[WebKit.git] / Source / WebCore / ChangeLog

2011-02-03  Dirk Pranke  <dpranke@chromium.org>

        Unreviewed, rolling out r77562.
        http://trac.webkit.org/changeset/77562
        https://bugs.webkit.org/show_bug.cgi?id=53630

        broke chromium mac build

        * WebCore.gyp/WebCore.gyp:
        * WebCore.gyp/mac/check_objc_rename.sh: Removed.

2011-02-03  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        XSS Auditor severely affects loading performance after submitting a large form
        https://bugs.webkit.org/show_bug.cgi?id=49845

        Switch over from the XSSAuditor to the XSSFilter, improving performance
        on this example.

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterToken):
        * page/XSSAuditor.cpp:
        (WebCore::XSSAuditor::isEnabled):

2011-02-03  Dirk Pranke  <dpranke@chromium.org>

        Unreviewed, rolling out r77567.
        http://trac.webkit.org/changeset/77567
        https://bugs.webkit.org/show_bug.cgi?id=53468

        broke chromium linux svg, canvas tests, possibly win also?

        * platform/graphics/skia/ImageBufferSkia.cpp:
        (WebCore::getImageData):
        (WebCore::ImageBuffer::getUnmultipliedImageData):
        (WebCore::ImageBuffer::getPremultipliedImageData):
        (WebCore::putImageData):
        (WebCore::ImageBuffer::putUnmultipliedImageData):
        (WebCore::ImageBuffer::putPremultipliedImageData):

2011-02-02  MORITA Hajime  <morrita@google.com>

        Reviewed by Dimitri Glazkov.

        Refactoring: <progress> should not use ShadowElement
        https://bugs.webkit.org/show_bug.cgi?id=53583

        - Introduced RenderIndicatorPart and RenderProgressBarValuePart
          to be responsible for bar-part layout,
          which adopted layout logic from ShadowBlockElement.
        - ProgressBarValueElement is no longer a subclass of ShadowBlockElement.
        - Remove dependency from RenderProgress to HTMLProgressElement and
          ShadowBlockElement.
        - The shadow tree is no longer removed on detach(). It becomes persistent.
          This is now possible because the ShadowBlockElement dependency is gone.
        - ::-webkit-appearance for -webkit-progress-bar-value is no longer referred.
          That didn't make sense.

        * html/HTMLProgressElement.cpp:
        (WebCore::HTMLProgressElement::createShadowSubtreeIfNeeded):
        * html/HTMLProgressElement.h:
        * html/shadow/ProgressBarValueElement.h: Added.
        (WebCore::ProgressBarValueElement::ProgressBarValueElement):
        (WebCore::ProgressBarValueElement::shadowPseudoId):
        (WebCore::ProgressBarValueElement::createRenderer):
        (WebCore::ProgressBarValueElement::create):
        * rendering/RenderIndicator.cpp:
        (WebCore::RenderIndicatorPart::RenderIndicatorPart):
        (WebCore::RenderIndicatorPart::~RenderIndicatorPart):
        (WebCore::RenderIndicatorPart::layout):
        (WebCore::RenderIndicatorPart::styleDidChange):
        * rendering/RenderIndicator.h: Added RenderIndicatorPart class
        (WebCore::RenderIndicatorPart::originalVisibility):
        (WebCore::RenderIndicatorPart::requiresForcedStyleRecalcPropagation):
        (WebCore::RenderIndicatorPart::canHaveChildren):
        * rendering/RenderProgress.cpp:
        (WebCore::RenderProgressBarValuePart::preferredFrameRect):
        (WebCore::RenderProgressBarValuePart::shouldBeHidden):
        (WebCore::RenderProgress::updateFromElement):
        (WebCore::RenderProgress::layoutParts):
        (WebCore::RenderProgress::shouldHaveParts):
        * rendering/RenderProgress.h:
        (WebCore::RenderProgressBarValuePart::RenderProgressBarValuePart):

2011-02-03  Jia Pu  <jpu@apple.com>

        Reversion should not be marked as misspelled.
        https://bugs.webkit.org/show_bug.cgi?id=53255

        This patch includes fix for reported bug, and also some housekeeping changes.

        To implement desired behavior, we need:
        1. Add a new marker type, SpellCheckingExemption, since now we distingusish between text
           that shouldn't be spellchecked and text shouldn't be autocorrected.
        2. Make sure that there is no pending correction panel when we enter markAllMisspellingsAndBadGrammarInRanges().
           Otherwise the spell checking code in that function may interfere with autocorrection. This
           is achieved by explicitly applying pending correction when user types space, line break or
           paragraph break.

        Housekeeping code changes include:
        1. Change manual-tests that were broken by relocated WebCore directory.
        2. Use TextIterator in various DocumentMarkerController functions instead of using
           Node::traverseNextNode() directly.
        3. Allow passing multiple marker types into DocumentMarkerController::removeMarkers() and
           DocumentMarkerController::hasMarkers() to improve clarity and efficiency.
        4. Fixes of minor bugs that were exposed previously.

        * WebCore.exp.in: Change signature of DocumentMarkerController::removeMarkers().

        * dom/DocumentMarker.h: Added new marker type SpellCheckingExemption.

        * dom/DocumentMarkerController.cpp:
        (WebCore::DocumentMarkerController::removeMarkers): Use TextIterator to scan the range to be
           consistent with addMarker() function. Allow passing in multiple marker types in one call.
           Added a boolean argument to specify the behavior when removing markers that partially
           overlap the specified range.
        (WebCore::DocumentMarkerController::removeMarkersFromMarkerMapVectorPair): Allow passing in
           multiple marker types in one call.
        (WebCore::DocumentMarkerController::hasMarkers): Use TextIterator to scan the range to be
           consistent with addMarker() function. Allow passing in multiple marker types in one call.

        * dom/DocumentMarkerController.h: Allow passing in multiple marker types to removeMarkers()
           and hasMarkers(). Added a boolean argument to removeMarkers() to specify the behavior when
           removing markers that partially overlap the specified range.

        * editing/Editor.cpp:
        (WebCore::markerTypesForAutocorrection): Add SpellCheckingExemption marker when apply correction.
        (WebCore::markerTypesForReplacement): Ditto.
        (WebCore::Editor::respondToChangedSelection): Reordered call to dismissCorrectionPanel() and
           setSelection() to make sure there is no pending correction when entering
           markAllMisspellingsAndBadGrammarInRanges().
        (WebCore::Editor::appliedEditing): Only remove CorrectionIndicator markers when the command
           is a top level command to improve efficiency.
        (WebCore::Editor::insertTextWithoutSendingTextEvent): Added code to applying pending correction.
        (WebCore::Editor::insertLineBreak): Ditto.
        (WebCore::Editor::insertParagraphSeparator): Ditto.
        (WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges): Don't mark mispelling if the
           text carries SpellCheckingExemption marker.
        (WebCore::Editor::correctionPanelTimerFired): Reset correction panel if the returned suggestion
           from spellchecker is an empty string.
        (WebCore::Editor::removeSpellAndCorrectionMarkersFromWordsToBeEdited):
           Use new DocumentMarkerController::removeMarkers() to replace custom implemenation to improve
           efficiency and readability.
        (WebCore::Editor::applyCorrectionPanelInfo): Remove the code that set caret position after
           applying correction, since it's unnecessary. Also, store pre-correction string together with
           the marker for reversion panel to use.
        (WebCore::Editor::applyAutocorrectionBeforeTypingIfAppropriate): Apply pending correction.
        (WebCore::Editor::changeSelectionAfterCommand): Moved marker removal code to Editor::appliedEditing()
           where we have access to EditCommand object.

        * editing/Editor.h: Added new function applyAutocorrectionAfterTypingIfAppropriate().

        * manual-tests/autocorrection/autocorrection-cancelled-by-ESC.html: Change manual-tests that
           were broken by relocated WebCore directory.

        * manual-tests/autocorrection/autocorrection-cancelled-by-typing-1.html: Ditto.

        * manual-tests/autocorrection/autocorrection-contraction.html: Ditto.

        * manual-tests/autocorrection/continue-typing-to-dismiss-reversion.html: Ditto.

        * manual-tests/autocorrection/delete-to-dismiss-reversion.html: Ditto.

        * manual-tests/autocorrection/delete-to-end-of-word-to-show-reversion.html: Ditto.

        * manual-tests/autocorrection/dismiss-multiple-guesses.html: Ditto.

        * manual-tests/autocorrection/move-to-end-of-word-to-show-reversion.html: Ditto.

        * manual-tests/autocorrection/select-from-multiple-guesses.html: Ditto.

        * manual-tests/autocorrection/spell-checking-after-reversion.html: Added.

        * manual-tests/autocorrection/type-whitespace-to-dismiss-reversion.html: Change manual-tests that
           were broken by relocated WebCore directory.

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paintDocumentMarkers): Code clean-up to be more concise.

2011-02-03  Abhishek Arya  <inferno@chromium.org>

        Unreviewed, qt build fix.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::removeFloatingObject):

2011-02-03  Brian Salomon  <bsalomon@google.com>

        Reviewed by James Robinson.

        Handle non-raster backed images in getUnmultipliedImageData()
        https://bugs.webkit.org/show_bug.cgi?id=53468

        No new tests. Existing canvas tests sufficient
        LayoutTests/canvas/philip/...

        * platform/graphics/skia/ImageBufferSkia.cpp:
        (WebCore::getImageData):
        (WebCore::ImageBuffer::getUnmultipliedImageData):
        (WebCore::ImageBuffer::getPremultipliedImageData):
        (WebCore::putImageData):
        (WebCore::ImageBuffer::putUnmultipliedImageData):
        (WebCore::ImageBuffer::putPremultipliedImageData):

2011-02-03  Abhishek Arya  <inferno@chromium.org>

        Reviewed by James Robinson.

        Enforce more limits on root inline boxes height calculations.
        https://bugs.webkit.org/show_bug.cgi?id=53729

        Test: fast/overflow/overflow-height-float-not-removed-crash.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::removeFloatingObject): prevent logicalBottom to
        become negative when logicalTop is INT_MAX.
        (WebCore::RenderBlock::markLinesDirtyInBlockRange): when logicalBottom
        is INT_MAX, we should dirty everything. So, we bail out to make
        afterLowest equal to the lastRootBox() or lowestDirstLine.

2011-02-03  David Levin  <levin@chromium.org>

        Reviewed by Adam Barth and Oliver Hunt.

        Worker.importScript() should clean errors for cross origin imports.
        https://bugs.webkit.org/show_bug.cgi?id=52871

        Test: http/tests/workers/worker-importScriptsOnError.html

        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::evaluate): Use sanitizeScriptError
        to determine when to create a clean exception.
        * bindings/v8/WorkerContextExecutionProxy.cpp:
        (WebCore::WorkerContextExecutionProxy::evaluate): Ditto.
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::sanitizeScriptError): Figure out
        if the error needs to be cleaned up.
        (WebCore::ScriptExecutionContext::dispatchErrorEvent): Extracted
        sanitizeScriptError for use by other places.
        * dom/ScriptExecutionContext.h:
        * workers/WorkerContext.cpp:
        (WebCore::WorkerContext::importScripts): Use the reponse url when
        telling the evaluate where the script came fro.
        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::responseURL): Expose the url that
        the script was loaded from (which may be different from url() due
        to redirects).
        (WebCore::WorkerScriptLoader::didReceiveResponse): Capture the reponse url.
        * workers/WorkerScriptLoader.h:

2011-02-03  Mark Mentovai  <mark@chromium.org>

        Reviewed by Dimitri Glazkov.

        Chromium GYP build fix.

        When various settings were moved to webcore_prerequisites in r66364,
        things that should have been direct_dependent_settings were not marked
        as such. GYP 'defines', for example, make no sense on a 'none'-type
        target such as webcore_prerequisites. It appears that it was intended
        for these settings to be pushed to direct dependents, which would make
        direct_dependent_settings correct.

        Losing the ChromiumWebCoreObjC defines on the Mac, for example, caused
        http://crbug.com/71537, which at best causes Mac console log spew, and
        at worst may result in Chromium's copy of WebCore using system
        definitions of certain Objective-C classes at runtime, or vice-versa.

        The build now includes a postbuild step to prevent
        http://crbug.com/71537 from regressing again. The build will fail upon
        regression.

        https://bugs.webkit.org/show_bug.cgi?id=53630

        * WebCore.gyp/WebCore.gyp: Move things in webcore_prerequisites into
          direct_dependent_settings as needed, add the check_objc_rename
          postbuild step.
        * WebCore.gyp/mac/check_objc_rename.sh: Added.

2011-02-03  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Make XSSFilter go fast by adding a SuffixTree
        https://bugs.webkit.org/show_bug.cgi?id=53665

        The SuffixTree lets us quickly reject snippets if the POST data is
        large (because we can avoid a linear scan over the POST data).

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::init):
        (WebCore::XSSFilter::isContainedInRequest):
        * html/parser/XSSFilter.h:

2011-02-03  Mihai Parparita  <mihaip@chromium.org>

        Reviewed by Alexey Proskuryakov.

        REGRESSION (r77355): Page cache layout tests crash
        https://bugs.webkit.org/show_bug.cgi?id=53648

        Test: fast/events/pagehide-timeout.html
        
        Suspend active DOM objects after all pagehide event handlers have run,
        otherwise it's possible for them to create more objects that weren't
        getting suspended.

        * history/CachedFrame.cpp:
        (WebCore::CachedFrame::CachedFrame):

2011-02-03  Jeremy Orlow  <jorlow@chromium.org>

        Reviewed by Nate Chapin.

        SerializedScriptValue should not require v8 to create undefined and null values
        https://bugs.webkit.org/show_bug.cgi?id=53730

        Instead of creating a v8 type and passing that into the constructor, just use
        the writer class directly. While I was at it, I cleaned up the code a bit too
        by getting rid of the WireData/StringValue enum as I found that personally
        confusing.

        This is necessary because these methods are called by IndexedDB in the browser
        process where v8 is not spun up.

        No functionality changed and not possible to test.

        * bindings/v8/SerializedScriptValue.cpp:
        (WebCore::SerializedScriptValue::createFromWire):
        (WebCore::SerializedScriptValue::create):
        (WebCore::SerializedScriptValue::nullValue):
        (WebCore::SerializedScriptValue::undefinedValue):
        (WebCore::SerializedScriptValue::release):
        (WebCore::SerializedScriptValue::SerializedScriptValue):
        * bindings/v8/SerializedScriptValue.h:

2011-02-03  Beth Dakin  <bdakin@apple.com>

        Reviewed by Sam Weinig.

        Fix for <rdar://problem/8944544> Ability to animate track
        for WKPainter scrollers

        Two new WebKitSystemInterface functions.
        * WebCore.exp.in:
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:

        Use Scrollbar::convertFromContainingView() to return the right point.
        * platform/mac/ScrollAnimatorMac.mm:
        (-[ScrollbarPainterControllerDelegate scrollerImpPair:convertContentPoint:toScrollerImp:]):
        
        ScrollKnobAnimation is now ScrollbarPartAnimation. It can
        now be used to animate the knob or the track.
        (-[ScrollbarPartAnimation initWithScrollbarPainter:part:WebCore::scrollAnimator:WebCore::animateAlphaTo:duration:]):
        (-[ScrollbarPartAnimation setCurrentProgress:]):
        (-[ScrollbarPainterDelegate setUpAnimation:scrollerPainter:part:WebCore::animateAlphaTo:duration:]):
        (-[ScrollbarPainterDelegate scrollerImp:animateKnobAlphaTo:duration:]):
        (-[ScrollbarPainterDelegate scrollerImp:animateTrackAlphaTo:duration:]):

        Scrollbars need invalodating after the overlay state changes. 
        (-[ScrollbarPainterDelegate scrollerImp:overlayScrollerStateChangedTo:]):

2011-02-03  Sam Weinig  <sam@webkit.org>

        Reviewed by Beth Dakin.

        Scroll thumb jumps to top when resizing horizontally.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::updateScrollbars): Add call to update
        the scrollbar's offset in the case where we may have created
        a new scrollbar but have not changed the current position.

2011-02-03  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Dirk Schulze.

        startAnimations should use a local, RefCounted Vector.
        https://bugs.webkit.org/show_bug.cgi?id=53458

        Test: svg/custom/use-animation-in-fill.html

        * svg/SVGDocumentExtensions.cpp:
        (WebCore::SVGDocumentExtensions::startAnimations):

2011-02-03  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        XSSFilter shouldn't bother to analyze pages without "injection"
        characters in the request
        https://bugs.webkit.org/show_bug.cgi?id=53664

        If the request lacks these "injection" characters, then it's unlikely
        that there's a reflective XSS attack happening.  This hueristic lets us
        avoid analyzing the vast majority of responses for XSS.  Of course, the
        hueristic isn't perfect.  Because of this huerstic, we miss out on
        injections into unquoted attributes.  However, it's a trade-off that's
        worked well in the XSSAuditor.

        * html/parser/XSSFilter.cpp:
        (WebCore::HTMLNames::isRequiredForInjection):
        (WebCore::XSSFilter::XSSFilter):
        (WebCore::XSSFilter::init):
        (WebCore::XSSFilter::filterToken):
        (WebCore::XSSFilter::isContainedInRequest):
        * html/parser/XSSFilter.h:

2011-02-03  Vangelis Kokkevis  <vangelis@chromium.org>

        Reviewed by Kenneth Russell.

        [chromium] Fixing a compositor crash occurring on layers
        without an associated RenderSurface.
        https://bugs.webkit.org/show_bug.cgi?id=53679
        Regression was introduced by in r77425 

        Test: http://webkit.org/blog/386/3d-transforms/ doesn't crash
        anymore.

        * platform/graphics/chromium/LayerRendererChromium.cpp:
        (WebCore::LayerRendererChromium::drawLayer):

2011-02-03  Dan Bernstein  <mitz@apple.com>

        Reviewed by Anders Carlsson.

        <rdar://problem/8948788> Text emphasis marks have wrong orientation for vertical text
        https://bugs.webkit.org/show_bug.cgi?id=53709

        Covered by rendering of fast/text/emphasis-vertical.html

        * platform/graphics/mac/SimpleFontDataMac.mm:
        (WebCore::SimpleFontData::scaledFontData): Give the scaled font the same orientation this font
        has.

2011-02-02  Levi Weintraub  <leviw@chromium.org>

        Reviewed by Ryosuke Niwa.

        Moving cursor down in table cycles at the end of a row
        https://bugs.webkit.org/show_bug.cgi?id=50012

        Avoids a caret cycling issue with certain content (e.g. tables) found at the very
        end of a document due to a bug in nextLeafWithSameEditability.

        Test: editing/selection/move-by-line-cycles-in-table.html

        * editing/visible_units.cpp:
        (WebCore::nextLeafWithSameEditability): Properly avoid descending back into the
        original leaf node.

2011-02-03  Pavel Podivilov  <podivilov@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: remove dead code related to changes panel.
        https://bugs.webkit.org/show_bug.cgi?id=53688

        * WebCore.gypi:
        * WebCore.vcproj/WebCore.vcproj:
        * inspector/front-end/ChangesView.js: Removed.
        * inspector/front-end/WebKit.qrc:
        * inspector/front-end/inspector.css:
        (#error-warning-count):
        (#error-warning-count:hover):
        (#error-count + #warning-count):
        * inspector/front-end/inspector.html:
        * inspector/front-end/inspector.js:

2011-02-02  Sam Weinig  <sam@webkit.org>

        Reviewed by Anders Carlsson.

        Add notification of the end of a rubber band.
        <rdar://problem/8940648>

        * WebCore.exp.in:
        Add additional exprots.

        * page/ChromeClient.h:
        (WebCore::ChromeClient::didCompleteRubberBandForMainFrame):
        * page/FrameView.cpp:
        (WebCore::FrameView::didCompleteRubberBand):
        * page/FrameView.h:
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::didCompleteRubberBand):
        * platform/ScrollView.h:
        Add hook.

        * platform/ScrollableArea.h:
        (WebCore::ScrollableArea::inLiveResize):
        (WebCore::ScrollableArea::maximumScrollPosition):
        (WebCore::ScrollableArea::visibleWidth):
        (WebCore::ScrollableArea::overhangAmount):
        (WebCore::ScrollableArea::didCompleteRubberBand):
        Reorganize and de-virtualize live resize notifications.

        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::ScrollAnimatorMac::snapRubberBandTimerFired):
        Call the new hook when the rubberband ends.

2011-02-02  Evan Martin  <evan@chromium.org>

        Reviewed by Tony Chang.

        [chromium] complex joining characters positioned in wrong place
        https://bugs.webkit.org/show_bug.cgi?id=53637

        Provide the correct font metrics to Harfbuzz related to the font design space.
        There are used in some fonts for GPOS positioning.

        Test: platform/chromium-linux/fast/text/international/complex-joining-using-gpos.html

        * platform/graphics/chromium/ComplexTextControllerLinux.cpp:
        (WebCore::ComplexTextController::setupFontForScriptRun):
        (WebCore::ComplexTextController::allocHarfbuzzFont):
        * platform/graphics/chromium/FontPlatformDataLinux.cpp:
        (WebCore::FontPlatformData::FontPlatformData):
        (WebCore::FontPlatformData::emSizeInFontUnits):
        (WebCore::FontPlatformData::operator=):
        * platform/graphics/chromium/FontPlatformDataLinux.h:
        (WebCore::FontPlatformData::FontPlatformData):

2011-02-02  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by Kent Tamura.

