2011-02-05 Robert Hogan <robert@webkit.org>
[WebKit.git] / Source / WebCore / ChangeLog
1 2011-02-05  Robert Hogan  <robert@webkit.org>
2
3         Reviewed by Antonio Gomes.
4
5         [Qt] Style widgets not rendering
6         https://bugs.webkit.org/show_bug.cgi?id=53849
7
8         * html/HTMLObjectElement.cpp:
9         (WebCore::HTMLObjectElement::hasValidClassId): x-qt-styled-widget is a valid class id too
10
11 2011-02-05  Jochen Eisinger  <jochen@chromium.org>
12
13         Reviewed by Adam Barth.
14
15         Add ContentSecurityPolicy object to Document and pass the X-WebKit-CSP header from the MainResourceLoader.
16         https://bugs.webkit.org/show_bug.cgi?id=53685
17
18         * WebCore.xcodeproj/project.pbxproj:
19         * dom/Document.h:
20         (WebCore::Document::contentSecurityPolicy):
21         * loader/MainResourceLoader.cpp:
22         (WebCore::MainResourceLoader::didReceiveResponse):
23         * page/ContentSecurityPolicy.cpp:
24         (WebCore::ContentSecurityPolicy::didReceiveHeader):
25         * page/ContentSecurityPolicy.h:
26
27 2011-02-05  Eric Seidel  <eric@webkit.org>
28
29         Reviewed by Adam Barth.
30
31         Safari should lowercase schemes in cannonicalized urls to match every other browser
32         https://bugs.webkit.org/show_bug.cgi?id=53848
33
34         We're clearly the odd man out here.  See results from every browser at:
35         https://github.com/abarth/url-spec/blob/master/tests/gurl-results/by-browser.txt
36
37         * platform/KURL.cpp:
38         (WebCore::KURL::parse):
39          - Just lowercase the scheme when copying.
40
41 2011-02-05  Antti Koivisto  <antti@apple.com>
42
43         Reviewed by Dave Hyatt.
44
45         Optimize matching of descendant selectors
46         https://bugs.webkit.org/show_bug.cgi?id=49876
47         <rdar://problem/8772822>
48         
49         During style recalculation, maintain a filter of tags, ids and classes seen in ancestor elements.
50         Use the filter to quickly reject descendant and child selectors when doing style matching.
51
52         This speeds up style recalculations 3-6x on many major web sites.
53
54         * css/CSSStyleSelector.cpp:
55         (WebCore::RuleData::RuleData):
56         (WebCore::RuleData::descendantSelectorIdentifierHashes):
57         (WebCore::collectElementIdentifiers):
58         (WebCore::CSSStyleSelector::pushParent):
59         (WebCore::CSSStyleSelector::popParent):
60         (WebCore::CSSStyleSelector::fastRejectSelector):
61         (WebCore::CSSStyleSelector::matchRulesForList):
62         (WebCore::RuleData::collectDescendantSelectorIdentifierHashes):
63         * css/CSSStyleSelector.h:
64         (WebCore::CSSStyleSelector::ParentStackFrame::ParentStackFrame):
65         * dom/Element.cpp:
66         (WebCore::StyleSelectorParentPusher::StyleSelectorParentPusher):
67         (WebCore::StyleSelectorParentPusher::push):
68         (WebCore::StyleSelectorParentPusher::~StyleSelectorParentPusher):
69         (WebCore::Element::attach):
70         (WebCore::Element::recalcStyle):
71
72 2011-02-05  Nate Chapin  <japhet@chromium.org>
73
74         Reviewed by Adam Barth.
75
76         Refactor: NotificationCenter shouldn't hold its own copy of the ScriptExecutionContext*
77         when it inherits one from ActiveDOMObject.
78         https://bugs.webkit.org/show_bug.cgi?id=53815
79
80         * bindings/js/JSDesktopNotificationsCustom.cpp:
81         (WebCore::JSNotificationCenter::requestPermission):
82         * bindings/v8/custom/V8NotificationCenterCustom.cpp:
83         (WebCore::V8NotificationCenter::requestPermissionCallback):
84         * notifications/NotificationCenter.cpp:
85         (WebCore::NotificationCenter::NotificationCenter):
86         (WebCore::NotificationCenter::checkPermission):
87         (WebCore::NotificationCenter::requestPermission):
88         (WebCore::NotificationCenter::disconnectFrame):
89         * notifications/NotificationCenter.h:
90         (WebCore::NotificationCenter::createHTMLNotification):
91         (WebCore::NotificationCenter::createNotification):
92
93 2011-02-04  Adam Barth  <abarth@webkit.org>
94
95         Reviewed by Maciej Stachowiak.
96
97         Crash in WebCore::TextEncoding::decode below XSSFilter::init
98         https://bugs.webkit.org/show_bug.cgi?id=53837
99
100         Add missing null check.
101
102         Test: http/tests/security/xssAuditor/non-block-javascript-url-frame.html
103
104         * html/parser/XSSFilter.cpp:
105         (WebCore::XSSFilter::init):
106
107 2011-02-04  Simon Fraser  <simon.fraser@apple.com>
108
109         Reviewed by Dan Bernstein.
110
111         Crashes in ShadowBlur via WebKit2 FindController
112         https://bugs.webkit.org/show_bug.cgi?id=53830
113         
114         Fix a crash cause by re-entering ShadowBlur, and add assertions to
115         detect when it happens.
116         
117         The re-entrancy occurred when drawRectShadowWithTiling() filled
118         the interior of the shadow with fillRect() on the context
119         which still had the shadow state set. This would make another ShadowBlur
120         on the stack and call into the code again, potentially blowing away
121         the image buffer.
122         
123         Fix by turning off shadows in the destination context while we're
124         drawing the tiled shadow. The non-tiled code path already did this.
125
126         Not testable because CSS shadows clip out the inside of the rect
127         being shadowed, and SVG uses fillPath, even for rects.
128
129         * platform/graphics/ShadowBlur.cpp:
130         (WebCore::ScratchBuffer::ScratchBuffer):
131         (WebCore::ScratchBuffer::getScratchBuffer):
132         (WebCore::ScratchBuffer::scheduleScratchBufferPurge):
133         (WebCore::ShadowBlur::ShadowBlur):
134         (WebCore::ShadowBlur::drawRectShadowWithTiling):
135
136 2011-02-04  Carlos Garcia Campos  <cgarcia@igalia.com>
137
138         Reviewed by Martin Robinson.
139
140         [GTK] Don't use a fixed size for search field icons
141         https://bugs.webkit.org/show_bug.cgi?id=50624
142
143         Use the parent input content box to make sure the icon fits in the
144         search field, scaling it down when needed.
145
146         * platform/gtk/RenderThemeGtk.cpp:
147         (WebCore::paintGdkPixbuf):
148         (WebCore::getIconSizeForPixelSize):
149         (WebCore::adjustSearchFieldIconStyle):
150         (WebCore::RenderThemeGtk::adjustSearchFieldResultsDecorationStyle):
151         (WebCore::centerRectVerticallyInParentInputElement):
152         (WebCore::RenderThemeGtk::paintSearchFieldResultsDecoration):
153         (WebCore::RenderThemeGtk::adjustSearchFieldCancelButtonStyle):
154         (WebCore::RenderThemeGtk::paintSearchFieldCancelButton):
155         (WebCore::RenderThemeGtk::paintCapsLockIndicator):
156         (WebCore::RenderThemeGtk::paintMediaButton):
157
158 2011-02-04  Hironori Bono  <hbono@chromium.org>
159
160         Reviewed by Adam Barth.
161
162         [chromium] JPEG corruption
163         https://bugs.webkit.org/show_bug.cgi?id=53250
164
165         Same as gray-scale JPEGs, we convert the colors of CMYK JPEGs with color
166         profiles from CMYK to RGB twice and it causes color corruption. This
167         change suppresses the color profiles for CMYK JPEGs same as gray-scale
168         ones.
169
170         Test: fast/images/cmyk-jpeg-with-color-profile.html
171
172         * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
173         (WebCore::JPEGImageReader::decode):
174
175 2011-02-04  Xiyuan Xia  <xiyuan@chromium.org>
176
177         Reviewed by Tony Chang.
178
179         [Chromium] Option text in select popup does not align with menulist button text
180         https://bugs.webkit.org/show_bug.cgi?id=53632
181
182         This makes clientPaddingLeft and  clientPaddingRight return
183         the additional m_innerBlock's padding so that the popup item text
184         aligns with the menulist button text.
185
186         * rendering/RenderMenuList.cpp:
187         (WebCore::RenderMenuList::clientPaddingLeft):
188         (WebCore::RenderMenuList::clientPaddingRight):
189
190 2011-02-04  Anders Carlsson  <andersca@apple.com>
191
192         Reviewed by Sam Weinig and Beth Dakin.
193
194         REGRESSION: Horizontal scrollbar thumbs leave artifacts over page content when scrolling vertically
195         <rdar://problem/8962457>
196
197         * platform/ScrollView.cpp:
198         (WebCore::ScrollView::scrollContents):
199         Subtract scrollbars from the scroll view rect if overlay scrollers are enabled.
200         
201         * platform/ScrollableArea.cpp:
202         (WebCore::ScrollableArea::setScrollOffsetFromAnimation):
203         Make sure to invalidate both scrollbars if overlay scrollers are enabled.
204
205 2011-02-04  Adam Barth  <abarth@webkit.org>
206
207         Reviewed by Eric Seidel.
208
209         PluginDocuments don't create widgets for plugins on back/forward
210         https://bugs.webkit.org/show_bug.cgi?id=53474
211
212         Long ago, PluginDocument always caused the HTMLEmbedElement to create
213         its widget synchronously during a post-layout task.  Recently, however,
214         some changes to the HistroyController caused layout on back/forward to
215         become slightly more complicated (and added an extra level of recursion
216         to layout).  This extra level of recursion triggered the "I've recursed
217         too many times" condition in the post-layout task queue, causing the
218         FrameView to run the remainder of the tasks asynchronously.
219         Unfortunately, that broke PluginDocument because it needs its the
220         HTMLEmbedElement's updateWidget task to run synchronously.
221
222         This patch adds a mechanism for "kicking off" the pending post-layout
223         tasks synchronously (instead of waiting for the timer to fire).
224         PluginDocument then uses that facility to ensure that the
225         HTMLEmbedElement's updateWidget task happens.
226
227         Test: plugins/plugin-document-back-forward.html
228
229         * html/PluginDocument.cpp:
230         (WebCore::PluginDocumentParser::appendBytes):
231         * page/FrameView.cpp:
232         (WebCore::FrameView::flushAnyPendingPostLayoutTasks):
233         * page/FrameView.h:
234
235 2011-02-04  Charlie Reis  <creis@chromium.org>
236
237         Reviewed by Mihai Parparita.
238
239         Crash in WebCore::HistoryController::itemsAreClones
240         https://bugs.webkit.org/show_bug.cgi?id=52819
241
242         Avoids deleting the current HistoryItem while it is still in use.
243         Ensures that provisional items are committed for same document navigations.
244         Ensures that error pages are committed on back/forward navigations.
245         Also removes unneeded sanity checks used for diagnosing the problem.
246
247         * loader/HistoryController.cpp:
248         * loader/HistoryController.h:
249
250 2011-02-04  Carol Szabo  <carol.szabo@nokia.com>
251
252         Reviewed by David Hyatt.
253
254         Code Changes.
255
256         CSS 2.1 failure: content-*
257         https://bugs.webkit.org/show_bug.cgi?id=52126
258
259         Test: fast/css/counters/content-021.html
260
261         * rendering/CounterNode.cpp:
262         (showCounterTree):
263         Made parameter const because it is supposed to be so.
264         * rendering/RenderCounter.cpp:
265         (WebCore::previousInPreOrder):
266         (WebCore::previousSiblingOrParent):
267         (WebCore::parentElement):
268         (WebCore::areRenderersElementsSiblings):
269         (WebCore::nextInPreOrder):
270         Added these local helper functions to help navigate the DOM tree
271         enriched with :before and :after pseudo elements.
272         (WebCore::planCounter):
273         Fixed bug that would create a repeat counter for second and
274         subsequent renderers associated with the same DOM element.
275         (WebCore::findPlaceForCounter):
276         (WebCore::makeCounterNode):
277         Changed to use the new tree navigation functions described above
278         instead of the Renderer Tree navigation functions.
279         (WebCore::RenderCounter::rendererSubtreeAttached):
280         (WebCore::RenderCounter::rendererStyleChanged):
281         Optimized to not bother about counters until the renderers are
282         finally attached.
283         (showRendererTree):
284         (showNodeTree):
285         Debug helper functions used to debug Counter bugs.
286
287 2011-02-04  Dan Bernstein  <mitz@apple.com>
288
289         Typo fix.
290
291         * html/parser/XSSFilter.cpp:
292         (WebCore::HTMLNames::containsJavaScriptURL):
293
294 2011-02-04  Dan Bernstein  <mitz@apple.com>
295
296         Reviewed by Anders Carlsson.
297
298         Make an infinite loop introduced in r77454 finite.
299
300         * html/parser/XSSFilter.cpp:
301         (WebCore::HTMLNames::containsJavaScriptURL):
302
303 2011-02-04  Jer Noble  <jer.noble@apple.com>
304
305         Reviewed by Eric Carlson.
306
307         Frame accurate seeking isn't always accurate
308         https://bugs.webkit.org/show_bug.cgi?id=52697
309
310         Test: media/video-frame-accurate-seek.html
311
312         Make seeking slightly more accurate by rounding instead of truncating
313         when converting from seconds-in-float to time/timeScale.
314
315         * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
316         (WebCore::MediaPlayerPrivateQTKit::createQTTime):
317         * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
318         (WebCore::MediaPlayerPrivateQuickTimeVisualContext::mediaTimeForTimeValue):
319         * platform/graphics/win/QTMovie.cpp:
320         (QTMovie::setCurrentTime):
321
322 2011-02-04  Jeremy Orlow  <jorlow@chromium.org>
323
324         Reviewed by Nate Chapin.
325
326         Second IndexedDB events overhaul patch
327         https://bugs.webkit.org/show_bug.cgi?id=53813
328
329         If an IDBRequest has a IDBTransaction, it should propogate
330         events through it. In order to do this, IDBRequest needs to
331         hold a transaction frontend object rather than a backend one.
332
333         Test: storage/indexeddb/request-event-propagation.html
334
335         * storage/IDBCursor.cpp:
336         (WebCore::IDBCursor::IDBCursor):
337         * storage/IDBCursor.h:
338         (WebCore::IDBCursor::create):
339         * storage/IDBDatabase.cpp:
340         (WebCore::IDBDatabase::setSetVersionTransaction):
341         (WebCore::IDBDatabase::createObjectStore):
342         (WebCore::IDBDatabase::deleteObjectStore):
343         * storage/IDBDatabase.h:
344         * storage/IDBIndex.cpp:
345         (WebCore::IDBIndex::IDBIndex):
346         (WebCore::IDBIndex::openCursor):
347         (WebCore::IDBIndex::openKeyCursor):
348         (WebCore::IDBIndex::get):
349         (WebCore::IDBIndex::getKey):
350         * storage/IDBIndex.h:
351         (WebCore::IDBIndex::create):
352         * storage/IDBObjectStore.cpp:
353         (WebCore::IDBObjectStore::IDBObjectStore):
354         (WebCore::IDBObjectStore::get):
355         (WebCore::IDBObjectStore::add):
356         (WebCore::IDBObjectStore::put):
357         (WebCore::IDBObjectStore::deleteFunction):
358         (WebCore::IDBObjectStore::createIndex):
359         (WebCore::IDBObjectStore::deleteIndex):
360         (WebCore::IDBObjectStore::openCursor):
361         * storage/IDBObjectStore.h:
362         (WebCore::IDBObjectStore::create):
363         * storage/IDBRequest.cpp:
364         (WebCore::IDBRequest::create):
365         (WebCore::IDBRequest::IDBRequest):
366         (WebCore::IDBRequest::resetReadyState):
367         (WebCore::IDBRequest::onSuccess):
368         (WebCore::IDBRequest::dispatchEvent):
369         * storage/IDBRequest.h:
370         * storage/IDBTransaction.cpp:
371         (WebCore::IDBTransaction::IDBTransaction):
372         (WebCore::IDBTransaction::objectStore):
373         (WebCore::IDBTransaction::contextDestroyed):
374         (WebCore::IDBTransaction::enqueueEvent):
375         * storage/IDBTransaction.h:
376         * storage/IDBTransaction.idl:
377
378 2011-02-04  Jeremy Orlow  <jorlow@chromium.org>
379
380         Reviewed by Nate Chapin.
381
382         First step towards event propogation within IndexedDB
383         https://bugs.webkit.org/show_bug.cgi?id=53795
384
385         This is the first step towards implementing
386         http://www.w3.org/Bugs/Public/show_bug.cgi?id=11348
387         within IndexedDB. I've created a method that knows how
388         to capture and bubble (based on Node's dispatchGenericEvent).
389         I've then changed IDBRequest to use it.
390
391         The only functional change is that preventDefault now must
392         be called in error events to prevent the transaction from
393         being aborted. The tests reflect this change and there's one
394         specific test to look at this behavior.
395
396         Test: storage/indexeddb/error-causes-abort-by-default.html
397
398         * storage/IDBAbortEvent.cpp:
399         (WebCore::IDBAbortEvent::create):
400         (WebCore::IDBAbortEvent::IDBAbortEvent):
401         * storage/IDBAbortEvent.h:
402         * storage/IDBCompleteEvent.cpp:
403         (WebCore::IDBCompleteEvent::create):
404         (WebCore::IDBCompleteEvent::IDBCompleteEvent):
405         * storage/IDBCompleteEvent.h:
406         * storage/IDBErrorEvent.cpp:
407         (WebCore::IDBErrorEvent::IDBErrorEvent):
408         * storage/IDBEvent.cpp:
409         (WebCore::IDBEvent::IDBEvent):
410         (WebCore::IDBEvent::dispatch):
411         * storage/IDBEvent.h:
412         * storage/IDBRequest.cpp:
413         (WebCore::IDBRequest::dispatchEvent):
414         * storage/IDBRequest.h:
415         * storage/IDBSuccessEvent.cpp:
416         (WebCore::IDBSuccessEvent::IDBSuccessEvent):
417         * storage/IDBTransaction.cpp:
418         (WebCore::IDBTransaction::onAbort):
419         (WebCore::IDBTransaction::onComplete):
420         * storage/IDBTransaction.h:
421         (WebCore::IDBTransaction::backend):
422         * storage/IDBTransactionBackendImpl.cpp:
423         (WebCore::IDBTransactionBackendImpl::taskTimerFired):
424
425 2011-02-04  Daniel Cheng  <dcheng@chromium.org>
426
427         Reviewed by Dmitry Titov.
428
429         Clone WebClipboard to be frame-specific.
430         https://bugs.webkit.org/show_bug.cgi?id=53727
431
432         For drop operations, Chrome currently snapshots the data and copies it
433         into the renderer process. As we add more supported drag data types, the
434         copy will become increasingly expensive. Instead, we'd like to snapshot
435         data in the browser to reduce the amount of data copied and to support
436         Blob in DataTransferItem. In order to allow this, we associated
437         WebClipboard with a frame so it can correctly route its IPCs to the
438         corresponding Chromium host.
439
440         No new tests because no new functionality.
441
442         * platform/chromium/ChromiumDataObject.cpp:
443         (WebCore::ChromiumDataObject::createReadable):
444         * platform/chromium/ChromiumDataObject.h:
445         * platform/chromium/ClipboardChromium.cpp:
446         (WebCore::ClipboardChromium::create):
447         * platform/chromium/PlatformBridge.h:
448         * platform/chromium/ReadableDataObject.cpp:
449         (WebCore::ReadableDataObject::create):
450         (WebCore::ReadableDataObject::ReadableDataObject):
451         (WebCore::ReadableDataObject::getData):
452         (WebCore::ReadableDataObject::urlTitle):
453         (WebCore::ReadableDataObject::htmlBaseUrl):
454         (WebCore::ReadableDataObject::filenames):
455         (WebCore::ReadableDataObject::ensureTypeCacheInitialized):
456         * platform/chromium/ReadableDataObject.h:
457
458 2011-02-04  Jeremy Orlow  <jorlow@chromium.org>
459
460         Revert https://bugs.webkit.org/show_bug.cgi?id=53795
461
462         * storage/IDBAbortEvent.cpp:
463         (WebCore::IDBAbortEvent::create):
464         (WebCore::IDBAbortEvent::IDBAbortEvent):
465         * storage/IDBAbortEvent.h:
466         * storage/IDBCompleteEvent.cpp:
467         (WebCore::IDBCompleteEvent::create):
468         (WebCore::IDBCompleteEvent::IDBCompleteEvent):
469         * storage/IDBCompleteEvent.h:
470         * storage/IDBErrorEvent.cpp:
471         (WebCore::IDBErrorEvent::IDBErrorEvent):
472         * storage/IDBEvent.cpp:
473         (WebCore::IDBEvent::IDBEvent):
474         * storage/IDBEvent.h:
475         * storage/IDBRequest.cpp:
476         (WebCore::IDBRequest::dispatchEvent):
477         * storage/IDBRequest.h:
478         * storage/IDBSuccessEvent.cpp:
479         (WebCore::IDBSuccessEvent::IDBSuccessEvent):
480         * storage/IDBTransaction.cpp:
481         (WebCore::IDBTransaction::onAbort):
482         (WebCore::IDBTransaction::onComplete):
483         * storage/IDBTransaction.h:
484         * storage/IDBTransactionBackendImpl.cpp:
485         (WebCore::IDBTransactionBackendImpl::taskTimerFired):
486
487 2011-02-04  Martin Galpin  <martin@66laps.com>
488
489         Reviewed by David Levin.
490
491         CORS origin header not set on GET when a preflight request is required.
492         https://bugs.webkit.org/show_bug.cgi?id=50773
493         
494         Test: http/tests/xmlhttprequest/cross-origin-preflight-get.html
495
496         * loader/DocumentThreadableLoader.cpp:
497         (WebCore::DocumentThreadableLoader::preflightSuccess): 
498         Explicitly set the request origin after a preflight request succeeds.
499
500 2011-02-04  Jeremy Orlow  <jorlow@chromium.org>
501
502         Reviewed by Nate Chapin.
503
504         First step towards event propogation within IndexedDB
505         https://bugs.webkit.org/show_bug.cgi?id=53795
506
507         This is the first step towards implementing
508         http://www.w3.org/Bugs/Public/show_bug.cgi?id=11348
509         within IndexedDB. I've created a method that knows how
510         to capture and bubble (based on Node's dispatchGenericEvent).
