2011-02-03 Mark Rowe Build fix. * plugins/PluginView.cpp: (WebCore::PluginView::start): (WebCore::PluginView::getURLNotify): (WebCore::PluginView::getURL): (WebCore::PluginView::handlePost): 2011-02-01 Mark Rowe Merge r73444. 2010-12-06 Darin Adler Reviewed by Sam Weinig. Pass security origin to make local file decision correctly https://bugs.webkit.org/show_bug.cgi?id=48603 * bindings/generic/BindingDOMWindow.h: (WebCore::BindingDOMWindow::createWindow): Pass security origin. (WebCore::BindingDOMWindow::open): Ditto. * bindings/generic/BindingFrame.h: (WebCore::BindingFrame::navigateIfAllowed): Ditto. * bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::setLocation): Pass security origin. (WebCore::createWindow): Ditto. (WebCore::JSDOMWindow::open): Ditto. * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::setLocation): Pass security origin. * dom/Document.cpp: (WebCore::Document::processHttpEquiv): Pass security origin. * inspector/InspectorController.cpp: (WebCore::InspectorController::openInInspectedWindow): Pass security origin. * loader/FrameLoader.cpp: (WebCore::FrameLoader::changeLocation): Added a security origin argument, passed through to urlSelected. (WebCore::FrameLoader::urlSelected): Replaced the resource request and frame name arguments with a frame load request arguments in one overload, and changed the other overload to pass in the current frame's document for the security origin. (WebCore::FrameLoader::loadFrameRequest): Moved the canDisplay check before the referrer computation because it no longer needs to look at the referrer. Replaced the call to canDisplay that used the target frame's security origin and the call to deprecatedCanDisplay with a single call to canDisplay that uses the requester security origin. * loader/FrameLoader.h: Updated for argument changes above. * loader/NavigationScheduler.cpp: (WebCore::ScheduledURLNavigation::ScheduledURLNavigation): Added a security origin. (WebCore::ScheduledURLNavigation::fire): Pass the security origin in to FrameLoader::changeLocation. (WebCore::ScheduledURLNavigation::securityOrigin): Added. (WebCore::ScheduledRedirect::ScheduledRedirect): Added a security origin argument. (WebCore::ScheduledLocationChange::ScheduledLocationChange): Ditto. (WebCore::ScheduledRefresh::ScheduledRefresh): Ditto. (WebCore::ScheduledRefresh::fire): Pass the security origin in to FrameLoader::changeLocation. (WebCore::ScheduledFormSubmission::fire): Include the security origin when constructing form submission. (WebCore::NavigationScheduler::scheduleRedirect): Include the security origin when creating the scheduled navigation object. (WebCore::NavigationScheduler::scheduleLocationChange): Ditto. (WebCore::NavigationScheduler::scheduleRefresh): Ditto. * loader/NavigationScheduler.h: Added the security origin argument to scheduleLocationChange. * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::loadOrRedirectSubframe): Pass in the security origin when calling scheduleLocationChange. * loader/appcache/ApplicationCacheGroup.cpp: (WebCore::ApplicationCacheGroup::selectCache): Ditto. * page/ContextMenuController.cpp: (WebCore::openNewWindow): Pass in the security origin. (WebCore::ContextMenuController::contextMenuItemSelected): Ditto. * page/FrameLoadRequest.h: Added a security origin called the requester to all FrameLoadRequest objects. * page/XSSAuditor.cpp: (WebCore::XSSAuditor::findInRequest): Added the security origin. 2011-02-01 Mark Rowe Merge r59596. 2010-05-16 Chris Jerdonek Reviewed by =Adam Barth. Refactored FrameLoader::changeLocation() and urlSelected() to share more code. https://bugs.webkit.org/show_bug.cgi?id=38827 No change in behavior, so no new tests. * bindings/ScriptControllerBase.cpp: (WebCore::ScriptController::executeIfJavaScriptURL): - Changed a parameter from boolean to the ShouldReplaceDocumentIfJavaScriptURL enum. * bindings/js/ScriptController.h: - Changed a parameter from boolean to the ShouldReplaceDocumentIfJavaScriptURL enum. * bindings/v8/ScriptController.h: - Changed a parameter from boolean to the ShouldReplaceDocumentIfJavaScriptURL enum. * loader/FrameLoader.cpp: (WebCore::FrameLoader::changeLocation): - Changed to call the new private overload of urlSelected(). (WebCore::FrameLoader::urlSelected): - Added a private overload of urlSelected(). - Changed the public urlSelected() to call the private overload. (WebCore::FrameLoader::submitForm): * loader/FrameLoader.h: - Added a private overload of urlSelected(). * loader/FrameLoaderTypes.h: - Added a ShouldReplaceDocumentIfJavaScriptURL enum. 2011-02-01 Mark Rowe Merge r71769. 2010-11-10 Alexey Proskuryakov Release build fix. * css/StyleSheet.cpp: isAcceptableStyleSheetParent() is a debug-only function. 2011-02-01 Mark Rowe Merge r71767. 2010-11-08 Alexey Proskuryakov Reviewed by Darin Adler. https://bugs.webkit.org/show_bug.cgi?id=45205 Detached elements shouldn't have style sheets. Tests: fast/dom/StyleSheet/detached-style-2.html fast/dom/StyleSheet/detached-style-pi.xhtml fast/dom/StyleSheet/detached-style.html fast/dom/StyleSheet/detached-style-pi-2.xhtml * bindings/js/JSStyleSheetCustom.cpp: (WebCore::JSStyleSheet::markChildren): There is no longer a need to mark owner nodes - StyleSheet->ownerNode() is only non-null when the node is in document. * css/StyleSheet.cpp: (WebCore::StyleSheet::StyleSheet): Added an assertion checking that all nodes that can be StyleSheet parents have been verified. * css/StyleSheet.h: (WebCore::StyleSheet::clearOwnerNode): Added. * dom/ProcessingInstruction.cpp: (WebCore::ProcessingInstruction::~ProcessingInstruction): Clear stylesheet's owner node. This shouldn't have observable effect, since a processing instruction that is in document can only be destroyed with document, and a reachable stylsheet keeps document alive. (WebCore::ProcessingInstruction::removedFromDocument): Clear the relationship between node and style sheet when removed. (WebCore::ProcessingInstruction::setCSSStyleSheet): If the element was removed during load, we still don't want to create a style sheet. * dom/StyleElement.cpp: (WebCore::StyleElement::sheet): There is no reason for lazy creation. It was a wrong fix for bug 14462, whose regression test still passes. (WebCore::StyleElement::removedFromDocument): Clear the relationship between node and style sheet when removed. (WebCore::StyleElement::finishParsingChildren): Don't call sheet(), it doens't have side effects any more. (WebCore::StyleElement::createSheet): Assert that the element is in document. We never want to create a style sheet for an element that isn't. * dom/StyleElement.h: (WebCore::StyleElement::sheet): Made implementation inline, now that it's a simple getter. * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::~HTMLLinkElement): Clear stylesheet's owner node. (WebCore::HTMLLinkElement::process): Assert that there is no style sheet lingering for any reason. (WebCore::HTMLLinkElement::removedFromDocument): Clear the relationship between node and style sheet when removed. (WebCore::HTMLLinkElement::setCSSStyleSheet): If the element was removed during load, we still don't want to create a style sheet. * html/HTMLStyleElement.cpp: (WebCore::HTMLStyleElement::~HTMLStyleElement): * html/HTMLStyleElement.h: * svg/SVGStyleElement.cpp: (WebCore::SVGStyleElement::~SVGStyleElement): * svg/SVGStyleElement.h: Clear stylesheet's owner node. As above, this shouldn't have observable effect. * xml/XSLTProcessor.h: * xml/XSLTProcessor.cpp: (WebCore::XSLTProcessor::~XSLTProcessor): * dom/Document.cpp: (WebCore::Document::~Document): * css/CSSParser.cpp: (WebCore::CSSParser::parseSelector): Assert that stylesheet won't outlive its owner node. We don't really use refcounting here. 2011-02-01 Mark Rowe Merge r73620. 