2015-09-25 Brent Fulgham Merge r190235. rdar://problem/22852382 2015-09-24 Brent Fulgham [Win] Support composited content in WebView render-to-context methods https://bugs.webkit.org/show_bug.cgi?id=149516 Reviewed by Simon Fraser. Extend the CACFLayerTreeHost implementation to render into a passed device context when requested. When no context is provided (the default case) paint as normal. Will be tested by existing compositing tests in a future bug. DumpRenderTree has to be extended to do this painting properly. * platform/graphics/ca/win/CACFLayerTreeHost.cpp: (WebCore::CACFLayerTreeHost::paint): Accept an optional HDC argument, and pass it to the render method. * platform/graphics/ca/win/CACFLayerTreeHost.h: * platform/graphics/ca/win/LegacyCACFLayerTreeHost.cpp: Add missing SOFT_LINK command for the WKCACFViewDrawIntoDC. (WebCore::LegacyCACFLayerTreeHost::paint): Accept optional HDC argument and pass it to the parent class. (WebCore::LegacyCACFLayerTreeHost::render): Accept new optional HDC argument. If provided, call WKCACFViewDrawIntoDC. Otherwise, call WKCACFVIewDraw. * platform/graphics/ca/win/LegacyCACFLayerTreeHost.h: * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp: Add missing SOFT_LINK command for the WKCACFViewDrawIntoDC. (WebCore::WKCACFViewLayerTreeHost::paint): Accept optional HDC argument and pass it to the parent class. (WebCore::WKCACFViewLayerTreeHost::render): Accept new optional HDC argument. If provided, call WKCACFViewDrawIntoDC. Otherwise, call WKCACFVIewDraw. * platform/graphics/ca/win/WKCACFViewLayerTreeHost.h: 2015-09-22 Matthew Hanson Merge r189200. rdar://problem/22803080 2015-08-31 Brent Fulgham [Win] WebKit cannot load pages based on "file://" URLs https://bugs.webkit.org/show_bug.cgi?id=148596 Reviewed by Dean Jackson. * platform/URL.cpp: (WebCore::URL::URL): Work around bug that causes this assertion to fire on the Apple Windows build. * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp: (WebCore::adjustMIMETypeIfNecessary): Added. If the URL is for a local file, determine the MIME type based on extension. Otherwise use the default MIME type. (WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveResponse): If the CFURLResponse has no MIME type, call 'adjustMIMETypeIfNecessary'. 2015-09-16 Babak Shafiei Merge r189821. 2015-09-15 Brent Fulgham [Win] Tiled drawing is rendering more times than it should https://bugs.webkit.org/show_bug.cgi?id=149144 Reviewed by Simon Fraser. Provide a more faithful implemenation of the Objective C tiled drawing logic. (1) Create a new WebTiledBackingLayerWin class that represents a the container of tiles. This matches the Objective C design. (2) Move implementation of several methods (e.g., isOpaque) to the internal class implementation so that the Tile Drawing logic can perform special handling in these cases. (3) Remove the duplicated Tiled Drawing logic from PlatformCALayerWinInternal, since it was just duplicating code in TileController and TileGrid. (4) Clean up the display callback code to avoid performing incorrect flipping of the coordinate system. * PlatformAppleWin.cmake: Add new WebTiledBackingLayerWin file. * WebCore.vcxproj/WebCore.vcxproj: Add the new WebTiledBackingLayerWin files. * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto. * platform/graphics/ca/PlatformCALayer.cpp: (PlatformCALayer::flipContext): Added convenience method. (PlatformCALayer::drawRepaintIndicator): Ditto. * platform/graphics/ca/TileGrid.cpp: (TileGrid::platformCALayerPaintContents): Flip the context before drawing the repaint indicator on Windows. * platform/graphics/ca/win/PlatformCALayerWin.cpp: (PlatformCALayerWin::PlatformCALayerWin): Create a WebTiledBackingLayerWin object if using tiled drawing. (PlatformCALayerWin::~PlatformCALayerWin): (PlatformCALayerWin::isOpaque): Move implementation to internal class. (PlatformCALayerWin::setOpaque): Ditto. (PlatformCALayerWin::setBorderWidth): Ditto. (PlatformCALayerWin::setBorderColor): Ditto. (PlatformCALayerWin::contentsScale): Ditto. (PlatformCALayerWin::setContentsScale): Ditto. (PlatformCALayerWin::cornerRadius): Ditto. (PlatformCALayerWin::tiledBacking): Ditto. (PlatformCALayerWin::drawTextAtPoint): New helper method to draw repaint counter text. Needed to work around bug in CG. * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp: (PlatformCALayerWinInternal::PlatformCALayerWinInternal): Remove tiling-logic related member variables. (PlatformCALayerWinInternal::~PlatformCALayerWinInternal): (shouldInvertBeforeDrawingContent): Added convenience method. (shouldInvertBeforeDrawingRepaintCounters): Ditto. (PlatformCALayerWinInternal::displayCallback): (PlatformCALayerWinInternal::drawRepaintCounters): Helper method to share code between the two layer classes. (PlatformCALayerWinInternal::internalSetNeedsDisplay): use nullptr. (PlatformCALayerWinInternal::setNeedsDisplay): Ditto. (PlatformCALayerWinInternal::setNeedsDisplayInRect): Move tiled code to WebTiledBackingLayerWin and simplify the remaing code. (PlatformCALayerWinInternal::setSublayers): Remove tile code. (PlatformCALayerWinInternal::getSublayers): Ditto. (PlatformCALayerWinInternal::removeAllSublayers): Ditto. (PlatformCALayerWinInternal::insertSublayer): Ditto. (PlatformCALayerWinInternal::sublayerCount): Ditto. (PlatformCALayerWinInternal::indexOfSublayer): Ditto. (PlatformCALayerWinInternal::sublayerAtIndex): Ditto. (PlatformCALayerWinInternal::setBounds): Ditto. (PlatformCALayerWinInternal::setFrame): Ditto. (PlatformCALayerWinInternal::isOpaque): Ditto. (PlatformCALayerWinInternal::setOpaque): Ditto. (PlatformCALayerWinInternal::contentsScale): Ditto. (PlatformCALayerWinInternal::setContentsScale): Ditto. (PlatformCALayerWinInternal::setBorderWidth): Ditto. (PlatformCALayerWinInternal::setBorderColor): Ditto. (layerTypeIsTiled): Deleted. (PlatformCALayerWinInternal::constrainedSize): Deleted. (PlatformCALayerWinInternal::tileDisplayCallback): Deleted. (PlatformCALayerWinInternal::addTile): Deleted. (PlatformCALayerWinInternal::removeTile): Deleted. (PlatformCALayerWinInternal::tileAtIndex): Deleted. (PlatformCALayerWinInternal::tileCount): Deleted. (PlatformCALayerWinInternal::updateTiles): Deleted. (PlatformCALayerWinInternal::drawTile): Deleted. (PlatformCALayerWinInternal::createTileController): Deleted. (PlatformCALayerWinInternal::tiledBacking): Deleted. * platform/graphics/ca/win/PlatformCALayerWinInternal.h: (WebCore::PlatformCALayerWinInternal::owner): * platform/graphics/ca/win/WebTiledBackingLayerWin.cpp: Added. (WebTiledBackingLayerWin::WebTiledBackingLayerWin): (WebTiledBackingLayerWin::~WebTiledBackingLayerWin): (DisplayOnMainThreadContext::DisplayOnMainThreadContext): (redispatchOnMainQueue): (WebTiledBackingLayerWin::displayCallback): (WebTiledBackingLayerWin::setNeedsDisplay): (WebTiledBackingLayerWin::setNeedsDisplayInRect): (WebTiledBackingLayerWin::setBounds): (WebTiledBackingLayerWin::isOpaque): (WebTiledBackingLayerWin::setOpaque): (WebTiledBackingLayerWin::contentsScale): (WebTiledBackingLayerWin::setContentsScale): (WebTiledBackingLayerWin::setBorderWidth): (WebTiledBackingLayerWin::setBorderColor): (WebTiledBackingLayerWin::createTileController): (WebTiledBackingLayerWin::tiledBacking): (WebTiledBackingLayerWin::invalidate): * platform/graphics/ca/win/WebTiledBackingLayerWin.h: Added. 2015-09-11 Babak Shafiei Merge r189598. 2015-09-10 Chris Fleizach AX: Mavericks: Text cursor does not move along with VoiceOver cursor for text fields https://bugs.webkit.org/show_bug.cgi?id=148891 Reviewed by Alexey Proskuryakov. Asychronous focus setting DOES work on Yosemite, just not Mavericks. * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilitySetValue:forAttribute:]): (-[WebAccessibilityObjectWrapper _accessibilitySetValue:forAttribute:]): 2015-09-11 Babak Shafiei Merge r189483. 2015-09-07 Chris Fleizach AX: Mavericks: Text cursor does not move along with VoiceOver cursor for text fields https://bugs.webkit.org/show_bug.cgi?id=148891 Reviewed by Mario Sanchez Prada. Undo the asynchronous dispatch of accessibility setting values on pre El Capitan machines because it causes focus to not sync correctly. Test: accessibility/mac/focus-moves-cursor.html * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilitySetValue:forAttribute:]): (-[WebAccessibilityObjectWrapper _accessibilitySetValue:forAttribute:]): 2015-09-10 Babak Shafiei Merge r189469. 2015-09-07 Daniel Bates ASSERT_WITH_SECURITY_IMPLICATION in WebCore::DocumentOrderedMap::get(); update form association after subtree insertion https://bugs.webkit.org/show_bug.cgi?id=148919 Reviewed by Andy Estes. Currently we update the form association of a form control upon insertion into the document. Instead we should update the form association of a form control after its containing subtree is inserted into the document to avoid an assertion failure when the containing subtree has an element whose id is identical to both the id of some other element in the document and the name of the form referenced by the inserted form control. Tests: fast/forms/update-form-owner-in-moved-subtree-assertion-failure-2.html fast/forms/update-form-owner-in-moved-subtree-assertion-failure-3.html fast/forms/update-form-owner-in-moved-subtree-assertion-failure-4.html fast/forms/update-form-owner-in-moved-subtree-assertion-failure.html * html/FormAssociatedElement.cpp: (WebCore::FormAssociatedElement::insertedInto): Moved resetFormOwner() from here to {HTMLFormControlElement, HTMLObjectElement}::finishedInsertingSubtree(). * html/HTMLFormControlElement.cpp: (WebCore::HTMLFormControlElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree so that HTMLFormControlElement::finishedInsertingSubtree() is called. (WebCore::HTMLFormControlElement::finishedInsertingSubtree): Added; turn around and call FormAssociatedElement::resetFormOwner(). * html/HTMLFormControlElement.h: * html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree so that HTMLInputElement::finishedInsertingSubtree() is called and move logic to update radio button group from here... (WebCore::HTMLInputElement::finishedInsertingSubtree): to here. * html/HTMLInputElement.h: * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree so that HTMLObjectElement::finishedInsertingSubtree() is called. (WebCore::HTMLObjectElement::finishedInsertingSubtree): Added; turn around and call FormAssociatedElement::resetFormOwner(). * html/HTMLObjectElement.h: * html/HTMLSelectElement.cpp: (WebCore::HTMLSelectElement::insertedInto): Modified to return the result of HTMLFormControlElementWithState::insertedInto(), which may schedule a callback after subtree insertion. * html/HTMLTextFormControlElement.cpp: (WebCore::HTMLTextFormControlElement::insertedInto): Ditto. 