2011-06-14 Lucas Forschler Merged 89714. 2011-06-24 Alexey Proskuryakov Rubber-stamped by Maciej Stachowiak. REGRESSION (r88984): Infinite recursion in DocumentLoader::detachFromFrame/stopLoading No new tests, as there is no known way to reproduce this (but we'll keep investigating, as the rollout will re-introduce the older less frequent crash). * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::detachFromFrame): Rollout the fix for bug 62764. 2011-06-14 Lucas Forschler Rolled out 89080. 2011-06-14 Lucas Forschler Merged 88984. 2011-06-15 Sam Weinig Reviewed by Alexey Proskuryakov. Frequent crashes due to null frame below ApplicationCacheHost::scheduleLoadFallbackResourceFromApplicationCache https://bugs.webkit.org/show_bug.cgi?id=62764 This is an non-reproducible high volume crash, so no test :(. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::detachFromFrame): Be conservative and stop loading when we detach a document loader from a frame. 2011-06-14 Lucas Forschler Merged 88982. 2011-06-15 Beth Dakin Reviewed by Simon Fraser. https://bugs.webkit.org/show_bug.cgi?id=62746 Crash possible when switching scrollbar appearance preference on Mac -and corresponding- This crash happens because the current mechanism that is intended to flag ScrollAnimators as being in the page cache or not does not work correctly. Long-term the fix for this is to move the ScrollableArea HashSet to a more appropriate place. In the meantime, this patch addresses the crash by getting rid of the m_isActive bool on ScrollAnimator that was intended to represent whether or not the ScrollableArea is in the page cache. Instead, ScrollableArea implementations now have their own functions to compute whether they are in active pages. ScrollAnimator::setIsActive() needs to be kept around even though there is no bool to flip anymore because scrollbars may need to be properly updated if the appearance was switched while the document was in the page cache. No longer call FrameView::setAnimatorsAreActive() from Document::setIsInPageCache(), instead call it in Document::documentDidBecomeActive() * dom/Document.cpp: (WebCore::Document::setInPageCache): (WebCore::Document::documentDidBecomeActive): ScrollableAreas can now assess whether or not they are on active pages (ie, not in the page cache). * platform/ScrollableArea.h: (WebCore::ScrollableArea::isOnActivePage): * rendering/RenderLayer.cpp: (WebCore::RenderLayer::isOnActivePage): * rendering/RenderLayer.h: * rendering/RenderListBox.cpp: (WebCore::RenderListBox::isOnActivePage): * rendering/RenderListBox.h: A FrameView cannot access its Document when it's in the page cache, so it usually determines whether it's in the page cache by checking if its frame points to a FrameView other than itself. * page/FrameView.cpp: (WebCore::FrameView::isOnActivePage): Make sure ScrollableAreas are on active pages before setting them as active. This will not be necessary when the HashSet become a per-web page HashSet. (WebCore::FrameView::setAnimatorsAreActive): * page/FrameView.h: ScrollAnimator no longer tracks the m_isActive bool. * platform/ScrollAnimator.cpp: (WebCore::ScrollAnimator::ScrollAnimator): * platform/ScrollAnimator.h: (WebCore::ScrollAnimator::setIsActive): setIsActive() now exclusively calls updateScrollStyle() if there is a pending need to do so. * platform/mac/ScrollAnimatorMac.h: * platform/mac/ScrollAnimatorMac.mm: (WebCore::ScrollAnimatorMac::setIsActive): Return early if the ScrollableArea is in the page cache. (WebCore::ScrollAnimatorMac::updateScrollerStyle): 2011-06-14 Lucas Forschler Merged 88948. 2011-06-15 Jer Noble Reviewed by Timothy Hatcher. Full-screen live streams have status text in wrong location https://bugs.webkit.org/show_bug.cgi?id=62733 Fix a misspelling in the user-agent stylesheet for full-screen mode. * css/fullscreenQuickTime.css: (video:-webkit-full-screen::-webkit-media-controls-status-display): 2011-06-14 Lucas Forschler Merged 88945. 