2016-02-12 Babak Shafiei Merge r196401. 2016-02-10 Eric Carlson Update "manual" caption track logic https://bugs.webkit.org/show_bug.cgi?id=154084 Reviewed by Dean Jackson. No new tests, media/track/track-manual-mode.html was updated. * English.lproj/Localizable.strings: Add new string. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::addTextTrack): track.setManualSelectionMode is no more. (WebCore::HTMLMediaElement::configureTextTrackGroup): Never enable a track automatically when in manual selection mode. (WebCore::HTMLMediaElement::captionPreferencesChanged): track.setManualSelectionMode is no more. * html/track/TextTrack.cpp: (WebCore::TextTrack::containsOnlyForcedSubtitles): Return true for forced tracks. (WebCore::TextTrack::kind): Deleted. * html/track/TextTrack.h: * html/track/TrackBase.h: (WebCore::TrackBase::kind): De-virtualize, nobody overrides it. * page/CaptionUserPreferencesMediaAF.cpp: (WebCore::trackDisplayName): Include "forced" in the name of forced tracks. * platform/LocalizedStrings.cpp: (WebCore::forcedTrackMenuItemText): New. * platform/LocalizedStrings.h: 2016-02-03 Matthew Hanson Merge r195837. rdar://problem/24001782 2016-01-29 Brent Fulgham [WebGL] Check vertex array bounds before permitting a glDrawArrays to execute https://bugs.webkit.org/show_bug.cgi?id=153643 Reviewed by Dean Jackson. Tested by fast/canvas/webgl/webgl-drawarrays-crash.html. * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::validateDrawArrays): Make sure that we have at least one buffer bound to a program if a drawArray call with a non-zero range of requested data is being made. (WebCore::WebGLRenderingContextBase::validateDrawElements): Drive-by formatting fix. 2016-02-03 Matthew Hanson Merge r196096. rdar://problem/24416768 2016-02-03 Matthew Hanson Merge r196010. rdar://problem/24417428 2016-02-02 Eric Carlson Allow ports to disable automatic text track selection https://bugs.webkit.org/show_bug.cgi?id=153761 Reviewed by Darin Adler. Test: media/track/track-manual-mode.html * Modules/mediacontrols/MediaControlsHost.cpp: (WebCore::MediaControlsHost::manualKeyword): New. (WebCore::MediaControlsHost::captionDisplayMode): Support 'manual' mode. * Modules/mediacontrols/MediaControlsHost.h: * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.buildCaptionMenu): Check the 'off' item when in manual mode. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::addTextTrack): Update m_captionDisplayMode when called for the first time so it is always correct. Set the track's manual selection mode as appropriate. (WebCore::HTMLMediaElement::captionPreferencesChanged): Set each track's manual selection mode as appropriate. * html/track/TextTrack.cpp: (WebCore::TextTrack::kind): Return 'subtitles' for forced tracks when in manual mode. * html/track/TextTrack.h: * html/track/TrackBase.h: (WebCore::TrackBase::kind): Make virtual. * page/CaptionUserPreferences.cpp: (WebCore::CaptionUserPreferences::beginBlockingNotifications): New. (WebCore::CaptionUserPreferences::endBlockingNotifications): Ditto. (WebCore::CaptionUserPreferences::notify): Don't notify when blocked. * page/CaptionUserPreferences.h: * page/CaptionUserPreferencesMediaAF.cpp: (WebCore::CaptionUserPreferencesMediaAF::CaptionUserPreferencesMediaAF): Set manual mode when appropriate. (WebCore::CaptionUserPreferencesMediaAF::captionDisplayMode): Check manual mode. (WebCore::CaptionUserPreferencesMediaAF::setCaptionDisplayMode): Ditto. (WebCore::CaptionUserPreferencesMediaAF::setPreferredLanguage): Ditto. (WebCore::CaptionUserPreferencesMediaAF::textTrackSelectionScore): Return zero when in manual mode. (WebCore::CaptionUserPreferencesMediaAF::sortedTrackListForMenu): Consider manual mode. Fix typos in logging. * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::mediaDescriptionForKind): Return 'auxiliary' when in manual mode. * testing/Internals.cpp: (WebCore::Internals::setCaptionDisplayMode): Support manual mode. 2016-02-03 Matthew Hanson Merge r196095. rdar://problem/24416768 2016-02-03 Matthew Hanson Merge r195912. rdar://problem/24417428 2016-01-30 Eric Carlson More than one audio and/or text track sometimes selected in media controls menu https://bugs.webkit.org/show_bug.cgi?id=153664 Use an element for the track menu item checkmark instead of a background image and the ::before selector. Reviewed by Jer Noble. Test: media/controls/track-menu.html * Modules/mediacontrols/mediaControlsApple.css: (audio::-webkit-media-controls-closed-captions-container li:hover): (audio::-webkit-media-controls-closed-captions-container li .checkmark-container): (audio::-webkit-media-controls-closed-captions-container li.selected .checkmark-container): (audio::-webkit-media-controls-closed-captions-container li.selected:hover .checkmark-container): (audio::-webkit-media-controls-closed-captions-container li.selected::before): Deleted. (audio::-webkit-media-controls-closed-captions-container li.selected:hover::before): Deleted. * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.buildCaptionMenu): (Controller.prototype.): (Controller.prototype.getCurrentControlsStatus): 2016-02-03 Matthew Hanson Merge r196094. rdar://problem/24416768 2016-02-03 Matthew Hanson Merge r192570. rdar://problem/24417428 2015-11-18 Aaron Chu AX: Shadow DOM video player controls menus need aria-owns on the trigger buttons https://bugs.webkit.org/show_bug.cgi?id=127065 Reviewed by Darin Adler. Test: media/accessibility-closed-captions-has-aria-owns.html * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.createControls): (Controller.prototype.buildCaptionMenu): * Modules/mediacontrols/mediaControlsBase.js: (Controller.prototype.createControls): (Controller.prototype.buildCaptionMenu): 2016-01-31 Babak Shafiei Merge r195932. 2016-01-28 Babak Shafiei Merge r195751 and r195761. 2016-01-28 Babak Shafiei Merge r195607. 2016-01-27 Dean Jackson [iOS] Documents without an explicit width should not get fast tapping https://bugs.webkit.org/show_bug.cgi?id=153465 Reviewed by Simon Fraser (and Wenson Hseih). As the title says, documents that do not set a viewport should not get the fast click behaviour. There were complaints that we broke double-tap to scroll in ImageDocuments where the image was narrow and long. The fix is to just keep a flag that tells the UI process if the width was explicit. However, it turns out that those ImageDocuments are given an explicit device-width, which is fine for scaling but really should behave as auto for fast tapping. So we also need to tell the UIProcess if the viewport arguments came from an ImageDocument. Test: fast/events/ios/viewport-no-width-value-allows-double-tap.html * dom/ViewportArguments.cpp: (WebCore::findSizeValue): Add a parameter that toggles a flag if the size was explicitly set. (WebCore::setViewportFeature): Remember if the width was explicit. * dom/ViewportArguments.h: Add a widthWasExplicit flag. (WebCore::ViewportArguments::operator==): 2016-01-28 Babak Shafiei Follow-up fix for r195625. 