Wheel event callback removing the window causes crash in WebCore.
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-02-19  Simon Fraser  <simon.fraser@apple.com>
2
3         Wheel event callback removing the window causes crash in WebCore.
4         https://bugs.webkit.org/show_bug.cgi?id=150871
5
6         Reviewed by Brent Fulgham.
7
8         Null check the FrameView before using it, since the iframe may have been removed
9         from its parent document inside the event handler.
10         
11         The new test triggered a cross-load side-effect, where wheel event filtering wasn't
12         reset between page loads. Fix by calling clearLatchedState() in EventHandler::clear(),
13         which resets the filtering.
14
15         Test: fast/events/wheel-event-destroys-frame.html
16
17         * page/EventHandler.cpp:
18         (WebCore::EventHandler::clear):
19         * page/WheelEventDeltaFilter.cpp:
20         (WebCore::WheelEventDeltaFilter::filteredDelta):
21         * page/mac/EventHandlerMac.mm:
22         (WebCore::EventHandler::platformCompleteWheelEvent):
23         * rendering/RenderLayer.cpp:
24         (WebCore::RenderLayer::scrollTo):
25
26 2016-02-19  Myles C. Maxfield  <mmaxfield@apple.com>
27
28         [Win] [SVG -> OTF Converter] All uses of a font except the first one are invisible
29         https://bugs.webkit.org/show_bug.cgi?id=154465
30
31         Reviewed by Alex Christensen.
32
33         We should re-use the existing converted data if it exists.
34
35         Covered by existing tests.
36
37         * css/CSSFontFaceSource.cpp:
38         (WebCore::CSSFontFaceSource::font):
39
40 2016-02-19  Antti Koivisto  <antti@apple.com>
41
42         ComposedTreeIterator traverses normal children for elements with empty shadow root
43         https://bugs.webkit.org/show_bug.cgi?id=154464
44
45         Reviewed by Ryosuke Niwa.
46
47         Test: fast/shadow-dom/composed-tree-basic.html
48
49         * dom/ComposedTreeIterator.cpp:
50         (WebCore::ComposedTreeIterator::initializeContextStack):
51         (WebCore::ComposedTreeIterator::traverseShadowRoot):
52
53             If the shadow root is empty continue by skipping the real children.
54
55         (WebCore::ComposedTreeIterator::traverseNextInShadowTree):
56         (WebCore::composedTreeAsText):
57         (WebCore::ComposedTreeIterator::pushContext): Deleted.
58         * dom/ComposedTreeIterator.h:
59         (WebCore::ComposedTreeIterator::context):
60         (WebCore::ComposedTreeIterator::current):
61         (WebCore::ComposedTreeIterator::traverseNext):
62         (WebCore::composedTreeChildren):
63         * testing/Internals.cpp:
64         (WebCore::Internals::composedTreeAsText):
65
66             Testing support.
67
68         * testing/Internals.h:
69         * testing/Internals.idl:
70
71 2016-02-19  Jer Noble  <jer.noble@apple.com>
72
73         Adopt CachedRawResourceClient::shouldCacheResponse() in MediaResourceLoader and WebCoreNSURLSession
74         https://bugs.webkit.org/show_bug.cgi?id=154466
75
76         Reviewed by Alex Christensen.
77
78         Adopt the new shouldCacheResponse() callback so that byte-range
79         requests generated by WebCoreNSURLSession are not cached.
80
81         * loader/MediaResourceLoader.cpp:
82         (WebCore::MediaResource::shouldCacheResponse):
83         * loader/MediaResourceLoader.h:
84         * platform/graphics/PlatformMediaResourceLoader.h:
85         (WebCore::PlatformMediaResourceClient::shouldCacheResponse):
86         * platform/network/cocoa/WebCoreNSURLSession.mm:
87         (-[WebCoreNSURLSession downloadTaskWithRequest:]):
88         (-[WebCoreNSURLSession streamTaskWithHostName:port:]):
89         (-[WebCoreNSURLSession streamTaskWithNetService:]):
90         (-[WebCoreNSURLSessionDataTask _timingData]):
91         (-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]):
92
93 2016-02-12  Jer Noble  <jer.noble@apple.com>
94
95         [Mac] CORS-compliant videos throw security errors when painting to Canvas
96         https://bugs.webkit.org/show_bug.cgi?id=154188
97         <rdar://problem/22959556>
98
99         Reviewed by Alex Christensen.
100
101         Pass the CORS access check results from WebCoreNSURLSession to it's client,
102         MediaPlayerPrivateAVFoundationObjC.
103
104         * WebCore.xcodeproj/project.pbxproj:
105         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
106         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
107         (WebCore::MediaPlayerPrivateAVFoundationObjC::didPassCORSAccessCheck): Ask the WebCoreNSURLSession.
108         * platform/network/cocoa/WebCoreNSURLSession.h:
109         * platform/network/cocoa/WebCoreNSURLSession.mm:
110         (-[WebCoreNSURLSession task:didReceiveCORSAccessCheckResult:]): Conditionally set _corsResults.
111         (-[WebCoreNSURLSession didPassCORSAccessChecks]): Return _corsResults.
112         (WebCoreNSURLSessionDataTaskClient::accessControlCheckFailed): Call -resource:accessControlCheckFailedWithError:.
113         (WebCoreNSURLSessionDataTaskClient::loadFailed): Call -resource:loadFailedWithError:.
114         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Set _response within the delegate queue.
115         (-[WebCoreNSURLSessionDataTask _resource:loadFinishedWithError:]): Renamed from resourceFinished:
116         (-[WebCoreNSURLSessionDataTask resource:accessControlCheckFailedWithError:]): Ditto.
117         (-[WebCoreNSURLSessionDataTask resource:loadFailedWithError:]): Ditto.
118         (-[WebCoreNSURLSessionDataTask resourceFinished:]): Ditto.
119
120 2016-02-19  Chris Dumez  <cdumez@apple.com>
121
122         Unreviewed build fix.
123
124         * loader/cocoa/SubresourceLoaderCocoa.mm:
125         (WebCore::SubresourceLoader::willCacheResponse):
126
127 2016-02-19  Nan Wang  <n_wang@apple.com>
128
129         AX: Inconsistency between CharacterOffset and VisiblePostition
130         https://bugs.webkit.org/show_bug.cgi?id=154431
131
132         Reviewed by Chris Fleizach.
133
134         VoiceOver is not getting the correct text marker from VisiblePostition when
135         navigating using arrow keys. We should make the CharacterOffset behavior consistent
136         with VisiblePosition so that the conversion between the two won't create different
137         text markers.
138         
139         Changes are covered in the modified tests.
140
141         * accessibility/AXObjectCache.cpp:
142         (WebCore::AXObjectCache::characterOffsetForTextMarkerData):
143         (WebCore::AXObjectCache::traverseToOffsetInRange):
144         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
145         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
146         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
147         (WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
148         (WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
149         (WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
150         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
151         (WebCore::AXObjectCache::accessibilityObjectForTextMarkerData):
152         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
153         (WebCore::AXObjectCache::nextCharacterOffset):
154         (WebCore::AXObjectCache::previousCharacterOffset):
155         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
156         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
157         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
158         (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
159         (WebCore::AXObjectCache::previousSentenceStartCharacterOffset):
160         * accessibility/AXObjectCache.h:
161         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
162         (-[WebAccessibilityObjectWrapper doAXAttributedStringForTextMarkerRange:]):
163
164 2016-02-19  Jer Noble  <jer.noble@apple.com>
165
166         Allow CachedRawResource clients to opt out of caching on a per-response basis
167         https://bugs.webkit.org/show_bug.cgi?id=154453
168
169         Reviewed by Brady Eidson.
170
171         For CF or NS networking clients, the system loader will ask whether the client (the
172         SubResourceLoader in this case) wants the response to be cached. This breaks for byte
173         range requests due to <rdar://problem/20001985>. Allow the SubresourceLoader to query
174         its clients, and return null, if they opt out.
175
176         * loader/cache/CachedRawResource.cpp:
177         (WebCore::CachedRawResource::shouldCacheResponse):
178         * loader/cache/CachedRawResource.h:
179         * loader/cache/CachedRawResourceClient.h:
180         (WebCore::CachedRawResourceClient::shouldCacheResponse):
181         * loader/cache/CachedResource.h:
182         (WebCore::CachedResource::shouldCacheResponse):
183         * loader/cocoa/SubresourceLoaderCocoa.mm:
184         (WebCore::SubresourceLoader::willCacheResponse):
185
186 2016-02-19  Zalan Bujtas  <zalan@apple.com>
187
188         Blocked plug-in placeholder is sometimes not shown.
189         https://bugs.webkit.org/show_bug.cgi?id=154434
190         <rdar://problem/22584973>
191
192         Reviewed by Brent Fulgham.
193
194         m_isUnavailablePluginIndicatorHidden was set to false incorrectly as initial value.
195         It prevented RenderEmbeddedObject from issuing repaint when the plugin indicator
196         was set to visible (m_isUnavailablePluginIndicatorHidden <- false) the first time.
197         (The reason why the indicator showed up most of the time was because some renderer
198         triggered repaint on the view.)
199
200         Unable to test.
201
202         * rendering/RenderEmbeddedObject.cpp:
203         (WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsHidden):
204         (WebCore::RenderEmbeddedObject::RenderEmbeddedObject): Deleted.
205         (WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsPressed): Deleted.
206         * rendering/RenderEmbeddedObject.h:
207         (WebCore::RenderEmbeddedObject::showsUnavailablePluginIndicator):
208
209 2016-02-19  Csaba Osztrogonác  <ossy@webkit.org>
210
211         Fix pessimizing-move warnings
212         https://bugs.webkit.org/show_bug.cgi?id=154395
213
214         Reviewed by Michael Catanzaro.
215
216         * platform/graphics/efl/CairoUtilitiesEfl.cpp:
217         (WebCore::evasObjectFromCairoImageSurface):
218         * platform/graphics/surfaces/GLTransportSurface.cpp:
219         (WebCore::GLTransportSurface::createTransportSurface):
220         (WebCore::GLTransportSurfaceClient::createTransportSurfaceClient):
221
222 2016-02-19  Philippe Normand  <pnormand@igalia.com>
223
224         [GStreamer] clean-up various leaks
225         https://bugs.webkit.org/show_bug.cgi?id=154285
226
227         Reviewed by Carlos Garcia Campos.
228
229         * platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:
230         (webkit_web_audio_src_init): Take full ownership of the GstTask.
231         * platform/graphics/gstreamer/GRefPtrGStreamer.cpp:
232         (WTF::adoptGRef): Null pointer support in ASSERTs.
233         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
234         (WebCore::initializeGStreamerAndRegisterWebKitElements): Take full ownership of the GstElementFactory pointers.
235         (WebCore::MediaPlayerPrivateGStreamer::isAvailable): Ditto.
236
237 2016-02-18  Andy Estes  <aestes@apple.com>
238
239         Revert to dispatching the popstate event synchronously
240         https://bugs.webkit.org/show_bug.cgi?id=153297
241         rdar://problem/24092294
242
243         Reviewed by Brent Fulgham.
244
245         r192369 made the popstate event dispatch asynchronously, which matches what the HTML5 spec says to do. However,
246         due to compatibility regressions we need to revert back to dispatching synchronously. This change reverts
247         r192369's changes to Document.cpp, but retains the new tests.
248
249         Firing popstate synchronously makes both fast/loader/remove-iframe-during-history-navigation-different.html and
250         fast/loader/remove-iframe-during-history-navigation-same.html crash, because their onpopstate handlers remove
251         frames from the document that will later be accessed by HistoryController::recursiveGoToItem().
252
253         To prevent the crashes, this change does two things:
254         1. Keep a reference to the current frame inside FrameLoader::loadSameDocumentItem(), since calling
255            loadInSameDocument() might otherwise delete it.
256         2. Handle a null frame when iterating a HistoryItem's child frames in HistoryController::recursiveGoToItem(),
257            since calling goToItem() on one frame might cause another frame to be deleted.
258
259         Covered by existing tests. fast/loader/stateobjects/popstate-is-asynchronous.html was renamed to
260         fast/loader/stateobjects/popstate-is-synchronous.html and modified to expect synchronous dispatch.
261
262         * dom/Document.cpp:
263         (WebCore::Document::enqueuePopstateEvent):
264         * loader/FrameLoader.cpp:
265         (WebCore::FrameLoader::loadSameDocumentItem):
266         * loader/HistoryController.cpp:
267         (WebCore::HistoryController::recursiveGoToItem):
268
269 2016-02-19  Carlos Garcia Campos  <cgarcia@igalia.com>
270
271         Unreviewed. Fix GObject DOM bindings API break after r196769.
272
273         * html/HTMLTextAreaElement.idl:
274
275 2016-02-18  Gwang Yoon Hwang  <yoon@igalia.com>
276
277         [GTK] Limit the number of tiles according to the visible area
278         https://bugs.webkit.org/show_bug.cgi?id=126122
279
280         Reviewed by Carlos Garcia Campos.
281
282         TextureMapperTiledBackingStore creates tiles for whole layer bounds, which
283         means it creates the huge amount of textures if there is an excessively big
284         layer.  Not only it wastes the memory and the CPU time, it even can crash GPU
285         drivers.
286
287         This patch modifies TextureMapperTiledBackingStore to take into account the
288         visible area with a coverage multiplier when creating tiles.
289
290         * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
291         (WebCore::GraphicsLayerTextureMapper::GraphicsLayerTextureMapper):
292         Set a flag to recalculate the visible area of the layer when there are
293         geometric changes.
294         (WebCore::GraphicsLayerTextureMapper::setContentsToImage):
295         (WebCore::GraphicsLayerTextureMapper::flushCompositingStateForThisLayerOnly):
296         (WebCore::GraphicsLayerTextureMapper::updateBackingStoreIncludingSubLayers):
297         (WebCore::GraphicsLayerTextureMapper::updateBackingStoreIfNeeded):
298         (WebCore::GraphicsLayerTextureMapper::markVisibleRectAsDirty):
299         (WebCore::GraphicsLayerTextureMapper::selfOrAncestorHasActiveTransformAnimation):
300         (WebCore::GraphicsLayerTextureMapper::computeTransformedVisibleRect):
301         Compute the inverse transform matrix to map a global visible are to
302         the local visible area.
303         (WebCore::clampToContentsRectIfRectIsInfinite):
304         (WebCore::GraphicsLayerTextureMapper::transformedVisibleRect):
305         * platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:
306         (WebCore::TextureMapperTiledBackingStore::paintToTextureMapper):
307         In HiDPI, the directly composited image is uploaded to the unscaled
308         texture to reduce memory usages. So we should apply device scale
309         factor to render it correctly.
310         (WebCore::TextureMapperTiledBackingStore::createOrDestroyTilesIfNeeded):
311         Create tiles which covered by visible rect with a coverage multiplier.
312
313 2016-02-18  Brent Fulgham  <bfulgham@apple.com>
314
315         Extend HashCountedSet with a method to efficiently set the count of an entry
316         https://bugs.webkit.org/show_bug.cgi?id=154352
317
318         Reviewed by Geoffrey Garen.
319
320         Tested by new TestWebKitAPI tests.
321
322         * loader/ResourceLoadStatistics.cpp:
323         (WebCore::decodeHashCountedSet): Update to use new HashCountedSet::add method.
324
325 2016-02-18  Commit Queue  <commit-queue@webkit.org>
326
327         Unreviewed, rolling out r196790.
328         https://bugs.webkit.org/show_bug.cgi?id=154439
329
330         made fast/events/wheelevent-basic-actual.txt fail in WK2
331         (Requested by alexchristensen on #webkit).
332
333         Reverted changeset:
334
335         "Wheel event callback removing the window causes crash in
336         WebCore."
337         https://bugs.webkit.org/show_bug.cgi?id=150871
338         http://trac.webkit.org/changeset/196790
339
340 2016-02-18  Commit Queue  <commit-queue@webkit.org>
341
342         Unreviewed, rolling out r196791.
343         https://bugs.webkit.org/show_bug.cgi?id=154438
344
345         broke windows build (Requested by alexchristensen on #webkit).
346
347         Reverted changeset:
348
349         "Extend HashCountedSet with a method to efficiently set the
350         count of an entry"
351         https://bugs.webkit.org/show_bug.cgi?id=154352
352         http://trac.webkit.org/changeset/196791
353
354 2016-02-18  Chris Dumez  <cdumez@apple.com>
355
356         window.history / window.navigator should not be replaceable
357         https://bugs.webkit.org/show_bug.cgi?id=154412
358
359         Reviewed by Ryosuke Niwa.
360
361         window.history / window.navigator should not be replaceable as per
362         the latest HTML specification:
363         https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
364
365         Firefox and Chrome already match the specification. This patch aligns
366         our behavior.
367
368         No new tests, already covered by existing tests.
369
370         * page/DOMWindow.idl:
371
372 2016-02-18  Chris Dumez  <cdumez@apple.com>
373
374         HTMLTableHeaderCellElement.scope should only return known values
375         https://bugs.webkit.org/show_bug.cgi?id=154423
376         <rdar://problem/24731018>
377
378         Reviewed by Ryosuke Niwa.
379
380         HTMLTableHeaderCellElement.scope should only return known values as per:
381         - https://html.spec.whatwg.org/multipage/tables.html#dom-th-scope
382
383         Known values are document here:
384         - https://html.spec.whatwg.org/multipage/tables.html#attr-th-scope
385
386         No new tests, already covered by existing test.
387
388         * CMakeLists.txt:
389         * WebCore.vcxproj/WebCore.vcxproj:
390         * WebCore.vcxproj/WebCore.vcxproj.filters:
391         * WebCore.xcodeproj/project.pbxproj:
392         * html/HTMLElementsAllInOne.cpp:
393         * html/HTMLTableHeaderCellElement.cpp: Copied from Source/WebCore/html/HTMLTableHeaderCellElement.h.
394         (WebCore::HTMLTableHeaderCellElement::scope):
395         (WebCore::HTMLTableHeaderCellElement::setScope):
396         * html/HTMLTableHeaderCellElement.h:
397         * html/HTMLTableHeaderCellElement.idl:
398
399 2016-02-18  Brent Fulgham  <bfulgham@apple.com>
400
401         Extend HashCountedSet with a method to efficiently set the count of an entry
402         https://bugs.webkit.org/show_bug.cgi?id=154352
403
404         Reviewed by Geoffrey Garen.
405
406         Tested by new TestWebKitAPI tests.
407
408         * loader/ResourceLoadStatistics.cpp:
409         (WebCore::decodeHashCountedSet): Update to use new HashCountedSet::add method.
410
411 2016-02-18  Simon Fraser  <simon.fraser@apple.com>
412
413         Wheel event callback removing the window causes crash in WebCore.
414         https://bugs.webkit.org/show_bug.cgi?id=150871
415
416         Reviewed by Brent Fulgham.
417         
418         Null check the FrameView before using it, since the iframe may have been removed
419         from its parent document inside the event handler.
420
421         Test: fast/events/wheel-event-destroys-frame.html
422
423         * page/mac/EventHandlerMac.mm:
424         (WebCore::EventHandler::platformCompleteWheelEvent):
425
426 2016-02-18  Brady Eidson  <beidson@apple.com>
427
428         Modern IDB: Fix IDBGetResult encoder/decoder.
429         https://bugs.webkit.org/show_bug.cgi?id=154421
430
431         Reviewed by Alex Christensen.
432
433         No new tests, as Modern IDB is still disabled for WK2.
434         
435         But if you manually enable it, "Basic IndexedDB Seems To Work"
436
437         * Modules/indexeddb/IDBGetResult.h:
438         (WebCore::IDBGetResult::encode):
439         (WebCore::IDBGetResult::decode):
440
441 2016-02-18  Myles C. Maxfield  <mmaxfield@apple.com>
442
443         Addressing post-review comments after r196747.
444
445         Unreviewed.
446
447         * css/CSSFontFaceSet.h:
448         * css/FontFaceSet.cpp:
449         (WebCore::FontFaceSet::size):
450         (WebCore::FontFaceSet::clear):
451         * css/FontFaceSet.h:
452
453 2016-02-18  Zalan Bujtas  <zalan@apple.com>
454
455         Soft hyphen is not shown when it is placed at the end of an inline element
456         https://bugs.webkit.org/show_bug.cgi?id=153980
457
458         Reviewed by David Hyatt.
459
460         This patch handles the case when the character at the breaking position does not fit the
461         line and soft-hyphen, as the first breaking opportunity, is followed by this overflowing character.
462         (foo&shy;bar where b overflows the line).
463         In such cases we don't yet have an item in the breaking history so we need to take a look at
464         the current context instead.    