        REGRESSION(r76147): Slider thumb position is not updated when value attribute is changed.
        https://bugs.webkit.org/show_bug.cgi?id=53634

        Test: fast/dom/HTMLInputElement/input-slider-update.html

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::setValue): Added a call to InputType::valueChanged.
        * html/InputType.cpp:
        (WebCore::InputType::valueChanged): Added empty implementation.
        * html/InputType.h: Added def.
        * html/RangeInputType.cpp:
        (WebCore::RangeInputType::valueChanged): Added implementation that dirties layout
            bit on the thumb.
        * html/RangeInputType.h: Added def.

2011-02-02  Pavel Podivilov  <podivilov@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: do not share source frames between resources panel and scripts panel.
        https://bugs.webkit.org/show_bug.cgi?id=53584

        Currently, we show error messages only for resources. This change will allow showing error
        messages in source frame even when resource is not available (eval scripts, inlined scripts).

        * inspector/front-end/ConsoleView.js:
        (WebInspector.ConsoleView.prototype.addMessage):
        (WebInspector.ConsoleView.prototype.clearMessages):
        * inspector/front-end/ResourceView.js:
        (WebInspector.ResourceView.recreateResourceView):
        * inspector/front-end/ResourcesPanel.js:
        (WebInspector.FrameResourceTreeElement.prototype._setBubbleText):
        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel.prototype._scriptSourceChanged):
        (WebInspector.ScriptsPanel.prototype.addConsoleMessage):
        (WebInspector.ScriptsPanel.prototype.clearConsoleMessages):
        (WebInspector.ScriptsPanel.prototype.reset):
        (WebInspector.ScriptsPanel.prototype._sourceFrameForScriptOrResource):
        (WebInspector.ScriptsPanel.prototype._sourceFrameForResource):
        (WebInspector.ScriptsPanel.prototype._sourceFrameForScript):

2011-02-03  Simon Fraser  <simon.fraser@apple.com>

        Fix 32-bit builds.

        * platform/graphics/ShadowBlur.cpp:
        (WebCore::ShadowBlur::blurLayerImage):

2011-02-03  Mikhail Naganov  <mnaganov@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: Add reporting of JS heap size limit to 'console.memory'.
        https://bugs.webkit.org/show_bug.cgi?id=53592

        In JSC there is no limit, thus 'undefined' value is returned.
        For V8, the limit reported by the VM is returned.

        * Android.jscbindings.mk:
        * CMakeLists.txt:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSMemoryInfoCustom.cpp: Added.
        * bindings/js/ScriptGCEvent.cpp:
        (WebCore::ScriptGCEvent::getHeapSize):
        * bindings/js/ScriptGCEvent.h:
        * bindings/v8/ScriptGCEvent.cpp:
        (WebCore::ScriptGCEvent::getHeapSize):
        * bindings/v8/ScriptGCEvent.h:
        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::setHeapSizeStatistic):
        * page/MemoryInfo.cpp:
        (WebCore::MemoryInfo::MemoryInfo):
        * page/MemoryInfo.h:
        (WebCore::MemoryInfo::jsHeapSizeLimit):
        * page/MemoryInfo.idl:

2011-01-27  Philippe Normand  <pnormand@igalia.com>

        Reviewed by Martin Robinson.

        [GTK] LayoutTests/media/audio-mpeg4-supported.html fails
        https://bugs.webkit.org/show_bug.cgi?id=53125

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::mimeTypeCache): Add audio/x-m4a mimetype in the cache.

2011-02-03  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Sam Weinig.

        ShadowBlur radius for CSS shadows is slightly too big
        https://bugs.webkit.org/show_bug.cgi?id=53660
        
        If we follow SVG gaussian blur for CSS shadows, we can end up rendering
        shadows that extend further than the CSS "blur radius", which results
        in the shadows being truncated.
        
        Fix with a small fudge factor to reduce the kernel diameter slightly
        for CSS shadows.
        
        Also more closely follow the algorithm described in the SVG spec
        for computing the kernel size for different diameters, and clean up
        some variable naming relating to the shadow bounds.

        * platform/graphics/ShadowBlur.cpp:
        (WebCore::ShadowBlur::blurLayerImage):
        (WebCore::ShadowBlur::drawRectShadowWithTiling):

2011-02-01  Pavel Podivilov  <podivilov@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: introduce new api for managing JavaScript breakpoints.
        https://bugs.webkit.org/show_bug.cgi?id=53235

        Single protocol breakpoint (e.g. set by url) is mapped on zero or more VM breakpoints (set by sourceID).
        removeJavaScriptBreakpoint(breakpointId) removes breakpoint and all linked VM breakpoints.
        Since UI uses VM breakpoint location rather then protocol breakpoint location, all resolved breakpoints locations are passed to frontend.

        SourceFrame is now aware of whether breakpoint is resolved or not and may display it accordingly.
        JavaScriptBreakpointsSidebarPane filters out breakpoints set on nonexistent scripts to avoid UI cluttering.

        * bindings/js/ScriptDebugServer.cpp:
        (WebCore::ScriptDebugServer::setBreakpoint):
        (WebCore::ScriptDebugServer::removeBreakpoint):
        * bindings/js/ScriptDebugServer.h:
        * bindings/v8/DebuggerScript.js:
        ():
        * bindings/v8/ScriptDebugServer.cpp:
        (WebCore::ScriptDebugServer::setBreakpoint):
        * bindings/v8/ScriptDebugServer.h:
        * inspector/Inspector.idl:
        * inspector/InspectorAgent.cpp: clear breakpoints from inspector state when new frontend is created
        (WebCore::InspectorAgent::restoreInspectorStateFromCookie):
        (WebCore::InspectorAgent::populateScriptObjects):
        (WebCore::InspectorAgent::restoreDebugger):
        (WebCore::InspectorAgent::showAndEnableDebugger):
        (WebCore::InspectorAgent::enableDebugger):
        * inspector/InspectorAgent.h:
        * inspector/InspectorDebuggerAgent.cpp: manage relations between protocol breakpoints and VM breakpoints
        (WebCore::InspectorDebuggerAgent::InspectorDebuggerAgent):
        (WebCore::InspectorDebuggerAgent::inspectedURLChanged):
        (WebCore::InspectorDebuggerAgent::setJavaScriptBreakpoint):
        (WebCore::InspectorDebuggerAgent::setJavaScriptBreakpointBySourceId):
        (WebCore::InspectorDebuggerAgent::removeJavaScriptBreakpoint):
        (WebCore::InspectorDebuggerAgent::continueToLocation):
        (WebCore::InspectorDebuggerAgent::resolveBreakpoint):
        (WebCore::InspectorDebuggerAgent::getScriptSource):
        (WebCore::InspectorDebuggerAgent::didParseSource):
        (WebCore::InspectorDebuggerAgent::didPause):
        * inspector/InspectorDebuggerAgent.h:
        (WebCore::InspectorDebuggerAgent::Script::Script):
        * inspector/InspectorValues.cpp:
        (WebCore::InspectorValue::asNumber):
        (WebCore::InspectorBasicValue::asNumber):
        (WebCore::InspectorObject::remove):
        * inspector/InspectorValues.h:
        (WebCore::InspectorObject::getNumber):
        (WebCore::InspectorObject::find):
        * inspector/ScriptBreakpoint.h:
        (WebCore::ScriptBreakpoint::ScriptBreakpoint):
        * inspector/front-end/Breakpoint.js:
        (WebInspector.Breakpoint):
        (WebInspector.Breakpoint.prototype.addLocation):
        * inspector/front-end/BreakpointManager.js: remove all stuff related to JavaScript breakpoints from here
        (WebInspector.BreakpointManager):
        (WebInspector.BreakpointManager.prototype._projectChanged):
        (WebInspector.BreakpointManager.prototype._saveBreakpoints):
        (WebInspector.BreakpointManager.prototype._validateBreakpoints):
        * inspector/front-end/BreakpointsSidebarPane.js:
        (WebInspector.JavaScriptBreakpointsSidebarPane): filter breakpoints set on nonexistent scripts to avoid ui cluttering
        * inspector/front-end/DebuggerModel.js:
        (WebInspector.DebuggerModel): pull all JavaScript from localStorage and push them to fronted when debugger is enabled, save resolved breakpoints data
        * inspector/front-end/Script.js:
        (WebInspector.Script.prototype.sourceLine):
        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel.prototype._toggleDebugging):
        * inspector/front-end/Settings.js:
        (WebInspector.Settings):
        * inspector/front-end/SourceFrame.js: handle resolved and unresolved breakpoints differently
        * inspector/front-end/inspector.js:

2011-02-03  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Dirk Schulze.

        small text which is scaled to be large renders pixelated
        https://bugs.webkit.org/show_bug.cgi?id=12448

        SVG <text> with font-size smaller or equal to 1 does not paint correctly
        https://bugs.webkit.org/show_bug.cgi?id=14242

        misplaced text in SVG
        https://bugs.webkit.org/show_bug.cgi?id=17053

        Don't render very small (but zoomed) text inside SVG
        https://bugs.webkit.org/show_bug.cgi?id=19393

        Tiny fonts scaled up end up too large in Safari
        https://bugs.webkit.org/show_bug.cgi?id=20192

        Stretched SVG Text has awful glyph spacing 
        https://bugs.webkit.org/show_bug.cgi?id=21774

        REGRESSION (r72141?): svg/batik/text/smallFonts.svg failing on Leopard
        https://bugs.webkit.org/show_bug.cgi?id=49846

        [Gtk] Text height in zoomed SVG is 1px too high
        https://bugs.webkit.org/show_bug.cgi?id=50313

        SVG text smaller than 0.5px not displayed properly
        https://bugs.webkit.org/show_bug.cgi?id=50528

        When rendering text, we're selecting a font with a size, as specified in the markup.
        This can lead to problems, if the context, where the text is rendered upon, is scaled. If a parent
        element of the <text> defines a transform=".." or the outermost <svg> containing a viewBox the
        problem becomes apparent.

        Consider following two snippets, which should render exactly the same:
        <svg viewBox="0 0 100 100"><text x="25" y="50" font-size="25">test</text></svg>
        <svg viewBox="0 0 1 1"><text x="0.25" y="0.5" font-size="0.25">test</text></svg>

        When selecting a font size below 0.5, FontCacheMac would request a font with size 0,
        which AppKit turns into 12. This lead to huge text rendering, instead of small text on Mac.
        Other platforms have different problems (Qt simply scales the font, leading to pixelation etc.)

        To fix this in a cross-platform fashion, we now always compute the final font size on screen,
        remove any scaling from the context, draw the text using the scaled font size, then reapply
        the context scale. This makes the example snippets above render exactly the same and fixes
        numerous of bugs, present since years. As we're now heavily using floating-point font sizes
        internally, depending on the scale of the document, it's very important to use the new
        floating-point text metrics information (floatAscent/floatDescent/floatHeight) everywhere in SVG.

        Fixes existing tests: css3/zoom-coords.xhtml (cross-platform inconsistencies should be gone, mac now reports floatHeight values for SVG text height)
                              svg/hixie/text/003.html (no more pixelation)
                              svg/batik/text/smallFonts.svg (small fonts aren't rendered huge anymore on mac)
                              svg/hixie/viewbox/preserveAspectRatio/001.xml (bug 21774, no more awful spacing)
                              svg/zoom/page/zoom-zoom-coords.xhtml (cross-platform inconsistencies should be gone, inspired by bug 50313)

        Tests: svg/text/font-size-below-point-five-2.svg (reduction from bug 50528)
               svg/text/font-size-below-point-five.svg (reduction from bug 50528)
               svg/text/scaled-font.svg (reduction from bug 12448)
               svg/text/small-fonts-2.svg (reduction from bug 14242)
               svg/text/small-fonts-3.svg (reduction from bug 17053)
               svg/text/small-fonts-in-html5.html (reduction from bug 19393)
               svg/text/small-fonts.svg (reduction from bug 20192))

        * rendering/svg/RenderSVGInlineText.cpp: Cache 'float scalingFactor' & 'Font scaledFont', whenever the on-screen representation changes.
        * rendering/svg/RenderSVGInlineText.h:
        * rendering/svg/RenderSVGText.cpp: Update scalingFactor/scaledFont, if necessary.
        * rendering/svg/SVGInlineTextBox.cpp: Switch to new font rendering strategy. Always use scaledFont, and remove any context scale before drawing.
        * rendering/svg/SVGInlineTextBox.h:
        * rendering/svg/SVGTextLayoutEngineBaseline.cpp: Use floating-point metrics everywhere.
        * rendering/svg/SVGTextMetrics.cpp: Ditto.
        * rendering/svg/SVGTextMetrics.h: Ditto.
        * rendering/svg/SVGTextQuery.cpp: Ditto.
        * svg/SVGFont.cpp: Adjust stroke thickness, when drawing SVGFonts into a normalized context (no more scale).
        * svg/SVGTextContentElement.cpp: Make <text> elements always dependant on window size changes in combination with viewBox set.
        * svg/SVGTextPositioningElement.cpp: Remove now unnecessary code to determine wheter relative lengths are used as text attributes.
        * svg/SVGTextPositioningElement.h: 

2011-02-03  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: resources panel doesn't show frames after reload.
        https://bugs.webkit.org/show_bug.cgi?id=53430

        * inspector/front-end/ResourcesPanel.js:
        (WebInspector.ResourcesPanel.prototype.show):
        (WebInspector.ResourcesPanel.prototype.loadEventFired):
        (WebInspector.ResourcesPanel.prototype._initDefaultSelection):
        (WebInspector.ResourcesPanel.prototype.reset):
        (WebInspector.ResourcesPanel.prototype.clear):
        * inspector/front-end/inspector.js:
        (WebInspector.loadEventFired):

2011-02-01  Alexander Pavlov  <apavlov@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: Remove the *2 suffix from the CSS style-related protocol methods
        https://bugs.webkit.org/show_bug.cgi?id=53492

        * inspector/Inspector.idl:
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::getStylesForNode):
        (WebCore::InspectorCSSAgent::getInlineStyleForNode):
        (WebCore::InspectorCSSAgent::getComputedStyleForNode):
        (WebCore::InspectorCSSAgent::getAllStyles):
        (WebCore::InspectorCSSAgent::getStyleSheet):
        (WebCore::InspectorCSSAgent::getStyleSheetText):
        (WebCore::InspectorCSSAgent::setStyleSheetText):
        (WebCore::InspectorCSSAgent::setPropertyText):
        (WebCore::InspectorCSSAgent::toggleProperty):
        (WebCore::InspectorCSSAgent::setRuleSelector):
        (WebCore::InspectorCSSAgent::addRule):
        * inspector/InspectorCSSAgent.h:
        * inspector/front-end/AuditRules.js:
        (WebInspector.AuditRules.UnusedCssRule.prototype.doRun):
        * inspector/front-end/CSSStyleModel.js:
        (WebInspector.CSSStyleModel.prototype.getStylesAsync):
        (WebInspector.CSSStyleModel.prototype.getComputedStyleAsync):
        (WebInspector.CSSStyleModel.prototype.getInlineStyleAsync):
        (WebInspector.CSSStyleModel.prototype.setRuleSelector):
        (WebInspector.CSSStyleModel.prototype.addRule):
        (WebInspector.CSSStyleModel.prototype._styleSheetChanged):
        (WebInspector.CSSStyleModel.prototype._onRevert):
        (WebInspector.CSSStyleDeclaration.prototype.insertPropertyAt):
        (WebInspector.CSSProperty.prototype.setText):
        (WebInspector.CSSProperty.prototype.setDisabled):
        (WebInspector.CSSStyleSheet.createForId):
        (WebInspector.CSSStyleSheet.prototype.setText):

2011-02-03  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Teach XSSFilter about data URLs
        https://bugs.webkit.org/show_bug.cgi?id=53662

        The XSS filter doesn't really make sense for data URLs because
        everything in a "response" from a data URL was part of the request.

        Test: http/tests/security/xssAuditor/data-urls-work.html

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::init):
        (WebCore::XSSFilter::filterToken):

2011-02-02  Chris Evans  <cevans@chromium.org>

        Reviewed by Darin Fisher.

        window.find() can fail when switching case sensitivity
        https://bugs.webkit.org/show_bug.cgi?id=53654

        Reset the pattern to a safe one when done, to avoid usearch_reset()
        indirectly touching the old, stale text pointer.

        Test: fast/text/find-window.html

        * editing/TextIterator.cpp:
        (WebCore::SearchBuffer::~SearchBuffer): leave a safe pattern buffer when done.

2011-02-02  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Teach XSSFilter that <param> elements can contain URLs
        https://bugs.webkit.org/show_bug.cgi?id=53652

        When loading plugins for the <object> tag, we're "smart" enough to
        reach into the <param> elements and pull out the URL in some cases.
        This patch teaches the XSSFilter how to block injections into those
        sorts of param elements.

        Fixes:
            http/tests/security/xssAuditor/object-*

        * html/HTMLParamElement.cpp:
        (WebCore::HTMLParamElement::isURLParameter):
        (WebCore::HTMLParamElement::isURLAttribute):
        (WebCore::HTMLParamElement::addSubresourceAttributeURLs):
        * html/HTMLParamElement.h:
            - Add a helper function so that HTMLParamElement can share the
              ground truth for these names with the XSSFilter.
        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterTokenInitial):
        (WebCore::XSSFilter::filterParamToken):
        * html/parser/XSSFilter.h:

2011-02-02  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by David Levin.

        GCC compiler on ARM issues bogus warnings and fails to compile.
        https://bugs.webkit.org/show_bug.cgi?id=53620

        Despite warnings explicitly being disallowed (-Wno-uninitialized),
        gcc (Ubuntu 4.4.3-4ubuntu5) 4.4.3 throws up the warnings like:

        "error: 'colorTransparent.unstatic.4909' may be used uninitialized in this function"

        The fix is to add an extra condition, which somehow pacifies the compiler.

        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::createColor): Added workaround conditions.

2011-02-02  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Teach XSSFilter about X-XSS-Protection
        https://bugs.webkit.org/show_bug.cgi?id=53640

        This patch causes us to pass:
            http/tests/security/xssAuditor/full-block-*
            http/tests/security/xssAuditor/no-protection-script-tag.html

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::XSSFilter):
        (WebCore::XSSFilter::init):
        (WebCore::XSSFilter::filterToken):
        * html/parser/XSSFilter.h:

2011-02-02  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        When XSSFilter blocks JavaScript URLs, use a safe JavaScript URL
        instead of the empty string
        https://bugs.webkit.org/show_bug.cgi?id=53643

        In a URL context, the empty string completes to the URL of the current
        page, which causes these tests to go into an infinite loop.  Instead,
        we should use a "safe" JavaScript URL that does nothing.

        Fixes:
            http/tests/security/xssAuditor/javascript-link*

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::eraseDangerousAttributesIfInjected):

2011-02-02  Dan Bernstein  <mitz@apple.com>

        Reviewed by Sam Weinig.

        <rdar://problem/8380506> REGRESSION (r61921): RTL text in <b> tag doesn't display in WebKit under certain conditions
        https://bugs.webkit.org/show_bug.cgi?id=44942

        Test: fast/text/bidi-embedding-pop-and-push-same-2.html

        * platform/text/BidiResolver.h:
        (WebCore::::commitExplicitEmbedding): Changed to return a boolean indicating whether there was
        a change to embedding levels.
        (WebCore::::createBidiRunsForLine): If embedding levels did not change as a result of committing
        the explicit embedding sequence, then runs were not added, and we should continue normally.

2011-02-02  Sam Weinig  <sam@webkit.org>

        Reviewed by Dan Bernstein.

        Fix miscalculation of the overhang area used for painting. We were
        not correctly accounting for scrollbars resulting in an non-negative
        overhang even when we weren't over the edge.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::calculateOverhangAreasForPainting):

2011-02-02  Jeremy Orlow  <jorlow@chromium.org>

        Reviewed by Nate Chapin.

        IDBTransaction and IDBRequest can be deleted while ScriptExecutionContext is iterating....which is bad
        https://bugs.webkit.org/show_bug.cgi?id=52722

        The solution is to change ScriptExecutionContext's destructor to iterate over
        the list in a way that handles the mutations. This new method is destructive,
        but that's OK since the object is going away. I've also added a several asserts.

        There should be no behavior change.

        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::ScriptExecutionContext):
        (WebCore::ScriptExecutionContext::~ScriptExecutionContext):
        (WebCore::ScriptExecutionContext::canSuspendActiveDOMObjects):
        (WebCore::ScriptExecutionContext::suspendActiveDOMObjects):
        (WebCore::ScriptExecutionContext::resumeActiveDOMObjects):
        (WebCore::ScriptExecutionContext::stopActiveDOMObjects):
        (WebCore::ScriptExecutionContext::createdActiveDOMObject):
        (WebCore::ScriptExecutionContext::destroyedActiveDOMObject):
        * dom/ScriptExecutionContext.h:
        * storage/IDBTransaction.cpp:
        (WebCore::IDBTransaction::contextDestroyed):
        * storage/IDBTransaction.h:

2011-02-02  Mark Rowe  <mrowe@apple.com>

        Build fix.

        * WebCore.exp.in: Remove some bogus symbols from the .exp.in file.
        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::ScrollbarThemeMac::unregisterScrollbar): Look the object
        up in the HashMap rather than relying on a local variable that doesn't
        exist.

2011-02-02  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Teach XSSFilter about JavaScript URLs
        https://bugs.webkit.org/show_bug.cgi?id=53635

        This patch teaches the XSSFilter to check for JavaScript URLs in
        attribute values.  If this approach has too many false positives, we
        can restrict which attribute names we examine.