2016-01-27 Babak Shafiei Merge r195625. 2016-01-26 Brady Eidson History.pushState causes intense memory pressure. https://bugs.webkit.org/show_bug.cgi?id=153435 Reviewed by Sam Weinig, Oliver Hunt, and Geoff Garen. Tests: fast/loader/stateobjects/pushstate-frequency-iframe.html fast/loader/stateobjects/pushstate-frequency-with-user-gesture.html fast/loader/stateobjects/pushstate-frequency.html fast/loader/stateobjects/replacestate-frequency-iframe.html fast/loader/stateobjects/replacestate-frequency-with-user-gesture.html fast/loader/stateobjects/replacestate-frequency.html loader/stateobjects/pushstate-size-iframe.html loader/stateobjects/pushstate-size.html loader/stateobjects/replacestate-size-iframe.html loader/stateobjects/replacestate-size.html Add restrictions on how frequently push/replaceState can be called, as well as how much of a cumulative payload they can deliver. * bindings/js/JSHistoryCustom.cpp: (WebCore::JSHistory::pushState): (WebCore::JSHistory::replaceState): * page/History.cpp: (WebCore::History::stateObjectAdded): * page/History.h: 2016-01-27 Babak Shafiei Merge r195671. 2016-01-26 Jer Noble Calling video.controls=true during a scrub operation cancels scrub. https://bugs.webkit.org/show_bug.cgi?id=153494 Reviewed by Eric Carlson. Test: media/media-controls-drag-timeline-set-controls-property.html Verify that the video.controls attribute actually changed before tearing down and re-adding the media controls to the Shadow DOM. * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.handleControlsChange): (Controller.prototype.hasControls): 2016-01-26 Matthew Hanson Merge r195606. rdar://problem/24243317 2016-01-25 Dave Hyatt Speculative fixes for crashing in viewportChangeAffectedPicture https://bugs.webkit.org/show_bug.cgi?id=153450 Reviewed by Dean Jackson. Don't attach any conditions to the removal of a picture element from the document's HashSet. This ensures that if the condition is ever wrong for any reason, we'll still remove the picture element on destruction. Fix the media query evaluation to match the other evaluations (used by the preload scanner and HTMLImageElement). This includes using the document element's computed style instead of our own and also null checking the document element first. This is the likely cause of the crashes. * html/HTMLPictureElement.cpp: (WebCore::HTMLPictureElement::~HTMLPictureElement): (WebCore::HTMLPictureElement::didMoveToNewDocument): (WebCore::HTMLPictureElement::viewportChangeAffectedPicture): 2016-01-20 Andy Estes Re-enable synchronous popstate event for safari-601-branch https://bugs.webkit.org/show_bug.cgi?id=153297 rdar://problem/24154417 Reviewed by Brent Fulgham. r192369 made the popstate event dispatch asynchronously, which matches what the HTML5 spec says to do. However, due to compatibility regressions, we do not want to include this behavior change in safari-601-branch. This change reverts r192369's changes to Document.cpp, but retains the new tests. This change is intended only for safari-601-branch and its copies. The popstate event should remain asynchronous in trunk. Firing popstate synchronously makes both fast/loader/remove-iframe-during-history-navigation-different. Html and fast/loader/remove-iframe-during-history-navigation-same.html crash, because their onpopstate handlers remove frames from the document that will later be accessed by HistoryController::recursiveGoToItem(). To prevent the crashes, this change does two things: 1. Keep a reference to the current frame inside FrameLoader::loadSameDocumentItem(), since calling loadInSameDocument() might otherwise delete it. 2. Handle a null frame when iterating a HistoryItem's child frames in HistoryController::recursiveGoToItem(), since calling goToItem() on one frame might cause another frame to be deleted. Covered by existing tests. fast/loader/stateobjects/popstate-is-asynchronous-expected.txt was updated to expect popstate to be synchronous. * dom/Document.cpp: (WebCore::Document::enqueuePopstateEvent): * loader/FrameLoader.cpp: (WebCore::FrameLoader::loadSameDocumentItem): * loader/HistoryController.cpp: (WebCore::HistoryController::recursiveGoToItem): 2016-01-25 Matthew Hanson Merge r195477. rdar://problem/24001780 2016-01-21 Sam Weinig Treat non-https actions on secure pages as mixed content https://bugs.webkit.org/show_bug.cgi?id=153322 Reviewed by Alexey Proskuryakov. Tests: http/tests/security/mixedContent/insecure-form-in-iframe.html http/tests/security/mixedContent/insecure-form-in-main-frame.html http/tests/security/mixedContent/javascript-url-form-in-main-frame.html * html/HTMLFormElement.cpp: (WebCore::HTMLFormElement::parseAttribute): Check form actions for mixed content. * loader/MixedContentChecker.cpp: (WebCore::MixedContentChecker::checkFormForMixedContent): * loader/MixedContentChecker.h: Add new function to check and warn if a form's action is mixed content. 2016-01-25 Matthew Hanson Merge r195393. rdar://problem/24042909 2016-01-20 David Kilzer ResourceHandleCFURLConnectionDelegateWithOperationQueue delegate methods don't NULL-check m_handle->client() Reviewed by Brent Fulgham. * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp: (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse): (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveData): (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFinishLoading): (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFail): (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse): (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData): (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveDataArray): - Add NULL check for m_handle->client() as is done in the WebCoreResourceHandleAsOperationQueueDelegate class in WebCoreResourceHandleAsOperationQueueDelegate.mm. (The NULL check for -connection:didReceiveResponse: is currently missing, but there are crashes there, too, that are covered by Bug 152673.) 2016-01-20 Matthew Hanson Merge r195150. rdar://problem/24208162 2016-01-15 Myles C. Maxfield [Cocoa] Font features are not applied to the system font https://bugs.webkit.org/show_bug.cgi?id=153053 Reviewed by Dean Jackson. We simply need to call preparePlatformFont() on it. Test: fast/text/system-font-features.html * platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::fontWithFamily): 2016-01-20 Babak Shafiei Merge r195132. 