2010-12-09 Abhishek Arya Reviewed by Dimitri Glazkov. As part of r73559, I added the referenceNode check to validate whether the root node of the iterator matches the node which is getting moved to other document. referenceNode is initialized to root, however can get moved using previousNode and nextNode methods, so it is required to use root directly. https://bugs.webkit.org/show_bug.cgi?id=50764 Test: fast/dom/node-iterator-reference-node-moved-crash.html * dom/Document.cpp: (WebCore::Document::moveNodeIteratorsToNewDocument): change referenceNode to root. 2011-02-01 Mark Rowe Merge r73559. 2010-12-08 Abhishek Arya Reviewed by Dimitri Glazkov. Detach node iterator and move to new document when node gets moved. https://bugs.webkit.org/show_bug.cgi?id=50697 Test: fast/dom/node-iterator-document-moved-crash.html * dom/Document.cpp: Method that takes a node and new document as argument. It detaches the node iterators belonging to the current document and attaches them to the new document. (WebCore::Document::moveNodeIteratorsToNewDocument): * dom/Document.h: Function definition. * dom/Node.cpp: When node is moved to another document, call the function to move the iterators appropriately. (WebCore::Node::setDocument): 2011-02-01 Mark Rowe Merge r71431. 2010-11-05 Ryosuke Niwa Reviewed by Darin Adler. Crash in ApplyStyleCommand::surroundNodeRangeWithElement https://bugs.webkit.org/show_bug.cgi?id=48581 The crash was caused by a false assertion that we can always recover selection in ApplyStyleCommand::removeInlineStyle. Fixed the crash by removing the assertion and adding an early exit to the call site. Also converted raw pointers to RefPtr in surroundNodeRangeWithElement and addInlineStyleIfNeeded. Test (non-Mac platforms): editing/style/iframe-onload-crash.html * editing/ApplyStyleCommand.cpp: (WebCore::ApplyStyleCommand::applyInlineStyle): (WebCore::ApplyStyleCommand::removeInlineStyle): (WebCore::ApplyStyleCommand::surroundNodeRangeWithElement): (WebCore::ApplyStyleCommand::addInlineStyleIfNeeded): * editing/ApplyStyleCommand.h: 2011-02-01 Mark Rowe Merge r70792. 2010-10-28 Chris Fleizach Reviewed by Adele Peterson. AX: multi select group option does not handle setting of AXSelectedChildren correctly https://bugs.webkit.org/show_bug.cgi?id=48464 Ensure that when selecting an item from a goes away during event handling https://bugs.webkit.org/show_bug.cgi?id=41013 Test: fast/forms/input-number-crash.html * rendering/TextControlInnerElements.cpp: (WebCore::SpinButtonElement::defaultEventHandler): Nil check the RenderBox since its possible the renderer has gone away during event handling. 2010-07-09 Mark Rowe Merge r61801. 2010-06-24 Alexey Proskuryakov Reviewed by Brady Eidson. https://bugs.webkit.org/show_bug.cgi?id=41178 Timed refresh in subframes isn't stopped when going into b/f cache Test: fast/history/timed-refresh-in-cached-frame.html * history/CachedFrame.cpp: (WebCore::CachedFrame::CachedFrame): Top frame's stopLoading() won't help cached subframes; stop loading from here. * loader/FrameLoader.cpp: (WebCore::FrameLoader::stopLoading): Don't stop loading in child frames. This didn't work for cached frames due to frame tree having been already desonstructed, and it's not necessary in non-cached case because stopLoading() will be called for subframes via FrameLoader::detachFromParent() and closeURL(). (WebCore::FrameLoader::pageHidden): This was a second code path that dispatched pagehide event - it's no longer needed, because everything goes through FrameLoader::stopLoading(). (WebCore::FrameLoader::commitProvisionalLoad): Don't call pageHidden(), the code for adding frame to b/f cache will do everything. * loader/FrameLoader.h: Removed pageHidden(). 2010-07-09 Mark Rowe Merge r61707. 2010-06-23 Andy Estes Reviewed by Alexey Proskuryakov. Prevent a crash in WebCore when removing an object element with an invalid data URL in in a listener to its beforeload event. https://bugs.webkit.org/show_bug.cgi?id=41054 Tests: fast/dom/beforeload/remove-bad-object-in-beforeload-listener.html * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::renderFallbackContent): Exit early if the object element is not in the document. * rendering/RenderEmbeddedObject.cpp: (WebCore::RenderEmbeddedObject::updateWidget): If RenderWidget::destroy() was called during processing of onbeforeload, do not proceed with loading the object. 2010-07-09 Mark Rowe Merge r61424. 2010-06-17 Andy Estes Reviewed by Dan Bernstein. Prevent a crash in WebCore when removing a stylesheet link element in in a listener to its beforeload event. https://bugs.webkit.org/show_bug.cgi?id=40742 Postpone loading of link elements until after they have been inserted into the DOM and attached. This prevents DOM mutations triggered by beforeload handlers from firing in the midst of DOM insertion, which can lead to assertion failures and crashes. Test: fast/dom/beforeload/remove-link-in-beforeload-listener.html * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::HTMLLinkElement): Initialize m_shouldProcessAfterAttach to false. (WebCore::HTMLLinkElement::processCallback): Add a static callback function which calls HTMLLinkElement::process(). (WebCore::HTMLLinkElement::insertedIntoDocument): Instead of calling process() directly, set m_shouldProcessAfterAttach to true to indicate that process() should be called after attach(). (WebCore::HTMLLinkElement::removedFromDocument): Set m_shouldProcessAfterAttach to false. (WebCore::HTMLLinkElement::attach): If m_shouldProcessAfterAttach is true, register HTMLLinkElement::processCallback() as a post-attach callback. * html/HTMLLinkElement.h: Add m_shouldProcessAfterAttach. (WebCore::HTMLLinkElement::canLazyAttach): Override canLazyAttach() to return false to indicate that a full attach should be performed. This ensures the post-attach callbacks are fired. 2010-07-07 Mark Rowe Merge r62625. 2010-07-06 Steve Falkenburg Reviewed by Simon Fraser. Expose URL matching from WebUserContentURLPattern https://bugs.webkit.org/show_bug.cgi?id=41726 * WebCore.exp.in: Export UserContentURLPattern::matches for use in WebKit. 