fa619a325b3dc3299f388e69a091c73035ef85ef
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2018-05-07  Daniel Bates  <dabates@apple.com>
2
3         Check X-Frame-Options and CSP frame-ancestors in network process
4         https://bugs.webkit.org/show_bug.cgi?id=185410
5         <rdar://problem/37733934>
6
7         Reviewed by Ryosuke Niwa.
8
9         * WebCore.xcodeproj/project.pbxproj: Make PingLoader.h a private header so that we can include it in WebKit.
10         * loader/DocumentLoader.cpp:
11         (WebCore::DocumentLoader::responseReceived): Only check CSP frame-ancestors and X-Frame-Options here if
12         we are not checking them in the NetworkProcess and HTTP response access is restricted. I code is otherwise kept
13         unchanged. There may be opportunities to clean this code up more and share more of it. We should look into this
14         in subsequent bugs.
15         * loader/DocumentLoader.h: Change visibility of stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() from
16         private to public and export it so that we can call it from the WebKit.
17         * loader/PingLoader.h:
18         * page/Settings.yaml: Add a new setting called networkProcessCSPFrameAncestorsCheckingEnabled (defaults: false)
19         and is hardcoded in WebPage.cpp to be enabled. This setting is used to determine if we will be using the NetworkProcess.
20         Ideally we wouldn't have this setting and just key off RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess().
21         However RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() is always enabled in WebKit Legacy
22         at the time of writing (why?). And, strangely, RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()
23         is conditionally enabled in WebKit. For now, we add a new setting, networkProcessCSPFrameAncestorsCheckingEnabled,
24         to determine if CSP checking should be performed in NetworkProcess. For checking to actually happen in NetworkProcess
25         and not in DocumentLoader::responseReceived() RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()
26         will also need to be enabled.
27         * page/csp/ContentSecurityPolicy.cpp:
28         (WebCore::ContentSecurityPolicy::allowFrameAncestors const): Added a variant that takes a vector of ancestor origins.
29         * page/csp/ContentSecurityPolicy.h:
30         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
31         (WebCore::checkFrameAncestors): Ditto.
32         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForFrameAncestorOrigins const): Ditto.
33         * page/csp/ContentSecurityPolicyDirectiveList.h: Export constructor so that we can invoke it from NetworkResourceLoader::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions().
34         * page/csp/ContentSecurityPolicyResponseHeaders.h:
35         * platform/network/HTTPParsers.h: Export XFrameOptionsDisposition() so that we can use in WebKit.
36
37 2018-05-07  Daniel Bates  <dabates@apple.com>
38
39         Abstract logic to log console messages and send CSP violation reports into a client
40         https://bugs.webkit.org/show_bug.cgi?id=185393
41         <rdar://problem/40036053>
42
43         Reviewed by Brent Fulgham.
44
45         First pass at adding infrastructure to supporting CSP reporting from NetworkProcess and workers.
46         Replaces the existing ContentSecurityPolicy constructor that takes a Frame with one that
47         takes a ContentSecurityPolicyClient to delegate to for logging and sending reports. We will look
48         to remove ContentSecurityPolicy constructor that takes a ScriptExecutionContext in a follow up.
49
50         Standardize on instantiating a ContentSecurityPolicy with the full URL to resource that it protects
51         instead of taking only the SecurityOrigin of this URL. By taking the full URL the ContentSecurityPolicy
52         object is now capable of resolving a relative report URL without needing a Document/ScriptExecutionContext.
53
54         We are underutilizing the CSPInfo struct and ContentSecurityPolicyClient::willSendCSPViolationReport()
55         delegate callback in this patch. We will make use of this functionality in a subsequent patch to
56         support collecting script state (e.g. source line number) when reporting CSP violations in worker
57         threads. We also no longer go through the unnecessary motions to try to collect script state for a
58         frame-ancestors violation (since DocumentLoader extends ContentSecurityPolicyClient and does not
59         implement ContentSecurityPolicyClient::willSendCSPViolationReport()). The frame-ancestors directive
60         is checked before a document is parsed and executes script; => there will never be any script state
61         to collect; => it is not necessary to try to collect it as we currently do.
62
63         * Sources.txt: Add file ContentSecurityPolicyClient.cpp. See the remarks for ContentSecurityPolicyClient.cpp
64         below on why we have this file.
65         * WebCore.xcodeproj/project.pbxproj: Add files ContentSecurityPolicyClient.{h, cpp}.
66         * dom/Document.cpp:
67         (WebCore::Document::initSecurityContext): Pass the URL of the protected document.
68         * loader/DocumentLoader.cpp:
69         (WebCore::DocumentLoader::responseReceived): Ditto.
70         (WebCore::DocumentLoader::addConsoleMessage): Added.
71         (WebCore::DocumentLoader::sendCSPViolationReport): Added.
72         (WebCore::DocumentLoader::dispatchSecurityPolicyViolationEvent): Added.
73         * loader/DocumentLoader.h:
74         * loader/FrameLoaderClient.h: Fix typo in comment.
75         * loader/WorkerThreadableLoader.cpp:
76         (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass the URL of the worker script.
77         * page/csp/ContentSecurityPolicy.cpp:
78         (WebCore::ContentSecurityPolicy::ContentSecurityPolicy): Added overload that takes a URL&& and an optional
79         ContentSecurityPolicyClient*.
80         (WebCore::ContentSecurityPolicy::deprecatedURLForReporting const): Extracted and simplified stripURLForUseInReport()
81         into this member function.
82         (WebCore::ContentSecurityPolicy::reportViolation const): Modified to make use of the client, if we have
83         one and removed code for handling a ContentSecurityPolicy that was instantiated with a Frame.
84         (WebCore::ContentSecurityPolicy::logToConsole const): Ditto.
85         (WebCore::stripURLForUseInReport): Deleted; incorporated into ContentSecurityPolicy::deprecatedURLForReporting().
86         * page/csp/ContentSecurityPolicy.h:
87         * page/csp/ContentSecurityPolicyClient.cpp: Added. This file exists so that we can define the virtual
88         destructor out-of-line and export this abstract class so as to avoid the need for the vtable to be
89         defined in the translation unit of each derived class.
90         * page/csp/ContentSecurityPolicyClient.h: Added.
91         * page/csp/ContentSecurityPolicySource.cpp:
92         (WebCore::ContentSecurityPolicySource::operator SecurityOriginData const): Added.
93         * page/csp/ContentSecurityPolicySource.h:
94         * workers/WorkerGlobalScope.cpp:
95         (WebCore::WorkerGlobalScope::WorkerGlobalScope): Instantiate the ContentSecurityPolicy object with the
96         URL of the worker script.
97
98 2018-05-07  Simon Fraser  <simon.fraser@apple.com>
99
100         CSS filters which reference SVG filters fail to respect the "color-interpolation-filters" of the filter
101         https://bugs.webkit.org/show_bug.cgi?id=185343
102
103         Reviewed by Dean Jackson.
104
105         Test: css3/filters/color-interpolation-filters.html
106         
107         When applying CSS reference filters, apply the value of "color-interpolation-filters" for the
108         referenced filter effect element, just as we do for SVG filters.
109
110         * rendering/FilterEffectRenderer.cpp:
111         (WebCore::FilterEffectRenderer::buildReferenceFilter):
112
113 2018-05-07  Daniel Bates  <dabates@apple.com>
114
115         CSP status-code incorrect for document blocked due to violation of its frame-ancestors directive
116         https://bugs.webkit.org/show_bug.cgi?id=185366
117         <rdar://problem/40035116>
118
119         Reviewed by Brent Fulgham.
120
121         Fixes an issue where the status-code in the sent CSP report for an HTTP document blocked because
122         its frame-ancestors directive was violated would be the status code of the previously loaded
123         document in the frame. If the previously loaded document was about:blank then this would be 0.
124
125         Currently whenever we send a CSP report we ask the document's loader (Document::loader()) for the
126         HTTP status code for the last response. Document::loader() returns the loader for the last committed
127         document its frame. For a frame-ancestors violation, a CSP report is sent before the document
128         that had the frame-ancestors directive has been committed and after it has been associate with a frame.
129         As a result we are in are in a transient transition state for the frame and hence the last response
130         for new document's loader (Document::loader()) is actually the last response of the previously loaded
131         document in the frame. Instead we need to take care to tell CSP about the HTTP status code for the
132         response associated with the document the CSP came from.
133
134         * dom/Document.cpp:
135         (WebCore::Document::processHttpEquiv):
136         (WebCore::Document::initSecurityContext):
137         Pass the HTTP status code to CSP.
138
139         * page/csp/ContentSecurityPolicy.cpp:
140         (WebCore::ContentSecurityPolicy::copyStateFrom):
141         (WebCore::ContentSecurityPolicy::responseHeaders const):
142         (WebCore::ContentSecurityPolicy::didReceiveHeaders):
143         (WebCore::ContentSecurityPolicy::didReceiveHeader):
144         (WebCore::ContentSecurityPolicy::reportViolation const):
145         * page/csp/ContentSecurityPolicy.h:
146         Modify existing functions to take the HTTP status code, store it in a instance variable,
147         and reference this variable when reporting a violation.
148
149         * page/csp/ContentSecurityPolicyResponseHeaders.cpp:
150         (WebCore::ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders):
151         (WebCore::ContentSecurityPolicyResponseHeaders::isolatedCopy const):
152         * page/csp/ContentSecurityPolicyResponseHeaders.h:
153         (WebCore::ContentSecurityPolicyResponseHeaders::encode const):
154         (WebCore::ContentSecurityPolicyResponseHeaders::decode):
155         Store the HTTP status code along with the response headers.
156
157 2018-05-07  Daniel Bates  <dabates@apple.com>
158
159         CSP referrer incorrect for document blocked due to violation of its frame-ancestors directive
160         https://bugs.webkit.org/show_bug.cgi?id=185380
161
162         Reviewed by Brent Fulgham.
163
164         Similar to <https://bugs.webkit.org/show_bug.cgi?id=185366>, fixes an issue where the referrer
165         in the sent CSP report for an HTTP document blocked because its frame-ancestors directive was
166         violated would be the referrer of the previously loaded document in the frame.
167
168         Currently whenever we send a CSP report we ask the document's loader (Document::loader()) for
169         the referrer for the last request. Document::loader() returns the loader for the last committed
170         document in its frame. For a frame-ancestors violation, a CSP report is sent before the document
171         that had the frame-ancestors directive has been committed and after it has been associate with a
172         frame. As a result we are in a transient transition state for the frame and hence the last request
173         for the new document's loader (Document::loader()) is actually the last request of the previously
174         loaded document in the frame. Instead we need to take care to tell CSP about the referrer for the
175         request associated with the document the CSP came from.
176
177         * loader/DocumentLoader.cpp:
178         (WebCore::DocumentLoader::responseReceived):
179
180 2018-05-07  Brent Fulgham  <bfulgham@apple.com>
181
182         Add experimental feature to prompt for Storage Access API use
183         https://bugs.webkit.org/show_bug.cgi?id=185335
184         <rdar://problem/39994649>
185
186         Reviewed by Alex Christensen and Youenn Fablet.
187
188         Create a new experimental feature that gates the ability of WebKit clients to prompt the user when
189         Storage Access API is invoked.
190
191         Currently this feature doesn't have any user-visible impact.
192
193         * page/RuntimeEnabledFeatures.h:
194         (WebCore::RuntimeEnabledFeatures::setStorageAccessPromptsEnabled):
195         (WebCore::RuntimeEnabledFeatures::storageAccessPromptsEnabled const):
196         * testing/InternalSettings.cpp:
197         (WebCore::InternalSettings::Backup::Backup):
198         (WebCore::InternalSettings::Backup::restoreTo):
199         (WebCore::InternalSettings::setStorageAccessPromptsEnabled):
200         * testing/InternalSettings.h:
201         * testing/InternalSettings.idl:
202
203 2018-05-07  Chris Dumez  <cdumez@apple.com>
204
205         Stop using an iframe's id as fallback if its name attribute is not set
206         https://bugs.webkit.org/show_bug.cgi?id=11388
207
208         Reviewed by Geoff Garen.
209
210         WebKit had logic to use an iframe's id as fallback name when its name
211         content attribute is not set. This behavior was not standard and did not
212         match other browsers:
213         - https://html.spec.whatwg.org/#attr-iframe-name
214
215         Gecko / Trident never behaved this way. Blink was aligned with us until
216         they started to match the specification in:
217         - https://bugs.chromium.org/p/chromium/issues/detail?id=347169
218
219         This WebKit quirk was causing some Web-compatibility issues because it
220         would affect the behavior of Window's name property getter when trying
221         to look up an iframe by id. Because of Window's named property getter
222         behavior [1], we would return the frame's contentWindow instead of the
223         iframe element itself.
224
225         [1] https://html.spec.whatwg.org/multipage/window-object.html#named-access-on-the-window-object
226
227         Test: fast/dom/Window/named-getter-frame-id.html
228
229         * html/HTMLFrameElementBase.cpp:
230         (WebCore::HTMLFrameElementBase::openURL):
231         (WebCore::HTMLFrameElementBase::parseAttribute):
232         (WebCore::HTMLFrameElementBase::didFinishInsertingNode):
233         * html/HTMLFrameElementBase.h:
234
235 2018-05-07  Chris Dumez  <cdumez@apple.com>
236
237         ASSERT(!childItemWithTarget(child->target())) is hit in HistoryItem::addChildItem()
238         https://bugs.webkit.org/show_bug.cgi?id=185322
239
240         Reviewed by Geoff Garen.
241
242         We generate unique names for Frame to be used in HistoryItem. Those names not only
243         need to be unique, they also need to be repeatable to avoid layout tests flakiness
244         and for things like restoring form state from a HistoryItem.
245
246         The previously generated frame names were relying on the Frame's index among a
247         parent Frame's children. The issue was that we could end up with duplicate names
248         because one could insert a Frame *before* an existing one. This is because the code
249         would not take care of updating existing Frames' unique name on frame tree mutation.
250
251         Updating frame tree names on mutation would be inefficient and is also not necessary.
252         The approach chosen in this patch is to stop using the Frame's index and instead rely
253         on an increasing counter stored on the top-frame's FrameTree. To make the names
254         repeatable, we reset the counter on page navigation.
255
256         * page/Frame.cpp:
257         (WebCore::Frame::setDocument):
258         * page/FrameTree.cpp:
259         (WebCore::FrameTree::uniqueChildName const):
260         (WebCore::FrameTree::generateUniqueName const):
261         * page/FrameTree.h:
262         (WebCore::FrameTree::resetFrameIdentifiers):
263
264 2018-05-07  Yacine Bandou  <yacine.bandou_ext@softathome.com>
265
266         [EME][GStreamer] Fix wrong subsample parsing on r227067
267         https://bugs.webkit.org/show_bug.cgi?id=185382
268
269         Reviewed by Philippe Normand.
270
271         The initialization of sampleIndex should be moved outside of the loop.
272         Without this patch we will have a bad log and the check of the subsample
273         count will be useless.
274
275         * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
276         (webKitMediaClearKeyDecryptorDecrypt):
277
278 2018-05-07  Daniel Bates  <dabates@apple.com>
279
280         CSP should be passed the referrer
281         https://bugs.webkit.org/show_bug.cgi?id=185367
282
283         Reviewed by Per Arne Vollan.
284
285         As a step towards formalizing a CSP delegate object and removing the dependencies
286         on ScriptExecutionContext and Frame, we should pass the document's referrer directly
287         instead of indirectly obtaining it from the ScriptExecutionContext or Frame used
288         to instantiate the ContentSecurityPolicy object.
289
290         * dom/Document.cpp:
291         (WebCore::Document::processHttpEquiv): Pass the document's referrer.
292         (WebCore::Document::initSecurityContext): Ditto.
293         (WebCore::Document::applyQuickLookSandbox): Ditto.
294         * loader/DocumentLoader.cpp:
295         (WebCore::DocumentLoader::responseReceived): Ditto.
296         * loader/FrameLoader.cpp:
297         (WebCore::FrameLoader::didBeginDocument): Ditto.
298         * page/csp/ContentSecurityPolicy.cpp:
299         (WebCore::ContentSecurityPolicy::copyStateFrom): We pass a null string for the referrer
300         to didReceiveHeader() as a placeholder since it requires the referrer be given to it. We
301         fix up the referrer (m_referrer) after copying all the policy headers.
302         (WebCore::ContentSecurityPolicy::didReceiveHeaders): Ditto.
303         (WebCore::ContentSecurityPolicy::didReceiveHeader): Modified to take a referrer and WTFMove()s
304         it into an instance variable (m_referrer).
305         (WebCore::ContentSecurityPolicy::reportViolation const): Modified to use the stored referrer.
306         * page/csp/ContentSecurityPolicy.h:
307         * workers/WorkerGlobalScope.cpp:
308         (WebCore::WorkerGlobalScope::applyContentSecurityPolicyResponseHeaders): Pass a null string
309         for the referrer as a worker does not have a referrer.
310
311 2018-05-07  Daniel Bates  <dabates@apple.com>
312
313         CSP should only notify Inspector to pause the debugger on the first policy to violate a directive
314         https://bugs.webkit.org/show_bug.cgi?id=185364
315
316         Reviewed by Brent Fulgham.
317
318         Notify Web Inspector that a script was blocked on the first enforced CSP policy that it
319         violates.
320
321         A page can have more than one enforced Content Security Policy. Currently for inline
322         scripts, inline event handlers, JavaScript URLs, and eval() that are blocked by CSP
323         we notify Web Inspector that it was blocked for each CSP policy that blocked it. When
324         Web Inspector is notified it pauses script execution. It does not seem very meaningful
325         to pause script execution on the same script for each CSP policy that blocked it.
326         Therefore, only tell Web Inspector that a script was blocked for the first enforced CSP
327         policy that blocked it.
328
329         * page/csp/ContentSecurityPolicy.cpp:
330         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs const):
331         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers const):
332         (WebCore::ContentSecurityPolicy::allowInlineScript const):
333         (WebCore::ContentSecurityPolicy::allowEval const):
334
335 2018-05-07  Daniel Bates  <dabates@apple.com>
336
337         Substitute CrossOriginPreflightResultCache::clear() for CrossOriginPreflightResultCache::empty()
338         https://bugs.webkit.org/show_bug.cgi?id=185170
339
340         Reviewed by Per Arne Vollan.
341
342         Rename CrossOriginPreflightResultCache::empty() to CrossOriginPreflightResultCache::clear() make
343         it consistent with the terminology we use in WebKit to signify a function that clears a collection.
344         A member function named "empty" is expected to return an instance of a class in its "empty state".
345         For example, StringImpl::empty() returns a StringImpl instance that represents the empty string.
346         However CrossOriginPreflightResultCache::empty() clears out the cache in-place. We should rename
347         this function to better describe its purpose.
348
349         * loader/CrossOriginPreflightResultCache.cpp:
350         (WebCore::CrossOriginPreflightResultCache::clear):
351         (WebCore::CrossOriginPreflightResultCache::empty): Deleted.
352         * loader/CrossOriginPreflightResultCache.h:
353
354 2018-05-06  Dean Jackson  <dino@apple.com>
355
356         WebGL: Reset simulated values after validation fails
357         https://bugs.webkit.org/show_bug.cgi?id=185363
358         <rdar://problem/39733417>
359
360         Reviewed by Anders Carlsson.
361
362         While fixing a previous bug, I forgot to reset some values
363         when validation fails. This caused a bug where a subsequent
364         invalid call might use those values and escape detection.
365
366         Test: fast/canvas/webgl/index-validation-with-subsequent-draws.html
367
368         * html/canvas/WebGLRenderingContextBase.cpp:
369         (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): Reset the
370         sizes when validation fails.
371         * html/canvas/WebGLRenderingContextBase.h:
372
373 2018-05-07  Ms2ger  <Ms2ger@igalia.com>
374
375         Support negative sw/sh values in createImageBitmap().
376         https://bugs.webkit.org/show_bug.cgi?id=184449
377
378         Reviewed by Dean Jackson.
379
380         Tests: LayoutTests/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage.html
381                LayoutTests/http/wpt/2dcontext/imagebitmap/createImageBitmap.html
382
383         * html/ImageBitmap.cpp:
384         (WebCore::ImageBitmap::createPromise): handle negative values per spec.
385
386 2018-05-07  Brian Burg  <bburg@apple.com>
387
388         Web Inspector: opt out of process swap on navigation if a Web Inspector frontend is connected
389         https://bugs.webkit.org/show_bug.cgi?id=184861
390         <rdar://problem/39153768>
391
392         Reviewed by Timothy Hatcher.
393
394         Notify the client of the current connection count whenever a frontend connects or disconnects.
395
396         Covered by new API test.
397
398         * inspector/InspectorClient.h:
399         (WebCore::InspectorClient::frontendCountChanged):
400         * inspector/InspectorController.cpp:
401         (WebCore::InspectorController::connectFrontend):
402         (WebCore::InspectorController::disconnectFrontend):
403         (WebCore::InspectorController::disconnectAllFrontends):
404         * inspector/InspectorController.h:
405
406 2018-05-07  Eric Carlson  <eric.carlson@apple.com>
407
408         Text track cue logging should include cue text
409         https://bugs.webkit.org/show_bug.cgi?id=185353
410         <rdar://problem/40003565>
411
412         Reviewed by Youenn Fablet.
413
414         No new tests, tested manually.
415
416         * html/track/VTTCue.cpp:
417         (WebCore::VTTCue::toJSONString const): Use toJSON.
