WebCore:

[WebKit-https.git] / WebCore / ChangeLog

2007-08-23  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Darin.
        
        <rdar://problem/5432254> GoogleDocs: A hang occurs when applying list style to selected table
        
        * editing/DeleteSelectionCommand.cpp:
        (WebCore::DeleteSelectionCommand::handleGeneralDelete): If the position
        that marked the start of the range to delete has been removed from the
        document, and it was inside the node that holds the position that marks
        the end of the range to delete, don't remove any children of that node,
        because we don't know how many to remove.  For example, if the end is
        [a, 5] and the start was in some descendant of a and was removed, don't
        remove any of the children of a.  We will now refuse to remove some content
        incorrectly, but that's less dangerous than removing content incorrectly.
        Long term we need to update these positions as we remove content from the 
        document, but that seems like a more risky change.  Added a testcase.
        * editing/InsertListCommand.cpp:
        (WebCore::InsertListCommand::modifyRange): If the end of the selection to 
        modify is just after a table, and if the start of the selection is inside 
        that table, the last paragraph that we'll want modify is the last one inside 
        the table, not the paragraph that contains the table itself. Adjust 
        startOfLastParagraph here to avoid infinite recursion.

2007-08-24  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        <rdar://problem/5430165>
        REGRESSION: Dynamically loaded images fail to load

        * html/HTMLImageLoader.cpp:
        (WebCore::HTMLImageLoader::HTMLImageLoader):
        Initialize the m_elementIsProtected member.

        (WebCore::HTMLImageLoader::~HTMLImageLoader):
        Assert that the element is not protected.
        
        (WebCore::HTMLImageLoader::setLoadingImage):
        If the image is not null, protect the element. Otherwise, unprotect it.
        
        (WebCore::HTMLImageLoader::dispatchLoadEvent):
        Unprotect the element here.

        (WebCore::HTMLImageLoader::protectElement):
        (WebCore::HTMLImageLoader::unprotectElement):
        New methods which protect and unprotect the element.
        
        * html/HTMLImageLoader.h:

2007-08-24  Kevin McCullough  <kmccullough@apple.com>

        - Updated ChangeLog

2007-08-24  Beth Dakin  <bdakin@apple.com>

        Reviewed by Hyatt and Adele.

        Fix for <rdar://problem/5417203> Google Gmail 1.0 widget - unread 
        count is missing

        * rendering/FixedTableLayout.cpp:
        (WebCore::FixedTableLayout::calcWidthArray): Calc pref widths for 
        our cells, if needed.

2007-08-24  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Darin.

        <rdar://problem/5437038> 1 credential object leaked for each call to credentialWithUser:password:persistence
        - Use initWithUser instead of credentialWithUser because credentialWithUser leaks.

        * platform/network/mac/AuthenticationMac.mm:
        (WebCore::mac):
        * platform/network/mac/ResourceHandleMac.mm:
        (-[WebCoreResourceHandleAsDelegate connection:didReceiveAuthenticationChallenge:]):
        (-[WebCoreSynchronousLoader connection:didReceiveAuthenticationChallenge:]):

2007-08-24  Jon Honeycutt  <jhoneycutt@apple.com>

        Reviewed by Darin.

        <rdar://problem/5433236> Print preview of empty txt file crashes Safari
        Fix: Adjust computePageRectsForFrame to always return at least one 
        page rect, even if document height is zero.

        * WebCore.vcproj/WebCore.vcproj:
        * bridge/win/FrameWin.h: Added Vector& parameter to 
        computePagesRectsForFrame; changed its return type to void.
        * bridge/win/FrameWin.cpp:
        (WebCore::computePageRectsForFrame): Reordered the loop that inserts
        rects into the vector.

2007-08-24  Antti Koivisto  <antti@apple.com>

        Reviewed by Oliver

        Fix <rdar://problem/5393758>
        Crash in WebCore::FontData::platformInit
        
        Null check glyph page. 
        
        If font has somehow failed to initialize it is possible to have null glyph page. Based on
        crash dumps this seems to occasionally happen when running Mail under guard malloc. 
        
        No test case, I don't know how to get to this state.

        * platform/FontData.cpp:
        (WebCore::FontData::FontData):
        * platform/mac/FontDataMac.mm:
        (WebCore::FontData::platformInit):

2007-08-24  George Wright  <george.wright@collabora.co.uk>

        Reviewed by Oliver.

        http://bugs.webkit.org/show_bug.cgi?id=15071
        [cairo] SVG skews are incorrect

        Fix Cairo implementation of AffineTransform::shear so that shearing is
        done in the correct direction.

        * platform/graphics/cairo/AffineTransformCairo.cpp:
        (WebCore::AffineTransform::shear):

2007-08-23  Anders Carlsson  <andersca@apple.com>

        Reviewed by Steve.

        If necessary, re-set the window proc after each call to NPP_SetWindow. This is to ensure that
        our window proc is always run even if a plug-in subclasses the window and replaces the window proc.
        
        Also, make sure that the default window proc is of type ASCII so we can eliminate the 
        * plugins/win/PluginViewWin.cpp:
        (WebCore::registerPluginView):
        (WebCore::PluginViewWndProc):
        (WebCore::PluginViewWin::setNPWindowRect):
        (WebCore::PluginViewWin::stop):
        (WebCore::PluginViewWin::determineQuirks):
        (WebCore::PluginViewWin::PluginViewWin):
        (WebCore::PluginViewWin::init):
        * plugins/win/PluginViewWin.h:
        (WebCore::):
        (WebCore::PluginViewWin::pluginWndProc):

2007-08-23  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Adele.

        <rdar://problem/5156801> REGRESSION: Crash at DeleteSelectionCommand::doApply() when deleting table content

        * editing/DeleteSelectionCommand.cpp:
        (WebCore::DeleteSelectionCommand::handleGeneralDelete): Use a RefPtr
        for node.  If the node to be removed contains the selection, and if
        the next node to be removed (nextNode) is inside the deletion UI,
        removing node will remove nextNode from the document.  nextNode is
        a RefPtr, but node isn't and when nextNode falls out of scope the node
        that node points to will be destroyed and we'll end up using a stale pointer.
        Long term we should probably just disable the deletion UI before editing 
        operations because the undo of the removal of node in the situation 
        described above relies on the presence of the deletion UI, but it isn't 
        present because its added and removed in a non-undoable way.

2007-08-23  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14899
          !d->m_view->needsLayout() in Frame::paint() (Causes assert)

        WebKit copies the width and height attributes of an <embed> to its
        nearest <object> ancestor. This used to be done in updateWidget(), but
        that could lead to the document being dirty right after layout and
        before painting. The patch moves the copying of the attributes to when
        the <embed> is inserted into the document or its attributes change.

        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::insertedIntoDocument):
        (WebCore::HTMLEmbedElement::attributeChanged):
        * html/HTMLEmbedElement.h:
        * manual-tests/bugzilla-14899.html: Added.
        * rendering/RenderPartObject.cpp:
        (WebCore::RenderPartObject::updateWidget):

2007-08-22  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin and Oliver.

        <rdar://problem/5422410>
        http://bugs.webkit.org/show_bug.cgi?id=15019
        REGRESSION (r25124-r25140): New posts and hot topics won't show at mobile01.com

        Remove the call to checkCallImplicitClose(). Calling it in loadPlugin is bad for two reasons:
        
        1. It could cause onload to be dispatched even when the page has subresources that are still
        loading, such as images.
        
        2. Now that loadPlugin is called during layout, it could cause onload to be dispatched during
        layout, which can execute javascript and do pretty much anything while the render tree is in an
        inconsistent state.
        
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadPlugin):

2007-08-22  Anders Carlsson  <andersca@apple.com>

        Reviewed by Adam.

        <rdar://problem/5430584>
        http://bugs.webkit.org/show_bug.cgi?id=15053        
        WebKit does not check Windows Registry HKEY_CURRENT_USER for NPAPI plugin locations
        
        * plugins/win/PluginDatabaseWin.cpp:
        (WebCore::addPluginsFromRegistry):
        (WebCore::PluginDatabaseWin::getPluginsInPaths):

2007-08-22  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Adam.
        
        <rdar://problem/5418891> CrashTracer: [USER] 1 crash in Mail at -[WebViewEditor webView:shouldInsertText:replacingDOMRange:givenAction:]

        * editing/BreakBlockquoteCommand.cpp:
        (WebCore::BreakBlockquoteCommand::doApply): We're reusing the topBlockquote
        variable.  Null it out first.  If there is no new topBlockquote and we don't null
        it out first, we'll assume that there was a new one and crash.

2007-08-22  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Adele.

        - rdar:5423067 Reapplyingthe change but only when the text area is in focus.

        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::setValue):

2007-08-21  David Hyatt  <hyatt@apple.com>

        Fix for <rdar://problem/5249757> Painting of JPGs in WebKit is too slow.

        Use a new Leopard API for fast tiling of images.  We only use this API
        when the whole image is being tiled and when the current CGImageRef to tile
        has a size that matches the size of the whole image.

        We can optimize border-image in the future by adding a cache of the 9
        sub-images.

        Reviewed by darin

        * platform/graphics/cg/ImageCG.cpp:
        (WebCore::Image::drawPattern):

2007-08-22  Kevin McCullough  <kmccullough@apple.com>

        - Rolling back since I need to update some layouttests this change breaks.

        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::setValue):

2007-08-21  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Geof, Adam, Hyatt, Maciej and Oliver.

        - In order to match the behavior of the other major browsers, selection is moved to the end of the text value when a change occurs to the contents of a text area instead of remembering the location of the selection.
        - <rdar://problem/5423067> gmail is super annoying when trying to add a new name to the TO, CC or BCC fields

        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::setValue):

2007-08-21  Adam Roben  <aroben@apple.com>

        Build fix for Mac

        Keep FrameView::layoutIfNeededRecursive Windows- and Gtk-only for now
        (sadly). This will have to wait until we merge ScrollView and FrameView.

        Reviewed by NOBODY.

        * page/FrameView.cpp:
        * page/FrameView.h:

2007-08-21  Adam Roben  <aroben@apple.com>

        Fix an ASSERT when using Find in Page

        Reviewed by Darin.

        No test possible.

        * bridge/win/FrameWin.cpp:
        (WebCore::imageFromSelection): Make sure to update layout before
        painting so we don't hit an ASSERT in painting code (Frame::selectionImage
        in FrameMac.mm does this as well).

2007-08-21  Adam Roben  <aroben@apple.com>

        Made FrameView::layoutIfNeededRecursive available to all platforms

        Currently it's only used on Gtk+ and Windows.

        Reviewed by Darin.

        * page/FrameView.cpp: Removed #ifdef.
        * page/FrameView.h: Ditto.

2007-08-21  Adele Peterson  <adele@apple.com>

        Build fix for release build.

        * rendering/AutoTableLayout.cpp:
        (WebCore::AutoTableLayout::calcEffectiveWidth):
        (WebCore::AutoTableLayout::layout):

2007-08-21  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=15010
          <rdar://problem/5423956> REGRESSION (r25000-r25065): Table rendering broken by a recent nightly

        Test: fast/table/max-width-integer-overflow.html

        Avoid integer overflows when dealing with maximum widths by
        1) using floating point arithmetic when summing or multiplying column max widths
        2) capping max widths at INT_MAX / 2

        * rendering/AutoTableLayout.cpp:
        (WebCore::AutoTableLayout::calcPrefWidths):
        (WebCore::AutoTableLayout::calcEffectiveWidth):
        (WebCore::AutoTableLayout::layout):

2007-08-20  John Sullivan  <sullivan@apple.com>

        Reviewed by Adam Roben

        WebCore part of fix for: 
        <rdar://problem/5417777> WebKit focus ring color no longer matches system focus rings
        
        Adele wrote the first version of this patch. No test cases added because I made sure the 
        layout tests are unaffected. Two additional bug fixes were made in passing, but neither 
        of them had any effect on any known real-world case, and both were too difficult to write 
        test cases for to be worthwhile.

        * WebCore.exp:
        added symbols for these new functions so WebKit can call them
        
        * WebCore.xcodeproj/project.pbxproj:
        updated for new file
        
        * platform/graphics/mac/ColorMac.h: Added.
        New file to hold the increasing amount of Mac-specific color stuff.
        
        * platform/graphics/Color.h:
        removed #if PLATFORM(MAC) code, which is now in ColorMac.h
        
        * platform/graphics/mac/ColorMac.mm:
        (WebCore::makeRGBAFromNSColor):
        new static function to convert an NSColor object to an RGBA32 struct
        (WebCore::colorFromNSColor):
        new public function to convert an NSColor object to a WebCore-style Color object
        (WebCore::focusRingColor):
        Uses (cached) systemFocusRingColor instead of hardwired values, unless usesTestModeFocusRingColor is true,
        in which case it uses the old hardwired color
        (WebCore::usesTestModeFocusRingColor):
        returns value of global var
        (WebCore::setUsesTestModeFocusRingColor):
        sets value of global var
        (+[WebCoreControlTintObserver controlTintDidChange]):
        Uses [NSColor keyboardFocusIndicatorColor] to set systemFocusRingColor; don't compile if COLORMATCH_EVERYTHING
        is set since we don't know what it would take to satisfy this state.

        * bindings/objc/DOMRGBColor.mm:
        now includes ColorMac.h to account for moved declarations
        * bridge/mac/WebCoreAXObject.mm:
        ditto
        
        * page/mac/FrameMac.mm:
        (WebCore::convertAttributesToUnderlines):
        now uses new colorFromNSColor. The old code was swapping G & B, but it didn't matter in practice because
        this function is only used to convert the color of an input manager's marked text underline, which is always black
        
        * page/mac/WebCoreFrameBridge.mm:
        (-[WebCoreFrameBridge setBaseBackgroundColor:]):
        now uses new colorFromNSColor. The old code was swapping G & B, but it didn't matter in practice because
        this function is only called with a grayscale color perhaps containing an alpha value
                
        * rendering/RenderView.cpp:
        (WebCore::RenderView::paintBoxDecorations):
        just updated a comment

2007-08-20  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Dave Hyatt.

        - fix http://bugs.webkit.org/show_bug.cgi?id=15023
          REGRESSION (r21113-r21143): JavaScript tooltip rendering bug

        Test: fast/repaint/layer-visibility.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::setHasVisibleContent): Cache the layer's
        rects when it changes to visible.

2007-08-20  Kevin Decker <kdecker@apple.com>

        Reviewed by Anders.

        Fixed: <rdar://problem/5325262> REGRESSION (Tiger-Leopard): PictureTalk plug-in doesn't work

        The problem was that this particular plug-in handles "text/ptf", but WebCore wasn't giving the plug-in a chance to load
        any type with "text/"

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::createDocument): Allow plug-ins to once again use "text/" MIME types, but only if the MIME
        type is not "text/plain". Disallowing plug-ins to use text/plain prevents plug-ins from hijacking a fundamental type 
        that the browser is expected to handle, and also serves as an optimization to prevent loading the plug-in database in 
        the common case.

2007-08-20  Adam Roben  <aroben@apple.com>

        Remove workarounds for <rdar://problem/5386894> now that it's been fixed

        Reviewed by Darin.

        Tests: fast/loader/local-svg-parsed-as-svg.svg
               fast/loader/local-xhtml-parsed-as-xhtml.xhtml

        * platform/network/cf/ResourceResponseCFNet.cpp:
        (WebCore::ResourceResponse::doUpdateResourceResponse): Removed hackish
        workaround.

2007-08-20  Anders Carlsson  <andersca@apple.com>

        Reviewed by Adam.

        <rdar://problem/5412988>
        Crash when visiting http://www.rockonflash.com/blog/?p=58
        
        * plugins/win/PluginViewWin.cpp:
        (WebCore::PluginViewWin::updateWindow):
        Just return if the plugin view hasn't been inserted in the hierarchy yet.

2007-08-20  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Zack.

        Do not define svg as ImageMIMEType if we can use ksvg2.

        * platform/MIMETypeRegistry.cpp:
        (WebCore::initialiseSupportedImageMIMETypes):

2007-08-19  Adam Roben  <aroben@apple.com>

        Gtk+ build fix.

        * platform/gdk/TemporaryLinkStubs.cpp: Removed const.

2007-08-19  Adam Roben  <aroben@apple.com>

        Fix <rdar://5395835> REGRESSION (r24527): Context menu for edit fields is missing "Font & Writing Direction"

        The problem was that ContextMenuItem::setSubMenu was just copying the
        HMENU from the ContextMenu passed in on Windows, but that HMENU was
        later getting destroyed when the ContextMenu went out of scope.

