[WebKit-https.git] / WebCore / ChangeLog

2007-09-04  Antti Koivisto  <antti@apple.com>

        Reviewed by Maciej.
        
        Fix <rdar://problem/5452112>
        REGRESSION: Initially focused textfield on www.mac.com login page has no insertion point, and doesn't accept typed characters
        
        Use updateLayoutIgnorePendingStylesheets() instead of updateLayout(). We need to have rendering to set input focus.

        Test: fast/forms/focus-style-pending.html

        * dom/Element.cpp:
        (WebCore::Element::focus):

2007-09-04  Girish Ramakrishnan  <girish@trolltech.com>

        Reviewed by Simon.

        Fixed Qt build on Windows

        * html/HTMLFormElement.cpp:
        (WebCore::pathGetFilename):

2007-09-03  David Harrison  <harrison@apple.com>

        Reviewed by Kevin Decker.

        <rdar://problem/5456785> REGRESSION (r15963-r15970): Heading text not placed in VoiceOver Item Chooser (15132)

        * bridge/mac/WebCoreAXObject.mm:
        (-[WebCoreAXObject title]):
        For headings, return the text under the element instead of nil.

2007-08-20  Oleg Sukhodolsky <son.two@gmail.com>

        Reviewed by Mark.

        WebKitQt/WebCoreSupport should not be added to INCLUDEPATH for gdk-port

        * WebCore.pro:

2007-09-03  Mark Rowe  <mrowe@apple.com>

        Reviewed by Tim Hatcher.

        <rdar://problem/5452164> Production build with in symbols directory has no debug info

        Enable debug symbol generation on all build configurations.  Production builds are stripped
        of symbols by Xcode during deployment post-processing.

        * Configurations/Base.xcconfig:
        * WebCore.xcodeproj/project.pbxproj:

2007-09-02  Brady Eidson  <beidson@apple.com>

        Reviewed by John Sullivan and Mark Rowe

        Groundwork for support for monitoring IconDatabase in-memory statistics

        * WebCore.exp:
        * loader/icon/IconDatabase.cpp:
        (WebCore::IconDatabase::pageURLMappingCount): Stub for now
        (WebCore::IconDatabase::retainedPageURLCount): Ditto
        (WebCore::IconDatabase::iconRecordCount): Ditto
        (WebCore::IconDatabase::iconRecordCountWithData): Ditto
        * loader/icon/IconDatabase.h:

2007-09-02  Mark Rowe  <mrowe@apple.com>

        Reviewed by Antti.

        <rdar://problem/5454704> WebKit seems to get too-narrow widths for "Monotype Corsiva", so lays out incorrectly

        * platform/mac/FontDataMac.mm:
        (WebCore::FontData::determinePitch): Work around NSFont incorrectly reporting Monotype Corsiva as fixed pitch.

2007-09-01  Darin Adler  <darin@apple.com>

        - rolled out fix for bug 12988 because it broke getElementById in a layout test
          I'm working on a new fix.

        * dom/Document.cpp: Rolled out.

2007-09-01  Oliver Hunt  <oliver@apple.com>

        Reviewed by Sam.

        <rdar://problem/5344848> IME is incorrectly used for key events when on non-editable regions

        Adding a new EditorClient method so it is possible to inform WebKit of focus changes.
        Also added new virtual method Node::shouldUseInputMethod to allow us to trivially check
        whether an input method should be used when processing input for the currently focused
        Node.

        * bridge/EditorClient.h:
        * dom/Node.cpp:
        (WebCore::Node::shouldUseInputMethod):
        * dom/Node.h:
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::shouldUseInputMethod):
        * html/HTMLInputElement.h:
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::shouldUseInputMethod):
        * html/HTMLTextAreaElement.h:
        * page/FocusController.cpp:
        (WebCore::FocusController::setFocusedNode):
        * platform/graphics/svg/SVGImageEmptyClients.h:
        (WebCore::SVGEmptyEditorClient::setInputMethodState):

2007-09-01  Rob Buis  <buis@kde.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=12988
        First element (in document order) is not returned when other duplicate ID-ed elements were created first

        Reset the element id cache when id's are added or removed and there
        are duplicates for that id.

        Tests: fast/dom/duplicate-ids-document-order.html

        * dom/Document.cpp:
        (WebCore::Document::getElementById):
        (WebCore::Document::addElementById):
        (WebCore::Document::removeElementById):

2007-09-01  Rob Buis  <buis@kde.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=15083
        Some symbols in WebKit do not need to be exported

        Do not export these symbols.

        * dom/QualifiedName.cpp:
        (WebCore::hashComponents):
        * dom/XMLTokenizer.cpp:
        (WebCore::toString):
        (WebCore::getTokenizer):
        * history/HistoryItem.cpp:
        (WebCore::defaultNotifyHistoryItemChanged):
        * platform/Arena.cpp:
        (WebCore::CeilingLog2):
        * platform/graphics/Color.cpp:
        (WebCore::calcHue):
        * platform/graphics/Path.cpp:
        (WebCore::pathLengthApplierFunction):
        * platform/graphics/cg/PathCG.cpp:
        (WebCore::CGPathToCFStringApplierFunction):
        (WebCore::CFStringFromCGPath):
        * rendering/RenderText.cpp:
        (WebCore::isSpaceAccordingToStyle):

2007-08-31  Alice Liu  <alice.liu@apple.com>

        Reviewed by Tim Hatcher.

        Fixed <rdar://problem/5420682> Mail crashes at WebCore::InsertLineBreakCommand::doApply() after dropping a selected image over container's close box

        * editing/DeleteButtonController.cpp:
        (WebCore::DeleteButtonController::show):
        Factored out the code in ::show() that created and styled the elements of the Deletion UI

        (WebCore::DeleteButtonController::createDeletionUI):
        Neglecting to move the append of the deletionUI elements into the same clause that handles the creation
        of them ended up creating multiple elements at were repeatedly appended to the target, resulting in a 
        bloated table deletion UI which was slow to show and hide. 

        * editing/DeleteButtonController.h:
        (WebCore::DeleteButtonController::enabled):
        Restore this function to how it used to be pre-r25305, sans asserts

        * editing/EditCommand.cpp:
        Add disable/enable sandwich when undoing/redoing commands too
        (WebCore::EditCommand::unapply):
        (WebCore::EditCommand::reapply):

2007-08-31  Antti Koivisto  <antti@apple.com>

        Reviewed by Anders.

        Fix <rdar://problem/5452943>
        REGRESSION (r25283): Reproducible crash in HTMLObjectElement::getInstance under guard malloc
        
        Calling updateLayoutIgnorePendingStylesheets() may do arbitrary things to render tree so
        no RenderObjects can be cached over it.

        * html/HTMLEmbedElement.cpp:
        (WebCore::findWidgetRenderer):
        (WebCore::HTMLEmbedElement::getInstance):
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::getInstance):

2007-08-31  Anders Carlsson  <andersca@apple.com>

        Reviewed by Mitz.

        <rdar://problem/5443936>
        Crash after QT movie completes playback at apple.com/imac
        
        If the plug-in or one of its children have focus, set it to NULL to prevent the web view window from getting the focus, 
        which can cause a layout to happen while in HTMLObjectElement::detach. (This is what we do on the Mac).
        
        * plugins/win/PluginViewWin.cpp:
        (WebCore::PluginViewWin::setParent):

2007-08-30  Adele Peterson  <adele@apple.com>

        Reviewed by Justin.

        Fix for <rdar://problem/5450600> REGRESSION: can't paste in textfield if its in a body that has user-select:none set (affects widgets)

        Test: editing/pasteboard/paste-plaintext-user-select-none.html

        * editing/ReplaceSelectionCommand.cpp: (WebCore::ReplacementFragment::insertFragmentForTestRendering):
          Copy the user-select style from the current selection node and apply it so it is considered during the test rendering.
          This is important since we recently changed user-select to be inherited.  When we consider valid VisiblePositions for the test rendering,
          we need to have the correct user-select value that will actually be used for the real insertion.

2007-08-31  Anders Carlsson  <andersca@apple.com>

        Reviewed by Oliver.

        <rdar://problem/5423939>
        http://bugs.webkit.org/show_bug.cgi?id=15013
        ASSERTION FAILED !m_inDestructor in WebCore::Shared<WebCore::PluginStreamWin>::ref() on Windows
        
        Protect the stream in case it's destroyed by the plug-in.
        
        * plugins/win/PluginStreamWin.cpp:
        (WebCore::PluginStreamWin::didReceiveData):

a2007-08-31  Darin Adler  <darin@apple.com>

        Reviewed by Anders.

        - http://bugs.webkit.org/show_bug.cgi?id=15122

        * editing/htmlediting.cpp: (WebCore::avoidIntersectionWithNode):
        Change assertion so that it only fires when actually modifying the selection.
        This isn't nearly as helpful, because the old assertion could catch potential
        problems in more cases, but it's not obvious how to do better.

2007-08-30  Oliver Hunt  <oliver@apple.com>

        Reviewed by Adam.
        
        <rdar://problem/5430772> REGRESSION(303-310A5) list items do not show with mouse over on istweb.apple.com/quack.apple.com
        
        VC++ treats bitfields as signed members, so Node::m_styleChange would be
        sign extended if it was assigned the value FullStyleChange.  This caused
        style recalculation to stop propagating.  
        
        We work around this VC++ oddity by storing the enum as an unsigned, and
        casting back to StyleChangeType in the getter.
                
        Test: fast/css/hover-affects-child.html

        * dom/Node.h:
        (WebCore::Node::styleChangeType):

2007-08-29  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Darin.

        <rdar://problem/5368833> 
        REGRESSION: Pasting a triple-clicked line of quoted text at the top of a message adds an extra, quoted line

        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::insertParagraphSeparator): Added an option for
        using a plain div to hold the new paragraph, instead of a clone of the previous
        block.
        * editing/CompositeEditCommand.h:
        * editing/InsertParagraphSeparatorCommand.cpp: Ditto.
        (WebCore::InsertParagraphSeparatorCommand::InsertParagraphSeparatorCommand): Ditto.
        (WebCore::InsertParagraphSeparatorCommand::doApply): Ditto.
        * editing/InsertParagraphSeparatorCommand.h:
        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplaceSelectionCommand::doApply): Use a default block element when creating
        new paragraphs, so that empty paragraphs don't contain the block style of the previous
        one.
        Don't expand collapsed brs at the end of inserted content, this was the root of the bug.
        We'd copy <blockquote>hello<br></blockquote><br class="Apple-interchange-newline">
        and get an extra paragraph.  The removed code used to make sure that if the copied 
        selection ends with a paragraph break that is represented in the copied markup by a 
        regular br (not an interchange newline br), that that paragraph break appears in the 
        pasted content, but shouldMergeEnd, which was introduced after this code was written, 
        now takes care of that.
        (WebCore::ReplaceSelectionCommand::shouldRemoveEndBR): Inserted content should always
        displace placeholder brs, even if that inserted content ends with a br.
        * editing/markup.cpp:
        (WebCore::needInterchangeNewlineAfter): This code failed to add an interchange newline
        if the user copied <div>hello</div><br>, only don't add an interchange newline when
        copying ^hello<br>^<br>, because then the copied paragraph break will already be 
        represented in the copied markup by a br.
        (WebCore::createMarkup):

2007-08-30  David Harrison  <harrison@apple.com>

        Reviewed by Darin.

        <rdar://problem/5423900> Seed: safari crashes on submit feedback page in -[WebCoreAXObject isAttachment]

        * bridge/mac/WebCoreAXObject.mm:
        (-[WebCoreAXObject isAttachment]):
        Add nil check since element could be detached.

2007-08-30  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Dave Hyatt.

        - fix http://bugs.webkit.org/show_bug.cgi?id=13282
          <rdar://problem/5126392> REGRESSION (NativePopUp): Rightmost character cut off in pop-up menu

        * rendering/RenderMenuList.cpp:
        (WebCore::RenderMenuList::updateOptionsWidth): When measuring option text, use
        the same WebCore run rounding behavior that is used to draw it in the popup button.

2007-08-30  Riku Voipio  <riku.voipio@iki.fi>

        Reviewed by Dave Kilzer.

        Better ARM defines.

        * platform/DeprecatedString.h: Update comments to reflect the
        change and update test to fit changes to Platform.h.

2007-08-30  Darin Adler  <darin@apple.com>

        Reviewed by Tim Hatcher.

        - fix http://bugs.webkig.org/show_bug.cgi?id=14981
          DEBUG builds of WebKit hang videwing Yahoo! Mail messages
          with ~5 MB text attachment

        * rendering/InlineFlowBox.cpp: (WebCore::InlineFlowBox::checkConsistency):
        * rendering/RenderFlow.cpp: (WebCore::RenderFlow::checkConsistency):
        * rendering/RenderText.cpp: (WebCore::RenderText::checkConsistency):
        Put the actual consistency check inside an ifdef. If you need it you can
        turn it on. There's still some function call overhead in builds that don't
        have NDEBUG defined, but that's worth it so we can turn this on and off
        without recompiling the world.

        - small code style improvement to recently changed function

        * editing/TextIterator.cpp: (WebCore::plainTextToMallocAllocatedBuffer):
        Use a typedef and make_pair to make the code dealing with the pair simpler to read.

2007-08-30  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Zack.

        Fix Qt/Gdk build. gcc on Linux at least doesn't like initializing
        variables between jumps with goto ("jump to label foo crosses
        initialization of bar").

        * editing/TextIterator.cpp:
        (WebCore::plainTextToMallocAllocatedBuffer):

2007-08-30  Darin Adler  <darin@apple.com>

        Reviewed by Antti.
 
        - fix <rdar://problem/5423270> CrashTracer: [USER] 1 crash in Safari at com.apple.WebCore:
          WebCore::plainTextToMallocAllocatedBuffer + 762

        * editing/TextIterator.cpp: (WebCore::plainTextToMallocAllocatedBuffer):
        Check for a malloc failure and exit the function if it failed.

2007-08-29  Anders Carlsson  <andersca@apple.com>

        Reviewed by Oliver.

        <rdar://problem/5404329>
        Plugin content starves WM_TIMER events on UI thread (affects idle behavior of app) on http://www.vincent-vella.com/, http://www.sagmeister.com/
        
        Add a tiny delay to invalidation timer to prevent it from starving other timers.
        
        * plugins/win/PluginViewWin.cpp:
        (WebCore::PluginViewWin::invalidateRect):

2007-08-29  Darin Adler  <darin@apple.com>

        Reviewed by Adele.

        * editing/htmlediting.cpp: (WebCore::avoidIntersectionWithNode):
        Fix an assert that was firing for me all the time when doing editing operations.

2007-08-29  Anders Carlsson <andersca@apple.com>

        Reviewed by Adam.

        <rdar://problem/5386098>
        Repro hang with some Flash plugin content (http://dougmccune.com/blog/2007/07/25/coming-to-flexcamp-at-adobe/)
        
        In some cases, Flash ends up starving the main loop by sending a lot of WM_USER + 1 messages. Throttle these
        messages so they won't end up hanging the web browser.
        
        * plugins/win/PluginViewWin.cpp:
        (WebCore::PluginMessageThrottlerWin::PluginMessageThrottlerWin):
        (WebCore::PluginMessageThrottlerWin::~PluginMessageThrottlerWin):
        (WebCore::PluginMessageThrottlerWin::appendMessage):
        (WebCore::PluginMessageThrottlerWin::messageThrottleTimerFired):
        (WebCore::PluginMessageThrottlerWin::allocateMessage):
        (WebCore::PluginMessageThrottlerWin::isInlineMessage):
        (WebCore::PluginMessageThrottlerWin::freeMessage):
        (WebCore::PluginViewWndProc):
        (WebCore::PluginViewWin::wndProc):
        (WebCore::PluginViewWin::determineQuirks):
        * plugins/win/PluginViewWin.h:
        (WebCore::):
        (WebCore::PluginViewWin::pluginWndProc):

2007-08-29  Beth Dakin  <bdakin@apple.com>

        Reviewed by Hyatt.

        Fix for <rdar://problem/5436800> REGRESSION: PLT is 1.5% slower due 
        to r24593 and r25098

        In r25098, we only called setCreatedByParser for XML! This patch 
        calls it for HTML too, and takes care of the performance 
        regression.

        * html/HTMLElementFactory.cpp:
        (WebCore::styleConstructor):

2007-08-29  Antti Koivisto  <antti@apple.com>

        Reviewed by Mitz.
        
        Fix <rdar://problem/5425951>
        REGRESSION: change to updateLayoutIgnorePendingStylesheets causes SAP Portal page to render wrong
        
        If new nodes have been added or style recalc has been done with style sheets still pending, some nodes 
        may not have had their real style calculated yet. Normally this state gets cleaned when style sheets arrive 
        but in updateLayoutIgnorePendingStylesheets() we need to do full style recalc to get up-to-date style immediatly.
        
        Added a document flag to track if there are any nodes that did not have their real style calculated due to
        pending stylesheets.

        Test: fast/dynamic/style-access-late-stylesheet-load.html

        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::styleForElement):
        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::recalcStyle):
        (WebCore::Document::updateLayoutIgnorePendingStylesheets):
        * dom/Document.h:
        (WebCore::Document::setHasNodesWithPlaceholderStyle):

2007-08-29  Alice Liu  <alice.liu@apple.com>

        Reviewed by Maciej.

        We disable the DeleteButton UI before applying any editing commands.
        This patch simply moves those disable/enable calls to a more correct place, closer to the actual application of the editing command. 

        * editing/EditCommand.cpp:
        (WebCore::EditCommand::apply):
        (WebCore::applyCommand):

2007-08-28  Alice Liu  <alice.liu@apple.com>

        fixed <rdar://problem/5420682> Mail crashes at WebCore::InsertLineBreakCommand::doApply() 
                                       after dropping a selected image over container's close box

        Reviewed by Darin and Maciej.

        * editing/DeleteButtonController.cpp:
        (WebCore::DeleteButtonController::show):
        (WebCore::DeleteButtonController::hide):
        * editing/DeleteButtonController.h:
        (WebCore::DeleteButtonController::enabled):
        General changes made to DeleteButtonController: when hiding, it's not necessary to clear out 
        the m_containerElement and m_target, especially since to fix this bug we need to keep 
        their values around.  It's sufficient to just detach the container from target.

        * editing/EditCommand.cpp:
        (WebCore::EditCommand::EditCommand):
        Move the selection out of the deletion UI since we don't want to expose the deletion UI to any editing.

        * editing/Editor.cpp:
        (WebCore::Editor::rangeForPoint):
        Move the range out of the deletion UI since we don't want to expose the deletion UI to any editing.

        * editing/htmlediting.cpp:
        * editing/htmlediting.h:
        (WebCore::avoidIntersectionWithNode):
        Moved function that operates on Range from markup.cpp to here
        Added new implementation for function that operates on Selection

        * editing/markup.cpp:
        (WebCore::createMarkup):
        Moved function out of this file to htmlediting.cpp, and renamed to avoidIntersectionWithNode

2007-08-29  David Hyatt  <hyatt@apple.com>

        Fix for 5441281, remove our dependency on cursor rects and drag margins
        in AppKit for a large performance boost on the PLT and iBench.

        Reviewed by darin

        * platform/mac/WidgetMac.mm:
        (WebCore::safeRemoveFromSuperview):
        (WebCore::Widget::addToSuperview):
        Suppress the resetting of drag margins when views are added and removed.

        (WebCore::Widget::setCursor):
        Just use NSCursor's set method to immediately set the cursor.  We no longer
        rely on NSScrollView/NSClipView setDocumentCursor, since that is implemented
        using cursor rects.

