[WebKit.git] / Source / WebCore / ChangeLog

2011-02-01  James Robinson  <jamesr@chromium.org>

        Reviewed by Adam Barth.

        [v8] Increase V8 native->js recursion limit to match document.write() recursion limit
        https://bugs.webkit.org/show_bug.cgi?id=53566

        A recursion limit of 22 is necessary to pass fast/dom/Document/document-write-recursion.html.
        Other than being large enough for this one test case, this limit is arbitrary.

        * bindings/v8/V8Proxy.h:

2011-02-01  Adam Barth  <abarth@webkit.org>

        Reviewed by Andreas Kling.

        Remove useless comment
        https://bugs.webkit.org/show_bug.cgi?id=53549

        The reason for this parameter is captured in
        plugins/netscape-plugin-setwindow-size.html, which is a better place to
        capture it than in this comment (which otherwise just re-iterates the
        name of the parameter).

        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary):

2011-02-01  James Simonsen  <simonjam@chromium.org>

        Reviewed by Tony Gentilcore.

        [WebTiming] Remove asserts that verify timestamp order
        https://bugs.webkit.org/show_bug.cgi?id=53548

        Covered by existing tests.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::stopLoading): Remove assert.
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::dispatchTimedEvent): Ditto.

2011-02-01  Dimitri Glazkov  <dglazkov@chromium.org>

        Add the 'default_targets' enclosure to the flags.

        * WebCore.gyp/WebCore.gyp: Did it.

2011-02-01  Mihai Parparita  <mihaip@chromium.org>

        Reviewed by James Robinson.

        Async event handlers should not fire within a modal dialog
        https://bugs.webkit.org/show_bug.cgi?id=53202

        Asychronous events that use EventQueue would currently fire while a
        modal dialog (e.g. window.alert()) was up. Change EventQueue to use a
        SuspendableTimer (which automatically gets suspended while dialogs are
        up and in other cases where JS execution is not allowed).
        
        Test: fast/events/scroll-event-during-modal-dialog.html

        * dom/Document.cpp:
        (WebCore::Document::Document):
        * dom/EventQueue.cpp:
        (WebCore::EventQueueTimer::EventQueueTimer):
        (WebCore::EventQueueTimer::fired):
        (WebCore::EventQueue::EventQueue):
        (WebCore::EventQueue::enqueueEvent):
        (WebCore::EventQueue::pendingEventTimerFired):
        * dom/EventQueue.h:
        (WebCore::EventQueue::create):
        * page/SuspendableTimer.cpp:
        (WebCore::SuspendableTimer::SuspendableTimer):
        (WebCore::SuspendableTimer::suspend):
        (WebCore::SuspendableTimer::resume):
        * page/SuspendableTimer.h:

2011-02-01  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Andreas Kling.

        Change wrong PLATFORM(WIN) to USE(WININET)
        https://bugs.webkit.org/show_bug.cgi?id=53547

        * platform/network/ResourceHandle.h:

2011-02-01  Beth Dakin  <bdakin@apple.com>

        32-bit build fix.

        * platform/mac/ScrollAnimatorMac.mm:
        (-[ScrollbarPainterControllerDelegate contentAreaRectForScrollerImpPair:]):

2011-01-25  Martin Robinson  <mrobinson@igalia.com>

        Reviewed by Gustavo Noronha Silva.

        [GTK] Two tests crash after r76555
        https://bugs.webkit.org/show_bug.cgi?id=53057

        Instead of creating synchronous ResourceHandles manually, use the ::create factory.
        This ensures that ::start() is not called when there is a scheduled failure and also
        reduces code duplication.

        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::ResourceHandle::loadResourceSynchronously): Use the ::create factory method.

2011-02-01  Martin Robinson  <mrobinson@igalia.com>

        Reviewed by Eric Seidel.

        [GTK] GObject DOM bindings do no support the CallWith attribute
        https://bugs.webkit.org/show_bug.cgi?id=53331

        Disable building GObject DOM bindings for IndexedDB because we do not support
        the CallWith attribute at this time.

        * bindings/gobject/GNUmakefile.am: Disable building bindings for the IndexedDB API.

2011-02-01  Darin Adler  <darin@apple.com>

        Reviewed by Brady Eidson.

        Fix a couple loose ends from the back/forward tree encode/decode work
        https://bugs.webkit.org/show_bug.cgi?id=53537

        * history/HistoryItem.cpp:
        (WebCore::HistoryItem::encodeBackForwardTreeNode): Remove extra copy of
        original URL string; no need to encode it twice.
        (WebCore::HistoryItem::decodeBackForwardTree): Ditto.
        * history/HistoryItem.h: Removed declaration for function that is no
        longer defined nor used.

2011-02-01  Tony Chang  <tony@chromium.org>

        Reviewed by Kent Tamura.

        [chromium] disable arm uninitialized variable warnings
        https://bugs.webkit.org/show_bug.cgi?id=53553

        We just got another error:
        third_party/WebKit/Source/WebCore/css/CSSPrimitiveValue.cpp:123:error:
        'colorTransparent.unstatic.4879' may be used uninitialized in this
        function

        * WebCore.gyp/WebCore.gyp:

2011-02-01  chris reiss  <christopher.reiss@nokia.com>

        Reviewed by Adam Barth.

        Self-replicating code makes Safari hang and eventually crash
        https://bugs.webkit.org/show_bug.cgi?id=15123

       
        Here we are replicating the Firefox safeguard against
        recursive document.write( ) 's.

        See  https://bug197052.bugzilla.mozilla.org/attachment.cgi?id=293907 in bug 
        https://bugzilla.mozilla.org/show_bug.cgi?id=197052 .   Firefox does two things - 
            a) imposes a recursion limit of 20 on document.write( ) and
            b) once that limit is passed, panics all the way the call stack (rather than just returning one level.)
        To see why this is necessary, consider the script : 

        <script>
           var t = document.body.innerHTML;
           document.write(t);
        </script> 

        This will create a tree both broad and deep as the script keeps appending itself to the text.   If
        we just return one level after the recursion limit is reached, we still allow millions of copies to 
        duplicate (and execute).   

        The recursion is fortunately depth-first, so as soon as we cross this limit, we panic up the callstack
        to prevent this situation.    (IE apparently does the same thing, with a lower recursion limit.) 

        Test: fast/dom/Document/document-write-recursion.html        
        Test: fast/dom/Document/document-close-iframe-load.html
        Test: fast/dom/Document/document-close-nested-iframe-load.html


        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::write):
        * dom/Document.h:

2011-02-01  Johnny Ding  <jnd@chromium.org>

        Reviewed by Darin Adler.

        Don't set user gesture in HTMLAnchorElement's click handler because the click handler can be triggered by untrusted event.
        https://bugs.webkit.org/show_bug.cgi?id=53424

        Test: fast/events/popup-blocked-from-untrusted-click-event-on-anchor.html

        * html/HTMLAnchorElement.cpp:
        (WebCore::handleLinkClick):

2011-02-01  Csaba Osztrogonác  <ossy@webkit.org>

        Unreviewed Qt buildfix after r77286.

        https://bugs.webkit.org/show_bug.cgi?id=53520 
        Remove the physical terminology from IntRect and FloatRect.

        * platform/graphics/TiledBackingStore.cpp:
        (WebCore::TiledBackingStore::createTiles):

2011-02-01  Sam Weinig  <sam@webkit.org>

        Fix Mac production builds.

        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/mac/ScrollAnimatorMac.h:
        * platform/mac/ScrollbarThemeMac.h:

2011-02-01  Darin Adler  <darin@apple.com>

        Reviewed by Chris Fleizach.

        REGRESSION: Removing focus from area element causes unwanted scrolling
        https://bugs.webkit.org/show_bug.cgi?id=50169

        Test: fast/images/imagemap-scroll.html

        * html/HTMLAreaElement.cpp:
        (WebCore::HTMLAreaElement::setFocus): Added override. Calls the new
        RenderImage::areaElementFocusChanged function.
        (WebCore::HTMLAreaElement::updateFocusAppearance): Removed the code
        here that calls setNeedsLayout on the image's renderer. This was an
        attempt to cause repaint of the renderer, but this function does not
        need to do that. Also changed this to use the imageElement function
        to avoid repeating code.

        * html/HTMLAreaElement.h: Updated for above changes.

        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paint): Updated for name change.
        (WebCore::RenderImage::paintAreaElementFocusRing): Renamed this from
        paintFocusRing, because it only paints area focus rings, and should
        not be confused with paintFocusRing functions in other classes. Also
        removed the unused style argument. Removed the code that used an
        HTMLCollection to see if the focused area element is for this image
        and instead just call imageElement on the area element.
        (WebCore::RenderImage::areaElementFocusChanged): Added. Calls repaint.

        * rendering/RenderImage.h: Added a public areaElementFocusChanged
        function for HTMLAreaElement to call. Made the paintFocusRing function
        private, renamed it to paintAreaElementFocusRing, and removed its
        unused style argument.

2011-02-01  Patrick Gansterer  <paroga@webkit.org>

        Unreviewed WinCE build fix for r77286.

        * platform/graphics/wince/GraphicsContextWinCE.cpp:
        (WebCore::TransparentLayerDC::TransparentLayerDC):

2011-02-01  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Darin Adler.

        AX: AXPosition of AXScrollArea is wrong
        https://bugs.webkit.org/show_bug.cgi?id=53511

        AccessibilityScrollView needed to return a valid documentFrameView() object.
        At the same time, the code from document() should be consolidated in 
        AccessibilityObject, so all objects can use it.

        Test: platform/mac/accessibility/webkit-scrollarea-position.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::document):
        * accessibility/AccessibilityObject.h:
        * accessibility/AccessibilityScrollView.cpp:
        (WebCore::AccessibilityScrollView::accessibilityHitTest):
        (WebCore::AccessibilityScrollView::documentFrameView):
        * accessibility/AccessibilityScrollView.h:

2011-02-01  Zhenyao Mo  <zmo@google.com>

        Reviewed by Kenneth Russell.

        getUniform should support SAMPLER_2D or SAMPLER_CUBE
        https://bugs.webkit.org/show_bug.cgi?id=52190

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::getUniform):

2011-02-01  Zhenyao Mo  <zmo@google.com>

        Reviewed by Darin Adler.

        Fix the incorrect usage of RetainPtr cases in GraphicsContext3DCG.cpp
        https://bugs.webkit.org/show_bug.cgi?id=53531

        With this fix, running WebGL conformance tests should no longer crash randomly.

        * platform/graphics/cg/GraphicsContext3DCG.cpp:
        (WebCore::GraphicsContext3D::getImageData):

2011-02-01  Dimitri Glazkov  <dglazkov@chromium.org>

        One more Chromium build fix after r77286.

        * platform/chromium/ScrollbarThemeChromiumMac.mm:
        (WebCore::ScrollbarThemeChromiumMac::paint): Changed to not use topLeft().

2011-02-01  Sam Weinig  <sam@webkit.org>

        Fix the build for Beth.

        * platform/mac/ScrollAnimatorMac.mm:
        (-[ScrollbarPainterControllerDelegate inLiveResizeForScrollerImpPair:]):

2011-02-01  Sam Weinig  <sam@webkit.org>

        Reviewed by Beth Dakin.

        Part 2 for <rdar://problem/8492788>
        Adopt WKScrollbarPainterController

        Use header detection to define scrollbar painting controller #define.

        * WebCore.exp.in:
        * platform/mac/ScrollAnimatorMac.h:
        * platform/mac/ScrollbarThemeMac.h:
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:

2011-02-01  David Hyatt  <hyatt@apple.com>

        Reviewed by Oliver Hunt.

        https://bugs.webkit.org/show_bug.cgi?id=53520
        
        Remove the physical terminology from IntRect and FloatRect.
        
        Now that we have flipped RenderBlocks for vertical-rl and horizontal-bt writing modes,
        we need to update our terminology to be more accurate.

        I'm borrowing a page from AppKit here (which also supports flipped NSViews) and
        renaming right() and bottom() to maxX() and maxY().  These terms remain accurate
        even for flipped rectangles.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::boundsForVisiblePositionRange):
        * accessibility/mac/AccessibilityObjectWrapper.mm:
        (-[AccessibilityObjectWrapper position]):
        * dom/ClientRect.h:
        (WebCore::ClientRect::right):
        (WebCore::ClientRect::bottom):
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::convertLogicalToDevice):
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::normalizeRect):
        * inspector/InspectorAgent.cpp:
        (WebCore::InspectorAgent::drawElementTitle):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::adjustWindowRect):
        * page/DragController.cpp:
        (WebCore::dragLocForSelectionDrag):
        * page/EventHandler.cpp:
        (WebCore::EventHandler::sendContextMenuEventForKey):
        * page/PrintContext.cpp:
        (WebCore::PrintContext::computePageRectsWithPageSizeInternal):
        (WebCore::PrintContext::pageNumberForElement):
        * page/SpatialNavigation.cpp:
        (WebCore::end):
        (WebCore::areRectsFullyAligned):
        (WebCore::areRectsMoreThanFullScreenApart):
        (WebCore::below):
        (WebCore::rightOf):
        (WebCore::isRectInDirection):
        (WebCore::entryAndExitPointsForDirection):
        (WebCore::virtualRectForDirection):
        * page/WindowFeatures.cpp:
        (WebCore::WindowFeatures::WindowFeatures):
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::wheelEvent):
        * platform/Scrollbar.cpp:
        (WebCore::Scrollbar::setFrameRect):
        * platform/ScrollbarThemeComposite.cpp:
        (WebCore::ScrollbarThemeComposite::splitTrack):
        * platform/chromium/ScrollbarThemeChromium.cpp:
        (WebCore::ScrollbarThemeChromium::paintTickmarks):
        * platform/graphics/FloatQuad.h:
        (WebCore::FloatQuad::FloatQuad):
        * platform/graphics/FloatRect.cpp:
        (WebCore::FloatRect::intersects):
        (WebCore::FloatRect::contains):
        (WebCore::FloatRect::intersect):
        (WebCore::FloatRect::unite):
        (WebCore::enclosingIntRect):
        * platform/graphics/FloatRect.h:
        (WebCore::FloatRect::maxX):
        (WebCore::FloatRect::maxY):
        (WebCore::FloatRect::contains):
        * platform/graphics/IntRect.cpp:
        (WebCore::IntRect::intersects):
        (WebCore::IntRect::contains):
        (WebCore::IntRect::intersect):
        (WebCore::IntRect::unite):
        * platform/graphics/IntRect.h:
        (WebCore::IntRect::maxX):
        (WebCore::IntRect::maxY):
        (WebCore::IntRect::shiftXEdgeTo):
        (WebCore::IntRect::shiftMaxXEdgeTo):
        (WebCore::IntRect::shiftYEdgeTo):
        (WebCore::IntRect::shiftMaxYEdgeTo):
        (WebCore::IntRect::contains):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::advance):
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::drawRect):
        (WebCore::GraphicsContext::fillPath):
        (WebCore::GraphicsContext::fillRect):
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::getImageData):
        (WebCore::putImageData):
        * platform/graphics/cg/ImageCG.cpp:
        (WebCore::BitmapImage::draw):
        * platform/graphics/filters/FilterEffect.cpp:
        (WebCore::FilterEffect::copyImageBytes):
        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::ComplexTextController::adjustGlyphsAndAdvances):
        * platform/graphics/mac/SimpleFontDataMac.mm:
        (WebCore::SimpleFontData::platformBoundsForGlyph):
        * platform/graphics/transforms/AffineTransform.cpp:
        (WebCore::AffineTransform::mapRect):
        * platform/graphics/win/FontCGWin.cpp:
        (WebCore::drawGDIGlyphs):
        * platform/graphics/win/MediaPlayerPrivateQuickTimeWin.cpp:
        (WebCore::MediaPlayerPrivate::paint):
        * platform/gtk/RenderThemeGtk.cpp:
        (WebCore::centerRectVerticallyInParentInputElement):
        * platform/mac/WidgetMac.mm:
        (WebCore::Widget::paint):
        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::addBoxShadowVisualOverflow):
        (WebCore::InlineFlowBox::addTextBoxVisualOverflow):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::selectionRect):
        (WebCore::InlineTextBox::paint):
        (WebCore::InlineTextBox::positionForOffset):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::addOverflowFromChildren):
        (WebCore::RenderBlock::paintChildren):
        (WebCore::RenderBlock::paintEllipsisBoxes):
        (WebCore::RenderBlock::inlineSelectionGaps):
        (WebCore::RenderBlock::adjustPointToColumnContents):
        (WebCore::RenderBlock::flipForWritingModeIncludingColumns):
        (WebCore::RenderBlock::adjustForColumns):
        * rendering/RenderBlock.h:
        (WebCore::RenderBlock::FloatingObject::right):
        (WebCore::RenderBlock::FloatingObject::bottom):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::reflectedRect):
        (WebCore::RenderBox::localCaretRect):
        (WebCore::RenderBox::addShadowOverflow):
        (WebCore::RenderBox::addLayoutOverflow):
        (WebCore::RenderBox::visualOverflowRectForPropagation):
        (WebCore::RenderBox::layoutOverflowRectForPropagation):
        (WebCore::RenderBox::flipForWritingMode):
        * rendering/RenderFrameSet.cpp:
        (WebCore::RenderFrameSet::paintColumnBorder):
        (WebCore::RenderFrameSet::paintRowBorder):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::paintOutlineForLine):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::getRectToExpose):
        (WebCore::cornerRect):
        (WebCore::RenderLayer::positionOverflowControls):
        (WebCore::RenderLayer::overflowBottom):
        (WebCore::RenderLayer::overflowRight):
        (WebCore::RenderLayer::paintResizer):
        * rendering/RenderLineBoxList.cpp:
        (WebCore::RenderLineBoxList::rangeIntersectsRect):
        (WebCore::RenderLineBoxList::paint):
        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::positionListMarker):
        * rendering/RenderListMarker.cpp:
        (WebCore::RenderListMarker::paint):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::repaintAfterLayoutIfNeeded):
        * rendering/RenderOverflow.h:
        (WebCore::RenderOverflow::RenderOverflow):
        (WebCore::RenderOverflow::addLayoutOverflow):
        (WebCore::RenderOverflow::addVisualOverflow):
        (WebCore::RenderOverflow::setLayoutOverflow):
        (WebCore::RenderOverflow::setVisualOverflow):
        (WebCore::RenderOverflow::resetLayoutOverflow):
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::shouldPaint):
        * rendering/RenderScrollbarTheme.cpp:
        (WebCore::RenderScrollbarTheme::constrainTrackRectToTrackPieces):
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::paint):
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::paint):
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::paintObject):
        * rendering/RenderText.cpp:
        (WebCore::RenderText::absoluteQuads):
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::forwardEvent):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintMenuListButtonGradients):
        (WebCore::RenderThemeMac::paintMenuListButton):
        (WebCore::RenderThemeMac::paintSliderTrack):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::computeRectForRepaint):
        (WebCore::RenderView::docBottom):
        (WebCore::RenderView::docRight):
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::paddedLayoutOverflowRect):
        * rendering/svg/RenderSVGInlineText.cpp:
        (WebCore::RenderSVGInlineText::localCaretRect):

2011-02-01  Beth Dakin  <bdakin@apple.com>

        Reviewed by Sam Weinig.