511         I've then changed IDBRequest to use it.
512
513         The only functional change is that preventDefault now must
514         be called in error events to prevent the transaction from
515         being aborted. The tests reflect this change and there's one
516         specific test to look at this behavior.
517
518         Test: storage/indexeddb/error-causes-abort-by-default.html
519
520         * storage/IDBAbortEvent.cpp:
521         (WebCore::IDBAbortEvent::create):
522         (WebCore::IDBAbortEvent::IDBAbortEvent):
523         * storage/IDBAbortEvent.h:
524         * storage/IDBCompleteEvent.cpp:
525         (WebCore::IDBCompleteEvent::create):
526         (WebCore::IDBCompleteEvent::IDBCompleteEvent):
527         * storage/IDBCompleteEvent.h:
528         * storage/IDBErrorEvent.cpp:
529         (WebCore::IDBErrorEvent::IDBErrorEvent):
530         * storage/IDBEvent.cpp:
531         (WebCore::IDBEvent::IDBEvent):
532         (WebCore::IDBEvent::dispatch):
533         * storage/IDBEvent.h:
534         * storage/IDBRequest.cpp:
535         (WebCore::IDBRequest::dispatchEvent):
536         * storage/IDBRequest.h:
537         * storage/IDBSuccessEvent.cpp:
538         (WebCore::IDBSuccessEvent::IDBSuccessEvent):
539         * storage/IDBTransaction.cpp:
540         (WebCore::IDBTransaction::onAbort):
541         (WebCore::IDBTransaction::onComplete):
542         * storage/IDBTransaction.h:
543         (WebCore::IDBTransaction::backend):
544         * storage/IDBTransactionBackendImpl.cpp:
545         (WebCore::IDBTransactionBackendImpl::taskTimerFired):
546
547 2011-02-04  Dimitri Glazkov  <dglazkov@chromium.org>
548
549         Reviewed by Csaba Osztrogonác.
550
551         [Qt]REGRESSION(r76951): media/controls-without-preload.html fails
552         https://bugs.webkit.org/show_bug.cgi?id=53674
553
554         * css/mediaControlsQt.css:
555
556 2011-02-04  Dan Bernstein  <mitz@apple.com>
557
558         Reviewed by Darin Adler and Dave Hyatt.
559
560         <rdar://problem/8902704> Make ruby text size 50% by default
561         https://bugs.webkit.org/show_bug.cgi?id=53723
562
563         * css/html.css:
564         (ruby > rt): Changed the font-size from 60% to 50%.
565
566 2011-02-04  Antti Koivisto  <antti@apple.com>
567
568         Reviewed by Dimitri Glazkov.
569
570         https://bugs.webkit.org/show_bug.cgi?id=53610
571         Regression: adjacent sibling selector not working as expected
572         <rdar://problem/8960033>
573         
574         https://bugs.webkit.org/show_bug.cgi?id=53574
575         REGRESSION (r76012): :last-child:after not working as expected
576         <rdar://problem/8948643>
577         
578         Test for additional conditions in parent style that prevent sharing.
579
580         Tests: fast/selectors/style-sharing-adjacent-selector.html
581                fast/selectors/style-sharing-last-child.html
582
583         * css/CSSStyleSelector.cpp:
584         (WebCore::parentStylePreventsSharing):
585         (WebCore::CSSStyleSelector::locateSharedStyle):
586
587 2011-02-04  Mark Mentovai  <mark@chromium.org>
588
589         Reviewed by Dimitri Glazkov.
590
591         Chromium GYP build fix.
592
593         When various settings were moved to webcore_prerequisites in r66364,
594         things that should have been direct_dependent_settings were not marked
595         as such. GYP 'defines', for example, make no sense on a 'none'-type
596         target such as webcore_prerequisites. It appears that it was intended
597         for these settings to be pushed to direct dependents, which would make
598         direct_dependent_settings correct.
599
600         Losing the ChromiumWebCoreObjC defines on the Mac, for example, caused
601         http://crbug.com/71537, which at best causes Mac console log spew, and
602         at worst may result in Chromium's copy of WebCore using system
603         definitions of certain Objective-C classes at runtime, or vice-versa.
604
605         The build now includes a postbuild step to prevent
606         http://crbug.com/71537 from regressing again. The build will fail upon
607         regression.
608
609         https://bugs.webkit.org/show_bug.cgi?id=53630
610
611         * WebCore.gyp/WebCore.gyp: Move things in webcore_prerequisites into
612           direct_dependent_settings as needed, add the check_objc_rename
613           postbuild step.
614         * WebCore.gyp/mac/check_objc_rename.sh: Added.
615
616 2011-02-04  Robert Hogan  <robert@webkit.org>
617
618         Reviewed by Darin Fisher.
619
620         Move chromium iframe shim code to cross-platform file
621         https://bugs.webkit.org/show_bug.cgi?id=52594
622
623         Move Chromium code for identifying and cutting out
624         iframe shims from plugins to cross-platform utility file
625         IFrameShimSupport.cpp.
626         Amend PluginViewQt to use this code to handle shims correctly.
627
628         * WebCore.gypi: Add Chromium support for IFrameShimSupport.cpp
629         * WebCore.pro: Add Qt support for IFrameShimSupport.cpp
630         * plugins/IFrameShimSupport.cpp: Added.
631         (WebCore::getObjectStack):
632         (WebCore::iframeIsAbovePlugin):
633         (WebCore::getPluginOcclusions):
634         * plugins/IFframeShimSupport.h: Added.
635         * plugins/qt/PluginViewQt.cpp:
636         (WebCore::PluginView::setNPWindowIfNeeded):
637
638 2011-02-04  Xiaomei Ji  <xji@chromium.org>
639
640         Reviewed by David Levin.
641
642         Implement "<option> should implement the dir attribute" for chromium port after r76983.
643         https://bugs.webkit.org/show_bug.cgi?id=50969
644
645         Use manual test Source/WebCore/manual-tests/pop-up-alignment-and-direction.html
646         added in r76983.
647
648         * platform/chromium/PopupMenuChromium.cpp: Remove directionality hint from
649         <select> drop-down setting.
650         (WebCore::PopupListBox::paintRow): Use <option>'s directionality to paint
651         items in drop-down and pass-in bidi override flag when creating text run.
652         * platform/chromium/PopupMenuChromium.h: Remove directionalityHint from
653         PopupContainerSettings.
654
655 2011-02-04  Jeremy Orlow  <jorlow@chromium.org>
656
657         Build fix from merge mistake.
658
659         * storage/IDBTransaction.cpp:
660         (WebCore::IDBTransaction::ensureEventTargetData):
661
662 2011-02-04  Levi Weintraub  <leviw@chromium.org>
663
664         Reviewed by Darin Adler.
665
666         Remove unneeded function declarations in comments in EditorClient.h
667         https://bugs.webkit.org/show_bug.cgi?id=53745
668
669         Removing unused commented out function declarations. No tests since this is just cleanup.
670
671         * page/EditorClient.h:
672
673 2011-02-03  Jeremy Orlow  <jorlow@chromium.org>
674
675         Reviewed by Nate Chapin.
676
677         Refactor IDBRequest and IDBTransaction a bit
678         https://bugs.webkit.org/show_bug.cgi?id=53565
679
680         There were a lot of subtle issues with the way IDBTransaction
681         and IDBRequest used to be written. This cleans a lot of them up
682         and largely simplifies the logic. Using EventQueue rather than
683         timers is one example of the simplification.
684
685         * bindings/scripts/CodeGeneratorV8.pm:
686         * dom/EventQueue.cpp:
687         (WebCore::EventQueue::enqueueEvent):
688         (WebCore::EventQueue::dispatchEvent):
689         * storage/IDBCursor.cpp:
690         (WebCore::IDBCursor::continueFunction):
691         * storage/IDBRequest.cpp:
692         (WebCore::IDBRequest::create):
693         (WebCore::IDBRequest::IDBRequest):
694         (WebCore::IDBRequest::resetReadyState):
695         (WebCore::IDBRequest::onError):
696         (WebCore::IDBRequest::onSuccess):
697         (WebCore::IDBRequest::dispatchEvent):
698         (WebCore::IDBRequest::enqueueEvent):
699         (WebCore::IDBRequest::eventTargetData):
700         (WebCore::IDBRequest::ensureEventTargetData):
701         * storage/IDBRequest.h:
702         (WebCore::IDBRequest::dispatchEvent):
703         * storage/IDBTransaction.cpp:
704         (WebCore::IDBTransaction::create):
705         (WebCore::IDBTransaction::IDBTransaction):
706         (WebCore::IDBTransaction::objectStore):
707         (WebCore::IDBTransaction::abort):
708         (WebCore::IDBTransaction::onAbort):
709         (WebCore::IDBTransaction::onComplete):
710         (WebCore::IDBTransaction::onTimeout):
711         (WebCore::IDBTransaction::canSuspend):
712         (WebCore::IDBTransaction::stop):
713         (WebCore::IDBTransaction::enqueueEvent):
714         (WebCore::IDBTransaction::eventTargetData):
715         (WebCore::IDBTransaction::ensureEventTargetData):
716         * storage/IDBTransaction.h:
717
718 2011-02-01  Jeremy Orlow  <jorlow@chromium.org>
719
720         Reviewed by Nate Chapin.
721
722         Remove the timeout event from IndexedDB
723         https://bugs.webkit.org/show_bug.cgi?id=53521
724
725         Remove timeout and ontimeout from IDBTransaction per the spec.
726
727         * WebCore.gypi:
728         * storage/IDBDatabase.cpp:
729         (WebCore::IDBDatabase::transaction):
730         * storage/IDBDatabase.h:
731         (WebCore::IDBDatabase::transaction):
732         * storage/IDBDatabase.idl:
733         * storage/IDBDatabaseBackendImpl.cpp:
734         (WebCore::IDBDatabaseBackendImpl::setVersion):
735         (WebCore::IDBDatabaseBackendImpl::transaction):
736         * storage/IDBDatabaseBackendImpl.h:
737         * storage/IDBDatabaseBackendInterface.h:
738         * storage/IDBTimeoutEvent.cpp: Removed.
739         * storage/IDBTimeoutEvent.h: Removed.
740         * storage/IDBTransaction.cpp:
741         (WebCore::IDBTransaction::IDBTransaction):
742         (WebCore::IDBTransaction::onAbort):
743         (WebCore::IDBTransaction::onComplete):
744         * storage/IDBTransaction.h:
745         * storage/IDBTransaction.idl:
746         * storage/IDBTransactionBackendImpl.cpp:
747         (WebCore::IDBTransactionBackendImpl::create):
748         (WebCore::IDBTransactionBackendImpl::IDBTransactionBackendImpl):
749         * storage/IDBTransactionBackendImpl.h:
750         * storage/IDBTransactionCallbacks.h:
751
752 2011-02-04  Chris Fleizach  <cfleizach@apple.com>
753
754         Reviewed by Darin Adler.
755
756         AX: Can't set accessibility overridden attributes on web objects
757         https://bugs.webkit.org/show_bug.cgi?id=53725
758
759         accessibilitySetOverriddenValue does not work on AX objects from WebCore because 
760         the right method needed to be overridden (accessibilitySupportsOverriddenAttributes).
761         Unfortunately, there's no way to test this from DRT, since AppKit returns the overridden
762         attribute only when an AX client asks for it through the AX frameworks.
763
764         * accessibility/mac/AccessibilityObjectWrapper.mm:
765         (-[AccessibilityObjectWrapper accessibilitySupportsOverriddenAttributes]):
766
767 2011-02-03  Dimitri Glazkov  <dglazkov@chromium.org>
768
769         Reviewed by Kent Tamura.
770
771         REGRESSION(r76147): Slider thumb is not repainted when let go outside of the slider track.
772         https://bugs.webkit.org/show_bug.cgi?id=53691
773
774         Test: fast/repaint/slider-thumb-drag-release.html
775
776         * html/shadow/SliderThumbElement.cpp:
777         (WebCore::SliderThumbElement::stopDragging): Added dirtying the layout bit to ensure
778             that the thumb is repainted.
779
780 2011-02-04  Mikhail Naganov  <mnaganov@chromium.org>
781
782         Reviewed by Pavel Feldman.
783
784         Web Inspector: Add "show more" data grid node and waiting message UI components.
785         https://bugs.webkit.org/show_bug.cgi?id=53763
786
787         - "show more" data grid node is used for on-demand population of
788         data grid contents (similar to DOM tree capability for limiting
789         displayed nodes count);
790
791         - waiting message is used for informing user about long lasting
792         operations (with a possibility to cancel them).
793
794         * English.lproj/localizedStrings.js:
795         * WebCore.gypi:
796         * WebCore.vcproj/WebCore.vcproj:
797         * inspector/front-end/PleaseWaitMessage.js: Added.
798         (WebInspector.PleaseWaitMessage):
799         * inspector/front-end/ShowMoreDataGridNode.js: Added.
800         (WebInspector.ShowMoreDataGridNode):
801         * inspector/front-end/WebKit.qrc:
802         * inspector/front-end/inspector.css:
803         (.data-grid button):
804         (.please-wait-msg):
805         * inspector/front-end/inspector.html:
806
807 2011-02-04  Adele Peterson  <adele@apple.com>
808
809         Reviewed by Dan Bernstein.
810
811         Fix for https://bugs.webkit.org/show_bug.cgi?id=53740
812         <rdar://problem/8503629> Allow platforms to specify if the placeholder should be visible when text controls are focused
813
814         Tests:
815         fast/forms/textarea-placeholder-visibility-1.html
816         fast/forms/textarea-placeholder-visibility-2.html
817         fast/forms/input-placeholder-visibility-1.html
818         fast/forms/input-placeholder-visibility-2.html
819         fast/forms/input-placeholder-visibility-3.html
820
821         * html/HTMLFormControlElement.cpp: (WebCore::HTMLTextFormControlElement::placeholderShouldBeVisible):
822         Add a check for shouldShowPlaceholderWhenFocused.
823         * html/HTMLTextAreaElement.cpp: (WebCore::HTMLTextAreaElement::updateValue):
824         Whenever the value is updated, we should also update placeholder visibility.
825         * rendering/RenderTheme.h: (WebCore::RenderTheme::shouldShowPlaceholderWhenFocused):
826         Make the default the same as the existing behavior.
827         * rendering/RenderThemeMac.h:
828         * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::shouldShowPlaceholderWhenFocused):
829         Show placeholder when appropriate. 
830
831 2011-02-04  Pavel Podivilov  <podivilov@chromium.org>
832
833         Reviewed by Pavel Feldman.
834
835         Web Inspector: evaluate on hover does not work on a breakpoint.
836         https://bugs.webkit.org/show_bug.cgi?id=53768
837
838         * inspector/front-end/SourceFrame.js:
839         (WebInspector.SourceFrame.prototype._mouseHover):
840
841 2011-02-04  Sheriff Bot  <webkit.review.bot@gmail.com>
842
843         Unreviewed, rolling out r77625 and r77626.
844         http://trac.webkit.org/changeset/77625
845         http://trac.webkit.org/changeset/77626
846         https://bugs.webkit.org/show_bug.cgi?id=53765
847
848         It broke Windows builds (Requested by Ossy_ on #webkit).
849
850         * Android.jscbindings.mk:
851         * CMakeLists.txt:
852         * ForwardingHeaders/pcre/pcre.h: Added.
853         * ForwardingHeaders/yarr/Yarr.h: Removed.
854         * ForwardingHeaders/yarr/YarrInterpreter.h: Removed.
855         * ForwardingHeaders/yarr/YarrPattern.h: Removed.
856         * WebCore.gyp/WebCore.gyp:
857         * WebCore.pro:
858         * WebCore.vcproj/WebCore.vcproj:
859         * WebCore.vcproj/copyForwardingHeaders.cmd:
860         * platform/text/RegularExpression.cpp:
861         (WebCore::RegularExpression::Private::regexp):
862         (WebCore::RegularExpression::Private::compile):
863         (WebCore::RegularExpression::Private::Private):
864         (WebCore::RegularExpression::Private::create):
865         (WebCore::RegularExpression::Private::~Private):
866         (WebCore::RegularExpression::match):
867
868 2011-02-04  Peter Varga  <pvarga@webkit.org>
869
870         Rubber-stamped by Csaba Osztrogonác.
871
872         Replace PCRE with Yarr in WebCore
873         https://bugs.webkit.org/show_bug.cgi?id=53496
874
875         Speculative windows build fix.
876
877         No new tests needed.
878
879         * platform/text/RegularExpression.cpp:
880
881 2011-02-04  Peter Varga  <pvarga@webkit.org>
882
883
884         Reviewed by Gavin Barraclough.
885
886         Replace PCRE with Yarr in WebCore
887         https://bugs.webkit.org/show_bug.cgi?id=53496
888
889         No new tests needed.
890
891         * Android.jscbindings.mk:
892         * CMakeLists.txt:
893         * ForwardingHeaders/pcre/pcre.h: Removed.
894         * ForwardingHeaders/yarr/Yarr.h: Added.
895         * ForwardingHeaders/yarr/YarrInterpreter.h: Added.
896         * ForwardingHeaders/yarr/YarrPattern.h: Added.
897         * WebCore.gyp/WebCore.gyp:
898         * WebCore.pro:
899         * WebCore.vcproj/WebCore.vcproj:
900         * WebCore.vcproj/copyForwardingHeaders.cmd:
901         * platform/text/RegularExpression.cpp:
902         (WebCore::RegularExpression::Private::create):
903         (WebCore::RegularExpression::Private::Private):
904         (WebCore::RegularExpression::Private::compile):
905         (WebCore::RegularExpression::match):
906
907 2011-02-04  Pavel Feldman  <pfeldman@chromium.org>
908
909         Reviewed by Yury Semikhatsky.
910
911         Web Inspector: Network panel filtering is broken.
912         https://bugs.webkit.org/show_bug.cgi?id=53764
913
914         * inspector/front-end/NetworkPanel.js:
915         (WebInspector.NetworkPanel.prototype._sortItems):
916         (WebInspector.NetworkPanel.prototype._sortByTimeline):
917         (WebInspector.NetworkPanel.prototype._filter):
918         (WebInspector.NetworkPanel.prototype._updateOffscreenRows):
919         (WebInspector.NetworkDataGridNode.prototype.isFilteredOut):
920         (WebInspector.NetworkDataGridNode.prototype.get selectable):
921         (WebInspector.NetworkTotalGridNode.prototype.isFilteredOut):
922         (WebInspector.NetworkTotalGridNode.prototype.get selectable):
923
924 2011-02-04  Andrey Kosyakov  <caseq@chromium.org>
925
926         Reviewed by Pavel Feldman.
927
928         Web Inspector: support overriding user agent strings
929         https://bugs.webkit.org/show_bug.cgi?id=51485
930
931         Test: http/tests/inspector/extensions-useragent.html
932
933         * inspector/Inspector.idl:
934         * inspector/InspectorController.cpp:
935         (WebCore::InspectorController::disconnectFrontend):
936         (WebCore::InspectorController::setUserAgentOverride):
937         (WebCore::InspectorController::userAgentOverride):
938         * inspector/InspectorController.h:
939         * inspector/front-end/ExtensionAPI.js:
940         (WebInspector.injectedExtensionAPI.InspectedWindow.prototype.reload):
941         * inspector/front-end/ExtensionServer.js:
942         (WebInspector.ExtensionServer.prototype._onReload):
943         * loader/FrameLoader.cpp:
944         (WebCore::FrameLoader::userAgent):
945         (WebCore::FrameLoader::applyUserAgent):
946
947 2011-02-04  Pavel Podivilov  <podivilov@chromium.org>
948
949         Reviewed by Pavel Feldman.
950
951         Web Inspector: scripts panel displays wrong file name after reload.
952         https://bugs.webkit.org/show_bug.cgi?id=53761
953
954         * inspector/front-end/ScriptsPanel.js:
955         (WebInspector.ScriptsPanel.prototype._resourceLoadingFinished):
956
957 2011-02-03  Yury Semikhatsky  <yurys@chromium.org>
958
959         Reviewed by Pavel Feldman.
960
961         Web Inspector: remove settings related methods from InspectorClient
962         https://bugs.webkit.org/show_bug.cgi?id=53686
963
964         * WebCore.exp.in:
965         * inspector/CodeGeneratorInspector.pm:
966         * inspector/InspectorClient.h:
967         * inspector/InspectorFrontendClientLocal.cpp:
968         (WebCore::InspectorFrontendClientLocal::InspectorFrontendClientLocal):
969         (WebCore::InspectorFrontendClientLocal::changeAttachedWindowHeight):
970         (WebCore::InspectorFrontendClientLocal::restoreAttachedWindowHeight):
971         * inspector/InspectorFrontendClientLocal.h: ports that provide in-process implementation of the inspector front-end can
972         provide platform-specific settings accessor.