2007-08-29  Rick  <rick@writhe.org.uk>

        Reviewed by Tim Hatcher.

        Fix http://bugs.webkit.org/show_bug.cgi?id=14853
        Bug 14853: Incorrect implementation of ArrayImpl's equality operator

        * platform/ArrayImpl.cpp:
        (WebCore::ArrayImpl::operator==):
        Fixed typo so that correct variable is used in equality comparison.

2007-08-29  Peter Kasting  <zerodpx@gmail.com>

        Reviewed by Maciej.

        - fix http://bugs.webkit.org/show_bug.cgi?id=15096
        Move the GIF frame duration minimum check into the various
        ImageSource*.cpp backends and use the same values as
        ImageSourceCG.cpp.

        * platform/graphics/cairo/ImageSourceCairo.cpp:
        (WebCore::ImageSource::frameDurationAtIndex):
        * platform/graphics/qt/ImageSourceQt.cpp:
        (WebCore::ImageSource::frameDurationAtIndex):
        * platform/image-decoders/gif/GIFImageReader.cpp:
        (GIFImageReader::read):

2007-08-29  Peter Kasting  <zerodpx@gmail.com>

        Reviewed by Maciej.

        - fix http://bugs.webkit.org/show_bug.cgi?id=15097
        Make PNGImageDecoder.cpp size its frame buffer vector in its
        constructor, so it never throws decoded image data away no matter
        what order its functions are called in.

        * platform/image-decoders/png/PNGImageDecoder.cpp:
        (WebCore::PNGImageDecoder::PNGImageDecoder):
        (WebCore::PNGImageDecoder::frameBufferAtIndex):
        (WebCore::PNGImageDecoder::decode):
        (WebCore::PNGImageDecoder::rowAvailable):
        (WebCore::PNGImageDecoder::pngComplete):

2007-08-29  Peter Kasting  <zerodpx@gmail.com>

        Reviewed by Maciej.

        - fix http://bugs.webkit.org/show_bug.cgi?id=15104
        Don't double-compensate for sizeof(unsigned) when making a buffer
        overflow check in the GIF decoder.  Now interlaced GIFs don't
        sometimes get nothing/garbage in some of the bottom rows.

        * platform/image-decoders/gif/GIFImageDecoder.cpp:
        (WebCore::GIFImageDecoder::haveDecodedRow):

2007-08-28  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin.

        Update fix landed in r25249 to account for XMLHttpRequest, which can also be EventTargets.

        Tests: http/tests/security/listener/xss-XMLHttpRequest-addEventListener.html
               http/tests/security/listener/xss-XMLHttpRequest-shortcut.html

        * bindings/js/JSXMLHttpRequest.cpp:
        (KJS::JSXMLHttpRequest::putValueProperty): Use the Window object associated with document's frame, not the active Window.
        (KJS::JSXMLHttpRequestPrototypeFunction::callAsFunction): ditto
        * xml/XMLHttpRequest.h:
        (WebCore::XMLHttpRequest::document): Expose Document member so bindings can access the correct frame.

2007-08-28  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin.

        <rdar://problem/5424866> Bottom portion of any Web Clip widget appears transparent

        Restore the previous behavior, creating plug-ins on attach, for WebKit plug-ins. Netscape plug-ins
        are still created during the first layout.
        
        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::getInstance):
        Only call layout if the renderer doesn't have a widget.
        
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::getInstance):
        Likewise.
        
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::shouldUsePlugin):
        Update for enum change.
        
        * loader/FrameLoaderTypes.h:
        Add ObjectContentNetscapePlugin and ObjectContentOtherPlugin.
        
        * page/mac/WebCoreFrameBridge.h:
        Get rid of the enum here, we can use the one in FrameLoaderTypes.h
        
        * rendering/RenderPartObject.cpp:
        (WebCore::RenderPartObject::updateWidget):
        Only create the plug-in if it's not a Netscape plug-in.
        
        (WebCore::RenderPartObject::layout):
        Fix indentation.
        
2007-08-28  David Harrison  <harrison@apple.com>

        Reviewed by Darin.

        <rdar://problem/5415006> Command Left in a To Do causes caret to disappear

        The selection was ending up inside non-editable content at the To Do Options
        arrow image, rather then at the editable position just to the left of that image.
        The problem was that startPositionForLine looked only at line boxes, and there
        is no linebox for the editable position at the far left of a To Do, which is
        a table. Addressed by having startPositionForLine use table offset 0 instead
        of the first VisiblePosition inside the table.
        
        Found and fixed the similar case with option-left (move by word position).
        
        Test cases:
        * editing/selection/mixed-editability-8.html: Added.
        * editing/selection/mixed-editability-9.html: Added.

        Source changes:
        * editing/SelectionController.cpp:
        (WebCore::SelectionController::modifyMovingLeftBackward):
        
        * editing/VisiblePosition.cpp:
        (WebCore::VisiblePosition::next):
        (WebCore::VisiblePosition::previous):
        (WebCore::VisiblePosition::stayInEditableContentLeft):
        (WebCore::VisiblePosition::stayInEditableContentRight):
        Factored stayInEditableContentLeft() and stayInEditableContentRight()
        out of previous() and next().
        
        * editing/VisiblePosition.h:
        Declare stayInEditableContentLeft() and stayInEditableContentRight().

        * editing/visible_units.cpp:
        (WebCore::previousWordPosition):
        (WebCore::nextWordPosition):
        (WebCore::startOfLine):
        (WebCore::endOfLine):
        (WebCore::previousSentencePosition):
        (WebCore::nextSentencePosition):
        Call stayInEditableContentLeft() or stayInEditableContentRight(), as 
        appropriate, so prevent crossing from editable content into
        uneditable content.
        
        (WebCore::startPositionForLine):
        Use table offset 0 instead of the first VisiblePosition in the table.
        
2007-08-28  Mark Rowe  <mrowe@apple.com>

        Reviewed by Darin Adler.

        <rdar://problem/5443453> Decreasing history expiration time from 1 year to 1 week can lead to long hang while icon database syncs

        Perform the sync inside a SQLite transaction.  This drops the time taken for the sync from over 90s to under half a second in the
        extreme case of over 90,000 URLs being pruned.

        * loader/icon/IconDatabase.cpp:
        (WebCore::IconDatabase::syncDatabase):

2007-08-28  Mark Rowe  <mrowe@apple.com>

        Reviewed by Darin Adler.

        <rdar://problem/5437983> Loading history containing 100,000 entries adds 20s to Safari's startup

        Add a new constructor for HistoryItem that initializes the alternate title.  This prevents WebHistoryItem
        in WebKit from having explicitly set the display title, which triggers a history item changed notification
        to be posted, for each history item loaded.

        * WebCore.exp:
        * history/HistoryItem.cpp:
        (WebCore::HistoryItem::HistoryItem):
        * history/HistoryItem.h:

2007-08-28  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin.

        <rdar://problem/5298296> XMLHttpRequest readyState 3 & responseText buffer issues
        
        Add a shouldContentSniff flag to ResourceLoader and ResourceHandle and have XMLHttpRequest 
        pass in false when creating its subresource loader.
        
        * WebCore.exp:
        * loader/MainResourceLoader.cpp:
        (WebCore::MainResourceLoader::MainResourceLoader):
        (WebCore::MainResourceLoader::loadNow):
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::ResourceLoader):
        (WebCore::ResourceLoader::load):
        * loader/ResourceLoader.h:
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::SubresourceLoader):
        (WebCore::SubresourceLoader::create):
        * loader/SubresourceLoader.h:
        * loader/mac/NetscapePlugInStreamLoaderMac.mm:
        (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader):
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:
        * platform/network/ResourceHandle.cpp:
        (WebCore::ResourceHandle::ResourceHandle):
        (WebCore::ResourceHandle::create):
        * platform/network/ResourceHandle.h:
        * platform/network/ResourceHandleInternal.h:
        (WebCore::ResourceHandleInternal::ResourceHandleInternal):
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::start):
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::send):

2007-08-27  Steve Falkenburg  <sfalken@apple.com>

        Added getter for committedFirstRealDocumentLoad.
        
        Reviewed by Maciej.

        * loader/FrameLoader.h: Added committedFirstRealDocumentLoad.
        (WebCore::FrameLoader::committedFirstRealDocumentLoad): Added.

2007-08-27  Antti Koivisto  <antti@apple.com>

        Reviewed by Maciej.
        
        Fix <rdar://problem/5433144>
        REGRESSION: Unable to click "Select" link at Expedia for car rentals
        
        javascript: URLs need special handling when serializing. Escaping them like
        normal attribute values can do bad things. Try hard to not escape anything,
        escape quote characters only if really necessary. Try to match Firefox.

        Test: fast/innerHTML/javascript-url.html

        * editing/markup.cpp:
        (WebCore::urlAttributeToQuotedString):
        (WebCore::startMarkup):

2007-08-27  David Hyatt  <hyatt@apple.com>

        Fix for 5441224, micro-optimizations to improve the PLT by 1%.

        Reviewed by Darin

        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::canShareStyleWithElement):
        * platform/mac/FontMac.mm:
        (WebCore::Font::drawGlyphs):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::requiresLayer):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::isBody):
        * rendering/RenderObject.h:
        (WebCore::RenderObject::renderArena):
        (WebCore::RenderObject::isRoot):

2007-08-27  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=15091
          Crash in RenderBlock::skipWhitespace during layout <rdar://problem/5439631> 

        Test: fast/replaced/applet-disabled-positioned.html

        * html/HTMLAppletElement.cpp:
        (WebCore::HTMLAppletElement::createRenderer): Changed to call
        RenderObject::createObject(), which accounts for style.

2007-08-26  Antti Koivisto  <antti@apple.com>

        Reviewed by Darin.
        
        Fix for <rdar://problem/5433726>
        Mail crash at WebCore::Frame::styleForSelectionStart() when deleting a selection in a HTML message (http://www.yahoo.com/)

        Test: editing/style/temporary-span-crash.html

        * page/Frame.cpp:
        (WebCore::Frame::styleForSelectionStart):
        Temporary span created here might not have renderer if document has style sheet that makes it display:none.
        Set display:inline explicitly in spans style attribute. This temporary span does not need to get its display 
        value from actual document style sheets. Null check the renderer too to be sure.


2007-08-24  Sam Weinig  <sam@webkit.org>

        Reviewed by Adele.

        Fix for <rdar://problem/5426142>

        Use the EventTarget's frame when creating the EventListener.

        Tests: http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener.html
               http/tests/security/listener/xss-JSTargetNode-onclick-shortcut.html
               http/tests/security/listener/xss-window-onclick-addEventListener.html
               http/tests/security/listener/xss-window-onclick-shortcut.html

        * bindings/js/JSEventTargetNode.cpp:
        (WebCore::JSEventTargetNode::setListener):
        (WebCore::JSEventTargetNodePrototypeFunction::callAsFunction):
        * bindings/js/kjs_window.cpp:
        (KJS::WindowFunc::callAsFunction):

2007-08-25  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Sam Weinig.

        - fix http://bugs.webkit.org/show_bug.cgi?id=15077
          REGRESSION: Cannot drag selected text out of a background window

        * manual-tests/drag-out-of-background-window.html: Added.
        * page/EventHandler.cpp:
        (WebCore::EventHandler::eventMayStartDrag): Added missing coordinate
        conversion.

2007-08-25  Rob Buis  <buis@kde.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=14848
        DOM table rules are not updated when changed

        On a dynamic rules attr change, mark the table cells and
        their ancestors (up to and including the table tag) as
        changed.

        Tests: fast/table/rules-attr-dynchange1.html
               fast/table/rules-attr-dynchange2.html

        * html/HTMLTableElement.cpp:
        (WebCore::isTableCellAncestor):
        (WebCore::setTableCellsChanged):
        (WebCore::HTMLTableElement::parseMappedAttribute):

2007-08-25  Adele Peterson  <adele@apple.com>

        Reviewed by Mitz.

        Fix for http://bugs.webkit.org/show_bug.cgi?id=15073
        <rdar://problem/5426557> REGRESSION: Can no longer drag text from textareas
        
        Test: fast/forms/drag-out-of-textarea.html

        * rendering/RenderTextControl.cpp: (WebCore::RenderTextControlInnerBlock::nodeAtPoint):
          Only restricts hit testing if the placeholder text is visible.
        * rendering/RenderTextControl.h: (WebCore::RenderTextControl::placeholderIsVisible): Added. 

2007-08-25  Peter Kasting <zerodpx@gmail.org>

        Reviewed by Sam Weinig.

        Part 2 of http://bugs.webkit.org/show_bug.cgi?id=14967.
        Eliminate all remaining implicit conversions of wtf::Vector<T> to T*.  Where code was
        previously checking that the Vector's data pointer was non-NULL, check !Vector::isEmpty()
        instead.

        * bindings/js/kjs_navigator.cpp:
        (KJS::PluginBase::cachePluginDataIfNecessary):
        * loader/mac/LoaderNSURLExtras.m:
        (suggestedFilenameWithMIMEType):
        * page/FrameView.cpp:
        (WebCore::FrameView::~FrameView):
        (WebCore::FrameView::pauseScheduledEvents):
        (WebCore::FrameView::resumeScheduledEvents):
        (WebCore::FrameView::dispatchScheduledEvents):
        * platform/mac/PlugInInfoStoreMac.mm:
        (WebCore::PlugInInfoStore::createPluginInfoForPluginAtIndex):

2007-08-25  Mitz Pettel  <mitz@webkit.org>

        Rubber-stamped by Adam Roben

        - remove unused file

        * platform/win/MouseEventWin.cpp: Removed.

2007-08-25  Jasper Bryant-Greene  <m@ni.ac.nz>

        Reviewed by Oliver Hunt.

        Set paintingDisabled to true in Cairo's GraphicsContext constructor
        when passed a null PlatformGraphicsContext.

        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::GraphicsContext):

2007-08-25  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Dave Hyatt.

        - fix http://bugs.webkit.org/show_bug.cgi?id=15056
          REGRESSION (r21472): Digg Podcasts Episodes Render "Digg" counter incorrectly

        Covered by fast/parser/residual-style-close-across-n-blocks.html

        * html/HTMLParser.cpp:
        (WebCore::HTMLParser::handleResidualStyleCloseTagAcrossBlocks): If the
        residual style was closed before anything else in the block (so it does
        not apply to anything inside the block) avoid creating an empty element for
        it inside the block.

2007-08-25  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Dave Hyatt.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14972
          Moving cursor down in contentEditable section fails if styled line-height:1em

        Test: editing/selection/move-by-line-003.html

        * rendering/RenderText.cpp:
        (WebCore::RenderText::positionForCoordinates): Changed hit testing so that each
        line is tested for hits between its overflow top and the next line's overflow top.
        This matches RenderBlock::positionForCoordinates.

2007-08-25  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Justin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14792
          <rdar://problem/5367763> REGRESSION: Copy inserts carriage return in middle of selection

        Test: editing/pasteboard/newlines-around-floating-or-positioned.html

        * editing/TextIterator.cpp:
        (WebCore::shouldEmitNewlinesBeforeAndAfterNode): Do not emit newlines around
        floating or positioned blocks. This behavior seems to match WinIE's.

2007-08-23  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Darin.
        
        <rdar://problem/5432254> GoogleDocs: A hang occurs when applying list style to selected table
        
        * editing/DeleteSelectionCommand.cpp:
        (WebCore::DeleteSelectionCommand::handleGeneralDelete): If the position
        that marked the start of the range to delete has been removed from the
        document, and it was inside the node that holds the position that marks
        the end of the range to delete, don't remove any children of that node,
        because we don't know how many to remove.  For example, if the end is
        [a, 5] and the start was in some descendant of a and was removed, don't
        remove any of the children of a.  We will now refuse to remove some content
        incorrectly, but that's less dangerous than removing content incorrectly.
        Long term we need to update these positions as we remove content from the 
        document, but that seems like a more risky change.  Added a testcase.
        * editing/InsertListCommand.cpp:
        (WebCore::InsertListCommand::modifyRange): If the end of the selection to 
        modify is just after a table, and if the start of the selection is inside 
        that table, the last paragraph that we'll want modify is the last one inside 
        the table, not the paragraph that contains the table itself. Adjust 
        startOfLastParagraph here to avoid infinite recursion.

2007-08-24  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        <rdar://problem/5430165>
        REGRESSION: Dynamically loaded images fail to load

        * html/HTMLImageLoader.cpp:
        (WebCore::HTMLImageLoader::HTMLImageLoader):
        Initialize the m_elementIsProtected member.

        (WebCore::HTMLImageLoader::~HTMLImageLoader):
        Assert that the element is not protected.
        
        (WebCore::HTMLImageLoader::setLoadingImage):
        If the image is not null, protect the element. Otherwise, unprotect it.
        
        (WebCore::HTMLImageLoader::dispatchLoadEvent):
        Unprotect the element here.

        (WebCore::HTMLImageLoader::protectElement):
        (WebCore::HTMLImageLoader::unprotectElement):
        New methods which protect and unprotect the element.
        
        * html/HTMLImageLoader.h:

2007-08-24  Kevin McCullough  <kmccullough@apple.com>

        - Updated ChangeLog

2007-08-24  Beth Dakin  <bdakin@apple.com>

        Reviewed by Hyatt and Adele.

        Fix for <rdar://problem/5417203> Google Gmail 1.0 widget - unread 
        count is missing

        * rendering/FixedTableLayout.cpp:
        (WebCore::FixedTableLayout::calcWidthArray): Calc pref widths for 
        our cells, if needed.

2007-08-24  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Darin.

        <rdar://problem/5437038> 1 credential object leaked for each call to credentialWithUser:password:persistence
        - Use initWithUser instead of credentialWithUser because credentialWithUser leaks.

        * platform/network/mac/AuthenticationMac.mm:
        (WebCore::mac):
        * platform/network/mac/ResourceHandleMac.mm:
        (-[WebCoreResourceHandleAsDelegate connection:didReceiveAuthenticationChallenge:]):
        (-[WebCoreSynchronousLoader connection:didReceiveAuthenticationChallenge:]):

2007-08-24  Jon Honeycutt  <jhoneycutt@apple.com>

        Reviewed by Darin.

        <rdar://problem/5433236> Print preview of empty txt file crashes Safari
        Fix: Adjust computePageRectsForFrame to always return at least one 
        page rect, even if document height is zero.

        * WebCore.vcproj/WebCore.vcproj:
        * bridge/win/FrameWin.h: Added Vector& parameter to 
        computePagesRectsForFrame; changed its return type to void.
        * bridge/win/FrameWin.cpp:
        (WebCore::computePageRectsForFrame): Reordered the loop that inserts
        rects into the vector.

2007-08-24  Antti Koivisto  <antti@apple.com>

        Reviewed by Oliver

        Fix <rdar://problem/5393758>
        Crash in WebCore::FontData::platformInit
        
        Null check glyph page. 
        
        If font has somehow failed to initialize it is possible to have null glyph page. Based on
        crash dumps this seems to occasionally happen when running Mail under guard malloc. 
        
        No test case, I don't know how to get to this state.

        * platform/FontData.cpp:
        (WebCore::FontData::FontData):
        * platform/mac/FontDataMac.mm:
        (WebCore::FontData::platformInit):

2007-08-24  George Wright  <george.wright@collabora.co.uk>

        Reviewed by Oliver.

        http://bugs.webkit.org/show_bug.cgi?id=15071
        [cairo] SVG skews are incorrect

        Fix Cairo implementation of AffineTransform::shear so that shearing is
        done in the correct direction.