418         (WebCore::VTTCue::toJSON const): New.
419         * html/track/VTTCue.h:
420
421         * platform/graphics/InbandTextTrackPrivateClient.h:
422         (WebCore::GenericCueData::toJSONString const): Log m_content.
423
424         * platform/graphics/iso/ISOVTTCue.cpp:
425         (WebCore::ISOWebVTTCue::toJSONString const): Log m_cueText.
426
427 2018-05-06  Zalan Bujtas  <zalan@apple.com>
428
429         [LFC] Add assertions for stale Display::Box geometry
430         https://bugs.webkit.org/show_bug.cgi?id=185357
431
432         Reviewed by Antti Koivisto.
433
434         Ensure that we don't access stale geometry of other boxes during layout.
435         For example, in order to layout a block child we need the containing block's content box top/left and width (but not the height)
436
437         * layout/displaytree/DisplayBox.h:
438         (WebCore::Display::Box::invalidateTop):
439         (WebCore::Display::Box::invalidateLeft):
440         (WebCore::Display::Box::invalidateWidth):
441         (WebCore::Display::Box::invalidateHeight):
442         (WebCore::Display::Box::hasValidPosition const):
443         (WebCore::Display::Box::hasValidSize const):
444         (WebCore::Display::Box::hasValidGeometry const):
445         (WebCore::Display::Box::invalidatePosition):
446         (WebCore::Display::Box::invalidateSize):
447         (WebCore::Display::Box::setHasValidPosition):
448         (WebCore::Display::Box::setHasValidSize):
449         (WebCore::Display::Box::setHasValidGeometry):
450         (WebCore::Display::Box::rect const):
451         (WebCore::Display::Box::top const):
452         (WebCore::Display::Box::left const):
453         (WebCore::Display::Box::bottom const):
454         (WebCore::Display::Box::right const):
455         (WebCore::Display::Box::topLeft const):
456         (WebCore::Display::Box::bottomRight const):
457         (WebCore::Display::Box::size const):
458         (WebCore::Display::Box::width const):
459         (WebCore::Display::Box::height const):
460         (WebCore::Display::Box::setRect):
461         (WebCore::Display::Box::setTopLeft):
462         (WebCore::Display::Box::setTop):
463         (WebCore::Display::Box::setLeft):
464         (WebCore::Display::Box::setSize):
465         (WebCore::Display::Box::setWidth):
466         (WebCore::Display::Box::setHeight):
467
468 2018-05-06  Zalan Bujtas  <zalan@apple.com>
469
470         [LFC] Add BlockFormattingContext::computeStaticPosition
471         https://bugs.webkit.org/show_bug.cgi?id=185352
472
473         Reviewed by Antti Koivisto.
474
475         This is the core logic for positioning inflow boxes in a block formatting context (very naive though).
476
477         * layout/blockformatting/BlockFormattingContext.cpp:
478         (WebCore::Layout::BlockFormattingContext::computeStaticPosition const):
479         * layout/displaytree/DisplayBox.h:
480
481 2018-05-05  Sam Weinig  <sam@webkit.org>
482
483         Cleanup XMLHttpRequestUpload a little
484         https://bugs.webkit.org/show_bug.cgi?id=185344
485
486         Reviewed by Yusuke Suzuki.
487
488         * bindings/js/JSXMLHttpRequestCustom.cpp:
489         (WebCore::JSXMLHttpRequest::visitAdditionalChildren):
490         Use auto to reduce redundancy.
491
492         * xml/XMLHttpRequest.cpp:
493         (WebCore::XMLHttpRequest::upload):
494         * xml/XMLHttpRequest.h:
495         Switch upload() to return a reference.
496         
497         * xml/XMLHttpRequestUpload.cpp:
498         (WebCore::XMLHttpRequestUpload::XMLHttpRequestUpload):
499         (WebCore::XMLHttpRequestUpload::dispatchProgressEvent):
500         * xml/XMLHttpRequestUpload.h:
501         Cleanup formatting, modernize and switch XMLHttpRequest member from a pointer
502         to a reference.
503
504 2018-05-05  Dean Jackson  <dino@apple.com>
505
506         Draw a drop-shadow behind the system preview badge
507         https://bugs.webkit.org/show_bug.cgi?id=185356
508         <rdar://problem/40004936>
509
510         Reviewed by Wenson Hsieh.
511
512         Draw a very subtle drop-shadow under the system
513         preview badge so that it is more visible on a pure
514         white background.
515
516         I also moved some code around to make it more clear
517         and improved comments.
518
519         * rendering/RenderThemeIOS.mm:
520         (WebCore::RenderThemeIOS::paintSystemPreviewBadge):
521
522 2018-05-04  Wenson Hsieh  <wenson_hsieh@apple.com>
523
524         [iOS] Multiple links in Mail are dropped in a single line, and are difficult to tell apart
525         https://bugs.webkit.org/show_bug.cgi?id=185289
526         <rdar://problem/35756912>
527
528         Reviewed by Tim Horton and Darin Adler.
529
530         When inserting multiple URLs as individual items in a single drop, we currently separate each item with a space
531         (see r217284). However, it still seems difficult to tell dropped links apart. This patch makes some slight
532         tweaks to WebContentReader::readURL so that it inserts line breaks before dropped URLs, if the dropped URL isn't
533         the first item to be inserted in the resulting document fragment.
534
535         Augments existing API tests in DataInteractionTests.
536
537         * editing/ios/WebContentReaderIOS.mm:
538
539         Additionally remove some extraneous header imports from this implementation file.
540
541         (WebCore::WebContentReader::readURL):
542
543 2018-05-02  Dean Jackson  <dino@apple.com>
544
545         Use IOSurfaces for CoreImage operations where possible
546         https://bugs.webkit.org/show_bug.cgi?id=185230
547         <rdar://problem/39926929>
548
549         Reviewed by Jon Lee.
550
551         On iOS hardware, we can use IOSurfaces as a rendering destination
552         for CoreImage, which means we're keeping data on the GPU
553         for rendering.
554
555         As a drive-by fix, I used a convenience method for Gaussian blurs.
556
557         * rendering/RenderThemeIOS.mm:
558         (WebCore::RenderThemeIOS::paintSystemPreviewBadge):
559
560 2018-05-04  Tim Horton  <timothy_horton@apple.com>
561
562         Shift to a lower-level framework for simplifying URLs
563         https://bugs.webkit.org/show_bug.cgi?id=185334
564
565         Reviewed by Dan Bernstein.
566
567         * Configurations/WebCore.xcconfig:
568         * platform/mac/DragImageMac.mm:
569         (WebCore::LinkImageLayout::LinkImageLayout):
570
571 2018-05-03  Ryosuke Niwa  <rniwa@webkit.org>
572
573         Release assert in ScriptController::canExecuteScripts via HTMLMediaElement::~HTMLMediaElement()
574         https://bugs.webkit.org/show_bug.cgi?id=185288
575
576         Reviewed by Jer Noble.
577
578         The crash is caused by HTMLMediaElement::~HTMLMediaElement canceling the resource load via CachedResource
579         which ends up calling FrameLoader::checkCompleted() and fire load event on the document synchronously.
580         Speculatively fix the crash by scheduling the check instead.
581
582         In long term, ResourceLoader::cancel should never fire load event synchronously: webkit.org/b/185284.
583
584         Unfortunately, no new tests since I can't get MediaResource to get destructed at the right time.
585
586         * html/HTMLMediaElement.cpp:
587         (WebCore::HTMLMediaElement::isRunningDestructor): Added to detect this specific case.
588         (WebCore::HTMLMediaElementDestructorScope): Added.
589         (WebCore::HTMLMediaElementDestructorScope::HTMLMediaElementDestructorScope): Added.
590         (WebCore::HTMLMediaElementDestructorScope::~HTMLMediaElementDestructorScope): Added.
591         (WebCore::HTMLMediaElement::~HTMLMediaElement): Instantiate HTMLMediaElement.
592         * html/HTMLMediaElement.h:
593         * loader/FrameLoader.cpp:
594         (WebCore::FrameLoader::checkCompleted): Call scheduleCheckCompleted instead of synchronously calling
595         checkCompleted if we're in the middle of destructing a HTMLMediaElement.
596
597 2018-05-04  Ryosuke Niwa  <rniwa@webkit.org>
598
599         Rename DocumentOrderedMap to TreeScopeOrderedMap
600         https://bugs.webkit.org/show_bug.cgi?id=185290
601
602         Reviewed by Zalan Bujtas.
603
604         Renamed the class since it's almost always a mistake to use this class as a member variable of Document.
605
606         * Sources.txt:
607         * WebCore.xcodeproj/project.pbxproj:
608         * dom/MouseRelatedEvent.cpp: Include the forgotten DOMWindow.h. Unified build files bit us here.
609         * dom/TreeScope.cpp:
610         (WebCore::TreeScope::addElementById):
611         (WebCore::TreeScope::addElementByName):
612         (WebCore::TreeScope::addImageMap):
613         (WebCore::TreeScope::addImageElementByUsemap):
614         (WebCore::TreeScope::labelElementForId):
615         * dom/TreeScope.h:
616         * dom/TreeScopeOrderedMap.cpp: Renamed from DocumentOrderedMap.cpp
617         * dom/TreeScopeOrderedMap.h: Renamed from DocumentOrderedMap.h
618         * html/HTMLDocument.h:
619
620 2018-05-04  Don Olmstead  <don.olmstead@sony.com>
621
622         [Win][WebKit] Fix forwarding headers for Windows build
623         https://bugs.webkit.org/show_bug.cgi?id=184412
624
625         Reviewed by Alex Christensen.
626
627         No new tests. No change in behavior.
628
629         * PlatformWin.cmake:
630
631 2018-05-04  Zalan Bujtas  <zalan@apple.com>
632
633         [Simple line layout] Add support for line layout box generation with multiple text renderers.
634         https://bugs.webkit.org/show_bug.cgi?id=185276
635
636         Reviewed by Antti Koivisto.
637
638         Covered by existing tests.
639
640         * rendering/SimpleLineLayoutFunctions.cpp:
641         (WebCore::SimpleLineLayout::canUseForLineBoxTree):
642         (WebCore::SimpleLineLayout::generateLineBoxTree):
643         * rendering/SimpleLineLayoutResolver.cpp:
644         (WebCore::SimpleLineLayout::RunResolver::Run::renderer const):
645         (WebCore::SimpleLineLayout::RunResolver::Run::localStart const):
646         (WebCore::SimpleLineLayout::RunResolver::Run::localEnd const):
647         * rendering/SimpleLineLayoutResolver.h:
648
649 2018-05-04  Timothy Hatcher  <timothy@apple.com>
650
651         Deprecate legacy WebView and friends
652         https://bugs.webkit.org/show_bug.cgi?id=185279
653         rdar://problem/33268700
654
655         Reviewed by Tim Horton.
656
657         * Configurations/WebCore.xcconfig:
658         Added BUILDING_WEBKIT define to disable the deprecation macros.
659         * bridge/objc/WebScriptObject.h:
660         Added deprecation macros to WebScriptObject and WebUndefined.
661         * platform/cocoa/WebKitAvailability.h:
662         Added more macros and a way to disable deprecation warnings for
663         WebKit build and in clients like Safari.
664
665 2018-05-04  Eric Carlson  <eric.carlson@apple.com>
666
667         Log media time range as JSON
668         https://bugs.webkit.org/show_bug.cgi?id=185321
669         <rdar://problem/39986746>
670
671         Reviewed by Youenn Fablet.
672
673         No new tests, tested manually.
674
675         * html/HTMLMediaElement.cpp:
676         (WebCore::HTMLMediaElement::addPlayedRange): Log as time range.
677         (WebCore::HTMLMediaElement::visibilityStateChanged): Cleanup.
678
679         * platform/graphics/MediaPlayer.h:
680         (WTF::LogArgument<MediaTime>::toString):
681         (WTF::LogArgument<MediaTimeRange>::toString):
682
683         * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
684         (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings): Log error as time range.
685
686 2018-05-04  Zalan Bujtas  <zalan@apple.com>
687
688         Use the containing block to compute the pagination gap when the container is inline.
689         https://bugs.webkit.org/show_bug.cgi?id=184724
690         <rdar://problem/39521800>
691
692         Reviewed by Simon Fraser.
693
694         Test: fast/overflow/page-overflow-with-inline-body-crash.html
695
696         * page/FrameView.cpp:
697         (WebCore::FrameView::applyPaginationToViewport):
698
699 2018-05-04  Tim Horton  <timothy_horton@apple.com>
700
701         Don't use GSFont* in minimal simulator mode
702         https://bugs.webkit.org/show_bug.cgi?id=185320
703         <rdar://problem/39734478>
704
705         Reviewed by Beth Dakin.
706
707         * page/cocoa/MemoryReleaseCocoa.mm:
708         (WebCore::platformReleaseMemory):
709
710 2018-05-04  Chris Dumez  <cdumez@apple.com>
711
712         Unreviewed, rolling out r231331.
713
714         Caused a few tests to assert
715
716         Reverted changeset:
717
718         "Stop using an iframe's id as fallback if its name attribute
719         is not set"
720         https://bugs.webkit.org/show_bug.cgi?id=11388
721         https://trac.webkit.org/changeset/231331
722
723 2018-05-04  Youenn Fablet  <youenn@apple.com>
724
725         Use more references in updateTracksOfType
726         https://bugs.webkit.org/show_bug.cgi?id=185305
727
728         Reviewed by Eric Carlson.
729
730         No change of behavior.
731
732         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
733         (WebCore::updateTracksOfType):
734         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks):
735
736 2018-05-04  Myles C. Maxfield  <mmaxfield@apple.com>
737
738         Text shaping in the simple path is flipped in the y direction
739         https://bugs.webkit.org/show_bug.cgi?id=185062
740         <rdar://problem/39778678>
741
742         Reviewed by Simon Fraser.
743
744         Shaping in our simple codepath occurs in an "increasing-y-goes-up" coordinate system, but our painting
745         code uses an "increasing-y-goes-down" coordinate system. We weren't fixing up the coordinate systems
746         because we never noticed. This is because the simple codepath is only designed for kerning and ligatures,
747         neither of which move glyphs vertically in the common case.
748
749         Test: fast/text/vertical-displacement-simple-codepath.html
750
751         * platform/graphics/Font.cpp:
752         (WebCore::Font::applyTransforms const):
753         * platform/graphics/WidthIterator.cpp:
754         (WebCore::WidthIterator::applyFontTransforms):
755
756 2018-05-04  Chris Nardi  <cnardi@chromium.org>
757
758         Serialize all URLs with double-quotes per CSSOM spec
759         https://bugs.webkit.org/show_bug.cgi?id=184935
760
761         Reviewed by Antti Koivisto.
762
763         According to https://drafts.csswg.org/cssom/#serialize-a-url, all URLs should be serialized as strings,
764         which means they should have double quotes around the text of the URL. Update our implementation to match
765         this (and Firefox/Chrome). Also remove isCSSTokenizerURL() as this method is no longer needed.
766
767         Tests: Many LayoutTests updated to use double quotes.
768
769         * css/CSSMarkup.cpp:
770         (WebCore::serializeString): Remove FIXME as this was already fixed in a previous patch.
771         (WebCore::serializeURL): Remove FIXME and update implementation.
772
773 2018-05-04  Youenn Fablet  <youenn@apple.com>
774
775         LayoutTests/fast/mediastream/change-tracks-media-stream-being-played.html is crashing after r231304
776         https://bugs.webkit.org/show_bug.cgi?id=185303
777
778         Reviewed by Eric Carlson.
779
780         We need to stop observing the audio track like we do for video track once we are no longer interested in it.
781         Covered by test no longer crashing.
782
783         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
784         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks):
785
786 2018-05-04  Zalan Bujtas  <zalan@apple.com>
787
788         [LFC] Set the invalidation root as the result of style change.
789         https://bugs.webkit.org/show_bug.cgi?id=185301
790
791         Reviewed by Antti Koivisto.
792
793         Compute/propagate the update type on the ancestor chain and return the invalidation root
794         so that LayoutContext could use it as the entry point for the next layout frame.
795
796         * layout/LayoutContext.cpp:
797         (WebCore::Layout::LayoutContext::updateLayout):
798         (WebCore::Layout::LayoutContext::styleChanged):
799         * layout/LayoutContext.h: order is not important.
800         * layout/blockformatting/BlockInvalidation.cpp:
801         (WebCore::Layout::invalidationStopsAtFormattingContextBoundary):
802         (WebCore::Layout::computeUpdateType):
803         (WebCore::Layout::computeUpdateTypeForAncestor):
804         (WebCore::Layout::BlockInvalidation::invalidate):
805         * layout/blockformatting/BlockInvalidation.h:
806         * layout/inlineformatting/InlineInvalidation.cpp:
807         (WebCore::Layout::InlineInvalidation::invalidate):
808         * layout/inlineformatting/InlineInvalidation.h:
809
810 2018-05-04  Youenn Fablet  <youenn@apple.com>
811
812         PeerConnection should have its connectionState closed even if doing gathering
813         https://bugs.webkit.org/show_bug.cgi?id=185267
814
815         Reviewed by Darin Adler.
816
817         Test: webrtc/addICECandidate-closed.html
818
819         In case m_iceConnectionState is closed, m_connectionState should also be set to closed
820         and RTCPeerConnection should be closed so as to reject any other call.
821
822         * Modules/mediastream/RTCPeerConnection.cpp:
823         (WebCore::RTCPeerConnection::close):
824         (WebCore::RTCPeerConnection::updateConnectionState):
825
826 2018-05-04  Yacine Bandou  <yacine.bandou_ext@softathome.com>
827
828         [MSE][GStreamer] Delete properly the stream from the WebKitMediaSource
829         https://bugs.webkit.org/show_bug.cgi?id=185242
830
831         Reviewed by Xabier Rodriguez-Calvar.
832
833         When the sourceBuffer is removed from mediasource, the appropriate stream is not
834         properly deleted from WebKitMediaSource, because the appsrc and parser elements
835         of the stream are not removed from the WebKitMediaSource bin.
836
837         This patch avoids the regression of r231089, see https://bugs.webkit.org/show_bug.cgi?id=185071
838
839         * platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp:
840         (webKitMediaSrcFreeStream):
841
842 2018-05-04  Carlos Garcia Campos  <cgarcia@igalia.com>
843
844         [GTK] Epiphany (GNOME Web) says "Error downloading: Service Unavailable." when trying to download an image from discogs.com
845         https://bugs.webkit.org/show_bug.cgi?id=174730
846
847         Reviewed by Michael Catanzaro.
848
849         Export ResourceRequestBase::hasHTTPHeaderField().
850
851         * platform/network/ResourceRequestBase.h:
852
853 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
854
855         Use subprocess.call instead of os.system to handle path with spaces
856         https://bugs.webkit.org/show_bug.cgi?id=185291
857
858         Reviewed by Darin Adler.
859
860         If gperf path includes spaces, these python scripts fail to execute gperf.
861         We use subprocess module instead of os.system to invoke gperf.
862
863         * css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
864         * css/makeSelectorPseudoElementsMap.py:
865         * platform/network/create-http-header-name-table:
866
867 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
868
869         Unreviewed, attempt to fix WinCairo build failure
870         https://bugs.webkit.org/show_bug.cgi?id=185218
871
872         * platform/text/win/LocaleWin.cpp:
873         (WebCore::LocaleWin::getLocaleInfoString):
874
875 2018-05-03  Filip Pizlo  <fpizlo@apple.com>
876
877         Strings should not be allocated in a gigacage
878         https://bugs.webkit.org/show_bug.cgi?id=185218
879
880         Reviewed by Saam Barati.
881
882         No new tests because no new behavior.
883
884         * Modules/indexeddb/server/IDBSerialization.cpp:
885         (WebCore::decodeKey):
886         * bindings/js/SerializedScriptValue.cpp:
887         (WebCore::CloneDeserializer::readString):
888         * html/canvas/CanvasRenderingContext2D.cpp:
889         (WebCore::normalizeSpaces):
890         * html/parser/HTMLTreeBuilder.cpp:
891         (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::takeRemainingWhitespace):
892         * platform/URLParser.cpp:
893         (WebCore::percentEncodeByte):
894         (WebCore::serializeURLEncodedForm):
895         (WebCore::URLParser::serialize):
896         * platform/URLParser.h:
897         * platform/graphics/FourCC.cpp:
898         (WebCore::FourCC::toString const):
899         * platform/graphics/ca/GraphicsLayerCA.cpp:
900         (WebCore::GraphicsLayerCA::ReplicaState::cloneID const):
901         * platform/text/LocaleICU.cpp:
902         (WebCore::LocaleICU::decimalSymbol):
903         (WebCore::LocaleICU::decimalTextAttribute):
904         (WebCore::getDateFormatPattern):
905         (WebCore::LocaleICU::createLabelVector):
906         (WebCore::getFormatForSkeleton):
907         * platform/win/FileSystemWin.cpp:
908         (WebCore::FileSystem::getFinalPathName):
909         (WebCore::FileSystem::pathByAppendingComponent):
910         (WebCore::FileSystem::storageDirectory):
911
912 2018-05-02  Brent Fulgham  <bfulgham@apple.com>
913
914         Widgets should hold a WeakPtr to their parents
915         https://bugs.webkit.org/show_bug.cgi?id=185239
916         <rdar://problem/39741250>
917
918         Reviewed by Zalan Bujtas.
919
920         * platform/ScrollView.h:
921         (WebCore::ScrollView::weakPtrFactory): Added.