465
466         Test: fast/text/soft-hyphen-as-first-breaking-opportunity.html
467
468         * rendering/line/BreakingContext.h:
469         (WebCore::BreakingContext::InlineIteratorHistory::nextBreakablePosition):
470         (WebCore::BreakingContext::handleText):
471
472 2016-02-18  Andreas Kling  <akling@apple.com>
473
474         Fake memory pressure handler should log detailed memory breakdown.
475         <https://webkit.org/b/154415>
476
477         Reviewed by Antti Koivisto.
478
479         Piggyback on the RESOURCE_USAGE code to implement some detailed memory footprint diffing
480         and have the fake memory handler dump before/after/diff after it runs.
481
482         * page/ResourceUsageThread.h:
483         (WebCore::TagInfo::TagInfo):
484         * page/cocoa/ResourceUsageThreadCocoa.mm:
485         (WebCore::logFootprintComparison):
486         (WebCore::displayNameForVMTag):
487         (WebCore::pagesPerVMTag):
488         (WebCore::TagInfo::TagInfo): Deleted.
489         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
490         (WebCore::MemoryPressureHandler::install):
491
492 2016-02-18  Brady Eidson  <beidson@apple.com>
493
494         Modern IDB: Implement server->client operations in WK2.
495         https://bugs.webkit.org/show_bug.cgi?id=154411
496
497         Reviewed by Alex Christensen.
498
499         No change in behavior yet; Just laying the groundwork.
500     
501         * Modules/indexeddb/client/IDBConnectionToServer.h:
502         * Modules/indexeddb/server/IDBServer.h:
503         * Modules/indexeddb/shared/IDBTransactionInfo.h:
504         (WebCore::IDBTransactionInfo::encode):
505         (WebCore::IDBTransactionInfo::decode):
506
507 2016-02-18  Csaba Osztrogonác  <ossy@webkit.org>
508
509         Fix unused-const-variable warning on non Cocoa platforms
510         https://bugs.webkit.org/show_bug.cgi?id=154394
511
512         Reviewed by Michael Catanzaro.
513
514         * html/HTMLPlugInImageElement.cpp:
515
516 2016-02-18  Brady Eidson  <beidson@apple.com>
517
518         Modern IDB: Implement client->server operations in WK2.
519         https://bugs.webkit.org/show_bug.cgi?id=154400
520
521         Reviewed by Alex Christensen.
522
523         No change in behavior yet; Just laying the groundwork.
524
525         * Modules/indexeddb/server/IDBServer.h:
526         * Modules/indexeddb/server/UniqueIDBDatabase.h:
527         * Modules/indexeddb/shared/IDBIndexInfo.h:
528         * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
529
530 2016-02-18  Chris Dumez  <cdumez@apple.com>
531
532         [Unforgeable] operations should not be writable as per Web IDL
533         https://bugs.webkit.org/show_bug.cgi?id=154396
534         <rdar://problem/24721063>
535
536         Reviewed by Ryosuke Niwa.
537
538         [Unforgeable] operations should not be writable as per the Web IDL specification:
539         http://heycam.github.io/webidl/#es-operations
540
541         They were currently non-configurable in WebKit but still writable.
542
543         No new tests, already covered by existing test.
544
545         * bindings/scripts/CodeGeneratorJS.pm:
546         Mark [Unforgeable] operations as ReadOnly.
547
548         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
549         * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
550         * bindings/scripts/test/JS/JSTestObj.cpp:
551         * bindings/scripts/test/ObjC/DOMTestObj.h:
552         * bindings/scripts/test/ObjC/DOMTestObj.mm:
553         * bindings/scripts/test/TestObj.idl:
554         Add bindings test coverage for [Unforgeable].
555
556 2016-02-18  Chris Dumez  <cdumez@apple.com>
557
558         Fix behavior of reflecting unsigned long IDL attributes that are limited to only non-negative numbers greater than zero
559         https://bugs.webkit.org/show_bug.cgi?id=154398
560
561         Reviewed by Ryosuke Niwa.
562
563         Fix behavior of reflecting unsigned long IDL attributes that are limited
564         to only non-negative numbers greater than zero to comply with:
565         - https://html.spec.whatwg.org/#limited-to-only-non-negative-numbers-greater-than-zero
566
567         This patch updates the following IDL attributes:
568         - colgroup.span
569         - col.span
570         - input.size
571         - textarea.cols
572         - textareal.rows
573
574         All of them now:
575         - Have "unsigned long" type on IDL size and "unsigned" type on native
576           side.
577         - On getting, return the value if it is in the range [1; 2147483647],
578           otherwise return the default value.
579         - On setting, set to the input value if it is in the range
580           [1; 2147483647], otherwise, set to the default value.
581
582         Note that as per the specification, we are supposed to throw an
583         IndexSizeError exception when trying to set those attributes to zero.
584         However, we instead use the default value to match other browsers.
585         It would be risky to be the only browser to throw in this case.
586
587         No new tests, already covered by existing test.
588
589         * html/HTMLInputElement.cpp:
590         (WebCore::HTMLInputElement::parseAttribute):
591         (WebCore::HTMLInputElement::setSize):
592         * html/HTMLTableColElement.cpp:
593         (WebCore::HTMLTableColElement::parseAttribute):
594         (WebCore::HTMLTableColElement::setSpan):
595         * html/HTMLTableColElement.h:
596         * html/HTMLTableColElement.idl:
597         * html/HTMLTextAreaElement.cpp:
598         (WebCore::HTMLTextAreaElement::parseAttribute):
599         (WebCore::HTMLTextAreaElement::setCols):
600         (WebCore::HTMLTextAreaElement::setRows):
601         (WebCore::HTMLTextAreaElement::shouldUseInputMethod): Deleted.
602         * html/HTMLTextAreaElement.h:
603         * html/HTMLTextAreaElement.idl:
604         * html/parser/HTMLParserIdioms.h:
605         (WebCore::limitToOnlyNonNegativeNumbersGreaterThanZero):
606
607 2016-02-18  David Kilzer  <ddkilzer@apple.com>
608
609         Remove redundant ASSERT_WITH_MESSAGE_UNUSED() from SOFT_LINK_FRAMEWORK_FOR_SOURCE() macro
610
611         Follow-up fix noted by Andy Estes for:
612
613             [Cocoa] Always check the return value of dlopen() and dlsym() in Release builds
614             <http://webkit.org/b/154364>
615
616         * platform/mac/SoftLinking.h:
617         (SOFT_LINK_FRAMEWORK_FOR_SOURCE): Remove redundant
618         ASSERT_WITH_MESSAGE_UNUSED().
619
620 2016-02-18  Andreas Kling  <akling@apple.com>
621
622         Reduce tiling coverage immediately when memory pressure hits.
623         <https://webkit.org/b/154374>
624
625         Reviewed by Simon Fraser.
626
627         We already had a policy that reduced tiling coverage to a minimum while the system
628         is under memory pressure. However, that policy wouldn't kick in immediately after
629         receiving the pressure notification, but the next time we flush compositing state.
630
631         This change makes it happen sooner, improving our chances to escape death!
632
633         * page/Page.h:
634         * page/Page.cpp:
635         (WebCore::Page::forEachPage):
636
637             Add a little helper for visiting every Page.
638
639         * platform/MemoryPressureHandler.cpp:
640         (WebCore::MemoryPressureHandler::releaseCriticalMemory):
641
642             When under critical memory pressure, schedule a compositing flush in all Pages.
643             This ensures that the reduced tiling coverage policy takes effect, allowing us to
644             immediately drop several tiles in each visible web view.
645
646         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
647         (WebCore::MemoryPressureHandler::install):
648
649             To ensure that this behavior is testable with the fake memory pressure notification,
650             make the fake handler set the "in memory pressure" state just like the real one would.
651             I don't know why we were not doing this previously, it was just an oversight.
652             After the simulation completes, it schedules a runloop callback that resets the
653             "in memory pressure" state.
654
655 2016-02-17  Myles C. Maxfield  <mmaxfield@apple.com>
656
657         [Font Loading] Implement FontFaceSet
658         https://bugs.webkit.org/show_bug.cgi?id=153348
659
660         Reviewed by Simon Fraser.
661
662         The CSS Font Loading spec includes a FontFaceSet object which represents
663         a collection of FontFaces. This patch implements such an object, and
664         backs it with a vector of FontFaces. Similarly to the FontFace object,
665         FontFaceSet is separated into a FontFaceSet frontend object and a
666         CSSFontFaceSet backend object, which actually owns the FontFace objects.
667         All the interaction with Promises is performed in the frontend object.
668
669         This patch does not implement the EventTarget part of the FontFaceSet
670         API, so the only way to know when a font is finished loading is by using
671         the associated Promise objects.
672
673         The CSS Font Loading spec describes how the Document should vend an
674         instance of FontFaceSet which represents the font faces currently
675         associated with the Document. However, that functionality is
676         forthcoming. Currently, the only way to get a FontFaceSet is to create
677         one yourself (using the constructor). Therefore, this patch does not
678         implement the spec's notion of a "CSS-connected font face."
679
680         Test: fast/text/font-face-set-javascript.html
681
682         * CMakeLists.txt: Add new files.
683         * DerivedSources.make: Ditto.
684         * WebCore.vcxproj/WebCore.vcxproj: Ditto.
685         * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
686         * WebCore.xcodeproj/project.pbxproj: Ditto.
687         * bindings/js/JSFontFaceSetCustom.cpp: Added.
688         (WebCore::JSFontFaceSet::ready): Use the Promise member.
689         (WebCore::JSFontFaceSet::entries): Use existing iterator code.
690         (WebCore::JSFontFaceSet::keys):
691         (WebCore::JSFontFaceSet::values):
692         * css/CSSAllInOne.cpp: Add new files.
693         * css/CSSFontFace.cpp: We now have a collection of clients (instead of
694         just one). Also, we need to keep a pointer to our FontFace wrapper.
695         (WebCore::CSSFontFace::CSSFontFace):
696         (WebCore::CSSFontFace::addClient):
697         (WebCore::CSSFontFace::removeClient):
698         (WebCore::CSSFontFace::setStatus): Rename the delegate callback to be
699         more clear.
700         (WebCore::CSSFontFace::fontLoaded):
701         (WebCore::CSSFontFace::addedToSegmentedFontFace): Deleted.
702         (WebCore::CSSFontFace::removedFromSegmentedFontFace): Deleted.
703         * css/CSSFontFace.h: Same as above.
704         (WebCore::CSSFontFace::create):
705         (WebCore::CSSFontFace::Client::~Client):
706         (WebCore::CSSFontFace::Client::kick):
707         (WebCore::CSSFontFace::Client::stateChanged):
708         (WebCore::CSSFontFace::wrapper):
709         (WebCore::CSSFontFaceClient::~CSSFontFaceClient): Deleted.
710         * css/CSSFontFaceSet.cpp: Added. Initial imlementation.
711         (WebCore::CSSFontFaceSet::CSSFontFaceSet):
712         (WebCore::CSSFontFaceSet::~CSSFontFaceSet):
713         (WebCore::CSSFontFaceSet::incrementActiveCount):
714         (WebCore::CSSFontFaceSet::decrementActiveCount):
715         (WebCore::CSSFontFaceSet::has):
716         (WebCore::CSSFontFaceSet::add):
717         (WebCore::CSSFontFaceSet::remove):
718         (WebCore::extractFamilies):
719         (WebCore::familiesIntersect): Because this is an initial imlementation,
720         this function is not optimized. A subsequent patch (which implements
721         Document.fonts) will optimize this.
722         (WebCore::CSSFontFaceSet::matchingFaces):
723         (WebCore::CSSFontFaceSet::load):
724         (WebCore::CSSFontFaceSet::check):
725         (WebCore::CSSFontFaceSet::stateChanged):
726         * css/CSSFontFaceSet.h: Added.
727         (WebCore::CSSFontFaceSetClient::~CSSFontFaceSetClient):
728         (WebCore::CSSFontFaceSet::size):
729         (WebCore::CSSFontFaceSet::operator[]):
730         (WebCore::CSSFontFaceSet::status):
731         * css/CSSFontSelector.cpp:
732         (WebCore::CSSFontSelector::familyNameFromPrimitive):
733         (WebCore::CSSFontSelector::registerLocalFontFacesForFamily):
734         (WebCore::CSSFontSelector::addFontFaceRule):
735         (WebCore::familyNameFromPrimitive): Deleted.
736         (WebCore::CSSFontSelector::kick): Deleted.
737         * css/CSSFontSelector.h:
738         * css/CSSSegmentedFontFace.cpp:
739         (WebCore::CSSSegmentedFontFace::~CSSSegmentedFontFace):
740         (WebCore::CSSSegmentedFontFace::appendFontFace):
741         (WebCore::CSSSegmentedFontFace::kick):
742         (WebCore::CSSSegmentedFontFace::fontLoaded): Deleted.
743         * css/CSSSegmentedFontFace.h:
744         * css/FontFace.cpp:
745         (WebCore::FontFace::FontFace):
746         (WebCore::FontFace::~FontFace):
747         (WebCore::FontFace::stateChanged): Renamed to make its purpose clearer.
748         (WebCore::FontFace::kick): Deleted.
749         * css/FontFace.h:
750         * css/FontFaceSet.cpp: Added.
751         (WebCore::createPromise):
752         (WebCore::FontFaceSet::FontFaceSet):
753         (WebCore::FontFaceSet::~FontFaceSet):
754         (WebCore::FontFaceSet::Iterator::Iterator):
755         (WebCore::FontFaceSet::Iterator::next):
756         (WebCore::FontFaceSet::PendingPromise::PendingPromise):
757         (WebCore::FontFaceSet::PendingPromise::~PendingPromise):
758         (WebCore::FontFaceSet::has):
759         (WebCore::FontFaceSet::size):
760         (WebCore::FontFaceSet::add):
761         (WebCore::FontFaceSet::remove):
762         (WebCore::FontFaceSet::clear):
763         (WebCore::FontFaceSet::load): Most of the complexity of loading is
764         due to the promises involved. Rather than use the Javascript function
765         Promise.all(), this patch builds a data structure to represent the
766         promises which need to be resolved. When fonts finish loading, we look
767         at the data structure to determine which promises to resolve.
768         (WebCore::FontFaceSet::check):
769         (WebCore::FontFaceSet::status):
770         (WebCore::FontFaceSet::canSuspendForDocumentSuspension):
771         (WebCore::FontFaceSet::startedLoading):
772         (WebCore::FontFaceSet::completedLoading):
773         (WebCore::FontFaceSet::fulfillPromise): Keep the promise alive.
774         (WebCore::FontFaceSet::faceFinished):
775         * css/FontFaceSet.h: Added.
776         (WebCore::FontFaceSet::create):
777         (WebCore::FontFaceSet::load):
778         (WebCore::FontFaceSet::check):
779         (WebCore::FontFaceSet::createIterator):
780         (WebCore::FontFaceSet::PendingPromise::create):
781         * css/FontFaceSet.idl: Added.
782         * dom/EventNames.h:
783         * dom/EventTargetFactory.in:
784
785 2016-02-17  Mark Lam  <mark.lam@apple.com>
786
787         Callers of JSString::value() should check for exceptions thereafter.
788         https://bugs.webkit.org/show_bug.cgi?id=154346
789
790         Reviewed by Geoffrey Garen.
791
792         No new tests.  The crash that results from this issue is dependent on a race
793         condition where an OutOfMemory error occurs precisely at the point where the
794         JSString::value() function is called on a rope JSString.
795
796         * bindings/js/JSHTMLAllCollectionCustom.cpp:
797         (WebCore::callHTMLAllCollection):
798         * bindings/js/JSStorageCustom.cpp:
799         (WebCore::JSStorage::putDelegate):
800         - Added a comment at the site of the exception check to clarify the meaning of
801           the return value.
802
803 2016-02-17  David Kilzer  <ddkilzer@apple.com>
804
805         [Cocoa] Always check the return value of dlopen() and dlsym() in Release builds
806         <http://webkit.org/b/154364>
807
808         Reviewed by Alexey Proskuryakov.
809
810         * platform/mac/SoftLinking.h:
811         (SOFT_LINK_LIBRARY): Change ASSERT_WITH_MESSAGE() to
812         RELEASE_ASSERT_WITH_MESSAGE().
813         (SOFT_LINK_FRAMEWORK): Ditto.
814         (SOFT_LINK_PRIVATE_FRAMEWORK): Ditto.
815         (SOFT_LINK_STAGED_FRAMEWORK): Ditto.
816         (SOFT_LINK_FRAMEWORK_IN_UMBRELLA): Ditto.
817         (SOFT_LINK): Ditto.
818         (SOFT_LINK_POINTER): Ditto.
819         (SOFT_LINK_CONSTANT): Ditto.
820         (SOFT_LINK_FRAMEWORK_FOR_SOURCE): Add
821         RELEASE_ASSERT_WITH_MESSAGE() when soft-link is not
822         optional.
823
824 2016-02-17  Chris Dumez  <cdumez@apple.com>
825
826         Regression(r196648): http://w3c-test.org/html/dom/interfaces.html redirects at the end of the test
827         https://bugs.webkit.org/show_bug.cgi?id=154357
828
829         Reviewed by Alexey Proskuryakov.
830
831         Make location.assign() / location.replace()'s parameter mandatory,
832         as per the specification:
833         https://html.spec.whatwg.org/multipage/browsers.html#the-location-interface
834
835         Previously, calling location.assign() / location.replace() without
836         parameter would be identical to calling location.assign("undefined") /
837         location.replace("undefined"), which is not useful.
838
839         After r196648, http://w3c-test.org/html/dom/interfaces.html was able to
840         test location.assign() / location.replace() further because they are now
841         on the instance (where they should be) instead of the prototype. One of
842         these tests calls these functions without parameter, expecting them to
843         throw an exception. However, in WebKit, it would not throw and it would
844         redirect us to http://w3c-test.org/html/dom/undefined.
845
846         Firefox and Chrome both follow the specification already and throw in
847         this case.
848
849         No new tests, already covered by existing test.
850
851         * page/Location.idl:
852         Make location.assign() / location.replace()'s parameter mandatory,
853         as per the specification.
854
855 2016-02-17  Commit Queue  <commit-queue@webkit.org>
856
857         Unreviewed, rolling out r196738.
858         https://bugs.webkit.org/show_bug.cgi?id=154380
859
860         broke css3/calc/transforms-translate.html (Requested by
861         alexchristensen on #webkit).
862
863         Reverted changeset:
864
865         "WebKitCSSMatrix transformList with calculated relative length
866         crashes Safari."
867         https://bugs.webkit.org/show_bug.cgi?id=153333
868         http://trac.webkit.org/changeset/196738
869
870 2016-02-17  Dean Jackson  <dino@apple.com>
871
872         WebKitCSSMatrix transformList with calculated relative length crashes Safari.
873         https://bugs.webkit.org/show_bug.cgi?id=153333
874         <rdar://problem/17198383>
875
876         Reviewed by Simon Fraser.
877
878         WebKitCSSMatrix objects should fail to construct when not
879         using absolute lengths.
880
881         Updated existing tests:
882         - transforms/cssmatrix-2d-interface.xhtml
883         - transforms/cssmatrix-3d-interface.xhtml
884
885         * css/StyleBuilderConverter.h:
886         (WebCore::StyleBuilderConverter::convertTransform): Tell transformsForValue
887         that we don't require absolute lengths.
888         * css/TransformFunctions.cpp:
889         (WebCore::convertToFloatLength): Add an optional parameter that will
890         cause the conversion to fail if the primitive value has a non-absolute
891         length.
892         (WebCore::transformsForValue): Pass the parameter for requiring an
893         absolute length on to convertToFloatLength when necessary.
894         * css/TransformFunctions.h:
895         * css/WebKitCSSMatrix.cpp:
896         (WebCore::WebKitCSSMatrix::setMatrixValue): In this case we do
897         require all transform strings to have absolute lengths, not ones
898         that depend on the font size or are calculated.
899
900 2016-02-17  Commit Queue  <commit-queue@webkit.org>
901
902         Unreviewed, rolling out r196712.
903         https://bugs.webkit.org/show_bug.cgi?id=154371
904
905         This change caused 5 API test failures on ios-simulator
906         (Requested by ryanhaddad on #webkit).
907
908         Reverted changeset:
909
910         "[iOS] Purge GraphicsServices font cache on memory warning."