        * platform/graphics/cairo/AffineTransformCairo.cpp:
        (WebCore::AffineTransform::shear):

2007-08-23  Anders Carlsson  <andersca@apple.com>

        Reviewed by Steve.

        If necessary, re-set the window proc after each call to NPP_SetWindow. This is to ensure that
        our window proc is always run even if a plug-in subclasses the window and replaces the window proc.
        
        Also, make sure that the default window proc is of type ASCII so we can eliminate the 
        * plugins/win/PluginViewWin.cpp:
        (WebCore::registerPluginView):
        (WebCore::PluginViewWndProc):
        (WebCore::PluginViewWin::setNPWindowRect):
        (WebCore::PluginViewWin::stop):
        (WebCore::PluginViewWin::determineQuirks):
        (WebCore::PluginViewWin::PluginViewWin):
        (WebCore::PluginViewWin::init):
        * plugins/win/PluginViewWin.h:
        (WebCore::):
        (WebCore::PluginViewWin::pluginWndProc):

2007-08-23  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Adele.

        <rdar://problem/5156801> REGRESSION: Crash at DeleteSelectionCommand::doApply() when deleting table content

        * editing/DeleteSelectionCommand.cpp:
        (WebCore::DeleteSelectionCommand::handleGeneralDelete): Use a RefPtr
        for node.  If the node to be removed contains the selection, and if
        the next node to be removed (nextNode) is inside the deletion UI,
        removing node will remove nextNode from the document.  nextNode is
        a RefPtr, but node isn't and when nextNode falls out of scope the node
        that node points to will be destroyed and we'll end up using a stale pointer.
        Long term we should probably just disable the deletion UI before editing 
        operations because the undo of the removal of node in the situation 
        described above relies on the presence of the deletion UI, but it isn't 
        present because its added and removed in a non-undoable way.

2007-08-23  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14899
          !d->m_view->needsLayout() in Frame::paint() (Causes assert)

        WebKit copies the width and height attributes of an <embed> to its
        nearest <object> ancestor. This used to be done in updateWidget(), but
        that could lead to the document being dirty right after layout and
        before painting. The patch moves the copying of the attributes to when
        the <embed> is inserted into the document or its attributes change.

        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::insertedIntoDocument):
        (WebCore::HTMLEmbedElement::attributeChanged):
        * html/HTMLEmbedElement.h:
        * manual-tests/bugzilla-14899.html: Added.
        * rendering/RenderPartObject.cpp:
        (WebCore::RenderPartObject::updateWidget):

2007-08-22  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin and Oliver.

        <rdar://problem/5422410>
        http://bugs.webkit.org/show_bug.cgi?id=15019
        REGRESSION (r25124-r25140): New posts and hot topics won't show at mobile01.com

        Remove the call to checkCallImplicitClose(). Calling it in loadPlugin is bad for two reasons:
        
        1. It could cause onload to be dispatched even when the page has subresources that are still
        loading, such as images.
        
        2. Now that loadPlugin is called during layout, it could cause onload to be dispatched during
        layout, which can execute javascript and do pretty much anything while the render tree is in an
        inconsistent state.
        
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadPlugin):

2007-08-22  Anders Carlsson  <andersca@apple.com>

        Reviewed by Adam.

        <rdar://problem/5430584>
        http://bugs.webkit.org/show_bug.cgi?id=15053        
        WebKit does not check Windows Registry HKEY_CURRENT_USER for NPAPI plugin locations
        
        * plugins/win/PluginDatabaseWin.cpp:
        (WebCore::addPluginsFromRegistry):
        (WebCore::PluginDatabaseWin::getPluginsInPaths):

2007-08-22  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Adam.
        
        <rdar://problem/5418891> CrashTracer: [USER] 1 crash in Mail at -[WebViewEditor webView:shouldInsertText:replacingDOMRange:givenAction:]

        * editing/BreakBlockquoteCommand.cpp:
        (WebCore::BreakBlockquoteCommand::doApply): We're reusing the topBlockquote
        variable.  Null it out first.  If there is no new topBlockquote and we don't null
        it out first, we'll assume that there was a new one and crash.

2007-08-22  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Adele.

        - rdar:5423067 Reapplyingthe change but only when the text area is in focus.

        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::setValue):

2007-08-21  David Hyatt  <hyatt@apple.com>

        Fix for <rdar://problem/5249757> Painting of JPGs in WebKit is too slow.

        Use a new Leopard API for fast tiling of images.  We only use this API
        when the whole image is being tiled and when the current CGImageRef to tile
        has a size that matches the size of the whole image.

        We can optimize border-image in the future by adding a cache of the 9
        sub-images.

        Reviewed by darin

        * platform/graphics/cg/ImageCG.cpp:
        (WebCore::Image::drawPattern):

2007-08-22  Kevin McCullough  <kmccullough@apple.com>

        - Rolling back since I need to update some layouttests this change breaks.

        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::setValue):

2007-08-21  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Geof, Adam, Hyatt, Maciej and Oliver.

        - In order to match the behavior of the other major browsers, selection is moved to the end of the text value when a change occurs to the contents of a text area instead of remembering the location of the selection.
        - <rdar://problem/5423067> gmail is super annoying when trying to add a new name to the TO, CC or BCC fields

        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::setValue):

2007-08-21  Adam Roben  <aroben@apple.com>

        Build fix for Mac

        Keep FrameView::layoutIfNeededRecursive Windows- and Gtk-only for now
        (sadly). This will have to wait until we merge ScrollView and FrameView.

        Reviewed by NOBODY.

        * page/FrameView.cpp:
        * page/FrameView.h:

2007-08-21  Adam Roben  <aroben@apple.com>

        Fix an ASSERT when using Find in Page

        Reviewed by Darin.

        No test possible.

        * bridge/win/FrameWin.cpp:
        (WebCore::imageFromSelection): Make sure to update layout before
        painting so we don't hit an ASSERT in painting code (Frame::selectionImage
        in FrameMac.mm does this as well).

2007-08-21  Adam Roben  <aroben@apple.com>

        Made FrameView::layoutIfNeededRecursive available to all platforms

        Currently it's only used on Gtk+ and Windows.

        Reviewed by Darin.

        * page/FrameView.cpp: Removed #ifdef.
        * page/FrameView.h: Ditto.

2007-08-21  Adele Peterson  <adele@apple.com>

        Build fix for release build.

        * rendering/AutoTableLayout.cpp:
        (WebCore::AutoTableLayout::calcEffectiveWidth):
        (WebCore::AutoTableLayout::layout):

2007-08-21  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=15010
          <rdar://problem/5423956> REGRESSION (r25000-r25065): Table rendering broken by a recent nightly

        Test: fast/table/max-width-integer-overflow.html

        Avoid integer overflows when dealing with maximum widths by
        1) using floating point arithmetic when summing or multiplying column max widths
        2) capping max widths at INT_MAX / 2

        * rendering/AutoTableLayout.cpp:
        (WebCore::AutoTableLayout::calcPrefWidths):
        (WebCore::AutoTableLayout::calcEffectiveWidth):
        (WebCore::AutoTableLayout::layout):

2007-08-20  John Sullivan  <sullivan@apple.com>

        Reviewed by Adam Roben

        WebCore part of fix for: 
        <rdar://problem/5417777> WebKit focus ring color no longer matches system focus rings
        
        Adele wrote the first version of this patch. No test cases added because I made sure the 
        layout tests are unaffected. Two additional bug fixes were made in passing, but neither 
        of them had any effect on any known real-world case, and both were too difficult to write 
        test cases for to be worthwhile.

        * WebCore.exp:
        added symbols for these new functions so WebKit can call them
        
        * WebCore.xcodeproj/project.pbxproj:
        updated for new file
        
        * platform/graphics/mac/ColorMac.h: Added.
        New file to hold the increasing amount of Mac-specific color stuff.
        
        * platform/graphics/Color.h:
        removed #if PLATFORM(MAC) code, which is now in ColorMac.h
        
        * platform/graphics/mac/ColorMac.mm:
        (WebCore::makeRGBAFromNSColor):
        new static function to convert an NSColor object to an RGBA32 struct
        (WebCore::colorFromNSColor):
        new public function to convert an NSColor object to a WebCore-style Color object
        (WebCore::focusRingColor):
        Uses (cached) systemFocusRingColor instead of hardwired values, unless usesTestModeFocusRingColor is true,
        in which case it uses the old hardwired color
        (WebCore::usesTestModeFocusRingColor):
        returns value of global var
        (WebCore::setUsesTestModeFocusRingColor):
        sets value of global var
        (+[WebCoreControlTintObserver controlTintDidChange]):
        Uses [NSColor keyboardFocusIndicatorColor] to set systemFocusRingColor; don't compile if COLORMATCH_EVERYTHING
        is set since we don't know what it would take to satisfy this state.

        * bindings/objc/DOMRGBColor.mm:
        now includes ColorMac.h to account for moved declarations
        * bridge/mac/WebCoreAXObject.mm:
        ditto
        
        * page/mac/FrameMac.mm:
        (WebCore::convertAttributesToUnderlines):
        now uses new colorFromNSColor. The old code was swapping G & B, but it didn't matter in practice because
        this function is only used to convert the color of an input manager's marked text underline, which is always black
        
        * page/mac/WebCoreFrameBridge.mm:
        (-[WebCoreFrameBridge setBaseBackgroundColor:]):
        now uses new colorFromNSColor. The old code was swapping G & B, but it didn't matter in practice because
        this function is only called with a grayscale color perhaps containing an alpha value
                
        * rendering/RenderView.cpp:
        (WebCore::RenderView::paintBoxDecorations):
        just updated a comment

2007-08-20  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Dave Hyatt.

        - fix http://bugs.webkit.org/show_bug.cgi?id=15023
          REGRESSION (r21113-r21143): JavaScript tooltip rendering bug

        Test: fast/repaint/layer-visibility.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::setHasVisibleContent): Cache the layer's
        rects when it changes to visible.

2007-08-20  Kevin Decker <kdecker@apple.com>

        Reviewed by Anders.

        Fixed: <rdar://problem/5325262> REGRESSION (Tiger-Leopard): PictureTalk plug-in doesn't work

        The problem was that this particular plug-in handles "text/ptf", but WebCore wasn't giving the plug-in a chance to load
        any type with "text/"

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::createDocument): Allow plug-ins to once again use "text/" MIME types, but only if the MIME
        type is not "text/plain". Disallowing plug-ins to use text/plain prevents plug-ins from hijacking a fundamental type 
        that the browser is expected to handle, and also serves as an optimization to prevent loading the plug-in database in 
        the common case.

2007-08-20  Adam Roben  <aroben@apple.com>

        Remove workarounds for <rdar://problem/5386894> now that it's been fixed

        Reviewed by Darin.

        Tests: fast/loader/local-svg-parsed-as-svg.svg
               fast/loader/local-xhtml-parsed-as-xhtml.xhtml

        * platform/network/cf/ResourceResponseCFNet.cpp:
        (WebCore::ResourceResponse::doUpdateResourceResponse): Removed hackish
        workaround.

2007-08-20  Anders Carlsson  <andersca@apple.com>

        Reviewed by Adam.

        <rdar://problem/5412988>
        Crash when visiting http://www.rockonflash.com/blog/?p=58
        
        * plugins/win/PluginViewWin.cpp:
        (WebCore::PluginViewWin::updateWindow):
        Just return if the plugin view hasn't been inserted in the hierarchy yet.

2007-08-20  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Zack.

        Do not define svg as ImageMIMEType if we can use ksvg2.

        * platform/MIMETypeRegistry.cpp:
        (WebCore::initialiseSupportedImageMIMETypes):

2007-08-19  Adam Roben  <aroben@apple.com>

        Gtk+ build fix.

        * platform/gdk/TemporaryLinkStubs.cpp: Removed const.

2007-08-19  Adam Roben  <aroben@apple.com>

        Fix <rdar://5395835> REGRESSION (r24527): Context menu for edit fields is missing "Font & Writing Direction"

        The problem was that ContextMenuItem::setSubMenu was just copying the
        HMENU from the ContextMenu passed in on Windows, but that HMENU was
        later getting destroyed when the ContextMenu went out of scope.

        I added a new ContextMenu::releasePlatformDescription method that is
        used in setSubMenu instead. I think an ultimately better design would
        be for setSubMenu to take ownership of the ContextMenu that's passed in
        (as should insertItem and appendItem), but I decided to be conservative
        and just make the changes needed to fix the bug.

        Reviewed by Darin.

        No test possible.

        * platform/ContextMenu.h: Added releasePlatformDescription.
        * platform/gdk/TemporaryLinkStubs.cpp: Added stub implementation.
        * platform/mac/ContextMenuMac.mm:
        (WebCore::ContextMenu::releasePlatformDescription): Implemented, though
        it's never called on this platform.
        * platform/qt/ContextMenuQt.cpp:
        (WebCore::ContextMenu::releasePlatformDescription): Ditto.
        * platform/win/ContextMenuItemWin.cpp:
        (WebCore::ContextMenuItem::setSubMenu): Call releasePlatformDescription
        since we need to take ownership of the HMENU.
        * platform/win/ContextMenuWin.cpp:
        (WebCore::ContextMenu::releasePlatformDescription): Implemented.

2007-08-18  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.

        - fixed <rdar://problem/5198272> REGRESSION: PLT 1.5% slower due to r21367 (change to start frames with empty documents)
        
        There were three main cuases of extra time due to creating the initial empty document:
        
        1) Creating an extra WebHTMLView and swapping it for a new one for each frame created.
        2) Parsing the minimal markup for the initial document's contents.
        3) Clearing the Window object an extra time and dispatching the corresponding delegate method.
        
        The WebCore part of the fixes addresses 2 and 3.
        
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::init): Don't parse "<html><body>" for the initial
        empty document; it turns out not to be needed.
        (WebCore::FrameLoader::dispatchWindowObjectAvailable): Don't 
        dispatch the delegate if we haven't created a ScriptInterpreter yet.
        * bindings/js/kjs_proxy.cpp:
        (WebCore::KJSProxy::initScriptIfNeeded): Dispatch the window object
        delegate when we first create the interpreter, since that is now done
        lazily.
        * loader/FrameLoader.h:
        (WebCore::FrameLoader::committingFirstRealLoad): Helper for WebKit
        to know when to reuse a WebHTMLView.

2007-08-19  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Adam Roben.

        - fix http://bugs.webkit.org/show_bug.cgi?id=15008
          ASSERTION FAILED: !firstLineBox() == !lastLineBox() setting content on image

        Test: fast/images/text-content-crash-2.html

        * html/HTMLImageLoader.cpp:
        (WebCore::HTMLImageLoader::setImage): Added a check that the renderer is an
        image.
        (WebCore::HTMLImageLoader::updateFromElement): Ditto.
        (WebCore::HTMLImageLoader::notifyFinished): Ditto.

2007-08-17  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.

        - WebCore part of fix to scrollbar suppression hack for Leopard

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::transitionToCommitted): Suppress scrollbars earlier, so it happens
        before any potential view swap.

2007-08-17  Antti Koivisto  <antti@apple.com>

        Reviewed by Hyatt.
        
        Fix <rdar://problem/5403773>
        CrashTracer: [USER] 88 crashes in Safari at com.apple.WebCore: WebCore::RenderTableSection::paint + 846

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::removePositionedObjects):
        
        Fix crash in http://www.infobae.com/interior/home.html
        Positioned objects removed from m_positionedObjects would in some cases not get added back to any 
        positioned objects list. Adding objects happens in block layout but since layout was not invalidated 
        correctly in removePositionedObjects() it would not get invoked. As a result some positioned objects 
        would stay in layout dirty state leading to crashes and other bad things.
        
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::paint):
        
        Add needLayout() guard to eliminate this class of crashes from release builds. 
        Assert commented out for now since one existing layout test can't handle it.

2007-08-17  Kevin Decker <kdecker@apple.com>

        Code change by Darin, landed and reviewed by me.

        Fixed: <rdar://problem/5252836> Adobe Help Viewer: Japanese characters in the Help Tree structure are shown as garbage
        Added fast/encoding/namespace-tolerance.html test.

        * loader/TextResourceDecoder.cpp:
        (WebCore::TextResourceDecoder::checkForHeadCharset): Slightly loosen the charset decoder heuristic by tweaking it
        to ignore namespaces. This restores compatibility to documents which (1) use namespace prefixes on HTML elements
        (2) specify a non-latin charset and (3) contain non-latin characters.
        
        Added fast/encoding/namespace-tolerance.html test.
        
2007-08-17  Anders Carlsson  <andersca@apple.com>

        Reviewed by Dave Hyatt.
        
        <rdar://problem/5379040>
        REGRESSION (Tiger-Leopard): ADOBE: Safari calls NPP_SetWindow with bad values sometimes

        Instantiate plug-ins during the first layout instead of doing so when creating the renderer.
        This ensures that the plug-in widget will have a correct initial size.
        
        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::getInstance):
        Force a layout if the plug-in doesn't have an instance.
        
        (WebCore::HTMLEmbedElement::attach):
        Pass true to updateWidget, causing it to only create a widget if it won't be a plug-in.
        
        * html/HTMLIFrameElement.cpp:        
        (WebCore::HTMLIFrameElement::attach):
        Pass false to updateWidget, this will only create subframes anyway.
        
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::getInstance):
        Force a layout if the plug-in doesn't have an instance.
        
        (WebCore::HTMLObjectElement::attach):
        Pass true to updateWidget, causing it to only create a widget if it won't be a plug-in.
        
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadPlugin):
        Get the size from the renderer and pass it to the client.
        
        * loader/FrameLoaderClient.h:
        * page/mac/WebCoreFrameBridge.h:
        * platform/graphics/svg/SVGImageEmptyClients.h:
        (WebCore::SVGEmptyFrameLoaderClient::createPlugin):
        Update declarations.
        
        * rendering/RenderPart.cpp:
        (WebCore::RenderPart::setWidget):
        No need to mark the renderer as dirty here.
        
        * rendering/RenderPartObject.h:
        * rendering/RenderPartObject.cpp:
        (WebCore::RenderPartObject::updateWidget):
        Add a parameter, onlyCreateNonPlugins. If this is true the widget 
        will only be created if it's not a plug-in.
        
        (WebCore::RenderPartObject::layout):
        Call updateWidget here if m_widget is 0, causing the plug-in to be instantiated.
        
2007-08-17  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        http://bugs.webkit.org/show_bug.cgi?id=14189
        <rdar://problem/5319511> REPRODUCIBLE CRASH: Canvas createPattern(canvas, ...) crashes on Windows (14189)

        Ensure that we actually retain the CG pattern correctly.

        Credit to Henry Mason <hmason@mac.com> for finding the cause of this.

        * html/CanvasPattern.cpp:
        (WebCore::CanvasPattern::~CanvasPattern):
        (WebCore::CanvasPattern::createPattern):
        * html/CanvasPattern.h:
        (WebCore::CanvasPattern::platformImage):

2007-08-16  Geoffrey Garen  <ggaren@apple.com>

        Build fix. (Maybe?)
        
        * loader/Cache.cpp:
        (WebCore::Cache::pruneLiveResources):
        (WebCore::Cache::pruneDeadResources):

2007-08-16  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Harrison.

        <rdar://problem/5378473> 
        REGRESSION: Undoing a deletion that is part of an open typing command fails to reinsert the caret
        
        We recently made Undo of a series of deletes select all of the 
        characters that were deleted, not just the most recently deleted
        character.  But the code that did this set a new starting selection 
        after every delete, even those that were part of an open typing 
        command that started with character insertions or forward deletes, 
        operations that when undone, remove the starting selection being 
        set from the document.
        