2016-01-15 Dave Hyatt Avoid downloading the wrong image for elements. https://bugs.webkit.org/show_bug.cgi?id=153027 Reviewed by Dean Jackson. No tests, since they are always flaky. * html/HTMLImageElement.cpp: (WebCore::HTMLImageElement::HTMLImageElement): (WebCore::HTMLImageElement::~HTMLImageElement): (WebCore::HTMLImageElement::createForJSConstructor): (WebCore::HTMLImageElement::bestFitSourceFromPictureElement): (WebCore::HTMLImageElement::insertedInto): (WebCore::HTMLImageElement::removedFrom): (WebCore::HTMLImageElement::pictureElement): (WebCore::HTMLImageElement::setPictureElement): (WebCore::HTMLImageElement::width): * html/HTMLImageElement.h: (WebCore::HTMLImageElement::hasShadowControls): * html/HTMLPictureElement.h: * html/parser/HTMLConstructionSite.cpp: (WebCore::HTMLConstructionSite::createHTMLElement): * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): Images that are built underneath a element are now connected to that picture element via a setPictureNode call from the parser. This ensures that the correct elements are examined before checking the image. This connection between images and their picture owners is handled using a static HashMap in HTMLImageElement. This connection is made both from the parser and from DOM insertions, and the map is queried now instead of looking directly at the image's parentNode(). 2016-01-20 Babak Shafiei Merge r195075. 2016-01-14 Daniel Bates Disallow use of Geolocation service from unique origins https://bugs.webkit.org/show_bug.cgi?id=153102 Reviewed by Alexey Proskuryakov. Tests: fast/dom/Geolocation/dataURL-getCurrentPosition.html fast/dom/Geolocation/dataURL-watchPosition.html fast/dom/Geolocation/srcdoc-getCurrentPosition.html fast/dom/Geolocation/srcdoc-watchPosition.html http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition.html http/tests/security/sandboxed-iframe-geolocation-watchPosition.html * Modules/geolocation/Geolocation.cpp: (WebCore::Geolocation::securityOrigin): Convenience function to get the SecurityOrigin object associated with this script execution context. (WebCore::Geolocation::startRequest): Notify requester POSITION_UNAVAILABLE when requested from a document with a unique origin. * Modules/geolocation/Geolocation.h: * page/SecurityOrigin.h: (WebCore::SecurityOrigin::canRequestGeolocation): Added. 2016-01-20 Babak Shafiei Merge r195162. 2016-01-15 Jiewen Tan FrameLoaderClient::didReceiveServerRedirectForProvisionalLoadForFrame() is never called when loading a main resource from the memory cache https://bugs.webkit.org/show_bug.cgi?id=152520 Reviewed by Andy Estes. Test: http/tests/loading/server-redirect-for-provisional-load-caching.html * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::responseReceived): Dispatch message to notify client that a cached resource was redirected. So, client can make proper actions to treat server side redirection. * loader/cache/CachedRawResource.h: Add a method to tell whether the cached resource was redirected. 2016-01-20 Timothy Hatcher CrashTracer: com.apple.WebKit.WebContent at …pector::CSSFrontendDispatcher::mediaQueryResultChanged + 316 Reviewed by Joseph Pecoraro. * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::willDestroyFrontendAndBackend): Call disable(). (WebCore::InspectorCSSAgent::mediaQueryResultChanged): Add null check. 2016-01-20 Matthew Hanson Merge r195088. rdar://problem/24101168 2016-01-14 Myles C. Maxfield Mixing Content Blocking of fonts and display:none rules causes battery drain https://bugs.webkit.org/show_bug.cgi?id=153051 Reviewed by Alex Christensen. If we have applied a rule before and we are not applying it again, don't resolve the style again. Test: http/tests/contentextensions/font-display-none-repeated-layout.html * contentextensions/ContentExtensionStyleSheet.cpp: (WebCore::ContentExtensions::ContentExtensionStyleSheet::addDisplayNoneSelector): * contentextensions/ContentExtensionStyleSheet.h: * dom/ExtensionStyleSheets.cpp: (WebCore::ExtensionStyleSheets::addDisplayNoneSelector): 2016-01-20 Matthew Hanson Merge r195082. rdar://problem/23633319 2016-01-14 Simon Fraser Remove workaround for rdar://problem/23623670 https://bugs.webkit.org/show_bug.cgi?id=153107 rdar://problem/23633319 Reviewed by Tim Horton. Remove the code that uses IOSurfaceAcceleratorTransformSurface() when copying from back-to-front buffer, now that CGIOSurfaceContextCreate()-code path works correctly. * platform/graphics/cocoa/IOSurface.h: * platform/graphics/cocoa/IOSurface.mm: (IOSurface::ensurePlatformContext): (IOSurface::copyToSurface): Deleted. 2016-01-20 Matthew Hanson Merge r188377. rdar://problem/24208161 2015-08-12 Myles C. Maxfield [Cocoa] [CJK-configured device] System font has vertical punctuation https://bugs.webkit.org/show_bug.cgi?id=147964 Reviewed by Dean Jackson. GlyphPage::fill() has multiple code paths to accomplish its goal. It uses the shouldUseCoreText() helper function to determine which one of the paths should be taken. However, not all of the code paths in GlyphPage::fill() are able of handling all situations. Indeed, the CoreText code paths in GlyphPage::fill() are only able to handle the situations which shouldUseCoreText() returns true for. This happens in the following cases: 1. If the font is a composite font 2. If the font is used for text-combine 3. If the font has vertical glyphs In r187693, I added one more case to this list: If the font is the system font. However, I failed to add the necessary support to GlyphPage::fill() for this case. Becasue of this, we just happened to fall into the case of vertical fonts (just by coincidence), which causes us to use CTFontGetVerticalGlyphsForCharacters() instead of CTFontGetGlyphsForCharacters(). The solution is to adopt the same behavior we were using before r187693. Back then, we were using CGFontGetGlyphsForUnichars(), which always returned horizontal glyphs. We should simply adopt this same behavior, except in the Core Text case. Therefore, this patch is just a simple check to see if we are using the system font when determining which Core Text function to use. Test: fast/text/system-font-punctuation.html * platform/graphics/FontDescription.h: (WebCore::FontDescription::setWidthVariant): * platform/graphics/FontPlatformData.h: (WebCore::FontPlatformData::isForTextCombine): * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::shouldUseCoreText): (WebCore::GlyphPage::fill): * rendering/RenderCombineText.cpp: (WebCore::RenderCombineText::combineText): 2016-01-19 Matthew Hanson Merge r188263. rdar://problem/24208161 2015-08-11 Myles C. Maxfield [iOS] Arabic letter Yeh is drawn in LastResort https://bugs.webkit.org/show_bug.cgi?id=147862 Reviewed by Darin Adler. In order to perform font fallback, we must know which fonts support which characters. We perform this check by asking each font to map a sequence of codepoints to glyphs, and any glyphs which end up with a 0 value are unsupported by the font. One of the mechanisms that we use to do this is to combine the code points into a string, and tell Core Text to lay out the string. However, this is fundamentally a different operation than the one we are trying to perform. Strings combine adjacent codepoints into grapheme clusters, and CoreText operates on these. However, we are trying to gain information regarding codepoints, not grapheme clusters. Instead of taking this string-based