        Fixes these tests:
            http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL.html
            http/tests/security/xssAuditor/dom-write-location-javascript-URL.html
            http/tests/security/xssAuditor/iframe-javascript-url*

        * html/parser/XSSFilter.cpp:
        (WebCore::HTMLNames::containsJavaScriptURL):
        (WebCore::XSSFilter::filterTokenInitial):
        (WebCore::XSSFilter::eraseDangerousAttributesIfInjected):
        * html/parser/XSSFilter.h:

2011-02-02  Dan Bernstein  <mitz@apple.com>

        Reviewed by Sam Weinig, even though this is just a...

        ...build fix.

        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::ScrollAnimatorMac::~ScrollAnimatorMac):

2011-02-02  Mark Rowe  <mrowe@apple.com>

        Reviewed by Beth Dakin.

        <rdar://problem/8952012> Crash on launch inside scrollbar code.

        We need to ensure that we remove ourselves as the delegates of objects when we're going
        away as failing to do this can lead to crashes if the lifetime of the other objects
        is longer than ours.

        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::ScrollAnimatorMac::~ScrollAnimatorMac):
        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::ScrollbarThemeMac::unregisterScrollbar):

2011-02-02  Beth Dakin  <bdakin@apple.com>

        Build fix.

        * WebCore.exp.in:

2011-02-02  Patrick Gansterer  <paroga@webkit.org>

        Unreviewed WinCE build fix for r77397.

        * page/wince/FrameWinCE.cpp:
        (WebCore::computePageRectsForFrame):

2011-02-02  Patrick Gansterer  <paroga@webkit.org>

        Unreviewed WinCE build fix for r77398.

        * platform/graphics/wince/PlatformPathWinCE.cpp:
        (WebCore::containsPoint):
        (WebCore::inflateRectToContainPoint):
        (WebCore::PlatformPath::addRect):
        * platform/graphics/wince/SharedBitmap.cpp:
        (WebCore::SharedBitmap::drawPattern):
        * rendering/RenderThemeWinCE.cpp:
        (WebCore::RenderThemeWinCE::paintMenuListButton):
        (WebCore::RenderThemeWinCE::paintSearchFieldCancelButton):
        (WebCore::RenderThemeWinCE::paintSliderTrack):
        (WebCore::RenderThemeWinCE::paintMediaMuteButton):
        (WebCore::RenderThemeWinCE::paintMediaPlayButton):
        (WebCore::RenderThemeWinCE::paintMediaSeekBackButton):
        (WebCore::RenderThemeWinCE::paintMediaSeekForwardButton):

2011-02-02  Jian Li  <jianli@chromium.org>

        Reviewed by Kenneth Russell.

        [V8] Accessing DataView with index of -1 returns 0, doesn't throw
        https://bugs.webkit.org/show_bug.cgi?id=53559

        Added test cases to cover this in fast/canvas/webgl/data-view-test.html.

        * html/canvas/DataView.h:
        (WebCore::DataView::beyondRange):

2011-02-02  Sam Weinig  <sam@webkit.org>

        Reviewed by Beth Dakin.

        Add ChromeClient function to paint custom overhang areas.
        https://bugs.webkit.org/show_bug.cgi?id=53639

        * page/Chrome.cpp:
        (WebCore::ChromeClient::paintCustomOverhangArea):
        * page/ChromeClient.h:
        Add ChromeClient function.

        * page/FrameView.cpp:
        (WebCore::FrameView::paintOverhangAreas):
        * page/FrameView.h:
        Call out the the ChromeClient, call ScrollView base implementation
        if the ChromeClient returns false.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::paintOverhangAreas):
        * platform/ScrollView.h:
        Add dirty rect for use when painting overhang areas.

2011-02-02  Peter Kasting  <pkasting@google.com>

        Not reviewed, build fix.

        Fix compile after r77427.
        https://bugs.webkit.org/show_bug.cgi?id=53455

        * platform/graphics/qt/ImageDecoderQt.cpp:
        (WebCore::ImageDecoderQt::internalHandleCurrentImage):
        * platform/image-decoders/ImageDecoder.cpp:
        (WebCore::ImageFrame::operator=):
        * platform/image-decoders/bmp/BMPImageReader.cpp:
        (WebCore::BMPImageReader::decodeBMP):
        * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
        (WebCore::JPEGImageDecoder::outputScanlines):
        * platform/image-decoders/png/PNGImageDecoder.cpp:
        (WebCore::PNGImageDecoder::rowAvailable):
        * platform/image-decoders/webp/WEBPImageDecoder.cpp:
        (WebCore::WEBPImageDecoder::decode):

2011-02-02  Peter Kasting  <pkasting@google.com>

        Reviewed by David Levin.

        Clean up ImageDecoder's comments (remove/trim/clarify).
        https://bugs.webkit.org/show_bug.cgi?id=53455

        This also renames or eliminates a couple of functions for clarity, and
        switches a couple erroneous strncmp() calls to memcmp().

        * platform/image-decoders/ImageDecoder.cpp:
        (WebCore::ImageDecoder::create):
        (WebCore::ImageFrame::clearPixelData):
        (WebCore::ImageFrame::zeroFillPixelData):
        (WebCore::ImageFrame::setSize):
        * platform/image-decoders/ImageDecoder.h:
        (WebCore::ImageFrame::originalFrameRect):
        (WebCore::ImageFrame::setOriginalFrameRect):
        (WebCore::ImageDecoder::ImageDecoder):
        (WebCore::ImageDecoder::~ImageDecoder):
        (WebCore::ImageDecoder::isSizeAvailable):
        (WebCore::ImageDecoder::size):
        (WebCore::ImageDecoder::setIgnoreGammaAndColorProfile):
        (WebCore::ImageDecoder::clearFrameBufferCache):
        (WebCore::ImageDecoder::isOverSize):
        * platform/image-decoders/bmp/BMPImageReader.cpp:
        (WebCore::BMPImageReader::processNonRLEData):
        * platform/image-decoders/cg/ImageDecoderCG.cpp:
        (WebCore::ImageFrame::setSize):
        * platform/image-decoders/gif/GIFImageDecoder.cpp:
        (WebCore::GIFImageDecoder::clearFrameBufferCache):
        (WebCore::GIFImageDecoder::frameComplete):
        (WebCore::GIFImageDecoder::initFrameBuffer):
        * platform/image-decoders/jpeg/JPEGImageDecoder.h:
        * platform/image-decoders/qt/ImageFrameQt.cpp:
        (WebCore::ImageFrame::operator=):
        (WebCore::ImageFrame::clearPixelData):
        (WebCore::ImageFrame::zeroFillPixelData):
        (WebCore::ImageFrame::setSize):
        * platform/image-decoders/skia/ImageDecoderSkia.cpp:
        (WebCore::ImageFrame::operator=):
        (WebCore::ImageFrame::clearPixelData):
        (WebCore::ImageFrame::zeroFillPixelData):
        (WebCore::ImageFrame::setSize):
        * platform/image-decoders/webp/WEBPImageDecoder.h:

2011-02-02  Vangelis Kokkevis  <vangelis@chromium.org>

        [chromium] Adding support for reflections to the accelerated
        compositing path.
        https://bugs.webkit.org/show_bug.cgi?id=53179

        All layout tests in compositing/reflections generate correct
        results with the exception of:
        1. nested-reflection-anchor-point.html : There appears to be
           some issue with the layer transform math that I haven't been
           able to track down yet.
        2. reflection-opacity.html : The current implementation applies
           opacity before doing the reflection which makes this test
           produce incorrect results.  This will affect reflected layers
           with opacity that overlap their original layer.  FIXME comment
           added in the code.

        Tests: Covered by existing layout tests in compositing/reflections.
               Please see above for exceptions.

        * platform/graphics/chromium/GraphicsLayerChromium.cpp:
        (WebCore::GraphicsLayerChromium::setReplicatedByLayer):
        (WebCore::GraphicsLayerChromium::updateAnchorPoint):
        * platform/graphics/chromium/GraphicsLayerChromium.h:
        * platform/graphics/chromium/LayerChromium.cpp:
        (WebCore::LayerChromium::LayerChromium):
        * platform/graphics/chromium/LayerChromium.h:
        (WebCore::LayerChromium::setReplicaLayer):
        (WebCore::LayerChromium::replicaLayer):
        * platform/graphics/chromium/LayerRendererChromium.cpp:
        (WebCore::LayerRendererChromium::updateLayersRecursive):
        (WebCore::LayerRendererChromium::drawLayer):
        * platform/graphics/chromium/RenderSurfaceChromium.cpp:
        (WebCore::RenderSurfaceChromium::drawableContentRect):
        (WebCore::RenderSurfaceChromium::drawSurface):
        (WebCore::RenderSurfaceChromium::draw):
        * platform/graphics/chromium/RenderSurfaceChromium.h:
        (WebCore::RenderSurfaceChromium::drawTransform):

2011-02-02  Xiyuan Xia  <xiyuan@chromium.org>

        Reviewed by Tony Chang.

        [Chromium] Select popup with padding has white strip on right
        https://bugs.webkit.org/show_bug.cgi?id=53602

        No new tests as this change restores old behavior.

        * platform/chromium/PopupMenuChromium.cpp:
        (WebCore::PopupListBox::layout):

2011-02-02  Beth Dakin  <bdakin@apple.com>

        Reviewed by Mark Rowe.

        Fix for <rdar://problem/8950343> CrashTracer: [USER]
        1 crash in WebProcess at com.apple.WebCore: 
        WebCore::ScrollbarThemeMac::unregisterScrollbar + 22

        It is possible for a Scrollbar's ScrollableArea to be null,
        so we must null check.
        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::ScrollbarThemeMac::registerScrollbar):
        (WebCore::ScrollbarThemeMac::unregisterScrollbar):

2011-02-02  Zhenyao Mo  <zmo@google.com>

        Reviewed by Kenneth Russell.

        bufferData and bufferSubData should generate INVALID_VALUE with negative input
        https://bugs.webkit.org/show_bug.cgi?id=53626

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::bufferData):
        (WebCore::WebGLRenderingContext::bufferSubData):

2011-02-02  Jeff Miller  <jeffm@apple.com>

        Reviewed by Darin Adler and Steve Falkenburg.

        Add DerivedSources.make to some Visual Studio projects
        https://bugs.webkit.org/show_bug.cgi?id=53607

        * WebCore.vcproj/WebCoreGenerated.vcproj: Add DerivedSources.make.

2011-02-02  Cris Neckar  <cdn@chromium.org>

        Reviewed by James Robinson.

        Refcount domwindows when dispatching device orientation events.
        https://bugs.webkit.org/show_bug.cgi?id=53623

        Test: fast/events/device-orientation-crash.html

        * dom/DeviceMotionController.cpp:
        (WebCore::DeviceMotionController::timerFired):
        (WebCore::DeviceMotionController::didChangeDeviceMotion):
        * dom/DeviceMotionController.h:
        * dom/DeviceOrientationController.cpp:
        (WebCore::DeviceOrientationController::timerFired):
        (WebCore::DeviceOrientationController::didChangeDeviceOrientation):
        * dom/DeviceOrientationController.h:

2011-02-02  Zhenyao Mo  <zmo@google.com>

        Reviewed by Kenneth Russell.

        A deleted object should never been bound again
        https://bugs.webkit.org/show_bug.cgi?id=53604

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::checkObjectToBeBound): Helper function to bind* and useProgram.
        (WebCore::WebGLRenderingContext::bindBuffer): Use checkObjectToBeBound.
        (WebCore::WebGLRenderingContext::bindFramebuffer): Ditto.
        (WebCore::WebGLRenderingContext::bindRenderbuffer): Ditto.
        (WebCore::WebGLRenderingContext::bindTexture): Ditto, also check the target matching.
        (WebCore::WebGLRenderingContext::deleteObject): Helper funtion to delete*.
        (WebCore::WebGLRenderingContext::deleteBuffer): Use deleteObject.
        (WebCore::WebGLRenderingContext::deleteFramebuffer): Ditto.
        (WebCore::WebGLRenderingContext::deleteProgram): Ditto.
        (WebCore::WebGLRenderingContext::deleteRenderbuffer): Ditto.
        (WebCore::WebGLRenderingContext::deleteShader): Ditto.
        (WebCore::WebGLRenderingContext::deleteTexture): Ditto.
        (WebCore::WebGLRenderingContext::useProgram): Use checkObjectToBeBound.
        * html/canvas/WebGLRenderingContext.h:
        * html/canvas/WebGLTexture.h:
        (WebCore::WebGLTexture::getTarget): Accessor to cached target.

2011-02-02  Alejandro G. Castro  <alex@igalia.com>

        Unreviewed Efl buildfix after r77399.

        * CMakeListsEfl.txt:

2011-02-02  Kenneth Russell  <kbr@google.com>

        Reviewed by James Robinson.

        Rename Typed Array subset to subarray
        https://bugs.webkit.org/show_bug.cgi?id=53618

        * html/canvas/Float32Array.cpp:
        (WebCore::Float32Array::subarray):
        * html/canvas/Float32Array.h:
        * html/canvas/Float32Array.idl:
        * html/canvas/Int16Array.cpp:
        (WebCore::Int16Array::subarray):
        * html/canvas/Int16Array.h:
        * html/canvas/Int16Array.idl:
        * html/canvas/Int32Array.cpp:
        (WebCore::Int32Array::subarray):
        * html/canvas/Int32Array.h:
        * html/canvas/Int32Array.idl:
        * html/canvas/Int8Array.cpp:
        (WebCore::Int8Array::subarray):
        * html/canvas/Int8Array.h:
        * html/canvas/Int8Array.idl:
        * html/canvas/TypedArrayBase.h:
        (WebCore::TypedArrayBase::subarrayImpl):
        * html/canvas/Uint16Array.cpp:
        (WebCore::Uint16Array::subarray):
        * html/canvas/Uint16Array.h:
        * html/canvas/Uint16Array.idl:
        * html/canvas/Uint32Array.cpp:
        (WebCore::Uint32Array::subarray):
        * html/canvas/Uint32Array.h:
        * html/canvas/Uint32Array.idl:
        * html/canvas/Uint8Array.cpp:
        (WebCore::Uint8Array::subarray):
        * html/canvas/Uint8Array.h:
        * html/canvas/Uint8Array.idl:

2011-02-02  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Add an empty file for Content Security Policy
        https://bugs.webkit.org/show_bug.cgi?id=53573

        Posting this as a separate patch because editing the build files is so
        painful.

        * Android.mk:
        * CMakeLists.txt:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:

2011-02-02  Dan Winship  <danw@gnome.org>

        Reviewed by Martin Robinson.

        [GTK] remove old data: URI handler, fix the SoupRequest-based one
        to pass tests
        https://bugs.webkit.org/show_bug.cgi?id=50885

        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::sendRequestCallback): Do content-type sniffing here for
        non-HTTP requests.
        (WebCore::startHTTPRequest): Rename to match WebKit style.
        (WebCore::ResourceHandle::start): Pass everything except HTTP to
        startNonHTTPRequest, letting the SoupRequester decide whether it's
        supported or not.
        (WebCore::startNonHTTPRequest): Remove some old pre-SoupRequester
        code that was a no-op for file: URIs, but would break some data:
        URIs.

2011-02-02  Dimitri Glazkov  <dglazkov@chromium.org>

        Update even more references to right() and bottom() in Chromium. Sheesh.

        * platform/graphics/chromium/LayerRendererChromium.cpp:
        (WebCore::LayerRendererChromium::getFramebufferPixels): Replaced bottom/right with maxY/maxX.

2011-02-02  Alejandro G. Castro  <alex@igalia.com>

        Unreviewed Gtk3 buildfix after r77286.

        https://bugs.webkit.org/show_bug.cgi?id=53520
        Remove the physical terminology from IntRect and FloatRect.

        * platform/gtk/RenderThemeGtk3.cpp:
        (WebCore::RenderThemeGtk::paintMenuList):

2011-02-02  Anders Carlsson  <andersca@apple.com>

        Fix build.

        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::ScrollAnimatorMac::pinnedInDirection):

2011-02-02  David Hyatt  <hyatt@apple.com>

        Reviewed by Dan Bernstein.

        https://bugs.webkit.org/show_bug.cgi?id=53619

        Floats should not use physical terminology for their rects. Replace left/top with x/y and right/bottom
        with maxX/maxY.  This matches IntRect.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::addOverflowFromFloats):
        (WebCore::RenderBlock::flipFloatForWritingMode):
        (WebCore::RenderBlock::paintFloats):
        (WebCore::RenderBlock::selectionGaps):
        (WebCore::RenderBlock::addOverhangingFloats):
        (WebCore::RenderBlock::addIntrudingFloats):
        (WebCore::RenderBlock::hitTestFloats):
        (WebCore::RenderBlock::adjustForBorderFit):
        * rendering/RenderBlock.h:
        (WebCore::RenderBlock::FloatingObject::x):
        (WebCore::RenderBlock::FloatingObject::maxX):
        (WebCore::RenderBlock::FloatingObject::y):
        (WebCore::RenderBlock::FloatingObject::maxY):
        (WebCore::RenderBlock::FloatingObject::setX):
        (WebCore::RenderBlock::FloatingObject::setY):
        (WebCore::RenderBlock::logicalTopForFloat):
        (WebCore::RenderBlock::logicalBottomForFloat):
        (WebCore::RenderBlock::logicalLeftForFloat):
        (WebCore::RenderBlock::logicalRightForFloat):
        (WebCore::RenderBlock::setLogicalTopForFloat):
        (WebCore::RenderBlock::setLogicalLeftForFloat):
        (WebCore::RenderBlock::xPositionForFloatIncludingMargin):
        (WebCore::RenderBlock::yPositionForFloatIncludingMargin):

2011-02-02  Dimitri Glazkov  <dglazkov@chromium.org>

        Update more references to right() and bottom() in Chromium Win.

        * platform/graphics/chromium/TransparencyWin.cpp:
        (WebCore::TransparencyWin::compositeOpaqueComposite): Replaced bottom/right with maxY/maxX.
        (WebCore::TransparencyWin::compositeTextComposite): Ditto.
        * rendering/RenderThemeChromiumWin.cpp:
        (WebCore::RenderThemeChromiumWin::paintMenuList): Ditto.

2011-02-02  Adam Roben  <aroben@apple.com>

        Encode/decode FormData and FormDataElement objects consistently

        Fixes <http://webkit.org/b/53615> <rdar://problem/8943346> WebKit2: Restoring session state
        that contains form data fails (asserts in Debug build)

        To prevent this from interfering with WebKit2 testing, it's useful to get this into a build
        now, even though we don't have an automated test for it yet. Writing a test is covered by
        <http://webkit.org/b/53616>.

        Reviewed by Darin Adler.

        * history/HistoryItem.cpp: Bump the encoding version, since this patch changes how we encode
        FormData objects.

        * platform/network/FormData.cpp:
        (WebCore::decode): Decode the type from the Decoder, rather than getting it from the
        default-constructed FormDataElement. Failing to do this meant that all future uses of the
        Decoder would be reading from an unexpected part of the buffer (i.e., the next decode would
        start by reading the uint32_t that we forgot to decode here, and so on). We already had code
        to correctly set the FormDataElement's type based on this decoded type later in the
        function.
        (WebCore::FormData::encodeForBackForward): Encode m_identifier as an int64_t, since that
        matches its type and how we decode it.

2011-02-02  Dan Winship  <danw@gnome.org>

        Reviewed by Martin Robinson.

        [GTK] drop soup cache stuff, which has been moved to libsoup
        https://bugs.webkit.org/show_bug.cgi?id=50747

        Use libsoup-based cache/requester API and remove the WebCore version
        of this functionality. This has been pushed upstream fully.

        No new tests because this should not change functionality.

        * GNUmakefile.am: Update for removed files.
        * platform/network/ResourceHandleInternal.h:
        (WebCore::ResourceHandleInternal::ResourceHandleInternal): Update
        type names, drop m_requester.
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::ensureSessionIsInitialized): Add a SoupRequester to the
        session.
        (WebCore::parseDataUrl):
        (WebCore::startHttp): Get the requester from the session rather
        than using m_requester.
        (WebCore::sendRequestCallback):
        (WebCore::ResourceHandle::platformSetDefersLoading):
        (WebCore::readCallback):
        (WebCore::startGio): Update type names.
        * platform/network/soup/cache/soup-directory-input-stream.c: Removed.
        * platform/network/soup/cache/soup-directory-input-stream.h: Removed.
        * platform/network/soup/cache/soup-http-input-stream.c: Removed.
        * platform/network/soup/cache/soup-http-input-stream.h: Removed.
        * platform/network/soup/cache/soup-request-data.c: Removed.
        * platform/network/soup/cache/soup-request-data.h: Removed.
        * platform/network/soup/cache/soup-request-file.c: Removed.
        * platform/network/soup/cache/soup-request-file.h: Removed.
        * platform/network/soup/cache/soup-request-http.c: Removed.
        * platform/network/soup/cache/soup-request-http.h: Removed.
        * platform/network/soup/cache/soup-request.c: Removed.
        * platform/network/soup/cache/soup-request.h: Removed.
        * platform/network/soup/cache/soup-requester.c: Removed.
        * platform/network/soup/cache/soup-requester.h: Removed.
        * platform/network/soup/cache/webkit/soup-cache-private.h: Removed.
        * platform/network/soup/cache/webkit/soup-cache.c: Removed.
        * platform/network/soup/cache/webkit/soup-cache.h: Removed.

2011-02-02  David Hyatt  <hyatt@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=53520

        Remove physical accessors from IntRect and FloatRect.