2015-09-03 Babak Shafiei Merge r189167. 2015-08-31 Enrica Casucci Incorrect cursor movement for U+26F9, U+1F3CB with variations. https://bugs.webkit.org/show_bug.cgi?id=148629 rdar://problem/22492366 Reviewed by Ryosuke Niwa. Updating text break iterator rules to correctly handle those two emoji with variations. * platform/text/TextBreakIterator.cpp: (WebCore::cursorMovementIterator): 2015-09-03 Babak Shafiei Merge r189101. 2015-08-28 Brady Eidson Use new CFNetwork cookie jar SPI only on El Capitan. https://bugs.webkit.org/show_bug.cgi?id=148574 and rdar://problem/22460752 Reviewed by David Kilzer. * platform/network/mac/CookieJarMac.mm: (WebCore::setCookiesFromDOM): Use OS X version to decide which API/SPI to use. * platform/spi/cf/CFNetworkSPI.h: Forward declare the SPI 2015-09-03 Babak Shafiei Merge r188659. 2015-08-19 Brent Fulgham Scrollable area container is not properly cleared when page is going into the PageCache https://bugs.webkit.org/show_bug.cgi?id=148182 Reviewed by Dean Jackson. Must be tested manually going back and forth in history several times. * history/CachedFrame.cpp: (WebCore::CachedFrame::CachedFrame): Clear the cached ScrollableAreas from the FrameView. * page/FrameView.cpp: (WebCore::FrameView::clearScrollableAreas): Added. * page/FrameView.h: 2015-09-03 Babak Shafiei Merge r188370. 2015-08-12 Brent Fulgham Move RenderBox-specific Scroll Snap code from RenderElement to RenderBox https://bugs.webkit.org/show_bug.cgi?id=147963 Reviewed by Simon Fraser. No new tests: No change in functionality. * rendering/RenderBox.cpp: (WebCore::RenderBox::styleWillChange): Remove RenderBox-specific code. (WebCore::RenderBox::willBeRemovedFromTree): Ditto. * rendering/RenderBox.h: * rendering/RenderElement.cpp: (WebCore::RenderElement::styleWillChange): Move code from RenderElement to handle Scroll Snap Points. (WebCore::RenderElement::willBeRemovedFromTree): Added new override to handle scroll-snap point logic. 2015-09-03 Babak Shafiei Merge r188340. 2015-08-12 Brent Fulgham REGRESSION(r185606): ASSERT in WebCore::RenderElement::styleWillChange https://bugs.webkit.org/show_bug.cgi?id=147596 Reviewed by Jon Honeycutt. Only add (or remove) a RenderElement from the container of RenderBoxes with scroll snap coordinates if the element actually is a RenderBox. Tested by css3/scroll-snap/improper-snap-points-crash.html. * rendering/RenderElement.cpp: (WebCore::RenderElement::styleWillChange): (WebCore::RenderElement::willBeRemovedFromTree): 2015-09-03 Babak Shafiei Merge r188271. 2015-08-11 Said Abou-Hallawa feMorphology is not rendered correctly on Retina display https://bugs.webkit.org/show_bug.cgi?id=147589 Reviewed by Dean Jackson. The result ImageBuffer of any FilterEffect is already scaled up for 2x display. The FEMorphology needs to fix its painting data dimension and radius by multiplying them by the filter scale factor. Test: fast/hidpi/filters-morphology.html * platform/graphics/filters/FEMorphology.cpp: (WebCore::FEMorphology::platformApplySoftware): 2015-09-03 Babak Shafiei Merge r188014. 2015-08-05 Chris Dumez Crash when removing children of a MathMLSelectElement https://bugs.webkit.org/show_bug.cgi?id=147704 Reviewed by Ryosuke Niwa. When MathMLSelectElement::childrenChanged() is called after its children have been removed, MathMLSelectElement calls updateSelectedChild() which accesses m_selectedChild. However, in this case, m_selectedChild is the previously selected child and it may be destroyed as this point if it was removed. To avoid this problem, MathMLSelectElement now keep a strong ref to the currently selected element. Test: mathml/maction-removeChild.html * mathml/MathMLSelectElement.h: 2015-09-03 Babak Shafiei Merge r187564. 2015-07-29 Zalan Bujtas Remove the spanner placeholder from m_spannerMap when the placeholder object gets transferred to a descendant flow. https://bugs.webkit.org/show_bug.cgi?id=147380 rdar://problem/21981078 Reviewed by David Hyatt. Before r180328, the spanner placeholder was removed from m_spannerMap through RenderMultiColumnFlowThread::removeFlowChildInfo() by calling flowThreadRelativeWillBeRemoved() when the placeholder renderer got transferred to the descendant flow. Now we just remove it from the map when the renderer is being detached. Test: fast/multicol/newmulticol/spanner-crash-with-embedded-columns.html * rendering/RenderMultiColumnFlowThread.cpp: (WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted): 2015-09-03 Babak Shafiei Merge r186984. 2015-07-17 Zalan Bujtas REGRESSION (r169105): Do not assign a renderer to multiple selection subtrees. https://bugs.webkit.org/show_bug.cgi?id=147038 rdar://problem/21819351 Reviewed by David Kilzer. A renderer should never be assigned to multiple selection subtrees. (Currently RenderObject maintains the last selection state.) RenderView::applySubtreeSelection() loops from the start to the end of the selection to find renderers that are inside the selection. However, in case of regions (when multiple selection roots are present) traversing the renderer tree by calling RenderObject::nextInPreOrder() could end up going across selection roots. This patch ensures that we assign renderers to a specific selection only when the current selection root and the renderer's selection root match. Test: fast/regions/crash-when-renderer-is-in-multiple-selection-subtrees2.html * rendering/RenderView.cpp: (WebCore::SelectionIterator::SelectionIterator): (WebCore::SelectionIterator::current): (WebCore::SelectionIterator::checkForSpanner): (WebCore::RenderView::applySubtreeSelection): 2015-08-28 Babak Shafiei Merge r189024. 2015-08-27 Enrica Casucci Add some new emoji with modifiers and new sequence. https://bugs.webkit.org/show_bug.cgi?id=148202 rdar://problem/21849857 Reviewed by Sam Weinig. Adding support for some new emoji with modifiers and one new emoji sequence. * platform/graphics/FontCascade.cpp: (WebCore::FontCascade::characterRangeCodePath): * platform/text/CharacterProperties.h: (WebCore::isEmojiGroupCandidate): (WebCore::isEmojiModifier): * platform/text/TextBreakIterator.cpp: (WebCore::cursorMovementIterator): 2015-08-21 Matthew Hanson Merge r188769. rdar://problem/22354983 2015-08-21 Doug Russell AX: Table with CSS that makes a row anonymous can return NULL from cellForColumnAndRow https://bugs.webkit.org/show_bug.cgi?id=148293 Reviewed by Chris Fleizach. When RenderTableRows are anonymous, they may not be added to the accessible data table's internal row list. However, when calculating the row range for a cell, we were still accounting for those anonymous sections. Change how the row range is calculated to directly ask the accessible parent row for its index. This will ensure it’s more inline with what’s being represented to the accessibility API. Test: accessibility/aria-table-content.html * accessibility/AccessibilityTableCell.cpp: (WebCore::AccessibilityTableCell::parentRow): (WebCore::AccessibilityTableCell::rowIndexRange): * accessibility/AccessibilityTableCell.h: 2015-08-21 Matthew Hanson Merge r188765. rdar://problem/22356782 2015-08-21 Beth Dakin HistoryItems will null CachedPages should never be left in the list of items; causes crash https://bugs.webkit.org/show_bug.cgi?id=148237 -and corresponding- rdar://problem/22356782 Reviewed by Brady Eidson. Setting the CachedPage to nullptr will destroy the CachedPage, destroy the FrameView, re-enter layout, and potentially try to modify items in the PageCache based on that layout. So, we should not modify CachedPage in this way while the item is still in the list of HistoryItems. * history/PageCache.cpp: (WebCore::PageCache::take): (WebCore::PageCache::remove): (WebCore::PageCache::prune): 2015-08-17 Matthew Hanson Merge r188531. rdar://problem/22308554 2015-08-17 Andy Estes REGRESSION (r188486): Crash in SubresourceLoader::didReceiveResponse() when TemporaryChange goes out of scope https://bugs.webkit.org/show_bug.cgi?id=148082 Reviewed by Alexey Proskuryakov. Covered by existing tests run under ASan or Guard Malloc. * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::didReceiveResponse): Ensure that callingDidReceiveResponse is destroyed while the SubresourceLoader is still alive by declaring it after protect. 2015-08-14 Babak Shafiei Merge r188486. 2015-08-13 Andy Estes [Cocoa] Downloads do not start if policy decision is made asynchronously https://bugs.webkit.org/show_bug.cgi?id=147985 Reviewed by Brady Eidson. It's only possible to convert a NSURLConnection to a download while the connection delegate's -connection:didReceiveResponse: is being called. However, WebKit clients can decide content policy asynchronously. If a client chooses to download a response asynchronously, we can no longer convert the connection to a download, so we should start a new download instead. New API test: _WKDownload.AsynchronousDownloadPolicy * dom/Document.cpp: Updated to include SubresourceLoader.h. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::mainResourceLoader): Updated to return a SubresourceLoader. (WebCore::DocumentLoader::continueAfterContentPolicy): Cast mainResourceLoader() to a ResourceLoader since didFail() is private in SubresourceLoader. * loader/DocumentLoader.h: * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::SubresourceLoader): Initialized m_callingDidReceiveResponse to false. (WebCore::SubresourceLoader::didReceiveResponse): Used TemporaryChange<> to set m_callingDidReceiveResponse to true. * loader/SubresourceLoader.h: * loader/appcache/ApplicationCacheHost.cpp: Updated to include SubresourceLoader.h. * loader/mac/DocumentLoaderMac.cpp: Ditto. 2015-08-13 Babak Shafiei Merge r188416. 2015-08-13 Jer Noble Don't short circuit seeking https://bugs.webkit.org/show_bug.cgi?id=147892 Reviewed by Eric Carlson. When two seekWithTolerance() requests come in before the first is acted upon in seekTask(), the second will result in a "no seek required" conditional, because the new "currentTime" is assumed to be the destination time of the first seek. When cancelling a pending seek, first replace the "now" value with the "now" value from the replaced seek, thus preserving the original currentTime across all replacement seeks. Drive-by fix: some added logging causes occasional crashes, due to the underlying object being accessed having been deleted. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::seekWithTolerance): * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::seekToTime): 2015-08-13 Matthew Hanson Merge r188390. rdar://problem/21367467 2015-08-13 Eric Carlson Don't short circuit seeking https://bugs.webkit.org/show_bug.cgi?id=147892 Reviewed by Jer Noble. Test: media/video-seek-to-current-time.html * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::prepareForLoad): Call clearSeeking. (WebCore::HTMLMediaElement::fastSeek): Add logging. (WebCore::HTMLMediaElement::seekWithTolerance): Add logging. Set m_pendingSeekType. (WebCore::HTMLMediaElement::seekTask): Call clearSeeking. Don't short circuit a if the current or pending seek is a fast seek. Set m_seeking to true immediately before calling media engine as it may have been cleared before the seek task queue ran. (WebCore::HTMLMediaElement::clearSeeking): New. * html/HTMLMediaElement.h: * html/HTMLMediaElementEnums.h: * platform/GenericTaskQueue.h: (WebCore::GenericTaskQueue::enqueueTask): Clear m_pendingTasks. * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp: (WebCore::MediaPlayerPrivateAVFoundation::seekWithTolerance): Don't return early when asked to seek to the current time. (WebCore::MediaPlayerPrivateAVFoundation::invalidateCachedDuration): Remove some extremely noisy logging. * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::seekToTime): Add logging. 2015-08-11 Matthew Hanson Merge r188263. rdar://problem/22202935 2015-08-11 Matthew Hanson Merge r188203. rdar://problem/22026625 2015-08-09 Nan Wang AX: CSS table display styles can cause malformed, inaccessible AXTables to be exposed to the AX tree https://bugs.webkit.org/show_bug.cgi?id=136415 Reviewed by Chris Fleizach. Applying CSS display styles to tables can end up inserting anonymous RenderTableRows, which is not handled well by the accessibility code, which treats these as the actual rows. We can address this by diving deeper into anonymous nodes and finding the real rows and cells we want. In addition, another thing also causing malformed tables is that "grid" roles are being exposed as AXGrid instead of AXTable. Test: accessibility/mac/malformed-table.html * accessibility/AccessibilityARIAGrid.cpp: (WebCore::AccessibilityARIAGrid::addRowDescendant): * accessibility/AccessibilityTable.cpp: (WebCore::AccessibilityTable::addChildren): (WebCore::AccessibilityTable::addTableCellChild): (WebCore::AccessibilityTable::addChildrenFromSection): * accessibility/AccessibilityTable.h: * accessibility/AccessibilityTableCell.cpp: (WebCore::AccessibilityTableCell::parentTable): (WebCore::AccessibilityTableCell::rowIndexRange): * accessibility/AccessibilityTableRow.cpp: (WebCore::AccessibilityTableRow::parentTable): * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (createAccessibilityRoleMap): 2015-08-11 Matthew Hanson Merge r188243. rdar://problem/22102378 2015-08-10 Myles C. Maxfield Post-review fixup after r188195 https://bugs.webkit.org/show_bug.cgi?id=147806 Unreviewed. Covered by fast/text/crash-obscure-text.html. * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::objectForEqualityCheck): 2015-08-11 Matthew Hanson Merge r188195. rdar://problem/22102378 2015-08-09 Myles C. Maxfield Crash in ComplexTextController when laying out obscure text https://bugs.webkit.org/show_bug.cgi?id=147806 Reviewed by Darin Adler. CTFontDescriptorCopyAttribute(fontDescriptor.get(), kCTFontReferenceURLAttribute) can return nullptr. Test: fast/text/crash-obscure-text.html * platform/graphics/mac/ComplexTextControllerCoreText.mm: (WebCore::safeCFEqual): (WebCore::ComplexTextController::collectComplexTextRunsForCharacters): 2015-08-11 Matthew Hanson Merge r188263. rdar://problem/22202935 2015-08-11 Myles C. Maxfield [iOS] Arabic letter Yeh is drawn in LastResort https://bugs.webkit.org/show_bug.cgi?id=147862 Reviewed by Darin Adler. In order to perform font fallback, we must know which fonts support which characters. We perform this check by asking each font to map a sequence of codepoints to glyphs, and any glyphs which end up with a 0 value are unsupported by the font. One of the mechanisms that we use to do this is to combine the code points into a string, and tell Core Text to lay out the string. However, this is fundamentally a different operation than the one we are trying to perform. Strings combine adjacent codepoints into grapheme clusters, and CoreText operates on these. However, we are trying to gain information regarding codepoints, not grapheme clusters. Instead of taking this string-based approach, we should try harder to use Core Text functions which operate on ordered collections of characters, rather than strings. In particular, CTFontGetGlyphsForCharacters() and CTFontGetVerticalGlyphsForCharacters() have the behavior we want where any unmapped characters end up with a 0 value glyph. Previously, we were only using the result of those functions if they were successfully able to map their entire input. However, given the fact that we can degrade gracefully in the case of a partial mapping, we shouldn't need to bail completely to the string-based approach should a partial mapping occur. At some point we should delete the string-based approach entirely. However, this path is still explicitly used for composite fonts. Fixing that use case is out of scope for this patch. Test: fast/text/arabic-glyph-cache-fill-combine.html * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::GlyphPage::fill): 2015-08-11 Matthew Hanson Merge r187758. rdar://problem/22095006 2015-08-03 Anders Carlsson Safari is failing to remove SQLite Databases via Remove All Website Data https://bugs.webkit.org/show_bug.cgi?id=147584 rdar://problem/22095006 Reviewed by Brady Eidson. If we end up deleting every single database for an origin, make sure to also delete the origin. * Modules/webdatabase/DatabaseTracker.cpp: (WebCore::DatabaseTracker::deleteDatabasesModifiedSince): 2015-08-10 Dana Burkart Merge r188182. rdar://problem/21254835 2015-08-07 James Craig REGRESSION(r184722) AX: WebKit video playback toolbar removed from DOM; no longer accessible to VoiceOver https://bugs.webkit.org/show_bug.cgi?id=145684 Reviewed by Dean Jackson. Updated Apple Video controls to add an invisible but focusable button that allows VoiceOver users (and when unblocked, keyboard users) to re-display the video controls. Test: media/video-controls-show-on-kb-or-ax-event.html * English.lproj/mediaControlsLocalizedStrings.js: * Modules/mediacontrols/mediaControlsApple.css: (audio::-webkit-media-show-controls): (video::-webkit-media-show-controls): * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.createControls): (Controller.prototype.handleFullscreenChange): (Controller.prototype.handleShowControlsClick): (Controller.prototype.handleWrapperMouseMove): (Controller.prototype.updateForShowingControls): (Controller.prototype.showControls): (Controller.prototype.hideControls): (Controller.prototype.setNeedsUpdateForDisplayedWidth): * Modules/mediacontrols/mediaControlsiOS.css: (audio::-webkit-media-show-controls): (video::-webkit-media-show-controls): 2015-08-10 Dana Burkart Merge r188196. rdar://problem/22192773 2015-08-09 Eric Carlson [Mac] Always require ExternalDeviceAutoPlayCandidate flag to AirPlay automatically https://bugs.webkit.org/show_bug.cgi?id=147801 Reviewed by Dean Jackson. Test: http/tests/media/video-media-document-disposition-download.html * Modules/mediasession/WebMediaSessionManager.cpp: (WebCore::WebMediaSessionManager::configurePlaybackTargetClients): Don't tell the last element to begin playing to the target unless the ExternalDeviceAutoPlayCandidate flag is set and it is not currently playing. 2015-08-10 Dana Burkart Merge r188190. rdar://problem/22191482 2015-08-08 Commit Queue Unreviewed, rolling out r179871. https://bugs.webkit.org/show_bug.cgi?id=147810 Breaks product images on http://www.apple.com/shop/buy- mac/macbook (Requested by smfr on #webkit). Reverted changeset: "Render: properly update body's background image" https://bugs.webkit.org/show_bug.cgi?id=140183 http://trac.webkit.org/changeset/179871 2015-08-06 Dana Burkart Merge r187962. rdar://problem/21827815 2015-08-05 Daniel Bates REGRESSION (r185111): Clicking phone numbers doesn't prompt to call sometimes https://bugs.webkit.org/show_bug.cgi?id=147678 Reviewed by Brady Eidson. Fixes an issue where a non-user-initiated navigation of the main frame to a phone link (tel URL) may be ignored. The navigation is ignored if the page was reloaded as a result of a web content process crash, its lifetime exceeded the back-forward cache expiration interval, or a person quits and opens Safari again, among other scenarios. * history/HistoryItem.cpp: (WebCore::HistoryItem::setShouldOpenExternalURLsPolicy): Added. (WebCore::HistoryItem::shouldOpenExternalURLsPolicy): Added. * history/HistoryItem.h: * loader/FrameLoader.cpp: (WebCore::FrameLoader::loadDifferentDocumentItem): Apply the "should open external URLs" policy from the history item, if applicable. Also, be more explicit when instantiating a NavigationAction so as to help make it straightforward to reduce the number of NavigationAction constructors we have in the future. * loader/HistoryController.cpp: (WebCore::HistoryController::saveDocumentState): Save the "should open external URLs" policy to the history item. (WebCore::HistoryController::restoreDocumentState): Apply the "should open external URLs" policy from the history item to the document loader. (WebCore::HistoryController::initializeItem): Update the "should open external URLs" policy of the history item to reflect the policy of the document loader associated with the current frame. 