        After this change we only set a new starting selection if the open typing
        command was opened by a backward delete. The new behavior matches TextEdit.  
        We don't do something similar or forward deletes because TextEdit opens 
        and closes a new typing command on forward delete (added a FIXME about this).

        * editing/TypingCommand.cpp:
        (WebCore::TypingCommand::TypingCommand): Initialize 
        m_openedByBackwardDelete.
        (WebCore::TypingCommand::forwardDeleteKeyPressed): Added a FIXME about
        how in TextEdit, forward deletes open and close a new typing command.
        (WebCore::TypingCommand::doApply): Set m_openedByBackwardDelete
        appropriately.
        (WebCore::TypingCommand::deleteKeyPressed): Only set the starting
        selection if this delete is the first one in an open typing command
        or one in a series of deletes that opened the typing command.
        * editing/TypingCommand.h: Added m_openedByBackwardDelete.

2007-08-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Dave Hyatt.
        
        Tweaked the cache eviction model to better balance between live and 
        dead resources.
        
        For the sake of avoiding evictions during the PLT, the old model 
        required the sum of dead and live resources to grow to twice the cache 
        capacity before evicting, and would then evict dead or live down to 0 
        if necessary. This was a too-high high water mark, which would nullify 
        much of the value of eviction, and a too-low low water mark, which 
        would nullify much of the value of the LRU-SP strategy.
        
        This patch changes the model in 3 ways.
        
        1. The new model for dead resources is a flexible window with a fixed 
        minimum and maximum. The dead resource window is big when live resource 
        pressure is small, and vice versa. This has the immediate advantage of
        cutting the high water mark by up to 50%. It also enables the following
        tunable optimizations in future patches:
            a. A dead resource limit of 0 for clients who want that. (Just set
            the fixed maximum to 0.)
            b. A much higher low water mark. (Just set the fixed minimum to, 
            say, 25% of the cache's capacity.)
            c. A much lower high water mark for users who browse simple pages
            in one tab. (Just set the fixed maximum to, say, 50% of the cache's
            capacity.)
        
        I plan to make the changes that actually take advantage of these 
        tunable optimizations in another check-in.

        The new model won't hurt the PLT because it will notice the PLT's low
        live resource size, and up the dead resource capacity in response. For
        the same reason, the new model should establish a good balance in 
        real-world use.
        
        2. Live resource eviction is now based on size(), not encodedSize().
        So, a page with lots of large, encoded images will start evicting 
        resources, if necessary, even before all the images paint. This allows 
        you to more accurately stipulate an exact high water mark.
        
        3. When pruning, prune to a small percentage below capacity, to avoid
        just having to prune again immediately.

        Layout tests pass. PLT shows no regression.

        * history/PageCache.cpp:
        (WebCore::PageCache::releaseAutoreleasedPagesNow): Updated for rename.

        * loader/Cache.cpp: Implemented the algorithm explained above.
        * loader/Cache.h: Removed explicit tracking of decoded data size, since
        it was unused.

        * loader/CachedResource.cpp: ditto on tracking of decoded data size

2007-08-16  Darin Adler  <darin@apple.com>

        Reviewed by Tim Hatcher.

        - fix <rdar://problem/5415029> In Mail, a crash occurs at WebCore::Node::isDescendantOf()
          when attempting to delete a selection in a table

        The bug was caused by createMarkup trying to operate on a range that
        has an endpoint in the delete button DOM, because it removes that DOM
        during its operation! Still working on a regression test -- it's hard
        to make the kind of bad selection that's needed with the DOM, so I might
        have to use the eventSender.

        * editing/DeleteButtonController.h: Made some of the identifiers private.
        We can make them public if we need to use them. Added a getter function
        for the container element so we can figure out if a given node is inside
        the DOM added for the delete button.

        * editing/markup.cpp:
        (WebCore::moveEndpointsBeforeNode): Added. General purpose helper function
        that moves endpoints of a range to before a given node -- we do this before
        removing the delete button, so the endpoint is where the delete button was,
        rather than having an endpoint that's not in the document.
        (WebCore::createMarkup): Always return empty string, not null string.
        Get the document by calling ownerDocument on the range rather than getting
        the document of the commonAncestorContainer. That's because we need to
        get at the delete button before calling commonAncestorContainer. Call
        moveEndpointsBeforeNode to move the range endpoints out of the delete
        button interface before calling disable() which will remove it from the
        DOM if it's in there. Added an early return for the case where commonAncestor
        is non-0. If this happens, we would crash later because pastEndNode would
        not be in the tree. This change alone would prevent the crash, but we'd get
        bad markup, so we need the moveEndpointsBeforeNode fix. Added null checks
        for the frame to the range version as in the single-node version so this
        won't crash immediately on documents that are not in a frame. For the
        single-node version, added a check if a ndoe of 0 and a node inside the
        delete button user interface, and return the empty string for those cases.

2007-08-16  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Maciej.
        
        <rdar://problem/5378847> After creating and removing a ToDo, the caret disappears as soon as I start to type
        
        * editing/InsertTextCommand.cpp:
        (WebCore::InsertTextCommand::input): A whitespace text node inserted by Mail
        when a ToDo is removed is completely removed by deleteInsignificantWhitespace,
        and since it contains the text insertion position, insertion fails.
        Save the position before the node where text insertion will occur,
        and if that node is removed, use the saved position for insertion.

2007-08-16  Darin Adler  <darin@apple.com>

        Reviewed by Adele.

        - fix <rdar://problem/5413488> REGRESSION: every DOM element is about 40
          bytes bigger because it has a Timer

        Moved the timer to the document from the element.

        * dom/Document.h: Made frame() inline. Added updateFocusApperanceSoon(),
        cancelFocusAppearanceUpdate(), m_updateFocusAppearanceTimer,
        clearXMLVersion(), and updateFocusAppearanceTimerFired(). Also made
        everything that was previously protected be private instead.
        * dom/Document.cpp:
        (WebCore::Document::Document): Initialize m_updateFocusAppearanceTimer.
        (WebCore::Document::updateFocusAppearanceSoon): Added. Starts timer.
        (WebCore::Document::cancelFocusAppearanceUpdate): Added. Stops timer.
        (WebCore::Document::updateFocusAppearanceTimerFired): Added. If the
        focused node is a focusable element, then calls
        updateFocusAppearance(false) on it.

        * dom/Element.h: Removed default value of the boolean parameter to
        updateFocusAppareance. Removed needsFocusAppearanceUpdate(),
        setNeedsFocusAppearanceUpdate(), updateFocusAppearanceTimerFired(),
        stopUpdateFocusAppearanceTimer(), m_updateFocusAppearanceTimer, and
        m_needsFocusAppearanceUpdate. Added
        updateFocusAppearanceSoonAfterAttach() and cancelFocusAppearanceUpdate().
        * dom/Element.cpp:
        (WebCore::ElementRareData::ElementRareData): Added initializer for
        m_needsFocusAppearanceUpdateSoonAfterAttach.
        (WebCore::Element::Element): Removed initializers for
        m_updateFocusAppearanceTimer and m_needsFocusAppearanceUpdate.
        (WebCore::Element::attach): Updated code that starts the focus
        appearance timer to instead call updateFocusAppearanceSoon() on the
        document.
        (WebCore::Element::detach): Replaced call to
        stopUpdateFocusAppearanceTimer with call to cancelFocusAppearanceUpdate.
        (WebCore::Element::focus): Added check for node that's already focused,
        to match the logic that's in the derived classes. This makes it safe for
        us to remove the override in the derived classes. Also replaced the code
        that called setNeedsFocusAppearanceUpdate(true) with code to set the
        rare data flag m_needsFocusAppearanceUpdateSoonAfterAttach and added a
        call to cancelFocusAppearanceUpdate() in the case where there's no focus
        appearance update.
        (WebCore::Element::blur): Replaced call to
        stopUpdateFocusAppearanceTimer with call to cancelFocusAppearanceUpdate.
        (WebCore::Element::cancelFocusAppearanceUpdate): Added. Sets
        m_needsFocusAppearanceUpdateSoonAfterAttach to false, and then calls
        cancelFocusAppearanceUpdate() on the document, but only if the element
        is the focused node of the document.

        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::HTMLDocument): Replaced code that sets
        m_xmlVersion directly with a call to a new inline clearXMLVersion()
        function.
        (WebCore::HTMLDocument::setCookie): Replaced use of m_policyBaseURL with
        policyBaseURL().
        (WebCore::HTMLDocument::createTokenizer): Replaced uses of m_frame with
        frame().
        (WebCore::HTMLDocument::determineParseMode): Replaced code that sets
        pMode and hMode directly with calls to setParseMode and setHTMLMode.
        Replaced use of m_styleSelector with styleSelector().

        * html/HTMLInputElement.h: Removed now-unneed override of focus().
        Removed default value of the boolean parameter to updateFocusAppareance.
        * html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::updateFocusAppearance):
        Pass the restorePreviousSelection boolean through -- while it's ignored,
        it no longer has a default value.

        * html/HTMLTextAreaElement.h: Removed now-unneed override of focus().
        Removed default value of the boolean parameter to updateFocusAppareance.
        * html/HTMLTextAreaElement.cpp: Ditto.

        * WebCore.exp: Removed the Document::frame() symbol, since it's now inline.

2007-08-15  Antti Koivisto  <antti@apple.com>

        Reviewed by Maciej.
        
        Fix <rdar://problem/5388936>
        Crash while setting display:none for a table cell with selection
        
        Super class destroy() could (through some selection code in removeChild()) trigger section recalc 
        in middle of RenderTableCell::destroy(), cleaning section dirty bit. This would later crash in 
        layout since cell grid would still have refence to the dead cell.
        
        Ensure table sections are dirty when leaving destroy method.
        
        I can't figure out tests for row and section changes but they look like
        they could crash in similar way as cell.

        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::destroy):
        * rendering/RenderTableRow.cpp:
        (WebCore::RenderTableRow::destroy):
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::destroy):

2007-08-15  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoff.

        <rdar://problem/5389696> leak of 32-byte NSData object (and more?) in WebIconDatabase code path with each refresh of http://www.apple.com
        
        * platform/graphics/BitmapImage.h: Use RetainPtr for m_nsImage and m_tiffRep
        * platform/graphics/mac/ImageMac.mm:
        (WebCore::BitmapImage::initPlatformData): No need to do anything now
        (WebCore::BitmapImage::invalidatePlatformData): Simplify
        (WebCore::BitmapImage::getTIFFRepresentation): Use RetainPtr to avoid leaks
        (WebCore::BitmapImage::getNSImage): Use RetainPtr to avoid leaks

2007-08-15  Darin Adler  <darin@apple.com>

        Reviewed by Anders.

        - fix <rdar://problem/5094895> REGRESSION (r19094): JavaScript timers don't
          work inside showModalDialog; caret also doesn't blink

        * platform/Timer.h: Added fireTimersInNestedEventLoop.
        * platform/Timer.cpp:
        (WebCore::TimerBase::fireTimers): Added code to exit if the timersReadyToFire
        is cleared. This indicates that someone fired the timers in the nested event
        loop, so we should not fire any more timers ourselves.
        (WebCore::TimerBase::fireTimersInNestedEventLoop): Added. Sets timersReadyToFire
        to 0 so we won't return early and do nothing if the shared timer first. Then
        calls updateSharedTimer() so the shared timer will get scheduled as needed based
        on any pending timers.

        * page/Chrome.cpp: (WebCore::Chrome::runModal): Call
        fireTimersInNestedEventLoop before calling runModal on the client.

        * manual-tests/modal-dialog.html: Added a test that uses a timeout.
        * manual-tests/show-modal-dialog-test.html: Fixed a typo.

2007-08-15  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Darin.
        
        http://bugs.webkit.org/show_bug.cgi?id=14971
        REGRESSION: cannot select reporter's e-mail in bugzilla

        * page/EventHandler.cpp:
        (WebCore::EventHandler::canMouseDragExtendSelect): Allow drag-selecting inside
        a -webkit-user-select:ignore region.

2007-08-15  Beth Dakin  <bdakin@apple.com>

        Reviewed by Hyatt.

        Rolling back in. I made a silly mistake in XMLTokenizer that caused 
        this patch to crash SVG tests. It's fixed now!

        Refactor of change for <rdar://problem/5404899> REGRESSION: Mail 
        crash in WebCore::FontFallbackList::fontDataAt() after dragging 
        image into text multiple times

        The original fix that I made last night prevents the pending style 
        sheet count from being incremented until the element is in the 
        document. This fix prevents the style sheet from loading at all 
        until it is in the document.

        Here is the fix.
        * dom/StyleElement.cpp:
        (WebCore::StyleElement::insertedIntoDocument): Call process.
        (WebCore::StyleElement::removedFromDocument): This can be reverted 
        to its original state before my patch last night.
        (WebCore::StyleElement::process): childrenChanged is now called 
        process. Return early if your not in the document.
        (WebCore::StyleElement::createSheet): Revert change from last 
        night. The inDocument check is now in caller childrenChanged.
        * dom/StyleElement.h: insertedIntoDocument() must now accept an 
        element in addition to a document.

        This is an optimization to prevent calling updateStyleSelector() 
        too frequently.
        * dom/XMLTokenizer.cpp:
        (WebCore::XMLTokenizer::startElementNs):
        * html/HTMLStyleElement.cpp:
        (WebCore::HTMLStyleElement::HTMLStyleElement):
        (WebCore::HTMLStyleElement::finishedParsing):
        (WebCore::HTMLStyleElement::insertedIntoDocument):
        (WebCore::HTMLStyleElement::childrenChanged):
        (WebCore::HTMLStyleElement::sheetLoaded):
        * html/HTMLStyleElement.h:
        * ksvg2/svg/SVGStyleElement.cpp:
        (WebCore::SVGStyleElement::SVGStyleElement):
        (WebCore::SVGStyleElement::finishedParsing):
        (WebCore::SVGStyleElement::insertedIntoDocument):
        (WebCore::SVGStyleElement::childrenChanged):
        (WebCore::SVGStyleElement::sheetLoaded):
        * ksvg2/svg/SVGStyleElement.h:
        (WebCore::SVGStyleElement::setCreatedByParser):

        This is a name change. Document::stylesheetLoaded() 
        is now Document::removePendingSheet()
        * dom/Document.cpp:
        (WebCore::Document::removePendingSheet):
        * dom/Document.h:
        * dom/ProcessingInstruction.cpp:
        (WebCore::ProcessingInstruction::sheetLoaded):
        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::~HTMLLinkElement):
        (WebCore::HTMLLinkElement::setDisabledState):
        (WebCore::HTMLLinkElement::process):
        (WebCore::HTMLLinkElement::sheetLoaded):
        * page/Frame.cpp:
        (WebCore::UserStyleSheetLoader::~UserStyleSheetLoader):
        (WebCore::UserStyleSheetLoader::setCSSStyleSheet):

        This is another name change. closeRenderer() is now 
        finishedParsing()
        * dom/Node.h:
        (WebCore::Node::finishedParsing):
        * dom/XMLTokenizer.cpp:
        (WebCore::XMLTokenizer::endElementNs):
        (WebCore::):
        * html/HTMLAppletElement.cpp:
        (WebCore::HTMLAppletElement::finishedParsing):
        * html/HTMLAppletElement.h:
        * html/HTMLGenericFormElement.cpp:
        (WebCore::HTMLFormControlElementWithState::finishedParsing):
        * html/HTMLGenericFormElement.h:
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::finishedParsing):
        * html/HTMLObjectElement.h:
        * html/HTMLParser.cpp:
        (WebCore::HTMLParser::insertNode):
        (WebCore::HTMLParser::popOneBlockCommon):
        * html/HTMLScriptElement.cpp:
        (WebCore::HTMLScriptElement::finishedParsing):
        * html/HTMLScriptElement.h:
        (WebCore::HTMLStyleElement::setCreatedByParser):
        * ksvg2/svg/SVGAnimationElement.cpp:
        (WebCore::SVGAnimationElement::finishedParsing):
        * ksvg2/svg/SVGAnimationElement.h:
        * ksvg2/svg/SVGElement.cpp:
        (WebCore::SVGElement::finishedParsing):
        * ksvg2/svg/SVGElement.h:

2007-08-15  David Harrison  <harrison@apple.com>

        Reviewed by Antti Koivisto.

        <rdar://problem/5411803> Bumpercar crashes when loading a partial URL (FrameLoader::receivedMainResourceError())

        * loader/MainResourceLoader.cpp:
        (WebCore::MainResourceLoader::receivedError):
        Nil check for the FrameLoader.

2007-08-14  Steve Falkenburg  <sfalken@apple.com>

        <rdar://problem/5411482> Windows user agent language always returns "en"
        
        Implement defaultLanguage().

        Reviewed by Oliver.

        * WebCore.vcproj/WebCore.vcproj: Added Language.cpp.
        * platform/win/Language.cpp: Added.
        (WebCore::localeInfo): Added.
        (WebCore::defaultLanguage): Added.
        * platform/win/TemporaryLinkStubs.cpp: Remove defaultLanguage stub.

2007-08-14  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoff and Oliver.

        Fix for <rdar://problem/5267870>
        Mangleme: Reproducible assertion failure in -[WebCoreFrameBridge installInFrame:]

        - Change embed/plugin code path to detach the frame on willRemove instead of detach.
          This matches what frame and iframe do.

        Test: http/tests/misc/embedCrasher.html

        * html/HTMLPlugInElement.cpp:
        (WebCore::HTMLPlugInElement::willRemove):
        * html/HTMLPlugInElement.h:

2007-08-14  Adele Peterson  <adele@apple.com>

        Reviewed by Maciej.

        Fix for <rdar://problem/5370059> REGRESSION: Cannot type into edit fields on a form (sccsheriff.org)

        This change makes -webkit-user-select an inherited css property.  For "user-select: none" we were already 
        acting like it was an inheritable property, where we let user-select:text on the children override its parent's user-select:none.
        By making user-select really inherited (instead of inherited for some values), we eliminate the need for crawling up the tree to see 
        if an ancestor has user-select ignore set.

        * page/EventHandler.cpp: (WebCore::EventHandler::canMouseDownStartSelect):
          Now that user-select is inherited, you don't need to walk up the render tree looking for ancestors with user-select:ignore set.

        * css/CSSStyleSelector.cpp: Eliminate SELECT_AUTO.
        (WebCore::CSSStyleSelector::adjustRenderStyle):
        (WebCore::CSSStyleSelector::applyProperty):
        * css/CSSComputedStyleDeclaration.cpp: (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):

        * rendering/RenderStyle.h:
        (WebCore::): Eliminate SELECT_AUTO.  Make userSelect inherited.
        (WebCore::RenderStyle::userSelect):
        (WebCore::RenderStyle::setUserSelect):
        (WebCore::RenderStyle::initialUserSelect):
        * rendering/RenderStyle.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        (WebCore::StyleRareInheritedData::StyleRareInheritedData):
        (WebCore::StyleRareInheritedData::operator==):
        (WebCore::RenderStyle::diff):

2007-08-15  Peter Kasting  <zerodpx@gmail.org>

        Reviewed by Darin.
        
        http://bugs.webkit.org/show_bug.cgi?id=14967 part 1 - Eliminate most implicit
        conversions of wtf::Vector<T> to T* by explicitly calling .data()

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::saveState):
        * platform/KURL.cpp:
        (WebCore::KURL::KURL):
        (WebCore::KURL::init):
        (WebCore::KURL::decode_string):
        (WebCore::KURL::parse):
        (WebCore::KURL::encode_string):
        * platform/cf/KURLCFNet.cpp:
        (WebCore::KURL::KURL):
        * platform/mac/KURLMac.mm:
        (WebCore::KURL::KURL):
        * rendering/RenderFrameSet.cpp:
        (WebCore::RenderFrameSet::layOutAxis):

2007-08-14  Ricci Adams  <iccir@apple.com>

        Reviewed by Darin, Hyatt.