        Fix for <rdar://problem/8492788> Adopt WKScrollbarPainterController

        Lots of new WebCoreSystemInterface functions to export.
        * WebCore.exp.in:
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:

        Let the scrollAnimator know when the mouse has
        moved anywhere inside the page, and when the mouse 
        has moved in or out of the window. 
        * page/EventHandler.cpp:
        (WebCore::EventHandler::mouseMoved):
        (WebCore::EventHandler::updateMouseEventTargetNode):

        Let the scrollAnimator know when the window has become
        active or inactive.
        * page/FocusController.cpp:
        (WebCore::FocusController::setActive):
        
        Let the scrollAnimator know when all of these things
        are happening.
        * page/FrameView.cpp:
        (WebCore::FrameView::setContentsSize):
        (WebCore::FrameView::didMoveOnscreen):
        (WebCore::FrameView::willMoveOffscreen):
        (WebCore::FrameView::currentMousePosition):
        (WebCore::FrameView::contentsResized):
        
        New functions called through WebKit2 that allow the
        scrollAnimator to know when a live resize starts and ends.
        (WebCore::FrameView::willStartLiveResize):
        (WebCore::FrameView::willEndLiveResize):
        * page/FrameView.h:
        
        New functions on ScrollAnimator that pass information
        to the WKPainterController when we're using one.
        * platform/ScrollAnimator.h:
        (WebCore::ScrollAnimator::scrollableArea):
        (WebCore::ScrollAnimator::contentAreaWillPaint):
        (WebCore::ScrollAnimator::mouseEnteredContentArea):
        (WebCore::ScrollAnimator::mouseExitedContentArea):
        (WebCore::ScrollAnimator::mouseMovedInContentArea):
        (WebCore::ScrollAnimator::willStartLiveResize):
        (WebCore::ScrollAnimator::contentsResized):
        (WebCore::ScrollAnimator::willEndLiveResize):
        (WebCore::ScrollAnimator::contentAreaDidShow):
        (WebCore::ScrollAnimator::contentAreaDidHide):
        (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
        (WebCore::ScrollAnimatorMac::scrollbarPainterDelegate):
        (WebCore::ScrollAnimatorMac::setPainterForPainterController):
        (WebCore::ScrollAnimatorMac::removePainterFromPainterController):
        (WebCore::ScrollAnimatorMac::notityPositionChanged):
        (WebCore::ScrollAnimatorMac::contentAreaWillPaint):
        (WebCore::ScrollAnimatorMac::mouseEnteredContentArea):
        (WebCore::ScrollAnimatorMac::mouseExitedContentArea):
        (WebCore::ScrollAnimatorMac::mouseMovedInContentArea):
        (WebCore::ScrollAnimatorMac::willStartLiveResize):
        (WebCore::ScrollAnimatorMac::contentsResized):
        (WebCore::ScrollAnimatorMac::willEndLiveResize):
        (WebCore::ScrollAnimatorMac::contentAreaDidShow):
        (WebCore::ScrollAnimatorMac::contentAreaDidHide):
        
        Let the scrollAnimator know when this is happening.
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::paint):
        
        New function lets the scrollAnimator get the current 
        mouse position.
        * platform/ScrollView.h:
        (WebCore::ScrollView::currentMousePosition):
        
        New function that returns the scrollAnimator when needed.
        * platform/ScrollableArea.h:
        (WebCore::ScrollableArea::scrollAnimator):
        
        Keep track of if we're in a live resize using a new memeber
        variable.
        * platform/mac/ScrollAnimatorMac.h:
        (WebCore::ScrollAnimatorMac::inLiveResize):
        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::view):
        
        New delegates for the WKPainter and WKPainterController
        (-[ScrollbarPainterControllerDelegate initWithScrollAnimator:WebCore::]):
        (-[ScrollbarPainterControllerDelegate contentAreaRectForScrollerImpPair:]):
        (-[ScrollbarPainterControllerDelegate inLiveResizeForScrollerImpPair:]):
        (-[ScrollbarPainterControllerDelegate mouseLocationInContentAreaForScrollerImpPair:]):
        (-[ScrollbarPainterControllerDelegate scrollerImpPair:convertContentPoint:toScrollerImp:]):
        (-[ScrollbarPainterControllerDelegate scrollerImpPair:setContentAreaNeedsDisplayInRect:]):
        (-[ScrollbarPainterControllerDelegate scrollerImpPair:updateScrollerStyleForNewRecommendedScrollerStyle:]):
        (-[ScrollKnobAnimation initWithScrollbarPainter:forScrollAnimator:WebCore::animateKnobAlphaTo:duration:]):
        (-[ScrollKnobAnimation setCurrentProgress:]):
        (-[ScrollbarPainterDelegate initWithScrollAnimator:WebCore::]):
        (-[ScrollbarPainterDelegate convertRectToBacking:]):
        (-[ScrollbarPainterDelegate convertRectFromBacking:]):
        (-[ScrollbarPainterDelegate layer]):
        (-[ScrollbarPainterDelegate setUpAnimation:scrollerPainter:animateKnobAlphaTo:duration:]):
        (-[ScrollbarPainterDelegate scrollerImp:animateKnobAlphaTo:duration:]):
        (-[ScrollbarPainterDelegate scrollerImp:animateTrackAlphaTo:duration:]):
        (-[ScrollbarPainterDelegate scrollerImp:overlayScrollerStateChangedTo:]):

        Get the WKScrollbarPainterRefs to synch up with the 
        WKScrollbarPainterControllerRefs when appropriate
        * platform/mac/ScrollbarThemeMac.h:
        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::ScrollbarThemeMac::registerScrollbar):
        (WebCore::ScrollbarThemeMac::unregisterScrollbar):
        (WebCore::ScrollbarThemeMac::setNewPainterForScrollbar):
        (WebCore::ScrollbarThemeMac::usesOverlayScrollbars):

        Implement ScrollableArea's virtual function contentsSize() for access
        through the scrollAnimator.
        * rendering/RenderLayer.h:
        (WebCore::RenderLayer::contentsSize):

2011-02-01  Carol Szabo  <carol.szabo@nokia.com>

        Reviewed by David Hyatt.

        layoutTestController.counterValueForElementById does not return the correct value
        https://bugs.webkit.org/show_bug.cgi?id=53037

        Test: fast/css/counters/deep-before.html

        * rendering/RenderTreeAsText.cpp:
        (WebCore::counterValueForElement):
        Modified to use the newly available RenderObject::beforePseudoElement()
        and RenderObject::afterPseudoElement() instead of the old imperfect
        algorithm to find the before and after pseudo elements.

2011-02-01  Anton Muhin  <antonm@chromium.org>

        Reviewed by Adam Barth.

        Allow access for security origin same as this.
        https://bugs.webkit.org/show_bug.cgi?id=53440

        Hard to test as newly added path currently is never hit.

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::canAccess): allow access if this == other

2011-01-31  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Update JSObject storage for new marking API
        https://bugs.webkit.org/show_bug.cgi?id=53467

        Update WebCore to handle new anonymous slot behaviour.

        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::setWindow):
        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::initScript):
        * bindings/scripts/CodeGeneratorJS.pm:

2011-02-01  Xiaomei Ji  <xji@chromium.org>

        Reviewed by David Hyatt.

        Fix a text rendering problem when enclosing block is RTL and text runs
        are in different directionality.
        https://bugs.webkit.org/show_bug.cgi?id=34176

        The problem happens in the following example scenario (ABC represents 
        Hebrew characters):
        <div dir=rtl>this is a <span><span>test <span>ABC</span></span></span></div>

        The line consists of 3 text runs -- TextRun1 TextRun2 TextRun3. In which
        TextRun1 and TextRun2's bidi level are 2, and TextRun3's bidi level is 1.
        TextRun2 and TextRun3's least common ancestor is not a sibling of TextRun1.

        The visual bidi run order of the text runs is TextRun3 TextRun1 TextRun2.

        Inside RenderBlock::constructLine(), when RenderBlock::createLineBoxes()
        creates InlineFlowBox for TextRun2, it should check an InlineFlowBox for
        the run's render object's ancestor (not only its parent) has already 
        been constructed or has something following it on the line, in which 
        case, create a new box for TextRun2 instead of sharing the same box with
        TextRun3.

        In other words, the following 2 div should render the same results
        (ABC represents Hebrew characters).
        <div dir=rtl>this is a <span><span>test <span>ABC</span></span></span></div>
        <div dir=rtl>this is a <span>Test <span>ABC</span></span></div>

        Test: fast/dom/34176.html

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::parentIsConstructedOrHaveNext):
        (WebCore::RenderBlock::createLineBoxes):

2011-02-01  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dan Bernstein.

        Do not add a node in the document's stylesheet candidate node list if the
        node is already removed from document.
        https://bugs.webkit.org/show_bug.cgi?id=53441

        Test: fast/css/stylesheet-candidate-nodes-crash.xhtml

        * dom/Document.cpp:
        (WebCore::Document::addStyleSheetCandidateNode):

2011-02-01  Dave Hyatt  <hyatt@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=46422, make printing and pagination work
        with vertical text.

        Change printing functions to check writing-mode and properly swap width and height
        as needed.
        
        Fix the setScrollOrigin function so that the origin doesn't cause
        scroll spasming during printing (this is only partially successful, but it's better
        than it was).

        Rewrite computePageRects to handle both RTL documents properly as well as vertical
        text documents properly.

        * WebCore.exp.in:
        * page/FrameView.cpp:
        (WebCore::FrameView::adjustViewSize):
        (WebCore::FrameView::forceLayoutForPagination):
        * page/PrintContext.cpp:
        (WebCore::PrintContext::computePageRects):
        (WebCore::PrintContext::computePageRectsWithPageSizeInternal):
        (WebCore::PrintContext::computeAutomaticScaleFactor):
        (WebCore::PrintContext::spoolPage):
        (WebCore::PrintContext::spoolRect):
        * page/PrintContext.h:
        * page/mac/WebCoreFrameView.h:
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::wheelEvent):
        * platform/ScrollView.h:
        * platform/mac/ScrollViewMac.mm:
        (WebCore::ScrollView::platformSetScrollOrigin):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::layout):

2011-02-01  Mikhail Naganov  <mnaganov@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: Fix profiles reset to avoid clearing heap profiles in Chromium.

        https://bugs.webkit.org/show_bug.cgi?id=53500

        * inspector/InspectorProfilerAgent.cpp:
        (WebCore::InspectorProfilerAgent::resetFrontendProfiles):

2011-02-01  Mikhail Naganov  <mnaganov@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: [Chromium] Landing detailed heap snapshots, part 1.

        https://bugs.webkit.org/show_bug.cgi?id=53173

        Adding code for accessing heap snapshot data and
        performing graph calculations.

        * English.lproj/localizedStrings.js:
        * inspector/front-end/HeapSnapshot.js:
        (WebInspector.HeapSnapshotArraySlice): Helper class to avoid array contents copying.
        (WebInspector.HeapSnapshotEdge): Wrapper for accessing graph edge properties.
        (WebInspector.HeapSnapshotEdgeIterator):
        (WebInspector.HeapSnapshotNode): Wrapper for accessing graph node properties.
        (WebInspector.HeapSnapshotNodeIterator):
        (WebInspector.HeapSnapshot): Wrapper for the heap snapshot.
        (WebInspector.HeapSnapshotFilteredOrderedIterator):
        (WebInspector.HeapSnapshotEdgesProvider):
        (WebInspector.HeapSnapshotNodesProvider):
        (WebInspector.HeapSnapshotPathFinder):
        * inspector/front-end/HeapSnapshotView.js:
        (WebInspector.HeapSnapshotView.prototype._convertSnapshot):

2011-02-01  Adam Roben  <aroben@apple.com>

        Fix linker warnings in Release_LTCG builds

        * WebCore.vcproj/WebCore.vcproj: Exclude EventNames.cpp and EventTarget.cpp from all
        configurations, since they get pulled in via DOMAllInOne.cpp.

2011-02-01  Alexander Pavlov  <apavlov@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: [Chromium] Wrongly labelled context-menu item for links in Web Inspector's side-pane
        https://bugs.webkit.org/show_bug.cgi?id=53482

        * English.lproj/localizedStrings.js:
        * inspector/front-end/ElementsPanel.js:
        (WebInspector.ElementsPanel.prototype.populateHrefContextMenu):
        * inspector/front-end/inspector.js:
        (WebInspector.resourceForURL):
        (WebInspector.openLinkExternallyLabel):

2011-02-01  Anton Muhin  <antonm@chromium.org>

        Reviewed by Adam Barth.

        Propagate parent document security origin to newly create Document XML response
        https://bugs.webkit.org/show_bug.cgi?id=53444

        Covered by the existing tests.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::responseXML):

2011-02-01  Yury Semikhatsky  <yurys@chromium.org>

        Unreviewed. Rollout r77230 which caused many layout tests
        crashes on Chromium Debug bots.

        Async event handlers should not fire within a modal dialog
        https://bugs.webkit.org/show_bug.cgi?id=53202

        * dom/Document.cpp:
        (WebCore::Document::Document):
        * dom/EventQueue.cpp:
        (WebCore::EventQueue::EventQueue):
        (WebCore::EventQueue::enqueueEvent):
        (WebCore::EventQueue::pendingEventTimerFired):
        * dom/EventQueue.h:

2011-02-01  Zoltan Herczeg  <zherczeg@webkit.org>

        Reviewed by Dirk Schulze.

        LightElement changes does not require relayout.
        https://bugs.webkit.org/show_bug.cgi?id=53232

        When an attribute of a LightElement changes, it
        send an update message to the lighting filters
        to update its corresponding LightSource objects,
        and repaint the filters.

        Duplicated 'id' attributes removed from svg-filter-animation.svg.

        Existing dynamic-update tests covers this feature.

        5x speedup on manual-tests/svg-filter-animation.svg

        * manual-tests/svg-filter-animation.svg:
        * platform/graphics/filters/DistantLightSource.h:
        * platform/graphics/filters/FEDiffuseLighting.cpp:
        (WebCore::FEDiffuseLighting::setLightingColor):
        (WebCore::FEDiffuseLighting::setSurfaceScale):
        (WebCore::FEDiffuseLighting::setDiffuseConstant):
        (WebCore::FEDiffuseLighting::setKernelUnitLengthX):
        (WebCore::FEDiffuseLighting::setKernelUnitLengthY):
        * platform/graphics/filters/FEDiffuseLighting.h:
        * platform/graphics/filters/LightSource.cpp:
        (WebCore::PointLightSource::setX):
        (WebCore::PointLightSource::setY):
        (WebCore::PointLightSource::setZ):
        (WebCore::SpotLightSource::setX):
        (WebCore::SpotLightSource::setY):
        (WebCore::SpotLightSource::setZ):
        (WebCore::SpotLightSource::setPointsAtX):
        (WebCore::SpotLightSource::setPointsAtY):
        (WebCore::SpotLightSource::setPointsAtZ):
        (WebCore::SpotLightSource::setSpecularExponent):
        (WebCore::SpotLightSource::setLimitingConeAngle):
        (WebCore::DistantLightSource::setAzimuth):
        (WebCore::DistantLightSource::setElevation):
        (WebCore::LightSource::setAzimuth):
        (WebCore::LightSource::setElevation):
        (WebCore::LightSource::setX):
        (WebCore::LightSource::setY):
        (WebCore::LightSource::setZ):
        (WebCore::LightSource::setPointsAtX):
        (WebCore::LightSource::setPointsAtY):
        (WebCore::LightSource::setPointsAtZ):
        (WebCore::LightSource::setSpecularExponent):
        (WebCore::LightSource::setLimitingConeAngle):
        * platform/graphics/filters/LightSource.h:
        * platform/graphics/filters/PointLightSource.h:
        * platform/graphics/filters/SpotLightSource.h:
        * rendering/svg/RenderSVGResourceFilter.cpp:
        (WebCore::RenderSVGResourceFilter::primitiveAttributeChanged):
        * svg/SVGFEDiffuseLightingElement.cpp:
        (WebCore::SVGFEDiffuseLightingElement::setFilterEffectAttribute):
        (WebCore::SVGFEDiffuseLightingElement::lightElementAttributeChanged):
        (WebCore::SVGFEDiffuseLightingElement::build):
        (WebCore::SVGFEDiffuseLightingElement::findLightElement):
        (WebCore::SVGFEDiffuseLightingElement::findLight):
        * svg/SVGFEDiffuseLightingElement.h:
        * svg/SVGFELightElement.cpp:
        (WebCore::SVGFELightElement::svgAttributeChanged):
        * svg/SVGFilterPrimitiveStandardAttributes.cpp:
        (WebCore::SVGFilterPrimitiveStandardAttributes::setFilterEffectAttribute):
        * svg/SVGFilterPrimitiveStandardAttributes.h:

2011-02-01  Roland Steiner  <rolandsteiner@chromium.org>

        Reviewed by Dimitri Glazkov.