2015-08-06 Dana Burkart Merge r187935. rdar://problem/22097682 2015-08-04 Doug Russell AX: tree item children returned from ranged getter are different from full array of children https://bugs.webkit.org/show_bug.cgi?id=147660 Reviewed by Chris Fleizach. Add an isTreeItem() check in ranged element getter so that it matches the logic in the getter for the full children array. This prevents returning a row as a child when only the rows contents should be returned. This prevents navigation issues on websites without aria outlines. Test: accessibility/mac/aria-tree-item-children.html * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilityArrayAttributeValues:index:maxCount:]): 2015-08-06 Dana Burkart Merge r187930. rdar://problem/21870332 2015-08-04 Brent Fulgham REGRESSION (r173784): [Mac] Correct latching error for non-scrollable iframe nested inside scrollable div. https://bugs.webkit.org/show_bug.cgi?id=147668 Reviewed by Simon Fraser. Test: platform/mac/fast/scrolling/scroll-div-with-nested-nonscrollable-iframe.html When we are wrapping up processing of the wheel event for a given frame, if the current latching context does NOT apply to the current frame (e.g., because it's latched to an enclosing frame) we should not pass wheel events directly to the latched elements scrollable container. Instead, we should just give the current frame an opportunity to perform any custom wheel event handling and return, so that the enclosing (latched) frame can do the rest of its event handling. If we don't do this, we incorrectly ask the enclosing frame to process the event, then return claiming that we handled the event, preventing the enclosing frame from doing its part of the processing. * page/mac/EventHandlerMac.mm: (WebCore::EventHandler::platformCompleteWheelEvent): 2015-08-06 Dana Burkart Merge r187892. rdar://problem/21932187 2015-08-04 Eric Carlson [Mac] Do not require a video track for AirPlay https://bugs.webkit.org/show_bug.cgi?id=147647 Reviewed by Jer Noble. * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.handleReadyStateChange): Call updateWirelessTargetAvailable(). (Controller.prototype.updateHasVideo): Don't call updateWirelessTargetAvailable(). (Controller.prototype.updateWirelessTargetAvailable): Don't require video. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::setReadyState): Call updateMediaState when we reach HAVE_METADATA. (WebCore::HTMLMediaElement::mediaState): Don't require video, only that the file can play. * html/MediaElementSession.cpp: (WebCore::MediaElementSession::showPlaybackTargetPicker): Check readyState instead of hasVideo. 2015-08-06 Dana Burkart Merge r187886. rdar://problem/15779101 2015-08-04 Alexey Proskuryakov Implement NPAPI redirect handling https://bugs.webkit.org/show_bug.cgi?id=138675 rdar://problem/15779101 Patch by Jeffrey Pfau, updated and tweaked by me. Reviewed by Anders Carlsson. Test: http/tests/plugins/get-url-redirect-notify.html * loader/NetscapePlugInStreamLoader.cpp: (WebCore::NetscapePlugInStreamLoader::init): (WebCore::NetscapePlugInStreamLoader::willSendRequest): (WebCore::NetscapePlugInStreamLoader::didReceiveResponse): * loader/NetscapePlugInStreamLoader.h: * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::init): (WebCore::ResourceLoader::isSubresourceLoader): (WebCore::ResourceLoader::willSendRequestInternal): (WebCore::ResourceLoader::willSendRequest): (WebCore::ResourceLoader::didSendData): * loader/ResourceLoader.h: * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::isSubresourceLoader): (WebCore::SubresourceLoader::willSendRequestInternal): (WebCore::SubresourceLoader::willSendRequest): Deleted. * loader/SubresourceLoader.h: * plugins/npapi.h: * plugins/npfunctions.h: 2015-08-06 Dana Burkart Merge r187693. rdar://problem/22047626 2015-07-31 Myles C. Maxfield [Cocoa] Latin quotes are used with the system font on Chinese devices https://bugs.webkit.org/show_bug.cgi?id=147504 Reviewed by Dean Jackson. The system font has some fancy logic regarding character selection which requires using Core Text for glyph selection. No new tests because tests can't change the system language of the device. * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::shouldUseCoreText): 2015-08-06 Dana Burkart Merge r187622. rdar://problem/15779101 2015-07-30 Anders Carlsson Remove stray printf. * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::requestObject): 2015-08-06 Dana Burkart Merge r187620. rdar://problem/15779101 2015-07-30 Anders Carlsson Assertion failure when a plug-in loads a resource that redirects somewhere https://bugs.webkit.org/show_bug.cgi?id=147469 Reviewed by Alexey Proskuryakov. Test: http/tests/plugins/get-url-redirect.html r186597 moved the call to addPlugInStreamLoader to willSendRequest. This is wrong since willSendRequest can be invoked more than once. Fix this by making the initialization phase of NetscapePlugInStreamLoader be more like SubresourceLoader where we only call addPlugInStreamLoader once we've successfully initialized the loader, and only call removePlugInStreamLoader if we've called addPlugInStreamLoader. Also change addPlugInStreamLoader and removePlugInStreamLoader to take references. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::addPlugInStreamLoader): (WebCore::DocumentLoader::removePlugInStreamLoader): * loader/DocumentLoader.h: * loader/NetscapePlugInStreamLoader.cpp: (WebCore::NetscapePlugInStreamLoader::create): (WebCore::NetscapePlugInStreamLoader::init): (WebCore::NetscapePlugInStreamLoader::didFinishLoading): (WebCore::NetscapePlugInStreamLoader::didFail): (WebCore::NetscapePlugInStreamLoader::didCancel): (WebCore::NetscapePlugInStreamLoader::notifyDone): * loader/NetscapePlugInStreamLoader.h: * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::willSendRequest): Deleted. * loader/ResourceLoader.h: (WebCore::ResourceLoader::isPlugInStreamLoader): Deleted. * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::requestObject): 2015-08-04 Matthew Hanson Merge r187805. rdar://problem/21838271 2015-08-03 Myles C. Maxfield Clean up casts between NSFont*s and CTFontRefs https://bugs.webkit.org/show_bug.cgi?id=147618 Reviewed by Mitz Pettel. For toll free bridged types, it makes more sense to do a C-style cast, than jump through hoops for older compilers. No new tests because there is no behavior change. * platform/graphics/FontPlatformData.h: (WebCore::FontPlatformData::nsFont): (WebCore::FontPlatformData::hash): 2015-08-04 Matthew Hanson Merge r187807. rdar://problem/21838271 2015-08-03 Myles C. Maxfield Fix crashing Mavericks test Unreviewed. * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::registeredFont): 2015-08-04 Matthew Hanson Merge r187776. rdar://problem/21925990 2015-08-03 Eric Carlson [Mac] Always require user gesture to begin playing to AppleTV automatically https://bugs.webkit.org/show_bug.cgi?id=147591 Reviewed by Jer Noble. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::mediaState): Don't set the ExternalDeviceAutoPlayCandidate flag until the user has explicitly triggered playback. 2015-08-04 Matthew Hanson Merge r187806. rdar://problem/21838271 2015-08-03 Myles C. Maxfield Unreviewed post-review feedback on r187797 The correct terminology is "registered" instead of "activated." No new tests because there is no behavior change. * platform/graphics/FontPlatformData.h: * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::registeredFont): (WebCore::FontPlatformData::activatedFont): Deleted. 2015-08-04 Matthew Hanson Merge r187797. rdar://problem/21838271 2015-08-03 Myles C. Maxfield REGRESSION(r184899): Crash when focusing an input element styled with a web font https://bugs.webkit.org/show_bug.cgi?id=147616 Reviewed by Dean Jackson. NSFontManager can't handle web fonts. We used to pass null to NSFontManager in this case, but r184899 changed that. Test: fast/text/input-webfont-focus.html * platform/graphics/FontPlatformData.h: * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::activatedFont): 2015-08-04 Matthew Hanson Merge r187792. rdar://problem/22116575 2015-08-03 Tim Horton REGRESSION (r186916): TextIndicators for multiline link previews are unreadable/offset/blank https://bugs.webkit.org/show_bug.cgi?id=147615 Reviewed by Dean Jackson. * page/mac/TextIndicatorWindow.mm: (-[WebTextIndicatorView initWithFrame:textIndicator:margin:offset:]): No need to offset by the difference between the text bounding rect and the selection bounding rect, because the snapshot is now (after r186916) taken of exactly the text bounding rect. 2015-08-03 Matthew Hanson Merge r187691. rdar://problem/22060183 2015-07-31 Chris Dumez Coalesce authentication credential requests https://bugs.webkit.org/show_bug.cgi?id=128006 Reviewed by Alexey Proskuryakov. Export symbol for ProtectionSpace::compare() so it can be called from WebKit2. * platform/network/ProtectionSpaceBase.h: 2015-08-03 Matthew Hanson Merge r187685. rdar://problem/21775336 2015-07-31 Myles C. Maxfield [SVG -> OTF Converter] Crash when converting Arabic fonts https://bugs.webkit.org/show_bug.cgi?id=147510 Reviewed by Anders Carlsson. SVGToOTFFontConverter::compareCodepointsLexicographically() wasn't transitive. Test: fast/text/arabic-duplicate-glyph-font.html * svg/SVGToOTFFontConversion.cpp: (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically): 2015-08-03 Matthew Hanson Merge r187545. rdar://problem/21893047 2015-07-29 Dean Jackson Remove dispatch_apply_f and instead use vImage more directly https://bugs.webkit.org/show_bug.cgi?id=147391 Fix the iOS builds. * platform/graphics/cg/ImageBufferDataCG.cpp: (WebCore::unpremultiplyBufferData): (WebCore::premultiplyBufferData): 2015-08-03 Matthew Hanson Merge r187536. rdar://problem/21893047 2015-07-28 Simon Fraser Fix debug builds. * platform/graphics/cg/ImageBufferDataCG.cpp: (WebCore::premultiplyBufferData): (WebCore::unpremultiplyBufferData): 2015-08-03 Matthew Hanson Merge r187534. rdar://problem/21893047 2015-07-28 Dean Jackson Remove dispatch_apply_f and instead use vImage more directly https://bugs.webkit.org/show_bug.cgi?id=147391 Reviewed by Simon Fraser. Use vImage unmultiplication and premultiplication functions on the entire ImageBufferData object, rather than getting and setting data on an line by line using dispatch_apply. We were seeing some crashes in vImage with the smaller buffer sizes, and hopefully this will either fix the problem, or give us a better stack trace to diagnose. I also did a drive-by change of "dst" to "dest". It was inconsistent throughout the file. Convered by the tests in fast/canvas and imported/w3c/canvas * platform/graphics/cg/ImageBufferDataCG.cpp: Remove the ScanlineData structure. It is no longer needed. (WebCore::premultiplyBufferData): New function that calls vImagePremultiplyData_RGBA8888. (WebCore::unpremultiplyBufferData): New function that calls vImageUnpremultiplyData_RGBA8888. (WebCore::affineWarpBufferData): Extracting some common code into a function. (WebCore::ImageBufferData::getData): Use the two new functions as appropriate. Move some of the code around now that more is shared between the different #if branches. (WebCore::ImageBufferData::putData): (WebCore::convertScanline): Deleted. (WebCore::unpremultitplyScanline): Deleted. (WebCore::premultitplyScanline): Deleted. 2015-08-03 Matthew Hanson Merge r187740. rdar://problem/22098457 2015-08-03 Brady Eidson Crash when signing into twitter calling WebCore::DocumentLoader::responseReceived(WebCore::CachedResource*, WebCore::ResourceResponse const&). and https://bugs.webkit.org/show_bug.cgi?id=147560 Reviewed by Alexey Proskuryakov. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): Only grab identifierForLoadWithoutResourceLoader() if there's no ResourceLoader. 