2013-02-13 Arko Saha [Microdata] HTMLPropertiesCollection code cleanup https://bugs.webkit.org/show_bug.cgi?id=109721 Reviewed by Ryosuke Niwa. Removed forward declaration of DOMStringList class. Removed unused findRefElements() method declaration. Also Removed unused parameter Element* from updatePropertyCache() method. No new test since no change in behavior. * html/HTMLPropertiesCollection.cpp: (WebCore::HTMLPropertiesCollection::updateNameCache): * html/HTMLPropertiesCollection.h: (WebCore): (HTMLPropertiesCollection): (WebCore::HTMLPropertiesCollection::updatePropertyCache): 2013-02-13 Kondapally Kalyan [WebGL][EFL][GTK][Qt]Add support for OES_vertex_array_object. https://bugs.webkit.org/show_bug.cgi?id=109382 Reviewed by Kenneth Russell. Covered by fast/canvas/webgl/oes-vertex-array-object.html This patch adds support for using Vertex Array Object with OpenGl. The patch adds support for loading necessary opengl functions and support for checking GL_ARB_vertex_array_object. The support for OES_vertex_array_object is advertised if GL_ARB_vertex_array_object is supported. * platform/graphics/OpenGLShims.cpp: (WebCore::initializeOpenGLShims): * platform/graphics/OpenGLShims.h: (_OpenGLFunctionTable): Added support for loading the necessary functions. * platform/graphics/opengl/Extensions3DOpenGL.cpp: (WebCore::Extensions3DOpenGL::createVertexArrayOES): (WebCore::Extensions3DOpenGL::deleteVertexArrayOES): (WebCore::Extensions3DOpenGL::isVertexArrayOES): (WebCore::Extensions3DOpenGL::bindVertexArrayOES): (WebCore::Extensions3DOpenGL::supportsExtension): (WebCore): (WebCore::Extensions3DOpenGL::isVertexArrayObjectSupported): * platform/graphics/opengl/Extensions3DOpenGL.h: (Extensions3DOpenGL): 2013-02-13 Eberhard Graether chromium: remove CompositorHUDFontAtlas https://bugs.webkit.org/show_bug.cgi?id=109328 Reviewed by James Robinson. After switching the HudLayer to use skia's font rendering the CompositorHUDFontAtlas has become obsolete. This change removes this class and the related WebLayerTreeView API. No new tests. * WebCore.gypi: * platform/graphics/chromium/CompositorHUDFontAtlas.cpp: Removed. * platform/graphics/chromium/CompositorHUDFontAtlas.h: Removed. 2013-02-13 Dean Jackson Small update to speech bubble for captions menu [Mac] https://bugs.webkit.org/show_bug.cgi?id=109641 Reviewed by Eric Carlson Small adjustment to the embedded SVG that draws a speech bubble for the captions button. Remove a polygon that was so small it looked like a rendering error. * css/mediaControlsQuickTime.css: (video::-webkit-media-controls-toggle-closed-captions-button): 2013-02-13 Dean Jackson Clicking outside captions menu should dismiss it https://bugs.webkit.org/show_bug.cgi?id=109648 Reviewed by Eric Carlson. Add a virtual override to the platform-specific defaultEventHandler to intercept any click in the controls, and hide the captions menu if it is showing. Test: media/video-controls-captions-trackmenu-hide-on-click.html * html/shadow/MediaControlsApple.cpp: (WebCore::MediaControlsApple::defaultEventHandler): Override from MediaControls. Hide captions menu if a click event comes in. * html/shadow/MediaControlsApple.h: 2013-02-13 Tommy Widenflycht MediaStream API: Use the source id when creating new tracks https://bugs.webkit.org/show_bug.cgi?id=109688 Reviewed by Adam Barth. This patch reuses the ids from the source when creating tracks instead of creating a new one. This was requested by the chromium port to greatly simplify their implementation. In the longer run the API should be rewritten to only use tracks instead of sources. Covered by existing tests. * platform/chromium/support/WebMediaStream.cpp: (WebKit::WebMediaStream::audioTracks): (WebKit::WebMediaStream::videoTracks): (WebKit::WebMediaStream::initialize): (WebKit): * platform/chromium/support/WebMediaStreamTrack.cpp: (WebKit::WebMediaStreamTrack::initialize): (WebKit): * platform/mediastream/MediaStreamComponent.h: (WebCore::MediaStreamComponent::create): (MediaStreamComponent): (WebCore::MediaStreamComponent::MediaStreamComponent): (WebCore): * platform/mediastream/MediaStreamDescriptor.h: (WebCore::MediaStreamDescriptor::create): (MediaStreamDescriptor): (WebCore::MediaStreamDescriptor::MediaStreamDescriptor): 2013-02-13 Eric Seidel Use fancy new Vector-based String constructors in the WebVTT parser https://bugs.webkit.org/show_bug.cgi?id=109619 Reviewed by Benjamin Poulain. No change in behavior. Added some FIXMEs for future perf optimization. * html/track/WebVTTParser.cpp: (WebCore::WebVTTParser::constructTreeFromToken): 2013-02-13 Morten Stenshorne WebKit ignores column-rules wider than column-gap https://bugs.webkit.org/show_bug.cgi?id=15553 Paint column rules even if they are wider than the gap. Rules wider than the gap should just overlap with column contents. Reviewed by Eric Seidel. Test: fast/multicol/rule-thicker-than-gap.html * rendering/RenderBlock.cpp: (WebCore::RenderBlock::paintColumnRules): 2013-02-13 Philip Rogers Replace SVG bitmap cache with directly-rendered SVG https://bugs.webkit.org/show_bug.cgi?id=106159 Reviewed by Tim Horton. This patch removes the caching of SVG bitmaps so SVG images are rendered directly. This enables WebKit to pass the IE Chalkboard demo in 10s on a Z620: http://ie.microsoft.com/testdrive/Performance/Chalkboard/ On a simple scaled SVG benchmark similar to the IE10 Chalkboard demo (http://philbit.com/SvgImagePerformance/viewport.html): without patch: ~20FPS with patch: ~55FPS The bitmap SVG image cache had several shortcomings: - The bitmap cache prevented viewport rendering. (WK104693) - Bitmap memory usage was high. (WK106484) - Caching animating images was expensive. This change removes almost all of the SVGImageCache implementation, replacing it with directly-rendered SVG. Instead of caching bitmaps, an SVGImageForContainer is cached which is a thin wrapper around an SVG image with the associated container size and scale. When rendering patterns (e.g., tiled backgrounds), a temporary bitmap is used for performance. This change also removes the redraw timer of the old cache, instead relying on the SVG image to notify clients if the image changes (e.g., during animations). This patch fixes two existing bugs (WK99481 and WK104189) that were due to caching bitmaps at a fixed size. A test has been added for each of these bugs. Tests: svg/as-image/svg-image-scaled.html svg/as-image/svg-image-viewbox.html * CMakeLists.txt: * GNUmakefile.list.am: * Target.pri: * WebCore.gypi: * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: * loader/cache/CachedImage.cpp: (WebCore::CachedImage::lookupOrCreateImageForRenderer): (WebCore::CachedImage::setContainerSizeForRenderer): (WebCore::CachedImage::clear): (WebCore::CachedImage::changedInRect): SVG images are no longer special-cased here. When the SVG image changes, users are notified through this function, and users can then request their content to be redrawn. * svg/graphics/SVGImage.cpp: (WebCore::SVGImage::setContainerSize): (WebCore::SVGImage::drawForContainer): drawForContainer lays out the SVG content for a specific container size and renders it. The logic is fairly straightforward but a note about the scales and zooms here: the destination rect parameter is zoomed but not scaled the source rect parameter is zoomed but not scaled the context is scaled but not zoomed SVGImage::draw(...) only accepts a source and destination rect but does not consider scale or zoom. Therefore, drawForContainer removes the zoom component from the source so SVGImage::draw(...) will draw from the pre-zoom source to the post-zoom destination. (WebCore::SVGImage::drawPatternForContainer): For performance, drawPatternForContainer renders the SVG content onto a bitmap, then has the bitmap image draw the pattern. This is necessary because drawPattern is used for tiling. (WebCore): (WebCore::SVGImage::startAnimation): (WebCore::SVGImage::stopAnimation): (WebCore::SVGImage::resetAnimation): (WebCore::SVGImage::reportMemoryUsage): * svg/graphics/SVGImage.h: (WebCore): (SVGImage): * svg/graphics/SVGImageCache.cpp: Instead of storing a SizeAndScales values for each renderer, a SVGImageForContainer is stored which is just a thin wrapper around an SVG image that contains container sizing information. By combining the image and size information, the two maps of SVGImageCache have been merged into one. To make this patch easier to review, SVGImageCache still exists and works similar to how it did before the patch. Now, SVGImageCache simply stores the SVGImageForContainers. In a followup patch it will be removed. Note: the redraw timer of SVGImageCache has been removed because animation invalidation is now properly propagated back to the image clients. (WebCore): (WebCore::SVGImageCache::SVGImageCache): (WebCore::SVGImageCache::~SVGImageCache): (WebCore::SVGImageCache::removeClientFromCache): (WebCore::SVGImageCache::setContainerSizeForRenderer): (WebCore::SVGImageCache::imageSizeForRenderer): Previously, this function returned the scaled image size which was incorrect. The image size is used by clients such as GraphicsContext2D to determine the source size for drawing the image. draw() accepts zoomed but not scaled values, so this has been changed. (WebCore::SVGImageCache::imageForRenderer): A FIXME has been added here to not set the scale on every lookup. This can be improved by setting the page scale factor in setContainerSizeForRenderer() in a future patch. * svg/graphics/SVGImageCache.h: (WebCore): (SVGImageCache): * svg/graphics/SVGImageForContainer.cpp: Added. (WebCore): SVGImageForContainer is a thin wrapper around an SVG image. The lifetime of the SVGImage will be longer than the image cache. (WebCore::SVGImageForContainer::size): This is the only logic in SVGImageForContainer. The size returned needs to be zoomed but not scaled because it is used (e.g., by RenderImage) to pass back into draw() which takes zoomed but not scaled values. (WebCore::SVGImageForContainer::draw): (WebCore::SVGImageForContainer::drawPattern): * svg/graphics/SVGImageForContainer.h: Added. (WebCore): (SVGImageForContainer): In a future patch SVGImageForContainer can be made immutable but without a refactoring for not setting the page scale factor in SVGImageCache::lookupOrCreateImageForRenderer, setters are needed. (WebCore::SVGImageForContainer::create): (WebCore::SVGImageForContainer::containerSize): (WebCore::SVGImageForContainer::pageScale): (WebCore::SVGImageForContainer::zoom): (WebCore::SVGImageForContainer::setSize): (WebCore::SVGImageForContainer::setZoom): (WebCore::SVGImageForContainer::setPageScale): (WebCore::SVGImageForContainer::SVGImageForContainer): (WebCore::SVGImageForContainer::destroyDecodedData): (WebCore::SVGImageForContainer::decodedSize): 2013-02-12 Antti Koivisto Avoid updating timer heap when nothing changes https://bugs.webkit.org/show_bug.cgi?id=109630 Reviewed by Andreas Kling. When the fire time of a Timer is changed we remove it from the timer heap and reinsert it. This is pretty slow. Turns out that in ~80% of cases we are already in the heap and the insertion position is the same as the original position. We can check if anything is actually going to change before doing this work. This makes starting a timer ~30% faster in average, ~0.1% progression in PLT3. * platform/Timer.cpp: (TimerHeapLessThanFunction): (WebCore::TimerHeapLessThanFunction::operator()): (WebCore::parentHeapPropertyHolds): (WebCore): (WebCore::childHeapPropertyHolds): (WebCore::TimerBase::hasValidHeapPosition): The code here assumes that STL heap is a normal binary heap. If there is a different implementation somewhere the assertions will catch it. (WebCore::TimerBase::updateHeapIfNeeded): Skip updating the heap if it is already valid. (WebCore::TimerBase::setNextFireTime): * platform/Timer.h: (TimerBase): 2013-02-13 Martin Robinson [GTK] Remove remaining dead code from the GLib unicode backend https://bugs.webkit.org/show_bug.cgi?id=109707 Reviewed by Philippe Normand. * platform/KURL.cpp: (WebCore::appendEncodedHostname): * platform/text/TextEncoding.cpp: (WebCore::TextEncoding::encode): * platform/text/TextEncodingRegistry.cpp: (WebCore::buildBaseTextCodecMaps): (WebCore::extendTextCodecMaps): 2013-02-13 Xianzhu Wang Heap-use-after-free in WebCore::ScrollingCoordinator::hasVisibleSlowRepaintViewportConstrainedObjects https://bugs.webkit.org/show_bug.cgi?id=108695 See comments of RenderLayerModelObject::willBeDestroyed() below for details. Reviewed by Abhishek Arya. Test: ManulTests/scrolling-coordinator-viewport-constrained-crash.html Unable to write a normal layout test because 1) must waitUntilDone() to reproduce the crash but the redirected URL can't notifyDone(); 2) Can't use a frame to contain the test because ScrollingCoordinator handles only the main frame. * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::willBeDestroyed): Moved removeViewportConstrainedObject() call into RenderLayerModelObject::willBeDestroyed() because only RenderLayerModelObjects can be added as viewportConstrainedObjects. * rendering/RenderLayerModelObject.cpp: (WebCore::RenderLayerModelObject::willBeDestroyed): Changed this->view() (then view->frameView()) to this->frame() (then frame->view()) because when willBeDestroyed() is called, the document has set its renderView to 0 thus this->view() will return 0, causing removeViewportConstrainedObject() not called and a deleted RenderLayerModelObject in FrameView's viewportConstrainedObjects. 2013-02-13 Florin Malita [SVG] OOB access in SVGListProperty::replaceItemValues() https://bugs.webkit.org/show_bug.cgi?id=109293 Replacing a list property item with itself should be a no-op. This patch updates the related APIs and logic to detect the self-replace case and prevent removal of the item from the list. To avoid scanning the list multiple times, removeItemFromList() is updated to operate on indices and a findItem() method is added to resolve an item to an index. Reviewed by Dirk Schulze. No new tests: updated existing tests cover the change. * svg/properties/SVGAnimatedListPropertyTearOff.h: (WebCore::SVGAnimatedListPropertyTearOff::findItem): (SVGAnimatedListPropertyTearOff): (WebCore::SVGAnimatedListPropertyTearOff::removeItemFromList): * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h: (WebCore::SVGAnimatedPathSegListPropertyTearOff::findItem): (SVGAnimatedPathSegListPropertyTearOff): (WebCore::SVGAnimatedPathSegListPropertyTearOff::removeItemFromList): Add a findItem() delegating method, and update removeItemFromList() to use the new index-based API. * svg/properties/SVGListProperty.h: (WebCore::SVGListProperty::insertItemBeforeValues): (WebCore::SVGListProperty::insertItemBeforeValuesAndWrappers): (WebCore::SVGListProperty::replaceItemValues): (WebCore::SVGListProperty::replaceItemValuesAndWrappers): (SVGListProperty): Updated to handle the no-op case for insertItemBefore() & replaceItem(). * svg/properties/SVGListPropertyTearOff.h: (WebCore::SVGListPropertyTearOff::findItem): (WebCore::SVGListPropertyTearOff::removeItemFromList): Index-based API updates. (WebCore::SVGListPropertyTearOff::processIncomingListItemValue): (WebCore::SVGListPropertyTearOff::processIncomingListItemWrapper): * svg/properties/SVGPathSegListPropertyTearOff.cpp: (WebCore::SVGPathSegListPropertyTearOff::processIncomingListItemValue): Detect the self-replace case and return without removing the item from the list. * svg/properties/SVGPathSegListPropertyTearOff.h: (WebCore::SVGPathSegListPropertyTearOff::findItem): (WebCore::SVGPathSegListPropertyTearOff::removeItemFromList): (SVGPathSegListPropertyTearOff): (WebCore::SVGPathSegListPropertyTearOff::processIncomingListItemWrapper): * svg/properties/SVGStaticListPropertyTearOff.h: (WebCore::SVGStaticListPropertyTearOff::processIncomingListItemValue): (WebCore::SVGStaticListPropertyTearOff::processIncomingListItemWrapper): Index-based API updates. 2013-02-13 Takashi Sakamoto [Refactoring] StyleResolver::State should have methods to access its member variables. https://bugs.webkit.org/show_bug.cgi?id=108563 Reviewed by Antti Koivisto. Made all member variables private and added methods to access the variables, because most of the member variables are read-only. We don't need to update those read-only variables while resolving styles. No new tests, because just refactoring. * css/SVGCSSStyleSelector.cpp: (WebCore::StyleResolver::applySVGProperty): * css/StyleResolver.cpp: (WebCore): (WebCore::StyleResolver::collectMatchingRules): (WebCore::StyleResolver::collectMatchingRulesForRegion): (WebCore::StyleResolver::sortAndTransferMatchedRules): (WebCore::StyleResolver::matchScopedAuthorRules): (WebCore::StyleResolver::styleSharingCandidateMatchesHostRules): (WebCore::StyleResolver::matchHostRules): (WebCore::StyleResolver::matchAuthorRules): (WebCore::StyleResolver::matchUserRules): (WebCore::StyleResolver::matchUARules): (WebCore::StyleResolver::collectMatchingRulesForList): (WebCore::StyleResolver::sortMatchedRules): (WebCore::StyleResolver::matchAllRules): (WebCore::StyleResolver::State::initElement): (WebCore::StyleResolver::initElement): Modified to invoke m_state.initElement if a given element is different from current m_state's element. (WebCore::StyleResolver::State::initForStyleResolve): Moved from StyleResolver. (WebCore::StyleResolver::styleSharingCandidateMatchesRuleSet): (WebCore::StyleResolver::canShareStyleWithControl): (WebCore::StyleResolver::sharingCandidateHasIdenticalStyleAffectingAttributes): (WebCore::StyleResolver::canShareStyleWithElement): (WebCore::StyleResolver::locateSharedStyle): (WebCore::StyleResolver::styleForElement): (WebCore::StyleResolver::styleForKeyframe): (WebCore::StyleResolver::keyframeStylesForAnimation): (WebCore::StyleResolver::pseudoStyleForElement): Changed ASSERT in the first line. ASSERT(m_state.parentStyle) would be wrong, because it depends on previous resolving. However, initForStyleResolve will also update m_state.parentStyle. No code in pseudoStyleForElement depends on previous resolving state. (WebCore::StyleResolver::styleForPage): (WebCore::StyleResolver::defaultStyleForElement): (WebCore::StyleResolver::adjustRenderStyle): (WebCore::StyleResolver::updateFont): (WebCore::StyleResolver::pseudoStyleRulesForElement): (WebCore::StyleResolver::ruleMatches): Added one more parameter, dynamicPseudo, because dynamicPseudo in State class is just used for returning matched pseudo style from this ruleMatches to collectMatchingRulesForList. No need to keep dynamicPseudo while resolving styles. (WebCore::StyleResolver::checkRegionSelector): Removed m_pseudoStyle = NOPSEUDO, because this method uses just SelectorChecker::matched. SelectorChecker doesn't see StyleResolver's m_pseudoStyle directly. Need to use SelectorCheckerContext. So no need to set m_pseudoStyle to be