973         (WebCore::InspectorFrontendClientLocal::Settings::Settings):
974         (WebCore::InspectorFrontendClientLocal::Settings::~Settings):
975         (WebCore::InspectorFrontendClientLocal::Settings::inspectorAttachedHeight):
976         (WebCore::InspectorFrontendClientLocal::Settings::storeInspectorAttachedHeight):
977         * loader/EmptyClients.h:
978
979 2011-02-03  Anton Muhin  <antonm@chromium.org>
980
981         Reviewed by Adam Barth.
982
983         [v8] frame several more JS code invocations into v8::TryCatch
984         https://bugs.webkit.org/show_bug.cgi?id=53594
985
986         This patch is preemptive and adjusts v8 bindings code to forthcoming small change
987         in v8::ThrowException---currently sometimes exceptions thrown by this method
988         do not reach surrounding v8::TryCatch handler (see
989         http://code.google.com/p/v8/issues/detail?id=1072 and
990         http://codereview.chromium.org/6397011/).  Therefore the goal of this patch
991         is to make forthcoming v8 roll as smooth as possible (alas, we'll still need
992         one rebaseline as of now.)
993
994         * bindings/v8/V8Proxy.cpp:
995         (WebCore::V8Proxy::runScript): Do not rely on empty handle as a signal of exception, wrap into v8::TryCatch instead
996         * bindings/v8/V8WindowErrorHandler.cpp:
997         (WebCore::V8WindowErrorHandler::callListenerFunction): Ditto
998
999 2011-02-03  Maciej Stachowiak  <mjs@apple.com>
1000
1001         Reviewed by Dan Bernstein.
1002
1003         WebKit2: Need WebKit2 equivalent of WebResourceLoadDelegate::willSendRequest in the Bundle
1004         https://bugs.webkit.org/show_bug.cgi?id=52897
1005         <rdar://problem/8898294>
1006
1007         * WebCore.exp.in: Add export now needed by WebKit2
1008
1009 2011-02-03  Victoria Kirst  <vrk@google.com>
1010
1011         Reviewed by James Robinson.
1012
1013         Replaces float literals with uniform values in shader code
1014         so that buggy drivers unable to parse float values in different
1015         locales will not produce a pink video.
1016
1017         [chromium] Fix pink video bug with gpu-acceleration enabled
1018         https://bugs.webkit.org/show_bug.cgi?id=53568
1019
1020         * platform/graphics/chromium/VideoLayerChromium.cpp:
1021         (WebCore::VideoLayerChromium::SharedValues::SharedValues):
1022         (WebCore::VideoLayerChromium::drawYUV):
1023         * platform/graphics/chromium/VideoLayerChromium.h:
1024         (WebCore::VideoLayerChromium::SharedValues::signAdjLocation):
1025
1026 2011-02-03  James Kozianski  <koz@chromium.org>
1027
1028         Reviewed by Dimitri Glazkov.
1029
1030         Add navigator.registerProtocolHandler behind a flag.
1031         https://bugs.webkit.org/show_bug.cgi?id=52609
1032
1033         This method is described in the HTML5 specification here,
1034         http://dev.w3.org/html5/spec/Overview.html#dom-navigator-registerprotocolhandler
1035
1036         This change is largely cribbed from B. Green's 29651 patches. It is
1037         behind a flag so as not to break JS feature detection.
1038
1039         New layout test fast/dom/registerProtocolHandler.html.
1040
1041         * Configurations/FeatureDefines.xcconfig:
1042         * loader/EmptyClients.h:
1043         (WebCore::EmptyChromeClient::registerProtocolHandler):
1044         * page/Chrome.cpp:
1045         (WebCore::Chrome::registerProtocolHandler):
1046         * page/Chrome.h:
1047         * page/ChromeClient.h:
1048         * page/Navigator.cpp:
1049         (WebCore::verifyCustomHandlerURL):
1050         (WebCore::verifyProtocolHandlerScheme):
1051         (WebCore::Navigator::registerProtocolHandler):
1052         * page/Navigator.h:
1053         * page/Navigator.idl:
1054
1055 2011-02-03  Brian Ryner  <bryner@chromium.org>
1056
1057         Reviewed by Darin Fisher.
1058
1059         Add a field to the ResourceResponse for tracking the socket address
1060         of the host that the resource was fetched from.  Patch was originally
1061         by Paul Marks.
1062         https://bugs.webkit.org/show_bug.cgi?id=53699
1063
1064         * platform/network/chromium/ResourceResponse.cpp:
1065         (WebCore::ResourceResponse::doPlatformCopyData):
1066         (WebCore::ResourceResponse::doPlatformAdopt):
1067         * platform/network/chromium/ResourceResponse.h:
1068         (WebCore::ResourceResponse::socketAddress):
1069         (WebCore::ResourceResponse::setSocketAddress):
1070
1071 2011-02-03  Adam Langley  <agl@chromium.org>
1072
1073         Reviewed by Adam Barth.
1074
1075         Plumb mixed script URL to FrameLoaderClient
1076         https://bugs.webkit.org/show_bug.cgi?id=52384
1077
1078         Regressions covered by http/tests/security/mixedContent/*
1079
1080         * loader/EmptyClients.h:
1081         (WebCore::EmptyFrameLoaderClient::didRunInsecureContent):
1082         * loader/FrameLoader.cpp:
1083         (WebCore::FrameLoader::checkIfRunInsecureContent):
1084         * loader/FrameLoaderClient.h:
1085
1086 2011-02-03  Simon Fraser  <simon.fraser@apple.com>
1087
1088         Reviewed by Dan Bernstein.
1089
1090         REGRESSION: Artifacts on box-shadow corners in some cases
1091         https://bugs.webkit.org/show_bug.cgi?id=53731
1092
1093         Fix overdrawing artifacts in ShadowBlur's tiling code path,
1094         which show up in shadows using a color with alpha.
1095         
1096         Test: fast/box-shadow/shadow-tiling-artifact.html
1097
1098         * platform/graphics/ShadowBlur.cpp:
1099         (WebCore::ShadowBlur::drawRectShadowWithTiling): Ensure
1100         that the inner rect that gets filled does not overlap with any
1101         of the eight tiled areas by having the corner and side dimensions
1102         be the same for contiguous areas.
1103
1104 2011-02-03  Adam Barth  <abarth@webkit.org>
1105
1106         Reviewed by Alexey Proskuryakov.
1107
1108         XSS Auditor is spinning inside decodeURLEscapeSequences() if there are
1109         percent signs in large posted data
1110         https://bugs.webkit.org/show_bug.cgi?id=53405
1111
1112         If the input string contains many non-% characters followed by a %
1113         character that is not a valid URL escape sequence, then the old
1114         algorithm would only advance the initial search by one character
1115         (instead of jumping to just after the % character).  That would cause
1116         the algorithm to take N^2 time (in the number of characters before the
1117         first % character).  This patch just advances the search past the first
1118         % character so we can start looking for next % character sooner.
1119
1120         * platform/KURL.cpp:
1121         (WebCore::decodeURLEscapeSequences):
1122
1123 2011-02-03  Pavel Podivilov  <podivilov@chromium.org>
1124
1125         Reviewed by Pavel Feldman.
1126
1127         Web Inspector: click on a breakpoint highlights wrong line in source frame.
1128         https://bugs.webkit.org/show_bug.cgi?id=53692
1129
1130         * inspector/front-end/BreakpointsSidebarPane.js:
1131         (WebInspector.JavaScriptBreakpointsSidebarPane.prototype._setupBreakpointElement):
1132
1133 2011-02-03  Anton Muhin  <antonm@chromium.org>
1134
1135         Reviewed by Adam Barth.
1136
1137         [v8] Bail out if to string conversion returned empty handle
1138         https://bugs.webkit.org/show_bug.cgi?id=53687
1139
1140         This a temporary measure: actually one probably should never get empty handle
1141         if there was no exception.  The root cause is under investigation.
1142         The bailout though allows Chromium not to crash---attempt to convert an empty
1143         v8 hande into WebCore string crashes with invalid memory access.
1144
1145         See http://code.google.com/p/chromium/issues/detail?id=71544
1146
1147         There is no known reduction expressible as a layout test so far.  The crash found with automated testing tools.
1148
1149         * bindings/v8/V8Binding.cpp:
1150         (WebCore::v8NonStringValueToWebCoreString): Bail out on empty handle
1151         * bindings/v8/V8Binding.h:
1152         (WebCore::V8ParameterBase::prepareBase): Ditto
1153
1154 2011-02-03  Adam Barth  <abarth@webkit.org>
1155
1156         Attempt to fix Chromium build.
1157
1158         * html/parser/XSSFilter.cpp:
1159
1160 2011-02-03  Dirk Pranke  <dpranke@chromium.org>
1161
1162         Unreviewed, rolling out r77562.
1163         http://trac.webkit.org/changeset/77562
1164         https://bugs.webkit.org/show_bug.cgi?id=53630
1165
1166         broke chromium mac build
1167
1168         * WebCore.gyp/WebCore.gyp:
1169         * WebCore.gyp/mac/check_objc_rename.sh: Removed.
1170
1171 2011-02-03  Adam Barth  <abarth@webkit.org>
1172
1173         Reviewed by Daniel Bates.
1174
1175         XSS Auditor severely affects loading performance after submitting a large form
1176         https://bugs.webkit.org/show_bug.cgi?id=49845
1177
1178         Switch over from the XSSAuditor to the XSSFilter, improving performance
1179         on this example.
1180
1181         * html/parser/XSSFilter.cpp:
1182         (WebCore::XSSFilter::filterToken):
1183         * page/XSSAuditor.cpp:
1184         (WebCore::XSSAuditor::isEnabled):
1185
1186 2011-02-03  Dirk Pranke  <dpranke@chromium.org>
1187
1188         Unreviewed, rolling out r77567.
1189         http://trac.webkit.org/changeset/77567
1190         https://bugs.webkit.org/show_bug.cgi?id=53468
1191
1192         broke chromium linux svg, canvas tests, possibly win also?
1193
1194         * platform/graphics/skia/ImageBufferSkia.cpp:
1195         (WebCore::getImageData):
1196         (WebCore::ImageBuffer::getUnmultipliedImageData):
1197         (WebCore::ImageBuffer::getPremultipliedImageData):
1198         (WebCore::putImageData):
1199         (WebCore::ImageBuffer::putUnmultipliedImageData):
1200         (WebCore::ImageBuffer::putPremultipliedImageData):
1201
1202 2011-02-02  MORITA Hajime  <morrita@google.com>
1203
1204         Reviewed by Dimitri Glazkov.
1205
1206         Refactoring: <progress> should not use ShadowElement
1207         https://bugs.webkit.org/show_bug.cgi?id=53583
1208
1209         - Introduced RenderIndicatorPart and RenderProgressBarValuePart
1210           to be responsible for bar-part layout,
1211           which adopted layout logic from ShadowBlockElement.
1212         - ProgressBarValueElement is no longer a subclass of ShadowBlockElement.
1213         - Remove dependency from RenderProgress to HTMLProgressElement and
1214           ShadowBlockElement.
1215         - The shadow tree is no longer removed on detach(). It becomes persistent.
1216           This is now possible because the ShadowBlockElement dependency is gone.
1217         - ::-webkit-appearance for -webkit-progress-bar-value is no longer referred.
1218           That didn't make sense.
1219
1220         * html/HTMLProgressElement.cpp:
1221         (WebCore::HTMLProgressElement::createShadowSubtreeIfNeeded):
1222         * html/HTMLProgressElement.h:
1223         * html/shadow/ProgressBarValueElement.h: Added.
1224         (WebCore::ProgressBarValueElement::ProgressBarValueElement):
1225         (WebCore::ProgressBarValueElement::shadowPseudoId):
1226         (WebCore::ProgressBarValueElement::createRenderer):
1227         (WebCore::ProgressBarValueElement::create):
1228         * rendering/RenderIndicator.cpp:
1229         (WebCore::RenderIndicatorPart::RenderIndicatorPart):
1230         (WebCore::RenderIndicatorPart::~RenderIndicatorPart):
1231         (WebCore::RenderIndicatorPart::layout):
1232         (WebCore::RenderIndicatorPart::styleDidChange):
1233         * rendering/RenderIndicator.h: Added RenderIndicatorPart class
1234         (WebCore::RenderIndicatorPart::originalVisibility):
1235         (WebCore::RenderIndicatorPart::requiresForcedStyleRecalcPropagation):
1236         (WebCore::RenderIndicatorPart::canHaveChildren):
1237         * rendering/RenderProgress.cpp:
1238         (WebCore::RenderProgressBarValuePart::preferredFrameRect):
1239         (WebCore::RenderProgressBarValuePart::shouldBeHidden):
1240         (WebCore::RenderProgress::updateFromElement):
1241         (WebCore::RenderProgress::layoutParts):
1242         (WebCore::RenderProgress::shouldHaveParts):
1243         * rendering/RenderProgress.h:
1244         (WebCore::RenderProgressBarValuePart::RenderProgressBarValuePart):
1245
1246 2011-02-03  Jia Pu  <jpu@apple.com>
1247
1248         Reversion should not be marked as misspelled.
1249         https://bugs.webkit.org/show_bug.cgi?id=53255
1250
1251         This patch includes fix for reported bug, and also some housekeeping changes.
1252
1253         To implement desired behavior, we need:
1254         1. Add a new marker type, SpellCheckingExemption, since now we distingusish between text
1255            that shouldn't be spellchecked and text shouldn't be autocorrected.
1256         2. Make sure that there is no pending correction panel when we enter markAllMisspellingsAndBadGrammarInRanges().
1257            Otherwise the spell checking code in that function may interfere with autocorrection. This
1258            is achieved by explicitly applying pending correction when user types space, line break or
1259            paragraph break.
1260
1261         Housekeeping code changes include:
1262         1. Change manual-tests that were broken by relocated WebCore directory.
1263         2. Use TextIterator in various DocumentMarkerController functions instead of using
1264            Node::traverseNextNode() directly.
1265         3. Allow passing multiple marker types into DocumentMarkerController::removeMarkers() and
1266            DocumentMarkerController::hasMarkers() to improve clarity and efficiency.
1267         4. Fixes of minor bugs that were exposed previously.
1268
1269         * WebCore.exp.in: Change signature of DocumentMarkerController::removeMarkers().
1270
1271         * dom/DocumentMarker.h: Added new marker type SpellCheckingExemption.
1272
1273         * dom/DocumentMarkerController.cpp:
1274         (WebCore::DocumentMarkerController::removeMarkers): Use TextIterator to scan the range to be
1275            consistent with addMarker() function. Allow passing in multiple marker types in one call.
1276            Added a boolean argument to specify the behavior when removing markers that partially
1277            overlap the specified range.
1278         (WebCore::DocumentMarkerController::removeMarkersFromMarkerMapVectorPair): Allow passing in
1279            multiple marker types in one call.
1280         (WebCore::DocumentMarkerController::hasMarkers): Use TextIterator to scan the range to be
1281            consistent with addMarker() function. Allow passing in multiple marker types in one call.
1282
1283         * dom/DocumentMarkerController.h: Allow passing in multiple marker types to removeMarkers()
1284            and hasMarkers(). Added a boolean argument to removeMarkers() to specify the behavior when
1285            removing markers that partially overlap the specified range.
1286
1287         * editing/Editor.cpp:
1288         (WebCore::markerTypesForAutocorrection): Add SpellCheckingExemption marker when apply correction.
1289         (WebCore::markerTypesForReplacement): Ditto.
1290         (WebCore::Editor::respondToChangedSelection): Reordered call to dismissCorrectionPanel() and
1291            setSelection() to make sure there is no pending correction when entering
1292            markAllMisspellingsAndBadGrammarInRanges().
1293         (WebCore::Editor::appliedEditing): Only remove CorrectionIndicator markers when the command
1294            is a top level command to improve efficiency.
1295         (WebCore::Editor::insertTextWithoutSendingTextEvent): Added code to applying pending correction.
1296         (WebCore::Editor::insertLineBreak): Ditto.
1297         (WebCore::Editor::insertParagraphSeparator): Ditto.
1298         (WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges): Don't mark mispelling if the
1299            text carries SpellCheckingExemption marker.
1300         (WebCore::Editor::correctionPanelTimerFired): Reset correction panel if the returned suggestion
1301            from spellchecker is an empty string.
1302         (WebCore::Editor::removeSpellAndCorrectionMarkersFromWordsToBeEdited):
1303            Use new DocumentMarkerController::removeMarkers() to replace custom implemenation to improve
1304            efficiency and readability.
1305         (WebCore::Editor::applyCorrectionPanelInfo): Remove the code that set caret position after
1306            applying correction, since it's unnecessary. Also, store pre-correction string together with
1307            the marker for reversion panel to use.
1308         (WebCore::Editor::applyAutocorrectionBeforeTypingIfAppropriate): Apply pending correction.
1309         (WebCore::Editor::changeSelectionAfterCommand): Moved marker removal code to Editor::appliedEditing()
1310            where we have access to EditCommand object.
1311
1312         * editing/Editor.h: Added new function applyAutocorrectionAfterTypingIfAppropriate().
1313
1314         * manual-tests/autocorrection/autocorrection-cancelled-by-ESC.html: Change manual-tests that
1315            were broken by relocated WebCore directory.
1316
1317         * manual-tests/autocorrection/autocorrection-cancelled-by-typing-1.html: Ditto.
1318
1319         * manual-tests/autocorrection/autocorrection-contraction.html: Ditto.
1320
1321         * manual-tests/autocorrection/continue-typing-to-dismiss-reversion.html: Ditto.
1322
1323         * manual-tests/autocorrection/delete-to-dismiss-reversion.html: Ditto.
1324
1325         * manual-tests/autocorrection/delete-to-end-of-word-to-show-reversion.html: Ditto.
1326
1327         * manual-tests/autocorrection/dismiss-multiple-guesses.html: Ditto.
1328
1329         * manual-tests/autocorrection/move-to-end-of-word-to-show-reversion.html: Ditto.
1330
1331         * manual-tests/autocorrection/select-from-multiple-guesses.html: Ditto.
1332
1333         * manual-tests/autocorrection/spell-checking-after-reversion.html: Added.
1334
1335         * manual-tests/autocorrection/type-whitespace-to-dismiss-reversion.html: Change manual-tests that
1336            were broken by relocated WebCore directory.
1337
1338         * rendering/InlineTextBox.cpp:
1339         (WebCore::InlineTextBox::paintDocumentMarkers): Code clean-up to be more concise.
1340
1341 2011-02-03  Abhishek Arya  <inferno@chromium.org>
1342
1343         Unreviewed, qt build fix.
1344
1345         * rendering/RenderBlock.cpp:
1346         (WebCore::RenderBlock::removeFloatingObject):
1347
1348 2011-02-03  Brian Salomon  <bsalomon@google.com>
1349
1350         Reviewed by James Robinson.
1351
1352         Handle non-raster backed images in getUnmultipliedImageData()
1353         https://bugs.webkit.org/show_bug.cgi?id=53468
1354
1355         No new tests. Existing canvas tests sufficient
1356         LayoutTests/canvas/philip/...
1357
1358         * platform/graphics/skia/ImageBufferSkia.cpp:
1359         (WebCore::getImageData):
1360         (WebCore::ImageBuffer::getUnmultipliedImageData):
1361         (WebCore::ImageBuffer::getPremultipliedImageData):
1362         (WebCore::putImageData):
1363         (WebCore::ImageBuffer::putUnmultipliedImageData):
1364         (WebCore::ImageBuffer::putPremultipliedImageData):
1365
1366 2011-02-03  Abhishek Arya  <inferno@chromium.org>
1367
1368         Reviewed by James Robinson.
1369
1370         Enforce more limits on root inline boxes height calculations.
1371         https://bugs.webkit.org/show_bug.cgi?id=53729
1372
1373         Test: fast/overflow/overflow-height-float-not-removed-crash.html
1374
1375         * rendering/RenderBlock.cpp:
1376         (WebCore::RenderBlock::removeFloatingObject): prevent logicalBottom to
1377         become negative when logicalTop is INT_MAX.
1378         (WebCore::RenderBlock::markLinesDirtyInBlockRange): when logicalBottom
1379         is INT_MAX, we should dirty everything. So, we bail out to make
1380         afterLowest equal to the lastRootBox() or lowestDirstLine.
1381
1382 2011-02-03  David Levin  <levin@chromium.org>
1383
1384         Reviewed by Adam Barth and Oliver Hunt.
1385
1386         Worker.importScript() should clean errors for cross origin imports.
1387         https://bugs.webkit.org/show_bug.cgi?id=52871
1388
1389         Test: http/tests/workers/worker-importScriptsOnError.html
1390
1391         * bindings/js/WorkerScriptController.cpp:
1392         (WebCore::WorkerScriptController::evaluate): Use sanitizeScriptError
1393         to determine when to create a clean exception.
1394         * bindings/v8/WorkerContextExecutionProxy.cpp:
1395         (WebCore::WorkerContextExecutionProxy::evaluate): Ditto.
1396         * dom/ScriptExecutionContext.cpp:
1397         (WebCore::ScriptExecutionContext::sanitizeScriptError): Figure out
1398         if the error needs to be cleaned up.
1399         (WebCore::ScriptExecutionContext::dispatchErrorEvent): Extracted
1400         sanitizeScriptError for use by other places.
1401         * dom/ScriptExecutionContext.h:
1402         * workers/WorkerContext.cpp:
1403         (WebCore::WorkerContext::importScripts): Use the reponse url when
1404         telling the evaluate where the script came fro.
1405         * workers/WorkerScriptLoader.cpp:
1406         (WebCore::WorkerScriptLoader::responseURL): Expose the url that
1407         the script was loaded from (which may be different from url() due
1408         to redirects).
1409         (WebCore::WorkerScriptLoader::didReceiveResponse): Capture the reponse url.