2015-08-03 Matthew Hanson Merge r187466. rdar://problem/21960398 2015-07-27 Brady Eidson Crash in WebCore::DocumentLoader::willSendRequest() with ContentFilter and AppCache. and https://bugs.webkit.org/show_bug.cgi?id=147339 Reviewed by Alexey Proskuryakov. No new tests (Not yet proven to be possible to test this). * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): Grab the identifier from the CachedResource directly, not from the null ResourceLoader. (WebCore::DocumentLoader::continueAfterNavigationPolicy): Null check the ResourceLoader, as it can definitely be gone by this point. * loader/cache/CachedResource.cpp: (WebCore::CachedResource::clearLoader): Save off the identifier for later use. * loader/cache/CachedResource.h: (WebCore::CachedResource::identifierForLoadWithoutResourceLoader): Expose the identifier that the ResourceLoader had when it went away. 2015-07-31 Matthew Hanson Merge r187675. rdar://problem/21632211 2015-07-31 Jer Noble CRASH at WebCore::TaskDispatcher::postTask + 38 https://bugs.webkit.org/show_bug.cgi?id=147485 Rubber-stamped by Joseph Pecoraro. Follow-up test crash fix: call superclass's contextDestroyed() which allows the m_scriptExecutionContext variable to be cleared. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::contextDestroyed): 2015-08-01 Babak Shafiei Merge r187686. 2015-07-31 Tim Horton [iOS] DOMNode preview snapshot rects are wrong for user-select: none links https://bugs.webkit.org/show_bug.cgi?id=147513 Reviewed by Simon Fraser. * bindings/objc/DOM.mm: (-[DOMNode getPreviewSnapshotImage:andRects:]): Use the same code as WebKit2 to compute the fallback rect (if TextIndicator fails), asking the RenderObject (or RenderImage) for its bounding box instead of using the (often wrong) Range bounding rect. Make sure to use the fallback rect *any* time TextIndicator fails (before we would return no rects at all if TextIndicator::createWithRange returned null, and the fallback rect if it returned with an empty image). Inverse-page-scale the margin, to match the appearance in WebKit2. 2015-08-01 Babak Shafiei Merge r187687. 2015-07-31 Andreas Kling Crashes under HTMLMediaElement::updateActiveTextTrackCues() when destroying CachedPage. Reviewed by Chris Dumez. Don't mess with the media element's text tracks below its ActiveDOMObject::stop() implementation, since that may cause DOM mutations. I don't have a repro or a test for this, but plenty of crash logs to indicate that we're getting ourselves into trouble by modifying the DOM during CachedPage teardown. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::configureTextTrackDisplay): 2015-07-31 Babak Shafiei Roll out r187466. 2015-07-31 Babak Shafiei Merge r187694. 2015-07-31 Eric Carlson [iOS] use a media-specific user gesture check https://bugs.webkit.org/show_bug.cgi?id=147509 Reviewed by Tim Horton. Change an enum name added in r187688. * dom/UserGestureIndicator.cpp: (WebCore::isDefinite): DefinitelyProcessingMediaUserGesture -> DefinitelyProcessingPotentialUserGesture (WebCore::UserGestureIndicator::processingUserGestureForMedia): Ditto. * dom/UserGestureIndicator.h: Ditto. 2015-07-31 Babak Shafiei Merge r187688. 2015-07-31 Eric Carlson [iOS] use a media-specific user gesture check https://bugs.webkit.org/show_bug.cgi?id=147509 Reviewed by Jer Noble. * bindings/js/ScriptController.cpp: (WebCore::ScriptController::processingUserGestureForMedia): New. * bindings/js/ScriptController.h: * dom/UserGestureIndicator.cpp: (WebCore::isDefinite): Allow DefinitelyProcessingMediaUserGesture. (WebCore::UserGestureIndicator::processingUserGestureForMedia): New. * dom/UserGestureIndicator.h: * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::load): Use ScriptController::processingUserGestureForMedia instead of ScriptController::processingUserGesture (WebCore::HTMLMediaElement::play): Ditto. 2015-07-31 Babak Shafiei Merge r187684. 2015-07-31 Jeremy Jones Rename AVPlayerLayerView to _AVPlayerLayerView. https://bugs.webkit.org/show_bug.cgi?id=147399 Reviewed by Eric Carlson. Change class name AVPlayerLayerView to match change in AVKit SPI. This prevents conflicts with 3rd party apps. * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: (WebAVPlayerLayerView_dealloc): (getWebAVPlayerLayerViewClass): * platform/spi/cocoa/AVKitSPI.h: 2015-07-31 Babak Shafiei Merge r187675. 2015-07-31 Jer Noble CRASH at WebCore::TaskDispatcher::postTask + 38 https://bugs.webkit.org/show_bug.cgi?id=147485 Rubber-stamped by Joseph Pecoraro. Follow-up test crash fix: call superclass's contextDestroyed() which allows the m_scriptExecutionContext variable to be cleared. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::contextDestroyed): 2015-07-31 Matthew Hanson Merge r187655. rdar://problem/21632211 2015-07-31 Jer Noble CRASH at WebCore::TaskDispatcher::postTask + 38 https://bugs.webkit.org/show_bug.cgi?id=147485 Reviewed by Eric Carlson. CrashLogs indicate a use-after-free of the ScriptExecutionContext (i.e., Document) used by the GenericTaskQueue objects owned by HTMLMediaElement. When the ScriptExecutionContext notifies its ActiveDOMObjects that it is about to be destroyed, close() the GenericTaskQueues so that they can no longer accept new tasks. Previously, enqueueing a task on a closed GenericTaskQueue ASSERTed in debug builds, but silently succeeded in release builds. Calling enqueueTask() on a closed GenericTaskQueue is now a no-op. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::contextDestroyed): * html/HTMLMediaElement.h: * platform/GenericTaskQueue.h: (WebCore::GenericTaskQueue::enqueueTask): 2015-07-31 Matthew Hanson Merge r187630. rdar://problem/18835799 2015-07-30 Andreas Kling [CF] Web process continually eating memory on simple, shared Google Docs spreadsheet. Reviewed by Geoffrey Garen. Make sure we service the CFRunLoop on worker threads, since ports using CoreFoundation will be scheduling garbage collections and heap sweeps using CFRunLoop timers. This fix is a stopgap. Long term we need a better design for integrating GC tasks with with the web worker run loop. * workers/WorkerRunLoop.cpp: (WebCore::WorkerRunLoop::runInMode): Instead of sleeping forever, calculate a better wakeup deadline by asking the CFRunLoop when its next timer will fire. Then, when a timeout occurs, call CFRunLoopRunInMode (with seconds=0) to service pending timers. 2015-07-31 Lucas Forschler Merge r187557 2015-07-29 Brady Eidson Crash in WebCore::DocumentLoader::stopLoadingForPolicyChange. and https://bugs.webkit.org/show_bug.cgi?id=147418 Reviewed by Chris Dumez. No new tests (No known reproducibility) * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::responseReceived): When setting to m_waitingForContentPolicy true, make sure we have a FrameLoader. (WebCore::DocumentLoader::detachFromFrame): Always explicitly call cancelPolicyCheckIfNeeded(). (WebCore::DocumentLoader::cancelPolicyCheckIfNeeded): Cancel the policy check if there is one. (WebCore::DocumentLoader::cancelMainResourceLoad): Use cancelPolicyCheckIfNeeded(). * loader/DocumentLoader.h: 2015-07-31 Lucas Forschler Merge r187556 2015-07-29 Brady Eidson Crash calling webSocket.close() from onError handler for blocked web socket. and https://bugs.webkit.org/show_bug.cgi?id=147411 Reviewed by Tim Horton. Tests: http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe.html http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame.html This was introduced with http://trac.webkit.org/changeset/185848 * Modules/websockets/WebSocket.cpp: (WebCore::WebSocket::connect): When blocked because of mixedContent, call dispatchOrQueueErrorEvent(). (WebCore::WebSocket::didReceiveMessageError): Use dispatchOrQueueErrorEvent() instead. (WebCore::WebSocket::dispatchOrQueueErrorEvent): Dispatch the error event, but don't dispatch one twice! * Modules/websockets/WebSocket.h: * Modules/websockets/WebSocketChannel.cpp: (WebCore::WebSocketChannel::fail): Null-check m_handshake before creating a console message from it. 2015-07-31 Lucas Forschler Merge r187535 2015-07-28 Simon Fraser Animations sometimes fail to start https://bugs.webkit.org/show_bug.cgi?id=147394 rdar://problem/21852603 Reviewed by Dean Jackson. When an accelerated animation or transition was started at the same time as a non-accelerated one, and then the node for the former was removed, we could never kick off the non-accelerated animation. AnimationControllerPrivate has logic to synchronize the two types of animation when they start in the same animation update, which involves setting the m_waitingForAsyncStartNotification flag, and waiting for a notifyAnimationStarted() to come in from the graphics system. However, it failed to handle the case where the accelerated animation was removed before the callback was received, which left the m_waitingForAsyncStartNotification flag set to true, preventing the non-accelerated animation from running. Test: animations/remove-syncing-animation.html * page/animation/AnimationBase.h: (WebCore::AnimationBase::isAccelerated): Make this public. * page/animation/AnimationController.cpp: (WebCore::AnimationControllerPrivate::clear): Add logging. (WebCore::AnimationControllerPrivate::receivedStartTimeResponse): Add logging. (WebCore::AnimationControllerPrivate::animationWillBeRemoved): Add logging. After removing animations from the maps, check to see if we expect any of the remaining animations are waiting for a notifyAnimationStarted(). If not, clear the m_waitingForAsyncStartNotification flag. (WebCore::AnimationController::notifyAnimationStarted): Log the renderer. (WebCore::AnimationControllerPrivate::AnimationControllerPrivate): Remove unneeded initializations of HashMaps. * page/animation/CompositeAnimation.cpp: (WebCore::CompositeAnimation::updateTransitions): Log renderers. (WebCore::CompositeAnimation::updateKeyframeAnimations): Ditto. 