NOPSEUDO. (WebCore::StyleResolver::applyProperties): (WebCore::StyleResolver::applyMatchedProperties): (WebCore::StyleResolver::isLeftPage): (WebCore::StyleResolver::applyPropertyToStyle): (WebCore::StyleResolver::useSVGZoomRules): (WebCore::createGridTrackBreadth): (WebCore::StyleResolver::resolveVariables): (WebCore::StyleResolver::applyProperty): (WebCore::StyleResolver::cachedOrPendingFromValue): (WebCore::StyleResolver::generatedOrPendingFromValue): (WebCore::StyleResolver::setOrPendingFromValue): (WebCore::StyleResolver::cursorOrPendingFromValue): (WebCore::StyleResolver::checkForTextSizeAdjust): (WebCore::StyleResolver::initializeFontStyle): (WebCore::StyleResolver::setFontSize): (WebCore::StyleResolver::colorFromPrimitiveValue): (WebCore::StyleResolver::loadPendingSVGDocuments): (WebCore::StyleResolver::cachedOrPendingStyleShaderFromValue): (WebCore::StyleResolver::loadPendingShaders): (WebCore::StyleResolver::parseCustomFilterTransformParameter): (WebCore::StyleResolver::createFilterOperations): (WebCore::StyleResolver::loadPendingImage): (WebCore::StyleResolver::loadPendingImages): * css/StyleResolver.h: (WebCore::StyleResolver::style): (WebCore::StyleResolver::parentStyle): (WebCore::StyleResolver::rootElementStyle): (WebCore::StyleResolver::element): (WebCore::StyleResolver::hasParentNode): (StyleResolver): (WebCore::StyleResolver::State::State): (State): (WebCore::StyleResolver::State::clear): Modified to use clear at the end of styleForElement. (WebCore::StyleResolver::State::document): (WebCore::StyleResolver::State::element): (WebCore::StyleResolver::State::styledElement): (WebCore::StyleResolver::State::setStyle): (WebCore::StyleResolver::State::style): (WebCore::StyleResolver::State::takeStyle): (WebCore::StyleResolver::State::ensureRuleList): (WebCore::StyleResolver::State::takeRuleList): (WebCore::StyleResolver::State::parentNode): (WebCore::StyleResolver::State::setParentStyle): (WebCore::StyleResolver::State::parentStyle): (WebCore::StyleResolver::State::rootElementStyle): (WebCore::StyleResolver::State::regionForStyling): (WebCore::StyleResolver::State::setSameOriginOnly): (WebCore::StyleResolver::State::isSameOriginOnly): (WebCore::StyleResolver::State::pseudoStyle): (WebCore::StyleResolver::State::elementLinkState): (WebCore::StyleResolver::State::distributedToInsertionPoint): (WebCore::StyleResolver::State::setElementAffectedByClassRules): (WebCore::StyleResolver::State::elementAffectedByClassRules): (WebCore::StyleResolver::State::setApplyPropertyToRegularStyle): (WebCore::StyleResolver::State::setApplyPropertyToVisitedLinkStyle): (WebCore::StyleResolver::State::applyPropertyToRegularStyle): (WebCore::StyleResolver::State::applyPropertyToVisitedLinkStyle): (WebCore::StyleResolver::State::pendingImageProperties): (WebCore::StyleResolver::State::pendingSVGDocuments): (WebCore::StyleResolver::State::setHasPendingShaders): (WebCore::StyleResolver::State::hasPendingShaders): (WebCore::StyleResolver::State::setLineHeightValue): (WebCore::StyleResolver::State::lineHeightValue): (WebCore::StyleResolver::State::setFontDirty): (WebCore::StyleResolver::State::fontDirty): (WebCore::StyleResolver::State::cacheBorderAndBackground): (WebCore::StyleResolver::State::hasUAAppearance): (WebCore::StyleResolver::State::borderData): (WebCore::StyleResolver::State::backgroundData): (WebCore::StyleResolver::State::backgroundColor): (WebCore::StyleResolver::State::fontDescription): (WebCore::StyleResolver::State::parentFontDescription): (WebCore::StyleResolver::State::setFontDescription): (WebCore::StyleResolver::State::setZoom): (WebCore::StyleResolver::State::setEffectiveZoom): (WebCore::StyleResolver::State::setTextSizeAdjust): (WebCore::StyleResolver::State::setWritingMode): (WebCore::StyleResolver::State::setTextOrientation): fontDescription, ... and setTextOrientation were moved from StyleResolver. (WebCore::StyleResolver::State::matchedRules): (WebCore::StyleResolver::State::addMatchedRule): Moved from StyleResolver. (WebCore::StyleResolver::applyPropertyToRegularStyle): (WebCore::StyleResolver::applyPropertyToVisitedLinkStyle): (WebCore::StyleResolver::fontDescription): (WebCore::StyleResolver::parentFontDescription): (WebCore::StyleResolver::setFontDescription): (WebCore::StyleResolver::setZoom): (WebCore::StyleResolver::setEffectiveZoom): (WebCore::StyleResolver::setTextSizeAdjust): (WebCore::StyleResolver::setWritingMode): (WebCore::StyleResolver::setTextOrientation): These fontDescription, ..., setTextOrientation are wrappers to invoke State's methods. StyleBuilder still depends on StyleResolver and invokes these methods. So we need these wrappers. 2013-02-13 Allan Sandfeld Jensen [Qt] window.open passes height and width parameters even if not defined in a page https://bugs.webkit.org/show_bug.cgi?id=107705 Reviewed by Kenneth Rohde Christiansen. Do not override width or height of 0, as that indicates default size, and not minimum size. Tested by tst_qwebpage. * page/DOMWindow.cpp: (WebCore::DOMWindow::adjustWindowRect): 2013-02-13 Rashmi Shyamasundar The 2D Canvas functions fillText()/strokeText() should display nothing when maxWidth is less then or equal to zero https://bugs.webkit.org/show_bug.cgi?id=102656 Reviewed by Dirk Schulze. The functions fillText()/strokeText() should not display anything when maxWidth is less than or equal to zero, according to spec : http://www.w3.org/TR/2dcontext/#text-preparation-algorithm Test: fast/canvas/canvas-fillText-maxWidth-zero.html * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::drawTextInternal): 2013-02-13 ChangSeok Oh [GTK][AC] Implement basic transform animations with clutter ac backend https://bugs.webkit.org/show_bug.cgi?id=109363 Reviewed by Gustavo Noronha Silva. Implement basic transform animation with clutter ac backend. GraphicsLayerClutter is almost same with GraphicsLayerCA. And PlatformClutterAnimation interfaces are also similar with PlatformCAAnimation, but they are implemented with native clutter APIs. Clutter backend AC supports a basic single transform animation with this patch now, but additive animation combination and keyframe animation are not supported yet. Covered by existing animation tests. * platform/graphics/clutter/GraphicsLayerActor.cpp: (graphicsLayerActorSetTransform): * platform/graphics/clutter/GraphicsLayerClutter.cpp: (WebCore::isTransformTypeTransformationMatrix): (WebCore): (WebCore::isTransformTypeFloatPoint3D): (WebCore::isTransformTypeNumber): (WebCore::getTransformFunctionValue): (WebCore::getValueFunctionNameForTransformOperation): (WebCore::GraphicsLayerClutter::setTransformAnimationEndpoints): (WebCore::GraphicsLayerClutter::appendToUncommittedAnimations): (WebCore::GraphicsLayerClutter::createTransformAnimationsFromKeyframes): * platform/graphics/clutter/GraphicsLayerClutter.h: (GraphicsLayerClutter): * platform/graphics/clutter/PlatformClutterAnimation.cpp: (WebCore::toClutterActorPropertyString): (WebCore): (WebCore::PlatformClutterAnimation::supportsValueFunction): (WebCore::PlatformClutterAnimation::duration): (WebCore::PlatformClutterAnimation::setDuration): (WebCore::PlatformClutterAnimation::setAdditive): (WebCore::PlatformClutterAnimation::valueFunction): (WebCore::PlatformClutterAnimation::setValueFunction): (WebCore::PlatformClutterAnimation::setFromValue): (WebCore::PlatformClutterAnimation::setToValue): (WebCore::PlatformClutterAnimation::timeline): (WebCore::PlatformClutterAnimation::addClutterTransitionForProperty): (WebCore::PlatformClutterAnimation::addOpacityTransition): (WebCore::PlatformClutterAnimation::addTransformTransition): (WebCore::PlatformClutterAnimation::addAnimationForKey): * platform/graphics/clutter/PlatformClutterAnimation.h: (PlatformClutterAnimation): 2013-02-13 Ilya Tikhonovsky Web Inspector: Native Memory Instrumentation: reportLeaf method doesn't report the leaf node properly. https://bugs.webkit.org/show_bug.cgi?id=109554 In some cases leaves have no pointer so with the old schema we can't generate nodeId for them because we can't insert 0 into hashmap. It happens when we call addPrivateBuffer method. Drive by fix: I introduced a client interface for the HeapGraphSerializer. It helps me to do the tests for the serializer. Reviewed by Yury Semikhatsky. It is covered by newly added tests in TestWebKitAPI. * inspector/HeapGraphSerializer.cpp: (WebCore::HeapGraphSerializer::HeapGraphSerializer): (WebCore::HeapGraphSerializer::pushUpdate): (WebCore::HeapGraphSerializer::reportNode): (WebCore::HeapGraphSerializer::toNodeId): (WebCore::HeapGraphSerializer::addRootNode): * inspector/HeapGraphSerializer.h: (HeapGraphSerializer): (Client): (WebCore::HeapGraphSerializer::Client::~Client): * inspector/InspectorMemoryAgent.cpp: (WebCore): (WebCore::InspectorMemoryAgent::getProcessMemoryDistributionImpl): 2013-02-13 Yury Semikhatsky Web Inspector: add experimental native heap graph to Timeline panel https://bugs.webkit.org/show_bug.cgi?id=109687 Reviewed by Alexander Pavlov. Added experimentatl support for native heap graph on the Timeline panel. Native memory usage data is collected after each top level task and can be displayed instead of DOM counters graph on the Timeline panel if corresponding experiment is enabled in the inspector settings. * inspector/Inspector.json: * inspector/InspectorController.cpp: (WebCore::InspectorController::InspectorController): * inspector/InspectorTimelineAgent.cpp: (TimelineAgentState): (WebCore::InspectorTimelineAgent::setIncludeDomCounters): (WebCore): (WebCore::InspectorTimelineAgent::setIncludeNativeMemoryStatistics): (WebCore::InspectorTimelineAgent::innerAddRecordToTimeline): (WebCore::InspectorTimelineAgent::setDOMCounters): (WebCore::InspectorTimelineAgent::setNativeHeapStatistics): (WebCore::InspectorTimelineAgent::InspectorTimelineAgent): * inspector/InspectorTimelineAgent.h: (WebCore): (WebCore::InspectorTimelineAgent::create): (InspectorTimelineAgent): * inspector/WorkerInspectorController.cpp: (WebCore::WorkerInspectorController::WorkerInspectorController): * inspector/front-end/MemoryStatistics.js: (WebInspector.MemoryStatistics): * inspector/front-end/NativeMemoryGraph.js: (WebInspector.NativeMemoryGraph): (WebInspector.NativeMemoryGraph.prototype._onRecordAdded.addStatistics): (WebInspector.NativeMemoryGraph.prototype._onRecordAdded): * inspector/front-end/Settings.js: (WebInspector.ExperimentsSettings): * inspector/front-end/TimelinePanel.js: 2013-02-13 Vladislav Kaznacheev Web Inspector: Fixed colorpicker editing and scrolling. https://bugs.webkit.org/show_bug.cgi?id=109434. Reviewed by Alexander Pavlov. The color picker scrolling logic relied on the fixed DOM structure which changed with the introduction of SidebarPaneStack (https://bugs.webkit.org/show_bug.cgi?id=108183). Added a special CSS class to mark the scroll target. No new tests. * inspector/front-end/SplitView.js: (WebInspector.SplitView): * inspector/front-end/StylesSidebarPane.js: (WebInspector.StylePropertyTreeElement.prototype.updateTitle.): * inspector/front-end/TabbedPane.js: (WebInspector.TabbedPane): 2013-02-13 Andrey Lushnikov Web Inspector: fix js compilation warnings in TextPrompt https://bugs.webkit.org/show_bug.cgi?id=109685 Reviewed by Alexander Pavlov. Mark last argument of _applySuggestion function as optional. No new tests: no change in behaviour. * inspector/front-end/TextPrompt.js: 2013-02-13 Pablo Flouret Implement css-conditional's CSS.supports() https://bugs.webkit.org/show_bug.cgi?id=100324 Reviewed by Antti Koivisto. http://dev.w3.org/csswg/css3-conditional/#the-css-interface The supports() method provides the css @supports rule's corresponding dom api. The patch also adds the CSS interface on DOMWindow, which holds "useful CSS-related functions that do not belong elsewhere". This is where supports() lives. Test: css3/supports-dom-api.html * CMakeLists.txt: * DerivedSources.cpp: * DerivedSources.make: * DerivedSources.pri: * GNUmakefile.list.am: * Target.pri: * WebCore.exp.in: * WebCore.gypi: * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: * bindings/gobject/GNUmakefile.am: * bindings/scripts/CodeGeneratorGObject.pm: (SkipFunction): Add DOMWindowCSS.* to the build systems. * bindings/scripts/CodeGenerator.pm: (WK_lcfirst): Handle CSS prefixes correctly (s/cSS/css/). * css/CSSGrammar.y.in: * css/CSSParser.cpp: (WebCore::CSSParser::CSSParser): (WebCore::CSSParser::parseSupportsCondition): (WebCore::CSSParser::detectAtToken): * css/CSSParser.h: webkit_supports_condition parses just the condition part of an @supports rule and evaluates it, outputting whether the condition is supported or not. * css/CSSAllInOne.cpp: * css/DOMWindowCSS.cpp: Added. * css/DOMWindowCSS.h: Added. * css/DOMWindowCSS.idl: Added. The CSS interface object. * page/DOMWindow.cpp: (WebCore::DOMWindow::css): * page/DOMWindow.h: * page/DOMWindow.idl: window.CSS 2013-02-13 Vladislav Kaznacheev Web Inspector: Simplify SplitView to rely more on CSS https://bugs.webkit.org/show_bug.cgi?id=109426 Reviewed by Vsevolod Vlasov. Simplified Javascript code by moving large part of the layout logic into CSS rules. The patch is larger than it should be because one of the clients (TimelinePanel) is breaking SplitView incapsulation by reparenting its resizer. No new tests. * inspector/front-end/SidebarView.js: (WebInspector.SidebarView): * inspector/front-end/SplitView.js: (WebInspector.SplitView): (WebInspector.SplitView.prototype._innerSetVertical): (WebInspector.SplitView.prototype.setSecondIsSidebar): (WebInspector.SplitView.prototype._showOnly): (WebInspector.SplitView.prototype._removeAllLayoutProperties): * inspector/front-end/TimelinePanel.js: * inspector/front-end/cssNamedFlows.css: (.css-named-flow-collections-view .split-view-sidebar): (.css-named-flow-collections-view .split-view-sidebar .sidebar-content): (.css-named-flow-collections-view .split-view-sidebar .selection): (.css-named-flow-collections-view .split-view-sidebar .named-flow-overflow::before, .css-named-flow-collections-view .region-empty:before, .css-named-flow-collections-view .region-fit::before, .css-named-flow-collections-view .region-overset::before): (.css-named-flow-collections-view .split-view-sidebar .named-flow-overflow::before): * inspector/front-end/splitView.css: (.split-view-contents.maximized): (.split-view-vertical .split-view-contents): (.split-view-vertical .split-view-contents-first): (.split-view-vertical .split-view-contents-first.maximized): (.split-view-vertical .split-view-contents-second): (.split-view-vertical .split-view-contents-second.maximized): (.split-view-horizontal .split-view-contents): (.split-view-horizontal .split-view-contents-first): (.split-view-horizontal .split-view-contents-first.maximized): (.split-view-horizontal .split-view-contents-second): (.split-view-horizontal .split-view-contents-second.maximized): (.split-view-vertical .split-view-sidebar.split-view-contents-first:not(.maximized)): (.split-view-vertical .split-view-sidebar.split-view-contents-second:not(.maximized)): (.split-view-horizontal .split-view-sidebar.split-view-contents-first:not(.maximized)): (.split-view-horizontal .split-view-sidebar.split-view-contents-second:not(.maximized)): (.split-view-vertical .split-view-resizer): (.split-view-horizontal .split-view-resizer): * inspector/front-end/timelinePanel.css: (.timeline.split-view-vertical .split-view-resizer): (#timeline-container .split-view-sidebar): 2013-02-13 Kentaro Hara Unreviewed, rolling out r142730. http://trac.webkit.org/changeset/142730 https://bugs.webkit.org/show_bug.cgi?id=109666 chromium browser tests are failing * bindings/scripts/CodeGeneratorV8.pm: (GenerateNormalAttrGetter): (GenerateNormalAttrSetter): (GenerateSingleBatchedAttribute): (GenerateImplementation): * bindings/scripts/test/V8/V8TestInterface.cpp: (TestInterfaceV8Internal): (WebCore): * bindings/scripts/test/V8/V8TestObj.cpp: (WebCore): 2013-02-13 Tamas Czene OpenCL implementation of Flood SVG filters. https://bugs.webkit.org/show_bug.cgi?id=109580 Reviewed by Zoltan Herczeg. * Target.pri: * platform/graphics/filters/FEFlood.h: (FEFlood): * platform/graphics/gpu/opencl/FilterContextOpenCL.cpp: (WebCore): (WebCore::PROGRAM_STR): (WebCore::FilterContextOpenCL::compileFill): (WebCore::FilterContextOpenCL::fill): * platform/graphics/gpu/opencl/FilterContextOpenCL.h: (WebCore::FilterContextOpenCL::FilterContextOpenCL): (FilterContextOpenCL): * platform/graphics/gpu/opencl/OpenCLFEFlood.cpp: Added. (WebCore): (WebCore::FEFlood::platformApplyOpenCL): 2013-02-13 Mike West location.href does not throw SECURITY_ERR when accessed across origins with JSC bindings https://bugs.webkit.org/show_bug.cgi?id=43891 Reviewed by Adam Barth. Other browsers (IE, Firefox, and Opera) throw an exception when accessing properties of a Location object across origins, as the spec suggests[1]. WebKit is currently the outlier. This has a few negative effects: developers are forced to hack around access violations in two ways rather than having a single code path, and (more annoyingly) developers are unable to avoid generating the error message. See every ad on the internet for the effect on the console. :) This patch adds a SECURITY_ERR exception to these access violations, which is the first step towards getting rid of the console spam. Getting rid of the message entirely will require a solution to http://wkbug.com/98050. A fairly inconclusive thread[2] on webkit-dev popped up in 2010 and trailed off without reaching conclusion. A more recent thread reached agreement that this patch seems like a reasonable thing to do[3]. This is the JSC half of the patch. V8 is coming in http://wkbug.com/43892 [1]: http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#security-location [2]: https://lists.webkit.org/pipermail/webkit-dev/2010-August/013880.html [2]: https://lists.webkit.org/pipermail/webkit-dev/2012-February/023636.html * bindings/js/JSLocationCustom.cpp: (WebCore::JSLocation::getOwnPropertySlotDelegate): 2013-02-13 Andrew Wilson Unreviewed Chromium gyp-file cleanup after glib backend removal. https://bugs.webkit.org/show_bug.cgi?id=109672 Removed references to GLib unicode backend: * WebCore.gypi: 2013-02-12 Kentaro Hara [V8] Generate wrapper methods for custom getters/setters https://bugs.webkit.org/show_bug.cgi?id=109666 Reviewed by Adam Barth. Currently V8 directly calls back custom getters/setters written in custom binding files. This makes it impossible for code generators to hook custom getters/setters (e.g. Code generators cannot insert a code for FeatureObservation into custom getters/setters). We should generate wrapper methods for custom getters/setters. In the future, I will insert TRACE_EVENT() macros into these wrapper methods to profile DOM getters/setters/methods. * bindings/scripts/CodeGeneratorV8.pm: (GenerateNormalAttrGetter): (GenerateNormalAttrSetter): (GenerateSingleBatchedAttribute): (GenerateImplementation): * bindings/scripts/test/V8/V8TestInterface.cpp: (WebCore::TestInterfaceV8Internal::supplementalStr3AttrGetter): (TestInterfaceV8Internal): (WebCore::TestInterfaceV8Internal::supplementalStr3AttrSetter): (WebCore): * bindings/scripts/test/V8/V8TestObj.cpp: (WebCore::TestObjV8Internal::customAttrAttrGetter): (TestObjV8Internal): (WebCore::TestObjV8Internal::customAttrAttrSetter): (WebCore): 