1410         * workers/WorkerScriptLoader.h:
1411
1412 2011-02-03  Mark Mentovai  <mark@chromium.org>
1413
1414         Reviewed by Dimitri Glazkov.
1415
1416         Chromium GYP build fix.
1417
1418         When various settings were moved to webcore_prerequisites in r66364,
1419         things that should have been direct_dependent_settings were not marked
1420         as such. GYP 'defines', for example, make no sense on a 'none'-type
1421         target such as webcore_prerequisites. It appears that it was intended
1422         for these settings to be pushed to direct dependents, which would make
1423         direct_dependent_settings correct.
1424
1425         Losing the ChromiumWebCoreObjC defines on the Mac, for example, caused
1426         http://crbug.com/71537, which at best causes Mac console log spew, and
1427         at worst may result in Chromium's copy of WebCore using system
1428         definitions of certain Objective-C classes at runtime, or vice-versa.
1429
1430         The build now includes a postbuild step to prevent
1431         http://crbug.com/71537 from regressing again. The build will fail upon
1432         regression.
1433
1434         https://bugs.webkit.org/show_bug.cgi?id=53630
1435
1436         * WebCore.gyp/WebCore.gyp: Move things in webcore_prerequisites into
1437           direct_dependent_settings as needed, add the check_objc_rename
1438           postbuild step.
1439         * WebCore.gyp/mac/check_objc_rename.sh: Added.
1440
1441 2011-02-03  Adam Barth  <abarth@webkit.org>
1442
1443         Reviewed by Eric Seidel.
1444
1445         Make XSSFilter go fast by adding a SuffixTree
1446         https://bugs.webkit.org/show_bug.cgi?id=53665
1447
1448         The SuffixTree lets us quickly reject snippets if the POST data is
1449         large (because we can avoid a linear scan over the POST data).
1450
1451         * html/parser/XSSFilter.cpp:
1452         (WebCore::XSSFilter::init):
1453         (WebCore::XSSFilter::isContainedInRequest):
1454         * html/parser/XSSFilter.h:
1455
1456 2011-02-03  Mihai Parparita  <mihaip@chromium.org>
1457
1458         Reviewed by Alexey Proskuryakov.
1459
1460         REGRESSION (r77355): Page cache layout tests crash
1461         https://bugs.webkit.org/show_bug.cgi?id=53648
1462
1463         Test: fast/events/pagehide-timeout.html
1464         
1465         Suspend active DOM objects after all pagehide event handlers have run,
1466         otherwise it's possible for them to create more objects that weren't
1467         getting suspended.
1468
1469         * history/CachedFrame.cpp:
1470         (WebCore::CachedFrame::CachedFrame):
1471
1472 2011-02-03  Jeremy Orlow  <jorlow@chromium.org>
1473
1474         Reviewed by Nate Chapin.
1475
1476         SerializedScriptValue should not require v8 to create undefined and null values
1477         https://bugs.webkit.org/show_bug.cgi?id=53730
1478
1479         Instead of creating a v8 type and passing that into the constructor, just use
1480         the writer class directly. While I was at it, I cleaned up the code a bit too
1481         by getting rid of the WireData/StringValue enum as I found that personally
1482         confusing.
1483
1484         This is necessary because these methods are called by IndexedDB in the browser
1485         process where v8 is not spun up.
1486
1487         No functionality changed and not possible to test.
1488
1489         * bindings/v8/SerializedScriptValue.cpp:
1490         (WebCore::SerializedScriptValue::createFromWire):
1491         (WebCore::SerializedScriptValue::create):
1492         (WebCore::SerializedScriptValue::nullValue):
1493         (WebCore::SerializedScriptValue::undefinedValue):
1494         (WebCore::SerializedScriptValue::release):
1495         (WebCore::SerializedScriptValue::SerializedScriptValue):
1496         * bindings/v8/SerializedScriptValue.h:
1497
1498 2011-02-03  Beth Dakin  <bdakin@apple.com>
1499
1500         Reviewed by Sam Weinig.
1501
1502         Fix for <rdar://problem/8944544> Ability to animate track
1503         for WKPainter scrollers
1504
1505         Two new WebKitSystemInterface functions.
1506         * WebCore.exp.in:
1507         * platform/mac/WebCoreSystemInterface.h:
1508         * platform/mac/WebCoreSystemInterface.mm:
1509
1510         Use Scrollbar::convertFromContainingView() to return the right point.
1511         * platform/mac/ScrollAnimatorMac.mm:
1512         (-[ScrollbarPainterControllerDelegate scrollerImpPair:convertContentPoint:toScrollerImp:]):
1513         
1514         ScrollKnobAnimation is now ScrollbarPartAnimation. It can
1515         now be used to animate the knob or the track.
1516         (-[ScrollbarPartAnimation initWithScrollbarPainter:part:WebCore::scrollAnimator:WebCore::animateAlphaTo:duration:]):
1517         (-[ScrollbarPartAnimation setCurrentProgress:]):
1518         (-[ScrollbarPainterDelegate setUpAnimation:scrollerPainter:part:WebCore::animateAlphaTo:duration:]):
1519         (-[ScrollbarPainterDelegate scrollerImp:animateKnobAlphaTo:duration:]):
1520         (-[ScrollbarPainterDelegate scrollerImp:animateTrackAlphaTo:duration:]):
1521
1522         Scrollbars need invalodating after the overlay state changes. 
1523         (-[ScrollbarPainterDelegate scrollerImp:overlayScrollerStateChangedTo:]):
1524
1525 2011-02-03  Sam Weinig  <sam@webkit.org>
1526
1527         Reviewed by Beth Dakin.
1528
1529         Scroll thumb jumps to top when resizing horizontally.
1530
1531         * platform/ScrollView.cpp:
1532         (WebCore::ScrollView::updateScrollbars): Add call to update
1533         the scrollbar's offset in the case where we may have created
1534         a new scrollbar but have not changed the current position.
1535
1536 2011-02-03  Justin Schuh  <jschuh@chromium.org>
1537
1538         Reviewed by Dirk Schulze.
1539
1540         startAnimations should use a local, RefCounted Vector.
1541         https://bugs.webkit.org/show_bug.cgi?id=53458
1542
1543         Test: svg/custom/use-animation-in-fill.html
1544
1545         * svg/SVGDocumentExtensions.cpp:
1546         (WebCore::SVGDocumentExtensions::startAnimations):
1547
1548 2011-02-03  Adam Barth  <abarth@webkit.org>
1549
1550         Reviewed by Daniel Bates.
1551
1552         XSSFilter shouldn't bother to analyze pages without "injection"
1553         characters in the request
1554         https://bugs.webkit.org/show_bug.cgi?id=53664
1555
1556         If the request lacks these "injection" characters, then it's unlikely
1557         that there's a reflective XSS attack happening.  This hueristic lets us
1558         avoid analyzing the vast majority of responses for XSS.  Of course, the
1559         hueristic isn't perfect.  Because of this huerstic, we miss out on
1560         injections into unquoted attributes.  However, it's a trade-off that's
1561         worked well in the XSSAuditor.
1562
1563         * html/parser/XSSFilter.cpp:
1564         (WebCore::HTMLNames::isRequiredForInjection):
1565         (WebCore::XSSFilter::XSSFilter):
1566         (WebCore::XSSFilter::init):
1567         (WebCore::XSSFilter::filterToken):
1568         (WebCore::XSSFilter::isContainedInRequest):
1569         * html/parser/XSSFilter.h:
1570
1571 2011-02-03  Vangelis Kokkevis  <vangelis@chromium.org>
1572
1573         Reviewed by Kenneth Russell.
1574
1575         [chromium] Fixing a compositor crash occurring on layers
1576         without an associated RenderSurface.
1577         https://bugs.webkit.org/show_bug.cgi?id=53679
1578         Regression was introduced by in r77425 
1579
1580         Test: http://webkit.org/blog/386/3d-transforms/ doesn't crash
1581         anymore.
1582
1583         * platform/graphics/chromium/LayerRendererChromium.cpp:
1584         (WebCore::LayerRendererChromium::drawLayer):
1585
1586 2011-02-03  Dan Bernstein  <mitz@apple.com>
1587
1588         Reviewed by Anders Carlsson.
1589
1590         <rdar://problem/8948788> Text emphasis marks have wrong orientation for vertical text
1591         https://bugs.webkit.org/show_bug.cgi?id=53709
1592
1593         Covered by rendering of fast/text/emphasis-vertical.html
1594
1595         * platform/graphics/mac/SimpleFontDataMac.mm:
1596         (WebCore::SimpleFontData::scaledFontData): Give the scaled font the same orientation this font
1597         has.
1598
1599 2011-02-02  Levi Weintraub  <leviw@chromium.org>
1600
1601         Reviewed by Ryosuke Niwa.
1602
1603         Moving cursor down in table cycles at the end of a row
1604         https://bugs.webkit.org/show_bug.cgi?id=50012
1605
1606         Avoids a caret cycling issue with certain content (e.g. tables) found at the very
1607         end of a document due to a bug in nextLeafWithSameEditability.
1608
1609         Test: editing/selection/move-by-line-cycles-in-table.html
1610
1611         * editing/visible_units.cpp:
1612         (WebCore::nextLeafWithSameEditability): Properly avoid descending back into the
1613         original leaf node.
1614
1615 2011-02-03  Pavel Podivilov  <podivilov@chromium.org>
1616
1617         Reviewed by Pavel Feldman.
1618
1619         Web Inspector: remove dead code related to changes panel.
1620         https://bugs.webkit.org/show_bug.cgi?id=53688
1621
1622         * WebCore.gypi:
1623         * WebCore.vcproj/WebCore.vcproj:
1624         * inspector/front-end/ChangesView.js: Removed.
1625         * inspector/front-end/WebKit.qrc:
1626         * inspector/front-end/inspector.css:
1627         (#error-warning-count):
1628         (#error-warning-count:hover):
1629         (#error-count + #warning-count):
1630         * inspector/front-end/inspector.html:
1631         * inspector/front-end/inspector.js:
1632
1633 2011-02-02  Sam Weinig  <sam@webkit.org>
1634
1635         Reviewed by Anders Carlsson.
1636
1637         Add notification of the end of a rubber band.
1638         <rdar://problem/8940648>
1639
1640         * WebCore.exp.in:
1641         Add additional exprots.
1642
1643         * page/ChromeClient.h:
1644         (WebCore::ChromeClient::didCompleteRubberBandForMainFrame):
1645         * page/FrameView.cpp:
1646         (WebCore::FrameView::didCompleteRubberBand):
1647         * page/FrameView.h:
1648         * platform/ScrollView.cpp:
1649         (WebCore::ScrollView::didCompleteRubberBand):
1650         * platform/ScrollView.h:
1651         Add hook.
1652
1653         * platform/ScrollableArea.h:
1654         (WebCore::ScrollableArea::inLiveResize):
1655         (WebCore::ScrollableArea::maximumScrollPosition):
1656         (WebCore::ScrollableArea::visibleWidth):
1657         (WebCore::ScrollableArea::overhangAmount):
1658         (WebCore::ScrollableArea::didCompleteRubberBand):
1659         Reorganize and de-virtualize live resize notifications.
1660
1661         * platform/mac/ScrollAnimatorMac.mm:
1662         (WebCore::ScrollAnimatorMac::snapRubberBandTimerFired):
1663         Call the new hook when the rubberband ends.
1664
1665 2011-02-02  Evan Martin  <evan@chromium.org>
1666
1667         Reviewed by Tony Chang.
1668
1669         [chromium] complex joining characters positioned in wrong place
1670         https://bugs.webkit.org/show_bug.cgi?id=53637
1671
1672         Provide the correct font metrics to Harfbuzz related to the font design space.
1673         There are used in some fonts for GPOS positioning.
1674
1675         Test: platform/chromium-linux/fast/text/international/complex-joining-using-gpos.html
1676
1677         * platform/graphics/chromium/ComplexTextControllerLinux.cpp:
1678         (WebCore::ComplexTextController::setupFontForScriptRun):
1679         (WebCore::ComplexTextController::allocHarfbuzzFont):
1680         * platform/graphics/chromium/FontPlatformDataLinux.cpp:
1681         (WebCore::FontPlatformData::FontPlatformData):
1682         (WebCore::FontPlatformData::emSizeInFontUnits):
1683         (WebCore::FontPlatformData::operator=):
1684         * platform/graphics/chromium/FontPlatformDataLinux.h:
1685         (WebCore::FontPlatformData::FontPlatformData):
1686
1687 2011-02-02  Dimitri Glazkov  <dglazkov@chromium.org>
1688
1689         Reviewed by Kent Tamura.
1690
1691         REGRESSION(r76147): Slider thumb position is not updated when value attribute is changed.
1692         https://bugs.webkit.org/show_bug.cgi?id=53634
1693
1694         Test: fast/dom/HTMLInputElement/input-slider-update.html
1695
1696         * html/HTMLInputElement.cpp:
1697         (WebCore::HTMLInputElement::setValue): Added a call to InputType::valueChanged.
1698         * html/InputType.cpp:
1699         (WebCore::InputType::valueChanged): Added empty implementation.
1700         * html/InputType.h: Added def.
1701         * html/RangeInputType.cpp:
1702         (WebCore::RangeInputType::valueChanged): Added implementation that dirties layout
1703             bit on the thumb.
1704         * html/RangeInputType.h: Added def.
1705
1706 2011-02-02  Pavel Podivilov  <podivilov@chromium.org>
1707
1708         Reviewed by Pavel Feldman.
1709
1710         Web Inspector: do not share source frames between resources panel and scripts panel.
1711         https://bugs.webkit.org/show_bug.cgi?id=53584
1712
1713         Currently, we show error messages only for resources. This change will allow showing error
1714         messages in source frame even when resource is not available (eval scripts, inlined scripts).
1715
1716         * inspector/front-end/ConsoleView.js:
1717         (WebInspector.ConsoleView.prototype.addMessage):
1718         (WebInspector.ConsoleView.prototype.clearMessages):
1719         * inspector/front-end/ResourceView.js:
1720         (WebInspector.ResourceView.recreateResourceView):
1721         * inspector/front-end/ResourcesPanel.js:
1722         (WebInspector.FrameResourceTreeElement.prototype._setBubbleText):
1723         * inspector/front-end/ScriptsPanel.js:
1724         (WebInspector.ScriptsPanel.prototype._scriptSourceChanged):
1725         (WebInspector.ScriptsPanel.prototype.addConsoleMessage):
1726         (WebInspector.ScriptsPanel.prototype.clearConsoleMessages):
1727         (WebInspector.ScriptsPanel.prototype.reset):
1728         (WebInspector.ScriptsPanel.prototype._sourceFrameForScriptOrResource):
1729         (WebInspector.ScriptsPanel.prototype._sourceFrameForResource):
1730         (WebInspector.ScriptsPanel.prototype._sourceFrameForScript):
1731
1732 2011-02-03  Simon Fraser  <simon.fraser@apple.com>
1733
1734         Fix 32-bit builds.
1735
1736         * platform/graphics/ShadowBlur.cpp:
1737         (WebCore::ShadowBlur::blurLayerImage):
1738
1739 2011-02-03  Mikhail Naganov  <mnaganov@chromium.org>
1740
1741         Reviewed by Pavel Feldman.
1742
1743         Web Inspector: Add reporting of JS heap size limit to 'console.memory'.
1744         https://bugs.webkit.org/show_bug.cgi?id=53592
1745
1746         In JSC there is no limit, thus 'undefined' value is returned.
1747         For V8, the limit reported by the VM is returned.
1748
1749         * Android.jscbindings.mk:
1750         * CMakeLists.txt:
1751         * GNUmakefile.am:
1752         * WebCore.gypi:
1753         * WebCore.pro:
1754         * WebCore.vcproj/WebCore.vcproj:
1755         * WebCore.xcodeproj/project.pbxproj:
1756         * bindings/js/JSBindingsAllInOne.cpp:
1757         * bindings/js/JSMemoryInfoCustom.cpp: Added.
1758         * bindings/js/ScriptGCEvent.cpp:
1759         (WebCore::ScriptGCEvent::getHeapSize):
1760         * bindings/js/ScriptGCEvent.h:
1761         * bindings/v8/ScriptGCEvent.cpp:
1762         (WebCore::ScriptGCEvent::getHeapSize):
1763         * bindings/v8/ScriptGCEvent.h:
1764         * inspector/InspectorTimelineAgent.cpp:
1765         (WebCore::InspectorTimelineAgent::setHeapSizeStatistic):
1766         * page/MemoryInfo.cpp:
1767         (WebCore::MemoryInfo::MemoryInfo):
1768         * page/MemoryInfo.h:
1769         (WebCore::MemoryInfo::jsHeapSizeLimit):
1770         * page/MemoryInfo.idl:
1771
1772 2011-01-27  Philippe Normand  <pnormand@igalia.com>
1773
1774         Reviewed by Martin Robinson.
1775
1776         [GTK] LayoutTests/media/audio-mpeg4-supported.html fails
1777         https://bugs.webkit.org/show_bug.cgi?id=53125
1778
1779         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
1780         (WebCore::mimeTypeCache): Add audio/x-m4a mimetype in the cache.
1781
1782 2011-02-03  Simon Fraser  <simon.fraser@apple.com>
1783
1784         Reviewed by Sam Weinig.
1785
1786         ShadowBlur radius for CSS shadows is slightly too big
1787         https://bugs.webkit.org/show_bug.cgi?id=53660
1788         
1789         If we follow SVG gaussian blur for CSS shadows, we can end up rendering
1790         shadows that extend further than the CSS "blur radius", which results
1791         in the shadows being truncated.
1792         
1793         Fix with a small fudge factor to reduce the kernel diameter slightly
1794         for CSS shadows.
1795         
1796         Also more closely follow the algorithm described in the SVG spec
1797         for computing the kernel size for different diameters, and clean up
1798         some variable naming relating to the shadow bounds.
1799
1800         * platform/graphics/ShadowBlur.cpp:
1801         (WebCore::ShadowBlur::blurLayerImage):
1802         (WebCore::ShadowBlur::drawRectShadowWithTiling):
1803
1804 2011-02-01  Pavel Podivilov  <podivilov@chromium.org>
1805
1806         Reviewed by Pavel Feldman.
1807
1808         Web Inspector: introduce new api for managing JavaScript breakpoints.
1809         https://bugs.webkit.org/show_bug.cgi?id=53235
1810
1811         Single protocol breakpoint (e.g. set by url) is mapped on zero or more VM breakpoints (set by sourceID).
1812         removeJavaScriptBreakpoint(breakpointId) removes breakpoint and all linked VM breakpoints.
1813         Since UI uses VM breakpoint location rather then protocol breakpoint location, all resolved breakpoints locations are passed to frontend.
1814
1815         SourceFrame is now aware of whether breakpoint is resolved or not and may display it accordingly.
1816         JavaScriptBreakpointsSidebarPane filters out breakpoints set on nonexistent scripts to avoid UI cluttering.
1817
1818         * bindings/js/ScriptDebugServer.cpp:
1819         (WebCore::ScriptDebugServer::setBreakpoint):
1820         (WebCore::ScriptDebugServer::removeBreakpoint):
1821         * bindings/js/ScriptDebugServer.h:
1822         * bindings/v8/DebuggerScript.js:
1823         ():
1824         * bindings/v8/ScriptDebugServer.cpp:
1825         (WebCore::ScriptDebugServer::setBreakpoint):
1826         * bindings/v8/ScriptDebugServer.h:
1827         * inspector/Inspector.idl:
1828         * inspector/InspectorAgent.cpp: clear breakpoints from inspector state when new frontend is created
1829         (WebCore::InspectorAgent::restoreInspectorStateFromCookie):
1830         (WebCore::InspectorAgent::populateScriptObjects):
1831         (WebCore::InspectorAgent::restoreDebugger):
1832         (WebCore::InspectorAgent::showAndEnableDebugger):
1833         (WebCore::InspectorAgent::enableDebugger):
1834         * inspector/InspectorAgent.h:
1835         * inspector/InspectorDebuggerAgent.cpp: manage relations between protocol breakpoints and VM breakpoints
1836         (WebCore::InspectorDebuggerAgent::InspectorDebuggerAgent):
1837         (WebCore::InspectorDebuggerAgent::inspectedURLChanged):
1838         (WebCore::InspectorDebuggerAgent::setJavaScriptBreakpoint):
1839         (WebCore::InspectorDebuggerAgent::setJavaScriptBreakpointBySourceId):
1840         (WebCore::InspectorDebuggerAgent::removeJavaScriptBreakpoint):
1841         (WebCore::InspectorDebuggerAgent::continueToLocation):
1842         (WebCore::InspectorDebuggerAgent::resolveBreakpoint):
1843         (WebCore::InspectorDebuggerAgent::getScriptSource):
1844         (WebCore::InspectorDebuggerAgent::didParseSource):
1845         (WebCore::InspectorDebuggerAgent::didPause):
1846         * inspector/InspectorDebuggerAgent.h:
1847         (WebCore::InspectorDebuggerAgent::Script::Script):
1848         * inspector/InspectorValues.cpp:
1849         (WebCore::InspectorValue::asNumber):
1850         (WebCore::InspectorBasicValue::asNumber):
1851         (WebCore::InspectorObject::remove):
1852         * inspector/InspectorValues.h:
1853         (WebCore::InspectorObject::getNumber):
1854         (WebCore::InspectorObject::find):
1855         * inspector/ScriptBreakpoint.h:
1856         (WebCore::ScriptBreakpoint::ScriptBreakpoint):
1857         * inspector/front-end/Breakpoint.js:
1858         (WebInspector.Breakpoint):
1859         (WebInspector.Breakpoint.prototype.addLocation):
1860         * inspector/front-end/BreakpointManager.js: remove all stuff related to JavaScript breakpoints from here
1861         (WebInspector.BreakpointManager):
1862         (WebInspector.BreakpointManager.prototype._projectChanged):
1863         (WebInspector.BreakpointManager.prototype._saveBreakpoints):
1864         (WebInspector.BreakpointManager.prototype._validateBreakpoints):
1865         * inspector/front-end/BreakpointsSidebarPane.js:
1866         (WebInspector.JavaScriptBreakpointsSidebarPane): filter breakpoints set on nonexistent scripts to avoid ui cluttering
1867         * inspector/front-end/DebuggerModel.js:
1868         (WebInspector.DebuggerModel): pull all JavaScript from localStorage and push them to fronted when debugger is enabled, save resolved breakpoints data
1869         * inspector/front-end/Script.js:
1870         (WebInspector.Script.prototype.sourceLine):
1871         * inspector/front-end/ScriptsPanel.js:
1872         (WebInspector.ScriptsPanel.prototype._toggleDebugging):
1873         * inspector/front-end/Settings.js:
1874         (WebInspector.Settings):
1875         * inspector/front-end/SourceFrame.js: handle resolved and unresolved breakpoints differently
1876         * inspector/front-end/inspector.js:
1877
1878 2011-02-03  Nikolas Zimmermann  <nzimmermann@rim.com>
1879
1880         Reviewed by Dirk Schulze.
1881
1882         small text which is scaled to be large renders pixelated
1883         https://bugs.webkit.org/show_bug.cgi?id=12448
1884
1885         SVG <text> with font-size smaller or equal to 1 does not paint correctly
1886         https://bugs.webkit.org/show_bug.cgi?id=14242
1887
1888         misplaced text in SVG
1889         https://bugs.webkit.org/show_bug.cgi?id=17053
1890
1891         Don't render very small (but zoomed) text inside SVG
1892         https://bugs.webkit.org/show_bug.cgi?id=19393
1893
1894         Tiny fonts scaled up end up too large in Safari
1895         https://bugs.webkit.org/show_bug.cgi?id=20192
1896
1897         Stretched SVG Text has awful glyph spacing 
1898         https://bugs.webkit.org/show_bug.cgi?id=21774
1899
1900         REGRESSION (r72141?): svg/batik/text/smallFonts.svg failing on Leopard
1901         https://bugs.webkit.org/show_bug.cgi?id=49846
1902
1903         [Gtk] Text height in zoomed SVG is 1px too high
1904         https://bugs.webkit.org/show_bug.cgi?id=50313
1905
1906         SVG text smaller than 0.5px not displayed properly
1907         https://bugs.webkit.org/show_bug.cgi?id=50528
1908
1909         When rendering text, we're selecting a font with a size, as specified in the markup.
1910         This can lead to problems, if the context, where the text is rendered upon, is scaled. If a parent
1911         element of the <text> defines a transform=".." or the outermost <svg> containing a viewBox the
1912         problem becomes apparent.