approach, we should try harder to use Core Text functions which operate on ordered collections of characters, rather than strings. In particular, CTFontGetGlyphsForCharacters() and CTFontGetVerticalGlyphsForCharacters() have the behavior we want where any unmapped characters end up with a 0 value glyph. Previously, we were only using the result of those functions if they were successfully able to map their entire input. However, given the fact that we can degrade gracefully in the case of a partial mapping, we shouldn't need to bail completely to the string-based approach should a partial mapping occur. At some point we should delete the string-based approach entirely. However, this path is still explicitly used for composite fonts. Fixing that use case is out of scope for this patch. Test: fast/text/arabic-glyph-cache-fill-combine.html * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::GlyphPage::fill): 2016-01-19 Matthew Hanson Merge r187693. rdar://problem/24208161 2015-07-31 Myles C. Maxfield [Cocoa] Latin quotes are used with the system font on Chinese devices https://bugs.webkit.org/show_bug.cgi?id=147504 Reviewed by Dean Jackson. The system font has some fancy logic regarding character selection which requires using Core Text for glyph selection. No new tests because tests can't change the system language of the device. * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::shouldUseCoreText): 2016-01-13 Matthew Hanson Merge r194950. rdar://problem/23270886 2016-01-08 Andy Estes [Content Filtering] Lazily load platform frameworks https://bugs.webkit.org/show_bug.cgi?id=152881 rdar://problem/23270886 Reviewed by Brady Eidson. On Cocoa platforms, ContentFilter soft-links two frameworks that perform the underlying filtering operations. There is a one-time cost associated with the soft-linking, and the current design requires all clients to pay this cost whether or not they ever load a resource that is subject to filtering. Addressed this by deferring the loading of frameworks until it is known that a resource will require filtering. It is rather simple to defer the soft-linking at the PlatformContentFilter level, but doing this alone would mean that every CachedRawResourceClient callback would be routed through ContentFilter, even in the very common case where both platform content filters are disabled. This is because checking if a platform content filter is enabled involves loading its framework, so creating a ContentFilter (which DocumentLoader will add as the CachedRawResource client in place of itself) cannot be avoided by checking that all its platform content filters are disabled. Resolved this by inverting the relationship between ContentFilter and DocumentLoader. Instead of ContentFilter being the CachedRawResource's client and forwarding callbacks to DocumentLoader when one or more platform filters are enabled, DocumentLoader is now always the client and it forwards callbacks to ContentFilter. ContentFilter then returns a boolean value indicating whether or not DocumentLoader should proceed with each callback. New API test: ContentFiltering.LazilyLoadPlatformFrameworks * loader/ContentFilter.cpp: (WebCore::ContentFilter::create): Renamed from createIfEnabled(). Since the enabled check causes frameworks to be loaded, the check is skipped here and all types are always created. (WebCore::ContentFilter::continueAfterWillSendRequest): Renamed from willSendRequest(). Renamed requestCopy to originalRequest, and only created it for logging purposes. Since the copy was only used for logging purposes, request is now modified directly. Returned false if request is null. (WebCore::ContentFilter::continueAfterResponseReceived): Renamed from responseReceived(). Stopped asserting that resource is non-null, since it will be null in the case of substitute data loads. Stopped asserting that m_state is not Initialized, since that state was removed and the function can now be called in all states. Only logged if m_state is Filtering. Returned false if m_state is Blocked. (WebCore::ContentFilter::continueAfterDataReceived): Renamed from dataReceived(). Stopped asserting that resource is non-null and that m_state is Initialized, and moved the logging, for the same reasons as above. Returned false if m_state is Filtering or Blocked. (WebCore::ContentFilter::continueAfterNotifyFinished): Renamed from notifyFinished(). Stopped asserting that resource is non-null and that m_state is not Initialized, and moved the logging, for the same reasons as above. If m_state is not Blocked at this point, set m_state to Allowed in order for deliverResourceData() to not get caught in continueAfterDataReceived(). Returned false if m_state is Blocked or Stopped after delivering data. (WebCore::ContentFilter::createIfEnabled): Renamed to create(). (WebCore::ContentFilter::~ContentFilter): Stopped removing ourself as m_mainResource's client. (WebCore::ContentFilter::willSendRequest): Renamed to continueAfterWillSendRequest(). (WebCore::ContentFilter::startFilteringMainResource): Stopped adding ourself as m_mainResource's client. Stopped asserting that m_state is not Initialized and instead returned early if m_state is not Stopped. (WebCore::ContentFilter::stopFilteringMainResource): Stopped removing ourself as m_mainResource's client. (WebCore::ContentFilter::responseReceived): Renamed to continueAfterResponseReceived(). (WebCore::ContentFilter::dataReceived): Renamed to continueAfterDataReceived(). (WebCore::ContentFilter::redirectReceived): Removed. DocumentLoader now calls continueAfterWillSendRequest() directly on redirects. (WebCore::ContentFilter::notifyFinished): Renamed to continueAfterNotifyFinished(). (WebCore::ContentFilter::didDecide): Instead of calling DocumentLoader::contentFilterDidDecide(), called DocumentLoader::contentFilterDidBlock() when m_state is Blocked. (WebCore::ContentFilter::deliverResourceData): Asserted that m_state is Allowed. * loader/ContentFilter.h: Stopped inheriting from CachedRawResourceClient. Redeclared the CachedRawResourceClient virtual functions as the continue* functions mentioned above. Made State enum private and removed Initialized. Initialized m_state to Stopped and removed its getter. (WebCore::ContentFilter::type): Returned a ContentFilter::Type that does not include an enabled function. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::notifyFinished): Returned early if ContentFilter::continueAfterNotifyFinished() returned false. (WebCore::DocumentLoader::willSendRequest): Called ContentFilter::continueAfterWillSendRequest() even for redirects, since ContentFilter is no longer a CachedRawResourceClient and so will no longer receive redirectReceived(). Returned early if continueAfterWillSendRequest() returns false. (WebCore::DocumentLoader::responseReceived): Returned early if ContentFilter::continueAfterResponseReceived() returned false. (WebCore::DocumentLoader::dataReceived): Ditto for ContentFilter::continueAfterDataReceived(). (WebCore::DocumentLoader::startLoadingMainResource): Called ContentFilter::create(), not createIfEnabled(). (WebCore::DocumentLoader::becomeMainResourceClient): Called ContentFilter::startFilteringMainResource() even if m_state is not Initialized. Added ourself as a client of m_mainResource unconditionally. (WebCore::DocumentLoader::contentFilterDidBlock): Renamed from contentFilterDidDecide. Removed assertions and the early return when m_state is Allowed, since the state is guaranteed to be Blocked. (WebCore::DocumentLoader::contentFilterDidDecide): Renamed to contentFilterDidBlock. * platform/cocoa/NetworkExtensionContentFilter.h: Moved definition of HAVE_NETWORK_EXTENSION to Platform.h so that this file doesn't need to become a Private header. Made enabled() private, and declared initialize(). * platform/cocoa/NetworkExtensionContentFilter.mm: (WebCore::NetworkExtensionContentFilter::initialize): Added a function to lazily initialize the object. (WebCore::NetworkExtensionContentFilter::willSendRequest): For the modern NEFilterSource, checked if it is enabled only after checking if the request is HTTP(S). If both checks pass, then called initialize(). (WebCore::NetworkExtensionContentFilter::responseReceived): Ditto for the legacy NEFilterSource. * platform/cocoa/ParentalControlsContentFilter.h: Made enabled() private. * platform/cocoa/ParentalControlsContentFilter.mm: (WebCore::ParentalControlsContentFilter::responseReceived): Checked if WebFilterEvaluator is enabled only after checking if the response is from a protocol that can be handled. * testing/MockContentFilter.cpp: (WebCore::MockContentFilter::willSendRequest): Immediately set m_status to Status::Allowed if !enabled(). * testing/MockContentFilter.h: Made enabled() private. 2016-01-13 Matthew Hanson Merge r194927. rdar://problem/24101173 2016-01-12 Daniel Bates XSS Auditor should navigate to empty substitute data on full page block https://bugs.webkit.org/show_bug.cgi?id=152868 Reviewed by David Kilzer and Andy Estes. Derived from Blink patch (by Tom Sepez ): Test: http/tests/security/xssAuditor/block-does-not-leak-that-page-was-blocked-using-empty-data-url.html * html/parser/XSSAuditorDelegate.cpp: (WebCore::XSSAuditorDelegate::didBlockScript): Modified to call NavigationScheduler::schedulePageBlock(). * loader/NavigationScheduler.cpp: (WebCore::ScheduledPageBlock::ScheduledPageBlock): Added. (WebCore::NavigationScheduler::schedulePageBlock): Navigate to empty substitute data with the same URL as the originating document. * loader/NavigationScheduler.h: 2016-01-13 Matthew Hanson Merge r194898. rdar://problem/24154420 2016-01-12 Antti Koivisto Don't reuse memory cache entries with different charset https://bugs.webkit.org/show_bug.cgi?id=110031 rdar://problem/13666418 Reviewed by Andreas Kling. Test: fast/loader/cache-encoding.html * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::requestResource): (WebCore::logResourceRevalidationDecision): (WebCore::CachedResourceLoader::determineRevalidationPolicy): Pass full CachedResourceRequest to the function. If charset differs don't reuse the cache entry. * loader/cache/CachedResourceLoader.h: 2016-01-13 Matthew Hanson Merge r194865. rdar://problem/24154421 2016-01-11 Dave Hyatt Picture element needs to work with the preload scanner and select the correct source element instead of loading the image. https://bugs.webkit.org/show_bug.cgi?id=152983 Reviewed by Dean Jackson. Added new tests in http/tests/loading. * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::tagIdFor): (WebCore::TokenPreloadScanner::initiatorFor): (WebCore::TokenPreloadScanner::StartTagScanner::StartTagScanner): (WebCore::TokenPreloadScanner::StartTagScanner::processAttributes): (WebCore::TokenPreloadScanner::StartTagScanner::processImageAndScriptAttribute): (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): (WebCore::TokenPreloadScanner::StartTagScanner::resourceType): (WebCore::TokenPreloadScanner::scan): * html/parser/HTMLPreloadScanner.h: (WebCore::TokenPreloadScanner::setPredictedBaseElementURL): (WebCore::TokenPreloadScanner::inPicture): 2016-01-13 Matthew Hanson Merge r191180. rdar://problem/24154421 2015-10-16 Chris Dumez HTMLPreloadScanner should preload iframes https://bugs.webkit.org/show_bug.cgi?id=150097 Reviewed by Antti Koivisto. HTMLPreloadScanner should preload iframes to decrease page load time. Tests: - fast/preloader/frame-src.html - http/tests/loading/preload-no-store-frame-src.html * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::tagIdFor): (WebCore::TokenPreloadScanner::initiatorFor): (WebCore::TokenPreloadScanner::StartTagScanner::createPreloadRequest): (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): (WebCore::TokenPreloadScanner::StartTagScanner::resourceType): (WebCore::TokenPreloadScanner::StartTagScanner::setUrlToLoad): Deleted. (WebCore::TokenPreloadScanner::StartTagScanner::charset): Deleted. * html/parser/HTMLPreloadScanner.h: 2016-01-13 Matthew Hanson Merge r190641. rdar://problem/24154421 2015-10-06 Chris Dumez Refactor TokenPreloadScanner::StartTagScanner::processAttribute() https://bugs.webkit.org/show_bug.cgi?id=149847 Reviewed by Antti Koivisto. Refactor TokenPreloadScanner::StartTagScanner::processAttribute() to only process attributes that make sense given the current tagId. In particular, - We only process the charset parameter if the tag is a link or a script. - We only process the sizes / srcset attributes if the tag is an img. * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): (WebCore::TokenPreloadScanner::StartTagScanner::setUrlToLoad): Deleted. 2016-01-11 Matthew Hanson Merge r194751. rdar://problem/24042915 2016-01-07 Brent Fulgham Correct missing EXT_sRGB Format Handling https://bugs.webkit.org/show_bug.cgi?id=152876 Reviewed by Alex Christensen. Tested by WebGL 1.0.4 suite. * platform/graphics/GraphicsContext3D.cpp: (getDataFormat): Handle missing SRGB and SRGB_ALPHA cases. * platform/graphics/GraphicsContext3D.h: Add missing SRGB_ALPHA value from the Khronos standard. * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp: (WebCore::GraphicsContext3D::texImage2D): Add an assertion that we are not being handed an internal format to a method that works with normal formats. 