2016-04-22 Matthew Hanson Merge r199881. rdar://problem/25879498 2016-04-22 Antti Koivisto REGRESSION (r194898): Multi download of external SVG defs file by xlinks:href (caching) https://bugs.webkit.org/show_bug.cgi?id=156368 Reviewed by Simon Fraser. We would load svg resources with fragment identifier again because the encoding never matched. Test: http/tests/svg/svg-use-external.html * loader/TextResourceDecoder.cpp: (WebCore::TextResourceDecoder::setEncoding): (WebCore::TextResourceDecoder::hasEqualEncodingForCharset): Encoding can depend on mime type. Add a comparison function that takes this into account. (WebCore::findXMLEncoding): * loader/TextResourceDecoder.h: (WebCore::TextResourceDecoder::encoding): * loader/cache/CachedCSSStyleSheet.h: * loader/cache/CachedResource.h: (WebCore::CachedResource::textResourceDecoder): Add a way to get the TextResourceDecoder from a cached resource. * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::determineRevalidationPolicy): Use the new comparison function. * loader/cache/CachedSVGDocument.h: * loader/cache/CachedScript.h: * loader/cache/CachedXSLStyleSheet.h: 2016-03-31 Matthew Hanson Roll out r191180. rdar://problem/25448882 Landed on behalf of Chris Dumez. * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::StartTagScanner::shouldPreload): (WebCore::TokenPreloadScanner::tagIdFor): Deleted. (WebCore::TokenPreloadScanner::initiatorFor): Deleted. (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): Deleted. (WebCore::TokenPreloadScanner::StartTagScanner::resourceType): Deleted. * html/parser/HTMLPreloadScanner.h: 2016-03-30 Matthew Hanson Merge r198687. rdar://problem/25448871 2016-03-25 Brady Eidson Soften push/replaceState frequency restrictions. and https://bugs.webkit.org/show_bug.cgi?id=155901 Rubber-stamped by Timothy Hatcher. Covered by existing LayoutTests and a new Manual Test. * page/History.cpp: (WebCore::History::stateObjectAdded): Allow 100 state object operations every 30 seconds. * page/History.h: 2016-03-18 Brent Fulgham Merge r192285. * dom/ContainerNode.cpp: (WebCore::ContainerNode::ensurePreInsertionValidity): Added. * dom/ContainerNode.h: 2015-11-10 Pranjal Jumde Fixed crash loading Mozilla layout test editor/libeditor/crashtests/431086-1.xhtml. https://bugs.webkit.org/show_bug.cgi?id=150252 Reviewed by Brent Fulgham. * Source/WebCore/editing/ios/EditorIOS.mm * Source/WebCore/editing/mac/EditorMac.mm In Editor::fontForSelection moved the node removal code, so that the node is only removed if style is not NULL. * Source/WebCore/editing/cocoa/EditorCocoa.mm In Editor::styleForSelectionStart checking if the parentNode can accept the styleElement node. 2016-03-18 Brent Fulgham Unreviewed build fix. Get rid of infinitely recursive 'draw' implementation. * platform/graphics/Image.cpp: (WebCore::Image::draw): Deleted. * platform/graphics/Image.h: 2016-03-18 Babak Shafiei Merge r198377. 2016-03-17 Brent Fulgham [XSS Auditor] Off by one in XSSAuditor::canonicalizedSnippetForJavaScript() https://bugs.webkit.org/show_bug.cgi?id=155624 Unreviewed merge from Blink (patch by Tom Sepez ): Test: http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html * html/parser/XSSAuditor.cpp: (WebCore::XSSAuditor::canonicalizedSnippetForJavaScript): Correct off-by-one error. 2016-03-18 Babak Shafiei Merge r198372. 2016-03-17 Zalan Bujtas Don't initiate a style recall while drawing text https://bugs.webkit.org/show_bug.cgi?id=155618 Reviewed by Simon Fraser. This patch ensures that we don't initiate a style recalc while in the middle of text drawing. Test: fast/canvas/crash-while-resizing-canvas.html * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::drawTextInternal): 2016-03-18 Babak Shafiei Merge r198370. 2016-03-17 Eric Carlson Improve some metadata tests https://bugs.webkit.org/show_bug.cgi?id=155616 Reviewed by Saam Barati. * html/track/DataCue.cpp: (WebCore::DataCue::DataCue): (WebCore::DataCue::setData): 2016-03-18 Babak Shafiei Merge r198361. 2016-03-17 Brent Fulgham Some media tests are flaky. https://bugs.webkit.org/show_bug.cgi?id=155614 Reviewed by Eric Carlson. * html/track/TextTrack.cpp: (WebCore::TextTrack::~TextTrack): 2016-03-18 Babak Shafiei Merge r192770. 2015-11-25 Pranjal Jumde Checks for buffer-overflows when reading characters from textRun https://bugs.webkit.org/show_bug.cgi?id=151055 Reviewed by Myles C. Maxfield. Prevents an off by one error when adding the last font data to the GlyphBuffer. * Source/WebCore/platform/graphics/WidthIterator.cpp: * Source/WebCore/platform/graphics/FontCascade.cpp: 2016-03-18 Babak Shafiei Merge r192499. 2015-11-16 Pranjal Jumde Fixes the buffer-overflow when reading characters from textRun https://bugs.webkit.org/attachment.cgi?bugid=151055 Reviewed by Brent Fulgham. * platform/graphics/FontCascade.cpp 2016-03-18 Babak Shafiei Merge r192252. 2015-11-10 Zalan Bujtas Force display: block on ::-webkit-media-controls. https://bugs.webkit.org/show_bug.cgi?id=149178 Reviewed by Simon Fraser. This patch ensures that we always have a block level container for media controls so that continuation never needs to split RenderMedia into multiple subtrees. Current inline continuation logic assumes that only inline elements with RenderInline type of renderers participate in continuation. This is mostly the case since other inline renderers such as RenderReplaced, RenderImage, RenderEmbeddedObject etc can't have (accessible) children. (Unlike video::-webkit-media-controls) Test: media/webkit-media-controls-display.html * Modules/mediacontrols/mediaControlsApple.css: (::-webkit-media-controls): * Modules/mediacontrols/mediaControlsiOS.css: (::-webkit-media-controls): * css/mediaControls.css: (::-webkit-media-controls): 2016-03-18 Babak Shafiei Merge r192853. 2015-11-30 Simon Fraser Fix possible crash with animated layers in reflections https://bugs.webkit.org/show_bug.cgi?id=151689 rdar://problem/23018612 Reviewed by Darin Adler. Reflections create additional PlatformCALayers whose owner is set to the GraphicsLayerCA. Those PlatformCALayers need their owner pointer cleared out when the GraphicsLayerCA is destroyed. Tested by compositing/reflections/nested-reflection-transition.html * platform/graphics/ca/GraphicsLayerCA.cpp: * platform/graphics/ca/GraphicsLayerCA.h: 2016-03-16 Matthew Hanson Merge r188574. rdar://problem/25070230 2015-08-17 Alex Christensen WinCairo build fix after r188566 * platform/graphics/win/FontPlatformDataCairoWin.cpp: (WebCore::FontPlatformData::FontPlatformData): Remove reference to removed m_isCompositeFontReference. 2016-03-16 Matthew Hanson Merge r188566. rdar://problem/25070230 2015-08-17 Myles C. Maxfield [OS X] Remove support for composite fonts https://bugs.webkit.org/show_bug.cgi?id=147920 Reviewed by Dan Bernstein. Composite fonts were first introduced in [1]. These composite fonts are extremely rare because: 1. None of the preinstalled fonts on either OS X nor iOS are composite fonts, 2. WebKit does not support loading web fonts from composite font files, and 3. WebKit's support only ever existed on OS X (none of the other ports). In fact, no one I've consulted with has ever seen any of these fonts used in the wild. The fonts also require a fundamentally broken code path, and add complexity to WebKit. [1] https://bugs.webkit.org/attachment.cgi?id=134923&action=review No new tests. * platform/graphics/Font.h: * platform/graphics/FontPlatformData.cpp: (WebCore::FontPlatformData::FontPlatformData): Deleted. (WebCore::FontPlatformData::operator=): Deleted. * platform/graphics/FontPlatformData.h: (WebCore::FontPlatformData::isCompositeFontReference): Deleted. (WebCore::FontPlatformData::operator==): Deleted. * platform/graphics/cocoa/FontCocoa.mm: (WebCore::Font::compositeFontReferenceFont): Deleted. * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::FontPlatformData): Deleted. (WebCore::FontPlatformData::setFont): Deleted. * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::shouldUseCoreText): (WebCore::GlyphPage::fill): 2016-03-16 Matthew Hanson Merge r192054. rdar://problem/25152937 * rendering/OrderIterator.cpp: (WebCore::OrderIterator::next): 2016-02-26 Babak Shafiei Roll out r196637. rdar://problem/24494562 2016-02-26 Babak Shafiei Merge patch for rdar://problem/24826901. 2016-02-19 Matthew Hanson Merge r196703. rdar://problem/24623986 2016-02-17 Eric Carlson [Win] Allow ports to disable automatic text track selection https://bugs.webkit.org/show_bug.cgi?id=154322 Reviewed by Brent Fulgham. * page/CaptionUserPreferencesMediaAF.cpp: (MTEnableCaption2015BehaviorPtr): Implement for Windows. 2016-02-12 Babak Shafiei Merge patch for rdar://problem/24626412. 