2011-06-14 Jer Noble Reviewed by Eric Carlson. (AVFoundation) Apple event video appears as live stream and is not seekable https://bugs.webkit.org/show_bug.cgi?id=62694 No new tests; There are no media-player port specific tests yet. Work around a bug in apple.com live stream javascript controller library. When an AVAsset returns an indefinite time for its duration, return 0 if the asset has no tracks, and infinity otherwise. This keeps the apple.com controller from identifying the stored stream as a live stream. * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::platformDuration): 2011-06-16 Lucas Forschler Merged 88830. 2011-06-14 Chris Fleizach Reviewed by David Kilzer. VoiceOver cannot navigate the iTunes album view table https://bugs.webkit.org/show_bug.cgi?id=62335 This is a regression from https://bugs.webkit.org/show_bug.cgi?id=57463. Part of that patch made a change so that an ARIA table will only look at it's children and grandchildren for possible rows. That however, doesn't allow arbitrary hierarchies to work with ARIA, like in iTunes album view. Test: platform/mac/accessibility/aria-grid-with-strange-hierarchy.html * accessibility/AccessibilityARIAGrid.cpp: (WebCore::AccessibilityARIAGrid::addChild): (WebCore::AccessibilityARIAGrid::addChildren): * accessibility/AccessibilityARIAGrid.h: 2011-06-14 Lucas Forschler Merged 88833. 2011-06-14 Stephanie Lewis Rubber stamped by Oliver Hunt. Update order files. Build system change, no change in functionality so no new tests. * WebCore.order: 2011-06-14 Lucas Forschler Merged 88591. 2011-06-09 Jer Noble Reviewed by Darin Adler. REGRESSION: End of apple.com video in full-screen mode leads to unusable page. https://bugs.webkit.org/show_bug.cgi?id=62411 Test: fullscreen/full-screen-remove-ancestor-after.html The placeholder for RenderFullScreen was being created as a non-anonymous object, which led to the document's renderer being set to 0 when the placeholder was removed due to its parent being removed. Setting the placeholder to be anonymous, however, means that it will be coalesced with sibling anonymous blocks, so added the RenderFullScreenPlaceholder to the list of anonymous objects that are not considered anonymous blocks, to avoid the placeholder being so coalesced. To do so, made the placeholder object a true subclass, and add and override its destroy() function to notify the RenderFullScreen object that it has been destroyed. * rendering/RenderFullScreen.cpp: (RenderFullScreenPlaceholder::RenderFullScreenPlaceholder): Added. (RenderFullScreenPlaceholder::~RenderFullScreenPlaceholder): Added. (RenderFullScreenPlaceholder::isRenderFullScreenPlaceholder): Added. (RenderFullScreenPlaceholder::destroy): Notify the owner renderer that its placeholder has been destroyed. (RenderFullScreen::destroy): Assert that the m_placeholder ivar is 0 after destroying it. (RenderFullScreen::setPlaceholder): Added. (RenderFullScreen::createPlaceholder): Do not make the placeholder anonymous. * rendering/RenderFullScreen.h: * rendering/RenderObject.h: (WebCore::RenderObject::isRenderFullScreenPlaceholder): Added. (WebCore::RenderObject::isAnonymousBlock): Added the placeholder class to the list of objects which are not anonymous blocks. 2011-06-14 Lucas Forschler Merged 88685. 2011-06-13 Ryosuke Niwa Reviewed by Dan Bernstein. REGRESSION (r81518): Crash in makeRange() when invoking the dictionary panel over a file input https://bugs.webkit.org/show_bug.cgi?id=62544 Fixed the crash by adding null pointer checks. No new tests since there's no way to open dictionary panel. * dom/Position.cpp: (WebCore::Position::parentAnchoredEquivalent): * editing/VisiblePosition.cpp: (WebCore::makeRange): * page/Frame.cpp: (WebCore::Frame::rangeForPoint): 2011-06-14 Lucas Forschler Merged 88654. 