2016-01-11 Matthew Hanson Merge r194750. rdar://problem/24074335 2016-01-07 Simon Fraser Use an appropriate buffer format for swipe snapshots https://bugs.webkit.org/show_bug.cgi?id=152880 rdar://problem/23728299 Reviewed by Tim Horton. Choose an appropriate buffer format for swipe snapshots, and avoid converting them to YUV422. * platform/graphics/cocoa/IOSurface.h: * platform/graphics/cocoa/IOSurface.mm: (IOSurface::allowConversionFromFormatToFormat): 2016-01-11 Matthew Hanson Merge r194667. rdar://problem/24074334 2016-01-06 Simon Fraser [iOS] Revert overflow:hidden on the body affecting viewport scale (r186786) https://bugs.webkit.org/show_bug.cgi?id=152803 rdar://problem/22242515 Reviewed by Tim Horton. You can't assume that if an author uses overflow:hidden on the body, they have no content outside the body that is important. Sites like Google Translate put abspos elements outside the body. So revert the change. * page/FrameView.cpp: (WebCore::FrameView::contentsSizeRespectingOverflow): Deleted. * page/FrameView.h: 2016-01-11 Matthew Hanson Merge r194666. rdar://problem/24101185 2016-01-06 Brent Fulgham Port blocking bypass issue using 307 redirect https://bugs.webkit.org/show_bug.cgi?id=152801 Reviewed by Anders Carlsson. Tested by http/tests/security/blocked-on-redirect.html. Make sure that 307 redirects check the requested URL via 'portAllowed'. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): Confirm that the requested port is valid, and block load if it is not. * loader/FrameLoader.cpp: (WebCore::FrameLoader::reportBlockedPortFailed): Added. (WebCore::FrameLoader::blockedError): Added. * loader/FrameLoader.h: 2016-01-11 Matthew Hanson Merge r194038. rdar://problem/24101170 2015-12-14 Daniel Bates [iOS] DOM click event may not be dispatched when page has :active style and https://bugs.webkit.org/show_bug.cgi?id=144451 Reviewed by Simon Fraser. Fixes an issue where a DOM click event is not dispatched to an element in a subframe on a page that has a and defines a CSS :active pseudo-class for the HTML body element. On iOS we only dispatch a DOM click event if the content of the page does not change as part of dispatching a DOM mousemove event at the tapped element as a means of providing a good user experience on web pages that reveal or hide content based on mouse hover. Currently we consider the content of the page to have changed if the visibility of any element on the page changes. In particular we consider the content of the page to have changed if the visibility of a user agent shadow DOM element changes (e.g. the search field cancel button). Instead we should only consider visibility changes to the actual web page content and ignore visibility changes to user agent shadow DOM elements. Tests: fast/events/can-click-element-on-page-with-active-pseudo-class-and-search-field.html fast/forms/search/search-cancel-button-visible-when-input-becomes-disabled.html fast/forms/search/search-cancel-button-visible-when-input-becomes-readonly.html fast/forms/search/search-cancel-in-formerly-invisible-element.html fast/forms/search/search-cancel-toggle-visibility-initially-hidden.html fast/forms/search/search-cancel-toggle-visibility-initially-visible.html * style/StyleResolveTree.cpp: (WebCore::Style::CheckForVisibilityChangeOnRecalcStyle::~CheckForVisibilityChangeOnRecalcStyle): Ignore visibility changes to user agent shadow DOM elements. 2016-01-11 Matthew Hanson Merge r192186. rdar://problem/24101174 2015-11-09 Joseph Pecoraro Web Inspector: $0 stops working after navigating to a different domain https://bugs.webkit.org/show_bug.cgi?id=147962 Reviewed by Brian Burg. Test: http/tests/inspector/console/cross-domain-inspected-node-access.html The inspector backend injects the CommandLineAPI Source with a corresponding CommandLineAPIHost into each execution context created by the page (main frame, sub frames, etc). When creating the JSValue wrapper for the CommandLineAPIHost using the generated toJS(...) DOM bindings, we were using the cached CommandLineAPIHost wrapper values in the single DOMWrapperWorld shared across all frames. This meant that the first time the wrapper was needed it was created in context A. But when needed for context B it was using the wrapper created in context A. Using this wrapper in context B was producing unexpected cross-origin warnings. The solution taken here, is to create a new JSValue wrapper for the CommandLineAPIHost per execution context. This way each time the CommandLineAPIHost wrapper is used in a frame, it is using the one created for that frame. The C++ host object being wrapped has a lifetime equivalent to the Page. It does not change in this patch. The wrapper values are cleared on page navigation or when the page is closed, and will be garbage collected. * WebCore.vcxproj/WebCore.vcxproj: * WebCore.vcxproj/WebCore.vcxproj.filters: * ForwardingHeaders/inspector/PerGlobalObjectWrapperWorld.h: Added. New forwarding header. * inspector/CommandLineAPIHost.h: * inspector/CommandLineAPIHost.cpp: (WebCore::CommandLineAPIHost::CommandLineAPIHost): (WebCore::CommandLineAPIHost::wrapper): Cached JSValue wrappers per GlobalObject. (WebCore::CommandLineAPIHost::clearAllWrappers): Clear any wrappers we have, including the $0 value itself which we weren't explicitly clearing previously. * inspector/CommandLineAPIModule.cpp: (WebCore::CommandLineAPIModule::host): Simplify creating the wrapper. * inspector/WebInjectedScriptManager.h: * inspector/WebInjectedScriptManager.cpp: (WebCore::WebInjectedScriptManager::discardInjectedScripts): When the main frame window object clears, also clear the CommandLineAPI wrappers we may have created. Also take this opportunity to clear any $0 value that may have pointed to a value in the previous page. 2016-01-08 Timothy Hatcher REGRESSION (193350): CrashTracer: [USER] com.apple.WebKit.WebContent at …: Inspector::CSSFrontendDispatcher::styleSheetRemoved + 768 Reviewed by Joseph Pecoraro. * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::setActiveStyleSheetsForDocument): Add null check before using m_frontendDispatcher. 2016-01-06 Matthew Hanson Merge r194485. rdar://problem/23978916 2015-12-22 Brent Fulgham [WebGL] Blacklisted OpenGL contexts are not safe to use https://bugs.webkit.org/show_bug.cgi?id=152513 Reviewed by Zalan Bujtas. When the GPU has blacklisted an OpenGL context, it is not safe to use -- even to attempt to release GL resources. Instead, our only correct behavior is to terminate the WebProcess. * platform/graphics/mac/GraphicsContext3DMac.mm: (WebCore::GraphicsContext3D::checkGPUStatusIfNecessary): If the context was lost because the GPU blacklisted it, terminate the process. 2016-01-06 Matthew Hanson Merge r194662. rdar://problem/24043055 2016-01-05 Matthew Hanson Merge for rdar://problem/24043055. * dom/EventDispatcher.cpp: (WebCore::EventPath::EventPath): Set the isMouseOrFocusEvent boolean flag to True if the event is a wheelEvent. 2015-12-21 Babak Shafiei Merge r194114. 2015-12-15 Myles C. Maxfield [Font Features] TrueType fonts trigger real features even when synthesis is applied https://bugs.webkit.org/show_bug.cgi?id=152287 Reviewed by Darin Adler. When using a font feature that is synthesizable, and synthesis is triggered, we should make sure to turn off the original font feature. Otherwise, the feature will be applied twice on top of itself. This worked for OpenType fonts, but not for TrueType fonts. Tests: css3/font-variant-petite-caps-synthesis.html css3/font-variant-small-caps-synthesis.html css3/font-variant-petite-caps-synthesis-coverage.html css3/font-variant-small-caps-synthesis-coverage.html * platform/graphics/cocoa/FontCocoa.mm: (WebCore::defaultSelectorForTrueTypeFeature): (WebCore::removedFeature): (WebCore::createCTFontWithoutSynthesizableFeatures): 2015-12-21 Babak Shafiei Merge r188802. 