        I added a new ContextMenu::releasePlatformDescription method that is
        used in setSubMenu instead. I think an ultimately better design would
        be for setSubMenu to take ownership of the ContextMenu that's passed in
        (as should insertItem and appendItem), but I decided to be conservative
        and just make the changes needed to fix the bug.

        Reviewed by Darin.

        No test possible.

        * platform/ContextMenu.h: Added releasePlatformDescription.
        * platform/gdk/TemporaryLinkStubs.cpp: Added stub implementation.
        * platform/mac/ContextMenuMac.mm:
        (WebCore::ContextMenu::releasePlatformDescription): Implemented, though
        it's never called on this platform.
        * platform/qt/ContextMenuQt.cpp:
        (WebCore::ContextMenu::releasePlatformDescription): Ditto.
        * platform/win/ContextMenuItemWin.cpp:
        (WebCore::ContextMenuItem::setSubMenu): Call releasePlatformDescription
        since we need to take ownership of the HMENU.
        * platform/win/ContextMenuWin.cpp:
        (WebCore::ContextMenu::releasePlatformDescription): Implemented.

2007-08-18  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.

        - fixed <rdar://problem/5198272> REGRESSION: PLT 1.5% slower due to r21367 (change to start frames with empty documents)
        
        There were three main cuases of extra time due to creating the initial empty document:
        
        1) Creating an extra WebHTMLView and swapping it for a new one for each frame created.
        2) Parsing the minimal markup for the initial document's contents.
        3) Clearing the Window object an extra time and dispatching the corresponding delegate method.
        
        The WebCore part of the fixes addresses 2 and 3.
        
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::init): Don't parse "<html><body>" for the initial
        empty document; it turns out not to be needed.
        (WebCore::FrameLoader::dispatchWindowObjectAvailable): Don't 
        dispatch the delegate if we haven't created a ScriptInterpreter yet.
        * bindings/js/kjs_proxy.cpp:
        (WebCore::KJSProxy::initScriptIfNeeded): Dispatch the window object
        delegate when we first create the interpreter, since that is now done
        lazily.
        * loader/FrameLoader.h:
        (WebCore::FrameLoader::committingFirstRealLoad): Helper for WebKit
        to know when to reuse a WebHTMLView.

2007-08-19  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Adam Roben.

        - fix http://bugs.webkit.org/show_bug.cgi?id=15008
          ASSERTION FAILED: !firstLineBox() == !lastLineBox() setting content on image

        Test: fast/images/text-content-crash-2.html

        * html/HTMLImageLoader.cpp:
        (WebCore::HTMLImageLoader::setImage): Added a check that the renderer is an
        image.
        (WebCore::HTMLImageLoader::updateFromElement): Ditto.
        (WebCore::HTMLImageLoader::notifyFinished): Ditto.

2007-08-17  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.

        - WebCore part of fix to scrollbar suppression hack for Leopard

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::transitionToCommitted): Suppress scrollbars earlier, so it happens
        before any potential view swap.

2007-08-17  Antti Koivisto  <antti@apple.com>

        Reviewed by Hyatt.
        
        Fix <rdar://problem/5403773>
        CrashTracer: [USER] 88 crashes in Safari at com.apple.WebCore: WebCore::RenderTableSection::paint + 846

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::removePositionedObjects):
        
        Fix crash in http://www.infobae.com/interior/home.html
        Positioned objects removed from m_positionedObjects would in some cases not get added back to any 
        positioned objects list. Adding objects happens in block layout but since layout was not invalidated 
        correctly in removePositionedObjects() it would not get invoked. As a result some positioned objects 
        would stay in layout dirty state leading to crashes and other bad things.
        
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::paint):
        
        Add needLayout() guard to eliminate this class of crashes from release builds. 
        Assert commented out for now since one existing layout test can't handle it.

2007-08-17  Kevin Decker <kdecker@apple.com>

        Code change by Darin, landed and reviewed by me.

        Fixed: <rdar://problem/5252836> Adobe Help Viewer: Japanese characters in the Help Tree structure are shown as garbage
        Added fast/encoding/namespace-tolerance.html test.

        * loader/TextResourceDecoder.cpp:
        (WebCore::TextResourceDecoder::checkForHeadCharset): Slightly loosen the charset decoder heuristic by tweaking it
        to ignore namespaces. This restores compatibility to documents which (1) use namespace prefixes on HTML elements
        (2) specify a non-latin charset and (3) contain non-latin characters.
        
        Added fast/encoding/namespace-tolerance.html test.
        
2007-08-17  Anders Carlsson  <andersca@apple.com>

        Reviewed by Dave Hyatt.
        
        <rdar://problem/5379040>
        REGRESSION (Tiger-Leopard): ADOBE: Safari calls NPP_SetWindow with bad values sometimes

        Instantiate plug-ins during the first layout instead of doing so when creating the renderer.
        This ensures that the plug-in widget will have a correct initial size.
        
        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::getInstance):
        Force a layout if the plug-in doesn't have an instance.
        
        (WebCore::HTMLEmbedElement::attach):
        Pass true to updateWidget, causing it to only create a widget if it won't be a plug-in.
        
        * html/HTMLIFrameElement.cpp:        
        (WebCore::HTMLIFrameElement::attach):
        Pass false to updateWidget, this will only create subframes anyway.
        
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::getInstance):
        Force a layout if the plug-in doesn't have an instance.
        
        (WebCore::HTMLObjectElement::attach):
        Pass true to updateWidget, causing it to only create a widget if it won't be a plug-in.
        
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadPlugin):
        Get the size from the renderer and pass it to the client.
        
        * loader/FrameLoaderClient.h:
        * page/mac/WebCoreFrameBridge.h:
        * platform/graphics/svg/SVGImageEmptyClients.h:
        (WebCore::SVGEmptyFrameLoaderClient::createPlugin):
        Update declarations.
        
        * rendering/RenderPart.cpp:
        (WebCore::RenderPart::setWidget):
        No need to mark the renderer as dirty here.
        
        * rendering/RenderPartObject.h:
        * rendering/RenderPartObject.cpp:
        (WebCore::RenderPartObject::updateWidget):
        Add a parameter, onlyCreateNonPlugins. If this is true the widget 
        will only be created if it's not a plug-in.
        
        (WebCore::RenderPartObject::layout):
        Call updateWidget here if m_widget is 0, causing the plug-in to be instantiated.
        
2007-08-17  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        http://bugs.webkit.org/show_bug.cgi?id=14189
        <rdar://problem/5319511> REPRODUCIBLE CRASH: Canvas createPattern(canvas, ...) crashes on Windows (14189)

        Ensure that we actually retain the CG pattern correctly.

        Credit to Henry Mason <hmason@mac.com> for finding the cause of this.

        * html/CanvasPattern.cpp:
        (WebCore::CanvasPattern::~CanvasPattern):
        (WebCore::CanvasPattern::createPattern):
        * html/CanvasPattern.h:
        (WebCore::CanvasPattern::platformImage):

2007-08-16  Geoffrey Garen  <ggaren@apple.com>

        Build fix. (Maybe?)
        
        * loader/Cache.cpp:
        (WebCore::Cache::pruneLiveResources):
        (WebCore::Cache::pruneDeadResources):

2007-08-16  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Harrison.

        <rdar://problem/5378473> 
        REGRESSION: Undoing a deletion that is part of an open typing command fails to reinsert the caret
        
        We recently made Undo of a series of deletes select all of the 
        characters that were deleted, not just the most recently deleted
        character.  But the code that did this set a new starting selection 
        after every delete, even those that were part of an open typing 
        command that started with character insertions or forward deletes, 
        operations that when undone, remove the starting selection being 
        set from the document.
        
        After this change we only set a new starting selection if the open typing
        command was opened by a backward delete. The new behavior matches TextEdit.  
        We don't do something similar or forward deletes because TextEdit opens 
        and closes a new typing command on forward delete (added a FIXME about this).

        * editing/TypingCommand.cpp:
        (WebCore::TypingCommand::TypingCommand): Initialize 
        m_openedByBackwardDelete.
        (WebCore::TypingCommand::forwardDeleteKeyPressed): Added a FIXME about
        how in TextEdit, forward deletes open and close a new typing command.
        (WebCore::TypingCommand::doApply): Set m_openedByBackwardDelete
        appropriately.
        (WebCore::TypingCommand::deleteKeyPressed): Only set the starting
        selection if this delete is the first one in an open typing command
        or one in a series of deletes that opened the typing command.
        * editing/TypingCommand.h: Added m_openedByBackwardDelete.

2007-08-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Dave Hyatt.
        
        Tweaked the cache eviction model to better balance between live and 
        dead resources.
        
        For the sake of avoiding evictions during the PLT, the old model 
        required the sum of dead and live resources to grow to twice the cache 
        capacity before evicting, and would then evict dead or live down to 0 
        if necessary. This was a too-high high water mark, which would nullify 
        much of the value of eviction, and a too-low low water mark, which 
        would nullify much of the value of the LRU-SP strategy.
        
        This patch changes the model in 3 ways.
        
        1. The new model for dead resources is a flexible window with a fixed 
        minimum and maximum. The dead resource window is big when live resource 
        pressure is small, and vice versa. This has the immediate advantage of
        cutting the high water mark by up to 50%. It also enables the following
        tunable optimizations in future patches:
            a. A dead resource limit of 0 for clients who want that. (Just set
            the fixed maximum to 0.)
            b. A much higher low water mark. (Just set the fixed minimum to, 
            say, 25% of the cache's capacity.)
            c. A much lower high water mark for users who browse simple pages
            in one tab. (Just set the fixed maximum to, say, 50% of the cache's
            capacity.)
        
        I plan to make the changes that actually take advantage of these 
        tunable optimizations in another check-in.

        The new model won't hurt the PLT because it will notice the PLT's low
        live resource size, and up the dead resource capacity in response. For
        the same reason, the new model should establish a good balance in 
        real-world use.
        
        2. Live resource eviction is now based on size(), not encodedSize().
        So, a page with lots of large, encoded images will start evicting 
        resources, if necessary, even before all the images paint. This allows 
        you to more accurately stipulate an exact high water mark.
        
        3. When pruning, prune to a small percentage below capacity, to avoid
        just having to prune again immediately.

        Layout tests pass. PLT shows no regression.

        * history/PageCache.cpp:
        (WebCore::PageCache::releaseAutoreleasedPagesNow): Updated for rename.

        * loader/Cache.cpp: Implemented the algorithm explained above.
        * loader/Cache.h: Removed explicit tracking of decoded data size, since
        it was unused.

        * loader/CachedResource.cpp: ditto on tracking of decoded data size

2007-08-16  Darin Adler  <darin@apple.com>

        Reviewed by Tim Hatcher.

        - fix <rdar://problem/5415029> In Mail, a crash occurs at WebCore::Node::isDescendantOf()
          when attempting to delete a selection in a table

        The bug was caused by createMarkup trying to operate on a range that
        has an endpoint in the delete button DOM, because it removes that DOM
        during its operation! Still working on a regression test -- it's hard
        to make the kind of bad selection that's needed with the DOM, so I might
        have to use the eventSender.

        * editing/DeleteButtonController.h: Made some of the identifiers private.
        We can make them public if we need to use them. Added a getter function
        for the container element so we can figure out if a given node is inside
        the DOM added for the delete button.

        * editing/markup.cpp:
        (WebCore::moveEndpointsBeforeNode): Added. General purpose helper function
        that moves endpoints of a range to before a given node -- we do this before
        removing the delete button, so the endpoint is where the delete button was,
        rather than having an endpoint that's not in the document.
        (WebCore::createMarkup): Always return empty string, not null string.
        Get the document by calling ownerDocument on the range rather than getting
        the document of the commonAncestorContainer. That's because we need to
        get at the delete button before calling commonAncestorContainer. Call
        moveEndpointsBeforeNode to move the range endpoints out of the delete
        button interface before calling disable() which will remove it from the
        DOM if it's in there. Added an early return for the case where commonAncestor
        is non-0. If this happens, we would crash later because pastEndNode would
        not be in the tree. This change alone would prevent the crash, but we'd get
        bad markup, so we need the moveEndpointsBeforeNode fix. Added null checks
        for the frame to the range version as in the single-node version so this
        won't crash immediately on documents that are not in a frame. For the
        single-node version, added a check if a ndoe of 0 and a node inside the
        delete button user interface, and return the empty string for those cases.

2007-08-16  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Maciej.
        
        <rdar://problem/5378847> After creating and removing a ToDo, the caret disappears as soon as I start to type
        
        * editing/InsertTextCommand.cpp:
        (WebCore::InsertTextCommand::input): A whitespace text node inserted by Mail
        when a ToDo is removed is completely removed by deleteInsignificantWhitespace,
        and since it contains the text insertion position, insertion fails.
        Save the position before the node where text insertion will occur,
        and if that node is removed, use the saved position for insertion.

2007-08-16  Darin Adler  <darin@apple.com>

        Reviewed by Adele.

        - fix <rdar://problem/5413488> REGRESSION: every DOM element is about 40
          bytes bigger because it has a Timer

        Moved the timer to the document from the element.

        * dom/Document.h: Made frame() inline. Added updateFocusApperanceSoon(),
        cancelFocusAppearanceUpdate(), m_updateFocusAppearanceTimer,
        clearXMLVersion(), and updateFocusAppearanceTimerFired(). Also made
        everything that was previously protected be private instead.
        * dom/Document.cpp:
        (WebCore::Document::Document): Initialize m_updateFocusAppearanceTimer.
        (WebCore::Document::updateFocusAppearanceSoon): Added. Starts timer.
        (WebCore::Document::cancelFocusAppearanceUpdate): Added. Stops timer.
        (WebCore::Document::updateFocusAppearanceTimerFired): Added. If the
        focused node is a focusable element, then calls
        updateFocusAppearance(false) on it.

        * dom/Element.h: Removed default value of the boolean parameter to
        updateFocusAppareance. Removed needsFocusAppearanceUpdate(),
        setNeedsFocusAppearanceUpdate(), updateFocusAppearanceTimerFired(),
        stopUpdateFocusAppearanceTimer(), m_updateFocusAppearanceTimer, and
        m_needsFocusAppearanceUpdate. Added
        updateFocusAppearanceSoonAfterAttach() and cancelFocusAppearanceUpdate().
        * dom/Element.cpp:
        (WebCore::ElementRareData::ElementRareData): Added initializer for
        m_needsFocusAppearanceUpdateSoonAfterAttach.
        (WebCore::Element::Element): Removed initializers for
        m_updateFocusAppearanceTimer and m_needsFocusAppearanceUpdate.
        (WebCore::Element::attach): Updated code that starts the focus
        appearance timer to instead call updateFocusAppearanceSoon() on the
        document.
        (WebCore::Element::detach): Replaced call to
        stopUpdateFocusAppearanceTimer with call to cancelFocusAppearanceUpdate.
        (WebCore::Element::focus): Added check for node that's already focused,
        to match the logic that's in the derived classes. This makes it safe for
        us to remove the override in the derived classes. Also replaced the code
        that called setNeedsFocusAppearanceUpdate(true) with code to set the
        rare data flag m_needsFocusAppearanceUpdateSoonAfterAttach and added a
        call to cancelFocusAppearanceUpdate() in the case where there's no focus
        appearance update.
        (WebCore::Element::blur): Replaced call to
        stopUpdateFocusAppearanceTimer with call to cancelFocusAppearanceUpdate.
        (WebCore::Element::cancelFocusAppearanceUpdate): Added. Sets
        m_needsFocusAppearanceUpdateSoonAfterAttach to false, and then calls
        cancelFocusAppearanceUpdate() on the document, but only if the element
        is the focused node of the document.

        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::HTMLDocument): Replaced code that sets
        m_xmlVersion directly with a call to a new inline clearXMLVersion()
        function.
        (WebCore::HTMLDocument::setCookie): Replaced use of m_policyBaseURL with
        policyBaseURL().
        (WebCore::HTMLDocument::createTokenizer): Replaced uses of m_frame with
        frame().
        (WebCore::HTMLDocument::determineParseMode): Replaced code that sets
        pMode and hMode directly with calls to setParseMode and setHTMLMode.
        Replaced use of m_styleSelector with styleSelector().

        * html/HTMLInputElement.h: Removed now-unneed override of focus().
        Removed default value of the boolean parameter to updateFocusAppareance.
        * html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::updateFocusAppearance):
        Pass the restorePreviousSelection boolean through -- while it's ignored,
        it no longer has a default value.