2010-07-07 Mark Rowe Merge r62477. 2010-07-04 Alice Liu Reviewed by Dan Bernstein. Crash reading past end of block in UniscribeController::shapeAndPlaceItem https://bugs.webkit.org/show_bug.cgi?id=41554 Test: platform/win/fast/text/uniscribe-item-boundary-crash.html * platform/graphics/win/UniscribeController.cpp: (WebCore::UniscribeController::shapeAndPlaceItem): Don't look one past the end of str. Instead look to the next item, if applicable. 2010-07-07 Hayato Ito Reviewed by Darin Adler. Rolling out 'page-break-inside:avoid' part of the r54929. Rebased the related layout tests, which are now expected to fail, as well. https://bugs.webkit.org/show_bug.cgi?id=41532 * rendering/RenderBlock.cpp: (WebCore::RenderBlock::paintChildren): 2010-07-07 Mark Rowe Merge r62482. 2010-07-05 Nikolas Zimmermann Reviewed by Darin Adler. Memory corruption with SVG element https://bugs.webkit.org/show_bug.cgi?id=40994 Fix race condition in svgAttributeChanged. Never call svgAttributeChanged() from attributeChanged() when we're synchronizing SVG attributes. It leads to either unnecessary extra work being done or crashes. Especially together with / which always synchronize the SVGAnimatedPoints datastructure with the points attribute, no matter if there are changes are not. This should be furhter optimized, but this fix is sane and fixes the root of the evil races. Test: svg/custom/use-property-synchronization-crash.svg * svg/SVGElement.cpp: (WebCore::SVGElement::attributeChanged): 2010-07-07 Mark Rowe Merge r62662. 2010-07-06 Nikolas Zimmermann Reviewed by Dirk Schulze. on causes crashes, if SVGUseElement gets detached https://bugs.webkit.org/show_bug.cgi?id=41621 Do not call removeFromMappedElementSheet() from the SVGFontFaceElement destructor, as that can potentially cause the element to be reattached while destructing. In order to fix the crash in the testcase, the order of calling the base-class detach method in SVGUseElement and the instance/shadow tree destruction has to be reversed, matching the order in removedFromDocument(). Test: svg/custom/use-font-face-crash.svg * svg/SVGFontFaceElement.cpp: (WebCore::SVGFontFaceElement::~SVGFontFaceElement): Remove removeFromMappedElementSheet() call. * svg/SVGUseElement.cpp: (WebCore::SVGUseElement::detach): Reverse order of calling base-class detach method and instance/shadow tree destruction. 2010-07-07 Mark Rowe Merge r59903. 2010-05-20 Fumitoshi Ukai Reviewed by Alexey Proskuryakov. WebSocket handshake incompatible change in draft-hixie-thewebsocketprotocol-76 https://bugs.webkit.org/show_bug.cgi?id=35572 WebSocket opening handshake is changed. New protocol draft could be found at http://www.whatwg.org/specs/web-socket-protocol/ It requires https://bugs.webkit.org/show_bug.cgi?id=38034 to pass websocket tests. * websockets/WebSocketHandshake.cpp: (WebCore::extractResponseCode): add lineLength parameter to return length of status line. (WebCore::hostName): Added. (WebCore::generateSecWebSocketKey): Added. (WebCore::generateKey3): Added. (WebCore::setChallengeNumber): Added. (WebCore::generateChallengeResponseExpected): Added. (WebCore::WebSocketHandshake::WebSocketHandshake): generate challenge response key and expected data. (WebCore::WebSocketHandshake::clientLocation): use hostName. (WebCore::WebSocketHandshake::clientHandshakeMessage): changed for draft 76 spec. (WebCore::WebSocketHandshake::clientHandshakeRequest): (WebCore::WebSocketHandshake::readServerHandshake): changed for draft 76 spec. m_mode is managed in this method. (WebCore::WebSocketHandshake::readHTTPHeaders): change error log messages. (WebCore::WebSocketHandshake::processHeaders): chagned for draft 76 spec. (WebCore::WebSocketHandshake::checkResponseHeaders): return boolean whether response header is ok or not and not change m_mode in it. * websockets/WebSocketHandshake.h: 2010-07-07 Mark Rowe Merge r62664. 2010-07-07 Andy Estes Reviewed by Adam Barth. Allow a beforeload listener to prevent loading of images in tags. https://bugs.webkit.org/show_bug.cgi?id=41027 Tests: fast/dom/beforeload/image-object-before-load-innerHTML.html fast/dom/beforeload/image-object-before-load.html * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::attach): Do not call RenderImage::setCachedImage() at the end of attach(). Instead, allow this to happen conditionally after beforeload is dispatched. * loader/ImageLoader.cpp: (WebCore::ImageLoader::dispatchPendingBeforeLoadEvent): Render fallback content if an object's load was cancelled. 2010-07-07 Mark Rowe Merge r62391. 2010-06-24 Dimitri Glazkov Reviewed by Alexey Proskuryakov. REGRESSION: Enter does not trigger submit of forms when focus is on select. https://bugs.webkit.org/show_bug.cgi?id=39532 Restore behavior where hitting "Enter" on a select element attempts to submit form implicitly. * dom/SelectElement.cpp: (WebCore::SelectElement::menuListDefaultEventHandler): Added htmlForm argument, and attempting to submit implicitly. (WebCore::SelectElement::listBoxDefaultEventHandler): Ditto. (WebCore::SelectElement::defaultEventHandler): Plumbed through htmlForm argument. * dom/SelectElement.h: Added htmlForm argument to method declaration. * html/HTMLSelectElement.cpp: (WebCore::HTMLSelectElement::defaultEventHandler): Changed to provide submitting form as the argument. 2010-07-01 Mark Rowe Merge r61667. 2010-06-23 Nikolas Zimmermann Reviewed by Eric Seidel. Reproducible crash in com.apple.WebCore 0x01ed3784 WebCore::RenderLineBoxList::appendLineBox(WebCore::InlineFlowBox*) + 36 https://bugs.webkit.org/show_bug.cgi?id=40953 REGRESSION (r58209-58231): Memory corruption with invalid SVG https://bugs.webkit.org/show_bug.cgi?id=40173 Fix several crashes, all related to and/or invalid SVG documents. - Only allow nodes, as direct children of a , not any other "partial" SVG content. - Assure to create RenderSVGRoot objects for nodes in , treat them as "outermost SVG elements". - Never allow any partial SVG content to appear in any document. Only elements are allowed. Tests: svg/custom/bug45331.svg svg/foreignObject/disallowed-svg-nodes-as-direct-children.svg svg/foreignObject/no-crash-with-svg-content-in-html-document.svg svg/foreignObject/svg-document-as-direct-child.svg svg/foreignObject/svg-document-in-html-document.svg svg/foreignObject/text-tref-02-b.svg * dom/Element.cpp: Added childShouldCreateRenderer, with ENABLE(SVG) guards. (WebCore::Element::childShouldCreateRenderer): Only create a renderer for a SVG child, if we're a SVG element, or if the child is a element. * dom/Element.h: Added childShouldCreateRenderer, with ENABLE(SVG) guards. * svg/SVGForeignObjectElement.cpp: (WebCore::SVGForeignObjectElement::childShouldCreateRenderer): Disallow arbitary SVG content, only elements are allowed as direct children of a * svg/SVGSVGElement.cpp: (WebCore::SVGSVGElement::isOutermostSVG): Be sure to create RenderSVGRoot objects for elements inside 2010-07-01 Mark Rowe Merge r61044. 