922         * platform/Widget.cpp:
923         (WebCore::Widget::init): Don't perform an unnecessary assignment.
924         (WebCore::Widget::setParent): Grab a WeakPtr to the parent ScrollView.
925         * platform/Widget.h:
926         (WebCore::Widget::parent const): Change type to a WeakPtr.
927
928 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
929
930         Use pointer instead of std::optional<T&>
931         https://bugs.webkit.org/show_bug.cgi?id=185186
932
933         Reviewed by Alex Christensen.
934
935         std::optional<T&> is not accepted in C++17 spec.
936         In this patch, we replace it with T*, which is well-aligned to
937         WebKit's convention.
938
939         * Modules/mediastream/RTCPeerConnection.cpp:
940         (WebCore::iceServersFromConfiguration):
941         (WebCore::RTCPeerConnection::initializeConfiguration):
942         (WebCore::RTCPeerConnection::setConfiguration):
943         * css/parser/CSSParser.cpp:
944         (WebCore::CSSParser::parseSystemColor):
945         * css/parser/CSSParser.h:
946         * dom/DatasetDOMStringMap.cpp:
947         (WebCore::DatasetDOMStringMap::item const):
948         (WebCore::DatasetDOMStringMap::namedItem const):
949         (WebCore:: const): Deleted.
950         * dom/DatasetDOMStringMap.h:
951         * dom/Element.cpp:
952         (WebCore::Element::insertAdjacentHTML):
953         * dom/Element.h:
954         * html/canvas/CanvasStyle.cpp:
955         (WebCore::parseColor):
956         * inspector/DOMEditor.cpp:
957         * platform/network/curl/CurlFormDataStream.cpp:
958         (WebCore::CurlFormDataStream::getPostData):
959         (): Deleted.
960         * platform/network/curl/CurlFormDataStream.h:
961         * platform/network/curl/CurlRequest.cpp:
962         (WebCore::CurlRequest::setupPOST):
963         * testing/MockCDMFactory.cpp:
964         (WebCore::MockCDMFactory::keysForSessionWithID const):
965         (WebCore::MockCDMInstance::updateLicense):
966         (WebCore:: const): Deleted.
967         * testing/MockCDMFactory.h:
968
969 2018-05-03  Chris Dumez  <cdumez@apple.com>
970
971         Stop using an iframe's id as fallback if its name attribute is not set
972         https://bugs.webkit.org/show_bug.cgi?id=11388
973
974         Reviewed by Geoff Garen.
975
976         WebKit had logic to use an iframe's id as fallback name when its name
977         content attribute is not set. This behavior was not standard and did not
978         match other browsers:
979         - https://html.spec.whatwg.org/#attr-iframe-name
980
981         Gecko / Trident never behaved this way. Blink was aligned with us until
982         they started to match the specification in:
983         - https://bugs.chromium.org/p/chromium/issues/detail?id=347169
984
985         This WebKit quirk was causing some Web-compatibility issues because it
986         would affect the behavior of Window's name property getter when trying
987         to look up an iframe by id. Because of Window's named property getter
988         behavior [1], we would return the frame's contentWindow instead of the
989         iframe element itself.
990
991         [1] https://html.spec.whatwg.org/multipage/window-object.html#named-access-on-the-window-object
992
993         Test: fast/dom/Window/named-getter-frame-id.html
994
995         * html/HTMLFrameElementBase.cpp:
996         (WebCore::HTMLFrameElementBase::openURL):
997         (WebCore::HTMLFrameElementBase::parseAttribute):
998         (WebCore::HTMLFrameElementBase::didFinishInsertingNode):
999         * html/HTMLFrameElementBase.h:
1000
1001 2018-05-03  Eric Carlson  <eric.carlson@apple.com>
1002
1003         [iOS] Internal text and audio tracks not in fullscreen menu
1004         https://bugs.webkit.org/show_bug.cgi?id=185268
1005         <rdar://problem/38673440>
1006
1007         Reviewed by Jer Noble.
1008
1009         * platform/cocoa/PlaybackSessionModelMediaElement.mm:
1010         (WebCore::PlaybackSessionModelMediaElement::setMediaElement): 'addtrack' and 'removetrack'
1011         events are fired at the track lists, not the media element.
1012
1013 2018-05-03  Ryosuke Niwa  <rniwa@webkit.org>
1014
1015         Using image map inside a shadow tree results hits a release assert in DocumentOrderedMap::add
1016         https://bugs.webkit.org/show_bug.cgi?id=185238
1017
1018         Reviewed by Antti Koivisto.
1019
1020         The bug was caused by DocumentOrderedMap for the image elements with usemap being stored in Document
1021         even if those image elements were in a shadow tree. Fixed the bug by moving the map to TreeScope.
1022
1023         Test: fast/images/imagemap-in-nested-shadow-tree.html
1024               fast/images/imagemap-in-shadow-tree.html
1025
1026         * dom/Document.cpp:
1027         (WebCore::Document::addImageElementByUsemap): Moved to TreeScope.
1028         (WebCore::Document::removeImageElementByUsemap): Ditto.
1029         (WebCore::Document::imageElementByUsemap const): Ditto.
1030         * dom/Document.h:
1031         * dom/TreeScope.cpp:
1032         (WebCore::TreeScope::destroyTreeScopeData): Clear m_imagesByUsemap as well as m_elementsByName.
1033         (WebCore::TreeScope::getImageMap const): Removed the code to parse usemap. RenderImage::imageMap()
1034         which used to call this function with the raw value of the usemap content attribute now calls it
1035         via HTMLImageElement::associatedMapElement(), which uses the parsed usemap.
1036         (WebCore::TreeScope::addImageElementByUsemap): Moved from Document.
1037         (WebCore::TreeScope::removeImageElementByUsemap): Ditto.
1038         (WebCore::TreeScope::imageElementByUsemap const): Ditto.
1039         * dom/TreeScope.h:
1040         * html/HTMLImageElement.cpp:
1041         (WebCore::HTMLImageElement::parseAttribute):
1042         (WebCore::HTMLImageElement::insertedIntoAncestor): This image element can be associated with a map element
1043         if it's connected to a document.
1044         (WebCore::HTMLImageElement::removedFromAncestor):
1045         (WebCore::HTMLImageElement::associatedMapElement const):
1046         * html/HTMLImageElement.h:
1047         * html/HTMLMapElement.cpp:
1048         (WebCore::HTMLMapElement::imageElement):
1049         * rendering/RenderImage.cpp:
1050         (WebCore::RenderImage::imageMap const):
1051
1052 2018-05-03  Justin Fan  <justin_fan@apple.com>
1053
1054         [WebGL] Add runtime flag for enabling ASTC support in WebGL
1055         https://bugs.webkit.org/show_bug.cgi?id=184840
1056
1057         Reviewed by Myles C. Maxfield.
1058
1059         Added runtime flag for ASTC support in WebGL, to turn on/off when extension is implemented.
1060
1061         * page/RuntimeEnabledFeatures.h:
1062         (WebCore::RuntimeEnabledFeatures::setWebGLCompressedTextureASTCSupportEnabled):
1063         (WebCore::RuntimeEnabledFeatures::webGLCompressedTextureASTCSupportEnabled const):
1064
1065 2018-05-03  Chris Nardi  <cnardi@chromium.org>
1066
1067         Remove [NoInterfaceObject] from DOMRectList
1068         https://bugs.webkit.org/show_bug.cgi?id=185255
1069
1070         Reviewed by Chris Dumez.
1071
1072         In https://github.com/w3c/fxtf-drafts/issues/233, [NoInterfaceObject] was removed
1073         from DOMRectList. Remove it from our implementation to match the spec, as well as
1074         Chrome and Firefox.
1075
1076         Updated web platform tests IDL test for the Geometry spec.
1077
1078         * dom/DOMRectList.idl:
1079
1080 2018-05-03  Chris Dumez  <cdumez@apple.com>
1081
1082         REGRESSION(iOS 11.3): Crashes in TimerBase::~TimerBase() in Tencent x5gamehelper
1083         https://bugs.webkit.org/show_bug.cgi?id=185073
1084         <rdar://problem/39821223>
1085
1086         Reviewed by Alexey Proskuryakov.
1087
1088         The following changes were made:
1089         - Make sure SocketStream callbacks are always scheduled on the right runloop:
1090           WebThreadRunLoop() on WebKitLegacy iOS, loaderRunLoop() on Windows and
1091           main runloop otherwise.
1092         - When the SocketStream callbacks are called, unconditionally call callOnMainThreadAndWait()
1093           before calling methods on the SocketStream client. Previously, this code path
1094           was specific to Windows but there is no reason to have platform-specific code here.
1095           callOnMainThreadAndWait() calls the function right away if we're already on the main
1096           thread, which will be the case on other platform than Windows.
1097
1098         * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
1099         (WebCore::callbacksRunLoop):
1100         (WebCore::callbacksRunLoopMode):
1101         (WebCore::SocketStreamHandleImpl::scheduleStreams):
1102         (WebCore::SocketStreamHandleImpl::pacExecutionCallback):
1103         (WebCore::SocketStreamHandleImpl::executePACFileURL):
1104         (WebCore::SocketStreamHandleImpl::removePACRunLoopSource):
1105         (WebCore::SocketStreamHandleImpl::readStreamCallback):
1106         (WebCore::SocketStreamHandleImpl::writeStreamCallback):
1107         (WebCore::SocketStreamHandleImpl::platformClose):
1108
1109 2018-05-03  Zalan Bujtas  <zalan@apple.com>
1110
1111         [LFC] Enable multiple layout roots for incremental layout.
1112         https://bugs.webkit.org/show_bug.cgi?id=185185
1113
1114         Reviewed by Antti Koivisto.
1115
1116         With certain type of style changes, we can stop the box invalidation at the formatting context boundary.
1117         When multiple boxes need updating in different formatting contexts, instead of marking the parent containing block chain all
1118         the way up to a common ancestor, we could just work with a list of layout entry points per layout frame.
1119
1120         * layout/FormattingState.h:
1121         * layout/LayoutContext.cpp:
1122         (WebCore::Layout::LayoutContext::updateLayout):
1123         (WebCore::Layout::LayoutContext::addLayoutEntryPoint):
1124         * layout/LayoutContext.h:
1125
1126 2018-05-03  Zalan Bujtas  <zalan@apple.com>
1127
1128         [LFC] Box invalidation logic should go to dedicated classes.
1129         https://bugs.webkit.org/show_bug.cgi?id=185249
1130
1131         Reviewed by Antti Koivisto.
1132
1133         Each formatting context can initiate a different type of invalidation when
1134         style attribute changes in a box.
1135
1136         * Sources.txt:
1137         * WebCore.xcodeproj/project.pbxproj:
1138         * layout/FormattingState.cpp:
1139         (WebCore::Layout::FormattingState::FormattingState):
1140         * layout/FormattingState.h:
1141         (WebCore::Layout::FormattingState::isBlockFormattingState const):
1142         (WebCore::Layout::FormattingState::isInlineFormattingState const):
1143         * layout/LayoutContext.cpp:
1144         (WebCore::Layout::LayoutContext::styleChanged):
1145         (WebCore::Layout::LayoutContext::markNeedsUpdate):
1146         * layout/LayoutContext.h:
1147         * layout/blockformatting/BlockFormattingState.cpp:
1148         (WebCore::Layout::BlockFormattingState::BlockFormattingState):
1149         * layout/blockformatting/BlockFormattingState.h:
1150         * layout/blockformatting/BlockInvalidation.cpp: Copied from Source/WebCore/layout/blockformatting/BlockFormattingState.cpp.
1151         (WebCore::Layout::BlockInvalidation::invalidate):
1152         * layout/blockformatting/BlockInvalidation.h: Copied from Source/WebCore/layout/inlineformatting/InlineFormattingState.h.
1153         * layout/inlineformatting/InlineFormattingState.cpp:
1154         (WebCore::Layout::InlineFormattingState::InlineFormattingState):
1155         * layout/inlineformatting/InlineFormattingState.h:
1156         * layout/inlineformatting/InlineInvalidation.cpp: Copied from Source/WebCore/layout/inlineformatting/InlineFormattingState.cpp.
1157         (WebCore::Layout::InlineInvalidation::invalidate):
1158         * layout/inlineformatting/InlineInvalidation.h: Copied from Source/WebCore/layout/blockformatting/BlockFormattingState.h.
1159
1160 2018-05-03  Michael Catanzaro  <mcatanzaro@igalia.com>
1161
1162         WebKit should send fake macOS user agent to docs.google.com
1163         https://bugs.webkit.org/show_bug.cgi?id=185165
1164
1165         Reviewed by Carlos Garcia Campos.
1166
1167         * platform/UserAgentQuirks.cpp:
1168         (WebCore::urlRequiresMacintoshPlatform):
1169         (WebCore::urlRequiresLinuxDesktopPlatform):
1170
1171 2018-05-03  Commit Queue  <commit-queue@webkit.org>
1172
1173         Unreviewed, rolling out r231223 and r231288.
1174         https://bugs.webkit.org/show_bug.cgi?id=185256
1175
1176         The change in r231223 breaks internal builds, and r231288 is a
1177         dependent change. (Requested by ryanhaddad on #webkit).
1178
1179         Reverted changesets:
1180
1181         "Use default std::optional if it is provided"
1182         https://bugs.webkit.org/show_bug.cgi?id=185159
1183         https://trac.webkit.org/changeset/231223
1184
1185         "Use pointer instead of
1186         std::optional<std::reference_wrapper<>>"
1187         https://bugs.webkit.org/show_bug.cgi?id=185186
1188         https://trac.webkit.org/changeset/231288
1189
1190 2018-05-03  Ryan Haddad  <ryanhaddad@apple.com>
1191
1192         Unreviewed, rolling out r231253.
1193
1194         The API test added with this change is crashing on the bots.
1195
1196         Reverted changeset:
1197
1198         "Web Inspector: opt out of process swap on navigation if a Web
1199         Inspector frontend is connected"
1200         https://bugs.webkit.org/show_bug.cgi?id=184861
1201         https://trac.webkit.org/changeset/231253
1202
1203 2018-05-03  Youenn Fablet  <youenn@apple.com>
1204
1205         A MediaStream being played should allow removing some of its tracks
1206         https://bugs.webkit.org/show_bug.cgi?id=185233
1207
1208         Reviewed by Eric Carlson.
1209
1210         Update the tracks out of the for loop.
1211         Test: fast/mediastream/change-tracks-media-stream-being-played.html
1212
1213         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
1214         (WebCore::updateTracksOfType):
1215
1216 2018-05-03  Miguel Gomez  <magomez@igalia.com>
1217
1218         WebCore::TextureMapperLayer object used after freed
1219         https://bugs.webkit.org/show_bug.cgi?id=184729
1220
1221         Reviewed by Michael Catanzaro.
1222
1223         Replace the raw pointers with WeakPtr for effectTarget, maskLayer and replicaLayer
1224         inside TextureMapperLayer.
1225
1226         * platform/graphics/texmap/TextureMapperLayer.cpp:
1227         (WebCore::TextureMapperLayer::~TextureMapperLayer):
1228         (WebCore::TextureMapperLayer::setMaskLayer):
1229         (WebCore::TextureMapperLayer::setReplicaLayer):
1230         * platform/graphics/texmap/TextureMapperLayer.h:
1231
1232 2018-05-03  Basuke Suzuki  <Basuke.Suzuki@sony.com>
1233
1234         [Curl] Add OpenSSL/LibreSSL multi-threading support
1235         https://bugs.webkit.org/show_bug.cgi?id=185138
1236
1237         The older OpenSSL manual says the locking_function and threadid_function should
1238         be set when use it in multi-threading environment. This applies to LibreSSL also.
1239         https://www.openssl.org/docs/man1.0.2/crypto/threads.html
1240
1241         For unix and other similar os, the default threadId_function implementation is
1242         good enough. We'll set custom callback only for Windows OS.
1243
1244         Note it's not required for OpenSSL 1.1.0 and after.
1245         https://www.openssl.org/blog/blog/2017/02/21/threads/
1246
1247         Reviewed by Per Arne Vollan.
1248
1249         * platform/network/curl/CurlSSLHandle.cpp:
1250         (WebCore::CurlSSLHandle::CurlSSLHandle):
1251         (WebCore::CurlSSLHandle::ThreadSupport::ThreadSupport):
1252         (WebCore::CurlSSLHandle::ThreadSupport::lockingCallback):
1253         (WebCore::CurlSSLHandle::ThreadSupport::threadIdCallback):
1254         * platform/network/curl/CurlSSLHandle.h:
1255         (WebCore::CurlSSLHandle::ThreadSupport::setup):
1256         (WebCore::CurlSSLHandle::ThreadSupport::singleton):
1257         (WebCore::CurlSSLHandle::ThreadSupport::lock):
1258         (WebCore::CurlSSLHandle::ThreadSupport::unlock):
1259
1260 2018-05-02  Ryosuke Niwa  <rniwa@webkit.org>
1261
1262         Remove superfluous check for a null attribute value check in Element::removeAttributeInternal
1263         https://bugs.webkit.org/show_bug.cgi?id=185227
1264
1265         Reviewed by Chris Dumez.
1266
1267         Removed the check. The attribute value string can never be null.
1268
1269         * dom/Element.cpp:
1270         (WebCore::Element::removeAttributeInternal):
1271
1272 2018-05-02  Zalan Bujtas  <zalan@apple.com>
1273
1274         [LFC] Implement LayoutContext::createDisplayBox
1275         https://bugs.webkit.org/show_bug.cgi?id=185158
1276
1277         Reviewed by Antti Koivisto.
1278
1279         Now compute*() functions take both the const layout and the corresponding non-const display boxes.
1280         Display boxes are owned by the LayoutContext and they don't form a tree structure (only implicitly through the layout tree).
1281         (This might need to change in the future if we decide to arrange them in some sort of painting order)
1282
1283         * layout/FloatingContext.cpp:
1284         (WebCore::Layout::FloatingContext::computePosition):
1285         * layout/FloatingContext.h:
1286         * layout/FormattingContext.cpp:
1287         (WebCore::Layout::FormattingContext::computeStaticPosition const):
1288         (WebCore::Layout::FormattingContext::computeInFlowPositionedPosition const):
1289         (WebCore::Layout::FormattingContext::computeOutOfFlowPosition const):
1290         (WebCore::Layout::FormattingContext::computeWidth const):
1291         (WebCore::Layout::FormattingContext::computeHeight const):
1292         (WebCore::Layout::FormattingContext::computeOutOfFlowWidth const):
1293         (WebCore::Layout::FormattingContext::computeFloatingWidth const):
1294         (WebCore::Layout::FormattingContext::computeOutOfFlowHeight const):
1295         (WebCore::Layout::FormattingContext::computeFloatingHeight const):
1296         * layout/FormattingContext.h:
1297         * layout/LayoutContext.cpp:
1298         (WebCore::Layout::LayoutContext::createDisplayBox):
1299         * layout/LayoutContext.h:
1300         (WebCore::Layout::LayoutContext::displayBoxForLayoutBox const):
1301         * layout/blockformatting/BlockFormattingContext.cpp:
1302         (WebCore::Layout::BlockFormattingContext::layout const):
1303         (WebCore::Layout::BlockFormattingContext::computeStaticPosition const):
1304         (WebCore::Layout::BlockFormattingContext::computeInFlowWidth const):
1305         (WebCore::Layout::BlockFormattingContext::computeInFlowHeight const):
1306         * layout/blockformatting/BlockFormattingContext.h:
1307         * layout/displaytree/DisplayBox.h:
1308         (WebCore::Display::Box::parent const): Deleted.
1309         (WebCore::Display::Box::nextSibling const): Deleted.
1310         (WebCore::Display::Box::previousSibling const): Deleted.
1311         (WebCore::Display::Box::firstChild const): Deleted.
1312         (WebCore::Display::Box::lastChild const): Deleted.
1313         (WebCore::Display::Box::setParent): Deleted.
1314         (WebCore::Display::Box::setNextSibling): Deleted.
1315         (WebCore::Display::Box::setPreviousSibling): Deleted.
1316         (WebCore::Display::Box::setFirstChild): Deleted.
1317         (WebCore::Display::Box::setLastChild): Deleted.
1318         (): Deleted.