2011-06-11 Jer Noble Reviewed by Anders Carlsson. Avoid flashing when exiting full-screen mode. https://bugs.webkit.org/show_bug.cgi?id=62338 No new tests; covered by the existing full-screen tests. Now that we are forcing a repaint inside of setRootFullScreenLayer() instead of during the next run loop, make sure that we have disabled animation before calling setRootFullScreenLayer() so that the RenderFullScreen renderer and its contents are painted. * dom/Document.cpp: (WebCore::Document::webkitDidEnterFullScreenForElement): 2011-06-14 Lucas Forschler Merged 88653. 2011-06-10 Jer Noble Reviewed by Darin Adler. Flash of white on left and right edges of screen when showing fullscreen controller when movie doesn't fill the entire screen https://bugs.webkit.org/show_bug.cgi?id=62491 No new tests; should be covered by existing fullscreen pixel tests. On certain displays, when a RenderFullScreen renderer is created, it is large enough to trigger the creation of a tiled CALayer (instead of a normal CALayer). Painting in these layers necessarily happens asynchronously, so the flash is occurring because of the async painting of the RenderFullScreen renderer's background color. Since we know the RenderFullScreen does not otherwise paint its contents, we can add a special case in the RenderLayerBacking to set the GraphicsLayer contents to be the renderer's background color. Fill in support for creating a contentLayer to contain the background color inside GraphicsLayerCA. * platform/graphics/GraphicsLayer.h: (WebCore::GraphicsLayer::setContentsToBackgroundColor): Renamed from setContentsBackgroundColor to match the other setContentsTo... functions. * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::setContentsToBackgroundColor): Added. Creates a contentsLayer to host the background color. (WebCore::GraphicsLayerCA::updateLayerBackgroundColor): Removed a comment only. * platform/graphics/ca/GraphicsLayerCA.h: * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateGraphicsLayerConfiguration): Special case the RenderFullScreen renderer to call updateBackgroundColor. (WebCore::RenderLayerBacking::updateBackgroundColor): Added. (WebCore::RenderLayerBacking::containsPaintedContent): Tell the backing that the RenderFullScreen renderer does not paint its contents. * rendering/RenderLayerBacking.h: 2011-06-14 Lucas Forschler Merged 88629. 2011-06-12 Jer Noble Reviewed by Darin Adler. REGRESSION (full screen video): Watch Again button is obscured after full screen playback ends at Apple trailers page https://bugs.webkit.org/show_bug.cgi?id=62507 No new tests; DRT would have to be modified to delay between receiving exitFullScreenForElement() and calling webkitWillExitFullScreenForElement() to be able to test this. If the full-screen element is removed, and webkitWillExitFullScreenForElement() is not called before fullScreenElementRemoved() returns, then ancestors of the full-screen element will not have their containsFullScreenElement property removed. To protect against this, reset the property by calling setContainsFullScreenElementRecursively() from within fullScreenElementRemoved(). * dom/Document.cpp: (WebCore::Document::fullScreenElementRemoved): Added call to setContainsFullScreenElementRecursively. 2011-06-14 Lucas Forschler Merged 88564. 2011-06-10 Simon Fraser Reviewed by Dan Bernstein. Null-check the layer owner again when painting layers https://bugs.webkit.org/show_bug.cgi?id=62473 Speculative fix for a crash that occurs when the layer's owner gets destroyed during painting. * platform/graphics/mac/WebLayer.mm: (drawLayerContents): 2011-06-14 Lucas Forschler Merged 88528. 2011-06-09 Jer Noble Reviewed by Darin Adler. REGRESSION: Vertical scroll bar appears when taking videos into full screen at jerryseinfeld.com https://bugs.webkit.org/show_bug.cgi?id=62402 Sites are able to override the "overflow:hidden" rule for root full-screen nodes simply by adding a "html {}" rule. Make this rule !important, and also make it apply to root nodes who are merely ancestors of full-screen elements, to cover the case of a root node containing an