed by Martin Robinson.

        Do not try to reuse a GOwnPtr as calling outPtr() causes an
        assertion if the pointer is already valid. Also do not try to
        close the IOStream if it was not created.

        This patch fixes
        http/tests/websocket/tests/hybi/workers/worker-reload.html but I
        am leaving it skipped until webkit.org/b/83124 is fixed.

        * platform/network/soup/SocketStreamHandleSoup.cpp:
        (WebCore::connectedCallback):

2012-04-04  Alexis Menard  <alexis.menard@openbossa.org>

        Re-add variable names in CSS related headers to help understanding the meaning of them.
        https://bugs.webkit.org/show_bug.cgi?id=83151

        Reviewed by Andreas Kling.

        r112952, r113031, r113042 removed variable names in some places but at the end it
        was better before as it helps understanding what the variables represent. This patch
        address this issue and add back the names where it makes sense.

        No new tests : cosmetic changes, no behavior change here.

        * css/CSSParser.h:
        (CSSParser):
        * css/StylePropertySet.h:
        (StylePropertySet):
        * dom/StyledElement.h:
        (StyledElement):
        * editing/EditingStyle.h:
        (EditingStyle):
        * editing/Editor.h:
        (Editor):
        * html/HTMLElement.h:
        (HTMLElement):

2012-04-04  Nikolas Zimmermann  <nzimmermann@rim.com>

        Implement animatedPathSegList support for SVGPathElement
        https://bugs.webkit.org/show_bug.cgi?id=83140

        Reviewed by Zoltan Herczeg.

        Add the last missing piece of animVal support: animations of the SVGPathElement's 'd' attribute
        should be reflected in the 'animatedPathSegList' not the 'pathSegList'.

        The SVGAnimatedPathAnimator is special as it doesn't operate on the SVGPathSegList types
        directly, but on the SVGPathByteStreams for performance reasons. The SVGPathSegLists
        are refcounted and exposed to JS, thus require lots of memory, compared to a simple
        byte stream, which SVGPathByteStream is. Only build an 'animatedPathSegList' while
        animating if its actually observed by the bindings, as this operation is heavy.

        This marks the finish of the animVal patch series: no more string round trips during
        animation. Previously paths were animated as byte streams, then converted to a String
        passed to pathElement->setAttribute("d", "newString"), parsed again to a byte stream, etc.

        A follow-up patch will remove the last crufts of direct setAttribute() animation.

        Extend all existing animated SVGPathElement tests to cover animatedPathSegList.