2013-02-13 Sheriff Bot Unreviewed, rolling out r142611. http://trac.webkit.org/changeset/142611 https://bugs.webkit.org/show_bug.cgi?id=109668 Suggest box is not shown anymore when user types "window." in inspector console. (Requested by vsevik on #webkit). * inspector/front-end/TextPrompt.js: (WebInspector.TextPrompt.prototype.complete): 2013-02-13 Kentaro Hara [V8] There is no XXXConstructor that requires a custom getter https://bugs.webkit.org/show_bug.cgi?id=109667 Reviewed by Adam Barth. Currently '[Custom] attribute XXXConstructor xxx' generates XXXAttrGetter(). However, there is no XXXConstructor with [Custom]. In addition, it does make no sense to generate XXXAttrGetter() for such cases. We can remove the logic from CodeGeneratorV8.pm. * bindings/scripts/CodeGeneratorV8.pm: (GenerateSingleBatchedAttribute): 2013-02-12 Hajime Morrita [Internals] setShadowDOMEnabled() shouldn't be used except a few tests. https://bugs.webkit.org/show_bug.cgi?id=109642 Reviewed by Kent Tamura. InternalSettings.setShadowDOMEnabled() shouldn't be called after any relevant DOM bindings are touched. However for fuzzers, it isn't trivial to regulate its behavior. This change whitelists the URL of running test for prevent unintended API calls. This doesn't hurt the Internals usability since the API is called from just a couple of tests and the number isn't expected to grow. Test: fast/dom/shadow/shadow-dom-enabled-flag-whitelist.html * testing/InternalSettings.cpp: (WebCore::urlIsWhitelisted): (WebCore): (WebCore::InternalSettings::setShadowDOMEnabled): 2013-02-12 Vsevolod Vlasov Web Inspector: Introduce version controller to migrate settings versions. https://bugs.webkit.org/show_bug.cgi?id=109553 Reviewed by Yury Semikhatsky. This patch introduces version controller that could be used to migrate inspector settings. Test: inspector/version-controller.html * inspector/front-end/Settings.js: (WebInspector.Settings): (WebInspector.VersionController): (WebInspector.VersionController.prototype.set _methodsToRunToUpdateVersion): (WebInspector.VersionController.prototype._updateVersionFrom0To1): * inspector/front-end/inspector.js: 2013-02-12 Martin Robinson [GTK] Remove the GLib unicode backend https://bugs.webkit.org/show_bug.cgi?id=109627 Reviewed by Benjamin Poulain. Remove references to the GLib unicode backend from WebCore. * GNUmakefile.list.am: Update the source list. * platform/text/gtk/TextBreakIteratorGtk.cpp: Removed. * platform/text/gtk/TextCodecGtk.cpp: Removed. * platform/text/gtk/TextCodecGtk.h: Removed. 2013-02-12 Chris Fleizach AX: crash when accessing AccessibilityScrollbar after page has been unloaded https://bugs.webkit.org/show_bug.cgi?id=109524 Reviewed by Ryosuke Niwa. AX clients can hold onto AccesibilityScrollbar references that reference parent AccessibilityScrollViews that have already gone away. AccessibilityScrollView is not calling detachFromParent after it is removed, which leads to a crash. The fix is to clearChildren() when an object is deallocated. I could not create a test because the crash only manifests over multiple page loads. * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::detach): 2013-02-12 Hayato Ito Use FocusEvent.relatedTarget in {FocusIn,FocusOut,Focus,Blur}EventDispatchMediator. https://bugs.webkit.org/show_bug.cgi?id=109650 Reviewed by Dimitri Glazkov. Set FocusEvent.relatedTarget in its constructor so that each EventDispatchMediator can use FocusEvent.relatedTarget rather than its redundant m_{old,new}FocusedNode member variable. I've also removed FIXME comments, mentioning bug 109261, since I can not reproduce the issue. No new tests. No change in functionality. * dom/FocusEvent.cpp: (WebCore::FocusEventDispatchMediator::create): (WebCore::FocusEventDispatchMediator::FocusEventDispatchMediator): (WebCore::FocusEventDispatchMediator::dispatchEvent): (WebCore::BlurEventDispatchMediator::create): (WebCore::BlurEventDispatchMediator::BlurEventDispatchMediator): (WebCore::BlurEventDispatchMediator::dispatchEvent): (WebCore::FocusInEventDispatchMediator::create): (WebCore::FocusInEventDispatchMediator::FocusInEventDispatchMediator): (WebCore::FocusInEventDispatchMediator::dispatchEvent): (WebCore::FocusOutEventDispatchMediator::create): (WebCore::FocusOutEventDispatchMediator::FocusOutEventDispatchMediator): (WebCore::FocusOutEventDispatchMediator::dispatchEvent): * dom/FocusEvent.h: (FocusEventDispatchMediator): (BlurEventDispatchMediator): (FocusInEventDispatchMediator): (FocusOutEventDispatchMediator): * dom/Node.cpp: (WebCore::Node::dispatchFocusInEvent): (WebCore::Node::dispatchFocusOutEvent): (WebCore::Node::dispatchFocusEvent): (WebCore::Node::dispatchBlurEvent): 2013-02-12 Takashi Sakamoto [Refactoring] Make SelectorChecker::mode a constructor parameter. https://bugs.webkit.org/show_bug.cgi?id=109653 Reviewed by Dimitri Glazkov. No new tests, because just refactoring. * css/SelectorChecker.cpp: (WebCore::SelectorChecker::SelectorChecker): Made mode a constructor parameter. * css/SelectorChecker.h: Removed setMode. (SelectorChecker): * css/StyleResolver.cpp: (WebCore::StyleResolver::ruleMatches): (WebCore::StyleResolver::checkRegionSelector): * dom/SelectorQuery.cpp: (WebCore::SelectorQuery::matches): (WebCore::SelectorQuery::queryAll): (WebCore::SelectorQuery::queryFirst): * html/shadow/ContentSelectorQuery.cpp: (WebCore::ContentSelectorChecker::ContentSelectorChecker): 2013-02-12 Andreas Kling Remove Element::ensureAttributeData(). Reviewed by Anders Carlsson. * dom/Element.h: * dom/Element.cpp: (WebCore::Element::classAttributeChanged): (WebCore::Element::shouldInvalidateDistributionWhenAttributeChanged): Use attributeData() instead of ensureAttributeData(), it's already guaranteed to exist in both these functions as they are called in response to attribute changes. * svg/SVGElement.h: (WebCore::SVGElement::invalidateSVGAttributes): Use mutableAttributeData() instead of ensureAttributeData() when invalidating animated SVG attributes. While I can't find any bugs caused by this, an element with property animations shouldn't share attribute data with other elements. 2013-02-12 Hayato Ito Make {FocusIn,FocusOut,Focus,Blur}EventDispatchMediator type safe. https://bugs.webkit.org/show_bug.cgi?id=109561 Reviewed by Dimitri Glazkov. Use FocusEvent rather than Event in {FocusIn,FocusOut,Focus,Blur}EventDispatchMediator. No new tests. No change in functionality. * dom/FocusEvent.cpp: (WebCore::FocusEventDispatchMediator::create): (WebCore::FocusEventDispatchMediator::FocusEventDispatchMediator): (WebCore::BlurEventDispatchMediator::create): (WebCore::BlurEventDispatchMediator::BlurEventDispatchMediator): (WebCore::FocusInEventDispatchMediator::create): (WebCore::FocusInEventDispatchMediator::FocusInEventDispatchMediator): (WebCore::FocusOutEventDispatchMediator::create): (WebCore::FocusOutEventDispatchMediator::FocusOutEventDispatchMediator): * dom/FocusEvent.h: (FocusEventDispatchMediator): (WebCore::FocusEventDispatchMediator::event): (BlurEventDispatchMediator): (WebCore::BlurEventDispatchMediator::event): (FocusInEventDispatchMediator): (WebCore::FocusInEventDispatchMediator::event): (FocusOutEventDispatchMediator): (WebCore::FocusOutEventDispatchMediator::event): 2013-02-12 Eric Seidel Fix HTMLToken::Attribute member naming and update callsites to use Vector-based String functions https://bugs.webkit.org/show_bug.cgi?id=109638 Reviewed by Adam Barth. Darin Adler noted in: https://bugs.webkit.org/show_bug.cgi?id=109408#c4 that HTMLToken::Attribute (then MarkupTokenBase::Attribute) was a struct, yet incorrectly used m_ for its public members. This patch fixes the members to not have the m_, and since I was touching all callers, I also updated all callers to use modern Vector-based String creation/append functions instead of manually calling UChar*, size_t versions. There should be no behavior change to this patch. Where I saw performance/memory bugs, I noted them with FIXMEs to keep this change simple. * html/HTMLViewSourceDocument.cpp: (WebCore::HTMLViewSourceDocument::processTagToken): * html/parser/AtomicHTMLToken.h: (WebCore::AtomicHTMLToken::publicIdentifier): (WebCore::AtomicHTMLToken::systemIdentifier): (WebCore::AtomicHTMLToken::AtomicHTMLToken): (WebCore::AtomicHTMLToken::initializeAttributes): * html/parser/CompactHTMLToken.cpp: (WebCore::CompactHTMLToken::CompactHTMLToken): * html/parser/HTMLMetaCharsetParser.cpp: (WebCore::HTMLMetaCharsetParser::processMeta): (WebCore::HTMLMetaCharsetParser::checkForMetaCharset): * html/parser/HTMLPreloadScanner.cpp: (WebCore::StartTagScanner::processAttributes): (WebCore::HTMLPreloadScanner::scan): (WebCore::HTMLPreloadScanner::processPossibleBaseTag): (WebCore::HTMLPreloadScanner::processToken): * html/parser/HTMLToken.h: (Range): (Attribute): (WebCore::HTMLToken::clear): (WebCore::HTMLToken::startIndex): (WebCore::HTMLToken::endIndex): (WebCore::HTMLToken::end): (WebCore::HTMLToken::nameString): (WebCore::HTMLToken::addNewAttribute): (WebCore::HTMLToken::beginAttributeName): (WebCore::HTMLToken::endAttributeName): (WebCore::HTMLToken::beginAttributeValue): (WebCore::HTMLToken::endAttributeValue): (WebCore::HTMLToken::appendToAttributeName): (WebCore::HTMLToken::appendToAttributeValue): (WebCore::HTMLToken::eraseValueOfAttribute): * html/parser/HTMLTokenizer.cpp: (WebCore::AtomicHTMLToken::nameForAttribute): * html/parser/HTMLViewSourceParser.cpp: (WebCore::HTMLViewSourceParser::updateTokenizerState): * html/parser/XSSAuditor.cpp: (WebCore::findAttributeWithName): (WebCore::XSSAuditor::filterParamToken): (WebCore::XSSAuditor::eraseDangerousAttributesIfInjected): (WebCore::XSSAuditor::eraseAttributeIfInjected): (WebCore::XSSAuditor::decodedSnippetForAttribute): 2013-02-12 Ryosuke Niwa Build fix. * editing/Editor.h: (WebCore::Editor::avoidIntersectionWithDeleteButtonController): 2013-02-12 Nate Chapin REGRESSION: Reloading a local file doesn't pick up changes https://bugs.webkit.org/show_bug.cgi?id=109344 Reviewed by Alexey Proskuryakov. Test: http/tests/cache/reload-main-resource.php * loader/cache/CachedResource.cpp: (WebCore::CachedResource::load): * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::determineRevalidationPolicy): (WebCore::CachedResourceLoader::cachePolicy): Don't use subresourceCachePolicy() for main resources. * loader/cache/CachedResourceLoader.h: (CachedResourceLoader): 2013-02-12 Ryosuke Niwa Turn avoidIntersectionWithNode into Editor member functions to encapsulate delete button controller https://bugs.webkit.org/show_bug.cgi?id=109549 Reviewed by Tony Chang. Renamed avoidIntersectionWithNode to Editor::avoidIntersectionWithDeleteButtonController and added trivial implementations when delete button controllers are disabled (ENABLE_DELETION_UI is 0). * editing/DeleteButtonController.cpp: * editing/EditCommand.cpp: (WebCore::EditCommand::EditCommand): * editing/Editor.cpp: (WebCore::Editor::avoidIntersectionWithDeleteButtonController): Moved from htmlediting.cpp and renamed. The version that takes VisibleSelection has been updated to use updatePositionForNodeRemoval to share mode code with that function. (WebCore::Editor::rangeForPoint): * editing/Editor.h: (WebCore::Editor::avoidIntersectionWithDeleteButtonController): Added; trivial implementations. * editing/htmlediting.cpp: * editing/htmlediting.h: * editing/markup.cpp: (WebCore::createMarkupInternal): Extracted from createMarkup. (WebCore::createMarkup): 2013-02-12 Joseph Pecoraro [iOS] Enable PAGE_VISIBILITY_API https://bugs.webkit.org/show_bug.cgi?id=109399 Reviewed by David Kilzer. * Configurations/FeatureDefines.xcconfig: 2013-02-12 Andreas Kling Move ElementAttributeData into Element.cpp/h Reviewed by Anders Carlsson. Removed ElementAttributeData.cpp/h and moved the class itself into Element headquarters. In the near future, Element should be the only client of this class, and thus it won't be necessary for other classes to know anything about it. * dom/ElementAttributeData.cpp: Removed. * dom/ElementAttributeData.h: Removed. * CMakeLists.txt: * GNUmakefile.list.am: * Target.pri: * WebCore.gypi: * WebCore.xcodeproj/project.pbxproj: * dom/DOMAllInOne.cpp: * dom/DocumentSharedObjectPool.cpp: * dom/Element.cpp: * dom/Element.h: * workers/SharedWorker.cpp: * Modules/webdatabase/DatabaseManager.cpp: Add ExceptionCode.h since Element.h doesn't pull it in anymore. 2013-02-12 Simon Fraser Crash when scrolling soon after page starts loading https://bugs.webkit.org/show_bug.cgi?id=109631 Reviewed by Anders Carlsson. Make the scrolling tree more robust when the root state node, and/or scrolling node are null. This can happen if we try to handle a wheel event before we've done the first scrolling tree commit. * page/scrolling/ScrollingStateTree.cpp: (WebCore::ScrollingStateTree::commit): Handle the case where m_rootStateNode is null. We'll still commit, but the state tree will have no state nodes. * page/scrolling/ScrollingTree.cpp: (WebCore::ScrollingTree::handleWheelEvent): Null-check m_rootNode. (WebCore::ScrollingTree::commitNewTreeState): Handle a null root node. (WebCore::ScrollingTree::updateTreeFromStateNode): If the rood state node is null, just clear the map and null out the root scrolling node. * page/scrolling/ScrollingTree.h: m_debugInfoLayer was unused. * page/scrolling/mac/ScrollingCoordinatorMac.mm: (WebCore::ScrollingCoordinatorMac::ensureRootStateNodeForFrameView): It may be possible to get here before we've registered the root scroll layer, in which case scrollLayerID() will be 0. Assert to see if this can ever happen. (WebCore::ScrollingCoordinatorMac::scrollingStateTreeAsText): Handle case of rootStateNode() being null. 2013-02-12 Raymond Toy Synchronize setting of panner node model and processing https://bugs.webkit.org/show_bug.cgi?id=109599 Reviewed by Chris Rogers. No new tests. * Modules/webaudio/PannerNode.cpp: (WebCore::PannerNode::process): (WebCore::PannerNode::setPanningModel): * Modules/webaudio/PannerNode.h: 2013-02-12 Dean Jackson Add class name for snapshotted plugin based on dimensions https://bugs.webkit.org/show_bug.cgi?id=108369 Reviewed by Simon Fraser. As the size of the plugin changes, the Shadow Root for the snapshot might want to toggle different interfaces. Expose "tiny", "small", "medium" and "large" classes on the Shadow. (The dimensions are currently chosen fairly arbitrarily). Because we only know the dimensions after layout, we set up a post layout task to add the class. Luckily there already was a post layout task for plugins - I just updated it to handle both real and snapshotted plugins. This involved modifying the list of RenderEmbeddedObjects in FrameView to take generic RenderObjects, and decide which type they are when calling the update method. * html/HTMLPlugInImageElement.cpp: Some new dimensions for the various size thresholds. (WebCore::classNameForShadowRootSize): New static function that returns a class name after examining the size of the object. (WebCore::HTMLPlugInImageElement::updateSnapshotInfo): Sets the class name for the shadow root. This is called in the post layout task. (WebCore::shouldPlugInShowLabelAutomatically): Use new size names. (WebCore::HTMLPlugInImageElement::subframeLoaderWillCreatePlugIn): Ditto. * html/HTMLPlugInImageElement.h: (HTMLPlugInImageElement): New method updateSnapshotInfo. * page/FrameView.cpp: (WebCore::FrameView::addWidgetToUpdate): Change RenderEmbeddedObject* to RenderObject*. (WebCore::FrameView::removeWidgetToUpdate): Ditto (WebCore::FrameView::updateWidget): Branch based on EmbeddedObject vs SnapshottedPlugIn. Call plugin snapshot update if necessary. (WebCore::FrameView::updateWidgets): Handle both EmbeddedObject and SnapshottedPlugIn cases. * page/FrameView.h: Change RenderEmbeddedObject* to RenderObject* for post layout widget updates. * rendering/RenderSnapshottedPlugIn.cpp: (WebCore::RenderSnapshottedPlugIn::layout): New virtual override. If size has changed, ask the FrameView to recalculate size after layout. * rendering/RenderSnapshottedPlugIn.h: New layout() method. 2013-02-12 Mike West Implement script MIME restrictions for X-Content-Type-Options: nosniff https://bugs.webkit.org/show_bug.cgi?id=71851 Reviewed by Adam Barth. This patch adds support for 'X-Content-Type-Options: nosniff' when deciding whether or not to execute a given chunk of JavaScript. If the header is present, script will only execute if it matches a predefined set of MIME types[1] that are deemed "executable". Scripts served with types that don't match the list will not execute. IE introduced this feature, and Gecko is working on an implementation[2] now. There's been some discussion on the WHATWG list about formalizing the specification for this feature[3], but nothing significant has been decided. This implementation's list of acceptible MIME types differs from IE's: it matches the list of supported JavaScript MIME types defined in MIMETypeRegistry::initializeSupportedJavaScriptMIMETypes()[4]. In particular, the VBScript types are not accepted, and 'text/javascript1.{1,2,3}' are accepted, along with 'text/livescript'. This feature is locked tightly behind the ENABLE_NOSNIFF flag, which is currently only enabled on the Chromium port. [1]: http://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx [2]: https://bugzilla.mozilla.org/show_bug.cgi?id=471020 [3]: http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2012-November/037974.html [4]: http://trac.webkit.org/browser/trunk/Source/WebCore/platform/MIMETypeRegistry.cpp?rev=142086#L307 Tests: http/tests/security/contentTypeOptions/invalid-content-type-options-allowed.html http/tests/security/contentTypeOptions/nosniff-script-allowed.html http/tests/security/contentTypeOptions/nosniff-script-blocked.html http/tests/security/contentTypeOptions/nosniff-script-without-content-type-allowed.html * dom/ScriptElement.cpp: (WebCore::ScriptElement::executeScript): Before executing script, ensure that it shouldn't be blocked due to its MIME type. If it is blocked, write an error message to the console. * loader/cache/CachedScript.cpp: (WebCore::CachedScript::mimeType): Make scripts' MIME type available outside the context of CachedScript in order to correctly populate error messages we write to the console in ScriptElement::executeScript (WebCore): (WebCore::CachedScript::mimeTypeAllowedByNosniff): * loader/cache/CachedScript.h: (CachedScript): A new method which checks the resource's HTTP headers to set the 'nosniff' disposition, and compares the resource's MIME type against the list of allowed executable types. Returns true iff the script is allowed. * platform/network/HTTPParsers.cpp: (WebCore): (WebCore::parseContentTypeOptionsHeader): * platform/network/HTTPParsers.h: Adds a new enum which relates the sniffable status of the resource, and a method to parse the HTTP header. 