2010-06-11 Abhishek Arya Reviewed by David Hyatt. Don't process floats if parent node is not a RenderBlock. https://bugs.webkit.org/show_bug.cgi?id=40033 Test: svg/text/clear-floats-crash.svg * rendering/RenderBlock.cpp: (WebCore::RenderBlock::clearFloats): 2010-07-01 Mark Rowe Merge r61050. 2010-06-10 Abhishek Arya Reviewed by Dave Hyatt. Do not render CSS Styles :first-letter and :first-line in a SVG text element context. https://bugs.webkit.org/show_bug.cgi?id=40031 Test: svg/text/text-style-invalid.svg * rendering/RenderSVGText.cpp: (WebCore::RenderSVGText::firstLineBlock): (WebCore::RenderSVGText::updateFirstLetter): * rendering/RenderSVGText.h: 2010-07-01 Mark Rowe Merge r62279. 2010-07-01 Alexey Proskuryakov Reviewed by Darin Adler. REGRESSION (r49411): Various crashes due to JavaScript execution during plug-in destruction Test: plugins/write-xssauditor-from-destroy.html Fix specific known cases that also crash in same process case. I don't know if there is any rule for when documentLoader should be checked for being null, it looks like a mess. * loader/FrameLoader.cpp: (WebCore::FrameLoader::referrer): * page/XSSAuditor.cpp: (WebCore::XSSAuditor::findInRequest): 2010-07-01 Mark Rowe Merge r61654. 2010-06-22 David Levin Reviewed by Alexey Proskuryakov. REGRESSION: (r47291): Upload progress events are not fired for simple cross-site XHR. https://bugs.webkit.org/show_bug.cgi?id=39029 Specifically, WebKit should fire upload events if one or more event listeners are registered on the XMLHttpRequestUpload object when send is called in an async manner. * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::createRequest): Allow upload events to be fired when there are handlers for them in the cross-origin simple request case. 2010-07-01 Mark Rowe Merge r60882. 2010-06-08 Mark Rowe Reviewed by Adele Peterson. REGRESSION (r56051): Inspect Element context menu does nothing in applications linked against 10.4 SDK Revert the change to ContextMenu::addInspectElementItem from r56051. It was made without explanation and broke a reliance that WebKit has on the presence of a separator before the Inspect Element menu item. This also restores the context menu item to the correct location at the bottom of the context menu in applications built against the Mac OS X 10.4 SDK. * platform/ContextMenu.cpp: (WebCore::ContextMenu::addInspectElementItem): 2010-07-01 Mark Rowe Merge r62135. 2010-06-29 Beth Dakin Reviewed by Darin Adler. Speculative fix for CrashTracer: [USER] 2300+ crashes in Safari at com.apple.WebCore: WebCore::FrameView::scheduleRelayout + 352 Unfortunately, we don't have a reproducible case for this bug, and therefore, we do not have a layout test either. It is pretty clear from the logs that m_frame->settings() is null in FrameView::scheduleRelayout() in the crashing case. m_frame->settings() is null whenever page is null. Everywhere else in FrameView.cpp we null-check either page or settings before using settings. It seems plausible to me that scheduleRelayout could be called when page is null, so the fix is just to add null-checks. * page/FrameView.cpp: (WebCore::FrameView::layout): (WebCore::FrameView::scheduleRelayout): 2010-07-01 Mark Rowe Merge r62134. 2010-06-29 Dan Bernstein Reviewed by Darin Adler. Certain text is repeated after using splitText() Tests: fast/text/setData-dirty-lines.html fast/text/splitText-dirty-lines.html * dom/CharacterData.cpp: (WebCore::CharacterData::setData): Call RenderText::setTextWithOffset() rather than setText(), because only the former correctly dirties line boxes. * dom/Text.cpp: (WebCore::Text::splitText): Ditto. 2010-07-01 Mark Rowe Merge r61921. 2010-06-25 Dan Bernstein Reviewed by Sam Weinig. Certain text is repeated before and after a line break Test: fast/text/bidi-explicit-embedding-past-end.html * platform/text/BidiResolver.h: (WebCore::::createBidiRunsForLine): Committing explicit embedding past the end of the range creates BidiRuns up to the end of the range, so at that point, we can stop iterating. 2010-07-01 Mark Rowe Merge r59396. 2010-05-13 Simon Fraser Reviewed by Dave Hyatt. Fix scrolling in composited iframes https://bugs.webkit.org/show_bug.cgi?id=39088 When propagating compositing out of iframes, we have to update the position of the iframe content layers on scrolling. Test: compositing/iframes/scrolling-iframe.html * page/FrameView.cpp: (WebCore::FrameView::scrollPositionChanged): Call updateContentLayerScrollPosition() when scrolling. * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry): Renamed setRootPlatformLayerClippingBox() to updateContentLayerOffset(). * rendering/RenderLayerCompositor.h: * rendering/RenderLayerCompositor.cpp: Rename m_clippingLayer to m_clipLayer to go better with m_scrollLayer. (WebCore::RenderLayerCompositor::updateContentLayerOffset): Renamed from setRootPlatformLayerClippingBox(). Set the size of the clipping layer from the FrameView now, so that scrollbars are not clipped out. Update the scroll layer position too. (WebCore::RenderLayerCompositor::updateContentLayerScrollPosition): Set the position of the scroll layer when the ScrollView is scrolled. (WebCore::RenderLayerCompositor::rootPlatformLayer): m_clippingLayer rename. (WebCore::RenderLayerCompositor::ensureRootPlatformLayer): m_clippingLayer rename. Also create m_scrollLayer at the same time as the clip layer, and clean it up as necessary. (WebCore::RenderLayerCompositor::destroyRootPlatformLayer): m_clippingLayer rename, and clean up the m_scrollLayer too. (WebCore::RenderLayerCompositor::detachRootPlatformLayer): m_clippingLayer rename 2010-07-01 Mark Rowe Merge r61435. 2010-06-18 Alexey Proskuryakov Reviewed by Geoff Garen. https://bugs.webkit.org/show_bug.cgi?id=40852 Limit simultaneous DNS prefetch request number (40852) No change in functionality, so no tests. We still queue up to 64 names, but only make up to 8 requests at once. If there are names remaining in queue, we retry after a short timeout (which is easier than posting notifications from client callback). * platform/network/cf/DNSCFNet.cpp: (WebCore::DNSResolveQueue::add): (WebCore::DNSResolveQueue::fired): 2010-07-01 Mark Rowe Merge r61296. 2010-06-16 Brady Eidson Reviewed by Eric Carlson and https://bugs.webkit.org/show_bug.cgi?id=40749 ResourceLoader::willCacheResponse() needs to null-check Frame::Settings() No new tests. (Discovered via crash reports, no reproducible cases noted) * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::willCacheResponse): Null check m_frame->settings(), but also add an ASSERT so debug-build developers can learn more about why this might be happening. 2010-07-01 Mark Rowe Merge r60640. 