911         https://bugs.webkit.org/show_bug.cgi?id=154343
912         http://trac.webkit.org/changeset/196712
913
914 2016-02-17  Brady Eidson  <beidson@apple.com>
915
916         Modern IDB: More Encoder/Decoder/Messaging scaffolding for WK2 IPC.
917         https://bugs.webkit.org/show_bug.cgi?id=154356
918
919         Reviewed by Alex Christensen.
920
921         No change in behavior yet; Just laying the groundwork.
922
923         * Modules/indexeddb/shared/IDBDatabaseInfo.h:
924         (WebCore::IDBDatabaseInfo::encode):
925         (WebCore::IDBDatabaseInfo::decode):
926
927         * Modules/indexeddb/shared/IDBError.h:
928         (WebCore::IDBError::encode):
929         (WebCore::IDBError::decode):
930
931         * Modules/indexeddb/shared/IDBRequestData.h:
932         (WebCore::IDBRequestData::decode):
933
934         * Modules/indexeddb/shared/IDBResultData.h:
935         (WebCore::IDBResultData::encode):
936         (WebCore::IDBResultData::decode):
937
938 2016-02-17  Saam barati  <sbarati@apple.com>
939
940         Implement Proxy [[Get]]
941         https://bugs.webkit.org/show_bug.cgi?id=154081
942
943         Reviewed by Michael Saboff.
944
945         Tests are in JavaScriptCore.
946
947         * bindings/js/JSCryptoAlgorithmDictionary.cpp:
948         (WebCore::getProperty):
949         (WebCore::getHashAlgorithm):
950         * bindings/js/JSCryptoKeySerializationJWK.cpp:
951         (WebCore::getJSArrayFromJSON):
952         (WebCore::getStringFromJSON):
953         (WebCore::getBooleanFromJSON):
954         * bindings/js/JSDOMWindowCustom.cpp:
955         (WebCore::DialogHandler::returnValue):
956         * bindings/js/JSDictionary.cpp:
957         (WebCore::JSDictionary::tryGetProperty):
958         * bindings/js/JSStorageCustom.cpp:
959         (WebCore::JSStorage::deleteProperty):
960         (WebCore::JSStorage::deletePropertyByIndex):
961         (WebCore::JSStorage::putDelegate):
962         * bindings/js/SerializedScriptValue.cpp:
963         (WebCore::CloneSerializer::getProperty):
964         * testing/Internals.cpp:
965         (WebCore::Internals::isReadableStreamDisturbed):
966
967 2016-02-17  Simon Fraser  <simon.fraser@apple.com>
968
969         PDFPlugin's scrollableArea container is not properly unregistered when page is going into the PageCache
970         https://bugs.webkit.org/show_bug.cgi?id=148182
971
972         Reviewed by Brent Fulgham.
973
974         When handling Command-arrow key while showing a scrollable PDF, the timing of PDFPlugin
975         teardown and navigation could result in PDFPlugin::destroy() getting the wrong FrameView,
976         so the old FrameView was left with a stale pointer in its scrollableAreaSet.
977
978         Fix this by adding an explicit willDetatchRenderer() which is called on the plugin
979         before the Frame gets a new FrameView.
980
981         Also narrow the scope of the RefPtr<Widget> in HTMLPlugInElement::defaultEventHandler()
982         so that the Widget is not kept alive over a possible navigation.
983
984         I was unable to make an automated test, because reproducing the bug requires handling
985         a Command-arrow key event in a way that the last ref to a Widget is held over the event
986         handling, and this wasn't possible in an iframe.
987
988         * html/HTMLPlugInElement.cpp:
989         (WebCore::HTMLPlugInElement::defaultEventHandler):
990         * html/HTMLPlugInImageElement.cpp:
991         (WebCore::HTMLPlugInImageElement::willDetachRenderers):
992         * plugins/PluginViewBase.h:
993         (WebCore::PluginViewBase::willDetatchRenderer):
994         * style/StyleTreeResolver.cpp:
995         (WebCore::Style::detachRenderTree): Drive-by nullptr.
996
997 2016-02-17  Brady Eidson  <beidson@apple.com>
998
999         Modern IDB: Encoder/Decoder/Messaging scaffolding for WK2 IPC.
1000         https://bugs.webkit.org/show_bug.cgi?id=154351
1001
1002         Reviewed by Alex Christensen.
1003
1004         No change in behavior yet; Just laying the groundwork.
1005
1006         * Modules/indexeddb/IDBDatabaseIdentifier.h:
1007         (WebCore::IDBDatabaseIdentifier::encode):
1008         (WebCore::IDBDatabaseIdentifier::decode):
1009         
1010         * Modules/indexeddb/shared/IDBCursorInfo.h:
1011         (WebCore::IDBCursorInfo::encode):
1012         (WebCore::IDBCursorInfo::decode):
1013         
1014         * Modules/indexeddb/shared/IDBIndexInfo.h:
1015         (WebCore::IDBIndexInfo::encode):
1016         (WebCore::IDBIndexInfo::decode):
1017         
1018         * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
1019         (WebCore::IDBObjectStoreInfo::encode):
1020         (WebCore::IDBObjectStoreInfo::decode):
1021         
1022         * Modules/indexeddb/shared/IDBRequestData.h:
1023         (WebCore::IDBRequestData::encode):
1024         (WebCore::IDBRequestData::decode):
1025         
1026         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
1027         (WebCore::IDBResourceIdentifier::encode):
1028         (WebCore::IDBResourceIdentifier::decode):
1029         
1030         * Modules/indexeddb/shared/IDBTransactionInfo.h:
1031         (WebCore::IDBTransactionInfo::encode):
1032         (WebCore::IDBTransactionInfo::decode):
1033
1034 2016-02-17  Andreas Kling  <akling@apple.com>
1035
1036         [iOS] Purge GraphicsServices font cache on memory warning.
1037         <https://webkit.org/b/154343>
1038
1039         Reviewed by Antti Koivisto.
1040
1041         The GS font cache was holding on to the last retain on CSS fonts after they stop being used.
1042         Call SPI to purge it on memory pressure.
1043
1044         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1045         (WebCore::MemoryPressureHandler::platformReleaseMemory):
1046         * platform/spi/ios/GraphicsServicesSPI.h:
1047
1048 2016-02-17  Chris Dumez  <cdumez@apple.com>
1049
1050         Regression(r196648): window.showModalDialog is no longer undefined if the client does not allow showing modal dialog
1051         https://bugs.webkit.org/show_bug.cgi?id=154330
1052
1053         Reviewed by Gavin Barraclough.
1054
1055         window.showModalDialog is no longer undefined if the client does not
1056         allow showing modal dialog after r196648. This patch fixes the issue
1057         and add test coverage for this.
1058
1059         Test: fast/dom/Window/forbid-showModalDialog.html
1060
1061         * bindings/js/JSDOMWindowCustom.cpp:
1062         (WebCore::JSDOMWindow::getOwnPropertySlot):
1063         - Move the DOMWindow::canShowModalDialog() check *before* checking
1064           for static properties as showModalDialog is now in the static
1065           property table after r196648.
1066         - Add check for Base::getOwnPropertySlot() first to support overriding
1067           window.showModalDialog (This behavior matches Firefox).
1068         - Return false if DOMWindow::canShowModalDialog() returns false as this
1069           seems cleaner than claiming that the property is there but undefined.
1070
1071         * page/DOMWindow.cpp:
1072         (WebCore::DOMWindow::canShowModalDialogNow): Deleted.
1073         This was indentical to canShowModalDialog().
1074
1075         (WebCore::DOMWindow::canShowModalDialog):
1076         (WebCore::DOMWindow::setCanShowModalDialogOverride):
1077         (WebCore::DOMWindow::showModalDialog):
1078         * page/DOMWindow.h:
1079         * testing/Internals.cpp:
1080         (WebCore::Internals::setCanShowModalDialogOverride):
1081         * testing/Internals.h:
1082         * testing/Internals.idl:
1083         Add support for overriding the ChromeClient's canShowModalDialog
1084         decision and hook it up to Internals to add layout test coverage.
1085
1086 2016-02-17  Brady Eidson  <beidson@apple.com>
1087
1088         Modern IDB: More WK2 IPC Scaffolding.
1089         https://bugs.webkit.org/show_bug.cgi?id=154317
1090
1091         Reviewed by Alex Christensen.
1092
1093         No change in behavior yet; Just laying the groundwork.
1094
1095         * Modules/indexeddb/shared/IDBCursorInfo.cpp:
1096         (WebCore::IDBCursorInfo::IDBCursorInfo):
1097         * Modules/indexeddb/shared/IDBCursorInfo.h:
1098         (WebCore::IDBCursorInfo::decode):
1099         * Modules/indexeddb/shared/IDBError.h:
1100         (WebCore::IDBError::decode):
1101         * Modules/indexeddb/shared/IDBIndexInfo.h:
1102         (WebCore::IDBIndexInfo::decode):
1103         * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
1104         (WebCore::IDBObjectStoreInfo::decode):
1105         * Modules/indexeddb/shared/IDBRequestData.cpp:
1106         (WebCore::IDBRequestData::IDBRequestData):
1107         * Modules/indexeddb/shared/IDBRequestData.h:
1108         (WebCore::IDBRequestData::decode):
1109         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
1110         (WebCore::IDBResourceIdentifier::IDBResourceIdentifier):
1111         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
1112         (WebCore::IDBResourceIdentifier::decode):
1113         * Modules/indexeddb/shared/IDBResultData.cpp:
1114         (WebCore::IDBResultData::IDBResultData):
1115         * Modules/indexeddb/shared/IDBResultData.h:
1116         (WebCore::IDBResultData::decode):
1117         * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
1118         (WebCore::IDBTransactionInfo::IDBTransactionInfo):
1119         * Modules/indexeddb/shared/IDBTransactionInfo.h:
1120         (WebCore::IDBTransactionInfo::decode):
1121         * WebCore.xcodeproj/project.pbxproj:
1122
1123 2016-02-17  Eric Carlson  <eric.carlson@apple.com>
1124
1125         [Win] Allow ports to disable automatic text track selection
1126         https://bugs.webkit.org/show_bug.cgi?id=154322
1127         <rdar://problem/24623986>
1128
1129         Reviewed by Brent Fulgham.
1130
1131         * page/CaptionUserPreferencesMediaAF.cpp:
1132         (MTEnableCaption2015BehaviorPtr): Implement for Windows.
1133
1134 2016-02-17  Gavin Barraclough  <barraclough@apple.com>
1135
1136         JSDOMWindow::put should not do the same thing twice
1137         https://bugs.webkit.org/show_bug.cgi?id=154334
1138
1139         Reviewed by Chris Dumez.
1140
1141         It either calls JSGlobalObject::put or Base::put. Hint: these are basically the same thing.
1142         In the latter case it might call lookupPut. That's redundant; JSObject::put handles static
1143         table entries.
1144
1145         * bindings/js/JSDOMWindowCustom.cpp:
1146         (WebCore::JSDOMWindow::put):
1147             - just call Base::put.
1148         (WebCore::JSDOMWindow::putByIndex):
1149             - just call Base::putByIndex.
1150
1151 2016-02-17  Nan Wang  <n_wang@apple.com>
1152
1153         AX: Implement sentence related text marker functions using TextIterator
1154         https://bugs.webkit.org/show_bug.cgi?id=154312
1155
1156         Reviewed by Chris Fleizach.
1157
1158         Using CharacterOffset to implement sentence related text marker calls. Reused
1159         logic from VisibleUnits class. Also fixed an issue where paragraph navigation
1160         should skip preceding and following BR nodes.
1161
1162         Test: accessibility/mac/text-marker-sentence-nav.html
1163
1164         * accessibility/AXObjectCache.cpp:
1165         (WebCore::resetNodeAndOffsetForReplacedNode):
1166         (WebCore::setRangeStartOrEndWithCharacterOffset):
1167         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
1168         (WebCore::AXObjectCache::previousCharacterOffset):
1169         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
1170         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
1171         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
1172         (WebCore::AXObjectCache::leftWordRange):
1173         (WebCore::AXObjectCache::rightWordRange):
1174         (WebCore::AXObjectCache::characterBefore):
1175         (WebCore::characterOffsetNodeIsBR):
1176         (WebCore::parentEditingBoundary):
1177         (WebCore::AXObjectCache::nextBoundary):
1178         (WebCore::AXObjectCache::previousBoundary):
1179         (WebCore::AXObjectCache::paragraphForCharacterOffset):
1180         (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
1181         (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
1182         (WebCore::AXObjectCache::startCharacterOffsetOfSentence):
1183         (WebCore::AXObjectCache::endCharacterOffsetOfSentence):
1184         (WebCore::AXObjectCache::sentenceForCharacterOffset):
1185         (WebCore::AXObjectCache::nextSentenceEndCharacterOffset):
1186         (WebCore::AXObjectCache::previousSentenceStartCharacterOffset):
1187         (WebCore::AXObjectCache::rootAXEditableElement):
1188         (WebCore::startWordBoundary): Deleted.
1189         (WebCore::endWordBoundary): Deleted.
1190         (WebCore::AXObjectCache::nextWordBoundary): Deleted.
1191         (WebCore::AXObjectCache::previousWordBoundary): Deleted.
1192         * accessibility/AXObjectCache.h:
1193         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
1194         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
1195         * editing/VisibleUnits.cpp:
1196         (WebCore::startWordBoundary):
1197         (WebCore::startOfWord):
1198         (WebCore::endWordBoundary):
1199         (WebCore::startSentenceBoundary):
1200         (WebCore::startOfSentence):
1201         (WebCore::endSentenceBoundary):
1202         * editing/VisibleUnits.h:
1203
1204 2016-02-17  Manuel Rego Casasnovas  <rego@igalia.com>
1205
1206         [css-grid] GridSpan refactoring
1207         https://bugs.webkit.org/show_bug.cgi?id=153868
1208
1209         Reviewed by Sergio Villar Senin.
1210
1211         Add new enum to know if a GridSpan is definite or indefinite.
1212         That way we don't need GridUnresolvedSpan class (which is removed).
1213         We can always have two GridSpans in GridCoordinate,
1214         if the position is "auto" the GridSpan will be marked as indefinite.
1215         This will allow in a follow-up patch to avoid repeated calls
1216         to methods that resolve positions.
1217
1218         Most operations in GridSpan are restricted to definite GridSpans (access
1219         to positions, iterator, etc.). For indefinite GridSpans we only need to
1220         know that they're indefinite, we shouldn't use the rest of the data.
1221
1222         No new tests, no change of behavior.
1223
1224         * css/CSSGridTemplateAreasValue.cpp:
1225         (WebCore::stringForPosition):
1226         * css/CSSParser.cpp:
1227         (WebCore::CSSParser::parseGridTemplateAreasRow):
1228         * css/StyleBuilderConverter.h:
1229         (WebCore::StyleBuilderConverter::createImplicitNamedGridLinesFromGridArea):
1230         * rendering/RenderGrid.cpp:
1231         (WebCore::RenderGrid::GridIterator::nextEmptyGridArea):
1232         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
1233         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
1234         (WebCore::RenderGrid::insertItemIntoGrid):
1235         (WebCore::RenderGrid::placeItemsOnGrid):
1236         (WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
1237         (WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
1238         (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
1239         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
1240         (WebCore::RenderGrid::gridAreaBreadthForChildIncludingAlignmentOffsets):
1241         (WebCore::RenderGrid::columnAxisOffsetForChild):
1242         (WebCore::RenderGrid::rowAxisOffsetForChild):
1243         (WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid): Deleted.
1244         (WebCore::RenderGrid::autoPlacementMinorAxisDirection): Deleted.
1245         (WebCore::RenderGrid::populateGridPositions): Deleted.
1246         * rendering/style/GridCoordinate.h:
1247         (WebCore::GridSpan::definiteGridSpan):
1248         (WebCore::GridSpan::indefiniteGridSpan):
1249         (WebCore::GridSpan::operator==):
1250         (WebCore::GridSpan::integerSpan):
1251         (WebCore::GridSpan::resolvedInitialPosition):
1252         (WebCore::GridSpan::resolvedFinalPosition):
1253         (WebCore::GridSpan::begin):
1254         (WebCore::GridSpan::end):
1255         (WebCore::GridSpan::isDefinite):
1256         (WebCore::GridSpan::GridSpan):
1257         (WebCore::GridCoordinate::GridCoordinate):
1258         * rendering/style/GridResolvedPosition.cpp:
1259         (WebCore::initialPositionSide):
1260         (WebCore::finalPositionSide):
1261         (WebCore::adjustGridPositionsFromStyle):
1262         (WebCore::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):
1263         (WebCore::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition):
1264         (WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
1265         (WebCore::resolveGridPositionAgainstOppositePosition):
1266         (WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition):
1267         (WebCore::GridResolvedPosition::resolveGridPositionsFromStyle):
1268         (WebCore::implicitNamedGridLineForSide): Deleted.
1269         (WebCore::GridResolvedPosition::isNonExistentNamedLineOrArea): Deleted.
1270         (WebCore::resolveNamedGridLinePositionFromStyle): Deleted.
1271         (WebCore::resolveGridPositionFromStyle): Deleted.
1272         * rendering/style/GridResolvedPosition.h:
1273         (WebCore::GridResolvedPosition::GridResolvedPosition): Deleted.
1274         (WebCore::GridResolvedPosition::operator*): Deleted.
1275         (WebCore::GridResolvedPosition::operator++): Deleted.
1276         (WebCore::GridResolvedPosition::operator==): Deleted.
1277
1278 2016-02-17  Chris Dumez  <cdumez@apple.com>
1279
1280         Window should have its 'constructor' property on the prototype
1281         https://bugs.webkit.org/show_bug.cgi?id=154037
1282         <rdar://problem/24689078>
1283
1284         Reviewed by Gavin Barraclough.
1285
1286         Window should have its 'constructor' property on the prototype as per
1287         the Web IDL specification:
1288         http://heycam.github.io/webidl/#interface-prototype-object
1289
1290         Firefox and Chrome already match the specification.
1291
1292         No new tests, covered by:
1293         - fast/dom/Window/window-constructor-settable.html
1294         - fast/dom/Window/window-constructor.html
1295         - http/tests/security/cross-origin-window-property-access.html
1296         - imported/w3c/web-platform-tests/html/dom/interfaces.html
1297
1298         * bindings/scripts/CodeGeneratorJS.pm:
1299         (ConstructorShouldBeOnInstance): Deleted.
1300         Drop this routine as all constructors are now on the prototype.
1301
1302         (InstancePropertyCount):
1303         Do not account for constructor properties as these can only be
1304         on the prototype now.
1305
1306         (PrototypePropertyCount):
1307         Increment the property count by 1 if the interface has a constructor
1308         property (e.g. [NoInterfaceObject] interfaces do not have one).
1309
1310         (GeneratePropertiesHashTable):
1311         Stop calling ConstructorShouldBeOnInstance() as it no longer exists.
1312         Always generated the "constructor" property if:
1313         1. We are generating the prototype hash table.
1314         and
1315         2. The interface needs a constructor (i.e. not marked as
1316            [NoInterfaceObject]).
1317
1318         (GenerateImplementation):
1319         - Drop code handling the case where ConstructorShouldBeOnInstance()
1320           returns true as constructors are not always on the prototype and
1321           the ConstructorShouldBeOnInstance() routine has been dropped.
1322         - Drop code handling [CustomProxyToJSObject]. Now that the constructor
1323           is always on the prototype, we never need to cast thisValue to a
1324           JSDOMWindow (by calling toJSDOMWindow). In the Window case, thisValue
1325           is now casted to a JSDOMWindowPrototype*, similarly to other interfaces
1326           so we don't need a special casting function anymore.
1327         - Stop generating security checks. This only impacts Window as it is the
1328           only interface marked as [CheckSecurity]. The cross-origin checking code
1329           as it was would not work when "constructor" is on the prototype because
1330           thisValue is a JSDOMWindowPrototype, not a JSDOMWindow and we have no
1331           way of getting the wrapped window. Also, the security check is no longer
1332           needed because:
1333           1. Accessing crossOriginWindow.constructor will not work now that
1334              constructor is on the prototype because
1335              JSDOMWindow::getOwnPropertySlot() already prevents access to the
1336              prototype in the cross-origin case.
1337           2. "constructor" is a value property, not a getter/setter. Therefore,
1338              it is no possible to use the getter/setter from a same origin window
1339              instance and call it on a cross origin window.
1340
1341 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1342
1343         Add a way to test ScrollAnimator
1344         https://bugs.webkit.org/show_bug.cgi?id=153479
1345
1346         Reviewed by Michael Catanzaro.
1347
1348         Tests: fast/scrolling/overlay-scrollbars-scroll-corner.html
1349                fast/scrolling/scroll-animator-basic-events.html
1350                fast/scrolling/scroll-animator-overlay-scrollbars-hovered.html
1351                fast/scrolling/scroll-animator-select-list-events.html
1352
1353         * CMakeLists.txt:
1354         * WebCore.xcodeproj/project.pbxproj:
1355         * page/FrameView.cpp:
1356         (WebCore::FrameView::usesMockScrollAnimator):
1357         (WebCore::FrameView::logMockScrollAnimatorMessage):
1358         * page/FrameView.h:
1359         * page/Settings.cpp:
1360         (WebCore::Settings::setUsesMockScrollAnimator):
1361         (WebCore::Settings::usesMockScrollAnimator):
1362         * page/Settings.h:
1363         * platform/ScrollableArea.cpp:
1364         (WebCore::ScrollableArea::scrollAnimator):
1365         * platform/ScrollableArea.h:
1366         (WebCore::ScrollableArea::usesMockScrollAnimator):
1367         (WebCore::ScrollableArea::logMockScrollAnimatorMessage):
1368         * platform/mock/ScrollAnimatorMock.cpp: Added.
