2016-06-17 Babak Shafiei <bshafiei@apple.com> Merge r202174. 2016-06-17 John Wilander <wilander@apple.com> Ignore case in the check for security origin inheritance https://bugs.webkit.org/show_bug.cgi?id=158878 Reviewed by Alex Christensen. Darin Adler commented in https://bugs.webkit.org/show_bug.cgi?id=158855: "Are these comparisons intentionally case sensitive? Shouldn’t they ignore ASCII case? We could use equalIgnoringASCIICase and equalLettersIgnoringASCIICase for those two lines instead of using ==. URL::parse normalizes letters in the scheme and host by using toASCIILower, but does not normalize letters elsewhere in the URL, such as in the "blank" or "srcdoc" in the above URLs." Test: http/tests/dom/window-open-about-uppercase-blank-and-access-document.html * platform/URL.cpp: (WebCore::URL::shouldInheritSecurityOriginFromOwner): 2016-06-17 Babak Shafiei <bshafiei@apple.com> Merge r202151. 2016-06-16 John Wilander <wilander@apple.com> Restrict security origin inheritance to empty, about:blank, and about:srcdoc URLs https://bugs.webkit.org/show_bug.cgi?id=158855 <rdar://problem/26142632> Reviewed by Alex Christensen. Tests: http/tests/dom/window-open-about-blank-and-access-document.html http/tests/dom/window-open-about-webkit-org-and-access-document.html Document.cpp previously checked whether a document should inherit its owner's security origin by checking if the URL is either empty or blank. URL.cpp in turn only checks if the protocol is "about:" in the isBlankURL() function. Thus all about:* URLs inherited security origin. This patch restricts security origin inheritance to empty, about:blank, and about:srcdoc URLs. Quotes and links from the WHATWG spec regarding about:srcdoc: 7.1 Browsing contexts A browsing context can have a creator browsing context, the browsing context that was responsible for its creation. If a browsing context has a parent browsing context, then that is its creator browsing context. Otherwise, if the browsing context has an opener browsing context, then that is its creator browsing context. Otherwise, the browsing context has no creator browsing context. https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc 7.1.1 Nested browsing contexts Certain elements (for example, iframe elements) can instantiate further browsing contexts. These are called nested browsing contexts. If a browsing context P has a Document D with an element E that nests another browsing context C inside it, then C is said to be nested through D, and E is said to be the browsing context container of C. If the browsing context container element E is in the Document D, then P is said to be the parent browsing context of C and C is said to be a child browsing context of P. Otherwise, the nested browsing context C has no parent browsing context. https://html.spec.whatwg.org/multipage/browsers.html#nested-browsing-context 4.8.5 The iframe element The iframe element represents a nested browsing context. ... If the srcdoc attribute is specified Navigate the element's child browsing context to a new response whose url list consists of about:srcdoc ... https://html.spec.whatwg.org/multipage/embedded-content.html#attr-iframe-srcdoc * dom/Document.cpp: (WebCore::Document::initSecurityContext): Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead. (WebCore::Document::initContentSecurityPolicy): Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead. (WebCore::shouldInheritSecurityOriginFromOwner): Deleted. Moved to URL::shouldInheritSecurityOriginFromOwner() and restricted the check. * platform/URL.cpp: (WebCore::URL::shouldInheritSecurityOriginFromOwner): * platform/URL.h: Moved the function from Document and restricted the check to only allow security origin inheritance for empty, about:blank, and about:srcdoc URLs. 2016-05-16 Babak Shafiei <bshafiei@apple.com> Merge r200986. 2016-05-16 Brent Fulgham <bfulgham@apple.com> heap use-after-free at WebCore::TimerBase::heapPopMin() https://bugs.webkit.org/show_bug.cgi?id=157742 <rdar://problem/26236778> Reviewed by David Kilzer. Tested by fast/frames/resources/crash-during-iframe-load-stop.html. * loader/FrameLoader.cpp: (WebCore::FrameLoader::stopForUserCancel): Protect m_frame from destruction while it is still being used by the current stack frame. (WebCore::FrameLoader::frameDetached): Ditto. (WebCore::FrameLoader::continueFragmentScrollAfterNavigationPolicy): Ditto. 2016-05-12 Babak Shafiei <bshafiei@apple.com> Build fix after r195004/r200780. 2016-05-12 Babak Shafiei <bshafiei@apple.com> Merge r195004. 2016-01-13 Brent Fulgham <bfulgham@apple.com> Cross-protocol, cross-site scripting (XPSS) using HTML forms https://bugs.webkit.org/show_bug.cgi?id=153017 <rdar://problem/5873254> Reviewed by David Kilzer. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::responseReceived): If response HTTP version is 0.9, sandbox against script execution and plugins. * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::didReceiveResponse): Ditto. * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::didReceiveResponse): Ditto. * platform/network/ResourceResponseBase.cpp: (WebCore::ResourceResponseBase::adopt): Update for HTTP version. (WebCore::ResourceResponseBase::copyData): Ditto. (WebCore::ResourceResponseBase::httpVersion): Added. (WebCore::ResourceResponseBase::setHTTPVersion): Ditto. * platform/network/ResourceResponseBase.h: (WebCore::ResourceResponseBase::encode): Update for HTTP version. (WebCore::ResourceResponseBase::decode): Ditto. * platform/network/cf/ResourceResponseCFNet.cpp: (WebCore::ResourceResponse::platformLazyInit): Capture HTTP version. * platform/network/cocoa/ResourceResponseCocoa.mm: (WebCore::ResourceResponse::platformLazyInit): Ditto. 2016-05-11 Matthew Hanson <matthew_hanson@apple.com> Merge r198701. rdar://problem/26228577 2016-03-25 Zalan Bujtas <zalan@apple.com> RenderImage::repaintOrMarkForLayout fails when the renderer is detached. https://bugs.webkit.org/show_bug.cgi?id=155885 <rdar://problem/25359164> Reviewed by Simon Fraser. Making containingBlockFor* functions standalone ensures that we don't call them on an invalid object. Covered by existing tests. * dom/Element.cpp: (WebCore::layoutOverflowRectContainsAllDescendants): * rendering/LogicalSelectionOffsetCaches.h: (WebCore::LogicalSelectionOffsetCaches::LogicalSelectionOffsetCaches): * rendering/RenderElement.cpp: (WebCore::containingBlockForFixedPosition): (WebCore::containingBlockForAbsolutePosition): (WebCore::containingBlockForObjectInFlow): (WebCore::RenderElement::containingBlockForFixedPosition): Deleted. (WebCore::RenderElement::containingBlockForAbsolutePosition): Deleted. (WebCore::isNonRenderBlockInline): Deleted. (WebCore::RenderElement::containingBlockForObjectInFlow): Deleted. * rendering/RenderElement.h: * rendering/RenderInline.cpp: (WebCore::RenderInline::styleWillChange): * rendering/RenderObject.cpp: (WebCore::RenderObject::containingBlock): 2016-05-11 Matthew Hanson <matthew_hanson@apple.com> Merge r198143. rdar://problem/26228593 2016-03-14 Chris Vienneau <chris.vno@outlook.com> PingHandle delete's itself but pointer is still used by handleDataURL https://bugs.webkit.org/show_bug.cgi?id=154752 <rdar://problem/24872347> Reviewed by Alex Christensen. When a PingHandle is destroyed, we should tell its client so that the client can clear the pointer it holds to the element to avoid accidentally attempting to use deallocated memory. The ResourceHandle's client member may be null after "didReceiveResponse" is called. We should confirm the client is still valid after these calls. * platform/network/DataURL.cpp: (WebCore::handleDataURL): Check the client pointer before using it. * platform/network/PingHandle.h: (WebCore::PingHandle::~PingHandle): Notify the client we are being destroyed. * platform/platform/network/ResourceHandle.h: 2016-05-11 Matthew Hanson <matthew_hanson@apple.com> Merge r199243. rdar://problem/26228520 2016-04-08 Said Abou-Hallawa <sabouhallawa@apple,com> Timing attack on SVG feComposite filter circumvents same-origin policy https://bugs.webkit.org/show_bug.cgi?id=154338 Reviewed by Oliver Hunt. Ensure the FEComposite arithmetic filter is clamping the resulted color components in a constant time. * platform/graphics/filters/FEComposite.cpp: (WebCore::clampByte): (WebCore::computeArithmeticPixels): 2016-05-11 Matthew Hanson <matthew_hanson@apple.com> Merge r199101. rdar://problem/26228570 2016-04-06 Zalan Bujtas <zalan@apple.com> ASSERTION FAILED: !floatingObject->originatingLine() in WebCore::RenderBlockFlow::linkToEndLineIfNeeded https://bugs.webkit.org/show_bug.cgi?id=153001 Reviewed by Dan Bernstein. 1. Float boxes are always attached to the line where we see them first. 2. Float box can only be attached to one line. 3. RenderBlockFlow can perform partial layout on dirty lines only. In certain cases, the last dirty line can "pull up" float boxes from the first clean line. It simply means that due to some layout changes on previous lines now we see those floats on this last dirty line first. If after placing the float we still find it on the same position, the line below is still considered clean. Remove the float box from its original line if the line above already placed it. Test: fast/block/float/float-moves-between-lines.html * rendering/RenderBlockFlow.h: * rendering/RenderBlockLineLayout.cpp: (WebCore::RenderBlockFlow::reattachCleanLineFloats): (WebCore::RenderBlockFlow::linkToEndLineIfNeeded): (WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange): Deleted. 2016-05-11 Matthew Hanson <matthew_hanson@apple.com> Merge r198780. rdar://problem/26228583 2016-03-29 Eric Carlson <eric.carlson@apple.com> media/track/track-remove-track.html is flaky, crashing and failing https://bugs.webkit.org/show_bug.cgi?id=130971 Reviewed by Alexey Proskuryakov. Prevent HTMLMediaElement from being collected while it is creating media controls. These changes prevent the test from crashing but they do not fix the flakiness, which is caused by another bug. Fixing that is tracked by https://bugs.webkit.org/show_bug.cgi?id=155956. * html/HTMLMediaElement.cpp: (WebCore::actionName): New, debugging-only helper function. (WebCore::HTMLMediaElement::HTMLMediaElement): Initialize new variables. (WebCore::HTMLMediaElement::scheduleDelayedAction): Log the flag names to make debugging easier. (WebCore::HTMLMediaElement::scheduleNextSourceChild): Add logging. (WebCore::HTMLMediaElement::updateActiveTextTrackCues): Update logging. (WebCore::HTMLMediaElement::configureTextTrackGroup): Drive-by optimization: don't call updateCaptionContainer here, call it before exiting configureTextTracks so we only call it once instead of once per track group. (WebCore::controllerJSValue): (WebCore::HTMLMediaElement::ensureMediaControlsShadowRoot): New, wrapper around calling ensureUserAgentShadowRoot so m_creatingControls can be set and cleared appropriately. (WebCore::HTMLMediaElement::updateCaptionContainer): ensureUserAgentShadowRoot -> ensureMediaControlsShadowRoot. Drive by optimization: set/test m_haveSetupCaptionContainer so we only do this setup once. (WebCore::HTMLMediaElement::configureTextTracks): Call updateCaptionContainer. (WebCore::HTMLMediaElement::clearMediaPlayer): Log flag names. (WebCore::HTMLMediaElement::hasPendingActivity): Return true when creating controls so GC won't happen during controls setup. (WebCore::HTMLMediaElement::updateTextTrackDisplay): ensureUserAgentShadowRoot -> ensureMediaControlsShadowRoot. (WebCore::HTMLMediaElement::createMediaControls): Ditto. (WebCore::HTMLMediaElement::configureMediaControls): Ditto. (WebCore::HTMLMediaElement::configureTextTrackDisplay): Ditto. * html/HTMLMediaElement.h: 2016-05-11 Matthew Hanson <matthew_hanson@apple.com> Merge r198050. rdar://problem/26228588 2016-03-11 Jiewen Tan <jiewen_tan@apple.com> WebKit should not be redirected to an invalid URL https://bugs.webkit.org/show_bug.cgi?id=155263 <rdar://problem/22820172> Reviewed by Brent Fulgham. Test: http/tests/navigation/redirect-to-invalid-url.html * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::willSendRequestInternal): 2016-05-11 Matthew Hanson <matthew_hanson@apple.com> Merge r195724. rdar://problem/26228611 2016-01-27 Said Abou-Hallawa <sabouhallawa@apple.com> Garbage is displayed when root svg element has mix-blend-mode set https://bugs.webkit.org/show_bug.cgi?id=150556 Reviewed by Darin Adler. This bug happens when compositing on a CALayer and drawing on a transparent layer, so it happens with WK2 with <svg style="mix-blend-mode...">. And it can happen with WK1 also with <svg style="opacity=...;mix-blend-mode...">. But in both cases, the SVG root renderer should be the root of the render tree. So it happens only with the stand alone SVG documents. SVGRenderContext::prepareToRenderSVGContent() ignores the opacity of the SVG root but it creates a transparent layer for the blend-mode. But RenderLayer::beginTransparencyLayers() creates a transparent layer for opacity and it sets the blend-mode also. The fix is to begin two transparent layers for the SVG root renderer: one for the opacity and the second for the blend-mode. The opacity transparent layer will be still managed by RenderLayer::beginTransparencyLayers(). While the blend-mode transparent layer will be managed by SVGRenderContext ::prepareToRenderSVGContent(). Tests: svg/css/mix-blend-mode-background-root.svg svg/css/mix-blend-mode-opacity-root.svg * rendering/RenderLayer.cpp: (WebCore::RenderLayer::beginTransparencyLayers): 2016-05-11 Matthew Hanson <matthew_hanson@apple.com> Merge r194399. rdar://problem/26228601 2015-12-23 Pranjal Jumde <pjumde@apple.com> Avoids stack recursion when indexed propertyNames defined using Object.defineProperty are deleted. https://bugs.webkit.org/show_bug.cgi?id=149179 <rdar://problem/22708019>. Reviewed by Filip Pizlo. * runtime/JSObject.cpp: (JSStorage::deletePropertyByIndex was invoking Base::deleteProperty for indexed propertyNames instead of Base::deletePropertyByIndex leading to a stack recursion) 2016-05-11 Matthew Hanson <matthew_hanson@apple.com> Merge r190820. rdar://problem/26228566 2015-10-09 Simon Fraser <simon.fraser@apple.com> Garbage texture data with composited table row https://bugs.webkit.org/show_bug.cgi?id=148984 Reviewed by Zalan Bujtas. Don't pretend to know if the layer for a table header, section or cell is opaque, since table painting is special. Test: compositing/contents-opaque/table-parts.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::backgroundIsKnownToBeOpaqueInRect): 2016-05-11 Matthew Hanson <matthew_hanson@apple.com> Merge r200091. rdar://problem/26228555 2016-04-26 Brent Fulgham <bfulgham@apple.com> GuardMalloc crash in WebCore::HTMLFrameElementBase::marginHeight() https://bugs.webkit.org/show_bug.cgi?id=157020 <rdar://problem/25148315> Reviewed by Darin Adler. Calls to setIntegralAttribute triggers event handling code, which can cause the underlying m_frameOwnerElement member to be deleted. We could clone this object, but since we only want the width and height we should just read them while we know the object is in a good state, then execute the potentially mutating methods. Tested by imported/blink/fast/dom/HTMLBodyElement/body-inserting-iframe-crash.html. * html/HTMLBodyElement.cpp: (WebCore::HTMLBodyElement::insertedInto): Read margin width and height before calling setIntegralAttribute. 2016-05-11 Matthew Hanson <matthew_hanson@apple.com> Merge r194290. rdar://problem/26053735 2015-12-18 Brent Fulgham <bfulgham@apple.com> Place an upper bound on canvas pixel count https://bugs.webkit.org/show_bug.cgi?id=151825 <rdar://problem/23324916> Reviewed by Simon Fraser (Relanded by Brent Fulgham) Malformed JavaScript can attempt to create lots of canvas contexts. Limit the amount of memory we will use for this purpose to some percentage of system RAM. * html/HTMLCanvasElement.cpp: (WebCore::removeFromActivePixelMemory): Added helper function (WebCore::HTMLCanvasElement::~HTMLCanvasElement): Call new 'releaseImageBufferAndContext' method to ensure ImageBuffer and graphics context state are properly cleaned up. (WebCore::maxActivePixels): Use one quarter of the system RAM, or 2 GB (whichever is more) as an upper bound on active pixel memory. (WebCore::HTMLCanvasElement::getContext): If we are attempting to create a context that will cause us to exceed the allowed active pixel count, fail. (WebCore::HTMLCanvasElement::releaseImageBufferAndContext): Added helper function (WebCore::HTMLCanvasElement::setSurfaceSize): Use the new 'releaseImageBufferAndContext' method to handle active pixel memory counts. (WebCore::HTMLCanvasElement::createImageBuffer): Refuse to create a backing buffer if it will exceed our available pixel memory. 2016-05-11 Matthew Hanson <matthew_hanson@apple.com> Merge r200375. rdar://problem/26066673 2016-05-03 Pranjal Jumde <pjumde@apple.com> WorkerGlobalScope's self, location and navigator attributes should not be replaceable https://bugs.webkit.org/show_bug.cgi?id=157296 <rdar://problem/25962738> Reviewed by Chris Dumez. Tests: http/tests/workers/location-readonly.html http/tests/workers/navigator-readonly.html http/tests/workers/self-readonly.html * workers/WorkerGlobalScope.idl: The 'self', 'location', and 'navigator' properties of the WorkerGlobalScope must be immutable. See: https://html.spec.whatwg.org/multipage/workers.html#the-workerglobalscope-common-interface 2016-04-22 Matthew Hanson <matthew_hanson@apple.com> Merge r199881. rdar://problem/25879498 2016-04-22 Antti Koivisto <antti@apple.com> REGRESSION (r194898): Multi download of external SVG defs file by <use> xlinks:href (caching) https://bugs.webkit.org/show_bug.cgi?id=156368 <rdar://problem/25611746> Reviewed by Simon Fraser. We would load svg resources with fragment identifier again because the encoding never matched. Test: http/tests/svg/svg-use-external.html * loader/TextResourceDecoder.cpp: (WebCore::TextResourceDecoder::setEncoding): (WebCore::TextResourceDecoder::hasEqualEncodingForCharset): Encoding can depend on mime type. Add a comparison function that takes this into account. (WebCore::findXMLEncoding): * loader/TextResourceDecoder.h: (WebCore::TextResourceDecoder::encoding): * loader/cache/CachedCSSStyleSheet.h: * loader/cache/CachedResource.h: (WebCore::CachedResource::textResourceDecoder): Add a way to get the TextResourceDecoder from a cached resource. * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::determineRevalidationPolicy): Use the new comparison function. * loader/cache/CachedSVGDocument.h: * loader/cache/CachedScript.h: * loader/cache/CachedXSLStyleSheet.h: 2016-03-31 Matthew Hanson <matthew_hanson@apple.com> Roll out r191180. rdar://problem/25448882 Landed on behalf of Chris Dumez. * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::StartTagScanner::shouldPreload): (WebCore::TokenPreloadScanner::tagIdFor): Deleted. (WebCore::TokenPreloadScanner::initiatorFor): Deleted. (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): Deleted. (WebCore::TokenPreloadScanner::StartTagScanner::resourceType): Deleted. * html/parser/HTMLPreloadScanner.h: 2016-03-30 Matthew Hanson <matthew_hanson@apple.com> Merge r198687. rdar://problem/25448871 2016-03-25 Brady Eidson <beidson@apple.com> Soften push/replaceState frequency restrictions. <rdar://problem/25228439> and https://bugs.webkit.org/show_bug.cgi?id=155901 Rubber-stamped by Timothy Hatcher. Covered by existing LayoutTests and a new Manual Test. * page/History.cpp: (WebCore::History::stateObjectAdded): Allow 100 state object operations every 30 seconds. * page/History.h: 2016-03-18 Brent Fulgham <bfulgham@apple.com> Merge r192285. * dom/ContainerNode.cpp: (WebCore::ContainerNode::ensurePreInsertionValidity): Added. * dom/ContainerNode.h: 2015-11-10 Pranjal Jumde <pjumde@apple.com> Fixed crash loading Mozilla layout test editor/libeditor/crashtests/431086-1.xhtml. https://bugs.webkit.org/show_bug.cgi?id=150252 <rdar://problem/23149470> Reviewed by Brent Fulgham. * Source/WebCore/editing/ios/EditorIOS.mm * Source/WebCore/editing/mac/EditorMac.mm In Editor::fontForSelection moved the node removal code, so that the node is only removed if style is not NULL. * Source/WebCore/editing/cocoa/EditorCocoa.mm In Editor::styleForSelectionStart checking if the parentNode can accept the styleElement node. 2016-03-18 Brent Fulgham <bfulgham@apple.com> Unreviewed build fix. Get rid of infinitely recursive 'draw' implementation. * platform/graphics/Image.cpp: (WebCore::Image::draw): Deleted. * platform/graphics/Image.h: 2016-03-18 Babak Shafiei <bshafiei@apple.com> Merge r198377. 2016-03-17 Brent Fulgham <bfulgham@apple.com> [XSS Auditor] Off by one in XSSAuditor::canonicalizedSnippetForJavaScript() https://bugs.webkit.org/show_bug.cgi?id=155624 <rdar://problem/25219962> Unreviewed merge from Blink (patch by Tom Sepez <tsepez@chromium.org>): <https://src.chromium.org/viewvc/blink?revision=201803&view=revision> Test: http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html * html/parser/XSSAuditor.cpp: (WebCore::XSSAuditor::canonicalizedSnippetForJavaScript): Correct off-by-one error. 2016-03-18 Babak Shafiei <bshafiei@apple.com> Merge r198372. 2016-03-17 Zalan Bujtas <zalan@apple.com> Don't initiate a style recall while drawing text https://bugs.webkit.org/show_bug.cgi?id=155618 Reviewed by Simon Fraser. This patch ensures that we don't initiate a style recalc while in the middle of text drawing. Test: fast/canvas/crash-while-resizing-canvas.html * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::drawTextInternal): 2016-03-18 Babak Shafiei <bshafiei@apple.com> Merge r198370. 2016-03-17 Eric Carlson <eric.carlson@apple.com> Improve some metadata tests https://bugs.webkit.org/show_bug.cgi?id=155616 Reviewed by Saam Barati. * html/track/DataCue.cpp: (WebCore::DataCue::DataCue): (WebCore::DataCue::setData): 2016-03-18 Babak Shafiei <bshafiei@apple.com> Merge r198361. 2016-03-17 Brent Fulgham <bfulgham@apple.com> Some media tests are flaky. https://bugs.webkit.org/show_bug.cgi?id=155614 Reviewed by Eric Carlson. * html/track/TextTrack.cpp: (WebCore::TextTrack::~TextTrack): 2016-03-18 Babak Shafiei <bshafiei@apple.com> Merge r192770. 2015-11-25 Pranjal Jumde <pjumde@apple.com> Checks for buffer-overflows when reading characters from textRun https://bugs.webkit.org/show_bug.cgi?id=151055 <rdar://problem/23251789> Reviewed by Myles C. Maxfield. Prevents an off by one error when adding the last font data to the GlyphBuffer. * Source/WebCore/platform/graphics/WidthIterator.cpp: * Source/WebCore/platform/graphics/FontCascade.cpp: 2016-03-18 Babak Shafiei <bshafiei@apple.com> Merge r192499. 2015-11-16 Pranjal Jumde <pjumde@apple.com> Fixes the buffer-overflow when reading characters from textRun https://bugs.webkit.org/attachment.cgi?bugid=151055 <rdar://problem/23251789> Reviewed by Brent Fulgham. * platform/graphics/FontCascade.cpp 2016-03-18 Babak Shafiei <bshafiei@apple.com> Merge r192252. 2015-11-10 Zalan Bujtas <zalan@apple.com> Force display: block on ::-webkit-media-controls. https://bugs.webkit.org/show_bug.cgi?id=149178 <rdar://problem/23448397> Reviewed by Simon Fraser. This patch ensures that we always have a block level container for media controls so that continuation never needs to split RenderMedia into multiple subtrees. Current inline continuation logic assumes that only inline elements with RenderInline type of renderers participate in continuation. This is mostly the case since other inline renderers such as RenderReplaced, RenderImage, RenderEmbeddedObject etc can't have (accessible) children. (Unlike video::-webkit-media-controls) Test: media/webkit-media-controls-display.html * Modules/mediacontrols/mediaControlsApple.css: (::-webkit-media-controls): * Modules/mediacontrols/mediaControlsiOS.css: (::-webkit-media-controls): * css/mediaControls.css: (::-webkit-media-controls): 2016-03-18 Babak Shafiei <bshafiei@apple.com> Merge r192853. 2015-11-30 Simon Fraser <simon.fraser@apple.com> Fix possible crash with animated layers in reflections https://bugs.webkit.org/show_bug.cgi?id=151689 rdar://problem/23018612 Reviewed by Darin Adler. Reflections create additional PlatformCALayers whose owner is set to the GraphicsLayerCA. Those PlatformCALayers need their owner pointer cleared out when the GraphicsLayerCA is destroyed. Tested by compositing/reflections/nested-reflection-transition.html * platform/graphics/ca/GraphicsLayerCA.cpp: * platform/graphics/ca/GraphicsLayerCA.h: 2016-03-16 Matthew Hanson <matthew_hanson@apple.com> Merge r188574. rdar://problem/25070230 2015-08-17 Alex Christensen <achristensen@webkit.org> WinCairo build fix after r188566 * platform/graphics/win/FontPlatformDataCairoWin.cpp: (WebCore::FontPlatformData::FontPlatformData): Remove reference to removed m_isCompositeFontReference. 2016-03-16 Matthew Hanson <matthew_hanson@apple.com> Merge r188566. rdar://problem/25070230 2015-08-17 Myles C. Maxfield <mmaxfield@apple.com> [OS X] Remove support for composite fonts https://bugs.webkit.org/show_bug.cgi?id=147920 Reviewed by Dan Bernstein. Composite fonts were first introduced in [1]. These composite fonts are extremely rare because: 1. None of the preinstalled fonts on either OS X nor iOS are composite fonts, 2. WebKit does not support loading web fonts from composite font files, and 3. WebKit's support only ever existed on OS X (none of the other ports). In fact, no one I've consulted with has ever seen any of these fonts used in the wild. The fonts also require a fundamentally broken code path, and add complexity to WebKit. [1] https://bugs.webkit.org/attachment.cgi?id=134923&action=review No new tests. * platform/graphics/Font.h: * platform/graphics/FontPlatformData.cpp: (WebCore::FontPlatformData::FontPlatformData): Deleted. (WebCore::FontPlatformData::operator=): Deleted. * platform/graphics/FontPlatformData.h: (WebCore::FontPlatformData::isCompositeFontReference): Deleted. (WebCore::FontPlatformData::operator==): Deleted. * platform/graphics/cocoa/FontCocoa.mm: (WebCore::Font::compositeFontReferenceFont): Deleted. * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::FontPlatformData): Deleted. (WebCore::FontPlatformData::setFont): Deleted. * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::shouldUseCoreText): (WebCore::GlyphPage::fill): 2016-03-16 Matthew Hanson <matthew_hanson@apple.com> Merge r192054. rdar://problem/25152937 * rendering/OrderIterator.cpp: (WebCore::OrderIterator::next): 2016-02-26 Babak Shafiei <bshafiei@apple.com> Roll out r196637. rdar://problem/24494562 2016-02-26 Babak Shafiei <bshafiei@apple.com> Merge patch for rdar://problem/24826901. 2016-02-19 Matthew Hanson <matthew_hanson@apple.com> Merge r196703. rdar://problem/24623986 2016-02-17 Eric Carlson <eric.carlson@apple.com> [Win] Allow ports to disable automatic text track selection https://bugs.webkit.org/show_bug.cgi?id=154322 <rdar://problem/24623986> Reviewed by Brent Fulgham. * page/CaptionUserPreferencesMediaAF.cpp: (MTEnableCaption2015BehaviorPtr): Implement for Windows. 2016-02-12 Babak Shafiei <bshafiei@apple.com> Merge patch for rdar://problem/24626412. 2016-02-12 Brent Fulgham <bfulgham@apple.com> [Win] Correct internal branch build failure. <rdar://problem/24626412> Work around some C++11 compiler limitations in VS2013. Fix the Windows build for the new <picture> element code. Correct some AVFoundationCF changes that were not properly updated in this branch. * DerivedSources.cpp: Add missing files. * WebCore.vcxproj/WebCore.vcxproj: Ditto. * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto. * css/CSSAllInOne.cpp: Ditto. * html/HTMLElementsAllInOne.cpp: Ditto. * platform/graphics/FontCache.h: Work around VS2013 bugs. (WebCore::FontDescriptionFontDataCacheKey::FontDescriptionFontDataCacheKey): * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.cpp: (WebCore::CDMSessionAVFoundationCF::CDMSessionAVFoundationCF): Correct signature that was not fixed for Windows in this branch. * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.h: (WebCore::CDMSessionAVFoundationCF::~CDMSessionAVFoundationCF): * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp: (WebCore::MediaPlayerPrivateAVFoundationCF::takeRequestForKeyURI): (WebCore::MediaPlayerPrivateAVFoundationCF::createSession): * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.h: * platform/graphics/win/FontCustomPlatformData.cpp: 2016-02-12 Matthew Hanson <matthew_hanson@apple.com> Merge r196401. rdar://problem/24611749 2016-02-10 Eric Carlson <eric.carlson@apple.com> Update "manual" caption track logic https://bugs.webkit.org/show_bug.cgi?id=154084 <rdar://problem/24530516> Reviewed by Dean Jackson. No new tests, media/track/track-manual-mode.html was updated. * English.lproj/Localizable.strings: Add new string. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::addTextTrack): track.setManualSelectionMode is no more. (WebCore::HTMLMediaElement::configureTextTrackGroup): Never enable a track automatically when in manual selection mode. (WebCore::HTMLMediaElement::captionPreferencesChanged): track.setManualSelectionMode is no more. * html/track/TextTrack.cpp: (WebCore::TextTrack::containsOnlyForcedSubtitles): Return true for forced tracks. (WebCore::TextTrack::kind): Deleted. * html/track/TextTrack.h: * html/track/TrackBase.h: (WebCore::TrackBase::kind): De-virtualize, nobody overrides it. * page/CaptionUserPreferencesMediaAF.cpp: (WebCore::trackDisplayName): Include "forced" in the name of forced tracks. * platform/LocalizedStrings.cpp: (WebCore::forcedTrackMenuItemText): New. * platform/LocalizedStrings.h: 2016-02-10 Matthew Hanson <matthew_hanson@apple.com> Merge r196226. rdar://problem/24417430 2016-02-06 Beth Dakin <bdakin@apple.com> ScrollbarPainters needs to be deallocated on the main thread https://bugs.webkit.org/show_bug.cgi?id=153932 -and corresponding- rdar://problem/24015483 Reviewed by Dan Bernstein. Darin pointed out that this was still race-y. There was still a race condition between the destruction of the two local variables and the destruction of the lambda on the main thread. This should fix that. * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h: * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm: (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac): (WebCore::ScrollingTreeFrameScrollingNodeMac::releaseReferencesToScrollbarPaintersOnTheMainThread): (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren): 2016-02-10 Matthew Hanson <matthew_hanson@apple.com> Merge r196208. rdar://problem/24417430 2016-02-05 Beth Dakin <bdakin@apple.com> ScrollbarPainters needs to be deallocated on the main thread https://bugs.webkit.org/show_bug.cgi?id=153932 -and corresponding- rdar://problem/24015483 Reviewed by Geoff Garen. Follow-up fix since the first one was still race-y. * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm: (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac): (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren): 2016-02-10 Matthew Hanson <matthew_hanson@apple.com> Merge r196206. rdar://problem/24417430 2016-02-05 Beth Dakin <bdakin@apple.com> ScrollbarPainters needs to be deallocated on the main thread https://bugs.webkit.org/show_bug.cgi?id=153932 -and corresponding- rdar://problem/24015483 Reviewed by Tim Horton. Ensure the the destructor of ScrollingTreeFrameScrollingNodeMac and the assignments done in this class are not responsible for deallocating the ScrollbarPainter. * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm: (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac): (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren): 2016-02-09 Babak Shafiei <bshafiei@apple.com> Merge r190616. 2015-10-06 Brent Fulgham <bfulgham@apple.com> [Win] Correct positioning error introduced in r190235 https://bugs.webkit.org/show_bug.cgi?id=149631 <rdar://problem/22635080> Reviewed by Simon Fraser. Covered by existing compositing tests: css3/filters/clipping-overflow-scroll-with-pixel-moving-effect-on.html fast/layers/no-clipping-overflow-hidden-added-after-transform.html fast/layers/no-clipping-overflow-hidden-added-after-transition.html fast/layers/no-clipping-overflow-hidden-hardware-acceleration.html transforms/2d/preserve3d-not-fixed-container.html * platform/graphics/ca/TileGrid.cpp: (TileGrid::platformCALayerPaintContents): No need to do this extra flipping step on Windows. * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp: (PlatformCALayerWinInternal::displayCallback): We should always flip the coordinate system when drawing these layers on Windows. (shouldInvertBeforeDrawingContent): Deleted. * platform/graphics/ca/win/WebTiledBackingLayerWin.cpp: (WebTiledBackingLayerWin::displayCallback): We do not need to flip coordinates for these tiled layers; that's already accounted for in common tile drawing code. 2016-02-09 Babak Shafiei <bshafiei@apple.com> Merge patch for rdar://problem/24563410. 2016-02-09 Brent Fulgham <bfulgham@apple.com> Remove unused code in r187245 When merging r187245, we accidentally revived three functions that had been removed in a prior commit. This broke the Windows build on this branch. * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp: (PlatformCALayerWinInternal::drawTile): Deleted. (PlatformCALayerWinInternal::createTileController): Deleted. (PlatformCALayerWinInternal::tiledBacking): Deleted. 2016-02-08 Babak Shafiei <bshafiei@apple.com> Merge r187245. 2015-07-23 Brent Fulgham <bfulgham@apple.com> [Win] Implement High DPI support features https://bugs.webkit.org/show_bug.cgi?id=146335 <rdar://problem/21558269> Reviewed by Alex Christensen. * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp: (WebCore::PlatformCALayerWinInternal::drawTile): Don't translate the CGContext to the position of the CACFLayerRef; the underlying context is already in the right position. * platform/win/PlatformMouseEventWin.cpp: Update class to adjust mouse event coordinates based on scaling factor. (WebCore::deviceScaleFactor): (WebCore::positionForEvent): * platform/win/ScrollbarThemeWin.cpp: (WebCore::scrollbarThicknessInPixels): (WebCore::ScrollbarThemeWin::scrollbarThickness): (WebCore::ScrollbarThemeWin::themeChanged): * platform/win/WheelEventWin.cpp: Update class to adjust wheel event coordinates based on scaling factor. (WebCore::deviceScaleFactor): (WebCore::positionForEvent): (WebCore::globalPositionForEvent): (WebCore::PlatformWheelEvent::PlatformWheelEvent): 2016-02-03 Matthew Hanson <matthew_hanson@apple.com> Merge r196010. rdar://problem/24417428 2016-02-02 Eric Carlson <eric.carlson@apple.com> Allow ports to disable automatic text track selection https://bugs.webkit.org/show_bug.cgi?id=153761 <rdar://problem/24416768> Reviewed by Darin Adler. Test: media/track/track-manual-mode.html * Modules/mediacontrols/MediaControlsHost.cpp: (WebCore::MediaControlsHost::manualKeyword): New. (WebCore::MediaControlsHost::captionDisplayMode): Support 'manual' mode. * Modules/mediacontrols/MediaControlsHost.h: * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.buildCaptionMenu): Check the 'off' item when in manual mode. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::addTextTrack): Update m_captionDisplayMode when called for the first time so it is always correct. Set the track's manual selection mode as appropriate. (WebCore::HTMLMediaElement::captionPreferencesChanged): Set each track's manual selection mode as appropriate. * html/track/TextTrack.cpp: (WebCore::TextTrack::kind): Return 'subtitles' for forced tracks when in manual mode. * html/track/TextTrack.h: * html/track/TrackBase.h: (WebCore::TrackBase::kind): Make virtual. * page/CaptionUserPreferences.cpp: (WebCore::CaptionUserPreferences::beginBlockingNotifications): New. (WebCore::CaptionUserPreferences::endBlockingNotifications): Ditto. (WebCore::CaptionUserPreferences::notify): Don't notify when blocked. * page/CaptionUserPreferences.h: * page/CaptionUserPreferencesMediaAF.cpp: (WebCore::CaptionUserPreferencesMediaAF::CaptionUserPreferencesMediaAF): Set manual mode when appropriate. (WebCore::CaptionUserPreferencesMediaAF::captionDisplayMode): Check manual mode. (WebCore::CaptionUserPreferencesMediaAF::setCaptionDisplayMode): Ditto. (WebCore::CaptionUserPreferencesMediaAF::setPreferredLanguage): Ditto. (WebCore::CaptionUserPreferencesMediaAF::textTrackSelectionScore): Return zero when in manual mode. (WebCore::CaptionUserPreferencesMediaAF::sortedTrackListForMenu): Consider manual mode. Fix typos in logging. * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::mediaDescriptionForKind): Return 'auxiliary' when in manual mode. * testing/Internals.cpp: (WebCore::Internals::setCaptionDisplayMode): Support manual mode. 2016-02-03 Matthew Hanson <matthew_hanson@apple.com> Merge r195912. rdar://problem/24417428 2016-01-30 Eric Carlson <eric.carlson@apple.com> More than one audio and/or text track sometimes selected in media controls menu https://bugs.webkit.org/show_bug.cgi?id=153664 Use an <img> element for the track menu item checkmark instead of a background image and the ::before selector. Reviewed by Jer Noble. Test: media/controls/track-menu.html * Modules/mediacontrols/mediaControlsApple.css: (audio::-webkit-media-controls-closed-captions-container li:hover): (audio::-webkit-media-controls-closed-captions-container li .checkmark-container): (audio::-webkit-media-controls-closed-captions-container li.selected .checkmark-container): (audio::-webkit-media-controls-closed-captions-container li.selected:hover .checkmark-container): (audio::-webkit-media-controls-closed-captions-container li.selected::before): Deleted. (audio::-webkit-media-controls-closed-captions-container li.selected:hover::before): Deleted. * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.buildCaptionMenu): (Controller.prototype.): (Controller.prototype.getCurrentControlsStatus): 2016-02-03 Matthew Hanson <matthew_hanson@apple.com> Merge r192570. rdar://problem/24417428 2015-11-18 Aaron Chu <arona.chu@gmail.com> AX: Shadow DOM video player controls menus need aria-owns on the trigger buttons https://bugs.webkit.org/show_bug.cgi?id=127065 Reviewed by Darin Adler. Test: media/accessibility-closed-captions-has-aria-owns.html * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.createControls): (Controller.prototype.buildCaptionMenu): * Modules/mediacontrols/mediaControlsBase.js: (Controller.prototype.createControls): (Controller.prototype.buildCaptionMenu): 2016-02-01 Matthew Hanson <matthew_hanson@apple.com> Merge r195837. rdar://problem/24002220 2016-01-29 Brent Fulgham <bfulgham@apple.com> [WebGL] Check vertex array bounds before permitting a glDrawArrays to execute https://bugs.webkit.org/show_bug.cgi?id=153643 <rdar://problem/23424456> Reviewed by Dean Jackson. Tested by fast/canvas/webgl/webgl-drawarrays-crash.html. * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::validateDrawArrays): Make sure that we have at least one buffer bound to a program if a drawArray call with a non-zero range of requested data is being made. (WebCore::WebGLRenderingContextBase::validateDrawElements): Drive-by formatting fix. 2016-01-31 Babak Shafiei <bshafiei@apple.com> Merge patch for rdar://problem/24426332 and rdar://problem/24209109. 2016-01-31 Babak Shafiei <bshafiei@apple.com> Roll out r195817. 2016-01-29 Babak Shafiei <bshafiei@apple.com> Merge r194479. 2016-01-01 Jeff Miller <jeffm@apple.com> Update user-visible copyright strings to include 2016 https://bugs.webkit.org/show_bug.cgi?id=152531 Reviewed by Alexey Proskuryakov. * Info.plist: 2016-01-29 Babak Shafiei <bshafiei@apple.com> Merge r195615. 2016-01-20 Andy Estes <aestes@apple.com> Re-enable synchronous popstate event for safari-601-branch https://bugs.webkit.org/show_bug.cgi?id=153297 rdar://problem/24154417 Reviewed by Brent Fulgham. r192369 made the popstate event dispatch asynchronously, which matches what the HTML5 spec says to do. However, due to compatibility regressions, we do not want to include this behavior change in safari-601-branch. This change reverts r192369's changes to Document.cpp, but retains the new tests. This change is intended only for safari-601-branch and its copies. The popstate event should remain asynchronous in trunk. Firing popstate synchronously makes both fast/loader/remove-iframe-during-history-navigation-different. Html and fast/loader/remove-iframe-during-history-navigation-same.html crash, because their onpopstate handlers remove frames from the document that will later be accessed by HistoryController::recursiveGoToItem(). To prevent the crashes, this change does two things: 1. Keep a reference to the current frame inside FrameLoader::loadSameDocumentItem(), since calling loadInSameDocument() might otherwise delete it. 2. Handle a null frame when iterating a HistoryItem's child frames in HistoryController::recursiveGoToItem(), since calling goToItem() on one frame might cause another frame to be deleted. Covered by existing tests. fast/loader/stateobjects/popstate-is-asynchronous-expected.txt was updated to expect popstate to be synchronous. * dom/Document.cpp: (WebCore::Document::enqueuePopstateEvent): * loader/FrameLoader.cpp: (WebCore::FrameLoader::loadSameDocumentItem): * loader/HistoryController.cpp: (WebCore::HistoryController::recursiveGoToItem): 2016-01-29 Babak Shafiei <bshafiei@apple.com> Merge patch for rdar://problem/24394636. 2016-01-28 Babak Shafiei <bshafiei@apple.com> Merge r192700. 2015-11-20 Brent Fulgham <bfulgham@apple.com> [Win] Support High DPI drawing with CACFLayers https://bugs.webkit.org/show_bug.cgi?id=147242 <rdar://problem/19861992> Reviewed by Simon Fraser. * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp: (WebCore::WKCACFViewLayerTreeHost::initializeContext): Set correct content scale factor for current screen, and apply an appropriate base transform to the CACFLayer so drawing operations are done properly. 2016-01-28 Babak Shafiei <bshafiei@apple.com> Merge r194235. 2015-12-17 Brent Fulgham <bfulgham@apple.com> [Win] Prevent flashing/strobing repaints on certain hardware https://bugs.webkit.org/show_bug.cgi?id=152394 <rdar://problem/23875302> Reviewed by Simon Fraser. This patch reverts a change I made in r192166, where I always set the m_viewNeedsUpdate flag to true when a 'flushContext' call was made. Instead, we should go back to letting the view decide when it needs to paint. * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp: (WebCore::WKCACFViewLayerTreeHost::flushContext): Don't just claim that the view needs to be updated any time we are asked to flush. 2016-01-28 Babak Shafiei <bshafiei@apple.com> Merge r192166. 2015-11-09 Brent Fulgham <bfulgham@apple.com> [Win] Recognize context flush as an event that requires an update https://bugs.webkit.org/show_bug.cgi?id=151001 <rdar://problem/22956040> Reviewed by Simon Fraser. * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp: (WebCore::WKCACFViewLayerTreeHost::flushContext): Mark view as needing an update when flushing so internal drawing code will do the paint. * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::paintIntoLayer): Skip WK2 assert that does not apply to Windows drawing path. 2016-01-28 Matthew Hanson <matthew_hanson@apple.com> Merge r195710. rdar://problem/24337780 2016-01-27 Babak Shafiei <bshafiei@apple.com> Merge r195625. 2016-01-26 Brady Eidson <beidson@apple.com> History.pushState causes intense memory pressure. https://bugs.webkit.org/show_bug.cgi?id=153435 Reviewed by Sam Weinig, Oliver Hunt, and Geoff Garen. Tests: fast/loader/stateobjects/pushstate-frequency-iframe.html fast/loader/stateobjects/pushstate-frequency-with-user-gesture.html fast/loader/stateobjects/pushstate-frequency.html fast/loader/stateobjects/replacestate-frequency-iframe.html fast/loader/stateobjects/replacestate-frequency-with-user-gesture.html fast/loader/stateobjects/replacestate-frequency.html loader/stateobjects/pushstate-size-iframe.html loader/stateobjects/pushstate-size.html loader/stateobjects/replacestate-size-iframe.html loader/stateobjects/replacestate-size.html Add restrictions on how frequently push/replaceState can be called, as well as how much of a cumulative payload they can deliver. * bindings/js/JSHistoryCustom.cpp: (WebCore::JSHistory::pushState): (WebCore::JSHistory::replaceState): * page/History.cpp: (WebCore::History::stateObjectAdded): * page/History.h: 2016-01-26 Eric Carlson <eric.carlson@apple.com> Cherry-pick r195592 and parts of r194672 to fix rdar://24154288 <rdar://problem/24154288> FaradayDotFour: Do not see AirPlay icon in Vimeo Unreviewed. * Modules/mediasession/WebMediaSessionManager.cpp: (WebCore::mediaProducerStateString): Log a new flag. (WebCore::WebMediaSessionManager::clientStateDidChange): Schedule a client reconfiguration if the 'requires monitoring', 'has listener', or 'has audio or video' flags have changed. (WebCore::WebMediaSessionManager::configurePlaybackTargetMonitoring): Start monitoring if at least one client has a listener and at least one has audio/video. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::mediaState): Set new flags. * page/MediaProducer.h: Add new flags. 2016-01-27 Matthew Hanson <matthew_hanson@apple.com> Merge r195609. rdar://problem/24337868 2016-01-26 Jeremy Noble <jer.noble@apple.com> [EME][Mac] Crash in [AVStreamSession addStreamDataParser:]; uncaught exception https://bugs.webkit.org/show_bug.cgi?id=153495 Reviewed by Eric Carlson. When AVContentKeySession is not available, fall back to pre-AVContentKeySession behavior; namely, immediately create an AVStreamSession object in willProvideContentKeyRequestInitializationData, rather than waiting for didProvide. * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: (WebCore::SourceBufferPrivateAVFObjC::willProvideContentKeyRequestInitializationDataForTrackID): 2016-01-27 Matthew Hanson <matthew_hanson@apple.com> Merge r195606. rdar://problem/24242476 2016-01-25 Dave Hyatt <hyatt@apple.com> Speculative fixes for crashing in viewportChangeAffectedPicture https://bugs.webkit.org/show_bug.cgi?id=153450 Reviewed by Dean Jackson. Don't attach any conditions to the removal of a picture element from the document's HashSet. This ensures that if the condition is ever wrong for any reason, we'll still remove the picture element on destruction. Fix the media query evaluation to match the other evaluations (used by the preload scanner and HTMLImageElement). This includes using the document element's computed style instead of our own and also null checking the document element first. This is the likely cause of the crashes. * html/HTMLPictureElement.cpp: (WebCore::HTMLPictureElement::~HTMLPictureElement): (WebCore::HTMLPictureElement::didMoveToNewDocument): (WebCore::HTMLPictureElement::viewportChangeAffectedPicture): 2016-01-27 Matthew Hanson <matthew_hanson@apple.com> Merge r195477. rdar://problem/24002217 2016-01-21 Sam Weinig <sam@webkit.org> Treat non-https actions on secure pages as mixed content <rdar://problem/23144492> https://bugs.webkit.org/show_bug.cgi?id=153322 Reviewed by Alexey Proskuryakov. Tests: http/tests/security/mixedContent/insecure-form-in-iframe.html http/tests/security/mixedContent/insecure-form-in-main-frame.html http/tests/security/mixedContent/javascript-url-form-in-main-frame.html * html/HTMLFormElement.cpp: (WebCore::HTMLFormElement::parseAttribute): Check form actions for mixed content. * loader/MixedContentChecker.cpp: (WebCore::MixedContentChecker::checkFormForMixedContent): * loader/MixedContentChecker.h: Add new function to check and warn if a form's action is mixed content. 