2010-06-03 James Robinson Reviewed by Dan Bernstein. Take container's scroll offset and clip into account when initializing LayoutState https://bugs.webkit.org/show_bug.cgi?id=38506 When doing a subtree layout, the initial LayoutState creation needs to take the layout root container's offset and its scroll offset into account to create the initial offset. Otherwise if a subtree layout occurs for a layout root whose container has a non-zero scroll offset the LayoutState's offset and clip are wrong, resulting in a mispaint. See the test cases for examples. Tests: fast/repaint/layout-state-scrolloffset.html fast/repaint/layout-state-scrolloffset2.html fast/repaint/layout-state-scrolloffset3.html * rendering/LayoutState.cpp: (WebCore::LayoutState::LayoutState): 2010-07-01 Mark Rowe Merge r61070. 2010-06-12 Dan Bernstein Reviewed by Oliver Hunt. REGRESSION (Safari 4-TOT): Crash when a frame’s resize handler removes the frame https://bugs.webkit.org/show_bug.cgi?id=40534 Test: fast/replaced/frame-removed-during-resize.html * rendering/RenderWidget.cpp: (WebCore::RenderWidget::updateWidgetPosition): Null-check m_widget, since resizing the widget may trigger an iframe’s resize handler, which may destroy the widget. 2010-07-01 Mark Rowe Merge r61200. 2010-06-15 Simon Fraser Reviewed by Dan Bernstein. YouTube thumbnail borders vanish during transition https://bugs.webkit.org/show_bug.cgi?id=40551 Turn off the direct image optimization if the image has a clip style, so that is is correctly rendered with the clip. Test: compositing/images/clip-on-directly-composited-image.html * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::isDirectlyCompositedImage): 2010-07-01 Mark Rowe Merge r60908. 2010-06-09 Mark Rowe Reviewed by Adele Peterson. REGRESSION (r51629): WebBackForwardList created via -init crashes when -addItem: is called. A WebBackForwardList created via -init results in a BackForwardList being created with a null m_page. BackForwardList needs to be careful not to dereference m_page without first ensuring it's not null. * history/BackForwardList.cpp: (WebCore::BackForwardList::addItem): Null-check m_page. (WebCore::BackForwardList::goBack): Ditto. (WebCore::BackForwardList::goForward): Ditto. (WebCore::BackForwardList::goToItem): Ditto. (WebCore::BackForwardList::setCapacity): Ditto. 2010-07-01 Mark Rowe Merge r61060. 2010-06-12 Kent Tamura Reviewed by Darin Adler. REGRESSION: Can't submit a form with https://bugs.webkit.org/show_bug.cgi?id=40429 Validity state was not updated correctly for radio buttons, and it prevents form submission even if a radio button group has a checked radio button. Test: fast/forms/interactive-validation-required-radio.html * html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::updateCheckedRadioButtons): Call setNeedsValidityCheck() for all of radio buttons in the same group to update validity state. (WebCore::HTMLInputElement::setChecked): Remove setNeedsValidityCheck() call because it is called in updateCheckedRadioButtons(). 2010-07-01 Mark Rowe Merge r60984. 2010-06-10 Tony Chang Reviewed by Kent Tamura. crash when focus is changed while trying to focus next element https://bugs.webkit.org/show_bug.cgi?id=40407 Test: fast/events/focus-change-crash.html * dom/Element.cpp: (WebCore::Element::focus): 2010-07-01 Mark Rowe Merge r60459. 2010-05-31 Tony Chang Reviewed by Dan Bernstein. REGRESSION (r58665): Infinite recursion in Position::getInlineBoxAndOffset() https://bugs.webkit.org/show_bug.cgi?id=39946 r58665 added an infinite recursion check, but didn't take into consideration recursion between two Positions. This adds a check for when downstreamIgnoringEditingBoundaries(p1) == p2 and upstreamIgnoringEditingBoundaries(p2) == p1 Test: editing/selection/mixed-editability-12.html * dom/Position.cpp: (WebCore::Position::getInlineBoxAndOffset): 2010-07-01 Mark Rowe Merge r61068. 2010-06-12 Dean Jackson Reviewed by Darin Adler. Animation keyframe timing functions are applying incorrectly https://bugs.webkit.org/show_bug.cgi?id=38963 When copying RenderStyles, we have to clone the AnimationList so that each keyframe can have its own timing function. Tests: animations/keyframe-timing-functions-transform.html animations/keyframe-timing-functions2.html * platform/animation/Animation.h: (WebCore::Animation::create): * platform/animation/AnimationList.cpp: (WebCore::AnimationList::AnimationList): * platform/animation/AnimationList.h: (WebCore::AnimationList::AnimationList): 2010-07-01 Mark Rowe Merge r60727. 2010-06-04 Chris Fleizach Reviewed by David Kilzer. AX: need an aria-help https://bugs.webkit.org/show_bug.cgi?id=40010 Test: accessibility/aria-help.html * accessibility/AccessibilityRenderObject.cpp: (WebCore::AccessibilityRenderObject::helpText): * html/HTMLAttributeNames.in: 2010-07-01 Mark Rowe Merge r61132. 2010-06-14 Chris Fleizach Reviewed by Beth Dakin. AX: AXUnknown objects are being returned https://bugs.webkit.org/show_bug.cgi?id=40574 Test: platform/mac/accessibility/no-unknown-objects-when-title-attribute-present.html * accessibility/mac/AccessibilityObjectMac.mm: (WebCore::AccessibilityObject::accessibilityPlatformIncludesObject): 2010-07-01 Mark Rowe Merge r61231. 2010-06-15 Mark Rowe Rubber-stamped by David Harrison. sqlite3_prepare16_v2 is not documented as always setting "tail" during error cases. Explicitly initialize it to null, just to be safe. * platform/sql/SQLiteStatement.cpp: (WebCore::SQLiteStatement::prepare): 2010-07-01 Mark Rowe Merge r61171. 2010-06-14 Mark Rowe Reviewed by Brady Eidson. REGRESSION: Crash on launch on Tiger and Leopard with network home folder * platform/sql/SQLiteStatement.cpp: (WebCore::SQLiteStatement::prepare): Don't assume that tail is always non-null, since that may not be the case with some versions of SQLite. Instead we must null-check before dereferencing. 2010-07-01 Mark Rowe Merge r61365. 2010-06-17 Abhishek Arya Reviewed by David Kilzer. (Landed by Dirk Pranke). Check for a null frame before setting drag selection. https://bugs.webkit.org/show_bug.cgi?id=38893 Same Layout test as https://bugs.webkit.org/show_bug.cgi?id=37168. Test: editing/pasteboard/drag-drop-iframe-refresh-crash.html Note that you need to run the test manually 20-30 times for the crash to reproduce. * editing/SelectionController.cpp: (WebCore::SelectionController::setSelection): 2010-06-28 Mark Rowe Merge r61045. 2010-06-11 Simon Fraser Reviewed by Dr Dan Bernstein. REGRESSION: crash when unloading an iFrame with Flash from the DOM https://bugs.webkit.org/show_bug.cgi?id=40161 Null-check the ownerElement of the RenderView's document when unhooking the compositing root of an iframe whose layers are parented via the enclosing document. Fixes a crash when dynamically removing such an iframe. Test: compositing/iframes/remove-iframe-crash.html * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::detachRootPlatformLayer): 2010-06-28 Mark Rowe Merge r59143. 