2015-07-31 Lucas Forschler Merge r187525 2015-07-28 Myles C. Maxfield [iOS] Crash when encountering characters whose natural font is one we can't look up https://bugs.webkit.org/show_bug.cgi?id=147377 Reviewed by Simon Fraser. These characters hit the complex text code path, where CoreText picks fonts to use for each character. We then try to map these CoreText fonts back to our own Font objects, and we assume (on iOS) that our own font search will always return something. On OS X, we do not have such an assumption, and we handle the case where it does not hold. This method works on iOS as well, so the solution is to just perform it on both OSes. Test: fast/text/crash-complex-unknown-font.html * platform/graphics/mac/ComplexTextControllerCoreText.mm: (WebCore::ComplexTextController::collectComplexTextRunsForCharacters): 2015-07-31 Lucas Forschler Merge r187522 2015-07-28 Said Abou-Hallawa [iOS] REGRESSION(r168075): Fullscreen web video doesn't pause on screen lock https://bugs.webkit.org/show_bug.cgi?id=147269 Reviewed by Andreas Kling. Media elements should pause when the application is going to EnterBackground under lock regardless whether it is in full screen or not. * platform/audio/PlatformMediaSession.h: * platform/audio/PlatformMediaSession.cpp: (WebCore::PlatformMediaSession::doInterruption): This code was moved from beginInterruption(). (WebCore::PlatformMediaSession::shouldDoInterruption): Move the condition which allows the media session interruption to a separate function. (WebCore::PlatformMediaSession::beginInterruption): Call the functions shouldDoInterruption() and doInterruption(). (WebCore::PlatformMediaSession::forceInterruption): This function will be called from PlatformMediaSessionManager::applicationDidEnterBackground() to override the decision which is made by PlatformMediaSession::beginInterruption() if the application isSuspendedUnderLock. * platform/audio/PlatformMediaSessionManager.h: * platform/audio/PlatformMediaSessionManager.cpp: (WebCore::PlatformMediaSessionManager::applicationDidEnterBackground): [UIApp isSuspendedUnderLock] is only valid when it is called when the UIApplicationDidEnterBackgroundNotification is received. We need to force interrupting the media sessions if the application isSuspendedUnderLock and UIApplicationWillResignActiveNotification was ignored because of PiP. * platform/audio/ios/MediaSessionManagerIOS.h: * platform/audio/ios/MediaSessionManagerIOS.mm: (-[WebMediaSessionHelper initWithCallback:]): (-[WebMediaSessionHelper applicationDidEnterBackground:]): Listen to UIApplicationDidEnterBackgroundNotification and make a call on the web thread to PlatformMediaSessionManager::applicationDidEnterBackground() and pass the isSuspendedUnderLock flag which is queried on the UIProcess. 2015-07-31 Lucas Forschler Merge r187521 2015-07-28 Tim Horton [iOS] Creating a TextIndicator causes the view to scroll to the current selection https://bugs.webkit.org/show_bug.cgi?id=147379 Reviewed by Beth Dakin. * editing/Editor.cpp: (WebCore::Editor::setIgnoreCompositionSelectionChange): * editing/Editor.h: Add a flag so that setIgnoreCompositionSelectionChange(false) can still not force-reveal the current selection. This is useful for e.g. TextIndicator, who saves the selection, changes it, and then restores it, but doesn't want to scroll to the saved/restored selection. * page/TextIndicator.cpp: (WebCore::TextIndicator::createWithRange): Make use of the above flag. 2015-07-31 Lucas Forschler Merge r187516 2015-07-28 Eric Carlson [iOS] Set AirPlay discovery mode to disabled when page is hidden https://bugs.webkit.org/show_bug.cgi?id=147369 Reviewed by Jer Noble. * html/MediaElementSession.cpp: (WebCore::MediaElementSession::requiresPlaybackTargetRouteMonitoring): Return false when the client is not visible. * html/MediaElementSession.h: * platform/audio/PlatformMediaSession.cpp: (WebCore::PlatformMediaSession::clientDataBufferingTimerFired): Call configureWireLessTargetMonitoring. 2015-07-31 Lucas Forschler Merge r187491 2015-07-28 Jer Noble [iOS] Notify fullscreen controller in UIProcess whether external playback is allowed https://bugs.webkit.org/show_bug.cgi?id=147343 Reviewed by Brady Eidson. Pass the value of the MediaElementSession's wirelessVideoPlaybackDisabled() property up through WebKit2 to WebVideoFullscreenControllerAVKit. * platform/ios/WebVideoFullscreenControllerAVKit.mm: (WebVideoFullscreenControllerContext::setWirelessVideoPlaybackDisabled): Pass to the interface on the main thread. * platform/ios/WebVideoFullscreenInterface.h: * platform/ios/WebVideoFullscreenInterfaceAVKit.h: * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: (WebVideoFullscreenInterfaceAVKit::setWirelessVideoPlaybackDisabled): Sets .allowsExternalPlayback to !disabled. (WebVideoFullscreenInterfaceAVKit::wirelessVideoPlaybackDisabled): Returns the last value set. * platform/ios/WebVideoFullscreenModelVideoElement.mm: (WebVideoFullscreenModelVideoElement::setWebVideoFullscreenInterface): Update the value of wirelessVideoPlaybackDisabled if the element is present. (WebVideoFullscreenModelVideoElement::setVideoElement): Ditto if the interface is present. (WebVideoFullscreenModelVideoElement::updateForEventName): Update the value either way. 2015-07-28 Brady Eidson Handle null CFArrayRef returning from _CFHTTPParsedCookiesWithResponseHeaderFields. and https://bugs.webkit.org/show_bug.cgi?id=147365 Reviewed by Alexey Proskuryakov. * platform/network/cf/CookieJarCFNet.cpp: (WebCore::filterCookies): ASSERT the input is not null. (WebCore::createCookies): Always return a CFArrayRef, even if it's empty. 2015-07-31 Lucas Forschler Merge r187489 2015-07-28 Chris Dumez Allow lax MIME type parsing for same-origin CSS in quirks mode. https://bugs.webkit.org/show_bug.cgi?id=147327 Reviewed by Zalan Bujtas. The change made in r180020 is too strict for the web, and doesn't match Firefox Chrome, or IE's behavior. In particular, it does not respect the same-origin carveout that the HTML spec specifies: https://html.spec.whatwg.org/multipage/semantics.html#link-type-stylesheet This patch corrects that oversight and aligns our behavior with other popular browsers. This change was adapted from Blink r196678: https://src.chromium.org/viewvc/blink?revision=196678&view=revision Tests: http/tests/security/cross-origin-css-in-quirks-1.html http/tests/security/cross-origin-css-in-quirks-2.html http/tests/security/cross-origin-css-in-quirks-3.html http/tests/security/cross-origin-css-in-quirks-4.html http/tests/security/cross-origin-css-in-quirks-5.html http/tests/security/cross-origin-css-in-quirks-6.html http/tests/security/cross-origin-css-in-quirks-7.html http/tests/security/cross-origin-css-in-quirks-8.html http/tests/security/same-origin-css-1.html http/tests/security/same-origin-css-2.html http/tests/security/same-origin-css-3.html http/tests/security/same-origin-css-4.html http/tests/security/same-origin-css-5.html http/tests/security/same-origin-css-6.html http/tests/security/same-origin-css-7.html http/tests/security/same-origin-css-8.html http/tests/security/same-origin-css-in-quirks.html * css/StyleRuleImport.cpp: (WebCore::StyleRuleImport::setCSSStyleSheet): * css/StyleSheetContents.cpp: (WebCore::StyleSheetContents::parseAuthorStyleSheet): * css/StyleSheetContents.h: * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::setCSSStyleSheet): * loader/cache/CachedCSSStyleSheet.cpp: (WebCore::CachedCSSStyleSheet::sheetText): (WebCore::CachedCSSStyleSheet::canUseSheet): (WebCore::CachedCSSStyleSheet::checkNotify): Deleted. * loader/cache/CachedCSSStyleSheet.h: 2015-07-31 Lucas Forschler Merge r187466 2015-07-27 Brady Eidson Crash in WebCore::DocumentLoader::willSendRequest() with ContentFilter and AppCache. and https://bugs.webkit.org/show_bug.cgi?id=147339 Reviewed by Alexey Proskuryakov. No new tests (Not yet proven to be possible to test this). * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): Grab the identifier from the CachedResource directly, not from the null ResourceLoader. (WebCore::DocumentLoader::continueAfterNavigationPolicy): Null check the ResourceLoader, as it can definitely be gone by this point. * loader/cache/CachedResource.cpp: (WebCore::CachedResource::clearLoader): Save off the identifier for later use. * loader/cache/CachedResource.h: (WebCore::CachedResource::identifierForLoadWithoutResourceLoader): Expose the identifier that the ResourceLoader had when it went away. 2015-07-31 Lucas Forschler Merge r187448 2015-07-27 Anders Carlsson WKWebsiteDataStore remove methods don't properly delete cookies https://bugs.webkit.org/show_bug.cgi?id=147333 rdar://problem/21948230 Reviewed by Tim Horton. If there are multiple cookies for a single domain, make sure to delete all of them and not just the first one we find. Fix this by keeping a mapping from domain to a list of cookies. * platform/network/mac/CookieJarMac.mm: (WebCore::deleteCookiesForHostnames): 2015-07-31 Lucas Forschler Merge r187379 2015-07-24 Dan Bernstein Tried to fix the iOS 9 build after r187375. * platform/network/mac/CookieJarMac.mm: 2015-07-31 Lucas Forschler Merge r187375 2015-07-24 Anders Carlsson WKWebsiteDataStore remove methods don't properly delete cookies https://bugs.webkit.org/show_bug.cgi?id=147282 rdar://problem/21948230 Reviewed by Sam Weinig. Rename deleteCookiesForHostname to deleteCookiesForHostnames and make it take a vector of hostnames instead. Also, fix the Mac implementation to not be O(n2) by putting all cookies in a dictionary keyed on the domain. Also make sure to call _saveStorage after deleting cookies. Finally, get rid of deleteCookiesForHostname from CookieJarCFNet.cpp and use the Mac implementation on iOS as well. Just stub out deleteCookiesForHostnames on Windows since nobody is calling it. * platform/network/PlatformCookieJar.h: * platform/network/cf/CookieJarCFNet.cpp: (WebCore::deleteCookiesForHostnames): (WebCore::deleteCookiesForHostname): Deleted. * platform/network/mac/CookieJarMac.mm: (WebCore::deleteCookiesForHostnames): (WebCore::deleteAllCookiesModifiedSince): (WebCore::deleteCookiesForHostname): Deleted. * platform/network/soup/CookieJarSoup.cpp: (WebCore::deleteCookiesForHostnames): (WebCore::deleteCookiesForHostname): Deleted. * platform/spi/cf/CFNetworkSPI.h: 2015-07-30 Matthew Hanson Merge r187490. rdar://problem/21995928 2015-07-28 Brady Eidson Handle null CFArrayRef returning from _CFHTTPParsedCookiesWithResponseHeaderFields. and https://bugs.webkit.org/show_bug.cgi?id=147365 Reviewed by Alexey Proskuryakov. * platform/network/cf/CookieJarCFNet.cpp: (WebCore::filterCookies): ASSERT the input is not null. (WebCore::createCookies): Always return a CFArrayRef, even if it's empty. 