        * page/FrameView.cpp:
        (WebCore::FrameView::adjustPageHeightDeprecated):
        * platform/graphics/FloatRect.h:
        * platform/graphics/IntRect.h:

2011-02-02  David Hyatt  <hyatt@apple.com>

        Reviewed by Dan Bernstein.

        https://bugs.webkit.org/show_bug.cgi?id=53614

        Remove physical terminology from overflow.  Replace with minX/maxX/minY/maxY.

        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::addBoxShadowVisualOverflow):
        (WebCore::InlineFlowBox::addTextBoxVisualOverflow):
        * rendering/InlineFlowBox.h:
        (WebCore::InlineFlowBox::minYLayoutOverflow):
        (WebCore::InlineFlowBox::maxYLayoutOverflow):
        (WebCore::InlineFlowBox::minXLayoutOverflow):
        (WebCore::InlineFlowBox::maxXLayoutOverflow):
        (WebCore::InlineFlowBox::logicalLeftLayoutOverflow):
        (WebCore::InlineFlowBox::logicalRightLayoutOverflow):
        (WebCore::InlineFlowBox::logicalTopLayoutOverflow):
        (WebCore::InlineFlowBox::logicalBottomLayoutOverflow):
        (WebCore::InlineFlowBox::minYVisualOverflow):
        (WebCore::InlineFlowBox::maxYVisualOverflow):
        (WebCore::InlineFlowBox::minXVisualOverflow):
        (WebCore::InlineFlowBox::maxXVisualOverflow):
        (WebCore::InlineFlowBox::logicalLeftVisualOverflow):
        (WebCore::InlineFlowBox::logicalRightVisualOverflow):
        (WebCore::InlineFlowBox::logicalminYVisualOverflow):
        (WebCore::InlineFlowBox::logicalmaxYVisualOverflow):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::adjustLinePositionForPagination):
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlock::beforeSideVisualOverflowForLine):
        (WebCore::RenderBlock::afterSideVisualOverflowForLine):
        (WebCore::RenderBlock::beforeSideLayoutOverflowForLine):
        (WebCore::RenderBlock::afterSideLayoutOverflowForLine):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::scrollWidth):
        (WebCore::RenderBox::scrollHeight):
        * rendering/RenderBox.h:
        (WebCore::RenderBox::minYLayoutOverflow):
        (WebCore::RenderBox::maxYLayoutOverflow):
        (WebCore::RenderBox::minXLayoutOverflow):
        (WebCore::RenderBox::maxXLayoutOverflow):
        (WebCore::RenderBox::logicalLeftLayoutOverflow):
        (WebCore::RenderBox::logicalRightLayoutOverflow):
        (WebCore::RenderBox::minYVisualOverflow):
        (WebCore::RenderBox::maxYVisualOverflow):
        (WebCore::RenderBox::minXVisualOverflow):
        (WebCore::RenderBox::maxXVisualOverflow):
        (WebCore::RenderBox::logicalLeftVisualOverflow):
        (WebCore::RenderBox::logicalRightVisualOverflow):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::linesVisualOverflowBoundingBox):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::ensureRootPlatformLayer):
        * rendering/RenderLineBoxList.cpp:
        (WebCore::RenderLineBoxList::anyLineIntersectsRect):
        (WebCore::RenderLineBoxList::lineIntersectsDirtyRect):
        (WebCore::RenderLineBoxList::paint):
        (WebCore::RenderLineBoxList::hitTest):
        * rendering/RenderMarquee.cpp:
        (WebCore::RenderMarquee::computePosition):
        * rendering/RenderOverflow.h:
        (WebCore::RenderOverflow::RenderOverflow):
        (WebCore::RenderOverflow::minYLayoutOverflow):
        (WebCore::RenderOverflow::maxYLayoutOverflow):
        (WebCore::RenderOverflow::minXLayoutOverflow):
        (WebCore::RenderOverflow::maxXLayoutOverflow):
        (WebCore::RenderOverflow::minYVisualOverflow):
        (WebCore::RenderOverflow::maxYVisualOverflow):
        (WebCore::RenderOverflow::minXVisualOverflow):
        (WebCore::RenderOverflow::maxXVisualOverflow):
        (WebCore::RenderOverflow::setminYVisualOverflow):
        (WebCore::RenderOverflow::visualOverflowRect):
        (WebCore::RenderOverflow::move):
        (WebCore::RenderOverflow::addVisualOverflow):
        (WebCore::RenderOverflow::setVisualOverflow):
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::shouldPaint):
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::layout):
        (WebCore::RenderTable::paint):
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::clippedOverflowRectForRepaint):
        * rendering/RenderTreeAsText.cpp:
        (WebCore::writeLayers):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::docTop):

2011-02-02  Steve Lacey  <sjl@chromium.org>

        Reviewed by Eric Carlson.

        Implement basic media statistics on media elements.
        https://bugs.webkit.org/show_bug.cgi?id=53322

        * Configurations/FeatureDefines.xcconfig:
        * GNUmakefile.am:
        * features.pri:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::webkitAudioBytesDecoded):
        (WebCore::HTMLMediaElement::webkitVideoBytesDecoded):
        * html/HTMLMediaElement.h:
        * html/HTMLMediaElement.idl:
        * html/HTMLVideoElement.cpp:
        (WebCore::HTMLVideoElement::webkitDecodedFrames):
        (WebCore::HTMLVideoElement::webkitDroppedFrames):
        * html/HTMLVideoElement.h:
        * html/HTMLVideoElement.idl:
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::decodedFrames):
        (WebCore::MediaPlayer::droppedFrames):
        (WebCore::MediaPlayer::audioBytesDecoded):
        (WebCore::MediaPlayer::videoBytesDecoded):
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::decodedFrames):
        (WebCore::MediaPlayerPrivateInterface::droppedFrames):
        (WebCore::MediaPlayerPrivateInterface::audioBytesDecoded):
        (WebCore::MediaPlayerPrivateInterface::videoBytesDecoded):

2011-02-02  Luiz Agostini  <luiz.agostini@openbossa.org>

        Reviewed by David Hyatt.

        More conversion from right()/bottom() to maxX()/maxY().

        * page/qt/FrameQt.cpp:
        (WebCore::Frame::dragImageForSelection):
        * platform/graphics/qt/GraphicsContextQt.cpp:
        (WebCore::GraphicsContext::roundToDevicePixels):

2011-02-02  Kevin Ollivier  <kevino@theolliviers.com>

        [wx] Build fixes for wxWebKit.

        * bindings/cpp/WebDOMHTMLDocumentCustom.cpp:
        (documentWrite):
        * bindings/scripts/CodeGeneratorCPP.pm:
        * page/wx/DragControllerWx.cpp:
        (WebCore::DragController::dragOperation):
        * platform/graphics/wx/FontCustomPlatformData.h:
        * platform/graphics/wx/FontPlatformData.h:
        (WebCore::FontPlatformData::widthVariant):
        * platform/graphics/wx/FontPlatformDataWx.cpp:
        (WebCore::FontPlatformData::computeHash):
        * platform/graphics/wx/FontWx.cpp:
        * platform/graphics/wx/GraphicsContextWx.cpp:
        (WebCore::GraphicsContext::fillPath):
        (WebCore::GraphicsContext::strokePath):
        * platform/wx/RenderThemeWx.cpp:

2011-02-02  David Hyatt  <hyatt@apple.com>

        Reviewed by Darin Adler.

        More right()/bottom() to maxX()/maxY() conversion.

        * page/chromium/FrameChromium.cpp:
        (WebCore::Frame::nodeImage):
        (WebCore::Frame::dragImageForSelection):

2011-02-02  Sam Weinig  <sam@webkit.org>

        Fix windows clean build.

        * DerivedSources.make:

2011-02-02  Mikhail Naganov  <mnaganov@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: [Chromium] Landing detailed heap snapshots, part 2.

        https://bugs.webkit.org/show_bug.cgi?id=53606

        Display progress while taking a snapshot, and hints while loading
        and parsing. This is needed because taking detailed heap snapshots
        takes time.

        * English.lproj/localizedStrings.js:
        * inspector/front-end/DetailedHeapshotView.js:
        (WebInspector.DetailedHeapshotProfileType.prototype.buttonClicked):
        * inspector/front-end/ProfilesPanel.js:
        (WebInspector.ProfilesPanel.prototype._reset):
        (WebInspector.ProfilesPanel.prototype._addProfileHeader):
        (WebInspector.ProfilesPanel.prototype.getProfiles):
        (WebInspector.ProfilesPanel.prototype.loadHeapSnapshot):
        (WebInspector.ProfilesPanel.prototype._finishHeapSnapshot.doParse):
        (WebInspector.ProfilesPanel.prototype._finishHeapSnapshot):
        (WebInspector.ProfilesPanel.prototype.takeHeapSnapshot):
        (WebInspector.ProfilesPanel.prototype._reportHeapSnapshotProgress):
        * inspector/front-end/SidebarTreeElement.js:
        (WebInspector.SidebarTreeElement.prototype.refreshTitles):

2011-02-02  David Hyatt  <hyatt@apple.com>

        Reviewed by Darin Adler.

        More conversion from right()/bottom() to maxX()/maxY().

        * platform/win/PopupMenuWin.cpp:
        (WebCore::PopupMenuWin::calculatePositionAndSize):
        (WebCore::PopupMenuWin::paint):

2011-02-02  David Hyatt  <hyatt@apple.com>

        Reviewed by Darin Adler.

        Removal of right()/bottom().  Replace with maxX() and maxY().  Still converting.  Haven't removed yet.

        * platform/chromium/PopupMenuChromium.cpp:
        (WebCore::PopupContainer::layoutAndCalculateWidgetRect):
        (WebCore::PopupListBox::scrollToRevealRow):
        (WebCore::PopupListBox::layout):
        * platform/graphics/FloatRect.h:
        * platform/graphics/IntRect.h:
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::getImageData):
        (WebCore::putImageData):
        * platform/graphics/chromium/GLES2Canvas.cpp:
        (WebCore::GLES2Canvas::drawTexturedRect):
        * platform/graphics/chromium/LayerRendererChromium.cpp:
        (WebCore::LayerRendererChromium::verticalScrollbarRect):
        (WebCore::LayerRendererChromium::horizontalScrollbarRect):
        (WebCore::LayerRendererChromium::setScissorToRect):
        (WebCore::LayerRendererChromium::setDrawViewportRect):
        * platform/graphics/chromium/LayerTilerChromium.cpp:
        (WebCore::LayerTilerChromium::contentRectToTileIndices):
        (WebCore::LayerTilerChromium::growLayerToContain):
        * platform/graphics/gpu/TilingData.cpp:
        (WebCore::TilingData::tileBoundsWithBorder):
        (WebCore::TilingData::overlappedTileIndices):
        * platform/graphics/qt/ImageBufferQt.cpp:
        (WebCore::getImageData):
        (WebCore::putImageData):
        * platform/graphics/skia/FloatRectSkia.cpp:
        (WebCore::FloatRect::operator SkRect):
        * platform/graphics/skia/ImageBufferSkia.cpp:
        (WebCore::getImageData):
        (WebCore::putImageData):
        * platform/graphics/skia/IntRectSkia.cpp:
        (WebCore::IntRect::operator SkIRect):
        (WebCore::IntRect::operator SkRect):
        * platform/graphics/skia/PlatformContextSkia.cpp:
        (WebCore::PlatformContextSkia::beginLayerClippedToImage):
        * platform/graphics/win/GraphicsContextWin.cpp:
        (WebCore::GraphicsContextPlatformPrivate::clip):
        * platform/graphics/win/IntRectWin.cpp:
        (WebCore::IntRect::operator RECT):
        * platform/graphics/win/UniscribeController.cpp:
        (WebCore::UniscribeController::shapeAndPlaceItem):
        * platform/graphics/wince/GraphicsContextWinCE.cpp:
        (WebCore::roundRect):
        (WebCore::mapRect):
        (WebCore::TransparentLayerDC::TransparentLayerDC):
        (WebCore::GraphicsContext::drawRect):
        (WebCore::GraphicsContext::drawEllipse):
        (WebCore::GraphicsContext::strokeArc):
        (WebCore::GraphicsContext::clip):
        (WebCore::GraphicsContext::clipOut):
        (WebCore::GraphicsContext::strokeRect):
        * platform/image-decoders/gif/GIFImageDecoder.cpp:
        (WebCore::GIFImageDecoder::initFrameBuffer):
        * platform/win/PopupMenuWin.cpp:
        (WebCore::PopupMenuWin::calculatePositionAndSize):
        (WebCore::PopupMenuWin::paint):
        * plugins/win/PluginViewWin.cpp:
        (WebCore::PluginView::updatePluginWidget):
        (WebCore::PluginView::invalidateRect):
        * rendering/RenderThemeSafari.cpp:
        (WebCore::RenderThemeSafari::paintMenuListButtonGradients):
        (WebCore::RenderThemeSafari::paintMenuListButton):
        (WebCore::RenderThemeSafari::paintSliderTrack):
        * rendering/RenderThemeWin.cpp:
        (WebCore::RenderThemeWin::paintInnerSpinButton):
        (WebCore::RenderThemeWin::paintMenuListButton):

2011-02-02  Antti Koivisto  <antti@apple.com>

        Reviewed by Maciej Stachowiak.

        Use Vector instead of a linked list for rules in CSSStyleSelector
        https://bugs.webkit.org/show_bug.cgi?id=53581
        
        - eliminate CSSRuleDataList, replace with Vector<RuleData>
        - rename CSSRuleData -> RuleData and CSSRuleSet -> RuleSet 
          (these are selector internal classes, CSS prefix is better reserved for public ones).
        - constify a bit
        - shrink the vectors to fit after collecting the rules

        * css/CSSStyleSelector.cpp:
        (WebCore::RuleData::RuleData):
        (WebCore::RuleData::position):
        (WebCore::RuleData::rule):
        (WebCore::RuleData::selector):
        (WebCore::RuleSet::disableAutoShrinkToFit):
        (WebCore::RuleSet::getIDRules):
        (WebCore::RuleSet::getClassRules):
        (WebCore::RuleSet::getTagRules):
        (WebCore::RuleSet::getPseudoRules):
        (WebCore::RuleSet::getUniversalRules):
        (WebCore::RuleSet::getPageRules):
        (WebCore::collectSiblingRulesInDefaultStyle):
        (WebCore::CSSStyleSelector::CSSStyleSelector):
        (WebCore::loadFullDefaultStyle):
        (WebCore::loadSimpleDefaultStyle):
        (WebCore::loadViewSourceStyle):
        (WebCore::CSSStyleSelector::matchRules):
        (WebCore::CSSStyleSelector::matchRulesForList):
        (WebCore::operator >):
        (WebCore::operator <=):
        (WebCore::CSSStyleSelector::sortMatchedRules):
        (WebCore::CSSStyleSelector::matchUARules):
        (WebCore::RuleSet::RuleSet):
        (WebCore::RuleSet::~RuleSet):
        (WebCore::RuleSet::addToRuleSet):
        (WebCore::RuleSet::addRule):
        (WebCore::RuleSet::addPageRule):
        (WebCore::RuleSet::addRulesFromSheet):
        (WebCore::RuleSet::addStyleRule):
        (WebCore::collectIdsAndSiblingRulesFromList):
        (WebCore::RuleSet::collectIdsAndSiblingRules):
        (WebCore::shrinkMapVectorsToFit):
        (WebCore::RuleSet::shrinkToFit):
        (WebCore::CSSStyleSelector::matchPageRules):
        (WebCore::CSSStyleSelector::matchPageRulesForList):
        * css/CSSStyleSelector.h:
        (WebCore::CSSStyleSelector::addMatchedRule):

2011-02-02  Andrey Adaikin  <aandrey@google.com>

        Reviewed by Pavel Feldman.

        Web Inspector: Use DIVs instead of TABLE in TextViewer
        https://bugs.webkit.org/show_bug.cgi?id=53299

        * inspector/front-end/SourceFrame.js:
        (WebInspector.SourceFrame.prototype._createTextViewer):
        (WebInspector.SourceFrame.prototype._mouseDown):
        * inspector/front-end/TextViewer.js:
        (WebInspector.TextViewer):
        (WebInspector.TextViewer.prototype.set mimeType):
        (WebInspector.TextViewer.prototype.revealLine):
        (WebInspector.TextViewer.prototype.addDecoration):
        (WebInspector.TextViewer.prototype.removeDecoration):
        (WebInspector.TextViewer.prototype.markAndRevealRange):
        (WebInspector.TextViewer.prototype.highlightLine):
        (WebInspector.TextViewer.prototype.clearLineHighlight):
        (WebInspector.TextViewer.prototype.freeCachedElements):
        (WebInspector.TextViewer.prototype._handleKeyDown):
        (WebInspector.TextViewer.prototype.editLine.finishEditing):
        (WebInspector.TextViewer.prototype.editLine):
        (WebInspector.TextViewer.prototype.beginUpdates):
        (WebInspector.TextViewer.prototype.endUpdates):
        (WebInspector.TextViewer.prototype.resize):
        (WebInspector.TextViewer.prototype._textChanged):
        (WebInspector.TextViewer.prototype._updatePanelOffsets):
        (WebInspector.TextViewer.prototype._syncScroll):
        (WebInspector.TextViewer.prototype._syncDecorationsForLine):
        (WebInspector.TextEditorChunkedPanel):
        (WebInspector.TextEditorChunkedPanel.prototype.set syncScrollListener):
        (WebInspector.TextEditorChunkedPanel.prototype.get textModel):
        (WebInspector.TextEditorChunkedPanel.prototype.addDecoration):
        (WebInspector.TextEditorChunkedPanel.prototype.removeDecoration):
        (WebInspector.TextEditorChunkedPanel.prototype.revealLine):
        (WebInspector.TextEditorChunkedPanel.prototype.makeLineAChunk):
        (WebInspector.TextEditorChunkedPanel.prototype.textChanged):
        (WebInspector.TextEditorChunkedPanel.prototype.beginUpdates):
        (WebInspector.TextEditorChunkedPanel.prototype.endUpdates):
        (WebInspector.TextEditorChunkedPanel.prototype.resize):
        (WebInspector.TextEditorChunkedPanel.prototype._scroll):
        (WebInspector.TextEditorChunkedPanel.prototype._scheduleRepaintAll):
        (WebInspector.TextEditorChunkedPanel.prototype._buildChunks):
        (WebInspector.TextEditorChunkedPanel.prototype._repaintAll):
        (WebInspector.TextEditorChunkedPanel.prototype._chunkNumberForLine):
        (WebInspector.TextEditorChunkedPanel.prototype._chunkForLine):
        (WebInspector.TextEditorGutterPanel):
        (WebInspector.TextEditorGutterPanel.prototype.freeCachedElements):
        (WebInspector.TextEditorGutterPanel.prototype._createNewChunk):
        (WebInspector.TextEditorGutterPanel.prototype._expandChunks):
        (WebInspector.TextEditorGutterChunk):
        (WebInspector.TextEditorGutterChunk.prototype.get expanded):
        (WebInspector.TextEditorGutterChunk.prototype.set expanded):
        (WebInspector.TextEditorGutterChunk.prototype.get height):
        (WebInspector.TextEditorGutterChunk.prototype._createRow):
        (WebInspector.TextEditorMainPanel):
        (WebInspector.TextEditorMainPanel.prototype.set syncDecorationsForLine):
        (WebInspector.TextEditorMainPanel.prototype.set mimeType):
        (WebInspector.TextEditorMainPanel.prototype.markAndRevealRange):
        (WebInspector.TextEditorMainPanel.prototype.highlightLine):
        (WebInspector.TextEditorMainPanel.prototype.clearLineHighlight):
        (WebInspector.TextEditorMainPanel.prototype.freeCachedElements):
        (WebInspector.TextEditorMainPanel.prototype._buildChunks):
        (WebInspector.TextEditorMainPanel.prototype._createNewChunk):
        (WebInspector.TextEditorMainPanel.prototype._expandChunks):
        (WebInspector.TextEditorMainPanel.prototype._highlightDataReady):
        (WebInspector.TextEditorMainPanel.prototype._paintLines):
        (WebInspector.TextEditorMainPanel.prototype._paintLine):
        (WebInspector.TextEditorMainPanel.prototype._releaseLinesHighlight):
        (WebInspector.TextEditorMainPanel.prototype._getSelection):
        (WebInspector.TextEditorMainPanel.prototype._restoreSelection):
        (WebInspector.TextEditorMainPanel.prototype._selectionToPosition):
        (WebInspector.TextEditorMainPanel.prototype._positionToSelection):
        (WebInspector.TextEditorMainPanel.prototype._appendTextNode):
        (WebInspector.TextEditorMainPanel.prototype._handleDomUpdates):
        (WebInspector.TextEditorMainChunk):
        (WebInspector.TextEditorMainChunk.prototype.addDecoration):
        (WebInspector.TextEditorMainChunk.prototype.set expanded):
        (WebInspector.TextEditorMainChunk.prototype.get height):
        (WebInspector.TextEditorMainChunk.prototype.getExpandedLineRow):
        (WebInspector.TextEditorMainChunk.prototype._createRow):
        (WebInspector):
        * inspector/front-end/textViewer.css:
        (.text-editor-lines):
        (.text-editor-contents):
        (.text-editor-editable):
        (.webkit-line-decorations):
        (.webkit-line-number):
        (.webkit-execution-line.webkit-line-content):
        (.diff-container .webkit-added-line.webkit-line-content):
        (.diff-container .webkit-removed-line.webkit-line-content):
        (.diff-container .webkit-changed-line.webkit-line-content):
        (.webkit-highlighted-line.webkit-line-content):

2011-02-02  Hans Wennborg  <hans@chromium.org>

        Reviewed by Jeremy Orlow.