2010-05-10 Simon Fraser Fix asserting GTK build. r59137 changed the behavior of RenderObject::repaintUsingContainer(). I mistakenly thought that non-compositing builds would always pass a 0 repaintContainer, but actually the RenderView is passed in this case. So use this to repaint if ACCELERATED_COMPOSITING is turned off. * rendering/RenderObject.cpp: (WebCore::RenderObject::repaintUsingContainer): 2010-06-28 Mark Rowe Merge r59140. 2010-05-10 Simon Fraser Fix warning on Windows about unreachable code. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::shouldPropagateCompositingToEnclosingIFrame): 2010-06-28 Mark Rowe Merge r59137. 2010-05-10 Simon Fraser Reviewed by Anders Carlsson Allow compositing layers to be connected across iframe boundaries on Mac https://bugs.webkit.org/show_bug.cgi?id=38856 RenderObject::repaintUsingContainer() incorrectly did a view-based repaint if the repaint container was the RenderView. Instead, we need to check to see if the RenderView's layer is composited, and, if so, whether it's painting into the window or not. This can occur when iframes are composited. The bug is timing-sensitive, involving compositing in iframes, and I was not able to concoct a good testcase. * rendering/RenderObject.cpp: (WebCore::RenderObject::repaintUsingContainer): 2010-06-28 Mark Rowe Merge r59136. 2010-05-10 Simon Fraser Reviewed by Anders Carlsson Allow compositing layers to be connected across iframe boundaries on Mac https://bugs.webkit.org/show_bug.cgi?id=38856 Changes to allow compositing layers for iframes to switch between being hosted by the iframe's layer-backed NSView, and parented in the GraphicsLayer tree of the enclosing document. Tests: compositing/iframes/connect-compositing-iframe.html compositing/iframes/connect-compositing-iframe2.html compositing/iframes/connect-compositing-iframe3.html * page/FrameView.h: * page/FrameView.cpp: (WebCore::FrameView::hasCompositedContent): New convenience method. (WebCore::FrameView::setIsOverlapped): If we're composited, poke the owner document in case it wants to re-evaluate compositing decisions. (WebCore::FrameView::isOverlapped): Just expose the existing flag. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::shouldBeNormalFlowOnly): (WebCore::RenderLayer::isSelfPaintingLayer): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateGraphicsLayerConfiguration): If this is an iframe, we need to ensure that the layers for the iframe content are hooked up. (WebCore::RenderLayerBacking::updateDrawsContent): When an iframe toggles between different attachments, the 'drawsContent' behavior of its root layer changes, so needs to be updated. * rendering/RenderLayerCompositor.h: (WebCore::RenderLayerCompositor::updateCompositingLayers): Call destroyRootPlatformLayer() instead of detachRootPlatformLayer() and manually zeroing out the OwnPtrs. (WebCore::RenderLayerCompositor::updateBacking): If a RenderIFrame changes compositing mode, we need to ensure that its content compositor attachment is updated. (WebCore::RenderLayerCompositor::repaintOnCompositingChange): The existing code had a bug that caused repaints for RenderViews (which have no parent) to bail. We only want to bail for non-RenderViews that are not attached. (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree): Factored the iframe-connecting code into a new method, parentIFrameContentLayers(). (WebCore::RenderLayerCompositor::parentIFrameContentLayers): New method to share the code that hooks up the iframe's compositing layers to the parent. (WebCore::RenderLayerCompositor::shouldPropagateCompositingToEnclosingIFrame): Add logic to propagate compositing out of iframes on Mac in two situations: 1) when the FrameView is overlapped, and 2) if the parent document is already composited. (WebCore::RenderLayerCompositor::ensureRootPlatformLayer): Clean up the logic here to better deal with dynamic changes of the attachment type. (WebCore::RenderLayerCompositor::destroyRootPlatformLayer): Clean up and null out the clipping layer here. (WebCore::RenderLayerCompositor::attachRootPlatformLayer): Call rootLayerAttachmentChanged(). (WebCore::RenderLayerCompositor::detachRootPlatformLayer): Ditto. Also unparent the clipping and platform layers. (WebCore::RenderLayerCompositor::updateRootLayerAttachment): Call ensureRootPlatformLayer() to re-evaluate the layer attachment. (WebCore::RenderLayerCompositor::rootLayerAttachmentChanged): We need to update the drawsContent() status of the RenderView's layer's backing, because it changes depending on the attachment. * rendering/RenderWidget.cpp: (WebCore::RenderWidget::paint): Do overlap testing if the frameView can do fast repaints (as before), but also now when the frameView has composited content. 2010-06-28 Mark Rowe Merge r59134. 2010-05-10 Simon Fraser Reviewed by Anders Carlsson Allow compositing layers to be connected across iframe boundaries on Mac https://bugs.webkit.org/show_bug.cgi?id=38856 Rename the static shouldPropagateCompositingToIFrameParent() to shouldPropagateCompositingToEnclosingIFrame(), to pave the way for runtime switches in the propagation behavior. We have to make sure we call it on the correct RenderLayerCompositor (that belonging to the iframe's content document). * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::paintingGoesToWindow): Now that we know the root layer attachment, we can simplify this method. * rendering/RenderLayerCompositor.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::enableCompositingMode): No need for the setNeedsStyleRecalc() here, because the ensureRootPlatformLayer() or destroyRootPlatformLayer() will have already done it. (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree): Use the root layer attachment to determine whether to parent the iframe's layers. (WebCore::RenderLayerCompositor::didMoveOnscreen): Method name change. (WebCore::RenderLayerCompositor::shouldPropagateCompositingToEnclosingIFrame): Name change. (WebCore::RenderLayerCompositor::requiresCompositingForIFrame): We need to consult the iframe contents document's compositor to ask whether propagation is appropriate. (WebCore::RenderLayerCompositor::ensureRootPlatformLayer): Name change. 2010-06-28 Mark Rowe Merge r59133. 2010-05-10 Simon Fraser Reviewed by Anders Carlsson Allow compositing layers to be connected across iframe boundaries on Mac https://bugs.webkit.org/show_bug.cgi?id=38856 Use an enum for the type of root layer attachment on a RenderLayerCompositor, so we can determine if the attachment is via the ChromeClient, via an enclosing iframe, or unattached. * rendering/RenderLayerCompositor.h: New RootLayerAttachment enum. (WebCore::RenderLayerCompositor::rootLayerAttachment): getter for the current attachment. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::RenderLayerCompositor): Init m_rootLayerAttachment. (WebCore::RenderLayerCompositor::~RenderLayerCompositor): Assert that is unattached. (WebCore::RenderLayerCompositor::updateCompositingLayers): Call destroyRootPlatformLayer instead of willMoveOffscreen, when there are no layers left. Also clear out the clipping layer. (WebCore::RenderLayerCompositor::didMoveOnscreen): Call attachRootPlatformLayer. (WebCore::RenderLayerCompositor::willMoveOffscreen): Call ensureRootPlatformLayer with the appropriate attachment. (WebCore::RenderLayerCompositor::ensureRootPlatformLayer): Only create the m_rootPlatformLayer if we don't have one already, but be sure to always set the root layer geometry orientation. Also only create the m_clippingLayer if we need to. (WebCore::RenderLayerCompositor::destroyRootPlatformLayer): Call detachRootPlatformLayer(). (WebCore::RenderLayerCompositor::attachRootPlatformLayer): Code moved from didMoveOnscreen, but switching on attachment. (WebCore::RenderLayerCompositor::detachRootPlatformLayer): Code moved from willMoveOffscreen, but switching on attachment. 2010-06-28 Mark Rowe Merge r59132. 2010-05-10 Simon Fraser Reviewed by Anders Carlsson Allow compositing layers to be connected across iframe boundaries on Mac https://bugs.webkit.org/show_bug.cgi?id=38856 Clean up the geometry logic when propagating compositing out of iframes. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::updateRootLayerPosition): Geometry on m_rootPlatformLayer no longer needs to be special when there's a clipping layer. (WebCore::RenderLayerCompositor::ensureRootPlatformLayer): Don't set the clipping layer to have flipped geometry ever, and only set the root layer to have flipped geometry if it is not being hosted in an iframe. Also no need to set a custom anchor point on the clipping layer. 2010-06-28 Mark Rowe Merge r59129. 2010-05-10 Simon Fraser Reviewed by Anders Carlsson Allow compositing layers to be connected across iframe boundaries on Mac https://bugs.webkit.org/show_bug.cgi?id=38856 Clean up some methods related to composited iframes. No behavioral changes. * rendering/RenderLayerBacking.h: Move innerRenderLayerCompositor() to be a static method: RenderLayerCompositor::iframeContentsCompositor(). * rendering/RenderLayerBacking.cpp: Remove innerRenderLayerCompositor(). (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry): Call iframeContentsCompositor(). * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::enableCompositingMode): Call enclosingIFrameElement() (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree): iframeContentsCompositor() is now a static method in this class. Also check that the iframe contents are in compositing mode (slightly clearer than relying on rootPlatformLayer() returning null). (WebCore::RenderLayerCompositor::iframeContentsCompositor): Moved from RenderLayerBacking. (WebCore::RenderLayerCompositor::didMoveOnscreen): Use enclosingIFrameElement() method. (WebCore::RenderLayerCompositor::willMoveOffscreen): Ditto. (WebCore::RenderLayerCompositor::enclosingIFrameElement): New method. (WebCore::RenderLayerCompositor::ensureRootPlatformLayer): Call enclosingIFrameElement(). * rendering/RenderLayerCompositor.h: New method, iframeContentsCompositor(). 2010-06-03 Mark Rowe Merge r59498. 2010-05-14 Steve Falkenburg Reviewed by Sam Weinig. Connection properties dictionary should use standard callbacks for keys, values https://bugs.webkit.org/show_bug.cgi?id=39132 * platform/network/cf/ResourceHandleCFNet.cpp: (WebCore::createConnectionProperties): 2010-06-01 Mark Rowe Merge r60502. 2010-06-01 Jer Noble Reviewed by Sam Weinig. QuickTime 7.6.4 + Safari Nightly = Crash https://bugs.webkit.org/show_bug.cgi?id=40019 rdar://problem/8035443 Check the return value of QTCFPropertyListCreateXMLData before calling CFDataGetLength(). * platform/graphics/win/QTCFDictionary.cpp: (QTCFDictionaryCreateCopyWithDataCallback): 2010-05-30 Mark Rowe Merge r59910. 2010-05-20 Simon Fraser Reviewed by Adam Roben. Avoid flushing CA layers when a layout is pending https://bugs.webkit.org/show_bug.cgi?id=39463 Avoid rendering the compositing layers to the screen if there's a layout pending, since the layer tree not in a state that should be presented to the user. This fixes flashes in some types of content that dynamically add and remove layers. Do this by adding a WKCACFLayerRendererClient for WKCACFLayerRenderer, which it can call through to ask whether now is a good time to render. If not, it schedules another render soon. * platform/graphics/win/WKCACFLayerRenderer.h: (WebCore::WKCACFLayerRendererClient::~WKCACFLayerRendererClient): * platform/graphics/win/WKCACFLayerRenderer.cpp: (WebCore::WKCACFLayerRenderer::acceleratedCompositingAvailable): (WebCore::WKCACFLayerRenderer::create): (WebCore::WKCACFLayerRenderer::WKCACFLayerRenderer): (WebCore::WKCACFLayerRenderer::render): 2010-05-27 Mark Rowe Merge r60317. 2010-05-27 Eric Carlson Reviewed by Darin Adler. Crash in CVPixelBufferCreateResolvedAttributesDictionary with RLE compressed movie. Configure the visual context to generate Direct3D compatible pixel buffers when we are able to use a CAImageQueue so there will be less conversion required before display. This change also works around the issue that causes the RLE compressed movie to crash. * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp: (WebCore::MediaPlayerPrivateQuickTimeVisualContext::load): Pass enum to QTMovieVisualContext constructor instead of CFDictionary. * platform/graphics/win/QTMovieVisualContext.cpp: (SetNumberValue): (getPixelBufferCreationOptions): New, create options dictionary appropriate for the visual context type. (pixelBufferCreationOptions): New, return options dictionary appropriate for the visual context type. (QTMovieVisualContextPriv::QTMovieVisualContextPriv): Get the options dictionary from getPixelBufferCreationOptions insteaad of taking it as a parameter. (QTMovieVisualContext::QTMovieVisualContext): Take enum instead of CFDictionary for visual context configuration type. * platform/graphics/win/QTMovieVisualContext.h: 2010-05-27 Mark Rowe Merge r60272. 2010-05-26 Jer Noble Patch edited by Adele Peterson and Mark Rowe. Reviewed by Eric Carlson Video elements show no video on Windows machines that do not support accelerated compositing https://bugs.webkit.org/show_bug.cgi?id=39446 rdar://problem/7999794 Create the visual context in setUpVideoRendering (as opposed to in load), and destroy it in tearDownVideoRendering (as opposed to in the destructor.) * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp: (WebCore::MediaPlayerPrivateQuickTimeVisualContext::~MediaPlayerPrivateQuickTimeVisualContext): (WebCore::MediaPlayerPrivateQuickTimeVisualContext::load): Moved creation of the visual context to setUpVideoRendering. (WebCore::MediaPlayerPrivateQuickTimeVisualContext::paint): Return early if the visual context isn't set up. (WebCore::MediaPlayerPrivateQuickTimeVisualContext::currentRenderingMode): If the visual context isn't set up, return MediaRenderingNone. (WebCore::MediaPlayerPrivateQuickTimeVisualContext::setUpVideoRendering): Create the visual context. (WebCore::MediaPlayerPrivateQuickTimeVisualContext::tearDownVideoRendering): Destroy the visual context. (WebCore::MediaPlayerPrivateQuickTimeVisualContext::hasSetUpVideoRendering): For software rendering mode, make sure the visual context has been set up when saying the setup has been done. * platform/graphics/win/QTMovieVisualContext.cpp: (QTMovieVisualContextPriv::~QTMovieVisualContextPriv): Destruction moved to tearDownVideoRendering. Also, make sure to cancel the visual context's newImageAvailable callback in the visual context's destructor. (QTMovieVisualContext::create): Added. * platform/graphics/win/QTMovieVisualContext.h: 2010-05-27 Mark Rowe Merge r60252. 