        * svg/SVGAnimatedColor.h:
        (WebCore::SVGAnimatedColorAnimator::startAnimValAnimation):
        (WebCore::SVGAnimatedColorAnimator::stopAnimValAnimation):
        (WebCore::SVGAnimatedColorAnimator::resetAnimValToBaseVal):
        (WebCore::SVGAnimatedColorAnimator::animValWillChange):
        (WebCore::SVGAnimatedColorAnimator::animValDidChange):
        (SVGAnimatedColorAnimator):
        * svg/SVGAnimatedPath.cpp:
        (WebCore::SVGAnimatedPathAnimator::constructFromString):
        (WebCore::SVGAnimatedPathAnimator::startAnimValAnimation):
        (WebCore):
        (WebCore::SVGAnimatedPathAnimator::stopAnimValAnimation):
        (WebCore::SVGAnimatedPathAnimator::resetAnimValToBaseVal):
        (WebCore::SVGAnimatedPathAnimator::animValWillChange):
        (WebCore::SVGAnimatedPathAnimator::animValDidChange):
        (WebCore::SVGAnimatedPathAnimator::calculateAnimatedValue):
        * svg/SVGAnimatedPath.h:
        (SVGAnimatedPathAnimator):
        * svg/SVGAnimatedType.cpp:
        (WebCore::SVGAnimatedType::valueAsString):
        (WebCore::SVGAnimatedType::setValueAsString):
        (WebCore::SVGAnimatedType::supportsAnimVal):
        * svg/SVGAnimatedTypeAnimator.h:
        (SVGAnimatedTypeAnimator):
        (WebCore::SVGAnimatedTypeAnimator::findAnimatedPropertiesForAttributeName):
        * svg/SVGPathElement.cpp:
        (WebCore::SVGPathElement::SVGPathElement):
        (WebCore::SVGPathElement::getTotalLength):
        (WebCore::SVGPathElement::getPointAtLength):
        (WebCore::SVGPathElement::getPathSegAtLength):
        (WebCore::SVGPathElement::parseAttribute):
        (WebCore::SVGPathElement::svgAttributeChanged):
        (WebCore::SVGPathElement::pathByteStream):
        (WebCore):
        (WebCore::SVGPathElement::lookupOrCreateDWrapper):
        (WebCore::SVGPathElement::pathSegList):
        (WebCore::SVGPathElement::animatedPathSegList):
        (WebCore::SVGPathElement::pathSegListChanged):
        * svg/SVGPathElement.h:
        (WebCore):
        (SVGPathElement):
        (WebCore::SVGPathElement::isAnimValObserved):
        * svg/SVGPathParserFactory.cpp:
        (WebCore::SVGPathParserFactory::buildSVGPathByteStreamFromSVGPathSegList):
        (WebCore::SVGPathParserFactory::buildSVGPathByteStreamFromString):
        (WebCore::SVGPathParserFactory::buildAnimatedSVGPathByteStream):
        * svg/SVGPathParserFactory.h:
        (SVGPathParserFactory):
        * svg/SVGPathSegWithContext.h:
        * svg/properties/SVGAnimatedListPropertyTearOff.h:
        (SVGAnimatedListPropertyTearOff):
        (WebCore::SVGAnimatedListPropertyTearOff::baseVal):
        (WebCore::SVGAnimatedListPropertyTearOff::animVal):
        (WebCore::SVGAnimatedListPropertyTearOff::removeItemFromList):
        (WebCore::SVGAnimatedListPropertyTearOff::detachListWrappers):
        (WebCore::SVGAnimatedListPropertyTearOff::currentAnimatedValue):
        (WebCore::SVGAnimatedListPropertyTearOff::animationStarted):
        (WebCore::SVGAnimatedListPropertyTearOff::animationEnded):
        (WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
        * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
        (WebCore::SVGAnimatedPathSegListPropertyTearOff::baseVal):
        (WebCore::SVGAnimatedPathSegListPropertyTearOff::animVal):
        (WebCore::SVGAnimatedPathSegListPropertyTearOff::removeItemFromList):
        (SVGAnimatedPathSegListPropertyTearOff):
        (WebCore::SVGAnimatedPathSegListPropertyTearOff::animationStarted):
        (WebCore::SVGAnimatedPathSegListPropertyTearOff::animationEnded):
        (WebCore::SVGAnimatedPathSegListPropertyTearOff::animValDidChange):
        (WebCore::SVGAnimatedPathSegListPropertyTearOff::animatedPathByteStream):
        (WebCore::SVGAnimatedPathSegListPropertyTearOff::SVGAnimatedPathSegListPropertyTearOff):
        * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
        (WebCore::SVGAnimatedTransformListPropertyTearOff::baseVal):
        (WebCore::SVGAnimatedTransformListPropertyTearOff::animVal):
        * svg/properties/SVGListProperty.h:
        (WebCore::SVGListProperty::setValuesAndWrappers):
        (WebCore::SVGListProperty::SVGListProperty):
        (WebCore::SVGListProperty::~SVGListProperty):
        (SVGListProperty):

2012-04-04  Allan Sandfeld Jensen  <allan.jensen@nokia.com>

        Best zoomable area does not balance intersection with target area.
        https://bugs.webkit.org/show_bug.cgi?id=83148

        Reviewed by Kenneth Rohde Christiansen.

        Change the two step sort to simply picking the best quotient of touch intersection with target area.

        Test: touchadjustment/zoom-fatfinger.html

        * page/TouchAdjustment.cpp:
        (WebCore::TouchAdjustment::distanceSquaredToTargetCenterLine):
        (TouchAdjustment):
        (WebCore::TouchAdjustment::zoomableIntersectionQuotient):
        (WebCore::TouchAdjustment::findNodeWithLowestDistanceMetric):
        (WebCore::findBestClickableCandidate):
        (WebCore::findBestZoomableArea):

2012-04-04  Andrey Kosyakov  <caseq@chromium.org>

        Web Inspector: make padding and client window width part of timeline calculator's state
        https://bugs.webkit.org/show_bug.cgi?id=83122

        Reviewed by Pavel Feldman.