1369         (WebCore::ScrollAnimatorMock::create):
1370         (WebCore::ScrollAnimatorMock::ScrollAnimatorMock):
1371         (WebCore::ScrollAnimatorMock::~ScrollAnimatorMock):
1372         (WebCore::ScrollAnimatorMock::didAddVerticalScrollbar):
1373         (WebCore::ScrollAnimatorMock::didAddHorizontalScrollbar):
1374         (WebCore::ScrollAnimatorMock::willRemoveVerticalScrollbar):
1375         (WebCore::ScrollAnimatorMock::willRemoveHorizontalScrollbar):
1376         (WebCore::ScrollAnimatorMock::mouseEnteredContentArea):
1377         (WebCore::ScrollAnimatorMock::mouseMovedInContentArea):
1378         (WebCore::ScrollAnimatorMock::mouseExitedContentArea):
1379         (WebCore::ScrollAnimatorMock::mouseEnteredScrollbar):
1380         (WebCore::ScrollAnimatorMock::mouseExitedScrollbar):
1381         (WebCore::ScrollAnimatorMock::mouseIsDownInScrollbar):
1382         * platform/mock/ScrollAnimatorMock.h: Added.
1383         * platform/mock/ScrollbarThemeMock.cpp:
1384         (WebCore::ScrollbarThemeMock::usesOverlayScrollbars):
1385         * platform/mock/ScrollbarThemeMock.h:
1386         * rendering/RenderLayer.cpp:
1387         (WebCore::RenderLayer::usesMockScrollAnimator):
1388         (WebCore::RenderLayer::logMockScrollAnimatorMessage):
1389         * rendering/RenderLayer.h:
1390         * rendering/RenderListBox.cpp:
1391         (WebCore::RenderListBox::usesMockScrollAnimator):
1392         (WebCore::RenderListBox::logMockScrollAnimatorMessage):
1393         * rendering/RenderListBox.h:
1394         * testing/Internals.cpp:
1395         (WebCore::Internals::resetToConsistentState):
1396         (WebCore::Internals::setUsesMockScrollAnimator):
1397         * testing/Internals.h:
1398         * testing/Internals.idl:
1399
1400 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1401
1402         Unreviewed. Enable overlay scrollbars in GTK+ after r196641.
1403
1404         This was blocked by bug #153404, but the commit that introduced
1405         the regression was rolled out in r196641.
1406
1407         * platform/gtk/ScrollbarThemeGtk.cpp:
1408         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
1409
1410 2016-02-16  Gavin Barraclough  <barraclough@apple.com>
1411
1412         JSDOMWindow::getOwnPropertySlot should just call getStaticPropertySlot
1413         https://bugs.webkit.org/show_bug.cgi?id=154257
1414
1415         Reviewed by Chris Dumez.
1416
1417         * bindings/js/JSDOMWindowCustom.cpp:
1418         (WebCore::JSDOMWindow::getOwnPropertySlot):
1419             - JSDOMWindow::getOwnPropertySlot should just call getStaticPropertySlot
1420
1421 2016-02-16  Gavin Barraclough  <barraclough@apple.com>
1422
1423         JSDOMWindow::getOwnPropertySlot should not search photo chain
1424         https://bugs.webkit.org/show_bug.cgi?id=154102
1425
1426         Reviewed by Chris Dumez.
1427
1428         Should only return *own* properties.
1429
1430         * bindings/js/JSDOMWindowCustom.cpp:
1431         (WebCore::jsDOMWindowGetOwnPropertySlotNamedItemGetter):
1432
1433 2016-02-16  Alex Christensen  <achristensen@webkit.org>
1434
1435         CMake build fix.
1436
1437         * PlatformMac.cmake:
1438
1439 2016-02-16  Chris Dumez  <cdumez@apple.com>
1440
1441         Navigator.geolocation should not be marked a [Replaceable] and should be on the prototype
1442         https://bugs.webkit.org/show_bug.cgi?id=154304
1443         <rdar://problem/24685092>
1444
1445         Reviewed by Gavin Barraclough.
1446
1447         1. Drop the [Replaceable] IDL extended attribute for navigator.geolocation
1448            as this does not match other browsers or the specification:
1449            - https://dev.w3.org/geo/api/spec-source.html#geolocation_interface
1450         2. Move Navigator attributes to the prototype, where they should be as
1451            per the Web IDL specification.
1452
1453         The previous behavior was meant as a workaround for a bug in the Amazon
1454         iOS app (rdar://problem/16332749). However, I have confirmed that the
1455         latest Amazon App no longer has any issue with those changes.
1456
1457         Test: js/navigator-set-geolocation.html
1458
1459         * Modules/geolocation/NavigatorGeolocation.idl:
1460         * bindings/scripts/CodeGeneratorJS.pm:
1461         (InterfaceRequiresAttributesOnInstanceForCompatibility): Deleted.
1462
1463 2016-02-16  Said Abou-Hallawa  <sabouhallawa@apple.com>
1464
1465         REGRESSION(r196268): WTFCrashWithSecurityImplication on SVG path animation tests
1466         https://bugs.webkit.org/show_bug.cgi?id=154221
1467
1468         Reviewed by Brent Fulgham.
1469
1470         In r196268, a destructor was added to SVGListPropertyTearOff that notifies
1471         its wrapper (the SVGAnimatedListPropertyTearoff) about its deletion. This
1472         allows the wrapper to nullify any references to the wrapped content.
1473         
1474         We needed to do the same thing for SVGPathSegListPropertyTearOff. Both
1475         SVGPathSegListPropertyTearOff and SVGListPropertyTearOff inherit from
1476         SVGListProperty and both hold pointers to SVGAnimatedListPropertyTearOff
1477         which needs to be notified.
1478         
1479         Tests: exiting svg path animation tests should not crash.
1480
1481         * svg/properties/SVGPathSegListPropertyTearOff.h:
1482         (WebCore::SVGPathSegListPropertyTearOff::~SVGPathSegListPropertyTearOff):
1483
1484 2016-02-16  Said Abou-Hallawa  <sabouhallawa@apple.com>
1485
1486         REGRESSION (r190430): WTFCrashWithSecurityImplication in:void SVGRootInlineBox::layoutCharactersInTextBoxes()
1487         https://bugs.webkit.org/show_bug.cgi?id=154185
1488
1489         Reviewed by Ryosuke Niwa.
1490
1491         This is a regression caused by adding support for HTMLSlotElement. The
1492         crash happens when adding an HTMLSlotElement to anther element which should
1493         not have it as a child like SVGTextElement for example. In this case, we
1494         were creating a RenderText which should not be happen inside an SVG document.
1495         The RenderText::createTextBox() was creating InlineTextBox for the slot's
1496         text and attach it to the SVGRootInlineBox. In layoutCharactersInTextBoxes(),
1497         the assumption is the inline box is either SVGInlineTextBox or SVGInlineFlowBox.
1498         But since we have an InlineTextBox instead, the crash happens when casting
1499         the InlineTextBox to SVGInlineFlowBox.
1500
1501         The fix is for createRenderTreeForSlotAssignees() to not create a renderer
1502         when the parent element should not have a renderer for the this element.
1503         This is the same thing we do for createRenderer() which handles the non
1504         HTMLSlotElement case and which is called also from createRenderTreeRecursively().
1505         
1506         Test: fast/shadow-dom/text-slot-child-crash.svg
1507
1508         * style/StyleTreeResolver.cpp:
1509         (WebCore::Style::moveToFlowThreadIfNeeded):
1510         (WebCore::Style::TreeResolver::createRenderer): Delete the check for
1511         shouldCreateRenderer() and handling the case when resolvedStyle is null
1512         since these are handled by the caller createRenderTreeRecursively().
1513         
1514         (WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
1515         Assert shouldCreateRenderer() is true for this element.
1516         
1517         (WebCore::Style::TreeResolver::createRenderTreeRecursively): Don't create
1518         the renderer if shouldCreateRenderer() returns false. Also handle the case
1519         when resolvedStyle is null and pass the new style to createRenderer().
1520         
1521         * style/StyleTreeResolver.h:
1522
1523 2016-02-16  Simon Fraser  <simon.fraser@apple.com>
1524
1525         Every RenderLayer should not have to remove itself from the scrollableArea set
1526         https://bugs.webkit.org/show_bug.cgi?id=154311
1527
1528         Reviewed by Zalan Bujtas.
1529
1530         A subset of RenderLayers are are scrollable, and get registered on the FrameView,
1531         but we pay the cost of a hash lookup for removal on every RenderLayer, which is a waste.
1532         
1533         Store a bit that tells RenderLayer that it's in the set and needs to be removed.
1534
1535         * rendering/RenderLayer.cpp:
1536         (WebCore::RenderLayer::RenderLayer):
1537         (WebCore::RenderLayer::~RenderLayer):
1538         (WebCore::RenderLayer::calculateClipRects):
1539         * rendering/RenderLayer.h:
1540
1541 2016-02-16  Daniel Bates  <dabates@apple.com>
1542
1543         CSP: Update violation report 'Content-Type' header
1544         https://bugs.webkit.org/show_bug.cgi?id=153166
1545         <rdar://problem/24383327>
1546
1547         Reviewed by Brent Fulgham.
1548
1549         Inspired by Blink patch:
1550         <https://src.chromium.org/viewvc/blink?view=rev&revision=154215>
1551
1552         Post the Content Security Policy violation report with Content-Type application/csp-report as
1553         per section Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.
1554
1555         Currently we post CSP violation reports with Content-Type application/json.
1556
1557         * html/parser/XSSAuditorDelegate.cpp:
1558         (WebCore::XSSAuditorDelegate::didBlockScript): Use report type ViolationReportType::XSSAuditor to PingLoader.
1559         * loader/PingLoader.cpp:
1560         (WebCore::PingLoader::sendViolationReport): Modified to take argument of type ViolationReportType
1561         to determine the appropriate Content-Type header to use for the report. For a XSS Auditor violation report
1562         we use Content-Type application/json. For a Content Security Policy violation report we use Content-Type
1563         application/csp-report. Additionally, pass a ASCIILiteral() to ResourceRequestBase::setHTTPMethod()
1564         as opposed to a constant string literal to avoid a copy of a constant string literal.
1565         * loader/PingLoader.h: Add enum class ViolationReportType.
1566         * page/csp/ContentSecurityPolicy.cpp:
1567         (WebCore::ContentSecurityPolicy::reportViolation): Use report type ViolationReportType::ContentSecurityPolicy.
1568
1569 2016-02-16  Alex Christensen  <achristensen@webkit.org>
1570
1571         Add checks before redirecting with NetworkSession
1572         https://bugs.webkit.org/show_bug.cgi?id=154298
1573
1574         Reviewed by Andy Estes.
1575
1576         This fixes http/tests/security/cors-post-redirect-307.html and 
1577         http/tests/navigation/post-307-response.html when using NetworkSession.
1578
1579         * platform/network/ResourceRequestBase.h:
1580         WEBCORE_EXPORT some functions newly used in WebKit2.
1581
1582 2016-02-16  Daniel Bates  <dabates@apple.com>
1583
1584         CSP: Fix parsing of 'host/path' source expressions
1585         https://bugs.webkit.org/show_bug.cgi?id=153170
1586         <rdar://problem/24383407>
1587
1588         Reviewed by Brent Fulgham.
1589
1590         Merged from Blink (patch by Mike West):
1591         <https://src.chromium.org/viewvc/blink?revision=154875&view=revision>
1592
1593         Fixes an issue where a source of the form example.com/A/ was incorrectly considered
1594         invalid and hence such a requested resource would be blocked. A source of this form
1595         is valid by the definition of host-source in section Source List Syntax of the Content
1596         Security Policy 2.0 spec., <http://www.w3.org/TR/2015/CR-CSP2-20150721/>.
1597
1598         * page/csp/ContentSecurityPolicySourceList.cpp:
1599         (WebCore::ContentSecurityPolicySourceList::parseSource):
1600
1601 2016-02-16  Daniel Bates  <dabates@apple.com>
1602
1603         CSP: Disallow an empty host in a host-source source expression
1604         https://bugs.webkit.org/show_bug.cgi?id=153168
1605         <rdar://problem/24383366>
1606
1607         Reviewed by Brent Fulgham.
1608
1609         Merged from Blink (patch by rob@robwu.nl):
1610         <https://src.chromium.org/viewvc/blink?revision=180407&view=revision>
1611
1612         * page/csp/ContentSecurityPolicySourceList.cpp:
1613         (WebCore::ContentSecurityPolicySourceList::parseSource):
1614
1615 2016-02-16  Brady Eidson  <beidson@apple.com>
1616
1617         Modern IDB: WK2 IPC Scaffolding.
1618         https://bugs.webkit.org/show_bug.cgi?id=154296
1619
1620         Reviewed by Alex Christensen.
1621         
1622         No change in behavior yet; Just laying the groundwork.
1623
1624         * Modules/indexeddb/client/IDBConnectionToServer.h:
1625         * Modules/indexeddb/server/IDBConnectionToClient.h:
1626         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
1627
1628 2016-02-16  Chris Dumez  <cdumez@apple.com>
1629
1630         [Web IDL] Operations should be on the instance for global objects or if [Unforgeable]
1631         https://bugs.webkit.org/show_bug.cgi?id=154120
1632         <rdar://problem/24613231>
1633
1634         Reviewed by Gavin Barraclough.
1635
1636         Operations should be on the instance for global objects or if
1637         [Unforgeable] as per the Web IDL specification:
1638         - http://heycam.github.io/webidl/#es-operations
1639         - http://heycam.github.io/webidl/#dfn-unforgeable-on-an-interface
1640
1641         This patch implements this behavior in order to align
1642         with the specification and other browsers.
1643
1644         No new tests, already covered by existing tests.
1645
1646         * bindings/js/JSDOMWindowCustom.cpp:
1647         (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
1648         Update function names now that they have "Instance" in their
1649         name instead of "Prototype".
1650
1651         (WebCore::JSDOMWindow::getOwnPropertySlot):
1652         - Update function names now that they have "Instance" in their
1653           name instead of "Prototype".
1654         - Move the functions hard-coding *before* the static table check
1655           now that these functions are in the static table to maintain
1656           the previous behavior.
1657
1658         * bindings/js/JSLocationCustom.cpp:
1659         (WebCore::JSLocation::getOwnPropertySlotDelegate):
1660         Update function names now that they have "Instance" in their
1661         name instead of "Prototype".
1662
1663         * bindings/scripts/CodeGeneratorJS.pm:
1664         - Move functions to the instance if their interface is a global
1665           object or if they are marked as [Unforgeable]. Operations are
1666           now treated more like attributes, as they can now be either on
1667           the instance or the prototype. In a lot of places, I now use
1668           the naming "properties" instead of "attributes" as "properties"
1669           refer both "attributes" and "operations" / "functions".
1670
1671         * bindings/scripts/test/JS/JSTestInterface.cpp:
1672         * bindings/scripts/test/JS/JSTestObj.cpp:
1673         Rebaseline bindings tests.
1674
1675 2016-02-16  Simon Fraser  <simon.fraser@apple.com>
1676
1677         Rollout r188659. This broke scrolling of iframes and overflow when
1678         navigating back to a page in the page cache.
1679         
1680         The fix was overly agressive and had no layout test. I will fix the original
1681         issue a different way.
1682
1683         * history/CachedFrame.cpp:
1684         (WebCore::CachedFrame::CachedFrame):
1685         * page/FrameView.cpp:
1686         (WebCore::FrameView::clearScrollableAreas): Deleted.
1687         * page/FrameView.h:
1688
1689 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1690
1691         [GTK] No hover-horizontal scrolling available
1692         https://bugs.webkit.org/show_bug.cgi?id=122859
1693
1694         Reviewed by Michael Catanzaro.
1695
1696         This is a regression of WebKit2, because in WebKit1 we used native
1697         widgets for frame scrollbars that handled this automatically. Now
1698         we need to also check if the mouse is over frame scrollbars to
1699         adjust the wheel event.
1700
1701         Test: platform/gtk/scrollbars/main-frame-scrollbar-horizontal-wheel-scroll.html
1702
1703         * page/EventHandler.cpp:
1704         (WebCore::EventHandler::handleWheelEvent): Pass the adjusted wheel
1705         event to platformCompleteWheelEvent().
1706         * page/gtk/EventHandlerGtk.cpp:
1707         (WebCore::EventHandler::shouldTurnVerticalTicksIntoHorizontal):
1708         Check also frame scrollbars.
1709
1710 2016-02-16  Antti Koivisto  <antti@apple.com>
1711
1712         Factor id mutation style invalidation code into a class
1713         https://bugs.webkit.org/show_bug.cgi?id=154287
1714
1715         Reviewed by Andreas Kling.
1716
1717         Also add a cheap basic optimization that avoids descendant invalidation if they can not be affected.
1718
1719         It would be easy to implement fine grained invalidation like with classes and attribute selectors.
1720         However dynamic id changes are not common enough (nor recommended) to pay the memory cost of
1721         the required data structures.
1722
1723         Test: fast/css/style-invalidation-id-change-descendants.html
1724
1725         * CMakeLists.txt:
1726         * WebCore.vcxproj/WebCore.vcxproj:
1727         * WebCore.xcodeproj/project.pbxproj:
1728         * css/RuleFeature.cpp:
1729         (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
1730         (WebCore::RuleFeatureSet::add):
1731         (WebCore::RuleFeatureSet::clear):
1732         * css/RuleFeature.h:
1733         * dom/Element.cpp:
1734         (WebCore::makeIdForStyleResolution):
1735         (WebCore::Element::attributeChanged):
1736         (WebCore::checkNeedsStyleInvalidationForIdChange): Deleted.
1737         * style/IdChangeInvalidation.cpp: Added.
1738         (WebCore::Style::IdChangeInvalidation::invalidateStyle):
1739         * style/IdChangeInvalidation.h: Added.
1740         (WebCore::Style::IdChangeInvalidation::IdChangeInvalidation):
1741         (WebCore::Style::IdChangeInvalidation::~IdChangeInvalidation):
1742
1743 2016-02-16  Andreas Kling  <akling@apple.com>
1744
1745         Drop StyleResolver and SelectorQueryCache when entering PageCache.
1746         <https://webkit.org/b/154238>
1747
1748         Reviewed by Antti Koivisto.
1749
1750         Stop keeping these around for cached pages to save lots of memory.
1751         We can easily rebuild them if a cached navigation occurs, and this
1752         way we also don't need to worry about invalidating style for cached
1753         pages in all the right places.
1754
1755         Restoring a cached page will now lead to a forced style recalc.
1756         We don't try to defer this (beyond a zero-timer) since it's going
1757         to happen anyway, and it's nicer to front-load the cost rather than
1758         stuttering on the first user content interaction.
1759
1760         * dom/Document.cpp:
1761         (WebCore::Document::setInPageCache):
1762         * history/CachedPage.cpp:
1763         (WebCore::CachedPage::restore):
1764         (WebCore::CachedPage::clear): Deleted.
1765         * history/CachedPage.h:
1766         (WebCore::CachedPage::markForVisitedLinkStyleRecalc): Deleted.
1767         (WebCore::CachedPage::markForFullStyleRecalc): Deleted.
1768         * history/PageCache.cpp:
1769         (WebCore::PageCache::markPagesForVisitedLinkStyleRecalc): Deleted.
1770         (WebCore::PageCache::markPagesForFullStyleRecalc): Deleted.
1771         * history/PageCache.h:
1772         * page/Frame.cpp:
1773         (WebCore::Frame::setPageAndTextZoomFactors): Deleted.
1774         * page/Page.cpp:
1775         (WebCore::Page::setViewScaleFactor): Deleted.
1776         (WebCore::Page::setDeviceScaleFactor): Deleted.
1777         (WebCore::Page::setPagination): Deleted.
1778         (WebCore::Page::setPaginationLineGridEnabled): Deleted.
1779         (WebCore::Page::setVisitedLinkStore): Deleted.
1780
1781 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1782
1783         [GTK] clicking on the scrollbar trough steps rather than jumps to the clicked position
1784         https://bugs.webkit.org/show_bug.cgi?id=115363
1785
1786         Reviewed by Michael Catanzaro.
1787
1788         Allow ScrollbarTheme to decide the behavior of a button press event,
1789         instead of only deciding whether to center on thumb or not. This
1790         way we can match the current GTK+ behavior in WebKit, without
1791         affecting other ports.
1792
1793         * platform/ScrollTypes.h: Add ScrollbarButtonPressAction enum.
1794         * platform/Scrollbar.cpp:
1795         (WebCore::Scrollbar::mouseDown): Ask ScrollbarTheme to handle the
1796         event for the pressed part and do the requested action.
1797         * platform/ScrollbarTheme.cpp:
1798         (WebCore::ScrollbarTheme::handleMousePressEvent): Add default
1799         implementation. It's equivalent to the previous default implementation.