1913
1914         Consider following two snippets, which should render exactly the same:
1915         <svg viewBox="0 0 100 100"><text x="25" y="50" font-size="25">test</text></svg>
1916         <svg viewBox="0 0 1 1"><text x="0.25" y="0.5" font-size="0.25">test</text></svg>
1917
1918         When selecting a font size below 0.5, FontCacheMac would request a font with size 0,
1919         which AppKit turns into 12. This lead to huge text rendering, instead of small text on Mac.
1920         Other platforms have different problems (Qt simply scales the font, leading to pixelation etc.)
1921
1922         To fix this in a cross-platform fashion, we now always compute the final font size on screen,
1923         remove any scaling from the context, draw the text using the scaled font size, then reapply
1924         the context scale. This makes the example snippets above render exactly the same and fixes
1925         numerous of bugs, present since years. As we're now heavily using floating-point font sizes
1926         internally, depending on the scale of the document, it's very important to use the new
1927         floating-point text metrics information (floatAscent/floatDescent/floatHeight) everywhere in SVG.
1928
1929         Fixes existing tests: css3/zoom-coords.xhtml (cross-platform inconsistencies should be gone, mac now reports floatHeight values for SVG text height)
1930                               svg/hixie/text/003.html (no more pixelation)
1931                               svg/batik/text/smallFonts.svg (small fonts aren't rendered huge anymore on mac)
1932                               svg/hixie/viewbox/preserveAspectRatio/001.xml (bug 21774, no more awful spacing)
1933                               svg/zoom/page/zoom-zoom-coords.xhtml (cross-platform inconsistencies should be gone, inspired by bug 50313)
1934
1935         Tests: svg/text/font-size-below-point-five-2.svg (reduction from bug 50528)
1936                svg/text/font-size-below-point-five.svg (reduction from bug 50528)
1937                svg/text/scaled-font.svg (reduction from bug 12448)
1938                svg/text/small-fonts-2.svg (reduction from bug 14242)
1939                svg/text/small-fonts-3.svg (reduction from bug 17053)
1940                svg/text/small-fonts-in-html5.html (reduction from bug 19393)
1941                svg/text/small-fonts.svg (reduction from bug 20192))
1942
1943         * rendering/svg/RenderSVGInlineText.cpp: Cache 'float scalingFactor' & 'Font scaledFont', whenever the on-screen representation changes.
1944         * rendering/svg/RenderSVGInlineText.h:
1945         * rendering/svg/RenderSVGText.cpp: Update scalingFactor/scaledFont, if necessary.
1946         * rendering/svg/SVGInlineTextBox.cpp: Switch to new font rendering strategy. Always use scaledFont, and remove any context scale before drawing.
1947         * rendering/svg/SVGInlineTextBox.h:
1948         * rendering/svg/SVGTextLayoutEngineBaseline.cpp: Use floating-point metrics everywhere.
1949         * rendering/svg/SVGTextMetrics.cpp: Ditto.
1950         * rendering/svg/SVGTextMetrics.h: Ditto.
1951         * rendering/svg/SVGTextQuery.cpp: Ditto.
1952         * svg/SVGFont.cpp: Adjust stroke thickness, when drawing SVGFonts into a normalized context (no more scale).
1953         * svg/SVGTextContentElement.cpp: Make <text> elements always dependant on window size changes in combination with viewBox set.
1954         * svg/SVGTextPositioningElement.cpp: Remove now unnecessary code to determine wheter relative lengths are used as text attributes.
1955         * svg/SVGTextPositioningElement.h: 
1956
1957 2011-02-03  Pavel Feldman  <pfeldman@chromium.org>
1958
1959         Reviewed by Yury Semikhatsky.
1960
1961         Web Inspector: resources panel doesn't show frames after reload.
1962         https://bugs.webkit.org/show_bug.cgi?id=53430
1963
1964         * inspector/front-end/ResourcesPanel.js:
1965         (WebInspector.ResourcesPanel.prototype.show):
1966         (WebInspector.ResourcesPanel.prototype.loadEventFired):
1967         (WebInspector.ResourcesPanel.prototype._initDefaultSelection):
1968         (WebInspector.ResourcesPanel.prototype.reset):
1969         (WebInspector.ResourcesPanel.prototype.clear):
1970         * inspector/front-end/inspector.js:
1971         (WebInspector.loadEventFired):
1972
1973 2011-02-01  Alexander Pavlov  <apavlov@chromium.org>
1974
1975         Reviewed by Pavel Feldman.
1976
1977         Web Inspector: Remove the *2 suffix from the CSS style-related protocol methods
1978         https://bugs.webkit.org/show_bug.cgi?id=53492
1979
1980         * inspector/Inspector.idl:
1981         * inspector/InspectorCSSAgent.cpp:
1982         (WebCore::InspectorCSSAgent::getStylesForNode):
1983         (WebCore::InspectorCSSAgent::getInlineStyleForNode):
1984         (WebCore::InspectorCSSAgent::getComputedStyleForNode):
1985         (WebCore::InspectorCSSAgent::getAllStyles):
1986         (WebCore::InspectorCSSAgent::getStyleSheet):
1987         (WebCore::InspectorCSSAgent::getStyleSheetText):
1988         (WebCore::InspectorCSSAgent::setStyleSheetText):
1989         (WebCore::InspectorCSSAgent::setPropertyText):
1990         (WebCore::InspectorCSSAgent::toggleProperty):
1991         (WebCore::InspectorCSSAgent::setRuleSelector):
1992         (WebCore::InspectorCSSAgent::addRule):
1993         * inspector/InspectorCSSAgent.h:
1994         * inspector/front-end/AuditRules.js:
1995         (WebInspector.AuditRules.UnusedCssRule.prototype.doRun):
1996         * inspector/front-end/CSSStyleModel.js:
1997         (WebInspector.CSSStyleModel.prototype.getStylesAsync):
1998         (WebInspector.CSSStyleModel.prototype.getComputedStyleAsync):
1999         (WebInspector.CSSStyleModel.prototype.getInlineStyleAsync):
2000         (WebInspector.CSSStyleModel.prototype.setRuleSelector):
2001         (WebInspector.CSSStyleModel.prototype.addRule):
2002         (WebInspector.CSSStyleModel.prototype._styleSheetChanged):
2003         (WebInspector.CSSStyleModel.prototype._onRevert):
2004         (WebInspector.CSSStyleDeclaration.prototype.insertPropertyAt):
2005         (WebInspector.CSSProperty.prototype.setText):
2006         (WebInspector.CSSProperty.prototype.setDisabled):
2007         (WebInspector.CSSStyleSheet.createForId):
2008         (WebInspector.CSSStyleSheet.prototype.setText):
2009
2010 2011-02-03  Adam Barth  <abarth@webkit.org>
2011
2012         Reviewed by Daniel Bates.
2013
2014         Teach XSSFilter about data URLs
2015         https://bugs.webkit.org/show_bug.cgi?id=53662
2016
2017         The XSS filter doesn't really make sense for data URLs because
2018         everything in a "response" from a data URL was part of the request.
2019
2020         Test: http/tests/security/xssAuditor/data-urls-work.html
2021
2022         * html/parser/XSSFilter.cpp:
2023         (WebCore::XSSFilter::init):
2024         (WebCore::XSSFilter::filterToken):
2025
2026 2011-02-02  Chris Evans  <cevans@chromium.org>
2027
2028         Reviewed by Darin Fisher.
2029
2030         window.find() can fail when switching case sensitivity
2031         https://bugs.webkit.org/show_bug.cgi?id=53654
2032
2033         Reset the pattern to a safe one when done, to avoid usearch_reset()
2034         indirectly touching the old, stale text pointer.
2035
2036         Test: fast/text/find-window.html
2037
2038         * editing/TextIterator.cpp:
2039         (WebCore::SearchBuffer::~SearchBuffer): leave a safe pattern buffer when done.
2040
2041 2011-02-02  Adam Barth  <abarth@webkit.org>
2042
2043         Reviewed by Daniel Bates.
2044
2045         Teach XSSFilter that <param> elements can contain URLs
2046         https://bugs.webkit.org/show_bug.cgi?id=53652
2047
2048         When loading plugins for the <object> tag, we're "smart" enough to
2049         reach into the <param> elements and pull out the URL in some cases.
2050         This patch teaches the XSSFilter how to block injections into those
2051         sorts of param elements.
2052
2053         Fixes:
2054             http/tests/security/xssAuditor/object-*
2055
2056         * html/HTMLParamElement.cpp:
2057         (WebCore::HTMLParamElement::isURLParameter):
2058         (WebCore::HTMLParamElement::isURLAttribute):
2059         (WebCore::HTMLParamElement::addSubresourceAttributeURLs):
2060         * html/HTMLParamElement.h:
2061             - Add a helper function so that HTMLParamElement can share the
2062               ground truth for these names with the XSSFilter.
2063         * html/parser/XSSFilter.cpp:
2064         (WebCore::XSSFilter::filterTokenInitial):
2065         (WebCore::XSSFilter::filterParamToken):
2066         * html/parser/XSSFilter.h:
2067
2068 2011-02-02  Dimitri Glazkov  <dglazkov@chromium.org>
2069
2070         Reviewed by David Levin.
2071
2072         GCC compiler on ARM issues bogus warnings and fails to compile.
2073         https://bugs.webkit.org/show_bug.cgi?id=53620
2074
2075         Despite warnings explicitly being disallowed (-Wno-uninitialized),
2076         gcc (Ubuntu 4.4.3-4ubuntu5) 4.4.3 throws up the warnings like:
2077
2078         "error: 'colorTransparent.unstatic.4909' may be used uninitialized in this function"
2079
2080         The fix is to add an extra condition, which somehow pacifies the compiler.
2081
2082         * css/CSSPrimitiveValue.cpp:
2083         (WebCore::CSSPrimitiveValue::createColor): Added workaround conditions.
2084
2085 2011-02-02  Adam Barth  <abarth@webkit.org>
2086
2087         Reviewed by Daniel Bates.
2088
2089         Teach XSSFilter about X-XSS-Protection
2090         https://bugs.webkit.org/show_bug.cgi?id=53640
2091
2092         This patch causes us to pass:
2093             http/tests/security/xssAuditor/full-block-*
2094             http/tests/security/xssAuditor/no-protection-script-tag.html
2095
2096         * html/parser/XSSFilter.cpp:
2097         (WebCore::XSSFilter::XSSFilter):
2098         (WebCore::XSSFilter::init):
2099         (WebCore::XSSFilter::filterToken):
2100         * html/parser/XSSFilter.h:
2101
2102 2011-02-02  Adam Barth  <abarth@webkit.org>
2103
2104         Reviewed by Daniel Bates.
2105
2106         When XSSFilter blocks JavaScript URLs, use a safe JavaScript URL
2107         instead of the empty string
2108         https://bugs.webkit.org/show_bug.cgi?id=53643
2109
2110         In a URL context, the empty string completes to the URL of the current
2111         page, which causes these tests to go into an infinite loop.  Instead,
2112         we should use a "safe" JavaScript URL that does nothing.
2113
2114         Fixes:
2115             http/tests/security/xssAuditor/javascript-link*
2116
2117         * html/parser/XSSFilter.cpp:
2118         (WebCore::XSSFilter::eraseDangerousAttributesIfInjected):
2119
2120 2011-02-02  Dan Bernstein  <mitz@apple.com>
2121
2122         Reviewed by Sam Weinig.
2123
2124         <rdar://problem/8380506> REGRESSION (r61921): RTL text in <b> tag doesn't display in WebKit under certain conditions
2125         https://bugs.webkit.org/show_bug.cgi?id=44942
2126
2127         Test: fast/text/bidi-embedding-pop-and-push-same-2.html
2128
2129         * platform/text/BidiResolver.h:
2130         (WebCore::::commitExplicitEmbedding): Changed to return a boolean indicating whether there was
2131         a change to embedding levels.
2132         (WebCore::::createBidiRunsForLine): If embedding levels did not change as a result of committing
2133         the explicit embedding sequence, then runs were not added, and we should continue normally.
2134
2135 2011-02-02  Sam Weinig  <sam@webkit.org>
2136
2137         Reviewed by Dan Bernstein.
2138
2139         Fix miscalculation of the overhang area used for painting. We were
2140         not correctly accounting for scrollbars resulting in an non-negative
2141         overhang even when we weren't over the edge.
2142
2143         * platform/ScrollView.cpp:
2144         (WebCore::ScrollView::calculateOverhangAreasForPainting):
2145
2146 2011-02-02  Jeremy Orlow  <jorlow@chromium.org>
2147
2148         Reviewed by Nate Chapin.
2149
2150         IDBTransaction and IDBRequest can be deleted while ScriptExecutionContext is iterating....which is bad
2151         https://bugs.webkit.org/show_bug.cgi?id=52722
2152
2153         The solution is to change ScriptExecutionContext's destructor to iterate over
2154         the list in a way that handles the mutations. This new method is destructive,
2155         but that's OK since the object is going away. I've also added a several asserts.
2156
2157         There should be no behavior change.
2158
2159         * dom/ScriptExecutionContext.cpp:
2160         (WebCore::ScriptExecutionContext::ScriptExecutionContext):
2161         (WebCore::ScriptExecutionContext::~ScriptExecutionContext):
2162         (WebCore::ScriptExecutionContext::canSuspendActiveDOMObjects):
2163         (WebCore::ScriptExecutionContext::suspendActiveDOMObjects):
2164         (WebCore::ScriptExecutionContext::resumeActiveDOMObjects):
2165         (WebCore::ScriptExecutionContext::stopActiveDOMObjects):
2166         (WebCore::ScriptExecutionContext::createdActiveDOMObject):
2167         (WebCore::ScriptExecutionContext::destroyedActiveDOMObject):
2168         * dom/ScriptExecutionContext.h:
2169         * storage/IDBTransaction.cpp:
2170         (WebCore::IDBTransaction::contextDestroyed):
2171         * storage/IDBTransaction.h:
2172
2173 2011-02-02  Mark Rowe  <mrowe@apple.com>
2174
2175         Build fix.
2176
2177         * WebCore.exp.in: Remove some bogus symbols from the .exp.in file.
2178         * platform/mac/ScrollbarThemeMac.mm:
2179         (WebCore::ScrollbarThemeMac::unregisterScrollbar): Look the object
2180         up in the HashMap rather than relying on a local variable that doesn't
2181         exist.
2182
2183 2011-02-02  Adam Barth  <abarth@webkit.org>
2184
2185         Reviewed by Daniel Bates.
2186
2187         Teach XSSFilter about JavaScript URLs
2188         https://bugs.webkit.org/show_bug.cgi?id=53635
2189
2190         This patch teaches the XSSFilter to check for JavaScript URLs in
2191         attribute values.  If this approach has too many false positives, we
2192         can restrict which attribute names we examine.
2193
2194         Fixes these tests:
2195             http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL.html
2196             http/tests/security/xssAuditor/dom-write-location-javascript-URL.html
2197             http/tests/security/xssAuditor/iframe-javascript-url*
2198
2199         * html/parser/XSSFilter.cpp:
2200         (WebCore::HTMLNames::containsJavaScriptURL):
2201         (WebCore::XSSFilter::filterTokenInitial):
2202         (WebCore::XSSFilter::eraseDangerousAttributesIfInjected):
2203         * html/parser/XSSFilter.h:
2204
2205 2011-02-02  Dan Bernstein  <mitz@apple.com>
2206
2207         Reviewed by Sam Weinig, even though this is just a...
2208
2209         ...build fix.
2210
2211         * platform/mac/ScrollAnimatorMac.mm:
2212         (WebCore::ScrollAnimatorMac::~ScrollAnimatorMac):
2213
2214 2011-02-02  Mark Rowe  <mrowe@apple.com>
2215
2216         Reviewed by Beth Dakin.
2217
2218         <rdar://problem/8952012> Crash on launch inside scrollbar code.
2219
2220         We need to ensure that we remove ourselves as the delegates of objects when we're going
2221         away as failing to do this can lead to crashes if the lifetime of the other objects
2222         is longer than ours.
2223
2224         * platform/mac/ScrollAnimatorMac.mm:
2225         (WebCore::ScrollAnimatorMac::~ScrollAnimatorMac):
2226         * platform/mac/ScrollbarThemeMac.mm:
2227         (WebCore::ScrollbarThemeMac::unregisterScrollbar):
2228
2229 2011-02-02  Beth Dakin  <bdakin@apple.com>
2230
2231         Build fix.
2232
2233         * WebCore.exp.in:
2234
2235 2011-02-02  Patrick Gansterer  <paroga@webkit.org>
2236
2237         Unreviewed WinCE build fix for r77397.
2238
2239         * page/wince/FrameWinCE.cpp:
2240         (WebCore::computePageRectsForFrame):
2241
2242 2011-02-02  Patrick Gansterer  <paroga@webkit.org>
2243
2244         Unreviewed WinCE build fix for r77398.
2245
2246         * platform/graphics/wince/PlatformPathWinCE.cpp:
2247         (WebCore::containsPoint):
2248         (WebCore::inflateRectToContainPoint):
2249         (WebCore::PlatformPath::addRect):
2250         * platform/graphics/wince/SharedBitmap.cpp:
2251         (WebCore::SharedBitmap::drawPattern):
2252         * rendering/RenderThemeWinCE.cpp:
2253         (WebCore::RenderThemeWinCE::paintMenuListButton):
2254         (WebCore::RenderThemeWinCE::paintSearchFieldCancelButton):
2255         (WebCore::RenderThemeWinCE::paintSliderTrack):
2256         (WebCore::RenderThemeWinCE::paintMediaMuteButton):
2257         (WebCore::RenderThemeWinCE::paintMediaPlayButton):
2258         (WebCore::RenderThemeWinCE::paintMediaSeekBackButton):
2259         (WebCore::RenderThemeWinCE::paintMediaSeekForwardButton):
2260
2261 2011-02-02  Jian Li  <jianli@chromium.org>
2262
2263         Reviewed by Kenneth Russell.
2264
2265         [V8] Accessing DataView with index of -1 returns 0, doesn't throw
2266         https://bugs.webkit.org/show_bug.cgi?id=53559
2267
2268         Added test cases to cover this in fast/canvas/webgl/data-view-test.html.
2269
2270         * html/canvas/DataView.h:
2271         (WebCore::DataView::beyondRange):
2272
2273 2011-02-02  Sam Weinig  <sam@webkit.org>
2274
2275         Reviewed by Beth Dakin.
2276
2277         Add ChromeClient function to paint custom overhang areas.
2278         https://bugs.webkit.org/show_bug.cgi?id=53639
2279
2280         * page/Chrome.cpp:
2281         (WebCore::ChromeClient::paintCustomOverhangArea):
2282         * page/ChromeClient.h:
2283         Add ChromeClient function.
2284
2285         * page/FrameView.cpp:
2286         (WebCore::FrameView::paintOverhangAreas):
2287         * page/FrameView.h:
2288         Call out the the ChromeClient, call ScrollView base implementation
2289         if the ChromeClient returns false.