2015-08-21 Myles C. Maxfield [OS X] Remove dead code from FontCache::systemFallbackForCharacters() https://bugs.webkit.org/show_bug.cgi?id=148218 Reviewed by Daniel Bates. lookupCTFont() in FontCacheMac.mm will always return the best font (because CTFontCreateForCharactersWithLanguage() does so). Also, all fonts that will be created on WebKit's behalf are already printer fonts. No new tests because there is no behavior change. * platform/graphics/mac/FontCacheMac.mm: (WebCore::FontCache::systemFallbackForCharacters): Deleted. 2015-12-18 Matthew Hanson Merge r194206. rdar://problem/23824469 2015-12-16 Simon Fraser ViewportConfiguration functions should return a bool to say if anything changed https://bugs.webkit.org/show_bug.cgi?id=152353 Reviewed by Tim Horton. Rather than callers all checking whether setting ViewportConfiguration values changes state, have its functions return a bool if the values change. * page/ViewportConfiguration.cpp: (WebCore::ViewportConfiguration::setContentsSize): (WebCore::ViewportConfiguration::setMinimumLayoutSize): (WebCore::ViewportConfiguration::setViewportArguments): (WebCore::ViewportConfiguration::setCanIgnoreScalingConstraints): * page/ViewportConfiguration.h: (WebCore::ViewportConfiguration::setCanIgnoreScalingConstraints): Deleted. 2015-12-18 Babak Shafiei Merge r192582. 2015-11-18 Chris Dumez Null dereference in Performance::Performance(WebCore::Frame*) https://bugs.webkit.org/show_bug.cgi?id=151390 Reviewed by Brady Eidson. Based on the stack trace, it appears the DocumentLoader can be null when constructing the Performance object. This patch thus adds a null check before trying to dereference it. No new tests, was not able to reproduce. * page/DOMWindow.cpp: (WebCore::DOMWindow::navigator): (WebCore::DOMWindow::performance): * page/Performance.cpp: (WebCore::Performance::Performance): (WebCore::Performance::scriptExecutionContext): * page/Performance.h: 2015-12-17 Matthew Hanson Merge r191076. rdar://problem/23941411 2015-10-14 Andy Estes [iOS] QuickLook documents loaded over https do not load their subresources https://bugs.webkit.org/show_bug.cgi?id=150145 Reviewed by Alexey Proskuryakov. When QuickLook generates an HTML preview of a document, subresources are referenced using the x-apple-ql-id scheme, for which QuickLook installs an NSURLProtocol. If a document is loaded over https, then this scheme needs to be considered secure in order to avoid mixed content errors. Test: http/tests/quicklook/secure-document-with-subresources.html * platform/SchemeRegistry.cpp: (WebCore::secureSchemes): Registered QLPreviewProtocol() as a secure scheme. 2015-12-17 Matthew Hanson Merge r193932. rdar://problem/23903295 2015-12-10 Myles C. Maxfield [Font Features] r193894 introduces leaks https://bugs.webkit.org/show_bug.cgi?id=152154 Reviewed by Joe Pecoraro. * platform/graphics/cocoa/FontCocoa.mm: (WebCore::smallCapsTrueTypeDictionary): (WebCore::createCTFontWithoutSynthesizableFeatures): 2015-12-17 Matthew Hanson Merge r193894. rdar://problem/23769696 2015-12-10 Myles C. Maxfield font-variant-caps does not work if the font does not support font features https://bugs.webkit.org/show_bug.cgi?id=149774 Reviewed by Antti Koivisto. This test implements synthesis for small-caps and all-small-caps. It does so by moving font variant selection into a higher level (ComplexTextController). In general, the approach is to use the pure font feature until we encounter a character which needs to be uppercased, and which the font feature does not support uppercasing. In this situation, we try again with synthesis. In this case, synthesis means artificially uppercasing letters and rendering them with a smaller font. We require system support to know which glyphs a particular font feature supports. Therefore, on operating systems which do not include this support, we will simply say that the font feature does not support any glyphs. Test: css3/font-variant-small-caps-synthesis.html css3/font-variant-petite-caps-synthesis.html * platform/graphics/Font.cpp: (WebCore::Font::noSmallCapsFont): Return the same font, but without smcp or c2sc. This function utilizes a cache. * platform/graphics/Font.h: (WebCore::Font::variantFont): Small caps should never go through this function anymore. * platform/graphics/FontCascade.h: Because we're moving variant selection into a higher level, we remove the FontVariant argument from the lower-level call. * platform/graphics/FontCascadeFonts.cpp: (WebCore::FontCascadeFonts::glyphDataForVariant): Use early-return style. (WebCore::FontCascadeFonts::glyphDataForNormalVariant): Ditto. * platform/graphics/cocoa/FontCascadeCocoa.mm: (WebCore::FontCascade::fontForCombiningCharacterSequence): Because we're moving variant selection into a higher level, we remove the FontVariant argument from the lower-level call. * platform/graphics/cocoa/FontCocoa.mm: (WebCore::Font::smallCapsSupportsCharacter): (WebCore::Font::allSmallCapsSupportsCharacter): (WebCore::smallCapsOpenTypeDictionary): Helper function for smallCapsSupportsCharacter(). (WebCore::smallCapsTrueTypeDictionary): Ditto. (WebCore::unionBitVectors): (WebCore::Font::glyphsSupportedBySmallCaps): Compute a bit vector of supported glyphs. (WebCore::Font::glyphsSupportedByAllSmallCaps): Ditto. (WebCore::createDerivativeFont): Moving common code into its own helper function. (WebCore::Font::createFontWithoutSmallCaps): (WebCore::Font::platformCreateScaledFont): Use the common code. * platform/graphics/mac/ComplexTextController.cpp: (WebCore::capitalized): What is the capitalized form of a character? (WebCore::ComplexTextController::collectComplexTextRuns): Implement the core logic of this patch. This includes the retry when we encounter a character which is not supported by the font feature. * platform/spi/cocoa/CoreTextSPI.h: 2015-12-17 Babak Shafiei Merge r194209. 