1800         * platform/ScrollbarTheme.h:
1801         * platform/gtk/ScrollbarThemeGtk.cpp:
1802         (WebCore::ScrollbarThemeGtk::handleMousePressEvent): Match current
1803         GTK+ behavior: left click centers on thumb and right click
1804         scrolls. Dragging the thumb works for left and middle buttons.
1805         * platform/gtk/ScrollbarThemeGtk.h:
1806         * platform/ios/ScrollbarThemeIOS.h: Remove shouldCenterOnThumb,
1807         and don't override handleMousePressEvent since iOS wants the
1808         default behavior.
1809         * platform/ios/ScrollbarThemeIOS.mm:
1810         * platform/mac/ScrollbarThemeMac.h: Override handleMousePressEvent
1811         and remove shouldCenterOnThumb.
1812         * platform/mac/ScrollbarThemeMac.mm:
1813         (WebCore::shouldCenterOnThumb): Same implementation just made it
1814         static to be used as helper.
1815         (WebCore::ScrollbarThemeMac::handleMousePressEvent): Return the
1816         desired action keeping the same behavior.
1817         * platform/win/ScrollbarThemeWin.cpp:
1818         (WebCore::ScrollbarThemeWin::handleMousePressEvent): Ditto.
1819         * platform/win/ScrollbarThemeWin.h:
1820         * rendering/RenderScrollbarTheme.h:
1821
1822 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1823
1824         Mouse cursor doesn't change when entering scrollbars
1825         https://bugs.webkit.org/show_bug.cgi?id=154243
1826
1827         Reviewed by Simon Fraser.
1828
1829         If the scrollbar is over or very close to text or a link, when
1830         entering the scrollbar the cursor is not changed, keeping the beam
1831         or hand cursor when using the scrollbar. Same happens for image
1832         documents where the magnifier cursor is used and it remains when
1833         entering the scrollbars. We should use pointer cursor always for
1834         scrollbars.
1835
1836         * page/EventHandler.cpp:
1837         (WebCore::EventHandler::updateCursor): Request also to include
1838         frame scrollbars in hit test result.
1839         (WebCore::EventHandler::selectCursor): Use always pointer cursor
1840         for scrollbars.
1841
1842 2016-02-15  Antti Koivisto  <antti@apple.com>
1843
1844         Optimize style invalidations for attribute selectors
1845         https://bugs.webkit.org/show_bug.cgi?id=154242
1846
1847         Reviewed by Andreas Kling.
1848
1849         Currently we invalidate the whole element subtree if there are any attribute selectors for the changed attribute.
1850         This is slow as generally few if any elements are really affected. Using attribute selectors for dynamic styling
1851         should be performant.
1852
1853         This patch implements optimization strategy for attributes similar to what we already have for classes:
1854
1855         - Collect a map of all rules that contains descendant-affecting attribute selectors for a given attribute.
1856         - When an attribute value changes check if there are any such rules for it.
1857         - Check if the value change affects the results of any of the attribute selectors.
1858         - Only if it does invalidate the exact descendant elements affected by the rules.
1859
1860         Test: fast/css/style-invalidation-attribute-change-descendants.html
1861
1862         * WebCore.xcodeproj/project.pbxproj:
1863         * css/DocumentRuleSets.cpp:
1864         (WebCore::DocumentRuleSets::ancestorClassRules):
1865         (WebCore::DocumentRuleSets::ancestorAttributeRulesForHTML):
1866
1867             Create optimization RuleSets when needed.
1868
1869         * css/DocumentRuleSets.h:
1870         (WebCore::DocumentRuleSets::uncommonAttribute):
1871         (WebCore::DocumentRuleSets::features):
1872         * css/RuleFeature.cpp:
1873         (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
1874         (WebCore::makeAttributeSelectorKey):
1875         (WebCore::RuleFeatureSet::collectFeatures):
1876
1877             Collect rules with descendant affecting attribute selectors.
1878
1879         (WebCore::RuleFeatureSet::add):
1880         (WebCore::RuleFeatureSet::clear):
1881         (WebCore::RuleFeatureSet::shrinkToFit):
1882         * css/RuleFeature.h:
1883         * css/SelectorChecker.cpp:
1884         (WebCore::anyAttributeMatches):
1885         (WebCore::SelectorChecker::attributeSelectorMatches):
1886
1887             Expose function for matching single attribute selectors.
1888
1889         (WebCore::canMatchHoverOrActiveInQuirksMode):
1890         * css/SelectorChecker.h:
1891         * dom/Attr.cpp:
1892         (WebCore::Attr::setValue):
1893         (WebCore::Attr::childrenChanged):
1894         * dom/Element.cpp:
1895         (WebCore::Element::setAttributeInternal):
1896         (WebCore::makeIdForStyleResolution):
1897         (WebCore::Element::attributeChanged):
1898         (WebCore::Element::removeAttributeInternal):
1899         (WebCore::Element::addAttributeInternal):
1900         (WebCore::Element::removeAttribute):
1901
1902             Add AttributeChangeInvalidation where needed.
1903
1904         (WebCore::Element::needsStyleInvalidation):
1905
1906             Move to Element from ClassChangeInvalidation.
1907
1908         (WebCore::Element::willModifyAttribute):
1909
1910             No more full style invalidation on attribute change.
1911
1912         * style/AttributeChangeInvalidation.cpp: Added.
1913         (WebCore::Style::AttributeChangeInvalidation::invalidateStyle):
1914
1915             Invalidate local style.
1916             Check if we need to invalidate descendants by looking into ancestorAttributeRules.
1917
1918         (WebCore::Style::AttributeChangeInvalidation::invalidateDescendants):
1919
1920             Use StyleInvalidationAnalysis to invalidate the subtree for the relevant rules.
1921
1922         * style/AttributeChangeInvalidation.h: Added.
1923         (WebCore::Style::AttributeChangeInvalidation::needsInvalidation):
1924         (WebCore::Style::AttributeChangeInvalidation::AttributeChangeInvalidation):
1925         (WebCore::Style::AttributeChangeInvalidation::~AttributeChangeInvalidation):
1926
1927             If needed, invalidate descendants before and after attribute change to catch rules that start and stop applying.
1928
1929 2016-02-16  Chris Dumez  <cdumez@apple.com>
1930
1931         Do security checks early in JSDOMWindow::put*()
1932         https://bugs.webkit.org/show_bug.cgi?id=154270
1933
1934         Reviewed by Gavin Barraclough.
1935
1936         Do security checks early in JSDOMWindow::put() / JSDOMWindow::putByIndex()
1937         and return as soon as possible. This makes it less error-prone as we need
1938         to do the security check only once, at the top of the function.
1939
1940         Also lock down the security further by calling lookupPut() only if the
1941         property name is "location". The "location" property is the only one that
1942         can be set cross-origin. Previously, trying to set a property such as
1943         "name" (which cannot be set cross-origin) relied on the attribute setter
1944         doing the security check when getting called. The new check is less error
1945         prone and will correctly prevent overriding window's method cross-origin
1946         once these move down from the prototype (Bug 154120).
1947
1948         Finally, the previous code was failing to set the "location" property
1949         cross-origin after the window has been reified. This patch fixes the
1950         issue by always calling the original "location" property setter from the
1951         static table in the cross-origin case.
1952
1953         Test: http/tests/security/cross-origin-reified-window-location-setting.html
1954
1955         * bindings/js/JSDOMWindowCustom.cpp:
1956         (WebCore::JSDOMWindow::put):
1957         (WebCore::JSDOMWindow::putByIndex):
1958
1959 2016-02-15  Brent Fulgham  <bfulgham@apple.com>
1960
1961         [Mac] Gather some rudimentary statistics during resource load 
1962         https://bugs.webkit.org/show_bug.cgi?id=153575
1963         <rdar://problem/24075254>
1964
1965         Reviewed by Brady Eidson.
1966
1967         Tested by: http/tests/navigation/statistics.html
1968
1969         * CMakeLists.txt:
1970         * PlatformWin.cmake:
1971         * WebCore.xcodeproj/project.pbxproj:
1972         * dom/Document.cpp:
1973         (WebCore::Document::updateLastHandledUserGestureTimestamp): Log user interaction
1974         with the ResourceLoadObserver.
1975         * loader/DocumentLoader.cpp:
1976         (WebCore::DocumentLoader::willSendRequest): Track load statistics if the
1977         user interacted with the document.
1978         * loader/ResourceLoadObserver.cpp: Added.
1979         * loader/ResourceLoadObserver.h: Added.
1980         * loader/ResourceLoadStatistics.cpp: Added.
1981         * loader/ResourceLoadStatistics.h: Added.
1982         * loader/SubresourceLoader.cpp:
1983         (WebCore::SubresourceLoader::willSendRequestInternal): Track load statistics.
1984         * page/Settings.cpp:
1985         (WebCore::Settings::setResourceLoadStatisticsEnabled): Added.
1986         * page/Settings.h:
1987         (WebCore::Settings::resourceLoadStatisticsEnabled): Added.
1988         * platform/Logging.h:
1989         * testing/Internals.cpp:
1990         (WebCore::Internals::resourceLoadStatisticsForOrigin):
1991         (WebCore::Internals::setResourceLoadStatisticsEnabled):
1992         * testing/Internals.h:
1993         * testing/Internals.idl:
1994
1995 2016-02-15  Chris Dumez  <cdumez@apple.com>
1996
1997         The following properties should exist on the global object: AudioTrackList, AudioTrack, VideoTrackList, VideoTrack
1998         https://bugs.webkit.org/show_bug.cgi?id=154250
1999         <rdar://problem/24660829>
2000
2001         Reviewed by Eric Carlson.
2002
2003         The following properties should exist on the global object:
2004         - AudioTrackList, AudioTrack, VideoTrackList, VideoTrack
2005
2006         These interfaces are not marked as [NoInterfaceObject] in:
2007         - https://html.spec.whatwg.org/#audiotracklist-and-videotracklist-objects
2008
2009         No new tests, already covered by existing tests.
2010
2011         * html/track/AudioTrack.idl:
2012         * html/track/AudioTrackList.idl:
2013         * html/track/VideoTrack.idl:
2014         * html/track/VideoTrackList.idl:
2015
2016 2016-02-15  Sam Weinig  <sam@webkit.org>
2017
2018         Stop using NSMapTable in places where we were only using it to be GC safe
2019         <rdar://problem/24063723>
2020         https://bugs.webkit.org/show_bug.cgi?id=154264
2021
2022         Reviewed by Dan Bernstein.
2023
2024         Switch from NSMapTable to HashMap.
2025
2026         * WebCore.xcodeproj/project.pbxproj:
2027         * bindings/objc/DOMInternal.h:
2028         * bindings/objc/DOMInternal.mm:
2029         * bindings/objc/WebScriptObject.mm:
2030         * bridge/objc/objc_instance.mm:
2031         * platform/spi/cocoa/NSPointerFunctionsSPI.h: Removed. No longer used.
2032
2033 2016-02-15  Myles C. Maxfield  <mmaxfield@apple.com>
2034
2035         [Font Loading] Implement FontFace JavaScript object
2036         https://bugs.webkit.org/show_bug.cgi?id=153345
2037
2038         Reviewed by Antti Koivisto.
2039
2040         Test: fast/text/font-face-javascript.html
2041
2042         This patch implements the FontFace Javascript object. This object mostly consists of
2043         style getters / setters, which we implement by parsing input strings and generating
2044         output strings similarly to getComputedStyle(). This object also has a load() function
2045         which returns a promise which will be fulfilled or rejected depending on the load.
2046         There is also a "loaded" attribute which exposes this promise directly. Also, a status
2047         field is exposed so script knows what the state of the load is.
2048
2049         Currently, loading depends on our CachedResourceLoader which is part of the Document,
2050         so this API is not available in a non-document context.
2051
2052         Another caveat is that immediate-mode font loading (where the content provides an
2053         ArrayBuffer containing the bytes of the font file) is forthcoming. This requires
2054         changing the relationship between CSSFontFaceSource and CachedFont.
2055
2056         CSSFontFace has been modified to keep a strong reference to the CSSFontSelector. This
2057         is because the lifetime of the CSSFontFace can now outlive the CSSFontSelector. When
2058         the CSSFontSelector is removed from the Document, it explicitly clears its constituent
2059         CSSFontFaces, thereby breaking the reference cycle.
2060
2061         Test: fast/text/font-face-javascript-expected.html
2062
2063         * CMakeLists.txt: Add new files.
2064         * DerivedSources.cpp: Ditto.
2065         * DerivedSources.make: Ditto.
2066         * WebCore.vcxproj/WebCore.vcxproj: Ditto.
2067         * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
2068         * WebCore.xcodeproj/project.pbxproj: Ditto.
2069         * bindings/js/JSDOMPromise.cpp:
2070         (WebCore::DeferredWrapper::globalObject): Remove whitespace.
2071         (WebCore::DeferredWrapper::deferred): Allow access to the inner JSC object.
2072         * bindings/js/JSDOMPromise.h:
2073         (WebCore::DOMPromise::deferred): Ditto.
2074         * bindings/js/JSFontFaceCustom.cpp: Copied from Source/WebCore/bindings/js/JSDOMPromise.cpp.
2075         (WebCore::JSFontFace::loaded):
2076         (WebCore::JSFontFace::load):
2077         * css/CSSFontFace.cpp:
2078         (WebCore::CSSFontFace::CSSFontFace): 
2079         (WebCore::CSSFontFace::adoptSource):
2080         (WebCore::CSSFontFace::updateStatus): Enforce the state machine's transitions.
2081         (WebCore::CSSFontFace::fontLoaded):
2082         (WebCore::CSSFontFace::pump):
2083         (WebCore::CSSFontFace::load):
2084         * css/CSSFontFace.h:
2085         (WebCore::CSSFontFaceClient::~CSSFontFaceClient):
2086         (WebCore::CSSFontFace::create):
2087         (WebCore::CSSFontFace::status):
2088         * css/CSSFontSelector.cpp:
2089         (WebCore::CSSFontSelector::appendSources): Update for new CSSFontFace API.
2090         (WebCore::CSSFontSelector::registerLocalFontFacesForFamily): Ditto.
2091         (WebCore::CSSFontSelector::addFontFaceRule): Ditto.
2092         (WebCore::CSSFontSelector::kick): Ditto.
2093         (WebCore::appendSources): Deleted.
2094         (WebCore::registerLocalFontFacesForFamily): Deleted.
2095         * css/CSSFontSelector.h:
2096         * css/CSSUnicodeRangeValue.cpp: Use for serializing the "unicodeRange" property.
2097         * css/FontFace.cpp:
2098         (WebCore::createPromise): Implement the remaining Javascript API functions.
2099         (WebCore::valueFromDictionary):
2100         (WebCore::FontFace::create):
2101         (WebCore::FontFace::FontFace):
2102         (WebCore::FontFace::parseString):
2103         (WebCore::FontFace::status):
2104         (WebCore::FontFace::kick):
2105         (WebCore::FontFace::load):
2106         (WebCore::FontFace::fulfillPromise):
2107         (WebCore::FontFace::rejectPromise):
2108         (WebCore::parseString): Deleted.
2109         * css/FontFace.h:
2110         (WebCore::FontFace::promise):
2111         (WebCore::FontFace::backing):
2112         (WebCore::FontFace::create): Deleted.
2113         * css/FontFace.idl: Copied from Source/WebCore/bindings/js/JSDOMPromise.cpp.