        * html/HTMLTextAreaElement.h: Removed now-unneed override of focus().
        Removed default value of the boolean parameter to updateFocusAppareance.
        * html/HTMLTextAreaElement.cpp: Ditto.

        * WebCore.exp: Removed the Document::frame() symbol, since it's now inline.

2007-08-15  Antti Koivisto  <antti@apple.com>

        Reviewed by Maciej.
        
        Fix <rdar://problem/5388936>
        Crash while setting display:none for a table cell with selection
        
        Super class destroy() could (through some selection code in removeChild()) trigger section recalc 
        in middle of RenderTableCell::destroy(), cleaning section dirty bit. This would later crash in 
        layout since cell grid would still have refence to the dead cell.
        
        Ensure table sections are dirty when leaving destroy method.
        
        I can't figure out tests for row and section changes but they look like
        they could crash in similar way as cell.

        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::destroy):
        * rendering/RenderTableRow.cpp:
        (WebCore::RenderTableRow::destroy):
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::destroy):

2007-08-15  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff.

        <rdar://problem/5389696> leak of 32-byte NSData object (and more?) in WebIconDatabase code path with each refresh of http://www.apple.com
        
        * platform/graphics/BitmapImage.h: Use RetainPtr for m_nsImage and m_tiffRep
        * platform/graphics/mac/ImageMac.mm:
        (WebCore::BitmapImage::initPlatformData): No need to do anything now
        (WebCore::BitmapImage::invalidatePlatformData): Simplify
        (WebCore::BitmapImage::getTIFFRepresentation): Use RetainPtr to avoid leaks
        (WebCore::BitmapImage::getNSImage): Use RetainPtr to avoid leaks

2007-08-15  Darin Adler  <darin@apple.com>

        Reviewed by Anders.

        - fix <rdar://problem/5094895> REGRESSION (r19094): JavaScript timers don't
          work inside showModalDialog; caret also doesn't blink

        * platform/Timer.h: Added fireTimersInNestedEventLoop.
        * platform/Timer.cpp:
        (WebCore::TimerBase::fireTimers): Added code to exit if the timersReadyToFire
        is cleared. This indicates that someone fired the timers in the nested event
        loop, so we should not fire any more timers ourselves.
        (WebCore::TimerBase::fireTimersInNestedEventLoop): Added. Sets timersReadyToFire
        to 0 so we won't return early and do nothing if the shared timer first. Then
        calls updateSharedTimer() so the shared timer will get scheduled as needed based
        on any pending timers.

        * page/Chrome.cpp: (WebCore::Chrome::runModal): Call
        fireTimersInNestedEventLoop before calling runModal on the client.

        * manual-tests/modal-dialog.html: Added a test that uses a timeout.
        * manual-tests/show-modal-dialog-test.html: Fixed a typo.

2007-08-15  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Darin.
        
        http://bugs.webkit.org/show_bug.cgi?id=14971
        REGRESSION: cannot select reporter's e-mail in bugzilla

        * page/EventHandler.cpp:
        (WebCore::EventHandler::canMouseDragExtendSelect): Allow drag-selecting inside
        a -webkit-user-select:ignore region.

2007-08-15  Beth Dakin  <bdakin@apple.com>

        Reviewed by Hyatt.

        Rolling back in. I made a silly mistake in XMLTokenizer that caused 
        this patch to crash SVG tests. It's fixed now!

        Refactor of change for <rdar://problem/5404899> REGRESSION: Mail 
        crash in WebCore::FontFallbackList::fontDataAt() after dragging 
        image into text multiple times

        The original fix that I made last night prevents the pending style 
        sheet count from being incremented until the element is in the 
        document. This fix prevents the style sheet from loading at all 
        until it is in the document.

        Here is the fix.
        * dom/StyleElement.cpp:
        (WebCore::StyleElement::insertedIntoDocument): Call process.
        (WebCore::StyleElement::removedFromDocument): This can be reverted 
        to its original state before my patch last night.
        (WebCore::StyleElement::process): childrenChanged is now called 
        process. Return early if your not in the document.
        (WebCore::StyleElement::createSheet): Revert change from last 
        night. The inDocument check is now in caller childrenChanged.
        * dom/StyleElement.h: insertedIntoDocument() must now accept an 
        element in addition to a document.

        This is an optimization to prevent calling updateStyleSelector() 
        too frequently.
        * dom/XMLTokenizer.cpp:
        (WebCore::XMLTokenizer::startElementNs):
        * html/HTMLStyleElement.cpp:
        (WebCore::HTMLStyleElement::HTMLStyleElement):
        (WebCore::HTMLStyleElement::finishedParsing):
        (WebCore::HTMLStyleElement::insertedIntoDocument):
        (WebCore::HTMLStyleElement::childrenChanged):
        (WebCore::HTMLStyleElement::sheetLoaded):
        * html/HTMLStyleElement.h:
        * ksvg2/svg/SVGStyleElement.cpp:
        (WebCore::SVGStyleElement::SVGStyleElement):
        (WebCore::SVGStyleElement::finishedParsing):
        (WebCore::SVGStyleElement::insertedIntoDocument):
        (WebCore::SVGStyleElement::childrenChanged):
        (WebCore::SVGStyleElement::sheetLoaded):
        * ksvg2/svg/SVGStyleElement.h:
        (WebCore::SVGStyleElement::setCreatedByParser):

        This is a name change. Document::stylesheetLoaded() 
        is now Document::removePendingSheet()
        * dom/Document.cpp:
        (WebCore::Document::removePendingSheet):
        * dom/Document.h:
        * dom/ProcessingInstruction.cpp:
        (WebCore::ProcessingInstruction::sheetLoaded):
        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::~HTMLLinkElement):
        (WebCore::HTMLLinkElement::setDisabledState):
        (WebCore::HTMLLinkElement::process):
        (WebCore::HTMLLinkElement::sheetLoaded):
        * page/Frame.cpp:
        (WebCore::UserStyleSheetLoader::~UserStyleSheetLoader):
        (WebCore::UserStyleSheetLoader::setCSSStyleSheet):

        This is another name change. closeRenderer() is now 
        finishedParsing()
        * dom/Node.h:
        (WebCore::Node::finishedParsing):
        * dom/XMLTokenizer.cpp:
        (WebCore::XMLTokenizer::endElementNs):
        (WebCore::):
        * html/HTMLAppletElement.cpp:
        (WebCore::HTMLAppletElement::finishedParsing):
        * html/HTMLAppletElement.h:
        * html/HTMLGenericFormElement.cpp:
        (WebCore::HTMLFormControlElementWithState::finishedParsing):
        * html/HTMLGenericFormElement.h:
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::finishedParsing):
        * html/HTMLObjectElement.h:
        * html/HTMLParser.cpp:
        (WebCore::HTMLParser::insertNode):
        (WebCore::HTMLParser::popOneBlockCommon):
        * html/HTMLScriptElement.cpp:
        (WebCore::HTMLScriptElement::finishedParsing):
        * html/HTMLScriptElement.h:
        (WebCore::HTMLStyleElement::setCreatedByParser):
        * ksvg2/svg/SVGAnimationElement.cpp:
        (WebCore::SVGAnimationElement::finishedParsing):
        * ksvg2/svg/SVGAnimationElement.h:
        * ksvg2/svg/SVGElement.cpp:
        (WebCore::SVGElement::finishedParsing):
        * ksvg2/svg/SVGElement.h:

2007-08-15  David Harrison  <harrison@apple.com>

        Reviewed by Antti Koivisto.

        <rdar://problem/5411803> Bumpercar crashes when loading a partial URL (FrameLoader::receivedMainResourceError())

        * loader/MainResourceLoader.cpp:
        (WebCore::MainResourceLoader::receivedError):
        Nil check for the FrameLoader.

2007-08-14  Steve Falkenburg  <sfalken@apple.com>

        <rdar://problem/5411482> Windows user agent language always returns "en"
        
        Implement defaultLanguage().

        Reviewed by Oliver.

        * WebCore.vcproj/WebCore.vcproj: Added Language.cpp.
        * platform/win/Language.cpp: Added.
        (WebCore::localeInfo): Added.
        (WebCore::defaultLanguage): Added.
        * platform/win/TemporaryLinkStubs.cpp: Remove defaultLanguage stub.

2007-08-14  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoff and Oliver.

        Fix for <rdar://problem/5267870>
        Mangleme: Reproducible assertion failure in -[WebCoreFrameBridge installInFrame:]

        - Change embed/plugin code path to detach the frame on willRemove instead of detach.
          This matches what frame and iframe do.

        Test: http/tests/misc/embedCrasher.html

        * html/HTMLPlugInElement.cpp:
        (WebCore::HTMLPlugInElement::willRemove):
        * html/HTMLPlugInElement.h:

2007-08-14  Adele Peterson  <adele@apple.com>

        Reviewed by Maciej.

        Fix for <rdar://problem/5370059> REGRESSION: Cannot type into edit fields on a form (sccsheriff.org)

        This change makes -webkit-user-select an inherited css property.  For "user-select: none" we were already 
        acting like it was an inheritable property, where we let user-select:text on the children override its parent's user-select:none.
        By making user-select really inherited (instead of inherited for some values), we eliminate the need for crawling up the tree to see 
        if an ancestor has user-select ignore set.

        * page/EventHandler.cpp: (WebCore::EventHandler::canMouseDownStartSelect):
          Now that user-select is inherited, you don't need to walk up the render tree looking for ancestors with user-select:ignore set.

        * css/CSSStyleSelector.cpp: Eliminate SELECT_AUTO.
        (WebCore::CSSStyleSelector::adjustRenderStyle):
        (WebCore::CSSStyleSelector::applyProperty):
        * css/CSSComputedStyleDeclaration.cpp: (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):

        * rendering/RenderStyle.h:
        (WebCore::): Eliminate SELECT_AUTO.  Make userSelect inherited.
        (WebCore::RenderStyle::userSelect):
        (WebCore::RenderStyle::setUserSelect):
        (WebCore::RenderStyle::initialUserSelect):
        * rendering/RenderStyle.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        (WebCore::StyleRareInheritedData::StyleRareInheritedData):
        (WebCore::StyleRareInheritedData::operator==):
        (WebCore::RenderStyle::diff):

2007-08-15  Peter Kasting  <zerodpx@gmail.org>

        Reviewed by Darin.
        
        http://bugs.webkit.org/show_bug.cgi?id=14967 part 1 - Eliminate most implicit
        conversions of wtf::Vector<T> to T* by explicitly calling .data()

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::saveState):
        * platform/KURL.cpp:
        (WebCore::KURL::KURL):
        (WebCore::KURL::init):
        (WebCore::KURL::decode_string):
        (WebCore::KURL::parse):
        (WebCore::KURL::encode_string):
        * platform/cf/KURLCFNet.cpp:
        (WebCore::KURL::KURL):
        * platform/mac/KURLMac.mm:
        (WebCore::KURL::KURL):
        * rendering/RenderFrameSet.cpp:
        (WebCore::RenderFrameSet::layOutAxis):

2007-08-14  Ricci Adams  <iccir@apple.com>

        Reviewed by Darin, Hyatt.

        - fix <rdar://problem/5407795> -apple-line-clamp should never display less than one line

        * rendering/RenderFlexibleBox.cpp:(WebCore::RenderFlexibleBox::layoutVerticalBox): Use
        max to make sure it never computes a minimum of less than one line.

2007-08-14  Brady Eidson  <beidson@apple.com>

        Reviewed by Darin, John, Maciej, Oliver, and Tim

        <rdar://problem/5394708> - Crash on launch with corrupt icon database

        The main part of the fix is to not disable SQLite's default level of protection - to leave the sync options at their normal,
        mostly safe levels.  

        But in case lightning strikes at the exact right moment and someone ends up with a corrupt database, add some support code to
        detect that condition and recover from it.  

        This is mainly accomplished by exposing the "PRAGMA integrity_check;" facilities of sqlite through IconDatabase SPI as well as
        running that integrity check if a journal file is detected at launch (a strong indication that the last quit was not clean).
        There's also a method exposed to allow clients to tell the icon database "I suspect something bad happened, please check integrity"

        * loader/icon/IconDatabase.cpp:
        (WebCore::IconDatabase::checkIntegrityBeforeOpening): Allow clients to suggest an integrity check
        (WebCore::IconDatabase::open): Add a check to see if the journal file for the database exists.  If it does, run the integrity
          check.  Also run the check if a client has suggested it to be necessary.
          If the integrity-check fails, we sadly have to destroy the database and recreate from scratch.
          Also - quite importantly - do not adjust the default sync preferences for the SQLDatabase.  They were an optimization that 
          might have been valid at one time but no longer affects any benchmarks we care about.
        (WebCore::IconDatabase::checkIntegrity): Perform the SQLite integrity_check pragma
        * loader/icon/IconDatabase.h:

        * loader/icon/IconDatabaseNone.cpp:
        (WebCore::IconDatabase::checkIntegrity): Keep IconDatabaseNone users building
        (WebCore::IconDatabase::checkIntegrityBeforeOpening): Ditto

        * loader/icon/SQLDatabase.cpp:
        (WebCore::SQLDatabase::open): Make a copy of the path string so we don't accidentally mutate anyone else's string on ::close()

        * platform/FileSystem.h: Added. Begin a long-needed platform file system abstraction
        * platform/mac/FileSystemMac.mm: Added.
        (WebCore::fileExists): Check if a file exists
        (WebCore::deleteFile): Delete a file

        * platform/gdk/TemporaryLinkStubs.cpp:
        (WebCore::fileExists):
        (WebCore::deleteFile):
        * platform/qt/TemporaryLinkStubs.cpp:
        (WebCore::fileExists):
        (WebCore::deleteFile):
        * platform/win/TemporaryLinkStubs.cpp:
        (WebCore::fileExists):
        (WebCore::deleteFile):

        * WebCore.exp:
        * WebCore.xcodeproj/project.pbxproj:

2007-08-14  Jon Honeycutt  <jhoneycutt@apple.com>

        Reviewed by Steve.

        Build fix for Windows.

        * html/HTMLFormElement.cpp:

2007-08-14  George Staikos  <staikos@kde.org>

        Only connect the menu signal once.

        * platform/qt/ContextMenuQt.cpp:
        (WebCore::ContextMenu::ContextMenu):
        (WebCore::ContextMenu::insertItem):

2007-08-14  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Tim.

        <rdar://problem/5408255> REGRESSION: In Mail, clicking the containing element's UI closebox doesn't delete element

        * editing/DeleteButtonController.cpp:
        (WebCore::DeleteButtonController::show): Use -webkit-user-select:ignore for
        the deletion UI.

2007-08-14  Antti Koivisto  <antti@apple.com>

        Reviewed by Darin.
        
        Fix <rdar://problem/5143183>
        Air Mail postmark shows up wrong in Firefox due to use of CSS background-position-x/y
        
        Safari was using non-standard background-position-x/y properties when serializing style, both normal 
        and computed. As a result Safari generated CSS would not render correctly in Firefox. 
        
        Use standard background-position property instead.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::):
        * css/CSSMutableStyleDeclaration.cpp:
        (WebCore::CSSMutableStyleDeclaration::cssText):

2007-08-14  Sam Weinig  <sam@webkit.org>

        Reviewed by Brady and Dr. Harrison.

        Fix typo.  'whitespace' property is spelled 'white-space'.

        * page/inspector/inspector.css:

2007-08-13  Beth Dakin  <bdakin@apple.com>

        Reviewed by Maciej.

        Fix for <rdar://problem/5404899> REGRESSION: Mail crash in 
        WebCore::FontFallbackList::fontDataAt() after dragging image into 
        text multiple times

        We were crashing because style information was not up-to-date. This 
        patch fixes the problem in two ways:

        Style information was not up to date at the time of the crash 
        because the document thought there was still a pending style sheet. 
        The pending style sheet counter was incremented when a call to 
        cloneNode from Mail cloned a style node with an imported style 
        sheet. Because Mail disables the cache, the style sheet did not 
        load immediately for the cloned node, and we do not check again to 
        see if it has loaded in time to decrement the pending style sheet 
        counter before the crash point. The fix here is only to increment 
        the pending style sheet counter for elements that are already in 
        the document.
        * dom/StyleElement.cpp:
        (WebCore::StyleElement::insertedIntoDocument): If we have a CSS 
        style sheet that is currently loading, increment the pending style 
        sheet counter. This should keep the counter accurate in the case 
        where a style node is cloned and then immediately inserted into the 
        document.
        (WebCore::StyleElement::removedFromDocument): If we have a CSS 
        style sheet that is currently loading, decrement the pending style 
        sheet count. This is required to keep the correct balance, given 
        the change above.
        (WebCore::StyleElement::createSheet): Only addPendingSheet() and 
        checkLoaded() if we are in the document.