2013-02-12 Adam Barth Threaded HTML parser should pass the remaining fast/tokenizer tests https://bugs.webkit.org/show_bug.cgi?id=109607 Reviewed by Eric Seidel. This patch fixes some edge cases involving document.write. Previously, we would drop input characters on the floor if the tokenizer wasn't able to consume them synchronously. In this patch, we send the unparsed characters to the background thread for consumption after rewinding the input stream. * html/parser/BackgroundHTMLInputStream.cpp: (WebCore::BackgroundHTMLInputStream::rewindTo): * html/parser/BackgroundHTMLInputStream.h: (BackgroundHTMLInputStream): * html/parser/BackgroundHTMLParser.cpp: (WebCore::BackgroundHTMLParser::resumeFrom): * html/parser/BackgroundHTMLParser.h: (Checkpoint): * html/parser/HTMLDocumentParser.cpp: (WebCore::HTMLDocumentParser::canTakeNextToken): (WebCore::HTMLDocumentParser::didFailSpeculation): (WebCore::HTMLDocumentParser::pumpTokenizer): (WebCore::HTMLDocumentParser::finish): * html/parser/HTMLInputStream.h: (WebCore::HTMLInputStream::closeWithoutMarkingEndOfFile): (HTMLInputStream): 2013-02-12 Csaba OsztrogonĂ¡c Unreviewed buildfix for !ENABLE(INSPECTOR) platforms after r142654. * inspector/InspectorInstrumentation.h: (WebCore::InspectorInstrumentation::scriptsEnabled): 2013-02-12 Christophe Dumez Remove remaining traces of Web Intents https://bugs.webkit.org/show_bug.cgi?id=109586 Reviewed by Eric Seidel. Remove remaining traces of Web Intents as the functionality was removed in r142549. No new tests, no behavior change for layout tests. * GNUmakefile.features.am.in: * html/HTMLTagNames.in: 2013-02-12 Robert Hogan REGRESSION(r136967): Combination of float and clear yields to bad layout https://bugs.webkit.org/show_bug.cgi?id=109476 Reviewed by Levi Weintraub. Test: fast/block/margin-collapse/self-collapsing-block-with-float-children.html The change made at http://trac.webkit.org/changeset/136967 only needs to worry about the first floated child of a self-collapsing block. The ones that follow are not affected by its margins. * rendering/RenderBlockLineLayout.cpp: (WebCore::RenderBlock::LineBreaker::skipLeadingWhitespace): 2013-02-12 Levi Weintraub ASSERTION FAILED: !object || object->isBox(), UNKNOWN in WebCore::RenderListItem::positionListMarker https://bugs.webkit.org/show_bug.cgi?id=108699 Reviewed by Abhishek Arya. RenderListItems performs special management of its children to maintain list markers. Splitting a flow through a list item results in assumptions made inside RenderListItem failing, so for now, avoid splitting flows when inside one. Test: fast/multicol/span/list-multi-column-crash.html * rendering/RenderBlock.cpp: (WebCore::RenderBlock::containingColumnsBlock): 2013-02-12 Roger Fong Unreviewed Windows build fix. * testing/Internals.cpp: (WebCore::Internals::resetToConsistentState): (WebCore::Internals::Internals): 2013-02-12 Vivek Galatage Web Inspector: JavaScript execution disabled by browser/UA should be notified to the front-end https://bugs.webkit.org/show_bug.cgi?id=109402 Reviewed by Yury Semikhatsky. Whenever the UA/Browser changes the Script Execution state of a page, it should notify the inspector front-end. Added the InspectorInstrumentation method didScriptExecutionStateChange to achieve this. Also the state change triggered by the inspector should be ignored to avoid infinite loop. Test: inspector/script-execution-state-change-notification.html * inspector/Inspector.json: * inspector/InspectorInstrumentation.cpp: (WebCore): (WebCore::InspectorInstrumentation::scriptsEnabledImpl): * inspector/InspectorInstrumentation.h: (InspectorInstrumentation): (WebCore::InspectorInstrumentation::scriptsEnabled): (WebCore): * inspector/InspectorPageAgent.cpp: (WebCore::InspectorPageAgent::InspectorPageAgent): (WebCore::InspectorPageAgent::setScriptExecutionDisabled): (WebCore::InspectorPageAgent::scriptsEnabled): (WebCore): * inspector/InspectorPageAgent.h: (InspectorPageAgent): * inspector/front-end/ResourceTreeModel.js: (WebInspector.PageDispatcher.prototype.javascriptDialogClosed): (WebInspector.PageDispatcher.prototype.scriptsEnabled): * page/Settings.cpp: (WebCore::Settings::setScriptEnabled): 2013-02-12 Antti Koivisto Cache timer heap pointer to timers https://bugs.webkit.org/show_bug.cgi?id=109597 Reviewed by Andreas Kling. Accessing timer heap through thread global storage is slow (~0.1% in PLT3). We can cache the heap pointer to each TimerBase. There are not huge numbers of timers around so memory is not an issue and many timers are heavily reused. * platform/Timer.cpp: (WebCore::threadGlobalTimerHeap): (WebCore::TimerHeapReference::operator=): (WebCore::TimerHeapIterator::checkConsistency): (WebCore::TimerBase::TimerBase): (WebCore::TimerBase::checkHeapIndex): (WebCore::TimerBase::setNextFireTime): * platform/Timer.h: (WebCore::TimerBase::timerHeap): (TimerBase): 2013-02-12 Adam Barth BackgroundHTMLParser::resumeFrom should take a struct https://bugs.webkit.org/show_bug.cgi?id=109598 Reviewed by Eric Seidel. This patch is purely a syntatic change that paves the way for fixing the partial-entity document.write tests. To fix those tests, we'll need to pass more information to resumeFrom, but we're hitting the argument limits in Functional.h. Rather than adding yet more arguments, this patch moves to a single argument that's a struct. * html/parser/BackgroundHTMLParser.cpp: (WebCore::BackgroundHTMLParser::resumeFrom): * html/parser/BackgroundHTMLParser.h: (Checkpoint): (BackgroundHTMLParser): * html/parser/HTMLDocumentParser.cpp: (WebCore::HTMLDocumentParser::didFailSpeculation): 2013-02-12 Elliott Sprehn rootRenderer in FrameView is really RenderView https://bugs.webkit.org/show_bug.cgi?id=109510 Reviewed by Eric Seidel. The global function rootRenderer(FrameView*) is really just a way to get the RenderView from the Frame so replace it with a renderView() method and replace usage of the word "root" with renderView so it's obvious the root we're talking about is the renderView. This is an important distinction to make since we also have rootRenderer in the code for the documentElement()'s renderer and we also have a "layout root" which is entirely different. No new tests, just refactoring. * page/FrameView.cpp: (WebCore::FrameView::rootRenderer): Removed. (WebCore::FrameView::setFrameRect): (WebCore::FrameView::adjustViewSize): (WebCore::FrameView::updateCompositingLayersAfterStyleChange): (WebCore::FrameView::updateCompositingLayersAfterLayout): (WebCore::FrameView::clearBackingStores): (WebCore::FrameView::restoreBackingStores): (WebCore::FrameView::usesCompositedScrolling): (WebCore::FrameView::layerForHorizontalScrollbar): (WebCore::FrameView::layerForVerticalScrollbar): (WebCore::FrameView::layerForScrollCorner): (WebCore::FrameView::tiledBacking): (WebCore::FrameView::scrollLayerID): (WebCore::FrameView::layerForOverhangAreas): (WebCore::FrameView::flushCompositingStateForThisFrame): (WebCore::FrameView::hasCompositedContent): (WebCore::FrameView::enterCompositingMode): (WebCore::FrameView::isSoftwareRenderable): (WebCore::FrameView::didMoveOnscreen): (WebCore::FrameView::willMoveOffscreen): (WebCore::FrameView::layout): (WebCore::FrameView::embeddedContentBox): (WebCore::FrameView::contentsInCompositedLayer): (WebCore::FrameView::scrollContentsFastPath): (WebCore::FrameView::scrollContentsSlowPath): (WebCore::FrameView::maintainScrollPositionAtAnchor): (WebCore::FrameView::scrollPositionChanged): (WebCore::FrameView::repaintFixedElementsAfterScrolling): (WebCore::FrameView::updateFixedElementsAfterScrolling): (WebCore::FrameView::visibleContentsResized): (WebCore::FrameView::scheduleRelayoutOfSubtree): (WebCore::FrameView::needsLayout): (WebCore::FrameView::setNeedsLayout): (WebCore::FrameView::performPostLayoutTasks): (WebCore::FrameView::updateControlTints): (WebCore::FrameView::paintContents): (WebCore::FrameView::forceLayoutForPagination): (WebCore::FrameView::adjustPageHeightDeprecated): (WebCore::FrameView::resetTrackedRepaints): (WebCore::FrameView::isVerticalDocument): (WebCore::FrameView::isFlippedDocument): * page/FrameView.h: (WebCore::FrameView::renderView): Added. 2013-02-12 Tomas Popela [GTK][Introspection] GObject bindings for DataTransferItemList - one add() method must be removed from .idl https://bugs.webkit.org/show_bug.cgi?id=109180 Reviewed by Xan Lopez. When compiling WebKit with --enable-introspection and generating GObject bindings for DataTransferItemList we must disable one add() method, because GObject is based on C and C does not allow two functions with the same name. No tests needed. * bindings/scripts/CodeGeneratorGObject.pm: 2013-02-12 Uday Kiran Background size width specified in viewport percentage units not working https://bugs.webkit.org/show_bug.cgi?id=109536 Reviewed by Antti Koivisto. Corrected the check for viewport percentage unit while calculating background image width. Test: fast/backgrounds/size/backgroundSize-viewportPercentage-width.html * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::calculateFillTileSize): 2013-02-12 Abhishek Arya Heap-use-after-free in WebCore::DeleteButtonController::enable https://bugs.webkit.org/show_bug.cgi?id=109447 Reviewed by Ryosuke Niwa. RefPtr frame pointer since it can get deleted due to mutation events fired inside AppendNodeCommand::doUnapply. No new tests. Testcase is hard to minimize due to recursive calls with DOMNodeRemovedFromDocument mutation event. * editing/CompositeEditCommand.cpp: (WebCore::EditCommandComposition::unapply): (WebCore::EditCommandComposition::reapply): 2013-02-12 Eric Seidel Remove HTMLTokenTypes header (and split out AtomicHTMLToken.h from HTMLToken.h) https://bugs.webkit.org/show_bug.cgi?id=109525 Reviewed by Adam Barth. We no longer need