2010-05-26 Alexey Proskuryakov Mac 32 bit build fix. * platform/graphics/mac/SimpleFontDataMac.mm: (WebCore::SimpleFontData::platformInit): Use static_cast instead of narrowPrecisionToFloat - the latter can't convert from float to float. 2010-05-27 Mark Rowe Merge r60247. 2010-05-26 Dan Bernstein Typed and reviewed by Alexey Proskuryakov. https://bugs.webkit.org/show_bug.cgi?id=39682 REGRESSION: WebKit nightly adding insane height to div at random Test: fast/css/custom-font-xheight.html * platform/graphics/mac/SimpleFontDataMac.mm: (WebCore::SimpleFontData::platformInit): Calling an Objective C method that returns a structure with a null object can leave garbage in returned value. Custom fonts don't have an NSFont, they only have a CGFont. Call platformBoundsForGlyph() function instead, which works with CGFont. (WebCore::SimpleFontData::platformBoundsForGlyph): Fixed to work on Tiger (for fonts that have an NSFont), since this is now used in more cases. 2010-05-25 Steve Falkenburg Windows build fix. Branch doesn't have r59910, so remove the argument from WKCACFLayerRenderer::create. * platform/graphics/win/MediaPlayerPrivateFullscreenWindow.cpp: (WebCore::MediaPlayerPrivateFullscreenWindow::MediaPlayerPrivateFullscreenWindow): 2010-05-25 Mark Rowe Merge r60207. 2010-05-25 Mark Rowe Build fix. * platform/graphics/win/MediaPlayerPrivateFullscreenWindow.cpp: 2010-05-25 Mark Rowe Merge r60190. 2010-05-22 Jer Noble Reviewed by Adam Roben. Full screen doesn't work for video elements https://bugs.webkit.org/show_bug.cgi?id=39557 rdar://problem/8011813 Add fullscreen support for MediaPlayerPrivateVisualContext. A new class, MediaPlayerPrivateFullscreenWindow, provides the fullscreen hwnd and layer renderer. Any WKCACFLayer can be provided to MediaPlayerPrivateFullscreenWindow so future additional MediaPlayerPrivate implementations can use the fullscreen window. Minor additions have been made to the FloatSize and IntSize classes. MediaPlayerPrivateQuickTimeVisualContext now calls retrieveCurrentImage after creating a new videoLayer; this is an existing bug that was never really exposed before now. * WebCore.vcproj/WebCore.vcproj: * platform/graphics/FloatSize.h: Added aspectRatio() and scale(float). (WebCore::FloatSize::aspectRatio): (WebCore::FloatSize::scale): * platform/graphics/IntSize.h: Added aspectRatio(). (WebCore::IntSize::aspectRatio): * platform/graphics/win/MediaPlayerPrivateFullscreenWindow.cpp: Added. * platform/graphics/win/MediaPlayerPrivateFullscreenWindow.h: Added. * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp: Call retrieveCurrentImage() after creating the videoLayer. (WebCore::MediaPlayerPrivateQuickTimeVisualContext::supportsFullscreen): (WebCore::MediaPlayerPrivateQuickTimeVisualContext::retrieveCurrentImage): (WebCore::MediaPlayerPrivateQuickTimeVisualContext::createLayerForMovie): * platform/graphics/win/WKCACFLayer.cpp: (WebCore::WKCACFLayer::WKCACFLayer): (WebCore::WKCACFLayer::removeFromSuperlayer): (WebCore::WKCACFLayer::setFrame): (WebCore::WKCACFLayer::internalSetNeedsDisplay): (WebCore::WKCACFLayer::setLayoutClient): (WebCore::WKCACFLayer::layoutSublayersProc): (WebCore::WKCACFLayer::layoutClient): (WebCore::WKCACFLayer::setNeedsLayout): * platform/graphics/win/WKCACFLayer.h: Add layout client class. (WebCore::WKCACFLayerLayoutClient::~WKCACFLayerLayoutClient): (WebCore::WKCACFLayer::frame): Added back frame()/setFrame(). * platform/graphics/win/WebTiledLayer.cpp: (WebCore::WebTiledLayer::setFrame): Implamented setFrame() in subclass of WKCACFLayer * platform/graphics/win/WebTiledLayer.h: * platform/graphics/win/WebTiledLayer.cpp: Added setFrame() overriding WKCACFLayer's implementation (WebCore::WebTiledLayer::setFrame): * platform/graphics/win/WebTiledLayer.h: 2010-05-25 Mark Rowe Merge r60150. 2010-05-25 Ada Chan Reviewed by Steve Falkenburg. Add a base class for DOMTimer called SuspendableTimer which captures just the basic functionality of TimerBase and ActiveDOMObject combined. It does not contain functionality specific to scripting timers. SuspendableTimer is used in fixing https://bugs.webkit.org/show_bug.cgi?id=39651 * Android.mk: * CMakeLists.txt: * GNUmakefile.am: * WebCore.gypi: * WebCore.pro: * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: * page/DOMTimer.cpp: (WebCore::DOMTimer::DOMTimer): (WebCore::DOMTimer::contextDestroyed): (WebCore::DOMTimer::stop): * page/DOMTimer.h: * page/SuspendableTimer.cpp: Added. (WebCore::SuspendableTimer::SuspendableTimer): (WebCore::SuspendableTimer::~SuspendableTimer): (WebCore::SuspendableTimer::hasPendingActivity): (WebCore::SuspendableTimer::stop): (WebCore::SuspendableTimer::suspend): (WebCore::SuspendableTimer::resume): (WebCore::SuspendableTimer::canSuspend): * page/SuspendableTimer.h: Added. 2010-05-25 Mark Rowe Merge r60092. 2010-05-24 Brady Eidson Reviewed by Darin Adler. Database origins aren't populated at launch (missing db in prefs sheet, possible other symptoms) and https://bugs.webkit.org/show_bug.cgi?id=39486 Currently, a Tracker needs to know it's path before origins are populated. Testing databases and related features is made very difficult with this regression, so instead of changing things in a complicated way to make this not the case, I've added an "initialize Tracker with this path" function that calls the DatabaseTracker constructor with the initial path. I checked the other platforms besides Mac and Win, and none of them seem to perform the "initialize databases if necessary" step in their init routines, so this change shouldn't effect them. No new tests. (API specific layout test in DRT is forthcoming) * WebCore.base.exp: * storage/DatabaseTracker.cpp: (WebCore::DatabaseTracker::initializeTracker): Added to create the tracker with its initial path. (WebCore::DatabaseTracker::tracker): Move the static tracker out so tracker() and initializeTracker() can share it. Add a fallback to not change behavior of platforms that don't call the new "initializeTracker()" method. (WebCore::DatabaseTracker::DatabaseTracker): Changed to take the initial path as an argument. * storage/DatabaseTracker.h: * storage/chromium/DatabaseTrackerChromium.cpp: (WebCore::DatabaseTracker::tracker): Adapt to new c'tor. (WebCore::DatabaseTracker::DatabaseTracker): Ditto. 2010-05-25 Mark Rowe Merge r60110. 2010-05-24 Jer Noble Reviewed by Eric Carlson. HTML5