        Bug 53289 - DOM: Move DocumentOrderedMap from Document into separate files
        https://bugs.webkit.org/show_bug.cgi?id=53289

        Moving the nested class DocumentOrderedMap from Document into separate files,
        updating code where necessary.

        No new tests. (refactoring)

        * Android.mk:
        * CMakeLists.txt:
        * GNUMakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::getElementById):
        (WebCore::Document::getImageMap):
        * dom/Document.h:
        * dom/DocumentOrderedMap.cpp: Added.
        (WebCore::keyMatchesId):
        (WebCore::keyMatchesMapName):
        (WebCore::keyMatchesLowercasedMapName):
        (WebCore::DocumentOrderedMap::clear):
        (WebCore::DocumentOrderedMap::add):
        (WebCore::DocumentOrderedMap::remove):
        (WebCore::DocumentOrderedMap::get):
        (WebCore::DocumentOrderedMap::getElementById):
        (WebCore::DocumentOrderedMap::getElementByMapName):
        (WebCore::DocumentOrderedMap::getElementByLowercasedMapName):
        * dom/DocumentOrderedMap.h: Added.
        (WebCore::DocumentOrderedMap::contains):
        (WebCore::DocumentOrderedMap::containsMultiple):
        * dom/DOMAllInOne.cpp:

2011-02-01  Mario Sanchez Prada  <msanchez@igalia.com>

        Reviewed by Martin Robinson.

        [Gtk] atk_text_set_caret_offset fails for list items
        https://bugs.webkit.org/show_bug.cgi?id=53388

        Allow using text ranges across list items.

        * accessibility/gtk/AccessibilityObjectAtk.cpp:
        (WebCore::AccessibilityObject::allowsTextRanges): Add list items
        to the list of accessibility objects supporting text ranges.

2011-02-01  Mario Sanchez Prada  <msanchez@igalia.com>

        Reviewed by Martin Robinson.

        [GTK] character range extents is off when the end of a wrapped line is included
        https://bugs.webkit.org/show_bug.cgi?id=53323

        Fixed wrong calculation getting the range extents.

        * accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:
        (webkit_accessible_text_get_range_extents): Removed '+1' since the
        requested interval shouldn't include the last character.

2011-02-01  Mario Sanchez Prada  <msanchez@igalia.com>

        Reviewed by Martin Robinson.

        [GTK] Caret Offset is one off at the end of wrapped lines
        https://bugs.webkit.org/show_bug.cgi?id=53300

        Consider linebreaks as special cases.

        * accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:
        (objectAndOffsetUnignored): In order to avoid getting wrong values
        when around linebreaks, we need to workaround this by explicitly
        avoiding those '\n' text nodes from affecting the result of
        calling to TextIterator:rangeLength().

2011-02-01  Roland Steiner  <rolandsteiner@chromium.org>

        Unreviewed, rolling out r77229.
        http://trac.webkit.org/changeset/77229
        https://bugs.webkit.org/show_bug.cgi?id=53289

        revert mysterious build breakage

        * Android.mk:
        * CMakeLists.txt:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/DOMAllInOne.cpp:
        * dom/Document.cpp:
        (WebCore::Document::DocumentOrderedMap::clear):
        (WebCore::Document::DocumentOrderedMap::add):
        (WebCore::Document::DocumentOrderedMap::remove):
        (WebCore::Document::DocumentOrderedMap::get):
        (WebCore::keyMatchesId):
        (WebCore::Document::getElementById):
        (WebCore::keyMatchesMapName):
        (WebCore::keyMatchesLowercasedMapName):
        (WebCore::Document::getImageMap):
        * dom/Document.h:
        (WebCore::Document::DocumentOrderedMap::contains):
        (WebCore::Document::DocumentOrderedMap::containsMultiple):
        * dom/DocumentOrderedMap.cpp: Removed.
        * dom/DocumentOrderedMap.h: Removed.

2011-02-01  Mihai Parparita  <mihaip@chromium.org>

        Reviewed by James Robinson.

        Async event handlers should not fire within a modal dialog
        https://bugs.webkit.org/show_bug.cgi?id=53202

        Asychronous events that use EventQueue would currently fire while a
        modal dialog (e.g. window.alert()) was up. Change EventQueue to use a
        SuspendableTimer (which automatically gets suspended while dialogs are
        up and in other cases where JS execution is not allowed).
        
        Test: fast/events/scroll-event-during-modal-dialog.html

        * dom/Document.cpp:
        (WebCore::Document::Document):
        * dom/EventQueue.cpp:
        (WebCore::EventQueueTimer::EventQueueTimer):
        (WebCore::EventQueueTimer::fired):
        (WebCore::EventQueue::EventQueue):
        (WebCore::EventQueue::enqueueEvent):
        (WebCore::EventQueue::pendingEventTimerFired):
        * dom/EventQueue.h:
        (WebCore::EventQueue::create):

2011-02-01  Roland Steiner  <rolandsteiner@chromium.org>

        Reviewed by Dimitri Glazkov.

        Bug 53289 - DOM: Move DocumentOrderedMap from Document into separate files
        https://bugs.webkit.org/show_bug.cgi?id=53289

        Moving the nested class DocumentOrderedMap from Document into separate files,
        updating code where necessary.

        No new tests. (refactoring)

        * Android.mk:
        * CMakeLists.txt:
        * GNUMakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::getElementById):
        (WebCore::Document::getImageMap):
        * dom/Document.h:
        * dom/DocumentOrderedMap.cpp: Added.
        (WebCore::keyMatchesId):
        (WebCore::keyMatchesMapName):
        (WebCore::keyMatchesLowercasedMapName):
        (WebCore::DocumentOrderedMap::clear):
        (WebCore::DocumentOrderedMap::add):
        (WebCore::DocumentOrderedMap::remove):
        (WebCore::DocumentOrderedMap::get):
        (WebCore::DocumentOrderedMap::getElementById):
        (WebCore::DocumentOrderedMap::getElementByMapName):
        (WebCore::DocumentOrderedMap::getElementByLowercasedMapName):
        * dom/DocumentOrderedMap.h: Added.
        (WebCore::DocumentOrderedMap::contains):
        (WebCore::DocumentOrderedMap::containsMultiple):
        * dom/DOMAllInOne.cpp:

2011-02-01  Naoki Takano  <takano.naoki@gmail.com>

        Reviewed by Darin Fisher.

        [Chromium] Autofill should work with HTML5 form elements
        https://bugs.webkit.org/show_bug.cgi?id=51809
        http://crbug.com/65654

        No new tests, because this fix is for Chromium project and hard to test only in WebKit project.

        * html/InputType.h: Insert comment for canSetSuggestedValue().
        * html/TextFieldInputType.cpp:
        (WebCore::TextFieldInputType::canSetSuggestedValue): Implemented to return always true for that all text filed inputs can be completed.
        * html/TextFieldInputType.h: Declare canSetSuggestedValue().
        * html/TextInputType.cpp: Delete canSetSuggestedValue() not to return true anymore.
        * html/TextInputType.h: Delete canSetSuggestedValue() not to return true anymore.

2011-02-01  Kent Tamura  <tkent@chromium.org>

        Reviewed by Dan Bernstein.

        REGRESSION (r65062): Safari loops forever under WebCore::plainTextToMallocAllocatedBuffer()
        https://bugs.webkit.org/show_bug.cgi?id=53272

        * editing/TextIterator.cpp:
        (WebCore::TextIterator::handleTextBox): Pass the appropriate renderer to emitText().

2011-01-31  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Maciej Stachowiak.

        https://bugs.webkit.org/show_bug.cgi?id=53466
        Move WebKit2 to printing via API methods

        * WebCore.exp.in: Export IntRect::scale().

2011-01-31  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Adam Barth.

        Remove obsolete comment after r41871
        https://bugs.webkit.org/show_bug.cgi?id=53406

        * dom/Document.h:

2011-01-31  Simon Fraser  <simon.fraser@apple.com>

        Fix according to reviewer comments: can just use Color::black now.

        * platform/graphics/ShadowBlur.cpp:
        (WebCore::ShadowBlur::drawInsetShadow):
        (WebCore::ShadowBlur::drawRectShadowWithoutTiling):

2011-01-31  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Sam Weinig.

        Clean up ShadowBlur
        https://bugs.webkit.org/show_bug.cgi?id=53472

        Some minor ShadowBlur cleanup.

        * platform/graphics/ShadowBlur.h:
        * platform/graphics/ShadowBlur.cpp:
        (WebCore::ShadowBlur::ShadowBlur): Use m_blurRadius rather than the radius
        paramter.
        (WebCore::ShadowBlur::adjustBlurRadius): Renamed from adjustBlurDistance.
        (WebCore::ShadowBlur::calculateLayerBoundingRect): Rename layerFloatRect to
        layerRect. Make frameSize a float.
        (WebCore::ShadowBlur::beginShadowLayer): This now takes a precomputed
        layerRect rather than calling calculateLayerBoundingRect() to compute
        it itself, since we were calling calculateLayerBoundingRect() twice.
        (WebCore::ShadowBlur::drawRectShadow): Optimize to call calculateLayerBoundingRect()
        only once. The shadowRect variable was unused, so two return paths could be
        collapsed into one.
        (WebCore::ShadowBlur::drawInsetShadow): Call calculateLayerBoundingRect() before
        beginShadowLayer() now.
        (WebCore::ShadowBlur::drawRectShadowWithoutTiling): The layerRect gets passed in.
        We always used alpha=1, so no need to pass that in.
        (WebCore::ShadowBlur::drawRectShadowWithTiling): We always used alpha=1, so no need to
        pass that in. Move shadowRect down to first use.
        ShadowBlur::clipBounds() was unused.

2011-01-31  No'am Rosenthal  <noam.rosenthal@nokia.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] QWebElements example from QtWebKit Bridge documentation does not work at all
        https://bugs.webkit.org/show_bug.cgi?id=46748

        This problem disappears when we register QWebElement using qRegisterMetaType, which we now do in QtInstance.
        Added a regression test to tst_QWebFrame.

        * bridge/qt/qt_instance.cpp:
        (JSC::Bindings::QtInstance::QtInstance):

2011-01-27  MORITA Hajime  <morrita@google.com>

        Reviewed by Dimitri Glazkov.
        
        Convert <progress> shadow DOM to a DOM-based shadow.
        https://bugs.webkit.org/show_bug.cgi?id=50660

        * Removed RenderProgress::m_valuePart, moved the shadow node
          to the shadow root of HTMLProgressElement.
        * Removed hard-coded pseudo ID for -webkit-progress-bar-value.
          ProgressBarValueElement is defined only for overriding
          shadowPseudoId().
        
        No new tests. No behavioral change.

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::pseudoId):
        (WebCore::nameToPseudoTypeMap):
        (WebCore::CSSSelector::extractPseudoType):
        * css/CSSSelector.h:
        * html/HTMLProgressElement.cpp:
        (WebCore::ProgressBarValueElement::ProgressBarValueElement):
        (WebCore::ProgressBarValueElement::shadowPseudoId):
        (WebCore::ProgressBarValueElement::create):
        (WebCore::ProgressBarValueElement::detach):
        (WebCore::HTMLProgressElement::parseMappedAttribute):
        (WebCore::HTMLProgressElement::attach):
        (WebCore::HTMLProgressElement::valuePart):
        (WebCore::HTMLProgressElement::didElementStateChange):
        (WebCore::HTMLProgressElement::createShadowSubtreeIfNeeded):
        * html/HTMLProgressElement.h:
        * rendering/RenderProgress.cpp:
        (WebCore::RenderProgress::~RenderProgress):
        (WebCore::RenderProgress::updateFromElement):
        (WebCore::RenderProgress::layoutParts):
        (WebCore::RenderProgress::shouldHaveParts):
        (WebCore::RenderProgress::valuePart):
        * rendering/RenderProgress.h:
        * rendering/style/RenderStyleConstants.h:

2011-01-31  Charlie Reis  <creis@chromium.org>

        Reviewed by Mihai Parparita.

        Add sanity check to help diagnose bug 52819
        https://bugs.webkit.org/show_bug.cgi?id=53402

        Crash early if the children of fromItem look invalid.

        * loader/HistoryController.cpp:

2011-01-31  Kalle Vahlman  <kalle.vahlman@movial.com>

        Reviewed by Andreas Kling.

        [Qt] canvas.drawImage(HTMLVideoElement) doesn't work with Qt Multimedia backend
        https://bugs.webkit.org/show_bug.cgi?id=53325

        Reimplement paintCurrentFrameInContext() rather than delegate the
        rendering to paint() to make sure we really do get the video frame
        content into the GraphicsContext, regardless of accelerated
        compositing and the video scene state.

        * platform/graphics/qt/MediaPlayerPrivateQt.cpp:
        (WebCore::MediaPlayerPrivateQt::paintCurrentFrameInContext):
        * platform/graphics/qt/MediaPlayerPrivateQt.h:

2011-01-31  Emil A Eklund  <eae@chromium.org>

        Reviewed by Darin Adler.

        Setting "selected" attribute to false should have no effect in single line <select>
        https://bugs.webkit.org/show_bug.cgi?id=52436

        Change SelectElement::setSelectedIndex to select the first selectable
        option when the select state of all options is set to false as required
        by the HTML5 specification.

        Test: fast/dom/HTMLSelectElement/selected-false.html

        * dom/SelectElement.cpp:
        (WebCore::SelectElement::setSelectedIndex):

2011-01-31  Alexander Pavlov  <apavlov@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: Console source references need a left-margin
        https://bugs.webkit.org/show_bug.cgi?id=53308

        * inspector/front-end/inspector.css:
        (.console-message-url): Added a 4px margin on the left.

2011-01-31  Carol Szabo  <carol.szabo@nokia.com>

        Reviewed by David Hyatt.

        Code Changes only.

        It is needlessly expensive to find the generating node from an anonymous renderer of a pseudoelement.
        https://bugs.webkit.org/show_bug.cgi?id=53024

        No new tests. No change in functionality

        * rendering/RenderObject.h:
        (WebCore::RenderObject::before):
        (WebCore::RenderObject::after):
        (WebCore::RenderObject::generatingNode):
        Added new accessors for the use of the CSS 2.1 counters code
        (mainlyly)
        * rendering/RenderObjectChildList.cpp:
        (WebCore::beforeAfterContainer):
        (WebCore::RenderObjectChildList::invalidateCounters):
        (WebCore::RenderObjectChildList::before):
        (WebCore::RenderObjectChildList::after):
        Refactored the code to take advantage of the new accessors.
        (WebCore::RenderObjectChildList::updateBeforeAfterContent):
        Changed to store the generating node in the :before and :after
        renderers.
        * rendering/RenderObjectChildList.h:

2011-01-31  Krithigassree Sambamurthy  <krithigassree.sambamurthy@nokia.com>

        Reviewed by David Hyatt.

        Add background-clip to background shorthand
        https://bugs.webkit.org/show_bug.cgi?id=52080

        Added background-clip to background-shorthand. Also made changes to
        include webkitMaskClip to the mask shorthand to keep both in sync.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseFillShorthand):

2011-01-31  Darin Adler  <darin@apple.com>

        Reviewed by Adele Peterson.

        WKView should support scrollPageDown:, scrollPageUp:, scrollToBeg and other similar selectors
        https://bugs.webkit.org/show_bug.cgi?id=53460

        * editing/EditorCommand.cpp:
        (WebCore::executeScrollPageBackward): Added.
        (WebCore::executeScrollPageForward): Added.
        (WebCore::executeScrollToBeginningOfDocument): Added.
        (WebCore::executeScrollToEndOfDocument): Added.
        (WebCore::createCommandMap): Added the four commands above to the map.

2011-01-31  Dan Bernstein  <mitz@apple.com>

        Reviewed by Adele Peterson.