1319         * layout/inlineformatting/InlineFormattingContext.cpp:
1320         (WebCore::Layout::InlineFormattingContext::computeInFlowWidth const):
1321         (WebCore::Layout::InlineFormattingContext::computeInFlowHeight const):
1322         * layout/inlineformatting/InlineFormattingContext.h:
1323
1324 2018-05-02  Said Abou-Hallawa  <sabouhallawa@apple.com>
1325
1326         Hiding then showing an <object> of type image makes the underlaying image disappear
1327         https://bugs.webkit.org/show_bug.cgi?id=185216
1328         <rdar://problem/39055630>
1329
1330         Reviewed by Youenn Fablet.
1331
1332         Ensure the HTMLPlugInImageElement updates the RenderImageResource of its
1333         RenderImage with the CachedImage of its ImageLoader when the RenderImage
1334         is recreated.
1335
1336         Test: fast/images/object-image-hide-show.html
1337
1338         * html/HTMLPlugInImageElement.cpp:
1339         (WebCore::HTMLPlugInImageElement::didAttachRenderers):
1340         This is very similar to what we do in HTMLImageElement::didAttachRenderers().
1341
1342
1343 2018-05-02  Brent Fulgham  <bfulgham@apple.com>
1344
1345         Use RetainPtr for form input type
1346         https://bugs.webkit.org/show_bug.cgi?id=185210
1347         <rdar://problem/39734040>
1348
1349         Reviewed by Ryosuke Niwa.
1350
1351         Refactor our HTMLInputElement class to store its InputType member as a RefPtr.
1352
1353         Test: fast/forms/access-key-mutation-2.html.
1354
1355         * html/HTMLInputElement.cpp:
1356         (WebCore::HTMLInputElement::HTMLInputElement):
1357         (WebCore::HTMLInputElement::didAddUserAgentShadowRoot):
1358         (WebCore::HTMLInputElement::accessKeyAction):
1359         (WebCore::HTMLInputElement::parseAttribute):
1360         (WebCore::HTMLInputElement::appendFormData):
1361         * html/HTMLInputElement.h:
1362         * html/InputType.cpp:
1363         (WebCore::createInputType):
1364         (WebCore::InputType::create):
1365         (WebCore::InputType::createText):
1366         * html/InputType.h:
1367
1368 2018-05-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1369
1370         Use pointer instead of std::optional<std::reference_wrapper<>>
1371         https://bugs.webkit.org/show_bug.cgi?id=185186
1372
1373         Reviewed by Alex Christensen.
1374
1375         std::optional<T&> is not accepted in C++17 spec. So we replaced it
1376         with std::optional<std::reference_wrapper<T>>.
1377
1378         In this patch, we replace it with T*, which is well-aligned to
1379         WebKit's convention.
1380
1381         * Modules/mediastream/RTCPeerConnection.cpp:
1382         (WebCore::iceServersFromConfiguration):
1383         (WebCore::RTCPeerConnection::initializeConfiguration):
1384         (WebCore::RTCPeerConnection::setConfiguration):
1385         * css/parser/CSSParser.cpp:
1386         (WebCore::CSSParser::parseSystemColor):
1387         * css/parser/CSSParser.h:
1388         * dom/DatasetDOMStringMap.cpp:
1389         (WebCore::DatasetDOMStringMap::item const):
1390         (WebCore::DatasetDOMStringMap::namedItem const):
1391         * dom/DatasetDOMStringMap.h:
1392         * dom/Element.cpp:
1393         (WebCore::Element::insertAdjacentHTML):
1394         * dom/Element.h:
1395         * html/canvas/CanvasStyle.cpp:
1396         (WebCore::parseColor):
1397         * inspector/DOMEditor.cpp:
1398         * platform/network/curl/CurlFormDataStream.cpp:
1399         (WebCore::CurlFormDataStream::getPostData):
1400         * platform/network/curl/CurlFormDataStream.h:
1401         * platform/network/curl/CurlRequest.cpp:
1402         (WebCore::CurlRequest::setupPOST):
1403         * testing/MockCDMFactory.cpp:
1404         (WebCore::MockCDMFactory::keysForSessionWithID const):
1405         (WebCore::MockCDMInstance::updateLicense):
1406         * testing/MockCDMFactory.h:
1407
1408 2018-05-02  Keith Rollin  <krollin@apple.com>
1409
1410         Add facility for tracking times and results of page and resource loading
1411         https://bugs.webkit.org/show_bug.cgi?id=184838
1412         <rdar://problem/36548974>
1413
1414         Reviewed by Brent Fulgham.
1415
1416         Update FrameProgressTracker to send the necessary page load start/stop
1417         signals so that we can track the entire page load at a network level.
1418         Add an empty override of the pure virtual
1419         LoaderStrategy::pageLoadCompleted method.
1420
1421         No new tests. There is no testable effect from these changes. On
1422         Cocoa, measurable changes take place in another (non-WebKit) process.
1423         On non-Cocoa systems, this facility is currently disabled.
1424
1425         * loader/FrameLoader.cpp:
1426         (WebCore::FrameLoader::FrameProgressTracker::progressCompleted):
1427         * loader/LoaderStrategy.h:
1428
1429 2018-05-02  Aditya Keerthi  <akeerthi@apple.com>
1430
1431         Can't copy and paste URLs that have no title into Mail (macOS)
1432         https://bugs.webkit.org/show_bug.cgi?id=185205
1433         <rdar://problem/36352406>
1434
1435         Reviewed by Tim Horton.
1436
1437         The pasteboardURL generated has an empty title for URLs without titles. Currently, the pasteboardURL.title is being saved to the pasteboard.
1438
1439         To fix the error, we check whether the title is empty and instead save the lastPathComponent to the pasteboard. This matches current behavior as the fallback title.
1440
1441         Augmented WebKitLegacy.ContextMenuCanCopyURL test
1442
1443         * platform/mac/PasteboardMac.mm:
1444         (WebCore::writeURLForTypes):
1445
1446 2018-05-01  Ryosuke Niwa  <rniwa@webkit.org>
1447
1448         REGRESSION(r225868): Release assert when removing an SVGUseElement from Document::m_svgUseElements
1449         https://bugs.webkit.org/show_bug.cgi?id=182188
1450         <rdar://problem/36689240>
1451
1452         Reviewed by Antti Koivisto.
1453
1454         Fixed the crash by removing up the release assert.
1455
1456         The crash is likely caused by re-entrancy to Document::resolveStyle during SVGUseElement::updateShadowTree.
1457         Because Document::resolveStyle invokes updateShadowTree on SVG use elements in Document::m_svgUseElements
1458         without clearing the map, the nested call to resolveStyle ends up calling updateShadowTree() for all elements
1459         in m_svgUseElements and removing them all from the map. When the stack frame eventually comes back to the outer
1460         invocation of Document::resolveStyle, updateShadowTree gets invoked for the second time on SVG use elements
1461         whose shadow tree had already been updated within the inner invocation to updateShadowTree, and release-asserts.
1462
1463         There is an alternative fix: avoid calling updateShadowTree on a svg element when shadowTreeNeedsUpdate returns
1464         true on the element in resolveStyle. However, removing the release assert is a sure way to fix the crash so
1465         this patch opts for that fix instead especially since we don't have any reproducible test case for this crash.
1466
1467         This release assertion was added in r225868 as a cautious measure to catch any use-after-frees of SVGUseElement's
1468         since m_svgUseElements stored raw pointes to SVG use elements but this crash is not an indicative of any UAF,
1469         and there is no evidence that r225868 has led to new UAFs even after five months.
1470
1471         No new tests. I couldn't find a way to trigger a nested style update inside SVGUseElement::updateShadowTree.
1472
1473         * dom/Document.cpp:
1474         (WebCore::Document::removeSVGUseElement):
1475
1476 2018-05-02  Dirk Schulze  <dschulze@chromium.org>
1477
1478         getCharNumAtPosition should take DOMPointInit as argument
1479         https://bugs.webkit.org/show_bug.cgi?id=184695
1480
1481         Reviewed by Antti Koivisto.
1482
1483         Extend existing tests for getCharNumAtPosition.
1484
1485         * svg/SVGTextContentElement.cpp:
1486         (WebCore::SVGTextContentElement::getCharNumAtPosition):
1487         * svg/SVGTextContentElement.h:
1488         * svg/SVGTextContentElement.idl: Use DOMPointInit argument.
1489
1490 2018-05-02  Youenn Fablet  <youenn@apple.com>
1491
1492         Use NetworkLoadChecker for navigation loads
1493         https://bugs.webkit.org/show_bug.cgi?id=184892
1494         <rdar://problem/39652686>
1495
1496         Reviewed by Chris Dumez.
1497
1498         Sanitize headers according response tainting.
1499         If tainting is basic, it means same origin load in which case we only filter Cookie related headers.
1500         If tainting is Opaque, we filter all uncommon headers.
1501         If tainting is CORS, we filter all uncommon headers except the one explicitely allowed by CORS headers.
1502         Covered by updated test.
1503
1504         * platform/network/ResourceResponseBase.cpp:
1505         (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting):
1506         (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFields):
1507         * platform/network/ResourceResponseBase.h:
1508
1509 2018-05-02  Myles C. Maxfield  <mmaxfield@apple.com>
1510
1511         Collection fragment identifiers don't use PostScript names
1512         https://bugs.webkit.org/show_bug.cgi?id=184624
1513         <rdar://problem/39432089>
1514
1515         Reviewed by Simon Fraser.
1516
1517         In a previous version of the CSS Fonts spec, there was text saying that items in font collections
1518         should be 1-indexed (so the first item would be MyFonts.ttc#1). However, this is unfortunate because
1519         inserting an item into the middle of a collection would throw off all content that uses the file.
1520         Instead, the spec has since changed to use PostScript names (so the content instead would say
1521         MyFonts.ttc#MyFont-Regular).
1522
1523         Test: fast/text/font-collection.html
1524
1525         * css/CSSFontFaceSource.cpp:
1526         (WebCore::CSSFontFaceSource::load):
1527         * loader/cache/CachedFont.cpp:
1528         (WebCore::CachedFont::calculateItemInCollection const):
1529         (WebCore::CachedFont::ensureCustomFontData):
1530         (WebCore::CachedFont::createCustomFontData):
1531         (WebCore::CachedFont::calculateIndex const): Deleted.
1532         * loader/cache/CachedFont.h:
1533         * platform/graphics/mac/FontCustomPlatformData.cpp:
1534         (WebCore::createFontCustomPlatformData):
1535         * platform/graphics/mac/FontCustomPlatformData.h:
1536
1537 2018-05-02  Brian Burg  <bburg@apple.com>
1538
1539         Web Inspector: opt out of process swap on navigation if a Web Inspector frontend is connected
1540         https://bugs.webkit.org/show_bug.cgi?id=184861
1541         <rdar://problem/39153768>
1542
1543         Reviewed by Ryosuke Niwa.
1544
1545         Notify the client of the current connection count whenever a frontend connects or disconnects.
1546
1547         Covered by new API test.
1548
1549         * inspector/InspectorClient.h:
1550         (WebCore::InspectorClient::frontendCountChanged):
1551         * inspector/InspectorController.cpp:
1552         (WebCore::InspectorController::connectFrontend):
1553         (WebCore::InspectorController::disconnectFrontend):
1554         (WebCore::InspectorController::disconnectAllFrontends):
1555         * inspector/InspectorController.h:
1556
1557 2018-05-02  Carlos Alberto Lopez Perez  <clopez@igalia.com>
1558
1559         [GStreamer] Remove unneeded include of gstgldisplay_wayland.h after r228866 and r229022
1560         https://bugs.webkit.org/show_bug.cgi?id=185207
1561
1562         Reviewed by Michael Catanzaro.
1563
1564         Remove unneeded include of gstgldisplay_wayland.h
1565
1566         No new tests, no change in behaviour.
1567
1568         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1569
1570 2018-05-02  Chris Dumez  <cdumez@apple.com>
1571
1572         document.open() event listener removal is not immediate
1573         https://bugs.webkit.org/show_bug.cgi?id=185191
1574
1575         Reviewed by Darin Adler.
1576
1577         We need to make sure we set the 'wasremoved' flag on RegisteredEventListeners
1578         whenever they get removed from the EventListenerMap. We were doing so correctly
1579         in EventListenerMap:remove() but not EventListenerMap::clear(). This patch
1580         updates clear() accordingly.
1581
1582         The reason we need to set this flag is that RegisteredEventListeners is RefCounted
1583         and EventTarget::fireEventListeners() may be currently running and calling
1584         each listener one by one, holding a reference to all listener of a given event.
1585
1586         Test: fast/dom/Document/document-open-removes-all-listeners.html
1587
1588         * dom/EventListenerMap.cpp:
1589         (WebCore::EventListenerMap::clear):
1590
1591 2018-05-02  Zalan Bujtas <zalan@apple.com>
1592
1593         Use WeakPtr in GridCell
1594         https://bugs.webkit.org/show_bug.cgi?id=185180
1595         <rdar://problem/39432165>
1596
1597         Reviewed by Antti Koivisto.
1598
1599         Since GridCell does not own the renderers, it should
1600         construct weak pointers.
1601
1602         Unable to create a reliably reproducible test case.
1603
1604         * rendering/Grid.cpp:
1605         (WebCore::Grid::insert):
1606         (WebCore::GridIterator::nextGridItem):
1607         * rendering/Grid.h:
1608         * rendering/RenderGrid.cpp:
1609         (WebCore::RenderGrid::firstLineBaseline const):
1610
1611 2018-05-02  Eric Carlson  <eric.carlson@apple.com>
1612
1613         [iOS] Provide audio route information when invoking AirPlay picker
1614         https://bugs.webkit.org/show_bug.cgi?id=185199
1615         <rdar://problem/39853103>
1616
1617         Reviewed by Jer Noble.
1618
1619         No new tests, this requires a specific hardware setup.
1620
1621         * dom/Document.cpp:
1622         (WebCore::Document::showPlaybackTargetPicker): Pass route sharing policy and routing context UID.
1623         * dom/Document.h:
1624
1625         * html/MediaElementSession.cpp:
1626         (WebCore::MediaElementSession::showPlaybackTargetPicker): Ditto.
1627
1628         * loader/EmptyClients.h:
1629         * page/ChromeClient.h:
1630
1631         * page/Page.cpp:
1632         (WebCore::Page::showPlaybackTargetPicker): Ditto.
1633         * page/Page.h:
1634
1635         * platform/audio/AudioSession.cpp:
1636         (WebCore::AudioSession::routeSharingPolicy const): Empty implementation for non-iOS ports.
1637         (WebCore::routingContextUID const): Ditto.
1638         * platform/audio/AudioSession.h:
1639
1640         * platform/audio/ios/AudioSessionIOS.mm:
1641         (WebCore::AudioSession::routeSharingPolicy const): Return the route sharing policy.
1642         (WebCore::AudioSession::routingContextUID const): Return the route context UID.
1643
1644 2018-05-02  Dean Jackson  <dino@apple.com>
1645
1646         Draw SystemPreview badge to specification on iOS
1647         https://bugs.webkit.org/show_bug.cgi?id=185203
1648         <rdar://problem/39908855>
1649
1650         Reviewed by Tim Horton.
1651
1652         Use CoreImage to render a badge with a blurred background,
1653         at particular sizes.
1654
1655         This will be tested internally while we're getting artwork
1656         from WebKitAdditions.
1657
1658         * Configurations/WebCore.xcconfig: Link against CoreImage.
1659         * rendering/RenderThemeIOS.h:
1660         * rendering/RenderThemeIOS.mm:
1661         (WebCore::RenderThemeIOS::paintSystemPreviewBadge): New function
1662         in the iOS platform RenderTheme that draws the system preview.
1663
1664 2018-05-01  Brent Fulgham  <bfulgham@apple.com>
1665
1666         Prevent Debug ASSERT when changing forms
1667         https://bugs.webkit.org/show_bug.cgi?id=185173
1668         <rdar://problem/39738669>
1669
1670         Reviewed by Ryosuke Niwa.
1671
1672         Form submission could trigger a debug assertion during validation when
1673         a form is changed during an input submission. Fix this by cleaning up
1674         the event handling logic and make it more consistent with modern WebKit
1675         coding style.
1676
1677         Test: fast/forms/form-submission-crash-3.html
1678
1679         * html/HTMLButtonElement.cpp:
1680         (WebCore::HTMLButtonElement::defaultEventHandler): Make sure layout runs before
1681         attempting to perform event handling.
1682         * html/HTMLFormElement.cpp:
1683         (WebCore::HTMLFormElement::reportValidity): Ditto.
1684         (WebCore::HTMLFormElement::validateInteractively): Remove call to perform layout here,
1685         since we expect this to happen earlier in the layout pass. Add an assertion that the
1686         tree is not dirty.
1687         * html/ImageInputType.cpp:
1688         (WebCore::ImageInputType::handleDOMActivateEvent): Make sure layout runs before
1689         attempting to perform event handling.
1690         * html/SubmitInputType.cpp:
1691         (WebCore::SubmitInputType::handleDOMActivateEvent): Ditto.
1692
1693 2018-05-02  Jer Noble  <jer.noble@apple.com>
1694
1695         Unreviewed; address review comments made before landing r231231.
1696
1697         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
1698         (VideoFullscreenControllerContext::volume const):
1699
1700 2018-05-02  Jer Noble  <jer.noble@apple.com>
1701
1702         Pipe volume through PlaybackSessionManager/Proxy.
1703         https://bugs.webkit.org/show_bug.cgi?id=185182
1704
1705         Reviewed by Eric Carlson.
1706
1707         Add support for the volume property to PlaybackSessionModel, and all its clients.
1708
1709         * platform/cocoa/PlaybackSessionModel.h:
1710         (WebCore::PlaybackSessionModelClient::volumeChanged):
1711         * platform/cocoa/PlaybackSessionModelMediaElement.h:
1712         * platform/cocoa/PlaybackSessionModelMediaElement.mm:
1713         (WebCore::PlaybackSessionModelMediaElement::updateForEventName):
1714         (WebCore::PlaybackSessionModelMediaElement::setVolume):
1715         (WebCore::PlaybackSessionModelMediaElement::volume const):
1716         * platform/ios/PlaybackSessionInterfaceAVKit.h:
1717         * platform/ios/PlaybackSessionInterfaceAVKit.mm:
1718         (WebCore::PlaybackSessionInterfaceAVKit::volumeChanged):
1719         * platform/ios/WebAVPlayerController.h:
1720         * platform/ios/WebAVPlayerController.mm:
1721         (-[WebAVPlayerController volume]):
1722         (-[WebAVPlayerController setVolume:]):
1723         (-[WebAVPlayerController volumeChanged:]):
1724         (-[WebAVPlayerController resetMediaState]):
1725         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
1726         (VideoFullscreenControllerContext::volumeChanged):
1727         (VideoFullscreenControllerContext::volume const):
1728         (VideoFullscreenControllerContext::setVolume):
1729
1730 2018-05-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1731
1732         Unreviewed, fix build in WinCairo
1733         https://bugs.webkit.org/show_bug.cgi?id=185169
1734
1735         * bindings/js/JSDOMWindowBase.cpp:
1736         (WebCore::JSDOMWindowBase::instantiateStreaming):
1737         * bindings/js/JSDOMWindowBase.h:
1738
1739 2018-05-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1740
1741         Use default std::optional if it is provided
1742         https://bugs.webkit.org/show_bug.cgi?id=185159
1743
1744         Reviewed by JF Bastien.
1745
1746         * Modules/mediastream/RTCPeerConnection.cpp:
1747         (WebCore::iceServersFromConfiguration):
1748         (WebCore::RTCPeerConnection::setConfiguration):
1749         * css/parser/CSSParser.cpp:
1750         (WebCore::CSSParser::parseSystemColor):
1751         * css/parser/CSSParser.h:
1752         * dom/DatasetDOMStringMap.cpp:
1753         (WebCore::DatasetDOMStringMap::item const):
1754         (WebCore::DatasetDOMStringMap::namedItem const):
1755         (WebCore:: const): Deleted.
1756         * dom/DatasetDOMStringMap.h:
1757         * dom/Element.cpp:
1758         (WebCore::Element::insertAdjacentHTML):
1759         * dom/Element.h:
1760         * inspector/DOMEditor.cpp:
1761         * platform/network/curl/CurlFormDataStream.cpp:
1762         (WebCore::CurlFormDataStream::getPostData):
1763         (): Deleted.
1764         * platform/network/curl/CurlFormDataStream.h:
1765         * testing/MockCDMFactory.cpp:
1766         (WebCore::MockCDMFactory::keysForSessionWithID const):
1767         (WebCore::MockCDMInstance::updateLicense):
1768         (WebCore:: const): Deleted.
1769         * testing/MockCDMFactory.h:
1770
1771 2018-05-01  Chris Dumez  <cdumez@apple.com>
1772
1773         Add release assertions in CFNetwork's SocketStreamHandleImpl to help debug a threading issue
1774         https://bugs.webkit.org/show_bug.cgi?id=185181
1775
1776         Reviewed by Geoffrey Garen.
1777
1778         Add release assertions in CFNetwork's SocketStreamHandleImpl to help debug a threading issue
1779         on iOS WebKitLegacy (Bug 185073). It appears readStreamCallback() can get called on the UIThread,
1780         which should not be possible if scheduleStreams() was called on the WebThread, as it is supposed
1781         to. The new release assertion in scheduleStreams() should tell us if somebody is calling it from
1782         the UIthread instead of the WebThread on iOS WebKitLegacy.