2016-02-12 Brent Fulgham [Win] Correct internal branch build failure. Work around some C++11 compiler limitations in VS2013. Fix the Windows build for the new element code. Correct some AVFoundationCF changes that were not properly updated in this branch. * DerivedSources.cpp: Add missing files. * WebCore.vcxproj/WebCore.vcxproj: Ditto. * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto. * css/CSSAllInOne.cpp: Ditto. * html/HTMLElementsAllInOne.cpp: Ditto. * platform/graphics/FontCache.h: Work around VS2013 bugs. (WebCore::FontDescriptionFontDataCacheKey::FontDescriptionFontDataCacheKey): * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.cpp: (WebCore::CDMSessionAVFoundationCF::CDMSessionAVFoundationCF): Correct signature that was not fixed for Windows in this branch. * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.h: (WebCore::CDMSessionAVFoundationCF::~CDMSessionAVFoundationCF): * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp: (WebCore::MediaPlayerPrivateAVFoundationCF::takeRequestForKeyURI): (WebCore::MediaPlayerPrivateAVFoundationCF::createSession): * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.h: * platform/graphics/win/FontCustomPlatformData.cpp: 2016-02-12 Matthew Hanson Merge r196401. rdar://problem/24611749 2016-02-10 Eric Carlson Update "manual" caption track logic https://bugs.webkit.org/show_bug.cgi?id=154084 Reviewed by Dean Jackson. No new tests, media/track/track-manual-mode.html was updated. * English.lproj/Localizable.strings: Add new string. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::addTextTrack): track.setManualSelectionMode is no more. (WebCore::HTMLMediaElement::configureTextTrackGroup): Never enable a track automatically when in manual selection mode. (WebCore::HTMLMediaElement::captionPreferencesChanged): track.setManualSelectionMode is no more. * html/track/TextTrack.cpp: (WebCore::TextTrack::containsOnlyForcedSubtitles): Return true for forced tracks. (WebCore::TextTrack::kind): Deleted. * html/track/TextTrack.h: * html/track/TrackBase.h: (WebCore::TrackBase::kind): De-virtualize, nobody overrides it. * page/CaptionUserPreferencesMediaAF.cpp: (WebCore::trackDisplayName): Include "forced" in the name of forced tracks. * platform/LocalizedStrings.cpp: (WebCore::forcedTrackMenuItemText): New. * platform/LocalizedStrings.h: 2016-02-10 Matthew Hanson Merge r196226. rdar://problem/24417430 2016-02-06 Beth Dakin ScrollbarPainters needs to be deallocated on the main thread https://bugs.webkit.org/show_bug.cgi?id=153932 -and corresponding- rdar://problem/24015483 Reviewed by Dan Bernstein. Darin pointed out that this was still race-y. There was still a race condition between the destruction of the two local variables and the destruction of the lambda on the main thread. This should fix that. * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h: * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm: (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac): (WebCore::ScrollingTreeFrameScrollingNodeMac::releaseReferencesToScrollbarPaintersOnTheMainThread): (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren): 2016-02-10 Matthew Hanson Merge r196208. rdar://problem/24417430 2016-02-05 Beth Dakin ScrollbarPainters needs to be deallocated on the main thread https://bugs.webkit.org/show_bug.cgi?id=153932 -and corresponding- rdar://problem/24015483 Reviewed by Geoff Garen. Follow-up fix since the first one was still race-y. * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm: (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac): (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren): 2016-02-10 Matthew Hanson Merge r196206. rdar://problem/24417430 2016-02-05 Beth Dakin ScrollbarPainters needs to be deallocated on the main thread https://bugs.webkit.org/show_bug.cgi?id=153932 -and corresponding- rdar://problem/24015483 Reviewed by Tim Horton. Ensure the the destructor of ScrollingTreeFrameScrollingNodeMac and the assignments done in this class are not responsible for deallocating the ScrollbarPainter. * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm: (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac): (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren): 2016-02-09 Babak Shafiei Merge r190616. 2015-10-06 Brent Fulgham [Win] Correct positioning error introduced in r190235 https://bugs.webkit.org/show_bug.cgi?id=149631 Reviewed by Simon Fraser. Covered by existing compositing tests: css3/filters/clipping-overflow-scroll-with-pixel-moving-effect-on.html fast/layers/no-clipping-overflow-hidden-added-after-transform.html fast/layers/no-clipping-overflow-hidden-added-after-transition.html fast/layers/no-clipping-overflow-hidden-hardware-acceleration.html transforms/2d/preserve3d-not-fixed-container.html * platform/graphics/ca/TileGrid.cpp: (TileGrid::platformCALayerPaintContents): No need to do this extra flipping step on Windows. * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp: (PlatformCALayerWinInternal::displayCallback): We should always flip the coordinate system when drawing these layers on Windows. (shouldInvertBeforeDrawingContent): Deleted. * platform/graphics/ca/win/WebTiledBackingLayerWin.cpp: (WebTiledBackingLayerWin::displayCallback): We do not need to flip coordinates for these tiled layers; that's already accounted for in common tile drawing code. 2016-02-09 Babak Shafiei Merge patch for rdar://problem/24563410. 2016-02-09 Brent Fulgham Remove unused code in r187245 When merging r187245, we accidentally revived three functions that had been removed in a prior commit. This broke the Windows build on this branch. * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp: (PlatformCALayerWinInternal::drawTile): Deleted. (PlatformCALayerWinInternal::createTileController): Deleted. (PlatformCALayerWinInternal::tiledBacking): Deleted. 2016-02-08 Babak Shafiei Merge r187245. 2015-07-23 Brent Fulgham [Win] Implement High DPI support features https://bugs.webkit.org/show_bug.cgi?id=146335 Reviewed by Alex Christensen. * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp: (WebCore::PlatformCALayerWinInternal::drawTile): Don't translate the CGContext to the position of the CACFLayerRef; the underlying context is already in the right position. * platform/win/PlatformMouseEventWin.cpp: Update class to adjust mouse event coordinates based on scaling factor. (WebCore::deviceScaleFactor): (WebCore::positionForEvent): * platform/win/ScrollbarThemeWin.cpp: (WebCore::scrollbarThicknessInPixels): (WebCore::ScrollbarThemeWin::scrollbarThickness): (WebCore::ScrollbarThemeWin::themeChanged): * platform/win/WheelEventWin.cpp: Update class to adjust wheel event coordinates based on scaling factor. (WebCore::deviceScaleFactor): (WebCore::positionForEvent): (WebCore::globalPositionForEvent): (WebCore::PlatformWheelEvent::PlatformWheelEvent): 2016-02-03 Matthew Hanson Merge r196010. rdar://problem/24417428 2016-02-02 Eric Carlson Allow ports to disable automatic text track selection https://bugs.webkit.org/show_bug.cgi?id=153761 Reviewed by Darin Adler. Test: media/track/track-manual-mode.html * Modules/mediacontrols/MediaControlsHost.cpp: (WebCore::MediaControlsHost::manualKeyword): New. (WebCore::MediaControlsHost::captionDisplayMode): Support 'manual' mode. * Modules/mediacontrols/MediaControlsHost.h: * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.buildCaptionMenu): Check the 'off' item when in manual mode. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::addTextTrack): Update m_captionDisplayMode when called for the first time so it is always correct. Set the track's manual selection mode as appropriate. (WebCore::HTMLMediaElement::captionPreferencesChanged): Set each track's manual selection mode as appropriate. * html/track/TextTrack.cpp: (WebCore::TextTrack::kind): Return 'subtitles' for forced tracks when in manual mode. * html/track/TextTrack.h: * html/track/TrackBase.h: (WebCore::TrackBase::kind): Make virtual. * page/CaptionUserPreferences.cpp: (WebCore::CaptionUserPreferences::beginBlockingNotifications): New. (WebCore::CaptionUserPreferences::endBlockingNotifications): Ditto. (WebCore::CaptionUserPreferences::notify): Don't notify when blocked. * page/CaptionUserPreferences.h: * page/CaptionUserPreferencesMediaAF.cpp: (WebCore::CaptionUserPreferencesMediaAF::CaptionUserPreferencesMediaAF): Set manual mode when appropriate. (WebCore::CaptionUserPreferencesMediaAF::captionDisplayMode): Check manual mode. (WebCore::CaptionUserPreferencesMediaAF::setCaptionDisplayMode): Ditto. (WebCore::CaptionUserPreferencesMediaAF::setPreferredLanguage): Ditto. (WebCore::CaptionUserPreferencesMediaAF::textTrackSelectionScore): Return zero when in manual mode. (WebCore::CaptionUserPreferencesMediaAF::sortedTrackListForMenu): Consider manual mode. Fix typos in logging. * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::mediaDescriptionForKind): Return 'auxiliary' when in manual mode. * testing/Internals.cpp: (WebCore::Internals::setCaptionDisplayMode): Support manual mode. 2016-02-03 Matthew Hanson Merge r195912. rdar://problem/24417428 2016-01-30 Eric Carlson More than one audio and/or text track sometimes selected in media controls menu https://bugs.webkit.org/show_bug.cgi?id=153664 Use an element for the track menu item checkmark instead of a background image and the ::before selector. Reviewed by Jer Noble. Test: media/controls/track-menu.html * Modules/mediacontrols/mediaControlsApple.css: (audio::-webkit-media-controls-closed-captions-container li:hover): (audio::-webkit-media-controls-closed-captions-container li .checkmark-container): (audio::-webkit-media-controls-closed-captions-container li.selected .checkmark-container): (audio::-webkit-media-controls-closed-captions-container li.selected:hover .checkmark-container): (audio::-webkit-media-controls-closed-captions-container li.selected::before): Deleted. (audio::-webkit-media-controls-closed-captions-container li.selected:hover::before): Deleted. * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.buildCaptionMenu): (Controller.prototype.): (Controller.prototype.getCurrentControlsStatus): 2016-02-03 Matthew Hanson Merge r192570. rdar://problem/24417428 2015-11-18 Aaron Chu AX: Shadow DOM video player controls menus need aria-owns on the trigger buttons https://bugs.webkit.org/show_bug.cgi?id=127065 Reviewed by Darin Adler. Test: media/accessibility-closed-captions-has-aria-owns.html * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.createControls): (Controller.prototype.buildCaptionMenu): * Modules/mediacontrols/mediaControlsBase.js: (Controller.prototype.createControls): (Controller.prototype.buildCaptionMenu): 2016-02-01 Matthew Hanson Merge r195837. rdar://problem/24002220 2016-01-29 Brent Fulgham [WebGL] Check vertex array bounds before permitting a glDrawArrays to execute https://bugs.webkit.org/show_bug.cgi?id=153643 Reviewed by Dean Jackson. Tested by fast/canvas/webgl/webgl-drawarrays-crash.html. * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::validateDrawArrays): Make sure that we have at least one buffer bound to a program if a drawArray call with a non-zero range of requested data is being made. (WebCore::WebGLRenderingContextBase::validateDrawElements): Drive-by formatting fix. 2016-01-31 Babak Shafiei Merge patch for rdar://problem/24426332 and rdar://problem/24209109. 2016-01-31 Babak Shafiei Roll out r195817. 2016-01-29 Babak Shafiei Merge r194479. 2016-01-01 Jeff Miller Update user-visible copyright strings to include 2016 https://bugs.webkit.org/show_bug.cgi?id=152531 Reviewed by Alexey Proskuryakov. * Info.plist: 2016-01-29 Babak Shafiei Merge r195615. 2016-01-20 Andy Estes Re-enable synchronous popstate event for safari-601-branch https://bugs.webkit.org/show_bug.cgi?id=153297 rdar://problem/24154417 Reviewed by Brent Fulgham. r192369 made the popstate event dispatch asynchronously, which matches what the HTML5 spec says to do. However, due to compatibility regressions, we do not want to include this behavior change in safari-601-branch. This change reverts r192369's changes to Document.cpp, but retains the new tests. This change is intended only for safari-601-branch and its copies. The popstate event should remain asynchronous in trunk. Firing popstate synchronously makes both fast/loader/remove-iframe-during-history-navigation-different. Html and fast/loader/remove-iframe-during-history-navigation-same.html crash, because their onpopstate handlers remove frames from the document that will later be accessed by HistoryController::recursiveGoToItem(). To prevent the crashes, this change does two things: 1. Keep a reference to the current frame inside FrameLoader::loadSameDocumentItem(), since calling loadInSameDocument() might otherwise delete it. 2. Handle a null frame when iterating a HistoryItem's child frames in HistoryController::recursiveGoToItem(), since calling goToItem() on one frame might cause another frame to be deleted. Covered by existing tests. fast/loader/stateobjects/popstate-is-asynchronous-expected.txt was updated to expect popstate to be synchronous. * dom/Document.cpp: (WebCore::Document::enqueuePopstateEvent): * loader/FrameLoader.cpp: (WebCore::FrameLoader::loadSameDocumentItem): * loader/HistoryController.cpp: (WebCore::HistoryController::recursiveGoToItem): 2016-01-29 Babak Shafiei Merge patch for rdar://problem/24394636. 2016-01-28 Babak Shafiei Merge r192700. 2015-11-20 Brent Fulgham [Win] Support High DPI drawing with CACFLayers https://bugs.webkit.org/show_bug.cgi?id=147242 Reviewed by Simon Fraser. * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp: (WebCore::WKCACFViewLayerTreeHost::initializeContext): Set correct content scale factor for current screen, and apply an appropriate base transform to the CACFLayer so drawing operations are done properly. 2016-01-28 Babak Shafiei Merge r194235. 2015-12-17 Brent Fulgham [Win] Prevent flashing/strobing repaints on certain hardware https://bugs.webkit.org/show_bug.cgi?id=152394 Reviewed by Simon Fraser. This patch reverts a change I made in r192166, where I always set the m_viewNeedsUpdate flag to true when a 'flushContext' call was made. Instead, we should go back to letting the view decide when it needs to paint. * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp: (WebCore::WKCACFViewLayerTreeHost::flushContext): Don't just claim that the view needs to be updated any time we are asked to flush. 2016-01-28 Babak Shafiei Merge r192166. 2015-11-09 Brent Fulgham [Win] Recognize context flush as an event that requires an update https://bugs.webkit.org/show_bug.cgi?id=151001 Reviewed by Simon Fraser. * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp: (WebCore::WKCACFViewLayerTreeHost::flushContext): Mark view as needing an update when flushing so internal drawing code will do the paint. * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::paintIntoLayer): Skip WK2 assert that does not apply to Windows drawing path. 2016-01-28 Matthew Hanson Merge r195710. rdar://problem/24337780 2016-01-27 Babak Shafiei Merge r195625. 2016-01-26 Brady Eidson History.pushState causes intense memory pressure. https://bugs.webkit.org/show_bug.cgi?id=153435 Reviewed by Sam Weinig, Oliver Hunt, and Geoff Garen. Tests: fast/loader/stateobjects/pushstate-frequency-iframe.html fast/loader/stateobjects/pushstate-frequency-with-user-gesture.html fast/loader/stateobjects/pushstate-frequency.html fast/loader/stateobjects/replacestate-frequency-iframe.html fast/loader/stateobjects/replacestate-frequency-with-user-gesture.html fast/loader/stateobjects/replacestate-frequency.html loader/stateobjects/pushstate-size-iframe.html loader/stateobjects/pushstate-size.html loader/stateobjects/replacestate-size-iframe.html loader/stateobjects/replacestate-size.html Add restrictions on how frequently push/replaceState can be called, as well as how much of a cumulative payload they can deliver. * bindings/js/JSHistoryCustom.cpp: (WebCore::JSHistory::pushState): (WebCore::JSHistory::replaceState): * page/History.cpp: (WebCore::History::stateObjectAdded): * page/History.h: 2016-01-26 Eric Carlson Cherry-pick r195592 and parts of r194672 to fix rdar://24154288 FaradayDotFour: Do not see AirPlay icon in Vimeo Unreviewed. * Modules/mediasession/WebMediaSessionManager.cpp: (WebCore::mediaProducerStateString): Log a new flag. (WebCore::WebMediaSessionManager::clientStateDidChange): Schedule a client reconfiguration if the 'requires monitoring', 'has listener', or 'has audio or video' flags have changed. (WebCore::WebMediaSessionManager::configurePlaybackTargetMonitoring): Start monitoring if at least one client has a listener and at least one has audio/video. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::mediaState): Set new flags. * page/MediaProducer.h: Add new flags. 