        - preserve window width and padding within TimelineCalculator
        - rely on calculator to add expansion arrow padding
        - add TimelineCalculator::computePosition() for computing single position (not entire bar dimensions)

        * inspector/front-end/MemoryStatistics.js:
        (WebInspector.MemoryStatistics.prototype._refreshDividers):
        * inspector/front-end/NetworkPanel.js:
        (WebInspector.NetworkLogView.prototype._updateDividersIfNeeded):
        (WebInspector.NetworkLogView.prototype._reset):
        (WebInspector.NetworkBaseCalculator.prototype.computePosition):
        (WebInspector.NetworkBaseCalculator.prototype.formatTime):
        (WebInspector.NetworkBaseCalculator.prototype.setDisplayWindow):
        * inspector/front-end/TimelineGrid.js:
        (WebInspector.TimelineGrid.prototype.updateDividers):
        (WebInspector.TimelineGrid.prototype.addEventDividers):
        * inspector/front-end/TimelineOverviewPane.js:
        (WebInspector.TimelineOverviewPane.prototype._update):
        (WebInspector.TimelineOverviewPane.prototype._reset):
        (WebInspector.TimelineOverviewCalculator.prototype.computePosition):
        (WebInspector.TimelineOverviewCalculator.prototype.setDisplayWindow):
        * inspector/front-end/TimelinePanel.js:
        (WebInspector.TimelinePanel.prototype._updateEventDividers):
        (WebInspector.TimelinePanel.prototype._refresh):
        (WebInspector.TimelinePanel.prototype._refreshRecords):
        (WebInspector.TimelineCalculator.prototype.computePosition):
        (WebInspector.TimelineCalculator.prototype.computeBarGraphWindowPosition):
        (WebInspector.TimelineCalculator.prototype.setDisplayWindow):
        (WebInspector.TimelineRecordGraphRow.prototype.update):
        (WebInspector.TimelineExpandableElement.prototype._update):

2012-04-04  Noel Gordon  <noel.gordon@gmail.com>

        [FileSystem] Forward declare File in FileCallback.h
        https://bugs.webkit.org/show_bug.cgi?id=83128

        Reviewed by Kentaro Hara.

        No new tests. Covered by existing tests.

        * Modules/filesystem/FileCallback.h: forward declare File class to make
        #include of "File.h" redundant.
        (WebCore):

2012-04-04  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r113156.
        http://trac.webkit.org/changeset/113156
        https://bugs.webkit.org/show_bug.cgi?id=83146

        Breaks inspector layout tests (Requested by pfeldman on
        #webkit).

        * inspector/front-end/MemoryStatistics.js:
        (WebInspector.MemoryStatistics.prototype._refreshDividers):
        * inspector/front-end/TimelineGrid.js:
        (WebInspector.TimelineGrid.prototype.updateDividers):
        (WebInspector.TimelineGrid.prototype.addEventDividers):
        * inspector/front-end/TimelineOverviewPane.js:
        (WebInspector.TimelineOverviewPane.prototype._update):
        (WebInspector.TimelineOverviewPane.prototype._reset):
        * inspector/front-end/TimelinePanel.js:
        (WebInspector.TimelinePanel.prototype._updateEventDividers):
        (WebInspector.TimelinePanel.prototype._refresh):
        (WebInspector.TimelinePanel.prototype._refreshRecords):
        (WebInspector.TimelinePanel.prototype.get timelinePaddingLeft):
        (WebInspector.TimelineCalculator.prototype.computeBarGraphWindowPosition):
        (WebInspector.TimelineRecordGraphRow.prototype.update):
        (WebInspector.TimelineExpandableElement.prototype._update):

2012-04-04  Pavel Feldman  <pfeldman@chromium.org>

        Web Inspector: front-end should accept raw web socket address for the remote connection.
        https://bugs.webkit.org/show_bug.cgi?id=83134

        Reviewed by Yury Semikhatsky.

        Migrated from the /devtools/page web socket schema to the generic one where remote target address
        can be specified as index.html?ws=localhost:9222/page1. Left the old host/page way for backwards
        compatibility.

        * inspector/front-end/inspector.js:

2012-04-04  Kent Tamura  <tkent@chromium.org>

        Add localization functions for the calendar picker
        https://bugs.webkit.org/show_bug.cgi?id=83129

        Reviewed by Hajime Morita.

        No behavior changes yet.