2114
2115 2016-02-15  Jer Noble  <jer.noble@apple.com>
2116
2117         Null-deref crash in DefaultAudioDestinationNode::suspend()
2118         https://bugs.webkit.org/show_bug.cgi?id=154248
2119
2120         Reviewed by Alex Christensen.
2121
2122         Drive-by fix: AudioContext should be a reference, not a pointer.
2123
2124         * Modules/webaudio/AnalyserNode.cpp:
2125         (WebCore::AnalyserNode::AnalyserNode):
2126         * Modules/webaudio/AnalyserNode.h:
2127         (WebCore::AnalyserNode::create):
2128         * Modules/webaudio/AudioBasicInspectorNode.cpp:
2129         (WebCore::AudioBasicInspectorNode::AudioBasicInspectorNode):
2130         (WebCore::AudioBasicInspectorNode::connect):
2131         (WebCore::AudioBasicInspectorNode::disconnect):
2132         (WebCore::AudioBasicInspectorNode::checkNumberOfChannelsForInput):
2133         (WebCore::AudioBasicInspectorNode::updatePullStatus):
2134         * Modules/webaudio/AudioBasicInspectorNode.h:
2135         * Modules/webaudio/AudioBasicProcessorNode.cpp:
2136         (WebCore::AudioBasicProcessorNode::AudioBasicProcessorNode):
2137         (WebCore::AudioBasicProcessorNode::checkNumberOfChannelsForInput):
2138         * Modules/webaudio/AudioBasicProcessorNode.h:
2139         * Modules/webaudio/AudioBufferSourceNode.cpp:
2140         (WebCore::AudioBufferSourceNode::create):
2141         (WebCore::AudioBufferSourceNode::AudioBufferSourceNode):
2142         (WebCore::AudioBufferSourceNode::renderFromBuffer):
2143         (WebCore::AudioBufferSourceNode::setBuffer):
2144         (WebCore::AudioBufferSourceNode::startPlaying):
2145         (WebCore::AudioBufferSourceNode::looping):
2146         (WebCore::AudioBufferSourceNode::setLooping):
2147         * Modules/webaudio/AudioBufferSourceNode.h:
2148         * Modules/webaudio/AudioContext.cpp:
2149         (WebCore::AudioContext::AudioContext):
2150         (WebCore::AudioContext::createBufferSource):
2151         (WebCore::AudioContext::createMediaElementSource):
2152         (WebCore::AudioContext::createMediaStreamDestination):
2153         (WebCore::AudioContext::createScriptProcessor):
2154         (WebCore::AudioContext::createBiquadFilter):
2155         (WebCore::AudioContext::createWaveShaper):
2156         (WebCore::AudioContext::createPanner):
2157         (WebCore::AudioContext::createConvolver):
2158         (WebCore::AudioContext::createDynamicsCompressor):
2159         (WebCore::AudioContext::createAnalyser):
2160         (WebCore::AudioContext::createGain):
2161         (WebCore::AudioContext::createDelay):
2162         (WebCore::AudioContext::createChannelSplitter):
2163         (WebCore::AudioContext::createChannelMerger):
2164         (WebCore::AudioContext::createOscillator):
2165         * Modules/webaudio/AudioContext.h:
2166         (WebCore::operator==):
2167         (WebCore::operator!=):
2168         * Modules/webaudio/AudioDestinationNode.cpp:
2169         (WebCore::AudioDestinationNode::AudioDestinationNode):
2170         (WebCore::AudioDestinationNode::render):
2171         (WebCore::AudioDestinationNode::updateIsEffectivelyPlayingAudio):
2172         * Modules/webaudio/AudioDestinationNode.h:
2173         * Modules/webaudio/AudioNode.cpp:
2174         (WebCore::AudioNode::AudioNode):
2175         (WebCore::AudioNode::connect):
2176         (WebCore::AudioNode::disconnect):
2177         (WebCore::AudioNode::setChannelCount):
2178         (WebCore::AudioNode::setChannelCountMode):
2179         (WebCore::AudioNode::setChannelInterpretation):
2180         (WebCore::AudioNode::scriptExecutionContext):
2181         (WebCore::AudioNode::processIfNecessary):
2182         (WebCore::AudioNode::checkNumberOfChannelsForInput):
2183         (WebCore::AudioNode::propagatesSilence):
2184         (WebCore::AudioNode::pullInputs):
2185         (WebCore::AudioNode::enableOutputsIfNecessary):
2186         (WebCore::AudioNode::deref):
2187         (WebCore::AudioNode::finishDeref):
2188         * Modules/webaudio/AudioNode.h:
2189         (WebCore::AudioNode::context):
2190         * Modules/webaudio/AudioNodeInput.cpp:
2191         (WebCore::AudioNodeInput::connect):
2192         (WebCore::AudioNodeInput::disconnect):
2193         (WebCore::AudioNodeInput::disable):
2194         (WebCore::AudioNodeInput::enable):
2195         (WebCore::AudioNodeInput::updateInternalBus):
2196         (WebCore::AudioNodeInput::bus):
2197         (WebCore::AudioNodeInput::internalSummingBus):
2198         (WebCore::AudioNodeInput::sumAllConnections):
2199         (WebCore::AudioNodeInput::pull):
2200         * Modules/webaudio/AudioNodeOutput.cpp:
2201         (WebCore::AudioNodeOutput::setNumberOfChannels):
2202         (WebCore::AudioNodeOutput::updateNumberOfChannels):
2203         (WebCore::AudioNodeOutput::propagateChannelCount):
2204         (WebCore::AudioNodeOutput::pull):
2205         (WebCore::AudioNodeOutput::bus):
2206         (WebCore::AudioNodeOutput::fanOutCount):
2207         (WebCore::AudioNodeOutput::paramFanOutCount):
2208         (WebCore::AudioNodeOutput::addInput):
2209         (WebCore::AudioNodeOutput::removeInput):
2210         (WebCore::AudioNodeOutput::disconnectAllInputs):
2211         (WebCore::AudioNodeOutput::addParam):
2212         (WebCore::AudioNodeOutput::removeParam):
2213         (WebCore::AudioNodeOutput::disconnectAllParams):
2214         (WebCore::AudioNodeOutput::disable):
2215         (WebCore::AudioNodeOutput::enable):
2216         * Modules/webaudio/AudioNodeOutput.h:
2217         (WebCore::AudioNodeOutput::context):
2218         * Modules/webaudio/AudioParam.cpp:
2219         (WebCore::AudioParam::value):
2220         (WebCore::AudioParam::smooth):
2221         (WebCore::AudioParam::calculateSampleAccurateValues):
2222         (WebCore::AudioParam::calculateFinalValues):
2223         (WebCore::AudioParam::calculateTimelineValues):
2224         (WebCore::AudioParam::connect):
2225         (WebCore::AudioParam::disconnect):
2226         * Modules/webaudio/AudioParam.h:
2227         (WebCore::AudioParam::create):
2228         (WebCore::AudioParam::AudioParam):
2229         * Modules/webaudio/AudioParamTimeline.cpp:
2230         (WebCore::AudioParamTimeline::valueForContextTime):
2231         * Modules/webaudio/AudioParamTimeline.h:
2232         * Modules/webaudio/AudioScheduledSourceNode.cpp:
2233         (WebCore::AudioScheduledSourceNode::AudioScheduledSourceNode):
2234         (WebCore::AudioScheduledSourceNode::updateSchedulingInfo):
2235         (WebCore::AudioScheduledSourceNode::start):
2236         (WebCore::AudioScheduledSourceNode::finish):
2237         * Modules/webaudio/AudioScheduledSourceNode.h:
2238         * Modules/webaudio/AudioSummingJunction.cpp:
2239         (WebCore::AudioSummingJunction::AudioSummingJunction):
2240         (WebCore::AudioSummingJunction::~AudioSummingJunction):
2241         (WebCore::AudioSummingJunction::changedOutputs):
2242         (WebCore::AudioSummingJunction::updateRenderingState):
2243         * Modules/webaudio/AudioSummingJunction.h:
2244         (WebCore::AudioSummingJunction::context):
2245         * Modules/webaudio/BiquadFilterNode.cpp:
2246         (WebCore::BiquadFilterNode::BiquadFilterNode):
2247         * Modules/webaudio/BiquadFilterNode.h:
2248         (WebCore::BiquadFilterNode::create):
2249         * Modules/webaudio/BiquadProcessor.cpp:
2250         (WebCore::BiquadProcessor::BiquadProcessor):
2251         * Modules/webaudio/BiquadProcessor.h:
2252         * Modules/webaudio/ChannelMergerNode.cpp:
2253         (WebCore::ChannelMergerNode::create):
2254         (WebCore::ChannelMergerNode::ChannelMergerNode):
2255         (WebCore::ChannelMergerNode::checkNumberOfChannelsForInput):
2256         * Modules/webaudio/ChannelMergerNode.h:
2257         * Modules/webaudio/ChannelSplitterNode.cpp:
2258         (WebCore::ChannelSplitterNode::create):
2259         (WebCore::ChannelSplitterNode::ChannelSplitterNode):
2260         * Modules/webaudio/ChannelSplitterNode.h:
2261         * Modules/webaudio/ConvolverNode.cpp:
2262         (WebCore::ConvolverNode::ConvolverNode):
2263         (WebCore::ConvolverNode::setBuffer):
2264         * Modules/webaudio/ConvolverNode.h:
2265         (WebCore::ConvolverNode::create):
2266         * Modules/webaudio/DefaultAudioDestinationNode.cpp:
2267         (WebCore::DefaultAudioDestinationNode::DefaultAudioDestinationNode):
2268         (WebCore::DefaultAudioDestinationNode::resume):
2269         (WebCore::DefaultAudioDestinationNode::suspend):
2270         (WebCore::DefaultAudioDestinationNode::close):
2271         * Modules/webaudio/DefaultAudioDestinationNode.h:
2272         (WebCore::DefaultAudioDestinationNode::create):
2273         * Modules/webaudio/DelayNode.cpp:
2274         (WebCore::DelayNode::DelayNode):
2275         * Modules/webaudio/DelayNode.h:
2276         (WebCore::DelayNode::create):
2277         * Modules/webaudio/DelayProcessor.cpp:
2278         (WebCore::DelayProcessor::DelayProcessor):
2279         * Modules/webaudio/DelayProcessor.h:
2280         * Modules/webaudio/DynamicsCompressorNode.cpp:
2281         (WebCore::DynamicsCompressorNode::DynamicsCompressorNode):
2282         * Modules/webaudio/DynamicsCompressorNode.h:
2283         (WebCore::DynamicsCompressorNode::create):
2284         * Modules/webaudio/GainNode.cpp:
2285         (WebCore::GainNode::GainNode):
2286         (WebCore::GainNode::checkNumberOfChannelsForInput):
2287         * Modules/webaudio/GainNode.h:
2288         (WebCore::GainNode::create):
2289         * Modules/webaudio/MediaElementAudioSourceNode.cpp:
2290         (WebCore::MediaElementAudioSourceNode::create):
2291         (WebCore::MediaElementAudioSourceNode::MediaElementAudioSourceNode):
2292         (WebCore::MediaElementAudioSourceNode::setFormat):
2293         * Modules/webaudio/MediaElementAudioSourceNode.h:
2294         * Modules/webaudio/MediaStreamAudioDestinationNode.cpp:
2295         (WebCore::MediaStreamAudioDestinationNode::create):
2296         (WebCore::MediaStreamAudioDestinationNode::MediaStreamAudioDestinationNode):
2297         * Modules/webaudio/MediaStreamAudioDestinationNode.h:
2298         * Modules/webaudio/MediaStreamAudioSourceNode.cpp:
2299         (WebCore::MediaStreamAudioSourceNode::MediaStreamAudioSourceNode):
2300         (WebCore::MediaStreamAudioSourceNode::setFormat):
2301         * Modules/webaudio/OfflineAudioDestinationNode.cpp:
2302         (WebCore::OfflineAudioDestinationNode::OfflineAudioDestinationNode):
2303         (WebCore::OfflineAudioDestinationNode::offlineRender):
2304         (WebCore::OfflineAudioDestinationNode::notifyComplete):
2305         * Modules/webaudio/OfflineAudioDestinationNode.h:
2306         (WebCore::OfflineAudioDestinationNode::create):
2307         * Modules/webaudio/OscillatorNode.cpp:
2308         (WebCore::OscillatorNode::create):
2309         (WebCore::OscillatorNode::OscillatorNode):
2310         * Modules/webaudio/OscillatorNode.h:
2311         * Modules/webaudio/PannerNode.cpp:
2312         (WebCore::PannerNode::PannerNode):
2313         (WebCore::PannerNode::pullInputs):
2314         (WebCore::PannerNode::process):
2315         (WebCore::PannerNode::listener):
2316         (WebCore::PannerNode::setPanningModel):
2317         * Modules/webaudio/PannerNode.h:
2318         (WebCore::PannerNode::create):
2319         * Modules/webaudio/ScriptProcessorNode.cpp:
2320         (WebCore::ScriptProcessorNode::create):
2321         (WebCore::ScriptProcessorNode::ScriptProcessorNode):
2322         (WebCore::ScriptProcessorNode::initialize):
2323         (WebCore::ScriptProcessorNode::fireProcessEvent):
2324         * Modules/webaudio/ScriptProcessorNode.h:
2325         * Modules/webaudio/WaveShaperNode.cpp:
2326         (WebCore::WaveShaperNode::WaveShaperNode):
2327         (WebCore::WaveShaperNode::setOversample):
2328         * Modules/webaudio/WaveShaperNode.h:
2329         (WebCore::WaveShaperNode::create):
2330
2331 2016-02-15  Jer Noble  <jer.noble@apple.com>
2332
2333         Null-deref crash in DefaultAudioDestinationNode::suspend()
2334         https://bugs.webkit.org/show_bug.cgi?id=154248
2335
2336         Reviewed by Alex Christensen.
2337
2338         Null-check scriptExecutionContext() before deref.
2339
2340         * Modules/webaudio/DefaultAudioDestinationNode.cpp:
2341         (WebCore::DefaultAudioDestinationNode::resume):
2342         (WebCore::DefaultAudioDestinationNode::suspend):
2343         (WebCore::DefaultAudioDestinationNode::close):
2344
2345 2016-02-15  Chris Dumez  <cdumez@apple.com>
2346
2347         XMLHttpRequest / XMLHttpRequestUpload should inherit XMLHttpRequestEventTarget
2348         https://bugs.webkit.org/show_bug.cgi?id=154230
2349
2350         Reviewed by Alex Christensen.
2351
2352         MLHttpRequest / XMLHttpRequestUpload should inherit XMLHttpRequestEventTarget
2353         as per:
2354         https://xhr.spec.whatwg.org/#xmlhttprequesteventtarget
2355
2356         Firefox and Chrome already match the specification.
2357
2358         No new tests, already covered by existing tests.
2359
2360         * CMakeLists.txt:
2361         * DerivedSources.make:
2362         * WebCore.vcxproj/WebCore.vcxproj:
2363         * WebCore.vcxproj/WebCore.vcxproj.filters:
2364         * WebCore.xcodeproj/project.pbxproj:
2365         * xml/XMLHttpRequest.h:
2366         * xml/XMLHttpRequest.idl:
2367         * xml/XMLHttpRequestEventTarget.h: Added.
2368         * xml/XMLHttpRequestEventTarget.idl: Copied from Source/WebCore/xml/XMLHttpRequestUpload.idl.
2369         * xml/XMLHttpRequestUpload.h:
2370         * xml/XMLHttpRequestUpload.idl:
2371
2372 2016-02-15  Jiewen Tan  <jiewen_tan@apple.com>
2373
2374         Refine SimulatedMouseEvent to support Event.isTrusted
2375         https://bugs.webkit.org/show_bug.cgi?id=154133
2376         <rdar://problem/24616246>
2377
2378         Reviewed by Darin Adler.
2379
2380         This patch extracts everything related to create/dispatch SimulatedMouseEvent from MouseEvent.h/cpp
2381         and EventDispatcher.h/cpp, and produces SimulateClick.h/cpp which will handle simulated click solely.
2382         After that, we hide the SimulatedMouseEvent and only expose simulateClick to be called. The reason is
2383         that we both want to tell whether the call sites are from user agent/bindings and keep the
2384         SimulatedMouseEvent intact.
2385
2386         Also, this patch separate Element::dispatchSimulatedClick into two: one for the user agent, and another
2387         for the bindings. Therefore, HTMLElement.click will be treated as untrusted.
2388
2389         Some of the changes in this patch referred Blink r200401:
2390         https://codereview.chromium.org/1285793004
2391
2392         Modified test:
2393         LayoutTests/imported/blink/fast/events/event-trusted.html
2394
2395         * CMakeLists.txt:
2396         * WebCore.xcodeproj/project.pbxproj:
2397         * dom/Element.cpp:
2398         (WebCore::Element::dispatchSimulatedClick):
2399         (WebCore::Element::dispatchSimulatedClickForBindings):
2400         * dom/Element.h:
2401         * dom/EventDispatcher.cpp:
2402         (WebCore::EventDispatcher::dispatchSimulatedClick): Deleted.
2403         * dom/EventDispatcher.h:
2404         * dom/MouseEvent.cpp:
2405         (WebCore::SimulatedMouseEvent::create): Deleted.
2406         (WebCore::SimulatedMouseEvent::~SimulatedMouseEvent): Deleted.
2407         (WebCore::SimulatedMouseEvent::SimulatedMouseEvent): Deleted.
2408         * dom/MouseEvent.h:
2409         * dom/SimulatedClick.cpp: Added.
2410         (WebCore::simulateMouseEvent):
2411         (WebCore::simulateClick):
2412         * dom/SimulatedClick.h: Added.
2413         * html/HTMLElement.cpp:
2414         (WebCore::HTMLElement::click):
2415
2416 2016-02-15  Joseph Pecoraro  <pecoraro@apple.com>
2417
2418         Web Inspector: Web Workers have no access to console for debugging
2419         https://bugs.webkit.org/show_bug.cgi?id=26237
2420
2421         Reviewed by Timothy Hatcher.
2422
2423         This adds the most basic console message support to Workers.
2424         Messages logged from workers get surfaced through the Page's console.
2425         This lacks support for logging and interacting with arguments,
2426         which would be addressed when adding more complete Worker
2427         debugging tools.
2428
2429         Test: inspector/console/messageAdded-from-worker.html
2430
2431         * CMakeLists.txt:
2432         * WebCore.xcodeproj/project.pbxproj:
2433         Add new files.
2434
2435         * bindings/js/WorkerScriptController.cpp:
2436         (WebCore::WorkerScriptController::~WorkerScriptController):
2437         (WebCore::WorkerScriptController::initScript):
2438         Set the ConsoleClient for the Worker's global object. We route
2439         the messages to the Page's console.
2440
2441         * bindings/js/WorkerScriptController.h:
2442         * workers/WorkerConsoleClient.h: Added.
2443         * workers/WorkerConsoleClient.cpp: Added.
2444         (WebCore::WorkerConsoleClient::WorkerConsoleClient):
2445         (WebCore::WorkerConsoleClient::~WorkerConsoleClient):
2446         (WebCore::WorkerConsoleClient::profile):
2447         (WebCore::WorkerConsoleClient::profileEnd):
2448         (WebCore::WorkerConsoleClient::count):
2449         (WebCore::WorkerConsoleClient::time):
2450         (WebCore::WorkerConsoleClient::timeEnd):
2451         (WebCore::WorkerConsoleClient::timeStamp):
2452         Stub most console methods in a Worker.
2453
2454         (WebCore::WorkerConsoleClient::messageWithTypeAndLevel):
2455         Send worker log messages to the global scope and on to the main page.
2456
2457         * workers/WorkerGlobalScope.h:
2458         * workers/WorkerGlobalScope.cpp:
2459         (WebCore::WorkerGlobalScope::addConsoleMessage):
2460         (WebCore::WorkerGlobalScope::addMessageToWorkerConsole):
2461         Ideally we want to converge on simple addConsoleMessage
2462         APIs that just take a ConsoleMessage, without a barrage
2463         of parameters. Add these versions now.
2464
2465 2016-02-15  Alex Christensen  <achristensen@webkit.org>
2466
2467         CMake build fix.
2468
2469         * PlatformMac.cmake:
2470
2471 2016-02-15  Chris Dumez  <cdumez@apple.com>
2472
2473         Regression(r196563): It is no longer possible to call window.addEventListener without an explicit 'this'
2474         https://bugs.webkit.org/show_bug.cgi?id=154245
2475
2476         Reviewed by Ryosuke Niwa.
2477
2478         This patch adds support for calling the EventListener API without an
2479         explicit 'this' value. If no explicit 'this' value is passed, then we
2480         fall back to using the global object. This matches Chrome and Firefox's
2481         behavior. It also fixes the Dromaeo/cssquery-dojo.html test.
2482
2483         Test: fast/dom/Window/addEventListener-implicit-this.html
2484
2485         * bindings/scripts/CodeGeneratorJS.pm:
2486         (GenerateFunctionCastedThis):
2487
2488 2016-02-14  Gavin Barraclough  <barraclough@apple.com>
2489
2490         Organize, deduplicate & comment JSDOMWindowCustom getOwnPropertySlot
2491         https://bugs.webkit.org/show_bug.cgi?id=154224
2492
2493         Reviewed by Chris Dumez.
2494
2495         * bindings/js/JSDOMWindowCustom.cpp:
2496         (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
2497         (WebCore::jsDOMWindowGetOwnPropertySlotNamedItemGetter):
2498         (WebCore::JSDOMWindow::getOwnPropertySlot):
2499         (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
2500             - organized property access sequence into a more logical order, removed
2501               duplicated code & added comments.
2502         (WebCore::namedItemGetter): Deleted.
2503             - there was no need for a custom callback here; merged functionality into
2504               jsDOMWindowGetOwnPropertySlotNamedItemGetter.
2505         (WebCore::jsDOMWindowGetOwnPropertySlotCrossOrigin): Deleted.
2506             - renamed to jsDOMWindowGetOwnPropertySlotRestrictedAccess
2507               (this now also handles frameless access).
2508
2509 2016-02-15  Daniel Bates  <dabates@apple.com>
2510
2511         CSP: 'sandbox' should be ignored in report-only mode
2512         https://bugs.webkit.org/show_bug.cgi?id=153167
2513         <rdar://problem/22708669>
2514
2515         Reviewed by Brent Fulgham.
2516
2517         Merged from Blink (patch by Mike West):
2518         <https://src.chromium.org/viewvc/blink?revision=165322&view=revision>
2519
2520         * page/csp/ContentSecurityPolicy.cpp:
2521         (WebCore::ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode): Added. Logs a
2522         console message to the console to explain that the specified directive is invalid in
2523         report-only mode.
2524         * page/csp/ContentSecurityPolicy.h:
2525         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
2526         (WebCore::ContentSecurityPolicyDirectiveList::applySandboxPolicy): Do not apply sandbox
2527         policy when in report-only mode and call ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode()
2528         to log a message to the console.
2529
2530 2016-02-15  Daniel Bates  <dabates@apple.com>
2531
2532         CSP: Allow schemeless source expressions to match an HTTP or HTTPS resource
2533         https://bugs.webkit.org/show_bug.cgi?id=154177
2534         <rdar://problem/22708772>
2535
2536         Reviewed by Brent Fulgham.
2537
2538         Allow a schemeless source expression to match an HTTP or HTTPS subresource when the page is
2539         delivered over HTTP as per section Matching Source Expressions of the Content Security Policy
2540         2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/> (21 July 2015).
2541
2542         Currently we have logic that implements this functionality, but it is guarded behind the compile-
2543         time macro ENABLE(CSP_NEXT) that is disabled by default. Instead we should always compile such
2544         code. In subsequent commits we will move more code out from under the ENABLE(CSP_NEXT)-guard
2545         towards removing the ENABLE_CSP_NEXT macro entirely.
2546
2547         * page/csp/ContentSecurityPolicy.cpp:
2548         (WebCore::ContentSecurityPolicy::protocolMatchesSelf):
2549
2550 2016-02-15  Konstantin Tokarev  <annulen@yandex.ru>
2551
2552         [cmake] Consolidated Linux-specific file lists.
2553         https://bugs.webkit.org/show_bug.cgi?id=154219
2554
2555         Reviewed by Gyuyoung Kim.
2556
2557         No new tests needed.
2558
2559         * PlatformEfl.cmake: Moved Linux files and include dir to Linux.cmake.
2560         * PlatformGTK.cmake: Ditto.
2561         * platform/Linux.cmake: Added.
2562
2563 2016-02-15  Csaba Osztrogonác  <ossy@webkit.org>
2564
2565         Fix the !(ENABLE(SVG_FONTS) || ENABLE(SVG_OTF_CONVERTER)) build after r196322
2566         https://bugs.webkit.org/show_bug.cgi?id=154104
2567
2568         Reviewed by Myles C. Maxfield.
2569
2570         * css/CSSFontFaceSource.cpp:
2571         (WebCore::CSSFontFaceSource::CSSFontFaceSource):
2572
2573 2016-02-14  Antti Koivisto  <antti@apple.com>
2574
2575         Add test for class change style invalidation optimization
2576         https://bugs.webkit.org/show_bug.cgi?id=154226
2577
2578         Reviewed by Myles Maxfield.
2579
2580         Test for https://trac.webkit.org/r196383
2581
2582         Add internals.styleChangeType function.
2583
2584         Test: fast/css/style-invalidation-class-change-descendants.html
2585
2586         * testing/Internals.cpp:
2587         (WebCore::Internals::nodeNeedsStyleRecalc):
2588         (WebCore::asString):
2589         (WebCore::Internals::styleChangeType):
2590         (WebCore::Internals::description):
2591         * testing/Internals.h:
2592         * testing/Internals.idl:
2593
2594 2016-02-14  Simon Fraser  <simon.fraser@apple.com>
2595
2596         [CSS Filters] When applying an SVG filter on a composited image using CSS the image is rendered without the filter
2597         https://bugs.webkit.org/show_bug.cgi?id=154108
2598
2599         Reviewed by Sam Weinig.
2600         
2601         When checking whether we can directly composite an image, we need to check for software-rendered
2602         filters.
2603
2604         Test: compositing/filters/simple-image-with-svg-filter.html
2605
2606         * rendering/RenderLayerBacking.cpp:
2607         (WebCore::RenderLayerBacking::isDirectlyCompositedImage):
2608
2609 2016-02-14  Chris Dumez  <cdumez@apple.com>
2610
2611         Drop the [EventTarget] WebKit-specific IDL extended attribute
2612         https://bugs.webkit.org/show_bug.cgi?id=154171
2613
2614         Reviewed by Sam Weinig.
2615
2616         Drop the [EventTarget] WebKit-specific IDL extended attribute now that
2617         all interfaces inherit EventTarget when they should.