2016-01-27 Matthew Hanson <matthew_hanson@apple.com> Merge r195162. rdar://problem/24302736 2016-01-15 Jiewen Tan <jiewen_tan@apple.com> FrameLoaderClient::didReceiveServerRedirectForProvisionalLoadForFrame() is never called when loading a main resource from the memory cache https://bugs.webkit.org/show_bug.cgi?id=152520 <rdar://problem/23305737> Reviewed by Andy Estes. Test: http/tests/loading/server-redirect-for-provisional-load-caching.html * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::responseReceived): Dispatch message to notify client that a cached resource was redirected. So, client can make proper actions to treat server side redirection. * loader/cache/CachedRawResource.h: Add a method to tell whether the cached resource was redirected. 2016-01-27 Matthew Hanson <matthew_hanson@apple.com> Merge r195132. rdar://problem/24154292 2016-01-15 Dave Hyatt <hyatt@apple.com> Avoid downloading the wrong image for <picture> elements. https://bugs.webkit.org/show_bug.cgi?id=153027 Reviewed by Dean Jackson. No tests, since they are always flaky. * html/HTMLImageElement.cpp: (WebCore::HTMLImageElement::HTMLImageElement): (WebCore::HTMLImageElement::~HTMLImageElement): (WebCore::HTMLImageElement::createForJSConstructor): (WebCore::HTMLImageElement::bestFitSourceFromPictureElement): (WebCore::HTMLImageElement::insertedInto): (WebCore::HTMLImageElement::removedFrom): (WebCore::HTMLImageElement::pictureElement): (WebCore::HTMLImageElement::setPictureElement): (WebCore::HTMLImageElement::width): * html/HTMLImageElement.h: (WebCore::HTMLImageElement::hasShadowControls): * html/HTMLPictureElement.h: * html/parser/HTMLConstructionSite.cpp: (WebCore::HTMLConstructionSite::createHTMLElement): * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): Images that are built underneath a <picture> element are now connected to that picture element via a setPictureNode call from the parser. This ensures that the correct <source> elements are examined before checking the image. This connection between images and their picture owners is handled using a static HashMap in HTMLImageElement. This connection is made both from the parser and from DOM insertions, and the map is queried now instead of looking directly at the image's parentNode(). 2016-01-27 Matthew Hanson <matthew_hanson@apple.com> Merge r195075. rdar://problem/24302727 2016-01-14 Daniel Bates <dabates@apple.com> Disallow use of Geolocation service from unique origins https://bugs.webkit.org/show_bug.cgi?id=153102 <rdar://problem/23055645> Reviewed by Alexey Proskuryakov. Tests: fast/dom/Geolocation/dataURL-getCurrentPosition.html fast/dom/Geolocation/dataURL-watchPosition.html fast/dom/Geolocation/srcdoc-getCurrentPosition.html fast/dom/Geolocation/srcdoc-watchPosition.html http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition.html http/tests/security/sandboxed-iframe-geolocation-watchPosition.html * Modules/geolocation/Geolocation.cpp: (WebCore::Geolocation::securityOrigin): Convenience function to get the SecurityOrigin object associated with this script execution context. (WebCore::Geolocation::startRequest): Notify requester POSITION_UNAVAILABLE when requested from a document with a unique origin. * Modules/geolocation/Geolocation.h: * page/SecurityOrigin.h: (WebCore::SecurityOrigin::canRequestGeolocation): Added. 2016-01-27 Matthew Hanson <matthew_hanson@apple.com> Merge r194559. rdar://problem/24269083 2016-01-04 Tim Horton <timothy_horton@apple.com> Turn on gesture events when building for Yosemite https://bugs.webkit.org/show_bug.cgi?id=152704 rdar://problem/24042472 Reviewed by Anders Carlsson. * Configurations/FeatureDefines.xcconfig: 2016-01-20 Babak Shafiei <bshafiei@apple.com> Merge r188377. 2015-08-12 Myles C. Maxfield <mmaxfield@apple.com> [Cocoa] [CJK-configured device] System font has vertical punctuation https://bugs.webkit.org/show_bug.cgi?id=147964 <rdar://problem/22256660> Reviewed by Dean Jackson. GlyphPage::fill() has multiple code paths to accomplish its goal. It uses the shouldUseCoreText() helper function to determine which one of the paths should be taken. However, not all of the code paths in GlyphPage::fill() are able of handling all situations. Indeed, the CoreText code paths in GlyphPage::fill() are only able to handle the situations which shouldUseCoreText() returns true for. This happens in the following cases: 1. If the font is a composite font 2. If the font is used for text-combine 3. If the font has vertical glyphs In r187693, I added one more case to this list: If the font is the system font. However, I failed to add the necessary support to GlyphPage::fill() for this case. Becasue of this, we just happened to fall into the case of vertical fonts (just by coincidence), which causes us to use CTFontGetVerticalGlyphsForCharacters() instead of CTFontGetGlyphsForCharacters(). The solution is to adopt the same behavior we were using before r187693. Back then, we were using CGFontGetGlyphsForUnichars(), which always returned horizontal glyphs. We should simply adopt this same behavior, except in the Core Text case. Therefore, this patch is just a simple check to see if we are using the system font when determining which Core Text function to use. Test: fast/text/system-font-punctuation.html * platform/graphics/FontDescription.h: (WebCore::FontDescription::setWidthVariant): * platform/graphics/FontPlatformData.h: (WebCore::FontPlatformData::isForTextCombine): * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::shouldUseCoreText): (WebCore::GlyphPage::fill): * rendering/RenderCombineText.cpp: (WebCore::RenderCombineText::combineText): 2016-01-20 Babak Shafiei <bshafiei@apple.com> Merge r188263. 2015-08-11 Myles C. Maxfield <mmaxfield@apple.com> [iOS] Arabic letter Yeh is drawn in LastResort https://bugs.webkit.org/show_bug.cgi?id=147862 <rdar://problem/22202935> Reviewed by Darin Adler. In order to perform font fallback, we must know which fonts support which characters. We perform this check by asking each font to map a sequence of codepoints to glyphs, and any glyphs which end up with a 0 value are unsupported by the font. One of the mechanisms that we use to do this is to combine the code points into a string, and tell Core Text to lay out the string. However, this is fundamentally a different operation than the one we are trying to perform. Strings combine adjacent codepoints into grapheme clusters, and CoreText operates on these. However, we are trying to gain information regarding codepoints, not grapheme clusters. Instead of taking this string-based approach, we should try harder to use Core Text functions which operate on ordered collections of characters, rather than strings. In particular, CTFontGetGlyphsForCharacters() and CTFontGetVerticalGlyphsForCharacters() have the behavior we want where any unmapped characters end up with a 0 value glyph. Previously, we were only using the result of those functions if they were successfully able to map their entire input. However, given the fact that we can degrade gracefully in the case of a partial mapping, we shouldn't need to bail completely to the string-based approach should a partial mapping occur. At some point we should delete the string-based approach entirely. However, this path is still explicitly used for composite fonts. Fixing that use case is out of scope for this patch. Test: fast/text/arabic-glyph-cache-fill-combine.html * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::GlyphPage::fill): 2016-01-20 Timothy Hatcher <timothy@apple.com> <rdar://problem/24242600> CrashTracer: com.apple.WebKit.WebContent at …pector::CSSFrontendDispatcher::mediaQueryResultChanged + 316 Reviewed by Joseph Pecoraro. * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::willDestroyFrontendAndBackend): Call disable(). (WebCore::InspectorCSSAgent::mediaQueryResultChanged): Add null check. 2016-01-20 Matthew Hanson <matthew_hanson@apple.com> Merge r195066. rdar://problem/24154288 2016-01-20 Matthew Hanson <matthew_hanson@apple.com> Rollout r192200 via r195067. rdar://problem/24154288 2016-01-20 Matthew Hanson <matthew_hanson@apple.com> Rollout r195068. rdar://problem/24154288 2016-01-14 Matthew Hanson <matthew_hanson@apple.com> Merge r194672. rdar://problem/24154288 2016-01-06 Eric Carlson <eric.carlson@apple.com> AirPlay route availability event not always sent https://bugs.webkit.org/show_bug.cgi?id=152802 Reviewed by Jer Noble. Test: media/airplay-target-availability.html * Modules/mediasession/WebMediaSessionManager.cpp: (WebCore::mediaProducerStateString): Log the new flags. (WebCore::WebMediaSessionManager::clientStateDidChange): Schedule a client reconfiguration if the 'requires monitoring', 'has listener', or 'has audio or video' flags have changed. (WebCore::WebMediaSessionManager::configurePlaybackTargetMonitoring): Start monitoring if at least one client has a listener and at least one has audio/video. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::mediaState): Set new flags. * html/HTMLMediaElement.h: * page/MediaProducer.h: Define new flags. Add new state enum. * platform/graphics/MediaPlaybackTargetContext.h: Initial state is "Unknown". * platform/mock/MediaPlaybackTargetMock.h: * platform/mock/MediaPlaybackTargetPickerMock.cpp: (WebCore::MediaPlaybackTargetPickerMock::externalOutputDeviceAvailable): Enums not bitfields. (WebCore::MediaPlaybackTargetPickerMock::startingMonitoringPlaybackTargets): Ditto. Don't make device change callback if the device state is "Unknown". (WebCore::MediaPlaybackTargetPickerMock::setState): Ditto. * platform/mock/MediaPlaybackTargetPickerMock.h: * testing/Internals.cpp: (WebCore::Internals::setMockMediaPlaybackTargetPickerState): Support new state. 2016-01-13 Matthew Hanson <matthew_hanson@apple.com> Merge r194927. rdar://problem/24101254 2016-01-12 Daniel Bates <dabates@apple.com> XSS Auditor should navigate to empty substitute data on full page block https://bugs.webkit.org/show_bug.cgi?id=152868 <rdar://problem/18658448> Reviewed by David Kilzer and Andy Estes. Derived from Blink patch (by Tom Sepez <tsepez@chromium.org>): <https://src.chromium.org/viewvc/blink?view=rev&revision=179240> Test: http/tests/security/xssAuditor/block-does-not-leak-that-page-was-blocked-using-empty-data-url.html * html/parser/XSSAuditorDelegate.cpp: (WebCore::XSSAuditorDelegate::didBlockScript): Modified to call NavigationScheduler::schedulePageBlock(). * loader/NavigationScheduler.cpp: (WebCore::ScheduledPageBlock::ScheduledPageBlock): Added. (WebCore::NavigationScheduler::schedulePageBlock): Navigate to empty substitute data with the same URL as the originating document. * loader/NavigationScheduler.h: 2016-01-13 Matthew Hanson <matthew_hanson@apple.com> Merge r194898. rdar://problem/24154290 2016-01-12 Antti Koivisto <antti@apple.com> Don't reuse memory cache entries with different charset https://bugs.webkit.org/show_bug.cgi?id=110031 rdar://problem/13666418 Reviewed by Andreas Kling. Test: fast/loader/cache-encoding.html * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::requestResource): (WebCore::logResourceRevalidationDecision): (WebCore::CachedResourceLoader::determineRevalidationPolicy): Pass full CachedResourceRequest to the function. If charset differs don't reuse the cache entry. * loader/cache/CachedResourceLoader.h: 2016-01-13 Matthew Hanson <matthew_hanson@apple.com> Merge r194865. rdar://problem/24154291 2016-01-11 Dave Hyatt <hyatt@apple.com> Picture element needs to work with the preload scanner and select the correct source element instead of loading the image. https://bugs.webkit.org/show_bug.cgi?id=152983 Reviewed by Dean Jackson. Added new tests in http/tests/loading. * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::tagIdFor): (WebCore::TokenPreloadScanner::initiatorFor): (WebCore::TokenPreloadScanner::StartTagScanner::StartTagScanner): (WebCore::TokenPreloadScanner::StartTagScanner::processAttributes): (WebCore::TokenPreloadScanner::StartTagScanner::processImageAndScriptAttribute): (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): (WebCore::TokenPreloadScanner::StartTagScanner::resourceType): (WebCore::TokenPreloadScanner::scan): * html/parser/HTMLPreloadScanner.h: (WebCore::TokenPreloadScanner::setPredictedBaseElementURL): (WebCore::TokenPreloadScanner::inPicture): 2016-01-13 Matthew Hanson <matthew_hanson@apple.com> Merge r191180. rdar://problem/24154291 2015-10-16 Chris Dumez <cdumez@apple.com> HTMLPreloadScanner should preload iframes https://bugs.webkit.org/show_bug.cgi?id=150097 <rdar://problem/23094475> Reviewed by Antti Koivisto. HTMLPreloadScanner should preload iframes to decrease page load time. Tests: - fast/preloader/frame-src.html - http/tests/loading/preload-no-store-frame-src.html * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::tagIdFor): (WebCore::TokenPreloadScanner::initiatorFor): (WebCore::TokenPreloadScanner::StartTagScanner::createPreloadRequest): (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): (WebCore::TokenPreloadScanner::StartTagScanner::resourceType): (WebCore::TokenPreloadScanner::StartTagScanner::setUrlToLoad): Deleted. (WebCore::TokenPreloadScanner::StartTagScanner::charset): Deleted. * html/parser/HTMLPreloadScanner.h: 2016-01-13 Matthew Hanson <matthew_hanson@apple.com> Merge r190641. rdar://problem/24154291 2015-10-06 Chris Dumez <cdumez@apple.com> Refactor TokenPreloadScanner::StartTagScanner::processAttribute() https://bugs.webkit.org/show_bug.cgi?id=149847 Reviewed by Antti Koivisto. Refactor TokenPreloadScanner::StartTagScanner::processAttribute() to only process attributes that make sense given the current tagId. In particular, - We only process the charset parameter if the tag is a link or a script. - We only process the sizes / srcset attributes if the tag is an img. * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): (WebCore::TokenPreloadScanner::StartTagScanner::setUrlToLoad): Deleted. 2016-01-12 Matthew Hanson <matthew_hanson@apple.com> Merge r194751. rdar://problem/24043054 2016-01-07 Brent Fulgham <bfulgham@apple.com> Correct missing EXT_sRGB Format Handling https://bugs.webkit.org/show_bug.cgi?id=152876 <rdar://problem/23284389> Reviewed by Alex Christensen. Tested by WebGL 1.0.4 suite. * platform/graphics/GraphicsContext3D.cpp: (getDataFormat): Handle missing SRGB and SRGB_ALPHA cases. * platform/graphics/GraphicsContext3D.h: Add missing SRGB_ALPHA value from the Khronos standard. * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp: (WebCore::GraphicsContext3D::texImage2D): Add an assertion that we are not being handed an internal format to a method that works with normal formats. 2016-01-12 Matthew Hanson <matthew_hanson@apple.com> Merge r194745. rdar://problem/24101258 2016-01-07 Jer Noble <jer.noble@apple.com> [EME] Secure stop information not written to disk https://bugs.webkit.org/show_bug.cgi?id=152855 Reviewed by Eric Carlson. Two separate bugs for the two APIs provided by AVFoundation. For the AVStreamSession path, we were not calling the lazy-creation function which creates the AVStreamSession, and were rather accessing the ivar directly. For the AVContentKeySession, we were not creating the intermediate paths containing the secure stop database. * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm: (WebCore::CDMSessionAVContentKeySession::contentKeySession): * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setCDMSession): 2016-01-12 Matthew Hanson <matthew_hanson@apple.com> Merge r194910. rdar://problem/24101255 2016-01-11 Matthew Hanson <matthew_hanson@apple.com> Merge r194666. rdar://problem/24101185 2016-01-06 Brent Fulgham <bfulgham@apple.com> Port blocking bypass issue using 307 redirect https://bugs.webkit.org/show_bug.cgi?id=152801 <rdar://problem/24048554> Reviewed by Anders Carlsson. Tested by http/tests/security/blocked-on-redirect.html. Make sure that 307 redirects check the requested URL via 'portAllowed'. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): Confirm that the requested port is valid, and block load if it is not. * loader/FrameLoader.cpp: (WebCore::FrameLoader::reportBlockedPortFailed): Added. (WebCore::FrameLoader::blockedError): Added. * loader/FrameLoader.h: 2016-01-12 Matthew Hanson <matthew_hanson@apple.com> Merge r194589. rdar://problem/24101250 2016-01-05 Eric Carlson <eric.carlson@apple.com> Avoid NULL deference in Page::updateIsPlayingMedia https://bugs.webkit.org/show_bug.cgi?id=152732 No new tests, this fixes a rare crash that I am unable to reproduce. Reviewed by David Kilzer. * page/Page.cpp: (WebCore::Page::updateIsPlayingMedia): frame->document() can return NULL. 2016-01-12 Matthew Hanson <matthew_hanson@apple.com> Merge r194908. rdar://problem/24101253 2016-01-11 Matthew Hanson <matthew_hanson@apple.com> Merge r192186. rdar://problem/24101174 2015-11-09 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: $0 stops working after navigating to a different domain https://bugs.webkit.org/show_bug.cgi?id=147962 Reviewed by Brian Burg. Test: http/tests/inspector/console/cross-domain-inspected-node-access.html The inspector backend injects the CommandLineAPI Source with a corresponding CommandLineAPIHost into each execution context created by the page (main frame, sub frames, etc). When creating the JSValue wrapper for the CommandLineAPIHost using the generated toJS(...) DOM bindings, we were using the cached CommandLineAPIHost wrapper values in the single DOMWrapperWorld shared across all frames. This meant that the first time the wrapper was needed it was created in context A. But when needed for context B it was using the wrapper created in context A. Using this wrapper in context B was producing unexpected cross-origin warnings. The solution taken here, is to create a new JSValue wrapper for the CommandLineAPIHost per execution context. This way each time the CommandLineAPIHost wrapper is used in a frame, it is using the one created for that frame. The C++ host object being wrapped has a lifetime equivalent to the Page. It does not change in this patch. The wrapper values are cleared on page navigation or when the page is closed, and will be garbage collected. * WebCore.vcxproj/WebCore.vcxproj: * WebCore.vcxproj/WebCore.vcxproj.filters: * ForwardingHeaders/inspector/PerGlobalObjectWrapperWorld.h: Added. New forwarding header. * inspector/CommandLineAPIHost.h: * inspector/CommandLineAPIHost.cpp: (WebCore::CommandLineAPIHost::CommandLineAPIHost): (WebCore::CommandLineAPIHost::wrapper): Cached JSValue wrappers per GlobalObject. (WebCore::CommandLineAPIHost::clearAllWrappers): Clear any wrappers we have, including the $0 value itself which we weren't explicitly clearing previously. * inspector/CommandLineAPIModule.cpp: (WebCore::CommandLineAPIModule::host): Simplify creating the wrapper. * inspector/WebInjectedScriptManager.h: * inspector/WebInjectedScriptManager.cpp: (WebCore::WebInjectedScriptManager::discardInjectedScripts): When the main frame window object clears, also clear the CommandLineAPI wrappers we may have created. Also take this opportunity to clear any $0 value that may have pointed to a value in the previous page. 2016-01-08 Timothy Hatcher <timothy@apple.com> <rdar://problem/24094651> REGRESSION (193350): CrashTracer: [USER] com.apple.WebKit.WebContent at …: Inspector::CSSFrontendDispatcher::styleSheetRemoved + 768 Reviewed by Joseph Pecoraro. * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::setActiveStyleSheetsForDocument): Add null check before using m_frontendDispatcher. 2016-01-07 Matthew Hanson <matthew_hanson@apple.com> Fix the Mavericks build after r194287. rdar://problem/23769758 Unreviewed build fix. * platform/graphics/Font.cpp: Do not implement Font::noSynthesizableFeaturesFont() on Mavericks. * platform/graphics/Font.h: No not declare Font::noSynthesizableFeaturesFont() on Mavericks. * platform/graphics/FontCascade.h: Declare the old method signature for fontForCombiningCharacterSequence on Mavericks. * platform/graphics/cocoa/FontCascadeCocoa.mm: (WebCore::FontCascade::fontForCombiningCharacterSequence): Implement the old method (with old method signature) on Mavericks. * platform/graphics/cocoa/FontCocoa.mm: (WebCore::Font::platformCreateScaledFont): Use the old implementation (prior to the merge of r194287) on Mavericks. Use the new implementation (which uses noSynthesizableFeaturesFont) on > Mavericks. * platform/graphics/mac/ComplexTextController.cpp: (WebCore::ComplexTextController::collectComplexTextRuns): Use the old implementation (prior to the merge of r194287) on Mavericks. Use the new implementation (which uses noSynthesizableFeaturesFont) on > Mavericks. 2016-01-06 Matthew Hanson <matthew_hanson@apple.com> Merge r194405. rdar://problem/23982006 2015-12-23 Simon Fraser <simon.fraser@apple.com> REGRESSION (r187593): Scroll position jumps when selecting text in an iframe https://bugs.webkit.org/show_bug.cgi?id=152541 rdar://problem/23886181 Reviewed by Tim Horton. r154382 added code that modifies parentLayer traversal, looking for ancestor scrollable layers. However, it confusingly added another code path in which the ancestor layer traversal cross a frame boundary, when RenderLayer::scrollRectToVisible() already has one. I fixed this new location to adjust the rect coordinates in r187593, but then code that hit both crossing points double-mapped the coordinates, causing autoscroll jumping. Fix by reverting r154382 and r187593, going back to doing the ancestor walk in one place. Re-fix r154382 by implementing RenderLayer::allowsCurrentScroll(), which contains the logic for line clamp, autoscroll and ensuring that overflow:hidden can be programmatically scrolled. Form controls are special; they can have overflow:hidden but still be user-scrollable during autoscroll; this is handled via the confusingly-named canBeProgramaticallyScrolled(). RenderTextControlSingleLine implements this to ensure that readonly text inputs autoscroll (which is exercised by a test). The frame-to-parent-frame rect mapping in RenderLayer::scrollRectToVisible() is fixed to use the coordinate mapping functions from Widget/ScrollView, with the addition of a new utility function contentsToContainingViewContents(). A "Scrolling" logging channel is added with a few log points. Test: fast/events/autoscroll-in-iframe-body.html * page/scrolling/ScrollingCoordinator.cpp: (WebCore::ScrollingCoordinator::absoluteNonFastScrollableRegionForFrame): use contentsToContainingViewContents(). * platform/Logging.h: * platform/ScrollView.cpp: (WebCore::ScrollView::contentsToContainingViewContents): * platform/ScrollView.h: * platform/graphics/IntPoint.cpp: (WebCore::IntPoint::constrainedBetween): New helper to constrain a point between two other points. * platform/graphics/IntPoint.h: (WebCore::IntPoint::expandedTo): (WebCore::IntPoint::shrunkTo): * rendering/RenderBox.cpp: * rendering/RenderLayer.cpp: (WebCore::parentLayerCrossFrame): (WebCore::RenderLayer::enclosingScrollableLayer): (WebCore::frameElementAndViewPermitScroll): (WebCore::RenderLayer::allowsCurrentScroll): (WebCore::RenderLayer::scrollRectToVisible): * rendering/RenderLayer.h: * rendering/RenderTextControlSingleLine.h: 2016-01-06 Matthew Hanson <matthew_hanson@apple.com> Merge r194404. rdar://problem/23982006 2015-12-22 Simon Fraser <simon.fraser@apple.com> Minor cleanup in RenderBox::canBeProgramaticallyScrolled() https://bugs.webkit.org/show_bug.cgi?id=152515 Reviewed by Tim Horton. Remove the scrollsOverflow() check in RenderBox::canBeProgramaticallyScrolled(), since if hasScrollableOverflow is true, scrollsOverflow() must also be true. Factor clientWidth/Height vs. scrollWidth/Height checks into separate functions, and call them from two places. Added a test which is not affected by this particular change, but will verify that a later change doesn't break anything. Test: fast/overflow/overflow-hidden-scroll-into-view.html * rendering/RenderBox.cpp: (WebCore::RenderBox::canBeScrolledAndHasScrollableArea): (WebCore::RenderBox::canBeProgramaticallyScrolled): * rendering/RenderBox.h: (WebCore::RenderBox::hasHorizontalOverflow): (WebCore::RenderBox::hasVerticalOverflow): (WebCore::RenderBox::hasScrollableOverflowX): (WebCore::RenderBox::hasScrollableOverflowY): 2016-01-06 Matthew Hanson <matthew_hanson@apple.com> Merge r194114. rdar://problem/23982010 2015-12-15 Myles C. Maxfield <mmaxfield@apple.com> [Font Features] TrueType fonts trigger real features even when synthesis is applied https://bugs.webkit.org/show_bug.cgi?id=152287 Reviewed by Darin Adler. When using a font feature that is synthesizable, and synthesis is triggered, we should make sure to turn off the original font feature. Otherwise, the feature will be applied twice on top of itself. This worked for OpenType fonts, but not for TrueType fonts. Tests: css3/font-variant-petite-caps-synthesis.html css3/font-variant-small-caps-synthesis.html css3/font-variant-petite-caps-synthesis-coverage.html css3/font-variant-small-caps-synthesis-coverage.html * platform/graphics/cocoa/FontCocoa.mm: (WebCore::defaultSelectorForTrueTypeFeature): (WebCore::removedFeature): (WebCore::createCTFontWithoutSynthesizableFeatures): 2016-01-06 Matthew Hanson <matthew_hanson@apple.com> Merge r188802. rdar://problem/23982009 2015-08-21 Myles C. Maxfield <mmaxfield@apple.com> [OS X] Remove dead code from FontCache::systemFallbackForCharacters() https://bugs.webkit.org/show_bug.cgi?id=148218 Reviewed by Daniel Bates. lookupCTFont() in FontCacheMac.mm will always return the best font (because CTFontCreateForCharactersWithLanguage() does so). Also, all fonts that will be created on WebKit's behalf are already printer fonts. No new tests because there is no behavior change. * platform/graphics/mac/FontCacheMac.mm: (WebCore::FontCache::systemFallbackForCharacters): Deleted. 2016-01-05 Matthew Hanson <matthew_hanson@apple.com> Merge for rdar://problem/24043055. * dom/EventDispatcher.cpp: (WebCore::EventPath::EventPath): Set the isMouseOrFocusEvent boolean flag to True if the event is a wheelEvent. 2015-12-17 Matthew Hanson <matthew_hanson@apple.com> Merge r193932. rdar://problem/23886464 2015-12-10 Myles C. Maxfield <mmaxfield@apple.com> [Font Features] r193894 introduces leaks https://bugs.webkit.org/show_bug.cgi?id=152154 Reviewed by Joe Pecoraro. * platform/graphics/cocoa/FontCocoa.mm: (WebCore::smallCapsTrueTypeDictionary): (WebCore::createCTFontWithoutSynthesizableFeatures): 2015-12-17 Matthew Hanson <matthew_hanson@apple.com> Merge r193894. rdar://problem/23769758 2015-12-10 Myles C. Maxfield <mmaxfield@apple.com> font-variant-caps does not work if the font does not support font features https://bugs.webkit.org/show_bug.cgi?id=149774 Reviewed by Antti Koivisto. This test implements synthesis for small-caps and all-small-caps. It does so by moving font variant selection into a higher level (ComplexTextController). In general, the approach is to use the pure font feature until we encounter a character which needs to be uppercased, and which the font feature does not support uppercasing. In this situation, we try again with synthesis. In this case, synthesis means artificially uppercasing letters and rendering them with a smaller font. We require system support to know which glyphs a particular font feature supports. Therefore, on operating systems which do not include this support, we will simply say that the font feature does not support any glyphs. Test: css3/font-variant-small-caps-synthesis.html css3/font-variant-petite-caps-synthesis.html * platform/graphics/Font.cpp: (WebCore::Font::noSmallCapsFont): Return the same font, but without smcp or c2sc. This function utilizes a cache. * platform/graphics/Font.h: (WebCore::Font::variantFont): Small caps should never go through this function anymore. * platform/graphics/FontCascade.h: Because we're moving variant selection into a higher level, we remove the FontVariant argument from the lower-level call. * platform/graphics/FontCascadeFonts.cpp: (WebCore::FontCascadeFonts::glyphDataForVariant): Use early-return style. (WebCore::FontCascadeFonts::glyphDataForNormalVariant): Ditto. * platform/graphics/cocoa/FontCascadeCocoa.mm: (WebCore::FontCascade::fontForCombiningCharacterSequence): Because we're moving variant selection into a higher level, we remove the FontVariant argument from the lower-level call. * platform/graphics/cocoa/FontCocoa.mm: (WebCore::Font::smallCapsSupportsCharacter): (WebCore::Font::allSmallCapsSupportsCharacter): (WebCore::smallCapsOpenTypeDictionary): Helper function for smallCapsSupportsCharacter(). (WebCore::smallCapsTrueTypeDictionary): Ditto. (WebCore::unionBitVectors): (WebCore::Font::glyphsSupportedBySmallCaps): Compute a bit vector of supported glyphs. (WebCore::Font::glyphsSupportedByAllSmallCaps): Ditto. (WebCore::createDerivativeFont): Moving common code into its own helper function. (WebCore::Font::createFontWithoutSmallCaps): (WebCore::Font::platformCreateScaledFont): Use the common code. * platform/graphics/mac/ComplexTextController.cpp: (WebCore::capitalized): What is the capitalized form of a character? (WebCore::ComplexTextController::collectComplexTextRuns): Implement the core logic of this patch. This includes the retry when we encounter a character which is not supported by the font feature. * platform/spi/cocoa/CoreTextSPI.h: 2015-12-18 Matthew Hanson <matthew_hanson@apple.com> Merge r192582. rdar://problem/23910980 2015-11-18 Chris Dumez <cdumez@apple.com> Null dereference in Performance::Performance(WebCore::Frame*) https://bugs.webkit.org/show_bug.cgi?id=151390 Reviewed by Brady Eidson. Based on the stack trace, it appears the DocumentLoader can be null when constructing the Performance object. This patch thus adds a null check before trying to dereference it. No new tests, was not able to reproduce. * page/DOMWindow.cpp: (WebCore::DOMWindow::navigator): (WebCore::DOMWindow::performance): * page/Performance.cpp: (WebCore::Performance::Performance): (WebCore::Performance::scriptExecutionContext): * page/Performance.h: 2015-12-17 Babak Shafiei <bshafiei@apple.com> Merge r191343. 2015-10-20 Tim Horton <timothy_horton@apple.com> Try to fix the build by disabling MAC_GESTURE_EVENTS on 10.9 and 10.10 * Configurations/FeatureDefines.xcconfig: 2015-12-17 Babak Shafiei <bshafiei@apple.com> Merge r191305. 2015-10-19 Tim Horton <timothy_horton@apple.com> Try to fix the iOS build * Configurations/FeatureDefines.xcconfig: 2015-12-16 Babak Shafiei <bshafiei@apple.com> Merge r194125. 2015-12-15 Tim Horton <timothy_horton@apple.com> [Mac] Gesture Events should not have negative scale https://bugs.webkit.org/show_bug.cgi?id=151065 <rdar://problem/23474123> Reviewed by Anders Carlsson. * page/EventHandler.cpp: (WebCore::EventHandler::clear): * page/EventHandler.h: Make it possible to use m_gestureInitialDiameter for Mac gesture events too. 2015-12-16 Babak Shafiei <bshafiei@apple.com> Merge r191299. 2015-10-19 Tim Horton <timothy_horton@apple.com> Add magnify and rotate gesture event support for Mac https://bugs.webkit.org/show_bug.cgi?id=150179 <rdar://problem/8036240> Reviewed by Darin Adler. No new tests. * Configurations/FeatureDefines.xcconfig: New feature flag. * Configurations/WebCore.xcconfig: Don't exclude generated gesture sources; they are already #ifdef-guarded. * DerivedSources.make: Add GestureEvent.idl for ENABLE_MAC_GESTURE_EVENTS too. * WebCore.xcodeproj/project.pbxproj: Add GestureEvents.cpp. * bindings/objc/DOMEvents.mm: (kitClass): Support DOMGestureEvent on Mac if the new flag is enabled. * dom/mac/GestureEvents.cpp: Added. * page/mac/EventHandlerMac.mm: * page/EventHandler.cpp: (WebCore::EventHandler::clear): * page/EventHandler.h: Enable some gesture-related code on Mac if the new flag is enabled. * platform/PlatformEvent.h: 2015-12-16 Babak Shafiei <bshafiei@apple.com> Merge r191121. 2015-10-15 Tim Horton <timothy_horton@apple.com> Try to fix the iOS build. * page/EventHandler.h: 2015-12-16 Babak Shafiei <bshafiei@apple.com> Merge r191080. 2015-10-14 Tim Horton <timothy_horton@apple.com> Move some EventHandler initialization to the header https://bugs.webkit.org/show_bug.cgi?id=150139 Reviewed by Andreas Kling. No new tests, just cleanup. * page/EventHandler.cpp: (WebCore::EventHandler::EventHandler): Deleted. * page/EventHandler.h: Also found one member which was unused, and a few that were uninitialized. It's likely the uninitialized ones didn't actually cause any trouble because they are reset in lots of places, but this seems better. 2015-12-14 Harris Papadopoulos <cpapadopoulos@apple.com> Merge r192270. rdar://problem/23435543 2015-11-10 Geoffrey Garen <ggaren@apple.com> alert, confirm, prompt, showModalDialog should be forbidden during page close and navigation https://bugs.webkit.org/show_bug.cgi?id=150980 Reviewed by Chris Dumez. Tests: fast/events/beforeunload-alert.html fast/events/beforeunload-confirm.html fast/events/beforeunload-prompt.html fast/events/beforeunload-showModalDialog.html fast/events/pagehide-alert.html fast/events/pagehide-confirm.html fast/events/pagehide-prompt.html fast/events/pagehide-showModalDialog.html fast/events/unload-alert.html fast/events/unload-confirm.html fast/events/unload-prompt.html fast/events/unload-showModalDialog.html * loader/FrameLoader.cpp: (WebCore::FrameLoader::stopLoading): Factored out a helper function for unload event processing. (WebCore::FrameLoader::handleUnloadEvents): Forbid prompts in unload events just like we do in beforeunload events, and for the same reasons. (WebCore::FrameLoader::handleBeforeUnloadEvent): Updated for renames. * loader/FrameLoader.h: * page/DOMWindow.cpp: (WebCore::DOMWindow::print): (WebCore::DOMWindow::alert): (WebCore::DOMWindow::confirm): (WebCore::DOMWindow::prompt): (WebCore::DOMWindow::showModalDialog): Updated for renames. Refactored some of this code to handle null pages more cleanly. In particular, we sometimes used to treat null page as "everything is permitted" -- but it is best practice in a permissions context to treat lack of information as no permission granted rather than all permissions granted. (I don't know of a way to trigger this condition in practice.) * page/Page.cpp: (WebCore::Page::Page): (WebCore::Page::forbidPrompts): (WebCore::Page::allowPrompts): (WebCore::Page::arePromptsAllowed): Renamed to make these functions reflect their new, broader context. (WebCore::Page::incrementFrameHandlingBeforeUnloadEventCount): Deleted. (WebCore::Page::decrementFrameHandlingBeforeUnloadEventCount): Deleted. (WebCore::Page::isAnyFrameHandlingBeforeUnloadEvent): Deleted. * page/Page.h: 2015-12-08 Harris Papadopoulos <cpapadopoulos@apple.com> Merge r188386. rdar://problem/23816165 2015-08-12 Anders Carlsson <andersca@apple.com> Use WTF::Optional in WindowFeatures https://bugs.webkit.org/show_bug.cgi?id=147956 Reviewed by Sam Weinig. * loader/FrameLoader.cpp: (WebCore::createWindow): * page/WindowFeatures.cpp: (WebCore::WindowFeatures::WindowFeatures): (WebCore::WindowFeatures::setWindowFeature): (WebCore::WindowFeatures::boolFeature): (WebCore::WindowFeatures::floatFeature): (WebCore::WindowFeatures::parseDialogFeatures): * page/WindowFeatures.h: (WebCore::WindowFeatures::WindowFeatures): 2015-12-14 Matthew Hanson <matthew_hanson@apple.com> Merge r194001. rdar://problem/23581577 2015-12-11 Jiewen Tan <jiewen_tan@apple.com> Strip out Referer header when requesting subresources or following links for documents with "Content-Disposition: attachment" https://bugs.webkit.org/show_bug.cgi?id=152102 <rdar://problem/22124230> Reviewed by Andy Estes. Keep the ReferrerPolicy for a document as ReferrerPolicyNever if the document is loaded with "Content-Disposition: attachment". Test: http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html * dom/Document.cpp: (WebCore::Document::processReferrerPolicy): (WebCore::Document::applyContentDispositionAttachmentSandbox): 2015-12-14 Matthew Hanson <matthew_hanson@apple.com> Merge r189942. rdar://problem/23886455 2015-09-17 Tim Horton <timothy_horton@apple.com> Block Objective-C exceptions in DictionaryLookup https://bugs.webkit.org/show_bug.cgi?id=149256 Reviewed by Anders Carlsson. * editing/mac/DictionaryLookup.mm: (WebCore::DictionaryLookup::rangeForSelection): (WebCore::DictionaryLookup::rangeAtHitTestResult): (WebCore::expandSelectionByCharacters): (WebCore::DictionaryLookup::stringForPDFSelection): (WebCore::showPopupOrCreateAnimationController): (WebCore::DictionaryLookup::hidePopup): It is possible for Lookup to throw an exception if one of its related services dies for some reason. This shouldn't take down our UI process, so block the exceptions. 2015-12-14 Babak Shafiei <bshafiei@apple.com> Merge r193999. 2015-12-11 Jer Noble <jer.noble@apple.com> [EME] Do not pass in the initialization data to AVContentKeyRequest as the contentIdentifier. https://bugs.webkit.org/show_bug.cgi?id=152204 rdar://problem/23867877 Reviewed by Eric Carlson. The AVContentKeyRequest API has been updated to no longer require a contentId parameter if the ID can be derived from the initialization data. * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm: (WebCore::CDMSessionAVContentKeySession::update): 2015-12-11 Matthew Hanson <matthew_hanson@apple.com> Merge r193921. rdar://problem/23732405 2015-12-10 Matthew Hanson <matthew_hanson@apple.com> Merge r190911. rdar://problem/23432368 2015-10-12 Simon Fraser <simon.fraser@apple.com> Fix iOS and Efl builds. * platform/graphics/NamedImageGeneratedImage.cpp: (WebCore::NamedImageGeneratedImage::drawPattern): 2015-12-11 Matthew Hanson <matthew_hanson@apple.com> Merge r193888. rdar://problem/23732405 2015-12-09 Simon Fraser <simon.fraser@apple.com> Merge r191590. rdar://problem/23432368 2015-10-26 Simon Fraser <simon.fraser@apple.com> Implement 'round' and 'space' values for border-image https://bugs.webkit.org/show_bug.cgi?id=14185 Reviewed by Tim Horton. Add support for "round" and "space" values for border-image-repeat. Following "stretch" and "repeat", the code is added to Image::drawTiled(). For "round", we compute an integral number of copies of the image that fit, and then adjust the tile scale. For "space", we also compute an integral number N of copies that will fit, and then divide the remaining space amongst N+1 gaps, adjusting the tiling phase so that with an even number of images, a gap is centered. Tests: fast/borders/border-image-round.html fast/borders/border-image-space.html * platform/graphics/Image.cpp: (WebCore::Image::drawTiled): * platform/graphics/cg/GraphicsContextCG.cpp: (WebCore::GraphicsContext::drawPattern): 2015-12-11 Matthew Hanson <matthew_hanson@apple.com> Merge r190914. rdar://problem/23732405 2015-12-09 Simon Fraser <simon.fraser@apple.com> Merge r190914. rdar://problem/23432368 2015-10-12 Simon Fraser <simon.fraser@apple.com> Speculative Cairo build fixes after r190910. * platform/graphics/cairo/ImageBufferCairo.cpp: (WebCore::ImageBuffer::drawPattern): * platform/graphics/cairo/ImageCairo.cpp: (WebCore::Image::drawPattern): 2015-12-11 Matthew Hanson <matthew_hanson@apple.com> Merge r190910. rdar://problem/23732405 2015-12-09 Simon Fraser <simon.fraser@apple.com> Merge r190910. rdar://problem/23432368 2015-10-12 Simon Fraser <simon.fraser@apple.com> Remove Image::spaceSize() and ImageBuffer::spaceSize() https://bugs.webkit.org/show_bug.cgi?id=150064 Reviewed by Tim Horton. Image spacing when tiled should not be a property of the image; but a description of how it's drawn, like tile size. So remove spacing from Image and ImageBuffer, and pass it in as an argument. * platform/graphics/BitmapImage.cpp: (WebCore::BitmapImage::drawPattern): * platform/graphics/BitmapImage.h: * platform/graphics/CrossfadeGeneratedImage.cpp: (WebCore::CrossfadeGeneratedImage::drawPattern): * platform/graphics/CrossfadeGeneratedImage.h: * platform/graphics/GeneratedImage.h: * platform/graphics/GradientImage.cpp: (WebCore::GradientImage::drawPattern): * platform/graphics/GradientImage.h: * platform/graphics/GraphicsContext.cpp: (WebCore::GraphicsContext::drawTiledImage): * platform/graphics/GraphicsContext.h: * platform/graphics/Image.cpp: (WebCore::Image::drawTiled): * platform/graphics/Image.h: (WebCore::Image::spaceSize): Deleted. (WebCore::Image::setSpaceSize): Deleted. * platform/graphics/ImageBuffer.h: (WebCore::ImageBuffer::spaceSize): Deleted. (WebCore::ImageBuffer::setSpaceSize): Deleted. * platform/graphics/NamedImageGeneratedImage.cpp: (WebCore::NamedImageGeneratedImage::drawPattern): * platform/graphics/NamedImageGeneratedImage.h: * platform/graphics/cg/ImageBufferCG.cpp: (WebCore::ImageBuffer::copyImage): (WebCore::ImageBuffer::drawPattern): * platform/graphics/cg/ImageCG.cpp: (WebCore::Image::drawPattern): * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::paintFillLayerExtended): * svg/graphics/SVGImage.cpp: (WebCore::SVGImage::drawPatternForContainer): * svg/graphics/SVGImage.h: * svg/graphics/SVGImageForContainer.cpp: (WebCore::SVGImageForContainer::drawPattern): * svg/graphics/SVGImageForContainer.h: 2015-12-11 Matthew Hanson <matthew_hanson@apple.com> Speculative build fix. Reviewed by Dana Burkart and Babak Shafiei. * dom/Document.h: Resolve a conflict that was missed during the merge of r193966 2015-12-11 Matthew Hanson <matthew_hanson@apple.com> Merge r193922. rdar://problem/23727472 2015-12-10 Enrica Casucci <enrica@apple.com> Change skin tone support for two emoji. https://bugs.webkit.org/show_bug.cgi?id=152147 rdar://problem/23716993 rdar://problem/23716344 Reviewed by Darin Adler. Horse race emoji (1F3C7) should no longer have skin tone variation. Sleuth/Spy emoji (!F575) should instead have skin tone variation. * platform/text/TextBreakIterator.cpp: (WebCore::cursorMovementIterator): 2015-12-11 Matthew Hanson <matthew_hanson@apple.com> Merge r193859. rdar://problem/23814477 2015-12-09 David Hyatt <hyatt@apple.com> Picture element needs to respond to dynamic viewport changes. https://bugs.webkit.org/show_bug.cgi?id=152013 <rdar://problem/23766375> Reviewed by Dean Jackson. Added new tests in fast/picture. * css/MediaQueryEvaluator.cpp: (WebCore::MediaQueryEvaluator::evalCheckingViewportDependentResults): Add new evaluation method that adds viewport dependent results to a vector. A follow-up patch will refactor the style resolver code to use this function instead of the special style resolver one, in order to get rid of the code duplication. Tracked by https://bugs.webkit.org/show_bug.cgi?id=152089. * css/MediaQueryEvaluator.h: (WebCore::MediaQueryResult::MediaQueryResult): * css/StyleResolver.h: (WebCore::MediaQueryResult::MediaQueryResult): Deleted. Move MediaQueryResult into a header since it is used in multiple places now and not just by the style resolver. * dom/Document.cpp: (WebCore::Document::evaluateMediaQueryList): (WebCore::Document::checkViewportDependentPictures): (WebCore::Document::optimizedStyleSheetUpdateTimerFired): (WebCore::Document::applyContentDispositionAttachmentSandbox): (WebCore::Document::addViewportDependentPicture): (WebCore::Document::removeViewportDependentPicture): * dom/Document.h: The document now maintains a HashSet of viewport-dependent pictures, and it checks them whenever the viewport changes. If their media queries stay the same, then nothing happens. If they change, then the <picture> will go back and re-check all its <source> elements to see what the new best candidate is. * html/HTMLImageElement.cpp: (WebCore::HTMLImageElement::bestFitSourceFromPictureElement): Revised to check for viewport dependencies and to cache viewport-dependent results on the <picture> elements. When a <picture> is found to be viewport-dependent (or not) it is also added to or removed from the document's set of tracked pictures. * html/HTMLPictureElement.cpp: (WebCore::HTMLPictureElement::HTMLPictureElement): (WebCore::HTMLPictureElement::~HTMLPictureElement): (WebCore::HTMLPictureElement::didMoveToNewDocument): (WebCore::HTMLPictureElement::create): (WebCore::HTMLPictureElement::sourcesChanged): (WebCore::HTMLPictureElement::viewportChangeAffectedPicture): * html/HTMLPictureElement.h: New caching of results and updating of the document HashSet when the picture gets destroyed or moves to a different document. * html/HTMLSourceElement.cpp: (WebCore::HTMLSourceElement::parseAttribute): * html/HTMLSourceElement.h: Cache the media attribute in a parsed form. A follow-up patch will improve the <video>/<audio> code to make use of this parsed result. Tracked by https://bugs.webkit.org/show_bug.cgi?id=152090. 