        Here is Darin's original fix. It seems worth keeping this fix too. 
        Font style information should not cause a crash if there are still 
        pending style sheets. This is good belt-and-suspenders in case 
        there is another way to run into this bug with a wacky timing 
        issue.
        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::styleForElement): Update the font.

2007-08-13  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=14635
        rdar://problem/5340188
        Uploading file with non-ASCII character in path fails

        File upload cannot be tested in DumpRenderTree.

        * html/HTMLFormElement.cpp:
        (WebCore::pathGetFilename): A cross-platform helper that extracts a file name from a path.
        (WebCore::HTMLFormElement::formData): Use the above helper instead of code that doesn't
        work on Windows.

2007-08-13  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=14951
        REGRESSION: page interpreted as UTF-8 because of stray <?xml> after <head>

        Test: fast/encoding/misplaced-xml-declaration.html

        * loader/TextResourceDecoder.cpp:
        (WebCore::TextResourceDecoder::checkForHeadCharset): Only honor XML declaration
        at the very beginning of the file.

2007-08-13  Oliver Hunt  <oliver@apple.com>

        rs=sam

        Correct accidentally modified code.

        * platform/mac/FontDataMac.mm:
        (WebCore::FontData::platformInit):

2007-08-13  Adele Peterson  <adele@apple.com>

        Reviewed by Brady.

        Fix for http://bugs.webkit.org/show_bug.cgi?id=14746
        <rdar://problem/5401041> REGRESSION: Form state not saved for forms that submit via HTTPS even if they do not contain a password field

        * loader/FrameLoader.cpp: (WebCore::FrameLoader::saveDocumentState): Restore our old behavior that will save form state for secure forms.
          This will also match Firefox behavior.

        * dom/Document.cpp: Removed secureFormAdded(), secureFormRemoved(), hasSecureForm() which are no longer used.
        * dom/Document.h:
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::attach):
        (WebCore::HTMLFormElement::parseMappedAttribute):

2007-08-13  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        <rdar://problem/5386183> REGRESSION (9A504-9A508): Underline of inline hole is too thin 
        on Japanese DotMac page
        
        Hack the line metrics for the Hiragino font families so that they always allow space for
        the marked text underline.
        
        * platform/mac/FontDataMac.mm:
        (WebCore::FontData::platformInit):

2007-08-13  David Hyatt  <hyatt@apple.com>

        Reviewed by aroben
 
        <rdar://problem/5400446> messed up content on calendar.yahoo.com and my.yahoo.com

        Fix some more bad assumptions about <html> being the first child of the document now that we
        properly support HTML5's model (where a comment node preceding <html> will in fact be its sibling).

        * html/HTMLParser.cpp:
        (WebCore::HTMLParser::handleError):
        (WebCore::HTMLParser::createHead):

2007-08-13  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Darin.
        
        <rdar://problem/5333725> -webkit-user-select: none makes selection difficult
        
        Let users create selections if they mouse down in a -webkit-user-select:none
        region, just (continue to) disallow selection endpoints in those regions, and
        don't paint those regions as selected if they are fully enclosed by a selection. 
        For example, in xxyyyxx where x is -webkit-user-select:none, a user can mouse down
        between the first two xs and drag across yyy to the second two xs to create a 
        selection xx^yyy^xx.
        
        * editing/SelectionController.cpp:
        (WebCore::SelectionController::selectAll): Allow selectAll inside a root
        that has -webkit-user-select:none, because it may contain content that
        is selectable (VisiblePosition and Selection creation will keep Selection
        endpoints out of -webkit-user-select:none regions).
        * page/EventHandler.cpp:
        (WebCore::EventHandler::selectClosestWordFromMouseEvent): Use canMouseDownStartSelect
        instead of the ambiguously named shouldSelect().
        (WebCore::EventHandler::handleMousePressEventTripleClick): Ditto.
        (WebCore::EventHandler::handleMousePressEventSingleClick): Ditto.
        (WebCore::EventHandler::updateSelectionForMouseDrag): Use canMouseDragExtendSelect.
        (WebCore::EventHandler::selectCursor): Paint an ibeam in -webkit-user-select:none regions,
        because you can click in those regions to create a selection.
        (WebCore::EventHandler::canMouseDownStartSelect): Now fires the selectStart event, and
        returns true in -webkit-user-select: none regions.
        (WebCore::EventHandler::canMouseDragExtendSelect): This is identical to 
        canMouseDownStartSelect because of 12823, even though it seems strange that we would fire 
        the selectStart event here.
        * page/EventHandler.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::draggableNode): Only -webkit-user-select:ignore regions will
        prevent selection creation.
        * rendering/RenderObject.h:

2007-08-13  Anders Carlsson  <andersca@apple.com>

        Reviewed by Maciej.

        <rdar://problem/5360748>
        REGRESSION (r21002-r21003): Flash widget sniffer doesn't work (affects iWeb)

        Don't check whether the document is being parsed or not, because the node list
        could be accessed after the document has finished parsing.
        
        * dom/Node.cpp:
        (WebCore::Node::registerNodeList):

2007-08-13  Lars Knoll  <lars@trolltech.com>

        Reviewed by Simon.

        no need to update regions that are not visible on the webpage.

        * platform/qt/ScrollViewQt.cpp:
        (WebCore::ScrollView::updateContents):

2007-08-12  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin and Sam.
        
        <rdar://problem/5395213> cross-domain access to individual components of location object should be denied.

        * bindings/js/kjs_window.cpp:
        (KJS::Location::put): Add the appropriate cross-domain access checks.

2007-08-12  Darin Adler  <darin@apple.com>

        Reviewed by John Sullivan.

        - fix <rdar://problem/5403724> REGRESSION: text inputs are not scrolled to make inline input visible (14912)

        * editing/Editor.h: Made setIgnoreMarkedTextSelectionChange no longer inline.
        It now has a side effect of revealing the selection when you set it to false.
        Added private revealSelectionAfterEditingOperation helper.
        * editing/Editor.cpp:
        (WebCore::Editor::deleteRange): Calls revealSelectionAfterEditingOperation instead
        of calling m_frame->revealSelection directly.
        (WebCore::Editor::replaceSelectionWithFragment): Ditto.
        (WebCore::Editor::insertOrderedList): Ditto.
        (WebCore::Editor::insertUnorderedList): Ditto.
        (WebCore::Editor::increaseSelectionListLevel): Ditto.
        (WebCore::Editor::increaseSelectionListLevelOrdered): Ditto.
        (WebCore::Editor::increaseSelectionListLevelUnordered): Ditto.
        (WebCore::Editor::decreaseSelectionListLevel): Ditto.
        (WebCore::Editor::insertLineBreak): Ditto.
        (WebCore::Editor::insertParagraphSeparator): Ditto.
        (WebCore::Editor::replaceMarkedText): Ditto.
        (WebCore::Editor::revealSelectionAfterEditingOperation): Added. Calls revealSelection,
        unless we are in the ignoreMarkedTextSelectionChange state. If we are in that state,
        we're in the middle of a composite editing operation and we shouldn't try to scroll
        to reveal the selection until the operation is done.
        (WebCore::Editor::setIgnoreMarkedTextSelectionChange): Made no longer inline. If
        changing the state from true to false, then calls revealSelectionAfterEditingOperation.

        * WebCore.exp: Add new entry point for no-longer-inline setter function.

2007-08-12  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak, Dave Hyatt.
        
        Changed the dead resource LRU-SP algorithm to measure an object's
        total size, not just its encoded size. This will allow us to make 
        better decisions about what data to evict when the cache is small. For 
        example, the PLT can now run with a 16MB cache without fully evicting
        any resources.
        
        (Previously, we had assumed that decoded size would be an OK estimate
        of encoded size, but that is not true of GIF, whose decoded size can be 
        orders of magnitude greater than its encoded size.)
        
        Subtly, destroying a resource's decoded data now increases its recency 
        by moving it to the head of a smaller LRU list. This is slightly odd,
        but, since all resources get the same treatment, it shouldn't hurt 
        the eviction algorithm.

        * history/PageCache.cpp:
        (WebCore::PageCache::releaseAutoreleasedPagesNow): Make sure that a
        dead resource eviction doesn't happen until we've released all of our
        dead pages. Otherwise, the cache will make terrible decisions about 
        what to evict because all of our dead resources will seem live.

        * loader/Cache.cpp:
        (WebCore::Cache::Cache):
        (WebCore::Cache::pruneLiveResources):
        (WebCore::Cache::pruneDeadResources): Removed call to 
        removeFromLiveDecodedResourcesList because this happens automatically
        now as a part of the process of changing the resource's decoded size.
        (WebCore::Cache::lruListFor): *** The key change. *** Compute the 
        appropriate LRU list based on total size, not encoded size.
        (WebCore::Cache::dumpLRULists): Added debug logging function to help
        visualize the cache.

        * loader/Cache.h:
        (WebCore::Cache::setDeadResourcePruneEnabled):
        (WebCore::Cache::deadResourcePruneEnabled):

        * loader/CachedImage.cpp: Moved decoded size tracking code from here
        up into the base class. Currently, only CachedImage has a use for that
        functionality, but other subclasses might need it in the future, and
        the base class is already responsible for similar code related to 
        encoded size tracking.
        (WebCore::CachedImage::decodedSizeChanged):
        * loader/CachedImage.h:

        * loader/CachedResource.cpp:
        (WebCore::CachedResource::CachedResource):
        (WebCore::CachedResource::setDecodedSize): Move us in the LRU-SP list
        just like setEncodedSize does, since decoded size counts now, too.
        (WebCore::CachedResource::setEncodedSize): Changed slightly to match
        the style of setDecodedSize.

        * loader/CachedResource.h:
        (WebCore::CachedResource::decodedSize):

2007-08-11  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=13670
          <rdar://problem/5399619> Table misrender when one of the TDs has width=100%

        Tests: fast/table/100-percent-cell-width.html
               fast/table/percent-widths-stretch.html

        * rendering/AutoTableLayout.cpp:
        (WebCore::AutoTableLayout::calcPrefWidths): Changed the value used instead of
        0% to avoid division by zero from 1% to less than 0.01%. Removed code that
        added 0.5px to non-percent widths when calculating the scaling factor. The
        latter change is covered by the percent-widths-stretch test, where the new
        results match both WinIE 7 and Firefox 3.

2007-08-11  Darin Adler  <darin@apple.com>

        Reviewed by Antti.

        - fix <rdar://problem/5266535> REGRESSION: <img> inside <map> no longer allowed in strict mode
          (breaks chemicalelements.com)

        Test: fast/parser/strict-img-in-map.html

        * html/HTMLMapElement.cpp: (WebCore::HTMLMapElement::checkDTD): Removed FIXME saying this
        code is strange, since this code matches the HTML 4 specification almost exactly. Made
        <img> elements allowed even in strict mode and added small comments to clarify what comes
        from the DTD and what is non-standard.

2007-08-11  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Anders.

        Implement passing events to a subframe. The code is copied from
        the windows port and passSubframeEventToSubframe was removed as it
        is not called and it is not avilable in the windows port as well.

        * page/gdk/EventHandlerGdk.cpp:
        (WebCore::EventHandler::passMousePressEventToSubframe):
        (WebCore::EventHandler::passMouseMoveEventToSubframe):
        (WebCore::EventHandler::passMouseReleaseEventToSubframe):

2007-08-11  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Lars.

        GdkEventKey::string is not supposed to be used. The length
        of this string is zero for non ascii characters. Use the
        gdk_unicode_to_keyval to convert the keyval to a UChar and construct
        a String. This change makes it possible to input non ascii
        characters.

        * platform/gdk/KeyEventGdk.cpp:
        (WebCore::keyIdentifierForGdkKeyCode):
        (WebCore::singleCharacterString):
        (WebCore::PlatformKeyboardEvent::PlatformKeyboardEvent):

2007-08-11  Andrew Wellington  <proton@wiretapped.net>

        Reviewed by Mark Rowe.
        
        Fix http://bugs.webkit.org/show_bug.cgi?id=14645
        getPropertyValue should be case insensitive
        
        When we get the propertyID for a given string we convert to lowercase.
        
        This also applies to setProperty, removeProperty and others.
        
        * css/CSSStyleDeclaration.cpp:
        (WebCore::propertyID):

2007-08-11  Mark Rowe  <mrowe@apple.com>

        Build fix.  Change "#ifdef PLATFORM(GDK)" to "#if PLATFORM(GDK)".

        * page/FrameView.cpp:
        * page/FrameView.h:

2007-08-11  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Adam.

        Copy the WebFrame::layoutIfNeededRecursive method of the windows port
        to FrameView to be used by the Gtk+ port. Simplify the implementation due
        moving it to the FrameView class.

        Implement the ScrollView::children() method for the Gtk+ port and make it
        available to the FrameView as children() is used within the layoutIfNeededRecursive method.

        * page/FrameView.cpp:
        (WebCore::FrameView::layoutIfNeededRecursive):
        * page/FrameView.h:
        * platform/ScrollView.h:
        * platform/gdk/ScrollViewGdk.cpp:

2007-08-11  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Adam.

        To fix text selection make the PlatformMouseEvent set the pressed
        button even when moving the mouse.
        
        Add building of the WebKit::DragClient stubs as they are needed to
        make text selection work.

        * WebCore.pro:
        * platform/gdk/MouseEventGdk.cpp:
        (WebCore::PlatformMouseEvent::PlatformMouseEvent):

2007-08-10  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin and Maciej.

        <rdar://problem/5360748>
        REGRESSION(r21002-r21003) Flash widget sniffer doesn't work
        
        Add a per-document NodeList counter. When parsing, only call notifyNodeListsChildrenChanged
        if the document has node lists. Also, make sure to reset the cache when the node list count has 
        been 0 and a new node list is registered to avoid any stale cache information.
        
        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::addChild):
        * dom/Document.cpp:
        (WebCore::Document::Document):
        * dom/Document.h:
        (WebCore::Document::addNodeList):
        (WebCore::Document::removeNodeList):
        (WebCore::Document::hasNodeLists):
        * dom/Node.cpp:
        (WebCore::Node::registerNodeList):
        (WebCore::Node::unregisterNodeList):

2007-08-10  Timothy Hatcher  <timothy@apple.com>

        Reviewed by Adam.

        <rdar://problem/5394449> Stop using some Carbon UI APIs for 64 bit

        Disable NPObject use in 64-bit on Mac OS X.

        * Configurations/WebCore.xcconfig: Add a framework search path to the sub-framworks of Carbon.
        * WebCore.xcodeproj/project.pbxproj: Filter out the Frame::windowScriptNPObject() symbol in 64-bit.
        * bindings/objc/DOM.mm:
        (-[DOMElement _NPObject]): Return null in 64-bit.
        * config.h: Set WTF_USE_NPOBJECT to 0 in 64-bit Mac OS X.
        * page/Frame.cpp:
        (WebCore::Frame::cleanupScriptObjects): Add more #if USE(NPOBJECT) blocks where needed.
        * page/Frame.h: Ditto.
        * page/mac/FrameMac.mm:
        (WebCore::Frame::createScriptInstanceForWidget): Ditto.
        * page/mac/WebCoreFrameBridge.h: Ditto.
        * page/mac/WebCoreFrameBridge.mm: Ditto.

2007-08-10  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Justin.

        - fix <rdar://problem/5397344> http://bugs.webkit.org/show_bug.cgi?id=14911
          REGRESSION: Clicking in pasted text doesn't position the insertion point correctly

        Test: editing/selection/inline-closest-leaf-child.html

        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::closestLeafChildForXPos): Return the last leaf if
        it's the closest match, or if no other leaf matches (for example if all
        leaves are list markers or non-editable where editable is required).

2007-08-10  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        <rdar://problem/5390568> 
        REGRESSION: –[WebFrame loadHTMLString:baseURL:] leaks the data source.
        
        Revert the fix for <rdar://problem/5133420> which caused us to not cancel 
        substitute data loads. It's better to remove the assertion in the WebKit layer.
        
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::didCancel):

2007-08-10  Sam Weinig  <sam@webkit.org>

        Rubber-stamped by Adam Roben.

        Fix Windows, Qt and Gtk build.

        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:

2007-08-09  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej.

        Fix for <rdar://problem/5395618>

        Use checkNodeSecurity when setting the 'src' or 'location' attribute of an
        iframe or frame element.  