        - fix <rdar://problem/5407795> -apple-line-clamp should never display less than one line

        * rendering/RenderFlexibleBox.cpp:(WebCore::RenderFlexibleBox::layoutVerticalBox): Use
        max to make sure it never computes a minimum of less than one line.

2007-08-14  Brady Eidson  <beidson@apple.com>

        Reviewed by Darin, John, Maciej, Oliver, and Tim

        <rdar://problem/5394708> - Crash on launch with corrupt icon database

        The main part of the fix is to not disable SQLite's default level of protection - to leave the sync options at their normal,
        mostly safe levels.  

        But in case lightning strikes at the exact right moment and someone ends up with a corrupt database, add some support code to
        detect that condition and recover from it.  

        This is mainly accomplished by exposing the "PRAGMA integrity_check;" facilities of sqlite through IconDatabase SPI as well as
        running that integrity check if a journal file is detected at launch (a strong indication that the last quit was not clean).
        There's also a method exposed to allow clients to tell the icon database "I suspect something bad happened, please check integrity"

        * loader/icon/IconDatabase.cpp:
        (WebCore::IconDatabase::checkIntegrityBeforeOpening): Allow clients to suggest an integrity check
        (WebCore::IconDatabase::open): Add a check to see if the journal file for the database exists.  If it does, run the integrity
          check.  Also run the check if a client has suggested it to be necessary.
          If the integrity-check fails, we sadly have to destroy the database and recreate from scratch.
          Also - quite importantly - do not adjust the default sync preferences for the SQLDatabase.  They were an optimization that 
          might have been valid at one time but no longer affects any benchmarks we care about.
        (WebCore::IconDatabase::checkIntegrity): Perform the SQLite integrity_check pragma
        * loader/icon/IconDatabase.h:

        * loader/icon/IconDatabaseNone.cpp:
        (WebCore::IconDatabase::checkIntegrity): Keep IconDatabaseNone users building
        (WebCore::IconDatabase::checkIntegrityBeforeOpening): Ditto

        * loader/icon/SQLDatabase.cpp:
        (WebCore::SQLDatabase::open): Make a copy of the path string so we don't accidentally mutate anyone else's string on ::close()

        * platform/FileSystem.h: Added. Begin a long-needed platform file system abstraction
        * platform/mac/FileSystemMac.mm: Added.
        (WebCore::fileExists): Check if a file exists
        (WebCore::deleteFile): Delete a file

        * platform/gdk/TemporaryLinkStubs.cpp:
        (WebCore::fileExists):
        (WebCore::deleteFile):
        * platform/qt/TemporaryLinkStubs.cpp:
        (WebCore::fileExists):
        (WebCore::deleteFile):
        * platform/win/TemporaryLinkStubs.cpp:
        (WebCore::fileExists):
        (WebCore::deleteFile):

        * WebCore.exp:
        * WebCore.xcodeproj/project.pbxproj:

2007-08-14  Jon Honeycutt  <jhoneycutt@apple.com>

        Reviewed by Steve.

        Build fix for Windows.

        * html/HTMLFormElement.cpp:

2007-08-14  George Staikos  <staikos@kde.org>

        Only connect the menu signal once.

        * platform/qt/ContextMenuQt.cpp:
        (WebCore::ContextMenu::ContextMenu):
        (WebCore::ContextMenu::insertItem):

2007-08-14  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Tim.

        <rdar://problem/5408255> REGRESSION: In Mail, clicking the containing element's UI closebox doesn't delete element

        * editing/DeleteButtonController.cpp:
        (WebCore::DeleteButtonController::show): Use -webkit-user-select:ignore for
        the deletion UI.

2007-08-14  Antti Koivisto  <antti@apple.com>

        Reviewed by Darin.
        
        Fix <rdar://problem/5143183>
        Air Mail postmark shows up wrong in Firefox due to use of CSS background-position-x/y
        
        Safari was using non-standard background-position-x/y properties when serializing style, both normal 
        and computed. As a result Safari generated CSS would not render correctly in Firefox. 
        
        Use standard background-position property instead.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::):
        * css/CSSMutableStyleDeclaration.cpp:
        (WebCore::CSSMutableStyleDeclaration::cssText):

2007-08-14  Sam Weinig  <sam@webkit.org>

        Reviewed by Brady and Dr. Harrison.

        Fix typo.  'whitespace' property is spelled 'white-space'.

        * page/inspector/inspector.css:

2007-08-13  Beth Dakin  <bdakin@apple.com>

        Reviewed by Maciej.

        Fix for <rdar://problem/5404899> REGRESSION: Mail crash in 
        WebCore::FontFallbackList::fontDataAt() after dragging image into 
        text multiple times

        We were crashing because style information was not up-to-date. This 
        patch fixes the problem in two ways:

        Style information was not up to date at the time of the crash 
        because the document thought there was still a pending style sheet. 
        The pending style sheet counter was incremented when a call to 
        cloneNode from Mail cloned a style node with an imported style 
        sheet. Because Mail disables the cache, the style sheet did not 
        load immediately for the cloned node, and we do not check again to 
        see if it has loaded in time to decrement the pending style sheet 
        counter before the crash point. The fix here is only to increment 
        the pending style sheet counter for elements that are already in 
        the document.
        * dom/StyleElement.cpp:
        (WebCore::StyleElement::insertedIntoDocument): If we have a CSS 
        style sheet that is currently loading, increment the pending style 
        sheet counter. This should keep the counter accurate in the case 
        where a style node is cloned and then immediately inserted into the 
        document.
        (WebCore::StyleElement::removedFromDocument): If we have a CSS 
        style sheet that is currently loading, decrement the pending style 
        sheet count. This is required to keep the correct balance, given 
        the change above.
        (WebCore::StyleElement::createSheet): Only addPendingSheet() and 
        checkLoaded() if we are in the document.

        Here is Darin's original fix. It seems worth keeping this fix too. 
        Font style information should not cause a crash if there are still 
        pending style sheets. This is good belt-and-suspenders in case 
        there is another way to run into this bug with a wacky timing 
        issue.
        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::styleForElement): Update the font.

2007-08-13  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=14635
        rdar://problem/5340188
        Uploading file with non-ASCII character in path fails

        File upload cannot be tested in DumpRenderTree.

        * html/HTMLFormElement.cpp:
        (WebCore::pathGetFilename): A cross-platform helper that extracts a file name from a path.
        (WebCore::HTMLFormElement::formData): Use the above helper instead of code that doesn't
        work on Windows.

2007-08-13  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin.

        http://bugs.webkit.org/show_bug.cgi?id=14951
        REGRESSION: page interpreted as UTF-8 because of stray <?xml> after <head>

        Test: fast/encoding/misplaced-xml-declaration.html

        * loader/TextResourceDecoder.cpp:
        (WebCore::TextResourceDecoder::checkForHeadCharset): Only honor XML declaration
        at the very beginning of the file.

2007-08-13  Oliver Hunt  <oliver@apple.com>

        rs=sam

        Correct accidentally modified code.

        * platform/mac/FontDataMac.mm:
        (WebCore::FontData::platformInit):

2007-08-13  Adele Peterson  <adele@apple.com>

        Reviewed by Brady.

        Fix for http://bugs.webkit.org/show_bug.cgi?id=14746
        <rdar://problem/5401041> REGRESSION: Form state not saved for forms that submit via HTTPS even if they do not contain a password field

        * loader/FrameLoader.cpp: (WebCore::FrameLoader::saveDocumentState): Restore our old behavior that will save form state for secure forms.
          This will also match Firefox behavior.

        * dom/Document.cpp: Removed secureFormAdded(), secureFormRemoved(), hasSecureForm() which are no longer used.
        * dom/Document.h:
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::attach):
        (WebCore::HTMLFormElement::parseMappedAttribute):

2007-08-13  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej.

        <rdar://problem/5386183> REGRESSION (9A504-9A508): Underline of inline hole is too thin 
        on Japanese DotMac page
        
        Hack the line metrics for the Hiragino font families so that they always allow space for
        the marked text underline.
        
        * platform/mac/FontDataMac.mm:
        (WebCore::FontData::platformInit):

2007-08-13  David Hyatt  <hyatt@apple.com>

        Reviewed by aroben
 
        <rdar://problem/5400446> messed up content on calendar.yahoo.com and my.yahoo.com

        Fix some more bad assumptions about <html> being the first child of the document now that we
        properly support HTML5's model (where a comment node preceding <html> will in fact be its sibling).

        * html/HTMLParser.cpp:
        (WebCore::HTMLParser::handleError):
        (WebCore::HTMLParser::createHead):

2007-08-13  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Darin.
        
        <rdar://problem/5333725> -webkit-user-select: none makes selection difficult
        
        Let users create selections if they mouse down in a -webkit-user-select:none
        region, just (continue to) disallow selection endpoints in those regions, and
        don't paint those regions as selected if they are fully enclosed by a selection. 
        For example, in xxyyyxx where x is -webkit-user-select:none, a user can mouse down
        between the first two xs and drag across yyy to the second two xs to create a 
        selection xx^yyy^xx.
        
        * editing/SelectionController.cpp:
        (WebCore::SelectionController::selectAll): Allow selectAll inside a root
        that has -webkit-user-select:none, because it may contain content that
        is selectable (VisiblePosition and Selection creation will keep Selection
        endpoints out of -webkit-user-select:none regions).
        * page/EventHandler.cpp:
        (WebCore::EventHandler::selectClosestWordFromMouseEvent): Use canMouseDownStartSelect
        instead of the ambiguously named shouldSelect().
        (WebCore::EventHandler::handleMousePressEventTripleClick): Ditto.
        (WebCore::EventHandler::handleMousePressEventSingleClick): Ditto.
        (WebCore::EventHandler::updateSelectionForMouseDrag): Use canMouseDragExtendSelect.
        (WebCore::EventHandler::selectCursor): Paint an ibeam in -webkit-user-select:none regions,
        because you can click in those regions to create a selection.
        (WebCore::EventHandler::canMouseDownStartSelect): Now fires the selectStart event, and
        returns true in -webkit-user-select: none regions.
        (WebCore::EventHandler::canMouseDragExtendSelect): This is identical to 
        canMouseDownStartSelect because of 12823, even though it seems strange that we would fire 
        the selectStart event here.
        * page/EventHandler.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::draggableNode): Only -webkit-user-select:ignore regions will
        prevent selection creation.
        * rendering/RenderObject.h:

2007-08-13  Anders Carlsson  <andersca@apple.com>

        Reviewed by Maciej.

        <rdar://problem/5360748>
        REGRESSION (r21002-r21003): Flash widget sniffer doesn't work (affects iWeb)

        Don't check whether the document is being parsed or not, because the node list
        could be accessed after the document has finished parsing.
        
        * dom/Node.cpp:
        (WebCore::Node::registerNodeList):

2007-08-13  Lars Knoll  <lars@trolltech.com>

        Reviewed by Simon.

        no need to update regions that are not visible on the webpage.

        * platform/qt/ScrollViewQt.cpp:
        (WebCore::ScrollView::updateContents):

2007-08-12  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin and Sam.
        
        <rdar://problem/5395213> cross-domain access to individual components of location object should be denied.

        * bindings/js/kjs_window.cpp:
        (KJS::Location::put): Add the appropriate cross-domain access checks.

2007-08-12  Darin Adler  <darin@apple.com>

        Reviewed by John Sullivan.

        - fix <rdar://problem/5403724> REGRESSION: text inputs are not scrolled to make inline input visible (14912)

        * editing/Editor.h: Made setIgnoreMarkedTextSelectionChange no longer inline.
        It now has a side effect of revealing the selection when you set it to false.
        Added private revealSelectionAfterEditingOperation helper.
        * editing/Editor.cpp:
        (WebCore::Editor::deleteRange): Calls revealSelectionAfterEditingOperation instead
        of calling m_frame->revealSelection directly.
        (WebCore::Editor::replaceSelectionWithFragment): Ditto.
        (WebCore::Editor::insertOrderedList): Ditto.
        (WebCore::Editor::insertUnorderedList): Ditto.
        (WebCore::Editor::increaseSelectionListLevel): Ditto.
        (WebCore::Editor::increaseSelectionListLevelOrdered): Ditto.
        (WebCore::Editor::increaseSelectionListLevelUnordered): Ditto.
        (WebCore::Editor::decreaseSelectionListLevel): Ditto.
        (WebCore::Editor::insertLineBreak): Ditto.
        (WebCore::Editor::insertParagraphSeparator): Ditto.
        (WebCore::Editor::replaceMarkedText): Ditto.
        (WebCore::Editor::revealSelectionAfterEditingOperation): Added. Calls revealSelection,
        unless we are in the ignoreMarkedTextSelectionChange state. If we are in that state,
        we're in the middle of a composite editing operation and we shouldn't try to scroll
        to reveal the selection until the operation is done.
        (WebCore::Editor::setIgnoreMarkedTextSelectionChange): Made no longer inline. If
        changing the state from true to false, then calls revealSelectionAfterEditingOperation.

        * WebCore.exp: Add new entry point for no-longer-inline setter function.

2007-08-12  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak, Dave Hyatt.
        
        Changed the dead resource LRU-SP algorithm to measure an object's
        total size, not just its encoded size. This will allow us to make 
        better decisions about what data to evict when the cache is small. For 
        example, the PLT can now run with a 16MB cache without fully evicting
        any resources.
        
        (Previously, we had assumed that decoded size would be an OK estimate
        of encoded size, but that is not true of GIF, whose decoded size can be 
        orders of magnitude greater than its encoded size.)
        
        Subtly, destroying a resource's decoded data now increases its recency 
        by moving it to the head of a smaller LRU list. This is slightly odd,
        but, since all resources get the same treatment, it shouldn't hurt 
        the eviction algorithm.

        * history/PageCache.cpp:
        (WebCore::PageCache::releaseAutoreleasedPagesNow): Make sure that a
        dead resource eviction doesn't happen until we've released all of our
        dead pages. Otherwise, the cache will make terrible decisions about 
        what to evict because all of our dead resources will seem live.

        * loader/Cache.cpp:
        (WebCore::Cache::Cache):
        (WebCore::Cache::pruneLiveResources):
        (WebCore::Cache::pruneDeadResources): Removed call to 
        removeFromLiveDecodedResourcesList because this happens automatically
        now as a part of the process of changing the resource's decoded size.
        (WebCore::Cache::lruListFor): *** The key change. *** Compute the 
        appropriate LRU list based on total size, not encoded size.
        (WebCore::Cache::dumpLRULists): Added debug logging function to help
        visualize the cache.

        * loader/Cache.h:
        (WebCore::Cache::setDeadResourcePruneEnabled):
        (WebCore::Cache::deadResourcePruneEnabled):

        * loader/CachedImage.cpp: Moved decoded size tracking code from here
        up into the base class. Currently, only CachedImage has a use for that
        functionality, but other subclasses might need it in the future, and
        the base class is already responsible for similar code related to 
        encoded size tracking.
        (WebCore::CachedImage::decodedSizeChanged):
        * loader/CachedImage.h:

        * loader/CachedResource.cpp:
        (WebCore::CachedResource::CachedResource):
        (WebCore::CachedResource::setDecodedSize): Move us in the LRU-SP list
        just like setEncodedSize does, since decoded size counts now, too.
        (WebCore::CachedResource::setEncodedSize): Changed slightly to match
        the style of setDecodedSize.

        * loader/CachedResource.h:
        (WebCore::CachedResource::decodedSize):

2007-08-11  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=13670
          <rdar://problem/5399619> Table misrender when one of the TDs has width=100%

        Tests: fast/table/100-percent-cell-width.html
               fast/table/percent-widths-stretch.html

        * rendering/AutoTableLayout.cpp:
        (WebCore::AutoTableLayout::calcPrefWidths): Changed the value used instead of
        0% to avoid division by zero from 1% to less than 0.01%. Removed code that
        added 0.5px to non-percent widths when calculating the scaling factor. The
        latter change is covered by the percent-widths-stretch test, where the new
        results match both WinIE 7 and Firefox 3.

2007-08-11  Darin Adler  <darin@apple.com>

        Reviewed by Antti.

        - fix <rdar://problem/5266535> REGRESSION: <img> inside <map> no longer allowed in strict mode
          (breaks chemicalelements.com)

        Test: fast/parser/strict-img-in-map.html

        * html/HTMLMapElement.cpp: (WebCore::HTMLMapElement::checkDTD): Removed FIXME saying this
        code is strange, since this code matches the HTML 4 specification almost exactly. Made
        <img> elements allowed even in strict mode and added small comments to clarify what comes
        from the DTD and what is non-standard.

2007-08-11  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Anders.

        Implement passing events to a subframe. The code is copied from
        the windows port and passSubframeEventToSubframe was removed as it
        is not called and it is not avilable in the windows port as well.

        * page/gdk/EventHandlerGdk.cpp:
        (WebCore::EventHandler::passMousePressEventToSubframe):
        (WebCore::EventHandler::passMouseMoveEventToSubframe):
        (WebCore::EventHandler::passMouseReleaseEventToSubframe):

2007-08-11  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Lars.

        GdkEventKey::string is not supposed to be used. The length
        of this string is zero for non ascii characters. Use the
        gdk_unicode_to_keyval to convert the keyval to a UChar and construct
        a String. This change makes it possible to input non ascii
        characters.

        * platform/gdk/KeyEventGdk.cpp:
        (WebCore::keyIdentifierForGdkKeyCode):
        (WebCore::singleCharacterString):
        (WebCore::PlatformKeyboardEvent::PlatformKeyboardEvent):

2007-08-11  Andrew Wellington  <proton@wiretapped.net>

        Reviewed by Mark Rowe.
        
        Fix http://bugs.webkit.org/show_bug.cgi?id=14645
        getPropertyValue should be case insensitive
        
        When we get the propertyID for a given string we convert to lowercase.
        
        This also applies to setProperty, removeProperty and others.
        
        * css/CSSStyleDeclaration.cpp:
        (WebCore::propertyID):

2007-08-11  Mark Rowe  <mrowe@apple.com>

        Build fix.  Change "#ifdef PLATFORM(GDK)" to "#if PLATFORM(GDK)".

        * page/FrameView.cpp:
        * page/FrameView.h:

2007-08-11  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Adam.

        Copy the WebFrame::layoutIfNeededRecursive method of the windows port
        to FrameView to be used by the Gtk+ port. Simplify the implementation due
        moving it to the FrameView class.

        Implement the ScrollView::children() method for the Gtk+ port and make it
        available to the FrameView as children() is used within the layoutIfNeededRecursive method.

        * page/FrameView.cpp:
        (WebCore::FrameView::layoutIfNeededRecursive):
        * page/FrameView.h:
        * platform/ScrollView.h:
        * platform/gdk/ScrollViewGdk.cpp:

2007-08-11  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Adam.

        To fix text selection make the PlatformMouseEvent set the pressed
        button even when moving the mouse.
        
        Add building of the WebKit::DragClient stubs as they are needed to
        make text selection work.