2016-01-27 Matthew Hanson Merge r195609. rdar://problem/24337868 2016-01-26 Jeremy Noble [EME][Mac] Crash in [AVStreamSession addStreamDataParser:]; uncaught exception https://bugs.webkit.org/show_bug.cgi?id=153495 Reviewed by Eric Carlson. When AVContentKeySession is not available, fall back to pre-AVContentKeySession behavior; namely, immediately create an AVStreamSession object in willProvideContentKeyRequestInitializationData, rather than waiting for didProvide. * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: (WebCore::SourceBufferPrivateAVFObjC::willProvideContentKeyRequestInitializationDataForTrackID): 2016-01-27 Matthew Hanson Merge r195606. rdar://problem/24242476 2016-01-25 Dave Hyatt Speculative fixes for crashing in viewportChangeAffectedPicture https://bugs.webkit.org/show_bug.cgi?id=153450 Reviewed by Dean Jackson. Don't attach any conditions to the removal of a picture element from the document's HashSet. This ensures that if the condition is ever wrong for any reason, we'll still remove the picture element on destruction. Fix the media query evaluation to match the other evaluations (used by the preload scanner and HTMLImageElement). This includes using the document element's computed style instead of our own and also null checking the document element first. This is the likely cause of the crashes. * html/HTMLPictureElement.cpp: (WebCore::HTMLPictureElement::~HTMLPictureElement): (WebCore::HTMLPictureElement::didMoveToNewDocument): (WebCore::HTMLPictureElement::viewportChangeAffectedPicture): 2016-01-27 Matthew Hanson Merge r195477. rdar://problem/24002217 2016-01-21 Sam Weinig Treat non-https actions on secure pages as mixed content https://bugs.webkit.org/show_bug.cgi?id=153322 Reviewed by Alexey Proskuryakov. Tests: http/tests/security/mixedContent/insecure-form-in-iframe.html http/tests/security/mixedContent/insecure-form-in-main-frame.html http/tests/security/mixedContent/javascript-url-form-in-main-frame.html * html/HTMLFormElement.cpp: (WebCore::HTMLFormElement::parseAttribute): Check form actions for mixed content. * loader/MixedContentChecker.cpp: (WebCore::MixedContentChecker::checkFormForMixedContent): * loader/MixedContentChecker.h: Add new function to check and warn if a form's action is mixed content. 2016-01-27 Matthew Hanson Merge r195162. rdar://problem/24302736 2016-01-15 Jiewen Tan FrameLoaderClient::didReceiveServerRedirectForProvisionalLoadForFrame() is never called when loading a main resource from the memory cache https://bugs.webkit.org/show_bug.cgi?id=152520 Reviewed by Andy Estes. Test: http/tests/loading/server-redirect-for-provisional-load-caching.html * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::responseReceived): Dispatch message to notify client that a cached resource was redirected. So, client can make proper actions to treat server side redirection. * loader/cache/CachedRawResource.h: Add a method to tell whether the cached resource was redirected. 2016-01-27 Matthew Hanson Merge r195132. rdar://problem/24154292 2016-01-15 Dave Hyatt Avoid downloading the wrong image for elements. https://bugs.webkit.org/show_bug.cgi?id=153027 Reviewed by Dean Jackson. No tests, since they are always flaky. * html/HTMLImageElement.cpp: (WebCore::HTMLImageElement::HTMLImageElement): (WebCore::HTMLImageElement::~HTMLImageElement): (WebCore::HTMLImageElement::createForJSConstructor): (WebCore::HTMLImageElement::bestFitSourceFromPictureElement): (WebCore::HTMLImageElement::insertedInto): (WebCore::HTMLImageElement::removedFrom): (WebCore::HTMLImageElement::pictureElement): (WebCore::HTMLImageElement::setPictureElement): (WebCore::HTMLImageElement::width): * html/HTMLImageElement.h: (WebCore::HTMLImageElement::hasShadowControls): * html/HTMLPictureElement.h: * html/parser/HTMLConstructionSite.cpp: (WebCore::HTMLConstructionSite::createHTMLElement): * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): Images that are built underneath a element are now connected to that picture element via a setPictureNode call from the parser. This ensures that the correct elements are examined before checking the image. This connection between images and their picture owners is handled using a static HashMap in HTMLImageElement. This connection is made both from the parser and from DOM insertions, and the map is queried now instead of looking directly at the image's parentNode(). 2016-01-27 Matthew Hanson Merge r195075. rdar://problem/24302727 2016-01-14 Daniel Bates Disallow use of Geolocation service from unique origins https://bugs.webkit.org/show_bug.cgi?id=153102 Reviewed by Alexey Proskuryakov. Tests: fast/dom/Geolocation/dataURL-getCurrentPosition.html fast/dom/Geolocation/dataURL-watchPosition.html fast/dom/Geolocation/srcdoc-getCurrentPosition.html fast/dom/Geolocation/srcdoc-watchPosition.html http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition.html http/tests/security/sandboxed-iframe-geolocation-watchPosition.html * Modules/geolocation/Geolocation.cpp: (WebCore::Geolocation::securityOrigin): Convenience function to get the SecurityOrigin object associated with this script execution context. (WebCore::Geolocation::startRequest): Notify requester POSITION_UNAVAILABLE when requested from a document with a unique origin. * Modules/geolocation/Geolocation.h: * page/SecurityOrigin.h: (WebCore::SecurityOrigin::canRequestGeolocation): Added. 2016-01-27 Matthew Hanson Merge r194559. rdar://problem/24269083 2016-01-04 Tim Horton Turn on gesture events when building for Yosemite https://bugs.webkit.org/show_bug.cgi?id=152704 rdar://problem/24042472 Reviewed by Anders Carlsson. * Configurations/FeatureDefines.xcconfig: 2016-01-20 Babak Shafiei Merge r188377. 2015-08-12 Myles C. Maxfield [Cocoa] [CJK-configured device] System font has vertical punctuation https://bugs.webkit.org/show_bug.cgi?id=147964 Reviewed by Dean Jackson. GlyphPage::fill() has multiple code paths to accomplish its goal. It uses the shouldUseCoreText() helper function to determine which one of the paths should be taken. However, not all of the code paths in GlyphPage::fill() are able of handling all situations. Indeed, the CoreText code paths in GlyphPage::fill() are only able to handle the situations which shouldUseCoreText() returns true for. This happens in the following cases: 1. If the font is a composite font 2. If the font is used for text-combine 3. If the font has vertical glyphs In r187693, I added one more case to this list: If the font is the system font. However, I failed to add the necessary support to GlyphPage::fill() for this case. Becasue of this, we just happened to fall into the case of vertical fonts (just by coincidence), which causes us to use CTFontGetVerticalGlyphsForCharacters() instead of CTFontGetGlyphsForCharacters(). The solution is to adopt the same behavior we were using before r187693. Back then, we were using CGFontGetGlyphsForUnichars(), which always returned horizontal glyphs. We should simply adopt this same behavior, except in the Core Text case. Therefore, this patch is just a simple check to see if we are using the system font when determining which Core Text function to use. Test: fast/text/system-font-punctuation.html * platform/graphics/FontDescription.h: (WebCore::FontDescription::setWidthVariant): * platform/graphics/FontPlatformData.h: (WebCore::FontPlatformData::isForTextCombine): * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::shouldUseCoreText): (WebCore::GlyphPage::fill): * rendering/RenderCombineText.cpp: (WebCore::RenderCombineText::combineText): 2016-01-20 Babak Shafiei Merge r188263. 2015-08-11 Myles C. Maxfield [iOS] Arabic letter Yeh is drawn in LastResort https://bugs.webkit.org/show_bug.cgi?id=147862 Reviewed by Darin Adler. In order to perform font fallback, we must know which fonts support which characters. We perform this check by asking each font to map a sequence of codepoints to glyphs, and any glyphs which end up with a 0 value are unsupported by the font. One of the mechanisms that we use to do this is to combine the code points into a string, and tell Core Text to lay out the string. However, this is fundamentally a different operation than the one we are trying to perform. Strings combine adjacent codepoints into grapheme clusters, and CoreText operates on these. However, we are trying to gain information regarding codepoints, not grapheme clusters. Instead of taking this string-based approach, we should try harder to use Core Text functions which operate on ordered collections of characters, rather than strings. In particular, CTFontGetGlyphsForCharacters() and CTFontGetVerticalGlyphsForCharacters() have the behavior we want where any unmapped characters end up with a 0 value glyph. Previously, we were only using the result of those functions if they were successfully able to map their entire input. However, given the fact that we can degrade gracefully in the case of a partial mapping, we shouldn't need to bail completely to the string-based approach should a partial mapping occur. At some point we should delete the string-based approach entirely. However, this path is still explicitly used for composite fonts. Fixing that use case is out of scope for this patch. Test: fast/text/arabic-glyph-cache-fill-combine.html * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::GlyphPage::fill): 2016-01-20 Timothy Hatcher CrashTracer: com.apple.WebKit.WebContent at …pector::CSSFrontendDispatcher::mediaQueryResultChanged + 316 Reviewed by Joseph Pecoraro. * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::willDestroyFrontendAndBackend): Call disable(). (WebCore::InspectorCSSAgent::mediaQueryResultChanged): Add null check. 