        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSAttrCustom.cpp: Added.
        (WebCore::JSAttr::setValue): Call checkNodeSecurity for attributes with a current iframe or frame
        ownerElement when setting src to a javascript: URL.
        * bindings/js/JSElementCustom.cpp: Added.
        (WebCore::allowSettingSrcToJavascriptURL):
        (WebCore::JSElement::setAttribute): Call checkNodeSecurity when element is a frame or iframe and 
        setting he src attribute to a javascript: URL.
        (WebCore::JSElement::setAttributeNode): Ditto.
        (WebCore::JSElement::setAttributeNS): Ditto.
        (WebCore::JSElement::setAttributeNodeNS): Ditto.
        * bindings/js/JSHTMLFrameElementCustom.cpp: Added.
        (WebCore::allowSettingJavascriptURL):
        (WebCore::JSHTMLFrameElement::setSrc): Call checkNodeSecurity when setting to a javascript: URL.
        (WebCore::JSHTMLFrameElement::setLocation): Ditto.
        * bindings/js/JSHTMLIFrameElementCustom.cpp: Added.
        (WebCore::JSHTMLIFrameElement::setSrc): Call checkNodeSecurity when setting to a javascript: URL.
        * bindings/scripts/CodeGeneratorJS.pm: Add support for [CustomGetter] and [CustomSetter]
        * dom/Attr.idl:
        * dom/Element.idl:
        * html/HTMLFrameElement.idl:
        * html/HTMLIFrameElement.idl:

2007-08-10  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Anders.

        Make the containingWindow a GtkContainer and make use of the
        GtkWidget::window instead of the GtkLayout::bin_window.

        * platform/Widget.h:
        * platform/gdk/PlatformScreenGdk.cpp:
        (WebCore::screenDepth):
        * platform/gdk/ScrollViewGdk.cpp:
        (WebCore::ScrollView::updateContents):
        (WebCore::ScrollView::update):
        * platform/gdk/WidgetGdk.cpp:
        (WebCore::Widget::setContainingWindow):
        (WebCore::Widget::setCursor):

2007-08-10  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Lars.

        Revert r24699 as it broke timers. The precision of QTime::toTime_t() is just seconds, which is not good enough. Revert back
        to the old implementation and use the simple implementation of currentTime() from win/ for the Qt/Windows build (fingers crossed :)

        * WebCore.pro:
        * platform/qt/SystemTimeQt.cpp:
        (WebCore::currentTime):

2007-08-10  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Lars.

        Recognize .htm as valid extension for text/html.

        * platform/qt/MIMETypeRegistryQt.cpp:
        (WebCore::):

2007-08-10  Lars Knoll  <lars@trolltech.com>

        Reviewed by Simon.

        remove an assertion that leads to crashes. The whole design of WidgetQt and ScrollViewQt needs to be reevaluated soon anyways.

        * platform/qt/ScrollViewQt.cpp:

2007-08-10  Mark Rowe  <mrowe@apple.com>

        Fix the Mac build.

        * ForwardingHeaders/bindings/runtime_object.h: Added.

2007-08-10  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Lars.

        Make sure -fno-strict-aliasing is also added for mkspecs like linux-g++-64.

        * WebCore.pro:

2007-08-10  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Lars.

        Enable JavaScript bindings for HTML Object/Applet elements in the Qt port.

        * WebCore.pro:
        * bindings/js/kjs_dom.cpp:
        * html/HTMLAppletElement.h:
        * html/HTMLEmbedElement.h:
        * page/qt/FrameQt.cpp:
        (WebCore::Frame::createScriptInstanceForWidget):

2007-08-10  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Dave Hyatt.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14798
          Incorrect bidi reordering of neutrals and digits after RTL embed
          and other bugs in the bidi algorithm.

        Test: fast/text/international/bidi-neutral-run.html

        Fixed several bugs in resolving the embedding level of runs of neutral
        characters. Changed the logic to rely on the eor direction only for
        the number types, and otherwise consider the last strong type.

        * platform/BidiContext.h:
        (WebCore::BidiContext::BidiContext): Added an ASSERT.
        * platform/BidiResolver.h:
        (WebCore::::embed):
        (WebCore::::createBidiRunsForLine):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::TextRunIterator::atEnd): Changed to return true instead of
        crashing when called on the empty iterator.

2007-08-09  Mark Rowe  <mrowe@apple.com>

        Reviewed by Antti.

        <rdar://problem/5400709> Versioning in debug and release builds should include minor and tiny version before +

        * Configurations/Version.xcconfig:
        * WebCore.xcodeproj/project.pbxproj: Add a shell script phase to make to dependency between
        Version.xcconfig and Info.plist explicit to Xcode.

2007-08-09  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Justin Garcia.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14347
          REGRESSION (r21291): Initiating a drag near the edge of a selection deselects it

        Test: editing/selection/contains-boundaries.html

        * editing/SelectionController.cpp:
        (WebCore::SelectionController::contains): Changed to return true for the
        selection boundaries too.

2007-08-09  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Dave Hyatt.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14742
          Document::recalcStyle(Force) called for every updateStyleIgnorePendingStylesheets while waiting for stylesheets
          <rdar://problem/5376306>

        updateStyleSelector() is normally called when something changes that factors
        into the style selector. However, updateLayoutIgnorePendingStylesheets() calls it for
        a different reason, namely to account for all the preceding changes that were ignored
        because of the early return in updateStyleSelector(). After that, the early return
        can no longer occur, so changes are accounted for as they happen, and
        updateLayoutIgnorePendingStylesheets() does not need to call updateStyleSelector()
        again.

        * dom/Document.cpp:
        (WebCore::Document::updateLayoutIgnorePendingStylesheets): Call updateStyleSelector()
        only before the first layout.

2007-08-09  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Adam Roben.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14362
          Opening a select list always highlights first element in list

        * platform/win/PopupMenuWin.cpp:
        (WebCore::PopupWndProc): Track the mouse only inside the popup.

2007-08-09  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Dave Hyatt.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14875
          Textarea with nowrap - left/right nav, Up/down nav both hide text

        Test: fast/layers/scroll-rect-to-visible.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollRectToVisible): Account for borders and scroll bars.

2007-08-09  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Dave Hyatt.
        
        Refactored live decoded resource eviction to be more modular / 
        encapsulated. 
        
        This fixes one known place where we forgot to hook into the live 
        decoded eviction mechanism -- canvas. There might be other, unknown 
        places. In a canvas test page, which I broke off from the Safari 
        pageout test, I saw an RPRVT reduction of ~10MB.
        
        A few renames:
        - "m_lastLiveAccessTime" => "m_lastDecodedAccessTime" because the data
        point we're recording is access to the resource in decoded form.
        
        - "liveResourceAccessed" => "didAccessDecodedData" for the same reason.

        - "pruneAllResources" => "pruneDeadResources" because this function 
        does not prune live resources.
        
        And the fix:
        Instead of updating cache metadata at the call site whenver drawing an 
        image, just have an image notify its observer whenever it draws. The 
        observer, which is a CachedResource, can then update the metadata.
        
        * loader/Cache.cpp: Renames
        * loader/Cache.h: Removed stale declarations, updated comments
        * loader/CachedImage.cpp:
        (WebCore::CachedImage::didDraw): Implemented didDraw to update cache
        metadata whenever our image draws.
        * loader/CachedImage.h: Grouped parts of the ImageObserver interface.
        * loader/CachedResource.cpp:
        (WebCore::CachedResource::CachedResource):
        (WebCore::CachedResource::deref):
        (WebCore::CachedResource::didAccessDecodedData): Made this function
        slightly more modular by allowing the caller to provide a time stamp.
        In theory, not all CachedResources will necessarily want to use the 
        current paint time stamp.
        * platform/graphics/cg/ImageCG.cpp:
        (WebCore::BitmapImage::draw): Notify our observer that we drew.
        (WebCore::Image::drawPattern): ditto
        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::draw): ditto
        * platform/graphics/svg/SVGImage.cpp:
        (WebCore::SVGImage::draw): ditto
        
        Removed old code at image drawing call sites:
        
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::paintBackgroundExtended):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paint):
        * rendering/RenderListMarker.cpp:
        (WebCore::RenderListMarker::paint):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::paintBorderImage):

2007-08-10  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Adam.

        Move the various *ClientGdk.{h,cpp} away from the WebCore directory as
        of http://bugs.webkit.org/show_bug.cgi?id=14727.

        * WebCore.pro:
        * platform/gdk/TemporaryLinkStubs.cpp:

2007-08-09  Anders Carlsson  <andersca@apple.com>

        Reviewed by Maciej.

        <rdar://problem/5400029> iframes with an image src rarely load image
        
        Don't try to shrink standalone images in subframes. The resize event is not 
        sent for subframes which screws up the shrink-to-fit logic.
        
        * loader/ImageDocument.cpp:
        (WebCore::ImageDocument::createDocumentStructure):
        (WebCore::ImageDocument::imageChanged):
        (WebCore::ImageDocument::shouldShrinkToFit):
        * loader/ImageDocument.h:

2007-08-10  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Adam.

        Implement FrameLoaderClientGdk::createFrame mostly by copying
        the windows implementation. A method similiar to WebFrame::loadURLIntoChild
        was not introduced instead we have a simplified version similiar to the
        one of the Qt port.

        Remove building of WebKit/gtk/webkitgtkframedata.{cpp,h}.

        * WebCore.pro:
        * loader/gdk/FrameLoaderClientGdk.cpp:
        (WebCore::FrameLoaderClientGdk::createFrame):

2007-08-10  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Adam.

        Use the ScrollView/Widget design of the Windows port to only use one
        native window for the whole page. This will make it possible to implement
        FrameLoaderClientGdk::createFrame.

        In contrast to the windows port the ScrollBars are GtkWidgets. To paint them
        at the right position we need to position them correctly. To not scroll the
        ScrollBar's belonging to the ScrollView a ScrollViewScrollbar is introduced with
        a different geometryChanged method.

        To allow the Gtk+ way of scrolling the ScrollView allows to get GtkAdjustments
        set. In this case no ScrollViewScrollbar will be created.


        * platform/ScrollView.h:
        * platform/Widget.h:
        * platform/gdk/PlatformScreenGdk.cpp:
        (WebCore::screenDepth):
        * platform/gdk/PlatformScrollBar.h:
        * platform/gdk/PlatformScrollBarGdk.cpp:
        (PlatformScrollbar::PlatformScrollbar):
        (PlatformScrollbar::~PlatformScrollbar):
        (PlatformScrollbar::setRect):
        (PlatformScrollbar::geometryChanged):
        * platform/gdk/ScrollViewGdk.cpp:
        (WebCore::ScrollView::ScrollViewPrivate::ScrollViewPrivate):
        (WebCore::ScrollView::ScrollViewPrivate::~ScrollViewPrivate):
        (WebCore::ScrollViewScrollbar::ScrollViewScrollbar):
        (WebCore::ScrollViewScrollbar::geometryChanged):
        (WebCore::ScrollView::ScrollViewPrivate::setHasHorizontalScrollbar):
        (WebCore::ScrollView::ScrollViewPrivate::setHasVerticalScrollbar):
        (WebCore::ScrollView::ScrollViewPrivate::scrollBackingStore):
        (WebCore::ScrollView::ScrollViewPrivate::adjustmentChanged):
        (WebCore::ScrollView::ScrollViewPrivate::valueChanged):
        (WebCore::ScrollView::ScrollViewPrivate::windowClipRect):
        (WebCore::ScrollView::setGtkAdjustments):
        (WebCore::ScrollView::updateContents):
        (WebCore::ScrollView::update):
        (WebCore::ScrollView::visibleWidth):
        (WebCore::ScrollView::resizeContents):
        (WebCore::ScrollView::contentsX):
        (WebCore::ScrollView::scrollOffset):
        (WebCore::ScrollView::maximumScroll):
        (WebCore::ScrollView::scrollBy):
        (WebCore::ScrollView::suppressScrollbars):
        (WebCore::ScrollView::setHScrollbarMode):
        (WebCore::ScrollView::setVScrollbarMode):
        (WebCore::ScrollView::setScrollbarsMode):
        (WebCore::ScrollView::setFrameGeometry):
        (WebCore::ScrollView::addChild):
        (WebCore::ScrollView::removeChild):
        (WebCore::ScrollView::scrollRectIntoViewRecursively):
        (WebCore::ScrollView::wheelEvent):
        (WebCore::ScrollView::updateScrollbars):
        (WebCore::ScrollView::windowToContents):
        (WebCore::ScrollView::contentsToWindow):
        (WebCore::ScrollView::scrollbarUnderMouse):
        (WebCore::ScrollView::convertChildToSelf):
        (WebCore::ScrollView::convertSelfToChild):
        (WebCore::ScrollView::paint):
        (WebCore::ScrollView::geometryChanged):
        (WebCore::ScrollView::scroll):
        (WebCore::ScrollView::addToDirtyRegion):
        (WebCore::ScrollView::scrollBackingStore):
        (WebCore::ScrollView::updateBackingStore):
        * platform/gdk/WidgetGdk.cpp:
        (WebCore::WidgetPrivate::gdkDrawable):
        (WebCore::Widget::Widget):
        (WebCore::Widget::setContainingWindow):
        (WebCore::Widget::containingWindow):
        (WebCore::Widget::frameGeometry):
        (WebCore::Widget::setFrameGeometry):
        (WebCore::Widget::setParent):
        (WebCore::Widget::parent):
        (WebCore::Widget::setCursor):
        (WebCore::Widget::show):
        (WebCore::Widget::hide):
        (WebCore::Widget::removeFromParent):
        (WebCore::Widget::paint):
        (WebCore::Widget::invalidate):
        (WebCore::Widget::invalidateRect):
        (WebCore::Widget::convertToContainingWindow):
        (WebCore::Widget::convertFromContainingWindow):
        (WebCore::Widget::convertChildToSelf):
        (WebCore::Widget::convertSelfToChild):
        (WebCore::Widget::suppressInvalidation):
        (WebCore::Widget::setSuppressInvalidation):

2007-08-09  Adele Peterson  <adele@apple.com>

        Fix by Brady, reviewed by me.

        Fix for <rdar://problem/5380697> connection:willSendRequest:redirectResponse: is called on every NSURLConnection

        * platform/network/mac/ResourceHandleMac.mm: (-[WebCoreResourceHandleAsDelegate connection:willSendRequest:redirectResponse:]):
          Work around a behavior change in CFNetwork where willSendRequest gets called more often by returning early.

2007-08-09  Darin Adler  <darin@apple.com>

        Reviewed by Antti.

        - fix <rdar://problem/4889753> REGRESSION: Selection doesn't continue with drag selecting
          when autoscrolling vertically (in Notes as well as Safari)

        The bug doesn't happen inside DumpRenderTree, so I was unable to make an automated
        regression test.

        * manual-tests/autoscroll-when-outside-window.html: Added.

        * rendering/RenderLayer.cpp: (WebCore::RenderLayer::autoscroll): Removed unneeded null
        check for the layer's renderer and the document, neither of which can be null. Call
        the new updateSelectionForMouseDrag instead of doing selection updating here.

        * page/EventHandler.h:
        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleMouseDraggedEvent): Refactored most of the logic
        about updating the selection into updateSelectionForMouseDrag.
        (WebCore::EventHandler::updateSelectionForMouseDrag): Added. The public version of
        this function takes no parameters, and is for use from auto-scrolling code. The
        private version of this function takes node and point parameters and contains the
        shared code, including everything from updateSelectionForMouseDragOverPosition.
        Aside from the code motion, variable name changes, and sharing more code, this
        differs from the old code in RenderLayer::autoscroll in the following ways:

          1) The old code did hit testing only in the layer that was auto-scrolling,
             and the new code instead starts the hit testing at the root layer, which is
             better because it's the same thing we do for mouse moved events. Further,
             the code to do this by calling convertToLayerCoords had a bug  because the
             x and y variables were uninitialized.
          2) The old code passed false for active to HitTestRequest, which was wrong.
             The new code passes true. This flag needs to be true for hit testing done
             while the mouse is down and false for hit testing done while the mouse is up.
          3) The old code did not have the SVG-specific logic to match the mouse moved case.
          4) The old code wouldn't do any selection updating if the return value from hitTest
             was false, which is incorrect. The new code ignores the return value as it should.

2007-08-08  Beth Dakin  <bdakin@apple.com>

        Reviewed by Geoff Garen.