2015-12-11 Matthew Hanson <matthew_hanson@apple.com> Merge r192772. rdar://problem/23797220 2015-11-18 Andy Estes <aestes@apple.com> [Content Filtering] Crash in DocumentLoader::notifyFinished() when allowing a media document to load https://bugs.webkit.org/show_bug.cgi?id=151433 rdar://problem/23506594 Reviewed by Alexey Proskuryakov. When the main resource of a media document commits, WebKit cancels its load since the plug-in or media engine will do its own loading. If content filtering is enabled, and the filter waits allow the load until the entire resource is downloaded, then ContentFilter will attempt to call DocumentLoader::notifyFinished() immediately after delivering the buffered resource data to DocumentLoader. However, delivering the data will have nulled out DocumentLoader's m_mainResource when the load was cancelled, leading to a crash in notifyFinished(). To resolve this, add a new Stopped state to ContentFilter. Set this state if DocumentLoader clears its main resource or detaches from its frame. If ContentFilter is in the Stopped state after calling DocumentLoader::dataReceived(), do not proceed to call DocumentLoader::notifyFinished(). Test: contentfiltering/allow-media-document.html * loader/ContentFilter.cpp: (WebCore::ContentFilter::stopFilteringMainResource): Set m_state to Stopped. If m_mainResource is non-null, removed ContentFilter as a client and set m_mainResource to null. (WebCore::ContentFilter::notifyFinished): Stopped calling DocumentLoader::notifyFinished() if m_state is Stopped after calling DocumentLoader::dataReceived(). * loader/ContentFilter.h: * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::detachFromFrame): Called ContentFilter::stopFilteringMainResource() instead of setting m_contentFilter to null. (WebCore::DocumentLoader::clearMainResource): Ditto. 2015-12-11 Matthew Hanson <matthew_hanson@apple.com> Merge r192066. rdar://problem/23715623 2015-11-05 Zhuo Li <zachli@apple.com> Rename the variable to avoid conflict between the variable and the parameter. https://bugs.webkit.org/show_bug.cgi?id=150019. Reviewed by Dan Bernstein. * platform/cocoa/SearchPopupMenuCocoa.mm: (WebCore::typeCheckedRecentSearchesRemovingRecentSearchesAddedAfterDate): Rename `date` to `dateAdded` so that it does not have the same name as the parameter passed in. 2015-12-11 Matthew Hanson <matthew_hanson@apple.com> Merge r191628. rdar://problem/23715623 2015-10-27 Zhuo Li <zachli@apple.com> Add WebKit API to clear data type Search Field Recent Searches. https://bugs.webkit.org/show_bug.cgi?id=150019. Reviewed by Anders Carlsson. * platform/cocoa/SearchPopupMenuCocoa.h: Add a function to remove recent searches based on time. * platform/cocoa/SearchPopupMenuCocoa.mm: (WebCore::typeCheckedRecentSearchesArray): Return nil if the recent searches array is corrupted, otherwise return the array. (WebCore::typeCheckedDateInRecentSearch): Return nil if the date in recent search is corrupted, otherwise return the date. (WebCore::typeCheckedRecentSearchesRemovingRecentSearchesAddedAfterDate): Return nil if the recent searches plist is corrupted, otherwise return the recent searches plist. (WebCore::writeEmptyRecentSearchesPlist): Replace the existing recent searches plist if there is any with a clean one. (WebCore::loadRecentSearches): Use -typeCheckedRecentSearchesArray and -typeCheckedDateInRecentSearch. (WebCore::removeRecentlyModifiedRecentSearches): When the time passed in is equivalent to [NSDate distantPast], clear all recent searches in the Recent Searches plist. Otherwise, we only clear the recent searches that were created after or at the time that is passed in as the parameter. If all recent searches associated with an autosave name were created after or at the time that is passed in as the parameter, remove this autosave name key and all of its values in the plist. If all recent searches associated with every autosave name in the plist were created after or at the time that is passed in as the parameter, clear all recent searches in the Recent Searches plist. Also, we clear all recent searches in the Recent Searches plist when we find the plist is corrupted. 2015-12-11 Matthew Hanson <matthew_hanson@apple.com> Merge r191084. rdar://problem/23715623 2015-10-14 Zhuo Li <zachli@apple.com> Augment <input type=search>’s recent search history with the time each entry was added, in order to allow time-based clearing of search history. https://bugs.webkit.org/show_bug.cgi?id=148388. Reviewed by Darin Adler. Replace Vector<String> with Vector<RecentSearch>, where RecentSearch is a struct that consists search string and time, for recent searches in order to store additional time information. * WebCore.xcodeproj/project.pbxproj: Added SearchPopupMenuCocoa.h and SearchPopupMenuCocoa.mm and sort the project file. * loader/EmptyClients.cpp: (WebCore::EmptySearchPopupMenu::saveRecentSearches): (WebCore::EmptySearchPopupMenu::loadRecentSearches): * platform/SearchPopupMenu.h: * platform/cocoa/SearchPopupMenuCocoa.h: Added methods for SeachPopupMenuMac in WebKit and WebPageProxyCocoa in WebKit2 to call. * platform/cocoa/SearchPopupMenuCocoa.mm: Added. (WebCore::searchFieldRecentSearchesStorageDirectory): Recent searches with the new structure are stored in a new location. (WebCore::searchFieldRecentSearchesPlistPath): Get the path for the plist of the recent searches entries. (WebCore::RetainPtr<NSMutableDictionary> readSearchFieldRecentSearchesPlist): Return the recent searches plist as NSMutableDictionary. (WebCore::fromNSDatetoSystemClockTime): Convert from NSDate to system_clock::time_point. (WebCore::fromSystemClockTimetoNSDate): Convert from system_clock::time_point to NSDate. (WebCore::SearchPopupMenuCocoa::saveRecentSearches): Add a dictionary where it has two pairs that the first one is the search string and the second one is the time. (WebCore::SearchPopupMenuCocoa::loadRecentSearches): We expect the recent search item in the plist to be a two-pair dictionary, and convert the dictionary to the struct RecentSearch. * platform/win/SearchPopupMenuWin.cpp: (WebCore::SearchPopupMenuWin::saveRecentSearches): Only save the RecentSearch's search string on Windows platform, which is what we used to do. (WebCore::SearchPopupMenuWin::loadRecentSearches): Since we need to construct a RecentSearch, we get the string from the app's preferences, and set the time to be std::chrono::system_clock::time_point::min(). * platform/win/SearchPopupMenuWin.h: * rendering/RenderSearchField.cpp: Now that m_recentSearches are Vector<RecentSearch>, we cannot use -removeAll with a search string. Use -removeAllMatching instead to remove the item that has its member search string equal to the search string user inputs. (WebCore::RenderSearchField::addSearchResult): (WebCore::RenderSearchField::itemText): 2015-12-09 Babak Shafiei <bshafiei@apple.com> Merge r190505. 2015-10-02 Antoine Quint <graouts@apple.com> popstate is fired at the wrong time on load https://bugs.webkit.org/show_bug.cgi?id=94265 Reviewed by Darin Adler. Don't fire popstate event on initial document load According to the specification [1], a popstate event should only be fired when the document has a "last entry" and the entry being navigated to isn't it. A document is created without a "last entry" and gets one just after this check when it is first navigated to, so a popstate should be fired any time a document is navigated to except for the first time after it has been created. Patch adapted from work by jl@opera.com on Blink [2]. [1] http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#traverse-the-history (step 12-14 in particular) [2] https://src.chromium.org/viewvc/blink?revision=165221&view=revision * dom/Document.cpp: (WebCore::Document::implicitClose): 2015-12-08 Babak Shafiei <bshafiei@apple.com> Merge r191748. 2015-10-29 Csaba Osztrogonác <ossy@webkit.org> One more URTBF after r191731. * rendering/svg/RenderSVGResourcePattern.cpp: 2015-12-08 Babak Shafiei <bshafiei@apple.com> Merge r191746. 2015-10-29 Csaba Osztrogonác <ossy@webkit.org> URTBF after r191731. * rendering/svg/RenderSVGResourcePattern.cpp: 2015-12-08 Babak Shafiei <bshafiei@apple.com> Merge r191731. 2015-10-29 Said Abou-Hallawa <sabouhallawa@apple.com> Exploitable crash happens when an SVG contains an indirect resource inheritance cycle https://bugs.webkit.org/show_bug.cgi?id=150203 Reviewed by Brent Fulgham. Detecting cycles in SVG resource references happens in two places. 1. In SVGResourcesCycleSolver::resolveCycles() which it is called from SVGResourcesCache::addResourcesFromRenderer(). When a cycle is deleted, SVGResourcesCycleSolver::breakCycle() is called to break the link. In the case of a cyclic resource inheritance, SVGResources::resetLinkedResource() is called to break this cycle. 2. SVGPatternElement::collectPatternAttributes() which is called from RenderSVGResourcePattern::buildPattern(). The purpose is to resolve the pattern attributes and to build a tile image which can be used to fill the SVG element renderer. Detecting the cyclic resource reference in this function is not sufficient and can detect simple cycles like <pattern id="a" xlink:href="#b"/> <pattern id="b" xlink:href="#a"/>. But it does not detect cycles like: <pattern id="a"> <rect fill="url(#b)"/> </pattern> <pattern id="b" xlink:href="#a"/>. The fix is to get rid of SVGPatternElement::collectPatternAttributes() which uses SVGURIReference::targetElementFromIRIString() to navigates through the referenced resource elements and tries to detect cycles. Instead we can implement RenderSVGResourcePattern::collectPatternAttributes() which calls SVGResourcesCache::cachedResourcesForRenderer() to get the SVGResources of the pattern. Then we use SVGResources::linkedResource() to navigate the resource inheritance tree. The cached SVGResources is guaranteed to be free of cycles. Tests: svg/custom/pattern-content-inheritance-cycle.svg * rendering/svg/RenderSVGResourcePattern.cpp: (WebCore::RenderSVGResourcePattern::collectPatternAttributes): Collect the pattern attributes through the cachedResourcesForRenderer(). (WebCore::RenderSVGResourcePattern::buildPattern): Direct the call to the renderer function. * rendering/svg/RenderSVGResourcePattern.h: * rendering/svg/RenderSVGRoot.cpp: (WebCore::RenderSVGRoot::layout): RenderSVGRoot needs to call SVGResourcesCache::clientStyleChanged() for all the invalidated resources. If an attribute of an SVG resource was updated dynamically, the cached SVGResources associated with the renderer of this resource was stale. * rendering/svg/SVGRenderTreeAsText.cpp: (WebCore::writeSVGResourceContainer): Direct the call to the renderer function. * svg/SVGPatternElement.cpp: (WebCore::SVGPatternElement::collectPatternAttributes): (WebCore::setPatternAttributes): Deleted. collectPatternAttributes() is a replacement of setPatternAttributes(). 2015-12-08 Babak Shafiei <bshafiei@apple.com> Merge r192604. 2015-11-18 Jiewen Tan <jiewen_tan@apple.com> [WK1] Crash loading Blink layout test fast/dom/Window/property-access-on-cached-window-after-frame-removed.html https://bugs.webkit.org/show_bug.cgi?id=150198 <rdar://problem/23136026> Reviewed by Brent Fulgham. Test: fast/dom/Window/property-access-on-cached-window-after-frame-removed.html Properties of a contentWindow could be accessed even if the frame who owns the window is detached. Therefore, check whether the document loader is still alive before using it. * page/PerformanceTiming.cpp: (WebCore::PerformanceTiming::monotonicTimeToIntegerMilliseconds): 2015-12-08 Babak Shafiei <bshafiei@apple.com> Merge r192433. 2015-11-13 Jiewen Tan <jiewen_tan@apple.com> Element::focus() should acquire the ownership of Frame. https://bugs.webkit.org/show_bug.cgi?id=150204 <rdar://problem/23136794> Reviewed by Brent Fulgham. The FrameSelection::setSelection method sometimes releases the last reference to a frame. When this happens, the Element::updateFocusAppearance would attempt to use dereferenced memory. Instead, we should ensure that the Frame lifetime is guaranteed to extend through the duration of the method call. Test: editing/selection/focus-iframe-removal-crash.html * dom/Element.cpp: (WebCore::Element::updateFocusAppearance): 2015-12-08 Babak Shafiei <bshafiei@apple.com> Merge r192389. 2015-11-12 Zalan Bujtas <zalan@apple.com> Ignore visited background color when deciding if the input renderer needs to be painted natively. https://bugs.webkit.org/show_bug.cgi?id=151211 rdar://problem/21449823 Reviewed by Antti Koivisto. Test: fast/css/pseudo-visited-background-color-on-input.html * rendering/RenderTheme.cpp: (WebCore::RenderTheme::isControlStyled): * rendering/style/RenderStyle.h: 2015-12-08 Babak Shafiei <bshafiei@apple.com> Merge r192369. 2015-11-11 Jon Honeycutt <jhoneycutt@apple.com> popstate event should be dispatched asynchronously https://bugs.webkit.org/show_bug.cgi?id=36202 <rdar://problem/7761279> Based on an original patch by Mihai Parparita <mihaip@chromium.org>. Reviewed by Brent Fulgham. Tests: fast/loader/remove-iframe-during-history-navigation-different.html fast/loader/remove-iframe-during-history-navigation-same.html fast/loader/stateobjects/popstate-is-asynchronous.html * dom/Document.cpp: (WebCore::Document::enqueuePopstateEvent): Use enqueueWindowEvent(). 2015-12-08 Babak Shafiei <bshafiei@apple.com> Merge r192316. 2015-11-10 Jon Honeycutt <jhoneycutt@apple.com> Crash loading Blink layout test fast/parser/strip-script-attrs-on-input.html https://bugs.webkit.org/show_bug.cgi?id=150201 <rdar://problem/23136478> Reviewed by Brent Fulgham. Test: fast/parser/strip-script-attrs-on-input.html * html/parser/HTMLTreeBuilder.cpp: (WebCore::HTMLTreeBuilder::processStartTagForInBody): Get the attribute after calling HTMLConstructionSite::insertSelfClosingHTMLElement(), as this may mutate the token's attributes. 2015-12-08 Babak Shafiei <bshafiei@apple.com> Merge r192281. 2015-11-10 Brent Fulgham <bfulgham@apple.com> Crash running webaudio/panner-loop.html https://bugs.webkit.org/show_bug.cgi?id=150200 <rdar://problem/23136282> Reviewed by Jer Noble. Test: webaudio/panner-loop.html This is based on the changes in Blink r164822: https://codereview.chromium.org/130003002 Avoid infinitely recursing on audio nodes by keeping track of which nodes we've already visited. * Modules/webaudio/PannerNode.cpp: (WebCore::PannerNode::pullInputs): Pass set of visited nodes so we don't revisit nodes we've already serviced. (WebCore::PannerNode::notifyAudioSourcesConnectedToNode): Accept visitedNodes argument so we can avoid revisiting nodes. Check if the current node has already been visited before processing it. * Modules/webaudio/PannerNode.h: 2015-12-02 Myles C. Maxfield <mmaxfield@apple.com> Unify font-variant-* with font-variant shorthand https://bugs.webkit.org/show_bug.cgi?id=149773 Reviewed by Darin Adler. This patch makes font-variant a shorthand for the following properties: font-variant-ligatures font-variant-position font-variant-caps font-variant-numeric font-variant-alternates font-variant-east-asian This is consistent with the CSS Fonts Level 3 spec. This patch also migrates the "font" longhand to use the font-variant-caps property. Test: fast/text/font-variant-shorthand.html * css/CSSComputedStyleDeclaration.cpp: (WebCore::fontVariantEastAsianPropertyValue): Rename FontVariantEastAsian values. (WebCore::fontVariantFromStyle): We must consult with the longhand properties to determine font-variant computed style. (WebCore::ComputedStyleExtractor::propertyValue): Don't put any-old font-variant-caps inside the font shorthand. * css/CSSFontSelector.cpp: (WebCore::CSSFontSelector::addFontFaceRule): Guard against incorrect downcasts (due to inherit of the new shorthand property). * css/CSSParser.cpp: Parse font-variant as a shorthand. Also implement its "normal" and "none" values. (WebCore::CSSParser::parseValue): (WebCore::CSSParser::parseFont): (WebCore::CSSParser::parseSystemFont): (WebCore::CSSParser::parseFontVariantLigatures): (WebCore::CSSParser::parseFontVariantNumeric): (WebCore::CSSParser::parseFontVariantEastAsian): (WebCore::CSSParser::parseFontVariant): (WebCore::isValidKeywordPropertyAndValue): Deleted. (WebCore::isKeywordPropertyID): Deleted. * css/CSSParser.h: * css/CSSPropertyNames.in: Turn font-variant into a shorthand property. * css/FontVariantBuilder.h: Guard against incorrect downcasts. Also update for renamed FontVariantEastAsian type. (WebCore::applyValueFontVariantLigatures): (WebCore::applyValueFontVariantNumeric): (WebCore::applyValueFontVariantEastAsian): * css/StyleProperties.cpp: Update to use the more specific property. (WebCore::StyleProperties::appendFontLonghandValueIfExplicit): (WebCore::StyleProperties::fontValue): (WebCore::StyleProperties::asText): * css/StyleResolver.cpp: Ditto. (WebCore::StyleResolver::isValidCueStyleProperty): * editing/EditingStyle.cpp: Ditto. * editing/cocoa/HTMLConverter.mm: Ditto. (HTMLConverterCaches::propertyValueForNode): (HTMLConverter::computedAttributesForElement): * editing/ios/EditorIOS.mm: Ditto. (WebCore::Editor::removeUnchangeableStyles): * html/canvas/CanvasRenderingContext2D.cpp: Ditto. (WebCore::CanvasRenderingContext2D::font): (WebCore::CanvasRenderingContext2D::setFont): * platform/graphics/FontCache.h: Removing duplicate cache key value. (WebCore::FontDescriptionKey::makeFlagsKey): * platform/graphics/FontCascade.cpp: Migrate to the new font-variant-caps from the old member variable. (WebCore::FontCascade::glyphDataForCharacter): * platform/graphics/FontCascade.h: Ditto. (WebCore::FontCascade::isSmallCaps): * platform/graphics/FontDescription.cpp: Ditto. (WebCore::FontDescription::FontDescription): * platform/graphics/FontDescription.h: Ditto. (WebCore::FontCascadeDescription::equalForTextAutoSizing): (WebCore::FontDescription::smallCaps): Deleted. (WebCore::FontDescription::setSmallCaps): Deleted. (WebCore::FontDescription::setIsSmallCaps): Deleted. (WebCore::FontDescription::operator==): Deleted. * platform/graphics/cocoa/FontCacheCoreText.cpp: Rename FontVariantEastAsianWidth. (WebCore::computeFeatureSettingsFromVariants): * platform/text/TextFlags.h: Ditto. (WebCore::FontVariantSettings::operator==): * rendering/RenderText.cpp: Migrage to the new font-variant-caps from the old member variable. (WebCore::RenderText::widthFromCache): 2015-11-22 Myles C. Maxfield <mmaxfield@apple.com> Font selection should not consult font-variant property https://bugs.webkit.org/show_bug.cgi?id=151537 Reviewed by Simon Fraser. In section 4.7 of the CSS Fonts Level 3 spec, it says "[The font-variant and font-feature-settings] do not affect font selection." All the other browsers (Chrome, Firefox, and Edge) all obey the spec here. We are the only one who misbehaves. This patch aligns our behavior with the other browsers. Test: fast/text/font-selection-font-variant.html * css/CSSFontSelector.cpp: (WebCore::computeTraitsMask): Deleted. (WebCore::compareFontFaces): Deleted. (WebCore::CSSFontSelector::getFontFace): Deleted. * css/CSSParser.cpp: (WebCore::isValidKeywordPropertyAndValue): (WebCore::isKeywordPropertyID): (WebCore::CSSParser::createFontFaceRule): (WebCore::CSSParser::CSSParser): Deleted. (WebCore::CSSParser::parseValue): Deleted. (WebCore::CSSParser::parseDeclaration): Deleted. (WebCore::CSSParser::clearProperties): Deleted. (WebCore::CSSParser::parseFontVariant): Deleted. (WebCore::CSSParser::createStyleRule): Deleted. (WebCore::CSSParser::deleteFontFaceOnlyValues): Deleted. * css/CSSParser.h: * platform/graphics/FontDescription.cpp: (WebCore::FontDescription::traitsMask): Deleted. * platform/graphics/win/FontCacheWin.cpp: (WebCore::traitsInFamilyEnumProc): * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::toTraitsMask): * platform/text/TextFlags.h: 2015-12-07 Matthew Hanson <matthew_hanson@apple.com> Follow-up merge of r191014. rdar://problem/23769801 Complete the merge of r191014. The missing change was iOS only, but if that ever changes we don't want to expose a known compile error. * platform/graphics/FontCascade.cpp: (WebCore::FontCascade::FontCascade): 2015-10-18 Myles C. Maxfield <mmaxfield@apple.com> Stop honoring the user default "WebKitKerningAndLigaturesEnabledByDefault" https://bugs.webkit.org/show_bug.cgi?id=150287 Reviewed by Simon Fraser. This user default is currently on by default. Therefore, by setting the user default, users can only disable kerning / ligatures (rather than enable it). There are a few reasons why we should stop honoring it: 1. In the brave new world of font-feature-settings and font-variant-ligatures, there are many different kinds of ligatures which may be enabled at will. The simplistic statement of "turn on ligatures" no longer has any meaning. 2. If a user wants to disable kerning / ligatures, he/she can do it with a user stylesheet. 3. The default isn't able to be tested with DumpRenderTree or WebKitTestRunner. 4. I have never heard of anyone actually using this user default. * platform/graphics/FontCascade.cpp: (WebCore::FontCascade::setDefaultKerning): Deleted. (WebCore::FontCascade::setDefaultLigatures): Deleted. * platform/graphics/FontCascade.h: (WebCore::FontCascade::advancedTextRenderingMode): 2015-10-17 Myles C. Maxfield <mmaxfield@apple.com> Delete FontPlatformData::allowsLigatures() https://bugs.webkit.org/show_bug.cgi?id=150286 Reviewed by Dan Bernstein. This function is only used to force ligatures on for complex fonts (where "complex" means "does not support the letter 'a'"). However, ligatures are turned on for all fonts by default, which means that this function is unnecessary. Required ligatures, such as those which make these complex scripts legible, are always enabled, no matter what. Test: fast/text/required-ligatures.html * platform/graphics/FontPlatformData.h: * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::allowsLigatures): Deleted. * platform/graphics/mac/SimpleFontDataCoreText.cpp: (WebCore::Font::getCFStringAttributes): 2015-10-12 Myles C. Maxfield <mmaxfield@apple.com> Test font-variant-* and font-feature-settings on Yosemite and Mavericks https://bugs.webkit.org/show_bug.cgi?id=149778 Reviewed by Simon Fraser. We can simply call the function which enables features on Yosemite and Mavericks. * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::platformFontLookupWithFamily): (WebCore::fontWithFamily): 2015-11-12 Csaba Osztrogonác <ossy@webkit.org> Fix build failure due to missing forward declaration of FontVariantSettings after r191968 https://bugs.webkit.org/show_bug.cgi?id=151185 Reviewed by Myles C. Maxfield. * css/CSSFontFaceSource.h: 2015-11-03 Myles C. Maxfield <mmaxfield@apple.com> font-variant-* properties in @font-face declarations should be honored https://bugs.webkit.org/show_bug.cgi?id=149771 Reviewed by Simon Fraser. According to the CSS Fonts Level 3 spec, web authors are allowed to put font-feature-settings / font-variant-* inside @font-face blocks. These properties are supposed to be applied at a specific time during the font selection algorithm. This patch gives a FontFeatureSettings object and a FontVariantSettings object to CSSFontFace, and moves common parsing logic from StyleBuilderCustom to a shared location. Then, once the two properties are parsed from the @font-face block, the relevant data structures are passed down into the font selection algorithm. This algorithm then consults with these values at the correct time (inside preparePlatformFont()). Tests: css3/font-feature-settings-font-face-rendering.html css3/font-variant-font-face-all.html css3/font-variant-font-face-override.html * WebCore.xcodeproj/project.pbxproj: Add a header for the common location of parsing font-variant-ligatures, font-variant-numeric, and font-variant-east-asian. * css/CSSFontFace.cpp: (WebCore::CSSFontFace::font): Pass the relevant data structures into the font selection algorithm. * css/CSSFontFace.h: Add FontFeatureSettings and FontVariantSettings member variables. (WebCore::CSSFontFace::insertFeature): (WebCore::CSSFontFace::setVariantCommonLigatures): (WebCore::CSSFontFace::setVariantDiscretionaryLigatures): (WebCore::CSSFontFace::setVariantHistoricalLigatures): (WebCore::CSSFontFace::setVariantContextualAlternates): (WebCore::CSSFontFace::setVariantPosition): (WebCore::CSSFontFace::setVariantCaps): (WebCore::CSSFontFace::setVariantNumericFigure): (WebCore::CSSFontFace::setVariantNumericSpacing): (WebCore::CSSFontFace::setVariantNumericFraction): (WebCore::CSSFontFace::setVariantNumericOrdinal): (WebCore::CSSFontFace::setVariantNumericSlashedZero): (WebCore::CSSFontFace::setVariantAlternates): (WebCore::CSSFontFace::setVariantEastAsianVariant): (WebCore::CSSFontFace::setVariantEastAsianWidth): (WebCore::CSSFontFace::setVariantEastAsianRuby): * css/CSSFontFaceSource.cpp: (WebCore::CSSFontFaceSource::font): Pass the relevant data structures into the font selection algorithm. * css/CSSFontFaceSource.h: Ditto. * css/CSSFontSelector.cpp: (WebCore::CSSFontSelector::addFontFaceRule): Call the shared parsing logic to populate the FontFeatureSettings and FontVariantSettings members. * css/FontVariantBuilder.h: Added. Destination for shared parsing logic. (WebCore::applyValueFontVariantLigatures): (WebCore::applyValueFontVariantNumeric): (WebCore::applyValueFontVariantEastAsian): * css/StyleBuilderCustom.h: Source for shared parsing logic. (WebCore::StyleBuilderCustom::applyValueFontVariantLigatures): (WebCore::StyleBuilderCustom::applyValueFontVariantNumeric): (WebCore::StyleBuilderCustom::applyValueFontVariantEastAsian): * loader/cache/CachedFont.cpp: Pass the relevant data structures into the font selection algorithm. (WebCore::CachedFont::createFont): (WebCore::CachedFont::platformDataFromCustomData): * loader/cache/CachedFont.h: Ditto. * loader/cache/CachedSVGFont.cpp: Ditto. (WebCore::CachedSVGFont::createFont): (WebCore::CachedSVGFont::platformDataFromCustomData): * loader/cache/CachedSVGFont.h: Ditto. * platform/graphics/FontCache.h: Ditto. * platform/graphics/FontCascade.cpp: (WebCore::FontCascade::codePath): Adjust comment. * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::preparePlatformFont): Consult with the newly parsed values. (WebCore::fontWithFamily): Pass the relevant data structures into the font selection algorithm. (WebCore::FontCache::systemFallbackForCharacters): Ditto. * platform/graphics/mac/FontCustomPlatformData.cpp: (WebCore::FontCustomPlatformData::fontPlatformData): Ditto. * platform/graphics/mac/FontCustomPlatformData.h: Ditto. 2015-10-19 Myles C. Maxfield <mmaxfield@apple.com> FontCascade::typesettingFeatures() is not privy to font-variant-* nor font-feature-settings https://bugs.webkit.org/show_bug.cgi?id=149775 Reviewed by Darin Adler. This patch has two pieces: We used to have a boolean, enableLigatures, which affected how we perform shaping in both our simple and complex text codepaths. However, in this brave new world of font-feature-settings and font-variant-*, there are many properties which may affect shaping (and multiple kinds of ligatures). This patch renames this boolean to requiresShaping, and teaches it about all the various properties which affect text shaping. Similarly, one of the places which used this enableLigatures boolean was to tell CoreText if it should disable ligatures. However, we now have much finer-grained control over ligatures during font creation. This patch moves the responsibility of dictating which font features should be enabled entirely to the Font. Therefore, getCFStringAttributes() doesn't know anything about ligatures anymore; the logic inside font creation is used instead. An added benefit of moving all the font feature logic to one place is that we can implement the feature resolution algorithm described in the CSS3 fonts spec. This patch adds a test to makes sure that text-rendering, font-feature-settings, and font-variant-* play together nicely. Test: fast/text/multiple-feature-properties.html * platform/graphics/Font.cpp: (WebCore::Font::applyTransforms): * platform/graphics/Font.h: * platform/graphics/FontCascade.cpp: (WebCore::FontCascade::FontCascade): (WebCore::FontCascade::operator=): (WebCore::FontCascade::update): (WebCore::FontCascade::drawText): (WebCore::FontCascade::drawEmphasisMarks): (WebCore::FontCascade::width): (WebCore::FontCascade::adjustSelectionRectForText): (WebCore::FontCascade::offsetForPosition): (WebCore::FontCascade::codePath): (WebCore::FontCascade::floatWidthForSimpleText): * platform/graphics/FontCascade.h: (WebCore::FontCascade::requiresShaping): (WebCore::FontCascade::computeRequiresShaping): (WebCore::FontCascade::enableLigatures): Deleted. (WebCore::FontCascade::computeEnableLigatures): Deleted. * platform/graphics/WidthIterator.cpp: (WebCore::WidthIterator::WidthIterator): (WebCore::WidthIterator::applyFontTransforms): * platform/graphics/WidthIterator.h: * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::preparePlatformFont): * platform/graphics/cocoa/FontCocoa.mm: (WebCore::Font::canRenderCombiningCharacterSequence): * platform/graphics/mac/ComplexTextControllerCoreText.mm: (WebCore::ComplexTextController::collectComplexTextRunsForCharacters): * platform/graphics/mac/SimpleFontDataCoreText.cpp: (WebCore::Font::getCFStringAttributes): * svg/SVGFontData.h: 2015-10-13 Myles C. Maxfield <mmaxfield@apple.com> Split TypesettingFeatures into kerning and ligatures bools https://bugs.webkit.org/show_bug.cgi?id=150074 Reviewed by Simon Fraser. Our TypesettingFeatures type represents whether kerning or ligatures are enabled when laying out text. However, now that I have implemented font-feature-settings and font-variant-*, this type is wildly inadequate. There are now multiple kinds of ligatures, and many other features which are neither kerning nor ligatures. Adding tons of information to this type doesn't make sense because 1) We already have a FontVariantSettings struct which contains this information, and 2) None of the users of TypesettingFeatures care about most of these new features. In this new world of font features, the font-kerning property isn't changing. Therefore, all the code which relies only on the Kerning value in TypesettingFeatures doesn't need to change. The places which rely on Ligatures, however, need to be updated to understand that there are many different kinds of ligatures. Indeed, after inspection, all of the places which inspect ligatures are more interested in a high-level concept of whether or not we can trust some simple computation. Therefore, we really have two things we care about: Kerning, and this high-level concept. This patch is the second step to update our view of the world to include font-feature-settings and font-variant-*. In particular, this patch simply splits TypesettingFeatures into two Booleans, one for Kerning, and one for Ligatures (which has no behavior change). Then, once they are separated, I can migrate the Ligatures Boolean to take on its new meaning. This change is purely mechanical. No new tests because there is no behavior change. * WebCore.xcodeproj/project.pbxproj: * css/CSSPrimitiveValueMappings.h: (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): (WebCore::CSSPrimitiveValue::operator FontCascadeDescription::Kerning): * platform/graphics/Font.cpp: (WebCore::Font::applyTransforms): * platform/graphics/Font.h: * platform/graphics/FontCascade.cpp: (WebCore::FontCascade::FontCascade): (WebCore::FontCascade::operator=): (WebCore::FontCascade::update): (WebCore::FontCascade::drawText): (WebCore::FontCascade::drawEmphasisMarks): (WebCore::FontCascade::width): (WebCore::FontCascade::adjustSelectionRectForText): (WebCore::FontCascade::offsetForPosition): (WebCore::FontCascade::setDefaultKerning): (WebCore::FontCascade::setDefaultLigatures): (WebCore::FontCascade::codePath): (WebCore::FontCascade::floatWidthForSimpleText): (WebCore::FontCascade::setDefaultTypesettingFeatures): Deleted. (WebCore::FontCascade::defaultTypesettingFeatures): Deleted. * platform/graphics/FontCascade.h: (WebCore::FontCascade::enableKerning): (WebCore::FontCascade::enableLigatures): (WebCore::FontCascade::computeEnableKerning): (WebCore::FontCascade::computeEnableLigatures): (WebCore::FontCascade::typesettingFeatures): Deleted. (WebCore::FontCascade::computeTypesettingFeatures): Deleted. * platform/graphics/FontDescription.cpp: (WebCore::FontCascadeDescription::FontCascadeDescription): * platform/graphics/FontDescription.h: (WebCore::FontCascadeDescription::setKerning): (WebCore::FontCascadeDescription::initialKerning): * platform/graphics/TypesettingFeatures.h: Removed. * platform/graphics/WidthIterator.cpp: (WebCore::WidthIterator::WidthIterator): (WebCore::WidthIterator::applyFontTransforms): (WebCore::WidthIterator::advanceInternal): * platform/graphics/WidthIterator.h: * platform/graphics/cocoa/FontCocoa.mm: (WebCore::Font::canRenderCombiningCharacterSequence): * platform/graphics/mac/ComplexTextControllerCoreText.mm: (WebCore::ComplexTextController::collectComplexTextRunsForCharacters): * platform/graphics/mac/SimpleFontDataCoreText.cpp: (WebCore::Font::getCFStringAttributes): * rendering/RenderBlockLineLayout.cpp: (WebCore::setLogicalWidthForTextRun): * rendering/line/BreakingContext.h: (WebCore::WordTrailingSpace::width): * svg/SVGFontData.h: 2015-12-07 David Kilzer <ddkilzer@apple.com> Merge r193635. rdar://problem/23581586 2015-12-07 Chris Dumez <cdumez@apple.com> Crash in MemoryCache::pruneDeadResourcesToSize() https://bugs.webkit.org/show_bug.cgi?id=151833 <rdar://problem/22392235> Reviewed by David Kilzer. MemoryCache::pruneDeadResourcesToSize() is iterating over m_allResources (which is a vector of LRUList). It first destroys decoded data for each resource in the LRUList. Then, if it does not suffice to reach the target size, and starts actually removing resources from the cache. The issue is that this code alters m_allResources (and its LRULists) as it is iterating over it. We tried to deal with this in various ways: 1. Increment the iterator before removing the resource pointed by the iterator. 2. Protect the next resource in the LRUList and abort early if it is no longer in the cache. This adds code complexity and apparently does not correctly handle all the edge cases as we still see crashes in this code. In particular, I suspect that 2. may not be sufficient if it is possible for the next resource to be moved to another LRUList (in which case, next->inCache() would still return true but the iterator would however become invalid). To make the code simpler and more robust, this patch copies the LRUList (and refs the CachedResources) before iterating over it. This is a lot safer and should hopefully fix the crashes we see in this function. No new tests, no reproduction case. * loader/cache/MemoryCache.cpp: (WebCore::MemoryCache::pruneDeadResourcesToSize): 2015-12-06 David Kilzer <ddkilzer@apple.com> REGRESSION (r193575): variantSettings is unused when PLATFORM_FONT_LOOKUP is disabled <rdar://problem/23769741> * platform/graphics/mac/FontCacheMac.mm: (WebCore::fontWithFamily): Mark variantSettings as ununsed when PLATFORM_FONT_LOOKUP is disabled. 2015-12-06 Babak Shafiei <bshafiei@apple.com> Merge r188114. 2015-08-06 Myles C. Maxfield <mmaxfield@apple.com> CSSSegmentedFontFace::fontRanges() does not handle duplicate fonts correctly https://bugs.webkit.org/show_bug.cgi?id=147765 Reviewed by Filip Pizlo. CSSSegmentedFontFace::fontRanges() was trying to hash on FontDescriptors by picking a few specific pieces of data out of the FontDescriptor, computing a hash on it, and using that unsigned as a key in a HashMap. This has two problems: it doesn't handle equality correctly, as hash collisions cannot depend on an equality operator to dedup, and it doesn't hash on all the members of a FontDescription. Instead, this HashMap should use FontDescriptionKey, which represents a FontDescription, and is designed exactly for the purpose of being used as a key in a HashMap. No new tests because there is no behavior change (because a problem occurs when two different FontDescriptions hash to the same value, which is rare). * css/CSSSegmentedFontFace.cpp: (WebCore::CSSSegmentedFontFace::fontRanges): * css/CSSSegmentedFontFace.h: * platform/graphics/FontCache.h: (WebCore::FontDescriptionKeyHash::hash): (WebCore::FontDescriptionKeyHash::equal): 2015-12-06 Matthew Hanson <matthew_hanson@apple.com> Merge r190895. rdar://problem/23769817 2015-10-12 Myles C. Maxfield <mmaxfield@apple.com> [Font Features] Tiny cleanup regarding FontCascade::typesettingFeatures() https://bugs.webkit.org/show_bug.cgi?id=150051 Reviewed by Simon Fraser. There are no typesetting features which aren't kerning nor ligatures. No new tests because there is no behavior difference. * platform/graphics/FontCascade.cpp: (WebCore::FontCascade::codePath): * platform/graphics/WidthIterator.h: (WebCore::WidthIterator::supportsTypesettingFeatures): Deleted. 2015-12-06 Matthew Hanson <matthew_hanson@apple.com> Merge r190999. rdar://problem/23769821 2015-10-13 Myles C. Maxfield <mmaxfield@apple.com> Unprefix font-kerning https://bugs.webkit.org/show_bug.cgi?id=150080 Reviewed by Sam Weinig. This is the last property in CSS3 Fonts which is prefixed. Test: fast/text/font-kerning.html * css/CSSPropertyNames.in: 2015-12-06 Matthew Hanson <matthew_hanson@apple.com> Merge r190402. rdar://problem/23769741 2015-10-01 Csaba Osztrogonác <ossy@webkit.org> Fix the ARM build after r190192 https://bugs.webkit.org/show_bug.cgi?id=149620 Reviewed by Darin Adler. * platform/graphics/FontFeatureSettings.h: (WebCore::fontFeatureTag): 2015-09-23 Myles C. Maxfield <mmaxfield@apple.com> [Cocoa] [Font Features] Implement font-variant-* https://bugs.webkit.org/show_bug.cgi?id=148413 Reviewed by Darin Adler. This patch is the first pass of implementing of the font-variant-* properties. Specifically, these properties are: font-variant-ligatures font-variant-position font-variant-caps font-variant-numeric font-variant-alternates font-variant-east-asian These new properties are held inside FontDescription as bit fields. At font creation time, we consult with the FontDescription to figure out which variants are specified. We then convert those variants to font features, and resolve these font features with the additional features specified by font-feature-settings (as the spec requires). This patch also makes our caches sensitive to these new properties of FontDescription so we don't look up cached, stale fonts. The implementation has some caveats, however. They are listed here: 1. These new properties need to interact correctly with @font-face declarations. In particular, only certain properties of the FontDescription should be considered when detecting if a @font-face declaration applies to a particular element. This discrimination does not happen correctly. In addition, any feature-specific CSS properties inside the @font-face declaration need to be consulted at a particular point during the feature resolve. This does not currently occur. 2. One of the properties, font-variant-alternates, has a few values which require custom CSS functions, which makes modeling the properties as bit fields tricky. These extra values need to be implemented. This patch implements all the values which do not require extra CSS features. 3. These new properties have a shorthand, font-variant, which is designed to be backward- compatible with CSS 2.1's concept of font-variant. In particular, CSS 2.1 allows you to use "normal" and "small-caps" with font-variant. Both of these values are values of the new property font-variant-caps. However, our existing implementation of small-caps does not use font features when they exist; instead, it simply draws text at a smaller font size and uses (effectively) text-transform to force capital letters. This implementation needs to be unified with the new font-variant-caps property so that we can expand font-variant to be a shorthand for the new properties. 4. font-variant-position and font-variant-caps should provide appropriate synthesis if no matching font-feature exists. 5. FontCascade::typesettingFeatures() is now no-longer accurate. Fixing this would be large enough to warrant its own patch. 6. These properties are not tested with TrueType fonts. Tests: css3/font-variant-all-webfont.html css3/font-variant-parsing.html * css/CSSComputedStyleDeclaration.cpp: Reconstruct StyleProperties from a RenderStyle. (WebCore::appendLigaturesValue): (WebCore::fontVariantLigaturesPropertyValue): (WebCore::fontVariantPositionPropertyValue): (WebCore::fontVariantCapsPropertyValue): (WebCore::fontVariantNumericPropertyValue): (WebCore::fontVariantAlternatesPropertyValue): (WebCore::fontVariantEastAsianPropertyValue): (WebCore::ComputedStyleExtractor::propertyValue): * css/CSSFontFeatureValue.cpp: Update to FontFeatureTag instead of WTF::String. (WebCore::CSSFontFeatureValue::CSSFontFeatureValue): (WebCore::CSSFontFeatureValue::customCSSText): * css/CSSFontFeatureValue.h: Ditto. (WebCore::CSSFontFeatureValue::create): (WebCore::CSSFontFeatureValue::tag): * css/CSSParser.cpp: Parse the new properties according to the CSS3 fonts spec. (WebCore::isValidKeywordPropertyAndValue): (WebCore::isKeywordPropertyID): (WebCore::CSSParser::parseValue): (WebCore::CSSParser::parseFontFeatureTag): (WebCore::CSSParser::parseFontVariantLigatures): (WebCore::CSSParser::parseFontVariantNumeric): (WebCore::CSSParser::parseFontVariantEastAsian): * css/CSSParser.h: * css/CSSPrimitiveValueMappings.h: For the three properties which are simple keyword value properties, implement casting operators to automatically convert between RenderStyle objects and CSS property objects. (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): (WebCore::CSSPrimitiveValue::operator FontVariantPosition): (WebCore::CSSPrimitiveValue::operator FontVariantCaps): (WebCore::CSSPrimitiveValue::operator FontVariantAlternates): * css/CSSPropertyNames.in: New properties. * css/CSSValueKeywords.in: New values. * css/StyleBuilderConverter.h: (WebCore::StyleBuilderConverter::convertFontFeatureSettings): Update to not use RefPtrs. * css/StyleBuilderCustom.h: Properties which are not simple keyword value properties are decomposed into multiple members of FontDescription. These properties exist to convert between these aggregate members and the CSS properties. (WebCore::StyleBuilderCustom::applyInheritFontVariantLigatures): (WebCore::StyleBuilderCustom::applyInitialFontVariantLigatures): (WebCore::StyleBuilderCustom::applyValueFontVariantLigatures): (WebCore::StyleBuilderCustom::applyInheritFontVariantNumeric): (WebCore::StyleBuilderCustom::applyInitialFontVariantNumeric): (WebCore::StyleBuilderCustom::applyValueFontVariantNumeric): (WebCore::StyleBuilderCustom::applyInheritFontVariantEastAsian): (WebCore::StyleBuilderCustom::applyInitialFontVariantEastAsian): (WebCore::StyleBuilderCustom::applyValueFontVariantEastAsian): (WebCore::StyleBuilderCustom::applyInitialWebkitFontVariantLigatures): Deleted. (WebCore::StyleBuilderCustom::applyInheritWebkitFontVariantLigatures): Deleted. (WebCore::StyleBuilderCustom::applyValueWebkitFontVariantLigatures): Deleted. * editing/cocoa/HTMLConverter.mm: (HTMLConverter::computedAttributesForElement): Unprefix font-variant-ligatures. * platform/graphics/FontCache.h: Update cache to be sensitive to new state in FontDescription. (WebCore::FontDescriptionKey::FontDescriptionKey): (WebCore::FontDescriptionKey::operator==): (WebCore::FontDescriptionKey::computeHash): (WebCore::FontDescriptionKey::makeFlagsKey): (WebCore::FontDescriptionKey::makeFlagKey): Deleted. * platform/graphics/FontCascade.cpp: (WebCore::FontCascade::codePath): These new variants should trigger the complex text codepath. * platform/graphics/FontCascade.h: (WebCore::FontCascade::computeTypesettingFeatures): Update to use new state enum. * platform/graphics/FontDescription.cpp: Add state to hold new property values. (WebCore::FontDescription::FontDescription): (WebCore::FontCascadeDescription::FontCascadeDescription): Deleted. * platform/graphics/FontDescription.h: Add state to hold new property values. (WebCore::FontDescription::featureSettings): (WebCore::FontDescription::variantCommonLigatures): (WebCore::FontDescription::variantDiscretionaryLigatures): (WebCore::FontDescription::variantHistoricalLigatures): (WebCore::FontDescription::variantContextualAlternates): (WebCore::FontDescription::variantPosition): (WebCore::FontDescription::variantCaps): (WebCore::FontDescription::variantNumericFigure): (WebCore::FontDescription::variantNumericSpacing): (WebCore::FontDescription::variantNumericFraction): (WebCore::FontDescription::variantNumericOrdinal): (WebCore::FontDescription::variantNumericSlashedZero): (WebCore::FontDescription::variantAlternates): (WebCore::FontDescription::variantEastAsianVariant): (WebCore::FontDescription::variantEastAsianWidth): (WebCore::FontDescription::variantEastAsianRuby): (WebCore::FontDescription::variantSettings): (WebCore::FontDescription::setFeatureSettings): (WebCore::FontDescription::setVariantCommonLigatures): (WebCore::FontDescription::setVariantDiscretionaryLigatures): (WebCore::FontDescription::setVariantHistoricalLigatures): (WebCore::FontDescription::setVariantContextualAlternates): (WebCore::FontDescription::setVariantPosition): (WebCore::FontDescription::setVariantCaps): (WebCore::FontDescription::setVariantNumericFigure): (WebCore::FontDescription::setVariantNumericSpacing): (WebCore::FontDescription::setVariantNumericFraction): (WebCore::FontDescription::setVariantNumericOrdinal): (WebCore::FontDescription::setVariantNumericSlashedZero): (WebCore::FontDescription::setVariantAlternates): (WebCore::FontDescription::setVariantEastAsianVariant): (WebCore::FontDescription::setVariantEastAsianWidth): (WebCore::FontDescription::setVariantEastAsianRuby): (WebCore::FontDescription::operator==): (WebCore::FontCascadeDescription::initialVariantPosition): (WebCore::FontCascadeDescription::initialVariantCaps): (WebCore::FontCascadeDescription::initialVariantAlternates): (WebCore::FontCascadeDescription::commonLigaturesState): Deleted. (WebCore::FontCascadeDescription::discretionaryLigaturesState): Deleted. (WebCore::FontCascadeDescription::historicalLigaturesState): Deleted. (WebCore::FontCascadeDescription::setCommonLigaturesState): Deleted. (WebCore::FontCascadeDescription::setDiscretionaryLigaturesState): Deleted. (WebCore::FontCascadeDescription::setHistoricalLigaturesState): Deleted. (WebCore::FontCascadeDescription::operator==): Deleted. * platform/graphics/FontFeatureSettings.cpp: Update to use FontFeatureTag instead of WTF::String. (WebCore::FontFeature::FontFeature): (WebCore::FontFeature::operator==): (WebCore::FontFeature::operator<): (WebCore::FontFeatureSettings::hash): (WebCore::FontFeatureSettings::create): Deleted. * platform/graphics/FontFeatureSettings.h: Update to use FontFeatureTag instead of WTF::String. (WebCore::fontFeatureTag): (WebCore::FontFeatureTagHash::hash): (WebCore::FontFeatureTagHash::equal): (WebCore::FontFeatureTagHashTraits::constructDeletedValue): (WebCore::FontFeatureTagHashTraits::isDeletedValue): (WebCore::FontFeature::tag): (WebCore::FontFeatureSettings::operator==): (WebCore::FontFeatureSettings::begin): (WebCore::FontFeatureSettings::end): (WebCore::FontFeatureSettings::FontFeatureSettings): Deleted. * platform/graphics/cocoa/FontCacheCoreText.cpp: Ditto. Also, when computing font features, consult with the state inside FontDescription. (WebCore::tagEquals): (WebCore::appendTrueTypeFeature): (WebCore::appendOpenTypeFeature): (WebCore::computeFeatureSettingsFromVariants): (WebCore::preparePlatformFont): (WebCore::platformFontLookupWithFamily): (WebCore::fontWithFamily): (WebCore::FontCache::createFontPlatformData): (WebCore::FontCache::systemFallbackForCharacters): * platform/graphics/harfbuzz/HarfBuzzShaper.cpp: Update to use references instead of pointers. (WebCore::HarfBuzzShaper::setFontFeatures): * platform/graphics/mac/FontCacheMac.mm: (WebCore::platformFontWithFamily): Ditto. * platform/graphics/mac/FontCustomPlatformData.cpp: (WebCore::FontCustomPlatformData::fontPlatformData): Be sensitive to new state inside FontDescription. * platform/text/TextFlags.h: (WebCore::FontVariantSettings::isAllNormal): New state enums. * rendering/RenderThemeIOS.mm: (WebCore::RenderThemeIOS::updateCachedSystemFontDescription): Be sensitive to new state inside FontDescription. * rendering/line/BreakingContext.h: 2015-07-30 Myles C. Maxfield <mmaxfield@apple.com> Clean up makeFontCascadeCacheKey() https://bugs.webkit.org/show_bug.cgi?id=147430 Reviewed by Benjamin Poulain. FontDescriptionKey is designed to encapsulate all the cacheable properties of a FontDescription. However, a higher-level cache, FontCascadeCacheKey, was taking some values from FontDescriptions. The fact that there wasn't a bug before is just a happy coincidence. This patch moves those bits from the higher-level cache and puts them into FontDescriptionKey where they belong. No new tests because there is no behavior change. * platform/graphics/FontCache.h: (WebCore::FontDescriptionKey::makeFlagKey): * platform/graphics/FontCascade.cpp: (WebCore::operator==): (WebCore::makeFontSelectorFlags): Deleted. (WebCore::makeFontCascadeCacheKey): Deleted. (WebCore::computeFontCascadeCacheHash): Deleted. 