        * WebCore.pro:
        * platform/gdk/MouseEventGdk.cpp:
        (WebCore::PlatformMouseEvent::PlatformMouseEvent):

2007-08-10  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin and Maciej.

        <rdar://problem/5360748>
        REGRESSION(r21002-r21003) Flash widget sniffer doesn't work
        
        Add a per-document NodeList counter. When parsing, only call notifyNodeListsChildrenChanged
        if the document has node lists. Also, make sure to reset the cache when the node list count has 
        been 0 and a new node list is registered to avoid any stale cache information.
        
        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::addChild):
        * dom/Document.cpp:
        (WebCore::Document::Document):
        * dom/Document.h:
        (WebCore::Document::addNodeList):
        (WebCore::Document::removeNodeList):
        (WebCore::Document::hasNodeLists):
        * dom/Node.cpp:
        (WebCore::Node::registerNodeList):
        (WebCore::Node::unregisterNodeList):

2007-08-10  Timothy Hatcher  <timothy@apple.com>

        Reviewed by Adam.

        <rdar://problem/5394449> Stop using some Carbon UI APIs for 64 bit

        Disable NPObject use in 64-bit on Mac OS X.

        * Configurations/WebCore.xcconfig: Add a framework search path to the sub-framworks of Carbon.
        * WebCore.xcodeproj/project.pbxproj: Filter out the Frame::windowScriptNPObject() symbol in 64-bit.
        * bindings/objc/DOM.mm:
        (-[DOMElement _NPObject]): Return null in 64-bit.
        * config.h: Set WTF_USE_NPOBJECT to 0 in 64-bit Mac OS X.
        * page/Frame.cpp:
        (WebCore::Frame::cleanupScriptObjects): Add more #if USE(NPOBJECT) blocks where needed.
        * page/Frame.h: Ditto.
        * page/mac/FrameMac.mm:
        (WebCore::Frame::createScriptInstanceForWidget): Ditto.
        * page/mac/WebCoreFrameBridge.h: Ditto.
        * page/mac/WebCoreFrameBridge.mm: Ditto.

2007-08-10  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Justin.

        - fix <rdar://problem/5397344> http://bugs.webkit.org/show_bug.cgi?id=14911
          REGRESSION: Clicking in pasted text doesn't position the insertion point correctly

        Test: editing/selection/inline-closest-leaf-child.html

        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::closestLeafChildForXPos): Return the last leaf if
        it's the closest match, or if no other leaf matches (for example if all
        leaves are list markers or non-editable where editable is required).

2007-08-10  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        <rdar://problem/5390568> 
        REGRESSION: -[WebFrame loadHTMLString:baseURL:] leaks the data source.
        
        Revert the fix for <rdar://problem/5133420> which caused us to not cancel 
        substitute data loads. It's better to remove the assertion in the WebKit layer.
        
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::didCancel):

2007-08-10  Sam Weinig  <sam@webkit.org>

        Rubber-stamped by Adam Roben.

        Fix Windows, Qt and Gtk build.

        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:

2007-08-09  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej.

        Fix for <rdar://problem/5395618>

        Use checkNodeSecurity when setting the 'src' or 'location' attribute of an
        iframe or frame element.  

        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSAttrCustom.cpp: Added.
        (WebCore::JSAttr::setValue): Call checkNodeSecurity for attributes with a current iframe or frame
        ownerElement when setting src to a javascript: URL.
        * bindings/js/JSElementCustom.cpp: Added.
        (WebCore::allowSettingSrcToJavascriptURL):
        (WebCore::JSElement::setAttribute): Call checkNodeSecurity when element is a frame or iframe and 
        setting he src attribute to a javascript: URL.
        (WebCore::JSElement::setAttributeNode): Ditto.
        (WebCore::JSElement::setAttributeNS): Ditto.
        (WebCore::JSElement::setAttributeNodeNS): Ditto.
        * bindings/js/JSHTMLFrameElementCustom.cpp: Added.
        (WebCore::allowSettingJavascriptURL):
        (WebCore::JSHTMLFrameElement::setSrc): Call checkNodeSecurity when setting to a javascript: URL.
        (WebCore::JSHTMLFrameElement::setLocation): Ditto.
        * bindings/js/JSHTMLIFrameElementCustom.cpp: Added.
        (WebCore::JSHTMLIFrameElement::setSrc): Call checkNodeSecurity when setting to a javascript: URL.
        * bindings/scripts/CodeGeneratorJS.pm: Add support for [CustomGetter] and [CustomSetter]
        * dom/Attr.idl:
        * dom/Element.idl:
        * html/HTMLFrameElement.idl:
        * html/HTMLIFrameElement.idl:

2007-08-10  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Anders.

        Make the containingWindow a GtkContainer and make use of the
        GtkWidget::window instead of the GtkLayout::bin_window.

        * platform/Widget.h:
        * platform/gdk/PlatformScreenGdk.cpp:
        (WebCore::screenDepth):
        * platform/gdk/ScrollViewGdk.cpp:
        (WebCore::ScrollView::updateContents):
        (WebCore::ScrollView::update):
        * platform/gdk/WidgetGdk.cpp:
        (WebCore::Widget::setContainingWindow):
        (WebCore::Widget::setCursor):

2007-08-10  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Lars.

        Revert r24699 as it broke timers. The precision of QTime::toTime_t() is just seconds, which is not good enough. Revert back
        to the old implementation and use the simple implementation of currentTime() from win/ for the Qt/Windows build (fingers crossed :)

        * WebCore.pro:
        * platform/qt/SystemTimeQt.cpp:
        (WebCore::currentTime):

2007-08-10  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Lars.

        Recognize .htm as valid extension for text/html.

        * platform/qt/MIMETypeRegistryQt.cpp:
        (WebCore::):

2007-08-10  Lars Knoll  <lars@trolltech.com>

        Reviewed by Simon.

        remove an assertion that leads to crashes. The whole design of WidgetQt and ScrollViewQt needs to be reevaluated soon anyways.

        * platform/qt/ScrollViewQt.cpp:

2007-08-10  Mark Rowe  <mrowe@apple.com>

        Fix the Mac build.

        * ForwardingHeaders/bindings/runtime_object.h: Added.

2007-08-10  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Lars.

        Make sure -fno-strict-aliasing is also added for mkspecs like linux-g++-64.

        * WebCore.pro:

2007-08-10  Simon Hausmann  <hausmann@kde.org>

        Reviewed by Lars.

        Enable JavaScript bindings for HTML Object/Applet elements in the Qt port.

        * WebCore.pro:
        * bindings/js/kjs_dom.cpp:
        * html/HTMLAppletElement.h:
        * html/HTMLEmbedElement.h:
        * page/qt/FrameQt.cpp:
        (WebCore::Frame::createScriptInstanceForWidget):

2007-08-10  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Dave Hyatt.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14798
          Incorrect bidi reordering of neutrals and digits after RTL embed
          and other bugs in the bidi algorithm.

        Test: fast/text/international/bidi-neutral-run.html

        Fixed several bugs in resolving the embedding level of runs of neutral
        characters. Changed the logic to rely on the eor direction only for
        the number types, and otherwise consider the last strong type.

        * platform/BidiContext.h:
        (WebCore::BidiContext::BidiContext): Added an ASSERT.
        * platform/BidiResolver.h:
        (WebCore::::embed):
        (WebCore::::createBidiRunsForLine):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::TextRunIterator::atEnd): Changed to return true instead of
        crashing when called on the empty iterator.

2007-08-09  Mark Rowe  <mrowe@apple.com>

        Reviewed by Antti.

        <rdar://problem/5400709> Versioning in debug and release builds should include minor and tiny version before +

        * Configurations/Version.xcconfig:
        * WebCore.xcodeproj/project.pbxproj: Add a shell script phase to make to dependency between
        Version.xcconfig and Info.plist explicit to Xcode.

2007-08-09  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Justin Garcia.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14347
          REGRESSION (r21291): Initiating a drag near the edge of a selection deselects it

        Test: editing/selection/contains-boundaries.html

        * editing/SelectionController.cpp:
        (WebCore::SelectionController::contains): Changed to return true for the
        selection boundaries too.

2007-08-09  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Dave Hyatt.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14742
          Document::recalcStyle(Force) called for every updateStyleIgnorePendingStylesheets while waiting for stylesheets
          <rdar://problem/5376306>

        updateStyleSelector() is normally called when something changes that factors
        into the style selector. However, updateLayoutIgnorePendingStylesheets() calls it for
        a different reason, namely to account for all the preceding changes that were ignored
        because of the early return in updateStyleSelector(). After that, the early return
        can no longer occur, so changes are accounted for as they happen, and
        updateLayoutIgnorePendingStylesheets() does not need to call updateStyleSelector()
        again.

        * dom/Document.cpp:
        (WebCore::Document::updateLayoutIgnorePendingStylesheets): Call updateStyleSelector()
        only before the first layout.

2007-08-09  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Adam Roben.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14362
          Opening a select list always highlights first element in list

        * platform/win/PopupMenuWin.cpp:
        (WebCore::PopupWndProc): Track the mouse only inside the popup.

2007-08-09  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Dave Hyatt.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14875
          Textarea with nowrap - left/right nav, Up/down nav both hide text

        Test: fast/layers/scroll-rect-to-visible.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollRectToVisible): Account for borders and scroll bars.

2007-08-09  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Dave Hyatt.
        
        Refactored live decoded resource eviction to be more modular / 
        encapsulated. 
        
        This fixes one known place where we forgot to hook into the live 
        decoded eviction mechanism -- canvas. There might be other, unknown 
        places. In a canvas test page, which I broke off from the Safari 
        pageout test, I saw an RPRVT reduction of ~10MB.
        
        A few renames:
        - "m_lastLiveAccessTime" => "m_lastDecodedAccessTime" because the data
        point we're recording is access to the resource in decoded form.
        
        - "liveResourceAccessed" => "didAccessDecodedData" for the same reason.

        - "pruneAllResources" => "pruneDeadResources" because this function 
        does not prune live resources.
        
        And the fix:
        Instead of updating cache metadata at the call site whenver drawing an 
        image, just have an image notify its observer whenever it draws. The 
        observer, which is a CachedResource, can then update the metadata.
        
        * loader/Cache.cpp: Renames
        * loader/Cache.h: Removed stale declarations, updated comments
        * loader/CachedImage.cpp:
        (WebCore::CachedImage::didDraw): Implemented didDraw to update cache
        metadata whenever our image draws.
        * loader/CachedImage.h: Grouped parts of the ImageObserver interface.
        * loader/CachedResource.cpp:
        (WebCore::CachedResource::CachedResource):
        (WebCore::CachedResource::deref):
        (WebCore::CachedResource::didAccessDecodedData): Made this function
        slightly more modular by allowing the caller to provide a time stamp.
        In theory, not all CachedResources will necessarily want to use the 
        current paint time stamp.
        * platform/graphics/cg/ImageCG.cpp:
        (WebCore::BitmapImage::draw): Notify our observer that we drew.
        (WebCore::Image::drawPattern): ditto
        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::draw): ditto
        * platform/graphics/svg/SVGImage.cpp:
        (WebCore::SVGImage::draw): ditto
        
        Removed old code at image drawing call sites:
        
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::paintBackgroundExtended):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paint):
        * rendering/RenderListMarker.cpp:
        (WebCore::RenderListMarker::paint):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::paintBorderImage):

2007-08-10  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Adam.

        Move the various *ClientGdk.{h,cpp} away from the WebCore directory as
        of http://bugs.webkit.org/show_bug.cgi?id=14727.

        * WebCore.pro:
        * platform/gdk/TemporaryLinkStubs.cpp:

2007-08-09  Anders Carlsson  <andersca@apple.com>

        Reviewed by Maciej.

        <rdar://problem/5400029> iframes with an image src rarely load image
        
        Don't try to shrink standalone images in subframes. The resize event is not 
        sent for subframes which screws up the shrink-to-fit logic.
        
        * loader/ImageDocument.cpp:
        (WebCore::ImageDocument::createDocumentStructure):
        (WebCore::ImageDocument::imageChanged):
        (WebCore::ImageDocument::shouldShrinkToFit):
        * loader/ImageDocument.h:

2007-08-10  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Adam.

        Implement FrameLoaderClientGdk::createFrame mostly by copying
        the windows implementation. A method similiar to WebFrame::loadURLIntoChild
        was not introduced instead we have a simplified version similiar to the
        one of the Qt port.

        Remove building of WebKit/gtk/webkitgtkframedata.{cpp,h}.

        * WebCore.pro:
        * loader/gdk/FrameLoaderClientGdk.cpp:
        (WebCore::FrameLoaderClientGdk::createFrame):

2007-08-10  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Adam.

        Use the ScrollView/Widget design of the Windows port to only use one
        native window for the whole page. This will make it possible to implement
        FrameLoaderClientGdk::createFrame.

        In contrast to the windows port the ScrollBars are GtkWidgets. To paint them
        at the right position we need to position them correctly. To not scroll the
        ScrollBar's belonging to the ScrollView a ScrollViewScrollbar is introduced with
        a different geometryChanged method.

        To allow the Gtk+ way of scrolling the ScrollView allows to get GtkAdjustments
        set. In this case no ScrollViewScrollbar will be created.


        * platform/ScrollView.h:
        * platform/Widget.h:
        * platform/gdk/PlatformScreenGdk.cpp:
        (WebCore::screenDepth):
        * platform/gdk/PlatformScrollBar.h:
        * platform/gdk/PlatformScrollBarGdk.cpp:
        (PlatformScrollbar::PlatformScrollbar):
        (PlatformScrollbar::~PlatformScrollbar):
        (PlatformScrollbar::setRect):
        (PlatformScrollbar::geometryChanged):
        * platform/gdk/ScrollViewGdk.cpp:
        (WebCore::ScrollView::ScrollViewPrivate::ScrollViewPrivate):
        (WebCore::ScrollView::ScrollViewPrivate::~ScrollViewPrivate):
        (WebCore::ScrollViewScrollbar::ScrollViewScrollbar):
        (WebCore::ScrollViewScrollbar::geometryChanged):
        (WebCore::ScrollView::ScrollViewPrivate::setHasHorizontalScrollbar):
        (WebCore::ScrollView::ScrollViewPrivate::setHasVerticalScrollbar):
        (WebCore::ScrollView::ScrollViewPrivate::scrollBackingStore):
        (WebCore::ScrollView::ScrollViewPrivate::adjustmentChanged):
        (WebCore::ScrollView::ScrollViewPrivate::valueChanged):
        (WebCore::ScrollView::ScrollViewPrivate::windowClipRect):
        (WebCore::ScrollView::setGtkAdjustments):
        (WebCore::ScrollView::updateContents):
        (WebCore::ScrollView::update):
        (WebCore::ScrollView::visibleWidth):
        (WebCore::ScrollView::resizeContents):
        (WebCore::ScrollView::contentsX):
        (WebCore::ScrollView::scrollOffset):
        (WebCore::ScrollView::maximumScroll):
        (WebCore::ScrollView::scrollBy):
        (WebCore::ScrollView::suppressScrollbars):
        (WebCore::ScrollView::setHScrollbarMode):
        (WebCore::ScrollView::setVScrollbarMode):
        (WebCore::ScrollView::setScrollbarsMode):
        (WebCore::ScrollView::setFrameGeometry):
        (WebCore::ScrollView::addChild):
        (WebCore::ScrollView::removeChild):
        (WebCore::ScrollView::scrollRectIntoViewRecursively):
        (WebCore::ScrollView::wheelEvent):
        (WebCore::ScrollView::updateScrollbars):
        (WebCore::ScrollView::windowToContents):
        (WebCore::ScrollView::contentsToWindow):
        (WebCore::ScrollView::scrollbarUnderMouse):
        (WebCore::ScrollView::convertChildToSelf):
        (WebCore::ScrollView::convertSelfToChild):
        (WebCore::ScrollView::paint):
        (WebCore::ScrollView::geometryChanged):
        (WebCore::ScrollView::scroll):
        (WebCore::ScrollView::addToDirtyRegion):
        (WebCore::ScrollView::scrollBackingStore):
        (WebCore::ScrollView::updateBackingStore):
        * platform/gdk/WidgetGdk.cpp:
        (WebCore::WidgetPrivate::gdkDrawable):
        (WebCore::Widget::Widget):
        (WebCore::Widget::setContainingWindow):
        (WebCore::Widget::containingWindow):
        (WebCore::Widget::frameGeometry):
        (WebCore::Widget::setFrameGeometry):
        (WebCore::Widget::setParent):
        (WebCore::Widget::parent):
        (WebCore::Widget::setCursor):
        (WebCore::Widget::show):
        (WebCore::Widget::hide):
        (WebCore::Widget::removeFromParent):
        (WebCore::Widget::paint):
        (WebCore::Widget::invalidate):
        (WebCore::Widget::invalidateRect):
        (WebCore::Widget::convertToContainingWindow):
        (WebCore::Widget::convertFromContainingWindow):
        (WebCore::Widget::convertChildToSelf):
        (WebCore::Widget::convertSelfToChild):
        (WebCore::Widget::suppressInvalidation):
        (WebCore::Widget::setSuppressInvalidation):

2007-08-09  Adele Peterson  <adele@apple.com>

        Fix by Brady, reviewed by me.

        Fix for <rdar://problem/5380697> connection:willSendRequest:redirectResponse: is called on every NSURLConnection

        * platform/network/mac/ResourceHandleMac.mm: (-[WebCoreResourceHandleAsDelegate connection:willSendRequest:redirectResponse:]):
          Work around a behavior change in CFNetwork where willSendRequest gets called more often by returning early.

2007-08-09  Darin Adler  <darin@apple.com>

        Reviewed by Antti.

        - fix <rdar://problem/4889753> REGRESSION: Selection doesn't continue with drag selecting
          when autoscrolling vertically (in Notes as well as Safari)

        The bug doesn't happen inside DumpRenderTree, so I was unable to make an automated
        regression test.

        * manual-tests/autoscroll-when-outside-window.html: Added.

        * rendering/RenderLayer.cpp: (WebCore::RenderLayer::autoscroll): Removed unneeded null
        check for the layer's renderer and the document, neither of which can be null. Call
        the new updateSelectionForMouseDrag instead of doing selection updating here.

        * page/EventHandler.h:
        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleMouseDraggedEvent): Refactored most of the logic
        about updating the selection into updateSelectionForMouseDrag.
        (WebCore::EventHandler::updateSelectionForMouseDrag): Added. The public version of
        this function takes no parameters, and is for use from auto-scrolling code. The
        private version of this function takes node and point parameters and contains the
        shared code, including everything from updateSelectionForMouseDragOverPosition.
        Aside from the code motion, variable name changes, and sharing more code, this
        differs from the old code in RenderLayer::autoscroll in the following ways:

          1) The old code did hit testing only in the layer that was auto-scrolling,
             and the new code instead starts the hit testing at the root layer, which is
             better because it's the same thing we do for mouse moved events. Further,
             the code to do this by calling convertToLayerCoords had a bug  because the
             x and y variables were uninitialized.
          2) The old code passed false for active to HitTestRequest, which was wrong.
             The new code passes true. This flag needs to be true for hit testing done
             while the mouse is down and false for hit testing done while the mouse is up.
          3) The old code did not have the SVG-specific logic to match the mouse moved case.
          4) The old code wouldn't do any selection updating if the return value from hitTest
             was false, which is incorrect. The new code ignores the return value as it should.

2007-08-08  Beth Dakin  <bdakin@apple.com>

        Reviewed by Geoff Garen.