1783
1784         * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
1785         (WebCore::SocketStreamHandleImpl::scheduleStreams):
1786         (WebCore::SocketStreamHandleImpl::readStreamCallback):
1787
1788 2018-05-01  Wenson Hsieh  <wenson_hsieh@apple.com>
1789
1790         Unreviewed, remove an unused variable in RuntimeEnabledFeatures.h
1791
1792         * page/RuntimeEnabledFeatures.h:
1793
1794 2018-05-01  Oleksandr Skachkov  <gskachkov@gmail.com>
1795
1796         Fix build error after r231194
1797         https://bugs.webkit.org/show_bug.cgi?id=185169
1798
1799         Reviewed by JF Bastien.
1800
1801         Prevent compile error in iOS Simulator debug build
1802         by tagging function
1803
1804         * bindings/js/JSDOMWindowBase.cpp:
1805         (WebCore::JSDOMWindowBase::compileStreaming):
1806         (WebCore::JSDOMWindowBase::instantiateStreaming):
1807
1808 2018-05-01  Oleksandr Skachkov  <gskachkov@gmail.com>
1809
1810         WebAssembly: add support for stream APIs - JavaScript API
1811         https://bugs.webkit.org/show_bug.cgi?id=183442
1812
1813         Reviewed by Yusuke Suzuki and JF Bastien.
1814
1815         Add WebAssembly streaming API to WebCore.
1816
1817         * Configurations/FeatureDefines.xcconfig:
1818         * bindings/js/JSDOMWindowBase.cpp:
1819         (WebCore::tryAllocate):
1820         (WebCore::isResponseCorrect):
1821         (WebCore::handleResponseOnStreamingAction):
1822         (WebCore::JSDOMWindowBase::compileStreaming):
1823         (WebCore::JSDOMWindowBase::instantiateStreaming):
1824         * bindings/js/JSDOMWindowBase.h:
1825         * bindings/js/JSRemoteDOMWindowBase.cpp:
1826         * bindings/js/JSWorkerGlobalScopeBase.cpp:
1827
1828 2018-04-30  Myles C. Maxfield  <mmaxfield@apple.com>
1829
1830         Improve the performance of FontCascadeDescription's effectiveFamilies
1831         https://bugs.webkit.org/show_bug.cgi?id=184720
1832         <rdar://problem/38970927>
1833
1834         Reviewed by Simon Fraser.
1835
1836         The page that had the performance problem renders many different Chinese characters in system-ui
1837         with only a small number of individual fonts. It turns out we were calling into the system-ui
1838         machinery for each character in order to opportunistically start loading data URLs (see also:
1839         https://bugs.webkit.org/show_bug.cgi?id=175845). These data URLS will never represent the system
1840         font, so we don't need to invoke the system-ui machinery at all.
1841
1842         This patch makes a 92x performance improvement on the associated performance test. This test is
1843         designed to test Chinese text rendered with system-ui.
1844
1845         Performance test: Layout/system-ui.html
1846
1847         * platform/graphics/FontCascadeFonts.cpp:
1848         (WebCore::opportunisticallyStartFontDataURLLoading):
1849
1850 2018-04-30  Jer Noble  <jer.noble@apple.com>
1851
1852         <img src=mp4> does not display on ios despite Accept: video/* advertisement
1853         https://bugs.webkit.org/show_bug.cgi?id=185029
1854         <rdar://problem/39771989>
1855
1856         Reviewed by Eric Carlson.
1857
1858         Returning "NO" from resourceLoader:shouldWaitForLoadingOfResource: signals that the load failed,
1859         even if the resource request is successfully fulfilled prior to the return. Always return YES in
1860         the case that loading succeeded.
1861
1862         * platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.mm:
1863         (-[WebCoreSharedBufferResourceLoaderDelegate resourceLoader:shouldWaitForLoadingOfRequestedResource:]):
1864
1865 2018-04-30  Zalan Bujtas  <zalan@apple.com>
1866
1867         REGRESSION(r230914) Selecting text on this apple.com page makes it vanish
1868         https://bugs.webkit.org/show_bug.cgi?id=185142
1869         <rdar://problem/39821446>
1870
1871         Reviewed by Simon Fraser.
1872
1873         Set the overflow rect on the inline textbox when needed.
1874
1875         Test: fast/text/simple-line-layout-selection-with-overflow.html
1876
1877         * rendering/SimpleLineLayoutFunctions.cpp:
1878         (WebCore::SimpleLineLayout::initializeInlineTextBox):
1879         (WebCore::SimpleLineLayout::generateLineBoxTree):
1880         (WebCore::SimpleLineLayout::initializeInlineBox): Deleted.
1881
1882 2018-04-30  JF Bastien  <jfbastien@apple.com>
1883
1884         Use some C++17 features
1885         https://bugs.webkit.org/show_bug.cgi?id=185135
1886
1887         Reviewed by Alex Christensen.
1888
1889         As discussed here [0] let's move WebKit to a subset of C++17. We
1890         now require GCC 6 [1] which means that, according to [2] we can
1891         use the following C++17 language features (I removed some
1892         uninteresting ones):
1893
1894          - New auto rules for direct-list-initialization
1895          - static_assert with no message
1896          - typename in a template template parameter
1897          - Nested namespace definition
1898          - Attributes for namespaces and enumerators
1899          - u8 character literals
1900          - Allow constant evaluation for all non-type template arguments
1901          - Fold Expressions
1902          - Unary fold expressions and empty parameter packs
1903          - __has_include in preprocessor conditional
1904          - Differing begin and end types in range-based for
1905          - Improving std::pair and std::tuple
1906
1907         Consult the Tony Tables [3] to see before / after examples.
1908
1909         Of course we can use any library feature if we're willing to
1910         import them to WTF (and they don't require language support).
1911
1912
1913           [0]: https://lists.webkit.org/pipermail/webkit-dev/2018-March/029922.html
1914           [1]: https://trac.webkit.org/changeset/231152/webkit
1915           [2]: https://en.cppreference.com/w/cpp/compiler_support
1916           [3]: https://github.com/tvaneerd/cpp17_in_TTs/blob/master/ALL_IN_ONE.md
1917
1918         * DerivedSources.make:
1919         * platform/URLParser.cpp: work around an odd GCC 6 bug with class
1920           static value as a template parameter.
1921         (WebCore::URLParser::percentDecode):
1922         (WebCore::URLParser::domainToASCII):
1923         (WebCore::URLParser::hasForbiddenHostCodePoint):
1924         (WebCore::URLParser::parseHostAndPort):
1925         * platform/URLParser.h:
1926
1927 2018-04-30  Wenson Hsieh  <wenson_hsieh@apple.com>
1928
1929         [Extra zoom mode] Respect the existing shrink-to-fit attribute instead of using min-device-width
1930         https://bugs.webkit.org/show_bug.cgi?id=185132
1931         <rdar://problem/39834562>
1932
1933         Reviewed by Tim Horton.
1934
1935         Removes the `min-device-width` attribute added in r231095. Instead, we key this behavior off of the
1936         `shrink-to-fit` attribute introduced for multitasking on iPad, such that `shrink-to-fit=no` achieves the same
1937         behavior as `min-device-width=0` in extra zoom mode. See comments below for more detail.
1938
1939         Adjusted an existing layout test: fast/viewport/extrazoom/viewport-change-min-device-width.html.
1940
1941         * dom/ViewportArguments.cpp:
1942         (WebCore::setViewportFeature):
1943         (WebCore::operator<<):
1944         * dom/ViewportArguments.h:
1945
1946         Removes the `minDeviceWidth` viewport argument.
1947
1948         * page/RuntimeEnabledFeatures.h:
1949         (WebCore::RuntimeEnabledFeatures::setMinDeviceWidthEnabled): Deleted.
1950         (WebCore::RuntimeEnabledFeatures::minDeviceWidthEnabled const): Deleted.
1951
1952         Removes the runtime switch for `min-device-width`.
1953
1954         * page/ViewportConfiguration.cpp:
1955         (WebCore::platformDeviceWidthOverride):
1956
1957         Hard-code the override device width in extra zoom mode.
1958
1959         (WebCore::ViewportConfiguration::shouldOverrideDeviceWidthAndShrinkToFit const):
1960
1961         In extra zoom mode, override the device width only if shrink-to-fit has not been expliticly disabled, and the
1962         device width is less than the override device width.
1963
1964         (WebCore::ViewportConfiguration::shouldIgnoreHorizontalScalingConstraints const):
1965         (WebCore::ViewportConfiguration::shouldIgnoreScalingConstraintsRegardlessOfContentSize const):
1966         (WebCore::ViewportConfiguration::updateConfiguration):
1967         (WebCore::ViewportConfiguration::updateMinimumLayoutSize):
1968
1969         Do not override the minimum layout size if `shrink-to-fit` has been explicitly explicitly disabled, or if the
1970         device width is greater than the override device width.
1971
1972         (WebCore::computedMinDeviceWidth): Deleted.
1973         (WebCore::ViewportConfiguration::shouldOverrideDeviceWidthWithMinDeviceWidth const): Deleted.
1974         * page/ViewportConfiguration.h:
1975
1976 2018-04-30  Chris Nardi  <cnardi@chromium.org>
1977
1978         Serialize font-variation-settings with double-quotes per spec
1979         https://bugs.webkit.org/show_bug.cgi?id=182542
1980
1981         Reviewed by Myles C. Maxfield.
1982
1983         According to the CSSOM spec [1], all strings should be serialized with double-quotes.
1984         The axis name in font-variation-settings was previously serialized with single-quotes;
1985         change this to double-quotes to match the spec and non-WebKit browsers.
1986
1987         [1]: https://drafts.csswg.org/cssom/#common-serializing-idioms
1988
1989         Updated fast/text/variations/getComputedStyle.html to test the change.
1990
1991         * css/CSSFontVariationValue.cpp:
1992         (WebCore::CSSFontVariationValue::customCSSText const):
1993
1994 2018-04-30  Chris Dumez  <cdumez@apple.com>
1995
1996         Fix bad use of RunLoop::main().dispatch() in MessagePort::dispatchMessages()
1997         https://bugs.webkit.org/show_bug.cgi?id=185134
1998
1999         Reviewed by Geoffrey Garen.
2000
2001         Fix bad use of RunLoop::main().dispatch() in MessagePort::dispatchMessages(). This code runs on iOS WebKitLegacy
2002         and it is therefore unsafe to use RunLoop::main() here. We want to use callOnMainThread() instead to run code on
2003         the WebThread.
2004
2005         * dom/MessagePort.cpp:
2006         (WebCore::MessagePort::dispatchMessages):
2007
2008 2018-04-30  Simon Fraser  <simon.fraser@apple.com>
2009
2010         Make color-filter affect caret-color
2011         https://bugs.webkit.org/show_bug.cgi?id=185129
2012         rdar://problem/39829066
2013
2014         Reviewed by Tim Horton.
2015         
2016         Transform the colors used to compare the caret color with the background through
2017         color-filter (since we want contrasting colors after filters are applied), and
2018         transform caret-color itself.
2019
2020         Test: css3/color-filters/color-filter-caret-color.html
2021
2022         * editing/FrameSelection.cpp:
2023         (WebCore::CaretBase::paintCaret const):
2024
2025 2018-04-30  Michael Catanzaro  <mcatanzaro@igalia.com>
2026
2027         [GTK] Webkit should spoof as Safari on a Mac when on Chase.com
2028         https://bugs.webkit.org/show_bug.cgi?id=185103
2029
2030         Reviewed by Carlos Garcia Campos.
2031
2032         Send a fake user agent to chase.com to make it work.
2033
2034         * platform/UserAgentQuirks.cpp:
2035         (WebCore::urlRequiresMacintoshPlatform):
2036         (WebCore::UserAgentQuirks::stringForQuirk): Also, remove this stale comment.
2037
2038 2018-04-29  Simon Fraser  <simon.fraser@apple.com>
2039
2040         Make color-filter affect <attachment>
2041         https://bugs.webkit.org/show_bug.cgi?id=185122
2042         rdar://problem/39818763
2043
2044         Reviewed by Tim Horton.
2045         
2046         Convert the colors used to render <attachment> through color-filter, except
2047         for those parts that render over the icon (like the progress bar).
2048
2049         Not easily testable.
2050
2051         * rendering/RenderThemeMac.mm:
2052         (WebCore::titleTextColorForAttachment):
2053         (WebCore::AttachmentLayout::layOutTitle):
2054         (WebCore::AttachmentLayout::layOutSubtitle):
2055         (WebCore::paintAttachmentIconBackground):
2056         (WebCore::paintAttachmentTitleBackground):
2057         (WebCore::paintAttachmentPlaceholderBorder):
2058
2059 2018-04-28  Simon Fraser  <simon.fraser@apple.com>
2060
2061         Fix color-filter to apply to SVG colors
2062         https://bugs.webkit.org/show_bug.cgi?id=185113
2063         rdar://problem/39665082
2064
2065         Reviewed by Dean Jackson.
2066         
2067         Convert SVG colors through color-filter operations for the places in SVG
2068         that use color, namely fill and stroke, gradients, lighting colors and
2069         drop-shadow.
2070
2071         Test: css3/color-filters/svg/color-filter-inline-svg.html
2072
2073         * rendering/svg/RenderSVGResourceGradient.cpp:
2074         (WebCore::RenderSVGResourceGradient::applyResource):
2075         * rendering/svg/RenderSVGResourceGradient.h:
2076         * rendering/svg/RenderSVGResourceLinearGradient.cpp:
2077         (WebCore::RenderSVGResourceLinearGradient::buildGradient const):
2078         * rendering/svg/RenderSVGResourceLinearGradient.h:
2079         * rendering/svg/RenderSVGResourceRadialGradient.cpp:
2080         (WebCore::RenderSVGResourceRadialGradient::buildGradient const):
2081         * rendering/svg/RenderSVGResourceRadialGradient.h:
2082         * rendering/svg/RenderSVGResourceSolidColor.cpp:
2083         (WebCore::RenderSVGResourceSolidColor::applyResource):
2084         * svg/SVGFEDiffuseLightingElement.cpp:
2085         (WebCore::SVGFEDiffuseLightingElement::setFilterEffectAttribute):
2086         (WebCore::SVGFEDiffuseLightingElement::build):
2087         * svg/SVGFEDropShadowElement.cpp:
2088         (WebCore::SVGFEDropShadowElement::build):
2089         * svg/SVGFEFloodElement.cpp:
2090         (WebCore::SVGFEFloodElement::build):
2091         * svg/SVGFESpecularLightingElement.cpp:
2092         (WebCore::SVGFESpecularLightingElement::setFilterEffectAttribute):
2093         (WebCore::SVGFESpecularLightingElement::build):
2094
2095 2018-04-29  Michael Catanzaro  <mcatanzaro@igalia.com>
2096
2097         [CMake] Require GCC 6
2098         https://bugs.webkit.org/show_bug.cgi?id=184985
2099
2100         Reviewed by Alex Christensen.
2101
2102         Remove a GCC 5 fallback path. This seems to be the only such fallback path in WebKit.
2103
2104         * platform/graphics/FourCC.h:
2105         (WebCore::FourCC::FourCC):
2106
2107 2018-04-29  Zalan Bujtas  <zalan@apple.com>
2108
2109         [LFC] Implement Display::Box functions
2110         https://bugs.webkit.org/show_bug.cgi?id=185116
2111
2112         Reviewed by Antti Koivisto.
2113
2114         * layout/displaytree/DisplayBox.cpp:
2115         (WebCore::Display::Box::Box):
2116         (WebCore::Display::Box::~Box):
2117         (WebCore::Display::Box::marginBox const):
2118         (WebCore::Display::Box::borderBox const):
2119         (WebCore::Display::Box::paddingBox const):
2120         (WebCore::Display::Box::contentBox const):
2121         * layout/displaytree/DisplayBox.h:
2122         (WebCore::Display::Box::rect const):
2123         (WebCore::Display::Box::top const):
2124         (WebCore::Display::Box::left const):
2125         (WebCore::Display::Box::bottom const):
2126         (WebCore::Display::Box::right const):
2127         (WebCore::Display::Box::topLeft const):
2128         (WebCore::Display::Box::bottomRight const):
2129         (WebCore::Display::Box::size const):
2130         (WebCore::Display::Box::width const):
2131         (WebCore::Display::Box::height const):
2132         (WebCore::Display::Box::marginTop const):
2133         (WebCore::Display::Box::marginLeft const):
2134         (WebCore::Display::Box::marginBottom const):
2135         (WebCore::Display::Box::marginRight const):
2136         (WebCore::Display::Box::parent const):
2137         (WebCore::Display::Box::nextSibling const):
2138         (WebCore::Display::Box::previousSibling const):
2139         (WebCore::Display::Box::firstChild const):
2140         (WebCore::Display::Box::lastChild const):
2141         (WebCore::Display::Box::setRect):
2142         (WebCore::Display::Box::setTopLeft):
2143         (WebCore::Display::Box::setTop):
2144         (WebCore::Display::Box::setLeft):
2145         (WebCore::Display::Box::setSize):
2146         (WebCore::Display::Box::setWidth):
2147         (WebCore::Display::Box::setHeight):
2148         (WebCore::Display::Box::setMarginTop):
2149         (WebCore::Display::Box::setMarginLeft):
2150         (WebCore::Display::Box::setMarginBottom):
2151         (WebCore::Display::Box::setMarginRight):
2152         (WebCore::Display::Box::setBorderTop):
2153         (WebCore::Display::Box::setBorderLeft):
2154         (WebCore::Display::Box::setBorderBottom):
2155         (WebCore::Display::Box::setBorderRight):
2156         (WebCore::Display::Box::setPaddingTop):
2157         (WebCore::Display::Box::setPaddingLeft):
2158         (WebCore::Display::Box::setPaddingBottom):
2159         (WebCore::Display::Box::setPaddingRight):
2160         (WebCore::Display::Box::setParent):
2161         (WebCore::Display::Box::setNextSibling):
2162         (WebCore::Display::Box::setPreviousSibling):
2163         (WebCore::Display::Box::setFirstChild):
2164         (WebCore::Display::Box::setLastChild):
2165
2166 2018-04-29  Youenn Fablet  <youenn@apple.com>
2167
2168         Make RestrictedHTTPResponseAccess flag true by default
2169         https://bugs.webkit.org/show_bug.cgi?id=185089
2170
2171         Reviewed by Geoffrey Garen.
2172
2173         * page/RuntimeEnabledFeatures.h:
2174
2175 2018-04-28  Sihui Liu  <sihui_liu@apple.com>
2176
2177         [Cocoa] Set HTTPOnly flag when converting Cookie to NSHTTPCookie
2178         https://bugs.webkit.org/show_bug.cgi?id=185052
2179
2180         Reviewed by Geoffrey Garen.
2181
2182         Set HTTPOnly for NSHTTPCookie when it's converted from Cookie, so the WebKit APIs could 
2183         create NSHTTPCookie with correct HTTPOnly flag. Also, reverted the change made to operator
2184         function because we want the Cookie class to act as a wrapper for NSHTTPCookie and leverage
2185         its equal function. 
2186
2187         Modified API test: WebKit.WKHTTPCookieStoreHttpOnly
2188
2189         * platform/network/cocoa/CookieCocoa.mm:
2190         (WebCore::Cookie::operator NSHTTPCookie * const):
2191         (WebCore::Cookie::operator== const):
2192         * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
2193         (WebCore::NetworkStorageSession::deleteCookie):
2194
2195 2018-04-28  Zalan Bujtas  <zalan@apple.com>
2196
2197         [LFC] Add LayoutTreeBuilder class to generate the layout tree
2198         https://bugs.webkit.org/show_bug.cgi?id=185108
2199
2200         Reviewed by Antti Koivisto.
2201
2202         This is for testing purposes.
2203
2204         * WebCore.xcodeproj/project.pbxproj:
2205         * layout/FormattingState.cpp:
2206         (WebCore::Layout::FormattingState::~FormattingState):
2207         * layout/FormattingState.h:
2208         * layout/LayoutContext.h:
2209         * layout/blockformatting/BlockFormattingState.cpp:
2210         (WebCore::Layout::BlockFormattingState::~BlockFormattingState):
2211         * layout/blockformatting/BlockFormattingState.h:
2212         * layout/inlineformatting/InlineFormattingState.cpp:
2213         (WebCore::Layout::InlineFormattingState::~InlineFormattingState):
2214         * layout/inlineformatting/InlineFormattingState.h:
2215         * layout/layouttree/LayoutBlockContainer.h:
2216         * layout/layouttree/LayoutBox.h:
2217         * layout/layouttree/LayoutContainer.h:
2218         * layout/layouttree/LayoutInlineContainer.h:
2219         * layout/layouttree/LayoutTreeBuilder.cpp: Added.
2220         (WebCore::Layout::TreeBuilder::createLayoutTree):
2221         (WebCore::Layout::TreeBuilder::createSubTree):
2222         (WebCore::Layout::outputLayoutBox):
2223         (WebCore::Layout::outputLayoutTree):
2224         (WebCore::Layout::TreeBuilder::showLayoutTree):
2225         (WebCore::Layout::printLayoutTreeForLiveDocuments):
2226         * layout/layouttree/LayoutTreeBuilder.h: Copied from Source/WebCore/layout/layouttree/LayoutBlockContainer.h.