        Inter-ideograph justification should apply to hiragana and katakana as well
        https://bugs.webkit.org/show_bug.cgi?id=53464

        Changed the test for expansion opportunities from isCJKIdeograph() to isCJKIdeographOrSymbol().

        * platform/graphics/Font.cpp:
        (WebCore::Font::expansionOpportunityCount):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::advance):
        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::ComplexTextController::adjustGlyphsAndAdvances):

2011-01-31  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by James Robinson.

        REGRESSION(r76951): Appearance of media controls changed slightly on Qt/Chromium ports
        https://bugs.webkit.org/show_bug.cgi?id=53314

        Fixes media/controls-strict.html on Chromium.

        * css/mediaControlsChromium.css:
        (audio::-webkit-media-controls-timeline, video::-webkit-media-controls-timeline):
            Added proper box-sizing to avoid differences between strict/quirks mode.

2011-01-31  Kent Tamura  <tkent@chromium.org>

        Reviewed by Dimitri Glazkov.

        Validation message bubble shouldn't inherit text-security style
        https://bugs.webkit.org/show_bug.cgi?id=53457

        No new tests because the validation message feature depends on timers
        and is enabled only in Chromium port.

        * css/html.css:
        (::-webkit-validation-bubble): Reset -webkit-text-security.

2011-01-31  Michael Saboff  <msaboff@apple.com>

        Reviewed by Geoffrey Garen.

        Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
        https://bugs.webkit.org/show_bug.cgi?id=53271

        Reapplying this patch again. 
        The removal of this patch in <http://trac.webkit.org/changeset/77125>
        as part of https://bugs.webkit.org/show_bug.cgi?id=53418,
        removed the both the first (failing) patch (r76893) and this fixed 
        patch (r76969).  This patch includes slight changes necessitated by
        r77151.

        Reapplying this patch with the change that the second ASSERT in 
        RootObject::removeRuntimeObject was changed to use
        .uncheckedGet() instead of the failing .get().  The object in question
        could be in the process of being GC'ed.  The get() call will not return
        such an object while the uncheckedGet() call will return the (unsafe) 
        object.  This is the behavior we want.

        Precautionary change.
        Changed RootObject to use WeakGCMap instead of HashSet.
        Found will looking for another issue, but can't produce a test case
        that is problematic.  THerefore there aren't any new tests.

        * bridge/runtime_root.cpp:
        (JSC::Bindings::RootObject::invalidate):
        (JSC::Bindings::RootObject::addRuntimeObject):
        (JSC::Bindings::RootObject::removeRuntimeObject):
        * bridge/runtime_root.h:

2011-01-31  Andreas Kling  <kling@webkit.org>

        Unbreak Qt build after r77151.

        * bridge/qt/qt_instance.cpp:
        (JSC::Bindings::QtInstance::removeCachedMethod):
        (JSC::Bindings::QtInstance::markAggregate):

2011-01-31  takano takumi  <takano@apple.com>

        Reviewed by Dave Hyatt.

        Implement text-combine rendering code
        https://bugs.webkit.org/show_bug.cgi?id=50621

        Test: fast/text/international/text-combine-image-test.html

        * Android.mk: Added RenderCombineText.cpp/h
        * CMakeLists.txt: Added RenderCombineText.cpp/h
        * GNUmakefile.am: Added RenderCombineText.cpp/h
        * WebCore.exp.in:
        * WebCore.gypi: Added RenderCombineText.cpp/h
        * WebCore.pro: Added RenderCombineText.cpp/h
        * WebCore.vcproj/WebCore.vcproj: Added RenderCombineText.cpp/h
        * WebCore.xcodeproj/project.pbxproj: Added RenderCombineText.cpp/h
        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::getFontData):
        - Added fontDescription.widthVariant to SimpleFontData creation.
        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::applyProperty):
        - Changed to set "Unique" flag to RenderStyle in case of TextCombine.
        * dom/Text.cpp:
        (WebCore::Text::createRenderer):
        - Changed to create RenderCombineText in case of TextCombine.
        * loader/cache/CachedFont.cpp:
        (WebCore::CachedFont::platformDataFromCustomData):
        - Added FontWidthVariant as an argument for FontPlatformData creation.
        * loader/cache/CachedFont.h:
        - Ditto.
        * platform/graphics/Font.h:
        (WebCore::Font::widthVariant):
        - The accessor to FontWidthVariant member variable.
        * platform/graphics/FontCache.cpp:
        - Made cache to incorporate FontWidthVariant value.
        (WebCore::FontPlatformDataCacheKey::FontPlatformDataCacheKey):
        (WebCore::FontPlatformDataCacheKey::operator==):
        (WebCore::computeHash):
        (WebCore::FontCache::getCachedFontPlatformData):
        * platform/graphics/FontDescription.h:
        - Add a member variable that holds a width variant - none, half-width, third-width, and quarter-width.
        (WebCore::FontDescription::FontDescription):
        (WebCore::FontDescription::widthVariant):
        (WebCore::FontDescription::setWidthVariant):
        (WebCore::FontDescription::operator==):
        * platform/graphics/FontWidthVariant.h: Added.
        * platform/graphics/cairo/FontCustomPlatformData.h:
        - Changed to carry FontWidthVariant value.
        * platform/graphics/cocoa/FontPlatformData.h:
        - Changed to carry FontWidthVariant value.
        (WebCore::FontPlatformData::FontPlatformData):
        (WebCore::FontPlatformData::widthVariant):
        (WebCore::FontPlatformData::hash):
        (WebCore::FontPlatformData::operator==):
        * platform/graphics/cocoa/FontPlatformDataCocoa.mm:
        (WebCore::FontPlatformData::FontPlatformData):
        - Changed to carry FontWidthVariant value.
        (WebCore::FontPlatformData::operator=):
        - Ditto.
        (WebCore::mapFontWidthVariantToCTFeatureSelector):
        - A function to map a FontWidthVariant value to a CoreText's text spacing feature selector.
        (WebCore::FontPlatformData::ctFont):
        - Changed to create CTFont with text spacing variant based on FontWidthVariant.
        * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Changed to carry FontWidthVariant value.
        * platform/graphics/haiku/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Changed to carry FontWidthVariant value.
        * platform/graphics/haiku/FontCustomPlatformData.h:
        * platform/graphics/mac/FontCacheMac.mm:
        (WebCore::FontCache::createFontPlatformData):
        - Changed to carry FontWidthVariant value.
        * platform/graphics/mac/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Changed to carry FontWidthVariant value.
        * platform/graphics/mac/FontCustomPlatformData.h:
        - Ditto.
        * platform/graphics/mac/GlyphPageTreeNodeMac.cpp:
        (WebCore::shouldUseCoreText):
        - Changed to skip CT path when width variant is specified.
        * platform/graphics/pango/FontCustomPlatformDataPango.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Ditto.
        * platform/graphics/qt/FontCustomPlatformData.h:
        - Ditto.
        * platform/graphics/qt/FontCustomPlatformDataQt.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Ditto.
        * platform/graphics/skia/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Ditto.
        * platform/graphics/skia/FontCustomPlatformData.h:
        - Ditto.
        * platform/graphics/win/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Ditto.
        * platform/graphics/win/FontCustomPlatformData.h:
        - Ditto.
        * platform/graphics/win/FontCustomPlatformDataCairo.cpp:
        - Ditto.
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Ditto.
        * platform/graphics/win/FontCustomPlatformDataCairo.h:
        - Ditto.
        * platform/graphics/wince/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Ditto.
        * platform/graphics/wince/FontCustomPlatformData.h:
        - Ditto.
        * platform/graphics/wx/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        - Ditto.
        * platform/graphics/wx/FontCustomPlatformData.h:
        - Ditto.
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paint):
        - In case of RenderCombineText, we don't rotate text even in vertical writing. Also, we render original text
        instead of text returned from text().
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::computeInlinePreferredLogicalWidths):
        - Made to call RenderCombinedText's prepareTextCombine() here.
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::textWidth):
        - Made to always use the render object's width() in case of TextCombine.
        (WebCore::RenderBlock::findNextLineBreak):
        - Made to call RenderCombinedText's prepareTextCombine() here.
        * rendering/RenderCombineText.cpp: Added. A subclass of RenderText.
        (WebCore::RenderCombineText::RenderCombineText):
        (WebCore::RenderCombineText::styleDidChange):
        - Clear the flag that indicated the font has been prepared for combining. The font will be reinitialized in
        the next call of RenderBlock::findNextLineBreak().
        (WebCore::RenderCombineText::setTextInternal):
        - Ditto.
        (WebCore::RenderCombineText::width):
        - Returns 1-em width in case of font combine.
        (WebCore::RenderCombineText::adjustTextOrigin):
        - Adjust drawing origin point in case of font combine.
        (WebCore::RenderCombineText::charactersToRender):
        - Return original text instead of current text in case of font combine.
        (WebCore::RenderCombineText::combineText):
        - This function tries to pack passed text with; 1) the current font as is, 2) the font created
        from the descriptor with half-width variant specified, 3) the font with third-width variant, 4) the font
        with quarter-width variant.
        - If a suitable font successfully found, replace the current font with the new font. If no appropriate font found,
        we give up text-combine as the CSS spec describes.
        - If a new font found, we replace the text with 0xFFFC. This is needed for a combined text block to be able to
        behave like a single character against text decorations.
        * rendering/RenderCombineText.h: Added.
        (WebCore::RenderCombineText::isCombined):
        (WebCore::RenderCombineText::combinedTextWidth):
        - Returns 1-em width in case of font combine.
        (WebCore::RenderCombineText::renderName):
        (WebCore::toRenderCombineText):
        * rendering/RenderText.cpp:
        (WebCore::RenderText::widthFromCache):
        - Made to call RenderCombineText's combinedTextWidth when the text is combined.
        * rendering/RenderingAllInOne.cpp: Added RenderCombineText.cpp
        * rendering/style/RenderStyle.h:
        (WebCore::InheritedFlags::hasTextCombine):
        - Added for a quick test of TextCombine.

2011-01-31  Oliver Hunt  <oliver@apple.com>

        Convert markstack to a slot visitor API
        https://bugs.webkit.org/show_bug.cgi?id=53219

        rolling r77098, r77099, r77100, r77109, and
        r77111 back in, along with a few more Qt fix attempts.

        * ForwardingHeaders/runtime/WriteBarrier.h: Added.
        * WebCore.exp.in:
        * bindings/js/DOMWrapperWorld.h:
        (WebCore::DOMWrapperWorld::globalData):
        * bindings/js/JSAudioConstructor.cpp:
        (WebCore::JSAudioConstructor::JSAudioConstructor):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::markDOMNodesForDocument):
        (WebCore::markDOMObjectWrapper):
        (WebCore::markDOMNodeWrapper):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::markChildren):
        (WebCore::JSDOMGlobalObject::setInjectedScript):
        (WebCore::JSDOMGlobalObject::injectedScript):
        * bindings/js/JSDOMGlobalObject.h:
        (WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData::JSDOMGlobalObjectData):
        (WebCore::getDOMConstructor):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setLocation):
        (WebCore::DialogHandler::dialogCreated):
        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::JSDOMWindowShell):
        (WebCore::JSDOMWindowShell::setWindow):
        (WebCore::JSDOMWindowShell::markChildren):
        (WebCore::JSDOMWindowShell::unwrappedObject):
        * bindings/js/JSDOMWindowShell.h:
        (WebCore::JSDOMWindowShell::window):
        (WebCore::JSDOMWindowShell::setWindow):
        * bindings/js/JSDeviceMotionEventCustom.cpp:
        (WebCore::createAccelerationObject):
        (WebCore::createRotationRateObject):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::JSEventListener):
        (WebCore::JSEventListener::markJSFunction):
        * bindings/js/JSEventListener.h:
        (WebCore::JSEventListener::jsFunction):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::setAll):
        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::JSImageConstructor):
        * bindings/js/JSImageDataCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSJavaScriptCallFrameCustom.cpp:
        (WebCore::JSJavaScriptCallFrame::scopeChain):
        (WebCore::JSJavaScriptCallFrame::scopeType):
        * bindings/js/JSNodeFilterCondition.cpp:
        (WebCore::JSNodeFilterCondition::markAggregate):
        (WebCore::JSNodeFilterCondition::acceptNode):
        * bindings/js/JSNodeFilterCondition.h:
        * bindings/js/JSNodeFilterCustom.cpp:
        * bindings/js/JSOptionConstructor.cpp:
        (WebCore::JSOptionConstructor::JSOptionConstructor):
        * bindings/js/JSSQLResultSetRowListCustom.cpp:
        (WebCore::JSSQLResultSetRowList::item):
        * bindings/js/ScriptCachedFrameData.cpp:
        (WebCore::ScriptCachedFrameData::restore):
        * bindings/js/ScriptObject.cpp:
        (WebCore::ScriptGlobalObject::set):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::putProperty):
        * bindings/scripts/CodeGeneratorJS.pm:
        * bridge/qt/qt_class.cpp:
        (JSC::Bindings::QtClass::fallbackObject):
        * bridge/qt/qt_instance.cpp:
        (JSC::Bindings::QtInstance::QtInstance):
        (JSC::Bindings::QtInstance::removeCachedMethod):
        (JSC::Bindings::QtInstance::markAggregate):
        * bridge/qt/qt_instance.h:
        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
        (JSC::Bindings::QtRuntimeMetaMethod::markChildren):
        (JSC::Bindings::QtRuntimeMetaMethod::connectGetter):
        (JSC::Bindings::QtRuntimeMetaMethod::disconnectGetter):
        * bridge/qt/qt_runtime.h:
        * dom/Document.h:

2011-01-31  Dan Winship  <danw@gnome.org>

        Reviewed by Gustavo Noronha Silva.

        wss (websockets ssl) support for gtk via new gio TLS support
        https://bugs.webkit.org/show_bug.cgi?id=50344

        Update to use GPollableOutputStream and GTlsConnection to
        implement wss URLs

        * platform/network/soup/SocketStreamHandle.h:
        * platform/network/soup/SocketStreamHandleSoup.cpp:
        (WebCore::SocketStreamHandle::SocketStreamHandle):
        (WebCore::SocketStreamHandle::connected):
        (WebCore::SocketStreamHandle::platformSend):
        (WebCore::SocketStreamHandle::beginWaitingForSocketWritability):
        (WebCore::writeReadyCallback):

2011-01-31  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dimitri Glazkov.

        Check the textarea node still exists in document before casting
        it to HTMLTextAreaElement.
        https://bugs.webkit.org/show_bug.cgi?id=53429

        Test: fast/forms/textarea-node-removed-from-document-crash.html

        * rendering/RenderTextControlMultiLine.cpp:
        (WebCore::RenderTextControlMultiLine::~RenderTextControlMultiLine):

2011-01-27  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dave Hyatt.

        If beforeChild is wrapped in an anonymous table section, we need to
        go the parent to find it and use it before adding childs to table.
        https://bugs.webkit.org/show_bug.cgi?id=53276

        We need to make sure that beforeChild's parent is "this" before calling
        RenderBox::addChild. The previous condition in while is too restrictive
        and fails to calculate the right beforeChild value when its display
        style is table caption.
        Test: fast/table/before-child-non-table-section-add-table-crash.html

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::addChild):

2011-01-31  Shane Stephens  <shanestephens@google.com>

        Reviewed by Simon Fraser.

        AffineTransform::translateRight incorrectly computes a translateLeft.
        https://bugs.webkit.org/show_bug.cgi?id=52551

        Removed translateRight and converted all uses to perform standard
        matrix multiplication.

        No new tests because patch doesn't modify functionality.

        * platform/graphics/transforms/AffineTransform.cpp:
        * platform/graphics/transforms/AffineTransform.h:
        (WebCore::AffineTransform::translation):
        * rendering/svg/RenderSVGResourceMarker.cpp:
        (WebCore::RenderSVGResourceMarker::localToParentTransform):
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::localToRepaintContainerTransform):
        (WebCore::RenderSVGRoot::localToParentTransform):
        * rendering/svg/RenderSVGViewportContainer.cpp:
        (WebCore::RenderSVGViewportContainer::localToParentTransform):
        * rendering/svg/SVGTextLayoutEngine.cpp:
        (WebCore::SVGTextLayoutEngine::finalizeTransformMatrices):

2011-01-31  Mario Sanchez Prada  <msanchez@igalia.com>

        Reviewed by Martin Robinson.

        [Gtk] atk_text_set_caret_offset returns True even when it is unsuccessful
        https://bugs.webkit.org/show_bug.cgi?id=53389

        Return FALSE when not able to set the caret at the specified offset.

        * accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:
        (webkit_accessible_text_set_caret_offset): Return FALSE when the
        range created is NULL and adjust offset to account for list markers.

2011-01-28  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: copy HAR to clipboard instead of saving blob on export.
        https://bugs.webkit.org/show_bug.cgi?id=53328

        * inspector/front-end/NetworkPanel.js:
        (WebInspector.NetworkPanel.prototype._exportAll):
        (WebInspector.NetworkPanel.prototype._exportResource):

2011-01-30  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: speed up network panel rendering.
        https://bugs.webkit.org/show_bug.cgi?id=53397

        * inspector/front-end/DataGrid.js:
        (WebInspector.DataGrid.prototype.get scrollContainer):
        * inspector/front-end/NetworkPanel.js:
        (WebInspector.NetworkPanel.prototype.elementsToRestoreScrollPositionsFor):
        (WebInspector.NetworkPanel.prototype._positionSummaryBar):
        (WebInspector.NetworkPanel.prototype._createTable):
        (WebInspector.NetworkPanel.prototype._exportResource):
        (WebInspector.NetworkPanel.prototype._onScroll):
        * inspector/front-end/networkPanel.css:
        (.network-sidebar .data-grid.small tr.offscreen):
        (.network-sidebar .data-grid tr.offscreen):
        (.network-sidebar .data-grid tr.offscreen td):

2011-01-31  Peter Varga  <pvarga@webkit.org>

        Reviewed by Andreas Kling.