2015-08-06 Myles C. Maxfield <mmaxfield@apple.com> Make FontDescriptionKey sensitive to FontFeatureSettings https://bugs.webkit.org/show_bug.cgi?id=147751 Reviewed by Anders Carlsson. Just like how FontDescription hashes should be sensitive to locale, they should also be sensitive to font features. This patch also fixes operator== for FontDescriptionKey, which was previously comparing hashes for equality instead of the underlying data. Comparing hashes for equality is useless inside hashmaps. This is in preparation for implementing font-feature-settings. No new tests because there is no behavior change. * platform/graphics/FontCache.cpp: (WebCore::FontPlatformDataCacheKey::FontPlatformDataCacheKey): (WebCore::FontPlatformDataCacheKey::isHashTableDeletedValue): (WebCore::FontPlatformDataCacheKey::hashTableDeletedSize): Deleted. * platform/graphics/FontCache.h: (WebCore::FontDescriptionKey::FontDescriptionKey): (WebCore::FontDescriptionKey::operator==): (WebCore::FontDescriptionKey::operator!=): (WebCore::FontDescriptionKey::isHashTableDeletedValue): (WebCore::FontDescriptionKey::computeHash): * platform/graphics/FontFeatureSettings.cpp: (WebCore::FontFeature::hash): (WebCore::FontFeatureSettings::hash): * platform/graphics/FontFeatureSettings.h: 2015-08-06 Myles C. Maxfield <mmaxfield@apple.com> Font feature settings comparisons are order-dependent and case-dependent https://bugs.webkit.org/show_bug.cgi?id=147719 Reviewed by Benjamin Poulain. We should make our settings vector order-independent and case-independent. Test: css3/font-feature-settings-parsing.html * css/CSSParser.cpp: (WebCore::CSSParser::parseFontFeatureTag): * css/StyleBuilderConverter.h: (WebCore::StyleBuilderConverter::convertFontFeatureSettings): * platform/graphics/FontFeatureSettings.cpp: (WebCore::FontFeature::FontFeature): (WebCore::FontFeature::operator==): (WebCore::FontFeatureSettings::FontFeatureSettings): * platform/graphics/FontFeatureSettings.h: (WebCore::FontFeature::FontFeature): (WebCore::FontFeature::operator==): (WebCore::FontFeature::operator<): (WebCore::FontFeatureSettings::insert): (WebCore::FontFeatureSettings::FontFeatureSettings): (WebCore::FontFeatureSettings::append): Deleted. 2015-08-11 Myles C. Maxfield <mmaxfield@apple.com> [font-features] Map OpenType feature tags to TrueType feature selectors https://bugs.webkit.org/show_bug.cgi?id=147819 Reviewed by Dean Jackson. Allow uses of font-feature-settings even on TrueType fonts. Test: css3/font-feature-settings-preinstalled-fonts.html * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::appendRawTrueTypeFeature): (WebCore::appendTrueTypeFeature): 2015-12-05 Babak Shafiei <bshafiei@apple.com> Merge r193479. 2015-12-01 Jer Noble <jer.noble@apple.com> Adopt AVContentKeySession https://bugs.webkit.org/show_bug.cgi?id=151221 Reviewed by Eric Carlson. Adopt a new API for managing key state, AVContentKeySession. Because this necessitates a change in both the initialization data returned by the needkey event, and passed into the createSession() method, bump the protocol version number (to 3), and keep supporting the old key management API for legacy content. To do so, move most of the implementation of CDMPrivateMediaSourceAVFObjC into a new subclass, CDMSessionAVStreamSession, and add a new subclass, CDMSessionAVContentKeySession, to support the new API. * platform/graphics/avfoundation/CDMPrivateMediaSourceAVFObjC.h: (WebCore::CDMPrivateMediaSourceAVFObjC::CDMPrivateMediaSourceAVFObjC): Moved to implementation file. * platform/graphics/avfoundation/CDMPrivateMediaSourceAVFObjC.mm: (WebCore::validKeySystemRE): Support "com.apple.fps.3_x". (WebCore::CDMPrivateMediaSourceAVFObjC::~CDMPrivateMediaSourceAVFObjC): Invalidate all outstanding sessions. (WebCore::CDMPrivateMediaSourceAVFObjC::supportsKeySystem): Only support "com.apple.fps.3_x" if the AVContentKeySession class is available. (WebCore::CDMPrivateMediaSourceAVFObjC::createSession): Create an instance of CDMSessionAVContentKeySession if "com.apple.fps.3_x" is specified and AVContentKeySession is available. (WebCore::CDMPrivateMediaSourceAVFObjC::invalidateSession): Remove session from the list of outstanding sessions. (WebCore::CDMPrivateMediaSourceAVFObjC::supportsMIMEType): Deleted. * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.h: Copied from Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h. (WebCore::CDMSessionAVContentKeySession::hasContentKeySession): Simple accessor. (WebCore::toCDMSessionAVContentKeySession): Safe casting. * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm: Added. (-[CDMSessionAVContentKeySessionDelegate initWithParent:]): Simple constructor. (-[CDMSessionAVContentKeySessionDelegate invalidate]): Remove reference to parent. (-[CDMSessionAVContentKeySessionDelegate contentKeySession:willProvideKeyRequestInitializationDataForTrackID:]): Pass to parent. (-[CDMSessionAVContentKeySessionDelegate contentKeySession:didProvideKeyRequestInitializationData:requestHandling:]): Ditto. (-[CDMSessionAVContentKeySessionDelegate contentKeySessionContentProtectionSessionIdentifierDidChange:]): Ditto. (WebCore::CDMSessionAVContentKeySession::CDMSessionAVContentKeySession): Create the delegate. (WebCore::CDMSessionAVContentKeySession::~CDMSessionAVContentKeySession): Invalidate the delegate and remove all parsers. (WebCore::CDMSessionAVContentKeySession::isAvailable): Return true if AVContentKeySession class is available. (WebCore::CDMSessionAVContentKeySession::generateKeyRequest): Support "keyrelease" message, setting of the certificate, and creating key request object. (WebCore::CDMSessionAVContentKeySession::releaseKeys): Retrieve keys from storage location. (WebCore::isEqual): Compares a Uint8Array to a char*. (WebCore::CDMSessionAVContentKeySession::update): Support "acknowledged" message, "renew" message, and key addition. (WebCore::CDMSessionAVContentKeySession::addParser): Add the parser to the AVContentKeySession. (WebCore::CDMSessionAVContentKeySession::removeParser): Remove parser from same. (WebCore::CDMSessionAVContentKeySession::generateKeyReleaseMessage): Retrieve key release message from AVContentKeySession. (WebCore::CDMSessionAVContentKeySession::didProvideContentKeyRequest): Simple setter. (WebCore::CDMSessionAVContentKeySession::contentKeySession): Lazily create the AVContentKeySession. * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.h: * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.mm: (WebCore::CDMSessionAVFoundationObjC::CDMSessionAVFoundationObjC): * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.h: Copied from Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h. (WebCore::toCDMSessionAVStreamSession): * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm: Copied from Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm. (-[CDMSessionAVStreamSessionObserver initWithParent:]): Moved from CDMSessionMediaSourceAVFObjcObserver. (-[CDMSessionAVStreamSessionObserver contentProtectionSessionIdentifierChanged:]): Ditto. (WebCore::CDMSessionAVStreamSession::CDMSessionAVStreamSession): Ditto. (WebCore::CDMSessionAVStreamSession::~CDMSessionAVStreamSession): Ditto. (WebCore::CDMSessionAVStreamSession::generateKeyRequest): Ditto. (WebCore::CDMSessionAVStreamSession::releaseKeys): Ditto. (WebCore::isEqual): Ditto. (WebCore::CDMSessionAVStreamSession::update): Ditto. (WebCore::CDMSessionAVStreamSession::setStreamSession): Ditto. (WebCore::CDMSessionAVStreamSession::addParser): Ditto. (WebCore::CDMSessionAVStreamSession::removeParser): Ditto. (WebCore::CDMSessionAVStreamSession::generateKeyReleaseMessage): Ditto. * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h: (WebCore::CDMSessionMediaSourceAVFObjC::invalidateCDM): Clear the m_cdm. (WebCore::toCDMSessionMediaSourceAVFObjC): * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm: (WebCore::CDMSessionMediaSourceAVFObjC::CDMSessionMediaSourceAVFObjC): (WebCore::CDMSessionMediaSourceAVFObjC::~CDMSessionMediaSourceAVFObjC): Instruct our CDM to invalidate their references to us. (WebCore::CDMSessionMediaSourceAVFObjC::addSourceBuffer): Call addParser(). (WebCore::CDMSessionMediaSourceAVFObjC::removeSourceBuffer): Call removeParser(). (WebCore::CDMSessionMediaSourceAVFObjC::layerDidReceiveError): Deleted. (WebCore::CDMSessionMediaSourceAVFObjC::rendererDidReceiveError): Deleted. To give us a chance to create a CDMPrivate before we continue decoding media data, "block" further decoding on the background thread by creating a semaphore and passing it to the main thread, to be triggered when a CDM is created and attached to this source buffer. * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h: * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: (-[WebAVStreamDataParserListener streamDataParser:didProvideContentKeyRequestInitializationData:forTrackID:]): (WebCore::SourceBufferPrivateAVFObjC::~SourceBufferPrivateAVFObjC): (WebCore::SourceBufferPrivateAVFObjC::willProvideContentKeyRequestInitializationDataForTrackID): (WebCore::SourceBufferPrivateAVFObjC::didProvideContentKeyRequestInitializationDataForTrackID): (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): (-[WebAVStreamDataParserListener streamDataParserWillProvideContentKeyRequestInitializationData:forTrackID:]): Deleted. * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm: Drive-by fix: Only throw an error from keyRequestTimerFired() if the underlying call to generateKeyRequest() returned an error, rather than just failed to create a message. * Modules/encryptedmedia/MediaKeySession.cpp: (WebCore::MediaKeySession::keyRequestTimerFired): Drive-by fix: Pass the CDMSessionClient into CDM::createSession() so that it is immediately available in the CDMSessionPrivate constructor, rather than setting the client immediately after construction. * Modules/encryptedmedia/CDM.cpp: (WebCore::CDM::createSession): * Modules/encryptedmedia/CDM.h: * Modules/encryptedmedia/CDMPrivate.h: * Modules/encryptedmedia/CDMPrivateClearKey.cpp: (WebCore::CDMPrivateClearKey::createSession): * Modules/encryptedmedia/CDMPrivateClearKey.h: * Modules/encryptedmedia/CDMPrivateMediaPlayer.cpp: (WebCore::CDMPrivateMediaPlayer::createSession): * Modules/encryptedmedia/CDMPrivateMediaPlayer.h: * Modules/encryptedmedia/CDMSessionClearKey.cpp: (WebCore::CDMSessionClearKey::CDMSessionClearKey): * Modules/encryptedmedia/CDMSessionClearKey.h: * Modules/encryptedmedia/MediaKeySession.cpp: (WebCore::MediaKeySession::MediaKeySession): * platform/graphics/CDMSession.h: * platform/graphics/MediaPlayer.cpp: (WebCore::MediaPlayer::createSession): * platform/graphics/MediaPlayer.h: * platform/graphics/MediaPlayerPrivate.h: (WebCore::MediaPlayerPrivateInterface::createSession): * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::createSession): * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::cdmSession): * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setCDMSession): (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::keyNeeded): Deleted. * testing/MockCDM.cpp: (WebCore::MockCDM::createSession): (WebCore::MockCDMSession::MockCDMSession): * testing/MockCDM.h: Add new files to the project: * WebCore.xcodeproj/project.pbxproj: 2015-12-05 Babak Shafiei <bshafiei@apple.com> Merge r190202. 2015-09-24 Gyuyoung Kim <gyuyoung.kim@webkit.org> Reduce almost uses of PassRefPtr in Webcore/testing https://bugs.webkit.org/show_bug.cgi?id=149449 Reviewed by Darin Adler. This patch removes all uses of PassRefPtr except for Internals::serializeObject() and Internals::deserializeObject(). It will be removed by upcoming patch. * Modules/encryptedmedia/CDMSessionClearKey.cpp: (WebCore::CDMSessionClearKey::generateKeyRequest): * Modules/encryptedmedia/CDMSessionClearKey.h: * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp: (WebCore::jsTestOverrideBuiltinsPrototypeFunctionNamedItem): * platform/graphics/CDMSession.h: * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.cpp: (WebCore::CDMSessionAVFoundationCF::generateKeyRequest): * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.h: * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.h: * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.mm: (WebCore::CDMSessionAVFoundationObjC::generateKeyRequest): * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h: * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm: (WebCore::CDMSessionMediaSourceAVFObjC::generateKeyRequest): * testing/InternalSettings.h: (WebCore::InternalSettings::create): * testing/Internals.cpp: (WebCore::Internals::create): (WebCore::Internals::computedStyleIncludingVisitedInfo): (WebCore::Internals::markerRangeForNode): (WebCore::Internals::rangeFromLocationAndLength): (WebCore::Internals::subrange): (WebCore::Internals::nodesFromRect): (WebCore::Internals::mallocStatistics): (WebCore::Internals::typeConversions): (WebCore::Internals::memoryInfo): (WebCore::Internals::serializeObject): (WebCore::Internals::deserializeBuffer): (WebCore::Internals::createTimeRanges): * testing/Internals.h: * testing/MallocStatistics.h: (WebCore::MallocStatistics::create): * testing/MemoryInfo.h: (WebCore::MemoryInfo::create): * testing/MockCDM.cpp: (WebCore::MockCDMSession::generateKeyRequest): * testing/TypeConversions.h: (WebCore::TypeConversions::create): 2015-12-05 Matthew Hanson <matthew_hanson@apple.com> Rollout r193478. rdar://problem/23732400 2015-12-05 David Kilzer <ddkilzer@apple.com> Merge r192129. rdar://problem/23732379 2015-11-07 Michael Catanzaro <mcatanzaro@igalia.com> Unreviewed, fix GTK build after r191981 * html/HTMLFormControlElement.cpp: 2015-12-05 David Kilzer <ddkilzer@apple.com> Merge r191981. rdar://problem/23732379 2015-10-30 Jon Honeycutt <jhoneycutt@apple.com> Implement support for the autocomplete attribute https://bugs.webkit.org/show_bug.cgi?id=150731 rdar://problem/21078968 The autocomplete attribute is defined by https://html.spec.whatwg.org/multipage/forms.html#autofill. Reviewed by Brent Fulgham. Test: fast/forms/autocomplete-tokens.html * html/HTMLFormControlElement.cpp: (WebCore::isContactToken): Return true if this is a contact token. (WebCore::categoryForAutofillFieldToken): Adds all of the autofill field tokens to a map, and returns the category for a given token. (WebCore::maxTokensForAutofillFieldCategory): Return the maximum number of tokens an autofill category supports. (WebCore::HTMLFormControlElement::parseAutocompleteAttribute): Implement the processing model defined in https://html.spec.whatwg.org/multipage/forms.html#processing-model-3 with respect to the IDL-exposed autofill value. (WebCore::HTMLFormControlElement::setAutocomplete): Set the autocomplete attribute to the given string. * html/HTMLFormControlElement.h: Declare setAutocomplete() and autocomplete(). * html/HTMLInputElement.idl: Remove the Reflect attribute. We now have custom processing for getting this attribute. * html/HTMLSelectElement.idl: Declare the autocomplete attribute. * html/HTMLTextAreaElement.idl: Ditto. 2015-12-05 Dana Burkart <dburkart@apple.com> Merge r190564. rdar://problem/23769747 2015-10-05 Myles C. Maxfield <mmaxfield@apple.com> Unprefix -webkit-font-feature-settings https://bugs.webkit.org/show_bug.cgi?id=149722 Reviewed by Sam Weinig. * css/CSSComputedStyleDeclaration.cpp: (WebCore::ComputedStyleExtractor::propertyValue): * css/CSSParser.cpp: (WebCore::CSSParser::parseValue): (WebCore::CSSParser::parseFontFeatureSettings): * css/CSSPropertyNames.in: * css/CSSValueKeywords.in: * css/StyleBuilderCustom.h: (WebCore::StyleBuilderCustom::applyInitialFontFeatureSettings): (WebCore::StyleBuilderCustom::applyInheritFontFeatureSettings): (WebCore::StyleBuilderCustom::applyInitialWebkitFontFeatureSettings): Deleted. (WebCore::StyleBuilderCustom::applyInheritWebkitFontFeatureSettings): Deleted. 2015-12-05 Matthew Hanson <matthew_hanson@apple.com> Merge r192953. rdar://problem/23581540 2015-11-30 David Hyatt <hyatt@apple.com> Implement the picture element. https://bugs.webkit.org/show_bug.cgi?id=116963 Reviewed by Dean Jackson. Added fast/picture tests. * WebCore.xcodeproj/project.pbxproj: Add HTMLPictureElement.* to the project. * html/HTMLImageElement.cpp: (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate): Remove the CURRENT_SRC ifdef. (WebCore::HTMLImageElement::bestFitSourceFromPictureElement): New helper function that checks the <source> elements of a <picture> parent for the best match. (WebCore::HTMLImageElement::selectImageSource): Pull out the process of image selection into its own function so that this can be called from many places (to ensure that dynamic changes are reflected as elements get changed, added or removed). (WebCore::HTMLImageElement::parseAttribute): Call selectImageSource when attributes change. (WebCore::HTMLImageElement::insertedInto): If inserted into a picture element, make sure to update the source. * html/HTMLImageElement.h: (WebCore::HTMLImageElement::currentSrc): Remove the CURRENT_SRC ifdef. * html/HTMLImageElement.idl: Remove the CURRENT_SRC ifdef. * html/HTMLPictureElement.cpp: Added. (WebCore::HTMLPictureElement::HTMLPictureElement): (WebCore::HTMLPictureElement::create): (WebCore::HTMLPictureElement::sourcesChanged): * html/HTMLPictureElement.h: Added. The new picture element. Has a sourcesChanged() function that is invoked whenever anything about the <source> elements changes. * html/HTMLSourceElement.cpp: (WebCore::HTMLSourceElement::insertedInto): (WebCore::HTMLSourceElement::removedFrom): (WebCore::HTMLSourceElement::parseAttribute): Make sure to call sourcesChanged when new sources come and go or when attributes on source elements change. * html/HTMLSourceElement.h: Added parseAttribute function so we can see when attributes change that force us to do a dynamic update. * html/HTMLTagNames.in: Add the picture element. * html/parser/HTMLSrcsetParser.h: (WebCore::ImageCandidate::srcOrigin): (WebCore::ImageCandidate::isEmpty): Some helpers for picture parsing. 2015-12-05 Matthew Hanson <matthew_hanson@apple.com> Merge r191252. rdar://problem/23772905 2015-10-17 David Hyatt <hyatt@apple.com> Implement the CSS4 'revert' keyword. https://bugs.webkit.org/show_bug.cgi?id=149702 Reviewed by Simon Fraser. Added new tests in fast/css and fast/css/variables. * CMakeLists.txt: * WebCore.xcodeproj/project.pbxproj: Add CSSRevertValue to the project and makefiles. * css/CSSParser.cpp: (WebCore::parseKeywordValue): Make sure to handle "revert" in the keyword parsing path (along with inherit/initial/unset). (WebCore::CSSParser::parseValue): (WebCore::CSSParser::parseCustomPropertyDeclaration): At the parser level, "revert" is just like inherit/initial/unset and gets its own special singleton value, CSSRevertValue. * css/CSSRevertValue.cpp: Added. (WebCore::CSSRevertValue::customCSSText): * css/CSSRevertValue.h: Added. (WebCore::CSSRevertValue::create): (WebCore::CSSRevertValue::equals): (WebCore::CSSRevertValue::CSSRevertValue): This value is identical to the inherit/initial/unset values, i.e., its own special value that can be used to indicate a revert when doing style resolution. * css/CSSValue.cpp: (WebCore::CSSValue::cssValueType): (WebCore::CSSValue::equals): (WebCore::CSSValue::cssText): (WebCore::CSSValue::destroy): * css/CSSValue.h: (WebCore::CSSValue::isInheritedValue): (WebCore::CSSValue::isInitialValue): (WebCore::CSSValue::isUnsetValue): (WebCore::CSSValue::isRevertValue): Add the RevertClass to CSSValue and make sure it is handled in all the appropriate methods. * css/CSSValueKeywords.in: Add the "revert" keyword to the list of allowed CSS keywords. * css/CSSValuePool.cpp: (WebCore::CSSValuePool::CSSValuePool): * css/CSSValuePool.h: (WebCore::CSSValuePool::createRevertValue): Add support for a CSSRevertValue singleton, just like inherit/unset/initial. * css/FontLoader.cpp: (WebCore::FontLoader::resolveFontStyle): Add "unset" and "revert" as special keywords to be ignored. This code seems to be turned off, but patching it anyway. * css/SelectorChecker.h: Add a MatchDefault value of 0 to the LinkMatchMask. This enables it to be used as an index to the correct value in Property (in the style resolution code). * css/StyleResolver.cpp: (WebCore::StyleResolver::State::initForStyleResolve): Delete any lingering old CascadedProperty rollbacks for UA/user rules. (WebCore::StyleResolver::styleForKeyframe): (WebCore::StyleResolver::styleForPage): (WebCore::StyleResolver::applyMatchedProperties): Pass along the MatchResult as an additional parameter, since we need it to lazily compute the cascade rollbacks if the "revert" keyword is encountered. (WebCore::StyleResolver::cascadedPropertiesForRollback): This method will lazily create and return a new CascadedProperties pointer that is cached in the StyleResolver's state. This will contain only UA rules (for user reverts) and UA/user rules (for author reverts). These will only be computed at most once for a given element when doing a reversion, and they will be computed lazily, i.e., only if a revert is requested. (WebCore::StyleResolver::applyProperty): Pass along the LinkMatchMask and the MatchResult to applyProperty. This way we know specifically which link type we were computing if we have to revert (so that we roll back and look at the same index in the reverted version). The MatchResult is passed along because it is needed to build the CascadedProperties rollbacks. The basic idea is that if a revert is encountered, the level that the rule came from is checked. If it is UA level, just treat as "unset." If it is author or user level, get the correct CascadedProperties rollback and repeat the applyProperty using the property found in the rollback. If the property is not present in the cascade rollback, then the revert becomes an unset. (WebCore::StyleResolver::CascadedProperties::hasCustomProperty): (WebCore::StyleResolver::CascadedProperties::customProperty): Helpers used by applyProperty to check on custom properties, since they can revert too just like a regular property can. (WebCore::StyleResolver::CascadedProperties::setPropertyInternal): (WebCore::StyleResolver::CascadedProperties::set): (WebCore::StyleResolver::CascadedProperties::setDeferred): Passing along the CascadeLevel (UA, User, Author) so that it can be stored in the Property. This way when we do property application, we always know where the rule came from so that the reversion can be handled properly. (WebCore::StyleResolver::CascadedProperties::addStyleProperties): (WebCore::cascadeLevelForIndex): (WebCore::StyleResolver::CascadedProperties::addMatches): When style properties are added, also figure out the CascadeLevel and pass it along to be stored in the Property. We use the MatchResult's ranges to know where a property comes from. (WebCore::StyleResolver::CascadedProperties::applyDeferredProperties): (WebCore::StyleResolver::CascadedProperties::Property::apply): (WebCore::StyleResolver::applyCascadedProperties): Pass along the MatchResult so we know how to build the rollback. * css/StyleResolver.h: (WebCore::StyleResolver::State::cascadeLevel): (WebCore::StyleResolver::State::setCascadeLevel): (WebCore::StyleResolver::State::authorRollback): (WebCore::StyleResolver::State::userRollback): (WebCore::StyleResolver::State::setAuthorRollback): (WebCore::StyleResolver::State::setUserRollback): (WebCore::StyleResolver::state): (WebCore::StyleResolver::cascadeLevel): (WebCore::StyleResolver::setCascadeLevel): Move CascadedProperties into the header. Add CascadeLevel to Property. Add the level and rollbacks to the resolver's state. 2015-12-05 Matthew Hanson <matthew_hanson@apple.com> Merge r191201. rdar://problem/23772907 2015-10-16 David Hyatt <hyatt@apple.com> ASSERT in imported/blink/fast/block/float/overhanging-float-crashes-when-sibling-becomes-formatting-context.html https://bugs.webkit.org/show_bug.cgi?id=150249 Reviewed by Myles Maxfield. Covered by existing tests. * css/CSSValue.cpp: (WebCore::CSSValue::equals): Make sure the "unset" value has an equals implementation. 2015-12-05 Matthew Hanson <matthew_hanson@apple.com> Merge r191178. rdar://problem/23772788 2015-10-16 David Hyatt <hyatt@apple.com> Implement the "all" CSS property. https://bugs.webkit.org/show_bug.cgi?id=116966 Reviewed by Zalan Bujtas. Added new tests in fast/css. * css/CSSComputedStyleDeclaration.cpp: (WebCore::ComputedStyleExtractor::propertyValue): Don't support "all" from computed style for now. * css/CSSParser.cpp: (WebCore::CSSParser::parseValue): Make sure to bail after checking inherit/unset/initial for all, since you can't actually accept longhand values in the shorthand declarations. (WebCore::CSSParser::parseAnimationProperty): "all" for animations is a special value and should not be confused with the property. It animates everything and does not omit unicode-bidi/direction the way the "all" property does. * css/CSSPropertyNames.in: Add the "all" property to the list and use a special keyword in the Longhands value, "all", that makeprop.pl will look for. This way we don't have to dump every single CSS property into the Longhands expression, since that would be nuts. * css/StyleProperties.cpp: (WebCore::StyleProperties::getPropertyValue): Look for a common value across all properties supported by "all". That way you can get back inherit/initial/unset from it. * css/makeprop.pl: Make the perl script look for "all" in the longhand list, and if it sees it, put every single CSS property into the list for the all shorthand. 2015-12-05 Matthew Hanson <matthew_hanson@apple.com> Merge r191155. rdar://problem/23772908 2015-10-15 David Hyatt <hyatt@apple.com> Patch parseKeywordValue to accept "unset" so that it goes down the faster parsing path. https://bugs.webkit.org/show_bug.cgi?id=150213 Reviewed by Dean Jackson. No new tests as correctness doesn't change (just speed). * css/CSSParser.cpp: (WebCore::parseKeywordValue): 2015-12-05 Matthew Hanson <matthew_hanson@apple.com> Merge r191151. rdar://problem/23772904 2015-10-15 David Hyatt <hyatt@apple.com> Add support for the CSS 'unset' keyword. https://bugs.webkit.org/show_bug.cgi?id=148614 Reviewed by Dean Jackson. Added new test in fast/css, and existing variables tests also use unset in several tests. * WebCore.xcodeproj/project.pbxproj: Add CSSUnsetValue.cpp to the project. * bindings/objc/DOMCSS.mm: (kitClass): Make sure UNSET is handled in the switch. * css/CSSParser.cpp: (WebCore::parseKeywordValue): (WebCore::CSSParser::parseValue): (WebCore::CSSParser::parseCustomPropertyDeclaration): Add cases to create a CSSUnsetValue properly. * css/CSSToStyleMap.cpp: (WebCore::CSSToStyleMap::styleImage): (WebCore::CSSToStyleMap::mapFillAttachment): (WebCore::CSSToStyleMap::mapFillClip): (WebCore::CSSToStyleMap::mapFillComposite): (WebCore::CSSToStyleMap::mapFillBlendMode): (WebCore::CSSToStyleMap::mapFillOrigin): (WebCore::CSSToStyleMap::mapFillImage): (WebCore::CSSToStyleMap::mapFillRepeatX): (WebCore::CSSToStyleMap::mapFillRepeatY): (WebCore::convertToLengthSize): (WebCore::CSSToStyleMap::mapFillSize): (WebCore::CSSToStyleMap::mapFillXPosition): (WebCore::CSSToStyleMap::mapFillYPosition): (WebCore::CSSToStyleMap::mapFillMaskSourceType): (WebCore::CSSToStyleMap::mapAnimationDelay): (WebCore::CSSToStyleMap::mapAnimationDirection): (WebCore::CSSToStyleMap::mapAnimationDuration): (WebCore::CSSToStyleMap::mapAnimationFillMode): (WebCore::CSSToStyleMap::mapAnimationIterationCount): (WebCore::CSSToStyleMap::mapAnimationName): (WebCore::CSSToStyleMap::mapAnimationPlayState): (WebCore::CSSToStyleMap::mapAnimationProperty): (WebCore::CSSToStyleMap::mapAnimationTimingFunction): (WebCore::CSSToStyleMap::mapAnimationTrigger): The background and animation functions need to check for unset and be able to map it properly to initial. This is done with a new treatAsInitial method on CSSValue that can take the property ID and check for both initial or unset on a non-inherited property. * css/CSSUnsetValue.cpp: Added. (WebCore::CSSUnsetValue::customCSSText): * css/CSSUnsetValue.h: Added. (WebCore::CSSUnsetValue::create): (WebCore::CSSUnsetValue::equals): (WebCore::CSSUnsetValue::CSSUnsetValue): This new value looks exactly like CSSInheritedValue and CSSInitialValue. * css/CSSValue.cpp: (WebCore::CSSValue::cssValueType): (WebCore::CSSValue::cssText): (WebCore::CSSValue::destroy): (WebCore::CSSValue::isInvalidCustomPropertyValue): (WebCore::CSSValue::treatAsInheritedValue): (WebCore::CSSValue::treatAsInitialValue): * css/CSSValue.h: (WebCore::CSSValue::isUnsetValue): Add isUnsetValue and the UnsetClass. Add support for treatAsInheritedValue and treatAsInitialValue to have a way to query for initial/inherit or the matching unset type. * css/CSSValueKeywords.in: Add the unset keyword. * css/CSSValuePool.cpp: (WebCore::CSSValuePool::CSSValuePool): * css/CSSValuePool.h: (WebCore::CSSValuePool::createUnsetValue): Have a singleton model for unset just like we do for inherit/initial. * css/StyleResolver.cpp: (WebCore::StyleResolver::applyProperty): Handle unset correctly. It maps to inherit for inherited properties and initial for non-inherited ones. 2015-12-05 Matthew Hanson <matthew_hanson@apple.com> Merge r188130. rdar://problem/23769732 2015-08-07 Myles C. Maxfield <mmaxfield@apple.com> Allow FontCustomPlatformData to consult with FontDescription https://bugs.webkit.org/show_bug.cgi?id=147775 Reviewed by Zalan Bujtas. In order to implement font-feature-settings, web fonts need to be able to consult with the set of active font features. Rather than add yet another argument to all the functions in this flow, this patch passes around a reference to the FontDescription itself instead of copies of constituent members of it. No new tests because there is no behavior change. * css/CSSFontFaceSource.cpp: (WebCore::CSSFontFaceSource::font): * loader/cache/CachedFont.cpp: (WebCore::CachedFont::createFont): (WebCore::CachedFont::platformDataFromCustomData): * loader/cache/CachedFont.h: * loader/cache/CachedSVGFont.cpp: (WebCore::CachedSVGFont::platformDataFromCustomData): * loader/cache/CachedSVGFont.h: * platform/graphics/cairo/FontCustomPlatformData.h: * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp: (WebCore::FontCustomPlatformData::fontPlatformData): * platform/graphics/freetype/FontPlatformData.h: * platform/graphics/freetype/FontPlatformDataFreeType.cpp: (WebCore::FontPlatformData::FontPlatformData): * platform/graphics/freetype/SimpleFontDataFreeType.cpp: (WebCore::Font::platformCreateScaledFont): * platform/graphics/mac/FontCustomPlatformData.cpp: (WebCore::FontCustomPlatformData::fontPlatformData): * platform/graphics/mac/FontCustomPlatformData.h: * platform/graphics/win/FontCustomPlatformData.cpp: (WebCore::FontCustomPlatformData::fontPlatformData): * platform/graphics/win/FontCustomPlatformData.h: 2015-12-05 Matthew Hanson <matthew_hanson@apple.com> Merge r187709. rdar://problem/23769732 2015-07-31 Myles C. Maxfield <mmaxfield@apple.com> Fix the build Unreviewed. * platform/graphics/mac/FontCacheMac.mm: (WebCore::lookupCTFont): 2015-12-05 Matthew Hanson <matthew_hanson@apple.com> Merge r190667. rdar://problem/23769584 2015-10-06 Simon Fraser <simon.fraser@apple.com> will-change should trigger stacking context based purely on properties https://bugs.webkit.org/show_bug.cgi?id=148068 Reviewed by Zalan Bujtas. Previously, our will-change implementation didn't trigger stacking context on an inline if the will-change property didn't apply to inlines (like 'transform'). However, this doesn't agree with the CSS-WG consensus (https://lists.w3.org/Archives/Public/www-style/2015Sep/0112.html). Change behavior to have stacking context creation behavior for will-change be identical for inlines and blocks. Test: fast/css/will-change/will-change-creates-stacking-context-inline.html * rendering/RenderInline.cpp: (WebCore::inFlowPositionedInlineAncestor): * rendering/RenderInline.h: (WebCore::RenderInline::willChangeCreatesStackingContext): * rendering/style/WillChangeData.cpp: (WebCore::propertyCreatesStackingContext): (WebCore::WillChangeData::addFeature): (WebCore::propertyCreatesStackingContextOnBoxesOnly): Deleted. * rendering/style/WillChangeData.h: (WebCore::WillChangeData::canCreateStackingContextOnInline): Deleted. 2015-12-05 Matthew Hanson <matthew_hanson@apple.com> Merge r188604. rdar://problem/23769584 2015-08-18 Simon Fraser <simon.fraser@apple.com> will-change: backface-visibility should not cause stacking context https://bugs.webkit.org/show_bug.cgi?id=148091 Reviewed by Zalan Bujtas. Take CSSPropertyWebkitBackfaceVisibility out of the list of properties that causes will-change to create stacking context, since no value of the property creates stacking. Move willChangeCreatesStackingContext() and shouldWillChangeCreateStackingContext() into RenderInline since it's only called from there. * rendering/RenderElement.cpp: (WebCore::RenderElement::shouldWillChangeCreateStackingContext): Deleted. * rendering/RenderElement.h: (WebCore::RenderElement::willChangeCreatesStackingContext): Deleted. * rendering/RenderInline.h: (WebCore::RenderInline::willChangeCreatesStackingContext): * rendering/style/WillChangeData.cpp: (WebCore::propertyCreatesStackingContext): Deleted. 2015-12-05 Matthew Hanson <matthew_hanson@apple.com> Merge r188168. rdar://problem/23769732 2015-08-07 Myles C. Maxfield <mmaxfield@apple.com> Post-review comments on r188146 https://bugs.webkit.org/show_bug.cgi?id=147793 Reviewed by Daniel Bates. No new tests because there is no behavior change. * platform/graphics/FontCache.h: * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::appendTrueTypeFeature): (WebCore::appendOpenTypeFeature): (WebCore::applyFontFeatureSettings): * platform/graphics/ios/FontCacheIOS.mm: (WebCore::FontCache::getSystemFontFallbackForCharacters): (WebCore::FontCache::createFontPlatformData): * platform/graphics/mac/FontCacheMac.mm: (WebCore::fontWithFamily): (WebCore::FontCache::systemFallbackForCharacters): * platform/graphics/mac/FontCustomPlatformData.cpp: (WebCore::FontCustomPlatformData::fontPlatformData): * rendering/RenderThemeIOS.mm: (WebCore::RenderThemeIOS::updateCachedSystemFontDescription): 2015-12-05 Matthew Hanson <matthew_hanson@apple.com> Merge r188146. rdar://problem/23769732 2015-08-07 Myles C. Maxfield <mmaxfield@apple.com> Implement font-feature-settings https://bugs.webkit.org/show_bug.cgi?id=147722 Reviewed by Simon Fraser. Fonts with features are simply modeled as new font objects. Font feature information is contained within FontDescription, and our caches are correctly sensitive to this information. Therefore, we just need to make our font lookup code honor the request to use certain features. This patch creates a file, FontCacheCoreText.cpp, which will be the new home of all shared OS X / iOS FontCache code. Over time, I will be moving more and more source into this file, until there is nothing left of FontCacheMac.mm and FontCacheIOS.mm. For now, the only function in this file is the code which applies font features. Test: css3/font-feature-settings-preinstalled-fonts.html * WebCore.xcodeproj/project.pbxproj: Add FontCacheCoreText.cpp. * platform/graphics/FontCache.h: * platform/graphics/cocoa/FontCacheCoreText.cpp: Added. (WebCore::appendTrueTypeFeature): What the name says. (WebCore::appendOpenTypeFeature): Ditto. (WebCore::applyFontFeatureSettings): Ditto. * platform/graphics/ios/FontCacheIOS.mm: (WebCore::FontCache::getSystemFontFallbackForCharacters): Call applyFontFeatureSettings(). (WebCore::FontCache::createFontPlatformData): Ditto. * platform/graphics/mac/FontCacheMac.mm: (WebCore::fontWithFamily): Ditto. (WebCore::FontCache::systemFallbackForCharacters): Ditto. (WebCore::FontCache::createFontPlatformData): Ditto. * platform/graphics/mac/FontCustomPlatformData.cpp: (WebCore::FontCustomPlatformData::fontPlatformData): Ditto. * rendering/RenderThemeIOS.mm: (WebCore::RenderThemeIOS::updateCachedSystemFontDescription): Ditto. 2015-12-05 Matthew Hanson <matthew_hanson@apple.com> Merge r187982. rdar://problem/23769732 2015-08-05 Myles C. Maxfield <mmaxfield@apple.com> [OS X] Migrate to CTFontCreateForCharactersWithLanguage from [NSFont findFontLike:forString:withRange:inLanguage] https://bugs.webkit.org/show_bug.cgi?id=147483 Reviewed by Dean Jackson. [NSFont findFontLike:forString:withRange:inLanguage] doesn't properly handle its last argument. In addition, we want to be moving away from NSFont in the first place and on to Core Text. This new CoreText function correctly handles its language argument, which is required for language-specific font fallback. This patch rolls r187707 back in which was rolled out in r187802 due to test flakiness. This patch fixes the flakiness. No new tests because there is no behavior change. * platform/graphics/FontCache.cpp: (WebCore::FontCache::purgeInactiveFontData): * platform/graphics/FontCache.h: (WebCore::FontCache::platformPurgeInactiveFontData): * platform/graphics/mac/FontCacheMac.mm: (WebCore::fallbackDedupSet): (WebCore::FontCache::platformPurgeInactiveFontData): (WebCore::lookupCTFont): (WebCore::FontCache::systemFallbackForCharacters): * platform/spi/cocoa/CoreTextSPI.h: * platform/spi/mac/NSFontSPI.h: 2015-12-04 Matthew Hanson <matthew_hanson@apple.com> Merge r191825. rdar://problem/23732363 2015-10-30 Joseph Pecoraro <pecoraro@apple.com> CSSParserVariable leaks seen on leaks bots https://bugs.webkit.org/show_bug.cgi?id=150724 Reviewed by Darin Adler. * css/CSSParserValues.cpp: (WebCore::destroy): Cleanup variable CSSParserValues. 2015-12-04 Matthew Hanson <matthew_hanson@apple.com> Merge r191128. rdar://problem/23732363 2015-10-14 David Hyatt <hyatt@apple.com> Implement CSS Variables. https://bugs.webkit.org/show_bug.cgi?id=19660 Reviewed by Dean Jackson. Added new tests in fast/css/custom-properties and fast/css/variables. * CMakeLists.txt: * WebCore.xcodeproj/project.pbxproj: Add CSSVariableValue.cpp and CSSVariableDependentValue.cpp to builds. * css/CSSCalculationValue.cpp: (WebCore::hasDoubleValue): Handle the new CSS_PARSER_WHITESPACE value. * css/CSSComputedStyleDeclaration.cpp: (WebCore::ComputedStyleExtractor::customPropertyValue): Patched to make sure style is updated so that dynamic changes to custom properties are reflected immediately when querying values. (WebCore::CSSComputedStyleDeclaration::length): (WebCore::CSSComputedStyleDeclaration::item): The custom properties table is a reference and not a pointer now. * css/CSSCustomPropertyValue.h: (WebCore::CSSCustomPropertyValue::create): (WebCore::CSSCustomPropertyValue::createInvalid): (WebCore::CSSCustomPropertyValue::customCSSText): (WebCore::CSSCustomPropertyValue::equals): (WebCore::CSSCustomPropertyValue::isInvalid): (WebCore::CSSCustomPropertyValue::containsVariables): (WebCore::CSSCustomPropertyValue::value): (WebCore::CSSCustomPropertyValue::CSSCustomPropertyValue): The CSSCustomPropertyValue represents a custom property/value pair in the back end. It holds on to both the property name and a CSSValueList that has the original parser terms. This class also doubles as the invalid-at-compute-time value for custom properties when they contain cycles, etc. * css/CSSFunctionValue.cpp: (WebCore::CSSFunctionValue::buildParserValueSubstitutingVariables): * css/CSSFunctionValue.h: (WebCore::CSSFunctionValue::buildParserValueSubstitutingVariables): Hands back a CSSParserValue for a function with variables replaced with their real values (or fallback). * css/CSSGrammar.y.in: Many changes to support the var() syntax and to handle error conditions and cases. * css/CSSParser.cpp: (WebCore::filterProperties): Null check the value here. Shouldn't happen, but being paranoid. (WebCore::CSSParser::parseVariableDependentValue): This function converts a CSSValueList back into a CSSParserValueList and then passes it off to the parser. If the result parses, successfully, then the parsed CSSValue is handed back. (WebCore::CSSParser::parseValue): Detect when a property value contains variables and simply make a CSSVariableDependentValue to hold a copy of the parser value list (as a CSSValueList). We defer parsing the list until compute-time when we know the values of the variables to use. (WebCore::CSSParser::parseCustomPropertyDeclaration): Add support for inherit, initial and variable references in custom properties. (WebCore::CSSParser::detectFunctionTypeToken): Add support for detection of the "var" token. (WebCore::CSSParser::realLex): Fix the parsing of custom properties to allow "--" and to allow them to start with digits, e.g., "--0". * css/CSSParser.h: Add parseVariableDependentValue function for handling variable substitution and subsequent parsing of the resolved parser value list. * css/CSSParserValues.cpp: (WebCore::CSSParserValueList::containsVariables): Get rid of the toString() function (no longer needed) and replace it with containsVariables(). This check is used to figure out if a parser value list has variables and thus needs to defer parsing until later. (WebCore::CSSParserValue::createCSSValue): Add support for the creation of values for variables, CSSVariableValues. (WebCore::CSSParserValueList::toString): Deleted. No longer needed. * css/CSSParserValues.h: Add CSSParserVariable as a new kind of parser value. This represents a var() that is encountered during parsing. It is similar to a function except it has to hold both the reference (custom property name) and fallback arguments. * css/CSSPrimitiveValue.cpp: (WebCore::isValidCSSUnitTypeForDoubleConversion): (WebCore::CSSPrimitiveValue::cleanup): (WebCore::CSSPrimitiveValue::formatNumberForCustomCSSText): (WebCore::CSSPrimitiveValue::cloneForCSSOM): (WebCore::CSSPrimitiveValue::equals): Add support for CSS_PARSER_WHITESPACE as a way of preserving whitespace as a parsed item (variables can be only whitespace, and this has to be retained). (WebCore::CSSPrimitiveValue::buildParserValue): Conversion from a CSSPrimitiveValue back into a parser value is handled by this function. * css/CSSPrimitiveValue.h: (WebCore::CSSPrimitiveValue::isParserOperator): (WebCore::CSSPrimitiveValue::parserOperator): Add ability to get parser operator info. Add the buildParserValue declaration. * css/CSSValue.cpp: (WebCore::CSSValue::equals): (WebCore::CSSValue::cssText): (WebCore::CSSValue::destroy): (WebCore::CSSValue::cloneForCSSOM): (WebCore::CSSValue::isInvalidCustomPropertyValue): * css/CSSValue.h: Add support for variable values and variable dependent values. * css/CSSValueList.cpp: (WebCore::CSSValueList::customCSSText): Improve serialization to not output extra spaces when a comma operator is a value. (WebCore::CSSValueList::containsVariables): Whether or not a CSSVariableValue can be found somewhere within the list (or its descendants). (WebCore::CSSValueList::checkVariablesForCycles): Called to check variables for cycles. (WebCore::CSSValueList::buildParserValueSubstitutingVariables): (WebCore::CSSValueList::buildParserValueListSubstitutingVariables): Functions that handle converting the value list to a parser value list while making variable substitutions along the way. * css/CSSValueList.h: Add the new buildParserXXX functions. * css/CSSVariableDependentValue.cpp: Added. (WebCore::CSSVariableDependentValue::checkVariablesForCycles): * css/CSSVariableDependentValue.h: Added. (WebCore::CSSVariableDependentValue::create): (WebCore::CSSVariableDependentValue::customCSSText): (WebCore::CSSVariableDependentValue::equals): (WebCore::CSSVariableDependentValue::propertyID): (WebCore::CSSVariableDependentValue::valueList): (WebCore::CSSVariableDependentValue::CSSVariableDependentValue): This value represents a list of terms that have not had variables substituted yet. The list is held by the value so that it can be converted back into a parser value list once the variable values are known. * css/CSSVariableValue.cpp: Added. (WebCore::CSSVariableValue::CSSVariableValue): (WebCore::CSSVariableValue::customCSSText): (WebCore::CSSVariableValue::equals): (WebCore::CSSVariableValue::buildParserValueListSubstitutingVariables): * css/CSSVariableValue.h: Added. (WebCore::CSSVariableValue::create): (WebCore::CSSVariableValue::name): (WebCore::CSSVariableValue::fallbackArguments): This value represents a var() itself. It knows how to do the substitution of the variable value and to apply fallback if that value is not present. * css/StyleProperties.cpp: (WebCore::StyleProperties::getPropertyValue): (WebCore::StyleProperties::borderSpacingValue): (WebCore::StyleProperties::getLayeredShorthandValue): (WebCore::StyleProperties::getShorthandValue): (WebCore::StyleProperties::getCommonValue): (WebCore::StyleProperties::getPropertyCSSValue): (WebCore::StyleProperties::getPropertyCSSValueInternal): (WebCore::StyleProperties::asText): (WebCore::StyleProperties::copyPropertiesInSet): * css/StyleProperties.h: Patched to factor property fetching into an internal method so that variables can work with shorthands in the CSS OM. * css/StyleResolver.cpp: (WebCore::StyleResolver::applyProperty): Resolve variable values at compute time. If they fail to resolve, use inherit or initial as the value (depending on whether the property inherits by default). (WebCore::StyleResolver::resolvedVariableValue): Helper function that calls parseVariableDependentValue and gets the resolved result. (WebCore::StyleResolver::applyCascadedProperties): After custom properties have been collected, we check for cycles and perform variable substitutions. This way we get all the variables replaced before we inherit down the style tree. * css/StyleResolver.h: Add resolvedVariableValue declaration. * css/makeprop.pl: Make sure custom properties are inherited by default. * rendering/style/RenderStyle.cpp: (WebCore::RenderStyle::checkVariablesInCustomProperties): This function handles updating variables with cycles to be invalid in the RenderStyle. It then also handles the replacement of variables found in custom properties with resolved values. All custom properties are either invalid or are real non-variable-dependent value lists after this function completes. * rendering/style/RenderStyle.h: Add checkVariablesInCustomProperties declaration. * rendering/style/StyleCustomPropertyData.h: (WebCore::StyleCustomPropertyData::create): (WebCore::StyleCustomPropertyData::copy): (WebCore::StyleCustomPropertyData::operator==): (WebCore::StyleCustomPropertyData::operator!