2227         * page/mac/PageMac.mm:
2228         (WebCore::Page::platformInitialize):
2229
2230 2018-04-28  Zalan Bujtas  <zalan@apple.com>
2231
2232         [LFC] Implement BlockMarginCollapse functions.
2233         https://bugs.webkit.org/show_bug.cgi?id=185036
2234
2235         Reviewed by Antti Koivisto.
2236
2237         * layout/blockformatting/BlockMarginCollapse.cpp:
2238         (WebCore::Layout::marginValue):
2239         (WebCore::Layout::BlockMarginCollapse::BlockMarginCollapse):
2240         (WebCore::Layout::BlockMarginCollapse::marginTop const):
2241         (WebCore::Layout::BlockMarginCollapse::marginBottom const):
2242         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithSibling const):
2243         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithSibling const):
2244         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithParent const):
2245         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithParent const):
2246         (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginTop const):
2247         (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginBottom const):
2248         (WebCore::Layout::BlockMarginCollapse::collapsedMarginTopFromFirstChild const):
2249         (WebCore::Layout::BlockMarginCollapse::collapsedMarginBottomFromLastChild const):
2250         (WebCore::Layout::BlockMarginCollapse::hasAdjoiningMarginTopAndBottom const):
2251         * layout/blockformatting/BlockMarginCollapse.h:
2252         * layout/layouttree/LayoutBox.h:
2253         (WebCore::Layout::Box::style const):
2254
2255 2018-04-27  David Kilzer  <ddkilzer@apple.com>
2256
2257         Add logging when SpringBoard enables WebThread
2258         <https://webkit.org/b/185100>
2259         <rdar://problem/39746542>
2260
2261         Reviewed by Daniel Bates.
2262
2263         * platform/RuntimeApplicationChecks.h:
2264         (WebCore::IOSApplication::isSpringBoard): Add declaration.
2265         * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
2266         (WebCore::IOSApplication::isSpringBoard): Add implementation.
2267         * platform/ios/wak/WebCoreThread.mm:
2268         (WebThreadEnable): Call RELEASE_LOG_FAULT() if this is called by
2269         SpringBoard.
2270
2271 2018-04-27  Keith Rollin  <krollin@apple.com>
2272
2273         Fix crash in DocumentLoader::startLoadingMainResource
2274         https://bugs.webkit.org/show_bug.cgi?id=185088
2275         rdar://problem/39689263
2276
2277         Reviewed by Chris Dumez.
2278
2279         Add a "protectedThis" to address a case where a deleted "this" was
2280         accessed in a RELEASE_LOG statement.
2281
2282         No new tests -- covered by existing tests, which now pass.
2283
2284         * loader/DocumentLoader.cpp:
2285         (WebCore::DocumentLoader::startLoadingMainResource):
2286
2287 2018-04-27  Simon Fraser  <simon.fraser@apple.com>
2288
2289         Implement color-filter for text stroke
2290         https://bugs.webkit.org/show_bug.cgi?id=185098
2291
2292         Reviewed by Alan Bujtas.
2293         
2294         Transform the text stroke color through color-filter.
2295
2296         Test: css3/color-filters/color-filter-text-stroke.html
2297
2298         * rendering/TextPaintStyle.cpp:
2299         (WebCore::computeTextPaintStyle):
2300
2301 2018-04-27  Simon Fraser  <simon.fraser@apple.com>
2302
2303         Implement animation for color-filter
2304         https://bugs.webkit.org/show_bug.cgi?id=185092
2305         rdar://problem/39773810
2306
2307         Reviewed by Tim Horton.
2308         
2309         Implement animation of color-filter.
2310         
2311         This requires tracking whether the color-filter function lists match for both old and new
2312         animation code paths.
2313         
2314         The filter-related ProperyWappers in CSSPropertyAnimation are cleaned up to use a single wrapper,
2315         which has to pass the propertyID to the blend function so we know which "lists match" to check.
2316         This wrapper reports that its accelerated for filter and backdrop-filter, but not color-filter.
2317
2318         Test: css3/color-filters/color-filter-animation.html
2319
2320         * animation/CSSPropertyBlendingClient.h:
2321         * animation/KeyframeEffectReadOnly.cpp:
2322         (WebCore::KeyframeEffectReadOnly::setBlendingKeyframes):
2323         (WebCore::KeyframeEffectReadOnly::checkForMatchingColorFilterFunctionLists):
2324         * animation/KeyframeEffectReadOnly.h:
2325         * page/animation/AnimationBase.h:
2326         * page/animation/CSSPropertyAnimation.cpp:
2327         (WebCore::blendFunc):
2328         (WebCore::PropertyWrapperFilter::PropertyWrapperFilter):
2329         (WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):
2330         (WebCore::PropertyWrapperAcceleratedFilter::PropertyWrapperAcceleratedFilter): Deleted.
2331         (WebCore::PropertyWrapperAcceleratedBackdropFilter::PropertyWrapperAcceleratedBackdropFilter): Deleted.
2332         (WebCore::PropertyWrapperAcceleratedBackdropFilter::animationIsAccelerated const): Deleted.
2333         (WebCore::PropertyWrapperAcceleratedBackdropFilter::blend const): Deleted.
2334         * page/animation/ImplicitAnimation.cpp:
2335         (WebCore::ImplicitAnimation::reset):
2336         (WebCore::ImplicitAnimation::checkForMatchingColorFilterFunctionLists):
2337         * page/animation/ImplicitAnimation.h:
2338         * page/animation/KeyframeAnimation.cpp:
2339         (WebCore::KeyframeAnimation::KeyframeAnimation):
2340         (WebCore::KeyframeAnimation::checkForMatchingColorFilterFunctionLists):
2341         * page/animation/KeyframeAnimation.h:
2342
2343 2018-04-27  Zalan Bujtas  <zalan@apple.com>
2344
2345         [LFC] Add FormattingContext::computeWidth/computeHeight logic.
2346         https://bugs.webkit.org/show_bug.cgi?id=185091
2347
2348         Reviewed by Antti Koivisto.
2349
2350         Inflow width and height can't really be computed without knowing the exact context. 
2351
2352         * layout/FormattingContext.cpp:
2353         (WebCore::Layout::FormattingContext::computeWidth const):
2354         (WebCore::Layout::FormattingContext::computeHeight const):
2355         (WebCore::Layout::FormattingContext::computeOutOfFlowWidth const):
2356         (WebCore::Layout::FormattingContext::computeFloatingWidth const):
2357         (WebCore::Layout::FormattingContext::computeOutOfFlowHeight const):
2358         (WebCore::Layout::FormattingContext::computeFloatingHeight const):
2359         * layout/FormattingContext.h:
2360         * layout/blockformatting/BlockFormattingContext.cpp:
2361         (WebCore::Layout::BlockFormattingContext::computeInFlowWidth const):
2362         (WebCore::Layout::BlockFormattingContext::computeInFlowHeight const):
2363         (WebCore::Layout::BlockFormattingContext::computeWidth const): Deleted.
2364         (WebCore::Layout::BlockFormattingContext::computeHeight const): Deleted.
2365         * layout/blockformatting/BlockFormattingContext.h:
2366         * layout/inlineformatting/InlineFormattingContext.cpp:
2367         (WebCore::Layout::InlineFormattingContext::computeInFlowWidth const):
2368         (WebCore::Layout::InlineFormattingContext::computeInFlowHeight const):
2369         * layout/inlineformatting/InlineFormattingContext.h:
2370
2371 2018-04-27  Chris Dumez  <cdumez@apple.com>
2372
2373         Use WindowProxy instead of DOMWindow in our IDL
2374         https://bugs.webkit.org/show_bug.cgi?id=185022
2375
2376         Reviewed by Sam Weinig.
2377
2378         Stop using DOMWindow in all of our IDL files and use WindowProxy as
2379         per their respective specifications. As a result, the implementation
2380         as also updated to use WindowProxy type instead of DOMWindow.
2381
2382         * WebCore.xcodeproj/project.pbxproj:
2383         * bindings/js/JSDOMConvertWindowProxy.h: Removed.
2384         * bindings/js/JSWindowProxy.cpp:
2385         (WebCore::JSWindowProxy::windowProxy const):
2386         (WebCore::JSWindowProxy::toWrapped):
2387         * bindings/js/JSWindowProxy.h:
2388         (WebCore::window):
2389         Use static_cast<>() instead of jsCast<>() because jsCast<>()
2390         relies on classInfo() which is not allowed to be called during
2391         JS sweep due to an assertion inside classInfo(). The JSWindowProxy
2392         objects are held strongly by the WindowProxy so we know the JSWindowProxy
2393         object is not getting destroyed here.
2394
2395         (WebCore::toJS):
2396         * bindings/js/WindowProxy.cpp:
2397         (WebCore::WindowProxy::globalObject):
2398         * bindings/js/WindowProxy.h:
2399         (WebCore::WindowProxy::frame const):
2400         * bindings/scripts/CodeGenerator.pm:
2401         (IsBuiltinType):
2402         (ComputeIsCallbackInterface):
2403         (ComputeIsCallbackFunction):
2404         * bindings/scripts/CodeGeneratorJS.pm:
2405         (AddToIncludesForIDLType):
2406         (GetBaseIDLType):
2407         (NativeToJSValueDOMConvertNeedsState):
2408         * bindings/scripts/test/JS/JSTestObj.cpp:
2409         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod9Body):
2410         (WebCore::jsTestObjPrototypeFunctionOverloadedMethodOverloadDispatcher):
2411         * bindings/scripts/test/TestObj.idl:
2412         * dom/CompositionEvent.cpp:
2413         (WebCore::CompositionEvent::CompositionEvent):
2414         (WebCore::CompositionEvent::initCompositionEvent):
2415         * dom/CompositionEvent.h:
2416         * dom/CompositionEvent.idl:
2417         * dom/Document.cpp:
2418         (WebCore::Document::defaultView const):
2419         * dom/Document.h:
2420         * dom/Document.idl:
2421         * dom/DocumentTouch.cpp:
2422         (WebCore::DocumentTouch::createTouch):
2423         * dom/DocumentTouch.h:
2424         * dom/DocumentTouch.idl:
2425         * dom/FocusEvent.cpp:
2426         (WebCore::FocusEvent::FocusEvent):
2427         * dom/FocusEvent.h:
2428         * dom/InputEvent.cpp:
2429         (WebCore::InputEvent::create):
2430         (WebCore::InputEvent::InputEvent):
2431         * dom/InputEvent.h:
2432         * dom/KeyboardEvent.cpp:
2433         (WebCore::KeyboardEvent::KeyboardEvent):
2434         (WebCore::KeyboardEvent::create):
2435         (WebCore::KeyboardEvent::initKeyboardEvent):
2436         (WebCore::KeyboardEvent::charCode const):
2437         * dom/KeyboardEvent.h:
2438         * dom/KeyboardEvent.idl:
2439         * dom/MessageEvent.h:
2440         * dom/MessageEvent.idl:
2441         * dom/MouseEvent.cpp:
2442         (WebCore::MouseEvent::create):
2443         (WebCore::MouseEvent::MouseEvent):
2444         (WebCore::MouseEvent::initMouseEvent):
2445         (WebCore::MouseEvent::initMouseEventQuirk):
2446         * dom/MouseEvent.h:
2447         * dom/MouseEvent.idl:
2448         * dom/MouseRelatedEvent.cpp:
2449         (WebCore::MouseRelatedEvent::MouseRelatedEvent):
2450         (WebCore::MouseRelatedEvent::init):
2451         (WebCore::MouseRelatedEvent::frameViewFromWindowProxy):
2452         (WebCore::MouseRelatedEvent::initCoordinates):
2453         (WebCore::MouseRelatedEvent::documentToAbsoluteScaleFactor const):
2454         (WebCore::MouseRelatedEvent::computePageLocation):
2455         (WebCore::MouseRelatedEvent::locationInRootViewCoordinates const):
2456         * dom/MouseRelatedEvent.h:
2457         * dom/Node.cpp:
2458         * dom/SimulatedClick.cpp:
2459         * dom/TextEvent.cpp:
2460         (WebCore::TextEvent::create):
2461         (WebCore::TextEvent::createForPlainTextPaste):
2462         (WebCore::TextEvent::createForFragmentPaste):
2463         (WebCore::TextEvent::createForDrop):
2464         (WebCore::TextEvent::createForDictation):
2465         (WebCore::TextEvent::TextEvent):
2466         (WebCore::TextEvent::initTextEvent):
2467         * dom/TextEvent.h:
2468         * dom/TextEvent.idl:
2469         * dom/TouchEvent.idl:
2470         * dom/UIEvent.cpp:
2471         (WebCore::UIEvent::UIEvent):
2472         (WebCore::UIEvent::initUIEvent):
2473         * dom/UIEvent.h:
2474         (WebCore::UIEvent::create):
2475         (WebCore::UIEvent::view const):
2476         * dom/UIEvent.idl:
2477         * dom/UIEventInit.h:
2478         * dom/UIEventInit.idl:
2479         * dom/UIEventWithKeyState.h:
2480         (WebCore::UIEventWithKeyState::UIEventWithKeyState):
2481         * dom/WheelEvent.cpp:
2482         (WebCore::WheelEvent::WheelEvent):
2483         (WebCore::WheelEvent::create):
2484         (WebCore::WheelEvent::initWebKitWheelEvent):
2485         * dom/WheelEvent.h:
2486         * dom/WheelEvent.idl:
2487         * editing/AlternativeTextController.cpp:
2488         (WebCore::AlternativeTextController::insertDictatedText):
2489         * editing/Editor.cpp:
2490         (WebCore::Editor::pasteAsPlainText):
2491         (WebCore::Editor::pasteAsFragment):
2492         (WebCore::Editor::setComposition):
2493         * html/HTMLDocument.cpp:
2494         (WebCore::HTMLDocument::namedItem):
2495         * html/HTMLDocument.h:
2496         * html/HTMLDocument.idl:
2497         * html/HTMLFrameElement.idl:
2498         * html/HTMLFrameOwnerElement.cpp:
2499         (WebCore::HTMLFrameOwnerElement::contentWindow const):
2500         * html/HTMLFrameOwnerElement.h:
2501         * html/HTMLFrameSetElement.cpp:
2502         (WebCore::HTMLFrameSetElement::namedItem):
2503         * html/HTMLFrameSetElement.h:
2504         * html/HTMLFrameSetElement.idl:
2505         * html/HTMLIFrameElement.idl:
2506         * html/ImageDocument.cpp:
2507         * page/DOMWindow.cpp:
2508         (WebCore::PostMessageTimer::PostMessageTimer):
2509         (WebCore::PostMessageTimer::event):
2510         (WebCore::DOMWindow::postMessage):
2511         * page/DragController.cpp:
2512         (WebCore::DragController::dispatchTextInputEventFor):
2513         * page/EventHandler.cpp:
2514         (WebCore::EventHandler::handleTextInputEvent):
2515
2516 2018-04-27  Nan Wang  <n_wang@apple.com>
2517
2518         AX: Accessibility needs to know which part of the content view is visible on iOS
2519         https://bugs.webkit.org/show_bug.cgi?id=185085
2520         <rdar://problem/39801363>
2521
2522         Reviewed by Chris Fleizach.
2523
2524         Exposed unobscuredContentRect() to iOS accessibility object wrapper.
2525
2526         Test: accessibility/ios-simulator/unobscured-content-rect.html
2527
2528         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
2529         (-[WebAccessibilityObjectWrapper accessibilityVisibleContentRect]):
2530
2531 2018-04-27  Simon Fraser  <simon.fraser@apple.com>
2532
2533         Refactor filter list checking code
2534         https://bugs.webkit.org/show_bug.cgi?id=185087
2535
2536         Reviewed by Alan Bujtas.
2537
2538         Deduplicate code between filter and backdrop-filter for checking whether function lists
2539         match, by making a shared function that takes a std::function.
2540         
2541         The call sites have to declare the return type (-> const FilterOperations&) to avoid std::function
2542         converting the return type into a value.
2543
2544         * animation/KeyframeEffectReadOnly.cpp:
2545         (WebCore::KeyframeEffectReadOnly::checkForMatchingFilterFunctionLists const):
2546         (WebCore::KeyframeEffectReadOnly::checkForMatchingFilterFunctionLists):
2547         (WebCore::KeyframeEffectReadOnly::checkForMatchingBackdropFilterFunctionLists):
2548         * animation/KeyframeEffectReadOnly.h:
2549         * page/animation/KeyframeAnimation.cpp:
2550         (WebCore::KeyframeAnimation::checkForMatchingFilterFunctionLists const):
2551         (WebCore::KeyframeAnimation::checkForMatchingFilterFunctionLists):
2552         (WebCore::KeyframeAnimation::checkForMatchingBackdropFilterFunctionLists):
2553         * page/animation/KeyframeAnimation.h:
2554
2555 2018-04-27  Chris Dumez  <cdumez@apple.com>
2556
2557         Regression(r222392?): Events can have a negative timestamp which causes app breakage
2558         https://bugs.webkit.org/show_bug.cgi?id=185040
2559         <rdar://problem/39638051>
2560
2561         Reviewed by Wenson Hsieh.
2562
2563         The real fix is in UIKit when generating the touch timestamps. However, this patch
2564         does some hardening to make sure that Event.timestamp can never return a negative
2565         value even if something goes wrong.
2566
2567         * dom/Event.cpp:
2568         (WebCore::Event::timeStampForBindings const):
2569
2570 2018-04-27  Christopher Reid  <chris.reid@sony.com>
2571
2572         URL::appendEncodedHostName is using the deprecated uidna_IDNToASCII function
2573         https://bugs.webkit.org/show_bug.cgi?id=184836
2574
2575         Reviewed by Alex Christensen.
2576
2577         Update URL::appendEncodedHostName to use uidna_nameToASCII as done in r208902.
2578
2579         Test: LayoutTests\fast\url\url-hostname-encoding.html
2580
2581         * platform/URL.cpp:
2582
2583 2018-04-27  Youenn Fablet  <youenn@apple.com>
2584
2585         CachedRawResource is not handling incremental data computation correctly
2586         https://bugs.webkit.org/show_bug.cgi?id=184936
2587         <rdar://problem/38798141>
2588
2589         Reviewed by Darin Adler.
2590
2591         * loader/cache/CachedRawResource.cpp:
2592         (WebCore::CachedRawResource::updateBuffer): Fixing style.
2593
2594 2018-04-27  Zalan Bujtas  <zalan@apple.com>
2595
2596         [LFC] Implement BlockFormattingContext::layout logic and its dependencies
2597         https://bugs.webkit.org/show_bug.cgi?id=185024
2598
2599         Reviewed by Antti Koivisto.
2600
2601         This patch implements the logic for block formatting context according to
2602         https://www.w3.org/TR/CSS22/visuren.html#block-formatting
2603
2604         1. Traverse the tree iteratively (in post-order fashion) and compute the width/static position for the containers as
2605         we visit the descendant nodes until we hit a leaf node.
2606         2. Compute the position/geometry of the leaf node and move over to its sibling(s).
2607         3. Finalize the container's height/final position as we climb back on the tree.
2608         4. Run layout on the out-of-flow descendants.  
2609
2610         Note that subtrees with a formatting context root need to be laid out completely before moving on to the next box.
2611         The formatting root box is laid out in the formatting context it lives in, however its descendants get laid out
2612         in a separate formatting context (excluding out-of-flow boxes that don't belong to the root). 
2613
2614         * layout/FloatingContext.cpp:
2615         (WebCore::Layout::FloatingContext::FloatingContext):
2616         (WebCore::Layout::FloatingContext::computePosition):
2617         * layout/FormattingContext.cpp:
2618         (WebCore::Layout::FormattingContext::placeInFlowPositionedChildren const):
2619         (WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):
2620         * layout/FormattingContext.h:
2621         * layout/LayoutContext.cpp:
2622         (WebCore::Layout::LayoutContext::updateLayout):
2623         (WebCore::Layout::LayoutContext::establishedFormattingState):
2624         * layout/LayoutContext.h:
2625         * layout/blockformatting/BlockFormattingContext.cpp:
2626         (WebCore::Layout::BlockFormattingContext::layout const):
2627         (WebCore::Layout::BlockFormattingContext::layout): Deleted.
2628         * layout/blockformatting/BlockFormattingContext.h:
2629         * layout/inlineformatting/InlineFormattingContext.cpp:
2630         (WebCore::Layout::InlineFormattingContext::layout const):
2631         (WebCore::Layout::InlineFormattingContext::layout): Deleted.