        Remove wrec from WebCore
        https://bugs.webkit.org/show_bug.cgi?id=53298

        No new tests needed.

        * Android.jscbindings.mk:
        * ForwardingHeaders/wrec/WREC.h: Removed.
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.vcproj/copyForwardingHeaders.cmd:

2011-01-31  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r76969.
        http://trac.webkit.org/changeset/76969
        https://bugs.webkit.org/show_bug.cgi?id=53418

        "It is causing crashes in GTK+ and Leopard bots" (Requested by
        alexg__ on #webkit).

        * bridge/runtime_root.cpp:
        (JSC::Bindings::RootObject::invalidate):
        (JSC::Bindings::RootObject::addRuntimeObject):
        (JSC::Bindings::RootObject::removeRuntimeObject):
        * bridge/runtime_root.h:

2011-01-31  Antti Koivisto  <antti@apple.com>

        Not reviewed.

        Spelling.

        * css/CSSSelectorList.h:
        (WebCore::CSSSelectorList::next):

2011-01-31  Yury Semikhatsky  <yurys@chromium.org>

        Unreviewed. Fix Chromium compilation on Linux.

        * platform/graphics/ShadowBlur.cpp: added PLATFORM(CHROMIUM) guard
        * platform/graphics/ShadowBlur.h: added missing ColorSpace.h header include

2011-01-31  Yury Semikhatsky  <yurys@chromium.org>

        Unreviewed. Fix Chromium compilation on Mac broken by r77101.

        * WebCore.gypi: add ShadowBlur.{h,cpp} to the gypi file.

2011-01-31  Mikhail Naganov  <mnaganov@chromium.org>

        Reviewed by Yury Semikhatsky.

        WebInspector: Change button title from "Clear CPU profiles" to "Clear all profiles".

        https://bugs.webkit.org/show_bug.cgi?id=53309

        * English.lproj/localizedStrings.js:
        * inspector/front-end/ProfilesPanel.js:
        (WebInspector.ProfilesPanel):

2011-01-31  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed, fix the build with current GTK+ 3.x.

        * plugins/gtk/gtk2xtbin.c:
        * plugins/gtk/gtk2xtbin.h:

2011-01-30  Kenichi Ishibashi  <bashi@google.com>

        Reviewed by Kent Tamura.

        Dangling form associated elements should not be registered on the document
        https://bugs.webkit.org/show_bug.cgi?id=53223

        Adds insertedIntoDocument() and remvoedFromDocument() to
        FormAssociatedElement class to register the element on the document
        if and only if it actually inserted into (removed from) the document.

        Test: fast/forms/dangling-form-element-crash.html

        * html/FormAssociatedElement.cpp:
        (WebCore::FormAssociatedElement::insertedIntoDocument): Added.
        (WebCore::FormAssociatedElement::removedFromDocument): Ditto.
        (WebCore::FormAssociatedElement::insertedIntoTree): Don't register
        the element to a document.
        (WebCore::FormAssociatedElement::removedFromTree): Don't unregister
        the element from a document.
        * html/FormAssociatedElement.h:
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::insertedIntoDocument): Added.
        (WebCore::HTMLFormControlElement::removedFromDocument): Ditto.
        * html/HTMLFormControlElement.h:
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::insertedIntoDocument): Calls
        FormAssociatedElement::insertedIntoDocument().
        (WebCore::HTMLObjectElement::removedFromDocument): Calls
        FormAssociatedElement::removedFromDocument().

2011-01-30  Csaba Osztrogonác  <ossy@webkit.org>

        Unreviewed, rolling out r77098, r77099, r77100, r77109, and
        r77111.
        http://trac.webkit.org/changeset/77098
        http://trac.webkit.org/changeset/77099
        http://trac.webkit.org/changeset/77100
        http://trac.webkit.org/changeset/77109
        http://trac.webkit.org/changeset/77111
        https://bugs.webkit.org/show_bug.cgi?id=53219

        Qt build is broken

        * ForwardingHeaders/runtime/WriteBarrier.h: Removed.
        * WebCore.exp.in:
        * bindings/js/DOMWrapperWorld.h:
        * bindings/js/JSAudioConstructor.cpp:
        (WebCore::JSAudioConstructor::JSAudioConstructor):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::markDOMNodesForDocument):
        (WebCore::markDOMObjectWrapper):
        (WebCore::markDOMNodeWrapper):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::markChildren):
        (WebCore::JSDOMGlobalObject::setInjectedScript):
        (WebCore::JSDOMGlobalObject::injectedScript):
        * bindings/js/JSDOMGlobalObject.h:
        (WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData::JSDOMGlobalObjectData):
        (WebCore::getDOMConstructor):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setLocation):
        (WebCore::DialogHandler::dialogCreated):
        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::JSDOMWindowShell):
        (WebCore::JSDOMWindowShell::setWindow):
        (WebCore::JSDOMWindowShell::markChildren):
        (WebCore::JSDOMWindowShell::unwrappedObject):
        * bindings/js/JSDOMWindowShell.h:
        (WebCore::JSDOMWindowShell::window):
        (WebCore::JSDOMWindowShell::setWindow):
        * bindings/js/JSDeviceMotionEventCustom.cpp:
        (WebCore::createAccelerationObject):
        (WebCore::createRotationRateObject):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::JSEventListener):
        (WebCore::JSEventListener::markJSFunction):
        * bindings/js/JSEventListener.h:
        (WebCore::JSEventListener::jsFunction):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::setAll):
        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::JSImageConstructor):
        * bindings/js/JSImageDataCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSJavaScriptCallFrameCustom.cpp:
        (WebCore::JSJavaScriptCallFrame::scopeChain):
        (WebCore::JSJavaScriptCallFrame::scopeType):
        * bindings/js/JSNodeFilterCondition.cpp:
        (WebCore::JSNodeFilterCondition::markAggregate):
        (WebCore::JSNodeFilterCondition::acceptNode):
        * bindings/js/JSNodeFilterCondition.h:
        * bindings/js/JSNodeFilterCustom.cpp:
        * bindings/js/JSOptionConstructor.cpp:
        (WebCore::JSOptionConstructor::JSOptionConstructor):
        * bindings/js/JSSQLResultSetRowListCustom.cpp:
        (WebCore::JSSQLResultSetRowList::item):
        * bindings/js/ScriptCachedFrameData.cpp:
        (WebCore::ScriptCachedFrameData::restore):
        * bindings/js/ScriptObject.cpp:
        (WebCore::ScriptGlobalObject::set):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::putProperty):
        * bindings/scripts/CodeGeneratorJS.pm:
        * bridge/qt/qt_instance.cpp:
        (JSC::Bindings::QtInstance::QtInstance):
        (JSC::Bindings::QtInstance::removeCachedMethod):
        (JSC::Bindings::QtInstance::markAggregate):
        * bridge/qt/qt_instance.h:
        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
        (JSC::Bindings::QtRuntimeMetaMethod::markChildren):
        (JSC::Bindings::QtRuntimeMetaMethod::connectGetter):
        (JSC::Bindings::QtRuntimeMetaMethod::disconnectGetter):
        * bridge/qt/qt_runtime.h:
        * bridge/runtime_root.cpp:
        (JSC::Bindings::RootObject::invalidate):
        * bridge/runtime_root.h:
        * dom/Document.h:

2011-01-30  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r77107.
        http://trac.webkit.org/changeset/77107
        https://bugs.webkit.org/show_bug.cgi?id=53412

        Caused 5 new form-related test crashes (Requested by smfr on
        #webkit).

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::pseudoId):
        (WebCore::nameToPseudoTypeMap):
        (WebCore::CSSSelector::extractPseudoType):
        * css/CSSSelector.h:
        * html/HTMLProgressElement.cpp:
        (WebCore::HTMLProgressElement::parseMappedAttribute):
        (WebCore::HTMLProgressElement::attach):
        * html/HTMLProgressElement.h:
        * rendering/RenderProgress.cpp:
        (WebCore::RenderProgress::~RenderProgress):
        (WebCore::RenderProgress::updateFromElement):
        (WebCore::RenderProgress::layoutParts):
        (WebCore::RenderProgress::shouldHaveParts):
        * rendering/RenderProgress.h:
        * rendering/style/RenderStyleConstants.h:

2011-01-30  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Sam Weinig.

        Enhance ShadowBlur to render inset box shadows
        https://bugs.webkit.org/show_bug.cgi?id=51567
        
        Use ShadowBlur for inset box-shadows with CG. It 
        currently lacks a tiled version, but is still much
        faster than CG shadows.

        Test: fast/box-shadow/inset-box-shadow-radius.html

        * platform/graphics/ShadowBlur.cpp:
        * platform/graphics/ShadowBlur.h: New method for inset
        shadows.
        (WebCore::ShadowBlur::drawInsetShadow): 

        * platform/graphics/GraphicsContext.cpp: #ifdef out
        fillRectWithRoundedHole() for CG.

        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::fillRectWithRoundedHole): If there's
        a shadow with a radius > 0, use ShadowBlur.

2011-01-28  Kenneth Russell  <kbr@google.com>

        Reviewed by Chris Marrin.

        WebGL shows PNG Textures with indexed colors too dark
        https://bugs.webkit.org/show_bug.cgi?id=47477

        Properly handle indexed PNG images by re-rendering them as RGBA
        images before upload. Verified with this layout test and the test
        cases from bugs 47477 and 53269.

        * platform/graphics/cg/GraphicsContext3DCG.cpp:
        (WebCore::GraphicsContext3D::getImageData):

2011-01-27  MORITA Hajime  <morrita@google.com>

        Reviewed by Dimitri Glazkov.
        
        Convert <progress> shadow DOM to a DOM-based shadow.
        https://bugs.webkit.org/show_bug.cgi?id=50660

        * Removed RenderProgress::m_valuePart, moved the shadow node
          to the shadow root of HTMLProgressElement.
        * Removed hard-coded pseudo ID for -webkit-progress-bar-value.
          ProgressBarValueElement is defined only for overriding
          shadowPseudoId().
        
        No new tests. No behavioral change.

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::pseudoId):
        (WebCore::nameToPseudoTypeMap):
        (WebCore::CSSSelector::extractPseudoType):
        * css/CSSSelector.h:
        * html/HTMLProgressElement.cpp:
        (WebCore::ProgressBarValueElement::ProgressBarValueElement):
        (WebCore::ProgressBarValueElement::shadowPseudoId):
        (WebCore::ProgressBarValueElement::create):
        (WebCore::HTMLProgressElement::parseMappedAttribute):
        (WebCore::HTMLProgressElement::attach):
        (WebCore::HTMLProgressElement::valuePart):
        (WebCore::HTMLProgressElement::didElementStateChange):
        (WebCore::HTMLProgressElement::createShadowSubtreeIfNeeded):
        * html/HTMLProgressElement.h:
        * rendering/RenderProgress.cpp:
        (WebCore::RenderProgress::~RenderProgress):
        (WebCore::RenderProgress::updateFromElement):
        (WebCore::RenderProgress::layoutParts):
        (WebCore::RenderProgress::shouldHaveParts):
        (WebCore::RenderProgress::valuePart):
        * rendering/RenderProgress.h:
        * rendering/style/RenderStyleConstants.h:

2011-01-30  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Ariya Hidayat.

        Enhance ShadowBlur to render inset box shadows; Part 1.
        https://bugs.webkit.org/show_bug.cgi?id=51567
        
        Add a new method to GraphicsContext to render a rect with a rounded hole,
        for use by inset box-shadow code. Knowledge that we're rendering a rounded
        hole will enable ShadowBlur to be used here in future.

        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::fillRectWithRoundedHole):
        * platform/graphics/GraphicsContext.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintBoxShadow):

2011-01-23  MORITA Hajime  <morrita@google.com>

        Reviewed by Eric Seidel.

        REGRESSION: Inset shadow with too large border radius misses rounded corner.
        https://bugs.webkit.org/show_bug.cgi?id=52800

        The refactoring on r76083 broke the invariant between border
        IntRect and its radii because RoundedIntRect::setRect() is called
        after getRoundedInnerBorderWithBorderWidths(), which enforces the
        invariant. Th rounded-rect clipping code verifies the invariant,
        and discard the invalid radii, that results broken paintings.
        
        This change moved setRect() before
        getRoundedInnerBorderWithBorderWidths() not to modify the valid
        RoundedIntRect value.
        
        Test: fast/box-shadow/inset-with-extraordinary-radii-and-border.html

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintBoxShadow):

2011-01-30  Simon Fraser  <simon.fraser@apple.com>

        Attempt to fix Windows build by adding ShadowBlur.cpp/h to the
        vcproj.

        * WebCore.vcproj/WebCore.vcproj:

2011-01-30  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        -webkit-box-shadow causes awful scroll/resize/redraw performance
        https://bugs.webkit.org/show_bug.cgi?id=22102
        
        Use ShadowBlur for CG, whe rendering shadows on rects and
        rounded rects outside of canvas.
        
        CG shadows with a radius of more than 8px do not render
        correctly. We preserve this incorrect rendering by compensating
        for it when rending -webkit-box-shadow. Calls that should use
        this deprecated radius behavior now use setLegacyShadow().

        Test: fast/box-shadow/box-shadow-transformed.html
        
        * html/canvas/CanvasRenderingContext2D.cpp: Use setLegacyShadow()
        for canvas, to indicate that it should use the deprecated radius
        behavior.
        (WebCore::CanvasRenderingContext2D::setAllAttributesToDefault): Ditto.
        (WebCore::CanvasRenderingContext2D::setShadow): Ditto.
        (WebCore::CanvasRenderingContext2D::applyShadow): Ditto.
        
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::setLegacyShadow): Set the m_state.shadowsUseLegacyRadius bit.
        
        * platform/graphics/GraphicsContext.h:
        (WebCore::GraphicsContextState::GraphicsContextState): Add a 
        shadowsUseLegacyRadius bit to the state.
        
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::radiusToLegacyRadius): Map from the actual radius to one
        that approximates CG behavior.
        (WebCore::hasBlurredShadow): Helper that returns true if we have a shadow
        with a non-zero blur radius.
        (WebCore::GraphicsContext::fillRect): Use ShadowBlur if not canvas.
        (WebCore::GraphicsContext::fillRoundedRect): Ditto.
        (WebCore::GraphicsContext::setPlatformShadow): Comment.

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintBoxShadow): Call setLegacyShadow()
        for -webkit-box-shadow.

        * platform/graphics/ShadowBlur.cpp: 
        (WebCore::ShadowBlur::calculateLayerBoundingRect): Fix some pixel crack issues
        by rounding up the blur radius.
        (WebCore::ShadowBlur::drawRectShadow): Ditto
        (WebCore::ShadowBlur::drawRectShadowWithTiling): Ditto.

2011-01-30  Oliver Hunt  <oliver@apple.com>

        Try to fix Qt build (again).

        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::QtRuntimeMetaMethod::connectGetter):
        (JSC::Bindings::QtRuntimeMetaMethod::disconnectGetter):

2011-01-30  Oliver Hunt  <oliver@apple.com>

        Try to fix Qt build.

        * bridge/qt/qt_instance.cpp:
        (JSC::Bindings::QtInstance::QtInstance):
        (JSC::Bindings::QtInstance::removeCachedMethod):
        (JSC::Bindings::QtInstance::markAggregate):
        * bridge/qt/qt_instance.h:

2011-01-30  Oliver Hunt  <oliver@apple.com>

        Convert markstack to a slot visitor API
        https://bugs.webkit.org/show_bug.cgi?id=53219

        rolling r77006 and r77020 back in.