        Fx for <rdar://problem/5286443>, http://bugs.webkit.org/
        show_bug.cgi?id=14268 REGRESSION: Radio buttons don't stay selected 
        due to unclosed <label> tags

        This patch maintains the behavior that allows <label> tags to nest. 
        This matches WinIE, and appears to match the spec, since the spec 
        does not explicitly say that they cannot nest. It fixes the bug 
        instead by calling setDefaultHandled() in two places it should have 
        been called anyway. This keeps the appropriate button checked as 
        the event bubbles.

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::postDispatchEventHandler):
        * html/HTMLLabelElement.cpp:
        (WebCore::HTMLLabelElement::defaultEventHandler):

2007-08-08  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Oliver.

        <rdar://problem/5387578> Crash at ReplaceSelectionCommand::doApply() when pasting just after table cell content
        
        ReplaceSelectionCommand::doApply() inserts a line break before insertion
        to prevent block nesting.  InsertLineBreakCommand::doApply was accidently
        destroying a text node when it removed insignificant whitespace and then
        setting a nil endingSelection().

        * editing/InsertLineBreakCommand.cpp:
        (WebCore::InsertLineBreakCommand::doApply): If insignificant whitespace
        removal removes textNode from the document, insert a text node containing
        the non-breaking space we were attempting to insert and then insert it
        at the position that the removed textNode occupied.

2007-08-08  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        Added a thrash check to live decoded resource eviction.
        
        Here's the strategy: Stamp every image with its paint time. Don't evict 
        a live decoded resource until another resource paints with a reasonably
        (1 second) larger time stamp. 
        
        If no other resource paints, or another resource paints, but very soon 
        after the resource in question, the resource in question is very likely 
        to paint again soon. In fact, it's probably still on screen. So we 
        leave it alone. (Previously, we evicted it on a timer, but that would 
        evict a resource that was still on screen, hurting speed without 
        helping memory use.)

        In theory, this algorithm allows a single large resource or closely 
        related set of resources to linger in the live decoded cache even 
        though the cache is over its limit. However, that can only happen as 
        long as no other resource ever paints again, which guarantees an 
        absolute cap on cache memory usage from then on. Also, the resources 
        will only linger as long as they remain live. Upon going dead, they 
        will flush. Also, these circumstances are so rare that they are almost 
        impossible to encounter in the wild. So don't sweat it.
        
        Stop evicting if the next resource painted too recently:
        
        * loader/Cache.cpp:
        (WebCore::Cache::pruneLiveResources):
        * loader/CachedResource.cpp:
        (WebCore::CachedResource::CachedResource):
        (WebCore::CachedResource::liveResourceAccessed):
        * loader/CachedResource.h:

        Track the paint time stamp in Frame. We do this to give a consistent
        stamp to all resources painted in a single paint operation (in case the
        operation takes a significant amount of time), and to avoid excessive 
        calls to system time functions, which hurt the PLT:

        * page/Frame.cpp:
        (WebCore::Frame::paint):
        * page/Frame.h:
        (WebCore::Frame::currentPaintTimeStamp):

2007-08-08  Sam Weinig  <sam@webkit.org>

        Reviewed by Adam Roben.

        Update project file to reflect the moving of character-sets.txt
        and make-charset-table.pl to platform/mac a while ago.

        * WebCore.xcodeproj/project.pbxproj:

2007-08-08  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Harrison.

        <rdar://problem/5390681> WebKit asserts when deleting To Do content selected with a double-click
        
        * dom/Position.cpp:
        (WebCore::Position::trailingWhitespacePosition): Use VisiblePosition::characterAfter
        to look for a trailing space.  The old code would incorrectly return a position before
        a non-editable space if it had a collapsed space before it.

2007-08-08  Sam Weinig  <sam@webkit.org>

        Reviewed by Brady.

        Make protocol and host compares case-insensitive.

        * bindings/js/kjs_window.cpp:
        (KJS::Window::isSafeScript):
        * dom/Document.cpp:
        (WebCore::Document::initSecurityPolicyURL):
        * platform/DeprecatedString.cpp:
        (WebCore::equalIgnoringCase):
        * platform/DeprecatedString.h:
        (WebCore::equalIgnoringCase):

2007-08-08  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Harrison.

        <rdar://problem/5390681> WebKit asserts when deleting To Do content selected with a double-click

        * dom/Position.cpp:
        (WebCore::Position::leadingWhitespacePosition): Added checks to prevent expansion across editable an boundary.
        (WebCore::Position::trailingWhitespacePosition): Ditto.

2007-08-08  Adele Peterson  <adele@apple.com>

        Reviewed by John.

        Fix for <rdar://problem/5393798> 100% reproducible crash in WebCore::Scrollbar::setValue

        * page/EventHandler.cpp: (WebCore::EventHandler::handleMousePressEvent):
          If the hit testing originally determined the event was in a scrollbar, 
          refetch the MouseEventWithHitTestResults in case the scrollbar widget was destroyed when the mouse event was handled.

2007-08-08  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoff Garen.

        Fix for <rdar://problem/5354635>

        Match Firefox's model for data: URLs by not allowing them script access
        to any frames other then itself.

        * bindings/js/kjs_window.cpp:
        (KJS::Window::isSafeScript):
        * dom/Document.cpp:
        (WebCore::Document::initSecurityPolicyURL):

2007-08-08  Darin Adler  <darin@apple.com>

        Reviewed by Kevin Decker.

        - fix for <rdar://problem/5390708> CrashTracer: [USER] 27 crashes in Safari at
          com.apple.WebCore: WTF::HashMap<etc>::set + 68, beneath pruneUnretainedIconsAtStartup

        * loader/icon/IconDatabase.cpp: (WebCore::IconDatabase::pruneUnretainedIconsOnStartup):
        Eliminate an unnecessary HashMap from the implementation; we can just use the
        m_pageURLToRetainCount map directly. This simplifies the code and allows us to handle
        the empty string, which otherwise poses a problem for HashMap.

2007-08-08  Antti Koivisto  <antti@apple.com>

        Reviewed by Darin.
        
        Fix for <rdar://problem/5391576>
        Malformed table innerHTML causes Safari to crash in HTMLParser::handleError (14894)
        
        Add null checks to protect against 
        
        e.innerHTML = "<tr>text</tr>";
        
        type cases. Normal assumptions about document tree structure don't hold when parsing 
        fragments. Results don't match Firefox in all cases. It seems to have some sort of 
        anything-goes fragment parsing mode.
        
        * html/HTMLParser.cpp:
        (WebCore::HTMLParser::handleError):

2007-08-07  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Maciej and Hyatt.

        - <rdar://problem/4976879> REGRESSION: Safari doesn't work with Zimbra enhanced login.
        - Reverting a previous change, and modifying how documents are created so that we better match other browsers behavior with respect to namespaceURIs.

        * WebCore.xcodeproj/project.pbxproj:
        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::createDocument):
        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::createElement):
        * dom/Document.h:
        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::createElement):
        * html/HTMLDocument.h:

2007-08-08  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed and landed by Brady

        Fixes <http://bugs.webkit.org/show_bug.cgi?id=13422>

        Bug 13422: REGRESSION: Page reload loses page position

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::updateHistoryForReload):

2007-08-08  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Niko.

        Be paranoid and disconnect from the signal before going away.

        * platform/gdk/PlatformScrollBarGdk.cpp:
        (PlatformScrollbar::~PlatformScrollbar):

2007-08-08  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Niko.

        Use GraphicsContext::translatePoint in RenderThemeGdk to paint at the
        right position.
        This is needed as the Gtk+ theming code does not know about the translation
        of the GraphicsContext.

        * platform/gdk/RenderThemeGdk.cpp:
        (WebCore::RenderThemeGdk::paintCheckbox):
        (WebCore::RenderThemeGdk::paintRadio):
        (WebCore::RenderThemeGdk::paintButton):

2007-08-08  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Niko.

        Implement Widget::paint for the Gtk port. This is needed to paint
        Widgets in z-order. The original GdkEventExpose is stored within the
        GraphicsContext and then used to draw the children. This is similiar
        to gtk_container_propagate_expose but we try to honor the GraphicsConntext
        translation.

        * platform/gdk/WidgetGdk.cpp:
        (WebCore::Widget::paint):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContextPlatformPrivate::GraphicsContextPlatformPrivate):
        (WebCore::GraphicsContext::setGdkExposeEvent):
        (WebCore::GraphicsContext::gdkExposeEvent):
        (WebCore::GraphicsContext::gdkDrawable):
        (WebCore::GraphicsContext::translatePoint):

2007-08-08  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Oliver Hunt.

        Implement PlatformScrollbar by calling ScrollBar::setValue from 
        gtkValueChange connected to the value-changed signal of the
        GtkAdjustment.
        Update 'value' of the GtkAdjustment in updateThumbPosition and
        set upper, page-increment, step-increment and page_size in
        updateThumbProportion.

        This is from bug http://bugs.webkit.org/show_bug.cgi?id=14795.

        * platform/gdk/PlatformScrollBar.h:
        * platform/gdk/PlatformScrollBarGdk.cpp:
        (PlatformScrollbar::PlatformScrollbar):
        (PlatformScrollbar::updateThumbPosition):
        (PlatformScrollbar::updateThumbProportion):
        (PlatformScrollbar::gtkValueChanged):

2007-08-07  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak. Based on earlier review from Dave Hyatt.

        First chunk of work for <rdar://problem/5326009> Make non-browser 
        WebKit clients have no memory cache, or a very tiny one
        
        Layout tests pass.
        
        Removed decodedSizeWillChange mechanism because my last patch to
        change the live resources list to a strict LRU model made that code
        vestigial.
        
        Renamed "liveResourcesList" and related stuff => 
        "liveDecodedResourcesList" because only live resources with decoded 
        data are kept in the list.

        * loader/CachedImage.cpp:
        (WebCore::CachedImage::decodedSizeChanged): Only add ourselves to the
        list if we're live, our decoded size has grown, and we're not in the 
        list already. (Otherwise, either we're not live, we're not decoded,
        or we're already in the list.)

        * loader/CachedResource.cpp:
        (WebCore::CachedResource::liveResourceAccessed): Only re-insert
        ourselves into the list if we're already there. (In theory, this should
        be always, but it's a little more clear to check.)

2007-08-08  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Adam.

        Kill class FrameGdk and move the stubs to page/gdk/FrameGdk.cpp and the
        remainings into WebKitGtkFrame.
        The DRT functionality of class FrameGdk is currently lost.

        * WebCore.pro:
        * loader/gdk/FrameLoaderClientGdk.cpp:
        * loader/gdk/FrameLoaderClientGdk.h:
        * page/gdk/FrameGdk.cpp: Renamed from WebCore/platform/gdk/FrameGdk.cpp.
        (WebCore::Frame::issueTransposeCommand):
        (WebCore::Frame::cleanupPlatformScriptObjects):
        (WebCore::Frame::dragImageForSelection):
        (WebCore::Frame::dashboardRegionsChanged):
        * platform/gdk/FrameGdk.h: Removed.
        * platform/gdk/TemporaryLinkStubs.cpp: Removed Frame stub, added the loadResourceIntoArray stub
        * platform/gdk/WidgetGdk.cpp:

2007-08-08  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Adam.

        Remove the event handling code and move it to WebKit/gtk/Api/webkitgtkpage.cpp

        * platform/gdk/FrameGdk.cpp:
        * platform/gdk/FrameGdk.h:

2007-08-07  Holger Hans Peter Freyther  <zecke@selfish.org>

        Reviewed by Niko.

        Switch from the generic union GdkEvent to the specific struct GdkEvent*. This is needed
        to make WebKitGtkPage handle the events by reimplementing the default handlers in the near
        future.

        * platform/PlatformKeyboardEvent.h:
        * platform/PlatformMouseEvent.h:
        * platform/PlatformWheelEvent.h:
        * platform/gdk/FrameGdk.cpp:
        (WebCore::FrameGdk::handleGdkEvent):
        * platform/gdk/KeyEventGdk.cpp:
        (WebCore::PlatformKeyboardEvent::PlatformKeyboardEvent):
        * platform/gdk/MouseEventGdk.cpp:
        (WebCore::PlatformMouseEvent::PlatformMouseEvent):
        * platform/gdk/WheelEventGdk.cpp:
        (WebCore::PlatformWheelEvent::PlatformWheelEvent):

2007-08-07  George Staikos  <staikos@kde.org>

        Some QStyles don't handle negative maximum well (crash)

        * platform/qt/PlatformScrollBarQt.cpp:
        (WebCore::PlatformScrollbar::paint):

2007-08-07  Antti Koivisto  <antti@apple.com>

        Reviewed by Hyatt.

        Fix <rdar://problem/5102553>
        Mail spins trying to display or edit a specific long plain text message in WebCore::TimerBase::...

        Calling removeLeftoverAnonymousBoxes() from RenderBlock::addChildToFlow() made adding children
        O(n^2) in simple cases (repeated <div><div></div></div> for example).
        
        I couldn't find any limited fix so here is a more complete one. It removes iterating/recursing 
        removeLeftoverAnonymousBoxes() method altogether. Instead of hunting around wildly, just get 
        rid of anonymous boxes with block children when they occur.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::addChildToFlow):
        * rendering/RenderButton.h:
        (WebCore::RenderButton::removeLeftoverAnonymousBlock):
        * rendering/RenderContainer.cpp:
        (WebCore::RenderContainer::removeLeftoverAnonymousBlock):
        * rendering/RenderContainer.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::handleDynamicFloatPositionChange):
        (WebCore::RenderObject::removeLeftoverAnonymousBlock):
        * rendering/RenderObject.h:
        * rendering/RenderTextControl.h:
        (WebCore::RenderTextControl::removeLeftoverAnonymousBlock):

2007-08-06  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej.

        Fix for <rdar://problem/5354689>

        - Use document variable to determine permissions instead
          of traversing the frame tree. 

        * bindings/js/kjs_window.cpp:
        (KJS::Window::isSafeScript):
        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::initSecurityPolicyURL):
        * dom/Document.h:
        (WebCore::Document::securityPolicyURL):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::setOpener): We must re-initialize the
        safeScript URL when setting the opener because the opener was
        not known at Document construction.

2007-08-06  David Hyatt  <hyatt@apple.com>

        Make sure to clear out the parent of the ellipsis box so that it doesn't
        trigger the consistency check for line boxes.

        Reviewed by darin

        * ChangeLog:
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::detachEllipsisBox):

2007-08-06  David Hyatt  <hyatt@apple.com>

        Back out fix for <rdar://problem/5366582> and replace it with the correct
        fix.  Make sure to delete the line box tree before splitting an inline flow
        into a continuation.  The added layout test for the original checkin covers
        the problem.

        Reviewed by beth

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::makeChildrenNonInline):
        Back out fix.

        * rendering/RenderFlow.cpp:
        (WebCore::RenderFlow::destroy):
        Back out fix.

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::splitFlow):
        Here's the new fix.

2007-08-06  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.
        
        Touching a file to force a re-build.

2007-08-06  Darin Adler  <darin@apple.com>

        - fix release build

        * rendering/RenderText.h: (WebCore::RenderText::checkConsistency):
        Add missing const.

2007-08-06  Darin Adler  <darin@apple.com>

        Reviewed by Maciej.

        - fix <rdar://problem/5366582> crash on it.eurosport.yahoo.com page

        Test: fast/dynamic/inline-to-block-crash.html

        I added some consistency checks for the line box tree, which helped me figure out
        what was going on with this bug pretty quickly.

        * rendering/RenderBlock.cpp: (WebCore::RenderBlock::makeChildrenNonInline):
        This is the actual fix. If the block needs layout, then don't try to delete the line
        box tree because it's going to be rebuilt as part of layout. More importantly, the
        child list in the tree is no good, so we will crash if we try to delete here.

        * rendering/RenderFlow.cpp: (WebCore::RenderFlow::destroy):
        Here's a second fix. We have the same issue in the code that handles anonymous
        blocks -- if it's already running as part of layout, we can't walk through the
        already partly destroyed line box tree. This crashed in one of the layout tests.

        * rendering/InlineBox.h: Made more fields private, since I wanted to do a bit more
        work in setters. Made setNextOnLine() and setPrevOnLine() assert that the box has a
        parent. Made parent() assert that the parent is good. Also removed the unused
        isChildOfParent() function.
        * rendering/InlineBox.cpp: (WebCore::InlineBox::~InlineBox): At destruction time, if
        we are still attached to a parent, tag that parent as having a "bad" child list.

        * rendering/InlineFlowBox.h: Added m_reasonForBadChildList, checkConsistency(),
        setHasBadChildList(), and hasBadChildList(). Also changed firstChild() and lastChild() so
        they call checkConsistency() and made all the fields private instead of protected.
        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::addToLine): Added consistency checks before and after adding a
        box to the line. Also checked that next and prev start out as 0. Changed manipulation of
        next and prev to use accessor functions.
        (WebCore::InlineFlowBox::removeChild): Added consistency checks before and after removing
        the box from the line.
        (WebCore::InlineFlowBox::deleteLine): Use firstChild() instead of getting at m_firstChild
        directly so we get a consistency check. Also set the parent to 0 before destroying so that
        the assertion in ~InlineBox will work properly.
        (WebCore::InlineFlowBox::extractLine): Ditto.
        (WebCore::InlineFlowBox::attachLine): Ditto.
        (WebCore::InlineFlowBox::adjustPosition): Ditto.
        (WebCore::InlineFlowBox::checkConsistency): Added. Checks consistency of the child list by
        looking at the parent, next, and prev pointers. Also asserts that we are not yet in the
        "bad" child list state, which happens if one of our children is destroyed without removing
        it from our list; that's normal, but once it happens we can't look at our child list again.

        * rendering/InlineTextBox.h:
        * rendering/InlineTextBox.cpp: Remove unnneeded destroy/new/delete functions -- these are
        inherited from the InlineBox base class and don't need to be defined again.

        * rendering/RenderFlow.h:
        * rendering/RenderFlow.cpp:
        (WebCore::RenderFlow::~RenderFlow): Assert that there are no children to confirm that we
        didn't leak something.
        (WebCore::RenderFlow::extractLineBox): Added consistency checks before and after removing
        a run of boxes from the list.
        (WebCore::RenderFlow::attachLineBox): Added consistency checks before and after adding
        a box to the list.
        (WebCore::RenderFlow::removeLineBox): Added consistency checks before and after removing
        a box from the list.
        (WebCore::RenderFlow::createInlineBox): Added consistency checks before and after adding
        a box to the list.
        (WebCore::RenderFlow::checkConsistency): Added.

        * rendering/RenderText.h:
        * rendering/RenderText.cpp:
        (WebCore::RenderText::~RenderText): Assert that there are no children to confirm that we
        didn't leak something.
        (WebCore::RenderText::extractTextBox): Added consistency checks before and after removing
        a run of boxes from the list.
        (WebCore::RenderText::attachTextBox): Added consistency checks before and after adding
        a box to the list.
        (WebCore::RenderText::removeTextBox): Added consistency checks before and after removing
        a box from the list.
        (WebCore::RenderText::deleteTextBoxes): Added code to call setHasBadChildList since this
        destroys line boxes without informing the parent.
        (WebCore::RenderText::checkConsistency): Added.

2007-08-06  Adele Peterson  <adele@apple.com>

        Reviewed by Darin.

        Fix for <rdar://problem/5382483> REGRESSION: <select> element's text is clipped when a CSS line-height is specified

        Don't honor line-height for styled popup buttons.  We already don't honor line-height for unstyled popups
        and since IE and FF don't honor it at all for popups, we shouldn't either.

        * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::adjustMenuListButtonStyle):
        * rendering/RenderThemeSafari.cpp: (WebCore::RenderThemeSafari::adjustMenuListButtonStyle):

2007-08-06  Antti  <antti@apple.com>

        Reviewed by Darin.

        Fix <rdar://problem/5378214>
        Mail crashes at RenderLayer::paintLayer() when dragging a selection over To Do text
        
        ObjC interface does not guarantee that Document::updateRendering() gets called after
        modification are made to document. This can lead to situation where paint()
        is invoked with document still dirty which can then crash in number of interesting ways.
        
        - add hasChangedChild() as needsLayout() condition. layout() will then call recalcStyle() 
          catching most cases and making sure document is not dirty when entering painting.
        - protect recalcStyle() and layout() from being executed during painting. There are some
          cases needsLayout() protection does not cover.
        
        No layout test, these states are very hard or impossible to reach using Javascript interface
        (which generally guarantees that updateRendering() is done right after execution).

        * dom/Document.cpp:
        (WebCore::Document::recalcStyle):
        * page/Frame.cpp:
        (WebCore::Frame::paint):
        (WebCore::Frame::setPaintRestriction):
        (WebCore::Frame::isPainting):
        (WebCore::FramePrivate::FramePrivate):
        * page/Frame.h:
        * page/FramePrivate.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::layout):
        (WebCore::FrameView::needsLayout):

2007-08-05  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin Adler.
        
        <rdar://problem/5369110> CrashTracer: [USER] reproducible crash opening particular mail messages

        * platform/network/mac/ResourceHandleMac.mm:
        (-[WebCoreResourceHandleAsDelegate connection:willSendRequest:redirectResponse:]): Make sure to retain
        self for the body of this method. Otherwise, the willSendRequest could trigger events which will
        cancel the connection, and we access ivars after this point.
        (-[WebCoreSynchronousLoader connection:willSendRequest:redirectResponse:]): retain and release
        in the right order.

2007-08-04  Adam Roben  <aroben@apple.com>

        Another workaround for <rdar://problem/5386894>

        Reviewed by Sam.

        This fixed ~150 failing tests.

        * platform/network/cf/ResourceResponseCFNet.cpp:
        (WebCore::ResourceResponse::doUpdateResourceResponse): Hardcode the
        MIME type for .svg files as well.

2007-08-04  Adam Roben  <aroben@apple.com>

        Workaround for <rdar://problem/5386894> CFURLResponseGetMIMEType returns "text/html" for local .xhtml and .xml files

        Reviewed by Sam.

        This fixes ~350 failing tests.

        * platform/network/cf/ResourceResponseCFNet.cpp:
        (WebCore::ResourceResponse::doUpdateResourceResponse): Use a workaround
        identical to the one in ResourceResponseMac.mm, but include .xml files
        as well.

2007-08-04  David Kilzer  <ddkilzer@webkit.org>

        Reviewed by Oliver.

        - fix for http://bugs.webkit.org/show_bug.cgi?id=14882
          <rdar://problem/5386550> REGRESSION (r24866): text/plain documents are always downloaded

        The supportedNonImageMimeTypes list is used to determine which MIME types may be viewed
        within the web browser (e.g., plug-ins add their own MIME types to the list during
        initialization), so we must add "text/plain" and "text/" back to the list.  Since
        this change would then break DOMImplementation::isTextMIMEType(), that method was reverted
        to its original form and MIMETypeRegistry::shouldTreatAsText() was removed.

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::isTextMIMEType): Revert to previous version.
        * platform/MIMETypeRegistry.cpp:
        (WebCore::initialiseSupportedNonImageMimeTypes): Added back "text/plain" and "text/" to the list.
        (WebCore::MIMETypeRegistry::shouldTreatAsText): Removed.
        * platform/MIMETypeRegistry.h:

2007-08-03  Brady Eidson  <beidson@apple.com>

        Reviewed by Oliver

        Fix for http://bugs.webkit.org/show_bug.cgi?id=14824 and <rdar://problem/5372989>

        Two issues - 
        1 - The WebCore MIMEType registry was designed assuming the list of types would never change
            That is false, as WebKit has API and SPI calls which directly mutate the MIMETypeRegistry
        2 - DOMImplementation didn't consult the registry for any MIMEType that started with "text/", 
            instead maintaining it's own hard coded rules

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::isTextMIMEType): For now, call through to the MIMETypeRegistry
          until we decided a different fate for this function

        * platform/MIMETypeRegistry.cpp:
        (WebCore::initialiseSupportedNonImageMimeTypes):  "SupportedNonImageMIMETypes" is really a misnomer for 
          "MIMETypes we should show as HTML" but that line has slowly been blurred since Tiger.  In an attempt
          to start to unblur it, remove "text/" and "text/plain"
        (WebCore::MIMETypeRegistry::shouldTreatAsText):  The decision is very close to the old DOMImplementation 
          method, except we don't automatically hand off "text/" types as true if they are in the set of supported
          MIMETypes
        (WebCore::MIMETypeRegistry::getSupportedImageMIMETypes): Non-const (can be changed!)
        (WebCore::MIMETypeRegistry::getSupportedImageResourceMIMETypes): Non-const (can be changed!)
        (WebCore::MIMETypeRegistry::getSupportedNonImageMIMETypes): Non-const (can be changed!)
        * platform/MIMETypeRegistry.h:

2007-08-03  Adele Peterson  <adele@apple.com>

        Reviewed by Adam.

        Fix for <rdar://problem/5345862> CrashTracer: [USER] 4 crashes in Safari at com.apple.WebCore: WebCore::Frame::isContentEditable const + 10

        Couldn't reproduce the problem, but a nil check for the frame should fix this.

        * css/CSSStyleSelector.cpp: (WebCore::CSSStyleSelector::adjustRenderStyle):

2007-08-03  Anders Carlsson  <andersca@apple.com>

        Reviewed by Oliver.

        <rdar://problem/5383286>
        XMLHTTPRequest does not return 401 when user cancels authentication dialog (affects .Mac)
        
        * loader/ResourceLoader.h:
        Make receivedCancellation virtual.
        
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::receivedCancellation):
        Call SubresourceLoaderClient::receivedCancellation.
        
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::receivedCancellation):
        Save the failure response.

2007-08-03  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        <rdar://problem/5374393> 
        Image change on disk not noticed by WebView; -[WebCache setDisabled:] used to cause a reload every time
        
        This is essentially a better fix for the crash in <rdar://problem/5362783>.
        
        * loader/DocLoader.cpp:
        (WebCore::DocLoader::requestResource):
        If the resource already exists in the m_docResources map, remove it and disassociate it from the doc loader.

2007-08-03  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff.

        <rdar://problem/5375190> Mail crashed in WebCore::CachedImage::imageSize() const when viewing a particular message

        Fix the uncached load path to confirm that the type of resource being 
        returned actually matches the type that was requested.

        Also make sure we never create a resource in the Cache for invalid urls.

        * loader/Cache.cpp:
        (WebCore::Cache::requestResource):
        * loader/DocLoader.cpp:
        (WebCore::DocLoader::requestResource):

2007-08-03  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Adele.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14879
          REGRESSION: First item in select (pop-up menu) is displayed even if another item was selected via JavaScript

        Test: fast/forms/menulist-deselect-update.html

        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::setSelected): Reordered to allow setSelectedIndex() to call setChanged().

2007-08-03  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin.

        <rdar://problem/5286444>
        http://bugs.webkit.org/show_bug.cgi?id=14269
        REGRESSION: Gmail links stop working after computer sleep
        
        Add a PowerNotifier object that takes care of resetting and firing the shared timer when coming
        back from sleep.
        
        * platform/mac/SharedTimerMac.cpp:
        (-[PowerNotifier init]):
        (-[PowerNotifier didWake:]):
        (WebCore::setSharedTimerFireTime):

2007-08-04  Mark Rowe  <mrowe@apple.com>

        Windows build fix.

        * rendering/RenderTextControl.cpp: Don't use the same name for two arguments.

2007-08-03  Mitz Pettel  <mitz@webkit.org>

        Reviewed by Darin.

        - fix http://bugs.webkit.org/show_bug.cgi?id=14653
          REGRESSION (r23994): No caret is drawn after clicking a search field's placeholder text
          <rdar://problem/5383841>

        Test: fast/forms/search-click-in-placeholder.html

        Defined a subclass of RenderBlock that never hit-tests children for use in
        text controls. This avoids returning placeholder text as the hit node.
        Since text controls cannot contain inline elements, there is no harm in
        doing that unconditionally, and not just in the case that the field is
        showing placeholder text.

        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControlInnerBlock::RenderTextControlInnerBlock):
        (WebCore::RenderTextControlInnerBlock::~RenderTextControlInnerBlock):
        (WebCore::RenderTextControlInnerBlock::nodeAtPoint):
        (WebCore::RenderTextControl::createSubtreeIfNeeded):

2007-08-02  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff

        Fix for <rdar://problem/5369332> Xcode crashes while selecting a hyperlink within a AppleScript dictionary (WebCore::Font::drawGlyphBuffer)

        There were many places where we were not correctly retaining/releasing the
        NSFont object stored in the C++ PlatformFontData object, this resulted in
        the GC incorrectly collecting the NSFont.

        This patch fixes the problem by prevent direct modification of the PlatformFontData
        font pointer, allowing us to enforce correct CFRetain/Release behaviour.

        * platform/FontData.h:
        (WebCore::FontData::getNSFont):
        * platform/mac/FontCacheMac.mm:
        (WebCore::FontCache::getFontDataForCharacters):
        (WebCore::FontCache::createFontPlatformData):
        * platform/mac/FontDataMac.mm:
        (WebCore::initFontData):
        (WebCore::FontData::platformInit):
        (WebCore::FontData::platformDestroy):
        (WebCore::FontData::smallCapsFontData):
        (WebCore::FontData::containsCharacters):
        (WebCore::FontData::determinePitch):
        (WebCore::FontData::platformWidthForGlyph):
        (WebCore::FontData::checkShapesArabic):
        * platform/mac/FontMac.mm:
        (WebCore::initializeATSUStyle):
        (WebCore::overrideLayoutOperation):
        (WebCore::Font::drawGlyphs):
        * platform/mac/FontPlatformData.h:
        (WebCore::FontPlatformData::FontPlatformData):
        (WebCore::FontPlatformData::~FontPlatformData):
        (WebCore::FontPlatformData::hash):
        (WebCore::FontPlatformData::operator==):
        (WebCore::FontPlatformData::font):
        (WebCore::FontPlatformData::setFont):

2007-08-03  Antti Koivisto  <antti@apple.com>

        Oops, this change wasn't supposed to be commited.

        * page/mac/WebCoreFrameBridge.mm:
        (-[WebCoreFrameBridge setBaseBackgroundColor:]):

2007-08-02  Antti Koivisto  <antti@apple.com>

        Reviewed by Darin.

        <rdar://problem/5355951>
        plainText() fragments TCMalloc heap badly on large pages
        
        also likely fixes some cases of
        <rdar://problem/5335382>
        CrashTracer: [REGRESSION] 73 crashes in Safari at com.apple.WebCore: WebCore::DeprecatedStringData::increaseUnicodeSize + 52
        
        If you load http://dscoder.com/test.txt with WebKit build with TCMalloc and system malloc you see that
        Safari RPRVT with TCMalloc is 118.8MB
        Safari RPRVT with system malloc is 69.7MB
        
        Difference is almost entirely caused by heap fragmentation from a full document plainText() call (for indexing purposes).
        
        The patch helps in two ways:
        - construct plainText string in pieces to avoid O(n^2) reallocs
        - allocate buffers using system malloc so they can be returned back to OS and don't fragment and grow TCMalloc heap
    
        This shrinks http://dscoder.com/test.txt RPRVT to 79.0MB and makes full document plainText() take 50ms instead of 500ms.
        The benefits are not limited to extreme cases, web pages above ~200kB can show substantial improvement in RPRVT.

        * editing/TextIterator.cpp:
        (WebCore::plainTextToMallocAllocatedBuffer):
        (WebCore::plainText):
        * editing/TextIterator.h:
        * page/mac/WebCoreFrameBridge.mm:
        (-[WebCoreFrameBridge selectedString]):
        (-[WebCoreFrameBridge stringForRange:]):

2007-08-02  David Hyatt  <hyatt@apple.com>

        Fix for 5374437, allow comment nodes to be the child of a document.
        Refine the check to always make a root element to check documentElement()
        rather than firstChild(), since a comment node could be present as the
        firstChild() now.

        Reviewed by Tim Hatcher

        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::childAllowed):
        * html/HTMLParser.cpp:
        (WebCore::HTMLParser::finished):

2007-08-02  Antti Koivisto  <antti@apple.com>

        Reviewed by Darin.
        
        <rdar://problem/5228138>
        REGRESSION(Leopard): test failures: tests that test Georgian numbering

        Fix to Georgian number tables to get CSS2.1 test results right. Font has relevant characters now 
        which revealed that results were actually wrong. 

        * rendering/RenderListMarker.cpp:
        (WebCore::toGeorgian):

2007-08-02  Ada Chan  <adachan@apple.com>

        Reviewed by Steve.

        <rdar://problem/5079175> Added parameters headerHeight and footerHeight to 
        computePageRectsForFrame() so we can account for the header and footer when
        calculating page heights for this frame.

        * bridge/win/FrameWin.cpp:
        (WebCore::computePageRectsForFrame):
        * bridge/win/FrameWin.h:

2007-08-02  Alice Liu  <alice.liu@apple.com>

        Reviewed by Kevin McCullough.

        fixed <rdar://problem/5310312> REGRESSION: javascript is mis-escaped at http://labs.zarate.org/passwd causing bookmarklet to break
        
        * WebCore.exp:
        expose some calls for WebKit to call. 
        * manual-tests/JavaScript-bookmarklets.html: Added.

2007-08-01  Adam Treat  <treat@kde.org>

        Reviewed by George Staikos.

        Add an interface to manage global history for clients

        * WebCore.pro:
        * platform/qt/TemporaryLinkStubs.cpp:

2007-08-01  Adam Treat  <treat@kde.org>

        Reviewed by George Staikos.

        Do not call update or paint from inside a paint event.

        * platform/qt/ScrollViewQt.cpp:
        (WebCore::ScrollView::updateContents):
        * platform/qt/WidgetQt.cpp:
        (WebCore::Widget::invalidateRect):

2007-08-01  Timothy Hatcher  <timothy@apple.com>

        Reviewed by Justin.

        <rdar://problem/5376156> Mail crash in DeleteButtonController::hide() when dropping selected image on DIV's border

        Add the container element back so the selection can not touch the deletion UI nodes. The container
        has style to prevent user selection, user drag and user modification.

        * editing/DeleteButtonController.cpp:
        (WebCore::DeleteButtonController::show): Make the container node, and append the button and outline elements.
        (WebCore::DeleteButtonController::hide): Remove the container elements and null out the other nodes.
        * editing/DeleteButtonController.h:

2007-08-01  Steve Falkenburg  <sfalken@apple.com>

        Build mod: Fix sln to match configs in vcproj.
        
        Reviewed by Adam.

        * WebCore.vcproj/WebCore.make:

2007-07-31  David Harrison  <harrison@apple.com>

        Reviewed by Justin.

        <rdar://problem/5362659> CrashTracer: [USER] 11 crashes in Mail at WebCore::InsertLineBreakCommand::doApply()

        The problem was that deleting with the X control leaves the selection inside the fragment that was deleted.

        * editing/DeleteButtonController.cpp:
        (WebCore::DeleteButtonController::deleteTarget):
        Because the deletion UI only appears when the selection is entirely
        within the target, we unconditionally update the selection to be
        a caret where the target had been.

2007-07-31  Adele Peterson  <adele@apple.com>

        Reviewed by Hyatt.

         Fix for <rdar://problem/5339395> REGRESSION:http://sudokucraving.com does not render grid correctly

        * rendering/RenderTextControl.h: (WebCore::RenderTextControl::hasControlClip): Clip for search fields.
        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::controlClipRect): Added a control clip so the search field's cancel button and magnifier glass
         never draw outside the control's bounds.
        (WebCore::RenderTextControl::calcPrefWidths): Only include the inner box's padding when calculating the min/max width without using calcContentBoxWidth.
         Our old behavior was causing that inner padding to get counted twice.  Also, no need to add in the border
         for an inner box that can't be controlled from outside this class.
        * rendering/RenderMenuList.cpp: (WebCore::RenderMenuList::calcPrefWidths): ditto.

2007-07-31  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        Speculative fix for <rdar://problem/5359695> 
        REGRESSION (Tiger Beta): Multiple crashes in WebCore::Widget::getView() const + 6
                
        * page/EventHandler.cpp:
        (WebCore::EventHandler::updateDragAndDrop):
        Null check the frame view.

2007-07-31  Timothy Hatcher  <timothy@apple.com>

        Reviewed by Oliver and Beth.

        <rdar://problem/5211271> ADOBE Leopard 9A410: At the first Launching InDesign after deactivate, EULA page gets blanked.

        Rename needsAcrobatFrameReloadingQuirk to needsAdobeFrameReloadingQuirk, since this now applies to more Adobe applications.

        * WebCore.exp:
        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        (WebCore::Settings::setNeedsAdobeFrameReloadingQuirk):
        * page/Settings.h:
        (WebCore::Settings::needsAcrobatFrameReloadingQuirk):

2007-07-31  Matt Perry  <mpComplete@gmail.com>

        Reviewed by Brady and Darin, tweaked by Brady, landed by Brady

        Fix for http://bugs.webkit.org/show_bug.cgi?id=14757 and <rdar://problem/5364692>
        HTMLTokenizer::processingData implementation is incorrect

        * html/HTMLTokenizer.cpp:
        (WebCore::HTMLTokenizer::processingData): Made it also return true if the HTMLTokenizer was inside the write() call.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::FrameLoader):
        (WebCore::FrameLoader::checkLoadCompleteTimerFired):
        (WebCore::FrameLoader::scheduleCheckLoadComplete):
        (WebCore::FrameLoader::stopForUserCancel): Changed a call to checkLoadComplete to be asynchronous, since
        stopForUserCancel can be called while parsing.
        * loader/FrameLoader.h:

2007-07-31  Anders Carlsson  <andersca@apple.com>

        Reviewed by Geoff.

        <rdar://problem/5371582>
        REGRESSION: PLT .5% slower due to r24451 (copying HTMLCollection objects)
        
        Make the hash maps store CollectionInfo pointers to reduce amount of copying when
        inserting/rehashing etc.
        
        * dom/Document.cpp:
        (WebCore::Document::~Document):
        (WebCore::Document::nameCollectionInfo):
        * dom/Document.h:

2007-07-31  Sam Weinig  <sam@webkit.org>

        Reviewed by Mitz.

        Fix for http://bugs.webkit.org/show_bug.cgi?id=14825
        Non-integer hsl() colours are ignored

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseHSLParameters): Parse hue as a Number,
        not an Integer. 

2007-07-30  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Darin.

        <rdar://problem/5369009> Crash due to infinite recursion in moveParagraphs on delete
        
        After the delete, we moved content into the previous block, and a style
        rule turned a style span in the moved content into a block, throwing
        moveParagraphs into infinite recursion, as it continually tried and failed
        to get the style span into the same paragraph as the content just before it.
        
        Added a method to ReplaceSelectionCommand to keep inserted style spans 
        from turning into blocks because of style rules.  Will add code to prevent