=): (WebCore::StyleCustomPropertyData::setCustomPropertyValue): (WebCore::StyleCustomPropertyData::getCustomPropertyValue): (WebCore::StyleCustomPropertyData::values): (WebCore::StyleCustomPropertyData::hasCustomProperty): (WebCore::StyleCustomPropertyData::containsVariables): (WebCore::StyleCustomPropertyData::setContainsVariables): (WebCore::StyleCustomPropertyData::StyleCustomPropertyData): Miscellaneous cleanup, and the addition of whether or not the properties still contain variable dependent values that need to be resolved. 2015-12-04 Matthew Hanson <matthew_hanson@apple.com> Merge r190231. rdar://problem/23732363 2015-09-24 David Hyatt <hyatt@apple.com> Keep the already-parsed list of terms in custom property values so that we don't have to re-parse them later when doing variable resolution. https://bugs.webkit.org/show_bug.cgi?id=149544 Reviewed by Dean Jackson. * css/CSSComputedStyleDeclaration.cpp: (WebCore::ComputedStyleExtractor::customPropertyValue): (WebCore::ComputedStyleExtractor::customPropertyText): Add a helper for getting the raw text. More closely parallels how non-custom properties work with the extractor. (WebCore::ComputedStyleExtractor::propertyValue): Change propertyValue to use customPropertyText. (WebCore::ComputedStyleExtractor::copyPropertiesInSet): Don't copy CSS custom properties into the style declaration. This is just used for things like editing, so we didn't need to be putting the custom properties into this set. (WebCore::CSSComputedStyleDeclaration::getPropertyValue): Patched to go straight to the serialized string value. (WebCore::ComputedStyleExtractor::customPropertyValue): Deleted. Replaced by customPropertyText. * css/CSSComputedStyleDeclaration.h: Rename customPropertyValue to customPropertyText and make it just return a String. * css/CSSCustomPropertyValue.h: (WebCore::CSSCustomPropertyValue::create): (WebCore::CSSCustomPropertyValue::customCSSText): (WebCore::CSSCustomPropertyValue::name): (WebCore::CSSCustomPropertyValue::equals): (WebCore::CSSCustomPropertyValue::CSSCustomPropertyValue): (WebCore::CSSCustomPropertyValue::value): Deleted. Changed to hold both a CSSParserValueList, which it adopts from the CSSParser, and a string value that is constructed lazily only if the value is serialized. Now the problematic serialization code will only run if someone uses the CSS OM to trigger a serialization (this should be a rare occurrence, so perf improves with this change). * css/CSSGrammar.y.in: Change parsing of custom properties to be identical to regular properties. This refactoring allows us to simply invoke the parser from style declarations as well and makes everything behave more similarly to normal property parsing. * css/CSSParser.cpp: (WebCore::CSSParser::parseValue): (WebCore::CSSParser::parseCustomPropertyValue): (WebCore::CSSParser::parseCustomPropertyDeclaration): (WebCore::CSSParser::addCustomPropertyDeclaration): Deleted. * css/CSSParser.h: (WebCore::CSSParser::setCustomPropertyName): We now have a method for parsing custom properties that can be invoked from style declarations. The parser list is now adopted by the CSSCustomPropertyValue. * css/CSSParserValues.cpp: (WebCore::CSSParserValueList::toString): Build the string serialization code right into CSSParserValueList. * css/CSSParserValues.h: Add a toString() method for serialization. * css/StyleProperties.cpp: (WebCore::MutableStyleProperties::setProperty): (WebCore::MutableStyleProperties::setCustomProperty): Changed to use the new CSSParser functions. This makes the code behave almost identically to regular property parsing. * css/StyleResolver.cpp: (WebCore::StyleResolver::applyProperty): * rendering/style/RenderStyle.h: * rendering/style/StyleCustomPropertyData.h: Change the mapping on RenderStyle to store the custom CSS values. This way we can get to the original parser lists for each variable when it comes time to do variable resolution. 2015-12-04 Matthew Hanson <matthew_hanson@apple.com> Merge r190209. rdar://problem/23732363 2015-09-24 David Hyatt <hyatt@apple.com> Add support for CSS Custom Properties (in preparation for implementing CSS Variables). https://bugs.webkit.org/show_bug.cgi?id=130397 Reviewed by Antti Koivisto. Added new tests in fast/css/custom-properties. * WebCore.xcodeproj/project.pbxproj: Add new header files to the project (CSSCustomPropertyValue and StyleCustomPropertyData). * css/CSSComputedStyleDeclaration.cpp: (WebCore::ComputedStyleExtractor::customPropertyValue): (WebCore::ComputedStyleExtractor::propertyValue): If a custom property value is queried (i.e., it starts with "--"), then we use our customPropertyValue lookup to go to the RenderStyle and fetch the appropriate custom property value from the StyleCustomPropertyData. (WebCore::CSSComputedStyleDeclaration::length): (WebCore::CSSComputedStyleDeclaration::item): Patched to include custom properties in the returned array. They appear at the end of the array after the built-in properties. (WebCore::ComputedStyleExtractor::propertyMatches): Patched to check custom properties. (WebCore::ComputedStyleExtractor::copyPropertiesInSet): Make sure the custom properties get copied into the StyleDeclaration. (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue): (WebCore::CSSComputedStyleDeclaration::getPropertyValue): Patched to call customPropertyValue for custom properties. * css/CSSComputedStyleDeclaration.h: Add customPropertyValue() to ComputedStyleExtractor. * css/CSSCustomPropertyValue.h: Added. (WebCore::CSSCustomPropertyValue::create): (WebCore::CSSCustomPropertyValue::equals): (WebCore::CSSCustomPropertyValue::customCSSText): (WebCore::CSSCustomPropertyValue::name): (WebCore::CSSCustomPropertyValue::value): (WebCore::CSSCustomPropertyValue::CSSCustomPropertyValue): Custom properties are parsed as a property with an ID of CSSPropertyCustom and a CSSCustomPropertyValue that holds both the name and the value of the property. Ultimately we might want to just ditch property IDs in favor of AtomicStrings for all properties, and then the need to special case custom properties would go away. For now, though, this is the way we work custom properties into the existing system. * css/CSSGrammar.y.in: Add a production for recognizing custom properties and storing them using a property ID of CSSPropertyCustom and a CSSCustomPropertyValue that has the name/value pair. * css/CSSParser.cpp: (WebCore::filterProperties): Patched to track seen custom properties and to handle them correctly. (WebCore::CSSParser::createStyleProperties): Pass in a seenCustomProperties table to ensure we bail when encountering the same custom property twice. (WebCore::CSSParser::addCustomPropertyDeclaration): Called from the grammar production to create the CSSCustomPropertyValue. (WebCore::isCustomPropertyIdentifier): Recognize the -- custom property during lexing. (WebCore::CSSParser::parseIdentifier): Patched to return a CUSTOM_PROPERTY token when a custom property is identified. * css/CSSParser.h: (WebCore::isCustomPropertyName): Add a helper function for asking if a property name is custom. * css/CSSValue.cpp: (WebCore::CSSValue::equals): (WebCore::CSSValue::cssText): (WebCore::CSSValue::destroy): * css/CSSValue.h: Patched to add support for CSSCustomPropertyValue. * css/PropertySetCSSStyleDeclaration.cpp: (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue): (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue): (WebCore::PropertySetCSSStyleDeclaration::getPropertyPriority): (WebCore::PropertySetCSSStyleDeclaration::setProperty): (WebCore::PropertySetCSSStyleDeclaration::removeProperty): Add code for handling custom properties in the CSS OM. * css/StyleProperties.cpp: (WebCore::StyleProperties::getPropertyValue): (WebCore::StyleProperties::getCustomPropertyValue): (WebCore::StyleProperties::getPropertyCSSValue): (WebCore::StyleProperties::getCustomPropertyCSSValue): (WebCore::MutableStyleProperties::removeProperty): (WebCore::MutableStyleProperties::removeCustomProperty): (WebCore::StyleProperties::propertyIsImportant): (WebCore::StyleProperties::customPropertyIsImportant): (WebCore::MutableStyleProperties::setProperty): (WebCore::MutableStyleProperties::setCustomProperty): (WebCore::MutableStyleProperties::addParsedProperty): (WebCore::MutableStyleProperties::findPropertyIndex): (WebCore::ImmutableStyleProperties::findCustomPropertyIndex): (WebCore::MutableStyleProperties::findCustomPropertyIndex): (WebCore::MutableStyleProperties::findCSSPropertyWithID): (WebCore::MutableStyleProperties::findCustomCSSPropertyWithName): (WebCore::StyleProperties::propertyMatches): (WebCore::StyleProperties::PropertyReference::cssName): * css/StyleProperties.h: (WebCore::StyleProperties::findCustomPropertyIndex): Patched to support handling custom properties in the CSS OM. We have to create equivalent methods that operate on AtomicString propertyNames instead of on property IDs. * css/StyleResolver.cpp: (WebCore::StyleResolver::CascadedProperties::customProperties): (WebCore::StyleResolver::styleForKeyframe): (WebCore::StyleResolver::styleForPage): (WebCore::StyleResolver::applyMatchedProperties): (WebCore::StyleResolver::applyProperty): (WebCore::StyleResolver::CascadedProperties::set): (WebCore::StyleResolver::applyCascadedProperties): The resolver has to hold a HashMap from AtomicStrings to Properties. It matches identically to how built-in properties work except that an extensible table (HashMap) is used to hold the property data. * css/makeprop.pl: Patched to include the special CSSPropertyCustom value of 1 (just after the CSSPropertyInvalid id value but before the first built-in property value). * inspector/InspectorStyleSheet.cpp: (WebCore::InspectorStyle::getText): (WebCore::lowercasePropertyName): (WebCore::InspectorStyle::populateAllProperties): Patch inspector to not lowercase CSS custom property names, since they are case-sensitive. * rendering/style/RenderStyle.h: * rendering/style/StyleCustomPropertyData.h: Added. (WebCore::StyleCustomPropertyData::create): (WebCore::StyleCustomPropertyData::copy): (WebCore::StyleCustomPropertyData::operator==): (WebCore::StyleCustomPropertyData::operator!=): (WebCore::StyleCustomPropertyData::setCustomPropertyValue): (WebCore::StyleCustomPropertyData::getCustomPropertyValue): (WebCore::StyleCustomPropertyData::hasCustomProperty): (WebCore::StyleCustomPropertyData::StyleCustomPropertyData): * rendering/style/StyleRareInheritedData.cpp: (WebCore::StyleRareInheritedData::StyleRareInheritedData): (WebCore::StyleRareInheritedData::operator==): * rendering/style/StyleRareInheritedData.h: The front end storage in the RenderStyle for custom properties. For now, custom properties are always inherited, so the data is in StyleRareInheritedData. 2015-12-04 Matthew Hanson <matthew_hanson@apple.com> Merge r191452. rdar://problem/23732400 2015-10-22 Wenson Hsieh <wenson_hsieh@apple.com> Implement touch-action: manipulation; for iOS https://bugs.webkit.org/show_bug.cgi?id=149854 <rdar://problem/23017145> Reviewed by Benjamin Poulain. Implements the manipulation value for the CSS property touch-action. Adds support for parsing the touch-action property and two of its values: auto and manipulation. Tests: css3/touch-action/touch-action-computed-style.html css3/touch-action/touch-action-manipulation-fast-clicks.html css3/touch-action/touch-action-parsing.html * css/CSSComputedStyleDeclaration.cpp: (WebCore::ComputedStyleExtractor::propertyValue): * css/CSSParser.cpp: (WebCore::isValidKeywordPropertyAndValue): (WebCore::isKeywordPropertyID): (WebCore::CSSParser::parseValue): * css/CSSPrimitiveValueMappings.h: (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): (WebCore::CSSPrimitiveValue::operator TouchAction): * css/CSSPropertyNames.in: * css/CSSValueKeywords.in: * dom/Element.cpp: (WebCore::Element::allowsDoubleTapGesture): Here, we determine whether an element that resulted from hit-testing a touch should allow double-tap gestures. To do this, we walk up the element's parents, stopping when we detect an element that disallows double tap gestures by having a touch-action other than auto or by hitting the root node. * dom/Element.h: * dom/Node.h: (WebCore::Node::allowsDoubleTapGesture): * rendering/style/RenderStyle.h: * rendering/style/RenderStyleConstants.h: * rendering/style/StyleRareNonInheritedData.cpp: (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData): (WebCore::StyleRareNonInheritedData::operator==): * rendering/style/StyleRareNonInheritedData.h: 2015-12-04 Matthew Hanson <matthew_hanson@apple.com> Merge r190595. rdar://problem/23732402 2015-10-05 Dean Jackson <dino@apple.com> EXT_texture_filter_anisotropic extension exposed with WEBKIT_ prefix https://bugs.webkit.org/show_bug.cgi?id=149765 <rdar://problem/22983722> Reviewed by Beth Dakin. We can now remove the WEBKIT_ prefix from this extension. Test: fast/canvas/webgl/unprefixed-anisotropic-extension.html * html/canvas/WebGL2RenderingContext.cpp: Support the prefixed and unprefixed form. (WebCore::WebGL2RenderingContext::getExtension): * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::getExtension): (WebCore::WebGLRenderingContext::getSupportedExtensions): 2015-12-04 Matthew Hanson <matthew_hanson@apple.com> Merge r190446. rdar://problem/23732367 2015-10-01 Dean Jackson <dino@apple.com> Expose WEBGL_debug_renderer_info https://bugs.webkit.org/show_bug.cgi?id=149735 <rdar://problem/18343500> Reviewed by Simon Fraser. Enable the extension that allows content to query for the GPUs vendor and details. Now that we're enabling this, there was no need for the internal setting that identified privileged situations. However, since this meant that WEBGL_debug_shaders was also exposed, I explicitly disable it since it is not yet conformant. Test: fast/canvas/webgl/webgl-debug-renderer-info.html as well as the general conformance suite. * html/canvas/WebGL2RenderingContext.cpp: No need to guard around allowPrivilegedExtensions(). (WebCore::WebGL2RenderingContext::getExtension): (WebCore::WebGL2RenderingContext::getSupportedExtensions): * html/canvas/WebGLRenderingContext.cpp: Ditto. (WebCore::WebGLRenderingContext::getExtension): (WebCore::WebGLRenderingContext::getSupportedExtensions): * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::allowPrivilegedExtensions): Deleted. * html/canvas/WebGLRenderingContextBase.h: * page/Settings.in: Remove privilegedWebGLExtensions. * platform/graphics/opengl/Extensions3DOpenGL.cpp: Forbid the translated shader extension while it is still buggy. (WebCore::Extensions3DOpenGL::supportsExtension): 2015-12-03 Matthew Hanson <matthew_hanson@apple.com> Merge r188647. rdar://problem/23732386 2015-08-18 Dean Jackson <dino@apple.com> Support CSS filters without webkit prefix https://bugs.webkit.org/show_bug.cgi?id=148138 <rdar://problem/22331434> Reviewed by Sam Weinig. Add support for the un-prefixed form of the CSS filter property. This was straightforward for the general case on HTML content. It was a bit more tricky on SVG content, where there already was an existing "filter" property/attribute. The parsing code is now shared between SVG and HTML, as is the computed style output. Covered by updating the existing tests, and adding one new test: css3/filters/unprefixed.html * css/CSSComputedStyleDeclaration.cpp: Rename CSSPropertyWebkitFilter to CSSPropertyFilter. (WebCore::isLayoutDependent): (WebCore::ComputedStyleExtractor::propertyValue): * css/CSSFilterImageValue.cpp: (WebCore::CSSFilterImageValue::customCSSText): Use "filter(" as the prefix. * css/CSSParser.cpp: (WebCore::CSSParser::parseValue): Rename CSSPropertyWebkitFilter to CSSPropertyFilter. (WebCore::CSSParser::isGeneratedImageValue): Add support for "filter()". (WebCore::CSSParser::parseGeneratedImage): Ditto. (WebCore::CSSParser::parseBuiltinFilterArguments): * css/CSSPropertyNames.in: Add filter. Make -webkit-filter an alias. * css/SVGCSSComputedStyleDeclaration.cpp: (WebCore::ComputedStyleExtractor::svgPropertyValue): Deleted. * page/animation/CSSPropertyAnimation.cpp: Rename CSSPropertyWebkitFilter to CSSPropertyFilter. (WebCore::PropertyWrapperAcceleratedFilter::PropertyWrapperAcceleratedFilter): * page/animation/KeyframeAnimation.cpp: Ditto. (WebCore::KeyframeAnimation::checkForMatchingFilterFunctionLists): * platform/graphics/GraphicsLayer.cpp: Rename AnimatedPropertyWebkitFilter to AnimatedPropertyFilter. (WebCore::GraphicsLayer::validateFilterOperations): * platform/graphics/GraphicsLayerClient.h: Ditto. * platform/graphics/ca/GraphicsLayerCA.cpp: Ditto. (WebCore::GraphicsLayerCA::moveOrCopyAnimations): (WebCore::GraphicsLayerCA::addAnimation): (WebCore::GraphicsLayerCA::createAnimationFromKeyframes): (WebCore::GraphicsLayerCA::createFilterAnimationsFromKeyframes): * rendering/RenderLayer.cpp: (WebCore::RenderLayer::updateOrRemoveFilterClients): SVG manages its own filter resources, so we shouldn't add a layer that has an SVG root to the filter clients. * rendering/RenderLayerBacking.cpp: Renaming. (WebCore::RenderLayerBacking::startAnimation): (WebCore::RenderLayerBacking::startTransition): (WebCore::RenderLayerBacking::graphicsLayerToCSSProperty): (WebCore::RenderLayerBacking::cssToGraphicsLayerProperty): * rendering/RenderLayerCompositor.cpp: Ditto. (WebCore::RenderLayerCompositor::requiresCompositingForAnimation): * rendering/style/SVGRenderStyle.h: Remove the SVG filter style. (WebCore::SVGRenderStyle::isolatesBlending): No need to check for hasFilter(). (WebCore::SVGRenderStyle::initialFilterResource): Deleted. (WebCore::SVGRenderStyle::setFilterResource): Deleted. (WebCore::SVGRenderStyle::filterResource): Deleted. (WebCore::SVGRenderStyle::hasFilter): Deleted. * rendering/style/SVGRenderStyleDefs.cpp: Remove the filter resource. (WebCore::StyleResourceData::StyleResourceData): Deleted. (WebCore::StyleResourceData::operator==): Deleted. * rendering/style/SVGRenderStyleDefs.h: * rendering/style/WillChangeData.cpp: Renaming. (WebCore::propertyCreatesStackingContext): (WebCore::propertyTriggersCompositing): * rendering/svg/SVGRenderSupport.cpp: (WebCore::SVGRenderSupport::isolatesBlending): Since SVGRenderStyle no longer checks hasFilter() in its isolatesBlending(), we need to do it here. * rendering/svg/SVGRenderingContext.cpp: (WebCore::SVGRenderingContext::prepareToRenderSVGContent): * rendering/svg/SVGRenderTreeAsText.cpp: (WebCore::writeResources): Dump from the CSS style value. * rendering/svg/SVGResources.cpp: Ditto. (WebCore::SVGResources::buildCachedResources): * rendering/svg/SVGResources.h: * rendering/svg/SVGResourcesCache.cpp: (WebCore::SVGResourcesCache::addResourcesFromRenderer): * platform/graphics/texmap/TextureMapperLayer.cpp: Renaming. * platform/graphics/texmap/TextureMapperAnimation.cpp: * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp: 2015-12-03 Matthew Hanson <matthew_hanson@apple.com> Merge r188530. rdar://problem/23732374 2015-08-17 Simon Fraser <simon.fraser@apple.com> will-change should sometimes trigger compositing https://bugs.webkit.org/show_bug.cgi?id=148072 Reviewed by Tim Horton. Implement the compositing side-effects of will-change, if any of the following properties are specified: opacity filter (as -webkit-filter) backdrop-filter (as -webkit-backdrop-filter) transform (on transformable elements only) Tests: compositing/layer-creation/will-change-change.html compositing/layer-creation/will-change-layer-creation.html * inspector/InspectorLayerTreeAgent.cpp: (WebCore::InspectorLayerTreeAgent::reasonsForCompositingLayer): Tell the inspector about will-change. * rendering/RenderElement.cpp: (WebCore::RenderElement::adjustStyleDifference): Need to trigger a recomposite if will-change includes a compositing trigger property. This gets called before and after setting the style, so this checks both states. (WebCore::RenderElement::shouldWillChangeCreateStackingContext): * rendering/RenderElement.h: (WebCore::RenderElement::willChangeCreatesStackingContext): Helper function that RenderInline uses to determine if it needs to create a RenderLayer, since RenderInline doesn't get automatic layer RenderLayers as a side effect of having non-auto z-index in the style. * rendering/RenderInline.h: Need to trigger a RenderLayer if will-change includes a property that applies to inlines. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::requiresCompositingLayer): Call requiresCompositingForWillChange(). (WebCore::RenderLayerCompositor::requiresOwnBackingStore): Call requiresCompositingForWillChange(). (WebCore::RenderLayerCompositor::reasonsForCompositing): Include requiresCompositingForWillChange(). (WebCore::RenderLayerCompositor::requiresCompositingForWillChange): If will-change contains a property that would trigger compositing on this element, return true. * rendering/RenderLayerCompositor.h: * rendering/style/RenderStyle.cpp: (WebCore::RenderStyle::changeRequiresLayout): Set ContextSensitivePropertyWillChange in changedContextSensitiveProperties if will-change changes. * rendering/style/RenderStyle.h: Rename for clarity. * rendering/style/RenderStyleConstants.h: Add ContextSensitivePropertyWillChange. * rendering/style/WillChangeData.cpp: (WebCore::propertyCreatesStackingContext): Subset of properties that create stacking context on any element. (WebCore::propertyCreatesStackingContextOnBoxesOnly): Additional properties that create stacking context on boxes. (WebCore::propertyTriggersCompositing): Properties that trigger compositing on any element. (WebCore::propertyTriggersCompositingOnBoxesOnly): Additional properties that trigger compositing on boxes. (WebCore::WillChangeData::addFeature): As features are added, manage a set of flags to know if they trigger stacking context or compositing, on inlines and boxes. (WebCore::WillChangeData::createsStackingContext): Deleted. * rendering/style/WillChangeData.h: (WebCore::WillChangeData::canCreateStackingContext): (WebCore::WillChangeData::canCreateStackingContextOnInline): (WebCore::WillChangeData::canTriggerCompositing): (WebCore::WillChangeData::canTriggerCompositingOnInline): 2015-12-03 Matthew Hanson <matthew_hanson@apple.com> Merge r188514. rdar://problem/23732374 2015-08-15 Simon Fraser <simon.fraser@apple.com> Have will-change create stacking context when necessary https://bugs.webkit.org/show_bug.cgi?id=148060 Reviewed by Zalan Bujtas. If will-change includes a property whose non-initial value can create stacking context, create stacking context for that element. Test: fast/css/will-change/will-change-creates-stacking-context.html * css/StyleResolver.cpp: (WebCore::StyleResolver::adjustRenderStyle): * rendering/style/RenderStyle.h: Add willChangeCreatesStackingContext(), which on most cases is a fast, inlined 'return false'. Otherwise ask the WillChangeData. * rendering/style/WillChangeData.cpp: (WebCore::propertyCreatesStackingContext): (WebCore::WillChangeData::createsStackingContext): * rendering/style/WillChangeData.h: 2015-12-03 Matthew Hanson <matthew_hanson@apple.com> Merge r188512. rdar://problem/23732374 2015-08-14 Simon Fraser <simon.fraser@apple.com> Implement parsing for CSS will-change https://bugs.webkit.org/show_bug.cgi?id=148052 Reviewed by Dean Jackson. Syntax is will-change: auto | <animateable-feature># where <animateable-feature> = scroll-position | contents | <custom-ident> To support this, add WillChangeData which stores a vector of "feature" and CSS property squished into 16 bits. This is stored in rareNonInheritedData. If null or an empty list, the property value is 'auto'. The list preserves unknown properties. Test: fast/css/will-change-parsing.html * CMakeLists.txt: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.vcxproj/WebCore.vcxproj.filters: * WebCore.xcodeproj/project.pbxproj: * css/CSSComputedStyleDeclaration.cpp: (WebCore::getWillChangePropertyValue): (WebCore::ComputedStyleExtractor::propertyValue): * css/CSSParser.cpp: (WebCore::CSSParser::parseValue): (WebCore::isValidGridPositionCustomIdent): Renamed from isValidCustomIdent(), since it's grid-specific. (WebCore::CSSParser::parseIntegerOrCustomIdentFromGridPosition): (WebCore::valueIsCSSKeyword): Returns true for the "CSS-wide" keywords like "initial", "inherit" and "default". (WebCore::CSSParser::parseFontFamily): (WebCore::isValidWillChangeAnimatableFeature): (WebCore::CSSParser::parseWillChange): (WebCore::isValidCustomIdent): Deleted. * css/CSSParser.h: * css/CSSPrimitiveValue.h: (WebCore::CSSPrimitiveValue::isPropertyID): New utility function. * css/CSSPropertyNames.in: * css/CSSValueKeywords.in: * css/StyleBuilderCustom.h: (WebCore::StyleBuilderCustom::applyValueWillChange): * rendering/style/RenderStyle.cpp: (WebCore::RenderStyle::setWillChange): * rendering/style/RenderStyle.h: * rendering/style/StyleAllInOne.cpp: * rendering/style/StyleRareNonInheritedData.cpp: (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData): (WebCore::StyleRareNonInheritedData::operator==): (WebCore::StyleRareNonInheritedData::willChangeDataEquivalent): * rendering/style/StyleRareNonInheritedData.h: * rendering/style/WillChangeData.cpp: Added. (WebCore::WillChangeData::operator==): (WebCore::WillChangeData::containsScrollPosition): (WebCore::WillChangeData::containsContents): (WebCore::WillChangeData::containsProperty): (WebCore::WillChangeData::addFeature): (WebCore::WillChangeData::featureAt): * rendering/style/WillChangeData.h: Added. (WebCore::WillChangeData::create): (WebCore::WillChangeData::operator!=): (WebCore::WillChangeData::isAuto): (WebCore::WillChangeData::numFeatures): (WebCore::WillChangeData::WillChangeData): (WebCore::WillChangeData::AnimatableFeature::feature): (WebCore::WillChangeData::AnimatableFeature::property): (WebCore::WillChangeData::AnimatableFeature::featurePropertyPair): (WebCore::WillChangeData::AnimatableFeature::AnimatableFeature): (WebCore::WillChangeData::AnimatableFeature::operator==): 2015-12-03 Matthew Hanson <matthew_hanson@apple.com> Merge r190383. rdar://problem/23732393 2015-09-30 Katlyn Graff <kgraff@apple.com> Add support for the imageSmoothingQuality property for CanvasRenderingContext2D. https://bugs.webkit.org/show_bug.cgi?id=149541 Reviewed by Ryosuke Niwa. As documented here: https://html.spec.whatwg.org/multipage/scripting.html#image-smoothing Exposes the smooothing quality of algorithms used for scaling images. Valid input values are low, medium, and high: associated algorithms are expected to vary for differing hardware. setImageSmoothingQuality provides a handle into CGInterpolationQuality. Test: fast/canvas/canvas-imageSmoothingQuality.html * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::State::State): (WebCore::CanvasRenderingContext2D::State::operator=): (WebCore::smoothingToInterpolationQuality): (WebCore::CanvasRenderingContext2D::imageSmoothingQuality): (WebCore::CanvasRenderingContext2D::setImageSmoothingQuality): (WebCore::CanvasRenderingContext2D::setImageSmoothingEnabled): * html/canvas/CanvasRenderingContext2D.h: * html/canvas/CanvasRenderingContext2D.idl: 2015-12-03 Matthew Hanson <matthew_hanson@apple.com> Merge r189427. rdar://problem/23732393 2015-09-04 Myles C. Maxfield <mmaxfield@apple.com> Rename members of CanvasRenderingContext2D::State https://bugs.webkit.org/show_bug.cgi?id=148889 Reviewed by Tim Horton. CanvasRenderingContext2D::State is a struct, so its members should not start with m_. No new tests because there is no behavior change. * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::State::State): (WebCore::CanvasRenderingContext2D::State::operator=): (WebCore::CanvasRenderingContext2D::restore): (WebCore::CanvasRenderingContext2D::setStrokeStyle): (WebCore::CanvasRenderingContext2D::setFillStyle): (WebCore::CanvasRenderingContext2D::lineWidth): (WebCore::CanvasRenderingContext2D::setLineWidth): (WebCore::CanvasRenderingContext2D::lineCap): (WebCore::CanvasRenderingContext2D::setLineCap): (WebCore::CanvasRenderingContext2D::lineJoin): (WebCore::CanvasRenderingContext2D::setLineJoin): (WebCore::CanvasRenderingContext2D::miterLimit): (WebCore::CanvasRenderingContext2D::setMiterLimit): (WebCore::CanvasRenderingContext2D::shadowOffsetX): (WebCore::CanvasRenderingContext2D::setShadowOffsetX): (WebCore::CanvasRenderingContext2D::shadowOffsetY): (WebCore::CanvasRenderingContext2D::setShadowOffsetY): (WebCore::CanvasRenderingContext2D::shadowBlur): (WebCore::CanvasRenderingContext2D::setShadowBlur): (WebCore::CanvasRenderingContext2D::shadowColor): (WebCore::CanvasRenderingContext2D::setShadowColor): (WebCore::CanvasRenderingContext2D::getLineDash): (WebCore::CanvasRenderingContext2D::setLineDash): (WebCore::CanvasRenderingContext2D::setWebkitLineDash): (WebCore::CanvasRenderingContext2D::lineDashOffset): (WebCore::CanvasRenderingContext2D::setLineDashOffset): (WebCore::CanvasRenderingContext2D::applyLineDash): (WebCore::CanvasRenderingContext2D::globalAlpha): (WebCore::CanvasRenderingContext2D::setGlobalAlpha): (WebCore::CanvasRenderingContext2D::globalCompositeOperation): (WebCore::CanvasRenderingContext2D::setGlobalCompositeOperation): (WebCore::CanvasRenderingContext2D::scale): (WebCore::CanvasRenderingContext2D::rotate): (WebCore::CanvasRenderingContext2D::translate): (WebCore::CanvasRenderingContext2D::transform): (WebCore::CanvasRenderingContext2D::setTransform): (WebCore::CanvasRenderingContext2D::setStrokeColor): (WebCore::CanvasRenderingContext2D::setFillColor): (WebCore::CanvasRenderingContext2D::fillInternal): (WebCore::CanvasRenderingContext2D::strokeInternal): (WebCore::CanvasRenderingContext2D::clipInternal): (WebCore::CanvasRenderingContext2D::isPointInPathInternal): (WebCore::CanvasRenderingContext2D::isPointInStrokeInternal): (WebCore::CanvasRenderingContext2D::clearRect): (WebCore::CanvasRenderingContext2D::fillRect): (WebCore::CanvasRenderingContext2D::strokeRect): (WebCore::CanvasRenderingContext2D::setShadow): (WebCore::CanvasRenderingContext2D::applyShadow): (WebCore::CanvasRenderingContext2D::shouldDrawShadows): (WebCore::CanvasRenderingContext2D::drawImage): (WebCore::CanvasRenderingContext2D::transformAreaToDevice): (WebCore::CanvasRenderingContext2D::rectContainsCanvas): (WebCore::CanvasRenderingContext2D::compositeBuffer): (WebCore::CanvasRenderingContext2D::didDraw): (WebCore::CanvasRenderingContext2D::drawFocusIfNeededInternal): (WebCore::CanvasRenderingContext2D::font): (WebCore::CanvasRenderingContext2D::setFont): (WebCore::CanvasRenderingContext2D::textAlign): (WebCore::CanvasRenderingContext2D::setTextAlign): (WebCore::CanvasRenderingContext2D::textBaseline): (WebCore::CanvasRenderingContext2D::setTextBaseline): (WebCore::CanvasRenderingContext2D::direction): (WebCore::CanvasRenderingContext2D::setDirection): (WebCore::CanvasRenderingContext2D::drawTextInternal): (WebCore::CanvasRenderingContext2D::inflateStrokeRect): (WebCore::CanvasRenderingContext2D::imageSmoothingEnabled): (WebCore::CanvasRenderingContext2D::setImageSmoothingEnabled): * html/canvas/CanvasRenderingContext2D.h: 2015-12-03 Matthew Hanson <matthew_hanson@apple.com> Merge r188194. rdar://problem/23732393 2015-08-08 Dean Jackson <dino@apple.com> Remove the webkit prefix from CanvasRenderingContext2D imageSmoothingEnabled https://bugs.webkit.org/show_bug.cgi?id=147803 <rdar://problem/22200553> Reviewed by Sam Weinig. Rename webkitImageSmoothingEnabled to imageSmoothingEnabled. Updated existing tests, and made sure that the prefixed version is identical to the standard version. * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::imageSmoothingEnabled): Renamed from webkitImageSmoothingEnabled. (WebCore::CanvasRenderingContext2D::setImageSmoothingEnabled): Renamed from setWebkitImageSmoothingEnabled. (WebCore::CanvasRenderingContext2D::webkitImageSmoothingEnabled): Deleted. (WebCore::CanvasRenderingContext2D::setWebkitImageSmoothingEnabled): Deleted. * html/canvas/CanvasRenderingContext2D.h: Rename the methods. * html/canvas/CanvasRenderingContext2D.idl: Add the non-prefixed form, and mark is as the implementation of the prefixed form. 2015-12-03 Timothy Hatcher <timothy@apple.com> Merge r192592. rdar://problem/23221163 2015-11-18 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Client Blocked Resource Requests causes Crash under InspectorPageAgent::cachedResource https://bugs.webkit.org/show_bug.cgi?id=151398 Reviewed by Brian Burg. Test: inspector/network/client-blocked-load.html * inspector/InspectorPageAgent.cpp: (WebCore::InspectorPageAgent::cachedResource): Gracefully handle null request. * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::cachedResource): ASSERT if someone tried to pass a null URL. 2015-12-03 Timothy Hatcher <timothy@apple.com> Merge r192585. rdar://problem/23221163 2015-11-18 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Timeline Recording across page navigations behaves poorly https://bugs.webkit.org/show_bug.cgi?id=151112 Reviewed by Timothy Hatcher. * inspector/InspectorPageAgent.cpp: (WebCore::InspectorPageAgent::frameStartedLoading): Deleted. Don't reset the execution stopwatch on page navigation. If a timeline is actively being recorded on the frontend then all new timestamps suddenly downshifted towards zero introduces bad data. 2015-12-03 Timothy Hatcher <timothy@apple.com> Merge r188222. rdar://problem/23221163 2015-08-10 Devin Rousso <drousso@apple.com> Web Inspector: Invalid selectors can be applied to the stylesheet https://bugs.webkit.org/show_bug.cgi?id=147230 Reviewed by Timothy Hatcher. * inspector/InspectorStyleSheet.cpp: (WebCore::isValidSelectorListString): (WebCore::InspectorStyleSheet::setRuleSelector): Now checks to see that the supplied selector is valid before trying to commit it to the rule. (WebCore::InspectorStyleSheet::addRule): (WebCore::checkStyleRuleSelector): Deleted. 2015-12-03 Timothy Hatcher <timothy@apple.com> Merge r186891. rdar://problem/23221163 2015-07-16 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: update $$() to return an Array https://bugs.webkit.org/show_bug.cgi?id=146964 Reviewed by Brian Burg. Test: inspector/console/command-line-api.html * inspector/CommandLineAPIModuleSource.js: Update $$(...) to return an array. Also InjectedScriptHost.type was renamed to subtype a while ago. 2015-12-03 Timothy Hatcher <timothy@apple.com> Merge r192745. rdar://problem/23221163 2015-11-23 Brian Burg <bburg@apple.com> Web Inspector: when inspecting the inspector, add the inspection level to the title bar https://bugs.webkit.org/show_bug.cgi?id=151555 Reviewed by Timothy Hatcher. * English.lproj/Localizable.strings: add new localized string for alternate inspector title. 2015-12-03 Timothy Hatcher <timothy@apple.com> Merge r192662. rdar://problem/23221163 2015-11-19 Brian Burg <bburg@apple.com> Web Inspector: yank/kill shortcuts (CTRL+Y, K) don't work in Console / QuickConsole https://bugs.webkit.org/show_bug.cgi?id=151157 Reviewed by Joseph Pecoraro. CodeMirror maintains its own editor buffer and implements its own `killLine` command but doesn't implement the yank command. So, text that is "killed" with CTRL-k inside a CodeMirror instance isn't added to Editor's kill ring. Subsequent yank commands won't match up with the killed text, instead returning text from a prior kill that was handled by Editor (i.e., in a contenteditable or form input). This patch adds a host function so that the Inspector frontend can append "missed" killed text to Editor's kill ring. Subsequent yanks handled by Editor will then match the text killed by CodeMirror. No new tests, because we need to use both InspectorFrontendHost and TestRunner.execCommand, but the latter is not available in the inspector context where we would need to simulate a kill. * inspector/InspectorFrontendHost.cpp: (WebCore::InspectorFrontendHost::killText): Added. This appends the killed text to the kill ring, starting a new sequence if necessary. Unlike Editor, Inspector waits until the next kill command to clear the existing sequence. * inspector/InspectorFrontendHost.h: * inspector/InspectorFrontendHost.idl: 2015-12-03 Timothy Hatcher <timothy@apple.com> Merge r192641. rdar://problem/23221163 2015-11-19 Brian Burg <bburg@apple.com> REGRESSION(r8780): Backwards delete by word incorrectly appends deleted text to kill ring, should be prepend https://bugs.webkit.org/show_bug.cgi?id=151300 Reviewed by Darin Adler. Over 11 years ago, someone was in a big hurry to fix a bunch of emacs keybindings bugs, and accidentally regressed the kill ring behavior for backwards-delete-word. It should prepend to the beginning. This patch fixes the regression and cleans up the kill ring-related code in Editor and commands. It also adds some tests to cover the regressed code a bit better. Tests: editing/pasteboard/emacs-killring-alternating-append-prepend.html editing/pasteboard/emacs-killring-backward-delete-prepend.html * editing/Editor.cpp: Use more explicit names for insertion mode parameters and member variables. (WebCore::Editor::deleteWithDirection): (WebCore::Editor::performDelete): (WebCore::Editor::addRangeToKillRing): (WebCore::Editor::addTextToKillRing): Only one call site for now, but another will be added in a dependent fix. (WebCore::Editor::addToKillRing): Deleted. * editing/Editor.h: * editing/TypingCommand.cpp: (WebCore::TypingCommand::TypingCommand): (WebCore::TypingCommand::deleteKeyPressed): (WebCore::TypingCommand::forwardDeleteKeyPressed): (WebCore::TypingCommand::doApply): * editing/TypingCommand.h: * platform/mac/KillRingMac.mm: (WebCore::KillRing::append): (WebCore::KillRing::prepend): It turns out that the native API implicitly clears the kill sequence when alternating between prepend and append operations. Its behavior does not match what Sublime Text or Emacs do in this case. Clear the previous operation flag to prevent this behavior from happening. 2015-12-02 Timothy Hatcher <timothy@apple.com> Merge r191967. rdar://problem/23221163 2015-11-03 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Handle or Remove ParseHTML Timeline Event Records https://bugs.webkit.org/show_bug.cgi?id=150689 Reviewed by Timothy Hatcher. Remove ParseHTML nesting recordings. We were not using them and for most pages their self-time is very small in comparison to other events. We may consider adding it back later for UI purposes but for now the frontend doesn't use the records so lets remove it. * html/parser/HTMLDocumentParser.cpp: (WebCore::HTMLDocumentParser::pumpTokenizer): Deleted. * inspector/InspectorInstrumentation.cpp: (WebCore::InspectorInstrumentation::willWriteHTMLImpl): Deleted. (WebCore::InspectorInstrumentation::didWriteHTMLImpl): Deleted. * inspector/InspectorInstrumentation.h: (WebCore::InspectorInstrumentation::willWriteHTML): Deleted. (WebCore::InspectorInstrumentation::didWriteHTML): Deleted. * inspector/InspectorTimelineAgent.cpp: (WebCore::InspectorTimelineAgent::willWriteHTML): Deleted. (WebCore::InspectorTimelineAgent::didWriteHTML): Deleted. (WebCore::toProtocol): Deleted. * inspector/InspectorTimelineAgent.h: * inspector/TimelineRecordFactory.cpp: (WebCore::TimelineRecordFactory::createParseHTMLData): Deleted. * inspector/TimelineRecordFactory.h: 2015-12-02 Timothy Hatcher <timothy@apple.com> Merge r191732. rdar://problem/23221163 2015-10-29 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Clean up and audit TimelineRecordFactory records https://bugs.webkit.org/show_bug.cgi?id=150660 Reviewed by Brian Burg. Cleanup included removing unused methods and payload data that the frontend wasn't likely to use. Also added ASCIILiteral and removed unnecessary includes. * inspector/InspectorNetworkAgent.cpp: * inspector/InspectorPageAgent.cpp: * inspector/InspectorTimelineAgent.cpp: (WebCore::InspectorTimelineAgent::willLayout): * inspector/InspectorTimelineAgent.h: * inspector/TimelineRecordFactory.cpp: (WebCore::TimelineRecordFactory::createGenericRecord): (WebCore::TimelineRecordFactory::createFunctionCallData): (WebCore::TimelineRecordFactory::createConsoleProfileData): (WebCore::TimelineRecordFactory::createEventDispatchData): (WebCore::TimelineRecordFactory::createGenericTimerData): (WebCore::TimelineRecordFactory::createTimerInstallData): (WebCore::TimelineRecordFactory::createEvaluateScriptData): (WebCore::TimelineRecordFactory::createTimeStampData): (WebCore::TimelineRecordFactory::createParseHTMLData): (WebCore::TimelineRecordFactory::createAnimationFrameData): (WebCore::TimelineRecordFactory::createPaintData): (WebCore::TimelineRecordFactory::appendLayoutRoot): (WebCore::TimelineRecordFactory::createBackgroundRecord): Deleted. (WebCore::TimelineRecordFactory::createLayoutData): Deleted. * inspector/TimelineRecordFactory.h: (WebCore::TimelineRecordFactory::TimelineRecordFactory): 2015-12-02 Timothy Hatcher <timothy@apple.com> Merge r191651. rdar://problem/23221163 2015-10-27 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Remove Timeline MarkDOMContent and MarkLoad, data is already available https://bugs.webkit.org/show_bug.cgi?id=150615 Reviewed by Timothy Hatcher. The timestamp only event data is already available from `Page.domContentEventFired` and `Page.loadEventFired` events. We can drop the Timeline specific events in favor of these which have existed for a very long time (before iOS 7). * inspector/InspectorInstrumentation.cpp: (WebCore::InspectorInstrumentation::loadEventFiredImpl): (WebCore::InspectorInstrumentation::domContentLoadedEventFiredImpl): Deleted. * inspector/InspectorTimelineAgent.cpp: (WebCore::InspectorTimelineAgent::didMarkDOMContentEvent): Deleted. (WebCore::InspectorTimelineAgent::didMarkLoadEvent): Deleted. (WebCore::toProtocol): Deleted. * inspector/InspectorTimelineAgent.h: * inspector/TimelineRecordFactory.cpp: (WebCore::TimelineRecordFactory::createMarkData): Deleted. * inspector/TimelineRecordFactory.h: 2015-12-02 Timothy Hatcher <timothy@apple.com> Merge r190416. rdar://problem/23221163 2015-09-30 João Oliveira <hello@jxs.pt> Web Inspector: Adjust font size of Developer Tools using Command,+ or Command,- https://bugs.webkit.org/show_bug.cgi?id=149590 Reviewed by Joseph Pecoraro. Patch by João Oliveira and Brian Burg. Expose the frontend page's zoom factor so we can implement relative zoom. * inspector/InspectorFrontendHost.cpp: (WebCore::InspectorFrontendHost::zoomFactor): Added. * inspector/InspectorFrontendHost.h: * inspector/InspectorFrontendHost.idl: * page/Frame.h: (WebCore::Frame::pageZoomFactor): 2015-12-02 Timothy Hatcher <timothy@apple.com> Merge r189883. rdar://problem/23221163 2015-09-16 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Fix common typo "supress" => "suppress" https://bugs.webkit.org/show_bug.cgi?id=149199 Reviewed by Gyuyoung Kim. * html/shadow/ContentDistributor.h: (WebCore::ContentDistributor::needsDistribution): * page/ContentSecurityPolicy.cpp: (WebCore::ContentSecurityPolicy::reportViolation): * platform/NotImplemented.h: * platform/graphics/ca/win/LayerChangesFlusher.cpp: (WebCore::LayerChangesFlusher::hookCallback): * platform/mac/HIDGamepadProvider.cpp: (WebCore::HIDGamepadProvider::deviceRemoved): * platform/win/makesafeseh.asm: 2015-12-02 Timothy Hatcher <timothy@apple.com> Merge r189104. rdar://problem/23221163 2015-08-28 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Separate creating a style sheet from adding a new rule in the protocol https://bugs.webkit.org/show_bug.cgi?id=148502 Reviewed by Timothy Hatcher. Tests: inspector/css/createStyleSheet.html inspector/css/manager-preferredInspectorStyleSheetForFrame.html * inspector/InspectorCSSAgent.h: Allow for multiple inspector style sheets per document. * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::createStyleSheet): (WebCore::InspectorCSSAgent::createInspectorStyleSheetForDocument): Added. (WebCore::InspectorCSSAgent::viaInspectorStyleSheet): Deleted. Extract and generalize creating a via-inspector stylesheet here. (WebCore::InspectorCSSAgent::addRule): Lookup stylesheet to add a rule to via the provided stylesheet id. (WebCore::InspectorCSSAgent::bindStyleSheet): (WebCore::InspectorCSSAgent::detectOrigin): Update to account for a list of stylesheets per document instead of one. * inspector/InspectorStyleSheet.cpp: (WebCore::InspectorStyleSheet::addRule): (WebCore::InspectorStyleSheetForInlineStyle::setStyleText): 2015-12-02 Timothy Hatcher <timothy@apple.com> Merge r189002. rdar://problem/23221163 2015-08-26 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Implement tracking of active stylesheets in the frontend https://bugs.webkit.org/show_bug.cgi?id=105828 Reviewed by Timothy Hatcher. Tests: inspector/css/stylesheet-events-basic.html inspector/css/stylesheet-events-imports.html inspector/css/stylesheet-events-inspector-stylesheet.html * inspector/InspectorInstrumentation.cpp: (WebCore::InspectorInstrumentation::documentDetachedImpl): (WebCore::InspectorInstrumentation::activeStyleSheetsUpdatedImpl): * inspector/InspectorInstrumentation.h: (WebCore::InspectorInstrumentation::documentDetached): (WebCore::InspectorInstrumentation::activeStyleSheetsUpdated): New hooks for when a document is detached or a document's style sheets are updated. * dom/Document.cpp: (WebCore::Document::prepareForDestruction): Inform the inspector so the CSSAgent can remove document related data. * dom/DocumentStyleSheetCollection.h: * dom/DocumentStyleSheetCollection.cpp: (WebCore::DocumentStyleSheetCollection::updateActiveStyleSheets): Inform the inspector so the CSSAgent can push stylesheet related events. (WebCore::DocumentStyleSheetCollection::activeStyleSheetsForInspector): Added. CSSStyleSheets for the inspector include non-disabled author stylesheets even if they are empty. * inspector/InspectorCSSAgent.h: * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::reset): (WebCore::InspectorCSSAgent::documentDetached): Handling for the new list of known document to CSSStyleSheets map. (WebCore::InspectorCSSAgent::enable): When the CSS domain is enabled, tell the frontend about known stylesheets. (WebCore::InspectorCSSAgent::activeStyleSheetsUpdated): (WebCore::InspectorCSSAgent::setActiveStyleSheetsForDocument): Diff the old list of known stylesheets to the new list of stylesheets for an individual document. Then send appropriate added/removed events. (WebCore::InspectorCSSAgent::collectAllStyleSheets): (WebCore::InspectorCSSAgent::collectAllDocumentStyleSheets): (WebCore::InspectorCSSAgent::collectStyleSheets): Collect stylesheets recursively. A stylesheet may link to other stylesheets through @import statements. (WebCore::InspectorCSSAgent::getAllStyleSheets): Use the new methods, this command should go away as it will no longer be useful. (WebCore::InspectorCSSAgent::unbindStyleSheet): (WebCore::InspectorCSSAgent::bindStyleSheet): Create an InspectorStyleSheet from a CSSStyleSheet and add to the appropriate lists. Likewise, unbinding will remove from the appropriate lists. (WebCore::InspectorCSSAgent::viaInspectorStyleSheet): (WebCore::InspectorCSSAgent::detectOrigin): When creating the inspector stylesheet, which is a <style> element, it will push a StyleSheetAdded event. In the process of binding this new stylesheet use the m_creatingViaInspectorStyleSheet to add it to out list of Inspector Stylesheets. 