        * WebCore.gypi: Add LocalizedCalendar.h and LocalizedCalendarICU.cpp.
        * platform/LocalizedStrings.h: Add calendarTodayText() and calendarClearText().
        * platform/text/LocalizedCalendar.h:
        Added. This provides monthLabels(), weekDayShortLabels(), and firstDayOfWeek().
        * platform/text/LocalizedCalendarICU.cpp: Added. ICU implementations of the above functions.
        (WebCore::ScopedDateFormat): A wrapper for UDateFormat*.
        (WebCore::ScopedDateFormat::ScopedDateFormat):
        (WebCore::ScopedDateFormat::~ScopedDateFormat):
        (WebCore::ScopedDateFormat::get):
        (createFallbackMonthLabels): Creates fallback month labels in English.
        (createLabelVector):
        A helper for createMonthLabels() and createWeekDayShortLabels().
        (createMonthLabels):
        Creates month labels using createLabelVector() or createFallbackMonthLabels().
        (WebCore::monthLabels):
        (createFallbackWeekDayShortLabels): Creates fallback week labels in English.
        (createWeekDayShortLabels):
        Creates month labels using createLabelVector() or createFallbackWeekDayShortLabels().
        (WebCore::weekDayShortLabels):
        (getFirstDayOfWeek):
        (WebCore::firstDayOfWeek):

2012-04-03  Hans Wennborg  <hans@chromium.org>

        Speech JavaScript API: Plumbing for Chromium
        https://bugs.webkit.org/show_bug.cgi?id=81667

        Reviewed by Darin Fisher.

        SpeechGrammar::src() is called with a ScriptExecutionContext, because
        the attribute setter needs it. Provide a src() method that doesn't
        take a ScriptExecutionContext that can be used internally.

        Rename SpeechRecognition::audioStartCallback(), etc. to use event style
        names, i.e. didStartAudio(), etc.

        Remove SpeechRecognitionClient::notifyVisibilityHidden(). The embedder
        can keep track of the visibility.

        Remove SpeechRecognitionClient::unregisterSpeechRecognition,
        it is not needed.

        No new tests, just minor tweaks.

        * Modules/speech/SpeechGrammar.h:
        (WebCore::SpeechGrammar::src):
        * Modules/speech/SpeechRecognition.cpp:
        (WebCore::SpeechRecognition::didStartAudio):
        (WebCore::SpeechRecognition::didStartSound):
        (WebCore::SpeechRecognition::didStartSpeech):
        (WebCore::SpeechRecognition::didEndSpeech):
        (WebCore::SpeechRecognition::didEndSound):
        (WebCore):
        (WebCore::SpeechRecognition::didEndAudio):
        (WebCore::SpeechRecognition::didReceiveResult):
        (WebCore::SpeechRecognition::didReceiveNoMatch):
        (WebCore::SpeechRecognition::didDeleteResult):
        (WebCore::SpeechRecognition::didReceiveError):
        (WebCore::SpeechRecognition::didStart):
        (WebCore::SpeechRecognition::didEnd):
        * Modules/speech/SpeechRecognition.h:
        (SpeechRecognition):
        * Modules/speech/SpeechRecognitionClient.h:
        (SpeechRecognitionClient):
        * Modules/speech/SpeechRecognitionController.h:

2012-04-03  Levi Weintraub  <leviw@chromium.org>

        Switch baseline values to LayoutUnits in RenderTableSection.
        https://bugs.webkit.org/show_bug.cgi?id=83017

        Reviewed by Julien Chaffraix.

        We initially intend to keep table layout on integers post switching the render tree to primarily
        use sub-pixel precision. Baseline positions switch to sub-pixel units, and in table layout code are
        combined with padding (also sub-pixel), which means we ideally won't truncate their values until
        after they're added together. Converting baseline values in RenderTableSection to LayoutUnits.

        No new tests. No change in behavior.

        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::calcRowLogicalHeight):
        (WebCore::RenderTableSection::layoutRows):
        * rendering/RenderTableSection.h:
        (RowStruct):

2012-04-04  Zan Dobersek  <zandobersek@gmail.com>

        [GTK] Scrolling doesn't work in WebKit2 since r110185
        https://bugs.webkit.org/show_bug.cgi?id=81779

        Reviewed by James Robinson.

        Bring back functionality of the ScrollAnimatorNone for ports that
        use a fallback timer for animation frames.

        No new tests - only restoring previous functionality.

        * platform/ScrollAnimatorNone.cpp:
        (WebCore::ScrollAnimatorNone::ScrollAnimatorNone):
        (WebCore::ScrollAnimatorNone::fireUpAnAnimation):
        (WebCore):
        (WebCore::ScrollAnimatorNone::animationTimerFired):
        (WebCore::ScrollAnimatorNone::startNextTimer):
        (WebCore::ScrollAnimatorNone::animationTimerActive):
        (WebCore::ScrollAnimatorNone::stopAnimationTimerIfNeeded):
        * platform/ScrollAnimatorNone.h:
        (ScrollAnimatorNone):

2012-04-02  Peter Rybin  <peter.rybin@gmail.com>

        Web Inspector: CodeGeneratorInspector.py: switch Inspector, Memory and Database domains to typed API
        https://bugs.webkit.org/show_bug.cgi?id=82958

        Reviewed by Yury Semikhatsky.