2016-01-20 Matthew Hanson Merge r195066. rdar://problem/24154288 2016-01-20 Matthew Hanson Rollout r192200 via r195067. rdar://problem/24154288 2016-01-20 Matthew Hanson Rollout r195068. rdar://problem/24154288 2016-01-14 Matthew Hanson Merge r194672. rdar://problem/24154288 2016-01-06 Eric Carlson AirPlay route availability event not always sent https://bugs.webkit.org/show_bug.cgi?id=152802 Reviewed by Jer Noble. Test: media/airplay-target-availability.html * Modules/mediasession/WebMediaSessionManager.cpp: (WebCore::mediaProducerStateString): Log the new flags. (WebCore::WebMediaSessionManager::clientStateDidChange): Schedule a client reconfiguration if the 'requires monitoring', 'has listener', or 'has audio or video' flags have changed. (WebCore::WebMediaSessionManager::configurePlaybackTargetMonitoring): Start monitoring if at least one client has a listener and at least one has audio/video. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::mediaState): Set new flags. * html/HTMLMediaElement.h: * page/MediaProducer.h: Define new flags. Add new state enum. * platform/graphics/MediaPlaybackTargetContext.h: Initial state is "Unknown". * platform/mock/MediaPlaybackTargetMock.h: * platform/mock/MediaPlaybackTargetPickerMock.cpp: (WebCore::MediaPlaybackTargetPickerMock::externalOutputDeviceAvailable): Enums not bitfields. (WebCore::MediaPlaybackTargetPickerMock::startingMonitoringPlaybackTargets): Ditto. Don't make device change callback if the device state is "Unknown". (WebCore::MediaPlaybackTargetPickerMock::setState): Ditto. * platform/mock/MediaPlaybackTargetPickerMock.h: * testing/Internals.cpp: (WebCore::Internals::setMockMediaPlaybackTargetPickerState): Support new state. 2016-01-13 Matthew Hanson Merge r194927. rdar://problem/24101254 2016-01-12 Daniel Bates XSS Auditor should navigate to empty substitute data on full page block https://bugs.webkit.org/show_bug.cgi?id=152868 Reviewed by David Kilzer and Andy Estes. Derived from Blink patch (by Tom Sepez ): Test: http/tests/security/xssAuditor/block-does-not-leak-that-page-was-blocked-using-empty-data-url.html * html/parser/XSSAuditorDelegate.cpp: (WebCore::XSSAuditorDelegate::didBlockScript): Modified to call NavigationScheduler::schedulePageBlock(). * loader/NavigationScheduler.cpp: (WebCore::ScheduledPageBlock::ScheduledPageBlock): Added. (WebCore::NavigationScheduler::schedulePageBlock): Navigate to empty substitute data with the same URL as the originating document. * loader/NavigationScheduler.h: 2016-01-13 Matthew Hanson Merge r194898. rdar://problem/24154290 2016-01-12 Antti Koivisto Don't reuse memory cache entries with different charset https://bugs.webkit.org/show_bug.cgi?id=110031 rdar://problem/13666418 Reviewed by Andreas Kling. Test: fast/loader/cache-encoding.html * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::requestResource): (WebCore::logResourceRevalidationDecision): (WebCore::CachedResourceLoader::determineRevalidationPolicy): Pass full CachedResourceRequest to the function. If charset differs don't reuse the cache entry. * loader/cache/CachedResourceLoader.h: 2016-01-13 Matthew Hanson Merge r194865. rdar://problem/24154291 2016-01-11 Dave Hyatt Picture element needs to work with the preload scanner and select the correct source element instead of loading the image. https://bugs.webkit.org/show_bug.cgi?id=152983 Reviewed by Dean Jackson. Added new tests in http/tests/loading. * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::tagIdFor): (WebCore::TokenPreloadScanner::initiatorFor): (WebCore::TokenPreloadScanner::StartTagScanner::StartTagScanner): (WebCore::TokenPreloadScanner::StartTagScanner::processAttributes): (WebCore::TokenPreloadScanner::StartTagScanner::processImageAndScriptAttribute): (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): (WebCore::TokenPreloadScanner::StartTagScanner::resourceType): (WebCore::TokenPreloadScanner::scan): * html/parser/HTMLPreloadScanner.h: (WebCore::TokenPreloadScanner::setPredictedBaseElementURL): (WebCore::TokenPreloadScanner::inPicture): 2016-01-13 Matthew Hanson Merge r191180. rdar://problem/24154291 2015-10-16 Chris Dumez HTMLPreloadScanner should preload iframes https://bugs.webkit.org/show_bug.cgi?id=150097 Reviewed by Antti Koivisto. HTMLPreloadScanner should preload iframes to decrease page load time. Tests: - fast/preloader/frame-src.html - http/tests/loading/preload-no-store-frame-src.html * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::tagIdFor): (WebCore::TokenPreloadScanner::initiatorFor): (WebCore::TokenPreloadScanner::StartTagScanner::createPreloadRequest): (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): (WebCore::TokenPreloadScanner::StartTagScanner::resourceType): (WebCore::TokenPreloadScanner::StartTagScanner::setUrlToLoad): Deleted. (WebCore::TokenPreloadScanner::StartTagScanner::charset): Deleted. * html/parser/HTMLPreloadScanner.h: 2016-01-13 Matthew Hanson Merge r190641. rdar://problem/24154291 2015-10-06 Chris Dumez Refactor TokenPreloadScanner::StartTagScanner::processAttribute() https://bugs.webkit.org/show_bug.cgi?id=149847 Reviewed by Antti Koivisto. Refactor TokenPreloadScanner::StartTagScanner::processAttribute() to only process attributes that make sense given the current tagId. In particular, - We only process the charset parameter if the tag is a link or a script. - We only process the sizes / srcset attributes if the tag is an img. * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): (WebCore::TokenPreloadScanner::StartTagScanner::setUrlToLoad): Deleted. 2016-01-12 Matthew Hanson Merge r194751. rdar://problem/24043054 2016-01-07 Brent Fulgham Correct missing EXT_sRGB Format Handling https://bugs.webkit.org/show_bug.cgi?id=152876 Reviewed by Alex Christensen. Tested by WebGL 1.0.4 suite. * platform/graphics/GraphicsContext3D.cpp: (getDataFormat): Handle missing SRGB and SRGB_ALPHA cases. * platform/graphics/GraphicsContext3D.h: Add missing SRGB_ALPHA value from the Khronos standard. * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp: (WebCore::GraphicsContext3D::texImage2D): Add an assertion that we are not being handed an internal format to a method that works with normal formats. 2016-01-12 Matthew Hanson Merge r194745. rdar://problem/24101258 2016-01-07 Jer Noble [EME] Secure stop information not written to disk https://bugs.webkit.org/show_bug.cgi?id=152855 Reviewed by Eric Carlson. Two separate bugs for the two APIs provided by AVFoundation. For the AVStreamSession path, we were not calling the lazy-creation function which creates the AVStreamSession, and were rather accessing the ivar directly. For the AVContentKeySession, we were not creating the intermediate paths containing the secure stop database. * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm: (WebCore::CDMSessionAVContentKeySession::contentKeySession): * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setCDMSession): 2016-01-12 Matthew Hanson Merge r194910. rdar://problem/24101255 2016-01-11 Matthew Hanson Merge r194666. rdar://problem/24101185 2016-01-06 Brent Fulgham Port blocking bypass issue using 307 redirect https://bugs.webkit.org/show_bug.cgi?id=152801 Reviewed by Anders Carlsson. Tested by http/tests/security/blocked-on-redirect.html. Make sure that 307 redirects check the requested URL via 'portAllowed'. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): Confirm that the requested port is valid, and block load if it is not. * loader/FrameLoader.cpp: (WebCore::FrameLoader::reportBlockedPortFailed): Added. (WebCore::FrameLoader::blockedError): Added. * loader/FrameLoader.h: 2016-01-12 Matthew Hanson Merge r194589. rdar://problem/24101250 2016-01-05 Eric Carlson Avoid NULL deference in Page::updateIsPlayingMedia https://bugs.webkit.org/show_bug.cgi?id=152732 No new tests, this fixes a rare crash that I am unable to reproduce. Reviewed by David Kilzer. * page/Page.cpp: (WebCore::Page::updateIsPlayingMedia): frame->document() can return NULL. 2016-01-12 Matthew Hanson Merge r194908. rdar://problem/24101253 2016-01-11 Matthew Hanson Merge r192186. rdar://problem/24101174 2015-11-09 Joseph Pecoraro Web Inspector: $0 stops working after navigating to a different domain https://bugs.webkit.org/show_bug.cgi?id=147962 Reviewed by Brian Burg. Test: http/tests/inspector/console/cross-domain-inspected-node-access.html The inspector backend injects the CommandLineAPI Source with a corresponding CommandLineAPIHost into each execution context created by the page (main frame, sub frames, etc). When creating the JSValue wrapper for the CommandLineAPIHost using the generated toJS(...) DOM bindings, we were using the cached CommandLineAPIHost wrapper values in the single DOMWrapperWorld shared across all frames. This meant that the first time the wrapper was needed it was created in context A. But when needed for context B it was using the wrapper created in context A. Using this wrapper in context B was producing unexpected cross-origin warnings. The solution taken here, is to create a new JSValue wrapper for the CommandLineAPIHost per execution context. This way each time the CommandLineAPIHost wrapper is used in a frame, it is using the one created for that frame. The C++ host object being wrapped has a lifetime equivalent to the Page. It does not change in this patch. The wrapper values are cleared on page navigation or when the page is closed, and will be garbage collected. * WebCore.vcxproj/WebCore.vcxproj: * WebCore.vcxproj/WebCore.vcxproj.filters: * ForwardingHeaders/inspector/PerGlobalObjectWrapperWorld.h: Added. New forwarding header. * inspector/CommandLineAPIHost.h: * inspector/CommandLineAPIHost.cpp: (WebCore::CommandLineAPIHost::CommandLineAPIHost): (WebCore::CommandLineAPIHost::wrapper): Cached JSValue wrappers per GlobalObject. (WebCore::CommandLineAPIHost::clearAllWrappers): Clear any wrappers we have, including the $0 value itself which we weren't explicitly clearing previously. * inspector/CommandLineAPIModule.cpp: (WebCore::CommandLineAPIModule::host): Simplify creating the wrapper. * inspector/WebInjectedScriptManager.h: * inspector/WebInjectedScriptManager.cpp: (WebCore::WebInjectedScriptManager::discardInjectedScripts): When the main frame window object clears, also clear the CommandLineAPI wrappers we may have created. Also take this opportunity to clear any $0 value that may have pointed to a value in the previous page. 2016-01-08 Timothy Hatcher REGRESSION (193350): CrashTracer: [USER] com.apple.WebKit.WebContent at …: Inspector::CSSFrontendDispatcher::styleSheetRemoved + 768 Reviewed by Joseph Pecoraro. * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::setActiveStyleSheetsForDocument): Add null check before using m_frontendDispatcher. 2016-01-07 Matthew Hanson Fix the Mavericks build after r194287. rdar://problem/23769758 Unreviewed build fix. * platform/graphics/Font.cpp: Do not implement Font::noSynthesizableFeaturesFont() on Mavericks. * platform/graphics/Font.h: No not declare Font::noSynthesizableFeaturesFont() on Mavericks. * platform/graphics/FontCascade.h: Declare the old method signature for fontForCombiningCharacterSequence on Mavericks. * platform/graphics/cocoa/FontCascadeCocoa.mm: (WebCore::FontCascade::fontForCombiningCharacterSequence): Implement the old method (with old method signature) on Mavericks. * platform/graphics/cocoa/FontCocoa.mm: (WebCore::Font::platformCreateScaledFont): Use the old implementation (prior to the merge of r194287) on Mavericks. Use the new implementation (which uses noSynthesizableFeaturesFont) on > Mavericks. * platform/graphics/mac/ComplexTextController.cpp: (WebCore::ComplexTextController::collectComplexTextRuns): Use the old implementation (prior to the merge of r194287) on Mavericks. Use the new implementation (which uses noSynthesizableFeaturesFont) on > Mavericks. 2016-01-06 Matthew Hanson Merge r194405. rdar://problem/23982006 2015-12-23 Simon Fraser REGRESSION (r187593): Scroll position jumps when selecting text in an iframe https://bugs.webkit.org/show_bug.cgi?id=152541 rdar://problem/23886181 Reviewed by Tim Horton. r154382 added code that modifies parentLayer traversal, looking for ancestor scrollable layers. However, it confusingly added another code path in which the ancestor layer traversal cross a frame boundary, when RenderLayer::scrollRectToVisible() already has one. I fixed this new location to adjust the rect coordinates in r187593, but then code that hit both crossing points double-mapped the coordinates, causing autoscroll jumping. Fix by reverting r154382 and r187593, going back to doing the ancestor walk in one place. Re-fix r154382 by implementing RenderLayer::allowsCurrentScroll(), which contains the logic for line clamp, autoscroll and ensuring that overflow:hidden can be programmatically scrolled. Form controls are special; they can have overflow:hidden but still be user-scrollable during autoscroll; this is handled via the confusingly-named canBeProgramaticallyScrolled(). RenderTextControlSingleLine implements this to ensure that readonly text inputs autoscroll (which is exercised by a test). The frame-to-parent-frame rect mapping in RenderLayer::scrollRectToVisible() is fixed to use the coordinate mapping functions from Widget/ScrollView, with the addition of a new utility function contentsToContainingViewContents(). A "Scrolling" logging channel is added with a few log points. Test: fast/events/autoscroll-in-iframe-body.html * page/scrolling/ScrollingCoordinator.cpp: (WebCore::ScrollingCoordinator::absoluteNonFastScrollableRegionForFrame): use contentsToContainingViewContents(). * platform/Logging.h: * platform/ScrollView.cpp: (WebCore::ScrollView::contentsToContainingViewContents): * platform/ScrollView.h: * platform/graphics/IntPoint.cpp: (WebCore::IntPoint::constrainedBetween): New helper to constrain a point between two other points. * platform/graphics/IntPoint.h: (WebCore::IntPoint::expandedTo): (WebCore::IntPoint::shrunkTo): * rendering/RenderBox.cpp: * rendering/RenderLayer.cpp: (WebCore::parentLayerCrossFrame): (WebCore::RenderLayer::enclosingScrollableLayer): (WebCore::frameElementAndViewPermitScroll): (WebCore::RenderLayer::allowsCurrentScroll): (WebCore::RenderLayer::scrollRectToVisible): * rendering/RenderLayer.h: * rendering/RenderTextControlSingleLine.h: 2016-01-06 Matthew Hanson Merge r194404. rdar://problem/23982006 2015-12-22 Simon Fraser Minor cleanup in RenderBox::canBeProgramaticallyScrolled() https://bugs.webkit.org/show_bug.cgi?id=152515 Reviewed by Tim Horton. Remove the scrollsOverflow() check in RenderBox::canBeProgramaticallyScrolled(), since if hasScrollableOverflow is true, scrollsOverflow() must also be true. Factor clientWidth/Height vs. scrollWidth/Height checks into separate functions, and call them from two places. Added a test which is not affected by this particular change, but will verify that a later change doesn't break anything. Test: fast/overflow/overflow-hidden-scroll-into-view.html * rendering/RenderBox.cpp: (WebCore::RenderBox::canBeScrolledAndHasScrollableArea): (WebCore::RenderBox::canBeProgramaticallyScrolled): * rendering/RenderBox.h: (WebCore::RenderBox::hasHorizontalOverflow): (WebCore::RenderBox::hasVerticalOverflow): (WebCore::RenderBox::hasScrollableOverflowX): (WebCore::RenderBox::hasScrollableOverflowY): 2016-01-06 Matthew Hanson Merge r194114. rdar://problem/23982010 2015-12-15 Myles C. Maxfield [Font Features] TrueType fonts trigger real features even when synthesis is applied https://bugs.webkit.org/show_bug.cgi?id=152287 Reviewed by Darin Adler. When using a font feature that is synthesizable, and synthesis is triggered, we should make sure to turn off the original font feature. Otherwise, the feature will be applied twice on top of itself. This worked for OpenType fonts, but not for TrueType fonts. Tests: css3/font-variant-petite-caps-synthesis.html css3/font-variant-small-caps-synthesis.html css3/font-variant-petite-caps-synthesis-coverage.html css3/font-variant-small-caps-synthesis-coverage.html * platform/graphics/cocoa/FontCocoa.mm: (WebCore::defaultSelectorForTrueTypeFeature): (WebCore::removedFeature): (WebCore::createCTFontWithoutSynthesizableFeatures): 2016-01-06 Matthew Hanson Merge r188802. rdar://problem/23982009 2015-08-21 Myles C. Maxfield [OS X] Remove dead code from FontCache::systemFallbackForCharacters() https://bugs.webkit.org/show_bug.cgi?id=148218 Reviewed by Daniel Bates. lookupCTFont() in FontCacheMac.mm will always return the best font (because CTFontCreateForCharactersWithLanguage() does so). Also, all fonts that will be created on WebKit's behalf are already printer fonts. No new tests because there is no behavior change. * platform/graphics/mac/FontCacheMac.mm: (WebCore::FontCache::systemFallbackForCharacters): Deleted. 