2015-12-02 Timothy Hatcher <timothy@apple.com> Merge r188631. rdar://problem/23221163 2015-08-18 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Links for rules in <style> are incorrect, do not account for <style> offset in the document https://bugs.webkit.org/show_bug.cgi?id=148141 Reviewed by Brian Burg. Test: inspector/css/getAllStyleSheets.html * css/CSSStyleSheet.h: * css/CSSStyleSheet.cpp: (WebCore::CSSStyleSheet::create): (WebCore::CSSStyleSheet::createInline): (WebCore::CSSStyleSheet::CSSStyleSheet): Include the starting position when created by the Parser. Default to the minimum position, which should never be possible for an inline <style> because the "<style>" characters themselves require at least some offset. * dom/InlineStyleSheetOwner.cpp: (WebCore::InlineStyleSheetOwner::createSheet): Provide the start position offset for this stylesheet if it was inline. * inspector/InspectorStyleSheet.cpp: (WebCore::InspectorStyleSheet::buildObjectForStyleSheetInfo): Include new protocol values for the style sheet. 2015-12-01 Timothy Hatcher <timothy@apple.com> Merge r187496. rdar://problem/23221163 2015-07-28 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Show Pseudo Elements in DOM Tree https://bugs.webkit.org/show_bug.cgi?id=139612 Reviewed by Timothy Hatcher. Tests: inspector/css/pseudo-element-matches-for-pseudo-element-node.html inspector/dom/pseudo-element-dynamic.html inspector/dom/pseudo-element-static.html Much of this patch was modelled after the Blink implementation of pseudo element inspection. * dom/PseudoElement.h: * dom/PseudoElement.cpp: (WebCore::PseudoElement::~PseudoElement): (WebCore::PseudoElement::clearHostElement): Since InspectorDOMAgent may hold a reference to this PseudoElement we can't report it as destroyed in the destructor, as that wouldn't be reached if the inspector holds a reference. Move this to when the psuedo element is disconnected, which is immediately before destruction. * inspector/InspectorCSSAgent.h: * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::getMatchedStylesForNode): When computing styles for a pseudo element, compute styles from the host element for just the pseudo element's pseudo type. Likewise only include matched results, not inherited or others. (WebCore::InspectorCSSAgent::buildArrayForMatchedRuleList): Add the pseudo type to the checker context to try and detect exactly which selector in a list of selectors matched the pseudo element. * inspector/InspectorDOMAgent.h: * inspector/InspectorDOMAgent.cpp: (WebCore::InspectorDOMAgent::unbind): When unbinding an element, also unbind any pseudo element children it may have had and bound. (WebCore::InspectorDOMAgent::assertEditableNode): (WebCore::InspectorDOMAgent::assertEditableElement): (WebCore::InspectorDOMAgent::removeNode): Improve grammar in error message. Don't allow editing pseudo elements. (WebCore::pseudoElementType): (WebCore::InspectorDOMAgent::buildObjectForNode): (WebCore::InspectorDOMAgent::buildArrayForPseudoElements): If a node is a pseudo element include its pseudoType. If a node has pseudo element children include them. (WebCore::InspectorDOMAgent::pseudoElementCreated): (WebCore::InspectorDOMAgent::pseudoElementDestroyed): When pseudo elements are dynamically created or destroyed push pseudo element nodes to the frontend if needed. * inspector/InspectorInstrumentation.cpp: (WebCore::InspectorInstrumentation::pseudoElementCreatedImpl): (WebCore::InspectorInstrumentation::pseudoElementDestroyedImpl): * inspector/InspectorInstrumentation.h: (WebCore::InspectorInstrumentation::pseudoElementCreated): (WebCore::InspectorInstrumentation::pseudoElementDestroyed): (WebCore::InspectorInstrumentation::layerTreeDidChange): (WebCore::InspectorInstrumentation::renderLayerDestroyed): Plumbing for pseudo element created/destroyed events. * style/StyleResolveTree.cpp: (WebCore::Style::attachBeforeOrAfterPseudoElementIfNeeded): This is the only place a pseudo element is created, inform the inspector. * inspector/InspectorOverlay.cpp: (WebCore::buildObjectForElementData): Update the element data for the node highlight label to include the host element's selector and the pseudo element selector. 2015-12-01 Timothy Hatcher <timothy@apple.com> Merge r187249. rdar://problem/23221163 2015-07-23 Devin Rousso <drousso@apple.com> Web Inspector: Add a function to CSSCompletions to get a list of supported system fonts https://bugs.webkit.org/show_bug.cgi?id=147009 Reviewed by Joseph Pecoraro. Test: inspector/css/get-system-fonts.html * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::getSupportedSystemFontFamilyNames): Gets the list of system fonts (implemented in each platform) and returns that list. * inspector/InspectorCSSAgent.h: * platform/graphics/FontCache.h: * platform/graphics/freetype/FontCacheFreeType.cpp: (WebCore::FontCache::systemFontFamilies): * platform/graphics/ios/FontCacheIOS.mm: (WebCore::FontCache::systemFontFamilies): * platform/graphics/mac/FontCacheMac.mm: (WebCore::FontCache::systemFontFamilies): * platform/graphics/win/FontCacheWin.cpp: (WebCore::FontCache::systemFontFamilies): 2015-12-01 Timothy Hatcher <timothy@apple.com> Merge r187211. rdar://problem/23221163 2015-07-22 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Timeline should immediately start moving play head when starting a new recording https://bugs.webkit.org/show_bug.cgi?id=147210 Reviewed by Timothy Hatcher. Test: inspector/timeline/recording-start-stop-timestamps.html * inspector/InspectorTimelineAgent.cpp: (WebCore::InspectorTimelineAgent::internalStart): (WebCore::InspectorTimelineAgent::internalStop): Include the current timestamp when starting / stopping a recording. 2015-12-01 Timothy Hatcher <timothy@apple.com> Merge r186724. rdar://problem/23221163 2015-07-11 Nikita Vasilyev <nvasilyev@apple.com> Web Inspector: Inspector should be able to be docked to the bottom of a narrow window https://bugs.webkit.org/show_bug.cgi?id=146871 Reviewed by Timothy Hatcher. * inspector/InspectorFrontendClientLocal.cpp: 2015-12-01 Dana Burkart <dburkart@apple.com> Merge r192758. rdar://problem/23581476 2015-11-23 David Kilzer <ddkilzer@apple.com> Hardening against CSSSelector double frees <http://webkit.org/b/56124> <rdar://problem/9119036> Reviewed by Antti Koivisto. Add some security assertions to catch this issue if it ever happens in Debug builds, and make changes in CSSSelector::~CSSSelector() and CSSSelectorList::deleteSelectors() to prevent obvious issues if they're ever called twice in Release builds. No new tests because we don't know how to reproduce this. * css/CSSSelector.cpp: (WebCore::CSSSelector::CSSSelector): Initialize m_destructorHasBeenCalled. * css/CSSSelector.h: (WebCore::CSSSelector::m_destructorHasBeenCalled): Add bitfield. (WebCore::CSSSelector::CSSSelector): Initialize m_destructorHasBeenCalled. (WebCore::CSSSelector::~CSSSelector): Add security assertion that this is never called twice. Clear out any fields that would have caused us to dereference an object twice. * css/CSSSelectorList.cpp: (WebCore::CSSSelectorList::deleteSelectors): Clear m_selectorArray when freeing the memory to which it was pointing. This prevents re-entrancy issues or calling this method twice on the same thread. Also restructure the for() loop to prevent calling CSSSelector::isLastInSelectorList() after CSSSelector::~CSSSelector() has been called (via CRBug 241892). 2015-10-29 Babak Shafiei <bshafiei@apple.com> Merge r191756. 2015-10-29 Simon Fraser <simon.fraser@apple.com> Very slow typing on pages with wheel event handlers on the body, and deep content https://bugs.webkit.org/show_bug.cgi?id=150692 rdar://problem/23242631 Reviewed by Zalan Bujtas. On a large page with a wheel event handler on the body, we would call Element::absoluteEventHandlerBounds() for every element under the body, and compute an absolute bounds for each one. This is very slow. For now, optimize computing a region for the <body> by just using the document bounds, which will always be as big or larger. It's OK for this region to be an overestimate. * dom/Document.cpp: (WebCore::Document::absoluteRegionForEventTargets): 2015-10-29 Lucas Forschler <lforschler@apple.com> Merge r191706. rdar://problem/23319292 2015-10-28 Andy Estes <aestes@apple.com> [Content Filtering] Crash when allowing a 0-byte resource to load https://bugs.webkit.org/show_bug.cgi?id=150644 <rdar://problem/23288538> Reviewed by Darin Adler. Test: contentfiltering/allow-empty-document.html * loader/ContentFilter.cpp: (WebCore::ContentFilter::deliverResourceData): resourceBuffer will be null if the resource contained no data. 2015-10-27 Matthew Hanson <matthew_hanson@apple.com> Merge r191636. rdar://problem/23078059 2015-10-27 Alex Christensen <achristensen@webkit.org> Cancel navigation policy checks like we do content policy checks. https://bugs.webkit.org/show_bug.cgi?id=150582 rdar://problem/22077579 Reviewed by Brent Fulgham. This was verified manually and I'll write a layout test for it soon. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::DocumentLoader): (WebCore::DocumentLoader::~DocumentLoader): (WebCore::DocumentLoader::willSendRequest): (WebCore::DocumentLoader::continueAfterNavigationPolicy): (WebCore::DocumentLoader::cancelPolicyCheckIfNeeded): * loader/DocumentLoader.h: Add a bool to keep track of whether we are waiting for navigation policy checks, like we do with content policy checks. Without this check, sometimes callbacks are made to DocumentLoaders that do not exist any more because they do not get cancelled by cancelPolicyCheckIfNeeded when detaching from the frame. 2015-10-27 Matthew Hanson <matthew_hanson@apple.com> Merge r191525. rdar://problem/23239748 2015-10-23 Simon Fraser <simon.fraser@apple.com> Avoid SVG-induced layouts inside Element::absoluteEventBounds() https://bugs.webkit.org/show_bug.cgi?id=150516 Reviewed by Zalan Bujtas. Speculative fix for a crash under RenderObject::localToContainerQuad() when computing the wheel event handler region, which uses Element::absoluteEventHandlerBounds(). Element::absoluteEventBounds() was calling SVGElement::getBoundingBox() in a way that could trigger a layout. * dom/Element.cpp: (WebCore::Element::absoluteEventBounds): 2015-10-23 Matthew Hanson <matthew_hanson@apple.com> Merge r191484. 2015-10-22 Gordon Sheridan <gordon_sheridan@apple.com> Fix build for clang-700.0.59.5 by replacing deprecated calls to convert points between screen and window coordinates for Mac. https://bugs.webkit.org/show_bug.cgi?id=150379 Reviewed by Andy Estes. Provide WAKWindow versions of the non-deprecated methods for converting an NSRect between window and screen coordinates, which replace the deprecated methods that operated on an NSPoint. * platform/ios/wak/WAKWindow.h: * platform/ios/wak/WAKWindow.mm: (-[WAKWindow convertRectToScreen:]): Added. (-[WAKWindow convertRectFromScreen:]): Added. 2015-10-22 Matthew Hanson <matthew_hanson@apple.com> Merge r191357. rdar://problem/23103279 2015-10-20 Chris Fleizach <cfleizach@apple.com> AX: CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::AccessibilityTable::tableElement const + 116 https://bugs.webkit.org/show_bug.cgi?id=150349 Reviewed by Brent Fulgham. The crash point for this bug says that the parentElement of the firstBody is garbage when it's accessed. Unfortunately, I could not reproduce this in-situ or with a test. So my speculative solution is to recalculate those body elements to ensure that they're valid before we access. * accessibility/AccessibilityTable.cpp: (WebCore::AccessibilityTable::tableElement): (WebCore::AccessibilityTable::isDataTable): 2015-10-14 Matthew Hanson <matthew_hanson@apple.com> Merge r191077. rdar://problem/22993325 2015-10-14 Alex Christensen <achristensen@webkit.org> [Content Extensions] Make blocked async XHR call onerror https://bugs.webkit.org/show_bug.cgi?id=146706 Reviewed by Brady Eidson. Test: http/tests/contentextensions/async-xhr-onerror.html * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::XMLHttpRequest): (WebCore::XMLHttpRequest::createRequest): (WebCore::XMLHttpRequest::networkError): (WebCore::XMLHttpRequest::networkErrorTimerFired): (WebCore::XMLHttpRequest::abortError): * xml/XMLHttpRequest.h: Make a timer that calls networkError in 0 time if a content blocker blocks the asynchronous load. It is necessary to call setPendingActivity and dropProtection (which calls unsetPendingActivity) to keep a reference to the XMLHttpRequest alive. 2015-10-14 Matthew Hanson <matthew_hanson@apple.com> Merge r191008. rdar://problem/23111794 2015-10-13 Dean Jackson <dino@apple.com> Device motion and orientation should only be visible from the main frame's security origin https://bugs.webkit.org/show_bug.cgi?id=150072 <rdar://problem/23082036> Reviewed by Brent Fulgham. There are reports that gyroscope and accelerometer information can be used to detect keyboard entry. One initial step to reduce the risk is to forbid device motion and orientation events from being fired in frames that are a different security origin from the main page. Manual test: deviceorientation-main-frame-only.html * page/DOMWindow.cpp: (WebCore::DOMWindow::isSameSecurityOriginAsMainFrame): New helper function. (WebCore::DOMWindow::addEventListener): Check if we are the main frame, or the same security origin as the main frame. If not, don't add the event listeners. 2015-10-14 Matthew Hanson <matthew_hanson@apple.com> Merge r188477. rdar://problem/22801969 2015-08-14 Tim Horton <timothy_horton@apple.com> Fix the Mavericks build. * platform/spi/mac/LookupSPI.h: 2015-10-14 Matthew Hanson <matthew_hanson@apple.com> Merge r188473. rdar://problem/22801969 2015-08-14 Tim Horton <timothy_horton@apple.com> Fix the build. * platform/spi/mac/LookupSPI.h: 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r190570. rdar://problem/23075530 2015-10-05 Zalan Bujtas <zalan@apple.com> Mark the line dirty when RenderQuote's text changes. https://bugs.webkit.org/show_bug.cgi?id=149784 rdar://problem/22558169 Reviewed by Antti Koivisto. When quotation mark changes ( " -> ' or empty string), we need to mark the line dirty to ensure its content gets laid out properly. Test: fast/inline/quotation-text-changes-dynamically.html * rendering/RenderQuote.cpp: (WebCore::quoteTextRenderer): (WebCore::RenderQuote::updateText): (WebCore::fragmentChild): Deleted. 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r190382. rdar://problem/22934301 2015-09-30 Dean Jackson <dino@apple.com> GraphicsContext3D::mappedSymbolName should initialize count variable https://bugs.webkit.org/show_bug.cgi?id=149692 <rdar://problem/22871304> Reviewed by Simon Fraser. While debugging another WebGL issue, I noticed that some OpenGL renderers can get into a state where they drop resources (e.g. a GPU reset). If we don't detect that in time, we might try to ask for the currently attached resources and our in-parameter will not be set. In this case, initialize it to zero so that we don't do silly things. * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp: (WebCore::GraphicsContext3D::mappedSymbolName): Initialize count to 0. 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r190339. rdar://problem/23075538 2015-09-29 Jon Honeycutt <jhoneycutt@apple.com> Avoid reparsing an XSLT stylesheet after the first failure. https://bugs.webkit.org/show_bug.cgi?id=149188 <rdar://problem/22709912> Reviewed by Dave Hyatt. Patch by Jiewen Tan, jiewen_tan@apple.com. Test: svg/custom/invalid-xslt-crash.svg * xml/XSLStyleSheet.h: Add a new member variable m_compilationFailed that tracks whether compilation has failed. Default value is false. * xml/XSLStyleSheetLibxslt.cpp: (WebCore::XSLStyleSheet::compileStyleSheet): Return early if the compilation has failed before. After compiling the style sheet, if we failed, set m_compilationFailed to true. 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r190097. rdar://problem/23075540 2015-09-21 Ryosuke Niwa <rniwa@webkit.org> Fix release builds with security assertion after r190007. * dom/DocumentOrderedMap.cpp: * dom/DocumentOrderedMap.h: 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r190007. rdar://problem/23075540 2015-09-18 Ryosuke Niwa <rniwa@webkit.org> REGRESSION(r150187): updateIdForTreeScope may not be called inside shadow trees https://bugs.webkit.org/show_bug.cgi?id=149364 Reviewed by Antti Koivisto. Since the tree scope is set to that of Document's inside removeBetween when a node is removed from a shadow tree, oldScope != &treeScope() was already true inside Element::removedFrom. This can introduce an inconsistency in DocumentOrderedMap which could result in a crash. Fixed the bug by checking it against document(), which is the behavior we had prior to r150187. Also added a consistency check in DocumentOrderedMap to catch bugs like this. No new tests. New assertions fail in existing tests without this fix. * dom/DocumentOrderedMap.cpp: (WebCore::DocumentOrderedMap::add): (WebCore::DocumentOrderedMap::remove): (WebCore::DocumentOrderedMap::get): * dom/DocumentOrderedMap.h: * dom/Element.cpp: (WebCore::Element::removedFrom): 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r189979. rdar://problem/23075525 2015-09-18 Chris Dumez <cdumez@apple.com> WebContent crash in WebCore::MemoryPressureHandler::releaseCriticalMemory() with GuardMalloc when preparing to suspend https://bugs.webkit.org/show_bug.cgi?id=149350 Reviewed by Antti Koivisto. in MemoryPressureHandler::releaseCriticalMemory(), iterate over a copy of Document::allDocuments() instead of iterating over allDocuments() directly. Also make sure the Documents are ref'd inside the copy. This is needed because clearing the StyleResolver of a Document may cause Documents to be unref'd and removed from the allDocument() HashSet. No new tests, already covered by existing tests. * platform/MemoryPressureHandler.cpp: (WebCore::MemoryPressureHandler::releaseCriticalMemory): 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r189421. rdar://problem/22802049 2015-09-04 Myles C. Maxfield <mmaxfield@apple.com> Crash when font completes downloading after calling 2D canvas setText() multiple times https://bugs.webkit.org/show_bug.cgi?id=148789 Reviewed by Darin Adler. The CSSFontSelector has a list of clients, and when fonts complete downloading, these clients get a call back. CanvasRenderingContext2D::State is one such of these clients. However, the CSSFontSelector may be destroyed and recreated at any time. We were getting into a case where multiple CSSFontSelectors were thinking that the same CanvasRenderingContext2D::State were their client. When the CanvasRenderingContext2D::State was destroyed, it only unregistered itself from one of the CSSFontSelectors, which means the CSSFontSelector left over has a dangling pointer to it. The solution is to implement a new helper class, FontProxy, to hold the CanvasRenderingContext2D::State's font, and maintain the invariant that this object is always registered to exactly one CSSFontSelector, and this CSSFontSelector is the one which is associated with the FontProxy's FontCascade object. This patch maintains this invariant, as well as protecting all access to the State's FontCascade object so no one can reach in and change it without going through functions which maintain the invariant. Test: fast/canvas/font-selector-crash.html * css/CSSFontSelector.cpp: (WebCore::CSSFontSelector::registerForInvalidationCallbacks): (WebCore::CSSFontSelector::unregisterForInvalidationCallbacks): (WebCore::CSSFontSelector::dispatchInvalidationCallbacks): * css/CSSFontSelector.h: * dom/Document.cpp: (WebCore::Document::fontsNeedUpdate): (WebCore::Document::fontSelector): (WebCore::Document::clearStyleResolver): * dom/Document.h: * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::State::State): (WebCore::CanvasRenderingContext2D::State::operator=): (WebCore::CanvasRenderingContext2D::FontProxy::~FontProxy): (WebCore::CanvasRenderingContext2D::FontProxy::FontProxy): (WebCore::CanvasRenderingContext2D::FontProxy::update): (WebCore::CanvasRenderingContext2D::FontProxy::fontsNeedUpdate): (WebCore::CanvasRenderingContext2D::FontProxy::initialize): (WebCore::CanvasRenderingContext2D::FontProxy::fontMetrics): (WebCore::CanvasRenderingContext2D::FontProxy::fontDescription): (WebCore::CanvasRenderingContext2D::FontProxy::width): (WebCore::CanvasRenderingContext2D::FontProxy::drawBidiText): (WebCore::CanvasRenderingContext2D::font): (WebCore::CanvasRenderingContext2D::setFont): (WebCore::CanvasRenderingContext2D::measureText): (WebCore::CanvasRenderingContext2D::drawTextInternal): (WebCore::CanvasRenderingContext2D::State::~State): Deleted. (WebCore::CanvasRenderingContext2D::State::fontsNeedUpdate): Deleted. (WebCore::CanvasRenderingContext2D::accessFont): Deleted. * html/canvas/CanvasRenderingContext2D.h: * platform/graphics/FontSelector.h: 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r189834. rdar://problem/22801966 2015-09-15 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Paused Debugger prevents page reload https://bugs.webkit.org/show_bug.cgi?id=148174 Reviewed by Brian Burg. When navigating the page while paused, suppress any pausing until the page has completed navigation. If not paused and navigating, you can still pause in pagehide and unload handlers or other late page events. Could not write a reliable test for this at the moment. InspectorTest.reloadPage has multiple issues with the output, so I'll investigate making reload tests more reliable later. * inspector/InspectorController.h: * inspector/InspectorController.cpp: (WebCore::InspectorController::resume): Deleted. * loader/FrameLoader.cpp: (WebCore::FrameLoader::continueLoadAfterNavigationPolicy): We now use existing InspectorInstrumentation functions instead of a method on InspectorController during load. In dropping the method InspectorController can drop a member variable no longer used. * inspector/InspectorInstrumentation.h: (WebCore::InspectorInstrumentation::willStartProvisionalLoad): Add a new instrumentation hook. * inspector/InspectorInstrumentation.cpp: (WebCore::InspectorInstrumentation::willStartProvisionalLoadImpl): (WebCore::InspectorInstrumentation::didCommitLoadImpl): When starting or completing main frame navigations, let the PageDebuggerAgent do some work. * inspector/PageDebuggerAgent.h: * inspector/PageDebuggerAgent.cpp: (WebCore::PageDebuggerAgent::mainFrameStartedLoading): (WebCore::PageDebuggerAgent::mainFrameStoppedLoading): (WebCore::PageDebuggerAgent::mainFrameNavigated): Suppress pausing if navigating while paused. Otherwise behave as normal. 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r188443. rdar://problem/22801969 2015-08-13 Tim Horton <timothy_horton@apple.com> Performing a Lookup on wrapped text puts the popover arrow in the wrong place (off to the right) https://bugs.webkit.org/show_bug.cgi?id=148012 <rdar://problem/19238094> Reviewed by Simon Fraser. * platform/spi/mac/LookupSPI.h: Add some SPI. 2015-10-09 Lucas Forschler <lforschler@apple.com> Merge r189168 2015-08-31 Alexey Proskuryakov <ap@apple.com> Build fix. * page/EventHandler.h: (WebCore::EventHandler::immediateActionStage): Don't export an inline function, to avoid "weak external symbol" errors. 2015-10-08 Lucas Forschler <lforschler@apple.com> Merge r190602. rdar://problem/22995830 2015-10-05 Alex Christensen <achristensen@webkit.org> Invalid CSS Selector for Content Blockers invalidates others https://bugs.webkit.org/show_bug.cgi?id=148446 rdar://problem/22918235 Reviewed by Benjamin Poulain. Test: http/tests/contentextensions/invalid-selector.html * contentextensions/ContentExtensionParser.cpp: (WebCore::ContentExtensions::loadTrigger): (WebCore::ContentExtensions::isValidSelector): (WebCore::ContentExtensions::loadAction): (WebCore::ContentExtensions::loadRule): Add a check to see if a selector is valid before adding it. 2015-10-08 Lucas Forschler <lforschler@apple.com> Merge r190375. rdar://problem/22881748 2015-09-30 Myles C. Maxfield <mmaxfield@apple.com> Crash when using an SVG font with > 390 glyphs https://bugs.webkit.org/show_bug.cgi?id=149677 <rdar://problem/21676402> Reviewed by Simon Fraser. The "Charset Index" in OTF are indices into a collection of strings. There are 390 predefined strings in this collection. We were currently assigning each glyph to one of these strings. However, if there are more glyphs than strings, we will be using invalid indices. The values of the strings themselves are not necessary for SVG fonts. Therefore, the solution is to create a single dummy string, and have all glyphs target it. Tests: svg/custom/many-glyphs.svg * css/CSSFontFaceSource.cpp: (WebCore::CSSFontFaceSource::font): * svg/SVGToOTFFontConversion.cpp: (WebCore::SVGToOTFFontConverter::appendCFFTable): 2015-10-08 Lucas Forschler <lforschler@apple.com> Merge r189976. rdar://problem/22824652 2015-09-18 Chris Dumez <cdumez@apple.com> REGRESSION (r182449, Mavericks ONLY): Pages re-open empty after swiping back and scrolling on them https://bugs.webkit.org/show_bug.cgi?id=149317 <rdar://problem/22521514> Reviewed by Tim Horton. Disable on Mavericks a PageCache optimization from r182449 which lets into PageCache pages that only have certain types of pending loads (images and XHR). This is because it has been determined via bisection that this change is the one that introduced the bug on Mavericks. * loader/DocumentLoader.cpp: (WebCore::areAllLoadersPageCacheAcceptable): 2015-10-08 Lucas Forschler <lforschler@apple.com> Merge r189976. rdar://problem/22824652 2015-09-18 Chris Dumez <cdumez@apple.com> REGRESSION (r182449, Mavericks ONLY): Pages re-open empty after swiping back and scrolling on them https://bugs.webkit.org/show_bug.cgi?id=149317 <rdar://problem/22521514> Reviewed by Tim Horton. Disable on Mavericks a PageCache optimization from r182449 which lets into PageCache pages that only have certain types of pending loads (images and XHR). This is because it has been determined via bisection that this change is the one that introduced the bug on Mavericks. * loader/DocumentLoader.cpp: (WebCore::areAllLoadersPageCacheAcceptable): 2015-10-08 Andy Estes <aestes@apple.com> Merge r188150, r188517, r188844, r188845, r188851, r188852, r188880, r188881, r188988, r189193, r189289, and r190133. rdar://problem/22847063 2015-08-26 Andy Estes <aestes@apple.com> [Content Filtering] Determine navigation and content policy before continuing to filter a load https://bugs.webkit.org/show_bug.cgi?id=148506 Reviewed by Brady Eidson. Prior to this change, ContentFilter would hide from DocumentLoader all CachedRawResourceClient callbacks until a decision was made, then replay the missed callbacks. This approach interacted poorly with some features of the loader, notably appcache and downloads. In the case of appcache, DocumentLoader might not have a chance to check for substitute data until the original load has finished, wasting bandwidth, and might receive duplicate or out-of-order callbacks. In the case of downloads, it would often be too late to convert the existing connection to a download, leading to restarted downloads or outright failures. Bandaids were put in place for these issues in r188150, r188486, and r188851 to fix crashes or serious regressions in behavior, but these weren't complete fixes. They did not solve any of the duplicate data loading problems, and they did not make downloads work reliably in all cases. This patch rolls out the bandaids (but keeps their tests) and replaces them with a more robust fix. Instead of hiding callbacks from DocumentLoader, ContentFilter now delivers willSendRequest(), redirectReceived(), and responseReceived() to DocumentLoader immediately, and cancels filtering if DocumentLoader decides to ignore the load, download it, or load substitute data. ContentFilter continues to buffer incoming data to prevent partial rendering of blocked content. The existing tests for r188150 and r188851 were kept, the test for r188486 was rewritten to be specific to content filtering, and new tests were added to cover the case where ContentFilter is still undecided after a load finishes. Tests: contentfiltering/allow-never.html contentfiltering/block-never.html ContentFiltering.AllowDownloadAfterAddData ContentFiltering.AllowDownloadAfterFinishedAddingData ContentFiltering.AllowDownloadAfterRedirect ContentFiltering.AllowDownloadAfterResponse ContentFiltering.AllowDownloadAfterWillSendRequest ContentFiltering.AllowDownloadNever ContentFiltering.BlockDownloadAfterAddData ContentFiltering.BlockDownloadAfterFinishedAddingData ContentFiltering.BlockDownloadAfterRedirect ContentFiltering.BlockDownloadAfterResponse ContentFiltering.BlockDownloadAfterWillSendRequest ContentFiltering.BlockDownloadNever * bindings/js/JSMockContentFilterSettingsCustom.cpp: (WebCore::JSMockContentFilterSettings::decisionPoint): Taught to handle DecisionPoint::Never, and rewrote to not need a set of const uint8_ts that mirror the DecisionPoint enum. (WebCore::JSMockContentFilterSettings::setDecisionPoint): Ditto. (WebCore::toJSValue): Rewrote to not need a set of const uint8_ts that mirror the Decision enum. (WebCore::toDecision): Ditto. * loader/ContentFilter.cpp: (WebCore::ContentFilter::createIfEnabled): Renamed from createIfNeeded, and changed to take a DocumentLoader& instead of a DecisionFunction. (WebCore::ContentFilter::ContentFilter): (WebCore::ContentFilter::responseReceived): If m_state != Blocked after filtering, call DocumentLoader::responseReceived(). (WebCore::ContentFilter::dataReceived): If m_state == Allowed after filtering, deliver buffered data to DocumentLoader. If no filtering was necessary, call DocumentLoader::dataReceived() directly. (WebCore::ContentFilter::redirectReceived): If m_state != Blocked after filtering, call DocumentLoader::redirectReceived(). (WebCore::ContentFilter::notifyFinished): If an error occured, call DocumentLoader::notifyFinished() immediately and return. If m_state != Blocked after filtering, deliver buffered data to DocumentLoader and call DocumentLoader::notifyFinished(). If no filtering was necessary and m_state != Blocked, call DocumentLoader::notifyFinished() directly. (WebCore::ContentFilter::didDecide): Called DocumentLoader::contentFilterDidDecide() instead of m_decisionFunction(). (WebCore::ContentFilter::deliverResourceData): Added a helper function to deliver buffered data to DocumentLoader. (WebCore::ContentFilter::createIfNeeded): Renamed to createIfEnabled(). * loader/ContentFilter.h: * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::DocumentLoader): (WebCore::DocumentLoader::willSendRequest): Stopped asserting that redirectResponse is null and made it part of the if condition instead, since willSendRequest() will now be called on redirects when there is an active ContentFilter. (WebCore::DocumentLoader::startLoadingMainResource): Called becomeMainResourceClient() instead of becomeMainResourceClientIfFilterAllows(). (WebCore::DocumentLoader::becomeMainResourceClient): Renamed from becomeMainResourceClientIfFilterAllows(). Only called ContentFilter::startFilteringMainResource() if the filter state is Initialized, since ContentFilter might have already made a decision in willSendRequest(). (WebCore::DocumentLoader::contentFilterDidDecide): Stopped deleting m_contentFilter, since it will continue to deliver callbacks even after making a decision. Fixed a bug where we were creating two copies of ContentFilter's replacement data. (WebCore::DocumentLoader::syntheticRedirectReceived): Deleted. (WebCore::DocumentLoader::becomeMainResourceClientIfFilterAllows): Renamed to becomeMainResourceClient(). * loader/DocumentLoader.h: * loader/EmptyClients.h: * loader/FrameLoaderClient.h: * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::willSendRequestInternal): Removed part of r188851. * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::didReceiveResponse): Removed part of r188486. * loader/SubresourceLoader.h: * loader/cache/CachedRawResource.cpp: (WebCore::CachedRawResource::didAddClient): Removed part of r188150. * loader/cache/CachedRawResourceClient.h: (WebCore::CachedRawResourceClient::syntheticRedirectReceived): Removed part of r188150. * testing/MockContentFilterSettings.h: Defined DecisionPoint::Never. * testing/MockContentFilterSettings.idl: Defined DECISION_POINT_NEVER. 2015-10-08 Lucas Forschler <lforschler@apple.com> Merge r188148. rdar://problem/22802036 2015-08-06 Dean Jackson <dino@apple.com> Shadows don't draw on fillText when using a gradient fill https://bugs.webkit.org/show_bug.cgi?id=147758 <rdar://problem/20860912> Reviewed by Myles Maxfield. Since we use a mask to render a pattern or gradient into text, any shadow was being clipped out. Change this to draw the shadow before the mask + fill operation, using a technique similar to text-shadow. Test: fast/canvas/gradient-text-with-shadow.html * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::drawTextInternal): Get the current shadow style, paint the text with a transformed shadow offset so that we only see the shadow and not the text, then combine with the existing pattern/gradient fill. 2015-10-08 Lucas Forschler <lforschler@apple.com> Rollout r190745 2015-10-08 Lucas Forschler <lforschler@apple.com> Merge r188443. rdar://problem/22801969 2015-08-13 Tim Horton <timothy_horton@apple.com> Performing a Lookup on wrapped text puts the popover arrow in the wrong place (off to the right) https://bugs.webkit.org/show_bug.cgi?id=148012 <rdar://problem/19238094> Reviewed by Simon Fraser. * platform/spi/mac/LookupSPI.h: Add some SPI. 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r190380. rdar://problem/22888962 2015-09-30 Dean Jackson <dino@apple.com> Crash in gleLookupHashObject when context is lost https://bugs.webkit.org/show_bug.cgi?id=149690 <rdar://problem/22751585> <rdar://problem/22465495> Reviewed by Simon Fraser. When we received notification that the GPU has reset, we were nulling out and deleting our OpenGL contexts and then trying to do it all over again. The fix was to flip the order of operations. While there I added some logging, and changed the way we check GPU status to make sure we do a check after the first draw call. Unfortunately we can't test automatically because it involves resetting the GPU which can possibly cause concurrent tests to fail. * platform/graphics/mac/GraphicsContext3DMac.mm: (WebCore::GraphicsContext3D::checkGPUStatusIfNecessary): Move forceContextLost() to be the first thing we do after we've realised we need to bail. 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r190252. rdar://problem/22867962 2015-09-25 Beth Dakin <bdakin@apple.com> Clicking on a data detected item inside a form control always pops up a map on force touch trackpad https://bugs.webkit.org/show_bug.cgi?id=149559 -and corresponding- rdar://problem/22826796 Reviewed by Tim Horton. The real bug here appears to be a bug in Lookup, but we can work around it. For normal text, we call directly into Data Detectors for map results, and that works fine. For text within form controls, we did not properly extract the text for DD, so we sent it to Lookup instead, and Lookup has this bug where they will pop open the map right away. If we properly extract the text for form controls, then we can work around this bug. * editing/mac/DataDetection.mm: (WebCore::detectItemAtPositionWithRange): (WebCore::DataDetection::detectItemAroundHitTestResult): 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r189560. rdar://problem/22824659 2015-09-09 Benjamin Poulain <bpoulain@apple.com> CSS general sibling selectors does not work without CSS JIT https://bugs.webkit.org/show_bug.cgi?id=148987 rdar://problem/22559860 Reviewed by Andreas Kling. When traversing with the indirect adjacent combinator, SelectorChecker was not setting the style invalidation flag on the right element. Tests: fast/css/indirect-adjacent-style-invalidation-1.html fast/css/indirect-adjacent-style-invalidation-2.html fast/css/indirect-adjacent-style-invalidation-3.html * css/SelectorChecker.cpp: (WebCore::SelectorChecker::matchRecursively): 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r188990. rdar://problem/22802029 2015-08-26 Beth Dakin <bdakin@apple.com> REGRESSION: Safari navigates after a cancelled force click https://bugs.webkit.org/show_bug.cgi?id=148491 -and corresponding- rdar://problem/22394323 Reviewed by Tim Horton. This regression was introduced on El Capitan because AppKit sends ‘cancel’ to gesture recognizer BEFORE it sends the mouseUp. So the ImmediateActionStage needs to track whether a cancel happened after updates or without any updates since they signify different things. Don’t perform default behaviors when the stage is ActionCancelledAfterUpdate. * page/EventHandler.cpp: (WebCore::EventHandler::handleMouseReleaseEvent): New possible stages, and new getter for the current stage. * page/EventHandler.h: (WebCore::EventHandler::immediateActionStage): 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r188768. rdar://problem/22802019 2015-08-21 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: REGRESSION(173684): Edit as HTML not working https://bugs.webkit.org/show_bug.cgi?id=148268 Reviewed by Chris Dumez. Tests: inspector/dom/getOuterHTML.html inspector/dom/setOuterHTML.html * inspector/DOMPatchSupport.cpp: (WebCore::DOMPatchSupport::innerPatchChildren): Revert the optimization change made in r173684. The optimization changes had a few issues. It changed the logic to potentially drop out of the loop before all new items were processed and using a node reference to track an index did not account for the modifications insertBefore may have made to that node's index in the list. 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r188690. rdar://problem/22802006 2015-08-20 Chris Dumez <cdumez@apple.com> [Cocoa] Treat Epoch as invalid value for "Last-Modified" header https://bugs.webkit.org/show_bug.cgi?id=148162 rdar://problem/22330837 Reviewed by Antti Koivisto. Ignore "Last-Modified" header when computing heuristic freshness if it is Epoch. CFNetwork currently converts a malformed date for Last-Modified into Epoch so there is no way for us to distinguish Epoch from invalid input. Without this, we would end up with cached resources that have a giant lifetime (> 4 years) due to a malformed HTTP header. Some Websites (e.g. www.popehat.com) also wrongly return Epoch as Last-Modified value and we would end up caching it overly aggressively. Now that we consider Epoch as an invalid value for Last-Modified, it will also work around this content bug. Test: http/tests/cache/disk-cache/disk-cache-last-modified.html * platform/network/ResourceResponseBase.cpp: (WebCore::ResourceResponseBase::lastModified): 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r189102. rdar://problem/22802034 2015-08-28 Timothy Horton <timothy_horton@apple.com> [Mac] Right-clicking on GIFs spins the UI process for a while https://bugs.webkit.org/show_bug.cgi?id=148566 <rdar://problem/22460854> Reviewed by Brady Eidson. * platform/ContextMenuItem.h: Properly mark this as Mac-only. It's only implemented in ContextMenuItemMac. * platform/mac/ContextMenuItemMac.mm: (WebCore::ContextMenuItem::shareMenuItem): Take a NSImage directly, so we don't have to round-trip through BitmapImage, which can be lossy and expensive. 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r188634. rdar://problem/22802013 2015-08-18 Myles C. Maxfield <mmaxfield@apple.com> [Cocoa] Punctuation near Hindi text is garbled when styled with the system font https://bugs.webkit.org/show_bug.cgi?id=148164 Reviewed by Brian Burg. Fonts cache whether or not they are the system font. This caching took place at the end of Font::platformInit(). However, in the middle of Font::platformInit(), we look up a glyph, which calls GlyphPage::fill() which consults with this cache. However, at this point, the cache has not been constructed yet. The solution is just to construct the cache earlier (at the beginning of the function). Consulting with the cache before it is populated causes it to erroneously say that no fonts are system fonts. Then, we use Core Graphics to ask for glyphs instead of Core Text. Core Graphics, however, is incapable of handling the system font, and returns us garbled results. In particular, when the system language is set to Japanese, the system font does not support punctuation, and Core Text tells us so. However, Core Graphics erroneously tells us that the system font does support punctuation. Then, if text is near the punctuation which causes us to take the complex text codepath (such as Hindi text), we tell Core Text to explicitly lay out the punctuation using the system font (which does not support punctuation). Core Text then replies that the provided font doesn't support the punctuation, and that we should use LastResort with some other glyphs instead. WebKit then disregards the font CoreText told us to use (because we are oh-so-sure that the font in question supports punctuation) and uses the LastResort glyph IDs with our font, which causes arbitrary glyphs to be shown. Test: fast/text/hindi-system-font-punctuation.html * platform/graphics/cocoa/FontCocoa.mm: (WebCore::Font::platformInit): 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r188622. rdar://problem/22802016 2015-08-18 Dean Jackson <dino@apple.com> Add null check in ImageBufferData::getData https://bugs.webkit.org/show_bug.cgi?id=148156 <rdar://problem/22337157> Reviewed by Simon Fraser. We're getting a number of crash reports that suggest the allocation of the result buffer has failed, but have been unable to reproduce. This patch adds a null check to the allocation, and logs a message to the system console. This might avoid the crashes, and hopefully we'll see the message. No new tests, since we're unable to reproduce this crash. * platform/graphics/cg/ImageBufferDataCG.cpp: (WebCore::ImageBufferData::getData): Add a null-check and early return. 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r188298. rdar://problem/22885242 2015-08-11 Zalan Bujtas <zalan@apple.com> Invalid FrameView::m_viewportRenderer after layout is finished. https://bugs.webkit.org/show_bug.cgi?id=147848 rdar://problem/22205197 Reviewed by Simon Fraser. We cache the current viewport renderer (FrameView::m_viewportRenderer) right before layout. It gets dereferenced later when layout is finished to update the overflow status. If the viewport renderer gets destroyed during layout, we end up with a dangling pointer. This patch replaces the pointer caching with type caching (none, body, document). Unable to construct a test case. 