        IndexedDB: Implement support for cursor updates
        https://bugs.webkit.org/show_bug.cgi?id=53421

        Implement support for cursor updates using the same pattern as cursor
        deletes: forward the calls to the IDBObjectStoreBackend::put().
        The put() function's signature needs to be changed to allow for a
        "cursor update mode". This makes the signature more clear anyway,
        since it replaces the boolean parameter.

        Test: storage/indexeddb/cursor-update.html

        * storage/IDBCursor.idl:
        * storage/IDBCursorBackendImpl.cpp:
        (WebCore::IDBCursorBackendImpl::key):
        (WebCore::IDBCursorBackendImpl::update):
        * storage/IDBCursorBackendImpl.h:
        * storage/IDBObjectStore.cpp:
        (WebCore::IDBObjectStore::add):
        (WebCore::IDBObjectStore::put):
        * storage/IDBObjectStoreBackendImpl.cpp:
        (WebCore::IDBObjectStoreBackendImpl::put):
        (WebCore::IDBObjectStoreBackendImpl::putInternal):
        * storage/IDBObjectStoreBackendImpl.h:
        * storage/IDBObjectStoreBackendInterface.h:

2011-02-02  Naoki Takano  <takano.naoki@gmail.com>

        Reviewed by Kent Tamura.

        Fix popup menu RTL bug introduced by Changeset 75982.
        https://bugs.webkit.org/show_bug.cgi?id=53567

        PopupMenuChromium::layout() calculates X position according to RTL or not. So Change the X position calculation in layoutAndCalculateWidgetRect().

        No new tests. However we can check manually with select_dropdown_box_alignment.html, autofill_alignment.html, select_alignment.html, select_dropdown_box_alignment.html, autofill-popup-width-and-item-direction.html

        * platform/chromium/PopupMenuChromium.cpp:
        (WebCore::PopupContainer::layoutAndCalculateWidgetRect): Fix calculation of x position, because layout() considers RTL. And change the parameter from both X and Y positions to only Y position.
        (WebCore::PopupContainer::showPopup): Change the passing parameter.
        (WebCore::PopupContainer::refresh): Change the passing parameter.
        * platform/chromium/PopupMenuChromium.h: Change the parameter declaration.

2011-02-02  Alejandro G. Castro  <alex@igalia.com>

        Reviewed by Martin Robinson.

        [GTK] Fix dist compilation
        https://bugs.webkit.org/show_bug.cgi?id=53579

        * GNUmakefile.am: Added FontWidthVariant.h to the sources, it was
        added in r77153.

2011-02-02  Dai Mikurube  <dmikurube@google.com>

        Reviewed by David Levin.

        Make mime type lookup in File::create(path) thread-safe
        https://bugs.webkit.org/show_bug.cgi?id=47700

        This patch introduces a new function MIMETypeRegistry::getMIMETypeForExtensionThreadSafe().
        The function is to be called as a thread-safe version of getMIMETypeForExtension() when
        both FILE_SYSTEM and WORKERS are enabled.

        No tests for this patch. This patch itself doesn't change the behaviors.
        For Chromium, it runs in the same way with getMIMETypeForExtensionThreadSafe().
        For the other platforms, it causes compilation error in case of enabled FILE_SYSTEM and WORKERS.
        The compilation error would be a signal to implement getMIMETypeForExtensionThreadSafe() in these
        platforms. Currently it doesn't happen since FILE_SYSTEM is not available in the other platforms.

        * platform/MIMETypeRegistry.cpp: Defined generic getMIMETypeForExtension() calling getMIMETypeForExtensionThreadSafe() for enabled FILE_SYSTEM and WORKERS.
        (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
        * platform/MIMETypeRegistry.h: Declared getMIMETypeForExtensionThreadSafe() which should be implemented for each platform.
        * platform/android/TemporaryLinkStubs.cpp:
        (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
        * platform/brew/MIMETypeRegistryBrew.cpp:
        (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
        * platform/chromium/MIMETypeRegistryChromium.cpp: Defined getMIMETypeForExtensionThreadSafe() for the case when FILE_SYSTEM and WORKERS are enabled.
        (WebCore::MIMETypeRegistry::getMIMETypeForExtensionThreadSafe):
        * platform/efl/MIMETypeRegistryEfl.cpp:
        (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
        * platform/gtk/MIMETypeRegistryGtk.cpp:
        (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
        * platform/haiku/MIMETypeRegistryHaiku.cpp:
        (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
        * platform/mac/MIMETypeRegistryMac.mm:
        (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
        * platform/qt/MIMETypeRegistryQt.cpp:
        (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
        * platform/win/MIMETypeRegistryWin.cpp:
        (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
        * platform/wince/MIMETypeRegistryWinCE.cpp:
        (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
        * platform/wx/MimeTypeRegistryWx.cpp:
        (WebCore::MIMETypeRegistry::getMIMETypeForExtension):

2011-02-01  Adam Barth  <abarth@webkit.org>

        Reviewed by Alexey Proskuryakov.

        Improve readability of updateWidget by converting bool parameter to an enum
        https://bugs.webkit.org/show_bug.cgi?id=53576

        As requested on webkit-dev.

        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::updateWidget):
        * html/HTMLEmbedElement.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::updateWidget):
        * html/HTMLMediaElement.h:
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::updateWidget):
        * html/HTMLObjectElement.h:
        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary):
        * html/HTMLPlugInImageElement.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::updateWidget):

2011-02-01  James Robinson  <jamesr@chromium.org>

        Reviewed by Adam Barth.

        [v8] Increase V8 native->js recursion limit to match document.write() recursion limit
        https://bugs.webkit.org/show_bug.cgi?id=53566

        A recursion limit of 22 is necessary to pass fast/dom/Document/document-write-recursion.html.
        Other than being large enough for this one test case, this limit is arbitrary.

        * bindings/v8/V8Proxy.h:

2011-02-01  Adam Barth  <abarth@webkit.org>

        Reviewed by Andreas Kling.

        Remove useless comment
        https://bugs.webkit.org/show_bug.cgi?id=53549

        The reason for this parameter is captured in
        plugins/netscape-plugin-setwindow-size.html, which is a better place to
        capture it than in this comment (which otherwise just re-iterates the
        name of the parameter).

        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary):

2011-02-01  James Simonsen  <simonjam@chromium.org>

        Reviewed by Tony Gentilcore.

        [WebTiming] Remove asserts that verify timestamp order
        https://bugs.webkit.org/show_bug.cgi?id=53548

        Covered by existing tests.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::stopLoading): Remove assert.
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::dispatchTimedEvent): Ditto.

2011-02-01  Dimitri Glazkov  <dglazkov@chromium.org>

        Add the 'default_targets' enclosure to the flags.

        * WebCore.gyp/WebCore.gyp: Did it.

2011-02-01  Mihai Parparita  <mihaip@chromium.org>

        Reviewed by James Robinson.

        Async event handlers should not fire within a modal dialog
        https://bugs.webkit.org/show_bug.cgi?id=53202

        Asychronous events that use EventQueue would currently fire while a
        modal dialog (e.g. window.alert()) was up. Change EventQueue to use a
        SuspendableTimer (which automatically gets suspended while dialogs are
        up and in other cases where JS execution is not allowed).
        
        Test: fast/events/scroll-event-during-modal-dialog.html

        * dom/Document.cpp:
        (WebCore::Document::Document):
        * dom/EventQueue.cpp:
        (WebCore::EventQueueTimer::EventQueueTimer):
        (WebCore::EventQueueTimer::fired):
        (WebCore::EventQueue::EventQueue):
        (WebCore::EventQueue::enqueueEvent):
        (WebCore::EventQueue::pendingEventTimerFired):
        * dom/EventQueue.h:
        (WebCore::EventQueue::create):
        * page/SuspendableTimer.cpp:
        (WebCore::SuspendableTimer::SuspendableTimer):
        (WebCore::SuspendableTimer::suspend):
        (WebCore::SuspendableTimer::resume):
        * page/SuspendableTimer.h:

2011-02-01  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Andreas Kling.

        Change wrong PLATFORM(WIN) to USE(WININET)
        https://bugs.webkit.org/show_bug.cgi?id=53547

        * platform/network/ResourceHandle.h:

2011-02-01  Beth Dakin  <bdakin@apple.com>

        32-bit build fix.

        * platform/mac/ScrollAnimatorMac.mm:
        (-[ScrollbarPainterControllerDelegate contentAreaRectForScrollerImpPair:]):

2011-01-25  Martin Robinson  <mrobinson@igalia.com>

        Reviewed by Gustavo Noronha Silva.

        [GTK] Two tests crash after r76555
        https://bugs.webkit.org/show_bug.cgi?id=53057

        Instead of creating synchronous ResourceHandles manually, use the ::create factory.
        This ensures that ::start() is not called when there is a scheduled failure and also
        reduces code duplication.

        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::ResourceHandle::loadResourceSynchronously): Use the ::create factory method.

2011-02-01  Martin Robinson  <mrobinson@igalia.com>

        Reviewed by Eric Seidel.

        [GTK] GObject DOM bindings do no support the CallWith attribute
        https://bugs.webkit.org/show_bug.cgi?id=53331

        Disable building GObject DOM bindings for IndexedDB because we do not support
        the CallWith attribute at this time.

        * bindings/gobject/GNUmakefile.am: Disable building bindings for the IndexedDB API.

2011-02-01  Darin Adler  <darin@apple.com>

        Reviewed by Brady Eidson.

        Fix a couple loose ends from the back/forward tree encode/decode work
        https://bugs.webkit.org/show_bug.cgi?id=53537

        * history/HistoryItem.cpp:
        (WebCore::HistoryItem::encodeBackForwardTreeNode): Remove extra copy of
        original URL string; no need to encode it twice.
        (WebCore::HistoryItem::decodeBackForwardTree): Ditto.
        * history/HistoryItem.h: Removed declaration for function that is no
        longer defined nor used.

2011-02-01  Tony Chang  <tony@chromium.org>

        Reviewed by Kent Tamura.

        [chromium] disable arm uninitialized variable warnings
        https://bugs.webkit.org/show_bug.cgi?id=53553

        We just got another error:
        third_party/WebKit/Source/WebCore/css/CSSPrimitiveValue.cpp:123:error:
        'colorTransparent.unstatic.4879' may be used uninitialized in this
        function

        * WebCore.gyp/WebCore.gyp:

2011-02-01  chris reiss  <christopher.reiss@nokia.com>

        Reviewed by Adam Barth.

        Self-replicating code makes Safari hang and eventually crash
        https://bugs.webkit.org/show_bug.cgi?id=15123

       
        Here we are replicating the Firefox safeguard against
        recursive document.write( ) 's.

        See  https://bug197052.bugzilla.mozilla.org/attachment.cgi?id=293907 in bug 
        https://bugzilla.mozilla.org/show_bug.cgi?id=197052 .   Firefox does two things - 
            a) imposes a recursion limit of 20 on document.write( ) and
            b) once that limit is passed, panics all the way the call stack (rather than just returning one level.)
        To see why this is necessary, consider the script : 

        <script>
           var t = document.body.innerHTML;
           document.write(t);
        </script> 

        This will create a tree both broad and deep as the script keeps appending itself to the text.   If
        we just return one level after the recursion limit is reached, we still allow millions of copies to 
        duplicate (and execute).   

        The recursion is fortunately depth-first, so as soon as we cross this limit, we panic up the callstack
        to prevent this situation.    (IE apparently does the same thing, with a lower recursion limit.) 

        Test: fast/dom/Document/document-write-recursion.html        
        Test: fast/dom/Document/document-close-iframe-load.html
        Test: fast/dom/Document/document-close-nested-iframe-load.html


        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::write):
        * dom/Document.h:

2011-02-01  Johnny Ding  <jnd@chromium.org>

        Reviewed by Darin Adler.

        Don't set user gesture in HTMLAnchorElement's click handler because the click handler can be triggered by untrusted event.
        https://bugs.webkit.org/show_bug.cgi?id=53424

        Test: fast/events/popup-blocked-from-untrusted-click-event-on-anchor.html

        * html/HTMLAnchorElement.cpp:
        (WebCore::handleLinkClick):

2011-02-01  Csaba Osztrogonác  <ossy@webkit.org>

        Unreviewed Qt buildfix after r77286.

        https://bugs.webkit.org/show_bug.cgi?id=53520 
        Remove the physical terminology from IntRect and FloatRect.

        * platform/graphics/TiledBackingStore.cpp:
        (WebCore::TiledBackingStore::createTiles):

2011-02-01  Sam Weinig  <sam@webkit.org>

        Fix Mac production builds.

        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/mac/ScrollAnimatorMac.h:
        * platform/mac/ScrollbarThemeMac.h:

2011-02-01  Darin Adler  <darin@apple.com>

        Reviewed by Chris Fleizach.

        REGRESSION: Removing focus from area element causes unwanted scrolling
        https://bugs.webkit.org/show_bug.cgi?id=50169

        Test: fast/images/imagemap-scroll.html

        * html/HTMLAreaElement.cpp:
        (WebCore::HTMLAreaElement::setFocus): Added override. Calls the new
        RenderImage::areaElementFocusChanged function.
        (WebCore::HTMLAreaElement::updateFocusAppearance): Removed the code
        here that calls setNeedsLayout on the image's renderer. This was an
        attempt to cause repaint of the renderer, but this function does not
        need to do that. Also changed this to use the imageElement function
        to avoid repeating code.

        * html/HTMLAreaElement.h: Updated for above changes.

        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paint): Updated for name change.
        (WebCore::RenderImage::paintAreaElementFocusRing): Renamed this from
        paintFocusRing, because it only paints area focus rings, and should
        not be confused with paintFocusRing functions in other classes. Also
        removed the unused style argument. Removed the code that used an
        HTMLCollection to see if the focused area element is for this image
        and instead just call imageElement on the area element.
        (WebCore::RenderImage::areaElementFocusChanged): Added. Calls repaint.

        * rendering/RenderImage.h: Added a public areaElementFocusChanged
        function for HTMLAreaElement to call. Made the paintFocusRing function
        private, renamed it to paintAreaElementFocusRing, and removed its
        unused style argument.

2011-02-01  Patrick Gansterer  <paroga@webkit.org>

        Unreviewed WinCE build fix for r77286.

        * platform/graphics/wince/GraphicsContextWinCE.cpp:
        (WebCore::TransparentLayerDC::TransparentLayerDC):

2011-02-01  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Darin Adler.

        AX: AXPosition of AXScrollArea is wrong
        https://bugs.webkit.org/show_bug.cgi?id=53511

        AccessibilityScrollView needed to return a valid documentFrameView() object.
        At the same time, the code from document() should be consolidated in 
        AccessibilityObject, so all objects can use it.

        Test: platform/mac/accessibility/webkit-scrollarea-position.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::document):
        * accessibility/AccessibilityObject.h:
        * accessibility/AccessibilityScrollView.cpp:
        (WebCore::AccessibilityScrollView::accessibilityHitTest):
        (WebCore::AccessibilityScrollView::documentFrameView):
        * accessibility/AccessibilityScrollView.h:

2011-02-01  Zhenyao Mo  <zmo@google.com>

        Reviewed by Kenneth Russell.

        getUniform should support SAMPLER_2D or SAMPLER_CUBE
        https://bugs.webkit.org/show_bug.cgi?id=52190

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::getUniform):

2011-02-01  Zhenyao Mo  <zmo@google.com>

        Reviewed by Darin Adler.

        Fix the incorrect usage of RetainPtr cases in GraphicsContext3DCG.cpp
        https://bugs.webkit.org/show_bug.cgi?id=53531

        With this fix, running WebGL conformance tests should no longer crash randomly.

        * platform/graphics/cg/GraphicsContext3DCG.cpp:
        (WebCore::GraphicsContext3D::getImageData):

2011-02-01  Dimitri Glazkov  <dglazkov@chromium.org>

        One more Chromium build fix after r77286.

        * platform/chromium/ScrollbarThemeChromiumMac.mm:
        (WebCore::ScrollbarThemeChromiumMac::paint): Changed to not use topLeft().

2011-02-01  Sam Weinig  <sam@webkit.org>

        Fix the build for Beth.

        * platform/mac/ScrollAnimatorMac.mm:
        (-[ScrollbarPainterControllerDelegate inLiveResizeForScrollerImpPair:]):

2011-02-01  Sam Weinig  <sam@webkit.org>

        Reviewed by Beth Dakin.

        Part 2 for <rdar://problem/8492788>
        Adopt WKScrollbarPainterController

        Use header detection to define scrollbar painting controller #define.

        * WebCore.exp.in:
        * platform/mac/ScrollAnimatorMac.h:
        * platform/mac/ScrollbarThemeMac.h:
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:

2011-02-01  David Hyatt  <hyatt@apple.com>

        Reviewed by Oliver Hunt.

        https://bugs.webkit.org/show_bug.cgi?id=53520
        
        Remove the physical terminology from IntRect and FloatRect.
        
        Now that we have flipped RenderBlocks for vertical-rl and horizontal-bt writing modes,
        we need to update our terminology to be more accurate.

        I'm borrowing a page from AppKit here (which also supports flipped NSViews) and
        renaming right() and bottom() to maxX() and maxY().  These terms remain accurate
        even for flipped rectangles.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::boundsForVisiblePositionRange):
        * accessibility/mac/AccessibilityObjectWrapper.mm:
        (-[AccessibilityObjectWrapper position]):
        * dom/ClientRect.h:
        (WebCore::ClientRect::right):
        (WebCore::ClientRect::bottom):
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::convertLogicalToDevice):
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::normalizeRect):
        * inspector/InspectorAgent.cpp:
        (WebCore::InspectorAgent::drawElementTitle):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::adjustWindowRect):
        * page/DragController.cpp:
        (WebCore::dragLocForSelectionDrag):
        * page/EventHandler.cpp:
        (WebCore::EventHandler::sendContextMenuEventForKey):
        * page/PrintContext.cpp:
        (WebCore::PrintContext::computePageRectsWithPageSizeInternal):
        (WebCore::PrintContext::pageNumberForElement):
        * page/SpatialNavigation.cpp:
        (WebCore::end):
        (WebCore::areRectsFullyAligned):
        (WebCore::areRectsMoreThanFullScreenApart):
        (WebCore::below):
        (WebCore::rightOf):
        (WebCore::isRectInDirection):
        (WebCore::entryAndExitPointsForDirection):
        (WebCore::virtualRectForDirection):
        * page/WindowFeatures.cpp:
        (WebCore::WindowFeatures::WindowFeatures):
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::wheelEvent):
        * platform/Scrollbar.cpp:
        (WebCore::Scrollbar::setFrameRect):
        * platform/ScrollbarThemeComposite.cpp:
        (WebCore::ScrollbarThemeComposite::splitTrack):
        * platform/chromium/ScrollbarThemeChromium.cpp:
        (WebCore::ScrollbarThemeChromium::paintTickmarks):
        * platform/graphics/FloatQuad.h:
        (WebCore::FloatQuad::FloatQuad):
        * platform/graphics/FloatRect.cpp:
        (WebCore::FloatRect::intersects):
        (WebCore::FloatRect::contains):
        (WebCore::FloatRect::intersect):
        (WebCore::FloatRect::unite):
        (WebCore::enclosingIntRect):
        * platform/graphics/FloatRect.h:
        (WebCore::FloatRect::maxX):
        (WebCore::FloatRect::maxY):
        (WebCore::FloatRect::contains):
        * platform/graphics/IntRect.cpp:
        (WebCore::IntRect::intersects):
        (WebCore::IntRect::contains):
        (WebCore::IntRect::intersect):
        (WebCore::IntRect::unite):
        * platform/graphics/IntRect.h:
        (WebCore::IntRect::maxX):
        (WebCore::IntRect::maxY):
        (WebCore::IntRect::shiftXEdgeTo):
        (WebCore::IntRect::shiftMaxXEdgeTo):
        (WebCore::IntRect::shiftYEdgeTo):
        (WebCore::IntRect::shiftMaxYEdgeTo):
        (WebCore::IntRect::contains):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::advance):
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::drawRect):
        (WebCore::GraphicsContext::fillPath):
        (WebCore::GraphicsContext::fillRect):
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::getImageData):
        (WebCore::putImageData):
        * platform/graphics/cg/ImageCG.cpp:
        (WebCore::BitmapImage::draw):
        * platform/graphics/filters/FilterEffect.cpp:
        (WebCore::FilterEffect::copyImageBytes):
        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::ComplexTextController::adjustGlyphsAndAdvances):
        * platform/graphics/mac/SimpleFontDataMac.mm:
        (WebCore::SimpleFontData::platformBoundsForGlyph):
        * platform/graphics/transforms/AffineTransform.cpp:
        (WebCore::AffineTransform::mapRect):
        * platform/graphics/win/FontCGWin.cpp:
        (WebCore::drawGDIGlyphs):
        * platform/graphics/win/MediaPlayerPrivateQuickTimeWin.cpp:
        (WebCore::MediaPlayerPrivate::paint):
        * platform/gtk/RenderThemeGtk.cpp:
        (WebCore::centerRectVerticallyInParentInputElement):
        * platform/mac/WidgetMac.mm:
        (WebCore::Widget::paint):
        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::addBoxShadowVisualOverflow):
        (WebCore::InlineFlowBox::addTextBoxVisualOverflow):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::selectionRect):
        (WebCore::InlineTextBox::paint):
        (WebCore::InlineTextBox::positionForOffset):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::addOverflowFromChildren):
        (WebCore::RenderBlock::paintChildren):
        (WebCore::RenderBlock::paintEllipsisBoxes):
        (WebCore::RenderBlock::inlineSelectionGaps):
        (WebCore::RenderBlock::adjustPointToColumnContents):
        (WebCore::RenderBlock::flipForWritingModeIncludingColumns):
        (WebCore::RenderBlock::adjustForColumns):
        * rendering/RenderBlock.h:
        (WebCore::RenderBlock::FloatingObject::right):
        (WebCore::RenderBlock::FloatingObject::bottom):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::reflectedRect):
        (WebCore::RenderBox::localCaretRect):
        (WebCore::RenderBox::addShadowOverflow):
        (WebCore::RenderBox::addLayoutOverflow):
        (WebCore::RenderBox::visualOverflowRectForPropagation):
        (WebCore::RenderBox::layoutOverflowRectForPropagation):
        (WebCore::RenderBox::flipForWritingMode):
        * rendering/RenderFrameSet.cpp:
        (WebCore::RenderFrameSet::paintColumnBorder):
        (WebCore::RenderFrameSet::paintRowBorder):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::paintOutlineForLine):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::getRectToExpose):
        (WebCore::cornerRect):
        (WebCore::RenderLayer::positionOverflowControls):
        (WebCore::RenderLayer::overflowBottom):
        (WebCore::RenderLayer::overflowRight):
        (WebCore::RenderLayer::paintResizer):
        * rendering/RenderLineBoxList.cpp:
        (WebCore::RenderLineBoxList::rangeIntersectsRect):
        (WebCore::RenderLineBoxList::paint):
        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::positionListMarker):
        * rendering/RenderListMarker.cpp:
        (WebCore::RenderListMarker::paint):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::repaintAfterLayoutIfNeeded):
        * rendering/RenderOverflow.h:
        (WebCore::RenderOverflow::RenderOverflow):
        (WebCore::RenderOverflow::addLayoutOverflow):
        (WebCore::RenderOverflow::addVisualOverflow):
        (WebCore::RenderOverflow::setLayoutOverflow):
        (WebCore::RenderOverflow::setVisualOverflow):
        (WebCore::RenderOverflow::resetLayoutOverflow):
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::shouldPaint):
        * rendering/RenderScrollbarTheme.cpp:
        (WebCore::RenderScrollbarTheme::constrainTrackRectToTrackPieces):
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::paint):
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::paint):
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::paintObject):
        * rendering/RenderText.cpp:
        (WebCore::RenderText::absoluteQuads):
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::forwardEvent):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintMenuListButtonGradients):
        (WebCore::RenderThemeMac::paintMenuListButton):
        (WebCore::RenderThemeMac::paintSliderTrack):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::computeRectForRepaint):
        (WebCore::RenderView::docBottom):
        (WebCore::RenderView::docRight):
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::paddedLayoutOverflowRect):
        * rendering/svg/RenderSVGInlineText.cpp:
        (WebCore::RenderSVGInlineText::localCaretRect):

2011-02-01  Beth Dakin  <bdakin@apple.com>

        Reviewed by Sam Weinig.