        Client code is switched to typed API (all InspectorObject and InspectorArray types are replaced with
        generated types from TypeBuilder according to Inspector.json).

        Missing array of InspectorValues specialization is added.

        * inspector/CodeGeneratorInspector.py:
        * inspector/InjectedScriptHost.cpp:
        (WebCore::InjectedScriptHost::inspectImpl):
        * inspector/InspectorAgent.cpp:
        (WebCore::InspectorAgent::inspect):
        * inspector/InspectorAgent.h:
        (InspectorAgent):
        * inspector/InspectorDatabaseAgent.cpp:
        (WebCore):
        (WebCore::InspectorDatabaseAgent::getDatabaseTableNames):
        * inspector/InspectorDatabaseAgent.h:
        (InspectorDatabaseAgent):
        * inspector/InspectorDatabaseResource.cpp:
        (WebCore::InspectorDatabaseResource::bind):
        * inspector/InspectorMemoryAgent.cpp:
        (WebCore::InspectorMemoryAgent::getDOMNodeCount):
        * inspector/InspectorMemoryAgent.h:
        (InspectorMemoryAgent):

2012-04-04  Andrey Kosyakov  <caseq@chromium.org>

        Web Inspector: make padding and client window width part of timeline calculator's state
        https://bugs.webkit.org/show_bug.cgi?id=83122

        Reviewed by Pavel Feldman.

        - preserve window width and padding within TimelineCalculator
        - rely on calculator to add expansion arrow padding
        - add TimelineCalculator::computePosition() for computing single position (not entire bar dimensions)

        * inspector/front-end/MemoryStatistics.js:
        (WebInspector.MemoryStatistics.prototype._refreshDividers):
        * inspector/front-end/TimelineGrid.js:
        (WebInspector.TimelineGrid.prototype.updateDividers):
        * inspector/front-end/TimelineOverviewPane.js:
        (WebInspector.TimelineOverviewPane.prototype._update):
        (WebInspector.TimelineOverviewPane.prototype._reset):
        (WebInspector.TimelineOverviewCalculator.prototype.computePosition):
        (WebInspector.TimelineOverviewCalculator.prototype.setDisplayWindow):
        * inspector/front-end/TimelinePanel.js:
        (WebInspector.TimelinePanel.prototype._updateEventDividers):
        (WebInspector.TimelinePanel.prototype._refresh):
        (WebInspector.TimelinePanel.prototype._refreshRecords):
        (WebInspector.TimelineCalculator):
        (WebInspector.TimelineCalculator.prototype.computePosition):
        (WebInspector.TimelineCalculator.prototype.computeBarGraphWindowPosition):
        (WebInspector.TimelineCalculator.prototype.setDisplayWindow):
        (WebInspector.TimelineRecordGraphRow.prototype.update):
        (WebInspector.TimelineExpandableElement.prototype._update):

2012-04-04  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r113149.
        http://trac.webkit.org/changeset/113149
        https://bugs.webkit.org/show_bug.cgi?id=83126

        for breaking Chromium builders (Requested by pfeldman on
        #webkit).

        * Modules/speech/SpeechGrammar.h:
        * Modules/speech/SpeechRecognition.cpp:
        (WebCore::SpeechRecognition::audioStartCallback):
        (WebCore::SpeechRecognition::soundStartCallback):
        (WebCore::SpeechRecognition::speechStartCallback):
        (WebCore::SpeechRecognition::speechEndCallback):
        (WebCore::SpeechRecognition::audioEndCallback):
        (WebCore::SpeechRecognition::resultCallback):
        (WebCore::SpeechRecognition::noMatchCallback):
        (WebCore::SpeechRecognition::resultDeletedCallback):
        (WebCore::SpeechRecognition::errorCallback):
        (WebCore::SpeechRecognition::startCallback):
        (WebCore::SpeechRecognition::endCallback):
        * Modules/speech/SpeechRecognition.h:
        (SpeechRecognition):
        * Modules/speech/SpeechRecognitionClient.h:
        (SpeechRecognitionClient):
        * Modules/speech/SpeechRecognitionController.h:
        (WebCore::SpeechRecognitionController::visibilityHidden):
        (WebCore::SpeechRecognitionController::unregisterSpeechRecognition):

2012-04-03  Andrey Kosyakov  <caseq@chromium.org>

        Web Inspector: event marks are missing in the timeline overview
        https://bugs.webkit.org/show_bug.cgi?id=83043

        Reviewed by Pavel Feldman.