2015-07-30 Matthew Hanson Merge r187278. rdar://problem/19908029 2015-07-23 Nan Wang AX: AccessibilityNodeObject::childrenChanged() generates too many AXLiveRegionChanged notifications https://bugs.webkit.org/show_bug.cgi?id=147211 Reviewed by Chris Fleizach. AccessibilityNodeObject::childrenChanged() can be called repeatedly, generating a live region change notification each time. Sometimes, so many happen that VoiceOver hangs. We can use a timer to make sure that we coalesce these notifications. Test: platform/mac/accessibility/aria-multiple-liveregions-notification.html * accessibility/AXObjectCache.cpp: (WebCore::AXComputedObjectAttributeCache::getIgnored): (WebCore::AXObjectCache::AXObjectCache): (WebCore::AXObjectCache::~AXObjectCache): (WebCore::AXObjectCache::frameLoadingEventNotification): (WebCore::AXObjectCache::postLiveRegionChangeNotification): (WebCore::AXObjectCache::liveRegionChangedNotificationPostTimerFired): (WebCore::AXObjectCache::handleScrollbarUpdate): * accessibility/AXObjectCache.h: * accessibility/AccessibilityNodeObject.cpp: (WebCore::AccessibilityNodeObject::childrenChanged): 2015-07-30 Matthew Hanson Merge r187504. rdar://problem/21915355 2015-07-28 Said Abou-Hallawa Crash happens when calling removeEventListener for an SVG element which has an instance inside a element of shadow tree https://bugs.webkit.org/show_bug.cgi?id=147290 Reviewed by Daniel Bates. When the shadow tree is built for a element, all the SVG elements are allowed to be cloned in the shadow tree but later some of the elements are disallowed and removed. Make sure, when disallowing an element in the shadow tree, to reset the correspondingElement relationship between all the disallowed descendant SVG elements and all their original elements. Test: svg/custom/remove-event-listener-shadow-disallowed-element.svg *svg/SVGElement.cpp: (WebCore::SVGElement::setCorrespondingElement) * svg/SVGUseElement.cpp: (WebCore::removeDisallowedElementsFromSubtree): 2015-07-27 Babak Shafiei Merge r187352. 2015-07-24 Devin Rousso Web Inspector: Editing non-inspector-stylesheet rule selectors fails after the first change https://bugs.webkit.org/show_bug.cgi?id=147229 Reviewed by Timothy Hatcher. Test: inspector/css/modify-rule-selector.html * inspector/InspectorStyleSheet.cpp: (WebCore::InspectorStyleSheet::setRuleSelector): Now checks to see if the stylesheet is not mutated before making the change to the rule's selector, and if so mark it as not mutated to allow future edits. 2015-07-27 Babak Shafiei Merge r187393. 2015-07-25 Tim Horton Expose TextIndicator-backed snapshot and rect gathering on DOMNode https://bugs.webkit.org/show_bug.cgi?id=147298 Reviewed by Sam Weinig. * bindings/objc/DOM.mm: (-[DOMNode getPreviewSnapshotImage:andRects:]): No need to multiply by device scale here. 2015-07-27 Babak Shafiei Merge r187392. 2015-07-25 Tim Horton Expose TextIndicator-backed snapshot and rect gathering on DOMNode https://bugs.webkit.org/show_bug.cgi?id=147298 * bindings/objc/DOM.mm: (-[DOMNode getPreviewSnapshotImage:andRects:]): * bindings/objc/DOMExtensions.h: * bindings/objc/DOMPrivate.h: Move this to a private header. 2015-07-27 Babak Shafiei Merge r187391. 2015-07-25 Tim Horton Expose TextIndicator-backed snapshot and rect gathering on DOMNode https://bugs.webkit.org/show_bug.cgi?id=147298 Reviewed by Sam Weinig. * bindings/objc/DOM.mm: (-[DOMNode getPreviewSnapshotImage:andRects:]): * bindings/objc/DOMExtensions.h: 2015-07-27 Babak Shafiei Merge r187386. 2015-07-25 Chris Fleizach AX: iOS: Video "start playback" playback controls not accessible https://bugs.webkit.org/show_bug.cgi?id=147285 Reviewed by Jer Noble. The start playback control also needs the right label. * Modules/mediacontrols/mediaControlsiOS.js: (ControllerIOS.prototype.createBase): 2015-07-27 Babak Shafiei Merge r187371. 2015-07-24 Chris Fleizach AX: scrollable elements do not allow 3-finger swipe https://bugs.webkit.org/show_bug.cgi?id=141893 Reviewed by Mario Sanchez Prada. To allow iOS Accessibility to perform by-page scrolling in overflow areas, we move that scrolling code into AccessibilityObject and then iterate all the possible ScrollableAreas, rather than just finding the parents that are ScrollViews. Test: platform/ios-simulator/accessibility/scroll-in-overflow-div.html * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::scrollAreaAndAncestor): (WebCore::AccessibilityObject::scrollPosition): (WebCore::AccessibilityObject::scrollVisibleContentRect): (WebCore::AccessibilityObject::scrollContentsSize): (WebCore::AccessibilityObject::scrollByPage): * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper accessibilityScroll:]): (-[WebAccessibilityObjectWrapper convertPointToScreenSpace:]): (-[WebAccessibilityObjectWrapper _accessibilityScrollPosition]): (-[WebAccessibilityObjectWrapper _accessibilityScrollSize]): (-[WebAccessibilityObjectWrapper _accessibilityScrollVisibleRect]): (-[WebAccessibilityObjectWrapper accessibilityElementDidBecomeFocused]): 2015-07-27 Babak Shafiei Merge r187367. 2015-07-24 Alexey Proskuryakov [Cocoa] Clean up server trust handling in ResourceHandle. https://bugs.webkit.org/show_bug.cgi?id=147277 rdar://problem/21394410 Reviewed by Brady Eidson. * platform/network/ProtectionSpaceBase.h: (WebCore::ProtectionSpaceBase::isPasswordBased): * platform/network/ProtectionSpaceBase.cpp: (WebCore::ProtectionSpaceBase::isPasswordBased): Added. This is somewhat weak, as authentication schemes could change, but I couldn't find any better way. * platform/network/ResourceHandle.h: * platform/network/cf/ResourceHandleCFNet.cpp: (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): (WebCore::ResourceHandle::tryHandlePasswordBasedAuthentication): * platform/network/mac/ResourceHandleMac.mm: (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): (WebCore::ResourceHandle::tryHandlePasswordBasedAuthentication): Factored out password handling, and made sure to not try that for server trust. 2015-07-27 Babak Shafiei Merge r187366. 2015-07-24 Zalan Bujtas [iOS]: Inline video controls are blurry on scaled-down pages on non-retina devices. https://bugs.webkit.org/show_bug.cgi?id=147272 rdar://problem/21429111 Reviewed by Simon Fraser. Blurry inline video controls are the result of transform scaling up the content when the page is zoomed out (page scale > 1). This patch addresses the blurriness by switching to css zoom when the content is being scaled up. While transform scale is a paint time operation, css zoom triggers layout and the content is getting painted on a non-scaled graphics context. * Modules/mediacontrols/mediaControlsiOS.css: (audio::-webkit-media-controls-timeline-container): * Modules/mediacontrols/mediaControlsiOS.js: (ControllerIOS.prototype.set pageScaleFactor): 2015-07-27 Babak Shafiei Merge r187358. 2015-07-24 Alexey Proskuryakov Remove WEBCORE_EXPORT from Page::allowsMediaDocumentInlinePlayback() https://bugs.webkit.org/show_bug.cgi?id=147260 Reviewed by Daniel Bates. * page/Page.h: (WebCore::Page::allowsMediaDocumentInlinePlayback): 2015-07-26 Babak Shafiei Merge r187244. 2015-07-23 Myles C. Maxfield REGRESSION(r182236): Justified Arabic text does not expand https://bugs.webkit.org/show_bug.cgi?id=147217 Reviewed by Simon Fraser. When I was writing r182236, I got confused between the levels of the string hierarchy in ComplexTextController. I've added a comment in the header which should make it easier to get it right. Test: fast/text/international/arabic-justify.html * platform/graphics/mac/ComplexTextController.cpp: (WebCore::ComplexTextController::adjustGlyphsAndAdvances): * platform/graphics/mac/ComplexTextController.h: 2015-07-24 Jer Noble Merge r187251, r187252, r187262, r187263, r187272, r187289. rdar://problem/20689512 2015-07-21 Jer Noble Notify the UI delegate when a MediaDocument's natural size changes https://bugs.webkit.org/show_bug.cgi?id=147182 Reviewed by Simon Fraser. Notify the MediaDocument that it's underlying media element has changed its natural size, either when the media engine notifies us that the size changed, or when the ready state progresses to HAVE_METADATA. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::setReadyState): Notify the media document. (WebCore::HTMLMediaElement::mediaPlayerSizeChanged): Ditto. * html/MediaDocument.cpp: (WebCore::MediaDocument::mediaElementNaturalSizeChanged): Pass to the chrome client. * html/MediaDocument.h: * page/ChromeClient.h: 2015-07-23 Jer Noble Relax media playback restrictions if the allowsMediaDocumentInlinePlayback property is set. https://bugs.webkit.org/show_bug.cgi?id=147234 Reviewed by Darin Adler. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::prepareForLoad): Moved restriction check into MediaElementSession. * html/MediaElementSession.cpp: (WebCore::MediaElementSession::playbackPermitted): Check if is a top-level media document and if allowsMediaDocumentInilnePlayback is set, and return early. (WebCore::MediaElementSession::effectivePreloadForElement): Ditto. (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading): Ditto. * html/MediaElementSession.h: 2015-07-21 Jer Noble [iOS] Add an explicit API to allow media documents to (temporarily) play inline https://bugs.webkit.org/show_bug.cgi?id=147181 Reviewed by Beth Dakin. Add listeners for the new allowsMediaDocumentInlinePlayback API. When this value becomes NO, force any playing MediaDocuments to enter fullscreen mode. * dom/Document.cpp: (WebCore::Document::registerForAllowsMediaDocumentInlinePlaybackChangedCallbacks): Added registration method. (WebCore::Document::unregisterForAllowsMediaDocumentInlinePlaybackChangedCallbacks): Added deregistration method. (WebCore::Document::allowsMediaDocumentInlinePlaybackChanged): Notify all listeners. * dom/Document.h: * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::registerWithDocument): Listen for allowsMediaDocumentInlinePlayback changes. (WebCore::HTMLMediaElement::unregisterWithDocument): Stop listening to same. (WebCore::HTMLMediaElement::allowsMediaDocumentInlinePlaybackChanged): Enter fullscreen mode if the value changes to false during playback. * html/HTMLMediaElement.h: * html/MediaElementSession.cpp: (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback): Early true if the override value is set. * page/Page.cpp: (WebCore::Page::setAllowsMediaDocumentInlinePlayback): Notify all documents of the changed value. * page/Page.h: (WebCore::Page::allowsMediaDocumentInlinePlayback): Simple getter. 