        Fix for <rdar://problem/8492788> Adopt WKScrollbarPainterController

        Lots of new WebCoreSystemInterface functions to export.
        * WebCore.exp.in:
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:

        Let the scrollAnimator know when the mouse has
        moved anywhere inside the page, and when the mouse 
        has moved in or out of the window. 
        * page/EventHandler.cpp:
        (WebCore::EventHandler::mouseMoved):
        (WebCore::EventHandler::updateMouseEventTargetNode):

        Let the scrollAnimator know when the window has become
        active or inactive.
        * page/FocusController.cpp:
        (WebCore::FocusController::setActive):
        
        Let the scrollAnimator know when all of these things
        are happening.
        * page/FrameView.cpp:
        (WebCore::FrameView::setContentsSize):
        (WebCore::FrameView::didMoveOnscreen):
        (WebCore::FrameView::willMoveOffscreen):
        (WebCore::FrameView::currentMousePosition):
        (WebCore::FrameView::contentsResized):
        
        New functions called through WebKit2 that allow the
        scrollAnimator to know when a live resize starts and ends.
        (WebCore::FrameView::willStartLiveResize):
        (WebCore::FrameView::willEndLiveResize):
        * page/FrameView.h:
        
        New functions on ScrollAnimator that pass information
        to the WKPainterController when we're using one.
        * platform/ScrollAnimator.h:
        (WebCore::ScrollAnimator::scrollableArea):
        (WebCore::ScrollAnimator::contentAreaWillPaint):
        (WebCore::ScrollAnimator::mouseEnteredContentArea):
        (WebCore::ScrollAnimator::mouseExitedContentArea):
        (WebCore::ScrollAnimator::mouseMovedInContentArea):
        (WebCore::ScrollAnimator::willStartLiveResize):
        (WebCore::ScrollAnimator::contentsResized):
        (WebCore::ScrollAnimator::willEndLiveResize):
        (WebCore::ScrollAnimator::contentAreaDidShow):
        (WebCore::ScrollAnimator::contentAreaDidHide):
        (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
        (WebCore::ScrollAnimatorMac::scrollbarPainterDelegate):
        (WebCore::ScrollAnimatorMac::setPainterForPainterController):
        (WebCore::ScrollAnimatorMac::removePainterFromPainterController):
        (WebCore::ScrollAnimatorMac::notityPositionChanged):
        (WebCore::ScrollAnimatorMac::contentAreaWillPaint):
        (WebCore::ScrollAnimatorMac::mouseEnteredContentArea):
        (WebCore::ScrollAnimatorMac::mouseExitedContentArea):
        (WebCore::ScrollAnimatorMac::mouseMovedInContentArea):
        (WebCore::ScrollAnimatorMac::willStartLiveResize):
        (WebCore::ScrollAnimatorMac::contentsResized):
        (WebCore::ScrollAnimatorMac::willEndLiveResize):
        (WebCore::ScrollAnimatorMac::contentAreaDidShow):
        (WebCore::ScrollAnimatorMac::contentAreaDidHide):
        
        Let the scrollAnimator know when this is happening.
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::paint):
        
        New function lets the scrollAnimator get the current 
        mouse position.
        * platform/ScrollView.h:
        (WebCore::ScrollView::currentMousePosition):
        
        New function that returns the scrollAnimator when needed.
        * platform/ScrollableArea.h:
        (WebCore::ScrollableArea::scrollAnimator):
        
        Keep track of if we're in a live resize using a new memeber
        variable.
        * platform/mac/ScrollAnimatorMac.h:
        (WebCore::ScrollAnimatorMac::inLiveResize):
        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::view):
        
        New delegates for the WKPainter and WKPainterController
        (-[ScrollbarPainterControllerDelegate initWithScrollAnimator:WebCore::]):
        (-[ScrollbarPainterControllerDelegate contentAreaRectForScrollerImpPair:]):
        (-[ScrollbarPainterControllerDelegate inLiveResizeForScrollerImpPair:]):
        (-[ScrollbarPainterControllerDelegate mouseLocationInContentAreaForScrollerImpPair:]):
        (-[ScrollbarPainterControllerDelegate scrollerImpPair:convertContentPoint:toScrollerImp:]):
        (-[ScrollbarPainterControllerDelegate scrollerImpPair:setContentAreaNeedsDisplayInRect:]):
        (-[ScrollbarPainterControllerDelegate scrollerImpPair:updateScrollerStyleForNewRecommendedScrollerStyle:]):
        (-[ScrollKnobAnimation initWithScrollbarPainter:forScrollAnimator:WebCore::animateKnobAlphaTo:duration:]):
        (-[ScrollKnobAnimation setCurrentProgress:]):
        (-[ScrollbarPainterDelegate initWithScrollAnimator:WebCore::]):
        (-[ScrollbarPainterDelegate convertRectToBacking:]):
        (-[ScrollbarPainterDelegate convertRectFromBacking:]):
        (-[ScrollbarPainterDelegate layer]):
        (-[ScrollbarPainterDelegate setUpAnimation:scrollerPainter:animateKnobAlphaTo:duration:]):
        (-[ScrollbarPainterDelegate scrollerImp:animateKnobAlphaTo:duration:]):
        (-[ScrollbarPainterDelegate scrollerImp:animateTrackAlphaTo:duration:]):
        (-[ScrollbarPainterDelegate scrollerImp:overlayScrollerStateChangedTo:]):

        Get the WKScrollbarPainterRefs to synch up with the 
        WKScrollbarPainterControllerRefs when appropriate
        * platform/mac/ScrollbarThemeMac.h:
        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::ScrollbarThemeMac::registerScrollbar):
        (WebCore::ScrollbarThemeMac::unregisterScrollbar):
        (WebCore::ScrollbarThemeMac::setNewPainterForScrollbar):
        (WebCore::ScrollbarThemeMac::usesOverlayScrollbars):

        Implement ScrollableArea's virtual function contentsSize() for access
        through the scrollAnimator.
        * rendering/RenderLayer.h:
        (WebCore::RenderLayer::contentsSize):

2011-02-01  Carol Szabo  <carol.szabo@nokia.com>

        Reviewed by David Hyatt.

        layoutTestController.counterValueForElementById does not return the correct value
        https://bugs.webkit.org/show_bug.cgi?id=53037

        Test: fast/css/counters/deep-before.html

        * rendering/RenderTreeAsText.cpp:
        (WebCore::counterValueForElement):
        Modified to use the newly available RenderObject::beforePseudoElement()
        and RenderObject::afterPseudoElement() instead of the old imperfect
        algorithm to find the before and after pseudo elements.

2011-02-01  Anton Muhin  <antonm@chromium.org>

        Reviewed by Adam Barth.

        Allow access for security origin same as this.
        https://bugs.webkit.org/show_bug.cgi?id=53440

        Hard to test as newly added path currently is never hit.

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::canAccess): allow access if this == other

2011-01-31  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Update JSObject storage for new marking API
        https://bugs.webkit.org/show_bug.cgi?id=53467

        Update WebCore to handle new anonymous slot behaviour.

        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::setWindow):
        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::initScript):
        * bindings/scripts/CodeGeneratorJS.pm:

2011-02-01  Xiaomei Ji  <xji@chromium.org>

        Reviewed by David Hyatt.

        Fix a text rendering problem when enclosing block is RTL and text runs
        are in different directionality.
        https://bugs.webkit.org/show_bug.cgi?id=34176

        The problem happens in the following example scenario (ABC represents 
        Hebrew characters):
        <div dir=rtl>this is a <span><span>test <span>ABC</span></span></span></div>

        The line consists of 3 text runs -- TextRun1 TextRun2 TextRun3. In which
        TextRun1 and TextRun2's bidi level are 2, and TextRun3's bidi level is 1.
        TextRun2 and TextRun3's least common ancestor is not a sibling of TextRun1.

        The visual bidi run order of the text runs is TextRun3 TextRun1 TextRun2.

        Inside RenderBlock::constructLine(), when RenderBlock::createLineBoxes()
        creates InlineFlowBox for TextRun2, it should check an InlineFlowBox for
        the run's render object's ancestor (not only its parent) has already 
        been constructed or has something following it on the line, in which 
        case, create a new box for TextRun2 instead of sharing the same box with
        TextRun3.

        In other words, the following 2 div should render the same results
        (ABC represents Hebrew characters).
        <div dir=rtl>this is a <span><span>test <span>ABC</span></span></span></div>
        <div dir=rtl>this is a <span>Test <span>ABC</span></span></div>

        Test: fast/dom/34176.html

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::parentIsConstructedOrHaveNext):
        (WebCore::RenderBlock::createLineBoxes):

2011-02-01  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dan Bernstein.

        Do not add a node in the document's stylesheet candidate node list if the
        node is already removed from document.
        https://bugs.webkit.org/show_bug.cgi?id=53441

        Test: fast/css/stylesheet-candidate-nodes-crash.xhtml

        * dom/Document.cpp:
        (WebCore::Document::addStyleSheetCandidateNode):

2011-02-01  Dave Hyatt  <hyatt@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=46422, make printing and pagination work
        with vertical text.

        Change printing functions to check writing-mode and properly swap width and height
        as needed.
        
        Fix the setScrollOrigin function so that the origin doesn't cause
        scroll spasming during printing (this is only partially successful, but it's better
        than it was).

        Rewrite computePageRects to handle both RTL documents properly as well as vertical
        text documents properly.

        * WebCore.exp.in:
        * page/FrameView.cpp:
        (WebCore::FrameView::adjustViewSize):
        (WebCore::FrameView::forceLayoutForPagination):
        * page/PrintContext.cpp:
        (WebCore::PrintContext::computePageRects):
        (WebCore::PrintContext::computePageRectsWithPageSizeInternal):
        (WebCore::PrintContext::computeAutomaticScaleFactor):
        (WebCore::PrintContext::spoolPage):
        (WebCore::PrintContext::spoolRect):
        * page/PrintContext.h:
        * page/mac/WebCoreFrameView.h:
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::wheelEvent):
        * platform/ScrollView.h:
        * platform/mac/ScrollViewMac.mm:
        (WebCore::ScrollView::platformSetScrollOrigin):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::layout):

2011-02-01  Mikhail Naganov  <mnaganov@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: Fix profiles reset to avoid clearing heap profiles in Chromium.

        https://bugs.webkit.org/show_bug.cgi?id=53500

        * inspector/InspectorProfilerAgent.cpp:
        (WebCore::InspectorProfilerAgent::resetFrontendProfiles):

2011-02-01  Mikhail Naganov  <mnaganov@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: [Chromium] Landing detailed heap snapshots, part 1.

        https://bugs.webkit.org/show_bug.cgi?id=53173

        Adding code for accessing heap snapshot data and
        performing graph calculations.

        * English.lproj/localizedStrings.js:
        * inspector/front-end/HeapSnapshot.js:
        (WebInspector.HeapSnapshotArraySlice): Helper class to avoid array contents copying.
        (WebInspector.HeapSnapshotEdge): Wrapper for accessing graph edge properties.
        (WebInspector.HeapSnapshotEdgeIterator):
        (WebInspector.HeapSnapshotNode): Wrapper for accessing graph node properties.
        (WebInspector.HeapSnapshotNodeIterator):
        (WebInspector.HeapSnapshot): Wrapper for the heap snapshot.
        (WebInspector.HeapSnapshotFilteredOrderedIterator):
        (WebInspector.HeapSnapshotEdgesProvider):
        (WebInspector.HeapSnapshotNodesProvider):
        (WebInspector.HeapSnapshotPathFinder):
        * inspector/front-end/HeapSnapshotView.js:
        (WebInspector.HeapSnapshotView.prototype._convertSnapshot):

2011-02-01  Adam Roben  <aroben@apple.com>

        Fix linker warnings in Release_LTCG builds

        * WebCore.vcproj/WebCore.vcproj: Exclude EventNames.cpp and EventTarget.cpp from all
        configurations, since they get pulled in via DOMAllInOne.cpp.

2011-02-01  Alexander Pavlov  <apavlov@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: [Chromium] Wrongly labelled context-menu item for links in Web Inspector's side-pane
        https://bugs.webkit.org/show_bug.cgi?id=53482

        * English.lproj/localizedStrings.js:
        * inspector/front-end/ElementsPanel.js:
        (WebInspector.ElementsPanel.prototype.populateHrefContextMenu):
        * inspector/front-end/inspector.js:
        (WebInspector.resourceForURL):
        (WebInspector.openLinkExternallyLabel):

2011-02-01  Anton Muhin  <antonm@chromium.org>

        Reviewed by Adam Barth.

        Propagate parent document security origin to newly create Document XML response
        https://bugs.webkit.org/show_bug.cgi?id=53444

        Covered by the existing tests.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::responseXML):

2011-02-01  Yury Semikhatsky  <yurys@chromium.org>

        Unreviewed. Rollout r77230 which caused many layout tests
        crashes on Chromium Debug bots.

        Async event handlers should not fire within a modal dialog
        https://bugs.webkit.org/show_bug.cgi?id=53202

        * dom/Document.cpp:
        (WebCore::Document::Document):
        * dom/EventQueue.cpp:
        (WebCore::EventQueue::EventQueue):
        (WebCore::EventQueue::enqueueEvent):
        (WebCore::EventQueue::pendingEventTimerFired):
        * dom/EventQueue.h:

2011-02-01  Zoltan Herczeg  <zherczeg@webkit.org>

        Reviewed by Dirk Schulze.

        LightElement changes does not require relayout.
        https://bugs.webkit.org/show_bug.cgi?id=53232

        When an attribute of a LightElement changes, it
        send an update message to the lighting filters
        to update its corresponding LightSource objects,
        and repaint the filters.

        Duplicated 'id' attributes removed from svg-filter-animation.svg.

        Existing dynamic-update tests covers this feature.

        5x speedup on manual-tests/svg-filter-animation.svg

        * manual-tests/svg-filter-animation.svg:
        * platform/graphics/filters/DistantLightSource.h:
        * platform/graphics/filters/FEDiffuseLighting.cpp:
        (WebCore::FEDiffuseLighting::setLightingColor):
        (WebCore::FEDiffuseLighting::setSurfaceScale):
        (WebCore::FEDiffuseLighting::setDiffuseConstant):
        (WebCore::FEDiffuseLighting::setKernelUnitLengthX):
        (WebCore::FEDiffuseLighting::setKernelUnitLengthY):
        * platform/graphics/filters/FEDiffuseLighting.h:
        * platform/graphics/filters/LightSource.cpp:
        (WebCore::PointLightSource::setX):
        (WebCore::PointLightSource::setY):
        (WebCore::PointLightSource::setZ):
        (WebCore::SpotLightSource::setX):
        (WebCore::SpotLightSource::setY):
        (WebCore::SpotLightSource::setZ):
        (WebCore::SpotLightSource::setPointsAtX):
        (WebCore::SpotLightSource::setPointsAtY):
        (WebCore::SpotLightSource::setPointsAtZ):
        (WebCore::SpotLightSource::setSpecularExponent):
        (WebCore::SpotLightSource::setLimitingConeAngle):
        (WebCore::DistantLightSource::setAzimuth):
        (WebCore::DistantLightSource::setElevation):
        (WebCore::LightSource::setAzimuth):
        (WebCore::LightSource::setElevation):
        (WebCore::LightSource::setX):
        (WebCore::LightSource::setY):
        (WebCore::LightSource::setZ):
        (WebCore::LightSource::setPointsAtX):
        (WebCore::LightSource::setPointsAtY):
        (WebCore::LightSource::setPointsAtZ):
        (WebCore::LightSource::setSpecularExponent):
        (WebCore::LightSource::setLimitingConeAngle):
        * platform/graphics/filters/LightSource.h:
        * platform/graphics/filters/PointLightSource.h:
        * platform/graphics/filters/SpotLightSource.h:
        * rendering/svg/RenderSVGResourceFilter.cpp:
        (WebCore::RenderSVGResourceFilter::primitiveAttributeChanged):
        * svg/SVGFEDiffuseLightingElement.cpp:
        (WebCore::SVGFEDiffuseLightingElement::setFilterEffectAttribute):
        (WebCore::SVGFEDiffuseLightingElement::lightElementAttributeChanged):
        (WebCore::SVGFEDiffuseLightingElement::build):
        (WebCore::SVGFEDiffuseLightingElement::findLightElement):
        (WebCore::SVGFEDiffuseLightingElement::findLight):
        * svg/SVGFEDiffuseLightingElement.h:
        * svg/SVGFELightElement.cpp:
        (WebCore::SVGFELightElement::svgAttributeChanged):
        * svg/SVGFilterPrimitiveStandardAttributes.cpp:
        (WebCore::SVGFilterPrimitiveStandardAttributes::setFilterEffectAttribute):
        * svg/SVGFilterPrimitiveStandardAttributes.h:

2011-02-01  Roland Steiner  <rolandsteiner@chromium.org>

        Reviewed by Dimitri Glazkov.

        Bug 53289 - DOM: Move DocumentOrderedMap from Document into separate files
        https://bugs.webkit.org/show_bug.cgi?id=53289

        Moving the nested class DocumentOrderedMap from Document into separate files,
        updating code where necessary.

        No new tests. (refactoring)

        * Android.mk:
        * CMakeLists.txt:
        * GNUMakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::getElementById):
        (WebCore::Document::getImageMap):
        * dom/Document.h:
        * dom/DocumentOrderedMap.cpp: Added.
        (WebCore::keyMatchesId):
        (WebCore::keyMatchesMapName):
        (WebCore::keyMatchesLowercasedMapName):
        (WebCore::DocumentOrderedMap::clear):
        (WebCore::DocumentOrderedMap::add):
        (WebCore::DocumentOrderedMap::remove):
        (WebCore::DocumentOrderedMap::get):
        (WebCore::DocumentOrderedMap::getElementById):
        (WebCore::DocumentOrderedMap::getElementByMapName):
        (WebCore::DocumentOrderedMap::getElementByLowercasedMapName):
        * dom/DocumentOrderedMap.h: Added.
        (WebCore::DocumentOrderedMap::contains):
        (WebCore::DocumentOrderedMap::containsMultiple):
        * dom/DOMAllInOne.cpp:

2011-02-01  Mario Sanchez Prada  <msanchez@igalia.com>

        Reviewed by Martin Robinson.

        [Gtk] atk_text_set_caret_offset fails for list items
        https://bugs.webkit.org/show_bug.cgi?id=53388

        Allow using text ranges across list items.