2618
2619         No new tests, no Web-Exposed behavior change.
2620
2621         * Modules/battery/BatteryManager.idl:
2622         * Modules/encryptedmedia/MediaKeySession.idl:
2623         * Modules/indexeddb/IDBDatabase.idl:
2624         * Modules/indexeddb/IDBOpenDBRequest.idl:
2625         * Modules/indexeddb/IDBRequest.idl:
2626         * Modules/indexeddb/IDBTransaction.idl:
2627         * Modules/mediasession/MediaRemoteControls.idl:
2628         * Modules/mediasource/MediaSource.idl:
2629         * Modules/mediasource/SourceBuffer.idl:
2630         * Modules/mediasource/SourceBufferList.idl:
2631         * Modules/mediastream/MediaStream.idl:
2632         * Modules/mediastream/MediaStreamTrack.idl:
2633         * Modules/mediastream/RTCDTMFSender.idl:
2634         * Modules/mediastream/RTCDataChannel.idl:
2635         * Modules/mediastream/RTCPeerConnection.idl:
2636         * Modules/notifications/Notification.idl:
2637         * Modules/speech/SpeechSynthesisUtterance.idl:
2638         * Modules/webaudio/AudioContext.idl:
2639         * Modules/webaudio/AudioNode.idl:
2640         * Modules/webaudio/OfflineAudioContext.idl:
2641         * Modules/websockets/WebSocket.idl:
2642         * bindings/scripts/CodeGeneratorGObject.pm:
2643         (ImplementsInterface):
2644         (SkipFunction): Deleted.
2645         (GenerateCFile): Deleted.
2646         * bindings/scripts/CodeGeneratorJS.pm:
2647         (InstanceNeedsVisitChildren):
2648         (GenerateImplementation):
2649         * bindings/scripts/IDLAttributes.txt:
2650         * bindings/scripts/test/TestEventTarget.idl:
2651         * bindings/scripts/test/TestNode.idl:
2652         * css/FontLoader.idl:
2653         * dom/EventTarget.idl:
2654         * dom/MessagePort.idl:
2655         * dom/Node.idl:
2656         * dom/WebKitNamedFlow.idl:
2657         * fileapi/FileReader.idl:
2658         * html/MediaController.idl:
2659         * html/track/AudioTrackList.idl:
2660         * html/track/TextTrack.idl:
2661         * html/track/TextTrackCue.idl:
2662         * html/track/TextTrackList.idl:
2663         * html/track/VideoTrackList.idl:
2664         * loader/appcache/DOMApplicationCache.idl:
2665         * page/DOMWindow.idl:
2666         * page/EventSource.idl:
2667         * page/Performance.idl:
2668         * workers/WorkerGlobalScope.idl:
2669         * xml/XMLHttpRequest.idl:
2670         * xml/XMLHttpRequestUpload.idl:
2671
2672 2016-02-14  Chris Dumez  <cdumez@apple.com>
2673
2674         Unreviewed attempt to fix the Mac CMake build after r196136
2675
2676         * PlatformMac.cmake:
2677
2678 2016-02-14  Chris Dumez  <cdumez@apple.com>
2679
2680         Unreviewed attempt to fix the Windows build.
2681
2682         * Modules/webdatabase/Database.cpp:
2683         * bridge/c/c_utility.cpp:
2684         * platform/MemoryPressureHandler.cpp:
2685
2686 2016-02-14  Chris Dumez  <cdumez@apple.com>
2687
2688         Window and WorkerGlobalScope should inherit EventTarget
2689         https://bugs.webkit.org/show_bug.cgi?id=154170
2690         <rdar://problem/24642377>
2691
2692         Reviewed by Darin Adler.
2693
2694         Window and WorkerGlobalScope should inherit EventTarget instead of
2695         duplicating the EventTarget API in their IDL. These were the last
2696         interfaces that needed fixing. The next step will be to get rid
2697         of the [EventTarget] IDL extended attribute and rely entirely
2698         on the EventTarget inheritance.
2699
2700         Test:
2701         - fast/frames/detached-frame-eventListener.html
2702         - Covered by existing tests.
2703
2704         * WebCore.xcodeproj/project.pbxproj:
2705         Add JSEventTargetCustom.h header to the project.
2706
2707         * bindings/js/JSDOMWindowCustom.cpp:
2708         Drop custom bindings for Window's addEventListener() and
2709         removeEventListener(). The only reason these needed custom
2710         code was to add a check for frameless windows. The frameless
2711         Window checks was moved to the respective methods in the
2712         JSEventTarget generated bindings.
2713
2714         * bindings/js/JSDOMWindowShell.cpp:
2715         (WebCore::JSDOMWindowShell::setWindow):
2716         Set WindowPrototype's prototype to EventTarget's prototype.
2717
2718         * bindings/js/JSDOMWindowShell.h:
2719         * bindings/js/JSDictionary.cpp:
2720         Include "DOMWindow.h" to fix the build.
2721
2722         * bindings/js/JSEventTargetCustom.cpp:
2723         (WebCore::JSEventTarget::toWrapped):
2724         Handle DOMWindow and WorkerGlobalScope explicitely in toWrapped()
2725         and get rid of the DOM_EVENT_TARGET_INTERFACES_FOR_EACH(TRY_TO_UNWRAP_WITH_INTERFACE)
2726         now that all interfaces inherit EventTarget when they should.
2727         The reason DOMWindow and WorkerGlobalScope still need special
2728         handling is because their wrappers (JSDOMWindow /
2729         JSWorkerGlobalScope) do not subclass JSEventTarget.
2730
2731         (WebCore::JSEventTargetOrGlobalScope::create):
2732         * bindings/js/JSEventTargetCustom.h: Added.
2733         (WebCore::JSEventTargetOrGlobalScope::wrapped):
2734         (WebCore::JSEventTargetOrGlobalScope::operator JSC::JSObject&):
2735         (WebCore::JSEventTargetOrGlobalScope::JSEventTargetOrGlobalScope):
2736         Add a wrapper type for JSEventTarget / JSDOMWindow and
2737         JSWorkerGlobalScope for use in the generated bindings. This is
2738         needed because JSDOMWindow and JSWorkerGlobalScope do not
2739         subclass JSEventTarget. Subclassing JSEventTarget would be
2740         complicated for them because they already subclass
2741         JSDOMWindowBase / JSWorkerGlobalScopeBase, which subclasses
2742         JSDOMGlobalObject.
2743
2744         * bindings/js/WorkerScriptController.cpp:
2745         (WebCore::WorkerScriptController::initScript):
2746         Set WorkerGlobalScopePrototype's prototype to EventTarget's prototype.
2747
2748         * bindings/scripts/CodeGeneratorJS.pm:
2749         (ShouldGenerateToJSDeclaration):
2750         Do not generate to toJS() implementation for interfaces that use
2751         the [CustomProxyToJSObject] IDL extended attribute, even if they
2752         inherit EventTarget.
2753
2754         (GetCastingHelperForThisObject):
2755         To initialize castedThis from thisValue JSValue, we now use the
2756         JSEventTargetOrGlobalScope wrapper for the EventTarget
2757         implementation. This is to work around the fact that JSDOMWindow
2758         and JSWorkerGlobalScope do not subclass JSEventTarget.
2759
2760         (GenerateFunctionCastedThis):
2761         - Drop code handling [WorkerGlobalScope] IDL extended attribute
2762           as there is no such attribute.
2763         - Use auto instead of auto* type for castedThis because
2764           JSEventTargetOrGlobalScope::create() returns a unique_ptr.
2765         - Do not check that castedThis inherits JSEventTarget in the
2766           EventTarget bindings code as this no longer holds true.
2767
2768         (GenerateImplementation):
2769         Generate frameless window() and security checks for EventTarget
2770         methods when thisValue is a JSDOMWindow.
2771
2772         * dom/EventTarget.idl:
2773         Add [JSCustomHeader] IDL Extended attribute as we need a header
2774         to expose JSEventTargetOrGlobalScope class.
2775
2776         * page/DOMWindow.idl:
2777         * workers/WorkerGlobalScope.idl:
2778         Inherit EventTarget and stop duplicating the EventTarget API.
2779         This matches the HTML specification.
2780
2781 2016-02-14  Darin Adler  <darin@apple.com>
2782
2783         Small tweaks to some SimpleLineLayout code
2784         https://bugs.webkit.org/show_bug.cgi?id=154229
2785
2786         Reviewed by Zalan Bujtas.
2787
2788         * rendering/SimpleLineLayoutFunctions.cpp:
2789         (WebCore::SimpleLineLayout::paintFlow): Use std::ceil instead of ceilf.
2790         Use auto instead of const auto& for a for loop where the local object is
2791         copied and not a reference.
2792         (WebCore::SimpleLineLayout::hitTestFlow): Use modern for loop.
2793         (WebCore::SimpleLineLayout::collectFlowOverflow): Use std::ceil instead of
2794         ceilf. Use a modern for loop, and use slightly more descriptive local
2795         variable names.
2796         (WebCore::SimpleLineLayout::computeBoundingBox): Use auto instead of
2797         const auto& as above.
2798         (WebCore::SimpleLineLayout::computeFirstRunLocation): Use auto and use
2799         the name "range" for the range rather than the name "it", since the range
2800         is not an iterator.
2801         (WebCore::SimpleLineLayout::collectAbsoluteRects): Use auto instead of
2802         const auto& as above.
2803         (WebCore::SimpleLineLayout::collectAbsoluteQuads): Ditto.
2804         (WebCore::SimpleLineLayout::showLineLayoutForFlow): Use modern for loop.
2805
2806         * rendering/SimpleLineLayoutResolver.cpp:
2807         (WebCore::SimpleLineLayout::RunResolver::Run::text): Convert from a String
2808         to a StringView using the StringView constructor instead of writing out
2809         explicit 8-bit and 16-bit cases.
2810
2811 2016-02-13  Antti Koivisto  <antti@apple.com>
2812
2813         Factor class change style invalidation code into a class
2814         https://bugs.webkit.org/show_bug.cgi?id=154163
2815
2816         Reviewed by Andreas Kling.
2817
2818         Factor this piece of functionality out of Element and into ClassChangeInvalidation class.
2819
2820         * CMakeLists.txt:
2821         * WebCore.vcxproj/WebCore.vcxproj:
2822         * WebCore.xcodeproj/project.pbxproj:
2823         * dom/Element.cpp:
2824         (WebCore::classStringHasClassName):
2825         (WebCore::Element::classAttributeChanged):
2826         (WebCore::collectClasses): Deleted.
2827         (WebCore::computeClassChange): Deleted.
2828         (WebCore::invalidateStyleForClassChange): Deleted.
2829         * style/ClassChangeInvalidation.cpp: Added.
2830         (WebCore::Style::ClassChangeInvalidation::computeClassChange):
2831         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
2832         * style/ClassChangeInvalidation.h: Added.
2833         (WebCore::Style::ClassChangeInvalidation::needsInvalidation):
2834         (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
2835         (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):
2836
2837 2016-02-13  Myles C. Maxfield  <mmaxfield@apple.com>
2838
2839         [Win] [SVG -> OTF Converter] SVG fonts drawn into ImageBuffers are invisible
2840         https://bugs.webkit.org/show_bug.cgi?id=154222
2841
2842         Reviewed by Antti Koivisto.
2843
2844         Windows ImageBuffer code is sensitive to broken bounding box and
2845         descent code.
2846
2847         Covered by existing tests.
2848
2849         * svg/SVGToOTFFontConversion.cpp:
2850         (WebCore::SVGToOTFFontConverter::appendHHEATable):
2851         (WebCore::SVGToOTFFontConverter::appendOS2Table):
2852         (WebCore::SVGToOTFFontConverter::processGlyphElement):
2853         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
2854
2855 2016-02-13  Antti Koivisto  <antti@apple.com>
2856
2857         Add version number for default stylesheet
2858         https://bugs.webkit.org/show_bug.cgi?id=154220
2859
2860         Reviewed by Ryosuke Niwa.
2861
2862         We currently fail to update RuleFeatureSets for shadow trees when the default stylesheet grows
2863         (for example when media controls stylesheet is initialized).
2864
2865         No test since this is not causing known bugs. It is blocking optimizations in shadow trees that
2866         rely on rule features being up-to-date.
2867
2868         * css/CSSDefaultStyleSheets.cpp:
2869         (WebCore::CSSDefaultStyleSheets::loadSimpleDefaultStyle):
2870         (WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement):
2871
2872             Increment version number when the default stylesheet changes.
2873
2874         * css/CSSDefaultStyleSheets.h:
2875         * css/DocumentRuleSets.cpp:
2876         (WebCore::DocumentRuleSets::appendAuthorStyleSheets):
2877         (WebCore::DocumentRuleSets::collectFeatures):
2878
2879             Store the current default stylesheet version number.
2880
2881         * css/DocumentRuleSets.h:
2882         (WebCore::DocumentRuleSets::features):
2883
2884             Collect features again if the default stylesheet has changed.
2885
2886         * css/StyleResolver.cpp:
2887         (WebCore::StyleResolver::styleForElement):
2888
2889 2016-02-13  Konstantin Tokarev  <annulen@yandex.ru>
2890
2891         [cmake] Consolidate building of GStreamer and OpenWebRTC code.
2892         https://bugs.webkit.org/show_bug.cgi?id=154116
2893
2894         Reviewed by Michael Catanzaro.
2895
2896         No new tests needed.
2897
2898         * PlatformEfl.cmake: Migrated shared code to GStreamer.cmake.
2899         * PlatformGTK.cmake: Ditto.
2900         * platform/GStreamer.cmake: Added.
2901
2902 2016-02-13  Mark Lam  <mark.lam@apple.com>
2903
2904         Add thread violation checks to WebView public APIs.
2905         https://bugs.webkit.org/show_bug.cgi?id=154183
2906
2907         Reviewed by Timothy Hatcher.
2908
2909         No new tests.  Just adding a new thread violation round.
2910
2911         * platform/ThreadCheck.h:
2912         * platform/mac/ThreadCheck.mm:
2913         - Adding WebCoreThreadViolationCheckRoundThree().
2914
2915 2016-02-12  Nan Wang  <n_wang@apple.com>
2916
2917         AX: Implement paragraph related text marker functions using TextIterator
2918         https://bugs.webkit.org/show_bug.cgi?id=154098
2919         <rdar://problem/24269675>
2920
2921         Reviewed by Chris Fleizach.
2922
2923         Using CharacterOffset to implement paragraph related text marker calls. Reused
2924         logic from VisibleUnits class. And refactored textMarkerForCharacterOffset method
2925         to get better performance. Also fixed an issue where we can't navigate through a text
2926         node with line breaks in it using next/previousCharacterOffset call.
2927
2928         Test: accessibility/mac/text-marker-paragraph-nav.html
2929
2930         * accessibility/AXObjectCache.cpp:
2931         (WebCore::AXObjectCache::traverseToOffsetInRange):
2932         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
2933         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
2934         (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
2935         (WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
2936         (WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
2937         (WebCore::AXObjectCache::nextNode):
2938         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
2939         (WebCore::AXObjectCache::nextCharacterOffset):
2940         (WebCore::AXObjectCache::previousCharacterOffset):
2941         (WebCore::startWordBoundary):
2942         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
2943         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
2944         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
2945         (WebCore::AXObjectCache::previousWordBoundary):
2946         (WebCore::AXObjectCache::startCharacterOffsetOfParagraph):
2947         (WebCore::AXObjectCache::endCharacterOffsetOfParagraph):
2948         (WebCore::AXObjectCache::paragraphForCharacterOffset):
2949         (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
2950         (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
2951         (WebCore::AXObjectCache::rootAXEditableElement):
2952         * accessibility/AXObjectCache.h:
2953         (WebCore::CharacterOffset::remaining):
2954         (WebCore::CharacterOffset::isNull):
2955         (WebCore::CharacterOffset::isEqual):
2956         (WebCore::AXObjectCache::isNodeInUse):
2957         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
2958         (+[WebAccessibilityTextMarker textMarkerWithCharacterOffset:cache:]):
2959         (-[WebAccessibilityObjectWrapper nextMarkerForCharacterOffset:]):
2960         (-[WebAccessibilityObjectWrapper previousMarkerForCharacterOffset:]):
2961         (-[WebAccessibilityObjectWrapper rangeForTextMarkers:]):
2962         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
2963         (startOrEndTextmarkerForRange):
2964         (nextTextMarkerForCharacterOffset):
2965         (previousTextMarkerForCharacterOffset):
2966         (-[WebAccessibilityObjectWrapper nextTextMarkerForCharacterOffset:]):
2967         (-[WebAccessibilityObjectWrapper previousTextMarkerForCharacterOffset:]):
2968         (-[WebAccessibilityObjectWrapper textMarkerForCharacterOffset:]):
2969         (textMarkerForCharacterOffset):
2970         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
2971         (-[WebAccessibilityObjectWrapper nextTextMarkerForNode:offset:]): Deleted.
2972         (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]): Deleted.
2973         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]): Deleted.
2974         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]): Deleted.
2975         * editing/VisibleUnits.cpp:
2976         (WebCore::nextSentencePosition):
2977         (WebCore::findStartOfParagraph):
2978         (WebCore::findEndOfParagraph):
2979         (WebCore::startOfParagraph):
2980         (WebCore::endOfParagraph):
2981         * editing/VisibleUnits.h:
2982
2983 2016-02-12  Ryan Haddad  <ryanhaddad@apple.com>
2984
2985         Reset results for bindings tests after r196520
2986
2987         Unreviewed test gardening.
2988
2989         No new tests needed.
2990
2991         * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.cpp:
2992         (webkit_dom_test_event_target_dispatch_event):
2993         * bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
2994         (webkit_dom_test_node_dispatch_event):
2995
2996 2016-02-12  Saam barati  <sbarati@apple.com>
2997
2998         Attempting build fix from https://bugs.webkit.org/show_bug.cgi?id=154144.
2999
3000         * bindings/js/JSDOMGlobalObject.cpp:
3001         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
3002
3003 2016-02-12  Daniel Bates  <dabates@apple.com>
3004
3005         CSP: 'blob:' URLs should not match 'self' in CSP source expression lists.
3006         https://bugs.webkit.org/show_bug.cgi?id=153158
3007         <rdar://problem/24383264>
3008
3009         Reviewed by Brent Fulgham.
3010
3011         A blob URL should not match source 'self' by section Security Considerations for GUID URL schemes
3012         of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/CSP2/> (21 July 2015).
3013
3014         Tests: http/tests/security/contentSecurityPolicy/blob-url-does-not-match-source-self.html
3015                http/tests/security/contentSecurityPolicy/blob-url-matches-source-blob.html
3016
3017         * page/csp/ContentSecurityPolicySourceList.cpp:
3018         (WebCore::ContentSecurityPolicySourceList::matches): Do not make a distinction between URLs that
3019         contain a nested URL (e.g. blob://http://www.example.com/...) and URLs that do not contain a nested
3020         URL. The URL of the requested resource should be matched against the source list source expressions.
3021
3022 2016-02-12  Daniel Bates  <dabates@apple.com>
3023
3024         CSP: Implement child-src directive
3025         https://bugs.webkit.org/show_bug.cgi?id=153562
3026         <rdar://problem/24610087>
3027
3028         Reviewed by Brent Fulgham.
3029
3030         Add support for the child-src directive, <https://w3c.github.io/webappsec-csp/2/#child_src> (29 August 2015),
3031         which formally replaces the deprecated frame-src directive as of the Content Security Policy 2.0 spec. The
3032         child-src directive was first introduced in the Content Security Policy 1.1 spec, <https://www.w3.org/TR/2014/WD-CSP11-20140211/>.
3033
3034         As a side effect of this change, the script URL for a Web Worker is checked against the child-src directive
3035         as opposed to the script-src directive. This is a backward incompatible change from the CSP 1.0 spec.
3036
3037         Tests: http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-blocked.html
3038                http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-redirect-blocked.html
3039                http/tests/security/contentSecurityPolicy/1.1/child-src/frame-src-takes-precedence-over-child-src.html
3040                http/tests/security/contentSecurityPolicy/1.1/child-src/worker-redirect-blocked.html
3041                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-redirect.html
3042
3043         * loader/DocumentThreadableLoader.cpp:
3044         (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Check child-src directive (if applicable).
3045         * loader/ThreadableLoader.h: Add enum value EnforceChildSrcDirective to enum class ContentSecurityPolicyEnforcement to
3046         enforce the child-src directive on redirect.
3047         * page/csp/ContentSecurityPolicy.cpp:
3048         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Added.
3049         * page/csp/ContentSecurityPolicy.h:
3050         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
3051         (WebCore::ContentSecurityPolicyDirectiveList::checkSourceAndReportViolation): Add message prefix for a child-src violation.