a separate HTMLTokenTypes class now that NEW_XML is gone. However, to remove HTMLTokenTypes, I had to split AtomicHTMLToken.h from HTMLToken.h (to fix a circular dependancy). * GNUmakefile.list.am: * Target.pri: * WebCore.gypi: * WebCore.vcproj/WebCore.vcproj: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.vcxproj/WebCore.vcxproj.filters: * WebCore.xcodeproj/project.pbxproj: * html/HTMLViewSourceDocument.cpp: (WebCore::HTMLViewSourceDocument::addSource): * html/parser/AtomicHTMLToken.h: Added. (WebCore): (AtomicHTMLToken): (WebCore::AtomicHTMLToken::create): (WebCore::AtomicHTMLToken::forceQuirks): (WebCore::AtomicHTMLToken::type): (WebCore::AtomicHTMLToken::name): (WebCore::AtomicHTMLToken::setName): (WebCore::AtomicHTMLToken::selfClosing): (WebCore::AtomicHTMLToken::getAttributeItem): (WebCore::AtomicHTMLToken::attributes): (WebCore::AtomicHTMLToken::characters): (WebCore::AtomicHTMLToken::charactersLength): (WebCore::AtomicHTMLToken::isAll8BitData): (WebCore::AtomicHTMLToken::comment): (WebCore::AtomicHTMLToken::publicIdentifier): (WebCore::AtomicHTMLToken::systemIdentifier): (WebCore::AtomicHTMLToken::clearExternalCharacters): (WebCore::AtomicHTMLToken::AtomicHTMLToken): (WebCore::AtomicHTMLToken::initializeAttributes): * html/parser/BackgroundHTMLParser.cpp: (WebCore::BackgroundHTMLParser::simulateTreeBuilder): * html/parser/CompactHTMLToken.cpp: (WebCore::CompactHTMLToken::CompactHTMLToken): * html/parser/CompactHTMLToken.h: (WebCore::CompactHTMLToken::type): * html/parser/HTMLConstructionSite.cpp: (WebCore::HTMLConstructionSite::insertDoctype): (WebCore::HTMLConstructionSite::insertComment): (WebCore::HTMLConstructionSite::insertCommentOnDocument): (WebCore::HTMLConstructionSite::insertCommentOnHTMLHtmlElement): (WebCore::HTMLConstructionSite::insertSelfClosingHTMLElement): (WebCore::HTMLConstructionSite::insertForeignElement): * html/parser/HTMLDocumentParser.cpp: (WebCore::HTMLDocumentParser::processParsedChunkFromBackgroundParser): (WebCore::HTMLDocumentParser::constructTreeFromHTMLToken): * html/parser/HTMLDocumentParser.h: * html/parser/HTMLMetaCharsetParser.cpp: (WebCore::HTMLMetaCharsetParser::checkForMetaCharset): * html/parser/HTMLPreloadScanner.cpp: (WebCore::isStartTag): (WebCore::isStartOrEndTag): (WebCore::HTMLPreloadScanner::processToken): * html/parser/HTMLSourceTracker.cpp: (WebCore::HTMLSourceTracker::start): (WebCore::HTMLSourceTracker::sourceForToken): * html/parser/HTMLStackItem.h: (WebCore::HTMLStackItem::HTMLStackItem): * html/parser/HTMLToken.h: (WebCore::HTMLToken::clear): (WebCore::HTMLToken::isUninitialized): (WebCore::HTMLToken::type): (WebCore::HTMLToken::makeEndOfFile): (WebCore::HTMLToken::data): (WebCore::HTMLToken::name): (WebCore::HTMLToken::appendToName): (WebCore::HTMLToken::forceQuirks): (WebCore::HTMLToken::setForceQuirks): (WebCore::HTMLToken::beginDOCTYPE): (WebCore::HTMLToken::publicIdentifier): (WebCore::HTMLToken::systemIdentifier): (WebCore::HTMLToken::setPublicIdentifierToEmptyString): (WebCore::HTMLToken::setSystemIdentifierToEmptyString): (WebCore::HTMLToken::appendToPublicIdentifier): (WebCore::HTMLToken::appendToSystemIdentifier): (WebCore::HTMLToken::selfClosing): (WebCore::HTMLToken::setSelfClosing): (WebCore::HTMLToken::beginStartTag): (WebCore::HTMLToken::beginEndTag): (WebCore::HTMLToken::addNewAttribute): (WebCore::HTMLToken::appendToAttributeName): (WebCore::HTMLToken::appendToAttributeValue): (WebCore::HTMLToken::attributes): (WebCore::HTMLToken::eraseValueOfAttribute): (WebCore::HTMLToken::ensureIsCharacterToken): (WebCore::HTMLToken::characters): (WebCore::HTMLToken::appendToCharacter): (WebCore::HTMLToken::comment): (WebCore::HTMLToken::beginComment): (WebCore::HTMLToken::appendToComment): (WebCore::HTMLToken::eraseCharacters): (HTMLToken): * html/parser/HTMLTokenTypes.h: Removed. * html/parser/HTMLTokenizer.cpp: (WebCore::AtomicHTMLToken::usesName): (WebCore::AtomicHTMLToken::usesAttributes): (WebCore::HTMLTokenizer::flushBufferedEndTag): (WebCore::HTMLTokenizer::nextToken): * html/parser/HTMLTokenizer.h: (WebCore::HTMLTokenizer::saveEndTagNameIfNeeded): (WebCore::HTMLTokenizer::haveBufferedCharacterToken): * html/parser/HTMLTreeBuilder.cpp: (WebCore::HTMLTreeBuilder::processToken): (WebCore::HTMLTreeBuilder::processDoctypeToken): (WebCore::HTMLTreeBuilder::processFakeStartTag): (WebCore::HTMLTreeBuilder::processFakeEndTag): (WebCore::HTMLTreeBuilder::processFakePEndTagIfPInButtonScope): (WebCore::HTMLTreeBuilder::processIsindexStartTagForInBody): (WebCore): (WebCore::HTMLTreeBuilder::processStartTagForInBody): (WebCore::HTMLTreeBuilder::processStartTagForInTable): (WebCore::HTMLTreeBuilder::processStartTag): (WebCore::HTMLTreeBuilder::processBodyEndTagForInBody): (WebCore::HTMLTreeBuilder::processAnyOtherEndTagForInBody): (WebCore::HTMLTreeBuilder::processEndTagForInTableBody): (WebCore::HTMLTreeBuilder::processEndTagForInRow): (WebCore::HTMLTreeBuilder::processEndTagForInCell): (WebCore::HTMLTreeBuilder::processEndTagForInBody): (WebCore::HTMLTreeBuilder::processEndTagForInTable): (WebCore::HTMLTreeBuilder::processEndTag): (WebCore::HTMLTreeBuilder::processComment): (WebCore::HTMLTreeBuilder::processCharacter): (WebCore::HTMLTreeBuilder::defaultForBeforeHTML): (WebCore::HTMLTreeBuilder::defaultForBeforeHead): (WebCore::HTMLTreeBuilder::defaultForInHead): (WebCore::HTMLTreeBuilder::defaultForInHeadNoscript): (WebCore::HTMLTreeBuilder::defaultForAfterHead): (WebCore::HTMLTreeBuilder::processStartTagForInHead): (WebCore::HTMLTreeBuilder::processGenericRCDATAStartTag): (WebCore::HTMLTreeBuilder::processGenericRawTextStartTag): (WebCore::HTMLTreeBuilder::processScriptStartTag): (WebCore::HTMLTreeBuilder::shouldProcessTokenInForeignContent): (WebCore::HTMLTreeBuilder::processTokenInForeignContent): * html/parser/HTMLViewSourceParser.cpp: (WebCore::HTMLViewSourceParser::updateTokenizerState): * html/parser/TextDocumentParser.cpp: (WebCore::TextDocumentParser::insertFakePreElement): * html/parser/XSSAuditor.cpp: (WebCore::XSSAuditor::filterToken): (WebCore::XSSAuditor::filterScriptToken): (WebCore::XSSAuditor::filterObjectToken): (WebCore::XSSAuditor::filterParamToken): (WebCore::XSSAuditor::filterEmbedToken): (WebCore::XSSAuditor::filterAppletToken): (WebCore::XSSAuditor::filterIframeToken): (WebCore::XSSAuditor::filterMetaToken): (WebCore::XSSAuditor::filterBaseToken): (WebCore::XSSAuditor::filterFormToken): 2013-02-12 Pablo Flouret Handle error recovery in @supports https://bugs.webkit.org/show_bug.cgi?id=103934 Reviewed by Antti Koivisto. Tests 021, 024, 031, and 033 in http://hg.csswg.org/test/file/5f94e4b03ed9/contributors/opera/submitted/css3-conditional fail because there's no explicit error recovery in @support's grammar. Opera and Firefox pass the tests. No new tests, modified css3/supports{,-cssom}.html * css/CSSGrammar.y.in: * css/CSSParser.cpp: (WebCore::CSSParser::createSupportsRule): (WebCore::CSSParser::markSupportsRuleHeaderEnd): (WebCore::CSSParser::popSupportsRuleData): * css/CSSParser.h: 2013-02-12 Eric Carlson [Mac] guard against NULL languages array https://bugs.webkit.org/show_bug.cgi?id=109595 Reviewed by Dean Jackson. No new tests, existing tests won't crash if this is correct. * page/CaptionUserPreferencesMac.mm: (WebCore::CaptionUserPreferencesMac::preferredLanguages): 2013-02-12 Emil A Eklund TransformState::move should not round offset to int https://bugs.webkit.org/show_bug.cgi?id=108266 Reviewed by Simon Fraser. Currently TransformState::move rounds the offset to the nearest integer values, this results in operations using TransformState to compute a position to misreport the location, specifically Element:getBoundingClientRect and repaint rects. Sizes are handled correctly and do not have the same problem. Tests: fast/sub-pixel/boundingclientrect-subpixel-margin.html fast/sub-pixel/clip-rect-box-consistent-rounding.html * page/FrameView.cpp: (WebCore::FrameView::convertFromRenderer): Change to use pixel snapping instead of enclosing box. All other code paths use pixelSnappedIntRect to align the rects to device pixels however this used enclosingIntRect (indirectly through the FloatQuad::enclosingBoundingBox call). Without the rounding in TransformState this causes repaint rects for elements on subpixel bounds to be too large by up to one pixel on each axis. For normal repaints this isn't really a problem but in scrollContentsSlowPath it can result in moving too large a rect. * platform/graphics/transforms/TransformState.cpp: (WebCore::TransformState::translateTransform): (WebCore::TransformState::translateMappedCoordinates): Change to take a LayoutSize instead of an IntSize. (WebCore::TransformState::move): (WebCore::TransformState::applyAccumulatedOffset): * platform/graphics/transforms/TransformState.h: Remove rounding logic and use original, more precise, value. * rendering/RenderGeometryMap.cpp: (WebCore::RenderGeometryMap::mapToContainer): Remove rounding logic and use original, more precise, value. 2013-02-12 Jessie Berlin Rollout r142618, it broke all the Mac builds. * inspector/HeapGraphSerializer.cpp: (WebCore::HeapGraphSerializer::HeapGraphSerializer): (WebCore::HeapGraphSerializer::pushUpdate): (WebCore::HeapGraphSerializer::reportNode): (WebCore::HeapGraphSerializer::toNodeId): (WebCore::HeapGraphSerializer::addRootNode): * inspector/HeapGraphSerializer.h: (WebCore): (HeapGraphSerializer): * inspector/InspectorMemoryAgent.cpp: (WebCore::InspectorMemoryAgent::getProcessMemoryDistributionImpl): 2013-02-12 Rafael Weinstein [HTMLTemplateElement]