2016-01-05 Matthew Hanson Merge for rdar://problem/24043055. * dom/EventDispatcher.cpp: (WebCore::EventPath::EventPath): Set the isMouseOrFocusEvent boolean flag to True if the event is a wheelEvent. 2015-12-17 Matthew Hanson Merge r193932. rdar://problem/23886464 2015-12-10 Myles C. Maxfield [Font Features] r193894 introduces leaks https://bugs.webkit.org/show_bug.cgi?id=152154 Reviewed by Joe Pecoraro. * platform/graphics/cocoa/FontCocoa.mm: (WebCore::smallCapsTrueTypeDictionary): (WebCore::createCTFontWithoutSynthesizableFeatures): 2015-12-17 Matthew Hanson Merge r193894. rdar://problem/23769758 2015-12-10 Myles C. Maxfield font-variant-caps does not work if the font does not support font features https://bugs.webkit.org/show_bug.cgi?id=149774 Reviewed by Antti Koivisto. This test implements synthesis for small-caps and all-small-caps. It does so by moving font variant selection into a higher level (ComplexTextController). In general, the approach is to use the pure font feature until we encounter a character which needs to be uppercased, and which the font feature does not support uppercasing. In this situation, we try again with synthesis. In this case, synthesis means artificially uppercasing letters and rendering them with a smaller font. We require system support to know which glyphs a particular font feature supports. Therefore, on operating systems which do not include this support, we will simply say that the font feature does not support any glyphs. Test: css3/font-variant-small-caps-synthesis.html css3/font-variant-petite-caps-synthesis.html * platform/graphics/Font.cpp: (WebCore::Font::noSmallCapsFont): Return the same font, but without smcp or c2sc. This function utilizes a cache. * platform/graphics/Font.h: (WebCore::Font::variantFont): Small caps should never go through this function anymore. * platform/graphics/FontCascade.h: Because we're moving variant selection into a higher level, we remove the FontVariant argument from the lower-level call. * platform/graphics/FontCascadeFonts.cpp: (WebCore::FontCascadeFonts::glyphDataForVariant): Use early-return style. (WebCore::FontCascadeFonts::glyphDataForNormalVariant): Ditto. * platform/graphics/cocoa/FontCascadeCocoa.mm: (WebCore::FontCascade::fontForCombiningCharacterSequence): Because we're moving variant selection into a higher level, we remove the FontVariant argument from the lower-level call. * platform/graphics/cocoa/FontCocoa.mm: (WebCore::Font::smallCapsSupportsCharacter): (WebCore::Font::allSmallCapsSupportsCharacter): (WebCore::smallCapsOpenTypeDictionary): Helper function for smallCapsSupportsCharacter(). (WebCore::smallCapsTrueTypeDictionary): Ditto. (WebCore::unionBitVectors): (WebCore::Font::glyphsSupportedBySmallCaps): Compute a bit vector of supported glyphs. (WebCore::Font::glyphsSupportedByAllSmallCaps): Ditto. (WebCore::createDerivativeFont): Moving common code into its own helper function. (WebCore::Font::createFontWithoutSmallCaps): (WebCore::Font::platformCreateScaledFont): Use the common code. * platform/graphics/mac/ComplexTextController.cpp: (WebCore::capitalized): What is the capitalized form of a character? (WebCore::ComplexTextController::collectComplexTextRuns): Implement the core logic of this patch. This includes the retry when we encounter a character which is not supported by the font feature. * platform/spi/cocoa/CoreTextSPI.h: 2015-12-18 Matthew Hanson Merge r192582. rdar://problem/23910980 2015-11-18 Chris Dumez Null dereference in Performance::Performance(WebCore::Frame*) https://bugs.webkit.org/show_bug.cgi?id=151390 Reviewed by Brady Eidson. Based on the stack trace, it appears the DocumentLoader can be null when constructing the Performance object. This patch thus adds a null check before trying to dereference it. No new tests, was not able to reproduce. * page/DOMWindow.cpp: (WebCore::DOMWindow::navigator): (WebCore::DOMWindow::performance): * page/Performance.cpp: (WebCore::Performance::Performance): (WebCore::Performance::scriptExecutionContext): * page/Performance.h: 2015-12-17 Babak Shafiei Merge r191343. 2015-10-20 Tim Horton Try to fix the build by disabling MAC_GESTURE_EVENTS on 10.9 and 10.10 * Configurations/FeatureDefines.xcconfig: 2015-12-17 Babak Shafiei Merge r191305. 2015-10-19 Tim Horton Try to fix the iOS build * Configurations/FeatureDefines.xcconfig: 2015-12-16 Babak Shafiei Merge r194125. 2015-12-15 Tim Horton [Mac] Gesture Events should not have negative scale https://bugs.webkit.org/show_bug.cgi?id=151065 Reviewed by Anders Carlsson. * page/EventHandler.cpp: (WebCore::EventHandler::clear): * page/EventHandler.h: Make it possible to use m_gestureInitialDiameter for Mac gesture events too. 2015-12-16 Babak Shafiei Merge r191299. 2015-10-19 Tim Horton Add magnify and rotate gesture event support for Mac https://bugs.webkit.org/show_bug.cgi?id=150179 Reviewed by Darin Adler. No new tests. * Configurations/FeatureDefines.xcconfig: New feature flag. * Configurations/WebCore.xcconfig: Don't exclude generated gesture sources; they are already #ifdef-guarded. * DerivedSources.make: Add GestureEvent.idl for ENABLE_MAC_GESTURE_EVENTS too. * WebCore.xcodeproj/project.pbxproj: Add GestureEvents.cpp. * bindings/objc/DOMEvents.mm: (kitClass): Support DOMGestureEvent on Mac if the new flag is enabled. * dom/mac/GestureEvents.cpp: Added. * page/mac/EventHandlerMac.mm: * page/EventHandler.cpp: (WebCore::EventHandler::clear): * page/EventHandler.h: Enable some gesture-related code on Mac if the new flag is enabled. * platform/PlatformEvent.h: 2015-12-16 Babak Shafiei Merge r191121. 2015-10-15 Tim Horton Try to fix the iOS build. * page/EventHandler.h: 2015-12-16 Babak Shafiei Merge r191080. 2015-10-14 Tim Horton Move some EventHandler initialization to the header https://bugs.webkit.org/show_bug.cgi?id=150139 Reviewed by Andreas Kling. No new tests, just cleanup. * page/EventHandler.cpp: (WebCore::EventHandler::EventHandler): Deleted. * page/EventHandler.h: Also found one member which was unused, and a few that were uninitialized. It's likely the uninitialized ones didn't actually cause any trouble because they are reset in lots of places, but this seems better. 2015-12-14 Harris Papadopoulos Merge r192270. rdar://problem/23435543 2015-11-10 Geoffrey Garen alert, confirm, prompt, showModalDialog should be forbidden during page close and navigation https://bugs.webkit.org/show_bug.cgi?id=150980 Reviewed by Chris Dumez. Tests: fast/events/beforeunload-alert.html fast/events/beforeunload-confirm.html fast/events/beforeunload-prompt.html fast/events/beforeunload-showModalDialog.html fast/events/pagehide-alert.html fast/events/pagehide-confirm.html fast/events/pagehide-prompt.html fast/events/pagehide-showModalDialog.html fast/events/unload-alert.html fast/events/unload-confirm.html fast/events/unload-prompt.html fast/events/unload-showModalDialog.html * loader/FrameLoader.cpp: (WebCore::FrameLoader::stopLoading): Factored out a helper function for unload event processing. (WebCore::FrameLoader::handleUnloadEvents): Forbid prompts in unload events just like we do in beforeunload events, and for the same reasons. (WebCore::FrameLoader::handleBeforeUnloadEvent): Updated for renames. * loader/FrameLoader.h: * page/DOMWindow.cpp: (WebCore::DOMWindow::print): (WebCore::DOMWindow::alert): (WebCore::DOMWindow::confirm): (WebCore::DOMWindow::prompt): (WebCore::DOMWindow::showModalDialog): Updated for renames. Refactored some of this code to handle null pages more cleanly. In particular, we sometimes used to treat null page as "everything is permitted" -- but it is best practice in a permissions context to treat lack of information as no permission granted rather than all permissions granted. (I don't know of a way to trigger this condition in practice.) * page/Page.cpp: (WebCore::Page::Page): (WebCore::Page::forbidPrompts): (WebCore::Page::allowPrompts): (WebCore::Page::arePromptsAllowed): Renamed to make these functions reflect their new, broader context. (WebCore::Page::incrementFrameHandlingBeforeUnloadEventCount): Deleted. (WebCore::Page::decrementFrameHandlingBeforeUnloadEventCount): Deleted. (WebCore::Page::isAnyFrameHandlingBeforeUnloadEvent): Deleted. * page/Page.h: 2015-12-08 Harris Papadopoulos Merge r188386. rdar://problem/23816165 2015-08-12 Anders Carlsson Use WTF::Optional in WindowFeatures https://bugs.webkit.org/show_bug.cgi?id=147956 Reviewed by Sam Weinig. * loader/FrameLoader.cpp: (WebCore::createWindow): * page/WindowFeatures.cpp: (WebCore::WindowFeatures::WindowFeatures): (WebCore::WindowFeatures::setWindowFeature): (WebCore::WindowFeatures::boolFeature): (WebCore::WindowFeatures::floatFeature): (WebCore::WindowFeatures::parseDialogFeatures): * page/WindowFeatures.h: (WebCore::WindowFeatures::WindowFeatures): 2015-12-14 Matthew Hanson Merge r194001. rdar://problem/23581577 2015-12-11 Jiewen Tan Strip out Referer header when requesting subresources or following links for documents with "Content-Disposition: attachment" https://bugs.webkit.org/show_bug.cgi?id=152102 Reviewed by Andy Estes. Keep the ReferrerPolicy for a document as ReferrerPolicyNever if the document is loaded with "Content-Disposition: attachment". Test: http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html * dom/Document.cpp: (WebCore::Document::processReferrerPolicy): (WebCore::Document::applyContentDispositionAttachmentSandbox): 2015-12-14 Matthew Hanson Merge r189942. rdar://problem/23886455 2015-09-17 Tim Horton Block Objective-C exceptions in DictionaryLookup https://bugs.webkit.org/show_bug.cgi?id=149256 Reviewed by Anders Carlsson. * editing/mac/DictionaryLookup.mm: (WebCore::DictionaryLookup::rangeForSelection): (WebCore::DictionaryLookup::rangeAtHitTestResult): (WebCore::expandSelectionByCharacters): (WebCore::DictionaryLookup::stringForPDFSelection): (WebCore::showPopupOrCreateAnimationController): (WebCore::DictionaryLookup::hidePopup): It is possible for Lookup to throw an exception if one of its related services dies for some reason. This shouldn't take down our UI process, so block the exceptions. 2015-12-14 Babak Shafiei Merge r193999. 2015-12-11 Jer Noble [EME] Do not pass in the initialization data to AVContentKeyRequest as the contentIdentifier. https://bugs.webkit.org/show_bug.cgi?id=152204 rdar://problem/23867877 Reviewed by Eric Carlson. The AVContentKeyRequest API has been updated to no longer require a contentId parameter if the ID can be derived from the initialization data. * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm: (WebCore::CDMSessionAVContentKeySession::update): 2015-12-11 Matthew Hanson Merge r193921. rdar://problem/23732405 2015-12-10 Matthew Hanson Merge r190911. rdar://problem/23432368 2015-10-12 Simon Fraser Fix iOS and Efl builds. * platform/graphics/NamedImageGeneratedImage.cpp: (WebCore::NamedImageGeneratedImage::drawPattern): 2015-12-11 Matthew Hanson Merge r193888. rdar://problem/23732405 2015-12-09 Simon Fraser Merge r191590. rdar://problem/23432368 2015-10-26 Simon Fraser Implement 'round' and 'space' values for border-image https://bugs.webkit.org/show_bug.cgi?id=14185 Reviewed by Tim Horton. Add support for "round" and "space" values for border-image-repeat. Following "stretch" and "repeat", the code is added to Image::drawTiled(). For "round", we compute an integral number of copies of the image that fit, and then adjust the tile scale. For "space", we also compute an integral number N of copies that will fit, and then divide the remaining space amongst N+1 gaps, adjusting the tiling phase so that with an even number of images, a gap is centered. Tests: fast/borders/border-image-round.html fast/borders/border-image-space.html * platform/graphics/Image.cpp: (WebCore::Image::drawTiled): * platform/graphics/cg/GraphicsContextCG.cpp: (WebCore::GraphicsContext::drawPattern): 2015-12-11 Matthew Hanson Merge r190914. rdar://problem/23732405 2015-12-09 Simon Fraser Merge r190914. rdar://problem/23432368 2015-10-12 Simon Fraser Speculative Cairo build fixes after r190910. * platform/graphics/cairo/ImageBufferCairo.cpp: (WebCore::ImageBuffer::drawPattern): * platform/graphics/cairo/ImageCairo.cpp: (WebCore::Image::drawPattern): 2015-12-11 Matthew Hanson Merge r190910. rdar://problem/23732405 2015-12-09 Simon Fraser Merge r190910. rdar://problem/23432368 2015-10-12 Simon Fraser Remove Image::spaceSize() and ImageBuffer::spaceSize() https://bugs.webkit.org/show_bug.cgi?id=150064 Reviewed by Tim Horton. Image spacing when tiled should not be a property of the image; but a description of how it's drawn, like tile size. So remove spacing from Image and ImageBuffer, and pass it in as an argument. * platform/graphics/BitmapImage.cpp: (WebCore::BitmapImage::drawPattern): * platform/graphics/BitmapImage.h: * platform/graphics/CrossfadeGeneratedImage.cpp: (WebCore::CrossfadeGeneratedImage::drawPattern): * platform/graphics/CrossfadeGeneratedImage.h: * platform/graphics/GeneratedImage.h: * platform/graphics/GradientImage.cpp: (WebCore::GradientImage::drawPattern): * platform/graphics/GradientImage.h: * platform/graphics/GraphicsContext.cpp: (WebCore::GraphicsContext::drawTiledImage): * platform/graphics/GraphicsContext.h: * platform/graphics/Image.cpp: (WebCore::Image::drawTiled): * platform/graphics/Image.h: (WebCore::Image::spaceSize): Deleted. (WebCore::Image::setSpaceSize): Deleted. * platform/graphics/ImageBuffer.h: (WebCore::ImageBuffer::spaceSize): Deleted. (WebCore::ImageBuffer::setSpaceSize): Deleted. * platform/graphics/NamedImageGeneratedImage.cpp: (WebCore::NamedImageGeneratedImage::drawPattern): * platform/graphics/NamedImageGeneratedImage.h: * platform/graphics/cg/ImageBufferCG.cpp: (WebCore::ImageBuffer::copyImage): (WebCore::ImageBuffer::drawPattern): * platform/graphics/cg/ImageCG.cpp: (WebCore::Image::drawPattern): * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::paintFillLayerExtended): * svg/graphics/SVGImage.cpp: (WebCore::SVGImage::drawPatternForContainer): * svg/graphics/SVGImage.h: * svg/graphics/SVGImageForContainer.cpp: (WebCore::SVGImageForContainer::drawPattern): * svg/graphics/SVGImageForContainer.h: 2015-12-11 Matthew Hanson Speculative build fix. Reviewed by Dana Burkart and Babak Shafiei. * dom/Document.h: Resolve a conflict that was missed during the merge of r193966 2015-12-11 Matthew Hanson Merge r193922. rdar://problem/23727472 2015-12-10 Enrica Casucci Change skin tone support for two emoji. https://bugs.webkit.org/show_bug.cgi?id=152147 rdar://problem/23716993 rdar://problem/23716344 Reviewed by Darin Adler. Horse race emoji (1F3C7) should no longer have skin tone variation. Sleuth/Spy emoji (!F575) should instead have skin tone variation. * platform/text/TextBreakIterator.cpp: (WebCore::cursorMovementIterator): 2015-12-11 Matthew Hanson Merge r193859. rdar://problem/23814477 2015-12-09 David Hyatt Picture element needs to respond to dynamic viewport changes. https://bugs.webkit.org/show_bug.cgi?id=152013 Reviewed by Dean Jackson. Added new tests in fast/picture. * css/MediaQueryEvaluator.cpp: (WebCore::MediaQueryEvaluator::evalCheckingViewportDependentResults): Add new evaluation method that adds viewport dependent results to a vector. A follow-up patch will refactor the style resolver code to use this function instead of the special style resolver one, in order to get rid of the code duplication. Tracked by https://bugs.webkit.org/show_bug.cgi?id=152089. * css/MediaQueryEvaluator.h: (WebCore::MediaQueryResult::MediaQueryResult): * css/StyleResolver.h: (WebCore::MediaQueryResult::MediaQueryResult): Deleted. Move MediaQueryResult into a header since it is used in multiple places now and not just by the style resolver. * dom/Document.cpp: (WebCore::Document::evaluateMediaQueryList): (WebCore::Document::checkViewportDependentPictures): (WebCore::Document::optimizedStyleSheetUpdateTimerFired): (WebCore::Document::applyContentDispositionAttachmentSandbox): (WebCore::Document::addViewportDependentPicture): (WebCore::Document::removeViewportDependentPicture): * dom/Document.h: The document now maintains a HashSet of viewport-dependent pictures, and it checks them whenever the viewport changes. If their media queries stay the same, then nothing happens. If they change, then the will go back and re-check all its elements to see what the new best candidate is. * html/HTMLImageElement.cpp: (WebCore::HTMLImageElement::bestFitSourceFromPictureElement): Revised to check for viewport dependencies and to cache viewport-dependent results on the elements. When a is found to be viewport-dependent (or not) it is also added to or removed from the document's set of tracked pictures. * html/HTMLPictureElement.cpp: (WebCore::HTMLPictureElement::HTMLPictureElement): (WebCore::HTMLPictureElement::~HTMLPictureElement): (WebCore::HTMLPictureElement::didMoveToNewDocument): (WebCore::HTMLPictureElement::create): (WebCore::HTMLPictureElement::sourcesChanged): (WebCore::HTMLPictureElement::viewportChangeAffectedPicture): * html/HTMLPictureElement.h: New caching of results and updating of the document HashSet when the picture gets destroyed or moves to a different document. * html/HTMLSourceElement.cpp: (WebCore::HTMLSourceElement::parseAttribute): * html/HTMLSourceElement.h: Cache the media attribute in a parsed form. A follow-up patch will improve the