3052         We use the same message prefix as used by Blink.
3053         (WebCore::ContentSecurityPolicyDirectiveList::allowChildContextFromSource): Added.
3054         (WebCore::ContentSecurityPolicyDirectiveList::allowChildFrameFromSource): Modified to check the frame-src
3055         directive (if specified) before checking the child-src directive by <https://w3c.github.io/webappsec-csp/2/#directive-child-src-nested>.
3056         (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Parse the child-src directive.
3057         * page/csp/ContentSecurityPolicyDirectiveList.h:
3058         * workers/AbstractWorker.cpp:
3059         (WebCore::AbstractWorker::resolveURL): Check if the script URL for the worker is allowed by the child-src directive
3060         as opposed to the script-src directive. This is a backwards incompatible change from the CSP 1.0 spec.
3061         * workers/Worker.cpp:
3062         (WebCore::Worker::create): Enforce the child-src directive on redirects (if applicable).
3063
3064 2016-02-12  Saam barati  <sbarati@apple.com>
3065
3066         The parser doesn't properly protect against global variable references in builtins
3067         https://bugs.webkit.org/show_bug.cgi?id=154144
3068
3069         Reviewed by Geoffrey Garen.
3070
3071         Change JS builtins to no longer reference global variables.
3072
3073         No new tests because old tests cover the issues here.
3074
3075         * Modules/mediastream/NavigatorUserMedia.js:
3076         (webkitGetUserMedia):
3077         * Modules/mediastream/RTCPeerConnection.js:
3078         (addIceCandidate):
3079         (getStats):
3080         * Modules/mediastream/RTCPeerConnectionInternals.js:
3081         (setLocalOrRemoteDescription):
3082         * Modules/plugins/QuickTimePluginReplacement.js:
3083         (Replacement.prototype.handleEvent):
3084         * Modules/streams/ByteLengthQueuingStrategy.js:
3085         (initializeByteLengthQueuingStrategy):
3086         * Modules/streams/CountQueuingStrategy.js:
3087         (initializeCountQueuingStrategy):
3088         * Modules/streams/ReadableStreamInternals.js:
3089         (teeReadableStream):
3090         * bindings/js/JSDOMGlobalObject.cpp:
3091         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
3092         * bindings/js/WebCoreBuiltinNames.h:
3093
3094 2016-02-12  Jiewen Tan  <jiewen_tan@apple.com>
3095
3096         WebKit should expose the DOM 4 Event.isTrusted property
3097         https://bugs.webkit.org/show_bug.cgi?id=76121
3098         <rdar://problem/22558494>
3099
3100         Reviewed by Darin Adler.
3101
3102         Implements Event.isTrusted. The implementation here is slitely different from and better than
3103         the DOM specification. Here Event.isTrusted will be initialized differently depending on the
3104         callers of the constructors/create methods. If the caller is from user agent, the isTrusted
3105         will be true. Otherwise, it will be false. Since a user agent dispatched event can be catched
3106         and re-initialized/redispatched by the bindings, the flag will be unset at *Event::init*Event
3107         and EventTarget::dispatchEventForBindings. As currently there is no way to let user agent to
3108         dispatch a bindings created event, therefore we ensure that the Event.isTrusted is set for
3109         events dispatched by user agent, and unset for those by bindings.
3110
3111         EventTarget::dispatchEvent(Event*, ExceptionCode&) is renamed to EventTarget::dispatchEventForBindings
3112         in this patch as well. So that, together with the improved design of the API, developers in
3113         the future will be less likely using a wrong dispatchEvent method and setting Event.isTrusted
3114         incorrectly comparing to the DOM design.
3115
3116         After this patch, all events that are created by user agent should be dispatched by
3117         EventTarget::dispatchEvent, and those are created by bindings should be dispatched by
3118         EventTarget::dispatchEventForBindings.
3119
3120         Some of the changes in this patch referred Blink r198996:
3121         https://codereview.chromium.org/1241613004
3122
3123         Test: imported/blink/fast/events/event-trusted.html
3124
3125         * bindings/scripts/CodeGeneratorGObject.pm:
3126         (GenerateEventTargetIface):
3127         * dom/Event.cpp:
3128         (WebCore::Event::Event):
3129         (WebCore::Event::initEvent):
3130         * dom/Event.h:
3131         (WebCore::Event::isTrusted):
3132         (WebCore::Event::setUntrusted):
3133         * dom/Event.idl:
3134         * dom/EventTarget.cpp:
3135         (WebCore::EventTarget::dispatchEventForBindings):
3136         (WebCore::EventTarget::dispatchEvent): Deleted.
3137         * dom/EventTarget.h:
3138         * dom/EventTarget.idl:
3139         * page/DOMWindow.idl:
3140         * page/EventHandler.cpp:
3141         (WebCore::EventHandler::dispatchDragEvent):
3142         * workers/WorkerGlobalScope.idl:
3143
3144 2016-02-12  Brady Eidson  <beidson@apple.com>
3145
3146         Modern IDB: IDBObjectStore and IDBIndex need to be ActiveDOMObjects.
3147         https://bugs.webkit.org/show_bug.cgi?id=154153
3148
3149         Reviewed by Alex Christensen.
3150
3151         No new tests (No testable change in behavior).
3152
3153         This is needed so that IDBObjectStore and IDBIndex JS wrappers are not garbage collected
3154         while their IDBTransaction is still in progress.
3155
3156         * Modules/indexeddb/client/IDBIndexImpl.cpp:
3157         (WebCore::IDBClient::IDBIndex::IDBIndex):
3158         (WebCore::IDBClient::IDBIndex::activeDOMObjectName):
3159         (WebCore::IDBClient::IDBIndex::canSuspendForDocumentSuspension):
3160         (WebCore::IDBClient::IDBIndex::hasPendingActivity):
3161         * Modules/indexeddb/client/IDBIndexImpl.h:
3162         
3163         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
3164         (WebCore::IDBClient::IDBObjectStore::create):
3165         (WebCore::IDBClient::IDBObjectStore::IDBObjectStore):
3166         (WebCore::IDBClient::IDBObjectStore::activeDOMObjectName):
3167         (WebCore::IDBClient::IDBObjectStore::canSuspendForDocumentSuspension):
3168         (WebCore::IDBClient::IDBObjectStore::hasPendingActivity):
3169         (WebCore::IDBClient::IDBObjectStore::index):
3170         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
3171         
3172         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
3173         (WebCore::IDBClient::IDBTransaction::objectStore):
3174         (WebCore::IDBClient::IDBTransaction::createObjectStore):
3175         (WebCore::IDBClient::IDBTransaction::createIndex):
3176
3177 2016-02-12  Brady Eidson  <beidson@apple.com>
3178
3179         Modern IDB: Simplify the relationship between IDBObjectStore and IDBIndex.
3180         https://bugs.webkit.org/show_bug.cgi?id=154187
3181
3182         Reviewed by Alex Christensen.
3183
3184         Tests: storage/indexeddb/modern/deleteindex-3-private.html
3185                storage/indexeddb/modern/deleteindex-3.html
3186
3187         Instead of allowing IDBIndex to have two different lifecycle modes, it is now always
3188         owned by an IDBObjectStore.
3189         
3190         To support the case where an IDBIndex is deleted from its IDBObjectStore, the object
3191         store simply hangs on to deleted indexes until it is destroyed itself.
3192         
3193         * Modules/indexeddb/client/IDBIndexImpl.cpp:
3194         (WebCore::IDBClient::IDBIndex::markAsDeleted):
3195         (WebCore::IDBClient::IDBIndex::ref):
3196         (WebCore::IDBClient::IDBIndex::deref):
3197         * Modules/indexeddb/client/IDBIndexImpl.h:
3198         
3199         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
3200         (WebCore::IDBClient::IDBObjectStore::deleteIndex):
3201         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
3202
3203 2016-02-12  Myles C. Maxfield  <mmaxfield@apple.com>
3204
3205         [CSS Font Loading] Implement CSSFontFace Boilerplate
3206         https://bugs.webkit.org/show_bug.cgi?id=154145
3207
3208         Reviewed by Dean Jackson.
3209
3210         The CSS Font Loading spec[1] dictates that the FontFace object needs to have string
3211         accessors and mutators for a bunch of properties. Our CSSFontFace object currently
3212         contains this parsed information, but it isn't accessible via string-based methods.
3213         This patch adds the necessary accessors and mutators, and migrates CSSFontSelector
3214         to use these mutators where necessary.
3215
3216         There is more work to come on CSSFontFace; the next step is to create an .idl file
3217         and hook it up to our CSSFontFace object. In this patch I have left some
3218         unimplemented pieces (for example: where the spec dictates that some operation should
3219         throw a JavaScript exception) which will be implemented in a follow-up patch. This
3220         patch does not have any visible behavior change; I'm separating out the boilerplate
3221         into this patch in order to ease reviewing burden.
3222
3223         This patch separates the externally-facing JavaScript API into a new class, FontFace.
3224         This class owns a CSSFontFace, which provides the backing implementation. There will
3225         be a system of shared ownership of these objects once FontFaceSet is implemented.
3226
3227         No new tests because there is no behavior change.
3228
3229         * CMakeLists.txt: Add new files to CMake builds.
3230         * WebCore.vcxproj/WebCore.vcxproj: Ditto for Windows.
3231         * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
3232         * WebCore.xcodeproj/project.pbxproj: Ditto for Cocoa.
3233         * css/CSSAllInOne.cpp: Ditto for All-In-One builds.
3234         * css/CSSFontFace.cpp: Move shared code from CSSFontSelector into CSSFontFace.
3235         (WebCore::CSSFontFace::CSSFontFace):
3236         (WebCore::CSSFontFace::~CSSFontFace):
3237         (WebCore::CSSFontFace::setFamilies):
3238         (WebCore::CSSFontFace::setStyle):
3239         (WebCore::CSSFontFace::setWeight):
3240         (WebCore::CSSFontFace::setUnicodeRange):
3241         (WebCore::CSSFontFace::setVariantLigatures):
3242         (WebCore::CSSFontFace::setVariantPosition):
3243         (WebCore::CSSFontFace::setVariantCaps):
3244         (WebCore::CSSFontFace::setVariantNumeric):
3245         (WebCore::CSSFontFace::setVariantAlternates):
3246         (WebCore::CSSFontFace::setVariantEastAsian):
3247         (WebCore::CSSFontFace::setFeatureSettings):
3248         * css/CSSFontFace.h: Clean up.
3249         (WebCore::CSSFontFace::create):
3250         (WebCore::CSSFontFace::families):
3251         (WebCore::CSSFontFace::traitsMask):
3252         (WebCore::CSSFontFace::featureSettings):
3253         (WebCore::CSSFontFace::variantSettings):
3254         (WebCore::CSSFontFace::setVariantSettings):
3255         (WebCore::CSSFontFace::setTraitsMask):
3256         (WebCore::CSSFontFace::isLocalFallback):
3257         (WebCore::CSSFontFace::addRange): Deleted.
3258         (WebCore::CSSFontFace::insertFeature): Deleted.
3259         (WebCore::CSSFontFace::setVariantCommonLigatures): Deleted.
3260         (WebCore::CSSFontFace::setVariantDiscretionaryLigatures): Deleted.
3261         (WebCore::CSSFontFace::setVariantHistoricalLigatures): Deleted.
3262         (WebCore::CSSFontFace::setVariantContextualAlternates): Deleted.
3263         (WebCore::CSSFontFace::setVariantPosition): Deleted.
3264         (WebCore::CSSFontFace::setVariantCaps): Deleted.
3265         (WebCore::CSSFontFace::setVariantNumericFigure): Deleted.
3266         (WebCore::CSSFontFace::setVariantNumericSpacing): Deleted.
3267         (WebCore::CSSFontFace::setVariantNumericFraction): Deleted.
3268         (WebCore::CSSFontFace::setVariantNumericOrdinal): Deleted.
3269         (WebCore::CSSFontFace::setVariantNumericSlashedZero): Deleted.
3270         (WebCore::CSSFontFace::setVariantAlternates): Deleted.
3271         (WebCore::CSSFontFace::setVariantEastAsianVariant): Deleted.
3272         (WebCore::CSSFontFace::setVariantEastAsianWidth): Deleted.
3273         (WebCore::CSSFontFace::setVariantEastAsianRuby): Deleted.
3274         (WebCore::CSSFontFace::CSSFontFace): Deleted.
3275         * css/CSSFontSelector.cpp: Migrate shared code into CSSFontFace, and udpate
3276         to use the new API.
3277         (WebCore::appendSources):
3278         (WebCore::registerLocalFontFacesForFamily):
3279         (WebCore::CSSFontSelector::addFontFaceRule):
3280         (WebCore::computeTraitsMask): Deleted.
3281         (WebCore::createFontFace): Deleted.
3282         * css/FontFace.cpp: Added. External JavaScript API. Owns a CSSFontFace.
3283         (WebCore::FontFace::FontFace):
3284         (WebCore::FontFace::~FontFace):
3285         (WebCore::parseString):
3286         (WebCore::FontFace::setFamily):
3287         (WebCore::FontFace::setStyle):
3288         (WebCore::FontFace::setWeight):
3289         (WebCore::FontFace::setStretch):
3290         (WebCore::FontFace::setUnicodeRange):
3291         (WebCore::FontFace::setVariant):
3292         (WebCore::FontFace::setFeatureSettings):
3293         (WebCore::FontFace::family):
3294         (WebCore::FontFace::style):
3295         (WebCore::FontFace::weight):
3296         (WebCore::FontFace::stretch):
3297         (WebCore::FontFace::unicodeRange):
3298         (WebCore::FontFace::variant):
3299         (WebCore::FontFace::featureSettings):
3300         * css/FontFace.h: Added. Ditto.
3301         (WebCore::FontFace::create):
3302         * css/FontVariantBuilder.cpp: Added. Moved code here from FontVariantBuilder.h.
3303         Refactored to support a new client (CSSFontFace).
3304         (WebCore::extractFontVariantLigatures):
3305         (WebCore::extractFontVariantNumeric):
3306         (WebCore::extractFontVariantEastAsian):
3307         (WebCore::computeFontVariant):
3308         * css/FontVariantBuilder.h: Moved code from here into FontVariantBuilder.cpp.
3309         (WebCore::applyValueFontVariantLigatures): Deleted.
3310         (WebCore::applyValueFontVariantNumeric): Deleted.
3311         (WebCore::applyValueFontVariantEastAsian): Deleted.
3312         * css/StyleBuilderCustom.h: Update for new FontVariantBuilder API.
3313         (WebCore::StyleBuilderCustom::applyValueFontVariantLigatures):
3314         (WebCore::StyleBuilderCustom::applyValueFontVariantNumeric):
3315         (WebCore::StyleBuilderCustom::applyValueFontVariantEastAsian):
3316         * platform/text/TextFlags.h: Provide convenience classes.
3317         (WebCore::FontVariantLigaturesValues::FontVariantLigaturesValues):
3318         (WebCore::FontVariantNumericValues::FontVariantNumericValues):
3319         (WebCore::FontVariantEastAsianValues::FontVariantEastAsianValues):
3320
3321 2016-02-12  Jer Noble  <jer.noble@apple.com>
3322
3323         Build fix after r196506; publish MediaResourceLoader.h as a private header so it can be used by
3324         TestWebKitAPI.
3325
3326         * WebCore.xcodeproj/project.pbxproj:
3327
3328 2016-02-11  Jer Noble  <jer.noble@apple.com>
3329
3330         [Mac] Adopt MediaResourceLoader (instead of CachedResourceLoader) in WebCoreNSURLSession.
3331         https://bugs.webkit.org/show_bug.cgi?id=154136
3332
3333         Reviewed by Alex Christensen.
3334
3335         MediaResourceLoader already supports using CORS attribute to verify CORS access requirements
3336         when loading media resources, so use it, rather than CachedResourceLoader, as the backing for
3337         WebCoreNSURLSession.
3338
3339         * platform/network/cocoa/WebCoreNSURLSession.h:
3340         * platform/network/cocoa/WebCoreNSURLSession.mm:
3341         (-[WebCoreNSURLSession delegateQueue]):
3342         (-[WebCoreNSURLSession streamTaskWithNetService:]):
3343         (-[WebCoreNSURLSession isKindOfClass:]):
3344         (-[WebCoreNSURLSessionDataTask initWithSession:identifier:request:]):
3345         (-[WebCoreNSURLSessionDataTask _restart]):
3346         (-[WebCoreNSURLSessionDataTask _cancel]):
3347         (-[WebCoreNSURLSessionDataTask resume]):
3348         (-[WebCoreNSURLSessionDataTask _timingData]):
3349         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
3350         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
3351         (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Deleted.
3352         (-[WebCoreNSURLSession loader]): Deleted.
3353         (WebCore::WebCoreNSURLSessionDataTaskClient::dataSent): Deleted.
3354         (WebCore::WebCoreNSURLSessionDataTaskClient::responseReceived): Deleted.
3355         (WebCore::WebCoreNSURLSessionDataTaskClient::dataReceived): Deleted.
3356         (WebCore::WebCoreNSURLSessionDataTaskClient::redirectReceived): Deleted.
3357         (WebCore::WebCoreNSURLSessionDataTaskClient::notifyFinished): Deleted.
3358         (-[WebCoreNSURLSessionDataTask initWithSession:identifier:URL:]): Deleted.
3359         (-[WebCoreNSURLSessionDataTask _finish]): Deleted.
3360         (-[WebCoreNSURLSessionDataTask _setDefersLoading:]): Deleted.
3361         (-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]): Deleted.
3362         (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]): Deleted.
3363         (-[WebCoreNSURLSessionDataTask resourceFinished:]): Deleted.
3364         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
3365         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
3366
3367 2016-02-12  Alex Christensen  <achristensen@webkit.org>
3368
3369         Fix non-internal builds when using NetworkSession
3370         https://bugs.webkit.org/show_bug.cgi?id=152285
3371
3372         * platform/spi/cf/CFNetworkSPI.h:
3373         Add SPI declaration used in r194156.
3374
3375 2016-02-12  Andreas Kling  <akling@apple.com>
3376
3377         Throw out all live resource decoded data on memory pressure / suspension.
3378         <https://webkit.org/b/154176>
3379
3380         Reviewed by Antti Koivisto.
3381
3382         When pruning live resource decoded data from the memory cache,
3383         we normally avoid pruning anything that's been painted in the last second.
3384         This is an optimization to avoid getting into image decoding loops.
3385
3386         For memory pressure / process suspension scenarios this doesn't really
3387         make sense though:
3388
3389             - In the pressure case, if we have to render again soon it'll likely
3390               be a new GIF frame which we have to decode anyway.
3391
3392             - In the process suspension case, we might *never* render again,
3393               so we should be good citizens and drop all the decoded data we can.
3394
3395         This patch makes us drop all the decoded data, recently painted or not.
3396
3397         * platform/MemoryPressureHandler.cpp:
3398         (WebCore::MemoryPressureHandler::releaseCriticalMemory):
3399
3400 2016-02-12  Gavin Barraclough  <barraclough@apple.com>
3401
3402         Separate out !allowsAccess path in JSDOMWindowCustom getOwnPropertySlot
3403         https://bugs.webkit.org/show_bug.cgi?id=154156
3404
3405         Reviewed by Chris Dumez.
3406
3407         JSDOMWindowCustom getOwnPropertySlot currently allows cross-origin access to all
3408         static properties, relying on the property to perform the access check. This is
3409         a little insecure, since it is error prone - someone could easily add a property
3410         to the static table without realizing it would be automatcially exposed.
3411
3412         Instead, add a hard-coded filter to restrict access. As a future implementation
3413         we might consider autogenerating this (the properties are already tagged in IDL,
3414         we might be able to track this in a flag on the static table).
3415
3416         By separating out the handling of the same- and cross-origin access we can
3417         simplify & make the policy being enforced much clearer.
3418
3419         * bindings/js/JSDOMBinding.cpp:
3420         (WebCore::objectToStringFunctionGetter): Deleted.
3421             - removed objectToStringFunctionGetter - this duplicated functionality of
3422               nonCachingStaticFunctionGetter.
3423         * bindings/js/JSDOMBinding.h:
3424         (WebCore::objectToStringFunctionGetter): Deleted.
3425             - removed objectToStringFunctionGetter - this duplicated functionality of
3426               nonCachingStaticFunctionGetter.
3427         * bindings/js/JSDOMWindowCustom.cpp:
3428         (WebCore::jsDOMWindowGetOwnPropertySlotDisallowAccess):
3429             - explicitly handle providing access to only the things we do want to allow cross-origin.
3430         (WebCore::JSDOMWindow::getOwnPropertySlot):
3431         (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
3432             - push all !allowsAccess handling to jsDOMWindowGetOwnPropertySlotDisallowAccess
3433         (WebCore::childFrameGetter): Deleted.
3434             - this was just a deoptimiztion - moving access into a callback saved very