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r187921. rdar://problem/22801988 2015-08-04 Chris Dumez <cdumez@apple.com> Subframes with no current HistoryItem should not prevent page-caching https://bugs.webkit.org/show_bug.cgi?id=147649 <rdar://problem/21614832> Reviewed by Andreas Kling. Subframes with no current HistoryItem should not prevent page-caching. We need one for the main frame as this is the key in the PageCache. However, there is no reason to require one for subframes. This is a common reason for page-caching failures nowadays. Frames do no have a current HistoryItem until something has been loaded in them. Test: http/tests/navigation/page-cache-iframe-no-current-historyItem.html * history/PageCache.cpp: (WebCore::logCanCacheFrameDecision): (WebCore::PageCache::canCachePageContainingThisFrame): 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r187593. rdar://problem/22801973 2015-07-30 Simon Fraser <simon.fraser@apple.com> Selecting in an iframe can cause main page scrolling https://bugs.webkit.org/show_bug.cgi?id=147431 rdar://problem/19244589 Reviewed by Zalan Bujtas. The RenderLayer auatoscroll code walks up the RenderLayer hierarchy, crossing frame boundaries. However, as it crosses into an ancestor frame it failed to map the target rect into the coordinate space of the new frame, which caused us to scroll to an incorrect location in that parent frame. Test: fast/events/autoscroll-in-iframe.html * rendering/RenderLayer.cpp: (WebCore::parentLayerCrossFrame): Make the layer a reference, and pass in an optional rect. When crossing frame boundaries, map the rect from the contents of the child frame to the contents of the parent frame. (WebCore::RenderLayer::enclosingScrollableLayer): Pass optional rect. (WebCore::RenderLayer::scrollRectToVisible): (WebCore::RenderLayer::hasScrollableOrRubberbandableAncestor): * rendering/RenderLayer.h: 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r187210. rdar://problem/22801995 2015-07-22 Wenson Hsieh <wenson_hsieh@apple.com> Coordinates-based snap offsets don't update correctly when container is scrolled https://bugs.webkit.org/show_bug.cgi?id=147215 Reviewed by Brent Fulgham. Fixes the way we append the snap offsets of child elements with coordinates. We now consider the scroll offset of the parent scroll snapping container, so snap offset recomputations don't fail on scroll snapping containers. Test: css3/scroll-snap/scroll-snap-coordinate-overflow-resize.html * page/scrolling/AxisScrollSnapOffsets.cpp: (WebCore::appendChildSnapOffsets): Fixed to consider the scroll offset of the parent container. 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r187145. rdar://problem/22801952 2015-07-21 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Node highlights are wrong when the page is zoomed https://bugs.webkit.org/show_bug.cgi?id=147177 Reviewed by Simon Fraser. * inspector/InspectorOverlay.cpp: (WebCore::InspectorOverlay::update): Remove scaling that appears to no longer be needed, it was double scaling the overlay content and misplacing it in the process. 2015-09-25 Brent Fulgham <bfulgham@apple.com> Merge r190235. rdar://problem/22852382 2015-09-24 Brent Fulgham <bfulgham@apple.com> [Win] Support composited content in WebView render-to-context methods https://bugs.webkit.org/show_bug.cgi?id=149516 <rdar://problem/22635080> Reviewed by Simon Fraser. Extend the CACFLayerTreeHost implementation to render into a passed device context when requested. When no context is provided (the default case) paint as normal. Will be tested by existing compositing tests in a future bug. DumpRenderTree has to be extended to do this painting properly. * platform/graphics/ca/win/CACFLayerTreeHost.cpp: (WebCore::CACFLayerTreeHost::paint): Accept an optional HDC argument, and pass it to the render method. * platform/graphics/ca/win/CACFLayerTreeHost.h: * platform/graphics/ca/win/LegacyCACFLayerTreeHost.cpp: Add missing SOFT_LINK command for the WKCACFViewDrawIntoDC. (WebCore::LegacyCACFLayerTreeHost::paint): Accept optional HDC argument and pass it to the parent class. (WebCore::LegacyCACFLayerTreeHost::render): Accept new optional HDC argument. If provided, call WKCACFViewDrawIntoDC. Otherwise, call WKCACFVIewDraw. * platform/graphics/ca/win/LegacyCACFLayerTreeHost.h: * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp: Add missing SOFT_LINK command for the WKCACFViewDrawIntoDC. (WebCore::WKCACFViewLayerTreeHost::paint): Accept optional HDC argument and pass it to the parent class. (WebCore::WKCACFViewLayerTreeHost::render): Accept new optional HDC argument. If provided, call WKCACFViewDrawIntoDC. Otherwise, call WKCACFVIewDraw. * platform/graphics/ca/win/WKCACFViewLayerTreeHost.h: 2015-09-22 Matthew Hanson <matthew_hanson@apple.com> Merge r189200. rdar://problem/22803080 2015-08-31 Brent Fulgham <bfulgham@apple.com> [Win] WebKit cannot load pages based on "file://" URLs https://bugs.webkit.org/show_bug.cgi?id=148596 <rdar://problem/22432585> Reviewed by Dean Jackson. * platform/URL.cpp: (WebCore::URL::URL): Work around bug that causes this assertion to fire on the Apple Windows build. * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp: (WebCore::adjustMIMETypeIfNecessary): Added. If the URL is for a local file, determine the MIME type based on extension. Otherwise use the default MIME type. (WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveResponse): If the CFURLResponse has no MIME type, call 'adjustMIMETypeIfNecessary'. 2015-09-16 Babak Shafiei <bshafiei@apple.com> Merge r189821. 2015-09-15 Brent Fulgham <bfulgham@apple.com> [Win] Tiled drawing is rendering more times than it should https://bugs.webkit.org/show_bug.cgi?id=149144 <rdar://problem/22313905> Reviewed by Simon Fraser. Provide a more faithful implemenation of the Objective C tiled drawing logic. (1) Create a new WebTiledBackingLayerWin class that represents a the container of tiles. This matches the Objective C design. (2) Move implementation of several methods (e.g., isOpaque) to the internal class implementation so that the Tile Drawing logic can perform special handling in these cases. (3) Remove the duplicated Tiled Drawing logic from PlatformCALayerWinInternal, since it was just duplicating code in TileController and TileGrid. (4) Clean up the display callback code to avoid performing incorrect flipping of the coordinate system. * PlatformAppleWin.cmake: Add new WebTiledBackingLayerWin file. * WebCore.vcxproj/WebCore.vcxproj: Add the new WebTiledBackingLayerWin files. * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto. * platform/graphics/ca/PlatformCALayer.cpp: (PlatformCALayer::flipContext): Added convenience method. (PlatformCALayer::drawRepaintIndicator): Ditto. * platform/graphics/ca/TileGrid.cpp: (TileGrid::platformCALayerPaintContents): Flip the context before drawing the repaint indicator on Windows. * platform/graphics/ca/win/PlatformCALayerWin.cpp: (PlatformCALayerWin::PlatformCALayerWin): Create a WebTiledBackingLayerWin object if using tiled drawing. (PlatformCALayerWin::~PlatformCALayerWin): (PlatformCALayerWin::isOpaque): Move implementation to internal class. (PlatformCALayerWin::setOpaque): Ditto. (PlatformCALayerWin::setBorderWidth): Ditto. (PlatformCALayerWin::setBorderColor): Ditto. (PlatformCALayerWin::contentsScale): Ditto. (PlatformCALayerWin::setContentsScale): Ditto. (PlatformCALayerWin::cornerRadius): Ditto. (PlatformCALayerWin::tiledBacking): Ditto. (PlatformCALayerWin::drawTextAtPoint): New helper method to draw repaint counter text. Needed to work around bug in CG. * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp: (PlatformCALayerWinInternal::PlatformCALayerWinInternal): Remove tiling-logic related member variables. (PlatformCALayerWinInternal::~PlatformCALayerWinInternal): (shouldInvertBeforeDrawingContent): Added convenience method. (shouldInvertBeforeDrawingRepaintCounters): Ditto. (PlatformCALayerWinInternal::displayCallback): (PlatformCALayerWinInternal::drawRepaintCounters): Helper method to share code between the two layer classes. (PlatformCALayerWinInternal::internalSetNeedsDisplay): use nullptr. (PlatformCALayerWinInternal::setNeedsDisplay): Ditto. (PlatformCALayerWinInternal::setNeedsDisplayInRect): Move tiled code to WebTiledBackingLayerWin and simplify the remaing code. (PlatformCALayerWinInternal::setSublayers): Remove tile code. (PlatformCALayerWinInternal::getSublayers): Ditto. (PlatformCALayerWinInternal::removeAllSublayers): Ditto. (PlatformCALayerWinInternal::insertSublayer): Ditto. (PlatformCALayerWinInternal::sublayerCount): Ditto. (PlatformCALayerWinInternal::indexOfSublayer): Ditto. (PlatformCALayerWinInternal::sublayerAtIndex): Ditto. (PlatformCALayerWinInternal::setBounds): Ditto. (PlatformCALayerWinInternal::setFrame): Ditto. (PlatformCALayerWinInternal::isOpaque): Ditto. (PlatformCALayerWinInternal::setOpaque): Ditto. (PlatformCALayerWinInternal::contentsScale): Ditto. (PlatformCALayerWinInternal::setContentsScale): Ditto. (PlatformCALayerWinInternal::setBorderWidth): Ditto. (PlatformCALayerWinInternal::setBorderColor): Ditto. (layerTypeIsTiled): Deleted. (PlatformCALayerWinInternal::constrainedSize): Deleted. (PlatformCALayerWinInternal::tileDisplayCallback): Deleted. (PlatformCALayerWinInternal::addTile): Deleted. (PlatformCALayerWinInternal::removeTile): Deleted. (PlatformCALayerWinInternal::tileAtIndex): Deleted. (PlatformCALayerWinInternal::tileCount): Deleted. (PlatformCALayerWinInternal::updateTiles): Deleted. (PlatformCALayerWinInternal::drawTile): Deleted. (PlatformCALayerWinInternal::createTileController): Deleted. (PlatformCALayerWinInternal::tiledBacking): Deleted. * platform/graphics/ca/win/PlatformCALayerWinInternal.h: (WebCore::PlatformCALayerWinInternal::owner): * platform/graphics/ca/win/WebTiledBackingLayerWin.cpp: Added. (WebTiledBackingLayerWin::WebTiledBackingLayerWin): (WebTiledBackingLayerWin::~WebTiledBackingLayerWin): (DisplayOnMainThreadContext::DisplayOnMainThreadContext): (redispatchOnMainQueue): (WebTiledBackingLayerWin::displayCallback): (WebTiledBackingLayerWin::setNeedsDisplay): (WebTiledBackingLayerWin::setNeedsDisplayInRect): (WebTiledBackingLayerWin::setBounds): (WebTiledBackingLayerWin::isOpaque): (WebTiledBackingLayerWin::setOpaque): (WebTiledBackingLayerWin::contentsScale): (WebTiledBackingLayerWin::setContentsScale): (WebTiledBackingLayerWin::setBorderWidth): (WebTiledBackingLayerWin::setBorderColor): (WebTiledBackingLayerWin::createTileController): (WebTiledBackingLayerWin::tiledBacking): (WebTiledBackingLayerWin::invalidate): * platform/graphics/ca/win/WebTiledBackingLayerWin.h: Added. 2015-09-11 Babak Shafiei <bshafiei@apple.com> Merge r189598. 2015-09-10 Chris Fleizach <cfleizach@apple.com> AX: Mavericks: Text cursor does not move along with VoiceOver cursor for text fields https://bugs.webkit.org/show_bug.cgi?id=148891 Reviewed by Alexey Proskuryakov. Asychronous focus setting DOES work on Yosemite, just not Mavericks. * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilitySetValue:forAttribute:]): (-[WebAccessibilityObjectWrapper _accessibilitySetValue:forAttribute:]): 2015-09-11 Babak Shafiei <bshafiei@apple.com> Merge r189483. 2015-09-07 Chris Fleizach <cfleizach@apple.com> AX: Mavericks: Text cursor does not move along with VoiceOver cursor for text fields https://bugs.webkit.org/show_bug.cgi?id=148891 Reviewed by Mario Sanchez Prada. Undo the asynchronous dispatch of accessibility setting values on pre El Capitan machines because it causes focus to not sync correctly. Test: accessibility/mac/focus-moves-cursor.html * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilitySetValue:forAttribute:]): (-[WebAccessibilityObjectWrapper _accessibilitySetValue:forAttribute:]): 2015-09-10 Babak Shafiei <bshafiei@apple.com> Merge r189469. 2015-09-07 Daniel Bates <dabates@apple.com> ASSERT_WITH_SECURITY_IMPLICATION in WebCore::DocumentOrderedMap::get(); update form association after subtree insertion https://bugs.webkit.org/show_bug.cgi?id=148919 <rdar://problem/21868036> Reviewed by Andy Estes. Currently we update the form association of a form control upon insertion into the document. Instead we should update the form association of a form control after its containing subtree is inserted into the document to avoid an assertion failure when the containing subtree has an element whose id is identical to both the id of some other element in the document and the name of the form referenced by the inserted form control. Tests: fast/forms/update-form-owner-in-moved-subtree-assertion-failure-2.html fast/forms/update-form-owner-in-moved-subtree-assertion-failure-3.html fast/forms/update-form-owner-in-moved-subtree-assertion-failure-4.html fast/forms/update-form-owner-in-moved-subtree-assertion-failure.html * html/FormAssociatedElement.cpp: (WebCore::FormAssociatedElement::insertedInto): Moved resetFormOwner() from here to {HTMLFormControlElement, HTMLObjectElement}::finishedInsertingSubtree(). * html/HTMLFormControlElement.cpp: (WebCore::HTMLFormControlElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree so that HTMLFormControlElement::finishedInsertingSubtree() is called. (WebCore::HTMLFormControlElement::finishedInsertingSubtree): Added; turn around and call FormAssociatedElement::resetFormOwner(). * html/HTMLFormControlElement.h: * html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree so that HTMLInputElement::finishedInsertingSubtree() is called and move logic to update radio button group from here... (WebCore::HTMLInputElement::finishedInsertingSubtree): to here. * html/HTMLInputElement.h: * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree so that HTMLObjectElement::finishedInsertingSubtree() is called. (WebCore::HTMLObjectElement::finishedInsertingSubtree): Added; turn around and call FormAssociatedElement::resetFormOwner(). * html/HTMLObjectElement.h: * html/HTMLSelectElement.cpp: (WebCore::HTMLSelectElement::insertedInto): Modified to return the result of HTMLFormControlElementWithState::insertedInto(), which may schedule a callback after subtree insertion. * html/HTMLTextFormControlElement.cpp: (WebCore::HTMLTextFormControlElement::insertedInto): Ditto. 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r189167. 2015-08-31 Enrica Casucci <enrica@apple.com> Incorrect cursor movement for U+26F9, U+1F3CB with variations. https://bugs.webkit.org/show_bug.cgi?id=148629 rdar://problem/22492366 Reviewed by Ryosuke Niwa. Updating text break iterator rules to correctly handle those two emoji with variations. * platform/text/TextBreakIterator.cpp: (WebCore::cursorMovementIterator): 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r189101. 2015-08-28 Brady Eidson <beidson@apple.com> Use new CFNetwork cookie jar SPI only on El Capitan. https://bugs.webkit.org/show_bug.cgi?id=148574 and rdar://problem/22460752 Reviewed by David Kilzer. * platform/network/mac/CookieJarMac.mm: (WebCore::setCookiesFromDOM): Use OS X version to decide which API/SPI to use. * platform/spi/cf/CFNetworkSPI.h: Forward declare the SPI 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r188659. 2015-08-19 Brent Fulgham <bfulgham@apple.com> Scrollable area container is not properly cleared when page is going into the PageCache https://bugs.webkit.org/show_bug.cgi?id=148182 <rdar://problem/21969170> Reviewed by Dean Jackson. Must be tested manually going back and forth in history several times. * history/CachedFrame.cpp: (WebCore::CachedFrame::CachedFrame): Clear the cached ScrollableAreas from the FrameView. * page/FrameView.cpp: (WebCore::FrameView::clearScrollableAreas): Added. * page/FrameView.h: 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r188370. 2015-08-12 Brent Fulgham <bfulgham@apple.com> Move RenderBox-specific Scroll Snap code from RenderElement to RenderBox https://bugs.webkit.org/show_bug.cgi?id=147963 Reviewed by Simon Fraser. No new tests: No change in functionality. * rendering/RenderBox.cpp: (WebCore::RenderBox::styleWillChange): Remove RenderBox-specific code. (WebCore::RenderBox::willBeRemovedFromTree): Ditto. * rendering/RenderBox.h: * rendering/RenderElement.cpp: (WebCore::RenderElement::styleWillChange): Move code from RenderElement to handle Scroll Snap Points. (WebCore::RenderElement::willBeRemovedFromTree): Added new override to handle scroll-snap point logic. 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r188340. 2015-08-12 Brent Fulgham <bfulgham@apple.com> REGRESSION(r185606): ASSERT in WebCore::RenderElement::styleWillChange https://bugs.webkit.org/show_bug.cgi?id=147596 <rdar://problem/21963355> Reviewed by Jon Honeycutt. Only add (or remove) a RenderElement from the container of RenderBoxes with scroll snap coordinates if the element actually is a RenderBox. Tested by css3/scroll-snap/improper-snap-points-crash.html. * rendering/RenderElement.cpp: (WebCore::RenderElement::styleWillChange): (WebCore::RenderElement::willBeRemovedFromTree): 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r188271. 2015-08-11 Said Abou-Hallawa <sabouhallawa@apple.com> feMorphology is not rendered correctly on Retina display https://bugs.webkit.org/show_bug.cgi?id=147589 Reviewed by Dean Jackson. The result ImageBuffer of any FilterEffect is already scaled up for 2x display. The FEMorphology needs to fix its painting data dimension and radius by multiplying them by the filter scale factor. Test: fast/hidpi/filters-morphology.html * platform/graphics/filters/FEMorphology.cpp: (WebCore::FEMorphology::platformApplySoftware): 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r188014. 2015-08-05 Chris Dumez <cdumez@apple.com> Crash when removing children of a MathMLSelectElement https://bugs.webkit.org/show_bug.cgi?id=147704 <rdar://problem/21940321> Reviewed by Ryosuke Niwa. When MathMLSelectElement::childrenChanged() is called after its children have been removed, MathMLSelectElement calls updateSelectedChild() which accesses m_selectedChild. However, in this case, m_selectedChild is the previously selected child and it may be destroyed as this point if it was removed. To avoid this problem, MathMLSelectElement now keep a strong ref to the currently selected element. Test: mathml/maction-removeChild.html * mathml/MathMLSelectElement.h: 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r187564. 2015-07-29 Zalan Bujtas <zalan@apple.com> Remove the spanner placeholder from m_spannerMap when the placeholder object gets transferred to a descendant flow. https://bugs.webkit.org/show_bug.cgi?id=147380 rdar://problem/21981078 Reviewed by David Hyatt. Before r180328, the spanner placeholder was removed from m_spannerMap through RenderMultiColumnFlowThread::removeFlowChildInfo() by calling flowThreadRelativeWillBeRemoved() when the placeholder renderer got transferred to the descendant flow. Now we just remove it from the map when the renderer is being detached. Test: fast/multicol/newmulticol/spanner-crash-with-embedded-columns.html * rendering/RenderMultiColumnFlowThread.cpp: (WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted): 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r186984. 2015-07-17 Zalan Bujtas <zalan@apple.com> REGRESSION (r169105): Do not assign a renderer to multiple selection subtrees. https://bugs.webkit.org/show_bug.cgi?id=147038 rdar://problem/21819351 Reviewed by David Kilzer. A renderer should never be assigned to multiple selection subtrees. (Currently RenderObject maintains the last selection state.) RenderView::applySubtreeSelection() loops from the start to the end of the selection to find renderers that are inside the selection. However, in case of regions (when multiple selection roots are present) traversing the renderer tree by calling RenderObject::nextInPreOrder() could end up going across selection roots. This patch ensures that we assign renderers to a specific selection only when the current selection root and the renderer's selection root match. Test: fast/regions/crash-when-renderer-is-in-multiple-selection-subtrees2.html * rendering/RenderView.cpp: (WebCore::SelectionIterator::SelectionIterator): (WebCore::SelectionIterator::current): (WebCore::SelectionIterator::checkForSpanner): (WebCore::RenderView::applySubtreeSelection): 2015-08-28 Babak Shafiei <bshafiei@apple.com> Merge r189024. 2015-08-27 Enrica Casucci <enrica@apple.com> Add some new emoji with modifiers and new sequence. https://bugs.webkit.org/show_bug.cgi?id=148202 rdar://problem/21849857 Reviewed by Sam Weinig. Adding support for some new emoji with modifiers and one new emoji sequence. * platform/graphics/FontCascade.cpp: (WebCore::FontCascade::characterRangeCodePath): * platform/text/CharacterProperties.h: (WebCore::isEmojiGroupCandidate): (WebCore::isEmojiModifier): * platform/text/TextBreakIterator.cpp: (WebCore::cursorMovementIterator): 2015-08-21 Matthew Hanson <matthew_hanson@apple.com> Merge r188769. rdar://problem/22354983 2015-08-21 Doug Russell <d_russell@apple.com> AX: Table with CSS that makes a row anonymous can return NULL from cellForColumnAndRow https://bugs.webkit.org/show_bug.cgi?id=148293 Reviewed by Chris Fleizach. When RenderTableRows are anonymous, they may not be added to the accessible data table's internal row list. However, when calculating the row range for a cell, we were still accounting for those anonymous sections. Change how the row range is calculated to directly ask the accessible parent row for its index. This will ensure it’s more inline with what’s being represented to the accessibility API. Test: accessibility/aria-table-content.html * accessibility/AccessibilityTableCell.cpp: (WebCore::AccessibilityTableCell::parentRow): (WebCore::AccessibilityTableCell::rowIndexRange): * accessibility/AccessibilityTableCell.h: 2015-08-21 Matthew Hanson <matthew_hanson@apple.com> Merge r188765. rdar://problem/22356782 2015-08-21 Beth Dakin <bdakin@apple.com> HistoryItems will null CachedPages should never be left in the list of items; causes crash https://bugs.webkit.org/show_bug.cgi?id=148237 -and corresponding- rdar://problem/22356782 Reviewed by Brady Eidson. Setting the CachedPage to nullptr will destroy the CachedPage, destroy the FrameView, re-enter layout, and potentially try to modify items in the PageCache based on that layout. So, we should not modify CachedPage in this way while the item is still in the list of HistoryItems. * history/PageCache.cpp: (WebCore::PageCache::take): (WebCore::PageCache::remove): (WebCore::PageCache::prune): 2015-08-17 Matthew Hanson <matthew_hanson@apple.com> Merge r188531. rdar://problem/22308554 2015-08-17 Andy Estes <aestes@apple.com> REGRESSION (r188486): Crash in SubresourceLoader::didReceiveResponse() when TemporaryChange goes out of scope https://bugs.webkit.org/show_bug.cgi?id=148082 Reviewed by Alexey Proskuryakov. Covered by existing tests run under ASan or Guard Malloc. * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::didReceiveResponse): Ensure that callingDidReceiveResponse is destroyed while the SubresourceLoader is still alive by declaring it after protect. 2015-08-14 Babak Shafiei <bshafiei@apple.com> Merge r188486. 2015-08-13 Andy Estes <aestes@apple.com> [Cocoa] Downloads do not start if policy decision is made asynchronously https://bugs.webkit.org/show_bug.cgi?id=147985 Reviewed by Brady Eidson. It's only possible to convert a NSURLConnection to a download while the connection delegate's -connection:didReceiveResponse: is being called. However, WebKit clients can decide content policy asynchronously. If a client chooses to download a response asynchronously, we can no longer convert the connection to a download, so we should start a new download instead. New API test: _WKDownload.AsynchronousDownloadPolicy * dom/Document.cpp: Updated to include SubresourceLoader.h. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::mainResourceLoader): Updated to return a SubresourceLoader. (WebCore::DocumentLoader::continueAfterContentPolicy): Cast mainResourceLoader() to a ResourceLoader since didFail() is private in SubresourceLoader. * loader/DocumentLoader.h: * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::SubresourceLoader): Initialized m_callingDidReceiveResponse to false. (WebCore::SubresourceLoader::didReceiveResponse): Used TemporaryChange<> to set m_callingDidReceiveResponse to true. * loader/SubresourceLoader.h: * loader/appcache/ApplicationCacheHost.cpp: Updated to include SubresourceLoader.h. * loader/mac/DocumentLoaderMac.cpp: Ditto. 2015-08-13 Babak Shafiei <bshafiei@apple.com> Merge r188416. 2015-08-13 Jer Noble <jer.noble@apple.com> Don't short circuit seeking https://bugs.webkit.org/show_bug.cgi?id=147892 Reviewed by Eric Carlson. When two seekWithTolerance() requests come in before the first is acted upon in seekTask(), the second will result in a "no seek required" conditional, because the new "currentTime" is assumed to be the destination time of the first seek. When cancelling a pending seek, first replace the "now" value with the "now" value from the replaced seek, thus preserving the original currentTime across all replacement seeks. Drive-by fix: some added logging causes occasional crashes, due to the underlying object being accessed having been deleted. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::seekWithTolerance): * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::seekToTime): 2015-08-13 Matthew Hanson <matthew_hanson@apple.com> Merge r188390. rdar://problem/21367467 2015-08-13 Eric Carlson <eric.carlson@apple.com> Don't short circuit seeking https://bugs.webkit.org/show_bug.cgi?id=147892 Reviewed by Jer Noble. Test: media/video-seek-to-current-time.html * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::prepareForLoad): Call clearSeeking. (WebCore::HTMLMediaElement::fastSeek): Add logging. (WebCore::HTMLMediaElement::seekWithTolerance): Add logging. Set m_pendingSeekType. (WebCore::HTMLMediaElement::seekTask): Call clearSeeking. Don't short circuit a if the current or pending seek is a fast seek. Set m_seeking to true immediately before calling media engine as it may have been cleared before the seek task queue ran. (WebCore::HTMLMediaElement::clearSeeking): New. * html/HTMLMediaElement.h: * html/HTMLMediaElementEnums.h: * platform/GenericTaskQueue.h: (WebCore::GenericTaskQueue::enqueueTask): Clear m_pendingTasks. * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp: (WebCore::MediaPlayerPrivateAVFoundation::seekWithTolerance): Don't return early when asked to seek to the current time. (WebCore::MediaPlayerPrivateAVFoundation::invalidateCachedDuration): Remove some extremely noisy logging. * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::seekToTime): Add logging. 2015-08-11 Matthew Hanson <matthew_hanson@apple.com> Merge r188263. rdar://problem/22202935 2015-08-11 Matthew Hanson <matthew_hanson@apple.com> Merge r188203. rdar://problem/22026625 2015-08-09 Nan Wang <n_wang@apple.com> AX: CSS table display styles can cause malformed, inaccessible AXTables to be exposed to the AX tree https://bugs.webkit.org/show_bug.cgi?id=136415 <rdar://problem/22026625> Reviewed by Chris Fleizach. Applying CSS display styles to tables can end up inserting anonymous RenderTableRows, which is not handled well by the accessibility code, which treats these as the actual rows. We can address this by diving deeper into anonymous nodes and finding the real rows and cells we want. In addition, another thing also causing malformed tables is that "grid" roles are being exposed as AXGrid instead of AXTable. Test: accessibility/mac/malformed-table.html * accessibility/AccessibilityARIAGrid.cpp: (WebCore::AccessibilityARIAGrid::addRowDescendant): * accessibility/AccessibilityTable.cpp: (WebCore::AccessibilityTable::addChildren): (WebCore::AccessibilityTable::addTableCellChild): (WebCore::AccessibilityTable::addChildrenFromSection): * accessibility/AccessibilityTable.h: * accessibility/AccessibilityTableCell.cpp: (WebCore::AccessibilityTableCell::parentTable): (WebCore::AccessibilityTableCell::rowIndexRange): * accessibility/AccessibilityTableRow.cpp: (WebCore::AccessibilityTableRow::parentTable): * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (createAccessibilityRoleMap): 2015-08-11 Matthew Hanson <matthew_hanson@apple.com> Merge r188243. rdar://problem/22102378 2015-08-10 Myles C. Maxfield <mmaxfield@apple.com> Post-review fixup after r188195 https://bugs.webkit.org/show_bug.cgi?id=147806 Unreviewed. Covered by fast/text/crash-obscure-text.html. * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::objectForEqualityCheck): 2015-08-11 Matthew Hanson <matthew_hanson@apple.com> Merge r188195. rdar://problem/22102378 2015-08-09 Myles C. Maxfield <mmaxfield@apple.com> Crash in ComplexTextController when laying out obscure text https://bugs.webkit.org/show_bug.cgi?id=147806 <rdar://problem/22102378> Reviewed by Darin Adler. CTFontDescriptorCopyAttribute(fontDescriptor.get(), kCTFontReferenceURLAttribute) can return nullptr. Test: fast/text/crash-obscure-text.html * platform/graphics/mac/ComplexTextControllerCoreText.mm: (WebCore::safeCFEqual): (WebCore::ComplexTextController::collectComplexTextRunsForCharacters): 2015-08-11 Matthew Hanson <matthew_hanson@apple.com> Merge r188263. rdar://problem/22202935 2015-08-11 Myles C. Maxfield <mmaxfield@apple.com> [iOS] Arabic letter Yeh is drawn in LastResort https://bugs.webkit.org/show_bug.cgi?id=147862 <rdar://problem/22202935> Reviewed by Darin Adler. In order to perform font fallback, we must know which fonts support which characters. We perform this check by asking each font to map a sequence of codepoints to glyphs, and any glyphs which end up with a 0 value are unsupported by the font. One of the mechanisms that we use to do this is to combine the code points into a string, and tell Core Text to lay out the string. However, this is fundamentally a different operation than the one we are trying to perform. Strings combine adjacent codepoints into grapheme clusters, and CoreText operates on these. However, we are trying to gain information regarding codepoints, not grapheme clusters. Instead of taking this string-based approach, we should try harder to use Core Text functions which operate on ordered collections of characters, rather than strings. In particular, CTFontGetGlyphsForCharacters() and CTFontGetVerticalGlyphsForCharacters() have the behavior we want where any unmapped characters end up with a 0 value glyph. Previously, we were only using the result of those functions if they were successfully able to map their entire input. However, given the fact that we can degrade gracefully in the case of a partial mapping, we shouldn't need to bail completely to the string-based approach should a partial mapping occur. At some point we should delete the string-based approach entirely. However, this path is still explicitly used for composite fonts. Fixing that use case is out of scope for this patch. Test: fast/text/arabic-glyph-cache-fill-combine.html * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::GlyphPage::fill): 2015-08-11 Matthew Hanson <matthew_hanson@apple.com> Merge r187758. rdar://problem/22095006 2015-08-03 Anders Carlsson <andersca@apple.com> Safari is failing to remove SQLite Databases via Remove All Website Data https://bugs.webkit.org/show_bug.cgi?id=147584 rdar://problem/22095006 Reviewed by Brady Eidson. If we end up deleting every single database for an origin, make sure to also delete the origin. * Modules/webdatabase/DatabaseTracker.cpp: (WebCore::DatabaseTracker::deleteDatabasesModifiedSince): 2015-08-10 Dana Burkart <dburkart@apple.com> Merge r188182. rdar://problem/21254835 2015-08-07 James Craig <jcraig@apple.com> REGRESSION(r184722) AX: WebKit video playback toolbar removed from DOM; no longer accessible to VoiceOver https://bugs.webkit.org/show_bug.cgi?id=145684 Reviewed by Dean Jackson. Updated Apple Video controls to add an invisible but focusable button that allows VoiceOver users (and when unblocked, keyboard users) to re-display the video controls. Test: media/video-controls-show-on-kb-or-ax-event.html * English.lproj/mediaControlsLocalizedStrings.js: * Modules/mediacontrols/mediaControlsApple.css: (audio::-webkit-media-show-controls): (video::-webkit-media-show-controls): * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.createControls): (Controller.prototype.handleFullscreenChange): (Controller.prototype.handleShowControlsClick): (Controller.prototype.handleWrapperMouseMove): (Controller.prototype.updateForShowingControls): (Controller.prototype.showControls): (Controller.prototype.hideControls): (Controller.prototype.setNeedsUpdateForDisplayedWidth): * Modules/mediacontrols/mediaControlsiOS.css: (audio::-webkit-media-show-controls): (video::-webkit-media-show-controls): 2015-08-10 Dana Burkart <dburkart@apple.com> Merge r188196. rdar://problem/22192773 2015-08-09 Eric Carlson <eric.carlson@apple.com> [Mac] Always require ExternalDeviceAutoPlayCandidate flag to AirPlay automatically https://bugs.webkit.org/show_bug.cgi?id=147801 Reviewed by Dean Jackson. Test: http/tests/media/video-media-document-disposition-download.html * Modules/mediasession/WebMediaSessionManager.cpp: (WebCore::WebMediaSessionManager::configurePlaybackTargetClients): Don't tell the last element to begin playing to the target unless the ExternalDeviceAutoPlayCandidate flag is set and it is not currently playing. 2015-08-10 Dana Burkart <dburkart@apple.com> Merge r188190. rdar://problem/22191482 2015-08-08 Commit Queue <commit-queue@webkit.org> Unreviewed, rolling out r179871. https://bugs.webkit.org/show_bug.cgi?id=147810 Breaks product images on http://www.apple.com/shop/buy- mac/macbook (Requested by smfr on #webkit). Reverted changeset: "Render: properly update body's background image" https://bugs.webkit.org/show_bug.cgi?id=140183 http://trac.webkit.org/changeset/179871 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187962. rdar://problem/21827815 2015-08-05 Daniel Bates <dabates@apple.com> REGRESSION (r185111): Clicking phone numbers doesn't prompt to call sometimes https://bugs.webkit.org/show_bug.cgi?id=147678 <rdar://problem/21827815> Reviewed by Brady Eidson. Fixes an issue where a non-user-initiated navigation of the main frame to a phone link (tel URL) may be ignored. The navigation is ignored if the page was reloaded as a result of a web content process crash, its lifetime exceeded the back-forward cache expiration interval, or a person quits and opens Safari again, among other scenarios. * history/HistoryItem.cpp: (WebCore::HistoryItem::setShouldOpenExternalURLsPolicy): Added. (WebCore::HistoryItem::shouldOpenExternalURLsPolicy): Added. * history/HistoryItem.h: * loader/FrameLoader.cpp: (WebCore::FrameLoader::loadDifferentDocumentItem): Apply the "should open external URLs" policy from the history item, if applicable. Also, be more explicit when instantiating a NavigationAction so as to help make it straightforward to reduce the number of NavigationAction constructors we have in the future. * loader/HistoryController.cpp: (WebCore::HistoryController::saveDocumentState): Save the "should open external URLs" policy to the history item. (WebCore::HistoryController::restoreDocumentState): Apply the "should open external URLs" policy from the history item to the document loader. (WebCore::HistoryController::initializeItem): Update the "should open external URLs" policy of the history item to reflect the policy of the document loader associated with the current frame. 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187935. rdar://problem/22097682 2015-08-04 Doug Russell <d_russell@apple.com> AX: tree item children returned from ranged getter are different from full array of children https://bugs.webkit.org/show_bug.cgi?id=147660 Reviewed by Chris Fleizach. Add an isTreeItem() check in ranged element getter so that it matches the logic in the getter for the full children array. This prevents returning a row as a child when only the rows contents should be returned. This prevents navigation issues on websites without aria outlines. Test: accessibility/mac/aria-tree-item-children.html * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilityArrayAttributeValues:index:maxCount:]): 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187930. rdar://problem/21870332 2015-08-04 Brent Fulgham <bfulgham@apple.com> REGRESSION (r173784): [Mac] Correct latching error for non-scrollable iframe nested inside scrollable div. https://bugs.webkit.org/show_bug.cgi?id=147668 <rdar://problem/21870332> Reviewed by Simon Fraser. Test: platform/mac/fast/scrolling/scroll-div-with-nested-nonscrollable-iframe.html When we are wrapping up processing of the wheel event for a given frame, if the current latching context does NOT apply to the current frame (e.g., because it's latched to an enclosing frame) we should not pass wheel events directly to the latched elements scrollable container. Instead, we should just give the current frame an opportunity to perform any custom wheel event handling and return, so that the enclosing (latched) frame can do the rest of its event handling. If we don't do this, we incorrectly ask the enclosing frame to process the event, then return claiming that we handled the event, preventing the enclosing frame from doing its part of the processing. * page/mac/EventHandlerMac.mm: (WebCore::EventHandler::platformCompleteWheelEvent): 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187892. rdar://problem/21932187 2015-08-04 Eric Carlson <eric.carlson@apple.com> [Mac] Do not require a video track for AirPlay https://bugs.webkit.org/show_bug.cgi?id=147647 Reviewed by Jer Noble. * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.handleReadyStateChange): Call updateWirelessTargetAvailable(). (Controller.prototype.updateHasVideo): Don't call updateWirelessTargetAvailable(). (Controller.prototype.updateWirelessTargetAvailable): Don't require video. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::setReadyState): Call updateMediaState when we reach HAVE_METADATA. (WebCore::HTMLMediaElement::mediaState): Don't require video, only that the file can play. * html/MediaElementSession.cpp: (WebCore::MediaElementSession::showPlaybackTargetPicker): Check readyState instead of hasVideo. 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187886. rdar://problem/15779101 2015-08-04 Alexey Proskuryakov <ap@apple.com> Implement NPAPI redirect handling https://bugs.webkit.org/show_bug.cgi?id=138675 rdar://problem/15779101 Patch by Jeffrey Pfau, updated and tweaked by me. Reviewed by Anders Carlsson. Test: http/tests/plugins/get-url-redirect-notify.html * loader/NetscapePlugInStreamLoader.cpp: (WebCore::NetscapePlugInStreamLoader::init): (WebCore::NetscapePlugInStreamLoader::willSendRequest): (WebCore::NetscapePlugInStreamLoader::didReceiveResponse): * loader/NetscapePlugInStreamLoader.h: * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::init): (WebCore::ResourceLoader::isSubresourceLoader): (WebCore::ResourceLoader::willSendRequestInternal): (WebCore::ResourceLoader::willSendRequest): (WebCore::ResourceLoader::didSendData): * loader/ResourceLoader.h: * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::isSubresourceLoader): (WebCore::SubresourceLoader::willSendRequestInternal): (WebCore::SubresourceLoader::willSendRequest): Deleted. * loader/SubresourceLoader.h: * plugins/npapi.h: * plugins/npfunctions.h: 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187693. rdar://problem/22047626 2015-07-31 Myles C. Maxfield <mmaxfield@apple.com> [Cocoa] Latin quotes are used with the system font on Chinese devices https://bugs.webkit.org/show_bug.cgi?id=147504 Reviewed by Dean Jackson. The system font has some fancy logic regarding character selection which requires using Core Text for glyph selection. No new tests because tests can't change the system language of the device. * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::shouldUseCoreText): 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187622. rdar://problem/15779101 2015-07-30 Anders Carlsson <andersca@apple.com> Remove stray printf. * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::requestObject): 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187620. rdar://problem/15779101 2015-07-30 Anders Carlsson <andersca@apple.com> Assertion failure when a plug-in loads a resource that redirects somewhere https://bugs.webkit.org/show_bug.cgi?id=147469 Reviewed by Alexey Proskuryakov. Test: http/tests/plugins/get-url-redirect.html r186597 moved the call to addPlugInStreamLoader to willSendRequest. This is wrong since willSendRequest can be invoked more than once. Fix this by making the initialization phase of NetscapePlugInStreamLoader be more like SubresourceLoader where we only call addPlugInStreamLoader once we've successfully initialized the loader, and only call removePlugInStreamLoader if we've called addPlugInStreamLoader. Also change addPlugInStreamLoader and removePlugInStreamLoader to take references. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::addPlugInStreamLoader): (WebCore::DocumentLoader::removePlugInStreamLoader): * loader/DocumentLoader.h: * loader/NetscapePlugInStreamLoader.cpp: (WebCore::NetscapePlugInStreamLoader::create): (WebCore::NetscapePlugInStreamLoader::init): (WebCore::NetscapePlugInStreamLoader::didFinishLoading): (WebCore::NetscapePlugInStreamLoader::didFail): (WebCore::NetscapePlugInStreamLoader::didCancel): (WebCore::NetscapePlugInStreamLoader::notifyDone): * loader/NetscapePlugInStreamLoader.h: * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::willSendRequest): Deleted. * loader/ResourceLoader.h: (WebCore::ResourceLoader::isPlugInStreamLoader): Deleted. * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::requestObject): 2015-08-04 Matthew Hanson <matthew_hanson@apple.com> Merge r187805. rdar://problem/21838271 2015-08-03 Myles C. Maxfield <mmaxfield@apple.com> Clean up casts between NSFont*s and CTFontRefs https://bugs.webkit.org/show_bug.cgi?id=147618 Reviewed by Mitz Pettel. For toll free bridged types, it makes more sense to do a C-style cast, than jump through hoops for older compilers. No new tests because there is no behavior change. * platform/graphics/FontPlatformData.h: (WebCore::FontPlatformData::nsFont): (WebCore::FontPlatformData::hash): 2015-08-04 Matthew Hanson <matthew_hanson@apple.com> Merge r187807. rdar://problem/21838271 2015-08-03 Myles C. Maxfield <mmaxfield@apple.com> Fix crashing Mavericks test Unreviewed. * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::registeredFont): 2015-08-04 Matthew Hanson <matthew_hanson@apple.com> Merge r187776. rdar://problem/21925990 2015-08-03 Eric Carlson <eric.carlson@apple.com> [Mac] Always require user gesture to begin playing to AppleTV automatically https://bugs.webkit.org/show_bug.cgi?id=147591 Reviewed by Jer Noble. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::mediaState): Don't set the ExternalDeviceAutoPlayCandidate flag until the user has explicitly triggered playback. 2015-08-04 Matthew Hanson <matthew_hanson@apple.com> Merge r187806. rdar://problem/21838271 2015-08-03 Myles C. Maxfield <mmaxfield@apple.com> Unreviewed post-review feedback on r187797 The correct terminology is "registered" instead of "activated." No new tests because there is no behavior change. * platform/graphics/FontPlatformData.h: * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::registeredFont): (WebCore::FontPlatformData::activatedFont): Deleted. 2015-08-04 Matthew Hanson <matthew_hanson@apple.com> Merge r187797. rdar://problem/21838271 2015-08-03 Myles C. Maxfield <mmaxfield@apple.com> REGRESSION(r184899): Crash when focusing an input element styled with a web font https://bugs.webkit.org/show_bug.cgi?id=147616 <rdar://problem/21838271> Reviewed by Dean Jackson. NSFontManager can't handle web fonts. We used to pass null to NSFontManager in this case, but r184899 changed that. Test: fast/text/input-webfont-focus.html * platform/graphics/FontPlatformData.h: * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::activatedFont): 2015-08-04 Matthew Hanson <matthew_hanson@apple.com> Merge r187792. rdar://problem/22116575 2015-08-03 Tim Horton <timothy_horton@apple.com> REGRESSION (r186916): TextIndicators for multiline link previews are unreadable/offset/blank https://bugs.webkit.org/show_bug.cgi?id=147615 <rdar://problem/22116575> Reviewed by Dean Jackson. * page/mac/TextIndicatorWindow.mm: (-[WebTextIndicatorView initWithFrame:textIndicator:margin:offset:]): No need to offset by the difference between the text bounding rect and the selection bounding rect, because the snapshot is now (after r186916) taken of exactly the text bounding rect. 2015-08-03 Matthew Hanson <matthew_hanson@apple.com> Merge r187691. rdar://problem/22060183 2015-07-31 Chris Dumez <cdumez@apple.com> Coalesce authentication credential requests https://bugs.webkit.org/show_bug.cgi?id=128006 <rdar://problem/16839069> Reviewed by Alexey Proskuryakov. Export symbol for ProtectionSpace::compare() so it can be called from WebKit2. * platform/network/ProtectionSpaceBase.h: 2015-08-03 Matthew Hanson <matthew_hanson@apple.com> Merge r187685. rdar://problem/21775336 2015-07-31 Myles C. Maxfield <mmaxfield@apple.com> [SVG -> OTF Converter] Crash when converting Arabic fonts https://bugs.webkit.org/show_bug.cgi?id=147510 Reviewed by Anders Carlsson. SVGToOTFFontConverter::compareCodepointsLexicographically() wasn't transitive. Test: fast/text/arabic-duplicate-glyph-font.html * svg/SVGToOTFFontConversion.cpp: (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically): 2015-08-03 Matthew Hanson <matthew_hanson@apple.com> Merge r187545. rdar://problem/21893047 2015-07-29 Dean Jackson <dino@apple.com> Remove dispatch_apply_f and instead use vImage more directly https://bugs.webkit.org/show_bug.cgi?id=147391 <rdar://problem/21893047> Fix the iOS builds. * platform/graphics/cg/ImageBufferDataCG.cpp: (WebCore::unpremultiplyBufferData): (WebCore::premultiplyBufferData): 2015-08-03 Matthew Hanson <matthew_hanson@apple.com> Merge r187536. rdar://problem/21893047 2015-07-28 Simon Fraser <simon.fraser@apple.com> Fix debug builds. * platform/graphics/cg/ImageBufferDataCG.cpp: (WebCore::premultiplyBufferData): (WebCore::unpremultiplyBufferData): 2015-08-03 Matthew Hanson <matthew_hanson@apple.com> Merge r187534. rdar://problem/21893047 2015-07-28 Dean Jackson <dino@apple.com> Remove dispatch_apply_f and instead use vImage more directly https://bugs.webkit.org/show_bug.cgi?id=147391 <rdar://problem/21893047> Reviewed by Simon Fraser. Use vImage unmultiplication and premultiplication functions on the entire ImageBufferData object, rather than getting and setting data on an line by line using dispatch_apply. We were seeing some crashes in vImage with the smaller buffer sizes, and hopefully this will either fix the problem, or give us a better stack trace to diagnose. I also did a drive-by change of "dst" to "dest". It was inconsistent throughout the file. Convered by the tests in fast/canvas and imported/w3c/canvas * platform/graphics/cg/ImageBufferDataCG.cpp: Remove the ScanlineData structure. It is no longer needed. (WebCore::premultiplyBufferData): New function that calls vImagePremultiplyData_RGBA8888. (WebCore::unpremultiplyBufferData): New function that calls vImageUnpremultiplyData_RGBA8888. (WebCore::affineWarpBufferData): Extracting some common code into a function. (WebCore::ImageBufferData::getData): Use the two new functions as appropriate. Move some of the code around now that more is shared between the different #if branches. (WebCore::ImageBufferData::putData): (WebCore::convertScanline): Deleted. (WebCore::unpremultitplyScanline): Deleted. (WebCore::premultitplyScanline): Deleted. 