        Fx for <rdar://problem/5286443>, http://bugs.webkit.org/
        show_bug.cgi?id=14268 REGRESSION: Radio buttons don't stay selected 
        due to unclosed <label> tags

        This patch maintains the behavior that allows <label> tags to nest. 
        This matches WinIE, and appears to match the spec, since the spec 
        does not explicitly say that they cannot nest. It fixes the bug 
        instead by calling setDefaultHandled() in two places it should have 
        been called anyway. This keeps the appropriate button checked as 
        the event bubbles.

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::postDispatchEventHandler):
        * html/HTMLLabelElement.cpp:
        (WebCore::HTMLLabelElement::defaultEventHandler):

2007-08-08  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Oliver.

        <rdar://problem/5387578> Crash at ReplaceSelectionCommand::doApply() when pasting just after table cell content
        
        ReplaceSelectionCommand::doApply() inserts a line break before insertion
        to prevent block nesting.  InsertLineBreakCommand::doApply was accidently
        destroying a text node when it removed insignificant whitespace and then
        setting a nil endingSelection().

        * editing/InsertLineBreakCommand.cpp:
        (WebCore::InsertLineBreakCommand::doApply): If insignificant whitespace
        removal removes textNode from the document, insert a text node containing
        the non-breaking space we were attempting to insert and then insert it
        at the position that the removed textNode occupied.

2007-08-08  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        Added a thrash check to live decoded resource eviction.
        
        Here's the strategy: Stamp every image with its paint time. Don't evict 
        a live decoded resource until another resource paints with a reasonably
        (1 second) larger time stamp. 
        
        If no other resource paints, or another resource paints, but very soon 
        after the resource in question, the resource in question is very likely 
        to paint again soon. In fact, it's probably still on screen. So we 
        leave it alone. (Previously, we evicted it on a timer, but that would 
        evict a resource that was still on screen, hurting speed without 
        helping memory use.)

        In theory, this algorithm allows a single large resource or closely 
        related set of resources to linger in the live decoded cache even 
        though the cache is over its limit. However, that can only happen as 
        long as no other resource ever paints again, which guarantees an 
        absolute cap on cache memory usage from then on. Also, the resources 
        will only linger as long as they remain live. Upon going dead, they 
        will flush. Also, these circumstances are so rare that they are almost 
        impossible to encounter in the wild. So don't sweat it.
        
        Stop evicting if the next resource painted too recently:
        
        * loader/Cache.cpp:
        (WebCore::Cache::pruneLiveResources):
        * loader/CachedResource.cpp:
        (WebCore::CachedResource::CachedResource):
        (WebCore::CachedResource::liveResourceAccessed):
        * loader/CachedResource.h:

        Track the paint time stamp in Frame. We do this to give a consistent
        stamp to all resources painted in a single paint operation (in case the
        operation takes a significant amount of time), and to avoid excessive 
        calls to system time functions, which hurt the PLT:

        * page/Frame.cpp:
        (WebCore::Frame::paint):
        * page/Frame.h:
        (WebCore::Frame::currentPaintTimeStamp):

2007-08-08  Sam Weinig  <sam@webkit.org>

        Reviewed by Adam Roben.

        Update project file to reflect the moving of character-sets.txt
        and make-charset-table.pl to platform/mac a while ago.

        * WebCore.xcodeproj/project.pbxproj:

2007-08-08  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Harrison.

        <rdar://problem/5390681> WebKit asserts when deleting To Do content selected with a double-click
        
        * dom/Position.cpp:
        (WebCore::Position::trailingWhitespacePosition): Use VisiblePosition::characterAfter
        to look for a trailing space.  The old code would incorrectly return a position before
        a non-editable space if it had a collapsed space before it.

2007-08-08  Sam Weinig  <sam@webkit.org>

        Reviewed by Brady.

        Make protocol and host compares case-insensitive.

        * bindings/js/kjs_window.cpp:
        (KJS::Window::isSafeScript):
        * dom/Document.cpp:
        (WebCore::Document::initSecurityPolicyURL):
        * platform/DeprecatedString.cpp:
        (WebCore::equalIgnoringCase):
        * platform/DeprecatedString.h:
        (WebCore::equalIgnoringCase):

2007-08-08  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Harrison.

        <rdar://problem/5390681> WebKit asserts when deleting To Do content selected with a double-click

        * dom/Position.cpp:
        (WebCore::Position::leadingWhitespacePosition): Added checks to prevent expansion across editable an boundary.
        (WebCore::Position::trailingWhitespacePosition): Ditto.

2007-08-08  Adele Peterson  <adele@apple.com>

        Reviewed by John.

        Fix for <rdar://problem/5393798> 100% reproducible crash in WebCore::Scrollbar::setValue

        * page/EventHandler.cpp: (WebCore::EventHandler::handleMousePressEvent):
          If the hit testing originally determined the event was in a scrollbar, 
          refetch the MouseEventWithHitTestResults in case the scrollbar widget was destroyed when the mouse event was handled.

2007-08-08  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoff Garen.

        Fix for <rdar://problem/5354635>

        Match Firefox's model for data: URLs by not allowing them script access
        to any frames other then itself.

        * bindings/js/kjs_window.cpp:
        (KJS::Window::isSafeScript):
        * dom/Document.cpp:
        (WebCore::Document::initSecurityPolicyURL):

2007-08-08  Darin Adler  <darin@apple.com>

        Reviewed by Kevin Decker.

        - fix for <rdar://problem/5390708> CrashTracer: [USER] 27 crashes in Safari at
          com.apple.WebCore: WTF::HashMap<etc>::set + 68, beneath pruneUnretainedIconsAtStartup

        * loader/icon/IconDatabase.cpp: (WebCore::IconDatabase::pruneUnretainedIconsOnStartup):
        Eliminate an unnecessary HashMap from the implementation; we can just use the
        m_pageURLToRetainCount map directly. This simplifies the code and allows us to handle
        the empty string, which otherwise poses a problem for HashMap.

2007-08-08  Antti Koivisto  <antti@apple.com>

        Reviewed by Darin.
        
        Fix for <rdar://problem/5391576>
        Malformed table innerHTML causes Safari to crash in HTMLParser::handleError (14894)
        
        Add null checks to protect against 
        
        e.innerHTML = "<tr>text</tr>";
        
        type cases. Normal assumptions about document tree structure don't hold when parsing 
        fragments. Results don't match Firefox in all cases. It seems to have some sort of 
        anything-goes fragment parsing mode.
        
        * html/HTMLParser.cpp:
        (WebCore::HTMLParser::handleError):

2007-08-07  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Maciej and Hyatt.

        - <rdar://problem/4976879> REGRESSION: Safari doesn't work with Zimbra enhanced login.
        - Reverting a previous change, and modifying how documents are created so that we better match other browsers behavior with respect to namespaceURIs.

        * WebCore.xcodeproj/project.pbxproj:
        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::createDocument):
        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::createElement):
        * dom/Document.h:
        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::createElement):
        * html/HTMLDocument.h:

2007-08-08  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed and landed by Brady

        Fixes <http://bugs.webkit.org/show_bug.cgi?id=13422>

        Bug 13422: REGRESSION: Page reload loses page position

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::updateHistoryForReload):

2007-08-08  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Niko.

        Be paranoid and disconnect from the signal before going away.

        * platform/gdk/PlatformScrollBarGdk.cpp:
        (PlatformScrollbar::~PlatformScrollbar):

2007-08-08  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Niko.

        Use GraphicsContext::translatePoint in RenderThemeGdk to paint at the
        right position.
        This is needed as the Gtk+ theming code does not know about the translation
        of the GraphicsContext.

        * platform/gdk/RenderThemeGdk.cpp:
        (WebCore::RenderThemeGdk::paintCheckbox):
        (WebCore::RenderThemeGdk::paintRadio):
        (WebCore::RenderThemeGdk::paintButton):

2007-08-08  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Niko.

        Implement Widget::paint for the Gtk port. This is needed to paint
        Widgets in z-order. The original GdkEventExpose is stored within the
        GraphicsContext and then used to draw the children. This is similiar
        to gtk_container_propagate_expose but we try to honor the GraphicsConntext
        translation.

        * platform/gdk/WidgetGdk.cpp:
        (WebCore::Widget::paint):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContextPlatformPrivate::GraphicsContextPlatformPrivate):
        (WebCore::GraphicsContext::setGdkExposeEvent):
        (WebCore::GraphicsContext::gdkExposeEvent):
        (WebCore::GraphicsContext::gdkDrawable):
        (WebCore::GraphicsContext::translatePoint):

2007-08-08  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Oliver Hunt.

        Implement PlatformScrollbar by calling ScrollBar::setValue from 
        gtkValueChange connected to the value-changed signal of the
        GtkAdjustment.
        Update 'value' of the GtkAdjustment in updateThumbPosition and
        set upper, page-increment, step-increment and page_size in
        updateThumbProportion.

        This is from bug http://bugs.webkit.org/show_bug.cgi?id=14795.

        * platform/gdk/PlatformScrollBar.h:
        * platform/gdk/PlatformScrollBarGdk.cpp:
        (PlatformScrollbar::PlatformScrollbar):
        (PlatformScrollbar::updateThumbPosition):
        (PlatformScrollbar::updateThumbProportion):
        (PlatformScrollbar::gtkValueChanged):

2007-08-07  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak. Based on earlier review from Dave Hyatt.

        First chunk of work for <rdar://problem/5326009> Make non-browser 
        WebKit clients have no memory cache, or a very tiny one
        
        Layout tests pass.
        
        Removed decodedSizeWillChange mechanism because my last patch to
        change the live resources list to a strict LRU model made that code
        vestigial.
        
        Renamed "liveResourcesList" and related stuff => 
        "liveDecodedResourcesList" because only live resources with decoded 
        data are kept in the list.

        * loader/CachedImage.cpp:
        (WebCore::CachedImage::decodedSizeChanged): Only add ourselves to the
        list if we're live, our decoded size has grown, and we're not in the 
        list already. (Otherwise, either we're not live, we're not decoded,
        or we're already in the list.)

        * loader/CachedResource.cpp:
        (WebCore::CachedResource::liveResourceAccessed): Only re-insert
        ourselves into the list if we're already there. (In theory, this should
        be always, but it's a little more clear to check.)

2007-08-08  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Adam.

        Kill class FrameGdk and move the stubs to page/gdk/FrameGdk.cpp and the
        remainings into WebKitGtkFrame.
        The DRT functionality of class FrameGdk is currently lost.

        * WebCore.pro:
        * loader/gdk/FrameLoaderClientGdk.cpp:
        * loader/gdk/FrameLoaderClientGdk.h:
        * page/gdk/FrameGdk.cpp: Renamed from WebCore/platform/gdk/FrameGdk.cpp.
        (WebCore::Frame::issueTransposeCommand):
        (WebCore::Frame::cleanupPlatformScriptObjects):
        (WebCore::Frame::dragImageForSelection):
        (WebCore::Frame::dashboardRegionsChanged):
        * platform/gdk/FrameGdk.h: Removed.
        * platform/gdk/TemporaryLinkStubs.cpp: Removed Frame stub, added the loadResourceIntoArray stub
        * platform/gdk/WidgetGdk.cpp:

2007-08-08  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Adam.

        Remove the event handling code and move it to WebKit/gtk/Api/webkitgtkpage.cpp

        * platform/gdk/FrameGdk.cpp:
        * platform/gdk/FrameGdk.h:

2007-08-07  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Niko.

        Switch from the generic union GdkEvent to the specific struct GdkEvent*. This is needed
        to make WebKitGtkPage handle the events by reimplementing the default handlers in the near
        future.

        * platform/PlatformKeyboardEvent.h:
        * platform/PlatformMouseEvent.h:
        * platform/PlatformWheelEvent.h:
        * platform/gdk/FrameGdk.cpp:
        (WebCore::FrameGdk::handleGdkEvent):
        * platform/gdk/KeyEventGdk.cpp:
        (WebCore::PlatformKeyboardEvent::PlatformKeyboardEvent):
        * platform/gdk/MouseEventGdk.cpp:
        (WebCore::PlatformMouseEvent::PlatformMouseEvent):
        * platform/gdk/WheelEventGdk.cpp:
        (WebCore::PlatformWheelEvent::PlatformWheelEvent):

2007-08-07  George Staikos  <staikos@kde.org>

        Some QStyles don't handle negative maximum well (crash)

        * platform/qt/PlatformScrollBarQt.cpp:
        (WebCore::PlatformScrollbar::paint):

2007-08-07  Antti Koivisto  <antti@apple.com>

        Reviewed by Hyatt.

        Fix <rdar://problem/5102553>
        Mail spins trying to display or edit a specific long plain text message in WebCore::TimerBase::...

        Calling removeLeftoverAnonymousBoxes() from RenderBlock::addChildToFlow() made adding children
        O(n^2) in simple cases (repeated <div><div></div></div> for example).
        
        I couldn't find any limited fix so here is a more complete one. It removes iterating/recursing 
        removeLeftoverAnonymousBoxes() method altogether. Instead of hunting around wildly, just get 
        rid of anonymous boxes with block children when they occur.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::addChildToFlow):
        * rendering/RenderButton.h:
        (WebCore::RenderButton::removeLeftoverAnonymousBlock):
        * rendering/RenderContainer.cpp:
        (WebCore::RenderContainer::removeLeftoverAnonymousBlock):
        * rendering/RenderContainer.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::handleDynamicFloatPositionChange):
        (WebCore::RenderObject::removeLeftoverAnonymousBlock):
        * rendering/RenderObject.h:
        * rendering/RenderTextControl.h:
        (WebCore::RenderTextControl::removeLeftoverAnonymousBlock):

2007-08-06  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej.

        Fix for <rdar://problem/5354689>

        - Use document variable to determine permissions instead
          of traversing the frame tree. 

        * bindings/js/kjs_window.cpp:
        (KJS::Window::isSafeScript):
        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::initSecurityPolicyURL):
        * dom/Document.h:
        (WebCore::Document::securityPolicyURL):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::setOpener): We must re-initialize the
        safeScript URL when setting the opener because the opener was
        not known at Document construction.

2007-08-06  David Hyatt  <hyatt@apple.com>

        Make sure to clear out the parent of the ellipsis box so that it doesn't
        trigger the consistency check for line boxes.

        Reviewed by darin

        * ChangeLog:
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::detachEllipsisBox):

2007-08-06  David Hyatt  <hyatt@apple.com>

        Back out fix for <rdar://problem/5366582> and replace it with the correct
        fix.  Make sure to delete the line box tree before splitting an inline flow
        into a continuation.  The added layout test for the original checkin covers
        the problem.

        Reviewed by beth

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::makeChildrenNonInline):
        Back out fix.

        * rendering/RenderFlow.cpp:
        (WebCore::RenderFlow::destroy):
        Back out fix.

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::splitFlow):
        Here's the new fix.

2007-08-06  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.
        
        Touching a file to force a re-build.

2007-08-06  Darin Adler  <darin@apple.com>

        - fix release build

        * rendering/RenderText.h: (WebCore::RenderText::checkConsistency):
        Add missing const.

2007-08-06  Darin Adler  <darin@apple.com>

        Reviewed by Maciej.

        - fix <rdar://problem/5366582> crash on it.eurosport.yahoo.com page

        Test: fast/dynamic/inline-to-block-crash.html

        I added some consistency checks for the line box tree, which helped me figure out
        what was going on with this bug pretty quickly.

        * rendering/RenderBlock.cpp: (WebCore::RenderBlock::makeChildrenNonInline):
        This is the actual fix. If the block needs layout, then don't try to delete the line
        box tree because it's going to be rebuilt as part of layout. More importantly, the
        child list in the tree is no good, so we will crash if we try to delete here.

        * rendering/RenderFlow.cpp: (WebCore::RenderFlow::destroy):
        Here's a second fix. We have the same issue in the code that handles anonymous
        blocks -- if it's already running as part of layout, we can't walk through the
        already partly destroyed line box tree. This crashed in one of the layout tests.

        * rendering/InlineBox.h: Made more fields private, since I wanted to do a bit more
        work in setters. Made setNextOnLine() and setPrevOnLine() assert that the box has a
        parent. Made parent() assert that the parent is good. Also removed the unused
        isChildOfParent() function.
        * rendering/InlineBox.cpp: (WebCore::InlineBox::~InlineBox): At destruction time, if
        we are still attached to a parent, tag that parent as having a "bad" child list.