2290
2291         * platform/ScrollView.cpp:
2292         (WebCore::ScrollView::paintOverhangAreas):
2293         * platform/ScrollView.h:
2294         Add dirty rect for use when painting overhang areas.
2295
2296 2011-02-02  Peter Kasting  <pkasting@google.com>
2297
2298         Not reviewed, build fix.
2299
2300         Fix compile after r77427.
2301         https://bugs.webkit.org/show_bug.cgi?id=53455
2302
2303         * platform/graphics/qt/ImageDecoderQt.cpp:
2304         (WebCore::ImageDecoderQt::internalHandleCurrentImage):
2305         * platform/image-decoders/ImageDecoder.cpp:
2306         (WebCore::ImageFrame::operator=):
2307         * platform/image-decoders/bmp/BMPImageReader.cpp:
2308         (WebCore::BMPImageReader::decodeBMP):
2309         * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
2310         (WebCore::JPEGImageDecoder::outputScanlines):
2311         * platform/image-decoders/png/PNGImageDecoder.cpp:
2312         (WebCore::PNGImageDecoder::rowAvailable):
2313         * platform/image-decoders/webp/WEBPImageDecoder.cpp:
2314         (WebCore::WEBPImageDecoder::decode):
2315
2316 2011-02-02  Peter Kasting  <pkasting@google.com>
2317
2318         Reviewed by David Levin.
2319
2320         Clean up ImageDecoder's comments (remove/trim/clarify).
2321         https://bugs.webkit.org/show_bug.cgi?id=53455
2322
2323         This also renames or eliminates a couple of functions for clarity, and
2324         switches a couple erroneous strncmp() calls to memcmp().
2325
2326         * platform/image-decoders/ImageDecoder.cpp:
2327         (WebCore::ImageDecoder::create):
2328         (WebCore::ImageFrame::clearPixelData):
2329         (WebCore::ImageFrame::zeroFillPixelData):
2330         (WebCore::ImageFrame::setSize):
2331         * platform/image-decoders/ImageDecoder.h:
2332         (WebCore::ImageFrame::originalFrameRect):
2333         (WebCore::ImageFrame::setOriginalFrameRect):
2334         (WebCore::ImageDecoder::ImageDecoder):
2335         (WebCore::ImageDecoder::~ImageDecoder):
2336         (WebCore::ImageDecoder::isSizeAvailable):
2337         (WebCore::ImageDecoder::size):
2338         (WebCore::ImageDecoder::setIgnoreGammaAndColorProfile):
2339         (WebCore::ImageDecoder::clearFrameBufferCache):
2340         (WebCore::ImageDecoder::isOverSize):
2341         * platform/image-decoders/bmp/BMPImageReader.cpp:
2342         (WebCore::BMPImageReader::processNonRLEData):
2343         * platform/image-decoders/cg/ImageDecoderCG.cpp:
2344         (WebCore::ImageFrame::setSize):
2345         * platform/image-decoders/gif/GIFImageDecoder.cpp:
2346         (WebCore::GIFImageDecoder::clearFrameBufferCache):
2347         (WebCore::GIFImageDecoder::frameComplete):
2348         (WebCore::GIFImageDecoder::initFrameBuffer):
2349         * platform/image-decoders/jpeg/JPEGImageDecoder.h:
2350         * platform/image-decoders/qt/ImageFrameQt.cpp:
2351         (WebCore::ImageFrame::operator=):
2352         (WebCore::ImageFrame::clearPixelData):
2353         (WebCore::ImageFrame::zeroFillPixelData):
2354         (WebCore::ImageFrame::setSize):
2355         * platform/image-decoders/skia/ImageDecoderSkia.cpp:
2356         (WebCore::ImageFrame::operator=):
2357         (WebCore::ImageFrame::clearPixelData):
2358         (WebCore::ImageFrame::zeroFillPixelData):
2359         (WebCore::ImageFrame::setSize):
2360         * platform/image-decoders/webp/WEBPImageDecoder.h:
2361
2362 2011-02-02  Vangelis Kokkevis  <vangelis@chromium.org>
2363
2364         [chromium] Adding support for reflections to the accelerated
2365         compositing path.
2366         https://bugs.webkit.org/show_bug.cgi?id=53179
2367
2368         All layout tests in compositing/reflections generate correct
2369         results with the exception of:
2370         1. nested-reflection-anchor-point.html : There appears to be
2371            some issue with the layer transform math that I haven't been
2372            able to track down yet.
2373         2. reflection-opacity.html : The current implementation applies
2374            opacity before doing the reflection which makes this test
2375            produce incorrect results.  This will affect reflected layers
2376            with opacity that overlap their original layer.  FIXME comment
2377            added in the code.
2378
2379         Tests: Covered by existing layout tests in compositing/reflections.
2380                Please see above for exceptions.
2381
2382         * platform/graphics/chromium/GraphicsLayerChromium.cpp:
2383         (WebCore::GraphicsLayerChromium::setReplicatedByLayer):
2384         (WebCore::GraphicsLayerChromium::updateAnchorPoint):
2385         * platform/graphics/chromium/GraphicsLayerChromium.h:
2386         * platform/graphics/chromium/LayerChromium.cpp:
2387         (WebCore::LayerChromium::LayerChromium):
2388         * platform/graphics/chromium/LayerChromium.h:
2389         (WebCore::LayerChromium::setReplicaLayer):
2390         (WebCore::LayerChromium::replicaLayer):
2391         * platform/graphics/chromium/LayerRendererChromium.cpp:
2392         (WebCore::LayerRendererChromium::updateLayersRecursive):
2393         (WebCore::LayerRendererChromium::drawLayer):
2394         * platform/graphics/chromium/RenderSurfaceChromium.cpp:
2395         (WebCore::RenderSurfaceChromium::drawableContentRect):
2396         (WebCore::RenderSurfaceChromium::drawSurface):
2397         (WebCore::RenderSurfaceChromium::draw):
2398         * platform/graphics/chromium/RenderSurfaceChromium.h:
2399         (WebCore::RenderSurfaceChromium::drawTransform):
2400
2401 2011-02-02  Xiyuan Xia  <xiyuan@chromium.org>
2402
2403         Reviewed by Tony Chang.
2404
2405         [Chromium] Select popup with padding has white strip on right
2406         https://bugs.webkit.org/show_bug.cgi?id=53602
2407
2408         No new tests as this change restores old behavior.
2409
2410         * platform/chromium/PopupMenuChromium.cpp:
2411         (WebCore::PopupListBox::layout):
2412
2413 2011-02-02  Beth Dakin  <bdakin@apple.com>
2414
2415         Reviewed by Mark Rowe.
2416
2417         Fix for <rdar://problem/8950343> CrashTracer: [USER]
2418         1 crash in WebProcess at com.apple.WebCore: 
2419         WebCore::ScrollbarThemeMac::unregisterScrollbar + 22
2420
2421         It is possible for a Scrollbar's ScrollableArea to be null,
2422         so we must null check.
2423         * platform/mac/ScrollbarThemeMac.mm:
2424         (WebCore::ScrollbarThemeMac::registerScrollbar):
2425         (WebCore::ScrollbarThemeMac::unregisterScrollbar):
2426
2427 2011-02-02  Zhenyao Mo  <zmo@google.com>
2428
2429         Reviewed by Kenneth Russell.
2430
2431         bufferData and bufferSubData should generate INVALID_VALUE with negative input
2432         https://bugs.webkit.org/show_bug.cgi?id=53626
2433
2434         * html/canvas/WebGLRenderingContext.cpp:
2435         (WebCore::WebGLRenderingContext::bufferData):
2436         (WebCore::WebGLRenderingContext::bufferSubData):
2437
2438 2011-02-02  Jeff Miller  <jeffm@apple.com>
2439
2440         Reviewed by Darin Adler and Steve Falkenburg.
2441
2442         Add DerivedSources.make to some Visual Studio projects
2443         https://bugs.webkit.org/show_bug.cgi?id=53607
2444
2445         * WebCore.vcproj/WebCoreGenerated.vcproj: Add DerivedSources.make.
2446
2447 2011-02-02  Cris Neckar  <cdn@chromium.org>
2448
2449         Reviewed by James Robinson.
2450
2451         Refcount domwindows when dispatching device orientation events.
2452         https://bugs.webkit.org/show_bug.cgi?id=53623
2453
2454         Test: fast/events/device-orientation-crash.html
2455
2456         * dom/DeviceMotionController.cpp:
2457         (WebCore::DeviceMotionController::timerFired):
2458         (WebCore::DeviceMotionController::didChangeDeviceMotion):
2459         * dom/DeviceMotionController.h:
2460         * dom/DeviceOrientationController.cpp:
2461         (WebCore::DeviceOrientationController::timerFired):
2462         (WebCore::DeviceOrientationController::didChangeDeviceOrientation):
2463         * dom/DeviceOrientationController.h:
2464
2465 2011-02-02  Zhenyao Mo  <zmo@google.com>
2466
2467         Reviewed by Kenneth Russell.
2468
2469         A deleted object should never been bound again
2470         https://bugs.webkit.org/show_bug.cgi?id=53604
2471
2472         * html/canvas/WebGLRenderingContext.cpp:
2473         (WebCore::WebGLRenderingContext::checkObjectToBeBound): Helper function to bind* and useProgram.
2474         (WebCore::WebGLRenderingContext::bindBuffer): Use checkObjectToBeBound.
2475         (WebCore::WebGLRenderingContext::bindFramebuffer): Ditto.
2476         (WebCore::WebGLRenderingContext::bindRenderbuffer): Ditto.
2477         (WebCore::WebGLRenderingContext::bindTexture): Ditto, also check the target matching.
2478         (WebCore::WebGLRenderingContext::deleteObject): Helper funtion to delete*.
2479         (WebCore::WebGLRenderingContext::deleteBuffer): Use deleteObject.
2480         (WebCore::WebGLRenderingContext::deleteFramebuffer): Ditto.
2481         (WebCore::WebGLRenderingContext::deleteProgram): Ditto.
2482         (WebCore::WebGLRenderingContext::deleteRenderbuffer): Ditto.
2483         (WebCore::WebGLRenderingContext::deleteShader): Ditto.
2484         (WebCore::WebGLRenderingContext::deleteTexture): Ditto.
2485         (WebCore::WebGLRenderingContext::useProgram): Use checkObjectToBeBound.
2486         * html/canvas/WebGLRenderingContext.h:
2487         * html/canvas/WebGLTexture.h:
2488         (WebCore::WebGLTexture::getTarget): Accessor to cached target.
2489
2490 2011-02-02  Alejandro G. Castro  <alex@igalia.com>
2491
2492         Unreviewed Efl buildfix after r77399.
2493
2494         * CMakeListsEfl.txt:
2495
2496 2011-02-02  Kenneth Russell  <kbr@google.com>
2497
2498         Reviewed by James Robinson.
2499
2500         Rename Typed Array subset to subarray
2501         https://bugs.webkit.org/show_bug.cgi?id=53618
2502
2503         * html/canvas/Float32Array.cpp:
2504         (WebCore::Float32Array::subarray):
2505         * html/canvas/Float32Array.h:
2506         * html/canvas/Float32Array.idl:
2507         * html/canvas/Int16Array.cpp:
2508         (WebCore::Int16Array::subarray):
2509         * html/canvas/Int16Array.h:
2510         * html/canvas/Int16Array.idl:
2511         * html/canvas/Int32Array.cpp:
2512         (WebCore::Int32Array::subarray):
2513         * html/canvas/Int32Array.h:
2514         * html/canvas/Int32Array.idl:
2515         * html/canvas/Int8Array.cpp:
2516         (WebCore::Int8Array::subarray):
2517         * html/canvas/Int8Array.h:
2518         * html/canvas/Int8Array.idl:
2519         * html/canvas/TypedArrayBase.h:
2520         (WebCore::TypedArrayBase::subarrayImpl):
2521         * html/canvas/Uint16Array.cpp:
2522         (WebCore::Uint16Array::subarray):
2523         * html/canvas/Uint16Array.h:
2524         * html/canvas/Uint16Array.idl:
2525         * html/canvas/Uint32Array.cpp:
2526         (WebCore::Uint32Array::subarray):
2527         * html/canvas/Uint32Array.h:
2528         * html/canvas/Uint32Array.idl:
2529         * html/canvas/Uint8Array.cpp:
2530         (WebCore::Uint8Array::subarray):
2531         * html/canvas/Uint8Array.h:
2532         * html/canvas/Uint8Array.idl:
2533
2534 2011-02-02  Adam Barth  <abarth@webkit.org>
2535
2536         Reviewed by Eric Seidel.
2537
2538         Add an empty file for Content Security Policy
2539         https://bugs.webkit.org/show_bug.cgi?id=53573
2540
2541         Posting this as a separate patch because editing the build files is so
2542         painful.
2543
2544         * Android.mk:
2545         * CMakeLists.txt:
2546         * GNUmakefile.am:
2547         * WebCore.gypi:
2548         * WebCore.pro:
2549         * WebCore.vcproj/WebCore.vcproj:
2550         * WebCore.xcodeproj/project.pbxproj:
2551
2552 2011-02-02  Dan Winship  <danw@gnome.org>
2553
2554         Reviewed by Martin Robinson.
2555
2556         [GTK] remove old data: URI handler, fix the SoupRequest-based one
2557         to pass tests
2558         https://bugs.webkit.org/show_bug.cgi?id=50885
2559
2560         * platform/network/soup/ResourceHandleSoup.cpp:
2561         (WebCore::sendRequestCallback): Do content-type sniffing here for
2562         non-HTTP requests.
2563         (WebCore::startHTTPRequest): Rename to match WebKit style.
2564         (WebCore::ResourceHandle::start): Pass everything except HTTP to
2565         startNonHTTPRequest, letting the SoupRequester decide whether it's
2566         supported or not.
2567         (WebCore::startNonHTTPRequest): Remove some old pre-SoupRequester
2568         code that was a no-op for file: URIs, but would break some data:
2569         URIs.
2570
2571 2011-02-02  Dimitri Glazkov  <dglazkov@chromium.org>
2572
2573         Update even more references to right() and bottom() in Chromium. Sheesh.
2574
2575         * platform/graphics/chromium/LayerRendererChromium.cpp:
2576         (WebCore::LayerRendererChromium::getFramebufferPixels): Replaced bottom/right with maxY/maxX.
2577
2578 2011-02-02  Alejandro G. Castro  <alex@igalia.com>
2579
2580         Unreviewed Gtk3 buildfix after r77286.
2581
2582         https://bugs.webkit.org/show_bug.cgi?id=53520
2583         Remove the physical terminology from IntRect and FloatRect.
2584
2585         * platform/gtk/RenderThemeGtk3.cpp:
2586         (WebCore::RenderThemeGtk::paintMenuList):
2587
2588 2011-02-02  Anders Carlsson  <andersca@apple.com>
2589
2590         Fix build.
2591
2592         * platform/mac/ScrollAnimatorMac.mm:
2593         (WebCore::ScrollAnimatorMac::pinnedInDirection):
2594
2595 2011-02-02  David Hyatt  <hyatt@apple.com>
2596
2597         Reviewed by Dan Bernstein.
2598
2599         https://bugs.webkit.org/show_bug.cgi?id=53619
2600
2601         Floats should not use physical terminology for their rects. Replace left/top with x/y and right/bottom
2602         with maxX/maxY.  This matches IntRect.
2603
2604         * rendering/RenderBlock.cpp:
2605         (WebCore::RenderBlock::addOverflowFromFloats):
2606         (WebCore::RenderBlock::flipFloatForWritingMode):
2607         (WebCore::RenderBlock::paintFloats):
2608         (WebCore::RenderBlock::selectionGaps):
2609         (WebCore::RenderBlock::addOverhangingFloats):
2610         (WebCore::RenderBlock::addIntrudingFloats):
2611         (WebCore::RenderBlock::hitTestFloats):
2612         (WebCore::RenderBlock::adjustForBorderFit):
2613         * rendering/RenderBlock.h:
2614         (WebCore::RenderBlock::FloatingObject::x):
2615         (WebCore::RenderBlock::FloatingObject::maxX):
2616         (WebCore::RenderBlock::FloatingObject::y):
2617         (WebCore::RenderBlock::FloatingObject::maxY):
2618         (WebCore::RenderBlock::FloatingObject::setX):
2619         (WebCore::RenderBlock::FloatingObject::setY):
2620         (WebCore::RenderBlock::logicalTopForFloat):
2621         (WebCore::RenderBlock::logicalBottomForFloat):
2622         (WebCore::RenderBlock::logicalLeftForFloat):
2623         (WebCore::RenderBlock::logicalRightForFloat):
2624         (WebCore::RenderBlock::setLogicalTopForFloat):
2625         (WebCore::RenderBlock::setLogicalLeftForFloat):
2626         (WebCore::RenderBlock::xPositionForFloatIncludingMargin):
2627         (WebCore::RenderBlock::yPositionForFloatIncludingMargin):
2628
2629 2011-02-02  Dimitri Glazkov  <dglazkov@chromium.org>
2630
2631         Update more references to right() and bottom() in Chromium Win.
2632
2633         * platform/graphics/chromium/TransparencyWin.cpp:
2634         (WebCore::TransparencyWin::compositeOpaqueComposite): Replaced bottom/right with maxY/maxX.
2635         (WebCore::TransparencyWin::compositeTextComposite): Ditto.
2636         * rendering/RenderThemeChromiumWin.cpp:
2637         (WebCore::RenderThemeChromiumWin::paintMenuList): Ditto.
2638
2639 2011-02-02  Adam Roben  <aroben@apple.com>
2640
2641         Encode/decode FormData and FormDataElement objects consistently
2642
2643         Fixes <http://webkit.org/b/53615> <rdar://problem/8943346> WebKit2: Restoring session state
2644         that contains form data fails (asserts in Debug build)
2645
2646         To prevent this from interfering with WebKit2 testing, it's useful to get this into a build
2647         now, even though we don't have an automated test for it yet. Writing a test is covered by
2648         <http://webkit.org/b/53616>.
2649
2650         Reviewed by Darin Adler.
2651
2652         * history/HistoryItem.cpp: Bump the encoding version, since this patch changes how we encode
2653         FormData objects.
2654
2655         * platform/network/FormData.cpp:
2656         (WebCore::decode): Decode the type from the Decoder, rather than getting it from the
2657         default-constructed FormDataElement. Failing to do this meant that all future uses of the
2658         Decoder would be reading from an unexpected part of the buffer (i.e., the next decode would
2659         start by reading the uint32_t that we forgot to decode here, and so on). We already had code
2660         to correctly set the FormDataElement's type based on this decoded type later in the
2661         function.
2662         (WebCore::FormData::encodeForBackForward): Encode m_identifier as an int64_t, since that
2663         matches its type and how we decode it.
2664
2665 2011-02-02  Dan Winship  <danw@gnome.org>
2666
2667         Reviewed by Martin Robinson.
2668
2669         [GTK] drop soup cache stuff, which has been moved to libsoup
2670         https://bugs.webkit.org/show_bug.cgi?id=50747
2671
2672         Use libsoup-based cache/requester API and remove the WebCore version
2673         of this functionality. This has been pushed upstream fully.
2674
2675         No new tests because this should not change functionality.
2676
2677         * GNUmakefile.am: Update for removed files.
2678         * platform/network/ResourceHandleInternal.h:
2679         (WebCore::ResourceHandleInternal::ResourceHandleInternal): Update
2680         type names, drop m_requester.
2681         * platform/network/soup/ResourceHandleSoup.cpp:
2682         (WebCore::ensureSessionIsInitialized): Add a SoupRequester to the
2683         session.
2684         (WebCore::parseDataUrl):
2685         (WebCore::startHttp): Get the requester from the session rather
2686         than using m_requester.
2687         (WebCore::sendRequestCallback):
2688         (WebCore::ResourceHandle::platformSetDefersLoading):
2689         (WebCore::readCallback):
2690         (WebCore::startGio): Update type names.
2691         * platform/network/soup/cache/soup-directory-input-stream.c: Removed.
2692         * platform/network/soup/cache/soup-directory-input-stream.h: Removed.
2693         * platform/network/soup/cache/soup-http-input-stream.c: Removed.
2694         * platform/network/soup/cache/soup-http-input-stream.h: Removed.
2695         * platform/network/soup/cache/soup-request-data.c: Removed.
2696         * platform/network/soup/cache/soup-request-data.h: Removed.
2697         * platform/network/soup/cache/soup-request-file.c: Removed.
2698         * platform/network/soup/cache/soup-request-file.h: Removed.
2699         * platform/network/soup/cache/soup-request-http.c: Removed.
2700         * platform/network/soup/cache/soup-request-http.h: Removed.
2701         * platform/network/soup/cache/soup-request.c: Removed.
2702         * platform/network/soup/cache/soup-request.h: Removed.
2703         * platform/network/soup/cache/soup-requester.c: Removed.
2704         * platform/network/soup/cache/soup-requester.h: Removed.
2705         * platform/network/soup/cache/webkit/soup-cache-private.h: Removed.
2706         * platform/network/soup/cache/webkit/soup-cache.c: Removed.
2707         * platform/network/soup/cache/webkit/soup-cache.h: Removed.