2015-07-24 Lucas Forschler Merge r187149 2015-07-21 Benjamin Poulain [CSS Selectors Level 4] Add #ifdefs to the new '>>' descendant combinator https://bugs.webkit.org/show_bug.cgi?id=147184 Reviewed by Anders Carlsson. Now that '>>>' is dead, the combinator '>>' is at risk. This patch #ifdef all that code with the other experimental features from Level 4. * css/CSSGrammar.y.in: * css/CSSParserValues.cpp: (WebCore::CSSParserSelector::appendTagHistory): * css/CSSParserValues.h: * css/CSSSelector.cpp: (WebCore::CSSSelector::CSSSelector): (WebCore::CSSSelector::selectorText): * css/CSSSelector.h: (WebCore::CSSSelector::CSSSelector): 2015-07-24 Matthew Hanson Merge r187036. rdar://problem/21901881 2015-07-20 Jeremy Jones Allow video to rotate when app doesnt allow rotation. https://bugs.webkit.org/show_bug.cgi?id=147121 Reviewed by Jer Noble. Set an SPI bool on the fullscreen video root view controller to allow it to override app rotation restrictions. This allows video to be played in landscape in portrait only apps. * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: (WebVideoFullscreenInterfaceAVKit::setupFullscreen): 2015-07-24 Matthew Hanson Merge r187274. rdar://problem/21905756 2015-07-23 Timothy Horton [iOS] Frame snapshots don't factor in page scale https://bugs.webkit.org/show_bug.cgi?id=147239 Reviewed by Simon Fraser. * page/FrameSnapshotting.cpp: (WebCore::snapshotFrameRect): Apply page scale when determining the backing store size and setting up the context. * page/TextIndicator.cpp: (WebCore::TextIndicator::createWithSelectionInFrame): Don't assume snapshotFrameRect gave us an image with scale=deviceScale, because it will factor in the pageScale too. * platform/graphics/ImageBuffer.h: (WebCore::ImageBuffer::resolutionScale): Expose resolutionScale. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::addToOverlapMap): This has been true for a long time. 2015-07-24 Matthew Hanson Merge r187271. rdar://problem/21929247 2015-07-22 Simon Fraser Layer z-ordering is incorrect when scrolling on page witih position:fixed https://bugs.webkit.org/show_bug.cgi?id=147220 rdar://problem/15849697&21929247 Reviewed by Dean Jackson. Overlap testing for compositing uses the currently laid out position of fixed elements, without taking into account the fact that async scrolling can move them around, and possibly under other non-composited elements. This manifested as position:fixed elements moving over other elements on some pages when scrolling, when they should have moved behind. Fix by expanding the overlap map entry for position:fixed elements to create an rect for the area they cover at all scroll locations, taking min and max scroll offsets into account. Also add a couple more LOG(Compositing) statements. Tests: compositing/layer-creation/fixed-overlap-extent-rtl.html compositing/layer-creation/fixed-overlap-extent.html * rendering/RenderLayerCompositor.cpp: (WebCore::fixedPositionOffset): (WebCore::RenderLayerCompositor::computeExtent): (WebCore::RenderLayerCompositor::needsFixedRootBackgroundLayer): (WebCore::RenderLayerCompositor::rootBackgroundTransparencyChanged): 2015-07-24 Matthew Hanson Merge r187219. rdar://problem/21032083 2015-07-23 Timothy Horton Try to fix the build * platform/spi/cocoa/QuartzCoreSPI.h: 2015-07-24 Matthew Hanson Merge r187216. rdar://problem/21032083 2015-07-22 Tim Horton Try to fix the build * platform/spi/cocoa/QuartzCoreSPI.h: 2015-07-24 Matthew Hanson Merge r187215. rdar://problem/21032083 2015-07-22 James Savage Use updated CoreAnimation snapshot SPI. https://bugs.webkit.org/show_bug.cgi?id=147197 Reviewed by Tim Horton. Patch by James Savage. * platform/spi/cocoa/QuartzCoreSPI.h: 2015-07-24 Matthew Hanson Merge r187203. rdar://problem/21012688 2015-07-22 Dean Jackson Video controls, though hidden, are still interactive when in PiP https://bugs.webkit.org/show_bug.cgi?id=147216 Reviewed by Simon Fraser. Explicitly add the PiP class to the controls container so that we can hang a pointer-events: none off it. * Modules/mediacontrols/mediaControlsiOS.css: (video::-webkit-media-controls-panel.picture-in-picture): Add a pointer-events: none. * Modules/mediacontrols/mediaControlsiOS.js: (ControllerIOS.prototype.handlePresentationModeChange): Add/remove a PiP class to the controls panel when necessary. 2015-07-24 Matthew Hanson Merge r187189. rdar://problem/21567767 2015-07-22 Dean Jackson Out of bounds in WebGLRenderingContext::simulateVertexAttrib0 https://bugs.webkit.org/show_bug.cgi?id=147176 Reviewed by Oliver Hunt. Test: fast/canvas/webgl/out-of-bounds-simulated-vertexAttrib0-drawArrays.html Add overflow checking for the drawing calls, specifically the way they may simulate vertexAttrib0. * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::validateDrawArrays): Call new validation method. (WebCore::WebGLRenderingContextBase::validateDrawElements): Ditto. (WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0): New method that validates the parameters used to create the simulated attribute. (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): No need to do overflow checking here now that the validation method does it for us. (WebCore::WebGLRenderingContextBase::validateVertexAttributes): Deleted. * html/canvas/WebGLRenderingContextBase.h: Add new validation method. 2015-07-24 Matthew Hanson Merge r187173. rdar://problem/21637698 2015-07-22 Beth Dakin Animated images should animate in previews https://bugs.webkit.org/show_bug.cgi?id=147173 -and corresponding- rdar://problem/21637698 Reviewed by Dan Bernstein. New virtual function to indicate whether or not the image is animated. * platform/graphics/BitmapImage.h: * platform/graphics/Image.h: (WebCore::Image::isAnimated): 2015-07-24 Matthew Hanson Merge r187170. rdar://problem/21901076 2015-07-22 Wenson Hsieh Search fields render placeholder text improperly. https://bugs.webkit.org/show_bug.cgi?id=147192 Reviewed by Alexey Proskuryakov. Due to changes in the way AppKit renders search inputs, we must now explicitly set the placeholder text of a search input rendered using the Mac theme to be an empty string when rendering the search input box (not including the actual placeholder text). * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::setSearchCellState): Force the placeholder text of the NSSearchFieldCell for the Mac theme to be an empty string. 2015-07-24 Matthew Hanson Merge r187144. rdar://problem/21931728 2015-07-21 Dean Jackson Default media controls use a serif font, which seems wrong https://bugs.webkit.org/show_bug.cgi?id=147179 Reviewed by Simon Fraser. The captions menu (and other text) should use a system style, -webkit-small-control. * Modules/mediacontrols/mediaControlsApple.css: (::-webkit-media-controls): 2015-07-24 Lucas Forschler Merge r187133 2015-07-21 Benjamin Poulain StyleSheetContents::wrapperInsertRule() can create rules that overflow RuleData's selector index https://bugs.webkit.org/show_bug.cgi?id=147144 Reviewed by Alex Christensen. RuleData identifies selectors by the index in a large array. The index only has 13 bits so rules with more than 8192 selectors should be split. One of the paths was not splitting the rule: StyleSheetContents::wrapperInsertRule(). When rules with too many selectors were added, the index would overflow and some RuleData would point to selectors in the middle of selector chains. The resulting behavior is random based on the selectors and the DOM. We cannot easily fix that because the CSS OM API do not expect to create several rules in response to calls to the API. In this patch, I don't do anything fancy and just let the calls fail if we cannot use the rules safely. Content Extensions were also running into this problem. Large Selector lists are pretty common, and ContentExtensionStyleSheet::addDisplayNoneSelector() was overflowing the RuleData, creating broken page. Unlike CSSOM, there is no problem with splitting rules coming from Content Extensions. Instead of creating new APIs for that case, I rely on the parser to extend the StyleSheetContents. That code already knows how to break rules correctly. Tests: fast/css/insert-rule-overflow-rule-data.html http/tests/contentextensions/css-display-none-overflows-rule-data-1.html http/tests/contentextensions/css-display-none-overflows-rule-data-2.html * contentextensions/ContentExtensionStyleSheet.cpp: (WebCore::ContentExtensions::ContentExtensionStyleSheet::addDisplayNoneSelector): * css/StyleSheetContents.cpp: (WebCore::StyleSheetContents::wrapperInsertRule): 2015-07-23 Lucas Forschler Merge r187130 2015-07-21 Jon Honeycutt [iOS] Keyboard bold/italic/underline keys don't highlight after being tapped to style a selection https://bugs.webkit.org/show_bug.cgi?id=147164 Reviewed by Ryosuke Niwa. * editing/cocoa/EditorCocoa.mm: (WebCore::Editor::styleForSelectionStart): Use adjustedSelectionStartForStyleComputation(), which will ensure that we're at the start of the selected node, not at the end of the node before the selection. 2015-07-23 Lucas Forschler Merge r187116 2015-07-21 Said Abou-Hallawa REGRESSION (r172417, r184065): Multiple rendering issues with fixed attached background-image https://bugs.webkit.org/show_bug.cgi?id=147049 Reviewed by Simon Fraser. The fixed-attached background-image rendering is special. In general, to display it, the destinationSize should be set to visibleContentSize. The destinationLocation should be set such that the background-image does not move with scrolling. The topContentInset should be subtracted from the destinationLocation such that background-image can be rendered blurred in the topContentArea. However there are cases in which these rules have to be changed. -- destinationSize: In the case of fixed layout size, the fixedLayoutSize is bigger than the visibleContentSize. In this case, if the background-image belongs to the root element, the destinationSize has to be set to fixedLayoutSize. Otherwise it has to be set to the borderBoxSize unless the overflow is hidden. -- destinationLocation: If the background-image belongs to the root element, no scroll offset to added to destinationLocation. For non-root element case, FrameView::documentScrollOffsetRelativeToViewOrigin() should be used if no page scaling is applied. Otherwise FrameView::scrollOffsetForFixedPosition() should be used instead. Tests: platform/mac-wk2/tiled-drawing/fixed-layout-size-fixed-attachment-cover.html platform/mac-wk2/tiled-drawing/fixed-layout-size-fixed-attachment-local.html * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry): Ensure the geometry for the fixed-attached background-image is calculated correctly. * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateGeometry): Ensure the background layer gets the correct size for the fixedLayoutSize mode. 2015-07-23 Lucas Forschler Merge r186981 2015-07-17 Zalan Bujtas (display: block)input range's thumb disappears when moved. https://bugs.webkit.org/show_bug.cgi?id=146896 Reviewed by Simon Fraser. Since the thumb is positioned after the layout for the input (shadow) subtree is finished, the repaint rects issued during the layout will not cover the re-positioned thumb. We need to issue a repaint soon after the thumb is re-positioned. Test: fast/repaint/block-inputrange-repaint.html * html/shadow/SliderThumbElement.cpp: (WebCore::RenderSliderContainer::layout): == Rolled over to ChangeLog-2015-07-23 ==