        * rendering/InlineFlowBox.h: Added m_reasonForBadChildList, checkConsistency(),
        setHasBadChildList(), and hasBadChildList(). Also changed firstChild() and lastChild() so
        they call checkConsistency() and made all the fields private instead of protected.
        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::addToLine): Added consistency checks before and after adding a
        box to the line. Also checked that next and prev start out as 0. Changed manipulation of
        next and prev to use accessor functions.
        (WebCore::InlineFlowBox::removeChild): Added consistency checks before and after removing
        the box from the line.
        (WebCore::InlineFlowBox::deleteLine): Use firstChild() instead of getting at m_firstChild
        directly so we get a consistency check. Also set the parent to 0 before destroying so that
        the assertion in ~InlineBox will work properly.
        (WebCore::InlineFlowBox::extractLine): Ditto.
        (WebCore::InlineFlowBox::attachLine): Ditto.
        (WebCore::InlineFlowBox::adjustPosition): Ditto.
        (WebCore::InlineFlowBox::checkConsistency): Added. Checks consistency of the child list by
        looking at the parent, next, and prev pointers. Also asserts that we are not yet in the
        "bad" child list state, which happens if one of our children is destroyed without removing
        it from our list; that's normal, but once it happens we can't look at our child list again.

        * rendering/InlineTextBox.h:
        * rendering/InlineTextBox.cpp: Remove unnneeded destroy/new/delete functions -- these are
        inherited from the InlineBox base class and don't need to be defined again.

        * rendering/RenderFlow.h:
        * rendering/RenderFlow.cpp:
        (WebCore::RenderFlow::~RenderFlow): Assert that there are no children to confirm that we
        didn't leak something.
        (WebCore::RenderFlow::extractLineBox): Added consistency checks before and after removing
        a run of boxes from the list.
        (WebCore::RenderFlow::attachLineBox): Added consistency checks before and after adding
        a box to the list.
        (WebCore::RenderFlow::removeLineBox): Added consistency checks before and after removing
        a box from the list.
        (WebCore::RenderFlow::createInlineBox): Added consistency checks before and after adding
        a box to the list.
        (WebCore::RenderFlow::checkConsistency): Added.

        * rendering/RenderText.h:
        * rendering/RenderText.cpp:
        (WebCore::RenderText::~RenderText): Assert that there are no children to confirm that we
        didn't leak something.
        (WebCore::RenderText::extractTextBox): Added consistency checks before and after removing
        a run of boxes from the list.
        (WebCore::RenderText::attachTextBox): Added consistency checks before and after adding
        a box to the list.
        (WebCore::RenderText::removeTextBox): Added consistency checks before and after removing
        a box from the list.
        (WebCore::RenderText::deleteTextBoxes): Added code to call setHasBadChildList since this
        destroys line boxes without informing the parent.
        (WebCore::RenderText::checkConsistency): Added.

2007-08-06  Adele Peterson  <adele@apple.com>

        Reviewed by Darin.

        Fix for <rdar://problem/5382483> REGRESSION: <select> element's text is clipped when a CSS line-height is specified

        Don't honor line-height for styled popup buttons.  We already don't honor line-height for unstyled popups
        and since IE and FF don't honor it at all for popups, we shouldn't either.

        * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::adjustMenuListButtonStyle):
        * rendering/RenderThemeSafari.cpp: (WebCore::RenderThemeSafari::adjustMenuListButtonStyle):

2007-08-06  Antti  <antti@apple.com>

        Reviewed by Darin.

        Fix <rdar://problem/5378214>
        Mail crashes at RenderLayer::paintLayer() when dragging a selection over To Do text
        
        ObjC interface does not guarantee that Document::updateRendering() gets called after
        modification are made to document. This can lead to situation where paint()
        is invoked with document still dirty which can then crash in number of interesting ways.
        
        - add hasChangedChild() as needsLayout() condition. layout() will then call recalcStyle() 
          catching most cases and making sure document is not dirty when entering painting.
        - protect recalcStyle() and layout() from being executed during painting. There are some
          cases needsLayout() protection does not cover.
        
        No layout test, these states are very hard or impossible to reach using Javascript interface
        (which generally guarantees that updateRendering() is done right after execution).

        * dom/Document.cpp:
        (WebCore::Document::recalcStyle):
        * page/Frame.cpp:
        (WebCore::Frame::paint):
        (WebCore::Frame::setPaintRestriction):
        (WebCore::Frame::isPainting):
        (WebCore::FramePrivate::FramePrivate):
        * page/Frame.h:
        * page/FramePrivate.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::layout):
        (WebCore::FrameView::needsLayout):

2007-08-05  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin Adler.
        
        <rdar://problem/5369110> CrashTracer: [USER] reproducible crash opening particular mail messages

        * platform/network/mac/ResourceHandleMac.mm:
        (-[WebCoreResourceHandleAsDelegate connection:willSendRequest:redirectResponse:]): Make sure to retain
        self for the body of this method. Otherwise, the willSendRequest could trigger events which will
        cancel the connection, and we access ivars after this point.
        (-[WebCoreSynchronousLoader connection:willSendRequest:redirectResponse:]): retain and release
        in the right order.

2007-08-04  Adam Roben  <aroben@apple.com>

        Another workaround for <rdar://problem/5386894>

        Reviewed by Sam.

        This fixed ~150 failing tests.

        * platform/network/cf/ResourceResponseCFNet.cpp:
        (WebCore::ResourceResponse::doUpdateResourceResponse): Hardcode the
        MIME type for .svg files as well.

2007-08-04  Adam Roben  <aroben@apple.com>

        Workaround for <rdar://problem/5386894> CFURLResponseGetMIMEType returns "text/html" for local .xhtml and .xml files

        Reviewed by Sam.

        This fixes ~350 failing tests.

        * platform/network/cf/ResourceResponseCFNet.cpp:
        (WebCore::ResourceResponse::doUpdateResourceResponse): Use a workaround
        identical to the one in ResourceResponseMac.mm, but include .xml files
        as well.

2007-08-04  David Kilzer  <ddkilzer@webkit.org>

        Reviewed by Oliver.

        - fix for http://bugs.webkit.org/show_bug.cgi?id=14882
          <rdar://problem/5386550> REGRESSION (r24866): text/plain documents are always downloaded

        The supportedNonImageMimeTypes list is used to determine which MIME types may be viewed
        within the web browser (e.g., plug-ins add their own MIME types to the list during
        initialization), so we must add "text/plain" and "text/" back to the list.  Since
        this change would then break DOMImplementation::isTextMIMEType(), that method was reverted
        to its original form and MIMETypeRegistry::shouldTreatAsText() was removed.

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::isTextMIMEType): Revert to previous version.
        * platform/MIMETypeRegistry.cpp:
        (WebCore::initialiseSupportedNonImageMimeTypes): Added back "text/plain" and "text/" to the list.
        (WebCore::MIMETypeRegistry::shouldTreatAsText): Removed.
        * platform/MIMETypeRegistry.h:

2007-08-03  Brady Eidson  <beidson@apple.com>

        Reviewed by Oliver

        Fix for http://bugs.webkit.org/show_bug.cgi?id=14824 and <rdar://problem/5372989>

        Two issues - 
        1 - The WebCore MIMEType registry was designed assuming the list of types would never change
            That is false, as WebKit has API and SPI calls which directly mutate the MIMETypeRegistry
        2 - DOMImplementation didn't consult the registry for any MIMEType that started with "text/", 
            instead maintaining it's own hard coded rules

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::isTextMIMEType): For now, call through to the MIMETypeRegistry
          until we decided a different fate for this function

        * platform/MIMETypeRegistry.cpp:
        (WebCore::initialiseSupportedNonImageMimeTypes):  "SupportedNonImageMIMETypes" is really a misnomer for 
          "MIMETypes we should show as HTML" but that line has slowly been blurred since Tiger.  In an attempt
          to start to unblur it, remove "text/" and "text/plain"
        (WebCore::MIMETypeRegistry::shouldTreatAsText):  The decision is very close to the old DOMImplementation 
          method, except we don't automatically hand off "text/" types as true if they are in the set of supported
          MIMETypes
        (WebCore::MIMETypeRegistry::getSupportedImageMIMETypes): Non-const (can be changed!)
        (WebCore::MIMETypeRegistry::getSupportedImageResourceMIMETypes): Non-const (can be changed!)
        (WebCore::MIMETypeRegistry::getSupportedNonImageMIMETypes): Non-const (can be changed!)
        * platform/MIMETypeRegistry.h:

2007-08-03  Adele Peterson  <adele@apple.com>

        Reviewed by Adam.

        Fix for <rdar://problem/5345862> CrashTracer: [USER] 4 crashes in Safari at com.apple.WebCore: WebCore::Frame::isContentEditable const + 10

        Couldn't reproduce the problem, but a nil check for the frame should fix this.

        * css/CSSStyleSelector.cpp: (WebCore::CSSStyleSelector::adjustRenderStyle):

2007-08-03  Anders Carlsson  <andersca@apple.com>

        Reviewed by Oliver.

        <rdar://problem/5383286>
        XMLHTTPRequest does not return 401 when user cancels authentication dialog (affects .Mac)
        
        * loader/ResourceLoader.h:
        Make receivedCancellation virtual.
        
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::receivedCancellation):
        Call SubresourceLoaderClient::receivedCancellation.
        
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::receivedCancellation):
        Save the failure response.

2007-08-03  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        <rdar://problem/5374393> 
        Image change on disk not noticed by WebView; -[WebCache setDisabled:] used to cause a reload every time
        
        This is essentially a better fix for the crash in <rdar://problem/5362783>.
        
        * loader/DocLoader.cpp:
        (WebCore::DocLoader::requestResource):
        If the resource already exists in the m_docResources map, remove it and disassociate it from the doc loader.

2007-08-03  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        <rdar://problem/5375190> Mail crashed in WebCore::CachedImage::imageSize() const when viewing a particular message

        Fix the uncached load path to confirm that the type of resource being 
        returned actually matches the type that was requested.

        Also make sure we never create a resource in the Cache for invalid urls.

        * loader/Cache.cpp:
        (WebCore::Cache::requestResource):
        * loader/DocLoader.cpp:
        (WebCore::DocLoader::requestResource):

2007-08-03  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Adele.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14879
          REGRESSION: First item in select (pop-up menu) is displayed even if another item was selected via JavaScript

        Test: fast/forms/menulist-deselect-update.html

        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::setSelected): Reordered to allow setSelectedIndex() to call setChanged().

2007-08-03  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin.

        <rdar://problem/5286444>
        http://bugs.webkit.org/show_bug.cgi?id=14269
        REGRESSION: Gmail links stop working after computer sleep
        
        Add a PowerNotifier object that takes care of resetting and firing the shared timer when coming
        back from sleep.
        
        * platform/mac/SharedTimerMac.cpp:
        (-[PowerNotifier init]):
        (-[PowerNotifier didWake:]):
        (WebCore::setSharedTimerFireTime):

2007-08-04  Mark Rowe  <mrowe@apple.com>

        Windows build fix.

        * rendering/RenderTextControl.cpp: Don't use the same name for two arguments.

2007-08-03  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14653
          REGRESSION (r23994): No caret is drawn after clicking a search field's placeholder text
          <rdar://problem/5383841>

        Test: fast/forms/search-click-in-placeholder.html

        Defined a subclass of RenderBlock that never hit-tests children for use in
        text controls. This avoids returning placeholder text as the hit node.
        Since text controls cannot contain inline elements, there is no harm in
        doing that unconditionally, and not just in the case that the field is
        showing placeholder text.

        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControlInnerBlock::RenderTextControlInnerBlock):
        (WebCore::RenderTextControlInnerBlock::~RenderTextControlInnerBlock):
        (WebCore::RenderTextControlInnerBlock::nodeAtPoint):
        (WebCore::RenderTextControl::createSubtreeIfNeeded):

2007-08-02  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff

        Fix for <rdar://problem/5369332> Xcode crashes while selecting a hyperlink within a AppleScript dictionary (WebCore::Font::drawGlyphBuffer)

        There were many places where we were not correctly retaining/releasing the
        NSFont object stored in the C++ PlatformFontData object, this resulted in
        the GC incorrectly collecting the NSFont.

        This patch fixes the problem by prevent direct modification of the PlatformFontData
        font pointer, allowing us to enforce correct CFRetain/Release behaviour.

        * platform/FontData.h:
        (WebCore::FontData::getNSFont):
        * platform/mac/FontCacheMac.mm:
        (WebCore::FontCache::getFontDataForCharacters):
        (WebCore::FontCache::createFontPlatformData):
        * platform/mac/FontDataMac.mm:
        (WebCore::initFontData):
        (WebCore::FontData::platformInit):
        (WebCore::FontData::platformDestroy):
        (WebCore::FontData::smallCapsFontData):
        (WebCore::FontData::containsCharacters):
        (WebCore::FontData::determinePitch):
        (WebCore::FontData::platformWidthForGlyph):
        (WebCore::FontData::checkShapesArabic):
        * platform/mac/FontMac.mm:
        (WebCore::initializeATSUStyle):
        (WebCore::overrideLayoutOperation):
        (WebCore::Font::drawGlyphs):
        * platform/mac/FontPlatformData.h:
        (WebCore::FontPlatformData::FontPlatformData):
        (WebCore::FontPlatformData::~FontPlatformData):
        (WebCore::FontPlatformData::hash):
        (WebCore::FontPlatformData::operator==):
        (WebCore::FontPlatformData::font):
        (WebCore::FontPlatformData::setFont):

2007-08-03  Antti Koivisto  <antti@apple.com>

        Oops, this change wasn't supposed to be commited.

        * page/mac/WebCoreFrameBridge.mm:
        (-[WebCoreFrameBridge setBaseBackgroundColor:]):

2007-08-02  Antti Koivisto  <antti@apple.com>

        Reviewed by Darin.

        <rdar://problem/5355951>
        plainText() fragments TCMalloc heap badly on large pages
        
        also likely fixes some cases of
        <rdar://problem/5335382>
        CrashTracer: [REGRESSION] 73 crashes in Safari at com.apple.WebCore: WebCore::DeprecatedStringData::increaseUnicodeSize + 52
        
        If you load http://dscoder.com/test.txt with WebKit build with TCMalloc and system malloc you see that
        Safari RPRVT with TCMalloc is 118.8MB
        Safari RPRVT with system malloc is 69.7MB
        
        Difference is almost entirely caused by heap fragmentation from a full document plainText() call (for indexing purposes).
        
        The patch helps in two ways:
        - construct plainText string in pieces to avoid O(n^2) reallocs
        - allocate buffers using system malloc so they can be returned back to OS and don't fragment and grow TCMalloc heap
    
        This shrinks http://dscoder.com/test.txt RPRVT to 79.0MB and makes full document plainText() take 50ms instead of 500ms.
        The benefits are not limited to extreme cases, web pages above ~200kB can show substantial improvement in RPRVT.

        * editing/TextIterator.cpp:
        (WebCore::plainTextToMallocAllocatedBuffer):
        (WebCore::plainText):
        * editing/TextIterator.h:
        * page/mac/WebCoreFrameBridge.mm:
        (-[WebCoreFrameBridge selectedString]):
        (-[WebCoreFrameBridge stringForRange:]):

2007-08-02  David Hyatt  <hyatt@apple.com>

        Fix for 5374437, allow comment nodes to be the child of a document.
        Refine the check to always make a root element to check documentElement()
        rather than firstChild(), since a comment node could be present as the
        firstChild() now.

        Reviewed by Tim Hatcher

        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::childAllowed):
        * html/HTMLParser.cpp:
        (WebCore::HTMLParser::finished):

2007-08-02  Antti Koivisto  <antti@apple.com>

        Reviewed by Darin.
        
        <rdar://problem/5228138>
        REGRESSION(Leopard): test failures: tests that test Georgian numbering

        Fix to Georgian number tables to get CSS2.1 test results right. Font has relevant characters now 
        which revealed that results were actually wrong. 

        * rendering/RenderListMarker.cpp:
        (WebCore::toGeorgian):

2007-08-02  Ada Chan  <adachan@apple.com>

        Reviewed by Steve.

        <rdar://problem/5079175> Added parameters headerHeight and footerHeight to 
        computePageRectsForFrame() so we can account for the header and footer when
        calculating page heights for this frame.

        * bridge/win/FrameWin.cpp:
        (WebCore::computePageRectsForFrame):
        * bridge/win/FrameWin.h:

2007-08-02  Alice Liu  <alice.liu@apple.com>

        Reviewed by Kevin McCullough.

        fixed <rdar://problem/5310312> REGRESSION: javascript is mis-escaped at http://labs.zarate.org/passwd causing bookmarklet to break
        
        * WebCore.exp:
        expose some calls for WebKit to call. 
        * manual-tests/JavaScript-bookmarklets.html: Added.