        * ForwardingHeaders/runtime/WriteBarrier.h: Added.
        * WebCore.exp.in:
        * bindings/js/DOMWrapperWorld.h:
        (WebCore::DOMWrapperWorld::globalData):
        * bindings/js/JSAudioConstructor.cpp:
        (WebCore::JSAudioConstructor::JSAudioConstructor):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::markDOMNodesForDocument):
        (WebCore::markDOMObjectWrapper):
        (WebCore::markDOMNodeWrapper):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::markChildren):
        (WebCore::JSDOMGlobalObject::setInjectedScript):
        (WebCore::JSDOMGlobalObject::injectedScript):
        * bindings/js/JSDOMGlobalObject.h:
        (WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData::JSDOMGlobalObjectData):
        (WebCore::getDOMConstructor):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setLocation):
        (WebCore::DialogHandler::dialogCreated):
        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::JSDOMWindowShell):
        (WebCore::JSDOMWindowShell::setWindow):
        (WebCore::JSDOMWindowShell::markChildren):
        (WebCore::JSDOMWindowShell::unwrappedObject):
        * bindings/js/JSDOMWindowShell.h:
        (WebCore::JSDOMWindowShell::window):
        (WebCore::JSDOMWindowShell::setWindow):
        * bindings/js/JSDeviceMotionEventCustom.cpp:
        (WebCore::createAccelerationObject):
        (WebCore::createRotationRateObject):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::JSEventListener):
        (WebCore::JSEventListener::markJSFunction):
        * bindings/js/JSEventListener.h:
        (WebCore::JSEventListener::jsFunction):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::setAll):
        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::JSImageConstructor):
        * bindings/js/JSImageDataCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSJavaScriptCallFrameCustom.cpp:
        (WebCore::JSJavaScriptCallFrame::scopeChain):
        (WebCore::JSJavaScriptCallFrame::scopeType):
        * bindings/js/JSNodeFilterCondition.cpp:
        (WebCore::JSNodeFilterCondition::markAggregate):
        (WebCore::JSNodeFilterCondition::acceptNode):
        * bindings/js/JSNodeFilterCondition.h:
        * bindings/js/JSNodeFilterCustom.cpp:
        * bindings/js/JSOptionConstructor.cpp:
        (WebCore::JSOptionConstructor::JSOptionConstructor):
        * bindings/js/JSSQLResultSetRowListCustom.cpp:
        (WebCore::JSSQLResultSetRowList::item):
        * bindings/js/ScriptCachedFrameData.cpp:
        (WebCore::ScriptCachedFrameData::restore):
        * bindings/js/ScriptObject.cpp:
        (WebCore::ScriptGlobalObject::set):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::putProperty):
        * bindings/scripts/CodeGeneratorJS.pm:
        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
        (JSC::Bindings::QtRuntimeMetaMethod::markChildren):
        (JSC::Bindings::QtRuntimeMetaMethod::connectGetter):
        (JSC::Bindings::QtRuntimeMetaMethod::disconnectGetter):
        * bridge/qt/qt_runtime.h:
        * bridge/runtime_root.cpp:
        (JSC::Bindings::RootObject::invalidate):
        * bridge/runtime_root.h:
        * dom/Document.h:

2011-01-30  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Sam Weinig.

        Make ContextShadow code cross-platform
        https://bugs.webkit.org/show_bug.cgi?id=51312

        Add a new class, ShadowBlur, that contains most of the
        code from ContextShadow, but is fully cross-platform.
        It depends on one new method, GraphicsContext::clipBounds(),
        which platforms will have to implement.
        
        Add ShadowBlur to the Mac Xcode project, but don't use it
        anywhere yet.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::clipBounds):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/ShadowBlur.cpp: Added.
        (WebCore::roundUpToMultipleOf32):
        (WebCore::ScratchBuffer::ScratchBuffer):
        (WebCore::ScratchBuffer::getScratchBuffer):
        (WebCore::ScratchBuffer::scheduleScratchBufferPurge):
        (WebCore::ScratchBuffer::timerFired):
        (WebCore::ScratchBuffer::clearScratchBuffer):
        (WebCore::ScratchBuffer::shared):
        (WebCore::ShadowBlur::ShadowBlur):
        (WebCore::ShadowBlur::blurLayerImage):
        (WebCore::ShadowBlur::adjustBlurDistance):
        (WebCore::ShadowBlur::calculateLayerBoundingRect):
        (WebCore::ShadowBlur::beginShadowLayer):
        (WebCore::ShadowBlur::endShadowLayer):
        (WebCore::ShadowBlur::drawRectShadow):
        (WebCore::ShadowBlur::drawRectShadowWithoutTiling):
        (WebCore::ShadowBlur::drawRectShadowWithTiling):
        (WebCore::ShadowBlur::clipBounds):
        * platform/graphics/ShadowBlur.h: Added.
        (WebCore::ShadowBlur::setShadowsIgnoreTransforms):
        (WebCore::ShadowBlur::shadowsIgnoreTransforms):
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::clipBounds):

2011-01-29  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        CSS3 gradients with em-based stops fail to repaint when font size changes
        https://bugs.webkit.org/show_bug.cgi?id=51845
        
        Mark as uncacheable gradidients whose color stops depend on font size,
        and don't attempt to put these into CSSImageGeneratorValue's image cache.
        This means we return a new gradient each time, which is fairly cheap, and
        fixes repaint issues under changing font size.

        Test: fast/repaint/gradients-em-stops-repaint.html

        * css/CSSGradientValue.cpp:
        (WebCore::CSSGradientValue::image):
        (WebCore::CSSGradientValue::isCacheable):
        * css/CSSGradientValue.h:

2011-01-29  Geoffrey Garen  <ggaren@apple.com>

        Undo try to fix the Qt build.
        
        My guess didn't work.

        * WebCore.pro:

2011-01-29  Geoffrey Garen  <ggaren@apple.com>

        Try to fix the Qt build.

        * WebCore.pro: Added platform/text/CharacterNames.h.

2011-01-28  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        Some more Heap cleanup.
        https://bugs.webkit.org/show_bug.cgi?id=53357
        
        Updated for JavaScriptCore changes.

        * bindings/js/ScriptGCEvent.cpp:
        (WebCore::ScriptGCEvent::getHeapSize):

2011-01-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Fix XSSFilter crash when extracting the source for a token twice
        https://bugs.webkit.org/show_bug.cgi?id=53368

        Previously, it was unsafe to extract the source for the same token
        twice because the HTMLSourceTracker would advance its internal
        representation of the SegmentedString.  This patch introduces a cache
        to make calling HTMLSourceTracker::sourceForToken multiple times safe.

        * html/parser/HTMLSourceTracker.cpp:
        (WebCore::HTMLSourceTracker::end):
        (WebCore::HTMLSourceTracker::sourceForToken):
        * html/parser/HTMLSourceTracker.h:

2011-01-29  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Dan Bernstein.

        Fix fat build for both 32-bit and 64-bit under llvm-gcc 4.2
        https://bugs.webkit.org/show_bug.cgi?id=53386

        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::elasticDeltaForReboundDelta):
        (WebCore::scrollWheelMultiplier):
        (WebCore::ScrollAnimatorMac::smoothScrollWithEvent):
        (WebCore::ScrollAnimatorMac::beginScrollGesture):
        (WebCore::roundTowardZero):
        (WebCore::ScrollAnimatorMac::snapRubberBandTimerFired):

2011-01-29  Daniel Bates  <dbates@rim.com>

        Reviewed by Maciej Stachowiak.

        Remove reference to ${CMAKE_SOURCE_DIR}/Source in CMake files
        https://bugs.webkit.org/show_bug.cgi?id=53382

        Our file system hierarchy ensures that CMAKE_SOURCE_DIR is defined to be /Source.
        So, ${CMAKE_SOURCE_DIR}/Source evaluates to the non-existent directory /Source/Source.
        Therefore, we should remove such references.

        * CMakeLists.txt:

2011-01-29  Sam Weinig  <sam@webkit.org>

        Reviewed by Jon Honeycutt.

        Fix 32-bit build on the Mac.

        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::roundTowardZero):
        (WebCore::roundToDevicePixelTowardZero):
        Use floats instead of doubles to avoid double-to-float conversion
        issues.

2011-01-29  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Adam Barth.

        Use clampToInteger() functions in a few places
        https://bugs.webkit.org/show_bug.cgi?id=53363
        
        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::applyProperty): Use clampToInteger() for z-index.
        (WebCore::CSSStyleSelector::createTransformOperations): Use clampToPositiveInteger().
        * platform/graphics/transforms/PerspectiveTransformOperation.cpp: Ditto.
        (WebCore::PerspectiveTransformOperation::blend): Ditto.

2011-01-29  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by David Kilzer.

        Move CharacterNames.h into WTF directory
        https://bugs.webkit.org/show_bug.cgi?id=49618

        * ForwardingHeaders/wtf/unicode/CharacterNames.h: Added.
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * accessibility/AccessibilityObject.cpp:
        * accessibility/AccessibilityRenderObject.cpp:
        * bindings/cpp/WebDOMHTMLDocumentCustom.cpp:
        * bindings/js/JSHTMLDocumentCustom.cpp:
        * dom/Position.cpp:
        * dom/SelectElement.cpp:
        * editing/CompositeEditCommand.cpp:
        * editing/Editor.cpp:
        * editing/HTMLInterchange.cpp:
        * editing/InsertTextCommand.cpp:
        * editing/MarkupAccumulator.cpp:
        * editing/TextIterator.cpp:
        * editing/VisibleSelection.cpp:
        * editing/htmlediting.cpp:
        * editing/htmlediting.h:
        * editing/markup.cpp:
        * html/FTPDirectoryDocument.cpp:
        * html/HTMLFormControlElement.cpp:
        * html/parser/HTMLTreeBuilder.cpp:
        * loader/appcache/ManifestParser.cpp:
        * platform/chromium/PopupMenuChromium.cpp:
        * platform/graphics/Font.h:
        * platform/graphics/FontFastPath.cpp:
        * platform/graphics/GlyphPageTreeNode.cpp:
        * platform/graphics/StringTruncator.cpp:
        * platform/graphics/mac/ComplexTextController.cpp:
        * platform/graphics/mac/ComplexTextControllerATSUI.cpp:
        * platform/graphics/wince/GraphicsContextWinCE.cpp:
        * platform/mac/PasteboardMac.mm:
        * platform/text/TextCodecICU.cpp:
        * platform/text/mac/TextCodecMac.cpp:
        * platform/text/transcoder/FontTranscoder.cpp:
        * rendering/RenderBlockLineLayout.cpp:
        * rendering/RenderFlexibleBox.cpp:
        * rendering/RenderListMarker.cpp:
        * rendering/RenderText.cpp:
        * rendering/RenderTextControl.cpp:
        * rendering/RenderTreeAsText.cpp:
        * rendering/break_lines.cpp:
        * rendering/mathml/RenderMathMLOperator.h:
        * websockets/WebSocketHandshake.cpp:
        * wml/WMLTableElement.cpp:

2011-01-29  Dan Winship  <danw@gnome.org>

        Reviewed by Xan Lopez.

        [GTK] Remove HAVE_LIBSOUP_2_29_90 conditionals; we depend on
        libsoup 2.33.1 now.
        https://bugs.webkit.org/show_bug.cgi?id=50675

        * platform/network/soup/CookieJarSoup.cpp:
        (WebCore::defaultCookieJar):
        (WebCore::setCookies):
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::ResourceHandle::prepareForURL):
        (WebCore::restartedCallback):
        (WebCore::startHttp):
        * platform/network/soup/ResourceRequestSoup.cpp:
        (WebCore::ResourceRequest::updateSoupMessage):
        (WebCore::ResourceRequest::toSoupMessage):
        (WebCore::ResourceRequest::updateFromSoupMessage):

2011-01-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        XSSFilter should replace URLs with about:blank instead of the empty string
        https://bugs.webkit.org/show_bug.cgi?id=53370

        Using the empty string will make the URL complete to the current
        document's URL, which isn't really what we want.  Instead, we want to
        use about:blank, which is safe.

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterObjectToken):
        (WebCore::XSSFilter::filterEmbedToken):

2011-01-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        XSSFilter should pass xssAuditor/script-tag-addslashes*
        https://bugs.webkit.org/show_bug.cgi?id=53365

        We need to canonicalize strings to avoid being tricked by addslashes.

        * html/parser/XSSFilter.cpp:
        (WebCore::HTMLNames::isNonCanonicalCharacter):
            - This function is copied from the XSSAuditor (with some tweaks).
              We'll eventually remove the XSSAuditor once we've got XSSFilter
              working properly.
        (WebCore::HTMLNames::canonicalize):
        (WebCore::HTMLNames::decodeURL):
        (WebCore::XSSFilter::isContainedInRequest):

2011-01-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        XSSFilter should pass xssAuditor/script-tag-with-source-same-host.html
        and xssAuditor/script-tag-post-*
        https://bugs.webkit.org/show_bug.cgi?id=53364

        We're supposed to allow loading same-origin resources even if they
        appear as part of the request.

        Also, we're supposed to look at the POST data too.  :)

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::eraseAttributeIfInjected):
        (WebCore::XSSFilter::isSameOriginResource):
            - Copy/paste from XSSAuditor::isSameOriginResource.  We'll
              eventually remove the XSSAuditor version when XSSFilter is done.
        * html/parser/XSSFilter.h:

2011-01-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        XSSFilter should pass 16 of the xssAuditor/script-tag* tests
        https://bugs.webkit.org/show_bug.cgi?id=53362

        Turns out we need to replace the src attribute of script tags with
        about:blank to avoid loading the main document URL as a script.  Also,
        move misplaced return statement that was triggering the console message
        too often.

        * html/parser/HTMLToken.h:
        (WebCore::HTMLToken::appendToAttributeValue):
        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterScriptToken):
        (WebCore::XSSFilter::eraseAttributeIfInjected):
        * html/parser/XSSFilter.h:

2011-01-28  Jon Honeycutt  <jhoneycutt@apple.com>

        Downloads in WK2 on Windows should write resume data to bundle
        https://bugs.webkit.org/show_bug.cgi?id=53282
        <rdar://problem/8753077>

        Reviewed by Alice Liu.

        * WebCore.vcproj/WebCore.vcproj:
        Added new files to project.

        * platform/network/cf/DownloadBundle.h: Added.
        * platform/network/win/DownloadBundleWin.cpp: Added.
        (WebCore::DownloadBundle::magicNumber):
        Moved from WebKit's WebDownload so that WebKit and WebKit2 can share
        it.
        (WebCore::DownloadBundle::fileExtension):
        Ditto.
        (WebCore::DownloadBundle::appendResumeData):
        Ditto - but modified to return bool rather than HRESULT and to clean up
        whitespace.
        (WebCore::DownloadBundle::extractResumeData):
        Ditto - modified to clean up whitespace.

2011-01-29  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r77050.
        http://trac.webkit.org/changeset/77050
        https://bugs.webkit.org/show_bug.cgi?id=53371

        Caused a crash in Chromium's test_shell_tests (Requested by
        rniwa on #webkit).

        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::FragmentParsingContext::FragmentParsingContext):
        (WebCore::HTMLTreeBuilder::FragmentParsingContext::document):
        (WebCore::HTMLTreeBuilder::FragmentParsingContext::finished):
        * html/parser/HTMLTreeBuilder.h:

2011-01-28  Eric Seidel  <eric@webkit.org>

        Reviewed by Darin Adler.

        HTML5 TreeBuilder regressed a Peacekeeper DOM test by 40%
        https://bugs.webkit.org/show_bug.cgi?id=48719

        It's unclear exactly what the Peacekeeper benchmark is testing,
        because I haven't found a way to run it myself.

        However, I constructed a benchmark which shows at least one possible slow point.
        The HTML5 spec talks about creating a new document for every time we use
        the fragment parsing algorithm.  Document() it turns out, it a huge bloated
        mess, and the constructor and destructor do a huge amount of work.
        To avoid constructing (or destructing) documents for each innerHTML call,
        this patch adds a shared dummy document used by all innerHTML calls.

        This patch brings us from 7x slower than Safari 5 on tiny-innerHTML
        to only 1.5x slower than Safari 5.  I'm sure there is more work to do here.

        Saving a shared Document like this is error prone.  Currently
        DummyDocumentFactory::releaseDocument() calls removeAllChildren()
        in an attempt to clear the Document's state. However it's possible
        that that call is not sufficient and we'll have future bugs here.

        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::DummyDocumentFactory::createDummyDocument):
        (WebCore::DummyDocumentFactory::releaseDocument):
        (WebCore::HTMLTreeBuilder::FragmentParsingContext::FragmentParsingContext):
        (WebCore::HTMLTreeBuilder::FragmentParsingContext::document):
        (WebCore::HTMLTreeBuilder::FragmentParsingContext::finished):
        * html/parser/HTMLTreeBuilder.h:

2011-01-28  Johnny Ding  <jnd@chromium.org>

        Reviewed by Adam Barth.

        Gesture API: Don't use current gesture status to set "forceUserGesture" parameter when calling ScriptController::executeScript.
        The "forceUserGesture" parameter should be only set when you are definitely sure that the running script is from a hyper-link.
        https://bugs.webkit.org/show_bug.cgi?id=53244

        Test: fast/events/popup-blocked-from-iframe-src.html

        * bindings/ScriptControllerBase.cpp:
        (WebCore::ScriptController::executeIfJavaScriptURL):

2011-01-28  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Gavin Barraclough.

        Add various clampToInt() methods to MathExtras.h
        https://bugs.webkit.org/show_bug.cgi?id=52910

        Use clampToInteger() from MathExtras.h

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseCounter):

2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r77006 and r77020.
        http://trac.webkit.org/changeset/77006
        http://trac.webkit.org/changeset/77020
        https://bugs.webkit.org/show_bug.cgi?id=53360

        "Broke Windows tests" (Requested by rniwa on #webkit).