2708
2709 2011-02-02  David Hyatt  <hyatt@apple.com>
2710
2711         Reviewed by Darin Adler.
2712
2713         https://bugs.webkit.org/show_bug.cgi?id=53520
2714
2715         Remove physical accessors from IntRect and FloatRect.
2716
2717         * page/FrameView.cpp:
2718         (WebCore::FrameView::adjustPageHeightDeprecated):
2719         * platform/graphics/FloatRect.h:
2720         * platform/graphics/IntRect.h:
2721
2722 2011-02-02  David Hyatt  <hyatt@apple.com>
2723
2724         Reviewed by Dan Bernstein.
2725
2726         https://bugs.webkit.org/show_bug.cgi?id=53614
2727
2728         Remove physical terminology from overflow.  Replace with minX/maxX/minY/maxY.
2729
2730         * rendering/InlineFlowBox.cpp:
2731         (WebCore::InlineFlowBox::addBoxShadowVisualOverflow):
2732         (WebCore::InlineFlowBox::addTextBoxVisualOverflow):
2733         * rendering/InlineFlowBox.h:
2734         (WebCore::InlineFlowBox::minYLayoutOverflow):
2735         (WebCore::InlineFlowBox::maxYLayoutOverflow):
2736         (WebCore::InlineFlowBox::minXLayoutOverflow):
2737         (WebCore::InlineFlowBox::maxXLayoutOverflow):
2738         (WebCore::InlineFlowBox::logicalLeftLayoutOverflow):
2739         (WebCore::InlineFlowBox::logicalRightLayoutOverflow):
2740         (WebCore::InlineFlowBox::logicalTopLayoutOverflow):
2741         (WebCore::InlineFlowBox::logicalBottomLayoutOverflow):
2742         (WebCore::InlineFlowBox::minYVisualOverflow):
2743         (WebCore::InlineFlowBox::maxYVisualOverflow):
2744         (WebCore::InlineFlowBox::minXVisualOverflow):
2745         (WebCore::InlineFlowBox::maxXVisualOverflow):
2746         (WebCore::InlineFlowBox::logicalLeftVisualOverflow):
2747         (WebCore::InlineFlowBox::logicalRightVisualOverflow):
2748         (WebCore::InlineFlowBox::logicalminYVisualOverflow):
2749         (WebCore::InlineFlowBox::logicalmaxYVisualOverflow):
2750         * rendering/RenderBlock.cpp:
2751         (WebCore::RenderBlock::adjustLinePositionForPagination):
2752         * rendering/RenderBlockLineLayout.cpp:
2753         (WebCore::RenderBlock::beforeSideVisualOverflowForLine):
2754         (WebCore::RenderBlock::afterSideVisualOverflowForLine):
2755         (WebCore::RenderBlock::beforeSideLayoutOverflowForLine):
2756         (WebCore::RenderBlock::afterSideLayoutOverflowForLine):
2757         * rendering/RenderBox.cpp:
2758         (WebCore::RenderBox::scrollWidth):
2759         (WebCore::RenderBox::scrollHeight):
2760         * rendering/RenderBox.h:
2761         (WebCore::RenderBox::minYLayoutOverflow):
2762         (WebCore::RenderBox::maxYLayoutOverflow):
2763         (WebCore::RenderBox::minXLayoutOverflow):
2764         (WebCore::RenderBox::maxXLayoutOverflow):
2765         (WebCore::RenderBox::logicalLeftLayoutOverflow):
2766         (WebCore::RenderBox::logicalRightLayoutOverflow):
2767         (WebCore::RenderBox::minYVisualOverflow):
2768         (WebCore::RenderBox::maxYVisualOverflow):
2769         (WebCore::RenderBox::minXVisualOverflow):
2770         (WebCore::RenderBox::maxXVisualOverflow):
2771         (WebCore::RenderBox::logicalLeftVisualOverflow):
2772         (WebCore::RenderBox::logicalRightVisualOverflow):
2773         * rendering/RenderInline.cpp:
2774         (WebCore::RenderInline::linesVisualOverflowBoundingBox):
2775         * rendering/RenderLayerCompositor.cpp:
2776         (WebCore::RenderLayerCompositor::ensureRootPlatformLayer):
2777         * rendering/RenderLineBoxList.cpp:
2778         (WebCore::RenderLineBoxList::anyLineIntersectsRect):
2779         (WebCore::RenderLineBoxList::lineIntersectsDirtyRect):
2780         (WebCore::RenderLineBoxList::paint):
2781         (WebCore::RenderLineBoxList::hitTest):
2782         * rendering/RenderMarquee.cpp:
2783         (WebCore::RenderMarquee::computePosition):
2784         * rendering/RenderOverflow.h:
2785         (WebCore::RenderOverflow::RenderOverflow):
2786         (WebCore::RenderOverflow::minYLayoutOverflow):
2787         (WebCore::RenderOverflow::maxYLayoutOverflow):
2788         (WebCore::RenderOverflow::minXLayoutOverflow):
2789         (WebCore::RenderOverflow::maxXLayoutOverflow):
2790         (WebCore::RenderOverflow::minYVisualOverflow):
2791         (WebCore::RenderOverflow::maxYVisualOverflow):
2792         (WebCore::RenderOverflow::minXVisualOverflow):
2793         (WebCore::RenderOverflow::maxXVisualOverflow):
2794         (WebCore::RenderOverflow::setminYVisualOverflow):
2795         (WebCore::RenderOverflow::visualOverflowRect):
2796         (WebCore::RenderOverflow::move):
2797         (WebCore::RenderOverflow::addVisualOverflow):
2798         (WebCore::RenderOverflow::setVisualOverflow):
2799         * rendering/RenderReplaced.cpp:
2800         (WebCore::RenderReplaced::shouldPaint):
2801         * rendering/RenderTable.cpp:
2802         (WebCore::RenderTable::layout):
2803         (WebCore::RenderTable::paint):
2804         * rendering/RenderTableCell.cpp:
2805         (WebCore::RenderTableCell::clippedOverflowRectForRepaint):
2806         * rendering/RenderTreeAsText.cpp:
2807         (WebCore::writeLayers):
2808         * rendering/RenderView.cpp:
2809         (WebCore::RenderView::docTop):
2810
2811 2011-02-02  Steve Lacey  <sjl@chromium.org>
2812
2813         Reviewed by Eric Carlson.
2814
2815         Implement basic media statistics on media elements.
2816         https://bugs.webkit.org/show_bug.cgi?id=53322
2817
2818         * Configurations/FeatureDefines.xcconfig:
2819         * GNUmakefile.am:
2820         * features.pri:
2821         * html/HTMLMediaElement.cpp:
2822         (WebCore::HTMLMediaElement::webkitAudioBytesDecoded):
2823         (WebCore::HTMLMediaElement::webkitVideoBytesDecoded):
2824         * html/HTMLMediaElement.h:
2825         * html/HTMLMediaElement.idl:
2826         * html/HTMLVideoElement.cpp:
2827         (WebCore::HTMLVideoElement::webkitDecodedFrames):
2828         (WebCore::HTMLVideoElement::webkitDroppedFrames):
2829         * html/HTMLVideoElement.h:
2830         * html/HTMLVideoElement.idl:
2831         * platform/graphics/MediaPlayer.cpp:
2832         (WebCore::MediaPlayer::decodedFrames):
2833         (WebCore::MediaPlayer::droppedFrames):
2834         (WebCore::MediaPlayer::audioBytesDecoded):
2835         (WebCore::MediaPlayer::videoBytesDecoded):
2836         * platform/graphics/MediaPlayer.h:
2837         * platform/graphics/MediaPlayerPrivate.h:
2838         (WebCore::MediaPlayerPrivateInterface::decodedFrames):
2839         (WebCore::MediaPlayerPrivateInterface::droppedFrames):
2840         (WebCore::MediaPlayerPrivateInterface::audioBytesDecoded):
2841         (WebCore::MediaPlayerPrivateInterface::videoBytesDecoded):
2842
2843 2011-02-02  Luiz Agostini  <luiz.agostini@openbossa.org>
2844
2845         Reviewed by David Hyatt.
2846
2847         More conversion from right()/bottom() to maxX()/maxY().
2848
2849         * page/qt/FrameQt.cpp:
2850         (WebCore::Frame::dragImageForSelection):
2851         * platform/graphics/qt/GraphicsContextQt.cpp:
2852         (WebCore::GraphicsContext::roundToDevicePixels):
2853
2854 2011-02-02  Kevin Ollivier  <kevino@theolliviers.com>
2855
2856         [wx] Build fixes for wxWebKit.
2857
2858         * bindings/cpp/WebDOMHTMLDocumentCustom.cpp:
2859         (documentWrite):
2860         * bindings/scripts/CodeGeneratorCPP.pm:
2861         * page/wx/DragControllerWx.cpp:
2862         (WebCore::DragController::dragOperation):
2863         * platform/graphics/wx/FontCustomPlatformData.h:
2864         * platform/graphics/wx/FontPlatformData.h:
2865         (WebCore::FontPlatformData::widthVariant):
2866         * platform/graphics/wx/FontPlatformDataWx.cpp:
2867         (WebCore::FontPlatformData::computeHash):
2868         * platform/graphics/wx/FontWx.cpp:
2869         * platform/graphics/wx/GraphicsContextWx.cpp:
2870         (WebCore::GraphicsContext::fillPath):
2871         (WebCore::GraphicsContext::strokePath):
2872         * platform/wx/RenderThemeWx.cpp:
2873
2874 2011-02-02  David Hyatt  <hyatt@apple.com>
2875
2876         Reviewed by Darin Adler.
2877
2878         More right()/bottom() to maxX()/maxY() conversion.
2879
2880         * page/chromium/FrameChromium.cpp:
2881         (WebCore::Frame::nodeImage):
2882         (WebCore::Frame::dragImageForSelection):
2883
2884 2011-02-02  Sam Weinig  <sam@webkit.org>
2885
2886         Fix windows clean build.
2887
2888         * DerivedSources.make:
2889
2890 2011-02-02  Mikhail Naganov  <mnaganov@chromium.org>
2891
2892         Reviewed by Pavel Feldman.
2893
2894         Web Inspector: [Chromium] Landing detailed heap snapshots, part 2.
2895
2896         https://bugs.webkit.org/show_bug.cgi?id=53606
2897
2898         Display progress while taking a snapshot, and hints while loading
2899         and parsing. This is needed because taking detailed heap snapshots
2900         takes time.
2901
2902         * English.lproj/localizedStrings.js:
2903         * inspector/front-end/DetailedHeapshotView.js:
2904         (WebInspector.DetailedHeapshotProfileType.prototype.buttonClicked):
2905         * inspector/front-end/ProfilesPanel.js:
2906         (WebInspector.ProfilesPanel.prototype._reset):
2907         (WebInspector.ProfilesPanel.prototype._addProfileHeader):
2908         (WebInspector.ProfilesPanel.prototype.getProfiles):
2909         (WebInspector.ProfilesPanel.prototype.loadHeapSnapshot):
2910         (WebInspector.ProfilesPanel.prototype._finishHeapSnapshot.doParse):
2911         (WebInspector.ProfilesPanel.prototype._finishHeapSnapshot):
2912         (WebInspector.ProfilesPanel.prototype.takeHeapSnapshot):
2913         (WebInspector.ProfilesPanel.prototype._reportHeapSnapshotProgress):
2914         * inspector/front-end/SidebarTreeElement.js:
2915         (WebInspector.SidebarTreeElement.prototype.refreshTitles):
2916
2917 2011-02-02  David Hyatt  <hyatt@apple.com>
2918
2919         Reviewed by Darin Adler.
2920
2921         More conversion from right()/bottom() to maxX()/maxY().
2922
2923         * platform/win/PopupMenuWin.cpp:
2924         (WebCore::PopupMenuWin::calculatePositionAndSize):
2925         (WebCore::PopupMenuWin::paint):
2926
2927 2011-02-02  David Hyatt  <hyatt@apple.com>
2928
2929         Reviewed by Darin Adler.
2930
2931         Removal of right()/bottom().  Replace with maxX() and maxY().  Still converting.  Haven't removed yet.
2932
2933         * platform/chromium/PopupMenuChromium.cpp:
2934         (WebCore::PopupContainer::layoutAndCalculateWidgetRect):
2935         (WebCore::PopupListBox::scrollToRevealRow):
2936         (WebCore::PopupListBox::layout):
2937         * platform/graphics/FloatRect.h:
2938         * platform/graphics/IntRect.h:
2939         * platform/graphics/cairo/ImageBufferCairo.cpp:
2940         (WebCore::getImageData):
2941         (WebCore::putImageData):
2942         * platform/graphics/chromium/GLES2Canvas.cpp:
2943         (WebCore::GLES2Canvas::drawTexturedRect):
2944         * platform/graphics/chromium/LayerRendererChromium.cpp:
2945         (WebCore::LayerRendererChromium::verticalScrollbarRect):
2946         (WebCore::LayerRendererChromium::horizontalScrollbarRect):
2947         (WebCore::LayerRendererChromium::setScissorToRect):
2948         (WebCore::LayerRendererChromium::setDrawViewportRect):
2949         * platform/graphics/chromium/LayerTilerChromium.cpp:
2950         (WebCore::LayerTilerChromium::contentRectToTileIndices):
2951         (WebCore::LayerTilerChromium::growLayerToContain):
2952         * platform/graphics/gpu/TilingData.cpp:
2953         (WebCore::TilingData::tileBoundsWithBorder):
2954         (WebCore::TilingData::overlappedTileIndices):
2955         * platform/graphics/qt/ImageBufferQt.cpp:
2956         (WebCore::getImageData):
2957         (WebCore::putImageData):
2958         * platform/graphics/skia/FloatRectSkia.cpp:
2959         (WebCore::FloatRect::operator SkRect):
2960         * platform/graphics/skia/ImageBufferSkia.cpp:
2961         (WebCore::getImageData):
2962         (WebCore::putImageData):
2963         * platform/graphics/skia/IntRectSkia.cpp:
2964         (WebCore::IntRect::operator SkIRect):
2965         (WebCore::IntRect::operator SkRect):
2966         * platform/graphics/skia/PlatformContextSkia.cpp:
2967         (WebCore::PlatformContextSkia::beginLayerClippedToImage):
2968         * platform/graphics/win/GraphicsContextWin.cpp:
2969         (WebCore::GraphicsContextPlatformPrivate::clip):
2970         * platform/graphics/win/IntRectWin.cpp:
2971         (WebCore::IntRect::operator RECT):
2972         * platform/graphics/win/UniscribeController.cpp:
2973         (WebCore::UniscribeController::shapeAndPlaceItem):
2974         * platform/graphics/wince/GraphicsContextWinCE.cpp:
2975         (WebCore::roundRect):
2976         (WebCore::mapRect):
2977         (WebCore::TransparentLayerDC::TransparentLayerDC):
2978         (WebCore::GraphicsContext::drawRect):
2979         (WebCore::GraphicsContext::drawEllipse):
2980         (WebCore::GraphicsContext::strokeArc):
2981         (WebCore::GraphicsContext::clip):
2982         (WebCore::GraphicsContext::clipOut):
2983         (WebCore::GraphicsContext::strokeRect):
2984         * platform/image-decoders/gif/GIFImageDecoder.cpp:
2985         (WebCore::GIFImageDecoder::initFrameBuffer):
2986         * platform/win/PopupMenuWin.cpp:
2987         (WebCore::PopupMenuWin::calculatePositionAndSize):
2988         (WebCore::PopupMenuWin::paint):
2989         * plugins/win/PluginViewWin.cpp:
2990         (WebCore::PluginView::updatePluginWidget):
2991         (WebCore::PluginView::invalidateRect):
2992         * rendering/RenderThemeSafari.cpp:
2993         (WebCore::RenderThemeSafari::paintMenuListButtonGradients):
2994         (WebCore::RenderThemeSafari::paintMenuListButton):
2995         (WebCore::RenderThemeSafari::paintSliderTrack):
2996         * rendering/RenderThemeWin.cpp:
2997         (WebCore::RenderThemeWin::paintInnerSpinButton):
2998         (WebCore::RenderThemeWin::paintMenuListButton):
2999
3000 2011-02-02  Antti Koivisto  <antti@apple.com>
3001
3002         Reviewed by Maciej Stachowiak.
3003
3004         Use Vector instead of a linked list for rules in CSSStyleSelector
3005         https://bugs.webkit.org/show_bug.cgi?id=53581
3006         
3007         - eliminate CSSRuleDataList, replace with Vector<RuleData>
3008         - rename CSSRuleData -> RuleData and CSSRuleSet -> RuleSet 
3009           (these are selector internal classes, CSS prefix is better reserved for public ones).
3010         - constify a bit
3011         - shrink the vectors to fit after collecting the rules
3012
3013         * css/CSSStyleSelector.cpp:
3014         (WebCore::RuleData::RuleData):
3015         (WebCore::RuleData::position):
3016         (WebCore::RuleData::rule):
3017         (WebCore::RuleData::selector):
3018         (WebCore::RuleSet::disableAutoShrinkToFit):
3019         (WebCore::RuleSet::getIDRules):
3020         (WebCore::RuleSet::getClassRules):
3021         (WebCore::RuleSet::getTagRules):
3022         (WebCore::RuleSet::getPseudoRules):
3023         (WebCore::RuleSet::getUniversalRules):
3024         (WebCore::RuleSet::getPageRules):
3025         (WebCore::collectSiblingRulesInDefaultStyle):
3026         (WebCore::CSSStyleSelector::CSSStyleSelector):
3027         (WebCore::loadFullDefaultStyle):
3028         (WebCore::loadSimpleDefaultStyle):
3029         (WebCore::loadViewSourceStyle):
3030         (WebCore::CSSStyleSelector::matchRules):
3031         (WebCore::CSSStyleSelector::matchRulesForList):
3032         (WebCore::operator >):
3033         (WebCore::operator <=):
3034         (WebCore::CSSStyleSelector::sortMatchedRules):
3035         (WebCore::CSSStyleSelector::matchUARules):
3036         (WebCore::RuleSet::RuleSet):
3037         (WebCore::RuleSet::~RuleSet):
3038         (WebCore::RuleSet::addToRuleSet):
3039         (WebCore::RuleSet::addRule):
3040         (WebCore::RuleSet::addPageRule):
3041         (WebCore::RuleSet::addRulesFromSheet):
3042         (WebCore::RuleSet::addStyleRule):
3043         (WebCore::collectIdsAndSiblingRulesFromList):
3044         (WebCore::RuleSet::collectIdsAndSiblingRules):
3045         (WebCore::shrinkMapVectorsToFit):
3046         (WebCore::RuleSet::shrinkToFit):
3047         (WebCore::CSSStyleSelector::matchPageRules):
3048         (WebCore::CSSStyleSelector::matchPageRulesForList):
3049         * css/CSSStyleSelector.h:
3050         (WebCore::CSSStyleSelector::addMatchedRule):
3051
3052 2011-02-02  Andrey Adaikin  <aandrey@google.com>
3053
3054         Reviewed by Pavel Feldman.
3055
3056         Web Inspector: Use DIVs instead of TABLE in TextViewer
3057         https://bugs.webkit.org/show_bug.cgi?id=53299
3058
3059         * inspector/front-end/SourceFrame.js:
3060         (WebInspector.SourceFrame.prototype._createTextViewer):
3061         (WebInspector.SourceFrame.prototype._mouseDown):
3062         * inspector/front-end/TextViewer.js:
3063         (WebInspector.TextViewer):
3064         (WebInspector.TextViewer.prototype.set mimeType):
3065         (WebInspector.TextViewer.prototype.revealLine):
3066         (WebInspector.TextViewer.prototype.addDecoration):
3067         (WebInspector.TextViewer.prototype.removeDecoration):
3068         (WebInspector.TextViewer.prototype.markAndRevealRange):
3069         (WebInspector.TextViewer.prototype.highlightLine):
3070         (WebInspector.TextViewer.prototype.clearLineHighlight):
3071         (WebInspector.TextViewer.prototype.freeCachedElements):
3072         (WebInspector.TextViewer.prototype._handleKeyDown):
3073         (WebInspector.TextViewer.prototype.editLine.finishEditing):
3074         (WebInspector.TextViewer.prototype.editLine):
3075         (WebInspector.TextViewer.prototype.beginUpdates):
3076         (WebInspector.TextViewer.prototype.endUpdates):
3077         (WebInspector.TextViewer.prototype.resize):
3078         (WebInspector.TextViewer.prototype._textChanged):
3079         (WebInspector.TextViewer.prototype._updatePanelOffsets):
3080         (WebInspector.TextViewer.prototype._syncScroll):
3081         (WebInspector.TextViewer.prototype._syncDecorationsForLine):
3082         (WebInspector.TextEditorChunkedPanel):
3083         (WebInspector.TextEditorChunkedPanel.prototype.set syncScrollListener):
3084         (WebInspector.TextEditorChunkedPanel.prototype.get textModel):
3085         (WebInspector.TextEditorChunkedPanel.prototype.addDecoration):
3086         (WebInspector.TextEditorChunkedPanel.prototype.removeDecoration):
3087         (WebInspector.TextEditorChunkedPanel.prototype.revealLine):
3088         (WebInspector.TextEditorChunkedPanel.prototype.makeLineAChunk):
3089         (WebInspector.TextEditorChunkedPanel.prototype.textChanged):
3090         (WebInspector.TextEditorChunkedPanel.prototype.beginUpdates):
3091         (WebInspector.TextEditorChunkedPanel.prototype.endUpdates):
3092         (WebInspector.TextEditorChunkedPanel.prototype.resize):
3093         (WebInspector.TextEditorChunkedPanel.prototype._scroll):
3094         (WebInspector.TextEditorChunkedPanel.prototype._scheduleRepaintAll):
3095         (WebInspector.TextEditorChunkedPanel.prototype._buildChunks):
3096         (WebInspector.TextEditorChunkedPanel.prototype._repaintAll):
3097         (WebInspector.TextEditorChunkedPanel.prototype._chunkNumberForLine):
3098         (WebInspector.TextEditorChunkedPanel.prototype._chunkForLine):
3099         (WebInspector.TextEditorGutterPanel):
3100         (WebInspector.TextEditorGutterPanel.prototype.freeCachedElements):
3101         (WebInspector.TextEditorGutterPanel.prototype._createNewChunk):
3102         (WebInspector.TextEditorGutterPanel.prototype._expandChunks):
3103         (WebInspector.TextEditorGutterChunk):
3104         (WebInspector.TextEditorGutterChunk.prototype.get expanded):
3105         (WebInspector.TextEditorGutterChunk.prototype.set expanded):
3106         (WebInspector.TextEditorGutterChunk.prototype.get height):
3107         (WebInspector.TextEditorGutterChunk.prototype._createRow):
3108         (WebInspector.TextEditorMainPanel):
3109         (WebInspector.TextEditorMainPanel.prototype.set syncDecorationsForLine):
3110         (WebInspector.TextEditorMainPanel.prototype.set mimeType):
3111         (WebInspector.TextEditorMainPanel.prototype.markAndRevealRange):
3112         (WebInspector.TextEditorMainPanel.prototype.highlightLine):
3113         (WebInspector.TextEditorMainPanel.prototype.clearLineHighlight):
3114         (WebInspector.TextEditorMainPanel.prototype.freeCachedElements):
3115         (WebInspector.TextEditorMainPanel.prototype._buildChunks):
3116         (WebInspector.TextEditorMainPanel.prototype._createNewChunk):
3117         (WebInspector.TextEditorMainPanel.prototype._expandChunks):
3118         (WebInspector.TextEditorMainPanel.prototype._highlightDataReady):
3119         (WebInspector.TextEditorMainPanel.prototype._paintLines):
3120         (WebInspector.TextEditorMainPanel.prototype._paintLine):
3121         (WebInspector.TextEditorMainPanel.prototype._releaseLinesHighlight):
3122         (WebInspector.TextEditorMainPanel.prototype._getSelection):
3123         (WebInspector.TextEditorMainPanel.prototype._restoreSelection):
3124         (WebInspector.TextEditorMainPanel.prototype._selectionToPosition):
3125         (WebInspector.TextEditorMainPanel.prototype._positionToSelection):
3126         (WebInspector.TextEditorMainPanel.prototype._appendTextNode):
3127         (WebInspector.TextEditorMainPanel.prototype._handleDomUpdates):
3128         (WebInspector.TextEditorMainChunk):
3129         (WebInspector.TextEditorMainChunk.prototype.addDecoration):
3130         (WebInspector.TextEditorMainChunk.prototype.set expanded):
3131         (WebInspector.TextEditorMainChunk.prototype.get height):
3132         (WebInspector.TextEditorMainChunk.prototype.getExpandedLineRow):
3133         (WebInspector.TextEditorMainChunk.prototype._createRow):
3134         (WebInspector):
3135         * inspector/front-end/textViewer.css:
3136         (.text-editor-lines):
3137         (.text-editor-contents):
3138         (.text-editor-editable):
3139         (.webkit-line-decorations):
3140         (.webkit-line-number):
3141         (.webkit-execution-line.webkit-line-content):
3142         (.diff-container .webkit-added-line.webkit-line-content):
3143         (.diff-container .webkit-removed-line.webkit-line-content):
3144         (.diff-container .webkit-changed-line.webkit-line-content):
3145         (.webkit-highlighted-line.webkit-line-content):
3146
3147 2011-02-02  Hans Wennborg  <hans@chromium.org>
3148
3149         Reviewed by Jeremy Orlow.
3150
3151         IndexedDB: Implement support for cursor updates
3152         https://bugs.webkit.org/show_bug.cgi?id=53421
3153
3154         Implement support for cursor updates using the same pattern as cursor
3155         deletes: forward the calls to the IDBObjectStoreBackend::put().