2015-12-16 Andy Estes [iOS] Block loading external stylesheets in the Content-Disposition: attachment sandbox https://bugs.webkit.org/show_bug.cgi?id=152375 Reviewed by Darin Adler. Tests: http/tests/contentdispositionattachmentsandbox/at-import-stylesheets-disabled.html http/tests/contentdispositionattachmentsandbox/external-stylesheets-disabled.html http/tests/contentdispositionattachmentsandbox/xml-stylesheet-processing-instructions-disabled.html * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::canRequest): Moved handling of CachedResource::MainResource to canRequestInContentDispositionAttachmentSandbox(). (WebCore::CachedResourceLoader::canRequestInContentDispositionAttachmentSandbox): In addition to handling CachedResource::MainResource, added handling for CachedResource::CSSStyleSheet. Added a FIXME asking whether we should handle other types of resources, too. * loader/cache/CachedResourceLoader.h: 2015-12-14 Matthew Hanson Merge r194001. rdar://problem/23814327 2015-12-11 Jiewen Tan Strip out Referer header when requesting subresources or following links for documents with "Content-Disposition: attachment" https://bugs.webkit.org/show_bug.cgi?id=152102 Reviewed by Andy Estes. Keep the ReferrerPolicy for a document as ReferrerPolicyNever if the document is loaded with "Content-Disposition: attachment". Test: http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html * dom/Document.cpp: (WebCore::Document::processReferrerPolicy): (WebCore::Document::applyContentDispositionAttachmentSandbox): 2015-12-14 Matthew Hanson Merge r193885. rdar://problem/23860425 2015-12-09 Daniel Bates [iOS] Suspend and resume device motion and device orientation updates when page is hidden and visible, respectively https://bugs.webkit.org/show_bug.cgi?id=151840 Reviewed by Simon Fraser. * dom/Document.cpp: (WebCore::Document::suspendDeviceMotionAndOrientationUpdates): Added. (WebCore::Document::resumeDeviceMotionAndOrientationUpdates): Added. (WebCore::Document::platformSuspendOrStopActiveDOMObjects): Moved logic to suspend device motion and orientation updates from here to Document::suspendDeviceMotionAndOrientationUpdates(). (WebCore::Document::suspendActiveDOMObjects): Modified to call Document::suspendDeviceMotionAndOrientationUpdates(). (WebCore::Document::resumeActiveDOMObjects): Modified to call Document::resumeDeviceMotionAndOrientationUpdates(). * dom/Document.h: * page/Page.cpp: (WebCore::Page::setIsVisibleInternal): Suspend device motion and orientation updates when the page is hidden and resume updates when the page is visible. (WebCore::Page::suspendDeviceMotionAndOrientationUpdates): Added. (WebCore::Page::resumeDeviceMotionAndOrientationUpdates): Added. * page/Page.h: 2015-12-10 Matthew Hanson Merge r193876. rdar://problem/23305376 2015-12-09 Simon Fraser Adjust layer backing store format https://bugs.webkit.org/show_bug.cgi?id=152097 rdar://problem/23305376 Reviewed by Tim Horton. Call setBackingStoreFormat() on UIWebView tile grid layers, and on compositing layers which can allocate backing store. * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm: (WebCore::setBackingStoreFormat): (PlatformCALayerCocoa::commonInit): * platform/ios/LegacyTileGridTile.mm: (WebCore::setBackingStoreFormat): (WebCore::LegacyTileGridTile::LegacyTileGridTile): 2015-12-09 Matthew Hanson Merge r192712. rdar://problem/23814340 2015-11-20 Simon Fraser More deviceRGB color cleanup https://bugs.webkit.org/show_bug.cgi?id=151523 Reviewed by Tim Horton. Replace calls to deviceRGBColorSpaceRef() with sRGBColorSpaceRef(), and use sRGBColorSpaceRef() in a few places that were manually creating the colorspace. Also use cachedCGColor() in a more places that were manually constructing CGColorRefs from Colors. * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::createImageForTimeInRect): (WebCore::createImageFromPixelBuffer): * platform/graphics/ca/cocoa/PlatformCAFiltersCocoa.mm: * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm: (PlatformCALayerCocoa::setBackgroundColor): (PlatformCALayerCocoa::setBorderColor): * platform/graphics/ca/cocoa/WebSystemBackdropLayer.mm: (-[WebLightSystemBackdropLayer init]): (-[WebDarkSystemBackdropLayer init]): * platform/graphics/cg/GradientCG.cpp: (WebCore::Gradient::platformGradient): * platform/graphics/cg/GraphicsContext3DCG.cpp: (WebCore::GraphicsContext3D::ImageExtractor::extractImage): (WebCore::GraphicsContext3D::paintToCanvas): * platform/graphics/cg/ImageBufferCG.cpp: (WebCore::ImageBuffer::copyImage): (WebCore::ImageBuffer::toDataURL): (WebCore::ImageDataToDataURL): * platform/graphics/mac/GraphicsContextMac.mm: (WebCore::linearRGBColorSpaceRef): * platform/graphics/mac/WebGLLayer.mm: (-[WebGLLayer copyImageSnapshotWithColorSpace:]): * platform/mediastream/mac/AVVideoCaptureSource.mm: (WebCore::AVVideoCaptureSource::currentFrameCGImage): * rendering/RenderThemeIOS.mm: (WebCore::drawRadialGradient): * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::paintMenuListButtonGradients): (WebCore::RenderThemeMac::paintSliderTrack): 2015-12-11 Matthew Hanson Merge r193859. rdar://problem/23814345 2015-12-09 David Hyatt Picture element needs to respond to dynamic viewport changes. https://bugs.webkit.org/show_bug.cgi?id=152013 Reviewed by Dean Jackson. Added new tests in fast/picture. * css/MediaQueryEvaluator.cpp: (WebCore::MediaQueryEvaluator::evalCheckingViewportDependentResults): Add new evaluation method that adds viewport dependent results to a vector. A follow-up patch will refactor the style resolver code to use this function instead of the special style resolver one, in order to get rid of the code duplication. Tracked by https://bugs.webkit.org/show_bug.cgi?id=152089. * css/MediaQueryEvaluator.h: (WebCore::MediaQueryResult::MediaQueryResult): * css/StyleResolver.h: (WebCore::MediaQueryResult::MediaQueryResult): Deleted. Move MediaQueryResult into a header since it is used in multiple places now and not just by the style resolver. * dom/Document.cpp: (WebCore::Document::evaluateMediaQueryList): (WebCore::Document::checkViewportDependentPictures): (WebCore::Document::optimizedStyleSheetUpdateTimerFired): (WebCore::Document::applyContentDispositionAttachmentSandbox): (WebCore::Document::addViewportDependentPicture): (WebCore::Document::removeViewportDependentPicture): * dom/Document.h: The document now maintains a HashSet of viewport-dependent pictures, and it checks them whenever the viewport changes. If their media queries stay the same, then nothing happens. If they change, then the will go back and re-check all its elements to see what the new best candidate is. * html/HTMLImageElement.cpp: (WebCore::HTMLImageElement::bestFitSourceFromPictureElement): Revised to check for viewport dependencies and to cache viewport-dependent results on the elements. When a is found to be viewport-dependent (or not) it is also added to or removed from the document's set of tracked pictures. * html/HTMLPictureElement.cpp: (WebCore::HTMLPictureElement::HTMLPictureElement): (WebCore::HTMLPictureElement::~HTMLPictureElement): (WebCore::HTMLPictureElement::didMoveToNewDocument): (WebCore::HTMLPictureElement::create): (WebCore::HTMLPictureElement::sourcesChanged): (WebCore::HTMLPictureElement::viewportChangeAffectedPicture): * html/HTMLPictureElement.h: New caching of results and updating of the document HashSet when the picture gets destroyed or moves to a different document. * html/HTMLSourceElement.cpp: (WebCore::HTMLSourceElement::parseAttribute): * html/HTMLSourceElement.h: Cache the media attribute in a parsed form. A follow-up patch will improve the