        * ForwardingHeaders/runtime/WriteBarrier.h: Removed.
        * WebCore.exp.in:
        * bindings/js/DOMWrapperWorld.h:
        * bindings/js/JSAudioConstructor.cpp:
        (WebCore::JSAudioConstructor::JSAudioConstructor):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::markDOMNodesForDocument):
        (WebCore::markDOMObjectWrapper):
        (WebCore::markDOMNodeWrapper):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::markChildren):
        (WebCore::JSDOMGlobalObject::setInjectedScript):
        (WebCore::JSDOMGlobalObject::injectedScript):
        * bindings/js/JSDOMGlobalObject.h:
        (WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData::JSDOMGlobalObjectData):
        (WebCore::getDOMConstructor):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setLocation):
        (WebCore::DialogHandler::dialogCreated):
        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::JSDOMWindowShell):
        (WebCore::JSDOMWindowShell::setWindow):
        (WebCore::JSDOMWindowShell::markChildren):
        (WebCore::JSDOMWindowShell::unwrappedObject):
        * bindings/js/JSDOMWindowShell.h:
        (WebCore::JSDOMWindowShell::window):
        (WebCore::JSDOMWindowShell::setWindow):
        * bindings/js/JSDeviceMotionEventCustom.cpp:
        (WebCore::createAccelerationObject):
        (WebCore::createRotationRateObject):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::JSEventListener):
        (WebCore::JSEventListener::markJSFunction):
        * bindings/js/JSEventListener.h:
        (WebCore::JSEventListener::jsFunction):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::setAll):
        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::JSImageConstructor):
        * bindings/js/JSImageDataCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSJavaScriptCallFrameCustom.cpp:
        (WebCore::JSJavaScriptCallFrame::scopeChain):
        (WebCore::JSJavaScriptCallFrame::scopeType):
        * bindings/js/JSNodeFilterCondition.cpp:
        (WebCore::JSNodeFilterCondition::markAggregate):
        (WebCore::JSNodeFilterCondition::acceptNode):
        * bindings/js/JSNodeFilterCondition.h:
        * bindings/js/JSNodeFilterCustom.cpp:
        * bindings/js/JSOptionConstructor.cpp:
        (WebCore::JSOptionConstructor::JSOptionConstructor):
        * bindings/js/JSSQLResultSetRowListCustom.cpp:
        (WebCore::JSSQLResultSetRowList::item):
        * bindings/js/ScriptCachedFrameData.cpp:
        (WebCore::ScriptCachedFrameData::restore):
        * bindings/js/ScriptObject.cpp:
        (WebCore::ScriptGlobalObject::set):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::putProperty):
        * bindings/scripts/CodeGeneratorJS.pm:
        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
        (JSC::Bindings::QtRuntimeMetaMethod::markChildren):
        (JSC::Bindings::QtRuntimeMetaMethod::connectGetter):
        (JSC::Bindings::QtRuntimeMetaMethod::disconnectGetter):
        * bridge/qt/qt_runtime.h:
        * bridge/runtime_root.cpp:
        (JSC::Bindings::RootObject::invalidate):
        * bridge/runtime_root.h:
        * dom/Document.h:

2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        XSSFilter should log to the console when it blocks something
        https://bugs.webkit.org/show_bug.cgi?id=53354

        This patch refactors a bunch of methods in XSSFilter to return a bool
        indicating whether they blocked anything.  Using this bool, we decide
        whether to log to the console.  We're using the same log message as the
        XSSAuditor, but it seems likely we can improve this message in the
        future (especially by piping in the correct line number, which is now
        accessible via the parser).

        * html/parser/XSSFilter.cpp:
        (WebCore::HTMLNames::isNameOfInlineEventHandler):
        (WebCore::XSSFilter::filterToken):
        (WebCore::XSSFilter::filterTokenInitial):
        (WebCore::XSSFilter::filterTokenAfterScriptStartTag):
        (WebCore::XSSFilter::filterScriptToken):
        (WebCore::XSSFilter::filterObjectToken):
        (WebCore::XSSFilter::filterEmbedToken):
        (WebCore::XSSFilter::filterAppletToken):
        (WebCore::XSSFilter::filterMetaToken):
        (WebCore::XSSFilter::filterBaseToken):
        (WebCore::XSSFilter::eraseInlineEventHandlersIfInjected):
        * html/parser/XSSFilter.h:

2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Wire up settings->xssAuditorEnabled to XSSFilter
        https://bugs.webkit.org/show_bug.cgi?id=53345

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::XSSFilter):
        (WebCore::XSSFilter::filterToken):
        * html/parser/XSSFilter.h:

2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Teach XSSFilter about <meta> and <base> tags
        https://bugs.webkit.org/show_bug.cgi?id=53339

        I'm not 100% sure we need to block <meta http-equiv>, but it seems
        prudent given how powerful that attribute is.  We definitely need to
        block injection of <base href> because that can redirect script tags
        that use relative URLs.

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterToken):
        (WebCore::XSSFilter::filterMetaToken):
        (WebCore::XSSFilter::filterBaseToken):
        * html/parser/XSSFilter.h:

2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Teach XSSFilter about <applet>
        https://bugs.webkit.org/show_bug.cgi?id=53338

        HTML5 is pretty light on information about how the <applet> tag works.
        According to this site:

        http://download.oracle.com/javase/1.4.2/docs/guide/misc/applet.html

        The "code" and "object" attributes are the essential attributes for
        determining which piece of Java to run.  We might need to expand to the
        codebase and archive attributes at some point, but hopefully code and
        object will be sufficient.

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterToken):
        (WebCore::XSSFilter::filterAppletToken):
        * html/parser/XSSFilter.h:

2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Teach the XSSFilter about object and embed tags
        https://bugs.webkit.org/show_bug.cgi?id=53336

        For <object> and <embed>, we filter out attribute values that either
        indicate which piece of media to load or which plugin to load.  In a
        perfect world, we'd only need to filter out the URLs of the media, but
        some plug-ins (like Flash) have lots of fun places you can hide the
        URL (e.g., the "movie" <param>).

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterToken):
        (WebCore::XSSFilter::filterScriptToken):
        (WebCore::XSSFilter::filterObjectToken):
        (WebCore::XSSFilter::filterEmbedToken):
        (WebCore::XSSFilter::eraseAttributeIfInjected):
        * html/parser/XSSFilter.h:

2011-01-28  Oliver Hunt  <oliver@apple.com>

        Fix Qt build.

        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
        (JSC::Bindings::QtRuntimeMetaMethod::markChildren):
        (JSC::Bindings::QtRuntimeMetaMethod::connectGetter):
        (JSC::Bindings::QtRuntimeMetaMethod::disconnectGetter):
        * bridge/qt/qt_runtime.h:

2011-01-28  Antti Koivisto  <antti@apple.com>

        Reviewed by Simon Fraser.

        CSS styles are shared based on uninitialized property values
        https://bugs.webkit.org/show_bug.cgi?id=53285
        
        Null test.

        * dom/NamedNodeMap.cpp:
        (WebCore::NamedNodeMap::mappedMapsEquivalent):

2011-01-27  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Convert markstack to a slot visitor API
        https://bugs.webkit.org/show_bug.cgi?id=53219

        Update WebCore to the new marking apis, correct bindings
        codegen. 

        * ForwardingHeaders/runtime/WriteBarrier.h: Added.
        * WebCore.exp.in:
        * bindings/js/DOMWrapperWorld.h:
        (WebCore::DOMWrapperWorld::globalData):
        * bindings/js/JSAudioConstructor.cpp:
        (WebCore::JSAudioConstructor::JSAudioConstructor):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::markDOMNodesForDocument):
        (WebCore::markDOMObjectWrapper):
        (WebCore::markDOMNodeWrapper):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::markChildren):
        (WebCore::JSDOMGlobalObject::setInjectedScript):
        (WebCore::JSDOMGlobalObject::injectedScript):
        * bindings/js/JSDOMGlobalObject.h:
        (WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData::JSDOMGlobalObjectData):
        (WebCore::getDOMConstructor):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setLocation):
        (WebCore::DialogHandler::dialogCreated):
        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::JSDOMWindowShell):
        (WebCore::JSDOMWindowShell::setWindow):
        (WebCore::JSDOMWindowShell::markChildren):
        (WebCore::JSDOMWindowShell::unwrappedObject):
        * bindings/js/JSDOMWindowShell.h:
        (WebCore::JSDOMWindowShell::window):
        (WebCore::JSDOMWindowShell::setWindow):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::JSEventListener):
        (WebCore::JSEventListener::markJSFunction):
        * bindings/js/JSEventListener.h:
        (WebCore::JSEventListener::jsFunction):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::setAll):
        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::JSImageConstructor):
        * bindings/js/JSImageDataCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSJavaScriptCallFrameCustom.cpp:
        (WebCore::JSJavaScriptCallFrame::scopeChain):
        (WebCore::JSJavaScriptCallFrame::scopeType):
        * bindings/js/JSNodeFilterCondition.cpp:
        (WebCore::JSNodeFilterCondition::markAggregate):
        (WebCore::JSNodeFilterCondition::acceptNode):
        * bindings/js/JSNodeFilterCondition.h:
        * bindings/js/JSNodeFilterCustom.cpp:
        * bindings/js/JSOptionConstructor.cpp:
        (WebCore::JSOptionConstructor::JSOptionConstructor):
        * bindings/js/JSSQLResultSetRowListCustom.cpp:
        (WebCore::JSSQLResultSetRowList::item):
        * bindings/js/ScriptCachedFrameData.cpp:
        (WebCore::ScriptCachedFrameData::restore):
        * bindings/js/ScriptObject.cpp:
        (WebCore::ScriptGlobalObject::set):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::putProperty):
        * bindings/scripts/CodeGeneratorJS.pm:
        * dom/Document.h:

2011-01-28  Sam Weinig  <sam@webkit.org>

        Reviewed by Anders Carlsson.

        Keyboard scrolling doesn’t work in WebKit2
        <rdar://problem/8909672>

        * platform/mac/ScrollAnimatorMac.mm:
        (-[ScrollAnimationHelperDelegate convertSizeToBacking:]):
        (-[ScrollAnimationHelperDelegate convertSizeFromBacking:]):
        Add additional necessary delegate methods.

2011-01-29  Darin Adler  <darin@apple.com>

        Reviewed by Dan Bernstein.

        Re-land this patch with the missing null check that caused crashes in layout tests.

        Changing cursor style has no effect until the mouse moves
        https://bugs.webkit.org/show_bug.cgi?id=14344
        rdar://problem/7563712

        No tests added because we don't have infrastructure for testing actual cursor
        changes (as opposed to cursor style computation) at this time. We might add it later.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::dispatchFakeMouseMoveEventSoon): Added.
        * page/EventHandler.h: Ditto.

        * rendering/RenderObject.cpp:
        (WebCore::areNonIdenticalCursorListsEqual): Added.
        (WebCore::areCursorsEqual): Added.
        (WebCore::RenderObject::styleDidChange): Call dispatchFakeMouseMoveEventSoon if
        cursor styles changed.

2011-01-28  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Eric Seidel.

        We should hold RefPtrs to SVG font faces
        https://bugs.webkit.org/show_bug.cgi?id=53270

        Test: svg/custom/use-multiple-on-nested-disallowed-font.html

        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::getFontData):
        * css/CSSFontFaceSource.h:
        * svg/SVGFontFaceElement.cpp:
        (WebCore::SVGFontFaceElement::associatedFontElement):
        * svg/SVGFontFaceElement.h:

2011-01-28  Zhenyao Mo  <zmo@google.com>

        Reviewed by Kenneth Russell.

        uniformN*v should generate INVALID_VALUE of the array size is not a multiple of N
        https://bugs.webkit.org/show_bug.cgi?id=53306

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::validateUniformMatrixParameters):

2011-01-28  Tom Sepez  <tsepez@chromium.org>

        Reviewed by Eric Seidel.

        NULL pointer crash in TextIterator::handleTextBox()
        https://bugs.webkit.org/show_bug.cgi?id=53267

        Test: fast/css/rtl-nth-child-first-letter-crash.html

        * editing/TextIterator.cpp:
        (WebCore::TextIterator::handleTextBox):

2011-01-28  Adrienne Walker  <enne@google.com>

        Reviewed by Kenneth Russell.

        [chromium] Remove a spurious diagnostic CRASH check.
        https://bugs.webkit.org/show_bug.cgi?id=52379

        * platform/graphics/chromium/LayerTilerChromium.cpp:
        (WebCore::LayerTilerChromium::invalidateRect):

2011-01-28  Dan Bernstein  <mitz@apple.com>

        Reviewed by Sam Weinig.

        <rdar://problem/4761512> <select> can't display right-to-left (rtl) languages
        https://bugs.webkit.org/show_bug.cgi?id=19785

        Changed <select> pop-up menus on Mac OS X Snow Leopard and later to have their items aligned in the
        direction corresponding to the writing direction of the <select> element, with the checkmarks
        on the "start" side, and use the <option>'s writing direction rather than "natural". Made the
        pop-up button match the menu by adding a Chrome boolean function, selectItemAlignmentFollowsMenuWritingDirection(),
        which returns true for this pop-up behavior.

        * loader/EmptyClients.h:
        (WebCore::EmptyChromeClient::selectItemAlignmentFollowsMenuWritingDirection): Added.
        * manual-tests/pop-up-alignment-and-direction.html: Added.
        * page/Chrome.cpp:
        (WebCore::Chrome::selectItemAlignmentFollowsMenuWritingDirection): Added. Calls through to the
        client.
        * page/Chrome.h:
        * page/ChromeClient.h:
        * platform/PopupMenuStyle.h:
        (WebCore::PopupMenuStyle::PopupMenuStyle): Added hasTextDirectionOverride parameter and member
        variable initialization.
        (WebCore::PopupMenuStyle::hasTextDirectionOverride): Added this accessor.
        * platform/mac/PopupMenuMac.mm:
        (WebCore::PopupMenuMac::populate): Set the pop-up's layout direction and items' text alignment
        to match the menu's writing direction. Set items' writing direction and direction override
        according to their styles.
        * rendering/RenderMenuList.cpp:
        (WebCore::RenderMenuList::RenderMenuList): Removed unncesaary initialization of a smart pointer.
        (WebCore::RenderMenuList::adjustInnerStyle): If the alignment of items in the menu follows the
        menu's writing direction, use that alignment for the button as well. Also in this mode, use the
        item's writing direction and override setting.
        (WebCore::RenderMenuList::setTextFromOption): Store the option element's style.
        (WebCore::RenderMenuList::itemStyle): Pass the text direction override value.
        (WebCore::RenderMenuList::menuStyle): Ditto. Also use the button's direction, not the inner text's.
        * rendering/RenderMenuList.h:
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::menuStyle): Pass the text direction override value.

2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Teach XSSFilter how to filter <script> elements
        https://bugs.webkit.org/show_bug.cgi?id=53279

        This patch adds the ability for the XSSFilter to block injected
        <script> elements.  Handling script elements is slightly subtle because
        these elements act very differently depending on whether they have a
        src attribute.
        
        In the "src case", which check whether the src attribute was present in
        the request.  In the "non-src case", we check whether the start tag and
        the body of the script element was included in the request.  Checking
        for the whole start tag means we miss out on some attribute splitting
        attacks inside of script tags, but that doesn't seem like that big a
        deal.

        This patch also introduces some amount of state into the XSSFilter
        because inline script elements span multiple tokens.  There's a lot of
        tuning and optimization left in these cases, some of which I've noted
        with FIXMEs.

        To test this patch, I played around with some of the existing
        XSSAuditor tests.  Hopefully I'll be able to run the test suite more
        systematically in the future.

        * html/parser/HTMLToken.h:
        (WebCore::HTMLToken::eraseCharacters):
        (WebCore::HTMLToken::eraseValueOfAttribute):
        * html/parser/XSSFilter.cpp:
        (WebCore::HTMLNames::hasName):
        (WebCore::HTMLNames::findAttributeWithName):
        (WebCore::HTMLNames::isNameOfScriptCarryingAttribute):
        (WebCore::XSSFilter::XSSFilter):
        (WebCore::XSSFilter::filterToken):
        (WebCore::XSSFilter::filterTokenAfterScriptStartTag):
        (WebCore::XSSFilter::filterScriptToken):
        (WebCore::XSSFilter::snippetForRange):
        (WebCore::XSSFilter::snippetForAttribute):
        * html/parser/XSSFilter.h:

2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Sketch out new XSS filter design (disabled by default)
        https://bugs.webkit.org/show_bug.cgi?id=53205

        This patch adds a basic sketch of the new XSS filter design.  Rather
        than watching scripts as they execute, in this design, we watch tokens
        emitted by the tokenizer.  We then map the tokens directly back into
        input characters, which lets us skip all the complicated logic related
        to HTML entities and double-decoding of JavaScript URLs.

        This patch contains only the bare essentially machinery.  I'll add more
        in future patches and eventually remove the previous code once this
        code is up and running correctly.

        * Android.mk:
        * CMakeLists.txt:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * html/parser/HTMLDocumentParser.cpp:
        (WebCore::HTMLDocumentParser::HTMLDocumentParser):
        (WebCore::HTMLDocumentParser::pumpTokenizer):
        (WebCore::HTMLDocumentParser::sourceForToken):
        * html/parser/HTMLDocumentParser.h:
        * html/parser/XSSFilter.cpp: Added.
        * html/parser/XSSFilter.h: Added.

2011-01-28  Michael Saboff  <msaboff@apple.com>

        Reviewed by Geoffrey Garen.

        Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
        https://bugs.webkit.org/show_bug.cgi?id=53271

        Reapplying this patch with the change that the second ASSERT in 
        RootObject::removeRuntimeObject was changed to use
        .uncheckedGet() instead of the failing .get().  The object in question
        could be in the process of being GC'ed.  The get() call will not return
        such an object while the uncheckedGet() call will return the (unsafe) 
        object.  This is the behavior we want.