3156         The put() function's signature needs to be changed to allow for a
3157         "cursor update mode". This makes the signature more clear anyway,
3158         since it replaces the boolean parameter.
3159
3160         Test: storage/indexeddb/cursor-update.html
3161
3162         * storage/IDBCursor.idl:
3163         * storage/IDBCursorBackendImpl.cpp:
3164         (WebCore::IDBCursorBackendImpl::key):
3165         (WebCore::IDBCursorBackendImpl::update):
3166         * storage/IDBCursorBackendImpl.h:
3167         * storage/IDBObjectStore.cpp:
3168         (WebCore::IDBObjectStore::add):
3169         (WebCore::IDBObjectStore::put):
3170         * storage/IDBObjectStoreBackendImpl.cpp:
3171         (WebCore::IDBObjectStoreBackendImpl::put):
3172         (WebCore::IDBObjectStoreBackendImpl::putInternal):
3173         * storage/IDBObjectStoreBackendImpl.h:
3174         * storage/IDBObjectStoreBackendInterface.h:
3175
3176 2011-02-02  Naoki Takano  <takano.naoki@gmail.com>
3177
3178         Reviewed by Kent Tamura.
3179
3180         Fix popup menu RTL bug introduced by Changeset 75982.
3181         https://bugs.webkit.org/show_bug.cgi?id=53567
3182
3183         PopupMenuChromium::layout() calculates X position according to RTL or not. So Change the X position calculation in layoutAndCalculateWidgetRect().
3184
3185         No new tests. However we can check manually with select_dropdown_box_alignment.html, autofill_alignment.html, select_alignment.html, select_dropdown_box_alignment.html, autofill-popup-width-and-item-direction.html
3186
3187         * platform/chromium/PopupMenuChromium.cpp:
3188         (WebCore::PopupContainer::layoutAndCalculateWidgetRect): Fix calculation of x position, because layout() considers RTL. And change the parameter from both X and Y positions to only Y position.
3189         (WebCore::PopupContainer::showPopup): Change the passing parameter.
3190         (WebCore::PopupContainer::refresh): Change the passing parameter.
3191         * platform/chromium/PopupMenuChromium.h: Change the parameter declaration.
3192
3193 2011-02-02  Alejandro G. Castro  <alex@igalia.com>
3194
3195         Reviewed by Martin Robinson.
3196
3197         [GTK] Fix dist compilation
3198         https://bugs.webkit.org/show_bug.cgi?id=53579
3199
3200         * GNUmakefile.am: Added FontWidthVariant.h to the sources, it was
3201         added in r77153.
3202
3203 2011-02-02  Dai Mikurube  <dmikurube@google.com>
3204
3205         Reviewed by David Levin.
3206
3207         Make mime type lookup in File::create(path) thread-safe
3208         https://bugs.webkit.org/show_bug.cgi?id=47700
3209
3210         This patch introduces a new function MIMETypeRegistry::getMIMETypeForExtensionThreadSafe().
3211         The function is to be called as a thread-safe version of getMIMETypeForExtension() when
3212         both FILE_SYSTEM and WORKERS are enabled.
3213
3214         No tests for this patch. This patch itself doesn't change the behaviors.
3215         For Chromium, it runs in the same way with getMIMETypeForExtensionThreadSafe().
3216         For the other platforms, it causes compilation error in case of enabled FILE_SYSTEM and WORKERS.
3217         The compilation error would be a signal to implement getMIMETypeForExtensionThreadSafe() in these
3218         platforms. Currently it doesn't happen since FILE_SYSTEM is not available in the other platforms.
3219
3220         * platform/MIMETypeRegistry.cpp: Defined generic getMIMETypeForExtension() calling getMIMETypeForExtensionThreadSafe() for enabled FILE_SYSTEM and WORKERS.
3221         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
3222         * platform/MIMETypeRegistry.h: Declared getMIMETypeForExtensionThreadSafe() which should be implemented for each platform.
3223         * platform/android/TemporaryLinkStubs.cpp:
3224         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
3225         * platform/brew/MIMETypeRegistryBrew.cpp:
3226         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
3227         * platform/chromium/MIMETypeRegistryChromium.cpp: Defined getMIMETypeForExtensionThreadSafe() for the case when FILE_SYSTEM and WORKERS are enabled.
3228         (WebCore::MIMETypeRegistry::getMIMETypeForExtensionThreadSafe):
3229         * platform/efl/MIMETypeRegistryEfl.cpp:
3230         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
3231         * platform/gtk/MIMETypeRegistryGtk.cpp:
3232         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
3233         * platform/haiku/MIMETypeRegistryHaiku.cpp:
3234         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
3235         * platform/mac/MIMETypeRegistryMac.mm:
3236         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
3237         * platform/qt/MIMETypeRegistryQt.cpp:
3238         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
3239         * platform/win/MIMETypeRegistryWin.cpp:
3240         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
3241         * platform/wince/MIMETypeRegistryWinCE.cpp:
3242         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
3243         * platform/wx/MimeTypeRegistryWx.cpp:
3244         (WebCore::MIMETypeRegistry::getMIMETypeForExtension):
3245
3246 2011-02-01  Adam Barth  <abarth@webkit.org>
3247
3248         Reviewed by Alexey Proskuryakov.
3249
3250         Improve readability of updateWidget by converting bool parameter to an enum
3251         https://bugs.webkit.org/show_bug.cgi?id=53576
3252
3253         As requested on webkit-dev.
3254
3255         * html/HTMLEmbedElement.cpp:
3256         (WebCore::HTMLEmbedElement::updateWidget):
3257         * html/HTMLEmbedElement.h:
3258         * html/HTMLMediaElement.cpp:
3259         (WebCore::HTMLMediaElement::updateWidget):
3260         * html/HTMLMediaElement.h:
3261         * html/HTMLObjectElement.cpp:
3262         (WebCore::HTMLObjectElement::updateWidget):
3263         * html/HTMLObjectElement.h:
3264         * html/HTMLPlugInImageElement.cpp:
3265         (WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary):
3266         * html/HTMLPlugInImageElement.h:
3267         * page/FrameView.cpp:
3268         (WebCore::FrameView::updateWidget):
3269
3270 2011-02-01  James Robinson  <jamesr@chromium.org>
3271
3272         Reviewed by Adam Barth.
3273
3274         [v8] Increase V8 native->js recursion limit to match document.write() recursion limit
3275         https://bugs.webkit.org/show_bug.cgi?id=53566
3276
3277         A recursion limit of 22 is necessary to pass fast/dom/Document/document-write-recursion.html.
3278         Other than being large enough for this one test case, this limit is arbitrary.
3279
3280         * bindings/v8/V8Proxy.h:
3281
3282 2011-02-01  Adam Barth  <abarth@webkit.org>
3283
3284         Reviewed by Andreas Kling.
3285
3286         Remove useless comment
3287         https://bugs.webkit.org/show_bug.cgi?id=53549
3288
3289         The reason for this parameter is captured in
3290         plugins/netscape-plugin-setwindow-size.html, which is a better place to
3291         capture it than in this comment (which otherwise just re-iterates the
3292         name of the parameter).
3293
3294         * html/HTMLPlugInImageElement.cpp:
3295         (WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary):
3296
3297 2011-02-01  James Simonsen  <simonjam@chromium.org>
3298
3299         Reviewed by Tony Gentilcore.
3300
3301         [WebTiming] Remove asserts that verify timestamp order
3302         https://bugs.webkit.org/show_bug.cgi?id=53548
3303
3304         Covered by existing tests.
3305
3306         * loader/FrameLoader.cpp:
3307         (WebCore::FrameLoader::stopLoading): Remove assert.
3308         * page/DOMWindow.cpp:
3309         (WebCore::DOMWindow::dispatchTimedEvent): Ditto.
3310
3311 2011-02-01  Dimitri Glazkov  <dglazkov@chromium.org>
3312
3313         Add the 'default_targets' enclosure to the flags.
3314
3315         * WebCore.gyp/WebCore.gyp: Did it.
3316
3317 2011-02-01  Mihai Parparita  <mihaip@chromium.org>
3318
3319         Reviewed by James Robinson.
3320
3321         Async event handlers should not fire within a modal dialog
3322         https://bugs.webkit.org/show_bug.cgi?id=53202
3323
3324         Asychronous events that use EventQueue would currently fire while a
3325         modal dialog (e.g. window.alert()) was up. Change EventQueue to use a
3326         SuspendableTimer (which automatically gets suspended while dialogs are
3327         up and in other cases where JS execution is not allowed).
3328         
3329         Test: fast/events/scroll-event-during-modal-dialog.html
3330
3331         * dom/Document.cpp:
3332         (WebCore::Document::Document):
3333         * dom/EventQueue.cpp:
3334         (WebCore::EventQueueTimer::EventQueueTimer):
3335         (WebCore::EventQueueTimer::fired):
3336         (WebCore::EventQueue::EventQueue):
3337         (WebCore::EventQueue::enqueueEvent):
3338         (WebCore::EventQueue::pendingEventTimerFired):
3339         * dom/EventQueue.h:
3340         (WebCore::EventQueue::create):
3341         * page/SuspendableTimer.cpp:
3342         (WebCore::SuspendableTimer::SuspendableTimer):
3343         (WebCore::SuspendableTimer::suspend):
3344         (WebCore::SuspendableTimer::resume):
3345         * page/SuspendableTimer.h:
3346
3347 2011-02-01  Patrick Gansterer  <paroga@webkit.org>
3348
3349         Reviewed by Andreas Kling.
3350
3351         Change wrong PLATFORM(WIN) to USE(WININET)
3352         https://bugs.webkit.org/show_bug.cgi?id=53547
3353
3354         * platform/network/ResourceHandle.h:
3355
3356 2011-02-01  Beth Dakin  <bdakin@apple.com>
3357
3358         32-bit build fix.
3359
3360         * platform/mac/ScrollAnimatorMac.mm:
3361         (-[ScrollbarPainterControllerDelegate contentAreaRectForScrollerImpPair:]):
3362
3363 2011-01-25  Martin Robinson  <mrobinson@igalia.com>
3364
3365         Reviewed by Gustavo Noronha Silva.
3366
3367         [GTK] Two tests crash after r76555
3368         https://bugs.webkit.org/show_bug.cgi?id=53057
3369
3370         Instead of creating synchronous ResourceHandles manually, use the ::create factory.
3371         This ensures that ::start() is not called when there is a scheduled failure and also
3372         reduces code duplication.
3373
3374         * platform/network/soup/ResourceHandleSoup.cpp:
3375         (WebCore::ResourceHandle::loadResourceSynchronously): Use the ::create factory method.
3376
3377 2011-02-01  Martin Robinson  <mrobinson@igalia.com>
3378
3379         Reviewed by Eric Seidel.
3380
3381         [GTK] GObject DOM bindings do no support the CallWith attribute
3382         https://bugs.webkit.org/show_bug.cgi?id=53331
3383
3384         Disable building GObject DOM bindings for IndexedDB because we do not support
3385         the CallWith attribute at this time.
3386
3387         * bindings/gobject/GNUmakefile.am: Disable building bindings for the IndexedDB API.
3388
3389 2011-02-01  Darin Adler  <darin@apple.com>
3390
3391         Reviewed by Brady Eidson.
3392
3393         Fix a couple loose ends from the back/forward tree encode/decode work
3394         https://bugs.webkit.org/show_bug.cgi?id=53537
3395
3396         * history/HistoryItem.cpp:
3397         (WebCore::HistoryItem::encodeBackForwardTreeNode): Remove extra copy of
3398         original URL string; no need to encode it twice.
3399         (WebCore::HistoryItem::decodeBackForwardTree): Ditto.
3400         * history/HistoryItem.h: Removed declaration for function that is no
3401         longer defined nor used.
3402
3403 2011-02-01  Tony Chang  <tony@chromium.org>
3404
3405         Reviewed by Kent Tamura.
3406
3407         [chromium] disable arm uninitialized variable warnings
3408         https://bugs.webkit.org/show_bug.cgi?id=53553
3409
3410         We just got another error:
3411         third_party/WebKit/Source/WebCore/css/CSSPrimitiveValue.cpp:123:error:
3412         'colorTransparent.unstatic.4879' may be used uninitialized in this
3413         function
3414
3415         * WebCore.gyp/WebCore.gyp:
3416
3417 2011-02-01  chris reiss  <christopher.reiss@nokia.com>
3418
3419         Reviewed by Adam Barth.
3420
3421         Self-replicating code makes Safari hang and eventually crash
3422         https://bugs.webkit.org/show_bug.cgi?id=15123
3423
3424        
3425         Here we are replicating the Firefox safeguard against
3426         recursive document.write( ) 's.
3427
3428         See  https://bug197052.bugzilla.mozilla.org/attachment.cgi?id=293907 in bug 
3429         https://bugzilla.mozilla.org/show_bug.cgi?id=197052 .   Firefox does two things - 
3430             a) imposes a recursion limit of 20 on document.write( ) and
3431             b) once that limit is passed, panics all the way the call stack (rather than just returning one level.)
3432         To see why this is necessary, consider the script : 
3433
3434         <script>
3435            var t = document.body.innerHTML;
3436            document.write(t);
3437         </script> 
3438
3439         This will create a tree both broad and deep as the script keeps appending itself to the text.   If
3440         we just return one level after the recursion limit is reached, we still allow millions of copies to 
3441         duplicate (and execute).   
3442
3443         The recursion is fortunately depth-first, so as soon as we cross this limit, we panic up the callstack
3444         to prevent this situation.    (IE apparently does the same thing, with a lower recursion limit.) 
3445
3446         Test: fast/dom/Document/document-write-recursion.html        
3447         Test: fast/dom/Document/document-close-iframe-load.html
3448         Test: fast/dom/Document/document-close-nested-iframe-load.html
3449
3450
3451         * dom/Document.cpp:
3452         (WebCore::Document::Document):
3453         (WebCore::Document::write):
3454         * dom/Document.h:
3455
3456 2011-02-01  Johnny Ding  <jnd@chromium.org>
3457
3458         Reviewed by Darin Adler.
3459
3460         Don't set user gesture in HTMLAnchorElement's click handler because the click handler can be triggered by untrusted event.
3461         https://bugs.webkit.org/show_bug.cgi?id=53424
3462
3463         Test: fast/events/popup-blocked-from-untrusted-click-event-on-anchor.html
3464
3465         * html/HTMLAnchorElement.cpp:
3466         (WebCore::handleLinkClick):
3467
3468 2011-02-01  Csaba Osztrogonác  <ossy@webkit.org>
3469
3470         Unreviewed Qt buildfix after r77286.
3471
3472         https://bugs.webkit.org/show_bug.cgi?id=53520 
3473         Remove the physical terminology from IntRect and FloatRect.
3474
3475         * platform/graphics/TiledBackingStore.cpp:
3476         (WebCore::TiledBackingStore::createTiles):
3477
3478 2011-02-01  Sam Weinig  <sam@webkit.org>
3479
3480         Fix Mac production builds.
3481
3482         * DerivedSources.make:
3483         * WebCore.xcodeproj/project.pbxproj:
3484         * platform/mac/ScrollAnimatorMac.h:
3485         * platform/mac/ScrollbarThemeMac.h:
3486
3487 2011-02-01  Darin Adler  <darin@apple.com>
3488
3489         Reviewed by Chris Fleizach.
3490
3491         REGRESSION: Removing focus from area element causes unwanted scrolling
3492         https://bugs.webkit.org/show_bug.cgi?id=50169
3493
3494         Test: fast/images/imagemap-scroll.html
3495
3496         * html/HTMLAreaElement.cpp:
3497         (WebCore::HTMLAreaElement::setFocus): Added override. Calls the new
3498         RenderImage::areaElementFocusChanged function.
3499         (WebCore::HTMLAreaElement::updateFocusAppearance): Removed the code
3500         here that calls setNeedsLayout on the image's renderer. This was an
3501         attempt to cause repaint of the renderer, but this function does not
3502         need to do that. Also changed this to use the imageElement function
3503         to avoid repeating code.
3504
3505         * html/HTMLAreaElement.h: Updated for above changes.
3506
3507         * rendering/RenderImage.cpp:
3508         (WebCore::RenderImage::paint): Updated for name change.
3509         (WebCore::RenderImage::paintAreaElementFocusRing): Renamed this from
3510         paintFocusRing, because it only paints area focus rings, and should
3511         not be confused with paintFocusRing functions in other classes. Also
3512         removed the unused style argument. Removed the code that used an
3513         HTMLCollection to see if the focused area element is for this image
3514         and instead just call imageElement on the area element.
3515         (WebCore::RenderImage::areaElementFocusChanged): Added. Calls repaint.
3516
3517         * rendering/RenderImage.h: Added a public areaElementFocusChanged
3518         function for HTMLAreaElement to call. Made the paintFocusRing function
3519         private, renamed it to paintAreaElementFocusRing, and removed its
3520         unused style argument.
3521
3522 2011-02-01  Patrick Gansterer  <paroga@webkit.org>
3523
3524         Unreviewed WinCE build fix for r77286.
3525
3526         * platform/graphics/wince/GraphicsContextWinCE.cpp:
3527         (WebCore::TransparentLayerDC::TransparentLayerDC):
3528
3529 2011-02-01  Chris Fleizach  <cfleizach@apple.com>
3530
3531         Reviewed by Darin Adler.
3532
3533         AX: AXPosition of AXScrollArea is wrong
3534         https://bugs.webkit.org/show_bug.cgi?id=53511
3535
3536         AccessibilityScrollView needed to return a valid documentFrameView() object.
3537         At the same time, the code from document() should be consolidated in 
3538         AccessibilityObject, so all objects can use it.
3539
3540         Test: platform/mac/accessibility/webkit-scrollarea-position.html
3541
3542         * accessibility/AccessibilityObject.cpp:
3543         (WebCore::AccessibilityObject::document):
3544         * accessibility/AccessibilityObject.h:
3545         * accessibility/AccessibilityScrollView.cpp:
3546         (WebCore::AccessibilityScrollView::accessibilityHitTest):
3547         (WebCore::AccessibilityScrollView::documentFrameView):
3548         * accessibility/AccessibilityScrollView.h:
3549
3550 2011-02-01  Zhenyao Mo  <zmo@google.com>
3551
3552         Reviewed by Kenneth Russell.
3553
3554         getUniform should support SAMPLER_2D or SAMPLER_CUBE
3555         https://bugs.webkit.org/show_bug.cgi?id=52190
3556
3557         * html/canvas/WebGLRenderingContext.cpp:
3558         (WebCore::WebGLRenderingContext::getUniform):
3559
3560 2011-02-01  Zhenyao Mo  <zmo@google.com>
3561
3562         Reviewed by Darin Adler.
3563
3564         Fix the incorrect usage of RetainPtr cases in GraphicsContext3DCG.cpp
3565         https://bugs.webkit.org/show_bug.cgi?id=53531
3566
3567         With this fix, running WebGL conformance tests should no longer crash randomly.
3568