2015-08-03 Matthew Hanson <matthew_hanson@apple.com> Merge r187740. rdar://problem/22098457 2015-08-03 Brady Eidson <beidson@apple.com> Crash when signing into twitter calling WebCore::DocumentLoader::responseReceived(WebCore::CachedResource*, WebCore::ResourceResponse const&). <rdar://problem/22098457> and https://bugs.webkit.org/show_bug.cgi?id=147560 Reviewed by Alexey Proskuryakov. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): Only grab identifierForLoadWithoutResourceLoader() if there's no ResourceLoader. 2015-08-03 Matthew Hanson <matthew_hanson@apple.com> Merge r187466. rdar://problem/21960398 2015-07-27 Brady Eidson <beidson@apple.com> Crash in WebCore::DocumentLoader::willSendRequest() with ContentFilter and AppCache. <rdar://problem/21960398> and https://bugs.webkit.org/show_bug.cgi?id=147339 Reviewed by Alexey Proskuryakov. No new tests (Not yet proven to be possible to test this). * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): Grab the identifier from the CachedResource directly, not from the null ResourceLoader. (WebCore::DocumentLoader::continueAfterNavigationPolicy): Null check the ResourceLoader, as it can definitely be gone by this point. * loader/cache/CachedResource.cpp: (WebCore::CachedResource::clearLoader): Save off the identifier for later use. * loader/cache/CachedResource.h: (WebCore::CachedResource::identifierForLoadWithoutResourceLoader): Expose the identifier that the ResourceLoader had when it went away. 2015-07-31 Matthew Hanson <matthew_hanson@apple.com> Merge r187675. rdar://problem/21632211 2015-07-31 Jer Noble <jer.noble@apple.com> CRASH at WebCore::TaskDispatcher<WebCore::ScriptExecutionContext>::postTask + 38 https://bugs.webkit.org/show_bug.cgi?id=147485 Rubber-stamped by Joseph Pecoraro. Follow-up test crash fix: call superclass's contextDestroyed() which allows the m_scriptExecutionContext variable to be cleared. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::contextDestroyed): 2015-08-01 Babak Shafiei <bshafiei@apple.com> Merge r187686. 2015-07-31 Tim Horton <timothy_horton@apple.com> [iOS] DOMNode preview snapshot rects are wrong for user-select: none links https://bugs.webkit.org/show_bug.cgi?id=147513 <rdar://problem/22083354> Reviewed by Simon Fraser. * bindings/objc/DOM.mm: (-[DOMNode getPreviewSnapshotImage:andRects:]): Use the same code as WebKit2 to compute the fallback rect (if TextIndicator fails), asking the RenderObject (or RenderImage) for its bounding box instead of using the (often wrong) Range bounding rect. Make sure to use the fallback rect *any* time TextIndicator fails (before we would return no rects at all if TextIndicator::createWithRange returned null, and the fallback rect if it returned with an empty image). Inverse-page-scale the margin, to match the appearance in WebKit2. 2015-08-01 Babak Shafiei <bshafiei@apple.com> Merge r187687. 2015-07-31 Andreas Kling <akling@apple.com> Crashes under HTMLMediaElement::updateActiveTextTrackCues() when destroying CachedPage. <https://webkit.org/b/147506> <rdar://problem/21939014> Reviewed by Chris Dumez. Don't mess with the media element's text tracks below its ActiveDOMObject::stop() implementation, since that may cause DOM mutations. I don't have a repro or a test for this, but plenty of crash logs to indicate that we're getting ourselves into trouble by modifying the DOM during CachedPage teardown. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::configureTextTrackDisplay): 2015-07-31 Babak Shafiei <bshafiei@apple.com> Roll out r187466. 2015-07-31 Babak Shafiei <bshafiei@apple.com> Merge r187694. 2015-07-31 Eric Carlson <eric.carlson@apple.com> [iOS] use a media-specific user gesture check https://bugs.webkit.org/show_bug.cgi?id=147509 Reviewed by Tim Horton. Change an enum name added in r187688. * dom/UserGestureIndicator.cpp: (WebCore::isDefinite): DefinitelyProcessingMediaUserGesture -> DefinitelyProcessingPotentialUserGesture (WebCore::UserGestureIndicator::processingUserGestureForMedia): Ditto. * dom/UserGestureIndicator.h: Ditto. 2015-07-31 Babak Shafiei <bshafiei@apple.com> Merge r187688. 2015-07-31 Eric Carlson <eric.carlson@apple.com> [iOS] use a media-specific user gesture check https://bugs.webkit.org/show_bug.cgi?id=147509 Reviewed by Jer Noble. * bindings/js/ScriptController.cpp: (WebCore::ScriptController::processingUserGestureForMedia): New. * bindings/js/ScriptController.h: * dom/UserGestureIndicator.cpp: (WebCore::isDefinite): Allow DefinitelyProcessingMediaUserGesture. (WebCore::UserGestureIndicator::processingUserGestureForMedia): New. * dom/UserGestureIndicator.h: * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::load): Use ScriptController::processingUserGestureForMedia instead of ScriptController::processingUserGesture (WebCore::HTMLMediaElement::play): Ditto. 2015-07-31 Babak Shafiei <bshafiei@apple.com> Merge r187684. 2015-07-31 Jeremy Jones <jeremyj@apple.com> Rename AVPlayerLayerView to _AVPlayerLayerView. https://bugs.webkit.org/show_bug.cgi?id=147399 Reviewed by Eric Carlson. Change class name AVPlayerLayerView to match change in AVKit SPI. This prevents conflicts with 3rd party apps. * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: (WebAVPlayerLayerView_dealloc): (getWebAVPlayerLayerViewClass): * platform/spi/cocoa/AVKitSPI.h: 2015-07-31 Babak Shafiei <bshafiei@apple.com> Merge r187675. 2015-07-31 Jer Noble <jer.noble@apple.com> CRASH at WebCore::TaskDispatcher<WebCore::ScriptExecutionContext>::postTask + 38 https://bugs.webkit.org/show_bug.cgi?id=147485 Rubber-stamped by Joseph Pecoraro. Follow-up test crash fix: call superclass's contextDestroyed() which allows the m_scriptExecutionContext variable to be cleared. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::contextDestroyed): 2015-07-31 Matthew Hanson <matthew_hanson@apple.com> Merge r187655. rdar://problem/21632211 2015-07-31 Jer Noble <jer.noble@apple.com> CRASH at WebCore::TaskDispatcher<WebCore::ScriptExecutionContext>::postTask + 38 https://bugs.webkit.org/show_bug.cgi?id=147485 Reviewed by Eric Carlson. CrashLogs indicate a use-after-free of the ScriptExecutionContext (i.e., Document) used by the GenericTaskQueue objects owned by HTMLMediaElement. When the ScriptExecutionContext notifies its ActiveDOMObjects that it is about to be destroyed, close() the GenericTaskQueues so that they can no longer accept new tasks. Previously, enqueueing a task on a closed GenericTaskQueue ASSERTed in debug builds, but silently succeeded in release builds. Calling enqueueTask() on a closed GenericTaskQueue is now a no-op. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::contextDestroyed): * html/HTMLMediaElement.h: * platform/GenericTaskQueue.h: (WebCore::GenericTaskQueue::enqueueTask): 2015-07-31 Matthew Hanson <matthew_hanson@apple.com> Merge r187630. rdar://problem/18835799 2015-07-30 Andreas Kling <akling@apple.com> [CF] Web process continually eating memory on simple, shared Google Docs spreadsheet. <https://webkit.org/b/147403> <rdar://problem/18835799> Reviewed by Geoffrey Garen. Make sure we service the CFRunLoop on worker threads, since ports using CoreFoundation will be scheduling garbage collections and heap sweeps using CFRunLoop timers. This fix is a stopgap. Long term we need a better design for integrating GC tasks with with the web worker run loop. * workers/WorkerRunLoop.cpp: (WebCore::WorkerRunLoop::runInMode): Instead of sleeping forever, calculate a better wakeup deadline by asking the CFRunLoop when its next timer will fire. Then, when a timeout occurs, call CFRunLoopRunInMode (with seconds=0) to service pending timers. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187557 2015-07-29 Brady Eidson <beidson@apple.com> Crash in WebCore::DocumentLoader::stopLoadingForPolicyChange. <rdar://problem/21412186> and https://bugs.webkit.org/show_bug.cgi?id=147418 Reviewed by Chris Dumez. No new tests (No known reproducibility) * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::responseReceived): When setting to m_waitingForContentPolicy true, make sure we have a FrameLoader. (WebCore::DocumentLoader::detachFromFrame): Always explicitly call cancelPolicyCheckIfNeeded(). (WebCore::DocumentLoader::cancelPolicyCheckIfNeeded): Cancel the policy check if there is one. (WebCore::DocumentLoader::cancelMainResourceLoad): Use cancelPolicyCheckIfNeeded(). * loader/DocumentLoader.h: 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187556 2015-07-29 Brady Eidson <beidson@apple.com> Crash calling webSocket.close() from onError handler for blocked web socket. <rdar://problem/21771620> and https://bugs.webkit.org/show_bug.cgi?id=147411 Reviewed by Tim Horton. Tests: http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe.html http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame.html This was introduced with http://trac.webkit.org/changeset/185848 * Modules/websockets/WebSocket.cpp: (WebCore::WebSocket::connect): When blocked because of mixedContent, call dispatchOrQueueErrorEvent(). (WebCore::WebSocket::didReceiveMessageError): Use dispatchOrQueueErrorEvent() instead. (WebCore::WebSocket::dispatchOrQueueErrorEvent): Dispatch the error event, but don't dispatch one twice! * Modules/websockets/WebSocket.h: * Modules/websockets/WebSocketChannel.cpp: (WebCore::WebSocketChannel::fail): Null-check m_handshake before creating a console message from it. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187535 2015-07-28 Simon Fraser <simon.fraser@apple.com> Animations sometimes fail to start https://bugs.webkit.org/show_bug.cgi?id=147394 rdar://problem/21852603 Reviewed by Dean Jackson. When an accelerated animation or transition was started at the same time as a non-accelerated one, and then the node for the former was removed, we could never kick off the non-accelerated animation. AnimationControllerPrivate has logic to synchronize the two types of animation when they start in the same animation update, which involves setting the m_waitingForAsyncStartNotification flag, and waiting for a notifyAnimationStarted() to come in from the graphics system. However, it failed to handle the case where the accelerated animation was removed before the callback was received, which left the m_waitingForAsyncStartNotification flag set to true, preventing the non-accelerated animation from running. Test: animations/remove-syncing-animation.html * page/animation/AnimationBase.h: (WebCore::AnimationBase::isAccelerated): Make this public. * page/animation/AnimationController.cpp: (WebCore::AnimationControllerPrivate::clear): Add logging. (WebCore::AnimationControllerPrivate::receivedStartTimeResponse): Add logging. (WebCore::AnimationControllerPrivate::animationWillBeRemoved): Add logging. After removing animations from the maps, check to see if we expect any of the remaining animations are waiting for a notifyAnimationStarted(). If not, clear the m_waitingForAsyncStartNotification flag. (WebCore::AnimationController::notifyAnimationStarted): Log the renderer. (WebCore::AnimationControllerPrivate::AnimationControllerPrivate): Remove unneeded initializations of HashMaps. * page/animation/CompositeAnimation.cpp: (WebCore::CompositeAnimation::updateTransitions): Log renderers. (WebCore::CompositeAnimation::updateKeyframeAnimations): Ditto. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187525 2015-07-28 Myles C. Maxfield <mmaxfield@apple.com> [iOS] Crash when encountering characters whose natural font is one we can't look up https://bugs.webkit.org/show_bug.cgi?id=147377 <rdar://problem/22022011> Reviewed by Simon Fraser. These characters hit the complex text code path, where CoreText picks fonts to use for each character. We then try to map these CoreText fonts back to our own Font objects, and we assume (on iOS) that our own font search will always return something. On OS X, we do not have such an assumption, and we handle the case where it does not hold. This method works on iOS as well, so the solution is to just perform it on both OSes. Test: fast/text/crash-complex-unknown-font.html * platform/graphics/mac/ComplexTextControllerCoreText.mm: (WebCore::ComplexTextController::collectComplexTextRunsForCharacters): 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187522 2015-07-28 Said Abou-Hallawa <sabouhallawa@apple.com> [iOS] REGRESSION(r168075): Fullscreen web video doesn't pause on screen lock https://bugs.webkit.org/show_bug.cgi?id=147269 Reviewed by Andreas Kling. Media elements should pause when the application is going to EnterBackground under lock regardless whether it is in full screen or not. * platform/audio/PlatformMediaSession.h: * platform/audio/PlatformMediaSession.cpp: (WebCore::PlatformMediaSession::doInterruption): This code was moved from beginInterruption(). (WebCore::PlatformMediaSession::shouldDoInterruption): Move the condition which allows the media session interruption to a separate function. (WebCore::PlatformMediaSession::beginInterruption): Call the functions shouldDoInterruption() and doInterruption(). (WebCore::PlatformMediaSession::forceInterruption): This function will be called from PlatformMediaSessionManager::applicationDidEnterBackground() to override the decision which is made by PlatformMediaSession::beginInterruption() if the application isSuspendedUnderLock. * platform/audio/PlatformMediaSessionManager.h: * platform/audio/PlatformMediaSessionManager.cpp: (WebCore::PlatformMediaSessionManager::applicationDidEnterBackground): [UIApp isSuspendedUnderLock] is only valid when it is called when the UIApplicationDidEnterBackgroundNotification is received. We need to force interrupting the media sessions if the application isSuspendedUnderLock and UIApplicationWillResignActiveNotification was ignored because of PiP. * platform/audio/ios/MediaSessionManagerIOS.h: * platform/audio/ios/MediaSessionManagerIOS.mm: (-[WebMediaSessionHelper initWithCallback:]): (-[WebMediaSessionHelper applicationDidEnterBackground:]): Listen to UIApplicationDidEnterBackgroundNotification and make a call on the web thread to PlatformMediaSessionManager::applicationDidEnterBackground() and pass the isSuspendedUnderLock flag which is queried on the UIProcess. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187521 2015-07-28 Tim Horton <timothy_horton@apple.com> [iOS] Creating a TextIndicator causes the view to scroll to the current selection https://bugs.webkit.org/show_bug.cgi?id=147379 <rdar://problem/22038421> Reviewed by Beth Dakin. * editing/Editor.cpp: (WebCore::Editor::setIgnoreCompositionSelectionChange): * editing/Editor.h: Add a flag so that setIgnoreCompositionSelectionChange(false) can still not force-reveal the current selection. This is useful for e.g. TextIndicator, who saves the selection, changes it, and then restores it, but doesn't want to scroll to the saved/restored selection. * page/TextIndicator.cpp: (WebCore::TextIndicator::createWithRange): Make use of the above flag. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187516 2015-07-28 Eric Carlson <eric.carlson@apple.com> [iOS] Set AirPlay discovery mode to disabled when page is hidden https://bugs.webkit.org/show_bug.cgi?id=147369 Reviewed by Jer Noble. * html/MediaElementSession.cpp: (WebCore::MediaElementSession::requiresPlaybackTargetRouteMonitoring): Return false when the client is not visible. * html/MediaElementSession.h: * platform/audio/PlatformMediaSession.cpp: (WebCore::PlatformMediaSession::clientDataBufferingTimerFired): Call configureWireLessTargetMonitoring. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187491 2015-07-28 Jer Noble <jer.noble@apple.com> [iOS] Notify fullscreen controller in UIProcess whether external playback is allowed https://bugs.webkit.org/show_bug.cgi?id=147343 Reviewed by Brady Eidson. Pass the value of the MediaElementSession's wirelessVideoPlaybackDisabled() property up through WebKit2 to WebVideoFullscreenControllerAVKit. * platform/ios/WebVideoFullscreenControllerAVKit.mm: (WebVideoFullscreenControllerContext::setWirelessVideoPlaybackDisabled): Pass to the interface on the main thread. * platform/ios/WebVideoFullscreenInterface.h: * platform/ios/WebVideoFullscreenInterfaceAVKit.h: * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: (WebVideoFullscreenInterfaceAVKit::setWirelessVideoPlaybackDisabled): Sets .allowsExternalPlayback to !disabled. (WebVideoFullscreenInterfaceAVKit::wirelessVideoPlaybackDisabled): Returns the last value set. * platform/ios/WebVideoFullscreenModelVideoElement.mm: (WebVideoFullscreenModelVideoElement::setWebVideoFullscreenInterface): Update the value of wirelessVideoPlaybackDisabled if the element is present. (WebVideoFullscreenModelVideoElement::setVideoElement): Ditto if the interface is present. (WebVideoFullscreenModelVideoElement::updateForEventName): Update the value either way. 2015-07-28 Brady Eidson <beidson@apple.com> Handle null CFArrayRef returning from _CFHTTPParsedCookiesWithResponseHeaderFields. <rdar://problem/21995928> and https://bugs.webkit.org/show_bug.cgi?id=147365 Reviewed by Alexey Proskuryakov. * platform/network/cf/CookieJarCFNet.cpp: (WebCore::filterCookies): ASSERT the input is not null. (WebCore::createCookies): Always return a CFArrayRef, even if it's empty. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187489 2015-07-28 Chris Dumez <cdumez@apple.com> Allow lax MIME type parsing for same-origin CSS in quirks mode. https://bugs.webkit.org/show_bug.cgi?id=147327 <rdar://problem/22010303> Reviewed by Zalan Bujtas. The change made in r180020 is too strict for the web, and doesn't match Firefox Chrome, or IE's behavior. In particular, it does not respect the same-origin carveout that the HTML spec specifies: https://html.spec.whatwg.org/multipage/semantics.html#link-type-stylesheet This patch corrects that oversight and aligns our behavior with other popular browsers. This change was adapted from Blink r196678: https://src.chromium.org/viewvc/blink?revision=196678&view=revision Tests: http/tests/security/cross-origin-css-in-quirks-1.html http/tests/security/cross-origin-css-in-quirks-2.html http/tests/security/cross-origin-css-in-quirks-3.html http/tests/security/cross-origin-css-in-quirks-4.html http/tests/security/cross-origin-css-in-quirks-5.html http/tests/security/cross-origin-css-in-quirks-6.html http/tests/security/cross-origin-css-in-quirks-7.html http/tests/security/cross-origin-css-in-quirks-8.html http/tests/security/same-origin-css-1.html http/tests/security/same-origin-css-2.html http/tests/security/same-origin-css-3.html http/tests/security/same-origin-css-4.html http/tests/security/same-origin-css-5.html http/tests/security/same-origin-css-6.html http/tests/security/same-origin-css-7.html http/tests/security/same-origin-css-8.html http/tests/security/same-origin-css-in-quirks.html * css/StyleRuleImport.cpp: (WebCore::StyleRuleImport::setCSSStyleSheet): * css/StyleSheetContents.cpp: (WebCore::StyleSheetContents::parseAuthorStyleSheet): * css/StyleSheetContents.h: * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::setCSSStyleSheet): * loader/cache/CachedCSSStyleSheet.cpp: (WebCore::CachedCSSStyleSheet::sheetText): (WebCore::CachedCSSStyleSheet::canUseSheet): (WebCore::CachedCSSStyleSheet::checkNotify): Deleted. * loader/cache/CachedCSSStyleSheet.h: 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187466 2015-07-27 Brady Eidson <beidson@apple.com> Crash in WebCore::DocumentLoader::willSendRequest() with ContentFilter and AppCache. <rdar://problem/21960398> and https://bugs.webkit.org/show_bug.cgi?id=147339 Reviewed by Alexey Proskuryakov. No new tests (Not yet proven to be possible to test this). * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): Grab the identifier from the CachedResource directly, not from the null ResourceLoader. (WebCore::DocumentLoader::continueAfterNavigationPolicy): Null check the ResourceLoader, as it can definitely be gone by this point. * loader/cache/CachedResource.cpp: (WebCore::CachedResource::clearLoader): Save off the identifier for later use. * loader/cache/CachedResource.h: (WebCore::CachedResource::identifierForLoadWithoutResourceLoader): Expose the identifier that the ResourceLoader had when it went away. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187448 2015-07-27 Anders Carlsson <andersca@apple.com> WKWebsiteDataStore remove methods don't properly delete cookies https://bugs.webkit.org/show_bug.cgi?id=147333 rdar://problem/21948230 Reviewed by Tim Horton. If there are multiple cookies for a single domain, make sure to delete all of them and not just the first one we find. Fix this by keeping a mapping from domain to a list of cookies. * platform/network/mac/CookieJarMac.mm: (WebCore::deleteCookiesForHostnames): 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187379 2015-07-24 Dan Bernstein <mitz@apple.com> Tried to fix the iOS 9 build after r187375. * platform/network/mac/CookieJarMac.mm: 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187375 2015-07-24 Anders Carlsson <andersca@apple.com> WKWebsiteDataStore remove methods don't properly delete cookies https://bugs.webkit.org/show_bug.cgi?id=147282 rdar://problem/21948230 Reviewed by Sam Weinig. Rename deleteCookiesForHostname to deleteCookiesForHostnames and make it take a vector of hostnames instead. Also, fix the Mac implementation to not be O(n2) by putting all cookies in a dictionary keyed on the domain. Also make sure to call _saveStorage after deleting cookies. Finally, get rid of deleteCookiesForHostname from CookieJarCFNet.cpp and use the Mac implementation on iOS as well. Just stub out deleteCookiesForHostnames on Windows since nobody is calling it. * platform/network/PlatformCookieJar.h: * platform/network/cf/CookieJarCFNet.cpp: (WebCore::deleteCookiesForHostnames): (WebCore::deleteCookiesForHostname): Deleted. * platform/network/mac/CookieJarMac.mm: (WebCore::deleteCookiesForHostnames): (WebCore::deleteAllCookiesModifiedSince): (WebCore::deleteCookiesForHostname): Deleted. * platform/network/soup/CookieJarSoup.cpp: (WebCore::deleteCookiesForHostnames): (WebCore::deleteCookiesForHostname): Deleted. * platform/spi/cf/CFNetworkSPI.h: 2015-07-30 Matthew Hanson <matthew_hanson@apple.com> Merge r187490. rdar://problem/21995928 2015-07-28 Brady Eidson <beidson@apple.com> Handle null CFArrayRef returning from _CFHTTPParsedCookiesWithResponseHeaderFields. <rdar://problem/21995928> and https://bugs.webkit.org/show_bug.cgi?id=147365 Reviewed by Alexey Proskuryakov. * platform/network/cf/CookieJarCFNet.cpp: (WebCore::filterCookies): ASSERT the input is not null. (WebCore::createCookies): Always return a CFArrayRef, even if it's empty. 2015-07-30 Matthew Hanson <matthew_hanson@apple.com> Merge r187278. rdar://problem/19908029 2015-07-23 Nan Wang <n_wang@apple.com> AX: AccessibilityNodeObject::childrenChanged() generates too many AXLiveRegionChanged notifications https://bugs.webkit.org/show_bug.cgi?id=147211 <rdar://problem/19908029> Reviewed by Chris Fleizach. AccessibilityNodeObject::childrenChanged() can be called repeatedly, generating a live region change notification each time. Sometimes, so many happen that VoiceOver hangs. We can use a timer to make sure that we coalesce these notifications. Test: platform/mac/accessibility/aria-multiple-liveregions-notification.html * accessibility/AXObjectCache.cpp: (WebCore::AXComputedObjectAttributeCache::getIgnored): (WebCore::AXObjectCache::AXObjectCache): (WebCore::AXObjectCache::~AXObjectCache): (WebCore::AXObjectCache::frameLoadingEventNotification): (WebCore::AXObjectCache::postLiveRegionChangeNotification): (WebCore::AXObjectCache::liveRegionChangedNotificationPostTimerFired): (WebCore::AXObjectCache::handleScrollbarUpdate): * accessibility/AXObjectCache.h: * accessibility/AccessibilityNodeObject.cpp: (WebCore::AccessibilityNodeObject::childrenChanged): 2015-07-30 Matthew Hanson <matthew_hanson@apple.com> Merge r187504. rdar://problem/21915355 2015-07-28 Said Abou-Hallawa <sabouhallawa@apple.com> Crash happens when calling removeEventListener for an SVG element which has an instance inside a <defs> element of shadow tree https://bugs.webkit.org/show_bug.cgi?id=147290 Reviewed by Daniel Bates. When the shadow tree is built for a <use> element, all the SVG elements are allowed to be cloned in the shadow tree but later some of the elements are disallowed and removed. Make sure, when disallowing an element in the shadow tree, to reset the correspondingElement relationship between all the disallowed descendant SVG elements and all their original elements. Test: svg/custom/remove-event-listener-shadow-disallowed-element.svg *svg/SVGElement.cpp: (WebCore::SVGElement::setCorrespondingElement) * svg/SVGUseElement.cpp: (WebCore::removeDisallowedElementsFromSubtree): 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187352. 2015-07-24 Devin Rousso <drousso@apple.com> Web Inspector: Editing non-inspector-stylesheet rule selectors fails after the first change https://bugs.webkit.org/show_bug.cgi?id=147229 Reviewed by Timothy Hatcher. Test: inspector/css/modify-rule-selector.html * inspector/InspectorStyleSheet.cpp: (WebCore::InspectorStyleSheet::setRuleSelector): Now checks to see if the stylesheet is not mutated before making the change to the rule's selector, and if so mark it as not mutated to allow future edits. 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187393. 2015-07-25 Tim Horton <timothy_horton@apple.com> Expose TextIndicator-backed snapshot and rect gathering on DOMNode https://bugs.webkit.org/show_bug.cgi?id=147298 <rdar://problem/21905839> Reviewed by Sam Weinig. * bindings/objc/DOM.mm: (-[DOMNode getPreviewSnapshotImage:andRects:]): No need to multiply by device scale here. 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187392. 2015-07-25 Tim Horton <timothy_horton@apple.com> Expose TextIndicator-backed snapshot and rect gathering on DOMNode https://bugs.webkit.org/show_bug.cgi?id=147298 <rdar://problem/21905839> * bindings/objc/DOM.mm: (-[DOMNode getPreviewSnapshotImage:andRects:]): * bindings/objc/DOMExtensions.h: * bindings/objc/DOMPrivate.h: Move this to a private header. 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187391. 2015-07-25 Tim Horton <timothy_horton@apple.com> Expose TextIndicator-backed snapshot and rect gathering on DOMNode https://bugs.webkit.org/show_bug.cgi?id=147298 <rdar://problem/21905839> Reviewed by Sam Weinig. * bindings/objc/DOM.mm: (-[DOMNode getPreviewSnapshotImage:andRects:]): * bindings/objc/DOMExtensions.h: 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187386. 2015-07-25 Chris Fleizach <cfleizach@apple.com> AX: iOS: Video "start playback" playback controls not accessible https://bugs.webkit.org/show_bug.cgi?id=147285 Reviewed by Jer Noble. The start playback control also needs the right label. * Modules/mediacontrols/mediaControlsiOS.js: (ControllerIOS.prototype.createBase): 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187371. 2015-07-24 Chris Fleizach <cfleizach@apple.com> AX: scrollable elements do not allow 3-finger swipe https://bugs.webkit.org/show_bug.cgi?id=141893 Reviewed by Mario Sanchez Prada. To allow iOS Accessibility to perform by-page scrolling in overflow areas, we move that scrolling code into AccessibilityObject and then iterate all the possible ScrollableAreas, rather than just finding the parents that are ScrollViews. Test: platform/ios-simulator/accessibility/scroll-in-overflow-div.html * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::scrollAreaAndAncestor): (WebCore::AccessibilityObject::scrollPosition): (WebCore::AccessibilityObject::scrollVisibleContentRect): (WebCore::AccessibilityObject::scrollContentsSize): (WebCore::AccessibilityObject::scrollByPage): * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper accessibilityScroll:]): (-[WebAccessibilityObjectWrapper convertPointToScreenSpace:]): (-[WebAccessibilityObjectWrapper _accessibilityScrollPosition]): (-[WebAccessibilityObjectWrapper _accessibilityScrollSize]): (-[WebAccessibilityObjectWrapper _accessibilityScrollVisibleRect]): (-[WebAccessibilityObjectWrapper accessibilityElementDidBecomeFocused]): 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187367. 2015-07-24 Alexey Proskuryakov <ap@apple.com> [Cocoa] Clean up server trust handling in ResourceHandle. https://bugs.webkit.org/show_bug.cgi?id=147277 rdar://problem/21394410 Reviewed by Brady Eidson. * platform/network/ProtectionSpaceBase.h: (WebCore::ProtectionSpaceBase::isPasswordBased): * platform/network/ProtectionSpaceBase.cpp: (WebCore::ProtectionSpaceBase::isPasswordBased): Added. This is somewhat weak, as authentication schemes could change, but I couldn't find any better way. * platform/network/ResourceHandle.h: * platform/network/cf/ResourceHandleCFNet.cpp: (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): (WebCore::ResourceHandle::tryHandlePasswordBasedAuthentication): * platform/network/mac/ResourceHandleMac.mm: (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): (WebCore::ResourceHandle::tryHandlePasswordBasedAuthentication): Factored out password handling, and made sure to not try that for server trust. 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187366. 2015-07-24 Zalan Bujtas <zalan@apple.com> [iOS]: Inline video controls are blurry on scaled-down pages on non-retina devices. https://bugs.webkit.org/show_bug.cgi?id=147272 rdar://problem/21429111 Reviewed by Simon Fraser. Blurry inline video controls are the result of transform scaling up the content when the page is zoomed out (page scale > 1). This patch addresses the blurriness by switching to css zoom when the content is being scaled up. While transform scale is a paint time operation, css zoom triggers layout and the content is getting painted on a non-scaled graphics context. * Modules/mediacontrols/mediaControlsiOS.css: (audio::-webkit-media-controls-timeline-container): * Modules/mediacontrols/mediaControlsiOS.js: (ControllerIOS.prototype.set pageScaleFactor): 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187358. 2015-07-24 Alexey Proskuryakov <ap@apple.com> Remove WEBCORE_EXPORT from Page::allowsMediaDocumentInlinePlayback() https://bugs.webkit.org/show_bug.cgi?id=147260 Reviewed by Daniel Bates. * page/Page.h: (WebCore::Page::allowsMediaDocumentInlinePlayback): 2015-07-26 Babak Shafiei <bshafiei@apple.com> Merge r187244. 2015-07-23 Myles C. Maxfield <mmaxfield@apple.com> REGRESSION(r182236): Justified Arabic text does not expand https://bugs.webkit.org/show_bug.cgi?id=147217 Reviewed by Simon Fraser. When I was writing r182236, I got confused between the levels of the string hierarchy in ComplexTextController. I've added a comment in the header which should make it easier to get it right. Test: fast/text/international/arabic-justify.html * platform/graphics/mac/ComplexTextController.cpp: (WebCore::ComplexTextController::adjustGlyphsAndAdvances): * platform/graphics/mac/ComplexTextController.h: 2015-07-24 Jer Noble <jer.noble@apple.com> Merge r187251, r187252, r187262, r187263, r187272, r187289. rdar://problem/20689512 2015-07-21 Jer Noble <jer.noble@apple.com> Notify the UI delegate when a MediaDocument's natural size changes https://bugs.webkit.org/show_bug.cgi?id=147182 Reviewed by Simon Fraser. Notify the MediaDocument that it's underlying media element has changed its natural size, either when the media engine notifies us that the size changed, or when the ready state progresses to HAVE_METADATA. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::setReadyState): Notify the media document. (WebCore::HTMLMediaElement::mediaPlayerSizeChanged): Ditto. * html/MediaDocument.cpp: (WebCore::MediaDocument::mediaElementNaturalSizeChanged): Pass to the chrome client. * html/MediaDocument.h: * page/ChromeClient.h: 2015-07-23 Jer Noble <jer.noble@apple.com> Relax media playback restrictions if the allowsMediaDocumentInlinePlayback property is set. https://bugs.webkit.org/show_bug.cgi?id=147234 Reviewed by Darin Adler. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::prepareForLoad): Moved restriction check into MediaElementSession. * html/MediaElementSession.cpp: (WebCore::MediaElementSession::playbackPermitted): Check if is a top-level media document and if allowsMediaDocumentInilnePlayback is set, and return early. (WebCore::MediaElementSession::effectivePreloadForElement): Ditto. (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading): Ditto. * html/MediaElementSession.h: 2015-07-21 Jer Noble <jer.noble@apple.com> [iOS] Add an explicit API to allow media documents to (temporarily) play inline https://bugs.webkit.org/show_bug.cgi?id=147181 Reviewed by Beth Dakin. Add listeners for the new allowsMediaDocumentInlinePlayback API. When this value becomes NO, force any playing MediaDocuments to enter fullscreen mode. * dom/Document.cpp: (WebCore::Document::registerForAllowsMediaDocumentInlinePlaybackChangedCallbacks): Added registration method. (WebCore::Document::unregisterForAllowsMediaDocumentInlinePlaybackChangedCallbacks): Added deregistration method. (WebCore::Document::allowsMediaDocumentInlinePlaybackChanged): Notify all listeners. * dom/Document.h: * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::registerWithDocument): Listen for allowsMediaDocumentInlinePlayback changes. (WebCore::HTMLMediaElement::unregisterWithDocument): Stop listening to same. (WebCore::HTMLMediaElement::allowsMediaDocumentInlinePlaybackChanged): Enter fullscreen mode if the value changes to false during playback. * html/HTMLMediaElement.h: * html/MediaElementSession.cpp: (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback): Early true if the override value is set. * page/Page.cpp: (WebCore::Page::setAllowsMediaDocumentInlinePlayback): Notify all documents of the changed value. * page/Page.h: (WebCore::Page::allowsMediaDocumentInlinePlayback): Simple getter. 2015-07-24 Lucas Forschler <lforschler@apple.com> Merge r187149 2015-07-21 Benjamin Poulain <bpoulain@apple.com> [CSS Selectors Level 4] Add #ifdefs to the new '>>' descendant combinator https://bugs.webkit.org/show_bug.cgi?id=147184 Reviewed by Anders Carlsson. Now that '>>>' is dead, the combinator '>>' is at risk. This patch #ifdef all that code with the other experimental features from Level 4. * css/CSSGrammar.y.in: * css/CSSParserValues.cpp: (WebCore::CSSParserSelector::appendTagHistory): * css/CSSParserValues.h: * css/CSSSelector.cpp: (WebCore::CSSSelector::CSSSelector): (WebCore::CSSSelector::selectorText): * css/CSSSelector.h: (WebCore::CSSSelector::CSSSelector): 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187036. rdar://problem/21901881 2015-07-20 Jeremy Jones <jeremyj@apple.com> Allow video to rotate when app doesnt allow rotation. https://bugs.webkit.org/show_bug.cgi?id=147121 Reviewed by Jer Noble. Set an SPI bool on the fullscreen video root view controller to allow it to override app rotation restrictions. This allows video to be played in landscape in portrait only apps. * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: (WebVideoFullscreenInterfaceAVKit::setupFullscreen): 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187274. rdar://problem/21905756 2015-07-23 Timothy Horton <timothy_horton@apple.com> [iOS] Frame snapshots don't factor in page scale https://bugs.webkit.org/show_bug.cgi?id=147239 <rdar://problem/21905756> Reviewed by Simon Fraser. * page/FrameSnapshotting.cpp: (WebCore::snapshotFrameRect): Apply page scale when determining the backing store size and setting up the context. * page/TextIndicator.cpp: (WebCore::TextIndicator::createWithSelectionInFrame): Don't assume snapshotFrameRect gave us an image with scale=deviceScale, because it will factor in the pageScale too. * platform/graphics/ImageBuffer.h: (WebCore::ImageBuffer::resolutionScale): Expose resolutionScale. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::addToOverlapMap): This has been true for a long time. 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187271. rdar://problem/21929247 2015-07-22 Simon Fraser <simon.fraser@apple.com> Layer z-ordering is incorrect when scrolling on page witih position:fixed https://bugs.webkit.org/show_bug.cgi?id=147220 rdar://problem/15849697&21929247 Reviewed by Dean Jackson. Overlap testing for compositing uses the currently laid out position of fixed elements, without taking into account the fact that async scrolling can move them around, and possibly under other non-composited elements. This manifested as position:fixed elements moving over other elements on some pages when scrolling, when they should have moved behind. Fix by expanding the overlap map entry for position:fixed elements to create an rect for the area they cover at all scroll locations, taking min and max scroll offsets into account. Also add a couple more LOG(Compositing) statements. Tests: compositing/layer-creation/fixed-overlap-extent-rtl.html compositing/layer-creation/fixed-overlap-extent.html * rendering/RenderLayerCompositor.cpp: (WebCore::fixedPositionOffset): (WebCore::RenderLayerCompositor::computeExtent): (WebCore::RenderLayerCompositor::needsFixedRootBackgroundLayer): (WebCore::RenderLayerCompositor::rootBackgroundTransparencyChanged): 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187219. rdar://problem/21032083 2015-07-23 Timothy Horton <timothy_horton@apple.com> Try to fix the build * platform/spi/cocoa/QuartzCoreSPI.h: 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187216. rdar://problem/21032083 2015-07-22 Tim Horton <timothy_horton@apple.com> Try to fix the build * platform/spi/cocoa/QuartzCoreSPI.h: 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187215. rdar://problem/21032083 2015-07-22 James Savage <james.savage@apple.com> Use updated CoreAnimation snapshot SPI. https://bugs.webkit.org/show_bug.cgi?id=147197 <rdar://problem/21032083> Reviewed by Tim Horton. Patch by James Savage. * platform/spi/cocoa/QuartzCoreSPI.h: 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187203. rdar://problem/21012688 2015-07-22 Dean Jackson <dino@apple.com> Video controls, though hidden, are still interactive when in PiP https://bugs.webkit.org/show_bug.cgi?id=147216 <rdar://problem/21012688> Reviewed by Simon Fraser. Explicitly add the PiP class to the controls container so that we can hang a pointer-events: none off it. * Modules/mediacontrols/mediaControlsiOS.css: (video::-webkit-media-controls-panel.picture-in-picture): Add a pointer-events: none. * Modules/mediacontrols/mediaControlsiOS.js: (ControllerIOS.prototype.handlePresentationModeChange): Add/remove a PiP class to the controls panel when necessary. 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187189. rdar://problem/21567767 2015-07-22 Dean Jackson <dino@apple.com> Out of bounds in WebGLRenderingContext::simulateVertexAttrib0 https://bugs.webkit.org/show_bug.cgi?id=147176 <rdar://problem/21567767> Reviewed by Oliver Hunt. Test: fast/canvas/webgl/out-of-bounds-simulated-vertexAttrib0-drawArrays.html Add overflow checking for the drawing calls, specifically the way they may simulate vertexAttrib0. * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::validateDrawArrays): Call new validation method. (WebCore::WebGLRenderingContextBase::validateDrawElements): Ditto. (WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0): New method that validates the parameters used to create the simulated attribute. (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): No need to do overflow checking here now that the validation method does it for us. (WebCore::WebGLRenderingContextBase::validateVertexAttributes): Deleted. * html/canvas/WebGLRenderingContextBase.h: Add new validation method. 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187173. rdar://problem/21637698 2015-07-22 Beth Dakin <bdakin@apple.com> Animated images should animate in previews https://bugs.webkit.org/show_bug.cgi?id=147173 -and corresponding- rdar://problem/21637698 Reviewed by Dan Bernstein. New virtual function to indicate whether or not the image is animated. * platform/graphics/BitmapImage.h: * platform/graphics/Image.h: (WebCore::Image::isAnimated): 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187170. rdar://problem/21901076 2015-07-22 Wenson Hsieh <wenson_hsieh@apple.com> Search fields render placeholder text improperly. https://bugs.webkit.org/show_bug.cgi?id=147192 <rdar://problem/21901076> Reviewed by Alexey Proskuryakov. Due to changes in the way AppKit renders search inputs, we must now explicitly set the placeholder text of a search input rendered using the Mac theme to be an empty string when rendering the search input box (not including the actual placeholder text). * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::setSearchCellState): Force the placeholder text of the NSSearchFieldCell for the Mac theme to be an empty string. 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187144. rdar://problem/21931728 2015-07-21 Dean Jackson <dino@apple.com> Default media controls use a serif font, which seems wrong https://bugs.webkit.org/show_bug.cgi?id=147179 <rdar://problem/21931728> Reviewed by Simon Fraser. The captions menu (and other text) should use a system style, -webkit-small-control. * Modules/mediacontrols/mediaControlsApple.css: (::-webkit-media-controls): 2015-07-24 Lucas Forschler <lforschler@apple.com> Merge r187133 2015-07-21 Benjamin Poulain <bpoulain@apple.com> StyleSheetContents::wrapperInsertRule() can create rules that overflow RuleData's selector index https://bugs.webkit.org/show_bug.cgi?id=147144 Reviewed by Alex Christensen. RuleData identifies selectors by the index in a large array. The index only has 13 bits so rules with more than 8192 selectors should be split. One of the paths was not splitting the rule: StyleSheetContents::wrapperInsertRule(). When rules with too many selectors were added, the index would overflow and some RuleData would point to selectors in the middle of selector chains. The resulting behavior is random based on the selectors and the DOM. We cannot easily fix that because the CSS OM API do not expect to create several rules in response to calls to the API. In this patch, I don't do anything fancy and just let the calls fail if we cannot use the rules safely. Content Extensions were also running into this problem. Large Selector lists are pretty common, and ContentExtensionStyleSheet::addDisplayNoneSelector() was overflowing the RuleData, creating broken page. Unlike CSSOM, there is no problem with splitting rules coming from Content Extensions. Instead of creating new APIs for that case, I rely on the parser to extend the StyleSheetContents. That code already knows how to break rules correctly. Tests: fast/css/insert-rule-overflow-rule-data.html http/tests/contentextensions/css-display-none-overflows-rule-data-1.html http/tests/contentextensions/css-display-none-overflows-rule-data-2.html * contentextensions/ContentExtensionStyleSheet.cpp: (WebCore::ContentExtensions::ContentExtensionStyleSheet::addDisplayNoneSelector): * css/StyleSheetContents.cpp: (WebCore::StyleSheetContents::wrapperInsertRule): 2015-07-23 Lucas Forschler <lforschler@apple.com> Merge r187130 2015-07-21 Jon Honeycutt <jhoneycutt@apple.com> [iOS] Keyboard bold/italic/underline keys don't highlight after being tapped to style a selection https://bugs.webkit.org/show_bug.cgi?id=147164 <rdar://problem/21630806> Reviewed by Ryosuke Niwa. * editing/cocoa/EditorCocoa.mm: (WebCore::Editor::styleForSelectionStart): Use adjustedSelectionStartForStyleComputation(), which will ensure that we're at the start of the selected node, not at the end of the node before the selection. 2015-07-23 Lucas Forschler <lforschler@apple.com> Merge r187116 2015-07-21 Said Abou-Hallawa <sabouhallawa@apple.com> REGRESSION (r172417, r184065): Multiple rendering issues with fixed attached background-image https://bugs.webkit.org/show_bug.cgi?id=147049 <rdar://problem/21110936> Reviewed by Simon Fraser. The fixed-attached background-image rendering is special. In general, to display it, the destinationSize should be set to visibleContentSize. The destinationLocation should be set such that the background-image does not move with scrolling. The topContentInset should be subtracted from the destinationLocation such that background-image can be rendered blurred in the topContentArea. However there are cases in which these rules have to be changed. -- destinationSize: In the case of fixed layout size, the fixedLayoutSize is bigger than the visibleContentSize. In this case, if the background-image belongs to the root element, the destinationSize has to be set to fixedLayoutSize. Otherwise it has to be set to the borderBoxSize unless the overflow is hidden. -- destinationLocation: If the background-image belongs to the root element, no scroll offset to added to destinationLocation. For non-root element case, FrameView::documentScrollOffsetRelativeToViewOrigin() should be used if no page scaling is applied. Otherwise FrameView::scrollOffsetForFixedPosition() should be used instead. Tests: platform/mac-wk2/tiled-drawing/fixed-layout-size-fixed-attachment-cover.html platform/mac-wk2/tiled-drawing/fixed-layout-size-fixed-attachment-local.html * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry): Ensure the geometry for the fixed-attached background-image is calculated correctly. * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateGeometry): Ensure the background layer gets the correct size for the fixedLayoutSize mode. 2015-07-23 Lucas Forschler <lforschler@apple.com> Merge r186981 2015-07-17 Zalan Bujtas <zalan@apple.com> (display: block)input range's thumb disappears when moved. https://bugs.webkit.org/show_bug.cgi?id=146896 <rdar://problem/21787807> Reviewed by Simon Fraser. Since the thumb is positioned after the layout for the input (shadow) subtree is finished, the repaint rects issued during the layout will not cover the re-positioned thumb. We need to issue a repaint soon after the thumb is re-positioned. Test: fast/repaint/block-inputrange-repaint.html * html/shadow/SliderThumbElement.cpp: (WebCore::RenderSliderContainer::layout): == Rolled over to ChangeLog-2015-07-23 ==