2007-08-01  Adam Treat  <treat@kde.org>

        Reviewed by George Staikos.

        Add an interface to manage global history for clients

        * WebCore.pro:
        * platform/qt/TemporaryLinkStubs.cpp:

2007-08-01  Adam Treat  <treat@kde.org>

        Reviewed by George Staikos.

        Do not call update or paint from inside a paint event.

        * platform/qt/ScrollViewQt.cpp:
        (WebCore::ScrollView::updateContents):
        * platform/qt/WidgetQt.cpp:
        (WebCore::Widget::invalidateRect):

2007-08-01  Timothy Hatcher  <timothy@apple.com>

        Reviewed by Justin.

        <rdar://problem/5376156> Mail crash in DeleteButtonController::hide() when dropping selected image on DIV's border

        Add the container element back so the selection can not touch the deletion UI nodes. The container
        has style to prevent user selection, user drag and user modification.

        * editing/DeleteButtonController.cpp:
        (WebCore::DeleteButtonController::show): Make the container node, and append the button and outline elements.
        (WebCore::DeleteButtonController::hide): Remove the container elements and null out the other nodes.
        * editing/DeleteButtonController.h:

2007-08-01  Steve Falkenburg  <sfalken@apple.com>

        Build mod: Fix sln to match configs in vcproj.
        
        Reviewed by Adam.

        * WebCore.vcproj/WebCore.make:

2007-07-31  David Harrison  <harrison@apple.com>

        Reviewed by Justin.

        <rdar://problem/5362659> CrashTracer: [USER] 11 crashes in Mail at WebCore::InsertLineBreakCommand::doApply()

        The problem was that deleting with the X control leaves the selection inside the fragment that was deleted.

        * editing/DeleteButtonController.cpp:
        (WebCore::DeleteButtonController::deleteTarget):
        Because the deletion UI only appears when the selection is entirely
        within the target, we unconditionally update the selection to be
        a caret where the target had been.

2007-07-31  Adele Peterson  <adele@apple.com>

        Reviewed by Hyatt.

         Fix for <rdar://problem/5339395> REGRESSION:http://sudokucraving.com does not render grid correctly

        * rendering/RenderTextControl.h: (WebCore::RenderTextControl::hasControlClip): Clip for search fields.
        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::controlClipRect): Added a control clip so the search field's cancel button and magnifier glass
         never draw outside the control's bounds.
        (WebCore::RenderTextControl::calcPrefWidths): Only include the inner box's padding when calculating the min/max width without using calcContentBoxWidth.
         Our old behavior was causing that inner padding to get counted twice.  Also, no need to add in the border
         for an inner box that can't be controlled from outside this class.
        * rendering/RenderMenuList.cpp: (WebCore::RenderMenuList::calcPrefWidths): ditto.

2007-07-31  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        Speculative fix for <rdar://problem/5359695> 
        REGRESSION (Tiger Beta): Multiple crashes in WebCore::Widget::getView() const + 6
                
        * page/EventHandler.cpp:
        (WebCore::EventHandler::updateDragAndDrop):
        Null check the frame view.

2007-07-31  Timothy Hatcher  <timothy@apple.com>

        Reviewed by Oliver and Beth.

        <rdar://problem/5211271> ADOBE Leopard 9A410: At the first Launching InDesign after deactivate, EULA page gets blanked.

        Rename needsAcrobatFrameReloadingQuirk to needsAdobeFrameReloadingQuirk, since this now applies to more Adobe applications.

        * WebCore.exp:
        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        (WebCore::Settings::setNeedsAdobeFrameReloadingQuirk):
        * page/Settings.h:
        (WebCore::Settings::needsAcrobatFrameReloadingQuirk):

2007-07-31  Matt Perry  <mpComplete@gmail.com>

        Reviewed by Brady and Darin, tweaked by Brady, landed by Brady

        Fix for http://bugs.webkit.org/show_bug.cgi?id=14757 and <rdar://problem/5364692>
        HTMLTokenizer::processingData implementation is incorrect

        * html/HTMLTokenizer.cpp:
        (WebCore::HTMLTokenizer::processingData): Made it also return true if the HTMLTokenizer was inside the write() call.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::FrameLoader):
        (WebCore::FrameLoader::checkLoadCompleteTimerFired):
        (WebCore::FrameLoader::scheduleCheckLoadComplete):
        (WebCore::FrameLoader::stopForUserCancel): Changed a call to checkLoadComplete to be asynchronous, since
        stopForUserCancel can be called while parsing.
        * loader/FrameLoader.h:

2007-07-31  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        <rdar://problem/5371582>
        REGRESSION: PLT .5% slower due to r24451 (copying HTMLCollection objects)
        
        Make the hash maps store CollectionInfo pointers to reduce amount of copying when
        inserting/rehashing etc.
        
        * dom/Document.cpp:
        (WebCore::Document::~Document):
        (WebCore::Document::nameCollectionInfo):
        * dom/Document.h:

2007-07-31  Sam Weinig  <sam@webkit.org>

        Reviewed by Mitz.

        Fix for http://bugs.webkit.org/show_bug.cgi?id=14825
        Non-integer hsl() colours are ignored

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseHSLParameters): Parse hue as a Number,
        not an Integer. 

2007-07-30  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Darin.

        <rdar://problem/5369009> Crash due to infinite recursion in moveParagraphs on delete
        
        After the delete, we moved content into the previous block, and a style
        rule turned a style span in the moved content into a block, throwing
        moveParagraphs into infinite recursion, as it continually tried and failed
        to get the style span into the same paragraph as the content just before it.
        
        Added a method to ReplaceSelectionCommand to keep inserted style spans 
        from turning into blocks because of style rules.  Will add code to prevent
        other kinds of content from changing appearance because of style rules,
        post-Leopard (5371536). Also added a bool to ReplaceSelectionCommand's 
        constructor to guard against infinite recursion.

        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::moveParagraphs):
        * editing/JSEditor.cpp:
        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplaceSelectionCommand::ReplaceSelectionCommand):
        (WebCore::ReplaceSelectionCommand::negateStyleRulesThatEffectAppearance):
        (WebCore::ReplaceSelectionCommand::doApply):
        * editing/ReplaceSelectionCommand.h:

2007-07-30  Anders Carlsson  <andersca@apple.com>

        Reviewed by Brady.

        <rdar://problem/5371515>
        BitmapImage::getTIFFRepresentation() bug results in favicons not working at many sites

        Don't bail out if a single frame is invalid.
        
        * platform/graphics/mac/ImageMac.mm:
        (WebCore::BitmapImage::getTIFFRepresentation):

2007-07-30  Adele Peterson  <adele@apple.com>

        Reviewed by Darin.

        Fix for <rdar://problem/5274937> Safari 3 breaks Missing Sync's WebKit code by crashing

        * loader/MainResourceLoader.cpp: (WebCore::MainResourceLoader::continueAfterContentPolicy): Nil check for the FrameLoader.

2007-07-30  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin.

        <rdar://problem/5370710> 
        REGRESSION: After switching from Bookmark view, the Find Banner won't appear while displaying a PDF file

        Add a hasHTMLView to FrameLoaderClient. This is only useful for clients who can show different views for different
        MIME types and URL schemes.
        
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::transitionToCommitted):
        Call delegate methods here if the current view is not a HTML view.
        
        * loader/FrameLoaderClient.h:
        (WebCore::FrameLoaderClient::hasHTMLView):

2007-07-30  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej.

        Fix for <rdar://problem/5363896>
        REGRESSION: Setting document.domain does not override port-based cross-frame security checks -- breaks SAP NetWeaver

        Updates the results for:
            http/tests/security/cross-frame-access-port-explicit-domain.html
            http/tests/security/cross-frame-access-protocol-explicit-domain.html

        * bindings/js/kjs_window.cpp:
        (KJS::createWindow): Use the new setDomainInternal method.
        (KJS::Window::isSafeScript): Don't set check the port or protocol 
        if both documents have explicitly set document.domain in the DOM
        and the those domains are equal.
        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::setDomain): Remove force parameter and change 
        all calls that relied on it use the new setDomainInternal method
        which does the same thing.
        (WebCore::Document::setDomainInternal): 
        * dom/Document.h: Add new m_domainWasSetInDOM variable and accessor.
        (WebCore::Document::domainWasSetInDOM):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::checkCallImplicitClose): Use the new setDomainInternal method. 

2007-07-30  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Tristan.
        
        <rdar://problem/5098931> Attachments are lost when they are moved into a ToDo after a delete
        
        Added an editor client method for asking whether or not it is
        OK to merge content after a delete.

        * bridge/EditorClient.h:
        * editing/DeleteSelectionCommand.cpp:
        (WebCore::DeleteSelectionCommand::mergeParagraphs): Ask if the 
        merge is allowed.
        * platform/gdk/EditorClientGdk.cpp: 
        (WebCore::EditorClientGdk::shouldMoveRangeAfterDelete): Added a method stub.
        * platform/gdk/EditorClientGdk.h:
        * platform/graphics/svg/SVGImageEmptyClients.h: 
        (WebCore::SVGEmptyEditorClient::shouldMoveRangeAfterDelete): Ditto.

2007-07-30  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Anders.

        <rdar://problem/5352526>
        http://bugs.webkit.org/show_bug.cgi?id=14704
        REGRESSION: sync XMLHttpRequest.send() raises an exception for failed authentication

        Test: http/tests/xmlhttprequest/failed-auth.html

        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::loadResourceSynchronously): Make the fake response better match the real one
        in case of failed authentication. Unfortunately, NSURLConnection doesn't give us the real response.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::send): If the response has an HTTP code in it, then the error wasn't
        a network one, and an exception shouldn't be raised.

2007-07-30  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin.

        <rdar://problem/4942372> REGRESSION: Anchor links in Mail don't work anymore
        
        Make it possible for KURL to handle addig fragments to non-hierarchical URLs
        such as mailto: and cid:.
    
        * platform/KURL.cpp:
        (WebCore::KURL::init):
        If the base URL is not hierarchical but the relative URL is a fragment, then 
        allow parsing it.
        
        (WebCore::KURL::parse):
        If the URL is not hierarchical, set the fragment start and end positions correctly.

2007-07-30  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Lars.

        On Windows make sure the dll also ends up in $$OUTPUT_DIR/bin, so that QtLauncher can find it.

        * WebCore.pro:

2007-07-30  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Lars.

        Removed the __BUILDING_QT ifdef in JSStringRef.h and changed UChar for the Qt build to use wchar_t on Windows.

        * platform/TextEncoding.cpp:
        (WebCore::TextEncoding::encode):

2007-07-30  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Lars.

        Don't link against libxml/libxslt unless we really need it.

        * WebCore.pro:

2007-07-29  Tristan O'Tierney  <tristan@apple.com>

        Reviewed by Oliver Hunt.

        <rdar://problem/5369282> REGRESSION: DOMHTMLInput throwing exception due to missing _isEdited method

        * bindings/objc/DOMHTML.mm:
        (-[DOMHTMLInputElement _isEdited]):
        (-[DOMHTMLTextAreaElement _isEdited]):
        * bindings/objc/DOMPrivate.h:
        Renamed _isUserEdited to _isEdited.

2007-07-29  Adam Treat  <treat@kde.org>

        Reviewed by George Staikos.

        Correctly set the update rect for the scrollbars when they are invalidated.
        Do not paint entire page for each scroll delta.  Cache the dirty regions
        when webkit calls ScrollView::updateContents as webkit expects the paint
        routine to use the dirty regions bounding rect.

        These changes greatly reduce the cpu load as we are no longer painting the
        entire page for each 1px scroll :P

        * platform/qt/ScrollViewQt.cpp:
        (WebCore::ScrollView::ScrollViewPrivate::scrollBackingStore):
        (WebCore::ScrollView::updateContents):
        (WebCore::ScrollView::paint):
        * platform/qt/WidgetQt.cpp:
        (WebCore::Widget::invalidateRect):

2007-07-29  Adele Peterson  <adele@apple.com>

        Reviewed by John.

        WebCore part of fix for <rdar://problem/5102522> REGRESSION: Can't tab to webview that doesn't have editable content (affects Safari, preview pane in Mail)

        * WebCore.exp:
        * page/FocusController.cpp:
        (WebCore::FocusController::setInitialFocus): Added.
        (WebCore::FocusController::advanceFocus): Don't give the focus back to the chrome if this is the initial focus.
        * page/FocusController.h:

2007-07-29  Adam Treat  <treat@kde.org>

        Reviewed by Alexey Proskuryakov.

        WebCore::Widget::setParent should be virtual.
        It is reimplemented in ScrollViewQt for instance.

        * platform/Widget.h:

2007-07-29  Alp Toker  <alp.toker@collabora.co.uk>

        Reviewed by bdash.

        http://bugs.webkit.org/show_bug.cgi?id=14711 (revisited)
        RenderThemeGdk's buttons are state-agnostic (pressed, hovered)

        Generalize shadow state into a function.
        use a GtkHBox to work around a theme bug (thanks to Nigel Tao).

        * platform/gdk/RenderThemeGdk.cpp:
        (WebCore::RenderThemeGdk::determineShadow):
        (WebCore::RenderThemeGdk::paintCheckbox):
        (WebCore::RenderThemeGdk::paintRadio):
        (WebCore::RenderThemeGdk::paintButton):
        (WebCore::RenderThemeGdk::gtkWindowContainer):
        * platform/gdk/RenderThemeGdk.h:

2007-07-27  Adele Peterson  <adele@apple.com>

        Reviewed by Darin. 

        Temporary fix for Windows to prevent crashing on all frame pages.  Darin
        is working on a more permanent fix.

        * loader/FrameLoader.cpp:

2007-07-27  Adam Treat  <treat@kde.org>

        Reviewed by David Hyatt.

        Fix crash when using QtWebKit canvas support.

        * ChangeLog:
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::reset):

2007-07-27  Darin Adler  <darin@apple.com>

        * rendering/RenderLayer.cpp: Rolled out accidentally-checked-in code.

2007-07-27  Darin Adler  <darin@apple.com>

        Reviewed by John Sullivan.

        - fix <rdar://problem/5261393> In Mail the plain text alternatives to messages with attachments show weird little OBJ thingies

        The "weird little thingies" are U+FFFC characters. It's good to render them as zero-width, the way we do
        with control characters -- helps Mail and doesn't hurt web browsing.

        Test: fast/text/zero-width-characters.html

        * platform/CharacterNames.h: Add names for leftToRightMark, rightToLeftMark, and objectReplacementCharacter.
        * platform/GlyphPageTreeNode.cpp: (WebCore::GlyphPageTreeNode::initializePage): Give objectReplacementCharacter
        zero width in the same way we do it for the various other characters.

2007-07-27  Lars Knoll <lars@trolltech.com>

        Reviewed by Zack

        Enable XSLT support for the gtk port.

        * WebCore.pro:

2007-07-27  Zack Rusin  <zack@kde.org>

        Reviewed by Zack and Lars.

        Premature end after finishing parsing is a fatal error.

        * dom/XMLTokenizer.cpp:
        (WebCore::XMLTokenizer::end):

2007-07-27  Lars Knoll  <lars@trolltech.com>

        Reviewed by Zack and Lars.

        Simplify conversions that go from a QStringRef to a WebCore::String to not use a temporary QString.

        * dom/XMLTokenizer.cpp:
        (WebCore::):

2007-07-27  Zack Rusin  <zack@kde.org>

        Reviewed by Zack and Lars.

        Fix entity handling in the main document content (attributes still broken)

        * dom/XMLTokenizer.cpp:
        (WebCore::):

2007-07-27  Lars Knoll  <lars@trolltech.com>

        Reviewed by Zack and Lars.

        Correctly convert a null QString into a null WebCore::String. Add a String(const QStringRef&) constructor so that we can avoid converting QStringRef via QString to WebCore::String.

        * dom/XMLTokenizer.cpp:
        (WebCore::):
        * platform/PlatformString.h:
        * platform/qt/StringQt.cpp:
        (WebCore::String::String):

2007-07-27  Zack Rusin  <zack@kde.org>

        Reviewed by Zack and Lars.

        Parse version and encoding of the xml document.

        * dom/XMLTokenizer.cpp:
        (WebCore::XMLTokenizer::write):

2007-07-27  Zack Rusin  <zack@kde.org>

        Reviewed by Zack and Lars.

        Correctly or semi-correctly parse the public and system id.

        Patch from Lars.

        *&nbs