        * accessibility/gtk/AccessibilityObjectAtk.cpp:
        (WebCore::AccessibilityObject::allowsTextRanges): Add list items
        to the list of accessibility objects supporting text ranges.

2011-02-01  Mario Sanchez Prada  <msanchez@igalia.com>

        Reviewed by Martin Robinson.

        [GTK] character range extents is off when the end of a wrapped line is included
        https://bugs.webkit.org/show_bug.cgi?id=53323

        Fixed wrong calculation getting the range extents.

        * accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:
        (webkit_accessible_text_get_range_extents): Removed '+1' since the
        requested interval shouldn't include the last character.

2011-02-01  Mario Sanchez Prada  <msanchez@igalia.com>

        Reviewed by Martin Robinson.

        [GTK] Caret Offset is one off at the end of wrapped lines
        https://bugs.webkit.org/show_bug.cgi?id=53300

        Consider linebreaks as special cases.

        * accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:
        (objectAndOffsetUnignored): In order to avoid getting wrong values
        when around linebreaks, we need to workaround this by explicitly
        avoiding those '\n' text nodes from affecting the result of
        calling to TextIterator:rangeLength().

2011-02-01  Roland Steiner  <rolandsteiner@chromium.org>

        Unreviewed, rolling out r77229.
        http://trac.webkit.org/changeset/77229
        https://bugs.webkit.org/show_bug.cgi?id=53289

        revert mysterious build breakage

        * Android.mk:
        * CMakeLists.txt:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/DOMAllInOne.cpp:
        * dom/Document.cpp:
        (WebCore::Document::DocumentOrderedMap::clear):
        (WebCore::Document::DocumentOrderedMap::add):
        (WebCore::Document::DocumentOrderedMap::remove):
        (WebCore::Document::DocumentOrderedMap::get):
        (WebCore::keyMatchesId):
        (WebCore::Document::getElementById):
        (WebCore::keyMatchesMapName):
        (WebCore::keyMatchesLowercasedMapName):
        (WebCore::Document::getImageMap):
        * dom/Document.h:
        (WebCore::Document::DocumentOrderedMap::contains):
        (WebCore::Document::DocumentOrderedMap::containsMultiple):
        * dom/DocumentOrderedMap.cpp: Removed.
        * dom/DocumentOrderedMap.h: Removed.

2011-02-01  Mihai Parparita  <mihaip@chromium.org>

        Reviewed by James Robinson.

        Async event handlers should not fire within a modal dialog
        https://bugs.webkit.org/show_bug.cgi?id=53202

        Asychronous events that use EventQueue would currently fire while a
        modal dialog (e.g. window.alert()) was up. Change EventQueue to use a
        SuspendableTimer (which automatically gets suspended while dialogs are
        up and in other cases where JS execution is not allowed).
        
        Test: fast/events/scroll-event-during-modal-dialog.html

        * dom/Document.cpp:
        (WebCore::Document::Document):
        * dom/EventQueue.cpp:
        (WebCore::EventQueueTimer::EventQueueTimer):
        (WebCore::EventQueueTimer::fired):
        (WebCore::EventQueue::EventQueue):
        (WebCore::EventQueue::enqueueEvent):
        (WebCore::EventQueue::pendingEventTimerFired):
        * dom/EventQueue.h:
        (WebCore::EventQueue::create):

2011-02-01  Roland Steiner  <rolandsteiner@chromium.org>

        Reviewed by Dimitri Glazkov.

        Bug 53289 - DOM: Move DocumentOrderedMap from Document into separate files
        https://bugs.webkit.org/show_bug.cgi?id=53289

        Moving the nested class DocumentOrderedMap from Document into separate files,
        updating code where necessary.

        No new tests. (refactoring)

        * Android.mk:
        * CMakeLists.txt:
        * GNUMakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::getElementById):
        (WebCore::Document::getImageMap):
        * dom/Document.h:
        * dom/DocumentOrderedMap.cpp: Added.
        (WebCore::keyMatchesId):
        (WebCore::keyMatchesMapName):
        (WebCore::keyMatchesLowercasedMapName):
        (WebCore::DocumentOrderedMap::clear):
        (WebCore::DocumentOrderedMap::add):
        (WebCore::DocumentOrderedMap::remove):
        (WebCore::DocumentOrderedMap::get):
        (WebCore::DocumentOrderedMap::getElementById):
        (WebCore::DocumentOrderedMap::getElementByMapName):
        (WebCore::DocumentOrderedMap::getElementByLowercasedMapName):
        * dom/DocumentOrderedMap.h: Added.
        (WebCore::DocumentOrderedMap::contains):
        (WebCore::DocumentOrderedMap::containsMultiple):
        * dom/DOMAllInOne.cpp:

2011-02-01  Naoki Takano  <takano.naoki@gmail.com>

        Reviewed by Darin Fisher.

        [Chromium] Autofill should work with HTML5 form elements
        https://bugs.webkit.org/show_bug.cgi?id=51809
        http://crbug.com/65654

        No new tests, because this fix is for Chromium project and hard to test only in WebKit project.

        * html/InputType.h: Insert comment for canSetSuggestedValue().
        * html/TextFieldInputType.cpp:
        (WebCore::TextFieldInputType::canSetSuggestedValue): Implemented to return always true for that all text filed inputs can be completed.
        * html/TextFieldInputType.h: Declare canSetSuggestedValue().
        * html/TextInputType.cpp: Delete canSetSuggestedValue() not to return true anymore.
        * html/TextInputType.h: Delete canSetSuggestedValue() not to return true anymore.

2011-02-01  Kent Tamura  <tkent@chromium.org>

        Reviewed by Dan Bernstein.

        REGRESSION (r65062): Safari loops forever under WebCore::plainTextToMallocAllocatedBuffer()
        https://bugs.webkit.org/show_bug.cgi?id=53272

        * editing/TextIterator.cpp:
        (WebCore::TextIterator::handleTextBox): Pass the appropriate renderer to emitText().

2011-01-31  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Maciej Stachowiak.

        https://bugs.webkit.org/show_bug.cgi?id=53466
        Move WebKit2 to printing via API methods

        * WebCore.exp.in: Export IntRect::scale().

2011-01-31  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Adam Barth.

        Remove obsolete comment after r41871
        https://bugs.webkit.org/show_bug.cgi?id=53406

        * dom/Document.h:

2011-01-31  Simon Fraser  <simon.fraser@apple.com>

        Fix according to reviewer comments: can just use Color::black now.

        * platform/graphics/ShadowBlur.cpp:
        (WebCore::ShadowBlur::drawInsetShadow):
        (WebCore::ShadowBlur::drawRectShadowWithoutTiling):

2011-01-31  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Sam Weinig.

        Clean up ShadowBlur
        https://bugs.webkit.org/show_bug.cgi?id=53472

        Some minor ShadowBlur cleanup.

        * platform/graphics/ShadowBlur.h:
        * platform/graphics/ShadowBlur.cpp:
        (WebCore::ShadowBlur::ShadowBlur): Use m_blurRadius rather than the radius
        paramter.
        (WebCore::ShadowBlur::adjustBlurRadius): Renamed from adjustBlurDistance.
        (WebCore::ShadowBlur::calculateLayerBoundingRect): Rename layerFloatRect to
        layerRect. Make frameSize a float.
        (WebCore::ShadowBlur::beginShadowLayer): This now takes a precomputed
        layerRect rather than calling calculateLayerBoundingRect() to compute
        it itself, since we were calling calculateLayerBoundingRect() twice.
        (WebCore::ShadowBlur::drawRectShadow): Optimize to call calculateLayerBoundingRect()
        only once. The shadowRect variable was unused, so two return paths could be
        collapsed into one.
        (WebCore::ShadowBlur::drawInsetShadow): Call calculateLayerBoundingRect() before
        beginShadowLayer() now.
        (WebCore::ShadowBlur::drawRectShadowWithoutTiling): The layerRect gets passed in.
        We always used alpha=1, so no need to pass that in.
        (WebCore::ShadowBlur::drawRectShadowWithTiling): We always used alpha=1, so no need to
        pass that in. Move shadowRect down to first use.
        ShadowBlur::clipBounds() was unused.

2011-01-31  No'am Rosenthal  <noam.rosenthal@nokia.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] QWebElements example from QtWebKit Bridge documentation does not work at all
        https://bugs.webkit.org/show_bug.cgi?id=46748

        This problem disappears when we register QWebElement using qRegisterMetaType, which we now do in QtInstance.
        Added a regression test to tst_QWebFrame.

        * bridge/qt/qt_instance.cpp:
        (JSC::Bindings::QtInstance::QtInstance):

2011-01-27  MORITA Hajime  <morrita@google.com>

        Reviewed by Dimitri Glazkov.
        
        Convert <progress> shadow DOM to a DOM-based shadow.
        https://bugs.webkit.org/show_bug.cgi?id=50660

        * Removed RenderProgress::m_valuePart, moved the shadow node
          to the shadow root of HTMLProgressElement.
        * Removed hard-coded pseudo ID for -webkit-progress-bar-value.
          ProgressBarValueElement is defined only for overriding
          shadowPseudoId().
        
        No new tests. No behavioral change.

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::pseudoId):
        (WebCore::nameToPseudoTypeMap):
        (WebCore::CSSSelector::extractPseudoType):
        * css/CSSSelector.h:
        * html/HTMLProgressElement.cpp:
        (WebCore::ProgressBarValueElement::ProgressBarValueElement):
        (WebCore::ProgressBarValueElement::shadowPseudoId):
        (WebCore::ProgressBarValueElement::create):
        (WebCore::ProgressBarValueElement::detach):
        (WebCore::HTMLProgressElement::parseMappedAttribute):
        (WebCore::HTMLProgressElement::attach):
        (WebCore::HTMLProgressElement::valuePart):
        (WebCore::HTMLProgressElement::didElementStateChange):
        (WebCore::HTMLProgressElement::createShadowSubtreeIfNeeded):
        * html/HTMLProgressElement.h:
        * rendering/RenderProgress.cpp:
        (WebCore::RenderProgress::~RenderProgress):
        (WebCore::RenderProgress::updateFromElement):
        (WebCore::RenderProgress::layoutParts):
        (WebCore::RenderProgress::shouldHaveParts):
        (WebCore::RenderProgress::valuePart):
        * rendering/RenderProgress.h:
        * rendering/style/RenderStyleConstants.h:

2011-01-31  Charlie Reis  <creis@chromium.org>

        Reviewed by Mihai Parparita.

        Add sanity check to help diagnose bug 52819
        https://bugs.webkit.org/show_bug.cgi?id=53402

        Crash early if the children of fromItem look invalid.

        * loader/HistoryController.cpp:

2011-01-31  Kalle Vahlman  <kalle.vahlman@movial.com>

        Reviewed by Andreas Kling.

        [Qt] canvas.drawImage(HTMLVideoElement) doesn't work with Qt Multimedia backend
        https://bugs.webkit.org/show_bug.cgi?id=53325

        Reimplement paintCurrentFrameInContext() rather than delegate the
        rendering to paint() to make sure we really do get the video frame
        content into the GraphicsContext, regardless of accelerated
        compositing and the video scene state.

        * platform/graphics/qt/MediaPlayerPrivateQt.cpp:
        (WebCore::MediaPlayerPrivateQt::paintCurrentFrameInContext):
        * platform/graphics/qt/MediaPlayerPrivateQt.h:

2011-01-31  Emil A Eklund  <eae@chromium.org>

        Reviewed by Darin Adler.

        Setting "selected" attribute to false should have no effect in single line <select>
        https://bugs.webkit.org/show_bug.cgi?id=52436

        Change SelectElement::setSelectedIndex to select the first selectable
        option when the select state of all options is set to false as required
        by the HTML5 specification.

        Test: fast/dom/HTMLSelectElement/selected-false.html

        * dom/SelectElement.cpp:
        (WebCore::SelectElement::setSelectedIndex):

2011-01-31  Alexander Pavlov  <apavlov@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: Console source references need a left-margin
        https://bugs.webkit.org/show_bug.cgi?id=53308

        * inspector/front-end/inspector.css:
        (.console-message-url): Added a 4px margin on the left.

2011-01-31  Carol Szabo  <carol.szabo@nokia.com>

        Reviewed by David Hyatt.

        Code Changes only.

        It is needlessly expensive to find the generating node from an anonymous renderer of a pseudoelement.
        https://bugs.webkit.org/show_bug.cgi?id=53024

        No new tests. No change in functionality

        * rendering/RenderObject.h:
        (WebCore::RenderObject::before):
        (WebCore::RenderObject::after):
        (WebCore::RenderObject::generatingNode):
        Added new accessors for the use of the CSS 2.1 counters code
        (mainlyly)
        * rendering/RenderObjectChildList.cpp:
        (WebCore::beforeAfterContainer):
        (WebCore::RenderObjectChildList::invalidateCounters):
        (WebCore::RenderObjectChildList::before):
        (WebCore::RenderObjectChildList::after):
        Refactored the code to take advantage of the new accessors.
        (WebCore::RenderObjectChildList::updateBeforeAfterContent):
        Changed to store the generating node in the :before and :after
        renderers.
        * rendering/RenderObjectChildList.h:

2011-01-31  Krithigassree Sambamurthy  <krithigassree.sambamurthy@nokia.com>

        Reviewed by David Hyatt.

        Add background-clip to background shorthand
        https://bugs.webkit.org/show_bug.cgi?id=52080

        Added background-clip to background-shorthand. Also made changes to
        include webkitMaskClip to the mask shorthand to keep both in sync.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseFillShorthand):

2011-01-31  Darin Adler  <darin@apple.com>

        Reviewed by Adele Peterson.

        WKView should support scrollPageDown:, scrollPageUp:, scrollToBeg and other similar selectors
        https://bugs.webkit.org/show_bug.cgi?id=53460

        * editing/EditorCommand.cpp:
        (WebCore::executeScrollPageBackward): Added.
        (WebCore::executeScrollPageForward): Added.
        (WebCore::executeScrollToBeginningOfDocument): Added.
        (WebCore::executeScrollToEndOfDocument): Added.
        (WebCore::createCommandMap): Added the four commands above to the map.

2011-01-31  Dan Bernstein  <mitz@apple.com>

        Reviewed by Adele Peterson.

        Inter-ideograph justification should apply to hiragana and katakana as well
        https://bugs.webkit.org/show_bug.cgi?id=53464

        Changed the test for expansion opportunities from isCJKIdeograph() to isCJKIdeographOrSymbol().

        * platform/graphics/Font.cpp:
        (WebCore::Font::expansionOpportunityCount):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::advance):
        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::ComplexTextController::adjustGlyphsAndAdvances):

2011-01-31  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by James Robinson.

        REGRESSION(r76951): Appearance of media controls changed slightly on Qt/Chromium ports
        https://bugs.webkit.org/show_bug.cgi?id=53314

        Fixes media/controls-strict.html on Chromium.

        * css/mediaControlsChromium.css:
        (audio::-webkit-media-controls-timeline, video::-webkit-media-controls-timeline):
            Added proper box-sizing to avoid differences between strict/quirks mode.

2011-01-31  Kent Tamura  <tkent@chromium.org>

        Reviewed by Dimitri Glazkov.

        Validation message bubble shouldn't inherit text-security style
        https://bugs.webkit.org/show_bug.cgi?id=53457

        No new tests because the validation message feature depends on timers
        and is enabled only in Chromium port.

        * css/html.css:
        (::-webkit-validation-bubble): Reset -webkit-text-security.

2011-01-31  Michael Saboff  <msaboff@apple.com>

        Reviewed by Geoffrey Garen.

        Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
        https://bugs.webkit.org/show_bug.cgi?id=53271

        Reapplying this patch again. 
        The removal of this patch in <http://trac.webkit.org/changeset/77125>
        as part of https://bugs.webkit.org/show_bug.cgi?id=53418,
        removed the both the first (failing) patch (r76893) and this fixed 
        patch (r76969).  This patch includes slight changes necessitated by
        r77151.

        Reapplying this patch with the change that the second ASSERT in 
        RootObject::removeRuntimeObject was changed to use
        .uncheckedGet() instead of the failing .get().  The object in question
        could be in the process of being GC'ed.  The get() call will not return
        such an object while the uncheckedGet() call will return the (unsafe) 
        object.  This is the behavior we want.

        Precautionary change.
        Changed RootObject to use WeakGCMap instead of HashSet.
        Found will looking for another issue, but can't produce a test case
        that is problematic.  THerefore there aren't any new tests.

        * bridge/runtime_root.cpp:
        (JSC::Bindings::RootObject::invalidate):
        (JSC::Bindings::RootObject::addRuntimeObject):
        (JSC::Bindings::RootObject::removeRuntimeObject):
        * bridge/runtime_root.h:

2011-01-31  Andreas Kling  <kling@webkit.org>

        Unbreak Qt build after r77151.

        * bridge/qt/qt_instance.cpp:
        (JSC::Bindings::QtInstance::removeCachedMethod):
        (JSC::Bindings::QtInstance::markAggregate):

2011-01-31  takano takumi  <takano@apple.com>

        Reviewed by Dave Hyatt.

        Implement text-combine rendering code
        https://bugs.webkit.org/show_bug.cgi?id=50621

        Test: fast/text/international/text-combine-image-test.html

        * Android.mk: Added RenderCombineText.cpp/h
        * CMakeLists.txt: Added RenderCombineText.cpp/h
        * GNUmakefile.am: Added RenderCombineText.cpp/h
        * WebCore.exp.in:
        * WebCore.gypi: Added RenderCombineText.cpp/h
        * WebCore.pro: Added RenderCombineText.cpp/h
        * WebCore.vcproj/WebCore.vcproj: Added RenderCombineText.cpp/h
        * WebCore.xcodeproj/project.pbxproj: Added RenderCombineText.cpp/h
        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::getFontData):
        - Added fontDescription.widthVariant to SimpleFontData creation.
        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::applyProperty):
        - Changed to set "Unique" flag to RenderStyle in case of TextCombine.
        * dom/Text.cpp:
        (WebCore::Text::createRenderer):
        - Changed to create RenderCombineText in case of TextCombine.
        * loader/cache/CachedFont.cpp:
        (WebCore::CachedFont::platformDataFromCustomData):
        - Added FontWidthVariant as an argument for FontPlatformData creation.
        * loader/cache/CachedFont.h:
        - Ditto.
        * platform/graphics/Font.h:
        (WebCore::Font::widthVariant):
        - The accessor to FontWidthVariant member variable.
        * platform/graphics/FontCache.cpp:
        - Made cache to incorporate FontWidthVariant value.
        (WebCore::FontPlatformDataCacheKey::FontPlatformDataCacheKey):
        (WebCore::FontPlatformDataCacheKey::operator==):
        (WebCore::computeHash):
        (WebCore::FontCache::getCachedFontPlatformData):
        * platform/graphics/FontDescription.h:
        - Add a member variable that holds a width variant - none, half-width, third-width, and quarter-width.
        (WebCore::FontDescription::FontDescription):
        (WebCore::FontDescription::widthVariant):
        (WebCore::FontDescription::setWidthVariant):
        (WebCore::FontDescription::operator==):
        * platform/graphics/FontWidthVariant.h: Added.
        * platform/graphics/cairo/FontCustomPlatformData.h:
        - Changed to carry FontWidthVariant value.
        * platform/graphics/cocoa/FontPlatformData.h:
        - Changed to carry FontWidthVariant value.
        (WebCore::FontPlatformData::FontPlatformData):
        (WebCore::FontPlatformData::widthVariant):
        (WebCore::FontPlatformData::hash):
        (WebCore::FontPlatformData::operator==):
        * platform/graphics/cocoa/FontPlatformDataCocoa.mm:
        (WebCore::FontPlatformData::FontPlatformData):
        - Changed to carry FontWidthVariant value.
        (WebCore::FontPlatformData::operator=):
        - Ditto.
        (WebCore::mapFontWidthVariantToCTFeatureSelector):
        - A function to map a FontWidthVariant value to a CoreText's text spacing feature selector.
        (WebCore::FontPlatformData::ctFont):
        - Changed to create CTFont with text spacing variant based on FontWidthVariant.
        * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Changed to carry FontWidthVariant value.
        * platform/graphics/haiku/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Changed to carry FontWidthVariant value.
        * platform/graphics/haiku/FontCustomPlatformData.h:
        * platform/graphics/mac/FontCacheMac.mm:
        (WebCore::FontCache::createFontPlatformData):
        - Changed to carry FontWidthVariant value.
        * platform/graphics/mac/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Changed to carry FontWidthVariant value.
        * platform/graphics/mac/FontCustomPlatformData.h:
        - Ditto.
        * platform/graphics/mac/GlyphPageTreeNodeMac.cpp:
        (WebCore::shouldUseCoreText):
        - Changed to skip CT path when width variant is specified.
        * platform/graphics/pango/FontCustomPlatformDataPango.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Ditto.
        * platform/graphics/qt/FontCustomPlatformData.h:
        - Ditto.
        * platform/graphics/qt/FontCustomPlatformDataQt.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Ditto.
        * platform/graphics/skia/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Ditto.
        * platform/graphics/skia/FontCustomPlatformData.h:
        - Ditto.
        * platform/graphics/win/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Ditto.
        * platform/graphics/win/FontCustomPlatformData.h:
        - Ditto.
        * platform/graphics/win/FontCustomPlatformDataCairo.cpp:
        - Ditto.
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Ditto.
        * platform/graphics/win/FontCustomPlatformDataCairo.h:
        - Ditto.
        * platform/graphics/wince/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Ditto.
        * platform/graphics/wince/FontCustomPlatformData.h:
        - Ditto.
        * platform/graphics/wx/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Ditto.
        * platform/graphics/wx/FontCustomPlatformData.h:
        - Ditto.
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paint):
        - In case of RenderCombineText, we don't rotate text even in vertical writing. Also, we render original text
        instead of text returned from text().
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::computeInlinePreferredLogicalWidths):
        - Made to call RenderCombinedText's prepareTextCombine() here.
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::textWidth):
        - Made to always use the render object's width() in case of TextCombine.
        (WebCore::RenderBlock::findNextLineBreak):
        - Made to call RenderCombinedText's prepareTextCombine() here.
        * rendering/RenderCombineText.cpp: Added. A subclass of RenderText.
        (WebCore::RenderCombineText::RenderCombineText):
        (WebCore::RenderCombineText::styleDidChange):
        - Clear the flag that indicated the font has been prepared for combining. The font will be reinitialized in
        the next call of RenderBlock::findNextLineBreak().
        (WebCore::RenderCombineText::setTextInternal):
        - Ditto.
        (WebCore::RenderCombineText::width):
        - Returns 1-em width in case of font combine.
        (WebCore::RenderCombineText::adjustTextOrigin):
        - Adjust drawing origin point in case of font combine.
        (WebCore::RenderCombineText::charactersToRender):
        - Return original text instead of current text in case of font combine.
        (WebCore::RenderCombineText::combineText):
        - This function tries to pack passed text with; 1) the current font as is, 2) the font created
        from the descriptor with half-width variant specified, 3) the font with third-width variant, 4) the font
        with quarter-width variant.
        - If a suitable font successfully found, replace the current font with the new font. If no appropriate font found,
        we give up text-combine as the CSS spec describes.
        - If a new font found, we replace the text with 0xFFFC. This is needed for a combined text block to be able to
        behave like a single character against text decorations.
        * rendering/RenderCombineText.h: Added.
        (WebCore::RenderCombineText::isCombined):
        (WebCore::RenderCombineText::combinedTextWidth):
        - Returns 1-em width in case of font combine.
        (WebCore::RenderCombineText::renderName):
        (WebCore::toRenderCombineText):
        * rendering/RenderText.cpp:
        (WebCore::RenderText::widthFromCache):
        - Made to call RenderCombineText's combinedTextWidth when the text is combined.
        * rendering/RenderingAllInOne.cpp: Added RenderCombineText.cpp
        * rendering/style/RenderStyle.h:
        (WebCore::InheritedFlags::hasTextCombine):
        - Added for a quick test of TextCombine.