2632         * layout/inlineformatting/InlineFormattingContext.h:
2633
2634 2018-04-27  Youenn Fablet  <youenn@apple.com>
2635
2636         Use NetworkLoadChecker for XHR/fetch loads
2637         https://bugs.webkit.org/show_bug.cgi?id=184741
2638
2639         Reviewed by Chris Dumez.
2640
2641         Covered by existing tests.
2642
2643         * loader/DocumentThreadableLoader.cpp:
2644         (WebCore::DocumentThreadableLoader::shouldSetHTTPHeadersToKeep const):
2645         We need to set this option for CORS done in NetworkProcess.
2646         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
2647         Set httpHeadersTokeep when needed (service worker or CORS loads).
2648         Remove the synchronous disabling of preflight since this is now also done for asynchronous loads.
2649         (WebCore::DocumentThreadableLoader::checkURLSchemeAsCORSEnabled):
2650         Helper routine to make the same check for both simple and preflight case.
2651         This allows more consistent error logging between WK1 and WK2.
2652         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
2653         Skip preflight in case this is done in NetworkProcess.
2654         (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest):
2655         (WebCore::isResponseComingFromNetworkProcess):
2656         (WebCore::DocumentThreadableLoader::redirectReceived):
2657         Bypass security checks when they are already done in NetworkProcess.
2658         (WebCore::DocumentThreadableLoader::didFail):
2659         In case of AccessControl error, it might be due to a CSP check done in NetworkProcess.
2660         Check it again to enable specific CSP console logging and error reporting.
2661         (WebCore::DocumentThreadableLoader::loadRequest):
2662         Recreating the error in case of synchronous loads to be able to log it adequately.
2663         (WebCore::DocumentThreadableLoader::isDoingSecurityChecksInNetworkProcess const):
2664         * loader/DocumentThreadableLoader.h:
2665         * loader/SubresourceLoader.cpp:
2666         (WebCore::SubresourceLoader::checkResponseCrossOriginAccessControl):
2667         Specific handling of SameOrigin credential mode for which cross-origin load will not use any credential.
2668         (WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl):
2669         We keep the application headers so that DocumentThreadableLoader does not have to restart a brand new load.
2670         * loader/cache/CachedResourceLoader.cpp:
2671         (WebCore::CachedResourceLoader::requestResource):
2672         DocumentThreadableLoader is setting referrer and origin directly. Until we fix that, we remove them from the original requests
2673         as applications are not supposed to set these headers.
2674
2675 2018-04-27  Wenson Hsieh  <wenson_hsieh@apple.com>
2676
2677         Add an experimental feature flag for viewport "min-device-width"
2678         https://bugs.webkit.org/show_bug.cgi?id=185050
2679         <rdar://problem/39624038>
2680
2681         Reviewed by Tim Horton.
2682
2683         Add MinDeviceWidthEnabled as a new runtime-enabled feature.
2684
2685         * dom/ViewportArguments.cpp:
2686         (WebCore::setViewportFeature):
2687
2688         Gate the parsing of "min-device-width" on the runtime-enabled feature being flipped on.
2689
2690         * page/RuntimeEnabledFeatures.h:
2691         (WebCore::RuntimeEnabledFeatures::setMinDeviceWidthEnabled):
2692         (WebCore::RuntimeEnabledFeatures::minDeviceWidthEnabled const):
2693
2694 2018-04-27  Simon Fraser  <simon.fraser@apple.com>
2695
2696         Make color-filter transform gradient colors
2697         https://bugs.webkit.org/show_bug.cgi?id=185080
2698
2699         Reviewed by Zalan Bujtas.
2700         
2701         In CSSGradientValue::computeStops(), transform the color of each gradient color
2702         stop through the color filter. Having a color filter makes the gradient uncacheable.
2703         
2704         Color filters can add alpha, so we also have to fix up CSSGradientValue::knownToBeOpaque()
2705         to take a RenderStyle and convert the colors before testing opaqueness. Clean up some related
2706         functions to take const RenderStyle&.
2707
2708         Test: css3/color-filters/color-filter-gradients.html
2709
2710         * css/CSSCrossfadeValue.cpp:
2711         (WebCore::subimageKnownToBeOpaque):
2712         * css/CSSFilterImageValue.cpp:
2713         (WebCore::CSSFilterImageValue::knownToBeOpaque const):
2714         * css/CSSFilterImageValue.h:
2715         * css/CSSGradientValue.cpp:
2716         (WebCore::CSSGradientValue::image):
2717         (WebCore::CSSGradientValue::computeStops):
2718         (WebCore::CSSGradientValue::knownToBeOpaque const):
2719         (WebCore::CSSLinearGradientValue::createGradient):
2720         (WebCore::CSSRadialGradientValue::createGradient):
2721         * css/CSSGradientValue.h:
2722         * css/CSSImageGeneratorValue.cpp:
2723         (WebCore::CSSImageGeneratorValue::knownToBeOpaque const):
2724         * css/CSSImageValue.cpp:
2725         (WebCore::CSSImageValue::knownToBeOpaque const):
2726         * css/CSSImageValue.h:
2727
2728 2018-04-26  Simon Fraser  <simon.fraser@apple.com>
2729
2730         Fix color-filter to apply to text decorations
2731         https://bugs.webkit.org/show_bug.cgi?id=185068
2732         <rdar://problem/39782136>
2733
2734         Reviewed by Alan Bujtas.
2735         
2736         Transform the colors of text shadows, and the shadows of text-decorations through
2737         the color-filter.
2738         
2739         Rather than clone the ShadowData stored on TextPainter and TextDecorationPainter
2740         (which would have awkward ownership implications) we pass the color filters through
2741         and just map the color through it before painting.
2742         
2743         Re-order the members of TextPainter a little to optimize padding.
2744         
2745         Also fix a bug where FilterOperations::transformColor() could transform an invalid
2746         color to a valid one; we never want this.
2747
2748         Tests: css3/color-filters/color-filter-text-decoration-shadow.html
2749                css3/color-filters/color-filter-text-shadow.html
2750
2751         * platform/graphics/filters/FilterOperations.cpp:
2752         (WebCore::FilterOperations::transformColor const):
2753         * rendering/InlineTextBox.cpp:
2754         (WebCore::InlineTextBox::paintMarkedTextForeground):
2755         (WebCore::InlineTextBox::paintMarkedTextDecoration):
2756         * rendering/TextDecorationPainter.cpp:
2757         (WebCore::TextDecorationPainter::paintTextDecoration):
2758         * rendering/TextDecorationPainter.h:
2759         (WebCore::TextDecorationPainter::setTextShadow):
2760         (WebCore::TextDecorationPainter::setShadowColorFilter):
2761         (WebCore::TextDecorationPainter::addTextShadow): Deleted.
2762         * rendering/TextPainter.cpp:
2763         (WebCore::ShadowApplier::ShadowApplier):
2764         (WebCore::TextPainter::paintTextWithShadows):
2765         (WebCore::TextPainter::paintTextAndEmphasisMarksIfNeeded): Simplify the logic that only paints the shadow
2766         on the first iteration.
2767         (WebCore::TextPainter::paintRange):
2768         * rendering/TextPainter.h:
2769         (WebCore::TextPainter::setShadowColorFilter):
2770         * rendering/svg/SVGInlineTextBox.cpp:
2771         (WebCore::SVGInlineTextBox::paintTextWithShadows):
2772
2773 2018-04-27  Wenson Hsieh  <wenson_hsieh@apple.com>
2774
2775         Rename minimumLayoutSize to viewLayoutSize
2776         https://bugs.webkit.org/show_bug.cgi?id=185050
2777         <rdar://problem/39624038>
2778
2779         Reviewed by Tim Horton.
2780
2781         See WebKit/ChangeLog for more information. No change in behavior.
2782
2783         * page/ViewportConfiguration.cpp:
2784         (WebCore::ViewportConfiguration::ViewportConfiguration):
2785         (WebCore::ViewportConfiguration::setViewLayoutSize):
2786
2787         Remove a FIXME comment that is addressed by this refactoring.
2788
2789         (WebCore::ViewportConfiguration::shouldOverrideDeviceWidthWithMinDeviceWidth const):
2790         (WebCore::ViewportConfiguration::initialScaleFromSize const):
2791         (WebCore::ViewportConfiguration::minimumScale const):
2792         (WebCore::ViewportConfiguration::updateMinimumLayoutSize):
2793         (WebCore::ViewportConfiguration::setMinimumLayoutSize): Deleted.
2794         * page/ViewportConfiguration.h:
2795         (WebCore::ViewportConfiguration::viewLayoutSize const):
2796         (WebCore::ViewportConfiguration::viewSize const): Deleted.
2797
2798 2018-04-27  Zalan Bujtas  <zalan@apple.com>
2799
2800         [LFC] Formatting contexts should create floating states.
2801         https://bugs.webkit.org/show_bug.cgi?id=185032
2802
2803         Reviewed by Antti Koivisto.
2804
2805         This patch implements the logic for sharing floating states across multiple formatting contexts.
2806         At this point this is mostly about inline formatting contexts. They either create a new floating state
2807         or inherit it from the parent formatting context.
2808
2809         * layout/FloatingState.cpp:
2810         (WebCore::Layout::FloatingState::FloatingState):
2811         * layout/FloatingState.h:
2812         (WebCore::Layout::FloatingState::create):
2813         * layout/FormattingContext.cpp:
2814         (WebCore::Layout::FormattingContext::FormattingContext):
2815         * layout/FormattingContext.h:
2816         (WebCore::Layout::FormattingContext::layoutContext const):
2817         * layout/FormattingState.cpp:
2818         (WebCore::Layout::FormattingState::FormattingState):
2819         * layout/FormattingState.h:
2820         (WebCore::Layout::FormattingState::floatingState const):
2821         * layout/LayoutContext.cpp:
2822         (WebCore::Layout::LayoutContext::updateLayout):
2823         (WebCore::Layout::LayoutContext::formattingStateForBox const):
2824         (WebCore::Layout::LayoutContext::establishedFormattingState):
2825         (WebCore::Layout::LayoutContext::formattingContext):
2826         (WebCore::Layout::LayoutContext::formattingState): Deleted.
2827         * layout/LayoutContext.h:
2828         * layout/blockformatting/BlockFormattingContext.cpp:
2829         (WebCore::Layout::BlockFormattingContext::BlockFormattingContext):
2830         (WebCore::Layout::BlockFormattingContext::createFormattingState const):
2831         (WebCore::Layout::BlockFormattingContext::createOrFindFloatingState const):
2832         (WebCore::Layout::BlockFormattingContext::formattingState const): Deleted.
2833         * layout/blockformatting/BlockFormattingContext.h:
2834         * layout/blockformatting/BlockFormattingState.cpp:
2835         (WebCore::Layout::BlockFormattingState::BlockFormattingState):
2836         * layout/blockformatting/BlockFormattingState.h:
2837         * layout/inlineformatting/InlineFormattingContext.cpp:
2838         (WebCore::Layout::InlineFormattingContext::InlineFormattingContext):
2839         (WebCore::Layout::InlineFormattingContext::createFormattingState const):
2840         (WebCore::Layout::InlineFormattingContext::createOrFindFloatingState const):
2841         (WebCore::Layout::InlineFormattingContext::formattingState const): Deleted.
2842         * layout/inlineformatting/InlineFormattingContext.h:
2843         * layout/inlineformatting/InlineFormattingState.cpp:
2844         (WebCore::Layout::InlineFormattingState::InlineFormattingState):
2845         * layout/inlineformatting/InlineFormattingState.h:
2846         * layout/layouttree/LayoutBox.cpp:
2847         (WebCore::Layout::Box::formattingContextRoot const):
2848         * layout/layouttree/LayoutBox.h:
2849
2850 2018-04-27  Wenson Hsieh  <wenson_hsieh@apple.com>
2851
2852         [Extra zoom mode] Add a mechanism to override default viewport behaviors in extra zoom mode
2853         https://bugs.webkit.org/show_bug.cgi?id=185050
2854         <rdar://problem/39624038>
2855
2856         Reviewed by Tim Horton.
2857
2858         Currently, in extra zoom mode, there's no way for web pages to opt out of the default viewport behaviors
2859         (namely, laying out at a larger width and shrinking to fit) when the web view is very tall and narrow. This
2860         patch adds a new experimental viewport attribute, "min-device-width", that can be used to prevent WebKit from
2861         automatically clamping the web view width to a greater value for the device width in this scenario.
2862
2863         Note that after this patch, logic that plumbs a minimumLayoutSize from WKWebView to the viewport configuration
2864         will need to be renamed to reflect that this size is no longer the minimum layout size, but rather, the view
2865         size that is used for viewport device dimensions by default. This refactoring will be done in a followup part.
2866
2867         See per-method comments below for more detail.
2868
2869         Test: fast/viewport/extrazoom/viewport-change-min-device-width.html
2870
2871         * dom/ViewportArguments.cpp:
2872         (WebCore::setViewportFeature):
2873         (WebCore::operator<<):
2874         * dom/ViewportArguments.h:
2875
2876         Removes `m_forceHorizontalShrinkToFit` (more detail below).
2877
2878         * page/ViewportConfiguration.cpp:
2879         (WebCore::computedMinDeviceWidth):
2880         (WebCore::ViewportConfiguration::ViewportConfiguration):
2881         (WebCore::ViewportConfiguration::setMinimumLayoutSize):
2882
2883         Instead of directly setting the minimum layout size, setMinimumLayoutSize now first sets the view size (i.e. the
2884         size we use for `device-width` in the viewport meta tag), and then updates the minimum layout size.
2885
2886         (WebCore::ViewportConfiguration::shouldOverrideDeviceWidthWithMinDeviceWidth const):
2887
2888         Replaces `m_forceHorizontalShrinkToFit`. Whether or not we shrink to fit is now determined by whether the
2889         min-device-width attribute is actively clamping the width of the view.
2890
2891         (WebCore::ViewportConfiguration::shouldIgnoreHorizontalScalingConstraints const):
2892         (WebCore::ViewportConfiguration::shouldIgnoreScalingConstraintsRegardlessOfContentSize const):
2893         (WebCore::ViewportConfiguration::updateMinimumLayoutSize):
2894
2895         Computes and sets the minimum layout size using the view size, taking the minimum device width into account if
2896         needed.
2897
2898         (WebCore::ViewportConfiguration::description const):
2899         (WebCore::ViewportConfiguration::setForceHorizontalShrinkToFit): Deleted.
2900         * page/ViewportConfiguration.h:
2901
2902 2018-04-27  Zalan Bujtas  <zalan@apple.com>
2903
2904         [LFC] Formatting contexts should take const Box&
2905         https://bugs.webkit.org/show_bug.cgi?id=185031
2906
2907         Reviewed by Sam Weinig.
2908
2909         The formatting root boxes are supposed to be all const. The only reason why
2910         they are not is because WeakPtr<> does not support const objects yet.
2911         Use const_cast instead (remove it when WeakPtr<> gains const support).
2912
2913         * layout/FormattingContext.cpp:
2914         (WebCore::Layout::FormattingContext::FormattingContext):
2915         * layout/FormattingContext.h:
2916         * layout/LayoutContext.cpp:
2917         (WebCore::Layout::LayoutContext::LayoutContext):
2918         (WebCore::Layout::LayoutContext::formattingContext):
2919         * layout/LayoutContext.h:
2920         * layout/blockformatting/BlockFormattingContext.cpp:
2921         (WebCore::Layout::BlockFormattingContext::BlockFormattingContext):
2922         * layout/blockformatting/BlockFormattingContext.h:
2923         * layout/inlineformatting/InlineFormattingContext.cpp:
2924         (WebCore::Layout::InlineFormattingContext::InlineFormattingContext):
2925         * layout/inlineformatting/InlineFormattingContext.h:
2926
2927 2018-04-27  Zalan Bujtas  <zalan@apple.com>
2928
2929         [LFC] Add layout tree iterators.
2930         https://bugs.webkit.org/show_bug.cgi?id=185058
2931
2932         Reviewed by Antti Koivisto.
2933
2934         They work exactly like the renderer tree iterators.
2935
2936         * WebCore.xcodeproj/project.pbxproj:
2937         * layout/layouttree/LayoutAncestorIterator.h: Added.
2938         (WebCore::Layout::LayoutAncestorIterator<T>::LayoutAncestorIterator):
2939         (WebCore::Layout::LayoutAncestorIterator<T>::operator):
2940         (WebCore::Layout::LayoutAncestorIteratorAdapter<T>::LayoutAncestorIteratorAdapter):
2941         (WebCore::Layout::LayoutAncestorIteratorAdapter<T>::begin const):
2942         (WebCore::Layout::LayoutAncestorIteratorAdapter<T>::end const):
2943         (WebCore::Layout::LayoutAncestorIteratorAdapter<T>::first const):
2944         (WebCore::Layout::ancestorsOfType):
2945         (WebCore::Layout::lineageOfType):
2946         * layout/layouttree/LayoutBox.cpp:
2947         * layout/layouttree/LayoutChildIterator.h: Added.
2948         (WebCore::Layout::LayoutChildtIterator<T>::LayoutChildtIterator):
2949         (WebCore::Layout::LayoutChildtIterator<T>::operator):
2950         (WebCore::Layout::LayoutChildtIteratorAdapter<T>::LayoutChildtIteratorAdapter):
2951         (WebCore::Layout::LayoutChildtIteratorAdapter<T>::begin const):
2952         (WebCore::Layout::LayoutChildtIteratorAdapter<T>::end const):
2953         (WebCore::Layout::LayoutChildtIteratorAdapter<T>::first const):
2954         (WebCore::Layout::LayoutChildtIteratorAdapter<T>::last const):
2955         (WebCore::Layout::childrenOfType):
2956         * layout/layouttree/LayoutIterator.h: Added.
2957         (WebCore::Layout::isLayoutBoxOfType):
2958         (WebCore::Layout::Traversal::firstChild):
2959         (WebCore::Layout::Traversal::lastChild):
2960         (WebCore::Layout::Traversal::nextSibling):
2961         (WebCore::Layout::Traversal::previousSibling):
2962         (WebCore::Layout::Traversal::findAncestorOfType):
2963         (WebCore::Layout::Traversal::nextAncestorSibling):
2964         (WebCore::Layout::Traversal::nextWithin):
2965         (WebCore::Layout::Traversal::firstWithin):
2966         (WebCore::Layout::Traversal::next):
2967         (WebCore::Layout::LayoutIterator<T>::LayoutIterator):
2968         (WebCore::Layout::LayoutIterator<T>::traverseNextSibling):
2969         (WebCore::Layout::LayoutIterator<T>::traverseNext):
2970         (WebCore::Layout::LayoutIterator<T>::traversePreviousSibling):
2971         (WebCore::Layout::LayoutIterator<T>::traverseAncestor):
2972         (WebCore::Layout::LayoutIterator<T>::operator const):
2973         (WebCore::Layout:: const):
2974         (WebCore::Layout::= const):
2975
2976 2018-04-27  Commit Queue  <commit-queue@webkit.org>
2977
2978         Unreviewed, rolling out r231089.
2979         https://bugs.webkit.org/show_bug.cgi?id=185071
2980
2981         Broke and made crash some WPE EME tests (Requested by calvaris
2982         on #webkit).
2983
2984         Reverted changeset:
2985
2986         "[EME][GStreamer] Move the decryptor from AppendPipeline to
2987         PlaybackPipeline."
2988         https://bugs.webkit.org/show_bug.cgi?id=181855
2989         https://trac.webkit.org/changeset/231089
2990
2991 2018-04-27  Yacine Bandou  <yacine.bandou_ext@softathome.com>
2992
2993         [EME][GStreamer] Move the decryptor from AppendPipeline to PlaybackPipeline.
2994         https://bugs.webkit.org/show_bug.cgi?id=181855
2995
2996         Reviewed by Xabier Rodriguez-Calvar.
2997
2998         The goal of this move is to handle the limitation of SVP (Secure Video Path) memory size.
2999
3000         When the decryptor is in the AppendPipeline and we use SVP, we buffer in MediaSource queue
3001         the decrypted GstBuffers that are in SVP memory.
3002         This behavior cause an out-of-memory error, because we are limited in SVP memory size.
3003
3004         By moving the decryptor in PlaybackPipeline, we avoid to buffer the decrypted GstBuffers
3005         which use the SVP memory and we buffer the encrypted GstBuffers that are in system memory.
3006
3007         This new architecture also allows to start the buffering before obtaining the DRM license
3008         and it makes easier to manage dynamic change of the license or Key.
3009
3010         The decryptor is auto plugged by GStreamer playbin in PlaybackPipeline.
3011
3012         SVP: Secure Video Path also named trusted or protected video path, it is a memory which is
3013         protected by a hardware access control engine, it is not accessible to other unauthorised
3014         software or hardware components.
3015
3016         Tests:
3017             media/encrypted-media/clearKey/clearKey-cenc-audio-playback-mse.html
3018             media/encrypted-media/clearKey/clearKey-cenc-video-playback-mse.html
3019
3020         * platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:
3021         (webkitMediaCommonEncryptionDecryptSinkEventHandler):
3022         * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
3023         (WebCore::dumpAppendState):
3024         (WebCore::AppendPipeline::AppendPipeline):
3025         (WebCore::AppendPipeline::handleNeedContextSyncMessage):
3026         (WebCore::AppendPipeline::handleAppsrcNeedDataReceived):
3027         (WebCore::AppendPipeline::setAppendState):
3028         (WebCore::AppendPipeline::parseDemuxerSrcPadCaps):
3029         (WebCore::AppendPipeline::appsinkNewSample):
3030         (WebCore::AppendPipeline::connectDemuxerSrcPadToAppsinkFromAnyThread):
3031         (WebCore::AppendPipeline::disconnectDemuxerSrcPadFromAppsinkFromAnyThread):
3032         (WebCore::appendPipelineElementMessageCallback): Deleted.