        - invoke overview event dividers update as part of overview update, not lower pane update;
        - store raw records for event dividers within overview;
        - moved createEventDividers to a class method of TimelinePresentationModel for reuse.
        - ditto for forAllRecords

        * inspector/front-end/TimelineOverviewPane.js:
        (WebInspector.TimelineOverviewPane):
        (WebInspector.TimelineOverviewPane.prototype._update):
        (WebInspector.TimelineOverviewPane.prototype._updateCategoryStrips):
        (WebInspector.TimelineOverviewPane.prototype._updateEventDividers):
        (WebInspector.TimelineOverviewPane.prototype._onRecordAdded):
        (WebInspector.TimelineOverviewPane.prototype._reset):
        (WebInspector.HeapGraph.prototype.update):
        * inspector/front-end/TimelinePanel.js:
        (WebInspector.TimelinePanel.prototype._updateEventDividers):
        (WebInspector.TimelinePanel.prototype._innerAddRecordToTimeline.addTimestampRecords):
        (WebInspector.TimelinePanel.prototype._innerAddRecordToTimeline):
        * inspector/front-end/TimelinePresentationModel.js:
        (WebInspector.TimelinePresentationModel.isEventDivider):
        (WebInspector.TimelinePresentationModel.forAllRecords):
        (WebInspector.TimelinePresentationModel.createEventDivider):

2012-04-03  Hans Wennborg  <hans@chromium.org>

        Speech JavaScript API: Plumbing for Chromium
        https://bugs.webkit.org/show_bug.cgi?id=81667

        Reviewed by Darin Fisher.

        SpeechGrammar::src() is called with a ScriptExecutionContext, because
        the attribute setter needs it. Provide a src() method that doesn't
        take a ScriptExecutionContext that can be used internally.

        Rename SpeechRecognition::audioStartCallback(), etc. to use event style
        names, i.e. didStartAudio(), etc.

        Remove SpeechRecognitionClient::notifyVisibilityHidden(). The embedder
        can keep track of the visibility.

        Remove SpeechRecognitionClient::unregisterSpeechRecognition,
        it is not needed.

        No new tests, just minor tweaks.

        * Modules/speech/SpeechGrammar.h:
        (WebCore::SpeechGrammar::src):
        * Modules/speech/SpeechRecognition.cpp:
        (WebCore::SpeechRecognition::didStartAudio):
        (WebCore::SpeechRecognition::didStartSound):
        (WebCore::SpeechRecognition::didStartSpeech):
        (WebCore::SpeechRecognition::didEndSpeech):
        (WebCore::SpeechRecognition::didEndSound):
        (WebCore):
        (WebCore::SpeechRecognition::didEndAudio):
        (WebCore::SpeechRecognition::didReceiveResult):
        (WebCore::SpeechRecognition::didReceiveNoMatch):
        (WebCore::SpeechRecognition::didDeleteResult):
        (WebCore::SpeechRecognition::didReceiveError):
        (WebCore::SpeechRecognition::didStart):
        (WebCore::SpeechRecognition::didEnd):
        * Modules/speech/SpeechRecognition.h:
        (SpeechRecognition):
        * Modules/speech/SpeechRecognitionClient.h:
        (SpeechRecognitionClient):
        * Modules/speech/SpeechRecognitionController.h:

2012-04-04  Mariusz Grzegorczyk  <mariusz.g@samsung.com>

        Fix build break when CONTEXT_MENUS is disabled.
        https://bugs.webkit.org/show_bug.cgi?id=82342

        Reviewed by Andreas Kling.

        Fixes build break in WebKit-Gtk, and WebKit-EFL ports when CONTEXT_MENUS macro is disabled.

        * page/ContextMenuClient.h:
        * page/ContextMenuController.h:
        * page/Page.cpp:
        (WebCore::Page::PageClients::PageClients):
        * page/Page.h:
        (WebCore):
        (PageClients):
        * platform/ContextMenu.cpp:
        * platform/ContextMenu.h:
        * platform/ContextMenuItem.cpp:
        * platform/ContextMenuItem.h:
        * platform/efl/ContextMenuEfl.cpp:
        * platform/efl/ContextMenuItemEfl.cpp:
        * platform/gtk/ContextMenuGtk.cpp:
        * platform/gtk/ContextMenuItemGtk.cpp:

2012-04-03  Adam Barth  <abarth@webkit.org>

        Implement <iframe srcdoc>
        https://bugs.webkit.org/show_bug.cgi?id=82991

        Reviewed by Sam Weinig.

        This patch implements the <iframe srcdoc> feature. This feature allows
        authors to easily supply the contents of an iframe without needing to
        round-trip to the server. Using srcdoc is more convenient than using
        data URLs because we set a bunch of properties of the child document
        sensibly. For example, the child inherits the base URL of the parent
        and the child uses standards mode by default.

        This feature is specified in
        <http://www.whatwg.org/specs/web-apps/current-work/#attr-iframe-srcdoc>.
        Although the feature has been in the spec for a while, I'm not aware of
        any other implementations in major browsers. The srcdoc feature works
        especially well with the sandbox and seamless attributes. We already
        implement sandbox and will likely implement seamless soon.

        The srcdoc feature was announced on the webkit-dev mailing list on March 30:
        https://lists.webkit.org/pipermail/webkit-dev/2012-March/020161.html

        This patch approaches the implementation using SubstituteData, which is
        a mechanism previously used for error messages and the like. Using
        SubstituteData has the advantage of not needing to modify the loading
        or history pipelines at all, making the integration of srcdoc with the
        rest of WebCore quite smooth.

        This patch encodes the contents of the srcdoc attribute to and from
        UTF-8 when round-tripping the contents through the loader. In a future
        patch, I plan to experiment with whether using UTF-16 (or perhaps
        another encoding) can improve performance. There might also be a way to
        avoid the memcpy entirely, but these optimizations are best left to
        followup patches as this patch focuses on the observable behavior of
        the feature.

        Tests: fast/frames/srcdoc/reloading-a-srcdoc-document-loads-it-again.html
               fast/frames/srcdoc/setting-src-does-nothing.html
               fast/frames/srcdoc/setting-srcdoc-reloads-document.html
               fast/frames/srcdoc/srcdoc-beats-src-dom.html
               fast/frames/srcdoc/srcdoc-beats-src.html
               fast/frames/srcdoc/srcdoc-can-be-in-qurks-mode.html
               fast/frames/srcdoc/srcdoc-can-navigate.html
               fast/frames/srcdoc/srcdoc-defaults-to-standards-mode.html
               fast/frames/srcdoc/srcdoc-loads-content.html
               fast/frames/srcdoc/srcdoc-urls.html
               http/tests/security/srcdoc-can-access-parent.html
               http/tests/security/srcdoc-in-sandbox-cannot-access-parent.html
               http/tests/security/srcdoc-inherits-referrer-for-forms.html
               http/tests/security/srcdoc-inherits-referrer.html

        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::initSecurityContext):
            - srcdoc documents need to inherit their security contexts from
              their parents. We pick this initialization point to inherit the
              base URL and to set the "srcdoc Document" bit so that everything
              gets initialized atomically and from precisely the same owner
              frame.
        * dom/Document.h:
        (Document):
        (WebCore::Document::isSrcdocDocument):
            - This bit of state is present in the HTML5 spec and is referred to
              by a number of different requirements in the spec.
        * html/HTMLAttributeNames.in:
        * html/HTMLFrameElementBase.cpp:
        (WebCore::HTMLFrameElementBase::parseAttribute):
        (WebCore::HTMLFrameElementBase::location):
            - These functions implement the requirement that the srcdoc
              attribute takes precedence over the src attribute and triggers a
              load of a document with the URL about:srcdoc.
        * html/HTMLIFrameElement.idl:
            - Expose the srcdoc property as a reflection of the DOM attribute.
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::defaultForInitial):
            - This tweak allows srcdoc documents to use standards mode by
              default, saving authors from having to include a doctype in each
              srcdoc document.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::defaultSubstituteDataForURL):
            - This function transfers the contents of the srcdoc attribute into
              the loading pipeline. If the client supplies other
              SubstituteData, that takes precendence over our "default"
              SubstituteData.
        (WebCore::FrameLoader::outgoingReferrer):
            - This function implements the requirement from the HTML5 spec that
              srcdoc documents inherit their referrer from their parent
              document. A recursive implementation might have been more
              aesthetic but the iterative implementation seemed like a better
              choice.
        (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
            - An about:srcdoc URL only has special meaning when loaded in an
              iframe with a srcdoc attribute. Otherwise, it's just a normal
              "about" URL, meaning a blank page.
        (WebCore::FrameLoader::urlSelected):
        (WebCore::FrameLoader::submitForm):
        (WebCore::FrameLoader::loadFrameRequest):
        (WebCore::FrameLoader::load):
        (WebCore::FrameLoader::loadWithNavigationAction):
        (WebCore::FrameLoader::reloadWithOverrideEncoding):
        (WebCore::FrameLoader::reload):
        (WebCore::FrameLoader::loadResourceSynchronously):
            - Update these call sites to call defaultSubstituteDataForURL and
              outgoingReferrer consistently.
        * loader/FrameLoader.h:
        (FrameLoader):

2012-03-29  Geoffrey Garen  <ggaren@apple.com>

        First step toward incremental Weak<T> finalization
        https://bugs.webkit.org/show_bug.cgi?id=82670

        Reviewed by Filip Pizlo.

        Updated WebCore for Weak<T> API changes.

        * bindings/js/DOMWrapperWorld.cpp:
        (WebCore::JSStringOwner::finalize): We're not allowed to get() a dead Weak<T>
        anymore, so use the debug-only was() helper function instead.

        * bindings/js/JSDOMBinding.h:
        (WebCore::uncacheWrapper): Ditto.

        * bindings/js/JSNodeCustom.h:
        (WebCore::setInlineCachedWrapper):
        (WebCore::clearInlineCachedWrapper): We're not allowed to get() a dead
        Weak<T>, so I had to push down these ASSERTs into ScriptWrappable.

        * bindings/js/JSNodeFilterCondition.cpp:
        (WebCore::JSNodeFilterCondition::acceptNode): Updated for non-Handle-ness
        of Weak<T>.

        * bindings/js/ScriptWrappable.h:
        (WebCore::ScriptWrappable::setWrapper):
        (WebCore::ScriptWrappable::clearWrapper): Use was(), as above.

2012-04-03  Luke Macpherson  <macpherson@chromium.org>

        Don't parse "show" and "hide" as valid values for display property.
        https://bugs.webkit.org/show_bug.cgi?id=83115

        Reviewed by Adam Barth.

        No new tests.

        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):

2012-04-03  Yuta Kitamura  <yutak@chromium.org>

        Crash in WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadCreateWebSocketChannel
        https://bugs.webkit.org/show_bug.cgi?id=82873

        Reviewed by David Levin.

        WorkerThreadableWebSocketChannel::Bridge should properly handle the cases where inter-thread
        callback is not called due to the termination of the worker run loop. Specifically, the bridge
        should not send its "this" pointer to the main thread, because the bridge object may be freed
        in the worker thread before the main thread starts to process.

        Test: http/tests/websocket/tests/hybi/workers/worker-reload.html

        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
        (WebCore::ThreadableWebSocketChannelClientWrapper::ThreadableWebSocketChannelClientWrapper):
        (WebCore::ThreadableWebSocketChannelClientWrapper::peer):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didCreateWebSocketChannel):
        Renamed from setUseHixie76Protocol, as this funtion now also sets m_peer.
        Sets m_syncMethodDone to true, because this function is called in the end of
        synchronous wait of Bridge::initialize().
        (WebCore::ThreadableWebSocketChannelClientWrapper::clearPeer):
        (WebCore::ThreadableWebSocketChannelClientWrapper::useHixie76Protocol):
        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.h:
        Add WorkerThreadableWebSocketChannel::Peer which is initialized after the creation of
        WebSocketChannel in the main thread.
        (ThreadableWebSocketChannelClientWrapper):
        * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
        (WebCore::WorkerThreadableWebSocketChannel::WorkerThreadableWebSocketChannel):
        Don't do synchronous wait in the constructor, as a member function may be called
        during the wait before the constructor finishes. The meat of the constructor has
        moved to initialize() function.
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::Bridge):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::~Bridge):
        (WorkerContextDidInitializeTask):
        (WebCore::WorkerContextDidInitializeTask::create):
        (WebCore::WorkerContextDidInitializeTask::~WorkerContextDidInitializeTask):
        (WebCore::WorkerContextDidInitializeTask::WorkerContextDidInitializeTask):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::initialize):
        Don't pass "this" object to the main thread. Receive the pointer to the peer object
        via ThreadableWebSocketChannelClientWrapper which is ThreadSafeRefCounted<>.
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::connect):
        m_peer may be NULL, and we should not do anything in that case.
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::send):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::bufferedAmount):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadClose):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::close):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::fail):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::suspend):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::resume):
        * Modules/websockets/WorkerThreadableWebSocketChannel.h:
        (WorkerThreadableWebSocketChannel):
        (WebCore::WorkerThreadableWebSocketChannel::refThreadableWebSocketChannel):
        (WebCore::WorkerThreadableWebSocketChannel::derefThreadableWebSocketChannel):
        (Bridge):
 &