2011-01-31  Oliver Hunt  <oliver@apple.com>

        Convert markstack to a slot visitor API
        https://bugs.webkit.org/show_bug.cgi?id=53219

        rolling r77098, r77099, r77100, r77109, and
        r77111 back in, along with a few more Qt fix attempts.

        * ForwardingHeaders/runtime/WriteBarrier.h: Added.
        * WebCore.exp.in:
        * bindings/js/DOMWrapperWorld.h:
        (WebCore::DOMWrapperWorld::globalData):
        * bindings/js/JSAudioConstructor.cpp:
        (WebCore::JSAudioConstructor::JSAudioConstructor):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::markDOMNodesForDocument):
        (WebCore::markDOMObjectWrapper):
        (WebCore::markDOMNodeWrapper):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::markChildren):
        (WebCore::JSDOMGlobalObject::setInjectedScript):
        (WebCore::JSDOMGlobalObject::injectedScript):
        * bindings/js/JSDOMGlobalObject.h:
        (WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData::JSDOMGlobalObjectData):
        (WebCore::getDOMConstructor):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setLocation):
        (WebCore::DialogHandler::dialogCreated):
        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::JSDOMWindowShell):
        (WebCore::JSDOMWindowShell::setWindow):
        (WebCore::JSDOMWindowShell::markChildren):
        (WebCore::JSDOMWindowShell::unwrappedObject):
        * bindings/js/JSDOMWindowShell.h:
        (WebCore::JSDOMWindowShell::window):
        (WebCore::JSDOMWindowShell::setWindow):
        * bindings/js/JSDeviceMotionEventCustom.cpp:
        (WebCore::createAccelerationObject):
        (WebCore::createRotationRateObject):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::JSEventListener):
        (WebCore::JSEventListener::markJSFunction):
        * bindings/js/JSEventListener.h:
        (WebCore::JSEventListener::jsFunction):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::setAll):
        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::JSImageConstructor):
        * bindings/js/JSImageDataCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSJavaScriptCallFrameCustom.cpp:
        (WebCore::JSJavaScriptCallFrame::scopeChain):
        (WebCore::JSJavaScriptCallFrame::scopeType):
        * bindings/js/JSNodeFilterCondition.cpp:
        (WebCore::JSNodeFilterCondition::markAggregate):
        (WebCore::JSNodeFilterCondition::acceptNode):
        * bindings/js/JSNodeFilterCondition.h:
        * bindings/js/JSNodeFilterCustom.cpp:
        * bindings/js/JSOptionConstructor.cpp:
        (WebCore::JSOptionConstructor::JSOptionConstructor):
        * bindings/js/JSSQLResultSetRowListCustom.cpp:
        (WebCore::JSSQLResultSetRowList::item):
        * bindings/js/ScriptCachedFrameData.cpp:
        (WebCore::ScriptCachedFrameData::restore):
        * bindings/js/ScriptObject.cpp:
        (WebCore::ScriptGlobalObject::set):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::putProperty):
        * bindings/scripts/CodeGeneratorJS.pm:
        * bridge/qt/qt_class.cpp:
        (JSC::Bindings::QtClass::fallbackObject):
        * bridge/qt/qt_instance.cpp:
        (JSC::Bindings::QtInstance::QtInstance):
        (JSC::Bindings::QtInstance::removeCachedMethod):
        (JSC::Bindings::QtInstance::markAggregate):
        * bridge/qt/qt_instance.h:
        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
        (JSC::Bindings::QtRuntimeMetaMethod::markChildren):
        (JSC::Bindings::QtRuntimeMetaMethod::connectGetter):
        (JSC::Bindings::QtRuntimeMetaMethod::disconnectGetter):
        * bridge/qt/qt_runtime.h:
        * dom/Document.h:

2011-01-31  Dan Winship  <danw@gnome.org>

        Reviewed by Gustavo Noronha Silva.

        wss (websockets ssl) support for gtk via new gio TLS support
        https://bugs.webkit.org/show_bug.cgi?id=50344

        Update to use GPollableOutputStream and GTlsConnection to
        implement wss URLs

        * platform/network/soup/SocketStreamHandle.h:
        * platform/network/soup/SocketStreamHandleSoup.cpp:
        (WebCore::SocketStreamHandle::SocketStreamHandle):
        (WebCore::SocketStreamHandle::connected):
        (WebCore::SocketStreamHandle::platformSend):
        (WebCore::SocketStreamHandle::beginWaitingForSocketWritability):
        (WebCore::writeReadyCallback):

2011-01-31  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dimitri Glazkov.

        Check the textarea node still exists in document before casting
        it to HTMLTextAreaElement.
        https://bugs.webkit.org/show_bug.cgi?id=53429

        Test: fast/forms/textarea-node-removed-from-document-crash.html

        * rendering/RenderTextControlMultiLine.cpp:
        (WebCore::RenderTextControlMultiLine::~RenderTextControlMultiLine):

2011-01-27  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dave Hyatt.

        If beforeChild is wrapped in an anonymous table section, we need to
        go the parent to find it and use it before adding childs to table.
        https://bugs.webkit.org/show_bug.cgi?id=53276

        We need to make sure that beforeChild's parent is "this" before calling
        RenderBox::addChild. The previous condition in while is too restrictive
        and fails to calculate the right beforeChild value when its display
        style is table caption.
        Test: fast/table/before-child-non-table-section-add-table-crash.html

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::addChild):

2011-01-31  Shane Stephens  <shanestephens@google.com>

        Reviewed by Simon Fraser.

        AffineTransform::translateRight incorrectly computes a translateLeft.
        https://bugs.webkit.org/show_bug.cgi?id=52551

        Removed translateRight and converted all uses to perform standard
        matrix multiplication.

        No new tests because patch doesn't modify functionality.

        * platform/graphics/transforms/AffineTransform.cpp:
        * platform/graphics/transforms/AffineTransform.h:
        (WebCore::AffineTransform::translation):
        * rendering/svg/RenderSVGResourceMarker.cpp:
        (WebCore::RenderSVGResourceMarker::localToParentTransform):
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::localToRepaintContainerTransform):
        (WebCore::RenderSVGRoot::localToParentTransform):
        * rendering/svg/RenderSVGViewportContainer.cpp:
        (WebCore::RenderSVGViewportContainer::localToParentTransform):
        * rendering/svg/SVGTextLayoutEngine.cpp:
        (WebCore::SVGTextLayoutEngine::finalizeTransformMatrices):

2011-01-31  Mario Sanchez Prada  <msanchez@igalia.com>

        Reviewed by Martin Robinson.

        [Gtk] atk_text_set_caret_offset returns True even when it is unsuccessful
        https://bugs.webkit.org/show_bug.cgi?id=53389

        Return FALSE when not able to set the caret at the specified offset.

        * accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:
        (webkit_accessible_text_set_caret_offset): Return FALSE when the
        range created is NULL and adjust offset to account for list markers.

2011-01-28  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: copy HAR to clipboard instead of saving blob on export.
        https://bugs.webkit.org/show_bug.cgi?id=53328

        * inspector/front-end/NetworkPanel.js:
        (WebInspector.NetworkPanel.prototype._exportAll):
        (WebInspector.NetworkPanel.prototype._exportResource):

2011-01-30  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: speed up network panel rendering.
        https://bugs.webkit.org/show_bug.cgi?id=53397

        * inspector/front-end/DataGrid.js:
        (WebInspector.DataGrid.prototype.get scrollContainer):
        * inspector/front-end/NetworkPanel.js:
        (WebInspector.NetworkPanel.prototype.elementsToRestoreScrollPositionsFor):
        (WebInspector.NetworkPanel.prototype._positionSummaryBar):
        (WebInspector.NetworkPanel.prototype._createTable):
        (WebInspector.NetworkPanel.prototype._exportResource):
        (WebInspector.NetworkPanel.prototype._onScroll):
        * inspector/front-end/networkPanel.css:
        (.network-sidebar .data-grid.small tr.offscreen):
        (.network-sidebar .data-grid tr.offscreen):
        (.network-sidebar .data-grid tr.offscreen td):

2011-01-31  Peter Varga  <pvarga@webkit.org>

        Reviewed by Andreas Kling.

        Remove wrec from WebCore
        https://bugs.webkit.org/show_bug.cgi?id=53298

        No new tests needed.

        * Android.jscbindings.mk:
        * ForwardingHeaders/wrec/WREC.h: Removed.
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.vcproj/copyForwardingHeaders.cmd:

2011-01-31  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r76969.
        http://trac.webkit.org/changeset/76969
        https://bugs.webkit.org/show_bug.cgi?id=53418

        "It is causing crashes in GTK+ and Leopard bots" (Requested by
        alexg__ on #webkit).

        * bridge/runtime_root.cpp:
        (JSC::Bindings::RootObject::invalidate):
        (JSC::Bindings::RootObject::addRuntimeObject):
        (JSC::Bindings::RootObject::removeRuntimeObject):
        * bridge/runtime_root.h:

2011-01-31  Antti Koivisto  <antti@apple.com>

        Not reviewed.

        Spelling.

        * css/CSSSelectorList.h:
        (WebCore::CSSSelectorList::next):

2011-01-31  Yury Semikhatsky  <yurys@chromium.org>

        Unreviewed. Fix Chromium compilation on Linux.

        * platform/graphics/ShadowBlur.cpp: added PLATFORM(CHROMIUM) guard
        * platform/graphics/ShadowBlur.h: added missing ColorSpace.h header include

2011-01-31  Yury Semikhatsky  <yurys@chromium.org>

        Unreviewed. Fix Chromium compilation on Mac broken by r77101.

        * WebCore.gypi: add ShadowBlur.{h,cpp} to the gypi file.

2011-01-31  Mikhail Naganov  <mnaganov@chromium.org>

        Reviewed by Yury Semikhatsky.

        WebInspector: Change button title from "Clear CPU profiles" to "Clear all profiles".

        https://bugs.webkit.org/show_bug.cgi?id=53309

        * English.lproj/localizedStrings.js:
        * inspector/front-end/ProfilesPanel.js:
        (WebInspector.ProfilesPanel):

2011-01-31  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed, fix the build with current GTK+ 3.x.

        * plugins/gtk/gtk2xtbin.c:
        * plugins/gtk/gtk2xtbin.h:

2011-01-30  Kenichi Ishibashi  <bashi@google.com>

        Reviewed by Kent Tamura.

        Dangling form associated elements should not be registered on the document
        https://bugs.webkit.org/show_bug.cgi?id=53223

        Adds insertedIntoDocument() and remvoedFromDocument() to
        FormAssociatedElement class to register the element on the document
        if and only if it actually inserted into (removed from) the document.

        Test: fast/forms/dangling-form-element-crash.html

        * html/FormAssociatedElement.cpp:
        (WebCore::FormAssociatedElement::insertedIntoDocument): Added.
        (WebCore::FormAssociatedElement::removedFromDocument): Ditto.
        (WebCore::FormAssociatedElement::insertedIntoTree): Don't register
        the element to a document.
        (WebCore::FormAssociatedElement::removedFromTree): Don't unregister
        the element from a document.
        * html/FormAssociatedElement.h:
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::insertedIntoDocument): Added.
        (WebCore::HTMLFormControlElement::removedFromDocument): Ditto.
        * html/HTMLFormControlElement.h:
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::insertedIntoDocument): Calls
        FormAssociatedElement::insertedIntoDocument().
        (WebCore::HTMLObjectElement::removedFromDocument): Calls
        FormAssociatedElement::removedFromDocument().

2011-01-30  Csaba Osztrogonác  <ossy@webkit.org>

        Unreviewed, rolling out r77098, r77099, r77100, r77109, and
        r77111.
        http://trac.webkit.org/changeset/77098
        http://trac.webkit.org/changeset/77099
        http://trac.webkit.org/changeset/77100
        http://trac.webkit.org/changeset/77109
        http://trac.webkit.org/changeset/77111
        https://bugs.webkit.org/show_bug.cgi?id=53219

        Qt build is broken

        * ForwardingHeaders/runtime/WriteBarrier.h: Removed.
        * WebCore.exp.in:
        * bindings/js/DOMWrapperWorld.h:
        * bindings/js/JSAudioConstructor.cpp:
        (WebCore::JSAudioConstructor::JSAudioConstructor):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::markDOMNodesForDocument):
        (WebCore::markDOMObjectWrapper):
        (WebCore::markDOMNodeWrapper):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::markChildren):
        (WebCore::JSDOMGlobalObject::setInjectedScript):
        (WebCore::JSDOMGlobalObject::injectedScript):
        * bindings/js/JSDOMGlobalObject.h:
        (WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData::JSDOMGlobalObjectData):
        (WebCore::getDOMConstructor):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setLocation):
        (WebCore::DialogHandler::dialogCreated):
        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::JSDOMWindowShell):
        (WebCore::JSDOMWindowShell::setWindow):
        (WebCore::JSDOMWindowShell::markChildren):
        (WebCore::JSDOMWindowShell::unwrappedObject):
        * bindings/js/JSDOMWindowShell.h:
        (WebCore::JSDOMWindowShell::window):
        (WebCore::JSDOMWindowShell::setWindow):
        * bindings/js/JSDeviceMotionEventCustom.cpp:
        (WebCore::createAccelerationObject):
        (WebCore::createRotationRateObject):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::JSEventListener):
        (WebCore::JSEventListener::markJSFunction):
        * bindings/js/JSEventListener.h:
        (WebCore::JSEventListener::jsFunction):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::setAll):
        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::JSImageConstructor):
        * bindings/js/JSImageDataCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSJavaScriptCallFrameCustom.cpp:
        (WebCore::JSJavaScriptCallFrame::scopeChain):
        (WebCore::JSJavaScriptCallFrame::scopeType):
        * bindings/js/JSNodeFilterCondition.cpp:
        (WebCore::JSNodeFilterCondition::markAggregate):
        (WebCore::JSNodeFilterCondition::acceptNode):
        * bindings/js/JSNodeFilterCondition.h:
        * bindings/js/JSNodeFilterCustom.cpp:
        * bindings/js/JSOptionConstructor.cpp:
        (WebCore::JSOptionConstructor::JSOptionConstructor):
        * bindings/js/JSSQLResultSetRowListCustom.cpp:
        (WebCore::JSSQLResultSetRowList::item):
        * bindings/js/ScriptCachedFrameData.cpp:
        (WebCore::ScriptCachedFrameData::restore):
        * bindings/js/ScriptObject.cpp:
        (WebCore::ScriptGlobalObject::set):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::putProperty):
        * bindings/scripts/CodeGeneratorJS.pm:
        * bridge/qt/qt_instance.cpp:
        (JSC::Bindings::QtInstance::QtInstance):
        (JSC::Bindings::QtInstance::removeCachedMethod):
        (JSC::Bindings::QtInstance::markAggregate):
        * bridge/qt/qt_instance.h:
        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
        (JSC::Bindings::QtRuntimeMetaMethod::markChildren):
        (JSC::Bindings::QtRuntimeMetaMethod::connectGetter):
        (JSC::Bindings::QtRuntimeMetaMethod::disconnectGetter):
        * bridge/qt/qt_runtime.h:
        * bridge/runtime_root.cpp:
        (JSC::Bindings::RootObject::invalidate):
        * bridge/runtime_root.h:
        * dom/Document.h:

2011-01-30  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r77107.
        http://trac.webkit.org/changeset/77107
        https://bugs.webkit.org/show_bug.cgi?id=53412

        Caused 5 new form-related test crashes (Requested by smfr on
        #webkit).

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::pseudoId):
        (WebCore::nameToPseudoTypeMap):
        (WebCore::CSSSelector::extractPseudoType):
        * css/CSSSelector.h:
        * html/HTMLProgressElement.cpp:
        (WebCore::HTMLProgressElement::parseMappedAttribute):
        (WebCore::HTMLProgressElement::attach):
        * html/HTMLProgressElement.h:
        * rendering/RenderProgress.cpp:
        (WebCore::RenderProgress::~RenderProgress):
        (WebCore::RenderProgress::updateFromElement):
        (WebCore::RenderProgress::layoutParts):
        (WebCore::RenderProgress::shouldHaveParts):
        * rendering/RenderProgress.h:
        * rendering/style/RenderStyleConstants.h:

2011-01-30  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Sam Weinig.

        Enhance ShadowBlur to render inset box shadows
        https://bugs.webkit.org/show_bug.cgi?id=51567
        
        Use ShadowBlur for inset box-shadows with CG. It 
        currently lacks a tiled version, but is still much
        faster than CG shadows.

        Test: fast/box-shadow/inset-box-shadow-radius.html

        * platform/graphics/ShadowBlur.cpp:
        * platform/graphics/ShadowBlur.h: New method for inset
        shadows.
        (WebCore::ShadowBlur::drawInsetShadow): 

        * platform/graphics/GraphicsContext.cpp: #ifdef out
        fillRectWithRoundedHole() for CG.

        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::fillRectWithRoundedHole): If there's
        a shadow with a radius > 0, use ShadowBlur.

2011-01-28  Kenneth Russell  <kbr@google.com>

        Reviewed by Chris Marrin.

        WebGL shows PNG Textures with indexed colors too dark
        https://bugs.webkit.org/show_bug.cgi?id=47477

        Properly handle indexed PNG images by re-rendering them as RGBA
        images before upload. Verified with this layout test and the test
        cases from bugs 47477 and 53269.

        * platform/graphics/cg/GraphicsContext3DCG.cpp:
        (WebCore::GraphicsContext3D::getImageData):

2011-01-27  MORITA Hajime  <morrita@google.com>

        Reviewed by Dimitri Glazkov.
        
        Convert <progress> shadow DOM to a DOM-based shadow.
        https://bugs.webkit.org/show_bug.cgi?id=50660

        * Removed RenderProgress::m_valuePart, moved the shadow node
          to the shadow root of HTMLProgressElement.
        * Removed hard-coded pseudo ID for -webkit-progress-bar-value.
          ProgressBarValueElement is defined only for overriding
          shadowPseudoId().
        
        No new tests. No behavioral change.

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::pseudoId):
        (WebCore::nameToPseudoTypeMap):
        (WebCore::CSSSelector::extractPseudoType):
        * css/CSSSelector.h:
        * html/HTMLProgressElement.cpp:
        (WebCore::ProgressBarValueElement::ProgressBarValueElement):
        (WebCore::ProgressBarValueElement::shadowPseudoId):
        (WebCore::ProgressBarValueElement::create):
        (WebCore::HTMLProgressElement::parseMappedAttribute):
        (WebCore::HTMLProgressElement::attach):
        (WebCore::HTMLProgressElement::valuePart):
        (WebCore::HTMLProgressElement::didElementStateChange):
        (WebCore::HTMLProgressElement::createShadowSubtreeIfNeeded):
        * html/HTMLProgressElement.h:
        * rendering/RenderProgress.cpp:
        (WebCore::RenderProgress::~RenderProgress):
        (WebCore::RenderProgress::updateFromElement):
        (WebCore::RenderProgress::layoutParts):
        (WebCore::RenderProgress::shouldHaveParts):
        (WebCo