        Precautionary change.
        Changed RootObject to use WeakGCMap instead of HashSet.
        Found will looking for another issue, but can't produce a test case
        that is problematic.  THerefore there aren't any new tests.

        * bridge/runtime_root.cpp:
        (JSC::Bindings::RootObject::invalidate):
        (JSC::Bindings::RootObject::addRuntimeObject):
        (JSC::Bindings::RootObject::removeRuntimeObject):
        * bridge/runtime_root.h:

2011-01-28  Adam Roben  <aroben@apple.com>

        Notify CACFLayerTreeHost when the context is flushed

        LegacyCACFLayerTreeHost was keeping this a secret, which meant that WebCore's animation
        timers were never starting.

        Fixes <http://webkit.org/b/53302> [Windows 7 Release Tests] changesets 76853, 76856, and
        76858 broke ~36 animations, compositing, and transitions tests

        Reviewed by Sam Weinig.

        * platform/graphics/ca/win/LegacyCACFLayerTreeHost.cpp:
        (WebCore::LegacyCACFLayerTreeHost::contextDidChange): Call up to the base class after we
        start our render timer.

2011-01-28  Antti Koivisto  <antti@apple.com>

        Reviewed by Dan Bernstein.

        Remove dead code that tried to map from CSS values to parser values
        https://bugs.webkit.org/show_bug.cgi?id=53318

        * css/CSSFunctionValue.cpp:
        * css/CSSFunctionValue.h:
        * css/CSSPrimitiveValue.cpp:
        * css/CSSPrimitiveValue.h:
        * css/CSSValue.h:
        * css/CSSValueList.cpp:
        * css/CSSValueList.h:

2011-01-28  Enrica Casucci  <enrica@apple.com>

        Reviewed by Adam Roben.

        Some drag and drop tests fail since r76824
        https://bugs.webkit.org/show_bug.cgi?id=53304

        There were '||' instead of '&&' in the checks for valid
        clipboard content.
        
        * platform/win/ClipboardWin.cpp:
        (WebCore::ClipboardWin::getData):
        (WebCore::ClipboardWin::types):
        (WebCore::ClipboardWin::files):

2011-01-28  Martin Robinson  <mrobinson@igalia.com>

        [GTK] AudioProcessingEvent.h and JSJavaScriptAudioNode.h: No such file or directory
        https://bugs.webkit.org/show_bug.cgi?id=52889

        Build fix for WebAudio. Include WebAudio source files on the source
        list when WebAudio is enabled.

        * GNUmakefile.am: Include missing source files.

2011-01-28  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Add basic rubber banding support
        <rdar://problem/8219429>
        https://bugs.webkit.org/show_bug.cgi?id=53277

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleGestureEvent):
        Pass gesture events to the FrameView.

        * platform/ScrollAnimator.cpp:
        (WebCore::ScrollAnimator::handleGestureEvent):
        * platform/ScrollAnimator.h:
        Add stubbed out implementation.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::ScrollView):
        (WebCore::ScrollView::overhangAmount):
        (WebCore::ScrollView::wheelEvent):
        * platform/ScrollView.h:
        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::ScrollableArea):
        (WebCore::ScrollableArea::handleGestureEvent):
        * platform/ScrollableArea.h:
        (WebCore::ScrollableArea::constrainsScrollingToContentEdge):
        (WebCore::ScrollableArea::setConstrainsScrollingToContentEdge):
        Move constrains scrolling bit to ScrollableArea from ScrollView.

        (WebCore::ScrollableArea::contentsSize):
        (WebCore::ScrollableArea::overhangAmount):
        Add additional virtual functions for information needed by the animator.

        * platform/mac/ScrollAnimatorMac.h:
        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
        (WebCore::ScrollAnimatorMac::immediateScrollByDeltaX):
        (WebCore::ScrollAnimatorMac::immediateScrollByDeltaY):
        (WebCore::elasticDeltaForTimeDelta):
        (WebCore::elasticDeltaForReboundDelta):
        (WebCore::reboundDeltaForElasticDelta):
        (WebCore::scrollWheelMultiplier):
        (WebCore::ScrollAnimatorMac::handleWheelEvent):
        (WebCore::ScrollAnimatorMac::handleGestureEvent):
        (WebCore::ScrollAnimatorMac::pinnedInDirection):
        (WebCore::ScrollAnimatorMac::allowsVerticalStretching):
        (WebCore::ScrollAnimatorMac::allowsHorizontalStretching):
        (WebCore::ScrollAnimatorMac::smoothScrollWithEvent):
        (WebCore::ScrollAnimatorMac::beginScrollGesture):
        (WebCore::ScrollAnimatorMac::endScrollGesture):
        (WebCore::ScrollAnimatorMac::snapRubberBand):
        (WebCore::roundTowardZero):
        (WebCore::roundToDevicePixelTowardZero):
        (WebCore::ScrollAnimatorMac::snapRubberBandTimerFired):
        Implement basic rubber banding.

2011-01-28  Dan Bernstein  <mitz@apple.com>

        Reviewed by Anders Carlsson.

        Changing unicode-bidi doesn’t force layout
        https://bugs.webkit.org/show_bug.cgi?id=53311

        Test: fast/dynamic/unicode-bidi.html

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::diff): Return a layout difference if unicode-bidi values differ.

2011-01-27  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by Kent Tamura.

        Change HTMLInputElement-derived parts of media element shadow DOM to use shadowPseudoId.
        https://bugs.webkit.org/show_bug.cgi?id=53122

        This is the first step in converting HTMLMediaElement to the new shadow DOM.

        Should not regress any existing tests. No observable change in behavior.

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::pseudoId): Removed now-unnecessary hard-coded pseudo-element selectors.
        (WebCore::nameToPseudoTypeMap): Ditto.
        (WebCore::CSSSelector::extractPseudoType): Ditto.
        * css/CSSSelector.h: Ditto.
        * css/mediaControls.css: Added proper initial values, now that elements use the proper selector pipeline.
        * rendering/MediaControlElements.cpp:
        (WebCore::MediaControlInputElement::MediaControlInputElement): Removed the switch statement,
            which is now replaced with virtual shadowPseudoId on each corresponding class.
        (WebCore::MediaControlInputElement::styleForElement): Changed to use element pipeline.
        (WebCore::MediaControlMuteButtonElement::MediaControlMuteButtonElement): Changed to set
            display type in constructor.
        (WebCore::MediaControlMuteButtonElement::create): Changed to not take PseudoId as
            constructor argument.
        (WebCore::MediaControlMuteButtonElement::shadowPseudoId): Added.
        (WebCore::MediaControlVolumeSliderMuteButtonElement::MediaControlVolumeSliderMuteButtonElement): Added
            to disambiguate from the MediaControlMuteButtonElement.
        (WebCore::MediaControlVolumeSliderMuteButtonElement::create): Added.
        (WebCore::MediaControlVolumeSliderMuteButtonElement::shadowPseudoId): Added.
        (WebCore::MediaControlPlayButtonElement::MediaControlPlayButtonElement): Changed to not take PseudoId as
            constructor argument.
        (WebCore::MediaControlPlayButtonElement::shadowPseudoId): Added.
        (WebCore::MediaControlSeekButtonElement::MediaControlSeekButtonElement): Changed to not take PseudoId as
            constructor argument.
        (WebCore::MediaControlSeekForwardButtonElement::MediaControlSeekForwardButtonElement): Added.
        (WebCore::MediaControlSeekForwardButtonElement::create): Added.
        (WebCore::MediaControlSeekForwardButtonElement::shadowPseudoId): Added.
        (WebCore::MediaControlSeekBackButtonElement::MediaControlSeekBackButtonElement): Added.
        (WebCore::MediaControlSeekBackButtonElement::create): Added.
        (WebCore::MediaControlSeekBackButtonElement::shadowPseudoId): Added.
        (WebCore::MediaControlRewindButtonElement::MediaControlRewindButtonElement): Added.
        (WebCore::MediaControlRewindButtonElement::shadowPseudoId): Added.
        (WebCore::MediaControlReturnToRealtimeButtonElement::MediaControlReturnToRealtimeButtonElement): Changed to not take PseudoId as
            constructor argument.
        (WebCore::MediaControlReturnToRealtimeButtonElement::shadowPseudoId): Added.
        (WebCore::MediaControlToggleClosedCaptionsButtonElement::MediaControlToggleClosedCaptionsButtonElement): Changed to not take PseudoId as
            constructor argument.
        (WebCore::MediaControlToggleClosedCaptionsButtonElement::shadowPseudoId): Added.
        (WebCore::MediaControlTimelineElement::MediaControlTimelineElement): Changed to not take PseudoId as
            constructor argument.
        (WebCore::MediaControlTimelineElement::shadowPseudoId): Added.
        (WebCore::MediaControlVolumeSliderElement::MediaControlVolumeSliderElement): Changed to not take PseudoId as
            constructor argument.
        (WebCore::MediaControlVolumeSliderElement::shadowPseudoId): Added.
        (WebCore::MediaControlFullscreenButtonElement::MediaControlFullscreenButtonElement): Changed to not take PseudoId as
            constructor argument.
        (WebCore::MediaControlFullscreenButtonElement::shadowPseudoId): Added.
        * rendering/MediaControlElements.h:
        (WebCore::MediaControlSeekForwardButtonElement::isForwardButton): Added.
        (WebCore::MediaControlSeekBackButtonElement::isForwardButton): Added.
        * rendering/RenderMedia.cpp:
        (WebCore::RenderMedia::createMuteButton): Changed to use new constructor.
        (WebCore::RenderMedia::createSeekBackButton): Ditto.
        (WebCore::RenderMedia::createSeekForwardButton): Ditto.
        (WebCore::RenderMedia::createVolumeSliderMuteButton): Ditto.
        * rendering/style/RenderStyleConstants.h: Removed constants that are no longer used.

2011-01-27  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by Eric Carlson.

        Split MediaControls out of RenderMedia.
        https://bugs.webkit.org/show_bug.cgi?id=53252

        Near-mechanical moving of stuff, no change in behavior, thus no new tests.

        * Android.mk: Added MediaControls to build system.
        * CMakeLists.txt: Ditto.
        * GNUmakefile.am: Ditto.
        * WebCore.gypi: Ditto.
        * WebCore.pro: Ditto.
        * WebCore.vcproj/WebCore.vcproj: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::defaultEventHandler): Changed to forward events to MediaControls.
        * html/shadow/MediaControls.cpp: Copied all controls-related methods from
            Source/WebCore/rendering/RenderMedia.cpp, pulled them into their own class called MediaControls. 
        * html/shadow/MediaControls.h: Ditto from Source/WebCore/rendering/RenderMedia.h.
        * rendering/MediaControlElements.cpp:
        (WebCore::MediaControlTimelineElement::defaultEventHandler): Changed to use MediaControls.
        * rendering/RenderMedia.cpp:
        (WebCore::RenderMedia::RenderMedia): Moved relevant constructor initializers out to MediaControls.
        (WebCore::RenderMedia::destroy): Changed to use MediaControls.
        (WebCore::RenderMedia::styleDidChange): Ditto.
        (WebCore::RenderMedia::layout): Ditto.
        (WebCore::RenderMedia::updateFromElement): Ditto.
        * rendering/RenderMedia.h: Updated defs accordingly and removed player() accessor, which
            is only used by sub-class RenderVideo.
        (WebCore::RenderMedia::controls): Added.
        * rendering/RenderVideo.cpp:
        (WebCore::RenderVideo::~RenderVideo): Changed to access MediaPlayer* directly from mediaElement().
        (WebCore::RenderVideo::calculateIntrinsicSize): Ditto.
        (WebCore::RenderVideo::paintReplaced): Ditto.
        (WebCore::RenderVideo::updatePlayer): Ditto.
        (WebCore::RenderVideo::supportsAcceleratedRendering): Ditto.
        (WebCore::RenderVideo::acceleratedRenderingStateChanged): Ditto.

2011-01-28  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: allow remote debugging with front-end
        served from the cloud.
        https://bugs.webkit.org/show_bug.cgi?id=53303

        * inspector/front-end/inspector.js:

2011-01-28  Aparna Nandyal  <aparna.nand@wipro.com>

        Reviewed by Andreas Kling.

        Setting value of m_PressedPos to make scrolling smooth

        Page scroll popup menu "Scroll here" option not working when cliking above scroll slider/handler.
        https://bugs.webkit.org/show_bug.cgi?id=51349

        The value of m_PressedPos was getting set before moveThumb() call
        in all other scenarios except when "Scroll Here" option is used.
        Hence scrolling with this option was not as expected even in cases
        where scrolling was happening. The thumb would move in unexpected
        direction. m_PressedPos is now set to pressed position so delta is
        calculated.
        Unable to write a test case as the test needs to click on "Scroll
        Here" option of context sensitive menu and QTest is unable to do it.
        Besides no new functionality introduced.

        * platform/qt/ScrollbarQt.cpp:
        (WebCore::Scrollbar::contextMenu):

2011-01-28  Andrey Kosyakov  <caseq@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: [Extensions API] add JSON schema for extensions API
        https://bugs.webkit.org/show_bug.cgi?id=53236

        * inspector/front-end/ExtensionAPISchema.json: Added.

2011-01-27  Zhenyao Mo  <zmo@google.com>

        Reviewed by Kenneth Russell.

        Remove _LENGTH enumerants
        https://bugs.webkit.org/show_bug.cgi?id=53259

        * html/canvas/WebGLRenderingContext.cpp: Remove queries for *LENGTH.
        (WebCore::WebGLRenderingContext::getProgramParameter):
        (WebCore::WebGLRenderingContext::getShaderParameter):
        * html/canvas/WebGLRenderingContext.idl: Remove *LENGTH.

2011-01-28  Alexander Pavlov  <apavlov@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: syntax highlight inline JS and CSS in HTML resources
        https://bugs.webkit.org/show_bug.cgi?id=30831

        * inspector/front-end/SourceHTMLTokenizer.js:
        (WebInspector.SourceHTMLTokenizer):
        (WebInspector.SourceHTMLTokenizer.prototype.set line):
        (WebInspector.SourceHTMLTokenizer.prototype.nextToken):
        * inspector/front-end/SourceHTMLTokenizer.re2js:

2011-01-28  Alexander Pavlov  <apavlov@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: [STYLES] Up/Down-suggestion breaks an existing keyword
        https://bugs.webkit.org/show_bug.cgi?id=53295

        Select the current word suffix before switching to the next suggestion.

        * inspector/front-end/StylesSidebarPane.js:
        ():

2011-01-28  Alejandro G. Castro  <alex@igalia.com>

        Reviewed by Xan Lopez.

        [GTK] Fix dist compilation for the release
        https://bugs.webkit.org/show_bug.cgi?id=53290

        * GNUmakefile.am: Added inspector files to the extra dist.

2011-01-28  Ilya Sherman  <isherman@chromium.org>

        Reviewed by Andreas Kling.

        Const-correct HTMLSelectElement and WebSelectElement
        https://bugs.webkit.org/show_bug.cgi?id=53293

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::value): const.
        * html/HTMLSelectElement.h:

2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r76893.
        http://trac.webkit.org/changeset/76893
        https://bugs.webkit.org/show_bug.cgi?id=53287

        It made some tests crash on GTK and Qt debug bots (Requested
        by Ossy on #webkit).

        * bridge/runtime_root.cpp:
        (JSC::Bindings::RootObject::invalidate):
        (JSC::Bindings::RootObject::addRuntimeObject):
        (JSC::Bindings::RootObject::removeRuntimeObject):
        * bridge/runtime_root.h:

2011-01-27  Greg Coletta  <greg.coletta@nokia.com>

        Reviewed by Laszlo Gombos.

        Get rid of prefix header dependency for WebKit2 build system
        https://bugs.webkit.org/show_bug.cgi?id=50174

        Guard EmptyProtocalDefinitions.h to make sure it's not included twice.

        * platform/mac/EmptyProtocolDefinitions.h:

2011-01-27  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dan Bernstein.

        Recalc table sections if needed before calculating the first line
        box baseline.
        https://bugs.webkit.org/show_bug.cgi?id=53265

        When we try to calculate the baseline position of a table cell,
        we recurse through all the child sibling boxes (when children are
        non inline) and add their first linebox baseline values. If one of
        the children is a table with pending section recalc, we will access
        wrong table section values. We recalc table sections if it is needed.

        Test: fast/table/recalc-section-first-body-crash-main.html

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::firstLineBoxBaseline):

2011-01-27  Adrienne Walker  <enne@google.com>

        Reviewed by Kenneth Russell.

        [chromium] Add CRASH calls to further debug tiled compositor memcpy crash.
        https://bugs.webkit.org/show_bug.cgi?id=52379

        Test: LayoutTests/compositing (to verify these weren't triggered)

        * platform/graphics/chromium/LayerTilerChromium.cpp:
        (WebCore::LayerTilerChromium::invalidateRect):
        (WebCore::LayerTilerChromium::update):

2011-01-27  Alexander Pavlov  <apavlov@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: [STYLES] Cancelled suggestion of a property name results in a visual artifact
        https://bugs.webkit.org/show_bug.cgi?id=53242

        * inspector/front-end/StylesSidebarPane.js:
        (WebInspector.StylePropertyTreeElement.prototype):

2011-01-27  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r76891.
        http://trac.webkit.org/changeset/76891
        https://bugs.webkit.org/show_bug.cgi?id=53280

        Makes every layout test crash (Requested by othermaciej on