3033         (WebCore::AppendPipeline::handleElementMessage): Deleted.
3034         (WebCore::AppendPipeline::dispatchPendingDecryptionStructure): Deleted.
3035         (WebCore::AppendPipeline::dispatchDecryptionStructure): Deleted.
3036         * platform/graphics/gstreamer/mse/AppendPipeline.h:
3037         * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
3038         (WebCore::MediaPlayerPrivateGStreamerMSE::attemptToDecryptWithInstance):
3039         * platform/graphics/gstreamer/mse/PlaybackPipeline.cpp:
3040
3041 2018-04-27  Yacine Bandou  <yacine.bandou_ext@softathome.com>
3042
3043         [EME][GStreamer] Add a new message "decrypt-key-needed" send from the decryptor to the application.
3044         https://bugs.webkit.org/show_bug.cgi?id=181858
3045
3046         Reviewed by Xabier Rodriguez-Calvar.
3047
3048         Add a new message "decrypt-key-needed" that the decryptor can send when it doesn't have an available key.
3049         This message should be handled by the application in order to dispatch or send the key to the decryptor.
3050         This patch is a preparation for the patch 181855.
3051         With the patch 181855, the decryptor will be in the PlaybackPipeline instead of AppendPipeline, thus we can
3052         get the DRM license or key before to instantiate or load the decryptor plugin in PlaybackPipeline.
3053         When the decryptor plugin is instantiated or loaded, it should able to ask the application to resend
3054         the DRM license or key by using this new message "decrypt-key-needed".
3055
3056
3057         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
3058         (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
3059         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
3060         (WebCore::MediaPlayerPrivateGStreamerBase::dispatchCDMInstance):
3061         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
3062         * platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:
3063         (webkitMediaCommonEncryptionDecryptTransformInPlace):
3064
3065 2018-04-26  Justin Fan  <justin_fan@apple.com>
3066
3067         tex[Sub]Image2D slow when passing in a <canvas>, faster with ImageData.
3068         https://bugs.webkit.org/show_bug.cgi?id=184843
3069         <rdar://problem/34898868>
3070
3071         Reviewed by Simon Fraser.
3072
3073         On certain test pages passing 2d canvas objects to gl.texSubImage2D, we spend significant time doing an alpha unpremultiplication in FormatConverter::convert on a single thread. 
3074         For now, I am introducing use of the Accelerate framework to do canvas alpha unpremultiplication, specifically for RGBA8 > RGBA8.
3075         This improves this rendering path by a factor of ~4. The rest of FormatConverter could use similar improvements; filed https://bugs.webkit.org/show_bug.cgi?id=185064 for these. 
3076
3077         * platform/graphics/FormatConverter.cpp:
3078         (WebCore::FormatConverter::convert):
3079
3080 2018-04-26  Simon Fraser  <simon.fraser@apple.com>
3081
3082         Implement rendering support for the color-filter CSS property
3083         https://bugs.webkit.org/show_bug.cgi?id=185047
3084         rdar://problem/39664967
3085
3086         Reviewed by Tim Horton.
3087         
3088         The color-filter property transforms CSS colors just before painting. To support this,
3089         add to RenderStyle colorByApplyingColorFilter() and visitedDependentColorWithColorFilter().
3090         At most calls sites that transform colors for rendering, replace calls to
3091         visitedDependentColor() with visitedDependentColorWithColorFilter(). The few locations
3092         that don't use visitedDependentColor() (e.g. for shadows) call colorByApplyingColorFilter().
3093         
3094         Color transformation is implemented via a new virtual function on FilterOperation;
3095         BasicColorMatrixFilterOperation overrides this to use a new ColorMatrix class to
3096         do color math, and BasicComponentTransferFilterOperation to do the equivalent of component
3097         transfer operations. The math in both cases matches that for SVG filters, with the exception
3098         that color components are stored as floats through multiple filters and then mapped to
3099         normal 0-255 color components at the end.
3100
3101         Tests: css3/color-filters/color-filter-backgrounds-borders.html
3102                css3/color-filters/color-filter-box-shadow.html
3103                css3/color-filters/color-filter-brightness.html
3104                css3/color-filters/color-filter-color-property-list-item.html
3105                css3/color-filters/color-filter-color-property.html
3106                css3/color-filters/color-filter-color-text-decorations.html
3107                css3/color-filters/color-filter-column-rule.html
3108                css3/color-filters/color-filter-contrast.html
3109                css3/color-filters/color-filter-current-color.html
3110                css3/color-filters/color-filter-filter-list.html
3111                css3/color-filters/color-filter-grayscale.html
3112                css3/color-filters/color-filter-hue-rotate.html
3113                css3/color-filters/color-filter-inherits.html
3114                css3/color-filters/color-filter-invert.html
3115                css3/color-filters/color-filter-opacity.html
3116                css3/color-filters/color-filter-outline.html
3117                css3/color-filters/color-filter-saturate.html
3118                css3/color-filters/color-filter-sepia.html
3119                css3/color-filters/color-filter-text-emphasis.html
3120
3121         * html/HTMLTextFormControlElement.cpp:
3122         (WebCore::HTMLTextFormControlElement::adjustInnerTextStyle const):
3123         * page/FrameView.cpp:
3124         (WebCore::FrameView::documentBackgroundColor const):
3125         * platform/graphics/ColorUtilities.cpp:
3126         (WebCore::ColorMatrix::ColorMatrix):
3127         (WebCore::ColorMatrix::makeIdentity):
3128         (WebCore::ColorMatrix::grayscaleMatrix):
3129         (WebCore::ColorMatrix::saturationMatrix):
3130         (WebCore::ColorMatrix::hueRotateMatrix):
3131         (WebCore::ColorMatrix::sepiaMatrix):
3132         (WebCore::ColorMatrix::transformColorComponents const):
3133         * platform/graphics/ColorUtilities.h:
3134         * platform/graphics/filters/FilterOperation.cpp:
3135         (WebCore::BasicColorMatrixFilterOperation::transformColor const):
3136         (WebCore::BasicComponentTransferFilterOperation::transformColor const):
3137         * platform/graphics/filters/FilterOperation.h:
3138         (WebCore::FilterOperation::transformColor const):
3139         * platform/graphics/filters/FilterOperations.cpp:
3140         (WebCore::FilterOperations::transformColor const):
3141         * platform/graphics/filters/FilterOperations.h:
3142         * rendering/BorderEdge.cpp:
3143         (WebCore::BorderEdge::getBorderEdgeInfo):
3144         * rendering/EllipsisBox.cpp:
3145         (WebCore::EllipsisBox::paint):
3146         (WebCore::EllipsisBox::paintSelection):
3147         * rendering/InlineFlowBox.cpp:
3148         (WebCore::InlineFlowBox::paintBoxDecorations):
3149         * rendering/InlineTextBox.cpp:
3150         (WebCore::InlineTextBox::paintMarkedTextForeground):
3151         (WebCore::InlineTextBox::paintMarkedTextDecoration):
3152         (WebCore::InlineTextBox::paintCompositionUnderline const):
3153         * rendering/RenderBox.cpp:
3154         (WebCore::RenderBox::paintRootBoxFillLayers):
3155         (WebCore::RenderBox::paintBackground):
3156         (WebCore::RenderBox::getBackgroundPaintedExtent const):
3157         (WebCore::RenderBox::backgroundIsKnownToBeOpaqueInRect const):
3158         (WebCore::RenderBox::backgroundHasOpaqueTopLayer const):
3159         * rendering/RenderBoxModelObject.cpp:
3160         (WebCore::applyBoxShadowForBackground):
3161         (WebCore::RenderBoxModelObject::paintFillLayerExtended):
3162         (WebCore::RenderBoxModelObject::boxShadowShouldBeAppliedToBackground const):
3163         (WebCore::RenderBoxModelObject::paintBoxShadow):
3164         * rendering/RenderDetailsMarker.cpp:
3165         (WebCore::RenderDetailsMarker::paint):
3166         * rendering/RenderElement.cpp:
3167         (WebCore::RenderElement::selectionColor const):
3168         (WebCore::RenderElement::selectionBackgroundColor const):
3169         (WebCore::RenderElement::paintFocusRing):
3170         (WebCore::RenderElement::paintOutline):
3171         * rendering/RenderFileUploadControl.cpp:
3172         (WebCore::RenderFileUploadControl::paintObject):
3173         * rendering/RenderFrameSet.cpp:
3174         (WebCore::RenderFrameSet::paintColumnBorder):
3175         (WebCore::RenderFrameSet::paintRowBorder):
3176         * rendering/RenderImage.cpp:
3177         (WebCore::RenderImage::paintReplaced):
3178         (WebCore::RenderImage::paintAreaElementFocusRing):
3179         * rendering/RenderInline.cpp:
3180         (WebCore::RenderInline::paintOutline):
3181         * rendering/RenderLayerBacking.cpp:
3182         (WebCore::canDirectlyCompositeBackgroundBackgroundImage):
3183         (WebCore::RenderLayerBacking::rendererBackgroundColor const):
3184         * rendering/RenderLayerCompositor.cpp:
3185         (WebCore::RenderLayerCompositor::rootOrBodyStyleChanged):
3186         * rendering/RenderListBox.cpp:
3187         (WebCore::RenderListBox::paintItemForeground):
3188         (WebCore::RenderListBox::paintItemBackground):
3189         * rendering/RenderListMarker.cpp:
3190         (WebCore::RenderListMarker::paint):
3191         * rendering/RenderMenuList.cpp:
3192         (RenderMenuList::itemStyle const):
3193         (RenderMenuList::getItemBackgroundColor const):
3194         (RenderMenuList::menuStyle const):
3195         * rendering/RenderMultiColumnSet.cpp:
3196         (WebCore::RenderMultiColumnSet::paintColumnRules):
3197         * rendering/RenderSearchField.cpp:
3198         (WebCore::RenderSearchField::menuStyle const):
3199         * rendering/RenderTable.h:
3200         (WebCore::RenderTable::bgColor const):
3201         * rendering/RenderTableCell.cpp:
3202         (WebCore::RenderTableCell::computeCollapsedStartBorder const):
3203         (WebCore::RenderTableCell::computeCollapsedEndBorder const):
3204         (WebCore::RenderTableCell::computeCollapsedBeforeBorder const):
3205         (WebCore::RenderTableCell::computeCollapsedAfterBorder const):
3206         (WebCore::RenderTableCell::paintBackgroundsBehindCell):
3207         * rendering/RenderTableSection.cpp:
3208         (WebCore::RenderTableSection::paintRowGroupBorder):
3209         * rendering/RenderTheme.cpp:
3210         (WebCore::RenderTheme::paintSliderTicks):
3211         * rendering/TextDecorationPainter.cpp:
3212         (WebCore::decorationColor):
3213         * rendering/TextPaintStyle.cpp:
3214         (WebCore::computeTextPaintStyle):
3215         * rendering/mathml/MathOperator.cpp:
3216         (WebCore::MathOperator::paint):
3217         * rendering/mathml/RenderMathMLFraction.cpp:
3218         (WebCore::RenderMathMLFraction::paint):
3219         * rendering/mathml/RenderMathMLMenclose.cpp:
3220         (WebCore::RenderMathMLMenclose::paint):
3221         * rendering/mathml/RenderMathMLRoot.cpp:
3222         (WebCore::RenderMathMLRoot::paint):
3223         * rendering/mathml/RenderMathMLToken.cpp:
3224         (WebCore::RenderMathMLToken::paint):
3225         * rendering/style/RenderStyle.cpp:
3226         (WebCore::RenderStyle::visitedDependentColorWithColorFilter const):
3227         (WebCore::RenderStyle::colorByApplyingColorFilter const):
3228         * rendering/style/RenderStyle.h:
3229
3230 2018-04-26  Mark Lam  <mark.lam@apple.com>
3231
3232         Gardening: Speculative build fix for Windows.
3233         https://bugs.webkit.org/show_bug.cgi?id=184976
3234         <rdar://problem/39723901>
3235
3236         Not reviewed.
3237
3238         * cssjit/CSSPtrTag.h:
3239
3240 2018-04-26  Brent Fulgham  <bfulgham@apple.com>
3241
3242         Show punycode if URL contains Latin small letter o with dot below character
3243         https://bugs.webkit.org/show_bug.cgi?id=185051
3244         <rdar://problem/39459297>
3245
3246         Reviewed by David Kilzer.
3247
3248         Revise our "lookalike character" logic to include the small Latin o
3249         with dot below character.
3250
3251         Test: fast/url/host.html
3252
3253         * platform/mac/WebCoreNSURLExtras.mm:
3254         (WebCore::isLookalikeCharacter):
3255
3256 2018-04-26  Daniel Bates  <dabates@apple.com>
3257
3258         Fix the build following r231068
3259         (https://bugs.webkit.org/show_bug.cgi?id=185002)
3260
3261         Substitute mainResourceRequest.resourceRequest().url() for mainResourceRequest.url() as the
3262         latter does not exist.
3263
3264         * loader/DocumentLoader.cpp:
3265         (WebCore::DocumentLoader::loadMainResource):
3266
3267 2018-04-26  Daniel Bates  <dabates@apple.com>
3268
3269         DocumentLoader::loadMainResource() should WTFMove() the passed ResourceRequest
3270         https://bugs.webkit.org/show_bug.cgi?id=185002
3271
3272         Reviewed by Youenn Fablet and Alex Christensen.
3273
3274         In r224852 we extracted logic from DocumentLoader::startLoadingMainResource() into a new
3275         function DocumentLoader::loadMainResource() that could be shared by both DocumentLoader::startLoadingMainResource()
3276         and the service worker code. As part of this extraction, DocumentLoader::loadMainResource()
3277         takes a ResourceRequest by rvalue reference, but it never actually takes ownership of this
3278         ResourceRequest and subsequently makes a copy of it when instantiating a CachedResourceRequest.
3279         Instead we should WTFMove() the passed request into the CachedResourceRequest.
3280
3281         * loader/DocumentLoader.cpp:
3282         (WebCore::DocumentLoader::loadMainResource):
3283
3284 2018-04-26  Sihui Liu  <sihui_liu@apple.com>
3285
3286         -[WKHTTPCookieStore deleteCookie:completionHandler:] doesn't delete cookies
3287         https://bugs.webkit.org/show_bug.cgi?id=184938
3288         <rdar://problem/34737395>
3289
3290         Reviewed by Geoffrey Garen.
3291
3292         When a Cookie object was converted to NSHTTPCookie object, the HTTPOnly property information
3293         was lost so the delete function cannot find the proper cookie to delete.
3294         This patch implements a workaround that compares Cookie object instead of NSHTTPCookie 
3295         object. We might want to add the ability to set HTTPOnly header during conversion if there
3296         is an easy way to do it later.
3297         
3298         New API test: WebKit.WKHTTPCookieStoreHttpOnly
3299
3300         * platform/network/cocoa/CookieCocoa.mm:
3301         (WebCore::Cookie::operator== const):
3302         * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
3303         (WebCore::NetworkStorageSession::deleteCookie):
3304
3305 2018-04-26  Commit Queue  <commit-queue@webkit.org>
3306
3307         Unreviewed, rolling out r231052.
3308         https://bugs.webkit.org/show_bug.cgi?id=185044
3309
3310         Broke test http/tests/security/credentials-main-resource.html
3311         (Requested by dydz on #webkit).
3312
3313         Reverted changeset:
3314
3315         "DocumentLoader::loadMainResource() should WTFMove() the
3316         passed ResourceRequest"
3317         https://bugs.webkit.org/show_bug.cgi?id=185002
3318         https://trac.webkit.org/changeset/231052
3319
3320 2018-04-26  Jer Noble  <jer.noble@apple.com>
3321
3322         WK_COCOA_TOUCH all the things.
3323         https://bugs.webkit.org/show_bug.cgi?id=185006
3324
3325         Reviewed by Tim Horton.
3326
3327         * Configurations/WebCore.xcconfig:
3328
3329 2018-04-26  David Kilzer  <ddkilzer@apple.com>
3330
3331         Make WAKScrollView delegate a weak property
3332         <https://webkit.org/b/184799>
3333         <rdar://problem/39469669>
3334
3335         Reviewed by Simon Fraser.
3336
3337         * platform/ios/wak/WAKScrollView.h:
3338         - Remove `delegate` instance variable declaration.
3339         - Declare `delegate` property as weak.
3340         (-[WAKScrollView setDelegate:]): Delete declaration.
3341         (-[WAKScrollView delegate]): Ditto.
3342         * platform/ios/wak/WAKScrollView.mm:
3343         - Synthesize getter/setter methods for `delegate` property.
3344         (-[WAKScrollView setDelegate:]): Delete implementation.
3345         (-[WAKScrollView delegate]): Ditto.
3346
3347 2018-04-26  Youenn Fablet  <youenn@apple.com>
3348
3349         CORS preflight checker should add a console message when preflight load is blocked
3350         https://bugs.webkit.org/show_bug.cgi?id=185021
3351
3352         Reviewed by Chris Dumez.
3353
3354         No change of behavior, adding a JS console message when preflight load is blocked.
3355         This mirrors what is being done in preflighting done from NetworkProcess.
3356         Covered by existing tests.
3357
3358         * loader/CrossOriginPreflightChecker.cpp:
3359         (WebCore::CrossOriginPreflightChecker::notifyFinished):
3360         (WebCore::CrossOriginPreflightChecker::doPreflight):
3361
3362 2018-04-26  Daniel Bates  <dabates@apple.com>
3363
3364         DocumentLoader::loadMainResource() should WTFMove() the passed ResourceRequest
3365         https://bugs.webkit.org/show_bug.cgi?id=185002
3366
3367         Reviewed by Youenn Fablet and Alex Christensen.
3368
3369         In r224852 we extracted logic from DocumentLoader::startLoadingMainResource() into a new
3370         function DocumentLoader::loadMainResource() that could be shared by both DocumentLoader::startLoadingMainResource()
3371         and the service worker code. As part of this extraction, DocumentLoader::loadMainResource()
3372         takes a ResourceRequest by rvalue reference, but it never actually takes ownership of this
3373         ResourceRequest and subsequently makes a copy of it when instantiating a CachedResourceRequest.
3374         Instead we should WTFMove() the passed request into the CachedResourceRequest.
3375
3376         * loader/DocumentLoader.cpp:
3377         (WebCore::DocumentLoader::loadMainResource):
3378
3379 2018-04-26  Per Arne Vollan  <pvollan@apple.com>
3380
3381         Disable content filtering in minimal simulator mode
3382         https://bugs.webkit.org/show_bug.cgi?id=185027
3383         <rdar://problem/39736091>
3384
3385         Reviewed by Jer Noble.
3386
3387         * Configurations/FeatureDefines.xcconfig:
3388
3389 2018-04-25  Brent Fulgham  <bfulgham@apple.com>
3390
3391         Add port 548 (afpovertcp) to port blacklist
3392         https://bugs.webkit.org/show_bug.cgi?id=185000
3393         <rdar://problem/39540481>
3394
3395         Reviewed by David Kilzer.
3396
3397         Tested by security/block-test.html.
3398
3399         * platform/URL.cpp:
3400         (WebCore::portAllowed):Also block port 548.
3401
3402 2018-04-26  Andy VanWagoner  <thetalecrafter@gmail.com>
3403
3404         [INTL] Implement Intl.PluralRules
3405         https://bugs.webkit.org/show_bug.cgi?id=184312
3406
3407         Reviewed by JF Bastien.
3408
3409         Added Intl.PluralRules feature flag.
3410
3411         Test: js/intl-pluralrules.html
3412
3413         * Configurations/FeatureDefines.xcconfig:
3414
3415 2018-04-15  Darin Adler  <darin@apple.com>
3416
3417         [Cocoa] Adopt CCRSAGetCRTComponents and stop using CCBigNum
3418         https://bugs.webkit.org/show_bug.cgi?id=184637
3419
3420         Reviewed by Alexey Proskuryakov.
3421
3422         * crypto/CommonCryptoUtilities.cpp: Compile out WebCore::CCBigNum class if
3423         HAVE(CCRSAGetCRTComponents) is true.
3424
3425         * crypto/CommonCryptoUtilities.h: Define HAVE(CCRSAGetCRTComponents) on new
3426         enough versions of iOS and macOS that have it and add declarations of the
3427         function for the non-Apple-internal-SDK case. Also don't define the
3428         WebCore::CCBigNum class if HAVE(CCRSAGetCRTComponents) is true.
3429
3430         * crypto/mac/CryptoKeyRSAMac.cpp:
3431         (WebCore::getPrivateKeyComponents): Use CCRSAGetCRTComponents if present.
3432
3433 2018-04-26  Per Arne Vollan  <pvollan@apple.com>
3434
3435         Add lazy initialization of caption display mode for videos.
3436         https://bugs.webkit.org/show_bug.cgi?id=184993
3437
3438         The call to MACaptionAppearanceGetDisplayType in CaptionUserPreferencesMediaAF::captionDisplayMode()
3439         is showing up in samples when called from HTMLMediaElement::finishInitialization().
3440
3441         Reviewed by Eric Carlson.
3442
3443         No new tests, covered by existing tests.
3444
3445         * html/HTMLMediaElement.cpp: